Add signature verification of access token

Author: hesusruiz

.vscode/launch.json

@@ -0,0 +1,17 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+
+        {
+            "name": "ISBETMF",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "cmd/isbetmf/main.go",
+            "args": ["-d"]
+        }
+    ]
+}

Dockerfile

@@ -0,0 +1,32 @@
+# Build stage
+FROM golang:1.24.2-alpine AS builder
+
+# Install build tools for CGO
+RUN apk add --no-cache gcc musl-dev
+
+WORKDIR /app
+
+# Copy go.mod and go.sum files to download dependencies
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy the rest of the source code
+COPY . .
+
+# Build the binary with CGO enabled
+# -ldflags="-w -s" strips debug information and symbols, reducing the binary size
+RUN go build -ldflags="-w -s" -o /isbetmf ./cmd/isbetmf
+
+# Final stage
+FROM alpine:latest
+
+WORKDIR /
+COPY --from=builder /isbetmf /isbetmf
+COPY www /www
+
+
+# Expose the port the server runs on
+EXPOSE 9991
+
+# Run the binary
+ENTRYPOINT ["/isbetmf"]

tmf.db renamed to cmd/isbetmf/isbetmf.db

@@ -7,20 +7,21 @@ import (
 	"log/slog"
 
 	"github.com/gofiber/fiber/v2"
-	echohandler "github.com/hesusruiz/isbetmf/tmfserver/handler/echo"
+	"github.com/hesusruiz/isbetmf/pdp"
 	fiberhandler "github.com/hesusruiz/isbetmf/tmfserver/handler/fiber"
 	repository "github.com/hesusruiz/isbetmf/tmfserver/repository"
 	service "github.com/hesusruiz/isbetmf/tmfserver/service"
 	"github.com/jmoiron/sqlx"
-	"github.com/labstack/echo/v4"
 	_ "github.com/mattn/go-sqlite3"
 	"gitlab.com/greyxor/slogor"
 )
 
 func main() {
 	// Configure slog logger
 	var debugFlag bool
+	var verifierServer string
 	flag.BoolVar(&debugFlag, "d", false, "Enable debug logging")
+	flag.StringVar(&verifierServer, "verifier", "https://verifier.dome-marketplace.eu", "Full URL of the verifier which signs access tokens")
 	flag.Parse()
 
 	var logLevel slog.Level
@@ -30,11 +31,11 @@ func main() {
 		logLevel = slog.LevelInfo
 	}
 
-	handler := slogor.NewHandler(os.Stdout, slogor.SetLevel(logLevel))
+	handler := slogor.NewHandler(os.Stdout, slogor.ShowSource(), slogor.SetLevel(logLevel))
 	slog.SetDefault(slog.New(handler))
 
 	// Connect to the database
-	db, err := sqlx.Connect("sqlite3", "tmf.db")
+	db, err := sqlx.Connect("sqlite3", "isbetmf.db")
 	if err != nil {
 		slog.Error("failed to connect to database", slog.Any("error", err))
 		os.Exit(1)
@@ -48,27 +49,31 @@ func main() {
 		os.Exit(1)
 	}
 
+	// Create the PDP (aka rules engine)
+	rulesEngine, err := pdp.NewPDP(&pdp.Config{
+		PolicyFileName: "auth_policies.star",
+		VerifierServer: verifierServer,
+		Debug:          debugFlag,
+	})
+	if err != nil {
+		slog.Error("failed to create rules engine", slog.Any("error", err))
+		os.Exit(1)
+	}
+
 	// Create the service
-	s := service.NewService(db)
+	s := service.NewService(db, rulesEngine, verifierServer)
+
+	app := fiber.New()
+
+	// Serve the OpenAPI UI
+	app.Static("/oapi", "./www/oapiui")
 
-	// Create and run the Fiber server
-	go func() {
-		app := fiber.New()
-		h := fiberhandler.NewHandler(s)
-		h.RegisterRoutes(app)
-		slog.Info("Fiber server starting", slog.String("port", ":9991"))
-		app.Listen(":9991")
-	}()
+	// Create handler and set the routes for the APIs
+	h := fiberhandler.NewHandler(s)
+	h.RegisterRoutes(app)
 
-	// Create and run the Echo server
-	go func() {
-		e := echo.New()
-		h := echohandler.NewHandler(s)
-		h.RegisterRoutes(e)
-		slog.Info("Echo server starting", slog.String("port", ":9992"))
-		e.Logger.Fatal(e.Start(":9992"))
-	}()
+	// And start the server
+	slog.Info("TMF API server starting", slog.String("port", ":9991"))
+	app.Listen("0.0.0.0:9991")
 
-	// Wait indefinitely
-	select {}
 }

tmf.db-shm renamed to cmd/isbetmf/isbetmf.db-shm

@@ -17,10 +17,10 @@ import (
 
 type Config struct {
 
-	// DOME operator did
-	// TODO: set the proper identification when the DOME foundation is created
-	DOMEOperatorDid  string
-	DOMEOperatorName string
+	// Server operator did
+	// TODO: set the proper identification when the legal entity operating the server is created
+	ServerOperatorDid  string
+	ServerOperatorName string
 
 	// Indicates the environment (SBX, DEV2, PRO, LCL) where the proxy is running.
 	// It is used to determine the DOME host and the database name.
@@ -86,8 +86,10 @@ type Config struct {
 
 // TODO: These are here until the DOME foundation is created and the DOME operator did is set.
 const (
-	DOMEOperatorDid  = "did:elsi:VATES-11111111K"
-	DOMEOperatorName = "DOME Foundation"
+	ServerOperatorOrganizationIdentifier = "VATES-11111111K"
+	ServerOperatorDid                    = "did:elsi:VATES-11111111K"
+	ServerOperatorName                   = "ISBE Foundation"
+	ServerOperatorCountry                = "ES"
 )
 
 type Environment int

cmd/isbetmf/isbetmf.db-wal

@@ -0,0 +1,7 @@
+services:
+  isbetmf:
+    build: .
+    ports:
+      - "9991:9991"
+    environment:
+      - MY_ENV_VAR=some_value