@astrox/authentication 0.0.24 → 0.0.30

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,73 @@
1
+ import { PublicKey } from '@astrox/agent';
2
+ import { DelegationChain } from '@astrox/identity';
3
+ import { Principal } from '@astrox/principal';
4
+ /**
5
+ * Options for {@link createAuthenticationRequestUrl}. All these options may be limited
6
+ * further by the identity provider, or an error can happen.
7
+ */
8
+ export interface CreateUrlOptions {
9
+ /**
10
+ * The public key to delegate to. This should be the public key of the session key.
11
+ */
12
+ publicKey: PublicKey;
13
+ /**
14
+ * The scope of the delegation. This must contain at least one key and a maximum
15
+ * of four. This is validated in {@link createAuthenticationRequestUrl} but also
16
+ * will be validated as part of the identity provider.
17
+ */
18
+ scope: Array<string | Principal>;
19
+ /**
20
+ * The URI to redirect to, after authentication. By default, `window.location.origin`.
21
+ */
22
+ redirectUri?: string;
23
+ /**
24
+ * The URL base to use for the identity provider.
25
+ * By default, this is "https://auth.ic0.app/authorize".
26
+ */
27
+ identityProvider?: URL | string;
28
+ }
29
+ /**
30
+ * List of things to check for a delegation chain validity.
31
+ */
32
+ export interface DelegationValidChecks {
33
+ /**
34
+ * Check that the scope is amongst the scopes that this delegation has access to.
35
+ */
36
+ scope?: Principal | string | Array<Principal | string>;
37
+ }
38
+ /**
39
+ * A parsed access token.
40
+ */
41
+ export declare type AccessToken = string & {
42
+ _BRAND: 'access_token';
43
+ };
44
+ /**
45
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
46
+ * the authentication provider). Will throw if some options are invalid.
47
+ * @param options An option with all options for the authentication request.
48
+ */
49
+ export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
50
+ /**
51
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
52
+ * the {@link getAccessTokenFromURL} function.
53
+ *
54
+ * An access token is needed to create a DelegationChain object.
55
+ */
56
+ export declare function getAccessTokenFromWindow(): AccessToken | null;
57
+ /**
58
+ * Analyze a URL and try to extract an AccessToken from it.
59
+ * @param url The URL to look into.
60
+ */
61
+ export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
62
+ /**
63
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
64
+ * @param accessToken The access token extracted from a redirect URL.
65
+ */
66
+ export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
67
+ /**
68
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
69
+ * scope.
70
+ * @param chain The chain to validate.
71
+ * @param checks Various checks to validate on the chain.
72
+ */
73
+ export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;
@@ -0,0 +1,132 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.isDelegationValid = exports.createDelegationChainFromAccessToken = exports.getAccessTokenFromURL = exports.getAccessTokenFromWindow = exports.createAuthenticationRequestUrl = void 0;
4
+ const identity_1 = require("@astrox/identity");
5
+ const principal_1 = require("@astrox/principal");
6
+ const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
7
+ function toHexString(bytes) {
8
+ return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
9
+ }
10
+ function _getDefaultLocation() {
11
+ if (typeof window === 'undefined') {
12
+ throw new Error('Could not find default location.');
13
+ }
14
+ return window.location.origin;
15
+ }
16
+ /**
17
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
18
+ * the authentication provider). Will throw if some options are invalid.
19
+ * @param options An option with all options for the authentication request.
20
+ */
21
+ function createAuthenticationRequestUrl(options) {
22
+ var _a, _b, _c;
23
+ const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
24
+ url.searchParams.set('response_type', 'token');
25
+ url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
26
+ url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
27
+ url.searchParams.set('scope', options.scope
28
+ .map(p => {
29
+ if (typeof p === 'string') {
30
+ return principal_1.Principal.fromText(p);
31
+ }
32
+ else {
33
+ return p;
34
+ }
35
+ })
36
+ .map(p => p.toString())
37
+ .join(' '));
38
+ url.searchParams.set('state', '');
39
+ return url;
40
+ }
41
+ exports.createAuthenticationRequestUrl = createAuthenticationRequestUrl;
42
+ /**
43
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
44
+ * the {@link getAccessTokenFromURL} function.
45
+ *
46
+ * An access token is needed to create a DelegationChain object.
47
+ */
48
+ function getAccessTokenFromWindow() {
49
+ if (typeof window === 'undefined') {
50
+ return null;
51
+ }
52
+ return getAccessTokenFromURL(new URL(window.location.href));
53
+ }
54
+ exports.getAccessTokenFromWindow = getAccessTokenFromWindow;
55
+ /**
56
+ * Analyze a URL and try to extract an AccessToken from it.
57
+ * @param url The URL to look into.
58
+ */
59
+ function getAccessTokenFromURL(url) {
60
+ // Remove the `#` at the start.
61
+ const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
62
+ return hashParams.get('access_token');
63
+ }
64
+ exports.getAccessTokenFromURL = getAccessTokenFromURL;
65
+ /**
66
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
67
+ * @param accessToken The access token extracted from a redirect URL.
68
+ */
69
+ function createDelegationChainFromAccessToken(accessToken) {
70
+ // Transform the HEXADECIMAL string into the JSON it represents.
71
+ if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
72
+ throw new Error('Invalid hexadecimal string for accessToken.');
73
+ }
74
+ const chainJson = [...accessToken]
75
+ .reduce((acc, curr, i) => {
76
+ // tslint:disable-next-line:no-bitwise
77
+ acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
78
+ return acc;
79
+ }, [])
80
+ .map(x => Number.parseInt(x, 16))
81
+ .map(x => String.fromCharCode(x))
82
+ .join('');
83
+ return identity_1.DelegationChain.fromJSON(chainJson);
84
+ }
85
+ exports.createDelegationChainFromAccessToken = createDelegationChainFromAccessToken;
86
+ /**
87
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
88
+ * scope.
89
+ * @param chain The chain to validate.
90
+ * @param checks Various checks to validate on the chain.
91
+ */
92
+ function isDelegationValid(chain, checks) {
93
+ // Verify that the no delegation is expired. If any are in the chain, returns false.
94
+ for (const { delegation } of chain.delegations) {
95
+ // prettier-ignore
96
+ if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
97
+ return false;
98
+ }
99
+ }
100
+ // Check the scopes.
101
+ const scopes = [];
102
+ const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
103
+ if (maybeScope) {
104
+ if (Array.isArray(maybeScope)) {
105
+ scopes.push(...maybeScope.map(s => (typeof s === 'string' ? principal_1.Principal.fromText(s) : s)));
106
+ }
107
+ else {
108
+ scopes.push(typeof maybeScope === 'string' ? principal_1.Principal.fromText(maybeScope) : maybeScope);
109
+ }
110
+ }
111
+ for (const s of scopes) {
112
+ const scope = s.toText();
113
+ for (const { delegation } of chain.delegations) {
114
+ if (delegation.targets === undefined) {
115
+ continue;
116
+ }
117
+ let none = true;
118
+ for (const target of delegation.targets) {
119
+ if (target.toText() === scope) {
120
+ none = false;
121
+ break;
122
+ }
123
+ }
124
+ if (none) {
125
+ return false;
126
+ }
127
+ }
128
+ }
129
+ return true;
130
+ }
131
+ exports.isDelegationValid = isDelegationValid;
132
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;AACA,+CAAmD;AACnD,iDAA8C;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,SAAgB,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AArBD,wEAqBC;AAED;;;;;GAKG;AACH,SAAgB,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AALD,4DAKC;AAED;;;GAGG;AACH,SAAgB,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAJD,sDAIC;AAED;;;GAGG;AACH,SAAgB,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,0BAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAhBD,oFAgBC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,qBAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAzCD,8CAyCC"}
@@ -0,0 +1,73 @@
1
+ import { PublicKey } from '@astrox/agent';
2
+ import { DelegationChain } from '@astrox/identity';
3
+ import { Principal } from '@astrox/principal';
4
+ /**
5
+ * Options for {@link createAuthenticationRequestUrl}. All these options may be limited
6
+ * further by the identity provider, or an error can happen.
7
+ */
8
+ export interface CreateUrlOptions {
9
+ /**
10
+ * The public key to delegate to. This should be the public key of the session key.
11
+ */
12
+ publicKey: PublicKey;
13
+ /**
14
+ * The scope of the delegation. This must contain at least one key and a maximum
15
+ * of four. This is validated in {@link createAuthenticationRequestUrl} but also
16
+ * will be validated as part of the identity provider.
17
+ */
18
+ scope: Array<string | Principal>;
19
+ /**
20
+ * The URI to redirect to, after authentication. By default, `window.location.origin`.
21
+ */
22
+ redirectUri?: string;
23
+ /**
24
+ * The URL base to use for the identity provider.
25
+ * By default, this is "https://auth.ic0.app/authorize".
26
+ */
27
+ identityProvider?: URL | string;
28
+ }
29
+ /**
30
+ * List of things to check for a delegation chain validity.
31
+ */
32
+ export interface DelegationValidChecks {
33
+ /**
34
+ * Check that the scope is amongst the scopes that this delegation has access to.
35
+ */
36
+ scope?: Principal | string | Array<Principal | string>;
37
+ }
38
+ /**
39
+ * A parsed access token.
40
+ */
41
+ export declare type AccessToken = string & {
42
+ _BRAND: 'access_token';
43
+ };
44
+ /**
45
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
46
+ * the authentication provider). Will throw if some options are invalid.
47
+ * @param options An option with all options for the authentication request.
48
+ */
49
+ export declare function createAuthenticationRequestUrl(options: CreateUrlOptions): URL;
50
+ /**
51
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
52
+ * the {@link getAccessTokenFromURL} function.
53
+ *
54
+ * An access token is needed to create a DelegationChain object.
55
+ */
56
+ export declare function getAccessTokenFromWindow(): AccessToken | null;
57
+ /**
58
+ * Analyze a URL and try to extract an AccessToken from it.
59
+ * @param url The URL to look into.
60
+ */
61
+ export declare function getAccessTokenFromURL(url: URL | string): AccessToken | null;
62
+ /**
63
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
64
+ * @param accessToken The access token extracted from a redirect URL.
65
+ */
66
+ export declare function createDelegationChainFromAccessToken(accessToken: AccessToken): DelegationChain;
67
+ /**
68
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
69
+ * scope.
70
+ * @param chain The chain to validate.
71
+ * @param checks Various checks to validate on the chain.
72
+ */
73
+ export declare function isDelegationValid(chain: DelegationChain, checks?: DelegationValidChecks): boolean;
@@ -0,0 +1,124 @@
1
+ import { DelegationChain } from '@astrox/identity';
2
+ import { Principal } from '@astrox/principal';
3
+ const DEFAULT_IDENTITY_PROVIDER_URL = 'https://auth.ic0.app/authorize';
4
+ function toHexString(bytes) {
5
+ return new Uint8Array(bytes).reduce((str, byte) => str + byte.toString(16).padStart(2, '0'), '');
6
+ }
7
+ function _getDefaultLocation() {
8
+ if (typeof window === 'undefined') {
9
+ throw new Error('Could not find default location.');
10
+ }
11
+ return window.location.origin;
12
+ }
13
+ /**
14
+ * Create a URL that can be used to redirect the browser to request authentication (e.g. using
15
+ * the authentication provider). Will throw if some options are invalid.
16
+ * @param options An option with all options for the authentication request.
17
+ */
18
+ export function createAuthenticationRequestUrl(options) {
19
+ var _a, _b, _c;
20
+ const url = new URL((_b = (_a = options.identityProvider) === null || _a === void 0 ? void 0 : _a.toString()) !== null && _b !== void 0 ? _b : DEFAULT_IDENTITY_PROVIDER_URL);
21
+ url.searchParams.set('response_type', 'token');
22
+ url.searchParams.set('login_hint', toHexString(options.publicKey.toDer()));
23
+ url.searchParams.set('redirect_uri', (_c = options.redirectUri) !== null && _c !== void 0 ? _c : _getDefaultLocation());
24
+ url.searchParams.set('scope', options.scope
25
+ .map(p => {
26
+ if (typeof p === 'string') {
27
+ return Principal.fromText(p);
28
+ }
29
+ else {
30
+ return p;
31
+ }
32
+ })
33
+ .map(p => p.toString())
34
+ .join(' '));
35
+ url.searchParams.set('state', '');
36
+ return url;
37
+ }
38
+ /**
39
+ * Returns an AccessToken from the Window object. This cannot be used in Node, instead use
40
+ * the {@link getAccessTokenFromURL} function.
41
+ *
42
+ * An access token is needed to create a DelegationChain object.
43
+ */
44
+ export function getAccessTokenFromWindow() {
45
+ if (typeof window === 'undefined') {
46
+ return null;
47
+ }
48
+ return getAccessTokenFromURL(new URL(window.location.href));
49
+ }
50
+ /**
51
+ * Analyze a URL and try to extract an AccessToken from it.
52
+ * @param url The URL to look into.
53
+ */
54
+ export function getAccessTokenFromURL(url) {
55
+ // Remove the `#` at the start.
56
+ const hashParams = new URLSearchParams(new URL(url.toString()).hash.substr(1));
57
+ return hashParams.get('access_token');
58
+ }
59
+ /**
60
+ * Create a DelegationChain from an AccessToken extracted from a redirect URL.
61
+ * @param accessToken The access token extracted from a redirect URL.
62
+ */
63
+ export function createDelegationChainFromAccessToken(accessToken) {
64
+ // Transform the HEXADECIMAL string into the JSON it represents.
65
+ if (/[^0-9a-fA-F]/.test(accessToken) || accessToken.length % 2) {
66
+ throw new Error('Invalid hexadecimal string for accessToken.');
67
+ }
68
+ const chainJson = [...accessToken]
69
+ .reduce((acc, curr, i) => {
70
+ // tslint:disable-next-line:no-bitwise
71
+ acc[(i / 2) | 0] = (acc[(i / 2) | 0] || '') + curr;
72
+ return acc;
73
+ }, [])
74
+ .map(x => Number.parseInt(x, 16))
75
+ .map(x => String.fromCharCode(x))
76
+ .join('');
77
+ return DelegationChain.fromJSON(chainJson);
78
+ }
79
+ /**
80
+ * Analyze a DelegationChain and validate that it's valid, ie. not expired and apply to the
81
+ * scope.
82
+ * @param chain The chain to validate.
83
+ * @param checks Various checks to validate on the chain.
84
+ */
85
+ export function isDelegationValid(chain, checks) {
86
+ // Verify that the no delegation is expired. If any are in the chain, returns false.
87
+ for (const { delegation } of chain.delegations) {
88
+ // prettier-ignore
89
+ if (+new Date(Number(delegation.expiration / BigInt(1000000))) <= +Date.now()) {
90
+ return false;
91
+ }
92
+ }
93
+ // Check the scopes.
94
+ const scopes = [];
95
+ const maybeScope = checks === null || checks === void 0 ? void 0 : checks.scope;
96
+ if (maybeScope) {
97
+ if (Array.isArray(maybeScope)) {
98
+ scopes.push(...maybeScope.map(s => (typeof s === 'string' ? Principal.fromText(s) : s)));
99
+ }
100
+ else {
101
+ scopes.push(typeof maybeScope === 'string' ? Principal.fromText(maybeScope) : maybeScope);
102
+ }
103
+ }
104
+ for (const s of scopes) {
105
+ const scope = s.toText();
106
+ for (const { delegation } of chain.delegations) {
107
+ if (delegation.targets === undefined) {
108
+ continue;
109
+ }
110
+ let none = true;
111
+ for (const target of delegation.targets) {
112
+ if (target.toText() === scope) {
113
+ none = false;
114
+ break;
115
+ }
116
+ }
117
+ if (none) {
118
+ return false;
119
+ }
120
+ }
121
+ }
122
+ return true;
123
+ }
124
+ //# sourceMappingURL=index.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAC;AAE9C,MAAM,6BAA6B,GAAG,gCAAgC,CAAC;AAEvE,SAAS,WAAW,CAAC,KAAkB;IACrC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,CAAC,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC;AACnG,CAAC;AAED,SAAS,mBAAmB;IAC1B,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;KACrD;IAED,OAAO,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;AAChC,CAAC;AA8CD;;;;GAIG;AACH,MAAM,UAAU,8BAA8B,CAAC,OAAyB;;IACtE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAA,MAAA,OAAO,CAAC,gBAAgB,0CAAE,QAAQ,EAAE,mCAAI,6BAA6B,CAAC,CAAC;IAC3F,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAC/C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC3E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAA,OAAO,CAAC,WAAW,mCAAI,mBAAmB,EAAE,CAAC,CAAC;IACnF,GAAG,CAAC,YAAY,CAAC,GAAG,CAClB,OAAO,EACP,OAAO,CAAC,KAAK;SACV,GAAG,CAAC,CAAC,CAAC,EAAE;QACP,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE;YACzB,OAAO,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,CAAC,CAAC;SACV;IACH,CAAC,CAAC;SACD,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;SACtB,IAAI,CAAC,GAAG,CAAC,CACb,CAAC;IACF,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAElC,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,wBAAwB;IACtC,IAAI,OAAO,MAAM,KAAK,WAAW,EAAE;QACjC,OAAO,IAAI,CAAC;KACb;IACD,OAAO,qBAAqB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,GAAiB;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/E,OAAO,UAAU,CAAC,GAAG,CAAC,cAAc,CAAuB,CAAC;AAC9D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,oCAAoC,CAAC,WAAwB;IAC3E,gEAAgE;IAChE,IAAI,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE;QAC9D,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;KAChE;IACD,MAAM,SAAS,GAAG,CAAC,GAAG,WAAW,CAAC;SAC/B,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE;QACvB,sCAAsC;QACtC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC,GAAG,IAAI,CAAC;QACnD,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAAc,CAAC;SACjB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;SAChC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;SAChC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEZ,OAAO,eAAe,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;AAC7C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,KAAsB,EAAE,MAA8B;IACtF,oFAAoF;IACpF,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;QAC9C,kBAAkB;QAClB,IAAI,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,EAAE;YAC7E,OAAO,KAAK,CAAC;SACd;KACF;IAED,oBAAoB;IACpB,MAAM,MAAM,GAAgB,EAAE,CAAC;IAC/B,MAAM,UAAU,GAAG,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,KAAK,CAAC;IACjC,IAAI,UAAU,EAAE;QACd,IAAI,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE;YAC7B,MAAM,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC1F;aAAM;YACL,MAAM,CAAC,IAAI,CAAC,OAAO,UAAU,KAAK,QAAQ,CAAC,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;SAC3F;KACF;IAED,KAAK,MAAM,CAAC,IAAI,MAAM,EAAE;QACtB,MAAM,KAAK,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;QACzB,KAAK,MAAM,EAAE,UAAU,EAAE,IAAI,KAAK,CAAC,WAAW,EAAE;YAC9C,IAAI,UAAU,CAAC,OAAO,KAAK,SAAS,EAAE;gBACpC,SAAS;aACV;YAED,IAAI,IAAI,GAAG,IAAI,CAAC;YAChB,KAAK,MAAM,MAAM,IAAI,UAAU,CAAC,OAAO,EAAE;gBACvC,IAAI,MAAM,CAAC,MAAM,EAAE,KAAK,KAAK,EAAE;oBAC7B,IAAI,GAAG,KAAK,CAAC;oBACb,MAAM;iBACP;aACF;YACD,IAAI,IAAI,EAAE;gBACR,OAAO,KAAK,CAAC;aACd;SACF;KACF;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}