simplified

levhitaIncode · levhitaIncode · commit e96cf0694ac2 · 2026-03-26T16:28:44.000-06:00
diff --git a/example_backend.js b/example_backend.js
@@ -40,37 +40,7 @@ const start = async function (identityId) {
 };
 
 // Public: Verify the authentication by checking the score and session data
-const verifyAuthentication = async function (interviewId, token, candidate) {
-  const session = await getSession(interviewId);
-
-  // Prevents usage of session that doesn't exist.
-  if (!session) {
-    return {
-      // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "No session found for interviewId " + interviewId,
-      valid: false,
-    };
-  }
-  
-  // Prevents reuse of the same session.
-  if (session.status !== "pending") {
-    return {
-      // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "Session already used for interviewId " + interviewId,
-      valid: false,
-    };
-  }
-
-  // Prevents usage of token from another interviewId.
-  if (session.token !== token) {
-    // Mark the session as rejected.
-    await updateSession(interviewId, "rejected");
-    return {
-      // Detailed debug message, in production you might want to avoid exposing internal details.
-      message: "Token mismatch for interviewId " + interviewId,
-      valid: false,
-    };
-  }
+const getResults = async function (interviewId, token, candidate) {
 
   // Prevents usage of candidate that doesn't match the identityId stored in session.
   if (session.identityId !== candidate) {
@@ -79,77 +49,71 @@ const verifyAuthentication = async function (interviewId, token, candidate) {
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
       message: "identityId and candidate mismatch for interviewId " + interviewId,
-      valid: false,
+      isValid: false,
     };
   }
 
-  // Finishing the session stop it from being changed further and triggers score calculation and business rules.
-  await finish(token); // Mark session as finished in Incode backend
+  // Finishing the session triggers score calculation and business rules.
+  await finishStatus(token); // Mark session as finished in Incode backend
+  // Closing the session stop it from being changed, all /add/ endpoints will be rejected after this, and the score will be frozen.
+  await setStatusClosed(token); // Mark session as closed in Incode backend
+  
   
   let identityId, scoreStatus;
   try {
     // At this point we already verified that the token matches, but
     // to be clear about our intentions, we use the token stored in the
     // database to get the identityId and compare it with the candidate.
-    const scoreResponse = await getScore(session.token);
+    const scoreResponse = await getScore(token);
     identityId = scoreResponse.authentication.identityId;
     scoreStatus = scoreResponse.overall.status;
   } catch (e) {
-    // Mark the session as rejected.
-    await updateSession(interviewId, "rejected");
     // If there is an error communicating with API, we consider validation failed.
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
       message: "Error validating authentication for interviewId " + interviewId + ": " + e.message,
-      valid: false,
+      isValid: false,
     };
   }
 
   // renderFaceAuth returns candidate, which should match identityId from score,
   // this prevents tampering of the identityId in the frontend.
   if (identityId !== candidate) {
-    // Mark the session as rejected.
-    await updateSession(interviewId, "rejected");
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
       message: "Session data doesn't match for interviewId " + interviewId,
-      valid: false,
+      isValid: false,
     };
   }
 
   // If backend score overall status is not OK, validation fails.
   if (scoreStatus !== "OK") {
-    // Mark the session as rejected.
-    await updateSession(interviewId, "rejected");
     return {
       // Detailed debug message, in production you might want to avoid exposing internal details.
       message: "Face Validation failed for interviewId " + interviewId,
-      valid: false,
+      isValid: false,
     };
   }
 
-  // Mark the session as approved since all checks passed.
-  await updateSession(interviewId, "approved");
-
   // Only valid if all checks passed, we return the identityId that was validated.
   return {
     // Detailed debug message, in production you might want to avoid exposing internal details.
     message: "Face Validation succeeded for interviewId " + interviewId,
-    valid: true,
+    isValid: true,
     identityId: identityId,
   };
 };
 
 // Private: Calls Incode's `omni/finish-status` API mark the session as finished
-const finish = async function (token) {
+const finishStatus = async function (token) {
   const url = `${apiurl}/omni/finish-status`;
 
   let sessionHeaders = { ...defaultHeader };
   sessionHeaders["X-Incode-Hardware-Id"] = token;
 
   let response;
   try {
-    response = await fetch(url, { method: "GET", headers: sessionHeaders });
+    response = await fetch(url, { method: "POST", body: "{}", headers: sessionHeaders });
     if (!response.ok) {
       throw new Error("Request failed with code " + response.status);
     }
@@ -160,6 +124,27 @@ const finish = async function (token) {
   return { redirectionUrl, action };
 };
 
+// Private: Calls Incode's `omni/session/status/set?action=Closed` API to close the session
+const setStatusClosed = async function (token) {
+  const url = `${apiurl}/omni/session/status/set?action=Closed`;
+
+  let sessionHeaders = { ...defaultHeader };
+  sessionHeaders["X-Incode-Hardware-Id"] = token;
+
+  let response;
+  try {
+    response = await fetch(url, { method: "POST", body: "{}", headers: sessionHeaders });
+    if (!response.ok) {
+      throw new Error("Request failed with code " + response.status);
+    }
+  } catch (e) {
+    throw new Error("HTTP Post Error: " + e.message);
+  }
+  const results = await response.json();
+  console.log({results});
+  return results;
+};
+
 // Private: Call Incode's `omni/get/score` API to retrieve the score for the session
 const getScore = async function (token) {
   const url = `${apiurl}/omni/get/score`;
@@ -226,92 +211,7 @@ const getScore = async function (token) {
   return score;
 };
 
-/** Helper functions for sessions saving and retrieval from IndexedDB,
- * in production this should be handled with your backend or secure storage */
-
-// Local database helper functions using IndexedDB
-const DB_NAME = "AuthenticationDB";
-const DB_VERSION = 1;
-const STORE_NAME = "sessions";
-
-// Initialize IndexedDB
-function initDB() {
-  return new Promise((resolve, reject) => {
-    const request = indexedDB.open(DB_NAME, DB_VERSION);
-
-    request.onerror = () => reject(request.error);
-    request.onsuccess = () => resolve(request.result);
 
-    request.onupgradeneeded = (event) => {
-      const db = event.target.result;
-      if (!db.objectStoreNames.contains(STORE_NAME)) {
-        const objectStore = db.createObjectStore(STORE_NAME, { keyPath: "interviewId" });
-        objectStore.createIndex("interviewId", "interviewId", { unique: true });
-      }
-    };
-  });
-}
-
-// Read a specific session from IndexedDB by interviewId
-async function getSession(interviewId) {
-  const db = await initDB();
-  return new Promise((resolve, reject) => {
-    const transaction = db.transaction([STORE_NAME], "readonly");
-    const objectStore = transaction.objectStore(STORE_NAME);
-    const request = objectStore.get(interviewId);
-
-    request.onsuccess = () => resolve(request.result);
-    request.onerror = () => reject(request.error);
-  });
-}
-
-// Add a new session to the database
-async function addSession(interviewId, token, identityId) {
-  const db = await initDB();
-  return new Promise((resolve, reject) => {
-    const transaction = db.transaction([STORE_NAME], "readwrite");
-    const objectStore = transaction.objectStore(STORE_NAME);
-    const session = {
-      interviewId,
-      token,
-      identityId,
-      status: "pending",
-      timestamp: new Date().toISOString(),
-    };
-    const request = objectStore.add(session);
-
-    request.onsuccess = () => resolve(session);
-    request.onerror = () => reject(request.error);
-  });
-}
-
-// Update validation status for a session
-async function updateSession(interviewId, status) {
-  
-  if (status !== "rejected" && status !== "approved") {
-    throw new Error("Invalid status. Must be 'rejected' or 'approved'.");
-  }
-  
-  const db = await initDB();
-  return new Promise((resolve, reject) => {
-    const transaction = db.transaction([STORE_NAME], "readwrite");
-    const objectStore = transaction.objectStore(STORE_NAME);
-    const getRequest = objectStore.get(interviewId);
-
-    getRequest.onsuccess = () => {
-      const session = getRequest.result;
-      if (session) {
-        session.status = status;
-        const updateRequest = objectStore.put(session);
-        updateRequest.onsuccess = () => resolve(session);
-        updateRequest.onerror = () => reject(updateRequest.error);
-      } else {
-        resolve(null);
-      }
-    };
-    getRequest.onerror = () => reject(getRequest.error);
-  });
-}
 
-const exampleBackend = { start, verifyAuthentication }
+const exampleBackend = { start, getResults }
 export default exampleBackend;
diff --git a/main.js b/main.js
@@ -60,35 +60,35 @@ function finishAuthentication(response) {
   container.innerHTML = `
         <h1>Authentication Process Finished</h1>
         <p><strong>Candidate:</strong> ${candidate}</p>
-        <button id="verify-authentication-btn">Verify Authentication</button>
+        <button id="get-results-btn">Get Results</button>
       `;
-  document.getElementById("verify-authentication-btn").addEventListener("click", verifyAuthentication);
+  document.getElementById("get-results-btn").addEventListener("click", getResults);
 }
 
 // 4.- Verify the authentication against the score
-async function verifyAuthentication() {
-  console.log("Verifying authentication for candidate:", candidate);
+async function getResults() {
+  console.log("Getting results of the authentication");
   try {
-    const validationResult = await exampleBackend.verifyAuthentication(
+    const results = await exampleBackend.getResults(
       incodeSession.interviewId,
       incodeSession.token,
       candidate,
     );
-    console.log("Validation result:", validationResult);
+    console.log("Result:", results);
 
     const container = document.getElementById("finish-container");
     container.innerHTML += `
       <hr>
       <h2>Authentication Verification</h2>
       <p><strong>Interview ID:</strong> ${incodeSession.interviewId}</p>
       <p><strong>Candidate:</strong> ${candidate}</p>
-      <p><strong>Identity ID:</strong> ${validationResult.identityId || "N/A"}</p>
-      <p><strong>Message:</strong> ${validationResult.message}</p>
-      <p><strong>Authentication Valid:</strong> <span style="color: ${validationResult.valid ? "green" : "red"}; font-weight: bold;">${
-        validationResult.valid ? "✓ VALID" : "✗ INVALID"
+      <p><strong>Identity ID:</strong> ${results.identityId || "N/A"}</p>
+      <p><strong>Message:</strong> ${results.message}</p>
+      <p><strong>Authentication Valid:</strong> <span style="color: ${results.isValid ? "green" : "red"}; font-weight: bold;">${
+        results.isValid ? "✓ VALID" : "✗ INVALID"
       }</span></p>
     `;
-    document.getElementById("verify-authentication-btn").addEventListener("click", verifyAuthentication);
+    document.getElementById("get-results-btn").addEventListener("click", getResults);
   } catch (e) {
     showError(e);
   }
