@sphereon/ssi-sdk.data-store 0.38.1-next.3 → 0.40.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +210 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +210 -1
- package/dist/index.js.map +1 -1
- package/package.json +8 -8
- package/src/migrations/generic/20-AddUntrustedCredentialState.ts +66 -0
- package/src/migrations/generic/index.ts +2 -0
- package/src/migrations/postgres/1780000000011-AddUntrustedCredentialState.ts +28 -0
- package/src/migrations/sqlite/1780000000012-AddUntrustedCredentialState.ts +138 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sphereon/ssi-sdk.data-store",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.40.0",
|
|
4
4
|
"source": "src/index.ts",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|
|
@@ -28,12 +28,12 @@
|
|
|
28
28
|
"dependencies": {
|
|
29
29
|
"@sphereon/kmp-mdoc-core": "0.2.0-SNAPSHOT.26",
|
|
30
30
|
"@sphereon/pex": "5.0.0-unstable.28",
|
|
31
|
-
"@sphereon/ssi-sdk-ext.did-utils": "0.
|
|
32
|
-
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.
|
|
33
|
-
"@sphereon/ssi-sdk.agent-config": "0.
|
|
34
|
-
"@sphereon/ssi-sdk.core": "0.
|
|
35
|
-
"@sphereon/ssi-sdk.data-store-types": "0.
|
|
36
|
-
"@sphereon/ssi-types": "0.
|
|
31
|
+
"@sphereon/ssi-sdk-ext.did-utils": "0.40.0",
|
|
32
|
+
"@sphereon/ssi-sdk-ext.identifier-resolution": "0.40.0",
|
|
33
|
+
"@sphereon/ssi-sdk.agent-config": "0.40.0",
|
|
34
|
+
"@sphereon/ssi-sdk.core": "0.40.0",
|
|
35
|
+
"@sphereon/ssi-sdk.data-store-types": "0.40.0",
|
|
36
|
+
"@sphereon/ssi-types": "0.40.0",
|
|
37
37
|
"@veramo/core": "4.2.0",
|
|
38
38
|
"@veramo/data-store": "4.2.0",
|
|
39
39
|
"@veramo/utils": "4.2.0",
|
|
@@ -67,5 +67,5 @@
|
|
|
67
67
|
"PostgreSQL",
|
|
68
68
|
"Contact Store"
|
|
69
69
|
],
|
|
70
|
-
"gitHead": "
|
|
70
|
+
"gitHead": "6e7254a91be198632e878a3485acfe59804c7f1d"
|
|
71
71
|
}
|
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import Debug, { Debugger } from 'debug'
|
|
2
|
+
import { DatabaseType, MigrationInterface, QueryRunner } from 'typeorm'
|
|
3
|
+
import { AddUntrustedCredentialState1780000000011 } from '../postgres/1780000000011-AddUntrustedCredentialState'
|
|
4
|
+
import { AddUntrustedCredentialState1780000000012 } from '../sqlite/1780000000012-AddUntrustedCredentialState'
|
|
5
|
+
|
|
6
|
+
const debug: Debugger = Debug('sphereon:ssi-sdk:migrations')
|
|
7
|
+
|
|
8
|
+
export class AddUntrustedCredentialState1780000000010 implements MigrationInterface {
|
|
9
|
+
name: string = 'AddUntrustedCredentialState1780000000010'
|
|
10
|
+
|
|
11
|
+
public async up(queryRunner: QueryRunner): Promise<void> {
|
|
12
|
+
debug('migration: widening DigitalCredential verified_state to include UNTRUSTED')
|
|
13
|
+
const dbType: DatabaseType = queryRunner.connection.driver.options.type
|
|
14
|
+
|
|
15
|
+
switch (dbType) {
|
|
16
|
+
case 'postgres': {
|
|
17
|
+
debug('using postgres migration file for AddUntrustedCredentialState')
|
|
18
|
+
const mig: AddUntrustedCredentialState1780000000011 = new AddUntrustedCredentialState1780000000011()
|
|
19
|
+
await mig.up(queryRunner)
|
|
20
|
+
debug('Postgres migration statements for AddUntrustedCredentialState executed')
|
|
21
|
+
return
|
|
22
|
+
}
|
|
23
|
+
case 'sqlite':
|
|
24
|
+
case 'expo':
|
|
25
|
+
case 'react-native': {
|
|
26
|
+
debug('using sqlite/react-native migration file for AddUntrustedCredentialState')
|
|
27
|
+
const mig: AddUntrustedCredentialState1780000000012 = new AddUntrustedCredentialState1780000000012()
|
|
28
|
+
await mig.up(queryRunner)
|
|
29
|
+
debug('SQLite migration statements for AddUntrustedCredentialState executed')
|
|
30
|
+
return
|
|
31
|
+
}
|
|
32
|
+
default:
|
|
33
|
+
return Promise.reject(
|
|
34
|
+
`Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddUntrustedCredentialState. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
|
|
35
|
+
)
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
public async down(queryRunner: QueryRunner): Promise<void> {
|
|
40
|
+
debug('migration: reverting DigitalCredential verified_state UNTRUSTED widening')
|
|
41
|
+
const dbType: DatabaseType = queryRunner.connection.driver.options.type
|
|
42
|
+
|
|
43
|
+
switch (dbType) {
|
|
44
|
+
case 'postgres': {
|
|
45
|
+
debug('using postgres migration file for AddUntrustedCredentialState')
|
|
46
|
+
const mig: AddUntrustedCredentialState1780000000011 = new AddUntrustedCredentialState1780000000011()
|
|
47
|
+
await mig.down(queryRunner)
|
|
48
|
+
debug('Postgres migration statements for AddUntrustedCredentialState reverted')
|
|
49
|
+
return
|
|
50
|
+
}
|
|
51
|
+
case 'sqlite':
|
|
52
|
+
case 'expo':
|
|
53
|
+
case 'react-native': {
|
|
54
|
+
debug('using sqlite/react-native migration file for AddUntrustedCredentialState')
|
|
55
|
+
const mig: AddUntrustedCredentialState1780000000012 = new AddUntrustedCredentialState1780000000012()
|
|
56
|
+
await mig.down(queryRunner)
|
|
57
|
+
debug('SQLite migration statements for AddUntrustedCredentialState reverted')
|
|
58
|
+
return
|
|
59
|
+
}
|
|
60
|
+
default:
|
|
61
|
+
return Promise.reject(
|
|
62
|
+
`Migrations are currently only supported for sqlite, react-native, expo, and postgres for AddUntrustedCredentialState. Was ${dbType}. Please run your database without migrations and with 'migrationsRun: false' and 'synchronize: true' for now`,
|
|
63
|
+
)
|
|
64
|
+
}
|
|
65
|
+
}
|
|
66
|
+
}
|
|
@@ -19,6 +19,7 @@ import { CreateContacts1708525189000 } from './8-CreateContacts'
|
|
|
19
19
|
import { CreateContacts1715761125000 } from './9-CreateContacts'
|
|
20
20
|
import { AddCredentialDesigns1773657426000 } from './18-AddCredentialDesigns'
|
|
21
21
|
import { AddCredentialStatusFields1780000000000 } from './19-AddCredentialStatusFields'
|
|
22
|
+
import { AddUntrustedCredentialState1780000000010 } from './20-AddUntrustedCredentialState'
|
|
22
23
|
|
|
23
24
|
/**
|
|
24
25
|
* The migrations array that SHOULD be used when initializing a TypeORM database connection.
|
|
@@ -53,6 +54,7 @@ export const DataStoreDigitalCredentialMigrations = [
|
|
|
53
54
|
CreateDigitalCredential1708525189000,
|
|
54
55
|
AddLinkedVpFields1763387280000,
|
|
55
56
|
AddCredentialStatusFields1780000000000,
|
|
57
|
+
AddUntrustedCredentialState1780000000010,
|
|
56
58
|
]
|
|
57
59
|
export const DataStoreMachineStateMigrations = [CreateMachineStateStore1708098041262]
|
|
58
60
|
export const DataStorePresentationDefinitionMigrations = [CreatePresentationDefinitions1716533767523, CreateDcqlQueryItem1726617600000]
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import { MigrationInterface, QueryRunner } from 'typeorm'
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Adds 'UNTRUSTED' to the digital_credential_state_type enum (a status list that could not be
|
|
5
|
+
* cryptographically trusted). Uses the transaction-safe recreate-type approach.
|
|
6
|
+
*/
|
|
7
|
+
export class AddUntrustedCredentialState1780000000011 implements MigrationInterface {
|
|
8
|
+
name = 'AddUntrustedCredentialState1780000000011'
|
|
9
|
+
|
|
10
|
+
public async up(queryRunner: QueryRunner): Promise<void> {
|
|
11
|
+
await queryRunner.query(`CREATE TYPE "digital_credential_state_type_v3" AS ENUM('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED', 'UNTRUSTED')`)
|
|
12
|
+
await queryRunner.query(
|
|
13
|
+
`ALTER TABLE "DigitalCredential" ALTER COLUMN "verified_state" TYPE "digital_credential_state_type_v3" USING "verified_state"::text::"digital_credential_state_type_v3"`,
|
|
14
|
+
)
|
|
15
|
+
await queryRunner.query(`DROP TYPE "digital_credential_state_type"`)
|
|
16
|
+
await queryRunner.query(`ALTER TYPE "digital_credential_state_type_v3" RENAME TO "digital_credential_state_type"`)
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
public async down(queryRunner: QueryRunner): Promise<void> {
|
|
20
|
+
await queryRunner.query(`UPDATE "DigitalCredential" SET "verified_state" = NULL WHERE "verified_state" = 'UNTRUSTED'`)
|
|
21
|
+
await queryRunner.query(`CREATE TYPE "digital_credential_state_type_old" AS ENUM('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED')`)
|
|
22
|
+
await queryRunner.query(
|
|
23
|
+
`ALTER TABLE "DigitalCredential" ALTER COLUMN "verified_state" TYPE "digital_credential_state_type_old" USING "verified_state"::text::"digital_credential_state_type_old"`,
|
|
24
|
+
)
|
|
25
|
+
await queryRunner.query(`DROP TYPE "digital_credential_state_type"`)
|
|
26
|
+
await queryRunner.query(`ALTER TYPE "digital_credential_state_type_old" RENAME TO "digital_credential_state_type"`)
|
|
27
|
+
}
|
|
28
|
+
}
|
|
@@ -0,0 +1,138 @@
|
|
|
1
|
+
import { MigrationInterface, QueryRunner } from 'typeorm'
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* Widens the DigitalCredential "verified_state" CHECK constraint to include 'UNTRUSTED' (a status list
|
|
5
|
+
* that could not be cryptographically trusted). SQLite cannot ALTER a CHECK constraint in place, so the
|
|
6
|
+
* table is rebuilt. Must run AFTER AddCredentialStatusFields (1780000000002), so the rebuilt schema
|
|
7
|
+
* includes 'SUSPENDED' and the status_last_checked_at column.
|
|
8
|
+
*/
|
|
9
|
+
export class AddUntrustedCredentialState1780000000012 implements MigrationInterface {
|
|
10
|
+
name = 'AddUntrustedCredentialState1780000000012'
|
|
11
|
+
|
|
12
|
+
public async up(queryRunner: QueryRunner): Promise<void> {
|
|
13
|
+
await queryRunner.query(`
|
|
14
|
+
CREATE TABLE "DigitalCredential_new" (
|
|
15
|
+
"id" varchar PRIMARY KEY NOT NULL,
|
|
16
|
+
"parent_id" text,
|
|
17
|
+
"document_type" varchar CHECK( "document_type" IN ('VC', 'VP', 'C', 'P') ) NOT NULL,
|
|
18
|
+
"regulation_type" varchar CHECK( "regulation_type" IN ('PID', 'QEAA', 'EAA', 'NON_REGULATED') ) NOT NULL DEFAULT 'NON_REGULATED',
|
|
19
|
+
"document_format" varchar CHECK( "document_format" IN ('JSON_LD', 'JWT', 'SD_JWT', 'MSO_MDOC') ) NOT NULL,
|
|
20
|
+
"credential_role" varchar CHECK( "credential_role" IN ('ISSUER', 'VERIFIER', 'HOLDER', 'FEDERATION_TRUST_ANCHOR') ) NOT NULL,
|
|
21
|
+
"raw_document" text NOT NULL,
|
|
22
|
+
"uniform_document" text NOT NULL,
|
|
23
|
+
"credential_id" text,
|
|
24
|
+
"hash" text NOT NULL,
|
|
25
|
+
"kms_key_ref" text,
|
|
26
|
+
"identifier_method" text,
|
|
27
|
+
"issuer_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ) NOT NULL,
|
|
28
|
+
"subject_correlation_type" varchar CHECK( "subject_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
|
|
29
|
+
"issuer_correlation_id" text NOT NULL,
|
|
30
|
+
"subject_correlation_id" text,
|
|
31
|
+
"issuer_signed" boolean,
|
|
32
|
+
"rp_correlation_id" text,
|
|
33
|
+
"rp_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
|
|
34
|
+
"verified_state" varchar CHECK( "verified_state" IN ('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED', 'UNTRUSTED') ),
|
|
35
|
+
"tenant_id" text,
|
|
36
|
+
"created_at" datetime NOT NULL DEFAULT (datetime('now')),
|
|
37
|
+
"last_updated_at" datetime NOT NULL DEFAULT (datetime('now')),
|
|
38
|
+
"presented_at" datetime,
|
|
39
|
+
"valid_from" datetime,
|
|
40
|
+
"valid_until" datetime,
|
|
41
|
+
"verified_at" datetime,
|
|
42
|
+
"revoked_at" datetime,
|
|
43
|
+
"linked_vp_id" text,
|
|
44
|
+
"linked_vp_from" datetime,
|
|
45
|
+
"linked_vp_until" datetime,
|
|
46
|
+
"status_last_checked_at" datetime,
|
|
47
|
+
UNIQUE ("hash", "credential_role")
|
|
48
|
+
)
|
|
49
|
+
`)
|
|
50
|
+
|
|
51
|
+
await queryRunner.query(`
|
|
52
|
+
INSERT INTO "DigitalCredential_new" (
|
|
53
|
+
"id","parent_id","document_type","regulation_type","document_format","credential_role",
|
|
54
|
+
"raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
|
|
55
|
+
"issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
|
|
56
|
+
"issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
|
|
57
|
+
"created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
|
|
58
|
+
"linked_vp_id","linked_vp_from","linked_vp_until","status_last_checked_at"
|
|
59
|
+
)
|
|
60
|
+
SELECT
|
|
61
|
+
"id","parent_id","document_type","regulation_type","document_format","credential_role",
|
|
62
|
+
"raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
|
|
63
|
+
"issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
|
|
64
|
+
"issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
|
|
65
|
+
"created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
|
|
66
|
+
"linked_vp_id","linked_vp_from","linked_vp_until","status_last_checked_at"
|
|
67
|
+
FROM "DigitalCredential"
|
|
68
|
+
`)
|
|
69
|
+
|
|
70
|
+
await queryRunner.query(`DROP TABLE "DigitalCredential"`)
|
|
71
|
+
await queryRunner.query(`ALTER TABLE "DigitalCredential_new" RENAME TO "DigitalCredential"`)
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
public async down(queryRunner: QueryRunner): Promise<void> {
|
|
75
|
+
// Collapse UNTRUSTED to NULL so the narrowed CHECK does not reject existing rows
|
|
76
|
+
await queryRunner.query(`UPDATE "DigitalCredential" SET "verified_state" = NULL WHERE "verified_state" = 'UNTRUSTED'`)
|
|
77
|
+
|
|
78
|
+
await queryRunner.query(`
|
|
79
|
+
CREATE TABLE "DigitalCredential_old" (
|
|
80
|
+
"id" varchar PRIMARY KEY NOT NULL,
|
|
81
|
+
"parent_id" text,
|
|
82
|
+
"document_type" varchar CHECK( "document_type" IN ('VC', 'VP', 'C', 'P') ) NOT NULL,
|
|
83
|
+
"regulation_type" varchar CHECK( "regulation_type" IN ('PID', 'QEAA', 'EAA', 'NON_REGULATED') ) NOT NULL DEFAULT 'NON_REGULATED',
|
|
84
|
+
"document_format" varchar CHECK( "document_format" IN ('JSON_LD', 'JWT', 'SD_JWT', 'MSO_MDOC') ) NOT NULL,
|
|
85
|
+
"credential_role" varchar CHECK( "credential_role" IN ('ISSUER', 'VERIFIER', 'HOLDER', 'FEDERATION_TRUST_ANCHOR') ) NOT NULL,
|
|
86
|
+
"raw_document" text NOT NULL,
|
|
87
|
+
"uniform_document" text NOT NULL,
|
|
88
|
+
"credential_id" text,
|
|
89
|
+
"hash" text NOT NULL,
|
|
90
|
+
"kms_key_ref" text,
|
|
91
|
+
"identifier_method" text,
|
|
92
|
+
"issuer_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ) NOT NULL,
|
|
93
|
+
"subject_correlation_type" varchar CHECK( "subject_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
|
|
94
|
+
"issuer_correlation_id" text NOT NULL,
|
|
95
|
+
"subject_correlation_id" text,
|
|
96
|
+
"issuer_signed" boolean,
|
|
97
|
+
"rp_correlation_id" text,
|
|
98
|
+
"rp_correlation_type" varchar CHECK( "issuer_correlation_type" IN ('DID', 'KID', 'URL', 'X509_SAN') ),
|
|
99
|
+
"verified_state" varchar CHECK( "verified_state" IN ('REVOKED', 'VERIFIED', 'EXPIRED', 'SUSPENDED') ),
|
|
100
|
+
"tenant_id" text,
|
|
101
|
+
"created_at" datetime NOT NULL DEFAULT (datetime('now')),
|
|
102
|
+
"last_updated_at" datetime NOT NULL DEFAULT (datetime('now')),
|
|
103
|
+
"presented_at" datetime,
|
|
104
|
+
"valid_from" datetime,
|
|
105
|
+
"valid_until" datetime,
|
|
106
|
+
"verified_at" datetime,
|
|
107
|
+
"revoked_at" datetime,
|
|
108
|
+
"linked_vp_id" text,
|
|
109
|
+
"linked_vp_from" datetime,
|
|
110
|
+
"linked_vp_until" datetime,
|
|
111
|
+
"status_last_checked_at" datetime,
|
|
112
|
+
UNIQUE ("hash", "credential_role")
|
|
113
|
+
)
|
|
114
|
+
`)
|
|
115
|
+
|
|
116
|
+
await queryRunner.query(`
|
|
117
|
+
INSERT INTO "DigitalCredential_old" (
|
|
118
|
+
"id","parent_id","document_type","regulation_type","document_format","credential_role",
|
|
119
|
+
"raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
|
|
120
|
+
"issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
|
|
121
|
+
"issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
|
|
122
|
+
"created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
|
|
123
|
+
"linked_vp_id","linked_vp_from","linked_vp_until","status_last_checked_at"
|
|
124
|
+
)
|
|
125
|
+
SELECT
|
|
126
|
+
"id","parent_id","document_type","regulation_type","document_format","credential_role",
|
|
127
|
+
"raw_document","uniform_document","credential_id","hash","kms_key_ref","identifier_method",
|
|
128
|
+
"issuer_correlation_type","subject_correlation_type","issuer_correlation_id","subject_correlation_id",
|
|
129
|
+
"issuer_signed","rp_correlation_id","rp_correlation_type","verified_state","tenant_id",
|
|
130
|
+
"created_at","last_updated_at","presented_at","valid_from","valid_until","verified_at","revoked_at",
|
|
131
|
+
"linked_vp_id","linked_vp_from","linked_vp_until","status_last_checked_at"
|
|
132
|
+
FROM "DigitalCredential"
|
|
133
|
+
`)
|
|
134
|
+
|
|
135
|
+
await queryRunner.query(`DROP TABLE "DigitalCredential"`)
|
|
136
|
+
await queryRunner.query(`ALTER TABLE "DigitalCredential_old" RENAME TO "DigitalCredential"`)
|
|
137
|
+
}
|
|
138
|
+
}
|