# WooCommerce ## Overview This standalone project is designed to be deployed on a user's own server, enabling integration with inabit from remote. Its primary purpose is to facilitate the approval of pending transactions within a gated approvals flow. This is essentially replacing an owner/approver's mobile approvals app, allowing users to control approvals on their server. > #### [Project's Public Github Repository](https://github.com/In-a-bit/inabit-remote) ### Functionality Upon running, the application must successfully initialize and communicate with Inabit. This involves several steps depending on the initiation state. If the 'signer' is approved, the handling of pending transaction flow may proceed. #### First Run During the first run, a pairing process is initiated. This includes: 1. Logging into Inabit using the provided login token. 2. Validating the user's current state. 3. Requesting a pairing token. 4. Producing an encrypted key used for signing, saving it to a mapped volume. 5. Sending pairing data to Inabit and requesting the 'Owner' to authorize the approver. 6. Refreshing the login token i.e. acquiring automatically a new valid login token. #### Recurring Runs For subsequent runs, after validating that the user is paired, the application continues its operation as usual. #### Initiation Errors If anything goes wrong during the initiation stage, the approver initiation process will be aborted. ### Prerequisites 1. An initial login token of a valid user within Inabit with the role: 'apiSigner'. 2. Enabled communication with the Inabit server (valid URL and whitelisted IPs and ports). ### Deployment From within the root directory `inabit/inabit-remote`: #### Set Login Token * The login token is approver's token valid for 30 days, allowing authentication with Inabit. * The token is automatically refreshed, i.e. switched to a new 30 days valid token, on: * **each** docker init. * every **15** days (configurable) * The refreshed login token is saved to a mapped volume on host machine. * The login token must be mapped to a selected location in the host filesystem for initialization and persistency. * Create a folder named `refresh`. * Set into the folder the login token file `r.dat` (which includes the login token). * Map the folder in the `docker-compose.prod.yml`: ```bash volumes: - ./refresh:/app/apps/approver/refresh ``` * Add the following environment variables in correspondence: ```bash LOGIN_TOKEN_FILE_PATH=refresh LOGIN_TOKEN_FILE_NAME=r.dat REFRESH_LOGIN_TOKEN_IN_MINUTES=21600 # 15 days in seconds, do not change! ``` #### Build ```bash docker-compose -f docker-compose.prod.yml build approver ``` #### Run ```bash docker-compose -f docker-compose.prod.yml up approver ``` ## Required Configurations The required config can be provided in 2 ways: 1. Baked into the docker by building the docker with a valid `.env` file. 2. Through the `docker-compose.prod.yml` file variables override section `environment`. In case using `.env` is selected, remember to modify or remove the `environment:` section, from `docker-compose.prod.yml`. In case of a change of the `.env` , a new docker image build must proceed. ### Required Environment Variables ```bash INABIT_API_BASE_URL=http://localhost:3000/graphql APPROVER_URL=http://example.example APPROVER_PORT=3020 SECRET=change-me KEY_FILE_PATH=dat KEY_FILE_NAME=k.dat LOGIN_TOKEN_FILE_PATH=refresh LOGIN_TOKEN_FILE_NAME=r.dat ORGANIZATION_NAME=my-organization ``` ### Important The approvers' key must be mapped to a selected location in the host filesystem for persistency. This is the required combination of env variables: ```bash SECRET=koko-moko # Encryption secret for the key. KEY_FILE_PATH=dat # File path relative to the app/apps/approver i.e., app/apps/approver/dat. KEY_FILE_NAME=k.dat # File name of the encrypted key. ``` In the Docker Compose file: ```bash volumes: - ./dat:/app/apps/approver/dat ``` **Ensure Correspondence** Ensure there is correspondence between the volume mapping and the selected `KEY_FILE_PATH` settings. The volume mapping in the Docker Compose file should reflect the chosen `KEY_FILE_PATH` for persisting the encrypted key: ```bash volumes: - ./dat:/app/apps/approver/dat ``` ### Pairing On Docker init , it is first checked if the approver is in status `Paired` or `WaitingForApproval`. If not, a pairing flow starts: Within the flow interaction with Inabit, 1. a pairing data is exchanged with Inabit including the public signing key of the approver. 2. an approval message is sent to the owner of the organization. 3. a pairing code is produced in the approver start up log trace, and must be passed *directly* to the owner for pairing completion. ```bash { level: 'info', message: 'Pairing code: c754ce6d209dcc1b6f2312903ef31f0ac297b63e5dead29a6b877ecad8c77ada', metadata: { timestamp: '2024-02-21T08:54:17.560Z' }, timestamp: '2024-02-21T08:54:17.560Z' } ``` ### Wish to see how you can automate approving and signing transactions? Refer to the next page to understand how to [automate signing transactions](https://docs.inabit.com/inabit-terminal/terminal-guide/gas-features) using our docker! {% content-ref url="../terminal-guide/gas-features" %} [gas-features](https://docs.inabit.com/inabit-terminal/terminal-guide/gas-features) {% endcontent-ref %}