UNPKG

@iexec/dataprotector-deserializer

Version:

Helper module to deserialize protected data in trusted iApp

github.com/iExecBlockchainComputing/dataprotector-sdk

iExecBlockchainComputing/dataprotector-sdk

191 lines (181 loc) 6.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
import { readFile } from 'fs/promises'; import { join } from 'path'; import { deserialize } from 'borsh'; import JSZip from 'jszip'; type BooleanSchemaFilter<T> = T extends 'bool' | 'boolean' ? boolean : never; type NumberSchemaFilter<T> = T extends 'f64' | 'number' ? number : never; type BigintSchemaFilter<T> = T extends 'i128' ? bigint : never; type StringSchemaFilter<T> = T extends 'string' ? string : never; type BinarySchemaFilter<T> = T extends | 'bool' | 'boolean' | 'f64' | 'number' | 'i128' | 'string' ? never : Uint8Array; type Mode = 'optimistic' | 'legacy' | 'borsh'; /** * Helper class to deserialize a protected data in trusted iApp * * Usage: * * ```js * const dataprotectorDeserializer = new IExecDataProtectorDeserializer(); * * const value1 = await dataprotectorDeserializer.getValue("path.to.value1", "bool"); * const value2 = await dataprotectorDeserializer.getValue("path.to.value2", "string"); * ``` * * Options: * * - `mode`: specify the deserialization mode (default `"optimistic"`) * - `"borsh"` for current protected data * - `"legacy"` for protected data created with `@iexec/dataprotector@0` * - `"optimistic"` try both * - `protectedDataPath`: overrides the dataset path, by default use the standard dataset path provided in the iExec worker runtime */ class IExecDataProtectorDeserializer { private protectedDataPath?: string; private mode: Mode; private zipPromise?: Promise<JSZip>; constructor(options?: { mode?: Mode; protectedDataPath?: string }) { this.mode = options?.mode || 'optimistic'; if (options?.protectedDataPath) { this.protectedDataPath = options?.protectedDataPath; } else if (process.env.IEXEC_DATASET_FILENAME && process.env.IEXEC_IN) { this.protectedDataPath = join( process.env.IEXEC_IN, process.env.IEXEC_DATASET_FILENAME ); } if (this.protectedDataPath) { this.zipPromise = readFile(this.protectedDataPath).then((buffer) => { return new JSZip().loadAsync(buffer); }); this.zipPromise.catch(() => { /* prevents unhandled promise rejection */ }); } } /** * Deserializes the value at a given `path` with the value `schema` * * Params: * * - `path`: path to the desired value in the data object * - `schema`: schema of the desired data (see list ) * * | schema | deserializes to | * | ---|---| * | `"bool"` | `boolean` | * | `"f64"` | `number` | * | `"i128"` | `bigint` | * | `"string"` | `string` | * | `"boolean"` (legacy schema) | `boolean` | * | `"number"` (legacy schema) | `number` | * | any other value | `Uint8Array` | * * Usage: * * ```js * const value = await dataprotectorDeserializer.getValue("path.to.string.value", "string"); * ``` */ async getValue<T extends string>( path: string, schema: T ): Promise< | BooleanSchemaFilter<T> | NumberSchemaFilter<T> | BigintSchemaFilter<T> | StringSchemaFilter<T> | BinarySchemaFilter<T> > { if (this.zipPromise === undefined) { throw Error('Missing protected data'); } const zip = await this.zipPromise.catch(() => { throw Error('Failed to load protected data'); }); const serialized = await zip .file(path.split('.').join('/')) ?.async('uint8array'); if (!serialized) { throw Error(`Failed to load path ${path}`); } switch (schema) { case 'bool': case 'i128': case 'f64': if (this.mode === 'legacy') { throw Error(`Unsupported schema "${schema}" in "${this.mode}" mode`); } try { // eslint-disable-next-line @typescript-eslint/no-explicit-any return deserialize(schema, serialized) as any; } catch (e) { throw Error( `Failed to deserialize "${path}" as "${schema}" in "${this.mode}" mode` ); } case 'string': try { if (this.mode === 'legacy') { // eslint-disable-next-line @typescript-eslint/no-explicit-any return Buffer.from(serialized).toString('utf8') as any; } try { // try borsh deserialization first // eslint-disable-next-line @typescript-eslint/no-explicit-any return deserialize(schema, serialized) as any; } catch (e) { if (this.mode === 'optimistic') { // fallback to legacy // eslint-disable-next-line @typescript-eslint/no-explicit-any return Buffer.from(serialized).toString('utf8') as any; } throw e; } } catch (e) { // avoid sensitive information leakage in error throw Error( `Failed to deserialize "${path}" as "${schema}" in "${this.mode}" mode` ); } case 'number': if (this.mode === 'borsh') { throw Error(`Unsupported schema "${schema}" in "${this.mode}" mode`); } try { // eslint-disable-next-line @typescript-eslint/no-explicit-any return Number(Buffer.from(serialized).toString()) as any; } catch (e) { // avoid sensitive information leakage in error throw Error( `Failed to deserialize "${path}" as "${schema}" in "${this.mode}" mode` ); } case 'boolean': if (this.mode === 'borsh') { throw Error(`Unsupported schema "${schema}" in "${this.mode}" mode`); } try { // legacy serialization spec for 'boolean' matches borsh spec 'bool' // eslint-disable-next-line @typescript-eslint/no-explicit-any return deserialize('bool', serialized) as any; } catch (e) { // avoid sensitive information leakage in error throw Error( `Failed to deserialize "${path}" as "${schema}" in "${this.mode}" mode` ); } default: // everything else should be binary data // eslint-disable-next-line @typescript-eslint/no-explicit-any return serialized as any; } } } export { IExecDataProtectorDeserializer };