Initialize verifier repo. (#1)

For open source.

Dockerfile

@@ -0,0 +1,61 @@
+# Copyright 2024 Circle Internet Financial, LTD.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+ARG BASE_IMAGE=514563129364.dkr.ecr.us-east-1.amazonaws.com/circle-base/node:16.14.0-alpine
+
+# Build
+FROM ${BASE_IMAGE} AS build
+ARG IS_DEV
+ARG CHAIN_ID
+ARG REGISTRY_ADDRESS
+ARG VERIFIER_PRIVATE_KEY
+
+WORKDIR /verifier
+
+# clean install npm before copying code
+COPY ./package-lock.json ./
+COPY ./package.json ./
+RUN npm ci
+
+# copy everything
+COPY ./docker /
+COPY . .
+
+RUN npm run build -w verifier
+
+# Production Image
+FROM ${BASE_IMAGE}
+
+WORKDIR /verifier
+
+RUN addgroup -g 9999 circle \
+  && adduser circle circle
+
+COPY --from=build /usr/local/circle /usr/local/circle
+COPY --from=build /verifier/node_modules ./node_modules
+COPY --from=build /verifier/package.json ./package.json
+COPY --from=build /verifier/packages/verifier/dist ./packages/verifier/dist
+COPY --from=build /verifier/packages/verifier/prisma ./packages/verifier/prisma
+COPY --from=build /verifier/packages/verifier/package.json ./packages/verifier/package.json
+COPY --from=build /verifier/packages/verifier/node_modules ./packages/verifier/node_modules
+
+USER circle
+
+# Disable npm registry for environments with restricted internet access.
+# npm fails to run if it can't contact its configured registry
+RUN echo "registry=http://none" > /home/circle/.npmrc
+
+CMD [ "/usr/local/circle/start.sh" ]

Makefile

@@ -0,0 +1,15 @@
+# Makefile used to do helm and terraform operations.  To enable locally, create
+# a symlink to your local clones of
+# https://github.com/circlefin/circle-helm-charts and
+# https://github.com/circlefin/circle-terraform:
+#     # run in root of repo
+#     $ ln -s ../circle-helm-charts
+#     $ ln -s ../circle-terraform
+HELM_APP_DIR=./verity-verifier
+HELM_RELEASE=verity-verifier-${TERRA_WORKSPACE}
+HELM_NAMESPACE=verity
+DB_SECRET_BASE=verity-verifier
+
+# Inherit targets from common libs
+-include ./circle-helm-charts/common/*.mk
+-include ./circle-terraform/common/terraform.mk

README.md

@@ -1 +1,136 @@
-# verifier
+# Verification Service
+
+Verification API service in accordance with the Verite Smart Contract Patterns as designed by Centre.
+
+## Install Dependencies
+
+Install Node through nvm. We should use the node version that matches the docker container in production boxes.
+
+```bash
+brew install nvm;
+nvm install v14.20.0;
+nvm use v14.20.0
+````
+
+Upgrade `npm`:
+
+`npm install -g npm --force`
+
+Start the dependencies including the database:
+
+`./docker-dependencies.sh`
+
+Migrate the database:
+
+`./rebuild-db.sh`
+
+## Server local setup
+
+This repository is organized as a mono-repo, using [npm workspaces](https://docs.npmjs.com/cli/v7/using-npm/workspaces) (which requires npm v7 or greater).
+As such, the dependencies for all included packages are installed from the root level using npm install. Do not run npm install from a package's directory.
+
+### For running verifier server only
+This will only run the verifier server.
+
+##### Install dependencies
+From the root of the monorepo, run:
+```sh
+npm install -w verifier
+```
+
+If there is database schema changes, the following command is also needed in order to let Prisma to  generate codes:
+```sh
+npm run build -w verifier
+```
+
+##### Local Development
+Start the server through `nodemon` which will auto-compile + rerun upon changes:
+```sh
+npm run dev -w verifier
+```
+
+##### Production
+Compile the Javascript files and start the server from the Javascript files:
+```sh
+npm run build -w verifier
+npm start -w verifier
+```
+
+##### Testing
+```sh
+npm test -w verifier
+```
+
+## For running the full stack
+This will run all the services under the `packages` folder including starting local blockchain.
+
+##### Setup and install dependencies
+From the root of the monorepo, run:
+```sh
+npm run setup
+```
+
+This `setup` command only needs to be run once when the project is first being set up.
+
+##### Local Development
+
+```sh
+npm run dev
+```
+
+##### Production
+
+```sh
+npm run build
+npm start
+```
+
+##### Testing
+
+```sh
+npm test
+```
+
+## E2E Examples
+
+The Verite Verifier is simply a verifier. At minimum, demos should demonstrate verification of an already issued credential and finally demonstrate that it could be used on chain with a minimal contract. Consequently, this project does not include an issuer or identity wallet. Instead, e2e demos create and present credentials as needed. Additionally, contracts are designed to demonstrate the verification behavior, without any particular utility.
+
+There are automated tests demonstrating the behaviors of the service end-to-end across both [Ethereum](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum) and [Solana](https://github.com/circlefin/verity-verifier/tree/master/packages/solana) blockchains. These projects' test cases include VerificationResults and signatures generated from the verifier to demonstrate end-to-end success.
+
+Additionally, we have provided several additional examples of end-to-end behavior. These include 1) an [end-to-end example of issuance and verification using generic JWT libraries](https://github.com/circlefin/verity-verifier/tree/master/packages/examples), which can be used to port these behvaiors to other languages such as Java or Python, 2) documentation for how to [replace the Verite reference project's verifier with Circle's](https://github.com/circlefin/verity-verifier/blob/master/docs/integrating_with_centre.md), and and finally 3) a [sample ethereum dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum-dapp) and [sample Solana dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/solana-dapp) that demonstrates E2E the behavior across both blockchains.
+
+## E2E Examples using standard JWTs
+
+The Verite project uses [did-jwt-vc](https://github.com/decentralized-identity/did-jwt-vc) to create VCs and VPs as JWTs. While this library is very useful, other implementations might not be written in javascript or may wish to implement their own solution.
+
+We have provided end-to-end examples using standard JWT libaries so teams can easily recreate the expected behaviors. An end-to-end example, which simulates an Issuer and performs verification, is located in [./packages/examples](https://github.com/circlefin/verity-verifier/tree/master/packages/examples).
+
+## E2E Examples
+
+The project includes several end-to-end examples. First, there are two end-to-end examples featuring a Dapp that interacts with the verifier, one for Ethereum and another for Solana. These demos feature the verifier and a minimal implementation of the verification registry using a mocked out issuer and wallet. Additionally, the project includes instructions for how to integrate the verifier with the demos found in the [Verite project](https://github.com/centrehq/verite). Integration with the verite project demonstrates full end-to-end behavior of the Circle Verifier in combination with an issuer, mobile wallet, dapp, and a smart contract. Finally, end-to-end behavior of the Circle Verifier is demonstrated using node. The node scripts specifically demonstrate how both an issuer and verifier can encode Verifiable Credentials and Verifiable Presentations to conform to the Verite spec without using specialized libraries such as did-jwt-vc. This example should be sufficient documentation if attempting to implement these demos in another language or framework, such as Java.
+
+1. Example [Ethereum Dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum-dapp) that uses a locally deployed [Ethereum contract](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum) to demonstrate e2e acceptance of the project on the Ethereum blockchain.
+1. Example [Solana Dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/solana-dapp) that uses a locally deployed [Solana contract](https://github.com/circlefin/verity-verifier/tree/master/packages/solana) to demonstrate e2e acceptance of the project on the Solana blockchain.
+1. [Integrating with Centre's Open Source Verite Project](https://github.com/circlefin/verity-verifier/blob/master/docs/integrating_with_centre.md) documentation demonstrates how the Circle Verifier can be easily replaced within a complete ecosystem. Using Verite's issuer, wallet, dapp, and contract -- we demonstrate that the verifier can be easily substituted for the Circle implementation. This demonstrates e2e acceptance of the project on the Ethereum blockchain.
+1. [Node Examples](https://github.com/circlefin/verity-verifier/tree/master/packages/examples) that exercise the Circle Verifier while also demonstrating how to encode a Verifiable Credential and Verifiable Presentation JWTs without using a specialized library.
+
+## Packages
+
+This library is organized into several packages, located in the `packages` directory.
+
+| package                                                                                          | description                                        |
+| ------------------------------------------------------------------------------------------------ | -------------------------------------------------- |
+| [verifier](https://github.com/circlefin/verity-verifier/tree/master/packages/verifier)           | Verification Service API                           |
+| [ethereum](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum)           | Ethereum Contract                                  |
+| [ethereum-dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/ethereum-dapp) | Ethereum E2E Demo                                  |
+| [solana](https://github.com/circlefin/verity-verifier/tree/master/packages/solana)               | Solana Program                                     |
+| [solana-dapp](https://github.com/circlefin/verity-verifier/tree/master/packages/solana-dapp)     | Solana E2E Demo                                    |
+| [examples](https://github.com/circlefin/verity-verifier/tree/master/packages/examples)           | Example code for interacting with the Verifier API |
+
+## API Documentation
+
+See [docs/API.md](https://github.com/circlefin/verity-verifier/tree/master/docs/API.md)
+
+## Integrating with Centre Verite open-source
+
+See [docs/integrating_with_centre.md](https://github.com/circlefin/verity-verifier/tree/master/docs/integrating_with_centre.md)

SECURITY.md

@@ -0,0 +1,4 @@
+# Security Policy
+
+## Reporting a Vulnerability
+Please do not file public issues on Github for security vulnerabilities. All security vulnerabilities should be reported to Circle privately, through Circle's [Vulnerability Disclosure Program](https://hackerone.com/circle). Please read through the program policy before submitting a report.

bin/setup

@@ -0,0 +1,12 @@
+#!/usr/bin/env sh
+
+# This script sets up the local environment for development. It is safe to
+# run this script multiple times.  This should be run when you first check
+# out the project.
+
+# Install dependencies
+echo "Installing dependencies..."
+npm install
+
+# Run setup on all workspaces
+npm run setup --workspaces --if-present

docker-compose.yml

@@ -0,0 +1,79 @@
+# Copyright 2024 Circle Internet Financial, LTD.  All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+version: "2.3"
+
+services:
+  verity-verifier-build:
+    image: verity-verifier-build
+    build:
+      context: .
+      target: build
+  verity-verifier:
+    image: verity-verifier
+    build:
+      context: .
+    environment:
+      DB_HOST: postgres
+      PORT: "3000"
+      HOST: "http://localhost:3000"
+      NODE_ENV: "development"
+    env_file:
+      - ./packages/verifier/.env
+    ports:
+      - 3000:3000
+    command: "/usr/local/circle/start.sh"
+    depends_on:
+      postgres:
+        condition: service_healthy
+  migrations:
+    image: verity-verifier-build
+    environment:
+      DB_HOST: postgres
+      MIGRATE_DB_USER: &miguser dba
+      MIGRATE_DB_PASSWORD: &migpass "T3ndren!!"
+    env_file:
+      - ./packages/verifier/.env
+    command: "/usr/local/circle/migrate.sh"
+    depends_on:
+      postgres:
+        condition: service_healthy
+  test:
+    image: verity-verifier-build
+    environment:
+      DB_HOST: postgres
+    env_file:
+      - ./packages/verifier/.env
+    command: "/usr/local/circle/test.sh"
+    depends_on:
+      migrations:
+        condition: service_started
+      postgres:
+        condition: service_healthy
+  postgres:
+    image: "514563129364.dkr.ecr.us-east-1.amazonaws.com/circle-dockerhub/postgres:14-latest"
+    environment:
+      POSTGRES_PASSWORD: *migpass
+      POSTGRES_USER: *miguser
+      POSTGRES_DB: postgres
+      PGDATA: "/tmp/postgres/data"
+    ports:
+      - "5432:5432"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready"]
+      interval: 30s
+      timeout: 30s
+      retries: 5

docker-delete-containers.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+# Copyright (c) 2023, Circle Internet Financial Trading Company Limited.
+# All rights reserved.
+#
+# Circle Internet Financial Trading Company Limited CONFIDENTIAL
+#
+# This file includes unpublished proprietary source code of Circle Internet
+# Financial Trading Company Limited, Inc. The copyright notice above does not
+# evidence any actual or intended publication of such source code. Disclosure
+# of this source code or any related proprietary information is strictly
+# prohibited without the express written permission of Circle Internet Financial
+# Trading Company Limited.
+
+# configuration for the stop script
+DOCROOT="$( cd "$( dirname "$0" )" && pwd )"
+
+docker-compose -f ${DOCROOT}/docker-compose.yml down

docker-dependencies.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+# Copyright (c) 2022, Circle Internet Financial Trading Company Limited.
+# All rights reserved.
+#
+# Circle Internet Financial Trading Company Limited CONFIDENTIAL
+#
+# This file includes unpublished proprietary source code of Circle Internet
+# Financial Trading Company Limited, Inc. The copyright notice above does not
+# evidence any actual or intended publication of such source code. Disclosure
+# of this source code or any related proprietary information is strictly
+# prohibited without the express written permission of Circle Internet Financial
+# Trading Company Limited.
+
+DOC_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+export APP_ENV=${APP_ENV:-dev}
+# set suffix to username if it does not exist
+USER_ID=$(id -u -n | sed 's/\./_/g')
+export SUFFIX=${SUFFIX:-"_${USER_ID}"}
+
+echo "APP_ENV is set to: ${APP_ENV} SUFFIX is: ${SUFFIX}"
+
+# Start dependencies
+docker-compose -f "${DOC_ROOT}/docker-compose.yml" up -d postgres
+
+# healthcheck
+COUNT=20
+check_health() {
+  CONTAINER=$(docker-compose ps -q "$1")
+  for ((i = 1; i <= COUNT; i++)); do
+
+    RESULT=$(docker ps -q --filter health=healthy --filter id="${CONTAINER}" | wc -l)
+    if [[ ${RESULT} -eq 1 ]]; then
+      echo -e "${1} healthy!!!\n"
+      break
+    else
+      echo "${1} not healthy.  Attempt $i of ${COUNT}. Retrying in 10 seconds."
+      if [[ "${i}" != "${COUNT}" ]]; then
+        sleep 10
+      fi
+    fi
+
+    if [[ "$i" == "${COUNT}" ]]; then
+      echo -e "ERROR: $1 not healthy after ${COUNT} attempts. Aborting"
+      docker-compose logs "$1"
+      exit 1
+    fi
+  done
+}
+
+check_health postgres
+
+echo "Successfully started dependency docker containers!"