@enbox/dwn-server 0.0.3 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +3 -2
- package/README.md +112 -212
- package/dist/esm/src/admin/activity-log.d.ts +44 -0
- package/dist/esm/src/admin/activity-log.d.ts.map +1 -0
- package/dist/esm/src/admin/activity-log.js +85 -0
- package/dist/esm/src/admin/activity-log.js.map +1 -0
- package/dist/esm/src/admin/admin-api.d.ts +61 -0
- package/dist/esm/src/admin/admin-api.d.ts.map +1 -0
- package/dist/esm/src/admin/admin-api.js +1047 -0
- package/dist/esm/src/admin/admin-api.js.map +1 -0
- package/dist/esm/src/admin/admin-auth.d.ts +9 -0
- package/dist/esm/src/admin/admin-auth.d.ts.map +1 -0
- package/dist/esm/src/admin/admin-auth.js +45 -0
- package/dist/esm/src/admin/admin-auth.js.map +1 -0
- package/dist/esm/src/admin/admin-store.d.ts +111 -0
- package/dist/esm/src/admin/admin-store.d.ts.map +1 -0
- package/dist/esm/src/admin/admin-store.js +376 -0
- package/dist/esm/src/admin/admin-store.js.map +1 -0
- package/dist/esm/src/admin/audit-log.d.ts +94 -0
- package/dist/esm/src/admin/audit-log.d.ts.map +1 -0
- package/dist/esm/src/admin/audit-log.js +220 -0
- package/dist/esm/src/admin/audit-log.js.map +1 -0
- package/dist/esm/src/admin/index.d.ts +10 -0
- package/dist/esm/src/admin/index.d.ts.map +1 -0
- package/dist/esm/src/admin/index.js +7 -0
- package/dist/esm/src/admin/index.js.map +1 -0
- package/dist/esm/src/admin/types.d.ts +306 -0
- package/dist/esm/src/admin/types.d.ts.map +1 -0
- package/dist/esm/src/admin/types.js +2 -0
- package/dist/esm/src/admin/types.js.map +1 -0
- package/dist/esm/src/admin/webhook-manager.d.ts +55 -0
- package/dist/esm/src/admin/webhook-manager.d.ts.map +1 -0
- package/dist/esm/src/admin/webhook-manager.js +184 -0
- package/dist/esm/src/admin/webhook-manager.js.map +1 -0
- package/dist/esm/src/config.d.ts +122 -3
- package/dist/esm/src/config.d.ts.map +1 -1
- package/dist/esm/src/config.js +151 -5
- package/dist/esm/src/config.js.map +1 -1
- package/dist/esm/src/connection/connection-manager.d.ts +24 -1
- package/dist/esm/src/connection/connection-manager.d.ts.map +1 -1
- package/dist/esm/src/connection/connection-manager.js +33 -2
- package/dist/esm/src/connection/connection-manager.js.map +1 -1
- package/dist/esm/src/connection/flow-controller.d.ts +53 -0
- package/dist/esm/src/connection/flow-controller.d.ts.map +1 -0
- package/dist/esm/src/connection/flow-controller.js +101 -0
- package/dist/esm/src/connection/flow-controller.js.map +1 -0
- package/dist/esm/src/connection/socket-connection.d.ts +39 -4
- package/dist/esm/src/connection/socket-connection.d.ts.map +1 -1
- package/dist/esm/src/connection/socket-connection.js +80 -9
- package/dist/esm/src/connection/socket-connection.js.map +1 -1
- package/dist/esm/src/delivery-service.d.ts +43 -0
- package/dist/esm/src/delivery-service.d.ts.map +1 -0
- package/dist/esm/src/delivery-service.js +574 -0
- package/dist/esm/src/delivery-service.js.map +1 -0
- package/dist/esm/src/dwn-error.d.ts +10 -1
- package/dist/esm/src/dwn-error.d.ts.map +1 -1
- package/dist/esm/src/dwn-error.js +9 -0
- package/dist/esm/src/dwn-error.js.map +1 -1
- package/dist/esm/src/dwn-server.d.ts +8 -0
- package/dist/esm/src/dwn-server.d.ts.map +1 -1
- package/dist/esm/src/dwn-server.js +198 -12
- package/dist/esm/src/dwn-server.js.map +1 -1
- package/dist/esm/src/http-api.d.ts +19 -2
- package/dist/esm/src/http-api.d.ts.map +1 -1
- package/dist/esm/src/http-api.js +219 -19
- package/dist/esm/src/http-api.js.map +1 -1
- package/dist/esm/src/index.d.ts +6 -2
- package/dist/esm/src/index.d.ts.map +1 -1
- package/dist/esm/src/index.js +4 -1
- package/dist/esm/src/index.js.map +1 -1
- package/dist/esm/src/json-rpc-api.js +2 -1
- package/dist/esm/src/json-rpc-api.js.map +1 -1
- package/dist/esm/src/json-rpc-handlers/dwn/process-message.d.ts.map +1 -1
- package/dist/esm/src/json-rpc-handlers/dwn/process-message.js +106 -4
- package/dist/esm/src/json-rpc-handlers/dwn/process-message.js.map +1 -1
- package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts +20 -0
- package/dist/esm/src/json-rpc-handlers/subscription/ack.d.ts.map +1 -0
- package/dist/esm/src/json-rpc-handlers/subscription/ack.js +41 -0
- package/dist/esm/src/json-rpc-handlers/subscription/ack.js.map +1 -0
- package/dist/esm/src/json-rpc-handlers/subscription/close.d.ts.map +1 -1
- package/dist/esm/src/json-rpc-handlers/subscription/close.js +1 -1
- package/dist/esm/src/json-rpc-handlers/subscription/close.js.map +1 -1
- package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts +1 -0
- package/dist/esm/src/json-rpc-handlers/subscription/index.d.ts.map +1 -1
- package/dist/esm/src/json-rpc-handlers/subscription/index.js +1 -0
- package/dist/esm/src/json-rpc-handlers/subscription/index.js.map +1 -1
- package/dist/esm/src/lib/json-rpc-router.d.ts +22 -4
- package/dist/esm/src/lib/json-rpc-router.d.ts.map +1 -1
- package/dist/esm/src/lib/json-rpc-router.js.map +1 -1
- package/dist/esm/src/lib/sql-utils.d.ts +6 -0
- package/dist/esm/src/lib/sql-utils.d.ts.map +1 -0
- package/dist/esm/src/lib/sql-utils.js +8 -0
- package/dist/esm/src/lib/sql-utils.js.map +1 -0
- package/dist/esm/src/main.js +0 -6
- package/dist/esm/src/main.js.map +1 -1
- package/dist/esm/src/message-processed-hook.d.ts +35 -0
- package/dist/esm/src/message-processed-hook.d.ts.map +1 -0
- package/dist/esm/src/message-processed-hook.js +2 -0
- package/dist/esm/src/message-processed-hook.js.map +1 -0
- package/dist/esm/src/metrics.d.ts +13 -1
- package/dist/esm/src/metrics.d.ts.map +1 -1
- package/dist/esm/src/metrics.js +41 -1
- package/dist/esm/src/metrics.js.map +1 -1
- package/dist/esm/src/plugins/event-log-nats.d.ts +25 -0
- package/dist/esm/src/plugins/event-log-nats.d.ts.map +1 -0
- package/dist/esm/src/plugins/event-log-nats.js +379 -0
- package/dist/esm/src/plugins/event-log-nats.js.map +1 -0
- package/dist/esm/src/rate-limiter.d.ts +60 -0
- package/dist/esm/src/rate-limiter.d.ts.map +1 -0
- package/dist/esm/src/rate-limiter.js +116 -0
- package/dist/esm/src/rate-limiter.js.map +1 -0
- package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts +53 -0
- package/dist/esm/src/registration/jwt-provider-auth-plugin.d.ts.map +1 -0
- package/dist/esm/src/registration/jwt-provider-auth-plugin.js +90 -0
- package/dist/esm/src/registration/jwt-provider-auth-plugin.js.map +1 -0
- package/dist/esm/src/registration/open-auth-handler.d.ts +37 -0
- package/dist/esm/src/registration/open-auth-handler.d.ts.map +1 -0
- package/dist/esm/src/registration/open-auth-handler.js +214 -0
- package/dist/esm/src/registration/open-auth-handler.js.map +1 -0
- package/dist/esm/src/registration/proof-of-work-manager.d.ts +1 -1
- package/dist/esm/src/registration/proof-of-work-manager.d.ts.map +1 -1
- package/dist/esm/src/registration/provider-auth-plugin.d.ts +46 -0
- package/dist/esm/src/registration/provider-auth-plugin.d.ts.map +1 -0
- package/dist/esm/src/registration/provider-auth-plugin.js +29 -0
- package/dist/esm/src/registration/provider-auth-plugin.js.map +1 -0
- package/dist/esm/src/registration/registration-manager.d.ts +27 -4
- package/dist/esm/src/registration/registration-manager.d.ts.map +1 -1
- package/dist/esm/src/registration/registration-manager.js +77 -6
- package/dist/esm/src/registration/registration-manager.js.map +1 -1
- package/dist/esm/src/registration/registration-store.d.ts +83 -3
- package/dist/esm/src/registration/registration-store.d.ts.map +1 -1
- package/dist/esm/src/registration/registration-store.js +248 -11
- package/dist/esm/src/registration/registration-store.js.map +1 -1
- package/dist/esm/src/storage.d.ts +4 -4
- package/dist/esm/src/storage.d.ts.map +1 -1
- package/dist/esm/src/storage.js +100 -20
- package/dist/esm/src/storage.js.map +1 -1
- package/dist/esm/src/web5-connect/sql-ttl-cache.d.ts.map +1 -1
- package/dist/esm/src/web5-connect/sql-ttl-cache.js +8 -1
- package/dist/esm/src/web5-connect/sql-ttl-cache.js.map +1 -1
- package/dist/esm/src/ws-api.d.ts +17 -1
- package/dist/esm/src/ws-api.d.ts.map +1 -1
- package/dist/esm/src/ws-api.js +9 -2
- package/dist/esm/src/ws-api.js.map +1 -1
- package/package.json +18 -16
- package/src/admin/activity-log.ts +100 -0
- package/src/admin/admin-api.ts +1308 -0
- package/src/admin/admin-auth.ts +56 -0
- package/src/admin/admin-store.ts +515 -0
- package/src/admin/audit-log.ts +327 -0
- package/src/admin/index.ts +34 -0
- package/src/admin/types.ts +352 -0
- package/src/admin/webhook-manager.ts +245 -0
- package/src/config.ts +177 -5
- package/src/connection/connection-manager.ts +50 -6
- package/src/connection/flow-controller.ts +117 -0
- package/src/connection/socket-connection.ts +103 -21
- package/src/delivery-service.ts +740 -0
- package/src/dwn-error.ts +9 -0
- package/src/dwn-server.ts +242 -14
- package/src/http-api.ts +271 -30
- package/src/index.ts +13 -2
- package/src/json-rpc-api.ts +2 -1
- package/src/json-rpc-handlers/dwn/process-message.ts +140 -5
- package/src/json-rpc-handlers/subscription/ack.ts +63 -0
- package/src/json-rpc-handlers/subscription/close.ts +2 -6
- package/src/json-rpc-handlers/subscription/index.ts +1 -0
- package/src/lib/json-rpc-router.ts +22 -6
- package/src/lib/sql-utils.ts +7 -0
- package/src/main.ts +0 -8
- package/src/message-processed-hook.ts +33 -0
- package/src/metrics.ts +50 -1
- package/src/plugins/event-log-nats.ts +466 -0
- package/src/rate-limiter.ts +143 -0
- package/src/registration/jwt-provider-auth-plugin.ts +119 -0
- package/src/registration/open-auth-handler.ts +263 -0
- package/src/registration/proof-of-work-manager.ts +1 -1
- package/src/registration/provider-auth-plugin.ts +84 -0
- package/src/registration/registration-manager.ts +108 -12
- package/src/registration/registration-store.ts +326 -17
- package/src/storage.ts +121 -27
- package/src/web5-connect/sql-ttl-cache.ts +7 -1
- package/src/ws-api.ts +30 -2
- package/dist/esm/src/json-rpc-socket.d.ts +0 -39
- package/dist/esm/src/json-rpc-socket.d.ts.map +0 -1
- package/dist/esm/src/json-rpc-socket.js +0 -125
- package/dist/esm/src/json-rpc-socket.js.map +0 -1
- package/dist/esm/src/lib/json-rpc.d.ts +0 -54
- package/dist/esm/src/lib/json-rpc.d.ts.map +0 -1
- package/dist/esm/src/lib/json-rpc.js +0 -60
- package/dist/esm/src/lib/json-rpc.js.map +0 -1
- package/dist/esm/src/registration/proof-of-work-types.d.ts +0 -8
- package/dist/esm/src/registration/proof-of-work-types.d.ts.map +0 -1
- package/dist/esm/src/registration/proof-of-work-types.js +0 -2
- package/dist/esm/src/registration/proof-of-work-types.js.map +0 -1
- package/dist/esm/src/registration/registration-types.d.ts +0 -18
- package/dist/esm/src/registration/registration-types.d.ts.map +0 -1
- package/dist/esm/src/registration/registration-types.js +0 -2
- package/dist/esm/src/registration/registration-types.js.map +0 -1
- package/dist/esm/tests/common-scenario-validator.d.ts +0 -11
- package/dist/esm/tests/common-scenario-validator.d.ts.map +0 -1
- package/dist/esm/tests/common-scenario-validator.js +0 -113
- package/dist/esm/tests/common-scenario-validator.js.map +0 -1
- package/dist/esm/tests/connection/connection-manager.spec.d.ts +0 -2
- package/dist/esm/tests/connection/connection-manager.spec.d.ts.map +0 -1
- package/dist/esm/tests/connection/connection-manager.spec.js +0 -49
- package/dist/esm/tests/connection/connection-manager.spec.js.map +0 -1
- package/dist/esm/tests/connection/socket-connection.spec.d.ts +0 -2
- package/dist/esm/tests/connection/socket-connection.spec.d.ts.map +0 -1
- package/dist/esm/tests/connection/socket-connection.spec.js +0 -147
- package/dist/esm/tests/connection/socket-connection.spec.js.map +0 -1
- package/dist/esm/tests/cors/http-api.browser.d.ts +0 -2
- package/dist/esm/tests/cors/http-api.browser.d.ts.map +0 -1
- package/dist/esm/tests/cors/http-api.browser.js +0 -60
- package/dist/esm/tests/cors/http-api.browser.js.map +0 -1
- package/dist/esm/tests/cors/ping.browser.d.ts +0 -2
- package/dist/esm/tests/cors/ping.browser.d.ts.map +0 -1
- package/dist/esm/tests/cors/ping.browser.js +0 -7
- package/dist/esm/tests/cors/ping.browser.js.map +0 -1
- package/dist/esm/tests/dwn-process-message.spec.d.ts +0 -2
- package/dist/esm/tests/dwn-process-message.spec.d.ts.map +0 -1
- package/dist/esm/tests/dwn-process-message.spec.js +0 -172
- package/dist/esm/tests/dwn-process-message.spec.js.map +0 -1
- package/dist/esm/tests/dwn-server.spec.d.ts +0 -2
- package/dist/esm/tests/dwn-server.spec.d.ts.map +0 -1
- package/dist/esm/tests/dwn-server.spec.js +0 -48
- package/dist/esm/tests/dwn-server.spec.js.map +0 -1
- package/dist/esm/tests/http-api.spec.d.ts +0 -2
- package/dist/esm/tests/http-api.spec.d.ts.map +0 -1
- package/dist/esm/tests/http-api.spec.js +0 -782
- package/dist/esm/tests/http-api.spec.js.map +0 -1
- package/dist/esm/tests/json-rpc-socket.spec.d.ts +0 -2
- package/dist/esm/tests/json-rpc-socket.spec.d.ts.map +0 -1
- package/dist/esm/tests/json-rpc-socket.spec.js +0 -227
- package/dist/esm/tests/json-rpc-socket.spec.js.map +0 -1
- package/dist/esm/tests/plugins/data-store-sqlite.d.ts +0 -17
- package/dist/esm/tests/plugins/data-store-sqlite.d.ts.map +0 -1
- package/dist/esm/tests/plugins/data-store-sqlite.js +0 -23
- package/dist/esm/tests/plugins/data-store-sqlite.js.map +0 -1
- package/dist/esm/tests/plugins/event-log-sqlite.d.ts +0 -17
- package/dist/esm/tests/plugins/event-log-sqlite.d.ts.map +0 -1
- package/dist/esm/tests/plugins/event-log-sqlite.js +0 -23
- package/dist/esm/tests/plugins/event-log-sqlite.js.map +0 -1
- package/dist/esm/tests/plugins/event-stream-in-memory.d.ts +0 -17
- package/dist/esm/tests/plugins/event-stream-in-memory.d.ts.map +0 -1
- package/dist/esm/tests/plugins/event-stream-in-memory.js +0 -21
- package/dist/esm/tests/plugins/event-stream-in-memory.js.map +0 -1
- package/dist/esm/tests/plugins/message-store-sqlite.d.ts +0 -17
- package/dist/esm/tests/plugins/message-store-sqlite.d.ts.map +0 -1
- package/dist/esm/tests/plugins/message-store-sqlite.js +0 -23
- package/dist/esm/tests/plugins/message-store-sqlite.js.map +0 -1
- package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts +0 -17
- package/dist/esm/tests/plugins/resumable-task-store-sqlite.d.ts.map +0 -1
- package/dist/esm/tests/plugins/resumable-task-store-sqlite.js +0 -23
- package/dist/esm/tests/plugins/resumable-task-store-sqlite.js.map +0 -1
- package/dist/esm/tests/process-handler.spec.d.ts +0 -2
- package/dist/esm/tests/process-handler.spec.d.ts.map +0 -1
- package/dist/esm/tests/process-handler.spec.js +0 -60
- package/dist/esm/tests/process-handler.spec.js.map +0 -1
- package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts +0 -2
- package/dist/esm/tests/registration/proof-of-work-manager.spec.d.ts.map +0 -1
- package/dist/esm/tests/registration/proof-of-work-manager.spec.js +0 -156
- package/dist/esm/tests/registration/proof-of-work-manager.spec.js.map +0 -1
- package/dist/esm/tests/rpc-subscribe-close.spec.d.ts +0 -2
- package/dist/esm/tests/rpc-subscribe-close.spec.d.ts.map +0 -1
- package/dist/esm/tests/rpc-subscribe-close.spec.js +0 -81
- package/dist/esm/tests/rpc-subscribe-close.spec.js.map +0 -1
- package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts +0 -2
- package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.d.ts.map +0 -1
- package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js +0 -74
- package/dist/esm/tests/scenarios/dynamic-plugin-loading.spec.js.map +0 -1
- package/dist/esm/tests/scenarios/registration.spec.d.ts +0 -2
- package/dist/esm/tests/scenarios/registration.spec.d.ts.map +0 -1
- package/dist/esm/tests/scenarios/registration.spec.js +0 -511
- package/dist/esm/tests/scenarios/registration.spec.js.map +0 -1
- package/dist/esm/tests/scenarios/web5-connect.spec.d.ts +0 -2
- package/dist/esm/tests/scenarios/web5-connect.spec.d.ts.map +0 -1
- package/dist/esm/tests/scenarios/web5-connect.spec.js +0 -141
- package/dist/esm/tests/scenarios/web5-connect.spec.js.map +0 -1
- package/dist/esm/tests/test-dwn.d.ts +0 -7
- package/dist/esm/tests/test-dwn.d.ts.map +0 -1
- package/dist/esm/tests/test-dwn.js +0 -28
- package/dist/esm/tests/test-dwn.js.map +0 -1
- package/dist/esm/tests/utils.d.ts +0 -43
- package/dist/esm/tests/utils.d.ts.map +0 -1
- package/dist/esm/tests/utils.js +0 -107
- package/dist/esm/tests/utils.js.map +0 -1
- package/dist/esm/tests/ws-api.spec.d.ts +0 -2
- package/dist/esm/tests/ws-api.spec.d.ts.map +0 -1
- package/dist/esm/tests/ws-api.spec.js +0 -332
- package/dist/esm/tests/ws-api.spec.js.map +0 -1
- package/src/json-rpc-socket.ts +0 -156
- package/src/lib/json-rpc.ts +0 -126
- package/src/registration/proof-of-work-types.ts +0 -7
- package/src/registration/registration-types.ts +0 -18
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
import log from 'loglevel';
|
|
3
|
+
/**
|
|
4
|
+
* Built-in {@link ProviderAuthPlugin} that validates JWT registration tokens.
|
|
5
|
+
*
|
|
6
|
+
* Supports two modes:
|
|
7
|
+
* - **HMAC secret** (`DWN_PROVIDER_AUTH_JWT_SECRET`): symmetric HS256 verification.
|
|
8
|
+
* - **JWKS URL** (`DWN_PROVIDER_AUTH_JWT_JWKS_URL`): asymmetric verification via
|
|
9
|
+
* a remote JWKS endpoint (RS256, ES256, EdDSA, etc.). Keys are cached and
|
|
10
|
+
* rotated automatically by `jose`.
|
|
11
|
+
*
|
|
12
|
+
* The JWT payload may include:
|
|
13
|
+
* - `sub` — mapped to `accountId` in the validation result.
|
|
14
|
+
* - `metadata` — arbitrary provider-defined object stored with the tenant.
|
|
15
|
+
*
|
|
16
|
+
* This plugin ships with `@enbox/dwn-server` and requires no external code.
|
|
17
|
+
* Providers who need custom validation logic can implement their own
|
|
18
|
+
* {@link ProviderAuthPlugin} instead.
|
|
19
|
+
*/
|
|
20
|
+
export class JwtProviderAuthPlugin {
|
|
21
|
+
#getKey;
|
|
22
|
+
#issuer;
|
|
23
|
+
#audience;
|
|
24
|
+
constructor(getKey, issuer, audience) {
|
|
25
|
+
this.#getKey = getKey;
|
|
26
|
+
this.#issuer = issuer;
|
|
27
|
+
this.#audience = audience;
|
|
28
|
+
}
|
|
29
|
+
/**
|
|
30
|
+
* Create a {@link JwtProviderAuthPlugin} from options.
|
|
31
|
+
*
|
|
32
|
+
* @param options - Must include exactly one of `secret` or `jwksUrl`.
|
|
33
|
+
* @throws If neither `secret` nor `jwksUrl` is provided.
|
|
34
|
+
*/
|
|
35
|
+
static async create(options) {
|
|
36
|
+
if (!options.secret && !options.jwksUrl) {
|
|
37
|
+
throw new Error('JwtProviderAuthPlugin: exactly one of `secret` or `jwksUrl` must be provided.');
|
|
38
|
+
}
|
|
39
|
+
let getKey;
|
|
40
|
+
if (options.secret) {
|
|
41
|
+
getKey = new TextEncoder().encode(options.secret);
|
|
42
|
+
}
|
|
43
|
+
else {
|
|
44
|
+
getKey = jose.createRemoteJWKSet(new URL(options.jwksUrl));
|
|
45
|
+
}
|
|
46
|
+
return new JwtProviderAuthPlugin(getKey, options.issuer, options.audience);
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Create a {@link JwtProviderAuthPlugin} from environment variables.
|
|
50
|
+
*
|
|
51
|
+
* Reads `DWN_PROVIDER_AUTH_JWT_SECRET`, `DWN_PROVIDER_AUTH_JWT_JWKS_URL`,
|
|
52
|
+
* and optionally `DWN_PROVIDER_AUTH_JWT_ISSUER` / `DWN_PROVIDER_AUTH_JWT_AUDIENCE`.
|
|
53
|
+
*/
|
|
54
|
+
static async fromEnv() {
|
|
55
|
+
return JwtProviderAuthPlugin.create({
|
|
56
|
+
secret: process.env.DWN_PROVIDER_AUTH_JWT_SECRET,
|
|
57
|
+
jwksUrl: process.env.DWN_PROVIDER_AUTH_JWT_JWKS_URL,
|
|
58
|
+
issuer: process.env.DWN_PROVIDER_AUTH_JWT_ISSUER,
|
|
59
|
+
audience: process.env.DWN_PROVIDER_AUTH_JWT_AUDIENCE,
|
|
60
|
+
});
|
|
61
|
+
}
|
|
62
|
+
/** @inheritdoc */
|
|
63
|
+
async validateRegistrationToken(token) {
|
|
64
|
+
try {
|
|
65
|
+
const verifyOptions = {};
|
|
66
|
+
if (this.#issuer !== undefined) {
|
|
67
|
+
verifyOptions.issuer = this.#issuer;
|
|
68
|
+
}
|
|
69
|
+
if (this.#audience !== undefined) {
|
|
70
|
+
verifyOptions.audience = this.#audience;
|
|
71
|
+
}
|
|
72
|
+
const { payload } = await jose.jwtVerify(token, this.#getKey, verifyOptions);
|
|
73
|
+
return {
|
|
74
|
+
isValid: true,
|
|
75
|
+
accountId: typeof payload.sub === 'string' ? payload.sub : undefined,
|
|
76
|
+
metadata: typeof payload.metadata === 'object' && payload.metadata !== null
|
|
77
|
+
? payload.metadata
|
|
78
|
+
: undefined,
|
|
79
|
+
};
|
|
80
|
+
}
|
|
81
|
+
catch (error) {
|
|
82
|
+
log.debug('JWT validation failed:', error.message);
|
|
83
|
+
return {
|
|
84
|
+
isValid: false,
|
|
85
|
+
detail: error.message,
|
|
86
|
+
};
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
//# sourceMappingURL=jwt-provider-auth-plugin.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"jwt-provider-auth-plugin.js","sourceRoot":"","sources":["../../../../src/registration/jwt-provider-auth-plugin.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,GAAG,MAAM,UAAU,CAAC;AAiB3B;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,OAAO,qBAAqB;IAChC,OAAO,CAAoC;IAC3C,OAAO,CAAqB;IAC5B,SAAS,CAAqB;IAE9B,YACE,MAAyC,EACzC,MAAe,EACf,QAAiB;QAEjB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,SAAS,GAAG,QAAQ,CAAC;IAC5B,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAqC;QAC9D,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CACb,+EAA+E,CAChF,CAAC;QACJ,CAAC;QAED,IAAI,MAAW,CAAC;QAChB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,OAAQ,CAAC,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,qBAAqB,CAAC,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,OAAO,CAAC,QAAQ,CAAC,CAAC;IAC7E,CAAC;IAED;;;;;OAKG;IACI,MAAM,CAAC,KAAK,CAAC,OAAO;QACzB,OAAO,qBAAqB,CAAC,MAAM,CAAC;YAClC,MAAM,EAAK,OAAO,CAAC,GAAG,CAAC,4BAA4B;YACnD,OAAO,EAAI,OAAO,CAAC,GAAG,CAAC,8BAA8B;YACrD,MAAM,EAAK,OAAO,CAAC,GAAG,CAAC,4BAA4B;YACnD,QAAQ,EAAG,OAAO,CAAC,GAAG,CAAC,8BAA8B;SACtD,CAAC,CAAC;IACL,CAAC;IAED,kBAAkB;IACX,KAAK,CAAC,yBAAyB,CAAC,KAAa;QAClD,IAAI,CAAC;YACH,MAAM,aAAa,GAA0B,EAAE,CAAC;YAChD,IAAI,IAAI,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;gBAC/B,aAAa,CAAC,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC;YACtC,CAAC;YACD,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,EAAE,CAAC;gBACjC,aAAa,CAAC,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC;YAC1C,CAAC;YAED,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,KAAK,EAAE,IAAI,CAAC,OAAc,EAAE,aAAa,CAAC,CAAC;YAEpF,OAAO;gBACL,OAAO,EAAK,IAAI;gBAChB,SAAS,EAAG,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,SAAS;gBACrE,QAAQ,EAAI,OAAO,OAAO,CAAC,QAAQ,KAAK,QAAQ,IAAI,OAAO,CAAC,QAAQ,KAAK,IAAI;oBAC3E,CAAC,CAAC,OAAO,CAAC,QAAmC;oBAC7C,CAAC,CAAC,SAAS;aACd,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,KAAK,CAAC,wBAAwB,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;YAC9D,OAAO;gBACL,OAAO,EAAG,KAAK;gBACf,MAAM,EAAK,KAAe,CAAC,OAAO;aACnC,CAAC;QACJ,CAAC;IACH,CAAC;CACF"}
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
export declare class OpenAuthHandler {
|
|
2
|
+
#private;
|
|
3
|
+
private constructor();
|
|
4
|
+
/**
|
|
5
|
+
* Create an {@link OpenAuthHandler}.
|
|
6
|
+
*
|
|
7
|
+
* @param secret - HMAC shared secret (same as `DWN_PROVIDER_AUTH_JWT_SECRET`).
|
|
8
|
+
* @param issuer - JWT issuer claim (typically the DWN server's base URL).
|
|
9
|
+
* @param tokenTtlSeconds - Registration token lifetime in seconds. Default: 1 year.
|
|
10
|
+
*/
|
|
11
|
+
static create(secret: string, issuer: string, tokenTtlSeconds?: number): OpenAuthHandler;
|
|
12
|
+
/**
|
|
13
|
+
* Handle `GET /provider-auth/authorize`.
|
|
14
|
+
*
|
|
15
|
+
* In open-auth mode this immediately generates a code and redirects back
|
|
16
|
+
* to the `redirect_uri` with `code` and `state` query parameters.
|
|
17
|
+
* No user interaction is required.
|
|
18
|
+
*/
|
|
19
|
+
handleAuthorize(url: URL): Response;
|
|
20
|
+
/**
|
|
21
|
+
* Handle `POST /provider-auth/token`.
|
|
22
|
+
*
|
|
23
|
+
* Exchanges an authorization code for a JWT registration token.
|
|
24
|
+
* Request body: `{ code: string, redirectUri: string }`.
|
|
25
|
+
*/
|
|
26
|
+
handleToken(req: Request): Promise<Response>;
|
|
27
|
+
/**
|
|
28
|
+
* Handle `POST /provider-auth/refresh`.
|
|
29
|
+
*
|
|
30
|
+
* Exchanges a refresh token for a new registration token.
|
|
31
|
+
* Request body: `{ refreshToken: string }`.
|
|
32
|
+
*/
|
|
33
|
+
handleRefresh(req: Request): Promise<Response>;
|
|
34
|
+
/** Stops the periodic cleanup timer and clears all pending codes. */
|
|
35
|
+
destroy(): void;
|
|
36
|
+
}
|
|
37
|
+
//# sourceMappingURL=open-auth-handler.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"open-auth-handler.d.ts","sourceRoot":"","sources":["../../../../src/registration/open-auth-handler.ts"],"names":[],"mappings":"AA6BA,qBAAa,eAAe;;IAU1B,OAAO;IAeP;;;;;;OAMG;WACW,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,eAAe,SAAqB,GAAG,eAAe;IAQ3G;;;;;;OAMG;IACI,eAAe,CAAC,GAAG,EAAE,GAAG,GAAG,QAAQ;IAgD1C;;;;;OAKG;IACU,WAAW,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IAqDzD;;;;;OAKG;IACU,aAAa,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,QAAQ,CAAC;IA0D3D,qEAAqE;IAC9D,OAAO,IAAI,IAAI;CAcvB"}
|
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
import * as jose from 'jose';
|
|
2
|
+
import log from 'loglevel';
|
|
3
|
+
/**
|
|
4
|
+
* Built-in "open auth" handler for DWN servers that want registration
|
|
5
|
+
* without any user authentication (open-to-all).
|
|
6
|
+
*
|
|
7
|
+
* Implements the provider-auth-v0 authorize / token / refresh endpoints
|
|
8
|
+
* locally on the DWN server. The authorize endpoint immediately returns
|
|
9
|
+
* an authorization code (no user interaction), the token endpoint exchanges
|
|
10
|
+
* it for a JWT registration token, and the refresh endpoint issues a new token.
|
|
11
|
+
*
|
|
12
|
+
* This is the simplest possible auth backend — suitable for free/public DWN
|
|
13
|
+
* providers. Providers who want real authentication (passkey, OIDC, etc.)
|
|
14
|
+
* host their own auth service and point `providerAuth.authorizeUrl` /
|
|
15
|
+
* `tokenUrl` to it instead.
|
|
16
|
+
*
|
|
17
|
+
* The JWTs issued here are verified by {@link JwtProviderAuthPlugin} using
|
|
18
|
+
* the same shared secret (`DWN_PROVIDER_AUTH_JWT_SECRET`).
|
|
19
|
+
*/
|
|
20
|
+
/**
|
|
21
|
+
* Maximum number of pending authorization codes held in memory.
|
|
22
|
+
* When the limit is reached, new authorize requests are rejected with 503.
|
|
23
|
+
*/
|
|
24
|
+
const MAX_PENDING_CODES = 10_000;
|
|
25
|
+
/** Interval (ms) at which expired authorization codes are purged. */
|
|
26
|
+
const CLEANUP_INTERVAL_MS = 60_000;
|
|
27
|
+
export class OpenAuthHandler {
|
|
28
|
+
#secret;
|
|
29
|
+
#issuer;
|
|
30
|
+
/** Pending authorization codes. Maps code → { redirectUri, expiresAt }. */
|
|
31
|
+
#pendingCodes;
|
|
32
|
+
/** Registration token TTL in seconds. Default: 1 year. */
|
|
33
|
+
#tokenTtlSeconds;
|
|
34
|
+
/** Periodic cleanup timer for expired codes. */
|
|
35
|
+
#cleanupTimer;
|
|
36
|
+
constructor(secret, issuer, tokenTtlSeconds) {
|
|
37
|
+
this.#secret = secret;
|
|
38
|
+
this.#issuer = issuer;
|
|
39
|
+
this.#pendingCodes = new Map();
|
|
40
|
+
this.#tokenTtlSeconds = tokenTtlSeconds;
|
|
41
|
+
// Periodically purge expired codes so memory does not grow unbounded
|
|
42
|
+
// even when no new authorize requests arrive.
|
|
43
|
+
this.#cleanupTimer = setInterval(() => this.#cleanExpiredCodes(), CLEANUP_INTERVAL_MS);
|
|
44
|
+
// Allow the process to exit even if the timer is still running.
|
|
45
|
+
if (this.#cleanupTimer.unref) {
|
|
46
|
+
this.#cleanupTimer.unref();
|
|
47
|
+
}
|
|
48
|
+
}
|
|
49
|
+
/**
|
|
50
|
+
* Create an {@link OpenAuthHandler}.
|
|
51
|
+
*
|
|
52
|
+
* @param secret - HMAC shared secret (same as `DWN_PROVIDER_AUTH_JWT_SECRET`).
|
|
53
|
+
* @param issuer - JWT issuer claim (typically the DWN server's base URL).
|
|
54
|
+
* @param tokenTtlSeconds - Registration token lifetime in seconds. Default: 1 year.
|
|
55
|
+
*/
|
|
56
|
+
static create(secret, issuer, tokenTtlSeconds = 365 * 24 * 60 * 60) {
|
|
57
|
+
return new OpenAuthHandler(new TextEncoder().encode(secret), issuer, tokenTtlSeconds);
|
|
58
|
+
}
|
|
59
|
+
/**
|
|
60
|
+
* Handle `GET /provider-auth/authorize`.
|
|
61
|
+
*
|
|
62
|
+
* In open-auth mode this immediately generates a code and redirects back
|
|
63
|
+
* to the `redirect_uri` with `code` and `state` query parameters.
|
|
64
|
+
* No user interaction is required.
|
|
65
|
+
*/
|
|
66
|
+
handleAuthorize(url) {
|
|
67
|
+
const redirectUri = url.searchParams.get('redirect_uri');
|
|
68
|
+
const state = url.searchParams.get('state');
|
|
69
|
+
if (!redirectUri) {
|
|
70
|
+
return Response.json({ error: 'missing redirect_uri parameter' }, { status: 400 });
|
|
71
|
+
}
|
|
72
|
+
// Reject new codes when the map is at capacity to prevent memory exhaustion.
|
|
73
|
+
if (this.#pendingCodes.size >= MAX_PENDING_CODES) {
|
|
74
|
+
log.warn(`OpenAuthHandler: pending codes map is full (${MAX_PENDING_CODES}), rejecting authorize request`);
|
|
75
|
+
return Response.json({ error: 'server is busy, try again later' }, { status: 503 });
|
|
76
|
+
}
|
|
77
|
+
// Generate a random authorization code.
|
|
78
|
+
const code = crypto.randomUUID();
|
|
79
|
+
// Store the code with a 10-minute expiry.
|
|
80
|
+
this.#pendingCodes.set(code, {
|
|
81
|
+
redirectUri,
|
|
82
|
+
expiresAt: Date.now() + 10 * 60 * 1000,
|
|
83
|
+
});
|
|
84
|
+
// Periodically clean up expired codes (simple inline sweep).
|
|
85
|
+
this.#cleanExpiredCodes();
|
|
86
|
+
// Build redirect URL.
|
|
87
|
+
const redirect = new URL(redirectUri);
|
|
88
|
+
redirect.searchParams.set('code', code);
|
|
89
|
+
if (state) {
|
|
90
|
+
redirect.searchParams.set('state', state);
|
|
91
|
+
}
|
|
92
|
+
log.debug(`OpenAuthHandler: issued code ${code.slice(0, 8)}… for redirect to ${redirectUri}`);
|
|
93
|
+
return Response.json({
|
|
94
|
+
code,
|
|
95
|
+
state: state ?? undefined,
|
|
96
|
+
redirectUri: redirect.toString(),
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
/**
|
|
100
|
+
* Handle `POST /provider-auth/token`.
|
|
101
|
+
*
|
|
102
|
+
* Exchanges an authorization code for a JWT registration token.
|
|
103
|
+
* Request body: `{ code: string, redirectUri: string }`.
|
|
104
|
+
*/
|
|
105
|
+
async handleToken(req) {
|
|
106
|
+
let body;
|
|
107
|
+
try {
|
|
108
|
+
body = await req.json();
|
|
109
|
+
}
|
|
110
|
+
catch {
|
|
111
|
+
return Response.json({ error: 'invalid JSON body' }, { status: 400 });
|
|
112
|
+
}
|
|
113
|
+
const { code, redirectUri } = body;
|
|
114
|
+
if (!code || !redirectUri) {
|
|
115
|
+
return Response.json({ error: 'missing code or redirectUri' }, { status: 400 });
|
|
116
|
+
}
|
|
117
|
+
// Validate the authorization code.
|
|
118
|
+
const pending = this.#pendingCodes.get(code);
|
|
119
|
+
if (!pending) {
|
|
120
|
+
return Response.json({ error: 'invalid or expired code' }, { status: 400 });
|
|
121
|
+
}
|
|
122
|
+
if (pending.redirectUri !== redirectUri) {
|
|
123
|
+
return Response.json({ error: 'redirect_uri mismatch' }, { status: 400 });
|
|
124
|
+
}
|
|
125
|
+
if (Date.now() > pending.expiresAt) {
|
|
126
|
+
this.#pendingCodes.delete(code);
|
|
127
|
+
return Response.json({ error: 'code expired' }, { status: 400 });
|
|
128
|
+
}
|
|
129
|
+
// Consume the code (one-time use).
|
|
130
|
+
this.#pendingCodes.delete(code);
|
|
131
|
+
// Generate an account ID for this session (open auth = anonymous accounts).
|
|
132
|
+
const accountId = crypto.randomUUID();
|
|
133
|
+
// Issue JWT registration token.
|
|
134
|
+
const registrationToken = await this.#signToken(accountId, this.#tokenTtlSeconds);
|
|
135
|
+
// Issue refresh token with longer TTL (2x).
|
|
136
|
+
const refreshToken = await this.#signToken(accountId, this.#tokenTtlSeconds * 2, 'refresh');
|
|
137
|
+
log.debug(`OpenAuthHandler: exchanged code for account ${accountId.slice(0, 8)}…`);
|
|
138
|
+
return Response.json({
|
|
139
|
+
registrationToken,
|
|
140
|
+
refreshToken,
|
|
141
|
+
expiresIn: this.#tokenTtlSeconds,
|
|
142
|
+
tokenType: 'bearer',
|
|
143
|
+
});
|
|
144
|
+
}
|
|
145
|
+
/**
|
|
146
|
+
* Handle `POST /provider-auth/refresh`.
|
|
147
|
+
*
|
|
148
|
+
* Exchanges a refresh token for a new registration token.
|
|
149
|
+
* Request body: `{ refreshToken: string }`.
|
|
150
|
+
*/
|
|
151
|
+
async handleRefresh(req) {
|
|
152
|
+
let body;
|
|
153
|
+
try {
|
|
154
|
+
body = await req.json();
|
|
155
|
+
}
|
|
156
|
+
catch {
|
|
157
|
+
return Response.json({ error: 'invalid JSON body' }, { status: 400 });
|
|
158
|
+
}
|
|
159
|
+
if (!body.refreshToken) {
|
|
160
|
+
return Response.json({ error: 'missing refreshToken' }, { status: 400 });
|
|
161
|
+
}
|
|
162
|
+
// Verify the refresh token.
|
|
163
|
+
let payload;
|
|
164
|
+
try {
|
|
165
|
+
const result = await jose.jwtVerify(body.refreshToken, this.#secret, {
|
|
166
|
+
issuer: this.#issuer,
|
|
167
|
+
});
|
|
168
|
+
payload = result.payload;
|
|
169
|
+
}
|
|
170
|
+
catch (error) {
|
|
171
|
+
return Response.json({ error: `invalid refresh token: ${error.message}` }, { status: 400 });
|
|
172
|
+
}
|
|
173
|
+
if (payload.purpose !== 'refresh') {
|
|
174
|
+
return Response.json({ error: 'token is not a refresh token' }, { status: 400 });
|
|
175
|
+
}
|
|
176
|
+
const accountId = payload.sub ?? crypto.randomUUID();
|
|
177
|
+
// Issue new tokens.
|
|
178
|
+
const registrationToken = await this.#signToken(accountId, this.#tokenTtlSeconds);
|
|
179
|
+
const refreshToken = await this.#signToken(accountId, this.#tokenTtlSeconds * 2, 'refresh');
|
|
180
|
+
log.debug(`OpenAuthHandler: refreshed token for account ${accountId.slice(0, 8)}…`);
|
|
181
|
+
return Response.json({
|
|
182
|
+
registrationToken,
|
|
183
|
+
refreshToken,
|
|
184
|
+
expiresIn: this.#tokenTtlSeconds,
|
|
185
|
+
tokenType: 'bearer',
|
|
186
|
+
});
|
|
187
|
+
}
|
|
188
|
+
/** Sign a JWT with the shared secret. */
|
|
189
|
+
async #signToken(accountId, ttlSeconds, purpose = 'registration') {
|
|
190
|
+
return new jose.SignJWT({ purpose })
|
|
191
|
+
.setProtectedHeader({ alg: 'HS256' })
|
|
192
|
+
.setIssuer(this.#issuer)
|
|
193
|
+
.setAudience(this.#issuer)
|
|
194
|
+
.setSubject(accountId)
|
|
195
|
+
.setIssuedAt()
|
|
196
|
+
.setExpirationTime(`${ttlSeconds}s`)
|
|
197
|
+
.sign(this.#secret);
|
|
198
|
+
}
|
|
199
|
+
/** Stops the periodic cleanup timer and clears all pending codes. */
|
|
200
|
+
destroy() {
|
|
201
|
+
clearInterval(this.#cleanupTimer);
|
|
202
|
+
this.#pendingCodes.clear();
|
|
203
|
+
}
|
|
204
|
+
/** Remove expired authorization codes from the pending map. */
|
|
205
|
+
#cleanExpiredCodes() {
|
|
206
|
+
const now = Date.now();
|
|
207
|
+
for (const [code, data] of this.#pendingCodes) {
|
|
208
|
+
if (now > data.expiresAt) {
|
|
209
|
+
this.#pendingCodes.delete(code);
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
}
|
|
213
|
+
}
|
|
214
|
+
//# sourceMappingURL=open-auth-handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"open-auth-handler.js","sourceRoot":"","sources":["../../../../src/registration/open-auth-handler.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B;;;;;;;;;;;;;;;;GAgBG;AACH;;;GAGG;AACH,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAEjC,qEAAqE;AACrE,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,MAAM,OAAO,eAAe;IAC1B,OAAO,CAAa;IACpB,OAAO,CAAS;IAChB,2EAA2E;IAC3E,aAAa,CAA0D;IACvE,0DAA0D;IAC1D,gBAAgB,CAAS;IACzB,gDAAgD;IAChD,aAAa,CAAiC;IAE9C,YAAoB,MAAkB,EAAE,MAAc,EAAE,eAAuB;QAC7E,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,IAAI,CAAC,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;QAC/B,IAAI,CAAC,gBAAgB,GAAG,eAAe,CAAC;QAExC,qEAAqE;QACrE,8CAA8C;QAC9C,IAAI,CAAC,aAAa,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,mBAAmB,CAAC,CAAC;QACvF,gEAAgE;QAChE,IAAI,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;QAC7B,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACI,MAAM,CAAC,MAAM,CAAC,MAAc,EAAE,MAAc,EAAE,eAAe,GAAG,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;QACvF,OAAO,IAAI,eAAe,CACxB,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,EAChC,MAAM,EACN,eAAe,CAChB,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACI,eAAe,CAAC,GAAQ;QAC7B,MAAM,WAAW,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;QACzD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAE5C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,QAAQ,CAAC,IAAI,CAClB,EAAE,KAAK,EAAE,gCAAgC,EAAE,EAC3C,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,6EAA6E;QAC7E,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,iBAAiB,EAAE,CAAC;YACjD,GAAG,CAAC,IAAI,CAAC,+CAA+C,iBAAiB,gCAAgC,CAAC,CAAC;YAC3G,OAAO,QAAQ,CAAC,IAAI,CAClB,EAAE,KAAK,EAAE,iCAAiC,EAAE,EAC5C,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEjC,0CAA0C;QAC1C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE;YAC3B,WAAW;YACX,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACvC,CAAC,CAAC;QAEH,6DAA6D;QAC7D,IAAI,CAAC,kBAAkB,EAAE,CAAC;QAE1B,sBAAsB;QACtB,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACtC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACxC,IAAI,KAAK,EAAE,CAAC;YACV,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,GAAG,CAAC,KAAK,CAAC,gCAAgC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,qBAAqB,WAAW,EAAE,CAAC,CAAC;QAE9F,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,IAAI;YACJ,KAAK,EAAS,KAAK,IAAI,SAAS;YAChC,WAAW,EAAG,QAAQ,CAAC,QAAQ,EAAE;SAClC,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,WAAW,CAAC,GAAY;QACnC,IAAI,IAA6C,CAAC;QAClD,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA6C,CAAC;QACrE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;QACnC,IAAI,CAAC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YAC1B,OAAO,QAAQ,CAAC,IAAI,CAClB,EAAE,KAAK,EAAE,6BAA6B,EAAE,EACxC,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,mCAAmC;QACnC,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC9E,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,KAAK,WAAW,EAAE,CAAC;YACxC,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC5E,CAAC;QAED,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAChC,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,mCAAmC;QACnC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAEhC,4EAA4E;QAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEtC,gCAAgC;QAChC,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAElF,4CAA4C;QAC5C,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;QAE5F,GAAG,CAAC,KAAK,CAAC,+CAA+C,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;QAEnF,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,iBAAiB;YACjB,YAAY;YACZ,SAAS,EAAG,IAAI,CAAC,gBAAgB;YACjC,SAAS,EAAG,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;IAED;;;;;OAKG;IACI,KAAK,CAAC,aAAa,CAAC,GAAY;QACrC,IAAI,IAA+B,CAAC;QACpC,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAA+B,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;YACvB,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QAC3E,CAAC;QAED,4BAA4B;QAC5B,IAAI,OAAwB,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,YAAY,EAAE,IAAI,CAAC,OAAO,EAAE;gBACnE,MAAM,EAAE,IAAI,CAAC,OAAO;aACrB,CAAC,CAAC;YACH,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,QAAQ,CAAC,IAAI,CAClB,EAAE,KAAK,EAAE,0BAA2B,KAAe,CAAC,OAAO,EAAE,EAAE,EAC/D,EAAE,MAAM,EAAE,GAAG,EAAE,CAChB,CAAC;QACJ,CAAC;QAED,IAAI,OAAO,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;YAClC,OAAO,QAAQ,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;QACnF,CAAC;QAED,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,IAAI,MAAM,CAAC,UAAU,EAAE,CAAC;QAErD,oBAAoB;QACpB,MAAM,iBAAiB,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAClF,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;QAE5F,GAAG,CAAC,KAAK,CAAC,gDAAgD,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC;QAEpF,OAAO,QAAQ,CAAC,IAAI,CAAC;YACnB,iBAAiB;YACjB,YAAY;YACZ,SAAS,EAAG,IAAI,CAAC,gBAAgB;YACjC,SAAS,EAAG,QAAQ;SACrB,CAAC,CAAC;IACL,CAAC;IAED,yCAAyC;IACzC,KAAK,CAAC,UAAU,CAAC,SAAiB,EAAE,UAAkB,EAAE,OAAO,GAAG,cAAc;QAC9E,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,OAAO,EAAE,CAAC;aACjC,kBAAkB,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC;aACpC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;aACvB,WAAW,CAAC,IAAI,CAAC,OAAO,CAAC;aACzB,UAAU,CAAC,SAAS,CAAC;aACrB,WAAW,EAAE;aACb,iBAAiB,CAAC,GAAG,UAAU,GAAG,CAAC;aACnC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;IAED,qEAAqE;IAC9D,OAAO;QACZ,aAAa,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAClC,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,CAAC;IAC7B,CAAC;IAED,+DAA+D;IAC/D,kBAAkB;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YAC9C,IAAI,GAAG,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;gBACzB,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;CACF"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ProofOfWorkChallengeModel } from '
|
|
1
|
+
import type { ProofOfWorkChallengeModel } from '@enbox/dwn-clients';
|
|
2
2
|
/**
|
|
3
3
|
* Manages proof-of-work challenge difficulty and lifecycle based on solve rate.
|
|
4
4
|
* Can have multiple instances each having their own desired solve rate and difficulty.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"proof-of-work-manager.d.ts","sourceRoot":"","sources":["../../../../src/registration/proof-of-work-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"proof-of-work-manager.d.ts","sourceRoot":"","sources":["../../../../src/registration/proof-of-work-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,oBAAoB,CAAC;AAKpE;;;GAGG;AACH,qBAAa,kBAAkB;IAE7B,gBAAuB,8BAA8B,sEAAsE;IAG3H,OAAO,CAAC,eAAe,CAIrB;IAIF,OAAO,CAAC,uBAAuB,CAAkC;IAGjE,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,4BAA4B,CAAS;IAC7C,OAAO,CAAC,sCAAsC,CAAS;IACvD,OAAO,CAAC,sCAAsC,CAAS;IACvD,OAAO,CAAC,0BAA0B,CAAS;IAE3C;;OAEG;IACI,kCAAkC,EAAE,MAAM,CAAC;IAElD;;OAEG;IACI,wCAAwC,EAAE,MAAM,CAAC;IAExD;;OAEG;IACH,IAAW,8BAA8B,IAAI,MAAM,CAElD;IAED;;OAEG;IACH,IAAW,0BAA0B,IAAI,MAAM,CAE9C;IAED,OAAO;IAoBP;;;;;;;OAOG;WACiB,MAAM,CAAC,KAAK,EAAE;QAChC,0BAA0B,EAAE,MAAM,CAAC;QACnC,SAAS,EAAE,OAAO,CAAC;QACnB,8BAA8B,CAAC,EAAE,MAAM,CAAC;QACxC,4BAA4B,CAAC,EAAE,MAAM,CAAC;QACtC,aAAa,CAAC,EAAE,MAAM,CAAC;QACvB,kCAAkC,CAAC,EAAE,MAAM,CAAC;QAC5C,wCAAwC,CAAC,EAAE,MAAM,CAAA;KAClD,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAwB/B;;OAEG;IACI,KAAK,IAAI,IAAI;IAKb,uBAAuB,IAAI,yBAAyB;IAO3D;;OAEG;IACU,iBAAiB,CAAC,WAAW,EAAE;QAC1C,cAAc,EAAE,MAAM,CAAC;QACvB,aAAa,EAAE,MAAM,CAAC;QACtB,WAAW,EAAE,MAAM,CAAC;KACrB,GAAG,OAAO,CAAC,IAAI,CAAC;IAkCjB;;;OAGG;IACU,iBAAiB,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,OAAO,CAAC,iCAAiC;IAUzC,OAAO,CAAC,wCAAwC;IAUhD,OAAO,CAAC,mCAAmC;IAS3C,OAAO,CAAC,qBAAqB;IAoB7B;;;;;;;OAOG;YACW,8BAA8B;IAyD5C;;OAEG;IACH,OAAO,CAAC,+BAA+B,CAAa;IAEpD;;OAEG;WACW,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO;IAK/C;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,iBAAiB;CAQjC"}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Interface for validating provider auth registration tokens.
|
|
3
|
+
* DWN server operators implement this to integrate with their auth service.
|
|
4
|
+
*
|
|
5
|
+
* The token is intentionally opaque — it could be a JWT, blind RSA token,
|
|
6
|
+
* ecash token, or any other format. The plugin is responsible for all
|
|
7
|
+
* validation logic.
|
|
8
|
+
*/
|
|
9
|
+
export interface ProviderAuthPlugin {
|
|
10
|
+
/**
|
|
11
|
+
* Validate a registration token presented during DID registration.
|
|
12
|
+
*
|
|
13
|
+
* @param token - The opaque registration token from the client
|
|
14
|
+
* @returns Validation result with optional account metadata
|
|
15
|
+
*/
|
|
16
|
+
validateRegistrationToken(token: string): Promise<ProviderAuthValidationResult>;
|
|
17
|
+
}
|
|
18
|
+
/**
|
|
19
|
+
* Result of validating a provider auth registration token.
|
|
20
|
+
*/
|
|
21
|
+
export type ProviderAuthValidationResult = {
|
|
22
|
+
/** Whether the token is valid and the registration should proceed. */
|
|
23
|
+
isValid: boolean;
|
|
24
|
+
/**
|
|
25
|
+
* Optional account identifier that this DID registration is associated with.
|
|
26
|
+
* Omit for privacy-preserving providers where DID-to-account correlation
|
|
27
|
+
* should not be stored.
|
|
28
|
+
*/
|
|
29
|
+
accountId?: string;
|
|
30
|
+
/**
|
|
31
|
+
* Optional provider-defined metadata to store with the tenant registration.
|
|
32
|
+
* Can include plan details, quotas, or any other provider-specific data.
|
|
33
|
+
* Stored as JSON in the registeredTenants table.
|
|
34
|
+
*/
|
|
35
|
+
metadata?: Record<string, unknown>;
|
|
36
|
+
/** Error detail message when isValid is false. */
|
|
37
|
+
detail?: string;
|
|
38
|
+
};
|
|
39
|
+
/**
|
|
40
|
+
* Load a ProviderAuthPlugin from a file path.
|
|
41
|
+
* The module must export a default class or object that implements ProviderAuthPlugin.
|
|
42
|
+
*
|
|
43
|
+
* Follows the same pattern as the existing PluginLoader.
|
|
44
|
+
*/
|
|
45
|
+
export declare function loadProviderAuthPlugin(pluginPath: string): Promise<ProviderAuthPlugin>;
|
|
46
|
+
//# sourceMappingURL=provider-auth-plugin.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-auth-plugin.d.ts","sourceRoot":"","sources":["../../../../src/registration/provider-auth-plugin.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,MAAM,WAAW,kBAAkB;IACjC;;;;;OAKG;IACH,yBAAyB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,4BAA4B,CAAC,CAAC;CACjF;AAED;;GAEG;AACH,MAAM,MAAM,4BAA4B,GAAG;IACzC,sEAAsE;IACtE,OAAO,EAAG,OAAO,CAAC;IAElB;;;;OAIG;IACH,SAAS,CAAC,EAAG,MAAM,CAAC;IAEpB;;;;OAIG;IACH,QAAQ,CAAC,EAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEpC,kDAAkD;IAClD,MAAM,CAAC,EAAG,MAAM,CAAC;CAClB,CAAC;AAEF;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAgC5F"}
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { DwnServerError, DwnServerErrorCode } from '../dwn-error.js';
|
|
2
|
+
/**
|
|
3
|
+
* Load a ProviderAuthPlugin from a file path.
|
|
4
|
+
* The module must export a default class or object that implements ProviderAuthPlugin.
|
|
5
|
+
*
|
|
6
|
+
* Follows the same pattern as the existing PluginLoader.
|
|
7
|
+
*/
|
|
8
|
+
export async function loadProviderAuthPlugin(pluginPath) {
|
|
9
|
+
let module;
|
|
10
|
+
try {
|
|
11
|
+
module = await import(pluginPath);
|
|
12
|
+
}
|
|
13
|
+
catch (error) {
|
|
14
|
+
throw new DwnServerError(DwnServerErrorCode.ProviderAuthPluginLoadFailed, `Failed to load provider auth plugin at ${pluginPath}: ${error.message}`);
|
|
15
|
+
}
|
|
16
|
+
const plugin = module.default;
|
|
17
|
+
if (plugin === undefined) {
|
|
18
|
+
throw new DwnServerError(DwnServerErrorCode.ProviderAuthPluginLoadFailed, `Provider auth plugin at ${pluginPath} does not have a default export.`);
|
|
19
|
+
}
|
|
20
|
+
// Support both class (instantiate) and plain object exports.
|
|
21
|
+
const instance = typeof plugin === 'function'
|
|
22
|
+
? new plugin()
|
|
23
|
+
: plugin;
|
|
24
|
+
if (typeof instance.validateRegistrationToken !== 'function') {
|
|
25
|
+
throw new DwnServerError(DwnServerErrorCode.ProviderAuthPluginLoadFailed, `Provider auth plugin at ${pluginPath} does not implement validateRegistrationToken().`);
|
|
26
|
+
}
|
|
27
|
+
return instance;
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=provider-auth-plugin.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"provider-auth-plugin.js","sourceRoot":"","sources":["../../../../src/registration/provider-auth-plugin.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AA6CrE;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,UAAkB;IAC7D,IAAI,MAAW,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,cAAc,CACtB,kBAAkB,CAAC,4BAA4B,EAC/C,0CAA0C,UAAU,KAAM,KAAe,CAAC,OAAO,EAAE,CACpF,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC;IAC9B,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,cAAc,CACtB,kBAAkB,CAAC,4BAA4B,EAC/C,2BAA2B,UAAU,kCAAkC,CACxE,CAAC;IACJ,CAAC;IAED,6DAA6D;IAC7D,MAAM,QAAQ,GAAuB,OAAO,MAAM,KAAK,UAAU;QAC/D,CAAC,CAAC,IAAI,MAAM,EAAwB;QACpC,CAAC,CAAC,MAA4B,CAAC;IAEjC,IAAI,OAAO,QAAQ,CAAC,yBAAyB,KAAK,UAAU,EAAE,CAAC;QAC7D,MAAM,IAAI,cAAc,CACtB,kBAAkB,CAAC,4BAA4B,EAC/C,2BAA2B,UAAU,kDAAkD,CACxF,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}
|
|
@@ -1,12 +1,14 @@
|
|
|
1
|
-
import type {
|
|
1
|
+
import type { ProviderAuthPlugin } from './provider-auth-plugin.js';
|
|
2
2
|
import type { ActiveTenantCheckResult, TenantGate } from '@enbox/dwn-sdk-js';
|
|
3
|
-
import type {
|
|
3
|
+
import type { ProofOfWorkChallengeModel, RegistrationRequest } from '@enbox/dwn-clients';
|
|
4
|
+
import { RegistrationStore } from './registration-store.js';
|
|
4
5
|
/**
|
|
5
6
|
* The RegistrationManager is responsible for managing the registration of tenants.
|
|
6
7
|
* It handles tenant registration requests and provides the corresponding `TenantGate` implementation.
|
|
7
8
|
*/
|
|
8
9
|
export declare class RegistrationManager implements TenantGate {
|
|
9
10
|
private proofOfWorkManager;
|
|
11
|
+
private providerAuthPlugin?;
|
|
10
12
|
private registrationStore;
|
|
11
13
|
private termsOfServiceHash?;
|
|
12
14
|
private termsOfService?;
|
|
@@ -33,23 +35,44 @@ export declare class RegistrationManager implements TenantGate {
|
|
|
33
35
|
termsOfServiceFilePath?: string;
|
|
34
36
|
proofOfWorkChallengeNonceSeed?: string;
|
|
35
37
|
proofOfWorkInitialMaximumAllowedHash?: string;
|
|
38
|
+
providerAuthPlugin?: ProviderAuthPlugin;
|
|
36
39
|
}): Promise<RegistrationManager>;
|
|
37
40
|
/**
|
|
38
41
|
* Gets the proof-of-work challenge.
|
|
39
42
|
*/
|
|
40
43
|
getProofOfWorkChallenge(): ProofOfWorkChallengeModel;
|
|
41
44
|
/**
|
|
42
|
-
* Handles a registration request
|
|
45
|
+
* Handles a registration request by dispatching to the appropriate handler
|
|
46
|
+
* based on the credentials provided.
|
|
43
47
|
*/
|
|
44
48
|
handleRegistrationRequest(registrationRequest: RegistrationRequest): Promise<void>;
|
|
49
|
+
/**
|
|
50
|
+
* Handles a provider-auth registration request.
|
|
51
|
+
*/
|
|
52
|
+
private handleProviderAuthRegistration;
|
|
53
|
+
/**
|
|
54
|
+
* Handles a proof-of-work registration request.
|
|
55
|
+
*/
|
|
56
|
+
private handleProofOfWorkRegistration;
|
|
45
57
|
/**
|
|
46
58
|
* Records the given registration data in the database.
|
|
47
59
|
* Exposed as a public method for testing purposes.
|
|
48
60
|
*/
|
|
49
|
-
recordTenantRegistration(registrationData:
|
|
61
|
+
recordTenantRegistration(registrationData: {
|
|
62
|
+
did: string;
|
|
63
|
+
termsOfServiceHash?: string;
|
|
64
|
+
accountId?: string;
|
|
65
|
+
registrationType?: string;
|
|
66
|
+
metadata?: string;
|
|
67
|
+
}): Promise<void>;
|
|
50
68
|
/**
|
|
51
69
|
* The TenantGate implementation.
|
|
52
70
|
*/
|
|
53
71
|
isActiveTenant(tenant: string): Promise<ActiveTenantCheckResult>;
|
|
72
|
+
/**
|
|
73
|
+
* Returns the underlying RegistrationStore, if initialized.
|
|
74
|
+
* Used by the admin API to access tenant data.
|
|
75
|
+
*/
|
|
76
|
+
getRegistrationStore(): RegistrationStore | undefined;
|
|
54
77
|
}
|
|
55
78
|
//# sourceMappingURL=registration-manager.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"registration-manager.d.ts","sourceRoot":"","sources":["../../../../src/registration/registration-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,
|
|
1
|
+
{"version":3,"file":"registration-manager.d.ts","sourceRoot":"","sources":["../../../../src/registration/registration-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACpE,OAAO,KAAK,EAAE,uBAAuB,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAC7E,OAAO,KAAK,EAAE,yBAAyB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAOzF,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAG5D;;;GAGG;AACH,qBAAa,mBAAoB,YAAW,UAAU;IACpD,OAAO,CAAC,kBAAkB,CAAqB;IAC/C,OAAO,CAAC,kBAAkB,CAAC,CAAqB;IAChD,OAAO,CAAC,iBAAiB,CAAoB;IAE7C,OAAO,CAAC,kBAAkB,CAAC,CAAS;IACpC,OAAO,CAAC,cAAc,CAAC,CAAS;IAEhC;;OAEG;IACI,iBAAiB,IAAI,MAAM,GAAG,SAAS;IAI9C;;OAEG;IACI,qBAAqB,IAAI,MAAM,GAAG,SAAS;IAIlD;;OAEG;IACI,oBAAoB,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI;IAKzD;;;;;OAKG;WACiB,MAAM,CAAC,KAAK,EAAE;QAChC,oBAAoB,CAAC,EAAE,MAAM,CAAC;QAC9B,sBAAsB,CAAC,EAAE,MAAM,CAAC;QAChC,6BAA6B,CAAC,EAAE,MAAM,CAAC;QACvC,oCAAoC,CAAC,EAAE,MAAM,CAAC;QAC9C,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;KACzC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAqChC;;OAEG;IACI,uBAAuB,IAAI,yBAAyB;IAK3D;;;OAGG;IACU,yBAAyB,CAAC,mBAAmB,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IAa/F;;OAEG;YACW,8BAA8B;IAuC5C;;OAEG;YACW,6BAA6B;IA2B3C;;;OAGG;IACU,wBAAwB,CAAC,gBAAgB,EAAE;QACtD,GAAG,EAAE,MAAM,CAAC;QACZ,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,gBAAgB,CAAC,EAAE,MAAM,CAAC;QAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;KACnB,GAAG,OAAO,CAAC,IAAI,CAAC;IAIjB;;OAEG;IACU,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAkC7E;;;OAGG;IACI,oBAAoB,IAAI,iBAAiB,GAAG,SAAS;CAG7D"}
|