@0xsequence/guard 1.4.0 → 1.4.2

package/src/guard.gen.ts

@@ -1,9 +1,9 @@
 /* eslint-disable */
-// sequence-guard v0.4.0 a29651d1d5f63268e8d03b51e46557e0632c144d
+// sequence-guard v0.4.0 2e5d6a4c9b797598078365d7439f330bc7bbf29c
 // --
-// Code generated by webrpc-gen@v0.10.x-dev with typescript generator. DO NOT EDIT.
+// Code generated by webrpc-gen@v0.12.x-dev with typescript@v0.10.0 generator. DO NOT EDIT.
 //
-// webrpc-gen -schema=guard.ridl -target=typescript -client -out=./clients/guard.gen.ts
+// webrpc-gen -schema=guard.ridl -target=typescript@v0.10.0 -client -out=./clients/guard.gen.ts
 
 // WebRPC description and code-gen version
 export const WebRPCVersion = 'v1'
@@ -12,7 +12,7 @@ export const WebRPCVersion = 'v1'
 export const WebRPCSchemaVersion = 'v0.4.0'
 
 // Schema hash generated from your RIDL schema
-export const WebRPCSchemaHash = 'a29651d1d5f63268e8d03b51e46557e0632c144d'
+export const WebRPCSchemaHash = '2e5d6a4c9b797598078365d7439f330bc7bbf29c'
 
 //
 // Types
@@ -50,6 +50,23 @@ export interface SignRequest {
   auxData: string
 }
 
+export interface OwnershipProof {
+  wallet: string
+  timestamp: number
+  signer: string
+  signature: string
+}
+
+export interface AuthToken {
+  id: string
+  token: string
+}
+
+export interface RecoveryCode {
+  code: string
+  used: boolean
+}
+
 export interface Guard {
   ping(headers?: object): Promise<PingReturn>
   version(headers?: object): Promise<VersionReturn>
@@ -57,6 +74,15 @@ export interface Guard {
   getSignerConfig(args: GetSignerConfigArgs, headers?: object): Promise<GetSignerConfigReturn>
   sign(args: SignArgs, headers?: object): Promise<SignReturn>
   signWith(args: SignWithArgs, headers?: object): Promise<SignWithReturn>
+  authMethods(args: AuthMethodsArgs, headers?: object): Promise<AuthMethodsReturn>
+  setPIN(args: SetPINArgs, headers?: object): Promise<SetPINReturn>
+  resetPIN(args: ResetPINArgs, headers?: object): Promise<ResetPINReturn>
+  createTOTP(args: CreateTOTPArgs, headers?: object): Promise<CreateTOTPReturn>
+  commitTOTP(args: CommitTOTPArgs, headers?: object): Promise<CommitTOTPReturn>
+  resetTOTP(args: ResetTOTPArgs, headers?: object): Promise<ResetTOTPReturn>
+  reset2FA(args: Reset2FAArgs, headers?: object): Promise<Reset2FAReturn>
+  recoveryCodes(args: RecoveryCodesArgs, headers?: object): Promise<RecoveryCodesReturn>
+  resetRecoveryCodes(args: ResetRecoveryCodesArgs, headers?: object): Promise<ResetRecoveryCodesReturn>
 }
 
 export interface PingArgs {}
@@ -83,6 +109,7 @@ export interface GetSignerConfigReturn {
 }
 export interface SignArgs {
   request: SignRequest
+  token?: AuthToken
 }
 
 export interface SignReturn {
@@ -91,11 +118,76 @@ export interface SignReturn {
 export interface SignWithArgs {
   signer: string
   request: SignRequest
+  token?: AuthToken
 }
 
 export interface SignWithReturn {
   sig: string
 }
+export interface AuthMethodsArgs {
+  proof?: OwnershipProof
+}
+
+export interface AuthMethodsReturn {
+  methods: Array<string>
+  active: boolean
+}
+export interface SetPINArgs {
+  pin: string
+  timestamp: number
+  signature: string
+}
+
+export interface SetPINReturn {}
+export interface ResetPINArgs {
+  timestamp: number
+  signature: string
+}
+
+export interface ResetPINReturn {}
+export interface CreateTOTPArgs {
+  timestamp: number
+  signature: string
+}
+
+export interface CreateTOTPReturn {
+  uri: string
+}
+export interface CommitTOTPArgs {
+  token: string
+}
+
+export interface CommitTOTPReturn {
+  codes: Array<RecoveryCode>
+}
+export interface ResetTOTPArgs {
+  timestamp: number
+  signature: string
+}
+
+export interface ResetTOTPReturn {}
+export interface Reset2FAArgs {
+  code: string
+  proof?: OwnershipProof
+}
+
+export interface Reset2FAReturn {}
+export interface RecoveryCodesArgs {
+  timestamp: number
+  signature: string
+}
+
+export interface RecoveryCodesReturn {
+  codes: Array<RecoveryCode>
+}
+export interface ResetRecoveryCodesArgs {
+  timestamp: number
+  signature: string
+}
+
+export interface ResetRecoveryCodesReturn {
+  codes: Array<RecoveryCode>
+}
 
 //
 // Client
@@ -173,6 +265,89 @@ export class Guard implements Guard {
       })
     })
   }
+
+  authMethods = (args: AuthMethodsArgs, headers?: object): Promise<AuthMethodsReturn> => {
+    return this.fetch(this.url('AuthMethods'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {
+          methods: <Array<string>>_data.methods,
+          active: <boolean>_data.active
+        }
+      })
+    })
+  }
+
+  setPIN = (args: SetPINArgs, headers?: object): Promise<SetPINReturn> => {
+    return this.fetch(this.url('SetPIN'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {}
+      })
+    })
+  }
+
+  resetPIN = (args: ResetPINArgs, headers?: object): Promise<ResetPINReturn> => {
+    return this.fetch(this.url('ResetPIN'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {}
+      })
+    })
+  }
+
+  createTOTP = (args: CreateTOTPArgs, headers?: object): Promise<CreateTOTPReturn> => {
+    return this.fetch(this.url('CreateTOTP'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {
+          uri: <string>_data.uri
+        }
+      })
+    })
+  }
+
+  commitTOTP = (args: CommitTOTPArgs, headers?: object): Promise<CommitTOTPReturn> => {
+    return this.fetch(this.url('CommitTOTP'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {
+          codes: <Array<RecoveryCode>>_data.codes
+        }
+      })
+    })
+  }
+
+  resetTOTP = (args: ResetTOTPArgs, headers?: object): Promise<ResetTOTPReturn> => {
+    return this.fetch(this.url('ResetTOTP'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {}
+      })
+    })
+  }
+
+  reset2FA = (args: Reset2FAArgs, headers?: object): Promise<Reset2FAReturn> => {
+    return this.fetch(this.url('Reset2FA'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {}
+      })
+    })
+  }
+
+  recoveryCodes = (args: RecoveryCodesArgs, headers?: object): Promise<RecoveryCodesReturn> => {
+    return this.fetch(this.url('RecoveryCodes'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {
+          codes: <Array<RecoveryCode>>_data.codes
+        }
+      })
+    })
+  }
+
+  resetRecoveryCodes = (args: ResetRecoveryCodesArgs, headers?: object): Promise<ResetRecoveryCodesReturn> => {
+    return this.fetch(this.url('ResetRecoveryCodes'), createHTTPRequest(args, headers)).then(res => {
+      return buildResponse(res).then(_data => {
+        return {
+          codes: <Array<RecoveryCode>>_data.codes
+        }
+      })
+    })
+  }
 }
 
 export interface WebRPCError extends Error {

package/src/index.ts

@@ -1,2 +1 @@
-export * from './guard.gen'
 export * from './signer'

package/src/signer.ts

@@ -1,27 +1,19 @@
-import { signers, Status } from '@0xsequence/signhub'
-import { BytesLike, ethers } from 'ethers'
-import { Guard } from './guard.gen'
+import { Account } from '@0xsequence/account'
 import { commons, universal } from '@0xsequence/core'
+import { signers, Status } from '@0xsequence/signhub'
+import { encodeTypedDataDigest, TypedData } from '@0xsequence/utils'
+import { BytesLike, ethers, TypedDataDomain } from 'ethers'
+import { AuthMethodsReturn, Guard, RecoveryCode as GuardRecoveryCode } from './guard.gen'
 
 const fetch = typeof global === 'object' ? global.fetch : window.fetch
 
 export class GuardSigner implements signers.SapientSigner {
   private guard: Guard
-  private requests: Map<
-    string,
-    {
-      lastAttempt?: string
-      onSignature: (signature: BytesLike) => void
-      onRejection: (error: string) => void
-      onStatus: (situation: string) => void
-    }
-  > = new Map()
 
   constructor(
     public readonly address: string,
     public readonly url: string,
-    public readonly appendSuffix: boolean = false,
-    private readonly onError?: (err: Error) => void
+    public readonly appendSuffix: boolean = false
   ) {
     this.guard = new Guard(url, fetch)
   }
@@ -46,8 +38,8 @@ export class GuardSigner implements signers.SapientSigner {
   }
 
   async requestSignature(
-    id: string,
-    _message: BytesLike,
+    _id: string,
+    message: BytesLike,
     metadata: object,
     callbacks: {
       onSignature: (signature: BytesLike) => void
@@ -55,78 +47,286 @@ export class GuardSigner implements signers.SapientSigner {
       onStatus: (situation: string) => void
     }
   ): Promise<boolean> {
+    const { onSignature, onRejection } = callbacks
+
     if (!commons.isWalletSignRequestMetadata(metadata)) {
-      callbacks.onRejection('Expected Sequence-like metadata')
+      onRejection('expected sequence signature request metadata')
+      return false
+    }
+
+    const guardTotpCode = (metadata as { guardTotpCode?: string }).guardTotpCode
+
+    // Building auxData, notice: this uses the old v1 format
+    // TODO: We should update the guard API so we can pass the metadata directly
+    const coder = universal.genericCoderFor(metadata.config.version)
+    const { encoded } = coder.signature.encodeSigners(metadata.config, metadata.parts ?? new Map(), [], metadata.chainId)
+
+    try {
+      const { sig: signature } = await this.guard.signWith({
+        signer: this.address,
+        request: {
+          msg: ethers.utils.hexlify(message),
+          auxData: this.packMsgAndSig(metadata.address, metadata.digest, encoded, metadata.chainId),
+          chainId: ethers.BigNumber.from(metadata.chainId).toNumber()
+        },
+        token: guardTotpCode ? { id: AuthMethod.TOTP, token: guardTotpCode } : undefined
+      })
+
+      if (ethers.utils.arrayify(signature).length === 0) {
+        throw new Error('guard response contained no signature data')
+      }
+
+      onSignature(signature)
+      return true
+    } catch (error) {
+      onRejection(`unable to request guard signature: ${error.message ?? error.msg ?? error}`)
+      return false
+    }
+  }
+
+  notifyStatusChange(_id: string, _status: Status, _metadata: object): void {}
+
+  async getAuthMethods(proof: OwnershipProof): Promise<AuthMethod[]> {
+    let response: AuthMethodsReturn
+
+    if ('jwt' in proof) {
+      response = await this.guard.authMethods({}, { Authorization: `BEARER ${proof.jwt}` })
     } else {
-      // Queue the request first, this method only does that
-      // the requesting to the API is later handled on every status change
-      this.requests.set(id, callbacks)
+      const signedProof = await signOwnershipProof(proof)
+
+      response = await this.guard.authMethods({
+        proof: {
+          wallet: signedProof.walletAddress,
+          timestamp: signedProof.timestamp.getTime(),
+          signer: signedProof.signerAddress,
+          signature: signedProof.signature
+        }
+      })
     }
 
-    return true
+    return response.methods.map(parseAuthMethod)
   }
 
-  notifyStatusChange(id: string, status: Status, metadata: object): void {
-    if (!this.requests.has(id)) return
+  async setPin(pin: string | undefined, proof: AuthUpdateProof): Promise<void> {
+    const signedProof = await signAuthUpdateProof(proof)
 
-    if (!commons.isWalletSignRequestMetadata(metadata)) {
-      this.requests.get(id)!.onRejection('Expected Sequence-like metadata (status update)')
-      return
+    if (pin === undefined) {
+      await this.guard.resetPIN(
+        { timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+        { Authorization: `BEARER ${proof.jwt}` }
+      )
+    } else {
+      await this.guard.setPIN(
+        { pin, timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+        { Authorization: `BEARER ${proof.jwt}` }
+      )
     }
+  }
 
-    this.evaluateRequest(id, status.message, status, metadata)
+  resetPin(proof: AuthUpdateProof): Promise<void> {
+    return this.setPin(undefined, proof)
   }
 
-  private packMsgAndSig(address: string, msg: BytesLike, sig: BytesLike, chainId: ethers.BigNumberish): string {
-    return ethers.utils.defaultAbiCoder.encode(['address', 'uint256', 'bytes', 'bytes'], [address, chainId, msg, sig])
+  async createTotp(proof: AuthUpdateProof): Promise<URL> {
+    const signedProof = await signAuthUpdateProof(proof)
+
+    const { uri } = await this.guard.createTOTP(
+      { timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+      { Authorization: `BEARER ${proof.jwt}` }
+    )
+
+    return new URL(uri)
   }
 
-  private keyOfRequest(signer: string, msg: BytesLike, auxData: BytesLike, chainId: ethers.BigNumberish): string {
-    return ethers.utils.solidityKeccak256(['address', 'uint256', 'bytes', 'bytes'], [signer, chainId, msg, auxData])
+  async commitTotp(token: string, jwt: string): Promise<RecoveryCode[]> {
+    const { codes } = await this.guard.commitTOTP({ token }, { Authorization: `BEARER ${jwt}` })
+    return codes
   }
 
-  private async evaluateRequest(
-    id: string,
-    message: BytesLike,
-    _: Status,
-    metadata: commons.WalletSignRequestMetadata
-  ): Promise<void> {
-    // Building auxData, notice: this uses the old v1 format
-    // TODO: We should update the guard API so we can pass the metadata directly
-    const coder = universal.genericCoderFor(metadata.config.version)
-    const { encoded } = coder.signature.encodeSigners(metadata.config, metadata.parts ?? new Map(), [], metadata.chainId)
+  async resetTotp(proof: AuthUpdateProof): Promise<void> {
+    const signedProof = await signAuthUpdateProof(proof)
 
-    try {
-      const key = this.keyOfRequest(this.address, message, encoded, metadata.chainId)
-      const lastAttempt = this.requests.get(id)?.lastAttempt
-      if (lastAttempt === key) {
-        return
-      }
+    await this.guard.resetTOTP(
+      { timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+      { Authorization: `BEARER ${proof.jwt}` }
+    )
+  }
 
-      this.requests.get(id)!.lastAttempt = key
+  async reset2fa(recoveryCode: string, proof: OwnershipProof): Promise<void> {
+    if ('jwt' in proof) {
+      await this.guard.reset2FA({ code: recoveryCode }, { Authorization: `BEARER ${proof.jwt}` })
+    } else {
+      const signedProof = await signOwnershipProof(proof)
 
-      const result = await this.guard.signWith({
-        signer: this.address,
-        request: {
-          msg: ethers.utils.hexlify(message),
-          auxData: this.packMsgAndSig(metadata.address, metadata.digest, encoded, metadata.chainId),
-          chainId: ethers.BigNumber.from(metadata.chainId).toNumber() // TODO: This should be a string (in the API)
+      await this.guard.reset2FA({
+        code: recoveryCode,
+        proof: {
+          wallet: signedProof.walletAddress,
+          timestamp: signedProof.timestamp.getTime(),
+          signer: signedProof.signerAddress,
+          signature: signedProof.signature
         }
       })
-
-      if (ethers.utils.arrayify(result.sig).length !== 0) {
-        this.requests.get(id)!.onSignature(result.sig)
-        this.requests.delete(id)
-      }
-    } catch (e) {
-      // The guard signer may reject the request for a number of reasons
-      // like for example, if it's being the first signer (it waits for other signers to sign first)
-      // We always forward the error here and filter on client side.
-      this.onError?.(e)
     }
   }
 
+  async getRecoveryCodes(proof: AuthUpdateProof): Promise<RecoveryCode[]> {
+    const signedProof = await signAuthUpdateProof(proof)
+
+    const { codes } = await this.guard.recoveryCodes(
+      { timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+      { Authorization: `BEARER ${proof.jwt}` }
+    )
+
+    return codes
+  }
+
+  async resetRecoveryCodes(proof: AuthUpdateProof): Promise<RecoveryCode[]> {
+    const signedProof = await signAuthUpdateProof(proof)
+
+    const { codes } = await this.guard.resetRecoveryCodes(
+      { timestamp: signedProof.timestamp.getTime(), signature: signedProof.signature },
+      { Authorization: `BEARER ${proof.jwt}` }
+    )
+
+    return codes
+  }
+
+  private packMsgAndSig(address: string, msg: BytesLike, sig: BytesLike, chainId: ethers.BigNumberish): string {
+    return ethers.utils.defaultAbiCoder.encode(['address', 'uint256', 'bytes', 'bytes'], [address, chainId, msg, sig])
+  }
+
   suffix(): BytesLike {
     return this.appendSuffix ? [3] : []
   }
 }
+
+export type RecoveryCode = GuardRecoveryCode
+
+export enum AuthMethod {
+  PIN = 'PIN',
+  TOTP = 'TOTP'
+}
+
+function parseAuthMethod(method: string): AuthMethod {
+  switch (method) {
+    case AuthMethod.PIN:
+    case AuthMethod.TOTP:
+      return method
+    default:
+      throw new Error(`unknown auth method '${method}'`)
+  }
+}
+
+export type OwnershipProof =
+  | { jwt: string }
+  | {
+      walletAddress: string
+      timestamp: Date
+      signerAddress: string
+      signature: string
+    }
+  | {
+      walletAddress: string
+      signer: ethers.Signer | signers.SapientSigner
+    }
+
+function isSignedOwnershipProof(
+  proof: OwnershipProof
+): proof is { walletAddress: string; timestamp: Date; signerAddress: string; signature: string } {
+  return 'signerAddress' in proof && typeof proof.signerAddress === 'string'
+}
+
+async function signOwnershipProof(
+  proof: Exclude<OwnershipProof, { jwt: string }>
+): Promise<{ walletAddress: string; timestamp: Date; signerAddress: string; signature: string }> {
+  if (isSignedOwnershipProof(proof)) {
+    return proof
+  } else {
+    const signer = signers.isSapientSigner(proof.signer) ? proof.signer : new signers.SignerWrapper(proof.signer)
+    const signerAddress = await signer.getAddress()
+    const timestamp = new Date()
+    const typedData = getOwnershipProofTypedData(proof.walletAddress, timestamp)
+    const digest = encodeTypedDataDigest(typedData)
+    const randomId = ethers.utils.hexlify(ethers.utils.randomBytes(32))
+
+    return new Promise((resolve, reject) =>
+      signer.requestSignature(
+        randomId,
+        digest,
+        {},
+        {
+          onSignature(signature) {
+            resolve({
+              walletAddress: proof.walletAddress,
+              timestamp,
+              signerAddress,
+              signature: ethers.utils.hexlify(signature)
+            })
+          },
+          onRejection: reject,
+          onStatus(_situation) {}
+        }
+      )
+    )
+  }
+}
+
+export type AuthUpdateProof = { jwt: string } & ({ timestamp: Date; signature: string } | { wallet: Account })
+
+async function signAuthUpdateProof(proof: AuthUpdateProof): Promise<{ jwt: string; timestamp: Date; signature: string }> {
+  if ('wallet' in proof) {
+    const timestamp = new Date()
+    const typedData = getAuthUpdateProofTypedData(timestamp)
+
+    const signature = await proof.wallet.signTypedData(
+      typedData.domain,
+      typedData.types,
+      typedData.message,
+      typedData.domain.chainId ?? 1,
+      'eip6492'
+    )
+
+    return { jwt: proof.jwt, timestamp, signature }
+  } else {
+    return proof
+  }
+}
+
+export function getOwnershipProofTypedData(wallet: string, timestamp: Date): TypedData {
+  return {
+    domain,
+    types: {
+      AuthMethods: [
+        { name: 'wallet', type: 'address' },
+        { name: 'timestamp', type: 'string' }
+      ]
+    },
+    message: {
+      wallet: ethers.utils.getAddress(wallet),
+      timestamp: toUTCString(timestamp)
+    }
+  }
+}
+
+export function getAuthUpdateProofTypedData(timestamp: Date): TypedData {
+  return {
+    domain,
+    types: {
+      AuthUpdate: [{ name: 'timestamp', type: 'string' }]
+    },
+    message: {
+      timestamp: toUTCString(timestamp)
+    }
+  }
+}
+
+const domain: TypedDataDomain = {
+  name: 'Sequence Guard',
+  version: '1',
+  chainId: 1
+}
+
+function toUTCString(date: Date): string {
+  return date.toUTCString().replace('GMT', 'UTC')
+}