@ar.io/sdk 3.11.0-alpha.7 → 3.11.0-alpha.9

package/lib/cjs/common/wayfinder/verification/data-root-verifier.js

@@ -0,0 +1,139 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DataRootVerifier = exports.convertReadableToDataRoot = void 0;
+exports.convertBufferToDataRoot = convertBufferToDataRoot;
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const arweave_1 = __importDefault(require("arweave"));
+const merkle_js_1 = require("arweave/node/lib/merkle.js");
+const node_stream_1 = require("node:stream");
+const base64_js_1 = require("../../../utils/base64.js");
+async function convertBufferToDataRoot({ buffer, }) {
+    const chunks = [];
+    let cursor = 0;
+    let offset = 0;
+    while (offset < buffer.byteLength) {
+        let chunkSize = Math.min(merkle_js_1.MAX_CHUNK_SIZE, buffer.byteLength - offset);
+        const remainder = buffer.byteLength - offset - chunkSize;
+        if (remainder > 0 && remainder < merkle_js_1.MIN_CHUNK_SIZE) {
+            chunkSize = Math.ceil((buffer.byteLength - offset) / 2);
+        }
+        // subarray does not exist on web Buffer type
+        const slice = buffer.subarray(offset, offset + chunkSize);
+        const hash = await crypto.subtle.digest('SHA-256', slice);
+        const hashArray = new Uint8Array(hash);
+        chunks.push({
+            dataHash: hashArray,
+            minByteRange: cursor,
+            maxByteRange: cursor + chunkSize,
+        });
+        cursor += chunkSize;
+        offset += chunkSize;
+    }
+    const leaves = await (0, merkle_js_1.generateLeaves)(chunks);
+    const result = await (0, merkle_js_1.buildLayers)(leaves);
+    return Buffer.from(result.id).toString('base64url');
+}
+const convertReadableToDataRoot = async ({ iterable, }) => {
+    const chunks = [];
+    let leftover = new Uint8Array(0);
+    let cursor = 0;
+    for await (const data of iterable) {
+        const inputChunk = new Uint8Array(data.buffer, data.byteOffset, data.byteLength);
+        const combined = new Uint8Array(leftover.length + inputChunk.length);
+        combined.set(leftover, 0);
+        combined.set(inputChunk, leftover.length);
+        let startIndex = 0;
+        while (combined.length - startIndex >= merkle_js_1.MAX_CHUNK_SIZE) {
+            let chunkSize = merkle_js_1.MAX_CHUNK_SIZE;
+            const remainderAfterThis = combined.length - startIndex - merkle_js_1.MAX_CHUNK_SIZE;
+            if (remainderAfterThis > 0 && remainderAfterThis < merkle_js_1.MIN_CHUNK_SIZE) {
+                chunkSize = Math.ceil((combined.length - startIndex) / 2);
+            }
+            const chunkData = combined.slice(startIndex, startIndex + chunkSize);
+            const dataHash = await arweave_1.default.crypto.hash(chunkData);
+            chunks.push({
+                dataHash,
+                minByteRange: cursor,
+                maxByteRange: cursor + chunkSize,
+            });
+            cursor += chunkSize;
+            startIndex += chunkSize;
+        }
+        leftover = combined.slice(startIndex);
+    }
+    if (leftover.length > 0) {
+        const dataHash = await arweave_1.default.crypto.hash(leftover);
+        chunks.push({
+            dataHash,
+            minByteRange: cursor,
+            maxByteRange: cursor + leftover.length,
+        });
+    }
+    const leaves = await (0, merkle_js_1.generateLeaves)(chunks);
+    const root = await (0, merkle_js_1.buildLayers)(leaves);
+    return (0, base64_js_1.toB64Url)(Buffer.from(root.id));
+};
+exports.convertReadableToDataRoot = convertReadableToDataRoot;
+class DataRootVerifier {
+    trustedDataRootProvider;
+    constructor({ trustedDataRootProvider, }) {
+        this.trustedDataRootProvider = trustedDataRootProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const trustedDataRootPromise = this.trustedDataRootProvider.getDataRoot({
+            txId,
+        });
+        let computedDataRoot;
+        if (Buffer.isBuffer(data)) {
+            computedDataRoot = await convertBufferToDataRoot({ buffer: data });
+        }
+        else if (data instanceof node_stream_1.Readable || data instanceof ReadableStream) {
+            computedDataRoot = await (0, exports.convertReadableToDataRoot)({ iterable: data });
+        }
+        if (computedDataRoot === undefined) {
+            throw new Error('Data root could not be computed');
+        }
+        const trustedDataRoot = await trustedDataRootPromise;
+        if (computedDataRoot !== trustedDataRoot) {
+            throw new Error('Data root does not match', {
+                cause: { computedDataRoot, trustedDataRoot },
+            });
+        }
+    }
+}
+exports.DataRootVerifier = DataRootVerifier;
+// some data item options
+// compute and verify data root, use offsets from server and verify the signature that the data item at the offset matches the signature
+// does not give you assurance of valid bundle, but gives verification that the data item itself is valid
+// reading from offsets is the only way for the client to compute and verify the signature
+/**
+ * - when you get a signature of a data item, you can only verify the owner
+ * - you still need to verify it's going back to the bundle, unpack it, and verify the data item exists at the offset
+ * - you need to the location of the chunks for the data item, and prove it's in the chunk and then prove the data root of the bundle, then you have fully verified the data verifier
+ * - how to prove the data item is on arweave - verify the merkle hash that the chunks for the data item, fit within the expected tree of the parent bundle
+ *
+ * Composite verifier - you'll want to be very efficient with streams
+ * - hash verifier
+ * - parent chunks verifier --> for any range of data within a single transaction, tell me that it's correct
+ * - signature verifier
+ * - offset verifier
+ * - data item verifier
+ */
+// introduce a composite verifier that determines where/how to lookup the hash

package/lib/cjs/common/wayfinder/verification/hash-verifier.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.HashVerifier = void 0;
+/**
+ * Copyright (C) 2022-2024 Permanent Data Solutions, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+const node_stream_1 = require("node:stream");
+const hash_js_1 = require("../../../utils/hash.js");
+class HashVerifier {
+    trustedHashProvider;
+    constructor({ trustedHashProvider, }) {
+        this.trustedHashProvider = trustedHashProvider;
+    }
+    async verifyData({ data, txId, }) {
+        const hashPromise = this.trustedHashProvider.getHash({ txId });
+        let computedHash;
+        if (Buffer.isBuffer(data)) {
+            computedHash = (0, hash_js_1.hashBufferToB64Url)(data);
+        }
+        else if (data instanceof node_stream_1.Readable) {
+            computedHash = await (0, hash_js_1.hashReadableToB64Url)(data);
+        }
+        else if (data instanceof ReadableStream) {
+            computedHash = await (0, hash_js_1.hashReadableStreamToB64Url)(data);
+        }
+        // await on the hash promise and compare to get a little concurrency when computing hashes over larger data
+        const { hash } = await hashPromise;
+        if (computedHash === undefined) {
+            throw new Error('Hash could not be computed');
+        }
+        if (computedHash !== hash) {
+            throw new Error('Hash does not match', {
+                cause: { computedHash, trustedHash: hash },
+            });
+        }
+    }
+}
+exports.HashVerifier = HashVerifier;