Validate usernames with every write

[hstove]

In the Radiks decentralization proposal, I mentioned a section around "malicious users". The gist is that Radiks should start including a username with every piece of saved data. This has many benefits, which are outlined in the forum post.

Here is the overview of how it should be implemented:

• Whenever a model is saved, two new fields are saved in the JSON payload of every model:
  • a username attribute is attached to the JSON info for that model.
  • a jwt attribute that is the same exact authResponse token that is used during Blockstack auth.

You can get this jwt signed token by calling userSession.loadUserData().authResponseToken(). Note that this includes an encrypted appPrivateKey - but that's OK, because only the client has the transitPrivateKey that can decrypt this field.

Whenever Radiks-server is saving data from Gaia, it will validate the JWT and that it matches the username attribute. You can use the app.co-api server-side authentication reference for an existing implementation of how this is done. Fortunately, all the code required for this already exists in blockstack.js.

[moxiegirl]

@hstove when you close this please point to the new proposal.

[hstove]

@moxiegirl this PR essentially is the new proposal. There is also a README change in here

[hstove]

Closing this - since we found issues with this approach, and are using a different mechanism now - #44