npm - @velocitycareerlabs/server-careerwallet - Versions diffs - 1.25.0-dev-build.12642c864 - Mend

@velocitycareerlabs/server-careerwallet 1.25.0-dev-build.12642c864

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/src/controllers/api/v0.6/accounts/controller.js ADDED Viewed

@@ -0,0 +1,288 @@
+const newError = require('http-errors');
+const { isArray, includes } = require('lodash/fp');
+const { nanoid } = require('nanoid/non-secure');
+const { pick } = require('lodash/fp');
+const { initBuildRefreshToken } = require('@velocitycareerlabs/crypto');
+const { accountScopes, initBuildAccessToken } = require('../../../../entities');
+const buildRefreshToken = initBuildRefreshToken();
+const accountsController = async (fastify) => {
+  const { config } = fastify;
+  fastify.post(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        tags: ['careerwallet'],
+        body: {
+          $ref: 'https://velocitycareerlabs.io/careerwallet-accounts-request.schema.json#',
+        },
+        response: {
+          200: {
+            $ref: 'https://velocitycareerlabs.io/careerwallet-accounts-response.schema.json#',
+          },
+        },
+      }),
+    },
+    async (req, reply) => {
+      const {
+        repos,
+        body: {
+          account: { device: { deviceId } = {} },
+        },
+        config: reqConfig,
+      } = req;
+      await validateRequest(req, reply);
+      const scope = [accountScopes.keyCreate];
+      const refreshToken = buildRefreshToken();
+      const account = await findOrInsertAccount(req, refreshToken, scope);
+      if (deviceId) {
+        await repos.devices.updateUsingFilter(
+          {
+            filter: {
+              $or: [{ deviceId }, { pushToken: deviceId }],
+            },
+          },
+          { accountId: account._id }
+        );
+      }
+      const devices = await repos.devices.find({ accountId: account._id });
+      const accessToken = await initBuildAccessToken(
+        reqConfig.holderAppServerAccessTokenSigningKey,
+        config.holderAppServerHolderAppProviderDid,
+        config.holderAppServerAccessTokenExpiresIn
+      )(scope.join(' '), account._id);
+      return {
+        ...buildAccountResponse(account, devices, req),
+        access_token: accessToken,
+        refresh_token: refreshToken,
+      };
+    }
+  );
+  fastify
+    .autoSchemaPreset({ security: [{ bearerAuth: [] }] })
+    .post(
+      '/:accountId/push_token',
+      {
+        onRequest: fastify.verifyCareerWalletAccessToken(),
+        schema: fastify.autoSchema({
+          params: {
+            type: 'object',
+            properties: {
+              accountId: { type: 'string' },
+            },
+            required: ['accountId'],
+          },
+          body: {
+            type: 'object',
+            properties: {
+              did: { type: 'string' },
+            },
+            required: ['did'],
+          },
+          response: {
+            200: {
+              type: 'object',
+              properties: {
+                pushToken: { type: 'string' },
+              },
+              required: ['pushToken'],
+            },
+          },
+        }),
+      },
+      async (req) => {
+        const {
+          repos: { accounts },
+          params: { accountId },
+          body: { did },
+          user,
+          isServerUser,
+        } = req;
+        if (!isServerUser && accountId !== user.sub) {
+          throw new newError.Unauthorized();
+        }
+        const pushToken = nanoid();
+        const updatedAccount = {
+          [`pushTokens.${pushToken}`]: { did, createdAt: new Date() },
+        };
+        await accounts.update(accountId, updatedAccount);
+        return {
+          pushToken,
+        };
+      }
+    )
+    .get(
+      '/:accountId',
+      {
+        onRequest: fastify.verifyCareerWalletAccessToken(),
+        schema: fastify.autoSchema({
+          params: {
+            type: 'object',
+            properties: {
+              accountId: { type: 'string' },
+            },
+          },
+          response: {
+            200: {
+              $ref: 'https://velocitycareerlabs.io/careerwallet-get-account-response.schema.json#',
+            },
+          },
+        }),
+      },
+      async (req) => {
+        const {
+          repos,
+          params: { accountId },
+          isServerUser,
+        } = req;
+        if (!isServerUser && accountId !== req.user.sub) {
+          throw new newError.Forbidden(
+            'Access token account does not match the accountId'
+          );
+        }
+        const account = await repos.accounts.findOne({
+          filter: { _id: accountId },
+        });
+        const devices = await repos.devices.find({ accountId: account._id });
+        return { account: { ...account, devices } };
+      }
+    );
+};
+const findOrInsertAccount = async (req, refreshToken, scope) => {
+  const {
+    repos: { accounts },
+    body: {
+      account: { id_token: webWalletUserToken },
+    },
+  } = req;
+  const existingAccount =
+    webWalletUserToken &&
+    (await accounts.findOne({ filter: { userId: req.user.sub } }));
+  if (!existingAccount) {
+    return accounts.insert(await buildAccount(refreshToken, scope, req));
+  }
+  return existingAccount;
+};
+const validateRequest = async (req, reply) => {
+  const {
+    body: {
+      account: { id_token: idToken },
+    },
+  } = req;
+  if (idToken) {
+    await req.server.authenticate(req, reply);
+    const isWebappClient = isArray(req.user.aud)
+      ? includes(req.config.oauth0WebappClientId, req.user.aud)
+      : req.user.aud === req.config.oauth0WebappClientId;
+    if (!isWebappClient) {
+      throw new newError.Unauthorized('Invalid audience');
+    }
+  }
+};
+const buildAccount = async (refreshToken, scope, req) => {
+  const {
+    body: {
+      account: { accountType, device, id_token: idToken },
+    },
+  } = req;
+  const didKeyMetadatum = await buildDidKeyMetadatum(req);
+  const newAccount = {
+    accountType,
+    scope: didKeyMetadatum.length
+      ? [
+          accountScopes.jwt,
+          accountScopes.keyCreate,
+          accountScopes.inbox,
+          accountScopes.account,
+        ]
+      : scope,
+    refreshToken,
+    didKeyMetadatum,
+  };
+  if (idToken) {
+    return {
+      ...newAccount,
+      userId: req.user.sub,
+      idTokenClaims: { idTokenIssuer: req.user.iss },
+    };
+  }
+  return {
+    ...newAccount,
+    devices: [device],
+  };
+};
+const buildDidKeyMetadatum = async (req) => {
+  const {
+    body: { personaEmail },
+    repos: { personas },
+  } = req;
+  if (!personaEmail) {
+    return [];
+  }
+  const persona = await personas.findOne({
+    filter: { email: personaEmail },
+  });
+  if (!persona) {
+    throw new newError.BadRequest('Invalid persona email');
+  }
+  if (persona.did) {
+    return [pick(['did', 'kid', 'keyId', 'publicJwk'], persona)];
+  }
+  return [];
+};
+const buildAccountResponse = (account, devices, req) => {
+  const {
+    body: {
+      account: { id_token: idToken },
+    },
+  } = req;
+  if (idToken) {
+    return {
+      account: {
+        ...account,
+        id_token_iss: req.user.iss,
+        id_token_sub: req.user.sub,
+      },
+    };
+  }
+  return {
+    account: {
+      ...account,
+      devices,
+    },
+  };
+};
+module.exports = accountsController;

package/src/controllers/api/v0.6/accounts/schemas/careerwallet-accounts-didkeymetadatum-response.schema.js ADDED Viewed

@@ -0,0 +1,41 @@
+const careerWalletAccountsDidKeyMetadatumResponseSchema = {
+  $id: 'https://velocitycareerlabs.io/careerwallet-accounts-didkeymetadatum-response.schema.json',
+  title: 'careerwallet-accounts-didkeymetadatum-response',
+  description: 'the body of response for careerwallet accounts didKeyMetadatum',
+  type: 'object',
+  properties: {
+    did: {
+      type: 'string',
+    },
+    kid: {
+      type: 'string',
+    },
+    keyId: {
+      type: 'string',
+    },
+    publicJwk: {
+      type: 'object',
+      required: ['kty'],
+      properties: {
+        kty: { type: 'string' },
+        use: { type: 'string' },
+        key_ops: { type: 'string' },
+        x5u: { type: 'string' },
+        x5c: { type: 'string' },
+        x5t: { type: 'string' },
+        'x5t#S256': { type: 'string' },
+        alg: { type: 'string' },
+        kid: { type: 'string' },
+        exp: { type: 'string' },
+        crv: { type: 'string' },
+        y: { type: 'string' },
+        x: { type: 'string' },
+        n: { type: 'string' },
+        e: { type: 'string' },
+      },
+    },
+  },
+  required: ['did', 'kid', 'publicJwk'],
+};
+module.exports = { careerWalletAccountsDidKeyMetadatumResponseSchema };

package/src/controllers/api/v0.6/accounts/schemas/careerwallet-accounts-request.schema.js ADDED Viewed

@@ -0,0 +1,49 @@
+const { accountTypes } = require('../../../../../entities');
+const { deviceOSes, deviceTypes } = require('../../../../../entities/devices');
+const careerWalletAccountsRequestSchema = {
+  $id: 'https://velocitycareerlabs.io/careerwallet-accounts-request.schema.json',
+  title: 'carrerwallet-accounts-request',
+  description: 'the request for careerwallet accounts',
+  type: 'object',
+  properties: {
+    account: {
+      type: 'object',
+      properties: {
+        accountType: {
+          type: 'string',
+          enum: accountTypes,
+        },
+        device: {
+          type: 'object',
+          properties: {
+            deviceId: { type: 'string' },
+            deviceType: {
+              type: 'string',
+              enum: deviceTypes,
+            },
+            deviceOS: {
+              type: 'string',
+              enum: deviceOSes,
+            },
+          },
+          required: ['deviceId', 'deviceType', 'deviceOS'],
+        },
+        id_token: { type: 'string' },
+      },
+      required: ['accountType'],
+      oneOf: [
+        {
+          required: ['id_token'],
+        },
+        {
+          required: ['device'],
+        },
+      ],
+    },
+    personaEmail: { type: 'string' },
+  },
+  required: ['account'],
+};
+module.exports = { careerWalletAccountsRequestSchema };

package/src/controllers/api/v0.6/accounts/schemas/careerwallet-accounts-response.schema.js ADDED Viewed

@@ -0,0 +1,74 @@
+const { accountTypes } = require('../../../../../entities');
+const { deviceOSes, deviceTypes } = require('../../../../../entities/devices');
+const careerWalletAccountsResponseSchema = {
+  $id: 'https://velocitycareerlabs.io/careerwallet-accounts-response.schema.json',
+  title: 'carrerwallet-accounts-response',
+  description: 'the body of response for careerwallet accounts',
+  type: 'object',
+  properties: {
+    account: {
+      type: 'object',
+      properties: {
+        id: { type: 'string' },
+        accountType: {
+          type: 'string',
+          enum: accountTypes,
+        },
+        devices: {
+          type: 'array',
+          items: {
+            type: 'object',
+            properties: {
+              deviceId: { type: 'string' },
+              deviceType: {
+                type: 'string',
+                enum: deviceTypes,
+              },
+              deviceOS: {
+                type: 'string',
+                enum: deviceOSes,
+              },
+              createdAt: { type: 'string', format: 'date-time' },
+              updatedAt: { type: 'string', format: 'date-time' },
+            },
+            required: ['deviceId', 'deviceType', 'deviceOS'],
+          },
+        },
+        didKeyMetadatum: {
+          type: 'array',
+          items: {
+            $ref: 'https://velocitycareerlabs.io/careerwallet-accounts-didkeymetadatum-response.schema.json',
+          },
+        },
+        did: { type: 'string' },
+        id_token_iss: { type: 'string' },
+        id_token_sub: { type: 'string' },
+        createdAt: { type: 'string', format: 'date-time' },
+        updatedAt: { type: 'string', format: 'date-time' },
+      },
+      required: [
+        'id',
+        'accountType',
+        'createdAt',
+        'updatedAt',
+        'didKeyMetadatum',
+      ],
+      oneOf: [
+        {
+          type: 'object',
+          required: ['id_token_iss', 'id_token_sub'],
+        },
+        {
+          type: 'object',
+          required: ['devices'],
+        },
+      ],
+    },
+    access_token: { type: 'string' },
+    refresh_token: { type: 'string' },
+  },
+  required: ['account', 'access_token', 'refresh_token'],
+};
+module.exports = { careerWalletAccountsResponseSchema };

package/src/controllers/api/v0.6/accounts/schemas/careerwallet-get-account-response.schema.js ADDED Viewed

@@ -0,0 +1,72 @@
+const { accountTypes } = require('../../../../../entities');
+const { deviceOSes, deviceTypes } = require('../../../../../entities/devices');
+const careerWalletGetAccountResponseSchema = {
+  $id: 'https://velocitycareerlabs.io/careerwallet-get-account-response.schema.json',
+  title: 'careerwallet-get-account-response',
+  description: 'the body of response for careerwallet account',
+  type: 'object',
+  properties: {
+    account: {
+      type: 'object',
+      properties: {
+        id: { type: 'string' },
+        accountType: {
+          type: 'string',
+          enum: accountTypes,
+        },
+        devices: {
+          type: 'array',
+          items: {
+            type: 'object',
+            properties: {
+              deviceId: { type: 'string' },
+              deviceType: {
+                type: 'string',
+                enum: deviceTypes,
+              },
+              deviceOS: {
+                type: 'string',
+                enum: deviceOSes,
+              },
+              createdAt: { type: 'string', format: 'date-time' },
+              updatedAt: { type: 'string', format: 'date-time' },
+            },
+            required: ['deviceId', 'deviceType', 'deviceOS'],
+          },
+        },
+        didKeyMetadatum: {
+          type: 'array',
+          items: {
+            $ref: 'https://velocitycareerlabs.io/careerwallet-accounts-didkeymetadatum-response.schema.json',
+          },
+        },
+        did: { type: 'string' },
+        id_token_iss: { type: 'string' },
+        id_token_sub: { type: 'string' },
+        createdAt: { type: 'string', format: 'date-time' },
+        updatedAt: { type: 'string', format: 'date-time' },
+      },
+      required: [
+        'id',
+        'accountType',
+        'createdAt',
+        'updatedAt',
+        'didKeyMetadatum',
+      ],
+      oneOf: [
+        {
+          type: 'object',
+          required: ['id_token_iss', 'id_token_sub'],
+        },
+        {
+          type: 'object',
+          required: ['devices'],
+        },
+      ],
+    },
+  },
+  required: ['account'],
+};
+module.exports = { careerWalletGetAccountResponseSchema };

package/src/controllers/api/v0.6/accounts/schemas/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+module.exports = {
+  ...require('./careerwallet-accounts-request.schema'),
+  ...require('./careerwallet-accounts-response.schema'),
+  ...require('./careerwallet-get-account-response.schema'),
+  ...require('./careerwallet-accounts-didkeymetadatum-response.schema'),
+};

package/src/controllers/api/v0.6/careerwallet/appconfig/controller.js ADDED Viewed

@@ -0,0 +1,25 @@
+const { omitBy } = require('lodash/fp');
+const careerWalletConfigsController = async (fastify) => {
+  fastify.get(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        response: {
+          200: {
+            type: 'object',
+            additionalProperties: true,
+          },
+        },
+      }),
+    },
+    async ({ repos }) => {
+      const config = await repos.careerWalletConfigs.findOne();
+      return omitBy((value, key) =>
+        ['id', '_id', 'createdAt', 'updatedAt'].includes(key)
+      )(config);
+    }
+  );
+};
+module.exports = careerWalletConfigsController;

package/src/controllers/api/v0.6/careerwallet/appconfig/repo.js ADDED Viewed

@@ -0,0 +1,40 @@
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'careerWalletConfigs',
+      entityName: 'careerWalletConfig',
+      defaultProjection: {
+        _id: 1,
+        ios: 1,
+        android: 1,
+        yotiIDV: 1,
+        latestAndroidVersion: 1,
+        latestIOSVersion: 1,
+        minAndroidVersion: 1,
+        minIOSVersion: 1,
+        createdAt: 1,
+        updatedAt: 1,
+        pushUrl: 1,
+        baseUrls: 1,
+        oauth: 1,
+        sdk: 1,
+        idVerifierDid: 1,
+        emailVerifierDid: 1,
+        phoneVerifierDid: 1,
+        yotiNewSessionUrl: 1,
+        verificationServiceDeepLink: 1,
+        verificationServicePresentationLinkTemplate: 1,
+        commonUrls: 1,
+        linkedinEndpoints: 1,
+      },
+      extensions: [autoboxIdsExtension],
+    },
+    app
+  );
+};

package/src/controllers/api/v0.6/careerwallet/autohooks.js ADDED Viewed

@@ -0,0 +1,5 @@
+module.exports = async (fastify) => {
+  fastify.autoSchemaPreset({
+    tags: ['careerwallet'],
+  });
+};

package/src/controllers/api/v0.6/careerwallet/consents/controller.js ADDED Viewed

@@ -0,0 +1,66 @@
+const { careerWalletConsentResponseSchema } = require('./schemas');
+const controller = async (fastify) => {
+  fastify.post(
+    '/add',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          type: 'object',
+          properties: {
+            version: {
+              type: 'string',
+              pattern: '[0-9]+.[0-9]+',
+            },
+            accountId: { type: 'string' },
+          },
+          required: ['version', 'accountId'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              consent: careerWalletConsentResponseSchema,
+            },
+            required: ['consent'],
+          },
+        },
+      }),
+    },
+    async (req, rep) => {
+      const {
+        repos,
+        body: { version, accountId },
+      } = req;
+      const consentDb = await repos.consentsCareerWallet.findOne({
+        filter: { accountId, version },
+        sort: { createdAt: -1 },
+      });
+      if (consentDb) {
+        return rep.code(201).send({
+          consent: mapConsent(consentDb),
+        });
+      }
+      const consent = await repos.consentsCareerWallet.insert({
+        accountId,
+        version,
+      });
+      return rep.code(201).send({
+        consent: mapConsent(consent),
+      });
+    }
+  );
+};
+const mapConsent = ({ createdAt, version, accountId, ...consent }) => ({
+  createdAt,
+  accountId,
+  version,
+  id: consent._id.toString(),
+});
+module.exports = controller;

package/src/controllers/api/v0.6/careerwallet/consents/latest/autohooks.js ADDED Viewed

@@ -0,0 +1,7 @@
+const { verifyAccessTokenPlugin } = require('../../../../../../plugins');
+module.exports = async (fastify) => {
+  fastify
+    .register(verifyAccessTokenPlugin)
+    .autoSchemaPreset({ security: [{ bearerAuth: [] }] });
+};