@blocklet/meta 1.16.39 → 1.16.40-beta-20250227-095906-fc9de90b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/security.d.ts +8 -0
  2. package/lib/security.js +55 -0
  3. package/package.json +14 -14
package/lib/security.d.ts CHANGED
@@ -5,3 +5,11 @@ export declare function signResponse<T extends Record<string, any>>(data: T, wal
5
5
  export declare function verifyResponse<T extends Record<string, any>>(signed: T & {
6
6
  $signature?: string;
7
7
  }, wallet: WalletObject): Promise<boolean>;
8
+ type VaultRecord = {
9
+ pk: string;
10
+ did: string;
11
+ at: number;
12
+ sig: string;
13
+ };
14
+ export declare function verifyVault(vaults: VaultRecord[], appId: string, throwOnError?: boolean): Promise<string>;
15
+ export {};
package/lib/security.js CHANGED
@@ -5,8 +5,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
6
  exports.signResponse = signResponse;
7
7
  exports.verifyResponse = verifyResponse;
8
+ exports.verifyVault = verifyVault;
8
9
  const omit_1 = __importDefault(require("lodash/omit"));
9
10
  const json_stable_stringify_1 = __importDefault(require("json-stable-stringify"));
11
+ const wallet_1 = require("@ocap/wallet");
12
+ const did_1 = require("@arcblock/did");
10
13
  function signResponse(data, wallet) {
11
14
  const payload = (0, json_stable_stringify_1.default)(data);
12
15
  const signature = wallet.sign(payload);
@@ -19,3 +22,55 @@ function verifyResponse(signed, wallet) {
19
22
  }
20
23
  return Promise.resolve(wallet.verify((0, json_stable_stringify_1.default)((0, omit_1.default)(signed, '$signature')), signed.$signature));
21
24
  }
25
+ async function verifyVault(vaults, appId, throwOnError = false) {
26
+ // return empty string if the vaults list is empty
27
+ if (!Array.isArray(vaults) || vaults.length === 0) {
28
+ if (throwOnError) {
29
+ throw new Error('Blocklet vaults list is empty');
30
+ }
31
+ return '';
32
+ }
33
+ // throws if the vaults list is not in ascending order by `at` field
34
+ for (let i = 1; i < vaults.length; i++) {
35
+ if (vaults[i].at <= vaults[i - 1].at) {
36
+ if (throwOnError) {
37
+ throw new Error('Blocklet vaults are not in ascending order');
38
+ }
39
+ return '';
40
+ }
41
+ }
42
+ // throw if there are duplicate vaults
43
+ const uniqueVaults = new Set(vaults.map((vault) => vault.did));
44
+ if (uniqueVaults.size !== vaults.length) {
45
+ if (throwOnError) {
46
+ throw new Error('Blocklet vaults list has duplicate vaults');
47
+ }
48
+ return '';
49
+ }
50
+ // verify signature for each vault
51
+ let data = Buffer.from(`vault:${appId}`);
52
+ for (let i = 0; i < vaults.length; i++) {
53
+ const vault = vaults[i];
54
+ const wallet = (0, wallet_1.fromPublicKey)(vault.pk, (0, did_1.toTypeInfo)(vault.did));
55
+ data = Buffer.concat([data, Buffer.from(`\n${vault.did}`)]);
56
+ try {
57
+ // eslint-disable-next-line no-await-in-loop
58
+ if ((await wallet.verify(data, vault.sig)) === false) {
59
+ if (throwOnError) {
60
+ throw new Error(`Blocklet vault signature verification failed for ${vault.did}`);
61
+ }
62
+ return '';
63
+ }
64
+ }
65
+ catch (err) {
66
+ if (process.env.NODE_ENV !== 'test') {
67
+ console.error(err);
68
+ }
69
+ if (throwOnError) {
70
+ throw new Error(`Blocklet vault signature verification failed for ${vault.did}`);
71
+ }
72
+ return '';
73
+ }
74
+ }
75
+ return vaults[vaults.length - 1].did;
76
+ }
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "1.16.39",
6
+ "version": "1.16.40-beta-20250227-095906-fc9de90b",
7
7
  "description": "Library to parse/validate/fix blocklet meta",
8
8
  "main": "./lib/index.js",
9
9
  "typings": "./lib/index.d.ts",
@@ -25,18 +25,18 @@
25
25
  "author": "wangshijun <wangshijun2020@gmail.com> (http://github.com/wangshijun)",
26
26
  "license": "Apache-2.0",
27
27
  "dependencies": {
28
- "@abtnode/constant": "1.16.39",
29
- "@abtnode/docker-utils": "1.16.39",
30
- "@arcblock/did": "1.19.10",
31
- "@arcblock/did-ext": "1.19.10",
32
- "@arcblock/did-util": "1.19.10",
33
- "@arcblock/jwt": "1.19.10",
34
- "@blocklet/constant": "1.16.39",
35
- "@ocap/asset": "1.19.10",
36
- "@ocap/mcrypto": "1.19.10",
37
- "@ocap/types": "1.19.10",
38
- "@ocap/util": "1.19.10",
39
- "@ocap/wallet": "1.19.10",
28
+ "@abtnode/constant": "1.16.40-beta-20250227-095906-fc9de90b",
29
+ "@abtnode/docker-utils": "1.16.40-beta-20250227-095906-fc9de90b",
30
+ "@arcblock/did": "1.19.12",
31
+ "@arcblock/did-ext": "1.19.12",
32
+ "@arcblock/did-util": "1.19.12",
33
+ "@arcblock/jwt": "1.19.12",
34
+ "@blocklet/constant": "1.16.40-beta-20250227-095906-fc9de90b",
35
+ "@ocap/asset": "1.19.12",
36
+ "@ocap/mcrypto": "1.19.12",
37
+ "@ocap/types": "1.19.12",
38
+ "@ocap/util": "1.19.12",
39
+ "@ocap/wallet": "1.19.12",
40
40
  "ajv": "^8.11.0",
41
41
  "axios": "^1.7.9",
42
42
  "cjk-length": "^1.0.0",
@@ -80,5 +80,5 @@
80
80
  "ts-node": "^10.9.1",
81
81
  "typescript": "^5.6.3"
82
82
  },
83
- "gitHead": "e3a614757b32dba71dcc187f20060932df31eab6"
83
+ "gitHead": "c5f6a14ce5435a615c75c4a0033415fcf51fae89"
84
84
  }