npm - @verii/endpoints-organizations-registrar - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/endpoints-organizations-registrar 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/src/controllers/signatories/controller.js ADDED Viewed

@@ -0,0 +1,43 @@
+const {
+  RegistrarScopes,
+  sendReminders,
+  initSendEmailNotifications,
+} = require('../../entities');
+const signatoriesController = async (fastify) => {
+  const { sendEmailToSignatoryForOrganizationApproval } =
+    initSendEmailNotifications(fastify);
+  fastify.post(
+    '/send-reminder',
+    {
+      onRequest: [fastify.verifyAccessToken([RegistrarScopes.EventsTrigger])],
+      schema: fastify.autoSchema({
+        tags: ['signatory-management-event-processing'],
+        security: [
+          {
+            RegistrarOAuth2: [RegistrarScopes.EventsTrigger],
+          },
+        ],
+        response: {
+          200: {
+            type: 'object',
+            additionalProperties: false,
+          },
+        },
+      }),
+    },
+    async (req) => {
+      setTimeout(async () => {
+        try {
+          await sendReminders(sendEmailToSignatoryForOrganizationApproval, req);
+        } catch (e) {
+          req.log.warn(e);
+        }
+      }, 0);
+      return {};
+    }
+  );
+};
+module.exports = signatoriesController;

package/src/controllers/users/autohooks.js ADDED Viewed

@@ -0,0 +1,10 @@
+const { modifyUserSchema, userSchema } = require('./schemas');
+module.exports = async (fastify) => {
+  fastify
+    .addSchema(modifyUserSchema)
+    .addSchema(userSchema)
+    .autoSchemaPreset({
+      tags: ['registrar_iam'],
+    });
+};

package/src/controllers/users/controller.js ADDED Viewed

@@ -0,0 +1,221 @@
+const newError = require('http-errors');
+const {
+  verifyAuthorizedWriteUsers,
+  verifyAuthorizedReadUsers,
+} = require('../../plugins/authorization');
+const {
+  RegistrarScopes,
+  UserErrorMessages,
+  initCreateAuth0User,
+  initUserManagement,
+  initUserRegistrarEmails,
+} = require('../../entities');
+const userController = async (fastify) => {
+  const createAuth0User = initCreateAuth0User(fastify);
+  const { getUserWithRoles, softDeleteUser } = initUserManagement(
+    fastify.config
+  );
+  const { emailToUserForUserInvite } = initUserRegistrarEmails(fastify.config);
+  fastify.post(
+    '/',
+    {
+      onRequest: fastify.verifyAccessToken([
+        RegistrarScopes.AdminUsers,
+        RegistrarScopes.WriteUsers,
+      ]),
+      preHandler: verifyAuthorizedWriteUsers,
+      schema: fastify.autoSchema({
+        security: [
+          {
+            RegistrarOAuth2: [
+              RegistrarScopes.AdminUsers,
+              RegistrarScopes.WriteUsers,
+            ],
+          },
+        ],
+        body: {
+          $ref: 'https://velocitycareerlabs.io/modify-user.schema.json#',
+        },
+        response: {
+          201: {
+            $ref: 'https://velocitycareerlabs.io/user.schema.json#',
+          },
+          ...fastify.NotFoundResponse,
+        },
+      }),
+    },
+    async (req, reply) => {
+      const { body, log, user: creatingUser, sendError } = req;
+      const { registrarRole, tokenWalletRole, groupId: bodyGroupId } = body;
+      const groupId = await computeGroupId(creatingUser, bodyGroupId, req);
+      const createUserPayload = {
+        ...body,
+        groupId,
+      };
+      const { user, ticket } = await createAuth0User(
+        {
+          userPayload: createUserPayload,
+          registrarRole,
+          tokenWalletRole,
+          groupId,
+        },
+        req
+      );
+      const organizations = await getOrganizationsByGroupId(
+        { groupId, tokenWalletRole },
+        req
+      );
+      try {
+        await sendInvitationEmailToUser({
+          user,
+          ticket,
+          organizations,
+          registrarRole,
+          tokenWalletRole,
+        });
+      } catch (error) {
+        const message = 'Unable to send invitation email to user';
+        const messageContext = { err: error, user };
+        log.error(messageContext, message);
+        sendError(error, { ...messageContext, message });
+      }
+      reply.code(201);
+      return { ...user, registrarRole, tokenWalletRole, groupId };
+    }
+  );
+  fastify.get(
+    '/:id',
+    {
+      onRequest: fastify.verifyAccessToken([
+        RegistrarScopes.AdminUsers,
+        RegistrarScopes.ReadUsers,
+      ]),
+      preHandler: verifyAuthorizedReadUsers,
+      schema: fastify.autoSchema({
+        security: [
+          {
+            RegistrarOAuth2: [
+              RegistrarScopes.AdminUsers,
+              RegistrarScopes.ReadUsers,
+            ],
+          },
+        ],
+        params: {
+          type: 'object',
+          properties: { id: { type: 'string', description: 'the user id' } },
+        },
+        response: {
+          200: {
+            $ref: 'https://velocitycareerlabs.io/user.schema.json#',
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const { log, params, scope, user: agent } = req;
+      const user = await getUserWithRoles({ id: params.id }, req);
+      if (scope?.groupId != null && user.groupId !== scope.groupId) {
+        log.warn(
+          `${agent.sub} (group ${scope.groupId} does not have access to user ${user.id} with group ${user.groupId}`
+        );
+        throw newError.NotFound('User Not Found');
+      }
+      return user;
+    }
+  );
+  fastify.delete(
+    '/:id',
+    {
+      onRequest: fastify.verifyAccessToken([
+        RegistrarScopes.AdminUsers,
+        RegistrarScopes.WriteUsers,
+      ]),
+      preHandler: verifyAuthorizedWriteUsers,
+      schema: fastify.autoSchema({
+        security: [
+          {
+            RegistrarOAuth2: [
+              RegistrarScopes.AdminUsers,
+              RegistrarScopes.WriteUsers,
+            ],
+          },
+        ],
+        params: {
+          type: 'object',
+          properties: { id: { type: 'string', description: 'the user id' } },
+        },
+        response: {
+          204: {
+            type: 'null',
+          },
+        },
+      }),
+    },
+    async (req, reply) => {
+      await softDeleteUser({ id: req.params.id }, req);
+      return reply.status(204).send();
+    }
+  );
+  const computeGroupId = async (user, bodyGroupId, { scope, log, repos }) => {
+    if (scope?.groupId != null) {
+      if (bodyGroupId !== scope.groupId) {
+        log.error(
+          `User scope.groupId is "${scope.groupId}" doesnt matching requested groupId "${bodyGroupId}"`
+        );
+        throw newError.Forbidden(
+          bodyGroupId === 'new'
+            ? UserErrorMessages.USER_MUST_SPECIFY_GROUP_ID
+            : UserErrorMessages.USER_CANNOT_SPECIFY_GROUP_ID
+        );
+      }
+    } else if (bodyGroupId !== 'new') {
+      // when no authenticated scope, then validate that the requested group exists
+      await repos.groups.findGroupByGroupId(bodyGroupId);
+    }
+    return bodyGroupId === 'new' ? undefined : bodyGroupId;
+  };
+  const sendInvitationEmailToUser = async ({
+    user,
+    ticket,
+    organizations,
+    registrarRole,
+    tokenWalletRole,
+  }) => {
+    await fastify.sendEmail(
+      emailToUserForUserInvite({
+        user,
+        ticket,
+        organizations,
+        registrarRole,
+        tokenWalletRole,
+      })
+    );
+  };
+  const getOrganizationsByGroupId = async (
+    { groupId, tokenWalletRole },
+    context
+  ) => {
+    if (!groupId || !tokenWalletRole) return [];
+    const { repos } = context;
+    const group = await repos.groups.findGroupByGroupId(groupId);
+    return repos.organizations.find({
+      filter: { 'didDoc.id': { $in: group.dids } },
+    });
+  };
+};
+module.exports = userController;

package/src/controllers/users/schemas/base-user.schema.json ADDED Viewed

@@ -0,0 +1,55 @@
+{
+  "title": "base-user",
+  "$id": "https://velocitycareerlabs.io/base-user.schema.json",
+  "type": "object",
+  "description": "base user schema",
+  "properties": {
+    "email": {
+      "type": "string",
+      "pattern": "^[a-zA-Z0-9.!#$%&’*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\\.[a-zA-Z0-9-]+)*$"
+    },
+    "givenName": {
+      "type": "string"
+    },
+    "familyName": {
+      "type": "string"
+    },
+    "groupId": {
+      "type": ["string", "null"]
+    },
+    "registrarRole": {
+      "type": ["string", "null"],
+      "enum": [
+        "clientadmin",
+        null
+      ]
+    },
+    "tokenWalletRole": {
+      "type": ["string", "null"],
+      "enum": [
+        "clientfinanceadmin",
+        "clientsystemuser",
+        null
+      ]
+    }
+  },
+  "anyOf": [
+    {
+      "type": "object",
+      "required": [
+        "registrarRole"
+      ]
+    },
+    {
+      "type": "object",
+      "required": [
+        "tokenWalletRole"
+      ]
+    }
+  ],
+  "required": [
+    "email",
+    "givenName",
+    "familyName"
+  ]
+}

package/src/controllers/users/schemas/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+module.exports = {
+  ...require('./modify-user.schema'),
+  ...require('./user.schema'),
+};

package/src/controllers/users/schemas/modify-user.schema.js ADDED Viewed

@@ -0,0 +1,17 @@
+const userBaseSchema = require('./base-user.schema.json');
+const modifyUserSchema = {
+  title: 'modify-user',
+  $id: 'https://velocitycareerlabs.io/modify-user.schema.json',
+  type: 'object',
+  description: 'modify user schema',
+  properties: {
+    ...userBaseSchema.properties,
+  },
+  required: [...userBaseSchema.required, 'groupId'],
+  additionalProperties: false,
+};
+module.exports = {
+  modifyUserSchema,
+};

package/src/controllers/users/schemas/user.schema.js ADDED Viewed

@@ -0,0 +1,20 @@
+const userBaseSchema = require('./base-user.schema.json');
+const userSchema = {
+  title: 'user',
+  $id: 'https://velocitycareerlabs.io/user.schema.json',
+  type: 'object',
+  description: 'user schema',
+  properties: {
+    ...userBaseSchema.properties,
+    id: {
+      type: 'string',
+    },
+  },
+  required: [...userBaseSchema.required, 'id'],
+  additionalProperties: false,
+};
+module.exports = {
+  userSchema,
+};

package/src/entities/groups/domain/constants.js ADDED Viewed

@@ -0,0 +1,21 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const GroupErrorMessages = {
+  ORGANIZATION_GROUP_NOT_FOUND: ({ did }) => `Organization ${did} has no group`,
+};
+module.exports = { GroupErrorMessages };

package/src/entities/groups/domain/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./constants'),
+};

package/src/entities/groups/factories/groups-factory.js ADDED Viewed

@@ -0,0 +1,48 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { register } = require('@spencejs/spence-factories');
+const { compact, uniq } = require('lodash/fp');
+const { DEFAULT_GROUP_ID } = require('@verii/tests-helpers');
+const initOrganizationFactory = require('../../organizations/factories/organizations-factory');
+const groupsRepoPlugin = require('../repo');
+module.exports = (app) =>
+  register(
+    'group',
+    groupsRepoPlugin(app)({ config: app.config }),
+    async (overrides, { getOrBuild }) => {
+      const resolvedOverrides = overrides();
+      let organization;
+      if (!resolvedOverrides.skipOrganization) {
+        organization = await getOrBuild(
+          'organization',
+          initOrganizationFactory(app)
+        );
+      }
+      const groupId = await getOrBuild('groupId', () => DEFAULT_GROUP_ID);
+      return {
+        groupId,
+        dids: uniq(compact([groupId, organization?.didDoc?.id])),
+        clientAdminIds: [],
+        ...resolvedOverrides,
+      };
+    }
+  );

package/src/entities/groups/factories/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = { ...require('./groups-factory') };

package/src/entities/groups/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./domain'),
+};

package/src/entities/groups/repo.js ADDED Viewed

@@ -0,0 +1,122 @@
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+const newError = require('http-errors');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'groups',
+      entityName: 'group',
+      defaultProjection: {
+        _id: 1,
+        groupId: 1,
+        dids: 1,
+        clientAdminIds: 1,
+        createdAt: 1,
+        updatedAt: 1,
+      },
+      extensions: [autoboxIdsExtension, findersExtension, modifiersExtensions],
+    },
+    app
+  );
+};
+const findersExtension = (parent) => ({
+  findGroupByDid: async (did) => {
+    return parent.findOne({
+      filter: {
+        dids: did,
+      },
+    });
+  },
+  findGroupByGroupId: async (groupId) => {
+    const group = await parent.findOne({
+      filter: {
+        groupId,
+      },
+    });
+    if (group == null) {
+      throw newError.NotFound(`Group ${groupId} not found`);
+    }
+    return group;
+  },
+  findGroupByUserIdAndDid: async (userId, did) => {
+    return parent.findOne({
+      filter: {
+        clientAdminIds: userId,
+        dids: did,
+      },
+    });
+  },
+  findGroupByUserId: async (userId) => {
+    return parent.findOne({
+      filter: {
+        clientAdminIds: userId,
+      },
+    });
+  },
+  extensions: parent.extensions.concat(['findersExtension']),
+});
+const modifiersExtensions = (parent) => {
+  const createGroup = async (groupId, userId) => {
+    const group = { groupId, dids: [groupId] };
+    if (userId != null) {
+      group.clientAdminIds = [userId];
+    }
+    return parent.insert(group);
+  };
+  const addDidToGroupOfUser = async (userId, did) => {
+    return parent.collection().updateOne(
+      {
+        clientAdminIds: userId,
+      },
+      {
+        $push: {
+          dids: did,
+        },
+        $set: {
+          updatedAt: new Date(),
+        },
+      }
+    );
+  };
+  const addUserToGroupClientAdmins = async (groupId, userId) => {
+    const { clientAdminIds } = await parent.findGroupByGroupId(groupId);
+    if (clientAdminIds.includes(userId)) {
+      return undefined;
+    }
+    return parent.collection().updateOne(
+      {
+        groupId,
+      },
+      {
+        $push: {
+          clientAdminIds: userId,
+        },
+        $set: {
+          updatedAt: new Date(),
+        },
+      }
+    );
+  };
+  const addNewDidOfUser = async (did, userId) => {
+    const existingGroup = await parent.findGroupByUserId(userId);
+    if (existingGroup) {
+      return addDidToGroupOfUser(userId, did);
+    }
+    return createGroup(did, userId);
+  };
+  return {
+    createGroup,
+    addNewDidOfUser,
+    addUserToGroupClientAdmins,
+    addDidToGroupOfUser,
+    extensions: parent.extensions.concat(['modifiersExtensions']),
+  };
+};

package/src/entities/images/domain/constant.js ADDED Viewed

@@ -0,0 +1,11 @@
+const ImageState = {
+  ERROR: 'error',
+  PENDING_UPLOAD: 'pending_upload',
+  UPLOAD_DONE: 'upload_done',
+  INACTIVE: 'inactive',
+  ACTIVE: 'active',
+};
+module.exports = {
+  ImageState,
+};

package/src/entities/images/domain/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+module.exports = {
+  ...require('./constant'),
+};

package/src/entities/images/extension/activate.extension.js ADDED Viewed

@@ -0,0 +1,35 @@
+const newError = require('http-errors');
+const { isEmpty } = require('lodash/fp');
+const { ImageState } = require('../domain');
+const activateExtension = (parent) => ({
+  activate: async (url) => {
+    const image = await parent.findOne({
+      filter: {
+        url,
+      },
+    });
+    if (isEmpty(image)) {
+      return;
+    }
+    if (image.state === ImageState.ACTIVE) {
+      throw newError(400, 'Image already active', {
+        errorCode: 'image_already_active',
+      });
+    }
+    const current = new Date();
+    await parent.collection().updateOne(
+      { url },
+      {
+        $set: {
+          activatedAt: current,
+          updatedAt: current,
+          state: ImageState.ACTIVE,
+        },
+      }
+    );
+  },
+  extensions: parent.extensions.concat(['activate']),
+});
+module.exports = { activateExtension };