@lightsparkdev/core 0.2.0 → 0.2.2

package/dist/index.js

@@ -34,14 +34,44 @@ var StubAuthProvider = class {
 };
 
 // src/utils/base64.ts
+var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+var Base64 = {
+  btoa: (input = "") => {
+    let str = input;
+    let output = "";
+    for (let block = 0, charCode, i = 0, map = chars; str.charAt(i | 0) || (map = "=", i % 1); output += map.charAt(63 & block >> 8 - i % 1 * 8)) {
+      charCode = str.charCodeAt(i += 3 / 4);
+      if (charCode > 255) {
+        throw new Error(
+          "'btoa' failed: The string to be encoded contains characters outside of the Latin1 range."
+        );
+      }
+      block = block << 8 | charCode;
+    }
+    return output;
+  },
+  atob: (input = "") => {
+    let str = input.replace(/=+$/, "");
+    let output = "";
+    if (str.length % 4 == 1) {
+      throw new Error(
+        "'atob' failed: The string to be decoded is not correctly encoded."
+      );
+    }
+    for (let bc = 0, bs = 0, buffer, i = 0; buffer = str.charAt(i++); ~buffer && (bs = bc % 4 ? bs * 64 + buffer : buffer, bc++ % 4) ? output += String.fromCharCode(255 & bs >> (-2 * bc & 6)) : 0) {
+      buffer = chars.indexOf(buffer);
+    }
+    return output;
+  }
+};
 var b64decode = (encoded) => {
-  return Uint8Array.from(atob(encoded), (c) => c.charCodeAt(0));
+  return Uint8Array.from(Base64.atob(encoded), (c) => c.charCodeAt(0));
 };
 var urlsafe_b64decode = (encoded) => {
   return b64decode(encoded.replace(/_/g, "/").replace(/-/g, "+"));
 };
 var b64encode = (data) => {
-  return btoa(
+  return Base64.btoa(
     String.fromCharCode.apply(null, Array.from(new Uint8Array(data)))
   );
 };
@@ -55,8 +85,7 @@ var LightsparkSigningException = class extends LightsparkException_default {
 var LightsparkSigningException_default = LightsparkSigningException;
 
 // src/crypto/crypto.ts
-var ITERATIONS = 5e5;
-function getCrypto() {
+var getCrypto = () => {
   let cryptoImplPromise;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -66,34 +95,26 @@ function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-var getRandomValues = async (arr) => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
-  }
 };
 var getRandomValues32 = async (arr) => {
   if (typeof crypto !== "undefined") {
     return crypto.getRandomValues(arr);
   } else {
-    const cryptoImpl2 = await getCrypto();
-    return cryptoImpl2.getRandomValues(arr);
+    const cryptoImpl = await getCrypto();
+    return cryptoImpl.getRandomValues(arr);
   }
 };
 var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const enc = new TextEncoder();
-  const cryptoImpl2 = await getCrypto();
-  const password_key = await cryptoImpl2.subtle.importKey(
+  const cryptoImpl = await getCrypto();
+  const password_key = await cryptoImpl.subtle.importKey(
     "raw",
     enc.encode(password),
     "PBKDF2",
     false,
     ["deriveBits", "deriveKey"]
   );
-  const derived = await cryptoImpl2.subtle.deriveBits(
+  const derived = await cryptoImpl.subtle.deriveBits(
     {
       name: "PBKDF2",
       salt,
@@ -103,7 +124,7 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
     password_key,
     bit_len
   );
-  const key = await cryptoImpl2.subtle.importKey(
+  const key = await cryptoImpl.subtle.importKey(
     "raw",
     derived.slice(0, 32),
     { name: algorithm, length: 256 },
@@ -113,25 +134,6 @@ var deriveKey = async (password, salt, iterations, algorithm, bit_len) => {
   const iv = derived.slice(32);
   return [key, iv];
 };
-var encrypt = async (plaintext, password, salt) => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl2 = await getCrypto();
-  const encrypted = new Uint8Array(
-    await cryptoImpl2.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-  const header = {
-    v: 4,
-    i: ITERATIONS
-  };
-  return [JSON.stringify(header), b64encode(output)];
-};
 var decrypt = async (header_json, ciphertext, password) => {
   var decoded = b64decode(ciphertext);
   var header;
@@ -150,7 +152,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       "Unknown version ".concat(header.v)
     );
   }
-  const cryptoImpl2 = await getCrypto();
+  const cryptoImpl = await getCrypto();
   const algorithm = header.v < 2 ? "AES-CBC" : "AES-GCM";
   const bit_len = header.v < 4 ? 384 : 352;
   const salt_len = header.v < 4 ? 8 : 16;
@@ -165,7 +167,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       256
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv: nonce.buffer },
       key,
       cipherText
@@ -180,7 +182,7 @@ var decrypt = async (header_json, ciphertext, password) => {
       algorithm,
       bit_len
     );
-    return await cryptoImpl2.subtle.decrypt(
+    return await cryptoImpl.subtle.decrypt(
       { name: algorithm, iv },
       key,
       encrypted
@@ -196,13 +198,9 @@ async function decryptSecretWithNodePassword(cipher, encryptedSecret, nodePasswo
   }
   return decryptedValue;
 }
-function decode(arrBuff) {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
 var generateSigningKeyPair = async () => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.generateKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/
     {
       name: "RSA-PSS",
@@ -217,74 +215,72 @@ var generateSigningKeyPair = async () => {
   );
 };
 var serializeSigningKey = async (key, format) => {
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.exportKey(
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.exportKey(
     /*format*/
     format,
     /*key*/
     key
   );
 };
-var encryptWithNodeKey = async (key, data) => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/
+var getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+var sign = async (key, data) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
     {
-      name: "RSA-OAEP"
+      name: "RSA-PSS",
+      saltLength: 32
     },
-    /*key*/
     key,
-    /*data*/
-    encoded
+    data
   );
-  return b64encode(encrypted);
 };
-var loadNodeEncryptionKey = async (rawPublicKey) => {
-  const encoded = b64decode(rawPublicKey);
-  const cryptoImpl2 = await getCrypto();
-  return await cryptoImpl2.subtle.importKey(
+var importPrivateSigningKey = async (keyData, format) => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.importKey(
     /*format*/
-    "spki",
+    format,
     /*keyData*/
-    encoded,
-    /*algorithm:*/
+    keyData,
+    /*algorithm*/
     {
-      name: "RSA-OAEP",
+      name: "RSA-PSS",
       hash: "SHA-256"
     },
     /*extractable*/
     true,
     /*keyUsages*/
-    ["encrypt"]
+    ["sign"]
   );
 };
-var getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+var DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey
 };
 
 // src/crypto/NodeKeyCache.ts
 import autoBind from "auto-bind";
 var NodeKeyCache = class {
-  idToKey;
-  constructor() {
+  constructor(cryptoImpl = DefaultCrypto) {
+    this.cryptoImpl = cryptoImpl;
     this.idToKey = /* @__PURE__ */ new Map();
     autoBind(this);
   }
-  async loadKey(id, rawKey) {
-    const decoded = b64decode(rawKey);
+  idToKey;
+  async loadKey(id, rawKey, format = "pkcs8") {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl2 = await getCrypto();
-      const key = await cryptoImpl2.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256"
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -299,6 +295,9 @@ var NodeKeyCache = class {
   hasKey(id) {
     return this.idToKey.has(id);
   }
+  stripPemTags(pem) {
+    return pem.replace(/-----BEGIN (.*)-----/, "").replace(/-----END (.*)----/, "");
+  }
 };
 var NodeKeyCache_default = NodeKeyCache;
 
@@ -320,11 +319,13 @@ var LIGHTSPARK_BETA_HEADER_KEY = "X-Lightspark-Beta";
 var LIGHTSPARK_BETA_HEADER_VALUE = "z2h0BBYxTA83cjW7fi8QwWtBPCzkQKiemcuhKY08LOo";
 dayjs.extend(utc);
 var Requester = class {
-  constructor(nodeKeyCache, schemaEndpoint, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL) {
+  constructor(nodeKeyCache, schemaEndpoint, sdkUserAgent, authProvider = new StubAuthProvider(), baseUrl = DEFAULT_BASE_URL, cryptoImpl = DefaultCrypto) {
     this.nodeKeyCache = nodeKeyCache;
     this.schemaEndpoint = schemaEndpoint;
+    this.sdkUserAgent = sdkUserAgent;
     this.authProvider = authProvider;
     this.baseUrl = baseUrl;
+    this.cryptoImpl = cryptoImpl;
     let websocketImpl;
     if (typeof WebSocket === "undefined" && typeof window === "undefined") {
       websocketImpl = NodeWebSocket;
@@ -441,8 +442,7 @@ var Requester = class {
   getSdkUserAgent() {
     const platform = isNode ? "NodeJS" : "Browser";
     const platformVersion = isNode ? process.version : "";
-    const sdkVersion = "1.0.4";
-    return `lightspark-js-sdk/${sdkVersion} ${platform}/${platformVersion}`;
+    return `${this.sdkUserAgent} ${platform}/${platformVersion}`;
   }
   async addSigningDataIfNeeded(queryPayload, headers, signingNodeId) {
     if (!signingNodeId) {
@@ -451,7 +451,7 @@ var Requester = class {
     const query = queryPayload.query;
     const variables = queryPayload.variables;
     const operationName = queryPayload.operationName;
-    const nonce = await getNonce();
+    const nonce = await this.cryptoImpl.getNonce();
     const expiration = dayjs.utc().add(1, "hour").format();
     const payload = {
       query,
@@ -466,16 +466,11 @@ var Requester = class {
         "Missing node of encrypted_signing_private_key"
       );
     }
+    if (typeof TextEncoder === "undefined") {
+      const TextEncoder2 = (await import("text-encoding")).TextEncoder;
+    }
     const encodedPayload = new TextEncoder().encode(JSON.stringify(payload));
-    const cryptoImpl2 = await getCrypto();
-    const signedPayload = await cryptoImpl2.subtle.sign(
-      {
-        name: "RSA-PSS",
-        saltLength: 32
-      },
-      key,
-      encodedPayload
-    );
+    const signedPayload = await this.cryptoImpl.sign(key, encodedPayload);
     const encodedSignedPayload = b64encode(signedPayload);
     headers["X-Lightspark-Signing"] = JSON.stringify({
       v: "1",
@@ -574,6 +569,7 @@ var isType = (typename) => (node) => {
   return node?.__typename === typename;
 };
 export {
+  DefaultCrypto,
   LightsparkAuthException_default as LightsparkAuthException,
   LightsparkException_default as LightsparkException,
   LightsparkSigningException_default as LightsparkSigningException,
@@ -585,18 +581,8 @@ export {
   b64decode,
   b64encode,
   convertCurrencyAmount,
-  decode,
-  decrypt,
-  decryptSecretWithNodePassword,
-  encrypt,
-  encryptWithNodeKey,
-  generateSigningKeyPair,
-  getCrypto,
-  getNonce,
   isBrowser,
   isNode,
   isType,
-  loadNodeEncryptionKey,
-  serializeSigningKey,
   urlsafe_b64decode
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightsparkdev/core",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Lightspark JS SDK",
   "author": "Lightspark Inc.",
   "keywords": [
@@ -52,6 +52,7 @@
     "dayjs": "^1.11.7",
     "graphql": "^16.6.0",
     "graphql-ws": "^5.11.3",
+    "text-encoding": "^0.7.0",
     "ws": "^8.12.1",
     "zen-observable-ts": "^1.1.0"
   },

package/src/crypto/NodeKeyCache.ts

@@ -3,28 +3,25 @@
 import autoBind from "auto-bind";
 
 import { b64decode } from "../utils/base64.js";
-import { getCrypto } from "./crypto.js";
+import { CryptoInterface, DefaultCrypto } from "./crypto.js";
 
 class NodeKeyCache {
-  private idToKey: Map<string, CryptoKey>;
-  constructor() {
+  private idToKey: Map<string, CryptoKey | Uint8Array>;
+  constructor(private readonly cryptoImpl: CryptoInterface = DefaultCrypto) {
     this.idToKey = new Map();
     autoBind(this);
   }
 
-  public async loadKey(id: string, rawKey: string): Promise<CryptoKey | null> {
-    const decoded = b64decode(rawKey);
+  public async loadKey(
+    id: string,
+    rawKey: string,
+    format: "pkcs8" | "spki" = "pkcs8"
+  ): Promise<CryptoKey | Uint8Array | null> {
+    const decoded = b64decode(this.stripPemTags(rawKey));
     try {
-      const cryptoImpl = await getCrypto();
-      const key = await cryptoImpl.subtle.importKey(
-        "pkcs8",
+      const key = await this.cryptoImpl.importPrivateSigningKey(
         decoded,
-        {
-          name: "RSA-PSS",
-          hash: "SHA-256",
-        },
-        true,
-        ["sign"]
+        format
       );
       this.idToKey.set(id, key);
       return key;
@@ -34,13 +31,19 @@ class NodeKeyCache {
     return null;
   }
 
-  public getKey(id: string): CryptoKey | undefined {
+  public getKey(id: string): CryptoKey | Uint8Array | undefined {
     return this.idToKey.get(id);
   }
 
   public hasKey(id: string): boolean {
     return this.idToKey.has(id);
   }
+
+  private stripPemTags(pem: string): string {
+    return pem
+      .replace(/-----BEGIN (.*)-----/, "")
+      .replace(/-----END (.*)----/, "");
+  }
 }
 
 export default NodeKeyCache;

package/src/crypto/crypto.ts

@@ -1,11 +1,36 @@
 // Copyright  ©, 2023-present, Lightspark Group, Inc. - All Rights Reserved
 import LightsparkException from "../LightsparkException.js";
 
-import { b64decode, b64encode } from "../utils/base64.js";
+import { b64decode } from "../utils/base64.js";
 
-const ITERATIONS = 500000;
+export type CryptoInterface = {
+  decryptSecretWithNodePassword: (
+    cipher: string,
+    encryptedSecret: string,
+    nodePassword: string
+  ) => Promise<ArrayBuffer | null>;
 
-export function getCrypto() {
+  generateSigningKeyPair: () => Promise<{
+    publicKey: CryptoKey | string;
+    privateKey: CryptoKey | string;
+  }>;
+
+  serializeSigningKey: (
+    key: CryptoKey | string,
+    format: "pkcs8" | "spki"
+  ) => Promise<ArrayBuffer>;
+
+  getNonce: () => Promise<number>;
+
+  sign: (key: CryptoKey | Uint8Array, data: Uint8Array) => Promise<ArrayBuffer>;
+
+  importPrivateSigningKey: (
+    keyData: Uint8Array,
+    format: "pkcs8" | "spki"
+  ) => Promise<CryptoKey | Uint8Array>;
+};
+
+const getCrypto = () => {
   let cryptoImplPromise: Promise<typeof crypto>;
   if (typeof crypto !== "undefined") {
     cryptoImplPromise = Promise.resolve(crypto);
@@ -15,15 +40,6 @@ export function getCrypto() {
     });
   }
   return cryptoImplPromise;
-}
-
-const getRandomValues = async (arr: Uint8Array): Promise<Uint8Array> => {
-  if (typeof crypto !== "undefined") {
-    return crypto.getRandomValues(arr);
-  } else {
-    const cryptoImpl = await getCrypto();
-    return cryptoImpl.getRandomValues(arr);
-  }
 };
 
 const getRandomValues32 = async (arr: Uint32Array): Promise<Uint32Array> => {
@@ -77,36 +93,7 @@ const deriveKey = async (
   return [key, iv];
 };
 
-export const encrypt = async (
-  plaintext: ArrayBuffer,
-  password: string,
-  salt?: Uint8Array
-): Promise<[string, string]> => {
-  if (!salt) {
-    salt = new Uint8Array(16);
-    getRandomValues(salt);
-  }
-
-  const [key, iv] = await deriveKey(password, salt, ITERATIONS, "AES-GCM", 352);
-  const cryptoImpl = await getCrypto();
-
-  const encrypted = new Uint8Array(
-    await cryptoImpl.subtle.encrypt({ name: "AES-GCM", iv }, key, plaintext)
-  );
-
-  const output = new Uint8Array(salt.byteLength + encrypted.byteLength);
-  output.set(salt);
-  output.set(encrypted, salt.byteLength);
-
-  const header = {
-    v: 4,
-    i: ITERATIONS,
-  };
-
-  return [JSON.stringify(header), b64encode(output)];
-};
-
-export const decrypt = async (
+const decrypt = async (
   header_json: string,
   ciphertext: string,
   password: string
@@ -172,7 +159,7 @@ export const decrypt = async (
   }
 };
 
-export async function decryptSecretWithNodePassword(
+async function decryptSecretWithNodePassword(
   cipher: string,
   encryptedSecret: string,
   nodePassword: string
@@ -188,12 +175,9 @@ export async function decryptSecretWithNodePassword(
   return decryptedValue;
 }
 
-export function decode(arrBuff: ArrayBuffer): string {
-  const dec = new TextDecoder();
-  return dec.decode(arrBuff);
-}
-
-export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
+const generateSigningKeyPair = async (): Promise<
+  CryptoKeyPair | { publicKey: string; privateKey: string }
+> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.generateKey(
     /*algorithm:*/ {
@@ -207,52 +191,62 @@ export const generateSigningKeyPair = async (): Promise<CryptoKeyPair> => {
   );
 };
 
-export const serializeSigningKey = async (
-  key: CryptoKey,
+const serializeSigningKey = async (
+  key: CryptoKey | string,
   format: "pkcs8" | "spki"
 ): Promise<ArrayBuffer> => {
   const cryptoImpl = await getCrypto();
-  return await cryptoImpl.subtle.exportKey(/*format*/ format, /*key*/ key);
+  return await cryptoImpl.subtle.exportKey(
+    /*format*/ format,
+    /*key*/ key as CryptoKey
+  );
 };
 
-export const encryptWithNodeKey = async (
-  key: CryptoKey,
-  data: string
-): Promise<string> => {
-  const enc = new TextEncoder();
-  const encoded = enc.encode(data);
-  // @ts-ignore
-  const encrypted = await cryptoImpl.subtle.encrypt(
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+const getNonce = async () => {
+  const cryptoImpl = await getCrypto();
+  const nonceSt = await getRandomValues32(new Uint32Array(1));
+  return Number(nonceSt);
+};
+
+const sign = async (
+  key: CryptoKey | Uint8Array,
+  data: Uint8Array
+): Promise<ArrayBuffer> => {
+  const cryptoImpl = await getCrypto();
+  return await cryptoImpl.subtle.sign(
+    {
+      name: "RSA-PSS",
+      saltLength: 32,
     },
-    /*key*/ key,
-    /*data*/ encoded
+    key as CryptoKey,
+    data
   );
-  // @ts-ignore
-  return b64encode(encrypted);
 };
 
-export const loadNodeEncryptionKey = async (
-  rawPublicKey: string
-): Promise<CryptoKey> => {
-  const encoded = b64decode(rawPublicKey);
+const importPrivateSigningKey = async (
+  keyData: Uint8Array,
+  format: "pkcs8" | "spki"
+): Promise<CryptoKey | Uint8Array> => {
   const cryptoImpl = await getCrypto();
   return await cryptoImpl.subtle.importKey(
-    /*format*/ "spki",
-    /*keyData*/ encoded,
-    /*algorithm:*/ {
-      name: "RSA-OAEP",
+    /*format*/ format,
+    /*keyData*/ keyData,
+    /*algorithm*/ {
+      name: "RSA-PSS",
       hash: "SHA-256",
     },
     /*extractable*/ true,
-    /*keyUsages*/ ["encrypt"]
+    /*keyUsages*/ ["sign"]
   );
 };
 
-export const getNonce = async () => {
-  const nonceSt = await getRandomValues32(new Uint32Array(1));
-  return Number(nonceSt);
+export const DefaultCrypto = {
+  decryptSecretWithNodePassword,
+  generateSigningKeyPair,
+  serializeSigningKey,
+  getNonce,
+  sign,
+  importPrivateSigningKey,
 };
 
 export { default as LightsparkSigningException } from "./LightsparkSigningException.js";