npm - @blocklet/sdk - Versions diffs - 1.16.33-beta-20241111-162739-f5906773 → 1.16.33-beta-20241112-095006-c0bb4e6b - Mend

@blocklet/sdk 1.16.33-beta-20241111-162739-f5906773 → 1.16.33-beta-20241112-095006-c0bb4e6b

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/lib/middlewares/index.d.ts +1 -1
package/lib/middlewares/session.d.ts +1 -1
package/lib/middlewares/session.js +22 -85
package/lib/util/verify-session.d.ts +13 -0
package/lib/util/verify-session.js +85 -0
package/lib/wallet.js +14 -1
package/package.json +7 -7

package/lib/middlewares/index.d.ts CHANGED Viewed

@@ -73,6 +73,6 @@ declare const _default: {
         signedToken?: boolean;
     }) => (req: import("express").Request & {
         user?: import("../util/login").SessionUser;
-    }, res: import("express").Response, next: import("express").NextFunction) => void | import("express").Response<any, Record<string, any>>;
+    }, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;
 };
 export default _default;

package/lib/middlewares/session.d.ts CHANGED Viewed

@@ -8,5 +8,5 @@ type SessionOptions = {
 };
 declare const sessionMiddleware: (options?: SessionOptions) => (req: Request & {
     user?: SessionUser;
-}, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+}, res: Response, next: NextFunction) => Promise<void>;
 export = sessionMiddleware;

package/lib/middlewares/session.js CHANGED Viewed

@@ -1,95 +1,32 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-const constant_1 = require("@blocklet/constant");
-const mcrypto_1 = require("@ocap/mcrypto");
-const jwt_1 = require("@arcblock/jwt");
-const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
-const login_1 = require("../util/login");
-const verify_sign_1 = require("../util/verify-sign");
-const wallet_1 = __importDefault(require("../wallet"));
+const verify_session_1 = require("../util/verify-session");
 const sessionMiddleware = (options = {}) => {
-    const wallet = (0, wallet_1.default)();
-    const secret = mcrypto_1.Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address].map((v) => Buffer.from(v))));
     const { loginToken = true, componentCall = false, signedToken = '', strictMode = false } = options;
-    return (req, res, next) => {
-        // authenticate by login token
-        if (loginToken) {
-            const token = req.cookies.login_token;
-            if (token) {
-                return jsonwebtoken_1.default.verify(token, secret, (err, decoded) => {
-                    if (err) {
-                        if (strictMode) {
-                            res.status(401).json({ message: 'Unauthorized: Invalid login token' });
-                        }
-                        else {
-                            next();
-                        }
-                    }
-                    else {
-                        const { did, role, fullName, provider = constant_1.LOGIN_PROVIDER.WALLET, walletOS, kyc = 0 } = decoded;
-                        req.user = {
-                            did,
-                            role,
-                            fullName,
-                            provider,
-                            walletOS,
-                            ...(0, login_1.decodeKycStatus)(Number(kyc) || 0),
-                            method: 'loginToken',
-                        };
-                        next();
-                    }
-                });
+    return async (req, res, next) => {
+        let result = null;
+        try {
+            // authenticate by login token
+            if (loginToken) {
+                result = await (0, verify_session_1.verifyLoginToken)({ token: req.cookies.login_token, strictMode });
             }
-        }
-        // authenticate by component call
-        if (componentCall) {
-            const { sig, data } = (0, verify_sign_1.getVerifyData)(req);
-            if (sig) {
-                if ((0, verify_sign_1.verify)(data, sig) === false) {
-                    if (strictMode) {
-                        return res.status(401).json({ error: 'Unauthorized: Invalid signature' });
-                    }
-                    return next();
-                }
-                req.user = {
-                    did: req.get('x-component-did'),
-                    role: 'component',
-                    provider: 'wallet',
-                    fullName: req.get('x-component-did'),
-                    walletOS: 'embed',
-                    emailVerified: false,
-                    phoneVerified: false,
-                    method: 'componentCall',
-                };
-                return next();
+            // authenticate by component call
+            if (!result && componentCall) {
+                result = (0, verify_session_1.verifyComponentCall)({ req, strictMode });
             }
-        }
-        // authenticate by signed tmp token: which expires in 5 minutes
-        if (signedToken) {
-            const token = req.query.__jwt || '';
-            if (token) {
-                if ((0, jwt_1.verify)(token, secret) === false) {
-                    if (strictMode) {
-                        return res.status(401).json({ error: 'Unauthorized: Invalid signed token' });
-                    }
-                    return next();
-                }
-                req.user = {
-                    did: wallet.address,
-                    role: 'component',
-                    provider: 'wallet',
-                    fullName: wallet.address,
-                    walletOS: 'embed',
-                    emailVerified: false,
-                    phoneVerified: false,
-                    method: 'signedToken',
-                };
-                return next();
+            // authenticate by signed tmp token: which expires in 5 minutes
+            if (!result && signedToken) {
+                const token = req.query.__jwt || '';
+                result = (0, verify_session_1.verifySignedToken)({ token, strictMode });
             }
         }
-        return next();
+        catch (err) {
+            res.status(401).json({ error: err.message });
+            return;
+        }
+        if (result) {
+            req.user = result;
+        }
+        next();
     };
 };
 module.exports = sessionMiddleware;

package/lib/util/verify-session.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import { SessionUser } from './login';
+export declare function verifyLoginToken({ token, strictMode }: {
+    token: any;
+    strictMode: any;
+}): Promise<SessionUser | null>;
+export declare function verifyComponentCall({ req, strictMode }: {
+    req: any;
+    strictMode: any;
+}): SessionUser | null;
+export declare function verifySignedToken({ token, strictMode }: {
+    token: any;
+    strictMode: any;
+}): SessionUser | null;

package/lib/util/verify-session.js ADDED Viewed

@@ -0,0 +1,85 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyLoginToken = verifyLoginToken;
+exports.verifyComponentCall = verifyComponentCall;
+exports.verifySignedToken = verifySignedToken;
+const constant_1 = require("@blocklet/constant");
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const mcrypto_1 = require("@ocap/mcrypto");
+const jwt_1 = require("@arcblock/jwt");
+const login_1 = require("./login");
+const wallet_1 = __importDefault(require("../wallet"));
+const verify_sign_1 = require("./verify-sign");
+function verifyLoginToken({ token, strictMode }) {
+    if (!token)
+        return null;
+    const wallet = (0, wallet_1.default)();
+    const secret = mcrypto_1.Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address].map((v) => Buffer.from(v))));
+    return new Promise((resolve, reject) => {
+        jsonwebtoken_1.default.verify(token, secret, (err, decoded) => {
+            if (err) {
+                if (strictMode) {
+                    reject(new Error('Unauthorized: Invalid login token'));
+                }
+                resolve(null);
+                return;
+            }
+            const { did, role, fullName, provider = constant_1.LOGIN_PROVIDER.WALLET, walletOS, kyc = 0 } = decoded;
+            resolve({
+                did,
+                role,
+                fullName,
+                provider,
+                walletOS,
+                ...(0, login_1.decodeKycStatus)(Number(kyc) || 0),
+                method: 'loginToken',
+            });
+        });
+    });
+}
+function verifyComponentCall({ req, strictMode }) {
+    const { sig, data } = (0, verify_sign_1.getVerifyData)(req);
+    if (!sig)
+        return null;
+    if ((0, verify_sign_1.verify)(data, sig) === false) {
+        if (strictMode) {
+            throw new Error('Unauthorized: Invalid signature');
+        }
+        return null;
+    }
+    return {
+        did: req.get('x-component-did'),
+        role: 'component',
+        provider: 'wallet',
+        fullName: req.get('x-component-did'),
+        walletOS: 'embed',
+        emailVerified: false,
+        phoneVerified: false,
+        method: 'componentCall',
+    };
+}
+function verifySignedToken({ token, strictMode }) {
+    if (!token)
+        return null;
+    const wallet = (0, wallet_1.default)();
+    const secret = mcrypto_1.Hasher.SHA3.hash256(Buffer.concat([wallet.secretKey, wallet.address].map((v) => Buffer.from(v))));
+    if ((0, jwt_1.verify)(token, secret) === false) {
+        if (strictMode) {
+            throw new Error('Unauthorized: Invalid signed token');
+        }
+        return null;
+    }
+    return {
+        did: wallet.address,
+        role: 'component',
+        provider: 'wallet',
+        fullName: wallet.address,
+        walletOS: 'embed',
+        emailVerified: false,
+        phoneVerified: false,
+        method: 'signedToken',
+    };
+}

package/lib/wallet.js CHANGED Viewed

@@ -1,7 +1,14 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 const wallet_1 = require("@ocap/wallet");
 const mcrypto_1 = require("@ocap/mcrypto");
 const did_1 = require("@arcblock/did");
+const lru_cache_1 = __importDefault(require("lru-cache"));
+// NOTICE: 1 个应用的 sdk 运行时最多 4 个钱包
+// 此处 cache 只是优化性能的手段，即使 miss 也不会造成任何错误，最终决定设置 size 为 4
+const cacheWallet = new lru_cache_1.default({ max: 4, maxAge: 60 * 1000 });
 /**
  * @param {string} [type=process.env.CHAIN_TYPE] can only be 'eth|ethereum' or 'default|arcblock'
  * @param {string} [appSk=process.env.BLOCKLET_APP_SK] must be hex
@@ -13,6 +20,10 @@ const getWallet = (type, appSk = process.env.BLOCKLET_APP_SK) => {
     // BLOCKLET_WALLET_TYPE is for backward compatibility
     // eslint-disable-next-line no-param-reassign
     type = type || process.env.CHAIN_TYPE || process.env.BLOCKLET_WALLET_TYPE;
+    const cacheKey = [type, appSk].join('_');
+    const cache = cacheWallet.get(cacheKey);
+    if (cache)
+        return cache;
     if ((0, did_1.isEthereumType)((0, did_1.DidType)(type))) {
         sk = appSk.slice(0, 66);
         t = (0, wallet_1.WalletType)(type);
@@ -21,7 +32,9 @@ const getWallet = (type, appSk = process.env.BLOCKLET_APP_SK) => {
         sk = appSk;
         t = (0, wallet_1.WalletType)({ role: mcrypto_1.types.RoleType.ROLE_APPLICATION, pk: mcrypto_1.types.KeyType.ED25519, hash: mcrypto_1.types.HashType.SHA3 });
     }
-    return (0, wallet_1.fromSecretKey)(sk, t);
+    const currentWallet = (0, wallet_1.fromSecretKey)(sk, t);
+    cacheWallet.set(cacheKey, currentWallet);
+    return currentWallet;
 };
 // BLOCKLET_WALLET_TYPE is for backward compatibility
 const getPermanentWallet = () => getWallet(process.env.CHAIN_TYPE || process.env.BLOCKLET_WALLET_TYPE, process.env.BLOCKLET_APP_PSK);

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.16.33-beta-20241111-162739-f5906773",
+  "version": "1.16.33-beta-20241112-095006-c0bb4e6b",
   "description": "graphql client to read/write data on abt node",
   "main": "lib/index.js",
   "typings": "lib/index.d.ts",
@@ -27,15 +27,15 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "Apache-2.0",
   "dependencies": {
-    "@abtnode/client": "1.16.33-beta-20241111-162739-f5906773",
-    "@abtnode/constant": "1.16.33-beta-20241111-162739-f5906773",
+    "@abtnode/client": "1.16.33-beta-20241112-095006-c0bb4e6b",
+    "@abtnode/constant": "1.16.33-beta-20241112-095006-c0bb4e6b",
     "@arcblock/did": "1.18.139",
     "@arcblock/did-auth": "1.18.139",
     "@arcblock/jwt": "1.18.139",
     "@arcblock/ws": "1.18.139",
-    "@blocklet/constant": "1.16.33-beta-20241111-162739-f5906773",
-    "@blocklet/env": "1.16.33-beta-20241111-162739-f5906773",
-    "@blocklet/meta": "1.16.33-beta-20241111-162739-f5906773",
+    "@blocklet/constant": "1.16.33-beta-20241112-095006-c0bb4e6b",
+    "@blocklet/env": "1.16.33-beta-20241112-095006-c0bb4e6b",
+    "@blocklet/meta": "1.16.33-beta-20241112-095006-c0bb4e6b",
     "@did-connect/authenticator": "^2.2.4",
     "@did-connect/handler": "^2.2.4",
     "@nedb/core": "^2.1.5",
@@ -79,5 +79,5 @@
     "ts-node": "^10.9.1",
     "typescript": "^5.6.3"
   },
-  "gitHead": "de1be92a37cd504e82b3d963b5b4d5302ecbb887"
+  "gitHead": "60cc6bf9891c7b3995b312841c41562e1a360f21"
 }