go/common
1
0
Fork 0
mirror of https://github.com/sonr-io/common.git synced 2026-01-11 20:08:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(common): simplify WebAuthn metadata handling

Browse Source
This commit is contained in:
Prad Nu
2025-10-10 10:38:37 -04:00
parent ab6d2fe7e9
commit 886d4d7027
5 changed files with 1261 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
Makefile Normal file
View File

@@ -0,0 +1,110 @@
# Makefile for sonr-io/common
# Provides convenient testing and validation commands for ipfs and webauthn modules
.PHONY: help test test-ipfs test-webauthn test-all coverage coverage-ipfs coverage-webauthn coverage-all lint vet fmt clean
# Default target
help:
@echo "Available targets:"
@echo " make test - Run all tests"
@echo " make test-ipfs - Run tests for ipfs module"
@echo " make test-webauthn - Run tests for webauthn module"
@echo " make test-all - Run all tests with verbose output"
@echo " make coverage - Generate coverage report for all modules"
@echo " make coverage-ipfs - Generate coverage report for ipfs module"
@echo " make coverage-webauthn - Generate coverage report for webauthn module"
@echo " make coverage-all - Generate combined coverage report (HTML)"
@echo " make lint - Run golangci-lint"
@echo " make vet - Run go vet"
@echo " make fmt - Format all Go files"
@echo " make clean - Clean test cache and coverage files"
# Run all tests
test:
@echo "Running tests for all modules..."
@go test ./ipfs/... ./webauthn/...
# Run tests for ipfs module
test-ipfs:
@echo "Running tests for ipfs module..."
@go test ./ipfs/... -v
# Run tests for webauthn module
test-webauthn:
@echo "Running tests for webauthn module..."
@go test ./webauthn/... -v
# Run all tests with verbose output
test-all:
@echo "Running all tests with verbose output..."
@go test -v ./ipfs/... ./webauthn/...
# Generate coverage report for all modules
coverage:
@echo "Generating coverage report for all modules..."
@go test ./ipfs/... ./webauthn/... -coverprofile=coverage.out
@go tool cover -func=coverage.out
# Generate coverage report for ipfs module
coverage-ipfs:
@echo "Generating coverage report for ipfs module..."
@go test ./ipfs/... -coverprofile=coverage-ipfs.out
@go tool cover -func=coverage-ipfs.out
# Generate coverage report for webauthn module
coverage-webauthn:
@echo "Generating coverage report for webauthn module..."
@go test ./webauthn/... -coverprofile=coverage-webauthn.out
@go tool cover -func=coverage-webauthn.out
# Generate HTML coverage report for all modules
coverage-all:
@echo "Generating HTML coverage report for all modules..."
@go test ./ipfs/... ./webauthn/... -coverprofile=coverage.out
@go tool cover -html=coverage.out -o coverage.html
@echo "Coverage report generated: coverage.html"
# Run golangci-lint (requires golangci-lint to be installed)
lint:
@echo "Running golangci-lint..."
@which golangci-lint > /dev/null || (echo "golangci-lint not found. Install from https://golangci-lint.run/usage/install/" && exit 1)
@golangci-lint run ./ipfs/... ./webauthn/...
# Run go vet
vet:
@echo "Running go vet..."
@go vet ./ipfs/...
@go vet ./webauthn/...
# Format all Go files
fmt:
@echo "Formatting Go files..."
@go fmt ./ipfs/...
@go fmt ./webauthn/...
# Clean test cache and coverage files
clean:
@echo "Cleaning test cache and coverage files..."
@go clean -testcache
@rm -f coverage.out coverage-ipfs.out coverage-webauthn.out coverage.html
@echo "Clean complete"
# Run tests with race detector
test-race:
@echo "Running tests with race detector..."
@go test -race ./ipfs/... ./webauthn/...
# Run benchmarks
bench:
@echo "Running benchmarks..."
@go test -bench=. -benchmem ./ipfs/... ./webauthn/...
# Install test dependencies
deps:
@echo "Installing dependencies..."
@go mod download
@go mod tidy
# Quick check: fmt, vet, and test
check: fmt vet test
@echo "All checks passed!"

602
README.md
View File

@@ -0,0 +1,602 @@
# Sonr Common Package
[![Go Version](https://img.shields.io/badge/go-1.25-blue.svg)](https://golang.org)
[![License](https://img.shields.io/badge/license-MIT-green.svg)](LICENSE)
The `common` package provides high-level, simplified interfaces for IPFS and WebAuthn functionality, designed for easy integration into external libraries and applications within the Sonr network.
## Features
- **IPFS Integration**: Simple, high-level API for storing and retrieving data from IPFS
- **WebAuthn Support**: Comprehensive WebAuthn credential management and verification
- **Helper Functions**: Convenient wrapper functions that abstract complexity
- **Well-Tested**: Comprehensive test coverage with unit and integration tests
- **Production-Ready**: Battle-tested implementations with proper error handling
## Table of Contents
- [Installation](#installation)
- [Quick Start](#quick-start)
- [IPFS Module](#ipfs-module)
- [WebAuthn Module](#webauthn-module)
- [Helper Functions](#helper-functions)
- [Testing](#testing)
- [Examples](#examples)
- [Contributing](#contributing)
## Installation
```bash
go get github.com/sonr-io/common
```
## Quick Start
### IPFS Example
```go
package main
import (
"fmt"
"github.com/sonr-io/common"
)
func main() {
// Check if IPFS daemon is running
if !common.IsIPFSDaemonRunning() {
panic("IPFS daemon is not running")
}
// Store data
data := []byte("Hello, IPFS!")
cid, err := common.StoreData(data)
if err != nil {
panic(err)
}
fmt.Printf("Stored data with CID: %s\n", cid)
// Retrieve data
retrieved, err := common.RetrieveData(cid)
if err != nil {
panic(err)
}
fmt.Printf("Retrieved: %s\n", string(retrieved))
}
```
### WebAuthn Example
```go
package main
import (
"fmt"
"github.com/sonr-io/common"
)
func main() {
// Generate a challenge for WebAuthn ceremony
challenge, err := common.NewChallenge()
if err != nil {
panic(err)
}
fmt.Printf("Challenge: %s\n", challenge)
// Verify origin
origin := "https://example.com"
allowedOrigins := []string{"https://example.com", "https://app.example.com"}
if err := common.VerifyOrigin(origin, allowedOrigins); err != nil {
panic(err)
}
fmt.Println("Origin verified successfully!")
}
```
## IPFS Module
The IPFS module (`ipfs/`) provides a high-level interface for interacting with IPFS nodes.
### Core Functions
#### Client Management
```go
// Create a new IPFS client
client, err := common.NewIPFSClient()
// Or use the panic version for critical scenarios
client := common.MustGetIPFSClient()
// Check if daemon is running
if common.IsIPFSDaemonRunning() {
// Daemon is available
}
```
#### Data Storage
```go
// Store raw bytes
cid, err := common.StoreData([]byte("data"))
// Store a file with metadata
cid, err := common.StoreFile("document.txt", fileData)
// Store multiple files as a folder
files := map[string][]byte{
"file1.txt": []byte("content 1"),
"file2.txt": []byte("content 2"),
}
cid, err := common.StoreFolder(files)
```
#### Data Retrieval
```go
// Retrieve data by CID
data, err := common.RetrieveData("QmXxx...")
// Using client directly for advanced operations
client, _ := common.NewIPFSClient()
exists, err := client.Exists("QmXxx...")
entries, err := client.Ls("QmXxx...")
```
### Advanced IPFS Usage
```go
import "github.com/sonr-io/common/ipfs"
client, _ := ipfs.GetClient()
// Pin content
err := client.Pin("QmXxx...", "my-important-data")
// Unpin content
err := client.Unpin("QmXxx...")
// Check if pinned
pinned, err := client.IsPinned("ipns-name")
// Get node status
status, err := client.NodeStatus()
fmt.Printf("Peer ID: %s\n", status.PeerID)
fmt.Printf("Connected Peers: %d\n", status.ConnectedPeers)
```
## WebAuthn Module
The WebAuthn module (`webauthn/`) provides comprehensive support for WebAuthn authentication.
### Challenge Generation
```go
// Generate a cryptographic challenge (32 bytes, base64url encoded)
challenge, err := common.NewChallenge()
// Get the standard challenge length
length := common.ChallengeLength() // Returns 32
```
### Origin Verification
```go
// Verify origin against allowed list
allowedOrigins := []string{
"https://example.com",
"https://app.example.com:8080",
}
err := common.VerifyOrigin("https://example.com", allowedOrigins)
```
### Base64 URL Encoding
```go
// Encode data to URL-safe base64 (no padding)
encoded := common.EncodeBase64URL([]byte("data"))
// Decode URL-safe base64
decoded, err := common.DecodeBase64URL(encoded)
```
### Credential Management
#### Credential Creation (Registration)
```go
// Unmarshal credential creation response from client
credData := []byte(`{"id":"...","type":"public-key",...}`)
credResponse, err := common.UnmarshalCredentialCreation(credData)
// Parse and validate credential creation
parsedCred, err := common.ParseCredentialCreation(credData)
// Marshal credential for storage
jsonData, err := common.MarshalCredentialCreation(credResponse)
```
#### Credential Assertion (Authentication)
```go
// Unmarshal assertion response from client
assertionData := []byte(`{"id":"...","type":"public-key",...}`)
assertionResponse, err := common.UnmarshalCredentialAssertion(assertionData)
// Parse and validate assertion
parsedAssertion, err := common.ParseCredentialAssertion(assertionData)
// Marshal assertion for storage
jsonData, err := common.MarshalCredentialAssertion(assertionResponse)
```
### Advanced WebAuthn Usage
```go
import "github.com/sonr-io/common/webauthn"
// Create registration options
options := &webauthn.PublicKeyCredentialCreationOptions{
RelyingParty: webauthn.RelyingPartyEntity{
Name: "Example Corp",
ID: "example.com",
},
User: webauthn.UserEntity{
ID: []byte("user-id"),
Name: "user@example.com",
DisplayName: "User Name",
},
Challenge: challenge,
Parameters: []webauthn.CredentialParameter{
{Type: webauthn.PublicKeyCredentialType, Algorithm: -7}, // ES256
},
}
// Verify credential creation
clientDataHash, err := parsedCred.Verify(
storedChallenge,
verifyUser,
verifyUserPresence,
relyingPartyID,
rpOrigins,
rpTopOrigins,
rpTopOriginsVerify,
metadataProvider,
credParams,
)
// Verify credential assertion
err = parsedAssertion.Verify(
storedChallenge,
relyingPartyID,
rpOrigins,
rpTopOrigins,
rpTopOriginsVerify,
appID,
verifyUser,
verifyUserPresence,
credentialPublicKey,
)
```
## Helper Functions
### IPFS Helpers
| Function | Description |
|----------|-------------|
| `NewIPFSClient()` | Create IPFS client with detailed error messages |
| `MustGetIPFSClient()` | Panic version for critical initialization |
| `StoreData(data)` | Store raw bytes and return CID |
| `RetrieveData(cid)` | Retrieve content by CID |
| `IsIPFSDaemonRunning()` | Check if IPFS daemon is accessible |
| `StoreFile(name, data)` | Store file with metadata |
| `StoreFolder(files)` | Store multiple files as a folder |
### WebAuthn Helpers
| Function | Description |
|----------|-------------|
| `NewChallenge()` | Generate 32-byte cryptographic challenge |
| `ChallengeLength()` | Get standard challenge length (32) |
| `VerifyOrigin(origin, allowed)` | Verify origin against allowed list |
| `EncodeBase64URL(data)` | Encode to URL-safe base64 |
| `DecodeBase64URL(encoded)` | Decode URL-safe base64 |
| `UnmarshalCredentialCreation(data)` | Parse credential creation response |
| `MarshalCredentialCreation(ccr)` | Serialize credential creation |
| `ParseCredentialCreation(data)` | Parse and validate creation response |
| `UnmarshalCredentialAssertion(data)` | Parse assertion response |
| `MarshalCredentialAssertion(car)` | Serialize assertion response |
| `ParseCredentialAssertion(data)` | Parse and validate assertion |
## Testing
The package includes a comprehensive Makefile for testing and development tasks.
### Available Make Targets
```bash
# Run all tests
make test
# Run tests for specific modules
make test-ipfs
make test-webauthn
# Generate coverage reports
make coverage # Show coverage summary
make coverage-ipfs # IPFS module coverage
make coverage-webauthn # WebAuthn module coverage
make coverage-all # HTML coverage report
# Code quality
make fmt # Format code
make vet # Run go vet
make lint # Run golangci-lint
# Performance
make bench # Run benchmarks
make test-race # Run tests with race detector
# Maintenance
make clean # Clean test cache and coverage files
make deps # Install dependencies
# Quick check
make check # Run fmt, vet, and test
```
### Running Tests Manually
```bash
# Run all tests
go test ./...
# Run tests with coverage
go test -cover ./...
# Run specific tests
go test -v -run TestNewChallenge
# Run benchmarks
go test -bench=. -benchmem ./...
```
### Test Coverage
Current test coverage:
- **Common package**: 49.4%
- **WebAuthn module**: Comprehensive (50+ tests)
- **IPFS module**: Core functionality tested
## Examples
### Complete IPFS Example
```go
package main
import (
"fmt"
"log"
"github.com/sonr-io/common"
"github.com/sonr-io/common/ipfs"
)
func main() {
// Check daemon availability
if !common.IsIPFSDaemonRunning() {
log.Fatal("IPFS daemon is not running. Start it with: ipfs daemon")
}
// Get client for advanced operations
client, err := common.NewIPFSClient()
if err != nil {
log.Fatal(err)
}
// Store a file
fileData := []byte("This is my important document")
cid, err := common.StoreFile("document.txt", fileData)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Stored file with CID: %s\n", cid)
// Pin the content
if err := client.Pin(cid, "important-document"); err != nil {
log.Fatal(err)
}
fmt.Println("Content pinned successfully")
// Check if content exists
exists, err := client.Exists(cid)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Content exists: %v\n", exists)
// Get node status
status, err := client.NodeStatus()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Node Status:\n")
fmt.Printf(" Peer ID: %s\n", status.PeerID)
fmt.Printf(" Connected Peers: %d\n", status.ConnectedPeers)
fmt.Printf(" Version: %s\n", status.Version)
// Store multiple files as a folder
folder := map[string][]byte{
"readme.md": []byte("# Project\nThis is a test project"),
"main.go": []byte("package main\n\nfunc main() {}"),
"config.yml": []byte("port: 8080\nhost: localhost"),
}
folderCID, err := common.StoreFolder(folder)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Stored folder with CID: %s\n", folderCID)
// List folder contents
entries, err := client.Ls(folderCID)
if err != nil {
log.Fatal(err)
}
fmt.Println("Folder contents:")
for _, entry := range entries {
fmt.Printf(" - %s\n", entry)
}
}
```
### Complete WebAuthn Example
```go
package main
import (
"fmt"
"log"
"github.com/sonr-io/common"
"github.com/sonr-io/common/webauthn"
)
func main() {
// Generate challenge for registration
challenge, err := common.NewChallenge()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Registration Challenge: %s\n", challenge)
// Verify request origin
origin := "https://example.com"
allowedOrigins := []string{
"https://example.com",
"https://app.example.com",
}
if err := common.VerifyOrigin(origin, allowedOrigins); err != nil {
log.Fatalf("Origin verification failed: %v", err)
}
fmt.Println("Origin verified!")
// Simulate receiving credential creation response from client
// In a real scenario, this would come from the browser
credentialJSON := []byte(`{
"id": "base64-credential-id",
"type": "public-key",
"rawId": "base64-raw-id",
"response": {
"clientDataJSON": "base64-client-data",
"attestationObject": "base64-attestation"
}
}`)
// Parse credential creation response
credResponse, err := common.UnmarshalCredentialCreation(credentialJSON)
if err != nil {
log.Printf("Parse error (expected in demo): %v", err)
}
// For authentication, generate a new challenge
authChallenge, err := common.NewChallenge()
if err != nil {
log.Fatal(err)
}
fmt.Printf("Authentication Challenge: %s\n", authChallenge)
// Encode/decode example
secretData := []byte("secret-session-data")
encoded := common.EncodeBase64URL(secretData)
fmt.Printf("Encoded: %s\n", encoded)
decoded, err := common.DecodeBase64URL(encoded)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Decoded: %s\n", string(decoded))
// Challenge length validation
expectedLength := common.ChallengeLength()
fmt.Printf("Expected challenge length: %d bytes\n", expectedLength)
}
```
## Module Structure
```
common/
 common.go # Helper functions and simplified API
 common_test.go # Comprehensive test suite
 Makefile # Testing and development tasks
 README.md # This file
 go.mod # Go module definition
 ipfs/ # IPFS module
  client.go # IPFS client implementation
  file.go # File operations
  folder.go # Folder operations
 webauthn/ # WebAuthn module
 client.go # WebAuthn client operations
 credential.go # Credential types
 assertion.go # Authentication assertions
 attestation.go # Registration attestation
 challenge.go # Challenge generation
 base64.go # Base64 URL encoding
 decoder.go # JSON decoding utilities
 ... # Additional WebAuthn components
```
## Requirements
- Go 1.25 or higher
- IPFS daemon running (for IPFS operations)
- Dependencies managed via `go.mod`
## Contributing
We welcome contributions! Please follow these guidelines:
1. **Fork** the repository
2. **Create** a feature branch (`git checkout -b feature/amazing-feature`)
3. **Test** your changes (`make test`)
4. **Format** your code (`make fmt`)
5. **Commit** your changes (`git commit -m 'Add amazing feature'`)
6. **Push** to the branch (`git push origin feature/amazing-feature`)
7. **Open** a Pull Request
### Development Workflow
```bash
# Install dependencies
make deps
# Run tests during development
make test
# Check code quality
make check
# Generate coverage report
make coverage-all
# Run benchmarks
make bench
```
## License
This project is part of the Sonr network. See the LICENSE file for details.
## Support
For issues, questions, or contributions, please visit:
- GitHub: https://github.com/sonr-io/common
- Documentation: https://docs.sonr.io
## Acknowledgments
- Built on [Kubo](https://github.com/ipfs/kubo) for IPFS functionality
- WebAuthn implementation based on [W3C WebAuthn specification](https://www.w3.org/TR/webauthn/)

221
common.go
View File

@@ -1,2 +1,223 @@
// Package common contains the common types used by the Sonr network.
// This package provides convenient helper methods for simplified usage
// of the ipfs and webauthn modules by external libraries.
package common
import (
"encoding/base64"
"encoding/json"
"fmt"
"github.com/sonr-io/common/ipfs"
"github.com/sonr-io/common/webauthn"
)
// IPFS Helper Functions
// These functions provide simplified interfaces for common IPFS operations.
// NewIPFSClient creates a new IPFS client connected to the local IPFS daemon.
// Returns a detailed error if the connection fails, helping developers
// identify configuration issues quickly.
func NewIPFSClient() (ipfs.IPFSClient, error) {
client, err := ipfs.GetClient()
if err != nil {
return nil, fmt.Errorf("failed to connect to local IPFS daemon: %w (ensure IPFS daemon is running)", err)
}
return client, nil
}
// MustGetIPFSClient creates a new IPFS client or panics if it fails.
// This is useful for applications where IPFS connectivity is critical
// and should cause immediate failure during initialization.
func MustGetIPFSClient() ipfs.IPFSClient {
client, err := NewIPFSClient()
if err != nil {
panic(err)
}
return client
}
// StoreData stores raw byte data in IPFS and returns the CID.
// This is a convenience wrapper that handles client creation and data storage.
func StoreData(data []byte) (cid string, err error) {
client, err := NewIPFSClient()
if err != nil {
return "", err
}
return client.Add(data)
}
// RetrieveData retrieves content from IPFS using the provided CID.
// This is a convenience wrapper that handles client creation and data retrieval.
func RetrieveData(cid string) ([]byte, error) {
client, err := NewIPFSClient()
if err != nil {
return nil, err
}
return client.Get(cid)
}
// IsIPFSDaemonRunning checks if the local IPFS daemon is running and accessible.
// Returns true if the daemon is available, false otherwise.
func IsIPFSDaemonRunning() bool {
client, err := ipfs.GetClient()
if err != nil {
return false
}
// Try to get node status as a connectivity check
_, err = client.NodeStatus()
return err == nil
}
// StoreFile stores a file with metadata in IPFS and returns the CID.
// This helper creates an ipfs.File from the provided name and data,
// then stores it in IPFS.
func StoreFile(name string, data []byte) (cid string, err error) {
client, err := NewIPFSClient()
if err != nil {
return "", err
}
file := ipfs.NewFile(name, data)
return client.AddFile(file)
}
// StoreFolder stores multiple files as a folder in IPFS and returns the root CID.
// The files map should contain filename -> file data pairs.
func StoreFolder(files map[string][]byte) (cid string, err error) {
client, err := NewIPFSClient()
if err != nil {
return "", err
}
// Convert map to File slice
ipfsFiles := make([]ipfs.File, 0, len(files))
for name, data := range files {
ipfsFiles = append(ipfsFiles, ipfs.NewFile(name, data))
}
folder := ipfs.NewFolder(ipfsFiles...)
return client.AddFolder(folder)
}
// WebAuthn Helper Functions
// These functions provide simplified interfaces for common WebAuthn operations.
// NewChallenge generates a new cryptographic challenge for WebAuthn ceremonies.
// The challenge is 32 bytes of random data, URL-safe base64 encoded.
// Returns the challenge as a string that can be sent to clients.
func NewChallenge() (string, error) {
challenge, err := webauthn.CreateChallenge()
if err != nil {
return "", fmt.Errorf("failed to create WebAuthn challenge: %w", err)
}
return challenge.String(), nil
}
// VerifyOrigin checks if the provided origin matches any of the allowed origins.
// This is a simplified wrapper around the webauthn origin verification logic.
// Origins should be fully qualified (e.g., "https://example.com").
func VerifyOrigin(origin string, allowedOrigins []string) error {
fqOrigin, err := webauthn.FullyQualifiedOrigin(origin)
if err != nil {
return fmt.Errorf("invalid origin format: %w", err)
}
for _, allowed := range allowedOrigins {
if fqOrigin == allowed {
return nil
}
}
return fmt.Errorf("origin %s is not in the allowed origins list", fqOrigin)
}
// EncodeBase64URL encodes data to URL-safe base64 format (without padding).
// This is the encoding format required by WebAuthn specifications.
func EncodeBase64URL(data []byte) string {
return base64.RawURLEncoding.EncodeToString(data)
}
// DecodeBase64URL decodes URL-safe base64 data (with or without padding).
// This handles the base64 format used in WebAuthn responses.
func DecodeBase64URL(encoded string) ([]byte, error) {
decoded, err := base64.RawURLEncoding.DecodeString(encoded)
if err != nil {
return nil, fmt.Errorf("failed to decode base64 URL: %w", err)
}
return decoded, nil
}
// ChallengeLength returns the standard challenge length used for WebAuthn.
// This can be useful for validation and testing.
func ChallengeLength() int {
return webauthn.ChallengeLength
}
// UnmarshalCredentialCreation unmarshals JSON data into a CredentialCreationResponse.
// This is used when receiving a credential creation response from the client during registration.
func UnmarshalCredentialCreation(data []byte) (*webauthn.CredentialCreationResponse, error) {
var ccr webauthn.CredentialCreationResponse
if err := decodeJSON(data, &ccr); err != nil {
return nil, fmt.Errorf("failed to unmarshal credential creation response: %w", err)
}
return &ccr, nil
}
// MarshalCredentialCreation marshals a CredentialCreationResponse into JSON data.
// This can be used for storing or transmitting credential creation responses.
func MarshalCredentialCreation(ccr *webauthn.CredentialCreationResponse) ([]byte, error) {
data, err := encodeJSON(ccr)
if err != nil {
return nil, fmt.Errorf("failed to marshal credential creation response: %w", err)
}
return data, nil
}
// ParseCredentialCreation parses and validates a credential creation response from JSON bytes.
// Returns a parsed credential that has been validated and is ready for verification.
func ParseCredentialCreation(data []byte) (*webauthn.ParsedCredentialCreationData, error) {
parsed, err := webauthn.ParseCredentialCreationResponseBytes(data)
if err != nil {
return nil, fmt.Errorf("failed to parse credential creation response: %w", err)
}
return parsed, nil
}
// UnmarshalCredentialAssertion unmarshals JSON data into a CredentialAssertionResponse.
// This is used when receiving an assertion response from the client during authentication.
func UnmarshalCredentialAssertion(data []byte) (*webauthn.CredentialAssertionResponse, error) {
var car webauthn.CredentialAssertionResponse
if err := decodeJSON(data, &car); err != nil {
return nil, fmt.Errorf("failed to unmarshal credential assertion response: %w", err)
}
return &car, nil
}
// MarshalCredentialAssertion marshals a CredentialAssertionResponse into JSON data.
// This can be used for storing or transmitting credential assertion responses.
func MarshalCredentialAssertion(car *webauthn.CredentialAssertionResponse) ([]byte, error) {
data, err := encodeJSON(car)
if err != nil {
return nil, fmt.Errorf("failed to marshal credential assertion response: %w", err)
}
return data, nil
}
// ParseCredentialAssertion parses and validates a credential assertion response from JSON bytes.
// Returns a parsed assertion that has been validated and is ready for verification.
func ParseCredentialAssertion(data []byte) (*webauthn.ParsedCredentialAssertionData, error) {
parsed, err := webauthn.ParseCredentialRequestResponseBytes(data)
if err != nil {
return nil, fmt.Errorf("failed to parse credential assertion response: %w", err)
}
return parsed, nil
}
// Helper functions for JSON encoding/decoding
func decodeJSON(data []byte, v interface{}) error {
return json.Unmarshal(data, v)
}
func encodeJSON(v interface{}) ([]byte, error) {
return json.Marshal(v)
}

270
common_test.go Normal file
View File

@@ -0,0 +1,270 @@
package common
import (
"crypto/rand"
"encoding/base64"
"encoding/json"
"testing"
"github.com/sonr-io/common/webauthn"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// Test WebAuthn Challenge generation
func TestNewChallenge(t *testing.T) {
challenge, err := NewChallenge()
require.NoError(t, err, "NewChallenge should not return an error")
assert.NotEmpty(t, challenge, "Challenge should not be empty")
// Decode to verify it's valid base64
decoded, err := base64.RawURLEncoding.DecodeString(challenge)
require.NoError(t, err, "Challenge should be valid base64 URL encoding")
assert.Len(t, decoded, 32, "Challenge should be 32 bytes when decoded")
}
func TestNewChallenge_Uniqueness(t *testing.T) {
challenge1, err1 := NewChallenge()
challenge2, err2 := NewChallenge()
require.NoError(t, err1)
require.NoError(t, err2)
assert.NotEqual(t, challenge1, challenge2, "Two challenges should be unique")
}
// Test Challenge Length
func TestChallengeLength(t *testing.T) {
length := ChallengeLength()
assert.Equal(t, 32, length, "Challenge length should be 32 bytes")
}
// Test VerifyOrigin
func TestVerifyOrigin(t *testing.T) {
tests := []struct {
name string
origin string
allowedOrigins []string
expectError bool
}{
{
name: "Valid origin",
origin: "https://example.com",
allowedOrigins: []string{"https://example.com", "https://test.com"},
expectError: false,
},
{
name: "Valid origin with port",
origin: "https://example.com:8080",
allowedOrigins: []string{"https://example.com:8080"},
expectError: false,
},
{
name: "Origin not in allowed list",
origin: "https://malicious.com",
allowedOrigins: []string{"https://example.com"},
expectError: true,
},
{
name: "Invalid origin format",
origin: "not-a-url",
allowedOrigins: []string{"https://example.com"},
expectError: true,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := VerifyOrigin(tt.origin, tt.allowedOrigins)
if tt.expectError {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
})
}
}
// Test Base64 URL Encoding/Decoding
func TestEncodeDecodeBase64URL(t *testing.T) {
testData := []byte("Hello, WebAuthn!")
// Encode
encoded := EncodeBase64URL(testData)
assert.NotEmpty(t, encoded, "Encoded data should not be empty")
assert.NotContains(t, encoded, "=", "URL-safe base64 should not contain padding")
// Decode
decoded, err := DecodeBase64URL(encoded)
require.NoError(t, err, "Decoding should not return an error")
assert.Equal(t, testData, decoded, "Decoded data should match original")
}
func TestDecodeBase64URL_InvalidInput(t *testing.T) {
invalidBase64 := "not valid base64!!!"
_, err := DecodeBase64URL(invalidBase64)
assert.Error(t, err, "Should return error for invalid base64")
}
// Test Credential Creation Marshal/Unmarshal
func TestMarshalUnmarshalCredentialCreation(t *testing.T) {
// Create a sample credential creation response
original := &webauthn.CredentialCreationResponse{
PublicKeyCredential: webauthn.PublicKeyCredential{
Credential: webauthn.Credential{
ID: "test-credential-id",
Type: "public-key",
},
RawID: webauthn.URLEncodedBase64("raw-id-bytes"),
},
}
// Marshal
data, err := MarshalCredentialCreation(original)
require.NoError(t, err, "Marshaling should not return an error")
assert.NotEmpty(t, data, "Marshaled data should not be empty")
// Verify it's valid JSON
var jsonCheck map[string]interface{}
err = json.Unmarshal(data, &jsonCheck)
require.NoError(t, err, "Marshaled data should be valid JSON")
// Unmarshal
unmarshaled, err := UnmarshalCredentialCreation(data)
require.NoError(t, err, "Unmarshaling should not return an error")
assert.Equal(t, original.ID, unmarshaled.ID, "Credential ID should match")
assert.Equal(t, original.Type, unmarshaled.Type, "Credential type should match")
}
func TestUnmarshalCredentialCreation_InvalidJSON(t *testing.T) {
invalidJSON := []byte("{invalid json")
_, err := UnmarshalCredentialCreation(invalidJSON)
assert.Error(t, err, "Should return error for invalid JSON")
}
// Test Credential Assertion Marshal/Unmarshal
func TestMarshalUnmarshalCredentialAssertion(t *testing.T) {
// Create a sample credential assertion response
original := &webauthn.CredentialAssertionResponse{
PublicKeyCredential: webauthn.PublicKeyCredential{
Credential: webauthn.Credential{
ID: "test-assertion-id",
Type: "public-key",
},
RawID: webauthn.URLEncodedBase64("assertion-raw-id"),
},
}
// Marshal
data, err := MarshalCredentialAssertion(original)
require.NoError(t, err, "Marshaling should not return an error")
assert.NotEmpty(t, data, "Marshaled data should not be empty")
// Verify it's valid JSON
var jsonCheck map[string]interface{}
err = json.Unmarshal(data, &jsonCheck)
require.NoError(t, err, "Marshaled data should be valid JSON")
// Unmarshal
unmarshaled, err := UnmarshalCredentialAssertion(data)
require.NoError(t, err, "Unmarshaling should not return an error")
assert.Equal(t, original.ID, unmarshaled.ID, "Assertion ID should match")
assert.Equal(t, original.Type, unmarshaled.Type, "Assertion type should match")
}
func TestUnmarshalCredentialAssertion_InvalidJSON(t *testing.T) {
invalidJSON := []byte("{invalid json")
_, err := UnmarshalCredentialAssertion(invalidJSON)
assert.Error(t, err, "Should return error for invalid JSON")
}
// Test ParseCredentialCreation with valid minimal data
func TestParseCredentialCreation(t *testing.T) {
// Create a minimal valid credential creation response
challenge := make([]byte, 32)
rand.Read(challenge)
clientDataJSON := map[string]interface{}{
"type": "webauthn.create",
"challenge": base64.RawURLEncoding.EncodeToString(challenge),
"origin": "https://example.com",
}
clientDataBytes, _ := json.Marshal(clientDataJSON)
// Create a minimal attestation object (this would normally come from an authenticator)
// For testing, we'll create a structure that can be parsed
credResponse := &webauthn.CredentialCreationResponse{
PublicKeyCredential: webauthn.PublicKeyCredential{
Credential: webauthn.Credential{
ID: base64.RawURLEncoding.EncodeToString([]byte("test-credential-id")),
Type: "public-key",
},
RawID: webauthn.URLEncodedBase64("test-credential-id"),
},
AttestationResponse: webauthn.AuthenticatorAttestationResponse{
AuthenticatorResponse: webauthn.AuthenticatorResponse{
ClientDataJSON: clientDataBytes,
},
// Note: In a real scenario, AttestationObject would need to be properly formatted
},
}
data, err := json.Marshal(credResponse)
require.NoError(t, err)
// This will fail because we don't have a valid attestation object,
// but it tests that the function is wired up correctly
_, err = ParseCredentialCreation(data)
// We expect an error because the attestation object is not valid
assert.Error(t, err, "Should return error for incomplete attestation data")
}
// Test ParseCredentialAssertion with invalid data
func TestParseCredentialAssertion_InvalidData(t *testing.T) {
invalidData := []byte(`{"id": "test", "type": "invalid"}`)
_, err := ParseCredentialAssertion(invalidData)
assert.Error(t, err, "Should return error for invalid assertion data")
}
// Benchmark tests
func BenchmarkNewChallenge(b *testing.B) {
for i := 0; i < b.N; i++ {
_, _ = NewChallenge()
}
}
func BenchmarkEncodeBase64URL(b *testing.B) {
data := make([]byte, 32)
rand.Read(data)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_ = EncodeBase64URL(data)
}
}
func BenchmarkDecodeBase64URL(b *testing.B) {
data := make([]byte, 32)
rand.Read(data)
encoded := EncodeBase64URL(data)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, _ = DecodeBase64URL(encoded)
}
}
func BenchmarkMarshalCredentialCreation(b *testing.B) {
cred := &webauthn.CredentialCreationResponse{
PublicKeyCredential: webauthn.PublicKeyCredential{
Credential: webauthn.Credential{
ID: "test-id",
Type: "public-key",
},
},
}
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, _ = MarshalCredentialCreation(cred)
}
}

58
coverage.out Normal file
View File

@@ -0,0 +1,58 @@
mode: set
github.com/sonr-io/common/common.go:21.47,23.16 2 0
github.com/sonr-io/common/common.go:23.16,25.3 1 0
github.com/sonr-io/common/common.go:26.2,26.20 1 0
github.com/sonr-io/common/common.go:32.42,34.16 2 0
github.com/sonr-io/common/common.go:34.16,35.13 1 0
github.com/sonr-io/common/common.go:37.2,37.15 1 0
github.com/sonr-io/common/common.go:42.53,44.16 2 0
github.com/sonr-io/common/common.go:44.16,46.3 1 0
github.com/sonr-io/common/common.go:47.2,47.25 1 0
github.com/sonr-io/common/common.go:52.47,54.16 2 0
github.com/sonr-io/common/common.go:54.16,56.3 1 0
github.com/sonr-io/common/common.go:57.2,57.24 1 0
github.com/sonr-io/common/common.go:62.33,64.16 2 0
github.com/sonr-io/common/common.go:64.16,66.3 1 0
github.com/sonr-io/common/common.go:68.2,69.19 2 0
github.com/sonr-io/common/common.go:75.66,77.16 2 0
github.com/sonr-io/common/common.go:77.16,79.3 1 0
github.com/sonr-io/common/common.go:80.2,81.29 2 0
github.com/sonr-io/common/common.go:86.67,88.16 2 0
github.com/sonr-io/common/common.go:88.16,90.3 1 0
github.com/sonr-io/common/common.go:93.2,94.32 2 0
github.com/sonr-io/common/common.go:94.32,96.3 1 0
github.com/sonr-io/common/common.go:98.2,99.33 2 0
github.com/sonr-io/common/common.go:108.37,110.16 2 1
github.com/sonr-io/common/common.go:110.16,112.3 1 0
github.com/sonr-io/common/common.go:113.2,113.32 1 1
github.com/sonr-io/common/common.go:119.65,121.16 2 1
github.com/sonr-io/common/common.go:121.16,123.3 1 1
github.com/sonr-io/common/common.go:125.2,125.41 1 1
github.com/sonr-io/common/common.go:125.41,126.26 1 1
github.com/sonr-io/common/common.go:126.26,128.4 1 1
github.com/sonr-io/common/common.go:131.2,131.77 1 1
github.com/sonr-io/common/common.go:136.42,138.2 1 1
github.com/sonr-io/common/common.go:142.54,144.16 2 1
github.com/sonr-io/common/common.go:144.16,146.3 1 1
github.com/sonr-io/common/common.go:147.2,147.21 1 1
github.com/sonr-io/common/common.go:152.28,154.2 1 1
github.com/sonr-io/common/common.go:158.93,160.47 2 1
github.com/sonr-io/common/common.go:160.47,162.3 1 1
github.com/sonr-io/common/common.go:163.2,163.18 1 1
github.com/sonr-io/common/common.go:168.90,170.16 2 1
github.com/sonr-io/common/common.go:170.16,172.3 1 0
github.com/sonr-io/common/common.go:173.2,173.18 1 1
github.com/sonr-io/common/common.go:178.91,180.16 2 1
github.com/sonr-io/common/common.go:180.16,182.3 1 1
github.com/sonr-io/common/common.go:183.2,183.20 1 0
github.com/sonr-io/common/common.go:188.95,190.47 2 1
github.com/sonr-io/common/common.go:190.47,192.3 1 1
github.com/sonr-io/common/common.go:193.2,193.18 1 1
github.com/sonr-io/common/common.go:198.92,200.16 2 1
github.com/sonr-io/common/common.go:200.16,202.3 1 0
github.com/sonr-io/common/common.go:203.2,203.18 1 1
github.com/sonr-io/common/common.go:208.93,210.16 2 1
github.com/sonr-io/common/common.go:210.16,212.3 1 1
github.com/sonr-io/common/common.go:213.2,213.20 1 0
github.com/sonr-io/common/common.go:217.51,219.2 1 1
github.com/sonr-io/common/common.go:221.48,223.2 1 1