npm - @opendatalabs/vana-sdk - Versions diffs - 3.0.0 → 3.0.1-canary.b068ac6 - Mend

@opendatalabs/vana-sdk 3.0.0 → 3.0.1-canary.b068ac6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

package/dist/auth/web3-signed.cjs +28 -3
package/dist/auth/web3-signed.cjs.map +1 -1
package/dist/auth/web3-signed.js +28 -3
package/dist/auth/web3-signed.js.map +1 -1
package/dist/crypto/ecies/node.cjs +6 -6
package/dist/crypto/ecies/node.cjs.map +1 -1
package/dist/crypto/ecies/node.js +1 -1
package/dist/crypto/ecies/node.js.map +1 -1
package/dist/index.browser.d.ts +1 -0
package/dist/index.browser.js +183 -15
package/dist/index.browser.js.map +3 -3
package/dist/index.node.cjs +194 -23
package/dist/index.node.cjs.map +4 -4
package/dist/index.node.d.ts +1 -0
package/dist/index.node.js +185 -17
package/dist/index.node.js.map +3 -3
package/dist/platform/node.cjs +2 -2
package/dist/platform/node.cjs.map +1 -1
package/dist/platform/node.js +1 -1
package/dist/platform/node.js.map +1 -1
package/dist/protocol/grants.cjs +146 -0
package/dist/protocol/grants.cjs.map +1 -0
package/dist/protocol/grants.d.ts +31 -0
package/dist/protocol/grants.js +123 -0
package/dist/protocol/grants.js.map +1 -0
package/dist/protocol/grants.test.d.ts +1 -0
package/dist/types/ps-errors.cjs +37 -12
package/dist/types/ps-errors.cjs.map +1 -1
package/dist/types/ps-errors.d.ts +7 -6
package/dist/types/ps-errors.js +37 -12
package/dist/types/ps-errors.js.map +1 -1
package/package.json +3 -2

package/dist/index.node.cjs CHANGED Viewed

@@ -1253,12 +1253,14 @@ __export(index_node_exports, {
   getServiceEndpoints: () => getServiceEndpoints,
   grantRegistrationDomain: () => grantRegistrationDomain,
   grantRevocationDomain: () => grantRevocationDomain,
+  isDataPortabilityGatewayConfig: () => isDataPortabilityGatewayConfig,
   isECIESEncrypted: () => isECIESEncrypted,
   isPlatformSupported: () => isPlatformSupported,
   mainnetServices: () => mainnetServices,
   moksha: () => moksha,
   mokshaServices: () => mokshaServices,
   mokshaTestnet: () => mokshaTestnet2,
+  parseGrantRegistrationPayload: () => parseGrantRegistrationPayload,
   parsePSError: () => parsePSError,
   parseScope: () => parseScope,
   parseWeb3SignedHeader: () => parseWeb3SignedHeader,
@@ -1269,6 +1271,7 @@ __export(index_node_exports, {
   serializeECIES: () => serializeECIES,
   serverRegistrationDomain: () => serverRegistrationDomain,
   vanaMainnet: () => vanaMainnet2,
+  verifyGrantRegistration: () => verifyGrantRegistration,
   verifyPkceChallenge: () => verifyPkceChallenge,
   verifyWeb3Signed: () => verifyWeb3Signed
 });
@@ -31482,7 +31485,7 @@ init_WalletKeyEncryptionService();
 init_crypto_utils();
 // src/crypto/ecies/node.ts
-var import_crypto = require("crypto");
+var import_node_crypto = require("node:crypto");
 var import_secp256k1 = __toESM(require("secp256k1"), 1);
 init_base();
 var import_viem9 = require("viem");
@@ -31498,7 +31501,7 @@ var NodeECIESUint8Provider = class extends BaseECIESUint8 {
     return x;
   };
   generateRandomBytes(length) {
-    return new Uint8Array((0, import_crypto.randomBytes)(length));
+    return new Uint8Array((0, import_node_crypto.randomBytes)(length));
   }
   verifyPrivateKey(privateKey) {
     return secp256k1.privateKeyVerify(Buffer.from(privateKey)) === true;
@@ -31542,16 +31545,16 @@ var NodeECIESUint8Provider = class extends BaseECIESUint8 {
   }
   sha512(data) {
     return new Uint8Array(
-      (0, import_crypto.createHash)("sha512").update(Buffer.from(data)).digest()
+      (0, import_node_crypto.createHash)("sha512").update(Buffer.from(data)).digest()
     );
   }
   hmacSha256(key, data) {
     return new Uint8Array(
-      (0, import_crypto.createHmac)("sha256", Buffer.from(key)).update(Buffer.from(data)).digest()
+      (0, import_node_crypto.createHmac)("sha256", Buffer.from(key)).update(Buffer.from(data)).digest()
     );
   }
   async aesEncrypt(key, iv, plaintext) {
-    const cipher = (0, import_crypto.createCipheriv)(
+    const cipher = (0, import_node_crypto.createCipheriv)(
       "aes-256-cbc",
       Buffer.from(key),
       Buffer.from(iv)
@@ -31563,7 +31566,7 @@ var NodeECIESUint8Provider = class extends BaseECIESUint8 {
     return new Uint8Array(encrypted);
   }
   async aesDecrypt(key, iv, ciphertext) {
-    const decipher = (0, import_crypto.createDecipheriv)(
+    const decipher = (0, import_node_crypto.createDecipheriv)(
       "aes-256-cbc",
       Buffer.from(key),
       Buffer.from(iv)
@@ -31614,7 +31617,7 @@ var NodeECIESUint8Provider = class extends BaseECIESUint8 {
 // src/platform/node.ts
 init_interface();
-var import_crypto2 = require("crypto");
+var import_node_crypto2 = require("node:crypto");
 var import_secp256k12 = __toESM(require("secp256k1"), 1);
 var getOpenPGP = lazyImport(() => import("openpgp"));
 var NodeCryptoAdapter = class {
@@ -31707,7 +31710,7 @@ var NodeCryptoAdapter = class {
       const secp256k14 = import_secp256k12.default;
       let privateKey;
       do {
-        privateKey = (0, import_crypto2.randomBytes)(32);
+        privateKey = (0, import_node_crypto2.randomBytes)(32);
       } while (!secp256k14.privateKeyVerify(privateKey));
       const publicKey = Buffer.from(
         secp256k14.publicKeyCreate(privateKey, true)
@@ -32193,6 +32196,30 @@ function base64urlDecode(input) {
   base64 += "=".repeat(padLength);
   return new TextDecoder().decode(fromBase64(base64));
 }
+function isFiniteNumber(value) {
+  return typeof value === "number" && Number.isFinite(value);
+}
+function parsePayload(value) {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    throw new InvalidSignatureError({ reason: "Invalid payload shape" });
+  }
+  const payload = value;
+  if (typeof payload["aud"] !== "string" || typeof payload["method"] !== "string" || typeof payload["uri"] !== "string" || typeof payload["bodyHash"] !== "string" || !isFiniteNumber(payload["iat"]) || !isFiniteNumber(payload["exp"])) {
+    throw new InvalidSignatureError({ reason: "Invalid payload claims" });
+  }
+  if (payload["grantId"] !== void 0 && typeof payload["grantId"] !== "string") {
+    throw new InvalidSignatureError({ reason: "Invalid grantId claim" });
+  }
+  return {
+    aud: payload["aud"],
+    method: payload["method"],
+    uri: payload["uri"],
+    bodyHash: payload["bodyHash"],
+    iat: payload["iat"],
+    exp: payload["exp"],
+    grantId: payload["grantId"]
+  };
+}
 function parseWeb3SignedHeader(headerValue) {
   if (!headerValue) {
     throw new MissingAuthError();
@@ -32213,8 +32240,9 @@ function parseWeb3SignedHeader(headerValue) {
   let payload;
   try {
     const decoded = base64urlDecode(payloadBase64);
-    payload = JSON.parse(decoded);
-  } catch {
+    payload = parsePayload(JSON.parse(decoded));
+  } catch (err) {
+    if (err instanceof InvalidSignatureError) throw err;
     throw new InvalidSignatureError({ reason: "Invalid payload encoding" });
   }
   return {
@@ -32257,7 +32285,7 @@ async function verifyWeb3Signed(params) {
       actual: payload.uri
     });
   }
-  if (params.bodyBytes !== void 0 && params.bodyBytes.length > 0) {
+  if (params.bodyBytes !== void 0) {
     const expectedBodyHash = computeBodyHash(params.bodyBytes);
     if (payload.bodyHash !== expectedBodyHash) {
       throw new InvalidSignatureError({
@@ -32453,6 +32481,121 @@ var BUILDER_REGISTRATION_TYPES = {
   ]
 };
+// src/protocol/grants.ts
+var import_viem14 = require("viem");
+function isHexString(value) {
+  return typeof value === "string" && value.startsWith("0x");
+}
+function isDataPortabilityGatewayConfig(value) {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    return false;
+  }
+  const config = value;
+  const contracts = config["contracts"];
+  if (typeof config["chainId"] !== "number" || !Number.isInteger(config["chainId"]) || config["chainId"] <= 0 || contracts === null || typeof contracts !== "object" || Array.isArray(contracts)) {
+    return false;
+  }
+  const c = contracts;
+  return isHexString(c["dataRegistry"]) && isHexString(c["dataPortabilityPermissions"]) && isHexString(c["dataPortabilityServer"]) && isHexString(c["dataPortabilityGrantees"]);
+}
+function parseGrantRegistrationPayload(grant) {
+  let parsed;
+  try {
+    parsed = JSON.parse(grant);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+    return null;
+  }
+  const value = parsed;
+  if (!Array.isArray(value["scopes"]) || value["scopes"].length === 0) {
+    return null;
+  }
+  if (!value["scopes"].every((scope) => typeof scope === "string")) {
+    return null;
+  }
+  if (typeof value["expiresAt"] !== "number" || !Number.isFinite(value["expiresAt"])) {
+    return null;
+  }
+  if (value["user"] !== void 0 && !isHexString(value["user"])) {
+    return null;
+  }
+  if (value["builder"] !== void 0 && !isHexString(value["builder"])) {
+    return null;
+  }
+  if (value["nonce"] !== void 0 && (typeof value["nonce"] !== "number" || !Number.isFinite(value["nonce"]))) {
+    return null;
+  }
+  return {
+    user: value["user"],
+    builder: value["builder"],
+    scopes: value["scopes"],
+    expiresAt: value["expiresAt"],
+    nonce: value["nonce"]
+  };
+}
+function parseFileIds(fileIds) {
+  try {
+    const values = (fileIds ?? []).map((fileId) => BigInt(fileId));
+    return {
+      values,
+      display: values.map((fileId) => fileId.toString())
+    };
+  } catch {
+    return null;
+  }
+}
+async function verifyGrantRegistration(input) {
+  const payload = parseGrantRegistrationPayload(input.grant);
+  if (!payload) {
+    return {
+      valid: false,
+      error: "Grant must be JSON with scopes and expiresAt"
+    };
+  }
+  const fileIds = parseFileIds(input.fileIds);
+  if (!fileIds) {
+    return { valid: false, error: "fileIds must contain integer values" };
+  }
+  let valid;
+  try {
+    valid = await (0, import_viem14.verifyTypedData)({
+      address: input.grantorAddress,
+      domain: grantRegistrationDomain(input.gatewayConfig),
+      types: GRANT_REGISTRATION_TYPES,
+      primaryType: "GrantRegistration",
+      message: {
+        grantorAddress: input.grantorAddress,
+        granteeId: input.granteeId,
+        grant: input.grant,
+        fileIds: fileIds.values
+      },
+      signature: input.signature
+    });
+  } catch {
+    return { valid: false, error: "EIP-712 signature verification failed" };
+  }
+  if (!valid) {
+    return { valid: false, error: "Grant signature does not match grantor" };
+  }
+  const nowSeconds = input.nowSeconds ?? Math.floor(Date.now() / 1e3);
+  if (payload.expiresAt > 0 && payload.expiresAt < nowSeconds) {
+    return { valid: false, error: "Grant has expired" };
+  }
+  if (payload.user !== void 0 && payload.user.toLowerCase() !== input.grantorAddress.toLowerCase()) {
+    return { valid: false, error: "Grant user does not match grantorAddress" };
+  }
+  return {
+    valid: true,
+    grantorAddress: input.grantorAddress,
+    granteeId: input.granteeId,
+    grant: input.grant,
+    payload,
+    fileIds: fileIds.display
+  };
+}
 // src/protocol/scopes.ts
 var import_zod = require("zod");
 var SEGMENT_RE = /^[a-z0-9][a-z0-9_]*$/;
@@ -32733,32 +32876,57 @@ var PSError = class extends Error {
   code;
 };
 var KNOWN_CODES = /* @__PURE__ */ new Set([
+  "missing_auth",
+  "invalid_signature",
+  "unregistered_builder",
+  "not_owner",
+  "expired_token",
   "grant_invalid",
+  "grant_required",
+  "grant_expired",
   "grant_revoked",
+  "scope_mismatch",
   "fee_required",
-  "ps_unavailable"
+  "ps_unavailable",
+  "server_not_configured",
+  "content_too_large"
 ]);
-async function parsePSError(response) {
-  if (response.ok) {
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function normalizeCode(value) {
+  if (typeof value !== "string") {
     return null;
   }
-  let body;
-  try {
-    body = await response.json();
-  } catch {
+  const code = value.toLowerCase();
+  return KNOWN_CODES.has(code) ? code : null;
+}
+function extractPSErrorBody(body) {
+  if (!isRecord(body)) {
     return null;
   }
-  if (typeof body !== "object" || body === null) {
+  const nested = isRecord(body.error) ? body.error : null;
+  const code = normalizeCode(
+    nested?.errorCode ?? nested?.code ?? body.errorCode ?? body.code
+  );
+  const message = nested?.message ?? body.message;
+  if (!code || typeof message !== "string") {
     return null;
   }
-  const { code, message } = body;
-  if (typeof code !== "string" || typeof message !== "string") {
+  return { code, message };
+}
+async function parsePSError(response) {
+  if (response.ok) {
     return null;
   }
-  if (!KNOWN_CODES.has(code)) {
+  let body;
+  try {
+    body = await response.json();
+  } catch {
     return null;
   }
-  return new PSError(code, message);
+  const errorBody = extractPSErrorBody(body);
+  return errorBody ? new PSError(errorBody.code, errorBody.message) : null;
 }
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
@@ -32842,12 +33010,14 @@ async function parsePSError(response) {
   getServiceEndpoints,
   grantRegistrationDomain,
   grantRevocationDomain,
+  isDataPortabilityGatewayConfig,
   isECIESEncrypted,
   isPlatformSupported,
   mainnetServices,
   moksha,
   mokshaServices,
   mokshaTestnet,
+  parseGrantRegistrationPayload,
   parsePSError,
   parseScope,
   parseWeb3SignedHeader,
@@ -32858,6 +33028,7 @@ async function parsePSError(response) {
   serializeECIES,
   serverRegistrationDomain,
   vanaMainnet,
+  verifyGrantRegistration,
   verifyPkceChallenge,
   verifyWeb3Signed
 });