npm - @verii/server-credentialagent - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-credentialagent 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (395) hide show

package/src/controllers/index.js ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+module.exports = {
+  ...require('./autoload-holder-api-controllers'),
+  ...require('./autoload-operator-api-controllers'),
+  ...require('./autoload-root-api-controller'),
+  ...require('./autoload-saasoperator-api-controllers'),
+};

package/src/controllers/operator/tenants/_tenantId/autohooks.js ADDED Viewed

@@ -0,0 +1,40 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { newOfferRelatedResourceSchema } = require('@verii/common-schemas');
+const {
+  tenantLoaderPlugin,
+  ensureTenantDefaultIssuingDisclosureIdPlugin,
+  groupLoaderPlugin,
+} = require('../../../../plugins');
+const { newVendorOfferSchema } = require('./offers/schemas');
+module.exports = async (fastify) => {
+  fastify
+    .register(tenantLoaderPlugin)
+    .register(ensureTenantDefaultIssuingDisclosureIdPlugin)
+    .register(groupLoaderPlugin)
+    .addSchema(newOfferRelatedResourceSchema)
+    .addSchema(newVendorOfferSchema)
+    .autoSchemaPreset({
+      params: {
+        type: 'object',
+        properties: { tenantId: { type: 'string', minLength: 1 } },
+        required: ['tenantId'],
+      },
+    });
+};

package/src/controllers/operator/tenants/_tenantId/check-credentials/autohooks.js ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { ensureTenantPrimaryAddressPlugin } = require('../../../../../plugins');
+const { vendorCredentialSchema } = require('./schemas');
+module.exports = async (fastify) =>
+  fastify
+    .register(ensureTenantPrimaryAddressPlugin)
+    .addSchema(vendorCredentialSchema)
+    .autoSchemaPreset({ tags: ['verification'] });

package/src/controllers/operator/tenants/_tenantId/check-credentials/controller-v0.8.js ADDED Viewed

@@ -0,0 +1,200 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const { nanoid } = require('nanoid');
+const { map } = require('lodash/fp');
+const { verifyCredentials } = require('@verii/verifiable-credentials');
+const httpError = require('http-errors');
+const { KeyPurposes } = require('@verii/crypto');
+const {
+  resolveDid,
+  getOrganizationVerifiedProfile,
+  getCredentialTypeMetadata,
+} = require('@verii/common-fetchers');
+const { sendPush } = require('../../../../../fetchers');
+const {
+  checkPaymentRequirement,
+  NotificationTypes,
+} = require('../../../../../entities');
+const inspectionController = async (fastify) => {
+  fastify.post(
+    '/',
+    {
+      schema: fastify.autoSchema({
+        body: {
+          type: 'object',
+          properties: {
+            rawCredentials: {
+              type: 'array',
+              items: {
+                type: 'object',
+                properties: {
+                  id: { type: 'string' },
+                  rawCredential: { type: 'string' },
+                },
+              },
+            },
+            pushData: {
+              type: 'object',
+              properties: {
+                sendPush: {
+                  type: 'boolean',
+                },
+                exchangeId: { type: 'string' },
+                pushDelegate: {
+                  type: 'object',
+                  properties: {
+                    pushUrl: { type: 'string' },
+                    pushToken: { type: 'string' },
+                  },
+                  required: ['pushUrl', 'pushToken'],
+                },
+              },
+              required: ['sendPush', 'exchangeId'],
+            },
+          },
+          required: ['rawCredentials'],
+        },
+        response: {
+          200: {
+            type: 'object',
+            properties: {
+              credentials: {
+                type: 'array',
+                items: {
+                  $ref: 'https://velocitycareerlabs.io/vendor-credential.schema.json#',
+                },
+              },
+            },
+          },
+          402: {
+            $ref: 'error#',
+          },
+        },
+      }),
+    },
+    async (req) => {
+      const {
+        body: { rawCredentials, pushData },
+        tenantKeysByPurpose,
+      } = req;
+      const uncheckedCredentials = map('rawCredential', rawCredentials);
+      const credentialsAndChecks = await verifyCredentials(
+        {
+          credentials: uncheckedCredentials,
+          relyingParty: {
+            dltOperatorKMSKeyId:
+              tenantKeysByPurpose[KeyPurposes.DLT_TRANSACTIONS].keyId,
+          },
+        },
+        {
+          resolveDid,
+          getOrganizationVerifiedProfile,
+          getCredentialTypeMetadata,
+        },
+        req
+      );
+      if (checkPaymentRequirement(credentialsAndChecks)) {
+        throw httpError(400, 'No voucher was provided to process the request', {
+          errorCode: 'payment_required',
+        });
+      }
+      const pushDelegate = await getPushDelegate(pushData, req);
+      if (pushDelegate) {
+        const { exchangeId } = pushData;
+        await sendPushVerification({ pushDelegate, exchangeId }, req);
+      }
+      return {
+        credentials: map(
+          ({ credential, credentialChecks }) => ({
+            ...credential,
+            credentialChecks,
+          }),
+          credentialsAndChecks
+        ),
+      };
+    }
+  );
+  const sendPushVerification = async (
+    { exchangeId, pushDelegate },
+    context
+  ) => {
+    return sendPush(
+      {
+        id: nanoid(),
+        pushToken: pushDelegate.pushToken,
+        data: {
+          notificationType: NotificationTypes.PRESENTATION_VERIFIFED,
+          issuer: context.tenant.did,
+          exchangeId,
+          serviceEndpoint: pushDelegate.pushUrl,
+        },
+      },
+      pushDelegate,
+      context
+    );
+  };
+  const getPushDelegate = async (pushData = {}, { repos }) => {
+    const { pushDelegate, exchangeId } = pushData;
+    const exchange = await repos.exchanges.findOne({
+      filter: {
+        _id: exchangeId,
+      },
+    });
+    const disclosure = await repos.disclosures.findOne({
+      filter: {
+        _id: exchange?.disclosureId,
+      },
+    });
+    if (disclosureNotSendPush(disclosure)) {
+      return null;
+    }
+    if (
+      !disclosureNotSendPush(disclosure) &&
+      verifyPushDelegate(exchange?.pushDelegate)
+    ) {
+      return exchange.pushDelegate;
+    }
+    if (pushData.sendPush && verifyPushDelegate(pushDelegate)) {
+      return pushDelegate;
+    }
+    return null;
+  };
+  const disclosureNotSendPush = (disclosure) =>
+    disclosure && disclosure.sendPushOnVerification === false;
+  const verifyPushDelegate = (pushDelegate) => {
+    const { pushUrl, pushToken } = pushDelegate || {};
+    return !!pushUrl && !!pushToken;
+  };
+};
+module.exports = inspectionController;

package/src/controllers/operator/tenants/_tenantId/check-credentials/schemas/index.js ADDED Viewed

@@ -0,0 +1,19 @@
+/**
+ * Copyright 2023 Velocity Team
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const vendorCredentialSchema = require('./vendor-credential.schema.json');
+module.exports = { vendorCredentialSchema };

package/src/controllers/operator/tenants/_tenantId/check-credentials/schemas/vendor-credential.schema.json ADDED Viewed

@@ -0,0 +1,244 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "https://velocitycareerlabs.io/vendor-credential.schema.json",
+  "type": "object",
+  "title": "vendor-credential",
+  "allOf": [
+    {
+      "$ref": "#/definitions/Vendor-credential.v1"
+    },
+    {
+      "type": "object",
+      "required": [
+        "credentialChecks"
+      ],
+      "properties": {
+        "credentialChecks": {
+          "type": "object",
+          "properties": {
+            "UNTAMPERED": {
+              "type": "string",
+              "enum": [
+                "PASS",
+                "FAIL",
+                "VOUCHER_RESERVE_EXHAUSTED",
+                "DATA_INTEGRITY_ERROR",
+                "DEPENDENCY_RESOLUTION_ERROR",
+                "NOT_CHECKED"
+              ]
+            },
+            "TRUSTED_ISSUER": {
+              "type": "string",
+              "enum": [
+                "PASS",
+                "FAIL",
+                "SELF_SIGNED",
+                "DATA_INTEGRITY_ERROR",
+                "DEPENDENCY_RESOLUTION_ERROR",
+                "NOT_CHECKED"
+              ]
+            },
+            "UNREVOKED": {
+              "type": "string",
+              "enum": [
+                "PASS",
+                "FAIL",
+                "DEPENDENCY_RESOLUTION_ERROR",
+                "NOT_APPLICABLE",
+                "NOT_CHECKED"
+              ]
+            },
+            "TRUSTED_HOLDER": {
+              "enum": [
+                "PASS",
+                "FAIL",
+                "NOT_APPLICABLE",
+                "NOT_CHECKED"
+              ]
+            },
+            "UNEXPIRED": {
+              "type": "string",
+              "enum": [
+                "PASS",
+                "FAIL",
+                "NOT_APPLICABLE",
+                "NOT_CHECKED"
+              ]
+            }
+          }
+        }
+      }
+    }
+  ],
+  "definitions": {
+    "Resource-reference": {
+      "title": "resource-reference",
+      "type": "object",
+      "required": [
+        "id"
+      ],
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "the id of the resource that is an alternative",
+          "format": "iri"
+        },
+        "type": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          ],
+          "description": "the type of alternative. PDF or VC"
+        },
+        "mediaType": {
+          "type": "string",
+          "description": "the media type of the URI. Can be used to validate what is downloaded"
+        },
+        "digestSRI": {
+          "type": "string",
+          "description": "the digest of the object"
+        },
+        "name": {
+          "type": "string",
+          "description": "the name of the referenced resource"
+        },
+        "hint": {
+          "anyOf": [
+            {
+              "type": "string"
+            },
+            {
+              "type": "array",
+              "items": {
+                "type": "string"
+              }
+            }
+          ],
+          "description": "rendering hints for wallets. Can be used to validate the downloaded credential"
+        }
+      }
+    },
+    "Vendor-credential.v1": {
+      "type": "object",
+      "title": "vendor-credential",
+      "version": 1,
+      "description": "An credential is a simplified version of the W3C spec. https://w3c.github.io/vc-data-model/CR/2019-03-26/. It does not include a digital signature.",
+      "required": [
+        "id",
+        "type",
+        "issuer",
+        "credentialSubject"
+      ],
+      "properties": {
+        "id": {
+          "type": "string",
+          "description": "A unique id for the credential that was disclosed at this time. A uuid. This is not the credential's DID."
+        },
+        "type": {
+          "type": "array",
+          "description": "type is identical to the standard based type found on verifiable credentials but does not accept a string, it only accepts an array to indicate an unordered set of type URIs",
+          "items": {
+            "type": "string"
+          }
+        },
+        "issuer": {
+          "oneOf": [
+            {
+              "type": "object",
+              "required": [
+                "id"
+              ],
+              "properties": {
+                "id": {
+                  "type": "string",
+                  "description": "DID of the issuer"
+                },
+                "name": {
+                  "type": "string"
+                },
+                "image": {
+                  "type": "string",
+                  "format": "uri"
+                }
+              }
+            },
+            {
+              "type": "string",
+              "description": "DID of the issuer"
+            }
+          ]
+        },
+        "credentialSubject": {
+          "type": "object",
+          "description": "contains all the claims of the credential"
+        },
+        "credentialSchema": {
+          "type": "object",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "type": {
+              "type": "string"
+            }
+          }
+        },
+        "validFrom": {
+          "type": "string",
+          "format": "date-time",
+          "description": "when the credential will start being valid"
+        },
+        "validUntil": {
+          "type": "string",
+          "format": "date-time",
+          "description": "when the credential will expire"
+        },
+        "issued": {
+          "type": "string",
+          "format": "date-time",
+          "description": "when did the issuer actually issue the verified credential"
+        },
+        "issuanceDate": {
+          "type": "string",
+          "format": "date-time",
+          "description": "deprecated - superceded by issued",
+          "deprecated": true
+        },
+        "expirationDate": {
+          "type": "string",
+          "format": "date-time",
+          "description": "deprecated - superceded by validTo",
+          "deprecated": true
+        },
+        "replaces": {
+          "type": "array",
+          "description": "The credential that is replaced by this credential. Typically a VC",
+          "items": {
+            "$ref": "#/definitions/Resource-reference"
+          }
+        },
+        "alternative": {
+          "type": "array",
+          "description": "alternative versions of this credential containing similar data",
+          "items": {
+            "$ref": "#/definitions/Resource-reference"
+          }
+        },
+        "relatedResource": {
+          "type": "array",
+          "description": "related resources",
+          "items": {
+            "$ref": "#/definitions/Resource-reference"
+          }
+        }
+      }
+    }
+  }
+}