aljaz/pubky-core
1
0
Fork 0
mirror of https://github.com/aljazceru/pubky-core.git synced 2025-12-20 07:24:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(js): return Session class from auth methods

Browse Source
This commit is contained in:
nazeh
2024-09-07 11:35:24 +03:00
parent 32377080d1
commit db006612ef
12 changed files with 182 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Cargo.lock generated
View File

@@ -1110,9 +1110,9 @@ checksum = "49f1f14873335454500d59611f1cf4a4b0f786f9ac11f4312a78e4cf2566695b"
[[package]] [[package]]
name = "js-sys" name = "js-sys"
version = "0.3.69" version = "0.3.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "29c15563dc2726973df627357ce0c9ddddbea194836909d655df6a75d2cf296d" checksum = "1868808506b929d7b0cfa8f75951347aa71bb21144b7791bae35d9bccfcfe37a"
dependencies = [ dependencies = [
"wasm-bindgen", "wasm-bindgen",
] ]
@@ -2540,19 +2540,20 @@ checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
[[package]] [[package]]
name = "wasm-bindgen" name = "wasm-bindgen"
version = "0.2.92" version = "0.2.93"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4be2531df63900aeb2bca0daaaddec08491ee64ceecbee5076636a3b026795a8" checksum = "a82edfc16a6c469f5f44dc7b571814045d60404b55a0ee849f9bcfa2e63dd9b5"
dependencies = [ dependencies = [
"cfg-if", "cfg-if",
"once_cell",
"wasm-bindgen-macro", "wasm-bindgen-macro",
] ]
[[package]] [[package]]
name = "wasm-bindgen-backend" name = "wasm-bindgen-backend"
version = "0.2.92" version = "0.2.93"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "614d787b966d3989fa7bb98a654e369c762374fd3213d212cfc0251257e747da" checksum = "9de396da306523044d3302746f1208fa71d7532227f15e347e2d93e4145dd77b"
dependencies = [ dependencies = [
"bumpalo", "bumpalo",
"log", "log",
@@ -2577,9 +2578,9 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-macro" name = "wasm-bindgen-macro"
version = "0.2.92" version = "0.2.93"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "a1f8823de937b71b9460c0c34e25f3da88250760bec0ebac694b49997550d726" checksum = "585c4c91a46b072c92e908d99cb1dcdf95c5218eeb6f3bf1efa991ee7a68cccf"
dependencies = [ dependencies = [
"quote", "quote",
"wasm-bindgen-macro-support", "wasm-bindgen-macro-support",
@@ -2587,9 +2588,9 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-macro-support" name = "wasm-bindgen-macro-support"
version = "0.2.92" version = "0.2.93"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e94f17b526d0a461a191c78ea52bbce64071ed5c04c9ffe424dcb38f74171bb7" checksum = "afc340c74d9005395cf9dd098506f7f44e38f2b4a21c6aaacf9a105ea5e1e836"
dependencies = [ dependencies = [
"proc-macro2", "proc-macro2",
"quote", "quote",
@@ -2600,15 +2601,15 @@ dependencies = [
[[package]] [[package]]
name = "wasm-bindgen-shared" name = "wasm-bindgen-shared"
version = "0.2.92" version = "0.2.93"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "af190c94f2773fdb3729c55b007a722abb5384da03bc0986df4c289bf5567e96" checksum = "c62a0a307cb4a311d3a07867860911ca130c3494e8c2719593806c08bc5d0484"
[[package]] [[package]]
name = "web-sys" name = "web-sys"
version = "0.3.69" version = "0.3.70"
source = "registry+https://github.com/rust-lang/crates.io-index" source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "77afa9a11836342370f4817622a2f0f418b134426d91a82dfb48f532d2ec13ef" checksum = "26fdeaafd9bd129f65e7c031593c24d62186301e0c72c8978fa1678be7d532c0"
dependencies = [ dependencies = [
"js-sys", "js-sys",
"wasm-bindgen", "wasm-bindgen",

34
examples/authz/3rd-party-app/src/pubky-auth-widget.js
View File

@@ -55,12 +55,19 @@ export class PubkyAuthWidget extends LitElement {
let [url, promise] = this.pubkyClient.authRequest(this.relay || DEFAULT_HTTP_RELAY, this.caps); let [url, promise] = this.pubkyClient.authRequest(this.relay || DEFAULT_HTTP_RELAY, this.caps);
promise.then(x => { promise.then(session => {
console.log({ x }) console.log({ id: session.pubky().z32(), capabilities: session.capabilities() })
alert(`Successfully signed in to ${session.pubky().z32()} with capabilities: ${session.capabilities().join(",")}`)
}).catch(e => { }).catch(e => {
console.error(e) console.error(e)
}) })
// let keypair = pubky.Keypair.random();
// const Homeserver = pubky.PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo')
// this.pubkyClient.signup(keypair, Homeserver).then(() => {
// this.pubkyClient.sendAuthToken(keypair, url)
// })
this.authUrl = url this.authUrl = url
} }
@@ -108,29 +115,6 @@ export class PubkyAuthWidget extends LitElement {
this.open = !this.open this.open = !this.open
} }
async _onCallback(response) {
try {
// Check if the response is ok (status code 200-299)
if (!response.ok) {
throw new Error(`HTTP error! status: ${response.status}`);
}
// Convert the response to an ArrayBuffer
const arrayBuffer = await response.arrayBuffer();
// Create a Uint8Array from the ArrayBuffer
const authToken = new Uint8Array(arrayBuffer);
let publicKey = await this.pubkyClient.thirdPartySignin(authToken, this.secret)
let session = await this.pubkyClient.session(publicKey);
alert(`Succssfully signed in as ${publicKey.z32()}`)
} catch (error) {
console.error('PubkyAuthWidget: Failed to read incoming AuthToken', error);
}
}
async _copyToClipboard() { async _copyToClipboard() {
try { try {
await navigator.clipboard.writeText(this.authUrl); await navigator.clipboard.writeText(this.authUrl);

22
pubky-common/src/session.rs
View File

@@ -12,13 +12,13 @@ use crate::{auth::AuthToken, capabilities::Capability, timestamp::Timestamp};
// and get more informations from the user-agent. // and get more informations from the user-agent.
#[derive(Clone, Serialize, Deserialize, Debug, Eq, PartialEq)] #[derive(Clone, Serialize, Deserialize, Debug, Eq, PartialEq)]
pub struct Session { pub struct Session {
pub version: usize, version: usize,
pub pubky: PublicKey, pubky: PublicKey,
pub created_at: u64, created_at: u64,
/// User specified name, defaults to the user-agent. /// User specified name, defaults to the user-agent.
pub name: String, name: String,
pub user_agent: String, user_agent: String,
pub capabilities: Vec<Capability>, capabilities: Vec<Capability>,
} }
impl Session { impl Session {
@@ -33,6 +33,16 @@ impl Session {
} }
} }
// === Getters ===
pub fn pubky(&self) -> &PublicKey {
&self.pubky
}
pub fn capabilities(&self) -> &Vec<Capability> {
&self.capabilities
}
// === Setters === // === Setters ===
pub fn set_user_agent(&mut self, user_agent: String) -> &mut Self { pub fn set_user_agent(&mut self, user_agent: String) -> &mut Self {

4
pubky-homeserver/src/routes/public.rs
View File

@@ -148,8 +148,8 @@ fn authorize(
.get_session(cookies, public_key)? .get_session(cookies, public_key)?
.ok_or(Error::with_status(StatusCode::UNAUTHORIZED))?; .ok_or(Error::with_status(StatusCode::UNAUTHORIZED))?;
if session.pubky == *public_key if session.pubky() == public_key
&& session.capabilities.iter().any(|cap| { && session.capabilities().iter().any(|cap| {
path.starts_with(&cap.scope[1..]) path.starts_with(&cap.scope[1..])
&& cap && cap
.abilities .abilities

34
pubky/pkg/README.md
View File

@@ -84,7 +84,7 @@ let session = await client.signin(keypair)
- keypair: An instance of [Keypair](#keypair). - keypair: An instance of [Keypair](#keypair).
Returns: Returns:
- session: An instance of [Session](#session). - An instance of [Session](#session).
#### signout #### signout
```js ```js
@@ -102,8 +102,7 @@ let session = await sessionPromise;
``` ```
Sign in to a user's Homeserver, without access to their [Keypair](#keypair), nor even [PublicKey](#publickey), Sign in to a user's Homeserver, without access to their [Keypair](#keypair), nor even [PublicKey](#publickey),
instead request permissions (showing the user pubkyauthUrl), and await a Session instead request permissions (showing the user pubkyauthUrl), and await a Session after the user consenting to that request.
after the user consenting to that request.
- relay: A URL to an [HTTP relay](https://httprelay.io/features/link/) endpoint. - relay: A URL to an [HTTP relay](https://httprelay.io/features/link/) endpoint.
- capabilities: A list of capabilities required for the app for example `/pub/pubky.app/:rw,/pub/example.com/:r`. - capabilities: A list of capabilities required for the app for example `/pub/pubky.app/:rw,/pub/example.com/:r`.
@@ -112,12 +111,21 @@ Returns:
- pubkyauthUrl: A url to show to the user to scan or paste into an Authenticator app holding the user [Keypair](#keypair) - pubkyauthUrl: A url to show to the user to scan or paste into an Authenticator app holding the user [Keypair](#keypair)
- sessionPromise: A promise that resolves into a [Session](#session) on success. - sessionPromise: A promise that resolves into a [Session](#session) on success.
#### session #### sendAuthToken
```js
await client.sendAuthToken(keypair, pubkyauthUrl);
```
Consenting to authentication or authorization according to the required capabilities in the `pubkyauthUrl` , and sign and send an auth token to the requester.
- keypair: An instance of [KeyPair](#keypair)
- pubkyauthUrl: A string `pubkyauth://` url
#### session {#session-method}
```js ```js
let session = await client.session(publicKey) let session = await client.session(publicKey)
``` ```
- publicKey: An instance of [PublicKey](#publickey). - publicKey: An instance of [PublicKey](#publickey).
- Returns: A session object if signed in, or undefined if not. - Returns: A [Session](#session) object if signed in, or undefined if not.
#### put #### put
```js ```js
@@ -166,7 +174,7 @@ let keypair = Keypair.fromSecretKey(secretKey)
- Returns: A new Keypair. - Returns: A new Keypair.
#### publicKey #### publicKey {#publickey-method}
```js ```js
let publicKey = keypair.publicKey() let publicKey = keypair.publicKey()
``` ```
@@ -194,6 +202,20 @@ let pubky = publicKey.z32();
``` ```
Returns: The z-base-32 encoded string representation of the PublicKey. Returns: The z-base-32 encoded string representation of the PublicKey.
### Session
#### pubky
```js
let pubky = session.pubky();
```
Returns an instance of [PublicKey](#publickey)
#### capabilities
```js
let capabilities = session.capabilities();
```
Returns an array of capabilities, for example `["/pub/pubky.app/:rw"]`
### Helper functions ### Helper functions
#### createRecoveryFile #### createRecoveryFile

39
pubky/pkg/test/auth.js
View File

@@ -2,14 +2,15 @@ import test from 'tape'
import { PubkyClient, Keypair, PublicKey } from '../index.cjs' import { PubkyClient, Keypair, PublicKey } from '../index.cjs'
const Homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo')
test('auth', async (t) => { test('auth', async (t) => {
const client = PubkyClient.testnet(); const client = PubkyClient.testnet();
const keypair = Keypair.random() const keypair = Keypair.random()
const publicKey = keypair.publicKey() const publicKey = keypair.publicKey()
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo') await client.signup(keypair, Homeserver)
await client.signup(keypair, homeserver)
const session = await client.session(publicKey) const session = await client.session(publicKey)
t.ok(session, "signup") t.ok(session, "signup")
@@ -29,6 +30,34 @@ test('auth', async (t) => {
} }
}) })
// TODO: test end to end test("3rd party signin", async (t) => {
// TODO: test invalid inputs let keypair = Keypair.random();
test.skip("3rd party signin") let pubky = keypair.publicKey().z32();
// Third party app side
let capabilities = "/pub/pubky.app/:rw,/pub/foo.bar/file:r";
let client = PubkyClient.testnet();
let [pubkyauth_url, pubkyauthResponse] = client
.authRequest("https://demo.httprelay.io/link", capabilities);
if (globalThis.document) {
// Skip `sendAuthToken` in browser
// TODO: figure out why does it fail in browser unit tests
// but not in real browser (check pubky-auth-widget.js commented part)
return
}
// Authenticator side
{
let client = PubkyClient.testnet();
await client.signup(keypair, Homeserver);
await client.sendAuthToken(keypair, pubkyauth_url)
}
let session = await pubkyauthResponse;
t.is(session.pubky().z32(), pubky)
t.deepEqual(session.capabilities(), capabilities.split(','))
})

22
pubky/pkg/test/public.js
View File

@@ -2,13 +2,14 @@ import test from 'tape'
import { PubkyClient, Keypair, PublicKey } from '../index.cjs' import { PubkyClient, Keypair, PublicKey } from '../index.cjs'
const Homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo');
test('public: put/get', async (t) => { test('public: put/get', async (t) => {
const client = PubkyClient.testnet(); const client = PubkyClient.testnet();
const keypair = Keypair.random(); const keypair = Keypair.random();
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo'); await client.signup(keypair, Homeserver);
await client.signup(keypair, homeserver);
const publicKey = keypair.publicKey(); const publicKey = keypair.publicKey();
@@ -46,8 +47,7 @@ test("not found", async (t) => {
const keypair = Keypair.random(); const keypair = Keypair.random();
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo'); await client.signup(keypair, Homeserver);
await client.signup(keypair, homeserver);
const publicKey = keypair.publicKey(); const publicKey = keypair.publicKey();
@@ -64,8 +64,7 @@ test("unauthorized", async (t) => {
const keypair = Keypair.random() const keypair = Keypair.random()
const publicKey = keypair.publicKey() const publicKey = keypair.publicKey()
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo') await client.signup(keypair, Homeserver)
await client.signup(keypair, homeserver)
const session = await client.session(publicKey) const session = await client.session(publicKey)
t.ok(session, "signup") t.ok(session, "signup")
@@ -92,8 +91,7 @@ test("forbidden", async (t) => {
const keypair = Keypair.random() const keypair = Keypair.random()
const publicKey = keypair.publicKey() const publicKey = keypair.publicKey()
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo') await client.signup(keypair, Homeserver)
await client.signup(keypair, homeserver)
const session = await client.session(publicKey) const session = await client.session(publicKey)
t.ok(session, "signup") t.ok(session, "signup")
@@ -119,8 +117,7 @@ test("list", async (t) => {
const publicKey = keypair.publicKey() const publicKey = keypair.publicKey()
const pubky = publicKey.z32() const pubky = publicKey.z32()
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo') await client.signup(keypair, Homeserver)
await client.signup(keypair, homeserver)
@@ -251,10 +248,7 @@ test('list shallow', async (t) => {
const publicKey = keypair.publicKey() const publicKey = keypair.publicKey()
const pubky = publicKey.z32() const pubky = publicKey.z32()
const homeserver = PublicKey.from('8pinxxgqs41n4aididenw5apqp1urfmzdztr8jt4abrkdn435ewo') await client.signup(keypair, Homeserver)
await client.signup(keypair, homeserver)
let urls = [ let urls = [
`pubky://${pubky}/pub/a.com/a.txt`, `pubky://${pubky}/pub/a.com/a.txt`,

2
pubky/src/native.rs
View File

@@ -118,7 +118,7 @@ impl PubkyClient {
/// ///
/// The homeserver is a Pkarr domain name, where the TLD is a Pkarr public key /// The homeserver is a Pkarr domain name, where the TLD is a Pkarr public key
/// for example "pubky.o4dksfbqk85ogzdb5osziw6befigbuxmuxkuxq8434q89uj56uyy" /// for example "pubky.o4dksfbqk85ogzdb5osziw6befigbuxmuxkuxq8434q89uj56uyy"
pub async fn signup(&self, keypair: &Keypair, homeserver: &PublicKey) -> Result<()> { pub async fn signup(&self, keypair: &Keypair, homeserver: &PublicKey) -> Result<Session> {
self.inner_signup(keypair, homeserver).await self.inner_signup(keypair, homeserver).await
} }

16
pubky/src/shared/auth.rs
View File

@@ -28,7 +28,7 @@ impl PubkyClient {
&self, &self,
keypair: &Keypair, keypair: &Keypair,
homeserver: &PublicKey, homeserver: &PublicKey,
) -> Result<()> { ) -> Result<Session> {
let homeserver = homeserver.to_string(); let homeserver = homeserver.to_string();
let Endpoint { mut url, .. } = self.resolve_endpoint(&homeserver).await?; let Endpoint { mut url, .. } = self.resolve_endpoint(&homeserver).await?;
@@ -47,7 +47,9 @@ impl PubkyClient {
self.publish_pubky_homeserver(keypair, &homeserver).await?; self.publish_pubky_homeserver(keypair, &homeserver).await?;
Ok(()) let bytes = response.bytes().await?;
Ok(Session::deserialize(&bytes)?)
} }
/// Check the current sesison for a given Pubky in its homeserver. /// Check the current sesison for a given Pubky in its homeserver.
@@ -252,7 +254,7 @@ mod tests {
.unwrap() .unwrap()
.unwrap(); .unwrap();
assert!(session.capabilities.contains(&Capability::root())); assert!(session.capabilities().contains(&Capability::root()));
client.signout(&keypair.public_key()).await.unwrap(); client.signout(&keypair.public_key()).await.unwrap();
@@ -271,8 +273,8 @@ mod tests {
.unwrap() .unwrap()
.unwrap(); .unwrap();
assert_eq!(session.pubky, keypair.public_key()); assert_eq!(session.pubky(), &keypair.public_key());
assert!(session.capabilities.contains(&Capability::root())); assert!(session.capabilities().contains(&Capability::root()));
} }
} }
@@ -306,8 +308,8 @@ mod tests {
let session = pubkyauth_response.await.unwrap().unwrap(); let session = pubkyauth_response.await.unwrap().unwrap();
assert_eq!(session.pubky, pubky); assert_eq!(session.pubky(), &pubky);
assert_eq!(session.capabilities, capabilities.0); assert_eq!(session.capabilities(), &capabilities.0);
// Test access control enforcement // Test access control enforcement

52
pubky/src/wasm.rs
View File

@@ -73,10 +73,16 @@ impl PubkyClient {
/// The homeserver is a Pkarr domain name, where the TLD is a Pkarr public key /// The homeserver is a Pkarr domain name, where the TLD is a Pkarr public key
/// for example "pubky.o4dksfbqk85ogzdb5osziw6befigbuxmuxkuxq8434q89uj56uyy" /// for example "pubky.o4dksfbqk85ogzdb5osziw6befigbuxmuxkuxq8434q89uj56uyy"
#[wasm_bindgen] #[wasm_bindgen]
pub async fn signup(&self, keypair: &Keypair, homeserver: &PublicKey) -> Result<(), JsValue> { pub async fn signup(
&self,
keypair: &Keypair,
homeserver: &PublicKey,
) -> Result<Session, JsValue> {
Ok(Session(
self.inner_signup(keypair.as_inner(), homeserver.as_inner()) self.inner_signup(keypair.as_inner(), homeserver.as_inner())
.await .await
.map_err(|e| e.into()) .map_err(|e| JsValue::from(e))?,
))
} }
/// Check the current sesison for a given Pubky in its homeserver. /// Check the current sesison for a given Pubky in its homeserver.
@@ -129,7 +135,12 @@ impl PubkyClient {
let future = async move { let future = async move {
this.subscribe_to_auth_response(relay, &client_secret) this.subscribe_to_auth_response(relay, &client_secret)
.await .await
.map(|_| JsValue::from_str("something")) .map(|opt| {
opt.map_or_else(
|| JsValue::NULL, // Convert `None` to `JsValue::NULL`
|session| JsValue::from(Session(session)),
)
})
.map_err(|err| JsValue::from_str(&format!("{:?}", err))) .map_err(|err| JsValue::from_str(&format!("{:?}", err)))
}; };
@@ -143,24 +154,23 @@ impl PubkyClient {
Ok(js_tuple) Ok(js_tuple)
} }
// TODO: allow send_auth_token in wasm /// Sign an [pubky_common::auth::AuthToken], encrypt it and send it to the
// /// Sign an [pubky_common::auth::AuthToken], encrypt it and send it to the /// source of the pubkyauth request url.
// /// source of the pubkyauth request url. #[wasm_bindgen(js_name = "sendAuthToken")]
// #[wasm_bindgen(js_name = "sendAuthToken")] pub async fn send_auth_token(
// pub async fn send_auth_token( &self,
// &self, keypair: &Keypair,
// keypair: &Keypair, pubkyauth_url: &str,
// pubkyauth_url: &str, ) -> Result<(), JsValue> {
// ) -> Result<(), JsValue> { let pubkyauth_url: Url = pubkyauth_url
// let pubkyauth_url: Url = pubkyauth_url .try_into()
// .try_into() .map_err(|_| Error::Generic("Invalid relay Url".into()))?;
// .map_err(|_| Error::Generic("Invalid relay Url".into()))?;
// self.inner_send_auth_token(keypair.as_inner(), pubkyauth_url)
// self.inner_send_auth_token(keypair.as_inner(), pubkyauth_url) .await?;
// .await?;
// Ok(())
// Ok(()) }
// }
// === Public data === // === Public data ===

6
pubky/src/wasm/keys.rs
View File

@@ -91,3 +91,9 @@ impl PublicKey {
&self.0 &self.0
} }
} }
impl From<pkarr::PublicKey> for PublicKey {
fn from(value: pkarr::PublicKey) -> Self {
PublicKey(value)
}
}

21
pubky/src/wasm/session.rs
View File

@@ -2,5 +2,26 @@ use pubky_common::session;
use wasm_bindgen::prelude::*; use wasm_bindgen::prelude::*;
use super::keys::PublicKey;
#[wasm_bindgen] #[wasm_bindgen]
pub struct Session(pub(crate) session::Session); pub struct Session(pub(crate) session::Session);
#[wasm_bindgen]
impl Session {
/// Return the [PublicKey] of this session
#[wasm_bindgen]
pub fn pubky(&self) -> PublicKey {
self.0.pubky().clone().into()
}
/// Return the capabilities that this session has.
#[wasm_bindgen]
pub fn capabilities(&self) -> Vec<String> {
self.0
.capabilities()
.iter()
.map(|c| c.to_string())
.collect()
}
}