@blocklet/sdk 1.17.3-beta-20251125-042047-1bcefd39 → 1.17.3-beta-20251126-121502-d0926972
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/middlewares/csrf.d.ts +1 -1
- package/lib/middlewares/csrf.js +21 -3
- package/lib/service/blocklet.d.ts +3 -0
- package/lib/service/blocklet.js +7 -0
- package/package.json +18 -18
|
@@ -16,7 +16,7 @@ export interface CSRFOptions {
|
|
|
16
16
|
* @note: 我们需要意识到 1. csrf token 不会被攻击者从 cookie 中得到 2. csrf token 的校验是需要当前用户的 login token 的,3. csrf token 不应该有过期时间
|
|
17
17
|
* @returns
|
|
18
18
|
*/
|
|
19
|
-
declare function defaultGenerateToken(req: Request): void;
|
|
19
|
+
declare function defaultGenerateToken(req: Request, res: CSRFOptionsResponse): void;
|
|
20
20
|
declare function defaultVerifyToken(req: Request): void;
|
|
21
21
|
export declare function csrf(options?: CSRFOptions): RequestHandler;
|
|
22
22
|
export {};
|
package/lib/middlewares/csrf.js
CHANGED
|
@@ -7,9 +7,11 @@ exports.csrf = csrf;
|
|
|
7
7
|
const isEmpty_1 = __importDefault(require("lodash/isEmpty"));
|
|
8
8
|
const joi_1 = __importDefault(require("joi"));
|
|
9
9
|
const jwt_decode_1 = __importDefault(require("jwt-decode"));
|
|
10
|
+
const debug_1 = __importDefault(require("debug"));
|
|
10
11
|
const csrf_1 = require("../util/csrf");
|
|
11
12
|
const wallet_1 = require("../util/wallet");
|
|
12
13
|
const config_1 = __importDefault(require("../config"));
|
|
14
|
+
const debug = (0, debug_1.default)('@blocklet/sdk:csrf');
|
|
13
15
|
function printCookieParserNotInstalledWarning() {
|
|
14
16
|
config_1.default.logger.warn('cookie-parser middleware is required for the csrf middleware to work properly.');
|
|
15
17
|
}
|
|
@@ -21,10 +23,26 @@ function printCookieParserNotInstalledWarning() {
|
|
|
21
23
|
* @note: 我们需要意识到 1. csrf token 不会被攻击者从 cookie 中得到 2. csrf token 的校验是需要当前用户的 login token 的,3. csrf token 不应该有过期时间
|
|
22
24
|
* @returns
|
|
23
25
|
*/
|
|
24
|
-
function defaultGenerateToken(req) {
|
|
26
|
+
function defaultGenerateToken(req, res) {
|
|
25
27
|
if (!req.cookies) {
|
|
26
28
|
printCookieParserNotInstalledWarning();
|
|
27
29
|
}
|
|
30
|
+
if (req.cookies.login_token) {
|
|
31
|
+
const newCsrfToken = (0, csrf_1.sign)((0, csrf_1.getCsrfSecret)(), req.cookies.login_token);
|
|
32
|
+
const oldCsrfToken = req.cookies['x-csrf-token'];
|
|
33
|
+
if (newCsrfToken !== oldCsrfToken) {
|
|
34
|
+
debug('defaultGenerateToken.createCsrfToken', {
|
|
35
|
+
newCsrfToken,
|
|
36
|
+
oldCsrfToken,
|
|
37
|
+
loginTokenPart: req.cookies.login_token.slice(-32),
|
|
38
|
+
loginTokenDecoded: (0, jwt_decode_1.default)(req.cookies.login_token),
|
|
39
|
+
});
|
|
40
|
+
res.cookie('x-csrf-token', newCsrfToken, {
|
|
41
|
+
sameSite: 'strict',
|
|
42
|
+
secure: true,
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
}
|
|
28
46
|
}
|
|
29
47
|
function defaultVerifyToken(req) {
|
|
30
48
|
if (!req.cookies) {
|
|
@@ -92,10 +110,10 @@ function csrf(options = { generateToken: defaultGenerateToken, verifyToken: defa
|
|
|
92
110
|
else if (shouldVerifyToken(req)) {
|
|
93
111
|
await data.verifyToken(req, res);
|
|
94
112
|
}
|
|
95
|
-
|
|
113
|
+
next();
|
|
96
114
|
}
|
|
97
115
|
catch (err) {
|
|
98
|
-
|
|
116
|
+
res.status(403).send(err.message);
|
|
99
117
|
}
|
|
100
118
|
};
|
|
101
119
|
}
|
|
@@ -96,5 +96,8 @@ interface BlockletService {
|
|
|
96
96
|
migrateOrgResource(params: OmitTeamDid<Client.RequestMigrateOrgResourceInput>): Promise<Client.ResponseOrgResourceOperation>;
|
|
97
97
|
configBlocklet(params: OmitDid<Client.RequestConfigBlockletInput>): Promise<Client.ResponseBlocklet>;
|
|
98
98
|
configNavigations(params: OmitDid<Client.RequestConfigNavigationsInput>): Promise<Client.ResponseBlocklet>;
|
|
99
|
+
addRoutingRule(params: OmitTeamDid<Client.RequestAddRoutingRuleInput>): Promise<Client.ResponseRoutingSite>;
|
|
100
|
+
updateRoutingRule(params: OmitTeamDid<Client.RequestUpdateRoutingRuleInput>): Promise<Client.ResponseRoutingSite>;
|
|
101
|
+
deleteRoutingRule(params: OmitTeamDid<Client.RequestDeleteRoutingRuleInput>): Promise<Client.ResponseRoutingSite>;
|
|
99
102
|
}
|
|
100
103
|
export { BlockletService };
|
package/lib/service/blocklet.js
CHANGED
|
@@ -179,6 +179,10 @@ class BlockletService {
|
|
|
179
179
|
// config
|
|
180
180
|
'configBlocklet',
|
|
181
181
|
'configNavigations',
|
|
182
|
+
// routing
|
|
183
|
+
'addRoutingRule',
|
|
184
|
+
'updateRoutingRule',
|
|
185
|
+
'deleteRoutingRule',
|
|
182
186
|
];
|
|
183
187
|
const teamDid = process.env.BLOCKLET_APP_PID;
|
|
184
188
|
const componentDid = process.env.BLOCKLET_COMPONENT_DID;
|
|
@@ -226,6 +230,9 @@ class BlockletService {
|
|
|
226
230
|
getAccessKey: (fn) => (params) => fn({ input: { ...params, teamDid } }),
|
|
227
231
|
configBlocklet: (fn) => (params) => fn({ input: { ...params, did: [teamDid] } }),
|
|
228
232
|
configNavigations: (fn) => (params) => fn({ input: { ...params, did: teamDid } }),
|
|
233
|
+
addRoutingRule: (fn) => (params) => fn({ input: { ...params, teamDid } }),
|
|
234
|
+
updateRoutingRule: (fn) => (params) => fn({ input: { ...params, teamDid } }),
|
|
235
|
+
deleteRoutingRule: (fn) => (params) => fn({ input: { ...params, teamDid } }),
|
|
229
236
|
};
|
|
230
237
|
apiList.forEach((api) => {
|
|
231
238
|
const fn = client[api];
|
package/package.json
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
"publishConfig": {
|
|
4
4
|
"access": "public"
|
|
5
5
|
},
|
|
6
|
-
"version": "1.17.3-beta-
|
|
6
|
+
"version": "1.17.3-beta-20251126-121502-d0926972",
|
|
7
7
|
"description": "graphql client to read/write data on abt node",
|
|
8
8
|
"homepage": "https://www.arcblock.io/docs/blocklet-sdk-nodejs",
|
|
9
9
|
"main": "lib/index.js",
|
|
@@ -26,26 +26,26 @@
|
|
|
26
26
|
"author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
|
|
27
27
|
"license": "Apache-2.0",
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@abtnode/constant": "1.17.3-beta-
|
|
30
|
-
"@abtnode/db-cache": "1.17.3-beta-
|
|
31
|
-
"@abtnode/util": "1.17.3-beta-
|
|
32
|
-
"@arcblock/did": "^1.27.
|
|
33
|
-
"@arcblock/did-connect-js": "^1.27.
|
|
34
|
-
"@arcblock/did-ext": "^1.27.
|
|
35
|
-
"@arcblock/jwt": "^1.27.
|
|
36
|
-
"@arcblock/ws": "^1.27.
|
|
37
|
-
"@blocklet/constant": "1.17.3-beta-
|
|
38
|
-
"@blocklet/env": "1.17.3-beta-
|
|
29
|
+
"@abtnode/constant": "1.17.3-beta-20251126-121502-d0926972",
|
|
30
|
+
"@abtnode/db-cache": "1.17.3-beta-20251126-121502-d0926972",
|
|
31
|
+
"@abtnode/util": "1.17.3-beta-20251126-121502-d0926972",
|
|
32
|
+
"@arcblock/did": "^1.27.12",
|
|
33
|
+
"@arcblock/did-connect-js": "^1.27.12",
|
|
34
|
+
"@arcblock/did-ext": "^1.27.12",
|
|
35
|
+
"@arcblock/jwt": "^1.27.12",
|
|
36
|
+
"@arcblock/ws": "^1.27.12",
|
|
37
|
+
"@blocklet/constant": "1.17.3-beta-20251126-121502-d0926972",
|
|
38
|
+
"@blocklet/env": "1.17.3-beta-20251126-121502-d0926972",
|
|
39
39
|
"@blocklet/error": "^0.3.3",
|
|
40
|
-
"@blocklet/meta": "1.17.3-beta-
|
|
41
|
-
"@blocklet/server-js": "1.17.3-beta-
|
|
42
|
-
"@blocklet/theme": "^3.2.
|
|
40
|
+
"@blocklet/meta": "1.17.3-beta-20251126-121502-d0926972",
|
|
41
|
+
"@blocklet/server-js": "1.17.3-beta-20251126-121502-d0926972",
|
|
42
|
+
"@blocklet/theme": "^3.2.10",
|
|
43
43
|
"@did-connect/authenticator": "^2.2.8",
|
|
44
44
|
"@did-connect/handler": "^2.2.8",
|
|
45
45
|
"@nedb/core": "^2.1.5",
|
|
46
|
-
"@ocap/mcrypto": "^1.27.
|
|
47
|
-
"@ocap/util": "^1.27.
|
|
48
|
-
"@ocap/wallet": "^1.27.
|
|
46
|
+
"@ocap/mcrypto": "^1.27.12",
|
|
47
|
+
"@ocap/util": "^1.27.12",
|
|
48
|
+
"@ocap/wallet": "^1.27.12",
|
|
49
49
|
"axios": "^1.7.9",
|
|
50
50
|
"debug": "^4.4.1",
|
|
51
51
|
"fs-extra": "^11.2.0",
|
|
@@ -82,5 +82,5 @@
|
|
|
82
82
|
"ts-node": "^10.9.1",
|
|
83
83
|
"typescript": "^5.6.3"
|
|
84
84
|
},
|
|
85
|
-
"gitHead": "
|
|
85
|
+
"gitHead": "7039cacaad2a14a9573371e24e57cbbd6b6525c8"
|
|
86
86
|
}
|