@raytio/core 8.1.0 → 9.0.0

package/dist/verifications/{getRealVerifications.js → verifyCheck/getSomeoneElsesRealVerifications.js}

@@ -1,29 +1,35 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getRealVerifications = void 0;
+exports.getSomeoneElsesRealVerifications = void 0;
 const ramda_1 = require("ramda");
-const crypto_1 = require("../crypto");
-const checkVerifications_1 = require("./checkVerifications");
-const maybeRereference_1 = require("./maybeRereference");
-const getValuesForAField = (fieldName) => (0, ramda_1.pipe)((0, ramda_1.map)(x => { var _a; return (_a = x.properties) === null || _a === void 0 ? void 0 : _a[fieldName]; }), (0, ramda_1.filter)(x => !!x), // truthy only
-(0, ramda_1.reject)(crypto_1.isEncrypted), // ignore encrypted properties. this function will be called again once they're decrypted
-ramda_1.uniq);
+const operations_1 = require("./operations");
+const maybeRereference_1 = require("../maybeRereference");
+const crypto_1 = require("../../crypto");
+const getValuesForAField = (fieldName, POs) => (0, ramda_1.uniq)(
+// truthy only, and ignore encrypted properties. this function will be called again once they're decrypted
+POs.map(x => { var _a; return (_a = x.properties) === null || _a === void 0 ? void 0 : _a[fieldName]; }).filter(x => !!x && !(0, crypto_1.isEncrypted)(x)));
 /**
  * Given a list of verifications and decrypted profile objects, this function calls
  * the Raytio API to verify the credibility of these verifications, returning only valid
  * verifications.
+ *
+ * ❗ prefer `getOwnRealVerifications` if the data to be verified belongs to the current user.
+ *
  * @returns a list of fileNames/values that are verified.
  */
-const getRealVerifications = async ({ apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }) => {
+const getSomeoneElsesRealVerifications = async ({ aId, apiUrl, verifications, profileObjects, controller, UNSAFE_treatNoValueAsVerified, }) => {
     // for each verification (including passed: false), create a list of every possible that
     // value that that verification might have been for. Flatten the list
     // and send the whole thing to the API.
     const toVerify = verifications.flatMap(ver => {
-        const values = getValuesForAField(ver.properties.field)(profileObjects);
+        const values = getValuesForAField(ver.properties.field, profileObjects);
         return values.flatMap(value => ver.properties.verifications.map(({ signature }) => ({
             verifications: [
                 Object.assign({ signature }, (ver.n_id.startsWith("HASHED::")
-                    ? { hashed_n_id: ver.n_id.slice(8) }
+                    ? {
+                        hashed_n_id: ver.n_id.split("::")[1],
+                        a_id: ver.n_id.split("::")[2],
+                    }
                     : { n_id: ver.n_id })),
             ],
             data_to_verify: [{ value: (0, maybeRereference_1.maybeRereference)(value) }],
@@ -32,19 +38,21 @@ const getRealVerifications = async ({ apiUrl, verifications, profileObjects, con
     // the API can't cope with an empty array
     if (!toVerify.length)
         return [];
-    const apiResponse = await (0, checkVerifications_1.checkVerifications)({
+    const apiResponse = await (0, operations_1.checkSomeoneElsesVerifications)({
         apiUrl,
         toVerify,
         controller,
     });
     // do NOT expose the `verified` prop from the /verify_check API to avoid semantic confusion,
     // since verified: true does not mean that the verification is verified!
-    const realVers = (0, ramda_1.pipe)((0, ramda_1.filter)(x => x.verified ||
+    const realVers = apiResponse
+        .filter(x => x.verified ||
         // if UNSAFE_treatNoValueAsVerified is enabled, and we don't know the value of this field,
         // treat is as verified if the `passed` property is true (this is NOT a safe check).
         (!!UNSAFE_treatNoValueAsVerified &&
             x.data.value === UNSAFE_treatNoValueAsVerified &&
-            x.data.passed)), (0, ramda_1.map)(({ signature, data, n_id: nID, valid_until }) => ({
+            x.data.passed))
+        .map(({ signature, data, n_id: nID, valid_until }) => ({
         fieldName: data.field,
         value: data.value,
         provider: {
@@ -59,8 +67,10 @@ const getRealVerifications = async ({ apiUrl, verifications, profileObjects, con
         signature,
         verified: data.passed,
         nID,
-        belongsToNId: data.source_n_id,
-    })))(apiResponse);
+        belongsToNId: data.source_hashed_n_id
+            ? `HASHED::${data.source_hashed_n_id}::${aId}`
+            : data.source_n_id,
+    }));
     return realVers;
 };
-exports.getRealVerifications = getRealVerifications;
+exports.getSomeoneElsesRealVerifications = getSomeoneElsesRealVerifications;

package/dist/verifications/verifyCheck/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./getOwnRealVerifications";
+export * from "./getSomeoneElsesRealVerifications";

package/dist/verifications/verifyCheck/index.js

@@ -0,0 +1,14 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./getOwnRealVerifications"), exports);
+__exportStar(require("./getSomeoneElsesRealVerifications"), exports);

package/dist/verifications/verifyCheck/operations/checkOwnVerification.d.ts

@@ -0,0 +1,9 @@
+import { UId, VerificationPayload } from "@raytio/types";
+declare type SingleVerToCheck = {
+    verObject: VerificationPayload<false>;
+    signature: string;
+    userId: UId;
+    value: unknown;
+};
+export declare const checkOwnVerification: ({ verObject, signature, userId, value, }: SingleVerToCheck) => Promise<boolean>;
+export {};

package/dist/verifications/verifyCheck/operations/checkOwnVerification.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkOwnVerification = exports.checkSignature = void 0;
+const util_1 = require("../../../util");
+let cache; // eslint-disable-line fp/no-let
+const base64ToArrayBuffer = (str) => Uint8Array.from(atob(str), c => c.charCodeAt(0));
+async function getJwk() {
+    // eslint-disable-next-line fp/no-mutation
+    cache || (cache = fetch("https://api-docs.rayt.io/lookups/raytio.pem")
+        .then(r => r.text())
+        .then(pem => crypto.subtle.importKey("spki", base64ToArrayBuffer(pem.split("-----")[2].trim()), { name: "RSA-PSS", hash: "SHA-512" }, false, ["verify"])));
+    return cache;
+}
+/** @internal exported only for tests */
+async function checkSignature(publicCryptoKey, signature, data) {
+    // the logic must match https://gitlab.com/raytio/mono/-/blob/devo/common/signing/signing/sign.py
+    const signatureBuf = base64ToArrayBuffer(signature);
+    const isVerified = await crypto.subtle.verify({ name: "RSA-PSS", hash: "SHA-512", saltLength: 512 / 8 }, publicCryptoKey, signatureBuf, new TextEncoder().encode(data));
+    return isVerified;
+}
+exports.checkSignature = checkSignature;
+const checkOwnVerification = async ({ verObject, signature, userId, value, }) => {
+    const jwk = await getJwk();
+    if (!userId)
+        throw new Error("No userId supplied");
+    const exapandedObject = Object.assign(Object.assign({}, verObject), { sub: userId, value });
+    const stringified = (0, util_1.canonicalJsonify)(exapandedObject);
+    const result = await checkSignature(jwk, signature, stringified);
+    return result;
+};
+exports.checkOwnVerification = checkOwnVerification;

package/dist/verifications/verifyCheck/operations/checkSomeoneElsesVerifications.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/verifications/{checkVerifications.js → verifyCheck/operations/checkSomeoneElsesVerifications.js}

@@ -1,9 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.checkVerifications = void 0;
-const util_1 = require("../util");
+exports.checkSomeoneElsesVerifications = void 0;
+const util_1 = require("../../../util");
 /** @internal */
-const checkVerifications = async ({ apiUrl, toVerify, controller, }) => {
+const checkSomeoneElsesVerifications = async ({ apiUrl, toVerify, controller, }) => {
     const response = await fetch(`${apiUrl}/extract_verify/v2/verify_check`, {
         method: "POST",
         body: JSON.stringify(toVerify),
@@ -13,4 +13,4 @@ const checkVerifications = async ({ apiUrl, toVerify, controller, }) => {
     // extra `m` items are garbage and don't have the verified field.
     return response.filter(ver => "verified" in ver);
 };
-exports.checkVerifications = checkVerifications;
+exports.checkSomeoneElsesVerifications = checkSomeoneElsesVerifications;

package/dist/verifications/verifyCheck/operations/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./checkOwnVerification";
+export * from "./checkSomeoneElsesVerifications";

package/dist/verifications/verifyCheck/operations/index.js

@@ -0,0 +1,14 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./checkOwnVerification"), exports);
+__exportStar(require("./checkSomeoneElsesVerifications"), exports);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@raytio/core",
-  "version": "8.1.0",
+  "version": "9.0.0",
   "license": "MIT",
   "main": "index",
   "types": "index",
@@ -15,22 +15,22 @@
     "test": "jest"
   },
   "dependencies": {
-    "@raytio/maxcryptor": "3.0.1",
-    "@raytio/types": "5.2.0",
-    "ramda": "0.27.1"
+    "@raytio/maxcryptor": "3.1.0",
+    "@raytio/types": "5.2.1",
+    "ramda": "0.28.0"
   },
   "devDependencies": {
-    "@types/ramda": "0.27.44",
-    "jest": "27.1.0",
+    "@types/ramda": "0.27.64",
+    "jest": "27.4.7",
     "localstorage-polyfill": "1.0.1",
-    "ts-jest": "27.0.5"
+    "ts-jest": "27.1.3"
   },
   "jest": {
     "transform": {
       "^.+\\.(t|j)sx?$": "ts-jest"
     },
     "testEnvironment": "node",
-    "collectCoverage": true,
+    "collectCoverage": false,
     "coverageThreshold": {
       "global": {
         "statements": 100