@buildonspark/spark-sdk 0.0.15 → 0.0.16

package/src/services/config.ts

@@ -0,0 +1,71 @@
+import { DefaultSparkSigner, SparkSigner } from "../signer/signer.js";
+import { Network, NetworkToProto } from "../utils/network.js";
+import {
+  ConfigOptions,
+  LOCAL_WALLET_CONFIG,
+  MAINNET_WALLET_CONFIG,
+  REGTEST_WALLET_CONFIG,
+  SigningOperator,
+} from "./wallet-config.js";
+
+export class WalletConfigService {
+  private readonly config: Required<ConfigOptions>;
+  public readonly signer: SparkSigner;
+
+  constructor(options?: ConfigOptions, signer?: SparkSigner) {
+    const network = options?.network ?? "REGTEST";
+
+    this.config = {
+      ...this.getDefaultConfig(Network[network]),
+      ...options,
+    };
+
+    this.signer = signer ?? new DefaultSparkSigner();
+  }
+
+  private getDefaultConfig(network: Network): Required<ConfigOptions> {
+    switch (network) {
+      case Network.MAINNET:
+        return MAINNET_WALLET_CONFIG;
+      case Network.REGTEST:
+        return REGTEST_WALLET_CONFIG;
+      default:
+        return LOCAL_WALLET_CONFIG;
+    }
+  }
+
+  public getCoordinatorAddress(): string {
+    const coordinator =
+      this.config.signingOperators[this.config.coodinatorIdentifier];
+    if (!coordinator) {
+      throw new Error(
+        `Coordinator ${this.config.coodinatorIdentifier} not found`,
+      );
+    }
+    return coordinator.address;
+  }
+
+  public getSigningOperators(): Readonly<Record<string, SigningOperator>> {
+    return this.config.signingOperators;
+  }
+
+  public getThreshold(): number {
+    return this.config.threshold;
+  }
+
+  public getCoordinatorIdentifier(): string {
+    return this.config.coodinatorIdentifier;
+  }
+
+  public getNetwork(): Network {
+    return Network[this.config.network];
+  }
+
+  public getNetworkProto(): number {
+    return NetworkToProto[this.config.network];
+  }
+
+  public shouldSignTokenTransactionsWithSchnorr(): boolean {
+    return this.config.useTokenTransactionSchnorrSignatures;
+  }
+}

package/src/services/connection.ts

@@ -0,0 +1,264 @@
+import { sha256 } from "@scure/btc-signer/utils";
+
+import {
+  Channel,
+  ChannelCredentials,
+  ClientMiddlewareCall,
+  createChannel,
+  createClient,
+  createClientFactory,
+  Metadata,
+} from "nice-grpc";
+import { retryMiddleware } from "nice-grpc-client-middleware-retry";
+import { MockServiceClient, MockServiceDefinition } from "../proto/mock.js";
+import { SparkServiceClient, SparkServiceDefinition } from "../proto/spark.js";
+import {
+  Challenge,
+  SparkAuthnServiceClient,
+  SparkAuthnServiceDefinition,
+} from "../proto/spark_authn.js";
+import { SparkCallOptions } from "../types/grpc.js";
+import { WalletConfigService } from "./config.js";
+
+// TODO: Some sort of client cleanup
+export class ConnectionManager {
+  private config: WalletConfigService;
+  private clients: Map<
+    string,
+    {
+      client: SparkServiceClient & { close?: () => void };
+      authToken: string;
+    }
+  > = new Map();
+
+  constructor(config: WalletConfigService) {
+    this.config = config;
+  }
+
+  // When initializing wallet, go ahead and instantiate all clients
+  public async createClients() {
+    await Promise.all(
+      Object.values(this.config.getSigningOperators()).map((operator) => {
+        this.createSparkClient(operator.address);
+      }),
+    );
+  }
+
+  static createMockClient(address: string): MockServiceClient & {
+    close: () => void;
+  } {
+    const channel = this.createChannelWithTLS(address);
+
+    const client = createClient(MockServiceDefinition, channel);
+    return { ...client, close: () => channel.close() };
+  }
+
+  // TODO: Web transport handles TLS differently, verify that we don't need to do anything
+  private static createChannelWithTLS(address: string, certPath?: string) {
+    try {
+      if (typeof window === "undefined") {
+        // Node.js environment
+        if (certPath) {
+          try {
+            // Dynamic import for Node.js only
+            const fs = require('fs');
+            const cert = fs.readFileSync(certPath);
+            return createChannel(address, ChannelCredentials.createSsl(cert));
+          } catch (error) {
+            console.error("Error reading certificate:", error);
+            // Fallback to insecure for development
+            return createChannel(
+              address,
+              ChannelCredentials.createSsl(null, null, null, {
+                rejectUnauthorized: false,
+              })
+            );
+          }
+        } else {
+          // No cert provided, use insecure SSL for development
+          return createChannel(
+            address,
+            ChannelCredentials.createSsl(null, null, null, {
+              rejectUnauthorized: false,
+            })
+          );
+        }
+      } else {
+        // Browser environment - nice-grpc-web handles TLS automatically
+        return createChannel(address);
+      }
+    } catch (error) {
+      console.error("Channel creation error:", error);
+      throw new Error("Failed to create channel");
+    }
+  }
+
+  async createSparkClient(
+    address: string,
+    certPath?: string,
+  ): Promise<SparkServiceClient & { close?: () => void }> {
+    if (this.clients.has(address)) {
+      return this.clients.get(address)!.client;
+    }
+
+    const authToken = await this.authenticate(address);
+    const channel = ConnectionManager.createChannelWithTLS(address, certPath);
+
+    const authMiddleware = this.createAuthMiddleWare(address, authToken);
+    const client = this.createGrpcClient<SparkServiceClient>(
+      SparkServiceDefinition,
+      channel,
+      authMiddleware,
+    );
+
+    this.clients.set(address, { client, authToken });
+    return client;
+  }
+
+  private async authenticate(address: string) {
+    try {
+      const identityPublicKey = await this.config.signer.getIdentityPublicKey();
+      const sparkAuthnClient = this.createSparkAuthnGrpcConnection(address);
+
+      const challengeResp = await sparkAuthnClient.get_challenge({
+        publicKey: identityPublicKey,
+      });
+
+      if (!challengeResp.protectedChallenge?.challenge) {
+        throw new Error("Invalid challenge response");
+      }
+
+      const challengeBytes = Challenge.encode(
+        challengeResp.protectedChallenge.challenge,
+      ).finish();
+      const hash = sha256(challengeBytes);
+
+      const derSignatureBytes =
+        await this.config.signer.signMessageWithIdentityKey(hash);
+
+      const verifyResp = await sparkAuthnClient.verify_challenge({
+        protectedChallenge: challengeResp.protectedChallenge,
+        signature: derSignatureBytes,
+        publicKey: identityPublicKey,
+      });
+
+      sparkAuthnClient.close?.();
+      return verifyResp.sessionToken;
+    } catch (error: any) {
+      console.error("Authentication error:", error);
+      throw new Error(`Authentication failed: ${error.message}`);
+    }
+  }
+
+  private createSparkAuthnGrpcConnection(
+    address: string,
+    certPath?: string,
+  ): SparkAuthnServiceClient & { close?: () => void } {
+    const channel = ConnectionManager.createChannelWithTLS(address, certPath);
+    return this.createGrpcClient<SparkAuthnServiceClient>(
+      SparkAuthnServiceDefinition,
+      channel,
+    );
+  }
+
+  private createAuthMiddleWare(address: string, authToken: string) {
+    if (typeof window === "undefined") {
+      return this.createNodeMiddleware(address, authToken);
+    } else {
+      return this.createBrowserMiddleware(address, authToken);
+    }
+  }
+
+  private createNodeMiddleware(address: string, initialAuthToken: string) {
+    return async function* (
+      this: ConnectionManager,
+      call: ClientMiddlewareCall<any, any>,
+      options: SparkCallOptions,
+    ) {
+      try {
+        yield* call.next(call.request, {
+          ...options,
+          metadata: Metadata(options.metadata).set(
+            "Authorization",
+            `Bearer ${this.clients.get(address)?.authToken || initialAuthToken}`,
+          ),
+        });
+      } catch (error: any) {
+        if (error.message?.includes("token has expired")) {
+          const newAuthToken = await this.authenticate(address);
+          // @ts-ignore - We can only get here if the client exists
+          this.clients.get(address).authToken = newAuthToken;
+
+          yield* call.next(call.request, {
+            ...options,
+            metadata: Metadata(options.metadata).set(
+              "Authorization",
+              `Bearer ${newAuthToken}`,
+            ),
+          });
+        }
+        throw error;
+      }
+    }.bind(this);
+  }
+
+  private createBrowserMiddleware(address: string, initialAuthToken: string) {
+    return async function* (
+      this: ConnectionManager,
+      call: ClientMiddlewareCall<any, any>,
+      options: SparkCallOptions,
+    ) {
+      try {
+        yield* call.next(call.request, {
+          ...options,
+          metadata: Metadata(options.metadata)
+            .set(
+              "Authorization",
+              `Bearer ${this.clients.get(address)?.authToken || initialAuthToken}`,
+            )
+            .set("X-Requested-With", "XMLHttpRequest")
+            .set("X-Grpc-Web", "1")
+            .set("Content-Type", "application/grpc-web+proto"),
+        });
+      } catch (error: any) {
+        if (error.message?.includes("token has expired")) {
+          const newAuthToken = await this.authenticate(address);
+          // @ts-ignore - We can only get here if the client exists
+          this.clients.get(address).authToken = newAuthToken;
+
+          yield* call.next(call.request, {
+            ...options,
+            metadata: Metadata(options.metadata)
+              .set("Authorization", `Bearer ${newAuthToken}`)
+              .set("X-Requested-With", "XMLHttpRequest")
+              .set("X-Grpc-Web", "1")
+              .set("Content-Type", "application/grpc-web+proto"),
+          });
+        }
+        throw error;
+      }
+    }.bind(this);
+  }
+
+  private createGrpcClient<T>(
+    defintion: SparkAuthnServiceDefinition | SparkServiceDefinition,
+    channel: Channel,
+    middleware?: any,
+  ): T & { close?: () => void } {
+    const clientFactory = createClientFactory().use(retryMiddleware);
+    if (middleware) {
+      clientFactory.use(middleware);
+    }
+
+    const client = clientFactory.create(defintion, channel, {
+      "*": {
+        retry: true,
+        retryMaxAttempts: 3,
+      },
+    }) as T;
+    return {
+      ...client,
+      close: channel.close?.bind(channel),
+    };
+  }
+}

package/src/services/coop-exit.ts

@@ -0,0 +1,190 @@
+import { Transaction } from "@scure/btc-signer";
+import { TransactionInput } from "@scure/btc-signer/psbt";
+import {
+  CooperativeExitResponse,
+  LeafRefundTxSigningJob,
+  Transfer,
+} from "../proto/spark.js";
+import {
+  getP2TRScriptFromPublicKey,
+  getTxFromRawTxBytes,
+} from "../utils/bitcoin.js";
+import { getCrypto } from "../utils/crypto.js";
+import { getNextTransactionSequence } from "../utils/transaction.js";
+import { WalletConfigService } from "./config.js";
+import { ConnectionManager } from "./connection.js";
+import {
+  BaseTransferService,
+  LeafKeyTweak,
+  LeafRefundSigningData,
+} from "./transfer.js";
+
+const crypto = getCrypto();
+
+export type GetConnectorRefundSignaturesParams = {
+  leaves: LeafKeyTweak[];
+  exitTxId: Uint8Array;
+  connectorOutputs: TransactionInput[];
+  receiverPubKey: Uint8Array;
+};
+
+export class CoopExitService extends BaseTransferService {
+  constructor(
+    config: WalletConfigService,
+    connectionManager: ConnectionManager,
+  ) {
+    super(config, connectionManager);
+  }
+
+  async getConnectorRefundSignatures({
+    leaves,
+    exitTxId,
+    connectorOutputs,
+    receiverPubKey,
+  }: GetConnectorRefundSignaturesParams): Promise<{
+    transfer: Transfer;
+    signaturesMap: Map<string, Uint8Array>;
+  }> {
+    const { transfer, signaturesMap } = await this.signCoopExitRefunds(
+      leaves,
+      exitTxId,
+      connectorOutputs,
+      receiverPubKey,
+    );
+    const transferTweak = await this.sendTransferTweakKey(
+      transfer,
+      leaves,
+      signaturesMap,
+    );
+
+    return { transfer: transferTweak, signaturesMap };
+  }
+
+  private createConnectorRefundTransaction(
+    sequence: number,
+    nodeOutPoint: TransactionInput,
+    connectorOutput: TransactionInput,
+    amountSats: bigint,
+    receiverPubKey: Uint8Array,
+  ): Transaction {
+    const refundTx = new Transaction();
+    if (!nodeOutPoint.txid || nodeOutPoint.index === undefined) {
+      throw new Error("Node outpoint txid or index is undefined");
+    }
+    refundTx.addInput({
+      txid: nodeOutPoint.txid,
+      index: nodeOutPoint.index,
+      sequence,
+    });
+
+    refundTx.addInput(connectorOutput);
+    const receiverScript = getP2TRScriptFromPublicKey(
+      receiverPubKey,
+      this.config.getNetwork(),
+    );
+
+    refundTx.addOutput({
+      script: receiverScript,
+      amount: amountSats,
+    });
+
+    return refundTx;
+  }
+  private async signCoopExitRefunds(
+    leaves: LeafKeyTweak[],
+    exitTxId: Uint8Array,
+    connectorOutputs: TransactionInput[],
+    receiverPubKey: Uint8Array,
+  ): Promise<{ transfer: Transfer; signaturesMap: Map<string, Uint8Array> }> {
+    if (leaves.length !== connectorOutputs.length) {
+      throw new Error("Number of leaves and connector outputs must match");
+    }
+
+    const signingJobs: LeafRefundTxSigningJob[] = [];
+    const leafDataMap: Map<string, LeafRefundSigningData> = new Map();
+
+    for (let i = 0; i < leaves.length; i++) {
+      const leaf = leaves[i];
+      const connectorOutput = connectorOutputs[i];
+      if (!leaf?.leaf) {
+        throw new Error("Leaf not found");
+      }
+      if (!connectorOutput) {
+        throw new Error("Connector output not found");
+      }
+      const currentRefundTx = getTxFromRawTxBytes(leaf.leaf.refundTx);
+
+      const sequence = getNextTransactionSequence(
+        currentRefundTx.getInput(0).sequence,
+      );
+
+      const refundTx = this.createConnectorRefundTransaction(
+        sequence,
+        currentRefundTx.getInput(0),
+        connectorOutput,
+        BigInt(leaf.leaf.value),
+        receiverPubKey,
+      );
+
+      const signingNonceCommitment =
+        await this.config.signer.getRandomSigningCommitment();
+      const signingJob: LeafRefundTxSigningJob = {
+        leafId: leaf.leaf.id,
+        refundTxSigningJob: {
+          signingPublicKey: leaf.signingPubKey,
+          rawTx: refundTx.toBytes(),
+          signingNonceCommitment: signingNonceCommitment,
+        },
+      };
+
+      signingJobs.push(signingJob);
+      const tx = getTxFromRawTxBytes(leaf.leaf.nodeTx);
+      leafDataMap.set(leaf.leaf.id, {
+        signingPubKey: leaf.signingPubKey,
+        refundTx,
+        signingNonceCommitment,
+        tx,
+        vout: leaf.leaf.vout,
+        receivingPubkey: receiverPubKey,
+      });
+    }
+
+    const sparkClient = await this.connectionManager.createSparkClient(
+      this.config.getCoordinatorAddress(),
+    );
+
+    let response: CooperativeExitResponse;
+    try {
+      response = await sparkClient.cooperative_exit({
+        transfer: {
+          transferId: crypto.randomUUID(),
+          leavesToSend: signingJobs,
+          ownerIdentityPublicKey:
+            await this.config.signer.getIdentityPublicKey(),
+          receiverIdentityPublicKey: receiverPubKey,
+          expiryTime: new Date(Date.now() + 3 * 60 * 60 * 1000), // 3 hours
+        },
+        exitId: crypto.randomUUID(),
+        exitTxid: exitTxId,
+      });
+    } catch (error) {
+      throw new Error(`Error initiating cooperative exit: ${error}`);
+    }
+
+    if (!response.transfer) {
+      throw new Error("Failed to initiate cooperative exit");
+    }
+
+    const signatures = await this.signRefunds(
+      leafDataMap,
+      response.signingResults,
+    );
+
+    const signaturesMap: Map<string, Uint8Array> = new Map();
+    for (const signature of signatures) {
+      signaturesMap.set(signature.nodeId, signature.refundTxSignature);
+    }
+
+    return { transfer: response.transfer, signaturesMap };
+  }
+}