@abtnode/auth 1.16.0-beta-ad6df3ae → 1.16.0-beta-7a7d5d97
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/auth.js +12 -13
- package/lib/server.js +46 -19
- package/package.json +8 -7
package/lib/auth.js
CHANGED
|
@@ -110,8 +110,8 @@ const messages = {
|
|
|
110
110
|
zh: '无效的凭证签名',
|
|
111
111
|
},
|
|
112
112
|
passportRevoked: {
|
|
113
|
-
en: (issuer) => `Passport has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
|
|
114
|
-
zh: (issuer) =>
|
|
113
|
+
en: (title, issuer) => `Passport ${title} has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
|
|
114
|
+
zh: (title, issuer) => `通行证 ${title} 已被${issuer ? ' ' : ''}${issuer || ''}${issuer ? ' ' : ''}吊销`,
|
|
115
115
|
},
|
|
116
116
|
notOwner: {
|
|
117
117
|
en: 'The account does not match the owner account of this passport, please use the DID wallet that contains the owner account of this passport to receive.',
|
|
@@ -219,17 +219,13 @@ const messages = {
|
|
|
219
219
|
en: 'This NFT is for another blocklet server',
|
|
220
220
|
zh: '您所提供的所有权 NFT 不属于当前节点',
|
|
221
221
|
},
|
|
222
|
-
|
|
223
|
-
en: 'Please provide
|
|
224
|
-
zh: '
|
|
222
|
+
requestBlockletSpaceNFT: {
|
|
223
|
+
en: 'Please provide Blocklet Space NFT',
|
|
224
|
+
zh: '请提供应用空间 NFT',
|
|
225
225
|
},
|
|
226
|
-
|
|
227
|
-
en: '
|
|
228
|
-
zh: '
|
|
229
|
-
},
|
|
230
|
-
serverlessNftIdRequired: {
|
|
231
|
-
en: 'Serverless NFT ID is required',
|
|
232
|
-
zh: '无服务 NFT ID 是必须的',
|
|
226
|
+
blockletSpaceNftIdRequired: {
|
|
227
|
+
en: 'Blocklet Space NFT ID is required',
|
|
228
|
+
zh: '应用空间 NFT ID 是必须的',
|
|
233
229
|
},
|
|
234
230
|
nftAlreadyConsume: {
|
|
235
231
|
en: 'This NFT has already been used',
|
|
@@ -1008,7 +1004,10 @@ const getPassportStatus = async ({ node, teamDid, userDid, vcId, locale = 'en' }
|
|
|
1008
1004
|
name: PASSPORT_STATUS_KEY,
|
|
1009
1005
|
label: messages.statusLabel[locale],
|
|
1010
1006
|
value: passport.status,
|
|
1011
|
-
reason:
|
|
1007
|
+
reason:
|
|
1008
|
+
passport.status === PASSPORT_STATUS.REVOKED
|
|
1009
|
+
? messages.passportRevoked[locale](passport.title, issuerName)
|
|
1010
|
+
: '',
|
|
1012
1011
|
},
|
|
1013
1012
|
],
|
|
1014
1013
|
}),
|
package/lib/server.js
CHANGED
|
@@ -2,7 +2,10 @@ const get = require('lodash/get');
|
|
|
2
2
|
const pick = require('lodash/pick');
|
|
3
3
|
const isEmpty = require('lodash/isEmpty');
|
|
4
4
|
const last = require('lodash/last');
|
|
5
|
+
const uniq = require('lodash/uniq');
|
|
6
|
+
const pRetry = require('p-retry');
|
|
5
7
|
const { isNFTExpired, isNFTConsumed } = require('@abtnode/util/lib/nft');
|
|
8
|
+
const axios = require('@abtnode/util/lib/axios');
|
|
6
9
|
const Client = require('@ocap/client');
|
|
7
10
|
const { fromPublicKey } = require('@ocap/wallet');
|
|
8
11
|
const { types } = require('@ocap/mcrypto');
|
|
@@ -64,6 +67,40 @@ const getTrustedIssuers = (nodeInfo) => {
|
|
|
64
67
|
return [nodeInfo.did, ...trustedPassports].filter(Boolean);
|
|
65
68
|
};
|
|
66
69
|
|
|
70
|
+
const getLauncherAppIdList = async (url) => {
|
|
71
|
+
try {
|
|
72
|
+
const urlObj = new URL('__blocklet__.js?type=json', url);
|
|
73
|
+
|
|
74
|
+
const func = async () => {
|
|
75
|
+
const { data } = await axios.get(urlObj.href);
|
|
76
|
+
const result = [data.appId, data.appPid];
|
|
77
|
+
if (Array.isArray(data.alsoKnownAs)) {
|
|
78
|
+
result.push(...data.alsoKnownAs);
|
|
79
|
+
}
|
|
80
|
+
|
|
81
|
+
return uniq(result.map((s) => s.trim()).filter(Boolean));
|
|
82
|
+
};
|
|
83
|
+
|
|
84
|
+
const delay = process.env.NODE_ENV === 'test' ? 100 : 5000;
|
|
85
|
+
|
|
86
|
+
const result = await pRetry(func, {
|
|
87
|
+
retries: 3,
|
|
88
|
+
minTimeout: delay,
|
|
89
|
+
maxTimeout: delay,
|
|
90
|
+
onFailedAttempt: (error) => {
|
|
91
|
+
logger.error(`attempt get launcher blocklet meta ${urlObj.href} failed.`, { error });
|
|
92
|
+
},
|
|
93
|
+
});
|
|
94
|
+
|
|
95
|
+
logger.info('launcher app id list:', { result, launcher: url });
|
|
96
|
+
|
|
97
|
+
return result;
|
|
98
|
+
} catch (error) {
|
|
99
|
+
logger.error(`get launcher blocklet meta ${url} failed.`, { error });
|
|
100
|
+
throw new Error(`get launcher blocklet meta ${url} failed: ${error.message}`);
|
|
101
|
+
}
|
|
102
|
+
};
|
|
103
|
+
|
|
67
104
|
const authenticateByVc = async ({
|
|
68
105
|
node,
|
|
69
106
|
locale,
|
|
@@ -112,7 +149,7 @@ const authenticateByVc = async ({
|
|
|
112
149
|
// Get user passport from vc
|
|
113
150
|
let passport = createUserPassport(vc);
|
|
114
151
|
if (user && isUserPassportRevoked(user, passport)) {
|
|
115
|
-
throw new Error(messages.passportRevoked[locale](name));
|
|
152
|
+
throw new Error(messages.passportRevoked[locale](passport.title, name));
|
|
116
153
|
}
|
|
117
154
|
|
|
118
155
|
// Get role from vc
|
|
@@ -190,7 +227,8 @@ const authenticateByNFT = async ({ node, claims, userDid, challenge, locale, isA
|
|
|
190
227
|
throw new Error(messages.invalidNftHolder[locale]);
|
|
191
228
|
}
|
|
192
229
|
|
|
193
|
-
|
|
230
|
+
const trustedLaunchers = await getLauncherAppIdList(get(info, 'launcher.url'));
|
|
231
|
+
if (!trustedLaunchers.includes(state.issuer)) {
|
|
194
232
|
throw new Error(messages.invalidNftIssuer[locale]);
|
|
195
233
|
}
|
|
196
234
|
|
|
@@ -283,10 +321,10 @@ const getAuthNFTClaim =
|
|
|
283
321
|
checkWalletVersion({ didwallet, locale });
|
|
284
322
|
if (launchType === 'serverless') {
|
|
285
323
|
if (!nftId) {
|
|
286
|
-
throw new Error(messages.
|
|
324
|
+
throw new Error(messages.blockletSpaceNftIdRequired[locale]);
|
|
287
325
|
}
|
|
288
326
|
|
|
289
|
-
return getServerlessNFTClaim(
|
|
327
|
+
return getServerlessNFTClaim(nftId, locale);
|
|
290
328
|
}
|
|
291
329
|
|
|
292
330
|
return getOwnershipNFTClaim(node, locale);
|
|
@@ -458,27 +496,15 @@ const getOwnershipNFTClaim = async (node, locale) => {
|
|
|
458
496
|
}
|
|
459
497
|
|
|
460
498
|
return {
|
|
461
|
-
description: messages.
|
|
499
|
+
description: messages.requestBlockletSpaceNFT[locale],
|
|
462
500
|
trustedIssuers: [info.ownerNft.issuer],
|
|
463
501
|
tag, // tag is an unique identifier for the server in launcher
|
|
464
502
|
};
|
|
465
503
|
};
|
|
466
504
|
|
|
467
|
-
const getServerlessNFTClaim = async (
|
|
468
|
-
const info = await node.getNodeInfo();
|
|
469
|
-
if (!info.ownerNft || !info.ownerNft.issuer) {
|
|
470
|
-
throw new Error(messages.noNft[locale]);
|
|
471
|
-
}
|
|
472
|
-
|
|
473
|
-
const chainHost = get(info, 'launcher.chainHost', '');
|
|
474
|
-
|
|
475
|
-
if (!chainHost) {
|
|
476
|
-
throw new Error(messages.noChainHost[locale]);
|
|
477
|
-
}
|
|
478
|
-
|
|
505
|
+
const getServerlessNFTClaim = async (nftId, locale) => {
|
|
479
506
|
return {
|
|
480
|
-
description: messages.
|
|
481
|
-
trustedIssuers: [info.ownerNft.issuer],
|
|
507
|
+
description: messages.requestBlockletSpaceNFT[locale],
|
|
482
508
|
address: nftId,
|
|
483
509
|
};
|
|
484
510
|
};
|
|
@@ -779,4 +805,5 @@ module.exports = {
|
|
|
779
805
|
getTrustedIssuers,
|
|
780
806
|
getAuthNFTClaim,
|
|
781
807
|
getServerlessNFTClaim,
|
|
808
|
+
getLauncherAppIdList,
|
|
782
809
|
};
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.16.0-beta-
|
|
6
|
+
"version": "1.16.0-beta-7a7d5d97",
|
|
7
7
|
"description": "Simple lib to manage auth in ABT Node",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -20,14 +20,14 @@
|
|
|
20
20
|
"author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
|
|
21
21
|
"license": "MIT",
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@abtnode/constant": "1.16.0-beta-
|
|
24
|
-
"@abtnode/logger": "1.16.0-beta-
|
|
25
|
-
"@abtnode/util": "1.16.0-beta-
|
|
23
|
+
"@abtnode/constant": "1.16.0-beta-7a7d5d97",
|
|
24
|
+
"@abtnode/logger": "1.16.0-beta-7a7d5d97",
|
|
25
|
+
"@abtnode/util": "1.16.0-beta-7a7d5d97",
|
|
26
26
|
"@arcblock/did": "1.18.64",
|
|
27
27
|
"@arcblock/jwt": "^1.18.64",
|
|
28
28
|
"@arcblock/vc": "1.18.64",
|
|
29
|
-
"@blocklet/constant": "1.16.0-beta-
|
|
30
|
-
"@blocklet/meta": "1.16.0-beta-
|
|
29
|
+
"@blocklet/constant": "1.16.0-beta-7a7d5d97",
|
|
30
|
+
"@blocklet/meta": "1.16.0-beta-7a7d5d97",
|
|
31
31
|
"@ocap/client": "1.18.64",
|
|
32
32
|
"@ocap/mcrypto": "1.18.64",
|
|
33
33
|
"@ocap/util": "1.18.64",
|
|
@@ -36,6 +36,7 @@
|
|
|
36
36
|
"joi": "17.7.0",
|
|
37
37
|
"jsonwebtoken": "^9.0.0",
|
|
38
38
|
"lodash": "^4.17.21",
|
|
39
|
+
"p-retry": "4.6.1",
|
|
39
40
|
"semver": "^7.3.8",
|
|
40
41
|
"transliteration": "^2.3.5",
|
|
41
42
|
"url-join": "^4.0.1"
|
|
@@ -43,5 +44,5 @@
|
|
|
43
44
|
"devDependencies": {
|
|
44
45
|
"jest": "^27.5.1"
|
|
45
46
|
},
|
|
46
|
-
"gitHead": "
|
|
47
|
+
"gitHead": "c25ddcc371454b2e2f7038aa5e64c7b7c27763cb"
|
|
47
48
|
}
|