Skip to content

Add Veriff request signing, structured error mapping, and unit tests#63

Merged
SaltProphet merged 1 commit intomainfrom
update-veriff.ts-for-signed-headers
Mar 6, 2026
Merged

Add Veriff request signing, structured error mapping, and unit tests#63
SaltProphet merged 1 commit intomainfrom
update-veriff.ts-for-signed-headers

Conversation

@SaltProphet
Copy link
Owner

@SaltProphet SaltProphet commented Mar 6, 2026

Motivation

  • Ensure Veriff session creation requests include a cryptographic request signature derived from VERIFF_SECRET_KEY so the API can verify request integrity.
  • Provide stable error classification and structured logging for rejected Veriff responses so operators can triage issues reliably.
  • Surface user-safe, specific error messages from createVerificationSession so the UI can differentiate configuration/auth/API problems.
  • Add unit tests to verify header/signature generation and failure-to-message mapping.

Description

  • Added createVeriffSessionSignature(payload, veriffSecretKey) which produces an HMAC-SHA256 hex signature and included it as X-HMAC-SIGNATURE on session creation requests.
  • Introduced classifyVeriffResponseStatus(status) to map HTTP status codes to stable classifications (bad_request, auth_error, rate_limited, service_unavailable, api_error) and added structured logging on rejected responses containing status, classification, and a bounded response preview.
  • Replaced generic error text returns with user-safe, classification-specific messages for configuration, auth, rate-limit, service-unavailable, request, and generic API failures in createVerificationSession.
  • Added unit tests in src/lib/veriff.test.ts covering deterministic signature generation, status classification, presence of the signed header on outgoing requests, and mapping failure statuses to the expected user-safe messages.

Testing

  • Ran npm test -- src/lib/veriff.test.ts and all tests passed: Test Suites: 1 passed, Tests: 13 passed.
  • The test suite verifies signature determinism, header injection on fetch calls, classification mapping, and that rejected responses are logged and mapped to user-safe messages.

Codex Task

@vercel
Copy link
Contributor

vercel bot commented Mar 6, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
secpriva Error Error Mar 6, 2026 1:52am

Request Review

@chatgpt-codex-connector
Copy link

chatgpt-codex-connector bot commented Mar 6, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@SaltProphet SaltProphet merged commit 817d52e into main Mar 6, 2026
2 of 9 checks passed
@SaltProphet SaltProphet deleted the update-veriff.ts-for-signed-headers branch March 6, 2026 01:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SaltProphet