cyberia 2.8.885

package/scripts/ssl.sh

@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# RHEL / Rocky Linux — Generate local TLS cert + fullchain (cert + root CA) using mkcert
+# Usage:
+#   ./generate-local-ssl-fullchain.sh /path/to/target "localhost 127.0.0.1 ::1"
+
+set -euo pipefail
+IFS=$'\n\t'
+
+err() { echo "[ERROR] $*" >&2; }
+info() { echo "[INFO] $*"; }
+
+print_usage() {
+  cat <<'EOF'
+Usage: $0 TARGET_DIR "domain1 domain2 ..."
+Example: $0 /etc/ssl/local "localhost 127.0.0.1 ::1"
+
+Outputs created in TARGET_DIR:
+ - <name>.pem          : leaf/server certificate
+ - <name>-key.pem      : private key
+ - <name>-fullchain.pem: certificate followed by root CA (use for servers needing full chain)
+ - rootCA.pem          : local root CA (if OpenSSL fallback used or copied from mkcert CAROOT)
+EOF
+}
+
+if [[ ${1-} == "-h" || ${1-} == "--help" ]]; then
+  print_usage; exit 0; fi
+
+TARGET_DIR="${1-}"
+DOMAINS="${2-}"
+
+if [[ -z "$TARGET_DIR" ]]; then read -rp "Target directory to store certificates (absolute path): " TARGET_DIR; fi
+if [[ -z "$DOMAINS" ]]; then read -rp "Space-separated domains/IPs to include (e.g. 'localhost 127.0.0.1 api.myapp.test'): " DOMAINS; fi
+
+TARGET_DIR="$(realpath -m "$TARGET_DIR")"
+mkdir -p "$TARGET_DIR"
+IFS=' ' read -r -a DOMAIN_ARR <<< "$DOMAINS"
+if [[ ${#DOMAIN_ARR[@]} -eq 0 ]]; then err "No domains provided. Exiting."; exit 1; fi
+
+NAME_SAFE="${DOMAIN_ARR[0]//[^a-zA-Z0-9_.-]/_}"
+CERT_FILE="$TARGET_DIR/${NAME_SAFE}.pem"
+KEY_FILE="$TARGET_DIR/${NAME_SAFE}-key.pem"
+FULLCHAIN_FILE="$TARGET_DIR/${NAME_SAFE}-fullchain.pem"
+ROOT_PEM="$TARGET_DIR/rootCA.pem"
+
+info "Target dir: $TARGET_DIR"
+info "Domains: ${DOMAIN_ARR[*]}"
+info "Outputs: $CERT_FILE, $KEY_FILE, $FULLCHAIN_FILE, $ROOT_PEM"
+
+# Install prerequisites
+if ! command -v dnf >/dev/null 2>&1; then err "dnf not found. This script expects RHEL/Rocky with dnf."; exit 1; fi
+sudo dnf install -y curl nss-tools ca-certificates || true
+
+# Download and install mkcert binary (no 'go install')
+download_mkcert_binary() {
+  UNAME_M=$(uname -m)
+  case "$UNAME_M" in
+    x86_64|amd64) ARCH_STR='linux-amd64' ;;
+    aarch64|arm64) ARCH_STR='linux-arm64' ;;
+    *) ARCH_STR='linux-amd64' ;;
+  esac
+  info "Searching mkcert release for $ARCH_STR"
+  ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+    grep -E '"browser_download_url":' | grep -i "$ARCH_STR" | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  if [[ -z "$ASSET_URL" ]]; then
+    ASSET_URL=$(curl -sS "https://api.github.com/repos/FiloSottile/mkcert/releases/latest" | \
+      grep -E '"browser_download_url":' | grep -i 'linux' | grep -i 'amd64' | head -n1 | sed -E 's/.*"(https:[^"]+)".*/\1/' || true)
+  fi
+  if [[ -z "$ASSET_URL" ]]; then err "Could not find mkcert asset for your arch"; return 1; fi
+  TMP_BIN="$(mktemp -u /tmp/mkcert.XXXXXX)"
+  if curl -fSL -o "$TMP_BIN" "$ASSET_URL"; then
+    sudo mv "$TMP_BIN" /usr/local/bin/mkcert
+    sudo chmod +x /usr/local/bin/mkcert
+    info "mkcert installed to /usr/local/bin/mkcert"
+    return 0
+  fi
+  return 1
+}
+
+use_mkcert() {
+  if ! command -v mkcert >/dev/null 2>&1; then
+    info "mkcert not found — attempting to download/install binary"
+    download_mkcert_binary || return 1
+  fi
+  MKCERT_BIN="$(command -v mkcert || echo /usr/local/bin/mkcert)"
+  info "Running mkcert -install as sudo (if necessary)"
+  if ! sudo "$MKCERT_BIN" -install >/dev/null 2>&1; then
+    if ! "$MKCERT_BIN" -install >/dev/null 2>&1; then
+      err "mkcert -install failed"; return 1
+    fi
+  fi
+  MK_ARGS=()
+  for d in "${DOMAIN_ARR[@]}"; do MK_ARGS+=("$d"); done
+  info "Generating cert+key with mkcert"
+  if ! "$MKCERT_BIN" -cert-file "$CERT_FILE" -key-file "$KEY_FILE" "${MK_ARGS[@]}"; then err "mkcert failed to generate"; return 1; fi
+  # copy root CA from mkcert CAROOT into TARGET_DIR
+  if ROOT_FROM_MKCERT="$($MKCERT_BIN -CAROOT 2>/dev/null || true)"; then
+    if [[ -f "$ROOT_FROM_MKCERT/rootCA.pem" ]]; then
+      cp "$ROOT_FROM_MKCERT/rootCA.pem" "$ROOT_PEM"
+      info "Copied mkcert root CA to $ROOT_PEM"
+    fi
+  fi
+  # create fullchain (cert followed by root CA)
+  if [[ -f "$ROOT_PEM" ]]; then
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    info "Created fullchain: $FULLCHAIN_FILE"
+  else
+    cp "$CERT_FILE" "$FULLCHAIN_FILE"
+    info "No root CA found to append; fullchain contains only leaf cert: $FULLCHAIN_FILE"
+  fi
+  return 0
+}
+
+use_openssl() {
+  command -v openssl >/dev/null 2>&1 || { err "openssl required"; return 1; }
+  ROOT_KEY="$TARGET_DIR/rootCA.key"
+  if [[ ! -f "$ROOT_KEY" || ! -f "$ROOT_PEM" ]]; then
+    openssl genrsa -out "$ROOT_KEY" 4096
+    openssl req -x509 -new -nodes -key "$ROOT_KEY" -sha256 -days 3650 -out "$ROOT_PEM" -subj "/CN=Local Development Root CA"
+  fi
+  CSR_KEY="$TARGET_DIR/${NAME_SAFE}.key"
+  CSR_PEM="$TARGET_DIR/${NAME_SAFE}.csr"
+  openssl genrsa -out "$CSR_KEY" 2048
+  openssl req -new -key "$CSR_KEY" -out "$CSR_PEM" -subj "/CN=${DOMAIN_ARR[0]}"
+  V3EXT="$TARGET_DIR/v3.ext"
+  printf 'authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, keyEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\n' > "$V3EXT"
+  DNS=1; IP=1
+  for d in "${DOMAIN_ARR[@]}"; do
+    if [[ "$d" =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || [[ "$d" == *":"* ]]; then
+      printf 'IP.%d = %s\n' "$IP" "$d" >> "$V3EXT"; IP=$((IP+1))
+    else
+      printf 'DNS.%d = %s\n' "$DNS" "$d" >> "$V3EXT"; DNS=$((DNS+1))
+    fi
+  done
+  if openssl x509 -req -in "$CSR_PEM" -CA "$ROOT_PEM" -CAkey "$ROOT_KEY" -CAcreateserial -out "$CERT_FILE" -days 825 -sha256 -extfile "$V3EXT"; then
+    mv -f "$CSR_KEY" "$KEY_FILE"
+    # create fullchain: leaf + root
+    cat "$CERT_FILE" "$ROOT_PEM" > "$FULLCHAIN_FILE"
+    sudo cp "$ROOT_PEM" /etc/pki/ca-trust/source/anchors/ || true
+    sudo update-ca-trust extract || true
+    if command -v certutil >/dev/null 2>&1; then
+      mkdir -p "$HOME/.pki/nssdb"
+      certutil -d sql:$HOME/.pki/nssdb -A -t "CT,C,C" -n "Local Dev Root CA" -i "$ROOT_PEM" || true
+    fi
+    info "OpenSSL created cert, key and fullchain"
+    return 0
+  fi
+  err "OpenSSL failed to create certificate"
+  return 1
+}
+
+# main
+if use_mkcert; then
+  info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+  exit 0
+else
+  info "mkcert flow failed — trying OpenSSL fallback"
+  if use_openssl; then
+    info "Done: created cert, key, fullchain and root CA in $TARGET_DIR"
+    exit 0
+  fi
+fi
+
+err "Failed to create certificates with mkcert or OpenSSL"
+exit 2

package/src/api/blockchain/blockchain.controller.js

@@ -0,0 +1,51 @@
+import { loggerFactory } from '../../server/logger.js';
+import { BlockChainService } from './blockchain.service.js';
+
+const logger = loggerFactory(import.meta);
+
+const BlockChainController = {
+  post: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await BlockChainService.post(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  get: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await BlockChainService.get(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  delete: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await BlockChainService.delete(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+};
+
+export { BlockChainController };

package/src/api/blockchain/blockchain.model.js

@@ -0,0 +1,90 @@
+import { Schema, model, Types } from 'mongoose';
+
+// https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
+
+// Data to hyperledger besu
+const TransactionSchema = new Schema({
+  transaction: {
+    // The sender public key of the transaction.
+    // In a reward transaction the sender is null.
+    sender: { type: String, required: true, immutable: true },
+    // The recipient public key  of the transaction.
+    recipient: { type: String, required: true, immutable: true },
+    // The value of the transaction, which can be an amount of currencies or array ipfs cid.
+    // @link reward algorithm
+    value: { type: String, required: true, immutable: true },
+    // The timestamp of the transaction.
+    timestamp: { type: Number, required: true, immutable: true },
+  },
+  // The signature of the transaction, which validates the sender and the value.
+  // In a reward transaction the signature is null.
+  signature: { type: String, required: true, immutable: true },
+});
+
+// Accountant validator protocol
+
+// internal registration
+const PoSBlockSchema = new Schema({
+  // The hash of the previous block in the blockchain.
+  // If it is the first block previousHash is null
+  previousHash: { type: String, required: true, immutable: true },
+  // A list of transactions included in the block.
+  transactions: { type: [TransactionSchema], required: true, immutable: true },
+});
+
+const PoSBlockChainSchema = new Schema({
+  // A list of blocks in the blockchain.
+  blocks: [PoSBlockSchema],
+});
+
+// PoW test Block version
+const PoWBlockSchema = new Schema({
+  // The hash of the previous block in the blockchain.
+  // If it is the first block previousHash is null
+  previousHash: { type: String, required: true, immutable: true },
+  // A random value used in the mining process.
+  nonce: { type: String, required: true, immutable: true },
+  // The target hash for the block, which determines the difficulty of mining.
+  // @link difficulty algorithm
+  target: { type: String, required: true, immutable: true },
+  // A list of transactions included in the block.
+  transactions: { type: [TransactionSchema], required: true, immutable: true },
+  // The timestamp of the block
+  timestamp: { type: Number, required: true, immutable: true },
+});
+
+// PoW test BlockChain version
+const PoWBlockChainSchema = new Schema({
+  // @link blockchain validator logic protocol
+  //    - previousHash with hashing block algorithm defined
+  //    - transaction key format
+  //    - sort timestamp transactions and validate with last transaction timestamp of last block
+  //    - block timestamp with last block
+
+  // A list of blocks in the blockchain.
+  blocks: [PoWBlockSchema],
+  // The format of the transaction public keys, such as JWK.
+  transactionKeyFormat: {
+    format: { type: String, required: true, immutable: true },
+    algorithm: {
+      name: { type: String, required: true, immutable: true },
+      namedCurve: { type: String, required: true, immutable: true },
+      hash: { type: String, required: true, immutable: true },
+    },
+  },
+  hashingBlockAlgorithm: {
+    // The hash function used, such as SHA-256.
+    hash: { type: String, immutable: true },
+    // The format of the hash output, such as hex.
+    digest: { type: String, required: true, immutable: true },
+  },
+});
+
+// default blockchain schema (PoS)
+const BlockChainSchema = PoSBlockChainSchema;
+
+const BlockChainModel = model('BlockChain', BlockChainSchema);
+
+const ProviderSchema = BlockChainSchema;
+
+export { BlockChainSchema, BlockChainModel, ProviderSchema };

package/src/api/blockchain/blockchain.router.js

@@ -0,0 +1,21 @@
+import { loggerFactory } from '../../server/logger.js';
+import { BlockChainController } from './blockchain.controller.js';
+import express from 'express';
+
+const logger = loggerFactory(import.meta);
+
+const BlockChainRouter = (options) => {
+  const router = express.Router();
+  const authMiddleware = options.authMiddleware;
+  router.post(`/:id`, async (req, res) => await BlockChainController.post(req, res, options));
+  router.post(`/`, authMiddleware, async (req, res) => await BlockChainController.post(req, res, options));
+  router.get(`/:id`, async (req, res) => await BlockChainController.get(req, res, options));
+  router.get(`/`, async (req, res) => await BlockChainController.get(req, res, options));
+  router.delete(`/:id`, async (req, res) => await BlockChainController.delete(req, res, options));
+  router.delete(`/`, async (req, res) => await BlockChainController.delete(req, res, options));
+  return router;
+};
+
+const ApiRouter = BlockChainRouter;
+
+export { ApiRouter, BlockChainRouter };

package/src/api/blockchain/blockchain.service.js

@@ -0,0 +1,24 @@
+import { loggerFactory } from '../../server/logger.js';
+import { BlockChainModel } from './blockchain.model.js';
+
+const logger = loggerFactory(import.meta);
+
+const BlockChainService = {
+  post: async (req, res, options) => {
+    switch (req.params.id) {
+      default:
+    }
+  },
+  get: async (req, res, options) => {
+    switch (req.params.id) {
+      default:
+    }
+  },
+  delete: async (req, res, options) => {
+    switch (req.params.id) {
+      default:
+    }
+  },
+};
+
+export { BlockChainService };

package/src/api/core/core.controller.js

@@ -0,0 +1,69 @@
+import { loggerFactory } from '../../server/logger.js';
+import { CoreService } from './core.service.js';
+
+const logger = loggerFactory(import.meta);
+
+const CoreController = {
+  post: async (req, res, options) => {
+    try {
+      const result = await CoreService.post(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  get: async (req, res, options) => {
+    try {
+      const result = await CoreService.put(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  put: async (req, res, options) => {
+    try {
+      const result = await CoreService.get(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  delete: async (req, res, options) => {
+    try {
+      const result = await CoreService.delete(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+};
+
+export { CoreController };

package/src/api/core/core.model.js

@@ -0,0 +1,11 @@
+import { Schema, model, Types } from 'mongoose';
+
+// https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
+
+const CoreSchema = new Schema({});
+
+const CoreModel = model('Core', CoreSchema);
+
+const ProviderSchema = CoreSchema;
+
+export { CoreSchema, CoreModel, ProviderSchema };

package/src/api/core/core.router.js

@@ -0,0 +1,24 @@
+import { adminGuard } from '../../server/auth.js';
+import { loggerFactory } from '../../server/logger.js';
+import { CoreController } from './core.controller.js';
+import express from 'express';
+
+const logger = loggerFactory(import.meta);
+
+const CoreRouter = (options) => {
+  const router = express.Router();
+  const authMiddleware = options.authMiddleware;
+  router.post(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.post(req, res, options));
+  router.post(`/`, authMiddleware, adminGuard, async (req, res) => await CoreController.post(req, res, options));
+  router.get(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.get(req, res, options));
+  router.get(`/`, authMiddleware, adminGuard, async (req, res) => await CoreController.get(req, res, options));
+  router.put(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.put(req, res, options));
+  router.put(`/`, authMiddleware, adminGuard, async (req, res) => await CoreController.put(req, res, options));
+  router.delete(`/:id`, authMiddleware, adminGuard, async (req, res) => await CoreController.delete(req, res, options));
+  router.delete(`/`, authMiddleware, adminGuard, async (req, res) => await CoreController.delete(req, res, options));
+  return router;
+};
+
+const ApiRouter = CoreRouter;
+
+export { ApiRouter, CoreRouter };

package/src/api/core/core.service.js

@@ -0,0 +1,35 @@
+import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+import { loggerFactory } from '../../server/logger.js';
+import { shellExec } from '../../server/process.js';
+
+const logger = loggerFactory(import.meta);
+
+const CoreService = {
+  post: async (req, res, options) => {
+    /** @type {import('./core.model.js').CoreModel} */
+    const Core = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Core;
+    if (req.path.startsWith('/sh')) {
+      if (req.body.stdout) return shellExec(req.body.sh, { stdout: true });
+      shellExec(req.body.sh, { async: true });
+      return 'Command "' + req.body.sh + '" running';
+    }
+    return await new Core(req.body).save();
+  },
+  get: async (req, res, options) => {
+    /** @type {import('./core.model.js').CoreModel} */
+    const Core = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Core;
+    return await Core.findById(req.params.id);
+  },
+  put: async (req, res, options) => {
+    /** @type {import('./core.model.js').CoreModel} */
+    const Core = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Core;
+    return await Core.findByIdAndUpdate(req.params.id, req.body);
+  },
+  delete: async (req, res, options) => {
+    /** @type {import('./core.model.js').CoreModel} */
+    const Core = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Core;
+    return await Core.findByIdAndDelete(req.params.id);
+  },
+};
+
+export { CoreService };

package/src/api/crypto/crypto.controller.js

@@ -0,0 +1,51 @@
+import { loggerFactory } from '../../server/logger.js';
+import { CryptoService } from './crypto.service.js';
+const logger = loggerFactory(import.meta);
+
+const CryptoController = {
+  post: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await CryptoService.post(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  get: async (req, res, options) => {
+    try {
+      return res.status(200).json({
+        status: 'success',
+        data: await CryptoService.get(req, res, options),
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+  delete: async (req, res, options) => {
+    try {
+      const result = await CryptoService.delete(req, res, options);
+      return res.status(200).json({
+        status: 'success',
+        data: result,
+      });
+    } catch (error) {
+      logger.error(error, error.stack);
+      return res.status(400).json({
+        status: 'error',
+        message: error.message,
+      });
+    }
+  },
+};
+
+export { CryptoController };

package/src/api/crypto/crypto.model.js

@@ -0,0 +1,23 @@
+import { Schema, model, Types } from 'mongoose';
+
+// https://mongoosejs.com/docs/2.7.x/docs/schematypes.html
+
+// Example:
+// JWKS: Array of JWK
+// https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-sets
+
+const CryptoSchema = new Schema({
+  format: { type: String, required: 'format is required' },
+  data: { type: String, required: 'data is required', unique: true },
+  algorithm: {
+    name: { type: String, required: 'name is required' },
+    namedCurve: { type: String, required: 'namedCurve is required' },
+    hash: { type: String, required: 'hash is required' },
+  },
+});
+
+const CryptoModel = model('Crypto', CryptoSchema);
+
+const ProviderSchema = CryptoSchema;
+
+export { CryptoSchema, CryptoModel, ProviderSchema };

package/src/api/crypto/crypto.router.js

@@ -0,0 +1,20 @@
+import { loggerFactory } from '../../server/logger.js';
+import { CryptoController } from './crypto.controller.js';
+import express from 'express';
+const logger = loggerFactory(import.meta);
+
+const CryptoRouter = (options) => {
+  const router = express.Router();
+  const authMiddleware = options.authMiddleware;
+  router.post(`/:id`, async (req, res) => await CryptoController.post(req, res, options));
+  router.post(`/`, authMiddleware, async (req, res) => await CryptoController.post(req, res, options));
+  router.get(`/:id`, async (req, res) => await CryptoController.get(req, res, options));
+  router.get(`/`, async (req, res) => await CryptoController.get(req, res, options));
+  router.delete(`/:id`, async (req, res) => await CryptoController.delete(req, res, options));
+  router.delete(`/`, async (req, res) => await CryptoController.delete(req, res, options));
+  return router;
+};
+
+const ApiRouter = CryptoRouter;
+
+export { ApiRouter, CryptoRouter };

package/src/api/crypto/crypto.service.js

@@ -0,0 +1,64 @@
+import { loggerFactory } from '../../server/logger.js';
+import crypto from 'crypto';
+import { DataBaseProvider } from '../../db/DataBaseProvider.js';
+const logger = loggerFactory(import.meta);
+
+const CryptoService = {
+  post: async (req, res, options) => {
+    /** @type {import('./crypto.model.js').CryptoModel} */
+    const Crypto = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.Crypto;
+    /** @type {import('../user/user.model.js').UserModel} */
+    const User = DataBaseProvider.instance[`${options.host}${options.path}`].mongoose.models.User;
+
+    switch (req.params.id) {
+      case 'verify': {
+        const signature = Buffer.from(req.body.signature, 'base64');
+
+        const publicKey = await crypto.subtle.importKey(
+          'jwk',
+          req.body.publicKey,
+          {
+            name: 'ECDSA',
+            namedCurve: 'P-384',
+            hash: 'SHA-256',
+          },
+          true,
+          ['verify'],
+        );
+
+        const isValid = await crypto.subtle.verify(
+          {
+            name: 'ECDSA',
+            hash: 'SHA-256',
+          },
+          publicKey,
+          signature,
+          new TextEncoder().encode(JSON.stringify(req.body.payload)),
+        );
+
+        return { isValid };
+      }
+      default: {
+        const publicKey = await new Crypto(req.body).save();
+        const user = await User.findById(req.auth.user._id);
+        user.publicKey.push(publicKey._id);
+        await User.findByIdAndUpdate(req.auth.user._id, user, {
+          runValidators: true,
+        });
+        return publicKey;
+      }
+    }
+  },
+  get: async (req, res, options) => {
+    switch (req.params.id) {
+      default:
+    }
+  },
+  delete: async (req, res, options) => {
+    switch (req.params.id) {
+      default:
+    }
+  },
+};
+
+export { CryptoService };