Merge branch 'kernel-community:main' into main

packages/admin/src/App.config.json

@@ -1,8 +1,8 @@
 {
   "appTitle": "Kernel Steward",
-  "adminRole": 100,
+  "minRole": 100,
   "homeUrl": "/dashboard",
   "navbar": {
     "links": []
   }
-}
+}

packages/auth/src/routes/rpc.js

@@ -23,25 +23,33 @@ const SERVICE_POLICY = {
     accessToken: ROLE_ALL
   }
 }
+
+const LOCAL = process.env.ENV === 'DEV'
+const DOMAIN = LOCAL ? '.app.localhost' : 'kernel.community'
+
 const register = async (server, rpcPath, { seed, authMemberId, rpcEndpoint }) => {
 
   const authService = await authBuilder.build({ seed, authMemberId, rpcEndpoint })
 
   const services = { authService }
   const rpcService = await rpcBuilder.build(services)
 
-  //TODO: limit origin domains
+  // TODO: allow list for origin
   server.options(`${rpcPath}`, async (request, reply) => {
-    reply.header("Access-Control-Allow-Origin", "*")
+    reply.header("Access-Control-Allow-Origin", request.headers.origin)
     reply.header("Access-Control-Allow-Headers", "*")
+    reply.header("Access-Control-Allow-Credentials", "true")
     reply.header("Access-Control-Allow-Methods", "POST, OPTIONS")
+    reply.header("Access-Control-Allow-Headers", "authorization,content-type")
     return {}
   })
 
   server.post(`${rpcPath}`, async (request, reply) => {
-    reply.header("Access-Control-Allow-Origin", "*")
+    reply.header("Access-Control-Allow-Origin", request.headers.origin)
     reply.header("Access-Control-Allow-Headers", "*")
+    reply.header("Access-Control-Allow-Credentials", "true")
     reply.header("Access-Control-Allow-Methods", "POST")
+    reply.header("Access-Control-Allow-Headers", "authorization,content-type")
     const { jsonrpc, id, method, params } = request.body
     if (!jsonrpc || !id || !method)  {
       return reply.badRequest()
@@ -52,8 +60,28 @@ const register = async (server, rpcPath, { seed, authMemberId, rpcEndpoint }) =>
     console.debug('rpc ', request.body, request.user)
     const [service, fn] = method.split('.') 
     try {
-      const result = await rpcService.call(service, fn, params)
-      return { jsonrpc, id, result }
+      const { authPayload, jwt, persist } = await rpcService.call(service, fn, params)
+      if (persist) {
+        // TODO: set expires, set env properly
+        //const maxAge = authPayload.exp - Date.now()
+        const opts = {
+          domain: DOMAIN,
+          maxAge: 60 * 60 * 20,
+          sameSite: 'none',
+          secure: true,
+          httpOnly: true,
+          path: '/'
+        }
+        reply.setCookie('stagingJWT', jwt, opts)
+        reply.setCookie('stagingUser', JSON.stringify(authPayload), {
+          domain: DOMAIN,
+          maxAge: 60 * 60 * 20,
+          secure: true,
+          sameSite: 'none',
+          path: '/'
+        })
+      }
+      return { jsonrpc, id, result: jwt }
     } catch (e) {
       const error = { code: e.code, message: e.message }
       return { jsonrpc, id, error }

packages/auth/src/services/auth.js

@@ -109,7 +109,7 @@ const build = async ({ seed, authMemberId, rpcEndpoint }) => {
     return jwtService.createJwt(wallet, jwtService.AUTH_JWT, authPayload)
   }
 
-  const accessToken = async (jwt) => {
+  const accessToken = async (jwt, persist = false) => {
     const { header, payload: { iss, exp, nickname }, signature } = decodeJwt(jwt)
 
     let member
@@ -128,7 +128,8 @@ const build = async ({ seed, authMemberId, rpcEndpoint }) => {
 
     const { id, data: { role, groupIds = DEFAULT_GROUP_IDS } } = member
     const authPayload = jwtService.authPayload({ iss: id, exp, nickname, role, groupIds })
-    return jwtService.createJwt(wallet, jwtService.AUTH_JWT, authPayload)
+    const token = await jwtService.createJwt(wallet, jwtService.AUTH_JWT, authPayload)
+    return { jwt: token, persist, authPayload }
   }
 
   return { setup, publicKey, register, accessToken }

packages/common/src/components/Loading.js

@@ -14,7 +14,7 @@ const LOADING_INDICATOR_TYPES = {
 
 function DefaultSpinner () {
   return (
-    <svg role='status' class='w-8 h-8 mr-2 text-kernel-dark animate-spin dark:text-kernel-dark fill-kernel-green-light' viewBox='0 0 100 101' fill='none' xmlns='http://www.w3.org/2000/svg'>
+    <svg role='status' className='w-8 h-8 mr-2 text-kernel-dark animate-spin dark:text-kernel-dark fill-kernel-green-light' viewBox='0 0 100 101' fill='none' xmlns='http://www.w3.org/2000/svg'>
       <path d='M100 50.5908C100 78.2051 77.6142 100.591 50 100.591C22.3858 100.591 0 78.2051 0 50.5908C0 22.9766 22.3858 0.59082 50 0.59082C77.6142 0.59082 100 22.9766 100 50.5908ZM9.08144 50.5908C9.08144 73.1895 27.4013 91.5094 50 91.5094C72.5987 91.5094 90.9186 73.1895 90.9186 50.5908C90.9186 27.9921 72.5987 9.67226 50 9.67226C27.4013 9.67226 9.08144 27.9921 9.08144 50.5908Z' fill='currentColor' />
       <path d='M93.9676 39.0409C96.393 38.4038 97.8624 35.9116 97.0079 33.5539C95.2932 28.8227 92.871 24.3692 89.8167 20.348C85.8452 15.1192 80.8826 10.7238 75.2124 7.41289C69.5422 4.10194 63.2754 1.94025 56.7698 1.05124C51.7666 0.367541 46.6976 0.446843 41.7345 1.27873C39.2613 1.69328 37.813 4.19778 38.4501 6.62326C39.0873 9.04874 41.5694 10.4717 44.0505 10.1071C47.8511 9.54855 51.7191 9.52689 55.5402 10.0491C60.8642 10.7766 65.9928 12.5457 70.6331 15.2552C75.2735 17.9648 79.3347 21.5619 82.5849 25.841C84.9175 28.9121 86.7997 32.2913 88.1811 35.8758C89.083 38.2158 91.5421 39.6781 93.9676 39.0409Z' fill='currentFill' />
     </svg>
@@ -34,7 +34,7 @@ export default function Loading (props) {
   const type = props.type || LOADING_INDICATOR_TYPES.default
 
   return (
-    <div class='grid place-items-center h-screen'>
+    <div className='grid place-items-center h-screen'>
       <Animation type={type} />
     </div>
   )

packages/common/src/contexts/ServicesContext.js

@@ -20,8 +20,6 @@ const AUTH_URL = process.env[`REACT_APP_AUTH_URL_${env}`]
 const AUTH_MESSAGE_TYPE = 'kernel.auth'
 const AUTH_TIMEOUT_MS = 24 * 60 * 60 * 1000
 
-const INITIAL_STATE = {}
-
 const rpcEndpointStorage = process.env[`REACT_APP_STORAGE_ENDPOINT_${env}`]
 const rpcEndpointTask = process.env[`REACT_APP_TASK_ENDPOINT_${env}`]
 const rpcEndpointQuery = process.env[`REACT_APP_QUERY_ENDPOINT_${env}`]
@@ -83,11 +81,22 @@ const handleMessage = (dispatch, messageEvent) => {
   }
 }
 
+const hasCookie = () => document.cookie.includes('stagingUser')
+const fromCookie = () => JSON.parse(decodeURIComponent(document.cookie.split('=')[1]))
+
 const walletLogin = async (state, dispatch) => {
   // TODO: check exp
   if (state.user) {
     return state.user
   }
+
+  // TODO: check exp
+  if (hasCookie()) {
+    const payload = fromCookie()
+    dispatch({ type: 'user', payload })
+    return payload
+  }
+
   const auth = window.open(AUTH_URL, '_blank')
   window.addEventListener('message', handleMessage.bind(null, dispatch))
   try {
@@ -134,7 +143,11 @@ const walletLogin = async (state, dispatch) => {
 const currentUser = (state) => state.user
 
 const ServicesProvider = ({ children }) => {
-  const [state, dispatch] = useReducer(reducer, INITIAL_STATE)
+  const initialState = {}
+  if (hasCookie()) {
+    Object.assign(initialState, { user: fromCookie() })
+  }
+  const [state, dispatch] = useReducer(reducer, initialState)
   const value = {
     state,
     dispatch,

packages/common/src/services/rpcClient.js

@@ -23,13 +23,14 @@ const build = async ({ rpcEndpoint, jwtFn }) => {
 
   const request = async (url, data) => {
     const jwt = await jwtFn.call()
+    const headers = { 'Content-Type': 'application/json' }
+    if (jwt) {
+      Object.assign(headers, { Authorization: `Bearer ${jwt}` })
+    }
     const opts = {
       method: 'POST',
-      // TODO: add authentication
-      headers: {
-        'Content-Type': 'application/json',
-        Authorization: `Bearer ${jwt}`
-      },
+      credentials: 'include',
+      headers,
       body: JSON.stringify(data)
     }
     console.log(opts)

packages/query/src/routes/rpc.js

@@ -36,15 +36,28 @@ const register = async (server, rpcPath, { seed, authMemberId, rpcEndpoint, proj
   const rpcService = await rpcBuilder.build(services)
 
   const now = () => Date.now()
+
+  const getJWT = (request) => {
+    // Try to get JWT from headers or cookie
+    const header = request.raw.headers.authorization
+    const cookie = request.cookies.stagingJWT
+    if (!header && !cookie) {
+      return
+    }
+    const jwt = header ?
+      header.substring(BEARER_TYPE.length).trim() : cookie
+    return jwt
+  }
+
   const auth = async (request, reply) => {
     if (!authServiceAddress) {
       return reply.serviceUnavailable()
     }
-    const header = request.raw.headers.authorization
-    if (!header) {
+    const jwt = getJWT(request)
+    if (!jwt) {
+      console.debug('unauthorized')
       return reply.unauthorized()
     }
-    const jwt = header.substring(BEARER_TYPE.length).trim()
     try {
       const { payload, signature } = jwtService.decode(jwt)
       const { iss, nickname, iat, exp, aud } = payload
@@ -68,16 +81,20 @@ const register = async (server, rpcPath, { seed, authMemberId, rpcEndpoint, proj
   }
 
   server.options(`${rpcPath}`, async (request, reply) => {
-    reply.header("Access-Control-Allow-Origin", "*")
+    reply.header("Access-Control-Allow-Origin", request.headers.origin)
     reply.header("Access-Control-Allow-Headers", "*")
+    reply.header("Access-Control-Allow-Credentials", "true")
     reply.header("Access-Control-Allow-Methods", "POST, OPTIONS")
+    reply.header("Access-Control-Allow-Headers", "authorization,content-type")
     return {}
   })
 
   server.post(`${rpcPath}`, { onRequest: auth }, async (request, reply) => {
-    reply.header("Access-Control-Allow-Origin", "*")
+    reply.header("Access-Control-Allow-Origin", request.headers.origin)
     reply.header("Access-Control-Allow-Headers", "*")
-    reply.header("Access-Control-Allow-Methods", "POST")
+    reply.header("Access-Control-Allow-Credentials", "true")
+    reply.header("Access-Control-Allow-Methods", "POST, OPTIONS")
+    reply.header("Access-Control-Allow-Headers", "authorization,content-type")
     console.debug('rpc call: ', request.body, request.user)
     const user = request.user
     const { jsonrpc, id, method, params } = request.body