mirror of
https://github.com/fluencelabs/fluence-js.git
synced 2025-06-13 16:11:21 +00:00
919c7d6ea1
* introduce eslint * Fix all eslint errors * Eslint fix and some touches * Fix tests * Fix misc errors * change semver * change semver #2 * Fix path * Fix path #2 * freeze lock file in CI * fix package install * Fix formatting of surrounding files * Add empty prettier config * Fix formatting * Fix build errors * Remove unused deps * remove changelog from formatting * deps cleanup * make resource importers async * Refactor * Fix error message * remove comment * more refactoring * Update packages/core/js-client/src/compilerSupport/registerService.ts Co-authored-by: shamsartem <shamsartem@gmail.com> * refactoring * refactoring fix * optimize import * Update packages/@tests/smoke/node/src/index.ts Co-authored-by: shamsartem <shamsartem@gmail.com> * Revert package * Fix pnpm lock * Lint-fix * Fix CI * Update tests * Fix build * Fix import * Use forked threads dep * Use fixed version * Update threads * Fix lint * Fix test * Fix test * Add polyfill for assert * Add subpath import * Fix tests * Fix deps --------- Co-authored-by: shamsartem <shamsartem@gmail.com>
102 lines
2.6 KiB
TypeScript
102 lines
2.6 KiB
TypeScript
/**
|
|
* Copyright 2023 Fluence Labs Limited
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
import { SecurityTetraplet } from "@fluencelabs/avm";
|
|
import { CallParams, PeerIdB58 } from "@fluencelabs/interfaces";
|
|
|
|
type ArgName = string | null;
|
|
|
|
/**
|
|
* A predicate of call params for sig service's sign method which determines whether signing operation is allowed or not
|
|
*/
|
|
export type SecurityGuard<T extends ArgName> = (
|
|
params: CallParams<T>,
|
|
) => boolean;
|
|
|
|
/**
|
|
* Only allow calls when tetraplet for 'data' argument satisfies the predicate
|
|
*/
|
|
export const allowTetraplet = <T extends ArgName>(
|
|
pred: (tetraplet: SecurityTetraplet) => boolean,
|
|
): SecurityGuard<T> => {
|
|
return (params) => {
|
|
const t = params.tetraplets["data"][0];
|
|
return pred(t);
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Only allow data which comes from the specified serviceId and fnName
|
|
*/
|
|
export const allowServiceFn = <T extends ArgName>(
|
|
serviceId: string,
|
|
fnName: string,
|
|
): SecurityGuard<T> => {
|
|
return allowTetraplet((t) => {
|
|
return t.service_id === serviceId && t.function_name === fnName;
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Only allow data originated from the specified json_path
|
|
*/
|
|
export const allowExactJsonPath = <T extends ArgName>(
|
|
jsonPath: string,
|
|
): SecurityGuard<T> => {
|
|
return allowTetraplet((t) => {
|
|
return t.json_path === jsonPath;
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Only allow signing when particle is initiated at the specified peer
|
|
*/
|
|
export const allowOnlyParticleOriginatedAt = <T extends ArgName>(
|
|
peerId: PeerIdB58,
|
|
): SecurityGuard<T> => {
|
|
return (params) => {
|
|
return params.initPeerId === peerId;
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Only allow signing when all of the predicates are satisfied.
|
|
* Useful for predicates reuse
|
|
*/
|
|
export const and = <T extends ArgName>(
|
|
...predicates: SecurityGuard<T>[]
|
|
): SecurityGuard<T> => {
|
|
return (params) => {
|
|
return predicates.every((x) => {
|
|
return x(params);
|
|
});
|
|
};
|
|
};
|
|
|
|
/**
|
|
* Only allow signing when any of the predicates are satisfied.
|
|
* Useful for predicates reuse
|
|
*/
|
|
export const or = <T extends ArgName>(
|
|
...predicates: SecurityGuard<T>[]
|
|
): SecurityGuard<T> => {
|
|
return (params) => {
|
|
return predicates.some((x) => {
|
|
return x(params);
|
|
});
|
|
};
|
|
};
|