npm - @blocklet/sdk - Versions diffs - 1.6.12 → 1.6.16 - Mend

@blocklet/sdk 1.6.12 → 1.6.16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/README.md +137 -8
package/lib/env.js +9 -0
package/lib/index.js +6 -0
package/lib/middlewares/auth.js +54 -0
package/lib/middlewares/index.js +7 -0
package/lib/middlewares/user.js +11 -0
package/lib/util/send-notification.js +7 -1
package/lib/validators/notification.js +9 -1
package/lib/wallet-authenticator.js +2 -8
package/lib/wallet.js +11 -0
package/package.json +10 -9

package/README.md CHANGED Viewed

@@ -34,31 +34,99 @@ const { user } = await client.getUser(userDid);
 Get user by user did
-- **did** `string`
+- _@param_ **did** `string`
+- _@return_ `{ code, user }`
 #### client.getUsers()
 Get all users of the team
-#### client.updateUserRole(did, role)
-- **did** `string`
-- **role** `string`
+- _@return_ `{ code, users }`
 #### client.getPermissionsByRole(role)
 Get all permissions of a role
-- **role** `string`
+- _@param_ **role** `string`
+- _@return_ `{ code, permissions }`
 #### client.getRoles()
 Get all roles of the team
+- _@return_ `{ code, roles }`
+#### client.createRole({ name, title, description })
+- _@param_ **name** `string` the key of the role, should be unique
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+#### client.updateRole(name, { title, description })
+- _@param_ **name** `string` the key of the role
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+#### client.deleteRole(name, { title, description })
+- _@param_ **name** `string` the key of the role
+- _@return_ `{ code }`
+#### client.grantPermissionForRole(role, permission)
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code }`
+#### client.revokePermissionFromRole(role, permission)
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code }`
+#### client.updatePermissionsForRole(role, permissions)
+Full update permissions of a role
+- _@param_ **role** `string` the name of the role
+- _@param_ **permissions** `array<string>` name of the permissions
+- _@return_ `{ code, role }`
+#### client.hasPermission(role, permission)
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code, result }`
+  - **result** `boolean`
 #### client.getPermissions()
 Get all permissions of the team
+- _@return_ `{ code, permissions }`
+#### client.createPermission({ name, title, description })
+- _@param_ **name** `Permission` the key of the permission, should be unique
+  - format: `<action>_<resource>`. e.g. `query_article`, `mutate_user`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+#### client.updatePermission(name, { title, description })
+- _@param_ **name** `string` the key of the role
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code }`
+#### client.deletePermission(name, { title, description })
+- _@param_ **name** `string` the key of the permission
+- _@return_ `{ code }`
 ## Notification SDK
 ### Usage
@@ -116,7 +184,7 @@ Send notification to an account
         - **type** `string`
         - **message** `string`
       - _type: asset_
-        - **did** `string` did
+        - **did** `string`
         - **chainHost** `string` uri
       - _type: vc_
         - **credential** `object`
@@ -125,7 +193,7 @@ Send notification to an account
         - **address** `string` did
         - **amount** `string`
         - **symbol** `string`
-        - **senderDid** `string` did
+        - **senderDid** `string`
         - **chainHost** `string`
         - **decimal** `integer`
   - **notification.actions** `array<object>`
@@ -200,3 +268,64 @@ const { Database } = require('@blocklet/sdk');
   const data2Extra = await db2.extraFn();
 })();
 ```
+## getWallet
+### Usage
+```javascript
+const { getWallet } = require('@blocklet/sdk');
+// wallet is an instance of @ocap/wallet const { wallet } = env;
+const wallet = getWallet();
+const { address, secretKey, publicKey } = wallet;
+```
+## env
+### Usage
+```javascript
+const { env } = require('@blocklet/sdk');
+const { appId, appName, appDescription, appUrl, isComponent, dataDir, cacheDir } = env;
+```
+## middlewares
+### Usage
+```javascript
+const express = require('express');
+const { middlewares } = require('@blocklet/sdk');
+const app = express();
+app.get('/', middlewares.user(), (req, res) => {
+  const { did, fullName, role } = req.user;
+});
+app.get('/auth1', middlewares.auth(), (req, res) => {
+  // will return 401 if user is not connected
+});
+app.get('/auth2', middlewares.auth({ roles: ['admin', 'owner'] }), (req, res) => {
+  // will return 401 if user is not connected
+  // will return 403 if user role is neither owner nor admin
+});
+app.get('/auth2', middlewares.auth({ permissions: ['mutate_data', 'query_data'] }), (req, res) => {
+  // will return 401 if user is not connected
+  // will return 403 if neither 'mutate_data' nor 'query data' in user permissions
+});
+app.get(
+  '/auth3',
+  middlewares.auth({ roles: ['admin', 'owner'], permissions: ['mutate_data', 'query_data'] }),
+  (req, res) => {
+    // will return 401 if user is not connected
+    // will return 403 if user role is neither owner nor admin
+    // will return 403 if neither 'mutate_data' nor 'query data' in user permissions
+  }
+);
+```

package/lib/env.js ADDED Viewed

@@ -0,0 +1,9 @@
+module.exports = {
+  appId: process.env.BLOCKLET_APP_ID,
+  appName: process.env.BLOCKLET_APP_NAME,
+  appDescription: process.env.BLOCKLET_APP_DESCRIPTION,
+  appUrl: process.env.BLOCKLET_APP_URL,
+  isComponent: process.env.BLOCKLET_DID !== process.env.BLOCKLET_REAL_DID,
+  dataDir: process.env.BLOCKLET_DATA_DIR,
+  cacheDir: process.env.BLOCKLET_CACHE_DIR,
+};

package/lib/index.js CHANGED Viewed

@@ -3,6 +3,9 @@ const NotificationService = require('./service/notification');
 const WalletAuthenticator = require('./wallet-authenticator');
 const WalletHandlers = require('./wallet-handler');
 const Database = require('./database');
+const env = require('./env');
+const middlewares = require('./middlewares');
+const getWallet = require('./wallet');
 module.exports = {
   AuthService,
@@ -10,4 +13,7 @@ module.exports = {
   WalletHandlers,
   WalletAuthenticator,
   Database,
+  getWallet,
+  env,
+  middlewares,
 };

package/lib/middlewares/auth.js ADDED Viewed

@@ -0,0 +1,54 @@
+const LRU = require('lru-cache');
+const AuthClient = require('../service/auth');
+const cachedPermissions = new LRU({
+  max: 10, // cache at most 10 role
+  maxAge: 60 * 1000, // cache for 2min
+});
+const getPermissionsByRole = async (client, role) => {
+  const cached = cachedPermissions.get(role);
+  if (cached) {
+    return cached;
+  }
+  const res = await client.getPermissionsByRole(role);
+  cachedPermissions.set(role, res);
+  return res;
+};
+/**
+ * @param {*} _AuthClient Just for test
+ */
+module.exports = ({ roles, permissions, _AuthClient = AuthClient } = {}) => {
+  if (roles && !Array.isArray(roles)) {
+    throw new Error('roles must be array');
+  }
+  if (permissions && !Array.isArray(permissions)) {
+    throw new Error('permissions must be array');
+  }
+  const client = new _AuthClient();
+  return async (req, res, next) => {
+    if (!req.headers['x-user-did']) {
+      res.status(401).json({ code: 'forbidden', error: 'not authorized' });
+      return;
+    }
+    if (roles && !roles.includes(req.headers['x-user-role'])) {
+      res.status(403).json({ code: 'forbidden', error: 'no permission' });
+      return;
+    }
+    if (permissions) {
+      const { permissions: list } = await getPermissionsByRole(client, req.headers['x-user-role']);
+      if (!permissions.some((x) => (list || []).some((y) => y.name === x))) {
+        res.status(403).json({ code: 'forbidden', error: 'no permission' });
+        return;
+      }
+    }
+    next();
+  };
+};

package/lib/middlewares/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+const user = require('./user');
+const auth = require('./auth');
+module.exports = {
+  user,
+  auth,
+};

package/lib/middlewares/user.js ADDED Viewed

@@ -0,0 +1,11 @@
+module.exports = () => async (req, res, next) => {
+  if (req.headers['x-user-did']) {
+    req.user = {
+      did: req.headers['x-user-did'],
+      role: req.headers['x-user-role'],
+      fullName: decodeURIComponent(req.headers['x-user-fullname']),
+    };
+  }
+  next();
+};

package/lib/util/send-notification.js CHANGED Viewed

@@ -2,6 +2,7 @@
 const axios = require('axios').create({ proxy: false });
 const JWT = require('@arcblock/jwt');
+const { NODE_MODES } = require('@abtnode/constant');
 const validators = require('../validators');
 const { AUTH_SERVICE_PREFIX } = require('./constants');
@@ -10,6 +11,8 @@ const VERSION = require('../../package.json').version; // version of notificatio
 const { validateNotification, validateReceiver } = validators;
+const SERVER_MODE = process.env.ABT_NODE_MODE;
 /**
  * @param {String|Array} receiver
  * @param {Object} notification
@@ -24,7 +27,10 @@ module.exports = async (
   port = process.env.ABT_NODE_SERVICE_PORT
 ) => {
   await validateReceiver(receiver);
-  await validateNotification(notification);
+  if (SERVER_MODE !== NODE_MODES.DEBUG) {
+    await validateNotification(notification);
+  }
   const token = JWT.sign(appId, appSk);

package/lib/validators/notification.js CHANGED Viewed

@@ -7,6 +7,7 @@ const Joi = JOI.extend(didExtension);
 const TYPES = {
   NOTIFICATION: 'notification',
   CONNECT: 'connect',
+  FEED: 'feed',
 };
 const assetSchema = Joi.object({
@@ -58,7 +59,13 @@ const connectTypeSchema = Joi.object({
   checkUrl: Joi.string().uri(),
 }).required();
-const notificationSchema = Joi.alternatives().try(notificationTypeSchema, connectTypeSchema).required();
+const feedTypeSchema = Joi.object({
+  type: Joi.string().valid(TYPES.FEED),
+  feedType: Joi.string().required(),
+  data: Joi.object().required(),
+}).required();
+const notificationSchema = Joi.alternatives().try(notificationTypeSchema, connectTypeSchema, feedTypeSchema).required();
 const receiverSchema = Joi.DID().trim().required();
@@ -76,4 +83,5 @@ module.exports = {
   assetSchema,
   vcSchema,
   attachmentSchema,
+  notificationSchema,
 };

package/lib/wallet-authenticator.js CHANGED Viewed

@@ -1,16 +1,10 @@
 const joinUrl = require('url-join');
 const { WalletAuthenticator: Authenticator } = require('@arcblock/did-auth');
-const { fromSecretKey, WalletType } = require('@ocap/wallet');
-const { types } = require('@ocap/mcrypto');
+const getWallet = require('./wallet');
 const checkBlockletEnv = require('./util/check-blocklet-env');
 const { AUTH_SERVICE_PREFIX } = require('./util/constants');
-const type =
-  process.env.BLOCKLET_WALLET_TYPE !== 'eth'
-    ? WalletType({ role: types.RoleType.ROLE_APPLICATION, pk: types.KeyType.ED25519, hash: types.HashType.SHA3 })
-    : 'eth';
 // wraps value in closure or returns closure
 const closure = (value) => (typeof value === 'function' ? value : () => value);
@@ -19,7 +13,7 @@ class WalletAuthenticator extends Authenticator {
     checkBlockletEnv();
     super({
-      wallet: fromSecretKey(process.env.BLOCKLET_APP_SK, type).toJSON(),
+      wallet: getWallet().toJSON(),
       chainInfo: () => {
         const chainHost = process.env.CHAIN_HOST;

package/lib/wallet.js ADDED Viewed

@@ -0,0 +1,11 @@
+const { fromSecretKey, WalletType } = require('@ocap/wallet');
+const { types } = require('@ocap/mcrypto');
+module.exports = () => {
+  const type =
+    process.env.BLOCKLET_WALLET_TYPE !== 'eth'
+      ? WalletType({ role: types.RoleType.ROLE_APPLICATION, pk: types.KeyType.ED25519, hash: types.HashType.SHA3 })
+      : 'eth';
+  return fromSecretKey(process.env.BLOCKLET_APP_SK, type);
+};

package/package.json CHANGED Viewed

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.12",
+  "version": "1.6.16",
   "description": "graphql client to read/write data on abt node",
   "main": "lib/index.js",
   "files": [
@@ -19,23 +19,24 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/client": "1.6.12",
-    "@abtnode/constant": "1.6.12",
-    "@arcblock/did-auth": "^1.13.79",
-    "@arcblock/jwt": "^1.13.79",
-    "@blocklet/meta": "1.6.12",
+    "@abtnode/client": "1.6.16",
+    "@abtnode/constant": "1.6.16",
+    "@arcblock/did-auth": "^1.14.3",
+    "@arcblock/jwt": "^1.14.3",
+    "@blocklet/meta": "1.6.16",
     "@nedb/core": "^1.2.2",
-    "@ocap/mcrypto": "^1.13.79",
-    "@ocap/wallet": "^1.13.79",
+    "@ocap/mcrypto": "^1.14.3",
+    "@ocap/wallet": "^1.14.3",
     "axios": "^0.21.4",
     "fs-extra": "^10.0.0",
     "joi": "^17.5.0",
     "lodash": "^4.17.21",
+    "lru-cache": "^6.0.0",
     "url-join": "^4.0.1"
   },
   "devDependencies": {
     "detect-port": "^1.3.0",
     "jest": "^27.4.5"
   },
-  "gitHead": "dd79037978dc12f72330227a553a80a504f03fa7"
+  "gitHead": "69b08db16aeb75ce23b0e6bb5b9fa396adba2d4b"
 }