npm - @velocitycareerlabs/server-careerwallet - Versions diffs - 1.25.0-dev-build.12642c864 - Mend

@velocitycareerlabs/server-careerwallet 1.25.0-dev-build.12642c864

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (252) hide show

package/src/controllers/api/v0.6/verify/controller.js ADDED Viewed

@@ -0,0 +1,348 @@
+const newError = require('http-errors');
+const { nanoid } = require('nanoid/non-secure');
+const { omit, first, values } = require('lodash/fp');
+const { addMinutes, subMinutes } = require('date-fns/fp');
+const {
+  identifyWebhookRequestBodySchema,
+  verificationIdentifyResponse200Schema,
+} = require('@velocitycareerlabs/common-schemas');
+const {
+  generateKeyPair,
+  generateRandomNumber,
+} = require('@velocitycareerlabs/crypto');
+const { generateCredentialJwt } = require('@velocitycareerlabs/jwt');
+const VerificationCredentialTypes = require('./verification-credential-types');
+const {
+  validateVerificationCodeAttempts,
+  VerificationValueTypes,
+  accountScopes,
+} = require('../../../../entities');
+const verificationExpiration = 10;
+const verificationCodeLength = 6;
+const verificationController = async (fastify) => {
+  const { sendEmail, sendSms, config } = fastify;
+  // Throws bad request when X attempts have been made and the last attempt hasn't expired yet
+  const checkAttemptsThreshold = (existingVerificationCounts) => {
+    if (fastify.config.attemptsThreshold <= existingVerificationCounts) {
+      throw new newError.BadRequest('Too many attempts.');
+    }
+  };
+  const smsVerificationMessage = (verificationCode) =>
+    // eslint-disable-next-line max-len
+    `Your Velocity Phone Verification code is: ${verificationCode}.\n\n@velocitycareerlabs.io #${verificationCode}\n\n${config.smsAppVerificationHash}`;
+  const sendNotification = async (valueType, value, verificationCode) => {
+    /* eslint-disable max-len */
+    const verificationMessage = `Please enter this code in the Velocity app, to validate your ${valueType}: ${verificationCode}. The code is valid for ${verificationExpiration} minutes`;
+    if (valueType === VerificationValueTypes.Email) {
+      await sendEmail({
+        subject: 'Email Address Verification',
+        message: verificationMessage,
+        sender: fastify.config.verificationSenderEmail,
+        recipients: [value],
+        replyTo: fastify.config.verificationSenderEmail,
+      });
+    } else if (valueType === VerificationValueTypes.Phone) {
+      await sendSms({
+        message: smsVerificationMessage(verificationCode),
+        phoneNumber: value,
+      });
+    } else {
+      throw new newError.BadRequest(`Incorrect value type: ${valueType}.`);
+    }
+  };
+  fastify.post(
+    '/:valueType/request-code',
+    {
+      onRequest: fastify.verifyCareerWalletAccessToken([accountScopes.account]),
+      schema: fastify.autoSchema({
+        security: [{ bearerAuth: [accountScopes.account] }],
+        params: {
+          type: 'object',
+          description: 'Either `phone` or `email`',
+          properties: {
+            valueType: {
+              type: 'string',
+              enum: values(VerificationValueTypes),
+            },
+          },
+        },
+        body: {
+          type: 'object',
+          description:
+            'The actual email address or phone number (depending on the value of `valueType`)',
+          additionalProperties: false,
+          properties: {
+            value: { type: 'string' },
+          },
+          required: ['value'],
+        },
+        response: {
+          204: {
+            type: 'null',
+          },
+        },
+      }),
+    },
+    async (req, reply) => {
+      const { repos, params, body } = req;
+      const { valueType } = params;
+      const { value } = body;
+      if (valueType === VerificationValueTypes.Phone) {
+        await validateVerificationCodeAttempts(value, req);
+      }
+      const existingVerifications = await repos.verifications.count({
+        filter: {
+          type: valueType,
+          value,
+          createdAt: { $gt: subMinutes(verificationExpiration, new Date()) },
+        },
+      });
+      checkAttemptsThreshold(existingVerifications);
+      const attemptId = await generateRandomNumber(verificationCodeLength);
+      const verification = createVerification(
+        valueType,
+        value,
+        attemptId.toString()
+      );
+      await repos.verifications.insert(verification);
+      await sendNotification(valueType, value, attemptId);
+      reply.code(204);
+    }
+  );
+  fastify.post(
+    '/confirm',
+    {
+      onRequest: fastify.verifyCareerWalletAccessToken([accountScopes.account]),
+      schema: fastify.autoSchema({
+        security: [{ bearerAuth: [accountScopes.account] }],
+        body: {
+          type: 'object',
+          additionalProperties: false,
+          properties: {
+            verificationCode: { type: 'string' },
+          },
+          required: ['verificationCode'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              credential: { type: 'string' },
+              token: { type: 'string' },
+            },
+          },
+          ...fastify.NotFoundResponse,
+        },
+      }),
+    },
+    async ({ vclVerificationVersion, repos, body }) => {
+      const { verificationCode } = body;
+      const updatedVerification = await repos.verifications.updateUsingFilter(
+        {
+          filter: {
+            attemptId: verificationCode,
+            complete: { $exists: false },
+            createdAt: { $gt: subMinutes(verificationExpiration, new Date()) },
+          },
+        },
+        { complete: new Date() }
+      );
+      const verification = first(updatedVerification);
+      if (!verification) {
+        // TODO change error message to say "incorrect verification code or expired"
+        throw new newError.NotFound('No matching pending verification');
+      }
+      const latestVerification = await repos.verifications.findOne(
+        {
+          filter: {
+            type: verification.type,
+            value: verification.value,
+          },
+        },
+        { _id: 1 }
+      );
+      if (!latestVerification?._id.equals(verification._id)) {
+        throw new newError.NotFound('Verification was not the latest');
+      }
+      const offerId = nanoid();
+      const offer = {
+        offerId,
+        type: [typeToCredential[verification.type]],
+        value: verification.value,
+        offerCreationDate: new Date(),
+        offerExpirationDate: generateExpiration(verificationExpiration),
+        claimed: false,
+      };
+      await repos.verificationOffers.insert(offer);
+      if (vclVerificationVersion >= 2) {
+        return { token: offerId };
+      }
+      const { privateKey } = generateKeyPair();
+      const credential = await generateCredentialJwt(
+        {
+          id: verificationCode,
+          type: ['VerificationIdentifier'],
+          issuer: fastify.config.rootDid,
+          credentialSubject: {
+            id: offer.offerId,
+          },
+        },
+        privateKey
+      );
+      return {
+        credential,
+      };
+    }
+  );
+  fastify.post(
+    '/issuing/identify',
+    {
+      schema: fastify.autoSchema({
+        body: identifyWebhookRequestBodySchema,
+        response: {
+          200: verificationIdentifyResponse200Schema,
+          ...fastify.NotFoundResponse,
+        },
+      }),
+    },
+    async ({ body, repos }) => {
+      const offerId = getOfferId(body);
+      const offer = await repos.verificationOffers.findOne({
+        filter: { offerId },
+      });
+      if (!offer) {
+        throw newError.NotFound(`Offer ID ${offerId} could not be found`);
+      }
+      return { vendorUserId: offerId };
+    }
+  );
+  fastify.post(
+    '/issuing/generate-offers',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          type: 'object',
+          properties: {
+            vendorUserId: { type: 'string' },
+            exchangeId: { type: 'string' },
+          },
+          required: ['vendorUserId', 'exchangeId'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              offers: {
+                type: 'array',
+                items: {
+                  type: 'object',
+                  properties: {
+                    type: {
+                      type: 'array',
+                      items: { type: 'string' },
+                    },
+                    offerId: { type: 'string' },
+                    offerCreationDate: { type: 'string' },
+                    offerExpirationDate: { type: 'string' },
+                    credentialSubject: {
+                      type: 'object',
+                      additionalProperties: true,
+                    },
+                    exchangeId: { type: 'string' },
+                  },
+                },
+              },
+            },
+          },
+          ...fastify.NotFoundResponse,
+        },
+      }),
+    },
+    async ({ body, repos }) => {
+      const { vendorUserId, exchangeId } = body;
+      const offer = await repos.verificationOffers.findOne({
+        filter: { offerId: vendorUserId },
+      });
+      if (!offer) {
+        throw newError.NotFound(`Offer ID ${vendorUserId} could not be found`);
+      }
+      await repos.verificationOffers.upsert(offer._id, {
+        ...offer,
+        claimed: true,
+      });
+      return {
+        offers: [
+          {
+            ...omit(['_id', 'value'], offer),
+            credentialSubject: credentialGenerators[offer.type](offer),
+            vendorUserId,
+            exchangeId,
+          },
+        ],
+      };
+    }
+  );
+};
+module.exports = verificationController;
+const typeToCredential = {
+  email: VerificationCredentialTypes.EmailAddressVerification,
+  phone: VerificationCredentialTypes.PhoneNumberVerification,
+};
+const credentialGenerators = {
+  [VerificationCredentialTypes.EmailAddressVerification]: (offer) => ({
+    email: offer.value,
+    vendorUserId: offer.value,
+  }),
+  [VerificationCredentialTypes.PhoneNumberVerification]: (offer) => ({
+    phone: offer.value,
+    vendorUserId: offer.value,
+  }),
+};
+const generateExpiration = (dueMinutes) => addMinutes(dueMinutes, new Date());
+const getOfferId = ({ idDocumentCredentials, vendorOriginContext }) => {
+  if (vendorOriginContext) {
+    return vendorOriginContext;
+  }
+  const idDocumentCredential = idDocumentCredentials[0];
+  return idDocumentCredential.credentialSubject
+    ? idDocumentCredential.credentialSubject.id
+    : idDocumentCredential.id; // Deprecated
+};
+const createVerification = (valueType, value, attemptId) => ({
+  type: valueType,
+  value,
+  attemptId,
+});

package/src/controllers/api/v0.6/verify/repo.js ADDED Viewed

@@ -0,0 +1,23 @@
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'verifications',
+      entityName: 'verifications',
+      defaultProjection: {
+        _id: 1,
+        type: 1,
+        value: 1,
+        attemptId: 1,
+        complete: 1,
+      },
+      extensions: [autoboxIdsExtension],
+    },
+    app
+  );
+};

package/src/controllers/api/v0.6/verify/verification-credential-types.js ADDED Viewed

@@ -0,0 +1,6 @@
+const VerificationCredentialType = Object.freeze({
+  EmailAddressVerification: 'EmailV1.0',
+  PhoneNumberVerification: 'PhoneV1.0',
+});
+module.exports = VerificationCredentialType;

package/src/controllers/jwt/autohooks.js ADDED Viewed

@@ -0,0 +1,10 @@
+const { verifyAccessTokenPlugin } = require('../../plugins');
+const { accountScopes } = require('../../entities');
+const autohooks = async (fastify) => {
+  fastify
+    .register(verifyAccessTokenPlugin)
+    .autoSchemaPreset({ security: [{ bearerAuth: [accountScopes.jwt] }] });
+};
+module.exports = autohooks;

package/src/controllers/jwt/controller.js ADDED Viewed

@@ -0,0 +1,106 @@
+const { parse, toSeconds } = require('iso8601-duration');
+const { v4: uuidv4 } = require('uuid');
+const createError = require('http-errors');
+const {
+  jwtDecode,
+  jwtVerify,
+  generateDocJwt,
+} = require('@velocitycareerlabs/jwt');
+const { generateKeyPair } = require('@velocitycareerlabs/crypto');
+const {
+  jwtSignSchema,
+  jwtSignResponse200Schema,
+  jwtDecodeSchema,
+  jwtDecodeResponse200Schema,
+  jwtVerifySchema,
+  jwtVerifyResponse200Schema,
+} = require('./schemas');
+const { accountScopes } = require('../../entities');
+const jwtController = async (fastify) => {
+  fastify
+    .addSchema(jwtSignSchema)
+    .addSchema(jwtSignResponse200Schema)
+    .addSchema(jwtVerifySchema)
+    .addSchema(jwtVerifyResponse200Schema)
+    .addSchema(jwtDecodeSchema)
+    .addSchema(jwtDecodeResponse200Schema)
+    .autoSchemaPreset({ tags: ['careerwallet_jwt'] });
+  fastify
+    .post(
+      '/verify',
+      {
+        onRequest: fastify.verifyCareerWalletAccessToken([accountScopes.jwt]),
+        schema: fastify.autoSchema({
+          body: jwtVerifySchema,
+          response: { 200: jwtVerifyResponse200Schema },
+        }),
+      },
+      async (req) => {
+        const {
+          body: { jwt, publicKey },
+          log,
+        } = req;
+        const {
+          header: { jwk },
+        } = jwtDecode(jwt);
+        const publicKeyAsJwk = publicKey ?? jwk;
+        if (publicKeyAsJwk == null) {
+          return createError(400, 'Public key is missing');
+        }
+        try {
+          await jwtVerify(jwt, publicKeyAsJwk);
+          return { verified: true };
+        } catch (err) {
+          log.warn({ err });
+          return { verified: false, error: err };
+        }
+      }
+    )
+    .post(
+      '/decode',
+      {
+        onRequest: fastify.verifyCareerWalletAccessToken([accountScopes.jwt]),
+        schema: fastify.autoSchema({
+          body: jwtDecodeSchema,
+          response: { 200: jwtDecodeResponse200Schema },
+        }),
+      },
+      async (req) => jwtDecode(req.body.jwt)
+    )
+    .post(
+      '/sign',
+      {
+        onRequest: fastify.verifyCareerWalletAccessToken([accountScopes.jwt]),
+        schema: fastify.autoSchema({
+          body: jwtSignSchema,
+          response: { 200: jwtSignResponse200Schema },
+        }),
+      },
+      async (req) => {
+        const {
+          body: { payload, options },
+        } = req;
+        const joseExpiresIn = options.expiresIn
+          ? `${ISO8601DurationToSeconds(options.expiresIn)}seconds`
+          : undefined;
+        const signingOptions = {
+          ...options,
+          expiresIn: joseExpiresIn,
+          jti: payload.id ?? uuidv4(),
+        };
+        const { privateKey } = generateKeyPair();
+        const jwt = await generateDocJwt(payload, privateKey, signingOptions);
+        return { jwt };
+      }
+    );
+};
+const ISO8601DurationToSeconds = (durationString) =>
+  toSeconds(parse(durationString));
+module.exports = jwtController;

package/src/controllers/jwt/schemas/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const jwtSignSchema = require('./jwt-sign.schema.json');
+const jwtSignResponse200Schema = require('./jwt-sign.response.200.schema.json');
+const jwtDecodeSchema = require('./jwt-decode.schema.json');
+const jwtDecodeResponse200Schema = require('./jwt-decode.response.200.schema.json');
+const jwtVerifySchema = require('./jwt-verify.schema.json');
+const jwtVerifyResponse200Schema = require('./jwt-verify.response.200.schema.json');
+module.exports = {
+  jwtSignSchema,
+  jwtSignResponse200Schema,
+  jwtDecodeSchema,
+  jwtDecodeResponse200Schema,
+  jwtVerifySchema,
+  jwtVerifyResponse200Schema,
+};

package/src/controllers/jwt/schemas/jwt-decode.response.200.schema.json ADDED Viewed

@@ -0,0 +1,20 @@
+{
+  "title": "jwt-decode-response-200",
+  "$id": "jwt-decode-response-200",
+  "type": "object",
+  "properties": {
+    "payload": {
+      "type": "object",
+      "additionalProperties": true
+    },
+    "header": {
+      "type": "object",
+      "additionalProperties": true
+    }
+  },
+  "required": [
+    "payload",
+    "header"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/jwt/schemas/jwt-decode.schema.json ADDED Viewed

@@ -0,0 +1,15 @@
+{
+  "title": "jwts-decode",
+  "$id": "jwts-decode",
+  "type": "object",
+  "properties": {
+    "jwt": {
+      "type": "string",
+      "description": "a jwt string."
+    }
+  },
+  "required": [
+    "jwt"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/jwt/schemas/jwt-sign.response.200.schema.json ADDED Viewed

@@ -0,0 +1,14 @@
+{
+  "title": "jwt-sign-response-200",
+  "$id": "jwt-sign-response-200",
+  "type": "object",
+  "properties": {
+    "jwt": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "jwt"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/jwt/schemas/jwt-sign.schema.json ADDED Viewed

@@ -0,0 +1,40 @@
+{
+  "title": "jwt-sign",
+  "$id": "jwt-sign",
+  "type": "object",
+  "properties": {
+    "payload": {
+      "type": "object"
+    },
+    "options": {
+      "type": "object",
+      "properties": {
+        "issuer": {
+          "type": "string",
+          "description": "did or random uuid of the issuer"
+        },
+        "audience": {
+          "type": "string",
+          "description": "did or random uuid of the audience"
+        },
+        "subject": {
+          "type": "string",
+          "description": "did or random uuid of the subject"
+        },
+        "expiresIn": {
+          "type": "string",
+          "description": "a ISO 8601 formatted duration string"
+        }
+      },
+      "required": [
+        "issuer",
+        "subject"
+      ]
+    }
+  },
+  "required": [
+    "payload",
+    "options"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/jwt/schemas/jwt-verify.response.200.schema.json ADDED Viewed

@@ -0,0 +1,17 @@
+{
+  "title": "jwt-verify-response-200",
+  "$id": "jwt-verify-response-200",
+  "type": "object",
+  "properties": {
+    "verified": {
+      "type": "boolean"
+    },
+    "error": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "verified"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/jwt/schemas/jwt-verify.schema.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "title": "jwts-verify",
+  "$id": "jwts-verify",
+  "type": "object",
+  "properties": {
+    "jwt": {
+      "type": "string",
+      "description": "jwt string"
+    },
+    "publicKey": {
+      "type": "object",
+      "description": "jwk public key"
+    }
+  },
+  "required": [
+    "jwt"
+  ],
+  "additionalProperties": false
+}

package/src/controllers/reference/autohooks.js ADDED Viewed

@@ -0,0 +1,5 @@
+const autohooks = async (fastify) => {
+  fastify.autoSchemaPreset({ tags: ['careerwallet'] });
+};
+module.exports = autohooks;