@novasamatech/host-papp 0.5.0-17 → 0.5.0-18

package/dist/crypto.d.ts

@@ -11,7 +11,7 @@ export declare const SsPubKey: Codec<SsPublicKey>;
 export declare const EncrPubKey: Codec<EncrPublicKey>;
 export declare function stringToBytes(str: string): Uint8Array<ArrayBuffer>;
 export declare function bytesToString(bytes: Uint8Array): string;
-export declare function createSsSecret(mnemonic: string): SsSecret;
+export declare function createSsSecret(entropy: Uint8Array): SsSecret;
 export declare function createSsDerivation(secret: SsSecret, derivation: string): SsSecret;
 export declare function getSsPub(secret: SsSecret): SsPublicKey;
 export declare function signWithSsSecret(secret: SsSecret, message: Uint8Array): Uint8Array<ArrayBufferLike>;
@@ -24,6 +24,6 @@ export type DerivedSr25519Account = {
     verify(message: Uint8Array, signature: Uint8Array): boolean;
 };
 export declare function deriveSr25519Account(mnemonic: string, derivation: string): DerivedSr25519Account;
-export declare function createEncrSecret(mnemonic: string): EncrSecret;
+export declare function createEncrSecret(entropy: Uint8Array): EncrSecret;
 export declare function getEncrPub(secret: EncrSecret): EncrPublicKey;
 export declare function createSharedSecret(secret: EncrSecret, publicKey: Uint8Array): SharedSecret;

package/dist/crypto.js

@@ -1,5 +1,5 @@
 import { p256 } from '@noble/curves/nist.js';
-import { mnemonicToEntropy, mnemonicToMiniSecret } from '@polkadot-labs/hdkd-helpers';
+import { entropyToMiniSecret, mnemonicToEntropy } from '@polkadot-labs/hdkd-helpers';
 import { HDKD as sr25519HDKD, getPublicKey as sr25519GetPublicKey, secretFromSeed as sr25519SecretFromSeed, sign as sr25519Sign, verify as sr25519Verify, } from '@scure/sr25519';
 import { Bytes, str } from 'scale-ts';
 // schemas
@@ -33,8 +33,8 @@ function createChainCode(derivation) {
     return chainCode;
 }
 // statement store key pair
-export function createSsSecret(mnemonic) {
-    const miniSecret = mnemonicToMiniSecret(mnemonic);
+export function createSsSecret(entropy) {
+    const miniSecret = entropyToMiniSecret(entropy);
     return sr25519SecretFromSeed(miniSecret);
 }
 export function createSsDerivation(secret, derivation) {
@@ -59,19 +59,20 @@ export function verifyWithSsSecret(message, signature, publicKey) {
     return sr25519Verify(message, signature, publicKey);
 }
 export function deriveSr25519Account(mnemonic, derivation) {
-    const secret = createSsDerivation(createSsSecret(mnemonic), derivation);
+    const entropy = mnemonicToEntropy(mnemonic);
+    const secret = createSsDerivation(createSsSecret(entropy), derivation);
     const publicKey = getSsPub(secret);
     return {
         secret,
         publicKey,
-        entropy: mnemonicToEntropy(mnemonic),
+        entropy,
         sign: message => signWithSsSecret(secret, message),
         verify: (message, signature) => verifyWithSsSecret(message, signature, publicKey),
     };
 }
 // encryption key pair
-export function createEncrSecret(mnemonic) {
-    const miniSecret = mnemonicToMiniSecret(mnemonic);
+export function createEncrSecret(entropy) {
+    const miniSecret = entropyToMiniSecret(entropy);
     const seed = new Uint8Array(48);
     seed.set(miniSecret);
     const { secretKey } = p256.keygen(seed);

package/dist/helpers/abortError.d.ts

@@ -1,4 +1,3 @@
 export declare class AbortError extends Error {
     constructor(message?: string);
-    static isAbortError(err: unknown): err is AbortError;
 }

package/dist/helpers/abortError.js

@@ -2,7 +2,4 @@ export class AbortError extends Error {
     constructor(message) {
         super(message);
     }
-    static isAbortError(err) {
-        return err instanceof AbortError;
-    }
 }

package/dist/index.d.ts

@@ -1,7 +1,7 @@
 export { SS_STABLE_STAGE_ENDPOINTS, SS_UNSTABLE_STAGE_ENDPOINTS } from './constants.js';
 export type { PappAdapter } from './papp.js';
 export { createPappAdapter } from './papp.js';
-export type { AuthentificationStatus } from './sso/auth/types.js';
+export type { AttestationStatus, PairingStatus } from './sso/auth/types.js';
 export type { UserSession } from './sso/sessionManager/userSession.js';
 export type { Identity } from './identity/types.js';
 export type { SignPayloadRequest } from './sso/sessionManager/scale/signPayloadRequest.js';

package/dist/papp.js

@@ -1,7 +1,7 @@
 import { createLazyClient, createPapiStatementStoreAdapter } from '@novasamatech/statement-store';
 import { createLocalStorageAdapter } from '@novasamatech/storage-adapter';
 import { getWsProvider } from '@polkadot-api/ws-provider';
-import { SS_UNSTABLE_STAGE_ENDPOINTS } from './constants.js';
+import { SS_STABLE_STAGE_ENDPOINTS } from './constants.js';
 import { createIdentityRepository } from './identity/impl.js';
 import { createIdentityRpcAdapter } from './identity/rpcAdapter.js';
 import { createAuth } from './sso/auth/impl.js';
@@ -9,7 +9,7 @@ import { createSsoSessionManager } from './sso/sessionManager/impl.js';
 import { createUserSecretRepository } from './sso/userSecretRepository.js';
 import { createUserSessionRepository } from './sso/userSessionRepository.js';
 export function createPappAdapter({ appId, metadata, adapters }) {
-    const lazyClient = adapters?.lazyClient ?? createLazyClient(getWsProvider(SS_UNSTABLE_STAGE_ENDPOINTS));
+    const lazyClient = adapters?.lazyClient ?? createLazyClient(getWsProvider(SS_STABLE_STAGE_ENDPOINTS));
     const statementStore = adapters?.statementStore ?? createPapiStatementStoreAdapter(lazyClient);
     const identities = adapters?.identities ?? createIdentityRpcAdapter(lazyClient);
     const storage = adapters?.storage ?? createLocalStorageAdapter(appId);

package/dist/sso/auth/impl.d.ts

@@ -11,7 +11,7 @@ type Params = {
     lazyClient: LazyClient;
 };
 export declare function createAuth({ metadata, statementStore, ssoSessionRepository, userSecretRepository, lazyClient, }: Params): {
-    status: {
+    pairingStatus: {
         read: () => {
             step: "none";
         } | {
@@ -22,7 +22,7 @@ export declare function createAuth({ metadata, statementStore, ssoSessionReposit
             step: "pairing";
             payload: string;
         } | {
-            step: "error";
+            step: "pairingError";
             message: string;
         } | {
             step: "finished";
@@ -38,7 +38,7 @@ export declare function createAuth({ metadata, statementStore, ssoSessionReposit
             step: "pairing";
             payload: string;
         } | {
-            step: "error";
+            step: "pairingError";
             message: string;
         } | {
             step: "finished";
@@ -47,6 +47,32 @@ export declare function createAuth({ metadata, statementStore, ssoSessionReposit
         onFirstSubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
         onLastUnsubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
     };
+    attestationStatus: {
+        read: () => {
+            step: "none";
+        } | {
+            step: "attestation";
+            username: string;
+        } | {
+            step: "attestationError";
+            message: string;
+        } | {
+            step: "finished";
+        };
+        subscribe: (fn: (value: {
+            step: "none";
+        } | {
+            step: "attestation";
+            username: string;
+        } | {
+            step: "attestationError";
+            message: string;
+        } | {
+            step: "finished";
+        }) => void) => () => void;
+        onFirstSubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
+        onLastUnsubscribe: (callback: VoidFunction) => import("nanoevents").Unsubscribe;
+    };
     authenticate(): ResultAsync<StoredUserSession | null, Error>;
     abortAuthentication(): void;
 };

package/dist/sso/auth/impl.js

@@ -10,37 +10,48 @@ import { createStoredUserSession } from '../userSessionRepository.js';
 import { createAliceVerifier, createAttestationService } from './attestationService.js';
 import { HandshakeData, HandshakeResponsePayload, HandshakeResponseSensitiveData } from './scale/handshake.js';
 export function createAuth({ metadata, statementStore, ssoSessionRepository, userSecretRepository, lazyClient, }) {
-    const authStatus = createState({ step: 'none' });
+    const attestationStatus = createState({ step: 'none' });
+    const pairingStatus = createState({ step: 'none' });
     let authResult = null;
     let abort = null;
-    function attestateAccount(account, signal) {
+    function attestAccount(account, signal) {
         const attestationService = createAttestationService(lazyClient);
-        authStatus.write({ step: 'attestation' });
         const verifier = createAliceVerifier();
         const username = attestationService.claimUsername();
+        attestationStatus.write({ step: 'attestation', username });
         return attestationService
             .grantVerifierAllowance(verifier)
             .andThrough(() => processSignal(signal))
             .andThen(() => attestationService.registerLitePerson(username, account, verifier))
-            .andThrough(() => processSignal(signal));
+            .andThrough(() => processSignal(signal))
+            .andTee(() => {
+            attestationStatus.write({ step: 'finished' });
+        })
+            .orTee(e => {
+            if (!(e instanceof AbortError)) {
+                attestationStatus.write({ step: 'attestationError', message: e.message });
+            }
+        });
     }
-    function handshake(account, mnemonic, signal) {
+    function handshake(account, signal) {
         const localAccount = createLocalSessionAccount(createAccountId(account.publicKey));
-        return createEncrKeys(mnemonic).asyncAndThen(({ encrSecret, encrPublicKey }) => {
-            const handshakePayload = createHandshakePayloadV1({
-                ssPublicKey: account.publicKey,
-                encrPublicKey,
-                metadata,
-            }).andTee(payload => authStatus.write({ step: 'pairing', payload: createDeeplink(payload) }));
-            const pappResponse = handshakePayload
-                .andThen(() => createHandshakeTopic(localAccount, encrPublicKey))
-                .asyncAndThen(topic => waitForStatements(callback => statementStore.subscribeStatements([topic], callback), signal, (statements, resolve) => {
+        pairingStatus.write({ step: 'initial' });
+        const encrKeys = createEncrKeys(account.entropy);
+        const handshakePayload = encrKeys.andThen(({ publicKey }) => createHandshakePayloadV1({
+            ssPublicKey: account.publicKey,
+            encrPublicKey: publicKey,
+            metadata,
+        }));
+        const handshakeTopic = encrKeys.andThen(({ publicKey }) => createHandshakeTopic(localAccount, publicKey));
+        const dataPrepared = Result.combine([handshakePayload, handshakeTopic, encrKeys]).andTee(([payload]) => pairingStatus.write({ step: 'pairing', payload: createDeeplink(payload) }));
+        return dataPrepared.asyncAndThen(([, handshakeTopic, encrKeys]) => {
+            const pappResponse = waitForStatements(callback => statementStore.subscribeStatements([handshakeTopic], callback), signal, (statements, resolve) => {
                 for (const statement of statements) {
                     if (!statement.data)
                         continue;
                     const session = retrieveSession({
                         localAccount,
-                        encrSecret,
+                        encrSecret: encrKeys.secret,
                         payload: statement.data.asBytes(),
                     }).unwrapOr(null);
                     if (session) {
@@ -48,33 +59,46 @@ export function createAuth({ metadata, statementStore, ssoSessionRepository, use
                         break;
                     }
                 }
-            }));
-            const secretesSaved = pappResponse.andThen(({ id }) => userSecretRepository.write(id, { ssSecret: account.secret, encrSecret, mnemonic }));
+            });
+            const secretesSaved = pappResponse.andThen(({ id }) => {
+                return userSecretRepository.write(id, {
+                    ssSecret: account.secret,
+                    encrSecret: encrKeys.secret,
+                    entropy: account.entropy,
+                });
+            });
+            // secrets and sso session should be chained, or it can produce an incorrect state
             const userCreated = secretesSaved.andThen(() => pappResponse.andThen(ssoSessionRepository.add));
-            const result = ResultAsync.combine([userCreated, secretesSaved]).map(([session]) => session);
-            return result.orElse(e => (AbortError.isAbortError(e) ? ok(null) : err(toError(e))));
+            const sessionReceived = ResultAsync.combine([userCreated, secretesSaved]).map(([session]) => session);
+            return sessionReceived
+                .andTee(session => {
+                pairingStatus.write(session ? { step: 'finished', session } : { step: 'none' });
+            })
+                .orTee(e => {
+                if (!(e instanceof AbortError)) {
+                    pairingStatus.write({ step: 'pairingError', message: e.message });
+                }
+            });
         });
     }
     const authModule = {
-        status: readonly(authStatus),
+        pairingStatus: readonly(pairingStatus),
+        attestationStatus: readonly(attestationStatus),
         authenticate() {
             if (authResult) {
                 return authResult;
             }
             abort = new AbortController();
-            const signal = abort.signal;
-            const mnemonic = generateMnemonic();
-            const account = deriveSr25519Account(mnemonic, '//wallet');
-            authStatus.write({ step: 'initial' });
-            authResult = attestateAccount(account, signal)
-                .andThen(() => handshake(account, mnemonic, signal))
-                .andTee(session => {
-                authStatus.write(session ? { step: 'finished', session } : { step: 'none' });
+            const account = deriveSr25519Account(generateMnemonic(), '//wallet//sso');
+            authResult = ResultAsync.combine([handshake(account, abort.signal), attestAccount(account, abort.signal)])
+                .map(([session]) => session)
+                .orElse(e => (e instanceof AbortError ? ok(null) : err(e)))
+                .andTee(() => {
+                abort = null;
             })
-                .orTee(e => {
+                .orTee(() => {
                 authResult = null;
                 abort = null;
-                authStatus.write({ step: 'error', message: e.message });
             });
             return authResult;
         },
@@ -84,7 +108,8 @@ export function createAuth({ metadata, statementStore, ssoSessionRepository, use
                 abort = null;
             }
             authResult = null;
-            authStatus.reset();
+            pairingStatus.reset();
+            attestationStatus.reset();
         },
     };
     return authModule;
@@ -106,11 +131,11 @@ function parseHandshakePayload(payload) {
             throw new Error('Unsupported handshake payload version');
     }
 }
-const createEncrKeys = fromThrowable((mnemonic) => {
-    const encrSecret = createEncrSecret(mnemonic);
+const createEncrKeys = fromThrowable((entropy) => {
+    const secret = createEncrSecret(entropy);
     return {
-        encrSecret,
-        encrPublicKey: getEncrPub(encrSecret),
+        secret,
+        publicKey: getEncrPub(secret),
     };
 }, toError);
 function retrieveSession({ payload, encrSecret, localAccount, }) {

package/dist/sso/auth/types.d.ts

@@ -1,5 +1,5 @@
 import type { StoredUserSession } from '../userSessionRepository.js';
-export type AuthentificationStatus = {
+export type PairingStatus = {
     step: 'none';
 } | {
     step: 'initial';
@@ -9,9 +9,20 @@ export type AuthentificationStatus = {
     step: 'pairing';
     payload: string;
 } | {
-    step: 'error';
+    step: 'pairingError';
     message: string;
 } | {
     step: 'finished';
     session: StoredUserSession;
 };
+export type AttestationStatus = {
+    step: 'none';
+} | {
+    step: 'attestation';
+    username: string;
+} | {
+    step: 'attestationError';
+    message: string;
+} | {
+    step: 'finished';
+};

package/dist/sso/userSecretRepository.d.ts

@@ -6,7 +6,7 @@ type StoredUserSecrets = CodecType<typeof StoredUserSecretsCodec>;
 declare const StoredUserSecretsCodec: import("scale-ts").Codec<{
     ssSecret: SsSecret;
     encrSecret: EncrSecret;
-    mnemonic: string;
+    entropy: Uint8Array<ArrayBufferLike>;
 }>;
 export type UserSecretRepository = ReturnType<typeof createUserSecretRepository>;
 export declare function createUserSecretRepository(salt: string, storage: StorageAdapter): {

package/dist/sso/userSecretRepository.js

@@ -2,13 +2,13 @@ import { gcm } from '@noble/ciphers/aes.js';
 import { blake2b } from '@noble/hashes/blake2.js';
 import { fromHex, toHex } from '@polkadot-api/utils';
 import { fromThrowable } from 'neverthrow';
-import { Struct, str } from 'scale-ts';
+import { Bytes, Struct } from 'scale-ts';
 import { BrandedBytesCodec, stringToBytes } from '../crypto.js';
 import { toError } from '../helpers/utils.js';
 const StoredUserSecretsCodec = Struct({
     ssSecret: BrandedBytesCodec(),
     encrSecret: BrandedBytesCodec(),
-    mnemonic: str,
+    entropy: Bytes(),
 });
 export function createUserSecretRepository(salt, storage) {
     const baseKey = 'UserSecrets';

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/host-papp",
   "type": "module",
-  "version": "0.5.0-17",
+  "version": "0.5.0-18",
   "description": "Polkadot app integration",
   "license": "Apache-2.0",
   "repository": {
@@ -28,9 +28,9 @@
     "@noble/ciphers": "2.1.1",
     "@noble/curves": "2.0.1",
     "@noble/hashes": "2.0.1",
-    "@novasamatech/host-api": "0.5.0-17",
-    "@novasamatech/statement-store": "0.5.0-17",
-    "@novasamatech/storage-adapter": "0.5.0-17",
+    "@novasamatech/host-api": "0.5.0-18",
+    "@novasamatech/statement-store": "0.5.0-18",
+    "@novasamatech/storage-adapter": "0.5.0-18",
     "@polkadot-api/substrate-bindings": "^0.16.5",
     "@polkadot-labs/hdkd-helpers": "^0.0.27",
     "@scure/sr25519": "1.0.0",