@joclaim/attestor-core 0.2.0 → 0.2.3

package/src/server/handlers/disconnectTunnel.ts

@@ -1,11 +0,0 @@
-import type { RPCHandler } from '#src/types/index.ts'
-
-export const disconnectTunnel: RPCHandler<'disconnectTunnel'> = async(
-	{ id },
-	{ client }
-) => {
-	const tunnel = client.getTunnel(id)
-	await tunnel.close()
-
-	return {}
-}

package/src/server/handlers/fetchCertificateBytes.ts

@@ -1,66 +0,0 @@
-import { concatenateUint8Arrays, loadX509FromPem } from '@joclaim/tls'
-
-import { CERT_ALLOWED_MIMETYPES, MAX_CERT_SIZE_BYTES } from '#src/config/index.ts'
-import type { RPCHandler } from '#src/types/handlers.ts'
-import { AttestorError } from '#src/utils/error.ts'
-
-export const fetchCertificateBytes: RPCHandler<'fetchCertificateBytes'> = async(
-	{ url },
-) => {
-	const res = await fetch(url, {
-		redirect: 'follow',
-		signal: AbortSignal.timeout(10_000)
-	})
-	if(!res.ok) {
-		res.body?.cancel('Not ok')
-		throw new AttestorError(
-			'ERROR_CERTIFICATE_FETCH_FAILED',
-			`Failed to fetch certificate from URL: ${url}, status: ${res.status}`
-		)
-	}
-
-	const contentType = res.headers.get('content-type')
-	if(!contentType || !CERT_ALLOWED_MIMETYPES.includes(contentType)) {
-		res.body?.cancel('Mismatch')
-		throw new AttestorError(
-			'ERROR_CERTIFICATE_FETCH_FAILED',
-			`Invalid content-type when fetching certificate from URL: ${url},`
-			+ ` content-type: ${contentType}`
-		)
-	}
-
-	if(!res.body) {
-		throw new AttestorError(
-			'ERROR_CERTIFICATE_FETCH_FAILED',
-			`No body in response when fetching certificate from URL: ${url}`
-		)
-	}
-
-	let total = 0
-	const byteArr: Uint8Array[] = []
-	for await (const chunk of res.body) {
-		total += chunk.length
-		if(total > MAX_CERT_SIZE_BYTES) {
-			res.body.cancel('Too many bytes')
-			throw new AttestorError(
-				'ERROR_CERTIFICATE_FETCH_FAILED',
-				`Certificate size exceeds maximum limit of ${MAX_CERT_SIZE_BYTES}b`
-			)
-		}
-
-		byteArr.push(chunk)
-	}
-
-	const bytes = concatenateUint8Arrays(byteArr)
-	try {
-		const cert = loadX509FromPem(bytes)
-		TLS_INTERMEDIATE_CA_CACHE[url] = cert
-	} catch(err) {
-		throw new AttestorError(
-			'ERROR_CERTIFICATE_FETCH_FAILED',
-			`Failed to parse certificate, error: ${err.message}`
-		)
-	}
-
-	return { bytes: concatenateUint8Arrays(byteArr) }
-}

package/src/server/handlers/index.ts

@@ -1,24 +0,0 @@
-import { claimTeeBundle } from '#src/server/handlers/claimTeeBundle.ts'
-import { claimTunnel } from '#src/server/handlers/claimTunnel.ts'
-import { completeClaimOnChain } from '#src/server/handlers/completeClaimOnChain.ts'
-import { createClaimOnChain } from '#src/server/handlers/createClaimOnChain.ts'
-import { createTaskOnMechain } from '#src/server/handlers/createTaskOnMechain.ts'
-import { createTunnel } from '#src/server/handlers/createTunnel.ts'
-import { disconnectTunnel } from '#src/server/handlers/disconnectTunnel.ts'
-import { fetchCertificateBytes } from '#src/server/handlers/fetchCertificateBytes.ts'
-import { init } from '#src/server/handlers/init.ts'
-import { toprf } from '#src/server/handlers/toprf.ts'
-import type { RPCHandler, RPCType } from '#src/types/index.ts'
-
-export const HANDLERS: { [T in RPCType]: RPCHandler<T> } = {
-	createTunnel,
-	disconnectTunnel,
-	claimTunnel,
-	claimTeeBundle,
-	init,
-	createClaimOnChain,
-	completeClaimOnChain,
-	toprf,
-	createTaskOnMechain,
-	fetchCertificateBytes
-}

package/src/server/handlers/init.ts

@@ -1,46 +0,0 @@
-import { ethers } from 'ethers'
-
-import type { RPCHandler } from '#src/types/index.ts'
-import { assertValidAuthRequest } from '#src/utils/auth.ts'
-import { getEnvVariable } from '#src/utils/env.ts'
-import { AttestorError } from '#src/utils/index.ts'
-import { SIGNATURES } from '#src/utils/signatures/index.ts'
-
-const TOPRF_PUBLIC_KEY = getEnvVariable('TOPRF_PUBLIC_KEY')
-
-export const init: RPCHandler<'init'> = async(
-	initRequest,
-	{ client }
-) => {
-	if(client.isInitialised) {
-		throw AttestorError.badRequest('Client already initialised')
-	}
-
-	if(!SIGNATURES[initRequest.signatureType]) {
-		throw AttestorError.badRequest('Unsupported signature type')
-	}
-
-	if(initRequest.clientVersion <= 0) {
-		throw AttestorError.badRequest('Unsupported client version')
-	}
-
-	await assertValidAuthRequest(
-		initRequest.auth,
-		initRequest.signatureType
-	)
-
-	if(initRequest.auth?.data) {
-		client.logger = client.logger.child({
-			userId: initRequest.auth.data.id
-		})
-	}
-
-	client.metadata = initRequest
-	client.isInitialised = true
-
-	return {
-		toprfPublicKey: TOPRF_PUBLIC_KEY
-			? ethers.utils.arrayify(TOPRF_PUBLIC_KEY)
-			: new Uint8Array()
-	}
-}

package/src/server/handlers/toprf.ts

@@ -1,25 +0,0 @@
-import { ethers } from 'ethers'
-
-import type { RPCHandler } from '#src/types/index.ts'
-import { getEnvVariable } from '#src/utils/env.ts'
-import { getEngineString, makeDefaultOPRFOperator } from '#src/utils/index.ts'
-
-export const toprf: RPCHandler<'toprf'> = async(
-	{ maskedData, engine },
-	{ logger }
-) => {
-	const PRIVATE_KEY_STR = getEnvVariable('TOPRF_SHARE_PRIVATE_KEY')
-	const PUBLIC_KEY_STR = getEnvVariable('TOPRF_SHARE_PUBLIC_KEY')
-	if(!PRIVATE_KEY_STR || !PUBLIC_KEY_STR) {
-		throw new Error('private/public keys not set. Cannot execute OPRF')
-	}
-
-	const PRIVATE_KEY = ethers.utils.arrayify(PRIVATE_KEY_STR)
-	const PUBLIC_KEY = ethers.utils.arrayify(PUBLIC_KEY_STR)
-
-	const engineStr = getEngineString(engine)
-	const operator = makeDefaultOPRFOperator('chacha20', engineStr, logger)
-	const res = await operator.evaluateOPRF(PRIVATE_KEY, maskedData)
-
-	return { ...res, publicKeyShare: PUBLIC_KEY }
-}

package/src/server/index.ts

@@ -1,4 +0,0 @@
-export * from './utils/config-env.ts'
-export * from './create-server.ts'
-export * from './tunnels/make-tcp-tunnel.ts'
-export * from './utils/assert-valid-claim-request.ts'

package/src/server/provider-api.ts

@@ -1,118 +0,0 @@
-import type { IncomingMessage, ServerResponse } from 'http'
-import { getProviderList, getProviderById, saveProvider, deleteProvider } from '#src/server/provider-store.ts'
-import { logger as LOGGER } from '#src/utils/index.ts'
-
-const logger = LOGGER.child({ module: 'provider-api' })
-
-function sendJson(res: ServerResponse, statusCode: number, data: unknown) {
-	res.statusCode = statusCode
-	res.setHeader('Content-Type', 'application/json')
-	res.end(JSON.stringify(data))
-}
-
-function readBody(req: IncomingMessage): Promise<string> {
-	return new Promise((resolve, reject) => {
-		const chunks: Buffer[] = []
-		req.on('data', (chunk: Buffer) => chunks.push(chunk))
-		req.on('end', () => resolve(Buffer.concat(chunks).toString('utf-8')))
-		req.on('error', reject)
-	})
-}
-
-/**
- * Handle provider API requests:
- *   GET  /api/providers         — list all providers (summary)
- *   GET  /api/providers/:id     — get full provider config
- *   POST /api/providers         — create/update a provider
- *   DELETE /api/providers/:id   — delete a provider
- */
-export async function handleProviderApiRequest(
-	req: IncomingMessage,
-	res: ServerResponse
-) {
-	const url = new URL(req.url!, `http://${req.headers.host}`)
-	const path = url.pathname
-	const method = req.method?.toUpperCase()
-
-	try {
-		// GET /api/providers
-		if(path === '/api/providers' && method === 'GET') {
-			const list = getProviderList()
-			sendJson(res, 200, { providers: list })
-			return
-		}
-
-		// Match /api/providers/:id/custom-injection
-		const injectionMatch = path.match(/^\/api\/providers\/(.+)\/custom-injection$/)
-		if(injectionMatch && method === 'GET') {
-			const providerId = decodeURIComponent(injectionMatch[1])
-			const provider = getProviderById(providerId)
-			if(!provider) {
-				sendJson(res, 404, { error: `Provider '${providerId}' not found` })
-				return
-			}
-
-			if(!provider.customInjection) {
-				res.statusCode = 404
-				res.setHeader('Content-Type', 'text/plain')
-				res.end('No custom injection script for this provider')
-				return
-			}
-
-			res.statusCode = 200
-			res.setHeader('Content-Type', 'text/plain')
-			res.end(provider.customInjection)
-			return
-		}
-
-		// Match /api/providers/:id
-		const match = path.match(/^\/api\/providers\/(.+)$/)
-
-		if(match) {
-			const providerId = decodeURIComponent(match[1])
-
-			// GET /api/providers/:id
-			if(method === 'GET') {
-				const provider = getProviderById(providerId)
-				if(!provider) {
-					sendJson(res, 404, { error: `Provider '${providerId}' not found` })
-					return
-				}
-
-				sendJson(res, 200, { providers: provider })
-				return
-			}
-
-			// DELETE /api/providers/:id
-			if(method === 'DELETE') {
-				const deleted = deleteProvider(providerId)
-				if(!deleted) {
-					sendJson(res, 404, { error: `Provider '${providerId}' not found` })
-					return
-				}
-
-				sendJson(res, 200, { message: 'Provider deleted' })
-				return
-			}
-		}
-
-		// POST /api/providers — create or update
-		if(path === '/api/providers' && method === 'POST') {
-			const body = await readBody(req)
-			const provider = JSON.parse(body)
-			if(!provider.providerId) {
-				sendJson(res, 400, { error: 'Missing required field: providerId' })
-				return
-			}
-
-			saveProvider(provider)
-			sendJson(res, 200, { message: 'Provider saved', providerId: provider.providerId })
-			return
-		}
-
-		sendJson(res, 404, { error: 'Not found' })
-	} catch(err) {
-		logger.error({ err, path, method }, 'Provider API error')
-		sendJson(res, 500, { error: 'Internal server error' })
-	}
-}

package/src/server/provider-store.ts

@@ -1,117 +0,0 @@
-import { readFileSync, readdirSync, writeFileSync, unlinkSync, existsSync, mkdirSync } from 'fs'
-import { join, resolve } from 'path'
-import { logger as LOGGER } from '#src/utils/index.ts'
-
-const logger = LOGGER.child({ module: 'provider-store' })
-
-export interface ProviderConfig {
-	id: string
-	providerId: string
-	httpProviderId: string
-	name: string
-	description: string
-	logoUrl: string
-	loginUrl: string
-	geoLocation: string
-	injectionType: string
-	disableRequestReplay: boolean
-	verificationType: string
-	requestData: unknown[]
-	useIncognitoWebview: boolean
-	customInjection: string
-	userAgent: { ios: string; android: string }
-	metadata: Record<string, unknown>
-	version: { major: number; minor: number; patch: number }
-	[key: string]: unknown
-}
-
-export interface ProviderSummary {
-	providerId: string
-	name: string
-	description: string
-	logoUrl: string
-}
-
-const DATA_DIR = resolve('data/providers')
-
-function ensureDataDir() {
-	if(!existsSync(DATA_DIR)) {
-		mkdirSync(DATA_DIR, { recursive: true })
-	}
-}
-
-/**
- * Load all providers from JSON files in data/providers/
- */
-export function getAllProviders(): ProviderConfig[] {
-	ensureDataDir()
-	const files = readdirSync(DATA_DIR).filter(f => f.endsWith('.json'))
-	const providers: ProviderConfig[] = []
-	for(const file of files) {
-		try {
-			const content = readFileSync(join(DATA_DIR, file), 'utf-8')
-			providers.push(JSON.parse(content))
-		} catch(err) {
-			logger.error({ err, file }, 'Failed to load provider file')
-		}
-	}
-
-	return providers
-}
-
-/**
- * Get provider summaries (id, name, description, logoUrl)
- */
-export function getProviderList(): ProviderSummary[] {
-	return getAllProviders().map(p => ({
-		providerId: p.providerId,
-		name: p.name,
-		description: p.description,
-		logoUrl: p.logoUrl,
-	}))
-}
-
-/**
- * Get a single provider by providerId
- */
-export function getProviderById(providerId: string): ProviderConfig | undefined {
-	ensureDataDir()
-	// Try direct file lookup first (filename = providerId.json)
-	const directPath = join(DATA_DIR, `${providerId}.json`)
-	if(existsSync(directPath)) {
-		try {
-			const content = readFileSync(directPath, 'utf-8')
-			return JSON.parse(content)
-		} catch(err) {
-			logger.error({ err, providerId }, 'Failed to load provider file')
-		}
-	}
-
-	// Fallback: scan all files, match by providerId or httpProviderId
-	const all = getAllProviders()
-	return all.find(p => p.providerId === providerId || p.httpProviderId === providerId)
-}
-
-/**
- * Save or update a provider
- */
-export function saveProvider(provider: ProviderConfig): void {
-	ensureDataDir()
-	const filePath = join(DATA_DIR, `${provider.providerId}.json`)
-	writeFileSync(filePath, JSON.stringify(provider, null, 2), 'utf-8')
-	logger.info({ providerId: provider.providerId }, 'Provider saved')
-}
-
-/**
- * Delete a provider by providerId
- */
-export function deleteProvider(providerId: string): boolean {
-	const filePath = join(DATA_DIR, `${providerId}.json`)
-	if(existsSync(filePath)) {
-		unlinkSync(filePath)
-		logger.info({ providerId }, 'Provider deleted')
-		return true
-	}
-
-	return false
-}

package/src/server/session-api.ts

@@ -1,115 +0,0 @@
-import type { IncomingMessage, ServerResponse } from 'http'
-import { createSession, getSession, updateSessionStatus, submitProof } from '#src/server/session-store.ts'
-import { logger as LOGGER } from '#src/utils/index.ts'
-
-const logger = LOGGER.child({ module: 'session-api' })
-
-function sendJson(res: ServerResponse, statusCode: number, data: unknown) {
-	res.statusCode = statusCode
-	res.setHeader('Content-Type', 'application/json')
-	res.end(JSON.stringify(data))
-}
-
-function readBody(req: IncomingMessage): Promise<string> {
-	return new Promise((resolve, reject) => {
-		const chunks: Buffer[] = []
-		req.on('data', (chunk: Buffer) => chunks.push(chunk))
-		req.on('end', () => resolve(Buffer.concat(chunks).toString('utf-8')))
-		req.on('error', reject)
-	})
-}
-
-/**
- * Handle session API requests:
- *   POST /api/sdk/init/session/       — create a new session
- *   POST /api/sdk/update/session/     — update session status
- *   GET  /api/sdk/session/:id         — get session data
- *   POST /session/:id/proof           — submit proof
- */
-export async function handleSessionApiRequest(
-	req: IncomingMessage,
-	res: ServerResponse
-) {
-	const url = new URL(req.url!, `http://${req.headers.host}`)
-	const path = url.pathname
-	const method = req.method?.toUpperCase()
-
-	try {
-		// POST /api/sdk/init/session/
-		if(path === '/api/sdk/init/session/' && method === 'POST') {
-			const body = JSON.parse(await readBody(req))
-			const { appId, providerId, timestamp, signature } = body
-
-			if(!appId || !providerId) {
-				sendJson(res, 400, { error: 'Missing required fields: appId, providerId' })
-				return
-			}
-
-			const session = createSession(appId, providerId, timestamp || '', signature || '')
-			logger.info({ sessionId: session.sessionId, providerId }, 'Session created')
-			sendJson(res, 200, {
-				sessionId: session.sessionId,
-				resolvedProviderVersion: '',
-			})
-			return
-		}
-
-		// POST /api/sdk/update/session/
-		if(path === '/api/sdk/update/session/' && method === 'POST') {
-			const body = JSON.parse(await readBody(req))
-			const { sessionId, status } = body
-
-			if(!sessionId || !status) {
-				sendJson(res, 400, { error: 'Missing required fields: sessionId, status' })
-				return
-			}
-
-			const ok = updateSessionStatus(sessionId, status)
-			if(!ok) {
-				sendJson(res, 404, { error: `Session '${sessionId}' not found` })
-				return
-			}
-
-			logger.info({ sessionId, status }, 'Session status updated')
-			sendJson(res, 200, { success: true })
-			return
-		}
-
-		// GET /api/sdk/session/:id
-		const sessionMatch = path.match(/^\/api\/sdk\/session\/(.+)$/)
-		if(sessionMatch && method === 'GET') {
-			const sessionId = decodeURIComponent(sessionMatch[1])
-			const session = getSession(sessionId)
-			if(!session) {
-				sendJson(res, 404, { error: `Session '${sessionId}' not found` })
-				return
-			}
-
-			sendJson(res, 200, session)
-			return
-		}
-
-		// POST /session/:id/proof
-		const proofMatch = path.match(/^\/session\/(.+)\/proof$/)
-		if(proofMatch && method === 'POST') {
-			const sessionId = decodeURIComponent(proofMatch[1])
-			const body = JSON.parse(await readBody(req))
-			const proofs = body.proofs || body
-
-			const ok = submitProof(sessionId, Array.isArray(proofs) ? proofs : [proofs])
-			if(!ok) {
-				sendJson(res, 404, { error: `Session '${sessionId}' not found` })
-				return
-			}
-
-			logger.info({ sessionId }, 'Proof submitted')
-			sendJson(res, 200, { success: true })
-			return
-		}
-
-		sendJson(res, 404, { error: 'Not found' })
-	} catch(err) {
-		logger.error({ err, path, method }, 'Session API error')
-		sendJson(res, 500, { error: 'Internal server error' })
-	}
-}

package/src/server/session-store.ts

@@ -1,60 +0,0 @@
-import { randomUUID } from 'crypto'
-
-export interface Session {
-	sessionId: string
-	appId: string
-	providerId: string
-	timestamp: string
-	signature: string
-	status: string
-	proofs?: unknown[]
-	createdAt: number
-}
-
-const sessions = new Map<string, Session>()
-
-export function createSession(
-	appId: string,
-	providerId: string,
-	timestamp: string,
-	signature: string
-): Session {
-	const sessionId = randomUUID()
-	const session: Session = {
-		sessionId,
-		appId,
-		providerId,
-		timestamp,
-		signature,
-		status: 'SESSION_INIT',
-		createdAt: Date.now(),
-	}
-
-	sessions.set(sessionId, session)
-	return session
-}
-
-export function getSession(sessionId: string): Session | undefined {
-	return sessions.get(sessionId)
-}
-
-export function updateSessionStatus(sessionId: string, status: string): boolean {
-	const session = sessions.get(sessionId)
-	if(!session) {
-		return false
-	}
-
-	session.status = status
-	return true
-}
-
-export function submitProof(sessionId: string, proofs: unknown[]): boolean {
-	const session = sessions.get(sessionId)
-	if(!session) {
-		return false
-	}
-
-	session.proofs = proofs
-	session.status = 'PROOF_SUBMITTED'
-	return true
-}