1 files changed, 85 insertions, 0 deletions
diff --git a/site/content/_index.md b/site/content/_index.md
new file mode 100644
index 0000000..4ad0544
--- /dev/null
+++ b/site/content/_index.md
@@ -0,0 +1,85 @@
+++
+title = "Gradecoin"
+sort_by = "weight"
+++
+# Welcome to Gradecoin!
+Blockchains are incredibly simple yet can appear very complicated, we will see how they work and practice programming _production_ cryptography code.
+This server is the sandbox for the PA1, it's currently running the Gradecoin application. Gradecoin is the faux currency we will use to simulate a blockchain network. At the end of the simulation, the amount of Gradecoin you hold will be your PA1 grade.
+**A quick summary**: authenticate yourself to the system using public key encryption.
+Craft [Transaction](@/transaction_docs.md) proposals and tag them using [JWTs](@/JWT.md).
+When there are enough transactions then you can propose [Blocks](@/block_docs.md) in the same way.
+Blocks need to be _mined_ beforehand using Proof-of-work, or brute force.
+Gradecoin offers 3 endpoints at [/register](/register), [/block](/block) and [/transaction](/transaction). You can only send GET requests to /block and /transaction without authorization.
+The server is programmed in [RESTful](https://www.service-architecture.com/articles/web-services/representational_state_transfer_rest.html) architecture, there are no `DELETE`, `PUT` or `UPDATE` operations, though.
+Gradecoin uses a Proof-of-work block accepting mechanism. It uses single round [Blake2s](https://www.blake2.net/) hashing which produces 256-bit (64 hexadecimal characters) output. The [target](https://wiki.bitcoinsv.io/index.php/Target) hash is _24 bits_ or _6 hexadecimal characters_ of 0. During testing, I could mine a block on average around 2-7 minutes.
+> We're expecting you to use existing tools and implementations. Standards are hard. [Don't roll your own crypto](https://www.reddit.com/r/crypto/comments/2coqsy/dont_roll_your_own/). Feel free to ask questions. Collaborate.
+You might ask,
+> But if nobody has any Gradecoin then how do we have transactions?
+There is a bank! Their public key is `31415926535897932384626433832795028841971693993751058209749445923` and they have some amount of Gradecoin preloaded. It's also the only account that you can send transactions requests _to_ yourself.
+# Coinbase
+The first transactions of a block is called the `coinbase`. They are the **author** of the block proposal and if the block is accepted then they get compensated for their efforts with some Gradecoin.
+# Public Key Signatures
+Gradecoin uses 2048 bit RSA keyspairs.
+# Services
+## /register
+- Student creates their own 2048 bit RSA `keypair`
+- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
+- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
+- Their public key is now in our database and can be used to sign their JWT's during requests
+## /transaction
+- You can offer a [Transaction](/transaction) - POST request
+    - The request should have `Authorization`
+    - The request header should be signed by the Public Key of the `by` field in the transaction
+- fetch the list of `Transaction`s - GET request
+## /block
+- offer a [`schema::Block`] - POST request
+    - The request should have `Authorization`
+    - The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
+- fetch the last accepted [`schema::Block`] - GET request
+`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
+# Questions
+## This all sound complicated!
+- I've drawn inspiration from [actual Bitcoin transactions](https://explorer.bitcoin.com/btc) and [warp](https://github.com/seanmonstar/warp/blob/master/examples/todos.rs). The simplicity of the system is how little interfaces it has.
+- Don't know where to start? Gradecoin uses RESTful API; simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
+- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
+- Remember that you are absolutely encouraged to grab off-the-shelf implementations for every cryptography primitive you will use. You can start by finding a code snippet to generate a RSA keypair?
+## I found a bug!
+Thank you! Please [let me know](mailto:yigit@ceng.metu.edu.tr) so we can solve it.
+## I hacked the server!
+That wasn't supposed to happen :( I did not place any intentional vulnerabilities to the system so if you cracked something, it was not intended. Please don't abuse it and let me know so I can patch it.
+## Submission?
+At the end of the _simulation_, your Gradecoin balance will be your grade. I will also expect a unique client programmed in either;
+- c
+- c++
+- perl
+- rust
+- python
+- random assortment of bash scripts
+If your favourite programming language is missing please let me know 🤷?
+## Can my friends play?
+Sadly, no. Student's who are enrolled to the class will receive one-time-passwords for authentication.
+## How and or Why?
+- [Built](https://xkcd.com/2314/), [with](https://lofi.cafe/) [Rust](https://xkcd.com/2418/)

diff --git a/site/content/_index.md b/site/content/_index.md new file mode 100644 index 0000000..4ad0544 --- /dev/null +++ b/site/content/_index.md
@@ -0,0 +1,85 @@
	1	+++
	2	title = "Gradecoin"
	3	sort_by = "weight"
	4	+++
	5
	6	# Welcome to Gradecoin!
	7
	8	Blockchains are incredibly simple yet can appear very complicated, we will see how they work and practice programming _production_ cryptography code.
	9
	10	This server is the sandbox for the PA1, it's currently running the Gradecoin application. Gradecoin is the faux currency we will use to simulate a blockchain network. At the end of the simulation, the amount of Gradecoin you hold will be your PA1 grade.
	11
	12	A quick summary: authenticate yourself to the system using public key encryption.
	13	Craft [Transaction](@/transaction_docs.md) proposals and tag them using [JWTs](@/JWT.md).
	14	When there are enough transactions then you can propose [Blocks](@/block_docs.md) in the same way.
	15	Blocks need to be _mined_ beforehand using Proof-of-work, or brute force.
	16
	17	Gradecoin offers 3 endpoints at [/register](/register), [/block](/block) and [/transaction](/transaction). You can only send GET requests to /block and /transaction without authorization.
	18	The server is programmed in [RESTful](https://www.service-architecture.com/articles/web-services/representational_state_transfer_rest.html) architecture, there are no `DELETE`, `PUT` or `UPDATE` operations, though.
	19
	20	Gradecoin uses a Proof-of-work block accepting mechanism. It uses single round [Blake2s](https://www.blake2.net/) hashing which produces 256-bit (64 hexadecimal characters) output. The [target](https://wiki.bitcoinsv.io/index.php/Target) hash is _24 bits_ or _6 hexadecimal characters_ of 0. During testing, I could mine a block on average around 2-7 minutes.
	21
	22	> We're expecting you to use existing tools and implementations. Standards are hard. [Don't roll your own crypto](https://www.reddit.com/r/crypto/comments/2coqsy/dont_roll_your_own/). Feel free to ask questions. Collaborate.
	23
	24	You might ask,
	25
	26	> But if nobody has any Gradecoin then how do we have transactions?
	27
	28	There is a bank! Their public key is `31415926535897932384626433832795028841971693993751058209749445923` and they have some amount of Gradecoin preloaded. It's also the only account that you can send transactions requests _to_ yourself.
	29
	30	# Coinbase
	31	The first transactions of a block is called the `coinbase`. They are the author of the block proposal and if the block is accepted then they get compensated for their efforts with some Gradecoin.
	32
	33	# Public Key Signatures
	34	Gradecoin uses 2048 bit RSA keyspairs.
	35
	36	# Services
	37	## /register
	38	- Student creates their own 2048 bit RSA `keypair`
	39	- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
	40	- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
	41	- Their public key is now in our database and can be used to sign their JWT's during requests
	42
	43	## /transaction
	44	- You can offer a [Transaction](/transaction) - POST request
	45	- The request should have `Authorization`
	46	- The request header should be signed by the Public Key of the `by` field in the transaction
	47	- fetch the list of `Transaction`s - GET request
	48
	49	## /block
	50	- offer a [`schema::Block`] - POST request
	51	- The request should have `Authorization`
	52	- The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
	53	- fetch the last accepted [`schema::Block`] - GET request
	54
	55	`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
	56
	57	# Questions
	58	## This all sound complicated!
	59	- I've drawn inspiration from [actual Bitcoin transactions](https://explorer.bitcoin.com/btc) and [warp](https://github.com/seanmonstar/warp/blob/master/examples/todos.rs). The simplicity of the system is how little interfaces it has.
	60	- Don't know where to start? Gradecoin uses RESTful API; simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
	61	- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
	62	- Remember that you are absolutely encouraged to grab off-the-shelf implementations for every cryptography primitive you will use. You can start by finding a code snippet to generate a RSA keypair?
	63
	64	## I found a bug!
	65	Thank you! Please [let me know](mailto:yigit@ceng.metu.edu.tr) so we can solve it.
	66
	67	## I hacked the server!
	68	That wasn't supposed to happen :( I did not place any intentional vulnerabilities to the system so if you cracked something, it was not intended. Please don't abuse it and let me know so I can patch it.
	69
	70	## Submission?
	71	At the end of the _simulation_, your Gradecoin balance will be your grade. I will also expect a unique client programmed in either;
	72	- c
	73	- c++
	74	- perl
	75	- rust
	76	- python
	77	- random assortment of bash scripts
	78
	79	If your favourite programming language is missing please let me know 🤷?
	80
	81	## Can my friends play?
	82	Sadly, no. Student's who are enrolled to the class will receive one-time-passwords for authentication.
	83
	84	## How and or Why?
	85	- [Built](https://xkcd.com/2314/), [with](https://lofi.cafe/) [Rust](https://xkcd.com/2418/)