@ceramicnetwork/common 5.8.0-rc.0 → 5.9.0-rc.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +0 -1
- package/lib/index.d.ts.map +1 -1
- package/lib/index.js +0 -1
- package/lib/index.js.map +1 -1
- package/package.json +3 -4
- package/lib/utils/signature_utils.d.ts +0 -10
- package/lib/utils/signature_utils.d.ts.map +0 -1
- package/lib/utils/signature_utils.js +0 -70
- package/lib/utils/signature_utils.js.map +0 -1
package/lib/index.d.ts
CHANGED
|
@@ -11,7 +11,6 @@ export * from './utils/stream-utils.js';
|
|
|
11
11
|
export * from './utils/accountid-utils.js';
|
|
12
12
|
export * from './utils/cid-utils.js';
|
|
13
13
|
export * from './utils/abort-signal-utils.js';
|
|
14
|
-
export * from './utils/signature_utils.js';
|
|
15
14
|
export * from './utils/uint8array-utils.js';
|
|
16
15
|
export * from './logger-provider.js';
|
|
17
16
|
export * from './loggers.js';
|
package/lib/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,aAAa,CAAA;AAC3B,cAAc,oBAAoB,CAAA;AAClC,cAAc,0BAA0B,CAAA;AACxC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,sBAAsB,CAAA;AACpC,cAAc,+BAA+B,CAAA;AAC7C,cAAc,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,aAAa,CAAA;AAC3B,cAAc,oBAAoB,CAAA;AAClC,cAAc,0BAA0B,CAAA;AACxC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,sBAAsB,CAAA;AACpC,cAAc,+BAA+B,CAAA;AAC7C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,sBAAsB,CAAA;AACpC,cAAc,cAAc,CAAA;AAC5B,cAAc,eAAe,CAAA;AAC7B,cAAc,kBAAkB,CAAA;AAChC,cAAc,cAAc,CAAA;AAC5B,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,gBAAgB,CAAA;AAC9B,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,oBAAoB,CAAA;AAElC,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,iBAAiB,CAAA;AAC3C,oBAAY,OAAO,GAAG,IAAI,CAAA"}
|
package/lib/index.js
CHANGED
|
@@ -11,7 +11,6 @@ export * from './utils/stream-utils.js';
|
|
|
11
11
|
export * from './utils/accountid-utils.js';
|
|
12
12
|
export * from './utils/cid-utils.js';
|
|
13
13
|
export * from './utils/abort-signal-utils.js';
|
|
14
|
-
export * from './utils/signature_utils.js';
|
|
15
14
|
export * from './utils/uint8array-utils.js';
|
|
16
15
|
export * from './logger-provider.js';
|
|
17
16
|
export * from './loggers.js';
|
package/lib/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,aAAa,CAAA;AAC3B,cAAc,oBAAoB,CAAA;AAClC,cAAc,0BAA0B,CAAA;AACxC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,sBAAsB,CAAA;AACpC,cAAc,+BAA+B,CAAA;AAC7C,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,kBAAkB,CAAA;AAChC,cAAc,qBAAqB,CAAA;AACnC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,aAAa,CAAA;AAC3B,cAAc,oBAAoB,CAAA;AAClC,cAAc,0BAA0B,CAAA;AACxC,cAAc,oBAAoB,CAAA;AAClC,cAAc,uBAAuB,CAAA;AACrC,cAAc,yBAAyB,CAAA;AACvC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,sBAAsB,CAAA;AACpC,cAAc,+BAA+B,CAAA;AAC7C,cAAc,6BAA6B,CAAA;AAC3C,cAAc,sBAAsB,CAAA;AACpC,cAAc,cAAc,CAAA;AAC5B,cAAc,eAAe,CAAA;AAC7B,cAAc,kBAAkB,CAAA;AAChC,cAAc,cAAc,CAAA;AAC5B,cAAc,6BAA6B,CAAA;AAC3C,cAAc,yBAAyB,CAAA;AACvC,cAAc,2BAA2B,CAAA;AACzC,cAAc,uBAAuB,CAAA;AACrC,cAAc,gBAAgB,CAAA;AAC9B,cAAc,sBAAsB,CAAA;AACpC,cAAc,4BAA4B,CAAA;AAC1C,cAAc,oBAAoB,CAAA"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@ceramicnetwork/common",
|
|
3
|
-
"version": "5.
|
|
3
|
+
"version": "5.9.0-rc.0",
|
|
4
4
|
"description": "Ceramic common types and utilities",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"ceramic",
|
|
@@ -44,7 +44,6 @@
|
|
|
44
44
|
},
|
|
45
45
|
"dependencies": {
|
|
46
46
|
"@ceramicnetwork/model-metrics": "^1.2.5",
|
|
47
|
-
"@ceramicnetwork/observability": "^1.4.4",
|
|
48
47
|
"@ceramicnetwork/streamid": "^5.0.0",
|
|
49
48
|
"@didtools/cacao": "^3.0.0",
|
|
50
49
|
"@didtools/key-webauthn": "^2.0.2",
|
|
@@ -65,7 +64,7 @@
|
|
|
65
64
|
"uint8arrays": "^5.0.1"
|
|
66
65
|
},
|
|
67
66
|
"devDependencies": {
|
|
68
|
-
"@ceramicnetwork/base-test-utils": "^3.
|
|
67
|
+
"@ceramicnetwork/base-test-utils": "^3.4.0-rc.0",
|
|
69
68
|
"@types/lodash.clonedeep": "^4.5.6",
|
|
70
69
|
"@types/logfmt": "^1.2.2",
|
|
71
70
|
"@types/node": "^18.0.3",
|
|
@@ -76,5 +75,5 @@
|
|
|
76
75
|
"json-schema-to-typescript": "^10.1.5",
|
|
77
76
|
"typescript-json-schema": "^0.52.0"
|
|
78
77
|
},
|
|
79
|
-
"gitHead": "
|
|
78
|
+
"gitHead": "be8d6d9c24509c2bd6bcae43314554a3b850b1f8"
|
|
80
79
|
}
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import type { CommitData, StreamState } from '../stream.js';
|
|
2
|
-
import type { StreamID } from '@ceramicnetwork/streamid';
|
|
3
|
-
import { CeramicSigner } from '../ceramic-signer.js';
|
|
4
|
-
export declare const CACAO_EXPIRED = "cacao_expired";
|
|
5
|
-
export declare class SignatureUtils {
|
|
6
|
-
static verifyCommitSignature(commitData: CommitData, signer: CeramicSigner, controller: string, model: StreamID | null, streamId: StreamID): Promise<void>;
|
|
7
|
-
private static _verifyCapabilityAuthz;
|
|
8
|
-
static checkForCacaoExpiration(state: StreamState): void;
|
|
9
|
-
}
|
|
10
|
-
//# sourceMappingURL=signature_utils.d.ts.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"signature_utils.d.ts","sourceRoot":"","sources":["../../src/utils/signature_utils.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,cAAc,CAAA;AAC3D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,0BAA0B,CAAA;AAMxD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAOpD,eAAO,MAAM,aAAa,kBAAkB,CAAA;AAc5C,qBAAa,cAAc;WAWZ,qBAAqB,CAChC,UAAU,EAAE,UAAU,EACtB,MAAM,EAAE,aAAa,EACrB,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,QAAQ,GAAG,IAAI,EACtB,QAAQ,EAAE,QAAQ,GACjB,OAAO,CAAC,IAAI,CAAC;mBAgCK,sBAAsB;IA2B3C,MAAM,CAAC,uBAAuB,CAAC,KAAK,EAAE,WAAW,GAAG,IAAI;CAqBzD"}
|
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
import { getEIP191Verifier } from '@didtools/pkh-ethereum';
|
|
2
|
-
import { getSolanaVerifier } from '@didtools/pkh-solana';
|
|
3
|
-
import { getStacksVerifier } from '@didtools/pkh-stacks';
|
|
4
|
-
import { getTezosVerifier } from '@didtools/pkh-tezos';
|
|
5
|
-
import { WebauthnAuth } from '@didtools/key-webauthn';
|
|
6
|
-
import { StreamUtils } from './stream-utils.js';
|
|
7
|
-
import { ServiceMetrics as Metrics } from '@ceramicnetwork/observability';
|
|
8
|
-
import { ModelMetrics } from '@ceramicnetwork/model-metrics';
|
|
9
|
-
const DEFAULT_CACAO_REVOCATION_PHASE_OUT_SECS = 24 * 60 * 60;
|
|
10
|
-
export const CACAO_EXPIRED = 'cacao_expired';
|
|
11
|
-
const verifiersCACAO = {
|
|
12
|
-
...getEIP191Verifier(),
|
|
13
|
-
...getSolanaVerifier(),
|
|
14
|
-
...getStacksVerifier(),
|
|
15
|
-
...getTezosVerifier(),
|
|
16
|
-
...WebauthnAuth.getVerifier(),
|
|
17
|
-
};
|
|
18
|
-
export class SignatureUtils {
|
|
19
|
-
static async verifyCommitSignature(commitData, signer, controller, model, streamId) {
|
|
20
|
-
try {
|
|
21
|
-
const cacao = await this._verifyCapabilityAuthz(commitData, streamId, model);
|
|
22
|
-
const atTime = commitData.timestamp ? new Date(commitData.timestamp * 1000) : undefined;
|
|
23
|
-
await signer.verifyJWS(commitData.envelope, {
|
|
24
|
-
atTime: atTime,
|
|
25
|
-
issuer: controller,
|
|
26
|
-
capability: cacao,
|
|
27
|
-
revocationPhaseOutSecs: DEFAULT_CACAO_REVOCATION_PHASE_OUT_SECS,
|
|
28
|
-
verifiers: verifiersCACAO,
|
|
29
|
-
});
|
|
30
|
-
}
|
|
31
|
-
catch (e) {
|
|
32
|
-
const original = e.message ? e.message : String(e);
|
|
33
|
-
if (original.includes('CACAO has expired')) {
|
|
34
|
-
Metrics.count(CACAO_EXPIRED, 1, { source: 'new_commit' });
|
|
35
|
-
ModelMetrics.recordError(CACAO_EXPIRED + '_new_commit');
|
|
36
|
-
}
|
|
37
|
-
throw new Error(`Can not verify signature for commit ${commitData.cid} to stream ${streamId} which has controller DID ${controller}: ${original}`);
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
static async _verifyCapabilityAuthz(commitData, streamId, model) {
|
|
41
|
-
const cacao = commitData.capability;
|
|
42
|
-
if (!cacao)
|
|
43
|
-
return null;
|
|
44
|
-
const resources = cacao.p.resources;
|
|
45
|
-
const payloadCID = commitData.envelope.link.toString();
|
|
46
|
-
if (!resources.includes(`ceramic://*`) &&
|
|
47
|
-
!resources.includes(`ceramic://${streamId.toString()}`) &&
|
|
48
|
-
!resources.includes(`ceramic://${streamId.toString()}?payload=${payloadCID}`) &&
|
|
49
|
-
!(model && resources.includes(`ceramic://*?model=${model.toString()}`))) {
|
|
50
|
-
throw new Error(`Capability does not have appropriate permissions to update this Stream`);
|
|
51
|
-
}
|
|
52
|
-
return cacao;
|
|
53
|
-
}
|
|
54
|
-
static checkForCacaoExpiration(state) {
|
|
55
|
-
const now = Math.floor(Date.now() / 1000);
|
|
56
|
-
for (const logEntry of state.log) {
|
|
57
|
-
const timestamp = logEntry.timestamp ?? now;
|
|
58
|
-
if (!logEntry.expirationTime) {
|
|
59
|
-
continue;
|
|
60
|
-
}
|
|
61
|
-
const expirationTime = logEntry.expirationTime + DEFAULT_CACAO_REVOCATION_PHASE_OUT_SECS;
|
|
62
|
-
if (expirationTime < timestamp) {
|
|
63
|
-
Metrics.count(CACAO_EXPIRED, 1, { source: 'existing_state' });
|
|
64
|
-
ModelMetrics.recordError(CACAO_EXPIRED + '_existing_state');
|
|
65
|
-
throw new Error(`CACAO expired: Commit ${logEntry.cid.toString()} of Stream ${StreamUtils.streamIdFromState(state).toString()} has a CACAO that expired at ${logEntry.expirationTime}. Loading the stream with 'sync: SyncOptions.ALWAYS_SYNC' will restore the stream to a usable state, by discarding the invalid commits (this means losing the data from those invalid writes!)`);
|
|
66
|
-
}
|
|
67
|
-
}
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
//# sourceMappingURL=signature_utils.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"signature_utils.js","sourceRoot":"","sources":["../../src/utils/signature_utils.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,wBAAwB,CAAA;AAC1D,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACtD,OAAO,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAA;AAErD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAA;AAC/C,OAAO,EAAE,cAAc,IAAI,OAAO,EAAE,MAAM,+BAA+B,CAAA;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAA;AAE5D,MAAM,uCAAuC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAA;AAE5D,MAAM,CAAC,MAAM,aAAa,GAAG,eAAe,CAAA;AAG5C,MAAM,cAAc,GAAG;IACrB,GAAG,iBAAiB,EAAE;IACtB,GAAG,iBAAiB,EAAE;IACtB,GAAG,iBAAiB,EAAE;IACtB,GAAG,gBAAgB,EAAE;IACrB,GAAG,YAAY,CAAC,WAAW,EAAE;CAC9B,CAAA;AAKD,MAAM,OAAO,cAAc;IAWzB,MAAM,CAAC,KAAK,CAAC,qBAAqB,CAChC,UAAsB,EACtB,MAAqB,EACrB,UAAkB,EAClB,KAAsB,EACtB,QAAkB;QAElB,IAAI;YACF,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,UAAU,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAA;YAE5E,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;YACvF,MAAM,MAAM,CAAC,SAAS,CAAC,UAAU,CAAC,QAAQ,EAAE;gBAC1C,MAAM,EAAE,MAAM;gBACd,MAAM,EAAE,UAAU;gBAClB,UAAU,EAAE,KAAK;gBACjB,sBAAsB,EAAE,uCAAuC;gBAC/D,SAAS,EAAE,cAAc;aAC1B,CAAC,CAAA;SACH;QAAC,OAAO,CAAM,EAAE;YACf,MAAM,QAAQ,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAA;YAClD,IAAI,QAAQ,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;gBAE1C,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,YAAY,EAAE,CAAC,CAAA;gBACzD,YAAY,CAAC,WAAW,CAAC,aAAa,GAAG,aAAa,CAAC,CAAA;aACxD;YACD,MAAM,IAAI,KAAK,CACb,uCAAuC,UAAU,CAAC,GAAG,cAAc,QAAQ,6BAA6B,UAAU,KAAK,QAAQ,EAAE,CAClI,CAAA;SACF;IACH,CAAC;IASO,MAAM,CAAC,KAAK,CAAC,sBAAsB,CACzC,UAAsB,EACtB,QAAkB,EAClB,KAAsB;QAEtB,MAAM,KAAK,GAAG,UAAU,CAAC,UAAU,CAAA;QAEnC,IAAI,CAAC,KAAK;YAAE,OAAO,IAAI,CAAA;QAEvB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,SAAqB,CAAA;QAC/C,MAAM,UAAU,GAAG,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAA;QAEtD,IACE,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,CAAC;YAClC,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,QAAQ,CAAC,QAAQ,EAAE,EAAE,CAAC;YACvD,CAAC,SAAS,CAAC,QAAQ,CAAC,aAAa,QAAQ,CAAC,QAAQ,EAAE,YAAY,UAAU,EAAE,CAAC;YAC7E,CAAC,CAAC,KAAK,IAAI,SAAS,CAAC,QAAQ,CAAC,qBAAqB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,EACvE;YACA,MAAM,IAAI,KAAK,CAAC,wEAAwE,CAAC,CAAA;SAC1F;QAED,OAAO,KAAK,CAAA;IACd,CAAC;IAKD,MAAM,CAAC,uBAAuB,CAAC,KAAkB;QAC/C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QACzC,KAAK,MAAM,QAAQ,IAAI,KAAK,CAAC,GAAG,EAAE;YAChC,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,IAAI,GAAG,CAAA;YAC3C,IAAI,CAAC,QAAQ,CAAC,cAAc,EAAE;gBAC5B,SAAQ;aACT;YACD,MAAM,cAAc,GAAG,QAAQ,CAAC,cAAc,GAAG,uCAAuC,CAAA;YACxF,IAAI,cAAc,GAAG,SAAS,EAAE;gBAC9B,OAAO,CAAC,KAAK,CAAC,aAAa,EAAE,CAAC,EAAE,EAAE,MAAM,EAAE,gBAAgB,EAAE,CAAC,CAAA;gBAC7D,YAAY,CAAC,WAAW,CAAC,aAAa,GAAG,iBAAiB,CAAC,CAAA;gBAC3D,MAAM,IAAI,KAAK,CACb,yBAAyB,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,cAAc,WAAW,CAAC,iBAAiB,CACzF,KAAK,CACN,CAAC,QAAQ,EAAE,gCACV,QAAQ,CAAC,cACX,gMAAgM,CACjM,CAAA;aACF;SACF;IACH,CAAC;CACF"}
|