Merge pull request #388 from openwallet-foundation-labs/fix/dpop

fix: apply correct url for dpop check

Author: cre8

.codecov.yml

@@ -26,8 +26,7 @@ ignore:
   - "dist/"
   - "apps/client/**"
   - "apps/dcapi/**"
-  - "apps/webhook/**"
-  - "apps/verifier-app/**"
+  - "apps/webhook/**"  
   - "apps/tmp/**"
   - "monitor/**"
   - "packages/**"

.github/copilot-instructions.md

@@ -1,10 +1,10 @@
 # Copilot Instructions for EUDIPLO
 
 ## Project Architecture
-- **Monorepo**: Contains multiple apps (backend, client, dcapi, verifier-app, webhook) and shared packages.
+- **Monorepo**: Contains multiple apps (backend, client, dcapi, webhook) and shared packages.
 - **Backend**: [apps/backend](../apps/backend) — NestJS API server, main business logic, protocol abstraction.
 - **Client**: [apps/client](../apps/client) — Angular web UI for managing credentials, keys, and sessions.
-- **Other Apps**: [apps/dcapi](../apps/dcapi) (Cloudflare Worker demo), [apps/webhook](../apps/webhook) (webhook simulator), [apps/verifier-app](../apps/verifier-app) (Angular verifier demo).
+- **Other Apps**: [apps/dcapi](../apps/dcapi) (Cloudflare Worker demo), [apps/webhook](../apps/webhook) (webhook simulator).
 - **Deployment**: [deployment/](../deployment) — Docker Compose configs for minimal/full setups. See [deployment/README.md](../deployment/README.md).
 - **Monitoring**: [monitor/](../monitor) — Prometheus & Grafana stack for observability.
 

.github/workflows/ci-and-release.yml

@@ -54,10 +54,6 @@ jobs:
         working-directory: apps/client
         run: pnpm dlx license-checker --production --onlyAllow "MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;0BSD;ISC"
 
-      - name: Run license check (verifier-app, production)
-        working-directory: apps/verifier-app
-        run: pnpm dlx license-checker --production --onlyAllow "MIT;Apache-2.0;BSD-2-Clause;BSD-3-Clause;0BSD;ISC"
-
   build-sdk-core:
     name: Build SDK Core
     permissions:
@@ -139,38 +135,12 @@ jobs:
       - name: Run linter
         run: pnpm run lint
 
+      - name: Build sdk core
+        run: pnpm --filter @eudiplo/sdk-core build
+
       - name: Build client
         run: pnpm --filter @eudiplo/client build
 
-  build-verifier:
-    name: Build Verifier App
-    permissions:
-      contents: read
-    runs-on: ubuntu-latest
-    needs: [lint]
-    steps:
-      - uses: actions/checkout@v6
-
-      - uses: pnpm/action-setup@v4
-        name: Install pnpm
-        with:
-          run_install: false
-
-      - name: Install Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24
-          cache: 'pnpm'
-
-      - name: Install dependencies
-        run: pnpm install
-
-      - name: Run linter
-        run: pnpm run lint
-
-      - name: Build verifier
-        run: pnpm --filter verifier-app build
-
   build-webhook:
     name: Build Webhook
     permissions:
@@ -248,7 +218,7 @@ jobs:
       contents: read
     name: E2E Tests
     runs-on: ubuntu-latest
-    needs: [build-backend, build-client, build-verifier, build-webhook]
+    needs: [build-backend, build-client, build-webhook]
     steps:
       - uses: actions/checkout@v6
 
@@ -446,37 +416,6 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
 
-  docker-verifier:
-    name: Build & Push Verifier Docker Image
-    needs: [build-verifier]
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    steps:
-      - uses: actions/checkout@v6
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to GitHub Container Registry
-        if: github.ref == 'refs/heads/main' && github.event_name == 'push'
-        uses: docker/login-action@v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build and push Verifier Docker image
-        uses: docker/build-push-action@v6
-        with:
-          context: .
-          target: verifier
-          push: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }}
-          tags: ghcr.io/openwallet-foundation-labs/eudiplo-verifier:main
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
   # =============================================================================
   # NPM Pre-release (Main Branch Only)
   # Publishes @eudiplo/sdk-core with a "main" tag as a pre-release version.
@@ -532,7 +471,7 @@ jobs:
   release:
     name: Create Versioned Release
     if: github.event_name == 'workflow_dispatch' && inputs.release == true
-    needs: [test-e2e, docker-backend, docker-client, docker-verifier]
+    needs: [test-e2e, docker-backend, docker-client]
     runs-on: ubuntu-latest
     permissions:
       contents: write

Dockerfile

@@ -14,9 +14,9 @@ RUN pnpm --filter @eudiplo/backend build
 RUN pnpm deploy --filter=@eudiplo/backend --prod /prod/backend
 
 FROM build AS build-frontend
-# Build SDK first (required by both Angular apps), then both frontend apps
-RUN pnpm --filter @eudiplo/sdk build
-RUN pnpm --filter @eudiplo/client --filter verifier-app build
+# Build SDK first (required by both Angular apps), then client
+RUN pnpm --filter @eudiplo/sdk-core build
+RUN pnpm --filter @eudiplo/client build
 
 FROM base AS eudiplo
 # Copy production dependencies for backend and built dist
@@ -95,50 +95,3 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \
 # Use our custom entrypoint script
 ENTRYPOINT ["/docker-entrypoint.sh"]
 CMD ["nginx", "-g", "daemon off;"]
-
-FROM nginx:alpine AS verifier
-# Copy the Angular build output into the nginx html directory.
-COPY --from=build-frontend /usr/src/app/apps/verifier-app/dist/verifier-app/browser /usr/share/nginx/html
-
-# Copy nginx configuration (using client's nginx config as template)
-COPY apps/client/nginx.conf /etc/nginx/nginx.conf
-
-# Copy entrypoint script
-COPY apps/client/docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
-
-# Accept VERSION as build argument and set as environment variable
-ARG VERSION=latest
-ENV VERSION=$VERSION
-
-# Environment variables with defaults
-ENV API_BASE_URL=http://localhost:3000
-
-# --- Security: Run as non-root user ---
-# Create nginx user/group and fix permissions
-RUN addgroup -g 101 -S nginx || true && \
-    adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx || true && \
-    chown -R nginx:nginx /usr/share/nginx/html && \
-    chown -R nginx:nginx /var/cache/nginx && \
-    chown -R nginx:nginx /var/log/nginx && \
-    chown -R nginx:nginx /etc/nginx/conf.d && \
-    touch /var/run/nginx.pid && \
-    chown -R nginx:nginx /var/run/nginx.pid
-
-USER nginx
-
-# Expose port 80
-EXPOSE 80
-
-# --- Healthcheck dependencies ---
-USER root
-RUN apk add --no-cache curl
-USER nginx
-
-# --- HEALTHCHECK (Verifier / Nginx) ---
-HEALTHCHECK --interval=30s --timeout=10s --start-period=20s --retries=3 \
-  CMD curl -f http://localhost/ || exit 1
-
-# Use our custom entrypoint script
-ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD ["nginx", "-g", "daemon off;"]

apps/backend/src/issuer/configuration/issuance/issuance.service.ts

@@ -127,7 +127,6 @@ export class IssuanceService {
      */
     async storeIssuanceConfiguration(tenantId: string, value: IssuanceDto) {
         value.display = await this.replaceUrl(value.display, tenantId);
-        console.log(value);
         return this.issuanceConfigRepo.save({
             ...value,
             tenantId,

apps/backend/src/issuer/issuance/oid4vci/oid4vci.service.ts

@@ -354,7 +354,7 @@ export class Oid4vciService {
         const { tokenPayload } = await resourceServer.verifyResourceRequest({
             authorizationServers: issuerMetadata.authorizationServers,
             request: {
-                url: `${protocol}//${req.host}${req.url}`,
+                url: `${this.configService.getOrThrow<string>("PUBLIC_URL")}${req.url}`,
                 method: req.method as HttpMethod,
                 headers,
             },
@@ -509,7 +509,7 @@ export class Oid4vciService {
         const { tokenPayload } = await resourceServer.verifyResourceRequest({
             authorizationServers: issuerMetadata.authorizationServers,
             request: {
-                url: `${protocol}//${req.host}${req.url}`,
+                url: `${this.configService.getOrThrow<string>("PUBLIC_URL")}${req.url}`,
                 method: req.method as HttpMethod,
                 headers,
             },

apps/backend/src/verifier/oid4vp/oid4vp.service.ts

@@ -85,7 +85,7 @@ export class Oid4vpService {
                 return rest;
             });
 
-            if (
+            /*             if (
                 await this.registrarService.isEnabledForTenant(session.tenantId)
             ) {
                 const registrationCert = JSON.parse(
@@ -100,7 +100,7 @@ export class Oid4vpService {
                         session.requestId!,
                         session.tenantId,
                     );
-            }
+            } */
             const nonce = randomUUID();
             await this.sessionService.add(session.id, {
                 vp_nonce: nonce,

apps/client/package.json

@@ -28,7 +28,7 @@
     "@angular/platform-browser-dynamic": "^21.1.1",
     "@angular/router": "^21.1.1",
     "@badgateway/oauth2-client": "^3.3.1",
-    "@eudiplo/sdk-angular": "workspace:*",
+    "@eudiplo/sdk-core": "workspace:*",
     "@keycloak/keycloak-admin-client": "^26.5.1",
     "@ngx-formly/core": "^7.0.1",
     "@ngx-formly/material": "^7.0.1",
@@ -70,4 +70,4 @@
     "typescript-eslint": "8.53.1"
   },
   "packageManager": "pnpm@10.13.1+sha512.37ebf1a5c7a30d5fabe0c5df44ee8da4c965ca0c5af3dbab28c3a1681b70a256218d05c81c9c0dcf767ef6b8551eb5b960042b9ed4300c59242336377e01cfad"
-}
+}

apps/client/src/app/app.component.ts

@@ -15,7 +15,7 @@ import { FlexLayoutModule } from 'ngx-flexible-layout';
 import { Subscription } from 'rxjs';
 import { filter } from 'rxjs/operators';
 import { JwtService, Role } from './services/jwt.service';
-import { ApiService } from '@eudiplo/sdk-angular';
+import { ApiService } from './core';
 
 @Component({
   selector: 'app-root',

apps/client/src/app/app.config.ts

@@ -14,9 +14,7 @@ import { ObjectTypeComponent } from './types/object.type';
 import { ArrayTypeComponent } from './types/array.type';
 import { provideMonacoEditor } from 'ngx-monaco-editor-v2';
 import schemas from './utils/schemas.json';
-import { provideHeyApiClient } from '@eudiplo/sdk-angular/api/client/client.gen';
-import { client } from '@eudiplo/sdk-angular/api/client.gen';
-import { authInterceptor } from '@eudiplo/sdk-angular';
+import { authInterceptor } from './core';
 
 declare let monaco: any;
 
@@ -34,7 +32,6 @@ export const appConfig: ApplicationConfig = {
     provideRouter(routes),
     importProvidersFrom(FlexLayoutModule),
     provideHttpClient(withInterceptors([authInterceptor]), withFetch()),
-    provideHeyApiClient(client),
     provideMonacoEditor({
       baseUrl: window.location.origin + '/assets/monaco/min/vs',
       onMonacoLoad,