@abtnode/auth 1.16.0-beta-1f8bf936 → 1.16.0-beta-58020de5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth.js +6 -3
- package/lib/server.js +43 -16
- package/package.json +15 -14
package/lib/auth.js
CHANGED
|
@@ -110,8 +110,8 @@ const messages = {
|
|
|
110
110
|
zh: '无效的凭证签名',
|
|
111
111
|
},
|
|
112
112
|
passportRevoked: {
|
|
113
|
-
en: (issuer) => `Passport has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
|
|
114
|
-
zh: (issuer) =>
|
|
113
|
+
en: (title, issuer) => `Passport ${title} has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
|
|
114
|
+
zh: (title, issuer) => `通行证 ${title} 已被${issuer ? ' ' : ''}${issuer || ''}${issuer ? ' ' : ''}吊销`,
|
|
115
115
|
},
|
|
116
116
|
notOwner: {
|
|
117
117
|
en: 'The account does not match the owner account of this passport, please use the DID wallet that contains the owner account of this passport to receive.',
|
|
@@ -1008,7 +1008,10 @@ const getPassportStatus = async ({ node, teamDid, userDid, vcId, locale = 'en' }
|
|
|
1008
1008
|
name: PASSPORT_STATUS_KEY,
|
|
1009
1009
|
label: messages.statusLabel[locale],
|
|
1010
1010
|
value: passport.status,
|
|
1011
|
-
reason:
|
|
1011
|
+
reason:
|
|
1012
|
+
passport.status === PASSPORT_STATUS.REVOKED
|
|
1013
|
+
? messages.passportRevoked[locale](passport.title, issuerName)
|
|
1014
|
+
: '',
|
|
1012
1015
|
},
|
|
1013
1016
|
],
|
|
1014
1017
|
}),
|
package/lib/server.js
CHANGED
|
@@ -2,7 +2,10 @@ const get = require('lodash/get');
|
|
|
2
2
|
const pick = require('lodash/pick');
|
|
3
3
|
const isEmpty = require('lodash/isEmpty');
|
|
4
4
|
const last = require('lodash/last');
|
|
5
|
+
const uniq = require('lodash/uniq');
|
|
6
|
+
const pRetry = require('p-retry');
|
|
5
7
|
const { isNFTExpired, isNFTConsumed } = require('@abtnode/util/lib/nft');
|
|
8
|
+
const axios = require('@abtnode/util/lib/axios');
|
|
6
9
|
const Client = require('@ocap/client');
|
|
7
10
|
const { fromPublicKey } = require('@ocap/wallet');
|
|
8
11
|
const { types } = require('@ocap/mcrypto');
|
|
@@ -64,6 +67,40 @@ const getTrustedIssuers = (nodeInfo) => {
|
|
|
64
67
|
return [nodeInfo.did, ...trustedPassports].filter(Boolean);
|
|
65
68
|
};
|
|
66
69
|
|
|
70
|
+
const getLauncherAppIdList = async (url) => {
|
|
71
|
+
try {
|
|
72
|
+
const urlObj = new URL('__blocklet__.js?type=json', url);
|
|
73
|
+
|
|
74
|
+
const func = async () => {
|
|
75
|
+
const { data } = await axios.get(urlObj.href);
|
|
76
|
+
const result = [data.appId, data.appPid];
|
|
77
|
+
if (Array.isArray(data.alsoKnownAs)) {
|
|
78
|
+
result.push(...data.alsoKnownAs);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
return uniq(result.map((s) => s.trim()).filter(Boolean));
|
|
82
|
+
};
|
|
83
|
+
|
|
84
|
+
const delay = process.env.NODE_ENV === 'test' ? 100 : 5000;
|
|
85
|
+
|
|
86
|
+
const result = await pRetry(func, {
|
|
87
|
+
retries: 3,
|
|
88
|
+
minTimeout: delay,
|
|
89
|
+
maxTimeout: delay,
|
|
90
|
+
onFailedAttempt: (error) => {
|
|
91
|
+
logger.error(`attempt get launcher blocklet meta ${urlObj.href} failed.`, { error });
|
|
92
|
+
},
|
|
93
|
+
});
|
|
94
|
+
|
|
95
|
+
logger.info('launcher app id list:', { result, launcher: url });
|
|
96
|
+
|
|
97
|
+
return result;
|
|
98
|
+
} catch (error) {
|
|
99
|
+
logger.error(`get launcher blocklet meta ${url} failed.`, { error });
|
|
100
|
+
throw new Error(`get launcher blocklet meta ${url} failed: ${error.message}`);
|
|
101
|
+
}
|
|
102
|
+
};
|
|
103
|
+
|
|
67
104
|
const authenticateByVc = async ({
|
|
68
105
|
node,
|
|
69
106
|
locale,
|
|
@@ -112,7 +149,7 @@ const authenticateByVc = async ({
|
|
|
112
149
|
// Get user passport from vc
|
|
113
150
|
let passport = createUserPassport(vc);
|
|
114
151
|
if (user && isUserPassportRevoked(user, passport)) {
|
|
115
|
-
throw new Error(messages.passportRevoked[locale](name));
|
|
152
|
+
throw new Error(messages.passportRevoked[locale](passport.title, name));
|
|
116
153
|
}
|
|
117
154
|
|
|
118
155
|
// Get role from vc
|
|
@@ -190,7 +227,8 @@ const authenticateByNFT = async ({ node, claims, userDid, challenge, locale, isA
|
|
|
190
227
|
throw new Error(messages.invalidNftHolder[locale]);
|
|
191
228
|
}
|
|
192
229
|
|
|
193
|
-
|
|
230
|
+
const trustedLaunchers = await getLauncherAppIdList(get(info, 'launcher.url'));
|
|
231
|
+
if (!trustedLaunchers.includes(state.issuer)) {
|
|
194
232
|
throw new Error(messages.invalidNftIssuer[locale]);
|
|
195
233
|
}
|
|
196
234
|
|
|
@@ -286,7 +324,7 @@ const getAuthNFTClaim =
|
|
|
286
324
|
throw new Error(messages.serverlessNftIdRequired[locale]);
|
|
287
325
|
}
|
|
288
326
|
|
|
289
|
-
return getServerlessNFTClaim(
|
|
327
|
+
return getServerlessNFTClaim(nftId, locale);
|
|
290
328
|
}
|
|
291
329
|
|
|
292
330
|
return getOwnershipNFTClaim(node, locale);
|
|
@@ -464,21 +502,9 @@ const getOwnershipNFTClaim = async (node, locale) => {
|
|
|
464
502
|
};
|
|
465
503
|
};
|
|
466
504
|
|
|
467
|
-
const getServerlessNFTClaim = async (
|
|
468
|
-
const info = await node.getNodeInfo();
|
|
469
|
-
if (!info.ownerNft || !info.ownerNft.issuer) {
|
|
470
|
-
throw new Error(messages.noNft[locale]);
|
|
471
|
-
}
|
|
472
|
-
|
|
473
|
-
const chainHost = get(info, 'launcher.chainHost', '');
|
|
474
|
-
|
|
475
|
-
if (!chainHost) {
|
|
476
|
-
throw new Error(messages.noChainHost[locale]);
|
|
477
|
-
}
|
|
478
|
-
|
|
505
|
+
const getServerlessNFTClaim = async (nftId, locale) => {
|
|
479
506
|
return {
|
|
480
507
|
description: messages.requestServerlessNFT[locale],
|
|
481
|
-
trustedIssuers: [info.ownerNft.issuer],
|
|
482
508
|
address: nftId,
|
|
483
509
|
};
|
|
484
510
|
};
|
|
@@ -779,4 +805,5 @@ module.exports = {
|
|
|
779
805
|
getTrustedIssuers,
|
|
780
806
|
getAuthNFTClaim,
|
|
781
807
|
getServerlessNFTClaim,
|
|
808
|
+
getLauncherAppIdList,
|
|
782
809
|
};
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.16.0-beta-
|
|
6
|
+
"version": "1.16.0-beta-58020de5",
|
|
7
7
|
"description": "Simple lib to manage auth in ABT Node",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -20,22 +20,23 @@
|
|
|
20
20
|
"author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
|
|
21
21
|
"license": "MIT",
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@abtnode/constant": "1.16.0-beta-
|
|
24
|
-
"@abtnode/logger": "1.16.0-beta-
|
|
25
|
-
"@abtnode/util": "1.16.0-beta-
|
|
26
|
-
"@arcblock/did": "1.18.
|
|
27
|
-
"@arcblock/jwt": "^1.18.
|
|
28
|
-
"@arcblock/vc": "1.18.
|
|
29
|
-
"@blocklet/constant": "1.16.0-beta-
|
|
30
|
-
"@blocklet/meta": "1.16.0-beta-
|
|
31
|
-
"@ocap/client": "1.18.
|
|
32
|
-
"@ocap/mcrypto": "1.18.
|
|
33
|
-
"@ocap/util": "1.18.
|
|
34
|
-
"@ocap/wallet": "1.18.
|
|
23
|
+
"@abtnode/constant": "1.16.0-beta-58020de5",
|
|
24
|
+
"@abtnode/logger": "1.16.0-beta-58020de5",
|
|
25
|
+
"@abtnode/util": "1.16.0-beta-58020de5",
|
|
26
|
+
"@arcblock/did": "1.18.64",
|
|
27
|
+
"@arcblock/jwt": "^1.18.64",
|
|
28
|
+
"@arcblock/vc": "1.18.64",
|
|
29
|
+
"@blocklet/constant": "1.16.0-beta-58020de5",
|
|
30
|
+
"@blocklet/meta": "1.16.0-beta-58020de5",
|
|
31
|
+
"@ocap/client": "1.18.64",
|
|
32
|
+
"@ocap/mcrypto": "1.18.64",
|
|
33
|
+
"@ocap/util": "1.18.64",
|
|
34
|
+
"@ocap/wallet": "1.18.64",
|
|
35
35
|
"axios": "^0.27.2",
|
|
36
36
|
"joi": "17.7.0",
|
|
37
37
|
"jsonwebtoken": "^9.0.0",
|
|
38
38
|
"lodash": "^4.17.21",
|
|
39
|
+
"p-retry": "4.6.1",
|
|
39
40
|
"semver": "^7.3.8",
|
|
40
41
|
"transliteration": "^2.3.5",
|
|
41
42
|
"url-join": "^4.0.1"
|
|
@@ -43,5 +44,5 @@
|
|
|
43
44
|
"devDependencies": {
|
|
44
45
|
"jest": "^27.5.1"
|
|
45
46
|
},
|
|
46
|
-
"gitHead": "
|
|
47
|
+
"gitHead": "9d3f47f9827acf13e9efea38cd605d3b36f9f523"
|
|
47
48
|
}
|