Cleanup demos (#6)

* Cleanup demos

* Fix CI

Author: Imperiopolis

.github/workflows/ci.yml

@@ -7,9 +7,6 @@ on:
     branches:
       - main
 
-env:
-  INSTALL_RUST_VERSION: "1.73"
-
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -145,21 +142,13 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-cocoapods-
 
-      - name: Install Rust
-        if: env.turbo_cache_hit != 1 && steps.cocoapods-cache.outputs.cache-hit != 'true'
-        run: |
-          rustup toolchain install ${{ env.INSTALL_RUST_VERSION }} --profile minimal --target x86_64-apple-ios,aarch64-apple-ios,aarch64-apple-ios-sim
-          rustup default ${{ env.INSTALL_RUST_VERSION }}
-
-      - name: Use Rust Cache
-        uses: Swatinem/rust-cache@v2
-
       - name: Set up Git
         if: env.turbo_cache_hit != 1 && steps.cocoapods-cache.outputs.cache-hit != 'true'
         run: |
           # Configures the global `git` CLI to be able to access private repos.
           # `pod` will make use of this.
           git config --global url."https://loam-bot:${{ secrets.ACCESS_TOKEN }}@github.com/juicebox-systems/juicebox-sdk.git".insteadOf '[email protected]:juicebox-systems/juicebox-sdk.git'
+          git config --global url."https://loam-bot:${{ secrets.ACCESS_TOKEN }}@github.com/juicebox-systems/juicebox-sdk-artifacts.git".insteadOf '[email protected]:juicebox-systems/juicebox-sdk-artifacts.git'
 
       - name: Install cocoapods
         if: env.turbo_cache_hit != 1 && steps.cocoapods-cache.outputs.cache-hit != 'true'

android/build.gradle

@@ -97,6 +97,6 @@ dependencies {
   //noinspection GradleDynamicVersion
   implementation "com.facebook.react:react-native:+"
   implementation "org.jetbrains.kotlin:kotlin-stdlib:$kotlin_version"
-  implementation "xyz.juicebox:sdk:0.2.1"
+  implementation "xyz.juicebox:sdk:0.2.2"
   implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:1.6.4"
 }

demo/email/README.md

@@ -1,8 +1,23 @@
 This is a demo of the React Native Juicebox SDK.
 
-# Running the Demo
+# About the demo
+
+The e-mail demo intends to demonstrate a Juicebox onboarding flow that:
+1. Generates Juicebox authentication tokens on a server external to the application
+2. Authenticates with that server through a "magic" link sent to the user's email
+
+The example server can be found in the [server](server) directory.
 
->**Note**: Make sure you have completed the [React Native - Environment Setup](https://reactnative.dev/docs/environment-setup) instructions till "Creating a new application" step, before proceeding.
+To perform authentication and achieve these goals, onboarding typically looks something like:
+1. Request the user's e-mail
+2. Send the user's e-mail to the server (`POST /email-token`) to send a confirmation e-mail
+3. Receive a single-use token from the user's e-mail
+4. Use the single-use token to authenticate with the server (`GET /auth-token`) to validate the user's e-mail and receive a server token
+5. Request the user's PIN
+6. Use the server token to request Juicebox tokens (`POST /juicebox-token`) for the configured realms
+7. Perform the appropriate Juicebox operation using the SDK (register or recover)
+
+# Running the Demo
 
 ## Step 1: Start the Metro Server
 
@@ -46,7 +61,7 @@ yarn ios
 
 If everything is set up _correctly_, you should see the demo running in your _Android Emulator_ or _iOS Simulator_ shortly provided you have set up your emulator/simulator correctly.
 
-Yu can also run it directly from within Android Studio and Xcode respectively by opening the respective projects.
+You can also run it directly from within Android Studio and Xcode respectively by opening the respective projects.
 
 # Server
 

demo/email/ios/EmailDemo.xcodeproj/project.pbxproj

@@ -573,7 +573,7 @@
 					"$(inherited)",
 					"@executable_path/Frameworks",
 				);
-				MARKETING_VERSION = 1;
+				MARKETING_VERSION = 1.0;
 				OTHER_LDFLAGS = (
 					"$(inherited)",
 					"-ObjC",
@@ -671,7 +671,7 @@
 					"$(inherited)",
 					"@executable_path/Frameworks",
 				);
-				MARKETING_VERSION = 1;
+				MARKETING_VERSION = 1.0;
 				OTHER_LDFLAGS = (
 					"$(inherited)",
 					"-ObjC",

demo/email/ios/EmailDemo/AppDelegate.mm

@@ -32,37 +32,7 @@ - (BOOL)application:(UIApplication *)application continueUserActivity:(NSUserAct
   return [RCTLinkingManager application:application
                    continueUserActivity:userActivity
                      restorationHandler:restorationHandler];
-//  if (![userActivity.activityType isEqualToString:NSUserActivityTypeBrowsingWeb] || userActivity.webpageURL == nil) {
-//    return NO;
-//  }
-//
-//  return [self handleURL:userActivity.webpageURL];
 }
-//
-//- (BOOL)handleURL:(NSURL *)url {
-//  if (![url.path isEqualToString:@"/app/confirm"]) {
-//    return NO;
-//  }
-//
-//  NSURLComponents *components = [NSURLComponents componentsWithURL:url resolvingAgainstBaseURL:NO];
-//  for (NSURLQueryItem *item in components.queryItems) {
-//    if (![item.name isEqualToString:@"token"]) continue;
-//    _emailToken = item.value;
-//    break;
-//  }
-//
-//  self.emailTokenDidUpdate(self.emailToken);
-//
-//  return YES;
-//}
-//
-//- (void)setEmailTokenDidUpdate:(void (^)(NSString * _Nullable))emailTokenDidUpdate
-//{
-//  _emailTokenDidUpdate = emailTokenDidUpdate;
-//  if (self.emailToken) {
-//    emailTokenDidUpdate(self.emailToken);
-//  }
-//}
 
 - (NSURL *)sourceURLForBridge:(RCTBridge *)bridge
 {

demo/email/ios/Podfile.lock

@@ -73,7 +73,7 @@ PODS:
   - hermes-engine (0.72.6):
     - hermes-engine/Pre-built (= 0.72.6)
   - hermes-engine/Pre-built (0.72.6)
-  - JuiceboxSdk (0.2.1)
+  - JuiceboxSdk (0.2.2)
   - libevent (2.1.12)
   - OpenSSL-Universal (1.1.1100)
   - RCT-Folly (2021.07.22.00):
@@ -706,7 +706,7 @@ SPEC CHECKSUMS:
   fmt: ff9d55029c625d3757ed641535fd4a75fedc7ce9
   glog: 04b94705f318337d7ead9e6d17c019bd9b1f6b1b
   hermes-engine: 8057e75cfc1437b178ac86c8654b24e7fead7f60
-  JuiceboxSdk: d448f1219474f2f43b3c15de83766af0a5db4a70
+  JuiceboxSdk: 33b89946b31a18fedd3c2c5d11232d0b0e1e9f22
   libevent: 4049cae6c81cdb3654a443be001fb9bdceff7913
   OpenSSL-Universal: ebc357f1e6bc71fa463ccb2fe676756aff50e88c
   RCT-Folly: 424b8c9a7a0b9ab2886ffe9c3b041ef628fd4fb1

demo/email/server/mail/mail.go

@@ -4,11 +4,13 @@ import (
 	"crypto/tls"
 	"fmt"
 	"html/template"
+	"io"
 	"net/mail"
 	"net/smtp"
 	"net/url"
 
 	"github.com/google/uuid"
+	"github.com/juicebox-systems/react-native-juicebox-sdk/demo-server/requests"
 )
 
 const serverName = "smtp-relay.gmail.com"
@@ -20,24 +22,24 @@ type TemplateOptions struct {
 	LogoPath string
 }
 
-func SendMagicLink(email string, token string) error {
+func SendMagicLink(request requests.EmailTokenRequest, token string) error {
 
 	uuid, err := uuid.NewRandom()
 	if err != nil {
 		return err
 	}
 
 	noReplyAddress := mail.Address{
-		Name:    "Juicebox",
+		Name:    request.AppName,
 		Address: fmt.Sprintf("no-reply-%[email protected]", uuid.String()),
 	}
 
 	subject := "Confirm your e-mail"
 
 	templateOptions := TemplateOptions{
 		Token:    url.QueryEscape(token),
-		AppName:  "Juicebox",
-		LogoPath: "https://assets-global.website-files.com/64650413ab0c96a6b686cac9/6467eec48e8cabed89c29dc4_juicebox-logo-purple.png",
+		AppName:  request.AppName,
+		LogoPath: request.LogoPath,
 	}
 
 	bodyTemplate, err := template.ParseFiles("templates/mail.html")
@@ -48,18 +50,11 @@ func SendMagicLink(email string, token string) error {
 	// Setup headers
 	headers := make(map[string]string)
 	headers["From"] = noReplyAddress.String()
-	headers["To"] = email
+	headers["To"] = request.Email
 	headers["Subject"] = subject
 	headers["MIME-Version"] = "1.0"
 	headers["Content-Type"] = "text/html; charset=UTF-8"
 
-	// Setup message
-	message := ""
-	for k, v := range headers {
-		message += fmt.Sprintf("%s: %s\r\n", k, v)
-	}
-	message += "\r\n"
-
 	tlsConfig := tls.Config{
 		InsecureSkipVerify: false,
 		ServerName:         serverName,
@@ -85,7 +80,7 @@ func SendMagicLink(email string, token string) error {
 		return err
 	}
 
-	if err := client.Rcpt(email); err != nil {
+	if err := client.Rcpt(request.Email); err != nil {
 		return err
 	}
 
@@ -96,11 +91,21 @@ func SendMagicLink(email string, token string) error {
 	}
 	defer wc.Close()
 
-	_, err = fmt.Fprint(wc, message)
+	// Write headers
+	for k, v := range headers {
+		_, err = fmt.Fprintf(wc, "%s: %s\r\n", k, v)
+		if err != nil {
+			return err
+		}
+	}
+
+	// End headers
+	_, err = io.WriteString(wc, "\r\n")
 	if err != nil {
 		return err
 	}
 
+	// Write body
 	err = bodyTemplate.Execute(wc, templateOptions)
 	if err != nil {
 		return err

demo/email/server/requests/requests.go

@@ -1,7 +1,9 @@
 package requests
 
 type EmailTokenRequest struct {
-	Email string `json:"email"`
+	Email    string `json:"email"`
+	AppName  string `json:"appName"`
+	LogoPath string `json:"logoPath"`
 }
 
 type JuiceboxTokenRequest struct {

demo/email/server/router/router.go

@@ -1,7 +1,7 @@
 package router
 
 import (
-	"crypto/rand"
+	cryptoRand "crypto/rand"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -18,11 +18,18 @@ import (
 	"golang.org/x/crypto/acme/autocert"
 )
 
+// Used to sign a JWT token for a Juicebox Realm. In a real word scenario,
+// this should be read from some secure secret storage, but for a demo this
+// is acceptable.
 var realmSigningKey = []byte{0x50, 0x77, 0xa1, 0xfd, 0x9d, 0xfb, 0xd6, 0x0e, 0xd0, 0xc7, 0x65, 0xca, 0x11, 0x4f, 0x67, 0x50, 0x8e, 0x65, 0xa1, 0x85, 0x0d, 0x39, 0x00, 0x19, 0x9e, 0xfc, 0x8a, 0x5f, 0x3d, 0xe6, 0x2c, 0x15}
 
 const realmSigningKeyVersion = 1
 const realmTenantName = "juiceboxdemo"
 
+// Used to sign a JWT provided to a user after e-mail verification, which can
+// be used for authenticated requests against this server.
+// In a real word scenario, this should be read from some secure secret storage,
+// but for a demo this is acceptable.
 var signingKey = []byte{0xbe, 0xfc, 0x3c, 0xc8, 0x3b, 0xfe, 0xa8, 0x91, 0xc1, 0xad, 0x27, 0xdd, 0x31, 0x9b, 0xe0, 0x33, 0xaf, 0xa3, 0xe9, 0x98, 0x44, 0xb4, 0x41, 0xa9, 0x2c, 0x5e, 0x43, 0x6a, 0x28, 0x1c, 0xdf, 0x1d}
 
 var mutex = sync.Mutex{}
@@ -37,6 +44,9 @@ func RunRouter() {
 	e.Use(middleware.Recover())
 	e.Use(middleware.CORS())
 
+	// Fetch a JWT token for a Juicebox Realm, using a `JuiceboxTokenRequest`.
+	//
+	// Requires authentication with a signed JWT acquired through e-mail verification.
 	e.POST("/juicebox-token", func(c echo.Context) error {
 		body, err := io.ReadAll(c.Request().Body)
 		if err != nil {
@@ -82,6 +92,12 @@ func RunRouter() {
 		},
 	}))
 
+	// Finishes e-mail verification and acquires an auth token for future requests
+	// against this server. This token can be used multiple times to request Juicebox
+	// tokens for multiple realms.
+	//
+	// Requires and consumes a one-time signed token sent to the user's e-mail, to verify
+	// their identity.
 	e.GET("/auth-token", func(c echo.Context) error {
 		requestToken, ok := c.Get("user").(*jwt.Token)
 		if !ok {
@@ -97,6 +113,7 @@ func RunRouter() {
 			Issuer:    "juicebox",
 			Subject:   subject,
 			NotBefore: jwt.NewNumericDate(time.Now()),
+			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Minute * 10)),
 		}
 
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
@@ -125,6 +142,10 @@ func RunRouter() {
 		},
 	}))
 
+	// Triggers the send of an e-mail to the user containing a one-time use token
+	// that can be used to acquire a longer lived authentication token for this server.
+	//
+	// Takes the request parameters specified in `EmailTokenRequest`
 	e.POST("/email-token", func(c echo.Context) error {
 		body, err := io.ReadAll(c.Request().Body)
 		if err != nil {
@@ -138,7 +159,10 @@ func RunRouter() {
 		}
 
 		signingKey := make([]byte, 32)
-		rand.Read(signingKey)
+		_, err = cryptoRand.Read(signingKey)
+		if err != nil {
+			return contextAwareError(c, http.StatusInternalServerError, "Error generating one-time signing key")
+		}
 
 		mutex.Lock()
 		defer mutex.Unlock()
@@ -159,14 +183,16 @@ func RunRouter() {
 			return contextAwareError(c, http.StatusBadRequest, "Error signing token")
 		}
 
-		err = mail.SendMagicLink(request.Email, signedToken)
+		err = mail.SendMagicLink(request, signedToken)
 		if err != nil {
 			return contextAwareError(c, http.StatusBadRequest, "Error sending email")
 		}
 
 		return c.NoContent(http.StatusOK)
 	}, middleware.BodyLimit("2K"))
 
+	// Returns the mapping to allow iOS apps to be opened from deep links, e.g. the links
+	// included in the emails.
 	e.GET("/.well-known/apple-app-site-association", func(c echo.Context) error {
 		c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
 		return c.String(http.StatusOK, `
@@ -204,6 +230,8 @@ func RunRouter() {
 		`)
 	})
 
+	// Returns the mapping to allow android apps to be opened by deep links, e.g. the links
+	// included in the emails.
 	e.GET("/.well-known/assetlinks.json", func(c echo.Context) error {
 		c.Response().Header().Set(echo.HeaderContentType, echo.MIMEApplicationJSON)
 		return c.String(http.StatusOK, `

demo/email/src/Screens/Email.tsx

@@ -121,10 +121,14 @@ const Email = ({ navigation, route }) => {
           {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ email }),
+            body: JSON.stringify({
+              email,
+              appName: 'Juicebox',
+              logoPath:
+                'https://assets-global.website-files.com/64650413ab0c96a6b686cac9/6467eec48e8cabed89c29dc4_juicebox-logo-purple.png',
+            }),
           }
         );
-
         setIsLoading(false);
 
         if (response.status === 200) {