npm - @raytio/core - Versions diffs - 11.1.0 → 11.3.0 - Mend

@raytio/core 11.1.0 → 11.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/dist/schema/expandSchema/removePrivateFields.d.ts CHANGED Viewed

@@ -1,10 +1,10 @@
-import { Schema } from "@raytio/types";
+import type { Schema } from "@raytio/types";
 export declare const removePrivateFields: (schema: Schema) => {
     properties: Record<string, Omit<import("@raytio/types").SchemaField, "$id" | "allOf" | "$schema" | "definitions">>;
-    type?: import("@raytio/types").DataTypes | undefined;
-    name: string;
     title: string;
     description: string;
+    description_decorator?: "md" | undefined;
+    schema_type?: import("@raytio/types").SchemaType | undefined;
     title_plural?: string | undefined;
     schema_group?: string | undefined;
     tags?: import("@raytio/types").SchemaTag[] | undefined;
@@ -59,8 +59,8 @@ export declare const removePrivateFields: (schema: Schema) => {
         direction: "from";
         type: string;
         required_relationship?: boolean | undefined;
-        oneOf?: string[] | undefined;
-        anyOf?: string[] | undefined;
+        oneOf?: (import("@raytio/types").SchemaName | "instance")[] | undefined;
+        anyOf?: import("@raytio/types").SchemaName[] | undefined;
         multiple?: boolean | undefined;
         properties?: {
             [fieldName: string]: import("@raytio/types").SchemaField;
@@ -83,7 +83,7 @@ export declare const removePrivateFields: (schema: Schema) => {
     } | undefined;
     onboard_properties?: {
         profile_objects?: {
-            schema_name: string;
+            schema_name: import("@raytio/types").SchemaName;
             properties: Record<string, unknown>;
         }[] | undefined;
         relationships?: {
@@ -104,6 +104,8 @@ export declare const removePrivateFields: (schema: Schema) => {
         }[] | undefined;
         return_to?: string | undefined;
     } | undefined;
+    name: import("@raytio/types").SchemaName;
+    type?: import("@raytio/types").DataTypes | undefined;
     group_title?: string | undefined;
     verified_fields?: (string | import("@raytio/types").ConditionallyRequired)[] | undefined;
     required?: (string | import("@raytio/types").ConditionallyRequired)[] | undefined;

package/dist/schema/expandSchema/sortSchemaProperties.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
-import { NId, SchemaField, Urn } from "@raytio/types";
+import type { NId, SchemaField, Urn } from "@raytio/types";
 /** two overloads - if you provide undefined, you might get undefined back */
 export declare const getNidFromUrn: {
-    (urn: Urn): NId;
-    (urn: Urn | undefined): NId | undefined;
+    <IDType = NId>(urn: Urn): IDType;
+    <IDType_1 = NId>(urn: Urn | undefined): IDType_1 | undefined;
 };
 type Key = string;
 type Tag = string;

package/dist/schema/expandSchema/unwrapSchema.d.ts CHANGED Viewed

@@ -1,6 +1,2 @@
-import { WrappedSchema } from "@raytio/types";
-export declare function unwrapSchema(wrapped: WrappedSchema): WrappedSchema["schema"] & {
-    version: string;
-    start_date?: string;
-    end_date?: string;
-};
+import type { Schema, WrappedSchema } from "@raytio/types";
+export declare function unwrapSchema(wrapped: WrappedSchema): WrappedSchema["schema"] & Pick<WrappedSchema, "start_date" | "end_date" | "schema_type"> & Pick<Schema, "name" | "version">;

package/dist/schema/expandSchema/unwrapSchema.js CHANGED Viewed

@@ -2,6 +2,6 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.unwrapSchema = void 0;
 function unwrapSchema(wrapped) {
-    return Object.assign(Object.assign({}, wrapped.schema), { name: wrapped.name, start_date: wrapped.start_date, end_date: wrapped.end_date, version: wrapped.version });
+    return Object.assign(Object.assign({}, wrapped.schema), { name: wrapped.schema_name, start_date: wrapped.start_date, end_date: wrapped.end_date, version: wrapped.schema_version, schema_type: wrapped.schema_type });
 }
 exports.unwrapSchema = unwrapSchema;

package/dist/schema/labels.d.ts CHANGED Viewed

@@ -1,2 +1,3 @@
+import type { SchemaName } from "@raytio/types";
 /** Finds the label (on a profile object) which is the schema name */
-export declare const findSchemaLabel: (labels: string[] | undefined) => string | undefined;
+export declare const findSchemaLabel: (labels: string[] | undefined) => SchemaName | undefined;

package/dist/testHelpers.d.ts ADDED Viewed

@@ -0,0 +1,9 @@
+import type { Mock } from "vitest";
+/** like {@link Partial} but applies to all deep properties */
+export type DeepPartial<T> = T | (T extends object ? {
+    [K in keyof T]?: DeepPartial<T[K]>;
+} : T extends (infer U)[] ? DeepPartial<U>[] : T);
+/** tells typescript that this function is mocked */
+export declare const m: (func: unknown) => Mock<any, any>;
+/** helper to let us define type-safe partial mocks */
+export declare const deepPartial: <T>(partial: DeepPartial<T>) => T;

package/dist/testHelpers.js ADDED Viewed

@@ -0,0 +1,9 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deepPartial = exports.m = void 0;
+/** tells typescript that this function is mocked */
+const m = (func) => func;
+exports.m = m;
+/** helper to let us define type-safe partial mocks */
+const deepPartial = (partial) => partial;
+exports.deepPartial = deepPartial;

package/dist/verifications/cleanInstance.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { Instance } from "@raytio/types";
+import type { Instance } from "@raytio/types";
 /**
  * The API response from share/v2/access_application/instance/:iId
  * returns a complicated hashed_n_id format, so you need to clean up

package/dist/verifications/getPOVerification.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { FieldVerification, ProfileObject, POVerification, RealVer, Schema, VerificationProvider, ProfileObjectForUpload, NId } from "@raytio/types";
+import { FieldVerification, type NId, POVerification, type ProfileObject, type ProfileObjectForUpload, type RealVer, type Schema, type VerificationProvider } from "@raytio/types";
 export type VerDetails = {
     sourceNId?: NId;
     verifiers: VerificationProvider[];

package/dist/verifications/getPOVerification.js CHANGED Viewed

@@ -55,10 +55,13 @@ function getPOVerification({ PO, schema, realVers, }) {
         if (pertainingVers.length && pertainingVers.every(x => x.expired)) {
             return types_1.FieldVerification.Expired;
         }
-        if (pertainingVers.some(x => !x.verified)) {
+        // the if statement above checks if every ver is expired. It is possible
+        // that only some are expired, so filter out those ones.
+        const nonExpiredPertainingVers = pertainingVers.filter(x => !x.expired);
+        if (nonExpiredPertainingVers.some(x => !x.verified)) {
             return types_1.FieldVerification.VerifiedFalse;
         }
-        return pertainingVers.length
+        return nonExpiredPertainingVers.length
             ? types_1.FieldVerification.Verified
             : types_1.FieldVerification.NotVerified;
     }, shouldBeVerifiedProps);
@@ -89,6 +92,7 @@ function getPOVerification({ PO, schema, realVers, }) {
         nId: PO.n_id,
         realVers,
         shouldBeVerifiedProps,
+        verificationStatus: status,
     });
     // find the earliest expiry date if there is one
     const maybeExpiryDate = ((_c = (0, ramda_1.sortBy)(ver => +ver.expired, realVers.filter(ver => ver.belongsToNId === PO.n_id && ver.expired))[0]) === null || _c === void 0 ? void 0 : _c.expired) || undefined;

package/dist/verifications/getVerifiedBy.js CHANGED Viewed

@@ -1,13 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getVerifiedBy = void 0;
+const types_1 = require("@raytio/types");
 const ramda_1 = require("ramda");
 const maybeRereference_1 = require("./maybeRereference");
 // we should probably document this
 /** @internal */
-const getVerifiedBy = ({ nId, realVers, shouldBeVerifiedProps, }) => {
+const getVerifiedBy = ({ nId, realVers, shouldBeVerifiedProps, verificationStatus, }) => {
     const mayBeVerifiedFields = Object.keys(shouldBeVerifiedProps);
     const pertainingVers = realVers
+        // for valid verifications, we filter out the information that came from
+        // now expired sources. We only ever consider expired source if the verification
+        // itself is expired.
+        .filter(realVer => realVer.expired ? verificationStatus === types_1.POVerification.Expired : true)
         .filter(x => mayBeVerifiedFields.includes(x.fieldName) &&
         // using ramda's `equals` because this needs to work for objects/arrays
         (0, ramda_1.equals)((0, maybeRereference_1.maybeRereference)(shouldBeVerifiedProps[x.fieldName]), (0, maybeRereference_1.maybeRereference)(x.value)) &&

package/dist/verifications/index.d.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-export * from "./cleanInstance";
 export * from "./getPOVerification";
 export * from "./verifyCheck";
 export * from "./getVerifiedBy";

package/dist/verifications/index.js CHANGED Viewed

@@ -14,7 +14,6 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./cleanInstance"), exports);
 __exportStar(require("./getPOVerification"), exports);
 __exportStar(require("./verifyCheck"), exports);
 __exportStar(require("./getVerifiedBy"), exports);

package/dist/verifications/safeHarbour.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ProfileObject, RealVer, SafeHarbourCode, Schema } from "@raytio/types";
+import { type ProfileObject, type RealVer, type SafeHarbourCode, type Schema, type SchemaName } from "@raytio/types";
 /** an object listing the `xId`s for each SafeHarbourCode */
 export type SafeHarbourObj = Partial<Record<SafeHarbourCode, string[]>>;
 /** the response from {@link calcSafeHarbourScore} */
@@ -16,5 +16,5 @@ export declare const calcSafeHarbourScore: (data: {
     person: ProfileObject;
     profileObjects: ProfileObject[];
     realVers: RealVer[];
-    getSchema(schemaName: string): Promise<Schema>;
+    getSchema(schemaName: SchemaName): Promise<Schema>;
 }) => Promise<SafeHarbourResult>;

package/dist/verifications/verifyCheck/__tests__/getOwnRealVerifications.test.js CHANGED Viewed

@@ -2,7 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const __1 = require("..");
 const operations_1 = require("../operations");
-jest.mock("../operations");
+const testHelpers_1 = require("../../../testHelpers");
+vi.mock("../operations");
 /**
  * in this test case:
  *  - there are valid verifications for fName=Max and fName=Erika, but we don't which
@@ -16,22 +17,25 @@ jest.mock("../operations");
  */
 describe("getOwnRealVerifications", () => {
     beforeAll(() => {
-        operations_1.checkOwnVerification.mockImplementation(async ({ signature }) => {
+        vi.fn(() => 1).mockImplementation(() => 123);
+        (0, testHelpers_1.m)(operations_1.checkOwnVerification).mockImplementation(async ({ signature, keyId }) => {
             if (signature === "signatureForLastNameMustermannFromN2")
                 return false;
+            if (keyId === "thisOneIsInvalid")
+                return false;
             return true;
         });
     });
     it("calls the verifyCheck function for each PO, keeping only the valid ones", async () => {
-        const profileObjects = [
+        const profileObjects = (0, testHelpers_1.deepPartial)([
             { n_id: "n1", properties: { fName: "Max", lName: "Mustermann" } },
             { n_id: "n2", properties: { fName: "Erika", lName: "Mustermann" } },
-        ];
-        const verifications = [
+        ]);
+        const verifications = (0, testHelpers_1.deepPartial)([
             {
                 n_id: "nv1",
                 properties: {
-                    valid_until: "2020-08-28T23:12:35.678Z",
+                    valid_until: "2020-08-28T23:12:35.678Z", // this one has expired
                     verifications: [
                         {
                             signature: "signatureForFirstNameMax",
@@ -65,6 +69,7 @@ describe("getOwnRealVerifications", () => {
                                 passed: false,
                                 source_n_id: "n2",
                             },
+                            // legacy: key_id is not specified
                         },
                     ],
                 },
@@ -103,14 +108,56 @@ describe("getOwnRealVerifications", () => {
                     ],
                 },
             },
-        ];
+            {
+                n_id: "nv6",
+                properties: {
+                    verifications: [
+                        {
+                            signature: "signatureForFirstNameErika",
+                            data: {
+                                field: "fName",
+                                verifier_source_id: "Ministry of pike river mine re-entry",
+                                verifier_service_id: "Minister for pike river re-entry",
+                                verifier_id: "v1",
+                                verification_date: "2020-08-28T23:11:20.592912",
+                                request_div: "x2",
+                                passed: false,
+                                source_n_id: "n2",
+                            },
+                            key_id: "thisOneIsInvalid", // signature & data is good, but this key will fail
+                        },
+                    ],
+                },
+            },
+            {
+                n_id: "nv7",
+                properties: {
+                    verifications: [
+                        {
+                            signature: "signatureForFirstNameErika",
+                            data: {
+                                field: "fName",
+                                verifier_source_id: "Ministry of pike river mine re-entry",
+                                verifier_service_id: "Minister for pike river re-entry",
+                                verifier_id: "v1",
+                                verification_date: "2020-08-28T23:11:20.592912",
+                                request_div: "x2",
+                                passed: false,
+                                source_n_id: "n2",
+                            },
+                            key_id: "raytio", // everything is valid, this is the right key_id
+                        },
+                    ],
+                },
+            },
+        ]);
         const realVers = await (0, __1.getOwnRealVerifications)({
             profileObjects,
             verifications,
             userId: "geesepolice2002",
         });
-        expect(operations_1.checkOwnVerification).toHaveBeenCalledTimes(3);
-        // 3 times, not 5. Because this new method doesn't need to build a big matrix of possible combinations
+        expect(operations_1.checkOwnVerification).toHaveBeenCalledTimes(5);
+        // 5 times. Because this new method doesn't need to build a big matrix of possible combinations
         expect(realVers).toStrictEqual([
             {
                 fieldName: "fName",
@@ -147,6 +194,24 @@ describe("getOwnRealVerifications", () => {
                 xId: "x2",
             },
             // note how lastName is not included since it's invalid
+            // nv6 is not included because the key is invalid
+            {
+                fieldName: "fName",
+                value: "Erika",
+                belongsToNId: "n2",
+                nID: "nv7",
+                expired: false,
+                metadata: undefined,
+                provider: {
+                    dataSourceNId: "Ministry of pike river mine re-entry",
+                    date: new Date("2020-08-28T23:11:20.592Z"),
+                    serviceProviderNId: "Minister for pike river re-entry",
+                    verifierNId: "v1",
+                },
+                signature: "signatureForFirstNameErika",
+                verified: false,
+                xId: "x2",
+            },
         ]);
     });
 });

package/dist/verifications/verifyCheck/__tests__/getSomeoneElsesRealVerifications.test.js CHANGED Viewed

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 const getSomeoneElsesRealVerifications_1 = require("../getSomeoneElsesRealVerifications");
 const operations_1 = require("../operations");
-jest.mock("../operations");
+vi.mock("../operations");
 const checkVerificationsResp = [
     {
         verified: false,
@@ -133,7 +133,7 @@ const verifications = [
 ];
 describe("getSomeoneElsesRealVerifications", () => {
     beforeEach(() => {
-        jest.resetAllMocks();
+        vi.resetAllMocks();
         operations_1.checkSomeoneElsesVerifications.mockResolvedValue(checkVerificationsResp);
     });
     it("returns an empty array if provided nothing", async () => {

package/dist/verifications/verifyCheck/getOwnRealVerifications.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ProfileObject, Verification, RealVer, UId } from "@raytio/types";
+import type { ProfileObject, RealVer, UId, Verification } from "@raytio/types";
 /**
  * Given a list of verifications and decrypted profile objects, this function
  * locally verifies the credibility of the signatures in the verifications.

package/dist/verifications/verifyCheck/getOwnRealVerifications.js CHANGED Viewed

@@ -17,7 +17,8 @@ const getOwnRealVerifications = async ({ verifications, profileObjects, userId,
     // because attempting hundreds of webcrypto operations simultaneously will
     // probably upset some heritage web browser.
     for (const ver of verifications) {
-        for (const { data, signature } of ver.properties.verifications) {
+        for (const verPO of ver.properties.verifications) {
+            const { data, signature } = verPO;
             const sourcePO = profileObjects.find(PO => PO.n_id === data.source_n_id);
             if (!sourcePO)
                 continue;
@@ -34,6 +35,7 @@ const getOwnRealVerifications = async ({ verifications, profileObjects, userId,
                 userId,
                 value: (0, maybeRereference_1.maybeRereference)(value),
                 signature,
+                keyId: verPO.key_id,
             });
             if (!isGenuine)
                 continue;

package/dist/verifications/verifyCheck/getSomeoneElsesRealVerifications.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { ProfileObject, Verification, RealVer, AId } from "@raytio/types";
+import type { AId, ProfileObject, RealVer, Verification } from "@raytio/types";
 type Props = {
     aId: AId;
     apiUrl: string;

package/dist/verifications/verifyCheck/getSomeoneElsesRealVerifications.js CHANGED Viewed

@@ -64,7 +64,7 @@ const getSomeoneElsesRealVerifications = async ({ aId, apiUrl, verifications, pr
         verified: data.passed,
         nID,
         belongsToNId: data.source_hashed_n_id
-            ? `HASHED::${data.source_hashed_n_id}::${aId}`
+            ? (0, general_1.createHashedNId)(data.source_hashed_n_id, aId)
             : data.source_n_id,
     }));
     return realVers;

package/dist/verifications/verifyCheck/operations/__tests__/checkOwnVerification.test.js CHANGED Viewed

@@ -7,8 +7,9 @@ const __1 = require("..");
 const util_1 = require("../../../../util");
 const checkOwnVerification_1 = require("../checkOwnVerification");
 const sampleBundle_json_1 = __importDefault(require("./sampleBundle.json"));
-Reflect.set(global, "fetch", jest.fn().mockResolvedValue({
-    text: async () => `-----BEGIN PUBLIC KEY-----
+global.fetch = vi.fn().mockImplementation(async (url) => ({
+    text: async () => url.endsWith("raytio.pem")
+        ? `-----BEGIN PUBLIC KEY-----
 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAn9QtCqYa3H3ipFFU0xP3
 n6r7KHS3GMbh0h/xzel57HhCIaXDYjUeUtgUNtzm+uElb/qzGn50xQRzVqO32vKB
 ZAW2kYyZ2+R5ruk9CSxr7K4Vk1FtDMcUCzqxm0eycFD2xbLsN3feRc3BMjfdaQ7P
@@ -21,10 +22,29 @@ Gut0BoM+DIwDu0uZaUprz7fSgNmYHHEiIFbOMVHiOn8oZAZbJXXbUbFIUYXA8u9+
 J1Z+QEpgw+rhGzOf/TSeHfMC9nNbWgYglluAJusWf2XwG/t/VlhtzviHCVGEL7HQ
 jQE5DrM7vaTg6Gu9bjKuoeLIRzbOYK6qAWFoa0CLcN84PLjhDSRw2duatP08hcWg
 jTgOkLWnBFE7NyRU93uPp68CAwEAAQ==
+-----END PUBLIC KEY-----`
+        : `-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAgee+uBOgOsbwjMvGN1/H
+qpGXGJLol0Pc2KhI1fh1NBq+UGhk8PqgDd5wHZikbmrtVkvp/maIh+mbIdehY/RC
+ftMylvebCf4Qf+5SWzQsmB1o6nBUbwJzYE2XyvxRiNLhdIeE+GgfdpA5S3l0cDJ5
+B/1TagITmQUjThwTxDYZ6jlGJJ4NSjqlqeQrHhGWRLVQPWU8bYysX3jt3/uiv4tS
+n3TheLGY1TMlbFrVF2Spv1WxuqMZ4bX1mIotK3yEB3TaZSZaOwlUcEZ4xY+J4Vl+
+ZlrOgYbmzFd7UFh9UZbYZUkNSEfddEnFNFlFG3YQVt8UAumPBVJELdjiaRjTj/K4
+62GAFyOcbcw9wcl69fPBnieBo2m2Dqf6U3wcrnvTnkMwjCewWXCH6FdbC4OllBZV
+Nrfn6zf9yX0J8ZEDEcw9ZsNLVkyl2U+Ya/h5CQt43ip/1eNM5LpTbfqBTtAH7iUO
+4L9rxuSJFA2Q9kZfof6kYO9EGgMFB+GM47/Q068+IiTpifvPno4ilnowyS4hbLiy
+Os2yudW79flaz0a7rq5dLdSg9Mm5k7ETBm7WguDcocaiETmuYTJT2PozAGOC3+EP
+w5N7mQff4ecx/880FWYKQmU9Asav1V49DWSnG0ZXQ7U24dG8ANeAgKddDviJGlsh
+SsjKrz8LJqeoNQu30iSGZhUCAwEAAQ==
 -----END PUBLIC KEY-----`,
 }));
 describe("checkOwnVerification", () => {
-    it("works for a real PO", async () => {
+    it.each `
+    keyId                       | result
+    ${undefined}                | ${true}
+    ${"whatever/raytio"}        | ${true}
+    ${"whatever/somethingElse"} | ${false}
+  `("returns $result for a PO with keyId=$keyId", async ({ keyId, result }) => {
         //
         // This is an important integration test from ca. 2021-12-02.
         // If it is failing, it means our code no longer matches the
@@ -54,7 +74,13 @@ describe("checkOwnVerification", () => {
         };
         const value = "NZ Limited Company";
         const userId = "fd9c4903-65c2-4b75-b454-4fda6b682f3e"; // for 27july21 🦈
-        expect(await (0, checkOwnVerification_1.checkOwnVerification)({ value, signature, userId, verObject })).toBe(true);
+        expect(await (0, checkOwnVerification_1.checkOwnVerification)({
+            value,
+            signature,
+            userId,
+            verObject,
+            keyId,
+        })).toBe(result);
     });
     it("errors if you forget to supply the uId", async () => {
         await expect(() => (0, checkOwnVerification_1.checkOwnVerification)({
@@ -62,8 +88,22 @@ describe("checkOwnVerification", () => {
             signature: "",
             userId: "",
             verObject: {},
+            keyId: undefined,
         })).rejects.toThrow(new Error("No userId supplied"));
     });
+    it.each `
+    keyId
+    ${"../../malicious.pem"}
+    ${"https://example.com/malicious.pem"}
+  `("errors if you supply an invalid keyId", async ({ keyId }) => {
+        await expect(() => (0, checkOwnVerification_1.checkOwnVerification)({
+            value: "whatever",
+            signature: "whatever",
+            userId: "whatever",
+            verObject: {},
+            keyId,
+        })).rejects.toThrow(new Error("Invalid key ID"));
+    });
 });
 describe("checkSignature", () => {
     it("works", async () => {
@@ -86,6 +126,6 @@ describe("checkSignature", () => {
 });
 describe("checkJsonSignature", () => {
     it("can verify a bundled verification", async () => {
-        expect(await (0, __1.checkJsonSignature)(sampleBundle_json_1.default.data, sampleBundle_json_1.default.signature)).toBe(true);
+        expect(await (0, __1.checkJsonSignature)(sampleBundle_json_1.default.data, sampleBundle_json_1.default.signature, sampleBundle_json_1.default.key_id)).toBe(true);
     });
 });

package/dist/verifications/verifyCheck/operations/__tests__/checkSomeoneElsesVerifications.test.js CHANGED Viewed

@@ -13,7 +13,7 @@ const toVerify = [
 ];
 describe("checkSomeoneElsesVerifications", () => {
     it("calls the API and filters out garbage", async () => {
-        global.fetch = jest
+        global.fetch = vi
             .fn()
             .mockImplementation()
             // first fetch request
@@ -34,7 +34,7 @@ describe("checkSomeoneElsesVerifications", () => {
         expect(result).toStrictEqual([{ verified: true }, { verified: false }]);
     });
     it("throws an error if the API rejects", async () => {
-        global.fetch = jest
+        global.fetch = vi
             .fn()
             .mockImplementation()
             // first fetch request

package/dist/verifications/verifyCheck/operations/__tests__/sampleBundle.json CHANGED Viewed

@@ -39,5 +39,6 @@
         },
         "valid_until": "2022-03-13T02:26:20.468171"
     },
+    "key_id": "any string/raytio",
     "signature": "AiWWrL+S1paYOqJiOtU3qwLTCkkZjwDq3FuHl7oy14IATYOhCeHLf+ca44X1Wc6pYpTQckjKnJZL\nkfgiwNE97aymWIOc+ZZGEb5YhXRNO+inTV4k5zppaDN3n3YAGzn7zMxleh3+opzJqncNaJtpZ0Wv\na9Pu/m4WjyT5ee3Myz6VOOMuVkcaTL4FD8XT7NdCh0ybRevAZ5R9xl0YuWMhvNpf3P6ieTikHXYN\nkKbPTnAhNdBmqV4njSIR66M82Ek0d9VcsX4zhmlhpdCmGRlXLgHEyMCF4iHlCIxSeKtGaOm2QK2R\nOV/lN3VScDNWyD8lPBipcj++5ZGII6BnFFG8LlT3gY/Y/wt8KeH/xgdu0a7Lt6J/BOiGLFfscUmb\nH5K5t48gnQ5BQS+Cf/yhayMV49LlGiK9m1iPlbmuJH1L2/ZM+iLsIrSTGCU0Rpbkw7qvm0dkUNYf\nhvlj/RnUxcy0Lr/84CzLvBhFMmBX+RHlcPrCWpIiibsdaD81kRyvLY2TASLFTeHajfr+UvtP3LVs\n8NGwRQHd6c2/ptxv3ERRUnDtNASatsLe67ZHg9SeF3BDhMHZwU1neYyrBI1TMECasFli5rP5gviq\nC8ZwFQ9lnDDTidWBF8GjRl6ope4wIuNBBkOsIIeyqIJE5BRUH4LhVUnN1be696uCKnWOyOo7fkc=\n"
 }

package/dist/verifications/verifyCheck/operations/checkOwnVerification.d.ts CHANGED Viewed

@@ -1,15 +1,16 @@
-import { UId, VerificationPayload } from "@raytio/types";
+import type { UId, VerificationPayload } from "@raytio/types";
 type SingleVerToCheck = {
     verObject: VerificationPayload<false>;
     signature: string;
     userId: UId;
     value: unknown;
+    keyId: string | undefined;
 };
 /**
  * checks that a json object was signed by the provided signature. Unless you're
  * dealing with bundled verifications, you should use `getOwnRealVerifications`
  * or `getSomeoneElsesRealVerifications` instead.
  */
-export declare const checkJsonSignature: (data: unknown, signature: string) => Promise<boolean>;
-export declare const checkOwnVerification: ({ verObject, signature, userId, value, }: SingleVerToCheck) => Promise<boolean>;
+export declare const checkJsonSignature: (data: unknown, signature: string, keyId: string | undefined) => Promise<boolean>;
+export declare const checkOwnVerification: ({ verObject, signature, userId, value, keyId, }: SingleVerToCheck) => Promise<boolean>;
 export {};

package/dist/verifications/verifyCheck/operations/checkOwnVerification.js CHANGED Viewed

@@ -2,14 +2,14 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.checkOwnVerification = exports.checkJsonSignature = exports.checkSignature = void 0;
 const util_1 = require("../../../util");
-let cache;
+const cache = {};
 const base64ToArrayBuffer = (str) => Uint8Array.from(atob(str), c => c.charCodeAt(0));
-async function getJwk() {
+async function getJwk(keyUrl) {
     // eslint-disable-next-line fp/no-mutation
-    cache || (cache = fetch("https://api-docs.rayt.io/lookups/raytio.pem")
+    cache[keyUrl] || (cache[keyUrl] = fetch(keyUrl)
         .then(r => r.text())
         .then(pem => crypto.subtle.importKey("spki", base64ToArrayBuffer(pem.split("-----")[2].trim()), { name: "RSA-PSS", hash: "SHA-512" }, false, ["verify"])));
-    return cache;
+    return cache[keyUrl];
 }
 /** @internal exported only for tests */
 async function checkSignature(publicCryptoKey, signature, data) {
@@ -24,16 +24,25 @@ exports.checkSignature = checkSignature;
  * dealing with bundled verifications, you should use `getOwnRealVerifications`
  * or `getSomeoneElsesRealVerifications` instead.
  */
-const checkJsonSignature = async (data, signature) => {
-    const jwk = await getJwk();
+const checkJsonSignature = async (data, signature, keyId) => {
+    const keyFileName = keyId ? keyId.split("/")[1] : "raytio";
+    // don't allow any special characters, e.g. to prevent
+    // someone using a keyID of  "../../someOtherFile"
+    if (!keyFileName || /[^\w-]/.test(keyFileName)) {
+        throw new Error("Invalid key ID");
+    }
+    // NOTE: We have to hard code the URL, we can't use an environment
+    // variable here, since this package is used outside of the monorepo.
+    const keyUrl = `https://api-docs.rayt.io/lookups/${keyFileName}.pem`;
+    const jwk = await getJwk(keyUrl);
     const stringified = (0, util_1.canonicalJsonify)(data);
     const result = await checkSignature(jwk, signature, stringified);
     return result;
 };
 exports.checkJsonSignature = checkJsonSignature;
-const checkOwnVerification = async ({ verObject, signature, userId, value, }) => {
+const checkOwnVerification = async ({ verObject, signature, userId, value, keyId, }) => {
     if (!userId)
         throw new Error("No userId supplied");
-    return (0, exports.checkJsonSignature)(Object.assign(Object.assign({}, verObject), { sub: userId, value }), signature);
+    return (0, exports.checkJsonSignature)(Object.assign(Object.assign({}, verObject), { sub: userId, value }), signature, keyId);
 };
 exports.checkOwnVerification = checkOwnVerification;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@raytio/core",
-  "version": "11.1.0",
+  "version": "11.3.0",
   "license": "MIT",
   "main": "index",
   "types": "index",
@@ -12,52 +12,16 @@
   ],
   "scripts": {
     "docs": "sh ../../scripts/generate-docs.sh",
-    "build": "tsc && rimraf dist/jest.setup.* dist/**/__tests__",
-    "test": "jest && yarn docs"
+    "build": "tsc && rimraf dist/**/__tests__",
+    "test": "vitest && yarn docs"
   },
   "dependencies": {
     "@raytio/maxcryptor": "3.1.0",
-    "@raytio/types": "7.1.0",
-    "ramda": "0.29.0"
+    "@raytio/types": "7.3.0",
+    "ramda": "0.29.1"
   },
   "devDependencies": {
-    "@types/ramda": "0.29.0",
-    "jest": "29.5.0",
-    "ts-jest": "29.1.0"
-  },
-  "jest": {
-    "transform": {
-      "^.+\\.(t|j)sx?$": "ts-jest"
-    },
-    "testEnvironment": "node",
-    "collectCoverage": false,
-    "coverageThreshold": {
-      "global": {
-        "statements": 100
-      }
-    },
-    "collectCoverageFrom": [
-      "**/*.js",
-      "**/*.ts",
-      "**/*.tsx"
-    ],
-    "coveragePathIgnorePatterns": [
-      "/dist/",
-      "/coverage/"
-    ],
-    "modulePathIgnorePatterns": [
-      "/dist/"
-    ],
-    "reporters": [
-      "default",
-      "jest-junit"
-    ],
-    "setupFilesAfterEnv": [
-      "./src/jest.setup.ts"
-    ]
-  },
-  "jest-junit": {
-    "outputDirectory": "../../tmp"
+    "@types/ramda": "0.29.7"
   },
   "engineStrict": true,
   "engines": {