@getpara/core-sdk 2.0.0-dev.3 → 2.0.0-dev.7

package/dist/cjs/constants.js

@@ -24,6 +24,8 @@ __export(constants_exports, {
   LOCAL_STORAGE_CURRENT_WALLET_IDS: () => LOCAL_STORAGE_CURRENT_WALLET_IDS,
   LOCAL_STORAGE_ED25519_WALLETS: () => LOCAL_STORAGE_ED25519_WALLETS,
   LOCAL_STORAGE_EMAIL: () => LOCAL_STORAGE_EMAIL,
+  LOCAL_STORAGE_ENCLAVE_JWT: () => LOCAL_STORAGE_ENCLAVE_JWT,
+  LOCAL_STORAGE_ENCLAVE_REFRESH_JWT: () => LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
   LOCAL_STORAGE_EXTERNAL_WALLETS: () => LOCAL_STORAGE_EXTERNAL_WALLETS,
   LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID: () => LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID,
   LOCAL_STORAGE_FARCASTER_USERNAME: () => LOCAL_STORAGE_FARCASTER_USERNAME,
@@ -33,6 +35,7 @@ __export(constants_exports, {
   LOCAL_STORAGE_USER_ID: () => LOCAL_STORAGE_USER_ID,
   LOCAL_STORAGE_WALLETS: () => LOCAL_STORAGE_WALLETS,
   PARA_CORE_VERSION: () => PARA_CORE_VERSION,
+  PARA_PREFIX: () => PARA_PREFIX,
   POLLING_INTERVAL_MS: () => POLLING_INTERVAL_MS,
   POLLING_TIMEOUT_MS: () => POLLING_TIMEOUT_MS,
   PREFIX: () => PREFIX,
@@ -40,8 +43,9 @@ __export(constants_exports, {
   SHORT_POLLING_INTERVAL_MS: () => SHORT_POLLING_INTERVAL_MS
 });
 module.exports = __toCommonJS(constants_exports);
-const PARA_CORE_VERSION = "2.0.0-dev.0";
+const PARA_CORE_VERSION = "2.0.0-alpha.50";
 const PREFIX = "@CAPSULE/";
+const PARA_PREFIX = "@PARA/";
 const LOCAL_STORAGE_AUTH_INFO = `${PREFIX}authInfo`;
 const LOCAL_STORAGE_EMAIL = `${PREFIX}e-mail`;
 const LOCAL_STORAGE_PHONE = `${PREFIX}phone`;
@@ -55,6 +59,8 @@ const LOCAL_STORAGE_WALLETS = `${PREFIX}wallets`;
 const LOCAL_STORAGE_EXTERNAL_WALLETS = `${PREFIX}externalWallets`;
 const LOCAL_STORAGE_CURRENT_WALLET_IDS = `${PREFIX}currentWalletIds`;
 const LOCAL_STORAGE_SESSION_COOKIE = `${PREFIX}sessionCookie`;
+const LOCAL_STORAGE_ENCLAVE_JWT = `${PREFIX}enclaveJwt`;
+const LOCAL_STORAGE_ENCLAVE_REFRESH_JWT = `${PREFIX}enclaveRefreshJwt`;
 const SESSION_STORAGE_LOGIN_ENCRYPTION_KEY_PAIR = `${PREFIX}loginEncryptionKeyPair`;
 const POLLING_INTERVAL_MS = 2e3;
 const SHORT_POLLING_INTERVAL_MS = 1e3;
@@ -70,6 +76,8 @@ const ACCOUNT_LINK_CONFLICT = "Account already linked";
   LOCAL_STORAGE_CURRENT_WALLET_IDS,
   LOCAL_STORAGE_ED25519_WALLETS,
   LOCAL_STORAGE_EMAIL,
+  LOCAL_STORAGE_ENCLAVE_JWT,
+  LOCAL_STORAGE_ENCLAVE_REFRESH_JWT,
   LOCAL_STORAGE_EXTERNAL_WALLETS,
   LOCAL_STORAGE_EXTERNAL_WALLET_USER_ID,
   LOCAL_STORAGE_FARCASTER_USERNAME,
@@ -79,6 +87,7 @@ const ACCOUNT_LINK_CONFLICT = "Account already linked";
   LOCAL_STORAGE_USER_ID,
   LOCAL_STORAGE_WALLETS,
   PARA_CORE_VERSION,
+  PARA_PREFIX,
   POLLING_INTERVAL_MS,
   POLLING_TIMEOUT_MS,
   PREFIX,

package/dist/cjs/index.js

@@ -45,6 +45,7 @@ __export(src_exports, {
   OnRampProvider: () => import_user_management_client.OnRampProvider,
   OnRampPurchaseStatus: () => import_user_management_client.OnRampPurchaseStatus,
   OnRampPurchaseType: () => import_user_management_client.OnRampPurchaseType,
+  PARA_STORAGE_PREFIX: () => import_constants.PARA_PREFIX,
   PREGEN_IDENTIFIER_TYPES: () => import_user_management_client.PREGEN_IDENTIFIER_TYPES,
   PopupType: () => import_types.PopupType,
   PregenIdentifierType: () => import_types.PregenIdentifierType,
@@ -133,6 +134,7 @@ var src_default = import_ParaCore.ParaCore;
   OnRampProvider,
   OnRampPurchaseStatus,
   OnRampPurchaseType,
+  PARA_STORAGE_PREFIX,
   PREGEN_IDENTIFIER_TYPES,
   PopupType,
   PregenIdentifierType,

package/dist/cjs/shares/enclave.js

@@ -0,0 +1,274 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+var enclave_exports = {};
+__export(enclave_exports, {
+  EnclaveClient: () => EnclaveClient
+});
+module.exports = __toCommonJS(enclave_exports);
+class EnclaveClient {
+  constructor({
+    userManagementClient,
+    retrieveJwt,
+    persistJwt,
+    retrieveRefreshJwt,
+    persistRefreshJwt
+  }) {
+    this.enclavePublicKey = null;
+    this.frontendKeyPair = null;
+    this.userManagementClient = userManagementClient;
+    this.retrieveJwt = retrieveJwt;
+    this.persistJwt = persistJwt;
+    this.retrieveRefreshJwt = retrieveRefreshJwt;
+    this.persistRefreshJwt = persistRefreshJwt;
+  }
+  refreshJwt() {
+    return __async(this, null, function* () {
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const payload = {
+        refreshJwt: this.retrieveRefreshJwt(),
+        responsePublicKey: responsePublicKeyPEM
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const response = yield this.userManagementClient.refreshEnclaveJwt(JSON.stringify(encryptedPayload));
+      const decryptedResponse = yield this.decryptForFrontend(JSON.parse(response.payload));
+      this.persistJwt(decryptedResponse.jwt);
+      this.persistRefreshJwt(decryptedResponse.refreshJwt);
+    });
+  }
+  withJwtRefreshRetry(fn) {
+    return __async(this, null, function* () {
+      try {
+        return yield fn();
+      } catch (error) {
+        yield this.refreshJwt();
+        return yield fn();
+      }
+    });
+  }
+  issueEnclaveJwt() {
+    return __async(this, null, function* () {
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const payload = {
+        responsePublicKey: responsePublicKeyPEM
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const response = yield this.userManagementClient.issueEnclaveJwt(JSON.stringify(encryptedPayload));
+      console.log(JSON.parse(response));
+      const decryptedResponse = yield this.decryptForFrontend(JSON.parse(response));
+      console.log("decryptedResponse", decryptedResponse);
+      this.persistJwt(decryptedResponse.jwt);
+    });
+  }
+  /**
+   * Generate a P-256 keypair for the frontend to receive encrypted responses
+   */
+  generateFrontendKeyPair() {
+    return __async(this, null, function* () {
+      if (this.frontendKeyPair) {
+        return this.frontendKeyPair;
+      }
+      this.frontendKeyPair = yield crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
+      return this.frontendKeyPair;
+    });
+  }
+  /**
+   * Get the enclave's public key from the user-management service
+   */
+  getEnclavePublicKey() {
+    return __async(this, null, function* () {
+      if (this.enclavePublicKey) {
+        return this.enclavePublicKey;
+      }
+      const response = yield this.userManagementClient.getEnclavePublicKey();
+      this.enclavePublicKey = response.publicKey;
+      return this.enclavePublicKey;
+    });
+  }
+  /**
+   * Import a PEM-formatted public key for use with Web Crypto API
+   */
+  importPublicKeyFromPEM(pemString) {
+    return __async(this, null, function* () {
+      const pemContents = pemString.replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "").replace(/\s/g, "");
+      const keyData = Uint8Array.from(atob(pemContents), (c) => c.charCodeAt(0));
+      return yield crypto.subtle.importKey("spki", keyData, { name: "ECDH", namedCurve: "P-256" }, false, []);
+    });
+  }
+  /**
+   * Export a public key to PEM format
+   */
+  exportPublicKeyToPEM(publicKey) {
+    return __async(this, null, function* () {
+      const exported = yield crypto.subtle.exportKey("spki", publicKey);
+      const exportedAsBase64 = btoa(String.fromCharCode(...new Uint8Array(exported)));
+      return `-----BEGIN PUBLIC KEY-----
+${exportedAsBase64}
+-----END PUBLIC KEY-----`;
+    });
+  }
+  /**
+   * Encrypt data using P-256 ECIES for the enclave
+   */
+  encryptForEnclave(plaintext) {
+    return __async(this, null, function* () {
+      const enclavePublicKeyPEM = yield this.getEnclavePublicKey();
+      const enclavePublicKey = yield this.importPublicKeyFromPEM(enclavePublicKeyPEM);
+      const ephemeralKeyPair = yield crypto.subtle.generateKey({ name: "ECDH", namedCurve: "P-256" }, true, ["deriveBits"]);
+      const sharedSecretBits = yield crypto.subtle.deriveBits(
+        { name: "ECDH", public: enclavePublicKey },
+        ephemeralKeyPair.privateKey,
+        256
+        // 32 bytes = 256 bits
+      );
+      const encryptionKeyBuffer = yield crypto.subtle.digest("SHA-256", sharedSecretBits);
+      const encryptionKey = yield crypto.subtle.importKey("raw", encryptionKeyBuffer, { name: "AES-GCM" }, false, ["encrypt"]);
+      const iv = crypto.getRandomValues(new Uint8Array(12));
+      const encrypted = yield crypto.subtle.encrypt(
+        { name: "AES-GCM", iv },
+        encryptionKey,
+        new TextEncoder().encode(plaintext)
+      );
+      const encryptedArray = new Uint8Array(encrypted);
+      const combined = new Uint8Array(iv.length + encryptedArray.length);
+      combined.set(iv);
+      combined.set(encryptedArray, iv.length);
+      const ephemeralPublicKeyBuffer = yield crypto.subtle.exportKey("spki", ephemeralKeyPair.publicKey);
+      return {
+        encryptedData: btoa(String.fromCharCode(...combined)),
+        keyId: "",
+        // Will be set by the enclave
+        algorithm: "ECIES-P256-AES256-SHA256",
+        ephemeral: btoa(String.fromCharCode(...new Uint8Array(ephemeralPublicKeyBuffer)))
+      };
+    });
+  }
+  /**
+   * Decrypt response encrypted for the frontend
+   */
+  decryptForFrontend(encryptedPayload) {
+    return __async(this, null, function* () {
+      if (!this.frontendKeyPair) {
+        throw new Error("Frontend keypair not available");
+      }
+      const encryptedData = Uint8Array.from(atob(encryptedPayload.encryptedData), (c) => c.charCodeAt(0));
+      const ephemeralPublicKeyData = Uint8Array.from(atob(encryptedPayload.ephemeral), (c) => c.charCodeAt(0));
+      const ephemeralPublicKey = yield crypto.subtle.importKey(
+        "spki",
+        ephemeralPublicKeyData,
+        { name: "ECDH", namedCurve: "P-256" },
+        false,
+        []
+      );
+      const sharedSecretBits = yield crypto.subtle.deriveBits(
+        { name: "ECDH", public: ephemeralPublicKey },
+        this.frontendKeyPair.privateKey,
+        256
+      );
+      const encryptionKeyBuffer = yield crypto.subtle.digest("SHA-256", sharedSecretBits);
+      const encryptionKey = yield crypto.subtle.importKey("raw", encryptionKeyBuffer, { name: "AES-GCM" }, false, ["decrypt"]);
+      const iv = encryptedData.slice(0, 12);
+      const ciphertext = encryptedData.slice(12);
+      const decrypted = yield crypto.subtle.decrypt({ name: "AES-GCM", iv }, encryptionKey, ciphertext);
+      console.log("decryptForFrontend decrypted", decrypted);
+      return JSON.parse(new TextDecoder().decode(decrypted));
+    });
+  }
+  /**
+   * Persist key shares to the enclave
+   * @param shares Array of share data to persist
+   */
+  persistShares(shares) {
+    return __async(this, null, function* () {
+      console.log("persistShares about to call encryptForEnclave");
+      console.log("shares", shares);
+      const payload = {
+        shares,
+        jwt: this.retrieveJwt()
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+      return yield this.userManagementClient.persistEnclaveShares(encryptedPayloadStr);
+    });
+  }
+  /**
+   * Retrieve key shares from the enclave
+   * @param query Query parameters for finding shares (single query or array of queries)
+   */
+  retrieveShares(query) {
+    return __async(this, null, function* () {
+      yield this.issueEnclaveJwt();
+      const frontendKeyPair = yield this.generateFrontendKeyPair();
+      const responsePublicKeyPEM = yield this.exportPublicKeyToPEM(frontendKeyPair.publicKey);
+      const fullQuery = query.map((q) => ({
+        userId: q.userId
+      }));
+      const payload = {
+        query: fullQuery,
+        responsePublicKey: responsePublicKeyPEM,
+        jwt: this.retrieveJwt()
+      };
+      const encryptedPayload = yield this.encryptForEnclave(JSON.stringify(payload));
+      const encryptedPayloadStr = JSON.stringify(encryptedPayload);
+      const response = yield this.userManagementClient.retrieveEnclaveShares(encryptedPayloadStr);
+      const encryptedResponse = JSON.parse(response.payload);
+      const decryptedData = yield this.decryptForFrontend(encryptedResponse);
+      console.log("retrieveShares decryptedData", decryptedData);
+      return decryptedData;
+    });
+  }
+  retrieveSharesWithRetry(query) {
+    return __async(this, null, function* () {
+      return yield this.withJwtRefreshRetry(() => __async(this, null, function* () {
+        return this.retrieveShares(query);
+      }));
+    });
+  }
+  persistSharesWithRetry(shares) {
+    return __async(this, null, function* () {
+      return yield this.withJwtRefreshRetry(() => __async(this, null, function* () {
+        return this.persistShares(shares);
+      }));
+    });
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  EnclaveClient
+});

package/dist/cjs/shares/shareDistribution.js

@@ -52,8 +52,23 @@ function distributeNewShare(_0) {
     ignoreRedistributingBackupEncryptedShare = false,
     emailProps = {},
     partnerId,
-    protocolId
+    protocolId,
+    isEnclaveUser,
+    walletScheme
   }) {
+    if (isEnclaveUser) {
+      yield ctx.enclaveClient.persistSharesWithRetry([
+        {
+          userId,
+          walletId,
+          walletScheme,
+          signer: userShare,
+          partnerId,
+          protocolId
+        }
+      ]);
+      return "";
+    }
     const publicKeysRes = yield ctx.client.getSessionPublicKeys(userId);
     const biometricEncryptedShares = publicKeysRes.data.keys.map((key) => {
       if (!key.publicKey) {

package/dist/cjs/types/coreApi.js

@@ -80,7 +80,9 @@ const PARA_INTERNAL_METHODS = [
   "verifyFarcasterLink",
   "verifyTelegramLink",
   "verifyExternalWalletLink",
-  "accountLinkInProgress"
+  "accountLinkInProgress",
+  "prepareLogin",
+  "sendLoginCode"
 ];
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {