-
Check your node version
node -vMake sure you use node 8.10 (I tried node 6,
npm testfails with syntax error).I recommend using nvm (https://github.com/creationix/nvm) to manage different node.js versions (
nvm install 8.10; nvm use 8.10). -
Install serverless
npm install -g serverless -
Install all dependencies
npm installrun
npm test, the tests should all pass. -
Make sure you have an AWS account. Set up AWS credentials: https://serverless.com/framework/docs/providers/aws/guide/credentials/
In this step, make sure your
~/.aws/credentialsis setup correctly. And you exported your environment variables:export AWS_ACCESS_KEY=[AWS_ACCESS_KEY] export AWS_SECRET_ACCESS_KEY=[AWS_SECRET_ACCESS_KEY] -
In IAM management console, create a key for develop: https://console.aws.amazon.com/iam/home#/encryptionKeys/us-west-2
If you want to deploy to master too, create another key for master. Make sure the keys you created are in the correct region (
us-west-2). If you decide to create keys in another region, make sure to change region configuration in other places too. -
Create reCaptcha account: https://www.google.com/recaptcha/admin, get
RECAPTCHA_SECRET_KEY(You only need to set this up if you want to use the reCAPTCHA verification flow, not needed for phone verification flow)
-
Create fun captcha account: https://www.funcaptcha.com/setup, get
FUNCAPTCHA_PRIVATE_KEY.(They currently ignore us after we fill in a form, skip this step for now; this is also not needed for phone verification flow)
-
Generate Fuel token private & public keys and address:
FUEL_TOKEN_PRIVATE_KEY,FUEL_TOKEN_PUBLIC_KEY,FUEL_TOKEN_ADDRESS.Create an app e.g. nisaba on uport app manager: https://appmanager.uport.me/, you can see the
addressandpublic key(remove the0x) listed there. Clickclick here for app code, you can get theprivate keyinsideSimpleSinger. -
If you want the JWT payload aud to be another app rather than this one, you can create an app e.g. sensui on uport app manager: https://appmanager.uport.me/, get the
addressforAUDIENCE_ADDRESS.Note: for step 8 and 9, you can also generate these keys using https://github.com/uport-project/uport-cli-client. If in doubt, you can append
did:uport:to theaddress(mnid) and test it out in the uport did resolver: http://uportdid.radicalledger.com/. -
Create nexmo account: https://dashboard.nexmo.com/getting-started-guide, get
NEXMO_API_KEY,NEXMO_API_SECRET,NEXMO_FROMYou can find
NEXMO_FROMin the dashboard, 'Numbers -> Your numbers' section. -
Setup PostgreSQL locally
Start server:
pg_ctl -D /usr/local/var/postgres start &(Stop server:pg_ctl -D /usr/local/var/postgres stop)You need create a table
nexmo_requests:CREATE TABLE public.nexmo_requests ( device_key VARCHAR(64), request_id VARCHAR(32), request_status VARCHAR(32) ) WITH ( OIDS=FALSE );In this case
PG_URL=postgresql://localhost -
Delete the old
kms-secrets.develop.us-west-2.ymlandkms-secrets.master.us-west-2.yml.Generate your own using the following command:
sls encrypt -n SECRETS:[variable] -v [value] [-k key_for_stage] [-s stage]Use the key you generated in step 5 to replace
key_for_stage, and specifydevelopforstage. The first time you run the command, a filekms-secrets.develop.us-west-2.ymlwill be generated.If you want to deploy to master, use the other key you generated in step 5 to replace
key_for_stage, and specifymasterforstage, a filekms-secrets.master.us-west-2.ymlwill be generated.You only need to specify
[-k key_for_stage]the first time you run the command for each stage.You should encrypt the following
variableand its correspondingvalue. If you followed step 6 to 10, you'll know what those values are.RECAPTCHA_SECRET_KEY FUNCAPTCHA_PRIVATE_KEY FUEL_TOKEN_PRIVATE_KEY FUEL_TOKEN_PUBLIC_KEY FUEL_TOKEN_ADDRESS AUDIENCE_ADDRESS NEXMO_API_KEY NEXMO_API_SECRET NEXMO_FROM PG_URLRun
sls decryptto check the encryption works correctly. -
Now you can run locally
sls invoke local -f [function] -d [data]test the following Phone Verification Flow
Use this to generate keys: https://github.com/uport-project/uport-cli-client
After
uPort Identity Created!, the console will print out aUPortClientobject. UseUPortClient.deviceKeys.addressasdeviceKey. (rememberUPortClient.deviceKeys.privateKeyandUPortClient.mnid).-
start verification:
sls invoke local -f start -d '{"deviceKey": [deviceKey], "phoneNumber":[your phone number]}'Send a code through SMS or Call
-
continue verification
(This step is optional, it is for user who has previously indicated they prefer to recieve a code via text-to-speech, you'll receive a phone call.)
sls invoke local -f next -d '{"pathParameters": {"deviceKey": [deviceKey]}}' -
verify code and get fuelToken
sls invoke local -f check -d '{"deviceKey":[deviceKey], "code": [code you received]}'you'll receive a fuelToken -
get new fuelToken with new deviceKey
Once you already get a fuelToken, if you have a new deviceKey, you don't need to go through the above phone verification flow anymore, you can generate a new fuelToken with the old fuelToken and the new deviceKey.
You'll need to generate a requestToken as follows:
const createJWT = require('did-jwt').createJWT; const SimpleSigner = require('did-jwt').SimpleSigner; const signer = new SimpleSigner(UPortClient.deviceKeys.privateKey.slice(2)); const issuer = UPortClient.mnid; const now = Math.floor(Date.now() / 1000); const aud = secrets.AUDIENCE_ADDRESS; const requestToken = await createJWT( { aud, exp: now + 300, iat: now, newDeviceKey: newDeviceKey }, { issuer, signer } );sls invoke local -f newDeviceKey -d '{"headers: {"Authorization": "bearer [old fuelToken]"}, requestToken": [requestToken]}'You'll get a new fuelToken.
-