README.md 5.55 KB
Newer Older
Jefferson Sofarelli's avatar
v0.1    
Jefferson Sofarelli committed
1
# SourceCheck HonorBox API
Jefferson Sofarelli's avatar
Jefferson Sofarelli committed
2

Jefferson Sofarelli's avatar
v0.1    
Jefferson Sofarelli committed
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
API server for the [HonorBox
Project](https://github.com/SourceCheckOrg/honorbox), based on
[Strapi](https://strapi.io).


## Development environment setup

### Database 

The HonorBox API requires a MySQL database and a Redis database. By default, both
are assumed to be running on the localhost, at their default ports. In
production this would, of course, not be recommended.

A simple dockerized setup for both can be found at [HonorBox
DB](https://github.com/SourceCheckOrg/honorbox-db).

### Node.js

A recent version of Node.js is required to run the API server.

We recommend installing Node.js in Linux and MacOS environments by using Node
Version Manager [nvm](https://github.com/nvm-sh/nvm).

The code was created using `v14.15.3`.

### SSI tooling

The HonorBox project depends on SSI (Self-Sovereign Identities) components developed by [Spruce
Systems](https://spruceid.dev/docs/) (USA). 

The API server makes use of DIDKit Node library for handling DIDs and
signatures. Configuring it to issue credentials already requires a DID to sign
them, which can be done using DIDKit's command line interface. If any of the
following fails to build, check the latest instructions on their [DIDKit
repository](https://github.com/spruceid/didkit/).

DIDKit is written in [Rust](https://www.rust-lang.org/), which should be
installed using [Rustup](https://rustup.rs/).

Clone Spruce's ssi repository:
```
$ git clone https://github.com/spruceid/ssi --recurse-submodules
```

Clone Spruce's DIDKit repository:
```
$ git clone https://github.com/spruceid/didkit
```

Build DIDKit using Cargo:
```
$ cd didkit
$ cargo build
```

Once DIDKit is built, use it to generate a DID and a DID keypair:
```
$ ./target/debug/didkit generate-ed25519-key > key.jwk
$ ./target/debug/didkit key-to-did key -k key.jwk > did.txt
$ ./target/debug/didkit key-to-verification-method key > verificationMethod.txt
```

*NOTE:* Save the files `key.jwk`, `did.txt` and `verificationMethod.txt` in a safe 
place. The content of the file `key.jwt` will be used as the environment variable 
`ISSUER_KEY` and the content of the file `did.txt` will be used as the environment 
variable `ISSUER_DID`. These values should be set in the file `.env` of this repository.
More information on that below. 

### ngrok

The API server should be visible through a public URL so Spruce's Credible
wallet can interact with it.

One way to do that is to use [ngrok](https://ngrok.com/). 

It's necessary to create a tunnel pointing to the `HTTP` port `1337`:

```
./ngrok http 1337
```

The address created by ngrok (something like https://020cd6dc2d4a.ngrok.io)
should be set as the environment variable `URL` in the file `.env`.

## Installing HonorBox API code

Clone this repository:
```
$ git clone https://github.com/SourceCheckOrg/honorbox-api.git
```

Install the dependencies
```
$ cd honorbox-api
$ npm i
```

Set up the environment variables mentioned before in the file called `.env`. For
security reasons, this file is not pushed to git, but a sample one is provided
with the name `.env.sample`. You can use it as starting point and change the
values according to your environment:

```
ADMIN_JWT_SECRET=your_admin_jwt_secret
JWT_SECRET=your_jwt_secret
ISSUER_DID=your_did
ISSUER_KEY=content_of_your_jwk_file

DATABASE_HOST=127.0.0.1
DATABASE_PORT=3306
DATABASE_NAME=honorbox-db
DATABASE_USERNAME=root
DATABASE_PASSWORD=your_database_root_password
DATABASE_SSL=false

FRONTEND_URL=http://localhost:3000
PROFILE_URL=http://localhost:3001
PREVIEW_URL=http://localhost:3002


REDIS_HOST=127.0.0.1
REDIS_PORT=6379

URL=url_generated_by_ngrok
```

Build the administration panel using the provided configuration:
```
$ npm run build
```

Start the API server:
```
$ npm run develop
```

## Initial configuration

### Admin panel

Access the administration panel through the URL `http://localhost:1337/admin`.

You can also use the host provided by ngrok instead of `localhost`. 

### Create admin user

When you are accessing the administration panel for the first time, you will be
requested to create an admin user.

Fill in the form and click on the button "LET'S START"

### Configure email authentication

From the administration panel, click on "Settings"
* Under USERS & PERMISSIONS PLUGIN, click on "Advanced Settings"
* Make sure the following options are set to `ON`:
  * `One account per email address` 
  * `Enable sign-ups`
  * `Enable email confirmation`
* Set the `Redirection url` field to HonorBox UI sign-in page
  * For a development environment the value should be `http://localhost:3000/sign-in` 


### Permissions configuration

For now, some initial permissions should be configured manually.

From the administration panel, click on "Settings"
* Under USERS & PERMISSIONS PLUGIN, click on "Roles"
* Click on the "Edit" button (Pencil) for the **Authenticated** role
    * Under Permissions/Application/Domain, check `find`, `verify`
    * Under Permissions/Application/Publication, check `create`, `delete`, `embed`, `find`,
      `findone`, `update`
    * Under Permissions/Application/Publisher, check `create`, `find`, `findone`, `update`
    * Under Permissions/Application/Twitter, check `find`, `verify`
    * Under Permissions/EthereumAuth/EthereumAuth, check `updateuser`
* Under USERS & PERMISSIONS PLUGIN, click on "Roles" again
* Click on the "Edit" button (Pencil) for the **Public** role
    * Under Permissions/Application/Profile, check `fetch`
    * Under Permissions/EthereumAuth/EthereumAuth, check `signin`, `signinnonce`, `signup`, `signupemailverification`, `signupnonce`

Congratulations! The API server is properly configured, up and running!