@lightsparkdev/core 0.1.3

package/src/auth/LightsparkAuthException.ts

@@ -0,0 +1,11 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+import LightsparkException from "../LightsparkException.js";
+
+class LightsparkAuthException extends LightsparkException {
+  constructor(message: string, extraInfo?: any) {
+    super("AuthException", message, extraInfo);
+  }
+}
+
+export default LightsparkAuthException;

package/src/auth/StubAuthProvider.ts

@@ -0,0 +1,16 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+import AuthProvider from "./AuthProvider.js";
+
+export default class StubAuthProvider implements AuthProvider {
+  async addAuthHeaders(headers: any): Promise<any> {
+    return headers;
+  }
+  async isAuthorized(): Promise<boolean> {
+    return false;
+  }
+
+  addWsConnectionParams(params: any): any {
+    return params;
+  }
+}

package/src/auth/index.ts

@@ -0,0 +1,5 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+export { default as AuthProvider } from "./AuthProvider.js";
+export { default as LightsparkAuthException } from "./LightsparkAuthException.js";
+export { default as StubAuthProvider } from "./StubAuthProvider.js";

package/src/crypto/LightsparkSigningException.ts

@@ -0,0 +1,11 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+import LightsparkException from "../LightsparkException.js";
+
+class LightsparkSigningException extends LightsparkException {
+  constructor(message: string, extraInfo?: any) {
+    super("SigningException", message, extraInfo);
+  }
+}
+
+export default LightsparkSigningException;

package/src/crypto/NodeKeyCache.ts

@@ -0,0 +1,46 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+import autoBind from "auto-bind";
+
+import { b64decode } from "../utils/base64.js";
+import { getCrypto } from "./crypto.js";
+
+class NodeKeyCache {
+  private idToKey: Map<string, CryptoKey>;
+  constructor() {
+    this.idToKey = new Map();
+    autoBind(this);
+  }
+
+  public async loadKey(id: string, rawKey: string): Promise<CryptoKey | null> {
+    const decoded = b64decode(rawKey);
+    try {
+      const cryptoImpl = await getCrypto();
+      const key = await cryptoImpl.subtle.importKey(
+        "pkcs8",
+        decoded,
+        {
+          name: "RSA-PSS",
+          hash: "SHA-256",
+        },
+        true,
+        ["sign"]
+      );
+      this.idToKey.set(id, key);
+      return key;
+    } catch (e) {
+      console.log("Error importing key: ", e);
+    }
+    return null;
+  }
+
+  public getKey(id: string): CryptoKey | undefined {
+    return this.idToKey.get(id);
+  }
+
+  public hasKey(id: string): boolean {
+    return this.idToKey.has(id);
+  }
+}
+
+export default NodeKeyCache;

package/src/crypto/crypto.ts

@@ -0,0 +1,258 @@
+// Copyright  ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+import LightsparkException from "../LightsparkException.js";
+
+import { b64decode, b64encode } from "../utils/base64.js";
+
+const ITERATIONS = 500000;
+
+export function getCrypto() {
+  let cryptoImplPromise: Promise<typeof crypto>;
+  if (typeof crypto !== "undefined") {
+    cryptoImplPromise = Promise.resolve(crypto);
+  } else {
+    cryptoImplPromise = import("crypto").then((nodeCrypto) => {
+      return nodeCrypto as typeof crypto;
+    });
+  }
+  return cryptoImplPromise;
+}
+
+const getRandomValues = async (arr: Uint8Array): Promise<Uint8Array> => {
+  if (typeof crypto !== "undefined") {
+    return crypto.getRandomValues(arr);
+  } else {
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
+  }
+};
+
+const getRandomValues32 = async (arr: Uint32Array): Promise<Uint32Array> => {
+  if (typeof crypto !== "undefined") {
+    return crypto.getRandomValues(arr);
+  } else {
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
+  }
+};
+
+const deriveKey = async (
+  password: string,
+  salt: ArrayBuffer,
+  iterations: number,
+  algorithm: string,
+  bit_len: number
+): Promise<[CryptoKey, ArrayBuffer]> => {
+  const enc = new TextEncoder();
+  const cryptoImpl = await getCrypto();
+  const password_key = await cryptoImpl.subtle.importKey(
+    "raw",
+    enc.encode(password),
+    "PBKDF2",
+    false,
+    ["deriveBits", "deriveKey"]
+  );
+
+  const derived = await cryptoImpl.subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations: iterations,
+      hash: "SHA-256",
+    },
+    password_key,
+    bit_len
+  );
+
+  // Split the derived bytes into a 32 byte AES key and a 16 byte IV
+  const key = await cryptoImpl.subtle.importKey(
+    "raw",
+    derived.slice(0, 32),
+    { name: algorithm, length: 256 },
+    false,
+    ["encrypt", "decrypt"]
+  );
+
+  const iv = derived.slice(32);
+
+  return [key, iv];
+};
+
+export const encrypt = async (
+  plaintext: ArrayBuffer,
+  password: string,
+  salt?: Uint8Array
+): Promise<[string, string]> => {
+  if (!salt) {
+    salt = new Uint8Array(16);
+    getRandomValues(salt);
+  }
+
+  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
+  const cryptoImpl = await getCrypto();
+
+  const encrypted = new Uint8Array(
+    await cryptoImpl.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
+  );
+
+  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
+  output.set(salt);
+  output.set(encrypted, salt.byteLength);
+
+  const header = {
+    v: 4,
+    i: ITERATIONS,
+  };
+
+  return [JSON.stringify(header), b64encode(output)];
+};
+
+export const decrypt = async (
+  header_json: string,
+  ciphertext: string,
+  password: string
+): Promise<ArrayBuffer> => {
+  var decoded = b64decode(ciphertext);
+
+  var header;
+  if (header_json === "AES_256_CBC_PBKDF2_5000_SHA256") {
+    header = {
+      v: 0,
+      i: 5000,
+    };
+    // Strip "Salted__" prefix
+    decoded = decoded.slice(8);
+  } else {
+    header = JSON.parse(header_json);
+  }
+
+  if (header.v < 0 || header.v > 4) {
+    throw new LightsparkException(
+      "DecryptionError",
+      "Unknown version ".concat(header.v)
+    );
+  }
+
+  const cryptoImpl = await getCrypto();
+  const algorithm = header.v < 2 ? "AES-CBC" : "AES-GCM";
+  const bit_len = header.v < 4 ? 384 : 352;
+  const salt_len = header.v < 4 ? 8 : 16;
+
+  if (header.lsv === 2 || header.v === 3) {
+    const salt = decoded.slice(decoded.length - 8, decoded.length);
+    const nonce = decoded.slice(0, 12);
+    const cipherText = decoded.slice(12, decoded.length - 8);
+    // eslint-disable-next-line @typescript-eslint/no-unused-vars
+    const [key, _iv] = await deriveKey(
+      password,
+      salt,
+      header.i,
+      algorithm,
+      256
+    );
+    return await cryptoImpl.subtle.decrypt(
+      { name: algorithm, iv: nonce.buffer },
+      key,
+      cipherText
+    );
+  } else {
+    const salt = decoded.slice(0, salt_len);
+    const encrypted = decoded.slice(salt_len);
+    const [key, iv] = await deriveKey(
+      password,
+      salt,
+      header.i,
+      algorithm,
+      bit_len
+    );
+    return await cryptoImpl.subtle.decrypt(
+      { name: algorithm, iv },
+      key,
+      encrypted
+    );
+  }
+};
+
+export async function decryptSecretWithNodePassword(
+  cipher: string,
+  encryptedSecret: string,
+  nodePassword: string
+): Promise<ArrayBuffer | null> {
+  let decryptedValue: ArrayBuffer | null = null;
+  try {
+    decryptedValue = await decrypt(cipher, encryptedSecret, nodePassword);
+  } catch (ex) {
+    // If the password is incorrect, we're likely to get UTF-8 decoding errors.
+    // Catch everything and we'll leave the value as the empty string.
+    console.error(ex);
+  }
+  return decryptedValue;
+}
+
+export function decode(arrBuff: ArrayBuffer): string {
+  const dec = new TextDecoder();
+  return dec.decode(arrBuff);
+}
+
+export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.generateKey(
+    /*algorithm:*/ {
+      name: "RSA-PSS",
+      modulusLength: 4096,
+      publicExponent: new Uint8Array([1, 0, 1]),
+      hash: "SHA-256",
+    },
+    /*extractable*/ true,
+    /*keyUsages*/ ["sign", "verify"]
+  );
+};
+
+export const serializeSigningKey = async (
+  key: CryptoKey,
+  format: "pkcs8" | "spki"
+): Promise<ArrayBuffer> => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.exportKey(/*format*/ format, /*key*/ key);
+};
+
+export const encryptWithNodeKey = async (
+  key: CryptoKey,
+  data: string
+): Promise<string> => {
+  const enc = new TextEncoder();
+  const encoded = enc.encode(data);
+  // @ts-ignore
+  const encrypted = await cryptoImpl.subtle.encrypt(
+    /*algorithm:*/ {
+      name: "RSA-OAEP",
+    },
+    /*key*/ key,
+    /*data*/ encoded
+  );
+  // @ts-ignore
+  return b64encode(encrypted);
+};
+
+export const loadNodeEncryptionKey = async (
+  rawPublicKey: string
+): Promise<CryptoKey> => {
+  const encoded = b64decode(rawPublicKey);
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.importKey(
+    /*format*/ "spki",
+    /*keyData*/ encoded,
+    /*algorithm:*/ {
+      name: "RSA-OAEP",
+      hash: "SHA-256",
+    },
+    /*extractable*/ true,
+    /*keyUsages*/ ["encrypt"]
+  );
+};
+
+export const getNonce = async () => {
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+
+export { default as LightsparkSigningException } from "./LightsparkSigningException.js";

package/src/crypto/index.ts

@@ -0,0 +1,5 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+export * from "./crypto.js";
+export { default as LightsparkSigningException } from "./LightsparkSigningException.js";
+export { default as NodeKeyCache } from "./NodeKeyCache.js";

package/src/index.ts

@@ -0,0 +1,11 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+export * from "./auth/index.js";
+export * from "./crypto/index.js";
+export { default as LightsparkException } from "./LightsparkException.js";
+export * from "./requester/index.js";
+export {
+  apiDomainForEnvironment,
+  default as ServerEnvironment,
+} from "./ServerEnvironment.js";
+export * from "./utils/index.js";

package/src/requester/Query.ts

@@ -0,0 +1,17 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+type Query<T> = {
+  /** The string representation of the query payload for graphQL. **/
+  queryPayload: string;
+
+  /** The variables that will be passed to the query. **/
+  variables?: { [key: string]: any };
+
+  /** The function that will be called to construct the object from the response. **/
+  constructObject: (rawData: any) => T;
+
+  /** The id of the node that will be used to sign the query. **/
+  signingNodeId?: string;
+};
+
+export default Query;

package/src/requester/Requester.ts

@@ -0,0 +1,226 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+import autoBind from "auto-bind";
+import dayjs from "dayjs";
+import utc from "dayjs/plugin/utc.js";
+import { Client as WsClient, createClient } from "graphql-ws";
+import NodeWebSocket from "ws";
+import { Observable } from "zen-observable-ts";
+
+import Query from "./Query.js";
+
+import AuthProvider from "../auth/AuthProvider.js";
+import StubAuthProvider from "../auth/StubAuthProvider.js";
+import {
+  getCrypto,
+  getNonce,
+  LightsparkSigningException,
+} from "../crypto/crypto.js";
+import NodeKeyCache from "../crypto/NodeKeyCache.js";
+import LightsparkException from "../LightsparkException.js";
+import { b64encode } from "../utils/base64.js";
+import { isNode } from "../utils/environment.js";
+
+const DEFAULT_BASE_URL = "api.lightspark.com";
+export const LIGHTSPARK_BETA_HEADER_KEY = "X-Lightspark-Beta";
+export const LIGHTSPARK_BETA_HEADER_VALUE =
+  "z2h0BBYxTA83cjW7fi8QwWtBPCzkQKiemcuhKY08LOo";
+dayjs.extend(utc);
+
+class Requester {
+  private readonly wsClient: WsClient;
+  constructor(
+    private readonly nodeKeyCache: NodeKeyCache,
+    private readonly schemaEndpoint: string,
+    private readonly authProvider: AuthProvider = new StubAuthProvider(),
+    private readonly baseUrl: string = DEFAULT_BASE_URL
+  ) {
+    let websocketImpl;
+    if (typeof WebSocket === "undefined" && typeof window === "undefined") {
+      websocketImpl = NodeWebSocket;
+    }
+    this.wsClient = createClient({
+      url: `wss://${this.baseUrl}/${this.schemaEndpoint}`,
+      connectionParams: authProvider.addWsConnectionParams({}),
+      webSocketImpl: websocketImpl,
+    });
+    autoBind(this);
+  }
+
+  public async executeQuery<T>(query: Query<T>): Promise<T | null> {
+    const data = await this.makeRawRequest(
+      query.queryPayload,
+      query.variables || {},
+      query.signingNodeId
+    );
+    return query.constructObject(data);
+  }
+
+  public subscribe(
+    queryPayload: string,
+    variables: { [key: string]: any } = {}
+  ): Observable<any> {
+    const operationNameRegex = /^\s*(query|mutation|subscription)\s+(\w+)/i;
+    const operationMatch = queryPayload.match(operationNameRegex);
+    if (!operationMatch || operationMatch.length < 3) {
+      throw new LightsparkException("InvalidQuery", "Invalid query payload");
+    }
+    const operationType = operationMatch[1];
+    if (operationType == "mutation") {
+      throw new LightsparkException(
+        "InvalidQuery",
+        "Mutation queries should call makeRawRequest instead"
+      );
+    }
+    // Undefined variables need to be null instead.
+    for (const key in variables) {
+      if (variables[key] === undefined) {
+        variables[key] = null;
+      }
+    }
+    const operation = operationMatch[2];
+    let bodyData = {
+      query: queryPayload,
+      variables,
+      operationName: operation,
+    };
+
+    return new Observable((observer) =>
+      this.wsClient.subscribe(bodyData, {
+        next: (data) => observer.next(data),
+        error: (err) => observer.error(err),
+        complete: () => observer.complete(),
+      })
+    );
+  }
+
+  public async makeRawRequest(
+    queryPayload: string,
+    variables: { [key: string]: any } = {},
+    signingNodeId: string | undefined = undefined
+  ): Promise<any | null> {
+    const operationNameRegex = /^\s*(query|mutation|subscription)\s+(\w+)/i;
+    const operationMatch = queryPayload.match(operationNameRegex);
+    if (!operationMatch || operationMatch.length < 3) {
+      throw new LightsparkException("InvalidQuery", "Invalid query payload");
+    }
+    const operationType = operationMatch[1];
+    if (operationType == "subscription") {
+      throw new LightsparkException(
+        "InvalidQuery",
+        "Subscription queries should call subscribe instead"
+      );
+    }
+    // Undefined variables need to be null instead.
+    for (const key in variables) {
+      if (variables[key] === undefined) {
+        variables[key] = null;
+      }
+    }
+    const operation = operationMatch[2];
+    let bodyData = {
+      query: queryPayload,
+      variables,
+      operationName: operation,
+    };
+    const browserUserAgent =
+      typeof navigator !== "undefined" ? navigator.userAgent : "";
+    const sdkUserAgent = this.getSdkUserAgent();
+    const headers = await this.authProvider.addAuthHeaders({
+      "Content-Type": "application/json",
+      [LIGHTSPARK_BETA_HEADER_KEY]: LIGHTSPARK_BETA_HEADER_VALUE,
+      "X-Lightspark-SDK": sdkUserAgent,
+      "User-Agent": browserUserAgent || sdkUserAgent,
+    });
+    bodyData = await this.addSigningDataIfNeeded(
+      bodyData,
+      headers,
+      signingNodeId
+    );
+
+    const response = await fetch(
+      `https://${this.baseUrl}/${this.schemaEndpoint}`,
+      {
+        method: "POST",
+        headers: headers,
+        body: JSON.stringify(bodyData),
+      }
+    );
+    if (!response.ok) {
+      throw new LightsparkException(
+        "RequestFailed",
+        `Request ${operation} failed. ${response.statusText}`
+      );
+    }
+    const responseJson = await response.json();
+    const data = responseJson.data;
+    if (!data) {
+      throw new LightsparkException(
+        "RequestFailed",
+        `Request ${operation} failed. ${JSON.stringify(responseJson.errors)}`
+      );
+    }
+    return data;
+  }
+
+  private getSdkUserAgent(): string {
+    const platform = isNode ? "NodeJS" : "Browser";
+    const platformVersion = isNode ? process.version : "";
+    // TODO(Jeremy): Figure out how to properly load this from the package.json. Using an import
+    // is breaking the streaming sats extension.
+    const sdkVersion = "1.0.4";
+    return `lightspark-js-sdk/${sdkVersion} ${platform}/${platformVersion}`;
+  }
+
+  private async addSigningDataIfNeeded(
+    queryPayload: { query: string; variables: any; operationName: string },
+    headers: { [key: string]: string },
+    signingNodeId: string | undefined
+  ): Promise<any> {
+    if (!signingNodeId) {
+      return queryPayload;
+    }
+
+    const query = queryPayload.query;
+    const variables = queryPayload.variables;
+    const operationName = queryPayload.operationName;
+
+    const nonce = await getNonce();
+    const expiration = dayjs.utc().add(1, "hour").format();
+
+    const payload = {
+      query,
+      variables,
+      operationName,
+      nonce,
+      expires_at: expiration,
+    };
+
+    const key = await this.nodeKeyCache.getKey(signingNodeId);
+    if (!key) {
+      throw new LightsparkSigningException(
+        "Missing node of encrypted_signing_private_key"
+      );
+    }
+
+    const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
+    const cryptoImpl = await getCrypto();
+    const signedPayload = await cryptoImpl.subtle.sign(
+      {
+        name: "RSA-PSS",
+        saltLength: 32,
+      },
+      key,
+      encodedPayload
+    );
+    const encodedSignedPayload = b64encode(signedPayload);
+
+    headers["X-Lightspark-Signing"] = JSON.stringify({
+      v: "1",
+      signature: encodedSignedPayload,
+    });
+    return payload;
+  }
+}
+
+export default Requester;

package/src/requester/index.ts

@@ -0,0 +1,4 @@
+// Copyright ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
+
+export { default as Query } from "./Query.js";
+export { default as Requester } from "./Requester.js";

package/src/utils/base64.ts

@@ -0,0 +1,15 @@
+// Copyright  ©, 2023, Lightspark Group, Inc. - All Rights Reserved
+
+export const b64decode = (encoded: string): Uint8Array => {
+  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+};
+
+export const urlsafe_b64decode = (encoded: string): Uint8Array => {
+  return b64decode(encoded.replace(/_/g, "/").replace(/-/g, "+"));
+};
+
+export const b64encode = (data: ArrayBuffer): string => {
+  return btoa(
+    String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
+  );
+};