@yeying-community/web3-bs 1.0.11 → 1.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/encrypt.d.ts +54 -0
- package/dist/auth/index.d.ts +1 -0
- package/dist/auth/ucan.d.ts +44 -0
- package/dist/dapp.d.ts +1 -0
- package/dist/web3-bs.esm.js +353 -67
- package/dist/web3-bs.esm.js.map +1 -1
- package/dist/web3-bs.umd.js +367 -66
- package/dist/web3-bs.umd.js.map +1 -1
- package/package.json +1 -1
package/dist/web3-bs.umd.js
CHANGED
|
@@ -694,8 +694,9 @@
|
|
|
694
694
|
}
|
|
695
695
|
|
|
696
696
|
const DEFAULT_SESSION_ID = 'default';
|
|
697
|
-
const
|
|
698
|
-
const
|
|
697
|
+
const DEFAULT_UCAN_SESSION_TTL_MS = 24 * 60 * 60 * 1000;
|
|
698
|
+
const DEFAULT_UCAN_TOKEN_TTL_MS = 40 * 60 * 1000;
|
|
699
|
+
const DEFAULT_UCAN_TOKEN_SKEW_MS = 60 * 1000;
|
|
699
700
|
const DB_NAME = 'yeying-web3';
|
|
700
701
|
const DB_STORE = 'ucan-sessions';
|
|
701
702
|
const BASE58_ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
|
|
@@ -776,6 +777,30 @@
|
|
|
776
777
|
function encodeJson(value) {
|
|
777
778
|
return toBase64Url(textEncoder.encode(JSON.stringify(value)));
|
|
778
779
|
}
|
|
780
|
+
function decodeBase64Url(input) {
|
|
781
|
+
if (!input)
|
|
782
|
+
return null;
|
|
783
|
+
const base64 = input.replace(/-/g, '+').replace(/_/g, '/');
|
|
784
|
+
const padded = base64.padEnd(Math.ceil(base64.length / 4) * 4, '=');
|
|
785
|
+
try {
|
|
786
|
+
if (typeof atob === 'function') {
|
|
787
|
+
return atob(padded);
|
|
788
|
+
}
|
|
789
|
+
}
|
|
790
|
+
catch {
|
|
791
|
+
// Try Node-compatible fallback below.
|
|
792
|
+
}
|
|
793
|
+
try {
|
|
794
|
+
const nodeBuffer = globalThis.Buffer;
|
|
795
|
+
if (nodeBuffer) {
|
|
796
|
+
return nodeBuffer.from(padded, 'base64').toString('utf8');
|
|
797
|
+
}
|
|
798
|
+
}
|
|
799
|
+
catch {
|
|
800
|
+
return null;
|
|
801
|
+
}
|
|
802
|
+
return null;
|
|
803
|
+
}
|
|
779
804
|
function randomNonce(bytes = 16) {
|
|
780
805
|
const buffer = new Uint8Array(bytes);
|
|
781
806
|
crypto.getRandomValues(buffer);
|
|
@@ -784,8 +809,144 @@
|
|
|
784
809
|
.join('');
|
|
785
810
|
}
|
|
786
811
|
function normalizeExpiry(exp, fallbackMs) {
|
|
812
|
+
if (typeof exp === 'number' && !Number.isNaN(exp))
|
|
813
|
+
return exp;
|
|
787
814
|
return Date.now() + fallbackMs;
|
|
788
815
|
}
|
|
816
|
+
function normalizeUcanExpiry(exp, fallbackMs) {
|
|
817
|
+
return normalizeExpiry(exp, fallbackMs);
|
|
818
|
+
}
|
|
819
|
+
function decodeUcanPayload(token) {
|
|
820
|
+
const parts = String(token || '').split('.');
|
|
821
|
+
if (parts.length < 2)
|
|
822
|
+
return null;
|
|
823
|
+
const decoded = decodeBase64Url(parts[1]);
|
|
824
|
+
if (!decoded)
|
|
825
|
+
return null;
|
|
826
|
+
try {
|
|
827
|
+
const payload = JSON.parse(decoded);
|
|
828
|
+
if (!payload || typeof payload !== 'object')
|
|
829
|
+
return null;
|
|
830
|
+
return payload;
|
|
831
|
+
}
|
|
832
|
+
catch {
|
|
833
|
+
return null;
|
|
834
|
+
}
|
|
835
|
+
}
|
|
836
|
+
function getUcanTokenTiming(token, options = {}) {
|
|
837
|
+
const nowMs = options.nowMs ?? Date.now();
|
|
838
|
+
const payload = decodeUcanPayload(token);
|
|
839
|
+
const exp = typeof payload?.exp === 'number' ? payload.exp : null;
|
|
840
|
+
const nbf = typeof payload?.nbf === 'number' ? payload.nbf : null;
|
|
841
|
+
const payloadWithIat = payload;
|
|
842
|
+
const issuedAt = typeof payloadWithIat?.iat === 'number'
|
|
843
|
+
? payloadWithIat.iat
|
|
844
|
+
: null;
|
|
845
|
+
const remainingMs = exp === null ? null : exp - nowMs;
|
|
846
|
+
const activeInMs = nbf === null ? 0 : Math.max(0, nbf - nowMs);
|
|
847
|
+
const expired = exp === null || (remainingMs !== null && remainingMs <= 0);
|
|
848
|
+
const notBefore = activeInMs > 0;
|
|
849
|
+
return {
|
|
850
|
+
valid: Boolean(payload && !expired && !notBefore),
|
|
851
|
+
payload,
|
|
852
|
+
exp,
|
|
853
|
+
nbf,
|
|
854
|
+
issuedAt,
|
|
855
|
+
nowMs,
|
|
856
|
+
remainingMs,
|
|
857
|
+
activeInMs,
|
|
858
|
+
expired,
|
|
859
|
+
notBefore,
|
|
860
|
+
};
|
|
861
|
+
}
|
|
862
|
+
function isUcanTokenFresh(tokenOrTiming, options = {}) {
|
|
863
|
+
const timing = typeof tokenOrTiming === 'string'
|
|
864
|
+
? getUcanTokenTiming(tokenOrTiming, { nowMs: options.nowMs })
|
|
865
|
+
: tokenOrTiming;
|
|
866
|
+
if (!timing.valid)
|
|
867
|
+
return false;
|
|
868
|
+
const skewMs = Math.max(0, options.skewMs ?? DEFAULT_UCAN_TOKEN_SKEW_MS);
|
|
869
|
+
return typeof timing.remainingMs === 'number' && timing.remainingMs > skewMs;
|
|
870
|
+
}
|
|
871
|
+
function readErrorField(error, field) {
|
|
872
|
+
if (!error || typeof error !== 'object')
|
|
873
|
+
return undefined;
|
|
874
|
+
const value = error[field];
|
|
875
|
+
if (value !== undefined)
|
|
876
|
+
return value;
|
|
877
|
+
const nestedError = error.error;
|
|
878
|
+
if (nestedError && typeof nestedError === 'object') {
|
|
879
|
+
return nestedError[field];
|
|
880
|
+
}
|
|
881
|
+
return undefined;
|
|
882
|
+
}
|
|
883
|
+
function classifyUcanAuthError(error) {
|
|
884
|
+
const messageValue = readErrorField(error, 'message');
|
|
885
|
+
const codeValue = readErrorField(error, 'code');
|
|
886
|
+
const statusValue = readErrorField(error, 'status') ?? readErrorField(error, 'statusCode');
|
|
887
|
+
const message = typeof messageValue === 'string'
|
|
888
|
+
? messageValue
|
|
889
|
+
: error instanceof Error
|
|
890
|
+
? error.message
|
|
891
|
+
: String(messageValue || error || '');
|
|
892
|
+
const status = typeof statusValue === 'number' ? statusValue : undefined;
|
|
893
|
+
const code = typeof codeValue === 'string' || typeof codeValue === 'number' ? codeValue : undefined;
|
|
894
|
+
const normalized = `${message} ${String(code || '')}`.toLowerCase();
|
|
895
|
+
if (/ucan.*expired|expired.*ucan|token.*expired|jwt.*expired|\bexp\b/.test(normalized)) {
|
|
896
|
+
return { type: 'expired', message, retryable: true, shouldRefresh: true, status, code };
|
|
897
|
+
}
|
|
898
|
+
if (/not.?before|\bnbf\b|not yet valid/.test(normalized)) {
|
|
899
|
+
return { type: 'not-before', message, retryable: true, shouldRefresh: false, status, code };
|
|
900
|
+
}
|
|
901
|
+
if (/invalid.*token|malformed.*token|bad.*ucan|invalid.*ucan/.test(normalized)) {
|
|
902
|
+
return { type: 'invalid-token', message, retryable: true, shouldRefresh: true, status, code };
|
|
903
|
+
}
|
|
904
|
+
if (status === 401 || /unauthori[sz]ed|unauthenticated/.test(normalized)) {
|
|
905
|
+
return { type: 'unauthorized', message, retryable: true, shouldRefresh: true, status, code };
|
|
906
|
+
}
|
|
907
|
+
if (status === 403 || /forbidden|permission denied|capability/.test(normalized)) {
|
|
908
|
+
return { type: 'forbidden', message, retryable: false, shouldRefresh: false, status, code };
|
|
909
|
+
}
|
|
910
|
+
return { type: 'unknown', message, retryable: false, shouldRefresh: false, status, code };
|
|
911
|
+
}
|
|
912
|
+
function isReplayableRequestBody(body) {
|
|
913
|
+
if (body == null)
|
|
914
|
+
return true;
|
|
915
|
+
if (typeof body === 'string')
|
|
916
|
+
return true;
|
|
917
|
+
if (typeof URLSearchParams !== 'undefined' && body instanceof URLSearchParams)
|
|
918
|
+
return true;
|
|
919
|
+
if (typeof FormData !== 'undefined' && body instanceof FormData)
|
|
920
|
+
return true;
|
|
921
|
+
if (typeof Blob !== 'undefined' && body instanceof Blob)
|
|
922
|
+
return true;
|
|
923
|
+
if (body instanceof ArrayBuffer)
|
|
924
|
+
return true;
|
|
925
|
+
if (ArrayBuffer.isView(body))
|
|
926
|
+
return true;
|
|
927
|
+
return false;
|
|
928
|
+
}
|
|
929
|
+
async function parseResponseJsonBody(response) {
|
|
930
|
+
const text = await response.text();
|
|
931
|
+
if (!text)
|
|
932
|
+
return null;
|
|
933
|
+
try {
|
|
934
|
+
return JSON.parse(text);
|
|
935
|
+
}
|
|
936
|
+
catch {
|
|
937
|
+
return { raw: text };
|
|
938
|
+
}
|
|
939
|
+
}
|
|
940
|
+
function shouldRetryUcanFetch(response, errorInfo) {
|
|
941
|
+
if (errorInfo.type === 'expired' || errorInfo.shouldRefresh) {
|
|
942
|
+
return true;
|
|
943
|
+
}
|
|
944
|
+
if (response.status === 401)
|
|
945
|
+
return true;
|
|
946
|
+
if (response.status === 403 && errorInfo.type === 'forbidden')
|
|
947
|
+
return false;
|
|
948
|
+
return false;
|
|
949
|
+
}
|
|
789
950
|
function isSessionExpired(expiresAt, nowMs = Date.now()) {
|
|
790
951
|
return typeof expiresAt === 'number' && nowMs >= expiresAt;
|
|
791
952
|
}
|
|
@@ -882,7 +1043,7 @@
|
|
|
882
1043
|
buildDidKey(pair.publicKey),
|
|
883
1044
|
]);
|
|
884
1045
|
const createdAt = Date.now();
|
|
885
|
-
const expiresAt = normalizeExpiry(undefined, options.expiresInMs ??
|
|
1046
|
+
const expiresAt = normalizeExpiry(undefined, options.expiresInMs ?? DEFAULT_UCAN_SESSION_TTL_MS);
|
|
886
1047
|
const root = shouldKeepRootForSession(record?.root, did, createdAt) ? record?.root : undefined;
|
|
887
1048
|
await writeSessionRecord({
|
|
888
1049
|
id: sessionId,
|
|
@@ -1150,7 +1311,7 @@
|
|
|
1150
1311
|
const domain = options.domain || (typeof window !== 'undefined' ? window.location.host : '127.0.0.1');
|
|
1151
1312
|
const uri = options.uri || (typeof window !== 'undefined' ? window.location.origin : 'http://127.0.0.1');
|
|
1152
1313
|
const nonce = options.nonce || randomNonce(8);
|
|
1153
|
-
const exp = normalizeExpiry(undefined, options.expiresInMs ??
|
|
1314
|
+
const exp = normalizeExpiry(undefined, options.expiresInMs ?? DEFAULT_UCAN_SESSION_TTL_MS);
|
|
1154
1315
|
const nbf = options.notBeforeMs;
|
|
1155
1316
|
const normalizedCapabilities = normalizeUcanCapabilities(options.capabilities);
|
|
1156
1317
|
if (!normalizedCapabilities.length) {
|
|
@@ -1234,7 +1395,7 @@
|
|
|
1234
1395
|
if (!normalizedCapabilities.length) {
|
|
1235
1396
|
throw new Error('Missing UCAN capabilities');
|
|
1236
1397
|
}
|
|
1237
|
-
const exp = normalizeExpiry(undefined, options.expiresInMs ??
|
|
1398
|
+
const exp = normalizeExpiry(undefined, options.expiresInMs ?? DEFAULT_UCAN_TOKEN_TTL_MS);
|
|
1238
1399
|
const payload = {
|
|
1239
1400
|
iss: issuer.did,
|
|
1240
1401
|
aud: options.audience,
|
|
@@ -1256,7 +1417,7 @@
|
|
|
1256
1417
|
if (!normalizedCapabilities.length) {
|
|
1257
1418
|
throw new Error('Missing UCAN capabilities');
|
|
1258
1419
|
}
|
|
1259
|
-
const exp = normalizeExpiry(undefined, options.expiresInMs ??
|
|
1420
|
+
const exp = normalizeExpiry(undefined, options.expiresInMs ?? DEFAULT_UCAN_TOKEN_TTL_MS);
|
|
1260
1421
|
const payload = {
|
|
1261
1422
|
iss: issuer.did,
|
|
1262
1423
|
aud: options.audience,
|
|
@@ -1267,30 +1428,84 @@
|
|
|
1267
1428
|
};
|
|
1268
1429
|
return await signUcanPayload(payload, issuer);
|
|
1269
1430
|
}
|
|
1431
|
+
async function getOrCreateInvocationUcan(options) {
|
|
1432
|
+
if (options.ucan &&
|
|
1433
|
+
isUcanTokenFresh(options.ucan, {
|
|
1434
|
+
nowMs: options.nowMs,
|
|
1435
|
+
skewMs: options.skewMs,
|
|
1436
|
+
})) {
|
|
1437
|
+
return options.ucan;
|
|
1438
|
+
}
|
|
1439
|
+
return await createInvocationUcan({
|
|
1440
|
+
issuer: options.issuer,
|
|
1441
|
+
sessionId: options.sessionId,
|
|
1442
|
+
provider: options.provider,
|
|
1443
|
+
audience: options.audience,
|
|
1444
|
+
capabilities: options.capabilities,
|
|
1445
|
+
expiresInMs: options.expiresInMs,
|
|
1446
|
+
notBeforeMs: options.notBeforeMs,
|
|
1447
|
+
proofs: options.proofs,
|
|
1448
|
+
});
|
|
1449
|
+
}
|
|
1270
1450
|
async function authUcanFetch(input, init = {}, options = {}) {
|
|
1271
1451
|
const fetcher = options.fetcher || fetch;
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
|
|
1452
|
+
const audience = options.audience;
|
|
1453
|
+
const capabilities = options.capabilities;
|
|
1454
|
+
const canRefresh = Boolean(audience && capabilities);
|
|
1455
|
+
const canRetry = canRefresh && isReplayableRequestBody(init.body);
|
|
1456
|
+
let token = options.ucan || '';
|
|
1457
|
+
if (!token || (canRefresh && !isUcanTokenFresh(token, { skewMs: options.skewMs }))) {
|
|
1458
|
+
if (!audience || !capabilities) {
|
|
1275
1459
|
throw new Error('Missing UCAN audience or capabilities');
|
|
1276
1460
|
}
|
|
1277
|
-
token = await
|
|
1461
|
+
token = await getOrCreateInvocationUcan({
|
|
1462
|
+
ucan: options.ucan,
|
|
1278
1463
|
issuer: options.issuer,
|
|
1279
1464
|
sessionId: options.sessionId,
|
|
1280
1465
|
provider: options.provider,
|
|
1281
|
-
audience
|
|
1282
|
-
capabilities
|
|
1466
|
+
audience,
|
|
1467
|
+
capabilities,
|
|
1283
1468
|
expiresInMs: options.expiresInMs,
|
|
1284
1469
|
notBeforeMs: options.notBeforeMs,
|
|
1285
1470
|
proofs: options.proofs,
|
|
1471
|
+
skewMs: options.skewMs,
|
|
1286
1472
|
});
|
|
1287
1473
|
}
|
|
1288
|
-
const
|
|
1289
|
-
|
|
1290
|
-
|
|
1474
|
+
const makeHeaders = (bearer) => {
|
|
1475
|
+
const headers = new Headers(init.headers || {});
|
|
1476
|
+
headers.set('Authorization', `Bearer ${bearer}`);
|
|
1477
|
+
return headers;
|
|
1478
|
+
};
|
|
1479
|
+
let response = await fetcher(input, {
|
|
1291
1480
|
...init,
|
|
1292
|
-
headers,
|
|
1481
|
+
headers: makeHeaders(token),
|
|
1482
|
+
});
|
|
1483
|
+
if (!canRetry || response.ok) {
|
|
1484
|
+
return response;
|
|
1485
|
+
}
|
|
1486
|
+
const payload = await parseResponseJsonBody(response.clone()).catch(() => null);
|
|
1487
|
+
const errorInfo = classifyUcanAuthError(payload || response.statusText || response);
|
|
1488
|
+
if (!shouldRetryUcanFetch(response, errorInfo)) {
|
|
1489
|
+
return response;
|
|
1490
|
+
}
|
|
1491
|
+
if (!audience || !capabilities) {
|
|
1492
|
+
return response;
|
|
1493
|
+
}
|
|
1494
|
+
const refreshedToken = await createInvocationUcan({
|
|
1495
|
+
issuer: options.issuer,
|
|
1496
|
+
sessionId: options.sessionId,
|
|
1497
|
+
provider: options.provider,
|
|
1498
|
+
audience,
|
|
1499
|
+
capabilities,
|
|
1500
|
+
expiresInMs: options.expiresInMs,
|
|
1501
|
+
notBeforeMs: options.notBeforeMs,
|
|
1502
|
+
proofs: options.proofs,
|
|
1503
|
+
});
|
|
1504
|
+
response = await fetcher(input, {
|
|
1505
|
+
...init,
|
|
1506
|
+
headers: makeHeaders(refreshedToken),
|
|
1293
1507
|
});
|
|
1508
|
+
return response;
|
|
1294
1509
|
}
|
|
1295
1510
|
|
|
1296
1511
|
const DEFAULT_BASE_URL = '/api/v1/public/auth/central';
|
|
@@ -1601,6 +1816,122 @@
|
|
|
1601
1816
|
});
|
|
1602
1817
|
}
|
|
1603
1818
|
|
|
1819
|
+
/**
|
|
1820
|
+
* 加密/解密 SDK API
|
|
1821
|
+
*
|
|
1822
|
+
* 调用钱包插件的 `yeying_encrypt` / `yeying_decrypt` / `yeying_getCipherSuites`
|
|
1823
|
+
* EIP-1193 自定义方法。命名安全套件 + 静默执行 + 站点授权模型同 UCAN。
|
|
1824
|
+
*
|
|
1825
|
+
* 数据密码(password 参数)由 DApp 自行管理与钱包密码独立;
|
|
1826
|
+
* plaintext 走 base64 字符串跨 message 边界传输。
|
|
1827
|
+
*/
|
|
1828
|
+
class CipherError extends Error {
|
|
1829
|
+
type;
|
|
1830
|
+
code;
|
|
1831
|
+
originalError;
|
|
1832
|
+
constructor(message, type, code, originalError) {
|
|
1833
|
+
super(message);
|
|
1834
|
+
this.name = 'CipherError';
|
|
1835
|
+
this.type = type;
|
|
1836
|
+
this.code = code;
|
|
1837
|
+
this.originalError = originalError;
|
|
1838
|
+
}
|
|
1839
|
+
}
|
|
1840
|
+
function wrapCipherError(err) {
|
|
1841
|
+
const info = classifyWalletError(err);
|
|
1842
|
+
throw new CipherError(info.message, info.type, info.code, err);
|
|
1843
|
+
}
|
|
1844
|
+
function bytesToBase64(bytes) {
|
|
1845
|
+
if (typeof Buffer !== 'undefined') {
|
|
1846
|
+
return Buffer.from(bytes).toString('base64');
|
|
1847
|
+
}
|
|
1848
|
+
let binary = '';
|
|
1849
|
+
for (let i = 0; i < bytes.length; i += 1) {
|
|
1850
|
+
binary += String.fromCharCode(bytes[i]);
|
|
1851
|
+
}
|
|
1852
|
+
return btoa(binary);
|
|
1853
|
+
}
|
|
1854
|
+
function base64ToBytes(b64) {
|
|
1855
|
+
if (typeof Buffer !== 'undefined') {
|
|
1856
|
+
return new Uint8Array(Buffer.from(b64, 'base64'));
|
|
1857
|
+
}
|
|
1858
|
+
const binary = atob(b64);
|
|
1859
|
+
const out = new Uint8Array(binary.length);
|
|
1860
|
+
for (let i = 0; i < binary.length; i += 1)
|
|
1861
|
+
out[i] = binary.charCodeAt(i);
|
|
1862
|
+
return out;
|
|
1863
|
+
}
|
|
1864
|
+
/**
|
|
1865
|
+
* 用指定/默认套件加密数据
|
|
1866
|
+
* @returns v1 格式密文 base64 字符串
|
|
1867
|
+
*/
|
|
1868
|
+
async function encrypt(options) {
|
|
1869
|
+
const provider = options.provider || (await requireProvider());
|
|
1870
|
+
try {
|
|
1871
|
+
const result = await provider.request({
|
|
1872
|
+
method: 'yeying_encrypt',
|
|
1873
|
+
params: [{
|
|
1874
|
+
data: options.data,
|
|
1875
|
+
password: options.password,
|
|
1876
|
+
suite: options.suite
|
|
1877
|
+
}]
|
|
1878
|
+
});
|
|
1879
|
+
if (!result || typeof result !== 'object' || typeof result.ciphertext !== 'string') {
|
|
1880
|
+
throw new Error('Invalid encrypt response: missing ciphertext');
|
|
1881
|
+
}
|
|
1882
|
+
return result.ciphertext;
|
|
1883
|
+
}
|
|
1884
|
+
catch (err) {
|
|
1885
|
+
wrapCipherError(err);
|
|
1886
|
+
}
|
|
1887
|
+
}
|
|
1888
|
+
/**
|
|
1889
|
+
* 解密 v1 格式密文
|
|
1890
|
+
* @returns 明文 Uint8Array
|
|
1891
|
+
*/
|
|
1892
|
+
async function decrypt(options) {
|
|
1893
|
+
const provider = options.provider || (await requireProvider());
|
|
1894
|
+
try {
|
|
1895
|
+
const result = await provider.request({
|
|
1896
|
+
method: 'yeying_decrypt',
|
|
1897
|
+
params: [{
|
|
1898
|
+
ciphertext: options.ciphertext,
|
|
1899
|
+
password: options.password
|
|
1900
|
+
}]
|
|
1901
|
+
});
|
|
1902
|
+
if (!result || typeof result !== 'object' || typeof result.plaintext !== 'string') {
|
|
1903
|
+
throw new Error('Invalid decrypt response: missing plaintext');
|
|
1904
|
+
}
|
|
1905
|
+
const { plaintext, encoding } = result;
|
|
1906
|
+
if (encoding && encoding !== 'base64') {
|
|
1907
|
+
throw new Error(`Unsupported plaintext encoding: ${encoding}`);
|
|
1908
|
+
}
|
|
1909
|
+
return base64ToBytes(plaintext);
|
|
1910
|
+
}
|
|
1911
|
+
catch (err) {
|
|
1912
|
+
wrapCipherError(err);
|
|
1913
|
+
}
|
|
1914
|
+
}
|
|
1915
|
+
/**
|
|
1916
|
+
* 列出可用的命名安全套件
|
|
1917
|
+
*/
|
|
1918
|
+
async function getSupportedCipherSuites(options = {}) {
|
|
1919
|
+
const provider = options.provider || (await requireProvider());
|
|
1920
|
+
try {
|
|
1921
|
+
const result = await provider.request({
|
|
1922
|
+
method: 'yeying_getCipherSuites',
|
|
1923
|
+
params: []
|
|
1924
|
+
});
|
|
1925
|
+
if (!result || typeof result !== 'object' || !Array.isArray(result.suites)) {
|
|
1926
|
+
throw new Error('Invalid getCipherSuites response: missing suites array');
|
|
1927
|
+
}
|
|
1928
|
+
return result.suites;
|
|
1929
|
+
}
|
|
1930
|
+
catch (err) {
|
|
1931
|
+
wrapCipherError(err);
|
|
1932
|
+
}
|
|
1933
|
+
}
|
|
1934
|
+
|
|
1604
1935
|
function normalizeBaseUrl(baseUrl) {
|
|
1605
1936
|
return baseUrl.replace(/\/+$/, '');
|
|
1606
1937
|
}
|
|
@@ -1885,7 +2216,6 @@
|
|
|
1885
2216
|
}
|
|
1886
2217
|
|
|
1887
2218
|
const tokenCache = new Map();
|
|
1888
|
-
const TOKEN_SKEW_MS = 5000;
|
|
1889
2219
|
const DEFAULT_APP_ACTION = 'write';
|
|
1890
2220
|
const LOOPBACK_HOST_ALIASES = new Set([
|
|
1891
2221
|
'localhost',
|
|
@@ -2027,64 +2357,19 @@
|
|
|
2027
2357
|
const caps = options.invocationCapabilities || fallbackCaps;
|
|
2028
2358
|
return ensureAppCapability(caps, options);
|
|
2029
2359
|
}
|
|
2030
|
-
function isTokenValid(entry, nowMs) {
|
|
2031
|
-
if (!entry.exp)
|
|
2032
|
-
return false;
|
|
2033
|
-
if (entry.nbf && nowMs < entry.nbf)
|
|
2034
|
-
return false;
|
|
2035
|
-
return entry.exp - TOKEN_SKEW_MS > nowMs;
|
|
2036
|
-
}
|
|
2037
|
-
function decodeBase64Url(input) {
|
|
2038
|
-
if (!input)
|
|
2039
|
-
return null;
|
|
2040
|
-
const base64 = input.replace(/-/g, '+').replace(/_/g, '/');
|
|
2041
|
-
const padded = base64.padEnd(Math.ceil(base64.length / 4) * 4, '=');
|
|
2042
|
-
try {
|
|
2043
|
-
if (typeof atob === 'function') {
|
|
2044
|
-
return atob(padded);
|
|
2045
|
-
}
|
|
2046
|
-
}
|
|
2047
|
-
catch {
|
|
2048
|
-
// ignore
|
|
2049
|
-
}
|
|
2050
|
-
try {
|
|
2051
|
-
const nodeBuffer = globalThis.Buffer;
|
|
2052
|
-
if (nodeBuffer) {
|
|
2053
|
-
return nodeBuffer.from(padded, 'base64').toString('utf8');
|
|
2054
|
-
}
|
|
2055
|
-
}
|
|
2056
|
-
catch {
|
|
2057
|
-
return null;
|
|
2058
|
-
}
|
|
2059
|
-
return null;
|
|
2060
|
-
}
|
|
2061
|
-
function decodeUcanPayload(token) {
|
|
2062
|
-
const parts = token.split('.');
|
|
2063
|
-
if (parts.length < 2)
|
|
2064
|
-
return null;
|
|
2065
|
-
const decoded = decodeBase64Url(parts[1]);
|
|
2066
|
-
if (!decoded)
|
|
2067
|
-
return null;
|
|
2068
|
-
try {
|
|
2069
|
-
return JSON.parse(decoded);
|
|
2070
|
-
}
|
|
2071
|
-
catch {
|
|
2072
|
-
return null;
|
|
2073
|
-
}
|
|
2074
|
-
}
|
|
2075
2360
|
async function getCachedInvocationToken(options) {
|
|
2076
2361
|
const cacheKey = buildTokenCacheKey(options.issuer, options.audience, options.capabilities);
|
|
2077
2362
|
const cached = tokenCache.get(cacheKey);
|
|
2078
2363
|
const nowMs = Date.now();
|
|
2079
|
-
|
|
2080
|
-
|
|
2081
|
-
}
|
|
2082
|
-
const token = await createInvocationUcan({
|
|
2364
|
+
const token = await getOrCreateInvocationUcan({
|
|
2365
|
+
ucan: cached?.token,
|
|
2083
2366
|
issuer: options.issuer,
|
|
2084
2367
|
audience: options.audience,
|
|
2085
2368
|
capabilities: options.capabilities,
|
|
2086
2369
|
proofs: options.proofs,
|
|
2087
2370
|
expiresInMs: options.expiresInMs,
|
|
2371
|
+
skewMs: options.skewMs,
|
|
2372
|
+
nowMs,
|
|
2088
2373
|
notBeforeMs: options.notBeforeMs,
|
|
2089
2374
|
});
|
|
2090
2375
|
const payload = decodeUcanPayload(token);
|
|
@@ -2135,6 +2420,7 @@
|
|
|
2135
2420
|
capabilities: invocationCaps,
|
|
2136
2421
|
proofs: [root],
|
|
2137
2422
|
expiresInMs: options.invocationExpiresInMs,
|
|
2423
|
+
skewMs: options.invocationSkewMs,
|
|
2138
2424
|
notBeforeMs: options.notBeforeMs,
|
|
2139
2425
|
});
|
|
2140
2426
|
const client = createWebDavClient({
|
|
@@ -2191,10 +2477,17 @@
|
|
|
2191
2477
|
return result;
|
|
2192
2478
|
}
|
|
2193
2479
|
|
|
2480
|
+
exports.CipherError = CipherError;
|
|
2481
|
+
exports.DEFAULT_UCAN_SESSION_TTL_MS = DEFAULT_UCAN_SESSION_TTL_MS;
|
|
2482
|
+
exports.DEFAULT_UCAN_TOKEN_SKEW_MS = DEFAULT_UCAN_TOKEN_SKEW_MS;
|
|
2483
|
+
exports.DEFAULT_UCAN_TOKEN_TTL_MS = DEFAULT_UCAN_TOKEN_TTL_MS;
|
|
2194
2484
|
exports.WebDavClient = WebDavClient;
|
|
2195
2485
|
exports.authCentralUcanFetch = authCentralUcanFetch;
|
|
2196
2486
|
exports.authFetch = authFetch;
|
|
2197
2487
|
exports.authUcanFetch = authUcanFetch;
|
|
2488
|
+
exports.base64ToBytes = base64ToBytes;
|
|
2489
|
+
exports.bytesToBase64 = bytesToBase64;
|
|
2490
|
+
exports.classifyUcanAuthError = classifyUcanAuthError;
|
|
2198
2491
|
exports.classifyWalletError = classifyWalletError;
|
|
2199
2492
|
exports.clearAccessToken = clearAccessToken;
|
|
2200
2493
|
exports.clearCentralSessionToken = clearCentralSessionToken;
|
|
@@ -2206,8 +2499,11 @@
|
|
|
2206
2499
|
exports.createRootUcan = createRootUcan;
|
|
2207
2500
|
exports.createUcanSession = createUcanSession;
|
|
2208
2501
|
exports.createWebDavClient = createWebDavClient;
|
|
2502
|
+
exports.decodeUcanPayload = decodeUcanPayload;
|
|
2503
|
+
exports.decrypt = decrypt;
|
|
2209
2504
|
exports.deriveAppIdFromHost = deriveAppIdFromHost;
|
|
2210
2505
|
exports.deriveAppIdFromLocation = deriveAppIdFromLocation;
|
|
2506
|
+
exports.encrypt = encrypt;
|
|
2211
2507
|
exports.focusPendingApproval = focusPendingApproval;
|
|
2212
2508
|
exports.getAccessToken = getAccessToken;
|
|
2213
2509
|
exports.getAccounts = getAccounts;
|
|
@@ -2217,15 +2513,19 @@
|
|
|
2217
2513
|
exports.getCentralIssuerInfo = getCentralIssuerInfo;
|
|
2218
2514
|
exports.getCentralSessionToken = getCentralSessionToken;
|
|
2219
2515
|
exports.getChainId = getChainId;
|
|
2516
|
+
exports.getOrCreateInvocationUcan = getOrCreateInvocationUcan;
|
|
2220
2517
|
exports.getOrCreateUcanRoot = getOrCreateUcanRoot;
|
|
2221
2518
|
exports.getPreferredAccount = getPreferredAccount;
|
|
2222
2519
|
exports.getProvider = getProvider;
|
|
2223
2520
|
exports.getStoredUcanRoot = getStoredUcanRoot;
|
|
2521
|
+
exports.getSupportedCipherSuites = getSupportedCipherSuites;
|
|
2224
2522
|
exports.getUcanSession = getUcanSession;
|
|
2523
|
+
exports.getUcanTokenTiming = getUcanTokenTiming;
|
|
2225
2524
|
exports.getWalletErrorCode = getWalletErrorCode;
|
|
2226
2525
|
exports.getWalletErrorMessage = getWalletErrorMessage;
|
|
2227
2526
|
exports.initDappSession = initDappSession;
|
|
2228
2527
|
exports.initWebDavStorage = initWebDavStorage;
|
|
2528
|
+
exports.isUcanTokenFresh = isUcanTokenFresh;
|
|
2229
2529
|
exports.isUserRejectedWalletAction = isUserRejectedWalletAction;
|
|
2230
2530
|
exports.isWalletReconnectError = isWalletReconnectError;
|
|
2231
2531
|
exports.isYeYingProvider = isYeYingProvider;
|
|
@@ -2235,6 +2535,7 @@
|
|
|
2235
2535
|
exports.normalizeAppHostnameForAppId = normalizeAppHostnameForAppId;
|
|
2236
2536
|
exports.normalizeUcanCapabilities = normalizeUcanCapabilities;
|
|
2237
2537
|
exports.normalizeUcanCapability = normalizeUcanCapability;
|
|
2538
|
+
exports.normalizeUcanExpiry = normalizeUcanExpiry;
|
|
2238
2539
|
exports.onAccountsChanged = onAccountsChanged;
|
|
2239
2540
|
exports.onChainChanged = onChainChanged;
|
|
2240
2541
|
exports.refreshAccessToken = refreshAccessToken;
|