@abtnode/auth 1.16.0-beta-ad6df3ae → 1.16.0-beta-7a7d5d97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/auth.js +12 -13
  2. package/lib/server.js +46 -19
  3. package/package.json +8 -7
package/lib/auth.js CHANGED
@@ -110,8 +110,8 @@ const messages = {
110
110
  zh: '无效的凭证签名',
111
111
  },
112
112
  passportRevoked: {
113
- en: (issuer) => `Passport has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
114
- zh: (issuer) => `通行证已被${issuer ? ' ' : ''}${issuer || ''}${issuer ? ' ' : ''}吊销`,
113
+ en: (title, issuer) => `Passport ${title} has been revoked${issuer ? ' by ' : ''}${issuer || ''}`,
114
+ zh: (title, issuer) => `通行证 ${title} 已被${issuer ? ' ' : ''}${issuer || ''}${issuer ? ' ' : ''}吊销`,
115
115
  },
116
116
  notOwner: {
117
117
  en: 'The account does not match the owner account of this passport, please use the DID wallet that contains the owner account of this passport to receive.',
@@ -219,17 +219,13 @@ const messages = {
219
219
  en: 'This NFT is for another blocklet server',
220
220
  zh: '您所提供的所有权 NFT 不属于当前节点',
221
221
  },
222
- requestNft: {
223
- en: 'Please provide server ownership NFT',
224
- zh: '请提供节点所有权 NFT',
222
+ requestBlockletSpaceNFT: {
223
+ en: 'Please provide Blocklet Space NFT',
224
+ zh: '请提供应用空间 NFT',
225
225
  },
226
- requestServerlessNFT: {
227
- en: 'Please provide serverless NFT',
228
- zh: '请提供无服务 NFT',
229
- },
230
- serverlessNftIdRequired: {
231
- en: 'Serverless NFT ID is required',
232
- zh: '无服务 NFT ID 是必须的',
226
+ blockletSpaceNftIdRequired: {
227
+ en: 'Blocklet Space NFT ID is required',
228
+ zh: '应用空间 NFT ID 是必须的',
233
229
  },
234
230
  nftAlreadyConsume: {
235
231
  en: 'This NFT has already been used',
@@ -1008,7 +1004,10 @@ const getPassportStatus = async ({ node, teamDid, userDid, vcId, locale = 'en' }
1008
1004
  name: PASSPORT_STATUS_KEY,
1009
1005
  label: messages.statusLabel[locale],
1010
1006
  value: passport.status,
1011
- reason: passport.status === PASSPORT_STATUS.REVOKED ? messages.passportRevoked[locale](issuerName) : '',
1007
+ reason:
1008
+ passport.status === PASSPORT_STATUS.REVOKED
1009
+ ? messages.passportRevoked[locale](passport.title, issuerName)
1010
+ : '',
1012
1011
  },
1013
1012
  ],
1014
1013
  }),
package/lib/server.js CHANGED
@@ -2,7 +2,10 @@ const get = require('lodash/get');
2
2
  const pick = require('lodash/pick');
3
3
  const isEmpty = require('lodash/isEmpty');
4
4
  const last = require('lodash/last');
5
+ const uniq = require('lodash/uniq');
6
+ const pRetry = require('p-retry');
5
7
  const { isNFTExpired, isNFTConsumed } = require('@abtnode/util/lib/nft');
8
+ const axios = require('@abtnode/util/lib/axios');
6
9
  const Client = require('@ocap/client');
7
10
  const { fromPublicKey } = require('@ocap/wallet');
8
11
  const { types } = require('@ocap/mcrypto');
@@ -64,6 +67,40 @@ const getTrustedIssuers = (nodeInfo) => {
64
67
  return [nodeInfo.did, ...trustedPassports].filter(Boolean);
65
68
  };
66
69
 
70
+ const getLauncherAppIdList = async (url) => {
71
+ try {
72
+ const urlObj = new URL('__blocklet__.js?type=json', url);
73
+
74
+ const func = async () => {
75
+ const { data } = await axios.get(urlObj.href);
76
+ const result = [data.appId, data.appPid];
77
+ if (Array.isArray(data.alsoKnownAs)) {
78
+ result.push(...data.alsoKnownAs);
79
+ }
80
+
81
+ return uniq(result.map((s) => s.trim()).filter(Boolean));
82
+ };
83
+
84
+ const delay = process.env.NODE_ENV === 'test' ? 100 : 5000;
85
+
86
+ const result = await pRetry(func, {
87
+ retries: 3,
88
+ minTimeout: delay,
89
+ maxTimeout: delay,
90
+ onFailedAttempt: (error) => {
91
+ logger.error(`attempt get launcher blocklet meta ${urlObj.href} failed.`, { error });
92
+ },
93
+ });
94
+
95
+ logger.info('launcher app id list:', { result, launcher: url });
96
+
97
+ return result;
98
+ } catch (error) {
99
+ logger.error(`get launcher blocklet meta ${url} failed.`, { error });
100
+ throw new Error(`get launcher blocklet meta ${url} failed: ${error.message}`);
101
+ }
102
+ };
103
+
67
104
  const authenticateByVc = async ({
68
105
  node,
69
106
  locale,
@@ -112,7 +149,7 @@ const authenticateByVc = async ({
112
149
  // Get user passport from vc
113
150
  let passport = createUserPassport(vc);
114
151
  if (user && isUserPassportRevoked(user, passport)) {
115
- throw new Error(messages.passportRevoked[locale](name));
152
+ throw new Error(messages.passportRevoked[locale](passport.title, name));
116
153
  }
117
154
 
118
155
  // Get role from vc
@@ -190,7 +227,8 @@ const authenticateByNFT = async ({ node, claims, userDid, challenge, locale, isA
190
227
  throw new Error(messages.invalidNftHolder[locale]);
191
228
  }
192
229
 
193
- if (state.issuer !== info.launcher.did) {
230
+ const trustedLaunchers = await getLauncherAppIdList(get(info, 'launcher.url'));
231
+ if (!trustedLaunchers.includes(state.issuer)) {
194
232
  throw new Error(messages.invalidNftIssuer[locale]);
195
233
  }
196
234
 
@@ -283,10 +321,10 @@ const getAuthNFTClaim =
283
321
  checkWalletVersion({ didwallet, locale });
284
322
  if (launchType === 'serverless') {
285
323
  if (!nftId) {
286
- throw new Error(messages.serverlessNftIdRequired[locale]);
324
+ throw new Error(messages.blockletSpaceNftIdRequired[locale]);
287
325
  }
288
326
 
289
- return getServerlessNFTClaim(node, nftId, locale);
327
+ return getServerlessNFTClaim(nftId, locale);
290
328
  }
291
329
 
292
330
  return getOwnershipNFTClaim(node, locale);
@@ -458,27 +496,15 @@ const getOwnershipNFTClaim = async (node, locale) => {
458
496
  }
459
497
 
460
498
  return {
461
- description: messages.requestNft[locale],
499
+ description: messages.requestBlockletSpaceNFT[locale],
462
500
  trustedIssuers: [info.ownerNft.issuer],
463
501
  tag, // tag is an unique identifier for the server in launcher
464
502
  };
465
503
  };
466
504
 
467
- const getServerlessNFTClaim = async (node, nftId, locale) => {
468
- const info = await node.getNodeInfo();
469
- if (!info.ownerNft || !info.ownerNft.issuer) {
470
- throw new Error(messages.noNft[locale]);
471
- }
472
-
473
- const chainHost = get(info, 'launcher.chainHost', '');
474
-
475
- if (!chainHost) {
476
- throw new Error(messages.noChainHost[locale]);
477
- }
478
-
505
+ const getServerlessNFTClaim = async (nftId, locale) => {
479
506
  return {
480
- description: messages.requestServerlessNFT[locale],
481
- trustedIssuers: [info.ownerNft.issuer],
507
+ description: messages.requestBlockletSpaceNFT[locale],
482
508
  address: nftId,
483
509
  };
484
510
  };
@@ -779,4 +805,5 @@ module.exports = {
779
805
  getTrustedIssuers,
780
806
  getAuthNFTClaim,
781
807
  getServerlessNFTClaim,
808
+ getLauncherAppIdList,
782
809
  };
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "1.16.0-beta-ad6df3ae",
6
+ "version": "1.16.0-beta-7a7d5d97",
7
7
  "description": "Simple lib to manage auth in ABT Node",
8
8
  "main": "lib/index.js",
9
9
  "files": [
@@ -20,14 +20,14 @@
20
20
  "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
21
21
  "license": "MIT",
22
22
  "dependencies": {
23
- "@abtnode/constant": "1.16.0-beta-ad6df3ae",
24
- "@abtnode/logger": "1.16.0-beta-ad6df3ae",
25
- "@abtnode/util": "1.16.0-beta-ad6df3ae",
23
+ "@abtnode/constant": "1.16.0-beta-7a7d5d97",
24
+ "@abtnode/logger": "1.16.0-beta-7a7d5d97",
25
+ "@abtnode/util": "1.16.0-beta-7a7d5d97",
26
26
  "@arcblock/did": "1.18.64",
27
27
  "@arcblock/jwt": "^1.18.64",
28
28
  "@arcblock/vc": "1.18.64",
29
- "@blocklet/constant": "1.16.0-beta-ad6df3ae",
30
- "@blocklet/meta": "1.16.0-beta-ad6df3ae",
29
+ "@blocklet/constant": "1.16.0-beta-7a7d5d97",
30
+ "@blocklet/meta": "1.16.0-beta-7a7d5d97",
31
31
  "@ocap/client": "1.18.64",
32
32
  "@ocap/mcrypto": "1.18.64",
33
33
  "@ocap/util": "1.18.64",
@@ -36,6 +36,7 @@
36
36
  "joi": "17.7.0",
37
37
  "jsonwebtoken": "^9.0.0",
38
38
  "lodash": "^4.17.21",
39
+ "p-retry": "4.6.1",
39
40
  "semver": "^7.3.8",
40
41
  "transliteration": "^2.3.5",
41
42
  "url-join": "^4.0.1"
@@ -43,5 +44,5 @@
43
44
  "devDependencies": {
44
45
  "jest": "^27.5.1"
45
46
  },
46
- "gitHead": "8fa60176a00400cd412b308df3c7d6dcd9af2db1"
47
+ "gitHead": "c25ddcc371454b2e2f7038aa5e64c7b7c27763cb"
47
48
  }