@lukso/core 1.2.10-dev.84ae4e5 → 1.2.11-dev.c409ee8

package/dist/utils/index.js

@@ -1,16 +1,32 @@
 import {
+  EIP1271_MAGIC_VALUE,
   EXTENSION_STORE_LINKS,
   UrlConverter,
   UrlResolver,
   browserInfo,
-  slug
-} from "../chunk-GFLV5EJV.js";
+  createMessage,
+  createSignedQR,
+  getControllerAddress,
+  getEIP1271Data,
+  isSignedQRFormat,
+  parseSignedQR,
+  slug,
+  verifySignedQR
+} from "../chunk-RECO5F6T.js";
 import "../chunk-ET7EYHRY.js";
 export {
+  EIP1271_MAGIC_VALUE,
   EXTENSION_STORE_LINKS,
   UrlConverter,
   UrlResolver,
   browserInfo,
-  slug
+  createMessage,
+  createSignedQR,
+  getControllerAddress,
+  getEIP1271Data,
+  isSignedQRFormat,
+  parseSignedQR,
+  slug,
+  verifySignedQR
 };
 //# sourceMappingURL=index.js.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lukso/core",
-  "version": "1.2.10-dev.84ae4e5",
+  "version": "1.2.11-dev.c409ee8",
   "description": "Core utilities, services, and mixins for LUKSO web components and applications",
   "main": "./dist/index.cjs",
   "module": "./dist/index.js",

package/src/utils/__tests__/signed-profile-urls.spec.ts

@@ -0,0 +1,276 @@
+import type { Hex } from 'viem'
+import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+import {
+  createMessage,
+  createSignedQR,
+  EIP1271_MAGIC_VALUE,
+  getControllerAddress,
+  getEIP1271Data,
+  isSignedQRFormat,
+  parseSignedQR,
+  verifySignedQR,
+} from '../signed-profile-urls.js'
+
+describe('signed-qr-code', () => {
+  let privateKey: Hex
+  const profileAddress = '0x1234567890123456789012345678901234567890'
+  const chainId = 42
+
+  beforeEach(() => {
+    privateKey = generatePrivateKey()
+    // Mock Date.now for consistent timestamps in tests
+    vi.useFakeTimers()
+    vi.setSystemTime(new Date('2024-01-27T12:00:00Z'))
+  })
+
+  afterEach(() => {
+    vi.useRealTimers()
+  })
+
+  describe('createMessage', () => {
+    it('creates a deterministic message', () => {
+      const message = createMessage(profileAddress, chainId, 1706356800)
+      expect(message).toBe(
+        'ethereum:0x1234567890123456789012345678901234567890@42?ts=1706356800'
+      )
+    })
+
+    it('lowercases the address', () => {
+      const message = createMessage(
+        '0xABCDEF1234567890123456789012345678901234',
+        chainId,
+        1706356800
+      )
+      expect(message).toContain('0xabcdef1234567890123456789012345678901234')
+    })
+  })
+
+  describe('createSignedQR', () => {
+    it('creates a valid signed URI', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+
+      expect(uri).toMatch(
+        /^ethereum:0x[a-f0-9]{40}@\d+\?ts=\d+&sig=0x[a-f0-9]+$/
+      )
+    })
+
+    it('uses current timestamp by default (no offset)', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+      const parsed = parseSignedQR(uri)
+
+      const now = Math.floor(Date.now() / 1000)
+      expect(parsed?.timestamp).toBe(now) // default offset is 0
+    })
+
+    it('respects generationOffsetSeconds option', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId, {
+        generationOffsetSeconds: 3,
+      })
+      const parsed = parseSignedQR(uri)
+
+      const now = Math.floor(Date.now() / 1000)
+      expect(parsed?.timestamp).toBe(now + 3)
+    })
+
+    it('caps generationOffsetSeconds at 5 seconds', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId, {
+        generationOffsetSeconds: 100, // way over the limit
+      })
+      const parsed = parseSignedQR(uri)
+
+      const now = Math.floor(Date.now() / 1000)
+      expect(parsed?.timestamp).toBe(now + 5) // capped at 5
+    })
+
+    it('does not allow negative generationOffsetSeconds', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId, {
+        generationOffsetSeconds: -10,
+      })
+      const parsed = parseSignedQR(uri)
+
+      const now = Math.floor(Date.now() / 1000)
+      expect(parsed?.timestamp).toBe(now) // clamped to 0
+    })
+
+    it('uses custom signer when provided', async () => {
+      const controllerAddress = getControllerAddress(privateKey)
+
+      // Create a custom signer that uses signMessage (EIP-191)
+      const customSigner = async (message: string) => {
+        const account = privateKeyToAccount(privateKey)
+        return account.signMessage({ message })
+      }
+
+      const uri = await createSignedQR(null, profileAddress, chainId, {
+        signer: customSigner,
+      })
+
+      const result = await verifySignedQR(uri)
+      expect(result.isValid).toBe(true)
+      expect(result.recoveredAddress).toBe(controllerAddress.toLowerCase())
+    })
+
+    it('throws when neither privateKey nor signer is provided', async () => {
+      await expect(
+        createSignedQR(null, profileAddress, chainId)
+      ).rejects.toThrow(
+        'Either a valid privateKey or options.signer must be provided'
+      )
+    })
+
+    it('throws when privateKey is 0x and no signer provided', async () => {
+      await expect(
+        createSignedQR('0x', profileAddress, chainId)
+      ).rejects.toThrow(
+        'Either a valid privateKey or options.signer must be provided'
+      )
+    })
+  })
+
+  describe('parseSignedQR', () => {
+    it('parses a valid URI', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+      const parsed = parseSignedQR(uri)
+
+      expect(parsed).not.toBeNull()
+      expect(parsed?.profileAddress).toBe(profileAddress.toLowerCase())
+      expect(parsed?.chainId).toBe(chainId)
+      expect(parsed?.signature).toMatch(/^0x[a-f0-9]+$/)
+    })
+
+    it('returns null for invalid format', () => {
+      expect(parseSignedQR('invalid')).toBeNull()
+      expect(parseSignedQR('ethereum:invalid')).toBeNull()
+      expect(parseSignedQR('http://example.com')).toBeNull()
+    })
+
+    it('returns null for missing signature', () => {
+      expect(
+        parseSignedQR(
+          'ethereum:0x1234567890123456789012345678901234567890@42?ts=123'
+        )
+      ).toBeNull()
+    })
+  })
+
+  describe('verifySignedQR', () => {
+    it('verifies a freshly created QR', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId, {
+        generationOffsetSeconds: 0,
+      })
+      const result = await verifySignedQR(uri)
+
+      expect(result.isValid).toBe(true)
+      expect(result.isExpired).toBe(false)
+      expect(result.profileAddress).toBe(profileAddress.toLowerCase())
+      expect(result.chainId).toBe(chainId)
+    })
+
+    it('recovers the correct controller address', async () => {
+      const controllerAddress = getControllerAddress(privateKey)
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+      const result = await verifySignedQR(uri)
+
+      expect(result.recoveredAddress).toBe(controllerAddress.toLowerCase())
+    })
+
+    it('marks expired QR as invalid', async () => {
+      // Create a QR at current time
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+
+      // Advance time by 2 minutes (past the 60 second maxAge)
+      vi.advanceTimersByTime(120 * 1000)
+
+      const result = await verifySignedQR(uri, { maxAgeSeconds: 60 })
+
+      expect(result.isValid).toBe(false)
+      expect(result.isExpired).toBe(true)
+    })
+
+    it('allows skipping timestamp validation', async () => {
+      // Create a QR at current time
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+
+      // Advance time by 2 minutes (would normally be expired)
+      vi.advanceTimersByTime(120 * 1000)
+
+      const result = await verifySignedQR(uri, {
+        skipTimestampValidation: true,
+      })
+
+      expect(result.isValid).toBe(true)
+      expect(result.isExpired).toBe(false)
+    })
+
+    it('throws for invalid URI format', async () => {
+      await expect(verifySignedQR('invalid')).rejects.toThrow(
+        'Invalid QR format'
+      )
+    })
+  })
+
+  describe('isSignedQRFormat', () => {
+    it('returns true for valid format', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+      expect(isSignedQRFormat(uri)).toBe(true)
+    })
+
+    it('returns false for invalid formats', () => {
+      expect(isSignedQRFormat('invalid')).toBe(false)
+      expect(isSignedQRFormat('ethereum:0x123')).toBe(false)
+      expect(isSignedQRFormat('http://example.com')).toBe(false)
+    })
+  })
+
+  describe('getControllerAddress', () => {
+    it('returns the address for a private key', () => {
+      const address = getControllerAddress(privateKey)
+      expect(address).toMatch(/^0x[a-fA-F0-9]{40}$/)
+    })
+  })
+
+  describe('getEIP1271Data', () => {
+    it('returns hash and signature for EIP-1271 verification', async () => {
+      const uri = await createSignedQR(privateKey, profileAddress, chainId)
+      const result = await verifySignedQR(uri)
+      const { hash, signature } = getEIP1271Data(uri, result)
+
+      expect(hash).toMatch(/^0x[a-f0-9]{64}$/)
+      expect(signature).toMatch(/^0x[a-f0-9]+$/)
+      expect(hash).toBe(result.messageHash)
+    })
+  })
+
+  describe('EIP1271_MAGIC_VALUE', () => {
+    it('is the correct magic value', () => {
+      expect(EIP1271_MAGIC_VALUE).toBe('0x1626ba7e')
+    })
+  })
+
+  describe('round-trip verification', () => {
+    it('creates and verifies QR for different chain IDs', async () => {
+      for (const testChainId of [42, 4201, 1]) {
+        const uri = await createSignedQR(
+          privateKey,
+          profileAddress,
+          testChainId,
+          { generationOffsetSeconds: 0 }
+        )
+        const result = await verifySignedQR(uri)
+
+        expect(result.isValid).toBe(true)
+        expect(result.chainId).toBe(testChainId)
+      }
+    })
+
+    it('signature is deterministic for same inputs', async () => {
+      // With the same timestamp, the signature should be the same
+      const timestamp = Math.floor(Date.now() / 1000)
+      const message1 = createMessage(profileAddress, chainId, timestamp)
+      const message2 = createMessage(profileAddress, chainId, timestamp)
+
+      expect(message1).toBe(message2)
+    })
+  })
+})

package/src/utils/index.ts

@@ -1,5 +1,14 @@
 export type { BrowserInfo, BrowserName } from './browserInfo.js'
 export { browserInfo, EXTENSION_STORE_LINKS } from './browserInfo.js'
-
+export {
+  createMessage,
+  createSignedQR,
+  EIP1271_MAGIC_VALUE,
+  getControllerAddress,
+  getEIP1271Data,
+  isSignedQRFormat,
+  parseSignedQR,
+  verifySignedQR,
+} from './signed-profile-urls.js'
 export { slug } from './slug.js'
 export { UrlConverter, UrlResolver } from './url-resolver.js'