Merge pull request #7 from rarimo/feature/geo-proof

Migrate to Georgian internal passport proof

go.mod

@@ -15,7 +15,7 @@ require (
 	github.com/labstack/gommon v0.4.0
 	github.com/rarimo/geo-auth-svc v0.2.0
 	github.com/rarimo/saver-grpc-lib v1.0.0
-	github.com/rarimo/zkverifier-kit v1.0.0
+	github.com/rarimo/zkverifier-kit v1.1.0-rc.1
 	github.com/rubenv/sql-migrate v1.6.1
 	gitlab.com/distributed_lab/ape v1.7.1
 	gitlab.com/distributed_lab/figure/v3 v3.1.4

go.sum

@@ -2120,6 +2120,10 @@ github.com/rarimo/saver-grpc-lib v1.0.0 h1:MGUVjYg7unmodYczVsLqlqZNkT4CIgKqdo6aQ
 github.com/rarimo/saver-grpc-lib v1.0.0/go.mod h1:DpugWK5B7Hi0bdC3MPe/9FD2zCxaRwsyykdwxtF1Zgg=
 github.com/rarimo/zkverifier-kit v1.0.0 h1:zMW85hyDP3Uk6p9Dk9U4TBzOf0Pry+RNlWpli1tUZ1Q=
 github.com/rarimo/zkverifier-kit v1.0.0/go.mod h1:3YDg5dTkDRr4IdfaDHGYetopd6gS/2SuwSeseYTWwNw=
+github.com/rarimo/zkverifier-kit v1.1.0-rc.0 h1:5JkObPkEUGwgq4SKJAGInaTBDBILQUHMP4VKZuYPcsM=
+github.com/rarimo/zkverifier-kit v1.1.0-rc.0/go.mod h1:3YDg5dTkDRr4IdfaDHGYetopd6gS/2SuwSeseYTWwNw=
+github.com/rarimo/zkverifier-kit v1.1.0-rc.1 h1:xtmrFEl7eLAE6mi7IQYOOMKFdwXC3gbe39fYQdvKVZg=
+github.com/rarimo/zkverifier-kit v1.1.0-rc.1/go.mod h1:3YDg5dTkDRr4IdfaDHGYetopd6gS/2SuwSeseYTWwNw=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM=
 github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/regen-network/cosmos-proto v0.3.1 h1:rV7iM4SSFAagvy8RiyhiACbWEGotmqzywPxOvwMdxcg=

internal/assets/migrations/001_initial.sql

@@ -12,8 +12,8 @@ CREATE TABLE IF NOT EXISTS balances
     referred_by        text,
     level              INT     NOT NULL,
     anonymous_id       TEXT UNIQUE,
-    is_verified        BOOLEAN NOT NULL default FALSE,
-    is_passport_proven BOOLEAN NOT NULL default FALSE
+    shared_hash        TEXT UNIQUE,
+    is_verified        BOOLEAN NOT NULL default FALSE
 );
 
 CREATE INDEX IF NOT EXISTS balances_page_index ON balances (amount, updated_at) WHERE referred_by IS NOT NULL;

internal/config/verifier.go

@@ -9,9 +9,10 @@ import (
 )
 
 const (
-	proofEventIDValue  = "211985299740800702300256033401632392934377086534111448880928528431996790315"
-	proofSelectorValue = "23073"
+	proofEventIDValue  = "111186066134341633902189494613533900917417361106374681011849132651019822199"
+	proofSelectorValue = "219681"
 	maxIdentityCount   = 1
+	documentTypeID     = "ID"
 )
 
 func (c *config) Verifier() *zk.Verifier {
@@ -30,14 +31,16 @@ func (c *config) Verifier() *zk.Verifier {
 			panic(fmt.Errorf("failed to figure out verifier: %w", err))
 		}
 
-		v, err := zk.NewPassportVerifier(nil,
+		v, err := zk.NewVerifier(nil,
+			zk.WithProofType(zk.GeorgianPassport),
 			zk.WithVerificationKeyFile(cfg.VerificationKeyPath),
 			zk.WithAgeAbove(cfg.AllowedAge),
 			zk.WithIdentityVerifier(c.ProvideVerifier()),
 			zk.WithProofSelectorValue(proofSelectorValue),
 			zk.WithEventID(proofEventIDValue),
 			zk.WithIdentitiesCounter(maxIdentityCount),
 			zk.WithIdentitiesCreationTimestampLimit(cfg.AllowedIdentityTimestamp),
+			zk.WithDocumentType(documentTypeID),
 		)
 
 		if err != nil {

internal/data/balances.go

@@ -7,22 +7,22 @@ import (
 const (
 	ColAmount      = "amount"
 	ColLevel       = "level"
-	ColIsVerified  = "is_verified"
-	ColIsPassport  = "is_passport_proven"
 	ColAnonymousID = "anonymous_id"
+	ColSharedHash  = "shared_hash"
+	ColIsVerified  = "is_verified"
 )
 
 type Balance struct {
-	Nullifier        string  `db:"nullifier"`
-	Amount           int64   `db:"amount"`
-	CreatedAt        int32   `db:"created_at"`
-	UpdatedAt        int32   `db:"updated_at"`
-	ReferredBy       *string `db:"referred_by"`
-	Rank             *int    `db:"rank"`
-	Level            int     `db:"level"`
-	IsVerified       bool    `db:"is_verified"`
-	IsPassportProven bool    `db:"is_passport_proven"`
-	AnonymousID      *string `db:"anonymous_id"`
+	Nullifier   string  `db:"nullifier"`
+	Amount      int64   `db:"amount"`
+	CreatedAt   int32   `db:"created_at"`
+	UpdatedAt   int32   `db:"updated_at"`
+	ReferredBy  *string `db:"referred_by"`
+	Level       int     `db:"level"`
+	AnonymousID *string `db:"anonymous_id"`
+	SharedHash  *string `db:"shared_hash"`
+	IsVerified  bool    `db:"is_verified"`
+	Rank        *int    `db:"rank"`
 }
 
 type BalancesQ interface {

internal/service/handlers/verify_passport.go

@@ -77,8 +77,23 @@ func VerifyPassport(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	var sharedHash *string
+	if proof != nil {
+		sig := zk.PubSignalGetter{
+			ProofType: zk.GeorgianPassport,
+			Signals:   proof.PubSignals,
+		}
+		h := sig.Get(zk.PersonalNumberHash)
+		if h == "" {
+			log.Errorf("Proof verification succeeded, but shared hash was not obtained: proof: %+v", proof)
+			ape.RenderErr(w, problems.InternalError())
+			return
+		}
+		sharedHash = &h
+	}
+
 	if balance.IsVerified {
-		if balance.IsPassportProven {
+		if balance.SharedHash != nil {
 			log.Warnf("Balance %s already verified", balance.Nullifier)
 			ape.RenderErr(w, problems.TooManyRequests())
 			return
@@ -103,7 +118,7 @@ func VerifyPassport(w http.ResponseWriter, r *http.Request) {
 		}
 
 		err = BalancesQ(r).FilterByNullifier(balance.Nullifier).Update(map[string]any{
-			data.ColIsPassport: true,
+			data.ColSharedHash: *sharedHash,
 		})
 		if err != nil {
 			log.WithError(err).Error("Failed to update balance")
@@ -116,7 +131,7 @@ func VerifyPassport(w http.ResponseWriter, r *http.Request) {
 	}
 
 	err = EventsQ(r).Transaction(func() error {
-		return doPassportScanUpdates(r, *balance, anonymousID, proof != nil)
+		return doPassportScanUpdates(r, *balance, anonymousID, sharedHash)
 	})
 	if err != nil {
 		log.WithError(err).Error("Failed to execute transaction")
@@ -204,8 +219,8 @@ func checkVerificationEligibility(r *http.Request, balance *data.Balance) (errs
 // doPassportScanUpdates performs all the necessary updates when the passport
 // scan proof is provided. This logic is shared between verification and
 // withdrawal handlers.
-func doPassportScanUpdates(r *http.Request, balance data.Balance, anonymousID string, proven bool) error {
-	err := updateBalanceVerification(r, balance, anonymousID, proven)
+func doPassportScanUpdates(r *http.Request, balance data.Balance, anonymousID string, sharedHash *string) error {
+	err := updateBalanceVerification(r, balance, anonymousID, sharedHash)
 	if err != nil {
 		return fmt.Errorf("update balance country: %w", err)
 	}
@@ -248,13 +263,13 @@ func doPassportScanUpdates(r *http.Request, balance data.Balance, anonymousID st
 	return nil
 }
 
-func updateBalanceVerification(r *http.Request, balance data.Balance, anonymousID string, proven bool) error {
+func updateBalanceVerification(r *http.Request, balance data.Balance, anonymousID string, sharedHash *string) error {
 	toUpd := map[string]any{
 		data.ColIsVerified:  true,
 		data.ColAnonymousID: anonymousID,
 	}
-	if proven {
-		toUpd[data.ColIsPassport] = true
+	if sharedHash != nil {
+		toUpd[data.ColSharedHash] = *sharedHash
 	}
 
 	err := BalancesQ(r).FilterByNullifier(balance.Nullifier).Update(toUpd)

verification_key.json

@@ -1,7 +1,7 @@
 {
  "protocol": "groth16",
  "curve": "bn128",
- "nPublic": 5,
+ "nPublic": 24,
  "vk_alpha_1": [
   "20491192805390485299153009773594534940189261866228447918068658471970481763042",
   "9383485363053290200918347156157836566562967994039712273449902621266178545958",
@@ -37,12 +37,12 @@
  ],
  "vk_delta_2": [
   [
-   "11724736712207111949019593730998401697527107348074558054433730069659723952198",
-   "3812269235168270343243866438625789247255652725845948713998444869065619437729"
+   "250995107149602303902723825982283137581400378217631271450447238979029817078",
+   "9891043720280220628692915542727234723176342602842047084314631698167024144780"
   ],
   [
-   "4827732069352508730960361151910999507804531389281984074977942418742354266366",
-   "19829576168231173419850938062665272700980637526023717533551988325909161705890"
+   "21598751604233084552631128264788494971225705751943392705633744284742282927110",
+   "2501606002450797961398382109784584155920579048580401544376144432520473660114"
   ],
   [
    "1",
@@ -81,33 +81,128 @@
  ],
  "IC": [
   [
-   "10192666360483664290592596578919942551110086066492318883952724472256730803820",
-   "16414269607305849664503811915771913694857049252985347792415527842101385400142",
+   "17504052607720179796029381668301757338081966454009243468177923271980574814243",
+   "6499664010915768263025671400458090450472438360011757405904555283230039207798",
    "1"
   ],
   [
-   "20625971444595044932614719182794551780522302124726430918624441680295725187752",
-   "17490117851824224563289176599680023655850058310712178132783815837676053983039",
+   "1357575287307716204332608853701215549412089465128628814266936007148057376779",
+   "3713766987380338685445896004327981318598581633792705722551102736624658007564",
    "1"
   ],
   [
-   "1338030076801971968797792027879093217260571527917578840795459782602944157758",
-   "8749917434966712775557214677854516282778592581150035522234448477571215192343",
+   "15747026641952926109104985431357649859491920901639733373025871367980094366768",
+   "2021878086299767722307546756257572854357051561560741909092770885515051640911",
    "1"
   ],
   [
-   "5345022972005066758277778432240885017365325096209847495356286631088782027276",
-   "1186359572429556347675893311359964459967395942075951400924149455810466619313",
+   "11075366624062668195785703962771246295234482566189756832667494420072616502700",
+   "5420346121279755362883215215727059531159527965307489085576017377764991212018",
    "1"
   ],
   [
-   "20623407267360268436697691230682295128261080344460020296651569355623478698252",
-   "17442678184122248154873092448240860567996339464661375407820900986429572319212",
+   "20368848384139638082817177286079325397016405641114382149956158523375737541890",
+   "1572073918100899470387834817789604618967295393862588865982200378334199073381",
    "1"
   ],
   [
-   "19499439418422721249077008031817446163753094464896889937326550971864597296313",
-   "9801400094305528195785692039165274183856468908125017060851568661310880535680",
+   "4884540123112420465154970511637257053826210976956994828071389921227262341444",
+   "4401673700279739045268386131201872330056492033989625057664756337448169387800",
+   "1"
+  ],
+  [
+   "16470227635722111182924309537921818774284668434861990652213066309576613376597",
+   "10574627744256450338226549222335655558440631228160972004945424930608743239054",
+   "1"
+  ],
+  [
+   "19418983452178510217439686273441678721042270520673788318708474056801008635540",
+   "5954053904211612943354309791765614531909014497153829150028696655549715331300",
+   "1"
+  ],
+  [
+   "19969835639743236239835298046556892476301204281035394416541396844103009106355",
+   "3464048236750799763830774306163631257686652073410502150568025357895609835087",
+   "1"
+  ],
+  [
+   "16889360220018193750070483451098248942399422264467650117676317744570511901000",
+   "19163095658023449989360365284122431970258115105696535743555631104342701965620",
+   "1"
+  ],
+  [
+   "2000598533781950880616032153963991095870880760490607748033546349673742925320",
+   "20321987334373319808455108419208620186197650703759507527460278164750299812594",
+   "1"
+  ],
+  [
+   "16622794560388092172406300251846507876295531384651110810529046702689230241671",
+   "1168900337587520742769049240681077756007030111701401232363112514557957065414",
+   "1"
+  ],
+  [
+   "20003036160055551712788940815733718770555763081531584216892303399668712478110",
+   "2174533660069731906049631044938252962750066370758164479572834908198694151084",
+   "1"
+  ],
+  [
+   "11772665925032384718253555051633531838829671820497340300185967148297677039379",
+   "6192398587210616471820050022235488819084933415616256899737060483561024906606",
+   "1"
+  ],
+  [
+   "15657742438066830139511651433271232123522643695336399042468768927770968777317",
+   "11257143988485946647061649132368606627111178376998178535183131249025707609666",
+   "1"
+  ],
+  [
+   "3557755399773759765444169665412070984458161190003566583170847762650863824131",
+   "9162528146429684487918103018996309472779246016088040951661601742822058701071",
+   "1"
+  ],
+  [
+   "4911244036897574121015612240189284264968921600337359791288016634397162953143",
+   "20098567466767577245421277892831169895963838853958362747460137045849263159162",
+   "1"
+  ],
+  [
+   "1135107237735552968313239550154221137067895575647377673548240870567407026247",
+   "12619799164591187815955097034071604825882733672329684869943904028286332886950",
+   "1"
+  ],
+  [
+   "18719326153459121647252500180221787149624427888924649239267373118826345738344",
+   "6174837817190288410366533190883421410927048311934272958561612197947539226864",
+   "1"
+  ],
+  [
+   "14068815473069882733560986185720538386198373373910560000001545446350275283111",
+   "2263864788552528575269174822385765238579264081503908544056370563901781433374",
+   "1"
+  ],
+  [
+   "13681287665806075575234946534131390573378321747271934504111831172099326553217",
+   "3862217688704157961463555733433779593310753701296453080215768440686462093765",
+   "1"
+  ],
+  [
+   "10124975593322782194920136435156615190114785409379480926175765230056237270040",
+   "11883756580458974292436402091967718449327148002023702956543175856868564195868",
+   "1"
+  ],
+  [
+   "7583087196404385822216091174292782109474245466645430940072499274718408481450",
+   "7908253210251899913336547162702007719697657344405972857500065180060089017299",
+   "1"
+  ],
+  [
+   "10744666798601271589203622228576516180789086810962571663046391661836304523997",
+   "20584110500062975100789500023059589458238450321066873580677100473621660271307",
+   "1"
+  ],
+  [
+   "13504462623041613508499662626532960766655354187840105839904395325552754762194",
+   "5095871316273261363289391506065716930115839445347141940606131201185100201565",
    "1"
   ]
  ]