UNPKG

@iexec/dataprotector

Version:

This product enables users to confidentially store data–such as mail address, documents, personal information ...

github.com/iExecBlockchainComputing/dataprotector-sdk

iExecBlockchainComputing/dataprotector-sdk

197 lines (181 loc) 5.6 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
import { ZeroAddress } from 'ethers'; import { DATASET_INFINITE_VOLUME, NULL_ADDRESS } from 'iexec/utils'; import { ValidationError, WorkflowError, grantAccessErrorMessage, handleIfProtocolError, } from '../../utils/errors.js'; import { formatGrantedAccess } from '../../utils/formatGrantedAccess.js'; import { addressOrEnsSchema, booleanSchema, isEnsTest, positiveIntegerStringSchema, positiveStrictIntegerStringSchema, throwIfMissing, validateOnStatusUpdateCallback, } from '../../utils/validators.js'; import { isERC734 } from '../../utils/whitelist.js'; import { GrantAccessParams, GrantAccessStatuses, GrantedAccess, OnStatusUpdateFn, } from '../types/index.js'; import { IExecConsumer } from '../types/internalTypes.js'; import { getGrantedAccess } from './getGrantedAccess.js'; const inferTagFromAppMREnclave = (mrenclave: string) => { const tag = ['tee']; try { const { framework } = JSON.parse(mrenclave); if (framework.toLowerCase() === 'scone') { tag.push('scone'); return tag; } } catch (e) { // noop } throw new WorkflowError({ message: grantAccessErrorMessage, errorCause: Error('App does not use a supported TEE framework'), }); }; export const grantAccess = async ({ iexec = throwIfMissing(), protectedData, authorizedApp, authorizedUser, pricePerAccess = 0, numberOfAccess, allowBulk = false, onStatusUpdate = () => {}, }: IExecConsumer & GrantAccessParams): Promise<GrantedAccess> => { const vProtectedData = addressOrEnsSchema() .required() .label('protectedData') .validateSync(protectedData); let vAuthorizedApp = addressOrEnsSchema() .required() .label('authorizedApp') .validateSync(authorizedApp); const vAuthorizedUser = addressOrEnsSchema() .label('authorizedUser') .validateSync(authorizedUser); let vPricePerAccess = positiveIntegerStringSchema() .label('pricePerAccess') .validateSync(pricePerAccess); let vNumberOfAccess = positiveStrictIntegerStringSchema() .label('numberOfAccess') .validateSync(numberOfAccess); const vAllowBulk = booleanSchema().label('allowBulk').validateSync(allowBulk); const vOnStatusUpdate = validateOnStatusUpdateCallback<OnStatusUpdateFn<GrantAccessStatuses>>( onStatusUpdate ); // Validate consistency between allowBulk, pricePerAccess and numberOfAccess if (vAllowBulk) { if (vPricePerAccess && vPricePerAccess !== '0') { throw new ValidationError( 'allowBulk requires pricePerAccess to be 0 or undefined' ); } vPricePerAccess = '0'; if ( vNumberOfAccess && vNumberOfAccess !== DATASET_INFINITE_VOLUME.toString() ) { throw new ValidationError( `allowBulk requires numberOfAccess to be ${DATASET_INFINITE_VOLUME.toString()} or undefined` ); } vNumberOfAccess = DATASET_INFINITE_VOLUME.toString(); } if (vAuthorizedApp && isEnsTest(vAuthorizedApp)) { const resolved = await iexec.ens.resolveName(vAuthorizedApp); if (!resolved) { throw new ValidationError('authorizedApp ENS name is not valid'); } vAuthorizedApp = resolved.toLowerCase(); } if (vAuthorizedApp === ZeroAddress) { throw Error( `Forbidden to use ${ZeroAddress} as authorizedApp, this would give access to any app` ); } const { grantedAccess: publishedDatasetOrders } = await getGrantedAccess({ iexec, protectedData: vProtectedData, authorizedApp: vAuthorizedApp, authorizedUser: vAuthorizedUser, isUserStrict: true, }); if (publishedDatasetOrders.length > 0) { throw new WorkflowError({ message: grantAccessErrorMessage, errorCause: Error( `An access has been already granted to the user: ${ vAuthorizedUser || NULL_ADDRESS } with the app: ${vAuthorizedApp}` ), }); } let tag; const isDeployedApp = await iexec.app.checkDeployedApp(authorizedApp); if (isDeployedApp) { tag = await iexec.app.showApp(authorizedApp).then(({ app }) => { return inferTagFromAppMREnclave(app.appMREnclave); }); } else if (await isERC734(iexec, authorizedApp)) { tag = ['tee', 'scone']; } else { throw new WorkflowError({ message: grantAccessErrorMessage, errorCause: Error( `Invalid app set for address ${authorizedApp}. The app either has an invalid tag (possibly non-TEE) or an invalid whitelist smart contract address.` ), }); } vOnStatusUpdate({ title: 'CREATE_DATASET_ORDER', isDone: false, }); const datasetorder = await iexec.order .createDatasetorder({ dataset: vProtectedData, apprestrict: vAuthorizedApp, requesterrestrict: vAuthorizedUser, datasetprice: vPricePerAccess, volume: vNumberOfAccess, tag, }) .then((datasetorderTemplate) => iexec.order.signDatasetorder(datasetorderTemplate) ) .catch((e) => { throw new WorkflowError({ message: 'Failed to sign data access', errorCause: e, }); }); vOnStatusUpdate({ title: 'CREATE_DATASET_ORDER', isDone: true, }); vOnStatusUpdate({ title: 'PUBLISH_DATASET_ORDER', isDone: false, }); await iexec.order.publishDatasetorder(datasetorder).catch((e) => { handleIfProtocolError(e); throw new WorkflowError({ message: 'Failed to publish data access', errorCause: e, }); }); vOnStatusUpdate({ title: 'PUBLISH_DATASET_ORDER', isDone: true, }); return formatGrantedAccess(datasetorder, parseInt(datasetorder.volume)); };