Merge pull request #50 from ashwin275/dev/cred-validation

Return Consistent Error Responses to Prevent Server Crashes

src/controller/credential_controller.ts

@@ -2,7 +2,7 @@ import express from 'express';
 import * as Vc from '@cord.network/vc-export';
 import * as Cord from '@cord.network/sdk';
 import crypto from 'crypto';
-
+import { validateCredential } from '../utils/CredentialValidationUtils';
 import {
   issuerDid,
   authorIdentity,
@@ -16,22 +16,29 @@ import {
 import { Cred } from '../entity/Cred';
 import { Schema } from '../entity/Schema';
 import { dataSource } from '../dbconfig';
+import { extractCredentialFields } from '../utils/CredentialUtils';
 const { CHAIN_SPACE_ID, CHAIN_SPACE_AUTH } = process.env;
 
 export async function issueVC(req: express.Request, res: express.Response) {
-  const data = req.body;
+  let data = req.body;
   const api = Cord.ConfigService.get('api');
   if (!authorIdentity) {
     await addDelegateAsRegistryDelegate();
   }
 
   try {
+    const validationError = validateCredential(data);
+    if (validationError) {
+      return res.status(400).json({ error: validationError });
+    }
+
+    data = extractCredentialFields(data);
+
     const schema = await dataSource
       .getRepository(Schema)
       .findOne({ where: { identifier: data.schemaId } });
 
     const parsedSchema = JSON.parse(schema?.cordSchema as string);
-
     const newCredContent = await Vc.buildVcFromContent(
       parsedSchema.schema,
       data.properties,
@@ -97,7 +104,8 @@ export async function issueVC(req: express.Request, res: express.Response) {
     }
   } catch (err) {
     console.log('Error: ', err);
-    throw new Error('Error in VD issuence');
+
+    return res.status(500).json({ error: 'Error in VD issuence' });
   }
 
   // TODO: If holder id is set vc will be sent to wallet
@@ -142,7 +150,7 @@ export async function getCredById(req: express.Request, res: express.Response) {
     return res.status(200).json({ credential: cred });
   } catch (error) {
     console.log('Error: ', error);
-    throw new Error('Error in cred fetch');
+    return res.status(500).json({ error: 'Error in cred fetch' });
   }
 }
 
@@ -222,13 +230,13 @@ export async function updateCred(req: express.Request, res: express.Response) {
       return res.status(200).json({
         result: 'Updated successufully',
         identifier: cred.identifier,
-        vc: updatedVc
+        vc: updatedVc,
       });
     }
     return res.status(400).json({ error: 'Document not updated' });
   } catch (error) {
     console.log('error: ', error);
-    throw new Error('Error in updating document');
+    return res.status(500).json({ error: 'Error in updating document' });
   }
 }
 

src/controller/schema_controller.ts

@@ -26,18 +26,15 @@ export async function createSchema(
 
     let data = req.body.schema?.schema || req.body.schema || null;
 
-
     const validationError = validateSchema(data);
     if (validationError) {
       return res.status(400).json({ error: validationError });
-        }
-
-    data = extractSchemaFields(data)
-
-
+    }
+
+    data = extractSchemaFields(data);
+
     let newSchemaName = data.title + ':' + Cord.Utils.UUID.generate();
     data.title = newSchemaName;
-
 
     let schemaDetails = await Cord.Schema.buildFromProperties(
       data,
@@ -80,7 +77,7 @@ export async function createSchema(
     return res.status(400).json({ error: 'SchemaDetails not created' });
   } catch (error) {
     console.log('err: ', error);
-    throw new Error('Schema not created');
+    return res.status(500).json({ error: 'Schema not created' });
   }
 }
 
@@ -100,6 +97,6 @@ export async function getSchemaById(
     return res.status(200).json({ schema: schema });
   } catch (error) {
     console.log('err: ', error);
-    throw new Error('Schema not found');
+    return res.status(500).json({ error: 'Error Fetching Schema' });
   }
 }

src/utils/CredentialUtils.ts

@@ -0,0 +1,20 @@
+export function extractCredentialFields(data: any): {
+  schemaId: string;
+  properties: any;
+} {
+  let schemaId: string;
+  let properties: any;
+
+  if (data.credential) {
+    schemaId = data.credential.cordSchemaId || data.credential.schemaId;
+    properties = data.credential.credentialSubject;
+  } else {
+    schemaId = data.schemaId;
+    properties = data.properties;
+  }
+
+  return {
+    schemaId,
+    properties,
+  };
+}

src/utils/CredentialValidationUtils.ts

@@ -0,0 +1,38 @@
+export function validateCredential(data: any): string | null {
+  // If 'credential' is present, validate inside the 'credential'
+  if (data.credential) {
+    if (!data.credential.credentialSubject) {
+      return "'credential.credentialSubject' is required inside 'credential'.";
+    }
+
+    if (!data.credential.cordSchemaId && !data.credential.schemaId) {
+      return "'cordSchemaId' or 'schemaId' is required inside 'credential'.";
+    }
+
+    if (
+      !data.credential.credentialSubject ||
+      typeof data.credential.credentialSubject !== 'object'
+    ) {
+      return "'credential.credentialSubject' must be an object.";
+    }
+
+    if (Object.keys(data.credential.credentialSubject).length === 0) {
+      return "'credential.credentialSubject' must contain at least one key-value pair.";
+    }
+  } else {
+    // If 'credential' is not present, validate the 'schemaId' and 'properties' directly
+    if (!data.schemaId || typeof data.schemaId !== 'string') {
+      return "'schemaId' is required and must be a string.";
+    }
+
+    if (!data.properties || typeof data.properties !== 'object') {
+      return "'properties' is required and must be an object.";
+    }
+
+    if (Object.keys(data.properties).length === 0) {
+      return "'properties' must contain at least one key-value pair.";
+    }
+  }
+
+  return null;
+}