Moved things around

The payload that was used to sign the Token is needed in order to commit

src/update.rs

@@ -29,7 +29,7 @@ impl Handler for Update {
         let id = if let Some(status) = self.operation.status {
             let transaction = ledger
                 .ledger
-                .change_status(id, status, memo.clone())
+                .change_status(id, status, memo.clone(), None)
                 .await?;
             transaction.revision_id
         } else {
@@ -37,7 +37,7 @@ impl Handler for Update {
         };
 
         let id = if let Some(tags) = self.operation.tags {
-            let transaction = ledger.ledger.set_tags(id, tags, memo).await?;
+            let transaction = ledger.ledger.set_tags(id, tags, memo, None).await?;
             transaction.revision_id
         } else {
             id

utxo/src/ledger.rs

@@ -4,6 +4,7 @@ use crate::{
     config::Config,
     status::{InternalStatus, StatusManager},
     storage::{AccountTransactionType, Batch, ReceivedPaymentStatus, Storage},
+    token::TokenPayload,
     transaction::{Error as TxError, Type},
     worker::WorkerManager,
     AccountId, Amount, Error, Filter, PaymentFrom, PaymentId, RevId, Status, Tag, Transaction,
@@ -486,7 +487,11 @@ where
     }
 
     /// TODO
-    pub async fn lock_transaction(&self, transaction_id: TxId) -> Result<Vec<u8>, Error> {
+    pub async fn lock_transaction(
+        &self,
+        transaction_id: TxId,
+        owner: String,
+    ) -> Result<TokenPayload, Error> {
         let filter = Filter {
             ids: vec![transaction_id.clone()],
             limit: 1,
@@ -500,7 +505,7 @@ where
             .await?
             .pop()
             .ok_or(Error::TxNotFound)?
-            .lock_transaction(&self.config.token_manager)?;
+            .lock_transaction(owner, &self.config.token_manager)?;
         self.store(new_revision).await?;
         Ok(secret)
     }
@@ -511,7 +516,7 @@ where
         revision_id: RevId,
         tags: Vec<Tag>,
         reason: String,
-        update_token: Option<Vec<u8>>,
+        update_token: Option<TokenPayload>,
     ) -> Result<Transaction, Error> {
         let filter = Filter {
             revisions: vec![revision_id],
@@ -537,7 +542,7 @@ where
         revision_id: RevId,
         new_status: Status,
         reason: String,
-        update_token: Option<Vec<u8>>,
+        update_token: Option<TokenPayload>,
     ) -> Result<Transaction, Error> {
         let filter = Filter {
             revisions: vec![revision_id],

utxo/src/token.rs

@@ -8,6 +8,9 @@ use sha2::Sha256;
 
 type HmacSha256 = Hmac<Sha256>;
 
+/// Upload payload
+pub type TokenPayload = [u8; 10];
+
 #[derive(thiserror::Error, Debug, Serialize)]
 /// Error type
 pub enum Error {
@@ -40,7 +43,7 @@ impl Default for TokenManager {
 
 impl TokenManager {
     /// Checks if the given token is valid and still not expired
-    pub fn verify(&self, token: Token, update_token: &Option<Vec<u8>>) -> Result<(), Error> {
+    pub fn verify(&self, token: Token, update_token: &Option<TokenPayload>) -> Result<(), Error> {
         if !token.is_valid() {
             return Ok(());
         }
@@ -52,9 +55,10 @@ impl TokenManager {
         };
 
         let mut mac = HmacSha256::new_from_slice(&self.0).expect("HMAC can take key of any size");
-        mac.update(&token.to_bytes().unwrap_or_default());
+        mac.update(update_token);
+
         let result = mac.finalize().into_bytes();
-        if &result[..] != update_token {
+        if &result[..] != token.signature {
             Err(Error::InvalidSignature)
         } else {
             Ok(())
@@ -62,22 +66,26 @@ impl TokenManager {
     }
 
     /// Creates a new instance of the token
-    pub fn new_token(&self, duration: Duration) -> (Token, Vec<u8>) {
+    pub fn new_token(&self, owner: String, duration: Duration) -> (Token, TokenPayload) {
         let mut rng = rand::thread_rng();
-        let mut payload = [0u8; 10];
+        let mut payload = TokenPayload::default();
         rng.fill(&mut payload);
 
-        let token = Token {
-            owner: "owner".to_string(),
-            payload: payload.to_vec(),
-            expires_at: Utc::now() + duration,
-        };
-        let token_bytes = token.to_bytes().unwrap_or_default();
         let mut mac = HmacSha256::new_from_slice(&self.0).expect("HMAC can take key of any size");
-        mac.update(&token_bytes);
-        let proof = mac.finalize().into_bytes();
+        mac.update(&payload);
+
+        let signature = mac.finalize().into_bytes().into();
 
-        (token, proof.to_vec())
+        (
+            // The token cannot be altered once it is commited, as the revision ID is the hash of
+            // the entire content, therefore it is safer to only HMAC the payload
+            Token {
+                expires_at: Utc::now() + duration,
+                owner,
+                signature,
+            },
+            payload,
+        )
     }
 }
 
@@ -92,7 +100,7 @@ pub struct Token {
         deserialize_with = "crate::from_ts_microseconds"
     )]
     expires_at: DateTime<Utc>,
-    payload: Vec<u8>,
+    signature: [u8; 32],
     owner: String,
 }
 

utxo/src/transaction/mod.rs

@@ -1,6 +1,9 @@
 use crate::{
-    config::Config, payment::PaymentTo, storage::Storage, token::TokenManager, AccountId, Amount,
-    FilterableValue, MaxLengthString, PaymentFrom, RevId, Status, TxId,
+    config::Config,
+    payment::PaymentTo,
+    storage::Storage,
+    token::{TokenManager, TokenPayload},
+    AccountId, Amount, FilterableValue, MaxLengthString, PaymentFrom, RevId, Status, TxId,
 };
 use chrono::{DateTime, Duration, TimeZone, Utc};
 use serde::{Deserialize, Serialize};
@@ -199,8 +202,12 @@ impl Transaction {
     }
 
     /// TODO:
-    pub fn lock_transaction(self, token_manager: &TokenManager) -> Result<(Self, Vec<u8>), Error> {
-        let (update_token, secret) = token_manager.new_token(Duration::hours(1));
+    pub fn lock_transaction(
+        self,
+        owner: String,
+        token_manager: &TokenManager,
+    ) -> Result<(Self, TokenPayload), Error> {
+        let (update_token, secret) = token_manager.new_token(owner, Duration::hours(1));
         let new_revision = Revision {
             transaction_id: self.revision.transaction_id,
             changelog: "Lock transaction for updates".to_owned(),
@@ -232,7 +239,7 @@ impl Transaction {
         self,
         new_tags: Vec<Tag>,
         reason: String,
-        update_token: Option<Vec<u8>>,
+        update_token: Option<TokenPayload>,
     ) -> Result<Self, Error> {
         let new_revision = Revision {
             transaction_id: self.revision.transaction_id,
@@ -270,7 +277,7 @@ impl Transaction {
         config: &Config<S>,
         new_status: Status,
         reason: String,
-        update_token: Option<Vec<u8>>,
+        update_token: Option<TokenPayload>,
     ) -> Result<Self, Error>
     where
         S: Storage + Sync + Send,

utxo/src/transaction/revision.rs

@@ -1,4 +1,8 @@
-use crate::{token::Token, transaction::Error, RevId, Status, Tag, TxId};
+use crate::{
+    token::{Token, TokenPayload},
+    transaction::Error,
+    RevId, Status, Tag, TxId,
+};
 use chrono::{serde::ts_milliseconds, DateTime, Utc};
 use serde::{Deserialize, Serialize};
 use sha2::{Digest, Sha256};
@@ -39,7 +43,7 @@ pub struct Revision {
     #[serde(rename = "_update_token", skip_serializing_if = "Option::is_none")]
     /// If the previous revision has an update token, in order to update the update_token or secret
     /// must be provided, and it is attached to the revision.
-    pub update_token: Option<Vec<u8>>,
+    pub update_token: Option<TokenPayload>,
 
     #[serde(rename = "updated_at", with = "ts_milliseconds")]
     #[borsh(