add jwt as part of the API endpoint security

telosnetwork · Dec 24, 2023 · 3617270 · 3617270
1 parent 3402699
commit 3617270
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 44 deletions.
diff --git a/src/antelope/wallets/ual/MetakeepUAL.ts b/src/antelope/wallets/ual/MetakeepUAL.ts
@@ -13,11 +13,16 @@ import axios from 'axios';
 import { APIClient, NameType, PackedTransaction, Serializer, Transaction } from '@greymass/eosio';
 import { metakeepCache } from 'src/antelope/wallets/ual/utils/metakeep-cache';
 
+export interface UserCredentials {
+    email: string;
+    jwt: string;
+}
+
 export interface MetakeepUALOptions {
     appId: string;
     appName: string;
     rpc?: JsonRpc;
-    api: string;
+    accountCreateAPI: string;
     reasonCallback?: (transaction: any) => string;
 }
 let metakeep: MetaKeep | null = null;
@@ -39,10 +44,10 @@ export interface MetakeepData {
 export class MetakeepAuthenticator extends Authenticator {
     private chainId: string;
     private rpc: JsonRpc;
-    private api: string;
-    private accountEmail: string;
+    private accountCreateAPI: string;
     private appId: string;
     private loading = false;
+    private userCredentials: UserCredentials = { email: '', jwt: '' };
 
     constructor(chains: Chain[], options: MetakeepUALOptions) {
         super(chains, options);
@@ -59,9 +64,12 @@ export class MetakeepAuthenticator extends Authenticator {
             throw new Error('MetakeepAuthenticator: Missing appId');
         }
         this.appId = options.appId;
-        this.api = options.api;
+        this.accountCreateAPI = options.accountCreateAPI;
         this.chains = chains;
-        this.accountEmail = metakeepCache.getLogged() ?? '';
+        this.userCredentials = {
+            email: metakeepCache.getLogged() ?? '',
+            jwt: '',
+        };
     }
 
     saveCache() {
@@ -72,9 +80,9 @@ export class MetakeepAuthenticator extends Authenticator {
         //
     }
 
-    setEmail(email: string): void {
-        this.accountEmail = email;
-        metakeepCache.setLogged(email);
+    setUserCredentials(credentials: UserCredentials): void {
+        this.userCredentials = credentials;
+        metakeepCache.setLogged(credentials.email);
     }
 
     /**
@@ -158,11 +166,11 @@ export class MetakeepAuthenticator extends Authenticator {
         return false;
     }
 
-
     async createAccount(publicKey: string): Promise<string> {
-        return axios.post(`${this.api}/accounts/random`, {
+        return axios.post(this.accountCreateAPI, {
             ownerKey: publicKey,
             activeKey: publicKey,
+            jwt: this.userCredentials.jwt,
         }).then(response => response.data.accountName);
     }
 
@@ -172,12 +180,12 @@ export class MetakeepAuthenticator extends Authenticator {
             if (!metakeep) {
                 return reject(new Error('metakeep is not initialized'));
             }
-            if (this.accountEmail === '') {
+            if (this.userCredentials.email === '') {
                 return reject(new Error('No account email'));
             }
 
             // we check if we have the account name in the cache
-            const accountNames = metakeepCache.getAccountNames(this.accountEmail, this.chainId);
+            const accountNames = metakeepCache.getAccountNames(this.userCredentials.email, this.chainId);
             if (accountNames.length > 0) {
                 resolve(accountNames[0]);
             }
@@ -186,7 +194,7 @@ export class MetakeepAuthenticator extends Authenticator {
             const credentials = await metakeep.getWallet();
             const publicKey = credentials.wallet.eosAddress;
 
-            metakeepCache.addCredentials(this.accountEmail, credentials.wallet);
+            metakeepCache.addCredentials(this.userCredentials.email, credentials.wallet);
 
             try {
                 // we try to get the account name from the public key
@@ -199,7 +207,8 @@ export class MetakeepAuthenticator extends Authenticator {
                 } else {
                     accountName = await this.createAccount(publicKey);
                 }
-                metakeepCache.addAccountName(this.accountEmail, this.chainId, accountName);
+
+                metakeepCache.addAccountName(this.userCredentials.email, this.chainId, accountName);
                 this.saveCache();
                 return resolve(accountName);
             } catch (error) {
@@ -216,7 +225,7 @@ export class MetakeepAuthenticator extends Authenticator {
      */
     login: () => Promise<[User]> = async () => {
         console.error('login');
-        if (this.accountEmail === '') {
+        if (this.userCredentials.email === '') {
             throw new Error('No account email');
         }
 
@@ -227,12 +236,12 @@ export class MetakeepAuthenticator extends Authenticator {
             appId: this.appId,
             // Signed in user's email address
             user: {
-                email: this.accountEmail,
+                email: this.userCredentials.email,
             },
         });
 
         const accountName = await this.resolveAccountName();
-        const publicKey = metakeepCache.getEosAddress(this.accountEmail);
+        const publicKey = metakeepCache.getEosAddress(this.userCredentials.email);
 
         try {
             const permission = 'active';
@@ -243,7 +252,7 @@ export class MetakeepAuthenticator extends Authenticator {
                 publicKey,
                 chainId: this.chainId,
                 rpc: this.rpc,
-                api: this.api,
+                accountCreateAPI: this.accountCreateAPI,
             });
 
             return [userInstance];
@@ -283,31 +292,31 @@ class MetakeepUser extends User {
 
     rpc: JsonRpc;
     protected eosioCore: APIClient;
-    protected api: string;
+    protected accountCreateAPI: string;
     constructor({
         accountName,
         permission,
         publicKey,
         chainId,
         rpc,
-        api,
+        accountCreateAPI,
     }: {
             accountName: string,
             permission: string,
             publicKey: string,
             chainId: string,
             rpc: JsonRpc,
-            api: string,
+            accountCreateAPI: string,
     }) {
         super();
         this.keys = [publicKey];
         this.accountName = accountName;
         this.permission = permission;
         this.chainId = chainId;
         this.rpc = rpc;
-        this.api = api;
+        this.accountCreateAPI = accountCreateAPI;
         this.eosioCore = new APIClient({ url: rpc.endpoint });
-        console.log('this.api', this.api);
+        console.log('this.api', this.accountCreateAPI);
     }
 
     setReasonCallback(callback: (transaction: any) => string) {

diff --git a/src/boot/ual.js b/src/boot/ual.js
@@ -158,7 +158,7 @@ export default boot(async ({ app, store }) => {
         new MetakeepAuthenticator([chain], {
             appName: process.env.APP_NAME,
             appId: process.env.METAKEEP_APP_ID_NATIVE,
-            api: process.env.TELOS_API_ENDPOINT,
+            accountCreateAPI: `${process.env.TELOS_API_ENDPOINT}/accounts/create4google`,
         }),
     ];
 

diff --git a/src/pages/home/EVMLoginButtons.vue b/src/pages/home/EVMLoginButtons.vue
@@ -6,7 +6,7 @@ import { MetaKeepAuth, OreIdAuth } from 'src/antelope/wallets';
 import { Menu } from 'src/pages/home/MenuType';
 import InlineSvg from 'vue-inline-svg';
 import { isTodayBeforeTelosCloudDown } from 'src/App.vue';
-import { googleCtrl } from 'src/pages/home/GoogleOneTap';
+import { GoogleCredentials, googleCtrl } from 'src/pages/home/GoogleOneTap';
 
 export default defineComponent({
     name: 'EVMLoginButtons',
@@ -77,11 +77,11 @@ export default defineComponent({
         const setMetamaskAuthenticator = async () => {
             setAuthenticator('Metamask', CURRENT_CONTEXT);
         };
-        const setMetaKeepAuthenticator = async (email:string) => {
+        const setMetaKeepAuthenticator = async (data:GoogleCredentials) => {
             const name = 'MetaKeep';
             const auth = ant.wallets.getAuthenticator(name);
             if (auth) {
-                (auth as MetaKeepAuth).setEmail(email);
+                (auth as MetaKeepAuth).setEmail(data.email);
             }
             setAuthenticator(name, CURRENT_CONTEXT);
         };
@@ -147,10 +147,10 @@ export default defineComponent({
 
         const showGoogleLoading = ref(false);
         const googleSubscription = googleCtrl.onSuccessfulLogin.subscribe({
-            next: (email) => {
-                if (email) {
+            next: (data) => {
+                if (data) {
                     showGoogleLoading.value = true;
-                    setMetaKeepAuthenticator(email);
+                    setMetaKeepAuthenticator(data);
                 }
             },
         });

diff --git a/src/pages/home/GoogleOneTap.ts b/src/pages/home/GoogleOneTap.ts
@@ -3,6 +3,11 @@ import { AntelopeError } from 'src/antelope/types';
 import * as Buffer from 'buffer';
 import { BehaviorSubject, Subject } from 'rxjs';
 
+export interface GoogleCredentials {
+    email: string;
+    jwt: string;
+}
+
 interface GoogleOneTap {
     accounts: {
         id: {
@@ -52,7 +57,7 @@ const _window = (window as any);
 
 class GoogleOneTapController {
 
-    onSuccessfulLogin = new BehaviorSubject<string | null>(null);
+    onSuccessfulLogin = new BehaviorSubject<GoogleCredentials | null>(null);
     onError = new BehaviorSubject<string | null>(null);
     onMoment = new Subject<{type: string, status:string, reason:string}>();
     clientId = process.env.GOOGLE_APP_ID as string;
@@ -90,9 +95,9 @@ class GoogleOneTapController {
                 client_id: this.clientId,
                 callback: (response: GoogleNotification | null) => {
                     if (response) {
-                        const credential = response.credential;
-                        const decoded = this.decodeJWT(credential);
-                        this.handleOneTapSuccess(decoded);
+                        const jwt = response.credential;
+                        const decoded = this.decodeJWT(jwt);
+                        this.handleOneTapSuccess(decoded, jwt);
                     } else {
                         this.handleOneTapError(JSON.stringify(response));
                     }
@@ -101,8 +106,8 @@ class GoogleOneTapController {
         }
     }
 
-    decodeJWT(token: string) {
-        const parts = token.split('.');
+    decodeJWT(jwt: string) {
+        const parts = jwt.split('.');
         const header = parts[0];
         const payload = parts[1];
 
@@ -139,8 +144,9 @@ class GoogleOneTapController {
         this.onMoment.next({ type, status, reason });
     }
 
-    handleOneTapSuccess(response: SuccessResponse) {
-        this.onSuccessfulLogin.next(response.payload.email);
+    handleOneTapSuccess(response: SuccessResponse, jwt: string) {
+        const email = response.payload.email;
+        this.onSuccessfulLogin.next({ email, jwt });
     }
 
     handleOneTapError (error: string) {

diff --git a/src/pages/home/NativeLoginButton.vue b/src/pages/home/NativeLoginButton.vue
@@ -6,7 +6,7 @@ import { QSpinnerFacebook } from 'quasar';
 import { mapGetters, mapActions, mapMutations } from 'vuex';
 import { OreIdAuthenticator } from 'ual-oreid';
 import { Menu } from '~/pages/home/MenuType';
-import { googleCtrl } from 'src/pages/home/GoogleOneTap';
+import { googleCtrl, GoogleCredentials } from 'src/pages/home/GoogleOneTap';
 
 const telosLogo = require('src/assets/logo--telos-cloud-wallet.svg');
 
@@ -73,11 +73,11 @@ export default defineComponent({
         this.setDefaultNativeChain();
 
         this.googleSubscription = googleCtrl.onSuccessfulLogin.subscribe({
-            next: (email) => {
+            next: (data) => {
                 if (this.googleSubscription) {
-                    if (email) {
+                    if (data) {
                         this.showGoogleLoading = true;
-                        this.loginWithMetaKeep(email);
+                        this.loginWithMetaKeep(data);
                     }
                 }
             },
@@ -111,10 +111,10 @@ export default defineComponent({
             'getAccountProfile',
             'setLoadingWallet',
         ]),
-        async loginWithMetaKeep(email) {
+        async loginWithMetaKeep(credentials) {
             const idx = this.$ual.authenticators.map(a => a.getName()).indexOf('metakeep.ual');
             const auth = this.$ual.authenticators[idx];
-            auth.setEmail(email);
+            auth.setUserCredentials(credentials);
             this.onLogin(idx);
         },
         async loginAsJustViewer() {