@mezo-org/passport 0.4.0-dev.64 → 0.4.0-dev.66

package/src/utils/siww.ts

@@ -1,4 +1,7 @@
-import { SignInWithWalletMessage } from "@mezo-org/sign-in-with-wallet"
+import {
+  SignInWithWalletErrorType,
+  SignInWithWalletMessage,
+} from "@mezo-org/sign-in-with-wallet"
 import { ONE_DAY_MS } from "./time"
 
 const SESSION_EXPIRATION_DURATION_MS = 14 * ONE_DAY_MS
@@ -13,19 +16,71 @@ export function createSignInWithWalletMessage(
 ) {
   const { host: domain, origin: uri } = window.location
 
-  const message = new SignInWithWalletMessage({
-    domain,
-    address, // if "bitcoin" this should be btc address, not underlaying eth address
-    uri,
-    nonce,
-    issuedAt: new Date().toISOString(),
-    expirationTime: new Date(
-      Date.now() + SESSION_EXPIRATION_DURATION_MS,
-    ).toISOString(),
-    version: "1",
-    chainId: networkFamily === "evm" ? chainId : undefined,
-    networkFamily,
-  })
-
-  return message.prepareMessage()
+  let siwwMessage
+  try {
+    siwwMessage = new SignInWithWalletMessage({
+      domain,
+      address, // if "bitcoin" this should be btc address, not underlaying eth address
+      uri,
+      nonce,
+      issuedAt: new Date().toISOString(),
+      expirationTime: new Date(
+        Date.now() + SESSION_EXPIRATION_DURATION_MS,
+      ).toISOString(),
+      version: "1",
+      chainId: networkFamily === "evm" ? chainId : undefined,
+      networkFamily,
+    })
+  } catch (error) {
+    throw new Error(`Failed to create sign in with wallet message: ${error}`)
+  }
+
+  return siwwMessage.prepareMessage()
+}
+
+class SIWWDomainError extends Error {
+  constructor(message: string) {
+    super(`Error when verifying domain in SIWW message: ${message}`)
+    this.name = "SIWWDomainError"
+  }
+}
+
+export async function verifyDomainInSignInWithWalletMessage(
+  message: string,
+  signature: string,
+  nonce: string,
+) {
+  const { host: domain } = window.location
+  let siwwMessage: SignInWithWalletMessage
+  try {
+    siwwMessage = new SignInWithWalletMessage(message)
+  } catch (error) {
+    throw new SIWWDomainError("Failed to parse SIWW message")
+  }
+
+  if (!siwwMessage.expirationTime) {
+    throw new SIWWDomainError("SIWW messages must have an expiration time set")
+  }
+
+  const result = await siwwMessage.verify(
+    {
+      signature,
+      // Nonce has to match the session ID carried in the request.
+      nonce,
+      domain,
+      // Time is used as a reference to verify the expiration time set in the
+      // message.
+      time: new Date().toISOString(),
+    },
+    { suppressExceptions: true },
+  )
+
+  if (
+    result.error &&
+    result.error.type === SignInWithWalletErrorType.DOMAIN_MISMATCH
+  ) {
+    throw new SIWWDomainError(
+      "Domain does not match provided domain for verification.",
+    )
+  }
 }

package/src/utils/validation.ts

@@ -0,0 +1,42 @@
+// NOTE: This was copied from mezo-portal and is based on the validation from
+// workers/passport-auth/src/utils/mezo-id.ts.
+
+// Most of these are restrictions for an DNS hostname label (i.e., the part
+// before/after `.` in a full hostname) as outlined in RFC1034
+// (https://www.rfc-editor.org/rfc/rfc1034).
+//
+// A few addenda are made to ensure that nothing can sneak through that could
+// look like an Ethereum or Bitcoin address.
+const DISALLOWED_USERNAME_PATTERNS: { pattern: RegExp; error: string }[] = [
+  // RFC1034.
+  { pattern: /^$/, error: "Must not be empty." },
+  { pattern: /^.{16,}$/, error: "Must have 15 characters or fewer." },
+  {
+    pattern: /^[^A-Za-z]/,
+    error: "Must start with a one of the letters A-Z or a-z.",
+  },
+  {
+    pattern: /[^A-Za-z0-9-]/,
+    error:
+      "Must only use letters or numbers (A-Z, a-z, or 0-9), or hyphen (-).",
+  },
+  { pattern: /-$/, error: "Must not end in a hyphen (-)." },
+  // On-chain shenanigan avoidance.
+  { pattern: /0x/i, error: "Must not contain 0x." },
+  {
+    pattern: /^(?:bc1|tb1|[a-z]pub|[a-z]priv)/i,
+    error: "Must not start with a Bitcoin magic string.",
+  },
+  {
+    pattern: /^m[0-9]+$/i,
+    error: 'No "m" + "numeric string" prefixes.',
+  },
+]
+
+export function validateUsername(username: string): string[] {
+  const errors = DISALLOWED_USERNAME_PATTERNS.flatMap(({ pattern, error }) =>
+    pattern.test(username) ? [error] : [],
+  )
+
+  return errors
+}

package/src/utils/wagmi.ts

@@ -0,0 +1,12 @@
+import { OrangeKitConnector } from "@mezo-org/orangekit"
+import { Connector } from "wagmi"
+
+export async function getBitcoinPublicKeyFromConnector(connector: Connector) {
+  if (connector.type !== "orangekit") return undefined
+
+  const provider = (
+    connector as unknown as OrangeKitConnector
+  ).getBitcoinProvider()
+
+  return provider.getPublicKey()
+}

package/src/wallet/index.ts

@@ -1,9 +1,10 @@
 export {
+  BitcoinWalletConnectionError,
   getOKXWallet,
   getUnisatWallet,
   getXverseWallet,
-  BitcoinWalletConnectionError,
-  WalletNetworkDoesNotMatchProviderChainError,
   isUnsupportedBitcoinAddressError,
   isWalletNetworkDoesNotMatchProviderChainError,
+  OrangeKitConnector,
+  WalletNetworkDoesNotMatchProviderChainError,
 } from "@mezo-org/orangekit"