@canton-network/wallet-gateway-remote 0.9.2 → 0.11.0

package/dist/ledger/wallet-sync-service.d.ts

@@ -1,7 +1,9 @@
 import { LedgerClient } from '@canton-network/core-ledger-client';
 import { AuthContext } from '@canton-network/core-wallet-auth';
 import { Store, Wallet } from '@canton-network/core-wallet-store';
+import { SigningDriverInterface, SigningProvider } from '@canton-network/core-signing-lib';
 import { Logger } from 'pino';
+import { PartyAllocationService } from './party-allocation-service.js';
 export type WalletSyncReport = {
     added: Wallet[];
     removed: Wallet[];
@@ -11,8 +13,16 @@ export declare class WalletSyncService {
     private ledgerClient;
     private authContext;
     private logger;
-    constructor(store: Store, ledgerClient: LedgerClient, authContext: AuthContext, logger: Logger);
+    private signingDrivers;
+    private partyAllocator;
+    constructor(store: Store, ledgerClient: LedgerClient, authContext: AuthContext, logger: Logger, signingDrivers: Partial<Record<SigningProvider, SigningDriverInterface>> | undefined, partyAllocator: PartyAllocationService);
     run(timeoutMs: number): Promise<void>;
+    protected resolveSigningProvider(namespace: string): Promise<{
+        signingProviderId: SigningProvider.PARTICIPANT;
+    } | {
+        signingProviderId: Exclude<SigningProvider, SigningProvider.PARTICIPANT>;
+        publicKey: string;
+    } | null>;
     syncWallets(): Promise<WalletSyncReport>;
 }
 //# sourceMappingURL=wallet-sync-service.d.ts.map

package/dist/ledger/wallet-sync-service.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"wallet-sync-service.d.ts","sourceRoot":"","sources":["../../src/ledger/wallet-sync-service.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,YAAY,EAEf,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAA;AACjE,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,MAAM,MAAM,gBAAgB,GAAG;IAC3B,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,OAAO,EAAE,MAAM,EAAE,CAAA;CACpB,CAAA;AACD,qBAAa,iBAAiB;IAEtB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,MAAM;gBAHN,KAAK,EAAE,KAAK,EACZ,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM;IAGpB,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAUrC,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;CA+FjD"}
+{"version":3,"file":"wallet-sync-service.d.ts","sourceRoot":"","sources":["../../src/ledger/wallet-sync-service.ts"],"names":[],"mappings":"AAGA,OAAO,EACH,YAAY,EAEf,MAAM,oCAAoC,CAAA;AAC3C,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,mCAAmC,CAAA;AACjE,OAAO,EACH,sBAAsB,EACtB,eAAe,EAClB,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAA;AAEtE,MAAM,MAAM,gBAAgB,GAAG;IAC3B,KAAK,EAAE,MAAM,EAAE,CAAA;IACf,OAAO,EAAE,MAAM,EAAE,CAAA;CACpB,CAAA;AACD,qBAAa,iBAAiB;IAEtB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,YAAY;IACpB,OAAO,CAAC,WAAW;IACnB,OAAO,CAAC,MAAM;IACd,OAAO,CAAC,cAAc;IAGtB,OAAO,CAAC,cAAc;gBAPd,KAAK,EAAE,KAAK,EACZ,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,EACxB,MAAM,EAAE,MAAM,EACd,cAAc,EAAE,OAAO,CAC3B,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAClD,YAAK,EACE,cAAc,EAAE,sBAAsB;IAG5C,GAAG,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;cAU3B,sBAAsB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAC5D;QAAE,iBAAiB,EAAE,eAAe,CAAC,WAAW,CAAA;KAAE,GAClD;QACI,iBAAiB,EAAE,OAAO,CACtB,eAAe,EACf,eAAe,CAAC,WAAW,CAC9B,CAAA;QACD,SAAS,EAAE,MAAM,CAAA;KACpB,GACD,IAAI,CACT;IAiHK,WAAW,IAAI,OAAO,CAAC,gBAAgB,CAAC;CAkJjD"}

package/dist/ledger/wallet-sync-service.js

@@ -1,12 +1,15 @@
 // Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
 // SPDX-License-Identifier: Apache-2.0
 import { defaultRetryableOptions, } from '@canton-network/core-ledger-client';
+import { SigningProvider, } from '@canton-network/core-signing-lib';
 export class WalletSyncService {
-    constructor(store, ledgerClient, authContext, logger) {
+    constructor(store, ledgerClient, authContext, logger, signingDrivers = {}, partyAllocator) {
         this.store = store;
         this.ledgerClient = ledgerClient;
         this.authContext = authContext;
         this.logger = logger;
+        this.signingDrivers = signingDrivers;
+        this.partyAllocator = partyAllocator;
     }
     async run(timeoutMs) {
         this.logger.info(`Starting wallet sync service with ${timeoutMs}ms interval`);
@@ -15,6 +18,86 @@ export class WalletSyncService {
             await new Promise((res) => setTimeout(res, timeoutMs));
         }
     }
+    async resolveSigningProvider(namespace) {
+        try {
+            // Check if namespace matches participant namespace first
+            // (participant parties have namespace === participantId's namespace)
+            let participantNamespace;
+            try {
+                const { participantId } = await this.ledgerClient.getWithRetry('/v2/parties/participant-id', defaultRetryableOptions);
+                // Extract the namespace part from participantId
+                // Format is hint::namespace
+                const [, extractedNamespace] = participantId.split('::');
+                if (extractedNamespace) {
+                    participantNamespace = extractedNamespace;
+                }
+                else {
+                    this.logger.warn({ participantId }, `Invalid participantId format: expected "hint::namespace", got "${participantId}"`);
+                }
+            }
+            catch (err) {
+                this.logger.warn({ err }, 'Failed to get participant namespace');
+            }
+            if (participantNamespace && namespace === participantNamespace) {
+                return { signingProviderId: SigningProvider.PARTICIPANT };
+            }
+            // Get keys from signing providers try to match
+            const userId = this.authContext?.userId;
+            for (const [providerId, driver] of Object.entries(this.signingDrivers)) {
+                if (!driver)
+                    continue;
+                // Participant already handled above
+                if (providerId === SigningProvider.PARTICIPANT) {
+                    continue;
+                }
+                try {
+                    const controller = driver.controller(userId);
+                    const result = await controller.getKeys();
+                    // In case of error getKeys resolve Promise but with error object
+                    if ('error' in result) {
+                        this.logger.debug({
+                            providerId,
+                            error: result.error,
+                            error_description: result.error_description,
+                        }, 'Failed to get keys from signing provider');
+                        continue;
+                    }
+                    // Try to match namespace with public keys
+                    if (result.keys) {
+                        for (const key of result.keys) {
+                            const normalizedKey = this.partyAllocator.normalizePublicKeyToBase64(key.publicKey);
+                            if (!normalizedKey)
+                                continue;
+                            const keyNamespace = this.partyAllocator.createFingerprintFromKey(normalizedKey);
+                            if (keyNamespace === namespace) {
+                                this.logger.debug({
+                                    namespace,
+                                    providerId,
+                                    keyId: key.id,
+                                    publicKey: key.publicKey,
+                                }, 'Matched namespace with signing provider');
+                                return {
+                                    signingProviderId: providerId,
+                                    publicKey: key.publicKey,
+                                };
+                            }
+                        }
+                    }
+                }
+                catch (err) {
+                    this.logger.debug({ err, providerId }, 'Error getting keys from signing provider');
+                    // Continue to next signing provider
+                }
+            }
+            // No match found - reject this wallet
+            this.logger.warn({ namespace }, 'No signing provider match found for namespace, rejecting wallet');
+            return null;
+        }
+        catch (err) {
+            this.logger.error({ err, namespace }, 'Error resolving signing provider, rejecting wallet');
+            return null;
+        }
+    }
     async syncWallets() {
         this.logger.info('Starting wallet sync...');
         try {
@@ -47,30 +130,58 @@ export class WalletSyncService {
                     !partiesWithRights.has(party))
                     partiesWithRights.set(party, rightType);
             });
-            this.logger.info(partiesWithRights, 'Found new parties to sync with Wallet Gateway');
+            this.logger.info([...partiesWithRights], 'Found new parties to sync with Wallet Gateway');
             // Add new Wallets given the found parties
             const existingWallets = await this.store.getWallets();
             this.logger.info(existingWallets, 'Existing wallets');
             const existingPartyIdToSigningProvider = new Map(existingWallets.map((w) => [w.partyId, w.signingProviderId]));
-            const newParticipantWallets = Array.from(partiesWithRights.keys())
-                ?.filter((party) => !existingPartyIdToSigningProvider.has(party)
+            // Resolve signing providers for all new parties
+            const newParties = Array.from(partiesWithRights.keys()).filter((party) => !existingPartyIdToSigningProvider.has(party)
             // todo: filter on idp id
-            )
-                .map((party) => {
+            );
+            const walletResults = await Promise.all(newParties.map(async (party) => {
                 const [hint, namespace] = party.split('::');
+                const resolvedSigningProvider = await this.resolveSigningProvider(namespace);
+                // Reject wallets where no signing provider match was found
+                if (!resolvedSigningProvider) {
+                    this.logger.warn({ party, hint, namespace }, 'Rejecting wallet - no signing provider match found');
+                    return null;
+                }
+                // Namespace is saved as public key in case of participant
+                const walletPublicKey = resolvedSigningProvider.signingProviderId ===
+                    SigningProvider.PARTICIPANT
+                    ? namespace
+                    : resolvedSigningProvider.publicKey;
+                this.logger.info({
+                    primary: false,
+                    status: 'allocated',
+                    partyId: party,
+                    hint: hint,
+                    publicKey: walletPublicKey,
+                    namespace: namespace,
+                    networkId: network.id,
+                    signingProviderId: resolvedSigningProvider.signingProviderId,
+                }, 'Wallet sync result');
                 return {
                     primary: false,
                     status: 'allocated',
                     partyId: party,
                     hint: hint,
-                    publicKey: namespace,
+                    publicKey: walletPublicKey,
                     namespace: namespace,
                     networkId: network.id,
-                    signingProviderId: 'participant', // todo: determine based on partyDetails.isLocal
+                    signingProviderId: resolvedSigningProvider.signingProviderId,
                 };
-            }) || [];
+            }));
+            // Filter out rejected wallets
+            const newParticipantWallets = walletResults.filter((wallet) => wallet !== null);
             await Promise.all(newParticipantWallets.map((wallet) => this.store.addWallet(wallet)));
-            this.logger.info(newParticipantWallets, 'Created new wallets');
+            this.logger.info({ newParticipantWallets }, 'Created new wallets');
+            this.logger.info({
+                totalProcessed: newParties.length,
+                rejected: newParties.length - newParticipantWallets.length,
+                added: newParticipantWallets.length,
+            }, 'Wallet sync summary');
             // Set primary wallet if none exists
             const wallets = await this.store.getWallets();
             const hasPrimary = wallets.some((w) => w.primary);

package/dist/ledger/wallet-sync-service.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=wallet-sync-service.test.d.ts.map

package/dist/ledger/wallet-sync-service.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"wallet-sync-service.test.d.ts","sourceRoot":"","sources":["../../src/ledger/wallet-sync-service.test.ts"],"names":[],"mappings":""}

package/dist/ledger/wallet-sync-service.test.js

@@ -0,0 +1,163 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+import { jest, describe, it, expect, beforeEach, afterEach, } from '@jest/globals';
+import { pino } from 'pino';
+import { sink } from 'pino-test';
+import { SigningProvider, } from '@canton-network/core-signing-lib';
+import { InternalSigningDriver } from '@canton-network/core-signing-internal';
+import { ParticipantSigningDriver } from '@canton-network/core-signing-participant';
+import { StoreSql, connection, migrator, } from '@canton-network/core-signing-store-sql';
+import { WalletSyncService } from './wallet-sync-service.js';
+import { PartyAllocationService } from './party-allocation-service.js';
+const mockLedgerGet = jest.fn();
+jest.unstable_mockModule('@canton-network/core-ledger-client', () => ({
+    LedgerClient: jest.fn().mockImplementation(() => {
+        return {
+            getWithRetry: mockLedgerGet,
+        };
+    }),
+    defaultRetryableOptions: {},
+}));
+// Test subclass to expose protected method
+class TestableWalletSyncService extends WalletSyncService {
+    async resolveSigningProvider(namespace) {
+        return super.resolveSigningProvider(namespace);
+    }
+}
+describe('WalletSyncService - resolveSigningProvider', () => {
+    const authContext = {
+        userId: 'test-user-id',
+        accessToken: 'test-access-token',
+    };
+    let mockLogger;
+    let store;
+    let ledgerClient;
+    let partyAllocator;
+    let service;
+    beforeEach(async () => {
+        mockLogger = pino(sink());
+        // Create in-memory SQLite store for InternalSigningDriver
+        const db = connection({
+            connection: {
+                type: 'sqlite',
+                database: ':memory:',
+            },
+        });
+        const umzug = migrator(db);
+        const pending = await umzug.pending();
+        if (pending.length > 0) {
+            await umzug.up();
+        }
+        const signingStore = new StoreSql(db, mockLogger, authContext);
+        // Create real InternalSigningDriver with real store
+        const internalDriver = new InternalSigningDriver(signingStore);
+        // Store is not used in resolveSigningProvider tests
+        store = {};
+        // Create real PartyAllocationService
+        partyAllocator = new PartyAllocationService({
+            synchronizerId: 'test-sync-id',
+            accessTokenProvider: {
+                getUserAccessToken: async () => 'user.jwt',
+                getAdminAccessToken: async () => 'admin.jwt',
+            },
+            httpLedgerUrl: 'http://test',
+            logger: mockLogger,
+        });
+        // Create mocked ledger client (whole module is already mocked)
+        const ledgerModule = await import('@canton-network/core-ledger-client');
+        ledgerClient = new ledgerModule.LedgerClient({
+            baseUrl: new URL('http://test'),
+            logger: mockLogger,
+            accessTokenProvider: {
+                getUserAccessToken: async () => 'token',
+                getAdminAccessToken: async () => 'token',
+            },
+        });
+        // Create service with real drivers
+        service = new TestableWalletSyncService(store, ledgerClient, authContext, mockLogger, {
+            [SigningProvider.WALLET_KERNEL]: internalDriver,
+            [SigningProvider.PARTICIPANT]: new ParticipantSigningDriver(),
+        }, partyAllocator);
+    });
+    afterEach(() => {
+        jest.restoreAllMocks();
+        mockLedgerGet.mockClear();
+    });
+    it('resolves participant when namespace matches participant namespace', async () => {
+        const participantNamespace = 'participant-namespace-123';
+        const participantId = `participant1::${participantNamespace}`;
+        mockLedgerGet.mockResolvedValueOnce({
+            participantId,
+        });
+        const result = await service.resolveSigningProvider(participantNamespace);
+        expect(result).not.toBeNull();
+        expect(result).toEqual({
+            signingProviderId: SigningProvider.PARTICIPANT,
+        });
+        if (result) {
+            expect('publicKey' in result).toBe(false);
+        }
+    });
+    it('resolves wallet-kernel when namespace matches internal key', async () => {
+        const internalDriver = service['signingDrivers'][SigningProvider.WALLET_KERNEL];
+        const controller = internalDriver.controller(authContext.userId);
+        const key = await controller.createKey({ name: 'test-key' });
+        const namespace = partyAllocator.createFingerprintFromKey(key.publicKey);
+        mockLedgerGet.mockResolvedValueOnce({
+            participantId: 'participant1::different-participant-namespace',
+        });
+        const result = await service.resolveSigningProvider(namespace);
+        expect(result).not.toBeNull();
+        if (result) {
+            expect(result.signingProviderId).toBe(SigningProvider.WALLET_KERNEL);
+            if (result.signingProviderId !== SigningProvider.PARTICIPANT) {
+                expect(result.publicKey).toBe(key.publicKey);
+            }
+        }
+    });
+    it('resolves fireblocks when namespace matches fireblocks key', async () => {
+        const fireblocksPublicKeyHex = '02fefbcc9aebc8a479f211167a9f564df53aefd603a8662d9449a98c1ead2eba';
+        // Convert hex to base64, then calculate namespace
+        const normalizedKey = partyAllocator.normalizePublicKeyToBase64(fireblocksPublicKeyHex);
+        const namespace = partyAllocator.createFingerprintFromKey(normalizedKey);
+        const mockFireblocksDriver = {
+            controller: jest.fn().mockReturnValue({
+                getKeys: jest
+                    .fn()
+                    .mockResolvedValue({
+                    keys: [
+                        {
+                            id: '44-6767-1-0-0',
+                            name: 'test-vault',
+                            publicKey: fireblocksPublicKeyHex,
+                        },
+                    ],
+                }),
+            }),
+            partyMode: 'EXTERNAL',
+            signingProvider: SigningProvider.FIREBLOCKS,
+        };
+        const serviceWithFireblocks = new TestableWalletSyncService(store, ledgerClient, authContext, mockLogger, {
+            [SigningProvider.FIREBLOCKS]: mockFireblocksDriver,
+        }, partyAllocator);
+        mockLedgerGet.mockResolvedValueOnce({
+            participantId: 'participant1::different-participant-namespace',
+        });
+        const result = await serviceWithFireblocks.resolveSigningProvider(namespace);
+        expect(result).not.toBeNull();
+        if (result) {
+            expect(result.signingProviderId).toBe(SigningProvider.FIREBLOCKS);
+            if (result.signingProviderId !== SigningProvider.PARTICIPANT) {
+                expect(result.publicKey).toBe(fireblocksPublicKeyHex);
+            }
+        }
+    });
+    it('returns null when no signing provider match is found', async () => {
+        const unknownNamespace = 'unknown-namespace-123';
+        mockLedgerGet.mockResolvedValueOnce({
+            participantId: 'participant1::different-participant-namespace',
+        });
+        const result = await service.resolveSigningProvider(unknownNamespace);
+        expect(result).toBeNull();
+    });
+});

package/dist/middleware/jsonRpcHandler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jsonRpcHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/jsonRpcHandler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAa7B,UAAU,kBAAkB,CAAC,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,CAAC,CAAA;CAChB;AAyDD,eAAO,MAAM,cAAc,GAEtB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,EAAE,kCAGjD,kBAAkB,CAAC,CAAC,CAAC,MAMZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,SA4E1D,CAAA"}
+{"version":3,"file":"jsonRpcHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/jsonRpcHandler.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AACzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAc7B,UAAU,kBAAkB,CAAC,CAAC;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,CAAC,CAAA;CAChB;AAiED,eAAO,MAAM,cAAc,GAEtB,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,GAAG,CAAC,EAAE,kCAGjD,kBAAkB,CAAC,CAAC,CAAC,MAMZ,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,SA4E1D,CAAA"}

package/dist/middleware/jsonRpcHandler.js

@@ -2,6 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 import { JsonRpcError, rpcErrors, toHttpErrorCode, } from '@canton-network/core-rpc-errors';
 import { ErrorResponse, JsonRpcRequest, jsonRpcResponse, } from '@canton-network/core-types';
+import { isJsCantonError } from '@canton-network/core-ledger-client';
 /**
  * Handles JSON-RPC errors and maps them to HTTP responses.
  * @param error The error that occurred.
@@ -26,6 +27,13 @@ const handleRpcError = (error, id, logger, method) => {
         const httpCode = toHttpErrorCode(error.code);
         return [httpCode, jsonRpcResponse(id, response)];
     }
+    if (isJsCantonError(error)) {
+        response.error = {
+            code: rpcErrors.internal().code,
+            message: error.cause,
+            data: error,
+        };
+    }
     if (error instanceof Error) {
         response.error.message = error.message;
     }

package/dist/middleware/sessionHandler.d.ts

@@ -0,0 +1,13 @@
+import type { Request, Response, NextFunction } from 'express';
+import { AuthAware } from '@canton-network/core-wallet-auth';
+import { Logger } from 'pino';
+import { Store } from '@canton-network/core-wallet-store';
+/**
+ * Middleware to handle session validation based on user sessions.
+ * @param store needs to be AuthAware
+ * @param allowedPaths a record of path -> list of methods which do not require authentication
+ * @param logger
+ * @returns
+ */
+export declare function sessionHandler(store: Store & AuthAware<Store>, allowedPaths: Record<string, string[]>, logger: Logger): (req: Request, res: Response, next: NextFunction) => Promise<void>;
+//# sourceMappingURL=sessionHandler.d.ts.map

package/dist/middleware/sessionHandler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionHandler.d.ts","sourceRoot":"","sources":["../../src/middleware/sessionHandler.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAA;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,kCAAkC,CAAA;AAC5D,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAC1B,KAAK,EAAE,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,EAC/B,YAAY,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,EACtC,MAAM,EAAE,MAAM,IAEA,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,mBA6BhE"}

package/dist/middleware/sessionHandler.js

@@ -0,0 +1,37 @@
+// Copyright (c) 2025 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+// middleware/jwtAuth.ts
+/**
+ * Middleware to handle session validation based on user sessions.
+ * @param store needs to be AuthAware
+ * @param allowedPaths a record of path -> list of methods which do not require authentication
+ * @param logger
+ * @returns
+ */
+export function sessionHandler(store, allowedPaths, logger) {
+    return async (req, res, next) => {
+        const context = req.authContext;
+        const allowedMethods = allowedPaths[req.baseUrl];
+        if (req.method !== 'POST') {
+            logger.debug('Skipping authentication for OPTIONS request to ' + req.baseUrl);
+            next();
+        }
+        else if (allowedMethods &&
+            (allowedMethods.includes(req.body.method) ||
+                allowedMethods.includes('*'))) {
+            logger.debug(`Allowing unauthenticated access to ${req.baseUrl} for method ${req.body.method}`);
+            next();
+        }
+        else {
+            logger.debug('Checking for active session for ' + context?.userId);
+            const session = await store.withAuthContext(context).getSession();
+            if (!session) {
+                logger.debug('No active session found for ' + context?.userId);
+                res.status(401).json({ error: 'No active session found' });
+            }
+            else {
+                next();
+            }
+        }
+    };
+}

package/dist/notification/NotificationService.d.ts

@@ -1,10 +1,17 @@
+import { Logger } from 'pino';
 type EventListener = (...args: unknown[]) => void;
 export interface Notifier {
     on(event: string, listener: EventListener): void;
     emit(event: string, ...args: unknown[]): boolean;
     removeListener(event: string, listenerToRemove: EventListener): void;
 }
-export interface NotificationService {
+interface INotificationService {
+    getNotifier(notifierId: string): Notifier;
+}
+export declare class NotificationService implements INotificationService {
+    private logger;
+    private notifiers;
+    constructor(logger: Logger);
     getNotifier(notifierId: string): Notifier;
 }
 export {};

package/dist/notification/NotificationService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"NotificationService.d.ts","sourceRoot":"","sources":["../../src/notification/NotificationService.ts"],"names":[],"mappings":"AAKA,KAAK,aAAa,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAA;AACjD,MAAM,WAAW,QAAQ;IACrB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAA;IAEhD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEhD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,aAAa,GAAG,IAAI,CAAA;CACvE;AAED,MAAM,WAAW,mBAAmB;IAChC,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAA;CAC5C"}
+{"version":3,"file":"NotificationService.d.ts","sourceRoot":"","sources":["../../src/notification/NotificationService.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B,KAAK,aAAa,GAAG,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAA;AACjD,MAAM,WAAW,QAAQ;IACrB,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,GAAG,IAAI,CAAA;IAEhD,IAAI,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAA;IAEhD,cAAc,CAAC,KAAK,EAAE,MAAM,EAAE,gBAAgB,EAAE,aAAa,GAAG,IAAI,CAAA;CACvE;AAED,UAAU,oBAAoB;IAC1B,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ,CAAA;CAC5C;AAED,qBAAa,mBAAoB,YAAW,oBAAoB;IAGhD,OAAO,CAAC,MAAM;IAF1B,OAAO,CAAC,SAAS,CAAmC;gBAEhC,MAAM,EAAE,MAAM;IAElC,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,QAAQ;CAoB5C"}

package/dist/notification/NotificationService.js

@@ -2,4 +2,25 @@
 // SPDX-License-Identifier: Apache-2.0
 // TODO: make events type-of dApp methods (perhaps just )
 // Support event-driven notifications. We represent a notifier with a generic interface to support node and browser implementations.
-export {};
+import EventEmitter from 'events';
+export class NotificationService {
+    constructor(logger) {
+        this.logger = logger;
+        this.notifiers = new Map();
+    }
+    getNotifier(notifierId) {
+        const logger = this.logger;
+        let notifier = this.notifiers.get(notifierId);
+        if (!notifier) {
+            notifier = new EventEmitter();
+            // Wrap all events to log with pino
+            const originalEmit = notifier.emit;
+            notifier.emit = function (event, ...args) {
+                logger.debug({ event, args }, `Notifier emitted event: ${event} for ${notifierId}`);
+                return originalEmit.apply(this, [event, ...args]);
+            };
+            this.notifiers.set(notifierId, notifier);
+        }
+        return notifier;
+    }
+}

package/dist/user-api/controller.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/user-api/controller.ts"],"names":[],"mappings":"AAyBA,OAAO,EACH,KAAK,EAIR,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAGH,WAAW,EAId,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,EACH,sBAAsB,EACtB,eAAe,EAClB,MAAM,kCAAkC,CAAA;AAazC,KAAK,uBAAuB,GAAG,OAAO,CAClC,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAClD,CAAA;AAED,eAAO,MAAM,cAAc,GACvB,YAAY,UAAU,EACtB,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,aAAa,WAAW,GAAG,SAAS,EACpC,SAAS,uBAAuB,EAChC,SAAS,MAAM;;;;;;;;;;;;;;;;;;;CAgpBlB,CAAA"}
+{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/user-api/controller.ts"],"names":[],"mappings":"AAyBA,OAAO,EACH,KAAK,EAIR,MAAM,mCAAmC,CAAA;AAC1C,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAC7B,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAGH,WAAW,EAId,MAAM,kCAAkC,CAAA;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,EACH,sBAAsB,EACtB,eAAe,EAClB,MAAM,kCAAkC,CAAA;AAczC,KAAK,uBAAuB,GAAG,OAAO,CAClC,MAAM,CAAC,eAAe,EAAE,sBAAsB,CAAC,CAClD,CAAA;AAED,eAAO,MAAM,cAAc,GACvB,YAAY,UAAU,EACtB,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,aAAa,WAAW,GAAG,SAAS,EACpC,SAAS,uBAAuB,EAChC,SAAS,MAAM;;;;;;;;;;;;;;;;;;;CAorBlB,CAAA"}

package/dist/user-api/controller.js

@@ -9,6 +9,7 @@ import { SigningProvider, } from '@canton-network/core-signing-lib';
 import { PartyAllocationService, } from '../ledger/party-allocation-service.js';
 import { WalletSyncService } from '../ledger/wallet-sync-service.js';
 import { networkStatus, ledgerPrepareParams, } from '../utils.js';
+import { v4 } from 'uuid';
 export const userController = (kernelInfo, userUrl, store, notificationService, authContext, drivers, _logger) => {
     const logger = _logger.child({ component: 'user-controller' });
     return buildController({
@@ -244,7 +245,7 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                         throw new Error('Failed to sign transaction: ' +
                             JSON.stringify(signature));
                     }
-                    // Get existing transaction to preserve createdAt if it exists
+                    // Get existing transaction to preserve createdAt and origin if they exist
                     const existingTx = await store.getTransaction(commandId);
                     const now = new Date();
                     const signedTx = {
@@ -252,6 +253,7 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                         status: 'signed',
                         preparedTransaction,
                         preparedTransactionHash,
+                        origin: existingTx?.origin ?? null,
                         ...(existingTx?.createdAt && {
                             createdAt: existingTx.createdAt,
                         }),
@@ -310,7 +312,8 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                         return res;
                     }
                     catch (error) {
-                        throw new Error('Failed to submit transaction: ' + error);
+                        logger.error(error, 'Failed to submit transaction');
+                        throw error;
                     }
                 }
                 case SigningProvider.WALLET_KERNEL: {
@@ -344,6 +347,7 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                         preparedTransaction: transaction.preparedTransaction,
                         preparedTransactionHash: transaction.preparedTransactionHash,
                         payload: result,
+                        origin: transaction.origin ?? null,
                         ...(transaction.createdAt && {
                             createdAt: transaction.createdAt,
                         }),
@@ -361,7 +365,10 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
         },
         addSession: async function (params) {
             try {
+                const newSessionId = v4();
+                logger.info(`Adding session with ID ${newSessionId} for network ${params.networkId}`);
                 await store.setSession({
+                    id: newSessionId,
                     network: params.networkId,
                     accessToken: authContext?.accessToken || '',
                 });
@@ -377,16 +384,27 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                 });
                 const status = await networkStatus(ledgerClient);
                 notifier.emit('onConnected', {
-                    status: {
-                        kernel: kernelInfo,
-                        isConnected: true,
-                        isNetworkConnected: status.isConnected,
-                        networkReason: status.reason ? status.reason : 'OK',
+                    kernel: {
+                        ...kernelInfo,
+                        userUrl: `${userUrl}/login/`,
+                    },
+                    isConnected: true,
+                    isNetworkConnected: status.isConnected,
+                    networkReason: status.reason ? status.reason : 'OK',
+                    network: {
                         networkId: network.id,
+                        ledgerApi: {
+                            baseUrl: network.ledgerApi.baseUrl,
+                        },
+                    },
+                    session: {
+                        id: newSessionId,
+                        accessToken: accessToken,
+                        userId: userId,
                     },
-                    sessionToken: accessToken,
                 });
                 return Promise.resolve({
+                    id: newSessionId,
                     accessToken,
                     network,
                     idp,
@@ -429,6 +447,7 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
             return {
                 sessions: [
                     {
+                        id: session.id,
                         network,
                         idp: idp,
                         accessToken: authContext.accessToken,
@@ -447,11 +466,17 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                 getUserAccessToken: async () => authContext.accessToken,
                 getAdminAccessToken: async () => authContext.accessToken,
             };
+            const partyAllocator = new PartyAllocationService({
+                synchronizerId: network.synchronizerId,
+                accessTokenProvider: userAccessTokenProvider,
+                httpLedgerUrl: network.ledgerApi.baseUrl,
+                logger,
+            });
             const service = new WalletSyncService(store, new LedgerClient({
                 baseUrl: new URL(network.ledgerApi.baseUrl),
                 logger,
                 accessTokenProvider: userAccessTokenProvider,
-            }), authContext, logger);
+            }), authContext, logger, drivers, partyAllocator);
             const result = await service.syncWallets();
             if (result.added.length === 0 && result.removed.length === 0) {
                 return result;
@@ -474,6 +499,9 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                 payload: transaction.payload
                     ? JSON.stringify(transaction.payload)
                     : '',
+                ...(transaction.origin !== null && {
+                    origin: transaction.origin,
+                }),
                 ...(transaction.createdAt && {
                     createdAt: transaction.createdAt.toISOString(),
                 }),
@@ -492,6 +520,9 @@ export const userController = (kernelInfo, userUrl, store, notificationService,
                 payload: transaction.payload
                     ? JSON.stringify(transaction.payload)
                     : '',
+                ...(transaction.origin !== null && {
+                    origin: transaction.origin,
+                }),
                 ...(transaction.createdAt && {
                     createdAt: transaction.createdAt.toISOString(),
                 }),