Javascript NPM packaging #239
Conversation
This has now been implemented in TN.
…o feature/js-packaging
…tion into feature/js-packaging
… schema for use with current TN examples.
- Add .npmignore. - Add src/module in package.json. - Add prepublishOnly command in package.json.
|
Hi Michael, thanks a lot! |
…estation into feature/js-packaging
…into feature/js-packaging
|
@oleggrib can you check and merge this into main if you think it is fine? |
jest tests in attestation.id
- Hybrid ES6 & commonjs build. - Add various functions to remove dependencies from projects using the library.
|
Hey @oleggrib the library is now integrated with TN & attestation.id, and I have confirmed all existing tests are passing. Let me know if you want me to resolve the merge conflict from main. |
- Added proof validation function for TN. - Change getUseTicket function to static for consistency. - Fix type signature for logging functions.
Update version to be in sync with jar major and minor version.
|
As discussed here I've had to make the package into a commonjs version rather than es6 or hybrid to make it work with both TN and attestation.id. In the new version I have also added a proof validation function to Authenticator.js to validate the proof in TN. Can you have a look and see if it's okay? |
|
Thanks a lot @micwallace ! I think we need @oleggrib to judge it |
There was a problem hiding this comment.
Can you check my comments and make some updates/comments so we can move this repo to the /authenticator and avoid duplication.
for testing - we can put /attestation and /authenticator next each to other and update path to read JAVA-builds to test JS version.
@micwallace , @jot2re , ok?
| notAfter GeneralizedTime, | ||
| notAfterInt INTEGER OPTIONAL -- NotAfter time since epoch in milliseconds | ||
| notAfterInt INTEGER OPTIONAL -- NotAfter time since epoch in seconds |
There was a problem hiding this comment.
@jot2re , I think we have to make all 4 dates required. because SmartContract require integers
There was a problem hiding this comment.
Yes, they are definitely needed for something running on the smart contract. However, optional for the any web2 usage. Because if we make them all required then the schema is not backward compatible with old attestations (furthermore GeneralizedTime becomes totally superfluous and should just be removed).
However, as we talked about loosing backward compatibility is not really an issue since we have only issued 1 hour valid attestations for awhile, and I think it is fair to deprecated those few "unlimited time" old attestations we issued.
So ideally I would just want to remove GeneralizedTime and deprecate the initial attestation, but I think that should be cleared with Weiwu. This would also require many code changes.
There was a problem hiding this comment.
The logic in all the code bases (including smart contract), is that notAfterInt is optional but required to work on smart contracts, and when new attestations are issued notAfterInt and notBeforeInt will always be set unless explicitly requested to not be included.
There was a problem hiding this comment.
yes, correct, but do we use option to force old legasy format somewhere? As I know - we dont use it and always add int values.
even more - libs updated to always read Int and GeneralizedTime both(if exists) and compare them, so in real usage we always use new format only @jot2re
There was a problem hiding this comment.
Yes, true. I do think the best would simply be to get rid of the GeneralizedTime field. But I don't think we should do that before we get a good and integrated CI/CD setup.
I can change the backend code to always enforce that notBeforeInt and notAfterInt are included, but in that case we should make a separate issue, since this is not related to NPM packaging ;)
There was a problem hiding this comment.
ok, lets leave it for separate issue
| } else { | ||
| ticket = Ticket.fromBase64(base64ticket,{"6": KeyPair.publicFromBase64(base64senderPublicKey)}); | ||
| } | ||
|
|
There was a problem hiding this comment.
Better remove hardcoded conferenceID "6" and receive keysArray as argument, like here
https://github.com/TokenScript/attestation/blob/ticket_validator/src/main/javascript/crypto/src/Authenticator.ts#L682-L710
There was a problem hiding this comment.
this code can be updated after merge with main, because its related to the Ticket
| @@ -163,7 +81,7 @@ export class Authenticator { | |||
| logger(DEBUGLEVEL.MEDIUM,'ticked valid (signature OK)'); | |||
| } catch (e) { | |||
| logger(DEBUGLEVEL.MEDIUM,'getUseTicket: ticket validation failed',e); | |||
| throw new Error("getUseTicket: ticked validation failed"); | |||
| throw new Error("getUseTicket: ticked validation failed: " + e.message); | |||
There was a problem hiding this comment.
we need some way to set DEBUGLEVEL, because it can't be set in config.ts, because its will be ready NPM package.
lets add some variable to the .env , so code can read and use it
There was a problem hiding this comment.
added commit, where I moved debug variable to the process.env.DISPLAY_DEBUG_LEVEL or window.DISPLAY_DEBUG_LEVEL so we can change debug level even for UMD builds
| @AsnProp({ type: AsnPropTypes.Utf8String }) public devconId: string; | ||
| @AsnProp({ type: AsnPropTypes.Integer }) public ticketId: number; | ||
| @AsnProp({ type: AsnPropTypes.Integer }) public ticketClass: number; | ||
| } |
There was a problem hiding this comment.
Can you check main branch for code?
https://github.com/TokenScript/attestation/blob/main/src/main/javascript/crypto/src/asn1/shemas/SignedDevconTicket.ts#L10-L17
its single object , compatible with old and new ticket ASN schema
and Ticket.ts updated to be compatable with ID as integer/string and old and new ticket formats
There was a problem hiding this comment.
we can merge this branch with main and stay Tickets.ts from main branch. it can read both Ticket formats
| @@ -64,6 +65,13 @@ export class Attestation { | |||
| if (decodedAttestationObj.validity){ | |||
| me.notValidBefore = decodedAttestationObj.validity.notBefore.generalizedTime.getTime(); | |||
| me.notValidAfter = decodedAttestationObj.validity.notAfter.generalizedTime.getTime(); | |||
| // TODO validate time when it will be updated in Java code | |||
There was a problem hiding this comment.
It should be updated in the java code, so I think the code fragment can be enabled.
|
|
||
|
|
||
| public getUrlEncoding() { | ||
| // TODO implement |
There was a problem hiding this comment.
Maybe throw an exception if it happens to be called? It will make debugging easier.
There was a problem hiding this comment.
usually throw an error is good option, but in this case I prefer to use Ticket reader from main branch, so no need to update duplicated code. we can remove tn-compat/Ticket.ts because schema is not compatable with legacy ticket. main branch already can work with both ticket types.
|
|
||
| attachPostMessageListener(listener: Function){ | ||
| if (window.addEventListener) { | ||
| window.addEventListener("message", (e) => { |
There was a problem hiding this comment.
To avoid potential cross origin attacks, it should be validated that the origin of the message is as expected, ie. something like the following should be added
if (event.origin !== "http://example.org") // Compliant
return;
There was a problem hiding this comment.
this part of code just add event listener , so we have to check event.origin in the callback function. this part of code doesnt have access to the event object
…l window.DISPLAY_DEBUG_LEVEL variables
Hey @jot2re & @oleggrib,
This branch adds stuff for publishing the JS as a typescript library on NPM (https://www.npmjs.com/package/@tokenscript/attestation)
It also:
This doesn't necessarily need to be merged into main, we could keep a separate branch for JS library publishing and I'll keep it up to date with main. Let me know what you think.
Cheers,
Michael