@novasamatech/host-papp 0.7.6 → 0.7.8-0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/dist/identity/impl.js +1 -1
  2. package/dist/sso/auth/attestationService.js +10 -8
  3. package/dist/sso/auth/impl.js +15 -15
  4. package/dist/sso/auth/scale/handshake.d.ts +5 -1
  5. package/dist/sso/auth/scale/handshake.js +6 -2
  6. package/dist/sso/sessionManager/impl.js +13 -2
  7. package/dist/sso/sessionManager/userSession.js +7 -1
  8. package/dist/sso/userSessionRepository.d.ts +155 -12
  9. package/dist/sso/userSessionRepository.js +4 -2
  10. package/package.json +5 -5
package/dist/identity/impl.js CHANGED
@@ -57,7 +57,7 @@ function createCachedIdentityRequester(storage, getKey) {
57
57
  if (emptyIdentities.length === 0) {
58
58
  return okAsync(existing);
59
59
  }
60
- return request(accounts)
60
+ return request(emptyIdentities)
61
61
  .andThen(writeCache)
62
62
  .map(fetched => ({
63
63
  ...existing,
package/dist/sso/auth/attestationService.js CHANGED
@@ -159,18 +159,20 @@ function createPeopleSigner(verifier) {
159
159
  publicKey: baseSigner.publicKey,
160
160
  signBytes: baseSigner.signBytes,
161
161
  signTx: async (callData, signedExtensions, metadata, atBlockNumber, hasher) => {
162
- // Add People chain custom signed extensions
162
+ // polkadot-api auto-derives all signed extensions whose default state is encodable as
163
+ // a zero byte (Option::None, struct(Option<_>) = None, etc.). The People runtime's
164
+ // `pallet_verify_signature::VerifySignature` ({ Disabled, Signed }) extension uses
165
+ // identifier "VerifyMultiSignature" but has no built-in handler in polkadot-api, so it
166
+ // must be supplied manually. Value 0x00 = `Disabled` (passthrough — the standard
167
+ // extrinsic signature authenticates the call). Variant tag order was flipped in
168
+ // polkadot-sdk#11897 specifically so generic signers can encode the passthrough state
169
+ // as a single zero byte.
163
170
  const extensionsWithCustom = {
164
171
  ...signedExtensions,
165
172
  VerifyMultiSignature: {
166
173
  identifier: 'VerifyMultiSignature',
167
- value: new Uint8Array([1]), // 1u8 = Option::Some with empty data
168
- additionalSigned: new Uint8Array([]), // Empty additional data
169
- },
170
- AsPerson: {
171
- identifier: 'AsPerson',
172
- value: new Uint8Array([0]), // 0u8 = Option::None
173
- additionalSigned: new Uint8Array([]), // Empty additional data
174
+ value: new Uint8Array([0]),
175
+ additionalSigned: new Uint8Array([]),
174
176
  },
175
177
  };
176
178
  return baseSigner.signTx(callData, extensionsWithCustom, metadata, atBlockNumber, hasher);
package/dist/sso/auth/impl.js CHANGED
@@ -46,7 +46,8 @@ export function createAuth({ metadata, hostMetadata, statementStore, ssoSessionR
46
46
  }));
47
47
  const handshakeTopic = encrKeys.andThen(({ publicKey }) => createHandshakeTopic(localAccount, publicKey));
48
48
  const dataPrepared = Result.combine([handshakePayload, handshakeTopic, encrKeys]).andTee(([payload]) => pairingStatus.write({ step: 'pairing', payload: createDeeplink(payload) }));
49
- return dataPrepared.asyncAndThen(([, handshakeTopic, encrKeys]) => {
49
+ return dataPrepared
50
+ .asyncAndThen(([, handshakeTopic, encrKeys]) => {
50
51
  const pappResponse = waitForStatements(callback => statementStore.subscribeStatements({ matchAll: [handshakeTopic] }, page => callback(page.statements)), signal, (statements, resolve) => {
51
52
  for (const statement of statements) {
52
53
  if (!statement.data)
@@ -62,7 +63,7 @@ export function createAuth({ metadata, hostMetadata, statementStore, ssoSessionR
62
63
  }
63
64
  }
64
65
  });
65
- const sessionWithSecretsPayload = pappResponse.map(session => ({
66
+ return pappResponse.map(session => ({
66
67
  session,
67
68
  secretsPayload: {
68
69
  id: session.id,
@@ -71,15 +72,14 @@ export function createAuth({ metadata, hostMetadata, statementStore, ssoSessionR
71
72
  entropy: account.entropy,
72
73
  },
73
74
  }));
74
- return sessionWithSecretsPayload
75
- .andTee(({ session }) => {
76
- pairingStatus.write({ step: 'finished', session });
77
- })
78
- .orTee(e => {
79
- if (!(e instanceof AbortError)) {
80
- pairingStatus.write({ step: 'pairingError', message: e.message });
81
- }
82
- });
75
+ })
76
+ .andTee(({ session }) => {
77
+ pairingStatus.write({ step: 'finished', session });
78
+ })
79
+ .orTee(e => {
80
+ if (!(e instanceof AbortError)) {
81
+ pairingStatus.write({ step: 'pairingError', message: e.message });
82
+ }
83
83
  });
84
84
  }
85
85
  const authModule = {
@@ -162,10 +162,10 @@ function retrieveSession({ payload, encrSecret, localAccount, }) {
162
162
  return createEncryption(symmetricKey)
163
163
  .decrypt(encrypted)
164
164
  .map(decrypted => {
165
- const [pappEncrPublicKey, pappAccountId] = HandshakeResponseSensitiveData.dec(decrypted);
166
- const sharedSecret = createSharedSecret(encrSecret, pappEncrPublicKey);
167
- const peerAccount = createRemoteSessionAccount(createAccountId(pappAccountId), sharedSecret);
168
- return createStoredUserSession(localAccount, peerAccount);
165
+ const { sharedSecretDerivationKey, rootUserAccountId, identityAccountId } = HandshakeResponseSensitiveData.dec(decrypted);
166
+ const sharedSecret = createSharedSecret(encrSecret, sharedSecretDerivationKey);
167
+ const peerAccount = createRemoteSessionAccount(createAccountId(rootUserAccountId), sharedSecret);
168
+ return createStoredUserSession(localAccount, peerAccount, createAccountId(identityAccountId));
169
169
  });
170
170
  }
171
171
  function createDeeplink(payload) {
package/dist/sso/auth/scale/handshake.d.ts CHANGED
@@ -16,4 +16,8 @@ export declare const HandshakeResponsePayload: import("scale-ts").Codec<{
16
16
  tmpKey: Uint8Array<ArrayBufferLike>;
17
17
  };
18
18
  }>;
19
- export declare const HandshakeResponseSensitiveData: import("scale-ts").Codec<[Uint8Array<ArrayBufferLike>, Uint8Array<ArrayBufferLike>]>;
19
+ export declare const HandshakeResponseSensitiveData: import("scale-ts").Codec<{
20
+ sharedSecretDerivationKey: Uint8Array<ArrayBufferLike>;
21
+ rootUserAccountId: Uint8Array<ArrayBufferLike>;
22
+ identityAccountId: Uint8Array<ArrayBufferLike>;
23
+ }>;
package/dist/sso/auth/scale/handshake.js CHANGED
@@ -1,5 +1,5 @@
1
1
  import { Enum } from '@novasamatech/scale';
2
- import { Bytes, Option, Struct, Tuple, str } from 'scale-ts';
2
+ import { Bytes, Option, Struct, str } from 'scale-ts';
3
3
  import { EncrPubKey, SsPubKey } from '../../../crypto.js';
4
4
  const optStr = Option(str);
5
5
  export const HandshakeData = Enum({
@@ -15,4 +15,8 @@ export const HandshakeData = Enum({
15
15
  export const HandshakeResponsePayload = Enum({
16
16
  v1: Struct({ encrypted: Bytes(), tmpKey: Bytes(65) }),
17
17
  });
18
- export const HandshakeResponseSensitiveData = Tuple(Bytes(65), Bytes(32));
18
+ export const HandshakeResponseSensitiveData = Struct({
19
+ sharedSecretDerivationKey: Bytes(65),
20
+ rootUserAccountId: Bytes(32),
21
+ identityAccountId: Bytes(32),
22
+ });
package/dist/sso/sessionManager/impl.js CHANGED
@@ -5,6 +5,11 @@ import { createSsoStatementProver } from '../ssoSessionProver.js';
5
5
  import { createUserSession } from './userSession.js';
6
6
  export function createSsoSessionManager({ ssoSessionRepository, userSecretRepository, statementStore, storage, }) {
7
7
  const localSessions = createState({});
8
+ const sessionUnsubscribes = new Map();
9
+ const releaseSession = (id) => {
10
+ sessionUnsubscribes.get(id)?.();
11
+ sessionUnsubscribes.delete(id);
12
+ };
8
13
  const disconnect = (session) => {
9
14
  return ssoSessionRepository.filter(s => s.id !== session.id).map(() => undefined);
10
15
  };
@@ -13,12 +18,12 @@ export function createSsoSessionManager({ ssoSessionRepository, userSecretReposi
13
18
  const toRemove = new Set(Object.keys(activeSessions));
14
19
  const toAdd = new Set();
15
20
  for (const userSession of userSessions) {
21
+ toRemove.delete(userSession.id);
16
22
  if (userSession.id in activeSessions)
17
23
  continue;
18
24
  const session = createSession(userSession, statementStore, storage, userSecretRepository);
19
- toRemove.delete(userSession.id);
20
25
  toAdd.add(session);
21
- session.subscribe(message => {
26
+ const unsubscribe = session.subscribe(message => {
22
27
  switch (message.data.tag) {
23
28
  case 'v1': {
24
29
  switch (message.data.value.tag) {
@@ -29,8 +34,13 @@ export function createSsoSessionManager({ ssoSessionRepository, userSecretReposi
29
34
  }
30
35
  return okAsync(false);
31
36
  });
37
+ sessionUnsubscribes.set(session.id, unsubscribe);
32
38
  }
33
39
  if (toRemove.size > 0) {
40
+ for (const id of toRemove) {
41
+ releaseSession(id);
42
+ activeSessions[id]?.dispose();
43
+ }
34
44
  localSessions.write(prev => {
35
45
  return Object.fromEntries(Object.entries(prev).filter(([id]) => !toRemove.has(id)));
36
46
  });
@@ -56,6 +66,7 @@ export function createSsoSessionManager({ ssoSessionRepository, userSecretReposi
56
66
  },
57
67
  dispose() {
58
68
  for (const session of Object.values(localSessions.read())) {
69
+ releaseSession(session.id);
59
70
  session.dispose();
60
71
  }
61
72
  },
package/dist/sso/sessionManager/userSession.js CHANGED
@@ -35,6 +35,7 @@ export function createUserSession({ userSession, statementStore, encryption, sto
35
35
  id: userSession.id,
36
36
  localAccount: userSession.localAccount,
37
37
  remoteAccount: userSession.remoteAccount,
38
+ identityAccountId: userSession.identityAccountId,
38
39
  signPayload(payload) {
39
40
  return requestQueue.call(() => {
40
41
  const messageId = nanoid();
@@ -141,7 +142,9 @@ export function createUserSession({ userSession, statementStore, encryption, sto
141
142
  },
142
143
  subscribe(callback) {
143
144
  return session.subscribe(RemoteMessageCodec, messages => {
144
- processedMessages.read().andThen(processed => {
145
+ processedMessages
146
+ .read()
147
+ .andThen(processed => {
145
148
  const results = messages.map(message => {
146
149
  if (message.type === 'request' && message.payload.status === 'parsed') {
147
150
  const payload = message.payload;
@@ -165,6 +168,9 @@ export function createUserSession({ userSession, statementStore, encryption, sto
165
168
  }
166
169
  return okAsync();
167
170
  });
171
+ })
172
+ .orTee(error => {
173
+ console.error('Error while updating processed sso messages:', error);
168
174
  });
169
175
  });
170
176
  },
package/dist/sso/userSessionRepository.d.ts CHANGED
@@ -1,18 +1,161 @@
1
- import type { LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
1
+ import type { AccountId, LocalSessionAccount, RemoteSessionAccount } from '@novasamatech/statement-store';
2
2
  import type { StorageAdapter } from '@novasamatech/storage-adapter';
3
+ import type { CodecType } from 'scale-ts';
3
4
  export type UserSessionRepository = ReturnType<typeof createUserSessionRepository>;
4
- export type StoredUserSession = {
5
+ export type StoredUserSession = CodecType<typeof storedUserSessionCodec>;
6
+ declare const storedUserSessionCodec: import("scale-ts").Codec<{
5
7
  id: string;
6
- localAccount: LocalSessionAccount;
7
- remoteAccount: RemoteSessionAccount;
8
- };
9
- export declare function createStoredUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount): StoredUserSession;
8
+ localAccount: {
9
+ accountId: AccountId;
10
+ pin: string | undefined;
11
+ };
12
+ remoteAccount: {
13
+ accountId: AccountId;
14
+ publicKey: Uint8Array<ArrayBufferLike>;
15
+ pin: string | undefined;
16
+ };
17
+ identityAccountId: AccountId;
18
+ }>;
19
+ export declare function createStoredUserSession(localAccount: LocalSessionAccount, remoteAccount: RemoteSessionAccount, identityAccountId: AccountId): StoredUserSession;
10
20
  export declare const createUserSessionRepository: (storage: StorageAdapter) => {
11
- add(value: StoredUserSession): import("neverthrow").ResultAsync<StoredUserSession, Error>;
12
- filter(fn: (value: StoredUserSession) => boolean): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
13
- mutate(fn: (value: StoredUserSession[]) => StoredUserSession[]): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
14
- read(): import("neverthrow").ResultAsync<StoredUserSession[], Error>;
15
- write(value: StoredUserSession[]): import("neverthrow").ResultAsync<null, Error> | import("neverthrow").ResultAsync<StoredUserSession[], Error>;
21
+ add(value: {
22
+ id: string;
23
+ localAccount: {
24
+ accountId: AccountId;
25
+ pin: string | undefined;
26
+ };
27
+ remoteAccount: {
28
+ accountId: AccountId;
29
+ publicKey: Uint8Array<ArrayBufferLike>;
30
+ pin: string | undefined;
31
+ };
32
+ identityAccountId: AccountId;
33
+ }): import("neverthrow").ResultAsync<{
34
+ id: string;
35
+ localAccount: {
36
+ accountId: AccountId;
37
+ pin: string | undefined;
38
+ };
39
+ remoteAccount: {
40
+ accountId: AccountId;
41
+ publicKey: Uint8Array<ArrayBufferLike>;
42
+ pin: string | undefined;
43
+ };
44
+ identityAccountId: AccountId;
45
+ }, Error>;
46
+ filter(fn: (value: {
47
+ id: string;
48
+ localAccount: {
49
+ accountId: AccountId;
50
+ pin: string | undefined;
51
+ };
52
+ remoteAccount: {
53
+ accountId: AccountId;
54
+ publicKey: Uint8Array<ArrayBufferLike>;
55
+ pin: string | undefined;
56
+ };
57
+ identityAccountId: AccountId;
58
+ }) => boolean): import("neverthrow").ResultAsync<{
59
+ id: string;
60
+ localAccount: {
61
+ accountId: AccountId;
62
+ pin: string | undefined;
63
+ };
64
+ remoteAccount: {
65
+ accountId: AccountId;
66
+ publicKey: Uint8Array<ArrayBufferLike>;
67
+ pin: string | undefined;
68
+ };
69
+ identityAccountId: AccountId;
70
+ }[], Error>;
71
+ mutate(fn: (value: {
72
+ id: string;
73
+ localAccount: {
74
+ accountId: AccountId;
75
+ pin: string | undefined;
76
+ };
77
+ remoteAccount: {
78
+ accountId: AccountId;
79
+ publicKey: Uint8Array<ArrayBufferLike>;
80
+ pin: string | undefined;
81
+ };
82
+ identityAccountId: AccountId;
83
+ }[]) => {
84
+ id: string;
85
+ localAccount: {
86
+ accountId: AccountId;
87
+ pin: string | undefined;
88
+ };
89
+ remoteAccount: {
90
+ accountId: AccountId;
91
+ publicKey: Uint8Array<ArrayBufferLike>;
92
+ pin: string | undefined;
93
+ };
94
+ identityAccountId: AccountId;
95
+ }[]): import("neverthrow").ResultAsync<{
96
+ id: string;
97
+ localAccount: {
98
+ accountId: AccountId;
99
+ pin: string | undefined;
100
+ };
101
+ remoteAccount: {
102
+ accountId: AccountId;
103
+ publicKey: Uint8Array<ArrayBufferLike>;
104
+ pin: string | undefined;
105
+ };
106
+ identityAccountId: AccountId;
107
+ }[], Error>;
108
+ read(): import("neverthrow").ResultAsync<{
109
+ id: string;
110
+ localAccount: {
111
+ accountId: AccountId;
112
+ pin: string | undefined;
113
+ };
114
+ remoteAccount: {
115
+ accountId: AccountId;
116
+ publicKey: Uint8Array<ArrayBufferLike>;
117
+ pin: string | undefined;
118
+ };
119
+ identityAccountId: AccountId;
120
+ }[], Error>;
121
+ write(value: {
122
+ id: string;
123
+ localAccount: {
124
+ accountId: AccountId;
125
+ pin: string | undefined;
126
+ };
127
+ remoteAccount: {
128
+ accountId: AccountId;
129
+ publicKey: Uint8Array<ArrayBufferLike>;
130
+ pin: string | undefined;
131
+ };
132
+ identityAccountId: AccountId;
133
+ }[]): import("neverthrow").ResultAsync<null, Error> | import("neverthrow").ResultAsync<{
134
+ id: string;
135
+ localAccount: {
136
+ accountId: AccountId;
137
+ pin: string | undefined;
138
+ };
139
+ remoteAccount: {
140
+ accountId: AccountId;
141
+ publicKey: Uint8Array<ArrayBufferLike>;
142
+ pin: string | undefined;
143
+ };
144
+ identityAccountId: AccountId;
145
+ }[], Error>;
16
146
  clear(): import("neverthrow").ResultAsync<void, Error>;
17
- subscribe(fn: (value: StoredUserSession[]) => void): VoidFunction;
147
+ subscribe(fn: (value: {
148
+ id: string;
149
+ localAccount: {
150
+ accountId: AccountId;
151
+ pin: string | undefined;
152
+ };
153
+ remoteAccount: {
154
+ accountId: AccountId;
155
+ publicKey: Uint8Array<ArrayBufferLike>;
156
+ pin: string | undefined;
157
+ };
158
+ identityAccountId: AccountId;
159
+ }[]) => void): VoidFunction;
18
160
  };
161
+ export {};
package/dist/sso/userSessionRepository.js CHANGED
@@ -1,4 +1,4 @@
1
- import { LocalSessionAccountCodec, RemoteSessionAccountCodec } from '@novasamatech/statement-store';
1
+ import { AccountIdCodec, LocalSessionAccountCodec, RemoteSessionAccountCodec } from '@novasamatech/statement-store';
2
2
  import { fieldListView } from '@novasamatech/storage-adapter';
3
3
  import { nanoid } from 'nanoid';
4
4
  import { fromHex, toHex } from 'polkadot-api/utils';
@@ -7,12 +7,14 @@ const storedUserSessionCodec = Struct({
7
7
  id: str,
8
8
  localAccount: LocalSessionAccountCodec,
9
9
  remoteAccount: RemoteSessionAccountCodec,
10
+ identityAccountId: AccountIdCodec,
10
11
  });
11
- export function createStoredUserSession(localAccount, remoteAccount) {
12
+ export function createStoredUserSession(localAccount, remoteAccount, identityAccountId) {
12
13
  return {
13
14
  id: nanoid(12),
14
15
  localAccount: localAccount,
15
16
  remoteAccount: remoteAccount,
17
+ identityAccountId,
16
18
  };
17
19
  }
18
20
  export const createUserSessionRepository = (storage) => {
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "@novasamatech/host-papp",
3
3
  "type": "module",
4
- "version": "0.7.6",
4
+ "version": "0.7.8-0",
5
5
  "description": "Polkadot app integration",
6
6
  "license": "Apache-2.0",
7
7
  "repository": {
@@ -29,10 +29,10 @@
29
29
  "@noble/ciphers": "2.2.0",
30
30
  "@noble/curves": "2.2.0",
31
31
  "@noble/hashes": "2.2.0",
32
- "@novasamatech/host-api": "0.7.6",
33
- "@novasamatech/scale": "0.7.6",
34
- "@novasamatech/statement-store": "0.7.6",
35
- "@novasamatech/storage-adapter": "0.7.6",
32
+ "@novasamatech/host-api": "0.7.8-0",
33
+ "@novasamatech/scale": "0.7.8-0",
34
+ "@novasamatech/statement-store": "0.7.8-0",
35
+ "@novasamatech/storage-adapter": "0.7.8-0",
36
36
  "@polkadot-labs/hdkd-helpers": "^0.0.30",
37
37
  "nanoevents": "9.1.0",
38
38
  "nanoid": "5.1.9",