Merge remote-tracking branch 'origin/template' into template

author: Yigit Sever 2021-04-15 03:50:34 +0300
committer: Yigit Sever 2021-04-15 03:50:34 +0300
commit: dcc2d99140d25c5f163e425fb6ed7246fe88ea54 (patch)
tree: 9108ff3aa44622ff0bda4bb82d9b1fb38f168dfe /site/content
parent: be037a6b35056ec8aa8f75e56becd009bc7c01f2 (diff)
parent: 412276f8dac075836aaa8fdf636aa068718a2bbf (diff)
download: gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.gz
gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.bz2
gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.zip
5 files changed, 103 insertions, 0 deletions
diff --git a/site/content/JWT.md b/site/content/JWT.md
new file mode 100644
index 0000000..91a7a73
--- /dev/null
+++ b/site/content/JWT.md
@@ -0,0 +1,11 @@
+++
+title = "JWT"
+description = "JSON Web Token Documentation"
+weight = 5
+++
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
diff --git a/site/content/_index.md b/site/content/_index.md
new file mode 100644
index 0000000..7dd7a7c
--- /dev/null
+++ b/site/content/_index.md
@@ -0,0 +1,28 @@
+++
+title = "Gradecoin"
+sort_by = "weight"
+++
+- Don't know where to start? Gradecoin uses RESTful API, simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
+- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
+# Services
+## /register
+- Student creates their own 2048 bit RSA `keypair`
+- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
+- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
+- Their public key is now in our database and can be used to sign their JWT's during requests
+## /transaction
+- You can offer a [Transaction](/transaction) - POST request
+    - The request should have `Authorization`
+    - The request header should be signed by the Public Key of the `by` field in the transaction
+- fetch the list of `Transaction`s - GET request
+## /block
+- offer a [`schema::Block`] - POST request
+    - The request should have `Authorization`
+    - The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
+- fetch the last accepted [`schema::Block`] - GET request
+`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
diff --git a/site/content/block_docs.md b/site/content/block_docs.md
new file mode 100644
index 0000000..26803bd
--- /dev/null
+++ b/site/content/block_docs.md
@@ -0,0 +1,11 @@
+++
+title = "Blocks"
+description = "Block Documentation"
+weight = 2
+++
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
new file mode 100644
index 0000000..45571fb
--- /dev/null
+++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
+++
+title = "Register"
+description = "Register Documentation"
+weight = 3
+++
+POST request to /register endpoint
+Lets a [`User`] (=student) to authenticate themselves to the system
+This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
+the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
+# Authentication Process
+- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
+- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
+- Student picks a short temporary key (`k_temp`)
+- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
+{
+    student_id: "e12345",
+    passwd: "15 char secret"
+    public_key: "---BEGIN PUBLIC KEY..."
+}
+- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
+- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
+using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
+- The payload JSON object (`auth_request`) can be JSON serialized now:
+{
+    c: "auth_ciphertext"
+    key: "key_ciphertext"
+}
+## Gradecoin Side
+- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
+- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
+auth_plaintext
+- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
+- We then verify the payload and calculate the User fingerprint
+- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
diff --git a/site/content/transaction_docs.md b/site/content/transaction_docs.md
new file mode 100644
index 0000000..6607fe9
--- /dev/null
+++ b/site/content/transaction_docs.md
@@ -0,0 +1,11 @@
+++
+title = "Transactions"
+description = "Transaction documentation"
+weight = 2
+++
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
author	Yigit Sever	2021-04-15 03:50:34 +0300
committer	Yigit Sever	2021-04-15 03:50:34 +0300
commit	dcc2d99140d25c5f163e425fb6ed7246fe88ea54 (patch)
tree	9108ff3aa44622ff0bda4bb82d9b1fb38f168dfe /site/content
parent	be037a6b35056ec8aa8f75e56becd009bc7c01f2 (diff)
parent	412276f8dac075836aaa8fdf636aa068718a2bbf (diff)
download	gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.gz gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.tar.bz2 gradecoin-dcc2d99140d25c5f163e425fb6ed7246fe88ea54.zip

diff --git a/site/content/JWT.md b/site/content/JWT.md new file mode 100644 index 0000000..91a7a73 --- /dev/null +++ b/site/content/JWT.md
@@ -0,0 +1,11 @@
	1	+++
	2	title = "JWT"
	3	description = "JSON Web Token Documentation"
	4	weight = 5
	5	+++
	6
	7	Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
	8	tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
	9	vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
	10	ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
	11


diff --git a/site/content/_index.md b/site/content/_index.md new file mode 100644 index 0000000..7dd7a7c --- /dev/null +++ b/site/content/_index.md
@@ -0,0 +1,28 @@
	1	+++
	2	title = "Gradecoin"
	3	sort_by = "weight"
	4	+++
	5
	6	- Don't know where to start? Gradecoin uses RESTful API, simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
	7	- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
	8
	9	# Services
	10	## /register
	11	- Student creates their own 2048 bit RSA `keypair`
	12	- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
	13	- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
	14	- Their public key is now in our database and can be used to sign their JWT's during requests
	15
	16	## /transaction
	17	- You can offer a [Transaction](/transaction) - POST request
	18	- The request should have `Authorization`
	19	- The request header should be signed by the Public Key of the `by` field in the transaction
	20	- fetch the list of `Transaction`s - GET request
	21
	22	## /block
	23	- offer a [`schema::Block`] - POST request
	24	- The request should have `Authorization`
	25	- The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
	26	- fetch the last accepted [`schema::Block`] - GET request
	27
	28	`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key


diff --git a/site/content/block_docs.md b/site/content/block_docs.md new file mode 100644 index 0000000..26803bd --- /dev/null +++ b/site/content/block_docs.md
@@ -0,0 +1,11 @@
	1	+++
	2	title = "Blocks"
	3	description = "Block Documentation"
	4	weight = 2
	5	+++
	6
	7	Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
	8	tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
	9	vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
	10	ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
	11


diff --git a/site/content/register_docs.md b/site/content/register_docs.md new file mode 100644 index 0000000..45571fb --- /dev/null +++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
	1	+++
	2	title = "Register"
	3	description = "Register Documentation"
	4	weight = 3
	5	+++
	6
	7	POST request to /register endpoint
	8	Lets a [`User`] (=student) to authenticate themselves to the system
	9	This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
	10	the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
	11
	12	# Authentication Process
	13	- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
	14	- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
	15
	16	- Student picks a short temporary key (`k_temp`)
	17	- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
	18	{
	19	student_id: "e12345",
	20	passwd: "15 char secret"
	21	public_key: "---BEGIN PUBLIC KEY..."
	22	}
	23
	24	- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
	25	- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
	26	using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
	27	- The payload JSON object (`auth_request`) can be JSON serialized now:
	28	{
	29	c: "auth_ciphertext"
	30	key: "key_ciphertext"
	31	}
	32
	33	## Gradecoin Side
	34
	35	- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
	36	- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
	37	auth_plaintext
	38	- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
	39	- We then verify the payload and calculate the User fingerprint
	40	- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
	41
	42


diff --git a/site/content/transaction_docs.md b/site/content/transaction_docs.md new file mode 100644 index 0000000..6607fe9 --- /dev/null +++ b/site/content/transaction_docs.md
@@ -0,0 +1,11 @@
	1	+++
	2	title = "Transactions"
	3	description = "Transaction documentation"
	4	weight = 2
	5	+++
	6
	7	Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
	8	tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
	9	vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
	10	ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
	11