@raytio/core 10.0.1 → 10.1.0

package/dist/util/canonicalJsonify.js

@@ -1,50 +1,50 @@
-"use strict";
-/* eslint-disable fp/no-mutating-methods, fp/no-mutation, fp/no-let, prefer-reflect */
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.canonicalJsonify = void 0;
-const isObject = (a) => Object.prototype.toString.call(a) === "[object Object]"; // TODO: wtf ?
-const REGEX = 
-// eslint-disable-next-line no-control-regex
-/[\u0000-\u001F]|"|\\|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/g;
-const SLASH_ESC = {
-    "\b": "\\b",
-    "\t": "\\t",
-    "\n": "\\n",
-    "\f": "\\f",
-    "\r": "\\r",
-    '"': '\\"',
-    "\\": "\\\\",
-};
-const replacer = (char) => SLASH_ESC[char] ||
-    `\\u${char.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`;
-function copyObjectWithSortedKeys(object) {
-    if (isObject(object)) {
-        return `{${Object.keys(object)
-            .sort()
-            .map(key => `"${key}":${copyObjectWithSortedKeys(object[key])}`)
-            .join(",")}}`;
-    }
-    if (Array.isArray(object)) {
-        return `[${object.map(copyObjectWithSortedKeys).join(",")}]`;
-    }
-    if (typeof object === "number" && object % 1 !== 0) {
-        if (Number.isNaN(object) || !Number.isFinite(object))
-            return "null";
-        // float
-        const exponent = Math.floor(Math.log10(Math.abs(object)));
-        let mantissa = `${object / 10 ** exponent}`;
-        if (!mantissa.includes("."))
-            mantissa += ".0";
-        return `${mantissa}E${exponent}`;
-    }
-    if (typeof object === "string")
-        return `"${object.replace(REGEX, replacer)}"`;
-    return object; // bool or int
-}
-/**
- * @internal
- * spec compliant, and matches
- * https://gitlab.com/raytio/mono/-/blob/devo/common/signing/signing/canonical_json.py
- */
-const canonicalJsonify = (object) => `${copyObjectWithSortedKeys(object)}`;
-exports.canonicalJsonify = canonicalJsonify;
+"use strict";
+/* eslint-disable fp/no-mutating-methods, fp/no-mutation, fp/no-let, prefer-reflect */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canonicalJsonify = void 0;
+const isObject = (a) => Object.prototype.toString.call(a) === "[object Object]"; // TODO: wtf ?
+const REGEX = 
+// eslint-disable-next-line no-control-regex
+/[\u0000-\u001F]|"|\\|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/g;
+const SLASH_ESC = {
+    "\b": "\\b",
+    "\t": "\\t",
+    "\n": "\\n",
+    "\f": "\\f",
+    "\r": "\\r",
+    '"': '\\"',
+    "\\": "\\\\",
+};
+const replacer = (char) => SLASH_ESC[char] ||
+    `\\u${char.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`;
+function copyObjectWithSortedKeys(object) {
+    if (isObject(object)) {
+        return `{${Object.keys(object)
+            .sort()
+            .map(key => `"${key}":${copyObjectWithSortedKeys(object[key])}`)
+            .join(",")}}`;
+    }
+    if (Array.isArray(object)) {
+        return `[${object.map(copyObjectWithSortedKeys).join(",")}]`;
+    }
+    if (typeof object === "number" && object % 1 !== 0) {
+        if (Number.isNaN(object) || !Number.isFinite(object))
+            return "null";
+        // float
+        const exponent = Math.floor(Math.log10(Math.abs(object)));
+        let mantissa = `${object / 10 ** exponent}`;
+        if (!mantissa.includes("."))
+            mantissa += ".0";
+        return `${mantissa}E${exponent}`;
+    }
+    if (typeof object === "string")
+        return `"${object.replace(REGEX, replacer)}"`;
+    return object; // bool or int
+}
+/**
+ * @internal
+ * spec compliant, and matches
+ * https://gitlab.com/raytio/mono/-/blob/devo/common/signing/signing/canonical_json.py
+ */
+const canonicalJsonify = (object) => `${copyObjectWithSortedKeys(object)}`;
+exports.canonicalJsonify = canonicalJsonify;

package/dist/util/conditional.d.ts

@@ -0,0 +1,7 @@
+declare type ConditionValue = string | number | boolean;
+/**
+ * Checks all other form values in case any have a
+ * trigger value that makes this field requirted.
+ */
+export declare const isConditionMet: (condition: Record<string, ConditionValue[]>, formValues: Record<string, unknown>) => boolean;
+export {};

package/dist/util/conditional.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isConditionMet = void 0;
+/**
+ * Checks all other form values in case any have a
+ * trigger value that makes this field requirted.
+ */
+const isConditionMet = (condition, formValues) => Object.entries(condition).every(([fieldName, triggerValues]) => {
+    if (Array.isArray(formValues[fieldName])) {
+        // if it's a multiselect, check if any of the selected values match the criteria
+        return formValues[fieldName].some(val => triggerValues.includes(val));
+    }
+    return triggerValues.includes(formValues[fieldName]);
+});
+exports.isConditionMet = isConditionMet;

package/dist/util/handleResponse.d.ts

@@ -1 +1 @@
-export {};
+export {};

package/dist/util/handleResponse.js

@@ -1,21 +1,21 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleResponse = void 0;
-/**
- * @internal
- * Throws an error if the API request fails.
- * Drop-in replacement for `response.json()`
- * @example
- * ```
- * const json = await fetch(...).then(handleResponse)
- * ```
- */
-const handleResponse = async (response) => {
-    const json = await response.json();
-    // json could be a string | number
-    if (typeof json === "object" && "message" in json) {
-        throw new Error(json.message);
-    }
-    return json;
-};
-exports.handleResponse = handleResponse;
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleResponse = void 0;
+/**
+ * @internal
+ * Throws an error if the API request fails.
+ * Drop-in replacement for `response.json()`
+ * @example
+ * ```
+ * const json = await fetch(...).then(handleResponse)
+ * ```
+ */
+const handleResponse = async (response) => {
+    const json = await response.json();
+    // json could be a string | number
+    if (typeof json === "object" && "message" in json) {
+        throw new Error(json.message);
+    }
+    return json;
+};
+exports.handleResponse = handleResponse;

package/dist/util/hash.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/util/hash.js

@@ -0,0 +1,11 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sha512 = void 0;
+/** @internal */
+async function sha512(str) {
+    const buf = await crypto.subtle.digest("SHA-512", new TextEncoder().encode(str));
+    return Array.from(new Uint8Array(buf))
+        .map(b => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+exports.sha512 = sha512;

package/dist/util/index.d.ts

@@ -1,2 +1,2 @@
-export * from "./canonicalJsonify";
-export * from "./handleResponse";
+export * from "./canonicalJsonify";
+export * from "./handleResponse";

package/dist/util/index.js

@@ -1,18 +1,18 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./canonicalJsonify"), exports);
-__exportStar(require("./handleResponse"), exports);
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./canonicalJsonify"), exports);
+__exportStar(require("./handleResponse"), exports);

package/dist/verifications/checkSingleVerification.d.ts

@@ -0,0 +1,9 @@
+import { VerificationPayload } from "@raytio/types";
+declare type SingleVerToCheck = {
+    verObject: VerificationPayload<false>;
+    signature: string;
+    userId: string;
+    value: unknown;
+};
+export declare const checkSingleVerification: ({ verObject, signature, userId, value, }: SingleVerToCheck) => Promise<boolean>;
+export {};

package/dist/verifications/checkSingleVerification.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkSingleVerification = exports.checkSignature = void 0;
+const pem_jwk_1 = require("pem-jwk");
+const util_1 = require("../util");
+let cache; // eslint-disable-line fp/no-let
+async function getJwk() {
+    const pem = await fetch("http://api-docs.rayt.io/lookups/raytio.pem").then(r => r.text());
+    // eslint-disable-next-line fp/no-mutation
+    cache = (0, pem_jwk_1.pem2jwk)(pem);
+    return cache;
+}
+/** @internal exported only for tests */
+async function checkSignature(publicKeyJwk, signature, data) {
+    // must match https://gitlab.com/raytio/mono/-/blob/devo/common/signing/signing/sign.py
+    const publicKey = await window.crypto.subtle.importKey("jwk", publicKeyJwk, { name: "RSA-PSS", hash: "SHA-512" }, false, ["verify"]);
+    const signatureBuf = Uint8Array.from(atob(signature), c => c.charCodeAt(0));
+    const res = await crypto.subtle.verify({ name: "RSA-PSS", hash: "SHA-512", saltLength: 512 / 8 }, publicKey, signatureBuf, new TextEncoder().encode(data));
+    return res;
+}
+exports.checkSignature = checkSignature;
+const checkSingleVerification = async ({ verObject, signature, userId, value, }) => {
+    const jwk = await getJwk();
+    const exapandedObject = Object.assign(Object.assign({}, verObject), { sub: userId, value });
+    const stringified = (0, util_1.canonicalJsonify)(exapandedObject);
+    const result = await checkSignature(jwk, signature, stringified);
+    return result;
+};
+exports.checkSingleVerification = checkSingleVerification;

package/dist/verifications/checkVerifications.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/verifications/checkVerifications.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkVerifications = void 0;
+const util_1 = require("../util");
+/** @internal */
+const checkVerifications = async ({ apiUrl, toVerify, controller, }) => {
+    const response = await fetch(`${apiUrl}/extract_verify/v2/verify_check`, {
+        method: "POST",
+        body: JSON.stringify(toVerify),
+        signal: controller === null || controller === void 0 ? void 0 : controller.signal,
+    }).then(util_1.handleResponse);
+    // if we send `n` items to the API, it returns `n + m` items. The
+    // extra `m` items are garbage and don't have the verified field.
+    return response.filter(ver => "verified" in ver);
+};
+exports.checkVerifications = checkVerifications;

package/dist/verifications/checkVerificationsNew.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/verifications/checkVerificationsNew.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkVerificationsNew = void 0;
+const pem_jwk_1 = require("pem-jwk");
+let cache; // eslint-disable-line fp/no-let
+async function getJwk() {
+    const pem = await fetch("http://api-docs.rayt.io/lookups/raytio.pem").then(r => r.text());
+    // eslint-disable-next-line fp/no-mutation
+    cache = (0, pem_jwk_1.pem2jwk)(pem);
+    return cache;
+}
+/** @internal */
+const checkVerificationsNew = async () => {
+    const jwk = await getJwk();
+};
+exports.checkVerificationsNew = checkVerificationsNew;

package/dist/verifications/cleanInstance.d.ts

@@ -1,9 +1,9 @@
-import { Instance } from "@raytio/types";
-/**
- * The API response from share/v2/access_application/instance/:iId
- * returns a complicated hashed_n_id format, so you need to clean up
- * the API response using this function as soon as possible.
- *
- * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
- */
-export declare function cleanInstance(instance: Instance): Instance;
+import { Instance } from "@raytio/types";
+/**
+ * The API response from share/v2/access_application/instance/:iId
+ * returns a complicated hashed_n_id format, so you need to clean up
+ * the API response using this function as soon as possible.
+ *
+ * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
+ */
+export declare function cleanInstance(instance: Instance): Instance;

package/dist/verifications/cleanInstance.js

@@ -1,15 +1,15 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.cleanInstance = void 0;
-const ramda_1 = require("ramda");
-/**
- * The API response from share/v2/access_application/instance/:iId
- * returns a complicated hashed_n_id format, so you need to clean up
- * the API response using this function as soon as possible.
- *
- * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
- */
-function cleanInstance(instance) {
-    return Object.assign(Object.assign({}, instance), { profile_objects: instance.profile_objects.map((PO) => (Object.assign(Object.assign({}, (0, ramda_1.omit)(["hashed_n_id"], PO)), { n_id: PO.n_id || `HASHED::${PO.hashed_n_id}::${instance.a_id}` }))) });
-}
-exports.cleanInstance = cleanInstance;
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cleanInstance = void 0;
+const ramda_1 = require("ramda");
+/**
+ * The API response from share/v2/access_application/instance/:iId
+ * returns a complicated hashed_n_id format, so you need to clean up
+ * the API response using this function as soon as possible.
+ *
+ * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
+ */
+function cleanInstance(instance) {
+    return Object.assign(Object.assign({}, instance), { profile_objects: instance.profile_objects.map((PO) => (Object.assign(Object.assign({}, (0, ramda_1.omit)(["hashed_n_id"], PO)), { n_id: PO.n_id || `HASHED::${PO.hashed_n_id}::${instance.a_id}` }))) });
+}
+exports.cleanInstance = cleanInstance;

package/dist/verifications/getOwnRealVerifications.d.ts

@@ -0,0 +1,14 @@
+import { ProfileObject, Verification, RealVer } from "@raytio/types";
+declare type Props = {
+    verifications: Verification[];
+    profileObjects: ProfileObject[];
+    userId: string;
+};
+/**
+ * Given a list of verifications and decrypted profile objects, this function calls
+ * the Raytio API to verify the credibility of these verifications, returning only valid
+ * verifications.
+ * @returns a list of fileNames/values that are verified.
+ */
+export declare const getOwnRealVerifications: ({ verifications, profileObjects, userId, }: Props) => Promise<RealVer[]>;
+export {};

package/dist/verifications/getOwnRealVerifications.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOwnRealVerifications = void 0;
+/* eslint-disable fp/no-loops */
+const ramda_1 = require("ramda");
+const crypto_1 = require("../crypto");
+const maybeRereference_1 = require("./maybeRereference");
+const checkSingleVerification_1 = require("./checkSingleVerification");
+const getValuesForAField = (fieldName, POs) => (0, ramda_1.uniq)(
+// truthy only, and ignore encrypted properties. this function will be called again once they're decrypted
+POs.map(x => { var _a; return (_a = x.properties) === null || _a === void 0 ? void 0 : _a[fieldName]; }).filter(x => !!x && !(0, crypto_1.isEncrypted)(x)));
+/**
+ * Given a list of verifications and decrypted profile objects, this function calls
+ * the Raytio API to verify the credibility of these verifications, returning only valid
+ * verifications.
+ * @returns a list of fileNames/values that are verified.
+ */
+const getOwnRealVerifications = async ({ verifications, profileObjects, userId, }) => {
+    // FIXME: support hashed_n_id
+    // FIXME: support UNSAFE_treatNoValueAsVerified
+    // TODO: support derived verifications
+    // for each verification (including passed: false), create a list of every possible that
+    // value that that verification might have been for. Flatten the list
+    // and check which ones are valid, keeping only the valid key passes
+    const realVers = [];
+    for (const ver of verifications) {
+        /** every possible value for this field */
+        const values = getValuesForAField(ver.properties.field, profileObjects);
+        for (const value of values) {
+            for (const { data, signature } of ver.properties.verifications) {
+                const isVerified = await (0, checkSingleVerification_1.checkSingleVerification)({
+                    verObject: data,
+                    userId,
+                    value: (0, maybeRereference_1.maybeRereference)(value),
+                    signature,
+                });
+                if (isVerified) {
+                    // a "RealVer" is what the client likes to deal with,
+                    // rather than the "VerificationPayload" which is stored on the API.
+                    // eslint-disable-next-line fp/no-mutating-methods
+                    realVers.push({
+                        fieldName: data.field,
+                        value,
+                        provider: {
+                            dataSourceNId: data.verifier_source_id,
+                            serviceProviderNId: data.verifier_service_id,
+                            verifierNId: data.verifier_id,
+                            date: new Date(`${data.verification_date}Z`), // the api returns invalid dates (missing the `Z`)
+                        },
+                        expired: data.valid_until ? new Date(data.valid_until) : false,
+                        metadata: data.metadata,
+                        xId: data.request_div,
+                        signature,
+                        verified: data.passed,
+                        nID: ver.n_id,
+                        belongsToNId: data.source_n_id,
+                    });
+                }
+            }
+        }
+    }
+    return realVers;
+};
+exports.getOwnRealVerifications = getOwnRealVerifications;

package/dist/verifications/getPOVerification.d.ts

@@ -1,16 +1,16 @@
-import { FieldVerification, ProfileObject, POVerification, RealVer, Schema, VerificationProvider, ProfileObjectForUpload, NId } from "@raytio/types";
-/**
- * Determines the verification status of a profile object, and its individual fields.
- */
-export declare function getPOVerification({ PO, schema, realVers, }: {
-    PO: ProfileObject | ProfileObjectForUpload;
-    schema: Schema;
-    realVers: RealVer[];
-}): {
-    status: POVerification;
-    details: {
-        sourceNId?: NId;
-        verifiers: VerificationProvider[];
-    };
-    fieldVerifications: Record<string, FieldVerification>;
-};
+import { FieldVerification, ProfileObject, POVerification, RealVer, Schema, VerificationProvider, ProfileObjectForUpload, NId } from "@raytio/types";
+/**
+ * Determines the verification status of a profile object, and its individual fields.
+ */
+export declare function getPOVerification({ PO, schema, realVers, }: {
+    PO: ProfileObject | ProfileObjectForUpload;
+    schema: Schema;
+    realVers: RealVer[];
+}): {
+    status: POVerification;
+    details: {
+        sourceNId?: NId;
+        verifiers: VerificationProvider[];
+    };
+    fieldVerifications: Record<string, FieldVerification>;
+};