@lightsparkdev/lightspark-sdk 1.0.5 → 1.0.7

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @lightsparkdev/lightspark-sdk
 
+## 1.0.7
+
+### Patch Changes
+
+- e156e3e: Remote signing webhooks handler and generate latest wasm
+- Updated dependencies [e156e3e]
+  - @lightsparkdev/crypto-wasm@0.1.2
+
+## 1.0.6
+
+### Patch Changes
+
+- ca58c08: Update createSha256Hash with option to return as hex string and accept string data
+- Updated dependencies [ca58c08]
+  - @lightsparkdev/core@1.0.5
+
 ## 1.0.5
 
 ### Patch Changes

package/dist/index.cjs

@@ -1865,6 +1865,7 @@ __export(src_exports, {
   PaymentRequestStatus: () => PaymentRequestStatus_default,
   Permission: () => Permission_default,
   RemoteSigningSubEventType: () => RemoteSigningSubEventType_default,
+  RemoteSigningWebhookHandler: () => RemoteSigningWebhookHandler,
   RiskRating: () => RiskRating_default,
   RoutingTransactionFailureReason: () => RoutingTransactionFailureReason_default,
   SignablePayloadStatus: () => SignablePayloadStatus_default,
@@ -1933,12 +1934,11 @@ var AccountTokenAuthProvider_default = AccountTokenAuthProvider;
 // src/client.ts
 var import_auto_bind15 = __toESM(require("auto-bind"), 1);
 var import_core9 = require("@lightsparkdev/core");
-var import_crypto = require("crypto");
 
 // package.json
 var package_default = {
   name: "@lightsparkdev/lightspark-sdk",
-  version: "1.0.5",
+  version: "1.0.7",
   description: "Lightspark JS SDK",
   author: "Lightspark Inc.",
   keywords: [
@@ -2018,14 +2018,14 @@ var package_default = {
     "lint:watch": "esw ./src -w --ext .ts,.tsx,.js --color",
     lint: "eslint .",
     postversion: "yarn build",
-    test: "jest --no-cache --runInBand --bail",
+    test: "node --experimental-vm-modules $(yarn bin jest) --no-cache --runInBand --bail",
     "types:watch": "tsc-absolute --watch",
     types: "tsc"
   },
   license: "Apache-2.0",
   dependencies: {
-    "@lightsparkdev/core": "1.0.4",
-    "@lightsparkdev/crypto-wasm": "0.1.1",
+    "@lightsparkdev/core": "1.0.5",
+    "@lightsparkdev/crypto-wasm": "0.1.2",
     "auto-bind": "^5.0.1",
     crypto: "^1.0.1",
     "crypto-browserify": "^3.12.0",
@@ -2041,6 +2041,7 @@ var package_default = {
     "@lightsparkdev/tsconfig": "0.0.0",
     "@types/crypto-js": "^4.1.1",
     "@types/jest": "^29.5.3",
+    "@types/node": "^20.2.5",
     "@types/ws": "^8.5.4",
     eslint: "^8.3.0",
     "eslint-watch": "^8.0.0",
@@ -10762,10 +10763,11 @@ var LightsparkClient = class {
    * @returns An Invoice object representing the generated invoice.
    */
   async createLnurlInvoice(nodeId, amountMsats, metadata, expirySecs = void 0) {
+    const metadataHash = await (0, import_core9.createSha256Hash)(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: (0, import_crypto.createHash)("sha256").update(metadata).digest("hex")
+      metadata_hash: metadataHash
     };
     if (expirySecs !== void 0) {
       variables["expiry_secs"] = expirySecs;
@@ -10795,10 +10797,11 @@ var LightsparkClient = class {
    * @returns An Invoice object representing the generated invoice.
    */
   async createUmaInvoice(nodeId, amountMsats, metadata, expirySecs = void 0) {
+    const metadataHash = await (0, import_core9.createSha256Hash)(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: (0, import_crypto.createHash)("sha256").update(metadata).digest("hex"),
+      metadata_hash: metadataHash,
       expiry_secs: expirySecs !== void 0 ? expirySecs : 3600
     };
     const response = await this.requester.makeRawRequest(
@@ -12352,10 +12355,11 @@ ${FRAGMENT33}
 };
 
 // src/webhooks.ts
-var import_crypto2 = require("crypto");
+var import_crypto_wasm = require("@lightsparkdev/crypto-wasm");
 var WEBHOOKS_SIGNATURE_HEADER = "lightspark-signature";
-var verifyAndParseWebhook = (data, hexdigest, webhook_secret) => {
-  const sig = (0, import_crypto2.createHmac)("sha256", webhook_secret).update(data).digest("hex");
+var verifyAndParseWebhook = async (data, hexdigest, webhook_secret) => {
+  const { createHmac } = await import("crypto");
+  const sig = createHmac("sha256", webhook_secret).update(data).digest("hex");
   if (sig.toLowerCase() !== hexdigest.toLowerCase()) {
     throw new Error("Webhook message hash does not match signature");
   }
@@ -12377,6 +12381,31 @@ var parseWebhook = async (data) => {
     wallet_id: event.wallet_id
   };
 };
+var RemoteSigningWebhookHandler = class {
+  client;
+  #masterSeed;
+  validator;
+  constructor(client, masterSeed, validator) {
+    this.client = client;
+    this.#masterSeed = masterSeed;
+    this.validator = validator;
+  }
+  handleWebhookRequest(data, webhookSignature, webhookSecret) {
+    const response = (0, import_crypto_wasm.wasm_handle_remote_signing_webhook_event)(
+      data,
+      webhookSignature,
+      webhookSecret,
+      this.#masterSeed,
+      this.validator
+    );
+    const variables = JSON.parse(response.variables);
+    this.client.executeRawQuery({
+      queryPayload: response.query,
+      variables,
+      constructObject: (rawData) => rawData
+    });
+  }
+};
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   Account,
@@ -12407,6 +12436,7 @@ var parseWebhook = async (data) => {
   PaymentRequestStatus,
   Permission,
   RemoteSigningSubEventType,
+  RemoteSigningWebhookHandler,
   RiskRating,
   RoutingTransactionFailureReason,
   SignablePayloadStatus,

package/dist/index.d.ts

@@ -1,6 +1,6 @@
 import { AuthProvider } from '@lightsparkdev/core';
-import { W as WebhookEventType } from './index-dbf06298.js';
-export { A as Account, a as AccountToApiTokensConnection, b as AccountToChannelsConnection, c as AccountToNodesConnection, d as AccountToPaymentRequestsConnection, e as AccountToTransactionsConnection, f as AccountToWalletsConnection, g as ApiToken, B as Balances, i as BlockchainBalance, C as Channel, j as ChannelClosingTransaction, l as ChannelFees, m as ChannelOpeningTransaction, o as ChannelStatus, p as ChannelToTransactionsConnection, q as ComplianceProvider, r as Connection, s as CreateApiTokenInput, t as CreateApiTokenOutput, u as CreateInvoiceInput, v as CreateInvoiceOutput, w as CreateLnurlInvoiceInput, x as CreateNodeWalletAddressInput, y as CreateNodeWalletAddressOutput, z as CreateTestModeInvoiceInput, D as CreateTestModeInvoiceOutput, E as CreateTestModePaymentInput, F as CreateTestModePaymentoutput, G as CreateUmaInvoiceInput, H as CurrencyAmount, I as CurrencyUnit, J as DeclineToSignMessagesInput, K as DeclineToSignMessagesOutput, M as DeleteApiTokenInput, N as DeleteApiTokenOutput, O as Deposit, Q as Entity, R as FeeEstimate, S as FundNodeInput, T as FundNodeOutput, U as GraphNode, V as Hop, Y as HtlcAttemptFailureCode, Z as IdAndSignature, _ as IncomingPayment, $ as IncomingPaymentAttempt, a1 as IncomingPaymentAttemptStatus, a2 as IncomingPaymentToAttemptsConnection, a3 as Invoice, a5 as InvoiceData, a6 as InvoiceType, a7 as LightningFeeEstimateForInvoiceInput, a8 as LightningFeeEstimateForNodeInput, a9 as LightningFeeEstimateOutput, aa as LightningTransaction, L as LightsparkClient, ac as LightsparkNode, ad as LightsparkNodeOwner, af as LightsparkNodeStatus, ag as LightsparkNodeToChannelsConnection, ah as LightsparkNodeWithOSK, ai as LightsparkNodeWithRemoteSigning, aj as Node, ak as NodeAddress, al as NodeAddressType, am as NodeToAddressesConnection, an as OnChainTransaction, ap as OutgoingPayment, aq as OutgoingPaymentAttempt, ar as OutgoingPaymentAttemptStatus, as as OutgoingPaymentAttemptToHopsConnection, av as OutgoingPaymentToAttemptsConnection, at as OutgoingPaymentsForInvoiceQueryInput, au as OutgoingPaymentsForInvoiceQueryOutput, aw as PageInfo, ax as PayInvoiceInput, ay as PayInvoiceOutput, aF as PayUmaInvoiceInput, az as PaymentDirection, aA as PaymentFailureReason, aB as PaymentRequest, aD as PaymentRequestData, aE as PaymentRequestStatus, aG as Permission, aH as PostTransactionData, aI as RegisterPaymentInput, aJ as RegisterPaymentOutput, aK as ReleaseChannelPerCommitmentSecretInput, aL as ReleaseChannelPerCommitmentSecretOutput, aM as ReleasePaymentPreimageInput, aN as ReleasePaymentPreimageOutput, aO as RemoteSigningSubEventType, aP as RequestWithdrawalInput, aQ as RequestWithdrawalOutput, aR as RichText, aS as RiskRating, aT as RoutingTransaction, aV as RoutingTransactionFailureReason, aW as ScreenNodeInput, aX as ScreenNodeOutput, aY as Secret, aZ as SendPaymentInput, a_ as SendPaymentOutput, a$ as SetInvoicePaymentHashInput, b0 as SetInvoicePaymentHashOutput, b6 as SignInvoiceInput, b7 as SignInvoiceOutput, b8 as SignMessagesInput, b9 as SignMessagesOutput, b1 as Signable, b3 as SignablePayload, b5 as SignablePayloadStatus, ba as SingleNodeDashboard, bb as Transaction, bd as TransactionFailures, be as TransactionStatus, bf as TransactionType, bg as TransactionUpdate, bh as UpdateChannelPerCommitmentPointInput, bi as UpdateChannelPerCommitmentPointOutput, bj as UpdateNodeSharedSecretInput, bk as UpdateNodeSharedSecretOutput, bl as Wallet, bm as WalletStatus, bn as WalletToPaymentRequestsConnection, bo as WalletToTransactionsConnection, bp as Withdrawal, br as WithdrawalMode, bs as WithdrawalRequest, bt as WithdrawalRequestStatus, bu as WithdrawalRequestToChannelClosingTransactionsConnection, bv as WithdrawalRequestToChannelOpeningTransactionsConnection, h as getApiTokenQuery, k as getChannelClosingTransactionQuery, n as getChannelOpeningTransactionQuery, P as getDepositQuery, X as getHopQuery, a0 as getIncomingPaymentAttemptQuery, a4 as getInvoiceQuery, ab as getLightningTransactionQuery, ae as getLightsparkNodeOwnerQuery, ao as getOnChainTransactionQuery, aC as getPaymentRequestQuery, aU as getRoutingTransactionQuery, b4 as getSignablePayloadQuery, b2 as getSignableQuery, bc as getTransactionQuery, bq as getWithdrawalQuery } from './index-dbf06298.js';
+import { W as WebhookEventType, L as LightsparkClient } from './index-dbf06298.js';
+export { A as Account, a as AccountToApiTokensConnection, b as AccountToChannelsConnection, c as AccountToNodesConnection, d as AccountToPaymentRequestsConnection, e as AccountToTransactionsConnection, f as AccountToWalletsConnection, g as ApiToken, B as Balances, i as BlockchainBalance, C as Channel, j as ChannelClosingTransaction, l as ChannelFees, m as ChannelOpeningTransaction, o as ChannelStatus, p as ChannelToTransactionsConnection, q as ComplianceProvider, r as Connection, s as CreateApiTokenInput, t as CreateApiTokenOutput, u as CreateInvoiceInput, v as CreateInvoiceOutput, w as CreateLnurlInvoiceInput, x as CreateNodeWalletAddressInput, y as CreateNodeWalletAddressOutput, z as CreateTestModeInvoiceInput, D as CreateTestModeInvoiceOutput, E as CreateTestModePaymentInput, F as CreateTestModePaymentoutput, G as CreateUmaInvoiceInput, H as CurrencyAmount, I as CurrencyUnit, J as DeclineToSignMessagesInput, K as DeclineToSignMessagesOutput, M as DeleteApiTokenInput, N as DeleteApiTokenOutput, O as Deposit, Q as Entity, R as FeeEstimate, S as FundNodeInput, T as FundNodeOutput, U as GraphNode, V as Hop, Y as HtlcAttemptFailureCode, Z as IdAndSignature, _ as IncomingPayment, $ as IncomingPaymentAttempt, a1 as IncomingPaymentAttemptStatus, a2 as IncomingPaymentToAttemptsConnection, a3 as Invoice, a5 as InvoiceData, a6 as InvoiceType, a7 as LightningFeeEstimateForInvoiceInput, a8 as LightningFeeEstimateForNodeInput, a9 as LightningFeeEstimateOutput, aa as LightningTransaction, ac as LightsparkNode, ad as LightsparkNodeOwner, af as LightsparkNodeStatus, ag as LightsparkNodeToChannelsConnection, ah as LightsparkNodeWithOSK, ai as LightsparkNodeWithRemoteSigning, aj as Node, ak as NodeAddress, al as NodeAddressType, am as NodeToAddressesConnection, an as OnChainTransaction, ap as OutgoingPayment, aq as OutgoingPaymentAttempt, ar as OutgoingPaymentAttemptStatus, as as OutgoingPaymentAttemptToHopsConnection, av as OutgoingPaymentToAttemptsConnection, at as OutgoingPaymentsForInvoiceQueryInput, au as OutgoingPaymentsForInvoiceQueryOutput, aw as PageInfo, ax as PayInvoiceInput, ay as PayInvoiceOutput, aF as PayUmaInvoiceInput, az as PaymentDirection, aA as PaymentFailureReason, aB as PaymentRequest, aD as PaymentRequestData, aE as PaymentRequestStatus, aG as Permission, aH as PostTransactionData, aI as RegisterPaymentInput, aJ as RegisterPaymentOutput, aK as ReleaseChannelPerCommitmentSecretInput, aL as ReleaseChannelPerCommitmentSecretOutput, aM as ReleasePaymentPreimageInput, aN as ReleasePaymentPreimageOutput, aO as RemoteSigningSubEventType, aP as RequestWithdrawalInput, aQ as RequestWithdrawalOutput, aR as RichText, aS as RiskRating, aT as RoutingTransaction, aV as RoutingTransactionFailureReason, aW as ScreenNodeInput, aX as ScreenNodeOutput, aY as Secret, aZ as SendPaymentInput, a_ as SendPaymentOutput, a$ as SetInvoicePaymentHashInput, b0 as SetInvoicePaymentHashOutput, b6 as SignInvoiceInput, b7 as SignInvoiceOutput, b8 as SignMessagesInput, b9 as SignMessagesOutput, b1 as Signable, b3 as SignablePayload, b5 as SignablePayloadStatus, ba as SingleNodeDashboard, bb as Transaction, bd as TransactionFailures, be as TransactionStatus, bf as TransactionType, bg as TransactionUpdate, bh as UpdateChannelPerCommitmentPointInput, bi as UpdateChannelPerCommitmentPointOutput, bj as UpdateNodeSharedSecretInput, bk as UpdateNodeSharedSecretOutput, bl as Wallet, bm as WalletStatus, bn as WalletToPaymentRequestsConnection, bo as WalletToTransactionsConnection, bp as Withdrawal, br as WithdrawalMode, bs as WithdrawalRequest, bt as WithdrawalRequestStatus, bu as WithdrawalRequestToChannelClosingTransactionsConnection, bv as WithdrawalRequestToChannelOpeningTransactionsConnection, h as getApiTokenQuery, k as getChannelClosingTransactionQuery, n as getChannelOpeningTransactionQuery, P as getDepositQuery, X as getHopQuery, a0 as getIncomingPaymentAttemptQuery, a4 as getInvoiceQuery, ab as getLightningTransactionQuery, ae as getLightsparkNodeOwnerQuery, ao as getOnChainTransactionQuery, aC as getPaymentRequestQuery, aU as getRoutingTransactionQuery, b4 as getSignablePayloadQuery, b2 as getSignableQuery, bc as getTransactionQuery, bq as getWithdrawalQuery } from './index-dbf06298.js';
 import { B as BitcoinNetwork } from './BitcoinNetwork-a816c0be.js';
 import 'zen-observable';
 
@@ -27,5 +27,15 @@ interface WebhookEvent {
     wallet_id?: string;
 }
 declare const verifyAndParseWebhook: (data: Uint8Array, hexdigest: string, webhook_secret: string) => Promise<WebhookEvent>;
+type Validator = {
+    should_sign: (event: WebhookEvent) => boolean;
+};
+declare class RemoteSigningWebhookHandler {
+    #private;
+    client: LightsparkClient;
+    validator: Validator;
+    constructor(client: LightsparkClient, masterSeed: Uint8Array, validator: Validator);
+    handleWebhookRequest(data: Uint8Array, webhookSignature: string, webhookSecret: string): void;
+}
 
-export { AccountTokenAuthProvider, BitcoinNetwork, WEBHOOKS_SIGNATURE_HEADER, WebhookEvent, WebhookEventType, assertValidBitcoinNetwork, getBitcoinNetworkOrThrow, isBitcoinNetwork, verifyAndParseWebhook };
+export { AccountTokenAuthProvider, BitcoinNetwork, LightsparkClient, RemoteSigningWebhookHandler, WEBHOOKS_SIGNATURE_HEADER, WebhookEvent, WebhookEventType, assertValidBitcoinNetwork, getBitcoinNetworkOrThrow, isBitcoinNetwork, verifyAndParseWebhook };

package/dist/index.js

@@ -115,6 +115,7 @@ var AccountTokenAuthProvider_default = AccountTokenAuthProvider;
 // src/client.ts
 import autoBind2 from "auto-bind";
 import {
+  createSha256Hash,
   DefaultCrypto as DefaultCrypto2,
   LightsparkAuthException,
   LightsparkException,
@@ -124,12 +125,11 @@ import {
   SigningKeyType as SigningKeyType2,
   StubAuthProvider
 } from "@lightsparkdev/core";
-import { createHash } from "crypto";
 
 // package.json
 var package_default = {
   name: "@lightsparkdev/lightspark-sdk",
-  version: "1.0.5",
+  version: "1.0.7",
   description: "Lightspark JS SDK",
   author: "Lightspark Inc.",
   keywords: [
@@ -209,14 +209,14 @@ var package_default = {
     "lint:watch": "esw ./src -w --ext .ts,.tsx,.js --color",
     lint: "eslint .",
     postversion: "yarn build",
-    test: "jest --no-cache --runInBand --bail",
+    test: "node --experimental-vm-modules $(yarn bin jest) --no-cache --runInBand --bail",
     "types:watch": "tsc-absolute --watch",
     types: "tsc"
   },
   license: "Apache-2.0",
   dependencies: {
-    "@lightsparkdev/core": "1.0.4",
-    "@lightsparkdev/crypto-wasm": "0.1.1",
+    "@lightsparkdev/core": "1.0.5",
+    "@lightsparkdev/crypto-wasm": "0.1.2",
     "auto-bind": "^5.0.1",
     crypto: "^1.0.1",
     "crypto-browserify": "^3.12.0",
@@ -232,6 +232,7 @@ var package_default = {
     "@lightsparkdev/tsconfig": "0.0.0",
     "@types/crypto-js": "^4.1.1",
     "@types/jest": "^29.5.3",
+    "@types/node": "^20.2.5",
     "@types/ws": "^8.5.4",
     eslint: "^8.3.0",
     "eslint-watch": "^8.0.0",
@@ -1312,10 +1313,11 @@ var LightsparkClient = class {
    * @returns An Invoice object representing the generated invoice.
    */
   async createLnurlInvoice(nodeId, amountMsats, metadata, expirySecs = void 0) {
+    const metadataHash = await createSha256Hash(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: createHash("sha256").update(metadata).digest("hex")
+      metadata_hash: metadataHash
     };
     if (expirySecs !== void 0) {
       variables["expiry_secs"] = expirySecs;
@@ -1345,10 +1347,11 @@ var LightsparkClient = class {
    * @returns An Invoice object representing the generated invoice.
    */
   async createUmaInvoice(nodeId, amountMsats, metadata, expirySecs = void 0) {
+    const metadataHash = await createSha256Hash(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: createHash("sha256").update(metadata).digest("hex"),
+      metadata_hash: metadataHash,
       expiry_secs: expirySecs !== void 0 ? expirySecs : 3600
     };
     const response = await this.requester.makeRawRequest(
@@ -1725,9 +1728,10 @@ var LightsparkClient = class {
 var client_default = LightsparkClient;
 
 // src/webhooks.ts
-import { createHmac } from "crypto";
+import { wasm_handle_remote_signing_webhook_event } from "@lightsparkdev/crypto-wasm";
 var WEBHOOKS_SIGNATURE_HEADER = "lightspark-signature";
-var verifyAndParseWebhook = (data, hexdigest, webhook_secret) => {
+var verifyAndParseWebhook = async (data, hexdigest, webhook_secret) => {
+  const { createHmac } = await import("crypto");
   const sig = createHmac("sha256", webhook_secret).update(data).digest("hex");
   if (sig.toLowerCase() !== hexdigest.toLowerCase()) {
     throw new Error("Webhook message hash does not match signature");
@@ -1750,6 +1754,31 @@ var parseWebhook = async (data) => {
     wallet_id: event.wallet_id
   };
 };
+var RemoteSigningWebhookHandler = class {
+  client;
+  #masterSeed;
+  validator;
+  constructor(client, masterSeed, validator) {
+    this.client = client;
+    this.#masterSeed = masterSeed;
+    this.validator = validator;
+  }
+  handleWebhookRequest(data, webhookSignature, webhookSecret) {
+    const response = wasm_handle_remote_signing_webhook_event(
+      data,
+      webhookSignature,
+      webhookSecret,
+      this.#masterSeed,
+      this.validator
+    );
+    const variables = JSON.parse(response.variables);
+    this.client.executeRawQuery({
+      queryPayload: response.query,
+      variables,
+      constructObject: (rawData) => rawData
+    });
+  }
+};
 export {
   Account_default as Account,
   AccountToChannelsConnection_default as AccountToChannelsConnection,
@@ -1779,6 +1808,7 @@ export {
   PaymentRequestStatus_default as PaymentRequestStatus,
   Permission_default as Permission,
   RemoteSigningSubEventType_default as RemoteSigningSubEventType,
+  RemoteSigningWebhookHandler,
   RiskRating_default as RiskRating,
   RoutingTransactionFailureReason_default as RoutingTransactionFailureReason,
   SignablePayloadStatus_default as SignablePayloadStatus,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lightsparkdev/lightspark-sdk",
-  "version": "1.0.5",
+  "version": "1.0.7",
   "description": "Lightspark JS SDK",
   "author": "Lightspark Inc.",
   "keywords": [
@@ -80,14 +80,14 @@
     "lint:watch": "esw ./src -w --ext .ts,.tsx,.js --color",
     "lint": "eslint .",
     "postversion": "yarn build",
-    "test": "jest --no-cache --runInBand --bail",
+    "test": "node --experimental-vm-modules $(yarn bin jest) --no-cache --runInBand --bail",
     "types:watch": "tsc-absolute --watch",
     "types": "tsc"
   },
   "license": "Apache-2.0",
   "dependencies": {
-    "@lightsparkdev/core": "1.0.4",
-    "@lightsparkdev/crypto-wasm": "0.1.1",
+    "@lightsparkdev/core": "1.0.5",
+    "@lightsparkdev/crypto-wasm": "0.1.2",
     "auto-bind": "^5.0.1",
     "crypto": "^1.0.1",
     "crypto-browserify": "^3.12.0",
@@ -103,6 +103,7 @@
     "@lightsparkdev/tsconfig": "0.0.0",
     "@types/crypto-js": "^4.1.1",
     "@types/jest": "^29.5.3",
+    "@types/node": "^20.2.5",
     "@types/ws": "^8.5.4",
     "eslint": "^8.3.0",
     "eslint-watch": "^8.0.0",

package/src/client.ts

@@ -12,6 +12,7 @@ import type {
   SigningKey,
 } from "@lightsparkdev/core";
 import {
+  createSha256Hash,
   DefaultCrypto,
   LightsparkAuthException,
   LightsparkException,
@@ -21,7 +22,6 @@ import {
   SigningKeyType,
   StubAuthProvider,
 } from "@lightsparkdev/core";
-import { createHash } from "crypto";
 import packageJson from "../package.json";
 import { BitcoinFeeEstimate as BitcoinFeeEstimateQuery } from "./graphql/BitcoinFeeEstimate.js";
 import { CreateApiToken } from "./graphql/CreateApiToken.js";
@@ -479,10 +479,11 @@ class LightsparkClient {
     metadata: string,
     expirySecs: number | undefined = undefined,
   ): Promise<Invoice | undefined> {
+    const metadataHash = await createSha256Hash(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: createHash("sha256").update(metadata).digest("hex"),
+      metadata_hash: metadataHash,
     };
     if (expirySecs !== undefined) {
       variables["expiry_secs"] = expirySecs;
@@ -518,10 +519,11 @@ class LightsparkClient {
     metadata: string,
     expirySecs: number | undefined = undefined,
   ): Promise<Invoice | undefined> {
+    const metadataHash = await createSha256Hash(metadata, true);
     const variables = {
       node_id: nodeId,
       amount_msats: amountMsats,
-      metadata_hash: createHash("sha256").update(metadata).digest("hex"),
+      metadata_hash: metadataHash,
       expiry_secs: expirySecs !== undefined ? expirySecs : 3600,
     };
     const response = await this.requester.makeRawRequest(

package/src/webhooks.ts

@@ -1,4 +1,5 @@
-import { createHmac } from "crypto";
+import { wasm_handle_remote_signing_webhook_event } from "@lightsparkdev/crypto-wasm";
+import type LightsparkClient from "./client.js";
 import { WebhookEventType } from "./objects/WebhookEventType.js";
 
 export const WEBHOOKS_SIGNATURE_HEADER = "lightspark-signature";
@@ -11,11 +12,13 @@ export interface WebhookEvent {
   wallet_id?: string;
 }
 
-export const verifyAndParseWebhook = (
+export const verifyAndParseWebhook = async (
   data: Uint8Array,
   hexdigest: string,
   webhook_secret: string,
 ): Promise<WebhookEvent> => {
+  /* dynamic import to avoid bundling crypto in browser */
+  const { createHmac } = await import("crypto");
   const sig = createHmac("sha256", webhook_secret).update(data).digest("hex");
 
   if (sig.toLowerCase() !== hexdigest.toLowerCase()) {
@@ -42,3 +45,43 @@ const parseWebhook = async (data: Uint8Array): Promise<WebhookEvent> => {
     wallet_id: event.wallet_id,
   };
 };
+
+type Validator = {
+  should_sign: (event: WebhookEvent) => boolean;
+};
+
+export class RemoteSigningWebhookHandler {
+  client: LightsparkClient;
+  #masterSeed: Uint8Array;
+  validator: Validator;
+
+  constructor(
+    client: LightsparkClient,
+    masterSeed: Uint8Array,
+    validator: Validator,
+  ) {
+    this.client = client;
+    this.#masterSeed = masterSeed;
+    this.validator = validator;
+  }
+
+  handleWebhookRequest(
+    data: Uint8Array,
+    webhookSignature: string,
+    webhookSecret: string,
+  ) {
+    const response = wasm_handle_remote_signing_webhook_event(
+      data,
+      webhookSignature,
+      webhookSecret,
+      this.#masterSeed,
+      this.validator,
+    );
+    const variables = JSON.parse(response.variables);
+    this.client.executeRawQuery({
+      queryPayload: response.query,
+      variables,
+      constructObject: (rawData: unknown) => rawData,
+    });
+  }
+}