summaryrefslogtreecommitdiffstats
path: root/site/content
diff options
context:
space:
mode:
Diffstat (limited to 'site/content')
-rw-r--r--site/content/JWT.md11
-rw-r--r--site/content/_index.md28
-rw-r--r--site/content/block_docs.md11
-rw-r--r--site/content/register_docs.md42
-rw-r--r--site/content/transaction_docs.md11
5 files changed, 103 insertions, 0 deletions
diff --git a/site/content/JWT.md b/site/content/JWT.md
new file mode 100644
index 0000000..91a7a73
--- /dev/null
+++ b/site/content/JWT.md
@@ -0,0 +1,11 @@
1+++
2title = "JWT"
3description = "JSON Web Token Documentation"
4weight = 5
5+++
6
7Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
8tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
9vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
10ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
11
diff --git a/site/content/_index.md b/site/content/_index.md
new file mode 100644
index 0000000..7dd7a7c
--- /dev/null
+++ b/site/content/_index.md
@@ -0,0 +1,28 @@
1+++
2title = "Gradecoin"
3sort_by = "weight"
4+++
5
6- Don't know where to start? Gradecoin uses RESTful API, simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
7- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
8
9# Services
10## /register
11- Student creates their own 2048 bit RSA `keypair`
12- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
13- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
14- Their public key is now in our database and can be used to sign their JWT's during requests
15
16## /transaction
17- You can offer a [Transaction](/transaction) - POST request
18 - The request should have `Authorization`
19 - The request header should be signed by the Public Key of the `by` field in the transaction
20- fetch the list of `Transaction`s - GET request
21
22## /block
23- offer a [`schema::Block`] - POST request
24 - The request should have `Authorization`
25 - The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
26- fetch the last accepted [`schema::Block`] - GET request
27
28`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
diff --git a/site/content/block_docs.md b/site/content/block_docs.md
new file mode 100644
index 0000000..26803bd
--- /dev/null
+++ b/site/content/block_docs.md
@@ -0,0 +1,11 @@
1+++
2title = "Blocks"
3description = "Block Documentation"
4weight = 2
5+++
6
7Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
8tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
9vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
10ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
11
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
new file mode 100644
index 0000000..45571fb
--- /dev/null
+++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
1+++
2title = "Register"
3description = "Register Documentation"
4weight = 3
5+++
6
7POST request to /register endpoint
8Lets a [`User`] (=student) to authenticate themselves to the system
9This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
10the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
11
12# Authentication Process
13- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
14- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
15
16- Student picks a short temporary key (`k_temp`)
17- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
18{
19 student_id: "e12345",
20 passwd: "15 char secret"
21 public_key: "---BEGIN PUBLIC KEY..."
22}
23
24- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
25- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
26using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
27- The payload JSON object (`auth_request`) can be JSON serialized now:
28{
29 c: "auth_ciphertext"
30 key: "key_ciphertext"
31}
32
33## Gradecoin Side
34
35- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
36- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
37auth_plaintext
38- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
39- We then verify the payload and calculate the User fingerprint
40- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
41
42
diff --git a/site/content/transaction_docs.md b/site/content/transaction_docs.md
new file mode 100644
index 0000000..6607fe9
--- /dev/null
+++ b/site/content/transaction_docs.md
@@ -0,0 +1,11 @@
1+++
2title = "Transactions"
3description = "Transaction documentation"
4weight = 2
5+++
6
7Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
8tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
9vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
10ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
11