UNPKG

minauth-simple-preimage-plugin

Version:

A very simple Minauth plugin that allows users to authenticate by providing a preimage to a given hash.

143 lines (142 loc) 5.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
import { IMinAuthPlugin, OutputValidity } from 'minauth/dist/plugin/plugintype.js'; import { z } from 'zod'; import { TsInterfaceType } from 'minauth/dist/plugin/interfacekind.js'; import { Logger } from 'minauth/dist/plugin/logger.js'; import { VerificationKey } from 'minauth/dist/common/verificationkey.js'; /** * The plugin configuration schema. */ export declare const rolesSchema: z.ZodRecord<z.ZodString, z.ZodString>; export declare const configurationSchema: z.ZodUnion<[z.ZodObject<{ roles: z.ZodRecord<z.ZodString, z.ZodString>; }, "strip", z.ZodTypeAny, { roles: Record<string, string>; }, { roles: Record<string, string>; }>, z.ZodObject<{ /** Alternatively, the "roles" can be loaded from a file */ loadRolesFrom: z.ZodString; }, "strip", z.ZodTypeAny, { loadRolesFrom: string; }, { loadRolesFrom: string; }>]>; export type Configuration = z.infer<typeof configurationSchema>; export declare const InputSchema: z.ZodObject<{ proof: z.ZodObject<{ publicInput: z.ZodArray<z.ZodString, "many">; publicOutput: z.ZodArray<z.ZodString, "many">; maxProofsVerified: z.ZodUnion<[z.ZodLiteral<0>, z.ZodLiteral<1>, z.ZodLiteral<2>]>; proof: z.ZodString; }, "strip", z.ZodTypeAny, { publicInput: string[]; publicOutput: string[]; maxProofsVerified: 0 | 1 | 2; proof: string; }, { publicInput: string[]; publicOutput: string[]; maxProofsVerified: 0 | 1 | 2; proof: string; }>; }, "strip", z.ZodTypeAny, { proof: { publicInput: string[]; publicOutput: string[]; maxProofsVerified: 0 | 1 | 2; proof: string; }; }, { proof: { publicInput: string[]; publicOutput: string[]; maxProofsVerified: 0 | 1 | 2; proof: string; }; }>; export type Input = z.infer<typeof InputSchema>; /** * The output of the plugin is the hash that the preimage knowledge of which * was proven and a role assigned to that hash */ export type Output = { provedHash: string; role: string; }; /** * Somewhat trivial example of a plugin. * The plugin keeps a fixed set of hashes. * Each hash is associated with a role in the system. * One can prove that they have the role by providing the secret * preimage of the hash. * * NOTE. Although one can always generate valid zkproof its output must * match the list kept by the server. */ export declare class SimplePreimagePlugin implements IMinAuthPlugin<TsInterfaceType, Input, Output> { /** * This plugin uses an idiomatic Typescript interface */ readonly __interface_tag = "ts"; /** * A memoized zk-circuit verification key */ readonly verificationKey: VerificationKey; /** * The mapping between hashes and role */ private roles; /** The plugin's logger */ private readonly logger; /** * Verify a proof and return the role. */ verifyAndGetOutput(inp: Input): Promise<Output>; /** * Trivial - no public inputs. */ publicInputArgsSchema: z.ZodType<unknown>; /** * Provide an endpoint returning a list of roles recognized by the plugin. * Additionally, provide an endpoint to update the roles * NOTE. the setRoles endpoint should not be used by the client * but rather by the plugin admin and that it is not persisted. */ readonly customRoutes: import("express-serve-static-core").Router; /** * Check if produced output is still valid. If the roles dictionary was edited * it may become invalid. Notice that the proof and output consumer must not * allow output forgery as this will accept forged outputs without verification. * To prevent it the plugin could take the reponsibility by having a cache of outputs * with unique identifiers. */ checkOutputValidity(output: Output): Promise<OutputValidity>; /** * This ctor is meant ot be called by the `initialize` function. */ constructor(verificationKey: VerificationKey, roles: Record<string, string>, logger: Logger); static readonly __interface_tag = "ts"; /** * Initialize the plugin with a configuration. */ static initialize(configuration: Configuration, logger: Logger): Promise<SimplePreimagePlugin>; static readonly configurationDec: import("minauth/dist/plugin/encodedecoder.js").Decoder<"ts", { roles: Record<string, string>; } | { loadRolesFrom: string; }>; static readonly inputDecoder: import("minauth/dist/plugin/encodedecoder.js").Decoder<"ts", { proof: { publicInput: string[]; publicOutput: string[]; maxProofsVerified: 0 | 1 | 2; proof: string; }; }>; /** output parsing and serialization */ static readonly outputEncDec: import("minauth/dist/plugin/encodedecoder.js").EncodeDecoder<"ts", { provedHash: string; role: string; }>; } export default SimplePreimagePlugin;