@opendatalabs/vana-sdk 3.0.0 → 3.0.1

package/dist/index.node.d.ts

@@ -35,6 +35,7 @@ export { MissingAuthError, InvalidSignatureError, ExpiredTokenError, } from "./a
 export { generatePkceVerifier, computePkceChallenge, verifyPkceChallenge, assertValidPkceVerifier, PKCE_VERIFIER_PATTERN, PKCE_CHALLENGE_PATTERN, } from "./auth/pkce";
 export { InMemoryTokenStore, type TokenStore, type TokenRecord, } from "./auth/token-store";
 export { fileRegistrationDomain, grantRegistrationDomain, grantRevocationDomain, serverRegistrationDomain, builderRegistrationDomain, FILE_REGISTRATION_TYPES, GRANT_REGISTRATION_TYPES, GRANT_REVOCATION_TYPES, SERVER_REGISTRATION_TYPES, BUILDER_REGISTRATION_TYPES, type DataPortabilityContracts, type DataPortabilityGatewayConfig, type FileRegistrationMessage, type GrantRegistrationMessage, type GrantRevocationMessage, type ServerRegistrationMessage, type BuilderRegistrationMessage, } from "./protocol/eip712";
+export { isDataPortabilityGatewayConfig, parseGrantRegistrationPayload, verifyGrantRegistration, type DataPortabilityGrantPayload, type VerifyGrantRegistrationInput, type VerifyGrantRegistrationResult, } from "./protocol/grants";
 export { ScopeSchema, parseScope, scopeToPathSegments, scopeMatchesPattern, scopeCoveredByGrant, type Scope, type ParsedScope, } from "./protocol/scopes";
 export { DataFileEnvelopeSchema, createDataFileEnvelope, IngestResponseSchema, type DataFileEnvelope, type IngestResponse, } from "./protocol/data-file";
 export { createGatewayClient, type GatewayEnvelope, type GatewayProof, type Builder, type Schema, type ServerInfo, type GatewayGrantResponse, type GrantListItem, type FileRecord, type FileListResult, type RegisterServerParams, type RegisterServerResult, type RegisterFileParams, type CreateGrantParams, type RevokeGrantParams, type GatewayClient, } from "./protocol/gateway";

package/dist/index.node.js

@@ -32078,6 +32078,30 @@ function base64urlDecode(input) {
   base64 += "=".repeat(padLength);
   return new TextDecoder().decode(fromBase64(base64));
 }
+function isFiniteNumber(value) {
+  return typeof value === "number" && Number.isFinite(value);
+}
+function parsePayload(value) {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    throw new InvalidSignatureError({ reason: "Invalid payload shape" });
+  }
+  const payload = value;
+  if (typeof payload["aud"] !== "string" || typeof payload["method"] !== "string" || typeof payload["uri"] !== "string" || typeof payload["bodyHash"] !== "string" || !isFiniteNumber(payload["iat"]) || !isFiniteNumber(payload["exp"])) {
+    throw new InvalidSignatureError({ reason: "Invalid payload claims" });
+  }
+  if (payload["grantId"] !== void 0 && typeof payload["grantId"] !== "string") {
+    throw new InvalidSignatureError({ reason: "Invalid grantId claim" });
+  }
+  return {
+    aud: payload["aud"],
+    method: payload["method"],
+    uri: payload["uri"],
+    bodyHash: payload["bodyHash"],
+    iat: payload["iat"],
+    exp: payload["exp"],
+    grantId: payload["grantId"]
+  };
+}
 function parseWeb3SignedHeader(headerValue) {
   if (!headerValue) {
     throw new MissingAuthError();
@@ -32098,8 +32122,9 @@ function parseWeb3SignedHeader(headerValue) {
   let payload;
   try {
     const decoded = base64urlDecode(payloadBase64);
-    payload = JSON.parse(decoded);
-  } catch {
+    payload = parsePayload(JSON.parse(decoded));
+  } catch (err) {
+    if (err instanceof InvalidSignatureError) throw err;
     throw new InvalidSignatureError({ reason: "Invalid payload encoding" });
   }
   return {
@@ -32142,7 +32167,7 @@ async function verifyWeb3Signed(params) {
       actual: payload.uri
     });
   }
-  if (params.bodyBytes !== void 0 && params.bodyBytes.length > 0) {
+  if (params.bodyBytes !== void 0) {
     const expectedBodyHash = computeBodyHash(params.bodyBytes);
     if (payload.bodyHash !== expectedBodyHash) {
       throw new InvalidSignatureError({
@@ -32338,6 +32363,121 @@ var BUILDER_REGISTRATION_TYPES = {
   ]
 };
 
+// src/protocol/grants.ts
+import { verifyTypedData } from "viem";
+function isHexString(value) {
+  return typeof value === "string" && value.startsWith("0x");
+}
+function isDataPortabilityGatewayConfig(value) {
+  if (value === null || typeof value !== "object" || Array.isArray(value)) {
+    return false;
+  }
+  const config = value;
+  const contracts = config["contracts"];
+  if (typeof config["chainId"] !== "number" || !Number.isInteger(config["chainId"]) || config["chainId"] <= 0 || contracts === null || typeof contracts !== "object" || Array.isArray(contracts)) {
+    return false;
+  }
+  const c = contracts;
+  return isHexString(c["dataRegistry"]) && isHexString(c["dataPortabilityPermissions"]) && isHexString(c["dataPortabilityServer"]) && isHexString(c["dataPortabilityGrantees"]);
+}
+function parseGrantRegistrationPayload(grant) {
+  let parsed;
+  try {
+    parsed = JSON.parse(grant);
+  } catch {
+    return null;
+  }
+  if (parsed === null || typeof parsed !== "object" || Array.isArray(parsed)) {
+    return null;
+  }
+  const value = parsed;
+  if (!Array.isArray(value["scopes"]) || value["scopes"].length === 0) {
+    return null;
+  }
+  if (!value["scopes"].every((scope) => typeof scope === "string")) {
+    return null;
+  }
+  if (typeof value["expiresAt"] !== "number" || !Number.isFinite(value["expiresAt"])) {
+    return null;
+  }
+  if (value["user"] !== void 0 && !isHexString(value["user"])) {
+    return null;
+  }
+  if (value["builder"] !== void 0 && !isHexString(value["builder"])) {
+    return null;
+  }
+  if (value["nonce"] !== void 0 && (typeof value["nonce"] !== "number" || !Number.isFinite(value["nonce"]))) {
+    return null;
+  }
+  return {
+    user: value["user"],
+    builder: value["builder"],
+    scopes: value["scopes"],
+    expiresAt: value["expiresAt"],
+    nonce: value["nonce"]
+  };
+}
+function parseFileIds(fileIds) {
+  try {
+    const values = (fileIds ?? []).map((fileId) => BigInt(fileId));
+    return {
+      values,
+      display: values.map((fileId) => fileId.toString())
+    };
+  } catch {
+    return null;
+  }
+}
+async function verifyGrantRegistration(input) {
+  const payload = parseGrantRegistrationPayload(input.grant);
+  if (!payload) {
+    return {
+      valid: false,
+      error: "Grant must be JSON with scopes and expiresAt"
+    };
+  }
+  const fileIds = parseFileIds(input.fileIds);
+  if (!fileIds) {
+    return { valid: false, error: "fileIds must contain integer values" };
+  }
+  let valid;
+  try {
+    valid = await verifyTypedData({
+      address: input.grantorAddress,
+      domain: grantRegistrationDomain(input.gatewayConfig),
+      types: GRANT_REGISTRATION_TYPES,
+      primaryType: "GrantRegistration",
+      message: {
+        grantorAddress: input.grantorAddress,
+        granteeId: input.granteeId,
+        grant: input.grant,
+        fileIds: fileIds.values
+      },
+      signature: input.signature
+    });
+  } catch {
+    return { valid: false, error: "EIP-712 signature verification failed" };
+  }
+  if (!valid) {
+    return { valid: false, error: "Grant signature does not match grantor" };
+  }
+  const nowSeconds = input.nowSeconds ?? Math.floor(Date.now() / 1e3);
+  if (payload.expiresAt > 0 && payload.expiresAt < nowSeconds) {
+    return { valid: false, error: "Grant has expired" };
+  }
+  if (payload.user !== void 0 && payload.user.toLowerCase() !== input.grantorAddress.toLowerCase()) {
+    return { valid: false, error: "Grant user does not match grantorAddress" };
+  }
+  return {
+    valid: true,
+    grantorAddress: input.grantorAddress,
+    granteeId: input.granteeId,
+    grant: input.grant,
+    payload,
+    fileIds: fileIds.display
+  };
+}
+
 // src/protocol/scopes.ts
 import { z } from "zod";
 var SEGMENT_RE = /^[a-z0-9][a-z0-9_]*$/;
@@ -32618,32 +32758,57 @@ var PSError = class extends Error {
   code;
 };
 var KNOWN_CODES = /* @__PURE__ */ new Set([
+  "missing_auth",
+  "invalid_signature",
+  "unregistered_builder",
+  "not_owner",
+  "expired_token",
   "grant_invalid",
+  "grant_required",
+  "grant_expired",
   "grant_revoked",
+  "scope_mismatch",
   "fee_required",
-  "ps_unavailable"
+  "ps_unavailable",
+  "server_not_configured",
+  "content_too_large"
 ]);
-async function parsePSError(response) {
-  if (response.ok) {
+function isRecord(value) {
+  return value !== null && typeof value === "object" && !Array.isArray(value);
+}
+function normalizeCode(value) {
+  if (typeof value !== "string") {
     return null;
   }
-  let body;
-  try {
-    body = await response.json();
-  } catch {
+  const code = value.toLowerCase();
+  return KNOWN_CODES.has(code) ? code : null;
+}
+function extractPSErrorBody(body) {
+  if (!isRecord(body)) {
     return null;
   }
-  if (typeof body !== "object" || body === null) {
+  const nested = isRecord(body.error) ? body.error : null;
+  const code = normalizeCode(
+    nested?.errorCode ?? nested?.code ?? body.errorCode ?? body.code
+  );
+  const message = nested?.message ?? body.message;
+  if (!code || typeof message !== "string") {
     return null;
   }
-  const { code, message } = body;
-  if (typeof code !== "string" || typeof message !== "string") {
+  return { code, message };
+}
+async function parsePSError(response) {
+  if (response.ok) {
     return null;
   }
-  if (!KNOWN_CODES.has(code)) {
+  let body;
+  try {
+    body = await response.json();
+  } catch {
     return null;
   }
-  return new PSError(code, message);
+  const errorBody = extractPSErrorBody(body);
+  return errorBody ? new PSError(errorBody.code, errorBody.message) : null;
 }
 export {
   BUILDER_REGISTRATION_TYPES,
@@ -32726,12 +32891,14 @@ export {
   getServiceEndpoints,
   grantRegistrationDomain,
   grantRevocationDomain,
+  isDataPortabilityGatewayConfig,
   isECIESEncrypted,
   isPlatformSupported,
   mainnetServices,
   moksha,
   mokshaServices,
   mokshaTestnet2 as mokshaTestnet,
+  parseGrantRegistrationPayload,
   parsePSError,
   parseScope,
   parseWeb3SignedHeader,
@@ -32742,6 +32909,7 @@ export {
   serializeECIES,
   serverRegistrationDomain,
   vanaMainnet2 as vanaMainnet,
+  verifyGrantRegistration,
   verifyPkceChallenge,
   verifyWeb3Signed
 };