Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Message properties body, createdTime, expiresTimePlus #232

Merged
merged 2 commits into from
Jun 18, 2024
Merged

fix: Message properties body, createdTime, expiresTimePlus #232

merged 2 commits into from
Jun 18, 2024

Conversation

curtis-h
Copy link
Contributor

Description:

Fixing Message properties to align with spec.

  • body should be a json object, not a string
  • createdTime should be a number (seconds since epoch)
  • expiresTimePlus should be a number (seconds since epoch)

Making the Message.body a json obj allows us to remove JSON.parse from all it's consumers.

Improved type safety around Protocol class body parsing.

Checklist:

  • My PR follows the contribution guidelines of this project
  • My PR is free of third-party dependencies that don't comply with the Allowlist
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked the PR title to follow the conventional commit specification

@curtis-h curtis-h self-assigned this Jun 17, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jun 17, 2024
edited
Loading

Lines Statements Branches Functions
Coverage: 75%
 75.42% (2762/3662) 65% (1339/2060) 80.51% (715/888)

JUnit

Tests Skipped Failures Errors Time
501 6 💤 0 ❌ 0 🔥 1m 10s ⏱️

@github-actions GitHub Actions
Copy link 

# npm audit report

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/rxdb/node_modules/ws
node_modules/ws
  engine.io-client  0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3
  Depends on vulnerable versions of ws
  node_modules/engine.io-client
  rxdb  >=13.0.0-beta.1
  Depends on vulnerable versions of ws
  node_modules/rxdb

3 high severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@github-actions GitHub Actions
Copy link 

# npm audit report

ws  8.0.0 - 8.17.0
Severity: high
ws affected by a DoS when handling a request with many HTTP headers - https://github.com/advisories/GHSA-3h5v-q93c-6h6q
fix available via `npm audit fix --force`
Will install [email protected], which is a breaking change
node_modules/engine.io-client/node_modules/ws
node_modules/rxdb/node_modules/ws
node_modules/ws
  engine.io-client  0.7.0 || 0.7.8 - 0.7.9 || 6.0.0 - 6.5.3
  Depends on vulnerable versions of ws
  node_modules/engine.io-client
  rxdb  >=13.0.0-beta.1
  Depends on vulnerable versions of ws
  node_modules/rxdb

3 high severity vulnerabilities

To address issues that do not require attention, run:
  npm audit fix

To address all issues (including breaking changes), run:
  npm audit fix --force

@curtis-h curtis-h merged commit 38de286 into main Jun 18, 2024
5 checks passed
@curtis-h curtis-h deleted the fix/ATL-6609-messages branch June 18, 2024 10:48
elribonazo pushed a commit that referenced this pull request Jul 19, 2024
@curtis-h @elribonazo
fix: Message properties body, createdTime, expiresTimePlus (#232)
cf7db9f 
Signed-off-by: Curtis Harding <[email protected]>
yshyn-iohk pushed a commit that referenced this pull request Jul 20, 2024
@hyperledger-bot
chore(release): release 6.0.0
6fb74c3 
# [6.0.0](v5.0.0...v6.0.0) (2024-07-20)

### Bug Fixes

*  Rename the documentation file accordingly. ([#204](#204)) ([90c1f54](90c1f54))
* add compliant dates not in ms, but in seconds. ([#206](#206)) ([76f4f48](76f4f48))
* add e2e tests for jwt revocation, sdk verification for jwt and anoncreds ([#244](#244)) ([5c2519b](5c2519b))
* add missing files in package to clean rxdb vulnerabilities to fix e2e  ([#233](#233)) ([8b4c9e8](8b4c9e8))
* Agent.createNewPrismDID to use derivationPath ([#158](#158)) ([06bc2cc](06bc2cc))
* attachment descriptor parameters ([#240](#240)) ([2391f01](2391f01))
* attachment encoding fallback base64 + base64url by default ([#239](#239)) ([78cd8f7](78cd8f7))
* build node wasm not bundled up ([#226](#226)) ([48e78e3](48e78e3))
* **Castor:** createPrismDID and resolveDID key id conflicts ([#243](#243)) ([5024818](5024818))
* Compatibility issues with osx and unix platforms around the sed ([#217](#217)) ([8287eed](8287eed))
* ConnectionManager emit Messages ([#190](#190)) ([776e55a](776e55a))
* create custom class to verify bitstring position more precisely. ([#234](#234)) ([255184b](255184b))
* db cannot be created twice with the same name which crashes demos ([#193](#193)) ([27f771c](27f771c))
* deprecate browser demos ([#221](#221)) ([a6f9bdb](a6f9bdb))
* e2e issues fix ([#236](#236)) ([12019b9](12019b9))
* e2e issues with latest websocket changes ([#200](#200)) ([969fc06](969fc06))
* escape the `<->` sequence to fix the build error in the identus-… ([#248](#248)) ([15cf694](15cf694))
* generate docs after releasing as we cannot access a package that… ([#255](#255)) ([70efa8b](70efa8b))
* issue with build script not replacing some files that have been … ([#191](#191)) ([c26f014](c26f014))
* jwe rust library for backup encryption not including the node wa… ([#237](#237)) ([b1177a6](b1177a6))
* Message properties body, createdTime, expiresTimePlus ([#232](#232)) ([cf7db9f](cf7db9f))
* moving to hyperledger namespace ([#245](#245)) ([2139a78](2139a78))
* optin to websockets for the mediator live mode as an experiment,… ([#199](#199)) ([950bc76](950bc76))
* prevent broken links to exist in order for docs site to build pr… ([#205](#205)) ([f33f029](f33f029))
* releasing to HL ([#253](#253)) ([ed0fdf3](ed0fdf3))
* remove typo in release pipeline ([#254](#254)) ([34597e1](34597e1))
* Removing the if condition in CI pipeline for release branches ([#179](#179)) ([a8c4ebc](a8c4ebc))
* rename prism-agent into edge-agent ([#203](#203)) ([2a1fa1e](2a1fa1e))
* rename references ([#218](#218)) ([7d79d6f](7d79d6f))
* type references are lost in the package. ([#202](#202)) ([86ea42e](86ea42e))
* update event callback argument type ([#216](#216)) ([ec92fcb](ec92fcb))
* updating references to Identus ([#197](#197)) ([8fcb792](8fcb792))
* using rust dependency for jwe ([#235](#235)) ([0a35296](0a35296))
* wasm build folder change ([#186](#186)) ([11ad81f](11ad81f))

### Features

* add sdk jwt revocation verification ([#231](#231)) ([115c2c6](115c2c6))
* Backup and Restore ([#215](#215)) ([bf15325](bf15325))
* Implement sd+jwt for issuance and verification flows with cloud agent ([#228](#228)) ([a8c0b21](a8c0b21))
* Implementing JWT Credential revocation notification ([#184](#184)) ([9aa8b8b](9aa8b8b))
* implementing SDK Verification Phase2 Anoncreds ([#219](#219)) ([e80549c](e80549c))
* updating Anoncreds to io fork ([#157](#157)) ([8987de2](8987de2))

### BREAKING CHANGES

* Pollux instance now requires to have Apollo first constructor parameter (used internally)
Deprecated internal function processJWTCredential, processAnoncredsCredential and extractCredentialFormatFromMessage. Internally, in order to process any type of credential offer just call pollux.processCredentialOffer instead. In order to extract the credentialFormat from a DIDComm message if available, use message.credentialFormat (will return known CredentialType or unknown) In order to extract the payload of whatever DIDComm message, use message.payload which will decode it into the right object instance
JWT class now needs apollo and castor in constructor as they now instantiate from JWTCore (used internally)
Derivable Private key is not deriving using the derivationPath as a string not the DerivationPath class (used internally)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elribonazo elribonazo elribonazo approved these changes

@amagyar-iohk amagyar-iohk Awaiting requested review from amagyar-iohk

@todorkoleviohk todorkoleviohk Awaiting requested review from todorkoleviohk

Assignees

@curtis-h curtis-h

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@curtis-h @elribonazo