fix: w3c vc document qr code uri

[isaackps]

Summary

W3C document's uri is not decoded thus having a redirection issue.

Changes

• updated the code to decode the uri

Issues

redirection not working

Releases

Channels: latest
ETA: Any target release date

Summary by CodeRabbit

• Bug Fixes
  • Improved handling of W3C Verifiable Credential QR code links by using decoded URLs, ensuring more reliable scanning and opening.
  • Applies across key document types and statuses, including Certificates of Origin, Electronic Promissory Notes, Electronic Bills of Lading, Invoices, and Warehouse Receipts (e.g., default/redacted/revoked/expired, operative/inoperative).
  • Legacy OA links remain unchanged.

[coderabbitai]

Walkthrough

Replaced direct W3C VC QR code URIs with decodeURIComponent(...) for all relevant DocumentStatus entries in DocumentsData.ts. OA (Legacy) entries continue using decodeOAString(...). Data structures, exports, and function signatures are unchanged.

Changes

Cohort / File(s)	Summary of changes
QR URI decoding update src/data/DocumentsData.ts	Switched all W3C VC QR code URIs to decode via decodeURIComponent(docs..qrCode.uri) across 14 statuses (CoO, ePN, eBL, Invoice, Warehouse Receipt). OA (Legacy) entries unchanged. Note: decodeURIComponent may throw on invalid percent escapes; no try/catch added.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

I nibbled through URIs, percent by percent,
Decoding each crumb with careful intent.
OA stays cozy, unchanged in its burrow,
While VC links breathe like dawn’s first furrow.
Thump-thump! says the reviewer’s heart—
One file, clean hops; a tidy start. 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/w3c-document-uri

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[netlify]

✅ Deploy Preview for tradetrust-gallery ready!

Name	Link
🔨 Latest commit	cf6c5c5
🔍 Latest deploy log	https://app.netlify.com/projects/tradetrust-gallery/deploys/689eebd5a85633000827c570
😎 Deploy Preview	https://deploy-preview-17--tradetrust-gallery.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between c93a1ea and cf6c5c5.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• src/data/DocumentsData.ts (5 hunks)

🔇 Additional comments (1)

src/data/DocumentsData.ts (1)

95-95: Good fix — decoding the W3C VC QR code URI here addresses the redirect bug

Decoding the QR code’s encoded URI before use is the right move and aligns with the PR objective. This should resolve the redirection issue.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Harden URI decoding: wrap decodeURIComponent in a safe helper and reuse it across all W3C entries

decodeURIComponent throws on malformed percent-escapes (e.g., stray "%"), which would crash rendering if any JSON has an unexpected value. OA uses a guarded decoder already; mirror that for W3C to be robust and DRY.

Apply this diff to replace direct calls with a safe helper:

-            'W3C VC': decodeURIComponent(docs.coo_default.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_default.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_redacted.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_redacted.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_revoked.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_revoked.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_expired.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_expired.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.epn_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.epn_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.epn_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.epn_inoperative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.bol_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.bol_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.bol_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.bol_inoperative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_default.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_default.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_redacted.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_redacted.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_revoked.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_revoked.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_expired.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_expired.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.whr_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.whr_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.whr_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.whr_inoperative.qrCode.uri),

Add this helper near decodeOAString:

const decodeUriSafe = (value: string) => {
  try {
    return decodeURIComponent(value);
  } catch {
    return value;
  }
};

Optional verification script to quickly sanity-check repository JSONs for risky percent-escapes that could throw in decodeURIComponent:

Also applies to: 102-102, 109-109, 116-116, 136-136, 143-143, 162-162, 169-169, 189-189, 196-196, 203-203, 210-210, 229-229, 236-236

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Heuristic scan for the JSON payloads referenced in this file and inspect qrCode.uri values.
python - << 'PY'
import os, re, json

# Filenames referenced by DocumentsData.ts (W3C ones only)
names = {
  'certificate-of-origin-default.json',
  'certificate-of-origin-redacted.json',
  'certificate-of-origin-revoked.json',
  'certificate-of-origin-expired.json',
  'electronic-promissory-note-operative.json',
  'electronic-promissory-note-inoperative.json',
  'bill-of-lading-operative.json',
  'bill-of-lading-inoperative.json',
  'invoice-default.json',
  'invoice-redacted.json',
  'invoice-revoked.json',
  'invoice-expired.json',
  'warehouse-receipt-operative.json',
  'warehouse-receipt-inoperative.json',
}

def find_files(root='.'):
  for dirpath, _, filenames in os.walk(root):
    for f in filenames:
      if f in names:
        yield os.path.join(dirpath, f)

def find_qr_uris(obj):
  # Recursively find any obj like {"qrCode": {"uri": "<...>"}}
  if isinstance(obj, dict):
    if 'qrCode' in obj and isinstance(obj['qrCode'], dict) and 'uri' in obj['qrCode']:
      val = obj['qrCode']['uri']
      if isinstance(val, str):
        yield val
    for v in obj.values():
      yield from find_qr_uris(v)
  elif isinstance(obj, list):
    for it in obj:
      yield from find_qr_uris(it)

files = list(find_files('.'))
if not files:
  print('No referenced W3C JSON files found. If they’re stored under public/static, ensure they exist on this branch.')
else:
  for p in sorted(files):
    try:
      with open(p, 'r', encoding='utf-8') as fh:
        data = json.load(fh)
    except Exception as e:
      print(f'[PARSE-ERROR] {p}: {e}')
      continue
    uris = list(find_qr_uris(data))
    if not uris:
      print(f'[NO-URI] {p}')
      continue
    for u in uris:
      has_pct = bool(re.search(r'%[0-9A-Fa-f]{2}', u))
      has_bad = bool(re.search(r'%(?![0-9A-Fa-f]{2})', u))
      print(f'[OK] {p} | encoded={has_pct} | potentially_malformed={has_bad} | sample="{u[:120]}"')
PY

Length of output: 4078

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Search for decodeURIComponent occurrences ==="
rg -n --hidden -S "decodeURIComponent" || true

echo
echo "=== Show src/data/DocumentsData.ts with line numbers (if present) ==="
if [ -f src/data/DocumentsData.ts ]; then
  nl -ba src/data/DocumentsData.ts | sed -n '1,320p'
else
  echo "File src/data/DocumentsData.ts not found"
fi

echo
echo "=== Search for decodeOAString helper ==="
rg -n --hidden -S "decodeOAString" || true

echo
echo "=== Search for existing decodeUriSafe helper (to avoid duplicate) ==="
rg -n --hidden -S "decodeUriSafe" || true

Length of output: 2014

---

Harden URI decoding: add a guarded decodeUriSafe and use it for all W3C VC entries

decodeURIComponent can throw on malformed percent-escapes (e.g. stray "%") — add a small safe wrapper and replace direct calls to avoid runtime crashes.

• File: src/data/DocumentsData.ts
  • add the helper near the existing decodeOAString (decodeOAString found at ~line 72)
  • replace direct calls at these lines: 95, 102, 109, 116, 136, 143, 162, 169, 189, 196, 203, 210, 229, 236
  • consider updating decodeOAString's internal decodeURIComponent to use decodeUriSafe as well

Apply this diff to replace direct calls:

-            'W3C VC': decodeURIComponent(docs.coo_default.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_default.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_redacted.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_redacted.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_revoked.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_revoked.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.coo_expired.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.coo_expired.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.epn_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.epn_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.epn_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.epn_inoperative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.bol_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.bol_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.bol_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.bol_inoperative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_default.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_default.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_redacted.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_redacted.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_revoked.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_revoked.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.inv_expired.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.inv_expired.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.whr_operative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.whr_operative.qrCode.uri),

-            'W3C VC': decodeURIComponent(docs.whr_inoperative.qrCode.uri),
+            'W3C VC': decodeUriSafe(docs.whr_inoperative.qrCode.uri),

Add this helper near decodeOAString:

const decodeUriSafe = (value: string) => {
  try {
    return decodeURIComponent(value);
  } catch {
    return value;
  }
};

Note: I scanned the repo — decodeURIComponent occurrences exist at the lines above, and the public/static W3C JSONs in this branch show percent-encoded URIs (no malformed percent-escapes found), but runtime protection is still recommended.

🤖 Prompt for AI Agents

In src/data/DocumentsData.ts around line ~72 and affecting lines
95,102,109,116,136,143,162,169,189,196,203,210,229,236: decodeURIComponent is
used directly for W3C VC URIs and can throw on malformed percent-escapes; add a
small safe wrapper function (named decodeUriSafe) near the existing
decodeOAString (around line 72) that returns the original string on decode
errors, replace all direct decodeURIComponent calls at the listed lines with
decodeUriSafe, and update decodeOAString to call decodeUriSafe instead of
decodeURIComponent so all URI decoding is guarded against exceptions.