create-blocklet 0.9.5 → 0.9.7

package/templates/did-connect-dapp/api/libs/utils.js

@@ -0,0 +1,70 @@
+const { getRandomBytes } = require('@ocap/mcrypto');
+const pick = require('lodash/pick');
+const { toAddress, fromBase58 } = require('@ocap/util');
+const { isFromPublicKey, toTypeInfo } = require('@arcblock/did');
+const { fromPublicKey } = require('@ocap/wallet');
+
+const { client } = require('./auth');
+const env = require('./env');
+
+const getRandomMessage = (len = 16) => {
+  const hex = getRandomBytes(len);
+  return hex.replace(/^0x/, '').toUpperCase();
+};
+
+const getTokenInfo = async () => {
+  const [{ state }] = await Promise.all([client.getTokenState({ address: env.localTokenId })]);
+
+  const result = {
+    symbol: state.symbol,
+    decimal: state.decimal,
+  };
+
+  return result;
+};
+const pickGasPayerHeaders = ({ headers }) => ({ headers: pick(headers, ['x-gas-payer-sig', 'x-gas-payer-pk']) });
+
+const verifyAssetClaim = async ({ claim, challenge, trustedIssuers = [], trustedParents = [] }) => {
+  const fields = ['asset', 'ownerProof', 'ownerPk', 'ownerDid'];
+  for (const field of fields) {
+    if (!claim[field]) {
+      throw new Error(`Invalid asset claim: ${field} is missing`);
+    }
+  }
+
+  const address = claim.asset;
+  const ownerDid = toAddress(claim.ownerDid);
+  const ownerPk = fromBase58(claim.ownerPk);
+  const ownerProof = fromBase58(claim.ownerProof);
+  if (isFromPublicKey(ownerDid, ownerPk) === false) {
+    throw new Error('Invalid asset claim: owner did and pk mismatch');
+  }
+
+  const owner = fromPublicKey(ownerPk, toTypeInfo(ownerDid));
+  if (owner.verify(challenge, ownerProof) === false) {
+    throw new Error('Invalid asset claim: owner proof invalid');
+  }
+
+  const { state } = await client.getAssetState({ address }, { ignoreFields: ['context'] });
+  if (!state) {
+    throw new Error('Invalid asset claim: asset not found on chain');
+  }
+  if (state.owner !== ownerDid) {
+    throw new Error('Invalid asset claim: owner does not match with on chain state');
+  }
+  if (trustedIssuers.length && trustedIssuers.includes(state.issuer) === false) {
+    throw new Error('Invalid asset claim: asset issuer not in whitelist');
+  }
+  if (trustedParents.length && trustedParents.includes(state.parent) === false) {
+    throw new Error('Invalid asset claim: asset parent not in whitelist');
+  }
+
+  return state;
+};
+
+module.exports = {
+  getRandomMessage,
+  getTokenInfo,
+  pickGasPayerHeaders,
+  verifyAssetClaim,
+};

package/templates/did-connect-dapp/api/routes/auth/index.js

@@ -0,0 +1,15 @@
+/* eslint-disable global-require */
+const { handlers } = require('../../libs/auth');
+
+module.exports = {
+  init(app) {
+    handlers.attach({ app, ...require('./request-profile') });
+    handlers.attach({ app, ...require('./request-text-signature') });
+    handlers.attach({ app, ...require('./request-digest-signature') });
+    handlers.attach({ app, ...require('./request-transaction-signature') });
+    handlers.attach({ app, ...require('./request-payment') });
+    handlers.attach({ app, ...require('./request-nft') });
+    handlers.attach({ app, ...require('./request-multiple-claims') });
+    handlers.attach({ app, ...require('./request-multiple-steps') });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-digest-signature.js

@@ -0,0 +1,51 @@
+const { toTypeInfo } = require('@arcblock/did');
+const { fromPublicKey } = require('@ocap/wallet');
+const { types, getHasher } = require('@ocap/mcrypto');
+const { toBase58 } = require('@ocap/util');
+
+const logger = require('../../libs/logger');
+
+const hasher = getHasher(types.HashType.SHA3);
+const data = 'abcdefghijklmnopqrstuvwxyz'.repeat(32);
+
+const action = 'request-digest-signature';
+
+module.exports = {
+  action,
+  claims: {
+    signature: () => {
+      return {
+        description: 'Please sign the digest',
+        digest: toBase58(hasher(data, 1)),
+      };
+    },
+  },
+
+  onAuth: ({ userDid, userPk, claims, updateSession }) => {
+    const type = toTypeInfo(userDid);
+    const user = fromPublicKey(userPk, type);
+    const claim = claims.find((x) => x.type === 'signature');
+
+    logger.info(`${action}.onAuth`, { userPk, userDid, claim });
+
+    if (claim.origin) {
+      if (user.verify(claim.origin, claim.sig, claim.method !== 'none') === false) {
+        throw new Error('Invalid origin signature');
+      }
+    }
+
+    // We do not need to hash the data when verifying
+    if (claim.digest) {
+      if (user.verify(claim.digest, claim.sig, false) === false) {
+        throw new Error('Invalid digest signature');
+      }
+    }
+    updateSession({
+      result: {
+        origin: data,
+        digest: claim.digest,
+        sig: claim.sig,
+      },
+    });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-multiple-claims.js

@@ -0,0 +1,52 @@
+const { fromBase58, toBase58 } = require('@ocap/util');
+const { getHasher, types } = require('@ocap/mcrypto');
+
+const { getRandomMessage } = require('../../libs/utils');
+const logger = require('../../libs/logger');
+
+const hasher = getHasher(types.HashType.SHA3);
+const data = 'abcdefghijklmnopqrstuvwxyz'.repeat(32);
+
+const action = 'request-multiple-claims';
+
+module.exports = {
+  action,
+  claims: {
+    signText: [
+      'signature',
+      () => {
+        return {
+          type: 'mime:text/plain',
+          data: getRandomMessage(),
+          description: 'Please sign the text',
+        };
+      },
+    ],
+    signDigest: [
+      'signature',
+      () => {
+        return {
+          description: 'Please sign the digest',
+          digest: toBase58(hasher(data, 1)),
+        };
+      },
+    ],
+  },
+
+  onAuth: ({ userDid, userPk, claims, updateSession }) => {
+    logger.info(`${action}.onAuth`, { userPk, userDid, claims });
+    updateSession({
+      result: [
+        {
+          origin: fromBase58(claims[0].origin).toString(),
+          sig: claims[0].sig,
+        },
+        {
+          origin: data,
+          digest: claims[1].digest,
+          sig: claims[1].sig,
+        },
+      ],
+    });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-multiple-steps.js

@@ -0,0 +1,57 @@
+const { fromBase58, toBase58 } = require('@ocap/util');
+const { getHasher, types } = require('@ocap/mcrypto');
+
+const { getRandomMessage } = require('../../libs/utils');
+const logger = require('../../libs/logger');
+
+const hasher = getHasher(types.HashType.SHA3);
+const data = 'abcdefghijklmnopqrstuvwxyz'.repeat(32);
+
+const action = 'request-multiple-steps';
+
+module.exports = {
+  action,
+  claims: [
+    {
+      signature: () => {
+        return {
+          type: 'mime:text/plain',
+          data: getRandomMessage(),
+          description: 'Please sign the text',
+        };
+      },
+    },
+    {
+      signature: () => {
+        return {
+          description: 'Please sign the digest',
+          digest: toBase58(hasher(data, 1)),
+        };
+      },
+    },
+  ],
+
+  onAuth: ({ userDid, userPk, claims, step, req, updateSession }) => {
+    logger.info(`${action}.onAuth`, { step, userPk, userDid, claims });
+    const result = req?.context?.store?.result || [];
+    const claim = claims.find((x) => x.type === 'signature');
+    if (step === 1) {
+      result.push({
+        step,
+        origin: fromBase58(claim.origin).toString(),
+        sig: claim.sig,
+      });
+    } else if (step === 2) {
+      result.push({
+        step,
+        origin: data,
+        digest: claim.digest,
+        sig: claim.sig,
+      });
+    }
+
+    updateSession({
+      result,
+    });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-nft.js

@@ -0,0 +1,82 @@
+const { fromPublicKey } = require('@ocap/wallet');
+const { toAddress, fromBase58, toBuffer } = require('@ocap/util');
+const { toTypeInfo } = require('@arcblock/did');
+
+const { verifyAssetClaim } = require('../../libs/utils');
+const { wallet } = require('../../libs/auth');
+const logger = require('../../libs/logger');
+
+const validateAgentProof = (claim) => {
+  const ownerDid = toAddress(claim.ownerDid);
+  const ownerPk = fromBase58(claim.ownerPk);
+  if (!claim.agentProof) {
+    throw new Error('agent proof is empty');
+  }
+
+  if (typeof claim.agentProof === 'string') {
+    claim.agentProof = JSON.parse(claim.agentProof);
+  }
+
+  logger.info('claim.agentProof.nonce', claim.agentProof.nonce);
+  logger.info('claim.agentProof.signature', claim.agentProof.signature);
+
+  const { nonce } = claim.agentProof;
+  if (nonce < Math.ceil(Date.now() / 1000) - 5 * 60) {
+    throw new Error('agent proof is expired: ttl is 5 minutes');
+  }
+
+  const message = Buffer.concat([toBuffer(nonce.toString()), toBuffer(wallet.address)]);
+  const signer = fromPublicKey(ownerPk, toTypeInfo(ownerDid));
+  const signature = fromBase58(claim.agentProof.signature);
+
+  if (claim.type === 'asset') {
+    if (!signer.verify(message, signature)) {
+      throw new Error('agent proof is invalid for asset');
+    }
+  }
+
+  if (claim.type === 'verifiableCredential') {
+    if (!signer.verify(message, signature)) {
+      throw new Error('agent proof is invalid for vc');
+    }
+  }
+};
+
+const action = 'request-nft';
+
+module.exports = {
+  action,
+  claims: {
+    assetOrVC: () => {
+      return {
+        description: 'Please provide NFT or VC to continue',
+        filters: [
+          {
+            type: ['NFTBadge', 'NFTCertificate'],
+            trustedIssuers: [
+              // wallet.address,
+              'zNKXAEjKYXEnf2hf18NjTQsa1JajA9gJ3haY',
+            ],
+          },
+        ],
+      };
+    },
+  },
+  onAuth: async ({ claims, challenge, updateSession }) => {
+    const asset = claims.find((x) => x.type === 'asset');
+
+    if (!asset) {
+      throw new Error('Neither NFT nor VC is provided');
+    }
+
+    logger.info(`${action}.onAuth.asset`, asset);
+
+    validateAgentProof(asset, challenge);
+
+    const assetState = await verifyAssetClaim({ claim: asset, challenge });
+    updateSession({
+      result: asset,
+    });
+    return { successMessage: `You provided asset: ${assetState.address}` };
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-payment.js

@@ -0,0 +1,72 @@
+/* eslint-disable no-console */
+const { fromTokenToUnit } = require('@ocap/util');
+const { fromAddress } = require('@ocap/wallet');
+
+const { wallet, client } = require('../../libs/auth');
+const { getTokenInfo, pickGasPayerHeaders } = require('../../libs/utils');
+const env = require('../../libs/env');
+const logger = require('../../libs/logger');
+
+const action = 'request-payment';
+module.exports = {
+  action,
+  claims: {
+    signature: async ({ userDid, userPk }) => {
+      const amount = 1;
+      const token = await getTokenInfo();
+
+      return {
+        type: 'TransferV2Tx',
+        data: {
+          from: userDid,
+          pk: userPk,
+          itx: {
+            to: wallet.address,
+            tokens: [
+              {
+                address: env.localTokenId,
+                value: fromTokenToUnit(amount, token.decimal).toString(),
+              },
+            ],
+          },
+        },
+        description: `Please pay ${amount} ${token.symbol} to application`,
+      };
+    },
+  },
+  onAuth: async ({ req, claims, userDid, updateSession }) => {
+    try {
+      const claim = claims.find((x) => x.type === 'signature');
+      const tx = client.decodeTx(claim.origin);
+      const user = fromAddress(userDid);
+      if (claim.from) {
+        tx.from = claim.from;
+      }
+      if (claim.delegator) {
+        tx.delegator = claim.delegator;
+      }
+      const hash = await client.sendTransferV2Tx(
+        {
+          tx,
+          wallet: user,
+          signature: claim.sig,
+        },
+        pickGasPayerHeaders(req),
+      );
+
+      logger.info(`${action}.onAuth`, { claims, userDid, hash });
+      updateSession({
+        result: {
+          hash,
+          tx,
+          origin: claim.origin,
+          sig: claim.sig,
+        },
+      });
+      return { hash, tx: claim.origin };
+    } catch (err) {
+      logger.info(`${action}.onAuth.error`, err);
+      throw new Error('Send token failed!');
+    }
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-profile.js

@@ -0,0 +1,25 @@
+const omit = require('lodash/omit');
+const logger = require('../../libs/logger');
+
+const action = 'request-profile';
+module.exports = {
+  action,
+  claims: {
+    profile: () => ({
+      description: 'Please provide your full profile',
+      fields: ['fullName', 'email', 'phone', 'signature', 'avatar', 'birthday'],
+    }),
+  },
+
+  onAuth: ({ userDid, userPk, claims, updateSession }) => {
+    const claim = claims.find((x) => x.type === 'profile');
+    logger.log(`${action}.onAuth`, { userDid, userPk, claim });
+    updateSession({
+      result: {
+        ...omit(claim, ['type', 'signature']),
+        did: userDid,
+        pk: userPk,
+      },
+    });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-text-signature.js

@@ -0,0 +1,44 @@
+/* eslint-disable no-console */
+const { toTypeInfo } = require('@arcblock/did');
+const { fromPublicKey } = require('@ocap/wallet');
+const { fromBase58 } = require('@ocap/util');
+
+const logger = require('../../libs/logger');
+const { getRandomMessage } = require('../../libs/utils');
+
+const action = 'request-text-signature';
+module.exports = {
+  action,
+  claims: {
+    signature: () => {
+      const data = getRandomMessage();
+
+      return {
+        description: 'Please sign the text',
+        type: 'mime:text/plain',
+        data,
+      };
+    },
+  },
+
+  onAuth: ({ userDid, userPk, claims, updateSession }) => {
+    const type = toTypeInfo(userDid);
+    const user = fromPublicKey(userPk, type);
+    const claim = claims.find((x) => x.type === 'signature');
+
+    logger.info(`${action}.onAuth`, { userPk, userDid, claim });
+
+    if (claim.origin) {
+      if (user.verify(claim.origin, claim.sig, claim.method !== 'none') === false) {
+        throw new Error('Invalid origin signature');
+      }
+    }
+
+    updateSession({
+      result: {
+        origin: fromBase58(claim.origin).toString(),
+        sig: claim.sig,
+      },
+    });
+  },
+};

package/templates/did-connect-dapp/api/routes/auth/request-transaction-signature.js

@@ -0,0 +1,62 @@
+/* eslint-disable no-console */
+const { toTypeInfo } = require('@arcblock/did');
+const { fromPublicKey } = require('@ocap/wallet');
+const { toTxHash } = require('@ocap/mcrypto');
+const { toBase58 } = require('@ocap/util');
+
+const logger = require('../../libs/logger');
+const env = require('../../libs/env');
+const { wallet, client } = require('../../libs/auth');
+
+const action = 'request-transaction-signature';
+
+module.exports = {
+  action,
+  claims: {
+    signature: async ({ userPk, userDid }) => {
+      const value = await client.fromTokenToUnit(1);
+      const type = toTypeInfo(userDid);
+
+      const encoded = await client.encodeTransferV2Tx({
+        tx: {
+          itx: {
+            to: wallet.address,
+            tokens: [
+              {
+                address: env.localTokenId,
+                value: value.toString(),
+              },
+            ],
+          },
+        },
+        wallet: fromPublicKey(userPk, type),
+      });
+
+      const origin = toBase58(encoded.buffer);
+
+      return {
+        description: 'Please sign the transaction',
+        type: 'fg:t:transaction',
+        data: origin,
+      };
+    },
+  },
+
+  onAuth: ({ userDid, userPk, claims, updateSession }) => {
+    const claim = claims.find((x) => x.type === 'signature');
+    const tx = client.decodeTx(claim.origin);
+
+    logger.info(`${action}.onAuth`, { userPk, userDid, claim });
+    const buffer = Buffer.from(claim.origin);
+    const hash = toTxHash(buffer);
+
+    updateSession({
+      result: {
+        hash,
+        tx,
+        origin: claim.origin,
+        sig: claim.sig,
+      },
+    });
+  },
+};

package/templates/did-connect-dapp/blocklet.md

@@ -0,0 +1,5 @@
+# DID Connect Playground
+
+A Playground shows Simple DID Connect workflow
+
+> Please update this

package/templates/did-connect-dapp/blocklet.yml

@@ -0,0 +1,57 @@
+title: DID Connect Playground
+description: A Blocklet show DID Connect Playground
+keywords:
+  - blocklet
+  - react
+  - did-connect
+group: dapp
+did: ''
+main: api/index.js
+author:
+  name: ArcBlock
+  email: blocklet@arcblock.io
+  url: https://github.com/blocklet
+repository:
+  type: git
+  url: git+https://github.com/blocklet/create-blocklet.git
+specVersion: 1.2.8
+version: 0.1.0
+logo: logo.png
+files:
+  - dist
+  - logo.png
+  - screenshots
+  - api/hooks/pre-start.js
+interfaces:
+  - type: web
+    name: publicUrl
+    path: /
+    prefix: '*'
+    port: BLOCKLET_PORT
+    protocol: http
+community: ''
+documentation: ''
+homepage: ''
+license: ''
+payment:
+  price: []
+  share: []
+timeout:
+  start: 60
+requirements:
+  server: '>=1.16.31'
+  os: '*'
+  cpu: '*'
+scripts:
+  preStart: node api/hooks/pre-start.js
+  dev: npm run start
+environments:
+  - name: CHAIN_HOST
+    description: What's endpoint of the chain?
+    required: true
+    default: https://beta.abtnetwork.io/api/
+    secure: false
+capabilities:
+  navigation: true
+screenshots: []
+components: []

package/templates/did-connect-dapp/index.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html lang="en">
+
+<head>
+  <meta charset="UTF-8" />
+  <link rel="icon" href="/favicon.ico?imageFilter=convert&f=png&w=32" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />
+  <meta name="theme-color" content="#4F6AF5" />
+</head>
+
+<body>
+  <noscript> You need to enable JavaScript to run this app. </noscript>
+  <div id="app"></div>
+  <script type="module" src="/src/index.jsx"></script>
+</body>
+
+</html>