@bandeira-tech/b3nd-web 0.2.0 → 0.2.2

package/dist/chunk-K3ZSSVHR.js

@@ -0,0 +1,615 @@
+import {
+  __export
+} from "./chunk-MLKGABMK.js";
+
+// encrypt/mod.ts
+var mod_exports = {};
+__export(mod_exports, {
+  IdentityKey: () => IdentityKey,
+  PrivateEncryptionKey: () => PrivateEncryptionKey,
+  PublicEncryptionKey: () => PublicEncryptionKey,
+  SecretEncryptionKey: () => SecretEncryptionKey,
+  createAuthenticatedMessage: () => createAuthenticatedMessage,
+  createAuthenticatedMessageWithHex: () => createAuthenticatedMessageWithHex,
+  createSignedEncryptedMessage: () => createSignedEncryptedMessage,
+  createSignedSymmetricMessage: () => createSignedSymmetricMessage,
+  decrypt: () => decrypt,
+  decryptSymmetric: () => decryptSymmetric,
+  decryptWithHex: () => decryptWithHex,
+  deriveKeyFromSeed: () => deriveKeyFromSeed,
+  encrypt: () => encrypt,
+  encryptSymmetric: () => encryptSymmetric,
+  exportPrivateKeyPem: () => exportPrivateKeyPem,
+  generateEncryptionKeyPair: () => generateEncryptionKeyPair,
+  generateNonce: () => generateNonce,
+  generateRandomData: () => generateRandomData,
+  generateSigningKeyPair: () => generateSigningKeyPair,
+  pemToCryptoKey: () => pemToCryptoKey,
+  sign: () => sign,
+  signPayload: () => signPayload,
+  signWithHex: () => signWithHex,
+  verify: () => verify,
+  verifyAndDecryptMessage: () => verifyAndDecryptMessage,
+  verifyPayload: () => verifyPayload
+});
+
+// shared/encoding.ts
+function encodeHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function decodeHex(hex) {
+  if (hex.length % 2 !== 0) {
+    throw new Error("Invalid hex input");
+  }
+  const buffer = new ArrayBuffer(hex.length / 2);
+  const bytes = new Uint8Array(buffer);
+  for (let i = 0; i < hex.length; i += 2) {
+    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function encodeBase64(bytes) {
+  const buf = typeof globalThis !== "undefined" && globalThis.Buffer || void 0;
+  if (buf) {
+    return buf.from(bytes).toString("base64");
+  }
+  let binary = "";
+  bytes.forEach((b) => binary += String.fromCharCode(b));
+  return btoa(binary);
+}
+function decodeBase64(b64) {
+  const buf = typeof globalThis !== "undefined" && globalThis.Buffer || void 0;
+  if (buf) {
+    return new Uint8Array(buf.from(b64, "base64"));
+  }
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) {
+    bytes[i] = binary.charCodeAt(i);
+  }
+  return bytes;
+}
+
+// encrypt/mod.ts
+var IdentityKey = class _IdentityKey {
+  constructor(privateKey, publicKeyHex) {
+    this.privateKey = privateKey;
+    this.publicKeyHex = publicKeyHex;
+  }
+  static async generate() {
+    const pair = await generateSigningKeyPair();
+    const privateKeyPem = await exportPrivateKeyPem(pair.privateKey, "PRIVATE KEY");
+    return {
+      key: new _IdentityKey(pair.privateKey, pair.publicKeyHex),
+      privateKeyPem,
+      publicKeyHex: pair.publicKeyHex
+    };
+  }
+  static async fromPem(pem, publicKeyHex) {
+    const privateKey = await pemToCryptoKey(pem, "Ed25519");
+    return new _IdentityKey(privateKey, publicKeyHex);
+  }
+  static async fromHex(params) {
+    const privateKeyBytes = decodeHex(params.privateKeyHex).buffer;
+    const privateKey = await crypto.subtle.importKey(
+      "pkcs8",
+      privateKeyBytes,
+      { name: "Ed25519", namedCurve: "Ed25519" },
+      false,
+      ["sign"]
+    );
+    return new _IdentityKey(privateKey, params.publicKeyHex);
+  }
+  async sign(payload) {
+    return await sign(this.privateKey, payload);
+  }
+};
+var PublicEncryptionKey = class _PublicEncryptionKey {
+  constructor(publicKeyHex, publicKey) {
+    this.publicKeyHex = publicKeyHex;
+    this.publicKey = publicKey;
+  }
+  static async fromHex(publicKeyHex) {
+    const publicKeyBytes = decodeHex(publicKeyHex).buffer;
+    const publicKey = await crypto.subtle.importKey(
+      "raw",
+      publicKeyBytes,
+      { name: "X25519", namedCurve: "X25519" },
+      false,
+      []
+    );
+    return new _PublicEncryptionKey(publicKeyHex, publicKey);
+  }
+  static async generatePair() {
+    const pair = await generateEncryptionKeyPair();
+    const privateKeyBytes = new Uint8Array(
+      await crypto.subtle.exportKey("pkcs8", pair.privateKey)
+    );
+    return {
+      publicKey: new _PublicEncryptionKey(pair.publicKeyHex, pair.publicKey),
+      privateKeyHex: encodeHex(privateKeyBytes)
+    };
+  }
+  async encrypt(data) {
+    return await encrypt(data, this.publicKeyHex);
+  }
+  toHex() {
+    return this.publicKeyHex;
+  }
+};
+var SecretEncryptionKey = class _SecretEncryptionKey {
+  constructor(keyHex) {
+    this.keyHex = keyHex;
+  }
+  static async fromSecret(params) {
+    const keyHex = await deriveKeyFromSeed(
+      params.secret,
+      params.salt,
+      params.iterations ?? 1e5
+    );
+    return new _SecretEncryptionKey(keyHex);
+  }
+  static fromHex(keyHex) {
+    return new _SecretEncryptionKey(keyHex);
+  }
+  async encrypt(data) {
+    return await encryptSymmetric(data, this.keyHex);
+  }
+  async decrypt(payload) {
+    return await decryptSymmetric(payload, this.keyHex);
+  }
+};
+var PrivateEncryptionKey = class _PrivateEncryptionKey {
+  constructor(privateKey, privateKeyHex, publicKeyHex) {
+    this.privateKey = privateKey;
+    this.privateKeyHex = privateKeyHex;
+    this.publicKeyHex = publicKeyHex;
+  }
+  static async fromHex(params) {
+    const { privateKeyHex, publicKeyHex } = params;
+    const privateKeyBytes = decodeHex(privateKeyHex).buffer;
+    const privateKey = await crypto.subtle.importKey(
+      "pkcs8",
+      privateKeyBytes,
+      { name: "X25519", namedCurve: "X25519" },
+      false,
+      ["deriveBits"]
+    );
+    return new _PrivateEncryptionKey(privateKey, privateKeyHex, publicKeyHex);
+  }
+  static async generatePair() {
+    const pair = await generateEncryptionKeyPair();
+    const privateKeyBytes = new Uint8Array(
+      await crypto.subtle.exportKey("pkcs8", pair.privateKey)
+    );
+    const privateKeyHex = encodeHex(privateKeyBytes);
+    const publicKey = new PublicEncryptionKey(pair.publicKeyHex, pair.publicKey);
+    return {
+      privateKey: new _PrivateEncryptionKey(pair.privateKey, privateKeyHex, pair.publicKeyHex),
+      publicKey
+    };
+  }
+  toPublic() {
+    return new PublicEncryptionKey(this.publicKeyHex, null);
+  }
+  async decrypt(payload) {
+    return await decrypt(payload, this.privateKey);
+  }
+  toHex() {
+    return this.privateKeyHex;
+  }
+};
+async function pemToCryptoKey(pem, algorithm) {
+  const lines = pem.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && !l.startsWith("---"));
+  if (lines.length === 0) {
+    throw new Error("Invalid PEM: no key data");
+  }
+  const base64 = lines.join("");
+  const binary = atob(base64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  const buffer = bytes.buffer.slice(
+    bytes.byteOffset,
+    bytes.byteOffset + bytes.byteLength
+  );
+  if (algorithm === "Ed25519") {
+    return await crypto.subtle.importKey(
+      "pkcs8",
+      buffer,
+      { name: "Ed25519", namedCurve: "Ed25519" },
+      false,
+      ["sign"]
+    );
+  }
+  return await crypto.subtle.importKey(
+    "pkcs8",
+    buffer,
+    { name: "X25519", namedCurve: "X25519" },
+    false,
+    ["deriveBits"]
+  );
+}
+async function generateSigningKeyPair() {
+  const keyPair = await crypto.subtle.generateKey(
+    {
+      name: "Ed25519",
+      namedCurve: "Ed25519"
+    },
+    true,
+    ["sign", "verify"]
+  );
+  const publicKeyBytes = await crypto.subtle.exportKey("raw", keyPair.publicKey);
+  const privateKeyBytes = await crypto.subtle.exportKey(
+    "pkcs8",
+    keyPair.privateKey
+  );
+  return {
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey,
+    publicKeyHex: encodeHex(new Uint8Array(publicKeyBytes)),
+    privateKeyHex: encodeHex(new Uint8Array(privateKeyBytes))
+  };
+}
+async function generateEncryptionKeyPair() {
+  const keyPair = await crypto.subtle.generateKey(
+    {
+      name: "X25519",
+      namedCurve: "X25519"
+    },
+    true,
+    ["deriveBits"]
+  );
+  const publicKeyBytes = await crypto.subtle.exportKey("raw", keyPair.publicKey);
+  return {
+    publicKey: keyPair.publicKey,
+    privateKey: keyPair.privateKey,
+    publicKeyHex: encodeHex(new Uint8Array(publicKeyBytes))
+  };
+}
+async function sign(privateKey, payload) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(JSON.stringify(payload));
+  const signature = await crypto.subtle.sign("Ed25519", privateKey, data);
+  return encodeHex(new Uint8Array(signature));
+}
+async function signWithHex(privateKeyHex, payload) {
+  const privateKeyBytes = decodeHex(privateKeyHex).buffer;
+  const privateKey = await crypto.subtle.importKey(
+    "pkcs8",
+    privateKeyBytes,
+    {
+      name: "Ed25519",
+      namedCurve: "Ed25519"
+    },
+    false,
+    ["sign"]
+  );
+  return await sign(privateKey, payload);
+}
+async function verify(publicKeyHex, signatureHex, payload) {
+  try {
+    const publicKeyBytes = decodeHex(publicKeyHex).buffer;
+    const publicKey = await crypto.subtle.importKey(
+      "raw",
+      publicKeyBytes,
+      {
+        name: "Ed25519",
+        namedCurve: "Ed25519"
+      },
+      false,
+      ["verify"]
+    );
+    const encoder = new TextEncoder();
+    const data = encoder.encode(JSON.stringify(payload));
+    const signatureBytes = decodeHex(signatureHex).buffer;
+    return await crypto.subtle.verify(
+      "Ed25519",
+      publicKey,
+      signatureBytes,
+      data
+    );
+  } catch (error) {
+    console.error("Verification error:", error);
+    return false;
+  }
+}
+async function encrypt(data, recipientPublicKeyHex) {
+  const ephemeralKeyPair = await generateEncryptionKeyPair();
+  const recipientPublicKeyBytes = decodeHex(recipientPublicKeyHex).buffer;
+  const recipientPublicKey = await crypto.subtle.importKey(
+    "raw",
+    recipientPublicKeyBytes,
+    {
+      name: "X25519",
+      namedCurve: "X25519"
+    },
+    false,
+    []
+  );
+  const sharedSecret = await crypto.subtle.deriveBits(
+    {
+      name: "X25519",
+      public: recipientPublicKey
+    },
+    ephemeralKeyPair.privateKey,
+    256
+  );
+  const aesKey = await crypto.subtle.importKey(
+    "raw",
+    sharedSecret,
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    false,
+    ["encrypt"]
+  );
+  const nonce = crypto.getRandomValues(new Uint8Array(12));
+  const encoder = new TextEncoder();
+  const plaintext = encoder.encode(JSON.stringify(data));
+  const ciphertext = await crypto.subtle.encrypt(
+    {
+      name: "AES-GCM",
+      iv: nonce
+    },
+    aesKey,
+    plaintext
+  );
+  return {
+    data: encodeBase64(new Uint8Array(ciphertext)),
+    nonce: encodeBase64(nonce),
+    ephemeralPublicKey: ephemeralKeyPair.publicKeyHex
+  };
+}
+async function decrypt(encryptedPayload, recipientPrivateKey) {
+  if (!encryptedPayload.ephemeralPublicKey) {
+    throw new Error("Missing ephemeral public key");
+  }
+  const ephemeralPublicKeyBytes = decodeHex(
+    encryptedPayload.ephemeralPublicKey
+  ).buffer;
+  const ephemeralPublicKey = await crypto.subtle.importKey(
+    "raw",
+    ephemeralPublicKeyBytes,
+    {
+      name: "X25519",
+      namedCurve: "X25519"
+    },
+    false,
+    []
+  );
+  const sharedSecret = await crypto.subtle.deriveBits(
+    {
+      name: "X25519",
+      public: ephemeralPublicKey
+    },
+    recipientPrivateKey,
+    256
+  );
+  const aesKey = await crypto.subtle.importKey(
+    "raw",
+    sharedSecret,
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    false,
+    ["decrypt"]
+  );
+  const ciphertext = new Uint8Array(decodeBase64(encryptedPayload.data));
+  const nonce = new Uint8Array(decodeBase64(encryptedPayload.nonce));
+  const plaintext = await crypto.subtle.decrypt(
+    {
+      name: "AES-GCM",
+      iv: nonce
+    },
+    aesKey,
+    ciphertext
+  );
+  const decoder = new TextDecoder();
+  const json = decoder.decode(plaintext);
+  return JSON.parse(json);
+}
+async function decryptWithHex(encryptedPayload, recipientPrivateKeyHex) {
+  const privateKeyBytes = decodeHex(recipientPrivateKeyHex).buffer;
+  const privateKey = await crypto.subtle.importKey(
+    "raw",
+    privateKeyBytes,
+    {
+      name: "X25519",
+      namedCurve: "X25519"
+    },
+    false,
+    ["deriveBits"]
+  );
+  return await decrypt(encryptedPayload, privateKey);
+}
+async function createAuthenticatedMessage(payload, signers) {
+  const auth = await Promise.all(
+    signers.map(async (signer) => {
+      const signature = await sign(signer.privateKey, payload);
+      return {
+        pubkey: signer.publicKeyHex,
+        signature
+      };
+    })
+  );
+  return {
+    auth,
+    payload
+  };
+}
+async function createAuthenticatedMessageWithHex(payload, pubkeyHex, privateKeyHex) {
+  const signature = await signWithHex(privateKeyHex, payload);
+  return {
+    auth: [{ pubkey: pubkeyHex, signature }],
+    payload
+  };
+}
+async function deriveKeyFromSeed(seed, salt, iterations = 1e5) {
+  const encoder = new TextEncoder();
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(seed),
+    "PBKDF2",
+    false,
+    ["deriveBits"]
+  );
+  const derivedBits = await crypto.subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt: encoder.encode(salt),
+      iterations,
+      hash: "SHA-256"
+    },
+    keyMaterial,
+    256
+  );
+  return encodeHex(new Uint8Array(derivedBits));
+}
+function generateNonce(length = 12) {
+  return crypto.getRandomValues(new Uint8Array(length));
+}
+function generateRandomData(size) {
+  return crypto.getRandomValues(new Uint8Array(size));
+}
+async function exportPrivateKeyPem(privateKey, label) {
+  const der = new Uint8Array(await crypto.subtle.exportKey("pkcs8", privateKey));
+  return toPem(der, label);
+}
+function toPem(der, label) {
+  const base64 = encodeBase64(der);
+  const formatted = base64.match(/.{1,64}/g)?.join("\n") ?? base64;
+  return `-----BEGIN ${label}-----
+${formatted}
+-----END ${label}-----`;
+}
+async function signPayload(params) {
+  const { payload, identity } = params;
+  const signature = await identity.sign(payload);
+  return [{ pubkey: identity.publicKeyHex, signature }];
+}
+async function verifyPayload(params) {
+  const { payload, auth } = params;
+  const results = await Promise.all(auth.map(async (entry) => {
+    const ok = await verify(entry.pubkey, entry.signature, payload);
+    return { pubkey: entry.pubkey, ok };
+  }));
+  const verified = results.every((r) => r.ok);
+  const signers = results.filter((r) => r.ok).map((r) => r.pubkey);
+  return { verified, signers };
+}
+async function createSignedEncryptedMessage(paramsOrData, signers, recipientPublicKeyHex) {
+  if (typeof paramsOrData === "object" && paramsOrData !== null && "encryptionKey" in paramsOrData) {
+    const { data, identity, encryptionKey } = paramsOrData;
+    const payload = await encryptionKey.encrypt(data);
+    const auth2 = await signPayload({ payload, identity });
+    return { auth: auth2, payload };
+  }
+  if (!signers || !recipientPublicKeyHex) {
+    throw new Error("Invalid arguments for legacy createSignedEncryptedMessage");
+  }
+  const encrypted = await encrypt(paramsOrData, recipientPublicKeyHex);
+  const auth = await Promise.all(
+    signers.map(async (signer) => {
+      const signature = await sign(signer.privateKey, encrypted);
+      return { pubkey: signer.publicKeyHex, signature };
+    })
+  );
+  return { auth, payload: encrypted };
+}
+async function verifyAndDecryptMessage(params) {
+  const { message, encryptionKey } = params;
+  const { verified, signers } = await verifyPayload({
+    payload: message.payload,
+    auth: message.auth
+  });
+  const data = encryptionKey instanceof SecretEncryptionKey ? await encryptionKey.decrypt(message.payload) : await encryptionKey.decrypt(message.payload);
+  return { data, verified, signers };
+}
+async function encryptSymmetric(data, keyHex) {
+  const keyBytes = decodeHex(keyHex).buffer;
+  const aesKey = await crypto.subtle.importKey(
+    "raw",
+    keyBytes,
+    { name: "AES-GCM" },
+    false,
+    ["encrypt"]
+  );
+  const nonce = generateNonce();
+  const encoder = new TextEncoder();
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv: nonce },
+    aesKey,
+    encoder.encode(JSON.stringify(data))
+  );
+  return {
+    data: encodeBase64(new Uint8Array(ciphertext)),
+    nonce: encodeBase64(nonce)
+  };
+}
+async function decryptSymmetric(payload, keyHex) {
+  const keyBytes = decodeHex(keyHex).buffer;
+  const aesKey = await crypto.subtle.importKey(
+    "raw",
+    keyBytes,
+    { name: "AES-GCM" },
+    false,
+    ["decrypt"]
+  );
+  const ciphertext = new Uint8Array(decodeBase64(payload.data));
+  const nonce = new Uint8Array(decodeBase64(payload.nonce));
+  const plaintext = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv: nonce },
+    aesKey,
+    ciphertext
+  );
+  const decoder = new TextDecoder();
+  return JSON.parse(decoder.decode(plaintext));
+}
+async function createSignedSymmetricMessage(data, signers, keyHex) {
+  const encryptedPayload = await encryptSymmetric(data, keyHex);
+  const auth = await Promise.all(
+    signers.map(async (signer) => {
+      const signature = await sign(signer.privateKey, encryptedPayload);
+      return {
+        pubkey: signer.publicKeyHex,
+        signature
+      };
+    })
+  );
+  return {
+    auth,
+    payload: encryptedPayload
+  };
+}
+
+export {
+  IdentityKey,
+  PublicEncryptionKey,
+  SecretEncryptionKey,
+  PrivateEncryptionKey,
+  pemToCryptoKey,
+  generateSigningKeyPair,
+  generateEncryptionKeyPair,
+  sign,
+  signWithHex,
+  verify,
+  encrypt,
+  decrypt,
+  decryptWithHex,
+  createAuthenticatedMessage,
+  createAuthenticatedMessageWithHex,
+  deriveKeyFromSeed,
+  generateNonce,
+  generateRandomData,
+  exportPrivateKeyPem,
+  signPayload,
+  verifyPayload,
+  createSignedEncryptedMessage,
+  verifyAndDecryptMessage,
+  encryptSymmetric,
+  decryptSymmetric,
+  createSignedSymmetricMessage,
+  mod_exports
+};

package/dist/{chunk-PMBS2GFA.js → chunk-LFUC4ETD.js}

@@ -1,8 +1,5 @@
 // clients/http/mod.ts
 var HttpClient = class {
-  baseUrl;
-  headers;
-  timeout;
   constructor(config) {
     this.baseUrl = config.url.replace(/\/$/, "");
     this.headers = config.headers || {};
@@ -109,19 +106,19 @@ var HttpClient = class {
     try {
       const { protocol, domain, path } = this.parseUri(uri);
       const params = new URLSearchParams();
-      if (options == null ? void 0 : options.page) {
+      if (options?.page) {
         params.set("page", options.page.toString());
       }
-      if (options == null ? void 0 : options.limit) {
+      if (options?.limit) {
         params.set("limit", options.limit.toString());
       }
-      if (options == null ? void 0 : options.pattern) {
+      if (options?.pattern) {
         params.set("pattern", options.pattern);
       }
-      if (options == null ? void 0 : options.sortBy) {
+      if (options?.sortBy) {
         params.set("sortBy", options.sortBy);
       }
-      if (options == null ? void 0 : options.sortOrder) {
+      if (options?.sortOrder) {
         params.set("sortOrder", options.sortOrder);
       }
       const queryString = params.toString();
@@ -135,8 +132,8 @@ var HttpClient = class {
           success: true,
           data: [],
           pagination: {
-            page: (options == null ? void 0 : options.page) || 1,
-            limit: (options == null ? void 0 : options.limit) || 50
+            page: options?.page || 1,
+            limit: options?.limit || 50
           }
         };
       }
@@ -147,8 +144,8 @@ var HttpClient = class {
         success: true,
         data: [],
         pagination: {
-          page: (options == null ? void 0 : options.page) || 1,
-          limit: (options == null ? void 0 : options.limit) || 50
+          page: options?.page || 1,
+          limit: options?.limit || 50
         }
       };
     }