fix: polygon support (#161)

* chore: bump oa libraries

* fix: verify should auto-switch between ethereum and polygon

- caveat: `src/storage/documentService/documentService.js` can't seem to use `src/shared/verify.js` properly

* fix: use shared verify for documentService.js

* lint: fix lint warnings

* fix: revert back to optional chaining

* lint: set eslint parser option to ecmaVersion 2020

* fix: revert back to opencerts-verify

.eslintrc

@@ -1,5 +1,6 @@
 {
   "extends": ["airbnb-base", "prettier"],
+  "parserOptions": { "ecmaVersion": 2020 },
   "env": {
     "jest/globals": true
   },
@@ -15,7 +16,7 @@
     "func-names": ["error", "as-needed"],
     "prettier/prettier": "error",
     "no-unused-expressions": "off",
-    "import/prefer-default-export": "off"
-
+    "import/prefer-default-export": "off",
+    "no-console": "off"
   }
 }

package.json

@@ -31,7 +31,7 @@
   "license": "ISC",
   "dependencies": {
     "@govtechsg/oa-encryption": "^1.3.5",
-    "@govtechsg/open-attestation": "^6.9.0",
+    "@govtechsg/open-attestation": "^6.9.5",
     "@govtechsg/opencerts-verify": "^3.1.3",
     "@middy/core": "^5.1.0",
     "@middy/http-cors": "^5.1.0",
@@ -45,7 +45,7 @@
   },
   "devDependencies": {
     "@types/jest": "^29.5.11",
-    "copy-webpack-plugin": "^5.1.1",
+    "copy-webpack-plugin": "^12.0.2",
     "dotenv": "^7.0.0",
     "eslint": "^8.56.0",
     "eslint-config-airbnb-base": "^15.0.0",
@@ -62,11 +62,13 @@
     "raw-loader": "^4.0.1",
     "serverless-domain-manager": "^7.3.8",
     "serverless-dotenv-plugin": "^6.0.0",
-    "serverless-offline": "^13.3.2",
+    "serverless-offline": "^13.7.0",
+    "serverless-plugin-typescript": "^2.1.5",
     "serverless-s3-local": "^0.8.1",
     "serverless-s3-remover": "^0.6.0",
-    "serverless-webpack": "^5.13.0",
+    "serverless-webpack": "^5.14.1",
     "supertest": "^4.0.2",
+    "typescript": "^5.5.4",
     "webpack": "^5.86.0"
   },
   "prettier": {

src/email/config.js

@@ -5,7 +5,6 @@ module.exports = {
     region: process.env.SES_REGION || "us-west-2"
   },
   recaptchaSecret: process.env.RECAPTCHA_SECRET,
-  network: process.env.NETWORK || "homestead",
   emailApiKeys:
     (process.env.EMAIL_API_KEYS && process.env.EMAIL_API_KEYS.split(":")) || []
 };

src/email/index.js

@@ -1,8 +1,10 @@
 import middy from "@middy/core";
 import cors from "@middy/http-cors";
+import { isValid } from "@govtechsg/opencerts-verify";
+
+import { verify } from "../shared/verify";
 
 const { get } = require("lodash");
-const { isValid, verify } = require("@govtechsg/opencerts-verify");
 
 const recaptcha = require("./recaptcha");
 const certificateMailer = require("./mailer/mailerWithSESTransporter");
@@ -31,7 +33,7 @@ const handleEmail = async (event) => {
     }
 
     // Verify Certificate
-    const fragments = await verify({ network: config.network })(data);
+    const fragments = await verify(data);
     if (!isValid(fragments)) {
       throw new Error("Invalid certificate");
     }

src/email/webpack.config.js

@@ -16,7 +16,7 @@ module.exports = {
     filename: "index.js"
   },
   plugins: [
-    new CopyPlugin([{ from: "static", to: "static" }]),
+    new CopyPlugin({ patterns: [{ from: "static", to: "static" }] }),
     new webpack.ProvidePlugin({
       fetch: path.resolve(path.join(__dirname, "..", "lol"))
     })

src/shared/config.js

@@ -0,0 +1,3 @@
+module.exports = {
+  network: process.env.NETWORK || "mainnet"
+};

src/shared/verify.js

@@ -0,0 +1,53 @@
+const { getData, utils } = require("@govtechsg/open-attestation");
+const { verify: ocVerify } = require("@govtechsg/opencerts-verify");
+
+const config = require("./config");
+
+const IS_MAINNET =
+  config.network === "mainnet" || config.network === "homestead";
+
+function getNetworkName(document) {
+  const data = utils.isWrappedV2Document(document)
+    ? getData(document)
+    : document;
+
+  if (IS_MAINNET && data.network) {
+    /* Production Network Whitelist */
+    switch (data.network?.chainId) {
+      case "137":
+        return "matic";
+      default:
+        break;
+    }
+  } else {
+    /* Non-production Network Whitelist */
+    switch (data.network?.chainId) {
+      case "80002":
+        // return "amoy";
+        // FIXME: Setting "amoy" will fail as it's an unsupported network in Ethers v5.7.2
+        // Create a custom provider and specify { chainId: 80002, name: "amoy" }
+        // https://github.com/OpenCerts/opencerts-website/blob/1de65c66795ec2f416d6c829259e9f9ab1e49e45/src/sagas/certificate.ts#L123
+        console.error(`"amoy" is not supported on Ethers v5.7.2 yet`);
+        break;
+      default:
+        break;
+    }
+  }
+
+  // A network is specified in the certificate but not in the above whitelist
+  if (data.network) {
+    console.warn(
+      `"${JSON.stringify(
+        data.network
+      )}" is not a whitelisted network. Reverting back to "${config.network}".`
+    );
+  }
+
+  return config.network;
+}
+
+/**
+ * A wrapper of verify to auto-switch between Ethereum and Polygon
+ */
+export const verify = (document) =>
+  ocVerify({ network: getNetworkName(document) })(document);

src/storage/documentService/documentService.js

@@ -1,10 +1,11 @@
 const { v4: uuidv4 } = require("uuid");
-const { verify, isValid } = require("@govtechsg/opencerts-verify");
+const { isValid } = require("@govtechsg/opencerts-verify"); // FIXME: Unable to use `src/shared/verify.js` due to weird crash claiming `network` is undefined
 const {
   encryptString,
   generateEncryptionKey
 } = require("@govtechsg/oa-encryption");
 
+const { verify } = require("../../shared/verify");
 const config = require("../config");
 const { put, get, remove } = require("../s3");
 
@@ -68,7 +69,7 @@ const uploadDocumentAtId = async (
     throw new Error("Ttl cannot exceed 90 days");
   }
 
-  const fragments = await verify({ network: config.network })(document);
+  const fragments = await verify(document);
   if (!isValid(fragments)) {
     throw new Error("Document is not valid");
   }
@@ -100,7 +101,7 @@ const uploadDocument = async (
   document,
   ttlInMicroseconds = DEFAULT_TTL_IN_MICROSECONDS
 ) => {
-  const fragments = await verify({ network: config.network })(document);
+  const fragments = await verify(document);
   if (!isValid(fragments)) {
     throw new Error("Document is not valid");
   }

src/verify/index.js

@@ -1,13 +1,13 @@
 import middy from "@middy/core";
 import cors from "@middy/http-cors";
+import { isValid } from "@govtechsg/opencerts-verify";
 
-const { verify, isValid } = require("@govtechsg/opencerts-verify");
-const config = require("./config");
+import { verify } from "../shared/verify";
 
 const handleVerify = async (event) => {
   const { document } = JSON.parse(event.body);
   try {
-    const fragments = await verify({ network: config.network })(document);
+    const fragments = await verify(document);
     return {
       statusCode: 200,
       headers: { "Content-Type": "application/json" },

src/verify/serverless.yml

@@ -19,19 +19,19 @@ functions:
     handler: index.handler
     timeout: 15 # long timeout as infura api can take awhile
     events:
-      - http: 
-          path: / 
-          method: post 
+      - http:
+          path: /
+          method: post
           cors: true
 custom:
   dotenv:
     basePath: ../../
   serverless-offline:
     lambdaPort: 4002
     httpPort: 4000
-  isManagedDomain: 
-    false: 'true' # To negate the environment variable DISABLE_DOMAIN
-    true: 'false' # if you know of a way to do conditionals please change this
+  isManagedDomain:
+    false: "true" # To negate the environment variable DISABLE_DOMAIN
+    true: "false" # if you know of a way to do conditionals please change this
   customDomain:
     domainName: "${env:DOMAIN,''}" # Change this to your domain.
     basePath: "verify" # This will be prefixed to all routes
@@ -45,6 +45,7 @@ custom:
     includeModules:
       packagePath: "../../package.json"
 plugins:
+  - serverless-dotenv-plugin
   - serverless-offline
   - serverless-domain-manager
   - serverless-webpack