@arcblock/did-connect-js 1.29.23 → 4.0.0-beta.2

package/lib/authenticator/wallet.cjs

@@ -1,564 +0,0 @@
-Object.defineProperty(exports, '__esModule', { value: true });
-const require_rolldown_runtime = require('../_virtual/rolldown_runtime.cjs');
-const require_package$1 = require('../package.cjs');
-const require_authenticator_base = require('./base.cjs');
-const require_schema_index = require('../schema/index.cjs');
-let node_querystring = require("node:querystring");
-node_querystring = require_rolldown_runtime.__toESM(node_querystring);
-let _arcblock_did = require("@arcblock/did");
-let _ocap_client = require("@ocap/client");
-_ocap_client = require_rolldown_runtime.__toESM(_ocap_client);
-let _ocap_mcrypto_lib_crypter_rsa = require("@ocap/mcrypto/lib/crypter/rsa");
-_ocap_mcrypto_lib_crypter_rsa = require_rolldown_runtime.__toESM(_ocap_mcrypto_lib_crypter_rsa);
-let _ocap_util = require("@ocap/util");
-let _ocap_wallet = require("@ocap/wallet");
-let lodash_isEqual = require("lodash/isEqual");
-lodash_isEqual = require_rolldown_runtime.__toESM(lodash_isEqual);
-let lodash_pick = require("lodash/pick");
-lodash_pick = require_rolldown_runtime.__toESM(lodash_pick);
-let lodash_random = require("lodash/random");
-lodash_random = require_rolldown_runtime.__toESM(lodash_random);
-let lodash_shuffle = require("lodash/shuffle");
-lodash_shuffle = require_rolldown_runtime.__toESM(lodash_shuffle);
-
-//#region src/authenticator/wallet.ts
-const debug = require("debug")(`${require_package$1.default.name}:authenticator:wallet`);
-const DEFAULT_TIMEOUT = 8e3;
-const MFA_CODE_COUNT = 3;
-var WalletAuthenticator = class WalletAuthenticator extends require_authenticator_base.default {
-	static formatDisplay(display) {
-		if (!display) return "";
-		if (display?.type && display.content) return JSON.stringify((0, lodash_pick.default)(display, ["type", "content"]));
-		try {
-			const parsed = JSON.parse(display);
-			if (parsed?.type && parsed.content) return display;
-			return "";
-		} catch (_err) {
-			return "";
-		}
-	}
-	/**
-	* Creates an instance of DID Authenticator.
-	*
-	* @class
-	* @param {object} config
-	* @param {WalletObject|Function} config.wallet - wallet instance {@see @ocap/wallet} or a function that returns wallet instance
-	* @param {WalletObject|Function} [config.delegator] - the party that authorizes `wallet` to perform actions on behalf of `wallet`
-	* @param {string|Function} [config.delegation] - the jwt token that proves delegation relationship
-	* @param {ApplicationInfo|Function} config.appInfo - application basic info or a function that returns application info
-	* @param {ChainInfo|Function} config.chainInfo - application chain info or a function that returns chain info
-	* @param {Number} [config.timeout=8000] - timeout in milliseconds when generating claim
-	* @param {object} [config.baseUrl] - url to assemble wallet request uri, can be inferred from request object
-	* @param {string} [config.tokenKey='_t_'] - query param key for `token`
-	*/
-	constructor({ wallet, appInfo: appInfo$1, memberAppInfo, delegator, delegation, timeout = DEFAULT_TIMEOUT, chainInfo: chainInfo$1 = require_authenticator_base.DEFAULT_CHAIN_INFO, baseUrl = "", tokenKey = "_t_" }) {
-		super();
-		this.wallet = this._validateWallet(wallet, false);
-		this.appInfo = this._validateAppInfo(appInfo$1);
-		this.memberAppInfo = this._validateAppInfo(memberAppInfo, true);
-		this.chainInfo = chainInfo$1;
-		this.delegator = delegator;
-		this.delegation = delegation;
-		this.baseUrl = baseUrl;
-		this.tokenKey = tokenKey;
-		this.timeout = timeout;
-		if (!this.appInfo.link) this.appInfo.link = this.baseUrl;
-	}
-	/**
-	* Generate a deep link url that can be displayed as QRCode for DID Wallet to consume
-	*
-	* @method
-	* @param {object} params
-	* @param {string} params.baseUrl - baseUrl inferred from request object
-	* @param {string} params.pathname - wallet callback pathname
-	* @param {string} params.token - action token
-	* @param {object} params.query - params that should be persisted in wallet callback url
-	* @returns {string}
-	*/
-	uri({ baseUrl, pathname = "", token = "", query = {} } = {}) {
-		const params = {
-			...query,
-			[this.tokenKey]: token
-		};
-		const payload = {
-			action: "requestAuth",
-			url: encodeURIComponent(`${this.baseUrl || baseUrl}${pathname}?${node_querystring.default.stringify(params)}`)
-		};
-		const uri = `https://abtwallet.io/i/?${node_querystring.default.stringify(payload)}`;
-		debug("uri", {
-			token,
-			pathname,
-			uri,
-			params,
-			payload
-		});
-		return uri;
-	}
-	/**
-	* Compute public url to return to wallet
-	*
-	* @method
-	* @param {string} pathname
-	* @param {object} params
-	* @returns {string}
-	*/
-	getPublicUrl(pathname, params = {}, baseUrl = "") {
-		return `${this.baseUrl || baseUrl}${pathname}?${node_querystring.default.stringify(params)}`;
-	}
-	/**
-	* Sign a plain response, usually on auth success or error
-	*
-	* @method
-	* @param {object} params
-	* @param {object} params.response - response
-	* @param {string} params.errorMessage - error message, default to empty
-	* @param {string} params.successMessage - success message, default to empty
-	* @param {string} params.nextWorkflow - https://github.com/ArcBlock/ABT-DID-Protocol#concatenate-multiple-workflow
-	* @param {string} params.nextUrl - tell wallet do open this url in webview
-	* @param {object} params.cookies - key-value pairs to be set as cookie before open nextUrl
-	* @param {object} params.storages - key-value pairs to be set as localStorage before open nextUrl
-	* @param {string} baseUrl
-	* @param {object} request
-	* @returns {Promise<object>} { appPk, agentPk, authInfo }
-	*/
-	async signResponse({ response = {}, errorMessage = "", successMessage = "", nextWorkflow = "", nextUrl = "", cookies = {}, storages = {} }, baseUrl, request, extraParams = {}) {
-		const infoParams = {
-			baseUrl,
-			request,
-			...request.context || {},
-			extraParams
-		};
-		const [wallet, delegator, delegation] = await Promise.all([
-			this.getWalletInfo(infoParams),
-			this.getDelegator(infoParams),
-			this.getDelegation(infoParams)
-		]);
-		const [appInfo$1, memberAppInfo] = await Promise.all([this.getAppInfo({
-			...infoParams,
-			wallet,
-			delegator
-		}, "appInfo"), this.getAppInfo({
-			...infoParams,
-			wallet,
-			delegator
-		}, "memberAppInfo")]);
-		const didwallet = request.context.wallet;
-		const payload = {
-			appInfo: appInfo$1,
-			memberAppInfo,
-			status: errorMessage ? "error" : "ok",
-			errorMessage: errorMessage || "",
-			successMessage: successMessage || "",
-			nextWorkflow: nextWorkflow || "",
-			nextUrl: nextUrl || "",
-			cookies: cookies || {},
-			storages: storages || "",
-			response
-		};
-		if (delegator) {
-			payload.iss = (0, _ocap_util.toDid)(delegator.address);
-			payload.agentDid = (0, _ocap_util.toDid)(wallet.address);
-			payload.verifiableClaims = [{
-				type: "certificate",
-				content: delegation
-			}];
-		}
-		const result = {
-			appPk: (0, _ocap_util.toBase58)(wallet.pk),
-			authInfo: await wallet.signJWT(payload, true, didwallet ? didwallet.jwt : void 0)
-		};
-		if (delegator) {
-			result.appPk = (0, _ocap_util.toBase58)(delegator.pk);
-			result.agentPk = (0, _ocap_util.toBase58)(wallet.pk);
-		}
-		return result;
-	}
-	/**
-	* Sign a auth response that returned to wallet: tell the wallet the appInfo/chainInfo
-	*
-	* @method
-	* @param {object} params
-	* @param {object} params.claims - info required by application to complete the auth
-	* @param {string} params.pathname - pathname to assemble callback url
-	* @param {string} params.baseUrl - baseUrl
-	* @param {object} params.challenge - random challenge to be included in the body
-	* @param {object} params.extraParams - extra query params and locale
-	* @param {object} params.request
-	* @param {object} params.context
-	* @param {string} params.context.token - action token
-	* @param {number} params.context.currentStep - current step
-	* @param {string} [params.context.sharedKey] - shared key between app and wallet
-	* @param {string} [params.context.encryptionKey] - encryption key from wallet
-	* @param {Function} [params.context.mfaCode] - function used to generate mfa code
-	* @param {string} params.context.userDid - decoded from req.query, base58
-	* @param {string} params.context.userPk - decoded from req.query, base58
-	* @param {string} params.context.didwallet - DID Wallet os and version
-	* @returns {Promise<object>} { appPk, agentPk, sharedKey, authInfo }
-	*/
-	async sign({ context, request, claims: claims$1, pathname = "", baseUrl = "", challenge = "", extraParams = {} }) {
-		const claimsInfo = await this.tryWithTimeout(() => this.genRequestedClaims({
-			claims: claims$1,
-			context: {
-				baseUrl,
-				request,
-				...context
-			},
-			extraParams
-		}));
-		if (claimsInfo.filter((x) => x.mfaCode && x.mfaCode.length > 0).length > 1) throw new Error("Multiple MFA is not supported when sending more than 1 claim");
-		const tmp = claimsInfo.find((x) => (0, lodash_isEqual.default)(this._isValidChainInfo(x.chainInfo), require_authenticator_base.DEFAULT_CHAIN_INFO) === false);
-		const infoParams = {
-			baseUrl,
-			request,
-			...context,
-			extraParams
-		};
-		const [wallet, delegator, delegation, chainInfo$1] = await Promise.all([
-			this.getWalletInfo(infoParams),
-			this.getDelegator(infoParams),
-			this.getDelegation(infoParams),
-			this.getChainInfo(infoParams, tmp?.chainInfo)
-		]);
-		const [appInfo$1, memberAppInfo] = await Promise.all([this.getAppInfo({
-			...infoParams,
-			wallet,
-			delegator
-		}, "appInfo"), this.getAppInfo({
-			...infoParams,
-			wallet,
-			delegator
-		}, "memberAppInfo")]);
-		const payload = {
-			action: "responseAuth",
-			challenge,
-			appInfo: appInfo$1,
-			memberAppInfo,
-			chainInfo: chainInfo$1,
-			requestedClaims: claimsInfo.map((x) => {
-				delete x.chainInfo;
-				return x;
-			}),
-			url: `${this.baseUrl || baseUrl}${pathname}?${node_querystring.default.stringify({ [this.tokenKey]: context.token })}`
-		};
-		if (delegator) {
-			payload.iss = (0, _ocap_util.toDid)(delegator.address);
-			payload.agentDid = (0, _ocap_util.toDid)(wallet.address);
-			payload.verifiableClaims = [{
-				type: "certificate",
-				content: delegation
-			}];
-		}
-		const version = context.didwallet ? context.didwallet.jwt : void 0;
-		const result = {
-			appPk: (0, _ocap_util.toBase58)(wallet.pk),
-			authInfo: await wallet.signJWT(payload, true, version),
-			sensitive: claimsInfo.every((x) => ["keyPair", "encryptionKey"].includes(x.type))
-		};
-		if (result.sensitive && context.sharedKey && context.encryptionKey) try {
-			const pk = (0, _ocap_util.fromBase58)(context.encryptionKey).toString("utf8");
-			result.sharedKey = _ocap_mcrypto_lib_crypter_rsa.default.encrypt(context.sharedKey, pk, "base58");
-		} catch (err) {
-			console.error("Failed to encrypt shared key", err);
-		}
-		if (delegator) {
-			result.appPk = (0, _ocap_util.toBase58)(delegator.pk);
-			result.agentPk = (0, _ocap_util.toBase58)(wallet.pk);
-		}
-		return result;
-	}
-	/**
-	* Determine chainInfo on the fly
-	*
-	* @param {object} params - contains the context of this request
-	* @param {object|undefined} [info=undefined] - chain info object or function
-	* @returns {Promise<ChainInfo>}
-	* @memberof WalletAuthenticator
-	*/
-	async getChainInfo(params, info) {
-		if (info && this._isValidChainInfo(info)) return info;
-		if (typeof this.chainInfo === "function") {
-			const result = await this.tryWithTimeout(() => this.chainInfo(params));
-			if (this._isValidChainInfo(result)) return result;
-		}
-		if (this.chainInfo && this._isValidChainInfo(this.chainInfo)) return this.chainInfo;
-		return require_authenticator_base.DEFAULT_CHAIN_INFO;
-	}
-	/**
-	* Determine appInfo/memberAppInfo on the fly
-	*
-	* @param {object} params - contains the context of this request
-	* @param {string} key - appInfo | memberAppInfo
-	* @returns {Promise<ApplicationInfo>}
-	* @memberof WalletAuthenticator
-	*/
-	async getAppInfo(params, key = "appInfo") {
-		if (typeof this[key] === "function") {
-			const info = await this.tryWithTimeout(() => this[key](params));
-			if (info) {
-				if (!info.link) info.link = params.baseUrl;
-				if (!info.publisher) info.publisher = (0, _ocap_util.toDid)(params.delegator ? params.delegator.address : params.wallet.address);
-			}
-			return this._validateAppInfo(info, key === "memberAppInfo");
-		}
-		if (this[key] && !this[key].publisher) this[key].publisher = (0, _ocap_util.toDid)(params.delegator ? params.delegator.address : params.wallet.address);
-		return this[key];
-	}
-	async getWalletInfo(params) {
-		if (typeof this.wallet === "function") {
-			const result = await this.tryWithTimeout(() => this.wallet(params));
-			return this._validateWallet(result, false);
-		}
-		return this.wallet;
-	}
-	async getDelegator(params) {
-		if (typeof this.delegator === "function") {
-			const result = await this.tryWithTimeout(() => this.delegator(params));
-			return result ? this._validateWallet(result, false) : null;
-		}
-		return this.delegator;
-	}
-	async getDelegation(params) {
-		if (typeof this.delegation === "function") return await this.tryWithTimeout(() => this.delegation(params));
-		return this.delegation;
-	}
-	/**
-	* Verify a DID auth response sent from DID Wallet
-	*
-	* @method
-	* @param {object} data
-	* @param {string} [locale=en]
-	* @param {boolean} [enforceTimestamp=true]
-	* @returns Promise<boolean>
-	*/
-	async verify(data, locale = "en", enforceTimestamp = true) {
-		const { iss, iat, challenge = "", action = "responseAuth", requestedClaims } = await this._verify(data, "userPk", "userInfo", locale, enforceTimestamp);
-		debug("verify.context", {
-			userPk: data.userPk,
-			userDid: (0, _arcblock_did.toAddress)(iss),
-			action,
-			challenge
-		});
-		debug("verify.claims", requestedClaims);
-		return {
-			token: data.token,
-			userDid: (0, _arcblock_did.toAddress)(iss),
-			userPk: data.userPk,
-			claims: requestedClaims,
-			action,
-			challenge,
-			timestamp: iat
-		};
-	}
-	genRequestedClaims({ claims: claims$1, context, extraParams }) {
-		return Promise.all(Object.keys(claims$1).map(async (x) => {
-			let name = x;
-			let claim = claims$1[x];
-			if (Array.isArray(claims$1[x])) [name, claim] = claims$1[x];
-			if (!require_schema_index.claims[name]) throw new Error(`Unsupported claim type ${name}`);
-			const fn = typeof this[name] === "function" ? name : "getClaimInfo";
-			const result = await this[fn]({
-				claim,
-				context,
-				extraParams
-			});
-			if (result.mfa && typeof context.mfaCode === "function") {
-				result.mfaCode = [await context.mfaCode()];
-				while (result.mfaCode.length < MFA_CODE_COUNT) {
-					const noise = (0, lodash_random.default)(10, 99);
-					if (result.mfaCode.includes(noise) === false) result.mfaCode.push(noise);
-				}
-				result.mfaCode = (0, lodash_shuffle.default)(result.mfaCode);
-			}
-			const { value, error } = require_schema_index.claims[name].validate(result);
-			if (error) throw new Error(`Invalid ${name} claim: ${error.message}`);
-			return value;
-		}));
-	}
-	async getClaimInfo({ claim, context, extraParams }) {
-		const { userDid, userPk, didwallet } = context;
-		const result = typeof claim === "function" ? await claim({
-			userDid: userDid ? (0, _arcblock_did.toAddress)(userDid) : "",
-			userPk: userPk || "",
-			didwallet,
-			extraParams,
-			context
-		}) : claim;
-		const infoParams = {
-			...context,
-			...extraParams
-		};
-		result.chainInfo = await this.getChainInfo(infoParams, result.chainInfo);
-		return result;
-	}
-	async signature({ claim, context, extraParams }) {
-		const { data, type = "mime:text/plain", digest = "", method = "sha3", wallet, sender, display, description: desc, chainInfo: chainInfo$1, meta = {}, mfa = false, nonce = "", requirement = {
-			tokens: [],
-			assets: {}
-		} } = await this.getClaimInfo({
-			claim,
-			context,
-			extraParams
-		});
-		debug("claim.signature", {
-			data,
-			digest,
-			type,
-			sender,
-			context,
-			nonce,
-			requirement
-		});
-		if (!data && !digest) throw new Error("Signature claim requires either data or digest to be provided");
-		const description = desc || "Sign this transaction to continue.";
-		if (type.endsWith("Tx")) {
-			if (!chainInfo$1.host) throw new Error("Invalid chainInfo when trying to encoding transaction");
-			const client = new _ocap_client.default(chainInfo$1.host);
-			if (typeof client[`encode${type}`] !== "function") throw new Error(`Unsupported transaction type ${type}`);
-			if (!data.pk) data.pk = context.userPk;
-			try {
-				const { buffer: txBuffer } = await client[`encode${type}`]({
-					tx: data,
-					wallet: wallet || (0, _ocap_wallet.fromAddress)(sender || context.userDid)
-				});
-				return {
-					type: "signature",
-					description,
-					typeUrl: "fg:t:transaction",
-					origin: (0, _ocap_util.toBase58)(txBuffer),
-					method,
-					display: WalletAuthenticator.formatDisplay(display),
-					digest: "",
-					chainInfo: chainInfo$1,
-					meta,
-					mfa,
-					nonce,
-					requirement
-				};
-			} catch (err) {
-				throw new Error(`Failed to encode transaction: ${err.message}`);
-			}
-		}
-		if (type === "fg:t:transaction") return {
-			type: "signature",
-			description,
-			typeUrl: "fg:t:transaction",
-			origin: (0, _ocap_util.toBase58)(data),
-			display: WalletAuthenticator.formatDisplay(display),
-			method,
-			digest: "",
-			chainInfo: chainInfo$1,
-			meta,
-			mfa,
-			nonce,
-			requirement
-		};
-		return {
-			type: "signature",
-			description: desc || "Sign this message to continue.",
-			origin: data ? (0, _ocap_util.toBase58)(data) : "",
-			typeUrl: type,
-			display: WalletAuthenticator.formatDisplay(display),
-			method,
-			digest,
-			chainInfo: chainInfo$1,
-			meta,
-			mfa,
-			nonce,
-			requirement
-		};
-	}
-	async prepareTx({ claim, context, extraParams }) {
-		const { partialTx, requirement = {
-			tokens: [],
-			assets: {}
-		}, type, display, wallet, sender, description: desc, chainInfo: chainInfo$1, meta = {}, mfa = false, nonce = "" } = await this.getClaimInfo({
-			claim,
-			context,
-			extraParams
-		});
-		debug("claim.prepareTx", {
-			partialTx,
-			requirement,
-			type,
-			sender,
-			context
-		});
-		if (!partialTx || !requirement) throw new Error("prepareTx claim requires both partialTx and requirement to be provided");
-		const description = desc || "Prepare and sign this transaction to continue.";
-		if (type?.endsWith("Tx")) {
-			if (!chainInfo$1.host) throw new Error("Invalid chainInfo when trying to encoding partial transaction");
-			const client = new _ocap_client.default(chainInfo$1.host);
-			if (typeof client[`encode${type}`] !== "function") throw new Error(`Unsupported transaction type ${type} when encoding partial transaction`);
-			if (!partialTx.pk) partialTx.pk = context.userPk;
-			try {
-				const { buffer: txBuffer } = await client[`encode${type}`]({
-					tx: partialTx,
-					wallet: wallet || (0, _ocap_wallet.fromAddress)(sender || context.userDid)
-				});
-				return {
-					type: "prepareTx",
-					description,
-					partialTx: (0, _ocap_util.toBase58)(txBuffer),
-					display: WalletAuthenticator.formatDisplay(display),
-					requirement,
-					chainInfo: chainInfo$1,
-					meta,
-					mfa,
-					nonce
-				};
-			} catch (err) {
-				throw new Error(`Failed to encode partial transaction: ${err.message}`);
-			}
-		}
-		return {
-			type: "prepareTx",
-			description,
-			partialTx: (0, _ocap_util.toBase58)(partialTx),
-			requirement,
-			display: WalletAuthenticator.formatDisplay(display),
-			chainInfo: chainInfo$1,
-			meta,
-			mfa,
-			nonce
-		};
-	}
-	_validateAppInfo(info, allowEmpty = false) {
-		if (typeof info === "function") return info;
-		if (!info) {
-			if (allowEmpty === false) throw new Error("Wallet authenticator can not work with invalid appInfo: empty");
-			return null;
-		}
-		const { value, error } = require_schema_index.appInfo.validate(info);
-		if (error) throw new Error(`Wallet authenticator can not work with invalid appInfo: ${error.message}`);
-		return value;
-	}
-	_isValidChainInfo(x) {
-		const { error } = require_schema_index.chainInfo.validate(x);
-		return !error;
-	}
-	tryWithTimeout(asyncFn, label = "") {
-		if (typeof asyncFn !== "function") throw new Error("asyncFn must be a valid function when calling tryWithTimeout");
-		const timeout = Number(this.timeout) || DEFAULT_TIMEOUT;
-		const inferredLabel = label || asyncFn.name || asyncFn.toString();
-		const invocationStack = (/* @__PURE__ */ new Error(`Timeout at: ${inferredLabel}`)).stack;
-		return new Promise(async (resolve, reject) => {
-			const timer = setTimeout(() => {
-				const error = /* @__PURE__ */ new Error(`Async operation (${inferredLabel}) did not complete within ${timeout} ms`);
-				error.stack = invocationStack;
-				error.name = "TIMEOUT";
-				reject(error);
-			}, timeout);
-			try {
-				resolve(await asyncFn());
-			} catch (err) {
-				reject(err);
-			} finally {
-				clearTimeout(timer);
-			}
-		});
-	}
-};
-var wallet_default = WalletAuthenticator;
-
-//#endregion
-exports.default = wallet_default;