@fireproof/core-protocols-dashboard 0.24.7 → 0.24.8-dev-fp-token
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.d.ts +1 -0
- package/index.js +1 -0
- package/index.js.map +1 -1
- package/package.json +9 -7
- package/token.d.ts +25 -0
- package/token.js +131 -0
- package/token.js.map +1 -0
package/index.d.ts
CHANGED
package/index.js
CHANGED
package/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../jsr/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../jsr/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAC;AAC7B,cAAc,oBAAoB,CAAC;AACnC,cAAc,YAAY,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@fireproof/core-protocols-dashboard",
|
|
3
|
-
"version": "0.24.
|
|
3
|
+
"version": "0.24.8-dev-fp-token",
|
|
4
4
|
"description": "Live ledger for the web.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./index.js",
|
|
@@ -36,12 +36,14 @@
|
|
|
36
36
|
"dependencies": {
|
|
37
37
|
"@adviser/cement": "0.5.15",
|
|
38
38
|
"@clerk/shared": "3.41.1",
|
|
39
|
-
"@fireproof/core-device-id": "0.24.
|
|
40
|
-
"@fireproof/core-runtime": "0.24.
|
|
41
|
-
"@fireproof/core-types-base": "0.24.
|
|
42
|
-
"@fireproof/core-types-
|
|
43
|
-
"@fireproof/core-types-protocols-
|
|
44
|
-
"@fireproof/
|
|
39
|
+
"@fireproof/core-device-id": "0.24.8-dev-fp-token",
|
|
40
|
+
"@fireproof/core-runtime": "0.24.8-dev-fp-token",
|
|
41
|
+
"@fireproof/core-types-base": "0.24.8-dev-fp-token",
|
|
42
|
+
"@fireproof/core-types-device-id": "0.24.8-dev-fp-token",
|
|
43
|
+
"@fireproof/core-types-protocols-cloud": "0.24.8-dev-fp-token",
|
|
44
|
+
"@fireproof/core-types-protocols-dashboard": "0.24.8-dev-fp-token",
|
|
45
|
+
"@fireproof/vendor": "0.24.8-dev-fp-token",
|
|
46
|
+
"jose": "6.1.3",
|
|
45
47
|
"zod": "4.3.5"
|
|
46
48
|
}
|
|
47
49
|
}
|
package/token.d.ts
ADDED
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
import { Result } from "@adviser/cement";
|
|
2
|
+
import { DeviceIdCA } from "@fireproof/core-device-id";
|
|
3
|
+
import { SuperThis } from "@fireproof/core-types-base";
|
|
4
|
+
import { FPApiToken, VerifiedClaimsResult } from "@fireproof/core-types-protocols-dashboard";
|
|
5
|
+
import { VerifyWithCertificateOptions } from "@fireproof/core-types-device-id";
|
|
6
|
+
export declare class ClerkApiToken implements FPApiToken {
|
|
7
|
+
readonly sthis: SuperThis;
|
|
8
|
+
constructor(sthis: SuperThis);
|
|
9
|
+
readonly keysAndUrls: () => Result<{
|
|
10
|
+
keys: string[];
|
|
11
|
+
urls: string[];
|
|
12
|
+
}, Error>;
|
|
13
|
+
verify(token: string): Promise<Result<VerifiedClaimsResult>>;
|
|
14
|
+
}
|
|
15
|
+
export declare class DeviceIdApiToken implements FPApiToken {
|
|
16
|
+
readonly sthis: SuperThis;
|
|
17
|
+
readonly opts: VerifyWithCertificateOptions;
|
|
18
|
+
constructor(sthis: SuperThis, opts: VerifyWithCertificateOptions);
|
|
19
|
+
verify(token: string): Promise<Result<VerifiedClaimsResult>>;
|
|
20
|
+
}
|
|
21
|
+
export declare const deviceIdCAFromEnv: (sthis: SuperThis) => Promise<Result<DeviceIdCA, Error>>;
|
|
22
|
+
export declare const tokenApi: (sthis: SuperThis, opts: VerifyWithCertificateOptions) => Promise<{
|
|
23
|
+
"device-id": DeviceIdApiToken;
|
|
24
|
+
clerk: ClerkApiToken;
|
|
25
|
+
}>;
|
package/token.js
ADDED
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
import { Lazy, Result, param, exception2Result } from "@adviser/cement";
|
|
2
|
+
import { DeviceIdCA, DeviceIdVerifyMsg } from "@fireproof/core-device-id";
|
|
3
|
+
import { sts } from "@fireproof/core-runtime";
|
|
4
|
+
import { FPClerkClaimSchema, FPDeviceIDSessionSchema } from "@fireproof/core-types-base";
|
|
5
|
+
import { jwtVerify } from "jose";
|
|
6
|
+
export class ClerkApiToken {
|
|
7
|
+
sthis;
|
|
8
|
+
constructor(sthis) {
|
|
9
|
+
this.sthis = sthis;
|
|
10
|
+
}
|
|
11
|
+
keysAndUrls = Lazy(() => {
|
|
12
|
+
const keys = [];
|
|
13
|
+
const urls = [];
|
|
14
|
+
for (let idx = 0; true; idx++) {
|
|
15
|
+
const suffix = !idx ? "" : `_${idx}`;
|
|
16
|
+
const key = `CLERK_PUB_JWT_KEY${suffix}`;
|
|
17
|
+
const url = `CLERK_PUB_JWT_URL${suffix}`;
|
|
18
|
+
const rEnvVal = this.sthis.env.gets({
|
|
19
|
+
[key]: param.OPTIONAL,
|
|
20
|
+
[url]: param.OPTIONAL,
|
|
21
|
+
});
|
|
22
|
+
if (rEnvVal.isErr()) {
|
|
23
|
+
return Result.Err(rEnvVal.Err());
|
|
24
|
+
}
|
|
25
|
+
const { [key]: keyVal, [url]: urlVal } = rEnvVal.Ok();
|
|
26
|
+
if (!keyVal && !urlVal) {
|
|
27
|
+
break;
|
|
28
|
+
}
|
|
29
|
+
if (keyVal) {
|
|
30
|
+
keys.push(keyVal);
|
|
31
|
+
}
|
|
32
|
+
if (urlVal) {
|
|
33
|
+
urls.push(...urlVal
|
|
34
|
+
.split(",")
|
|
35
|
+
.map((u) => u.trim())
|
|
36
|
+
.filter((u) => u));
|
|
37
|
+
}
|
|
38
|
+
}
|
|
39
|
+
return Result.Ok({ keys, urls });
|
|
40
|
+
});
|
|
41
|
+
async verify(token) {
|
|
42
|
+
const { keys, urls } = this.keysAndUrls().Ok();
|
|
43
|
+
const rt = await sts.verifyToken(token, keys, urls, {
|
|
44
|
+
parseSchema: (payload) => {
|
|
45
|
+
const r = FPClerkClaimSchema.safeParse(payload);
|
|
46
|
+
if (r.success) {
|
|
47
|
+
return Result.Ok(r.data);
|
|
48
|
+
}
|
|
49
|
+
else {
|
|
50
|
+
console.log("FPClerkClaimSchema parse error", payload, r.error);
|
|
51
|
+
return Result.Err(r.error);
|
|
52
|
+
}
|
|
53
|
+
},
|
|
54
|
+
verifyToken: async (token, key) => {
|
|
55
|
+
const rPublicKey = await sts.importJWK(key, "RS256");
|
|
56
|
+
if (rPublicKey.isErr()) {
|
|
57
|
+
return Result.Err(rPublicKey);
|
|
58
|
+
}
|
|
59
|
+
const r = await exception2Result(() => jwtVerify(token, rPublicKey.Ok().key));
|
|
60
|
+
if (r.isErr()) {
|
|
61
|
+
return Result.Err(r);
|
|
62
|
+
}
|
|
63
|
+
if (!r.Ok()) {
|
|
64
|
+
return Result.Err("ClerkVerifyToken: failed");
|
|
65
|
+
}
|
|
66
|
+
return Result.Ok({
|
|
67
|
+
payload: r.Ok(),
|
|
68
|
+
});
|
|
69
|
+
},
|
|
70
|
+
});
|
|
71
|
+
if (rt.isErr()) {
|
|
72
|
+
return Result.Err(rt.Err());
|
|
73
|
+
}
|
|
74
|
+
const t = rt.Ok();
|
|
75
|
+
return Result.Ok({
|
|
76
|
+
type: "clerk",
|
|
77
|
+
token,
|
|
78
|
+
claims: t.payload,
|
|
79
|
+
});
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
export class DeviceIdApiToken {
|
|
83
|
+
sthis;
|
|
84
|
+
opts;
|
|
85
|
+
constructor(sthis, opts) {
|
|
86
|
+
this.sthis = sthis;
|
|
87
|
+
this.opts = opts;
|
|
88
|
+
}
|
|
89
|
+
async verify(token) {
|
|
90
|
+
const verify = new DeviceIdVerifyMsg(this.sthis.txt.base64, [(await this.opts.deviceIdCA.caCertificate()).Ok()], {
|
|
91
|
+
maxAge: 3600,
|
|
92
|
+
...this.opts,
|
|
93
|
+
});
|
|
94
|
+
const res = await verify.verifyWithCertificate(token, FPDeviceIDSessionSchema);
|
|
95
|
+
if (res.valid) {
|
|
96
|
+
const creatingUser = res.certificate.certificate.asCert().creatingUser;
|
|
97
|
+
if (!creatingUser || creatingUser.type !== "clerk") {
|
|
98
|
+
return Result.Err(`DeviceIdApiToken-verify: unsupported creatingUser type: ${creatingUser}`);
|
|
99
|
+
}
|
|
100
|
+
return Result.Ok({
|
|
101
|
+
type: "device-id",
|
|
102
|
+
token,
|
|
103
|
+
claims: creatingUser.claims,
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
return Result.Err(res.error);
|
|
107
|
+
}
|
|
108
|
+
}
|
|
109
|
+
export const deviceIdCAFromEnv = Lazy((sthis) => {
|
|
110
|
+
const rEnv = sthis.env.gets({
|
|
111
|
+
DEVICE_ID_CA_PRIV_KEY: param.REQUIRED,
|
|
112
|
+
DEVICE_ID_CA_CERT: param.REQUIRED,
|
|
113
|
+
});
|
|
114
|
+
if (rEnv.isErr()) {
|
|
115
|
+
throw rEnv.Err();
|
|
116
|
+
}
|
|
117
|
+
const envVals = rEnv.Ok();
|
|
118
|
+
return DeviceIdCA.from(sthis, {
|
|
119
|
+
privateKey: envVals.DEVICE_ID_CA_PRIV_KEY,
|
|
120
|
+
signedCert: envVals.DEVICE_ID_CA_CERT,
|
|
121
|
+
}, {
|
|
122
|
+
generateSerialNumber: async () => sthis.nextId(32).str,
|
|
123
|
+
});
|
|
124
|
+
});
|
|
125
|
+
export const tokenApi = Lazy(async (sthis, opts) => {
|
|
126
|
+
return {
|
|
127
|
+
"device-id": new DeviceIdApiToken(sthis, opts),
|
|
128
|
+
clerk: new ClerkApiToken(sthis),
|
|
129
|
+
};
|
|
130
|
+
});
|
|
131
|
+
//# sourceMappingURL=token.js.map
|
package/token.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"token.js","sourceRoot":"","sources":["../jsr/token.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,iBAAiB,CAAC;AACxE,OAAO,EAAE,UAAU,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC1E,OAAO,EAAE,GAAG,EAAE,MAAM,yBAAyB,CAAC;AAC9C,OAAO,EAA2B,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,4BAA4B,CAAC;AAGlH,OAAO,EAAE,SAAS,EAAE,MAAM,MAAM,CAAC;AAEjC,MAAM,OAAO,aAAa;IACf,KAAK,CAAY;IAC1B,YAAY,KAAgB,EAAE;QAC5B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IAAA,CACpB;IAEQ,WAAW,GAAG,IAAI,CAAC,GAA+C,EAAE,CAAC;QAC5E,MAAM,IAAI,GAAa,EAAE,CAAC;QAC1B,MAAM,IAAI,GAAa,EAAE,CAAC;QAE1B,KAAK,IAAI,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC;YACrC,MAAM,GAAG,GAAG,oBAAoB,MAAM,EAAE,CAAC;YACzC,MAAM,GAAG,GAAG,oBAAoB,MAAM,EAAE,CAAC;YACzC,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;gBAClC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,QAAQ;gBACrB,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,QAAQ;aACtB,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;gBACpB,OAAO,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YACnC,CAAC;YACD,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,EAAE,EAAE,CAAC;YACtD,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;gBAEvB,MAAM;YACR,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACpB,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,CAAC,IAAI,CACP,GAAG,MAAM;qBACN,KAAK,CAAC,GAAG,CAAC;qBACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;qBACpB,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CACpB,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAAA,CAClC,CAAC,CAAC;IAEH,KAAK,CAAC,MAAM,CAAC,KAAa,EAAyC;QACjE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC;QAE/C,MAAM,EAAE,GAAG,MAAM,GAAG,CAAC,WAAW,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE;YAClD,WAAW,EAAE,CAAC,OAAgB,EAAwB,EAAE,CAAC;gBACvD,MAAM,CAAC,GAAG,kBAAkB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;gBAChD,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;oBACd,OAAO,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;gBAC3B,CAAC;qBAAM,CAAC;oBAEN,OAAO,CAAC,GAAG,CAAC,gCAAgC,EAAE,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC;oBAChE,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;gBAC7B,CAAC;YAAA,CACF;YACD,WAAW,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,EAAE,CAAC;gBACjC,MAAM,UAAU,GAAG,MAAM,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;gBACrD,IAAI,UAAU,CAAC,KAAK,EAAE,EAAE,CAAC;oBACvB,OAAO,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBAChC,CAAC;gBAID,MAAM,CAAC,GAAG,MAAM,gBAAgB,CAC9B,GAAG,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAK5C,CAAC;gBAEF,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC;oBACd,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvB,CAAC;gBACD,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC;oBACZ,OAAO,MAAM,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAC;gBAChD,CAAC;gBACD,OAAO,MAAM,CAAC,EAAE,CAAC;oBACf,OAAO,EAAE,CAAC,CAAC,EAAE,EAAE;iBAChB,CAAC,CAAC;YAAA,CACJ;SACF,CAAC,CAAC;QACH,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC;YACf,OAAO,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;QAC9B,CAAC;QACD,MAAM,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAClB,OAAO,MAAM,CAAC,EAAE,CAAC;YACf,IAAI,EAAE,OAAO;YACb,KAAK;YACL,MAAM,EAAE,CAAC,CAAC,OAAO;SAClB,CAAC,CAAC;IAAA,CACJ;CACF;AAED,MAAM,OAAO,gBAAgB;IAClB,KAAK,CAAY;IACjB,IAAI,CAA+B;IAC5C,YAAY,KAAgB,EAAE,IAAkC,EAAE;QAChE,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IAAA,CAClB;IACD,KAAK,CAAC,MAAM,CAAC,KAAa,EAAyC;QACjE,MAAM,MAAM,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;YAC/G,MAAM,EAAE,IAAI;YACZ,GAAG,IAAI,CAAC,IAAI;SACb,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,KAAK,EAAE,uBAAuB,CAAC,CAAC;QAC/E,IAAI,GAAG,CAAC,KAAK,EAAE,CAAC;YACd,MAAM,YAAY,GAAI,GAAG,CAAC,WAAW,CAAC,WAAW,CAAC,MAAM,EAAqD,CAAC,YAAY,CAAC;YAG3H,IAAI,CAAC,YAAY,IAAI,YAAY,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;gBACnD,OAAO,MAAM,CAAC,GAAG,CAAC,2DAA2D,YAAY,EAAE,CAAC,CAAC;YAC/F,CAAC;YAED,OAAO,MAAM,CAAC,EAAE,CAAC;gBACf,IAAI,EAAE,WAAW;gBACjB,KAAK;gBACL,MAAM,EAAE,YAAY,CAAC,MAAM;aAC5B,CAAC,CAAC;QACL,CAAC;QACD,OAAO,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAAA,CAC9B;CACF;AAED,MAAM,CAAC,MAAM,iBAAiB,GAAG,IAAI,CAAC,CAAC,KAAgB,EAAE,EAAE,CAAC;IAC1D,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC;QAC1B,qBAAqB,EAAE,KAAK,CAAC,QAAQ;QACrC,iBAAiB,EAAE,KAAK,CAAC,QAAQ;KAClC,CAAC,CAAC;IACH,IAAI,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;IACnB,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,EAAE,EAAE,CAAC;IAC1B,OAAO,UAAU,CAAC,IAAI,CACpB,KAAK,EACL;QACE,UAAU,EAAE,OAAO,CAAC,qBAAqB;QACzC,UAAU,EAAE,OAAO,CAAC,iBAAiB;KACtC,EACD;QACE,oBAAoB,EAAE,KAAK,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,GAAG;KACvD,CACF,CAAC;AAAA,CACH,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,EAAE,KAAgB,EAAE,IAAkC,EAAE,EAAE,CAAC;IAO3F,OAAO;QACL,WAAW,EAAE,IAAI,gBAAgB,CAAC,KAAK,EAAE,IAAI,CAAC;QAC9C,KAAK,EAAE,IAAI,aAAa,CAAC,KAAK,CAAC;KAChC,CAAC;AAAA,CACH,CAAC,CAAC"}
|