algorandfoundation · PhearZero · Apr 30, 2024 · Apr 8, 2024 · Apr 8, 2024 · Apr 8, 2024
diff --git a/.decisions/4-Fido-Extension.md b/.decisions/4-Fido-Extension.md
@@ -0,0 +1,51 @@
+# Overview
+
+Deprecate ARC-31/Arbitrary Auth Message in favor of custom FIDO2 extension
+
+## Decisions
+
+- Remove connect module and endpoints
+- Use FIDO2 Attestation/Assertions for device linking
+
+## Implementation
+
+```mermaid
+sequenceDiagram
+    participant Website
+    participant Server
+    participant Wallet
+    Note over Website, Wallet: Link devices
+    Website->>Server: Subscribe to 'wss:link'
+    Website-->>Website: Display QR Connect Request ID
+    Wallet->>Website: Scan QR Code
+    Server-->>Wallet: Get Challenge/Options
+    Wallet->>Server: POST FIDO2 Credential + Liquid Auth Signature
+    Server-->>Server: Validate Signatures
+    Server-->>Website: HTTPOnly Session
+    Server->>Wallet: Ok Response + HTTPOnly Session
+    Server->>Website: Emit to `wss:link` client
+    Note over Website, Wallet: Signaling Channels
+    Website-->>Server: Subscribe to 'wss:offer-description'
+    Website-->>Server: Subscribe to 'wss:offer-candidate'
+    Wallet-->>Server: Subscribe to 'wss:answer-description'
+    Wallet-->>Server: Subscribe to 'wss:answer-candidate'
+
+    Note over Website, Wallet: Peer Offer
+    Wallet-->>Wallet: On answer-description, set Remote SDP
+    Wallet-->>Wallet: On answer-candidate, add ICE Candidate
+    Wallet-->>Wallet: Create Peer Offer & DataChannel
+    Wallet-->>Server: Emit `wss:offer-description`
+    Wallet-->>Server: Emit `wss:offer-candidate`
+
+    Note over Website, Wallet: Peer Answer
+    Website-->>Website: On offer-description, set Remote SDP and create Answer
+    Website-->>Website: On offer-candidate, add ICE Candidate
+    Website-->>Server: Emit `wss:answer-description`
+    Website-->>Server: Emit `wss:answer-candidate`
+
+    Note over Website, Wallet: Data Channel
+    Website-->>Wallet: On DataChannel, Emit Messages
+
+```
+
+*Note: It may be possible to handle signaling in a fully decentralized manner in the future. 
diff --git a/.decisions/README.md b/.decisions/README.md
@@ -2,3 +2,5 @@
 
 - [1. Service Authentication](1-Service-Authentication.md)
 - [2. Bidirectional-Communications](2-Bidirectional-Communication.md)
+- [3. Peer-to-Peer-Signaling](3-Peer-to-Peer-Signaling.md)
+- [4. Fido-Extension](4-Fido-Extension.md)
diff --git a/.dockerignore b/.dockerignore
@@ -1 +1,3 @@
 node_modules
+android
+clients/liquid-auth-client-kt
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -13,6 +13,7 @@ jobs:
         uses: actions/setup-node@v1
         with:
           node-version: ${{ matrix.node-version }}
+          cache: 'npm'
       - name: Install Dependencies
         run: npm install
       - name: Run Build

diff --git a/.github/workflows/docker-release.yml b/.github/workflows/docker-release.yml
@@ -0,0 +1,57 @@
+# See: https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
+name: Docker Image CI
+
+on:
+  push:
+    branches: ["main", "develop"]
+    tags:
+      - "v*.*.*"
+env:
+  # Use docker.io for Docker Hub if empty
+  REGISTRY: ghcr.io
+  # github.repository as <account>/<repo>
+  IMAGE_NAME: ${{ github.repository }}
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - # Checkout the repo
+        name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+      - # This can be Docker Hub, ECR, or any other registry. Using GHCR for now.
+        name: Container Registry Login
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - # Tag and name the image
+        name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          # list of Docker images to use as base name for tags
+          images: |
+            ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          # generate Docker tags based on the following events/attributes
+          tags: |
+            type=ref,event=branch
+            type=semver,pattern={{version}}
+      - # Build and push
+        name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha
diff --git a/.gitignore b/.gitignore
@@ -1,8 +1,25 @@
+# Project Files
+docker-compose.override.yml
 swagger-codegen-cli.jar
 ngrok.yml
-
 .data
-.idea
+
+# Kotlin
+*.iml
+.gradle
+/local.properties
+/.idea/caches
+/.idea/libraries
+/.idea/modules.xml
+/.idea/workspace.xml
+/.idea/navEditor.xml
+/.idea/assetWizardSettings.xml
+.DS_Store
+/build
+/captures
+.externalNativeBuild
+.cxx
+local.properties
 
 # Logs
 logs

diff --git a/.idea/.gitignore b/.idea/.gitignore
diff --git a/.idea/.name b/.idea/.name
diff --git a/.idea/codeStyles/Project.xml b/.idea/codeStyles/Project.xml
diff --git a/.idea/codeStyles/codeStyleConfig.xml b/.idea/codeStyles/codeStyleConfig.xml
diff --git a/.idea/inspectionProfiles/Project_Default.xml b/.idea/inspectionProfiles/Project_Default.xml
diff --git a/.idea/misc.xml b/.idea/misc.xml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/Dockerfile b/Dockerfile
@@ -15,11 +15,7 @@ COPY --from=BUILDER ./package-lock.json ./package-lock.json
 # Client Files
 COPY --from=BUILDER ./clients ./clients
 # Service Files
-COPY --from=BUILDER ./services/liquid-auth-api-js/assetlinks.json ./services/liquid-auth-api-js/assetlinks.json
-COPY --from=BUILDER ./services/liquid-auth-api-js/dist ./services/liquid-auth-api-js/dist
-COPY --from=BUILDER ./services/liquid-auth-api-js/bin ./services/liquid-auth-api-js/bin
-COPY --from=BUILDER ./services/liquid-auth-api-js/.env.template ./services/liquid-auth-api-js/.env.template
-COPY --from=BUILDER ./services/liquid-auth-api-js/package.json ./services/liquid-auth-api-js/package.json
+COPY --from=BUILDER ./services/liquid-auth-api-js/ ./services/liquid-auth-api-js/
 
 RUN npm ci --production
 

diff --git a/README.md b/README.md
@@ -7,8 +7,8 @@
 
 # Overview
 
-This project holds the standard FIDO2 api endpoints and the Proof of Knowledge for Algorand specific private keys. 
-The api is a stateful session-based architecture with endpoint guards. 
+This project holds the standard FIDO2 api endpoints and the Proof of Knowledge for Algorand specific private keys.
+The api is a stateful session-based architecture with endpoint guards.
 A user must prove ownership of a private key to associate PublicKeyCredentials
 
 ## Getting started
@@ -64,6 +64,8 @@ tunnels:
 
 #### Update the Service's .docker.env file
 
+Update the [.docekr.env](.env.docker) file with the following keys with the values from ngrok:
+
 ```bash
 HOSTNAME=<NGROK_STATIC_DOMAIN>
 ORIGIN=https://<NGROK_STATIC_DOMAIN>
@@ -82,7 +84,7 @@ Navigate to the ngrok URL in your browser to test the FIDO2 feature.
 
 ## Using the app
 
-#### Install the [Android client](https://github.com/awesome-algorand/android-authentication-client) to your device.
+#### Install the [Android client](https://github.com/awesome-algorand/android-authentication-client/releases) to your device.
 
 ![Step-1.png](.docs%2FStep-1.png)
 

diff --git a/client-gen.sh b/client-gen.sh
diff --git a/clients/liquid-auth-client-js/package.json b/clients/liquid-auth-client-js/package.json
@@ -33,30 +33,36 @@
   "scripts": {
     "dev": "tsc --watch",
     "build": "tsc",
-    "build:docs": "typedoc --plugin typedoc-plugin-markdown --out docs src",
+    "build:docs": "typedoc --plugin typedoc-plugin-markdown --out docs src src/client",
     "lint": "eslint --fix src",
+    "test:ts": "node --import tsx --test ./src/client/*.spec.ts",
     "test": "tsc && node --test ./tests/*.spec.js",
     "test:cov": "tsc && c8 node --test ./tests/*.spec.js"
   },
   "author": "",
   "license": "MIT",
   "devDependencies": {
+    "@swc/register": "^0.1.10",
+    "@types/chai": "^4.3.14",
     "@types/qrcode": "^1.5.5",
     "@typescript-eslint/eslint-plugin": "^6.21.0",
     "@typescript-eslint/parser": "^7.6.0",
     "algosdk": "^2.7.0",
     "c8": "^9.1.0",
+    "chai": "^5.1.0",
     "eslint": "^8.57.0",
     "eslint-config-prettier": "^9.1.0",
     "eslint-plugin-prettier": "^5.1.3",
     "eslint-plugin-tsdoc": "^0.2.17",
+    "tsx": "^4.7.2",
     "typedoc": "^0.25.13",
     "typedoc-plugin-markdown": "^4.0.0-next.55",
     "typescript": "^5.4.5"
   },
   "dependencies": {
     "@liquid/core": "^1.0.0",
     "eventemitter3": "^5.0.1",
+    "isomorphic-fetch": "^3.0.0",
     "qr-code-styling": "^1.6.0-rc.1",
     "tweetnacl": "^1.0.3"
   }