Merge pull request #8 from Bhutan-NDI/develop

Deploy synced codebase to ngotag DEV
Bhutan-NDI · May 6, 2024 · b6a525c · b6a525c
2 parents d4dc1bc + 7127ade
commit b6a525c
Show file tree

Hide file tree

Showing 43 changed files with 450 additions and 154 deletions.
diff --git a/apps/api-gateway/src/connection/dtos/connection.dto.ts b/apps/api-gateway/src/connection/dtos/connection.dto.ts
@@ -3,6 +3,7 @@ import { ArrayNotEmpty, IsArray, IsBoolean, IsNotEmpty, IsNumber, IsOptional, Is
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import { Type } from 'class-transformer';
 import { HandshakeProtocol } from '../enums/connections.enum';
+import { IsNotSQLInjection } from '@credebl/common/cast.helper';
 
 export class CreateOutOfBandConnectionInvitation {
         @ApiPropertyOptional()
@@ -58,6 +59,12 @@ export class CreateOutOfBandConnectionInvitation {
         @IsOptional()
         @IsNotEmpty({ message: 'Please provide recipientKey' })
         recipientKey: string;
+
+        @ApiPropertyOptional()
+        @IsString()
+        @IsOptional()
+        @IsNotEmpty({ message: 'Please provide invitation did' })
+        invitationDid?: string;
 
         orgId;
 }
@@ -67,12 +74,14 @@ export class CreateConnectionDto {
     @IsOptional()
     @IsString({ message: 'alias must be a string' })
     @IsNotEmpty({ message: 'please provide valid alias' })
+    @IsNotSQLInjection({ message: 'alias is required.' })
     alias: string;
 
     @ApiPropertyOptional()
     @IsOptional()
     @IsString({ message: 'label must be a string' })
     @IsNotEmpty({ message: 'please provide valid label' })
+    @IsNotSQLInjection({ message: 'label is required.' })
     label: string;
 
     @ApiPropertyOptional()
@@ -125,6 +134,12 @@ export class CreateConnectionDto {
     @IsOptional()
     @IsNotEmpty({ message: 'Please provide recipientKey' })
     recipientKey: string;
+
+    @ApiPropertyOptional()
+    @IsString()
+    @IsOptional()
+    @IsNotEmpty({ message: 'Please provide invitation did' })
+    invitationDid?: string;
 }
 
 export class ConnectionDto {

diff --git a/apps/api-gateway/src/credential-definition/dto/get-all-platform-cred-defs.dto.ts b/apps/api-gateway/src/credential-definition/dto/get-all-platform-cred-defs.dto.ts
@@ -0,0 +1,30 @@
+import { trim } from '@credebl/common/cast.helper';
+import { PaginationDto } from '@credebl/common/dtos/pagination.dto';
+import { CredDefSortFields, SortValue } from '@credebl/enum/enum';
+import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
+import { Transform } from 'class-transformer';
+import { IsEnum, IsOptional, IsUUID } from 'class-validator';
+
+export class GetAllPlatformCredDefsDto extends PaginationDto {
+
+    @ApiProperty({ example: '1a7eac11-ff05-40d7-8351-4d7467687cad'})
+    @Transform(({ value }) => trim(value))
+    @ApiPropertyOptional()
+    @IsOptional()
+    @IsUUID('4', { message: 'Invalid format of ledgerId' })
+    ledgerId: string;
+
+    @ApiProperty({
+        required: false
+    })
+    @Transform(({ value }) => trim(value))
+    @IsOptional()
+    @IsEnum(CredDefSortFields)
+    sortField: string = CredDefSortFields.CREATED_DATE_TIME;
+
+    @ApiProperty({ required: false })
+    @Transform(({ value }) => trim(value))
+    @IsOptional()
+    sortBy: string = SortValue.DESC;  
+
+}
diff --git a/apps/api-gateway/src/dtos/create-schema.dto.ts b/apps/api-gateway/src/dtos/create-schema.dto.ts
@@ -2,7 +2,7 @@ import { ArrayMinSize, IsArray, IsBoolean, IsNotEmpty, IsOptional, IsString, Val
 
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
 import { Transform, Type } from 'class-transformer';
-import { trim } from '@credebl/common/cast.helper';
+import { IsNotSQLInjection, trim } from '@credebl/common/cast.helper';
 
 class AttributeValue {
 
@@ -41,6 +41,7 @@ export class CreateSchemaDto {
     @IsString({ message: 'schemaName must be a string' })
     @Transform(({ value }) => trim(value))
     @IsNotEmpty({ message: 'schemaName is required' })
+    @IsNotSQLInjection({ message: 'SchemaName is required.' })
     schemaName: string;
 
     @ApiProperty({

diff --git a/apps/api-gateway/src/ecosystem/dtos/create-ecosystem-dto.ts b/apps/api-gateway/src/ecosystem/dtos/create-ecosystem-dto.ts
@@ -2,7 +2,7 @@ import { ApiExtraModels, ApiProperty, ApiPropertyOptional } from '@nestjs/swagge
 import { IsBoolean, IsNotEmpty, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
 
 import { Transform, Type } from 'class-transformer';
-import { trim } from '@credebl/common/cast.helper';
+import { IsNotSQLInjection, trim } from '@credebl/common/cast.helper';
 
 @ApiExtraModels()
 export class CreateEcosystemDto {
@@ -13,6 +13,7 @@ export class CreateEcosystemDto {
     @MinLength(2, { message: 'Ecosystem name must be at least 2 characters.' })
     @MaxLength(50, { message: 'Ecosystem name must be at most 50 characters.' })
     @IsString({ message: 'Ecosystem name must be in string format.' })
+    @IsNotSQLInjection({ message: 'Ecosystem name is required.' })
     name: string;
 
     @ApiProperty()

diff --git a/apps/api-gateway/src/ecosystem/dtos/edit-ecosystem-dto.ts b/apps/api-gateway/src/ecosystem/dtos/edit-ecosystem-dto.ts
@@ -2,7 +2,7 @@ import { ApiExtraModels, ApiPropertyOptional } from '@nestjs/swagger';
 import { IsBoolean, IsNotEmpty, IsOptional, IsString, MaxLength, MinLength } from 'class-validator';
 
 import { Transform } from 'class-transformer';
-import { trim } from '@credebl/common/cast.helper';
+import { IsNotSQLInjection, trim } from '@credebl/common/cast.helper';
 
 @ApiExtraModels()
 export class EditEcosystemDto {
@@ -13,6 +13,7 @@ export class EditEcosystemDto {
     @MinLength(2, { message: 'Ecosystem name must be at least 2 characters.' })
     @MaxLength(50, { message: 'Ecosystem name must be at most 50 characters.' })
     @IsString({ message: 'Ecosystem name must be in string format.' })
+    @IsNotSQLInjection({ message: 'Ecosystem name is required.' })
     name?: string;
 
     @ApiPropertyOptional()

diff --git a/apps/api-gateway/src/issuance/dtos/issuance.dto.ts b/apps/api-gateway/src/issuance/dtos/issuance.dto.ts
@@ -1,7 +1,7 @@
 /* eslint-disable @typescript-eslint/array-type */
 
 import { ApiProperty, ApiPropertyOptional } from '@nestjs/swagger';
-import { ArrayMaxSize, ArrayMinSize, IsArray, IsBoolean, IsDefined, IsEmail, IsEnum, IsNotEmpty, IsObject, IsOptional, IsString, MaxLength, ValidateIf, ValidateNested } from 'class-validator';
+import { ArrayMaxSize, ArrayMinSize, IsArray, IsBoolean, IsDefined, IsEmail, IsEnum, IsNotEmpty, IsObject, IsOptional, IsString, MaxLength, ValidateNested } from 'class-validator';
 import { IsCredentialJsonLdContext, SingleOrArray } from '../utils/helper';
 import { IssueCredentialType, JsonLdCredentialDetailCredentialStatusOptions, JsonLdCredentialDetailOptionsOptions, JsonObject } from '../interfaces';
 import { Transform, Type } from 'class-transformer';
@@ -125,11 +125,11 @@ export class Attribute {
 
 }
 export class CredentialsIssuanceDto {
-    @ValidateIf((obj) => obj.credentialType === IssueCredentialType.INDY)
     @ApiProperty({ example: 'string' })
     @IsNotEmpty({ message: 'Credential definition Id is required' })
     @IsString({ message: 'Credential definition id should be string' })
     @Transform(({ value }) => value.trim())
+    @IsOptional()
     credentialDefinitionId?: string;
 
     @ApiProperty({ example: 'string' })

diff --git a/apps/api-gateway/src/issuance/dtos/multi-connection.dto.ts b/apps/api-gateway/src/issuance/dtos/multi-connection.dto.ts
@@ -13,12 +13,12 @@ class ConnectionAttributes {
     connectionId: string;
 
     @ApiProperty({
-        example: [
-            {
-                value: 'string',
-                name: 'string'
-            }
-        ]
+      example: [
+        {
+          value: 'string',
+          name: 'string'
+        }
+      ]
     })
     @IsArray()
     @ValidateNested({ each: true })
@@ -28,6 +28,7 @@ class ConnectionAttributes {
     @IsOptional()
     attributes?: Attribute[];
 
+    @ApiProperty()
     @IsNotEmpty({ message: 'Please provide valid credential' })
     @IsObject({ message: 'credential should be an object' })
     @Type(() => Credential)
@@ -36,11 +37,11 @@ class ConnectionAttributes {
     credential?: Credential;
 
     @ApiProperty()
-    @IsOptional()
     @IsNotEmpty({ message: 'Please provide valid options' })
     @IsObject({ message: 'options should be an object' })
-    @ValidateNested({ each: true })
     @Type(() => JsonLdCredentialDetailOptions)
+    @IsOptional()
+    @ValidateNested({ each: true })
     options?:JsonLdCredentialDetailOptions;
 }
 

diff --git a/apps/api-gateway/src/issuance/issuance.controller.ts b/apps/api-gateway/src/issuance/issuance.controller.ts
@@ -534,17 +534,26 @@ export class IssuanceController {
     issueCredentialDto.credentialType = credentialType;
 
     const credOffer = issueCredentialDto?.credentialData || [];
-    if (IssueCredentialType.INDY !== credentialType &&  IssueCredentialType.JSONLD !== credentialType) {
+
+    if (IssueCredentialType.INDY !== credentialType && IssueCredentialType.JSONLD !== credentialType) {
       throw new NotFoundException(ResponseMessages.issuance.error.invalidCredentialType);
-}
-    if (issueCredentialDto.credentialType === IssueCredentialType.JSONLD   && credOffer.every(offer => (!offer?.credential || 0 === Object.keys(offer?.credential).length))) {
+    }
+
+    if (credentialType === IssueCredentialType.INDY && !issueCredentialDto.credentialDefinitionId) {
+        throw new BadRequestException(ResponseMessages.credentialDefinition.error.isRequired);
+    }
+
+    if (issueCredentialDto.credentialType !== IssueCredentialType.INDY && !credOffer.every(offer => (!offer?.attributes || 0 === Object.keys(offer?.attributes).length))) {
+      throw new BadRequestException(ResponseMessages.issuance.error.attributesAreRequired);
+    }
+
+    if (issueCredentialDto.credentialType === IssueCredentialType.JSONLD && credOffer.every(offer => (!offer?.credential || 0 === Object.keys(offer?.credential).length))) {
       throw new BadRequestException(ResponseMessages.issuance.error.credentialNotPresent);
     }
 
-    if (issueCredentialDto.credentialType   ===  IssueCredentialType.JSONLD && credOffer.every(offer => (!offer?.options || 0 === Object.keys(offer?.options).length))) {
+    if (issueCredentialDto.credentialType ===  IssueCredentialType.JSONLD && credOffer.every(offer => (!offer?.options || 0 === Object.keys(offer?.options).length))) {
       throw new BadRequestException(ResponseMessages.issuance.error.optionsNotPresent);
     }
-
     const getCredentialDetails = await this.issueCredentialService.sendCredentialCreateOffer(issueCredentialDto, user);
 
     const finalResponse: IResponse = {

diff --git a/apps/api-gateway/src/main.ts b/apps/api-gateway/src/main.ts
@@ -15,9 +15,11 @@ import { NodeEnvironment } from '@credebl/enum/enum';
 dotenv.config();
 
 async function bootstrap(): Promise<void> {
-
   const app = await NestFactory.create(AppModule, {
-    logger: NodeEnvironment.PRODUCTION !== process.env.PLATFORM_PROFILE_MODE ? ['log', 'debug', 'error', 'verbose', 'warn'] : ['error', 'warn']
+    logger:
+      NodeEnvironment.PRODUCTION !== process.env.PLATFORM_PROFILE_MODE
+        ? ['log', 'debug', 'error', 'verbose', 'warn']
+        : ['error', 'warn']
   });
 
   app.connectMicroservice<MicroserviceOptions>({
@@ -30,6 +32,18 @@ async function bootstrap(): Promise<void> {
   app.use(express.json({ limit: '50mb' }));
   app.use(express.urlencoded({ limit: '50mb' }));
 
+  app.use(function (req, res, next) {
+    let err = null;
+    try {
+      decodeURIComponent(req.path);
+    } catch (e) {
+      err = e;
+    }
+    if (err) {
+      return res.status(500).json({ message: 'Invalid URL' });
+    }
+    next();
+  });
 
   const options = new DocumentBuilder()
     .setTitle(`${process.env.PLATFORM_NAME}`)
@@ -68,11 +82,12 @@ async function bootstrap(): Promise<void> {
   app.use(express.static('uploadedFiles/bulk-verification-templates'));
   app.use(express.static('uploadedFiles/import'));
   app.useGlobalPipes(new ValidationPipe({ whitelist: true, transform: true }));
-  app.use(helmet({
-    xssFilter: true
-  }));
+  app.use(
+    helmet({
+      xssFilter: true
+    })
+  );
   await app.listen(process.env.API_GATEWAY_PORT, `${process.env.API_GATEWAY_HOST}`);
   Logger.log(`API Gateway is listening on port ${process.env.API_GATEWAY_PORT}`);
 }
 bootstrap();
-
diff --git a/apps/api-gateway/src/organization/dtos/create-organization-dto.ts b/apps/api-gateway/src/organization/dtos/create-organization-dto.ts
@@ -2,7 +2,7 @@ import { ApiExtraModels, ApiProperty, ApiPropertyOptional } from '@nestjs/swagge
 import { IsNotEmpty, IsOptional, IsString, IsUrl, MaxLength, MinLength } from 'class-validator';
 
 import { Transform } from 'class-transformer';
-import { trim } from '@credebl/common/cast.helper';
+import { IsNotSQLInjection, trim } from '@credebl/common/cast.helper';
 
 @ApiExtraModels()
 export class CreateOrganizationDto {
@@ -13,6 +13,7 @@ export class CreateOrganizationDto {
     @MinLength(2, { message: 'Organization name must be at least 2 characters.' })
     @MaxLength(50, { message: 'Organization name must be at most 50 characters.' })
     @IsString({ message: 'Organization name must be in string format.' })
+    @IsNotSQLInjection({ message: 'Organization name is required.' })
     name: string;
 
     @ApiPropertyOptional()

diff --git a/apps/api-gateway/src/organization/dtos/update-organization-dto.ts b/apps/api-gateway/src/organization/dtos/update-organization-dto.ts
@@ -1,8 +1,8 @@
 import { ApiExtraModels, ApiPropertyOptional } from '@nestjs/swagger';
-import { IsNotEmpty, IsOptional, IsString, IsBoolean, MaxLength, MinLength } from 'class-validator';
+import { IsNotEmpty, IsOptional, IsString, IsBoolean, MaxLength, MinLength, Validate } from 'class-validator';
 
 import { Transform } from 'class-transformer';
-import { trim } from '@credebl/common/cast.helper';
+import { ImageBase64Validator, trim } from '@credebl/common/cast.helper';
 
 @ApiExtraModels()
 export class UpdateOrganizationDto {
@@ -31,7 +31,7 @@ export class UpdateOrganizationDto {
     @ApiPropertyOptional()
     @IsOptional()
     @Transform(({ value }) => trim(value))
-    @IsString({ message: 'logo must be in string format.' })
+    @Validate(ImageBase64Validator)
     logo?: string = '';
 
     @ApiPropertyOptional()

diff --git a/apps/api-gateway/src/organization/organization.controller.ts b/apps/api-gateway/src/organization/organization.controller.ts
@@ -1,6 +1,6 @@
 import { ApiBearerAuth, ApiExcludeEndpoint, ApiForbiddenResponse, ApiOperation, ApiParam, ApiQuery, ApiResponse, ApiTags, ApiUnauthorizedResponse } from '@nestjs/swagger';
 import { CommonService } from '@credebl/common';
-import { Controller, Get, Put, Param, UseGuards, UseFilters, Post, Body, Res, HttpStatus, Query, Delete, ParseUUIDPipe, BadRequestException } from '@nestjs/common';
+import { Controller, Get, Put, Param, UseGuards, UseFilters, Post, Body, Res, HttpStatus, Query, Delete, ParseUUIDPipe, BadRequestException, ValidationPipe, UsePipes } from '@nestjs/common';
 import { OrganizationService } from './organization.service';
 import { CreateOrganizationDto } from './dtos/create-organization-dto';
 import  IResponse from '@credebl/common/interfaces/response.interface';
@@ -499,8 +499,12 @@ export class OrganizationController {
   @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: ApiResponseDto })
   @ApiBearerAuth()
   @Roles(OrgRoles.OWNER, OrgRoles.ADMIN)
+  @ApiParam({
+    name: 'orgId'
+  })
   @UseGuards(AuthGuard('jwt'), OrgRolesGuard, UserAccessGuard)
-  async updateOrganization(@Body() updateOrgDto: UpdateOrganizationDto, @Param('orgId') orgId: string, @Res() res: Response, @User() reqUser: user): Promise<Response> {
+  @UsePipes(new ValidationPipe())
+  async updateOrganization(@Body() updateOrgDto: UpdateOrganizationDto, @Param('orgId', new ParseUUIDPipe({exceptionFactory: (): Error => { throw new BadRequestException(`Invalid format for orgId`); }})) orgId: string, @Res() res: Response, @User() reqUser: user): Promise<Response> {
 
     updateOrgDto.orgId = orgId;
     await this.organizationService.updateOrganization(updateOrgDto, reqUser.id, orgId);

diff --git a/apps/api-gateway/src/platform/platform.controller.ts b/apps/api-gateway/src/platform/platform.controller.ts
@@ -12,7 +12,8 @@ import { ResponseMessages } from '@credebl/common/response-messages';
 import { CustomExceptionFilter } from 'apps/api-gateway/common/exception-handler';
 import { AuthGuard } from '@nestjs/passport';
 import * as QRCode from 'qrcode';
-import { SortFields } from '@credebl/enum/enum';
+import { CredDefSortFields, SortFields } from '@credebl/enum/enum';
+import { GetAllPlatformCredDefsDto } from '../credential-definition/dto/get-all-platform-cred-defs.dto';
 
 @Controller('')
 @UseFilters(CustomExceptionFilter)
@@ -58,6 +59,36 @@ export class PlatformController {
         return res.status(HttpStatus.OK).json(finalResponse);
     }
 
+
+    @Get('/platform/cred-defs')
+    @ApiTags('credential-definitions')
+    @ApiOperation({
+        summary: 'Get all credential-definitions from platform.',
+        description: 'Get all credential-definitions list from platform.'
+    })
+    @ApiQuery({
+        name: 'sortField',
+        enum: CredDefSortFields,
+        required: false
+      })    
+    @ApiBearerAuth()
+    @UseGuards(AuthGuard('jwt'))
+    @ApiResponse({ status: HttpStatus.OK, description: 'Success', type: ApiResponseDto })
+    async getAllCredDefs(
+        @Query() getAllPlatformCredDefs: GetAllPlatformCredDefsDto,
+        @Res() res: Response,
+        @User() user: IUserRequestInterface
+    ): Promise<Response> {
+        const schemasResponse = await this.platformService.getAllPlatformCredDefs(getAllPlatformCredDefs, user);
+        const finalResponse: IResponse = {
+            statusCode: HttpStatus.OK,
+            message: ResponseMessages.credentialDefinition.success.fetch,
+            data: schemasResponse
+        };
+        return res.status(HttpStatus.OK).json(finalResponse);
+    }
+
+
     @Get('/platform/ledgers')
     @ApiTags('ledgers')
     @ApiOperation({