@verii/server-credentialagent 1.0.0-pre.1752076816

package/src/controllers/operator/tenants/_tenantId/issued-credentials/controller-v0.8.js

@@ -0,0 +1,303 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const newError = require('http-errors');
+const ethUrlParser = require('eth-url-parser');
+const { isEmpty, isNil, map, omitBy } = require('lodash/fp');
+const { nanoid } = require('nanoid/non-secure');
+const { initTransformToFinder } = require('@verii/rest-queries');
+const { tableRegistry } = require('@spencejs/spence-mongo-repos');
+const { KeyPurposes } = require('@verii/crypto');
+const { getRevocationRegistry } = require('@verii/velocity-issuing');
+const { sendPush } = require('../../../../../fetchers');
+const { issuedCredentialProjection } = require('../../../../../entities');
+
+const issuedCredentialsController = async (fastify) => {
+  const specificParams = {
+    type: 'object',
+    properties: {
+      credentialId: { type: 'string', minLength: 1 },
+      ...fastify.currentAutoSchemaPreset.params.properties,
+    },
+  };
+
+  fastify.post(
+    '/:credentialId/revoke',
+    {
+      schema: fastify.autoSchema({
+        params: specificParams,
+        body: {
+          $ref: 'https://velocitycareerlabs.io/revoke-credentials.schema.json#',
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              notifiedOfRevocationAt: {
+                type: 'string',
+                format: 'date-time',
+              },
+            },
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const {
+        params: { credentialId },
+        repos: { offers: offersRepo },
+        body,
+      } = req;
+      const offer = await offersRepo.findOne(
+        {
+          filter: {
+            did: credentialId,
+          },
+        },
+        { _id: 1, credentialStatus: 1, exchangeId: 1, did: 1, type: 1 }
+      );
+      if (!offer) {
+        throw newError.NotFound(`Credential ${credentialId} not found`);
+      }
+      if (isEmpty(offer.credentialStatus)) {
+        throw newError.BadRequest(
+          `Credential status not found for ${credentialId}`
+        );
+      }
+      if (offer.credentialStatus.revokedAt) {
+        return {};
+      }
+
+      await setRevokedOnChain(offer.credentialStatus.id, req);
+      await setRevokedTime(credentialId, req);
+      const { pushToken, pushUrl, exchange } = await getPushDelegate(
+        offer,
+        req
+      );
+      if (!pushToken || !pushUrl) {
+        return {};
+      }
+
+      await triggerPush(
+        {
+          pushToken,
+          offer,
+          ...body,
+        },
+        { ...req, exchange }
+      );
+      const [{ notifiedOfRevocationAt }] = await setNotifiedTime(
+        credentialId,
+        offer,
+        req
+      );
+      return {
+        notifiedOfRevocationAt,
+      };
+    }
+  );
+
+  fastify.get(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        query: {
+          type: 'object',
+          properties: {
+            credentialId: {
+              type: 'string',
+            },
+            vendorOfferId: {
+              type: 'string',
+            },
+            vendorUserId: {
+              type: 'string',
+            },
+            page: {
+              type: 'object',
+              properties: {
+                size: { type: 'number' },
+                skip: { type: 'number' },
+              },
+            },
+            sort: {
+              type: 'array',
+              items: {
+                type: 'array',
+                items: { type: 'string' },
+              },
+            },
+          },
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              issuedCredentials: {
+                type: 'array',
+                items: {
+                  $ref: 'https://velocitycareerlabs.io/issued-credential.schema.json#',
+                },
+              },
+            },
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const {
+        query: { page, sort, credentialId, vendorOfferId, vendorUserId },
+        repos,
+      } = req;
+      const filter = transformToFinder({
+        filter: omitBy(isNil, {
+          did: credentialId ?? { $exists: true },
+          offerId: vendorOfferId,
+          'credentialSubject.vendorUserId': vendorUserId ?? { $exists: true },
+        }),
+        page,
+        sort,
+      });
+
+      const credentials = await repos.offers.find(
+        filter,
+        issuedCredentialProjection
+      );
+
+      return {
+        issuedCredentials: map(buildIssuedCredential(req), credentials),
+      };
+    }
+  );
+
+  const setRevokedOnChain = async (credentialStatusUrl, context) => {
+    const { tenant, tenantKeysByPurpose } = context;
+
+    const {
+      parameters: { address, listId, index },
+    } = ethUrlParser.parse(credentialStatusUrl);
+
+    const purpose =
+      address.toLowerCase() === tenant.primaryAddress.toLowerCase()
+        ? KeyPurposes.DLT_TRANSACTIONS
+        : KeyPurposes.REVOCATIONS_FALLBACK;
+
+    const revocationRegistry = await getRevocationRegistry(
+      { dltOperatorKMSKeyId: tenantKeysByPurpose[purpose].keyId },
+      context
+    );
+    return revocationRegistry.setRevokedStatusSigned({
+      accountId: tenant.primaryAddress,
+      listId,
+      index,
+      caoDid: context.caoDid,
+    });
+  };
+
+  const transformToFinder = initTransformToFinder(await tableRegistry.offers());
+
+  const getPushDelegate = async (offer, context) => {
+    const { repos } = context;
+
+    const exchange = await repos.exchanges.findOne({
+      filter: {
+        finalizedOfferIds: offer._id,
+      },
+    });
+
+    return {
+      pushToken: exchange?.pushDelegate?.pushToken,
+      pushUrl: exchange?.pushDelegate?.pushUrl,
+      exchange,
+    };
+  };
+  const triggerPush = async (
+    { offer, linkedOffer, message, pushToken },
+    context
+  ) => {
+    const { tenant } = context;
+    const notificationType = linkedOffer
+      ? 'CredentialReplaced'
+      : 'CredentialRevoked';
+    return sendPush(
+      {
+        id: nanoid(),
+        pushToken,
+        message,
+        data: {
+          exchangeId: offer.exchangeId,
+          notificationType,
+          replacementCredentialType: linkedOffer?.credentialType,
+          issuer: tenant.did,
+          credentialId: offer.did,
+          credentialTypes: offer.type,
+          count: 1,
+        },
+      },
+      context.exchange.pushDelegate,
+      context
+    );
+  };
+
+  const setRevokedTime = (credentialId, { repos }) =>
+    repos.offers.updateUsingFilter(
+      {
+        filter: {
+          did: credentialId,
+        },
+      },
+      {
+        'credentialStatus.revokedAt': new Date(),
+      }
+    );
+
+  const setNotifiedTime = async (credentialId, offer, { repos }) =>
+    repos.offers.updateUsingFilter(
+      {
+        filter: {
+          did: credentialId,
+        },
+      },
+      {
+        notifiedOfRevocationAt: new Date(),
+      }
+    );
+};
+
+const buildIssuedCredential =
+  ({ config }) =>
+  (credential) => {
+    const issuedCredential = omitBy(
+      (v, k) => isNil(v) || k === 'issued',
+      credential
+    );
+    // eslint-disable-next-line better-mutation/no-mutation
+    issuedCredential.id = credential.did;
+
+    if (issuedCredential.issuanceDate == null) {
+      // eslint-disable-next-line better-mutation/no-mutation
+      issuedCredential.issuanceDate = credential.issued;
+    }
+
+    if (config.vendorCredentialsIncludeIssuedClaim) {
+      // eslint-disable-next-line better-mutation/no-mutation
+      issuedCredential.issued =
+        issuedCredential.issuanceDate ?? credential.issued;
+    }
+    return issuedCredential;
+  };
+
+module.exports = issuedCredentialsController;

package/src/controllers/operator/tenants/_tenantId/issued-credentials/schemas/index.js

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const revokeCredentialSchema = require('./revoke-credentials.schema.json');
+const issuedCredentialSchema = require('./issued-credential.schema.json');
+
+module.exports = {
+  revokeCredentialSchema,
+  issuedCredentialSchema,
+};

package/src/controllers/operator/tenants/_tenantId/issued-credentials/schemas/issued-credential.schema.json

@@ -0,0 +1,115 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://velocitycareerlabs.io/issued-credential.schema.json",
+  "type": "object",
+  "title": "issued-credential",
+  "description": "An issued credential is similar to an offer but has extra data generated by the agent",
+  "additionalProperties": false,
+  "allOf": [
+    {
+      "$ref": "https://velocitycareerlabs.io/new-vendor-offer.schema.json#"
+    },
+    {
+      "$ref": "mutable-entity#"
+    },
+    {
+      "type": "object",
+      "properties": {
+        "exchangeId": {
+          "type": "string"
+        },
+        "issuer": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "name": {
+              "type": "string",
+              "description": "The name of brand"
+            },
+            "image": {
+              "type": "string",
+              "description": "The uri to image"
+            }
+          },
+          "required": [
+            "id"
+          ]
+        }
+      }
+    },
+    {
+      "type": "object",
+      "properties": {
+        "contentHash": {
+          "type": "object",
+          "additionalProperties": false,
+          "properties": {
+            "type": {
+              "type": "string"
+            },
+            "value": {
+              "type": "string"
+            }
+          },
+          "required": ["type", "value"]
+        },
+        "credentialStatus": {
+          "type": "object",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "linkCodeCommit": {
+              "type": "string"
+            },
+            "statusListCredential": {
+              "type": "string"
+            },
+            "statusListIndex": {
+              "type": "integer"
+            },
+            "type": {
+              "type": "string"
+            }
+          },
+          "required": ["type", "id"]
+        },
+        "credentialSchema": {
+          "type": "object",
+          "description": "Contains all the claims of the credential",
+          "properties": {
+            "type": {
+              "type": "string"
+            },
+            "id": {
+              "type": "string",
+              "format": "uri"
+            }
+          },
+          "required": ["type", "id"]
+        },
+        "issued": {
+          "type": "string",
+          "format": "date-time",
+          "deprecated": true,
+          "description": "issued is deprecated for issuanceDate"
+        },
+        "issuanceDate": {
+          "type": "string",
+          "format": "date-time"
+        }
+      }
+    }
+  ],
+  "required": [
+    "type",
+    "credentialSubject",
+    "id",
+    "exchangeId",
+    "issuer",
+    "contentHash"
+  ]
+}

package/src/controllers/operator/tenants/_tenantId/issued-credentials/schemas/revoke-credentials.schema.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://velocitycareerlabs.io/revoke-credentials.schema.json",
+  "type": "object",
+  "title": "revoke credentials schema",
+  "description": "Payload schema for calling revoke credentials API",
+  "additionalProperties": false,
+  "properties": {
+    "message": { "type": "string" },
+    "linkedOffer": {
+      "type": "object",
+      "properties": {
+        "credentialType": { "type": "string" }
+      },
+      "required": ["credentialType"]
+    }
+  }
+}

package/src/controllers/operator/tenants/_tenantId/keys/controller-v0.8.js

@@ -0,0 +1,168 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { isEmpty, some, map } = require('lodash/fp');
+const newError = require('http-errors');
+const { KeyPurposes } = require('@verii/crypto');
+const { resolveDid } = require('@verii/common-fetchers');
+
+const {
+  addPrimaryAddressToTenant,
+  KeyEncodings,
+  validateDidDocKeys,
+} = require('../../../../../entities');
+
+const buildDuplicateKeyErrorString = (key, existingKey) => {
+  if (key.kidFragment === existingKey.kidFragment) {
+    return `Key with kidFragment ${key.kidFragment} already exists`;
+  }
+  return `Key with a purpose from ${JSON.stringify(
+    key.purposes
+  )} already exists`;
+};
+
+const keysController = async (fastify) => {
+  fastify.get(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        response: {
+          200: {
+            type: 'array',
+            items: {
+              $ref: 'https://velocitycareerlabs.io/tenant-key-v0.8.schema.json#',
+            },
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const { repos, tenant } = req;
+      const keys = await repos.keys.find(
+        { filter: { tenantId: tenant._id }, sort: { _id: 1 } },
+        {
+          _id: 1,
+          purposes: 1,
+          algorithm: 1,
+          encoding: 1,
+          kidFragment: 1,
+          createdAt: 1,
+        }
+      );
+      return map(
+        (key) => ({
+          ...key,
+          encoding: KeyEncodings.HEX,
+        }),
+        keys
+      );
+    }
+  );
+
+  fastify.post(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          $ref: 'https://velocitycareerlabs.io/secret-tenant-key-v0.8.schema.json#',
+        },
+        response: {
+          201: {
+            $ref: 'https://velocitycareerlabs.io/tenant-key-v0.8.schema.json#',
+          },
+          409: { $ref: 'error#' },
+        },
+      }),
+    },
+    async (req, reply) => {
+      const { body, repos, tenant, kms } = req;
+
+      const preexistingTenantKey = await repos.keys.findOne({
+        filter: {
+          tenantId: tenant._id,
+          $or: [
+            {
+              purposes: { $elemMatch: { $in: body.purposes } },
+            },
+            {
+              kidFragment: body.kidFragment,
+            },
+          ],
+        },
+      });
+
+      if (!isEmpty(preexistingTenantKey)) {
+        throw newError(
+          409,
+          buildDuplicateKeyErrorString(body, preexistingTenantKey)
+        );
+      }
+
+      const organizationDidDoc = await resolveDid(tenant.did, req);
+      const [validatedKey] = await validateDidDocKeys(organizationDidDoc, [
+        body,
+      ]);
+
+      const key = await kms.importKey({
+        ...validatedKey,
+        encoding: KeyEncodings.JWK,
+        tenantId: tenant._id,
+      });
+
+      if (
+        !tenant.primaryAddress &&
+        some((p) => p === KeyPurposes.DLT_TRANSACTIONS, key.purposes)
+      ) {
+        await addPrimaryAddressToTenant(tenant, req);
+      }
+
+      reply.code(201);
+      return { ...key, encoding: KeyEncodings.HEX };
+    }
+  );
+
+  fastify.delete(
+    '/:kidFragment',
+    {
+      schema: fastify.autoSchema({
+        params: {
+          type: 'object',
+          properties: {
+            ...fastify.currentAutoSchemaPreset.params.properties,
+            kidFragment: { type: 'string', minLength: 1 },
+          },
+        },
+        response: { 204: { type: 'null', description: 'No Content' } },
+      }),
+    },
+    async ({ params, repos, tenant }, reply) => {
+      const { kidFragment } = params;
+      const result = await repos.keys.delUsingFilter({
+        filter: { kidFragment, tenantId: tenant._id },
+      });
+
+      if (isEmpty(result)) {
+        const kid = `${tenant.did}${kidFragment}`;
+        throw newError.NotFound(`kid: ${kid} not found on tenant`);
+      }
+
+      reply.code(204);
+      return null;
+    }
+  );
+};
+
+module.exports = keysController;

package/src/controllers/operator/tenants/_tenantId/offer-data/controller-v0.8.js

@@ -0,0 +1,78 @@
+// eslint-disable-next-line import/no-extraneous-dependencies
+const { parseToCsv } = require('@verii/csv-parser');
+const { csvResponseHook } = require('@verii/fastify-plugins');
+const { toStartOfDay, toEndOfDay } = require('@verii/rest-queries');
+
+const offerDataController = async (fastify) => {
+  fastify.get(
+    '/',
+    {
+      onSend: csvResponseHook('get-offers.csv'),
+      schema: fastify.autoSchema({
+        querystring: {
+          type: 'object',
+          properties: {
+            StartDate: { type: 'string', format: 'date' },
+            EndDate: { type: 'string', format: 'date' },
+            claimed: { type: 'boolean' },
+          },
+          required: ['StartDate', 'EndDate'],
+        },
+        response: {
+          200: { content: { 'text/csv': { schema: { type: 'null' } } } },
+        },
+      }),
+    },
+    async ({ repos, query }) => {
+      const offers = await repos.offers.find(
+        {
+          filter: buildOfferFilter(query),
+          limit: Number.MAX_SAFE_INTEGER,
+          sort: { createdAt: 1 },
+        },
+        {
+          did: 1,
+          type: 1,
+          credentialSubject: 1,
+          offerId: 1,
+          consentedAt: 1,
+          createdAt: 1,
+          credentialStatus: 1,
+          issuer: 1,
+        }
+      );
+
+      if (offers.length === 0) {
+        return '';
+      }
+
+      return parseToCsv(
+        offers.map((offer) => ({
+          '1. Offer Accepted': offer.did,
+          '2. User': offer.credentialSubject?.vendorUserId,
+          '3. Offer ID': offer.offerId,
+          '4. Credential Type': offer.type[0],
+          '5. Offer Creation Date': offer.createdAt,
+          '6. Offer Claim Date': offer.consentedAt,
+          '7. Revocation Status': offer.credentialStatus?.revokedAt,
+          '8. Issuer ID': offer.issuer.id,
+        }))
+      );
+    }
+  );
+};
+
+const buildOfferFilter = (query) => {
+  const filter = {
+    createdAt: {
+      $gte: toStartOfDay(query.StartDate),
+      $lte: toEndOfDay(query.EndDate),
+    },
+  };
+  if (query.claimed === true) {
+    filter.consentedAt = { $exists: true };
+  }
+  return filter;
+};
+
+module.exports = offerDataController;