npm - @verii/server-mockvendor - Versions diffs - 1.0.0-pre.1752076816 - Mend

@verii/server-mockvendor 1.0.0-pre.1752076816

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (82) hide show

package/.localdev.env +15 -0
package/.standalone.env +5 -0
package/LICENSE +201 -0
package/docker/compose.yml +25 -0
package/jest.config.js +20 -0
package/multilingual-string.schema.json +40 -0
package/package.json +70 -0
package/src/config/config.js +55 -0
package/src/controllers/api/accepted-offers/controller.js +9 -0
package/src/controllers/api/accepted-offers/repo.js +25 -0
package/src/controllers/api/applicants/controller.js +9 -0
package/src/controllers/api/applicants/repo.js +30 -0
package/src/controllers/api/create_did_key/controller.js +29 -0
package/src/controllers/api/create_did_key/schemas/index.js +4 -0
package/src/controllers/api/create_did_key/schemas/jwk-did-request.schema.js +20 -0
package/src/controllers/api/create_did_key/schemas/jwk-did-response.schema.js +41 -0
package/src/controllers/api/create_jwk/controller.js +35 -0
package/src/controllers/api/create_jwk/schemas/index.js +3 -0
package/src/controllers/api/create_jwk/schemas/jwk-response.schema.js +33 -0
package/src/controllers/api/credential-submissions/controller.js +59 -0
package/src/controllers/api/credential-submissions/repo.js +16 -0
package/src/controllers/api/identifications/controller.js +67 -0
package/src/controllers/api/identifications/repo.js +22 -0
package/src/controllers/api/issuing-exchanges/controller.js +218 -0
package/src/controllers/api/issuing-exchanges/fetchers.js +45 -0
package/src/controllers/api/issuing-exchanges/repo.js +27 -0
package/src/controllers/api/jwt/controller.js +69 -0
package/src/controllers/api/jwt/schemas/index.js +6 -0
package/src/controllers/api/jwt/schemas/jwt-request.schema.js +40 -0
package/src/controllers/api/jwt/schemas/jwt-response.schema.js +14 -0
package/src/controllers/api/jwt/schemas/jwt-verify-request.schema.js +17 -0
package/src/controllers/api/jwt/schemas/jwt-verify-response.schema.js +17 -0
package/src/controllers/api/offers/autohooks.js +5 -0
package/src/controllers/api/offers/controller.js +87 -0
package/src/controllers/api/offers/new-mockvendor-offer.schema.js +22 -0
package/src/controllers/api/offers/repo.js +33 -0
package/src/controllers/api/users/controller.js +20 -0
package/src/controllers/api/users/repo.js +29 -0
package/src/controllers/autohooks.js +22 -0
package/src/controllers/inspection/controller.js +39 -0
package/src/controllers/issuing/controller.js +158 -0
package/src/controllers/registrar/controller.js +67 -0
package/src/controllers/registrar/repo.js +24 -0
package/src/controllers/root/controller.js +15 -0
package/src/controllers/schemas/index.js +21 -0
package/src/controllers/schemas/issuer-data.schema.json +26 -0
package/src/entities/index.js +4 -0
package/src/entities/key-pairs/index.js +3 -0
package/src/entities/key-pairs/key-pairs.js +73 -0
package/src/entities/offers/index.js +3 -0
package/src/entities/offers/schemas/generate-offers.schema.js +30 -0
package/src/entities/offers/schemas/index.js +3 -0
package/src/index.js +19 -0
package/src/init-server.js +34 -0
package/src/main.js +18 -0
package/src/standalone.js +8 -0
package/src/start-app-server.js +32 -0
package/test/accepted-offers.test.js +47 -0
package/test/api-users.test.js +170 -0
package/test/create_did_key-controller.test.js +94 -0
package/test/create_jwk-controller.test.js +86 -0
package/test/credential-submissions.test.js +331 -0
package/test/factories/accepted-offers.factory.js +16 -0
package/test/factories/delayed-offer.factory.js +17 -0
package/test/factories/identifications.factory.js +33 -0
package/test/factories/offers.factory.js +64 -0
package/test/factories/users.factory.js +24 -0
package/test/helpers/PastEmploymentPosition-2007-2009-Junior-Project-Manager.json +26 -0
package/test/helpers/PastEmploymentPosition-2009-2015-Project-Manager.json +26 -0
package/test/helpers/helpers/PastEmploymentPosition-2009-2015-Project-Manager.json +26 -0
package/test/helpers/latest-Adam-Smith.json +49 -0
package/test/helpers/legacy-Adam-Smith.json +33 -0
package/test/helpers/mockvendor-build-fastify.js +16 -0
package/test/helpers/tools/verifgen/templates/PastEmploymentPosition-2009-2015-Project-Manager.json +26 -0
package/test/identifications.test.js +56 -0
package/test/issuing-exchanges.test.js +335 -0
package/test/issuing-identify.test.js +137 -0
package/test/jwt-controller.test.js +320 -0
package/test/offers.test.js +682 -0
package/test/registrar.test.js +276 -0
package/test/root.test.js +25 -0
package/test/swagger.test.js +21 -0

package/test/jwt-controller.test.js ADDED Viewed

@@ -0,0 +1,320 @@
+const { generateKeyPair } = require('@verii/crypto');
+const { jwtVerify, jwtSign } = require('@verii/jwt');
+const { getDidUriFromJwk } = require('@verii/did-doc');
+const { errorResponseMatcher } = require('@verii/tests-helpers');
+const buildFastify = require('./helpers/mockvendor-build-fastify');
+const { generateJwk } = require('../src/entities');
+describe('JWT Controller Test Suite', () => {
+  let fastify;
+  beforeAll(async () => {
+    fastify = await buildFastify({});
+    await fastify.ready();
+  });
+  afterAll(async () => {
+    await fastify.close();
+  });
+  describe('JWT signing and verifying', () => {
+    const api = '/api/jwt';
+    describe('sign jwt test suite', () => {
+      it('should fail to sign a jwt with missing payload in body', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+          },
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              code: 'FST_ERR_VALIDATION',
+              message: "body must have required property 'payload'",
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should fail to sign a jwt with empty keyId in options', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {},
+            options: {
+              keyId: '',
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              code: 'FST_ERR_VALIDATION',
+              message:
+                // eslint-disable-next-line max-len
+                "body/options must have required property 'kid', body/options/keyId must NOT have fewer than 1 characters, body/options must match exactly one schema in oneOf",
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should fail to sign a jwt with empty kid in options', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {},
+            options: {
+              kid: '',
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              code: 'FST_ERR_VALIDATION',
+              message:
+                // eslint-disable-next-line max-len
+                "body/options/kid must NOT have fewer than 1 characters, body/options must have required property 'keyId', body/options must match exactly one schema in oneOf",
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should fail when a key pair could not be found by kid', async () => {
+        const { publicKey: pubK } = generateKeyPair({
+          curve: 'P-256',
+          format: 'jwk',
+        });
+        const didJwk = getDidUriFromJwk(pubK);
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {
+              abc: 'abv',
+            },
+            options: {
+              kid: `${didJwk}#0`,
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              message: 'Key pair not found',
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should fail when a key pair could not be found by keyId', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {
+              abc: 'abv',
+            },
+            options: {
+              keyId: '111',
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              message: 'Key pair not found',
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should sign a jwt with keyId', async () => {
+        const keyPair = generateJwk('P-256');
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {
+              abc: 'abv',
+            },
+            options: {
+              keyId: keyPair.id,
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          compactJwt: expect.any(String),
+        });
+        const { payload, header } = await jwtVerify(
+          response.json.compactJwt,
+          keyPair.privateKey
+        );
+        expect(payload.abc).toEqual('abv');
+        expect(header.jwk).toEqual(keyPair.publicKey);
+      });
+      it('should sign a jwt with kid & secp256k1', async () => {
+        const keyPair = generateJwk('secp256k1');
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/sign`,
+          payload: {
+            header: {},
+            payload: {
+              abc: 'abv',
+            },
+            options: {
+              kid: keyPair.kid,
+            },
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          compactJwt: expect.any(String),
+        });
+        const { payload, header } = await jwtVerify(
+          response.json.compactJwt,
+          keyPair.privateKey
+        );
+        expect(payload.abc).toEqual('abv');
+        expect(header.jwk).toEqual(keyPair.publicKey);
+      });
+    });
+    describe('verify jwt test suite', () => {
+      it('should 400 with missing jwt in body', async () => {
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/verify`,
+          payload: {},
+        });
+        expect(response.statusCode).toEqual(400);
+        expect(response.json).toEqual(
+          errorResponseMatcher(
+            {
+              error: 'Bad Request',
+              code: 'FST_ERR_VALIDATION',
+              message: "body must have required property 'jwt'",
+              statusCode: 400,
+            },
+            { omits: ['requestId', 'errorCode'] }
+          )
+        );
+      });
+      it('should not verify a jwt with incorrect jwk embedded in the header', async () => {
+        const { privateKey } = generateKeyPair({ format: 'jwk' });
+        const { publicKey: wrongPublicKey } = generateKeyPair({
+          format: 'jwk',
+        });
+        const jwt = await jwtSign({ foo: 'bar' }, privateKey, {
+          jwk: wrongPublicKey,
+        });
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/verify`,
+          payload: {
+            jwt,
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          verified: false,
+          error:
+            'JWSSignatureVerificationFailed: signature verification failed',
+        });
+      });
+      it('should not verify a jwt with incorrect publicKey', async () => {
+        const { privateKey } = generateKeyPair({ format: 'jwk' });
+        const { publicKey: wrongPublicKey } = generateKeyPair({
+          format: 'jwk',
+        });
+        const jwt = await jwtSign({ foo: 'bar' }, privateKey);
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/verify`,
+          payload: {
+            jwt,
+            publicKey: wrongPublicKey,
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          verified: false,
+          error:
+            'JWSSignatureVerificationFailed: signature verification failed',
+        });
+      });
+      it('should verify a jwt with correct jwk embedded in the header', async () => {
+        const { privateKey, publicKey } = generateKeyPair({ format: 'jwk' });
+        const jwt = await jwtSign({ foo: 'bar' }, privateKey, {
+          jwk: publicKey,
+        });
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/verify`,
+          payload: {
+            jwt,
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          verified: true,
+        });
+      });
+      it('should verify a jwt with correct publicKey', async () => {
+        const { privateKey, publicKey } = generateKeyPair({ format: 'jwk' });
+        const jwt = await jwtSign({ foo: 'bar' }, privateKey);
+        const response = await fastify.injectJson({
+          method: 'POST',
+          url: `${api}/verify`,
+          payload: {
+            jwt,
+            publicKey,
+          },
+        });
+        expect(response.statusCode).toEqual(200);
+        expect(response.json).toEqual({
+          verified: true,
+        });
+      });
+    });
+  });
+});