@abtnode/auth 1.16.23-beta-7b5b0175 → 1.16.23-beta-06c3a221

package/lib/auth.js

@@ -40,6 +40,7 @@ const createPassportSvg = require('./util/create-passport-svg');
 const messages = {
   description: getLocaleMap('description'),
   requestProfile: getLocaleMap('requestProfile'),
+  requestDidSpace: getLocaleMap('requestDidSpace'),
   requestNFT: getLocaleMap('requestNFT'),
   requestCredential: getLocaleMap('requestCredential'),
   requestPassport: getLocaleMap('requestPassport'),
@@ -807,7 +808,13 @@ const handleIssuePassportResponse = async ({
 const getVCFromClaims = ({ claims, challenge, trustedIssuers, vcTypes, locale = 'en', vcId }) => {
   const credential = claims
     .filter(Boolean) // FIXES: https://github.com/ArcBlock/did-connect/issues/74
-    .find((x) => x.type === 'verifiableCredential' && vcTypes.some((item) => x.item.includes(item)));
+    .find(
+      (x) =>
+        x.type === 'verifiableCredential' &&
+        // 注意此处不要筛选出 did Spaces 的 verifiableCredential
+        x?.meta?.purpose !== 'DidSpace' &&
+        vcTypes.some((item) => x.item.includes(item))
+    );
 
   if (!credential || !credential.presentation) {
     return {};

package/lib/connect-to-did-spaces.js

@@ -0,0 +1,99 @@
+const { getAppUrl, getAppName, getAppDescription } = require('@blocklet/meta/lib/util');
+const { Joi } = require('@arcblock/validator');
+const logger = require('@abtnode/logger')(require('../../../package.json').name);
+const { DID_SPACES } = require('@blocklet/constant');
+const { messages } = require('./auth');
+const { getDidSpacesInfoByClaims, silentAuthorizationInConnect } = require('./util/spaces');
+
+const ExtraParamsSchema = Joi.object({
+  referrer: Joi.string()
+    .uri({ scheme: ['http', 'https'] })
+    .required(),
+  appPid: Joi.DID().optional(),
+});
+
+/**
+ * @description
+ * @param {import('@abtnode/core').TNode} node
+ * @return {*}
+ */
+function createConnectToDidSpacesRoute(node) {
+  return {
+    action: 'connect-to-did-spaces',
+    onStart: ({ extraParams }) => {
+      const { error } = ExtraParamsSchema.validate(extraParams, {
+        allowUnknown: true,
+      });
+      if (error) {
+        throw new Error(error);
+      }
+    },
+
+    onConnect: ({ extraParams: { locale } }) => {
+      return {
+        assetOrVC: {
+          description: messages.requestDidSpace[locale],
+          optional: false,
+          filters: [
+            {
+              tag: DID_SPACES.NFT_TAG, // 用于筛选 NFT
+            },
+            {
+              type: DID_SPACES.VC_TYPES, // 用于筛选 VC
+            },
+          ],
+          meta: {
+            purpose: 'DidSpace',
+          },
+        },
+      };
+    },
+
+    onAuth: async ({ claims, challenge, extraParams: { appPid, locale, referrer }, updateSession, request }) => {
+      /** @type {import('@abtnode/client').BlockletState} */
+      const blocklet = request.getBlocklet ? await request.getBlocklet() : await node.getBlocklet({ did: appPid });
+
+      const existsConnectSpaceClaim = claims.some(
+        (x) => x?.meta?.purpose === 'DidSpace' && ['asset', 'verifiableCredential'].includes(x.type)
+      );
+
+      if (!existsConnectSpaceClaim) {
+        logger.error('Unable to find claim for DID Spaces', { claims });
+        throw new Error('Unable to find claim for DID Spaces');
+      }
+
+      const didSpaceInfo = await getDidSpacesInfoByClaims({ claims });
+      const appUrl = getAppUrl(blocklet);
+      const { data } = await silentAuthorizationInConnect(didSpaceInfo, {
+        appInfo: {
+          appDid: blocklet.appDid,
+          appName: getAppName(blocklet),
+          appDescription: getAppDescription(blocklet),
+          appUrl,
+          scopes: 'list:object read:object write:object',
+          referrer,
+        },
+        verifyNFTParams: {
+          claims,
+          challenge,
+          locale,
+        },
+      });
+
+      /**
+       * @type {Omit<import('@abtnode/client').SpaceGatewayInput, 'protected'>}
+       */
+      const spaceGateway = {
+        did: data.did,
+        name: data.name,
+        endpoint: data.endpoint,
+        url: didSpaceInfo.didSpacesCoreUrl,
+      };
+
+      // 两边都要做同样的校验
+      await updateSession({ spaceGateway, ...data }, true);
+    },
+  };
+}
+
+module.exports = { createConnectToDidSpacesRoute };

package/lib/util/api.js

@@ -0,0 +1,7 @@
+const { default: axios } = require('axios');
+
+axios.defaults.timeout = 10 * 1000; // 超时时间设为10s
+
+const api = axios.create();
+
+module.exports = { api };

package/lib/util/spaces.js

@@ -0,0 +1,190 @@
+const isUrl = require('is-url');
+const Client = require('@ocap/client');
+const { isValid } = require('@arcblock/did');
+const { joinURL } = require('ufo');
+const { api } = require('./api');
+
+/**
+ * @description
+ * @param {string} endpoint
+ * @return {string}
+ */
+function getDIDSpacesUrlFromDisplayUrl(endpoint) {
+  if (!isUrl(endpoint)) {
+    throw new Error(`Endpoint(${endpoint}) is not a valid url`);
+  }
+
+  return endpoint.replace(/\/api\/.+/, '');
+}
+
+/**
+ * @description
+ * @param {{
+ *  chainHost: string,
+ *  assetDid: string,
+ * }} { chainHost, assetDid }
+ * @return {Promise<{
+ *  didSpacesCoreUrl: string,
+ *  assetDid: string
+ * }>}
+ */
+async function getDidSpaceInfoByAsset({ chainHost, assetDid }) {
+  if (!isValid(assetDid)) {
+    throw new Error(`Invalid asset did(${assetDid})`);
+  }
+
+  const client = new Client(chainHost);
+  /** @type {{ state: import('@ocap/client').AssetState }} */
+  const { state } = await client.getAssetState({ address: assetDid });
+
+  const didSpacesCoreUrl = getDIDSpacesUrlFromDisplayUrl(state.display.content);
+
+  return {
+    didSpacesCoreUrl,
+    assetDid,
+  };
+}
+/**
+ * @description
+ * @param {{ vcClaim: any }} { vcClaim }
+ * @return {{
+ *  didSpacesCoreUrl: string,
+ *  spaceDid: string,
+ * }}
+ */
+async function getDidSpaceInfoByVC({ vcClaim }) {
+  const vcData = JSON.parse(JSON.parse(vcClaim.presentation).verifiableCredential[0]);
+
+  /**
+   *  @type {{
+   *    appAuth: {
+   *      appUrl?: string,
+   *      spaceDid: string,
+   *      endpoint?: string,
+   *    }
+   * }}
+   * */
+  const { appAuth } = vcData.credentialSubject;
+  const spacesAnyUrl = appAuth.appUrl || appAuth.endpoint;
+
+  if (!spacesAnyUrl) {
+    throw new Error('Unable to find any valid space paths');
+  }
+
+  const didSpacesCoreUrl = await getDidSpacesCoreUrl(spacesAnyUrl);
+
+  return {
+    didSpacesCoreUrl,
+    spaceDid: appAuth.spaceDid,
+  };
+}
+
+/**
+ * @description
+ * @param {string} spacesAnyUrl
+ * @param {{ timeout: number }} [options={ timeout: 5000 }]
+ * @return {Promise<string>}
+ */
+async function getDidSpacesCoreUrl(spacesAnyUrl, options = { timeout: 5000 }) {
+  const u = new URL(spacesAnyUrl);
+
+  /** @type {{ data: import('@blocklet/sdk').WindowBlocklet }} */
+  const { data: blockletMeta } = await api.get(joinURL(u.origin, '/__blocklet__.js?type=json'), {
+    timeout: options.timeout,
+  });
+
+  /** @type {string} */
+  const mountPoint = blockletMeta.componentMountPoints.find(
+    (x) => x.did === 'z8iZnaYxnkMD5AKRjTKiCb8pQr1ut8UantAcf'
+  )?.mountPoint;
+
+  if (!mountPoint) {
+    throw new Error(`MountPoint(${mountPoint}) not found`);
+  }
+
+  return joinURL(u.origin, mountPoint);
+}
+
+/**
+ * @typedef {{
+ *    didSpacesCoreUrl: string,
+ *    spaceDid?: string,
+ *    assetDid?: string, // spaceDid, assetDid 必定会存在一个
+ * }} DidSpaceInfo
+ * @typedef {{
+ *    appDid: string,
+ *    appName: string,
+ *    appDescription: string,
+ *    scopes: string,
+ *    appUrl: string,
+ *    referer: string,
+ * }} DidSpaceExtraParams
+ * @typedef {{
+ *    claims: any[],
+ *    challenge: any,
+ *    locale: 'en' | 'zh',
+ * }} DidSpaceVerifyNFTParams
+ */
+
+/**
+ * @description
+ * @param {{ claims: any[] }} { claims }
+ * @return {Promise<DidSpaceInfo>}
+ */
+function getDidSpacesInfoByClaims({ claims }) {
+  const assetOrVcClaim = claims.find(
+    (x) => x?.meta?.purpose === 'DidSpace' && ['asset', 'verifiableCredential'].includes(x.type)
+  );
+  if (!assetOrVcClaim) {
+    // 说明 DID Spaces 对于应用来说不是必要的
+    return null;
+  }
+
+  const isAssetClaim = assetOrVcClaim.type === 'asset';
+  if (isAssetClaim) {
+    return getDidSpaceInfoByAsset({
+      chainHost: getChainHostByAssetChainId(assetOrVcClaim.assetChainId),
+      assetDid: assetOrVcClaim.asset,
+    });
+  }
+  return getDidSpaceInfoByVC({ vcClaim: assetOrVcClaim });
+}
+
+/**
+ * @description
+ * @param {DidSpaceInfo} didSpaceInfo
+ * @param {{
+ *  extrasParams: DidSpaceExtraParams,
+ *  verifyNFTParams: DidSpaceVerifyNFTParams
+ * }} { extrasParams, verifyNFTParams }
+ * @return {*}
+ */
+async function silentAuthorizationInConnect(didSpaceInfo, data) {
+  const silentAuthorizationUrl = joinURL(didSpaceInfo.didSpacesCoreUrl, '/api/space/silent-authorization');
+
+  const res = await api.put(silentAuthorizationUrl, data, {
+    params: {
+      spaceDid: didSpaceInfo.spaceDid,
+      assetDid: didSpaceInfo.assetDid,
+    },
+  });
+
+  return res;
+}
+const CHAIN_HOST_MAP = {
+  beta: 'https://beta.abtnetwork.io/api/',
+  'xenon-2020-01-15': 'https://abtnetwork.io/api/',
+};
+function getChainHostByAssetChainId(assetChainId) {
+  if (assetChainId in CHAIN_HOST_MAP) {
+    return CHAIN_HOST_MAP[assetChainId];
+  }
+
+  throw new Error(`Unknown asset chain id(${assetChainId})`);
+}
+
+module.exports = {
+  getDIDSpacesUrlFromDisplayUrl,
+  getDidSpacesInfoByClaims,
+  silentAuthorizationInConnect,
+};

package/locales/en.js

@@ -2,6 +2,7 @@
 module.exports = {
   description: 'Connect your DID Wallet',
   requestProfile: 'Please provide following information to continue',
+  requestDidSpace: 'Please authorize DID Space to continue',
   requestNFT: 'Please present NFT to exchange for passport',
   requestCredential: 'Please provide credential',
   requestPassport: 'Please provide passport',

package/locales/zh.js

@@ -2,6 +2,7 @@
 module.exports = {
   description: '连接 DID 钱包',
   requestProfile: '请提供如下信息以继续',
+  requestDidSpace: '请授权应用读写你的 DID Space',
   requestNFT: '请提供 NFT 以换取通行证',
   requestCredential: '请提供凭证',
   requestPassport: '请提供通行证',

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.23-beta-7b5b0175",
+  "version": "1.16.23-beta-06c3a221",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,29 +20,34 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/constant": "1.16.23-beta-7b5b0175",
-    "@abtnode/logger": "1.16.23-beta-7b5b0175",
-    "@abtnode/util": "1.16.23-beta-7b5b0175",
+    "@abtnode/constant": "1.16.23-beta-06c3a221",
+    "@abtnode/logger": "1.16.23-beta-06c3a221",
+    "@abtnode/util": "1.16.23-beta-06c3a221",
     "@arcblock/did": "1.18.108",
-    "@arcblock/nft-display": "2.9.15",
+    "@arcblock/nft-display": "2.9.17",
+    "@arcblock/validator": "^1.18.108",
     "@arcblock/vc": "1.18.108",
-    "@blocklet/constant": "1.16.23-beta-7b5b0175",
-    "@blocklet/meta": "1.16.23-beta-7b5b0175",
+    "@blocklet/constant": "1.16.23-beta-06c3a221",
+    "@blocklet/meta": "1.16.23-beta-06c3a221",
+    "@ocap/client": "^1.18.108",
     "@ocap/mcrypto": "1.18.108",
     "@ocap/util": "1.18.108",
     "@ocap/wallet": "1.18.108",
+    "axios": "^0.27.2",
     "flat": "^5.0.2",
     "fs-extra": "^11.2.0",
+    "is-url": "^1.2.4",
     "joi": "17.11.0",
     "jsonwebtoken": "^9.0.0",
     "lodash": "^4.17.21",
     "p-retry": "4.6.1",
     "semver": "^7.3.8",
     "transliteration": "^2.3.5",
+    "ufo": "^1.3.2",
     "url-join": "^4.0.1"
   },
   "devDependencies": {
     "jest": "^29.7.0"
   },
-  "gitHead": "d1386002a4a10a65bf53cfca9754ea077c1d5983"
+  "gitHead": "10d2351eb9a0a222781d803798e15390622e421b"
 }