@ar.io/sdk 3.11.0-alpha.6 → 3.11.0-alpha.8

package/lib/esm/common/wayfinder/gateways/trusted-gateways.js

@@ -0,0 +1,102 @@
+const arioGatewayHeaders = {
+    digest: 'x-ar-io-digest',
+    verified: 'x-ar-io-verified',
+    txId: 'x-arns-resolved-tx-id',
+    processId: 'x-arns-resolved-process-id',
+};
+export class TrustedGatewaysHashProvider {
+    gatewaysProvider;
+    constructor({ gatewaysProvider,
+    // TODO: add threshold for allowed hash difference (i.e. by count or ratio of total gateways checked)
+     }) {
+        this.gatewaysProvider = gatewaysProvider;
+    }
+    /**
+     * Gets the digest for a given txId from all trusted gateways and ensures they all match.
+     * @param txId - The txId to get the digest for.
+     * @returns The digest for the given txId.
+     */
+    async getHash({ txId, }) {
+        // get the hash from every gateway, and ensure they all match
+        const hashSet = new Set();
+        const hashResults = [];
+        const gateways = await this.gatewaysProvider.getGateways();
+        const hashes = await Promise.all(gateways.map(async (gateway) => {
+            const response = await fetch(`${gateway.toString()}${txId}`, {
+                method: 'HEAD',
+                redirect: 'follow',
+            });
+            if (!response.ok) {
+                // skip this gateway
+                return undefined;
+            }
+            const txIdHash = response.headers.get(arioGatewayHeaders.digest);
+            if (txIdHash === null || txIdHash === undefined) {
+                // skip this gateway
+                return undefined;
+            }
+            hashResults.push({
+                gateway: gateway.hostname,
+                txIdHash,
+            });
+            return txIdHash;
+        }));
+        for (const hash of hashes) {
+            if (hash !== undefined) {
+                hashSet.add(hash);
+            }
+        }
+        if (hashSet.size === 0) {
+            throw new Error(`No trusted gateways found for txId ${txId}`);
+        }
+        if (hashSet.size > 1) {
+            throw new Error(`Failed to get consistent hash from all trusted gateways. ${JSON.stringify(hashResults)}`);
+        }
+        return { hash: hashResults[0].txIdHash, algorithm: 'sha256' };
+    }
+    /**
+     * Get the data root for a given txId from all trusted gateways and ensure they all match.
+     * @param txId - The txId to get the data root for.
+     * @returns The data root for the given txId.
+     */
+    async getDataRoot({ txId }) {
+        const dataRootSet = new Set();
+        const dataRootResults = [];
+        const gateways = await this.gatewaysProvider.getGateways();
+        const dataRoots = await Promise.all(gateways.map(async (gateway) => {
+            const response = await fetch(`${gateway.toString()}tx/${txId}/data_root`);
+            if (!response.ok) {
+                // skip this gateway
+                return undefined;
+            }
+            const dataRoot = await response.text();
+            dataRootResults.push({
+                gateway: gateway.hostname,
+                dataRoot,
+            });
+            return dataRoot;
+        }));
+        for (const dataRoot of dataRoots) {
+            if (dataRoot !== undefined) {
+                dataRootSet.add(dataRoot);
+            }
+        }
+        if (dataRootSet.size > 1) {
+            throw new Error(`Failed to get consistent data root from all trusted gateways. ${JSON.stringify(dataRootResults)}`);
+        }
+        return dataRootSet.values().next().value;
+    }
+}
+// client could check hashes of data items, match expected hash
+// if the gateway has the hash and they've verified it, you can trust the data item and offset
+// you would be only trusting the gateway that it is a valid bundle
+// you can request the offset from the gateway to verify the id
+/**
+ * Note from @djwhitt
+ *
+ * Calculating data roots this way is fine, but it may not reproduce the original data root.
+ * We could also implement a data root verifier that pulls all the chunks, checks that they
+ * reproduce the expected data root, and then compares the concatenated chunk data to the
+ * original data retrieved. That would take a while, but it should be able to verify any L1
+ * data where we can find the chunks.
+ */

package/lib/esm/common/wayfinder/gateways.js

@@ -1,7 +1,15 @@
-export class ARIOGatewaysProvider {
+export class NetworkGatewaysProvider {
     ario;
-    constructor({ ario }) {
+    sortBy;
+    sortOrder;
+    limit;
+    filter;
+    constructor({ ario, sortBy = 'operatorStake', sortOrder = 'desc', limit = 1000, filter = (g) => g.status === 'joined', }) {
         this.ario = ario;
+        this.sortBy = sortBy;
+        this.sortOrder = sortOrder;
+        this.limit = limit;
+        this.filter = filter;
     }
     async getGateways() {
         let cursor;
@@ -9,9 +17,11 @@ export class ARIOGatewaysProvider {
         const gateways = [];
         do {
             try {
-                const { items: newGateways, nextCursor } = await this.ario.getGateways({
+                const { items: newGateways = [], nextCursor } = await this.ario.getGateways({
                     limit: 1000,
                     cursor,
+                    sortBy: this.sortBy,
+                    sortOrder: this.sortOrder,
                 });
                 gateways.push(...newGateways);
                 cursor = nextCursor;
@@ -27,13 +37,14 @@ export class ARIOGatewaysProvider {
             }
         } while (cursor !== undefined && attempts < 3);
         // filter out any gateways that are not joined
-        return gateways.filter((g) => g.status === 'joined');
+        const filteredGateways = gateways.filter(this.filter).slice(0, this.limit);
+        return filteredGateways.map((g) => new URL(`${g.settings.protocol}://${g.settings.fqdn}:${g.settings.port}`));
     }
 }
 export class StaticGatewaysProvider {
     gateways;
     constructor({ gateways }) {
-        this.gateways = gateways;
+        this.gateways = gateways.map((g) => new URL(g));
     }
     async getGateways() {
         return this.gateways;
@@ -57,7 +68,7 @@ export class SimpleCacheGatewaysProvider {
             try {
                 // preserve the cache if the fetch fails
                 const allGateways = await this.gatewaysProvider.getGateways();
-                this.gatewaysCache = allGateways.filter((g) => g.status === 'joined');
+                this.gatewaysCache = allGateways;
                 this.lastUpdated = now;
             }
             catch (error) {

package/lib/esm/common/wayfinder/index.js

@@ -17,6 +17,12 @@ export * from './wayfinder.js';
 // routers
 export * from './routers/random.js';
 export * from './routers/priority.js';
-export * from './routers/fixed.js';
+export * from './routers/static.js';
 // gateways providers
 export * from './gateways.js';
+// trusted gateways
+export * from './gateways/trusted-gateways.js';
+// hash providers
+export * from './verification/data-root-verifier.js';
+export * from './verification/hash-verifier.js';
+// TODO: signature verification

package/lib/esm/common/wayfinder/routers/priority.js

@@ -1,34 +1,25 @@
 import { randomInt } from '../../../utils/random.js';
+import { NetworkGatewaysProvider } from '../gateways.js';
 // TODO: one of N where N are in the last time window have met certain performance thresholds
 // TODO: look at bitorrent routing protocols for inspiration
 // TODO: router that looks at local stats/metrics and adjusts based on those
 export class PriorityGatewayRouter {
     name = 'priority';
     gatewaysProvider;
-    limit;
-    sortBy;
-    sortOrder;
-    blocklist;
-    constructor({ gatewaysProvider, limit = 1, sortBy = 'operatorStake', sortOrder = 'desc', blocklist = [], }) {
-        this.gatewaysProvider = gatewaysProvider;
-        this.limit = limit;
-        this.sortBy = sortBy;
-        this.sortOrder = sortOrder;
-        this.blocklist = blocklist;
+    constructor({ ario, sortBy, sortOrder, limit, }) {
+        this.gatewaysProvider = new NetworkGatewaysProvider({
+            ario,
+            sortBy,
+            sortOrder,
+            limit,
+        });
     }
     async getTargetGateway() {
-        const allGateways = await this.gatewaysProvider.getGateways();
-        const gateways = allGateways.filter((gateway) => gateway.status === 'joined' &&
-            !this.blocklist.includes(gateway.settings.fqdn));
-        const sortedGateways = gateways
-            .sort(this.sortOrder === 'asc'
-            ? (a, b) => a[this.sortBy] - b[this.sortBy]
-            : (a, b) => b[this.sortBy] - a[this.sortBy])
-            .slice(0, this.limit);
-        const targetGateway = sortedGateways[randomInt(0, sortedGateways.length)];
+        const gateways = await this.gatewaysProvider.getGateways();
+        const targetGateway = gateways[randomInt(0, gateways.length)];
         if (targetGateway === undefined) {
             throw new Error('No target gateway found');
         }
-        return new URL(`${targetGateway.settings.protocol}://${targetGateway.settings.fqdn}:${targetGateway.settings.port}`);
+        return targetGateway;
     }
 }

package/lib/esm/common/wayfinder/routers/priority.test.js

@@ -127,13 +127,13 @@ describe('PriorityRouter', () => {
             },
         },
     ];
-    const mockGatewaysProvider = {
-        getGateways: async () => mockGateways,
+    const mockArIOClient = {
+        getGateways: async () => ({ items: mockGateways }),
     };
     it('should prioritize gateway with highest success rate when using successRate weight', async () => {
         const router = new PriorityGatewayRouter({
-            gatewaysProvider: mockGatewaysProvider,
-            sortBy: 'totalDelegatedStake',
+            ario: mockArIOClient,
+            sortBy: 'operatorStake',
             sortOrder: 'desc',
             limit: 1,
         });
@@ -142,7 +142,7 @@ describe('PriorityRouter', () => {
     });
     it('should prioritize gateway with lowest latency when using latency weight', async () => {
         const router = new PriorityGatewayRouter({
-            gatewaysProvider: mockGatewaysProvider,
+            ario: mockArIOClient,
             sortBy: 'operatorStake',
             sortOrder: 'desc',
             limit: 1,

package/lib/esm/common/wayfinder/routers/random.js

@@ -9,11 +9,11 @@ export class RandomGatewayRouter {
     }
     async getTargetGateway() {
         const allGateways = await this.gatewaysProvider.getGateways();
-        const gateways = allGateways.filter((g) => g.status === 'joined' && !this.blocklist.includes(g.settings.fqdn));
+        const gateways = allGateways.filter((g) => !this.blocklist.includes(g.hostname));
         const targetGateway = gateways[randomInt(0, gateways.length)];
         if (targetGateway === undefined) {
             throw new Error('No target gateway found');
         }
-        return new URL(`${targetGateway.settings.protocol}://${targetGateway.settings.fqdn}:${targetGateway.settings.port}`);
+        return targetGateway;
     }
 }

package/lib/esm/common/wayfinder/routers/random.test.js

@@ -3,88 +3,9 @@ import { describe, it } from 'node:test';
 import { RandomGatewayRouter } from './random.js';
 describe('RandomRouter', () => {
     const mockGateways = [
-        {
-            settings: {
-                fqdn: 'gateway1.net',
-                port: 443,
-                protocol: 'https',
-                allowDelegatedStaking: false,
-                delegateRewardShareRatio: 0.5,
-                allowedDelegates: [],
-                minDelegatedStake: 0,
-                autoStake: false,
-                properties: '',
-                label: '',
-                note: '',
-            },
-            gatewayAddress: 'addr1',
-            observerAddress: 'addr1',
-            totalDelegatedStake: 1000,
-            startTimestamp: 0,
-            endTimestamp: 0,
-            operatorStake: 100,
-            status: 'joined',
-            weights: {
-                normalizedCompositeWeight: 0.5,
-                stakeWeight: 0.5,
-                tenureWeight: 0.5,
-                gatewayPerformanceRatio: 0.5,
-                observerPerformanceRatio: 0.5,
-                compositeWeight: 0.5,
-                gatewayRewardRatioWeight: 0.5,
-                observerRewardRatioWeight: 0.5,
-            },
-            stats: {
-                passedConsecutiveEpochs: 10,
-                failedConsecutiveEpochs: 5,
-                totalEpochCount: 15,
-                passedEpochCount: 10,
-                failedEpochCount: 5,
-                observedEpochCount: 15,
-                prescribedEpochCount: 20,
-            },
-        },
-        {
-            settings: {
-                fqdn: 'gateway2.net',
-                port: 443,
-                protocol: 'https',
-                allowDelegatedStaking: false,
-                delegateRewardShareRatio: 0.5,
-                allowedDelegates: [],
-                minDelegatedStake: 0,
-                autoStake: false,
-                properties: '',
-                label: '',
-                note: '',
-            },
-            gatewayAddress: 'addr2',
-            observerAddress: 'addr2',
-            totalDelegatedStake: 0,
-            startTimestamp: 0,
-            endTimestamp: 0,
-            operatorStake: 0,
-            status: 'leaving',
-            weights: {
-                normalizedCompositeWeight: 0.5,
-                stakeWeight: 0.5,
-                tenureWeight: 0.5,
-                gatewayPerformanceRatio: 0.5,
-                observerPerformanceRatio: 0.5,
-                compositeWeight: 0.5,
-                gatewayRewardRatioWeight: 0.5,
-                observerRewardRatioWeight: 0.5,
-            },
-            stats: {
-                passedConsecutiveEpochs: 10,
-                failedConsecutiveEpochs: 5,
-                totalEpochCount: 15,
-                passedEpochCount: 10,
-                failedEpochCount: 5,
-                observedEpochCount: 15,
-                prescribedEpochCount: 20,
-            },
-        },
+        new URL('https://gateway1.net'),
+        new URL('https://gateway2.net'),
+        new URL('https://gateway3.net'),
     ];
     const mockGatewaysProvider = {
         getGateways: async () => mockGateways,
@@ -93,10 +14,10 @@ describe('RandomRouter', () => {
         const router = new RandomGatewayRouter({
             gatewaysProvider: mockGatewaysProvider,
         });
-        // Run multiple times to ensure we only get joined gateways
+        // random gateway should be one of the mock gateways
         for (let i = 0; i < 10; i++) {
             const result = await router.getTargetGateway();
-            assert.deepStrictEqual(result, new URL('https://gateway1.net'));
+            assert.ok(mockGateways.includes(result));
         }
     });
 });

package/lib/esm/common/wayfinder/routers/{fixed.js → static.js}

@@ -1,8 +1,8 @@
-export class FixedGatewayRouter {
-    name = 'fixed';
+export class StaticGatewayRouter {
+    name = 'static';
     gateway;
     constructor({ gateway }) {
-        this.gateway = gateway;
+        this.gateway = new URL(gateway);
     }
     async getTargetGateway() {
         return this.gateway;

package/lib/esm/common/wayfinder/routers/{fixed.test.js → static.test.js}

@@ -1,10 +1,10 @@
 import { strict as assert } from 'node:assert';
 import { describe, it } from 'node:test';
-import { FixedGatewayRouter } from './fixed.js';
-describe('FixedRouter', () => {
+import { StaticGatewayRouter } from './static.js';
+describe('StaticGatewayRouter', () => {
     it('should return the provided gateway', async () => {
-        const router = new FixedGatewayRouter({
-            gateway: new URL('http://test-gateway.net'),
+        const router = new StaticGatewayRouter({
+            gateway: 'http://test-gateway.net',
         });
         const result = await router.getTargetGateway();
         assert.deepStrictEqual(result, new URL('http://test-gateway.net'));

package/lib/esm/common/wayfinder/verification/data-root-verifier.js

@@ -0,0 +1,130 @@
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import Arweave from 'arweave';
+import { MAX_CHUNK_SIZE, MIN_CHUNK_SIZE, buildLayers, generateLeaves, } from 'arweave/node/lib/merkle.js';
+import { Readable } from 'node:stream';
+import { toB64Url } from '../../../utils/base64.js';
+export async function convertBufferToDataRoot({ buffer, }) {
+    const chunks = [];
+    let cursor = 0;
+    let offset = 0;
+    while (offset < buffer.byteLength) {
+        let chunkSize = Math.min(MAX_CHUNK_SIZE, buffer.byteLength - offset);
+        const remainder = buffer.byteLength - offset - chunkSize;
+        if (remainder > 0 && remainder < MIN_CHUNK_SIZE) {
+            chunkSize = Math.ceil((buffer.byteLength - offset) / 2);
+        }
+        // subarray does not exist on web Buffer type
+        const slice = buffer.subarray(offset, offset + chunkSize);
+        const hash = await crypto.subtle.digest('SHA-256', slice);
+        const hashArray = new Uint8Array(hash);
+        chunks.push({
+            dataHash: hashArray,
+            minByteRange: cursor,
+            maxByteRange: cursor + chunkSize,
+        });
+        cursor += chunkSize;
+        offset += chunkSize;
+    }
+    const leaves = await generateLeaves(chunks);
+    const result = await buildLayers(leaves);
+    return Buffer.from(result.id).toString('base64url');
+}
+export const convertReadableToDataRoot = async ({ iterable, }) => {
+    const chunks = [];
+    let leftover = new Uint8Array(0);
+    let cursor = 0;
+    for await (const data of iterable) {
+        const inputChunk = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+        const combined = new Uint8Array(leftover.length + inputChunk.length);
+        combined.set(leftover, 0);
+        combined.set(inputChunk, leftover.length);
+        let startIndex = 0;
+        while (combined.length - startIndex >= MAX_CHUNK_SIZE) {
+            let chunkSize = MAX_CHUNK_SIZE;
+            const remainderAfterThis = combined.length - startIndex - MAX_CHUNK_SIZE;
+            if (remainderAfterThis > 0 && remainderAfterThis < MIN_CHUNK_SIZE) {
+                chunkSize = Math.ceil((combined.length - startIndex) / 2);
+            }
+            const chunkData = combined.slice(startIndex, startIndex + chunkSize);
+            const dataHash = await Arweave.crypto.hash(chunkData);
+            chunks.push({
+                dataHash,
+                minByteRange: cursor,
+                maxByteRange: cursor + chunkSize,
+            });
+            cursor += chunkSize;
+            startIndex += chunkSize;
+        }
+        leftover = combined.slice(startIndex);
+    }
+    if (leftover.length > 0) {
+        const dataHash = await Arweave.crypto.hash(leftover);
+        chunks.push({
+            dataHash,
+            minByteRange: cursor,
+            maxByteRange: cursor + leftover.length,
+        });
+    }
+    const leaves = await generateLeaves(chunks);
+    const root = await buildLayers(leaves);
+    return toB64Url(Buffer.from(root.id));
+};
+export class DataRootVerifier {
+    trustedDataRootProvider;
+    constructor({ trustedDataRootProvider, }) {
+        this.trustedDataRootProvider = trustedDataRootProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const trustedDataRootPromise = this.trustedDataRootProvider.getDataRoot({
+            txId,
+        });
+        let computedDataRoot;
+        if (Buffer.isBuffer(data)) {
+            computedDataRoot = await convertBufferToDataRoot({ buffer: data });
+        }
+        else if (data instanceof Readable || data instanceof ReadableStream) {
+            computedDataRoot = await convertReadableToDataRoot({ iterable: data });
+        }
+        if (computedDataRoot === undefined) {
+            throw new Error('Data root could not be computed');
+        }
+        const trustedDataRoot = await trustedDataRootPromise;
+        if (computedDataRoot !== trustedDataRoot) {
+            throw new Error('Data root does not match', {
+                cause: { computedDataRoot, trustedDataRoot },
+            });
+        }
+    }
+}
+// some data item options
+// compute and verify data root, use offsets from server and verify the signature that the data item at the offset matches the signature
+// does not give you assurance of valid bundle, but gives verification that the data item itself is valid
+// reading from offsets is the only way for the client to compute and verify the signature
+/**
+ * - when you get a signature of a data item, you can only verify the owner
+ * - you still need to verify it's going back to the bundle, unpack it, and verify the data item exists at the offset
+ * - you need to the location of the chunks for the data item, and prove it's in the chunk and then prove the data root of the bundle, then you have fully verified the data verifier
+ * - how to prove the data item is on arweave - verify the merkle hash that the chunks for the data item, fit within the expected tree of the parent bundle
+ *
+ * Composite verifier - you'll want to be very efficient with streams
+ * - hash verifier
+ * - parent chunks verifier --> for any range of data within a single transaction, tell me that it's correct
+ * - signature verifier
+ * - offset verifier
+ * - data item verifier
+ */
+// introduce a composite verifier that determines where/how to lookup the hash

package/lib/esm/common/wayfinder/verification/hash-verifier.js

@@ -0,0 +1,46 @@
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import { Readable } from 'node:stream';
+import { hashBufferToB64Url, hashReadableStreamToB64Url, hashReadableToB64Url, } from '../../../utils/hash.js';
+export class HashVerifier {
+    trustedHashProvider;
+    constructor({ trustedHashProvider, }) {
+        this.trustedHashProvider = trustedHashProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const hashPromise = this.trustedHashProvider.getHash({ txId });
+        let computedHash;
+        if (Buffer.isBuffer(data)) {
+            computedHash = hashBufferToB64Url(data);
+        }
+        else if (data instanceof Readable) {
+            computedHash = await hashReadableToB64Url(data);
+        }
+        else if (data instanceof ReadableStream) {
+            computedHash = await hashReadableStreamToB64Url(data);
+        }
+        // await on the hash promise and compare to get a little concurrency when computing hashes over larger data
+        const { hash } = await hashPromise;
+        if (computedHash === undefined) {
+            throw new Error('Hash could not be computed');
+        }
+        if (computedHash !== hash) {
+            throw new Error('Hash does not match', {
+                cause: { computedHash, trustedHash: hash },
+            });
+        }
+    }
+}