@cubist-labs/cubesigner-sdk 0.1.26 → 0.1.77

package/dist/src/signer_session.d.ts

@@ -1,14 +1,16 @@
-import { CubeSigner, Key, OidcSessionManager, OidcSessionStorage } from ".";
+import { CubeSigner, Key, KeyInfo, MfaReceipt, IdentityProof, MfaFidoChallenge } from ".";
 import { components, paths } from "./client";
-import { SignerSessionManager, SignerSessionStorage } from "./session/signer_session_manager";
-export type KeyInfo = components["schemas"]["KeyInfo"];
+import { JsonMap } from "./util";
+import { PublicKeyCredential } from "./fido";
+import { NewSessionResponse, SignerSessionManager, SignerSessionStorage } from "./session/signer_session_manager";
 export type EvmSignRequest = paths["/v1/org/{org_id}/eth1/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
 export type Eth2SignRequest = paths["/v1/org/{org_id}/eth2/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
 export type Eth2StakeRequest = paths["/v1/org/{org_id}/eth2/stake"]["post"]["requestBody"]["content"]["application/json"];
 export type Eth2UnstakeRequest = paths["/v1/org/{org_id}/eth2/unstake/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
 export type BlobSignRequest = paths["/v1/org/{org_id}/blob/sign/{key_id}"]["post"]["requestBody"]["content"]["application/json"];
 export type BtcSignRequest = paths["/v0/org/{org_id}/btc/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
-export type SolanaSignRequest = paths["/v1/org/{org_id}/solana/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
+export type SolanaSignRequest = paths["/v0/org/{org_id}/solana/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
+export type AvaSignRequest = paths["/v0/org/{org_id}/ava/sign/{pubkey}"]["post"]["requestBody"]["content"]["application/json"];
 export type EvmSignResponse = components["responses"]["Eth1SignResponse"]["content"]["application/json"];
 export type Eth2SignResponse = components["responses"]["Eth2SignResponse"]["content"]["application/json"];
 export type Eth2StakeResponse = components["responses"]["StakeResponse"]["content"]["application/json"];
@@ -17,25 +19,69 @@ export type BlobSignResponse = components["responses"]["BlobSignResponse"]["cont
 export type BtcSignResponse = components["responses"]["BtcSignResponse"]["content"]["application/json"];
 export type SolanaSignResponse = components["responses"]["SolanaSignResponse"]["content"]["application/json"];
 export type MfaRequestInfo = components["responses"]["MfaRequestInfo"]["content"]["application/json"];
+export type AvaSignResponse = components["responses"]["AvaSignResponse"]["content"]["application/json"];
 export type AcceptedResponse = components["schemas"]["AcceptedResponse"];
 export type ErrorResponse = components["schemas"]["ErrorResponse"];
 export type BtcSignatureKind = components["schemas"]["BtcSignatureKind"];
 /** MFA request kind */
 export type MfaType = components["schemas"]["MfaType"];
+/** Ava P- or X-chain transaction */
+export type AvaTx = {
+    P: AvaPChainTx;
+} | {
+    X: AvaXChainTx;
+};
+/** Ava P-chain transaction */
+export type AvaPChainTx = {
+    AddPermissionlessValidator: JsonMap;
+} | {
+    AddSubnetValidator: JsonMap;
+} | {
+    AddValidator: JsonMap;
+} | {
+    CreateChain: JsonMap;
+} | {
+    CreateSubnet: JsonMap;
+} | {
+    Export: JsonMap;
+} | {
+    Import: JsonMap;
+};
+/** Ava X-chain transaction */
+export type AvaXChainTx = {
+    Base: JsonMap;
+} | {
+    Export: JsonMap;
+} | {
+    Import: JsonMap;
+};
 type SignFn<U> = (headers?: HeadersInit) => Promise<U | AcceptedResponse>;
+export interface MfaRequired {
+    /** Org id */
+    org_id: string;
+    /** MFA request id */
+    id: string;
+    /** Optional MFA session */
+    session?: NewSessionResponse | null;
+}
 /**
- * A response of a signing request.
+ * A response of a CubeSigner request.
  */
 export declare class SignResponse<U> {
     #private;
-    /** @return {boolean} True if this signing request requires an MFA approval */
+    /** @return {string} The MFA id associated with this request */
+    mfaId(): string;
+    /** @return {boolean} True if this request requires an MFA approval */
     requiresMfa(): boolean;
+    /**
+     * Returns session information to use for any MFA approval requests (if any was included in the response).
+     * @return {ClientSessionInfo | undefined}
+     */
+    mfaSessionInfo(): NewSessionResponse | undefined;
     /** @return {U} The signed data */
     data(): U;
     /**
-     * Approves the MFA request using a given signer session and a TOTP code.
-     *
-     * Note: This only works for MFA requests that require a single approval.
+     * Approves the MFA request using a given session and a TOTP code.
      *
      * @param {SignerSession} session Signer session to use
      * @param {string} code 6-digit TOTP code
@@ -43,25 +89,43 @@ export declare class SignResponse<U> {
      */
     approveTotp(session: SignerSession, code: string): Promise<SignResponse<U>>;
     /**
-     * Approves the MFA request using CubeSigner's management session.
-     *
-     * Note: This only works for MFA requests that require a single approval.
+     * Approves the MFA request using a given `CubeSigner` instance (i.e., its management session).
      *
+     * @param {CubeSigner} cs CubeSigner whose session to use
      * @return {SignResponse<U>} The result of signing with the approval
      */
-    approve(): Promise<SignResponse<U>>;
+    approve(cs: CubeSigner): Promise<SignResponse<U>>;
+    /**
+     * @param {MfaReceipt} mfaReceipt The MFA receipt
+     * @return {Promise<SignResponse<U>>} The result of signing after MFA approval
+     */
+    signWithMfaApproval(mfaReceipt: MfaReceipt): Promise<SignResponse<U>>;
     /**
      * Constructor.
      *
-     * @param {CubeSigner} cs The CubeSigner instance to use for requests
-     * @param {string} orgId The org id of the corresponding signing request
      * @param {SignFn} signFn The signing function that this response is from.
      *                        This argument is used to resend requests with
      *                        different headers if needed.
      * @param {U | AcceptedResponse} resp The response as returned by the OpenAPI
      *                                    client.
      */
-    constructor(cs: CubeSigner, orgId: string, signFn: SignFn<U>, resp: U | AcceptedResponse);
+    constructor(signFn: SignFn<U>, resp: U | AcceptedResponse);
+    /**
+     * Static constructor.
+     * @param {SignFn} signFn The signing function that this response is from.
+     *                        This argument is used to resend requests with
+     *                        different headers if needed.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
+     * @return {Promise<SignResponse<U>>} New instance of this class.
+     */
+    static create<U>(signFn: SignFn<U>, mfaReceipt?: MfaReceipt): Promise<SignResponse<U>>;
+    /**
+     * Returns HTTP headers containing a given MFA receipt.
+     *
+     * @param {MfaReceipt} mfaReceipt MFA receipt
+     * @return {HeadersInit} Headers including that receipt
+     */
+    static getMfaHeaders(mfaReceipt?: MfaReceipt): HeadersInit | undefined;
 }
 /** Signer session info. Can only be used to revoke a token, but not for authentication. */
 export declare class SignerSessionInfo {
@@ -83,13 +147,14 @@ export declare class SignerSessionInfo {
 /** Signer session. */
 export declare class SignerSession {
     #private;
-    readonly cs: CubeSigner;
-    sessionMgr: OidcSessionManager | SignerSessionManager;
+    sessionMgr: SignerSessionManager;
+    /** Org id */
+    get orgId(): string;
     /**
      * Returns the list of keys that this token grants access to.
      * @return {Key[]} The list of keys.
      */
-    keys(): Promise<Key[]>;
+    keys(): Promise<KeyInfo[]>;
     /**
      * Approve a pending MFA request using TOTP.
      *
@@ -98,75 +163,108 @@ export declare class SignerSession {
      * @return {Promise<MfaRequestInfo>} The current status of the MFA request
      */
     totpApprove(mfaId: string, code: string): Promise<MfaRequestInfo>;
+    /**
+     * Initiate approval of an existing MFA request using FIDO.
+     * @param {string} mfaId The MFA request ID.
+     * @return {Promise<MfaFidoChallenge>} A challenge that needs to be answered to complete the approval.
+     */
+    fidoApproveStart(mfaId: string): Promise<MfaFidoChallenge>;
+    /**
+     * Complete a previously initiated MFA request approval using FIDO.
+     * @param {string} mfaId The MFA request ID
+     * @param {string} challengeId The challenge ID
+     * @param {PublicKeyCredential} credential The answer to the challenge
+     * @return {Promise<MfaRequestInfo>} The current status of the MFA request.
+     */
+    fidoApproveComplete(mfaId: string, challengeId: string, credential: PublicKeyCredential): Promise<MfaRequestInfo>;
+    /**
+     * Get a pending MFA request by its id.
+     * @param {CubeSigner} cs Management session to use (this argument will be removed in future versions)
+     * @param {string} mfaId The id of the MFA request.
+     * @return {Promise<MfaRequestInfo>} The MFA request.
+     */
+    getMfaInfo(cs: CubeSigner, mfaId: string): Promise<MfaRequestInfo>;
     /**
      * Submit an EVM sign request.
      * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
      * @param {EvmSignRequest} req What to sign.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt.
      * @return {Promise<EvmSignResponse | AcceptedResponse>} Signature
      */
-    signEvm(key: Key | string, req: EvmSignRequest): Promise<SignResponse<EvmSignResponse>>;
+    signEvm(key: Key | string, req: EvmSignRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<EvmSignResponse>>;
     /**
      * Submit an 'eth2' sign request.
      * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
      * @param {Eth2SignRequest} req What to sign.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<Eth2SignResponse | AcceptedResponse>} Signature
      */
-    signEth2(key: Key | string, req: Eth2SignRequest): Promise<SignResponse<Eth2SignResponse>>;
+    signEth2(key: Key | string, req: Eth2SignRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<Eth2SignResponse>>;
     /**
      * Sign a stake request.
      * @param {Eth2StakeRequest} req The request to sign.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<Eth2StakeResponse | AcceptedResponse>} The response.
      */
-    stake(req: Eth2StakeRequest): Promise<SignResponse<Eth2StakeResponse>>;
+    stake(req: Eth2StakeRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<Eth2StakeResponse>>;
     /**
      * Sign an unstake request.
      * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
      * @param {Eth2UnstakeRequest} req The request to sign.
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<Eth2UnstakeResponse | AcceptedResponse>} The response.
      */
-    unstake(key: Key | string, req: Eth2UnstakeRequest): Promise<SignResponse<Eth2UnstakeResponse>>;
+    unstake(key: Key | string, req: Eth2UnstakeRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<Eth2UnstakeResponse>>;
     /**
      * Sign a raw blob.
      * @param {Key | string} key The key to sign with (either {@link Key} or its ID).
      * @param {BlobSignRequest} req What to sign
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<BlobSignResponse | AcceptedResponse>} The response.
      */
-    signBlob(key: Key | string, req: BlobSignRequest): Promise<SignResponse<BlobSignResponse>>;
+    signBlob(key: Key | string, req: BlobSignRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<BlobSignResponse>>;
     /**
      * Sign a bitcoin message.
      * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
      * @param {BtcSignRequest} req What to sign
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<BtcSignResponse | AcceptedResponse>} The response.
      */
-    signBtc(key: Key | string, req: BtcSignRequest): Promise<SignResponse<BtcSignResponse>>;
+    signBtc(key: Key | string, req: BtcSignRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<BtcSignResponse>>;
     /**
      * Sign a solana message.
      * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
      * @param {SolanaSignRequest} req What to sign
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
      * @return {Promise<SolanaSignResponse | AcceptedResponse>} The response.
      */
-    signSolana(key: Key | string, req: SolanaSignRequest): Promise<SignResponse<SolanaSignResponse>>;
+    signSolana(key: Key | string, req: SolanaSignRequest, mfaReceipt?: MfaReceipt): Promise<SignResponse<SolanaSignResponse>>;
+    /**
+     * Sign an Avalanche P- or X-chain message.
+     * @param {Key | string} key The key to sign with (either {@link Key} or its material ID).
+     * @param {AvaTx} tx Avalanche message (transaction) to sign
+     * @param {MfaReceipt} mfaReceipt Optional MFA receipt
+     * @return {Promise<AvaSignResponse | AcceptedResponse>} The response.
+     */
+    signAva(key: Key | string, tx: AvaTx, mfaReceipt?: MfaReceipt): Promise<SignResponse<AvaSignResponse>>;
+    /**
+     * Obtain a proof of authentication.
+     *
+     * @return {Promise<IdentityProof>} Proof of authentication
+     */
+    proveIdentity(): Promise<IdentityProof>;
     /**
      * Loads an existing signer session from storage.
-     * @param {CubeSigner} cs The CubeSigner instance
      * @param {SignerSessionStorage} storage The session storage to use
      * @return {Promise<SingerSession>} New signer session
      */
-    static loadSignerSession(cs: CubeSigner, storage: SignerSessionStorage): Promise<SignerSession>;
-    /**
-     * Loads an existing OIDC session from storage
-     * @param {CubeSigner} cs The CubeSigner instance
-     * @param {OidcSessionStorage} storage The storage to use
-     * @return {Promise<SignerSession>} New signer session
-     */
-    static loadOidcSession(cs: CubeSigner, storage: OidcSessionStorage): Promise<SignerSession>;
+    static loadSignerSession(storage: SignerSessionStorage): Promise<SignerSession>;
     /**
      * Constructor.
-     * @param {CubeSigner} cs The CubeSigner instance to use for requests
-     * @param {OidcSessionManager | SignerSessionManager} sessionMgr The session manager to use
+     * @param {SignerSessionManager} sessionMgr The session manager to use
      * @internal
      */
-    constructor(cs: CubeSigner, sessionMgr: OidcSessionManager | SignerSessionManager);
+    constructor(sessionMgr: SignerSessionManager);
     /**
      * Static method for revoking a token (used both from {SignerSession} and {SignerSessionInfo}).
      * @param {CubeSigner} cs CubeSigner instance