Move OP usage to a server
raducristianpopa opened this issue · comments
Context
For security reason, the OP usage is gonna be moved to a server.
Connecting a wallet
sequenceDiagram
autonumber
%% Extension ->> Extension: When the extension is installed generate an <br> opaque token
%% Extension ->>+ Proxy: Send opaque token
%% Proxy ->> Proxy: Store the opaque token in <br> Redis/memory/SQLite ?
%% Proxy ->>- Extension: Response (200/400)
%% Note over Extension, Proxy: On every request, the extension is going <br> to include the opaque token in a header
Extension ->> Extension: User fills in the Connect your wallet form <br> and submits it
Extension ->>+ Proxy: Send form data (wallet address, <br> amount, amount type)
%% Proxy ->> Proxy: Verifies if the opaque token exists <br> and increases it's usage by 1
%% Note right of Proxy: The opaque token will be used for rate limiting. <br> 100req/min ?
Proxy ->> ASE Resource: Fetch wallet address information
ASE Resource ->> Proxy: Return wallet address information <br> or throws an error
break if the wallet address does not exist
Proxy ->> Extension: Return an error
end
Proxy ->> ASE Auth: Request a grant with access to quotes <br/> and outgoing payments
ASE Auth ->> Proxy: Return interactive grant details
Proxy ->>- Extension: Return interactive grant information <br> (interaction URL, continue URI and continue token) <br> continue URI and token needs to be stored <br> in extension until the user interacts with the grant
Extension ->> Browser: Open a new tab and navigate to the interaction URL
Extension ->> Extension: Listen for tab changes
Browser ->> Browser: User interacts with the grant <br> (accept/decline)
Browser ->> Browser: User gets redirect to the finish URL
Extension ->> Extension: Check if the finish URL has an interaction <br> reference
break if the user declined the grant - no interaction reference
Extension ->> Extension: Clear extension state & storage (delete <br> continue URI, token)
Note over Extension: The interaction "response" can be checked <br> by verifying the "result" query <br> parameter as well: <br> - "grant_rejected": user declined <br> - "grant_invalid": not in a state where it may be <br> accepted or rejected
end
Extension ->> Proxy: Send the interaction reference alongside with <br> the continuation URI and token
Proxy ->> ASE Auth: Make continuation request
ASE Auth ->> Proxy: Return access token
Note over Proxy, ASE Auth: This access token has access to quotes <br> and outgoing payments. There is no <br> need to have two access tokens <br> (one for quotes and one for outgoing <br> payments).
Proxy ->> Proxy: Generate a signed token based on the user wallet address
Note over Proxy: Look into ways to sign a token (JWT, Iron, <br> PASETO)
Proxy ->> Extension: Return access token(s) + manage URL(s) <br> + signed token
Extension ->> Extension: Store access token + manage URL and <br> the signed token in extension storage
Note over Extension: User wallet address <br> is now connected
Monetization Flow
sequenceDiagram
autonumber
WM Provider ->> WM Provider: Check if WM is enabled globally
break if WM is disabled
WM Provider-->WM Provider: STOP
end
WM Provider ->> WM Provider: Check if WM is enabled for the <br> current website
break if WM is disabled
WM Provider-->WM Provider: STOP
end
WM Provider ->> WM Page: Grabs website wallet address
WM Provider ->>+ ASE1 Resource: Request wallet address information
ASE1 Resource -->>- WM Provider: Returns wallet address information
WM Provider ->> WM Provider: If the JSON response passes validation <br> (matches OpenAPI Spec) fire the `load` <br> event on the link element
WM Provider ->>+ Proxy: Send the wallet address URL
Proxy ->> ASE1 Auth: Requests an incoming payment grant <br> with the "create" access
ASE1 Auth ->> Proxy: Returns access token
Proxy ->> ASE1 Resource: Create an incoming payment <br> with no amount
ASE1 Resource ->> Proxy: Returns incoming payment information
Proxy ->> ASE1 Auth: Revokes token
Note over Proxy, ASE1 Auth: Should the token be stored for later usage?
Proxy -->>- WM Provider: Returns incoming payment URL
WM Provider ->> WM Provider: Stores the incoming payment URL until the vistor <br> changes the tab or navigates to another website
Note left of WM Provider: We need to perform the flow from step 1 if: <br> - a navigation event is happening <br> - the wallet address that was found <br> in the page changed <br> - when the IP expires
break if WM is disabled
WM Provider-->WM Provider: STOP
end
WM Provider ->> WM Provider: Calculate the amount that needs to be sent <br> every second (based on the rate of pay) <br> and save it in the extension state for later use
loop Every second
WM Provider ->>+ Proxy: Send incoming payment URL, amount, access token + include signed token in the header <br> The manage URLs should be sent as well to rotate the tokens if they are expired.
Note over WM Provider, Proxy: We should not have a retry mechanism for failed requests. Even if <br> requests are failing we need to keep this loop going.
Proxy ->> ASE2 Resource: Create quote (with incoming payment URL and amount)
break if the incoming payment is expired we need to perform the whole flow again
WM Proxy -->> Proxy: STOP
end
critical if the access token is expired, rotate it and return the new token and manage URL
Proxy -->> ASE2 Auth: Rotate access token
ASE2 Auth -->> Proxy: Return new access token and manage URL
end
Note over Proxy: If the token got rotated, we will need to use the <br> new access token for the upcoming requests
ASE2 Resource ->> Proxy: Returns quote information
Proxy ->> ASE2 Resource: Create outgoing payment
ASE2 Resource ->> Proxy: ASE Resource Server response (success/failure)
Proxy ->>- WM Provider: Forward ASE Resource Server response
Note over WM Provider, Proxy: Since the access token manage URL is passed as well, the backend <br> can return the new access token and the new manage URL <br> if the token gets rotated.
end
Todos
Keys are now generated when the extension is installed. The users will need to upload the public key in the wallet provider UI.