		@@ -1,46 +0,69 @@
		'use strict'
		'use strict';

		var KeyEncoder = require('key-encoder'),
		TokenSigner = require('jwt-js').TokenSigner,
		decodeToken = require('jwt-js').decodeToken,
		secp256k1 = require('elliptic-curve').secp256k1,
		uuid = require('node-uuid')
		Object.defineProperty(exports, "__esModule", {
		value: true
		});
		exports.AuthRequest = undefined;

		function AuthRequest(privateKey) {
		this.privateKey = privateKey
		this.keyEncoder = new KeyEncoder('secp256k1')
		this.publicKey = secp256k1.getPublicKey(privateKey)
		this.tokenSigner = new TokenSigner('ES256k', privateKey)
		this.issuer = { publicKey: this.publicKey }
		this.provisions = [
		{ action: 'sign', data: uuid.v4() },
		{ action: 'disclose', scope: 'username' }
		]
		}
		var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable \|\| false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();

		AuthRequest.prototype.setIssuer = function(issuer) {
		var newIssuer = this.issuer
		for (var attrname in issuer) {
		newIssuer[attrname] = issuer[attrname]
		}
		this.issuer = newIssuer
		}
		var _keyEncoder = require('key-encoder');

		AuthRequest.prototype.setProvisions = function(provisions) {
		this.provisions = provisions
		}
		var _keyEncoder2 = _interopRequireDefault(_keyEncoder);

		AuthRequest.prototype.payload = function() {
		var payload = {
		issuer: this.issuer,
		issuedAt: new Date().getTime(),
		provisions: this.provisions
		var _blockstackTokens = require('blockstack-tokens');

		var _ellipticCurve = require('elliptic-curve');

		var _nodeUuid = require('node-uuid');

		var _nodeUuid2 = _interopRequireDefault(_nodeUuid);

		function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

		function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }

		var AuthRequest = exports.AuthRequest = function () {
		function AuthRequest(privateKey) {
		_classCallCheck(this, AuthRequest);

		this.privateKey = privateKey;
		this.keyEncoder = new _keyEncoder2.default('secp256k1');
		this.publicKey = _ellipticCurve.secp256k1.getPublicKey(privateKey);
		this.tokenSigner = new _blockstackTokens.TokenSigner('ES256k', privateKey);
		this.issuer = { publicKey: this.publicKey };
		this.provisions = [{ action: 'sign', data: _nodeUuid2.default.v4() }, { action: 'disclose', scope: 'username' }];
		}
		return payload
		}

		AuthRequest.prototype.sign = function() {
		return this.tokenSigner.sign(this.payload())
		}
		_createClass(AuthRequest, [{
		key: 'setIssuer',
		value: function setIssuer(issuer) {
		var newIssuer = this.issuer;
		for (var attrname in issuer) {
		newIssuer[attrname] = issuer[attrname];
		}
		this.issuer = newIssuer;
		}
		}, {
		key: 'setProvisions',
		value: function setProvisions(provisions) {
		this.provisions = provisions;
		}
		}, {
		key: 'payload',
		value: function payload() {
		return {
		issuer: this.issuer,
		issuedAt: new Date().getTime(),
		provisions: this.provisions
		};
		}
		}, {
		key: 'sign',
		value: function sign() {
		return this.tokenSigner.sign(this.payload());
		}
		}]);

		module.exports = AuthRequest
		return AuthRequest;
		}();

159

lib/auth-response.js

		@@ -1,75 +0,102 @@
		'use strict'
		'use strict';

		var KeyEncoder = require('key-encoder'),
		TokenSigner = require('jwt-js').TokenSigner,
		decodeToken = require('jwt-js').decodeToken,
		secp256k1 = require('elliptic-curve').secp256k1,
		uuid = require('node-uuid')
		Object.defineProperty(exports, "__esModule", {
		value: true
		});
		exports.AuthResponse = undefined;

		function AuthResponse(privateKey) {
		this.privateKey = privateKey
		this.keyEncoder = new KeyEncoder('secp256k1')
		this.publicKey = secp256k1.getPublicKey(privateKey)
		this.tokenSigner = new TokenSigner('ES256k', privateKey)
		this.issuer = { publicKey: this.publicKey }
		}
		var _createClass = function () { function defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable \|\| false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } return function (Constructor, protoProps, staticProps) { if (protoProps) defineProperties(Constructor.prototype, protoProps); if (staticProps) defineProperties(Constructor, staticProps); return Constructor; }; }();

		AuthResponse.prototype.satisfyProvisions = function(provisions, username, privateData) {
		var _this = this
		provisions.forEach(function(provision) {
		switch(provision.action) {
		case 'disclose':
		if (provision.scope === 'username' && username) {
		provision.data = username
		}
		break;
		case 'sign':
		if (provision.data) {
		var signature = secp256k1.signMessage(provision.data, _this.privateKey)
		provision.signature = signature
		}
		break;
		case 'write':
		break;
		default:
		break;
		}
		})
		var _keyEncoder = require('key-encoder');

		this.provisions = provisions
		}
		var _keyEncoder2 = _interopRequireDefault(_keyEncoder);

		AuthResponse.prototype.setIssuer = function(username, publicKeychain, chainPath) {
		if (username && publicKeychain && chainPath) {
		this.issuer = {
		publicKey: this.publicKey,
		username: username,
		publicKeychain: publicKeychain,
		chainPath: chainPath
		}
		} else if (username) {
		this.issuer = {
		publicKey: this.publicKey,
		username: username
		}
		} else if (username \|\| publicKeychain \|\| chainPath) {
		throw 'Either all or none of the following must be provided: username, publicKeychain, chainPath'
		} else {
		throw 'Cannot set issuer without the following: username, publicKeychain, chainPath'
		}
		}
		var _blockstackTokens = require('blockstack-tokens');

		AuthResponse.prototype.payload = function() {
		var payload = {
		issuer: this.issuer,
		issuedAt: new Date().getTime(),
		provisions: this.provisions
		var _ellipticCurve = require('elliptic-curve');

		var _nodeUuid = require('node-uuid');

		var _nodeUuid2 = _interopRequireDefault(_nodeUuid);

		function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

		function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } }

		var AuthResponse = exports.AuthResponse = function () {
		function AuthResponse(privateKey) {
		_classCallCheck(this, AuthResponse);

		this.privateKey = privateKey;
		this.keyEncoder = new _keyEncoder2.default('secp256k1');
		this.publicKey = _ellipticCurve.secp256k1.getPublicKey(privateKey);
		this.tokenSigner = new _blockstackTokens.TokenSigner('ES256k', privateKey);
		this.issuer = { publicKey: this.publicKey };
		}
		return payload
		}

		AuthResponse.prototype.sign = function() {
		return this.tokenSigner.sign(this.payload())
		}
		_createClass(AuthResponse, [{
		key: 'satisfyProvisions',
		value: function satisfyProvisions(provisions, username, privateData) {
		var _this = this;

		module.exports = AuthResponse
		provisions.forEach(function (provision) {
		switch (provision.action) {
		case 'disclose':
		if (provision.scope === 'username' && username) {
		provision.data = username;
		}
		break;
		case 'sign':
		if (provision.data) {
		var signature = _ellipticCurve.secp256k1.signMessage(provision.data, _this.privateKey);
		provision.signature = signature;
		}
		break;
		case 'write':
		break;
		default:
		break;
		}
		});

		this.provisions = provisions;
		}
		}, {
		key: 'setIssuer',
		value: function setIssuer(username, publicKeychain, chainPath) {
		if (username && publicKeychain && chainPath) {
		this.issuer = {
		publicKey: this.publicKey,
		username: username,
		publicKeychain: publicKeychain,
		chainPath: chainPath
		};
		} else if (username) {
		this.issuer = {
		publicKey: this.publicKey,
		username: username
		};
		} else if (username \|\| publicKeychain \|\| chainPath) {
		throw 'Either all or none of the following must be provided: username, publicKeychain, chainPath';
		} else {
		throw 'Cannot set issuer without the following: username, publicKeychain, chainPath';
		}
		}
		}, {
		key: 'payload',
		value: function payload() {
		return {
		issuer: this.issuer,
		issuedAt: new Date().getTime(),
		provisions: this.provisions
		};
		}
		}, {
		key: 'sign',
		value: function sign() {
		return this.tokenSigner.sign(this.payload());
		}
		}]);

		return AuthResponse;
		}();

171

lib/verification.js

		@@ -1,130 +0,139 @@
		'use strict'
		'use strict';

		var TokenVerifier = require('jwt-js').TokenVerifier,
		KeyEncoder = require('key-encoder'),
		hasprop = require('hasprop'),
		Promise = require('promise'),
		decodeToken = require('jwt-js').decodeToken,
		PublicKeychain = require('keychain-manager').PublicKeychain
		Object.defineProperty(exports, "__esModule", {
		value: true
		});
		exports.verifyAuthInProfile = verifyAuthInProfile;
		exports.verifyKeychainChild = verifyKeychainChild;
		exports.verifyAuthMessage = verifyAuthMessage;

		var _blockstackTokens = require('blockstack-tokens');

		var _keyEncoder = require('key-encoder');

		var _hasprop = require('hasprop');

		var _hasprop2 = _interopRequireDefault(_hasprop);

		var _promise = require('promise');

		var _promise2 = _interopRequireDefault(_promise);

		var _keychainManager = require('keychain-manager');

		function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }

		function verifyAuthInProfile(blockstackResolver, username, key, isKeychain, resolve, reject) {
		blockstackResolver([username], function(data) {
		/* Verifies the auth field in a user profile */

		blockstackResolver([username], function (data) {
		if (data === null \|\| data === '') {
		resolve(false)
		resolve(false);
		}

		if (data.hasOwnProperty(username)) {
		var item = data[username]
		if (hasprop(item, 'profile.auth')) {
		var authInfo = data[username].profile.auth
		var item = data[username];
		if ((0, _hasprop2.default)(item, 'profile.auth')) {
		var authInfo = data[username].profile.auth;
		if (Object.prototype.toString.call(authInfo) === '[object Array]') {
		authInfo.forEach(function(authItem) {
		authInfo.forEach(function (authItem) {
		if (isKeychain) {
		if (hasprop(authItem, 'publicKeychain')) {
		if ((0, _hasprop2.default)(authItem, 'publicKeychain')) {
		if (key === authItem.publicKeychain) {
		resolve(true)
		return
		resolve(true);
		return;
		}
		}
		} else {
		if (hasprop(authItem, 'publicKey')) {
		if ((0, _hasprop2.default)(authItem, 'publicKey')) {
		if (key === authItem.publicKey) {
		resolve(true)
		return
		resolve(true);
		return;
		}
		}
		}
		})
		});
		}
		}
		}
		resolve(false)
		}, function(err) {
		reject(err)
		})
		resolve(false);
		}, function (err) {
		reject(err);
		});
		}

		function verifyKeychainChild(publicKeychain, childPublicKey, chainPath, resolve, reject) {
		var publicKeychain = new PublicKeychain(publicKeychain)
		var derivedChildPublicKey = publicKeychain.descendant(chainPath).publicKey().toString()
		resolve(derivedChildPublicKey === childPublicKey)
		function verifyKeychainChild(publicKeychainString, childPublicKey, chainPath, resolve, reject) {
		var publicKeychain = new _keychainManager.PublicKeychain(publicKeychainString);
		var derivedChildPublicKey = publicKeychain.descendant(chainPath).publicKey().toString();
		resolve(derivedChildPublicKey === childPublicKey);
		}

		function verifyAuthMessage(token, blockstackResolver, resolve, reject) {
		var decodedToken = decodeToken(token),
		payload = decodedToken.payload
		var decodedToken = (0, _blockstackTokens.decodeToken)(token),
		payload = decodedToken.payload;

		if (!hasprop(payload, 'issuer.publicKey')) {
		reject('token must have a public key')
		if (!(0, _hasprop2.default)(payload, 'issuer.publicKey')) {
		reject('token must have a public key');
		}

		var hasKeychain,
		publicKey = payload.issuer.publicKey
		var hasKeychain = void 0,
		publicKey = payload.issuer.publicKey;

		var tokenVerifier = new TokenVerifier('ES256k', publicKey),
		tokenSignerVerified = tokenVerifier.verify(token)
		var tokenVerifier = new _blockstackTokens.TokenVerifier('ES256k', publicKey),
		tokenSignerVerified = tokenVerifier.verify(token);

		if (!tokenSignerVerified) {
		resolve(tokenSignerVerified)
		return
		resolve(tokenSignerVerified);
		return;
		}

		if (!hasprop(payload, 'issuer.username') &&
		!hasprop(payload, 'issuer.publicKeychain') &&
		!hasprop(payload, 'issuer.chainPath')) {
		if (!(0, _hasprop2.default)(payload, 'issuer.username') && !(0, _hasprop2.default)(payload, 'issuer.publicKeychain') && !(0, _hasprop2.default)(payload, 'issuer.chainPath')) {
		// Issuer only contains the public key
		resolve(tokenSignerVerified)
		return
		} else if (hasprop(payload, 'issuer.username') &&
		!hasprop(payload, 'issuer.publicKeychain') &&
		!hasprop(payload, 'issuer.chainPath')) {
		resolve(tokenSignerVerified);
		return;
		} else if ((0, _hasprop2.default)(payload, 'issuer.username') && !(0, _hasprop2.default)(payload, 'issuer.publicKeychain') && !(0, _hasprop2.default)(payload, 'issuer.chainPath')) {
		// Issuer only contains the blockchain ID and signing public key
		hasKeychain = false
		} else if (hasprop(payload, 'issuer.username') &&
		hasprop(payload, 'issuer.publicKeychain') &&
		hasprop(payload, 'issuer.chainPath')) {
		hasKeychain = false;
		} else if ((0, _hasprop2.default)(payload, 'issuer.username') && (0, _hasprop2.default)(payload, 'issuer.publicKeychain') && (0, _hasprop2.default)(payload, 'issuer.chainPath')) {
		// Issuer contains the blockchain ID, public keychain, chain path,
		// and signing public key
		hasKeychain = true
		hasKeychain = true;
		} else {
		// Issuer is invalid
		reject('token must have a username, and may have a publicKeychain and chainPath')
		reject('token must have a username, and may have a publicKeychain and chainPath');
		}

		var username = payload.issuer.username
		var username = payload.issuer.username;

		if (!hasKeychain) {
		var verifyAuthInProfilePromise = new Promise(function(resolve, reject) {
		verifyAuthInProfile(blockstackResolver, username, publicKey, false, resolve, reject)
		})
		var verifyAuthInProfilePromise = new _promise2.default(function (resolve, reject) {
		verifyAuthInProfile(blockstackResolver, username, publicKey, false, resolve, reject);
		});

		verifyAuthInProfilePromise.then(function(value) {
		resolve(value)
		})
		verifyAuthInProfilePromise.then(function (value) {
		resolve(value);
		});
		} else {
		var publicKeychain = payload.issuer.publicKeychain,
		childPublicKey = payload.issuer.publicKey,
		chainPath = payload.issuer.chainPath

		var verifyKeychainChildPromise = new Promise(function(resolve, reject) {
		verifyKeychainChild(publicKeychain, childPublicKey, chainPath, resolve, reject)
		})
		(function () {
		var publicKeychain = payload.issuer.publicKeychain,
		childPublicKey = payload.issuer.publicKey,
		chainPath = payload.issuer.chainPath;

		var verifyAuthInProfilePromise = new Promise(function(resolve, reject) {
		verifyAuthInProfile(blockstackResolver, username, publicKeychain, true, resolve, reject)
		})
		var verifyKeychainChildPromise = new _promise2.default(function (resolve, reject) {
		verifyKeychainChild(publicKeychain, childPublicKey, chainPath, resolve, reject);
		});

		Promise.all([verifyKeychainChildPromise, verifyAuthInProfilePromise])
		.then(function(results) {
		var keychainChildIsValid = results[0],
		authInProfileIsValid = results[1]
		resolve(keychainChildIsValid && authInProfileIsValid)
		}, function(err) {
		reject(err)
		})
		var verifyAuthInProfilePromise = new _promise2.default(function (resolve, reject) {
		verifyAuthInProfile(blockstackResolver, username, publicKeychain, true, resolve, reject);
		});

		_promise2.default.all([verifyKeychainChildPromise, verifyAuthInProfilePromise]).then(function (results) {
		var keychainChildIsValid = results[0],
		authInProfileIsValid = results[1];
		resolve(keychainChildIsValid && authInProfileIsValid);
		}, function (err) {
		reject(err);
		});
		})();
		}
		}

		module.exports = {
		verifyAuthMessage: verifyAuthMessage
		}

package.json

		{
		"name": "blockstack-auth",
		"version": "0.1.0",
		"version": "0.1.1",
		"description": "Blockstack Auth Library",
		"main": "index.js",
		"scripts": {
		"test": "node test.js"
		"compile": "babel --presets es2015 src -d lib",
		"test": "npm run compile; node lib/unitTests.js",
		"prepublish": "npm run compile"
		},
		@@ -49,2 +51,3 @@ "repository": {
		"base64url": "^1.0.4",
		"blockstack-tokens": "^0.5.1",
		"ecdsa-sig-formatter": "^1.0.2",
		@@ -54,3 +57,2 @@ "elliptic": "^5.1.0",
		"hasprop": "0.0.3",
		"jwt-js": "^0.4.2",
		"key-encoder": "^1.1.3",
		@@ -62,2 +64,4 @@ "keychain-manager": "^1.1.2",
		"devDependencies": {
		"babel-cli": "^6.14.0",
		"babel-preset-es2015": "^6.14.0",
		"onename-api": "^1.0.1",
		@@ -64,0 +68,0 @@ "tape": "^4.2.0"

index.js

test.js

blockstack-auth - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics

Dependency changes