feat: get and store wallet daemon's JWT after WebRTC channel is open #9
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
3 tasks
github-merge-queue bot
pushed a commit
to tari-project/tari-dan
that referenced
this pull request
Sep 13, 2023
Description --- * Add a new common utility function on `tari_common_types` for secret generation * Update wallet daemon and signaling server JWT secrets to be randomized at startup Motivation and Context --- Right now JWT secrets are hardcoded both in the wallet daemon as well as in the signaling server. This is not acceptable from a security standpoint if we want to create a public test network. So the purpose of this PR is to change both the wallet daemon and the signaling server to haver random JWT secrets each time they start. Please do not merge this PR until tari-project/tari-connector#9 is merged How Has This Been Tested? --- Manually launching both applications and inspecting the JWTs What process can a PR reviewer use to test or verify this change? --- Add log instructions to see the JWTs and launch both wallet daemon and signaling server Breaking Changes --- - [x] None - [ ] Requires data directory to be deleted - [ ] Other - Please specify
github-merge-queue bot
pushed a commit
to tari-project/tari-dan
that referenced
this pull request
Sep 13, 2023
Description --- * Add a new common utility function on `tari_common_types` for secret generation * Update wallet daemon and signaling server JWT secrets to be randomized at startup Motivation and Context --- Right now JWT secrets are hardcoded both in the wallet daemon as well as in the signaling server. This is not acceptable from a security standpoint if we want to create a public test network. So the purpose of this PR is to change both the wallet daemon and the signaling server to haver random JWT secrets each time they start. Please do not merge this PR until tari-project/tari-connector#9 is merged How Has This Been Tested? --- Manually launching both applications and inspecting the JWTs What process can a PR reviewer use to test or verify this change? --- Add log instructions to see the JWTs and launch both wallet daemon and signaling server Breaking Changes --- - [x] None - [ ] Requires data directory to be deleted - [ ] Other - Please specify
stringhandler
approved these changes
Sep 13, 2023
3 tasks
stringhandler
pushed a commit
to tari-project/tari-dan
that referenced
this pull request
Sep 14, 2023
Description --- Updated the web-wallet sequence diagram to reflect the latest `tari-connector` changes Motivation and Context --- Recently there has been some major changes to the way `tari-connector` operates: * tari-project/tari-connector#9 * tari-project/tari-connector#10 The goal of this PR is to update the sequence diagram of the web-wallet interaction to reflect the new flow. How Has This Been Tested? --- Testing does not apply What process can a PR reviewer use to test or verify this change? --- Check that the sequence diagram is accurate Breaking Changes --- - [x] None - [ ] Requires data directory to be deleted - [ ] Other - Please specify
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Up until now,
tari-connectorused the signaling server's JWT to call the wallet daemon. This worked because the signaling server and wallet daemon to use the same JWT secret.This is will no longer be the case, so to solve it this PR fetches and store the wallet daemon's JWT after the WebRTC channel is open (i.e. after
setAnsweris called). The web developer does not need to do or change anything, existing web apps withtari-connectorwill continue to work as the TariConnection.token is abstracted away.