@novasamatech/host-papp 0.5.0-7 → 0.5.0-9

package/dist/sso/sessionManager/scale/remoteMessage.d.ts

@@ -0,0 +1,23 @@
+export declare const RemoteMessageDataCodec: import("scale-ts").Codec<{
+    tag: "v1";
+    value: {
+        tag: "Disconnected";
+        value: undefined;
+    } | {
+        tag: "SigningRequest";
+        value: Uint8Array<ArrayBufferLike>;
+    };
+}>;
+export declare const RemoteMessageCodec: import("scale-ts").Codec<{
+    messageId: string;
+    data: {
+        tag: "v1";
+        value: {
+            tag: "Disconnected";
+            value: undefined;
+        } | {
+            tag: "SigningRequest";
+            value: Uint8Array<ArrayBufferLike>;
+        };
+    };
+}>;

package/dist/sso/sessionManager/scale/remoteMessage.js

@@ -0,0 +1,14 @@
+import { Bytes, Enum, Struct, _void, str } from 'scale-ts';
+export const RemoteMessageDataCodec = Enum({
+    v1: Enum({
+        Disconnected: _void,
+        // TODO implement
+        SigningRequest: Bytes(),
+        // TODO implement
+        // SigningResponse: Bytes(),
+    }),
+});
+export const RemoteMessageCodec = Struct({
+    messageId: str,
+    data: RemoteMessageDataCodec,
+});

package/dist/sso/sessionManager/ssoSession.d.ts

@@ -0,0 +1,23 @@
+import type { Encryption, StatementProver, StatementStoreAdapter } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import { ResultAsync } from 'neverthrow';
+import type { CodecType } from 'scale-ts';
+import type { Callback } from '../../types.js';
+import type { UserSession } from '../ssoSessionRepository.js';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export type SsoSession = ReturnType<typeof createSsoSession>;
+export declare function createSsoSession({ userSession, statementStore, encryption, storage, prover, }: {
+    userSession: UserSession;
+    statementStore: StatementStoreAdapter;
+    encryption: Encryption;
+    storage: StorageAdapter;
+    prover: StatementProver;
+}): {
+    request(message: CodecType<typeof RemoteMessageDataCodec>): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    sendDisconnectMessage(): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    subscribe(callback: Callback<CodecType<typeof RemoteMessageCodec>, ResultAsync<boolean, Error>>): VoidFunction;
+};

package/dist/sso/sessionManager/ssoSession.js

@@ -0,0 +1,69 @@
+import { createSession } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { nanoid } from 'nanoid';
+import { ResultAsync, okAsync } from 'neverthrow';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export function createSsoSession({ userSession, statementStore, encryption, storage, prover, }) {
+    const session = createSession({
+        localAccount: userSession.local,
+        remoteAccount: userSession.remote,
+        statementStore,
+        encryption,
+        prover,
+    });
+    const processedMessages = fieldListView({
+        storage,
+        key: `sso_processed_${userSession.id}`,
+        from: JSON.parse,
+        to: JSON.stringify,
+        initial: [],
+    });
+    return {
+        request(message) {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: message,
+            });
+        },
+        sendDisconnectMessage() {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: {
+                    tag: 'v1',
+                    value: {
+                        tag: 'Disconnected',
+                        value: undefined,
+                    },
+                },
+            });
+        },
+        subscribe(callback) {
+            return session.subscribe(RemoteMessageCodec, messages => {
+                processedMessages.read().andThen(processed => {
+                    const results = messages.map(message => {
+                        if (message.type === 'request') {
+                            const isMessageProcessed = processed.includes(message.data.messageId);
+                            if (isMessageProcessed) {
+                                return okAsync({ processed: false });
+                            }
+                            return callback(message.data)
+                                .orTee(error => {
+                                console.error('Error while processing sso messsage:', error);
+                            })
+                                .orElse(() => okAsync(false))
+                                .map(processed => (processed ? { processed, message: message.data } : { processed }));
+                        }
+                        return okAsync({ processed: false });
+                    });
+                    return ResultAsync.combine(results).andThen(results => {
+                        const newMessages = results.filter(x => x.processed).map(x => x.message.messageId);
+                        if (newMessages.length > 0) {
+                            return processedMessages.mutate(x => x.concat(newMessages));
+                        }
+                        return okAsync();
+                    });
+                });
+            });
+        },
+    };
+}

package/dist/sso/sessionManager/ssoSessionProver.d.ts

@@ -0,0 +1,4 @@
+import type { StatementProver } from '@novasamatech/statement-store';
+import type { UserSession } from '../ssoSessionRepository.js';
+import type { UserSecretRepository } from '../userSecretRepository.js';
+export declare function createSsoStatementProver(userSession: UserSession, userSecretRepository: UserSecretRepository): StatementProver;

package/dist/sso/sessionManager/ssoSessionProver.js

@@ -0,0 +1,35 @@
+import { getStatementSigner, statementCodec } from '@polkadot-api/sdk-statement';
+import { err, errAsync, fromThrowable, ok, okAsync } from 'neverthrow';
+import { compact } from 'scale-ts';
+import { toError } from '../../helpers/utils.js';
+import { getSsPub, signWithSsSecret, verifyWithSsSecret } from '../../modules/crypto.js';
+const verify = fromThrowable(verifyWithSsSecret, toError);
+export function createSsoStatementProver(userSession, userSecretRepository) {
+    const secret = userSecretRepository
+        .read(userSession.id)
+        .andThen(secrets => (secrets ? ok(secrets) : err(new Error(`Secrets for session ${userSession.id} not found.`))))
+        .map(x => x.ssSecret);
+    return {
+        generateMessageProof(statement) {
+            return secret.map(secret => {
+                const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => signWithSsSecret(secret, data));
+                return signer.sign(statement);
+            });
+        },
+        verifyMessageProof(statement) {
+            const { proof, ...unsigned } = statement;
+            if (!proof) {
+                // TODO should we pass check when proof is not presented?
+                return okAsync(true);
+            }
+            const encoded = statementCodec.enc(unsigned);
+            const compactLen = compact.enc(compact.dec(encoded)).length;
+            switch (proof.type) {
+                case 'sr25519':
+                    return verify(encoded.slice(compactLen), proof.value.signature.asBytes(), proof.value.signer.asBytes()).asyncAndThen(x => okAsync(x));
+                default:
+                    return errAsync(new Error(`Proof type ${proof.type} is not supported.`));
+            }
+        },
+    };
+}

package/dist/sso/sessionManager/types.d.ts

@@ -0,0 +1,6 @@
+import type { EncrSecret, SharedSecret, SsSecret } from '../../crypto.js';
+export type UserSecrets = {
+    sharedSecret: SharedSecret;
+    encr: EncrSecret;
+    ss: SsSecret;
+};

package/dist/sso/sessionManager/types.js

@@ -0,0 +1 @@
+export {};

package/dist/sso/sessionManager/userSession.d.ts

@@ -0,0 +1,24 @@
+import type { Encryption, StatementProver, StatementStoreAdapter } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import { ResultAsync } from 'neverthrow';
+import type { CodecType } from 'scale-ts';
+import type { Callback } from '../../types.js';
+import type { StoredUserSession } from '../userSessionRepository.js';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export type UserSession = StoredUserSession & {
+    request(message: CodecType<typeof RemoteMessageDataCodec>): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    sendDisconnectMessage(): ResultAsync<{
+        requestId: string;
+    }, Error>;
+    subscribe(callback: Callback<CodecType<typeof RemoteMessageCodec>, ResultAsync<boolean, Error>>): VoidFunction;
+    dispose(): void;
+};
+export declare function createUserSession({ userSession, statementStore, encryption, storage, prover, }: {
+    userSession: StoredUserSession;
+    statementStore: StatementStoreAdapter;
+    encryption: Encryption;
+    storage: StorageAdapter;
+    prover: StatementProver;
+}): UserSession;

package/dist/sso/sessionManager/userSession.js

@@ -0,0 +1,75 @@
+import { createSession } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { nanoid } from 'nanoid';
+import { ResultAsync, okAsync } from 'neverthrow';
+import { RemoteMessageCodec, RemoteMessageDataCodec } from './scale/remoteMessage.js';
+export function createUserSession({ userSession, statementStore, encryption, storage, prover, }) {
+    const session = createSession({
+        localAccount: userSession.localAccount,
+        remoteAccount: userSession.remoteAccount,
+        statementStore,
+        encryption,
+        prover,
+    });
+    const processedMessages = fieldListView({
+        storage,
+        key: `sso_processed_${userSession.id}`,
+        from: JSON.parse,
+        to: JSON.stringify,
+        initial: [],
+    });
+    return {
+        id: userSession.id,
+        localAccount: userSession.localAccount,
+        remoteAccount: userSession.remoteAccount,
+        request(message) {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: message,
+            });
+        },
+        sendDisconnectMessage() {
+            return session.submitRequest(RemoteMessageCodec, {
+                messageId: nanoid(),
+                data: {
+                    tag: 'v1',
+                    value: {
+                        tag: 'Disconnected',
+                        value: undefined,
+                    },
+                },
+            });
+        },
+        subscribe(callback) {
+            return session.subscribe(RemoteMessageCodec, messages => {
+                processedMessages.read().andThen(processed => {
+                    const results = messages.map(message => {
+                        if (message.type === 'request') {
+                            const isMessageProcessed = processed.includes(message.data.messageId);
+                            if (isMessageProcessed) {
+                                return okAsync({ processed: false });
+                            }
+                            return callback(message.data)
+                                .orTee(error => {
+                                console.error('Error while processing sso messsage:', error);
+                            })
+                                .orElse(() => okAsync(false))
+                                .map(processed => (processed ? { processed, message: message.data } : { processed }));
+                        }
+                        return okAsync({ processed: false });
+                    });
+                    return ResultAsync.combine(results).andThen(results => {
+                        const newMessages = results.filter(x => x.processed).map(x => x.message.messageId);
+                        if (newMessages.length > 0) {
+                            return processedMessages.mutate(x => x.concat(newMessages));
+                        }
+                        return okAsync();
+                    });
+                });
+            });
+        },
+        dispose() {
+            return session.dispose();
+        },
+    };
+}

package/dist/sso/ssoSessionProver.d.ts

@@ -0,0 +1,4 @@
+import type { StatementProver } from '@novasamatech/statement-store';
+import type { UserSecretRepository } from './userSecretRepository.js';
+import type { StoredUserSession } from './userSessionRepository.js';
+export declare function createSsoStatementProver(userSession: StoredUserSession, userSecretRepository: UserSecretRepository): StatementProver;

package/dist/sso/ssoSessionProver.js

@@ -0,0 +1,35 @@
+import { getStatementSigner, statementCodec } from '@polkadot-api/sdk-statement';
+import { err, errAsync, fromThrowable, ok, okAsync } from 'neverthrow';
+import { compact } from 'scale-ts';
+import { getSsPub, signWithSsSecret, verifyWithSsSecret } from '../crypto.js';
+import { toError } from '../helpers/utils.js';
+const verify = fromThrowable(verifyWithSsSecret, toError);
+export function createSsoStatementProver(userSession, userSecretRepository) {
+    const secret = userSecretRepository
+        .read(userSession.id)
+        .andThen(secrets => (secrets ? ok(secrets) : err(new Error(`Secrets for session ${userSession.id} not found.`))))
+        .map(x => x.ssSecret);
+    return {
+        generateMessageProof(statement) {
+            return secret.map(secret => {
+                const signer = getStatementSigner(getSsPub(secret), 'sr25519', data => signWithSsSecret(secret, data));
+                return signer.sign(statement);
+            });
+        },
+        verifyMessageProof(statement) {
+            const { proof, ...unsigned } = statement;
+            if (!proof) {
+                // TODO should we pass check when proof is not presented?
+                return okAsync(true);
+            }
+            const encoded = statementCodec.enc(unsigned);
+            const compactLen = compact.enc(compact.dec(encoded)).length;
+            switch (proof.type) {
+                case 'sr25519':
+                    return verify(encoded.slice(compactLen), proof.value.signature.asBytes(), proof.value.signer.asBytes()).asyncAndThen(x => okAsync(x));
+                default:
+                    return errAsync(new Error(`Proof type ${proof.type} is not supported.`));
+            }
+        },
+    };
+}

package/dist/sso/ssoSessionRepository.d.ts

@@ -0,0 +1,18 @@
+import type { LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+export type SsoSessionRepository = ReturnType<typeof createSsoSessionRepository>;
+export type UserSession = {
+    id: string;
+    local: LocalSessionAccount;
+    remote: RemoteSessionAccount;
+};
+export declare function createUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount): UserSession;
+export declare const createSsoSessionRepository: (storage: StorageAdapter) => {
+    add(value: UserSession): import("neverthrow").ResultAsync<UserSession, Error>;
+    filter(fn: (value: UserSession) => boolean): import("neverthrow").ResultAsync<UserSession[], Error>;
+    mutate(fn: (value: UserSession[]) => UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error>;
+    read(): import("neverthrow").ResultAsync<UserSession[], Error>;
+    write(value: UserSession[]): import("neverthrow").ResultAsync<UserSession[], Error> | import("neverthrow").ResultAsync<null, Error>;
+    clear(): import("neverthrow").ResultAsync<void, Error>;
+    subscribe(fn: (value: UserSession[]) => void): VoidFunction;
+};

package/dist/sso/ssoSessionRepository.js

@@ -0,0 +1,27 @@
+import { LocalSessionAccountCodec, RemoteSessionAccountCodec } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { nanoid } from 'nanoid';
+import { Struct, Vector, str } from 'scale-ts';
+const userSessionCodec = Struct({
+    id: str,
+    local: LocalSessionAccountCodec,
+    remote: RemoteSessionAccountCodec,
+});
+export function createUserSession(localAccount, remoteAccount) {
+    return {
+        id: nanoid(12),
+        local: localAccount,
+        remote: remoteAccount,
+    };
+}
+const userSessionsCodec = Vector(userSessionCodec);
+export const createSsoSessionRepository = (storage) => {
+    return fieldListView({
+        storage,
+        key: 'SsoSessions',
+        initial: [],
+        from: x => userSessionsCodec.dec(fromHex(x)),
+        to: x => toHex(userSessionsCodec.enc(x)),
+    });
+};

package/dist/sso/userSecretRepository.d.ts

@@ -0,0 +1,16 @@
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+import type { ResultAsync } from 'neverthrow';
+import type { CodecType } from 'scale-ts';
+import type { EncrSecret, SsSecret } from '../crypto.js';
+type StoredUserSecrets = CodecType<typeof StoredUserSecretsCodec>;
+declare const StoredUserSecretsCodec: import("scale-ts").Codec<{
+    ssSecret: SsSecret;
+    encrSecret: EncrSecret;
+}>;
+export type UserSecretRepository = ReturnType<typeof createUserSecretRepository>;
+export declare function createUserSecretRepository(salt: string, storage: StorageAdapter): {
+    read(sessionId: string): ResultAsync<StoredUserSecrets | null, Error>;
+    write(sessionId: string, value: StoredUserSecrets): ResultAsync<void, Error>;
+    clear(sessionId: string): ResultAsync<void, Error>;
+};
+export {};

package/dist/sso/userSecretRepository.js

@@ -0,0 +1,44 @@
+import { gcm } from '@noble/ciphers/aes.js';
+import { blake2b } from '@noble/hashes/blake2.js';
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { fromThrowable } from 'neverthrow';
+import { Struct } from 'scale-ts';
+import { BrandedBytesCodec, stringToBytes } from '../crypto.js';
+import { toError } from '../helpers/utils.js';
+const StoredUserSecretsCodec = Struct({
+    ssSecret: BrandedBytesCodec(),
+    encrSecret: BrandedBytesCodec(),
+});
+export function createUserSecretRepository(salt, storage) {
+    const baseKey = 'UserSecrets';
+    const encode = fromThrowable(StoredUserSecretsCodec.enc, toError);
+    const decode = fromThrowable((value) => (value ? StoredUserSecretsCodec.dec(value) : null), toError);
+    const encrypt = fromThrowable((value) => {
+        const aes = getAes(salt);
+        return toHex(aes.encrypt(value));
+    }, toError);
+    const decrypt = fromThrowable((value) => {
+        if (value === null) {
+            return null;
+        }
+        const aes = getAes(salt);
+        return aes.decrypt(fromHex(value));
+    }, toError);
+    return {
+        read(sessionId) {
+            return storage.read(createKey(baseKey, sessionId)).andThen(decrypt).andThen(decode);
+        },
+        write(sessionId, value) {
+            return encode(value)
+                .andThen(encrypt)
+                .asyncAndThen(value => storage.write(createKey(baseKey, sessionId), value));
+        },
+        clear(sessionId) {
+            return storage.clear(createKey(baseKey, sessionId));
+        },
+    };
+}
+const createKey = (key, context) => `${key}_${context}`;
+function getAes(salt) {
+    return gcm(blake2b(stringToBytes(salt), { dkLen: 16 }), blake2b(stringToBytes('nonce'), { dkLen: 32 }));
+}

package/dist/sso/userSessionRepository.d.ts

@@ -0,0 +1,18 @@
+import type { LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
+import type { StorageAdapter } from '@novasamatech/storage-adapter';
+export type UserSessionRepository = ReturnType<typeof createUserSessionRepository>;
+export type StoredUserSession = {
+    id: string;
+    localAccount: LocalSessionAccount;
+    remoteAccount: RemoteSessionAccount;
+};
+export declare function createStoredUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount): StoredUserSession;
+export declare const createUserSessionRepository: (storage: StorageAdapter) => {
+    add(value: StoredUserSession): import("neverthrow").ResultAsync<StoredUserSession, Error>;
+    filter(fn: (value: StoredUserSession) => boolean): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
+    mutate(fn: (value: StoredUserSession[]) => StoredUserSession[]): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
+    read(): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
+    write(value: StoredUserSession[]): import("neverthrow").ResultAsync<StoredUserSession[], Error> | import("neverthrow").ResultAsync<null, Error>;
+    clear(): import("neverthrow").ResultAsync<void, Error>;
+    subscribe(fn: (value: StoredUserSession[]) => void): VoidFunction;
+};

package/dist/sso/userSessionRepository.js

@@ -0,0 +1,27 @@
+import { LocalSessionAccountCodec, RemoteSessionAccountCodec } from '@novasamatech/statement-store';
+import { fieldListView } from '@novasamatech/storage-adapter';
+import { fromHex, toHex } from '@polkadot-api/utils';
+import { nanoid } from 'nanoid';
+import { Struct, Vector, str } from 'scale-ts';
+const storedUserSessionCodec = Struct({
+    id: str,
+    localAccount: LocalSessionAccountCodec,
+    remoteAccount: RemoteSessionAccountCodec,
+});
+export function createStoredUserSession(localAccount, remoteAccount) {
+    return {
+        id: nanoid(12),
+        localAccount: localAccount,
+        remoteAccount: remoteAccount,
+    };
+}
+export const createUserSessionRepository = (storage) => {
+    const codec = Vector(storedUserSessionCodec);
+    return fieldListView({
+        storage,
+        key: 'SsoSessions',
+        initial: [],
+        from: x => codec.dec(fromHex(x)),
+        to: x => toHex(codec.enc(x)),
+    });
+};

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@novasamatech/host-papp",
   "type": "module",
-  "version": "0.5.0-7",
+  "version": "0.5.0-9",
   "description": "Polkadot app integration",
   "license": "Apache-2.0",
   "repository": {
@@ -24,7 +24,9 @@
     "README.md"
   ],
   "dependencies": {
-    "@polkadot-api/sdk-statement": "^0.2.0",
+    "@novasamatech/host-api": "0.5.0-9",
+    "@novasamatech/statement-store": "0.5.0-9",
+    "@novasamatech/storage-adapter": "0.5.0-9",
     "@polkadot-api/substrate-bindings": "^0.16.5",
     "@scure/sr25519": "1.0.0",
     "@noble/curves": "2.0.1",
@@ -33,7 +35,7 @@
     "polkadot-api": "^1.23.1",
     "nanoevents": "9.1.0",
     "nanoid": "5.1.6",
-    "neverthrow": "8.2.0",
+    "neverthrow": "^8.2.0",
     "scale-ts": "1.6.1"
   },
   "publishConfig": {