npm - @verii/endpoints-organizations-registrar - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/endpoints-organizations-registrar 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/src/entities/organizations/domains/build-organization-modifications-on-service-change.js ADDED Viewed

@@ -0,0 +1,82 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { isEmpty, map, defaults, omit, xor } = require('lodash/fp');
+const { categorizeServices } = require('@verii/organizations-registry');
+const {
+  selectActivatedServices,
+} = require('../../organization-services/domains');
+const { initPrepareProfileVc } = require('./prepare-profile-vc');
+const initBuildOrganizationModificationsOnServiceChange = (fastify) => {
+  const prepareProfileVc = initPrepareProfileVc(fastify);
+  return async ({
+    organization,
+    services,
+    activatedServiceIds,
+    newOrganizationIds,
+    authClients,
+  }) => {
+    const { didDoc, profile, ids } = organization;
+    const modifications = {};
+    if (newOrganizationIds != null) {
+      modifications.ids = defaults(newOrganizationIds, ids);
+    }
+    if (authClients != null) {
+      modifications.authClients = map(omit(['clientSecret']), authClients);
+    }
+    const activatedServices = selectActivatedServices(
+      activatedServiceIds,
+      services ?? organization.services
+    );
+    modifications.activatedServiceIds = map('id', activatedServices);
+    const activatedServiceCategories = categorizeServices(activatedServices);
+    if (!isPermissionsChanged(profile, activatedServiceCategories)) {
+      return modifications;
+    }
+    modifications.profile = {
+      ...profile,
+      permittedVelocityServiceCategory: activatedServiceCategories,
+    };
+    const { jwtVc, credentialId, vcUrl } = await prepareProfileVc(
+      didDoc,
+      modifications.profile
+    );
+    modifications.signedProfileVcJwt = {
+      signedCredential: jwtVc,
+      credentialId,
+    };
+    modifications.verifiableCredentialJwt = vcUrl;
+    return modifications;
+  };
+};
+const isPermissionsChanged = (profile, newPermissions) =>
+  profile.permittedVelocityServiceCategory == null ||
+  !isEmpty(xor(profile.permittedVelocityServiceCategory, newPermissions));
+module.exports = {
+  initBuildOrganizationModificationsOnServiceChange,
+};

package/src/entities/organizations/domains/build-profile-vc-url.js ADDED Viewed

@@ -0,0 +1,8 @@
+const initBuildProfileVcUrl =
+  ({ registrarUrl }) =>
+  (didDoc, vcId) =>
+    `${registrarUrl}/api/v0.6/organizations/${didDoc.id}/resolve-vc/${vcId}`;
+module.exports = {
+  initBuildProfileVcUrl,
+};

package/src/entities/organizations/domains/build-profile-verifiable-credential.js ADDED Viewed

@@ -0,0 +1,36 @@
+const { generateCredentialJwt } = require('@verii/jwt');
+const { VerifiableCredentialTypes } = require('@verii/verifiable-credentials');
+const { v4: uuid } = require('uuid');
+const { buildPublicProfile } = require('./build-public-profile');
+const initBuildProfileVerifiableCredential =
+  ({ config: { rootDid, rootPrivateKey, rootKid } }) =>
+  async (profile, didDoc) => {
+    const id = uuid();
+    const credential = {
+      id,
+      type: [
+        VerifiableCredentialTypes.BASIC_PROFILE_V1_0,
+        VerifiableCredentialTypes.VERIFIABLE_CREDENTIAL,
+      ],
+      issuer: {
+        id: rootDid,
+      },
+      credentialSubject: {
+        id: didDoc.id,
+        alsoKnownAs: didDoc.alsoKnownAs,
+        ...buildPublicProfile(profile),
+      },
+    };
+    const jwtVc = await generateCredentialJwt(
+      credential,
+      rootPrivateKey,
+      rootKid
+    );
+    return { jwtVc, credentialId: id };
+  };
+module.exports = {
+  initBuildProfileVerifiableCredential,
+};

package/src/entities/organizations/domains/build-public-profile.js ADDED Viewed

@@ -0,0 +1,9 @@
+const { omit } = require('lodash/fp');
+const { PublicProfileFieldsForHide } = require('./constants');
+const buildPublicProfile = (verifiedProfile) =>
+  omit(PublicProfileFieldsForHide, verifiedProfile);
+module.exports = {
+  buildPublicProfile,
+};

package/src/entities/organizations/domains/constants.js ADDED Viewed

@@ -0,0 +1,54 @@
+const { ServiceTypes } = require('@verii/organizations-registry');
+const Authorities = {
+  NationalAuthority: 'NationalAuthority',
+  DunnAndBradstreet: 'DunnAndBradstreet',
+  GLEIF: 'GLEIF',
+  LinkedIn: 'LinkedIn',
+};
+const OrganizationTypes = {
+  COMPANY: 'company',
+  NON_PROFIT: 'non-profit',
+};
+const OrganizationErrorMessages = {
+  ORGANIZATION_NOT_FOUND: 'Organization not found',
+  VERIFIABLE_CREDENTIAL_NOT_FOUND: 'Verifiable Credential not found',
+  UNRECOGNIZED_VERIFIABLE_CREDENTIAL_TYPE:
+    'Unrecognized Verifiable Credential type',
+};
+const PublicProfileFieldsForHide = [
+  'adminGivenName',
+  'adminFamilyName',
+  'adminName',
+  'adminTitle',
+  'adminEmail',
+  'signatoryGivenName',
+  'signatoryFamilyName',
+  'signatoryName',
+  'signatoryTitle',
+  'signatoryEmail',
+];
+const ServiceTypeLabels = {
+  [ServiceTypes.InspectionType]: 'Relying Party',
+  [ServiceTypes.NotaryIssuerType]: 'Notary Issuer',
+  [ServiceTypes.HolderAppProviderType]: 'Wallet App Provider',
+  [ServiceTypes.NodeOperatorType]: 'Node Operator',
+  [ServiceTypes.CredentialAgentOperatorType]: 'Credential Agent Operator',
+  [ServiceTypes.CareerIssuerType]: 'Issuer of Career Credentials',
+  [ServiceTypes.IdentityIssuerType]: 'Issuer of Identity Credentials',
+  [ServiceTypes.IdentityIssuerType]: 'Issuer of Identity Credentials',
+  [ServiceTypes.IdentityIssuerType]: 'Issuer of Identity Credentials',
+  [ServiceTypes.IdentityIssuerType]: 'Issuer of Identity Credentials',
+};
+module.exports = {
+  Authorities,
+  OrganizationErrorMessages,
+  OrganizationTypes,
+  PublicProfileFieldsForHide,
+  ServiceTypeLabels,
+};

package/src/entities/organizations/domains/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+module.exports = {
+  ...require('./build-custodied-did-web'),
+  ...require('./build-full-organization-response'),
+  ...require('./build-organization-modifications-on-service-change'),
+  ...require('./build-profile-vc-url'),
+  ...require('./build-profile-verifiable-credential'),
+  ...require('./build-public-profile'),
+  ...require('./constants'),
+  ...require('./organization-vc-checks'),
+  ...require('./parse-profile-to-csv'),
+  ...require('./prepare-profile-vc'),
+  ...require('./profile-name-normalization'),
+  ...require('./validate-byo-did-keys'),
+  ...require('./validate-profile-name'),
+  ...require('./validate-profile-website'),
+  ...require('./validate-update-profile'),
+};

package/src/entities/organizations/domains/organization-vc-checks.js ADDED Viewed

@@ -0,0 +1,49 @@
+const { decodeCredentialJwt } = require('@verii/jwt');
+const { CredentialCheckResultValue } = require('@verii/verifiable-credentials');
+const {
+  checkExpiration,
+  checkJwtVCTampering,
+  CheckResults,
+} = require('@verii/vc-checks');
+const checkOrgIssuerMatch = ({ issuer }, trustedIssuer) => {
+  const id = issuer?.id ?? issuer;
+  return id !== trustedIssuer
+    ? CredentialCheckResultValue.FAIL
+    : CredentialCheckResultValue.PASS;
+};
+const runAllOrgChecks = async (
+  { signedCredential, rootJwk, rootDid },
+  context
+) => {
+  const decodedCredential = await decodeCredentialJwt(signedCredential);
+  const tamperingCheck = await checkJwtVCTampering(
+    signedCredential,
+    rootJwk,
+    context
+  );
+  if (tamperingCheck !== CheckResults.PASS) {
+    return {
+      UNTAMPERED: tamperingCheck,
+      TRUSTED_ISSUER: CredentialCheckResultValue.NOT_CHECKED,
+      UNREVOKED: CredentialCheckResultValue.NOT_CHECKED,
+      UNEXPIRED: CredentialCheckResultValue.NOT_CHECKED,
+      checked: new Date(),
+    };
+  }
+  return {
+    UNTAMPERED: tamperingCheck,
+    TRUSTED_ISSUER: checkOrgIssuerMatch(decodedCredential, rootDid),
+    UNREVOKED: CredentialCheckResultValue.NOT_CHECKED,
+    UNEXPIRED: checkExpiration(decodedCredential),
+    checked: new Date(),
+  };
+};
+module.exports = {
+  runAllOrgChecks,
+};

package/src/entities/organizations/domains/parse-profile-to-csv.js ADDED Viewed

@@ -0,0 +1,41 @@
+const { parseToCsv } = require('@verii/csv-parser');
+const { join, isNil, omitBy, flow, reject } = require('lodash/fp');
+const { Authorities } = require('./constants');
+const parseProfileToCsv = async (organizationProfile) => {
+  const csvFile = await parseToCsv(
+    [
+      flow(omitBy(isNil), (profile) => ({
+        ...profile,
+        ...buildPermittedVelocityServiceCategory(profile),
+        ...removeLinkedInRegistrationNumber(profile),
+      }))(organizationProfile),
+    ],
+    ['registrationNumbers', 'commercialEntities']
+  );
+  return csvFile;
+};
+const buildPermittedVelocityServiceCategory = (profile) => {
+  const obj = {};
+  if (profile?.permittedVelocityServiceCategory != null) {
+    obj.permittedVelocityServiceCategory = join(
+      ', ',
+      profile.permittedVelocityServiceCategory
+    );
+  }
+  return obj;
+};
+const removeLinkedInRegistrationNumber = (profile) => {
+  return {
+    registrationNumbers: reject(
+      { authority: Authorities.LinkedIn },
+      profile.registrationNumbers
+    ),
+  };
+};
+module.exports = {
+  parseProfileToCsv,
+};

package/src/entities/organizations/domains/prepare-profile-vc.js ADDED Viewed

@@ -0,0 +1,28 @@
+const {
+  initBuildProfileVerifiableCredential,
+} = require('./build-profile-verifiable-credential');
+const { initBuildProfileVcUrl } = require('./build-profile-vc-url');
+const initPrepareProfileVc = (fastify) => {
+  const buildProfileVerifiableCredential =
+    initBuildProfileVerifiableCredential(fastify);
+  const buildProfileVcUrl = initBuildProfileVcUrl({
+    registrarUrl: fastify.config.hostUrl,
+  });
+  return async (didDoc, profile) => {
+    const { jwtVc, credentialId } = await buildProfileVerifiableCredential(
+      profile,
+      didDoc
+    );
+    const vcUrl = buildProfileVcUrl(didDoc, credentialId);
+    return {
+      credentialId,
+      jwtVc,
+      vcUrl,
+    };
+  };
+};
+module.exports = { initPrepareProfileVc };

package/src/entities/organizations/domains/profile-name-normalization.js ADDED Viewed

@@ -0,0 +1,5 @@
+const normalizeProfileName = (name) =>
+  name.replace(/\s+/g, ' ').toLowerCase().trim();
+module.exports = {
+  normalizeProfileName,
+};

package/src/entities/organizations/domains/validate-byo-did-keys.js ADDED Viewed

@@ -0,0 +1,28 @@
+const { KeyPurposes } = require('@verii/crypto');
+const newError = require('http-errors');
+const { isEmpty, all, find } = require('lodash/fp');
+const validateByoDidKeys = (keys) => {
+  if (isEmpty(keys)) {
+    throw newError(400, 'Keys are required for BYO DID', {
+      code: 'keys_required',
+    });
+  }
+  const isNonCustodialKeys = all((key) => !key.custodial, keys);
+  if (!isNonCustodialKeys) {
+    throw newError(400, 'Keys must be non-custodial', {
+      code: 'keys_must_be_non_custodial',
+    });
+  }
+  const dlt = find(
+    (key) => key.purposes.includes(KeyPurposes.DLT_TRANSACTIONS),
+    keys
+  );
+  if (isEmpty(dlt)) {
+    throw newError(400, 'Keys must include DLT_TRANSACTIONS purpose', {
+      code: 'keys_must_include_dlt_transactions',
+    });
+  }
+};
+module.exports = { validateByoDidKeys };

package/src/entities/organizations/domains/validate-profile-name.js ADDED Viewed

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const newError = require('http-errors');
+const { normalizeProfileName } = require('./profile-name-normalization');
+const { hasAdminOrganizationScope } = require('../../oauth');
+const validateProfileName = async (name, organization, { repos, user }) => {
+  const normalizedProfileName = normalizeProfileName(name);
+  if (organization != null) {
+    if (normalizedProfileName === organization.normalizedProfileName) {
+      return;
+    }
+    if (!hasAdminOrganizationScope(user)) {
+      throw newError(400, 'Name change forbidden', {
+        errorCode: 'name_change_forbidden',
+      });
+    }
+  }
+  const count = await repos.organizations.count({
+    filter: { normalizedProfileName },
+  });
+  if (count > 0) {
+    throw newError(400, 'Organization name already exists', {
+      errorCode: 'name_change_forbidden',
+    });
+  }
+};
+module.exports = { validateProfileName };

package/src/entities/organizations/domains/validate-profile-website.js ADDED Viewed

@@ -0,0 +1,17 @@
+const newError = require('http-errors');
+const validateProfileWebsite = ({ profile }) => {
+  const url = new URL(profile.website);
+  if (url.protocol !== 'https:') {
+    throw newError(400, 'Website protocol must be https', {
+      errorCode: 'website_protocol_must_be_https',
+    });
+  }
+  if (url.pathname !== '/' || `${profile.website}/` !== url.href) {
+    throw newError(400, 'Website must have empty path after domain', {
+      errorCode: 'website_path_must_be_empty',
+    });
+  }
+};
+module.exports = { validateProfileWebsite };

package/src/entities/organizations/domains/validate-update-profile.js ADDED Viewed

@@ -0,0 +1,11 @@
+const newError = require('http-errors');
+const validateUpdateProfile = (profile) => {
+  if (profile.website != null) {
+    throw newError(400, 'Website must not be specified', {
+      errorCode: 'website_must_not_be_specified',
+    });
+  }
+};
+module.exports = { validateUpdateProfile };

package/src/entities/organizations/factories/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = { ...require('./organizations-factory') };

package/src/entities/organizations/factories/organizations-factory.js ADDED Viewed

@@ -0,0 +1,180 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+/* eslint-disable complexity */
+const { compact, filter, flow, map } = require('lodash/fp');
+const { register } = require('@spencejs/spence-factories');
+const { createDidDoc, toRelativeServiceId } = require('@verii/did-doc');
+const { categorizeServices } = require('@verii/organizations-registry');
+const { hexFromJwk } = require('@verii/jwt');
+const {
+  KeyPurposes,
+  generateKeyPair,
+  KeyAlgorithms,
+} = require('@verii/crypto');
+const { toEthereumAddress } = require('@verii/blockchain-functions');
+const { ObjectId } = require('mongodb');
+const {
+  initBuildProfileVerifiableCredential,
+  initBuildProfileVcUrl,
+  normalizeProfileName,
+  Authorities,
+} = require('../domains');
+const organizationsRepoPlugin = require('../repos/repo');
+module.exports = (app) => {
+  const buildProfileVerifiableCredential =
+    initBuildProfileVerifiableCredential(app);
+  const buildProfileVcUrl = initBuildProfileVcUrl({
+    registrarUrl: app.config.hostUrl,
+  });
+  return register(
+    'organization',
+    organizationsRepoPlugin(app)(app),
+    async (overrides, { getOrBuild }) => {
+      const nonce = generateKeyPair().privateKey;
+      const website = await getOrBuild(
+        'website',
+        () => `https://www.${nonce}.organization.com`
+      );
+      const did = await getOrBuild('did', () => `did:test:${nonce}`);
+      const alsoKnownAs = await getOrBuild('alsoKnownAs', () => undefined);
+      const didNotCustodied = await getOrBuild('didNotCustodied', () => false);
+      const services = await getOrBuild('service', () => []);
+      const activatedServiceIds = await getOrBuild('activatedServiceIds', () =>
+        flow(map('id'), compact, map(toRelativeServiceId))(services)
+      );
+      const activatedServices = filter(
+        (s) => activatedServiceIds.includes(s.id),
+        services
+      );
+      const { publicKey: ethereumKey } = generateKeyPair({ format: 'jwk' });
+      const { publicKey: dltTransactionsPublicKey } = generateKeyPair({
+        format: 'jwk',
+      });
+      const keys = await getOrBuild('keys', () => [
+        {
+          id: '#eth-account-key-1',
+          purposes: [KeyPurposes.DLT_TRANSACTIONS],
+          type: 'EcdsaSecp256k1VerificationKey2019',
+          publicKey: dltTransactionsPublicKey,
+          algorithm: KeyAlgorithms.SECP256K1,
+        },
+      ]);
+      const { didDoc } = createDidDoc({
+        did,
+        services,
+        keys,
+        alsoKnownAs,
+      });
+      // eslint-disable-next-line better-mutation/no-mutation
+      didDoc.id = await getOrBuild('didDocId', () => didDoc.id);
+      const mergeIds = await getOrBuild('_mergeIds', () => {});
+      const ids = {
+        did: didDoc.id,
+        ethereumAccount: toEthereumAddress(hexFromJwk(ethereumKey, false)),
+        fineractClientId: '1',
+        tokenAccountId: '9',
+        escrowAccountId: '5',
+        brokerClientId: new ObjectId(),
+        ...mergeIds,
+      };
+      const commercialEntities = await getOrBuild(
+        'commercialEntities',
+        () => undefined
+      );
+      const skipTechnicalEmail = await getOrBuild(
+        'skipTechnicalEmail',
+        () => false
+      );
+      const skipContactEmail = await getOrBuild(
+        'skipContactEmail',
+        () => false
+      );
+      const ovverideObj = overrides();
+      const profile = ovverideObj.profile || {
+        name: await getOrBuild('name', () => 'Test Organization'),
+        ...(commercialEntities && { commercialEntities }),
+        logo: 'http://www.organization.com/logo.png',
+        website,
+        registrationNumbers: [
+          {
+            authority: Authorities.DunnAndBradstreet,
+            number: '1',
+            uri: 'uri://uri',
+          },
+        ],
+        location: {
+          countryCode: 'US',
+          regionCode: 'NY',
+        },
+        type: 'company',
+        founded: '2020-01-01',
+        closed: '2020-01-01',
+        description: 'Short description',
+        permittedVelocityServiceCategory: categorizeServices(activatedServices),
+        linkedInProfile: 'https://www.linkedin.com/in/test-profile',
+        physicalAddress: {
+          line1: '123 Main St',
+          line2: 'Suite 123',
+          line3: 'New York',
+        },
+        adminGivenName: 'Admin Given Name',
+        adminFamilyName: 'Admin Family Name',
+        adminTitle: 'Admin Title',
+        adminEmail: 'admin@email.com',
+        signatoryGivenName: 'Signatory Given Name',
+        signatoryFamilyName: 'Signatory Family Name',
+        signatoryTitle: 'Signatory Title',
+        signatoryEmail: 'signatory@email.com',
+        ...(!skipTechnicalEmail && { technicalEmail: 'technical@email.com' }),
+        ...(!skipContactEmail && { contactEmail: 'contact@example.com' }),
+      };
+      const { jwtVc, credentialId } = await buildProfileVerifiableCredential(
+        profile,
+        didDoc
+      );
+      const verifiableCredentialJwt = buildProfileVcUrl(didDoc, credentialId);
+      return {
+        didDoc: didNotCustodied
+          ? { id: didDoc.id }
+          : { ...didDoc, service: services },
+        profile,
+        signedProfileVcJwt: { signedCredential: jwtVc, credentialId },
+        verifiableCredentialJwt,
+        authClients: [],
+        services,
+        activatedServiceIds,
+        didNotCustodied,
+        normalizedProfileName: await getOrBuild('normalizedProfileName', () =>
+          normalizeProfileName(profile.name)
+        ),
+        ids,
+        ...ovverideObj,
+      };
+    }
+  );
+};

package/src/entities/organizations/index.js ADDED Viewed

@@ -0,0 +1,6 @@
+module.exports = {
+  ...require('./adapters'),
+  ...require('./domains'),
+  ...require('./orchestrators'),
+  ...require('./repos'),
+};

package/src/entities/organizations/orchestrators/add-primary-permissions.js ADDED Viewed

@@ -0,0 +1,28 @@
+const { toEthereumAddress } = require('@verii/blockchain-functions');
+const { initPermissions } = require('@verii/contract-permissions');
+const addPrimaryPermissions = async (
+  { primaryAccount, rotationKeyPair, permissioningKeyPair },
+  context
+) => {
+  const {
+    config: { rootPrivateKey, permissionsContractAddress },
+    rpcProvider,
+  } = context;
+  const permissionRootContract = await initPermissions(
+    {
+      privateKey: rootPrivateKey,
+      contractAddress: permissionsContractAddress,
+      rpcProvider,
+    },
+    context
+  );
+  await permissionRootContract.addPrimary({
+    primary: primaryAccount,
+    permissioning: toEthereumAddress(permissioningKeyPair.publicKey),
+    rotation: toEthereumAddress(rotationKeyPair.publicKey),
+  });
+};
+module.exports = { addPrimaryPermissions };