@abtnode/auth 1.16.52-beta-20250909-073849-4e392ab1 → 1.16.52-beta-20250911-023851-d988be85
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/passkey.js +35 -13
- package/package.json +8 -8
package/lib/passkey.js
CHANGED
|
@@ -2,7 +2,7 @@ const pick = require('lodash/pick');
|
|
|
2
2
|
const { joinURL } = require('ufo');
|
|
3
3
|
const { Joi } = require('@arcblock/validator');
|
|
4
4
|
const { fromPublicKey } = require('@ocap/wallet');
|
|
5
|
-
const { ROLES, PASSPORT_STATUS } = require('@abtnode/constant');
|
|
5
|
+
const { ROLES, PASSPORT_STATUS, WELLKNOWN_BLOCKLET_ADMIN_PATH } = require('@abtnode/constant');
|
|
6
6
|
const { LOGIN_PROVIDER } = require('@blocklet/constant');
|
|
7
7
|
const { WELLKNOWN_SERVICE_PATH_PREFIX, SECURITY_RULE_DEFAULT_ID } = require('@abtnode/constant');
|
|
8
8
|
const { fromBase64, toBase64, toBuffer, toUint8Array, toHex } = require('@ocap/util');
|
|
@@ -44,6 +44,23 @@ const shouldVerifyUser = (action) =>
|
|
|
44
44
|
!process.env.ABT_NODE_NO_PASSKEY_USER_VERIFY &&
|
|
45
45
|
['verify-elevated', 'verify-destroy', 'disconnect', 'destroy-self'].includes(action);
|
|
46
46
|
|
|
47
|
+
const shouldCheckRole = (mode, req) => {
|
|
48
|
+
if (mode === 'server') {
|
|
49
|
+
return true;
|
|
50
|
+
}
|
|
51
|
+
try {
|
|
52
|
+
const referrerUrl = req.get('referrer');
|
|
53
|
+
if (!referrerUrl) {
|
|
54
|
+
return true;
|
|
55
|
+
}
|
|
56
|
+
const url = new URL(referrerUrl);
|
|
57
|
+
return !url.pathname || url.pathname.startsWith(WELLKNOWN_BLOCKLET_ADMIN_PATH);
|
|
58
|
+
} catch (error) {
|
|
59
|
+
console.warn('Failed to parse URL when checking dashboard path', { error, referrerUrl: req.get('referrer') });
|
|
60
|
+
return true;
|
|
61
|
+
}
|
|
62
|
+
};
|
|
63
|
+
|
|
47
64
|
const isRegisterAction = (action) => ['register', 'connect-owner'].includes(action);
|
|
48
65
|
|
|
49
66
|
const getDomain = (req) => req.get('host').split(':')[0];
|
|
@@ -425,25 +442,30 @@ function createPasskeyHandlers(node, mode, createToken) {
|
|
|
425
442
|
}
|
|
426
443
|
|
|
427
444
|
let expectedRoles = [ROLES.OWNER, ROLES.ADMIN, ROLES.MEMBER];
|
|
445
|
+
const userRoles = (req?.userExpanded?.passports || [])
|
|
446
|
+
.filter((x) => x.status === PASSPORT_STATUS.VALID && x.scope === 'passport')
|
|
447
|
+
.map((x) => x.role);
|
|
448
|
+
const shouldCheck = shouldCheckRole(mode, req);
|
|
428
449
|
if (req.query.action === 'verify-destroy') {
|
|
429
450
|
const { payload, roles, locale = 'en' } = req.query;
|
|
430
|
-
|
|
431
|
-
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
451
|
+
|
|
452
|
+
expectedRoles = shouldCheck
|
|
453
|
+
? validateVerifyDestroyRequest({
|
|
454
|
+
payload,
|
|
455
|
+
roles,
|
|
456
|
+
locale,
|
|
457
|
+
allowedRoles: expectedRoles,
|
|
458
|
+
})
|
|
459
|
+
: userRoles;
|
|
436
460
|
}
|
|
437
461
|
if (req.query.action === 'verify-destroy' || req.query.action === 'verify-elevated') {
|
|
438
462
|
if (!req.userExpanded) {
|
|
439
463
|
return res.status(400).send({ error: 'You need to be logged in to perform this action.' });
|
|
440
464
|
}
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
);
|
|
446
|
-
if (!hasRoles) {
|
|
465
|
+
|
|
466
|
+
const hasRoles = expectedRoles.some((role) => userRoles?.some((x) => x === role));
|
|
467
|
+
|
|
468
|
+
if (!hasRoles && shouldCheck && userRoles.length > 0) {
|
|
447
469
|
return res.status(400).send({ error: 'You do not have the required passports to perform this action.' });
|
|
448
470
|
}
|
|
449
471
|
}
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.16.52-beta-
|
|
6
|
+
"version": "1.16.52-beta-20250911-023851-d988be85",
|
|
7
7
|
"description": "Simple lib to manage auth in ABT Node",
|
|
8
8
|
"main": "lib/index.js",
|
|
9
9
|
"files": [
|
|
@@ -20,9 +20,9 @@
|
|
|
20
20
|
"author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
|
|
21
21
|
"license": "Apache-2.0",
|
|
22
22
|
"dependencies": {
|
|
23
|
-
"@abtnode/constant": "1.16.52-beta-
|
|
24
|
-
"@abtnode/logger": "1.16.52-beta-
|
|
25
|
-
"@abtnode/util": "1.16.52-beta-
|
|
23
|
+
"@abtnode/constant": "1.16.52-beta-20250911-023851-d988be85",
|
|
24
|
+
"@abtnode/logger": "1.16.52-beta-20250911-023851-d988be85",
|
|
25
|
+
"@abtnode/util": "1.16.52-beta-20250911-023851-d988be85",
|
|
26
26
|
"@arcblock/did": "1.24.0",
|
|
27
27
|
"@arcblock/did-connect-js": "1.24.0",
|
|
28
28
|
"@arcblock/did-ext": "1.24.0",
|
|
@@ -31,10 +31,10 @@
|
|
|
31
31
|
"@arcblock/nft-display": "^3.1.37",
|
|
32
32
|
"@arcblock/validator": "1.24.0",
|
|
33
33
|
"@arcblock/vc": "1.24.0",
|
|
34
|
-
"@blocklet/constant": "1.16.52-beta-
|
|
34
|
+
"@blocklet/constant": "1.16.52-beta-20250911-023851-d988be85",
|
|
35
35
|
"@blocklet/error": "^0.2.5",
|
|
36
|
-
"@blocklet/meta": "1.16.52-beta-
|
|
37
|
-
"@blocklet/sdk": "1.16.52-beta-
|
|
36
|
+
"@blocklet/meta": "1.16.52-beta-20250911-023851-d988be85",
|
|
37
|
+
"@blocklet/sdk": "1.16.52-beta-20250911-023851-d988be85",
|
|
38
38
|
"@ocap/client": "1.24.0",
|
|
39
39
|
"@ocap/mcrypto": "1.24.0",
|
|
40
40
|
"@ocap/util": "1.24.0",
|
|
@@ -56,5 +56,5 @@
|
|
|
56
56
|
"devDependencies": {
|
|
57
57
|
"jest": "^29.7.0"
|
|
58
58
|
},
|
|
59
|
-
"gitHead": "
|
|
59
|
+
"gitHead": "90c5cf74138797733868312beb5e509c9db3a8f8"
|
|
60
60
|
}
|