@raytio/core 8.1.1 → 9.0.1

package/README.md

@@ -10,109 +10,465 @@ Nodejs does not support [fetch](https://developer.mozilla.org/en-US/docs/Web/API
 
 If you use the high-level [`@raytio/decrypt-helper`](https://npm.im/@raytio/decrypt-helper) module, you don't need to worry about this.
 
-If you wish to use `@raytio/core` directly, an example of configuring polyfills for nodejs is availble [here](https://gitlab.com/raytio/tools/decrypt-helper/-/blob/master/src/configureEnv.ts)
+If you wish to use `@raytio/core` directly, an example of configuring polyfills for nodejs is availble [here](https://gitlab.com/raytio/tools/decrypt-helper/-/blob/main/src/configureEnv.ts)
 
 # API
 
 ## Table of contents
 
-### References
+### Type aliases
 
 - [SafeHarbourObj](#safeharbourobj)
+- [SafeHarbourResult](#safeharbourresult)
+
+### Functions
+
 - [calcSafeHarbourScore](#calcsafeharbourscore)
+- [calculateScore](#calculatescore)
+- [cleanInstance](#cleaninstance)
+- [convertInstanceToRuleInput](#convertinstancetoruleinput)
 - [createAA](#createaa)
 - [decryptSharedData](#decryptshareddata)
 - [findSchemaLabel](#findschemalabel)
 - [fromCognitoAttributes](#fromcognitoattributes)
 - [getAADecryptor](#getaadecryptor)
+- [getOwnRealVerifications](#getownrealverifications)
 - [getPOVerification](#getpoverification)
-- [getRealVerifications](#getrealverifications)
+- [getSomeoneElsesRealVerifications](#getsomeoneelsesrealverifications)
 - [hashPassword](#hashpassword)
+- [isConditionMet](#isconditionmet)
 - [isEncrypted](#isencrypted)
 - [isEncryptedFile](#isencryptedfile)
 - [someEncrypted](#someencrypted)
 - [toCognitoAttributes](#tocognitoattributes)
 
-## References
+## Type aliases
 
 ### SafeHarbourObj
 
-Re-exports: [SafeHarbourObj](verifications_safeharbour.md#safeharbourobj)
+Ƭ **SafeHarbourObj**: `Partial`<`Record`<`SafeHarbourCode`, `string`[]\>\>
+
+an object listing the `xId`s for each SafeHarbourCode
 
 ___
 
+### SafeHarbourResult
+
+Ƭ **SafeHarbourResult**: `Object`
+
+the response from [calcSafeHarbourScore](#calcsafeharbourscore)
+
+#### Type declaration
+
+| Name | Type |
+| :------ | :------ |
+| `flags` | [`SafeHarbourObj`](#safeharbourobj) |
+| `isSafe` | `boolean` |
+
+## Functions
+
 ### calcSafeHarbourScore
 
-Re-exports: [calcSafeHarbourScore](verifications_safeharbour.md#calcsafeharbourscore)
+▸ `Const` **calcSafeHarbourScore**(`data`): `Promise`<[`SafeHarbourResult`](#safeharbourresult)\>
+
+The Safe Harbour Score indidicates whether a person's identity has been verified
+to the extent requried for Safe Harbour Compliance. This requires multiple verifications
+from different sources. For information, refer to the
+[Raytio Documentation](https://dev-docs.rayt.io/docs/features/pep-checks).
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `data` | `Object` |
+| `data.person` | `ProfileObject`<`Json`\> |
+| `data.profileObjects` | `ProfileObject`<`Json`\>[] |
+| `data.realVers` | `RealVer`[] |
+| `data.getSchema` | (`schemaName`: `string`) => `Promise`<`Schema`\> |
+
+#### Returns
+
+`Promise`<[`SafeHarbourResult`](#safeharbourresult)\>
+
+___
+
+### calculateScore
+
+▸ **calculateScore**(`ruleConfig`, `ruleInput`): `ScoreResult`
+
+the main function to calculate a score and category.
+Might throw an error.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `ruleConfig` | `ScoreConfig` |
+| `ruleInput` | `RuleData` |
+
+#### Returns
+
+`ScoreResult`
+
+___
+
+### cleanInstance
+
+▸ **cleanInstance**(`instance`): `Instance`
+
+The API response from share/v2/access_application/instance/:iId
+returns a complicated hashed_n_id format, so you need to clean up
+the API response using this function as soon as possible.
+
+We relace `hashed_n_id`s with a string `HASHED::{NId}::{AId}`
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `instance` | `Instance` |
+
+#### Returns
+
+`Instance`
+
+___
+
+### convertInstanceToRuleInput
+
+▸ `Const` **convertInstanceToRuleInput**(`instance`, `realVers`, `getSchema`): `Promise`<`RuleData`\>
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `instance` | `Instance` |
+| `realVers` | `RealVer`[] |
+| `getSchema` | (`schemaName`: `string`) => `Promise`<`Schema`\> |
+
+#### Returns
+
+`Promise`<`RuleData`\>
 
 ___
 
 ### createAA
 
-Re-exports: [createAA](accessapplication_createaa.md#createaa)
+▸ **createAA**(`__namedParameters`): `Promise`<`AA`\>
+
+Creates an Access Application and associated public+private keys.
+
+The user must be part of an organization, and you need to include the `orgId`.
+
+You must also supply an apiToken and an instance of the maxcryptor for that user,
+as well as the `userDoc` data which is stored in the user's cognito attributes.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Object` |
+| `__namedParameters.apiToken` | `string` |
+| `__namedParameters.apiUrl` | `string` |
+| `__namedParameters.application` | `Omit`<`AA`, ``"a_id"``\> |
+| `__namedParameters.maxcryptor` | `DataEncryptorI` |
+| `__namedParameters.userDoc` | `UserDoc` |
+
+#### Returns
+
+`Promise`<`AA`\>
 
 ___
 
 ### decryptSharedData
 
-Re-exports: [decryptSharedData](crypto_decryptshareddata.md#decryptshareddata)
+▸ `Const` **decryptSharedData**(`__namedParameters`): `Promise`<`Object`\>
+
+Decrypts any encrypted properties included in the supplied `instanceData`.
+If nothing is encrypted the supplied `instanceData` is returned.
+
+It will reject if there are keys missing for any encrypted properties, or
+if the encrypted data is invalid. If you don't want it to reject, you can
+supply a `onCorruptedData` function which returns a value to use instead.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Object` |
+| `__namedParameters.apiToken` | `string` |
+| `__namedParameters.apiUrl` | `string` |
+| `__namedParameters.instanceData` | `Instance` |
+| `__namedParameters.maxcryptor` | `DataEncryptorI` |
+| `__namedParameters.onCorruptedData?` | (`fieldName`: `string`, `fieldValue`: `Encrypted`<`string`\>, `error`: `Error`) => `any` |
+
+#### Returns
+
+`Promise`<`Object`\>
+
+a copy of `instanceData` with all properties decrypted.
 
 ___
 
 ### findSchemaLabel
 
-Re-exports: [findSchemaLabel](schema_labels.md#findschemalabel)
+▸ `Const` **findSchemaLabel**(`labels`): `undefined` \| `string`
+
+Finds the label (on a profile object) which is the schema name
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `labels` | `undefined` \| `string`[] |
+
+#### Returns
+
+`undefined` \| `string`
 
 ___
 
 ### fromCognitoAttributes
 
-Re-exports: [fromCognitoAttributes](crypto_cognitoattributes.md#fromcognitoattributes)
+▸ `Const` **fromCognitoAttributes**(`attributes`): `UserDoc`
+
+This function converts Cognito's userAttributes into a maxcryptor UserDoc.
+The userAttributes come from `const attributes = await Auth.userAttributes(user)`
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `attributes` | `ICognitoUserAttributeData`[] |
+
+#### Returns
+
+`UserDoc`
 
 ___
 
 ### getAADecryptor
 
-Re-exports: [getAADecryptor](crypto_getaadecryptor.md#getaadecryptor)
+▸ **getAADecryptor**(`__namedParameters`): `Promise`<`Object`\>
+
+Fetchs the public and private keys for an Access Application, then initializes
+the [Maxcryptor](https://npm.im/@raytio/maxcryptor)'s `ApplicationEncryptor`.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Arg` |
+
+#### Returns
+
+`Promise`<`Object`\>
+
+an `ApplicationEncryptor` and the public key of the Access Application
+
+___
+
+### getOwnRealVerifications
+
+▸ `Const` **getOwnRealVerifications**(`__namedParameters`): `Promise`<`RealVer`[]\>
+
+Given a list of verifications and decrypted profile objects, this function
+locally verifies the credibility of the signatures in the verifications.
+
+This function does NOT call the API, except to fetch the public key.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Object` |
+| `__namedParameters.profileObjects` | `ProfileObject`<`Json`\>[] |
+| `__namedParameters.userId` | `UId` |
+| `__namedParameters.verifications` | `Verification`<``false``\>[] |
+
+#### Returns
+
+`Promise`<`RealVer`[]\>
+
+a list of authentic RealVer
 
 ___
 
 ### getPOVerification
 
-Re-exports: [getPOVerification](verifications_getpoverification.md#getpoverification)
+▸ **getPOVerification**(`__namedParameters`): `Object`
+
+Determines the verification status of a profile object, and its individual fields.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Object` |
+| `__namedParameters.PO` | `ProfileObject`<`Json`\> \| `ProfileObjectForUpload`<`Json`\> |
+| `__namedParameters.realVers` | `RealVer`[] |
+| `__namedParameters.schema` | `Schema` |
+
+#### Returns
+
+`Object`
+
+| Name | Type |
+| :------ | :------ |
+| `details` | `Object` |
+| `details.sourceNId?` | `NId` |
+| `details.verifiers` | `VerificationProvider`[] |
+| `fieldVerifications` | `Record`<`string`, `FieldVerification`\> |
+| `status` | `POVerification` |
 
 ___
 
-### getRealVerifications
+### getSomeoneElsesRealVerifications
+
+▸ `Const` **getSomeoneElsesRealVerifications**(`__namedParameters`): `Promise`<`RealVer`[]\>
+
+Given a list of verifications and decrypted profile objects, this function calls
+the Raytio API to verify the credibility of these verifications, returning only valid
+verifications.
+
+❗ prefer `getOwnRealVerifications` if the data to be verified belongs to the current user.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `__namedParameters` | `Props` |
 
-Re-exports: [getRealVerifications](verifications_getrealverifications.md#getrealverifications)
+#### Returns
+
+`Promise`<`RealVer`[]\>
+
+a list of fileNames/values that are verified.
 
 ___
 
 ### hashPassword
 
-Re-exports: [hashPassword](general_password.md#hashpassword)
+▸ **hashPassword**(`password`): `Promise`<`string`\>
+
+AWS Cognito never gets the raw password. We send them
+a hashed verison using PBKDF2 with SHA-256 and 10,000
+iterations.
+
+#### Parameters
+
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `password` | `string` | The raw password |
+
+#### Returns
+
+`Promise`<`string`\>
+
+Promise resolving to the hashed password
+
+___
+
+### isConditionMet
+
+▸ `Const` **isConditionMet**(`condition`, `formValues`): `boolean`
+
+Checks all other form values in case any have a
+trigger value that makes this field requirted.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `condition` | `Record`<`string`, `ConditionValue`[]\> |
+| `formValues` | `Record`<`string`, `unknown`\> |
+
+#### Returns
+
+`boolean`
 
 ___
 
 ### isEncrypted
 
-Re-exports: [isEncrypted](crypto_helpers.md#isencrypted)
+▸ `Const` **isEncrypted**(`value`): value is Encrypted<string\>
+
+Determines where the input is an encrypted Raytio object
+
+#### Parameters
+
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `value` | `unknown` | anything |
+
+#### Returns
+
+value is Encrypted<string\>
+
+true or false depending on whether the input is an encrypted Raytio object
 
 ___
 
 ### isEncryptedFile
 
-Re-exports: [isEncryptedFile](crypto_helpers.md#isencryptedfile)
+▸ `Const` **isEncryptedFile**(`value`): value is Encrypted<string\>
+
+Determines where the input is an encrypted Raytio file
+
+#### Parameters
+
+| Name | Type | Description |
+| :------ | :------ | :------ |
+| `value` | `unknown` | anything |
+
+#### Returns
+
+value is Encrypted<string\>
+
+true or false depending on whether the input is an encrypted Raytio file
 
 ___
 
 ### someEncrypted
 
-Re-exports: [someEncrypted](crypto_helpers.md#someencrypted)
+▸ `Const` **someEncrypted**<`T`, `K`\>(...`args`): `number`
+
+Given a profile object's properties, returns the number
+of properties that are encryted.
+
+#### Type parameters
+
+| Name | Type |
+| :------ | :------ |
+| `T` | extends `object` |
+| `K` | extends `string` \| `number` \| `symbol` |
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `...args` | [obj: T] |
+
+#### Returns
+
+`number`
 
 ___
 
 ### toCognitoAttributes
 
-Re-exports: [toCognitoAttributes](crypto_cognitoattributes.md#tocognitoattributes)
+▸ `Const` **toCognitoAttributes**(`userDoc`): `Object`
+
+Given a `UserDoc` from the maxcryptor, this returns an object
+which you can provide to `Auth.updateUserAttributes()`. It is
+an object of stringified Json.
+
+#### Parameters
+
+| Name | Type |
+| :------ | :------ |
+| `userDoc` | `UserDoc` |
+
+#### Returns
+
+`Object`

package/dist/accessApplication/createAA.d.ts

@@ -1,17 +1,17 @@
-import type { Maxcryptor, UserDoc } from "@raytio/maxcryptor";
-import type { AA } from "@raytio/types";
-/**
- * Creates an Access Application and associated public+private keys.
- *
- * The user must be part of an organization, and you need to include the `orgId`.
- *
- * You must also supply an apiToken and an instance of the maxcryptor for that user,
- * as well as the `userDoc` data which is stored in the user's cognito attributes.
- */
-export declare function createAA({ apiUrl, apiToken, userDoc, maxcryptor, application, }: {
-    apiUrl: string;
-    apiToken: string;
-    application: Omit<AA, "a_id">;
-    userDoc: UserDoc;
-    maxcryptor: Maxcryptor;
-}): Promise<AA>;
+import type { Maxcryptor, UserDoc } from "@raytio/maxcryptor";
+import type { AA } from "@raytio/types";
+/**
+ * Creates an Access Application and associated public+private keys.
+ *
+ * The user must be part of an organization, and you need to include the `orgId`.
+ *
+ * You must also supply an apiToken and an instance of the maxcryptor for that user,
+ * as well as the `userDoc` data which is stored in the user's cognito attributes.
+ */
+export declare function createAA({ apiUrl, apiToken, userDoc, maxcryptor, application, }: {
+    apiUrl: string;
+    apiToken: string;
+    application: Omit<AA, "a_id">;
+    userDoc: UserDoc;
+    maxcryptor: Maxcryptor;
+}): Promise<AA>;

package/dist/accessApplication/createAA.js

@@ -1,72 +1,71 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAA = void 0;
-const util_1 = require("../util");
-/** @internal */
-const createApplication = ({ apiUrl, apiToken, application, }) => fetch(`${apiUrl}/share/v2/access_application`, {
-    method: "POST",
-    body: JSON.stringify(application),
-    headers: { Authorization: `Bearer ${apiToken}` },
-}).then(util_1.handleResponse);
-/** @internal */
-const createApplicationPublicKey = async ({ apiUrl, apiToken, aId, publicKey, }) => {
-    const PO = await fetch(`${apiUrl}/share/v2/access_application/${aId}/public_key`, {
-        method: "POST",
-        body: JSON.stringify({ a_id: aId, key: publicKey }),
-        headers: { Authorization: `Bearer ${apiToken}` },
-    }).then(util_1.handleResponse);
-    return { publicKeyNId: PO.n_id };
-};
-/** @internal */
-const createApplicationEncryptedPrivateKey = ({ apiUrl, apiToken, publicKeyNId, encryptedPrivateKey, }) => fetch(`${apiUrl}/share/v2/access_application/public_key/${publicKeyNId}/private_key`, {
-    method: "POST",
-    body: JSON.stringify({ n_id: publicKeyNId, key: encryptedPrivateKey }),
-    headers: { Authorization: `Bearer ${apiToken}` },
-}).then(util_1.handleResponse);
-/** @internal */
-async function createApplicationEncryptor(userDoc, maxcryptor) {
-    const applicationEncryptor = await maxcryptor.createApplicationEncryptor();
-    // The exported public key should be available for everyone
-    const publicKey = await applicationEncryptor.exportPublicKey();
-    // Encrypt the private key for the current user
-    const encryptedPrivateKey = await applicationEncryptor.encryptPrivateKey(userDoc.encryption_key_pair.public_key);
-    return {
-        applicationEncryptor,
-        publicKey,
-        encryptedPrivateKey,
-    };
-}
-/**
- * Creates an Access Application and associated public+private keys.
- *
- * The user must be part of an organization, and you need to include the `orgId`.
- *
- * You must also supply an apiToken and an instance of the maxcryptor for that user,
- * as well as the `userDoc` data which is stored in the user's cognito attributes.
- */
-async function createAA({ apiUrl, apiToken, userDoc, maxcryptor, application, }) {
-    if (!application.org_id) {
-        // eslint-disable-next-line fp/no-throw
-        throw new Error("Cannot create an AA without an org_id");
-    }
-    const newApp = await createApplication({
-        apiUrl,
-        apiToken,
-        application,
-    });
-    const { publicKey, encryptedPrivateKey } = await createApplicationEncryptor(userDoc, maxcryptor);
-    const { publicKeyNId } = await createApplicationPublicKey({
-        apiUrl,
-        apiToken,
-        aId: newApp.a_id,
-        publicKey,
-    });
-    await createApplicationEncryptedPrivateKey({
-        apiUrl,
-        apiToken,
-        publicKeyNId,
-        encryptedPrivateKey,
-    });
-    return newApp;
-}
-exports.createAA = createAA;
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAA = void 0;
+const util_1 = require("../util");
+/** @internal */
+const createApplication = ({ apiUrl, apiToken, application, }) => fetch(`${apiUrl}/share/v2/access_application`, {
+    method: "POST",
+    body: JSON.stringify(application),
+    headers: { Authorization: `Bearer ${apiToken}` },
+}).then(util_1.handleResponse);
+/** @internal */
+const createApplicationPublicKey = async ({ apiUrl, apiToken, aId, publicKey, }) => {
+    const PO = await fetch(`${apiUrl}/share/v2/access_application/${aId}/public_key`, {
+        method: "POST",
+        body: JSON.stringify({ a_id: aId, key: publicKey }),
+        headers: { Authorization: `Bearer ${apiToken}` },
+    }).then(util_1.handleResponse);
+    return { publicKeyNId: PO.n_id };
+};
+/** @internal */
+const createApplicationEncryptedPrivateKey = ({ apiUrl, apiToken, publicKeyNId, encryptedPrivateKey, }) => fetch(`${apiUrl}/share/v2/access_application/public_key/${publicKeyNId}/private_key`, {
+    method: "POST",
+    body: JSON.stringify({ n_id: publicKeyNId, key: encryptedPrivateKey }),
+    headers: { Authorization: `Bearer ${apiToken}` },
+}).then(util_1.handleResponse);
+/** @internal */
+async function createApplicationEncryptor(userDoc, maxcryptor) {
+    const applicationEncryptor = await maxcryptor.createApplicationEncryptor();
+    // The exported public key should be available for everyone
+    const publicKey = await applicationEncryptor.exportPublicKey();
+    // Encrypt the private key for the current user
+    const encryptedPrivateKey = await applicationEncryptor.encryptPrivateKey(userDoc.encryption_key_pair.public_key);
+    return {
+        applicationEncryptor,
+        publicKey,
+        encryptedPrivateKey,
+    };
+}
+/**
+ * Creates an Access Application and associated public+private keys.
+ *
+ * The user must be part of an organization, and you need to include the `orgId`.
+ *
+ * You must also supply an apiToken and an instance of the maxcryptor for that user,
+ * as well as the `userDoc` data which is stored in the user's cognito attributes.
+ */
+async function createAA({ apiUrl, apiToken, userDoc, maxcryptor, application, }) {
+    if (!application.org_id) {
+        throw new Error("Cannot create an AA without an org_id");
+    }
+    const newApp = await createApplication({
+        apiUrl,
+        apiToken,
+        application,
+    });
+    const { publicKey, encryptedPrivateKey } = await createApplicationEncryptor(userDoc, maxcryptor);
+    const { publicKeyNId } = await createApplicationPublicKey({
+        apiUrl,
+        apiToken,
+        aId: newApp.a_id,
+        publicKey,
+    });
+    await createApplicationEncryptedPrivateKey({
+        apiUrl,
+        apiToken,
+        publicKeyNId,
+        encryptedPrivateKey,
+    });
+    return newApp;
+}
+exports.createAA = createAA;

package/dist/accessApplication/index.d.ts

@@ -1 +1 @@
-export * from "./createAA";
+export * from "./createAA";

package/dist/accessApplication/index.js

@@ -1,13 +1,13 @@
-"use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __exportStar = (this && this.__exportStar) || function(m, exports) {
-    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-__exportStar(require("./createAA"), exports);
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./createAA"), exports);