npm - @verii/endpoints-organizations-registrar - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/endpoints-organizations-registrar 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/src/fetchers/monitoring/monitor-create-fetcher.js ADDED Viewed

@@ -0,0 +1,23 @@
+const createMonitor = async (
+  { monitorType, url, pronounceableName, requiredKeyword },
+  { betterUptimeFetch }
+) => {
+  const payload = {
+    monitor_type: monitorType,
+    url,
+    pronounceable_name: pronounceableName,
+    email: true,
+    sms: true,
+    call: false,
+    check_frequency: 5,
+  };
+  if (requiredKeyword) {
+    payload.required_keyword = requiredKeyword;
+  }
+  return betterUptimeFetch.post('monitors', { json: payload }).json();
+};
+module.exports = {
+  createMonitor,
+};

package/src/fetchers/monitoring/monitor-delete-fetcher.js ADDED Viewed

@@ -0,0 +1,6 @@
+const deleteMonitor = async ({ monitorId }, { betterUptimeFetch }) =>
+  betterUptimeFetch.delete(`monitors/${monitorId}`);
+module.exports = {
+  deleteMonitor,
+};

package/src/fetchers/monitoring/monitor-get-all-fetcher.js ADDED Viewed

@@ -0,0 +1,6 @@
+const getAllMonitors = async ({ betterUptimeFetch }) =>
+  betterUptimeFetch.get('monitors').json();
+module.exports = {
+  getAllMonitors,
+};

package/src/fetchers/monitoring/section-create-fetcher.js ADDED Viewed

@@ -0,0 +1,16 @@
+const createSection = async (
+  { orgName, statusPageId },
+  { betterUptimeFetch }
+) => {
+  const payload = {
+    name: orgName,
+    position: 0,
+  };
+  return betterUptimeFetch
+    .post(`status-pages/${statusPageId}/sections`, { json: payload })
+    .json();
+};
+module.exports = {
+  createSection,
+};

package/src/fetchers/monitoring/section-get-all-fetcher.js ADDED Viewed

@@ -0,0 +1,6 @@
+const getAllSections = async (statusPageId, { betterUptimeFetch }) =>
+  betterUptimeFetch.get(`status-pages/${statusPageId}/sections`).json();
+module.exports = {
+  getAllSections,
+};

package/src/fetchers/monitoring/service-version-fetcher.js ADDED Viewed

@@ -0,0 +1,6 @@
+const serviceVersion = async (url, { serviceVersionFetch }) =>
+  serviceVersionFetch.get(url);
+module.exports = {
+  serviceVersion,
+};

package/src/helpers/init-permissions-contract.js ADDED Viewed

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { initPermissions } = require('@verii/contract-permissions');
+const { hexFromJwk } = require('@verii/jwt');
+const { ObjectId } = require('mongodb');
+const { KeyPurposes } = require('@verii/crypto');
+const initPermissionsContract = async (organization, context) => {
+  const { repos } = context;
+  const permissionsKey = await repos.organizationKeys.findOne({
+    filter: {
+      organizationId: new ObjectId(organization._id),
+      purposes: KeyPurposes.PERMISSIONING,
+    },
+  });
+  return initPermissionsContractByKeyId(permissionsKey.kmsKeyId, context);
+};
+const initPermissionsContractByKeyId = async (keyId, context) => {
+  const { config, rpcProvider, withKmsKey } = context;
+  return withKmsKey(keyId, ({ privateJwk }) =>
+    initPermissions(
+      {
+        privateKey: hexFromJwk(privateJwk, true),
+        contractAddress: config.permissionsContractAddress,
+        rpcProvider,
+      },
+      context
+    )
+  );
+};
+module.exports = { initPermissionsContractByKeyId, initPermissionsContract };

package/src/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./entities'),
+  ...require('./config/config'),
+  ...require('./fetchers'),
+  ...require('./plugins'),
+  ...require('./organizations-registrar-endpoints'),
+};

package/src/init-server.js ADDED Viewed

@@ -0,0 +1,91 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { validationPlugin } = require('@verii/validation');
+const { corsPlugin, requestPlugin } = require('@verii/fastify-plugins');
+const { sendEmailPlugin } = require('@verii/aws-clients');
+const {
+  authenticateVnfClientPlugin,
+  rpcProviderPlugin,
+} = require('@verii/base-contract-io');
+const { oauthPlugin } = require('@verii/auth');
+const credentialTypesRepoPlugin = require('@verii/endpoints-credential-types-registrar/src/entities/credential-types/repos/repo');
+const {
+  organizationRegistrarEndpoints,
+} = require('./organizations-registrar-endpoints');
+const initServer = (server) => {
+  if (!server.config.isTest) {
+    server
+      .register(oauthPlugin, {
+        domain: server.config.auth0Domain,
+        audience: [
+          server.config.registrarApiAudience,
+          server.config.oauthAudienceTokenApi,
+        ],
+      })
+      .register(authenticateVnfClientPlugin);
+  }
+  return server
+    .register(rpcProviderPlugin)
+    .register(corsPlugin, {
+      wildcardRoutes: ['/api/v0.6/organizations/search-profiles'],
+    })
+    .register(sendEmailPlugin)
+    .register(validationPlugin, {
+      ajv: server.config.validationPluginAjvOptions,
+    })
+    .addHook('preValidation', async (req) => {
+      req.getDocValidator = server.getDocValidator;
+    })
+    .register(requestPlugin, {
+      name: 'fineractFetch',
+      options: {
+        ...server.config,
+        clientId: server.config.auth0ClientId,
+        clientSecret: server.config.auth0ClientSecret,
+        tokensEndpoint: server.config.vnfOAuthTokensEndpoint,
+        audience: server.config.oauthAudienceFineractApi,
+        scopes: server.config.oauthScopesFineractApi,
+        prefixUrl: server.config.fineractUrl,
+        customHeaders: {
+          'fineract-platform-tenantid': 'default',
+        },
+      },
+    })
+    .register(requestPlugin, {
+      name: 'betterUptimeFetch',
+      options: {
+        ...server.config,
+        requestTimeout: server.config.requestTimeoutBetterUptimeFetch,
+        bearerToken: server.config.monitoringApiToken,
+        prefixUrl: server.config.monitoringApiBaseUrl,
+      },
+    })
+    .register(requestPlugin, {
+      name: 'serviceVersionFetch',
+      options: {
+        ...server.config,
+        requestTimeout: server.config.requestTimeoutBetterUptimeFetch,
+      },
+    })
+    .register(credentialTypesRepoPlugin)
+    .register(organizationRegistrarEndpoints);
+};
+module.exports = { initServer };

package/src/organizations-registrar-endpoints.js ADDED Viewed

@@ -0,0 +1,68 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const AutoLoad = require('@fastify/autoload');
+const fp = require('fastify-plugin');
+const path = require('path');
+const fastifyView = require('@fastify/view');
+const handlebars = require('handlebars');
+const { pubsubPlugin } = require('./plugins/pubsub-plugin');
+const organizationRegistrarEndpoints = async (fastify) =>
+  fastify
+    .register(AutoLoad, {
+      dir: path.join(__dirname, 'entities'),
+      indexPattern: /.*repo(\.ts|\.js|\.cjs|\.mjs)$/,
+      scriptPattern: /.*repo(\.ts|\.js|\.cjs|\.mjs)$/,
+    })
+    .register(AutoLoad, {
+      dir: path.join(__dirname, 'controllers'),
+      indexPattern: /^.*controller(\.ts|\.js|\.cjs|\.mjs)$/,
+      scriptPattern: /.*controller(\.ts|\.js|\.cjs|\.mjs)$/,
+      routeParams: true,
+      autoHooks: true,
+      cascadeHooks: true,
+      options: { prefix: '/api/v0.6' },
+    })
+    .register(pubsubPlugin)
+    .register(AutoLoad, {
+      dir: path.join(__dirname, 'subscribers'),
+    })
+    .register(fastifyView, {
+      engine: {
+        handlebars,
+      },
+      root: path.join(__dirname, 'templates'),
+      includeViewExtension: true,
+    })
+    .addHook('preHandler', async (req) => {
+      req.sendSupportEmail = (subject, message) =>
+        fastify.sendEmail({
+          subject,
+          message,
+          sender: fastify.config.registrarSupportEmail,
+          recipients: [fastify.config.registrarSupportEmail],
+          replyTo: fastify.config.registrarSupportEmail,
+          html: true,
+        });
+    })
+    .addHook('preHandler', async (req) => {
+      req.renderTemplate = fastify.view;
+    });
+module.exports = {
+  organizationRegistrarEndpoints: fp(organizationRegistrarEndpoints),
+};

package/src/plugins/authorization.js ADDED Viewed

@@ -0,0 +1,233 @@
+const { includes } = require('lodash/fp');
+const newError = require('http-errors');
+const {
+  RegistrarScopes,
+  GroupErrorMessages,
+  UserErrorMessages,
+  VNF_GROUP_ID_CLAIM,
+  hasAdminOrganizationScope,
+  hasWriteOrganizationScope,
+  hasReadOrganizationScope,
+  hasAdminUsersScope,
+  hasReadUsersScope,
+  hasWriteUsersScope,
+} = require('../entities');
+// eslint-disable-next-line complexity
+const verifyUserOrganizationWriteAuthorized = async (ctx) => {
+  const { method, params, user } = ctx;
+  if (hasAdminOrganizationScope(user)) {
+    return true;
+  }
+  if (!hasWriteOrganizationScope(user)) {
+    throw new newError.Forbidden(
+      UserErrorMessages.MISSING_REQUIRED_SCOPES_TEMPLATE({
+        requiredScopes: [
+          RegistrarScopes.WriteOrganizations,
+          RegistrarScopes.AdminOrganizations,
+        ],
+      })
+    );
+  }
+  if (params?.did) {
+    const orgGroup = await loadGroupByDid(params.did, ctx);
+    validateUserGroupIdClaim(user, orgGroup, params.did);
+    await syncGroupClientAdmins(user, orgGroup, ctx);
+    decorateScope({ dids: [params.did], groupId: orgGroup.groupId }, ctx);
+    return true;
+  }
+  if (user[VNF_GROUP_ID_CLAIM] != null) {
+    const userGroup = await loadGroupByUserClaim(user, ctx);
+    await syncGroupClientAdmins(user, userGroup, ctx);
+    decorateScope(
+      {
+        dids: method === 'POST' ? ['new'] : userGroup.dids,
+        groupId: userGroup.groupId,
+      },
+      ctx
+    );
+    return true;
+  }
+  decorateScope({ dids: ['new'], groupId: 'new' }, ctx);
+  return true;
+};
+const verifyUserOrganizationReadAuthorized = async (ctx) => {
+  const { user, params } = ctx;
+  if (hasAdminOrganizationScope(user)) {
+    return true;
+  }
+  if (!hasReadOrganizationScope(user)) {
+    throw new newError.Forbidden(
+      UserErrorMessages.MISSING_REQUIRED_SCOPES_TEMPLATE({
+        requiredScopes: [
+          RegistrarScopes.ReadOrganizations,
+          RegistrarScopes.AdminOrganizations,
+        ],
+      })
+    );
+  }
+  if (params?.did) {
+    const orgGroup = await loadGroupByDid(params.did, ctx);
+    validateUserGroupIdClaim(user, orgGroup, params.did);
+    await syncGroupClientAdmins(user, orgGroup, ctx);
+    decorateScope({ groupId: orgGroup.groupId, dids: [params.did] }, ctx);
+    return true;
+  }
+  validateUserGroupIdClaim(user);
+  const userGroup = await loadGroupByUserClaim(user, ctx);
+  await syncGroupClientAdmins(user, userGroup, ctx);
+  decorateScope(userGroup, ctx);
+  return true;
+};
+const verifyAuthorizedWriteUsers = async (ctx) => {
+  const { user, method, params } = ctx;
+  if (hasAdminUsersScope(user)) {
+    return true;
+  }
+  if (isParamIdYourself(user, params)) {
+    decorateScope({ userId: user.sub }, ctx);
+    return true;
+  }
+  if (!hasWriteUsersScope(user)) {
+    throw new newError.Forbidden(
+      UserErrorMessages.MISSING_REQUIRED_SCOPES_TEMPLATE({
+        user,
+        requiredScopes: [
+          RegistrarScopes.WriteUsers,
+          RegistrarScopes.AdminUsers,
+        ],
+      })
+    );
+  }
+  validateUserGroupIdClaim(user);
+  const group = await loadGroupByUserClaim(user, ctx);
+  validateUserIsGroupClientAdmin(user, group);
+  decorateScope(
+    {
+      ...group,
+      userId: isCreateMethod(method, params?.id) ? 'new' : params.id,
+    },
+    ctx
+  );
+  return true;
+};
+const verifyAuthorizedReadUsers = async (ctx) => {
+  const { user, params } = ctx;
+  if (hasAdminUsersScope(user)) {
+    return true;
+  }
+  if (isParamIdYourself(user, params)) {
+    decorateScope({ userId: user.sub }, ctx);
+    return true;
+  }
+  if (!hasReadUsersScope(user)) {
+    throw new newError.Forbidden(
+      UserErrorMessages.MISSING_REQUIRED_SCOPES_TEMPLATE({
+        requiredScopes: [RegistrarScopes.ReadUsers, RegistrarScopes.AdminUsers],
+      })
+    );
+  }
+  validateUserGroupIdClaim(user);
+  const group = await loadGroupByUserClaim(user, ctx);
+  decorateScope({ ...group, userId: params.id }, ctx);
+  return true;
+};
+const validateUserGroupIdClaim = (user, orgGroup, orgDid) => {
+  if (!user[VNF_GROUP_ID_CLAIM]) {
+    throw new newError.NotFound(
+      UserErrorMessages.USER_MUST_HAVE_GROUP_CLAIM({ user })
+    );
+  }
+  if (orgGroup != null && user[VNF_GROUP_ID_CLAIM] !== orgGroup.groupId) {
+    throw new newError.NotFound(
+      UserErrorMessages.USER_CANNOT_ACCESS_ORGANIZATION_GROUP({
+        user,
+        group: orgGroup,
+        did: orgDid,
+      })
+    );
+  }
+};
+const validateUserIsGroupClientAdmin = (user, group) => {
+  if (!includes(user.sub, group.clientAdminIds)) {
+    throw new newError.Forbidden(
+      UserErrorMessages.USER_NOT_GROUP_CLIENT_ADMIN({
+        user,
+        group,
+      })
+    );
+  }
+};
+const loadGroupByDid = async (did, { repos }) => {
+  const group = await repos.groups.findGroupByDid(did);
+  if (group == null) {
+    throw new newError.NotFound(
+      GroupErrorMessages.ORGANIZATION_GROUP_NOT_FOUND({ did })
+    );
+  }
+  return group;
+};
+const loadGroupByUserClaim = async (user, { repos }) => {
+  try {
+    return await repos.groups.findGroupByGroupId(user[VNF_GROUP_ID_CLAIM]);
+  } catch (ex) {
+    if (ex.status === 404) {
+      throw new newError.Forbidden(
+        UserErrorMessages.USER_INVALID_GROUP_CLAIM({ user })
+      );
+    }
+    throw ex;
+  }
+};
+const syncGroupClientAdmins = async (user, group, { repos, log }) => {
+  try {
+    if (!includes(user.sub, group.clientAdminIds)) {
+      await repos.groups.addUserToGroupClientAdmins(group.groupId, user.sub);
+    }
+  } catch (e) {
+    log.warn(e);
+  }
+};
+const isParamIdYourself = (user, params) =>
+  params?.id != null && params.id === user.sub;
+const isCreateMethod = (method, paramId) => method === 'POST' && !paramId;
+const decorateScope = ({ dids, groupId, userId }, ctx) => {
+  // eslint-disable-next-line better-mutation/no-mutation
+  ctx.scope = {
+    ...ctx.scope,
+    dids: dids ?? ctx.scope?.dids,
+    groupId: groupId ?? ctx.scope?.groupId,
+    userId: userId ?? ctx.scope?.userId,
+  };
+};
+module.exports = {
+  verifyUserOrganizationWriteAuthorized,
+  verifyUserOrganizationReadAuthorized,
+  verifyAuthorizedWriteUsers,
+  verifyAuthorizedReadUsers,
+};

package/src/plugins/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  ...require('./authorization'),
+  ...require('./pubsub-plugin'),
+};

package/src/plugins/pubsub-plugin.js ADDED Viewed

@@ -0,0 +1,82 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const fp = require('fastify-plugin');
+const { subscribe: spenceSubscribe } = require('@spencejs/spence-events');
+const { setSelectedContext } = require('@spencejs/spence-events/src/events');
+const pubsubPlugin = async (fastify) => {
+  setSelectedContext([
+    'user',
+    'traceId',
+    'repos',
+    'kms',
+    'betterUptimeFetch',
+    'secureMessagesFetch',
+    'serviceVersionFetch',
+    'getDocValidator',
+    'headers',
+    'renderTemplate',
+  ]);
+  const baseContext = {
+    config: fastify.config,
+    user: null,
+    log: null,
+    repos: null,
+    kms: null,
+    serviceVersionFetch: null,
+    secureMessagesFetch: null,
+    betterUptimeFetch: null,
+    getDocValidator: null,
+    headers: null,
+  };
+  const pubsub = (subscriberName) => ({
+    subscribe(topic, eventName, subscriber) {
+      spenceSubscribe(topic, eventName, async (event) => {
+        const context = structuredClone(baseContext);
+        context.user = event.meta.user;
+        context.log = fastify.log.child({
+          msgId: event.meta.id,
+          traceId: event.meta.traceId,
+        });
+        context.repos = event.meta.repos;
+        context.serviceVersionFetch = event.meta.serviceVersionFetch;
+        context.secureMessagesFetch = event.meta.secureMessagesFetch;
+        context.betterUptimeFetch = event.meta.betterUptimeFetch;
+        context.getDocValidator = event.meta.getDocValidator;
+        context.renderTemplate = event.meta.renderTemplate;
+        context.headers = event.meta.headers;
+        context.kms = event.meta.kms;
+        try {
+          await subscriber(event, context);
+        } catch (error) {
+          const message = `subscriber named ${subscriberName} failed`;
+          context.log.error({ err: error, event, subscriberName }, message);
+          fastify.sendError(error, { message, event, subscriberName });
+        }
+      });
+      return this;
+    },
+  });
+  fastify.decorate('pubsub', pubsub);
+};
+module.exports = { pubsubPlugin: fp(pubsubPlugin) };

package/src/subscribers/notify-caos.js ADDED Viewed

@@ -0,0 +1,63 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { initSendActivationEmailsToCAOs } = require('../entities');
+const notifyCaos = async (fastify) => {
+  const sendActivationEmailsToCAOs = initSendActivationEmailsToCAOs(fastify);
+  const eventHandler = (
+    {
+      payload: {
+        organization,
+        addedServices,
+        activatedServiceIds,
+        caoServiceRefs,
+      },
+    },
+    context
+  ) =>
+    sendActivationEmailsToCAOs(
+      organization,
+      addedServices,
+      activatedServiceIds,
+      caoServiceRefs,
+      context
+    );
+  fastify
+    .pubsub('notifyCaos')
+    .subscribe('organizations', 'created', eventHandler)
+    .subscribe('services', 'added', eventHandler)
+    .subscribe(
+      'services',
+      'activated',
+      (
+        { payload: { organization, activatedServiceIds, caoServiceRefs } },
+        context
+      ) => {
+        sendActivationEmailsToCAOs(
+          organization,
+          organization.services,
+          activatedServiceIds,
+          caoServiceRefs,
+          context
+        );
+      }
+    );
+};
+module.exports = notifyCaos;