[INJIWEB-1025] : injiweb proxy to overcome the CORS issue while working locally

docker-compose/README.md

@@ -0,0 +1,54 @@
+## Overview
+
+This is the docker-compose setup to run 
+
+- **mimoto-service** which act as BFF for Inji mobile and backend for Inji web.
+- **inji-web** and **inji-web-proxy** for frontend
+
+This is not for production use.
+
+## Building the inji-web-proxy image locally.
+
+> cd inji-web-proxy && docker build -t inji-web-proxy:local .
+
+## Building the inji-web image locally.
+
+> cd ../inji-web && docker build -f Dockerfile.local -t inji-web:local .
+
+## What is in the docker-compose folder?
+
+1. certs folder holds the p12 file which is being created as part of OIDC client onboarding.
+2. "config" folder holds the mimoto system properties file, issuer configuration and credential template.
+3. "docker-compose.yml" file with mimoto setup.
+
+## How to run this setup?
+
+1. Add Id providers as an issuer in mimoto-issuers-config.json
+
+2. Add verifiers clientId and redirect Uri in mimoto-trusted-verifiers.json for Online Sharing
+
+3. Start esignet services and update esignet host references in mimoto-default.properties and mimoto-issuers-config.json
+
+4. Start the data share services and update data share host references in mimoto-default.properties. data share service helm is available in the [Inji Web Helm](https://github.com/mosip/inji-web/tree/release-0.10.x/helm/inji-web)
+
+5. Create certs folder in the same directory and create OIDC client. Add key in oidckeystore.p12 and copy this file under certs folder.
+Refer [here](https://docs.mosip.io/inji/inji-mobile-wallet/customization-overview/credential_providers) to create client
+* Update client_id and client_alias as per onboarding in mimoto-issuers-config.json file.
+
+5. Start the docker-compose file
+
+> cd ../docker-compose && docker-compose up -d
+
+6. Stop the docker-compose file
+
+> cd ../docker-compose && docker-compose down
+
+7. Access Apis as
+   * http://localhost:8099/v1/mimoto/allProperties
+   * http://localhost:8099/v1/mimoto/issuers
+   * http://localhost:8099/v1/mimoto/issuers/Sunbird
+   * http://localhost:8099/v1/mimoto/issuers/Sunbird/well-known-proxy
+
+
+Note:
+- Replace mosipbox.public.url, mosip.api.public.url with your public accessible domain. For dev or local env [ngrok](https://ngrok.com/docs/getting-started/) is recommended.

docker-compose/config/credential-template.html

@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <meta charset="UTF-8" />
+    <title>$titleName</title>
+</head>
+<body #if ($textColor) style="color: $textColor;" #end>
+<div #if ($backgroundColor) style="background: $backgroundColor; border: 1px $textolor solid; border-radius: 15px; padding: 10px;" #else style="border: 2px black solid; border-radius: 15px; padding: 10px;" #end>
+    <div style="text-align: center; padding-top: 10px; font-weight: bold;">
+        <span style="font-size: 16px; vertical-align: middle;">$titleName</span>
+    </div>
+    <div style="display: flex; flex-direction: row; justify-content: space-between;">
+        <div style="margin: 30px; justify-content: center; align-items: center;">
+            #if (!$face)
+            <div style="float: left; height:100px;width:100px;background-color:white;border-radius:10px;border:1px solid grey">
+                <img style="margin: 25px;width: 50px; height:50px;" src="https://raw.githubusercontent.com/challabeehyv/mimoto-config/main/user-icon.png" alt="Logo" />
+            </div>
+            #else
+            <img style="height:100px;width:100px; border-radius:10px;" src="$face" alt="Logo" />
+            #end
+            <div style="float: left; height:100px;width:100px; border-radius:10px; margin-top: 20px;">
+                <img style="width: 100px; height:auto;" src="$logoUrl" alt="Logo" />
+            </div>
+        </div>
+        <div style="margin-left: 30px; padding-top: 30px">
+            #foreach($entry in $rowProperties.entrySet())
+            #if($entry.value)
+            <div style="margin-bottom: 10px; float: left; width: 450px;">
+                <div style="font-weight: bold; font-size: 16px; margin-bottom: 5px; word-wrap: break-word;">$entry.key</div>
+                <div style="font-size: 16px; word-wrap: break-word;">$entry.value</div>
+            </div>
+            #end
+            #end
+        </div>
+    </div>
+    <img src="data:image/png;base64,$qrCodeImage" alt="QR Code"/>
+</div>
+</body>
+</html>

docker-compose/config/mimoto-default.properties

@@ -0,0 +1,290 @@
+server.port=8099
+server.servlet.context-path=/v1/mimoto
+health.config.enabled=false
+mosip.service.end-points=/**/*
+
+mosipbox.public.url=http://localhost:${server.port}
+mosip.api.public.url=http://localhost:${server.port}
+mosip.resident.url=https://api.collab.mosip.net/v1/resident
+mosip.esignet.host=https://esignet.collab.mosip.net
+keycloak.external.url=https://iam.collab.mosip.net/
+mosip.kernel.authmanager.url=http://authmanager.kernel/
+mosip.websub.url=http://websub.websub/
+
+# START inji-default.properties
+
+mosip.inji.allowedAuthType=demo,otp,bio-Finger,bio-Iris,bio-Face
+mosip.inji.allowedEkycAuthType=demo,otp,bio-Finger,bio-Iris,bio-Face
+mosip.inji.allowedInternalAuthType=otp,bio-Finger,bio-Iris,bio-Face
+mosip.inji.faceSdkModelUrl=https://api.collab.mosip.net/inji
+# maximum number of retry for downloading vc
+mosip.inji.vcDownloadMaxRetry=10
+# pool interval in milli seconds
+mosip.inji.vcDownloadPoolInterval=6000
+# validate binding audience url to be sent in token
+mosip.inji.audience=ida-binding
+# issuer to be sent in token
+mosip.inji.issuer=residentapp
+# warning screen domain name
+mosip.inji.warningDomainName=${mosip.api.public.url}
+#timeout for vc download api via openid4vci flow in milliseconds
+mosip.inji.openId4VCIDownloadVCTimeout=30000
+# inji documentation url
+mosip.inji.aboutInjiUrl=https://docs.mosip.io/inji/inji-mobile-wallet/overview
+# minimum storage space required for making audit entry in MB
+mosip.inji.minStorageRequiredForAuditEntry=2
+# minimum storage space required for downloading / receiving vc in MB
+mosip.inji.minStorageRequired=2
+
+# END inji-default.properties
+
+
+# START bootstrap.properties
+
+spring.cloud.config.uri=http://nginx/
+spring.cloud.config.name=mimoto,inji
+spring.application.name=mimoto
+
+#config.server.file.storage.uri=https://raw.githubusercontent.com/mosip/mosip-config/collab1/
+config.server.file.storage.uri=http://nginx/
+
+management.endpoint.health.show-details=always
+management.endpoints.web.exposure.include=info,health,refresh
+
+openapi.info.title=${spring.application.name}
+openapi.info.description=${spring.application.name}
+openapi.info.version=1.0
+openapi.info.license.name=Mosip
+openapi.info.license.url=https://docs.mosip.io/platform/license
+openapi.service.servers[0].url=${mosip.api.public.url}${server.servlet.context-path}
+openapi.service.servers[0].description=${spring.application.name}
+openapi.group.name=${openapi.info.title}
+openapi.group.paths[0]=/**
+springdoc.swagger-ui.disable-swagger-default-url=true
+springdoc.swagger-ui.tagsSorter=alpha
+springdoc.swagger-ui.operationsSorter=alpha
+
+# END bootstrap.properties
+
+# MOSIP
+
+public.url=${mosip.api.public.url}/v1/mimoto
+mosip.resident.base.url=${mosip.resident.url}/resident/v1
+idp.binding.base.url=https://${mosip.esignet.host}/v1/esignet/binding
+mosip.iam.adapter.disable-self-token-rest-template=true
+
+RESIDENT_OTP=${mosip.resident.base.url}/req/otp
+RESIDENT_CREDENTIAL_REQUEST=${mosip.resident.base.url}/req/credential
+RESIDENT_CREDENTIAL_REQUEST_STATUS=${RESIDENT_CREDENTIAL_REQUEST}/status
+RESIDENT_VID=${mosip.resident.base.url}/vid
+RESIDENT_AUTH_LOCK=${mosip.resident.base.url}/req/auth-lock
+RESIDENT_AUTH_UNLOCK=${mosip.resident.base.url}/req/auth-unlock
+RESIDENT_INDIVIDUALID_OTP=${mosip.resident.base.url}/individualId/otp
+RESIDENT_AID_GET_INDIVIDUALID=${mosip.resident.base.url}/aid/status
+BINDING_OTP=${idp.binding.base.url}/binding-otp
+WALLET_BINDING=${idp.binding.base.url}/wallet-binding
+
+
+# Resident App
+credential.template=template.json
+credential.sample=sample_credential.json
+credential.data.path=data
+safetynet.api.key=
+safetynet.api.url=https://www.googleapis.com/androidcheck/v1/attestations/verify?key=${safetynet.api.key}
+
+registration.processor.print.textfile=registration-processor-print-text-file.json
+
+# Websub
+mosip.event.hubUrl=${mosip.websub.url}/hub/
+mosip.event.hub.subUrl=${mosip.event.hubUrl}
+mosip.event.hub.pubUrl=${mosip.event.hubUrl}
+
+
+# MOSIP partner
+mosip.partner.id=mpartner-default-mobile
+mosip.event.callBackUrl=${public.url}/credentialshare/callback/notify
+mosip.event.topic=${mosip.partner.id}/CREDENTIAL_ISSUED
+mosip.event.secret=Kslk30SNF2AChs2
+
+
+mosip.partner.crypto.p12.filename=keystore.p12
+mosip.partner.crypto.p12.password=1234cryptopwd
+mosip.partner.crypto.p12.alias=partner
+mosip.partner.encryption.key=${mosip.partner.crypto.p12.password}
+mosip.partner.prependThumbprint=true
+
+
+mosip.datashare.partner.id=mpartner-default-resident
+mosip.datashare.policy.id=mpolicy-default-resident
+
+
+csrf.disabled=true
+# Delayed websub subscription. Default is 5 seconds in ms.
+mosip.event.delay-millisecs=5000
+# Websub re-subscription workaround for losing subscribed topic when MOSIP websub update or restart. Default is 5 minutes in ms.
+websub-resubscription-delay-millisecs=86400000
+
+#-------------TOKEN GENERATION----------------
+#Token generation request id
+token.request.id=io.mosip.registration.processor
+#Token generation app id
+token.request.appid=regproc
+#Token generation username
+token.request.username=registrationprocessor
+#Token generation password
+token.request.password=abc123
+#Token generation version
+token.request.version=1.0
+#Token generation Client Id
+token.request.clientId=mosip-regproc-client
+#Token generation secret key
+token.request.secretKey=abc123
+#Token generation issuer url
+token.request.issuerUrl=${keycloak.internal.url}/auth/realms/mosip
+
+#Audit Service
+AUDIT=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
+AUDIT_URL=${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
+KEYBASEDTOKENAPI=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/clientidsecretkey
+
+#Master Data Services
+# MASTER=http://kernel-masterdata-service/v1/masterdata
+MASTER=${mosip.kernel.masterdata.url}/v1/masterdata
+TEMPLATES=${MASTER}/templates
+
+#Packet receiver application version
+mosip.print.application.version=1.0
+#Request Date Time format
+mosip.print.datetime.pattern=yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+
+
+#-------------Printing Service--------------------
+mosip.print.service.id=mosip.print
+
+#Audit request id
+mosip.print.audit.id=mosip.applicanttype.getApplicantType
+mosip.country.code=MOR
+
+#Kernel Crypto signature
+registration.processor.signature.isEnabled=true
+
+# Language Supported By Platform - ISO
+mosip.supported-languages=eng,ara,fra
+
+mosip.template-language=eng
+mosip.optional-languages=fra,ara
+mosip.mandatory-languages=eng
+
+# mosip.primary-language=eng
+# mosip.secondary-language=ara
+
+#----------------------- CBEFF Util--------------------------------------------------
+# Cbeff URL where the files will be stored in git, change it accordingly in case of change of storage location.
+# mosip.kernel.xsdstorage-uri=${spring.cloud.config.uri}/${spring.application.name}/${spring.profiles.active}/${spring.cloud.config.label}/
+mosip.kernel.xsdstorage-uri=https://raw.githubusercontent.com/mosip/mosip-config/develop/
+# Cbeff XSD file name in config server
+mosip.kernel.xsdfile=mosip-cbeff.xsd
+
+#----------------------------- Applicant Type --------------------------------------------------
+mosip.kernel.applicant.type.age.limit = 5
+
+#----------------------------- Static PIN --------------------------------------------------
+mosip.kernel.pin.length=6
+
+#-----------------------------TOKEN-ID Properties---------------------------------
+#length of the token id
+mosip.kernel.tokenid.length=36
+
+# log level
+logging.level.root=WARN
+logging.level.io.mosip=INFO
+# logging.level.io.mosip.kernel.auth.defaultadapter.filter=INFO
+logging.level.io.mosip.kernel.auth.defaultadapter=DEBUG
+logging.level.org.springframework.http.client=DEBUG
+logging.level.io.mosip.residentapp=INFO
+logging.level.reactor.netty.http.client=INFO
+# tomcat access logs
+server.tomcat.accesslog.enabled=true
+server.tomcat.accesslog.directory=/dev
+server.tomcat.accesslog.prefix=stdout
+server.tomcat.accesslog.buffered=false
+server.tomcat.accesslog.suffix=
+server.tomcat.accesslog.file-date-format=
+server.tomcat.accesslog.pattern={"@timestamp":"%{yyyy-MM-dd'T'HH:mm:ss.SSS'Z'}t","level":"ACCESS","level_value":70000,"traceId":"%{X-B3-TraceId}i","statusCode":%s,"req.requestURI":"%U","bytesSent":%b,"timeTaken":%T,"appName":"${spring.application.name}"}
+server.tomcat.accesslog.className=io.mosip.kernel.core.logger.config.SleuthValve
+registration.processor.unMaskedUin.length=5
+
+IDSchema.Version=1.0
+registration.processor.identityjson=identity-mapping.json
+registration.processor.demographic.identity=identity
+CREATEDATASHARE=${mosip.datashare.url}/v1/datashare/create
+DECRYPTPINBASSED=${mosip.kernel.keymanager.url}/v1/keymanager/decryptWithPin
+
+
+#Auth Adapter rest template authentication configs
+mosip.iam.adapter.appid=partner
+mosip.iam.adapter.clientid=mpartner-default-mobile
+mosip.iam.adapter.clientsecret=1234secret
+auth.server.admin.issuer.uri=${keycloak.external.url}/auth/realms/
+
+mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip
+mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager
+mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey
+auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
+
+
+# in minutes
+mosip.iam.adapter.validate-expiry-check-rate=1440
+
+# in minutes
+mosip.iam.adapter.renewal-before-expiry-interval=1440
+
+#this should be false if you don?t use this restTemplate true if you do
+
+mosip.iam.adapter.self-token-renewal-enable=true
+mosip.auth.filter_disable=true
+mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter
+mosip.kernel.auth.appids.realm.map={prereg:'mosip',ida:'mosip',registrationclient:'mosip',regproc:'mosip',partner:'mosip',resident:'mosip',admin:'mosip',crereq:'mosip',creser:'mosip',datsha:'mosip',idrepo:'mosip'}
+
+vercred.type.vid=VID
+mosip.idp.partner.id=mpartner-default-mobile
+mosip.idp.partner.encryption.key=Aci9jg28B8mO_LDfDXo3ZTp5_HKgEMun2tYyHCa1e8k
+wallet.binding.partner.id=mpartner-default-mimotokeybinding
+wallet.binding.partner.api.key=1234walletbindingkey
+
+#mosip notification otp channel config
+mosip.notificationtype=SMS|EMAIL|PHONE
+
+# Configurations related to openid4vc
+mosip.openid.issuers=mimoto-issuers-config.json
+mosip.openid.htmlTemplate=credential-template.html
+mosip.oidc.client.assertion.type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer
+mosip.oidc.p12.filename=oidckeystore.p12
+mosip.oidc.p12.password=mosip123
+mosip.oidc.p12.path=certs/
+
+
+#OpenId4VP related Configuration START
+
+#File name for the mimoto trusted verifiers
+mosip.openid.verifiers=mimoto-trusted-verifiers.json
+
+#Inji Web Config
+mosip.inji.web.url=https://injiweb.collab.mosip.net
+mosip.inji.web.redirect.url=https://injiweb.collab.mosip.net/authorize
+mosip.inji.qr.data.size.limit=10000
+mosip.inji.qr.code.height=650
+mosip.inji.qr.code.width=650
+
+#OVP Config
+mosip.inji.ovp.qrdata.pattern=INJI_OVP://https://injiweb.collab.mosip.net/authorize?response_type=vp_token&resource=%s&presentation_definition=%s
+mosip.inji.ovp.redirect.url.pattern=%s#vp_token=%s&presentation_submission=%s
+mosip.inji.ovp.error.redirect.url.pattern=%s?error=%s&error_description=%s
+
+#DataShare Config
+mosip.data.share.url=https://datashare-inji.collab.mosip.net
+mosip.data.share.create.url=https://datashare-inji.collab.mosip.net/v1/datashare/create/static-policyid/static-subscriberid
+mosip.data.share.create.retry.count=3
+mosip.data.share.get.url.pattern=https://datashare-inji.collab.mosip.net/v1/datashare/get/static-policyid/static-subscriberid/*
+
+#OpenId4VP related Configuration END