@blocklet/sdk 1.16.14-beta-1936d3d0 → 1.16.14-beta-dc99d0a2

package/lib/connect/authenticator.d.ts

@@ -1,5 +1,6 @@
 import { Authenticator } from '@did-connect/authenticator';
 declare class BlockletAuthenticator extends Authenticator {
     constructor(options?: {});
+    private authClient;
 }
 export = BlockletAuthenticator;

package/lib/connect/authenticator.js

@@ -6,6 +6,7 @@ const authenticator_1 = require("@did-connect/authenticator");
 const wallet_1 = __importDefault(require("../wallet"));
 const check_blocklet_env_1 = __importDefault(require("../util/check-blocklet-env"));
 const shared_1 = require("./shared");
+const auth_1 = __importDefault(require("../service/auth"));
 class BlockletAuthenticator extends authenticator_1.Authenticator {
     constructor(options = {}) {
         (0, check_blocklet_env_1.default)();
@@ -13,6 +14,7 @@ class BlockletAuthenticator extends authenticator_1.Authenticator {
             wallet: (0, wallet_1.default)(),
             ...(0, shared_1.getAuthenticatorProps)(options),
         });
+        this.authClient = new auth_1.default();
     }
 }
 module.exports = BlockletAuthenticator;

package/lib/connect/shared.d.ts

@@ -12,8 +12,12 @@ declare const getAuthenticatorProps: (options?: {}) => {
         subscriptionEndpoint: string;
         nodeDid: string | undefined;
     }>;
-    delegator: () => WalletObject<string>;
-    delegation: () => string;
+    delegator({ request }: {
+        request: any;
+    }): Promise<WalletObject<any>>;
+    delegation({ request }: {
+        request: any;
+    }): Promise<any>;
     chainInfo: () => {
         type: "arcblock" | "ethereum" | "solona";
         id: string;

package/lib/connect/shared.js

@@ -7,15 +7,19 @@ exports.getAuthenticatorProps = exports.getDelegatee = exports.getDelegator = ex
 const url_join_1 = __importDefault(require("url-join"));
 const jwt_1 = require("@arcblock/jwt");
 const util_1 = require("@blocklet/meta/lib/util");
+const wallet_1 = require("@ocap/wallet");
+const constant_1 = require("@blocklet/constant");
+const mcrypto_1 = require("@ocap/mcrypto");
+const get_1 = __importDefault(require("lodash/get"));
 const constants_1 = require("../util/constants");
-const wallet_1 = __importDefault(require("../wallet"));
+const wallet_2 = __importDefault(require("../wallet"));
 // wraps value in closure or returns closure
 const closure = (value) => (typeof value === 'function' ? value : () => value);
 const getDelegator = () => {
     // BLOCKLET_WALLET_TYPE is for backward compatibility
     const { BLOCKLET_APP_SK, BLOCKLET_APP_PSK, BLOCKLET_WALLET_TYPE, CHAIN_TYPE } = process.env;
     if (BLOCKLET_APP_SK && BLOCKLET_APP_PSK && BLOCKLET_APP_SK !== BLOCKLET_APP_PSK) {
-        return (0, wallet_1.default)(CHAIN_TYPE || BLOCKLET_WALLET_TYPE, BLOCKLET_APP_PSK);
+        return (0, wallet_2.default)(CHAIN_TYPE || BLOCKLET_WALLET_TYPE, BLOCKLET_APP_PSK);
     }
     return null;
 };
@@ -23,7 +27,7 @@ exports.getDelegator = getDelegator;
 const getDelegatee = () => {
     // BLOCKLET_WALLET_TYPE is for backward compatibility
     const { BLOCKLET_APP_SK, BLOCKLET_WALLET_TYPE, CHAIN_TYPE } = process.env;
-    return (0, wallet_1.default)(CHAIN_TYPE || BLOCKLET_WALLET_TYPE, BLOCKLET_APP_SK);
+    return (0, wallet_2.default)(CHAIN_TYPE || BLOCKLET_WALLET_TYPE, BLOCKLET_APP_SK);
 };
 exports.getDelegatee = getDelegatee;
 const getDelegation = (delegator, delegatee) => {
@@ -49,6 +53,9 @@ const getDelegation = (delegator, delegatee) => {
     });
 };
 exports.getDelegation = getDelegation;
+function getProvider(request) {
+    return request.headers['x-user-provider'] || constant_1.LOGIN_PROVIDER.WALLET;
+}
 const getAuthenticatorProps = (options = {}) => ({
     chainInfo: () => (0, util_1.getChainInfo)(process.env),
     ...options,
@@ -56,6 +63,12 @@ const getAuthenticatorProps = (options = {}) => ({
         const info = await closure(options.appInfo)(...args);
         const { request, baseUrl } = args[0];
         const groupPathPrefix = request.headers['x-group-path-prefix'] || '/';
+        let agentDid;
+        const provider = getProvider(request);
+        // federated 登录模式下，需要告知原有的 blocklet-did
+        if (provider === constant_1.LOGIN_PROVIDER.FEDERATED) {
+            agentDid = process.env.BLOCKLET_DID;
+        }
         return {
             name: process.env.BLOCKLET_APP_NAME,
             description: process.env.BLOCKLET_APP_DESCRIPTION,
@@ -65,13 +78,52 @@ const getAuthenticatorProps = (options = {}) => ({
             updateSubEndpoint: true,
             subscriptionEndpoint: (0, url_join_1.default)(groupPathPrefix, constants_1.SERVICE_PREFIX, 'websocket'),
             nodeDid: process.env.ABT_NODE_DID,
+            agentDid,
         };
     },
-    delegator: () => {
+    async delegator({ request }) {
+        const provider = getProvider(request);
+        if (provider === constant_1.LOGIN_PROVIDER.FEDERATED) {
+            let blocklet;
+            try {
+                ({ blocklet } = await this.authClient.getBlocklet());
+            }
+            catch {
+                throw new Error('failed to get blocklet');
+            }
+            const pk = (0, get_1.default)(blocklet, 'settings.federated.sites[0].pk');
+            if (pk) {
+                // NOTE: 这里的 type 参数必须保持跟生成 blocklet 时使用的是一致的
+                const type = {
+                    role: mcrypto_1.types.RoleType.ROLE_APPLICATION,
+                    pk: mcrypto_1.types.KeyType.ED25519,
+                    hash: mcrypto_1.types.HashType.SHA3,
+                    address: mcrypto_1.types.EncodingType.BASE58,
+                };
+                const delegator = (0, wallet_1.fromPublicKey)(pk, type);
+                return delegator;
+            }
+            throw new Error('federated login master-site pk not found');
+        }
         const delegator = getDelegator();
         return delegator;
     },
-    delegation: () => {
+    async delegation({ request }) {
+        const provider = getProvider(request);
+        if (provider === constant_1.LOGIN_PROVIDER.FEDERATED) {
+            let blocklet;
+            try {
+                ({ blocklet } = await this.authClient.getBlocklet());
+            }
+            catch {
+                throw new Error('failed to get blocklet');
+            }
+            const delegation = (0, get_1.default)(blocklet, 'settings.federated.config.delegation');
+            if (delegation) {
+                return delegation;
+            }
+            throw new Error('federated login master-site granted delegation not found');
+        }
         const delegator = getDelegator();
         if (delegator) {
             const delegatee = getDelegatee();

package/lib/service/auth.d.ts

@@ -41,5 +41,6 @@ interface AuthService {
     createPermission(args: OmitTeamDid<Client.RequestCreatePermissionInput>): Promise<Client.ResponsePermission>;
     updatePermission(args: OmitTeamDid<Client.PermissionInput>): Promise<Client.ResponsePermission>;
     deletePermission(name: string): Promise<Client.GeneralResponse>;
+    getBlocklet(attachRuntimeInfo: boolean): Promise<Client.ResponseBlocklet>;
 }
 export = AuthService;

package/lib/service/auth.js

@@ -12,6 +12,7 @@ const mcrypto_1 = require("@ocap/mcrypto");
 const wallet_1 = require("@ocap/wallet");
 const env_1 = require("@blocklet/env");
 const constant_1 = __importDefault(require("@abtnode/constant"));
+const constant_2 = require("@blocklet/constant");
 const check_blocklet_env_1 = __importDefault(require("../util/check-blocklet-env"));
 const version_1 = require("../version");
 const wallet_2 = __importDefault(require("../wallet"));
@@ -100,6 +101,8 @@ class AuthService {
             // disabled in current
             // 'configTrustedPassports',
             // 'configTrustedFactories',
+            // blocklet
+            'getBlocklet',
         ];
         const teamDid = process.env.BLOCKLET_DID;
         const apiFallback = (fn) => (params = {}, ...args) => fn({ input: { ...params, teamDid }, ...args });
@@ -129,6 +132,7 @@ class AuthService {
             updatePermission: (fn) => (name, { description }) => fn({ input: { permission: (0, pickBy_1.default)({ name, description }, isNotNullOrUndefined), teamDid } }),
             deletePermission: (fn) => (name) => fn({ input: { name, teamDid } }),
             hasPermission: (fn) => (role, permission) => fn({ input: { teamDid, role, permission } }),
+            getBlocklet: (fn) => (attachRuntimeInfo = false) => fn({ input: { did: teamDid, attachRuntimeInfo } }),
         };
         apiList.forEach((api) => {
             const fn = client[api];
@@ -159,6 +163,7 @@ class AuthService {
                     user: resData.user,
                     token: resData.nextToken,
                     refreshToken: resData?.nextRefreshToken,
+                    provider: resData?.provider || constant_2.LOGIN_PROVIDER.WALLET,
                 };
             }
             catch (err) {

package/lib/wallet-authenticator.d.ts

@@ -1,5 +1,6 @@
 import { WalletAuthenticator as Authenticator } from '@arcblock/did-auth';
 declare class WalletAuthenticator extends Authenticator {
     constructor(options?: {});
+    private authClient;
 }
 export = WalletAuthenticator;

package/lib/wallet-authenticator.js

@@ -6,6 +6,7 @@ const did_auth_1 = require("@arcblock/did-auth");
 const wallet_1 = __importDefault(require("./wallet"));
 const check_blocklet_env_1 = __importDefault(require("./util/check-blocklet-env"));
 const shared_1 = require("./connect/shared");
+const auth_1 = __importDefault(require("./service/auth"));
 class WalletAuthenticator extends did_auth_1.WalletAuthenticator {
     constructor(options = {}) {
         (0, check_blocklet_env_1.default)();
@@ -13,6 +14,7 @@ class WalletAuthenticator extends did_auth_1.WalletAuthenticator {
             wallet: (0, wallet_1.default)().toJSON(),
             ...(0, shared_1.getAuthenticatorProps)(options),
         });
+        this.authClient = new auth_1.default();
     }
 }
 module.exports = WalletAuthenticator;

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.14-beta-1936d3d0",
+  "version": "1.16.14-beta-dc99d0a2",
   "description": "graphql client to read/write data on abt node",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -26,17 +26,17 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/client": "1.16.14-beta-1936d3d0",
-    "@abtnode/constant": "1.16.14-beta-1936d3d0",
+    "@abtnode/client": "1.16.14-beta-dc99d0a2",
+    "@abtnode/constant": "1.16.14-beta-dc99d0a2",
     "@arcblock/did": "1.18.87",
     "@arcblock/did-auth": "1.18.87",
     "@arcblock/jwt": "1.18.87",
     "@arcblock/ws": "1.18.87",
-    "@blocklet/constant": "1.16.14-beta-1936d3d0",
-    "@blocklet/env": "1.16.14-beta-1936d3d0",
-    "@blocklet/meta": "1.16.14-beta-1936d3d0",
-    "@did-connect/authenticator": "^2.1.59",
-    "@did-connect/handler": "^2.1.59",
+    "@blocklet/constant": "1.16.14-beta-dc99d0a2",
+    "@blocklet/env": "1.16.14-beta-dc99d0a2",
+    "@blocklet/meta": "1.16.14-beta-dc99d0a2",
+    "@did-connect/authenticator": "^2.2.0",
+    "@did-connect/handler": "^2.2.0",
     "@nedb/core": "^2.1.5",
     "@ocap/mcrypto": "1.18.87",
     "@ocap/wallet": "1.18.87",
@@ -73,5 +73,5 @@
     "ts-node": "^10.9.1",
     "typescript": "^5.0.4"
   },
-  "gitHead": "32bcf5b55889ebd7302887eedd306d331e9cd3b8"
+  "gitHead": "a00766d660ede97e2036f3a785f4f5cfb2e6d870"
 }