refactor(oid4vc): resolve security warnings, harden schema validation, and fix linting

Signed-off-by: Sagar Khole <sagar.khole@ayanworks.com>

Author: sagarkhole4

apps/oid4vc-issuance/libs/helpers/credential-sessions.builder.ts

@@ -539,17 +539,33 @@ function buildJwtVcJsonLdCredential(
   const vct = (templateRecord.attributes as any)?.vct;
   let typeName = '';
   if ('string' === typeof vct) {
-    const lastSlash = vct.lastIndexOf('/');
-    typeName = -1 !== lastSlash ? vct.substring(lastSlash + 1) : vct;
+    const cleanVct = vct.replace(/\/+$/, '');
+    const lastSlash = cleanVct.lastIndexOf('/');
+    typeName = -1 !== lastSlash ? cleanVct.substring(lastSlash + 1) : cleanVct;
   } else {
     typeName = templateRecord.name.replace(/\s+/g, '');
   }
 
   const templateContext = (templateRecord.attributes as any)?.context;
-  const context = Array.isArray(templateContext) ? templateContext : ['https://www.w3.org/2018/credentials/v1'];
+  const context = Array.isArray(templateContext) ? [...templateContext] : ['https://www.w3.org/2018/credentials/v1'];
+  const requiredContextUrl = 'https://www.w3.org/2018/credentials/v1';
+  const normalizeUrlForComparison = (value: unknown): string | null => {
+    if ('string' !== typeof value) {
+      return null;
+    }
+    try {
+      return new URL(value).toString();
+    } catch {
+      return null;
+    }
+  };
+  const normalizedRequiredContext = normalizeUrlForComparison(requiredContextUrl);
+  const hasRequiredContext = context.some(
+    (ctx) => null !== normalizedRequiredContext && normalizeUrlForComparison(ctx) === normalizedRequiredContext
+  );
 
-  if (!context.includes('https://www.w3.org/2018/credentials/v1')) {
-    context.unshift('https://www.w3.org/2018/credentials/v1');
+  if (!hasRequiredContext) {
+    context.unshift(requiredContextUrl);
   }
 
   const wrappedPayload: Record<string, any> = {

apps/oid4vc-issuance/src/oid4vc-issuance.service.ts

@@ -98,10 +98,28 @@ export class Oid4vcIssuanceService {
       let internalSchemaId: string | undefined;
 
       if ('schemaUrl' in template && template.schemaUrl) {
-        const parts = template.schemaUrl.split('/');
-        const potentialUuid = parts[parts.length - 1];
-        if (uuidRegex.test(potentialUuid)) {
-          internalSchemaId = potentialUuid;
+        let isInternal = false;
+        try {
+          const schemaUrlObj = new URL(template.schemaUrl);
+          const serverUrlStr = process.env.SCHEMA_FILE_SERVER_URL;
+          if (serverUrlStr) {
+            const serverUrlObj = new URL(serverUrlStr);
+            if (schemaUrlObj.hostname === serverUrlObj.hostname) {
+              isInternal = true;
+            }
+          }
+        } catch (error) {
+          if (process.env.SCHEMA_FILE_SERVER_URL && template.schemaUrl.startsWith(process.env.SCHEMA_FILE_SERVER_URL)) {
+            isInternal = true;
+          }
+        }
+
+        if (isInternal) {
+          const parts = template.schemaUrl.split('/');
+          const potentialUuid = parts[parts.length - 1];
+          if (uuidRegex.test(potentialUuid)) {
+            internalSchemaId = potentialUuid;
+          }
         }
       }
 
@@ -113,7 +131,7 @@ export class Oid4vcIssuanceService {
             .toPromise();
         } catch (error) {
           this.logger.error(`Error fetching schema ${internalSchemaId} from ledger: ${error.message}`);
-          return;
+          throw new NotFoundException(`Schema with ID ${internalSchemaId} not found or unreachable: ${error.message}`);
         }
 
         if (schemaResponse && schemaResponse.attributes) {