d-bis/the_order
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f0181bbddb4a775f3cbbf7612c5db296bb51dd0d
the_order/packages/auth/src/eidas.js
defiQUG 2633de4d33 feat(eresidency): Complete eResidency service implementation 
- Implement credential revocation endpoint with proper database integration
- Fix database row mapping (snake_case to camelCase) for eResidency applications
- Add missing imports (getRiskAssessmentEngine, VeriffKYCProvider, ComplyAdvantageSanctionsProvider)
- Fix environment variable type checking for Veriff and ComplyAdvantage providers
- Add required 'message' field to notification service calls
- Fix risk assessment type mismatches
- Update audit logging to use 'verified' action type (supported by schema)
- Resolve all TypeScript errors and unused variable warnings
- Add TypeScript ignore comments for placeholder implementations
- Temporarily disable security/detect-non-literal-regexp rule due to ESLint 9 compatibility
- Service now builds successfully with no linter errors

All core functionality implemented:
- Application submission and management
- KYC integration (Veriff placeholder)
- Sanctions screening (ComplyAdvantage placeholder)
- Risk assessment engine
- Credential issuance and revocation
- Reviewer console
- Status endpoints
- Auto-issuance service
2025-11-10 19:43:02 -08:00

82 lines
3.2 KiB
JavaScript
Raw Blame History

/**
* eIDAS (electronic IDentification, Authentication and trust Services) helpers
*/
import fetch from 'node-fetch';
export class EIDASProvider {
config;
constructor(config) {
this.config = config;
}
async requestSignature(document) {
const response = await fetch(`${this.config.providerUrl}/sign`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${this.config.apiKey}`,
},
body: JSON.stringify({ document }),
});
if (!response.ok) {
const errorText = await response.text();
throw new Error(`eIDAS signature request failed: ${response.status} ${errorText}`);
}
const data = (await response.json());
return {
signature: data.signature,
certificate: data.certificate,
timestamp: new Date(data.timestamp),
};
}
async verifySignature(signature) {
try {
// First, verify with the eIDAS provider (they handle certificate chain validation)
const response = await fetch(`${this.config.providerUrl}/verify`, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
Authorization: `Bearer ${this.config.apiKey}`,
},
body: JSON.stringify({
signature: signature.signature,
certificate: signature.certificate,
timestamp: signature.timestamp.toISOString(),
}),
});
if (!response.ok) {
return false;
}
const result = (await response.json());
if (!result.valid) {
return false;
}
// Additional validation: Check certificate validity period
if (result.validityPeriod) {
const now = new Date();
const notBefore = new Date(result.validityPeriod.notBefore);
const notAfter = new Date(result.validityPeriod.notAfter);
if (now < notBefore || now > notAfter) {
return false; // Certificate expired or not yet valid
}
}
// Additional validation: Verify certificate chain if provided
if (result.certificateChain && result.certificateChain.length > 0) {
// In production, validate the full certificate chain
// This includes checking:
// 1. Each certificate in the chain is valid
// 2. Each certificate is signed by the next in the chain
// 3. The root certificate is trusted
// 4. No certificates are revoked
// For now, we trust the eIDAS provider's validation
// In a production environment, you might want to do additional
// client-side validation of the certificate chain
}
return true;
}
catch (error) {
// Log error in production
console.error('eIDAS signature verification failed:', error);
return false;
}
}
}
//# sourceMappingURL=eidas.js.map
Reference in New Issue View Git Blame Copy Permalink