From 102f4fa85522fbbeef86616e5502d1a1785ecf11 Mon Sep 17 00:00:00 2001 From: Samuel Andert Date: Mon, 4 Sep 2023 17:18:35 +0200 Subject: [PATCH] Added dynamic AccessControlConditions interface --- .wundergraph/wundergraph.config.ts | 2 +- src/lib/ACCs.svelte | 83 +++++++++++++++---- src/lib/services/createJWT.ts | 12 +-- .../services/mutateAccessControlConditions.ts | 66 +++++++++++++++ src/routes/+layout.svelte | 18 +++- src/routes/acc/+page.svelte | 5 ++ src/routes/me/+page.svelte | 3 - .../wundergraph}/+server.ts | 11 +-- 8 files changed, 167 insertions(+), 33 deletions(-) create mode 100644 src/lib/services/mutateAccessControlConditions.ts create mode 100644 src/routes/acc/+page.svelte rename src/routes/{jwt/wunderauth => server/wundergraph}/+server.ts (68%) diff --git a/.wundergraph/wundergraph.config.ts b/.wundergraph/wundergraph.config.ts index 9b4bc57..ce93083 100644 --- a/.wundergraph/wundergraph.config.ts +++ b/.wundergraph/wundergraph.config.ts @@ -59,7 +59,7 @@ configureWunderGraphApplication({ tokenBased: { providers: [ { - userInfoEndpoint: 'http://localhost:3000/jwt/wunderauth', + userInfoEndpoint: 'http://localhost:3000/server/wundergraph', }, ], }, diff --git a/src/lib/ACCs.svelte b/src/lib/ACCs.svelte index 1d9c31a..0ed0288 100644 --- a/src/lib/ACCs.svelte +++ b/src/lib/ACCs.svelte @@ -1,25 +1,74 @@ -

Access Control Conditions

- {#each accs as acc (acc.id)} -

{acc.name}

+ {#each signingConditions as condition, index (index)} + {#each condition.accs as acc} +
+ {condition.resourceId.baseUrl}{condition.resourceId.path} +

+ {acc.parameters.join(", ")} + {acc.returnValueTest.comparator} + {acc.returnValueTest.value} +

+

+ {JSON.stringify(condition)} +

+
+ {/each} +

+

+ {/each} - +

+ + + + +
- - diff --git a/src/lib/services/createJWT.ts b/src/lib/services/createJWT.ts index 5e0ce1e..cd7155a 100644 --- a/src/lib/services/createJWT.ts +++ b/src/lib/services/createJWT.ts @@ -27,12 +27,14 @@ export const createJWT = async () => { contractAddress: '', standardContractType: '', chain: 'xdai', - method: 'eth_getBalance', - parameters: [':userAddress', 'latest'], + method: '', + parameters: [ + ':userAddress', + ], returnValueTest: { - comparator: '>=', - value: '1000000000000', - }, + comparator: '=', + value: '0x4b975F10baf1153A5CC688B52d55809cd2d8BB57' + } }, ]; diff --git a/src/lib/services/mutateAccessControlConditions.ts b/src/lib/services/mutateAccessControlConditions.ts new file mode 100644 index 0000000..ad31222 --- /dev/null +++ b/src/lib/services/mutateAccessControlConditions.ts @@ -0,0 +1,66 @@ +import { LitNodeClient } from "@lit-protocol/lit-node-client"; +import type { AccsEVMParams } from "@lit-protocol/types"; + +export const createACC = async (newParameter, newComparator, newValue) => { + const litNodeClient = new LitNodeClient({ litNetwork: "serrano" }); + await litNodeClient.connect(); + + const me = JSON.parse(localStorage.getItem('me')); + if (!me || !me.sessionSigs) { + throw new Error('No sessionSigs found in local storage'); + } + + const newACC = { + conditionType: "evmBasic", + contractAddress: "", + standardContractType: "", + chain: "xdai", + method: "", + parameters: [newParameter], + returnValueTest: { + comparator: newComparator, + value: newValue, + }, + }; + + const resourceId = { + baseUrl: "https://localhost:3000", + path: "/server/wundergraph", + orgId: "°", + role: "owner", + extraData: "", + }; + + const sessionSigs = me.sessionSigs; + + await litNodeClient.saveSigningCondition({ + unifiedAccessControlConditions: [newACC], + sessionSigs, + resourceId, + chain: "litSessionSign", + }); + + const jwt = await litNodeClient.getSignedToken({ + unifiedAccessControlConditions: [newACC], + chain: 'xdai', + sessionSigs, + resourceId + }); + + let signingConditions = JSON.parse(localStorage.getItem("signingConditions")) || []; + signingConditions = [ + ...signingConditions, + { + accs: [newACC], + resourceId, + jwt, + }, + ]; + localStorage.setItem("signingConditions", JSON.stringify(signingConditions)); +}; + +export const deleteACC = async (index) => { + let signingConditions = JSON.parse(localStorage.getItem("signingConditions")) || []; + signingConditions = signingConditions.filter((_, i) => i !== index); + localStorage.setItem("signingConditions", JSON.stringify(signingConditions)); +}; diff --git a/src/routes/+layout.svelte b/src/routes/+layout.svelte index 44ad4ef..02c8131 100644 --- a/src/routes/+layout.svelte +++ b/src/routes/+layout.svelte @@ -20,7 +20,21 @@ export let data: LayoutData; - const token = Cookies.get("token"); + const signingConditionsCookie = Cookies.get("signingConditions"); + let signingConditions = signingConditionsCookie + ? JSON.parse(signingConditionsCookie) + : []; + console.log("layout signingConditions: ", signingConditions); // Add this line + let correctCondition = signingConditions + ? signingConditions.find( + (condition) => + condition.resourceId.baseUrl === "https://localhost:3000" && + condition.resourceId.path === "/server/wundergraph" + ) + : null; + console.log("layout correctcondition: ", correctCondition); // Update this line + + const token = correctCondition ? correctCondition.jwt : null; googleSession.subscribe((value) => { activeSession = value.activeSession; @@ -31,7 +45,7 @@ }); if (token) { - console.log("layout jwt token: " + token); + console.log("layout token: ", token); // Update this line client.setAuthorizationToken(token); } diff --git a/src/routes/acc/+page.svelte b/src/routes/acc/+page.svelte new file mode 100644 index 0000000..75f5482 --- /dev/null +++ b/src/routes/acc/+page.svelte @@ -0,0 +1,5 @@ + + + diff --git a/src/routes/me/+page.svelte b/src/routes/me/+page.svelte index 65d6a5c..423b803 100644 --- a/src/routes/me/+page.svelte +++ b/src/routes/me/+page.svelte @@ -1,6 +1,5 @@
- -
{#if $projectsQuery.isLoading}

Loading...

diff --git a/src/routes/jwt/wunderauth/+server.ts b/src/routes/server/wundergraph/+server.ts similarity index 68% rename from src/routes/jwt/wunderauth/+server.ts rename to src/routes/server/wundergraph/+server.ts index f8783b7..eb1814b 100644 --- a/src/routes/jwt/wunderauth/+server.ts +++ b/src/routes/server/wundergraph/+server.ts @@ -13,18 +13,19 @@ export async function GET({ request }) { } try { - const { payload } = await verifyJwt({ jwt: token }); + const { verified, payload } = await verifyJwt({ jwt: token }); if ( - payload.baseUrl !== "https://localhost:3000/" || - payload.path !== "wunderauth" || + payload.baseUrl !== "https://localhost:3000" || + payload.path !== "/server/wundergraph" || payload.orgId !== "°" || payload.role !== "owner" || payload.extraData !== "" ) { console.log("JWT payload not matching"); - throw error(401, "JWT payload not macting") + throw error(401, "JWT payload not matching") } - console.log(payload); + console.log("JWT Server request verified: ", verified); + console.log("JWT Server request payload: ", payload); return new Response(JSON.stringify(payload), { status: 200 }); } catch (err) { console.log("JWT error");