@blocklet/sdk 1.6.14 → 1.6.18

package/README.md

@@ -34,31 +34,99 @@ const { user } = await client.getUser(userDid);
 
 Get user by user did
 
-- **did** `string`
+- _@param_ **did** `string`
+- _@return_ `{ code, user }`
 
 #### client.getUsers()
 
 Get all users of the team
 
-#### client.updateUserRole(did, role)
-
-- **did** `string`
-- **role** `string`
+- _@return_ `{ code, users }`
 
 #### client.getPermissionsByRole(role)
 
 Get all permissions of a role
 
-- **role** `string`
+- _@param_ **role** `string`
+- _@return_ `{ code, permissions }`
 
 #### client.getRoles()
 
 Get all roles of the team
 
+- _@return_ `{ code, roles }`
+
+#### client.createRole({ name, title, description })
+
+- _@param_ **name** `string` the key of the role, should be unique
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+
+#### client.updateRole(name, { title, description })
+
+- _@param_ **name** `string` the key of the role
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+
+#### client.deleteRole(name, { title, description })
+
+- _@param_ **name** `string` the key of the role
+- _@return_ `{ code }`
+
+#### client.grantPermissionForRole(role, permission)
+
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code }`
+
+#### client.revokePermissionFromRole(role, permission)
+
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code }`
+
+#### client.updatePermissionsForRole(role, permissions)
+
+Full update permissions of a role
+
+- _@param_ **role** `string` the name of the role
+- _@param_ **permissions** `array<string>` name of the permissions
+- _@return_ `{ code, role }`
+
+#### client.hasPermission(role, permission)
+
+- _@param_ **role** `string` the name of the role
+- _@param_ **permission** `string` the name of the permission
+- _@return_ `{ code, result }`
+  - **result** `boolean`
+
 #### client.getPermissions()
 
 Get all permissions of the team
 
+- _@return_ `{ code, permissions }`
+
+#### client.createPermission({ name, title, description })
+
+- _@param_ **name** `Permission` the key of the permission, should be unique
+  - format: `<action>_<resource>`. e.g. `query_article`, `mutate_user`
+- _@param_ **description** `string`
+- _@return_ `{ code, role }`
+
+#### client.updatePermission(name, { title, description })
+
+- _@param_ **name** `string` the key of the role
+- _@param_ **title** `string`
+- _@param_ **description** `string`
+- _@return_ `{ code }`
+
+#### client.deletePermission(name, { title, description })
+
+- _@param_ **name** `string` the key of the permission
+- _@return_ `{ code }`
+
 ## Notification SDK
 
 ### Usage
@@ -116,7 +184,7 @@ Send notification to an account
         - **type** `string`
         - **message** `string`
       - _type: asset_
-        - **did** `string` did
+        - **did** `string`
         - **chainHost** `string` uri
       - _type: vc_
         - **credential** `object`
@@ -125,7 +193,7 @@ Send notification to an account
         - **address** `string` did
         - **amount** `string`
         - **symbol** `string`
-        - **senderDid** `string` did
+        - **senderDid** `string`
         - **chainHost** `string`
         - **decimal** `integer`
   - **notification.actions** `array<object>`
@@ -200,3 +268,64 @@ const { Database } = require('@blocklet/sdk');
   const data2Extra = await db2.extraFn();
 })();
 ```
+
+## getWallet
+
+### Usage
+
+```javascript
+const { getWallet } = require('@blocklet/sdk');
+
+// wallet is an instance of @ocap/wallet const { wallet } = env;
+const wallet = getWallet();
+const { address, secretKey, publicKey } = wallet;
+```
+
+## env
+
+### Usage
+
+```javascript
+const { env } = require('@blocklet/sdk');
+
+const { appId, appName, appDescription, appUrl, isComponent, dataDir, cacheDir } = env;
+```
+
+## middlewares
+
+### Usage
+
+```javascript
+const express = require('express');
+const { middlewares } = require('@blocklet/sdk');
+
+const app = express();
+
+app.get('/', middlewares.user(), (req, res) => {
+  const { did, fullName, role } = req.user;
+});
+
+app.get('/auth1', middlewares.auth(), (req, res) => {
+  // will return 401 if user is not connected
+});
+
+app.get('/auth2', middlewares.auth({ roles: ['admin', 'owner'] }), (req, res) => {
+  // will return 401 if user is not connected
+  // will return 403 if user role is neither owner nor admin
+});
+
+app.get('/auth2', middlewares.auth({ permissions: ['mutate_data', 'query_data'] }), (req, res) => {
+  // will return 401 if user is not connected
+  // will return 403 if neither 'mutate_data' nor 'query data' in user permissions
+});
+
+app.get(
+  '/auth3',
+  middlewares.auth({ roles: ['admin', 'owner'], permissions: ['mutate_data', 'query_data'] }),
+  (req, res) => {
+    // will return 401 if user is not connected
+    // will return 403 if user role is neither owner nor admin
+    // will return 403 if neither 'mutate_data' nor 'query data' in user permissions
+  }
+);
+```

package/lib/env.js

@@ -0,0 +1,9 @@
+module.exports = {
+  appId: process.env.BLOCKLET_APP_ID,
+  appName: process.env.BLOCKLET_APP_NAME,
+  appDescription: process.env.BLOCKLET_APP_DESCRIPTION,
+  appUrl: process.env.BLOCKLET_APP_URL,
+  isComponent: process.env.BLOCKLET_DID !== process.env.BLOCKLET_REAL_DID,
+  dataDir: process.env.BLOCKLET_DATA_DIR,
+  cacheDir: process.env.BLOCKLET_CACHE_DIR,
+};

package/lib/index.js

@@ -3,6 +3,9 @@ const NotificationService = require('./service/notification');
 const WalletAuthenticator = require('./wallet-authenticator');
 const WalletHandlers = require('./wallet-handler');
 const Database = require('./database');
+const env = require('./env');
+const middlewares = require('./middlewares');
+const getWallet = require('./wallet');
 
 module.exports = {
   AuthService,
@@ -10,4 +13,7 @@ module.exports = {
   WalletHandlers,
   WalletAuthenticator,
   Database,
+  getWallet,
+  env,
+  middlewares,
 };

package/lib/middlewares/auth.js

@@ -0,0 +1,54 @@
+const LRU = require('lru-cache');
+const AuthClient = require('../service/auth');
+
+const cachedPermissions = new LRU({
+  max: 10, // cache at most 10 role
+  maxAge: 60 * 1000, // cache for 2min
+});
+
+const getPermissionsByRole = async (client, role) => {
+  const cached = cachedPermissions.get(role);
+  if (cached) {
+    return cached;
+  }
+  const res = await client.getPermissionsByRole(role);
+  cachedPermissions.set(role, res);
+  return res;
+};
+
+/**
+ * @param {*} _AuthClient Just for test
+ */
+module.exports = ({ roles, permissions, _AuthClient = AuthClient } = {}) => {
+  if (roles && !Array.isArray(roles)) {
+    throw new Error('roles must be array');
+  }
+
+  if (permissions && !Array.isArray(permissions)) {
+    throw new Error('permissions must be array');
+  }
+
+  const client = new _AuthClient();
+
+  return async (req, res, next) => {
+    if (!req.headers['x-user-did']) {
+      res.status(401).json({ code: 'forbidden', error: 'not authorized' });
+      return;
+    }
+
+    if (roles && !roles.includes(req.headers['x-user-role'])) {
+      res.status(403).json({ code: 'forbidden', error: 'no permission' });
+      return;
+    }
+
+    if (permissions) {
+      const { permissions: list } = await getPermissionsByRole(client, req.headers['x-user-role']);
+      if (!permissions.some((x) => (list || []).some((y) => y.name === x))) {
+        res.status(403).json({ code: 'forbidden', error: 'no permission' });
+        return;
+      }
+    }
+
+    next();
+  };
+};

package/lib/middlewares/index.js

@@ -0,0 +1,7 @@
+const user = require('./user');
+const auth = require('./auth');
+
+module.exports = {
+  user,
+  auth,
+};

package/lib/middlewares/user.js

@@ -0,0 +1,11 @@
+module.exports = () => async (req, res, next) => {
+  if (req.headers['x-user-did']) {
+    req.user = {
+      did: req.headers['x-user-did'],
+      role: req.headers['x-user-role'],
+      fullName: decodeURIComponent(req.headers['x-user-fullname']),
+    };
+  }
+
+  next();
+};

package/lib/validators/notification.js

@@ -7,6 +7,7 @@ const Joi = JOI.extend(didExtension);
 const TYPES = {
   NOTIFICATION: 'notification',
   CONNECT: 'connect',
+  FEED: 'feed',
 };
 
 const assetSchema = Joi.object({
@@ -58,7 +59,13 @@ const connectTypeSchema = Joi.object({
   checkUrl: Joi.string().uri(),
 }).required();
 
-const notificationSchema = Joi.alternatives().try(notificationTypeSchema, connectTypeSchema).required();
+const feedTypeSchema = Joi.object({
+  type: Joi.string().valid(TYPES.FEED),
+  feedType: Joi.string().required(),
+  data: Joi.object().required(),
+}).required();
+
+const notificationSchema = Joi.alternatives().try(notificationTypeSchema, connectTypeSchema, feedTypeSchema).required();
 
 const receiverSchema = Joi.DID().trim().required();
 
@@ -76,4 +83,5 @@ module.exports = {
   assetSchema,
   vcSchema,
   attachmentSchema,
+  notificationSchema,
 };

package/lib/wallet-authenticator.js

@@ -1,16 +1,10 @@
 const joinUrl = require('url-join');
 const { WalletAuthenticator: Authenticator } = require('@arcblock/did-auth');
-const { fromSecretKey, WalletType } = require('@ocap/wallet');
-const { types } = require('@ocap/mcrypto');
 
+const getWallet = require('./wallet');
 const checkBlockletEnv = require('./util/check-blocklet-env');
 const { AUTH_SERVICE_PREFIX } = require('./util/constants');
 
-const type =
-  process.env.BLOCKLET_WALLET_TYPE !== 'eth'
-    ? WalletType({ role: types.RoleType.ROLE_APPLICATION, pk: types.KeyType.ED25519, hash: types.HashType.SHA3 })
-    : 'eth';
-
 // wraps value in closure or returns closure
 const closure = (value) => (typeof value === 'function' ? value : () => value);
 
@@ -19,7 +13,7 @@ class WalletAuthenticator extends Authenticator {
     checkBlockletEnv();
 
     super({
-      wallet: fromSecretKey(process.env.BLOCKLET_APP_SK, type).toJSON(),
+      wallet: getWallet().toJSON(),
 
       chainInfo: () => {
         const chainHost = process.env.CHAIN_HOST;

package/lib/wallet.js

@@ -0,0 +1,11 @@
+const { fromSecretKey, WalletType } = require('@ocap/wallet');
+const { types } = require('@ocap/mcrypto');
+
+module.exports = () => {
+  const type =
+    process.env.BLOCKLET_WALLET_TYPE !== 'eth'
+      ? WalletType({ role: types.RoleType.ROLE_APPLICATION, pk: types.KeyType.ED25519, hash: types.HashType.SHA3 })
+      : 'eth';
+
+  return fromSecretKey(process.env.BLOCKLET_APP_SK, type);
+};

package/package.json

@@ -3,7 +3,7 @@
   "publishConfig": {
     "access": "public"
   },
-  "version": "1.6.14",
+  "version": "1.6.18",
   "description": "graphql client to read/write data on abt node",
   "main": "lib/index.js",
   "files": [
@@ -19,23 +19,24 @@
   "author": "linchen1987 <linchen.1987@foxmail.com> (http://github.com/linchen1987)",
   "license": "MIT",
   "dependencies": {
-    "@abtnode/client": "1.6.14",
-    "@abtnode/constant": "1.6.14",
-    "@arcblock/did-auth": "^1.13.79",
-    "@arcblock/jwt": "^1.13.79",
-    "@blocklet/meta": "1.6.14",
+    "@abtnode/client": "1.6.18",
+    "@abtnode/constant": "1.6.18",
+    "@arcblock/did-auth": "^1.14.8",
+    "@arcblock/jwt": "^1.14.8",
+    "@blocklet/meta": "1.6.18",
     "@nedb/core": "^1.2.2",
-    "@ocap/mcrypto": "^1.13.79",
-    "@ocap/wallet": "^1.13.79",
+    "@ocap/mcrypto": "^1.14.8",
+    "@ocap/wallet": "^1.14.8",
     "axios": "^0.21.4",
     "fs-extra": "^10.0.0",
     "joi": "^17.5.0",
     "lodash": "^4.17.21",
+    "lru-cache": "^6.0.0",
     "url-join": "^4.0.1"
   },
   "devDependencies": {
     "detect-port": "^1.3.0",
     "jest": "^27.4.5"
   },
-  "gitHead": "0ae215d5cf1160631bdd9b64639c8fcf80eb2d5f"
+  "gitHead": "2f02f166869d8ebedc0466068f6ed90ab3e07b87"
 }