@novasamatech/host-papp 0.5.0-1 → 0.5.0-11

package/dist/components/session.d.ts

@@ -0,0 +1,34 @@
+import type { CodecType } from 'scale-ts';
+import type { StorageAdapter } from '../adapters/storage/types.js';
+import type { Account } from '../modules/statementStore.js';
+import type { Transport } from '../modules/transport/transport.js';
+import type { Callback } from '../types.js';
+export type Session<T> = {
+    subscribe(callback: Callback<T>): VoidFunction;
+    dispose(): void;
+};
+export declare const HostRemoteMessageCodec: import("scale-ts").Codec<{
+    messageId: string;
+    data: {
+        tag: "v1";
+        value: {
+            tag: "Disconnected";
+            value: undefined;
+        } | {
+            tag: "SigningRequest";
+            value: Uint8Array<ArrayBufferLike>;
+        } | {
+            tag: "SigningResponse";
+            value: Uint8Array<ArrayBufferLike>;
+        };
+    };
+}>;
+export type SSOSession = Session<CodecType<typeof HostRemoteMessageCodec>>;
+type SsoSessionParams = {
+    ownAccount: Account;
+    peerAccount: Account;
+    transport: Transport;
+    storage: StorageAdapter;
+};
+export declare function createSSOSession({ ownAccount, peerAccount, transport, storage }: SsoSessionParams): SSOSession;
+export {};

package/dist/components/session.js

@@ -0,0 +1,54 @@
+import { fromThrowable, okAsync } from 'neverthrow';
+import { toHex } from 'polkadot-api/utils';
+import { Bytes, Enum, Struct, _void, str } from 'scale-ts';
+import { toError } from '../helpers/utils.js';
+import { createSessionId } from '../modules/statementStore.js';
+import { storageListView } from '../modules/storageView.js';
+// SSO
+export const HostRemoteMessageCodec = Struct({
+    messageId: str,
+    data: Enum({
+        v1: Enum({
+            Disconnected: _void,
+            // TODO implement
+            SigningRequest: Bytes(),
+            // TODO implement
+            SigningResponse: Bytes(),
+        }),
+    }),
+});
+export function createSSOSession({ ownAccount, peerAccount, transport, storage }) {
+    const peerSession = createSessionId(peerAccount, ownAccount);
+    const processedStorage = storageListView({
+        key: `Session_Processed_${toHex(peerSession)}`,
+        storage,
+        initial: [],
+        from: JSON.parse,
+        to: JSON.stringify,
+    });
+    let subscriptions = [];
+    return {
+        subscribe(callback) {
+            const fn = fromThrowable(callback, toError);
+            const unsub = transport.handleRequest(ownAccount, peerAccount, HostRemoteMessageCodec, async (message) => {
+                processedStorage.read().andThen(processed => {
+                    if (processed.includes(message.requestId)) {
+                        return okAsync();
+                    }
+                    return fn(message.data).asyncAndThen(() => processedStorage.mutate(p => p.concat(message.requestId)));
+                });
+            });
+            subscriptions.push(unsub);
+            return () => {
+                unsub();
+                subscriptions = subscriptions.filter(x => x !== unsub);
+            };
+        },
+        dispose() {
+            for (const unsub of subscriptions) {
+                unsub();
+            }
+            subscriptions = [];
+        },
+    };
+}

package/dist/components/sso/index.d.ts

@@ -0,0 +1,36 @@
+import type { Transport } from '@novasamatech/statement-store';
+import type { ResultAsync } from 'neverthrow';
+import type { UserSession, UserSessionStorage } from '../user/userSessionStorage.js';
+import type { AuthentificationStatus } from './types.js';
+export type AuthComponent = ReturnType<typeof createAuthComponent>;
+type Params = {
+    /**
+     * Host app Id.
+     * CAUTION! This value should be stable.
+     */
+    appId: string;
+    /**
+     * URL for additional metadata that will be displayed during pairing process.
+     * Content of provided json shound be
+     * ```ts
+     * interface Metadata {
+     *   name: string;
+     *   icon: string; // url for icon. Icon should be a rasterized image with min size 256x256 px.
+     * }
+     * ```
+     */
+    metadata: string;
+    transport: Transport;
+    userSessionStorage: UserSessionStorage;
+};
+export declare function createAuthComponent({ appId, metadata, transport, userSessionStorage }: Params): {
+    status: {
+        read: () => AuthentificationStatus;
+        subscribe: (fn: (value: AuthentificationStatus) => void) => () => void;
+        onFirstSubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
+        onLastUnsubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
+    };
+    authenticate(): ResultAsync<UserSession | null, Error>;
+    abortAuthentication(): void;
+};
+export {};

package/dist/components/sso/index.js

@@ -0,0 +1,150 @@
+import { createAccountId, createLocalSessionAccount } from '@novasamatech/statement-store';
+import { toHex } from '@polkadot-api/utils';
+import { err, errAsync, fromPromise, fromThrowable, ok } from 'neverthrow';
+import { AbortError } from '../../helpers/abortError.js';
+import { toError } from '../../helpers/utils.js';
+import { ENCR_SECRET_SEED_SIZE, SS_SECRET_SEED_SIZE, createEncrSecret, createRandomSeed, createSharedSecret, createSsHardDerivation, createSsSecret, decrypt, getEncrPub, getSsPub, khash, mergeBytes, stringToBytes, } from '../../modules/crypto.js';
+import { createState, readonly } from '../../modules/state.js';
+import { createUserSession } from '../../modules/statementStore.js';
+import { HandshakeData, HandshakeResponsePayload, HandshakeResponseSensitiveData } from './scale/handshake.js';
+export function createAuthComponent({ appId, metadata, transport, userSessionStorage }) {
+    const authStatus = createState({ step: 'none' });
+    let authResults = null;
+    let abort = null;
+    function handshake(signal) {
+        try {
+            authStatus.write({ step: 'initial' });
+            const { encrSecret, encrPublicKey, ssPublicKey } = getSecretKeys(appId);
+            const localAccount = createLocalSessionAccount(createAccountId(ssPublicKey));
+            const handshakePayload = createHandshakePayloadV1({ ssPublicKey, encrPublicKey, metadata }).andTee(payload => authStatus.write({ step: 'pairing', payload: createDeeplink(payload) }));
+            const handshakeTopic = createHandshakeTopic(localAccount, encrPublicKey);
+            const pappResponse = handshakePayload
+                .andThen(() => handshakeTopic)
+                .asyncAndThen(topic => waitForStatements(callback => transport.subscribeSession(topic, callback), signal, (statements, resolve) => {
+                for (const statement of [...statements].reverse()) {
+                    if (!statement.data)
+                        continue;
+                    const session = retrieveSession({
+                        hostAccount: localAccount,
+                        encrSecret,
+                        payload: statement.data.asBytes(),
+                    });
+                    resolve(session);
+                    break;
+                }
+            }));
+            const userCreated = pappResponse.andThen(userSessionStorage.add);
+            return userCreated
+                .orElse(e => (AbortError.isAbortError(e) ? ok(null) : err(toError(e))))
+                .andTee(session => {
+                if (session) {
+                    authStatus.write({ step: 'finished', session });
+                }
+                else {
+                    authStatus.write({ step: 'none' });
+                }
+            })
+                .orTee(e => authStatus.write({ step: 'error', message: e.message }));
+        }
+        catch (e) {
+            return errAsync(toError(e));
+        }
+    }
+    const authModule = {
+        status: readonly(authStatus),
+        authenticate() {
+            if (authResults) {
+                return authResults;
+            }
+            abort = new AbortController();
+            authResults = handshake(abort.signal);
+            return authResults;
+        },
+        abortAuthentication() {
+            if (abort) {
+                authResults = null;
+                authStatus.reset();
+                abort.abort(new AbortError('Aborted by user.'));
+            }
+        },
+    };
+    return authModule;
+}
+const createHandshakeTopic = fromThrowable((account, encrPublicKey) => khash(account.accountId, mergeBytes(encrPublicKey, stringToBytes('topic'))), toError);
+const createHandshakePayloadV1 = fromThrowable(({ encrPublicKey, ssPublicKey, metadata, }) => HandshakeData.enc({
+    tag: 'V1',
+    value: [ssPublicKey, encrPublicKey, metadata],
+}), toError);
+function parseHandshakePayload(payload) {
+    const decoded = HandshakeResponsePayload.dec(payload);
+    switch (decoded.tag) {
+        case 'V1':
+            return {
+                encrypted: decoded.value[0],
+                tmpKey: decoded.value[1],
+            };
+        default:
+            throw new Error('Unsupported handshake payload version');
+    }
+}
+function retrieveSession({ payload, encrSecret, hostAccount, }) {
+    const { encrypted, tmpKey } = parseHandshakePayload(payload);
+    const symmetricKey = createSharedSecret(encrSecret, tmpKey);
+    const decrypted = decrypt(symmetricKey, encrypted);
+    const [pappEncrPublicKey, pappAccountId] = HandshakeResponseSensitiveData.dec(decrypted);
+    const sharedSecret = createSharedSecret(encrSecret, pappEncrPublicKey);
+    const peerAccount = createAccount(pappAccountId, sharedSecret);
+    return createUserSession(hostAccount, peerAccount);
+}
+function getSsKeys(appId) {
+    const seed = createRandomSeed(appId, SS_SECRET_SEED_SIZE);
+    const ssSecret = createSsHardDerivation(createSsSecret(seed), '//wallet');
+    return {
+        ssSecret: ssSecret,
+        ssPublicKey: getSsPub(ssSecret),
+    };
+}
+function getEncrKeys(appId) {
+    const seed = createRandomSeed(appId, ENCR_SECRET_SEED_SIZE);
+    const encrSecret = createEncrSecret(seed);
+    return {
+        encrSecret,
+        encrPublicKey: getEncrPub(encrSecret),
+    };
+}
+function getSecretKeys(appId) {
+    const ss = getSsKeys(appId);
+    const encr = getEncrKeys(appId);
+    return {
+        ...ss,
+        ...encr,
+    };
+}
+function createDeeplink(payload) {
+    return `polkadotapp://pair?handshake=${toHex(payload)}`;
+}
+function waitForStatements(subscribe, abortSignal, callback) {
+    return fromPromise(new Promise((resolve, reject) => {
+        const unsubscribe = subscribe(statements => {
+            if (abortSignal?.aborted) {
+                unsubscribe();
+                try {
+                    abortSignal.throwIfAborted();
+                }
+                catch (e) {
+                    reject(e);
+                }
+            }
+            try {
+                callback(statements, value => {
+                    unsubscribe();
+                    resolve(value);
+                });
+            }
+            catch (e) {
+                unsubscribe();
+                reject(e);
+            }
+        });
+    }), toError);
+}

package/dist/components/sso/scale/handshake.d.ts

@@ -0,0 +1,9 @@
+export declare const HandshakeData: import("scale-ts").Codec<{
+    tag: "V1";
+    value: [import("../../../modules/crypto.js").SsPublicKey, import("../../../modules/crypto.js").EncrPublicKey, string];
+}>;
+export declare const HandshakeResponsePayload: import("scale-ts").Codec<{
+    tag: "V1";
+    value: [Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>];
+}>;
+export declare const HandshakeResponseSensitiveData: import("scale-ts").Codec<[Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>]>;

package/dist/components/sso/scale/handshake.js

@@ -0,0 +1,10 @@
+import { Bytes, Enum, Tuple, str } from 'scale-ts';
+import { EncrPubKey, SsPubKey } from '../../../modules/crypto.js';
+export const HandshakeData = Enum({
+    V1: Tuple(SsPubKey, EncrPubKey, str),
+});
+export const HandshakeResponsePayload = Enum({
+    // [encrypted, tmp_key]
+    V1: Tuple(Bytes(), Bytes(65)),
+});
+export const HandshakeResponseSensitiveData = Tuple(Bytes(65), Bytes(32));

package/dist/components/sso/types.d.ts

@@ -0,0 +1,15 @@
+import type { UserSession } from '../user/userSessionStorage.js';
+export type AuthentificationStatus = {
+    step: 'none';
+} | {
+    step: 'initial';
+} | {
+    step: 'pairing';
+    payload: string;
+} | {
+    step: 'error';
+    message: string;
+} | {
+    step: 'finished';
+    session: UserSession;
+};

package/dist/components/sso/types.js

@@ -0,0 +1 @@
+export {};

package/dist/components/transport.d.ts

@@ -0,0 +1,27 @@
+import type { Statement } from '@polkadot-api/sdk-statement';
+import type { Codec } from 'scale-ts';
+import type { StatementAdapter } from '../adapters/statement/types.js';
+import type { Account } from '../modules/statementStore.js';
+import type { TransportError } from '../structs.js';
+import type { Callback } from '../types.js';
+export type Transport = ReturnType<typeof createTransport>;
+type RequestMessage<T> = {
+    type: 'request';
+    requestId: string;
+    data: T;
+};
+type ResponseMessage = {
+    type: 'response';
+    requestId: string;
+    code: TransportError;
+};
+type Message<T> = RequestMessage<T> | ResponseMessage;
+type Params = {
+    adapter: StatementAdapter;
+};
+export declare function createTransport({ adapter }: Params): {
+    subscribe<T>(ownAccount: Account, peerAccount: Account, codec: Codec<T>, callback: Callback<Message<T>[]>): VoidFunction;
+    subscribeSession(sessionId: Uint8Array, callback: Callback<Statement[]>): VoidFunction;
+    handleRequest<T>(ownAccount: Account, peerAccount: Account, codec: Codec<T>, callback: Callback<RequestMessage<T>>): VoidFunction;
+};
+export {};

package/dist/components/transport.js

@@ -0,0 +1,57 @@
+import { fromThrowable, ok } from 'neverthrow';
+import { seq } from '../helpers/result.js';
+import { nonNullable, toError } from '../helpers/utils.js';
+import { decrypt } from '../modules/crypto.js';
+import { createSessionId } from '../modules/statementStore.js';
+import { StatementData } from '../structs.js';
+const decryptResults = fromThrowable(decrypt, toError);
+export function createTransport({ adapter }) {
+    function mapMessage(statementData) {
+        switch (statementData.tag) {
+            case 'request':
+                return statementData.value.data.map((data, index) => ({
+                    type: 'request',
+                    requestId: `${statementData.value.requestId}-${index.toString()}`,
+                    data,
+                }));
+            case 'response':
+                return [
+                    {
+                        type: 'response',
+                        requestId: statementData.value.requestId,
+                        code: statementData.value.responseCode,
+                    },
+                ];
+        }
+    }
+    const transport = {
+        subscribe(ownAccount, peerAccount, codec, callback) {
+            const sessionId = createSessionId(peerAccount, ownAccount);
+            const statementDataCodec = StatementData(codec);
+            return adapter.subscribeStatements([sessionId], statements => {
+                seq(...statements.map(statement => {
+                    if (!statement.data)
+                        return ok(null);
+                    return decryptResults(peerAccount.publicKey, statement.data.asBytes())
+                        .map(statementDataCodec.dec)
+                        .orElse(() => ok(null));
+                }))
+                    .map(messages => messages.filter(nonNullable).flatMap(mapMessage))
+                    .andTee(messages => {
+                    if (messages.length > 0) {
+                        callback(messages);
+                    }
+                });
+            });
+        },
+        subscribeSession(sessionId, callback) {
+            return adapter.subscribeStatements([sessionId], callback);
+        },
+        handleRequest(ownAccount, peerAccount, codec, callback) {
+            return transport.subscribe(ownAccount, peerAccount, codec, messages => {
+                messages.filter(m => m.type === 'request').forEach(callback);
+            });
+        },
+    };
+    return transport;
+}

package/dist/components/user/codec.d.ts

@@ -0,0 +1,16 @@
+export declare const HostRemoteMessageCodec: import("scale-ts").Codec<{
+    messageId: string;
+    data: {
+        tag: "v1";
+        value: {
+            tag: "Disconnected";
+            value: undefined;
+        } | {
+            tag: "SigningRequest";
+            value: Uint8Array<ArrayBufferLike>;
+        } | {
+            tag: "SigningResponse";
+            value: Uint8Array<ArrayBufferLike>;
+        };
+    };
+}>;

package/dist/components/user/codec.js

@@ -0,0 +1,13 @@
+import { Bytes, Enum, Struct, _void, str } from 'scale-ts';
+export const HostRemoteMessageCodec = Struct({
+    messageId: str,
+    data: Enum({
+        v1: Enum({
+            Disconnected: _void,
+            // TODO implement
+            SigningRequest: Bytes(),
+            // TODO implement
+            SigningResponse: Bytes(),
+        }),
+    }),
+});

package/dist/components/user/index.d.ts

@@ -0,0 +1,22 @@
+import type { StorageAdapter } from '../../adapters/storage/types.js';
+import type { Transport } from '../../modules/transport/transport.js';
+import type { UserSession, UserSessionStorage } from './userSessionStorage.js';
+export type UserSessionsComponent = ReturnType<typeof createUserSessionsComponent>;
+type Params = {
+    transport: Transport;
+    storage: StorageAdapter;
+    userSessionStorage: UserSessionStorage;
+};
+export declare function createUserSessionsComponent({ userSessionStorage, storage, transport }: Params): {
+    sessions: {
+        add(value: UserSession): import("neverthrow").ResultAsync<UserSession, Error>;
+        mutate(fn: (value: UserSession[]) => UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error>;
+        read(): any;
+        write(value: UserSession[]): any;
+        clear(): any;
+        subscribe(fn: (value: UserSession[]) => void): () => void;
+    };
+    disconnect: (session: UserSession) => import("neverthrow").ResultAsync<undefined, Error>;
+    destroy(): void;
+};
+export {};

package/dist/components/user/index.js

@@ -0,0 +1,58 @@
+import { okAsync } from 'neverthrow';
+import { createSSOSession } from './ssoSession.js';
+export function createUserSessionsComponent({ userSessionStorage, storage, transport }) {
+    let unsubStatements = null;
+    const disconnect = (session) => {
+        return userSessionStorage.mutate(sessions => sessions.filter(s => s.id !== session.id)).map(() => undefined);
+    };
+    const unsubSessions = userSessionStorage.subscribe(userSessions => {
+        if (unsubStatements) {
+            unsubStatements();
+            unsubStatements = null;
+        }
+        const ssoSessions = [];
+        for (const userSession of userSessions) {
+            const session = createSSOSession({
+                ownAccount: userSession.host,
+                peerAccount: userSession.peer,
+                storage,
+                transport,
+            });
+            session.subscribe(message => {
+                switch (message.data.tag) {
+                    case 'v1': {
+                        switch (message.data.value.tag) {
+                            case 'Disconnected':
+                                return disconnect(userSession).map(() => true);
+                        }
+                    }
+                }
+                return okAsync(false);
+            });
+            ssoSessions.push(session);
+        }
+        unsubStatements = () => {
+            for (const session of ssoSessions) {
+                session.dispose();
+            }
+        };
+    });
+    return {
+        sessions: userSessionStorage,
+        disconnect,
+        destroy() {
+            unsubSessions();
+        },
+    };
+}
+// function createDisconnectMessage(ssSecret: SsSecret, topic: Uint8Array) {
+//   const statement = createStatement(ssSecret, {
+//     priority: 0,
+//     channel: createRequestChannel(topic),
+//     topics: [topic],
+//     data: SSOMessage.enc({
+//       tag: 'Disconnected',
+//       value: undefined,
+//     }),
+//   });
+// }

package/dist/components/user/ssoMessageStream.d.ts

@@ -0,0 +1,10 @@
+export declare const SSOMessage: import("scale-ts").Codec<{
+    tag: "Disconnected";
+    value: undefined;
+} | {
+    tag: "SigningRequest";
+    value: Uint8Array<ArrayBufferLike>;
+} | {
+    tag: "SigningResponse";
+    value: Uint8Array<ArrayBufferLike>;
+}>;

package/dist/components/user/ssoMessageStream.js

@@ -0,0 +1,8 @@
+import { Bytes, Enum, _void } from 'scale-ts';
+export const SSOMessage = Enum({
+    Disconnected: _void,
+    // TODO implement
+    SigningRequest: Bytes(),
+    // TODO implement
+    SigningResponse: Bytes(),
+});

package/dist/components/user/ssoSession.d.ts

@@ -0,0 +1,5 @@
+import type { SessionParams } from '../../modules/session/session.js';
+import type { Session } from '../../modules/session/types.js';
+import { HostRemoteMessageCodec } from './codec.js';
+export type SsoSession = Session<typeof HostRemoteMessageCodec>;
+export declare function createSSOSession({ ownAccount, peerAccount, transport, storage, }: Omit<SessionParams<any>, 'codec'>): SsoSession;

package/dist/components/user/ssoSession.js

@@ -0,0 +1,5 @@
+import { createSession } from '../../modules/session/session.js';
+import { HostRemoteMessageCodec } from './codec.js';
+export function createSSOSession({ ownAccount, peerAccount, transport, storage, }) {
+    return createSession({ ownAccount, peerAccount, transport, storage, codec: HostRemoteMessageCodec });
+}

package/dist/components/user/storage.d.ts

@@ -0,0 +1,27 @@
+import type { ResultAsync } from 'neverthrow';
+import type { StorageAdapter } from '../../adapters/storage/types.js';
+import type { Callback } from '../../types.js';
+import type { UserSecrets, UserSession } from './types.js';
+export type UserStorage = ReturnType<typeof createUserStorage>;
+type Params = {
+    appId: string;
+    storage: StorageAdapter;
+};
+export declare const createUserStorage: ({ appId, storage }: Params) => {
+    sessions: {
+        read(accountId: string): ResultAsync<UserSession | null, Error>;
+        readSelectedUser(): ResultAsync<UserSession | null, Error>;
+        subscribeSessions(callback: Callback<UserSession[]>): () => void;
+        create(user: UserSession, secrets: UserSecrets): ResultAsync<UserSession, Error>;
+        remove(accountId: string): ResultAsync<void, Error>;
+        readSecrets(accountId: string): ResultAsync<UserSecrets | null, Error>;
+    };
+    accounts: {
+        read(): ResultAsync<string[], Error>;
+        subscribe(callback: (accounts: string[]) => void): () => void;
+        readSelectedUser(): ResultAsync<string | null, Error>;
+        subscribeSelectedAccount(callback: (accountId: string | null) => void): VoidFunction;
+        select(accountId: string): ResultAsync<undefined, Error>;
+    };
+};
+export {};