From 376ec590ea5da21315a37292817997352e58dee6 Mon Sep 17 00:00:00 2001
From: Yigit Sever
Date: Thu, 15 Apr 2021 03:39:36 +0300
Subject: Create the static site

DON'T FORGET TO CHANGE site/config.toml BEFORE DEPLOYMENT
---
 site/content/JWT.md              | 11 +++++++++++
 site/content/_index.md           | 28 +++++++++++++++++++++++++++
 site/content/block_docs.md       | 11 +++++++++++
 site/content/register_docs.md    | 42 ++++++++++++++++++++++++++++++++++++++++
 site/content/test_page.md        | 11 -----------
 site/content/transaction_docs.md | 11 +++++++++++
 6 files changed, 103 insertions(+), 11 deletions(-)
 create mode 100644 site/content/JWT.md
 create mode 100644 site/content/_index.md
 create mode 100644 site/content/block_docs.md
 create mode 100644 site/content/register_docs.md
 delete mode 100644 site/content/test_page.md
 create mode 100644 site/content/transaction_docs.md

(limited to 'site/content')

diff --git a/site/content/JWT.md b/site/content/JWT.md
new file mode 100644
index 0000000..91a7a73
--- /dev/null
+++ b/site/content/JWT.md
@@ -0,0 +1,11 @@
++++
+title = "JWT"
+description = "JSON Web Token Documentation"
+weight = 5
++++
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
+
diff --git a/site/content/_index.md b/site/content/_index.md
new file mode 100644
index 0000000..7dd7a7c
--- /dev/null
+++ b/site/content/_index.md
@@ -0,0 +1,28 @@
++++
+title = "Gradecoin"
+sort_by = "weight"
++++
+
+- Don't know where to start? Gradecoin uses RESTful API, simple `curl` commands or even your browser will work! [This website can help as well](https://curl.trillworks.com/).
+- [JWT Debugger](https://jwt.io) and the corresponding [RFC](https://tools.ietf.org/html/rfc7519)
+
+# Services
+## /register
+- Student creates their own 2048 bit RSA `keypair`
+- Downloads `Gradecoin`'s Public Key from [Moodle](https://odtuclass.metu.edu.tr/my/)
+- Encrypts their JSON wrapped `Public Key`, `Student ID` and one time `passwd` using Gradecoin's Public Key
+- Their public key is now in our database and can be used to sign their JWT's during requests
+
+## /transaction
+- You can offer a [Transaction](/transaction) - POST request
+    - The request should have `Authorization`
+    - The request header should be signed by the Public Key of the `by` field in the transaction
+- fetch the list of `Transaction`s - GET request
+
+## /block
+- offer a [`schema::Block`] - POST request
+    - The request should have `Authorization`
+    - The [`schema::Block::transaction_list`] of the block should be a subset of [`schema::Db::pending_transactions`]
+- fetch the last accepted [`schema::Block`] - GET request
+
+`Authorization`: The request header should have Bearer JWT.Token signed with Student Public Key
diff --git a/site/content/block_docs.md b/site/content/block_docs.md
new file mode 100644
index 0000000..26803bd
--- /dev/null
+++ b/site/content/block_docs.md
@@ -0,0 +1,11 @@
++++
+title = "Blocks"
+description = "Block Documentation"
+weight = 2
++++
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
+
diff --git a/site/content/register_docs.md b/site/content/register_docs.md
new file mode 100644
index 0000000..45571fb
--- /dev/null
+++ b/site/content/register_docs.md
@@ -0,0 +1,42 @@
++++
+title = "Register"
+description = "Register Documentation"
+weight = 3
++++
+
+POST request to /register endpoint
+Lets a [`User`] (=student) to authenticate themselves to the system
+This `request` can be rejected if the payload is malformed (=not authenticated properly) or if
+the [`AuthRequest.user_id`] of the `request` is not in the list of users that can hold a Gradecoin account
+
+# Authentication Process
+- Gradecoin's Public Key (`gradecoin_public_key`) is listed on moodle.
+- Gradecoin's Private Key (`gradecoin_private_key`) is loaded here
+
+- Student picks a short temporary key (`k_temp`)
+- Creates a JSON object (`auth_plaintext`) with their `metu_id` and `public key` in base64 (PEM) format (`S_PK`):
+{
+    student_id: "e12345",
+    passwd: "15 char secret"
+    public_key: "---BEGIN PUBLIC KEY..."
+}
+
+- Encrypts the serialized string of `auth_plaintext` with 128 bit block AES in CBC mode with Pkcs7 padding using the temporary key (`k_temp`), the result is `auth_ciphertext` TODO should this be base64'd?
+- The temporary key student has picked `k_temp` is encrypted using RSA with OAEP padding scheme
+using sha256 with `gradecoin_public_key` (TODO base64? same as above), giving us `key_ciphertext`
+- The payload JSON object (`auth_request`) can be JSON serialized now:
+{
+    c: "auth_ciphertext"
+    key: "key_ciphertext"
+}
+
+## Gradecoin Side
+
+- Upon receiving, we first RSA decrypt with OAEP padding scheme using SHA256 with `gradecoin_private_key` as the key and auth_request.key `key` as the ciphertext, receiving `temp_key` (this is the temporary key chosen by stu
+- With `temp_key`, we can AES 128 Cbc Pkcs7 decrypt the `auth_request.c`, giving us
+auth_plaintext
+- The `auth_plaintext` String can be deserialized to [`AuthRequest`]
+- We then verify the payload and calculate the User fingerprint
+- Finally, create the new [`User`] object, insert to users HashMap `<fingerprint, User>`
+
+
diff --git a/site/content/test_page.md b/site/content/test_page.md
deleted file mode 100644
index 1402f9f..0000000
--- a/site/content/test_page.md
+++ /dev/null
@@ -1,11 +0,0 @@
-+++
-title = "Changelog"
-description = "Changelog"
-weight = 2
-+++
-
-Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
-tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
-vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
-ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
-
diff --git a/site/content/transaction_docs.md b/site/content/transaction_docs.md
new file mode 100644
index 0000000..6607fe9
--- /dev/null
+++ b/site/content/transaction_docs.md
@@ -0,0 +1,11 @@
++++
+title = "Transactions"
+description = "Transaction documentation"
+weight = 2
++++
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod
+tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At
+vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd
+ubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.
+
-- 
cgit v1.2.3-70-g09d2