@sphereon/ssi-sdk.siopv2-oid4vp-rp-rest-api 0.34.1-feature.SSISDK.26.RP.58 → 0.34.1-feature.SSISDK.45.135

package/src/universal-oid4vp-api-functions.ts

@@ -0,0 +1,173 @@
+import { AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
+import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
+import { uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
+import { Request, Response, Router } from 'express'
+import uuid from 'short-uuid'
+import { validateData } from './middleware/validationMiddleware'
+import { CreateAuthorizationRequestBodySchema } from './schemas'
+import {
+  CreateAuthorizationRequest,
+  CreateAuthorizationRequestResponse,
+  CreateAuthorizationResponse,
+  DeleteAuthorizationRequest,
+  GetAuthorizationRequestStatus,
+  AuthStatusResponse,
+  ICreateAuthRequestWebappEndpointOpts,
+  IRequiredContext
+} from './types'
+
+export function createAuthRequestUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`createAuthRequest universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/requests'
+  router.post(path, checkAuth(opts?.endpoint), validateData(CreateAuthorizationRequestBodySchema), async (request: CreateAuthorizationRequest, response: CreateAuthorizationResponse) => {
+    try {
+      const correlationId = request.body.correlation_id ?? uuid.uuid()
+      const qrCodeOpts = request.body.qr_code ?? opts?.qrCodeOpts
+      const queryId = request.body.query_id
+      const directPostResponseRedirectUri = request.body.direct_post_response_redirect_uri // TODO Uri not URI
+      const requestUriBase = request.body.request_uri_base
+      const callback = request.body.callback
+
+      const definitionItems = await context.agent.pdmGetDefinitions({ filter: [{ definitionId: queryId }] })
+      if (definitionItems.length === 0) {
+          console.log(`No query could be found for the given id. Query id: ${queryId}`)
+          return sendErrorResponse(response, 404, { status: 404, message: 'No query could be found' })
+      }
+
+      const requestByReferenceURI = uriWithBase(`/siop/definitions/${queryId}/auth-requests/${correlationId}`, {
+        baseURI: requestUriBase ?? opts?.siopBaseURI,
+      })
+      const responseURI = uriWithBase(`/siop/definitions/${queryId}/auth-responses/${correlationId}`, { baseURI: opts?.siopBaseURI })
+
+      const authRequestURI = await context.agent.siopCreateAuthRequestURI({
+        queryId,
+        correlationId,
+        nonce: uuid.uuid(),
+        requestByReferenceURI,
+        responseURIType: 'response_uri',
+        responseURI,
+        ...(directPostResponseRedirectUri && { responseRedirectURI: directPostResponseRedirectUri }),
+        callback
+      })
+
+      let qrCodeDataUri: string | undefined
+      if (qrCodeOpts) {
+        const { AwesomeQR } = await import('awesome-qr')
+        const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
+        qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
+      }
+
+      const authRequestBody = {
+        query_id: queryId,
+        correlation_id: correlationId,
+        request_uri: authRequestURI,
+        status_uri: `${uriWithBase(opts?.webappAuthStatusPath ?? `/backend/auth/status/${correlationId}`, { baseURI: opts?.webappBaseURI })}`,
+        ...(qrCodeDataUri && { qr_uri: qrCodeDataUri }),
+      } satisfies CreateAuthorizationRequestResponse
+      console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
+
+      return response.status(201).json(authRequestBody)
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: 'Could not create an authorization request URI' }, error)
+    }
+  })
+}
+
+export function removeAuthRequestStateUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`removeAuthStatus universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/requests/:correlationId'
+  router.delete(path, checkAuth(opts?.endpoint), async (request: DeleteAuthorizationRequest, response: Response) => {
+    try {
+      const correlationId: string = request.params.correlationId
+
+      const authRequestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false
+      })
+      if (!authRequestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
+        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
+      }
+
+      await context.agent.siopDeleteAuthState({ correlationId })
+
+      return response.status(204).json()
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}
+
+export function authStatusUniversalOID4VPEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`authStatus universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/auth/status/:correlationId'
+  router.get(path, checkAuth(opts?.endpoint), async (request: GetAuthorizationRequestStatus, response: Response) => {
+    try {
+      console.log('Received auth-status request...')
+      const correlationId: string = request.params.correlationId
+
+      const requestState = await context.agent.siopGetAuthRequestState({
+        correlationId,
+        errorOnNotFound: false
+      })
+
+      if (!requestState) {
+        console.log(`No authorization request could be found for the given correlationId. correlationId: ${correlationId}`)
+        return sendErrorResponse(response, 404, { status: 404, message: 'No authorization request could be found' })
+      }
+
+      let responseState
+      if (requestState.status === 'authorization_request_created') {
+        responseState = (await context.agent.siopGetAuthResponseState({ correlationId, errorOnNotFound: false }))
+      }
+      const overallState = responseState ?? requestState
+
+      const statusBody = {
+        status: overallState.status,
+        correlation_id: overallState.correlationId,
+        query_id: overallState.queryId,
+        last_updated: overallState.lastUpdated,
+        ...((responseState?.status === AuthorizationResponseStateStatus.VERIFIED && responseState.verifiedData !== undefined) && { verifiedData: responseState.verifiedData }),
+        ...(overallState.error && { message: overallState.error.message })
+      } satisfies AuthStatusResponse
+      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)
+
+      if (overallState.status === 'error') {
+        return response.status(500).json(statusBody)
+      }
+      return response.status(200).json(statusBody)
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}
+
+export function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
+  if (opts?.enabled === false) {
+    console.log(`getDefinitions universal OID4VP endpoint is disabled`)
+    return
+  }
+
+  const path = opts?.path ?? '/backend/definitions'
+  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
+    try {
+      const definitions = await context.agent.pdmGetDefinitions()
+      response.statusCode = 200
+      return response.json(definitions)
+    } catch (error) {
+      return sendErrorResponse(response, 500, { status: 500, message: error.message }, error)
+    }
+  })
+}

package/src/webapp-api-functions.ts

@@ -1,183 +0,0 @@
-import { AuthorizationRequestState, AuthorizationResponseStateStatus } from '@sphereon/did-auth-siop'
-import { checkAuth, ISingleEndpointOpts, sendErrorResponse } from '@sphereon/ssi-express-support'
-import { AuthStatusResponse, GenerateAuthRequestURIResponse, uriWithBase } from '@sphereon/ssi-sdk.siopv2-oid4vp-common'
-import { AuthorizationResponseStateWithVerifiedData, VerifiedDataMode } from '@sphereon/ssi-sdk.siopv2-oid4vp-rp-auth'
-import { Request, Response, Router } from 'express'
-import uuid from 'short-uuid'
-import { ICreateAuthRequestWebappEndpointOpts, IRequiredContext } from './types'
-import { shaHasher as defaultHasher } from '@sphereon/ssi-sdk.core'
-
-export function createAuthRequestWebappEndpoint(router: Router, context: IRequiredContext, opts?: ICreateAuthRequestWebappEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`createAuthRequest Webapp endpoint is disabled`)
-    return
-  }
-  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests'
-  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
-    try {
-      // if (!request.agent) throw Error('No agent configured')
-      const definitionId = request.params.definitionId
-      if (!definitionId) {
-        return sendErrorResponse(response, 400, 'No definitionId query parameter provided')
-      }
-      const state: string = request.body.state ?? uuid.uuid()
-      const correlationId = request.body.correlationId ?? state
-      const qrCodeOpts = request.body.qrCodeOpts ?? opts?.qrCodeOpts
-
-      const requestByReferenceURI = uriWithBase(`/siop/definitions/${definitionId}/auth-requests/${state}`, {
-        baseURI: opts?.siopBaseURI,
-      })
-      const responseURI = uriWithBase(`/siop/definitions/${definitionId}/auth-responses/${state}`, { baseURI: opts?.siopBaseURI })
-      // first version is for backwards compat
-      const responseRedirectURI =
-        ('response_redirect_uri' in request.body && (request.body.response_redirect_uri as string | undefined)) ??
-        ('responseRedirectURI' in request.body && (request.body.responseRedirectURI as string | undefined))
-
-      const authRequestURI = await context.agent.siopCreateAuthRequestURI({
-        definitionId,
-        correlationId,
-        state,
-        nonce: uuid.uuid(),
-        requestByReferenceURI,
-        responseURIType: 'response_uri',
-        responseURI,
-        ...(responseRedirectURI && { responseRedirectURI }),
-      })
-
-      let qrCodeDataUri: string | undefined
-      if (qrCodeOpts) {
-        const { AwesomeQR } = await import('awesome-qr')
-        const qrCode = new AwesomeQR({ ...qrCodeOpts, text: authRequestURI })
-        qrCodeDataUri = `data:image/png;base64,${(await qrCode.draw())!.toString('base64')}`
-      }
-      const authRequestBody: GenerateAuthRequestURIResponse = {
-        correlationId,
-        state,
-        definitionId,
-        authRequestURI,
-        authStatusURI: `${uriWithBase(opts?.webappAuthStatusPath ?? '/webapp/auth-status', { baseURI: opts?.webappBaseURI })}`,
-        ...(qrCodeDataUri && { qrCodeDataUri }),
-      }
-      console.log(`Auth Request URI data to send back: ${JSON.stringify(authRequestBody)}`)
-      return response.json(authRequestBody)
-    } catch (error) {
-      return sendErrorResponse(response, 500, 'Could not create an authorization request URI', error)
-    }
-  })
-}
-
-export function authStatusWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`authStatus Webapp endpoint is disabled`)
-    return
-  }
-  const path = opts?.path ?? '/webapp/auth-status'
-  router.post(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
-    try {
-      console.log('Received auth-status request...')
-      const correlationId: string = request.body.correlationId as string
-      const definitionId: string = request.body.definitionId as string
-
-      const requestState =
-        correlationId && definitionId
-          ? await context.agent.siopGetAuthRequestState({
-              correlationId,
-              definitionId,
-              errorOnNotFound: false,
-            })
-          : undefined
-      if (!requestState || !definitionId || !correlationId) {
-        console.log(
-          `No authentication request mapping could be found for the given URL. correlation: ${correlationId}, definitionId: ${definitionId}`,
-        )
-        response.statusCode = 404
-        const statusBody: AuthStatusResponse = {
-          status: requestState ? requestState.status : 'error',
-          error: 'No authentication request mapping could be found for the given URL.',
-          correlationId,
-          definitionId,
-          lastUpdated: requestState ? requestState.lastUpdated : Date.now(),
-        }
-        return response.json(statusBody)
-      }
-
-      let includeVerifiedData: VerifiedDataMode = VerifiedDataMode.NONE
-      if ('includeVerifiedData' in request.body) {
-        includeVerifiedData = request.body.includeVerifiedData as VerifiedDataMode
-      }
-
-      let responseState
-      if (requestState.status === 'sent') {
-        responseState = (await context.agent.siopGetAuthResponseState({
-          correlationId,
-          definitionId,
-          includeVerifiedData: includeVerifiedData,
-          errorOnNotFound: false,
-        })) as AuthorizationResponseStateWithVerifiedData
-      }
-      const overallState: AuthorizationRequestState | AuthorizationResponseStateWithVerifiedData = responseState ?? requestState
-
-      const statusBody: AuthStatusResponse = {
-        status: overallState.status,
-        ...(overallState.error ? { error: overallState.error?.message } : {}),
-        correlationId,
-        definitionId,
-        lastUpdated: overallState.lastUpdated,
-        ...(responseState && responseState.status === AuthorizationResponseStateStatus.VERIFIED
-          ? {
-              payload: await responseState.response.mergedPayloads({ hasher: defaultHasher }),
-              verifiedData: responseState.verifiedData,
-            }
-          : {}),
-      }
-      console.debug(`Will send auth status: ${JSON.stringify(statusBody)}`)
-      if (overallState.status === 'error') {
-        response.statusCode = 500
-        return response.json(statusBody)
-      }
-      response.statusCode = 200
-      return response.json(statusBody)
-    } catch (error) {
-      return sendErrorResponse(response, 500, error.message, error)
-    }
-  })
-}
-
-export function removeAuthRequestStateWebappEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`removeAuthStatus Webapp endpoint is disabled`)
-    return
-  }
-  const path = opts?.path ?? '/webapp/definitions/:definitionId/auth-requests/:correlationId'
-  router.delete(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
-    try {
-      const correlationId: string = request.params.correlationId
-      const definitionId: string = request.params.definitionId
-      if (!correlationId || !definitionId) {
-        console.log(`No authorization request could be found for the given url. correlationId: ${correlationId}, definitionId: ${definitionId}`)
-        return sendErrorResponse(response, 404, 'No authorization request could be found')
-      }
-      response.statusCode = 200
-      return response.json(await context.agent.siopDeleteAuthState({ definitionId, correlationId }))
-    } catch (error) {
-      return sendErrorResponse(response, 500, error.message, error)
-    }
-  })
-}
-
-export function getDefinitionsEndpoint(router: Router, context: IRequiredContext, opts?: ISingleEndpointOpts) {
-  if (opts?.enabled === false) {
-    console.log(`getDefinitions Webapp endpoint is disabled`)
-    return
-  }
-  const path = opts?.path ?? '/webapp/definitions'
-  router.get(path, checkAuth(opts?.endpoint), async (request: Request, response: Response) => {
-    try {
-      const definitions = await context.agent.pdmGetDefinitions()
-      response.statusCode = 200
-      return response.json(definitions)
-    } catch (error) {
-      return sendErrorResponse(response, 500, error.message, error)
-    }
-  })
-}