@steemit/steem-js 0.7.11 → 0.8.0

package/lib/api/methods.js

@@ -3,7 +3,8 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.default = [{
+exports.default = void 0;
+var _default = exports.default = [{
   "api": "database_api",
   "method": "set_subscribe_callback",
   "params": ["callback", "clearFilter"]
@@ -410,4 +411,18 @@ exports.default = [{
   "api": "condenser_api",
   "method": "get_nai_pool",
   "params": []
+}, {
+  "api": "rc_api",
+  "method": "find_rc_accounts",
+  "params": ["accounts"],
+  "is_object": true
+}, {
+  "api": "condenser_api",
+  "method": "get_expiring_vesting_delegations",
+  "params": ["account", "start", "limit"]
+}, {
+  "api": "database_api",
+  "method": "find_change_recovery_account_requests",
+  "params": ["account"],
+  "is_object": true
 }];

package/lib/api/rpc-auth.js

@@ -0,0 +1,135 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.default = exports.K = void 0;
+exports.sign = sign;
+exports.validate = validate;
+var _crypto = require("crypto");
+var _ecc = require("../auth/ecc");
+/**
+ * @file JSONRPC 2.0 request authentication with steem authorities.
+ * Based on the original @steemit/rpc-auth package
+ */
+
+/**
+ * Signing constant used to reserve opcode space and prevent cross-protocol attacks.
+ * Output of `sha256('steem_jsonrpc_auth')`.
+ */
+const K = exports.K = Buffer.from('3b3b081e46ea808d5a96b08c4bc5003f5e15767090f344faab531ec57565136b', 'hex');
+
+/**
+ * Create request hash to be signed.
+ *
+ * @param timestamp  ISO8601 formatted date e.g. `2017-11-14T19:40:29.077Z`.
+ * @param account    Steem account name that is the signer.
+ * @param method     RPC request method.
+ * @param params     Base64 encoded JSON string containing request params.
+ * @param nonce      8 bytes of random data.
+ *
+ * @returns bytes to be signed or validated.
+ */
+function hashMessage(timestamp, account, method, params, nonce) {
+  const first = (0, _crypto.createHash)('sha256');
+  first.update(timestamp);
+  first.update(account);
+  first.update(method);
+  first.update(params);
+  const second = (0, _crypto.createHash)('sha256');
+  second.update(K);
+  second.update(first.digest());
+  second.update(nonce);
+  return second.digest();
+}
+
+/**
+ * Sign a JSON RPC Request.
+ */
+function sign(request, account, keys) {
+  if (!request.params) {
+    throw new Error('Unable to sign a request without params');
+  }
+  const params = Buffer.from(JSON.stringify(request.params), 'utf8').toString('base64');
+  const nonceBytes = (0, _crypto.randomBytes)(8);
+  const nonce = nonceBytes.toString('hex');
+  const timestamp = new Date().toISOString();
+  const message = hashMessage(timestamp, account, request.method, params, nonceBytes);
+  const signatures = [];
+  for (let key of keys) {
+    if (typeof key === 'string') {
+      key = _ecc.PrivateKey.fromString(key);
+    }
+    const signature = key.sign(message).toHex();
+    signatures.push(signature);
+  }
+  return {
+    jsonrpc: '2.0',
+    method: request.method,
+    id: request.id,
+    params: {
+      __signed: {
+        account,
+        nonce,
+        params,
+        signatures,
+        timestamp
+      }
+    }
+  };
+}
+
+/**
+ * Validate a signed JSON RPC request.
+ * Throws a ValidationError if the request fails validation.
+ *
+ * @returns Resolved request params.
+ */
+async function validate(request, verify) {
+  if (request.jsonrpc !== '2.0' || typeof request.method !== 'string') {
+    throw new Error('Invalid JSON RPC Request');
+  }
+  if (request.params == undefined || request.params.__signed == undefined) {
+    throw new Error('Signed payload missing');
+  }
+  if (Object.keys(request.params).length !== 1) {
+    throw new Error('Invalid request params');
+  }
+  const signed = request.params.__signed;
+  if (signed.account == undefined) {
+    throw new Error('Missing account');
+  }
+  let params;
+  try {
+    const jsonString = Buffer.from(signed.params, 'base64').toString('utf8');
+    params = JSON.parse(jsonString);
+  } catch (cause) {
+    throw new Error(`Invalid encoded params: ${cause.message}`);
+  }
+  if (signed.nonce == undefined || typeof signed.nonce !== 'string') {
+    throw new Error('Invalid nonce');
+  }
+  const nonce = Buffer.from(signed.nonce, 'hex');
+  if (nonce.length !== 8) {
+    throw new Error('Invalid nonce');
+  }
+  const timestamp = Date.parse(signed.timestamp);
+  if (Number.isNaN(timestamp)) {
+    throw new Error('Invalid timestamp');
+  }
+  if (Date.now() - timestamp > 60 * 1000) {
+    throw new Error('Signature expired');
+  }
+  const message = hashMessage(signed.timestamp, signed.account, request.method, signed.params, nonce);
+  try {
+    await verify(message, signed.signatures, signed.account);
+  } catch (cause) {
+    throw new Error(`Verification failed: ${cause.message}`);
+  }
+  return params;
+}
+var _default = exports.default = {
+  sign,
+  validate,
+  K
+};

package/lib/api/transports/base.js

@@ -1,72 +1,31 @@
-'use strict';
+"use strict";
 
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-
-var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();
-
-var _bluebird = require('bluebird');
-
-var _bluebird2 = _interopRequireDefault(_bluebird);
-
-var _events = require('events');
-
-var _events2 = _interopRequireDefault(_events);
-
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-
-function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
-
-function _possibleConstructorReturn(self, call) { if (!self) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return call && (typeof call === "object" || typeof call === "function") ? call : self; }
-
-function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function, not " + typeof superClass); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, enumerable: false, writable: true, configurable: true } }); if (superClass) Object.setPrototypeOf ? Object.setPrototypeOf(subClass, superClass) : subClass.__proto__ = superClass; }
-
-var Transport = function (_EventEmitter) {
-  _inherits(Transport, _EventEmitter);
-
-  function Transport() {
-    var options = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : {};
-
-    _classCallCheck(this, Transport);
-
-    var _this = _possibleConstructorReturn(this, (Transport.__proto__ || Object.getPrototypeOf(Transport)).call(this, options));
-
-    _this.options = options;
-    _this.id = 0;
-    return _this;
+exports.default = void 0;
+var _bluebird = _interopRequireDefault(require("bluebird"));
+var _events = _interopRequireDefault(require("events"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+class Transport extends _events.default {
+  constructor(options = {}) {
+    super(options);
+    this.options = options;
+    this.id = 0;
   }
-
-  _createClass(Transport, [{
-    key: 'setOptions',
-    value: function setOptions(options) {
-      Object.assign(this.options, options);
-      this.stop();
-    }
-  }, {
-    key: 'listenTo',
-    value: function listenTo(target, eventName, callback) {
-      if (target.addEventListener) target.addEventListener(eventName, callback);else target.on(eventName, callback);
-
-      return function () {
-        if (target.removeEventListener) target.removeEventListener(eventName, callback);else target.removeListener(eventName, callback);
-      };
-    }
-  }, {
-    key: 'send',
-    value: function send() {}
-  }, {
-    key: 'start',
-    value: function start() {}
-  }, {
-    key: 'stop',
-    value: function stop() {}
-  }]);
-
-  return Transport;
-}(_events2.default);
-
+  setOptions(options) {
+    Object.assign(this.options, options);
+    this.stop();
+  }
+  listenTo(target, eventName, callback) {
+    if (target.addEventListener) target.addEventListener(eventName, callback);else target.on(eventName, callback);
+    return () => {
+      if (target.removeEventListener) target.removeEventListener(eventName, callback);else target.removeListener(eventName, callback);
+    };
+  }
+  send() {}
+  start() {}
+  stop() {}
+}
 exports.default = Transport;
-
-
-_bluebird2.default.promisifyAll(Transport.prototype);
+_bluebird.default.promisifyAll(Transport.prototype);

package/lib/api/transports/http.js

@@ -1,55 +1,24 @@
-'use strict';
+"use strict";
 
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-
-var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();
-
+exports.default = void 0;
 exports.jsonRpc = jsonRpc;
-
-var _crossFetch = require('cross-fetch');
-
-var _crossFetch2 = _interopRequireDefault(_crossFetch);
-
-var _debug = require('debug');
-
-var _debug2 = _interopRequireDefault(_debug);
-
-var _retry = require('retry');
-
-var _retry2 = _interopRequireDefault(_retry);
-
-var _base = require('./base');
-
-var _base2 = _interopRequireDefault(_base);
-
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-
-function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }
-
-function _possibleConstructorReturn(self, call) { if (!self) { throw new ReferenceError("this hasn't been initialised - super() hasn't been called"); } return call && (typeof call === "object" || typeof call === "function") ? call : self; }
-
-function _inherits(subClass, superClass) { if (typeof superClass !== "function" && superClass !== null) { throw new TypeError("Super expression must either be null or a function, not " + typeof superClass); } subClass.prototype = Object.create(superClass && superClass.prototype, { constructor: { value: subClass, enumerable: false, writable: true, configurable: true } }); if (superClass) Object.setPrototypeOf ? Object.setPrototypeOf(subClass, superClass) : subClass.__proto__ = superClass; }
-
-var debug = (0, _debug2.default)('steem:http');
-
-var RPCError = function (_Error) {
-  _inherits(RPCError, _Error);
-
-  function RPCError(rpcError) {
-    _classCallCheck(this, RPCError);
-
-    var _this = _possibleConstructorReturn(this, (RPCError.__proto__ || Object.getPrototypeOf(RPCError)).call(this, rpcError.message));
-
-    _this.name = 'RPCError';
-    _this.code = rpcError.code;
-    _this.data = rpcError.data;
-    return _this;
+var _crossFetch = _interopRequireDefault(require("cross-fetch"));
+var _debug = _interopRequireDefault(require("debug"));
+var _retry = _interopRequireDefault(require("retry"));
+var _base = _interopRequireDefault(require("./base"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+const debug = (0, _debug.default)('steem:http');
+class RPCError extends Error {
+  constructor(rpcError) {
+    super(rpcError.message);
+    this.name = 'RPCError';
+    this.code = rpcError.code;
+    this.data = rpcError.data;
   }
-
-  return RPCError;
-}(Error);
+}
 
 /**
  * Makes a JSON-RPC request using `fetch` or a user-provided `fetchMethod`.
@@ -61,18 +30,32 @@ var RPCError = function (_Error) {
  * @param {function} [options.fetchMethod=fetch] - A function with the same
  * signature as `fetch`, which can be used to make the network request, or for
  * stubbing in tests.
+ * @param {number} [options.timeoutMs=30000] - Request timeout in milliseconds.
  */
+function jsonRpc(uri, {
+  method,
+  id,
+  params,
+  fetchMethod = _crossFetch.default,
+  timeoutMs = 30000
+}) {
+  const payload = {
+    id,
+    jsonrpc: '2.0',
+    method,
+    params
+  };
+  let timeoutId = null;
+
+  // Create a promise that will reject after the timeout
+  const timeoutPromise = new Promise((_, reject) => {
+    timeoutId = setTimeout(() => {
+      reject(new Error(`Request timeout after ${timeoutMs}ms`));
+    }, timeoutMs);
+  });
 
-
-function jsonRpc(uri, _ref) {
-  var method = _ref.method,
-      id = _ref.id,
-      params = _ref.params,
-      _ref$fetchMethod = _ref.fetchMethod,
-      fetchMethod = _ref$fetchMethod === undefined ? _crossFetch2.default : _ref$fetchMethod;
-
-  var payload = { id: id, jsonrpc: '2.0', method: method, params: params };
-  return fetchMethod(uri, {
+  // Create the fetch promise
+  const fetchPromise = fetchMethod(uri, {
     body: JSON.stringify(payload),
     method: 'post',
     mode: 'cors',
@@ -80,93 +63,95 @@ function jsonRpc(uri, _ref) {
       Accept: 'application/json, text/plain, */*',
       'Content-Type': 'application/json'
     }
-  }).then(function (res) {
+  }).then(res => {
     if (!res.ok) {
-      throw new Error('HTTP ' + res.status + ': ' + res.statusText);
+      throw new Error(`HTTP ${res.status}: ${res.statusText}`);
     }
     return res.json();
-  }).then(function (rpcRes) {
+  }).then(rpcRes => {
     if (rpcRes.id !== id) {
-      throw new Error('Invalid response id: ' + rpcRes.id);
+      throw new Error(`Invalid response id: ${rpcRes.id}`);
     }
     if (rpcRes.error) {
       throw new RPCError(rpcRes.error);
     }
     return rpcRes.result;
   });
-}
 
-var HttpTransport = function (_Transport) {
-  _inherits(HttpTransport, _Transport);
-
-  function HttpTransport() {
-    _classCallCheck(this, HttpTransport);
-
-    return _possibleConstructorReturn(this, (HttpTransport.__proto__ || Object.getPrototypeOf(HttpTransport)).apply(this, arguments));
-  }
-
-  _createClass(HttpTransport, [{
-    key: 'send',
-    value: function send(api, data, callback) {
-      var _this3 = this;
-
-      if (this.options.useAppbaseApi) {
-        api = 'condenser_api';
-      }
-      debug('Steem::send', api, data);
-      var id = data.id || this.id++;
-      var params = [api, data.method, data.params];
-      var retriable = this.retriable(api, data);
-      var fetchMethod = this.options.fetchMethod;
-      if (retriable) {
-        retriable.attempt(function (currentAttempt) {
-          jsonRpc(_this3.options.uri, { method: 'call', id: id, params: params, fetchMethod: fetchMethod }).then(function (res) {
-            callback(null, res);
-          }, function (err) {
-            if (retriable.retry(err)) {
-              return;
-            }
-            callback(retriable.mainError());
-          });
-        });
-      } else {
-        jsonRpc(this.options.uri, { method: 'call', id: id, params: params, fetchMethod: fetchMethod }).then(function (res) {
+  // Race the fetch against the timeout
+  return Promise.race([fetchPromise, timeoutPromise]).finally(() => {
+    // Clear the timeout to avoid memory leaks
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+    }
+  });
+}
+class HttpTransport extends _base.default {
+  send(api, data, callback) {
+    if (this.options.useAppbaseApi) {
+      api = 'condenser_api';
+    }
+    debug('Steem::send', api, data);
+    const id = data.id || this.id++;
+    const params = [api, data.method, data.params];
+    const retriable = this.retriable(api, data);
+    const fetchMethod = this.options.fetchMethod;
+
+    // Use a longer timeout for broadcast operations (60s) and standard operations (30s)
+    const timeoutMs = this.isBroadcastOperation(data.method) ? 60000 : 30000;
+    if (retriable) {
+      retriable.attempt(currentAttempt => {
+        jsonRpc(this.options.uri, {
+          method: 'call',
+          id,
+          params,
+          fetchMethod,
+          timeoutMs
+        }).then(res => {
           callback(null, res);
-        }, function (err) {
-          callback(err);
+        }, err => {
+          if (retriable.retry(err)) {
+            return;
+          }
+          callback(retriable.mainError());
         });
-      }
+      });
+    } else {
+      jsonRpc(this.options.uri, {
+        method: 'call',
+        id,
+        params,
+        fetchMethod,
+        timeoutMs
+      }).then(res => {
+        callback(null, res);
+      }, err => {
+        callback(err);
+      });
     }
-  }, {
-    key: 'retriable',
-
+  }
+  isBroadcastOperation(method) {
+    return this.nonRetriableOperations.some(op => op === method);
+  }
+  get nonRetriableOperations() {
+    return this.options.nonRetriableOperations || ['broadcast_transaction', 'broadcast_transaction_with_callback', 'broadcast_transaction_synchronous', 'broadcast_block'];
+  }
 
-    // An object which can be used to track retries.
-    value: function retriable(api, data) {
-      if (this.nonRetriableOperations.some(function (o) {
-        return o === data.method;
-      })) {
-        // Do not retry if the operation is non-retriable.
-        return null;
-      } else if (Object(this.options.retry) === this.options.retry) {
-        // If `this.options.retry` is a map of options, pass those to operation.
-        return _retry2.default.operation(this.options.retry);
-      } else if (this.options.retry) {
-        // If `this.options.retry` is `true`, use default options.
-        return _retry2.default.operation();
-      } else {
-        // Otherwise, don't retry.
-        return null;
-      }
+  // An object which can be used to track retries.
+  retriable(api, data) {
+    if (this.isBroadcastOperation(data.method)) {
+      // Do not retry if the operation is non-retriable.
+      return null;
+    } else if (Object(this.options.retry) === this.options.retry) {
+      // If `this.options.retry` is a map of options, pass those to operation.
+      return _retry.default.operation(this.options.retry);
+    } else if (this.options.retry) {
+      // If `this.options.retry` is `true`, use default options.
+      return _retry.default.operation();
+    } else {
+      // Otherwise, don't retry.
+      return null;
     }
-  }, {
-    key: 'nonRetriableOperations',
-    get: function get() {
-      return this.options.nonRetriableOperations || ['broadcast_transaction', 'broadcast_transaction_with_callback', 'broadcast_transaction_synchronous', 'broadcast_block'];
-    }
-  }]);
-
-  return HttpTransport;
-}(_base2.default);
-
+  }
+}
 exports.default = HttpTransport;

package/lib/api/transports/index.js

@@ -1,20 +1,13 @@
-'use strict';
+"use strict";
 
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-
-var _http = require('./http');
-
-var _http2 = _interopRequireDefault(_http);
-
-var _ws = require('./ws');
-
-var _ws2 = _interopRequireDefault(_ws);
-
-function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }
-
-exports.default = {
-  http: _http2.default,
-  ws: _ws2.default
+exports.default = void 0;
+var _http = _interopRequireDefault(require("./http"));
+var _ws = _interopRequireDefault(require("./ws"));
+function _interopRequireDefault(e) { return e && e.__esModule ? e : { default: e }; }
+var _default = exports.default = {
+  http: _http.default,
+  ws: _ws.default
 };