I just merged some improvements to cert-verifier-js and wanted to give developers a heads up about the changes:
Clean up and reliability
The general goal was to make this code clearer by:
- More functional checks; reduce confusing state transitions
- Avoiding the mega verificationState object
- Making version-specific checks clearer
- Improve testability and readability
This cleanup was critical for reducing complexity before adding support for other blockchains, such as Ethereum. It could certainly use even more future-proofing refactoring in this regard, but this is a start.
Also, per issue 9, I strongly suspected some flawed async handling in the previous code. I migrated to async/await where possible. (I did need to create new promises e.g. for Promises.all). Tested and audited for promise resolve/rejects and it generally is acting a lot more stable and performant.
Also I love lambdas as you will soon see…
Configuration settings enabling better transaction lookup practices
This change includes some configuration settings that will allow you to experiment with better practices when relying on Blockchain APIs, briefly discussed in issue 8 and in the community forum in response to some feedback regarding SkipChain.
The high level concerns when relying on blockchain APIs are:
- Consulting only 1 API is a single point of failure (SPOF)
- What if one of the services is compromised and returning invalid information?
This change introduced a framework to allow multiple APIs to be consulted to compare results, which would cause verification to fail if one of the services were returning inconsistent information. You can experiment with the MinimumBlockchainExplorers setting in config/default.js. Note that only 2 blockchain connectors are included at the moment, so don’t set the minimum higher (it will fail because your constraint can’t be met).
In any case, this should make the framework for adding a connector clearer, any contributions to the open source are welcome. Other connectors (local bitcoin node, SPV) would be welcome too!
This configuration setting is described more in the README “Experimenting with …” section. Also check out the general notes regarding securely looking up a transaction.