feat: Refactor AppModule and Add Credential Management with Revocation Support #64
Conversation
| } | ||
| const { id: credentialDefinitionId, revocationSupported } = credentialType | ||
|
|
||
| const cred = await this.credentialRepository.findOne({ |
There was a problem hiding this comment.
Note that there is a chance that the user issued multiple credentials with the same refId (i.e. they didn't set revokeIfAlreadyIssued) and then they attempt to issue another credential with the same refId but using revokeIfAlreadyIssued = true, only the first credential found here will be revoked.
I think it would be safer to find all non-revoked issued credentials that match the refId and revoke/save them accordingly.
There was a problem hiding this comment.
fix: implement revocation for all non-revoked credentials
| } | ||
|
|
||
| // private methods | ||
| private async saveCredentialType( |
There was a problem hiding this comment.
I don't understand the meaning of this method: why does it save a credential type in the credential repository?
Why don't you simply name it createRevocationRegistry and call it only when appropriate (i.e. supportRevocation is true when creating credential type or the current revocation registry is full)?
There was a problem hiding this comment.
fix: updated to createRevocationRegistry
| return revocationRegistry | ||
| } | ||
|
|
||
| private refIdHash(refId: string): string { |
There was a problem hiding this comment.
The method itself seems to be a simple hash operation. What about making it general and simply call it hash(value: string)?
There was a problem hiding this comment.
fix: change name refIdHash by hash
| * @param threadId - The thread ID to link with the credential. | ||
| * @throws Error if no credential is found with the specified connection ID. | ||
| */ | ||
| async accept(connectionId: string, threadId: string): Promise<void> { |
There was a problem hiding this comment.
Now I understand why you called this service an events service in the beginning: accept and reject are user actions, so they are called by event handlers coming from the agent. Since they are not actions performed by us (such as credential issuance and revocation), they can be called `processAcceptance/processRejection' or 'handleAcceptance/handleRejection', showing that they are supposed to act as a result from an event coming from the DIDComm layer.
There was a problem hiding this comment.
fix: change name to handleAcceptance/handleRejection
| * @throws Error if no credential is found with the specified connection ID. | ||
| */ | ||
| async accept(connectionId: string, threadId: string): Promise<void> { | ||
| const cred = await this.credentialRepository.findOne({ |
There was a problem hiding this comment.
A problem I see here is that you are using connectionId to identify the credential the event is related to. This is not correct, since you can issue multiple credentials to a single DIDComm connection.
The proper way you should identify a credential is by its threadId. Therefore, these accept and reject methods should only receive the threadId.
You can find the threadId in the response of the Message endpoint (the id correspond to the threadId).
There was a problem hiding this comment.
fix: acept and reject only by thread
| if (!cred) throw new Error(`Credencial with connectionId ${connectionId} not found.`) | ||
|
|
||
| cred.threadId = threadId | ||
| cred.revoked = true |
There was a problem hiding this comment.
A rejection by the user does not mean that a credential has been revoked. Maybe you can create a status field for the credential entity that covers the entire life cycle of a credential: probably offered, accepted, rejected and revoked may be enough.
There was a problem hiding this comment.
fix: implement to CredentialStatus
| maximumCredentialNumber?: number | ||
| } = {}, | ||
| ) { | ||
| const { name = 'Chatbot', version = '1.0', supportRevocation, maximumCredentialNumber } = options |
There was a problem hiding this comment.
I don't think it is correct to leave name and version as optional fields.
There was a problem hiding this comment.
fix: remove name and version from optionals fields
| revocationRegistryIndex: undefined, | ||
| } | ||
| } | ||
| const invalidRegistries = await transaction.find(CredentialEntity, { |
There was a problem hiding this comment.
This logic is quite obscure to me. I don't think it will work.
I guess that somewhere (maybe another table/entity) you should keep track of the current revocation registry and index for each credential definition, and use that as the source of truth to assign the revocation registry/index of each issued credential, and tell if it is needed to create a new revocation registry or not.
There was a problem hiding this comment.
feat: Creation of the RevocationRegistryEntity for managing revocation records.
Please review this last change with special care. The RevocationRegistryEntity was created, and during its implementation, it was detected that the threadId returned by the CredentialIssuanceMessage was not being properly handled by the SA. As a solution, GenericRecords was used to retrieve it. Additionally, as you mentioned, the handling of credentials has been improved by dividing the entities.
Co-authored-by: Ariel Gentile <gentilester@gmail.com>
Signed-off-by: Ariel Gentile <gentilester@gmail.com>
| import { Entity, Column, PrimaryGeneratedColumn, CreateDateColumn, UpdateDateColumn } from 'typeorm' | ||
|
|
||
| @Entity('revocation_registries') | ||
| export class RevocationRegistryEntity { |
There was a problem hiding this comment.
Add credentialDefinitionId
| revocationDefinitionId!: string | ||
|
|
||
| @Column({ type: 'integer', nullable: false, default: 0 }) | ||
| revocationRegistryIndex!: number |
There was a problem hiding this comment.
| revocationRegistryIndex!: number | |
| currentIndex!: number |
There was a problem hiding this comment.
fix: implemented currentIndex
| id!: string | ||
|
|
||
| @Column({ type: 'varchar', nullable: false }) | ||
| credentialDefinitionId!: string |
There was a problem hiding this comment.
add revocationRegistryIndex
There was a problem hiding this comment.
fix: add credentialDefinitionId to revocation registry entity
| }) | ||
| } | ||
| let lastCred = await transaction | ||
| .createQueryBuilder(RevocationRegistryEntity, 'registry') |
There was a problem hiding this comment.
add credentialDefinitionId to the filter
Summary
Flow:
Create a Credential
Rejection
Acceptance
Revocation
Additional Constraints:
0to the maximum value minus 1 (-1).1to the maximum value fail.Changes
AppModuleof thenestjs-clientmodule. This was necessary because the original main module was not optimized for the recurrent use of variables, requiring multiple instantiations of the same variables. Modifying theAppModuleand the configuration approach avoided redundancy when the module is instantiated. Compatibility with individual configurations was maintained.nestjs-clientmodule. The methods are controlled through the library, allowing for handling rejections and revocations as well.demo-dts. As observed, the configuration required for complete credential management is minimal.Related Issues
Testing
Checklist