Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@
},
"dependencies": {
"@deltablot/dropzone": "^7.4.3",
"@e4a/pg-js": "^1.10.0",
"@e4a/pg-js": "^1.11.0",
"@iconify/svelte": "^5.2.1",
"@privacybydesign/yivi-css": "^1.0.1",
"country-flag-icons": "^1.6.17",
Expand Down
23 changes: 6 additions & 17 deletions src/lib/components/filesharing/SendButton.svelte
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
import { MAX_UPLOAD_SIZE, ROLLING_LIMIT } from '$lib/env'
import { parseLimitExceededBody, bytesToGB } from '$lib/usage'
import { recordUpload, getLocalUsedBytes } from '$lib/localUsage'
import { SIGN_ATTRIBUTES } from './signAttributes'

interface props {
encryptState: EncryptState
Expand All @@ -37,7 +38,7 @@
const emailRegex =
/^[a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$/

let canEncrypt = $derived(() => {
let canEncrypt = $derived.by(() => {
if (encryptState.files.length === 0) return false
const totalSize = encryptState.files.reduce((a, f) => a + f.size, 0)
if (totalSize >= MAX_UPLOAD_SIZE) return false
Expand Down Expand Up @@ -138,7 +139,7 @@
await tick()

try {
if (!canEncrypt()) return
if (!canEncrypt) return

// Build recipients
const recipients = encryptState.recipients.map(
Expand All @@ -151,23 +152,11 @@
}
)

// Build sign method — email always included, other attributes optional
// Build sign method — email is always required; name is optional
// (any of four credentials accepted). See signAttributes.ts.
const sign = pg.sign.yivi({
element: '#crypt-irma-qr',
attributes: [
{
t: 'pbdf.gemeente.personalData.fullname',
optional: true,
},
{
t: 'pbdf.sidn-pbdf.mobilenumber.mobilenumber',
optional: true,
},
{
t: 'pbdf.gemeente.personalData.dateofbirth',
optional: true,
},
],
attributes: SIGN_ATTRIBUTES,
includeSender: true,
})

Expand Down
37 changes: 37 additions & 0 deletions src/lib/components/filesharing/signAttributes.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
import type { AttrConItem } from '@e4a/pg-js'

/**
* Yivi attributes the sender may disclose when signing a PostGuard file
* share. The PKG prepends the mandatory email attribute automatically.
*
* The first entry is an optional name disjunction — the sender may prove
* their name from any one of four credentials, or skip entirely:
*
* - `pbdf.gemeente.personalData.fullname` (Dutch municipality), OR
* - `pbdf.pbdf.passport.{firstName,lastName}`, OR
* - `pbdf.pbdf.idcard.{firstName,lastName}`, OR
* - `pbdf.pbdf.drivinglicence.{firstName,lastName}`.
*
* The leading `[]` alternative makes the whole group optional per Yivi
* convention — senders without any of these credentials can still send.
*/
export const SIGN_ATTRIBUTES: AttrConItem[] = [
[
[],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Rule: promised-vs-delivered] This leading [] makes the whole name group optional, but the PR body promises name is mandatory ("the signer must disclose a name", test plan: "confirm disclosure refuses" without any of the four credentials). Pick one: remove [] (and update the doc comment above) to match the PR body, or update the PR body + test plan to match the optional-name behavior the code actually implements.

[{ t: 'pbdf.gemeente.personalData.fullname' }],
[
{ t: 'pbdf.pbdf.passport.firstName' },
{ t: 'pbdf.pbdf.passport.lastName' },
],
[
{ t: 'pbdf.pbdf.idcard.firstName' },
{ t: 'pbdf.pbdf.idcard.lastName' },
],
[
{ t: 'pbdf.pbdf.drivinglicence.firstName' },
{ t: 'pbdf.pbdf.drivinglicence.lastName' },
],
],
{ t: 'pbdf.sidn-pbdf.mobilenumber.mobilenumber', optional: true },
{ t: 'pbdf.gemeente.personalData.dateofbirth', optional: true },
]
4 changes: 2 additions & 2 deletions src/lib/locales/en.json
Original file line number Diff line number Diff line change
Expand Up @@ -202,15 +202,15 @@
"emailSender": "Email address",
"emailSenderHeading": "Your information",
"emailSenderSubHeadingToggle": "Why do you need this information?",
"emailSenderSubHeading": "Let the recipient(s) know these files are from you. Before sending, you sign the files by proving your email address and any additional personal data with the Yivi app.",
"emailSenderSubHeading": "Let the recipient(s) know these files are from you. Before sending, you sign the files with the Yivi app by proving your email address. You can optionally also share your name from a municipality, passport, ID card, or driving licence.",
"messageHeading": "Message (optional)",
"messageText": "This message will not be encrypted and will be included in the notification email.",
"messagePlaceholder": "Type your message here...",
"encryptSend": "Sign & send",
"yiviInfo": "What is Yivi?",
"yiviInfoText": "Yivi is a free and privacy-friendly authentication app. With Yivi you can prove who you are by selectively sharing personal data, such as your email address, phone number, or name. At PostGuard we use Yivi to securely encrypt and decrypt files.",
"yiviInfoLink": "Learn more about Yivi",
"yiviTip": "Tip: In the Yivi app you can add optional data. This way you let the recipient(s) know for sure that these files come from you.",
"yiviTip": "Tip: In the Yivi app you can also add an optional phone number or date of birth. This way you let the recipient(s) know for sure that these files come from you.",
"sending": "Your files are being sent",
"retrying": "Connection hiccup, retrying… (attempt {attempt} of {max})",
"encrypting": "Encrypting & uploading...",
Expand Down
4 changes: 2 additions & 2 deletions src/lib/locales/nl.json
Original file line number Diff line number Diff line change
Expand Up @@ -201,15 +201,15 @@
"emailSender": "E-mailadres",
"emailSenderHeading": "Jouw gegevens",
"emailSenderSubHeadingToggle": "Waarom heb je deze gegevens nodig?",
"emailSenderSubHeading": "Laat de ontvanger(s) weten dat deze bestanden van jou afkomstig zijn. Voor het verzenden onderteken je de bestanden door je e-mailadres en eventuele aanvullende persoonlijke gegevens aan te tonen met de Yivi-app.",
"emailSenderSubHeading": "Laat de ontvanger(s) weten dat deze bestanden van jou afkomstig zijn. Voor het verzenden onderteken je de bestanden met de Yivi-app door je e-mailadres aan te tonen. Je kunt optioneel ook je naam delen vanuit je gemeente, paspoort, ID-kaart of rijbewijs.",
"messageHeading": "Bericht (optioneel)",
"messageText": "Dit bericht wordt niet versleuteld en wordt opgenomen in de notificatie-e-mail.",
"messagePlaceholder": "Typ hier je bericht...",
"encryptSend": "Onderteken & verzend",
"yiviInfo": "Wat is Yivi?",
"yiviInfoText": "Yivi is een gratis en privacy-vriendelijke authenticatie-app. Met Yivi kun je bewijzen wie je bent door selectief persoonlijke gegevens te delen, zoals je e-mailadres, telefoonnummer of naam. Bij PostGuard gebruiken we Yivi om bestanden veilig te versleutelen en ontsleutelen.",
"yiviInfoLink": "Meer informatie over Yivi",
"yiviTip": "Tip: In de Yivi-app kun je optionele gegevens toevoegen. Zo laat je de ontvanger(s) zeker weten dat deze bestanden van jou komen.",
"yiviTip": "Tip: In de Yivi-app kun je ook een optioneel telefoonnummer of geboortedatum toevoegen. Zo laat je de ontvanger(s) zeker weten dat deze bestanden van jou komen.",
"sending": "Je bestanden worden verzonden",
"retrying": "Verbindingshapering, opnieuw proberen… (poging {attempt} van {max})",
"encrypting": "Ondertekenen & verzenden...",
Expand Down