orochi-network · dqtkien · Mar 6, 2024 · Mar 4, 2024 · Mar 5, 2024 · Mar 6, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/docker/node/orand.Dockerfile b/docker/node/orand.Dockerfile
@@ -8,6 +8,7 @@ RUN apt-get update && \
 FROM debian:bookworm
 
 ENV RUST_LOG="debug"
+ENV RUST_BACKTRACE=full
 
 COPY --from=builder /orochimaru/target/release/node /bin/orand
 COPY --from=builder /orochimaru/target/release/cli /bin/orand-cli

diff --git a/docker/node/pg-init.sql b/docker/node/pg-init.sql
@@ -29,13 +29,15 @@ ALTER TABLE public.keyring OWNER TO orand;
 
 create table public.receiver (
 	id bigserial not null,
+	keyring_id int8 not null,
 	"name" varchar not null,
 	address varchar not null,
 	network int8 not null,
 	nonce int8 not null,
 	created_date timestamp not null default CURRENT_TIMESTAMP,
 	constraint index_name unique (name),
 	constraint receiver_pkey primary key (id)
+	constraint link_receiver_to_keyring foreign key (keyring_id) references public.keyring(id),
 );
 
 ALTER TABLE public.receiver OWNER TO orand;

diff --git a/node/Cargo.toml b/node/Cargo.toml
@@ -25,7 +25,7 @@ path = "src/lib.rs"
 serde = { workspace = true }
 serde_json = { workspace = true }
 hex = { workspace = true }
-revm = { git="https://github.com/bluealloy/revm.git", rev = "5e6546e" }
+revm = { git = "https://github.com/bluealloy/revm.git", rev = "5e6546e" }
 clap = "4.4.16"
 libecvrf = { version = "^1.1.2", path = "../libecvrf" }
 tiny-keccak = { version = "2.0.2", default-features = false, features = [
@@ -34,7 +34,7 @@ tiny-keccak = { version = "2.0.2", default-features = false, features = [
 log = "0.4.20"
 env_logger = "0.10.1"
 tokio = { version = "1.35.1", features = ["full"] }
-sea-orm = { version = "0.12.11", features = [
+sea-orm = { version = "0.12.14", features = [
     "sqlx-postgres",
     "runtime-tokio-rustls",
     "macros",
@@ -48,4 +48,6 @@ base64-url = "2.0.2"
 sha2 = "0.10.8"
 hyper = { version = "1.1.0", features = ["full"] }
 http-body-util = "0.1.0"
-hyper-util = { git = "https://github.com/hyperium/hyper-util.git", tag = "v0.1.2", features = ["tokio"]}
+hyper-util = { git = "https://github.com/hyperium/hyper-util.git", tag = "v0.1.2", features = [
+    "tokio",
+] }
diff --git a/node/migration/src/m20221229_005309_create_table_receiver.rs b/node/migration/src/m20221229_005309_create_table_receiver.rs
@@ -1,5 +1,7 @@
 use sea_orm_migration::prelude::*;
 
+use crate::m20220101_000001_create_table_keyring::Keyring;
+
 #[derive(DeriveMigrationName)]
 pub struct Migration;
 
@@ -17,6 +19,7 @@ impl MigrationTrait for Migration {
                             .auto_increment()
                             .primary_key(),
                     )
+                    .col(ColumnDef::new(Receiver::KeyringId).big_integer().not_null())
                     .col(ColumnDef::new(Receiver::Name).string().not_null())
                     .col(ColumnDef::new(Receiver::Address).string().not_null())
                     .col(ColumnDef::new(Receiver::Network).big_unsigned().not_null())
@@ -27,6 +30,14 @@ impl MigrationTrait for Migration {
                             .extra("DEFAULT CURRENT_TIMESTAMP".to_string())
                             .not_null(),
                     )
+                    .foreign_key(
+                        ForeignKeyCreateStatement::new()
+                            .name("link_receiver_to_keyring")
+                            .from_tbl(Receiver::Table)
+                            .from_col(Receiver::KeyringId)
+                            .to_tbl(Keyring::Table)
+                            .to_col(Keyring::Id),
+                    )
                     .index(
                         Index::create()
                             .name("index_name")
@@ -50,6 +61,7 @@ impl MigrationTrait for Migration {
 pub enum Receiver {
     Table,
     Id,
+    KeyringId,
     Name,
     Address,
     Network,

diff --git a/node/src/jwt.rs b/node/src/jwt.rs
@@ -1,3 +1,5 @@
+use std::time::SystemTime;
+
 use crate::Error;
 use base64_url;
 use hex;
@@ -16,8 +18,10 @@ pub struct JWTPayload {
     pub user: String,
     /// Nonce
     pub nonce: u32,
-    /// Unix timestamp
-    pub timestamp: u64,
+    /// Unix issue at timestamp
+    pub iat: u64,
+    /// Unix expired timestamp
+    pub exp: u64,
 }
 
 /// JWT
@@ -37,6 +41,10 @@ impl JWT {
     /// Encode payload to JWT
     pub fn decode_payload(json_web_token: &str) -> Result<JWTPayload, Error> {
         let split_jwt: Vec<&str> = json_web_token.trim().split('.').collect();
+        let current_time = SystemTime::now()
+            .duration_since(SystemTime::UNIX_EPOCH)
+            .expect("Unable to get current time")
+            .as_secs();
         if split_jwt.len() == 3 {
             let decoded_payload = match base64_url::decode(&split_jwt[1]) {
                 Ok(payload) => payload,
@@ -47,6 +55,13 @@ impl JWT {
                 Ok(payload) => payload,
                 Err(_) => return Err(Error("INVALID_PAYLOAD", "Unable to deserialize payload")),
             };
+            // Check if JWT is expired, iat < current_time < exp
+            if current_time > jwt_payload.exp
+                || current_time < jwt_payload.iat
+                || jwt_payload.iat > jwt_payload.exp
+            {
+                return Err(Error("EXPIRED_JWT", "JWT is expired"));
+            }
             if regex_name.is_match(&jwt_payload.user) {
                 return Ok(jwt_payload);
             } else {