npm - @verii/server-credentialagent - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-credentialagent 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/src/entities/tenants/factories/tenant-factory.js ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { register } = require('@spencejs/spence-factories');
+const { tenantRepoPlugin } = require('../repos');
+const initTenantFactory = (app) =>
+  register(
+    'tenant',
+    tenantRepoPlugin(app)({ config: app.config }),
+    (overrides) => {
+      const didSuffix = Array(40)
+        .fill(0)
+        .map(() => Math.random().toString(36).charAt(2))
+        .join('');
+      return {
+        did: `did:velocity:${didSuffix}`,
+        primaryAddress: `0x${didSuffix}`,
+        ...overrides(),
+      };
+    }
+  );
+module.exports = { initTenantFactory };

package/src/entities/tenants/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./factories'),
+  ...require('./repos'),
+  ...require('./domains'),
+  ...require('./orchestrators'),
+};

package/src/entities/tenants/orchestrators/add-primary-address-to-tenant.js ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { initPermissions } = require('@verii/contract-permissions');
+const { KeyPurposes, decrypt } = require('@verii/crypto');
+const { toEthereumAddress } = require('@verii/blockchain-functions');
+const { hexFromJwk } = require('@verii/jwt');
+const addPrimaryAddressToTenant = async ({ _id }, context) => {
+  const { repos, config, rpcProvider } = context;
+  const { permissionsContractAddress: contractAddress } = config;
+  const filter = {
+    tenantId: _id,
+    purposes: KeyPurposes.DLT_TRANSACTIONS,
+  };
+  const keyDatum = await repos.keys.collection().findOne(filter);
+  const stringifiedKey = decrypt(keyDatum.key, context.config.mongoSecret);
+  const privateKey = hexFromJwk(JSON.parse(stringifiedKey));
+  const publicAddress = toEthereumAddress(privateKey);
+  const permissionContract = await initPermissions(
+    {
+      privateKey,
+      contractAddress,
+      rpcProvider,
+    },
+    context
+  );
+  const primaryAddress = await permissionContract.lookupPrimary(publicAddress);
+  await repos.tenants.update(_id, {
+    primaryAddress,
+  });
+};
+module.exports = { addPrimaryAddressToTenant };

package/src/entities/tenants/orchestrators/create-tenant.js ADDED Viewed

@@ -0,0 +1,91 @@
+/**
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { resolveDid } = require('@verii/common-fetchers');
+const { getDidAndAliases } = require('@verii/did-doc');
+const { isEmpty, map, omit, some, includes } = require('lodash/fp');
+const newError = require('http-errors');
+const { KeyEncodings, KeyPurposes } = require('@verii/crypto');
+const { validateServiceIds } = require('../domains');
+const { validateDidDocKeys } = require('../../keys/orchestrators');
+const {
+  addPrimaryAddressToTenant,
+} = require('./add-primary-address-to-tenant');
+const createTenant = async (
+  { did, serviceIds, webhookUrl, keys, webhookAuth },
+  context
+) => {
+  const organizationDidDoc = await getOrganizationDidDoc(did, context);
+  validateServiceIds(organizationDidDoc, serviceIds);
+  const validatedKeys = await validateDidDocKeys(organizationDidDoc, keys);
+  const dids = getDidAndAliases(organizationDidDoc);
+  const insertedTenant = await context.repos.tenants.insertTenant({
+    did: organizationDidDoc.id,
+    dids,
+    serviceIds,
+    webhookUrl,
+    webhookAuth,
+  });
+  const { _id } = insertedTenant;
+  if (!isEmpty(validatedKeys)) {
+    await Promise.all(
+      map(
+        (keyDatum) =>
+          context.kms.importKey({
+            ...keyDatum,
+            publicKey: keyDatum.publicKey ?? omit(['d'], keyDatum.key),
+            encoding: KeyEncodings.JWK,
+            tenantId: _id,
+          }),
+        validatedKeys
+      )
+    );
+    await tryingToInsertPrimaryAddress(insertedTenant, validatedKeys, context);
+  }
+  return insertedTenant;
+};
+const tryingToInsertPrimaryAddress = async (tenant, insertedKeys, context) => {
+  const dltExist = some(
+    ({ purposes }) => includes(KeyPurposes.DLT_TRANSACTIONS, purposes),
+    insertedKeys
+  );
+  if (dltExist) {
+    await addPrimaryAddressToTenant(tenant, context);
+  }
+};
+const getOrganizationDidDoc = async (did, context) => {
+  const notFoundError = () =>
+    newError(404, 'DID not found on the Velocity network registrar.', {
+      errorCode: 'did_not_found',
+    });
+  try {
+    const organizationDidDoc = await resolveDid(did, context);
+    if (isEmpty(organizationDidDoc)) {
+      throw notFoundError();
+    }
+    return organizationDidDoc;
+  } catch {
+    throw notFoundError();
+  }
+};
+module.exports = { createTenant };

package/src/entities/tenants/orchestrators/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./add-primary-address-to-tenant'),
+  ...require('./create-tenant'),
+  ...require('./refresh-tenant-dids'),
+  ...require('./set-tenant-default-issuing-disclosure'),
+};

package/src/entities/tenants/orchestrators/refresh-tenant-dids.js ADDED Viewed

@@ -0,0 +1,146 @@
+/**
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { resolveDid } = require('@verii/common-fetchers');
+const { leafMap } = require('@verii/common-functions');
+const {
+  getDidAndAliases,
+  isDidUrlWithFragment,
+  toDidUrl,
+} = require('@verii/did-doc');
+const { find, startsWith, omitBy, isNil, isEmpty, map } = require('lodash/fp');
+const { ObjectId } = require('mongodb');
+const newError = require('http-errors');
+const { splitDidUrlWithFragment } = require('@verii/did-doc/src/did-parsing');
+const refreshTenantDids = async ({ all, did }, context) => {
+  const { repos, log } = context;
+  const filter = all ? {} : { did };
+  const tenants = await repos.tenants.find({ filter });
+  if (isEmpty(tenants)) {
+    throw newError.BadRequest('No tenants to refresh');
+  }
+  const [offersCursor, didMap] = await Promise.all([
+    repos.offers.collection().find({
+      consentedAt: { $exists: false },
+      rejectedAt: { $exists: false },
+      'issuer.id': { $in: map('did', tenants) },
+    }),
+    buildCurrentDidToPreferredDid(tenants, context),
+  ]);
+  const tenantWrites = buildTenantWrites(tenants, didMap);
+  const offerWrites = await buildOfferWrites(offersCursor, didMap);
+  const proms = [];
+  if (!isEmpty(tenantWrites)) {
+    proms.push(repos.tenants.collection().bulkWrite(tenantWrites));
+  }
+  if (!isEmpty(offerWrites)) {
+    proms.push(repos.offers.collection().bulkWrite(offerWrites));
+  }
+  const [tenantsBulkResult, offersBulkResult] = await Promise.all(proms);
+  log.info({ tenantsBulkResult, offersBulkResult });
+  return {};
+};
+const buildTenantWrites = (tenantDocs, didMap) => {
+  const tenantWrites = [];
+  for (const doc of tenantDocs) {
+    const write = buildTenantWrite(doc, didMap);
+    if (write != null) {
+      tenantWrites.push(write);
+    }
+  }
+  return tenantWrites;
+};
+const buildTenantWrite = (tenantDoc, didMap) => {
+  const { preferredDid, dids } = didMap.get(tenantDoc.did) ?? {};
+  if (preferredDid == null) {
+    return undefined;
+  }
+  const serviceIds = map((serviceId) => {
+    if (!isDidUrlWithFragment(serviceId)) {
+      return serviceId;
+    }
+    const [, fragment] = splitDidUrlWithFragment(serviceId);
+    return toDidUrl(preferredDid, fragment);
+  }, tenantDoc.serviceIds);
+  return {
+    updateOne: {
+      filter: { _id: new ObjectId(tenantDoc._id) },
+      update: {
+        $set: omitBy(isNil)({
+          did: preferredDid,
+          dids,
+          serviceIds,
+          updatedAt: new Date(),
+        }),
+      },
+    },
+  };
+};
+const buildOfferWrites = async (offersCursor, didMap) => {
+  const offerWrites = [];
+  for await (const doc of offersCursor) {
+    const write = buildOfferWrite(doc, didMap);
+    if (write != null) {
+      offerWrites.push(write);
+    }
+  }
+  return offerWrites;
+};
+const buildOfferWrite = (offerDoc, didMap) => {
+  const oldDid = offerDoc.issuer.id;
+  const { preferredDid } = didMap.get(oldDid) ?? {};
+  if (preferredDid == null) {
+    return undefined;
+  }
+  return {
+    updateOne: {
+      filter: { _id: new ObjectId(offerDoc._id) },
+      update: {
+        $set: omitBy(isNil)({
+          'issuer.id': preferredDid,
+          updatedAt: new Date(),
+          credentialSubject: leafMap(
+            (val) => (val === oldDid ? preferredDid : val),
+            offerDoc.credentialSubject
+          ),
+        }),
+      },
+    },
+  };
+};
+const buildCurrentDidToPreferredDid = async (tenantDocs, context) => {
+  const didMap = new Map();
+  for (const tenantDoc of tenantDocs) {
+    const { did } = tenantDoc;
+    // eslint-disable-next-line no-await-in-loop
+    const didDoc = await resolveDid(did, context);
+    const dids = getDidAndAliases(didDoc);
+    const preferredDid = find(startsWith('did:web'), dids);
+    if (preferredDid != null) {
+      didMap.set(did, { preferredDid, dids });
+    }
+  }
+  return didMap;
+};
+module.exports = { refreshTenantDids };

package/src/entities/tenants/orchestrators/set-tenant-default-issuing-disclosure.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const setTenantDefaultIssuingDisclosure = async (
+  { disclosure, setIssuingDefault },
+  req
+) => {
+  const { repos, tenant } = req;
+  if (disclosure.configurationType !== 'issuing' || !setIssuingDefault) {
+    return;
+  }
+  await repos.tenants.update(tenant._id, {
+    defaultIssuingDisclosureId: disclosure._id,
+  });
+};
+module.exports = { setTenantDefaultIssuingDisclosure };

package/src/entities/tenants/repos/index.js ADDED Viewed

@@ -0,0 +1,20 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  tenantRepoPlugin: require('./repo'),
+  ...require('./tenant-default-projection'),
+};

package/src/entities/tenants/repos/insert-tenant-extension.js ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const newError = require('http-errors');
+const insertTenantExtension = (parent) => ({
+  insertTenant: async (newTenant) => {
+    try {
+      return await parent.insert(newTenant);
+    } catch (e) {
+      if (e.name === 'MongoServerError' && e.code === 11000) {
+        throw newError(409, e);
+      }
+      throw e;
+    }
+  },
+  extensions: parent.extensions.concat(['insertTenantExtension']),
+});
+module.exports = { insertTenantExtension };

package/src/entities/tenants/repos/repo.js ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const {
+  repoFactory,
+  autoboxIdsExtension,
+} = require('@spencejs/spence-mongo-repos');
+const { initEncryptPropExtension } = require('@verii/spencer-mongo-extensions');
+const { tenantDefaultProjection } = require('./tenant-default-projection');
+const { insertTenantExtension } = require('./insert-tenant-extension');
+module.exports = (app, options, next = () => {}) => {
+  next();
+  return repoFactory(
+    {
+      name: 'tenants',
+      entityName: 'tenant',
+      defaultProjection: tenantDefaultProjection,
+      extensions: [
+        autoboxIdsExtension,
+        insertTenantExtension,
+        initEncryptPropExtension({
+          prop: 'webhookAuth.bearerToken',
+          encryptedProp: 'webhookAuth.bearerToken',
+          secret: app.config.mongoSecret,
+          format: 'string',
+        }),
+        (parent) => ({
+          setDefaultIssuingDisclosure: async (id, disclosureId) =>
+            parent.update(id, {
+              defaultIssuingDisclosureId: disclosureId,
+            }),
+        }),
+      ],
+    },
+    app
+  );
+};

package/src/entities/tenants/repos/tenant-default-projection.js ADDED Viewed

@@ -0,0 +1,33 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const tenantDefaultProjection = {
+  _id: 1,
+  did: 1,
+  dids: 1,
+  serviceId: 1, // TODO remove serviceId after 31 March 2021
+  serviceIds: 1,
+  kid: 1,
+  primaryAddress: 1,
+  vendorOrganizationId: 1,
+  createdAt: 1,
+  updatedAt: 1,
+  webhookUrl: 1,
+  webhookAuth: 1,
+  defaultIssuingDisclosureId: 1,
+};
+module.exports = { tenantDefaultProjection };

package/src/entities/tokens/adapters/access-token.js ADDED Viewed

@@ -0,0 +1,49 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+const { KeyPurposes } = require('@verii/crypto');
+const { nanoid } = require('nanoid');
+const generateAccessToken = (
+  id,
+  subject,
+  disclosure,
+  exchange,
+  { kms, tenant, tenantKeysByPurpose, config }
+) => {
+  const accessTokensSecret = tenantKeysByPurpose[KeyPurposes.EXCHANGES];
+  return kms.signJwt({}, accessTokensSecret.keyId, {
+    jti: id == null ? nanoid(16) : id.toString(),
+    issuer: tenant.did,
+    audience: tenant.did,
+    kid: accessTokensSecret.kidFragment,
+    subject,
+    nbf: new Date(),
+    expiresIn: disclosure?.authTokensExpireIn
+      ? `${disclosure?.authTokensExpireIn}m`
+      : config.defaultOAuthTokenExpiration,
+  });
+};
+const verifyAccessToken = async (token, { kms, tenant, tenantKeysByPurpose }) =>
+  kms.verifyJwt(token, tenantKeysByPurpose[KeyPurposes.EXCHANGES].keyId, {
+    issuer: tenant.did,
+    audience: tenant.did,
+    requiredClaims: ['sub', 'aud', 'iss'],
+  });
+module.exports = { generateAccessToken, verifyAccessToken };

package/src/entities/tokens/adapters/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/*
+ * Copyright 2025 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+module.exports = {
+  ...require('./access-token'),
+};

package/src/entities/tokens/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./adapters'),
+};

package/src/entities/users/factories/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./user-factory'),
+};