build(docker): Create Docker Compose file for local setup WITHOUT using Postgres/LogTo [DEV-2681]

.env.example

@@ -1,14 +1,14 @@
-MAINNET_RPC_URL=https://rpc.cheqd.net:443
-TESTNET_RPC_URL=https://rpc.cheqd.network:443
+MAINNET_RPC_URL="https://rpc.cheqd.net:443"
+TESTNET_RPC_URL="https://rpc.cheqd.network:443"
 RESOLVER_URL="https://resolver.cheqd.net/1.0/identifiers/"
-ALLOWED_ORIGINS="http://localhost:8787"
 APPLICATION_BASE_URL="http://localhost:8787"
+ALLOWED_ORIGINS="http://localhost:8787"
 
 # Database
-ENABLE_EXTERNAL_DB="false"
-EXTERNAL_DB_CONNECTION_URL=postgres://logto:password@localhost:5432/logto
+ENABLE_EXTERNAL_DB="string,default:false"
+EXTERNAL_DB_CONNECTION_URL="postgres://<user>:<password>@<host>:<port>/<database>"
 EXTERNAL_DB_ENCRYPTION_KEY="<db-encryption-key>"
-# EXTERNAL_DB_CERT="certs/issuer.crt"
+EXTERNAL_DB_CERT="<path/to/extenal-db-cert>"
 
 # OpenId
 LOGTO_RESOURCE_URL='http://localhost:8787'

.github/workflows/build.yml

@@ -58,7 +58,7 @@ jobs:
         uses: docker/build-push-action@v4
         with:
           context: .
-          file: Dockerfile
+          file: docker/Dockerfile
           platforms: linux/amd64
           load: true
           target: runner

README.md

@@ -50,34 +50,39 @@ The application allows configuring the following parameters using environment va
 
 #### Network API endpoints
 
-1. `MAINNET_RPC_URL`: RPC endpoint for cheqd mainnet. (Default: `https://rpc.cheqd.net:443`)
-2. `TESTNET_RPC_URL`: RPC endpoint for cheqd testnet. (`https://rpc.cheqd.network:443`)
+1. `MAINNET_RPC_URL`: RPC endpoint for cheqd mainnet (Default: `https://rpc.cheqd.net:443`).
+2. `TESTNET_RPC_URL`: RPC endpoint for cheqd testnet (`https://rpc.cheqd.network:443`).
 3. `RESOLVER_URL`: API endpoint for a [DID Resolver](https://github.com/cheqd/did-resolver) endpoint that supports `did:cheqd`.
-4. `APPLICATION_BASE_URL`: URL of the application (external domain name)
+4. `APPLICATION_BASE_URL`: URL of the application (external domain name).
+5. `ALLOWED_ORIGINS`: CORS allowed origins used in the app.
 
 #### Veramo KMS Database
 
 The application supports two modes in which keys are managed: either just storing them in-memory while a container is running, or persisting them in a PostgresSQL database with Veramo SDK. Using an external Postgres database allows for "custodian" mode where identity and cheqd/Cosmos keys can be offloaded by client applications to be stored in the database.
 
-1. `DB_CONNECTION_URL`: Postgres database connection URL, e.g. `postgres://<user>:<password>@<host>:<port>/<database>`
-2. `DB_ENCRYPTION_KEY`: Secret key used to encrypt the Veramo key-specific database tables. This adds a layer of protection by not storing the database in plaintext.
-3. `DB_CERTIFICATE`: Custom CA certificate required to connect to the database (optional).
+1. `ENABLE_EXTERNAL_DB`: Turns external database on/off (Default: `false`). If `ENABLE_EXTERNAL_DB=true`, then define below environment variables in `.env` file:
+    - `DB_CONNECTION_URL`: Postgres database connection URL, e.g. `postgres://<user>:<password>@<host>:<port>/<database>`.
+    - `DB_ENCRYPTION_KEY`: Secret key used to encrypt the Veramo key-specific database tables. This adds a layer of protection by not storing the database in plaintext.
+    - `DB_CERTIFICATE`: Custom CA certificate required to connect to the database (optional).
+    - `POSTGRES_USER`: Postgres database username using in database connection URL.
+    - `POSTGRES_PASSWORD`: Postgres database password using in database connection URL.
+    - `POSTGRES_DB`: Postgres database name using in database connection URL.
+    > **Note:** `POSTGRES_USER`, `POSTGRES_PASSWORD`, and `POSTGRES_DB` environment variables need only for [running your own credential-service using Docker](#running-your-own-credential-service-using-docker).
 
 #### API Authentication using LogTo
 
 By default, the application has API authentication disabled (which can be changed in configuration). If, however, you'd like to run the app with API authentication features, the following variables need to be configured.
 
 We use a self-hosted version of [LogTo](https://logto.io/), which supports OpenID Connect. Theoretically, these values could also be replaced with [LogTo Cloud](http://cloud.logto.io/) or any other OpenID Connect identity provider.
 
-1. `ENABLE_AUTHENTICATION`: Turns API authentication guards on/off. (Default: `false`)
+1. `ENABLE_AUTHENTICATION`: Turns API authentication guards on/off (Default: `false`). If `ENABLE_AUTHENTICATION=false`, then define below environment variable in `.env` file:
+    - `DEFAULT_CUSTOMER_ID`: Customer/user in LogTo to use for unauthenticated users.
 2. `LOGTO_ENDPOINT`: API endpoint for LogTo server
 3. `LOGTO_RESOURCE_URL`: API resource associated with application
 4. `LOGTO_APP_ID`: Application ID from LogTo. For now, Application is supposed to be a TraditionalWeb
 5. `LOGTO_APP_SECRET`: Application secret. Also should encrypted in deployment
-6. `ALLOWED_ORIGINS`: CORS allowed origins used in the app
-7. `DEFAULT_CUSTOMER_ID`: Customer/user in LogTo to use for unauthenticated users
-8. `ALL_SCOPES`: List of all scopes. Should be a string with scopes divided by whitespace, like `account:create account:read did:create`
-9. `COOKIE_SECRET`: Secret for cookie encryption.
+6. `ALL_SCOPES`: List of all scopes. Should be a string with scopes divided by whitespace, like `account:create account:read did:create`
+7. `COOKIE_SECRET`: Secret for cookie encryption.
 
 ### 3rd Party Connectors
 
@@ -87,11 +92,10 @@ The app supports 3rd party connectors for credential storage and delivery.
 
 The app's [Verida Network](https://www.verida.network/) connector can be enabled to deliver generated credentials to Verida Wallet.
 
-1. `ENABLE_VERIDA_CONNECTOR`: Turns Verida connector on/off. (Default: `false`)
-2. `VERIDA_NETWORK`: Verida Network type to connect to. (Default: `testnet`)
-3. `VERIDA_PRIVATE_KEY`: Secret key for Verida Network API.
-4. `POLYGON_RPC_URL`: Polygon Network RPC URL for connections.
-5. `POLYGON_PRIVATE_KEY`: Secret key for Polygon Network.
+1. `ENABLE_VERIDA_CONNECTOR`: Turns Verida connector on/off (Default: `false`). If `ENABLE_VERIDA_CONNECTOR=true`, then define below environment variables in `.env` file:
+    - `VERIDA_NETWORK`: Verida Network type to connect to. (Default: `testnet`)
+    - `VERIDA_PRIVATE_KEY`: Secret key for Verida Network API.
+    - `POLYGON_PRIVATE_KEY`: Secret key for Polygon Network.
 
 ### Run the application
 
@@ -102,31 +106,53 @@ docker pull postgres
 docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d postgres
 ```
 
-Construct the postgres url and configure the env variables mentioned above
+Construct the postgres URL and configure the env variables mentioned above.
 
-Once configured, the app can be run using NPM:
+Once configured, install dependencies and the app can be build using NPM:
 
 ```bash
-npm start
+npm install
+npm run build
 ```
 
-## 🧑‍💻🛠 Developer Guide
+Run migration using NPM:
 
-### Build using NPM
+```bash
+npm run migration
+```
 
-Dependencies can be installed using NPM or any other node package manager.
+The app can be run using NPM:
 
 ```bash
-npm install
-npm run build
+npm start
 ```
 
+## 🧑‍💻🛠 Developer Guide
+
+### Running your own credential-service using Docker
+
+Construct the postgres URL and configure the env variables mentioned above.
+
+Spinning up a Docker container from the [pre-built credential-service Docker image on Github](https://github.com/cheqd/credential-service/pkgs/container/credential-service) is as simple as the command below:
+
+- Running credential-service using Docker with external database:
+
+    ```bash
+    docker compose -f docker/docker-compose.yml up --detach
+  ```
+
+- Running credential-service using Docker without external database (In memory database):
+
+    ```bash
+    docker compose -f docker/docker-compose.yml up credential-service --detach
+    ```
+
 ### Build using Docker
 
-To build and run in Docker, use the [Dockerfile](Dockerfile) provided.
+To build and run in Docker, use the [Dockerfile](docker/Dockerfile) provided.
 
 ```bash
-docker build -t credential-service .
+docker build --file docker/Dockerfile --tag credential-service .
 ```
 
 ## 🐞 Bug reports & 🤔 feature requests
@@ -142,4 +168,3 @@ Please reach out to us there for discussions, help, and feedback on the project.
 ## 🙋 Find us elsewhere
 
 [![Telegram](https://img.shields.io/badge/Telegram-2CA5E0?style=for-the-badge\&logo=telegram\&logoColor=white)](https://t.me/cheqd) [![Discord](https://img.shields.io/badge/Discord-7289DA?style=for-the-badge\&logo=discord\&logoColor=white)](http://cheqd.link/discord-github) [![Twitter](https://img.shields.io/badge/Twitter-1DA1F2?style=for-the-badge\&logo=twitter\&logoColor=white)](https://twitter.com/intent/follow?screen\_name=cheqd\_io) [![LinkedIn](https://img.shields.io/badge/LinkedIn-0077B5?style=for-the-badge\&logo=linkedin\&logoColor=white)](http://cheqd.link/linkedin) [![Slack](https://img.shields.io/badge/Slack-4A154B?style=for-the-badge\&logo=slack\&logoColor=white)](http://cheqd.link/join-cheqd-slack) [![Medium](https://img.shields.io/badge/Medium-12100E?style=for-the-badge\&logo=medium\&logoColor=white)](https://blog.cheqd.io) [![YouTube](https://img.shields.io/badge/YouTube-FF0000?style=for-the-badge\&logo=youtube\&logoColor=white)](https://www.youtube.com/channel/UCBUGvvH6t3BAYo5u41hJPzw/)
-

docker/.env.example

@@ -0,0 +1,38 @@
+MAINNET_RPC_URL="https://rpc.cheqd.net:443"
+TESTNET_RPC_URL="https://rpc.cheqd.network:443"
+RESOLVER_URL="https://resolver.cheqd.net/1.0/identifiers/"
+APPLICATION_BASE_URL="http://localhost:8787"
+ALLOWED_ORIGINS="http://localhost:8787"
+
+# Database
+ENABLE_EXTERNAL_DB="string,default:false"
+EXTERNAL_DB_CONNECTION_URL="postgres://<user>:<password>@<host>:<port>/<database>"
+EXTERNAL_DB_ENCRYPTION_KEY="<db-encryption-key>"
+EXTERNAL_DB_CERT="<path/to/extenal-db-cert>"
+POSTGRES_USER="<user>"
+POSTGRES_PASSWORD="<password>"
+POSTGRES_DB="<database>"
+
+# OpenId
+LOGTO_RESOURCE_URL='http://localhost:8787'
+
+# LogTo
+LOGTO_ENDPOINT='http://localhost:3001'
+LOGTO_APP_ID='ldfsr...rq432'
+LOGTO_APP_SECRET='sdf...sdf'
+
+# Authentication
+ENABLE_AUTHENTICATION="false"
+DEFAULT_CUSTOMER_ID="default customer id"
+
+# verida
+ENABLE_VERIDA_CONNECTOR="false"
+VERIDA_PRIVATE_KEY="akjvncanv....avoa"
+POLYGON_PRIVATE_KEY="alnvca...dvncioa"
+VERIDA_NETWORK="testnet"
+POLYGON_RPC_URL=""
+
+ISSUER_ID_PRIVATE_KEY_HEX="akjvncanv....avoa"
+ISSUER_ID_PUBLIC_KEY_HEX="alnvca...dvncioa"
+ISSUER_DID="did:cheqd:testnet:afcnoa...adv"
+FEE_PAYER_MNEMONIC="sketch mountain ....."

Dockerfile → docker/Dockerfile

@@ -42,14 +42,17 @@ RUN npm ci
 
 # Base arguments: build-time
 ARG NPM_CONFIG_LOGLEVEL=warn
-ARG PORT=3000
+ARG PORT=8787
 
 # Network API endpoints: build-time
 ARG MAINNET_RPC_URL=https://rpc.cheqd.net:443
 ARG TESTNET_RPC_URL=https://rpc.cheqd.network:443
 ARG RESOLVER_URL=https://resolver.cheqd.net/1.0/identifiers/
 
 # Veramo Database configuration: build-time
+ARG POSTGRES_USER
+ARG POSTGRES_PASSWORD
+ARG POSTGRES_DB
 ARG DB_CONNECTION_URL
 ARG DB_ENCRYPTION_KEY
 ARG DB_CERTIFICATE
@@ -83,6 +86,9 @@ ENV RESOLVER_URL ${RESOLVER_URL}
 ENV APPLICATION_BASE_URL ${APPLICATION_BASE_URL}
 
 # Environment variables: Veramo Database configuration
+ENV POSTGRES_USER ${POSTGRES_USER}
+ENV POSTGRES_PASSWORD ${POSTGRES_PASSWORD}
+ENV POSTGRES_DB ${POSTGRES_DB}
 ENV DB_CONNECTION_URL ${DB_CONNECTION_URL}
 ENV DB_ENCRYPTION_KEY ${DB_ENCRYPTION_KEY}
 ENV DB_CERTIFICATE ${DB_CERTIFICATE}
@@ -114,6 +120,3 @@ EXPOSE ${PORT}
 # Set user and shell
 USER node
 SHELL ["/bin/bash", "-euo", "pipefail", "-c"]
-
-# Run the application
-CMD ["npm", "start"]

docker/docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3.8'
+
+# CAUTION: Please ensure you edit necessary values in .env before using this Docker Compose file.
+
+# SYNTAX: docker compose -f docker/docker-compose.yml up --detach
+
+services:
+  credential-service:
+    # OPTIONAL: Rebuild cheqd credential-service Docker image, if you want build your own
+    # Default is to pull in the pre-published image on GitHub Container Registry
+    # SYNTAX: docker compose -f docker/docker-compose.yml build
+    # build:
+    #   context: ../
+    #   dockerfile: docker/Dockerfile
+    # CAUTION: Change image section's value if building your own image in section below
+    image: ghcr.io/cheqd/credential-service:latest
+    ports:
+      - 8787:8787
+    env_file:
+      - .env
+    entrypoint: "npm run compose-run"
+
+  database:
+    image: postgres
+    user: postgres
+    ports:
+      - 5432:5432
+    env_file:
+      - .env

package.json

@@ -29,7 +29,8 @@
 		"lint": "eslint --max-warnings=0 src && prettier --check '*.{json,js}' 'src/**/*.{js,ts}' 'test/**/*.{js,ts}'",
 		"test": "jest --config jestconfig.json --verbose",
 		"typeorm": "typeorm-ts-node-esm  -d ./dist/src/database/ormconfig.js",
-		"migration": "npm run typeorm migration:generate . && npm run typeorm migration:run"
+		"migration": "npm run typeorm migration:generate . && npm run typeorm migration:run",
+		"compose-run": "npm run migration && npm run start"
 	},
 	"eslintConfig": {
 		"root": true,

src/types/environment.d.ts

@@ -18,7 +18,6 @@ declare global {
       EXTERNAL_DB_CONNECTION_URL: string
       EXTERNAL_DB_ENCRYPTION_KEY: string
       EXTERNAL_DB_CERT: string | undefined
-      ISSUER_DATABASE_CERT: string | undefined
       APPLICATION_BASE_URL: string
 
       // LogTo