add registration timeout

config.yaml

@@ -11,6 +11,7 @@ verifier:
     sha256: "./sha256_verification_key.json"
   master_certs_path: "./masterList.dev.pem"
   allowed_age: 18
+  registration_timeout: 1h
 
 issuer:
   base_url: "http://localhost:3002/v1"

internal/assets/migrations/001_initial.sql

@@ -3,7 +3,8 @@ create table claims(
     id            uuid primary key,
     user_did      text not null,
     issuer_did    text not null,
-    document_hash text not null
+    document_hash text not null,
+    created_at    timestamp default now()
 );
 
 -- +migrate Down

internal/config/verifier.go

@@ -1,20 +1,23 @@
 package config
 
 import (
+	"os"
+	"time"
+
 	"gitlab.com/distributed_lab/figure/v3"
 	"gitlab.com/distributed_lab/kit/comfig"
 	"gitlab.com/distributed_lab/kit/kv"
-	"os"
 )
 
 type VerifierConfiger interface {
 	VerifierConfig() *VerifierConfig
 }
 
 type VerifierConfig struct {
-	VerificationKeys map[string][]byte
-	MasterCerts      []byte
-	AllowedAge       int
+	VerificationKeys    map[string][]byte
+	MasterCerts         []byte
+	AllowedAge          int
+	RegistrationTimeout time.Duration
 }
 
 type verifier struct {
@@ -34,10 +37,12 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 			VerificationKeysPaths map[string]string `fig:"verification_keys_paths,required"`
 			MasterCertsPath       string            `fig:"master_certs_path,required"`
 			AllowedAge            int               `fig:"allowed_age,required"`
+			RegistrationTimeout   time.Duration     `fig:"registration_timeout"`
 		}{}
 
 		err := figure.
 			Out(&newCfg).
+			With(figure.BaseHooks).
 			From(kv.MustGetStringMap(v.getter, "verifier")).
 			Please()
 		if err != nil {
@@ -60,9 +65,10 @@ func (v *verifier) VerifierConfig() *VerifierConfig {
 		}
 
 		return &VerifierConfig{
-			VerificationKeys: verificationKeys,
-			MasterCerts:      masterCerts,
-			AllowedAge:       newCfg.AllowedAge,
+			VerificationKeys:    verificationKeys,
+			MasterCerts:         masterCerts,
+			AllowedAge:          newCfg.AllowedAge,
+			RegistrationTimeout: newCfg.RegistrationTimeout,
 		}
 	}).(*VerifierConfig)
 }

internal/data/claims.go

@@ -1,6 +1,9 @@
 package data
 
-import "github.com/google/uuid"
+import (
+	"github.com/google/uuid"
+	"time"
+)
 
 type ClaimQ interface {
 	New() ClaimQ
@@ -18,4 +21,5 @@ type Claim struct {
 	UserDID      string    `db:"user_did" structs:"user_did"`
 	IssuerDID    string    `db:"issuer_did" structs:"issuer_did"`
 	DocumentHash string    `db:"document_hash" structs:"document_hash"`
+	CreatedAt    time.Time `db:"created_at" structs:"-"`
 }

internal/service/api/handlers/create_identity.go

@@ -116,7 +116,7 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	masterQ := MasterQ(r)
+	masterQ := MasterQ(r).New()
 
 	claim, err := masterQ.Claim().ResetFilter().
 		FilterBy("user_did", req.Data.ID).
@@ -178,7 +178,7 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) {
 
 	if err := masterQ.Transaction(func(db data.MasterQ) error {
 		// check if there are any claims for this document already
-		claims, err := db.Claim().ResetFilter().
+		claimsToRevoke, err := db.Claim().ResetFilter().
 			FilterBy("document_hash", hash.String()).
 			ForUpdate().
 			Select()
@@ -188,7 +188,13 @@ func CreateIdentity(w http.ResponseWriter, r *http.Request) {
 		}
 
 		// revoke if so
-		for _, claimToRevoke := range claims {
+		for _, claimToRevoke := range claimsToRevoke {
+			timeoutExpiration := claimToRevoke.CreatedAt.UTC().Add(cfg.RegistrationTimeout)
+			if time.Now().UTC().Before(timeoutExpiration) {
+				ape.RenderErr(w, problems.TooManyRequests())
+				return errors.New("registration timeout is not expired")
+			}
+
 			if err := revokeOutdatedClaim(db, iss, claimToRevoke.ID); err != nil {
 				ape.RenderErr(w, problems.InternalError())
 				return errors.Wrap(err, "failed to revoke outdated claim")