feat: add custom issuer guard (jwt-guard)

contracts/Cargo.toml

@@ -1,10 +1,11 @@
 [workspace]
 members = [
     "./attestation",
-    "./auth0-guard",
+    "./jwt-guards/base-jwt-guard",
+    "./jwt-guards/auth0-guard",
+    "./jwt-guards/firebase-guard",
+    "./jwt-guards/jwt-guard",
     "./fa",
-    "./firebase-guard",
-    "./jwt-guard",
     "./jwt-guard-router",
     "./mocks/external-guard",
     "./mocks/mpc",

contracts/auth0-guard/Cargo.toml → contracts/jwt-guards/auth0-guard/Cargo.toml

@@ -33,7 +33,7 @@ container_build_command = [
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
-jwt_guard = { path = "../jwt-guard" }
+base-jwt-guard = { path = "../base-jwt-guard" }
 near-sdk = "5.9"
 serde = { version = "1", features = ["derive"] }
 borsh = { version = "1.3.1", features = ["unstable__schema"] }

contracts/firebase-guard/package.json → contracts/jwt-guards/auth0-guard/package.json

@@ -1,5 +1,5 @@
 {
-    "name": "@contracts/firebase-guard",
+    "name": "@contracts/auth0-guard",
     "version": "0.0.0",
     "description": "",
     "scripts": {

contracts/auth0-guard/src/lib.rs → contracts/jwt-guards/auth0-guard/src/lib.rs

@@ -2,8 +2,8 @@
 use near_sdk::{near, AccountId, env, Promise, NearToken, Gas};
 use near_sdk::serde_json;
 use serde::{Deserialize, Serialize};
-use jwt_guard::{JwtGuard, JwtPublicKey};
-use jwt_guard::assert_valid_public_key;
+use base_jwt_guard::{JwtGuard, JwtPublicKey};
+use base_jwt_guard::assert_valid_public_key;
 const MIGRATION_TGAS: u64 = 10;
 
 /// Custom claims structure for FastAuth Auth0 JWT tokens

contracts/auth0-guard/tests/test_integration.rs → contracts/jwt-guards/auth0-guard/tests/test_integration.rs

@@ -1,5 +1,5 @@
 use near_sdk::serde_json::json;
-use jwt_guard::JwtPublicKey;
+use base_jwt_guard::JwtPublicKey;
 
 #[tokio::test]
 async fn test_verify_signature_should_pass() -> Result<(), Box<dyn std::error::Error>> {
@@ -304,7 +304,7 @@ async fn test_set_public_key_should_fail_even_modulus() -> Result<(), Box<dyn st
     let new_e = vec![3];
 
     let outcome = owner_account
-        .call(contract.id(), "set_public_key"s)
+        .call(contract.id(), "set_public_keys")
         .args_json(json!({
             "public_keys": vec![json!({"n": even_n, "e": new_e})]
         }))

contracts/jwt-guard/Cargo.toml → contracts/jwt-guards/base-jwt-guard/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
-name = "jwt_guard"
-description = "jwt_guard"
+name = "base-jwt-guard"
+description = "base-jwt-guard"
 version = "0.1.0-rc.1"
 edition = "2021"
 repository = "https://github.com/Peersyst/fast-auth"

contracts/jwt-guard/README.md → contracts/jwt-guards/base-jwt-guard/README.md

@@ -1,4 +1,4 @@
-# contracts/jwt-guard
+# contracts/base-jwt-guard
 
 A NEAR contract that verifies JWT tokens signed with RS256 algorithm.
 

contracts/jwt-guards/base-jwt-guard/package.json

@@ -0,0 +1,13 @@
+{
+    "name": "@contracts/base-jwt-guard",
+    "version": "0.0.0",
+    "description": "",
+    "scripts": {
+        "build": "cargo build",
+        "test": "cargo test",
+        "lint": "cargo clippy -- -D warnings"
+    },
+    "keywords": [],
+    "author": "",
+    "license": "ISC"
+}

contracts/firebase-guard/Cargo.toml → contracts/jwt-guards/firebase-guard/Cargo.toml

@@ -33,7 +33,7 @@ container_build_command = [
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
-jwt_guard = { path = "../jwt-guard" }
+base-jwt-guard = { path = "../base-jwt-guard" }
 near-sdk = "5.9"
 near-contract-standards = "5.17.2"
 near-plugins = { git = "https://github.com/Near-One/near-plugins", tag = "v0.5.0" }

contracts/firebase-guard/src/config.rs → contracts/jwt-guards/firebase-guard/src/config.rs

@@ -1,6 +1,6 @@
 use near_sdk::{near, AccountId};
 use std::collections::{HashMap, HashSet};
-use jwt_guard::{JwtPublicKey, assert_valid_public_key};
+use base_jwt_guard::{JwtPublicKey, assert_valid_public_key};
 use crate::{
     error::FirebaseGuardError,
     require_err,
@@ -51,16 +51,16 @@ impl RolesConfig {
             FirebaseGuardError::SuperAdminsMustBeNonEmpty
         );
         for super_admin in self.super_admins.iter() {
-            assert_valid_account_id(&super_admin);
+            assert_valid_account_id(super_admin);
         }
         for account_ids in self.admins.values() {
             for account_id in account_ids.iter() {
-                assert_valid_account_id(&account_id);
+                assert_valid_account_id(account_id);
             }
         }
         for account_ids in self.grantees.values() {
             for account_id in account_ids.iter() {
-                assert_valid_account_id(&account_id);
+                assert_valid_account_id(account_id);
             }
         }
     }

contracts/firebase-guard/src/error.rs → contracts/jwt-guards/firebase-guard/src/error.rs

@@ -7,11 +7,6 @@ pub enum FirebaseGuardError {
     ContractAlreadyInitialized,
     InvalidAccountId,
 
-    // PublicKey
-    InvalidPublicKeyNLength,
-    InvalidPublicKeyNOdd,
-    InvalidPublicKeyELength,
-
     // ACL
     SuperAdminsMustBeNonEmpty,
     FailedToInitializeSuperAdmin,
@@ -27,11 +22,6 @@ impl fmt::Display for FirebaseGuardError {
             ContractAlreadyInitialized => write!(f, "Contract is already initialized"),
             InvalidAccountId => write!(f, "The account ID is invalid"),
 
-            // Amount
-            InvalidPublicKeyNLength => write!(f, "The n factor of the public key must be 2048 bits"),
-            InvalidPublicKeyNOdd => write!(f, "The n factor of the public key must be odd"),
-            InvalidPublicKeyELength => write!(f, "The e factor of the public key must be 3 bytes long"),
-
             // ACL
             SuperAdminsMustBeNonEmpty => write!(f, "The super admins must be a non-empty set"),
             FailedToInitializeSuperAdmin => write!(f, "Failed to initialize super admin"),
@@ -41,13 +31,6 @@ impl fmt::Display for FirebaseGuardError {
     }
 }
 
-impl FirebaseGuardError {
-    #[inline]
-    pub fn msg(&self) -> String {
-        self.to_string()
-    }
-}
-
 /// Use typed errors with NEAR's `require!` internally.
 /// Example: `require_err!(amount > 0, StakingDistributorError::InvalidAmount);`
 #[macro_export]

contracts/firebase-guard/src/lib.rs → contracts/jwt-guards/firebase-guard/src/lib.rs

@@ -2,11 +2,11 @@ use std::slice::Iter;
 use borsh::{BorshDeserialize};
 use near_sdk::{near, AccountId, env, NearToken, PanicOnDefault, Promise, Gas, ext_contract};
 use near_sdk::env::sha256;
-use jwt_guard::{JwtGuard, JwtPublicKey};
-use jwt_guard::assert_valid_public_key;
+use base_jwt_guard::{JwtGuard, JwtPublicKey};
+use base_jwt_guard::assert_valid_public_key;
 use near_contract_standards::storage_management::{StorageBalance, StorageBalanceBounds, StorageManagement};
 use near_sdk::json_types::{U128};
-use near_plugins::{access_control, access_control_any, AccessControlRole, AccessControllable, Pausable, Upgradable};
+use near_plugins::{access_control, access_control_any, AccessControlRole, AccessControllable, Upgradable};
 use schemars::JsonSchema;
 use crate::config::{FirebaseGuardConfig, RolesConfig};
 use crate::error::FirebaseGuardError;
@@ -116,7 +116,7 @@ impl FirebaseGuard {
 
         for super_admin in roles.super_admins.iter() {
             require_err!(
-                acl.add_super_admin_unchecked(&super_admin),
+                acl.add_super_admin_unchecked(super_admin),
                 FirebaseGuardError::FailedToInitializeSuperAdmin
             );
         }
@@ -144,7 +144,7 @@ impl FirebaseGuard {
     /// * `U128` - The current storage usage of the contract in bytes
     ///
     pub fn get_account_storage_usage(&self) -> U128 {
-        self.account_storage_usage.clone()
+        self.account_storage_usage
     }
 
     /// Claims an OIDC token by storing its hash for the caller.
@@ -330,7 +330,7 @@ impl StorageManagement for FirebaseGuard {
     fn storage_deposit(
         &mut self,
         account_id: Option<AccountId>,
-        registration_only: Option<bool>,
+        _registration_only: Option<bool>,
     ) -> StorageBalance {
         self.internal_storage_deposit(account_id)
     }
@@ -361,7 +361,7 @@ impl StorageManagement for FirebaseGuard {
     /// # Panics
     /// Panics if the account is not registered.
     #[payable]
-    fn storage_unregister(&mut self, force: Option<bool>) -> bool {
+    fn storage_unregister(&mut self, _force: Option<bool>) -> bool {
         self.internal_storage_unregister()
     }
 

contracts/firebase-guard/src/storage_impl.rs → contracts/jwt-guards/firebase-guard/src/storage_impl.rs

@@ -1,6 +1,6 @@
 use crate::{FirebaseGuard};
-use near_contract_standards::storage_management::{StorageBalance, StorageBalanceBounds, StorageManagement};
-use near_sdk::{assert_one_yocto, env, log, near, AccountId, NearToken, Promise, StorageUsage};
+use near_contract_standards::storage_management::{StorageBalance, StorageBalanceBounds};
+use near_sdk::{assert_one_yocto, env, log, AccountId, NearToken, Promise};
 
 impl FirebaseGuard {
     /// Internal method that returns the Account ID and the balance in case the account was
@@ -12,7 +12,7 @@ impl FirebaseGuard {
         let account_id = env::predecessor_account_id();
         if let Some(_jwt_hash) = self.jwt_claims.get(&account_id) {
             self.jwt_claims.remove(&account_id);
-            Promise::new(account_id.clone()).transfer(
+            let _ = Promise::new(account_id.clone()).transfer(
                 self.internal_storage_balance_bounds().min.saturating_add(NearToken::from_yoctonear(1)),
             );
             true
@@ -51,7 +51,7 @@ impl FirebaseGuard {
         if self.jwt_claims.contains_key(&account_id) {
             log!("The account is already registered, refunding the deposit");
             if amount > NearToken::from_near(0) {
-                Promise::new(env::predecessor_account_id()).transfer(amount);
+                let _ = Promise::new(env::predecessor_account_id()).transfer(amount);
             }
         } else {
             let min_balance = self.internal_storage_balance_bounds().min;
@@ -62,7 +62,7 @@ impl FirebaseGuard {
             self.internal_register_account(&account_id);
             let refund = amount.saturating_sub(min_balance);
             if refund > NearToken::from_near(0) {
-                Promise::new(env::predecessor_account_id()).transfer(refund);
+                let _ = Promise::new(env::predecessor_account_id()).transfer(refund);
             }
         }
         self.internal_storage_balance_of(&account_id).unwrap()

contracts/firebase-guard/src/utils/utils.rs → contracts/jwt-guards/firebase-guard/src/utils/assert.rs

@@ -1,6 +1,4 @@
-use crypto_bigint::{BoxedUint, Odd};
 use near_sdk::{env, AccountId};
-use jwt_guard::JwtPublicKey;
 use crate::{error::FirebaseGuardError, require_err};
 
 /// Asserts that the account ID is valid

contracts/jwt-guards/firebase-guard/src/utils/mod.rs

@@ -0,0 +1,3 @@
+pub mod assert;
+
+pub use assert::*;

contracts/firebase-guard/tests/test_integration.rs → contracts/jwt-guards/firebase-guard/tests/test_integration.rs

@@ -1,9 +1,7 @@
-use near_sdk::base64;
-use near_sdk::base64::Engine;
 use near_sdk::env::sha256;
 use near_sdk::serde_json::json;
 use near_workspaces::{Account, Contract};
-use jwt_guard::JwtPublicKey;
+use base_jwt_guard::JwtPublicKey;
 
 async fn deploy_contract() -> Result<(Account, Contract), Box<dyn std::error::Error>> {
     let contract_wasm = near_workspaces::compile_project("./").await?;

contracts/jwt-guards/jwt-guard/.gitignore

@@ -0,0 +1 @@
+/target