@raytio/core 8.1.0 → 9.0.0

package/dist/rules/operators/number.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.numberOperators = void 0;
+exports.numberOperators = {
+    num_eq: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 === n2;
+        },
+    },
+    num_neq: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 !== n2;
+        },
+    },
+    num_gt_eq: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 >= n2;
+        },
+    },
+    num_lt_eq: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 <= n2;
+        },
+    },
+    num_gt: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 > n2;
+        },
+    },
+    num_lt: {
+        operands: ["Number", "Number"],
+        implementation(n1, n2) {
+            return n1 < n2;
+        },
+    },
+};

package/dist/rules/operators/string.d.ts

@@ -0,0 +1,2 @@
+import { OperatorID, OperatorDef } from "../types";
+export declare const stringOperators: Partial<Record<OperatorID, OperatorDef>>;

package/dist/rules/operators/string.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stringOperators = void 0;
+// also string operators are case-insensitive
+exports.stringOperators = {
+    string_eq: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return s1.toLowerCase() === s2.toLowerCase();
+        },
+    },
+    string_neq: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return s1.toLowerCase() !== s2.toLowerCase();
+        },
+    },
+    string_contains: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return s1.toLowerCase().includes(s2.toLowerCase());
+        },
+    },
+    string_ncontains: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return !s1.toLowerCase().includes(s2.toLowerCase());
+        },
+    },
+    string_startsWith: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return s1.toLowerCase().startsWith(s2.toLowerCase());
+        },
+    },
+    string_nstartsWith: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return !s1.toLowerCase().startsWith(s2.toLowerCase());
+        },
+    },
+    string_endsWith: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return s1.toLowerCase().endsWith(s2.toLowerCase());
+        },
+    },
+    string_nendsWith: {
+        operands: ["String", "String"],
+        implementation(s1, s2) {
+            return !s1.toLowerCase().endsWith(s2.toLowerCase());
+        },
+    },
+    string_regex: {
+        operands: ["String", "RegEx"],
+        implementation: (str, regEx) => !!str.match(regEx),
+    },
+};

package/dist/rules/types/config.d.ts

@@ -0,0 +1,86 @@
+import { GetTSType } from "./dataValueTypes";
+/**
+ * @ignore
+ * these are just IDs, the string is never parsed by anything.
+ *
+ * However, since they're saved into the WizardConfig schema,
+ * we can't just rename or remove any, since that would break
+ * existing rules.
+ */
+export declare type OperatorID = "bool_eq" | "bool_neq" | "num_eq" | "num_neq" | "num_lt_eq" | "num_gt_eq" | "num_lt" | "num_gt" | "date_valid" | "date_invalid" | "date_before" | "date_after" | "date_eq" | "date_neq" | "date_older_than" | "date_newer_than" | "date_between" | "string_eq" | "string_neq" | "string_contains" | "string_ncontains" | "string_startsWith" | "string_nstartsWith" | "string_endsWith" | "string_nendsWith" | "string_regex" | "field_verifiedBy" | "field_shared" | "field_hasVerStatus" | "field_cameFromSchema" | "field_ncameFromSchema" | "schema_verifiedBy" | "schema_shared" | "schema_hasVerStatus";
+/** @ignore */
+export declare type ValuePathFieldProp = "meta" | "value" | "valueLength" | `subField|${string}`;
+/** @ignore */
+export declare type ValuePath = [type: "schema", schemaName: string, prop: "meta"] | [
+    type: "field",
+    schemaName: string,
+    fieldName: string,
+    prop: ValuePathFieldProp
+];
+/** @ignore */
+export declare type ValueRefConst<T> = {
+    type: "constant";
+    value: T;
+};
+/** @ignore */
+export declare type ValueRefVar = {
+    type: "variable";
+    path: ValuePath;
+};
+/** @ignore */
+export declare type ValueRef<T> = ValueRefConst<T> | ValueRefVar;
+/** @ignore these are the LHS & RHS operands which come from variables (or constants) */
+export declare type FieldValueTypes = "Bool" | "Number" | "String" | "Date" | "Array" | "HField" | "HSchema";
+/** @ignore these are the RHS-only operands which come from constants ONLY */
+export declare type ConstValueTypes = "DateUnit" | "RegEx" | "FieldVerification" | "POVerification";
+/** @ignore full list of operands which come from variables OR constants */
+export declare type ValueType = ConstValueTypes | FieldValueTypes;
+/** @ignore */
+export declare type ValueDef<T = ValueType> = {
+    type: T;
+    value: ValueRef<GetTSType<T>>;
+};
+/** @ignore */
+export declare type ASTScoreConditionNode = {
+    type: "ScoreCondition";
+    operator: OperatorID;
+    values: ValueDef<ValueType>[];
+};
+/** @ignore */
+export declare type ASTLanguageOperatorNode = {
+    type: "LanguageOperator";
+    operator: "OR" | "AND";
+    children: ASTNode[];
+};
+/** @ignore */
+export declare type ASTNode = ASTLanguageOperatorNode | ASTScoreConditionNode;
+/** @ignore */
+export declare type ScoreRule = {
+    /** user defined */
+    name: string;
+    /** user defined */
+    description?: string;
+    /** must be an integer */
+    trueWeight: number;
+    /** must be an integer */
+    falseWeight: number;
+    /** must have a single root node */
+    tree: [ASTNode];
+};
+/** @ignore e.g. 0-10 is "red". We only work with integers. Comparisons use >= and <= */
+export declare type ScoreThreshold = {
+    from: number;
+    to: number;
+    name: string;
+};
+/** @ignore */
+export declare type Combinator = "+" | "*";
+/**
+ * @ignore
+ * the big object for configuring score rules
+ */
+export declare type ScoreConfig = {
+    combinator: Combinator;
+    scoreThresholds: ScoreThreshold[];
+    rules: ScoreRule[];
+};

package/dist/rules/types/config.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/rules/types/dataValueTypes.d.ts

@@ -0,0 +1,19 @@
+import { FieldVerification, NId, POVerification } from "@raytio/types";
+import type { HFieldSymbol, HSchemaSymbol } from "../helpers";
+/** undefined if not shared */
+export declare type HField = {
+    __typeof__: typeof HFieldSymbol;
+    verification: FieldVerification;
+    verifiedBy: readonly NId[];
+    /** schemaName */
+    cameFromSchema: string;
+};
+/** undefined if not shared */
+export declare type HSchema = {
+    __typeof__: typeof HSchemaSymbol;
+    verification?: POVerification;
+    verifiedBy: readonly NId[];
+};
+export declare const DATE_UNITS: readonly ["ms", "s", "m", "h", "D", "M", "W", "Y"];
+export declare type DateUnit = typeof DATE_UNITS[number];
+export declare type GetTSType<T> = T extends "Bool" ? boolean : T extends "Number" ? number : T extends "String" ? string : T extends "Date" ? Date : T extends "Array" ? unknown[] : T extends "HField" ? HField : T extends "HSchema" ? HSchema : T extends "DateUnit" ? DateUnit : T extends "RegEx" ? RegExp : T extends "FieldVerification" ? FieldVerification : T extends "POVerification" ? POVerification : never;

package/dist/rules/types/dataValueTypes.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DATE_UNITS = void 0;
+exports.DATE_UNITS = ["ms", "s", "m", "h", "D", "M", "W", "Y"];

package/dist/rules/types/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./dataValueTypes";
+export * from "./config";
+export * from "./internal";

package/dist/rules/types/index.js

@@ -0,0 +1,15 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./dataValueTypes"), exports);
+__exportStar(require("./config"), exports);
+__exportStar(require("./internal"), exports);

package/dist/rules/types/internal.d.ts

@@ -0,0 +1,20 @@
+import { HField, HSchema, GetTSType } from "./dataValueTypes";
+import { FieldValueTypes, ValueType } from "./config";
+export declare type RuleDataProperty<T extends FieldValueTypes> = {
+    type: T;
+    value: GetTSType<T>;
+    hField: HField;
+};
+export declare type RuleData = {
+    [schemaName: string]: {
+        hSchema: HSchema;
+        properties: {
+            [fieldName: string]: RuleDataProperty<FieldValueTypes>;
+        };
+    }[];
+};
+export declare type OperatorDef = {
+    /** the first operand is the LHS, all others are RHS */
+    operands: ValueType[];
+    implementation: (...args: any[]) => boolean;
+};

package/dist/rules/types/internal.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/util/canonicalJsonify.js

@@ -0,0 +1,48 @@
+"use strict";
+/* eslint-disable fp/no-mutating-methods, fp/no-mutation, fp/no-let, prefer-reflect */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.canonicalJsonify = void 0;
+const isObject = (a) => Object.prototype.toString.call(a) === "[object Object]"; // TODO: wtf ?
+const REGEX = 
+// eslint-disable-next-line no-control-regex
+/[\u0000-\u001F]|"|\\|[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?:[^\uD800-\uDBFF]|^)[\uDC00-\uDFFF]/g;
+const SLASH_ESC = {
+    "\b": "\\b",
+    "\t": "\\t",
+    "\n": "\\n",
+    "\f": "\\f",
+    "\r": "\\r",
+    '"': '\\"',
+    "\\": "\\\\",
+};
+const replacer = (char) => SLASH_ESC[char] ||
+    `\\u${char.charCodeAt(0).toString(16).toUpperCase().padStart(4, "0")}`;
+function copyObjectWithSortedKeys(object) {
+    if (isObject(object)) {
+        return `{${Object.keys(object)
+            .sort()
+            .map(key => `"${key}":${copyObjectWithSortedKeys(object[key])}`)
+            .join(",")}}`;
+    }
+    if (Array.isArray(object)) {
+        return `[${object.map(copyObjectWithSortedKeys).join(",")}]`;
+    }
+    if (typeof object === "number" && object % 1 !== 0) {
+        // float
+        const exponent = Math.round(Math.log10(Math.abs(object)));
+        let mantissa = `${object / 10 ** exponent}`;
+        if (!mantissa.includes("."))
+            mantissa += ".0";
+        return `${mantissa}E${exponent}`;
+    }
+    if (typeof object === "string")
+        return `"${object.replace(REGEX, replacer)}"`;
+    return object; // bool or int
+}
+/**
+ * @internal
+ * spec compliant, and matches
+ * https://gitlab.com/raytio/mono/-/blob/devo/common/signing/signing/canonical_json.py
+ */
+const canonicalJsonify = (object) => `${copyObjectWithSortedKeys(object)}`;
+exports.canonicalJsonify = canonicalJsonify;

package/dist/util/handleResponse.js

@@ -14,7 +14,6 @@ const handleResponse = async (response) => {
     const json = await response.json();
     // json could be a string | number
     if (typeof json === "object" && "message" in json) {
-        // eslint-disable-next-line fp/no-throw
         throw new Error(json.message);
     }
     return json;

package/dist/util/index.d.ts

@@ -1 +1,2 @@
+export * from "./canonicalJsonify";
 export * from "./handleResponse";

package/dist/util/index.js

@@ -10,4 +10,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./canonicalJsonify"), exports);
 __exportStar(require("./handleResponse"), exports);

package/dist/verifications/cleanInstance.d.ts

@@ -0,0 +1,9 @@
+import { Instance } from "@raytio/types";
+/**
+ * The API response from share/v2/access_application/instance/:iId
+ * returns a complicated hashed_n_id format, so you need to clean up
+ * the API response using this function as soon as possible.
+ *
+ * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
+ */
+export declare function cleanInstance(instance: Instance): Instance;

package/dist/verifications/cleanInstance.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cleanInstance = void 0;
+const ramda_1 = require("ramda");
+/**
+ * The API response from share/v2/access_application/instance/:iId
+ * returns a complicated hashed_n_id format, so you need to clean up
+ * the API response using this function as soon as possible.
+ *
+ * We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
+ */
+function cleanInstance(instance) {
+    return Object.assign(Object.assign({}, instance), { profile_objects: instance.profile_objects.map((PO) => (Object.assign(Object.assign({}, (0, ramda_1.omit)(["hashed_n_id"], PO)), { n_id: PO.n_id || `HASHED::${PO.hashed_n_id}::${instance.a_id}` }))) });
+}
+exports.cleanInstance = cleanInstance;

package/dist/verifications/getPOVerification.d.ts

@@ -1,4 +1,4 @@
-import { FieldVerification, ProfileObject, POVerification, RealVer, Schema, VerificationProvider, ProfileObjectForUpload } from "@raytio/types";
+import { FieldVerification, ProfileObject, POVerification, RealVer, Schema, VerificationProvider, ProfileObjectForUpload, NId } from "@raytio/types";
 /**
  * Determines the verification status of a profile object, and its individual fields.
  */
@@ -8,6 +8,9 @@ export declare function getPOVerification({ PO, schema, realVers, }: {
     realVers: RealVer[];
 }): {
     status: POVerification;
-    details: VerificationProvider[];
+    details: {
+        sourceNId?: NId;
+        verifiers: VerificationProvider[];
+    };
     fieldVerifications: Record<string, FieldVerification>;
 };

package/dist/verifications/getPOVerification.js

@@ -1,7 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getPOVerification = void 0;
-/* eslint-disable fp/no-throw */
 const ramda_1 = require("ramda");
 const types_1 = require("@raytio/types");
 const crypto_1 = require("../crypto");
@@ -23,7 +22,7 @@ function getPOVerification({ PO, schema, realVers, }) {
     if (someAreEncrypted) {
         return {
             status: types_1.POVerification.Encrypted,
-            details: [],
+            details: { sourceNId: PO.n_id, verifiers: [] },
             fieldVerifications: {},
         };
     }
@@ -81,14 +80,14 @@ function getPOVerification({ PO, schema, realVers, }) {
         /* istanbul ignore next */
         return types_1.POVerification.NotVerified;
     })();
-    const details = (0, getVerifiedBy_1.getVerifiedBy)({
+    const verifiers = (0, getVerifiedBy_1.getVerifiedBy)({
         nId: PO.n_id,
         realVers,
         shouldBeVerifiedProps,
     });
     return {
         status,
-        details,
+        details: { sourceNId: PO.n_id, verifiers },
         fieldVerifications,
     };
 }

package/dist/verifications/index.d.ts

@@ -1,4 +1,5 @@
+export * from "./cleanInstance";
 export * from "./getPOVerification";
-export * from "./getRealVerifications";
+export * from "./verifyCheck";
 export * from "./getVerifiedBy";
 export * from "./safeHarbour";

package/dist/verifications/index.js

@@ -11,7 +11,8 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 // not exporting checkVerifications; it's not a public API
+__exportStar(require("./cleanInstance"), exports);
 __exportStar(require("./getPOVerification"), exports);
-__exportStar(require("./getRealVerifications"), exports);
+__exportStar(require("./verifyCheck"), exports);
 __exportStar(require("./getVerifiedBy"), exports);
 __exportStar(require("./safeHarbour"), exports);

package/dist/verifications/safeHarbour.d.ts

@@ -3,14 +3,13 @@ import { ProfileObject, RealVer, Schema } from "@raytio/types";
 export declare type SafeHarbourObj = Partial<Record<SafeHarbourCode, string[]>>;
 /** the response from {@link calcSafeHarbourScore} */
 export declare type SafeHarbourResult = {
-    /** undefined means loading */
-    isSafe: boolean | undefined;
+    isSafe: boolean;
     flags: SafeHarbourObj;
 };
 /**
  * The Safe Harbour Score indidicates whether a person's identity has been verified
  * to the extent requried for Safe Harbour Compliance. This requires multiple verifications
- * from different sources. For infomation, refer to the
+ * from different sources. For information, refer to the
  * {@link https://dev-docs.rayt.io/docs/features/pep-checks Raytio Documentation}.
  */
 export declare const calcSafeHarbourScore: (data: {

package/dist/verifications/safeHarbour.js

@@ -38,7 +38,7 @@ async function getFlags({ person, profileObjects, realVers, getSchema, }) {
         }));
     })))
         .filter(v => v.status === types_1.POVerification.FullyVerified)
-        .flatMap(v => v.details.map(verProvider => realVers.find(ver => ver.belongsToNId === v.nId &&
+        .flatMap(v => v.details.verifiers.map(verProvider => realVers.find(ver => ver.belongsToNId === v.nId &&
         ver.provider.dataSourceNId === verProvider.dataSourceNId)))
         .filter((x) => !!x);
     // in case there are somehow duplicates (see #922)
@@ -67,7 +67,7 @@ exports.safeHarbourRequirementsMet = safeHarbourRequirementsMet;
 /**
  * The Safe Harbour Score indidicates whether a person's identity has been verified
  * to the extent requried for Safe Harbour Compliance. This requires multiple verifications
- * from different sources. For infomation, refer to the
+ * from different sources. For information, refer to the
  * {@link https://dev-docs.rayt.io/docs/features/pep-checks Raytio Documentation}.
  */
 const calcSafeHarbourScore = (data) => getFlags(data).then(safeHarbourRequirementsMet);

package/dist/verifications/verifyCheck/getOwnRealVerifications.d.ts

@@ -0,0 +1,13 @@
+import { ProfileObject, Verification, RealVer, UId } from "@raytio/types";
+/**
+ * Given a list of verifications and decrypted profile objects, this function
+ * locally verifies the credibility of the signatures in the verifications.
+ *
+ * This function does NOT call the API, except to fetch the public key.
+ * @returns a list of authentic RealVer
+ */
+export declare const getOwnRealVerifications: ({ verifications, profileObjects, userId, }: {
+    verifications: Verification[];
+    profileObjects: ProfileObject[];
+    userId: UId;
+}) => Promise<RealVer[]>;

package/dist/verifications/verifyCheck/getOwnRealVerifications.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getOwnRealVerifications = void 0;
+const maybeRereference_1 = require("../maybeRereference");
+const operations_1 = require("./operations");
+/**
+ * Given a list of verifications and decrypted profile objects, this function
+ * locally verifies the credibility of the signatures in the verifications.
+ *
+ * This function does NOT call the API, except to fetch the public key.
+ * @returns a list of authentic RealVer
+ */
+const getOwnRealVerifications = async ({ verifications, profileObjects, userId, }) => {
+    const realVers = [];
+    // this code is deliberaly written using for-loops instead of Promise.all,
+    // because attempting hundreds of webcrypto operations simultaneously will
+    // probably upset some heritage web browser.
+    for (const ver of verifications) {
+        for (const { data, signature } of ver.properties.verifications) {
+            const sourcePO = profileObjects.find(PO => PO.n_id === data.source_n_id);
+            if (!sourcePO)
+                continue;
+            const value = sourcePO.properties[data.field];
+            if (!value)
+                continue;
+            /**
+             * this does NOT mean that the data is correct. It means the
+             * verification is genuinely signed by raytio, but the data
+             * might be bogus (i.e. `passed: false`)
+             */
+            const isGenuine = await (0, operations_1.checkOwnVerification)({
+                verObject: data,
+                userId,
+                value: (0, maybeRereference_1.maybeRereference)(value),
+                signature,
+            });
+            if (!isGenuine)
+                continue;
+            // a "RealVer" is what the client likes to deal with,
+            // rather than the "VerificationPayload" which is stored on the API.
+            // eslint-disable-next-line fp/no-mutating-methods
+            realVers.push({
+                fieldName: data.field,
+                value,
+                provider: {
+                    dataSourceNId: data.verifier_source_id,
+                    serviceProviderNId: data.verifier_service_id,
+                    verifierNId: data.verifier_id,
+                    date: new Date(`${data.verification_date}Z`), // the api returns invalid dates (missing the `Z`)
+                },
+                expired: data.valid_until ? new Date(data.valid_until) : false,
+                metadata: data.metadata,
+                xId: data.request_div,
+                signature,
+                verified: data.passed,
+                nID: ver.n_id,
+                belongsToNId: data.source_n_id,
+            });
+        }
+    }
+    return realVers;
+};
+exports.getOwnRealVerifications = getOwnRealVerifications;

package/dist/verifications/{getRealVerifications.d.ts → verifyCheck/getSomeoneElsesRealVerifications.d.ts}

@@ -1,5 +1,6 @@
-import { ProfileObject, Verification, RealVer } from "@raytio/types";
+import { ProfileObject, Verification, RealVer, AId } from "@raytio/types";
 declare type Props = {
+    aId: AId;
     apiUrl: string;
     verifications: Verification[];
     profileObjects: ProfileObject[];
@@ -16,7 +17,10 @@ declare type Props = {
  * Given a list of verifications and decrypted profile objects, this function calls
  * the Raytio API to verify the credibility of these verifications, returning only valid
  * verifications.
+ *
+ * ❗ prefer `getOwnRealVerifications` if the data to be verified belongs to the current user.
+ *
  * @returns a list of fileNames/values that are verified.
  */
-export declare const getRealVerifications: ({ apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }: Props) => Promise<RealVer[]>;
+export declare const getSomeoneElsesRealVerifications: ({ aId, apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }: Props) => Promise<RealVer[]>;
 export {};