Skip to content

Commit

Permalink
Merge branch 'master' into mitzXnuts
Browse files Browse the repository at this point in the history 
* master: (21 commits)
  IAM: Remove OpenID4VP PoC code (#3022)
  Bump golang.org/x/crypto from 0.21.0 to 0.22.0 (#3021)
  VDR: Support root did:web DIDs (#2900)
  extended policy mapping for user/organization (#2977)
  IAM: fix loading of server state (#3011)
  Bump github.com/nats-io/nats.go from 1.34.0 to 1.34.1 (#3018)
  Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (#3017)
  Bump google.golang.org/grpc from 1.62.1 to 1.63.0 (#3016)
  Update golang.org/x/net@v0.23.0 (#3014)
  Ignore allowUntrustedIssuer for did:web and clarify 'revocation' in vcr/search (#2992)
  document liveness and readiness probes (#2982)
  IAM: Allow user details to be passed in requestUserAccessToken (#2990)
  Policy: allow multiple policy files in local PDP (#3010)
  Bump github.com/amacneil/dbmate/v2 from 2.13.0 to 2.14.0 (#2999)
  Docker: don't run as root user (#2917)
  Add missing copyright notices (#3000)
  Set SQL logging to TRACE instead of DEBUG (#3002)
  fix invalid swagger (#2988)
  add credentialStatus to common ssi_types (#2989)
  Auth: IAM client should not use PKI TLS config (#2998)
  ...
  • Loading branch information
@rolandgroen
rolandgroen committed Apr 8, 2024
2 parents e132b29 + a975f38 commit 319a58e
Show file tree
Hide file tree
Showing 151 changed files with 2,311 additions and 1,803 deletions.
6 changes: 5 additions & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# golang alpine
FROM golang:1.22.1-alpine as builder
FROM golang:1.22.2-alpine as builder

ARG TARGETARCH
ARG TARGETOS
Expand Down Expand Up @@ -39,6 +39,10 @@ COPY --from=builder /opt/nuts/nuts /usr/bin/nuts
HEALTHCHECK --start-period=30s --timeout=5s --interval=10s \
CMD curl -f http://localhost:8081/status || exit 1

RUN adduser -D -H -u 18081 nuts-usr
USER 18081:18081
WORKDIR /nuts

EXPOSE 8080 8081 5555
ENTRYPOINT ["/usr/bin/nuts"]
CMD ["server"]
10 changes: 5 additions & 5 deletions README.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,7 @@ The following options can be configured on the server:
===================================== ================================================================================================================================================================================================================================================================================================================================================================================================= ============================================================================================================================================================================================================================================================================================================================================
Key Default Description
===================================== ================================================================================================================================================================================================================================================================================================================================================================================================= ============================================================================================================================================================================================================================================================================================================================================
configfile nuts.yaml Nuts config file
configfile ./config/nuts.yaml Nuts config file
cpuprofile When set, a CPU profile is written to the given path. Ignored when strictmode is set.
datadir ./data Directory where the node stores its files.
internalratelimiter true When set, expensive internal calls are rate-limited to protect the network. Always enabled in strict mode.
Expand All @@ -189,7 +189,7 @@ The following options can be configured on the server:
crypto.vault.token The Vault token. If set it overwrites the VAULT_TOKEN env var.
**Discovery**
discovery.client.refresh_interval 10m0s Interval at which the client synchronizes with the Discovery Server; refreshing Verifiable Presentations of local DIDs and loading changes, updating the local copy. It only will actually refresh registrations of local DIDs that about to expire (less than 1/4th of their lifetime left). Specified as Golang duration (e.g. 1m, 1h30m).
discovery.definitions.directory Directory to load Discovery Service Definitions from. If not set, the discovery service will be disabled. If the directory contains JSON files that can't be parsed as service definition, the node will fail to start.
discovery.definitions.directory ./config/discovery Directory to load Discovery Service Definitions from. If not set, the discovery service will be disabled. If the directory contains JSON files that can't be parsed as service definition, the node will fail to start.
discovery.server.ids [] IDs of the Discovery Service for which to act as server. If an ID does not map to a loaded service definition, the node will fail to start.
**HTTP**
http.log metadata What to log about HTTP requests. Options are 'nothing', 'metadata' (log request method, URI, IP and response code), and 'metadata-and-body' (log the request and response body, in addition to the metadata).
Expand All @@ -208,7 +208,7 @@ The following options can be configured on the server:
storage.sql.connection Connection string for the SQL database. If not set it, defaults to a SQLite database stored inside the configured data directory. Note: using SQLite is not recommended in production environments. If using SQLite anyways, remember to enable foreign keys ('_foreign_keys=on') and the write-ahead-log ('_journal_mode=WAL').
**policy**
policy.address The address of a remote policy server. Mutual exclusive with policy.directory.
policy.directory Directory to read policy files from. Policy files are JSON files that contain a scope to PresentationDefinition mapping. Mutual exclusive with policy.address.
policy.directory ./config/policy Directory to read policy files from. Policy files are JSON files that contain a scope to PresentationDefinition mapping. Mutual exclusive with policy.address.
===================================== ================================================================================================================================================================================================================================================================================================================================================================================================= ============================================================================================================================================================================================================================================================================================================================================

Options specific for ``did:nuts``/gRPC
Expand All @@ -228,11 +228,11 @@ If your use case does not use these features, you can ignore this table.
tls.certheader Name of the HTTP header that will contain the client certificate when TLS is offloaded for gRPC.
tls.certkeyfile PEM file containing the private key of the gRPC server certificate. Required in strict mode.
tls.offload Whether to enable TLS offloading for incoming gRPC connections. Enable by setting it to 'incoming'. If enabled 'tls.certheader' must be configured as well.
tls.truststorefile truststore.pem PEM file containing the trusted CA certificates for authenticating remote gRPC servers. Required in strict mode.
tls.truststorefile ./config/ssl/truststore.pem PEM file containing the trusted CA certificates for authenticating remote gRPC servers. Required in strict mode.
**Auth**
auth.accesstokenlifespan 60 defines how long (in seconds) an access token is valid. Uses default in strict mode.
auth.clockskew 5000 allowed JWT Clock skew in milliseconds
auth.contractvalidators [irma,uzi,dummy,employeeid] sets the different contract validators to use
auth.contractvalidators [irma,dummy,employeeid] sets the different contract validators to use
auth.irma.autoupdateschemas true set if you want automatically update the IRMA schemas every 60 minutes.
auth.irma.schememanager pbdf IRMA schemeManager to use for attributes. Can be either 'pbdf' or 'irma-demo'.
**Events**
Expand Down
8 changes: 8 additions & 0 deletions api/ssi_types.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion api/ssi_types_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -130,7 +130,7 @@ func createVerifiableCredential() vcr.VerifiableCredential {
ssi.MustParseURI("VerifiableCredential"),
},
Issuer: ssi.MustParseURI("did:nuts:CuE3qeFGGLhEAS3gKzhMCeqd1dGa9at5JCbmCfyMU2Ey"),
IssuanceDate: &issuanceDate,
IssuanceDate: issuanceDate,
CredentialSubject: []interface{}{"subject"},
Proof: []interface{}{"because"},
}
Expand Down
2 changes: 1 addition & 1 deletion auth/api/auth/v1/api_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -493,7 +493,7 @@ func TestWrapper_RequestAccessToken(t *testing.T) {
ID: &ssi.URI{},
Type: []ssi.URI{*credential.NutsAuthorizationCredentialTypeURI, vc.VerifiableCredentialTypeV1URI()},
Issuer: vdr.TestDIDA.URI(),
IssuanceDate: &issuanceDate,
IssuanceDate: issuanceDate,
CredentialSubject: []interface{}{credential.NutsAuthorizationCredentialSubject{
ID: vdr.TestDIDB.String(),
PurposeOfUse: "eTransfer",
Expand Down
Loading

0 comments on commit 319a58e

Please sign in to comment.