Hyperledger Composer Web application user authenti

2019-01-09 02:04发布

问题:

I already created a business network using hyperledger composer and I created a simple web app for adding participants and submitting transactions through web interface by using angular.

Also, I have enabled authentication for the REST server using passport and I have used multiple user mode so I could export business network card to the rest api and change the default card and submit transaction via different users.

Now I want to create the registration part of my web app, so my users could be able to register through the web application, issue an identity and then submit transactions or view the system based on their level of access defined in ACL file. Is there any resource or any idea to guide me how can I do it? Is there any sample which has implemented web application and includes user registration and authentication?

回答1:

see https://github.com/hyperledger/composer-sample-networks/blob/v0.16.x/packages/trade-network/test/trading.js#L21 but use FileSystemCardStore instead of MemoryCardStore - we have an issue on documentation for this right now - https://github.com/hyperledger/composer/issues/3088 the general flow is :

Issue identity, businessNetworkConnection.issueIdentity(NS + '#' + userData.id, userData.user); .... var userCard = new IdCard({...}); userCard.setCredentials(credentials); ...

Import Card: adminConnection.importCard(userCardName, userCard); .... .then(() => { //

Connect to the business network: (using the blockchain identity ...

businessNetworkConnection = new BusinessNetworkConnection({ cardStore: cardStore }); 
businessNetworkConnection.connect(userCardName); } ...

For all subsequent connects from that user (eg. from the web application he/she is logged into) :

bizNetworkConnection.connect(`${cardName})

ON user registration bit, once you received the registration payload, you can use Composer to create a participant and composer (blockchain) identity for that user - then create the card as above, connect to it (to get the certificate downloaded) then export that card, to be shared with the user that just registered. Using REST you can import the card (that has a connection profile that knows how to connect to the Composer runtime) then they can interact with the business network.

Do user registration / authentication, don't have samples (others may answer in time)..

where cardname is for example the user id or email address, and execute whatever data changes or transactions you want.

So for example for POST /items when using JWT:

  • check if it has a valid token with request
  • create new BusinessNetworkConnection (above) or obtain from a pool
  • connect to this BusinessNetworkConnection by passing in the userId/cardname which you get from the token - which will retrieve the card from the cardstore
  • once connected, the user can interact with the business network

On authentication, obviously REST Server endpoints can be secured (with connect gateways secured for outward consumption). Have you considered using JWT as a strategy and/or considered Node-Red for registration/auth flow ?

Anyway these resources may help give you some insights:

https://medium.freecodecamp.org/securing-node-js-restful-apis-with-json-web-tokens-9f811a92bb52

https://www.compose.com/articles/authenticating-node-red-with-jsonwebtoken/

hope this helps.