npm - @verii/server-credentialagent - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-credentialagent 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/src/entities/disclosures/domains/validate-disclosure-default-issuing.js ADDED Viewed

@@ -0,0 +1,77 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { isEmpty, includes, some } = require('lodash/fp');
+const newError = require('http-errors');
+const {
+  ConfigurationType,
+  VendorEndpointCategory,
+  IdentificationMethods,
+} = require('./constants');
+// eslint-disable-next-line complexity
+const validateDisclosureDefaultIssuing = (
+  disclosure,
+  tenant,
+  setIssuingDefault
+) => {
+  const { defaultIssuingDisclosureId } = tenant;
+  const { identificationMethods } = disclosure;
+  const isIssuingDisclosure = checkIsIssuingDisclosure(disclosure);
+  if (!isIssuingDisclosure && setIssuingDefault) {
+    throw newError(
+      400,
+      'The default disclosure cannot be of type "inspection"',
+      {
+        errorCode: 'issuing_default_not_compatible',
+      }
+    );
+  }
+  if (
+    some(
+      (identificationMethod) =>
+        identificationMethod === IdentificationMethods.PREAUTH,
+      identificationMethods
+    )
+  ) {
+    return;
+  }
+  if (
+    isIssuingDisclosure &&
+    !defaultIssuingDisclosureId &&
+    !setIssuingDefault
+  ) {
+    throw newError(
+      400,
+      'The first "issuing" configuration created must be set as the default.',
+      {
+        errorCode: 'first_issuing_configuration_must_be_default',
+      }
+    );
+  }
+};
+const checkIsIssuingDisclosure = (disclosure) => {
+  if (isEmpty(disclosure?.configurationType)) {
+    return includes(disclosure?.vendorEndpoint, VendorEndpointCategory.ISSUING);
+  }
+  return disclosure.configurationType === ConfigurationType.ISSUING;
+};
+module.exports = { validateDisclosureDefaultIssuing };

package/src/entities/disclosures/domains/validate-disclosure.js ADDED Viewed

@@ -0,0 +1,37 @@
+const { validateCommercialEntity } = require('./validate-commercial-entity');
+const {
+  validateByIdentificationMethod,
+} = require('./validate-by-identification-method');
+const {
+  validateDisclosureByConfigurationType,
+} = require('./validate-disclosure-by-configuration-type');
+const {
+  validateDisclosureDefaultIssuing,
+} = require('./validate-disclosure-default-issuing');
+const { validateVendorEndpoint } = require('./validate-vendor-endpoint');
+const { validateVendorWebhook } = require('./validate-vendor-webhook');
+const {
+  validatePresentationDefinition,
+} = require('./validate-presentation-definition');
+const { validateFeed } = require('./validate-feed');
+const validateDisclosure = (
+  disclosure,
+  verifiedProfile,
+  setIssuingDefault,
+  context
+) => {
+  const { tenant } = context;
+  validateVendorWebhook(tenant, context);
+  validateDisclosureByConfigurationType(disclosure);
+  validateDisclosureDefaultIssuing(disclosure, tenant, setIssuingDefault);
+  validateByIdentificationMethod(disclosure, setIssuingDefault);
+  validateVendorEndpoint(disclosure);
+  validateCommercialEntity(disclosure, verifiedProfile);
+  validatePresentationDefinition(disclosure);
+  validateFeed(disclosure);
+};
+module.exports = {
+  validateDisclosure,
+};

package/src/entities/disclosures/domains/validate-feed.js ADDED Viewed

@@ -0,0 +1,16 @@
+const newError = require('http-errors');
+const { DisclosureErrors } = require('./errors');
+const { ConfigurationType } = require('./constants');
+const validateFeed = (disclosure) => {
+  const { configurationType, feed } = disclosure;
+  if (configurationType === ConfigurationType.ISSUING && feed === true) {
+    throw newError(400, DisclosureErrors.ISSUING_FEED_NOT_SUPPORTED, {
+      errorCode: 'issuing_feed_not_supported',
+    });
+  }
+};
+module.exports = {
+  validateFeed,
+};

package/src/entities/disclosures/domains/validate-presentation-definition.js ADDED Viewed

@@ -0,0 +1,54 @@
+const { isEmpty, some } = require('lodash/fp');
+const newError = require('http-errors');
+const { DisclosureErrors } = require('./errors');
+const {
+  identificationMethodsIncludesPreauth,
+} = require('./validate-by-identification-method');
+const validatePresentationDefinition = (disclosure) => {
+  const { presentationDefinition, types } = disclosure;
+  validatePresentationDefinitionXorTypes(disclosure);
+  if (
+    types ||
+    identificationMethodsIncludesPreauth(disclosure.identificationMethods)
+  ) {
+    return true;
+  }
+  const {
+    submission_requirements: submissionRequirements,
+    input_descriptors: inputDescriptors,
+  } = presentationDefinition;
+  if (isEmpty(submissionRequirements)) {
+    return true;
+  }
+  if (inputDescriptorWithoutGroup(inputDescriptors)) {
+    return throwValidationError(
+      DisclosureErrors.PRESENTATION_DEFINITION_GROUP_IF_SUBMISSION_REQUIREMENTS
+    );
+  }
+  return true;
+};
+const validatePresentationDefinitionXorTypes = (disclosure) => {
+  const { presentationDefinition, types } = disclosure;
+  if (presentationDefinition && types) {
+    return throwValidationError(
+      DisclosureErrors.PRESENTATION_DEFINITION_XOR_TYPES
+    );
+  }
+  return true;
+};
+const inputDescriptorWithoutGroup = some(({ group }) => isEmpty(group));
+const throwValidationError = (reason) => {
+  throw newError(400, reason, {
+    errorCode: 'request_validation_failed',
+  });
+};
+module.exports = {
+  validatePresentationDefinition,
+};

package/src/entities/disclosures/domains/validate-vendor-endpoint.js ADDED Viewed

@@ -0,0 +1,22 @@
+const { isEmpty } = require('lodash/fp');
+const newError = require('http-errors');
+const { VendorEndpoint } = require('./constants');
+const { DisclosureErrors } = require('./errors');
+const validateVendorEndpoint = (disclosure) => {
+  const { vendorEndpoint, identityMatchers } = disclosure;
+  if (vendorEndpoint !== VendorEndpoint.INTEGRATED_ISSUING_IDENTIFICATION) {
+    return;
+  }
+  if (isEmpty(identityMatchers)) {
+    throw newError(400, DisclosureErrors.IDENTITY_MATCHERS_REQUIRED, {
+      errorCode: 'request_validation_failed',
+    });
+  }
+};
+module.exports = {
+  validateVendorEndpoint,
+};

package/src/entities/disclosures/domains/validate-vendor-webhook.js ADDED Viewed

@@ -0,0 +1,18 @@
+const { isEmpty } = require('lodash');
+const newError = require('http-errors');
+const validateVendorWebhook = (tenant, context) => {
+  const {
+    config: { vendorUrl },
+  } = context;
+  if (isEmpty(vendorUrl) && isEmpty(tenant?.webhookUrl)) {
+    throw newError(400, 'Vendor URL is required', {
+      errorCode: 'vendor_url_required',
+    });
+  }
+};
+module.exports = {
+  validateVendorWebhook,
+};

package/src/entities/disclosures/factories/disclosure-factory.js ADDED Viewed

@@ -0,0 +1,94 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { includes } = require('lodash/fp');
+const { addYears } = require('date-fns');
+const { register } = require('@spencejs/spence-factories');
+const { ObjectId } = require('mongodb');
+const { disclosureRepoPlugin } = require('../repos');
+const { initTenantFactory } = require('../../tenants');
+const {
+  VendorEndpoint,
+  VendorEndpointCategory,
+  ConfigurationType,
+  IdentificationMethods,
+} = require('../domains');
+const initDisclosureFactory = (app) => {
+  const initRepo = disclosureRepoPlugin(app);
+  return register('disclosure', async (overrides, { getOrBuild }) => {
+    const currentPlusTen = addYears(new Date(), 10);
+    const tenant = await getOrBuild('tenant', initTenantFactory(app));
+    const disclosureOverrides = overrides();
+    const vendorEndpoint =
+      disclosureOverrides?.vendorEndpoint || VendorEndpoint.RECEIVE_APPLICANT;
+    const configurationType = await getOrBuild('configurationType', () =>
+      includes(vendorEndpoint, VendorEndpointCategory.INSPECTION)
+        ? ConfigurationType.INSPECTION
+        : ConfigurationType.ISSUING
+    );
+    let types;
+    if (
+      !includes(
+        IdentificationMethods.PREAUTH,
+        disclosureOverrides.identificationMethods
+      )
+    ) {
+      types = [
+        { type: 'PastEmploymentPosition' },
+        { type: 'CurrentEmploymentPosition' },
+      ];
+    }
+    return {
+      item: {
+        description: 'Clerk',
+        ...buildTypesOrPresentationDefinition({
+          types,
+          presentationDefinition: disclosureOverrides.presentationDefinition,
+        }),
+        tenantId: new ObjectId(tenant._id),
+        vendorDisclosureId: 'HR-PKG-USPS-CLRK',
+        purpose: 'Job Application',
+        duration: '6y',
+        termsUrl: 'https://www.lipsum.com/feed/html',
+        sendPushOnVerification: false,
+        deactivationDate: currentPlusTen,
+        authTokensExpireIn: 10080,
+        ...disclosureOverrides,
+        vendorEndpoint,
+        configurationType,
+      },
+      repo: initRepo({ tenant: { ...tenant, _id: new ObjectId(tenant._id) } }),
+    };
+  });
+};
+const buildTypesOrPresentationDefinition = ({
+  types,
+  presentationDefinition,
+}) => {
+  if (!presentationDefinition) {
+    return {
+      types,
+    };
+  }
+  return {
+    presentationDefinition,
+  };
+};
+module.exports = { initDisclosureFactory };

package/src/entities/disclosures/factories/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./disclosure-factory'),
+};

package/src/entities/disclosures/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./domains'),
+  ...require('./factories'),
+  ...require('./repos'),
+  ...require('./orchestrators'),
+};

package/src/entities/disclosures/orchestrators/get-disclosure.js ADDED Viewed

@@ -0,0 +1,18 @@
+const getDisclosureId = ({ params, query, exchange }) =>
+  exchange?.disclosureId.toString() || params?.id || query?.id;
+const getDisclosure = async (ctx) => {
+  const { repos } = ctx;
+  if (ctx.disclosure) {
+    return ctx.disclosure;
+  }
+  const disclosureId = getDisclosureId(ctx);
+  const disclosure = await repos.disclosures.findOne({
+    filter: { _id: disclosureId },
+  });
+  return disclosure;
+};
+module.exports = {
+  getDisclosure,
+};

package/src/entities/disclosures/orchestrators/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./update-disclosure-configuration-type'),
+  ...require('./get-disclosure'),
+};

package/src/entities/disclosures/orchestrators/update-disclosure-configuration-type.js ADDED Viewed

@@ -0,0 +1,32 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { isEmpty } = require('lodash/fp');
+const { computeDisclosureConfigurationType } = require('../domains');
+const { getDisclosure } = require('./get-disclosure');
+const updateDisclosureConfigurationType = async (req) => {
+  const { repos } = req;
+  const disclosure = await getDisclosure(req);
+  if (isEmpty(disclosure) || disclosure.configurationType) {
+    return;
+  }
+  await repos.disclosures.update(disclosure._id, {
+    configurationType: computeDisclosureConfigurationType(disclosure),
+  });
+};
+module.exports = { updateDisclosureConfigurationType };

package/src/entities/disclosures/repos/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  disclosureRepoPlugin: require('./repo'),
+  ...require('./set-configuration-type'),
+};

package/src/entities/disclosures/repos/repo.js ADDED Viewed

@@ -0,0 +1,118 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+const { multitenantExtension } = require('@verii/spencer-mongo-extensions');
+const { ObjectId } = require('mongodb');
+const newError = require('http-errors');
+const {
+  VendorEndpoint,
+  identificationMethodsIncludesPreauth,
+} = require('../domains');
+const { setConfigurationType } = require('./set-configuration-type');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'disclosures',
+      entityName: 'disclosure',
+      defaultProjection,
+      extensions: [
+        autoboxIdsExtension,
+        multitenantExtension(),
+        disclosureExtensions,
+        setConfigurationType,
+      ],
+    },
+    app
+  );
+};
+const defaultProjection = {
+  _id: 1,
+  description: 1,
+  feed: 1,
+  types: 1,
+  presentationDefinition: 1,
+  identificationMethods: 1,
+  vendorEndpoint: 1,
+  identityMatchers: 1,
+  vendorOrganizationId: 1,
+  vendorDisclosureId: 1,
+  purpose: 1,
+  duration: 1,
+  termsUrl: 1,
+  deactivationDate: 1,
+  createdAt: 1,
+  updatedAt: 1,
+  sendPushOnVerification: 1,
+  offerMode: 1,
+  configurationType: 1,
+  commercialEntityName: 1,
+  commercialEntityLogo: 1,
+  authTokensExpireIn: 1,
+};
+const disclosureExtensions = (parent) => ({
+  findDefaultIssuingDisclosure: (opts) =>
+    parent.findOne(
+      {
+        filter: {
+          vendorEndpoint: {
+            $in: [
+              VendorEndpoint.ISSUING_IDENTIFICATION,
+              VendorEndpoint.INTEGRATED_ISSUING_IDENTIFICATION,
+            ],
+          },
+        },
+      },
+      opts
+    ),
+  updateDisclosure: async ({ id, body }) => {
+    const updateDoc = {
+      $set: { ...body, updatedAt: new Date() },
+      $unset: buildUpdateUnsetDocument(body),
+    };
+    const filter = parent.prepFilter({ _id: new ObjectId(id) });
+    const updateResult = await parent
+      .collection()
+      .findOneAndUpdate(filter, updateDoc, {
+        projection: defaultProjection,
+        returnDocument: 'after',
+        includeResultMetadata: true,
+      });
+    if (!updateResult.value) {
+      throw newError(404, `disclosure ${id} not found`, {
+        errorCode: 'disclosure_not_found',
+      });
+    }
+    return updateResult.value;
+  },
+});
+const buildUpdateUnsetDocument = (body) => {
+  if (identificationMethodsIncludesPreauth(body.identificationMethods)) {
+    return { types: '', presentationDefinition: '' };
+  }
+  if (body.presentationDefinition != null) {
+    return { types: '' };
+  }
+  return { presentationDefinition: '' };
+};

package/src/entities/disclosures/repos/set-configuration-type.js ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { isEmpty } = require('lodash/fp');
+const { computeDisclosureConfigurationType } = require('../domains');
+const setConfigurationType = (parent) => ({
+  prepModification: (val, kind) => {
+    const newValues = { ...val };
+    if (!isEmpty(val.vendorEndpoint)) {
+      newValues.configurationType =
+        computeDisclosureConfigurationType(newValues);
+    }
+    return parent.prepModification(newValues, kind);
+  },
+});
+module.exports = {
+  setConfigurationType,
+};

package/src/entities/exchanges/adapters/index.js ADDED Viewed

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = { ...require('./sign-exchange-response') };

package/src/entities/exchanges/adapters/sign-exchange-response.js ADDED Viewed

@@ -0,0 +1,45 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { KeyPurposes } = require('@verii/crypto');
+const { toDidUrl } = require('@verii/did-doc');
+const newError = require('http-errors');
+const signExchangeResponse = async (
+  exchangeResponse,
+  options = {},
+  { kms, tenant, tenantKeysByPurpose }
+) => {
+  const exchangesKey = tenantKeysByPurpose[KeyPurposes.EXCHANGES];
+  if (exchangesKey == null) {
+    throw newError(
+      500,
+      `No key matching the filter {"tenantId":"${tenant._id}","purposes":"EXCHANGES"} was found`,
+      { errorCode: 'tenant_exchanges_key_missing' }
+    );
+  }
+  return kms.signJwt(exchangeResponse, exchangesKey.keyId, {
+    jti: exchangeResponse.id,
+    issuer: tenant.did,
+    kid: toDidUrl(tenant.did, exchangesKey.kidFragment),
+    nbf: new Date(),
+    expiresIn: '1w',
+    ...options,
+  });
+};
+module.exports = { signExchangeResponse };