From a4c0665b02c650e9e99bf4539f8452d049b7c68c Mon Sep 17 00:00:00 2001 From: Ansonhkg Date: Mon, 4 Sep 2023 16:53:23 +0100 Subject: [PATCH] feat: add max. cache period to auth methods --- .../src/lib/providers/DiscordProvider.ts | 30 +++++++++++++++-- .../src/lib/providers/GoogleProvider.ts | 30 +++++++++++++++-- .../src/lib/providers/OtpProvider.ts | 32 +++++++++++++++++-- .../src/lib/providers/WebAuthnProvider.ts | 30 +++++++++++++++-- 4 files changed, 114 insertions(+), 8 deletions(-) diff --git a/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts b/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts index ef44e25190..52b72af378 100644 --- a/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/DiscordProvider.ts @@ -16,6 +16,9 @@ import { import { ethers } from 'ethers'; import { sha256 } from 'ethers/lib/utils'; +const MAX_EXPIRATION_LENGTH = 30; +const MAX_EXPIRATION_UNIT = 'minutes'; + export default class DiscordProvider extends BaseProvider { /** * The redirect URI that Lit's login server should send the user back to @@ -136,11 +139,34 @@ export default class DiscordProvider extends BaseProvider { const storageUID = this.getAuthMethodStorageUID(accessToken); if (this.storageProvider.isExpired(storageUID)) { + const expirationLength = + _options.expirationLength ?? MAX_EXPIRATION_LENGTH; + const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT; + + const userExpirationISOString = this.storageProvider.convertToISOString( + expirationLength, + expirationUnit + ); + + const maxExpirationISOString = this.storageProvider.convertToISOString( + MAX_EXPIRATION_LENGTH, + MAX_EXPIRATION_UNIT + ); + + const userExpirationDate = new Date(userExpirationISOString); + const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date + + if (userExpirationDate > maxExpirationDate) { + throw new Error( + `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}` + ); + } + this.storageProvider.setExpirableItem( storageUID, JSON.stringify(authMethod), - _options.expirationLength ?? 24, - _options.expirationUnit ?? 'hours' + expirationLength, + expirationUnit ); } } diff --git a/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts b/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts index 9d337fa0c0..3736a74bcb 100644 --- a/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/GoogleProvider.ts @@ -16,6 +16,9 @@ import { BaseProvider } from './BaseProvider'; import { ethers } from 'ethers'; import * as jose from 'jose'; +const MAX_EXPIRATION_LENGTH = 30; +const MAX_EXPIRATION_UNIT = 'minutes'; + // import { // LitAbility, // LitAccessControlConditionResource, @@ -132,11 +135,34 @@ export default class GoogleProvider extends BaseProvider { const storageUID = this.getAuthMethodStorageUID(idToken); if (this.storageProvider.isExpired(storageUID)) { + const expirationLength = + _options.expirationLength ?? MAX_EXPIRATION_LENGTH; + const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT; + + const userExpirationISOString = this.storageProvider.convertToISOString( + expirationLength, + expirationUnit + ); + + const maxExpirationISOString = this.storageProvider.convertToISOString( + MAX_EXPIRATION_LENGTH, + MAX_EXPIRATION_UNIT + ); + + const userExpirationDate = new Date(userExpirationISOString); + const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date + + if (userExpirationDate > maxExpirationDate) { + throw new Error( + `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}` + ); + } + this.storageProvider.setExpirableItem( storageUID, JSON.stringify(authMethod), - _options.expirationLength ?? 24, - _options.expirationUnit ?? 'hours' + expirationLength, + expirationUnit ); } } diff --git a/packages/lit-auth-client/src/lib/providers/OtpProvider.ts b/packages/lit-auth-client/src/lib/providers/OtpProvider.ts index 581a077bff..7edd79864d 100644 --- a/packages/lit-auth-client/src/lib/providers/OtpProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/OtpProvider.ts @@ -12,6 +12,9 @@ import { BaseProvider } from './BaseProvider'; import { OtpProviderOptions } from '@lit-protocol/types'; import { ethers } from 'ethers'; +const MAX_EXPIRATION_LENGTH = 30; +const MAX_EXPIRATION_UNIT = 'minutes'; + export class OtpProvider extends BaseProvider { #accessToken: string | undefined; @@ -76,11 +79,36 @@ export class OtpProvider extends BaseProvider { const storageUID = this.getAuthMethodStorageUID(accessToken); if (this.storageProvider.isExpired(storageUID)) { + const expirationLength = + _options.expirationLength ?? MAX_EXPIRATION_LENGTH; + const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT; + + const userExpirationISOString = + this.storageProvider.convertToISOString( + expirationLength, + expirationUnit + ); + + const maxExpirationISOString = + this.storageProvider.convertToISOString( + MAX_EXPIRATION_LENGTH, + MAX_EXPIRATION_UNIT + ); + + const userExpirationDate = new Date(userExpirationISOString); + const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date + + if (userExpirationDate > maxExpirationDate) { + throw new Error( + `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}` + ); + } + this.storageProvider.setExpirableItem( storageUID, item, - _options.expirationLength ?? 24, - _options.expirationUnit ?? 'hours' + expirationLength, + expirationUnit ); } } diff --git a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts index 2fde3bd8ab..77bdc7fc57 100644 --- a/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts +++ b/packages/lit-auth-client/src/lib/providers/WebAuthnProvider.ts @@ -15,6 +15,9 @@ import { getRPIdFromOrigin, parseAuthenticatorData } from '../utils'; import { BaseProvider } from './BaseProvider'; import { RegistrationResponseJSON } from '@simplewebauthn/typescript-types'; +const MAX_EXPIRATION_LENGTH = 3; +const MAX_EXPIRATION_UNIT = 'minutes'; + export default class WebAuthnProvider extends BaseProvider { /** * Name of relying party. Defaults to "lit" @@ -208,11 +211,34 @@ export default class WebAuthnProvider extends BaseProvider { const storageUID = this.getAuthMethodStorageUID(authMethod.accessToken); if (this.storageProvider.isExpired(storageUID)) { + const expirationLength = + _options.expirationLength ?? MAX_EXPIRATION_LENGTH; + const expirationUnit = _options.expirationUnit ?? MAX_EXPIRATION_UNIT; + + const userExpirationISOString = this.storageProvider.convertToISOString( + expirationLength, + expirationUnit + ); + + const maxExpirationISOString = this.storageProvider.convertToISOString( + MAX_EXPIRATION_LENGTH, + MAX_EXPIRATION_UNIT + ); + + const userExpirationDate = new Date(userExpirationISOString); + const maxExpirationDate = new Date(maxExpirationISOString); // Just convert the ISO string to a Date + + if (userExpirationDate > maxExpirationDate) { + throw new Error( + `The expiration date for this auth method cannot be more than ${MAX_EXPIRATION_LENGTH} ${MAX_EXPIRATION_UNIT} from now. Please provide a valid expiration length and unit.}` + ); + } + this.storageProvider.setExpirableItem( storageUID, JSON.stringify(authMethod), - _options.expirationLength ?? 24, - _options.expirationUnit ?? 'hours' + expirationLength, + expirationUnit ); } }