webdaemon 1.0.0 → 11.4.1

package/index.js

@@ -1,8 +1,17 @@
-export * from './src/Alert.js'
-export * from './src/BrowserApp.js'
-export * from './src/Digest.js'
-export * from './src/KeyPair.js'
-export * from './src/ParentHelper.js'
-export * from './src/QrCode.js'
-export * from './src/Storage.js'
-export * from './src/Token.js'
+/** Common libs */
+export * from './src/js/Digest.js'
+export * from './src/js/KeyPair.js'
+export * from './src/js/Token.js'
+
+/** Browser libs */
+export * from './src/js/Alert.js'
+export * from './src/js/BrowserApp.js'
+export * from './src/js/ParentHelper.js'
+export * from './src/js/QrCode.js'
+export * from './src/js/Storage.js'
+
+/** Backend libs */
+export * from './src/ts/Assertions.ts'
+export * from './src/ts/Lifecycle.ts'
+export * from './src/ts/Requests.ts'
+export * from './src/ts/Responses.ts'

package/package.json

@@ -1,11 +1,8 @@
 {
   "name": "webdaemon",
-  "version": "1.0.0",
-  "description": "Web Daemon f/e",
+  "version": "11.4.1",
+  "description": "Web Daemon",
   "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
   "keywords": [
     "es6",
     "npm",

package/package.json.template

@@ -0,0 +1,13 @@
+{
+  "name": "webdaemon",
+  "version": "<FILLED IN>",
+  "description": "Web Daemon",
+  "main": "index.js",
+  "keywords": [
+    "es6",
+    "npm",
+    "library"
+  ],
+  "author": "Web Daemon Authors",
+  "license": "ISC"
+}

package/src/{BrowserApp.js → js/BrowserApp.js}

@@ -1,5 +1,4 @@
 import { Token } from './Token.js'
-import { Storage } from './Storage.js'
 
 /**
  * @module
@@ -332,13 +331,4 @@ export class BrowserApp {
       throw json.error
     }
   }
-
-  /**
-   * Gets a Storage instance using the party token.
-   *
-   * @returns {Storage} instance.
-   */
-  getStorage() {
-    return new Storage(this.getToken())
-  }
 }

package/src/js/README.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+    <title>Readme</title>
+  </head>
+  <body>
+<h1 id="javascript-library">Javascript library</h1>
+<p>This directory holds Javascript source files designed to be used in
+either the browser or a daemon runner, served from a public site such as
+https://webdaemon.online.</p>
+  </body>
+</html>

package/src/js/README.md

@@ -0,0 +1,4 @@
+# Javascript library
+This directory holds Javascript source files designed to be
+used in either the browser or a daemon runner, served from
+a public site such as https://webdaemon.online.

package/src/{Storage.js → js/Storage.js}

@@ -25,34 +25,6 @@ const KEYLIKE_PATTERN = /^[\w\-.%_]+(?:\/[\w\-.%_]+)*$/
  * @property {string} error
  */
 
-/**
- * An instance of this class is normally obtained from BrowserApp, which constructs
- * the instance using the party token.
- */
-export class Storage {
-  #token    // Party token which must include getitem and setitem capabilities on party:control.
-
-  constructor(token) {
-    this.#token = token
-  }
-
-  getItem(key) {
-    return getItem(this.#token, key)
-  }
-
-  getItemsLike(keylike) {
-    return getItemsLike(this.#token, keylike)
-  }
-
-  setItem(key, value) {
-    return setItem(this.#token, key, value)
-  }
-
-  removeItem(key) {
-    return removeItem(this.#token, key)
-  }
-}
-
 /**
  * Throws an exception if the key being used is not
  * in a valid format.
@@ -153,6 +125,7 @@ export async function getItemsLike(token, keylike) {
   assertValidLike(keylike)
   const url = new URL(`${token.getAud()}/storage`)
   url.searchParams.append('like', keylike)
+  console.log(url)
   const response = await fetch(url, {
     method: 'GET',
     headers: {

package/src/ts/Assertions.ts

@@ -0,0 +1,41 @@
+/**
+ * Use this type to reference a plain object with
+ * random string keys.
+ */
+export interface Plain {
+  // deno-lint-ignore no-explicit-any
+  [key: string]: any
+}
+
+/**
+ * Any JSON-serialisable type.
+ */
+export type JSONPrimitive = string | number | boolean | null
+export type JSONArray = JSONValue[]
+export interface JSONObject {
+  [key: string]: JSONValue
+}
+export type JSONValue = JSONPrimitive | JSONObject | JSONArray
+
+
+/**
+ * Type predicates to be used in type-narrowing assertions, e.g.
+ *
+ *   assert(notNull(someValue))
+ *   ... now the type of someValue does not include null ...
+ *
+ * or
+ *  if (isOk(returnValue)) {
+ *     ...in this block we know returnValue.ok is present and of the correct type.
+ *  }
+ *
+ * @param value the value to be tested.
+ * @returns true if not null, otherwise false.
+ */
+export function notNull<T>(value: T | null): value is T {
+  return value !== null
+}
+
+export function isDefined<T>(value: T | undefined): value is T {
+  return value !== undefined
+}

package/src/ts/Lifecycle.ts

@@ -0,0 +1,307 @@
+import { response } from './Responses.ts'
+import { Plain, JSONValue } from './Assertions.ts'
+import { KeyPair } from '../js/KeyPair.js'
+import { Token, Scope } from '../js/Token.js'
+
+// Daemon configuration looks like this.
+export interface DaemonConfig {
+  system: {
+    protocol: 'http:' | 'https:'
+    party: string
+    issuer: string
+    source: string
+    sourcePrefix: string
+  }
+  user: Plain
+}
+
+// System requests are on the /daemon/... path.
+export const DAEMON_PREFIX = 'daemon'
+
+// Daemon lifecycle path components that come after DAEMON_PREFIX.
+export const CONFIG_PATH = 'config'
+export const EVENT_PATH = 'event'
+export const PUBLIC_JWK_PATH = 'public.jwk'
+
+// SessionStorage keys for lifecycle objects.
+const CONFIG_KEY = 'config'
+const PRIVATE_JWK_KEY = 'privateJwk'
+const PUBLIC_JWK_KEY = 'publicJwk'
+
+// Default time-to-live for a third party token we generate is 1 hour.
+const DEFAULT_TTL_MILLIS = 1000 * 60 * 60
+
+interface TabEvent {
+  type: string,
+  payload: JSONValue
+}
+
+/**
+ * Encapsulates the lifecycle event requests that occur on
+ * runner start and termination and when alerts are resolved
+ * or rejected.
+ *
+ * The Lifecycle object also provides static methods to retrieve
+ * configuration items, a public and private key pair, and also to
+ * produce the signed token that is required in requests from this party
+ * to third parties.
+ */
+export class Lifecycle extends EventTarget {
+  static #instance: Lifecycle = new Lifecycle()
+
+  static getInstance() {
+    return this.#instance
+  }
+
+  /**
+   * All system requests are under the /daemon/ path.
+   *
+   * @param {Request} request to be tested.
+   * @returns {boolean} true if the request is a lifecycle request.
+   */
+  static shouldHandle(request: Request): boolean {
+    return (
+      Lifecycle.isConfig(request) ||
+      Lifecycle.isEvent(request) ||
+      Lifecycle.isPublicJwk(request)
+    )
+  }
+
+  static isConfig(request: Request): boolean {
+    const url = new URL(request.url)
+    return (
+      request.method == 'POST' &&
+      url.pathname == `/${DAEMON_PREFIX}/${CONFIG_PATH}` &&
+      request.headers.get('Content-Type') == 'application/json'
+    )
+  }
+
+  static isEvent(request: Request): boolean {
+    const url = new URL(request.url)
+    return (
+      request.method == 'POST' &&
+      url.pathname == `/${DAEMON_PREFIX}/${EVENT_PATH}` &&
+      request.headers.get('Content-Type') == 'application/json'
+    )
+  }
+
+  static isPublicJwk(request: Request): boolean {
+    const url = new URL(request.url)
+    return (
+      request.method == 'GET' &&
+      url.pathname == `/${DAEMON_PREFIX}/${PUBLIC_JWK_PATH}`
+    )
+  }
+
+  /**
+   * Handles a lifecycle request.
+   *
+   * @param {Request} request to be handled.
+   * @returns {Response} response for caller.
+   */
+  async handler(request: Request): Promise<Response> {
+    if (Lifecycle.isConfig(request)) {
+      return await this.handleConfig(request)
+    }
+    if (Lifecycle.isEvent(request)) {
+      return await this.handleEvent(request)
+    }
+    if (Lifecycle.isPublicJwk(request)) {
+      return await this.handlePublicJwk()
+    }
+    return response({
+      error: 'Invalid daemon request'
+    })
+  }
+
+  /**
+   * Saves the lifecycle config object provided in the request body.
+   *
+   * Fires a 'config' lifecycle event.
+   *
+   * @param {Request} request containing the configuration json.
+   * @return {Response} ok response.
+   */
+  async handleConfig(request: Request): Promise<Response> {
+    const configJson = await request.json()
+    sessionStorage.setItem(CONFIG_KEY, JSON.stringify(configJson))
+    this.dispatchEvent(new CustomEvent('config', {
+      detail: configJson
+    }))
+    return response({
+      ok: true
+    })
+  }
+
+  /**
+   * Fires a lifecycle event upon receiving an event request.
+   *
+   * @param {Request} request containing the event.
+   * @return {Response} ok response.
+   */
+  async handleEvent(request: Request): Promise<Response> {
+    const {
+      type,
+      payload
+    } = await request.json()
+    this.dispatchEvent(new CustomEvent(type, {
+      detail: payload
+    }))
+    return response({
+      ok: true
+    })
+  }
+
+  /**
+   * Responds with the JSON public key used to verify tokens
+   * produced by this instance.
+   *
+   * @return {Response} the response containing the Signatory (role, jwk).
+   */
+  async handlePublicJwk(): Promise<Response> {
+    const role = 'party'
+    const jwk = await Lifecycle.getPublicKey()
+    return Response.json({
+      ok: {
+        role,
+        jwk
+      }
+    })
+  }
+
+  /**
+   * Returns the configuration object stored on initialisation.
+   * @return {DaemonConfig} the daemon configuration object.
+   * @throws {string} exception if config is not yet initialised.
+   */
+  static getConfig(): DaemonConfig {
+    const json = sessionStorage.getItem(CONFIG_KEY)
+    if (!json) {
+      throw 'DaemonConfig not ready'
+    }
+    return JSON.parse(json)
+  }
+
+  /**
+   * Generates if necessary and returns a private key for
+   * use in signing tokens.
+   *
+   * @returns {JSONWebKey} the private key for this session.
+   */
+  static async getPrivateKey(): Promise<JsonWebKey> {
+    const jsonWebKey = sessionStorage.getItem(PRIVATE_JWK_KEY)
+    if (!jsonWebKey) {
+      const keyPair = await Lifecycle.generateKeys()
+      return keyPair.privateJwk()
+    }
+    return JSON.parse(jsonWebKey)
+  }
+
+  /**
+   * Generates if necessary and returns a public key for
+   * use by third parties to verifying tokens we generate.
+   *
+   * @returns {JSONWebKey} the public key for this session.
+   */
+  static async getPublicKey(): Promise<JsonWebKey> {
+    const jsonWebKey = sessionStorage.getItem(PUBLIC_JWK_KEY)
+    if (!jsonWebKey) {
+      const keyPair = await Lifecycle.generateKeys()
+      return keyPair.publicJwk()
+    }
+    return JSON.parse(jsonWebKey)
+  }
+
+  /**
+   * Generates and stores the serialised public and private JWK keys in
+   * sessionStorage which survives the life of this process instance.
+   *
+   * @returns {KeyPair} keyPair as generated and stored in sessionStorage.
+   */
+  static async generateKeys(): Promise<KeyPair> {
+    const keyPair = new KeyPair()
+    await keyPair.generate()
+    const privateJwk = await keyPair.privateJwk()
+    const publicJwk = await keyPair.publicJwk()
+    sessionStorage.setItem(PRIVATE_JWK_KEY, JSON.stringify(privateJwk))
+    sessionStorage.setItem(PUBLIC_JWK_KEY, JSON.stringify(publicJwk))
+    return keyPair
+  }
+
+  /**
+   * Returns a token suitable for the `x-tabserver-token` header
+   * in a request to the supplied party with the required
+   * scope.
+   *
+   * If party is omitted, it defaults to this party.
+   * If
+   *
+   * @param {Scope} scope map of string source -> space-separated capabilities.
+   * @param {string=} party the party host name to whom the request will be sent.
+   * @param { src=} src the HTML page from which the request is (actually or notionally) made.
+   * @param {number=} ttlMillis the lifetime of this token.
+   * @returns {Token} the signed token.
+   * @throws {string} if configuration not yet initialised.
+   *
+  */
+  static async getTokenFor(
+    scope: Scope,
+    party: string | null = null,
+    src: string | null = null,
+    ttlMillis: number = DEFAULT_TTL_MILLIS
+  ): Promise<Token> {
+    const config = Lifecycle.getConfig()
+    if (!config) {
+      throw 'Lifecycle configuration not yet available'
+    }
+
+    // Extract protocol, our party, issuer and source from system config.
+    const {
+      system: {
+        protocol,
+        party: us,
+        issuer,
+        source
+      }
+    } = config
+
+    // Token src excludes query params.
+    const appSourceUrl = new URL(source)
+
+    const aud = party ? `${protocol}//${party}`: `${protocol}//${us}`
+    const sub = `${protocol}//${us}`
+    const now = Date.now()
+
+    const payload = {
+      iss: issuer,
+      aud,
+      sub,
+      src: src ?? `${appSourceUrl.origin}${appSourceUrl.pathname}`,
+      scope,
+      iat: now,
+      exp: now + ttlMillis
+    }
+
+    const token = new Token(payload)
+    await token.signWith(Lifecycle.getPrivateKey())
+    return token
+  }
+
+  /**
+   * Returns a token for our party with the setitem and getitem
+   * capabilities on the party control source.
+   */
+  static getStorageToken(): Promise<Token> {
+    const {
+      system: {
+        party,
+      }
+    } = Lifecycle.getConfig()
+
+    const scope = {
+      [Token.Source.PARTY_CONTROL]: `${Token.Capability.GET_ITEM} ${Token.Capability.SET_ITEM}`
+    }
+
+    return Lifecycle.getTokenFor(scope, party)
+  }
+}

package/src/ts/README.html

@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="UTF-8">
+    <title>Readme</title>
+  </head>
+  <body>
+<h1 id="typescript-library">Typescript library</h1>
+<p>This directory holds Typescript source files designed to be used in
+daemon runners only, and served from a public site such as
+https://webdaemon.online.</p>
+  </body>
+</html>

package/src/ts/README.md

@@ -0,0 +1,4 @@
+# Typescript library
+This directory holds Typescript source files designed to be
+used in daemon runners only, and served from a public site
+such as https://webdaemon.online.

package/src/ts/Requests.ts

@@ -0,0 +1,131 @@
+import { Plain } from "./Assertions.ts";
+
+// Standard HTTP headers.
+const X_FORWARDED_HOST = 'x-forwarded-host'
+const X_FORWARDED_PROTO = 'x-forwarded-proto'
+
+// Non-standard HTTP header used by tabserver.
+const X_FORWARDED_PATHNAME = 'x-forwarded-pathname'
+
+/**
+ * Returns the request protocol. This is the first of the following:
+ *
+ * 1. The `x-forwarded-proto` header, if present, with trailing colon.
+ * 2. The request URL protocol, ditto.
+ *
+ * @param request the request.
+ * @returns {string} the protocol with trailing colon.
+ */
+export function getClientProtocol(request: Request): string {
+  if (request.headers.has(X_FORWARDED_PROTO)) {
+    return (request.headers.get(X_FORWARDED_PROTO) as string) + ':'
+  }
+
+  return new URL(request.url).protocol
+}
+
+/**
+ * Returns the request host name. This is the first of the following:
+ *
+ * 1. The `x-forwarded-host` header, if present.
+ * 2. The request URL hostname (including port, if present)
+ *
+ * @param request the request.
+ * @returns the protocol.
+ */
+export function getClientHost(request: Request): string {
+  if (request.headers.has(X_FORWARDED_HOST)) {
+    return request.headers.get(X_FORWARDED_HOST) || ''
+  }
+
+  return new URL(request.url).host
+}
+
+/**
+ * Returns the request pathname. This is the first of the following:
+ *
+ * 1. The `x-forwarded-pathname` header, if present.
+ * 2. The request URL pathname.
+ */
+export function getClientPathname(request: Request): string {
+  if (request.headers.has(X_FORWARDED_PATHNAME)) {
+    return request.headers.get(X_FORWARDED_PATHNAME) || ''
+  }
+
+  return new URL(request.url).pathname
+}
+
+/**
+ * Returns the client request protocol, host and pathname components
+ * only.
+ *
+ * @param request the request.
+ * @return {URL} the protocol://host/pathname
+ */
+export function getClientUrlPhp(request: Request): URL {
+  const protocol = getClientProtocol(request)
+  const host = getClientHost(request)
+  const pathname = getClientPathname(request)
+  return new URL(`${protocol}//${host}${pathname}`)
+}
+
+/**
+ * Returns the URL as requested by the client taking account
+ * of the x-forwarded protocol and host.
+ *
+ * @param request the request.
+ * @returns the URL.
+ */
+export function getClientUrl(request: Request): URL {
+  const originalUrl = new URL(request.url)
+  const newUrl = getClientUrlPhp(request)
+  newUrl.search = originalUrl.search
+  newUrl.hash = originalUrl.hash
+  return newUrl
+}
+
+/**
+ * Returns the pathname portion of the request URL, excluding
+ * query and fragment components.
+ *
+ * @param {request} the request.
+ * @returns {string} the pathname which starts with a forward slash.
+ */
+export function getPathname(request: Request): string {
+  const url = new URL(request.url)
+  return url.pathname
+}
+
+/**
+ * Returns the string value of a named cookie, or null if it is not
+ * present in the request.
+ *
+ * @param {Request} request the request.
+ * @param {string} cookieName the name of the cookie
+ * @returns {string} the cookie value, or null if not present.
+ */
+export function getCookie(request: Request, cookieName: string): string | null {
+  const cookies = getCookies(request)
+  if (cookieName in cookies) {
+    return cookies[cookieName]
+  }
+  return null
+}
+
+/**
+ * Returns a map of request cookie names to values, which can be empty.
+ *
+ * @param {Request} request the request.
+ * @returns {Plain} the plain object with zero or more cookie keys.
+ */
+export function getCookies(request: Request): Plain {
+  const cookies: Plain = {}
+  const headerValue = request.headers.get('Cookie')
+  if (headerValue) {
+    for (const keyVal of headerValue.split('; ')) {
+      const [key, value] = keyVal.split('=')
+      cookies[key] = value
+    }
+  }
+  return cookies
+}

package/src/ts/Responses.ts

@@ -0,0 +1,132 @@
+import { Plain } from './Assertions.ts'
+
+export interface Ok<T> {
+  ok: T
+}
+
+export interface Error {
+  error: string
+}
+
+/**
+ * Returns an ok response or an error response corresponding
+ * to the standard ok or error return value.
+ *
+ * If the error string starts with a space-separated status code,
+ * then that is used as the status code for the response.
+ *
+ * For example:
+ *
+ * {error: 'Ordinary Error'}
+ *   is sent as is with status 200.
+ * {error: '401 Authentication Error'}
+ *   is sent as {error: 'Authentication Error'} with status 401
+ */
+export function response<T>(rvalue: Ok<T> | Error, extraHeaders?: Plain) {
+
+  if ('ok' in rvalue) {
+    const body = JSON.stringify(rvalue)
+    return new Response(body, {
+      status: 200,
+      headers: {
+        ...extraHeaders,
+        'Content-Type': 'application/json',
+        'Access-Control-Allow-Origin': '*',
+      }
+    })
+  }
+
+  const error = rvalue.error
+  const [, status, message] = error.match(/(\d{3})\s(.+)/) ?? [null, '200', error]
+  const body = JSON.stringify({
+    error: message
+  })
+  return new Response(body, {
+    status: Number(status),
+    headers: {
+      ...extraHeaders,
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*'
+    }
+  })
+}
+
+/**
+ * Returns a 404 error response, including
+ * the standard JSON error return value.
+ * @deprecated Use response instead using a status-prefixed error message.
+ */
+export function response404<T>(json: Error = {
+  error: '404 Not Found'
+}) {
+  const body = JSON.stringify(json)
+  return new Response(body, {
+    status: 404,
+    headers: {
+      'Content-Type': 'application/json',
+      'Access-Control-Allow-Origin': '*',
+    }
+  })
+}
+
+/**
+ * Returns a 302 permanent redirect response.
+ * @param url the url to redirect to.
+ * @returns Response object.
+ */
+export function response302(url: URL, extraHeaders: Plain = []): Response {
+  return new Response(null, {
+    status: 302,
+    headers: {
+      'Location': url.toString(),
+      'Access-Control-Allow-Origin': '*',
+      ...extraHeaders
+    }
+  })
+}
+
+/**
+ * Simple build-a-cookie support.
+ *
+ * If the `expires` attribute is not defined, it's a session cookie.
+ * Otherwise it's a permanent cookie. To delete a cookie, use the
+ * `expires` attribute set to `new Date(0)`.
+ */
+
+export interface CookiePayload {
+  name: string
+  value: string
+  domain?: string
+  sameSite?: 'Strict' | 'Lax' | 'None'
+  path?: string
+  expires?: Date
+  secure?: boolean
+  httpOnly?: boolean
+}
+
+export type CookieString = string
+
+export function buildCookie(payload: CookiePayload): CookieString {
+  const {
+    name,
+    value,
+    domain,
+    sameSite,
+    path = '/',
+    expires,
+    secure = true,
+    httpOnly = true
+  } = payload
+
+  const builder: string[] = []
+  builder.push(`${encodeURIComponent(name)}=${encodeURIComponent(value)}`)
+  if (domain) builder.push(`Domain=${domain}`)
+  if (sameSite) builder.push(`SameSite=${sameSite}`)
+  builder.push(`Path=${path}`)
+  if (expires) builder.push(`Expires=${expires.toUTCString()}`)
+  if (secure) builder.push(`Secure`)
+  if (httpOnly) builder.push('HttpOnly')
+
+  const cookie = builder.join('; ')
+  return cookie
+}