@0xpass/passport
Advanced tools
Comparing version 1.0.1 to 2.0.0
# @0xpass/passport | ||
## 2.0.0 | ||
### Major Changes | ||
- c8ce2f1: DOA support and api upgrade to accept multiple credentials | ||
### Patch Changes | ||
- Updated dependencies [c8ce2f1] | ||
- @0xpass/models@2.0.0 | ||
## 1.0.1 | ||
@@ -4,0 +15,0 @@ |
@@ -10,2 +10,3 @@ import { AuthenticationParams, AuthenticationResponse, DelegatedRegisterAccountParams, DelegatedRegisterAccountResponse, LambaCallParams, LambdaNewParams, Method, NewScopeParams, NewScopeResponse, RegistrationParams, RegistrationResponse, RpcHeaders, RpcMethodParams, SignMessageParams, SignMessageResponse, SignTransactionParams, SignTransactionResponse, UpdateScopeParams, UpdateScopeResponse } from "./types"; | ||
enclave_public_key?: string; | ||
allow_sessions?: boolean; | ||
}; | ||
@@ -21,2 +22,3 @@ /** | ||
private scopeId; | ||
private userData; | ||
private signer; | ||
@@ -28,7 +30,15 @@ private enclavePublicKey; | ||
private authenticatedHeaders; | ||
private allowSession; | ||
/** | ||
* Sets the user data for the current session. | ||
* @param userData The user data to set. | ||
*/ | ||
setUserData(userData: { | ||
username: string; | ||
}): void; | ||
/** | ||
* Creates a new Passport instance. | ||
* @param endpoint The RPC endpoint to connect to a Passport node. | ||
*/ | ||
constructor({ scope_id, signer, endpoint, enclave_public_key, }: PassportConstructorParams); | ||
constructor({ scope_id, signer, endpoint, enclave_public_key, allow_sessions, }: PassportConstructorParams); | ||
setupEncryption(): Promise<void>; | ||
@@ -35,0 +45,0 @@ private isCredentialCreator; |
@@ -5,2 +5,10 @@ import axios from 'axios'; | ||
const AuthenticatedMethod = [ | ||
"personal_sign", | ||
"eth_signTransaction", | ||
"eth_signTypedData_v4", | ||
"createLambda", | ||
"listLambda", | ||
]; | ||
const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto; | ||
@@ -150,9 +158,18 @@ const LOCAL_RSA_PUBLIC_KEY = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl8sLC46QMKa400EnVfz+bEU2JJHXsXcwIGMItRJ3ZM3XZSzAmELJPh3lAlXyhktq2Cl0w0PuaH//fCQm5/3Rm48ytcdBmvwh3zpCnUylS3eJKF15L2xMb8eQf6nnNMnucnrhvDfdCL5ZZlkn2FDB4/UJpgPfrHivK69gaeT725g89gWvKmEG7+RGoXLPEXU4UyHxYyMMCDwxH2fE+jN53FG8JlwuLu1cbTYxgYIxf4Um+CvYp7irlGfvxP+Ws9lkBJ+MtCishod/7ytJD9jpbYf6BUAHSAeWeNBbkgSdmPSia4Mi2wPXeqmzmovjfJfWSiaCW+wFuMyCGVx/g/znQIDAQAB"; | ||
/** | ||
* Sets the user data for the current session. | ||
* @param userData The user data to set. | ||
*/ | ||
setUserData(userData) { | ||
this.userData = userData; | ||
} | ||
/** | ||
* Creates a new Passport instance. | ||
* @param endpoint The RPC endpoint to connect to a Passport node. | ||
*/ | ||
constructor({ scope_id, signer, endpoint = "https://tiramisu.0xpass.io", enclave_public_key = LOCAL_RSA_PUBLIC_KEY, }) { | ||
constructor({ scope_id, signer, endpoint = "https://tiramisu.0xpass.io", enclave_public_key = LOCAL_RSA_PUBLIC_KEY, allow_sessions = true, }) { | ||
this.userData = null; | ||
this.aesKey = null; | ||
this.encryptedAesKey = null; | ||
this.parsedJwt = null; | ||
this.allowSession = true; | ||
/** | ||
@@ -164,3 +181,3 @@ * Signs a message. | ||
this.signMessage = async (params) => { | ||
return this.call("personal_sign", [params, this.parsedJwt.address], this.authenticatedHeaders); | ||
return this.call("personal_sign", [params, "0x0000000000000000000000000000000000000000"], this.authenticatedHeaders); | ||
}; | ||
@@ -193,3 +210,11 @@ /** | ||
this.delegatedRegisterAccount = async (params) => { | ||
return await this.call("delegatedRegistration", params); | ||
const encrypted_user = await aesEncrypt(JSON.stringify(params), this.aesKey); | ||
const signature = await this.signer.sign(encrypted_user); | ||
const encrypted_signature = await aesEncrypt(JSON.stringify(signature), this.aesKey); | ||
return await this.call("delegatedRegistration", { | ||
encrypted_user: encrypted_user, | ||
encrypted_credential: { | ||
KeySignature: encrypted_signature, | ||
}, | ||
}); | ||
}; | ||
@@ -239,4 +264,6 @@ this.register = async (params) => { | ||
this.authenticatedHeaders = { | ||
"x-encrypted-key": this.encryptedAesKey, | ||
"x-session": authResult.result.encrypted_jwt, | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Scope-Id": this.scopeId, | ||
"X-Encrypted-User": encrypted_user, | ||
"X-Encrypted-Session": authResult.result.encrypted_jwt, | ||
}; | ||
@@ -264,2 +291,3 @@ const jwt = await aesDecrypt(authResult.result.encrypted_jwt, this.aesKey); | ||
this.enclavePublicKey = pemToBuffer(enclave_public_key); | ||
this.allowSession = allow_sessions; | ||
} | ||
@@ -287,5 +315,28 @@ async setupEncryption() { | ||
async call(method, params = {}, headers = undefined) { | ||
if (headers === undefined) { | ||
headers = { "x-scope-id": this.scopeId, "x-encrypted-key": this.encryptedAesKey }; | ||
const is_method_authenticated = AuthenticatedMethod.includes(method); | ||
const encrypted_user = await aesEncrypt(JSON.stringify(this.userData), this.aesKey); | ||
if (is_method_authenticated) { | ||
if (!headers || this.allowSession === false) { | ||
if (!this.userData) { | ||
throw new Error("User data must be set before proceeding."); | ||
} | ||
const signature = await this.signer.sign(encrypted_user); | ||
console.log(signature); | ||
const encrypted_signature = await aesEncrypt(JSON.stringify(signature), this.aesKey); | ||
const header = this.signer.getHeaderName(); | ||
headers = { | ||
"X-Encrypted-User": encrypted_user, | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Scope-Id": this.scopeId, | ||
[header]: encrypted_signature, | ||
}; | ||
} | ||
} | ||
else { | ||
headers = { | ||
"X-Scope-Id": this.scopeId, | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Encrypted-User": encrypted_user, | ||
}; | ||
} | ||
const payload = { | ||
@@ -295,8 +346,7 @@ jsonrpc: "2.0", | ||
method, | ||
params: params, | ||
params, | ||
}; | ||
try { | ||
const { data } = await axios.post(this.endpoint, payload, { | ||
headers, | ||
}); | ||
const res = await axios.post(this.endpoint, payload, { headers }); | ||
const { data } = res; | ||
return data; | ||
@@ -303,0 +353,0 @@ } |
import { LambdaExecutable, NewLambda } from "./lambda"; | ||
export type Method = "personal_sign" | "eth_signTransaction" | "eth_signTypedData_v4" | "verify" | "createScope" | "updateScope" | "delegatedRegistration" | "initiateRegistration" | "completeRegistration" | "initiateAuthentication" | "completeAuthentication" | "createLambda" | "executeLambda" | "listLambda"; | ||
export declare const AuthenticatedMethod: Array<Method>; | ||
export type SignMessageParams = string; | ||
@@ -65,4 +66,13 @@ export type SignMessageResponse = { | ||
}; | ||
export type DelegatedRegisterAccountParams = {}; | ||
export type DelegatedRegisterAccountResponse = {}; | ||
export type DelegatedRegisterAccountParams = { | ||
username: string; | ||
}; | ||
export type DelegatedRegisterAccountResponse = { | ||
id: string; | ||
result: { | ||
account_id: string; | ||
identifier_hash: string; | ||
}; | ||
error: any; | ||
}; | ||
export type AuthenticationResponse = [AuthenticatedHeaders, string]; | ||
@@ -72,10 +82,11 @@ export type RpcMethodParams = NewScopeParams | UpdateScopeParams | SignMessageParams | SignTransactionParams | DelegatedRegisterAccountParams | RegistrationParams | AuthenticationParams; | ||
export type UnAuthenticatedHeaders = { | ||
"x-encrypted-key": string; | ||
"x-scope-id": string; | ||
"X-Encrypted-Key": string; | ||
"X-Scope-Id": string; | ||
"X-Encrypted-User": string; | ||
}; | ||
export type AuthenticatedHeaders = { | ||
"x-encrypted-key": string; | ||
"x-session": string; | ||
export type SignatureHeader = "X-Encrypted-Session" | "X-Encrypted-Webauthn-Signature" | "X-Encrypted-Key-Signature"; | ||
export type AuthenticatedHeaders = UnAuthenticatedHeaders & { | ||
[key in SignatureHeader]: string; | ||
}; | ||
export type RpcMethodResponse = NewScopeResponse | UpdateScopeResponse | SignMessageResponse | DelegatedRegisterAccountResponse | SignTransactionResponse | RegistrationResponse | AuthenticationResponse; | ||
//# sourceMappingURL=index.d.ts.map |
{ | ||
"name": "@0xpass/passport", | ||
"version": "1.0.1", | ||
"version": "2.0.0", | ||
"description": "", | ||
@@ -21,3 +21,3 @@ "main": "dist/index.js", | ||
"node-forge": "^1.3.1", | ||
"@0xpass/models": "1.0.0" | ||
"@0xpass/models": "2.0.0" | ||
}, | ||
@@ -24,0 +24,0 @@ "devDependencies": { |
@@ -0,1 +1,2 @@ | ||
const cryptoObj = typeof window !== "undefined" ? window.crypto : crypto; | ||
@@ -51,2 +52,3 @@ | ||
return cryptoObj.subtle.importKey(keyFormat, encryptionKey, algo, extractable, keyUsages); | ||
return cryptoObj.subtle.importKey(keyFormat, encryptionKey, algo, extractable, keyUsages); | ||
}; | ||
@@ -53,0 +55,0 @@ |
import axios from "axios"; | ||
import { | ||
AuthenticatedHeaders, | ||
AuthenticatedMethod, | ||
AuthenticationParams, | ||
@@ -22,2 +23,3 @@ AuthenticationResponse, | ||
SignTransactionResponse, | ||
SignatureHeader, | ||
UpdateScopeParams, | ||
@@ -28,3 +30,3 @@ UpdateScopeResponse, | ||
import { SignerWithOptionalCreator } from "./types/credential"; | ||
import { CredentialCreator } from "@0xpass/models"; | ||
import { CredentialCreator, KeyAssertion } from "@0xpass/models"; | ||
import { | ||
@@ -46,2 +48,3 @@ aesDecrypt, | ||
enclave_public_key?: string; | ||
allow_sessions?: boolean; | ||
}; | ||
@@ -60,2 +63,4 @@ | ||
private userData: any | null = null; | ||
private signer: SignerWithOptionalCreator; | ||
@@ -73,3 +78,12 @@ | ||
private allowSession: boolean = true; | ||
/** | ||
* Sets the user data for the current session. | ||
* @param userData The user data to set. | ||
*/ | ||
public setUserData(userData: { username: string }): void { | ||
this.userData = userData; | ||
} | ||
/** | ||
* Creates a new Passport instance. | ||
@@ -83,2 +97,3 @@ * @param endpoint The RPC endpoint to connect to a Passport node. | ||
enclave_public_key = LOCAL_RSA_PUBLIC_KEY, | ||
allow_sessions = true, | ||
}: PassportConstructorParams) { | ||
@@ -89,2 +104,3 @@ this.scopeId = scope_id; | ||
this.enclavePublicKey = pemToBuffer(enclave_public_key); | ||
this.allowSession = allow_sessions; | ||
} | ||
@@ -119,5 +135,34 @@ | ||
): Promise<any> { | ||
if (headers === undefined) { | ||
headers = { "x-scope-id": this.scopeId, "x-encrypted-key": this.encryptedAesKey }; | ||
const is_method_authenticated: boolean = AuthenticatedMethod.includes(method); | ||
const encrypted_user = await aesEncrypt(JSON.stringify(this.userData), this.aesKey); | ||
if (is_method_authenticated) { | ||
if (!headers || this.allowSession === false) { | ||
if (!this.userData) { | ||
throw new Error("User data must be set before proceeding."); | ||
} | ||
const signature = await this.signer.sign(encrypted_user); | ||
console.log(signature) | ||
const encrypted_signature = await aesEncrypt(JSON.stringify(signature), this.aesKey); | ||
const header: SignatureHeader = this.signer.getHeaderName() as SignatureHeader; | ||
headers = { | ||
"X-Encrypted-User": encrypted_user, | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Scope-Id": this.scopeId, | ||
[header]: encrypted_signature, | ||
}; | ||
} | ||
} else { | ||
headers = { | ||
"X-Scope-Id": this.scopeId, | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Encrypted-User": encrypted_user, | ||
}; | ||
} | ||
const payload = { | ||
@@ -127,9 +172,8 @@ jsonrpc: "2.0", | ||
method, | ||
params: params, | ||
params, | ||
}; | ||
try { | ||
const { data } = await axios.post(this.endpoint, payload, { | ||
headers, | ||
}); | ||
const res = await axios.post(this.endpoint, payload, { headers }); | ||
const { data } = res; | ||
return data; | ||
@@ -153,3 +197,7 @@ } catch (error) { | ||
public signMessage = async (params: SignMessageParams): Promise<SignMessageResponse> => { | ||
return this.call("personal_sign", [params, this.parsedJwt.address], this.authenticatedHeaders); | ||
return this.call( | ||
"personal_sign", | ||
[params, "0x0000000000000000000000000000000000000000"], | ||
this.authenticatedHeaders | ||
); | ||
}; | ||
@@ -196,3 +244,13 @@ | ||
): Promise<DelegatedRegisterAccountResponse> => { | ||
return await this.call("delegatedRegistration", params); | ||
const encrypted_user = await aesEncrypt(JSON.stringify(params), this.aesKey); | ||
const signature = await this.signer.sign(encrypted_user); | ||
const encrypted_signature = await aesEncrypt(JSON.stringify(signature), this.aesKey); | ||
return await this.call("delegatedRegistration", { | ||
encrypted_user: encrypted_user, | ||
encrypted_credential: { | ||
KeySignature: encrypted_signature, | ||
}, | ||
}); | ||
}; | ||
@@ -245,3 +303,2 @@ | ||
const encrypted_user = await aesEncrypt(JSON.stringify(params), this.aesKey); | ||
const initAuthResponse = await this.call("initiateAuthentication", { | ||
@@ -268,7 +325,8 @@ encrypted_user, | ||
}); | ||
this.authenticatedHeaders = { | ||
"x-encrypted-key": this.encryptedAesKey, | ||
"x-session": authResult.result.encrypted_jwt, | ||
}; | ||
"X-Encrypted-Key": this.encryptedAesKey, | ||
"X-Scope-Id": this.scopeId, | ||
"X-Encrypted-User": encrypted_user, | ||
"X-Encrypted-Session": authResult.result.encrypted_jwt, | ||
} as AuthenticatedHeaders; | ||
const jwt = await aesDecrypt(authResult.result.encrypted_jwt, this.aesKey); | ||
@@ -295,3 +353,3 @@ this.parsedJwt = parseJwt(jwt); | ||
return this.call("listLambda", {}, this.authenticatedHeaders); | ||
} | ||
}; | ||
} | ||
@@ -298,0 +356,0 @@ |
@@ -37,2 +37,7 @@ import { Passport, PassportConstructorParams} from "../index"; | ||
getHeaderName(): string { | ||
return "X-Encrypted-Key-Signature" | ||
} | ||
async getAllowCredentials(): Promise<{ key: AllowCredential[]; webauthn: AllowCredential[] }> { | ||
@@ -174,10 +179,4 @@ return { | ||
const mockResponse = [ | ||
{ | ||
"x-encrypted-key": ENCRYPTED_AES_KEY, | ||
"x-session": mockFinishAuthResult.data.result.encrypted_jwt, | ||
}, | ||
"0x77bf2ff2ecb1d5dbae5fce82136b66a76f8122b5", | ||
]; | ||
const response = await passport.authenticate({ | ||
@@ -188,3 +187,5 @@ username: "test", | ||
expect(response).toEqual(mockResponse); | ||
expect(response[0]["X-Encrypted-Key"]).toEqual(ENCRYPTED_AES_KEY); | ||
expect(response[0]["X-Encrypted-Session"]).toEqual( mockFinishAuthResult.data.result.encrypted_jwt ); | ||
expect(response[1]).toEqual("0x77bf2ff2ecb1d5dbae5fce82136b66a76f8122b5"); | ||
}); | ||
@@ -191,0 +192,0 @@ }); |
@@ -19,2 +19,10 @@ import { LambdaExecutable, NewLambda } from "./lambda"; | ||
export const AuthenticatedMethod: Array<Method> = [ | ||
"personal_sign", | ||
"eth_signTransaction", | ||
"eth_signTypedData_v4", | ||
"createLambda", | ||
"listLambda", | ||
]; | ||
export type SignMessageParams = string; | ||
@@ -94,4 +102,13 @@ | ||
export type DelegatedRegisterAccountParams = {}; | ||
export type DelegatedRegisterAccountResponse = {}; | ||
export type DelegatedRegisterAccountParams = { | ||
username: string; | ||
}; | ||
export type DelegatedRegisterAccountResponse = { | ||
id: string; | ||
result: { | ||
account_id: string; | ||
identifier_hash: string; | ||
}; | ||
error: any; | ||
}; | ||
@@ -112,9 +129,14 @@ export type AuthenticationResponse = [AuthenticatedHeaders, string]; | ||
export type UnAuthenticatedHeaders = { | ||
"x-encrypted-key": string; | ||
"x-scope-id": string; | ||
"X-Encrypted-Key": string; | ||
"X-Scope-Id": string; | ||
"X-Encrypted-User": string; | ||
}; | ||
export type AuthenticatedHeaders = { | ||
"x-encrypted-key": string; | ||
"x-session": string; | ||
export type SignatureHeader = | ||
| "X-Encrypted-Session" | ||
| "X-Encrypted-Webauthn-Signature" | ||
| "X-Encrypted-Key-Signature"; | ||
export type AuthenticatedHeaders = UnAuthenticatedHeaders & { | ||
[key in SignatureHeader]: string; | ||
}; | ||
@@ -121,0 +143,0 @@ |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
86183
1848
+ Added@0xpass/models@2.0.0(transitive)
- Removed@0xpass/models@1.0.0(transitive)
Updated@0xpass/models@2.0.0