@graphprotocol/hypergraph 0.0.1

package/src/inboxes/prepare-message.ts

@@ -0,0 +1,85 @@
+import { secp256k1 } from '@noble/curves/secp256k1';
+import type * as Messages from '../messages/index.js';
+import type { SignatureWithRecovery } from '../types.js';
+import { canonicalize, hexToBytes, stringToUint8Array } from '../utils/index.js';
+import { encryptInboxMessage } from './message-encryption.js';
+
+export async function prepareSpaceInboxMessage({
+  message,
+  spaceId,
+  inboxId,
+  encryptionPublicKey,
+  signaturePrivateKey,
+  authorAccountAddress,
+}: Readonly<{
+  message: string;
+  spaceId: string;
+  inboxId: string;
+  encryptionPublicKey: string;
+  signaturePrivateKey: string | null;
+  authorAccountAddress: string | null;
+}>) {
+  const { ciphertext } = encryptInboxMessage({ message, encryptionPublicKey });
+  let signature: SignatureWithRecovery | undefined;
+  if (signaturePrivateKey && authorAccountAddress) {
+    const messageToSign = stringToUint8Array(
+      canonicalize({
+        spaceId,
+        inboxId,
+        ciphertext,
+        authorAccountAddress,
+      }),
+    );
+    const signatureInstance = secp256k1.sign(messageToSign, hexToBytes(signaturePrivateKey), { prehash: true });
+    signature = {
+      hex: signatureInstance.toCompactHex(),
+      recovery: signatureInstance.recovery,
+    };
+  }
+  const messageToSend: Messages.RequestCreateSpaceInboxMessage = {
+    ciphertext,
+    signature,
+    authorAccountAddress: authorAccountAddress ?? undefined,
+  };
+  return messageToSend;
+}
+
+export async function prepareAccountInboxMessage({
+  message,
+  accountAddress,
+  inboxId,
+  encryptionPublicKey,
+  signaturePrivateKey,
+  authorAccountAddress,
+}: Readonly<{
+  message: string;
+  accountAddress: string;
+  inboxId: string;
+  encryptionPublicKey: string;
+  signaturePrivateKey: string | null;
+  authorAccountAddress: string | null;
+}>) {
+  const { ciphertext } = encryptInboxMessage({ message, encryptionPublicKey });
+  let signature: SignatureWithRecovery | undefined;
+  if (signaturePrivateKey && authorAccountAddress) {
+    const messageToSign = stringToUint8Array(
+      canonicalize({
+        accountAddress,
+        inboxId,
+        ciphertext,
+        authorAccountAddress,
+      }),
+    );
+    const signatureInstance = secp256k1.sign(messageToSign, hexToBytes(signaturePrivateKey), { prehash: true });
+    signature = {
+      hex: signatureInstance.toCompactHex(),
+      recovery: signatureInstance.recovery,
+    };
+  }
+  const messageToSend: Messages.RequestCreateAccountInboxMessage = {
+    ciphertext,
+    signature,
+    authorAccountAddress: authorAccountAddress ?? undefined,
+  };
+  return messageToSend;
+}

package/src/inboxes/recover-inbox-creator.ts

@@ -0,0 +1,29 @@
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
+import type { AccountInbox } from '../messages/index.js';
+import type { CreateSpaceInboxEvent } from '../space-events/index.js';
+import { canonicalize, stringToUint8Array } from '../utils/index.js';
+
+export const recoverAccountInboxCreatorKey = (inbox: AccountInbox): string => {
+  const messageToVerify = stringToUint8Array(
+    canonicalize({
+      accountAddress: inbox.accountAddress,
+      inboxId: inbox.inboxId,
+      encryptionPublicKey: inbox.encryptionPublicKey,
+    }),
+  );
+  const signature = inbox.signature;
+  let signatureInstance = secp256k1.Signature.fromCompact(signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(signature.recovery);
+  const authorPublicKey = `0x${signatureInstance.recoverPublicKey(sha256(messageToVerify)).toHex()}`;
+  return authorPublicKey;
+};
+
+export const recoverSpaceInboxCreatorKey = (event: CreateSpaceInboxEvent): string => {
+  const messageToVerify = stringToUint8Array(canonicalize(event.transaction));
+  const signature = event.author.signature;
+  let signatureInstance = secp256k1.Signature.fromCompact(signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(signature.recovery);
+  const authorPublicKey = `0x${signatureInstance.recoverPublicKey(sha256(messageToVerify)).toHex()}`;
+  return authorPublicKey;
+};

package/src/inboxes/recover-inbox-message-signer.ts

@@ -0,0 +1,42 @@
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
+import type * as Messages from '../messages/index.js';
+import * as Utils from '../utils/index.js';
+
+export const recoverSpaceInboxMessageSigner = (
+  message: Messages.RequestCreateSpaceInboxMessage,
+  spaceId: string,
+  inboxId: string,
+) => {
+  if (!message.signature) {
+    throw new Error('Signature is required');
+  }
+  let signatureInstance = secp256k1.Signature.fromCompact(message.signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(message.signature.recovery);
+  const signedMessage = {
+    spaceId,
+    inboxId,
+    ciphertext: message.ciphertext,
+    authorAccountAddress: message.authorAccountAddress,
+  };
+  return `0x${signatureInstance.recoverPublicKey(sha256(Utils.stringToUint8Array(Utils.canonicalize(signedMessage)))).toHex()}`;
+};
+
+export const recoverAccountInboxMessageSigner = (
+  message: Messages.RequestCreateAccountInboxMessage,
+  accountAddress: string,
+  inboxId: string,
+) => {
+  if (!message.signature) {
+    throw new Error('Signature is required');
+  }
+  let signatureInstance = secp256k1.Signature.fromCompact(message.signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(message.signature.recovery);
+  const signedMessage = {
+    accountAddress,
+    inboxId,
+    ciphertext: message.ciphertext,
+    authorAccountAddress: message.authorAccountAddress,
+  };
+  return `0x${signatureInstance.recoverPublicKey(sha256(Utils.stringToUint8Array(Utils.canonicalize(signedMessage)))).toHex()}`;
+};

package/src/inboxes/send-message.ts

@@ -0,0 +1,75 @@
+import { prepareAccountInboxMessage, prepareSpaceInboxMessage } from './prepare-message.js';
+
+export async function sendSpaceInboxMessage({
+  message,
+  spaceId,
+  inboxId,
+  encryptionPublicKey,
+  signaturePrivateKey,
+  authorAccountAddress,
+  syncServerUri,
+}: Readonly<{
+  message: string;
+  spaceId: string;
+  inboxId: string;
+  encryptionPublicKey: string;
+  signaturePrivateKey: string | null;
+  authorAccountAddress: string | null;
+  syncServerUri: string;
+}>) {
+  const messageToSend = await prepareSpaceInboxMessage({
+    message,
+    spaceId,
+    inboxId,
+    encryptionPublicKey,
+    signaturePrivateKey,
+    authorAccountAddress,
+  });
+  const res = await fetch(new URL(`/spaces/${spaceId}/inboxes/${inboxId}/messages`, syncServerUri), {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(messageToSend),
+  });
+  if (!res.ok) {
+    throw new Error('Failed to send message');
+  }
+}
+
+export async function sendAccountInboxMessage({
+  message,
+  accountAddress,
+  inboxId,
+  encryptionPublicKey,
+  signaturePrivateKey,
+  authorAccountAddress,
+  syncServerUri,
+}: Readonly<{
+  message: string;
+  accountAddress: string;
+  inboxId: string;
+  encryptionPublicKey: string;
+  signaturePrivateKey: string | null;
+  authorAccountAddress: string | null;
+  syncServerUri: string;
+}>) {
+  const messageToSend = await prepareAccountInboxMessage({
+    message,
+    accountAddress,
+    inboxId,
+    encryptionPublicKey,
+    signaturePrivateKey,
+    authorAccountAddress,
+  });
+  const res = await fetch(new URL(`/accounts/${accountAddress}/inboxes/${inboxId}/messages`, syncServerUri), {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(messageToSend),
+  });
+  if (!res.ok) {
+    throw new Error('Failed to send message');
+  }
+}

package/src/inboxes/types.ts

@@ -0,0 +1,9 @@
+import * as Schema from 'effect/Schema';
+
+export const InboxSenderAuthPolicy = Schema.Union(
+  Schema.Literal('anonymous'),
+  Schema.Literal('optional_auth'),
+  Schema.Literal('requires_auth'),
+);
+
+export type InboxSenderAuthPolicy = Schema.Schema.Type<typeof InboxSenderAuthPolicy>;

package/src/index.ts

@@ -0,0 +1,13 @@
+export * as Connect from './connect/index.js';
+export * as Entity from './entity/index.js';
+export * as Identity from './identity/index.js';
+export * as Inboxes from './inboxes/index.js';
+export * as Key from './key/index.js';
+export * as Messages from './messages/index.js';
+export * as SpaceEvents from './space-events/index.js';
+export * as SpaceInfo from './space-info/index.js';
+export * as StoreConnect from './store-connect.js';
+export * from './store.js';
+export * as Type from './type/type.js';
+export * from './types.js';
+export * as Utils from './utils/index.js';

package/src/key/create-key.ts

@@ -0,0 +1,27 @@
+import { randomBytes } from '@noble/ciphers/webcrypto';
+import { encryptKey } from './encrypt-key.js';
+
+type Params = {
+  privateKey: Uint8Array;
+  publicKey: Uint8Array;
+};
+
+export function createKey({ privateKey, publicKey }: Params): {
+  key: Uint8Array;
+  keyBoxCiphertext: Uint8Array;
+  keyBoxNonce: Uint8Array;
+} {
+  const key = randomBytes(32);
+
+  const { keyBoxCiphertext, keyBoxNonce } = encryptKey({
+    key,
+    publicKey,
+    privateKey,
+  });
+
+  return {
+    key,
+    keyBoxCiphertext,
+    keyBoxNonce,
+  };
+}

package/src/key/decrypt-key.ts

@@ -0,0 +1,19 @@
+import { decryptKeyBox } from './key-box.js';
+
+type Params = {
+  privateKey: Uint8Array;
+  publicKey: Uint8Array;
+  keyBoxCiphertext: Uint8Array;
+  keyBoxNonce: Uint8Array;
+};
+
+export function decryptKey({ privateKey, publicKey, keyBoxNonce, keyBoxCiphertext }: Params): Uint8Array {
+  const key = decryptKeyBox({
+    nonce: keyBoxNonce,
+    ciphertext: keyBoxCiphertext,
+    publicKey,
+    secretKey: privateKey,
+  });
+
+  return key;
+}

package/src/key/encrypt-key.ts

@@ -0,0 +1,27 @@
+import { randomBytes } from '@noble/ciphers/webcrypto';
+import { encryptKeyBox } from './key-box.js';
+
+type Params = {
+  privateKey: Uint8Array;
+  publicKey: Uint8Array;
+  key: Uint8Array;
+};
+
+export function encryptKey({ privateKey, publicKey, key }: Params): {
+  keyBoxCiphertext: Uint8Array;
+  keyBoxNonce: Uint8Array;
+} {
+  const nonce = randomBytes(24);
+
+  const ciphertext = encryptKeyBox({
+    message: key,
+    nonce,
+    publicKey,
+    secretKey: privateKey,
+  });
+
+  return {
+    keyBoxCiphertext: ciphertext,
+    keyBoxNonce: nonce,
+  };
+}

package/src/key/index.ts

@@ -0,0 +1,4 @@
+export * from './create-key.js';
+export * from './decrypt-key.js';
+export * from './encrypt-key.js';
+export * from './key-box.js';

package/src/key/key-box.ts

@@ -0,0 +1,31 @@
+import { cryptoBoxEasy, cryptoBoxKeyPair, cryptoBoxOpenEasy } from '@serenity-kit/noble-sodium';
+
+export function generateKeypair(): {
+  publicKey: Uint8Array;
+  secretKey: Uint8Array;
+} {
+  const { publicKey, privateKey } = cryptoBoxKeyPair();
+  return { publicKey, secretKey: privateKey };
+}
+
+export type EncryptKeyBoxParams = {
+  message: Uint8Array;
+  nonce: Uint8Array;
+  publicKey: Uint8Array;
+  secretKey: Uint8Array;
+};
+
+export type DecryptKeyBoxParams = {
+  ciphertext: Uint8Array;
+  nonce: Uint8Array;
+  publicKey: Uint8Array;
+  secretKey: Uint8Array;
+};
+
+export function encryptKeyBox({ message, publicKey, secretKey, nonce }: EncryptKeyBoxParams): Uint8Array {
+  return cryptoBoxEasy({ message, publicKey, privateKey: secretKey, nonce });
+}
+
+export function decryptKeyBox({ ciphertext, nonce, publicKey, secretKey }: DecryptKeyBoxParams): Uint8Array {
+  return cryptoBoxOpenEasy({ ciphertext, publicKey, privateKey: secretKey, nonce });
+}

package/src/messages/decrypt-message.ts

@@ -0,0 +1,13 @@
+import { xchacha20poly1305 } from '@noble/ciphers/chacha';
+
+interface Params {
+  nonceAndCiphertext: Uint8Array;
+  secretKey: Uint8Array;
+}
+
+export function decryptMessage({ nonceAndCiphertext, secretKey }: Params) {
+  const nonce = nonceAndCiphertext.subarray(0, 24);
+  const ciphertext = nonceAndCiphertext.subarray(24);
+  const cipher = xchacha20poly1305(secretKey, nonce);
+  return cipher.decrypt(ciphertext);
+}

package/src/messages/encrypt-message.ts

@@ -0,0 +1,14 @@
+import { xchacha20poly1305 } from '@noble/ciphers/chacha';
+import { randomBytes } from '@noble/ciphers/webcrypto';
+
+type Params = {
+  message: Uint8Array;
+  secretKey: Uint8Array;
+};
+
+export function encryptMessage({ message, secretKey }: Params) {
+  const nonce = randomBytes(24);
+  const cipher = xchacha20poly1305(secretKey, nonce);
+  const ciphertext = cipher.encrypt(message);
+  return new Uint8Array([...nonce, ...ciphertext]);
+}

package/src/messages/index.ts

@@ -0,0 +1,5 @@
+export * from './decrypt-message.js';
+export * from './encrypt-message.js';
+export * from './serialize.js';
+export * from './signed-update-message.js';
+export * from './types.js';

package/src/messages/serialize.ts

@@ -0,0 +1,24 @@
+// biome-ignore lint/suspicious/noExplicitAny: same as stringify
+export function serialize(obj: any): string {
+  return JSON.stringify(obj, (_key, value) => {
+    if (value instanceof Uint8Array) {
+      return { __type: 'Uint8Array', data: Array.from(value) };
+    }
+    if (value instanceof Date) {
+      return { __type: 'Date', data: value.toISOString() };
+    }
+    return value;
+  });
+}
+
+export function deserialize(json: string): unknown {
+  return JSON.parse(json, (_key, value) => {
+    if (value && value.__type === 'Uint8Array') {
+      return value.data;
+    }
+    if (value && value.__type === 'Date') {
+      return new Date(value.data);
+    }
+    return value;
+  });
+}

package/src/messages/signed-update-message.ts

@@ -0,0 +1,84 @@
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex, canonicalize, hexToBytes, stringToUint8Array } from '../utils/index.js';
+import { encryptMessage } from './encrypt-message.js';
+import type { RequestCreateUpdate } from './types.js';
+
+interface SignedMessageParams {
+  accountAddress: string;
+  updateId: string;
+  spaceId: string;
+  message: Uint8Array;
+  secretKey: string;
+  signaturePrivateKey: string;
+}
+
+interface RecoverParams {
+  update: Uint8Array;
+  spaceId: string;
+  updateId: string;
+  signature: {
+    hex: string;
+    recovery: number;
+  };
+  accountAddress: string;
+}
+
+export const signedUpdateMessage = ({
+  accountAddress,
+  updateId,
+  spaceId,
+  message,
+  secretKey,
+  signaturePrivateKey,
+}: SignedMessageParams): RequestCreateUpdate => {
+  const update = encryptMessage({
+    message,
+    secretKey: hexToBytes(secretKey),
+  });
+
+  const messageToSign = stringToUint8Array(
+    canonicalize({
+      accountAddress,
+      updateId,
+      update,
+      spaceId,
+    }),
+  );
+
+  const recoverySignature = secp256k1.sign(messageToSign, hexToBytes(signaturePrivateKey), { prehash: true });
+
+  const signature = {
+    hex: recoverySignature.toCompactHex(),
+    recovery: recoverySignature.recovery,
+  };
+
+  return {
+    type: 'create-update',
+    updateId,
+    update,
+    spaceId,
+    accountAddress,
+    signature,
+  };
+};
+
+export const recoverUpdateMessageSigner = ({
+  update,
+  spaceId,
+  updateId,
+  signature,
+  accountAddress,
+}: RecoverParams | RequestCreateUpdate) => {
+  const recoveredSignature = secp256k1.Signature.fromCompact(signature.hex).addRecoveryBit(signature.recovery);
+  const signedMessage = stringToUint8Array(
+    canonicalize({
+      accountAddress,
+      updateId,
+      update,
+      spaceId,
+    }),
+  );
+  const signedMessageHash = sha256(signedMessage);
+  return bytesToHex(recoveredSignature.recoverPublicKey(signedMessageHash).toRawBytes(true));
+};