opencrvs · euanmillar · Jan 7, 2025 · Dec 11, 2024 · Dec 12, 2024 · Dec 12, 2024
diff --git a/packages/server/package.json b/packages/server/package.json
@@ -13,6 +13,9 @@
     "envalid": "^8.0.0",
     "fastify": "^5.0.0",
     "fastify-type-provider-zod": "^4.0.2",
+    "jsonwebtoken": "^9.0.2",
+    "node-fetch": "2",
+    "pino": "^9.5.0",
     "tsx": "^4.19.2",
     "typescript": "^5.6.3",
     "zod": "^3.23.8"
@@ -21,6 +24,8 @@
     "@eslint/js": "^9.13.0",
     "@types/eslint__js": "^8.42.3",
     "@types/fhir": "^0.0.37",
+    "@types/jsonwebtoken": "^9.0.7",
+    "@types/node-fetch": "^2.6.12",
     "eslint": "^9.13.0",
     "pino-pretty": "^11.3.0",
     "typescript": "^5.6.3",

diff --git a/packages/server/src/constants.ts b/packages/server/src/constants.ts
@@ -1,4 +1,4 @@
-import { cleanEnv, str, port } from "envalid";
+import { cleanEnv, str, port, url } from "envalid";
 
 export const env = cleanEnv(process.env, {
   PORT: port({ default: 2024 }),
@@ -15,4 +15,6 @@ export const env = cleanEnv(process.env, {
     devDefault: "http://localhost:7070/graphql",
     desc: "The URL of the OpenCRVS GraphQL Gateway",
   }),
+  HEARTH_URL: url({ default: 'http://localhost:3447/fhir' }),
+  NATIONAL_ID_OIDP_REST_URL: url({ default: '' }),
 });
diff --git a/packages/server/src/esignet-api.ts b/packages/server/src/esignet-api.ts
@@ -0,0 +1,131 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * OpenCRVS is also distributed under the terms of the Civil Registration
+ * & Healthcare Disclaimer located at http://opencrvs.org/license.
+ *
+ * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+ */
+
+import * as jwt from "jsonwebtoken";
+import { env } from "./constants";
+import fetch from 'node-fetch'
+import { logger } from "./logger";
+
+type OIDPUserAddress = {
+  formatted: string;
+  street_address: string;
+  locality: string;
+  region: string;
+  postal_code: string;
+  city: string;
+  country: string;
+};
+
+type OIDPUserInfo = {
+  sub: string;
+  name?: string;
+  given_name?: string;
+  family_name?: string;
+  middle_name?: string;
+  nickname?: string;
+  preferred_username?: string;
+  profile?: string;
+  picture?: string;
+  website?: string;
+  email?: string;
+  email_verified?: boolean;
+  gender?: "female" | "male";
+  birthdate?: string;
+  zoneinfo?: string;
+  locale?: string;
+  phone_number?: string;
+  phone_number_verified?: boolean;
+  address?: Partial<OIDPUserAddress>;
+  updated_at?: number;
+};
+
+const OIDP_USERINFO_ENDPOINT =
+  env.NATIONAL_ID_OIDP_REST_URL && new URL('oidc/userinfo', env.NATIONAL_ID_OIDP_REST_URL).toString()
+
+const decodeUserInfoResponse = (response: string) => {
+  return jwt.decode(response) as OIDPUserInfo;
+};
+
+export const fetchFromHearth = <T = any>(
+  suffix: string,
+  method = "GET",
+  body: string | undefined = undefined
+): Promise<T> => {
+  return fetch(`${env.HEARTH_URL}${suffix}`, {
+    method,
+    headers: {
+      "Content-Type": "application/fhir+json",
+    },
+    body,
+  })
+    .then((response) => {
+      return response.json();
+    })
+    .catch((error) => {
+      return Promise.reject(
+        new Error(`FHIR with Hearth request failed: ${error.message}`)
+      );
+    });
+};
+
+const searchLocationFromHearth = (name: string) =>
+  fetchFromHearth<fhir2.Bundle>(
+    `/Location?${new URLSearchParams({ name, type: "ADMIN_STRUCTURE" })}`
+  );
+
+const findAdminStructureLocationWithName = async (name: string) => {
+  const fhirBundleLocations = await searchLocationFromHearth(name);
+
+  if ((fhirBundleLocations.entry?.length ?? 0) > 1) {
+    throw new Error(
+      "Multiple admin structure locations found with the same name"
+    );
+  }
+
+  if ((fhirBundleLocations.entry?.length ?? 0) === 0) {
+    logger.warn("No admin structure location found with the name: " + name);
+    return null;
+  }
+
+  return fhirBundleLocations.entry?.[0].resource?.id;
+};
+
+const pickUserInfo = async (userInfo: OIDPUserInfo) => {
+  const stateFhirId =
+    userInfo.address?.country &&
+    (await findAdminStructureLocationWithName(userInfo.address.country));
+
+  return {
+    oidpUserInfo: userInfo,
+    stateFhirId,
+    districtFhirId:
+      userInfo.address?.region &&
+      (await findAdminStructureLocationWithName(userInfo.address.region)),
+    locationLevel3FhirId:
+      userInfo.address?.locality &&
+      (await findAdminStructureLocationWithName(userInfo.address.locality)),
+  };
+};
+
+export const fetchUserInfo = async (accessToken: string) => {
+  const request = await fetch(OIDP_USERINFO_ENDPOINT!, {
+    headers: {
+      Authorization: "Bearer " + accessToken,
+    },
+  });
+
+  const response = await request.text();
+  const decodedResponse = decodeUserInfoResponse(response);
+
+  logger.info(`OIDP user info response: ${JSON.stringify(decodedResponse)}`);
+
+  return pickUserInfo(decodedResponse);
+};
diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts
@@ -4,7 +4,7 @@ import {
   validatorCompiler,
   ZodTypeProvider,
 } from "fastify-type-provider-zod";
-import { mosipHandler, mosipNidSchema } from "./webhooks/mosip";
+import { getOIDPUserInfo, mosipHandler, mosipNidSchema, OIDPUserInfoSchema } from "./webhooks/mosip";
 import { opencrvsHandler, opencrvsRecordSchema } from "./webhooks/opencrvs";
 import { env } from "./constants";
 import * as openapi from "./openapi-documentation";
@@ -50,6 +50,14 @@ app.after(() => {
       body: mosipNidSchema,
     },
   });
+  app.withTypeProvider<ZodTypeProvider>().route({
+    url: "/esignet/get-oidp-user-info",
+    method: "POST",
+    handler: getOIDPUserInfo,
+    schema: {
+      body: OIDPUserInfoSchema,
+    },
+  });
 });
 
 async function run() {

diff --git a/packages/server/src/logger.ts b/packages/server/src/logger.ts
@@ -0,0 +1,17 @@
+/*
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * OpenCRVS is also distributed under the terms of the Civil Registration
+ * & Healthcare Disclaimer located at http://opencrvs.org/license.
+ *
+ * Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
+ */
+import pino from "pino"
+export const logger = pino()
+
+const level = process.env.NODE_ENV === 'test' ? 'silent' : process.env.LOG_LEVEL
+if (level) {
+  logger.level = level
+}
diff --git a/packages/server/src/opencrvs-api.ts b/packages/server/src/opencrvs-api.ts
@@ -126,3 +126,76 @@ export const upsertRegistrationIdentifier = (
     },
     headers,
   });
+
+export const getOIDPUserInfo = (
+  {
+    code,
+    clientId,
+    redirectUri,
+    grantType,
+  }: {
+    code: String;
+    clientId: String;
+    redirectUri: String;
+    grantType: String;
+  },
+  { headers }: { headers: Record<string, any> }
+) =>
+  post({
+    query: /* GraphQL */ `
+      mutation getOIDPUserInfo(
+        $code: String!
+        $clientId: String!
+        $redirectUri: String!
+        $grantType: String
+      ) {
+        getOIDPUserInfo(
+          code: $code
+          clientId: $clientId
+          redirectUri: $redirectUri
+          grantType: $grantType
+        ) {
+          oidpUserInfo {
+            sub
+            name
+            given_name
+            family_name
+            middle_name
+            nickname
+            preferred_username
+            profile
+            picture
+            website
+            email
+            email_verified
+            gender
+            birthdate
+            zoneinfo
+            locale
+            phone_number
+            phone_number_verified
+            address {
+              formatted
+              street_address
+              locality
+              region
+              postal_code
+              city
+              country
+            }
+            updated_at
+          }
+          districtFhirId
+          stateFhirId
+          locationLevel3FhirId
+        }
+      }
+    `,
+    variables: {
+      code,
+      clientId,
+      redirectUri,
+      grantType,
+    },
+    headers,
+  });
diff --git a/packages/server/src/webhooks/mosip.ts b/packages/server/src/webhooks/mosip.ts
@@ -41,3 +41,34 @@ export const mosipHandler = async (
 
   reply.code(200);
 };
+
+export const OIDPUserInfoSchema = z.object({
+  code: z.string(),
+  clientId: z.string(),
+  redirectUri: z.string(),
+  grantType: z.string(),
+});
+
+type OIDPUserInfoRequest = FastifyRequest<{
+  Body: z.infer<typeof OIDPUserInfoSchema>;
+}>;
+
+export const getOIDPUserInfo = async (
+  request: OIDPUserInfoRequest,
+  reply: FastifyReply
+) => {
+  const { token } = request.headers;
+  const { code, clientId, redirectUri, grantType } = request.body;
+
+  await opencrvs.getOIDPUserInfo(
+    {
+      code,
+      clientId,
+      redirectUri,
+      grantType,
+    },
+    { headers: { Authorization: `Bearer ${token}` } }
+  );
+
+  reply.code(200);
+};