@zkpassport/sdk 0.2.6 → 0.2.8

package/README.md

@@ -4,7 +4,7 @@ Privacy-preserving identity verification using passports and ID cards.
 
 _⚠️ Warning ⚠️_
 
-_This version of the SDK is only compatible with the version 0.5 and above of ZKPassport mobile app._
+_This is experimental software that has not been audited yet. Use at your own risk._
 
 ## Installation
 

package/dist/cjs/index.d.ts

@@ -128,6 +128,7 @@ export type QueryBuilder = {
 export declare class ZKPassport {
     private domain;
     private topicToConfig;
+    private topicToLocalConfig;
     private topicToKeyPair;
     private topicToWebSocketClient;
     private topicToSharedSecret;
@@ -154,14 +155,20 @@ export declare class ZKPassport {
     private handleEncryptedMessage;
     private getZkPassportRequest;
     /**
-     * @notice Create a new request.
+     * @notice Create a new request
+     * @param name Your service name
+     * @param logo The logo of your service
+     * @param purpose To explain what you want to do with the user's data
+     * @param scope Scope this request to a specific use case
+     * @param validity How many days ago should have the ID been last scanned by the user?
      * @returns The query builder object.
      */
-    request({ name, logo, purpose, scope, topicOverride, keyPairOverride, }: {
+    request({ name, logo, purpose, scope, validity, topicOverride, keyPairOverride, }: {
         name: string;
         logo: string;
         purpose: string;
         scope?: string;
+        validity?: number;
         topicOverride?: string;
         keyPairOverride?: {
             privateKey: Uint8Array;

package/dist/cjs/index.js

@@ -10,7 +10,7 @@ const websocket_1 = require("./websocket");
 const json_rpc_1 = require("./json-rpc");
 const encryption_1 = require("./encryption");
 const logger_1 = require("./logger");
-const node_gzip_1 = require("node-gzip");
+const pako_1 = require("pako");
 //import initNoirC from '@noir-lang/noirc_abi'
 //import initACVM from '@noir-lang/acvm_js'
 const en_json_1 = tslib_1.__importDefault(require("i18n-iso-countries/langs/en.json"));
@@ -18,6 +18,9 @@ const buffer_1 = require("buffer/");
 // If Buffer is not defined, then we use the Buffer from the buffer package
 if (typeof globalThis.Buffer === "undefined") {
     globalThis.Buffer = buffer_1.Buffer;
+    if (typeof window !== "undefined") {
+        window.Buffer = buffer_1.Buffer;
+    }
 }
 (0, i18n_iso_countries_1.registerLocale)(en_json_1.default);
 function hasRequestedAccessToField(credentialsRequest, field) {
@@ -69,6 +72,7 @@ class ZKPassport {
     //private wasmVerifierInit: boolean = false
     constructor(_domain) {
         this.topicToConfig = {};
+        this.topicToLocalConfig = {};
         this.topicToKeyPair = {};
         this.topicToWebSocketClient = {};
         this.topicToSharedSecret = {};
@@ -178,7 +182,7 @@ class ZKPassport {
             logger_1.noLogger.debug(`User generated proof`);
             // Uncompress the proof and convert it to a hex string
             const bytesProof = buffer_1.Buffer.from(request.params.proof, "base64");
-            const uncompressedProof = await (0, node_gzip_1.ungzip)(bytesProof);
+            const uncompressedProof = (0, pako_1.inflate)(bytesProof);
             // The gzip lib in the app compress the proof as ASCII
             // and since the app passes the proof as a hex string, we can
             // just decode the bytes as hex characters using the TextDecoder
@@ -302,10 +306,15 @@ class ZKPassport {
         };
     }
     /**
-     * @notice Create a new request.
+     * @notice Create a new request
+     * @param name Your service name
+     * @param logo The logo of your service
+     * @param purpose To explain what you want to do with the user's data
+     * @param scope Scope this request to a specific use case
+     * @param validity How many days ago should have the ID been last scanned by the user?
      * @returns The query builder object.
      */
-    async request({ name, logo, purpose, scope, topicOverride, keyPairOverride, }) {
+    async request({ name, logo, purpose, scope, validity, topicOverride, keyPairOverride, }) {
         const topic = topicOverride || (0, crypto_1.randomBytes)(16).toString("hex");
         const keyPair = keyPairOverride || (await (0, encryption_1.generateECDHKeyPair)());
         this.topicToKeyPair[topic] = {
@@ -316,6 +325,10 @@ class ZKPassport {
         this.topicToService[topic] = { name, logo, purpose, scope };
         this.topicToProofs[topic] = [];
         this.topicToExpectedProofCount[topic] = 0;
+        this.topicToLocalConfig[topic] = {
+            // Default to 6 months
+            validity: validity || 6 * 30,
+        };
         this.onRequestReceivedCallbacks[topic] = [];
         this.onGeneratingProofCallbacks[topic] = [];
         this.onBridgeConnectCallbacks[topic] = [];
@@ -372,7 +385,7 @@ class ZKPassport {
         };
         return this.getZkPassportRequest(topic);
     }
-    async checkPublicInputs(proofs, queryResult) {
+    async checkPublicInputs(proofs, queryResult, topic) {
         let commitmentIn;
         let commitmentOut;
         let isCorrect = true;
@@ -430,11 +443,12 @@ class ZKPassport {
                 }
                 commitmentOut = (0, utils_1.getCommitmentOutFromIntegrityProof)(proofData);
                 const currentDate = (0, utils_1.getCurrentDateFromIntegrityProof)(proofData);
-                // The date should be today or yesterday
-                // (if the proof request was requested just before midnight and is finalized after)
-                if (currentDate.getTime() !== today.getTime() &&
-                    currentDate.getTime() !== today.getTime() - 86400000) {
-                    console.warn("Current date used to check the validity of the ID is too old");
+                const todayToCurrentDate = today.getTime() - currentDate.getTime();
+                const expectedDifference = this.topicToLocalConfig[topic]?.validity * 86400000;
+                const actualDifference = today.getTime() - (today.getTime() - expectedDifference);
+                // The ID should not expire within the next 6 months (or whatever the custom value is)
+                if (todayToCurrentDate >= actualDifference) {
+                    console.warn(`The date used to check the validity of the ID is older than ${this.topicToLocalConfig[topic]?.validity} days. You can ask the user to rescan their ID or ask them to disclose their expiry date`);
                     isCorrect = false;
                     break;
                 }
@@ -924,7 +938,7 @@ class ZKPassport {
         let verified = true;
         let uniqueIdentifier;
         if (queryResult) {
-            const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs } = await this.checkPublicInputs(proofsToVerify, queryResult);
+            const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs } = await this.checkPublicInputs(proofsToVerify, queryResult, requestId);
             uniqueIdentifier = uniqueIdentifierFromPublicInputs;
             verified = isCorrect;
         }
@@ -971,6 +985,7 @@ class ZKPassport {
         delete this.topicToWebSocketClient[requestId];
         delete this.topicToKeyPair[requestId];
         delete this.topicToConfig[requestId];
+        delete this.topicToLocalConfig[requestId];
         delete this.topicToSharedSecret[requestId];
         delete this.topicToProofs[requestId];
         delete this.topicToExpectedProofCount[requestId];

package/dist/esm/index.d.ts

@@ -128,6 +128,7 @@ export type QueryBuilder = {
 export declare class ZKPassport {
     private domain;
     private topicToConfig;
+    private topicToLocalConfig;
     private topicToKeyPair;
     private topicToWebSocketClient;
     private topicToSharedSecret;
@@ -154,14 +155,20 @@ export declare class ZKPassport {
     private handleEncryptedMessage;
     private getZkPassportRequest;
     /**
-     * @notice Create a new request.
+     * @notice Create a new request
+     * @param name Your service name
+     * @param logo The logo of your service
+     * @param purpose To explain what you want to do with the user's data
+     * @param scope Scope this request to a specific use case
+     * @param validity How many days ago should have the ID been last scanned by the user?
      * @returns The query builder object.
      */
-    request({ name, logo, purpose, scope, topicOverride, keyPairOverride, }: {
+    request({ name, logo, purpose, scope, validity, topicOverride, keyPairOverride, }: {
         name: string;
         logo: string;
         purpose: string;
         scope?: string;
+        validity?: number;
         topicOverride?: string;
         keyPairOverride?: {
             privateKey: Uint8Array;

package/dist/esm/index.js

@@ -6,7 +6,7 @@ import { getWebSocketClient } from "./websocket";
 import { createEncryptedJsonRpcRequest } from "./json-rpc";
 import { decrypt, generateECDHKeyPair, getSharedSecret } from "./encryption";
 import { noLogger as logger } from "./logger";
-import { ungzip } from "node-gzip";
+import { inflate } from "pako";
 //import initNoirC from '@noir-lang/noirc_abi'
 //import initACVM from '@noir-lang/acvm_js'
 import i18en from "i18n-iso-countries/langs/en.json";
@@ -14,6 +14,9 @@ import { Buffer } from "buffer/";
 // If Buffer is not defined, then we use the Buffer from the buffer package
 if (typeof globalThis.Buffer === "undefined") {
     globalThis.Buffer = Buffer;
+    if (typeof window !== "undefined") {
+        window.Buffer = Buffer;
+    }
 }
 registerLocale(i18en);
 function hasRequestedAccessToField(credentialsRequest, field) {
@@ -59,6 +62,7 @@ export class ZKPassport {
     //private wasmVerifierInit: boolean = false
     constructor(_domain) {
         this.topicToConfig = {};
+        this.topicToLocalConfig = {};
         this.topicToKeyPair = {};
         this.topicToWebSocketClient = {};
         this.topicToSharedSecret = {};
@@ -168,7 +172,7 @@ export class ZKPassport {
             logger.debug(`User generated proof`);
             // Uncompress the proof and convert it to a hex string
             const bytesProof = Buffer.from(request.params.proof, "base64");
-            const uncompressedProof = await ungzip(bytesProof);
+            const uncompressedProof = inflate(bytesProof);
             // The gzip lib in the app compress the proof as ASCII
             // and since the app passes the proof as a hex string, we can
             // just decode the bytes as hex characters using the TextDecoder
@@ -292,10 +296,15 @@ export class ZKPassport {
         };
     }
     /**
-     * @notice Create a new request.
+     * @notice Create a new request
+     * @param name Your service name
+     * @param logo The logo of your service
+     * @param purpose To explain what you want to do with the user's data
+     * @param scope Scope this request to a specific use case
+     * @param validity How many days ago should have the ID been last scanned by the user?
      * @returns The query builder object.
      */
-    async request({ name, logo, purpose, scope, topicOverride, keyPairOverride, }) {
+    async request({ name, logo, purpose, scope, validity, topicOverride, keyPairOverride, }) {
         const topic = topicOverride || randomBytes(16).toString("hex");
         const keyPair = keyPairOverride || (await generateECDHKeyPair());
         this.topicToKeyPair[topic] = {
@@ -306,6 +315,10 @@ export class ZKPassport {
         this.topicToService[topic] = { name, logo, purpose, scope };
         this.topicToProofs[topic] = [];
         this.topicToExpectedProofCount[topic] = 0;
+        this.topicToLocalConfig[topic] = {
+            // Default to 6 months
+            validity: validity || 6 * 30,
+        };
         this.onRequestReceivedCallbacks[topic] = [];
         this.onGeneratingProofCallbacks[topic] = [];
         this.onBridgeConnectCallbacks[topic] = [];
@@ -362,7 +375,7 @@ export class ZKPassport {
         };
         return this.getZkPassportRequest(topic);
     }
-    async checkPublicInputs(proofs, queryResult) {
+    async checkPublicInputs(proofs, queryResult, topic) {
         let commitmentIn;
         let commitmentOut;
         let isCorrect = true;
@@ -420,11 +433,12 @@ export class ZKPassport {
                 }
                 commitmentOut = getCommitmentOutFromIntegrityProof(proofData);
                 const currentDate = getCurrentDateFromIntegrityProof(proofData);
-                // The date should be today or yesterday
-                // (if the proof request was requested just before midnight and is finalized after)
-                if (currentDate.getTime() !== today.getTime() &&
-                    currentDate.getTime() !== today.getTime() - 86400000) {
-                    console.warn("Current date used to check the validity of the ID is too old");
+                const todayToCurrentDate = today.getTime() - currentDate.getTime();
+                const expectedDifference = this.topicToLocalConfig[topic]?.validity * 86400000;
+                const actualDifference = today.getTime() - (today.getTime() - expectedDifference);
+                // The ID should not expire within the next 6 months (or whatever the custom value is)
+                if (todayToCurrentDate >= actualDifference) {
+                    console.warn(`The date used to check the validity of the ID is older than ${this.topicToLocalConfig[topic]?.validity} days. You can ask the user to rescan their ID or ask them to disclose their expiry date`);
                     isCorrect = false;
                     break;
                 }
@@ -914,7 +928,7 @@ export class ZKPassport {
         let verified = true;
         let uniqueIdentifier;
         if (queryResult) {
-            const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs } = await this.checkPublicInputs(proofsToVerify, queryResult);
+            const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs } = await this.checkPublicInputs(proofsToVerify, queryResult, requestId);
             uniqueIdentifier = uniqueIdentifierFromPublicInputs;
             verified = isCorrect;
         }
@@ -961,6 +975,7 @@ export class ZKPassport {
         delete this.topicToWebSocketClient[requestId];
         delete this.topicToKeyPair[requestId];
         delete this.topicToConfig[requestId];
+        delete this.topicToLocalConfig[requestId];
         delete this.topicToSharedSecret[requestId];
         delete this.topicToProofs[requestId];
         delete this.topicToExpectedProofCount[requestId];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zkpassport/sdk",
-  "version": "0.2.6",
+  "version": "0.2.8",
   "description": "Privacy-preserving identity verification using passports and ID cards",
   "main": "./dist/cjs/index.js",
   "module": "./dist/esm/index.js",
@@ -31,7 +31,7 @@
     "@jest/globals": "^29.7.0",
     "@types/jest": "^29.5.14",
     "@types/node": "^22.10.9",
-    "@types/node-gzip": "^1.1.3",
+    "@types/pako": "^2.0.3",
     "@types/ws": "^8.5.12",
     "jest": "^29.7.0",
     "ts-node": "^10.9.2",
@@ -44,7 +44,7 @@
     "@zkpassport/utils": "^0.2.16",
     "buffer": "^6.0.3",
     "i18n-iso-countries": "^7.12.0",
-    "node-gzip": "^1.1.2",
+    "pako": "^2.1.0",
     "ws": "^8.18.0"
   },
   "packageManager": "yarn@1.22.22+sha512.a6b2f7906b721bba3d67d4aff083df04dad64c399707841b7acf00f6b133b7ac24255f2652fa22ae3534329dc6180534e98d17432037ff6fd140556e2bb3137e"

package/src/index.ts

@@ -37,7 +37,7 @@ import { getWebSocketClient, WebSocketClient } from "./websocket"
 import { createEncryptedJsonRpcRequest } from "./json-rpc"
 import { decrypt, generateECDHKeyPair, getSharedSecret } from "./encryption"
 import { noLogger as logger } from "./logger"
-import { ungzip } from "node-gzip"
+import { inflate } from "pako"
 //import initNoirC from '@noir-lang/noirc_abi'
 //import initACVM from '@noir-lang/acvm_js'
 import i18en from "i18n-iso-countries/langs/en.json"
@@ -46,6 +46,9 @@ import { Buffer } from "buffer/"
 // If Buffer is not defined, then we use the Buffer from the buffer package
 if (typeof globalThis.Buffer === "undefined") {
   globalThis.Buffer = Buffer as any
+  if (typeof window !== "undefined") {
+    window.Buffer = Buffer as any
+  }
 }
 
 registerLocale(i18en)
@@ -257,6 +260,12 @@ export type QueryBuilder = {
 export class ZKPassport {
   private domain: string
   private topicToConfig: Record<string, Record<string, IDCredentialConfig>> = {}
+  private topicToLocalConfig: Record<
+    string,
+    {
+      validity: number
+    }
+  > = {}
   private topicToKeyPair: Record<string, { privateKey: Uint8Array; publicKey: Uint8Array }> = {}
   private topicToWebSocketClient: Record<string, WebSocketClient> = {}
   private topicToSharedSecret: Record<string, Uint8Array> = {}
@@ -395,7 +404,7 @@ export class ZKPassport {
       logger.debug(`User generated proof`)
       // Uncompress the proof and convert it to a hex string
       const bytesProof = Buffer.from(request.params.proof, "base64")
-      const uncompressedProof = await ungzip(bytesProof)
+      const uncompressedProof = inflate(bytesProof)
       // The gzip lib in the app compress the proof as ASCII
       // and since the app passes the proof as a hex string, we can
       // just decode the bytes as hex characters using the TextDecoder
@@ -543,7 +552,12 @@ export class ZKPassport {
   }
 
   /**
-   * @notice Create a new request.
+   * @notice Create a new request
+   * @param name Your service name
+   * @param logo The logo of your service
+   * @param purpose To explain what you want to do with the user's data
+   * @param scope Scope this request to a specific use case
+   * @param validity How many days ago should have the ID been last scanned by the user?
    * @returns The query builder object.
    */
   public async request({
@@ -551,6 +565,7 @@ export class ZKPassport {
     logo,
     purpose,
     scope,
+    validity,
     topicOverride,
     keyPairOverride,
   }: {
@@ -558,6 +573,7 @@ export class ZKPassport {
     logo: string
     purpose: string
     scope?: string
+    validity?: number
     topicOverride?: string
     keyPairOverride?: { privateKey: Uint8Array; publicKey: Uint8Array }
   }): Promise<QueryBuilder> {
@@ -573,6 +589,10 @@ export class ZKPassport {
     this.topicToService[topic] = { name, logo, purpose, scope }
     this.topicToProofs[topic] = []
     this.topicToExpectedProofCount[topic] = 0
+    this.topicToLocalConfig[topic] = {
+      // Default to 6 months
+      validity: validity || 6 * 30,
+    }
 
     this.onRequestReceivedCallbacks[topic] = []
     this.onGeneratingProofCallbacks[topic] = []
@@ -647,7 +667,11 @@ export class ZKPassport {
     return this.getZkPassportRequest(topic)
   }
 
-  private async checkPublicInputs(proofs: Array<ProofResult>, queryResult: QueryResult) {
+  private async checkPublicInputs(
+    proofs: Array<ProofResult>,
+    queryResult: QueryResult,
+    topic: string,
+  ) {
     let commitmentIn: bigint | undefined
     let commitmentOut: bigint | undefined
     let isCorrect = true
@@ -717,13 +741,14 @@ export class ZKPassport {
         }
         commitmentOut = getCommitmentOutFromIntegrityProof(proofData)
         const currentDate = getCurrentDateFromIntegrityProof(proofData)
-        // The date should be today or yesterday
-        // (if the proof request was requested just before midnight and is finalized after)
-        if (
-          currentDate.getTime() !== today.getTime() &&
-          currentDate.getTime() !== today.getTime() - 86400000
-        ) {
-          console.warn("Current date used to check the validity of the ID is too old")
+        const todayToCurrentDate = today.getTime() - currentDate.getTime()
+        const expectedDifference = this.topicToLocalConfig[topic]?.validity * 86400000
+        const actualDifference = today.getTime() - (today.getTime() - expectedDifference)
+        // The ID should not expire within the next 6 months (or whatever the custom value is)
+        if (todayToCurrentDate >= actualDifference) {
+          console.warn(
+            `The date used to check the validity of the ID is older than ${this.topicToLocalConfig[topic]?.validity} days. You can ask the user to rescan their ID or ask them to disclose their expiry date`,
+          )
           isCorrect = false
           break
         }
@@ -1306,7 +1331,7 @@ export class ZKPassport {
     let uniqueIdentifier: string | undefined
     if (queryResult) {
       const { isCorrect, uniqueIdentifier: uniqueIdentifierFromPublicInputs } =
-        await this.checkPublicInputs(proofsToVerify!, queryResult!)
+        await this.checkPublicInputs(proofsToVerify!, queryResult!, requestId)
       uniqueIdentifier = uniqueIdentifierFromPublicInputs
       verified = isCorrect
     }
@@ -1361,6 +1386,7 @@ export class ZKPassport {
     delete this.topicToWebSocketClient[requestId]
     delete this.topicToKeyPair[requestId]
     delete this.topicToConfig[requestId]
+    delete this.topicToLocalConfig[requestId]
     delete this.topicToSharedSecret[requestId]
     delete this.topicToProofs[requestId]
     delete this.topicToExpectedProofCount[requestId]