@cubist-labs/cubesigner-sdk 0.1.77 → 0.2.2

package/src/key.ts

@@ -1,6 +1,6 @@
-import { CubeSigner, KeyPolicy } from ".";
-import { components } from "./client";
-import { assertOk } from "./util";
+import { KeyPolicy } from "./role";
+import { KeyInfoApi, KeyTypeApi, UpdateKeyRequest, SchemaKeyType } from "./schema_types";
+import { CubeSignerClient } from "./client";
 
 /** Secp256k1 key type */
 export enum Secp256k1 {
@@ -37,13 +37,6 @@ export type Stark = typeof Stark;
 /** Key type */
 export type KeyType = Secp256k1 | Bls | Ed25519 | Mnemonic | Stark;
 
-/** Schema key type (i.e., key type at the API level) */
-type SchemaKeyType = components["schemas"]["KeyType"];
-
-type UpdateKeyRequest = components["schemas"]["UpdateKeyRequest"];
-type KeyInfoApi = components["schemas"]["KeyInfo"];
-type KeyTypeApi = components["schemas"]["KeyType"];
-
 /** Additional properties (for backward compatibility) */
 export interface KeyInfo extends KeyInfoApi {
   /** Alias for key_id */
@@ -76,9 +69,13 @@ export function toKeyInfo(key: KeyInfoApi): KeyInfo {
 /** Signing keys. */
 export class Key {
   /** The CubeSigner instance that this key is associated with */
-  readonly #cs: CubeSigner;
+  readonly #csc: CubeSignerClient;
+
   /** The organization that this key is in */
-  readonly orgId: string;
+  get orgId() {
+    return this.#csc.orgId;
+  }
+
   /**
    * The id of the key: "Key#" followed by a unique identifier specific to
    * the type of key (such as a public key for BLS or an ethereum address for Secp)
@@ -168,7 +165,7 @@ export class Key {
    * Delete this key.
    */
   async delete() {
-    await this.#cs.deleteKey(this.orgId, this.id);
+    await this.#csc.keyDelete(this.id);
   }
 
   // --------------------------------------------------------------------------
@@ -176,118 +173,25 @@ export class Key {
   // --------------------------------------------------------------------------
 
   /** Create a new key.
-   * @param {CubeSigner} cs The CubeSigner instance to use for signing.
-   * @param {string} orgId The id of the organization to which the key belongs.
+   * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
    * @param {KeyInfo} data The JSON response from the API server.
    * @internal
    * */
-  constructor(cs: CubeSigner, orgId: string, data: KeyInfoApi) {
-    this.#cs = cs;
-    this.orgId = orgId;
+  constructor(csc: CubeSignerClient, data: KeyInfoApi) {
+    this.#csc = csc;
     this.id = data.key_id;
     this.materialId = data.material_id;
     this.publicKey = data.public_key;
   }
 
-  /** Update the key.
+  /**
+   * Update the key.
    * @param {UpdateKeyRequest} request The JSON request to send to the API server.
    * @return {KeyInfo} The JSON response from the API server.
-   * */
-  private async update(request: UpdateKeyRequest): Promise<KeyInfo> {
-    const resp = await (
-      await this.#cs.management()
-    ).patch("/v0/org/{org_id}/keys/{key_id}", {
-      params: { path: { org_id: this.orgId, key_id: this.id } },
-      body: request,
-      parseAs: "json",
-    });
-    return toKeyInfo(assertOk(resp));
-  }
-
-  /** Create new signing keys.
-   * @param {CubeSigner} cs The CubeSigner instance to use for signing.
-   * @param {string} orgId The id of the organization to which the key belongs.
-   * @param {KeyType} keyType The type of key to create.
-   * @param {number} count The number of keys to create.
-   * @param {string?} ownerId The owner of the keys. Defaults to the session's user.
-   * @return {Key[]} The new keys.
-   * @internal
-   * */
-  static async createKeys(
-    cs: CubeSigner,
-    orgId: string,
-    keyType: KeyType,
-    count: number,
-    ownerId?: string,
-  ): Promise<Key[]> {
-    const chain_id = 0; // not used anymore
-    const resp = await (
-      await cs.management()
-    ).post("/v0/org/{org_id}/keys", {
-      params: { path: { org_id: orgId } },
-      body: {
-        count,
-        chain_id,
-        key_type: keyType,
-        owner: ownerId || null,
-      },
-      parseAs: "json",
-    });
-    const data = assertOk(resp);
-    return data.keys.map((k) => new Key(cs, orgId, k));
-  }
-
-  /**
-   * Derives a key of a specified type using a supplied derivation path and an existing long-lived mnemonic.
-   *
-   * The owner of the derived key will be the owner of the mnemonic.
-   *
-   * @param {CubeSigner} cs The CubeSigner instance to use for key creation.
-   * @param {string} orgId The id of the organization to which the key belongs.
-   * @param {KeyType} keyType The type of key to create.
-   * @param {string[]} derivationPaths Derivation paths from which to derive new keys.
-   * @param {string} mnemonicId materialId of mnemonic key used to derive the new key.
-   *
-   * @return {Key[]} The newly derived keys.
    */
-  static async deriveKeys(
-    cs: CubeSigner,
-    orgId: string,
-    keyType: KeyType,
-    derivationPaths: string[],
-    mnemonicId: string,
-  ): Promise<Key[]> {
-    const resp = await (
-      await cs.management()
-    ).put("/v0/org/{org_id}/derive_key", {
-      params: { path: { org_id: orgId } },
-      body: {
-        derivation_path: derivationPaths,
-        mnemonic_id: mnemonicId,
-        key_type: keyType,
-      },
-      parseAs: "json",
-    });
-    const data = assertOk(resp);
-    return data.keys.map((k) => new Key(cs, orgId, k));
-  }
-
-  /** Get a key by id.
-   * @param {CubeSigner} cs The CubeSigner instance to use for signing.
-   * @param {string} orgId The id of the organization to which the key belongs.
-   * @param {string} keyId The id of the key to get.
-   * @return {Key} The key.
-   * @internal
-   * */
-  static async getKey(cs: CubeSigner, orgId: string, keyId: string): Promise<Key> {
-    const resp = await (
-      await cs.management()
-    ).get("/v0/org/{org_id}/keys/{key_id}", {
-      params: { path: { org_id: orgId, key_id: keyId } },
-      parseAs: "json",
-    });
-    const data = assertOk(resp);
-    return new Key(cs, orgId, data);
+  private async update(request: UpdateKeyRequest): Promise<KeyInfo> {
+    const data = await this.#csc.keyUpdate(this.id, request);
+    return toKeyInfo(data);
   }
 
   /** Fetches the key information.
@@ -295,13 +199,7 @@ export class Key {
    * @internal
    * */
   private async fetch(): Promise<KeyInfo> {
-    const resp = await (
-      await this.#cs.management()
-    ).get("/v0/org/{org_id}/keys/{key_id}", {
-      params: { path: { org_id: this.orgId, key_id: this.id } },
-      parseAs: "json",
-    });
-    const data = assertOk(resp);
+    const data = await this.#csc.keyGet(this.id);
     return toKeyInfo(data);
   }
 }

package/src/{fido.ts → mfa.ts}

@@ -1,42 +1,78 @@
 /* eslint-disable @typescript-eslint/no-explicit-any */
 
-import { CubeSigner, MfaRequestInfo, SignerSession } from ".";
-import { components } from "./schema";
+import {
+  ApiAddFidoChallenge,
+  ApiMfaFidoChallenge,
+  MfaRequestInfo,
+  PublicKeyCredential,
+  TotpInfo,
+} from "./schema_types";
+import { CubeSignerClient } from "./client";
 import { decodeBase64Url, encodeToBase64Url } from "./util";
 
-export type ApiAddFidoChallenge =
-  components["responses"]["FidoCreateChallengeResponse"]["content"]["application/json"];
+/** MFA receipt */
+export interface MfaReceipt {
+  /** MFA request ID */
+  mfaId: string;
+  /** Corresponding org ID */
+  mfaOrgId: string;
+  /** MFA confirmation code */
+  mfaConf: string;
+}
+
+/** TOTP challenge that must be answered before user's TOTP is updated */
+export class TotpChallenge {
+  readonly #csc: CubeSignerClient;
+  readonly #totpInfo: TotpInfo;
+
+  /** The id of the challenge */
+  get totpId() {
+    return this.#totpInfo.totp_id;
+  }
 
-export type ApiMfaFidoChallenge =
-  components["responses"]["FidoAssertChallenge"]["content"]["application/json"];
+  /** The new TOTP configuration */
+  get totpUrl() {
+    return this.#totpInfo.totp_url;
+  }
 
-export type PublicKeyCredentialCreationOptions =
-  components["schemas"]["PublicKeyCredentialCreationOptions"];
-export type PublicKeyCredentialRequestOptions =
-  components["schemas"]["PublicKeyCredentialRequestOptions"];
-export type PublicKeyCredentialParameters = components["schemas"]["PublicKeyCredentialParameters"];
-export type PublicKeyCredentialDescriptor = components["schemas"]["PublicKeyCredentialDescriptor"];
-export type AuthenticatorSelectionCriteria =
-  components["schemas"]["AuthenticatorSelectionCriteria"];
-export type PublicKeyCredentialUserEntity = components["schemas"]["PublicKeyCredentialUserEntity"];
-export type PublicKeyCredential = components["schemas"]["PublicKeyCredential"];
+  /**
+   * @param {CubeSignerClient} csc Used when answering the challenge.
+   * @param {TotpInfo} totpInfo TOTP challenge information.
+   */
+  constructor(csc: CubeSignerClient, totpInfo: TotpInfo) {
+    this.#csc = csc;
+    this.#totpInfo = totpInfo;
+  }
+
+  /**
+   * Answer the challenge with the code that corresponds to `this.totpUrl`.
+   * @param {string} code 6-digit code that corresponds to `this.totpUrl`.
+   */
+  async answer(code: string) {
+    if (!/^\d{1,6}$/.test(code)) {
+      throw new Error(`Invalid TOTP code: ${code}; it must be a 6-digit string`);
+    }
+
+    await this.#csc.userResetTotpComplete(this.totpId, code);
+  }
+}
 
 /**
  * Returned after creating a request to add a new FIDO device.
  * Provides some helper methods for answering this challenge.
  */
 export class AddFidoChallenge {
-  readonly #cs: CubeSigner;
+  readonly #csc: CubeSignerClient;
   readonly challengeId: string;
   readonly options: any;
 
   /**
    * Constructor
-   * @param {CubeSigner} cs CubeSigner instance used to request to add a FIDO device
+   * @param {CubeSignerClient} csc CubeSigner instance used to request to add a FIDO device
    * @param {ApiAddFidoChallenge} challenge The challenge returned by the remote end.
    */
-  constructor(cs: CubeSigner, challenge: ApiAddFidoChallenge) {
-    this.#cs = cs;
+  constructor(csc: CubeSignerClient, challenge: ApiAddFidoChallenge) {
+    this.#csc = csc;
     this.challengeId = challenge.challenge_id;
 
     // fix options returned from the server: rename fields and decode base64 fields to uint8[]
@@ -88,7 +124,7 @@ export class AddFidoChallenge {
         attestationObject: encodeToBase64Url(cred.response.attestationObject),
       },
     };
-    await this.#cs.addFidoComplete(this.challengeId, answer);
+    await this.#csc.userRegisterFidoComplete(this.challengeId, answer);
   }
 }
 
@@ -97,18 +133,18 @@ export class AddFidoChallenge {
  * Provides some helper methods for answering this challenge.
  */
 export class MfaFidoChallenge {
-  readonly #ss: SignerSession;
+  readonly #csc: CubeSignerClient;
   readonly mfaId: string;
   readonly challengeId: string;
   readonly options: any;
 
   /**
-   * @param {SignerSession} ss The session used to initiate MFA approval using FIDO
+   * @param {CubeSignerClient} csc The session used to initiate MFA approval using FIDO
    * @param {string} mfaId The MFA request id.
    * @param {ApiMfaFidoChallenge} challenge The challenge returned by the remote end
    */
-  constructor(ss: SignerSession, mfaId: string, challenge: ApiMfaFidoChallenge) {
-    this.#ss = ss;
+  constructor(csc: CubeSignerClient, mfaId: string, challenge: ApiMfaFidoChallenge) {
+    this.#csc = csc;
     this.mfaId = mfaId;
     this.challengeId = challenge.challenge_id;
 
@@ -161,6 +197,6 @@ export class MfaFidoChallenge {
         signature: encodeToBase64Url(cred.response.signature),
       },
     };
-    return await this.#ss.fidoApproveComplete(this.mfaId, this.challengeId, answer);
+    return await this.#csc.mfaApproveFidoComplete(this.mfaId, this.challengeId, answer);
   }
 }