feat: use anonymous for the first retrieve (dfinity#53)

Also include some cleanup of the scripts that arent used, and add a diagram for the bootstrapping process. This does not affect the worker yet. Only the first retrieve of the index.js on localhost. BREAKING CHANGE If a canister has a retrieve() method that relies on Principal, the principal used will change. Co-authored-by: Benjamin Goering <[email protected]>
ninegua · Nov 9, 2020 · 426a94f · 426a94f
1 parent b795d8b
commit 426a94f
Show file tree

Hide file tree

Showing 12 changed files with 1,694 additions and 326 deletions.
diff --git a/bin/build b/bin/build
diff --git a/bin/npm-postinstall b/bin/npm-postinstall
diff --git a/bin/test b/bin/test
diff --git a/docs/diagrams/bootstrap/authentication.puml b/docs/diagrams/bootstrap/authentication.puml
@@ -0,0 +1,94 @@
+@startuml
+' Edit with something like: https://plantuml-editor.kkeisuke.com/
+autonumber
+
+actor user
+participant bootstrap as " *.ic0.app"
+participant canister as "Canister"
+participant identity as "identity.ic0.app"
+participant webauthn as "WebAuthn"
+participant ic as "Internet Computer"
+
+user -> bootstrap: Access /index.html
+bootstrap -> canister: retrieve("/index.js")
+opt if auth
+    bootstrap -> canister: use local storage key
+
+    user -> canister: click on sign out
+    canister -> bootstrap: delete local storage
+end
+opt else
+    bootstrap -> canister: use anonymous
+
+    user -> canister: click on sign in
+    canister -> bootstrap: ic.auth.createSession()
+
+    bootstrap -> bootstrap: Generate PrivateKey + PublicKey
+    bootstrap -> identity: Authorization Request
+    note right of bootstrap
+        session_key: bytes = PublicKey
+        redirect: string = "localhost:8080/?canisterId=...
+    end note
+
+    activate identity
+
+    identity -> identity: Lookup local storage for WebAuthn Id
+
+    opt if found
+        note right of identity
+            WebAuthnId = localStorage.webauthn_id
+        end note
+    end
+    opt else
+        opt new key
+            user -> identity: Create New Master Key
+            note right of identity
+                MasterKey = generateKeyPair()
+            end note
+            identity -> user: Show BIP-39
+        end
+        opt else if import
+            user -> identity: Enter BIP-39
+            note right of identity
+                MasterKey = decodeBip39()
+            end note
+        end
+        identity -> identity: Setup delegations
+        note right of identity
+            Master Key -> WebAuthn Key
+        end note
+        user -> identity: Approve WebAuthn
+        note right of identity
+            Set localStorage.webauthn_id
+        end note
+
+    end
+
+    identity -> webauthn: Authorize Session Key
+
+    user -> webauthn: Approve WebAuthn
+
+    webauthn -> identity: Authorization (COSE)
+
+    identity -> identity: Setup delegations
+    note right of identity
+        WebAuthn Key -> Session Key
+    end note
+
+    return Authorization Response
+    note right of bootstrap
+        token: bytes = Delegate Key
+    end note
+    bootstrap -> bootstrap: Save key to localStorage
+
+    bootstrap -> canister: retrieve("/index.js")
+end
+
+loop
+    canister -> ic: Calls with Public Key + Token
+    activate ic
+    ic -> canister: Return data
+    deactivate ic
+end
+
+@enduml
diff --git a/e2e/node/package-lock.json b/e2e/node/package-lock.json
diff --git a/packages/agent/src/index.ts b/packages/agent/src/index.ts
@@ -8,6 +8,7 @@ export {
   SenderSecretKey,
   SenderSig,
   generateEd25519KeyPair as generateKeyPair,
+  makeAnonymousAuthTransform,
   makeAuthTransform,
   makeEd25519KeyPair as makeKeyPair,
 } from './auth';
@@ -24,6 +25,7 @@ import * as IDL from './idl';
 export { IDL };
 
 // TODO The following modules will be a separate library for Candid
+import { makeAnonymousAuthTransform } from './auth';
 import * as UICore from './candid/candid-core';
 import * as UI from './candid/candid-ui';
 export { UICore, UI };