Merge pull request #1496 from credebl/feat/auth-and-draft-15

feat: auth and draft 15

Author: RinkalBhojani

Dockerfiles/Dockerfile.x509

@@ -0,0 +1,45 @@
+# Stage 1: Build the application
+FROM node:18-alpine as build
+# Install OpenSSL
+RUN apk add --no-cache openssl
+RUN npm install -g pnpm
+# Set the working directory
+WORKDIR /app
+
+# Copy package.json and package-lock.json
+COPY package.json ./
+COPY pnpm-workspace.yaml ./
+#COPY package-lock.json ./
+
+ENV PUPPETEER_SKIP_DOWNLOAD=true
+
+# Install dependencies while ignoring scripts (including Puppeteer's installation)
+RUN pnpm i --ignore-scripts
+
+# Copy the rest of the application code
+COPY . .
+# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
+RUN cd libs/prisma-service && npx prisma generate
+
+# Build the x509 service
+RUN npm run build x509
+
+
+# Stage 2: Create the final image
+FROM node:18-alpine
+# Install OpenSSL
+RUN apk add --no-cache openssl
+# RUN npm install -g pnpm
+# Set the working directory
+WORKDIR /app
+
+# Copy the compiled code from the build stage
+COPY --from=build /app/dist/apps/x509/ ./dist/apps/x509/
+
+# Copy the libs folder from the build stage
+COPY --from=build /app/libs/ ./libs/
+#COPY --from=build /app/package.json ./  
+COPY --from=build /app/node_modules  ./node_modules
+
+# Set the command to run the microservice
+CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/x509/main.js"]

apps/api-gateway/src/agent-service/dto/create-schema.dto.ts

@@ -2,26 +2,31 @@ import { ApiProperty } from '@nestjs/swagger';
 import { IsString, IsNotEmpty, IsArray } from 'class-validator';
 
 export class CreateTenantSchemaDto {
-    @ApiProperty()
-    @IsString({ message: 'tenantId must be a string' }) @IsNotEmpty({ message: 'please provide valid tenantId' })
-    tenantId: string;
-    
-    @ApiProperty()
-    @IsString({ message: 'schema version must be a string' }) @IsNotEmpty({ message: 'please provide valid schema version' })
-    schemaVersion: string;
+  @ApiProperty()
+  @IsString({ message: 'tenantId must be a string' })
+  @IsNotEmpty({ message: 'please provide valid tenantId' })
+  tenantId: string;
 
-    @ApiProperty()
-    @IsString({ message: 'schema name must be a string' }) @IsNotEmpty({ message: 'please provide valid schema name' })
-    schemaName: string;
+  @ApiProperty()
+  @IsString({ message: 'schema version must be a string' })
+  @IsNotEmpty({ message: 'please provide valid schema version' })
+  schemaVersion: string;
 
-    @ApiProperty()
-    @IsArray({ message: 'attributes must be an array' })
-    @IsString({ each: true })
-    @IsNotEmpty({ message: 'please provide valid attributes' })
-    attributes: string[];
+  @ApiProperty()
+  @IsString({ message: 'schema name must be a string' })
+  @IsNotEmpty({ message: 'please provide valid schema name' })
+  schemaName: string;
 
-    @ApiProperty()
-  
-    @IsNotEmpty({ message: 'please provide orgId' })
-    orgId: string;
-}
+  @ApiProperty()
+  @IsArray({ message: 'attributes must be an array' })
+  @IsString({ each: true })
+  // TODO: IsNotEmpty won't work for array. Must use @ArrayNotEmpty() instead
+  // @ArrayNotEmpty({ message: 'please provide at least one attribute' })
+  // @IsNotEmpty({ each: true, message: 'attribute must not be empty' })
+  @IsNotEmpty({ message: 'please provide valid attributes' })
+  attributes: string[];
+
+  @ApiProperty()
+  @IsNotEmpty({ message: 'please provide orgId' })
+  orgId: string;
+}

apps/api-gateway/src/oid4vc-issuance/dtos/issuer-sessions.dto.ts

@@ -17,10 +17,12 @@ import {
   ValidatorConstraint,
   ValidatorConstraintInterface,
   ValidationArguments,
-  Validate
+  Validate,
+  IsDate
 } from 'class-validator';
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import { Type } from 'class-transformer';
+import { dateToSeconds } from '@credebl/common/date-only';
 
 /* ========= disclosureFrame custom validator ========= */
 function isDisclosureFrameValue(v: unknown): boolean {
@@ -117,6 +119,26 @@ function ExactlyOneOf(keys: string[], options?: ValidationOptions) {
   return Validate(ExactlyOneOfConstraint, keys, options);
 }
 
+export class ValidityInfo {
+  @ApiProperty({
+    example: '2025-04-23T14:34:09.188Z',
+    required: true
+  })
+  @IsNotEmpty()
+  @Type(() => Date)
+  @IsDate()
+  validFrom: Date;
+
+  @ApiProperty({
+    example: '2026-05-03T14:34:09.188Z',
+    required: true
+  })
+  @IsNotEmpty()
+  @Type(() => Date)
+  @IsDate()
+  validUntil: Date;
+}
+
 /* ========= Request DTOs ========= */
 export class CredentialRequestDto {
   @ApiProperty({
@@ -137,13 +159,20 @@ export class CredentialRequestDto {
   payload!: Record<string, unknown>;
 
   @ApiPropertyOptional({
-    description: 'Selective disclosure: claim -> boolean (or nested map)',
-    example: { name: true, DOB: true, additionalProp3: false },
+    example: { validFrom: '2025-04-23T14:34:09.188Z', validUntil: '2026-05-03T14:34:09.188Z' },
     required: false
   })
   @IsOptional()
-  @IsDisclosureFrame()
-  disclosureFrame?: Record<string, boolean | Record<string, boolean>>;
+  validityInfo?: ValidityInfo;
+
+  // @ApiPropertyOptional({
+  //   description: 'Selective disclosure: claim -> boolean (or nested map)',
+  //   example: { name: true, DOB: true, additionalProp3: false },
+  //   required: false
+  // })
+  // @IsOptional()
+  // @IsDisclosureFrame()
+  // disclosureFrame?: Record<string, boolean | Record<string, boolean>>;
 }
 
 export class CreateOidcCredentialOfferDto {
@@ -157,25 +186,16 @@ export class CreateOidcCredentialOfferDto {
   @Type(() => CredentialRequestDto)
   credentials!: CredentialRequestDto[];
 
-  // XOR: exactly one present
-  @ApiPropertyOptional({ type: PreAuthorizedCodeFlowConfigDto })
-  @IsOptional()
-  @ValidateNested()
-  @Type(() => PreAuthorizedCodeFlowConfigDto)
-  preAuthorizedCodeFlowConfig?: PreAuthorizedCodeFlowConfigDto;
-
-  @IsOptional()
-  @ValidateNested()
-  @Type(() => AuthorizationCodeFlowConfigDto)
-  authorizationCodeFlowConfig?: AuthorizationCodeFlowConfigDto;
+  @ApiProperty({
+    example: 'preAuthorizedCodeFlow',
+    enum: ['preAuthorizedCodeFlow', 'authorizationCodeFlow'],
+    description: 'Authorization type'
+  })
+  @IsString()
+  @IsIn(['preAuthorizedCodeFlow', 'authorizationCodeFlow'])
+  authorizationType!: 'preAuthorizedCodeFlow' | 'authorizationCodeFlow';
 
   issuerId?: string;
-
-  // host XOR rule
-  @ExactlyOneOf(['preAuthorizedCodeFlowConfig', 'authorizationCodeFlowConfig'], {
-    message: 'Provide exactly one of preAuthorizedCodeFlowConfig or authorizationCodeFlowConfig.'
-  })
-  private readonly _exactlyOne?: unknown;
 }
 
 export class GetAllCredentialOfferDto {
@@ -266,20 +286,33 @@ export class CredentialDto {
 
   @ApiProperty({
     description: 'Credential payload (namespace data, validity info, etc.)',
-    example: {
-      namespaces: {
-        'org.iso.23220.photoID.1': {
-          birth_date: '1970-02-14',
-          family_name: 'Müller-Lüdenscheid',
-          given_name: 'Ford Praxibetel',
-          document_number: 'LA001801M'
+    example: [
+      {
+        namespaces: {
+          'org.iso.23220.photoID.1': {
+            birth_date: '1970-02-14',
+            family_name: 'Müller-Lüdenscheid',
+            given_name: 'Ford Praxibetel',
+            document_number: 'LA001801M'
+          }
+        },
+        validityInfo: {
+          validFrom: '2025-04-23T14:34:09.188Z',
+          validUntil: '2026-05-03T14:34:09.188Z'
         }
       },
-      validityInfo: {
-        validFrom: '2025-04-23T14:34:09.188Z',
-        validUntil: '2026-05-03T14:34:09.188Z'
+      {
+        full_name: 'Garry',
+        address: {
+          street_address: 'M.G. Road',
+          locality: 'Pune',
+          country: 'India'
+        },
+        iat: 1698151532,
+        nbf: dateToSeconds(new Date()),
+        exp: dateToSeconds(new Date(Date.now() + 5 * 365 * 24 * 60 * 60 * 1000))
       }
-    }
+    ]
   })
   @ValidateNested()
   payload: object;

apps/api-gateway/src/oid4vc-issuance/dtos/oid4vc-credential-wh.dto.ts

@@ -2,23 +2,10 @@ import { ApiProperty } from '@nestjs/swagger';
 import { IsArray, IsObject, IsString } from 'class-validator';
 
 export class CredentialOfferPayloadDto {
-  @ApiProperty()
-  @IsString()
-  // eslint-disable-next-line camelcase
-  credential_issuer!: string;
-
   @ApiProperty({ type: [String] })
   @IsArray()
   // eslint-disable-next-line camelcase
   credential_configuration_ids!: string[];
-
-  @ApiProperty({ type: 'object', additionalProperties: true })
-  @IsObject()
-  grants!: Record<string, unknown>;
-
-  @ApiProperty({ type: [Object] })
-  @IsArray()
-  credentials!: Record<string, unknown>[];
 }
 
 export class IssuanceMetadataDto {
@@ -40,11 +27,48 @@ export class OidcIssueCredentialDto {
   @IsString()
   credentialOfferId!: string;
 
+  @ApiProperty({ type: [Object] })
+  @IsArray()
+  issuedCredentials!: Record<string, unknown>[];
+
+  @ApiProperty({ type: CredentialOfferPayloadDto })
+  @IsObject()
+  credentialOfferPayload!: CredentialOfferPayloadDto;
+
   @ApiProperty()
   @IsString()
   state!: string;
 
+  @ApiProperty()
+  @IsString()
+  createdAt!: string;
+
+  @ApiProperty()
+  @IsString()
+  updatedAt!: string;
+
   @ApiProperty()
   @IsString()
   contextCorrelationId!: string;
 }
+
+/**
+ * Utility: return only credential_configuration_ids from a webhook payload
+ */
+export function extractCredentialConfigurationIds(payload: Partial<OidcIssueCredentialDto>): string[] {
+  const cfg = payload?.credentialOfferPayload?.credential_configuration_ids;
+  return Array.isArray(cfg) ? cfg : [];
+}
+
+export function sanitizeOidcIssueCredentialDto(
+  payload: Partial<OidcIssueCredentialDto>
+): Partial<OidcIssueCredentialDto> {
+  const ids = extractCredentialConfigurationIds(payload);
+  return {
+    ...payload,
+    credentialOfferPayload: {
+      // eslint-disable-next-line camelcase
+      credential_configuration_ids: ids
+    }
+  };
+}