npm - @verii/server-credentialagent - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-credentialagent 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/controller-v0.8.js ADDED Viewed

@@ -0,0 +1,110 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { first } = require('lodash/fp');
+const newError = require('http-errors');
+const { nanoid } = require('nanoid');
+const {
+  CredentialFormat,
+  ExchangeProtocols,
+  ExchangeTypes,
+  ExchangeStates,
+  createVerifiableCredentials,
+  finalizeExchange,
+  initValidateOffer,
+  prepareOffers,
+} = require('../../../../../../entities');
+const credentialsController = async (fastify) => {
+  const validateOffer = initValidateOffer(fastify);
+  if (fastify.config.vcApiEnabled !== true) {
+    return;
+  }
+  fastify.post(
+    '/issue',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          $ref: 'https://velocitynetwork.foundation/vc-api/IssueCredentialRequest.schema.json#',
+        },
+        response: {
+          201: {
+            $ref: 'https://velocitynetwork.foundation/vc-api/IssueCredentialResponse.schema.json#',
+          },
+        },
+      }),
+    },
+    async (req, reply) => {
+      const {
+        body: { credential: offer, options },
+        repos,
+      } = req;
+      // temporary validation until JSON-LD is supported natively
+      if (options?.format !== CredentialFormat.JWT_VC) {
+        throw newError.BadRequest(
+          `options.format must be ${CredentialFormat.JWT_VC}`
+        );
+      }
+      const exchange = await repos.exchanges.insertWithInitialState({
+        type: ExchangeTypes.ISSUING,
+        protocolMetadata: {
+          protocol: ExchangeProtocols.W3C_VC_API,
+        },
+        createdBy: req.user.user,
+      });
+      // add "exchange" prop onto "req" so that all functions that assume exchange is on the context work without modification
+      // eslint-disable-next-line better-mutation/no-mutation
+      req.exchange = exchange;
+      const [preparedOffer] = await prepareOffers(
+        [{ ...offer, offerId: nanoid() }],
+        req
+      );
+      const validatedOffer = await validateOffer(
+        preparedOffer,
+        false,
+        true,
+        req
+      );
+      const dbOffer = await repos.offers.insert(validatedOffer);
+      await repos.exchanges.addState(
+        exchange._id,
+        ExchangeStates.CLAIMING_IN_PROGRESS
+      );
+      const vcJwts = await createVerifiableCredentials(
+        [dbOffer],
+        offer.credentialSubject.id,
+        options.consented != null ? new Date(options.consented) : new Date(),
+        req
+      );
+      await finalizeExchange(exchange, [dbOffer._id], req);
+      // eslint-disable-next-line better-mutation/no-mutation
+      reply.statusCode = 201;
+      return { verifiableCredential: first(vcJwts) };
+    }
+  );
+};
+module.exports = credentialsController;

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/Credential.schema.js ADDED Viewed

@@ -0,0 +1,18 @@
+const { w3cVcSchema } = require('@verii/common-schemas');
+const CredentialSchema = {
+  $id: 'https://velocitynetwork.foundation/vc-api/Credential.schema.json',
+  type: 'object',
+  description: 'A JSON-LD Verifiable Credential without a proof.',
+  additionalProperties: false,
+  properties: {
+    ...w3cVcSchema.properties,
+    id: {
+      type: 'string',
+      description: 'The ID of the credential.',
+    },
+  },
+  required: ['@context', ...w3cVcSchema.required],
+};
+module.exports = CredentialSchema;

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/IssueCredentialOptions.schema.json ADDED Viewed

@@ -0,0 +1,42 @@
+{
+  "$id": "https://velocitynetwork.foundation/vc-api/IssueCredentialOptions.schema.json",
+  "type": "object",
+  "additionalProperties": false,
+  "description": "Options for specifying how the LinkedDataProof is created.",
+  "properties": {
+    "created": {
+      "type": "string",
+      "description": "The date and time of the proof (with a maximum accuracy in seconds). Default current system time."
+    },
+    "consented": {
+      "type": "string",
+      "description": "When was consent given to receive the credential. Default current system time."
+    },
+    "challenge": {
+      "type": "string",
+      "description": "A challenge provided by the requesting party of the proof. For example 6e62f66e-67de-11eb-b490-ef3eeefa55f2"
+    },
+    "domain": {
+      "type": "string",
+      "description": "The intended domain of validity for the proof. For example website.example"
+    },
+    "format": {
+      "type": "string",
+      "description": "Request a particular credential format that the server supports",
+      "enum": [
+        "jsonld-vc",
+        "jwt-vc"
+      ]
+    },
+    "credentialStatus": {
+      "type": "object",
+      "description": "The method of credential status to issue the credential including. If omitted credential status will be included.",
+      "properties": {
+        "type": {
+          "type": "string",
+          "description": "The type of credential status to issue the credential with"
+        }
+      }
+    }
+  }
+}

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/IssueCredentialRequest.schema.json ADDED Viewed

@@ -0,0 +1,13 @@
+{
+  "$id": "https://velocitynetwork.foundation/vc-api/IssueCredentialRequest.schema.json",
+  "type": "object",
+  "properties": {
+    "credential": {
+      "$ref": "https://velocitynetwork.foundation/vc-api/Credential.schema.json#"
+    },
+    "options": {
+      "$ref": "https://velocitynetwork.foundation/vc-api/IssueCredentialOptions.schema.json#"
+    }
+  },
+  "required": ["credential"]
+}

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/IssueCredentialResponse.schema.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "$id": "https://velocitynetwork.foundation/vc-api/IssueCredentialResponse.schema.json",
+  "type": "object",
+  "properties": {
+    "verifiableCredential": {
+      "oneOf": [
+        {
+          "$ref": "https://velocitynetwork.foundation/vc-api/VerifiableCredential.schema.json#"
+        },
+        {
+          "type": "string",
+          "description": "string containing a jwt-vc encoded VerifiableCredential"
+        }
+      ],
+      "description": "either a JWT-VC as a string or a JSON-LD encoded VerifiableCredential"
+    }
+  },
+  "required": ["verifiableCredential"]
+}

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/LinkedDataProof.schema.json ADDED Viewed

@@ -0,0 +1,43 @@
+{
+  "$id": "https://velocitynetwork.foundation/vc-api/LinkedDataProof.schema.json",
+  "type": "object",
+  "description": "A JSON-LD Linked Data proof.",
+  "properties": {
+    "type": {
+      "type": "string",
+      "description": "Linked Data Signature Suite used to produce proof."
+    },
+    "created": {
+      "type": "string",
+      "description": "Date the proof was created."
+    },
+    "challenge": {
+      "type": "string",
+      "description": "A value chosen by the verifier to mitigate authentication proof replay attacks."
+    },
+    "domain": {
+      "type": "string",
+      "description": "The domain of the proof to restrict its use to a particular target."
+    },
+    "nonce": {
+      "type": "string",
+      "description": "A value chosen by the creator of a proof to randomize proof values for privacy purposes."
+    },
+    "verificationMethod": {
+      "type": "string",
+      "description": "Verification Method used to verify proof."
+    },
+    "proofPurpose": {
+      "type": "string",
+      "description": "The purpose of the proof to be used with verificationMethod."
+    },
+    "jws": {
+      "type": "string",
+      "description": "Detached JSON Web Signature."
+    },
+    "proofValue": {
+      "type": "string",
+      "description": "Value of the Linked Data proof."
+    }
+  }
+}

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/VerifiableCredential.schema.js ADDED Viewed

@@ -0,0 +1,16 @@
+const CredentialSchema = require('./Credential.schema');
+const VerifiableCredentialSchema = {
+  $id: 'https://velocitynetwork.foundation/vc-api/VerifiableCredential.schema.json',
+  type: 'object',
+  description: 'A JSON-LD Verifiable Credential with a proof.',
+  properties: {
+    ...CredentialSchema.properties,
+    proof: {
+      $ref: 'https://velocitynetwork.foundation/vc-api/LinkedDataProof.schema.json#',
+    },
+  },
+  required: [...CredentialSchema.required],
+};
+module.exports = VerifiableCredentialSchema;

package/src/controllers/operator/tenants/_tenantId/vc-api/credentials/schemas/index.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const CredentialSchema = require('./Credential.schema');
+const IssueCredentialOptionsSchema = require('./IssueCredentialOptions.schema.json');
+const IssueCredentialRequestSchema = require('./IssueCredentialRequest.schema.json');
+const IssueCredentialResponseSchema = require('./IssueCredentialResponse.schema.json');
+const LinkedDataProofSchema = require('./LinkedDataProof.schema.json');
+const VerifiableCredentialSchema = require('./VerifiableCredential.schema');
+module.exports = {
+  CredentialSchema,
+  IssueCredentialOptionsSchema,
+  IssueCredentialRequestSchema,
+  IssueCredentialResponseSchema,
+  LinkedDataProofSchema,
+  VerifiableCredentialSchema,
+};

package/src/controllers/operator/tenants/autohooks.js ADDED Viewed

@@ -0,0 +1,65 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { vendorRoutesAuthPlugin } = require('../../../plugins');
+const {
+  secretKeySchema,
+  secretKeyMetadataSchema,
+  secretNewTenantSchema,
+  secretKidSchema,
+  modifySecretSchema,
+  modifyTenantSchema,
+  newTenantSchema,
+  newTenantResponse200Schema,
+  tenantSchema,
+  tenantKeySchema,
+  secretTenantKeySchema,
+} = require('./schemas');
+const { kmsPlugin } = require('../../../plugins/kms-plugin');
+module.exports = async (fastify) => {
+  fastify
+    .register(vendorRoutesAuthPlugin)
+    .register(kmsPlugin)
+    .decorateRequest('registrarFetch', null)
+    .decorateRequest('fetch', null)
+    .decorateRequest('vendorFetch', null)
+    .decorateRequest('libFetch', null)
+    .addHook('preValidation', async (req) => {
+      req.registrarFetch = fastify.baseRegistrarFetch(req);
+    })
+    .addHook('preValidation', async (req) => {
+      req.fetch = fastify.baseFetch(req);
+    })
+    .addHook('preValidation', async (req) => {
+      req.vendorFetch = fastify.baseVendorFetch(req);
+    })
+    .addHook('preValidation', async (req) => {
+      req.libFetch = fastify.baseLibFetch(req);
+    })
+    .addSchema(secretKeySchema)
+    .addSchema(secretKeyMetadataSchema)
+    .addSchema(secretKidSchema)
+    .addSchema(modifySecretSchema)
+    .addSchema(modifyTenantSchema)
+    .addSchema(newTenantSchema)
+    .addSchema(newTenantResponse200Schema)
+    .addSchema(secretNewTenantSchema)
+    .addSchema(tenantSchema)
+    .addSchema(tenantKeySchema)
+    .addSchema(secretTenantKeySchema)
+    .autoSchemaPreset({ tags: ['tenants'], security: [{ bearerAuth: [] }] });
+};

package/src/controllers/operator/tenants/controller-v0.8.js ADDED Viewed

@@ -0,0 +1,167 @@
+/**
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { isEmpty, map, uniq, reduce } = require('lodash/fp');
+const newError = require('http-errors');
+const {
+  hasDuplicatePurposes,
+  KeyErrorMessages,
+  buildServiceIds,
+  refreshTenantDids,
+  validateGroupByUser,
+} = require('../../../entities');
+const { createTenant } = require('../../../entities/tenants');
+const areKidFragmentsUnique = (keys) => {
+  const kidFragments = reduce(
+    (arr, key) => {
+      return [...arr, key.kidFragment];
+    },
+    [],
+    keys
+  );
+  return uniq(kidFragments).length === kidFragments.length;
+};
+const validateAllPurposes = (keys) => {
+  const allPurposes = reduce(
+    (arr, key) => {
+      return [...arr, ...key.purposes];
+    },
+    [],
+    keys
+  );
+  if (hasDuplicatePurposes(allPurposes)) {
+    throw newError(400, KeyErrorMessages.DUPLICATE_PURPOSE_DETECTED);
+  }
+};
+const validateUniqueKidFragments = (keys) => {
+  if (!areKidFragmentsUnique(keys)) {
+    throw newError(400, 'Duplicate kid fragments purposes detected');
+  }
+};
+const tenantController = async (fastify) => {
+  fastify.post(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          $ref: 'https://velocitycareerlabs.io/secret-new-tenant-v0.8.schema.json#',
+        },
+        response: {
+          201: {
+            $ref: 'https://velocitycareerlabs.io/new-tenant.response.200.schema.json#',
+          },
+          404: { $ref: 'error#' },
+        },
+      }),
+    },
+    async (req, reply) => {
+      const { did, serviceIds, webhookUrl, keys, webhookAuth } = req.body;
+      await validateGroupByUser(req);
+      validateAllPurposes(keys);
+      validateUniqueKidFragments(keys);
+      const insertedTenant = await createTenant(
+        {
+          did,
+          serviceIds,
+          webhookUrl,
+          keys,
+          webhookAuth,
+        },
+        req
+      );
+      const { createdAt, _id } = insertedTenant;
+      reply.code(201);
+      return { createdAt, id: _id };
+    }
+  );
+  fastify.get(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        response: {
+          200: {
+            type: 'array',
+            items: {
+              $ref: 'https://velocitycareerlabs.io/tenant-v0.8.schema.json',
+            },
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const filter = await buildFilterByGroup(req);
+      const tenants = await req.repos.tenants.find({ filter });
+      return map(
+        (tenant) => ({ ...tenant, serviceIds: buildServiceIds(tenant) }),
+        tenants
+      );
+    }
+  );
+  fastify.post(
+    '/refresh',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          oneOf: [
+            {
+              type: 'object',
+              properties: {
+                all: { type: 'boolean', enum: [true] },
+              },
+              required: ['all'],
+            },
+            {
+              type: 'object',
+              properties: {
+                did: { type: 'string' },
+              },
+              required: ['did'],
+            },
+          ],
+        },
+        response: {
+          204: { type: 'null' },
+        },
+      }),
+    },
+    async (req) => {
+      await refreshTenantDids(req.body, req);
+      return {};
+    }
+  );
+};
+const buildFilterByGroup = async (context) => {
+  const { repos, user } = context;
+  if (isEmpty(user.groupId)) {
+    return {};
+  }
+  const group = await repos.groups.findById(user.groupId);
+  return { did: { $in: group.dids } };
+};
+module.exports = tenantController;

package/src/controllers/operator/tenants/schemas/index.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const modifySecretSchema = require('./modify-secret.schema.json');
+const secretKeySchema = require('./secret-key.schema.json');
+const secretKeyMetadataSchema = require('./secret-key-metadata.schema.json');
+const secretKidSchema = require('./secret-kid.schema.json');
+const newTenantSchema = require('./new-tenant-v0.8.schema.json');
+const newTenantResponse200Schema = require('./new-tenant.response.200.schema.json');
+const modifyTenantSchema = require('./modify-tenant-v0.8.schema.json');
+const secretNewTenantSchema = require('./secret-new-tenant-v0.8.schema.json');
+const tenantSchema = require('./tenant-v0.8.schema.json');
+const tenantKeySchema = require('./tenant-key-v0.8.schema.json');
+const secretTenantKeySchema = require('./secret-tenant-key-v0.8.schema.json');
+module.exports = {
+  modifySecretSchema,
+  secretKeySchema,
+  secretKeyMetadataSchema,
+  secretKidSchema,
+  newTenantSchema,
+  newTenantResponse200Schema,
+  modifyTenantSchema,
+  secretNewTenantSchema,
+  tenantSchema,
+  tenantKeySchema,
+  secretTenantKeySchema,
+};

package/src/controllers/operator/tenants/schemas/modify-secret.schema.json ADDED Viewed

@@ -0,0 +1,11 @@
+{
+  "title": "modify-secret",
+  "$id": "https://velocitycareerlabs.io/modify-secret.schema.json",
+  "type": "object",
+  "description": "sets a secret for the tenant",
+  "allOf": [
+    {"$ref":  "https://velocitycareerlabs.io/secret-key.schema.json#"},
+    {"$ref":  "https://velocitycareerlabs.io/secret-kid.schema.json#"}
+  ],
+  "required": ["key", "kid"]
+}

package/src/controllers/operator/tenants/schemas/modify-tenant-v0.8.schema.json ADDED Viewed

@@ -0,0 +1,44 @@
+{
+  "title": "modify-tenant",
+  "$id": "https://velocitycareerlabs.io/modify-tenant-v0.8.schema.json",
+  "type": "object",
+  "description": "",
+  "properties": {
+    "serviceIds": {
+      "type": "array",
+      "description": "id's of the service",
+      "items": {
+        "oneOf": [
+          {
+            "type": "string",
+            "pattern": "^did:[a-z0-9]+:[A-Za-z0-9._:?=&%;-]+#[A-Za-z0-9._:?=&%;-]+$"
+          },
+          {
+            "type": "string",
+            "pattern": "^#[A-Za-z0-9._:?=&%;-]+$"
+          }
+        ]
+      },
+      "minItems": 1
+    },
+    "webhookUrl": {
+      "type": "string",
+      "format": "uri"
+    },
+    "webhookAuth": {
+      "type": "object",
+      "properties": {
+        "type": {
+          "type": "string",
+          "enum": ["bearer"]
+        },
+        "bearerToken": {
+          "type": "string"
+        }
+      }
+    }
+  },
+  "required": [
+    "serviceIds"
+  ]
+}

package/src/controllers/operator/tenants/schemas/new-tenant-v0.8.schema.json ADDED Viewed

@@ -0,0 +1,19 @@
+{
+  "title": "new-tenant",
+  "$id": "https://velocitycareerlabs.io/new-tenant-v0.8.schema.json",
+  "type": "object",
+  "description": "",
+  "allOf": [
+    { "$ref": "https://velocitycareerlabs.io/modify-tenant-v0.8.schema.json#"},
+    {
+      "type": "object",
+      "properties": {
+        "did": {
+          "type": "string",
+          "pattern": "^did:[a-z0-9]+:[A-Za-z0-9._:?=&%;-]+$"
+        }
+      }
+    }
+  ],
+  "required": ["did"]
+}

package/src/controllers/operator/tenants/schemas/new-tenant.response.200.schema.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "title": "new-tenant",
+  "$id": "https://velocitycareerlabs.io/new-tenant.response.200.schema.json",
+  "type": "object",
+  "description": "",
+  "$ref": "immutable-entity#"
+}