@haneullabs/enoki 0.1.0

package/dist/cjs/EnokiFlow.js

@@ -0,0 +1,279 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var __privateMethod = (obj, member, method) => (__accessCheck(obj, member, "access private method"), method);
+var EnokiFlow_exports = {};
+__export(EnokiFlow_exports, {
+  EnokiFlow: () => EnokiFlow
+});
+module.exports = __toCommonJS(EnokiFlow_exports);
+var import_webcrypto = require("@haneullabs/signers/webcrypto");
+var import_cryptography = require("@haneullabs/haneul/cryptography");
+var import_ed25519 = require("@haneullabs/haneul/keypairs/ed25519");
+var import_utils = require("@haneullabs/haneul/utils");
+var import_zklogin = require("@haneullabs/haneul/zklogin");
+var import_idb_keyval = require("idb-keyval");
+var import_nanostores = require("nanostores");
+var import_encryption = require("./encryption.js");
+var import_EnokiClient = require("./EnokiClient/index.js");
+var import_EnokiKeypair = require("./EnokiKeypair.js");
+var import_stores = require("./stores.js");
+var _storageKeys, _enokiClient, _encryption, _encryptionKey, _store, _useNativeCryptoSigner, _idbStore, _EnokiFlow_instances, setSession_fn;
+const createStorageKeys = (apiKey) => ({
+  STATE: `@enoki/flow/state/${apiKey}`,
+  SESSION: `@enoki/flow/session/${apiKey}`
+});
+class EnokiFlow {
+  constructor(config) {
+    __privateAdd(this, _EnokiFlow_instances);
+    __privateAdd(this, _storageKeys);
+    __privateAdd(this, _enokiClient);
+    __privateAdd(this, _encryption);
+    __privateAdd(this, _encryptionKey);
+    __privateAdd(this, _store);
+    __privateAdd(this, _useNativeCryptoSigner);
+    __privateAdd(this, _idbStore);
+    __privateSet(this, _enokiClient, new import_EnokiClient.EnokiClient({
+      apiKey: config.apiKey,
+      apiUrl: config.apiUrl,
+      additionalEpochs: config.additionalEpochs
+    }));
+    __privateSet(this, _encryptionKey, config.apiKey);
+    if (config.experimental_nativeCryptoSigner) {
+      __privateSet(this, _useNativeCryptoSigner, true);
+      __privateSet(this, _idbStore, (0, import_idb_keyval.createStore)(config.apiKey, "enoki"));
+    } else {
+      __privateSet(this, _useNativeCryptoSigner, false);
+    }
+    __privateSet(this, _encryption, config.encryption ?? (0, import_encryption.createDefaultEncryption)());
+    __privateSet(this, _store, config.store ?? (0, import_stores.createSessionStorage)());
+    __privateSet(this, _storageKeys, createStorageKeys(config.apiKey));
+    let storedState = null;
+    try {
+      const rawStoredValue = __privateGet(this, _store).get(__privateGet(this, _storageKeys).STATE);
+      if (rawStoredValue) {
+        storedState = JSON.parse(rawStoredValue);
+      }
+    } catch {
+    }
+    this.$zkLoginState = (0, import_nanostores.atom)(storedState || {});
+    this.$zkLoginSession = (0, import_nanostores.atom)({ initialized: false, value: null });
+    (0, import_nanostores.onMount)(this.$zkLoginSession, () => {
+      this.getSession();
+    });
+    (0, import_nanostores.onSet)(this.$zkLoginState, ({ newValue }) => {
+      __privateGet(this, _store).set(__privateGet(this, _storageKeys).STATE, JSON.stringify(newValue));
+    });
+  }
+  get enokiClient() {
+    return __privateGet(this, _enokiClient);
+  }
+  async createAuthorizationURL(input) {
+    const ephemeralKeyPair = __privateGet(this, _useNativeCryptoSigner) ? await import_webcrypto.WebCryptoSigner.generate() : new import_ed25519.Ed25519Keypair();
+    const { nonce, randomness, maxEpoch, estimatedExpiration } = await __privateGet(this, _enokiClient).createZkLoginNonce({
+      network: input.network,
+      ephemeralPublicKey: ephemeralKeyPair.getPublicKey()
+    });
+    const params = new URLSearchParams({
+      ...input.extraParams,
+      nonce,
+      client_id: input.clientId,
+      redirect_uri: input.redirectUrl,
+      response_type: "id_token",
+      // TODO: Eventually fetch the scopes for this client ID from the Enoki service:
+      scope: [
+        "openid",
+        // Merge the requested scopes in with the required openid scopes:
+        ...input.extraParams && "scope" in input.extraParams ? input.extraParams.scope : []
+      ].filter(Boolean).join(" ")
+    });
+    let oauthUrl;
+    switch (input.provider) {
+      case "google": {
+        oauthUrl = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;
+        break;
+      }
+      case "facebook": {
+        oauthUrl = `https://www.facebook.com/v17.0/dialog/oauth?${params}`;
+        break;
+      }
+      case "twitch": {
+        params.set("force_verify", "true");
+        oauthUrl = `https://id.twitch.tv/oauth2/authorize?${params}`;
+        break;
+      }
+      default:
+        throw new Error(`Invalid provider: ${input.provider}`);
+    }
+    this.$zkLoginState.set({ provider: input.provider });
+    if (__privateGet(this, _useNativeCryptoSigner)) {
+      await (0, import_idb_keyval.set)("ephemeralKeyPair", ephemeralKeyPair.export(), __privateGet(this, _idbStore));
+    }
+    await __privateMethod(this, _EnokiFlow_instances, setSession_fn).call(this, {
+      expiresAt: estimatedExpiration,
+      maxEpoch,
+      randomness,
+      ephemeralKeyPair: __privateGet(this, _useNativeCryptoSigner) ? "@@native" : (0, import_utils.toBase64)(
+        (0, import_cryptography.decodeHaneulPrivateKey)(ephemeralKeyPair.getSecretKey()).secretKey
+      )
+    });
+    return oauthUrl;
+  }
+  // TODO: Should our SDK manage this automatically in addition to exposing a method?
+  async handleAuthCallback(hash = window.location.hash) {
+    const params = new URLSearchParams(hash.startsWith("#") ? hash.slice(1) : hash);
+    const zkp = await this.getSession();
+    if (!zkp || !zkp.ephemeralKeyPair || !zkp.maxEpoch || !zkp.randomness) {
+      throw new Error(
+        "Start of sign-in flow could not be found. Ensure you have started the sign-in flow before calling this."
+      );
+    }
+    const jwt = params.get("id_token");
+    if (!jwt) {
+      throw new Error("Missing ID Token");
+    }
+    (0, import_zklogin.decodeJwt)(jwt);
+    const { address, salt, publicKey } = await __privateGet(this, _enokiClient).getZkLogin({ jwt });
+    this.$zkLoginState.set({
+      ...this.$zkLoginState.get(),
+      salt,
+      address,
+      publicKey
+    });
+    await __privateMethod(this, _EnokiFlow_instances, setSession_fn).call(this, {
+      ...zkp,
+      jwt
+    });
+    return params.get("state");
+  }
+  async getSession() {
+    if (this.$zkLoginSession.get().initialized) {
+      return this.$zkLoginSession.get().value;
+    }
+    try {
+      const storedValue = __privateGet(this, _store).get(__privateGet(this, _storageKeys).SESSION);
+      if (!storedValue) return null;
+      const state = JSON.parse(
+        await __privateGet(this, _encryption).decrypt(__privateGet(this, _encryptionKey), storedValue)
+      );
+      if (state?.expiresAt && Date.now() > state.expiresAt) {
+        await this.logout();
+      } else {
+        this.$zkLoginSession.set({ initialized: true, value: state });
+      }
+    } catch {
+      this.$zkLoginSession.set({ initialized: true, value: null });
+    }
+    return this.$zkLoginSession.get().value;
+  }
+  async logout() {
+    this.$zkLoginState.set({});
+    __privateGet(this, _store).delete(__privateGet(this, _storageKeys).STATE);
+    if (__privateGet(this, _useNativeCryptoSigner)) {
+      await (0, import_idb_keyval.clear)(__privateGet(this, _idbStore));
+    }
+    await __privateMethod(this, _EnokiFlow_instances, setSession_fn).call(this, null);
+  }
+  // TODO: Should this return the proof if it already exists?
+  async getProof({ network } = {}) {
+    const zkp = await this.getSession();
+    const { salt } = this.$zkLoginState.get();
+    if (zkp?.proof) {
+      if (zkp.expiresAt && Date.now() > zkp.expiresAt) {
+        throw new Error("Stored proof is expired.");
+      }
+      return zkp.proof;
+    }
+    if (!salt || !zkp || !zkp.jwt) {
+      throw new Error("Missing required parameters for proof generation");
+    }
+    let storedNativeSigner = void 0;
+    if (__privateGet(this, _useNativeCryptoSigner) && zkp.ephemeralKeyPair === "@@native") {
+      storedNativeSigner = await (0, import_idb_keyval.get)("ephemeralKeyPair", __privateGet(this, _idbStore));
+      if (!storedNativeSigner) {
+        throw new Error("Native signer not found in store.");
+      }
+    }
+    const ephemeralKeyPair = zkp.ephemeralKeyPair === "@@native" ? import_webcrypto.WebCryptoSigner.import(storedNativeSigner) : import_ed25519.Ed25519Keypair.fromSecretKey((0, import_utils.fromBase64)(zkp.ephemeralKeyPair));
+    const proof = await __privateGet(this, _enokiClient).createZkLoginZkp({
+      network,
+      jwt: zkp.jwt,
+      maxEpoch: zkp.maxEpoch,
+      randomness: zkp.randomness,
+      ephemeralPublicKey: ephemeralKeyPair.getPublicKey()
+    });
+    await __privateMethod(this, _EnokiFlow_instances, setSession_fn).call(this, {
+      ...zkp,
+      proof
+    });
+    return proof;
+  }
+  async getKeypair({ network } = {}) {
+    await this.getProof({ network });
+    const zkp = await this.getSession();
+    const { address } = this.$zkLoginState.get();
+    if (!address || !zkp || !zkp.proof) {
+      throw new Error("Missing required data for keypair generation.");
+    }
+    if (Date.now() > zkp.expiresAt) {
+      throw new Error("Stored proof is expired.");
+    }
+    let storedNativeSigner = void 0;
+    if (__privateGet(this, _useNativeCryptoSigner) && zkp.ephemeralKeyPair === "@@native") {
+      storedNativeSigner = await (0, import_idb_keyval.get)("ephemeralKeyPair", __privateGet(this, _idbStore));
+      if (!storedNativeSigner) {
+        throw new Error("Native signer not found in store.");
+      }
+    }
+    const ephemeralKeypair = zkp.ephemeralKeyPair === "@@native" ? import_webcrypto.WebCryptoSigner.import(storedNativeSigner) : import_ed25519.Ed25519Keypair.fromSecretKey((0, import_utils.fromBase64)(zkp.ephemeralKeyPair));
+    return new import_EnokiKeypair.EnokiKeypair({
+      address,
+      ephemeralKeypair,
+      maxEpoch: zkp.maxEpoch,
+      proof: zkp.proof
+    });
+  }
+}
+_storageKeys = new WeakMap();
+_enokiClient = new WeakMap();
+_encryption = new WeakMap();
+_encryptionKey = new WeakMap();
+_store = new WeakMap();
+_useNativeCryptoSigner = new WeakMap();
+_idbStore = new WeakMap();
+_EnokiFlow_instances = new WeakSet();
+setSession_fn = async function(newValue) {
+  if (newValue) {
+    const storedValue = await __privateGet(this, _encryption).encrypt(
+      __privateGet(this, _encryptionKey),
+      JSON.stringify(newValue)
+    );
+    __privateGet(this, _store).set(__privateGet(this, _storageKeys).SESSION, storedValue);
+  } else {
+    __privateGet(this, _store).delete(__privateGet(this, _storageKeys).SESSION);
+  }
+  this.$zkLoginSession.set({ initialized: true, value: newValue });
+};
+//# sourceMappingURL=EnokiFlow.js.map

package/dist/cjs/EnokiFlow.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/EnokiFlow.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { ExportedWebCryptoKeypair } from '@haneullabs/signers/webcrypto';\nimport { WebCryptoSigner } from '@haneullabs/signers/webcrypto';\nimport { decodeHaneulPrivateKey } from '@haneullabs/haneul/cryptography';\nimport { Ed25519Keypair } from '@haneullabs/haneul/keypairs/ed25519';\nimport { fromBase64, toBase64 } from '@haneullabs/haneul/utils';\nimport { decodeJwt } from '@haneullabs/haneul/zklogin';\nimport type { ZkLoginSignatureInputs } from '@haneullabs/haneul/zklogin';\nimport type { UseStore } from 'idb-keyval';\nimport { clear, createStore, get, set } from 'idb-keyval';\nimport type { WritableAtom } from 'nanostores';\nimport { atom, onMount, onSet } from 'nanostores';\n\nimport type { Encryption } from './encryption.js';\nimport { createDefaultEncryption } from './encryption.js';\nimport type { EnokiClientConfig } from './EnokiClient/index.js';\nimport { EnokiClient } from './EnokiClient/index.js';\nimport type { AuthProvider, EnokiNetwork } from './EnokiClient/type.js';\nimport { EnokiKeypair } from './EnokiKeypair.js';\nimport type { SyncStore } from './stores.js';\nimport { createSessionStorage } from './stores.js';\n\n/**\n * @deprecated Use `RegisterEnokiWalletsOptions` instead\n */\nexport type EnokiFlowConfig = EnokiClientConfig &\n\t(\n\t\t| {\n\t\t\t\texperimental_nativeCryptoSigner?: unknown;\n\t\t\t\t/**\n\t\t\t\t * The storage interface to persist Enoki data locally.\n\t\t\t\t * If not provided, it will use a sessionStorage-backed store.\n\t\t\t\t */\n\t\t\t\tstore?: SyncStore;\n\t\t\t\t/**\n\t\t\t\t * The encryption interface that will be used to encrypt data before storing it locally.\n\t\t\t\t * If not provided, it will use a default encryption interface.\n\t\t\t\t */\n\t\t\t\tencryption?: Encryption;\n\t\t  }\n\t\t| {\n\t\t\t\tstore?: never;\n\t\t\t\tencryption?: never;\n\t\t\t\t/**\n\t\t\t\t * Enables the new native crypto signer for the EnokiFlow, which is more secure.\n\t\t\t\t */\n\t\t\t\texperimental_nativeCryptoSigner: true;\n\t\t  }\n\t);\n\n// State that is not bound to a session, and is encrypted.\nexport interface ZkLoginState {\n\tprovider?: AuthProvider;\n\taddress?: string;\n\tsalt?: string;\n\tpublicKey?: string;\n}\n\n// State that session-bound, and is encrypted in storage.\nexport interface ZkLoginSession {\n\tephemeralKeyPair: string;\n\tmaxEpoch: number;\n\trandomness: string;\n\texpiresAt: number;\n\n\tjwt?: string;\n\tproof?: ZkLoginSignatureInputs;\n}\n\nconst createStorageKeys = (apiKey: string) => ({\n\tSTATE: `@enoki/flow/state/${apiKey}`,\n\tSESSION: `@enoki/flow/session/${apiKey}`,\n});\n\n/**\n * @deprecated Use `registerEnokiWallets` instead\n */\nexport class EnokiFlow {\n\t#storageKeys: { STATE: string; SESSION: string };\n\t#enokiClient: EnokiClient;\n\t#encryption: Encryption;\n\t#encryptionKey: string;\n\t#store: SyncStore;\n\t#useNativeCryptoSigner: boolean;\n\t#idbStore?: UseStore;\n\n\t$zkLoginSession: WritableAtom<{ initialized: boolean; value: ZkLoginSession | null }>;\n\t$zkLoginState: WritableAtom<ZkLoginState>;\n\n\tconstructor(config: EnokiFlowConfig) {\n\t\tthis.#enokiClient = new EnokiClient({\n\t\t\tapiKey: config.apiKey,\n\t\t\tapiUrl: config.apiUrl,\n\t\t\tadditionalEpochs: config.additionalEpochs,\n\t\t});\n\t\tthis.#encryptionKey = config.apiKey;\n\n\t\tif (config.experimental_nativeCryptoSigner) {\n\t\t\tthis.#useNativeCryptoSigner = true;\n\t\t\tthis.#idbStore = createStore(config.apiKey, 'enoki');\n\t\t} else {\n\t\t\tthis.#useNativeCryptoSigner = false;\n\t\t}\n\n\t\tthis.#encryption = config.encryption ?? createDefaultEncryption();\n\t\tthis.#store = config.store ?? createSessionStorage();\n\t\tthis.#storageKeys = createStorageKeys(config.apiKey);\n\n\t\tlet storedState = null;\n\t\ttry {\n\t\t\tconst rawStoredValue = this.#store.get(this.#storageKeys.STATE);\n\t\t\tif (rawStoredValue) {\n\t\t\t\tstoredState = JSON.parse(rawStoredValue);\n\t\t\t}\n\t\t} catch {\n\t\t\t// Ignore errors\n\t\t}\n\n\t\tthis.$zkLoginState = atom(storedState || {});\n\t\tthis.$zkLoginSession = atom({ initialized: false, value: null });\n\n\t\t// Hydrate the session on mount:\n\t\tonMount(this.$zkLoginSession, () => {\n\t\t\tthis.getSession();\n\t\t});\n\n\t\tonSet(this.$zkLoginState, ({ newValue }) => {\n\t\t\tthis.#store.set(this.#storageKeys.STATE, JSON.stringify(newValue));\n\t\t});\n\t}\n\n\tget enokiClient() {\n\t\treturn this.#enokiClient;\n\t}\n\n\tasync createAuthorizationURL(input: {\n\t\tprovider: AuthProvider;\n\t\tclientId: string;\n\t\tredirectUrl: string;\n\t\tnetwork?: 'mainnet' | 'testnet' | 'devnet';\n\t\textraParams?: Record<string, unknown>;\n\t}) {\n\t\tconst ephemeralKeyPair = this.#useNativeCryptoSigner\n\t\t\t? await WebCryptoSigner.generate()\n\t\t\t: new Ed25519Keypair();\n\n\t\tconst { nonce, randomness, maxEpoch, estimatedExpiration } =\n\t\t\tawait this.#enokiClient.createZkLoginNonce({\n\t\t\t\tnetwork: input.network,\n\t\t\t\tephemeralPublicKey: ephemeralKeyPair.getPublicKey(),\n\t\t\t});\n\n\t\tconst params = new URLSearchParams({\n\t\t\t...input.extraParams,\n\t\t\tnonce,\n\t\t\tclient_id: input.clientId,\n\t\t\tredirect_uri: input.redirectUrl,\n\t\t\tresponse_type: 'id_token',\n\t\t\t// TODO: Eventually fetch the scopes for this client ID from the Enoki service:\n\t\t\tscope: [\n\t\t\t\t'openid',\n\t\t\t\t// Merge the requested scopes in with the required openid scopes:\n\t\t\t\t...(input.extraParams && 'scope' in input.extraParams\n\t\t\t\t\t? (input.extraParams.scope as string[])\n\t\t\t\t\t: []),\n\t\t\t]\n\t\t\t\t.filter(Boolean)\n\t\t\t\t.join(' '),\n\t\t});\n\n\t\tlet oauthUrl: string;\n\t\tswitch (input.provider) {\n\t\t\tcase 'google': {\n\t\t\t\toauthUrl = `https://accounts.google.com/o/oauth2/v2/auth?${params}`;\n\t\t\t\tbreak;\n\t\t\t}\n\n\t\t\tcase 'facebook': {\n\t\t\t\toauthUrl = `https://www.facebook.com/v17.0/dialog/oauth?${params}`;\n\t\t\t\tbreak;\n\t\t\t}\n\n\t\t\tcase 'twitch': {\n\t\t\t\tparams.set('force_verify', 'true');\n\t\t\t\toauthUrl = `https://id.twitch.tv/oauth2/authorize?${params}`;\n\t\t\t\tbreak;\n\t\t\t}\n\n\t\t\tdefault:\n\t\t\t\tthrow new Error(`Invalid provider: ${input.provider}`);\n\t\t}\n\n\t\tthis.$zkLoginState.set({ provider: input.provider });\n\t\tif (this.#useNativeCryptoSigner) {\n\t\t\tawait set('ephemeralKeyPair', (ephemeralKeyPair as WebCryptoSigner).export(), this.#idbStore);\n\t\t}\n\n\t\tawait this.#setSession({\n\t\t\texpiresAt: estimatedExpiration,\n\t\t\tmaxEpoch,\n\t\t\trandomness,\n\t\t\tephemeralKeyPair: this.#useNativeCryptoSigner\n\t\t\t\t? '@@native'\n\t\t\t\t: toBase64(\n\t\t\t\t\t\tdecodeHaneulPrivateKey((ephemeralKeyPair as Ed25519Keypair).getSecretKey()).secretKey,\n\t\t\t\t\t),\n\t\t});\n\n\t\treturn oauthUrl;\n\t}\n\n\t// TODO: Should our SDK manage this automatically in addition to exposing a method?\n\tasync handleAuthCallback(hash: string = window.location.hash) {\n\t\tconst params = new URLSearchParams(hash.startsWith('#') ? hash.slice(1) : hash);\n\n\t\t// Before we handle the auth redirect and get the state, we need to restore it:\n\t\tconst zkp = await this.getSession();\n\n\t\tif (!zkp || !zkp.ephemeralKeyPair || !zkp.maxEpoch || !zkp.randomness) {\n\t\t\tthrow new Error(\n\t\t\t\t'Start of sign-in flow could not be found. Ensure you have started the sign-in flow before calling this.',\n\t\t\t);\n\t\t}\n\n\t\tconst jwt = params.get('id_token');\n\t\tif (!jwt) {\n\t\t\tthrow new Error('Missing ID Token');\n\t\t}\n\n\t\tdecodeJwt(jwt);\n\n\t\tconst { address, salt, publicKey } = await this.#enokiClient.getZkLogin({ jwt });\n\n\t\tthis.$zkLoginState.set({\n\t\t\t...this.$zkLoginState.get(),\n\t\t\tsalt,\n\t\t\taddress,\n\t\t\tpublicKey,\n\t\t});\n\t\tawait this.#setSession({\n\t\t\t...zkp,\n\t\t\tjwt,\n\t\t});\n\n\t\treturn params.get('state');\n\t}\n\n\tasync #setSession(newValue: ZkLoginSession | null) {\n\t\tif (newValue) {\n\t\t\tconst storedValue = await this.#encryption.encrypt(\n\t\t\t\tthis.#encryptionKey,\n\t\t\t\tJSON.stringify(newValue),\n\t\t\t);\n\n\t\t\tthis.#store.set(this.#storageKeys.SESSION, storedValue);\n\t\t} else {\n\t\t\tthis.#store.delete(this.#storageKeys.SESSION);\n\t\t}\n\n\t\tthis.$zkLoginSession.set({ initialized: true, value: newValue });\n\t}\n\n\tasync getSession() {\n\t\tif (this.$zkLoginSession.get().initialized) {\n\t\t\treturn this.$zkLoginSession.get().value;\n\t\t}\n\n\t\ttry {\n\t\t\tconst storedValue = this.#store.get(this.#storageKeys.SESSION);\n\t\t\tif (!storedValue) return null;\n\n\t\t\tconst state: ZkLoginSession = JSON.parse(\n\t\t\t\tawait this.#encryption.decrypt(this.#encryptionKey, storedValue),\n\t\t\t);\n\n\t\t\t// TODO: Rather than having expiration act as a logout, we should keep the state that still is relevant,\n\t\t\t// and just clear out the expired session, but keep the other zkLogin state.\n\t\t\tif (state?.expiresAt && Date.now() > state.expiresAt) {\n\t\t\t\tawait this.logout();\n\t\t\t} else {\n\t\t\t\tthis.$zkLoginSession.set({ initialized: true, value: state });\n\t\t\t}\n\t\t} catch {\n\t\t\tthis.$zkLoginSession.set({ initialized: true, value: null });\n\t\t}\n\n\t\treturn this.$zkLoginSession.get().value;\n\t}\n\n\tasync logout() {\n\t\tthis.$zkLoginState.set({});\n\t\tthis.#store.delete(this.#storageKeys.STATE);\n\n\t\tif (this.#useNativeCryptoSigner) {\n\t\t\tawait clear(this.#idbStore);\n\t\t}\n\t\tawait this.#setSession(null);\n\t}\n\n\t// TODO: Should this return the proof if it already exists?\n\tasync getProof({ network }: { network?: EnokiNetwork } = {}) {\n\t\tconst zkp = await this.getSession();\n\t\tconst { salt } = this.$zkLoginState.get();\n\n\t\tif (zkp?.proof) {\n\t\t\tif (zkp.expiresAt && Date.now() > zkp.expiresAt) {\n\t\t\t\tthrow new Error('Stored proof is expired.');\n\t\t\t}\n\n\t\t\treturn zkp.proof;\n\t\t}\n\n\t\tif (!salt || !zkp || !zkp.jwt) {\n\t\t\tthrow new Error('Missing required parameters for proof generation');\n\t\t}\n\n\t\tlet storedNativeSigner: ExportedWebCryptoKeypair | undefined = undefined;\n\t\tif (this.#useNativeCryptoSigner && zkp.ephemeralKeyPair === '@@native') {\n\t\t\tstoredNativeSigner = await get('ephemeralKeyPair', this.#idbStore);\n\t\t\tif (!storedNativeSigner) {\n\t\t\t\tthrow new Error('Native signer not found in store.');\n\t\t\t}\n\t\t}\n\n\t\tconst ephemeralKeyPair =\n\t\t\tzkp.ephemeralKeyPair === '@@native'\n\t\t\t\t? WebCryptoSigner.import(storedNativeSigner!)\n\t\t\t\t: Ed25519Keypair.fromSecretKey(fromBase64(zkp.ephemeralKeyPair));\n\n\t\tconst proof = await this.#enokiClient.createZkLoginZkp({\n\t\t\tnetwork,\n\t\t\tjwt: zkp.jwt,\n\t\t\tmaxEpoch: zkp.maxEpoch,\n\t\t\trandomness: zkp.randomness,\n\t\t\tephemeralPublicKey: ephemeralKeyPair.getPublicKey(),\n\t\t});\n\n\t\tawait this.#setSession({\n\t\t\t...zkp,\n\t\t\tproof,\n\t\t});\n\n\t\treturn proof;\n\t}\n\n\tasync getKeypair({ network }: { network?: EnokiNetwork } = {}) {\n\t\t// Get the proof, so that we ensure it exists in state:\n\t\tawait this.getProof({ network });\n\n\t\tconst zkp = await this.getSession();\n\n\t\t// Check to see if we have the essentials for a keypair:\n\t\tconst { address } = this.$zkLoginState.get();\n\t\tif (!address || !zkp || !zkp.proof) {\n\t\t\tthrow new Error('Missing required data for keypair generation.');\n\t\t}\n\n\t\tif (Date.now() > zkp.expiresAt) {\n\t\t\tthrow new Error('Stored proof is expired.');\n\t\t}\n\n\t\tlet storedNativeSigner: ExportedWebCryptoKeypair | undefined = undefined;\n\t\tif (this.#useNativeCryptoSigner && zkp.ephemeralKeyPair === '@@native') {\n\t\t\tstoredNativeSigner = await get('ephemeralKeyPair', this.#idbStore);\n\t\t\tif (!storedNativeSigner) {\n\t\t\t\tthrow new Error('Native signer not found in store.');\n\t\t\t}\n\t\t}\n\n\t\tconst ephemeralKeypair =\n\t\t\tzkp.ephemeralKeyPair === '@@native'\n\t\t\t\t? WebCryptoSigner.import(storedNativeSigner!)\n\t\t\t\t: Ed25519Keypair.fromSecretKey(fromBase64(zkp.ephemeralKeyPair));\n\n\t\treturn new EnokiKeypair({\n\t\t\taddress,\n\t\t\tephemeralKeypair,\n\t\t\tmaxEpoch: zkp.maxEpoch,\n\t\t\tproof: zkp.proof,\n\t\t});\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,uBAAgC;AAChC,0BAAuC;AACvC,qBAA+B;AAC/B,mBAAqC;AACrC,qBAA0B;AAG1B,wBAA6C;AAE7C,wBAAqC;AAGrC,wBAAwC;AAExC,yBAA4B;AAE5B,0BAA6B;AAE7B,oBAAqC;AAtBrC;AAuEA,MAAM,oBAAoB,CAAC,YAAoB;AAAA,EAC9C,OAAO,qBAAqB,MAAM;AAAA,EAClC,SAAS,uBAAuB,MAAM;AACvC;AAKO,MAAM,UAAU;AAAA,EAYtB,YAAY,QAAyB;AAZ/B;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AAMC,uBAAK,cAAe,IAAI,+BAAY;AAAA,MACnC,QAAQ,OAAO;AAAA,MACf,QAAQ,OAAO;AAAA,MACf,kBAAkB,OAAO;AAAA,IAC1B,CAAC;AACD,uBAAK,gBAAiB,OAAO;AAE7B,QAAI,OAAO,iCAAiC;AAC3C,yBAAK,wBAAyB;AAC9B,yBAAK,eAAY,+BAAY,OAAO,QAAQ,OAAO;AAAA,IACpD,OAAO;AACN,yBAAK,wBAAyB;AAAA,IAC/B;AAEA,uBAAK,aAAc,OAAO,kBAAc,2CAAwB;AAChE,uBAAK,QAAS,OAAO,aAAS,oCAAqB;AACnD,uBAAK,cAAe,kBAAkB,OAAO,MAAM;AAEnD,QAAI,cAAc;AAClB,QAAI;AACH,YAAM,iBAAiB,mBAAK,QAAO,IAAI,mBAAK,cAAa,KAAK;AAC9D,UAAI,gBAAgB;AACnB,sBAAc,KAAK,MAAM,cAAc;AAAA,MACxC;AAAA,IACD,QAAQ;AAAA,IAER;AAEA,SAAK,oBAAgB,wBAAK,eAAe,CAAC,CAAC;AAC3C,SAAK,sBAAkB,wBAAK,EAAE,aAAa,OAAO,OAAO,KAAK,CAAC;AAG/D,mCAAQ,KAAK,iBAAiB,MAAM;AACnC,WAAK,WAAW;AAAA,IACjB,CAAC;AAED,iCAAM,KAAK,eAAe,CAAC,EAAE,SAAS,MAAM;AAC3C,yBAAK,QAAO,IAAI,mBAAK,cAAa,OAAO,KAAK,UAAU,QAAQ,CAAC;AAAA,IAClE,CAAC;AAAA,EACF;AAAA,EAEA,IAAI,cAAc;AACjB,WAAO,mBAAK;AAAA,EACb;AAAA,EAEA,MAAM,uBAAuB,OAM1B;AACF,UAAM,mBAAmB,mBAAK,0BAC3B,MAAM,iCAAgB,SAAS,IAC/B,IAAI,8BAAe;AAEtB,UAAM,EAAE,OAAO,YAAY,UAAU,oBAAoB,IACxD,MAAM,mBAAK,cAAa,mBAAmB;AAAA,MAC1C,SAAS,MAAM;AAAA,MACf,oBAAoB,iBAAiB,aAAa;AAAA,IACnD,CAAC;AAEF,UAAM,SAAS,IAAI,gBAAgB;AAAA,MAClC,GAAG,MAAM;AAAA,MACT;AAAA,MACA,WAAW,MAAM;AAAA,MACjB,cAAc,MAAM;AAAA,MACpB,eAAe;AAAA;AAAA,MAEf,OAAO;AAAA,QACN;AAAA;AAAA,QAEA,GAAI,MAAM,eAAe,WAAW,MAAM,cACtC,MAAM,YAAY,QACnB,CAAC;AAAA,MACL,EACE,OAAO,OAAO,EACd,KAAK,GAAG;AAAA,IACX,CAAC;AAED,QAAI;AACJ,YAAQ,MAAM,UAAU;AAAA,MACvB,KAAK,UAAU;AACd,mBAAW,gDAAgD,MAAM;AACjE;AAAA,MACD;AAAA,MAEA,KAAK,YAAY;AAChB,mBAAW,+CAA+C,MAAM;AAChE;AAAA,MACD;AAAA,MAEA,KAAK,UAAU;AACd,eAAO,IAAI,gBAAgB,MAAM;AACjC,mBAAW,yCAAyC,MAAM;AAC1D;AAAA,MACD;AAAA,MAEA;AACC,cAAM,IAAI,MAAM,qBAAqB,MAAM,QAAQ,EAAE;AAAA,IACvD;AAEA,SAAK,cAAc,IAAI,EAAE,UAAU,MAAM,SAAS,CAAC;AACnD,QAAI,mBAAK,yBAAwB;AAChC,gBAAM,uBAAI,oBAAqB,iBAAqC,OAAO,GAAG,mBAAK,UAAS;AAAA,IAC7F;AAEA,UAAM,sBAAK,qCAAL,WAAiB;AAAA,MACtB,WAAW;AAAA,MACX;AAAA,MACA;AAAA,MACA,kBAAkB,mBAAK,0BACpB,iBACA;AAAA,YACA,4CAAwB,iBAAoC,aAAa,CAAC,EAAE;AAAA,MAC7E;AAAA,IACH;AAEA,WAAO;AAAA,EACR;AAAA;AAAA,EAGA,MAAM,mBAAmB,OAAe,OAAO,SAAS,MAAM;AAC7D,UAAM,SAAS,IAAI,gBAAgB,KAAK,WAAW,GAAG,IAAI,KAAK,MAAM,CAAC,IAAI,IAAI;AAG9E,UAAM,MAAM,MAAM,KAAK,WAAW;AAElC,QAAI,CAAC,OAAO,CAAC,IAAI,oBAAoB,CAAC,IAAI,YAAY,CAAC,IAAI,YAAY;AACtE,YAAM,IAAI;AAAA,QACT;AAAA,MACD;AAAA,IACD;AAEA,UAAM,MAAM,OAAO,IAAI,UAAU;AACjC,QAAI,CAAC,KAAK;AACT,YAAM,IAAI,MAAM,kBAAkB;AAAA,IACnC;AAEA,kCAAU,GAAG;AAEb,UAAM,EAAE,SAAS,MAAM,UAAU,IAAI,MAAM,mBAAK,cAAa,WAAW,EAAE,IAAI,CAAC;AAE/E,SAAK,cAAc,IAAI;AAAA,MACtB,GAAG,KAAK,cAAc,IAAI;AAAA,MAC1B;AAAA,MACA;AAAA,MACA;AAAA,IACD,CAAC;AACD,UAAM,sBAAK,qCAAL,WAAiB;AAAA,MACtB,GAAG;AAAA,MACH;AAAA,IACD;AAEA,WAAO,OAAO,IAAI,OAAO;AAAA,EAC1B;AAAA,EAiBA,MAAM,aAAa;AAClB,QAAI,KAAK,gBAAgB,IAAI,EAAE,aAAa;AAC3C,aAAO,KAAK,gBAAgB,IAAI,EAAE;AAAA,IACnC;AAEA,QAAI;AACH,YAAM,cAAc,mBAAK,QAAO,IAAI,mBAAK,cAAa,OAAO;AAC7D,UAAI,CAAC,YAAa,QAAO;AAEzB,YAAM,QAAwB,KAAK;AAAA,QAClC,MAAM,mBAAK,aAAY,QAAQ,mBAAK,iBAAgB,WAAW;AAAA,MAChE;AAIA,UAAI,OAAO,aAAa,KAAK,IAAI,IAAI,MAAM,WAAW;AACrD,cAAM,KAAK,OAAO;AAAA,MACnB,OAAO;AACN,aAAK,gBAAgB,IAAI,EAAE,aAAa,MAAM,OAAO,MAAM,CAAC;AAAA,MAC7D;AAAA,IACD,QAAQ;AACP,WAAK,gBAAgB,IAAI,EAAE,aAAa,MAAM,OAAO,KAAK,CAAC;AAAA,IAC5D;AAEA,WAAO,KAAK,gBAAgB,IAAI,EAAE;AAAA,EACnC;AAAA,EAEA,MAAM,SAAS;AACd,SAAK,cAAc,IAAI,CAAC,CAAC;AACzB,uBAAK,QAAO,OAAO,mBAAK,cAAa,KAAK;AAE1C,QAAI,mBAAK,yBAAwB;AAChC,gBAAM,yBAAM,mBAAK,UAAS;AAAA,IAC3B;AACA,UAAM,sBAAK,qCAAL,WAAiB;AAAA,EACxB;AAAA;AAAA,EAGA,MAAM,SAAS,EAAE,QAAQ,IAAgC,CAAC,GAAG;AAC5D,UAAM,MAAM,MAAM,KAAK,WAAW;AAClC,UAAM,EAAE,KAAK,IAAI,KAAK,cAAc,IAAI;AAExC,QAAI,KAAK,OAAO;AACf,UAAI,IAAI,aAAa,KAAK,IAAI,IAAI,IAAI,WAAW;AAChD,cAAM,IAAI,MAAM,0BAA0B;AAAA,MAC3C;AAEA,aAAO,IAAI;AAAA,IACZ;AAEA,QAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,KAAK;AAC9B,YAAM,IAAI,MAAM,kDAAkD;AAAA,IACnE;AAEA,QAAI,qBAA2D;AAC/D,QAAI,mBAAK,2BAA0B,IAAI,qBAAqB,YAAY;AACvE,2BAAqB,UAAM,uBAAI,oBAAoB,mBAAK,UAAS;AACjE,UAAI,CAAC,oBAAoB;AACxB,cAAM,IAAI,MAAM,mCAAmC;AAAA,MACpD;AAAA,IACD;AAEA,UAAM,mBACL,IAAI,qBAAqB,aACtB,iCAAgB,OAAO,kBAAmB,IAC1C,8BAAe,kBAAc,yBAAW,IAAI,gBAAgB,CAAC;AAEjE,UAAM,QAAQ,MAAM,mBAAK,cAAa,iBAAiB;AAAA,MACtD;AAAA,MACA,KAAK,IAAI;AAAA,MACT,UAAU,IAAI;AAAA,MACd,YAAY,IAAI;AAAA,MAChB,oBAAoB,iBAAiB,aAAa;AAAA,IACnD,CAAC;AAED,UAAM,sBAAK,qCAAL,WAAiB;AAAA,MACtB,GAAG;AAAA,MACH;AAAA,IACD;AAEA,WAAO;AAAA,EACR;AAAA,EAEA,MAAM,WAAW,EAAE,QAAQ,IAAgC,CAAC,GAAG;AAE9D,UAAM,KAAK,SAAS,EAAE,QAAQ,CAAC;AAE/B,UAAM,MAAM,MAAM,KAAK,WAAW;AAGlC,UAAM,EAAE,QAAQ,IAAI,KAAK,cAAc,IAAI;AAC3C,QAAI,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,OAAO;AACnC,YAAM,IAAI,MAAM,+CAA+C;AAAA,IAChE;AAEA,QAAI,KAAK,IAAI,IAAI,IAAI,WAAW;AAC/B,YAAM,IAAI,MAAM,0BAA0B;AAAA,IAC3C;AAEA,QAAI,qBAA2D;AAC/D,QAAI,mBAAK,2BAA0B,IAAI,qBAAqB,YAAY;AACvE,2BAAqB,UAAM,uBAAI,oBAAoB,mBAAK,UAAS;AACjE,UAAI,CAAC,oBAAoB;AACxB,cAAM,IAAI,MAAM,mCAAmC;AAAA,MACpD;AAAA,IACD;AAEA,UAAM,mBACL,IAAI,qBAAqB,aACtB,iCAAgB,OAAO,kBAAmB,IAC1C,8BAAe,kBAAc,yBAAW,IAAI,gBAAgB,CAAC;AAEjE,WAAO,IAAI,iCAAa;AAAA,MACvB;AAAA,MACA;AAAA,MACA,UAAU,IAAI;AAAA,MACd,OAAO,IAAI;AAAA,IACZ,CAAC;AAAA,EACF;AACD;AA/SC;AACA;AACA;AACA;AACA;AACA;AACA;AAPM;AA0KA,gBAAW,eAAC,UAAiC;AAClD,MAAI,UAAU;AACb,UAAM,cAAc,MAAM,mBAAK,aAAY;AAAA,MAC1C,mBAAK;AAAA,MACL,KAAK,UAAU,QAAQ;AAAA,IACxB;AAEA,uBAAK,QAAO,IAAI,mBAAK,cAAa,SAAS,WAAW;AAAA,EACvD,OAAO;AACN,uBAAK,QAAO,OAAO,mBAAK,cAAa,OAAO;AAAA,EAC7C;AAEA,OAAK,gBAAgB,IAAI,EAAE,aAAa,MAAM,OAAO,SAAS,CAAC;AAChE;",
+  "names": []
+}

package/dist/cjs/EnokiKeypair.d.ts

@@ -0,0 +1,20 @@
+import type { SignatureWithBytes } from '@haneullabs/haneul/cryptography';
+import { Signer } from '@haneullabs/haneul/cryptography';
+import type { ZkLoginSignatureInputs } from '@haneullabs/haneul/zklogin';
+import { ZkLoginPublicIdentifier } from '@haneullabs/haneul/zklogin';
+export declare class EnokiPublicKey extends ZkLoginPublicIdentifier {
+}
+export declare class EnokiKeypair extends Signer {
+    #private;
+    constructor(input: {
+        address: string;
+        maxEpoch: number;
+        proof: ZkLoginSignatureInputs;
+        ephemeralKeypair: Signer;
+    });
+    sign(data: Uint8Array): Promise<Uint8Array<ArrayBuffer>>;
+    signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes>;
+    signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes>;
+    getKeyScheme(): import("@haneullabs/haneul/cryptography").SignatureScheme;
+    getPublicKey(): EnokiPublicKey;
+}

package/dist/cjs/EnokiKeypair.js

@@ -0,0 +1,87 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __typeError = (msg) => {
+  throw TypeError(msg);
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __accessCheck = (obj, member, msg) => member.has(obj) || __typeError("Cannot " + msg);
+var __privateGet = (obj, member, getter) => (__accessCheck(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj));
+var __privateAdd = (obj, member, value) => member.has(obj) ? __typeError("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value);
+var __privateSet = (obj, member, value, setter) => (__accessCheck(obj, member, "write to private field"), setter ? setter.call(obj, value) : member.set(obj, value), value);
+var EnokiKeypair_exports = {};
+__export(EnokiKeypair_exports, {
+  EnokiKeypair: () => EnokiKeypair,
+  EnokiPublicKey: () => EnokiPublicKey
+});
+module.exports = __toCommonJS(EnokiKeypair_exports);
+var import_cryptography = require("@haneullabs/haneul/cryptography");
+var import_zklogin = require("@haneullabs/haneul/zklogin");
+var _proof, _maxEpoch, _ephemeralKeypair, _publicKey;
+class EnokiPublicKey extends import_zklogin.ZkLoginPublicIdentifier {
+}
+class EnokiKeypair extends import_cryptography.Signer {
+  constructor(input) {
+    super();
+    __privateAdd(this, _proof);
+    __privateAdd(this, _maxEpoch);
+    __privateAdd(this, _ephemeralKeypair);
+    __privateAdd(this, _publicKey);
+    __privateSet(this, _proof, input.proof);
+    __privateSet(this, _maxEpoch, input.maxEpoch);
+    __privateSet(this, _ephemeralKeypair, input.ephemeralKeypair);
+    __privateSet(this, _publicKey, EnokiPublicKey.fromProof(input.address, input.proof));
+  }
+  async sign(data) {
+    return __privateGet(this, _ephemeralKeypair).sign(data);
+  }
+  async signPersonalMessage(bytes) {
+    const { bytes: signedBytes, signature: userSignature } = await __privateGet(this, _ephemeralKeypair).signPersonalMessage(bytes);
+    const zkSignature = (0, import_zklogin.getZkLoginSignature)({
+      inputs: __privateGet(this, _proof),
+      maxEpoch: __privateGet(this, _maxEpoch),
+      userSignature
+    });
+    return {
+      bytes: signedBytes,
+      signature: zkSignature
+    };
+  }
+  async signTransaction(bytes) {
+    const { bytes: signedBytes, signature: userSignature } = await __privateGet(this, _ephemeralKeypair).signTransaction(bytes);
+    const zkSignature = (0, import_zklogin.getZkLoginSignature)({
+      inputs: __privateGet(this, _proof),
+      maxEpoch: __privateGet(this, _maxEpoch),
+      userSignature
+    });
+    return {
+      bytes: signedBytes,
+      signature: zkSignature
+    };
+  }
+  getKeyScheme() {
+    return __privateGet(this, _ephemeralKeypair).getKeyScheme();
+  }
+  getPublicKey() {
+    return __privateGet(this, _publicKey);
+  }
+}
+_proof = new WeakMap();
+_maxEpoch = new WeakMap();
+_ephemeralKeypair = new WeakMap();
+_publicKey = new WeakMap();
+//# sourceMappingURL=EnokiKeypair.js.map

package/dist/cjs/EnokiKeypair.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/EnokiKeypair.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport type { SignatureWithBytes } from '@haneullabs/haneul/cryptography';\nimport { Signer } from '@haneullabs/haneul/cryptography';\nimport type { ZkLoginSignatureInputs } from '@haneullabs/haneul/zklogin';\nimport { getZkLoginSignature, ZkLoginPublicIdentifier } from '@haneullabs/haneul/zklogin';\n\nexport class EnokiPublicKey extends ZkLoginPublicIdentifier {}\n\nexport class EnokiKeypair extends Signer {\n\t#proof: ZkLoginSignatureInputs;\n\t#maxEpoch: number;\n\t#ephemeralKeypair: Signer;\n\t#publicKey: EnokiPublicKey;\n\n\tconstructor(input: {\n\t\taddress: string;\n\t\tmaxEpoch: number;\n\t\tproof: ZkLoginSignatureInputs;\n\t\tephemeralKeypair: Signer;\n\t}) {\n\t\tsuper();\n\t\tthis.#proof = input.proof;\n\t\tthis.#maxEpoch = input.maxEpoch;\n\t\tthis.#ephemeralKeypair = input.ephemeralKeypair;\n\t\tthis.#publicKey = EnokiPublicKey.fromProof(input.address, input.proof);\n\t}\n\n\tasync sign(data: Uint8Array) {\n\t\treturn this.#ephemeralKeypair.sign(data);\n\t}\n\n\tasync signPersonalMessage(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst { bytes: signedBytes, signature: userSignature } =\n\t\t\tawait this.#ephemeralKeypair.signPersonalMessage(bytes);\n\n\t\tconst zkSignature = getZkLoginSignature({\n\t\t\tinputs: this.#proof,\n\t\t\tmaxEpoch: this.#maxEpoch,\n\t\t\tuserSignature,\n\t\t});\n\n\t\treturn {\n\t\t\tbytes: signedBytes,\n\t\t\tsignature: zkSignature,\n\t\t};\n\t}\n\n\tasync signTransaction(bytes: Uint8Array): Promise<SignatureWithBytes> {\n\t\tconst { bytes: signedBytes, signature: userSignature } =\n\t\t\tawait this.#ephemeralKeypair.signTransaction(bytes);\n\n\t\tconst zkSignature = getZkLoginSignature({\n\t\t\tinputs: this.#proof,\n\t\t\tmaxEpoch: this.#maxEpoch,\n\t\t\tuserSignature,\n\t\t});\n\n\t\treturn {\n\t\t\tbytes: signedBytes,\n\t\t\tsignature: zkSignature,\n\t\t};\n\t}\n\n\tgetKeyScheme() {\n\t\treturn this.#ephemeralKeypair.getKeyScheme();\n\t}\n\n\tgetPublicKey() {\n\t\treturn this.#publicKey;\n\t}\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAIA,0BAAuB;AAEvB,qBAA6D;AAN7D;AAQO,MAAM,uBAAuB,uCAAwB;AAAC;AAEtD,MAAM,qBAAqB,2BAAO;AAAA,EAMxC,YAAY,OAKT;AACF,UAAM;AAXP;AACA;AACA;AACA;AASC,uBAAK,QAAS,MAAM;AACpB,uBAAK,WAAY,MAAM;AACvB,uBAAK,mBAAoB,MAAM;AAC/B,uBAAK,YAAa,eAAe,UAAU,MAAM,SAAS,MAAM,KAAK;AAAA,EACtE;AAAA,EAEA,MAAM,KAAK,MAAkB;AAC5B,WAAO,mBAAK,mBAAkB,KAAK,IAAI;AAAA,EACxC;AAAA,EAEA,MAAM,oBAAoB,OAAgD;AACzE,UAAM,EAAE,OAAO,aAAa,WAAW,cAAc,IACpD,MAAM,mBAAK,mBAAkB,oBAAoB,KAAK;AAEvD,UAAM,kBAAc,oCAAoB;AAAA,MACvC,QAAQ,mBAAK;AAAA,MACb,UAAU,mBAAK;AAAA,MACf;AAAA,IACD,CAAC;AAED,WAAO;AAAA,MACN,OAAO;AAAA,MACP,WAAW;AAAA,IACZ;AAAA,EACD;AAAA,EAEA,MAAM,gBAAgB,OAAgD;AACrE,UAAM,EAAE,OAAO,aAAa,WAAW,cAAc,IACpD,MAAM,mBAAK,mBAAkB,gBAAgB,KAAK;AAEnD,UAAM,kBAAc,oCAAoB;AAAA,MACvC,QAAQ,mBAAK;AAAA,MACb,UAAU,mBAAK;AAAA,MACf;AAAA,IACD,CAAC;AAED,WAAO;AAAA,MACN,OAAO;AAAA,MACP,WAAW;AAAA,IACZ;AAAA,EACD;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK,mBAAkB,aAAa;AAAA,EAC5C;AAAA,EAEA,eAAe;AACd,WAAO,mBAAK;AAAA,EACb;AACD;AA7DC;AACA;AACA;AACA;",
+  "names": []
+}

package/dist/cjs/encryption.d.ts

@@ -0,0 +1,15 @@
+/**
+ * A general interface for specifying how data should be encrypted and decrypted.
+ */
+export interface Encryption {
+    encrypt(password: string, data: string): Promise<string>;
+    decrypt(password: string, data: string): Promise<string>;
+}
+/**
+ * Create the default encryption interface, which uses the browsers built-in crypto primitives.
+ */
+export declare function createDefaultEncryption(): Encryption;
+/**
+ * Create a passthrough encryption interface, which does not encrypt or decrypt data.
+ */
+export declare function createPassthroughEncryption(): Encryption;

package/dist/cjs/encryption.js

@@ -0,0 +1,96 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var encryption_exports = {};
+__export(encryption_exports, {
+  createDefaultEncryption: () => createDefaultEncryption,
+  createPassthroughEncryption: () => createPassthroughEncryption
+});
+module.exports = __toCommonJS(encryption_exports);
+var import_utils = require("@haneullabs/haneul/utils");
+function createDefaultEncryption() {
+  async function keyFromPassword(password, salt) {
+    const key = await crypto.subtle.importKey(
+      "raw",
+      new TextEncoder().encode(password),
+      { name: "PBKDF2" },
+      false,
+      ["deriveBits", "deriveKey"]
+    );
+    const derivedKey = await crypto.subtle.deriveKey(
+      {
+        name: "PBKDF2",
+        salt,
+        iterations: 9e5,
+        hash: "SHA-256"
+      },
+      key,
+      { name: "AES-GCM", length: 256 },
+      false,
+      ["encrypt", "decrypt"]
+    );
+    return { key, derivedKey };
+  }
+  return {
+    async encrypt(password, data) {
+      const salt = crypto.getRandomValues(new Uint8Array(16));
+      const iv = crypto.getRandomValues(new Uint8Array(12));
+      const { derivedKey } = await keyFromPassword(password, salt);
+      const payload = await crypto.subtle.encrypt(
+        {
+          name: "AES-GCM",
+          iv
+        },
+        derivedKey,
+        new TextEncoder().encode(data)
+      );
+      return JSON.stringify({
+        payload: (0, import_utils.toBase64)(new Uint8Array(payload)),
+        iv: (0, import_utils.toBase64)(iv),
+        salt: (0, import_utils.toBase64)(salt)
+      });
+    },
+    async decrypt(password, data) {
+      const parsed = JSON.parse(data);
+      if (!parsed.payload || !parsed.iv || !parsed.salt) {
+        throw new Error("Invalid encrypted data");
+      }
+      const { derivedKey } = await keyFromPassword(password, (0, import_utils.fromBase64)(parsed.salt));
+      const decryptedContent = await crypto.subtle.decrypt(
+        {
+          name: "AES-GCM",
+          iv: (0, import_utils.fromBase64)(parsed.iv)
+        },
+        derivedKey,
+        (0, import_utils.fromBase64)(parsed.payload)
+      );
+      return new TextDecoder().decode(decryptedContent);
+    }
+  };
+}
+function createPassthroughEncryption() {
+  return {
+    async encrypt(_password, data) {
+      return data;
+    },
+    async decrypt(_password, data) {
+      return data;
+    }
+  };
+}
+//# sourceMappingURL=encryption.js.map

package/dist/cjs/encryption.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/encryption.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nimport { fromBase64, toBase64 } from '@haneullabs/haneul/utils';\n\n/**\n * A general interface for specifying how data should be encrypted and decrypted.\n */\nexport interface Encryption {\n\tencrypt(password: string, data: string): Promise<string>;\n\tdecrypt(password: string, data: string): Promise<string>;\n}\n\n/**\n * Create the default encryption interface, which uses the browsers built-in crypto primitives.\n */\nexport function createDefaultEncryption(): Encryption {\n\ttype EncryptedJSON = {\n\t\tpayload: string;\n\t\tiv: string;\n\t\tsalt: string;\n\t};\n\n\tasync function keyFromPassword(password: string, salt: Uint8Array) {\n\t\tconst key = await crypto.subtle.importKey(\n\t\t\t'raw',\n\t\t\tnew TextEncoder().encode(password),\n\t\t\t{ name: 'PBKDF2' },\n\t\t\tfalse,\n\t\t\t['deriveBits', 'deriveKey'],\n\t\t);\n\n\t\tconst derivedKey = await crypto.subtle.deriveKey(\n\t\t\t{\n\t\t\t\tname: 'PBKDF2',\n\t\t\t\tsalt: salt as BufferSource,\n\t\t\t\titerations: 900_000,\n\t\t\t\thash: 'SHA-256',\n\t\t\t},\n\t\t\tkey,\n\t\t\t{ name: 'AES-GCM', length: 256 },\n\t\t\tfalse,\n\t\t\t['encrypt', 'decrypt'],\n\t\t);\n\n\t\treturn { key, derivedKey };\n\t}\n\n\treturn {\n\t\tasync encrypt(password, data) {\n\t\t\tconst salt = crypto.getRandomValues(new Uint8Array(16));\n\t\t\tconst iv = crypto.getRandomValues(new Uint8Array(12));\n\n\t\t\tconst { derivedKey } = await keyFromPassword(password, salt);\n\n\t\t\tconst payload = await crypto.subtle.encrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv,\n\t\t\t\t},\n\t\t\t\tderivedKey,\n\t\t\t\tnew TextEncoder().encode(data),\n\t\t\t);\n\n\t\t\treturn JSON.stringify({\n\t\t\t\tpayload: toBase64(new Uint8Array(payload)),\n\t\t\t\tiv: toBase64(iv),\n\t\t\t\tsalt: toBase64(salt),\n\t\t\t} satisfies EncryptedJSON);\n\t\t},\n\t\tasync decrypt(password, data) {\n\t\t\tconst parsed = JSON.parse(data) as EncryptedJSON;\n\t\t\tif (!parsed.payload || !parsed.iv || !parsed.salt) {\n\t\t\t\tthrow new Error('Invalid encrypted data');\n\t\t\t}\n\n\t\t\tconst { derivedKey } = await keyFromPassword(password, fromBase64(parsed.salt));\n\n\t\t\tconst decryptedContent = await crypto.subtle.decrypt(\n\t\t\t\t{\n\t\t\t\t\tname: 'AES-GCM',\n\t\t\t\t\tiv: fromBase64(parsed.iv),\n\t\t\t\t},\n\t\t\t\tderivedKey,\n\t\t\t\tfromBase64(parsed.payload),\n\t\t\t);\n\n\t\t\treturn new TextDecoder().decode(decryptedContent);\n\t\t},\n\t};\n}\n\n/**\n * Create a passthrough encryption interface, which does not encrypt or decrypt data.\n */\nexport function createPassthroughEncryption(): Encryption {\n\treturn {\n\t\tasync encrypt(_password, data) {\n\t\t\treturn data;\n\t\t},\n\t\tasync decrypt(_password, data) {\n\t\t\treturn data;\n\t\t},\n\t};\n}\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,mBAAqC;AAa9B,SAAS,0BAAsC;AAOrD,iBAAe,gBAAgB,UAAkB,MAAkB;AAClE,UAAM,MAAM,MAAM,OAAO,OAAO;AAAA,MAC/B;AAAA,MACA,IAAI,YAAY,EAAE,OAAO,QAAQ;AAAA,MACjC,EAAE,MAAM,SAAS;AAAA,MACjB;AAAA,MACA,CAAC,cAAc,WAAW;AAAA,IAC3B;AAEA,UAAM,aAAa,MAAM,OAAO,OAAO;AAAA,MACtC;AAAA,QACC,MAAM;AAAA,QACN;AAAA,QACA,YAAY;AAAA,QACZ,MAAM;AAAA,MACP;AAAA,MACA;AAAA,MACA,EAAE,MAAM,WAAW,QAAQ,IAAI;AAAA,MAC/B;AAAA,MACA,CAAC,WAAW,SAAS;AAAA,IACtB;AAEA,WAAO,EAAE,KAAK,WAAW;AAAA,EAC1B;AAEA,SAAO;AAAA,IACN,MAAM,QAAQ,UAAU,MAAM;AAC7B,YAAM,OAAO,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AACtD,YAAM,KAAK,OAAO,gBAAgB,IAAI,WAAW,EAAE,CAAC;AAEpD,YAAM,EAAE,WAAW,IAAI,MAAM,gBAAgB,UAAU,IAAI;AAE3D,YAAM,UAAU,MAAM,OAAO,OAAO;AAAA,QACnC;AAAA,UACC,MAAM;AAAA,UACN;AAAA,QACD;AAAA,QACA;AAAA,QACA,IAAI,YAAY,EAAE,OAAO,IAAI;AAAA,MAC9B;AAEA,aAAO,KAAK,UAAU;AAAA,QACrB,aAAS,uBAAS,IAAI,WAAW,OAAO,CAAC;AAAA,QACzC,QAAI,uBAAS,EAAE;AAAA,QACf,UAAM,uBAAS,IAAI;AAAA,MACpB,CAAyB;AAAA,IAC1B;AAAA,IACA,MAAM,QAAQ,UAAU,MAAM;AAC7B,YAAM,SAAS,KAAK,MAAM,IAAI;AAC9B,UAAI,CAAC,OAAO,WAAW,CAAC,OAAO,MAAM,CAAC,OAAO,MAAM;AAClD,cAAM,IAAI,MAAM,wBAAwB;AAAA,MACzC;AAEA,YAAM,EAAE,WAAW,IAAI,MAAM,gBAAgB,cAAU,yBAAW,OAAO,IAAI,CAAC;AAE9E,YAAM,mBAAmB,MAAM,OAAO,OAAO;AAAA,QAC5C;AAAA,UACC,MAAM;AAAA,UACN,QAAI,yBAAW,OAAO,EAAE;AAAA,QACzB;AAAA,QACA;AAAA,YACA,yBAAW,OAAO,OAAO;AAAA,MAC1B;AAEA,aAAO,IAAI,YAAY,EAAE,OAAO,gBAAgB;AAAA,IACjD;AAAA,EACD;AACD;AAKO,SAAS,8BAA0C;AACzD,SAAO;AAAA,IACN,MAAM,QAAQ,WAAW,MAAM;AAC9B,aAAO;AAAA,IACR;AAAA,IACA,MAAM,QAAQ,WAAW,MAAM;AAC9B,aAAO;AAAA,IACR;AAAA,EACD;AACD;",
+  "names": []
+}

package/dist/cjs/index.d.ts

@@ -0,0 +1,12 @@
+export { EnokiClient, type EnokiClientConfig, EnokiClientError } from './EnokiClient/index.js';
+export type { EnokiNetwork, AuthProvider } from './EnokiClient/type.js';
+export { EnokiFlow, type EnokiFlowConfig } from './EnokiFlow.js';
+export { createLocalStorage, createSessionStorage, createInMemoryStorage, type SyncStore, } from './stores.js';
+export { createDefaultEncryption, type Encryption } from './encryption.js';
+export { EnokiKeypair, EnokiPublicKey } from './EnokiKeypair.js';
+export type { EnokiWallet } from './wallet/wallet.js';
+export { registerEnokiWallets } from './wallet/register.js';
+export { enokiWalletsInitializer } from './wallet/initializer.js';
+export { isEnokiWallet, isGoogleWallet, isTwitchWallet, isFacebookWallet, getWalletMetadata, getSession, } from './wallet/utils.js';
+export { type RegisterEnokiWalletsOptions } from './wallet/types.js';
+export { isEnokiNetwork } from './utils.js';

package/dist/cjs/index.js

@@ -0,0 +1,50 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var index_exports = {};
+__export(index_exports, {
+  EnokiClient: () => import_EnokiClient.EnokiClient,
+  EnokiClientError: () => import_EnokiClient.EnokiClientError,
+  EnokiFlow: () => import_EnokiFlow.EnokiFlow,
+  EnokiKeypair: () => import_EnokiKeypair.EnokiKeypair,
+  EnokiPublicKey: () => import_EnokiKeypair.EnokiPublicKey,
+  createDefaultEncryption: () => import_encryption.createDefaultEncryption,
+  createInMemoryStorage: () => import_stores.createInMemoryStorage,
+  createLocalStorage: () => import_stores.createLocalStorage,
+  createSessionStorage: () => import_stores.createSessionStorage,
+  enokiWalletsInitializer: () => import_initializer.enokiWalletsInitializer,
+  getSession: () => import_utils.getSession,
+  getWalletMetadata: () => import_utils.getWalletMetadata,
+  isEnokiNetwork: () => import_utils2.isEnokiNetwork,
+  isEnokiWallet: () => import_utils.isEnokiWallet,
+  isFacebookWallet: () => import_utils.isFacebookWallet,
+  isGoogleWallet: () => import_utils.isGoogleWallet,
+  isTwitchWallet: () => import_utils.isTwitchWallet,
+  registerEnokiWallets: () => import_register.registerEnokiWallets
+});
+module.exports = __toCommonJS(index_exports);
+var import_EnokiClient = require("./EnokiClient/index.js");
+var import_EnokiFlow = require("./EnokiFlow.js");
+var import_stores = require("./stores.js");
+var import_encryption = require("./encryption.js");
+var import_EnokiKeypair = require("./EnokiKeypair.js");
+var import_register = require("./wallet/register.js");
+var import_initializer = require("./wallet/initializer.js");
+var import_utils = require("./wallet/utils.js");
+var import_utils2 = require("./utils.js");
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/index.ts"],
+  "sourcesContent": ["// Copyright (c) Mysten Labs, Inc.\n// SPDX-License-Identifier: Apache-2.0\n\nexport { EnokiClient, type EnokiClientConfig, EnokiClientError } from './EnokiClient/index.js';\nexport type { EnokiNetwork, AuthProvider } from './EnokiClient/type.js';\nexport { EnokiFlow, type EnokiFlowConfig } from './EnokiFlow.js';\nexport {\n\tcreateLocalStorage,\n\tcreateSessionStorage,\n\tcreateInMemoryStorage,\n\ttype SyncStore,\n} from './stores.js';\nexport { createDefaultEncryption, type Encryption } from './encryption.js';\nexport { EnokiKeypair, EnokiPublicKey } from './EnokiKeypair.js';\n\nexport type { EnokiWallet } from './wallet/wallet.js';\nexport { registerEnokiWallets } from './wallet/register.js';\nexport { enokiWalletsInitializer } from './wallet/initializer.js';\n\nexport {\n\tisEnokiWallet,\n\tisGoogleWallet,\n\tisTwitchWallet,\n\tisFacebookWallet,\n\tgetWalletMetadata,\n\tgetSession,\n} from './wallet/utils.js';\nexport { type RegisterEnokiWalletsOptions } from './wallet/types.js';\n\nexport { isEnokiNetwork } from './utils.js';\n"],
+  "mappings": ";;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAGA,yBAAsE;AAEtE,uBAAgD;AAChD,oBAKO;AACP,wBAAyD;AACzD,0BAA6C;AAG7C,sBAAqC;AACrC,yBAAwC;AAExC,mBAOO;AAGP,IAAAA,gBAA+B;",
+  "names": ["import_utils"]
+}

package/dist/cjs/package.json

@@ -0,0 +1,4 @@
+{
+  "private": true,
+  "type": "commonjs"
+}