npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

@gitcoinco/passport-sdk-writer

v0.2.0

Published

Create, read, and update Gitcoin Passport

Downloads

48

Readme

Gitcoin Passport SDK: Writer

Create, read, and update Gitcoin Passport

Installation

Add to your project...

yarn add @gitcoinco/passport-sdk-writer

--

Or download this .git repository and install dependencies manually...

yarn install

Build...

yarn run webpack

Basic Usage

import {DID} from "dids";
import {EthereumAuthProvider} from "@3id/connect";

...

// connect to wallet somehow
const provider = wallet.provider;
const address = wallet.accounts[0];

// Create and authenticate a DID
const testDID = new DID({
    provider: new EthereumAuthProvider(provider, address),
});
await testDID.authenticate();

// Construct a writer
const passportWriter = new PassportWriter(testDID);

// Create a Passport belonging to testDID
const passportStreamID = await passportWriter.createPassport();

// Get the Passport by Stream ID
const passport = (await passportWriter.loader.load(passportStreamID)).content;

// Get the Passport belonging to testDID
const testDIDPassport = await passportWriter.getPassport();

// Add a stamp to the Passport belonging to testDID
const newStamp = {
    provider: "An Identity Provider",
    credential: {...a Verifiable Credential...}
};
await passportWriter.addStamp(newStamp);

Ceramic React Framework & Self.ID SDK

Ceramic Framework Documentation

Configure the Ceramic Provider

The Provider component must be added at the root of the application tree in order to use the hooks described below. It can be used to provide a custom configuration for the Self.ID clients, authentication, state and UI options.

import {Provider} from '@self.id/framework'

function App({children}) {
    return <Provider client={{ceramic: 'testnet-clay'}} session={true}>{children}</Provider>
}

useViewerConnection Hook

Set up useViewerConnection hook to retrieve a user's authenticated DID.

import {useViewerConnection} from "@self.id/framework";

const [viewerConnection, connectCeramic, disconnectCeramic] = useViewerConnection();

// connect to wallet somehow
const provider = wallet.provider;
const address = wallet.accounts[0];

connectCeramic(new EthereumAuthProvider(provider, address));

useEffect(() => {
    switch (viewerConnection.status) {
        case "idle": {
            // not connected yet
            break;
        }
        case "connected": {
            // user connected - construct a writer authenticated by user's DID
            const passportWriter = new PassportWriter(viewerConnection.selfID.did);
            // ... do stuff with passport writer ...
            break;
        }
        case "failed": {
            // user refused to connect or authenticate to ceramic
            break;
        }
        default:
            break;
    }
}, [viewerConnection.status]);

Verifiable Credentials

Requesting Verifiable Credentials from Gitcoin IAM

  • Staging server https://staging.dpopp.gitcoin.co
  • Production server https://passport-iam.gitcoin.co
// Fetch a verifiable challenge credential to prove user owns their address
export const fetchChallengeCredential = async (
  iamUrl: string = "https://staging.dpopp.gitcoin.co",
  payload: RequestPayload
): Promise<IssuedChallenge> => {
  // fetch challenge as a credential from API that fits the version, address and type (this credential has a short ttl)
  const response: { data: CredentialResponseBody } = await axios.post(
    `${iamUrl}/v${payload.version}/challenge`,
    {
      payload: {
        address: payload.address,
        type: payload.type,
      },
    }
  );

  return {
    challenge: response.data.credential,
  } as IssuedChallenge;
};

// Fetch a verifiableCredential
export const fetchVerifiableCredential = async (
  iamUrl: string = "https://staging.dpopp.gitcoin.co",
  payload: RequestPayload,
  signer: { signMessage: (message: string) => Promise<string> } | undefined
): Promise<VerifiableCredentialRecord> => {
  // must provide signature for message
  if (!signer) {
    throw new Error("Unable to sign message without a signer");
  }

  // first pull a challenge that can be signed by the user
  const {challenge} = await fetchChallengeCredential(iamUrl, payload);

  // sign the challenge provided by the IAM
  const signature = challenge.credentialSubject.challenge
    ? (await signer.signMessage(challenge.credentialSubject.challenge)).toString()
    : "";

  // must provide signature for message
  if (!signature) {
    throw new Error("Unable to sign message");
  }

  // pass the signature as part of the proofs obj
  payload.proofs = {...payload.proofs, ...{signature: signature}};

  // fetch a credential from the API that fits the version, payload and passes the signature message challenge
  const response: { data: CredentialResponseBody } = await axios.post(
    `${iamUrl}/v${payload.version}/verify`,
    {
      payload,
      challenge,
    }
  );

  // return everything that was used to create the credential (along with the credential)
  return {
    signature,
    challenge,
    record: response.data.record,
    credential: response.data.credential,
  } as VerifiableCredentialRecord;
};

Issuing Your Own Verifiable Credentials

Example with SpruceID DIDKit

import * as DIDKit from "@spruceid/didkit-wasm-node";

const key = process.env.ISSUER_KEY || DIDKit.generateEd25519Key();

// Keeping track of the hashing mechanism (algo + content)
const VERSION = "v0.0.0";

// utility to create an ordered array of the given input (of the form [[key:string, value:string], ...])
const objToSortedArray = (obj: { [k: string]: string }): string[][] => {
  const keys: string[] = Object.keys(obj).sort();
  return keys.reduce((out: string[][], key: string) => {
    out.push([key, obj[key]]);
    return out;
  }, [] as string[][]);
};

// construct and issue a VerifiableCredential via DIDKit
const issueCredential = async (
  subjectAddress: string,
  provider: string,
  record: object,
  expiresInSeconds: number,
): Promise<VerifiableCredential> => {
  // get DID from key
  const issuer = DIDKit.keyToDID("key", key);
  // read method from key
  const verificationMethod = await DIDKit.keyToVerificationMethod("key", key);
  // stringify assertionMethod we feed to didkit-wasm-node
  const verifyWithMethod = JSON.stringify({
    proofPurpose: "assertionMethod",
    verificationMethod,
  });

  const issuanceDate = new Date();
  const expirationDate = new Date();
  expirationDate.setSeconds(issuanceDate.getSeconds() + expiresInSeconds);

  // Generate a hash like SHA256(IAM_PRIVATE_KEY+PII), where PII is the (deterministic) JSON representation
  // of the PII object after transforming it to an array of the form [[key:string, value:string], ...]
  // with the elements sorted by key
  // This hash can be used to de-duplicate provider verifications without revealing PII
  const hash = base64.encode(
    createHash("sha256")
      .update(key, "utf-8")
      .update(JSON.stringify(objToSortedArray(record)))
      .digest()
  );

  // generate a verifiableCredential
  const credential = await DIDKit.issueCredential(
    JSON.stringify({
      "@context": ["https://www.w3.org/2018/credentials/v1"],
      type: ["VerifiableCredential"],
      issuer,
      issuanceDate: issuanceDate.toISOString(),
      expirationDate: expirationDate.toISOString(),
      credentialSubject: {
        "@context": [
          {
            hash: "https://schema.org/Text",
            provider: "https://schema.org/Text",
          },
        ],
        // construct a pkh DID on mainnet (:1) for the given wallet address
        id: `did:pkh:eip155:1:${subjectAddress}`,
        provider,
        hash: `${VERSION}:${hash}`,
      },
    }),
    verifyWithMethod,
    key
  );

  // parse the response of the DIDKit wasm
  return JSON.parse(credential) as VerifiableCredential;
};

const exampleVerifiableCredential = issueCredential(
  "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "Example-Passport-Writer-Provider",
  {myRecord: "my value"},
  600
)