@cubist-labs/cubesigner-sdk 0.2.24 → 0.3.1

package/src/schema_types.ts

@@ -56,6 +56,9 @@ export type RefreshSignerSessionRequest = schemas["AuthData"];
 
 export type EvmSignRequest = schemas["Eth1SignRequest"];
 export type EvmSignResponse = schemas["Eth1SignResponse"];
+export type Eip191SignRequest = schemas["Eip191SignRequest"];
+export type Eip712SignRequest = schemas["Eip712SignRequest"];
+export type Eip191Or712SignResponse = schemas["Eip191Or712SignResponse"];
 export type Eth2SignRequest = schemas["Eth2SignRequest"];
 export type Eth2SignResponse = schemas["Eth2SignResponse"];
 export type Eth2StakeRequest = schemas["StakeRequest"];

package/src/session/session_storage.ts

@@ -1,5 +1,3 @@
-import { promises as fs } from "fs";
-
 /** Interface for storing sessions. */
 export interface SessionStorage<U> {
   /** Store session information */
@@ -41,33 +39,3 @@ export class MemorySessionStorage<U> implements SessionStorage<U> {
     this.#data = data;
   }
 }
-
-/** Stores session information in a JSON file */
-export class JsonFileSessionStorage<U> implements SessionStorage<U> {
-  readonly #filePath: string;
-
-  /**
-   * Store session information.
-   * @param {U} data The session information to store
-   * @return {Promise<void>}
-   */
-  async save(data: U): Promise<void> {
-    await fs.writeFile(this.#filePath, JSON.stringify(data), "utf-8");
-  }
-
-  /**
-   * Retrieve session information.
-   * @return {Promise<U>} The session information
-   */
-  async retrieve(): Promise<U> {
-    return JSON.parse(await fs.readFile(this.#filePath, "utf-8"));
-  }
-
-  /**
-   * Constructor.
-   * @param {string} filePath The file path to use for storage
-   */
-  constructor(filePath: string) {
-    this.#filePath = filePath;
-  }
-}

package/src/session/signer_session_manager.ts

@@ -1,16 +1,21 @@
+import { Events } from "../events";
+import { EnvInterface } from "../env";
+import { Client, createHttpClient, OpClient } from "../api";
+import { MemorySessionStorage, SessionStorage } from "./session_storage";
+import { delay } from "../util";
 import {
   ClientSessionInfo,
   NewSessionResponse,
   RefreshSignerSessionRequest,
 } from "../schema_types";
-import { Client, OpClient } from "../api";
-import { HasEnv, OrgSessionManager, SessionManager } from "./session_manager";
-import { MemorySessionStorage, SessionStorage } from "./session_storage";
 import { EventEmitter } from "../events";
-import { EnvInterface } from "../env";
+import { SessionExpiredError } from "../error";
+import { operations } from "../schema";
+
+const DEFAULT_EXPIRATION_BUFFER_SECS = 30;
 
 /** JSON representation of our "signer session" file format */
-export interface SignerSessionObject {
+export interface SignerSessionData {
   /** The organization ID */
   org_id: string;
   /** The role ID */
@@ -23,6 +28,10 @@ export interface SignerSessionObject {
   session_info: ClientSessionInfo;
   /** Session expiration (in seconds since UNIX epoch) beyond which it cannot be refreshed */
   session_exp: number | undefined; // may be missing in legacy session files
+  /** The environment */
+  env: {
+    ["Dev-CubeSignerStack"]: EnvInterface;
+  };
 }
 
 /**
@@ -34,8 +43,6 @@ function secondsSinceEpochToDate(secs: number): Date {
   return new Date(secs * 1000);
 }
 
-export interface SignerSessionData extends SignerSessionObject, HasEnv {}
-
 /** Type of storage required for signer sessions */
 export type SignerSessionStorage = SessionStorage<SignerSessionData>;
 
@@ -50,9 +57,14 @@ export interface SignerSessionLifetime {
   grace?: number;
 }
 
-/** Manager for signer sessions. */
-export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
+/** Generic session manager interface. */
+export class SignerSessionManager {
+  readonly env: EnvInterface;
+  readonly orgId: string;
+  readonly storage: SignerSessionStorage;
+  readonly events = new Events();
   readonly #eventEmitter: EventEmitter;
+  #refreshing: boolean = false;
   #client: { client: Client; token_exp: Date; session_exp?: Date };
 
   /**
@@ -68,17 +80,20 @@ export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
    * Refreshes the current session if needed, then returns a client using the current session.
    *
    * May **UPDATE/MUTATE** self.
+   *
+   * @param {operations} operation The operation that this client will be
+   *   used for. This parameter is used exclusively for more accurate error
+   *   reporting and does not affect functionality.
+   * @return {Client} The client with the current session
    */
-  async client(): Promise<Client> {
+  async client(operation?: keyof operations): Promise<Client> {
     await this.refreshIfNeeded();
 
     // trigger "session expired" if the session as a whole has expired
     // or if (for whatever reason) the token is still stale
-    if (
-      SessionManager.hasExpired(this.#client.token_exp) ||
-      (this.#client.session_exp && SessionManager.hasExpired(this.#client.session_exp))
-    ) {
+    if (SignerSessionManager.#hasTimestampExpired(this.#client.token_exp) || this.hasExpired()) {
       await this.#eventEmitter.emitSessionExpired();
+      throw new SessionExpiredError(operation);
     }
 
     return this.#client.client;
@@ -92,19 +107,15 @@ export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
     });
   }
 
-  /**
-   * Returns whether it's time to refresh this token.
-   * @return {boolean} Whether it's time to refresh this token.
-   * @internal
-   */
-  async isStale(): Promise<boolean> {
-    return SessionManager.isStale(this.#client.token_exp);
-  }
-
   /**
    * Refreshes the session and **UPDATES/MUTATES** self.
    */
   async refresh(): Promise<void> {
+    if (this.hasExpired()) {
+      await this.#eventEmitter.emitSessionExpired();
+      throw new SessionExpiredError("signerSessionRefresh");
+    }
+
     const currSession = await this.storage.retrieve();
 
     const client = new OpClient("signerSessionRefresh", this.#client.client, this.#eventEmitter);
@@ -125,7 +136,7 @@ export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
 
     await this.storage.save(newSession);
     this.#client = {
-      client: this.createClient(newSession.token),
+      client: this.#createClient(newSession.token),
       token_exp: secondsSinceEpochToDate(newSession.session_info.auth_token_exp),
       session_exp: newSession.session_exp
         ? secondsSinceEpochToDate(newSession.session_exp)
@@ -133,6 +144,77 @@ export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
     };
   }
 
+  /**
+   * Returns whether it's time to refresh this token.
+   * @return {boolean} Whether it's time to refresh this token.
+   * @internal
+   */
+  async isStale(): Promise<boolean> {
+    return SignerSessionManager.#hasTimestampExpired(
+      this.#client.token_exp,
+      DEFAULT_EXPIRATION_BUFFER_SECS,
+    );
+  }
+
+  /**
+   * Return whether this session has expired and cannot be refreshed anymore.
+   * @return {boolean} Whether this session has expired.
+   * @internal
+   */
+  hasExpired(): boolean {
+    return (
+      (this.#client.session_exp || false) &&
+      SignerSessionManager.#hasTimestampExpired(this.#client.session_exp)
+    );
+  }
+
+  /**
+   * Refreshes the session if it is about to expire.
+   * @return {boolean} Whether the session token was refreshed.
+   * @internal
+   */
+  async refreshIfNeeded(): Promise<boolean> {
+    if (await this.isStale()) {
+      if (this.#refreshing) {
+        // wait until done refreshing
+        while (this.#refreshing) {
+          await delay(100);
+        }
+        return false;
+      } else {
+        // refresh
+        this.#refreshing = true;
+        try {
+          await this.refresh();
+          return true;
+        } finally {
+          this.#refreshing = false;
+        }
+      }
+    }
+
+    return false;
+  }
+
+  /**
+   * Automatically refreshes the session in the background (if needed) every
+   * minute. This is a simple wrapper around `setInterval`.
+   * @return {number} The interval ID of the refresh timer.
+   */
+  autoRefresh(): RefreshId {
+    return setInterval(async () => {
+      await this.refreshIfNeeded();
+    }, 60 * 1000);
+  }
+
+  /**
+   * Clears the auto refresh timer.
+   * @param {number} timer The timer ID to clear.
+   */
+  clearAutoRefresh(timer: RefreshId): void {
+    clearInterval(timer);
+  }
+
   /**
    * @param {EnvInterface} env The CubeSigner environment
    * @param {string} orgId The organization ID
@@ -188,19 +270,46 @@ export class SignerSessionManager extends OrgSessionManager<SignerSessionData> {
 
   /**
    * Constructor.
-   *
    * @param {SignerSessionData} sessionData Session data
    * @param {SignerSessionStorage} storage The session storage to use.
    */
-  protected constructor(sessionData: SignerSessionData, storage: SignerSessionStorage) {
-    super(sessionData.env["Dev-CubeSignerStack"], sessionData.org_id, storage);
+  constructor(sessionData: SignerSessionData, storage: SignerSessionStorage) {
+    this.env = sessionData.env["Dev-CubeSignerStack"];
+    this.orgId = sessionData.org_id;
+    this.storage = storage;
     this.#eventEmitter = new EventEmitter([this.events]);
     this.#client = {
-      client: this.createClient(sessionData.token),
+      client: this.#createClient(sessionData.token),
       token_exp: secondsSinceEpochToDate(sessionData.session_info.auth_token_exp),
       session_exp: sessionData.session_exp
         ? secondsSinceEpochToDate(sessionData.session_exp)
         : undefined,
     };
   }
+
+  /**
+   * Creates a new REST client with a given token
+   * @param {string} token The authorization token to use for the client
+   * @return {Client} The new REST client
+   */
+  #createClient(token: string): Client {
+    return createHttpClient(this.env.SignerApiRoot, token);
+  }
+
+  /**
+   * Check if a timestamp is within {@link bufferSeconds} seconds from expiration.
+   * @param {Date} exp The timestamp to check
+   * @param {number} bufferSeconds Time buffer in seconds (defaults to 0s)
+   * @return {boolean} True if the timestamp has expired
+   */
+  static #hasTimestampExpired(exp: Date, bufferSeconds?: number): boolean {
+    bufferSeconds ??= 0;
+    const expMsSinceEpoch = exp.getTime();
+    const nowMsSinceEpoch = new Date().getTime();
+    const bufferMs = bufferSeconds * 1000;
+    return expMsSinceEpoch < nowMsSinceEpoch + bufferMs;
+  }
 }
+
+/** Type of the refresh timer ID. */
+export type RefreshId = ReturnType<typeof setInterval>;

package/src/util.ts

@@ -1,5 +1,3 @@
-import * as path from "path";
-
 /** JSON map type */
 export interface JsonMap {
   [member: string]: string | number | boolean | null | JsonArray | JsonMap;
@@ -9,15 +7,14 @@ export interface JsonMap {
 export type JsonArray = Array<string | number | boolean | null | JsonArray | JsonMap>;
 
 /**
- * Directory where CubeSigner stores config files.
- * @return {string} Config dir
+ * Path join
+ * @param {string} dir Parent directory
+ * @param {string} file Pathname
+ * @return {string} New pathname
  */
-export function configDir(): string {
-  const configDir =
-    process.platform === "darwin"
-      ? `${process.env.HOME}/Library/Application Support`
-      : `${process.env.HOME}/.config`;
-  return path.join(configDir, "cubesigner");
+export function pathJoin(dir: string, file: string): string {
+  const sep = globalThis?.process?.platform === "win32" ? "\\" : "/";
+  return `${dir}${sep}${file}`;
 }
 
 /**
@@ -81,3 +78,15 @@ export function encodeToBase64Url(buffer: Iterable<number>): string {
 export function delay(ms: number): Promise<void> {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
+
+/**
+ * Converts a string or a uint8 array into a hex string. Strings are encoded in UTF-8 before
+ * being converted to hex.
+ * @param {string | Uint8Array} message The input
+ * @return {string} Hex string prefixed with "0x"
+ */
+export function encodeToHex(message: string | Uint8Array): string {
+  return (
+    "0x" + (typeof message === "string" ? Buffer.from(message, "utf8") : message).toString("hex")
+  );
+}

package/tsconfig.json

@@ -1,30 +1,10 @@
 {
+  "extends": "../../tsconfig.json",
   "compilerOptions": {
-    "target": "es2021",
-    "module": "commonjs",
-    "declaration": true,
-    "strict": true,
-    "noImplicitAny": true,
-    "noImplicitThis": true,
-    "alwaysStrict": true,
-    "noUnusedLocals": true,
-    "noUnusedParameters": true,
-    "noImplicitReturns": true,
-    "noFallthroughCasesInSwitch": false,
-    "inlineSourceMap": true,
-    "inlineSources": true,
-    "experimentalDecorators": true,
-    "strictPropertyInitialization": true,
-    "resolveJsonModule": true,
-    "esModuleInterop": true,
-    "skipLibCheck": true,
     "outDir": "./dist"
   },
   "typedocOptions": {
     "out": "./docs",
-    "excludeInternal": true,
-    "excludePrivate": true,
-    "excludeProtected": true,
     "entryPoints": ["src/index.ts", "src/env.ts", "src/schema.ts"]
   },
   "exclude": ["spec", "node_modules", "dist"],

package/LICENSE-APACHE

@@ -1,177 +0,0 @@
-
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS

package/LICENSE-MIT

@@ -1,25 +0,0 @@
-Copyright (C) 2022-2023 Cubist, Inc.
-
-Permission is hereby granted, free of charge, to any
-person obtaining a copy of this software and associated
-documentation files (the "Software"), to deal in the
-Software without restriction, including without
-limitation the rights to use, copy, modify, merge,
-publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software
-is furnished to do so, subject to the following
-conditions:
-
-The above copyright notice and this permission notice
-shall be included in all copies or substantial portions
-of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF
-ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
-TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
-PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
-SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
-CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
-OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR
-IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
-DEALINGS IN THE SOFTWARE.

package/NOTICE

@@ -1,13 +0,0 @@
-Copyright (C) 2023 Cubist, Inc.
-
-This software is licensed under either of
-
-- Apache License, Version 2.0
-  (see https://www.apache.org/licenses/LICENSE-2.0 or LICENSE-APACHE)
-
-- MIT license
-  (see https://opensource.org/licenses/MIT or LICENSE-MIT)
-  
-at your option.
-
-The SPDX identifier for this project is "MIT OR Apache-2.0".

package/dist/examples/ethers.d.ts

@@ -1 +0,0 @@
-export {};