@verii/server-credentialagent 1.0.0-pre.1752076816

package/src/entities/presentations/orchestrators/share-presentation.js

@@ -0,0 +1,234 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+const { isNil, map, reject, range } = require('lodash/fp');
+const { nanoid } = require('nanoid');
+const { verifyCredentials } = require('@verii/verifiable-credentials');
+const { decodeCredentialJwt } = require('@verii/jwt');
+const {
+  getOrganizationVerifiedProfile,
+  getCredentialTypeMetadata,
+  resolveDid,
+} = require('@verii/common-fetchers');
+const { KeyPurposes } = require('@verii/crypto');
+const { sendCredentials, sendPush } = require('../../../fetchers');
+const { ExchangeStates } = require('../../exchanges');
+const { NotificationTypes } = require('../../notifications');
+const { isIssuingDisclosure, VendorEndpoint } = require('../../disclosures');
+const {
+  buildVendorData,
+  checkPaymentRequirement,
+  mergeCredentialCheckResults,
+  validatePresentation,
+} = require('../domains');
+const {
+  shareIdentificationCredentials,
+} = require('./share-identification-credentials');
+const {
+  deduplicateDisclosureExchange,
+} = require('./deduplicate-disclosure-exchange');
+
+const sharePresentation = async (presentation, context) => {
+  const { repos, exchange } = context;
+
+  const disclosure = await repos.disclosures.findById(exchange.disclosureId, {
+    _id: 1,
+    vendorOrganizationId: 1,
+    vendorDisclosureId: 1,
+    vendorEndpoint: 1,
+    identificationMethods: 1,
+    identityMatchers: 1,
+    sendPushOnVerification: 1,
+    authTokensExpireIn: 1,
+  });
+
+  const {
+    verifiableCredential,
+    vendorOriginContext,
+    id: presentationId,
+    presentationIssuer,
+  } = await validatePresentation(presentation, disclosure, context);
+
+  await deduplicateDisclosureExchange(presentation, context);
+
+  const { checkedCredentials, vendorUser } = await doSharePresentation(
+    {
+      disclosure,
+      verifiableCredential,
+      vendorOriginContext,
+      presentationId,
+      presentationIssuer,
+    },
+    context
+  );
+
+  const user = vendorUser
+    ? await repos.vendorUserIdMappings.findOrInsertVendorUser(vendorUser)
+    : await repos.vendorUserIdMappings.addAnonymousUser();
+
+  const completionState = isIssuingDisclosure(disclosure)
+    ? ExchangeStates.IDENTIFIED
+    : ExchangeStates.COMPLETE;
+
+  const completedExchange = await repos.exchanges.addState(
+    exchange._id,
+    completionState
+  );
+
+  return {
+    checkedCredentials,
+    exchange: completedExchange,
+    user,
+    disclosure,
+  };
+};
+
+const doSharePresentation = async (
+  {
+    verifiableCredential,
+    vendorOriginContext,
+    presentationId,
+    presentationIssuer,
+    disclosure,
+  },
+  context
+) => {
+  const { exchange, tenant, repos } = context;
+  const { vendorEndpoint } = disclosure;
+
+  const vcJwts = reject(isNil, verifiableCredential);
+  const uncheckedCredentials = map(canonicalizeCredential(context), vcJwts);
+  const rawCredentials = buildRawCredentials(uncheckedCredentials, vcJwts);
+
+  if (vendorEndpoint === VendorEndpoint.RECEIVE_UNCHECKED_CREDENTIALS) {
+    await repos.exchanges.addState(
+      exchange._id,
+      ExchangeStates.DISCLOSURE_UNCHECKED
+    );
+    await sendCredentials(
+      disclosure.vendorEndpoint,
+      {
+        ...buildVendorData(disclosure, vendorOriginContext, context),
+        presentationId,
+        credentials: uncheckedCredentials,
+        rawCredentials,
+      },
+      context
+    );
+
+    return { checkedCredentials: [] };
+  }
+
+  const checkedCredentials = await verifyCredentials(
+    {
+      credentials: vcJwts,
+      expectedHolderDid: presentationIssuer,
+      relyingParty: {
+        dltOperatorKMSKeyId:
+          context.tenantKeysByPurpose[KeyPurposes.DLT_TRANSACTIONS].keyId,
+      },
+    },
+    {
+      getOrganizationVerifiedProfile,
+      getCredentialTypeMetadata,
+      resolveDid,
+    },
+    context
+  );
+
+  await repos.exchanges.addState(
+    exchange._id,
+    ExchangeStates.DISCLOSURE_CHECKED
+  );
+
+  if (isIssuingDisclosure(disclosure)) {
+    return shareIdentificationCredentials(
+      disclosure,
+      vendorOriginContext,
+      checkedCredentials,
+      context
+    );
+  }
+
+  const mergedCredentials = mergeCredentialCheckResults(checkedCredentials);
+  await sendCredentials(
+    vendorEndpoint,
+    {
+      ...buildVendorData(disclosure, vendorOriginContext, context),
+      presentationId,
+      credentials: mergedCredentials,
+      rawCredentials,
+      paymentRequired: checkPaymentRequirement(checkedCredentials),
+    },
+    context
+  );
+
+  await sendPushVerification({ tenant, disclosure, exchange }, context);
+  return { checkedCredentials: mergedCredentials };
+};
+
+const buildRawCredentials = (uncheckedCredentials, vcJwts) => {
+  const credentialSchemaUris = map('id', uncheckedCredentials);
+  return map(
+    (i) => ({ id: credentialSchemaUris[i], rawCredential: vcJwts[i] }),
+    range(0, vcJwts.length)
+  );
+};
+
+const sendPushVerification = async (
+  { disclosure, exchange, tenant },
+  context
+) => {
+  const { pushDelegate } = exchange;
+  if (
+    !disclosure.sendPushOnVerification ||
+    !pushDelegate ||
+    !pushDelegate.pushUrl ||
+    !pushDelegate.pushToken
+  ) {
+    return;
+  }
+
+  await sendPush(
+    {
+      id: nanoid(),
+      pushToken: pushDelegate.pushToken,
+      data: {
+        notificationType: NotificationTypes.PRESENTATION_VERIFIFED,
+        issuer: tenant.did,
+        exchangeId: exchange._id,
+        serviceEndpoint: pushDelegate.pushUrl,
+      },
+    },
+    pushDelegate,
+    context
+  );
+};
+
+const canonicalizeCredential =
+  ({ config }) =>
+  (vcJwt) => {
+    const decodedCredential = decodeCredentialJwt(vcJwt);
+    if (config.vendorCredentialsIncludeIssuedClaim) {
+      // eslint-disable-next-line better-mutation/no-mutation
+      decodedCredential.issued = decodedCredential.issuanceDate;
+    }
+
+    return decodedCredential;
+  };
+
+module.exports = { sharePresentation };

package/src/entities/push-delegate/get-push-delegate.js

@@ -0,0 +1,37 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { mapKeys, flow, camelCase } = require('lodash/fp');
+
+const getPushDelegate = (pushDelegate) => {
+  if (!pushDelegate) {
+    return undefined;
+  }
+
+  const result = flow(mapKeys(camelCase), (pD) => ({
+    ...pD,
+  }))(pushDelegate);
+
+  if (!result?.pushToken || !result?.pushUrl) {
+    return undefined;
+  }
+
+  return result;
+};
+
+module.exports = {
+  getPushDelegate,
+};

package/src/entities/push-delegate/index.js

@@ -0,0 +1,17 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = { ...require('./get-push-delegate') };

package/src/entities/redirect/index.js

@@ -0,0 +1,3 @@
+module.exports = {
+  ...require('./orchestrators'),
+};

package/src/entities/redirect/orchestrators/index.js

@@ -0,0 +1,3 @@
+module.exports = {
+  ...require('./load-org-info'),
+};

package/src/entities/redirect/orchestrators/load-org-info.js

@@ -0,0 +1,40 @@
+const { getOrganizationVerifiedProfile } = require('@verii/common-fetchers');
+const { isEmpty } = require('lodash/fp');
+
+const loadOrgInfo = async (did, context) => {
+  const {
+    config: { appRedirectLogoFallbackUrl, vnfDid },
+  } = context;
+
+  try {
+    const [org, vnfOrg] = await Promise.all([
+      getOrganizationVerifiedProfile(did, context),
+      getOrganizationVerifiedProfile(vnfDid, context),
+    ]);
+    if (!isEmpty(org?.credentialSubject?.logo)) {
+      return {
+        orgLogoUrl: org?.credentialSubject?.logo,
+        orgName: org?.credentialSubject?.name,
+      };
+    }
+    if (!isEmpty(vnfOrg?.credentialSubject?.logo)) {
+      return {
+        orgLogoUrl: vnfOrg?.credentialSubject?.logo,
+        orgName: vnfOrg?.credentialSubject?.name,
+      };
+    }
+    return {
+      orgLogoUrl: appRedirectLogoFallbackUrl,
+      orgName: 'no name',
+    };
+  } catch (e) {
+    return {
+      orgLogoUrl: appRedirectLogoFallbackUrl,
+      orgName: 'no name',
+    };
+  }
+};
+
+module.exports = {
+  loadOrgInfo,
+};

package/src/entities/revocation-list-allocations/index.js

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  ...require('./repos'),
+};

package/src/entities/revocation-list-allocations/repos/index.js

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  revocationListAllocationPlugin: require('./repo'),
+};

package/src/entities/revocation-list-allocations/repos/repo.js

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+const { multitenantExtension } = require('@verii/spencer-mongo-extensions');
+
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'revocationListAllocations',
+      entityName: 'revocationListAllocation',
+      defaultProjection: {
+        _id: 1,
+        currentListId: 1,
+        freeIndexes: 1,
+        createdAt: 1,
+        updatedAt: 1,
+      },
+      extensions: [autoboxIdsExtension, multitenantExtension()],
+    },
+    app
+  );
+};

package/src/entities/schemas/index.js

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  ...require('./orchestrators'),
+};

package/src/entities/schemas/orchestrators/index.js

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  ...require('./load-schema-validation'),
+};

package/src/entities/schemas/orchestrators/load-schema-validation.js

@@ -0,0 +1,73 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const newError = require('http-errors');
+const {
+  getCredentialTypeMetadata,
+  fetchJson,
+} = require('@verii/common-fetchers');
+const { isEmpty, first } = require('lodash/fp');
+
+const initLoadSchemaValidate = ({
+  addDocSchema,
+  hasDocSchema,
+  getDocValidator,
+}) => {
+  const loadCredentialTypeFromRegistrar = async (credentialType, context) => {
+    const credentialTypeMetadataList = await getCredentialTypeMetadata(
+      [credentialType],
+      context
+    );
+    if (isEmpty(credentialTypeMetadataList)) {
+      throw newError.BadRequest(
+        `${credentialType} is not a recognized credential type`
+      );
+    }
+    return first(credentialTypeMetadataList);
+  };
+
+  const loadSchemaFromRegistrar = async (schemaUrl, context) => {
+    try {
+      return await fetchJson(schemaUrl, context);
+    } catch (e) {
+      throw newError.BadGateway(`failed to resolve ${schemaUrl}`);
+    }
+  };
+  return async (credentialType, context) => {
+    const credentialTypeMetadata = await loadCredentialTypeFromRegistrar(
+      credentialType,
+      context
+    );
+
+    const schema = await loadSchemaFromRegistrar(
+      credentialTypeMetadata.schemaUrl,
+      context
+    );
+    if (schema.$id == null) {
+      throw newError.BadGateway(
+        `${credentialTypeMetadata.schemaUrl} $id field missing`
+      );
+    }
+    if (!hasDocSchema(schema.$id)) {
+      addDocSchema(schema, true);
+    }
+    return getDocValidator(schema.$id);
+  };
+};
+
+module.exports = {
+  initLoadSchemaValidate,
+};

package/src/entities/tenants/domains/build-service-ids.js

@@ -0,0 +1,27 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const buildServiceIds = ({ serviceIds, serviceId }) => {
+  if (serviceIds) {
+    return serviceIds;
+  }
+  if (serviceId) {
+    return [serviceId];
+  }
+  return undefined;
+};
+
+module.exports = { buildServiceIds };

package/src/entities/tenants/domains/extract-service.js

@@ -0,0 +1,27 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { toRelativeServiceId } = require('@verii/did-doc');
+const { flow, get, find } = require('lodash/fp');
+
+const extractService = (serviceId) => {
+  const normalizedServiceId = toRelativeServiceId(serviceId);
+  return flow(
+    get('service'),
+    find((service) => toRelativeServiceId(service.id) === normalizedServiceId)
+  );
+};
+module.exports = { extractService };

package/src/entities/tenants/domains/index.js

@@ -0,0 +1,21 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  ...require('./build-service-ids'),
+  ...require('./extract-service'),
+  ...require('./validate-service-ids'),
+};

package/src/entities/tenants/domains/validate-service-ids.js

@@ -0,0 +1,35 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const { isEmpty, find } = require('lodash/fp');
+const newError = require('http-errors');
+const { extractService } = require('./extract-service');
+
+const validateServiceIds = (doc, serviceIds) => {
+  if (!isEmpty(serviceIds)) {
+    const firstMissingServiceId = find(
+      (serviceId) => extractService(serviceId)(doc) == null,
+      serviceIds
+    );
+    if (firstMissingServiceId) {
+      throw new newError.BadRequest(
+        `ServiceId ${firstMissingServiceId} is not on did document for did: ${doc.id}`
+      );
+    }
+  }
+};
+
+module.exports = { validateServiceIds };

package/src/entities/tenants/factories/index.js

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+module.exports = {
+  ...require('./tenant-factory'),
+};