npm - @abtnode/auth - Versions diffs - 1.8.69-beta-b0bb2d67 → 1.8.69-beta-650a290b - Mend

@abtnode/auth 1.8.69-beta-b0bb2d67 → 1.8.69-beta-650a290b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/auth.js CHANGED Viewed

@@ -184,6 +184,10 @@ const messages = {
     en: 'Invalid Blocklet VC',
     zh: '无效的 Blocklet VC',
   },
+  invalidAppVersion: {
+    en: 'App key-pair rotating can only be performed on the latest version',
+    zh: '只有最新版应用可以变更钥匙对',
+  },
   // NFT related
   missingProfileClaim: {

package/lib/lost-passport.js CHANGED Viewed

@@ -1,11 +1,12 @@
 const path = require('path');
 const joinUrl = require('url-join');
 const uniqBy = require('lodash/uniqBy');
+const uniq = require('lodash/uniq');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
 const formatContext = require('@abtnode/util/lib/format-context');
 const getRandomMessage = require('@abtnode/util/lib/get-random-message');
 const getNodeWallet = require('@abtnode/util/lib/get-app-wallet');
-const { getDisplayName } = require('@blocklet/meta/lib/util');
+const { getDisplayName, getBlockletAppIdList } = require('@blocklet/meta/lib/util');
 const { VC_TYPE_NODE_PASSPORT, PASSPORT_STATUS, NODE_DATA_DIR_NAME } = require('@abtnode/constant');
 const get = require('lodash/get');
 const { parseUserAvatar } = require('@abtnode/util/lib/user-avatar');
@@ -31,6 +32,7 @@ const TEAM_TYPES = {
 const getTeamInfo = async ({ type, node, req }) => {
   let teamDid;
   let issuerDid;
+  let issuerDidList;
   let issuerName;
   let issuerWallet;
   let passportColor;
@@ -40,6 +42,7 @@ const getTeamInfo = async ({ type, node, req }) => {
   if (type === TEAM_TYPES.NODE) {
     teamDid = info.did;
     issuerDid = info.did;
+    issuerDidList = [info.did];
     issuerName = info.name;
     issuerWallet = getNodeWallet(info.sk);
     passportColor = 'default';
@@ -49,6 +52,7 @@ const getTeamInfo = async ({ type, node, req }) => {
     const blocklet = await node.getBlocklet({ did: teamDid, attachRuntimeInfo: false });
     const blockletInfo = getBlockletInfo(blocklet, info.sk);
     issuerDid = blockletInfo.wallet.address;
+    issuerDidList = uniq([blockletInfo.wallet.address, ...getBlockletAppIdList(blocklet)]);
     issuerName = getDisplayName(blocklet, true);
     issuerWallet = blockletInfo.wallet;
     passportColor = blockletInfo.passportColor;
@@ -60,6 +64,7 @@ const getTeamInfo = async ({ type, node, req }) => {
   return {
     teamDid,
     issuerDid,
+    issuerDidList,
     issuerName,
     issuerWallet,
     passportColor,
@@ -95,7 +100,7 @@ const createLostPassportListRoute = ({ node, type }) => ({
   onAuth: async ({ userDid, extraParams, updateSession, req }) => {
     const { locale } = extraParams;
-    const { teamDid, issuerDid, dataDir } = await getTeamInfo({ node, req, type });
+    const { teamDid, issuerDidList, dataDir } = await getTeamInfo({ node, req, type });
     // check user approved
     const user = await getUser(node, teamDid, userDid);
@@ -114,7 +119,7 @@ const createLostPassportListRoute = ({ node, type }) => ({
           return false;
         }
-        if (x.issuer.id !== issuerDid) {
+        if (!issuerDidList.includes(x.issuer.id)) {
           return false;
         }
         return !(x.expirationDate && Date.now() > new Date(x.expirationDate).getTime());
@@ -193,7 +198,7 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
   onAuth: async ({ claims, userDid, userPk, extraParams, updateSession, baseUrl, req }) => {
     const { locale = 'en', receiverDid, passportName } = extraParams;
-    const { teamDid, issuerDid, issuerName, issuerWallet, passportColor, dataDir } = await getTeamInfo({
+    const { teamDid, issuerDidList, issuerName, issuerWallet, passportColor, dataDir } = await getTeamInfo({
       node,
       req,
       type,
@@ -226,7 +231,7 @@ const createLostPassportIssueRoute = ({ node, type, authServicePrefix }) => ({
       (x) =>
         x.name === passportName &&
         x.status === PASSPORT_STATUS.VALID &&
-        x.issuer.id === issuerDid &&
+        issuerDidList.includes(x.issuer.id) &&
         (!x.expirationDate || Date.now() > new Date(x.expirationDate).getTime())
     );
     if (!exist) {

package/lib/server.js CHANGED Viewed

@@ -8,6 +8,7 @@ const { fromPublicKey } = require('@ocap/wallet');
 const { fromBase58, toAddress, toHex } = require('@ocap/util');
 const { toTypeInfo, isFromPublicKey } = require('@arcblock/did');
 const urlFriendly = require('@blocklet/meta/lib/url-friendly').default;
+const getApplicationWallet = require('@blocklet/meta/lib/wallet');
 const { slugify } = require('transliteration');
 const { getChainInfo } = require('@blocklet/meta/lib/util');
 const getBlockletInfo = require('@blocklet/meta/lib/info');
@@ -20,8 +21,8 @@ const {
   SERVER_ROLES,
   NFT_TYPE_SERVERLESS,
   MAIN_CHAIN_ENDPOINT,
+  APP_STRUCT_VERSION,
 } = require('@abtnode/constant');
-const { toExternalBlocklet } = require('@blocklet/meta/lib/did');
 const {
   messages,
   getVCFromClaims,
@@ -290,7 +291,7 @@ const getAuthNFTClaim =
   };
 const getKeyPairClaim =
-  (node) =>
+  (node, declare = true) =>
   async ({ extraParams: { locale, appDid, title }, context: { didwallet } }) => {
     checkWalletVersion({ didwallet, locale });
@@ -319,6 +320,7 @@ const getKeyPairClaim =
       mfa: !process.env.DID_CONNECT_MFA_DISABLED,
       description: description[locale] || description.en,
       moniker: (urlFriendly(slugify(appName)) || 'application').toLowerCase(),
+      declare: !!declare,
       migrateFrom,
       targetType: {
         role: 'application',
@@ -334,7 +336,7 @@ const getRotateKeyPairClaims = (node) => {
     {
       authPrincipal: async ({ extraParams: { locale, appDid } }) => {
         const description = {
-          en: 'Please select ',
+          en: 'Please create a new key-pair for this application',
           zh: '请为应用创建新的钥匙对',
         };
@@ -348,6 +350,9 @@ const getRotateKeyPairClaims = (node) => {
         if (!blocklet) {
           throw new Error(messages.invalidBlocklet[locale]);
         }
+        if (blocklet.structVersion !== APP_STRUCT_VERSION) {
+          throw new Error(messages.invalidAppVersion[locale]);
+        }
         // Try to use blocklet chain config if possible
         // Since migration happens on the chain the app holds some actual assets
@@ -388,18 +393,33 @@ const getLaunchBlockletClaims = (node, authMethod) => {
   return claims;
 };
-// FIXME: @wangshijun should be changed to blocklet appSK owner claim?
-const getSetupBlockletClaims = (node, authMethod, blocklet) => {
-  const claims = {};
-  if (authMethod === 'vc') {
-    claims.serverPassport = ['verifiableCredential', getAuthVcClaim({ node, blocklet })];
-  }
-  if (authMethod === 'nft') {
-    claims.serverNFT = ['asset', getAuthNFTClaim({ node })];
-  }
+const getSetupBlockletClaims = () => {
+  const description = {
+    en: 'Sign following message to prove that you are the owner of the app',
+    zh: '签名如下消息以证明你是应用的拥有者',
+  };
-  return claims;
+  return [
+    {
+      authPrincipal: async ({ context, extraParams: { locale } }) => {
+        const blocklet = await context.request.getBlocklet();
+        return {
+          description: description[locale] || description.en,
+          target: blocklet.appDid,
+        };
+      },
+    },
+    {
+      signature: async ({ context, extraParams: { locale } }) => {
+        const blocklet = await context.request.getBlocklet();
+        return {
+          description: messages.receivePassport[locale],
+          data: `I am the owner of app ${blocklet.appDid}`,
+          type: 'mime:text/plain',
+        };
+      },
+    },
+  ];
 };
 const getOwnershipNFTClaim = async (node, locale) => {
@@ -580,16 +600,13 @@ const createLaunchBlockletHandler =
       await updateSession({ sessionToken }, true);
     }
-    if (blocklet) {
-      const blockletDid =
-        role === SERVER_ROLES.EXTERNAL_BLOCKLET_CONTROLLER
-          ? toExternalBlocklet(blocklet.meta.name, controller.nftId, { didOnly: true })
-          : blocklet.meta.did;
-      await updateSession({ blockletDid });
+    const appSk = toHex(keyPair.secret);
+    const appDid = getApplicationWallet(appSk).address;
+    await updateSession({ appDid });
+    if (blocklet) {
       // 检查是否已安装，这里不做升级的处理
-      const existedBlocklet = await node.getBlocklet({ did: blockletDid, attachRuntimeInfo: false });
+      const existedBlocklet = await node.getBlocklet({ did: appDid, attachRuntimeInfo: false });
       // 如果是 serverless, 并且已经消费过了，但是没有安装，则抛出异常
       if (!existedBlocklet && role === SERVER_ROLES.EXTERNAL_BLOCKLET_CONTROLLER && isNFTConsumed(nft)) {
@@ -598,26 +615,24 @@ const createLaunchBlockletHandler =
       if (existedBlocklet) {
         await updateSession({ isInstalled: true });
-        logger.info('blocklet already exists', { blockletDid });
+        logger.info('blocklet already exists', { appDid });
         return;
       }
     }
     logger.info('start install blocklet', { blockletMetaUrl, title, description });
-    const tmp = await node.installBlocklet(
+    await node.installBlocklet(
       {
         url: blockletMetaUrl,
         title,
         description,
-        appSk: toHex(keyPair.secret),
+        appSk,
         delay: 1000 * 4, // delay 4 seconds to download, wait for ws connection from frontend
         downloadTokenList: extraParams?.previousWorkflowData?.downloadTokenList,
         controller: role === SERVER_ROLES.EXTERNAL_BLOCKLET_CONTROLLER ? controller : null,
       },
       formatContext(Object.assign(req, { user: { ...pick(user, ['did', 'fullName']), role } }))
     );
-    await updateSession({ blockletDid: tmp.meta.did });
   };
 const getBlockletPermissionChecker =
@@ -679,7 +694,6 @@ const createRotateKeyPairHandler =
         did: blocklet.meta.did,
         configs: [{ key: 'BLOCKLET_APP_SK', value: toHex(keyPair.secret), secure: true }],
         skipHook: true,
-        skipDidDocument: true,
       },
       formatContext(Object.assign(req, { user: { did: userDid, fullName: 'Owner', role: 'owner' } }))
     );

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.8.69-beta-b0bb2d67",
+  "version": "1.8.69-beta-650a290b",
   "description": "Simple lib to manage auth in ABT Node",
   "main": "lib/index.js",
   "files": [
@@ -20,18 +20,18 @@
   "author": "linchen <linchen1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/constant": "1.8.69-beta-b0bb2d67",
-    "@abtnode/logger": "1.8.69-beta-b0bb2d67",
-    "@abtnode/util": "1.8.69-beta-b0bb2d67",
-    "@arcblock/did": "1.18.57",
-    "@arcblock/jwt": "^1.18.57",
-    "@arcblock/vc": "1.18.57",
-    "@blocklet/constant": "1.8.69-beta-b0bb2d67",
-    "@blocklet/meta": "1.8.69-beta-b0bb2d67",
-    "@ocap/client": "1.18.57",
-    "@ocap/mcrypto": "1.18.57",
-    "@ocap/util": "1.18.57",
-    "@ocap/wallet": "1.18.57",
+    "@abtnode/constant": "1.8.69-beta-650a290b",
+    "@abtnode/logger": "1.8.69-beta-650a290b",
+    "@abtnode/util": "1.8.69-beta-650a290b",
+    "@arcblock/did": "1.18.59",
+    "@arcblock/jwt": "^1.18.59",
+    "@arcblock/vc": "1.18.59",
+    "@blocklet/constant": "1.8.69-beta-650a290b",
+    "@blocklet/meta": "1.8.69-beta-650a290b",
+    "@ocap/client": "1.18.59",
+    "@ocap/mcrypto": "1.18.59",
+    "@ocap/util": "1.18.59",
+    "@ocap/wallet": "1.18.59",
     "axios": "^0.27.2",
     "joi": "17.7.0",
     "jsonwebtoken": "^9.0.0",
@@ -43,5 +43,5 @@
   "devDependencies": {
     "jest": "^27.5.1"
   },
-  "gitHead": "d6853c4b55a67526748017268257b869a5092cb1"
+  "gitHead": "a33c9ce6a52b8d522d13860e85809dcbba236712"
 }