npm - @abtnode/auth - Versions diffs - 1.7.26 → 1.7.27 - Mend

@abtnode/auth 1.7.26 → 1.7.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/lib/server.js +37 -62
package/package.json +7 -6

package/lib/server.js CHANGED Viewed

@@ -1,4 +1,5 @@
 const get = require('lodash/get');
+const isEmpty = require('lodash/isEmpty');
 const last = require('lodash/last');
 const Client = require('@ocap/client');
 const { fromPublicKey } = require('@ocap/wallet');
@@ -10,9 +11,9 @@ const {
   ROLES,
   VC_TYPE_GENERAL_PASSPORT,
   VC_TYPE_NODE_PASSPORT,
-  VC_TYPE_BLOCKLET_PURCHASE,
   NFT_TYPE_SERVER_OWNERSHIP,
 } = require('@abtnode/constant');
+const { sign } = require('@arcblock/jwt');
 const {
   messages,
   getVCFromClaims,
@@ -29,13 +30,11 @@ const {
   getRoleFromExternalPassport,
   createUserPassport,
 } = require('./passport');
 const logger = require('./logger');
 const secret = process.env.ABT_NODE_SESSION_SECRET;
 const LAUNCH_BLOCKLET_TOKEN_EXPIRE = '1d';
 const abtnodeVcTypes = [VC_TYPE_GENERAL_PASSPORT, VC_TYPE_NODE_PASSPORT];
-const blockletVcTypes = [VC_TYPE_BLOCKLET_PURCHASE];
 const authenticateByVc = async ({ node, locale, userDid, claims, challenge, requireNodeInitialized = true }) => {
   if (requireNodeInitialized) {
@@ -184,7 +183,7 @@ const getAuthVcClaim =
     return claim;
   };
-const getLaunchFreeBlockletClaims = (node, authMethod) => {
+const getLaunchBlockletClaims = (node, authMethod) => {
   if (authMethod === 'vc') {
     return {
       serverPassport: ['verifiableCredential', getAuthVcClaim(node)],
@@ -202,31 +201,6 @@ const getLaunchFreeBlockletClaims = (node, authMethod) => {
   };
 };
-const getLaunchPaidBlockletClaims = (node, authMethod) => {
-  const claims = getLaunchFreeBlockletClaims(node, authMethod);
-  claims.blockletPurchaseNft = [
-    'verifiableCredential',
-    async ({ extraParams: { locale, blockletMetaUrl }, context: { didwallet } }) => {
-      checkWalletVersion({ didwallet, locale });
-      const registryUrl = new URL(blockletMetaUrl).origin;
-      const [registry, { meta }] = await Promise.all([
-        node.getRegistryMeta(registryUrl),
-        node.getBlockletMetaFromUrl({ url: blockletMetaUrl }),
-      ]);
-      return {
-        description: messages.requestBlockletNft[locale],
-        item: blockletVcTypes,
-        trustedIssuers: [registry.id],
-        tag: meta.did,
-      };
-    },
-  ];
-  return claims;
-};
 const getOwnershipNFTClaim = async (node, locale) => {
   const info = await node.getNodeInfo();
   if (!info.ownerNft && !info.ownerNft.issuer) {
@@ -281,8 +255,12 @@ const ensureBlockletPermission = async ({ authMethod, node, userDid, claims, cha
 const createLaunchBlockletHandler =
   (node, authMethod) =>
-  async ({ claims, challenge, userDid, updateSession, req, extraParams: { locale, blockletMetaUrl } }) => {
+  async ({ claims, challenge, userDid, updateSession, req, extraParams }) => {
+    const { locale, blockletMetaUrl } = extraParams;
+    logger.info('createLaunchBlockletHandler', extraParams);
     if (!blockletMetaUrl) {
+      logger.error('blockletMetaUrl must be provided');
       throw new Error(messages.invalidParams[locale]);
     }
@@ -295,37 +273,32 @@ const createLaunchBlockletHandler =
       locale,
     });
-    const result = await node.getBlockletMetaFromUrl({ url: blockletMetaUrl, checkPrice: true });
-    if (!result.meta) {
+    const blocklet = await node.getBlockletMetaFromUrl({ url: blockletMetaUrl, checkPrice: true });
+    if (!blocklet.meta) {
       throw new Error(messages.invalidBlocklet[locale]);
     }
-    const { did } = result.meta;
-    let blockletPurchaseVerified;
-    if (!result.isFree) {
-      const registryUrl = new URL(blockletMetaUrl).origin;
-      const registryMeta = await node.getRegistryMeta(registryUrl);
-      const { vc: blockletVc } = await getVCFromClaims({
-        claims,
-        challenge,
-        trustedIssuers: [registryMeta.id],
-        vcTypes: blockletVcTypes,
-        locale,
-      });
-      if (!blockletVc) {
-        throw new Error(messages.missingBlockletCredentialClaim[locale]);
-      }
+    const info = await node.getNodeInfo();
+    const headers = {};
-      if (get(blockletVc, 'credentialSubject.purchased.blocklet.id') !== did) {
-        throw new Error(messages.invalidBlockletVc[locale]);
+    if (!blocklet.isFree) {
+      if (isEmpty(extraParams?.previousWorkflowData?.downloadToken)) {
+        logger.error('downloadToken must be provided');
+        throw new Error(messages.invalidParams[locale]);
       }
-      blockletPurchaseVerified = true;
+      Object.assign(headers, {
+        'x-server-did': info.did,
+        'x-download-token': extraParams.previousWorkflowData.downloadToken,
+        'x-server-publick-key': info.pk,
+        'x-server-signature': sign(info.did, info.sk, {
+          exp: (Date.now() + 5 * 60 * 1000) / 1000,
+        }),
+      });
     }
+    const { did } = blocklet.meta;
     let sessionToken = '';
     if (authMethod === 'vc') {
       sessionToken = createAuthToken({
@@ -351,13 +324,13 @@ const createLaunchBlockletHandler =
     if (existedBlocklet) {
       const storageData = { did: userDid };
-      if (semver.gt(result.meta.version, existedBlocklet.meta.version)) {
+      if (semver.gt(blocklet.meta.version, existedBlocklet.meta.version)) {
         const appDidEnv = existedBlocklet.environments.find((e) => e.key === 'BLOCKLET_APP_ID');
         storageData.upgradeAvailable = {
           appDid: appDidEnv ? appDidEnv.value : '',
           did: existedBlocklet.meta.did,
           currentVersion: existedBlocklet.meta.version,
-          version: result.meta.version,
+          version: blocklet.meta.version,
         };
       }
@@ -366,12 +339,15 @@ const createLaunchBlockletHandler =
       return;
     }
-    const context = {};
-    if (typeof blockletPurchaseVerified !== 'undefined') {
-      context.blockletPurchaseVerified = blockletPurchaseVerified;
-    }
+    const tmp = await node.installBlocklet(
+      {
+        url: blockletMetaUrl,
+      },
+      {
+        headers,
+      }
+    );
-    const tmp = await node.installBlocklet({ url: blockletMetaUrl }, context);
     await node.createAuditLog(
       {
         action: 'installBlocklet',
@@ -389,8 +365,7 @@ module.exports = {
   authenticateByVc,
   authenticateByNFT,
   getOwnershipNFTClaim,
-  getLaunchFreeBlockletClaims,
-  getLaunchPaidBlockletClaims,
+  getLaunchBlockletClaims,
   createLaunchBlockletHandler,
   ensureBlockletPermission,
 };

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.7.26",
+  "version": "1.7.27",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,12 +20,13 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.7.26",
-    "@abtnode/logger": "1.7.26",
-    "@abtnode/util": "1.7.26",
+    "@abtnode/constant": "1.7.27",
+    "@abtnode/logger": "1.7.27",
+    "@abtnode/util": "1.7.27",
     "@arcblock/did": "1.17.0",
+    "@arcblock/jwt": "^1.17.0",
     "@arcblock/vc": "1.17.0",
-    "@blocklet/meta": "1.7.26",
+    "@blocklet/meta": "1.7.27",
     "@ocap/client": "1.17.0",
     "@ocap/mcrypto": "1.17.0",
     "@ocap/util": "1.17.0",
@@ -40,5 +41,5 @@
   "devDependencies": {
     "jest": "^27.4.5"
   },
-  "gitHead": "b7ef9b4ddb18f7a0c3898177fe06d9cefe966566"
+  "gitHead": "81a5492df66389b0aede13f033d1e493450833bc"
 }