From d7d6fb7bc6d68242e3369903aa649910c6c8ae32 Mon Sep 17 00:00:00 2001
From: pedro <git2021@cas.cat>
Date: Thu, 30 Jan 2025 08:39:22 +0100
Subject: [PATCH] make devicehub autosign a vc using idhub

---
 .env.example                          |  1 +
 .gitignore                            |  5 ++-
 docker-compose.yml                    |  2 ++
 docker-reset.sh                       |  1 +
 docker/devicehub-django.Dockerfile    |  1 +
 docker/devicehub-django.entrypoint.sh | 46 +++++++++++++++++++++++++--
 6 files changed, 52 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index bd203c0..db38e77 100644
--- a/.env.example
+++ b/.env.example
@@ -30,6 +30,7 @@ DEVICEHUB_ALLOWED_HOSTS=${DEVICEHUB_DOMAIN},${DEVICEHUB_DOMAIN}:${DEVICEHUB_PORT
 # TODO review these vars
 #SNAPSHOTS_DIR=/path/to/TODO
 #EVIDENCES_DIR=/path/to/TODO
+DEMO_IDHUB_DOMAIN='idhub.example.org'
 
 ####
 # IDHUB
diff --git a/.gitignore b/.gitignore
index cb21e47..5fd5429 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,7 @@
-db.sqlite3
 env/
 __pycache__/
 .env
+
+# the following could be autogenerated by devicehub
+db.sqlite3
+example/snapshots/snapshot_workbench-script_verifiable-credential.json
diff --git a/docker-compose.yml b/docker-compose.yml
index e354108..67f8b27 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,6 +11,8 @@ services:
       - PORT=${DEVICEHUB_PORT:-8000}
       - ALLOWED_HOSTS=${DEVICEHUB_ALLOWED_HOSTS:-$DEVICEHUB_DOMAIN}
       - DEMO=${DEMO:-false}
+      - DEMO_IDHUB_DOMAIN=${DEMO_IDHUB_DOMAIN:-localhost}
+      - DEMO_IDHUB_PREDEFINED_TOKEN=${IDHUB_PREDEFINED_TOKEN:-}
       - PREDEFINED_TOKEN=${PREDEFINED_TOKEN:-}
       - DPP=${DPP:-false}
     # TODO manage volumes dev vs prod
diff --git a/docker-reset.sh b/docker-reset.sh
index 21a0856..bdb9ff4 100755
--- a/docker-reset.sh
+++ b/docker-reset.sh
@@ -31,6 +31,7 @@ main() {
         # deactivate configured flag
         rm -vfr ./already_configured
         docker compose down -v
+        docker compose pull --ignore-buildable
         if [ "${DEV_DOCKER_ALWAYS_BUILD:-}" = 'true' ]; then
                 docker compose build
         fi
diff --git a/docker/devicehub-django.Dockerfile b/docker/devicehub-django.Dockerfile
index 7145534..7c6d35d 100644
--- a/docker/devicehub-django.Dockerfile
+++ b/docker/devicehub-django.Dockerfile
@@ -6,6 +6,7 @@ RUN apt update && \
     python3-xapian \
     git \
     sqlite3 \
+    curl \
     jq \
     time \
     vim \
diff --git a/docker/devicehub-django.entrypoint.sh b/docker/devicehub-django.entrypoint.sh
index 1b9f548..0035dca 100644
--- a/docker/devicehub-django.entrypoint.sh
+++ b/docker/devicehub-django.entrypoint.sh
@@ -118,8 +118,48 @@ END
         ./manage.py dlt_register_user "${DATASET_FILE}"
 }
 
+# wait until idhub api is prepared to received requests
+wait_idhub() {
+        while true; do
+                result="$(curl -s "${url}" | jq -r .error)"
+                if [ "${result}" = "Invalid request method" ]; then
+                        break
+                else
+                        echo "Waiting idhub API"
+                        sleep 1
+                fi
+        done
+}
+
+demo__send_to_sign_credential() {
+        filepath="${1}"
+        # hashlib.sha3_256 of PREDEFINED_TOKEN for idhub
+        DEMO_IDHUB_PREDEFINED_TOKEN="${DEMO_IDHUB_PREDEFINED_TOKEN:-}"
+        auth_header="Authorization: Bearer ${DEMO_IDHUB_PREDEFINED_TOKEN}"
+        json_header='Content-Type: application/json'
+        curl -s -X POST \
+             -H "${json_header}" \
+             -H "${auth_header}" \
+             -d @"${filepath}" \
+             "${url}" \
+                | jq -r .data
+}
+
+run_demo() {
+        if [ "${DEMO_IDHUB_DOMAIN:-}" ]; then
+                DEMO_IDHUB_DOMAIN="${DEMO_IDHUB_DOMAIN:-}"
+                # this demo only works with FQDN domain (with no ports)
+                url="https://${DEMO_IDHUB_DOMAIN}/webhook/sign/"
+                wait_idhub
+                demo__send_to_sign_credential \
+                        'example/demo-snapshots-vc/snapshot_pre-verifiable-credential.json' \
+                        > 'example/snapshots/snapshot_workbench-script_verifiable-credential.json'
+        fi
+        /usr/bin/time ./manage.py up_snapshots example/snapshots/ "${INIT_USER}"
+}
+
 config_phase() {
-	# TODO review this flag file
+        # TODO review this flag file
         init_flagfile="${program_dir}/already_configured"
         if [ ! -f "${init_flagfile}" ]; then
 
@@ -132,7 +172,7 @@ config_phase() {
                         # 12, 13, 14
                         config_dpp_part1
 
-                        # cleanup other spnapshots and copy dlt/dpp snapshots
+                        # cleanup other snapshots and copy dlt/dpp snapshots
                         # TODO make this better
                         rm example/snapshots/*
                         cp example/dpp-snapshots/*.json example/snapshots/
@@ -140,7 +180,7 @@ config_phase() {
 
                 # # 15. Add inventory snapshots for user "${INIT_USER}".
                 if [ "${DEMO:-}" = 'true' ]; then
-                        /usr/bin/time ./manage.py up_snapshots example/snapshots/ "${INIT_USER}"
+                        run_demo
                 fi
 
                 # remain next command as the last operation for this if conditional