npm - @verii/endpoints-organizations-registrar - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/endpoints-organizations-registrar 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/src/entities/signatories/orchestrators/validate-auth-code.js ADDED Viewed

@@ -0,0 +1,56 @@
+const { isBefore, subMinutes } = require('date-fns/fp');
+const newError = require('http-errors');
+const { isEmpty, find, flow, sortBy, last } = require('lodash/fp');
+const { SignatoryEventStatus } = require('../domain/constants');
+const validateAuthCode = async (organization, authCode, context) => {
+  const { repos, config } = context;
+  const signatoryStatus = await repos.signatoryStatus.findOne({
+    filter: {
+      organizationId: organization._id,
+      authCodes: {
+        $elemMatch: {
+          code: authCode,
+        },
+      },
+    },
+  });
+  if (isEmpty(signatoryStatus)) {
+    throw newError(401, 'Unauthorized', {
+      errorCode: 'unauthorized',
+    });
+  }
+  if (find({ state: SignatoryEventStatus.COMPLETED }, signatoryStatus.events)) {
+    throw newError(400, 'Signatory has already signed', {
+      errorCode: 'signatory_status_already_complete',
+    });
+  }
+  const latestAuthCode = flow(
+    sortBy(['timestamp']),
+    last
+  )(signatoryStatus.authCodes);
+  if (latestAuthCode.code !== authCode) {
+    throw newError(400, 'Please use the latest email sent.', {
+      errorCode: 'auth_code_must_be_most_recent',
+    });
+  }
+  const isTimestampExpired = isBefore(
+    subMinutes(config.signatoryLinkExpiration, new Date())
+  );
+  if (isTimestampExpired(new Date(latestAuthCode.timestamp))) {
+    throw newError(400, 'Auth code has expired.', {
+      errorCode: 'auth_code_expired',
+    });
+  }
+};
+module.exports = {
+  validateAuthCode,
+};

package/src/entities/signatories/repos/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+module.exports = {
+  signatoryStatusRepoPlugin: require('./repo'),
+};

package/src/entities/signatories/repos/repo.js ADDED Viewed

@@ -0,0 +1,35 @@
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+const {
+  signatoryStatusStateRepoExtension,
+} = require('./signatory-status-state-repo-extension');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'signatoryStatus',
+      entityName: 'signatoryStatus',
+      defaultProjection: {
+        _id: 1,
+        organizationDid: 1,
+        organizationId: 1,
+        approvedAt: 1,
+        rejectedAt: 1,
+        events: 1,
+        authCodes: 1,
+        error: 1,
+        createdAt: 1,
+        updatedAt: 1,
+      },
+      timestampKeys: {
+        createdAt: 'createdAt',
+        updatedAt: 'updatedAt',
+      },
+      extensions: [autoboxIdsExtension, signatoryStatusStateRepoExtension],
+    },
+    app
+  );
+};

package/src/entities/signatories/repos/signatory-status-state-repo-extension.js ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { map, isPlainObject, includes } = require('lodash/fp');
+const { ObjectId } = require('mongodb');
+const { SignatoryEventStatus } = require('../domain');
+const signatoryStatusStateRepoExtension = (parent) => ({
+  insertWithState: ({ states, authCode, ...val }, ...args) => {
+    const timestamp = new Date();
+    return parent.insert(
+      {
+        events: [...map((state) => ({ state, timestamp }), states)],
+        authCodes: [{ code: authCode, timestamp }],
+        ...val,
+      },
+      ...args
+    );
+  },
+  addState: async (
+    _idOrFilter,
+    state,
+    $set,
+    projection = parent.defaultColumnsSelection
+  ) => {
+    const eventsArr = [{ state, timestamp: new Date() }];
+    if (
+      includes(state, [
+        SignatoryEventStatus.APPROVED,
+        SignatoryEventStatus.REJECTED,
+        SignatoryEventStatus.MAX_REACHED,
+      ])
+    ) {
+      eventsArr.push({
+        state: SignatoryEventStatus.COMPLETED,
+        timestamp: new Date(),
+      });
+    }
+    let updateStatement = {
+      $push: { events: { $each: eventsArr } },
+    };
+    if ($set) {
+      updateStatement = {
+        ...updateStatement,
+        $set: parent.prepModification($set),
+      };
+    }
+    const filter = isPlainObject(_idOrFilter)
+      ? _idOrFilter
+      : { _id: new ObjectId(_idOrFilter) };
+    const result = await parent
+      .collection()
+      .findOneAndUpdate(parent.prepFilter(filter), updateStatement, {
+        returnDocument: 'after',
+        includeResultMetadata: true,
+        projection,
+      });
+    return result.value;
+  },
+  addStateAndCode: async (
+    _id,
+    state,
+    authCode,
+    projection = parent.defaultColumnsSelection
+  ) => {
+    const timestamp = new Date();
+    const result = await parent.collection().findOneAndUpdate(
+      parent.prepFilter({ _id: new ObjectId(_id) }),
+      {
+        $push: {
+          events: { state, timestamp },
+          authCodes: { code: authCode, timestamp },
+        },
+      },
+      {
+        returnDocument: 'after',
+        includeResultMetadata: true,
+        projection,
+      }
+    );
+    return result.value;
+  },
+  findByEvent: async (eventTimestamp) => {
+    const aggregationPipeline = [
+      {
+        $match: {
+          'events.state': {
+            $ne: SignatoryEventStatus.COMPLETED,
+          },
+        },
+      },
+      {
+        $addFields: {
+          latestEvent: { $last: '$events' },
+        },
+      },
+      {
+        $match: {
+          'latestEvent.timestamp': {
+            $lte: eventTimestamp,
+          },
+        },
+      },
+    ];
+    return parent.collection().aggregate(aggregationPipeline);
+  },
+  extensions: parent.extensions.concat(['signatoryStatusStateRepoExtension']),
+});
+module.exports = { signatoryStatusStateRepoExtension };

package/src/entities/users/domains/constants.js ADDED Viewed

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { VNF_GROUP_ID_CLAIM } = require('../../oauth');
+const UserErrorMessages = {
+  USER_NOT_FOUND: 'User not found',
+  USER_MUST_HAVE_GROUP_CLAIM: ({ user }) =>
+    `User ${user?.sub} must have a group claim`,
+  USER_INVALID_GROUP_CLAIM: ({ user }) =>
+    `User ${user?.sub} has an invalid group claim ${user[VNF_GROUP_ID_CLAIM]}`,
+  USER_NOT_GROUP_CLIENT_ADMIN: ({ user, group }) =>
+    `User ${user?.sub} must be in clientAdminIds of group ${
+      group?.groupId ?? user[VNF_GROUP_ID_CLAIM]
+    }`,
+  USER_CANNOT_ACCESS_ORGANIZATION_GROUP: ({ user, did, group }) =>
+    `User ${user?.sub} (group claim ${user[VNF_GROUP_ID_CLAIM]}) access forbidden to organization ${did} (groupId ${group?.groupId})`,
+  MISSING_REQUIRED_SCOPES_TEMPLATE: ({ requiredScopes }) =>
+    `User must have one of the following scopes: ${JSON.stringify(
+      requiredScopes
+    )}`,
+  USER_CANNOT_SPECIFY_GROUP_ID: 'User must not contain a "groupId"',
+  USER_MUST_SPECIFY_GROUP_ID: 'User must specify a "groupId"',
+};
+module.exports = { UserErrorMessages };

package/src/entities/users/domains/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  ...require('./constants'),
+  ...require('./user-registrar-emails'),
+};

package/src/entities/users/domains/user-registrar-emails.js ADDED Viewed

@@ -0,0 +1,52 @@
+/* eslint-disable max-len */
+const { reduce, compact } = require('lodash/fp');
+const renderInviteTextTokenWalletRole = (
+  tokenWalletRole,
+  organizations,
+  config
+) => {
+  const hasRole = compact(tokenWalletRole).length;
+  if (!hasRole) {
+    return '';
+  }
+  return `To access the Payment and Rewards Hub, please follow the link(s) below and use the credentials you just created to login.<br>
+PLEASE NOTE - Access to the Payment and Rewards Hub will only be possible once your services are activated.<br>
+${reduce(
+  (text, org) =>
+    `${text}<a href='${config.tokenWalletBaseUrl}/o/${org.didDoc.id}'>${org.profile.name}</a> <br>`,
+  '',
+  organizations
+)}`;
+};
+const initUserRegistrarEmails = (config) => ({
+  emailToUserForUserInvite: ({
+    user,
+    ticket,
+    organizations = [],
+    tokenWalletRole,
+  }) => ({
+    subject: 'Velocity Network Registrar Invitation',
+    message: `${user.givenName} ${user.familyName},
+Welcome to the Velocity Network Registrar.<br><br>
+Please accept your invite and set your password at <a href='${ticket}'>${ticket}</a>
+<br>
+<br>
+${renderInviteTextTokenWalletRole(tokenWalletRole, organizations, config)}
+<br>
+Regards,
+<br>
+<br>
+The Velocity Network Registrar
+`,
+    sender: config.registrarSupportEmail,
+    recipients: [user.email],
+    replyTo: config.noReplyEmail,
+    html: true,
+  }),
+});
+module.exports = { initUserRegistrarEmails };

package/src/entities/users/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  ...require('./domains'),
+  ...require('./orchestrators'),
+};

package/src/entities/users/orchestrators/create-auth0-user.js ADDED Viewed

@@ -0,0 +1,60 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { compact, map, isEmpty } = require('lodash/fp');
+const { RoleNames, initAuth0Provisioner } = require('../../oauth');
+const initCreateAuth0User = (fastify) => {
+  const { createAuth0User, addRoleToAuth0User, createPasswordChangeTicket } =
+    initAuth0Provisioner(fastify.config);
+  return async (
+    { userPayload, registrarRole = null, tokenWalletRole = null, groupId },
+    context
+  ) => {
+    const { tokenWalletBaseUrl, registrarAppUiUrl } = fastify.config;
+    const { repos } = context;
+    const user = await createAuth0User({ user: userPayload });
+    const roles = compact([registrarRole, tokenWalletRole]);
+    await Promise.all(
+      map((roleName) => addRoleToAuth0User({ user, roleName }), roles)
+    );
+    if (groupId != null && registrarRole === RoleNames.RegistrarClientAdmin) {
+      await repos.groups.addUserToGroupClientAdmins(groupId, user.id);
+    }
+    const { ticket } = await createPasswordChangeTicket({
+      user,
+      resultUrl:
+        isEmpty(registrarRole) && !isEmpty(tokenWalletRole)
+          ? tokenWalletBaseUrl
+          : registrarAppUiUrl,
+    });
+    return {
+      user,
+      ticket,
+    };
+  };
+};
+module.exports = {
+  initCreateAuth0User,
+};

package/src/entities/users/orchestrators/get-or-create-auth0-user.js ADDED Viewed

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { first, isEmpty } = require('lodash/fp');
+const { initUserManagement } = require('./user-management');
+const { RoleNames, initAuth0Provisioner } = require('../../oauth');
+const { initCreateAuth0User } = require('./create-auth0-user');
+const initGetOrCreateAuth0User = (fastify) => {
+  const createAuth0User = initCreateAuth0User(fastify);
+  const { createPasswordChangeTicket } = initAuth0Provisioner(fastify.config);
+  const { getUserByEmail } = initUserManagement(fastify.config);
+  return async (email, givenName, familyName, req) => {
+    const existingUser = first(await getUserByEmail(email));
+    if (!isEmpty(existingUser)) {
+      if (existingUser.isRegistered) {
+        return { user: existingUser };
+      }
+      const { ticket } = await createPasswordChangeTicket({
+        user: existingUser,
+        resultUrl: fastify.config.registrarAppUiUrl,
+      });
+      return { user: existingUser, ticket };
+    }
+    const { user, ticket } = await createAuth0User(
+      {
+        userPayload: {
+          email,
+          givenName,
+          familyName,
+        },
+        registrarRole: RoleNames.RegistrarClientAdmin,
+        tokenWalletRole: RoleNames.TokenWalletClientFinanceAdmin,
+      },
+      req
+    );
+    return { user, ticket };
+  };
+};
+module.exports = {
+  initGetOrCreateAuth0User,
+};

package/src/entities/users/orchestrators/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./create-auth0-user'),
+  ...require('./get-or-create-auth0-user'),
+  ...require('./user-management'),
+};

package/src/entities/users/orchestrators/user-management.js ADDED Viewed

@@ -0,0 +1,157 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { ManagementClient } = require('auth0');
+const {
+  camelCase,
+  flow,
+  omitBy,
+  isNil,
+  map,
+  mapKeys,
+  pick,
+  omit,
+} = require('lodash/fp');
+const { initAuth0RoleArrToRolesObj } = require('../../oauth');
+const initManagementClient = ({ domain, clientId, clientSecret, audience }) => {
+  return new ManagementClient({
+    audience,
+    domain,
+    clientId,
+    clientSecret,
+  });
+};
+const initUserManagement = ({
+  auth0ManagementApiAudience,
+  auth0Domain,
+  auth0ClientId,
+  auth0ClientSecret,
+  auth0SuperuserRoleId,
+  auth0ClientAdminRoleId,
+  auth0ClientFinanceAdminRoleId,
+  auth0ClientSystemUserRoleId,
+} = {}) => {
+  const managementClient = initManagementClient({
+    audience: auth0ManagementApiAudience,
+    domain: auth0Domain,
+    clientId: auth0ClientId,
+    clientSecret: auth0ClientSecret,
+  });
+  const auth0RolesArrToRolesObj = initAuth0RoleArrToRolesObj({
+    auth0SuperuserRoleId,
+    auth0ClientAdminRoleId,
+    auth0ClientFinanceAdminRoleId,
+    auth0ClientSystemUserRoleId,
+  });
+  const softDeleteUser = async ({ id }, context) => {
+    const { data: user } = await managementClient.users.get({ id });
+    if (isUserAccessPermitted(mapUser(user), context)) {
+      await managementClient.users.update(
+        { id },
+        {
+          blocked: true,
+        }
+      );
+    }
+  };
+  // defaults for dodgy invitations that were created without correct names. See VL-7602
+  const defaultUserValues = {
+    given_name: '',
+    family_name: '',
+  };
+  const getUser = async ({ id }, context) => {
+    const { data: user } = await managementClient.users.get({ id });
+    return scopeUser(mapUser(user), context);
+  };
+  const getUserWithRoles = async ({ id }, context) => {
+    const [{ data: user }, roles] = await Promise.all([
+      managementClient.users.get({ id }),
+      getRolesOfUser({ id, page: 0, perPage: 10 }),
+    ]);
+    const currentRolesObj = auth0RolesArrToRolesObj(roles);
+    return scopeUser(mapUser(user, currentRolesObj), context);
+  };
+  const getUserByEmail = async (email, context) => {
+    const { data: users } = await managementClient.usersByEmail.getByEmail({
+      email,
+    });
+    return map((user) => scopeUser(mapUser(user), context), users);
+  };
+  const mapUser = (user, otherProps) => {
+    const obj = {
+      id: user.user_id,
+      groupId: user.app_metadata?.groupId,
+      isRegistered: user.logins_count > 0,
+      ...defaultUserValues,
+      ...omit(['user_id', 'app_metadata'], user),
+      ...otherProps,
+    };
+    return flow(omitBy(isNil), mapKeys(camelCase))(obj);
+  };
+  const scopeUser = (user, context) => {
+    if (isUserAccessPermitted(user, context)) {
+      return user;
+    }
+    return pick(
+      ['email', 'givenName', 'familyName', 'id', 'isRegistered'],
+      user
+    );
+  };
+  const getRolesOfUser = async ({ id, page, perPage }) => {
+    const { data: roles } = await managementClient.users.getRoles(
+      {
+        id,
+      },
+      {
+        page,
+        per_page: perPage,
+        // sort: 'date:-1',
+        // include_totals: true,
+      }
+    );
+    return roles;
+  };
+  return {
+    getUser,
+    getUserWithRoles,
+    softDeleteUser,
+    getUserByEmail,
+  };
+};
+const isUserAccessPermitted = (user, context) =>
+  context != null &&
+  (context.scope == null ||
+    (context.scope?.userId != null && context.scope.userId === user.id) ||
+    (context.scope?.groupId != null && context.scope.groupId === user.groupId));
+module.exports = {
+  initUserManagement,
+};

package/src/fetchers/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./monitoring'),
+};

package/src/fetchers/monitoring/index.js ADDED Viewed

@@ -0,0 +1,9 @@
+module.exports = {
+  ...require('./monitor-create-fetcher'),
+  ...require('./monitor-delete-fetcher'),
+  ...require('./monitor-get-all-fetcher'),
+  ...require('./monitor-add-to-page-fetcher'),
+  ...require('./section-create-fetcher'),
+  ...require('./section-get-all-fetcher'),
+  ...require('./service-version-fetcher'),
+};

package/src/fetchers/monitoring/monitor-add-to-page-fetcher.js ADDED Viewed

@@ -0,0 +1,18 @@
+const addMonitorToStatusPage = async (
+  { resourceId, publicName, statusPageId, statusPageSectionId },
+  { betterUptimeFetch }
+) => {
+  const payload = {
+    resource_id: resourceId,
+    resource_type: 'Monitor',
+    public_name: publicName,
+    explanation: 'Add Comment here',
+    status_page_section_id: statusPageSectionId,
+  };
+  return betterUptimeFetch
+    .post(`status-pages/${statusPageId}/resources`, { json: payload })
+    .json();
+};
+module.exports = {
+  addMonitorToStatusPage,
+};