1 files changed, 57 insertions, 5 deletions
diff --git a/site/public/jwt/index.html b/site/public/jwt/index.html
index 899aada..c32fb31 100644
--- a/site/public/jwt/index.html
+++ b/site/public/jwt/index.html
@@ -66,14 +66,66 @@
        
        
        
+        
+        <div class="toc">
+            <div class="toc-sticky">
+                
+                <div class="toc-item">
+                    <a class="subtext" href="http://localhost:8080/jwt/#how">How?</a>
+                </div>
+                
+                
+                <div class="toc-item">
+                    <a class="subtext" href="http://localhost:8080/jwt/#algorithm">Algorithm</a>
+                </div>
+                
+                
+                <div class="toc-item">
+                    <a class="subtext" href="http://localhost:8080/jwt/#references">References</a>
+                </div>
+                
+                
+            </div>
+        </div>
+        
+        
        <div class="content text">
            
 <div class="heading-text">JSON Web Token Documentation</div>
-<p>Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+<blockquote>
-tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+<p>JSON Web Tokens are representations of claims, or authorization proofs that fit into the <code>Header</code> of HTTP requests.</p>
-vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+</blockquote>
-ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>
+<h1 id="how">How?</h1>
+<p>JWTs are used as the <a href="https://en.wikipedia.org/wiki/Message_authentication_code">MAC</a> of operations that require authorization:</p>
+<ul>
+<li>block proposal</li>
+<li>transaction proposal.</li>
+</ul>
+<p>They are send alongside the JSON request body in the <code>Header</code>;</p>
+<pre style="background-color:#ffffff;">
+<code class="language-html" data-lang="html"><span style="color:#545052;">Authorization: Bearer aaaaaa.bbbbbb.ccccc
+</span></code></pre>
+<p>Gradecoin uses 3 fields for the JWTs;</p>
+<pre style="background-color:#ffffff;">
+<code class="language-json" data-lang="json"><span style="color:#545052;">{
+&quot;</span><span style="color:#009854;">tha</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">Hash of the payload, check invididual references</span><span style="color:#545052;">&quot;,
+&quot;</span><span style="color:#009854;">iat</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">Issued At, Unix Time</span><span style="color:#545052;">&quot;,
+&quot;</span><span style="color:#009854;">exp</span><span style="color:#545052;">&quot;: &quot;</span><span style="color:#009854;">Expiration Time, epoch</span><span style="color:#545052;">&quot;
+}
+</span></code></pre>
+<ul>
+<li><code>tha</code> is explained in <a href="http://localhost:8080/block-docs/">blocks</a> and <a href="http://localhost:8080/transaction-docs/">transactions</a> documentations.</li>
+<li><code>iat</code> when the JWT was created in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a> format</li>
+<li><code>exp</code> when the JWT will expire &amp; be rejected in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a></li>
+</ul>
+<h1 id="algorithm">Algorithm</h1>
+<p>We are using <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1">RS256</a>, <code>RSASSA-PKCS1-v1_5 using SHA-256</code>. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works <a href="https://jwt.io/">here</a>.</p>
+<h1 id="references">References</h1>
+<ul>
+<li><a href="https://tools.ietf.org/html/rfc7519">RFC, the ultimate reference</a></li>
+<li><a href="https://jwt.io/">JWT Debugger</a></li>
+</ul>
        </div>
@@ -84,7 +136,7 @@ ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>
    
 <footer>
-    ⁂
+Built For ⁂ CENG489 ⁂ Introduction to Computer Security
 </footer>
 </body>

diff --git a/site/public/jwt/index.html b/site/public/jwt/index.html index 899aada..c32fb31 100644 --- a/site/public/jwt/index.html +++ b/site/public/jwt/index.html
@@ -66,14 +66,66 @@
66		66
67		67
68		68
		69
		70	<div class="toc">
		71	<div class="toc-sticky">
		72
		73	<div class="toc-item">
		74	<a class="subtext" href="http://localhost:8080/jwt/#how">How?</a>
		75	</div>
		76
		77
		78	<div class="toc-item">
		79	<a class="subtext" href="http://localhost:8080/jwt/#algorithm">Algorithm</a>
		80	</div>
		81
		82
		83	<div class="toc-item">
		84	<a class="subtext" href="http://localhost:8080/jwt/#references">References</a>
		85	</div>
		86
		87
		88	</div>
		89	</div>
		90
		91
69		92
70	<div class="content text">	93	<div class="content text">
71		94
72	<div class="heading-text">JSON Web Token Documentation</div>	95	<div class="heading-text">JSON Web Token Documentation</div>
73	<p>Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod	96	<blockquote>
74	tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At	97	<p>JSON Web Tokens are representations of claims, or authorization proofs that fit into the <code>Header</code> of HTTP requests.</p>
75	vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd	98	</blockquote>
76	ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>	99	<h1 id="how">How?</h1>
		100	<p>JWTs are used as the <a href="https://en.wikipedia.org/wiki/Message_authentication_code">MAC</a> of operations that require authorization:</p>
		101	<ul>
		102	<li>block proposal</li>
		103	<li>transaction proposal.</li>
		104	</ul>
		105	<p>They are send alongside the JSON request body in the <code>Header</code>;</p>
		106	<pre style="background-color:#ffffff;">
		107	<code class="language-html" data-lang="html"><span style="color:#545052;">Authorization: Bearer aaaaaa.bbbbbb.ccccc
		108	</span></code></pre>
		109	<p>Gradecoin uses 3 fields for the JWTs;</p>
		110	<pre style="background-color:#ffffff;">
		111	<code class="language-json" data-lang="json"><span style="color:#545052;">{
		112	"</span><span style="color:#009854;">tha</span><span style="color:#545052;">": "</span><span style="color:#009854;">Hash of the payload, check invididual references</span><span style="color:#545052;">",
		113	"</span><span style="color:#009854;">iat</span><span style="color:#545052;">": "</span><span style="color:#009854;">Issued At, Unix Time</span><span style="color:#545052;">",
		114	"</span><span style="color:#009854;">exp</span><span style="color:#545052;">": "</span><span style="color:#009854;">Expiration Time, epoch</span><span style="color:#545052;">"
		115	}
		116	</span></code></pre>
		117	<ul>
		118	<li><code>tha</code> is explained in <a href="http://localhost:8080/block-docs/">blocks</a> and <a href="http://localhost:8080/transaction-docs/">transactions</a> documentations.</li>
		119	<li><code>iat</code> when the JWT was created in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a> format</li>
		120	<li><code>exp</code> when the JWT will expire & be rejected in <a href="https://en.wikipedia.org/wiki/Unix_time">Unix Time</a></li>
		121	</ul>
		122	<h1 id="algorithm">Algorithm</h1>
		123	<p>We are using <a href="https://www.rfc-editor.org/rfc/rfc7518.html#section-3.1">RS256</a>, <code>RSASSA-PKCS1-v1_5 using SHA-256</code>. The JWTs you encode with your private RSA key will be decoded using the public key you have authenticated with. You can see how the process works <a href="https://jwt.io/">here</a>.</p>
		124	<h1 id="references">References</h1>
		125	<ul>
		126	<li><a href="https://tools.ietf.org/html/rfc7519">RFC, the ultimate reference</a></li>
		127	<li><a href="https://jwt.io/">JWT Debugger</a></li>
		128	</ul>
77		129
78		130
79	</div>	131	</div>
@@ -84,7 +136,7 @@ ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p>
84		136
85		137
86	<footer>	138	<footer>
87	⁂	139	Built For ⁂ CENG489 ⁂ Introduction to Computer Security
88	</footer>	140	</footer>
89		141
90	</body>	142	</body>