MetaState-Prototype-Project
diff --git a/‎infrastructure/evault-core/src/core/db/db.service.ts‎
Lines changed: 215 additions & 41 deletions b/‎infrastructure/evault-core/src/core/db/db.service.ts‎
Lines changed: 215 additions & 41 deletions
diff --git a/‎infrastructure/evault-core/src/core/http/server.ts‎
Lines changed: 193 additions & 5 deletions b/‎infrastructure/evault-core/src/core/http/server.ts‎
Lines changed: 193 additions & 5 deletions
diff --git a/‎platforms/emover-api/README.md‎
Lines changed: 77 additions & 0 deletions b/‎platforms/emover-api/README.md‎
Lines changed: 77 additions & 0 deletions
diff --git a/‎platforms/emover-api/package.json‎
Lines changed: 38 additions & 0 deletions b/‎platforms/emover-api/package.json‎
Lines changed: 38 additions & 0 deletions
@@ -7,7 +7,8 @@ import type {
     ProvisionRequest,
     ProvisioningService,
 } from "../../services/ProvisioningService";
-import type { DbService } from "../db/db.service";
+import { DbService } from "../db/db.service";
+import { connectWithRetry } from "../db/retry-neo4j";
 import { type TypedReply, type TypedRequest, WatcherRequest } from "./types";
 
 interface WatcherSignatureRequest {
@@ -341,7 +342,7 @@ export async function registerHttpRoutes(
             const { payload } = await jose.jwtVerify(token, JWKS);
 
             console.log(
-                `Token validation: Token verified successfully, payload:`,
+                "Token validation: Token verified successfully, payload:",
                 payload,
             );
             return payload;
@@ -356,7 +357,7 @@ export async function registerHttpRoutes(
                 );
             }
             if (error.cause) {
-                console.error(`Token validation error cause:`, error.cause);
+                console.error("Token validation error cause:", error.cause);
             }
             return null;
         }
@@ -421,8 +422,7 @@ export async function registerHttpRoutes(
             }
 
             const authHeader =
-                request.headers.authorization ||
-                request.headers["Authorization"];
+                request.headers.authorization || request.headers.Authorization;
             const tokenPayload = await validateToken(
                 typeof authHeader === "string" ? authHeader : null,
             );
@@ -516,4 +516,192 @@ export async function registerHttpRoutes(
             },
         );
     }
+
+    // Emover endpoint - Copy metaEnvelopes to new evault instance
+    server.post<{
+        Body: {
+            eName: string;
+            targetNeo4jUri: string;
+            targetNeo4jUser: string;
+            targetNeo4jPassword: string;
+        };
+    }>(
+        "/emover",
+        {
+            schema: {
+                tags: ["migration"],
+                description:
+                    "Copy all metaEnvelopes for an eName to a new evault instance",
+                body: {
+                    type: "object",
+                    required: [
+                        "eName",
+                        "targetNeo4jUri",
+                        "targetNeo4jUser",
+                        "targetNeo4jPassword",
+                    ],
+                    properties: {
+                        eName: { type: "string" },
+                        targetNeo4jUri: { type: "string" },
+                        targetNeo4jUser: { type: "string" },
+                        targetNeo4jPassword: { type: "string" },
+                    },
+                },
+                response: {
+                    200: {
+                        type: "object",
+                        properties: {
+                            success: { type: "boolean" },
+                            count: { type: "number" },
+                            message: { type: "string" },
+                        },
+                    },
+                    400: {
+                        type: "object",
+                        properties: {
+                            error: { type: "string" },
+                        },
+                    },
+                    500: {
+                        type: "object",
+                        properties: {
+                            error: { type: "string" },
+                        },
+                    },
+                },
+            },
+        },
+        async (
+            request: TypedRequest<{
+                eName: string;
+                targetNeo4jUri: string;
+                targetNeo4jUser: string;
+                targetNeo4jPassword: string;
+            }>,
+            reply: TypedReply,
+        ) => {
+            const {
+                eName,
+                targetNeo4jUri,
+                targetNeo4jUser,
+                targetNeo4jPassword,
+            } = request.body;
+
+            if (!dbService) {
+                return reply.status(500).send({
+                    error: "Database service not available",
+                });
+            }
+
+            try {
+                console.log(
+                    `[MIGRATION] Starting migration for eName: ${eName} to target evault`,
+                );
+
+                // Step 1: Validate eName exists in current evault
+                const existingMetaEnvelopes =
+                    await dbService.findAllMetaEnvelopesByEName(eName);
+                if (existingMetaEnvelopes.length === 0) {
+                    console.log(
+                        `[MIGRATION] No metaEnvelopes found for eName: ${eName}`,
+                    );
+                    return reply.status(400).send({
+                        error: `No metaEnvelopes found for eName: ${eName}`,
+                    });
+                }
+
+                console.log(
+                    `[MIGRATION] Found ${existingMetaEnvelopes.length} metaEnvelopes for eName: ${eName}`,
+                );
+
+                // Step 2: Create connection to target evault's Neo4j
+                console.log(
+                    `[MIGRATION] Connecting to target Neo4j at: ${targetNeo4jUri}`,
+                );
+                const targetDriver = await connectWithRetry(
+                    targetNeo4jUri,
+                    targetNeo4jUser,
+                    targetNeo4jPassword,
+                );
+                const targetDbService = new DbService(targetDriver);
+
+                try {
+                    // Step 3: Copy all metaEnvelopes to target evault
+                    console.log(
+                        `[MIGRATION] Copying ${existingMetaEnvelopes.length} metaEnvelopes to target evault`,
+                    );
+                    const copiedCount =
+                        await dbService.copyMetaEnvelopesToNewEvaultInstance(
+                            eName,
+                            targetDbService,
+                        );
+
+                    // Step 4: Verify copy
+                    console.log(
+                        `[MIGRATION] Verifying copy: checking ${copiedCount} metaEnvelopes in target evault`,
+                    );
+                    const targetMetaEnvelopes =
+                        await targetDbService.findAllMetaEnvelopesByEName(
+                            eName,
+                        );
+
+                    if (
+                        targetMetaEnvelopes.length !==
+                        existingMetaEnvelopes.length
+                    ) {
+                        const error = `Copy verification failed: expected ${existingMetaEnvelopes.length} metaEnvelopes, found ${targetMetaEnvelopes.length}`;
+                        console.error(`[MIGRATION ERROR] ${error}`);
+                        return reply.status(500).send({ error });
+                    }
+
+                    // Verify IDs match
+                    const sourceIds = new Set(
+                        existingMetaEnvelopes.map((m) => m.id),
+                    );
+                    const targetIds = new Set(
+                        targetMetaEnvelopes.map((m) => m.id),
+                    );
+
+                    if (sourceIds.size !== targetIds.size) {
+                        const error =
+                            "Copy verification failed: ID count mismatch";
+                        console.error(`[MIGRATION ERROR] ${error}`);
+                        return reply.status(500).send({ error });
+                    }
+
+                    for (const id of sourceIds) {
+                        if (!targetIds.has(id)) {
+                            const error = `Copy verification failed: missing metaEnvelope ID: ${id}`;
+                            console.error(`[MIGRATION ERROR] ${error}`);
+                            return reply.status(500).send({ error });
+                        }
+                    }
+
+                    console.log(
+                        `[MIGRATION] Verification successful: ${copiedCount} metaEnvelopes copied and verified`,
+                    );
+
+                    // Close target connection
+                    await targetDriver.close();
+
+                    return {
+                        success: true,
+                        count: copiedCount,
+                        message: `Successfully copied ${copiedCount} metaEnvelopes to target evault`,
+                    };
+                } catch (copyError) {
+                    await targetDriver.close();
+                    throw copyError;
+                }
+            } catch (error) {
+                console.error(`[MIGRATION ERROR] Migration failed:`, error);
+                return reply.status(500).send({
+                    error:
+                        error instanceof Error
+                            ? error.message
+                            : "Failed to migrate metaEnvelopes",
+                });
+            }
+        },
+    );
 }
@@ -0,0 +1,77 @@
+# Emover API
+
+Backend API for the emover platform that handles evault migration operations.
+
+## Features
+
+- Secure authentication via eID Wallet (QR code + SSE)
+- View current evault host/provider information
+- List available provisioners
+- Initiate and manage evault migrations
+- QR code signing for migration confirmation
+- Real-time migration progress via SSE
+- Comprehensive logging at every step
+
+## Environment Variables
+
+- `PORT` - Server port (default: 4000)
+- `PUBLIC_EMOVER_BASE_URL` - Frontend base URL
+- `PUBLIC_REGISTRY_URL` - Registry service URL
+- `PROVISIONER_URL` or `PROVISIONER_URLS` - Provisioner URL(s)
+- `EVAULT_BASE_URI` - Base URI for evault instances
+- `EMOVER_DATABASE_URL` or `DATABASE_URL` - PostgreSQL connection string
+- `JWT_SECRET` - Secret for JWT token signing
+- `REGISTRY_SHARED_SECRET` - Secret for registry API authentication
+- `NEO4J_USER` - Neo4j username (for cross-evault operations)
+- `NEO4J_PASSWORD` - Neo4j password (for cross-evault operations)
+- `DEMO_VERIFICATION_CODE` - Demo verification code for provisioning
+
+## API Endpoints
+
+### Authentication
+- `GET /api/auth/offer` - Get QR code for login
+- `POST /api/auth` - Handle eID Wallet callback
+- `GET /api/auth/sessions/:id` - SSE stream for auth status
+
+### User
+- `GET /api/users/me` - Get current user (protected)
+
+### Evault Info
+- `GET /api/evault/current` - Get current evault info (protected)
+- `GET /api/provisioners` - List available provisioners (protected)
+
+### Migration
+- `POST /api/migration/initiate` - Start migration (protected)
+- `POST /api/migration/sign` - Create signing session (protected)
+- `GET /api/migration/sessions/:id` - SSE stream for migration status
+- `POST /api/migration/callback` - Handle signed payload from eID Wallet
+- `GET /api/migration/status/:id` - Get migration status
+- `POST /api/migration/delete-old` - Delete old evault (protected)
+
+## Migration Flow
+
+1. User initiates migration with selected provisioner
+2. System provisions new evault instance
+3. **Copies all metaEnvelopes to new evault** (preserving IDs and eName)
+4. **Verifies copy** (count, IDs, integrity)
+5. **Updates registry mapping** (only after successful verification)
+6. **Verifies registry update**
+7. **Marks new evault as active**
+8. **Verifies new evault is working**
+9. **Deletes old evault** (only after all above steps succeed)
+
+## Database
+
+Uses PostgreSQL with TypeORM. Run migrations:
+
+```bash
+npm run migration:run
+```
+
+## Development
+
+```bash
+npm install
+npm run dev
+```
+
@@ -0,0 +1,38 @@
+{
+    "name": "emover-api",
+    "version": "1.0.0",
+    "description": "Emover Platform API for evault migration",
+    "main": "src/index.ts",
+    "scripts": {
+        "start": "ts-node --project tsconfig.json src/index.ts",
+        "dev": "nodemon --exec \"npx ts-node\" src/index.ts",
+        "build": "tsc",
+        "typeorm": "typeorm-ts-node-commonjs",
+        "migration:generate": "typeorm-ts-node-commonjs migration:generate src/database/migrations/migration -d src/database/data-source.ts",
+        "migration:run": "typeorm-ts-node-commonjs migration:run -d src/database/data-source.ts",
+        "migration:revert": "typeorm-ts-node-commonjs migration:revert -d src/database/data-source.ts"
+    },
+    "dependencies": {
+        "axios": "^1.6.7",
+        "cors": "^2.8.5",
+        "dotenv": "^16.4.5",
+        "express": "^4.18.2",
+        "jsonwebtoken": "^9.0.2",
+        "pg": "^8.11.3",
+        "reflect-metadata": "^0.2.1",
+        "typeorm": "^0.3.24",
+        "uuid": "^9.0.1"
+    },
+    "devDependencies": {
+        "@types/cors": "^2.8.17",
+        "@types/express": "^4.17.21",
+        "@types/jsonwebtoken": "^9.0.5",
+        "@types/node": "^20.11.24",
+        "@types/pg": "^8.11.2",
+        "@types/uuid": "^9.0.8",
+        "nodemon": "^3.0.3",
+        "ts-node": "^10.9.2",
+        "typescript": "^5.3.3"
+    }
+}
+