feat: implement the encrypted storage plugin

Signed-off-by: Nam Hoang <hoangxuannam160493@gmail.com>

packages/cli/package.json

@@ -44,6 +44,7 @@
     "@vckit/remote-server": "^1.0.0-beta.5",
     "@vckit/renderer": "^1.0.0-beta.5",
     "@vckit/vc-api": "workspace:1.0.0-beta.5",
+    "@vckit/encrypted-storage": "workspace:*",
     "@veramo/core": "5.2.0",
     "@veramo/credential-eip712": "5.2.0",
     "@veramo/credential-ld": "5.2.0",

packages/core-types/package.json

@@ -28,7 +28,8 @@
       "ICredentialStatus": "./src/types/ICredentialStatus.ts",
       "ICredentialStatusVerifier": "./src/types/ICredentialStatusVerifier.ts",
       "ICredentialStatusManager": "./src/types/ICredentialStatusManager.ts",
-      "IRenderer": "./src/types/IRender.ts"
+      "IRenderer": "./src/types/IRender.ts",
+      "IEncryptedStorage": "./src/types/IEncryptedStorage.ts"
     }
   },
   "dependencies": {

packages/core-types/src/index.ts

@@ -5,27 +5,28 @@
  *
  * @packageDocumentation
  */
-export { CoreEvents } from './coreEvents.js'
-export * from './agent.js'
-export * from './types/IAgent.js'
-export * from './types/IOACredentialPlugin.js'
-export * from './types/ICredentialPlugin.js'
-export * from './types/ICredentialIssuer.js'
-export * from './types/ICredentialVerifier.js'
-export * from './types/ICredentialStatus.js'
-export * from './types/ICredentialStatusManager.js'
-export * from './types/ICredentialStatusVerifier.js'
-export * from './types/IDataStore.js'
-export * from './types/IDataStoreORM.js'
-export * from './types/IIdentifier.js'
-export * from './types/IDIDManager.js'
-export * from './types/IKeyManager.js'
-export * from './types/IMessage.js'
-export * from './types/IMessageHandler.js'
-export * from './types/IResolver.js'
-export * from './types/IError.js'
-export * from './types/IVerifyResult.js'
-export * from './types/vc-data-model.js'
-export * from './types/IQRCodeEndpoint.js'
-export * from './types/IRender.js'
-export * from './types/IRendererProvider.js'
+export { CoreEvents } from './coreEvents.js';
+export * from './agent.js';
+export * from './types/IAgent.js';
+export * from './types/IOACredentialPlugin.js';
+export * from './types/ICredentialPlugin.js';
+export * from './types/ICredentialIssuer.js';
+export * from './types/ICredentialVerifier.js';
+export * from './types/ICredentialStatus.js';
+export * from './types/ICredentialStatusManager.js';
+export * from './types/ICredentialStatusVerifier.js';
+export * from './types/IDataStore.js';
+export * from './types/IDataStoreORM.js';
+export * from './types/IIdentifier.js';
+export * from './types/IDIDManager.js';
+export * from './types/IKeyManager.js';
+export * from './types/IMessage.js';
+export * from './types/IMessageHandler.js';
+export * from './types/IResolver.js';
+export * from './types/IError.js';
+export * from './types/IVerifyResult.js';
+export * from './types/vc-data-model.js';
+export * from './types/IQRCodeEndpoint.js';
+export * from './types/IRender.js';
+export * from './types/IRendererProvider.js';
+export * from './types/IEncryptedStorage.js';

packages/core-types/src/plugin.schema.json

@@ -6203,5 +6203,102 @@
         }
       }
     }
+  },
+  "IEncryptedStorage": {
+    "components": {
+      "schemas": {
+        "IEncryptAndStoreDataArgs": {
+          "type": "object",
+          "properties": {
+            "data": {}
+          },
+          "required": [
+            "data"
+          ]
+        },
+        "IEncrypteAndStoreDataResult": {
+          "type": "object",
+          "properties": {
+            "id": {
+              "type": "string"
+            },
+            "key": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "id",
+            "key"
+          ]
+        },
+        "IFetchEncryptedDataArgs": {
+          "type": "object",
+          "properties": {
+            "id": {
+              "type": "string"
+            }
+          }
+        },
+        "IFetchEncryptedDataByCredentialHashArgs": {
+          "type": "object",
+          "properties": {
+            "credentialHash": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "credentialHash"
+          ]
+        },
+        "IFetchEncryptedDataByCredentialHashResult": {
+          "type": "object",
+          "properties": {
+            "encryptedData": {
+              "type": "string"
+            },
+            "encryptedDataId": {
+              "type": "string"
+            },
+            "decryptedKey": {
+              "type": "string"
+            }
+          },
+          "required": [
+            "encryptedData",
+            "encryptedDataId",
+            "decryptedKey"
+          ]
+        }
+      },
+      "methods": {
+        "encryptAndStoreData": {
+          "description": "",
+          "arguments": {
+            "$ref": "#/components/schemas/IEncryptAndStoreDataArgs"
+          },
+          "returnType": {
+            "$ref": "#/components/schemas/IEncrypteAndStoreDataResult"
+          }
+        },
+        "fetchEncryptedData": {
+          "description": "",
+          "arguments": {
+            "$ref": "#/components/schemas/IFetchEncryptedDataArgs"
+          },
+          "returnType": {
+            "type": "string"
+          }
+        },
+        "fetchEncryptedDataByCredentialHash": {
+          "description": "",
+          "arguments": {
+            "$ref": "#/components/schemas/IFetchEncryptedDataByCredentialHashArgs"
+          },
+          "returnType": {
+            "$ref": "#/components/schemas/IFetchEncryptedDataByCredentialHashResult"
+          }
+        }
+      }
+    }
   }
 }

packages/core-types/src/types/IEncryptedStorage.ts

@@ -0,0 +1,54 @@
+import { IPluginMethodMap } from './IAgent';
+
+/**
+ * @public
+ */
+export interface IEncryptAndStoreDataArgs {
+  data: any;
+}
+
+/**
+ * @public
+ */
+export interface IEncrypteAndStoreDataResult {
+  id: string;
+  key: string;
+}
+
+/**
+ * @public
+ */
+export interface IFetchEncryptedDataArgs {
+  id?: string;
+}
+
+/**
+ * @public
+ */
+export interface IFetchEncryptedDataByCredentialHashArgs {
+  credentialHash: string;
+}
+
+/**
+ * @public
+ */
+export interface IFetchEncryptedDataByCredentialHashResult {
+  encryptedData: string;
+  encryptedDataId: string;
+  decryptedKey: string;
+}
+
+/**
+ * @public
+ */
+export interface IEncryptedStorage extends IPluginMethodMap {
+  encryptAndStoreData(
+    args: IEncryptAndStoreDataArgs
+  ): Promise<IEncrypteAndStoreDataResult>;
+
+  fetchEncryptedData(args: IFetchEncryptedDataArgs): Promise<string>;
+
+  fetchEncryptedDataByCredentialHash(
+    args: IFetchEncryptedDataByCredentialHashArgs
+  ): Promise<IFetchEncryptedDataByCredentialHashResult>;
+}

packages/encrypted-storage/README.md

@@ -0,0 +1,87 @@
+# Encrypted Storage
+
+The encrypted storage plugin provides a secure storage for the agent. It is used to store the verifiable credentials that issued when call the `createVerifiableCredential` method.
+
+## Usage
+
+### Configuration
+
+To use the encrypted storage plugin, you need to add the following configuration to the agent.yml.
+
+Fist, add the `dbConnectionEncrypted` to define the database connection for the encrypted storage.
+
+```yaml
+dbConnectionEncrypted:
+  $require: typeorm#DataSource
+  $args:
+    - type: sqlite
+      database:
+        $ref: /constants/databaseFile
+      synchronize: true
+      migrationsRun: true
+      migrations:
+        $require: '@vckit/encrypted-storage?t=object#migrations'
+      logging: false
+      entities:
+        $require: '@vckit/encrypted-storage?t=object#Entities'
+```
+
+Second, add the `encryptedStorage` to define the encrypted storage plugin.
+
+```yaml
+# Encrypted Storage Plugin
+encryptedStorage:
+  $require: '@vckit/encrypted-storage#EncryptedStorage'
+  $args:
+    - dbConnection:
+        $ref: /dbConnectionEncrypted
+```
+
+then require the encrypted storage plugin to the agent.
+
+```yaml
+# Agent
+agent:
+  $require: '@vckit/core#Agent'
+  $args:
+    - schemaValidation: false
+      plugins:
+        # Plugins
+        - $ref: /encryptedStorage
+```
+
+After that, you need to configure the middleware to use the encrypted storage plugin to store the verifiable credentials when issue the verifiable credentials. You can configure the middleware in the `apiRoutes` section of the agent.yml.
+
+```yaml
+# API base path
+- - /agent
+  - $require: '@vckit/remote-server?t=function#apiKeyAuth'
+    $args:
+      - apiKey: test123
+  # Configure the middleware before the AgentRouter function. The middleware only allow the apis in `apiRoutes` to use the encrypted storage plugin.
+  - $require: '@vckit/encrypted-storage?t=function#encryptedStoreMiddleware'
+    $args:
+      - apiRoutes:
+          - /createVerifiableCredential
+
+  - $require: '@vckit/remote-server?t=function#AgentRouter'
+    $args:
+      - exposedMethods:
+          $ref: /constants/methods
+```
+
+Finally, you need to expose the endpoint that can be used to fetch the encrypted verifiable credential. You can configure the endpoint in the `apiRoutes` section of the agent.yml.
+
+```yaml
+# Encrypted storage API
+- - /encrypted-storage
+  - $require: '@vckit/encrypted-storage?t=function#encryptedStoreRouter'
+```
+
+### To use the encrypted storage plugin
+
+- To use the encrypted storage plugin, you need to call the `createVerifiableCredential` method with the parameter `save` to store the verifiable credential, then it will trigger the middleware to store the verifiable credential to the encrypted storage.
+
+- After that, it will response the decrypted key, id of encrypted verifiable credential, and the verifiable credential.
+
+- Use the decrypted key to decrypt the encrypted verifiable credential that fetched from the endpoint `/encrypted-storage/encrypted-data/:id`.

packages/encrypted-storage/api-extractor.json

@@ -0,0 +1,18 @@
+{
+  "$schema": "https://developer.microsoft.com/json-schemas/api-extractor/v7/api-extractor.schema.json",
+  "apiReport": {
+    "enabled": true,
+    "reportFolder": "./api",
+    "reportTempFolder": "./api"
+  },
+
+  "docModel": {
+    "enabled": true,
+    "apiJsonFilePath": "./api/<unscopedPackageName>.api.json"
+  },
+
+  "dtsRollup": {
+    "enabled": false
+  },
+  "mainEntryPointFilePath": "<projectFolder>/build/index.d.ts"
+}

packages/encrypted-storage/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@vckit/encrypted-storage",
+  "version": "1.0.0-beta.5",
+  "description": "To encrypt the data and store to the database.",
+  "author": "Nam Hoang <hoangxuannam160493@gmail.com>",
+  "homepage": "https://github.com/uncefact/project-vckit#readme",
+  "main": "build/index.js",
+  "types": "build/index.d.ts",
+  "exports": {
+    ".": "./build/index.js",
+    "./build/plugin.schema.json": "./build/plugin.schema.json"
+  },
+  "scripts": {
+    "build": "tsc",
+    "extract-api": "node ../cli/bin/vckit.js dev extract-api"
+  },
+  "license": "Apache-2.0",
+  "keywords": [],
+  "type": "module",
+  "moduleDirectories": [
+    "node_modules",
+    "src"
+  ],
+  "files": [
+    "build/**/*",
+    "src/**/*",
+    "README.md",
+    "LICENSE"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/uncefact/project-vckit.git"
+  },
+  "bugs": {
+    "url": "https://github.com/uncefact/project-vckit/issues"
+  },
+  "dependencies": {
+    "@govtechsg/oa-encryption": "^1.3.5",
+    "@vckit/core-types": "workspace:*",
+    "@veramo/data-store": "^5.2.0",
+    "@veramo/utils": "^5.2.0",
+    "express-interceptor": "^1.2.0",
+    "typeorm": "^0.3.10",
+    "uuid": "^9.0.0"
+  }
+}