@cubist-labs/cubesigner-sdk 0.1.77 → 0.2.15
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/package.json +68 -0
- package/dist/src/api.d.ts +493 -0
- package/dist/src/api.js +1166 -0
- package/dist/src/client.d.ts +534 -10
- package/dist/src/client.js +355 -19
- package/dist/src/ethers/index.d.ts +34 -9
- package/dist/src/ethers/index.js +63 -19
- package/dist/src/index.d.ts +51 -70
- package/dist/src/index.js +83 -237
- package/dist/src/key.d.ts +35 -64
- package/dist/src/key.js +32 -96
- package/dist/src/mfa.d.ts +85 -14
- package/dist/src/mfa.js +146 -40
- package/dist/src/org.d.ts +42 -194
- package/dist/src/org.js +52 -336
- package/dist/src/paginator.js +1 -1
- package/dist/src/response.d.ts +101 -0
- package/dist/src/response.js +164 -0
- package/dist/src/role.d.ts +87 -83
- package/dist/src/role.js +79 -136
- package/dist/src/schema.d.ts +936 -28
- package/dist/src/schema.js +1 -1
- package/dist/src/schema_types.d.ts +109 -0
- package/dist/src/schema_types.js +3 -0
- package/dist/src/session/cognito_manager.d.ts +15 -3
- package/dist/src/session/cognito_manager.js +23 -5
- package/dist/src/session/session_manager.d.ts +1 -1
- package/dist/src/session/session_manager.js +3 -11
- package/dist/src/session/session_storage.js +1 -1
- package/dist/src/session/signer_session_manager.d.ts +10 -29
- package/dist/src/session/signer_session_manager.js +21 -80
- package/dist/src/signer_session.d.ts +15 -252
- package/dist/src/signer_session.js +25 -424
- package/dist/src/user_export.d.ts +52 -0
- package/dist/src/user_export.js +129 -0
- package/dist/src/util.d.ts +15 -0
- package/dist/src/util.js +33 -11
- package/package.json +13 -11
- package/src/api.ts +1395 -0
- package/src/client.ts +413 -12
- package/src/ethers/index.ts +74 -28
- package/src/index.ts +96 -273
- package/src/key.ts +36 -131
- package/src/{fido.ts → mfa.ts} +62 -38
- package/src/org.ts +54 -405
- package/src/response.ts +196 -0
- package/src/role.ts +113 -184
- package/src/schema.ts +936 -28
- package/src/schema_types.ts +110 -0
- package/src/session/cognito_manager.ts +33 -6
- package/src/session/session_manager.ts +2 -8
- package/src/session/signer_session_manager.ts +29 -110
- package/src/signer_session.ts +22 -597
- package/src/user_export.ts +116 -0
- package/src/util.ts +29 -10
|
@@ -0,0 +1,164 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
|
|
3
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
|
|
4
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
|
|
5
|
+
return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
|
|
6
|
+
};
|
|
7
|
+
var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
|
|
8
|
+
if (kind === "m") throw new TypeError("Private method is not writable");
|
|
9
|
+
if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
|
|
10
|
+
if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
|
|
11
|
+
return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
|
|
12
|
+
};
|
|
13
|
+
var _CubeSignerResponse_requestFn, _CubeSignerResponse_resp, _CubeSignerResponse_mfaRequired;
|
|
14
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
+
exports.CubeSignerResponse = exports.mapResponse = void 0;
|
|
16
|
+
/**
|
|
17
|
+
* Take a {@link Response<U>} and a {@link MapFn<U, V>} function and return
|
|
18
|
+
* a {@link Response<V>} that maps the value of the original response when its status code is 200.
|
|
19
|
+
*
|
|
20
|
+
* @param {Response<U>} resp Original response
|
|
21
|
+
* @param {Map<U, V>} mapFn Map to apply to the response value when its status code is 200.
|
|
22
|
+
* @return {Response<V>} Response whose value for status code 200 is mapped from U to V
|
|
23
|
+
*/
|
|
24
|
+
function mapResponse(resp, mapFn) {
|
|
25
|
+
if (resp.accepted?.MfaRequired) {
|
|
26
|
+
return resp;
|
|
27
|
+
}
|
|
28
|
+
else {
|
|
29
|
+
return mapFn(resp);
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
exports.mapResponse = mapResponse;
|
|
33
|
+
/**
|
|
34
|
+
* A response of a CubeSigner request.
|
|
35
|
+
*/
|
|
36
|
+
class CubeSignerResponse {
|
|
37
|
+
/** @return {string} The MFA id associated with this request (if any) */
|
|
38
|
+
mfaId() {
|
|
39
|
+
return __classPrivateFieldGet(this, _CubeSignerResponse_mfaRequired, "f").id;
|
|
40
|
+
}
|
|
41
|
+
/** @return {boolean} True if this request requires an MFA approval */
|
|
42
|
+
requiresMfa() {
|
|
43
|
+
return __classPrivateFieldGet(this, _CubeSignerResponse_mfaRequired, "f") !== undefined;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Return session information to use for any MFA approval requests (if any was included in the response).
|
|
47
|
+
* @return {ClientSessionInfo | undefined}
|
|
48
|
+
*/
|
|
49
|
+
mfaSessionInfo() {
|
|
50
|
+
return __classPrivateFieldGet(this, _CubeSignerResponse_resp, "f").accepted?.MfaRequired?.session ?? undefined;
|
|
51
|
+
}
|
|
52
|
+
/** @return {U} The response data, if no MFA is required */
|
|
53
|
+
data() {
|
|
54
|
+
if (this.requiresMfa()) {
|
|
55
|
+
throw new Error("Cannot call `data()` while MFA is required");
|
|
56
|
+
}
|
|
57
|
+
return __classPrivateFieldGet(this, _CubeSignerResponse_resp, "f");
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Approve the MFA request using a given session and a TOTP code.
|
|
61
|
+
*
|
|
62
|
+
* @param {SignerSession} session Signer session to use
|
|
63
|
+
* @param {string} code 6-digit TOTP code
|
|
64
|
+
* @return {CubeSignerResponse<U>} The result of signing with the approval
|
|
65
|
+
*/
|
|
66
|
+
async approveTotp(session, code) {
|
|
67
|
+
if (!this.requiresMfa()) {
|
|
68
|
+
return this;
|
|
69
|
+
}
|
|
70
|
+
const mfaId = this.mfaId();
|
|
71
|
+
const mfaOrgId = __classPrivateFieldGet(this, _CubeSignerResponse_mfaRequired, "f").org_id;
|
|
72
|
+
const mfaApproval = await session.mfaApproveTotp(mfaId, code);
|
|
73
|
+
const mfaConf = mfaApproval.receipt?.confirmation;
|
|
74
|
+
if (!mfaConf) {
|
|
75
|
+
return this;
|
|
76
|
+
}
|
|
77
|
+
return await this.signWithMfaApproval({ mfaId, mfaOrgId, mfaConf });
|
|
78
|
+
}
|
|
79
|
+
/**
|
|
80
|
+
* Approve the MFA request using a given `CubeSignerClient` instance (i.e., its session).
|
|
81
|
+
*
|
|
82
|
+
* @param {CubeSignerClient} cs CubeSigner whose session to use
|
|
83
|
+
* @return {CubeSignerResponse<U>} The result of signing with the approval
|
|
84
|
+
*/
|
|
85
|
+
async approve(cs) {
|
|
86
|
+
if (!this.requiresMfa()) {
|
|
87
|
+
return this;
|
|
88
|
+
}
|
|
89
|
+
const mfaId = __classPrivateFieldGet(this, _CubeSignerResponse_mfaRequired, "f").id;
|
|
90
|
+
const mfaOrgId = __classPrivateFieldGet(this, _CubeSignerResponse_mfaRequired, "f").org_id;
|
|
91
|
+
const mfaApproval = await cs.mfaApprove(mfaId);
|
|
92
|
+
const mfaConf = mfaApproval.receipt?.confirmation;
|
|
93
|
+
if (!mfaConf) {
|
|
94
|
+
return this;
|
|
95
|
+
}
|
|
96
|
+
return await this.signWithMfaApproval({ mfaId, mfaOrgId, mfaConf });
|
|
97
|
+
}
|
|
98
|
+
/**
|
|
99
|
+
* Resubmits the request with a given MFA receipt attached.
|
|
100
|
+
*
|
|
101
|
+
* @param {MfaReceipt} mfaReceipt The MFA receipt
|
|
102
|
+
* @return {Promise<CubeSignerResponse<U>>} The result of signing after MFA approval
|
|
103
|
+
*/
|
|
104
|
+
async signWithMfaApproval(mfaReceipt) {
|
|
105
|
+
const headers = CubeSignerResponse.getMfaHeaders(mfaReceipt);
|
|
106
|
+
return new CubeSignerResponse(__classPrivateFieldGet(this, _CubeSignerResponse_requestFn, "f"), await __classPrivateFieldGet(this, _CubeSignerResponse_requestFn, "f").call(this, headers));
|
|
107
|
+
}
|
|
108
|
+
// --------------------------------------------------------------------------
|
|
109
|
+
// -- INTERNAL --------------------------------------------------------------
|
|
110
|
+
// --------------------------------------------------------------------------
|
|
111
|
+
/**
|
|
112
|
+
* Constructor.
|
|
113
|
+
*
|
|
114
|
+
* @param {RequestFn} requestFn
|
|
115
|
+
* The signing function that this response is from.
|
|
116
|
+
* This argument is used to resend requests with different headers if needed.
|
|
117
|
+
* @param {U | AcceptedResponse} resp The response as returned by the OpenAPI client.
|
|
118
|
+
* @internal
|
|
119
|
+
*/
|
|
120
|
+
constructor(requestFn, resp) {
|
|
121
|
+
_CubeSignerResponse_requestFn.set(this, void 0);
|
|
122
|
+
_CubeSignerResponse_resp.set(this, void 0);
|
|
123
|
+
/**
|
|
124
|
+
* Optional MFA id. Only set if there is an MFA request associated with the
|
|
125
|
+
* signing request
|
|
126
|
+
*/
|
|
127
|
+
_CubeSignerResponse_mfaRequired.set(this, void 0);
|
|
128
|
+
__classPrivateFieldSet(this, _CubeSignerResponse_requestFn, requestFn, "f");
|
|
129
|
+
__classPrivateFieldSet(this, _CubeSignerResponse_resp, resp, "f");
|
|
130
|
+
__classPrivateFieldSet(this, _CubeSignerResponse_mfaRequired, __classPrivateFieldGet(this, _CubeSignerResponse_resp, "f").accepted?.MfaRequired, "f");
|
|
131
|
+
}
|
|
132
|
+
/**
|
|
133
|
+
* Static constructor.
|
|
134
|
+
* @param {RequestFn} requestFn
|
|
135
|
+
* The request function that this response is from.
|
|
136
|
+
* This argument is used to resend requests with different headers if needed.
|
|
137
|
+
* @param {MfaReceipt} mfaReceipt Optional MFA receipt
|
|
138
|
+
* @return {Promise<CubeSignerResponse<U>>} New instance of this class.
|
|
139
|
+
* @internal
|
|
140
|
+
*/
|
|
141
|
+
static async create(requestFn, mfaReceipt) {
|
|
142
|
+
const seed = await requestFn(this.getMfaHeaders(mfaReceipt));
|
|
143
|
+
return new CubeSignerResponse(requestFn, seed);
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Return HTTP headers containing a given MFA receipt.
|
|
147
|
+
*
|
|
148
|
+
* @param {MfaReceipt} mfaReceipt MFA receipt
|
|
149
|
+
* @return {HeadersInit} Headers including that receipt
|
|
150
|
+
* @internal
|
|
151
|
+
*/
|
|
152
|
+
static getMfaHeaders(mfaReceipt) {
|
|
153
|
+
return mfaReceipt
|
|
154
|
+
? {
|
|
155
|
+
"x-cubist-mfa-id": mfaReceipt.mfaId,
|
|
156
|
+
"x-cubist-mfa-org-id": mfaReceipt.mfaOrgId,
|
|
157
|
+
"x-cubist-mfa-confirmation": mfaReceipt.mfaConf,
|
|
158
|
+
}
|
|
159
|
+
: undefined;
|
|
160
|
+
}
|
|
161
|
+
}
|
|
162
|
+
exports.CubeSignerResponse = CubeSignerResponse;
|
|
163
|
+
_CubeSignerResponse_requestFn = new WeakMap(), _CubeSignerResponse_resp = new WeakMap(), _CubeSignerResponse_mfaRequired = new WeakMap();
|
|
164
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVzcG9uc2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvcmVzcG9uc2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7O0FBcUJBOzs7Ozs7O0dBT0c7QUFDSCxTQUFnQixXQUFXLENBQU8sSUFBaUIsRUFBRSxLQUFrQjtJQUNyRSxJQUFLLElBQXlCLENBQUMsUUFBUSxFQUFFLFdBQVcsRUFBRSxDQUFDO1FBQ3JELE9BQU8sSUFBd0IsQ0FBQztJQUNsQyxDQUFDO1NBQU0sQ0FBQztRQUNOLE9BQU8sS0FBSyxDQUFDLElBQVMsQ0FBQyxDQUFDO0lBQzFCLENBQUM7QUFDSCxDQUFDO0FBTkQsa0NBTUM7QUFXRDs7R0FFRztBQUNILE1BQWEsa0JBQWtCO0lBUzdCLHdFQUF3RTtJQUN4RSxLQUFLO1FBQ0gsT0FBTyx1QkFBQSxJQUFJLHVDQUFjLENBQUMsRUFBRSxDQUFDO0lBQy9CLENBQUM7SUFFRCxzRUFBc0U7SUFDdEUsV0FBVztRQUNULE9BQU8sdUJBQUEsSUFBSSx1Q0FBYSxLQUFLLFNBQVMsQ0FBQztJQUN6QyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsY0FBYztRQUNaLE9BQVEsdUJBQUEsSUFBSSxnQ0FBMkIsQ0FBQyxRQUFRLEVBQUUsV0FBVyxFQUFFLE9BQU8sSUFBSSxTQUFTLENBQUM7SUFDdEYsQ0FBQztJQUVELDJEQUEyRDtJQUMzRCxJQUFJO1FBQ0YsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLDRDQUE0QyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELE9BQU8sdUJBQUEsSUFBSSxnQ0FBVyxDQUFDO0lBQ3pCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsV0FBVyxDQUFDLE9BQXNCLEVBQUUsSUFBWTtRQUNwRCxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUM7WUFDeEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQzNCLE1BQU0sUUFBUSxHQUFHLHVCQUFBLElBQUksdUNBQWMsQ0FBQyxNQUFNLENBQUM7UUFDM0MsTUFBTSxXQUFXLEdBQUcsTUFBTSxPQUFPLENBQUMsY0FBYyxDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztRQUM5RCxNQUFNLE9BQU8sR0FBRyxXQUFXLENBQUMsT0FBTyxFQUFFLFlBQVksQ0FBQztRQUVsRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFFRCxPQUFPLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLEVBQUUsS0FBSyxFQUFFLFFBQVEsRUFBRSxPQUFPLEVBQUUsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILEtBQUssQ0FBQyxPQUFPLENBQUMsRUFBb0I7UUFDaEMsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDO1lBQ3hCLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztRQUVELE1BQU0sS0FBSyxHQUFHLHVCQUFBLElBQUksdUNBQWMsQ0FBQyxFQUFFLENBQUM7UUFDcEMsTUFBTSxRQUFRLEdBQUcsdUJBQUEsSUFBSSx1Q0FBYyxDQUFDLE1BQU0sQ0FBQztRQUUzQyxNQUFNLFdBQVcsR0FBRyxNQUFNLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDL0MsTUFBTSxPQUFPLEdBQUcsV0FBVyxDQUFDLE9BQU8sRUFBRSxZQUFZLENBQUM7UUFFbEQsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBRUQsT0FBTyxNQUFNLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEtBQUssRUFBRSxRQUFRLEVBQUUsT0FBTyxFQUFFLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsbUJBQW1CLENBQUMsVUFBc0I7UUFDOUMsTUFBTSxPQUFPLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDO1FBQzdELE9BQU8sSUFBSSxrQkFBa0IsQ0FBQyx1QkFBQSxJQUFJLHFDQUFXLEVBQUUsTUFBTSx1QkFBQSxJQUFJLHFDQUFXLE1BQWYsSUFBSSxFQUFZLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDakYsQ0FBQztJQUVELDZFQUE2RTtJQUM3RSw2RUFBNkU7SUFDN0UsNkVBQTZFO0lBRTdFOzs7Ozs7OztPQVFHO0lBQ0gsWUFBWSxTQUF1QixFQUFFLElBQTBCO1FBMUd0RCxnREFBeUI7UUFDekIsMkNBQTRCO1FBQ3JDOzs7V0FHRztRQUNNLGtEQUEyQjtRQXFHbEMsdUJBQUEsSUFBSSxpQ0FBYyxTQUFTLE1BQUEsQ0FBQztRQUM1Qix1QkFBQSxJQUFJLDRCQUFTLElBQUksTUFBQSxDQUFDO1FBQ2xCLHVCQUFBLElBQUksbUNBQWlCLHVCQUFBLElBQUksZ0NBQTJCLENBQUMsUUFBUSxFQUFFLFdBQVcsTUFBQSxDQUFDO0lBQzdFLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUNqQixTQUF1QixFQUN2QixVQUF1QjtRQUV2QixNQUFNLElBQUksR0FBRyxNQUFNLFNBQVMsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFDN0QsT0FBTyxJQUFJLGtCQUFrQixDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsTUFBTSxDQUFDLGFBQWEsQ0FBQyxVQUF1QjtRQUMxQyxPQUFPLFVBQVU7WUFDZixDQUFDLENBQUM7Z0JBQ0UsaUJBQWlCLEVBQUUsVUFBVSxDQUFDLEtBQUs7Z0JBQ25DLHFCQUFxQixFQUFFLFVBQVUsQ0FBQyxRQUFRO2dCQUMxQywyQkFBMkIsRUFBRSxVQUFVLENBQUMsT0FBTzthQUNoRDtZQUNILENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDaEIsQ0FBQztDQUNGO0FBbEpELGdEQWtKQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEN1YmVTaWduZXJDbGllbnQsIFNpZ25lclNlc3Npb24gfSBmcm9tIFwiLlwiO1xuaW1wb3J0IHsgTWZhUmVjZWlwdCB9IGZyb20gXCIuL21mYVwiO1xuaW1wb3J0IHsgQWNjZXB0ZWRSZXNwb25zZSwgTmV3U2Vzc2lvblJlc3BvbnNlIH0gZnJvbSBcIi4vc2NoZW1hX3R5cGVzXCI7XG5cbi8qKlxuICogUmVzcG9uc2UgdHlwZSwgd2hpY2ggY2FuIGJlIGVpdGhlciBhIHZhbHVlIG9mIHR5cGUge0BsaW5rIFV9XG4gKiBvciB7QGxpbmsgQWNjZXB0ZWRSZXNwb25zZX0gKHN0YXR1cyBjb2RlIDIwMikgd2hpY2ggcmVxdWlyZXMgTUZBLlxuICovXG5leHBvcnQgdHlwZSBSZXNwb25zZTxVPiA9IFUgfCBBY2NlcHRlZFJlc3BvbnNlO1xuXG4vKipcbiAqIFJlcXVlc3QgZnVuY3Rpb24gd2hpY2ggb3B0aW9uYWxseSB0YWtlcyBhZGRpdGlvbmFsIGhlYWRlcnNcbiAqICh3aGljaCwgZm9yIGV4YW1wbGUsIGNhbiBiZSB1c2VkIHRvIGF0dGFjaCBhbiBNRkEgcmVjZWlwdCkuXG4gKi9cbmV4cG9ydCB0eXBlIFJlcXVlc3RGbjxVPiA9IChoZWFkZXJzPzogSGVhZGVyc0luaXQpID0+IFByb21pc2U8UmVzcG9uc2U8VT4+O1xuXG4vKipcbiAqIE1hcCBmdW5jdGlvbiBvY2Nhc2lvbmFsbHkgdXNlZCB0byBtYXAgYSByZXNwb25zZSBmcm9tIHRoZSBBUEkgaW50byBhIGhpZ2hlci1sZXZlbCB0eXBlLlxuICovXG5leHBvcnQgdHlwZSBNYXBGbjxVLCBWPiA9ICh1OiBVKSA9PiBWO1xuXG4vKipcbiAqIFRha2UgYSB7QGxpbmsgUmVzcG9uc2U8VT59IGFuZCBhIHtAbGluayBNYXBGbjxVLCBWPn0gZnVuY3Rpb24gYW5kIHJldHVyblxuICogYSB7QGxpbmsgUmVzcG9uc2U8Vj59IHRoYXQgbWFwcyB0aGUgdmFsdWUgb2YgdGhlIG9yaWdpbmFsIHJlc3BvbnNlIHdoZW4gaXRzIHN0YXR1cyBjb2RlIGlzIDIwMC5cbiAqXG4gKiBAcGFyYW0ge1Jlc3BvbnNlPFU+fSByZXNwIE9yaWdpbmFsIHJlc3BvbnNlXG4gKiBAcGFyYW0ge01hcDxVLCBWPn0gbWFwRm4gTWFwIHRvIGFwcGx5IHRvIHRoZSByZXNwb25zZSB2YWx1ZSB3aGVuIGl0cyBzdGF0dXMgY29kZSBpcyAyMDAuXG4gKiBAcmV0dXJuIHtSZXNwb25zZTxWPn0gUmVzcG9uc2Ugd2hvc2UgdmFsdWUgZm9yIHN0YXR1cyBjb2RlIDIwMCBpcyBtYXBwZWQgZnJvbSBVIHRvIFZcbiAqL1xuZXhwb3J0IGZ1bmN0aW9uIG1hcFJlc3BvbnNlPFUsIFY+KHJlc3A6IFJlc3BvbnNlPFU+LCBtYXBGbjogTWFwRm48VSwgVj4pOiBSZXNwb25zZTxWPiB7XG4gIGlmICgocmVzcCBhcyBBY2NlcHRlZFJlc3BvbnNlKS5hY2NlcHRlZD8uTWZhUmVxdWlyZWQpIHtcbiAgICByZXR1cm4gcmVzcCBhcyBBY2NlcHRlZFJlc3BvbnNlO1xuICB9IGVsc2Uge1xuICAgIHJldHVybiBtYXBGbihyZXNwIGFzIFUpO1xuICB9XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgTWZhUmVxdWlyZWQge1xuICAvKiogT3JnIGlkICovXG4gIG9yZ19pZDogc3RyaW5nO1xuICAvKiogTUZBIHJlcXVlc3QgaWQgKi9cbiAgaWQ6IHN0cmluZztcbiAgLyoqIE9wdGlvbmFsIE1GQSBzZXNzaW9uICovXG4gIHNlc3Npb24/OiBOZXdTZXNzaW9uUmVzcG9uc2UgfCBudWxsO1xufVxuXG4vKipcbiAqIEEgcmVzcG9uc2Ugb2YgYSBDdWJlU2lnbmVyIHJlcXVlc3QuXG4gKi9cbmV4cG9ydCBjbGFzcyBDdWJlU2lnbmVyUmVzcG9uc2U8VT4ge1xuICByZWFkb25seSAjcmVxdWVzdEZuOiBSZXF1ZXN0Rm48VT47XG4gIHJlYWRvbmx5ICNyZXNwOiBVIHwgQWNjZXB0ZWRSZXNwb25zZTtcbiAgLyoqXG4gICAqIE9wdGlvbmFsIE1GQSBpZC4gT25seSBzZXQgaWYgdGhlcmUgaXMgYW4gTUZBIHJlcXVlc3QgYXNzb2NpYXRlZCB3aXRoIHRoZVxuICAgKiBzaWduaW5nIHJlcXVlc3RcbiAgICovXG4gIHJlYWRvbmx5ICNtZmFSZXF1aXJlZD86IE1mYVJlcXVpcmVkO1xuXG4gIC8qKiBAcmV0dXJuIHtzdHJpbmd9IFRoZSBNRkEgaWQgYXNzb2NpYXRlZCB3aXRoIHRoaXMgcmVxdWVzdCAoaWYgYW55KSAqL1xuICBtZmFJZCgpOiBzdHJpbmcge1xuICAgIHJldHVybiB0aGlzLiNtZmFSZXF1aXJlZCEuaWQ7XG4gIH1cblxuICAvKiogQHJldHVybiB7Ym9vbGVhbn0gVHJ1ZSBpZiB0aGlzIHJlcXVlc3QgcmVxdWlyZXMgYW4gTUZBIGFwcHJvdmFsICovXG4gIHJlcXVpcmVzTWZhKCk6IGJvb2xlYW4ge1xuICAgIHJldHVybiB0aGlzLiNtZmFSZXF1aXJlZCAhPT0gdW5kZWZpbmVkO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybiBzZXNzaW9uIGluZm9ybWF0aW9uIHRvIHVzZSBmb3IgYW55IE1GQSBhcHByb3ZhbCByZXF1ZXN0cyAoaWYgYW55IHdhcyBpbmNsdWRlZCBpbiB0aGUgcmVzcG9uc2UpLlxuICAgKiBAcmV0dXJuIHtDbGllbnRTZXNzaW9uSW5mbyB8IHVuZGVmaW5lZH1cbiAgICovXG4gIG1mYVNlc3Npb25JbmZvKCk6IE5ld1Nlc3Npb25SZXNwb25zZSB8IHVuZGVmaW5lZCB7XG4gICAgcmV0dXJuICh0aGlzLiNyZXNwIGFzIEFjY2VwdGVkUmVzcG9uc2UpLmFjY2VwdGVkPy5NZmFSZXF1aXJlZD8uc2Vzc2lvbiA/PyB1bmRlZmluZWQ7XG4gIH1cblxuICAvKiogQHJldHVybiB7VX0gVGhlIHJlc3BvbnNlIGRhdGEsIGlmIG5vIE1GQSBpcyByZXF1aXJlZCAqL1xuICBkYXRhKCk6IFUge1xuICAgIGlmICh0aGlzLnJlcXVpcmVzTWZhKCkpIHtcbiAgICAgIHRocm93IG5ldyBFcnJvcihcIkNhbm5vdCBjYWxsIGBkYXRhKClgIHdoaWxlIE1GQSBpcyByZXF1aXJlZFwiKTtcbiAgICB9XG4gICAgcmV0dXJuIHRoaXMuI3Jlc3AgYXMgVTtcbiAgfVxuXG4gIC8qKlxuICAgKiBBcHByb3ZlIHRoZSBNRkEgcmVxdWVzdCB1c2luZyBhIGdpdmVuIHNlc3Npb24gYW5kIGEgVE9UUCBjb2RlLlxuICAgKlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb259IHNlc3Npb24gU2lnbmVyIHNlc3Npb24gdG8gdXNlXG4gICAqIEBwYXJhbSB7c3RyaW5nfSBjb2RlIDYtZGlnaXQgVE9UUCBjb2RlXG4gICAqIEByZXR1cm4ge0N1YmVTaWduZXJSZXNwb25zZTxVPn0gVGhlIHJlc3VsdCBvZiBzaWduaW5nIHdpdGggdGhlIGFwcHJvdmFsXG4gICAqL1xuICBhc3luYyBhcHByb3ZlVG90cChzZXNzaW9uOiBTaWduZXJTZXNzaW9uLCBjb2RlOiBzdHJpbmcpOiBQcm9taXNlPEN1YmVTaWduZXJSZXNwb25zZTxVPj4ge1xuICAgIGlmICghdGhpcy5yZXF1aXJlc01mYSgpKSB7XG4gICAgICByZXR1cm4gdGhpcztcbiAgICB9XG5cbiAgICBjb25zdCBtZmFJZCA9IHRoaXMubWZhSWQoKTtcbiAgICBjb25zdCBtZmFPcmdJZCA9IHRoaXMuI21mYVJlcXVpcmVkIS5vcmdfaWQ7XG4gICAgY29uc3QgbWZhQXBwcm92YWwgPSBhd2FpdCBzZXNzaW9uLm1mYUFwcHJvdmVUb3RwKG1mYUlkLCBjb2RlKTtcbiAgICBjb25zdCBtZmFDb25mID0gbWZhQXBwcm92YWwucmVjZWlwdD8uY29uZmlybWF0aW9uO1xuXG4gICAgaWYgKCFtZmFDb25mKSB7XG4gICAgICByZXR1cm4gdGhpcztcbiAgICB9XG5cbiAgICByZXR1cm4gYXdhaXQgdGhpcy5zaWduV2l0aE1mYUFwcHJvdmFsKHsgbWZhSWQsIG1mYU9yZ0lkLCBtZmFDb25mIH0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEFwcHJvdmUgdGhlIE1GQSByZXF1ZXN0IHVzaW5nIGEgZ2l2ZW4gYEN1YmVTaWduZXJDbGllbnRgIGluc3RhbmNlIChpLmUuLCBpdHMgc2Vzc2lvbikuXG4gICAqXG4gICAqIEBwYXJhbSB7Q3ViZVNpZ25lckNsaWVudH0gY3MgQ3ViZVNpZ25lciB3aG9zZSBzZXNzaW9uIHRvIHVzZVxuICAgKiBAcmV0dXJuIHtDdWJlU2lnbmVyUmVzcG9uc2U8VT59IFRoZSByZXN1bHQgb2Ygc2lnbmluZyB3aXRoIHRoZSBhcHByb3ZhbFxuICAgKi9cbiAgYXN5bmMgYXBwcm92ZShjczogQ3ViZVNpZ25lckNsaWVudCk6IFByb21pc2U8Q3ViZVNpZ25lclJlc3BvbnNlPFU+PiB7XG4gICAgaWYgKCF0aGlzLnJlcXVpcmVzTWZhKCkpIHtcbiAgICAgIHJldHVybiB0aGlzO1xuICAgIH1cblxuICAgIGNvbnN0IG1mYUlkID0gdGhpcy4jbWZhUmVxdWlyZWQhLmlkO1xuICAgIGNvbnN0IG1mYU9yZ0lkID0gdGhpcy4jbWZhUmVxdWlyZWQhLm9yZ19pZDtcblxuICAgIGNvbnN0IG1mYUFwcHJvdmFsID0gYXdhaXQgY3MubWZhQXBwcm92ZShtZmFJZCk7XG4gICAgY29uc3QgbWZhQ29uZiA9IG1mYUFwcHJvdmFsLnJlY2VpcHQ/LmNvbmZpcm1hdGlvbjtcblxuICAgIGlmICghbWZhQ29uZikge1xuICAgICAgcmV0dXJuIHRoaXM7XG4gICAgfVxuXG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuc2lnbldpdGhNZmFBcHByb3ZhbCh7IG1mYUlkLCBtZmFPcmdJZCwgbWZhQ29uZiB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZXN1Ym1pdHMgdGhlIHJlcXVlc3Qgd2l0aCBhIGdpdmVuIE1GQSByZWNlaXB0IGF0dGFjaGVkLlxuICAgKlxuICAgKiBAcGFyYW0ge01mYVJlY2VpcHR9IG1mYVJlY2VpcHQgVGhlIE1GQSByZWNlaXB0XG4gICAqIEByZXR1cm4ge1Byb21pc2U8Q3ViZVNpZ25lclJlc3BvbnNlPFU+Pn0gVGhlIHJlc3VsdCBvZiBzaWduaW5nIGFmdGVyIE1GQSBhcHByb3ZhbFxuICAgKi9cbiAgYXN5bmMgc2lnbldpdGhNZmFBcHByb3ZhbChtZmFSZWNlaXB0OiBNZmFSZWNlaXB0KTogUHJvbWlzZTxDdWJlU2lnbmVyUmVzcG9uc2U8VT4+IHtcbiAgICBjb25zdCBoZWFkZXJzID0gQ3ViZVNpZ25lclJlc3BvbnNlLmdldE1mYUhlYWRlcnMobWZhUmVjZWlwdCk7XG4gICAgcmV0dXJuIG5ldyBDdWJlU2lnbmVyUmVzcG9uc2UodGhpcy4jcmVxdWVzdEZuLCBhd2FpdCB0aGlzLiNyZXF1ZXN0Rm4oaGVhZGVycykpO1xuICB9XG5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0gSU5URVJOQUwgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuICAvKipcbiAgICogQ29uc3RydWN0b3IuXG4gICAqXG4gICAqIEBwYXJhbSB7UmVxdWVzdEZufSByZXF1ZXN0Rm5cbiAgICogICAgVGhlIHNpZ25pbmcgZnVuY3Rpb24gdGhhdCB0aGlzIHJlc3BvbnNlIGlzIGZyb20uXG4gICAqICAgIFRoaXMgYXJndW1lbnQgaXMgdXNlZCB0byByZXNlbmQgcmVxdWVzdHMgd2l0aCBkaWZmZXJlbnQgaGVhZGVycyBpZiBuZWVkZWQuXG4gICAqIEBwYXJhbSB7VSB8IEFjY2VwdGVkUmVzcG9uc2V9IHJlc3AgVGhlIHJlc3BvbnNlIGFzIHJldHVybmVkIGJ5IHRoZSBPcGVuQVBJIGNsaWVudC5cbiAgICogQGludGVybmFsXG4gICAqL1xuICBjb25zdHJ1Y3RvcihyZXF1ZXN0Rm46IFJlcXVlc3RGbjxVPiwgcmVzcDogVSB8IEFjY2VwdGVkUmVzcG9uc2UpIHtcbiAgICB0aGlzLiNyZXF1ZXN0Rm4gPSByZXF1ZXN0Rm47XG4gICAgdGhpcy4jcmVzcCA9IHJlc3A7XG4gICAgdGhpcy4jbWZhUmVxdWlyZWQgPSAodGhpcy4jcmVzcCBhcyBBY2NlcHRlZFJlc3BvbnNlKS5hY2NlcHRlZD8uTWZhUmVxdWlyZWQ7XG4gIH1cblxuICAvKipcbiAgICogU3RhdGljIGNvbnN0cnVjdG9yLlxuICAgKiBAcGFyYW0ge1JlcXVlc3RGbn0gcmVxdWVzdEZuXG4gICAqICAgIFRoZSByZXF1ZXN0IGZ1bmN0aW9uIHRoYXQgdGhpcyByZXNwb25zZSBpcyBmcm9tLlxuICAgKiAgICBUaGlzIGFyZ3VtZW50IGlzIHVzZWQgdG8gcmVzZW5kIHJlcXVlc3RzIHdpdGggZGlmZmVyZW50IGhlYWRlcnMgaWYgbmVlZGVkLlxuICAgKiBAcGFyYW0ge01mYVJlY2VpcHR9IG1mYVJlY2VpcHQgT3B0aW9uYWwgTUZBIHJlY2VpcHRcbiAgICogQHJldHVybiB7UHJvbWlzZTxDdWJlU2lnbmVyUmVzcG9uc2U8VT4+fSBOZXcgaW5zdGFuY2Ugb2YgdGhpcyBjbGFzcy5cbiAgICogQGludGVybmFsXG4gICAqL1xuICBzdGF0aWMgYXN5bmMgY3JlYXRlPFU+KFxuICAgIHJlcXVlc3RGbjogUmVxdWVzdEZuPFU+LFxuICAgIG1mYVJlY2VpcHQ/OiBNZmFSZWNlaXB0LFxuICApOiBQcm9taXNlPEN1YmVTaWduZXJSZXNwb25zZTxVPj4ge1xuICAgIGNvbnN0IHNlZWQgPSBhd2FpdCByZXF1ZXN0Rm4odGhpcy5nZXRNZmFIZWFkZXJzKG1mYVJlY2VpcHQpKTtcbiAgICByZXR1cm4gbmV3IEN1YmVTaWduZXJSZXNwb25zZShyZXF1ZXN0Rm4sIHNlZWQpO1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybiBIVFRQIGhlYWRlcnMgY29udGFpbmluZyBhIGdpdmVuIE1GQSByZWNlaXB0LlxuICAgKlxuICAgKiBAcGFyYW0ge01mYVJlY2VpcHR9IG1mYVJlY2VpcHQgTUZBIHJlY2VpcHRcbiAgICogQHJldHVybiB7SGVhZGVyc0luaXR9IEhlYWRlcnMgaW5jbHVkaW5nIHRoYXQgcmVjZWlwdFxuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIHN0YXRpYyBnZXRNZmFIZWFkZXJzKG1mYVJlY2VpcHQ/OiBNZmFSZWNlaXB0KTogSGVhZGVyc0luaXQgfCB1bmRlZmluZWQge1xuICAgIHJldHVybiBtZmFSZWNlaXB0XG4gICAgICA/IHtcbiAgICAgICAgICBcIngtY3ViaXN0LW1mYS1pZFwiOiBtZmFSZWNlaXB0Lm1mYUlkLFxuICAgICAgICAgIFwieC1jdWJpc3QtbWZhLW9yZy1pZFwiOiBtZmFSZWNlaXB0Lm1mYU9yZ0lkLFxuICAgICAgICAgIFwieC1jdWJpc3QtbWZhLWNvbmZpcm1hdGlvblwiOiBtZmFSZWNlaXB0Lm1mYUNvbmYsXG4gICAgICAgIH1cbiAgICAgIDogdW5kZWZpbmVkO1xuICB9XG59XG4iXX0=
|
package/dist/src/role.d.ts
CHANGED
|
@@ -1,17 +1,17 @@
|
|
|
1
|
-
import {
|
|
2
|
-
import {
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
1
|
+
import { Key, KeyWithPoliciesInfo, MfaType, PageOpts, RoleInfo, SignerSession, SignerSessionInfo, SignerSessionLifetime, SignerSessionStorage } from ".";
|
|
2
|
+
import { CubeSignerClient } from "./client";
|
|
3
|
+
/**
|
|
4
|
+
* Restrict transaction receiver.
|
|
5
|
+
*
|
|
6
6
|
* @example { TxReceiver: "0x8c594691c0e592ffa21f153a16ae41db5befcaaa" }
|
|
7
|
-
|
|
7
|
+
*/
|
|
8
8
|
export type TxReceiver = {
|
|
9
9
|
TxReceiver: string;
|
|
10
10
|
};
|
|
11
11
|
/** The kind of deposit contracts. */
|
|
12
12
|
export declare enum DepositContract {
|
|
13
13
|
/** Canonical deposit contract */
|
|
14
|
-
Canonical = 0
|
|
14
|
+
Canonical = 0,// eslint-disable-line no-unused-vars
|
|
15
15
|
/** Wrapper deposit contract */
|
|
16
16
|
Wrapper = 1
|
|
17
17
|
}
|
|
@@ -23,18 +23,22 @@ export type TxDepositBase = {
|
|
|
23
23
|
kind: DepositContract;
|
|
24
24
|
};
|
|
25
25
|
};
|
|
26
|
-
/**
|
|
27
|
-
*
|
|
28
|
-
*
|
|
26
|
+
/**
|
|
27
|
+
* Restrict transactions to calls to deposit contract with fixed validator (pubkey):
|
|
28
|
+
*
|
|
29
|
+
* @example { TxDeposit: { kind: DespositContract.Canonical, validator: { pubkey: "8879...8"} }}
|
|
30
|
+
*/
|
|
29
31
|
export type TxDepositPubkey = {
|
|
30
32
|
TxDeposit: {
|
|
31
33
|
kind: DepositContract;
|
|
32
34
|
pubkey: string;
|
|
33
35
|
};
|
|
34
36
|
};
|
|
35
|
-
/**
|
|
37
|
+
/**
|
|
38
|
+
* Restrict transactions to calls to deposit contract with any validator key in a role:
|
|
39
|
+
*
|
|
36
40
|
* @example { TxDeposit: { kind: DespositContract.Canonical, validator: { role_id: "Role#c63...af"} }}
|
|
37
|
-
|
|
41
|
+
*/
|
|
38
42
|
export type TxDepositRole = {
|
|
39
43
|
TxDeposit: {
|
|
40
44
|
kind: DepositContract;
|
|
@@ -43,14 +47,16 @@ export type TxDepositRole = {
|
|
|
43
47
|
};
|
|
44
48
|
/** All different kinds of sensitive operations. */
|
|
45
49
|
export declare enum OperationKind {
|
|
46
|
-
BlobSign = "BlobSign"
|
|
47
|
-
EvmSign = "Eth1Sign"
|
|
48
|
-
Eth2Sign = "Eth2Sign"
|
|
49
|
-
Eth2Stake = "Eth2Stake"
|
|
50
|
-
Eth2Unstake = "Eth2Unstake"
|
|
50
|
+
BlobSign = "BlobSign",// eslint-disable-line no-unused-vars
|
|
51
|
+
EvmSign = "Eth1Sign",// eslint-disable-line no-unused-vars
|
|
52
|
+
Eth2Sign = "Eth2Sign",// eslint-disable-line no-unused-vars
|
|
53
|
+
Eth2Stake = "Eth2Stake",// eslint-disable-line no-unused-vars
|
|
54
|
+
Eth2Unstake = "Eth2Unstake",// eslint-disable-line no-unused-vars
|
|
51
55
|
SolanaSign = "SolanaSign"
|
|
52
56
|
}
|
|
53
|
-
/**
|
|
57
|
+
/**
|
|
58
|
+
* MFA policy
|
|
59
|
+
*
|
|
54
60
|
* @example {
|
|
55
61
|
* {
|
|
56
62
|
* count: 1,
|
|
@@ -58,7 +64,7 @@ export declare enum OperationKind {
|
|
|
58
64
|
* allowed_mfa_types: [ "Totp" ],
|
|
59
65
|
* allowed_approvers: [ "User#123" ],
|
|
60
66
|
* }
|
|
61
|
-
|
|
67
|
+
*/
|
|
62
68
|
export type MfaPolicy = {
|
|
63
69
|
count?: number;
|
|
64
70
|
num_auth_factors?: number;
|
|
@@ -66,7 +72,9 @@ export type MfaPolicy = {
|
|
|
66
72
|
allowed_mfa_types?: MfaType[];
|
|
67
73
|
restricted_operations?: OperationKind[];
|
|
68
74
|
};
|
|
69
|
-
/**
|
|
75
|
+
/**
|
|
76
|
+
* Require MFA for transactions.
|
|
77
|
+
*
|
|
70
78
|
* @example {
|
|
71
79
|
* RequireMfa: {
|
|
72
80
|
* count: 1,
|
|
@@ -78,14 +86,16 @@ export type MfaPolicy = {
|
|
|
78
86
|
* ]
|
|
79
87
|
* }
|
|
80
88
|
* }
|
|
81
|
-
|
|
89
|
+
*/
|
|
82
90
|
export type RequireMfa = {
|
|
83
91
|
RequireMfa: MfaPolicy;
|
|
84
92
|
};
|
|
85
93
|
/** Allow raw blob signing */
|
|
86
94
|
export declare const AllowRawBlobSigning: "AllowRawBlobSigning";
|
|
87
95
|
export type AllowRawBlobSigning = typeof AllowRawBlobSigning;
|
|
88
|
-
/**
|
|
96
|
+
/**
|
|
97
|
+
* Key policy
|
|
98
|
+
*
|
|
89
99
|
* @example [
|
|
90
100
|
* {
|
|
91
101
|
* "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
|
|
@@ -106,7 +116,7 @@ export type AllowRawBlobSigning = typeof AllowRawBlobSigning;
|
|
|
106
116
|
* }
|
|
107
117
|
* }
|
|
108
118
|
* ]
|
|
109
|
-
|
|
119
|
+
*/
|
|
110
120
|
export type KeyPolicy = (TxReceiver | TxDeposit | RequireMfa | AllowRawBlobSigning)[];
|
|
111
121
|
/** A key guarded by a policy. */
|
|
112
122
|
export declare class KeyWithPolicies {
|
|
@@ -115,13 +125,13 @@ export declare class KeyWithPolicies {
|
|
|
115
125
|
readonly policy?: KeyPolicy;
|
|
116
126
|
/** @return {Promise<Key>} The key */
|
|
117
127
|
getKey(): Promise<Key>;
|
|
118
|
-
/**
|
|
119
|
-
*
|
|
120
|
-
* @param {
|
|
128
|
+
/**
|
|
129
|
+
* Constructor.
|
|
130
|
+
* @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
|
|
121
131
|
* @param {KeyWithPoliciesInfo} keyWithPolicies The key and its policies
|
|
122
132
|
* @internal
|
|
123
|
-
|
|
124
|
-
constructor(
|
|
133
|
+
*/
|
|
134
|
+
constructor(csc: CubeSignerClient, keyWithPolicies: KeyWithPoliciesInfo);
|
|
125
135
|
}
|
|
126
136
|
/** Roles. */
|
|
127
137
|
export declare class Role {
|
|
@@ -131,7 +141,7 @@ export declare class Role {
|
|
|
131
141
|
/**
|
|
132
142
|
* The ID of the role.
|
|
133
143
|
* @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
|
|
134
|
-
|
|
144
|
+
*/
|
|
135
145
|
readonly id: string;
|
|
136
146
|
/** Delete the role. */
|
|
137
147
|
delete(): Promise<void>;
|
|
@@ -141,96 +151,90 @@ export declare class Role {
|
|
|
141
151
|
enable(): Promise<void>;
|
|
142
152
|
/** Disable the role. */
|
|
143
153
|
disable(): Promise<void>;
|
|
144
|
-
/**
|
|
154
|
+
/**
|
|
155
|
+
* The list of all users with access to the role.
|
|
145
156
|
* @example [
|
|
146
157
|
* "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
|
|
147
158
|
* "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
|
|
148
159
|
* ]
|
|
149
|
-
*
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
|
|
160
|
+
*
|
|
161
|
+
* @param {PageOpts} page Optional pagination options; by default, retrieves all users.
|
|
162
|
+
*/
|
|
163
|
+
users(page?: PageOpts): Promise<string[]>;
|
|
164
|
+
/**
|
|
165
|
+
* Add an existing user to an existing role.
|
|
166
|
+
*
|
|
153
167
|
* @param {string} userId The user-id of the user to add to the role.
|
|
154
|
-
|
|
168
|
+
*/
|
|
155
169
|
addUser(userId: string): Promise<void>;
|
|
156
|
-
/**
|
|
170
|
+
/**
|
|
171
|
+
* The list of keys in the role.
|
|
157
172
|
* @example [
|
|
158
173
|
* {
|
|
159
174
|
* id: "Key#bfe3eccb-731e-430d-b1e5-ac1363e6b06b",
|
|
160
175
|
* policy: { TxReceiver: "0x8c594691c0e592ffa21f153a16ae41db5befcaaa" }
|
|
161
176
|
* },
|
|
162
177
|
* ]
|
|
163
|
-
*
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
178
|
+
*
|
|
179
|
+
* @param {PageOpts} page Optional pagination options; by default, retrieves all keys in this role.
|
|
180
|
+
*/
|
|
181
|
+
keys(page?: PageOpts): Promise<KeyWithPolicies[]>;
|
|
182
|
+
/**
|
|
183
|
+
* Add a list of existing keys to an existing role.
|
|
184
|
+
*
|
|
167
185
|
* @param {Key[]} keys The list of keys to add to the role.
|
|
168
186
|
* @param {KeyPolicy?} policy The optional policy to apply to each key.
|
|
169
|
-
|
|
187
|
+
*/
|
|
170
188
|
addKeys(keys: Key[], policy?: KeyPolicy): Promise<void>;
|
|
171
|
-
/**
|
|
172
|
-
*
|
|
189
|
+
/**
|
|
190
|
+
* Add an existing key to an existing role.
|
|
191
|
+
*
|
|
173
192
|
* @param {Key} key The key to add to the role.
|
|
174
193
|
* @param {KeyPolicy?} policy The optional policy to apply to the key.
|
|
175
|
-
|
|
194
|
+
*/
|
|
176
195
|
addKey(key: Key, policy?: KeyPolicy): Promise<void>;
|
|
177
|
-
/**
|
|
178
|
-
*
|
|
196
|
+
/**
|
|
197
|
+
* Remove an existing key from an existing role.
|
|
198
|
+
*
|
|
179
199
|
* @param {Key} key The key to remove from the role.
|
|
180
|
-
|
|
200
|
+
*/
|
|
181
201
|
removeKey(key: Key): Promise<void>;
|
|
182
202
|
/**
|
|
183
203
|
* Create a new session for this role.
|
|
184
204
|
* @param {SignerSessionStorage} storage The session storage to use
|
|
185
205
|
* @param {string} purpose Descriptive purpose.
|
|
186
|
-
* @param {SignerSessionLifetime}
|
|
206
|
+
* @param {SignerSessionLifetime} lifetimes Optional session lifetimes.
|
|
207
|
+
* @param {string[]} scopes Session scopes. Only `sign:*` scopes are allowed.
|
|
187
208
|
* @return {Promise<SignerSession>} New signer session.
|
|
188
209
|
*/
|
|
189
|
-
createSession(storage: SignerSessionStorage, purpose: string,
|
|
210
|
+
createSession(storage: SignerSessionStorage, purpose: string, lifetimes?: SignerSessionLifetime, scopes?: string[]): Promise<SignerSession>;
|
|
190
211
|
/**
|
|
191
212
|
* List all signer sessions for this role. Returned objects can be used to
|
|
192
213
|
* revoke individual sessions, but they cannot be used for authentication.
|
|
214
|
+
*
|
|
215
|
+
* @param {PageOpts} page Optional pagination options; by default, retrieves all sessions.
|
|
193
216
|
* @return {Promise<SignerSessionInfo[]>} Signer sessions for this role.
|
|
194
217
|
*/
|
|
195
|
-
sessions(): Promise<SignerSessionInfo[]>;
|
|
196
|
-
/**
|
|
197
|
-
*
|
|
198
|
-
* @param {
|
|
218
|
+
sessions(page?: PageOpts): Promise<SignerSessionInfo[]>;
|
|
219
|
+
/**
|
|
220
|
+
* Constructor.
|
|
221
|
+
* @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
|
|
199
222
|
* @param {RoleInfo} data The JSON response from the API server.
|
|
200
223
|
* @internal
|
|
201
|
-
|
|
202
|
-
constructor(
|
|
203
|
-
/**
|
|
224
|
+
*/
|
|
225
|
+
constructor(csc: CubeSignerClient, data: RoleInfo);
|
|
226
|
+
/**
|
|
227
|
+
* Update the role.
|
|
228
|
+
*
|
|
204
229
|
* @param {UpdateRoleRequest} request The JSON request to send to the API server.
|
|
205
|
-
*
|
|
230
|
+
* @return {Promise<RoleInfo>} The updated role information.
|
|
231
|
+
*/
|
|
206
232
|
private update;
|
|
207
|
-
/**
|
|
208
|
-
*
|
|
209
|
-
*
|
|
210
|
-
* @param {string?} name The optional name of the role.
|
|
211
|
-
* @return {Role} The new role.
|
|
212
|
-
* @internal
|
|
213
|
-
* */
|
|
214
|
-
static createRole(cs: CubeSigner, orgId: string, name?: string): Promise<Role>;
|
|
215
|
-
/** Get a role by id.
|
|
216
|
-
* @param {CubeSigner} cs The CubeSigner instance to use for signing.
|
|
217
|
-
* @param {string} orgId The id of the organization to which the role belongs.
|
|
218
|
-
* @param {string} roleId The id of the role to get.
|
|
219
|
-
* @return {Role} The role.
|
|
220
|
-
* @internal
|
|
221
|
-
* */
|
|
222
|
-
static getRole(cs: CubeSigner, orgId: string, roleId: string): Promise<Role>;
|
|
223
|
-
/** Fetches the role information.
|
|
233
|
+
/**
|
|
234
|
+
* Fetches the role information.
|
|
235
|
+
*
|
|
224
236
|
* @return {RoleInfo} The role information.
|
|
225
237
|
* @internal
|
|
226
|
-
|
|
238
|
+
*/
|
|
227
239
|
private fetch;
|
|
228
|
-
/** Delete role.
|
|
229
|
-
* @param {CubeSigner} cs The CubeSigner instance to use for signing.
|
|
230
|
-
* @param {string} orgId The id of the organization to which the role belongs.
|
|
231
|
-
* @param {string} roleId The id of the role to delete.
|
|
232
|
-
* @internal
|
|
233
|
-
* */
|
|
234
|
-
private static deleteRole;
|
|
235
240
|
}
|
|
236
|
-
export {};
|