@accesly/react 1.0.0-pre.2 → 1.0.0

package/dist/index.d.ts

@@ -454,6 +454,78 @@ interface ReconstructedSeed {
     /** Base64 32-byte salt que vino del backend. */
     readonly recoverySalt: string;
 }
+/**
+ * Input para `recovery.finalize(...)` — orquestador end-to-end de la rotación
+ * de signers tras una recuperación por OTP.
+ *
+ * El caller debe pre-cumplir 2 pasos UI:
+ *   a) `reconstructSeed(...)` — devolvió `privateSeed` (la VIEJA, va a firmar
+ *      la auth entry) + `publicKey` (la VIEJA, no se rota acá).
+ *   b) WebAuthn `navigator.credentials.create()` con PRF extension — devolvió
+ *      `credentialId`, `secp256r1Pubkey`, y un output PRF que el caller
+ *      derivó en 2 keys `newF1Key` + `newF2Key` (HKDF típicamente).
+ *
+ * El SDK hace todo lo demás client-side:
+ *   1. Genera fresh ed25519 seed (la NUEVA) + Shamir 2-of-3 split.
+ *   2. Cifra F1' con `newF1Key`, F2' con `newF2Key`, F3' con `recoveryKey`.
+ *   3. Cifra una segunda copia de F2' con `recoveryKey` (F2_recovery) para
+ *      que la siguiente recovery siga siendo posible.
+ *   4. POST /recovery/simulate-rotate-signer → backend simula + devuelve material.
+ *   5. Firma la auth entry con la SEED VIEJA contra la regla `admin-cfg`.
+ *   6. POST /recovery/finalize con auth entry firmada + new fragments.
+ *   7. Persiste el nuevo `CredentialRecord` en `DeviceStore` (sustituye el viejo).
+ *   8. Zeroiza todas las llaves intermedias (la seed vieja la entrega el caller,
+ *      su lifecycle es responsabilidad del caller).
+ */
+interface FinalizeRecoveryInput {
+    /** Email del usuario (case-insensitive, se normaliza). */
+    readonly email: string;
+    /**
+     * Password de Cognito (UTF-8 bytes). El SDK la usa SOLO para derivar el
+     * `newRecoveryKey` con `PBKDF2(password, newRecoverySalt, 600k)`. Caller
+     * debe zeroizar tras la llamada.
+     */
+    readonly cognitoPassword: Uint8Array;
+    /** Token KMS-HMAC que devolvió `verifyOtp()` — TTL 5min. */
+    readonly recoveryJwt: string;
+    /**
+     * La seed VIEJA reconstruida por `reconstructSeed()`. Se usa SOLO para
+     * firmar la `SorobanAuthorizationEntry` de `rotate_signer` (la regla
+     * `admin-cfg` valida con el ed25519 pubkey actual del Smart Account, que
+     * es el del owner viejo). Tras firmar, el SDK la zeroiza internamente.
+     *
+     * IMPORTANTE: pasa `seedResult.privateSeed` tal cual te lo dio
+     * `reconstructSeed()`. Si ya lo zeroizaste, falla.
+     */
+    readonly oldReconstructedSeed: Uint8Array;
+    /**
+     * La pubkey VIEJA (32 bytes) — derivable de `oldReconstructedSeed`, pero
+     * la pedimos explícita para sanity-check y para empaquetar dentro del
+     * `Signer::External(verifier, pubkey)` del AuthPayload.
+     */
+    readonly oldOwnerPubkey: Uint8Array;
+    /** Credential ID del nuevo passkey (de `navigator.credentials.create`). */
+    readonly newCredentialId: Uint8Array;
+    /** Pubkey secp256r1 uncompressed (65 bytes) del nuevo passkey. */
+    readonly newSecp256r1Pubkey: Uint8Array;
+    /** Salt PRF del nuevo passkey (32 bytes random). */
+    readonly newPrfSalt: Uint8Array;
+    /** AES-256 key derivada del PRF output para cifrar F1'. */
+    readonly newF1Key: Uint8Array;
+    /** AES-256 key derivada del PRF output para cifrar F2' (PRF-bound, sign path). */
+    readonly newF2Key: Uint8Array;
+    /** Salt aleatorio (32 bytes) para el nuevo emailCommitment. */
+    readonly newEmailSalt: Uint8Array;
+}
+interface FinalizeRecoveryResult {
+    readonly walletAddress: string;
+    readonly txHash: string;
+    readonly status: string;
+    /** Pubkey ed25519 NUEVA (32 bytes). Útil para UI confirmación. */
+    readonly newPublicKey: Uint8Array;
+    /** Link al explorer. */
+    readonly explorerUrl: string;
+}
 interface RecoveryNamespace {
     /** Pide OTP. Backend rate-limita; el caller debe respetar `cooldownSeconds`. */
     requestOtp(input: {
@@ -484,12 +556,18 @@ interface RecoveryNamespace {
         recoveryJwt: string;
     }): Promise<ReconstructedSeed>;
     /**
-     * Envía la rotación al backend tras que el caller haya construido la tx
-     * `rotate_signer` y firmado el auth entry localmente.
+     * Orquestador completo de la rotación de signers para Recovery v2.
+     * Ver `FinalizeRecoveryInput` para los pre-requisitos.
+     */
+    finalize(input: FinalizeRecoveryInput): Promise<FinalizeRecoveryResult>;
+    /**
+     * Bajo nivel: submitea la rotación al backend tras que el caller haya
+     * armado el body manualmente. `finalize(...)` es el wrapper recomendado.
      */
     submitFinalize(input: {
         recoveryJwt: string;
         unsignedXdr: string;
+        signedAuthEntryXdr: string;
         newSecp256r1Pubkey: string;
         newFragmentF1Encrypted: EncryptedEnvelope;
         newFragmentF2Encrypted: EncryptedEnvelope;

package/dist/index.js

@@ -572,9 +572,103 @@ function useAccesly() {
           recoverySalt: frag.recoverySalt
         };
       },
+      async finalize(input) {
+        const networkPassphrase = stellarConfig.networkPassphrase;
+        const verifierAddress = stellarConfig.ed25519VerifierAddress;
+        const explorerBase = networkPassphrase === "Public Global Stellar Network ; September 2015" ? "https://stellar.expert/explorer/public/tx/" : "https://stellar.expert/explorer/testnet/tx/";
+        if (input.oldReconstructedSeed.length !== 32) {
+          throw new Error(
+            `recovery.finalize: oldReconstructedSeed must be 32 bytes, got ${input.oldReconstructedSeed.length}`
+          );
+        }
+        if (input.oldOwnerPubkey.length !== 32) {
+          throw new Error(
+            `recovery.finalize: oldOwnerPubkey must be 32 bytes, got ${input.oldOwnerPubkey.length}`
+          );
+        }
+        if (input.newSecp256r1Pubkey.length !== 65) {
+          throw new Error(
+            `recovery.finalize: newSecp256r1Pubkey must be 65 bytes (uncompressed), got ${input.newSecp256r1Pubkey.length}`
+          );
+        }
+        const newRecoverySalt = generateRecoverySalt();
+        const newRecoveryKey = deriveRecoveryKey({
+          password: input.cognitoPassword,
+          salt: newRecoverySalt
+        });
+        const newRecoverySaltBase64 = base64FromBytes(newRecoverySalt);
+        const created = createWallet({
+          emailBytes: new TextEncoder().encode(input.email),
+          emailSalt: input.newEmailSalt,
+          encryptionKeys: [input.newF1Key, input.newF2Key, newRecoveryKey]
+        });
+        const f2PlainShare = decryptAesGcm(created.encryptedFragments[1], input.newF2Key);
+        let newFragmentF2Recovery;
+        try {
+          newFragmentF2Recovery = encryptAesGcm(f2PlainShare, newRecoveryKey);
+        } finally {
+          for (let i = 0; i < f2PlainShare.length; i += 1) f2PlainShare[i] = 0;
+        }
+        const newSecp256r1Canonical = normalizeSecp256r1Pubkey(input.newSecp256r1Pubkey);
+        const newOwnerHex = hexFromBytes(created.publicKey);
+        const newSecpHex = hexFromBytes(newSecp256r1Canonical);
+        const newEmailCommitHex = hexFromBytes(created.emailCommitment);
+        const sim = await ctx.endpoints.simulateRotateSigner(input.recoveryJwt, {
+          newOwnerEd25519Pubkey: newOwnerHex,
+          newSecp256r1Pubkey: newSecpHex,
+          newEmailCommitment: newEmailCommitHex
+        });
+        const { signedAuthEntryXdr } = await signSorobanAuthEntry({
+          signaturePayloadHashBase64: sim.signaturePayloadHashBase64,
+          contextRuleIds: [...sim.contextRuleIds],
+          placeholderAuthEntryXdr: sim.placeholderAuthEntryXdr,
+          ed25519Seed: input.oldReconstructedSeed,
+          ed25519VerifierAddress: verifierAddress,
+          ownerPubkey: input.oldOwnerPubkey
+        });
+        let finalize;
+        try {
+          finalize = await ctx.endpoints.finalizeRecovery(input.recoveryJwt, {
+            unsignedXdr: sim.unsignedXdr,
+            signedAuthEntryXdr,
+            newSecp256r1Pubkey: newSecpHex,
+            newFragmentF1Encrypted: encodeFragmentToWire(created.encryptedFragments[0]),
+            newFragmentF2Encrypted: encodeFragmentToWire(created.encryptedFragments[1]),
+            newFragmentF2Recovery: encodeFragmentToWire(newFragmentF2Recovery),
+            newFragmentF3Encrypted: encodeFragmentToWire(created.encryptedFragments[2]),
+            newRecoverySalt: newRecoverySaltBase64,
+            newEmailCommitment: newEmailCommitHex
+          });
+        } finally {
+          for (let i = 0; i < newRecoveryKey.length; i += 1) newRecoveryKey[i] = 0;
+        }
+        await ctx.deviceStore.saveCredential({
+          username: input.email,
+          credentialId: input.newCredentialId,
+          secp256r1Pubkey: newSecp256r1Canonical,
+          fragmentF1Encrypted: created.encryptedFragments[0],
+          fragmentF2Encrypted: created.encryptedFragments[1],
+          fragmentF3Encrypted: created.encryptedFragments[2],
+          publicKey: created.publicKey,
+          emailCommitment: created.emailCommitment,
+          prfSalt: input.newPrfSalt,
+          fallbackKeyMaterial: new Uint8Array(0),
+          walletAddress: finalize.walletAddress,
+          onChain: true,
+          createdAt: Date.now()
+        });
+        return {
+          walletAddress: finalize.walletAddress,
+          txHash: finalize.txHash,
+          status: finalize.status,
+          newPublicKey: created.publicKey,
+          explorerUrl: `${explorerBase}${finalize.txHash}`
+        };
+      },
       async submitFinalize(input) {
         return ctx.endpoints.finalizeRecovery(input.recoveryJwt, {
           unsignedXdr: input.unsignedXdr,
+          signedAuthEntryXdr: input.signedAuthEntryXdr,
           newSecp256r1Pubkey: input.newSecp256r1Pubkey,
           newFragmentF1Encrypted: encodeFragmentToWire(input.newFragmentF1Encrypted),
           newFragmentF2Encrypted: encodeFragmentToWire(input.newFragmentF2Encrypted),
@@ -585,7 +679,7 @@ function useAccesly() {
         });
       }
     }),
-    [ctx]
+    [ctx, stellarConfig, hexFromBytes]
   );
   const session = useMemo(
     () => ({