@blocklet/sdk 1.16.43-beta-20250422-042711-c40bec75 → 1.16.43-beta-20250424-125523-08a65a5c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. package/lib/middlewares/auth.d.ts +7 -3
  2. package/lib/middlewares/auth.js +2 -1
  3. package/lib/middlewares/index.d.ts +13 -9
  4. package/lib/middlewares/session.d.ts +1 -0
  5. package/lib/middlewares/session.js +9 -3
  6. package/lib/service/auth.d.ts +4 -0
  7. package/lib/service/auth.js +49 -6
  8. package/lib/util/login.d.ts +3 -1
  9. package/lib/util/login.js +9 -1
  10. package/lib/util/verify-session.d.ts +4 -0
  11. package/lib/util/verify-session.js +26 -0
  12. package/package.json +15 -15
package/lib/middlewares/auth.d.ts CHANGED
@@ -1,4 +1,5 @@
1
1
  import { NextFunction, Request, Response } from 'express';
2
+ import AuthService from '../service/auth';
2
3
  import { SessionUser, AuthMethod, KycMethod } from '../util/login';
3
4
  type AuthOptions = {
4
5
  roles?: string[];
@@ -7,7 +8,10 @@ type AuthOptions = {
7
8
  methods?: AuthMethod[];
8
9
  getClient?: Function;
9
10
  };
10
- declare const AuthMiddleware: ({ roles, permissions, kyc, methods, getClient }?: AuthOptions) => (req: Request & {
11
- user?: SessionUser;
12
- }, res: Response, next: NextFunction) => Promise<void>;
11
+ declare const AuthMiddleware: {
12
+ ({ roles, permissions, kyc, methods, getClient }?: AuthOptions): (req: Request & {
13
+ user?: SessionUser;
14
+ }, res: Response, next: NextFunction) => Promise<void>;
15
+ getServiceClient: () => AuthService;
16
+ };
13
17
  export = AuthMiddleware;
package/lib/middlewares/auth.js CHANGED
@@ -5,7 +5,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
5
5
  const lru_cache_1 = require("lru-cache");
6
6
  const auth_1 = __importDefault(require("../service/auth"));
7
7
  const login_1 = require("../util/login");
8
- const cache = new lru_cache_1.LRUCache({ max: 10, ttl: 60 * 1000 });
9
8
  const clients = {};
10
9
  const getServiceClient = () => {
11
10
  const appId = process.env.BLOCKLET_APP_ID;
@@ -14,6 +13,7 @@ const getServiceClient = () => {
14
13
  }
15
14
  return clients[appId];
16
15
  };
16
+ const cache = new lru_cache_1.LRUCache({ max: 10, ttl: 60 * 1000 });
17
17
  const getPermissionsByRole = async (getClient, role) => {
18
18
  if (!role) {
19
19
  return [];
@@ -75,4 +75,5 @@ const AuthMiddleware = ({ roles, permissions, kyc, methods, getClient = getServi
75
75
  next();
76
76
  };
77
77
  };
78
+ AuthMiddleware.getServiceClient = getServiceClient;
78
79
  module.exports = AuthMiddleware;
package/lib/middlewares/index.d.ts CHANGED
@@ -10,15 +10,18 @@ declare const _default: {
10
10
  user: () => (req: import("express").Request & {
11
11
  user?: import("../util/login").SessionUser;
12
12
  }, res: import("express").Response, next: import("express").NextFunction) => void;
13
- auth: ({ roles, permissions, kyc, methods, getClient }?: {
14
- roles?: string[];
15
- permissions?: string[];
16
- kyc?: import("../util/login").KycMethod[];
17
- methods?: import("../util/login").AuthMethod[];
18
- getClient?: Function;
19
- }) => (req: import("express").Request & {
20
- user?: import("../util/login").SessionUser;
21
- }, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;
13
+ auth: {
14
+ ({ roles, permissions, kyc, methods, getClient }?: {
15
+ roles?: string[];
16
+ permissions?: string[];
17
+ kyc?: import("../util/login").KycMethod[];
18
+ methods?: import("../util/login").AuthMethod[];
19
+ getClient?: Function;
20
+ }): (req: import("express").Request & {
21
+ user?: import("../util/login").SessionUser;
22
+ }, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;
23
+ getServiceClient: () => import("..").AuthService;
24
+ };
22
25
  component: {
23
26
  verifySig: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => Promise<void | import("express").Response<any, Record<string, any>>>;
24
27
  };
@@ -79,6 +82,7 @@ declare const _default: {
79
82
  loginToken?: boolean;
80
83
  componentCall?: boolean;
81
84
  signedToken?: boolean;
85
+ accessKey?: boolean;
82
86
  }) => (req: import("express").Request & {
83
87
  user?: import("../util/login").SessionUser;
84
88
  }, res: import("express").Response, next: import("express").NextFunction) => Promise<void>;
package/lib/middlewares/session.d.ts CHANGED
@@ -5,6 +5,7 @@ type SessionOptions = {
5
5
  loginToken?: boolean;
6
6
  componentCall?: boolean;
7
7
  signedToken?: boolean;
8
+ accessKey?: boolean;
8
9
  };
9
10
  declare const sessionMiddleware: (options?: SessionOptions) => (req: Request & {
10
11
  user?: SessionUser;
package/lib/middlewares/session.js CHANGED
@@ -1,13 +1,14 @@
1
1
  "use strict";
2
2
  const get_token_from_req_1 = require("@abtnode/util/lib/get-token-from-req");
3
+ const login_1 = require("../util/login");
3
4
  const verify_session_1 = require("../util/verify-session");
4
5
  const sessionMiddleware = (options = {}) => {
5
- const { loginToken = true, componentCall = false, signedToken = '', strictMode = false } = options;
6
+ const { loginToken = true, componentCall = false, signedToken = '', strictMode = false, accessKey = false } = options;
6
7
  return async (req, res, next) => {
7
8
  let result = null;
8
9
  try {
9
10
  // authenticate by login token
10
- if (loginToken) {
11
+ if (loginToken || accessKey) {
11
12
  const { _duplicate, token: loginTokenValue } = await (0, get_token_from_req_1.getTokenFromReq)(req, {
12
13
  cookie: {
13
14
  key: 'login_token',
@@ -17,7 +18,12 @@ const sessionMiddleware = (options = {}) => {
17
18
  res.status(400).send('Access token found in multiple locations');
18
19
  return;
19
20
  }
20
- result = await (0, verify_session_1.verifyLoginToken)({ token: loginTokenValue, strictMode });
21
+ if ((0, login_1.isLoginToken)(loginTokenValue)) {
22
+ result = await (0, verify_session_1.verifyLoginToken)({ token: loginTokenValue, strictMode });
23
+ }
24
+ if ((0, login_1.isAccessKey)(loginTokenValue) && accessKey) {
25
+ result = await (0, verify_session_1.verifyAccessKey)({ token: loginTokenValue, strictMode });
26
+ }
21
27
  }
22
28
  // authenticate by component call
23
29
  if (!result && componentCall) {
package/lib/service/auth.d.ts CHANGED
@@ -69,5 +69,9 @@ interface AuthService {
69
69
  getVault(): Promise<string>;
70
70
  updateUserAddress(args: OmitTeamDid<Client.RequestUpdateUserAddressInput>, options: RequestHeaders): Promise<Client.ResponseUser>;
71
71
  updateUserInfo(userInfo: ABTNodeClient.UserInfoInput, options: RequestHeaders): Promise<Client.ResponseUser>;
72
+ createAccessKey(params: OmitTeamDid<Client.RequestCreateAccessKeyInput>): Promise<Client.ResponseCreateAccessKey>;
73
+ verifyAccessKey(params: OmitTeamDid<Client.RequestVerifyAccessKeyInput>): Promise<Client.ResponseAccessKey>;
74
+ getAccessKeys(params: OmitTeamDid<Client.RequestAccessKeysInput>): Promise<Client.ResponseAccessKeys>;
75
+ getAccessKey(params: OmitTeamDid<Client.RequestAccessKeyInput>): Promise<Client.ResponseAccessKey>;
72
76
  }
73
77
  export = AuthService;
package/lib/service/auth.js CHANGED
@@ -1,4 +1,37 @@
1
1
  "use strict";
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
7
+ }
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
14
+ Object.defineProperty(o, "default", { enumerable: true, value: v });
15
+ }) : function(o, v) {
16
+ o["default"] = v;
17
+ });
18
+ var __importStar = (this && this.__importStar) || (function () {
19
+ var ownKeys = function(o) {
20
+ ownKeys = Object.getOwnPropertyNames || function (o) {
21
+ var ar = [];
22
+ for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
23
+ return ar;
24
+ };
25
+ return ownKeys(o);
26
+ };
27
+ return function (mod) {
28
+ if (mod && mod.__esModule) return mod;
29
+ var result = {};
30
+ if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
31
+ __setModuleDefault(result, mod);
32
+ return result;
33
+ };
34
+ })();
2
35
  var __importDefault = (this && this.__importDefault) || function (mod) {
3
36
  return (mod && mod.__esModule) ? mod : { "default": mod };
4
37
  };
@@ -8,7 +41,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
8
41
  const pickBy_1 = __importDefault(require("lodash/pickBy"));
9
42
  const ufo_1 = require("ufo");
10
43
  const client_1 = __importDefault(require("@abtnode/client"));
11
- const constant_1 = __importDefault(require("@abtnode/constant"));
44
+ const constant_1 = __importStar(require("@abtnode/constant"));
12
45
  const util_1 = require("@ocap/util");
13
46
  const constant_2 = require("@blocklet/constant");
14
47
  const util_2 = require("@blocklet/meta/lib/util");
@@ -122,8 +155,10 @@ class AuthService {
122
155
  'createAccessKey',
123
156
  'verifyAccessKey',
124
157
  'getAccessKeys',
158
+ 'getAccessKey',
125
159
  ];
126
160
  const teamDid = process.env.BLOCKLET_DID;
161
+ const componentDid = process.env.BLOCKLET_COMPONENT_DID;
127
162
  const apiFallback = (fn) => (params = {}, ...args) => fn({ input: { ...params, teamDid }, ...args });
128
163
  // const apiConvertDid = (fn: Function) => (did: string) => fn({ input: { user: { did }, teamDid } });
129
164
  const apiFnMap = {
@@ -153,9 +188,19 @@ class AuthService {
153
188
  deletePermission: (fn) => (name) => fn({ input: { name, teamDid } }),
154
189
  hasPermission: (fn) => (role, permission) => fn({ input: { teamDid, role, permission } }),
155
190
  getBlocklet: (fn) => (attachRuntimeInfo = false) => fn({ input: { did: teamDid, attachRuntimeInfo } }, { ignoreFields: ['blocklet.settings.navigations'] }),
156
- createAccessKey: (fn) => (params) => fn({ input: { teamDid, authType: 'simple', createdVia: 'sdk', passport: 'guest', ...params } }),
191
+ createAccessKey: (fn) => (params) => fn({
192
+ input: {
193
+ teamDid,
194
+ authType: 'simple',
195
+ createdVia: 'sdk',
196
+ passport: constant_1.SERVER_ROLES.GUEST,
197
+ ...params,
198
+ componentDid,
199
+ },
200
+ }),
157
201
  verifyAccessKey: (fn) => (params) => fn({ input: { teamDid, ...params } }),
158
- getAccessKeys: (fn) => (params) => fn({ input: { teamDid, ...params } }),
202
+ getAccessKeys: (fn) => (params) => fn({ input: { teamDid, ...params, componentDid } }),
203
+ getAccessKey: (fn) => (params) => fn({ input: { teamDid, ...params } }),
159
204
  };
160
205
  apiList.forEach((api) => {
161
206
  const fn = client[api];
@@ -176,9 +221,7 @@ class AuthService {
176
221
  };
177
222
  this.refreshSession = async (data) => {
178
223
  try {
179
- const { data: resData } = await service_api_1.default.post('/api/did/refreshSession', {
180
- refresh_token: data.refreshToken,
181
- });
224
+ const { data: resData } = await service_api_1.default.post('/api/did/refreshSession', {}, { headers: { Authorization: `Bearer ${data.refreshToken}` } });
182
225
  if (resData?.user) {
183
226
  fixAvatar(resData.user);
184
227
  }
package/lib/util/login.d.ts CHANGED
@@ -7,7 +7,7 @@ export declare const decodeKycStatus: (status: number) => {
7
7
  phoneVerified: boolean;
8
8
  };
9
9
  export type KycMethod = LiteralUnion<'email' | 'phone', string>;
10
- export type AuthMethod = LiteralUnion<'loginToken' | 'componentCall' | 'signedToken', string>;
10
+ export type AuthMethod = LiteralUnion<'loginToken' | 'componentCall' | 'signedToken' | 'accessKey', string>;
11
11
  export type SessionUser = {
12
12
  did: string;
13
13
  role: string | undefined;
@@ -20,3 +20,5 @@ export type SessionUser = {
20
20
  kyc?: number;
21
21
  [key: string]: any;
22
22
  };
23
+ export declare const isLoginToken: (token: string) => boolean;
24
+ export declare const isAccessKey: (token: string) => boolean;
package/lib/util/login.js CHANGED
@@ -1,6 +1,6 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.decodeKycStatus = exports.encodeKycStatus = void 0;
3
+ exports.isAccessKey = exports.isLoginToken = exports.decodeKycStatus = exports.encodeKycStatus = void 0;
4
4
  exports.getLoginProvider = getLoginProvider;
5
5
  exports.getSourceAppPid = getSourceAppPid;
6
6
  /* eslint-disable import/prefer-default-export */
@@ -31,3 +31,11 @@ const decodeKycStatus = (status) => {
31
31
  };
32
32
  };
33
33
  exports.decodeKycStatus = decodeKycStatus;
34
+ const isLoginToken = (token) => {
35
+ return typeof token === 'string' && token.split('.').length === 3;
36
+ };
37
+ exports.isLoginToken = isLoginToken;
38
+ const isAccessKey = (token) => {
39
+ return typeof token === 'string' && token.split('.').length === 1 && token.startsWith('blocklet-');
40
+ };
41
+ exports.isAccessKey = isAccessKey;
package/lib/util/verify-session.d.ts CHANGED
@@ -4,6 +4,10 @@ export declare function verifyLoginToken({ token, strictMode }: {
4
4
  token: any;
5
5
  strictMode: any;
6
6
  }): Promise<SessionUser | null>;
7
+ export declare function verifyAccessKey({ token, strictMode }: {
8
+ token: any;
9
+ strictMode: any;
10
+ }): Promise<SessionUser | null>;
7
11
  export declare function verifyComponentCall({ req, strictMode }: {
8
12
  req: any;
9
13
  strictMode: any;
package/lib/util/verify-session.js CHANGED
@@ -5,6 +5,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
6
  exports.getSessionSecret = void 0;
7
7
  exports.verifyLoginToken = verifyLoginToken;
8
+ exports.verifyAccessKey = verifyAccessKey;
8
9
  exports.verifyComponentCall = verifyComponentCall;
9
10
  exports.verifySignedToken = verifySignedToken;
10
11
  const constant_1 = require("@blocklet/constant");
@@ -12,6 +13,7 @@ const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
12
13
  const mcrypto_1 = require("@ocap/mcrypto");
13
14
  const jwt_1 = require("@arcblock/jwt");
14
15
  const wallet_1 = __importDefault(require("../wallet"));
16
+ const auth_1 = __importDefault(require("../middlewares/auth"));
15
17
  const login_1 = require("./login");
16
18
  const config_1 = require("../config");
17
19
  const verify_sign_1 = require("./verify-sign");
@@ -46,6 +48,30 @@ function verifyLoginToken({ token, strictMode }) {
46
48
  });
47
49
  });
48
50
  }
51
+ async function verifyAccessKey({ token, strictMode }) {
52
+ if (!token)
53
+ return null;
54
+ try {
55
+ const client = auth_1.default.getServiceClient();
56
+ const result = await client.verifyAccessKey({ accessKeyId: token });
57
+ const { createdBy, accessKeyId, passport = 'guest', remark = '' } = result.data;
58
+ return {
59
+ did: createdBy,
60
+ role: passport.replace('blocklet-', ''),
61
+ fullName: remark || accessKeyId,
62
+ provider: 'accessKey',
63
+ walletOS: 'embed',
64
+ method: 'accessKey',
65
+ };
66
+ }
67
+ catch (err) {
68
+ console.error('verifyAccessKey', err);
69
+ if (strictMode) {
70
+ throw new Error('Unauthorized: Invalid access key');
71
+ }
72
+ return null;
73
+ }
74
+ }
49
75
  async function verifyComponentCall({ req, strictMode }) {
50
76
  const { sig, data } = (0, verify_sign_1.getVerifyData)(req);
51
77
  if (!sig)
package/package.json CHANGED
@@ -3,7 +3,7 @@
3
3
  "publishConfig": {
4
4
  "access": "public"
5
5
  },
6
- "version": "1.16.43-beta-20250422-042711-c40bec75",
6
+ "version": "1.16.43-beta-20250424-125523-08a65a5c",
7
7
  "description": "graphql client to read/write data on abt node",
8
8
  "main": "lib/index.js",
9
9
  "typings": "lib/index.d.ts",
@@ -27,23 +27,23 @@
27
27
  "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
28
28
  "license": "Apache-2.0",
29
29
  "dependencies": {
30
- "@abtnode/client": "1.16.43-beta-20250422-042711-c40bec75",
31
- "@abtnode/constant": "1.16.43-beta-20250422-042711-c40bec75",
32
- "@abtnode/util": "1.16.43-beta-20250422-042711-c40bec75",
33
- "@arcblock/did": "1.20.1",
34
- "@arcblock/did-auth": "1.20.1",
35
- "@arcblock/jwt": "1.20.1",
36
- "@arcblock/ws": "1.20.1",
37
- "@blocklet/constant": "1.16.43-beta-20250422-042711-c40bec75",
38
- "@blocklet/env": "1.16.43-beta-20250422-042711-c40bec75",
30
+ "@abtnode/client": "1.16.43-beta-20250424-125523-08a65a5c",
31
+ "@abtnode/constant": "1.16.43-beta-20250424-125523-08a65a5c",
32
+ "@abtnode/util": "1.16.43-beta-20250424-125523-08a65a5c",
33
+ "@arcblock/did": "1.20.2",
34
+ "@arcblock/did-auth": "1.20.2",
35
+ "@arcblock/jwt": "1.20.2",
36
+ "@arcblock/ws": "1.20.2",
37
+ "@blocklet/constant": "1.16.43-beta-20250424-125523-08a65a5c",
38
+ "@blocklet/env": "1.16.43-beta-20250424-125523-08a65a5c",
39
39
  "@blocklet/error": "^0.2.4",
40
- "@blocklet/meta": "1.16.43-beta-20250422-042711-c40bec75",
40
+ "@blocklet/meta": "1.16.43-beta-20250424-125523-08a65a5c",
41
41
  "@did-connect/authenticator": "^2.2.7",
42
42
  "@did-connect/handler": "^2.2.7",
43
43
  "@nedb/core": "^2.1.5",
44
- "@ocap/mcrypto": "1.20.1",
45
- "@ocap/util": "1.20.1",
46
- "@ocap/wallet": "1.20.1",
44
+ "@ocap/mcrypto": "1.20.2",
45
+ "@ocap/util": "1.20.2",
46
+ "@ocap/wallet": "1.20.2",
47
47
  "axios": "^1.7.9",
48
48
  "cheerio": "1.0.0-rc.12",
49
49
  "debug": "^4.3.7",
@@ -83,5 +83,5 @@
83
83
  "ts-node": "^10.9.1",
84
84
  "typescript": "^5.6.3"
85
85
  },
86
- "gitHead": "836a400c1f953f421a8e95dc9a32ba883ac2586d"
86
+ "gitHead": "499de9f28770298a819122ba16a7f2b3cc78c7ee"
87
87
  }