Providing a "proof of vote"
JMLX42 opened this issue · 2 comments
The current voting process is cumbersome: we generate a complicated "vote card" which the user don't actually need. 99% of the data in that vote card is useless: the public key (or the address) alone would be enough as of now.
Yet, we offer no simple way to audit a ballot using the "vote card": we have the address of the account, but we have no idea about what the user actually voted. So it would be up to him to remember what he voted when he's going to audit his ballot in the ballot box.
We must keep generating the "vote card" since it's mandatory (it's basically the blockchain account used to create and sign the ballot transaction). Yet we could do all of it in the background and never tell the user about it.
Instead, we should create a new kind of token that can be used to assess/audit the ballot and its value in the ballot box. This would be a "proof of vote". This proof of vote would be a JWT containing:
- version: a version number for backward compatibility
- vote: the ID of vote
- address: the address of the blockchain account that signed the ballot transaction
- value: the actual ballot value
This JWT would be created and signed by the server as a response to the POST /api/ballot API endpoint. This JWT signing key should be unique per-vote and never made available by the API.
- add a signing key to the Vote model
- return the "proof of vote" JWT as a response to the POST /api/ballot API endpoint
- add a button to download/print the proof of vote on the "complete" step of the VoteWidget
Done one feature/proof-of-vote
Reopening since the "print" button prints a blank page.