@novasamatech/host-papp 0.5.0-0 → 0.5.0-10

package/dist/sso/sessionManager/impl.js

@@ -0,0 +1,71 @@
+import { createEncryption } from '@novasamatech/statement-store';
+import { okAsync } from 'neverthrow';
+import { createState } from '../../helpers/state.js';
+import { createSsoStatementProver } from '../ssoSessionProver.js';
+import { createUserSession } from './userSession.js';
+export function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, statementStore, storage, }) {
+    const localSessions = createState({});
+    const disconnect = (session) => {
+        return ssoSessionRepository.filter(s => s.id !== session.id).map(() => undefined);
+    };
+    ssoSessionRepository.subscribe(userSessions => {
+        const activeSessions = localSessions.read();
+        const toRemove = new Set(Object.keys(activeSessions));
+        const toAdd = new Set();
+        for (const userSession of userSessions) {
+            if (userSession.id in activeSessions)
+                continue;
+            const session = createSession(userSession, statementStore, storage, userSecretRepository);
+            toRemove.delete(userSession.id);
+            toAdd.add(session);
+            session.subscribe(message => {
+                switch (message.data.tag) {
+                    case 'v1': {
+                        switch (message.data.value.tag) {
+                            case 'Disconnected':
+                                return disconnect(userSession).map(() => true);
+                        }
+                    }
+                }
+                return okAsync(false);
+            });
+        }
+        if (toRemove.size > 0) {
+            localSessions.write(prev => {
+                return Object.fromEntries(Object.entries(prev).filter(([id]) => !toRemove.has(id)));
+            });
+        }
+        if (toAdd.size > 0) {
+            localSessions.write(prev => ({
+                ...prev,
+                ...Object.fromEntries(Array.from(toAdd).map(s => [s.id, s])),
+            }));
+        }
+    });
+    return {
+        sessions: {
+            read: () => Object.values(localSessions.read()),
+            subscribe: (callback) => localSessions.subscribe(sessions => callback(Object.values(sessions))),
+        },
+        disconnect(userSession) {
+            const session = createSession(userSession, statementStore, storage, userSecretRepository);
+            return session.sendDisconnectMessage().andThen(() => disconnect(userSession));
+        },
+        dispose() {
+            for (const session of Object.values(localSessions.read())) {
+                session.dispose();
+            }
+        },
+    };
+}
+function createSession(userSession, statementStore, storage, userSecretRepository) {
+    const encryption = createEncryption(userSession.remoteAccount.publicKey);
+    const prover = createSsoStatementProver(userSession, userSecretRepository);
+    return createUserSession({
+        userSession,
+        statementStore,
+        encryption,
+        storage,
+        prover,
+    });
+}

package/dist/sso/sessionManager/repository/ssoSessionRepository.d.ts

@@ -0,0 +1,22 @@
+import type { LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+export type SsoSessionRepository = ReturnType<typeof createSsoSessionRepository>;
+export type UserSession = {
+    id: string;
+    local: LocalSessionAccount;
+    remote: RemoteSessionAccount;
+};
+export declare function createUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount): UserSession;
+type Params = {
+    storage: StorageAdapter;
+};
+export declare const createSsoSessionRepository: ({ storage }: Params) => {
+    add(value: UserSession): import("neverthrow").ResultAsync<UserSession, Error>;
+    filter(fn: (value: UserSession) => boolean): import("neverthrow").ResultAsync<UserSession[], Error>;
+    mutate(fn: (value: UserSession[]) => UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error>;
+    read(): import("neverthrow").ResultAsync<UserSession[], Error>;
+    write(value: UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error> | import("neverthrow").ResultAsync<null, Error>;
+    clear(): import("neverthrow").ResultAsync<void, Error>;
+    subscribe(fn: (value: UserSession[]) => void): VoidFunction;
+};
+export {};

package/dist/sso/sessionManager/repository/ssoSessionRepository.js

@@ -0,0 +1,27 @@
+import { LocalSessionAccountCodec, RemoteSessionAccountCodec } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { nanoid } from 'nanoid';
+import { Struct, Vector, str } from 'scale-ts';
+const userSessionCodec = Struct({
+    id: str,
+    local: LocalSessionAccountCodec,
+    remote: RemoteSessionAccountCodec,
+});
+export function createUserSession(localAccount, remoteAccount) {
+    return {
+        id: nanoid(12),
+        local: localAccount,
+        remote: remoteAccount,
+    };
+}
+const userSessionsCodec = Vector(userSessionCodec);
+export const createSsoSessionRepository = ({ storage }) => {
+    return fieldListView({
+        storage,
+        key: 'SsoSessions',
+        initial: [],
+        from: x => userSessionsCodec.dec(fromHex(x)),
+        to: x => toHex(userSessionsCodec.enc(x)),
+    });
+};

package/dist/sso/sessionManager/scale/hex.d.ts

@@ -0,0 +1 @@
+export declare const hexCodec: import("scale-ts").Codec<`0x${string}`>;

package/dist/sso/sessionManager/scale/hex.js

@@ -0,0 +1,3 @@
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { Bytes, enhanceCodec } from 'scale-ts';
+export const hexCodec = enhanceCodec(Bytes(), fromHex, v => toHex(v));

package/dist/sso/sessionManager/scale/remoteMessage.d.ts

@@ -0,0 +1,41 @@
+export declare const RemoteMessageCodec: import("scale-ts").Codec<{
+    messageId: string;
+    data: {
+        tag: "v1";
+        value: {
+            tag: "Disconnected";
+            value: undefined;
+        } | {
+            tag: "SignRequest";
+            value: {
+                address: string;
+                blockHash: `0x${string}`;
+                blockNumber: `0x${string}`;
+                era: `0x${string}`;
+                genesisHash: `0x${string}`;
+                method: string;
+                nonce: `0x${string}`;
+                specVersion: `0x${string}`;
+                tip: `0x${string}`;
+                transactionVersion: `0x${string}`;
+                signedExtensions: string[];
+                version: number;
+                assetId: `0x${string}` | undefined;
+                mode: number | undefined;
+                withSignedTransaction: boolean | undefined;
+            };
+        } | {
+            tag: "SignResponse";
+            value: {
+                respondingTo: string;
+                payload: {
+                    tag: "signature";
+                    value: Uint8Array<ArrayBufferLike>;
+                } | {
+                    tag: "signedTransaction";
+                    value: Uint8Array<ArrayBufferLike>;
+                };
+            };
+        };
+    };
+}>;

package/dist/sso/sessionManager/scale/remoteMessage.js

@@ -0,0 +1,13 @@
+import { Enum, Struct, _void, str } from 'scale-ts';
+import { SignPayloadRequestCodec } from './signPayloadRequest.js';
+import { SignPayloadResponseCodec } from './signPayloadResponse.js';
+export const RemoteMessageCodec = Struct({
+    messageId: str,
+    data: Enum({
+        v1: Enum({
+            Disconnected: _void,
+            SignRequest: SignPayloadRequestCodec,
+            SignResponse: SignPayloadResponseCodec,
+        }),
+    }),
+});

package/dist/sso/sessionManager/scale/signPayloadRequest.d.ts

@@ -0,0 +1,19 @@
+import type { CodecType } from 'scale-ts';
+export type SignPayloadRequest = CodecType<typeof SignPayloadRequestCodec>;
+export declare const SignPayloadRequestCodec: import("scale-ts").Codec<{
+    address: string;
+    blockHash: `0x${string}`;
+    blockNumber: `0x${string}`;
+    era: `0x${string}`;
+    genesisHash: `0x${string}`;
+    method: string;
+    nonce: `0x${string}`;
+    specVersion: `0x${string}`;
+    tip: `0x${string}`;
+    transactionVersion: `0x${string}`;
+    signedExtensions: string[];
+    version: number;
+    assetId: `0x${string}` | undefined;
+    mode: number | undefined;
+    withSignedTransaction: boolean | undefined;
+}>;

package/dist/sso/sessionManager/scale/signPayloadRequest.js

@@ -0,0 +1,19 @@
+import { Option, Struct, Vector, bool, str, u32 } from 'scale-ts';
+import { hexCodec } from './hex.js';
+export const SignPayloadRequestCodec = Struct({
+    address: str,
+    blockHash: hexCodec,
+    blockNumber: hexCodec,
+    era: hexCodec,
+    genesisHash: hexCodec,
+    method: str,
+    nonce: hexCodec,
+    specVersion: hexCodec,
+    tip: hexCodec,
+    transactionVersion: hexCodec,
+    signedExtensions: Vector(str),
+    version: u32,
+    assetId: Option(hexCodec),
+    mode: Option(u32),
+    withSignedTransaction: Option(bool),
+});

package/dist/sso/sessionManager/scale/signPayloadResponse.d.ts

@@ -0,0 +1,12 @@
+import type { CodecType } from 'scale-ts';
+export type SignPayloadResponse = CodecType<typeof SignPayloadResponseCodec>;
+export declare const SignPayloadResponseCodec: import("scale-ts").Codec<{
+    respondingTo: string;
+    payload: {
+        tag: "signature";
+        value: Uint8Array<ArrayBufferLike>;
+    } | {
+        tag: "signedTransaction";
+        value: Uint8Array<ArrayBufferLike>;
+    };
+}>;

package/dist/sso/sessionManager/scale/signPayloadResponse.js

@@ -0,0 +1,9 @@
+import { Bytes, Enum, Struct, str } from 'scale-ts';
+export const SignPayloadResponseCodec = Struct({
+    // referencing to RemoteMessage.messageId
+    respondingTo: str,
+    payload: Enum({
+        signature: Bytes(),
+        signedTransaction: Bytes(),
+    }),
+});

package/dist/sso/sessionManager/scale/signRequest.d.ts

@@ -0,0 +1,19 @@
+import type { CodecType } from 'scale-ts';
+export type SignRequest = CodecType<typeof SignRequestCodec>;
+export declare const SignRequestCodec: import("scale-ts").Codec<{
+    address: string;
+    blockHash: `0x${string}`;
+    blockNumber: `0x${string}`;
+    era: `0x${string}`;
+    genesisHash: `0x${string}`;
+    method: string;
+    nonce: `0x${string}`;
+    specVersion: `0x${string}`;
+    tip: `0x${string}`;
+    transactionVersion: `0x${string}`;
+    signedExtensions: string[];
+    version: number;
+    assetId: `0x${string}` | undefined;
+    mode: number | undefined;
+    withSignedTransaction: boolean | undefined;
+}>;

package/dist/sso/sessionManager/scale/signRequest.js

@@ -0,0 +1,19 @@
+import { Option, Struct, Vector, bool, str, u32 } from 'scale-ts';
+import { hexCodec } from './hex.js';
+export const SignRequestCodec = Struct({
+    address: str,
+    blockHash: hexCodec,
+    blockNumber: hexCodec,
+    era: hexCodec,
+    genesisHash: hexCodec,
+    method: str,
+    nonce: hexCodec,
+    specVersion: hexCodec,
+    tip: hexCodec,
+    transactionVersion: hexCodec,
+    signedExtensions: Vector(str),
+    version: u32,
+    assetId: Option(hexCodec),
+    mode: Option(u32),
+    withSignedTransaction: Option(bool),
+});

package/dist/sso/sessionManager/scale/signResponse.d.ts

@@ -0,0 +1,6 @@
+import type { CodecType } from 'scale-ts';
+export type SignResponse = CodecType<typeof SignResponseCodec>;
+export declare const SignResponseCodec: import("scale-ts").Codec<{
+    signature: Uint8Array<ArrayBufferLike>;
+    SignedTransaction: Uint8Array<ArrayBufferLike>;
+}>;

package/dist/sso/sessionManager/scale/signResponse.js

@@ -0,0 +1,5 @@
+import { Bytes, Struct } from 'scale-ts';
+export const SignResponseCodec = Struct({
+    signature: Bytes(),
+    SignedTransaction: Bytes(),
+});

package/dist/sso/sessionManager/ssoSession.d.ts

@@ -0,0 +1,23 @@
+import type { Encryption, StatementProver, StatementStoreAdapter } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import { ResultAsync } from 'neverthrow';
+import type { CodecType } from 'scale-ts';
+import type { Callback } from '../../types.js';
+import type { UserSession } from '../ssoSessionRepository.js';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export type SsoSession = ReturnType<typeof createSsoSession>;
+export declare function createSsoSession({ userSession, statementStore, encryption, storage, prover, }: {
+    userSession: UserSession;
+    statementStore: StatementStoreAdapter;
+    encryption: Encryption;
+    storage: StorageAdapter;
+    prover: StatementProver;
+}): {
+    request(message: CodecType<typeof RemoteMessageDataCodec>): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    sendDisconnectMessage(): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    subscribe(callback: Callback<CodecType<typeof RemoteMessageCodec>, ResultAsync<boolean, Error>>): VoidFunction;
+};

package/dist/sso/sessionManager/ssoSession.js

@@ -0,0 +1,69 @@
+import { createSession } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { nanoid } from 'nanoid';
+import { ResultAsync, okAsync } from 'neverthrow';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export function createSsoSession({ userSession, statementStore, encryption, storage, prover, }) {
+    const session = createSession({
+        localAccount: userSession.local,
+        remoteAccount: userSession.remote,
+        statementStore,
+        encryption,
+        prover,
+    });
+    const processedMessages = fieldListView({
+        storage,
+        key: `sso_processed_${userSession.id}`,
+        from: JSON.parse,
+        to: JSON.stringify,
+        initial: [],
+    });
+    return {
+        request(message) {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: message,
+            });
+        },
+        sendDisconnectMessage() {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: {
+                    tag: 'v1',
+                    value: {
+                        tag: 'Disconnected',
+                        value: undefined,
+                    },
+                },
+            });
+        },
+        subscribe(callback) {
+            return session.subscribe(RemoteMessageCodec, messages => {
+                processedMessages.read().andThen(processed => {
+                    const results = messages.map(message => {
+                        if (message.type === 'request') {
+                            const isMessageProcessed = processed.includes(message.data.messageId);
+                            if (isMessageProcessed) {
+                                return okAsync({ processed: false });
+                            }
+                            return callback(message.data)
+                                .orTee(error => {
+                                console.error('Error while processing sso messsage:', error);
+                            })
+                                .orElse(() => okAsync(false))
+                                .map(processed => (processed ? { processed, message: message.data } : { processed }));
+                        }
+                        return okAsync({ processed: false });
+                    });
+                    return ResultAsync.combine(results).andThen(results => {
+                        const newMessages = results.filter(x => x.processed).map(x => x.message.messageId);
+                        if (newMessages.length > 0) {
+                            return processedMessages.mutate(x => x.concat(newMessages));
+                        }
+                        return okAsync();
+                    });
+                });
+            });
+        },
+    };
+}

package/dist/sso/sessionManager/ssoSessionProver.d.ts

@@ -0,0 +1,4 @@
+import type { StatementProver } from '@novasamatech/statement-store';
+import type { UserSession } from '../ssoSessionRepository.js';
+import type { UserSecretRepository } from '../userSecretRepository.js';
+export declare function createSsoStatementProver(userSession: UserSession, userSecretRepository: UserSecretRepository): StatementProver;

package/dist/sso/sessionManager/ssoSessionProver.js

@@ -0,0 +1,35 @@
+import { getStatementSigner, statementCodec } from '@polkadot-api/sdk-statement';
+import { err, errAsync, fromThrowable, ok, okAsync } from 'neverthrow';
+import { compact } from 'scale-ts';
+import { toError } from '../../helpers/utils.js';
+import { getSsPub, signWithSsSecret, verifyWithSsSecret } from '../../modules/crypto.js';
+const verify = fromThrowable(verifyWithSsSecret, toError);
+export function createSsoStatementProver(userSession, userSecretRepository) {
+    const secret = userSecretRepository
+        .read(userSession.id)
+        .andThen(secrets => (secrets ? ok(secrets) : err(new Error(`Secrets for session ${userSession.id} not found.`))))
+        .map(x => x.ssSecret);
+    return {
+        generateMessageProof(statement) {
+            return secret.map(secret => {
+                const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => signWithSsSecret(secret, data));
+                return signer.sign(statement);
+            });
+        },
+        verifyMessageProof(statement) {
+            const { proof, ...unsigned } = statement;
+            if (!proof) {
+                // TODO should we pass check when proof is not presented?
+                return okAsync(true);
+            }
+            const encoded = statementCodec.enc(unsigned);
+            const compactLen = compact.enc(compact.dec(encoded)).length;
+            switch (proof.type) {
+                case 'sr25519':
+                    return verify(encoded.slice(compactLen), proof.value.signature.asBytes(), proof.value.signer.asBytes()).asyncAndThen(x => okAsync(x));
+                default:
+                    return errAsync(new Error(`Proof type ${proof.type} is not supported.`));
+            }
+        },
+    };
+}

package/dist/sso/sessionManager/types.d.ts

@@ -0,0 +1,6 @@
+import type { EncrSecret, SharedSecret, SsSecret } from '../../crypto.js';
+export type UserSecrets = {
+    sharedSecret: SharedSecret;
+    encr: EncrSecret;
+    ss: SsSecret;
+};

package/dist/sso/sessionManager/types.js

@@ -0,0 +1 @@
+export {};

package/dist/sso/sessionManager/userSession.d.ts

@@ -0,0 +1,22 @@
+import type { Encryption, StatementProver, StatementStoreAdapter } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import { ResultAsync } from 'neverthrow';
+import type { CodecType } from 'scale-ts';
+import type { Callback } from '../../types.js';
+import type { StoredUserSession } from '../userSessionRepository.js';
+import { RemoteMessageCodec } from './scale/remoteMessage.js';
+import type { SignPayloadRequest } from './scale/signPayloadRequest.js';
+import type { SignPayloadResponse } from './scale/signPayloadResponse.js';
+export type UserSession = StoredUserSession & {
+    sendDisconnectMessage(): ResultAsync<void, Error>;
+    signPayload(payload: SignPayloadRequest): ResultAsync<SignPayloadResponse, Error>;
+    subscribe(callback: Callback<CodecType<typeof RemoteMessageCodec>, ResultAsync<boolean, Error>>): VoidFunction;
+    dispose(): void;
+};
+export declare function createUserSession({ userSession, statementStore, encryption, storage, prover, }: {
+    userSession: StoredUserSession;
+    statementStore: StatementStoreAdapter;
+    encryption: Encryption;
+    storage: StorageAdapter;
+    prover: StatementProver;
+}): UserSession;

package/dist/sso/sessionManager/userSession.js

@@ -0,0 +1,106 @@
+import { createSession } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { AccountId } from '@polkadot-api/substrate-bindings';
+import { toHex } from '@polkadot-api/utils';
+import { nanoid } from 'nanoid';
+import { ResultAsync, err, errAsync, ok, okAsync } from 'neverthrow';
+import { RemoteMessageCodec } from './scale/remoteMessage.js';
+export function createUserSession({ userSession, statementStore, encryption, storage, prover, }) {
+    const session = createSession({
+        localAccount: userSession.localAccount,
+        remoteAccount: userSession.remoteAccount,
+        statementStore,
+        encryption,
+        prover,
+    });
+    const processedMessages = fieldListView({
+        storage,
+        key: `sso_processed_${userSession.id}`,
+        from: JSON.parse,
+        to: JSON.stringify,
+    });
+    return {
+        id: userSession.id,
+        localAccount: userSession.localAccount,
+        remoteAccount: userSession.remoteAccount,
+        signPayload(payload) {
+            const accountId = AccountId();
+            if (toHex(accountId.enc(payload.address)) !== toHex(userSession.remoteAccount.accountId)) {
+                return errAsync(new Error(`Invalid address, got ${payload.address}`));
+            }
+            const messageId = nanoid();
+            const request = session.request(RemoteMessageCodec, {
+                messageId,
+                data: {
+                    tag: 'v1',
+                    value: {
+                        tag: 'SignRequest',
+                        value: payload,
+                    },
+                },
+            });
+            return request
+                .andThen(() => session.waitForRequestMessage(RemoteMessageCodec, message => message.messageId === messageId))
+                .andThen(message => {
+                const { data } = message.payload;
+                switch (data.tag) {
+                    case 'v1': {
+                        switch (data.value.tag) {
+                            case 'SignResponse':
+                                return ok(data.value.value);
+                            default:
+                                return err(new Error(`Incorrect sign response: ${data.value.tag}`));
+                        }
+                    }
+                    default:
+                        return err(new Error(`Unsupported message version ${data.tag}`));
+                }
+            });
+        },
+        sendDisconnectMessage() {
+            return session
+                .submitRequestMessage(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: {
+                    tag: 'v1',
+                    value: {
+                        tag: 'Disconnected',
+                        value: undefined,
+                    },
+                },
+            })
+                .map(() => undefined);
+        },
+        subscribe(callback) {
+            return session.subscribe(RemoteMessageCodec, messages => {
+                processedMessages.read().andThen(processed => {
+                    const results = messages.map(message => {
+                        if (message.type === 'request') {
+                            const isMessageProcessed = processed.includes(message.payload.messageId);
+                            if (isMessageProcessed) {
+                                return okAsync({ processed: false });
+                            }
+                            return callback(message.payload)
+                                .orTee(error => {
+                                console.error('Error while processing sso messsage:', error);
+                            })
+                                .orElse(() => okAsync(false))
+                                .map(processed => (processed ? { processed, message: message.payload } : { processed }));
+                        }
+                        return okAsync({ processed: false });
+                    });
+                    return ResultAsync.combine(results).andThen(results => {
+                        const newMessages = results.filter(x => x.processed).map(x => x.message.messageId);
+                        if (newMessages.length > 0) {
+                            return processedMessages.mutate(x => x.concat(newMessages));
+                        }
+                        return okAsync();
+                    });
+                });
+            });
+        },
+        dispose() {
+            return session.dispose();
+        },
+    };
+}

package/dist/sso/ssoSessionProver.d.ts

@@ -0,0 +1,4 @@
+import type { StatementProver } from '@novasamatech/statement-store';
+import type { UserSecretRepository } from './userSecretRepository.js';
+import type { StoredUserSession } from './userSessionRepository.js';
+export declare function createSsoStatementProver(userSession: StoredUserSession, userSecretRepository: UserSecretRepository): StatementProver;

package/dist/sso/ssoSessionProver.js

@@ -0,0 +1,35 @@
+import { getStatementSigner, statementCodec } from '@polkadot-api/sdk-statement';
+import { err, errAsync, fromThrowable, ok, okAsync } from 'neverthrow';
+import { compact } from 'scale-ts';
+import { getSsPub, signWithSsSecret, verifyWithSsSecret } from '../crypto.js';
+import { toError } from '../helpers/utils.js';
+const verify = fromThrowable(verifyWithSsSecret, toError);
+export function createSsoStatementProver(userSession, userSecretRepository) {
+    const secret = userSecretRepository
+        .read(userSession.id)
+        .andThen(secrets => (secrets ? ok(secrets) : err(new Error(`Secrets for session ${userSession.id} not found.`))))
+        .map(x => x.ssSecret);
+    return {
+        generateMessageProof(statement) {
+            return secret.map(secret => {
+                const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => signWithSsSecret(secret, data));
+                return signer.sign(statement);
+            });
+        },
+        verifyMessageProof(statement) {
+            const { proof, ...unsigned } = statement;
+            if (!proof) {
+                // TODO should we pass check when proof is not presented?
+                return okAsync(true);
+            }
+            const encoded = statementCodec.enc(unsigned);
+            const compactLen = compact.enc(compact.dec(encoded)).length;
+            switch (proof.type) {
+                case 'sr25519':
+                    return verify(encoded.slice(compactLen), proof.value.signature.asBytes(), proof.value.signer.asBytes()).asyncAndThen(x => okAsync(x));
+                default:
+                    return errAsync(new Error(`Proof type ${proof.type} is not supported.`));
+            }
+        },
+    };
+}

package/dist/sso/ssoSessionRepository.d.ts

@@ -0,0 +1,18 @@
+import type { LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+export type SsoSessionRepository = ReturnType<typeof createSsoSessionRepository>;
+export type UserSession = {
+    id: string;
+    local: LocalSessionAccount;
+    remote: RemoteSessionAccount;
+};
+export declare function createUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount): UserSession;
+export declare const createSsoSessionRepository: (storage: StorageAdapter) => {
+    add(value: UserSession): import("neverthrow").ResultAsync<UserSession, Error>;
+    filter(fn: (value: UserSession) => boolean): import("neverthrow").ResultAsync<UserSession[], Error>;
+    mutate(fn: (value: UserSession[]) => UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error>;
+    read(): import("neverthrow").ResultAsync<UserSession[], Error>;
+    write(value: UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error> | import("neverthrow").ResultAsync<null, Error>;
+    clear(): import("neverthrow").ResultAsync<void, Error>;
+    subscribe(fn: (value: UserSession[]) => void): VoidFunction;
+};