@peac/protocol 0.10.14 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +26 -1
- package/dist/index.cjs.map +1 -1
- package/dist/index.mjs +27 -2
- package/dist/index.mjs.map +1 -1
- package/dist/issue.d.ts.map +1 -1
- package/dist/verify-local.cjs +9 -0
- package/dist/verify-local.cjs.map +1 -1
- package/dist/verify-local.d.ts +1 -1
- package/dist/verify-local.d.ts.map +1 -1
- package/dist/verify-local.mjs +10 -1
- package/dist/verify-local.mjs.map +1 -1
- package/dist/verify.d.ts.map +1 -1
- package/package.json +5 -5
package/dist/index.cjs
CHANGED
|
@@ -140,6 +140,10 @@ async function issue(options) {
|
|
|
140
140
|
...options.purpose_enforced && { purpose_enforced: options.purpose_enforced },
|
|
141
141
|
...options.purpose_reason && { purpose_reason: options.purpose_reason }
|
|
142
142
|
};
|
|
143
|
+
const constraintResult = schema.validateKernelConstraints(claims);
|
|
144
|
+
if (!constraintResult.valid) {
|
|
145
|
+
throw new IssueError(schema.createConstraintViolationError(constraintResult.violations));
|
|
146
|
+
}
|
|
143
147
|
try {
|
|
144
148
|
schema.ReceiptClaims.parse(claims);
|
|
145
149
|
} catch (err) {
|
|
@@ -148,7 +152,10 @@ async function issue(options) {
|
|
|
148
152
|
(issue2) => issue2.path.some((p) => p === "evidence" || p === "payment")
|
|
149
153
|
);
|
|
150
154
|
if (evidenceIssue && evidenceIssue.path.includes("evidence")) {
|
|
151
|
-
const peacError = schema.createEvidenceNotJsonError(
|
|
155
|
+
const peacError = schema.createEvidenceNotJsonError(
|
|
156
|
+
evidenceIssue.message,
|
|
157
|
+
evidenceIssue.path
|
|
158
|
+
);
|
|
152
159
|
throw new IssueError(peacError);
|
|
153
160
|
}
|
|
154
161
|
}
|
|
@@ -243,6 +250,15 @@ async function verifyReceipt(optionsOrJws) {
|
|
|
243
250
|
let jwksFetchTime;
|
|
244
251
|
try {
|
|
245
252
|
const { header, payload } = crypto.decode(receiptJws);
|
|
253
|
+
const constraintResult = schema.validateKernelConstraints(payload);
|
|
254
|
+
if (!constraintResult.valid) {
|
|
255
|
+
const v = constraintResult.violations[0];
|
|
256
|
+
return {
|
|
257
|
+
ok: false,
|
|
258
|
+
reason: "constraint_violation",
|
|
259
|
+
details: `Kernel constraint violated: ${v.constraint} (actual: ${v.actual}, limit: ${v.limit})`
|
|
260
|
+
};
|
|
261
|
+
}
|
|
246
262
|
schema.ReceiptClaims.parse(payload);
|
|
247
263
|
if (payload.exp && payload.exp < Math.floor(Date.now() / 1e3)) {
|
|
248
264
|
const durationMs = performance.now() - startTime;
|
|
@@ -362,6 +378,15 @@ async function verifyLocal(jws, publicKey, options = {}) {
|
|
|
362
378
|
message: "Ed25519 signature verification failed"
|
|
363
379
|
};
|
|
364
380
|
}
|
|
381
|
+
const constraintResult = schema.validateKernelConstraints(result.payload);
|
|
382
|
+
if (!constraintResult.valid) {
|
|
383
|
+
const v = constraintResult.violations[0];
|
|
384
|
+
return {
|
|
385
|
+
valid: false,
|
|
386
|
+
code: "E_CONSTRAINT_VIOLATION",
|
|
387
|
+
message: `Kernel constraint violated: ${v.constraint} (actual: ${v.actual}, limit: ${v.limit})`
|
|
388
|
+
};
|
|
389
|
+
}
|
|
365
390
|
const pr = schema.parseReceiptClaims(result.payload);
|
|
366
391
|
if (!pr.ok) {
|
|
367
392
|
return {
|