Skip to content

e2e test using passport and EU-ID #1281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

e2e test using passport and EU-ID #1281

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
01fc82e
chore: import code from prev branch and fix constants
Vishalkulkarni45 Oct 13, 2025
57f08dd
feat: use new attestation logic
Vishalkulkarni45 Oct 13, 2025
b55c152
fix: e2e test
Vishalkulkarni45 Oct 14, 2025
2241b6a
feat(wip)): register mock aadhaar
Vishalkulkarni45 Oct 15, 2025
231f5f2
feat: e2e for aadhaar
Vishalkulkarni45 Oct 15, 2025
bdb2ed5
chore: prettier
Vishalkulkarni45 Oct 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
101 changes: 101 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
# Dependencies
**/node_modules/
**/.pnp
**/.pnp.js
node_modules

# Build outputs
**/dist/
**/build/
**/.next/
**/out/

# Testing
**/coverage/
**/.nyc_output/

# Yarn (keep .yarnrc.yml and .yarn/releases for Docker)
**/.yarn/cache/
**/.yarn/unplugged/
**/.yarn/build-state.yml
**/.yarn/install-state.gz
# !.yarnrc.yml is not ignored - we need it for Docker
# !.yarn/releases/ is not ignored - we need it for Docker

# Environment variables
**/.env*
!**/.env.example

# Logs
**/*.log
**/npm-debug.log*
**/yarn-debug.log*
**/yarn-error.log*

# OS files
.DS_Store
**/.DS_Store
Thumbs.db

# IDEs
**/.vscode/
**/.idea/
**/*.swp
**/*.swo
**/*~

# Git
.git
.gitignore
.gitattributes

# CI/CD
**/.github/
**/.gitlab/
**/.circleci/

# Documentation
**/README.md
**/docs/
**/*.md
!package.json

# Compiled circuits (large files)
Comment on lines +57 to +63
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

*Global ignore of .md may strip LICENSE/NOTICE from images — add allowlist to maintain compliance

Unintentionally excluding license/notice docs can create compliance issues for distributed images.

Apply allowlist rules:

 **/*.md
+!**/LICENSE
+!**/LICENSE.*
+!**/NOTICE
+!**/NOTICE.*
+!**/THIRD_PARTY_LICENSES*
 !package.json
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Documentation
**/README.md
**/docs/
**/*.md
!package.json
# Compiled circuits (large files)
# Documentation
**/README.md
**/docs/
**/*.md
!**/LICENSE
!**/LICENSE.*
!**/NOTICE
!**/NOTICE.*
!**/THIRD_PARTY_LICENSES*
!package.json
# Compiled circuits (large files)
🤖 Prompt for AI Agents 
In .dockerignore around lines 57 to 63, the global ignore pattern "**/*.md" will
also exclude important license/notice files; modify the rules to keep the global
markdown ignore but add allowlist exceptions for licensing files (e.g. add
patterns like "!**/LICENSE*", "!**/NOTICE*", "!**/COPYING*", and optionally
"!**/LICENSE.*" or specific filenames) so LICENSE/NOTICE/COPYING and similarly
named license files are not excluded from Docker build context.

circuits/build/
circuits/output/
**/ptau/
**/*.sym
**/*.r1cs
# Exclude large circuit files but keep the ones needed by ts-api
**/*.zkey
**/*.wasm
!sdk/tests/ts-api/utils/assests/*.zkey
!sdk/tests/ts-api/utils/assests/*.wasm

# Contract artifacts
contracts/artifacts/
contracts/cache/
contracts/typechain-types/

# Mobile app builds
app/ios/build/
app/android/build/
app/android/.gradle/
app/android/app/build/

# Noir build artifacts
noir/target/

# Temp files
**/*.tsbuildinfo
**/tmp/
**/temp/
**/.cache/

# Private modules
app/android/android-passport-nfc-reader/

# CI-generated tarballs
mobile-sdk-alpha-ci.tgz
**/mobile-sdk-alpha-*.tgz
/tmp/mobile-sdk-alpha*.tgz
1 change: 1 addition & 0 deletions package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
"packages/*",
"prover/tests",
"scripts/tests",
"sdk/tests/*",
"sdk/*"
]
},
Expand Down
47 changes: 47 additions & 0 deletions sdk/tests/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
services:
# TypeScript API Service
ts-api:
build:
context: ../.. # Build from monorepo root (two levels up)
dockerfile: sdk/tests/ts-api/Dockerfile
ports:
- "3000:3000"
environment:
- NODE_ENV=production
- PORT=3000
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:3000/health"]
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify that healthcheck commands are available in containers.

The healthchecks rely on curl (ts-api) and wget (go-api) being present in the container images. These tools may not be included in minimal base images, causing healthchecks to fail.

Also applies to: 32-32

🏁 Script executed:

#!/bin/bash
# Verify if curl/wget are available in the Dockerfiles or base images

echo "Checking ts-api Dockerfile for curl availability:"
if [ -f "sdk/tests/ts-api/Dockerfile" ]; then
  cat sdk/tests/ts-api/Dockerfile | grep -i "curl\|apt-get\|apk"
else
  echo "ts-api Dockerfile not found"
fi

echo -e "\nChecking go-api Dockerfile for wget availability:"
if [ -f "sdk/tests/go-api/Dockerfile" ]; then
  cat sdk/tests/go-api/Dockerfile | grep -i "wget\|apt-get\|apk"
else
  echo "go-api Dockerfile not found"
fi

Length of output: 346

🏁 Script executed:

#!/bin/bash
echo "Displaying first 50 lines of ts-api Dockerfile:"
sed -n '1,50p' sdk/tests/ts-api/Dockerfile

Length of output: 1779

Install curl in ts-api Dockerfile runner stage
ts-api’s runner image (node:22-alpine) doesn’t include curl, so the healthcheck in docker-compose.yml will always fail. In sdk/tests/ts-api/Dockerfile’s runner stage add:

RUN apk --no-cache add curl

before running the healthcheck.

🤖 Prompt for AI Agents 
In sdk/tests/ts-api/Dockerfile (runner stage) add a package install for curl
before the image is used in the docker-compose healthcheck: insert a RUN apk
--no-cache add curl line in the runner stage (the node:22-alpine based stage)
before any commands that expect curl so the docker-compose.yml healthcheck at
sdk/tests/docker-compose.yml line 13 can succeed; rebuild the image or update
your CI to use the new image tag.

interval: 30s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
networks:
- api-network

# Go API Service
go-api:
build:
context: ../.. # Build from monorepo root (two levels up)
dockerfile: sdk/tests/go-api/Dockerfile
ports:
- "8080:8080"
environment:
- PORT=8080
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 40s
restart: unless-stopped
networks:
- api-network

networks:
api-network:
driver: bridge

volumes:
ts-api-logs:
go-api-logs:
Comment on lines +45 to +47
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Declared volumes are not mounted to any service.

The volumes ts-api-logs and go-api-logs are declared but never referenced in the service definitions. Either mount them to the services or remove the declarations to avoid confusion.

Example of mounting volumes:

  ts-api:
    build:
      context: ../..
      dockerfile: sdk/tests/ts-api/Dockerfile
    ports:
      - "3000:3000"
+   volumes:
+     - ts-api-logs:/app/logs
    environment:
      - NODE_ENV=production
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
volumes:
ts-api-logs:
go-api-logs:
ts-api:
build:
context: ../..
dockerfile: sdk/tests/ts-api/Dockerfile
ports:
- "3000:3000"
volumes:
- ts-api-logs:/app/logs
environment:
- NODE_ENV=production
🤖 Prompt for AI Agents 
In sdk/tests/docker-compose.yml around lines 45 to 47, the named volumes
ts-api-logs and go-api-logs are declared but not referenced by any service;
either remove these unused volume declarations or mount them into the
appropriate services by adding volume entries under each service (for example,
add - ts-api-logs:/path/to/logs for the TypeScript service and -
go-api-logs:/path/to/logs for the Go service) and ensure the paths match where
each service writes logs so the volumes are actually used.

45 changes: 45 additions & 0 deletions sdk/tests/go-api/.dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
# Binaries and build artifacts
go-api
*.exe
*.dll
*.so
*.dylib
*.test

# Go build cache
.cache/

# IDE files
.vscode/
.idea/
*.swp
*.swo
*~

# OS files
.DS_Store
Thumbs.db
.DS_Store?
._*
.Spotlight-V100
.Trashes
ehthumbs.db

# Git
.git/
.gitignore

# Docker files (except the one being used)
.dockerignore

# Documentation
*.md

# Test files
*_test.go

# Logs
*.log

# Temporary files
*.tmp
52 changes: 52 additions & 0 deletions sdk/tests/go-api/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
# Multi-stage build for Go API
FROM golang:1.23-alpine AS builder
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Pin base images to reduce supply-chain risk

Avoid floating golang:1.23-alpine and alpine:latest; pin minor versions or digests for reproducible, auditable builds.

Examples:

-FROM golang:1.23-alpine AS builder
+FROM golang:1.23.3-alpine3.20 AS builder
...
-FROM alpine:latest AS runner
+FROM alpine:3.20 AS runner

Or use digests if your pipeline supports them.

Also applies to: 25-25

🤖 Prompt for AI Agents 
In sdk/tests/go-api/Dockerfile around lines 2 and 25, the Dockerfile currently
references floating images (golang:1.23-alpine and alpine:latest) which
increases supply-chain risk; update both FROM lines to pin to a specific
minor/patch tag or an immutable digest (e.g., golang:1.23.x-alpine or
golang@sha256:..., and alpine:3.x or alpine@sha256:...), replacing the floating
tags so builds are reproducible and auditable.


# Set working directory
WORKDIR /app

# Install git and ca-certificates (needed for go modules)
RUN apk --no-cache add git ca-certificates

# Copy go mod files first for better Docker layer caching
COPY sdk/tests/go-api/go.mod sdk/tests/go-api/go.sum ./sdk/tests/go-api/
COPY sdk/sdk-go/go.mod sdk/sdk-go/go.sum ./sdk/sdk-go/

# Download dependencies first (this layer will be cached if go.mod/go.sum don't change)
WORKDIR /app/sdk/tests/go-api
RUN go mod download
RUN go mod tidy

# Now copy the source code (use absolute paths from /app)
COPY sdk/sdk-go/ /app/sdk/sdk-go/
COPY sdk/tests/go-api/ /app/sdk/tests/go-api/
RUN CGO_ENABLED=0 GOOS=linux go build -a -installsuffix cgo -o go-api .

# Production stage - minimal Alpine image
FROM alpine:latest AS runner

# Install ca-certificates, wget for health check, and create non-root user
RUN apk --no-cache add ca-certificates wget \
&& addgroup --system --gid 1001 appgroup \
&& adduser --system --uid 1001 --ingroup appgroup appuser

Comment on lines +28 to +31
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Fix Alpine user/group creation flags (build will fail)

Alpine (BusyBox) uses -S, not --system. Current commands are Debian-style and likely error.

-RUN apk --no-cache add ca-certificates wget \
-  && addgroup --system --gid 1001 appgroup \
-  && adduser --system --uid 1001 --ingroup appgroup appuser
+RUN apk --no-cache add ca-certificates wget \
+  && addgroup -g 1001 -S appgroup \
+  && adduser -u 1001 -S -G appgroup appuser
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN apk --no-cache add ca-certificates wget \
&& addgroup --system --gid 1001 appgroup \
&& adduser --system --uid 1001 --ingroup appgroup appuser
RUN apk --no-cache add ca-certificates wget \
&& addgroup -g 1001 -S appgroup \
&& adduser -u 1001 -S -G appgroup appuser
🤖 Prompt for AI Agents 
In sdk/tests/go-api/Dockerfile around lines 28 to 31, the addgroup/adduser calls
use Debian-style long flags which fail on Alpine/BusyBox; replace --system with
-S, --gid with -g, --uid with -u, and --ingroup with -G (so addgroup uses -S -g
<gid> <name> and adduser uses -S -u <uid> -G <group> <user>) to make the
commands compatible with Alpine.

# Set working directory
WORKDIR /app

# Copy the binary from builder stage
COPY --from=builder --chown=appuser:appgroup /app/sdk/tests/go-api/go-api .

# Switch to non-root user
USER appuser

# Expose port 8080
EXPOSE 8080

# Set environment variables
ENV PORT=8080

# Health check
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1

# Run the binary
CMD ["./go-api"]
100 changes: 100 additions & 0 deletions sdk/tests/go-api/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,100 @@
# Go API for SelfBackendVerifier Testing

This is a Go API server that provides endpoints for testing the SelfBackendVerifier functionality, equivalent to the TypeScript API version.

## Setup

1. Initialize Go module dependencies:
```bash
go mod tidy
```

2. Build the project:
```bash
go build -o go-api
```

3. Run the server:
```bash
./go-api
```

Or run directly with Go:
```bash
go run main.go
```

## API Endpoints

### Health Check
```
GET /health
```
Returns server status and timestamp.

### Verify Attestation
```
POST /api/verify
Content-Type: application/json

{
"attestationId": 1,
"proof": {
"a": ["...", "..."],
"b": [["...", "..."], ["...", "..."]],
"c": ["...", "..."]
},
"publicSignals": ["...", "...", "..."],
"userContextData": "..."
}
```

### Environment Variables

- `PORT`: Server port (default: 8080)

### Storage

This API uses in-memory storage for testing purposes:
- Verification configuration is hard-coded (minimum age: 18, excludes PAK/IRN, OFAC enabled)
- Configuration data is stored in memory
- Data is lost when server restarts


## Docker Setup

### Building and Running with Docker

**Option 1: Using the build script (Recommended)**
```bash
# From the monorepo root directory
./sdk/tests/go-api/docker-build.sh

# Run the container
docker run -p 8080:8080 selfxyz-go-api:latest
```

**Option 2: Manual Docker build**
```bash
# From the monorepo root directory
docker build -f sdk/tests/go-api/Dockerfile -t selfxyz-go-api:latest .

# Run the container
docker run -p 8080:8080 selfxyz-go-api:latest
```

**Option 3: Using Docker Compose**
```bash
# From the go-api directory
cd sdk/tests/go-api
docker-compose up --build
```

The Docker container includes:
- Health check endpoint at `/health`
- Automatic restart policy
- Non-root user for security

### Docker Environment Variables

- `PORT`: Server port (default: 8080)
Loading
Loading