soulprint-express 0.1.0

package/dist/index.d.ts

@@ -0,0 +1,60 @@
+import { SoulprintToken } from "soulprint-core";
+import { verifySPT, SoulprintOptions } from "./verify.js";
+export { verifySPT, SoulprintOptions };
+/**
+ * soulprint() — Express/Connect middleware for Soulprint identity verification.
+ *
+ * USAGE:
+ *
+ * ```typescript
+ * import express from "express";
+ * import { soulprint } from "soulprint-express";
+ *
+ * const app = express();
+ *
+ * // Protect entire API — require KYC verified humans
+ * app.use(soulprint({ minScore: 60 }));
+ *
+ * // Protect specific route — require full biometric KYC
+ * app.post("/sensitive", soulprint({ require: ["DocumentVerified", "FaceMatch"] }), handler);
+ *
+ * // Inside a handler — get the verified identity
+ * app.get("/me", soulprint({ minScore: 20 }), (req, res) => {
+ *   const identity = req.soulprint;  // SoulprintToken
+ *   res.json({ nullifier: identity.nullifier, score: identity.score });
+ * });
+ * ```
+ *
+ * Token is read from:
+ *   - HTTP header:   X-Soulprint: <SPT>
+ *   - Query param:   ?spt=<SPT>
+ *   - Bearer token:  Authorization: Bearer <SPT>
+ */
+export declare function soulprint(opts?: SoulprintOptions): (req: any, res: any, next: Function) => void;
+/**
+ * soulprintFastify() — Fastify plugin for Soulprint verification.
+ *
+ * USAGE:
+ *
+ * ```typescript
+ * import Fastify from "fastify";
+ * import { soulprintFastify } from "soulprint-express";
+ *
+ * const fastify = Fastify();
+ * await fastify.register(soulprintFastify, { minScore: 60 });
+ *
+ * fastify.get("/me", async (request) => {
+ *   const identity = request.soulprint;
+ *   return { nullifier: identity?.nullifier };
+ * });
+ * ```
+ */
+export declare function soulprintFastify(fastify: any, opts?: SoulprintOptions): Promise<void>;
+declare global {
+    namespace Express {
+        interface Request {
+            soulprint?: SoulprintToken;
+        }
+    }
+}
+export { decodeToken, SoulprintToken, TrustLevel, CredentialType } from "soulprint-core";

package/dist/index.js

@@ -0,0 +1,116 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decodeToken = exports.verifySPT = void 0;
+exports.soulprint = soulprint;
+exports.soulprintFastify = soulprintFastify;
+const verify_js_1 = require("./verify.js");
+Object.defineProperty(exports, "verifySPT", { enumerable: true, get: function () { return verify_js_1.verifySPT; } });
+// ── Express Middleware ────────────────────────────────────────────────────────
+/**
+ * soulprint() — Express/Connect middleware for Soulprint identity verification.
+ *
+ * USAGE:
+ *
+ * ```typescript
+ * import express from "express";
+ * import { soulprint } from "soulprint-express";
+ *
+ * const app = express();
+ *
+ * // Protect entire API — require KYC verified humans
+ * app.use(soulprint({ minScore: 60 }));
+ *
+ * // Protect specific route — require full biometric KYC
+ * app.post("/sensitive", soulprint({ require: ["DocumentVerified", "FaceMatch"] }), handler);
+ *
+ * // Inside a handler — get the verified identity
+ * app.get("/me", soulprint({ minScore: 20 }), (req, res) => {
+ *   const identity = req.soulprint;  // SoulprintToken
+ *   res.json({ nullifier: identity.nullifier, score: identity.score });
+ * });
+ * ```
+ *
+ * Token is read from:
+ *   - HTTP header:   X-Soulprint: <SPT>
+ *   - Query param:   ?spt=<SPT>
+ *   - Bearer token:  Authorization: Bearer <SPT>
+ */
+function soulprint(opts = {}) {
+    return function soulprintMiddleware(req, res, next) {
+        const spt = extractSPT(req);
+        const result = (0, verify_js_1.verifySPT)(spt, opts);
+        if (!result.allowed) {
+            opts.onRejected?.(result.reason);
+            res.status(403).json({
+                error: "soulprint_required",
+                message: opts.rejectMessage ?? result.reason,
+                docs: "https://github.com/manuelariasfz/soulprint",
+                required: {
+                    minScore: opts.minScore ?? 40,
+                    require: opts.require,
+                },
+            });
+            return;
+        }
+        opts.onVerified?.(result.token);
+        // Attach to req for downstream handlers
+        req.soulprint = result.token;
+        next();
+    };
+}
+function extractSPT(req) {
+    // 1. Header dedicado
+    const header = req.headers?.["x-soulprint"] ?? req.headers?.["X-Soulprint"];
+    if (header)
+        return header;
+    // 2. Authorization: Bearer <SPT>
+    const auth = req.headers?.authorization ?? "";
+    if (auth.startsWith("Bearer ")) {
+        const token = auth.slice(7);
+        // Solo si parece un SPT (base64url largo) — no interferir con JWTs normales
+        if (token.length > 200)
+            return token;
+    }
+    // 3. Query param: ?spt=...
+    if (req.query?.spt)
+        return req.query.spt;
+    return undefined;
+}
+// ── Fastify Plugin ────────────────────────────────────────────────────────────
+/**
+ * soulprintFastify() — Fastify plugin for Soulprint verification.
+ *
+ * USAGE:
+ *
+ * ```typescript
+ * import Fastify from "fastify";
+ * import { soulprintFastify } from "soulprint-express";
+ *
+ * const fastify = Fastify();
+ * await fastify.register(soulprintFastify, { minScore: 60 });
+ *
+ * fastify.get("/me", async (request) => {
+ *   const identity = request.soulprint;
+ *   return { nullifier: identity?.nullifier };
+ * });
+ * ```
+ */
+async function soulprintFastify(fastify, opts = {}) {
+    fastify.addHook("preHandler", async (request, reply) => {
+        const spt = extractSPT(request);
+        const result = (0, verify_js_1.verifySPT)(spt, opts);
+        if (!result.allowed) {
+            opts.onRejected?.(result.reason);
+            reply.status(403).send({
+                error: "soulprint_required",
+                message: opts.rejectMessage ?? result.reason,
+                docs: "https://github.com/manuelariasfz/soulprint",
+            });
+            return;
+        }
+        opts.onVerified?.(result.token);
+        request.soulprint = result.token;
+    });
+}
+var soulprint_core_1 = require("soulprint-core");
+Object.defineProperty(exports, "decodeToken", { enumerable: true, get: function () { return soulprint_core_1.decodeToken; } });

package/dist/verify.d.ts

@@ -0,0 +1,14 @@
+import { SoulprintToken, TrustLevel, CredentialType } from "soulprint-core";
+export interface SoulprintOptions {
+    minScore?: number;
+    minLevel?: TrustLevel;
+    require?: CredentialType | CredentialType[];
+    rejectMessage?: string;
+    onVerified?: (token: SoulprintToken) => void;
+    onRejected?: (reason: string) => void;
+}
+export declare function verifySPT(spt: string | undefined | null, opts?: SoulprintOptions): {
+    allowed: boolean;
+    token?: SoulprintToken;
+    reason?: string;
+};

package/dist/verify.js

@@ -0,0 +1,46 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySPT = verifySPT;
+const soulprint_core_1 = require("soulprint-core");
+const LEVEL_SCORES = {
+    Unverified: 0, EmailVerified: 10, PhoneVerified: 25, KYCLite: 45, KYCFull: 80,
+};
+function verifySPT(spt, opts = {}) {
+    if (!spt) {
+        const result = { allowed: false, reason: "No Soulprint token provided" };
+        opts.onRejected?.(result.reason);
+        return result;
+    }
+    const token = (0, soulprint_core_1.decodeToken)(spt);
+    if (!token) {
+        const result = { allowed: false, reason: "Invalid or expired Soulprint token" };
+        opts.onRejected?.(result.reason);
+        return result;
+    }
+    const minScore = opts.minScore ?? 40;
+    if (token.score < minScore) {
+        const result = { allowed: false, reason: `Trust score too low: ${token.score} < ${minScore}` };
+        opts.onRejected?.(result.reason);
+        return result;
+    }
+    if (opts.minLevel) {
+        const req = LEVEL_SCORES[opts.minLevel] ?? 0;
+        const got = LEVEL_SCORES[token.level] ?? 0;
+        if (got < req) {
+            const result = { allowed: false, reason: `Trust level too low: ${token.level} < ${opts.minLevel}` };
+            opts.onRejected?.(result.reason);
+            return result;
+        }
+    }
+    if (opts.require) {
+        const required = Array.isArray(opts.require) ? opts.require : [opts.require];
+        const missing = required.filter(c => !token.credentials.includes(c));
+        if (missing.length > 0) {
+            const result = { allowed: false, reason: `Missing credentials: ${missing.join(", ")}` };
+            opts.onRejected?.(result.reason);
+            return result;
+        }
+    }
+    opts.onVerified?.(token);
+    return { allowed: true, token };
+}

package/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "soulprint-express",
+  "version": "0.1.0",
+  "description": "Soulprint Express/Fastify middleware — app.use(soulprint({ minScore: 40 }))",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/manuelariasfz/soulprint",
+    "directory": "packages/express"
+  },
+  "homepage": "https://github.com/manuelariasfz/soulprint#readme",
+  "keywords": [
+    "soulprint",
+    "express",
+    "fastify",
+    "middleware",
+    "kyc",
+    "identity",
+    "ai-agents"
+  ],
+  "license": "MIT",
+  "dependencies": {
+    "soulprint-core": "0.1.0"
+  },
+  "peerDependencies": {
+    "express": ">=4.0.0"
+  },
+  "peerDependenciesMeta": {
+    "express": {
+      "optional": true
+    }
+  },
+  "devDependencies": {
+    "typescript": "^5.4.0",
+    "@types/node": "^20.0.0",
+    "@types/express": "^4.17.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "scripts": {
+    "build": "tsc"
+  }
+}