npm - @verii/server-credentialagent - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-credentialagent 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/src/entities/offers/orchestrators/create-verifiable-credentials.js ADDED Viewed

@@ -0,0 +1,131 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { toEthereumAddress } = require('@verii/blockchain-functions');
+const { mapWithIndex } = require('@verii/common-functions');
+const { KeyPurposes, calcSha384 } = require('@verii/crypto');
+const { toDidUrl } = require('@verii/did-doc');
+const { hexFromJwk, jwtDecode } = require('@verii/jwt');
+const {
+  issueVelocityVerifiableCredentials,
+  mongoAllocationListQueries,
+} = require('@verii/velocity-issuing');
+const { mongoDb } = require('@spencejs/spence-mongo-repos');
+const { first, isEmpty, map, size } = require('lodash/fp');
+const newError = require('http-errors');
+const { loadCredentialTypesMap } = require('./load-credential-types-map');
+const {
+  triggerIssuedCredentialsWebhook,
+} = require('./trigger-issued-credentials-webhook');
+const { ExchangeStates } = require('../../exchanges');
+const {
+  prepareLinkedCredentialsForHolder,
+} = require('../domains/prepare-linked-credentials-for-holder');
+const createVerifiableCredentials = async (
+  offers,
+  credentialSubjectId,
+  consentedAt,
+  context
+) => {
+  const { exchange, repos, config } = context;
+  const issuableOffers = map((offer) => {
+    const linkedCredentials = prepareLinkedCredentialsForHolder(
+      offer.linkedCredentials
+    );
+    return isEmpty(linkedCredentials) ? offer : { ...offer, linkedCredentials };
+  }, offers);
+  const jwtVcs = await doIssueVerifiableCredentials(
+    issuableOffers,
+    credentialSubjectId,
+    context
+  );
+  const updatedOffers = await Promise.all(
+    mapWithIndex(async (offer, i) => {
+      const digestSRI = `sha384-${calcSha384(jwtVcs[i])}`;
+      return repos.offers.approveOffer(
+        offer._id,
+        exchange.vendorUserId,
+        jwtDecode(jwtVcs[i]).payload.vc,
+        consentedAt,
+        digestSRI,
+        context
+      );
+    }, issuableOffers)
+  );
+  if (config.triggerOffersAcceptedWebhook && size(updatedOffers) > 0) {
+    await triggerIssuedCredentialsWebhook(updatedOffers, context);
+  }
+  return jwtVcs;
+};
+const doIssueVerifiableCredentials = async (
+  offers,
+  credentialSubjectId,
+  context
+) => {
+  const { tenant, tenantKeysByPurpose } = context;
+  const issuerServiceKey = tenantKeysByPurpose[KeyPurposes.ISSUING_METADATA];
+  const dltOperatorKey = tenantKeysByPurpose[KeyPurposes.DLT_TRANSACTIONS];
+  // Load credential types
+  const credentialTypesMap = await loadCredentialTypesMap(offers, context);
+  // eslint-disable-next-line better-mutation/no-mutation
+  context.allocationListQueries = mongoAllocationListQueries(mongoDb());
+  return issueVelocityVerifiableCredentials(
+    offers,
+    credentialSubjectId,
+    credentialTypesMap,
+    {
+      id: tenant._id,
+      did: tenant.did,
+      issuingServiceId: first(tenant.serviceIds),
+      issuingServiceKMSKeyId: issuerServiceKey.keyId,
+      issuingServiceDIDKeyId: toDidUrl(
+        tenant.did,
+        issuerServiceKey.kidFragment
+      ),
+      dltOperatorAddress:
+        dltOperatorKey.publicKey != null
+          ? toEthereumAddress(hexFromJwk(dltOperatorKey.publicKey, false))
+          : null,
+      dltOperatorKMSKeyId: dltOperatorKey.keyId,
+      dltPrimaryAddress: tenant.primaryAddress,
+    },
+    context
+  ).catch((e) => {
+    switch (e.errorCode) {
+      case 'career_issuing_not_permitted':
+      case 'identity_issuing_not_permitted':
+      case 'contact_issuing_not_permitted':
+        throw newError(502, e, {
+          exchangeErrorState: ExchangeStates.UNEXPECTED_ERROR,
+        });
+      default:
+        throw e;
+    }
+  });
+};
+module.exports = { createVerifiableCredentials };

package/src/entities/offers/orchestrators/finalize-exchange.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { concat, difference, map, toString, isEmpty } = require('lodash/fp');
+const { ExchangeStates } = require('../../exchanges');
+const finalizeExchange = async (exchange, newFinalizedOfferIds, context) => {
+  const { repos } = context;
+  const finalizedOfferIds = concat(
+    exchange.finalizedOfferIds ?? [],
+    newFinalizedOfferIds
+  );
+  const remainingOfferIds = difference(
+    map(toString, exchange.offerIds),
+    map(toString, finalizedOfferIds)
+  );
+  if (
+    isEmpty(remainingOfferIds) ||
+    isEmpty(await repos.offers.findUnexpiredOffersById(remainingOfferIds))
+  ) {
+    return repos.exchanges.addState(exchange._id, ExchangeStates.COMPLETE, {
+      finalizedOfferIds,
+    });
+  }
+  return repos.exchanges.update(exchange._id, { finalizedOfferIds });
+};
+module.exports = { finalizeExchange };

package/src/entities/offers/orchestrators/index.js ADDED Viewed

@@ -0,0 +1,23 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./create-verifiable-credentials'),
+  ...require('./trigger-issued-credentials-webhook'),
+  ...require('./finalize-exchange'),
+  ...require('./prepare-offers'),
+  ...require('./load-credential-refs'),
+};

package/src/entities/offers/orchestrators/load-credential-refs.js ADDED Viewed

@@ -0,0 +1,57 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { keyBy, flow, flatMapDeep, compact, map, uniq } = require('lodash/fp');
+const loadCredentialRefs = async (offers, context) => {
+  const { repos } = context;
+  const identifiers = flow(
+    flatMapDeep(({ relatedResource, replaces, linkedCredentials } = {}) => [
+      relatedResource,
+      replaces,
+      map(
+        ({ linkedCredentialId }) => ({ id: linkedCredentialId }),
+        linkedCredentials
+      ),
+    ]),
+    map('id'),
+    compact,
+    uniq
+  )(offers);
+  const dbOffers = await repos.offers.find(
+    {
+      filter: {
+        did: { $in: identifiers },
+      },
+    },
+    {
+      did: 1,
+      type: 1,
+      offerId: 1,
+      digestSRI: 1,
+      linkCode: 1,
+      credentialStatus: 1,
+    }
+  );
+  return keyBy('did', dbOffers);
+};
+module.exports = {
+  loadCredentialRefs,
+};

package/src/entities/offers/orchestrators/load-credential-types-map.js ADDED Viewed

@@ -0,0 +1,44 @@
+/*
+ * Copyright 2024 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { getCredentialTypeMetadata } = require('@verii/common-fetchers');
+const { flow, keyBy, map, uniq } = require('lodash/fp');
+const { extractCredentialType } = require('@verii/vc-checks');
+/** @import { VelocityOffer, Context, CredentialTypeMetadata } from "@verii/velocity-issuing" */
+/**
+ * Gets credential metadata from the Velocity Network registrar
+ * @param {VelocityOffer[]} offers The offers that need metadata
+ * @param {Context} context the context
+ * @returns {Promise<{[Name: string]: CredentialTypeMetadata}>} the map of types to metadata
+ */
+const loadCredentialTypesMap = async (offers, context) => {
+  const offerCredentialTypes = flow(
+    map((offer) => extractCredentialType(offer)),
+    uniq
+  )(offers);
+  const credentialTypeMetadataList = await getCredentialTypeMetadata(
+    offerCredentialTypes,
+    context
+  );
+  return keyBy('credentialType', credentialTypeMetadataList);
+};
+module.exports = {
+  loadCredentialTypesMap,
+};

package/src/entities/offers/orchestrators/prepare-offers.js ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { isEmpty, map } = require('lodash/fp');
+const { buildOffer } = require('../domains');
+const { loadCredentialRefs } = require('./load-credential-refs');
+const prepareOffers = async (offers, context) => {
+  if (isEmpty(offers)) {
+    return [];
+  }
+  const credentialRefsMap = await loadCredentialRefs(offers, context);
+  return Promise.all(
+    map((offer) => buildOffer(offer, credentialRefsMap, context), offers)
+  );
+};
+module.exports = {
+  prepareOffers,
+};

package/src/entities/offers/orchestrators/trigger-issued-credentials-webhook.js ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { map, pick, omit } = require('lodash/fp');
+const { issuedCredentialsNotificationCallback } = require('../../../fetchers');
+const triggerIssuedCredentialsWebhook = async (approvedOffers, context) => {
+  const { exchange, log, tenant, sendError } = context;
+  try {
+    await issuedCredentialsNotificationCallback(
+      {
+        issuedCredentials: map(buildIssuedCredential(context), approvedOffers),
+        vendorOrganizationId: tenant.vendorOrganizationId,
+        tenantDID: tenant.did,
+        tenantId: tenant._id,
+        exchangeId: exchange._id,
+      },
+      context
+    );
+  } catch (err) {
+    const message = 'callback call failed with an error';
+    const messageContext = {
+      offers: approvedOffers,
+      exchangeId: exchange._id,
+      err,
+    };
+    log.error(messageContext, message);
+    sendError(err, { ...messageContext, message });
+  }
+};
+const buildIssuedCredential =
+  ({ config }) =>
+  (credential) => {
+    const issuedCredential = omit(['did', 'credentialSubject'], credential);
+    // eslint-disable-next-line better-mutation/no-mutation
+    issuedCredential.id = credential.did;
+    // eslint-disable-next-line better-mutation/no-mutation
+    issuedCredential.credentialSubject = pick(
+      'vendorUserId',
+      credential.credentialSubject
+    );
+    if (config.vendorCredentialsIncludeIssuedClaim) {
+      // eslint-disable-next-line better-mutation/no-mutation
+      issuedCredential.issued = issuedCredential.issuanceDate;
+    }
+    return issuedCredential;
+  };
+module.exports = { triggerIssuedCredentialsWebhook };

package/src/entities/offers/repos/clean-pii-extension.js ADDED Viewed

@@ -0,0 +1,85 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { map, isEmpty } = require('lodash/fp');
+const cleanPiiExtension = (parent, context) => ({
+  cleanPii: async (filter) => {
+    let aggregation = [
+      {
+        $match: {
+          ...filter,
+          'issuer.id': context.tenant.did,
+        },
+      },
+    ];
+    if (filter?.disclosureId) {
+      aggregation = [
+        {
+          $lookup: {
+            from: 'exchanges',
+            localField: 'exchangeId',
+            foreignField: '_id',
+            as: 'exchangeOutput',
+          },
+        },
+        {
+          $addFields: {
+            exchange: { $arrayElemAt: ['$exchangeOutput', 0] },
+          },
+        },
+        {
+          $addFields: {
+            disclosureId: '$exchange.disclosureId',
+          },
+        },
+        {
+          $project: {
+            exchangeOutput: 0,
+            exchange: 0,
+          },
+        },
+        ...aggregation,
+      ];
+    }
+    const offers = await parent.collection().aggregate(aggregation).toArray();
+    if (isEmpty(offers)) {
+      return 0;
+    }
+    const updateQueries = map(
+      (offer) => ({
+        updateOne: {
+          filter: { _id: offer._id },
+          update: {
+            $set: {
+              credentialSubject: {
+                vendorUserId: offer.credentialSubject.vendorUserId,
+              },
+            },
+          },
+        },
+      }),
+      offers
+    );
+    await parent.collection().bulkWrite(updateQueries);
+    return offers.length;
+  },
+  extensions: parent.extensions.concat(['cleanPiiExtension']),
+});
+module.exports = { cleanPiiExtension };

package/src/entities/offers/repos/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  offerRepoPlugin: require('./repo'),
+  ...require('./issued-credential-projection'),
+};

package/src/entities/offers/repos/issued-credential-projection.js ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const issuedCredentialProjection = {
+  _id: 1,
+  '@context': 1,
+  did: 1,
+  exchangeId: 1,
+  issuer: 1,
+  issued: 1,
+  name: 1,
+  type: 1,
+  offerId: 1,
+  credentialSubject: 1,
+  credentialSchema: 1,
+  credentialStatus: 1,
+  contentHash: 1,
+  linkCode: 1,
+  replaces: 1,
+  relatedResource: 1,
+  linkCodeCommitment: 1,
+  linkedCredentials: 1,
+  validFrom: 1,
+  validUntil: 1,
+  issuanceDate: 1,
+  consentedAt: 1,
+  createdAt: 1,
+  updatedAt: 1,
+};
+module.exports = { issuedCredentialProjection };