diff --git a/.env.demo b/.env.demo index 834cd1094..da53b5f8c 100644 --- a/.env.demo +++ b/.env.demo @@ -31,95 +31,74 @@ PLAY_STORE_DOWNLOAD_LINK=https://play.google.com/store/apps/details?id=id.credeb # Apple App Store download link IOS_DOWNLOAD_LINK=https://apps.apple.com/in/app/adeya-ssi-wallet/id6463845498 -# Please specify your platform name +# Specify your platform name PLATFORM_NAME=CREDEBL -# Please specify your powered by org name +# Specify your powered by org name POWERED_BY= -# Please specify your platform web URL +# Specify your platform web URL PLATFORM_WEB_URL=https://credebl.id/ -# Please specify your support URL +# Specify your support URL POWERED_BY_URL=https://example.com -# Please specify your logo host or domain url -UPLOAD_LOGO_HOST=devapi.credebl.id +# Specify your logo host or domain url +UPLOAD_LOGO_HOST=your-ip:5000 BRAND_LOGO=https://credebl.id/images/CREDEBL_LOGO.png -# Please provide admin email Id +# Provide admin email Id PLATFORM_ADMIN_EMAIL=platform.admin@yopmail.com # Socket server host URL SOCKET_HOST=ws://your-ip:5000 -# NATS server host/IP address -NATS_HOST=your-ip - -# NATS server port -NATS_PORT=4222 - # Full NATS connection URL NATS_URL=nats://your-ip:4222 -# NATS server password -NATS_PASSWORD=xxxx - -# NATS server username +# NATS server Username and password (if authentication is enabled) NATS_USER=xxxx +NATS_PASSWORD=xxxx -# Redis server host/IP address +# Redis server host/IP address and port REDIS_HOST=your-ip - -# Redis server port REDIS_PORT=6379 -# Please provide your sendgrid API key -SENDGRID_API_KEY= - -# Use IP Address -WALLET_STORAGE_HOST=your-ip - -# Wallet storage database port +# Wallet storage database connection details +WALLET_STORAGE_HOST=database-ip WALLET_STORAGE_PORT=5432 - -# Wallet storage database username WALLET_STORAGE_USER='postgres' - -# Wallet storage database password WALLET_STORAGE_PASSWORD='postgres' # It should be same as studio UI CRYPTO_PRIVATE_KEY=YourSecretPrivateKeyHere -PLATFORM_URL=https://devapi.credebl.id +PLATFORM_URL=http://your-ip:5000 -# Please provide your environment name +# Provide your environment name PLATFORM_PROFILE_MODE=DEV -# Please specify your localhost URL +# Specify your localhost URL PUBLIC_LOCALHOST_URL=http://localhost:5000 -# Please specify your DEV environment api URL +# Specify your DEV environment api URL PUBLIC_DEV_API_URL=https://devapi.credebl.id -# Please specify your QA environment api URL +# Specify your QA environment api URL PUBLIC_QA_API_URL=https://qa-api.credebl.id -# Please specify your PRODUCTION environment api URL +# Specify your PRODUCTION environment api URL PUBLIC_PRODUCTION_API_URL=https://api.credebl.id -# Please specify your sandbox environment URL +# Specify your sandbox environment URL PUBLIC_SANDBOX_API_URL=https://sandboxapi.credebl.id -# Please specify your support email +# Specify your support email PUBLIC_PLATFORM_SUPPORT_EMAIL=support@example.com -# Platform admin wallet name +# Platform admin wallet name and encrypt password using crypto-js PLATFORM_WALLET_NAME=platform-admin - -# Please provide encrypt password using crypto-js PLATFORM_WALLET_PASSWORD='U2FsdGVkX19l6w/PpuicnGBYThBHolzF27oN0JwfWkc=' # The seed should consist of 32 characters. @@ -128,158 +107,87 @@ PLATFORM_SEED=000000000000000000000000Steward1 PLATFORM_ID=1 # The format for below is as follows: postgresql://{postgres.user}:{postgres.password}@{your-ip}:{postgres.port}/{database-name} -# Provide pooler supabase postgres URL +# Provide postgres URL - database connection details POOL_DATABASE_URL="postgresql://postgres:postgres@your-ip:5432/credebl" - -# Provide supabase postgres URL and Use the correct user/pwd, IP Address DATABASE_URL="postgresql://postgres:postgres@your-ip:5432/credebl" -# Used for Bulk issuance of credential -# Optional (Can be skipped if Bulk issuance is not used) -# Please provide your access key +# Used for Bulk issuance of credential (Optional- Can be skipped if Bulk issuance is not used) +# Provide aws bucket access credentails AWS_ACCESS_KEY= - -# Please provide your secret key AWS_SECRET_KEY= - -# Please provide your aws region AWS_REGION= - -# Please provide your aws bucket AWS_BUCKET= -# Used for Adding org-logo during org creation and update -# Optional (Can be skipped if no image is added during org creation and updation) -# Please provide your aws bucket access key +# Used for Adding org-logo during org creation and update (Optional- Can be skipped if no image is added during org creation and updation) +# Provide aws bucket access credentails with write access to the bucket as logo upload is done using signed url which requires putObject permission. AWS_PUBLIC_ACCESS_KEY= - -# Please provide your aws secret key AWS_PUBLIC_SECRET_KEY= - -# Please provide your aws region AWS_PUBLIC_REGION= - -# Please provide your aws org bucket name AWS_ORG_LOGO_BUCKET_NAME= -# Used for storing connection URL generated from Agent and creating shortened URL -# Required (As connecting to org requires Shortened url) -# Please provide your aws bucket access key +# Used for storing connection URL generated from Agent and creating shortened URL (As connecting to org requires Shortened url) +# Provide aws bucket access credentails with write access to the bucket as storing shortened url is done using putObject operation. AWS_S3_STOREOBJECT_ACCESS_KEY= - -# Please provide your aws bucket secret key AWS_S3_STOREOBJECT_SECRET_KEY= - -# Please provide your aws region AWS_S3_STOREOBJECT_REGION= - -# Please provide your aws bucket AWS_S3_STOREOBJECT_BUCKET= -# Please refere AWS to determine your bucket url -# https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access -# Please specify the domain for your bucket responsible for storing shortened url objects e.g. 'https://bucket-name.s3.ap-east-1.amazonaws.com' -SHORTENED_URL_DOMAIN='https://AWS_S3_STOREOBJECT_REGION.amazonaws.com/AWS_S3_STOREOBJECT_BUCKET' +# Provide bucket used for storing shortened url objects e.g. 'https://s3.region-code.amazonaws.com/bucket-name' +SHORTENED_URL_DOMAIN='https://s3.AWS_S3_STOREOBJECT_REGION.amazonaws.com/AWS_S3_STOREOBJECT_BUCKET' -# Please specify your domain/subdomain responsible for deeplinking with 'url' as a query param e.g. 'https://your-deeplink-domain?url=' +# Specify your domain/subdomain responsible for deeplinking with 'url' as a query param e.g. 'https://your-deeplink-domain?url=' DEEPLINK_DOMAIN='https://link.credebl.id?url=' # Provide a list of domains that are allowed to use this server ENABLE_CORS_IP_LIST=http://localhost:3000,http://localhost:3001,http://localhost:5000,http://localhost:8085 -# Please provide Nkeys secret for user service +# Provide Nkeys secret for all services USER_NKEY_SEED= - -# Please provide Nkeys secret for api-gateway API_GATEWAY_NKEY_SEED= - -# Please provide Nkeys secret for organization service ORGANIZATION_NKEY_SEED= - -# Please provide Nkeys secret for agent provisioning service AGENT_PROVISIONING_NKEY_SEED= - -# Please provide Nkeys secret for agent service AGENT_SERVICE_NKEY_SEED= - -# Please provide Nkeys secret for verification service VERIFICATION_NKEY_SEED= - -# Please provide Nkeys secret for ledger service LEDGER_NKEY_SEED= - -# Please provide Nkeys secret for issuance service ISSUANCE_NKEY_SEED= - -# Please provide Nkeys secret for connection service CONNECTION_NKEY_SEED= - -# Please provide Nkeys secret for ecosystem service ECOSYSTEM_NKEY_SEED= - -# Please provide Nkeys secret for credential-definition service CREDENTAILDEFINITION_NKEY_SEED= - -# Please provide Nkeys secret for schema service SCHEMA_NKEY_SEED= - -# Please provide Nkeys secret for utilities service UTILITIES_NKEY_SEED= - CLOUD_WALLET_NKEY_SEED= - -# Please provide Nkeys secret for geo-location service GEOLOCATION_NKEY_SEED= - NOTIFICATION_NKEY_SEED= - -# Please provide Nkeys secret for x509 service X509_NKEY_SEED= - -# Please provide Nkeys secret for x509 service OIDC4VC_ISSUANCE_NKEY_SEED= - -# Please provide Nkeys secret for x509 service OIDC4VC_VERIFICATION_NKEY_SEED= -# Keycloak base domain URL +# Keycloak credentials and configuration KEYCLOAK_DOMAIN=http://localhost:8080/ - -# Keycloak admin URL KEYCLOAK_ADMIN_URL=http://localhost:8080 - -# Keycloak master realm name KEYCLOAK_MASTER_REALM=master - -# Keycloak management client ID -KEYCLOAK_MANAGEMENT_CLIENT_ID=adminClient - -# Keycloak management client secret +KEYCLOAK_MANAGEMENT_CLIENT_ID=credeblClient # Keycloak client created for platform management in keycloak. KEYCLOAK_MANAGEMENT_CLIENT_SECRET= +KEYCLOAK_REALM=credebl-platform # Keycloak realm name for the platform -# Keycloak realm name for the platform -KEYCLOAK_REALM=credebl-platform - -# Please provide schema URL +# Provide schema server URL and token SCHEMA_FILE_SERVER_URL= - -# Please provide schema file server token for polygon SCHEMA_FILE_SERVER_TOKEN= # Script path for importing geo-location master data GEO_LOCATION_MASTER_DATA_IMPORT_SCRIPT=/prisma/scripts/geo_location_data_import.sh -# Script path for updating client credential data +# Script path for client credential data UPDATE_CLIENT_CREDENTIAL_SCRIPT=/prisma/scripts/update_client_credential_data.sh -# Note: the below 3 variables are only in case of starting services using docker -# Script path to start AFJ agent (Docker) -AFJ_AGENT_SPIN_UP=/agent-provisioning/AFJ/scripts/docker_start_agent.sh +# CREDO-CONTROLLER image. Provide the image name with tag if you are using a custom image. +AFJ_VERSION=ghcr.io/credebl/credo-controller:latest -# Path for AFJ agent endpoint files +# Note: the below 2 variables are only in case of starting services using docker +AFJ_AGENT_SPIN_UP=/agent-provisioning/AFJ/scripts/docker_start_agent.sh AFJ_AGENT_ENDPOINT_PATH=/agent-provisioning/AFJ/endpoints/ -# Uncomment bellow three lines and comment the above to start services locally without using docker, using pnpm +# Uncomment below 2 lines and comment the above to start services locally without using docker, using pnpm # AFJ_AGENT_SPIN_UP=/apps/agent-provisioning/AFJ/scripts/start_agent.sh # AFJ_AGENT_ENDPOINT_PATH=/apps/agent-provisioning/AFJ/endpoints/ @@ -298,19 +206,11 @@ MAX_ORG_LIMIT=10 # Host:port of your FIDO (WebAuthn) Server FIDO_API_ENDPOINT=http://localhost:8000 -# ELK flag +# ELK configuration ELK_LOG=false - -# ELK log level LOG_LEVEL=debug - -# ELK log path ELK_LOG_PATH="http://localhost:9200/" - -# ELK user username ELK_USERNAME=elastic - -# ELK user password ELK_PASSWORD=xxxxxx ORGANIZATION=credebl @@ -320,35 +220,27 @@ APP=api # Default is true too, if nothing is passed HIDE_EXPERIMENTAL_OIDC_CONTROLLERS=true -#Schema-file-server +# Schema-file-server configurations # Port used by the schema file server application APP_PORT=4000 - # JWT token secret for schema file server authentication JWT_TOKEN_SECRET= - # Issuer name used for JWT tokens ISSUER=Credebl -#Signoz and OTel +# Signoz and OTel configurations # Flag to enable/disable OpenTelemetry (true = enabled, false = disabled) IS_ENABLE_OTEL=false - # Logical name of the service shown in observability tools (e.g., SigNoz) OTEL_SERVICE_NAME='CREDEBL-PLATFORM-SERVICE' - # Version of the service; helps in tracking changes over time OTEL_SERVICE_VERSION='1.0.0' - # Endpoint where traces are exported (OTLP over HTTP) OTEL_TRACES_OTLP_ENDPOINT='http://localhost:4318/v1/traces' - # Endpoint where logs are exported (OTLP over HTTP) OTEL_LOGS_OTLP_ENDPOINT='http://localhost:4318/v1/logs' - # API key or token used for authenticating with the OTel collector (e.g., SigNoz) OTEL_HEADERS_KEY=88ca6b1XXXXXXXXXXXXXXXXXXXXXXXXXXX - # Name of the logger used for OpenTelemetry log records OTEL_LOGGER_NAME='credebl-platform-logger' @@ -358,58 +250,34 @@ HOSTNAME='localhost' # Provide limits of sessions SESSIONS_LIMIT=10 -# SSO -APP_PROTOCOL=http - -#To add more clients, simply copy the variable below and change the word 'CREDEBL' to your client's name. -CREDEBL_CLIENT_ALIAS=CREDEBL - -CREDEBL_DOMAIN=http://localhost:3000 - -#Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY. -CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_ID= - -#Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY. -CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_SECRET= - -# To add more clients, simply add comma separated values of client names -# Comma separated list of supported SSO client names -SUPPORTED_SSO_CLIENTS=CREDEBL - -# Key for agent base wallet # API key for agent base wallet AGENT_API_KEY='supersecret-that-too-16chars' -# ECS security group ID +# Below values are required only if you are deploying CREDEBL on AWS ECS (EC2/Fargate). You can skip these if you are using local deployment. ECS_SECURITY_GROUP_ID=sg-xxxxxxxxxxxxxxxxx - -# File system ID (EFS) FILESYSTEMID=fs-xxxxxxxx - -# ECS subnet ID ECS_SUBNET_ID=subnet-xxxxxxxx - -# Inbound target group ARN INBOUND_TG_ARN=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/inbound-tg/8a7f1cd3e2b94b12 - -# Admin target group ARN ADMIN_TG_ARN=arn:aws:elasticloadbalancing:us-east-1:123456789012:targetgroup/admin-tg/4c1e9fa7bb2143c8 - -# ECS cluster name for credo controller CLUSTER_NAME=CREDO-CONTROLLER-CLUSTER - -# ECS taskdefinition name for credo controller TASKDEFINITION_FAMILY=CREDO-CONTROLLER-TASKDEFINITION - -# Protocol used by credo controller PROTOCOL=http - -# Please provide your AWS account Id AWS_ACCOUNT_ID=xxxxx - -# Please provide your AWS bucket arn S3_BUCKET_ARN=arn:aws:s3:::xxxxx +# SSO Configurations +APP_PROTOCOL=http +#To add more clients, simply copy the variable below and change the word 'CREDEBL' to your client's name. +CREDEBL_CLIENT_ALIAS=CREDEBL +CREDEBL_DOMAIN=http://localhost:3000 +#Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY. +CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_ID= +#Provide the value in its encrypted form using CRYPTO_PRIVATE_KEY. +CREDEBL_KEYCLOAK_MANAGEMENT_CLIENT_SECRET= + +# To add more clients, simply add comma separated values of client names +SUPPORTED_SSO_CLIENTS=CREDEBL + # To add more client add the following variables for each additional client. # Replace the `CLIENT-NAME` with the appropriate client name as added in `SUPPORTED_SSO_CLIENTS` # Default client will not need the following details @@ -429,18 +297,15 @@ S3_BUCKET_ARN=arn:aws:s3:::xxxxx # VERIFIER_KEYCLOAK_MANAGEMENT_CLIENT_SECRET=encryptedKeyCloakClientSecret # Active email provider: choose one of [resend | sendgrid | ses | smtp] -# Active email provider EMAIL_PROVIDER=resend -# Your Resend API key. This is required if EMAIL_PROVIDER=resend -# Resend API key -RESEND_API_KEY=re_xxxxxxxxxx +# Resend API key. This is required if email provider is resend +RESEND_API_KEY= # SENDGRID (Fallback option) uncomment this if you are using sendgrid email provider - # SendGrid API key -# SENDGRID_API_KEY=SG.xxxxxxx +# SENDGRID_API_KEY= -# if EMAIL_PROVIDER=ses +# if email provider is ses # AWS SES region # AWS_SES_REGION=ap-south-1 # AWS SES access key @@ -448,7 +313,7 @@ RESEND_API_KEY=re_xxxxxxxxxx # AWS SES secret key # AWS_SES_SECRET_KEY=xxxx -# if EMAIL_PROVIDER=smtp +# if email provider is smtp # uncomment this if you are using smtp email provider # SMTP_HOST=smtp.gmail.com # SMTP_PORT=587 @@ -470,7 +335,6 @@ PROJECT_ID= # IN nanos(10_000) CONSUMER_CONFIG_ACK_WAIT=10_000 - CONSUMER_CONFIG_MAX_DELIVER=4 AGGREGATE_STREAM=aggregate @@ -484,19 +348,14 @@ NATS_CREDS_FILE= NATS_AUTH_TYPE=none # 'nkey' | 'creds' | 'usernamePassword' | 'none' -NOTIFICATION_NATS_AUTH_TYPE= +NOTIFICATION_NATS_AUTH_TYPE=none ENABLE_NATS_NOTIFICATION=false -# Please specify your Supabase URL +# Specify your Supabase URL and Supabase Anon key SUPABASE_URL= - -# Please specify your Supabase Anon key SUPABASE_KEY= -POSTGRES_USER= -POSTGRES_PASSWORD= - # Provide file upload cache ttl FILEUPLOAD_CACHE_TTL= @@ -504,10 +363,11 @@ FILEUPLOAD_CACHE_TTL= FIELD_UPLOAD_SIZE= # Create a new keycloak client for platform admin (admin console) with adminClient name and add its client id -PLATFORM_ADMIN_KEYCLOAK_ID= +ADMIN_KEYCLOAK_ID=adminClient # Add the secret of keycloak client created for the above platform admin (admin console) id -PLATFORM_ADMIN_KEYCLOAK_SECRET= +ADMIN_KEYCLOAK_SECRET= # Add in case the keycloak id of the old platform client is changed and want to update all the users in database with the new admin client -PLATFORM_ADMIN_OLD_CLIENT_ID= \ No newline at end of file +PLATFORM_ADMIN_OLD_CLIENT_ID= + diff --git a/agent.env b/agent.env index e94ebc7e8..ecbabf0ed 100644 --- a/agent.env +++ b/agent.env @@ -1,8 +1,3 @@ -NODE_ENV=DEV -ALLOW_INSECURE_HTTP_URLS=true -APP_JSON_BODY_SIZE=5mb -APP_URL_ENCODED_BODY_SIZE=5mb - CONNECT_TIMEOUT=10 MAX_CONNECTIONS=1000 IDLE_TIMEOUT=30000 @@ -27,11 +22,43 @@ RPC_URL=https://polygon-rpc.com SERVER_URL= FILE_SERVER_TOKEN= -# TODO: Update the install script to update the following environment variables every time the endpoints are updated. APP_URL=localhost:8001 AGENT_HTTP_URL=http://localhost:8001 -TRUST_LIST_URL= +HOLDER_REDIRECT= +HOLDER_CLIENT_ID=wallet +ALLOW_INSECURE_HTTP_URLS=true + +ROOT_CA_VALIDITY_YEARS=3 +DCS_VALIDITY_YEARS=3 + +ROOT_CA_START_FROM_CURRENT_MONTH=true +DCS_START_FROM_CURRENT_MONTH=true + +NODE_ENV=DEV + +# Authentication type for trust-service calls. Supported: NoAuth | ClientAuth (defaults to NoAuth if not set) +TRUST_SERVICE_AUTH_TYPE= +# Full token endpoint URL for ClientAuth (e.g. http://host:5000/v1/orgs/{clientId}/token) +TRUST_SERVICE_TOKEN_URL= +# Client credentials used for trust-service authentication (ClientAuth only) +TRUST_SERVICE_CLIENT_ID= +TRUST_SERVICE_CLIENT_SECRET= +# Trust list URL — for NoAuth: GitHub/static JSON URL; for ClientAuth: trust-service base URL +TRUST_LIST_URL=https://raw.githubusercontent.com/credebl/agent-controller/refs/heads/feat/oidc-main-sync/trusted-certs.json + +# Expiry is in seconds +OID4VCI_CRED_OFFER_EXPIRY=3600 +OID4VCI_ACCESS_TOKEN_EXPIRY=3600 +OID4VCI_AUTH_CODE_EXPIRY=3600 +OID4VCI_CNONCE_EXPIRY=3600 + +# Expiry is in seconds +OID4VP_AUTH_REQUEST_PROOF_REQUEST_EXPIRY=3600 + +APP_JSON_BODY_SIZE=5mb +APP_URL_ENCODED_BODY_SIZE=5mb + BCOVRIN_TEST_GENESIS='{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node1","blskey":"4N8aUNHSgjQVgkpm8nhNEfDf6txHznoYREg9kirmJrkivgL4oSEimFF6nsQ6M41QvhM2Z33nves5vfSn9n1UwNFJBYtWVnHYMATn76vLuL3zU88KyeAYcHfsih3He6UHcXDxcaecHVz6jhCYz1P2UZn2bDVruL5wXpehgBfBaLKm3Ba","blskey_pop":"RahHYiCvoNCtPTrVtP7nMC5eTYrsUA8WjXbdhNc8debh1agE9bGiJxWBXYNFbnJXoXhWFMvyqhqhRoq737YQemH5ik9oL7R4NTTCz2LEZhkgLJzB3QRQqJyBNyv7acbdHrAT8nQ9UkLbaVL9NBpnWXBTw4LEMePaSHEw66RzPNdAX1","client_ip":"138.197.138.255","client_port":9702,"node_ip":"138.197.138.255","node_port":9701,"services":["VALIDATOR"]},"dest":"Gw6pDLhcBcoQesN72qfotTgFa7cbuqZpkX3Xo6pLhPhv"},"metadata":{"from":"Th7MpTaRZVRYnPiabds81Y"},"type":"0"},"txnMetadata":{"seqNo":1,"txnId":"fea82e10e894419fe2bea7d96296a6d46f50f93f9eeda954ec461b2ed2950b62"},"ver":"1"} {"reqSignature":{},"txn":{"data":{"data":{"alias":"Node2","blskey":"37rAPpXVoxzKhz7d9gkUe52XuXryuLXoM6P6LbWDB7LSbG62Lsb33sfG7zqS8TK1MXwuCHj1FKNzVpsnafmqLG1vXN88rt38mNFs9TENzm4QHdBzsvCuoBnPH7rpYYDo9DZNJePaDvRvqJKByCabubJz3XXKbEeshzpz4Ma5QYpJqjk","blskey_pop":"Qr658mWZ2YC8JXGXwMDQTzuZCWF7NK9EwxphGmcBvCh6ybUuLxbG65nsX4JvD4SPNtkJ2w9ug1yLTj6fgmuDg41TgECXjLCij3RMsV8CwewBVgVN67wsA45DFWvqvLtu4rjNnE9JbdFTc1Z4WCPA3Xan44K1HoHAq9EVeaRYs8zoF5","client_ip":"138.197.138.255","client_port":9704,"node_ip":"138.197.138.255","node_port":9703,"services":["VALIDATOR"]},"dest":"8ECVSk179mjsjKRLWiQtssMLgp6EPhWXtaYyStWPSGAb"},"metadata":{"from":"EbP4aYNeTHL6q385GuVpRV"},"type":"0"},"txnMetadata":{"seqNo":2,"txnId":"1ac8aece2a18ced660fef8694b61aac3af08ba875ce3026a160acbc3a3af35fc"},"ver":"1"} diff --git a/apps/agent-provisioning/AFJ/scripts/start_agent.sh b/apps/agent-provisioning/AFJ/scripts/start_agent.sh index c15c2ce83..3a356d0ab 100755 --- a/apps/agent-provisioning/AFJ/scripts/start_agent.sh +++ b/apps/agent-provisioning/AFJ/scripts/start_agent.sh @@ -2,24 +2,32 @@ START_TIME=$(date +%s) -AGENCY=$1 -EXTERNAL_IP=$2 -WALLET_NAME=$3 -WALLET_PASSWORD=$4 -RANDOM_SEED=$5 -WEBHOOK_HOST=$6 -WALLET_STORAGE_HOST=$7 -WALLET_STORAGE_PORT=$8 -WALLET_STORAGE_USER=$9 -WALLET_STORAGE_PASSWORD=${10} -CONTAINER_NAME=${11} -PROTOCOL=${12} -TENANT=${13} -AFJ_VERSION=${14} -INDY_LEDGER=${15} -INBOUND_ENDPOINT=${16} -SCHEMA_FILE_SERVER_URL=${17} -AGENT_API_KEY=${18} +AGENCY="$1" +EXTERNAL_IP="$2" +WALLET_NAME="$3" +WALLET_PASSWORD="$4" +RANDOM_SEED="$5" +WEBHOOK_HOST="$6" +WALLET_STORAGE_HOST="$7" +WALLET_STORAGE_PORT="$8" +WALLET_STORAGE_USER="$9" +WALLET_STORAGE_PASSWORD="${10}" +CONTAINER_NAME="${11}" +PROTOCOL="${12}" +TENANT="${13}" +AFJ_VERSION="${14}" +INDY_LEDGER="${15}" +INBOUND_ENDPOINT="${16}" +SCHEMA_FILE_SERVER_URL="${17}" +AGENT_API_KEY="${18}" + +# Validate required parameters +if [[ -z "$AGENCY" ]] || [[ -z "$EXTERNAL_IP" ]] || [[ -z "$WALLET_NAME" ]]; then + echo "ERROR: Missing required parameters" + echo "Usage: $0 AGENCY EXTERNAL_IP WALLET_NAME ..." + exit 1 +fi + ADMIN_PORT_FILE="$PWD/apps/agent-provisioning/AFJ/port-file/last-admin-port.txt" INBOUND_PORT_FILE="$PWD/apps/agent-provisioning/AFJ/port-file/last-inbound-port.txt" ADMIN_PORT=8001 diff --git a/docker-compose.yml b/docker-compose.yml index a2701cfa2..991af677e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,16 +2,17 @@ version: '3' services: nats: - container_name: nats - entrypoint: '/nats-server -c /nats-server.conf -DV' # Corrected the path to nats-server.conf + container_name: credebl-nats image: nats + command: ["-c", "/nats-server.conf"] ports: - '4222:4222' - '6222:6222' - '8222:8222' - # volumes: - # - ./nats-server.conf:/nats-server.conf # Mount the config file + volumes: + - ./nats-server.conf:/nats-server.conf:ro redis: + container_name: credebl-redis image: redis:6.2-alpine restart: always ports: @@ -19,6 +20,22 @@ services: command: redis-server --save 20 1 --loglevel warning volumes: - cache:/data + postgres: + container_name: credebl-postgres + image: postgres:16 + healthcheck: + test: ["CMD-SHELL", "pg_isready -U postgres"] + interval: 5s + timeout: 5s + retries: 5 + ports: + - "5432:5432" + environment: + - POSTGRES_USER=postgres + - POSTGRES_PASSWORD=postgres + - POSTGRES_DB=credebl + volumes: + - platform-volume:/var/lib/postgresql/data seed: container_name: seed-service image: ghcr.io/credebl/seed:latest @@ -26,7 +43,17 @@ services: - ./.env volumes: - $PWD/libs/prisma-service/prisma/data/credebl-master-table/credebl-master-table.json:/app/libs/prisma-service/prisma/data/credebl-master-table.json + schema-file-server: + container_name: schema-file-server + image: ghcr.io/credebl/schema-file-server:latest + ports: + - '4000:4000' + env_file: + - ./.env + volumes: + - $PWD/apps/schemas:/app/schemas api-gateway: + container_name: api-gateway depends_on: - nats # Use depends_on instead of needs - redis @@ -35,7 +62,10 @@ services: - '5000:5000' env_file: - ./.env + volumes: + - $PWD/apps/uploadedFiles/exports:/app/uploadedFiles/exports user: + container_name: user-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -43,6 +73,7 @@ services: env_file: - ./.env utility: + container_name: utility-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -50,6 +81,7 @@ services: env_file: - ./.env connection: + container_name: connection-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -59,6 +91,7 @@ services: env_file: - ./.env issuance: + container_name: issuance-service depends_on: - nats # Use depends_on instead of needs - redis @@ -68,7 +101,10 @@ services: image: ghcr.io/credebl/issuance:latest env_file: - ./.env + volumes: + - $PWD/apps/uploadedFiles/exports:/app/uploadedFiles/exports ledger: + container_name: ledger-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -79,6 +115,7 @@ services: env_file: - ./.env organization: + container_name: organization-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -90,6 +127,7 @@ services: env_file: - ./.env verification: + container_name: verification-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -102,6 +140,7 @@ services: env_file: - ./.env agent-provisioning: + container_name: agent-provisioning-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -122,9 +161,9 @@ services: volumes: - $PWD/apps/agent-provisioning/AFJ/agent-config:/app/agent-provisioning/AFJ/agent-config - /var/run/docker.sock:/var/run/docker.sock - - /app/agent-provisioning/AFJ/token:/app/agent-provisioning/AFJ/token - $PWD/agent.env:/app/agent.env agent-service: + container_name: agent-service depends_on: - nats # Use depends_on instead of needs - api-gateway @@ -135,7 +174,7 @@ services: - organization - verification - agent-provisioning - command: sh -c 'until (docker logs platform-agent-provisioning-1 | grep "Agent-Provisioning-Service Microservice is listening to NATS"); do sleep 1; done && node dist/apps/agent-service/main.js' + command: sh -c 'until (docker logs agent-provisioning-service | grep "Agent-Provisioning-Service Microservice is listening to NATS"); do sleep 1; done && node dist/apps/agent-service/main.js' image: ghcr.io/credebl/agent-service:latest env_file: - ./.env @@ -145,6 +184,7 @@ services: volumes_from: - agent-provisioning cloud-wallet: + container_name: cloud-wallet-service depends_on: - nats - api-gateway @@ -152,6 +192,7 @@ services: env_file: - ./.env geolocation: + container_name: geolocation-service depends_on: - nats - api-gateway @@ -159,6 +200,7 @@ services: env_file: - ./.env notification: + container_name: notification-service depends_on: - nats - api-gateway @@ -166,6 +208,7 @@ services: env_file: - ./.env webhook: + container_name: webhook-service depends_on: - nats - api-gateway @@ -173,44 +216,35 @@ services: env_file: - ./.env ecosystem: + container_name: ecosystem-service depends_on: - nats - api-gateway - build: - context: ./ # Adjust the context path as needed - dockerfile: Dockerfiles/Dockerfile.ecosystem + image: ghcr.io/credebl/ecosystem:latest env_file: - ./.env oid4vc-issuance: + container_name: oid4vc-issuance-service depends_on: - nats - api-gateway - build: - context: ./ # Adjust the context path as needed - dockerfile: Dockerfiles/Dockerfile.oid4vc-issuance + image: ghcr.io/credebl/oid4vc-issuance:latest env_file: - ./.env oid4vc-verification: + container_name: oid4vc-verification-service depends_on: - nats - api-gateway - build: - context: ./ # Adjust the context path as needed - dockerfile: Dockerfiles/Dockerfile.oid4vc-verification + image: ghcr.io/credebl/oid4vc-verification:latest env_file: - ./.env x509: + container_name: x509-service depends_on: - nats - api-gateway - build: - context: ./ # Adjust the context path as needed - dockerfile: Dockerfiles/Dockerfile.x509 - env_file: - - ./.env - schema-file-server: - container_name: schema-file-server - image: ghcr.io/credebl/schema-file-server:latest + image: ghcr.io/credebl/x509:latest env_file: - ./.env diff --git a/libs/prisma-service/prisma/data/credebl-master-table/credebl-master-table.json b/libs/prisma-service/prisma/data/credebl-master-table/credebl-master-table.json index 0655d7dc1..75f8b8e5a 100644 --- a/libs/prisma-service/prisma/data/credebl-master-table/credebl-master-table.json +++ b/libs/prisma-service/prisma/data/credebl-master-table/credebl-master-table.json @@ -13,7 +13,7 @@ "lastName": "CREDEBL", "email": "", "username": "", - "password": "####Please provide encrypted password using crypto-js###", + "password": "##Please provide encrypted password using crypto-js##", "verificationCode": "", "isEmailVerified": true, "supabaseUserId": "96cef763-e106-46c1-ac78-fadf2803b11f" @@ -26,7 +26,7 @@ "createdBy": "", "lastChangedBy": "" }, - "platformAdminKeycloakPassword":"Admin@123", + "platformAdminKeycloakPassword":"##Please provide encrypted password using crypto-js##", "orgRoleData": [ { "name": "owner", diff --git a/libs/prisma-service/prisma/seed.ts b/libs/prisma-service/prisma/seed.ts index d9b36b368..316a72be1 100644 --- a/libs/prisma-service/prisma/seed.ts +++ b/libs/prisma-service/prisma/seed.ts @@ -631,9 +631,9 @@ const updatePlatformUserRole = async (): Promise => { }; export async function getKeycloakToken(): Promise { - const { KEYCLOAK_DOMAIN, KEYCLOAK_REALM, PLATFORM_ADMIN_KEYCLOAK_ID, PLATFORM_ADMIN_KEYCLOAK_SECRET } = process.env; + const { KEYCLOAK_DOMAIN, KEYCLOAK_REALM, ADMIN_KEYCLOAK_ID, ADMIN_KEYCLOAK_SECRET } = process.env; - if (!KEYCLOAK_DOMAIN || !KEYCLOAK_REALM || !PLATFORM_ADMIN_KEYCLOAK_ID || !PLATFORM_ADMIN_KEYCLOAK_SECRET) { + if (!KEYCLOAK_DOMAIN || !KEYCLOAK_REALM || !ADMIN_KEYCLOAK_ID || !ADMIN_KEYCLOAK_SECRET) { throw new Error('Missing Keycloak env vars'); } @@ -644,8 +644,8 @@ export async function getKeycloakToken(): Promise { headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams({ grant_type: 'client_credentials', - client_id: PLATFORM_ADMIN_KEYCLOAK_ID, - client_secret: PLATFORM_ADMIN_KEYCLOAK_SECRET + client_id: ADMIN_KEYCLOAK_ID, + client_secret: ADMIN_KEYCLOAK_SECRET }) } ); @@ -672,13 +672,7 @@ export async function createKeycloakUser(): Promise { throw new Error('failed to load platform config data from db'); } - const { - KEYCLOAK_DOMAIN, - KEYCLOAK_REALM, - PLATFORM_ADMIN_KEYCLOAK_ID, - PLATFORM_ADMIN_KEYCLOAK_SECRET, - CRYPTO_PRIVATE_KEY - } = process.env; + const { KEYCLOAK_DOMAIN, KEYCLOAK_REALM, ADMIN_KEYCLOAK_ID, ADMIN_KEYCLOAK_SECRET, CRYPTO_PRIVATE_KEY } = process.env; if (!KEYCLOAK_DOMAIN) { throw new Error('Missing environment variable: KEYCLOAK_DOMAIN'); @@ -688,12 +682,12 @@ export async function createKeycloakUser(): Promise { throw new Error('Missing environment variable: KEYCLOAK_REALM'); } - if (!PLATFORM_ADMIN_KEYCLOAK_ID) { - throw new Error('Missing environment variable: PLATFORM_ADMIN_KEYCLOAK_ID'); + if (!ADMIN_KEYCLOAK_ID) { + throw new Error('Missing environment variable: ADMIN_KEYCLOAK_ID'); } - if (!PLATFORM_ADMIN_KEYCLOAK_SECRET) { - throw new Error('Missing environment variable: PLATFORM_ADMIN_KEYCLOAK_SECRET'); + if (!ADMIN_KEYCLOAK_SECRET) { + throw new Error('Missing environment variable: ADMIN_KEYCLOAK_SECRET'); } if (!CRYPTO_PRIVATE_KEY) { @@ -762,12 +756,9 @@ export async function createKeycloakUser(): Promise { } logger.log(`✅ Platform admin found in database`); - const encClientId = CryptoJS.AES.encrypt(JSON.stringify(PLATFORM_ADMIN_KEYCLOAK_ID), CRYPTO_PRIVATE_KEY).toString(); + const encClientId = CryptoJS.AES.encrypt(JSON.stringify(ADMIN_KEYCLOAK_ID), CRYPTO_PRIVATE_KEY).toString(); - const encClientSecret = CryptoJS.AES.encrypt( - JSON.stringify(PLATFORM_ADMIN_KEYCLOAK_SECRET), - CRYPTO_PRIVATE_KEY - ).toString(); + const encClientSecret = CryptoJS.AES.encrypt(JSON.stringify(ADMIN_KEYCLOAK_SECRET), CRYPTO_PRIVATE_KEY).toString(); await prisma.user.update({ where: { email: cachedConfig.platformEmail },