-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
233 additions
and
99 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
{ | ||
"html.format.unformatted": "", | ||
"editor.defaultFormatter": "esbenp.prettier-vscode", | ||
"[javascript]": { | ||
"editor.defaultFormatter": "esbenp.prettier-vscode" | ||
}, | ||
"[typescript]": { | ||
"editor.defaultFormatter": "esbenp.prettier-vscode" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
import { Caveat, verifyCaveats } from "./caveat"; | ||
import { stringToBytes } from './helpers' | ||
import * as Macaroon from 'macaroon' | ||
import { MacaroonClass, Satisfier } from "./types"; | ||
|
||
/** | ||
* @description utility function to get an array of caveat instances from | ||
* a raw macaroon. | ||
* @param {string} macaroon - raw macaroon to retrieve caveats from | ||
* @returns {Caveat[]} array of caveats on the macaroon | ||
*/ | ||
export function getCaveatsFromMacaroon(rawMac: string): Caveat[] { | ||
const macaroon = Macaroon.importMacaroon(rawMac) | ||
const caveats = [] | ||
const rawCaveats = macaroon._exportAsJSONObjectV2()?.c | ||
|
||
if (rawCaveats) { | ||
for (const c of rawCaveats) { | ||
if (!c.i) continue; | ||
const caveat = Caveat.decode(c.i) | ||
caveats.push(caveat) | ||
} | ||
} | ||
return caveats | ||
} | ||
|
||
/** | ||
* @description verifyMacaroonCaveats will check if a macaroon is valid or | ||
* not based on a set of satisfiers to pass as general caveat verifiers. This will also run | ||
* against caveat.verifyCaveats to ensure that satisfyPrevious will validate | ||
* @param {string} macaroon A raw macaroon to run a verifier against | ||
* @param {String} secret The secret key used to sign the macaroon | ||
* @param {(Satisfier | Satisfier[])} satisfiers a single satisfier or list of satisfiers used to verify caveats | ||
* @param {Object} [options] An optional options object that will be passed to the satisfiers. | ||
* In many circumstances this will be a request object, for example when this is used in a server | ||
* @returns {boolean} | ||
*/ | ||
export function verifyMacaroonCaveats( | ||
rawMac: string, | ||
secret: string, | ||
satisfiers?: Satisfier | Satisfier[], | ||
// eslint-disable-next-line @typescript-eslint/no-explicit-any | ||
options: any = {} | ||
): boolean { | ||
try { | ||
const macaroon = Macaroon.importMacaroon(rawMac) | ||
const secretBytesArray = stringToBytes(secret) | ||
|
||
// js-macaroon's verification takes a function as its second | ||
// arg that runs a check against each caveat which is a less full-featured | ||
// version of `verifyCaveats` used below since it doesn't support contextual | ||
// checks like comparing w/ previous caveats for the same condition. | ||
// we pass this stubbed function so signature checks can be done | ||
// and satisfier checks will be done next if this passes. | ||
macaroon.verify(secretBytesArray, () => null) | ||
|
||
const caveats = getCaveatsFromMacaroon(rawMac) | ||
if (!caveats.length) return true; | ||
// check caveats against satisfiers, including previous caveat checks | ||
return verifyCaveats(caveats, satisfiers, options) | ||
} catch (e) { | ||
return false | ||
} | ||
} | ||
|
||
export function getRawMacaroon(mac: MacaroonClass): string { | ||
return Macaroon.bytesToBase64(mac._exportBinaryV2()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,17 @@ | ||
import { MacaroonJSONV2 } from 'macaroon' | ||
|
||
export * from './lsat' | ||
export * from './satisfier' | ||
|
||
// js-macaroon doesn't export a type for its base class | ||
// this throws off some of the ts linting when it wants a return type | ||
/** | ||
* @typedef {Object} MacaroonClass | ||
*/ | ||
export interface MacaroonClass { | ||
_exportAsJSONObjectV2(): MacaroonJSONV2 | ||
addFirstPartyCaveat(caveatIdBytes: Uint8Array | string): void | ||
_exportBinaryV2(): Uint8Array | ||
} | ||
|
||
// could maybe do the above as -> typeof Macaroon.newMacaroon({...}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.