ssb-invite - npm Package Compare versions

Comparing version 2.0.4 to 2.1.0

index.js

@@ -15,6 +15,4 @@ 'use strict'
 
-var manifest = mdm.manifest(fs.readFileSync(path.join(__dirname, 'api.md'), 'utf8'))
+var createClient = require('ssb-client/client')
 
-var ssbClient = require('ssb-client')
-
 // invite plugin
@@ -43,3 +41,3 @@ // adds methods for producing invite-codes,
   version: '1.0.0',
-  manifest: manifest,
+  manifest: require('./manifest.json'),
   permissions: {
@@ -204,2 +202,5 @@ master: {allow: ['create']},
         // remove surrounding quotes, if found
+        if(isObject(invite))
+          invite = invite.invite
+
         if (invite.charAt(0) === '"' && invite.charAt(invite.length - 1) === '"')
@@ -227,5 +228,6 @@ invite = invite.slice(1, -1)
         function connect (cb) {
-          ssbClient(null, {
-            caps: config.caps,
+          createClient({
+            keys: true, //use seed from invite instead.
             remote: invite,
+            config: config,
             manifest: {invite: {use: 'async'}, getAddress: 'async'}
@@ -293,6 +295,1 @@ }, cb)
 
-
-
-
-
-

package.json

 {
   "name": "ssb-invite",
   "description": "",
-  "version": "2.0.4",
+  "version": "2.1.0",
   "homepage": "https://github.com/ssbc/ssb-invite",
@@ -17,4 +17,3 @@ "repository": {
     "mdmanifest": "^1.0.8",
-    "muxrpc-validation": "^3.0.0",
-    "ssb-client": "^4.6.0",
+    "ssb-client": "^4.7.4",
     "ssb-keys": "^7.1.3",
@@ -21,0 +20,0 @@ "ssb-ref": "^2.13.9"

README.md

 # ssb-invite
 
-"followbot" style invite codes for ssb.
+Invite-token system, mainly used for pubs. Creates invite codes as one of ways of onboarding.
 
-this was the original design of follow messages.
-a pub server creates a code, that allows a new peer to connect.
-(the code is really a seed for a private key, that is only used once)
-connecting via that code then makes the pub follow you.
+Generally this ends being used for pubs:
 
-soon, hopefully supercededed by [user-invites](https://github.com/ssbc/user-invites)
-but supported for backwards compatibity
+- Users choose a pub from a [list of pubs](https://github.com/ssbc/ssb-server/wiki/Pub-Servers).
+- The chosen pub gives out an invite code to the user via the pub's website.
+- The user installs a Scuttlebutt client and copy and paste the invite code into the client's "accept invite" prompt.
+- The pub validates the invite code and follows back the new user, making them visible to other Scuttlebutt users.
 
+Soon, hopefully supercededed by [ssb-peer-invites](https://github.com/ssbc/ssb-peer-invites) but supported for backwards compatibity.
 
+## api
+
+### create: async
+
+Create a new invite code.
+
+```shell
+create {n} [{note}, {external}]
+```
+
+```javascript
+create(n[, note, external], cb)
+```
+
+This produces an invite-code which encodes the ssb-server instance's public address, and a keypair seed.
+The keypair seed is used to generate a keypair, which is then used to authenticate a connection with the ssb-server instance.
+The ssb-server instance will then grant access to the `use` call.
+
+- `n` (number): How many times the invite can be used before it expires.
+- `note` (string): A note to associate with the invite code. The ssb-server instance will
+    include this note in the follow message that it creates when `use` is
+    called.
+- `external` (string): An external hostname to use
+
+
+### accept: async
+
+Use an invite code.
+
+ - invitecode (string)
+
+```bash
+accept {invitecode}
+```
+
+```js
+accept(invitecode, cb)
+```
+
+This connects to the server address encoded in the invite-code, then calls `use()` on the server.
+It will cause the server to follow the local user.
+
+
+### use: async
+
+Use an invite code created by this ssb-server instance (advanced function).
+
+```bash
+use --feed {feedid}
+```
+
+```javascript
+use({ feed: }, cb)
+```
+
+This commands the receiving server to follow the given feed.
+
+An invite-code encodes the ssb-server instance's address, and a keypair seed.
+The keypair seed must be used to generate a keypair, then authenticate a connection with the ssb-server instance, in order to use this function.
+
+ - `feed` (feedid): The feed the server should follow.
+
 ## License
 
 MIT

test/invite.js

@@ -8,3 +8,6 @@ //WARNING: this test currently only passes
 var ref = require('ssb-ref')
+var crypto = require('crypto')
 
+var caps = {shs: crypto.randomBytes(32).toString('base64')}
+
 var createSsbServer = require('ssb-server')
@@ -38,2 +41,3 @@ //.use(require('../plugins/master'))
     keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -44,2 +48,3 @@
     keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -50,2 +55,3 @@
     keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -86,2 +92,59 @@
 
+tape('test invite.accept api using non default app key', function (t) {
+
+  var appkey = crypto.randomBytes(32).toString('base64');
+
+  var alice = createSsbServer({
+    temp: 'test-invite-alice2', timeout: 100,
+    allowPrivate: true,
+    keys: ssbKeys.generate(),
+//    caps: caps,
+    caps: { shs: appkey }
+  })
+
+  var bob = createSsbServer({
+    temp: 'test-invite-bob2', timeout: 100,
+    keys: ssbKeys.generate(),
+    caps: { shs: appkey }
+  })
+
+  var carol = createSsbServer({
+    temp: 'test-invite-carol2', timeout: 100,
+    keys: ssbKeys.generate(),
+    caps: { shs: appkey }
+  })
+
+  if(!alice.getAddress('device'))
+    throw new Error('alice must have device address')
+  if(!alice.getAddress('local'))
+    throw new Error('alice must have local address')
+
+  //request a secret that with particular permissions.
+
+  alice.invite.create(1, function (err, invite) {
+    if(err) throw err
+    //test that invite is accepted with quotes around it.
+    bob.invite.accept(JSON.stringify(invite), function (err) {
+      if(err) throw err
+      alice.friends.hops({
+        source: alice.id, dest: bob.id
+      }, function (err, hops) {
+        if(err) throw err
+        t.equal(hops[bob.id], 1, 'alice follows bob')
+        carol.invite.accept(invite, function (err) {
+          alice.friends.hops({
+            source: alice.id, dest: bob.id
+          }, function (err, hops) {
+            t.equal(hops[carol.id], undefined)
+            alice.close(true)
+            bob.close(true)
+            carol.close(true)
+            t.end()
+          })
+        })
+      })
+    })
+  })
+})
+
 tape('test invite.accept doesnt follow if already followed', function (t) {
@@ -93,3 +156,4 @@
     allowPrivate: true,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -100,3 +164,4 @@
     timeout: 100,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -168,3 +233,4 @@
     allowPrivate: true,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -174,3 +240,4 @@
     temp: 'test-invite-bob4', timeout: 100,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -218,3 +285,4 @@
     keys: ssbKeys.generate(),
-    connections: wsConnections
+    connections: wsConnections,
+    caps: caps,
   })
@@ -224,3 +292,4 @@
     temp: 'test-invite-bob5', timeout: 100,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -230,3 +299,4 @@
     temp: 'test-invite-carol5', timeout: 100,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -269,4 +339,5 @@
 
+tape('invite guest may NOT call get', function (t) {
 
-tape('test invite.accept doesnt follow if already followed', function (t) {
+  var keys = ssbKeys.generate()
 
@@ -278,3 +349,4 @@ var alice = createSsbServer({
     keys: ssbKeys.generate(),
-    connections: wsConnections
+    connections: wsConnections,
+    caps: caps,
   })
@@ -284,7 +356,8 @@
     if(err) throw err
-    console.log(msg)
     alice.invite.create({modern: true}, function (err, invite) {
-      ssbClient(null, {
+      if(err) throw err
+      ssbClient(keys, {
         remote: invite,
-        manifest: {get: 'async', add: 'async'}
+        manifest: {get: 'async', add: 'async'},
+        caps: caps
       }, function (err, rpc) {
@@ -294,5 +367,7 @@ if(err) throw err
           t.ok(err)
-          console.log(value)
-          t.end()
-          alice.close()
+          rpc.add(msg.key, function (err, value) {
+            t.ok(err)
+            t.end()
+            alice.close()
+          })
         })
@@ -304,3 +379,2 @@ })
 
-
 tape('test invite with note', function (t) {
@@ -311,3 +385,4 @@
     allowPrivate: true,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -317,3 +392,4 @@
     temp: 'test-invite-bob7', timeout: 100,
-    keys: ssbKeys.generate()
+    keys: ssbKeys.generate(),
+    caps: caps,
   })
@@ -347,1 +423,4 @@
 
+
+
+

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25184

increased by15.73%

Dependency count

9

decreased by-10%

Number of package files

7

increased by16.67%

Lines of code

634

increased by21.46%

Number of lines in readme file

79

increased by364.71%

Number of medium supply chain risk alerts

0

decreased by-100%

Dependency changes

• - Removedmuxrpc-validation@^3.0.0

• - Removedmuxrpc-validation@3.0.2(transitive)

• - Removedzerr@1.0.4(transitive)

• Updatedssb-client@^4.7.4