Merge branch 'deployment' into ethr-integration

Author: kinxa0

.github/workflows/prod.yml

@@ -3,7 +3,7 @@ name: Build and deploy CREDO STAGE to ECS
 on:
   push:
     tags:
-      - 'prod*'
+      - 'pr'
 
 
 env:

.github/workflows/qa.yml

@@ -3,7 +3,7 @@ name: Build and deploy credo on QA
 on:
   push:
     tags:
-      - 'qa*'
+      - 'qa-*'
 
 
 env:
@@ -25,8 +25,13 @@ jobs:
       - name: Checkout Repository
         uses: actions/checkout@v2
 
+      - name: Set up Node.js
+        uses: actions/setup-node@v3
+        with:
+          node-version: 18.19.0
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v3
 
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v3
@@ -47,9 +52,12 @@ jobs:
           ECR_REPOSITORY: qa-services
           IMAGE_TAG: "CREDO_V_${{ github.run_number }}"
         run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG  .
+          docker buildx build \
+            --platform linux/amd64 \
+            --output type=docker \
+            -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
+          
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker image list
           
       - name: Set environment variables
         run: |
@@ -80,15 +88,15 @@ jobs:
           echo "SERVICE_NAME: $SERVICE_NAME"
 
           # Replace placeholders in the JSON file
-          sed -e "s;%BUILD_NUMBER%;${{ github.run_number }};g" -e "s;%REPOSITORY_URI%;${REPOSITORY_URI};g" taskdef/qa-credo-service.json > ${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json
+          sed -e "s;%BUILD_NUMBER%;${{ github.run_number }};g" -e "s;%REPOSITORY_URI%;${REPOSITORY_URI};g" taskdef/qa-credo-service.json > "${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json"
  
           # Debug: Print the content of the modified JSON file
-          cat ${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json
+          cat "${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json"
 
           # Register the task definition using the modified JSON file
-          aws ecs register-task-definition --family ${FAMILY} --cli-input-json file://${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json --region ${{ env.AWS_REGION }}
+          aws ecs register-task-definition --family "${FAMILY}" --cli-input-json file://"${GITHUB_WORKSPACE}/${NAME}-v_${{ github.run_number }}.json" --region "${{ env.AWS_REGION }}"
 
-          SERVICE_INFO=$(aws ecs describe-services --services ${SERVICE_NAME} --cluster ${CLUSTER} --region ap-southeast-1)
+          SERVICE_INFO=$(aws ecs describe-services --services "${SERVICE_NAME}" --cluster "${CLUSTER}" --region ap-southeast-1)
 
           # Check if the service exists
            if [ -z "$SERVICE_INFO" ]; then

.github/workflows/stage.yml

@@ -3,7 +3,7 @@ name: Build and deploy CREDO STAGE to ECS
 on:
   push:
     tags:
-      - 'stage*'
+      - 'st'
 
 env:
 

Dockerfile

@@ -63,7 +63,7 @@ RUN yarn global add patch-package
 RUN yarn build
 
 # Stage 2: Production stage
-FROM node:18.19.0-slim
+FROM node:18.19.0-slim AS runtime
 
 WORKDIR /app
 

src/controllers/multi-tenancy/MultiTenancyController.ts

@@ -1,6 +1,12 @@
 import type { RestAgentModules, RestMultiTenantAgentModules } from '../../cliAgent'
 import type { Version } from '../examples'
-import type { RecipientKeyOption, SchemaMetadata } from '../types'
+import type {
+  CustomW3cJsonLdSignCredentialOptions,
+  RecipientKeyOption,
+  SafeW3cJsonLdVerifyCredentialOptions,
+  SchemaMetadata,
+  SignDataOptions,
+} from '../types'
 import type { EthereumDidCreateOptions } from '@ayanworks/credo-ethr-module/build/dids'
 import type { PolygonDidCreateOptions } from '@ayanworks/credo-polygon-w3c-module/build/dids'
 import type {
@@ -48,6 +54,7 @@ import {
   injectable,
   createPeerDidDocumentFromServices,
   PeerDidNumAlgo,
+  W3cJsonLdVerifiableCredential,
 } from '@credo-ts/core'
 import { QuestionAnswerRole, QuestionAnswerState } from '@credo-ts/question-answer'
 import axios from 'axios'
@@ -68,7 +75,6 @@ import {
   WriteTransaction,
   CreateProofRequestOobOptions,
   CreateOfferOobOptions,
-  SignDataOptions,
   VerifyDataOptions,
 } from '../types'
 
@@ -2157,16 +2163,56 @@ export class MultiTenancyController extends Controller {
   @Post('/sign/:tenantId')
   public async sign(
     @Path('tenantId') tenantId: string,
-    @Body() request: SignDataOptions,
+    @Body() request: CustomW3cJsonLdSignCredentialOptions | SignDataOptions | any,
+    @Res() badRequestError: TsoaResponse<400, { reason: string }>,
     @Res() notFoundError: TsoaResponse<404, { reason: string }>,
     @Res() internalServerError: TsoaResponse<500, { message: string }>
   ) {
     try {
       const signature = await this.agent.modules.tenants.withTenantAgent({ tenantId }, async (tenantAgent) => {
         assertAskarWallet(tenantAgent.context.wallet)
+
+        // Raw Data Signing
+        const rawData = request as SignDataOptions
+
+        if (!rawData.data) return notFoundError(404, { reason: `Missing "data" for raw data signing` })
+
+        const hasDidOrMethod = rawData.did || rawData.method
+        const hasPublicKey = rawData.publicKeyBase58 && rawData.keyType
+
+        if (!hasDidOrMethod && !hasPublicKey) {
+          return badRequestError(400, {
+            reason: `Either (did or method) OR (publicKeyBase58 and keyType) must be provided.`,
+          })
+        }
+
+        let keyToUse: Key
+
+        if (hasDidOrMethod) {
+          const dids = await tenantAgent.dids.getCreatedDids({
+            method: rawData.method || undefined,
+            did: rawData.did || undefined,
+          })
+
+          const verificationMethod = dids[0]?.didDocument?.verificationMethod?.[0]?.publicKeyBase58
+          if (!verificationMethod) {
+            return badRequestError(400, {
+              reason: `No publicKeyBase58 found for the given DID or method.`,
+            })
+          }
+
+          keyToUse = Key.fromPublicKeyBase58(verificationMethod, rawData.keyType)
+        } else {
+          keyToUse = Key.fromPublicKeyBase58(rawData.publicKeyBase58, rawData.keyType)
+        }
+
+        if (!keyToUse) {
+          throw new Error('Unable to construct signing key.')
+        }
+
         const signature = await tenantAgent.context.wallet.sign({
-          data: TypedArrayEncoder.fromBase64(request.data),
-          key: Key.fromPublicKeyBase58(request.publicKeyBase58, request.keyType),
+          data: TypedArrayEncoder.fromBase64(rawData.data),
+          key: keyToUse,
         })
         return TypedArrayEncoder.toBase64(signature)
       })
@@ -2194,15 +2240,48 @@ export class MultiTenancyController extends Controller {
   public async verify(
     @Path('tenantId') tenantId: string,
     @Body() request: VerifyDataOptions,
+    @Res() badRequestError: TsoaResponse<400, { reason: string }>,
     @Res() notFoundError: TsoaResponse<404, { reason: string }>,
     @Res() internalServerError: TsoaResponse<500, { message: string }>
   ) {
     try {
       const isValidSignature = await this.agent.modules.tenants.withTenantAgent({ tenantId }, async (tenantAgent) => {
         assertAskarWallet(tenantAgent.context.wallet)
+
+        const hasDidOrMethod = request.did || request.method
+        const hasPublicKey = request.publicKeyBase58 && request.keyType
+
+        if (!hasDidOrMethod && !hasPublicKey) {
+          return badRequestError(400, {
+            reason: `Either (did or method) OR (publicKeyBase58 and keyType) must be provided.`,
+          })
+        }
+
+        let keyToUse: Key
+
+        if (hasDidOrMethod) {
+          const dids = await tenantAgent.dids.getCreatedDids({
+            method: request.method || undefined,
+            did: request.did || undefined,
+          })
+          const verificationMethod = dids[0]?.didDocument?.verificationMethod?.[0]?.publicKeyBase58
+          if (!verificationMethod) {
+            return badRequestError(400, {
+              reason: `No publicKeyBase58 found for the given DID or method.`,
+            })
+          }
+          keyToUse = Key.fromPublicKeyBase58(verificationMethod, request.keyType)
+        } else {
+          keyToUse = Key.fromPublicKeyBase58(request.publicKeyBase58, request.keyType)
+        }
+
+        if (!keyToUse) {
+          throw new Error('Unable to construct key.')
+        }
+
         const isValidSignature = await tenantAgent.context.wallet.verify({
           data: TypedArrayEncoder.fromBase64(request.data),
-          key: Key.fromPublicKeyBase58(request.publicKeyBase58, request.keyType),
+          key: keyToUse,
           signature: TypedArrayEncoder.fromBase64(request.signature),
         })
         return isValidSignature
@@ -2215,4 +2294,32 @@ export class MultiTenancyController extends Controller {
       return internalServerError(500, { message: `something went wrong: ${error}` })
     }
   }
+
+  @Security('apiKey')
+  @Post('/credential/verify/:tenantId')
+  public async verifyCredential(
+    @Path('tenantId') tenantId: string,
+    @Body() credentialToVerify: SafeW3cJsonLdVerifyCredentialOptions | any,
+    @Res() internalServerError: TsoaResponse<500, { message: string }>
+  ) {
+    let formattedCredential
+    try {
+      await this.agent.modules.tenants.withTenantAgent({ tenantId }, async (tenantAgent) => {
+        // eslint-disable-next-line @typescript-eslint/no-unused-vars
+        const { credential, ...credentialOptions } = credentialToVerify
+        const transformedCredential = JsonTransformer.fromJSON(
+          credentialToVerify?.credential,
+          W3cJsonLdVerifiableCredential
+        )
+        const signedCred = await tenantAgent.w3cCredentials.verifyCredential({
+          credential: transformedCredential,
+          ...credentialOptions,
+        })
+        formattedCredential = signedCred
+      })
+      return formattedCredential
+    } catch (error) {
+      return internalServerError(500, { message: `Something went wrong: ${error}` })
+    }
+  }
 }

src/controllers/types.ts

@@ -26,7 +26,12 @@ import type {
   Attachment,
   KeyType,
   JsonLdCredentialFormat,
+  W3cJsonLdVerifyCredentialOptions,
+  DataIntegrityProofOptions,
+  W3cJsonLdSignCredentialOptions,
 } from '@credo-ts/core'
+import type { LinkedDataProofOptions } from '@credo-ts/core/build/modules/vc/data-integrity/models/LinkedDataProof'
+import type { SingleOrArray } from '@credo-ts/core/build/utils'
 import type { DIDDocument } from 'did-resolver'
 
 export type TenantConfig = Pick<InitConfig, 'label' | 'connectionImageUrl'> & {
@@ -396,11 +401,24 @@ export type SignDataOptions = {
   data: string
   keyType: KeyType
   publicKeyBase58: string
+  did?: string
+  method?: string
 }
 
 export type VerifyDataOptions = {
   data: string
   keyType: KeyType
   publicKeyBase58: string
   signature: string
+  did?: string
+  method?: string
+}
+
+export interface SafeW3cJsonLdVerifyCredentialOptions extends W3cJsonLdVerifyCredentialOptions {
+  // Ommited due to issues with TSOA
+  proof: SingleOrArray<Omit<LinkedDataProofOptions, 'cryptosuite'> | DataIntegrityProofOptions>
+}
+
+export type CustomW3cJsonLdSignCredentialOptions = Omit<W3cJsonLdSignCredentialOptions, 'format'> & {
+  [key: string]: unknown
 }

taskdef/qa-credo-service.json

@@ -1,5 +1,9 @@
 {
     "family": "QA_Platform-admin_TASKDEFIITION",
+    "runtimePlatform": {
+        "operatingSystemFamily": "LINUX",
+        "cpuArchitecture": "ARM64"
+    },
     "containerDefinitions": [
         {
             "name": "Platform-admin",
@@ -8,11 +12,13 @@
             "memory": 2048,
             "portMappings": [
                 {
+                    "name": "platform-admin-8027-tcp",
                     "containerPort": 8027,
                     "hostPort": 8027,
                     "protocol": "tcp"
                 },
                 {
+                    "name": "platform-admin-9027-tcp",
                     "containerPort": 9027,
                     "hostPort": 9027,
                     "protocol": "tcp"
@@ -25,7 +31,12 @@
                 "--config",
                 "/config/685df587-7cf5-46cf-873c-502719ac5c35_Platform-admin.json"
             ],
-            "environment": [],
+            "environment": [
+                {
+                    "name": "AFJ_REST_LOG_LEVEL",
+                    "value": "1"
+                }       
+            ],
             "environmentFiles": [
                 {
                     "value": "arn:aws:s3:::env-qabucket/qa-credo.env",
@@ -50,10 +61,27 @@
                     "awslogs-stream-prefix": "ecs"
                 },
                 "secretOptions": []
-            }
+            },
+            "systemControls": []
         }
 
     ],
+    "executionRoleArn": "arn:aws:iam::058264212188:role/ecsTaskExecutionRole",
+    "networkMode": "awsvpc",
+    "volumes": [
+        {
+            "name": "AGENT-CONFIG",
+            "efsVolumeConfiguration": {
+            "fileSystemId": "fs-027dfce09a9626534",
+            "rootDirectory": "/",
+            "transitEncryption": "ENABLED",
+            "authorizationConfig": {
+            "accessPointId": "fsap-0d962feb103255a71",
+            "iam": "DISABLED"
+        }
+      }
+    }
+],
 
     "executionRoleArn": "arn:aws:iam::id:role/ecsTaskExecutionRole",
     "networkMode": "awsvpc",