@inco/js 0.3.0 → 0.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/advancedacl/index.d.ts +2 -0
- package/dist/cjs/advancedacl/index.js +19 -0
- package/dist/cjs/advancedacl/session-key.d.ts +28 -0
- package/dist/cjs/advancedacl/session-key.js +176 -0
- package/dist/cjs/advancedacl/types.d.ts +15 -0
- package/dist/cjs/advancedacl/types.js +3 -0
- package/dist/cjs/generated/abis/lightning-preview.d.ts +2265 -0
- package/dist/cjs/generated/abis/lightning-preview.js +1429 -0
- package/dist/cjs/lite/lightning.d.ts +55 -1
- package/dist/cjs/lite/lightning.js +73 -2
- package/dist/cjs/local/local-node.d.ts +1 -1
- package/dist/cjs/local/local-node.js +15 -15
- package/dist/esm/advancedacl/index.d.ts +2 -0
- package/dist/esm/advancedacl/index.js +3 -0
- package/dist/esm/advancedacl/session-key.d.ts +28 -0
- package/dist/esm/advancedacl/session-key.js +170 -0
- package/dist/esm/advancedacl/types.d.ts +15 -0
- package/dist/esm/advancedacl/types.js +2 -0
- package/dist/esm/generated/abis/lightning-preview.d.ts +2265 -0
- package/dist/esm/generated/abis/lightning-preview.js +1426 -0
- package/dist/esm/lite/lightning.d.ts +55 -1
- package/dist/esm/lite/lightning.js +73 -2
- package/dist/esm/local/local-node.d.ts +1 -1
- package/dist/esm/local/local-node.js +3 -3
- package/dist/types/advancedacl/index.d.ts +2 -0
- package/dist/types/advancedacl/session-key.d.ts +28 -0
- package/dist/types/advancedacl/types.d.ts +15 -0
- package/dist/types/generated/abis/lightning-preview.d.ts +2265 -0
- package/dist/types/lite/lightning.d.ts +55 -1
- package/dist/types/local/local-node.d.ts +1 -1
- package/package.json +1 -1
|
@@ -1,10 +1,12 @@
|
|
|
1
1
|
import { Account, Chain, Transport, WalletClient } from 'viem';
|
|
2
|
+
import { AllowanceVoucherWithSig } from '../advancedacl/types.js';
|
|
2
3
|
import { Address, HexString } from '../binary.js';
|
|
3
|
-
import { EciesScheme } from '../encryption/index.js';
|
|
4
|
+
import { EciesScheme, PlaintextOf } from '../encryption/index.js';
|
|
4
5
|
import { lightningDeployments } from '../generated/lightning.js';
|
|
5
6
|
import { localNodeLightningConfig } from '../generated/local-node.js';
|
|
6
7
|
import { LocalNodeEnv } from '../local/index.js';
|
|
7
8
|
import type { Reencryptor } from '../reencryption/index.js';
|
|
9
|
+
import { Secp256k1Keypair } from './ecies.js';
|
|
8
10
|
type TupleToUnion<T> = T extends readonly unknown[] ? T[number] : never;
|
|
9
11
|
type Deployment = TupleToUnion<typeof lightningDeployments>;
|
|
10
12
|
type DistributedPick<T, K> = T extends any ? Pick<T, Extract<keyof T, K>> : never;
|
|
@@ -120,6 +122,58 @@ export declare class Lightning<T extends DeploymentSlice = DeploymentSlice> {
|
|
|
120
122
|
* @param walletClient the wallet client to use for signing the reencrypt request.
|
|
121
123
|
*/
|
|
122
124
|
getReencryptor(walletClient: WalletClient<Transport, Chain, Account>): Promise<Reencryptor<EciesScheme>>;
|
|
125
|
+
/**
|
|
126
|
+
* Grants a session key allowance voucher for secure reencryption operations.
|
|
127
|
+
*
|
|
128
|
+
* This method creates a signed allowance voucher that authorizes a specific requester address
|
|
129
|
+
* to perform reencryption operations using session keys. The voucher includes an expiration time
|
|
130
|
+
* and can optionally specify a custom session verifier contract address.
|
|
131
|
+
*
|
|
132
|
+
* @param walletClient - The wallet client used for signing the allowance voucher
|
|
133
|
+
* @param granteeAddress - The address of the entity requesting the session key allowance
|
|
134
|
+
* @param expiresAt - The timestamp when the allowance voucher expires (as a bigint)
|
|
135
|
+
* @param sessionVerifierAddress - Optional custom session verifier contract address. If not provided, uses the executor address
|
|
136
|
+
* @returns A promise that resolves to an AllowanceVoucherWithSig containing the signed allowance voucher
|
|
137
|
+
*
|
|
138
|
+
* @example
|
|
139
|
+
* ```typescript
|
|
140
|
+
* const voucher = await lightning.grantSessionKeyAllowanceVoucher(
|
|
141
|
+
* walletClient,
|
|
142
|
+
* "0x1234...",
|
|
143
|
+
* BigInt(Date.now() + 3600000), // 1 hour from now
|
|
144
|
+
* "0x5678..." // optional custom verifier
|
|
145
|
+
* );
|
|
146
|
+
* ```
|
|
147
|
+
*/
|
|
148
|
+
grantSessionKeyAllowanceVoucher(walletClient: WalletClient<Transport, Chain, Account>, granteeAddress: string, expiresAt: Date, sessionVerifierAddress: string): Promise<AllowanceVoucherWithSig>;
|
|
149
|
+
/**
|
|
150
|
+
* Creates a session key reencryptor for secure data reencryption operations.
|
|
151
|
+
*
|
|
152
|
+
* This method returns a reencryptor instance that can be used to perform reencryption
|
|
153
|
+
* operations using session keys. The reencryptor is configured with the provided
|
|
154
|
+
* allowance voucher and ephemeral keypair for secure communication.
|
|
155
|
+
*
|
|
156
|
+
* @param allowanceVoucherWithSig - The signed allowance voucher obtained from grantSessionKeyAllowanceVoucher
|
|
157
|
+
* @param ephemeralKeypair - The ephemeral keypair used for secure communication with the KMS make sure it has allowance to voucher
|
|
158
|
+
* @returns A reencryptor instance configured for session key operations
|
|
159
|
+
*
|
|
160
|
+
* @example
|
|
161
|
+
* ```typescript
|
|
162
|
+
* const reencryptor = await lightning.getSessionKeyRencryptor(voucher, ephemeralKeypair);
|
|
163
|
+
* const decryptedValue = await reencryptor({handle: resultHandle});
|
|
164
|
+
* ```
|
|
165
|
+
*/
|
|
166
|
+
getSessionKeyRencryptor(allowanceVoucherWithSig: AllowanceVoucherWithSig, ephemeralKeypair: Secp256k1Keypair): Promise<(<T_1 extends import("../encryption/encryption.js").SupportedFheType>({ handle }: import("../reencryption/types.js").ReencryptFnArgs<EciesScheme, T_1>) => Promise<PlaintextOf<1, 0 | 5 | 7 | 8>>)>;
|
|
167
|
+
/**
|
|
168
|
+
* Updates the active session nonce for the given wallet client.
|
|
169
|
+
*
|
|
170
|
+
* This method updates the active session nonce for the given wallet client.
|
|
171
|
+
* It nullifies all the previous shared addresses accessing the voucher.
|
|
172
|
+
*
|
|
173
|
+
* @param walletClient - The wallet client used for updating the session nonce
|
|
174
|
+
* @returns The transaction hash of the updateActiveVouchersSessionNonce transaction
|
|
175
|
+
*/
|
|
176
|
+
updateActiveVouchersSessionNonce(walletClient: WalletClient<Transport, Chain, Account>): Promise<HexString>;
|
|
123
177
|
/**
|
|
124
178
|
* Get the GRPC endpoint for the covalidator that services this deployment.
|
|
125
179
|
*/
|
|
@@ -4,6 +4,7 @@ exports.Lightning = void 0;
|
|
|
4
4
|
const fs = require("fs/promises");
|
|
5
5
|
const viem_1 = require("viem");
|
|
6
6
|
const chains_1 = require("viem/chains");
|
|
7
|
+
const session_key_js_1 = require("../advancedacl/session-key.js");
|
|
7
8
|
const binary_js_1 = require("../binary.js");
|
|
8
9
|
const index_js_1 = require("../encryption/index.js");
|
|
9
10
|
const lightning_js_1 = require("../generated/lightning.js");
|
|
@@ -73,7 +74,7 @@ class Lightning {
|
|
|
73
74
|
return Lightning.custom({
|
|
74
75
|
// We assume that we always run a local node as the default anvil node
|
|
75
76
|
chainId: env.COVALIDATOR_HOST_CHAIN_ID ? Number(env.COVALIDATOR_HOST_CHAIN_ID) : conf.chainId,
|
|
76
|
-
covalidatorUrl: env.
|
|
77
|
+
covalidatorUrl: env.COVALIDATOR_URL ?? conf.covalidatorUrl,
|
|
77
78
|
hostChainRpcUrl: env.COVALIDATOR_HOST_CHAIN_RPC_URL ?? conf.hostChainRpcUrl ?? 'http://localhost:8545',
|
|
78
79
|
// These variables vary per environment
|
|
79
80
|
executorAddress: env.EXECUTOR_ADDRESS,
|
|
@@ -183,6 +184,76 @@ class Lightning {
|
|
|
183
184
|
ephemeralKeypair: this.ephemeralKeypair,
|
|
184
185
|
});
|
|
185
186
|
}
|
|
187
|
+
/**
|
|
188
|
+
* Grants a session key allowance voucher for secure reencryption operations.
|
|
189
|
+
*
|
|
190
|
+
* This method creates a signed allowance voucher that authorizes a specific requester address
|
|
191
|
+
* to perform reencryption operations using session keys. The voucher includes an expiration time
|
|
192
|
+
* and can optionally specify a custom session verifier contract address.
|
|
193
|
+
*
|
|
194
|
+
* @param walletClient - The wallet client used for signing the allowance voucher
|
|
195
|
+
* @param granteeAddress - The address of the entity requesting the session key allowance
|
|
196
|
+
* @param expiresAt - The timestamp when the allowance voucher expires (as a bigint)
|
|
197
|
+
* @param sessionVerifierAddress - Optional custom session verifier contract address. If not provided, uses the executor address
|
|
198
|
+
* @returns A promise that resolves to an AllowanceVoucherWithSig containing the signed allowance voucher
|
|
199
|
+
*
|
|
200
|
+
* @example
|
|
201
|
+
* ```typescript
|
|
202
|
+
* const voucher = await lightning.grantSessionKeyAllowanceVoucher(
|
|
203
|
+
* walletClient,
|
|
204
|
+
* "0x1234...",
|
|
205
|
+
* BigInt(Date.now() + 3600000), // 1 hour from now
|
|
206
|
+
* "0x5678..." // optional custom verifier
|
|
207
|
+
* );
|
|
208
|
+
* ```
|
|
209
|
+
*/
|
|
210
|
+
grantSessionKeyAllowanceVoucher(walletClient, granteeAddress, expiresAt, sessionVerifierAddress) {
|
|
211
|
+
return (0, session_key_js_1.grantSessionKey)({
|
|
212
|
+
chainId: this.chainId,
|
|
213
|
+
incoLiteAddress: this.executorAddress,
|
|
214
|
+
sessionVerifierContractAddress: (0, binary_js_1.parseAddress)(sessionVerifierAddress),
|
|
215
|
+
granteeAddress: (0, binary_js_1.parseAddress)(granteeAddress),
|
|
216
|
+
sharerWalletClient: walletClient,
|
|
217
|
+
expiresAt,
|
|
218
|
+
});
|
|
219
|
+
}
|
|
220
|
+
/**
|
|
221
|
+
* Creates a session key reencryptor for secure data reencryption operations.
|
|
222
|
+
*
|
|
223
|
+
* This method returns a reencryptor instance that can be used to perform reencryption
|
|
224
|
+
* operations using session keys. The reencryptor is configured with the provided
|
|
225
|
+
* allowance voucher and ephemeral keypair for secure communication.
|
|
226
|
+
*
|
|
227
|
+
* @param allowanceVoucherWithSig - The signed allowance voucher obtained from grantSessionKeyAllowanceVoucher
|
|
228
|
+
* @param ephemeralKeypair - The ephemeral keypair used for secure communication with the KMS make sure it has allowance to voucher
|
|
229
|
+
* @returns A reencryptor instance configured for session key operations
|
|
230
|
+
*
|
|
231
|
+
* @example
|
|
232
|
+
* ```typescript
|
|
233
|
+
* const reencryptor = await lightning.getSessionKeyRencryptor(voucher, ephemeralKeypair);
|
|
234
|
+
* const decryptedValue = await reencryptor({handle: resultHandle});
|
|
235
|
+
* ```
|
|
236
|
+
*/
|
|
237
|
+
getSessionKeyRencryptor(allowanceVoucherWithSig, ephemeralKeypair) {
|
|
238
|
+
return (0, session_key_js_1.sessionKeyReencryptor)({
|
|
239
|
+
chainId: this.chainId,
|
|
240
|
+
kmsConnectRpcEndpointOrClient: this.kmsClient,
|
|
241
|
+
ephemeralKeypair,
|
|
242
|
+
allowanceVoucherWithSig,
|
|
243
|
+
});
|
|
244
|
+
}
|
|
245
|
+
/**
|
|
246
|
+
* Updates the active session nonce for the given wallet client.
|
|
247
|
+
*
|
|
248
|
+
* This method updates the active session nonce for the given wallet client.
|
|
249
|
+
* It nullifies all the previous shared addresses accessing the voucher.
|
|
250
|
+
*
|
|
251
|
+
* @param walletClient - The wallet client used for updating the session nonce
|
|
252
|
+
* @returns The transaction hash of the updateActiveVouchersSessionNonce transaction
|
|
253
|
+
*/
|
|
254
|
+
updateActiveVouchersSessionNonce(walletClient) {
|
|
255
|
+
return (0, session_key_js_1.updateActiveVouchersSessionNonce)(this.executorAddress, walletClient);
|
|
256
|
+
}
|
|
186
257
|
/**
|
|
187
258
|
* Get the GRPC endpoint for the covalidator that services this deployment.
|
|
188
259
|
*/
|
|
@@ -214,4 +285,4 @@ class Lightning {
|
|
|
214
285
|
}
|
|
215
286
|
}
|
|
216
287
|
exports.Lightning = Lightning;
|
|
217
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
288
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlnaHRuaW5nLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2xpdGUvbGlnaHRuaW5nLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQUNBLGtDQUFrQztBQUNsQywrQkFBMkU7QUFDM0Usd0NBQTBDO0FBQzFDLGtFQUl1QztBQUV2Qyw0Q0FBZ0U7QUFDaEUscURBQWdHO0FBRWhHLDREQUFpRTtBQUNqRSw4REFBc0U7QUFDdEUsNENBQTJDO0FBQzNDLGdEQUFnRTtBQUVoRSw0Q0FBcUM7QUFDckMseUNBQXFIO0FBQ3JILGlEQUFtRTtBQXdCbkUsTUFBTSxhQUFhLEdBQW9CLFNBQVMsQ0FBQztBQXVCakQ7OztHQUdHO0FBQ0gsTUFBYSxTQUFTO0lBVUQ7SUFDRDtJQVZGLGVBQWUsQ0FBVTtJQUN6QixjQUFjLENBQVk7SUFDMUIsT0FBTyxDQUFTO0lBRWYsU0FBUyxDQUF5QjtJQUNsQyxnQkFBZ0IsQ0FBbUI7SUFDbkMsU0FBUyxDQUE0QjtJQUV0RCxZQUNtQixXQUFjLEVBQ2YsY0FBc0I7UUFEckIsZ0JBQVcsR0FBWCxXQUFXLENBQUc7UUFDZixtQkFBYyxHQUFkLGNBQWMsQ0FBUTtRQUV0QyxJQUFJLENBQUMsZUFBZSxHQUFHLElBQUEsd0JBQVksRUFBQyxXQUFXLENBQUMsZUFBZSxDQUFDLENBQUM7UUFDakUsSUFBSSxDQUFDLGNBQWMsR0FBRyxJQUFBLGlCQUFLLEVBQUMscUJBQVMsRUFBRSxXQUFXLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDbkUsSUFBSSxDQUFDLE9BQU8sR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRTNDLElBQUksQ0FBQyxnQkFBZ0IsR0FBRyxJQUFBLG1DQUF3QixHQUFFLENBQUM7UUFDbkQsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFBLDJCQUFZLEVBQUMsY0FBYyxDQUFDLENBQUM7UUFDOUMsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFBLDRCQUFpQixFQUFDO1lBQ2pDLE1BQU0sRUFBRSw0QkFBaUIsQ0FBQyxLQUFLO1lBQy9CLE9BQU8sRUFBRSxJQUFBLG1DQUF3QixFQUFDLElBQUEsaUJBQVUsRUFBQyxJQUFBLGlCQUFLLEVBQUMscUJBQVMsRUFBRSxXQUFXLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQztZQUMzRixRQUFRLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtTQUNoQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7O09BRUc7SUFDSCxNQUFNLENBQUMsa0JBQWtCO1FBQ3ZCLE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyxTQUFTLEVBQUUsb0JBQVcsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7O09BY0c7SUFDSCxNQUFNLENBQUMsU0FBUyxDQUFDLEdBQW9DO1FBQ25ELElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztZQUNULE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyx3Q0FBd0IsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFDRCxJQUFJLE9BQU8sR0FBRyxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQzVCLE9BQU8sU0FBUyxDQUFDLE1BQU0sQ0FBQyx3Q0FBd0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFDRCxNQUFNLElBQUksR0FBRyx3Q0FBd0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNyRCxPQUFPLFNBQVMsQ0FBQyxNQUFNLENBQUM7WUFDdEIsc0VBQXNFO1lBQ3RFLE9BQU8sRUFBRSxHQUFHLENBQUMseUJBQXlCLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMseUJBQXlCLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLE9BQU87WUFDN0YsY0FBYyxFQUFFLEdBQUcsQ0FBQyxlQUFlLElBQUksSUFBSSxDQUFDLGNBQWM7WUFDMUQsZUFBZSxFQUFFLEdBQUcsQ0FBQyw4QkFBOEIsSUFBSSxJQUFJLENBQUMsZUFBZSxJQUFJLHVCQUF1QjtZQUN0Ryx1Q0FBdUM7WUFDdkMsZUFBZSxFQUFFLEdBQUcsQ0FBQyxnQkFBZ0I7WUFDckMsY0FBYyxFQUFFLEdBQUcsQ0FBQyxnQkFBZ0I7WUFDcEMsZ0JBQWdCLEVBQUUsR0FBRyxDQUFDLGtCQUFrQjtTQUN6QyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsUUFBaUI7UUFDN0MsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FBQztRQUMvRCxNQUFNLEdBQUcsR0FBRyxJQUFBLHdCQUFhLEVBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsT0FBTyxTQUFTLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEVBQUUsQ0FBQyxFQUFnQjtRQUN4QixNQUFNLFVBQVUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUUsQ0FBQztZQUNwQyxDQUFDLENBQUMsbUNBQW9CLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxLQUFLLEVBQUUsQ0FBQyxJQUFJLElBQUksQ0FBQyxDQUFDLE9BQU8sS0FBSyxFQUFFLENBQUMsT0FBTyxDQUFDO1lBQ2xGLENBQUMsQ0FBQyxtQ0FBb0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxlQUFlLEtBQUssRUFBRSxDQUFDLGVBQWUsSUFBSSxDQUFDLENBQUMsT0FBTyxLQUFLLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMzRyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDaEIsTUFBTSxJQUFJLEtBQUssQ0FBQywyQkFBMkIsSUFBSSxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUM7UUFDbkUsQ0FBQztRQUNELE9BQU8sSUFBSSxTQUFTLENBQUMsVUFBVSxFQUFFLFNBQVMsQ0FBQyxpQkFBaUIsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILE1BQU0sQ0FBQyxNQUFNLENBQXlCLE1BQVM7UUFDN0MsT0FBTyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsTUFBTSxDQUFDLGNBQWMsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxNQUFNLENBQUMsZ0JBQWdCLENBQW1CLE1BQVMsRUFBRSxPQUFnQjtRQUNuRSxzRUFBc0U7UUFDdEUsTUFBTSxjQUFjLEdBQUcsbUNBQW9CLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLE1BQU0sSUFBSSxDQUFDLENBQUMsT0FBTyxLQUFLLE9BQU8sQ0FBQyxDQUFDO1FBQ3RHLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUNwQiw0R0FBNEc7WUFDNUcsd0JBQXdCO1lBQ3hCLE1BQU0sSUFBSSxLQUFLLENBQUMsa0NBQWtDLE1BQU0sRUFBRSxDQUFDLENBQUM7UUFDOUQsQ0FBQztRQUNELE9BQU8sY0FBYyxDQUFDO0lBQ3hCLENBQUM7SUFFRDs7Ozs7OztPQU9HO0lBQ0gsTUFBTSxDQUFDLE1BQU0sQ0FBbUIsTUFBUyxFQUFFLE9BQWdCO1FBQ3pELE9BQU8sU0FBUyxDQUFDLEVBQUUsQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDbkUsQ0FBQztJQUVEOzs7T0FHRztJQUNILElBQUksVUFBVTtRQUNaLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0gsS0FBSyxDQUFDLE9BQU8sQ0FDWCxLQUFRLEVBQ1IsRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFxQjtRQUVsRCxNQUFNLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDO1lBQzFDLFNBQVMsRUFBRSxTQUFTLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDO1lBQzlDLE9BQU8sRUFBRTtnQkFDUCxXQUFXLEVBQUUsSUFBSSxDQUFDLE9BQU87Z0JBQ3pCLFVBQVUsRUFBRSxJQUFJLENBQUMsZUFBZTtnQkFDaEMsV0FBVyxFQUFFLElBQUEsd0JBQVksRUFBQyxjQUFjLENBQUM7Z0JBQ3pDLGVBQWUsRUFBRSxJQUFBLHdCQUFZLEVBQUMsV0FBVyxDQUFDO2FBQzNDO1NBQ0YsQ0FBQyxDQUFDO1FBQ0gsT0FBTyxVQUFVLENBQUMsS0FBSyxDQUFDO0lBQzFCLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxjQUFjLENBQUMsWUFBcUQ7UUFDbEUsT0FBTyxJQUFBLGtDQUFtQixFQUFDO1lBQ3pCLFlBQVk7WUFDWiw2QkFBNkIsRUFBRSxJQUFJLENBQUMsU0FBUztZQUM3QyxPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQjtTQUN4QyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0FzQkc7SUFDSCwrQkFBK0IsQ0FDN0IsWUFBcUQsRUFDckQsY0FBc0IsRUFDdEIsU0FBZSxFQUNmLHNCQUE4QjtRQUU5QixPQUFPLElBQUEsZ0NBQWUsRUFBQztZQUNyQixPQUFPLEVBQUUsSUFBSSxDQUFDLE9BQU87WUFDckIsZUFBZSxFQUFFLElBQUksQ0FBQyxlQUFlO1lBQ3JDLDhCQUE4QixFQUFFLElBQUEsd0JBQVksRUFBQyxzQkFBc0IsQ0FBQztZQUNwRSxjQUFjLEVBQUUsSUFBQSx3QkFBWSxFQUFDLGNBQWMsQ0FBQztZQUM1QyxrQkFBa0IsRUFBRSxZQUFZO1lBQ2hDLFNBQVM7U0FDVixDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7T0FnQkc7SUFDSCx1QkFBdUIsQ0FBQyx1QkFBZ0QsRUFBRSxnQkFBa0M7UUFDMUcsT0FBTyxJQUFBLHNDQUFxQixFQUFDO1lBQzNCLE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQiw2QkFBNkIsRUFBRSxJQUFJLENBQUMsU0FBUztZQUM3QyxnQkFBZ0I7WUFDaEIsdUJBQXVCO1NBQ3hCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRDs7Ozs7Ozs7T0FRRztJQUNILGdDQUFnQyxDQUFDLFlBQXFEO1FBQ3BGLE9BQU8sSUFBQSxpREFBZ0MsRUFBQyxJQUFJLENBQUMsZUFBZSxFQUFFLFlBQVksQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFFRDs7T0FFRztJQUNJLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxVQUFnRDtRQUM5RSxNQUFNLEVBQUUsZUFBZSxFQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsR0FBRyxVQUFVLENBQUM7UUFDeEQsT0FBTyxXQUFXLGVBQWUsQ0FBQyxXQUFXLEVBQUUsSUFBSSxPQUFPLElBQUksTUFBTSxXQUFXLENBQUM7SUFDbEYsQ0FBQztJQUVPLE1BQU0sQ0FBQyxVQUFVLENBQUMsRUFBZ0I7UUFDeEMsT0FBUSxFQUF1QixDQUFDLElBQUksS0FBSyxTQUFTLENBQUM7SUFDckQsQ0FBQztJQUVPLE1BQU0sQ0FBQyxrQkFBa0IsQ0FDL0IsS0FBUTtRQUVSLElBQUksT0FBTyxLQUFLLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDL0IsT0FBTztnQkFDTCxNQUFNLEVBQUUsNEJBQWlCLENBQUMsS0FBSztnQkFDL0IsSUFBSSxFQUFFLHVCQUFXLENBQUMsS0FBSztnQkFDdkIsS0FBSyxFQUFFLEtBQUs7YUFDc0MsQ0FBQztRQUN2RCxDQUFDO2FBQU0sSUFBSSxPQUFPLEtBQUssS0FBSyxRQUFRLElBQUksT0FBTyxLQUFLLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDbEUsT0FBTztnQkFDTCxNQUFNLEVBQUUsNEJBQWlCLENBQUMsS0FBSztnQkFDL0IsSUFBSSxFQUFFLHVCQUFXLENBQUMsUUFBUTtnQkFDMUIsS0FBSyxFQUFFLE1BQU0sQ0FBQyxLQUFLLENBQUM7YUFDOEIsQ0FBQztRQUN2RCxDQUFDO2FBQU0sQ0FBQztZQUNOLE1BQU0sSUFBSSxLQUFLLENBQUMsb0JBQW9CLE9BQU8sS0FBSyxFQUFFLENBQUMsQ0FBQztRQUN0RCxDQUFDO0lBQ0gsQ0FBQztDQUNGO0FBbFNELDhCQWtTQyJ9
|
|
@@ -15,7 +15,7 @@ export declare const LocalNodeEnv: Schema.Struct<{
|
|
|
15
15
|
COVALIDATOR_INCO_EXECUTOR_ADDR: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
|
|
16
16
|
COVALIDATOR_DECRYPTION_HANDLER_ADDR: Schema.brand<Schema.filter<Schema.TemplateLiteral<`0x${string}`>>, "Address">;
|
|
17
17
|
COVALIDATOR_HOST_CHAIN_ID: Schema.optional<typeof Schema.String>;
|
|
18
|
-
|
|
18
|
+
COVALIDATOR_URL: Schema.optional<typeof Schema.String>;
|
|
19
19
|
COVALIDATOR_HOST_CHAIN_RPC_URL: Schema.optional<typeof Schema.String>;
|
|
20
20
|
}>;
|
|
21
21
|
export type LocalNodeEnv = typeof LocalNodeEnv.Type;
|
|
@@ -3,25 +3,25 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.LocalNodeEnv = void 0;
|
|
4
4
|
exports.parseLocalEnv = parseLocalEnv;
|
|
5
5
|
const dotenv = require("@dotenvx/dotenvx");
|
|
6
|
-
const hex_1 = require("@inco/pega/lib/hex");
|
|
7
6
|
const effect_1 = require("effect");
|
|
7
|
+
const binary_js_1 = require("../binary.js");
|
|
8
8
|
exports.LocalNodeEnv = effect_1.Schema.Struct({
|
|
9
|
-
DEPLOYER_ADDRESS:
|
|
9
|
+
DEPLOYER_ADDRESS: binary_js_1.Address,
|
|
10
10
|
STATE_DUMP: effect_1.Schema.String,
|
|
11
|
-
EXECUTOR_ADDRESS:
|
|
12
|
-
ECIES_PUBLIC_KEY:
|
|
13
|
-
CALLBACK_ADDRESS:
|
|
14
|
-
SENDER_ADDRESS:
|
|
15
|
-
SENDER_PRIVATE_KEY:
|
|
11
|
+
EXECUTOR_ADDRESS: binary_js_1.Address,
|
|
12
|
+
ECIES_PUBLIC_KEY: binary_js_1.HexString,
|
|
13
|
+
CALLBACK_ADDRESS: binary_js_1.HexString,
|
|
14
|
+
SENDER_ADDRESS: binary_js_1.Address,
|
|
15
|
+
SENDER_PRIVATE_KEY: binary_js_1.HexString,
|
|
16
16
|
PEPPER: effect_1.Schema.String,
|
|
17
|
-
COVALIDATOR_ECIES_PRIVATE_KEY:
|
|
18
|
-
COVALIDATOR_EIP712_PRIVATE_SIGNING_KEY:
|
|
19
|
-
COVALIDATOR_CALLBACK_PRIVATE_KEY:
|
|
20
|
-
COVALIDATOR_ACL_ADDR:
|
|
21
|
-
COVALIDATOR_INCO_EXECUTOR_ADDR:
|
|
22
|
-
COVALIDATOR_DECRYPTION_HANDLER_ADDR:
|
|
17
|
+
COVALIDATOR_ECIES_PRIVATE_KEY: binary_js_1.HexString,
|
|
18
|
+
COVALIDATOR_EIP712_PRIVATE_SIGNING_KEY: binary_js_1.HexString,
|
|
19
|
+
COVALIDATOR_CALLBACK_PRIVATE_KEY: binary_js_1.HexString,
|
|
20
|
+
COVALIDATOR_ACL_ADDR: binary_js_1.Address,
|
|
21
|
+
COVALIDATOR_INCO_EXECUTOR_ADDR: binary_js_1.Address,
|
|
22
|
+
COVALIDATOR_DECRYPTION_HANDLER_ADDR: binary_js_1.Address,
|
|
23
23
|
COVALIDATOR_HOST_CHAIN_ID: effect_1.Schema.optional(effect_1.Schema.String),
|
|
24
|
-
|
|
24
|
+
COVALIDATOR_URL: effect_1.Schema.optional(effect_1.Schema.String),
|
|
25
25
|
COVALIDATOR_HOST_CHAIN_RPC_URL: effect_1.Schema.optional(effect_1.Schema.String),
|
|
26
26
|
});
|
|
27
27
|
// Parses a local environment file or object into a LocalNodeEnv type.
|
|
@@ -30,4 +30,4 @@ function parseLocalEnv(envFileOrObj) {
|
|
|
30
30
|
const envObj = envFileOrObj ? dotenv.parse(envFileOrObj) : process.env;
|
|
31
31
|
return effect_1.Schema.decodeUnknownSync(exports.LocalNodeEnv)(envObj);
|
|
32
32
|
}
|
|
33
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
33
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibG9jYWwtbm9kZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9sb2NhbC9sb2NhbC1ub2RlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7OztBQTRCQSxzQ0FHQztBQS9CRCwyQ0FBMkM7QUFDM0MsbUNBQWdDO0FBQ2hDLDRDQUFrRDtBQUVyQyxRQUFBLFlBQVksR0FBRyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQ3hDLGdCQUFnQixFQUFFLG1CQUFPO0lBQ3pCLFVBQVUsRUFBRSxlQUFNLENBQUMsTUFBTTtJQUN6QixnQkFBZ0IsRUFBRSxtQkFBTztJQUN6QixnQkFBZ0IsRUFBRSxxQkFBUztJQUMzQixnQkFBZ0IsRUFBRSxxQkFBUztJQUMzQixjQUFjLEVBQUUsbUJBQU87SUFDdkIsa0JBQWtCLEVBQUUscUJBQVM7SUFDN0IsTUFBTSxFQUFFLGVBQU0sQ0FBQyxNQUFNO0lBQ3JCLDZCQUE2QixFQUFFLHFCQUFTO0lBQ3hDLHNDQUFzQyxFQUFFLHFCQUFTO0lBQ2pELGdDQUFnQyxFQUFFLHFCQUFTO0lBQzNDLG9CQUFvQixFQUFFLG1CQUFPO0lBQzdCLDhCQUE4QixFQUFFLG1CQUFPO0lBQ3ZDLG1DQUFtQyxFQUFFLG1CQUFPO0lBQzVDLHlCQUF5QixFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMsZUFBTSxDQUFDLE1BQU0sQ0FBQztJQUN6RCxlQUFlLEVBQUUsZUFBTSxDQUFDLFFBQVEsQ0FBQyxlQUFNLENBQUMsTUFBTSxDQUFDO0lBQy9DLDhCQUE4QixFQUFFLGVBQU0sQ0FBQyxRQUFRLENBQUMsZUFBTSxDQUFDLE1BQU0sQ0FBQztDQUMvRCxDQUFDLENBQUM7QUFJSCxzRUFBc0U7QUFDdEUsZ0VBQWdFO0FBQ2hFLFNBQWdCLGFBQWEsQ0FBQyxZQUE4QjtJQUMxRCxNQUFNLE1BQU0sR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUM7SUFDdkUsT0FBTyxlQUFNLENBQUMsaUJBQWlCLENBQUMsb0JBQVksQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0FBQ3hELENBQUMifQ==
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
export * from './session-key.js';
|
|
2
|
+
export * from './types.js';
|
|
3
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxrQkFBa0IsQ0FBQztBQUNqQyxjQUFjLFlBQVksQ0FBQyJ9
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
import type { Client } from '@connectrpc/connect';
|
|
2
|
+
import { type Account, type Address, type Chain, type Hex, type Transport, type WalletClient } from 'viem';
|
|
3
|
+
import { type EciesScheme, SupportedFheType } from '../encryption/encryption.js';
|
|
4
|
+
import type { KmsService, Secp256k1Keypair } from '../lite/index.js';
|
|
5
|
+
import { type ReencryptFnArgs } from '../reencryption/index.js';
|
|
6
|
+
import type { AllowanceVoucher, AllowanceVoucherWithSig } from './types.js';
|
|
7
|
+
export interface Session {
|
|
8
|
+
decrypter: Address;
|
|
9
|
+
expiresAt: bigint;
|
|
10
|
+
}
|
|
11
|
+
export declare function createAllowanceVoucher(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>, verifyingContract: Address, callFunction: Hex, sharerArgData: Hex): Promise<AllowanceVoucher>;
|
|
12
|
+
export interface GrantSessionKeyArgs {
|
|
13
|
+
chainId: bigint;
|
|
14
|
+
incoLiteAddress: Address;
|
|
15
|
+
sessionVerifierContractAddress: Address;
|
|
16
|
+
granteeAddress: Address;
|
|
17
|
+
sharerWalletClient: WalletClient<Transport, Chain, Account>;
|
|
18
|
+
expiresAt: Date;
|
|
19
|
+
}
|
|
20
|
+
export declare function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }: GrantSessionKeyArgs): Promise<AllowanceVoucherWithSig>;
|
|
21
|
+
export interface SessionKeyReencryptorArgs {
|
|
22
|
+
chainId: bigint;
|
|
23
|
+
ephemeralKeypair: Secp256k1Keypair;
|
|
24
|
+
kmsConnectRpcEndpointOrClient: string | Client<typeof KmsService>;
|
|
25
|
+
allowanceVoucherWithSig: AllowanceVoucherWithSig;
|
|
26
|
+
}
|
|
27
|
+
export declare function sessionKeyReencryptor({ chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }: SessionKeyReencryptorArgs): Promise<(<T extends SupportedFheType>({ handle }: ReencryptFnArgs<EciesScheme, T>) => Promise<import("../encryption/encryption.js").PlaintextOf<1, 0 | 5 | 7 | 8>>)>;
|
|
28
|
+
export declare function updateActiveVouchersSessionNonce(incoLiteAddress: Address, sharerWalletClient: WalletClient<Transport, Chain, Account>): Promise<`0x${string}`>;
|
|
@@ -0,0 +1,170 @@
|
|
|
1
|
+
import { encodeAbiParameters, getContract, hexToBytes, toFunctionSelector, } from 'viem';
|
|
2
|
+
import { privateKeyToAccount } from 'viem/accounts';
|
|
3
|
+
import { getSupportedChain } from '../chain.js';
|
|
4
|
+
import { abiHelperAbi, advancedAccessControlAbi, sessionVerifierAbi } from '../generated/abis/lightning-preview.js';
|
|
5
|
+
import { incoLightningAbi } from '../generated/abis/lightning.js';
|
|
6
|
+
import { decryptGrpcResponse, defaultCovalidatorGrpc, getKmsClient, reencryptEIP712 } from '../lite/index.js';
|
|
7
|
+
import { createEIP712Payload } from '../reencryption/index.js';
|
|
8
|
+
// Given a sharer's wallet client, an incoLite contract address, and a
|
|
9
|
+
// (verifyingContract, callFunction, sharerArgData) tuple, this function
|
|
10
|
+
// creates an AllowanceVoucher.
|
|
11
|
+
export async function createAllowanceVoucher(incoLiteAddress, sharerWalletClient, verifyingContract, callFunction, sharerArgData) {
|
|
12
|
+
const advancedACL = getContract({
|
|
13
|
+
address: incoLiteAddress,
|
|
14
|
+
// Could have used the incoLightningAbi, but this is more efficient.
|
|
15
|
+
abi: advancedAccessControlAbi,
|
|
16
|
+
client: sharerWalletClient,
|
|
17
|
+
});
|
|
18
|
+
// The session nonce in the AllowanceVoucher must match the current active
|
|
19
|
+
// session nonce of the sharer on-chain.
|
|
20
|
+
const sessionNonce = await advancedACL.read.getActiveVouchersSessionNonce([sharerWalletClient.account.address]);
|
|
21
|
+
return {
|
|
22
|
+
sessionNonce,
|
|
23
|
+
verifyingContract,
|
|
24
|
+
callFunction,
|
|
25
|
+
sharerArgData,
|
|
26
|
+
};
|
|
27
|
+
}
|
|
28
|
+
// Let the sharer grant a session to the requester.
|
|
29
|
+
export async function grantSessionKey({ chainId, incoLiteAddress, sessionVerifierContractAddress, granteeAddress, sharerWalletClient, expiresAt, }) {
|
|
30
|
+
const session = {
|
|
31
|
+
decrypter: granteeAddress,
|
|
32
|
+
expiresAt: BigInt(Math.floor(expiresAt.getTime() / 1000)),
|
|
33
|
+
};
|
|
34
|
+
const sharerArgData = encodeAbiParameters(getSessionAbi(), [session.decrypter, session.expiresAt]);
|
|
35
|
+
// Get the domain name and version from the incoLite contract.
|
|
36
|
+
const incoLitePreview = getContract({
|
|
37
|
+
abi: incoLightningAbi,
|
|
38
|
+
address: incoLiteAddress,
|
|
39
|
+
client: sharerWalletClient,
|
|
40
|
+
});
|
|
41
|
+
const eip712DomainName = await incoLitePreview.read.getName();
|
|
42
|
+
const eip712DomainVersion = await incoLitePreview.read.getVersion();
|
|
43
|
+
const voucher = await createAllowanceVoucher(incoLiteAddress, sharerWalletClient,
|
|
44
|
+
// Careful that the verifying contract here is the SessionVerifier contract,
|
|
45
|
+
// not the incoLite contract.
|
|
46
|
+
sessionVerifierContractAddress, toFunctionSelector(getCanUseSessionAbi()), sharerArgData);
|
|
47
|
+
const eip712Payload = createEIP712Payload({
|
|
48
|
+
chainId,
|
|
49
|
+
primaryType: 'AllowanceVoucher',
|
|
50
|
+
primaryTypeFields: getAllowanceVoucherAbi(),
|
|
51
|
+
message: voucher,
|
|
52
|
+
// Related to comment above: careful that the verifying contract here is
|
|
53
|
+
// the incoLite contract (not the SessionVerifier contract).
|
|
54
|
+
verifyingContract: incoLiteAddress,
|
|
55
|
+
...(eip712DomainName && { domainName: eip712DomainName }),
|
|
56
|
+
...(eip712DomainVersion && { domainVersion: eip712DomainVersion }),
|
|
57
|
+
});
|
|
58
|
+
// Using browser extensions, this step will prompt the user to sign the
|
|
59
|
+
// payload.
|
|
60
|
+
const voucherSignature = await sharerWalletClient.signTypedData(eip712Payload);
|
|
61
|
+
return {
|
|
62
|
+
sharer: sharerWalletClient.account.address,
|
|
63
|
+
voucher,
|
|
64
|
+
voucherSignature,
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
// The sessionKeyReencryptor function is a reencryptor that uses a session key
|
|
68
|
+
// to reencrypt data.
|
|
69
|
+
export async function sessionKeyReencryptor({ chainId, kmsConnectRpcEndpointOrClient, ephemeralKeypair, allowanceVoucherWithSig, }) {
|
|
70
|
+
const kmsClient = getKmsClient(kmsConnectRpcEndpointOrClient || defaultCovalidatorGrpc(getSupportedChain(chainId)));
|
|
71
|
+
const requesterAccount = privateKeyToAccount(`0x${ephemeralKeypair.kp.getPrivate('hex')}`);
|
|
72
|
+
const ephemeralPubKey = ephemeralKeypair.encodePublicKey();
|
|
73
|
+
// Sign the EIP712 attesting that the requester has access to the private key
|
|
74
|
+
// corresponding to the ephemeral public key.
|
|
75
|
+
const eip712Payload = reencryptEIP712(chainId, ephemeralPubKey);
|
|
76
|
+
// Since the account is an ephemeral keypair stored in memory (not in Metamask),
|
|
77
|
+
// this step will NOT prompt the user with a pop-up.
|
|
78
|
+
const eip712Signature = await requesterAccount.signTypedData(eip712Payload);
|
|
79
|
+
return async function reencrypt({ handle }) {
|
|
80
|
+
const reencryptRequest = {
|
|
81
|
+
$typeName: 'inco.kms.lite.v1.ReencryptRequest',
|
|
82
|
+
userAddress: requesterAccount.address,
|
|
83
|
+
ephemeralPubKey,
|
|
84
|
+
eip712Signature: hexToBytes(eip712Signature),
|
|
85
|
+
handlesWithProofs: [
|
|
86
|
+
{
|
|
87
|
+
$typeName: 'inco.kms.lite.v1.HandleWithProof',
|
|
88
|
+
handle,
|
|
89
|
+
aclProof: {
|
|
90
|
+
$typeName: 'inco.kms.lite.v1.ACLProof',
|
|
91
|
+
proof: {
|
|
92
|
+
value: {
|
|
93
|
+
$typeName: 'inco.kms.lite.v1.IncoLiteAdvancedACLProof',
|
|
94
|
+
allowanceProof: {
|
|
95
|
+
$typeName: 'inco.kms.lite.v1.AllowanceProof',
|
|
96
|
+
sharer: allowanceVoucherWithSig.sharer,
|
|
97
|
+
voucher: {
|
|
98
|
+
// Converting from the AllowanceVoucher domain type to the
|
|
99
|
+
// AllowanceVoucher proto type.
|
|
100
|
+
$typeName: 'inco.kms.lite.v1.AllowanceVoucher',
|
|
101
|
+
sessionNonce: hexToBytes(allowanceVoucherWithSig.voucher.sessionNonce),
|
|
102
|
+
verifyingContract: allowanceVoucherWithSig.voucher.verifyingContract,
|
|
103
|
+
callFunction: hexToBytes(allowanceVoucherWithSig.voucher.callFunction),
|
|
104
|
+
sharerArgData: hexToBytes(allowanceVoucherWithSig.voucher.sharerArgData),
|
|
105
|
+
},
|
|
106
|
+
voucherSignature: hexToBytes(allowanceVoucherWithSig.voucherSignature),
|
|
107
|
+
// For SessionVerifier, the requesterArgData is empty.
|
|
108
|
+
requesterArgData: new Uint8Array(),
|
|
109
|
+
},
|
|
110
|
+
},
|
|
111
|
+
case: 'incoLiteAdvancedAclProof',
|
|
112
|
+
},
|
|
113
|
+
},
|
|
114
|
+
},
|
|
115
|
+
],
|
|
116
|
+
};
|
|
117
|
+
const response = await kmsClient.reencrypt(reencryptRequest);
|
|
118
|
+
return decryptGrpcResponse(response, ephemeralKeypair, handle);
|
|
119
|
+
};
|
|
120
|
+
}
|
|
121
|
+
export async function updateActiveVouchersSessionNonce(incoLiteAddress, sharerWalletClient) {
|
|
122
|
+
const advancedACL = getContract({
|
|
123
|
+
address: incoLiteAddress,
|
|
124
|
+
abi: advancedAccessControlAbi,
|
|
125
|
+
client: sharerWalletClient,
|
|
126
|
+
});
|
|
127
|
+
const txHash = await advancedACL.write.updateActiveVouchersSessionNonce();
|
|
128
|
+
return txHash;
|
|
129
|
+
}
|
|
130
|
+
// Below are helpers to get ABIs of functions/structs from the SessionVerifier
|
|
131
|
+
// contract.
|
|
132
|
+
// Get the ABI of the `AllowanceVoucher` struct.
|
|
133
|
+
function getAllowanceVoucherAbi() {
|
|
134
|
+
// Find the `allowanceVoucherDigest` function, it takes an AllowanceVoucher
|
|
135
|
+
// as sole argument.
|
|
136
|
+
const allowanceVoucherDigest = advancedAccessControlAbi.find((item) => item.name === 'allowanceVoucherDigest');
|
|
137
|
+
if (!allowanceVoucherDigest) {
|
|
138
|
+
throw new Error('allowanceVoucherDigest not found');
|
|
139
|
+
}
|
|
140
|
+
// Get the input whose internalType is "struct AllowanceVoucher"
|
|
141
|
+
const allowanceVoucherInput = allowanceVoucherDigest.inputs.find((input) => input.internalType === 'struct AllowanceVoucher');
|
|
142
|
+
if (!allowanceVoucherInput) {
|
|
143
|
+
throw new Error('allowanceVoucherInput not found');
|
|
144
|
+
}
|
|
145
|
+
return allowanceVoucherInput.components;
|
|
146
|
+
}
|
|
147
|
+
// Get the ABI of the `Session` struct.
|
|
148
|
+
//
|
|
149
|
+
// We specifically created an ABIHelper.sol contract to export the Session
|
|
150
|
+
// struct from the SessionVerifier contract.
|
|
151
|
+
function getSessionAbi() {
|
|
152
|
+
const getSession = abiHelperAbi.find((item) => 'name' in item && item.name === 'getSession');
|
|
153
|
+
if (!getSession) {
|
|
154
|
+
throw new Error('getSession not found');
|
|
155
|
+
}
|
|
156
|
+
const session = getSession.outputs[0];
|
|
157
|
+
if (!session) {
|
|
158
|
+
throw new Error('session not found');
|
|
159
|
+
}
|
|
160
|
+
return session.components;
|
|
161
|
+
}
|
|
162
|
+
// Get the ABI of the `canUseSession` function.
|
|
163
|
+
function getCanUseSessionAbi() {
|
|
164
|
+
const canUseSession = sessionVerifierAbi.find((item) => 'name' in item && item.name === 'canUseSession');
|
|
165
|
+
if (!canUseSession) {
|
|
166
|
+
throw new Error('canUseSession not found');
|
|
167
|
+
}
|
|
168
|
+
return canUseSession;
|
|
169
|
+
}
|
|
170
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2Vzc2lvbi1rZXkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvYWR2YW5jZWRhY2wvc2Vzc2lvbi1rZXkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxFQUlMLG1CQUFtQixFQUNuQixXQUFXLEVBRVgsVUFBVSxFQUNWLGtCQUFrQixHQUduQixNQUFNLE1BQU0sQ0FBQztBQUNkLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUNwRCxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFaEQsT0FBTyxFQUFFLFlBQVksRUFBRSx3QkFBd0IsRUFBRSxrQkFBa0IsRUFBRSxNQUFNLHdDQUF3QyxDQUFDO0FBQ3BILE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBRWxFLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxzQkFBc0IsRUFBRSxZQUFZLEVBQUUsZUFBZSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFDOUcsT0FBTyxFQUFFLG1CQUFtQixFQUF3QixNQUFNLDBCQUEwQixDQUFDO0FBa0JyRixzRUFBc0U7QUFDdEUsd0VBQXdFO0FBQ3hFLCtCQUErQjtBQUMvQixNQUFNLENBQUMsS0FBSyxVQUFVLHNCQUFzQixDQUMxQyxlQUF3QixFQUN4QixrQkFBMkQsRUFDM0QsaUJBQTBCLEVBQzFCLFlBQWlCLEVBQ2pCLGFBQWtCO0lBRWxCLE1BQU0sV0FBVyxHQUFHLFdBQVcsQ0FBQztRQUM5QixPQUFPLEVBQUUsZUFBZTtRQUN4QixvRUFBb0U7UUFDcEUsR0FBRyxFQUFFLHdCQUF3QjtRQUM3QixNQUFNLEVBQUUsa0JBQWtCO0tBQzNCLENBQUMsQ0FBQztJQUVILDBFQUEwRTtJQUMxRSx3Q0FBd0M7SUFDeEMsTUFBTSxZQUFZLEdBQUcsTUFBTSxXQUFXLENBQUMsSUFBSSxDQUFDLDZCQUE2QixDQUFDLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFFaEgsT0FBTztRQUNMLFlBQVk7UUFDWixpQkFBaUI7UUFDakIsWUFBWTtRQUNaLGFBQWE7S0FDZCxDQUFDO0FBQ0osQ0FBQztBQXVCRCxtREFBbUQ7QUFDbkQsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQUMsRUFDcEMsT0FBTyxFQUNQLGVBQWUsRUFDZiw4QkFBOEIsRUFDOUIsY0FBYyxFQUNkLGtCQUFrQixFQUNsQixTQUFTLEdBQ1c7SUFDcEIsTUFBTSxPQUFPLEdBQUc7UUFDZCxTQUFTLEVBQUUsY0FBYztRQUN6QixTQUFTLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxDQUFDO0tBQy9DLENBQUM7SUFDYixNQUFNLGFBQWEsR0FBRyxtQkFBbUIsQ0FBQyxhQUFhLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7SUFFbkcsOERBQThEO0lBQzlELE1BQU0sZUFBZSxHQUFHLFdBQVcsQ0FBQztRQUNsQyxHQUFHLEVBQUUsZ0JBQWdCO1FBQ3JCLE9BQU8sRUFBRSxlQUFlO1FBQ3hCLE1BQU0sRUFBRSxrQkFBa0I7S0FDM0IsQ0FBQyxDQUFDO0lBRUgsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGVBQWUsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7SUFDOUQsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLGVBQWUsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7SUFFcEUsTUFBTSxPQUFPLEdBQUcsTUFBTSxzQkFBc0IsQ0FDMUMsZUFBZSxFQUNmLGtCQUFrQjtJQUNsQiw0RUFBNEU7SUFDNUUsNkJBQTZCO0lBQzdCLDhCQUE4QixFQUM5QixrQkFBa0IsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDLEVBQ3pDLGFBQWEsQ0FDZCxDQUFDO0lBQ0YsTUFBTSxhQUFhLEdBQUcsbUJBQW1CLENBQUM7UUFDeEMsT0FBTztRQUNQLFdBQVcsRUFBRSxrQkFBa0I7UUFDL0IsaUJBQWlCLEVBQUUsc0JBQXNCLEVBQUU7UUFDM0MsT0FBTyxFQUFFLE9BQU87UUFDaEIsd0VBQXdFO1FBQ3hFLDREQUE0RDtRQUM1RCxpQkFBaUIsRUFBRSxlQUFlO1FBQ2xDLEdBQUcsQ0FBQyxnQkFBZ0IsSUFBSSxFQUFFLFVBQVUsRUFBRSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3pELEdBQUcsQ0FBQyxtQkFBbUIsSUFBSSxFQUFFLGFBQWEsRUFBRSxtQkFBbUIsRUFBRSxDQUFDO0tBQ25FLENBQUMsQ0FBQztJQUVILHVFQUF1RTtJQUN2RSxXQUFXO0lBQ1gsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLGtCQUFrQixDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUMsQ0FBQztJQUUvRSxPQUFPO1FBQ0wsTUFBTSxFQUFFLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxPQUFPO1FBQzFDLE9BQU87UUFDUCxnQkFBZ0I7S0FDakIsQ0FBQztBQUNKLENBQUM7QUFvQkQsOEVBQThFO0FBQzlFLHFCQUFxQjtBQUNyQixNQUFNLENBQUMsS0FBSyxVQUFVLHFCQUFxQixDQUFDLEVBQzFDLE9BQU8sRUFDUCw2QkFBNkIsRUFDN0IsZ0JBQWdCLEVBQ2hCLHVCQUF1QixHQUNHO0lBQzFCLE1BQU0sU0FBUyxHQUFHLFlBQVksQ0FBQyw2QkFBNkIsSUFBSSxzQkFBc0IsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDcEgsTUFBTSxnQkFBZ0IsR0FBRyxtQkFBbUIsQ0FBQyxLQUFLLGdCQUFnQixDQUFDLEVBQUUsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzNGLE1BQU0sZUFBZSxHQUFHLGdCQUFnQixDQUFDLGVBQWUsRUFBRSxDQUFDO0lBRTNELDZFQUE2RTtJQUM3RSw2Q0FBNkM7SUFDN0MsTUFBTSxhQUFhLEdBQUcsZUFBZSxDQUFDLE9BQU8sRUFBRSxlQUFlLENBQUMsQ0FBQztJQUNoRSxnRkFBZ0Y7SUFDaEYsb0RBQW9EO0lBQ3BELE1BQU0sZUFBZSxHQUFHLE1BQU0sZ0JBQWdCLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBRTVFLE9BQU8sS0FBSyxVQUFVLFNBQVMsQ0FBNkIsRUFBRSxNQUFNLEVBQW1DO1FBQ3JHLE1BQU0sZ0JBQWdCLEdBQXFCO1lBQ3pDLFNBQVMsRUFBRSxtQ0FBbUM7WUFDOUMsV0FBVyxFQUFFLGdCQUFnQixDQUFDLE9BQU87WUFDckMsZUFBZTtZQUNmLGVBQWUsRUFBRSxVQUFVLENBQUMsZUFBZSxDQUFDO1lBQzVDLGlCQUFpQixFQUFFO2dCQUNqQjtvQkFDRSxTQUFTLEVBQUUsa0NBQWtDO29CQUM3QyxNQUFNO29CQUNOLFFBQVEsRUFBRTt3QkFDUixTQUFTLEVBQUUsMkJBQTJCO3dCQUN0QyxLQUFLLEVBQUU7NEJBQ0wsS0FBSyxFQUFFO2dDQUNMLFNBQVMsRUFBRSwyQ0FBMkM7Z0NBQ3RELGNBQWMsRUFBRTtvQ0FDZCxTQUFTLEVBQUUsaUNBQWlDO29DQUM1QyxNQUFNLEVBQUUsdUJBQXVCLENBQUMsTUFBTTtvQ0FDdEMsT0FBTyxFQUFFO3dDQUNQLDBEQUEwRDt3Q0FDMUQsK0JBQStCO3dDQUMvQixTQUFTLEVBQUUsbUNBQW1DO3dDQUM5QyxZQUFZLEVBQUUsVUFBVSxDQUFDLHVCQUF1QixDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUM7d0NBQ3RFLGlCQUFpQixFQUFFLHVCQUF1QixDQUFDLE9BQU8sQ0FBQyxpQkFBaUI7d0NBQ3BFLFlBQVksRUFBRSxVQUFVLENBQUMsdUJBQXVCLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQzt3Q0FDdEUsYUFBYSxFQUFFLFVBQVUsQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDO3FDQUN6RTtvQ0FDRCxnQkFBZ0IsRUFBRSxVQUFVLENBQUMsdUJBQXVCLENBQUMsZ0JBQWdCLENBQUM7b0NBQ3RFLHNEQUFzRDtvQ0FDdEQsZ0JBQWdCLEVBQUUsSUFBSSxVQUFVLEVBQUU7aUNBQ25DOzZCQUNGOzRCQUNELElBQUksRUFBRSwwQkFBMEI7eUJBQ2pDO3FCQUNGO2lCQUNGO2FBQ0Y7U0FDRixDQUFDO1FBRUYsTUFBTSxRQUFRLEdBQUcsTUFBTSxTQUFTLENBQUMsU0FBUyxDQUFDLGdCQUFnQixDQUFDLENBQUM7UUFDN0QsT0FBTyxtQkFBbUIsQ0FBQyxRQUFRLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDakUsQ0FBQyxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsZ0NBQWdDLENBQ3BELGVBQXdCLEVBQ3hCLGtCQUEyRDtJQUUzRCxNQUFNLFdBQVcsR0FBRyxXQUFXLENBQUM7UUFDOUIsT0FBTyxFQUFFLGVBQWU7UUFDeEIsR0FBRyxFQUFFLHdCQUF3QjtRQUM3QixNQUFNLEVBQUUsa0JBQWtCO0tBQzNCLENBQUMsQ0FBQztJQUNILE1BQU0sTUFBTSxHQUFHLE1BQU0sV0FBVyxDQUFDLEtBQUssQ0FBQyxnQ0FBZ0MsRUFBRSxDQUFDO0lBQzFFLE9BQU8sTUFBTSxDQUFDO0FBQ2hCLENBQUM7QUFFRCw4RUFBOEU7QUFDOUUsWUFBWTtBQUVaLGdEQUFnRDtBQUNoRCxTQUFTLHNCQUFzQjtJQUM3QiwyRUFBMkU7SUFDM0Usb0JBQW9CO0lBQ3BCLE1BQU0sc0JBQXNCLEdBQUcsd0JBQXdCLENBQUMsSUFBSSxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxLQUFLLHdCQUF3QixDQUFDLENBQUM7SUFDL0csSUFBSSxDQUFDLHNCQUFzQixFQUFFLENBQUM7UUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFRCxnRUFBZ0U7SUFDaEUsTUFBTSxxQkFBcUIsR0FBRyxzQkFBc0IsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUM5RCxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLFlBQVksS0FBSyx5QkFBeUIsQ0FDNUQsQ0FBQztJQUNGLElBQUksQ0FBQyxxQkFBcUIsRUFBRSxDQUFDO1FBQzNCLE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUQsT0FBTyxxQkFBcUIsQ0FBQyxVQUFVLENBQUM7QUFDMUMsQ0FBQztBQUVELHVDQUF1QztBQUN2QyxFQUFFO0FBQ0YsMEVBQTBFO0FBQzFFLDRDQUE0QztBQUM1QyxTQUFTLGFBQWE7SUFDcEIsTUFBTSxVQUFVLEdBQUcsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsTUFBTSxJQUFJLElBQUksSUFBSSxJQUFJLENBQUMsSUFBSSxLQUFLLFlBQVksQ0FBQyxDQUFDO0lBQzdGLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUNoQixNQUFNLElBQUksS0FBSyxDQUFDLHNCQUFzQixDQUFDLENBQUM7SUFDMUMsQ0FBQztJQUVELE1BQU0sT0FBTyxHQUFHLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDdEMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1FBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO0lBQ3ZDLENBQUM7SUFFRCxPQUFPLE9BQU8sQ0FBQyxVQUFVLENBQUM7QUFDNUIsQ0FBQztBQUVELCtDQUErQztBQUMvQyxTQUFTLG1CQUFtQjtJQUMxQixNQUFNLGFBQWEsR0FBRyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLE1BQU0sSUFBSSxJQUFJLElBQUksSUFBSSxDQUFDLElBQUksS0FBSyxlQUFlLENBQUMsQ0FBQztJQUN6RyxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7UUFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRCxPQUFPLGFBQWEsQ0FBQztBQUN2QixDQUFDIn0=
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import { Address, Hex } from 'viem';
|
|
2
|
+
export type AllowanceVoucher = {
|
|
3
|
+
sessionNonce: Hex;
|
|
4
|
+
verifyingContract: Address;
|
|
5
|
+
callFunction: Hex;
|
|
6
|
+
sharerArgData: Hex;
|
|
7
|
+
};
|
|
8
|
+
export interface AllowanceVoucherWithSig {
|
|
9
|
+
sharer: Address;
|
|
10
|
+
voucher: AllowanceVoucher;
|
|
11
|
+
voucherSignature: Hex;
|
|
12
|
+
}
|
|
13
|
+
export interface AllowanceProof extends AllowanceVoucherWithSig {
|
|
14
|
+
requesterArgData: Uint8Array;
|
|
15
|
+
}
|