diff --git a/packages/access-control-conditions/src/lib/validator.spec.ts b/packages/access-control-conditions/src/lib/validator.spec.ts index 16659b9cb..8f677e5ed 100644 --- a/packages/access-control-conditions/src/lib/validator.spec.ts +++ b/packages/access-control-conditions/src/lib/validator.spec.ts @@ -314,8 +314,8 @@ describe('validator.ts', () => { } expect(error).toBeDefined(); - expect(error!.errorKind).toBe(LIT_ERROR.INVALID_PARAM_TYPE.kind); - expect(error!.errorCode).toBe(LIT_ERROR.INVALID_PARAM_TYPE.name); + expect(error!.errorKind).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].kind); + expect(error!.errorCode).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].name); }); it('should throw when schema has invalid fields', async () => { @@ -348,8 +348,8 @@ describe('validator.ts', () => { } expect(error).toBeDefined(); - expect(error!.errorKind).toBe(LIT_ERROR.INVALID_PARAM_TYPE.kind); - expect(error!.errorCode).toBe(LIT_ERROR.INVALID_PARAM_TYPE.name); + expect(error!.errorKind).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].kind); + expect(error!.errorCode).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].name); }); it('should throw when schema of a nested ACC does not validate', async () => { @@ -407,7 +407,7 @@ describe('validator.ts', () => { } expect(error).toBeDefined(); - expect(error!.errorKind).toBe(LIT_ERROR.INVALID_PARAM_TYPE.kind); - expect(error!.errorCode).toBe(LIT_ERROR.INVALID_PARAM_TYPE.name); + expect(error!.errorKind).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].kind); + expect(error!.errorCode).toBe(LIT_ERROR['INVALID_PARAM_TYPE'].name); }); }); diff --git a/packages/crypto/src/lib/crypto.ts b/packages/crypto/src/lib/crypto.ts index 7e0846a4f..8861a5089 100644 --- a/packages/crypto/src/lib/crypto.ts +++ b/packages/crypto/src/lib/crypto.ts @@ -12,12 +12,10 @@ import { checkType, log } from '@lit-protocol/misc'; import { nacl } from '@lit-protocol/nacl'; import { CombinedECDSASignature, - IJWT, NodeAttestation, SessionKeyPair, SigningAccessControlConditionJWTPayload, SigShare, - VerifyJWTProps, } from '@lit-protocol/types'; import { uint8arrayFromString, @@ -473,59 +471,3 @@ declare global { // eslint-disable-next-line no-var, @typescript-eslint/no-explicit-any var LitNodeClient: any; } - -/** - * // TODO check for expiration - * - * Verify a JWT from the LIT network. Use this for auth on your server. For some background, users can specify access control conditions for various URLs, and then other users can then request a signed JWT proving that their ETH account meets those on-chain conditions using the getSignedToken function. Then, servers can verify that JWT using this function. A successful verification proves that the user meets the access control conditions defined earlier. For example, the on-chain condition could be posession of a specific NFT. - * - * @param { VerifyJWTProps } jwt - * - * @returns { IJWT } An object with 4 keys: "verified": A boolean that represents whether or not the token verifies successfully. A true result indicates that the token was successfully verified. "header": the JWT header. "payload": the JWT payload which includes the resource being authorized, etc. "signature": A uint8array that represents the raw signature of the JWT. - */ -export const verifyJwt = async ({ - publicKey, - jwt, -}: VerifyJWTProps): Promise> => { - // -- validate - if ( - !checkType({ - value: jwt, - allowedTypes: ['String'], - paramName: 'jwt', - functionName: 'verifyJwt', - }) - ) - throw new InvalidParamType( - { - info: { - jwt, - }, - }, - 'jwt must be a string' - ); - - log('verifyJwt', jwt); - - const jwtParts = jwt.split('.'); - const signature = uint8arrayFromString(jwtParts[2], 'base64url'); - - const unsignedJwt = `${jwtParts[0]}.${jwtParts[1]}`; - - const message = uint8arrayFromString(unsignedJwt); - - await verifySignature(publicKey, message, signature); - - const _jwt: IJWT = { - verified: true, - header: JSON.parse( - uint8arrayToString(uint8arrayFromString(jwtParts[0], 'base64url')) - ), - payload: JSON.parse( - uint8arrayToString(uint8arrayFromString(jwtParts[1], 'base64url')) - ), - signature, - }; - - return _jwt; -}; diff --git a/packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts b/packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts index 978de8f16..d07d82b9f 100644 --- a/packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts +++ b/packages/lit-node-client-nodejs/src/lib/lit-node-client-nodejs.ts @@ -1,41 +1,38 @@ import { computeAddress } from '@ethersproject/transactions'; import { BigNumber, ethers } from 'ethers'; -import { joinSignature, sha256 } from 'ethers/lib/utils'; +import { sha256 } from 'ethers/lib/utils'; import { SiweMessage } from 'siwe'; import { LitAccessControlConditionResource, LitResourceAbilityRequest, - decode, RecapSessionCapabilityObject, - generateAuthSig, + createSiweMessage, createSiweMessageWithCapacityDelegation, createSiweMessageWithRecaps, - createSiweMessage, + decode, + generateAuthSig, } from '@lit-protocol/auth-helpers'; import { AUTH_METHOD_TYPE, EITHER_TYPE, FALLBACK_IPFS_GATEWAYS, GLOBAL_OVERWRITE_IPFS_CODE_BY_NETWORK, + InvalidArgumentException, + InvalidParamType, + InvalidSessionSigs, + InvalidSignatureError, LIT_ACTION_IPFS_HASH, LIT_CURVE, LIT_ENDPOINT, LIT_SESSION_KEY_URI, LOCAL_STORAGE_KEYS, - ParamsMissingError, - ParamNullError, - NoValidShares, - UnknownSignatureType, - UnknownSignatureError, LitNodeClientNotReadyError, - InvalidParamType, - InvalidArgumentException, - WalletSignatureNotFoundError, + ParamNullError, + ParamsMissingError, UnknownError, - InvalidSignatureError, UnsupportedMethodError, - InvalidSessionSigs, + WalletSignatureNotFoundError, } from '@lit-protocol/constants'; import { LitCore, composeLitUrl } from '@lit-protocol/core'; import { @@ -56,8 +53,8 @@ import { logWithRequestId, mostCommonString, normalizeAndStringify, - safeParams, removeHexPrefix, + safeParams, validateSessionSigs, } from '@lit-protocol/misc'; import { @@ -66,17 +63,17 @@ import { setStorageItem, } from '@lit-protocol/misc-browser'; import { nacl } from '@lit-protocol/nacl'; +import { ILitResource, ISessionCapabilityObject } from '@lit-protocol/types'; import { uint8arrayFromString, uint8arrayToString, } from '@lit-protocol/uint8arrays'; -import { ILitResource, ISessionCapabilityObject } from '@lit-protocol/types'; import { encodeCode } from './helpers/encode-code'; import { getBlsSignatures } from './helpers/get-bls-signatures'; import { getClaims } from './helpers/get-claims'; import { getClaimsList } from './helpers/get-claims-list'; -import { getFlattenShare, getSignatures } from './helpers/get-signatures'; +import { getSignatures } from './helpers/get-signatures'; import { normalizeArray } from './helpers/normalize-array'; import { normalizeJsParams } from './helpers/normalize-params'; import { parseAsJsonOrString } from './helpers/parse-as-json-or-string'; @@ -89,6 +86,9 @@ import type { AuthCallback, AuthCallbackParams, AuthSig, + BlsResponseData, + CapacityCreditsReq, + CapacityCreditsRes, ClaimKeyResponse, ClaimProcessor, ClaimRequest, @@ -97,13 +97,25 @@ import type { DecryptResponse, EncryptRequest, EncryptResponse, + EncryptSdkParams, + EncryptionSignRequest, + ExecuteJsNoSigningResponse, ExecuteJsResponse, FormattedMultipleAccs, + GetLitActionSessionSigs, + GetPkpSessionSigs, GetSessionSigsProps, - GetSignedTokenRequest, + GetSignSessionKeySharesProp, GetWalletSigProps, + ILitNodeClient, JsonExecutionRequest, + JsonExecutionRequestTargetNode, + JsonExecutionSdkParams, + JsonExecutionSdkParamsTargetNode, + JsonPKPClaimKeyRequest, JsonPkpSignRequest, + JsonPkpSignSdkParams, + JsonSignSessionKeyRequestV1, LitClientSessionManager, LitNodeClientConfig, NodeBlsSigningShare, @@ -115,30 +127,11 @@ import type { SessionKeyPair, SessionSigningTemplate, SessionSigsMap, - SigShare, + SigResponse, SignSessionKeyProp, SignSessionKeyResponse, Signature, SuccessNodePromises, - ILitNodeClient, - GetPkpSessionSigs, - CapacityCreditsReq, - CapacityCreditsRes, - JsonSignSessionKeyRequestV1, - BlsResponseData, - JsonExecutionSdkParamsTargetNode, - JsonExecutionRequestTargetNode, - JsonExecutionSdkParams, - ExecuteJsNoSigningResponse, - JsonPkpSignSdkParams, - SigResponse, - EncryptSdkParams, - GetLitActionSessionSigs, - GetSignSessionKeySharesProp, - EncryptionSignRequest, - SigningAccessControlConditionRequest, - JsonPKPClaimKeyRequest, - IpfsOptions, } from '@lit-protocol/types'; export class LitNodeClientNodeJs @@ -1215,127 +1208,6 @@ export class LitNodeClientNodeJs return signatures.signature; // only a single signature is ever present, so we just return it. }; - /** - * - * Request a signed JWT from the LIT network. Before calling this function, you must know the access control conditions for the item you wish to gain authorization for. - * - * @param { GetSignedTokenRequest } params - * - * @returns { Promise } final JWT - * - */ - getSignedToken = async (params: GetSignedTokenRequest): Promise => { - // ========== Prepare Params ========== - const { chain, authSig, sessionSigs } = params; - - // ========== Validation ========== - // -- validate if it's ready - if (!this.ready) { - throw new LitNodeClientNotReadyError( - {}, - '3 LitNodeClient is not ready. Please call await litNodeClient.connect() first.' - ); - } - - // -- validate if this.networkPubKeySet is null - if (this.networkPubKeySet === null) { - throw new ParamNullError({}, 'networkPubKeySet cannot be null'); - } - - const paramsIsSafe = safeParams({ - functionName: 'getSignedToken', - params, - }); - - if (!paramsIsSafe) { - throw new InvalidParamType( - { - info: { - params, - }, - }, - 'Parameter validation failed.' - ); - } - - // ========== Prepare ========== - // we need to send jwt params iat (issued at) and exp (expiration) - // because the nodes may have different wall clock times - // the nodes will verify that these params are withing a grace period - const { iat, exp } = this.getJWTParams(); - - // ========== Formatting Access Control Conditions ========= - const { - error, - formattedAccessControlConditions, - formattedEVMContractConditions, - formattedSolRpcConditions, - formattedUnifiedAccessControlConditions, - }: FormattedMultipleAccs = this.getFormattedAccessControlConditions(params); - - if (error) { - throw new InvalidArgumentException( - { - info: { - params, - }, - }, - 'You must provide either accessControlConditions or evmContractConditions or solRpcConditions or unifiedAccessControlConditions' - ); - } - - // ========== Get Node Promises ========== - const requestId = this._getNewRequestId(); - const nodePromises = this.getNodePromises((url: string) => { - // -- if session key is available, use it - const authSigToSend = sessionSigs ? sessionSigs[url] : authSig; - - const reqBody: SigningAccessControlConditionRequest = { - accessControlConditions: formattedAccessControlConditions, - evmContractConditions: formattedEVMContractConditions, - solRpcConditions: formattedSolRpcConditions, - unifiedAccessControlConditions: formattedUnifiedAccessControlConditions, - chain, - authSig: authSigToSend, - iat, - exp, - }; - - const urlWithPath = composeLitUrl({ - url, - endpoint: LIT_ENDPOINT.SIGN_ACCS, - }); - - return this.generatePromise(urlWithPath, reqBody, requestId); - }); - - // -- resolve promises - const res = await this.handleNodePromises( - nodePromises, - requestId, - this.config.minNodeCount - ); - - // -- case: promises rejected - if (!res.success) { - this._throwNodeError(res, requestId); - } - - const signatureShares: NodeBlsSigningShare[] = ( - res as SuccessNodePromises - ).values; - - log('signatureShares', signatureShares); - - // ========== Result ========== - const finalJwt: string = await this.combineSharesAndGetJWT( - signatureShares, - requestId - ); - - return finalJwt; - }; - /** * * Encrypt data using the LIT network public key. diff --git a/packages/misc/src/lib/params-validators.ts b/packages/misc/src/lib/params-validators.ts index e012dd2c5..b6aa72055 100644 --- a/packages/misc/src/lib/params-validators.ts +++ b/packages/misc/src/lib/params-validators.ts @@ -28,7 +28,6 @@ import { EncryptToJsonPayload, EncryptToJsonProps, EvmContractConditions, - GetSignedTokenRequest, JsonExecutionSdkParams, SessionSigsOrAuthSig, SolRpcConditions, @@ -107,11 +106,6 @@ export const paramsValidators: Record< new AuthMaterialValidator('decryptFromJson', params), new DecryptFromJsonValidator('decryptFromJson', params.parsedJsonData), ], - - getSignedToken: (params: GetSignedTokenRequest) => [ - new AccessControlConditionsValidator('decrypt', params), - new AuthMaterialValidator('decrypt', params, true), - ], }; export type ParamsValidatorsType = typeof paramsValidators; diff --git a/packages/types/src/lib/ILitNodeClient.ts b/packages/types/src/lib/ILitNodeClient.ts index cebb8e83b..a9836b9be 100644 --- a/packages/types/src/lib/ILitNodeClient.ts +++ b/packages/types/src/lib/ILitNodeClient.ts @@ -5,7 +5,6 @@ import { EncryptResponse, ExecuteJsResponse, FormattedMultipleAccs, - GetSignedTokenRequest, HandshakeWithNode, JsonExecutionRequest, JsonExecutionSdkParams, @@ -174,17 +173,6 @@ export interface ILitNodeClient { params: JsonExecutionSdkParams ): Promise; - /** - * - * Request a signed JWT from the LIT network. Before calling this function, you must know the access control conditions for the item you wish to gain authorization for. - * - * @param { GetSignedTokenRequest } params - * - * @returns { Promise } final JWT - * - */ - getSignedToken(params: GetSignedTokenRequest): Promise; - /** * Encrypt data with Lit identity-based Timelock Encryption. * diff --git a/packages/types/src/lib/interfaces.ts b/packages/types/src/lib/interfaces.ts index dfe09c00f..24f4def9e 100644 --- a/packages/types/src/lib/interfaces.ts +++ b/packages/types/src/lib/interfaces.ts @@ -147,24 +147,6 @@ export interface DecryptFileProps { symmetricKey: SymmetricKey; } -export interface VerifyJWTProps { - publicKey: string; - // A JWT signed by the LIT network using the BLS12-381 algorithm - jwt: string; -} - -export interface IJWT { - verified: boolean; - header: JWTHeader; - payload: T; - signature: Uint8Array; -} - -export interface JWTHeader { - alg: string; - typ: string; -} - export interface SigningAccessControlConditionJWTPayload extends MultipleAccessControlConditions { iss: string; @@ -421,11 +403,6 @@ export interface JsonSigningRetrieveRequest extends JsonAccsRequest { sessionSigs?: any; } -export interface GetSignedTokenRequest - extends SigningAccessControlConditionRequest { - sessionSigs: SessionSigsMap; -} - /** * Struct in rust * -----