@oxyhq/services 5.16.35 → 5.16.37

package/lib/module/crypto/signatureService.js

@@ -6,35 +6,97 @@
  * Handles signing and verification of messages using ECDSA secp256k1.
  * Used for authenticating requests and proving identity ownership.
  * 
- * Note: This service handles SIGNING (requires private key access via KeyManager).
- * For VERIFICATION, use the shared SignatureService from '../shared' instead.
+ * This service provides async methods for cross-platform compatibility (React Native + Node).
+ * For Node.js-only synchronous operations, use the node/signatureService module.
  */
 
-import { ec as EC } from 'elliptic';
 import { KeyManager } from './keyManager';
-import { buildAuthMessage, buildRegistrationMessage, buildRequestMessage, getCryptoAdapter, SignatureService as SharedSignatureService, isTimestampFresh } from '../shared';
-const ec = new EC('secp256k1');
+import { verifySignatureCore, isTimestampFresh, buildAuthMessage, buildRegistrationMessage, buildRequestMessage, getEllipticCurve } from './core';
 
-// Re-export shared types
+// Lazy import for expo-crypto
+let ExpoCrypto = null;
+const ec = getEllipticCurve();
 
+/**
+ * Check if we're in a React Native environment
+ */
+function isReactNative() {
+  return typeof navigator !== 'undefined' && navigator.product === 'ReactNative';
+}
+
+/**
+ * Check if we're in a Node.js environment
+ */
+function isNodeJS() {
+  return typeof process !== 'undefined' && process.versions != null && process.versions.node != null;
+}
+
+/**
+ * Initialize expo-crypto module
+ */
+async function initExpoCrypto() {
+  if (!ExpoCrypto) {
+    ExpoCrypto = await import('expo-crypto');
+  }
+  return ExpoCrypto;
+}
+
+/**
+ * Compute SHA-256 hash of a string
+ */
+async function sha256(message) {
+  // In React Native, always use expo-crypto
+  if (isReactNative() || !isNodeJS()) {
+    const Crypto = await initExpoCrypto();
+    return Crypto.digestStringAsync(Crypto.CryptoDigestAlgorithm.SHA256, message);
+  }
+
+  // In Node.js, use Node's crypto module
+  // Use Function constructor to prevent Metro bundler from statically analyzing this require
+  // This ensures the require is only evaluated in Node.js runtime, not during Metro bundling
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-implied-eval
+    const getCrypto = new Function('return require("crypto")');
+    const crypto = getCrypto();
+    return crypto.createHash('sha256').update(message).digest('hex');
+  } catch (error) {
+    // Fallback to expo-crypto if Node crypto fails
+    const Crypto = await initExpoCrypto();
+    return Crypto.digestStringAsync(Crypto.CryptoDigestAlgorithm.SHA256, message);
+  }
+}
 export class SignatureService {
   /**
    * Generate a random challenge string (for offline use)
-   * Uses shared crypto adapter
+   * Uses expo-crypto in React Native, crypto.randomBytes in Node.js
    */
   static async generateChallenge() {
-    const adapter = await getCryptoAdapter();
-    const randomBytes = await adapter.randomBytes(32);
-    return Array.from(randomBytes).map(b => b.toString(16).padStart(2, '0')).join('');
+    if (isReactNative() || !isNodeJS()) {
+      // Use expo-crypto for React Native (expo-random is deprecated)
+      const Crypto = await initExpoCrypto();
+      const randomBytes = await Crypto.getRandomBytesAsync(32);
+      return Array.from(randomBytes).map(b => b.toString(16).padStart(2, '0')).join('');
+    }
+
+    // Node.js fallback
+    try {
+      // eslint-disable-next-line @typescript-eslint/no-implied-eval
+      const getCrypto = new Function('return require("crypto")');
+      const crypto = getCrypto();
+      return crypto.randomBytes(32).toString('hex');
+    } catch (error) {
+      // Fallback to expo-crypto if Node crypto fails
+      const Crypto = await initExpoCrypto();
+      const randomBytes = await Crypto.getRandomBytesAsync(32);
+      return Array.from(randomBytes).map(b => b.toString(16).padStart(2, '0')).join('');
+    }
   }
 
   /**
    * Hash a message using SHA-256
-   * Uses shared crypto adapter
    */
   static async hashMessage(message) {
-    const adapter = await getCryptoAdapter();
-    return adapter.sha256(message);
+    return sha256(message);
   }
 
   /**
@@ -46,8 +108,7 @@ export class SignatureService {
     if (!keyPair) {
       throw new Error('No identity found. Please create or import an identity first.');
     }
-    const adapter = await getCryptoAdapter();
-    const messageHash = await adapter.sha256(message);
+    const messageHash = await sha256(message);
     const signature = keyPair.sign(messageHash);
     return signature.toDER('hex');
   }
@@ -58,18 +119,43 @@ export class SignatureService {
    */
   static async signWithKey(message, privateKey) {
     const keyPair = ec.keyFromPrivate(privateKey);
-    const adapter = await getCryptoAdapter();
-    const messageHash = await adapter.sha256(message);
+    const messageHash = await sha256(message);
     const signature = keyPair.sign(messageHash);
     return signature.toDER('hex');
   }
 
   /**
    * Verify a signature against a message and public key
-   * Uses shared SignatureService for verification
    */
   static async verify(message, signature, publicKey) {
-    return SharedSignatureService.verify(message, signature, publicKey);
+    try {
+      const messageHash = await sha256(message);
+      return verifySignatureCore(messageHash, signature, publicKey);
+    } catch {
+      return false;
+    }
+  }
+
+  /**
+   * Synchronous verification (for Node.js backend)
+   * Uses crypto module directly for hashing
+   * Note: This method should only be used in Node.js environments
+   */
+  static verifySync(message, signature, publicKey) {
+    try {
+      if (!isNodeJS()) {
+        // In React Native, use async verify instead
+        throw new Error('verifySync should only be used in Node.js. Use verify() in React Native.');
+      }
+      // Use Function constructor to prevent Metro bundler from statically analyzing this require
+      // eslint-disable-next-line @typescript-eslint/no-implied-eval
+      const getCrypto = new Function('return require("crypto")');
+      const crypto = getCrypto();
+      const messageHash = crypto.createHash('sha256').update(message).digest('hex');
+      return verifySignatureCore(messageHash, signature, publicKey);
+    } catch {
+      return false;
+    }
   }
 
   /**
@@ -94,7 +180,6 @@ export class SignatureService {
   /**
    * Verify a signed message object
    * Checks both signature validity and timestamp freshness
-   * Uses shared SignatureService for verification
    */
   static async verifySignedMessage(signedMessage, maxAgeMs = 5 * 60 * 1000 // 5 minutes default
   ) {
@@ -112,7 +197,7 @@ export class SignatureService {
 
     // Verify signature
     const messageWithTimestamp = `${message}:${timestamp}`;
-    return SharedSignatureService.verify(messageWithTimestamp, signature, publicKey);
+    return SignatureService.verify(messageWithTimestamp, signature, publicKey);
   }
 
   /**
@@ -136,7 +221,6 @@ export class SignatureService {
 
   /**
    * Verify a challenge response
-   * Uses shared SignatureService for verification
    */
   static async verifyChallengeResponse(originalChallenge, response, maxAgeMs = 5 * 60 * 1000) {
     const {
@@ -144,7 +228,13 @@ export class SignatureService {
       publicKey,
       timestamp
     } = response;
-    return SharedSignatureService.verifyChallengeResponse(publicKey, originalChallenge, signature, timestamp, maxAgeMs);
+
+    // Check timestamp freshness
+    if (!isTimestampFresh(timestamp, maxAgeMs)) {
+      return false;
+    }
+    const message = buildAuthMessage(publicKey, originalChallenge, timestamp);
+    return SignatureService.verify(message, signature, publicKey);
   }
 
   /**

package/lib/module/crypto/signatureService.js.map

@@ -1 +1 @@
-{"version":3,"names":["ec","EC","KeyManager","buildAuthMessage","buildRegistrationMessage","buildRequestMessage","getCryptoAdapter","SignatureService","SharedSignatureService","isTimestampFresh","generateChallenge","adapter","randomBytes","Array","from","map","b","toString","padStart","join","hashMessage","message","sha256","sign","keyPair","getKeyPairObject","Error","messageHash","signature","toDER","signWithKey","privateKey","keyFromPrivate","verify","publicKey","createSignedMessage","getPublicKey","timestamp","Date","now","messageWithTimestamp","verifySignedMessage","signedMessage","maxAgeMs","signChallenge","challenge","verifyChallengeResponse","originalChallenge","response","createRegistrationSignature","signRequestData","data"],"sourceRoot":"../../../src","sources":["crypto/signatureService.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,EAAE,IAAIC,EAAE,QAAQ,UAAU;AACnC,SAASC,UAAU,QAAQ,cAAc;AACzC,SACEC,gBAAgB,EAChBC,wBAAwB,EACxBC,mBAAmB,EACnBC,gBAAgB,EAChBC,gBAAgB,IAAIC,sBAAsB,EAC1CC,gBAAgB,QAEX,WAAW;AAElB,MAAMT,EAAE,GAAG,IAAIC,EAAE,CAAC,WAAW,CAAC;;AAE9B;;AASA,OAAO,MAAMM,gBAAgB,CAAC;EAC5B;AACF;AACA;AACA;EACE,aAAaG,iBAAiBA,CAAA,EAAoB;IAChD,MAAMC,OAAO,GAAG,MAAML,gBAAgB,CAAC,CAAC;IACxC,MAAMM,WAAW,GAAG,MAAMD,OAAO,CAACC,WAAW,CAAC,EAAE,CAAC;IACjD,OAAOC,KAAK,CAACC,IAAI,CAACF,WAAW,CAAC,CAC3BG,GAAG,CAAEC,CAAS,IAAKA,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CACnDC,IAAI,CAAC,EAAE,CAAC;EACb;;EAEA;AACF;AACA;AACA;EACE,aAAaC,WAAWA,CAACC,OAAe,EAAmB;IACzD,MAAMV,OAAO,GAAG,MAAML,gBAAgB,CAAC,CAAC;IACxC,OAAOK,OAAO,CAACW,MAAM,CAACD,OAAO,CAAC;EAChC;;EAEA;AACF;AACA;AACA;EACE,aAAaE,IAAIA,CAACF,OAAe,EAAmB;IAClD,MAAMG,OAAO,GAAG,MAAMtB,UAAU,CAACuB,gBAAgB,CAAC,CAAC;IACnD,IAAI,CAACD,OAAO,EAAE;MACZ,MAAM,IAAIE,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMf,OAAO,GAAG,MAAML,gBAAgB,CAAC,CAAC;IACxC,MAAMqB,WAAW,GAAG,MAAMhB,OAAO,CAACW,MAAM,CAACD,OAAO,CAAC;IACjD,MAAMO,SAAS,GAAGJ,OAAO,CAACD,IAAI,CAACI,WAAW,CAAC;IAC3C,OAAOC,SAAS,CAACC,KAAK,CAAC,KAAK,CAAC;EAC/B;;EAEA;AACF;AACA;AACA;EACE,aAAaC,WAAWA,CAACT,OAAe,EAAEU,UAAkB,EAAmB;IAC7E,MAAMP,OAAO,GAAGxB,EAAE,CAACgC,cAAc,CAACD,UAAU,CAAC;IAC7C,MAAMpB,OAAO,GAAG,MAAML,gBAAgB,CAAC,CAAC;IACxC,MAAMqB,WAAW,GAAG,MAAMhB,OAAO,CAACW,MAAM,CAACD,OAAO,CAAC;IACjD,MAAMO,SAAS,GAAGJ,OAAO,CAACD,IAAI,CAACI,WAAW,CAAC;IAC3C,OAAOC,SAAS,CAACC,KAAK,CAAC,KAAK,CAAC;EAC/B;;EAEA;AACF;AACA;AACA;EACE,aAAaI,MAAMA,CAACZ,OAAe,EAAEO,SAAiB,EAAEM,SAAiB,EAAoB;IAC3F,OAAO1B,sBAAsB,CAACyB,MAAM,CAACZ,OAAO,EAAEO,SAAS,EAAEM,SAAS,CAAC;EACrE;;EAEA;AACF;AACA;EACE,aAAaC,mBAAmBA,CAACd,OAAe,EAA0B;IACxE,MAAMa,SAAS,GAAG,MAAMhC,UAAU,CAACkC,YAAY,CAAC,CAAC;IACjD,IAAI,CAACF,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMW,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMC,oBAAoB,GAAG,GAAGnB,OAAO,IAAIgB,SAAS,EAAE;IACtD,MAAMT,SAAS,GAAG,MAAMrB,gBAAgB,CAACgB,IAAI,CAACiB,oBAAoB,CAAC;IAEnE,OAAO;MACLnB,OAAO;MACPO,SAAS;MACTM,SAAS;MACTG;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;EACE,aAAaI,mBAAmBA,CAC9BC,aAA4B,EAC5BC,QAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;EAAA,EACf;IAClB,MAAM;MAAEtB,OAAO;MAAEO,SAAS;MAAEM,SAAS;MAAEG;IAAU,CAAC,GAAGK,aAAa;;IAElE;IACA,IAAI,CAACjC,gBAAgB,CAAC4B,SAAS,EAAEM,QAAQ,CAAC,EAAE;MAC1C,OAAO,KAAK;IACd;;IAEA;IACA,MAAMH,oBAAoB,GAAG,GAAGnB,OAAO,IAAIgB,SAAS,EAAE;IACtD,OAAO7B,sBAAsB,CAACyB,MAAM,CAACO,oBAAoB,EAAEZ,SAAS,EAAEM,SAAS,CAAC;EAClF;;EAEA;AACF;AACA;AACA;EACE,aAAaU,aAAaA,CAACC,SAAiB,EAA0B;IACpE,MAAMX,SAAS,GAAG,MAAMhC,UAAU,CAACkC,YAAY,CAAC,CAAC;IACjD,IAAI,CAACF,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMW,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMlB,OAAO,GAAGlB,gBAAgB,CAAC+B,SAAS,EAAEW,SAAS,EAAER,SAAS,CAAC;IACjE,MAAMT,SAAS,GAAG,MAAMrB,gBAAgB,CAACgB,IAAI,CAACF,OAAO,CAAC;IAEtD,OAAO;MACLwB,SAAS,EAAEjB,SAAS;MACpBM,SAAS;MACTG;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACE,aAAaS,uBAAuBA,CAClCC,iBAAyB,EACzBC,QAAuB,EACvBL,QAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EACd;IAClB,MAAM;MAAEE,SAAS,EAAEjB,SAAS;MAAEM,SAAS;MAAEG;IAAU,CAAC,GAAGW,QAAQ;IAC/D,OAAOxC,sBAAsB,CAACsC,uBAAuB,CACnDZ,SAAS,EACTa,iBAAiB,EACjBnB,SAAS,EACTS,SAAS,EACTM,QACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;AACA;EACE,aAAaM,2BAA2BA,CAAA,EAAyE;IAC/G,MAAMf,SAAS,GAAG,MAAMhC,UAAU,CAACkC,YAAY,CAAC,CAAC;IACjD,IAAI,CAACF,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMW,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMlB,OAAO,GAAGjB,wBAAwB,CAAC8B,SAAS,EAAEG,SAAS,CAAC;IAC9D,MAAMT,SAAS,GAAG,MAAMrB,gBAAgB,CAACgB,IAAI,CAACF,OAAO,CAAC;IAEtD,OAAO;MACLO,SAAS;MACTM,SAAS;MACTG;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACE,aAAaa,eAAeA,CAACC,IAA6B,EAIvD;IACD,MAAMjB,SAAS,GAAG,MAAMhC,UAAU,CAACkC,YAAY,CAAC,CAAC;IACjD,IAAI,CAACF,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMW,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMlB,OAAO,GAAGhB,mBAAmB,CAAC6B,SAAS,EAAEG,SAAS,EAAEc,IAAI,CAAC;IAC/D,MAAMvB,SAAS,GAAG,MAAMrB,gBAAgB,CAACgB,IAAI,CAACF,OAAO,CAAC;IAEtD,OAAO;MACLO,SAAS;MACTM,SAAS;MACTG;IACF,CAAC;EACH;AACF;AAEA,eAAe9B,gBAAgB","ignoreList":[]}
+{"version":3,"names":["KeyManager","verifySignatureCore","isTimestampFresh","buildAuthMessage","buildRegistrationMessage","buildRequestMessage","getEllipticCurve","ExpoCrypto","ec","isReactNative","navigator","product","isNodeJS","process","versions","node","initExpoCrypto","sha256","message","Crypto","digestStringAsync","CryptoDigestAlgorithm","SHA256","getCrypto","Function","crypto","createHash","update","digest","error","SignatureService","generateChallenge","randomBytes","getRandomBytesAsync","Array","from","map","b","toString","padStart","join","hashMessage","sign","keyPair","getKeyPairObject","Error","messageHash","signature","toDER","signWithKey","privateKey","keyFromPrivate","verify","publicKey","verifySync","createSignedMessage","getPublicKey","timestamp","Date","now","messageWithTimestamp","verifySignedMessage","signedMessage","maxAgeMs","signChallenge","challenge","verifyChallengeResponse","originalChallenge","response","createRegistrationSignature","signRequestData","data"],"sourceRoot":"../../../src","sources":["crypto/signatureService.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAASA,UAAU,QAAQ,cAAc;AACzC,SACEC,mBAAmB,EAEnBC,gBAAgB,EAChBC,gBAAgB,EAChBC,wBAAwB,EACxBC,mBAAmB,EAEnBC,gBAAgB,QACX,QAAQ;;AAEf;AACA,IAAIC,UAA+C,GAAG,IAAI;AAE1D,MAAMC,EAAE,GAAGF,gBAAgB,CAAC,CAAC;;AAE7B;AACA;AACA;AACA,SAASG,aAAaA,CAAA,EAAY;EAChC,OAAO,OAAOC,SAAS,KAAK,WAAW,IAAIA,SAAS,CAACC,OAAO,KAAK,aAAa;AAChF;;AAEA;AACA;AACA;AACA,SAASC,QAAQA,CAAA,EAAY;EAC3B,OAAO,OAAOC,OAAO,KAAK,WAAW,IAAIA,OAAO,CAACC,QAAQ,IAAI,IAAI,IAAID,OAAO,CAACC,QAAQ,CAACC,IAAI,IAAI,IAAI;AACpG;;AAEA;AACA;AACA;AACA,eAAeC,cAAcA,CAAA,EAA0C;EACrE,IAAI,CAACT,UAAU,EAAE;IACfA,UAAU,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC;EAC1C;EACA,OAAOA,UAAU;AACnB;;AAEA;AACA;AACA;AACA,eAAeU,MAAMA,CAACC,OAAe,EAAmB;EACtD;EACA,IAAIT,aAAa,CAAC,CAAC,IAAI,CAACG,QAAQ,CAAC,CAAC,EAAE;IAClC,MAAMO,MAAM,GAAG,MAAMH,cAAc,CAAC,CAAC;IACrC,OAAOG,MAAM,CAACC,iBAAiB,CAC7BD,MAAM,CAACE,qBAAqB,CAACC,MAAM,EACnCJ,OACF,CAAC;EACH;;EAEA;EACA;EACA;EACA,IAAI;IACF;IACA,MAAMK,SAAS,GAAG,IAAIC,QAAQ,CAAC,0BAA0B,CAAC;IAC1D,MAAMC,MAAM,GAAGF,SAAS,CAAC,CAAC;IAC1B,OAAOE,MAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACT,OAAO,CAAC,CAACU,MAAM,CAAC,KAAK,CAAC;EAClE,CAAC,CAAC,OAAOC,KAAK,EAAE;IACd;IACA,MAAMV,MAAM,GAAG,MAAMH,cAAc,CAAC,CAAC;IACrC,OAAOG,MAAM,CAACC,iBAAiB,CAC7BD,MAAM,CAACE,qBAAqB,CAACC,MAAM,EACnCJ,OACF,CAAC;EACH;AACF;AAeA,OAAO,MAAMY,gBAAgB,CAAC;EAC5B;AACF;AACA;AACA;EACE,aAAaC,iBAAiBA,CAAA,EAAoB;IAChD,IAAItB,aAAa,CAAC,CAAC,IAAI,CAACG,QAAQ,CAAC,CAAC,EAAE;MAClC;MACA,MAAMO,MAAM,GAAG,MAAMH,cAAc,CAAC,CAAC;MACrC,MAAMgB,WAAW,GAAG,MAAMb,MAAM,CAACc,mBAAmB,CAAC,EAAE,CAAC;MACxD,OAAOC,KAAK,CAACC,IAAI,CAACH,WAAW,CAAC,CAC3BI,GAAG,CAAEC,CAAS,IAAKA,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CACnDC,IAAI,CAAC,EAAE,CAAC;IACb;;IAEA;IACA,IAAI;MACF;MACA,MAAMjB,SAAS,GAAG,IAAIC,QAAQ,CAAC,0BAA0B,CAAC;MAC1D,MAAMC,MAAM,GAAGF,SAAS,CAAC,CAAC;MAC1B,OAAOE,MAAM,CAACO,WAAW,CAAC,EAAE,CAAC,CAACM,QAAQ,CAAC,KAAK,CAAC;IAC/C,CAAC,CAAC,OAAOT,KAAK,EAAE;MACd;MACA,MAAMV,MAAM,GAAG,MAAMH,cAAc,CAAC,CAAC;MACrC,MAAMgB,WAAW,GAAG,MAAMb,MAAM,CAACc,mBAAmB,CAAC,EAAE,CAAC;MACxD,OAAOC,KAAK,CAACC,IAAI,CAACH,WAAW,CAAC,CAC3BI,GAAG,CAAEC,CAAS,IAAKA,CAAC,CAACC,QAAQ,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CACnDC,IAAI,CAAC,EAAE,CAAC;IACb;EACF;;EAEA;AACF;AACA;EACE,aAAaC,WAAWA,CAACvB,OAAe,EAAmB;IACzD,OAAOD,MAAM,CAACC,OAAO,CAAC;EACxB;;EAEA;AACF;AACA;AACA;EACE,aAAawB,IAAIA,CAACxB,OAAe,EAAmB;IAClD,MAAMyB,OAAO,GAAG,MAAM3C,UAAU,CAAC4C,gBAAgB,CAAC,CAAC;IACnD,IAAI,CAACD,OAAO,EAAE;MACZ,MAAM,IAAIE,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMC,WAAW,GAAG,MAAM7B,MAAM,CAACC,OAAO,CAAC;IACzC,MAAM6B,SAAS,GAAGJ,OAAO,CAACD,IAAI,CAACI,WAAW,CAAC;IAC3C,OAAOC,SAAS,CAACC,KAAK,CAAC,KAAK,CAAC;EAC/B;;EAEA;AACF;AACA;AACA;EACE,aAAaC,WAAWA,CAAC/B,OAAe,EAAEgC,UAAkB,EAAmB;IAC7E,MAAMP,OAAO,GAAGnC,EAAE,CAAC2C,cAAc,CAACD,UAAU,CAAC;IAC7C,MAAMJ,WAAW,GAAG,MAAM7B,MAAM,CAACC,OAAO,CAAC;IACzC,MAAM6B,SAAS,GAAGJ,OAAO,CAACD,IAAI,CAACI,WAAW,CAAC;IAC3C,OAAOC,SAAS,CAACC,KAAK,CAAC,KAAK,CAAC;EAC/B;;EAEA;AACF;AACA;EACE,aAAaI,MAAMA,CAAClC,OAAe,EAAE6B,SAAiB,EAAEM,SAAiB,EAAoB;IAC3F,IAAI;MACF,MAAMP,WAAW,GAAG,MAAM7B,MAAM,CAACC,OAAO,CAAC;MACzC,OAAOjB,mBAAmB,CAAC6C,WAAW,EAAEC,SAAS,EAAEM,SAAS,CAAC;IAC/D,CAAC,CAAC,MAAM;MACN,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;AACA;AACA;EACE,OAAOC,UAAUA,CAACpC,OAAe,EAAE6B,SAAiB,EAAEM,SAAiB,EAAW;IAChF,IAAI;MACF,IAAI,CAACzC,QAAQ,CAAC,CAAC,EAAE;QACf;QACA,MAAM,IAAIiC,KAAK,CAAC,0EAA0E,CAAC;MAC7F;MACA;MACA;MACA,MAAMtB,SAAS,GAAG,IAAIC,QAAQ,CAAC,0BAA0B,CAAC;MAC1D,MAAMC,MAAM,GAAGF,SAAS,CAAC,CAAC;MAC1B,MAAMuB,WAAW,GAAGrB,MAAM,CAACC,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACT,OAAO,CAAC,CAACU,MAAM,CAAC,KAAK,CAAC;MAC7E,OAAO3B,mBAAmB,CAAC6C,WAAW,EAAEC,SAAS,EAAEM,SAAS,CAAC;IAC/D,CAAC,CAAC,MAAM;MACN,OAAO,KAAK;IACd;EACF;;EAEA;AACF;AACA;EACE,aAAaE,mBAAmBA,CAACrC,OAAe,EAA0B;IACxE,MAAMmC,SAAS,GAAG,MAAMrD,UAAU,CAACwD,YAAY,CAAC,CAAC;IACjD,IAAI,CAACH,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMY,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMC,oBAAoB,GAAG,GAAG1C,OAAO,IAAIuC,SAAS,EAAE;IACtD,MAAMV,SAAS,GAAG,MAAMjB,gBAAgB,CAACY,IAAI,CAACkB,oBAAoB,CAAC;IAEnE,OAAO;MACL1C,OAAO;MACP6B,SAAS;MACTM,SAAS;MACTI;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACE,aAAaI,mBAAmBA,CAC9BC,aAA4B,EAC5BC,QAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;EAAA,EACf;IAClB,MAAM;MAAE7C,OAAO;MAAE6B,SAAS;MAAEM,SAAS;MAAEI;IAAU,CAAC,GAAGK,aAAa;;IAElE;IACA,IAAI,CAAC5D,gBAAgB,CAACuD,SAAS,EAAEM,QAAQ,CAAC,EAAE;MAC1C,OAAO,KAAK;IACd;;IAEA;IACA,MAAMH,oBAAoB,GAAG,GAAG1C,OAAO,IAAIuC,SAAS,EAAE;IACtD,OAAO3B,gBAAgB,CAACsB,MAAM,CAACQ,oBAAoB,EAAEb,SAAS,EAAEM,SAAS,CAAC;EAC5E;;EAEA;AACF;AACA;AACA;EACE,aAAaW,aAAaA,CAACC,SAAiB,EAA0B;IACpE,MAAMZ,SAAS,GAAG,MAAMrD,UAAU,CAACwD,YAAY,CAAC,CAAC;IACjD,IAAI,CAACH,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMY,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMzC,OAAO,GAAGf,gBAAgB,CAACkD,SAAS,EAAEY,SAAS,EAAER,SAAS,CAAC;IACjE,MAAMV,SAAS,GAAG,MAAMjB,gBAAgB,CAACY,IAAI,CAACxB,OAAO,CAAC;IAEtD,OAAO;MACL+C,SAAS,EAAElB,SAAS;MACpBM,SAAS;MACTI;IACF,CAAC;EACH;;EAEA;AACF;AACA;EACE,aAAaS,uBAAuBA,CAClCC,iBAAyB,EACzBC,QAAuB,EACvBL,QAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,EACd;IAClB,MAAM;MAAEE,SAAS,EAAElB,SAAS;MAAEM,SAAS;MAAEI;IAAU,CAAC,GAAGW,QAAQ;;IAE/D;IACA,IAAI,CAAClE,gBAAgB,CAACuD,SAAS,EAAEM,QAAQ,CAAC,EAAE;MAC1C,OAAO,KAAK;IACd;IAEA,MAAM7C,OAAO,GAAGf,gBAAgB,CAACkD,SAAS,EAAEc,iBAAiB,EAAEV,SAAS,CAAC;IACzE,OAAO3B,gBAAgB,CAACsB,MAAM,CAAClC,OAAO,EAAE6B,SAAS,EAAEM,SAAS,CAAC;EAC/D;;EAEA;AACF;AACA;AACA;AACA;EACE,aAAagB,2BAA2BA,CAAA,EAAyE;IAC/G,MAAMhB,SAAS,GAAG,MAAMrD,UAAU,CAACwD,YAAY,CAAC,CAAC;IACjD,IAAI,CAACH,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMY,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMzC,OAAO,GAAGd,wBAAwB,CAACiD,SAAS,EAAEI,SAAS,CAAC;IAC9D,MAAMV,SAAS,GAAG,MAAMjB,gBAAgB,CAACY,IAAI,CAACxB,OAAO,CAAC;IAEtD,OAAO;MACL6B,SAAS;MACTM,SAAS;MACTI;IACF,CAAC;EACH;;EAEA;AACF;AACA;AACA;EACE,aAAaa,eAAeA,CAACC,IAA6B,EAIvD;IACD,MAAMlB,SAAS,GAAG,MAAMrD,UAAU,CAACwD,YAAY,CAAC,CAAC;IACjD,IAAI,CAACH,SAAS,EAAE;MACd,MAAM,IAAIR,KAAK,CAAC,+DAA+D,CAAC;IAClF;IAEA,MAAMY,SAAS,GAAGC,IAAI,CAACC,GAAG,CAAC,CAAC;IAC5B,MAAMzC,OAAO,GAAGb,mBAAmB,CAACgD,SAAS,EAAEI,SAAS,EAAEc,IAAI,CAAC;IAC/D,MAAMxB,SAAS,GAAG,MAAMjB,gBAAgB,CAACY,IAAI,CAACxB,OAAO,CAAC;IAEtD,OAAO;MACL6B,SAAS;MACTM,SAAS;MACTI;IACF,CAAC;EACH;AACF;AAEA,eAAe3B,gBAAgB","ignoreList":[]}

package/lib/module/index.js

@@ -30,8 +30,6 @@ export { default as OxyProvider } from './ui/components/OxyProvider';
 export { DeviceManager } from './utils/deviceManager';
 // Language utilities
 export { SUPPORTED_LANGUAGES, getLanguageMetadata, getLanguageName, getNativeLanguageName, normalizeLanguageCode } from './utils/languageUtils';
-// Shared models and utilities (bundled for external consumers)
-export * from './shared';
 
 // Type exports
 

package/lib/module/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["KeyManager","SignatureService","OxyServices","OxyAuthenticationError","OxyAuthenticationTimeoutError","OXY_CLOUD_URL","oxyClient","OxyContextProvider","useOxy","default","OxyProvider","DeviceManager","SUPPORTED_LANGUAGES","getLanguageMetadata","getLanguageName","getNativeLanguageName","normalizeLanguageCode","SECURITY_EVENT_SEVERITY_MAP","useAuthStore","useAssetStore","useAssets","useAssetsStore","useAsset","useUploadProgress","useAssetLoading","useAssetErrors","useAssetsByApp","useAssetsByEntity","useAssetUsageCount","useIsAssetLinked","useSessionSocket","setOxyAssetInstance","useFileDownloadUrl","setOxyFileUrlInstance","useUsernameValidation","USERNAME_MIN_LENGTH","USERNAME_REGEX","USERNAME_FORMAT_ERROR","USERNAME_DEBOUNCE_MS","useUserProfile","useUserProfiles","useCurrentUser","useUserById","useUserByUsername","useUsersBySessions","usePrivacySettings","useBlockedUsers","useRestrictedUsers","useSessions","useSession","useDeviceSessions","useUserDevices","useSecurityInfo","useSecurityActivity","useRecentSecurityActivity","useUpdateProfile","useUploadAvatar","useUpdateAccountSettings","useUpdatePrivacySettings","useUploadFile","useUnblockUser","useUnrestrictUser","useSwitchSession","useLogoutSession","useLogoutAll","useUpdateDeviceName","useRemoveDevice","OxySignInButton","OxyLogo","FollowButton","ErrorCodes","createApiError","handleHttpError","validateRequiredFields","retryWithBackoff","logger","LogLevel","LogContext","logAuth","logApi","logSession","logUser","logDevice","logPayment","logPerformance"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,OAAO,mBAAmB;;AAE1B;AACA,SACEA,UAAU,EACVC,gBAAgB,QACX,UAAU;;AAEjB;AACA,SAASC,WAAW,EAAEC,sBAAsB,EAAEC,6BAA6B,QAAQ,QAAQ;AAC3F,SAASC,aAAa,EAAEC,SAAS,QAAQ,QAAQ;AAOjD;AACA,SACEC,kBAAkB;AAAE;AACpBC,MAAM,QACD,yBAAyB;;AAEhC;AACA,SAASC,OAAO,IAAIC,WAAW,QAAQ,6BAA6B;;AAEpE;AACA,SAASC,aAAa,QAAQ,uBAAuB;AAGrD;AACA,SACEC,mBAAmB,EACnBC,mBAAmB,EACnBC,eAAe,EACfC,qBAAqB,EACrBC,qBAAqB,QAChB,uBAAuB;AAG9B;AACA,cAAc,UAAU;;AAExB;;AA2DA;AACA,SAASC,2BAA2B,QAAQ,qBAAqB;AAQjE;AACA,SAASC,YAAY,QAAQ,uBAAuB;AACpD,SACEC,aAAa,EACbC,SAAS,IAAIC,cAAc,EAC3BC,QAAQ,EACRC,iBAAiB,EACjBC,eAAe,EACfC,cAAc,EACdC,cAAc,EACdC,iBAAiB,EACjBC,kBAAkB,EAClBC,gBAAgB,QACX,wBAAwB;;AAE/B;AACA,SAASC,gBAAgB,QAAQ,6BAA6B;AAC9D,SAASV,SAAS,EAAEW,mBAAmB,QAAQ,sBAAsB;AACrE,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,+BAA+B;AACzF,SAASC,qBAAqB,EAAEC,mBAAmB,EAAEC,cAAc,EAAEC,qBAAqB,EAAEC,oBAAoB,QAAQ,iBAAiB;AAGzI;AACA;AACE;AACAC,cAAc,EACdC,eAAe,EACfC,cAAc,EACdC,WAAW,EACXC,iBAAiB,EACjBC,kBAAkB,EAClBC,kBAAkB,EAClBC,eAAe,EACfC,kBAAkB;AAClB;AACAC,WAAW,EACXC,UAAU,EACVC,iBAAiB,EACjBC,cAAc,EACdC,eAAe;AACf;AACAC,mBAAmB,EACnBC,yBAAyB,QACpB,oBAAoB;;AAE3B;AACA;AACE;AACAC,gBAAgB,EAChBC,eAAe,EACfC,wBAAwB,EACxBC,wBAAwB,EACxBC,aAAa,EACbC,cAAc,EACdC,iBAAiB;AACjB;AACAC,gBAAgB,EAChBC,gBAAgB,EAChBC,YAAY,EACZC,mBAAmB,EACnBC,eAAe,QACV,sBAAsB;;AAE7B;AACA,SAASC,eAAe,QAAQ,iCAAiC;AACjE,SAASC,OAAO,EAAEC,YAAY,QAAQ,MAAM;;AAE5C;AACA,cAAc,kBAAkB;AAChC,SACEC,UAAU,EACVC,cAAc,EACdC,eAAe,EACfC,sBAAsB,EACtBC,gBAAgB,QACX,oBAAoB;AAC3B,cAAc,yBAAyB;AACvC,SACEC,MAAM,EACNC,QAAQ,EACRC,UAAU,EACVC,OAAO,EACPC,MAAM,EACNC,UAAU,EACVC,OAAO,EACPC,SAAS,EACTC,UAAU,EACVC,cAAc,QACT,qBAAqB;AAC5B,cAAc,oBAAoB;AAClC,cAAc,mBAAmB","ignoreList":[]}
+{"version":3,"names":["KeyManager","SignatureService","OxyServices","OxyAuthenticationError","OxyAuthenticationTimeoutError","OXY_CLOUD_URL","oxyClient","OxyContextProvider","useOxy","default","OxyProvider","DeviceManager","SUPPORTED_LANGUAGES","getLanguageMetadata","getLanguageName","getNativeLanguageName","normalizeLanguageCode","SECURITY_EVENT_SEVERITY_MAP","useAuthStore","useAssetStore","useAssets","useAssetsStore","useAsset","useUploadProgress","useAssetLoading","useAssetErrors","useAssetsByApp","useAssetsByEntity","useAssetUsageCount","useIsAssetLinked","useSessionSocket","setOxyAssetInstance","useFileDownloadUrl","setOxyFileUrlInstance","useUsernameValidation","USERNAME_MIN_LENGTH","USERNAME_REGEX","USERNAME_FORMAT_ERROR","USERNAME_DEBOUNCE_MS","useUserProfile","useUserProfiles","useCurrentUser","useUserById","useUserByUsername","useUsersBySessions","usePrivacySettings","useBlockedUsers","useRestrictedUsers","useSessions","useSession","useDeviceSessions","useUserDevices","useSecurityInfo","useSecurityActivity","useRecentSecurityActivity","useUpdateProfile","useUploadAvatar","useUpdateAccountSettings","useUpdatePrivacySettings","useUploadFile","useUnblockUser","useUnrestrictUser","useSwitchSession","useLogoutSession","useLogoutAll","useUpdateDeviceName","useRemoveDevice","OxySignInButton","OxyLogo","FollowButton","ErrorCodes","createApiError","handleHttpError","validateRequiredFields","retryWithBackoff","logger","LogLevel","LogContext","logAuth","logApi","logSession","logUser","logDevice","logPayment","logPerformance"],"sourceRoot":"../../src","sources":["index.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,OAAO,mBAAmB;;AAE1B;AACA,SACEA,UAAU,EACVC,gBAAgB,QACX,UAAU;;AAEjB;AACA,SAASC,WAAW,EAAEC,sBAAsB,EAAEC,6BAA6B,QAAQ,QAAQ;AAC3F,SAASC,aAAa,EAAEC,SAAS,QAAQ,QAAQ;AAOjD;AACA,SACEC,kBAAkB;AAAE;AACpBC,MAAM,QACD,yBAAyB;;AAEhC;AACA,SAASC,OAAO,IAAIC,WAAW,QAAQ,6BAA6B;;AAEpE;AACA,SAASC,aAAa,QAAQ,uBAAuB;AAGrD;AACA,SACEC,mBAAmB,EACnBC,mBAAmB,EACnBC,eAAe,EACfC,qBAAqB,EACrBC,qBAAqB,QAChB,uBAAuB;;AAG9B;;AA6DA;AACA,SAASC,2BAA2B,QAAQ,qBAAqB;AAQjE;AACA,SAASC,YAAY,QAAQ,uBAAuB;AACpD,SACEC,aAAa,EACbC,SAAS,IAAIC,cAAc,EAC3BC,QAAQ,EACRC,iBAAiB,EACjBC,eAAe,EACfC,cAAc,EACdC,cAAc,EACdC,iBAAiB,EACjBC,kBAAkB,EAClBC,gBAAgB,QACX,wBAAwB;;AAE/B;AACA,SAASC,gBAAgB,QAAQ,6BAA6B;AAC9D,SAASV,SAAS,EAAEW,mBAAmB,QAAQ,sBAAsB;AACrE,SAASC,kBAAkB,EAAEC,qBAAqB,QAAQ,+BAA+B;AACzF,SAASC,qBAAqB,EAAEC,mBAAmB,EAAEC,cAAc,EAAEC,qBAAqB,EAAEC,oBAAoB,QAAQ,iBAAiB;AAGzI;AACA;AACE;AACAC,cAAc,EACdC,eAAe,EACfC,cAAc,EACdC,WAAW,EACXC,iBAAiB,EACjBC,kBAAkB,EAClBC,kBAAkB,EAClBC,eAAe,EACfC,kBAAkB;AAClB;AACAC,WAAW,EACXC,UAAU,EACVC,iBAAiB,EACjBC,cAAc,EACdC,eAAe;AACf;AACAC,mBAAmB,EACnBC,yBAAyB,QACpB,oBAAoB;;AAE3B;AACA;AACE;AACAC,gBAAgB,EAChBC,eAAe,EACfC,wBAAwB,EACxBC,wBAAwB,EACxBC,aAAa,EACbC,cAAc,EACdC,iBAAiB;AACjB;AACAC,gBAAgB,EAChBC,gBAAgB,EAChBC,YAAY,EACZC,mBAAmB,EACnBC,eAAe,QACV,sBAAsB;;AAE7B;AACA,SAASC,eAAe,QAAQ,iCAAiC;AACjE,SAASC,OAAO,EAAEC,YAAY,QAAQ,MAAM;;AAE5C;AACA,cAAc,kBAAkB;AAChC,SACEC,UAAU,EACVC,cAAc,EACdC,eAAe,EACfC,sBAAsB,EACtBC,gBAAgB,QACX,oBAAoB;AAC3B,cAAc,yBAAyB;AACvC,SACEC,MAAM,EACNC,QAAQ,EACRC,UAAU,EACVC,OAAO,EACPC,MAAM,EACNC,UAAU,EACVC,OAAO,EACPC,SAAS,EACTC,UAAU,EACVC,cAAc,QACT,qBAAqB;AAC5B,cAAc,oBAAoB;AAClC,cAAc,mBAAmB","ignoreList":[]}

package/lib/module/models/interfaces.js

@@ -1,20 +1,20 @@
 "use strict";
 
 /**
- * Services Package Interfaces
+ * User Model
  * 
- * Package-specific interfaces. For shared models (User, Session, etc.),
- * import directly from the shared module:
+ * IMPORTANT: 
+ * - id: MongoDB ObjectId (24 hex characters) - PRIMARY IDENTIFIER for all internal operations
+ * - publicKey: Cryptographic public key (130 hex characters) - LOOKUP KEY for authentication and identity operations
  * 
- * import { User, LoginResponse, Session } from '../shared';
+ * Never use publicKey as an ID. Always use id (ObjectId) for:
+ * - Database queries
+ * - Session userId
+ * - Token userId
+ * - Socket room names
+ * - API route parameters (unless explicitly doing publicKey lookup)
  */
 
-// Note: User and LoginResponse are in the shared module
-// Import them directly: import { User, LoginResponse } from '../shared';
-
-// Note: PaginationInfo and SearchProfilesResponse are in the shared module
-// Import them directly: import { PaginationInfo, SearchProfilesResponse } from '../shared';
-
 /**
  * File management interfaces
  */
@@ -69,5 +69,4 @@ export const SECURITY_EVENT_SEVERITY_MAP = {
  */
 
 // Device Session interfaces
-// Note: User type should be imported from the shared module
 //# sourceMappingURL=interfaces.js.map

package/lib/module/models/interfaces.js.map

@@ -1 +1 @@
-{"version":3,"names":["SECURITY_EVENT_SEVERITY_MAP"],"sourceRoot":"../../../src","sources":["models/interfaces.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAyBA;AACA;;AAyEA;AACA;;AAmEA;AACA;AACA;;AAmDA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAqGA;AACA;AACA;;AAqBA;AACA;AACA;;AAcA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA,OAAO,MAAMA,2BAA6E,GAAG;EAC3F,SAAS,EAAE,KAAK;EAChB,UAAU,EAAE,KAAK;EACjB,iBAAiB,EAAE,KAAK;EACxB,eAAe,EAAE,QAAQ;EACzB,cAAc,EAAE,QAAQ;EACxB,gBAAgB,EAAE,QAAQ;EAC1B,2BAA2B,EAAE,QAAQ;EACrC,kBAAkB,EAAE,MAAM;EAC1B,sBAAsB,EAAE,MAAM;EAC9B,gBAAgB,EAAE,MAAM;EACxB,qBAAqB,EAAE;AACzB,CAAC;;AAED;AACA;AACA;;AAeA;AACA;AACA;;AAkBA;AACA","ignoreList":[]}
+{"version":3,"names":["SECURITY_EVENT_SEVERITY_MAP"],"sourceRoot":"../../../src","sources":["models/interfaces.ts"],"mappings":";;AAuBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAmMA;AACA;AACA;;AAmDA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAuGA;AACA;AACA;;AAqBA;AACA;AACA;;AAcA;AACA;AACA;;AAGA;AACA;AACA;AACA;AACA,OAAO,MAAMA,2BAA6E,GAAG;EAC3F,SAAS,EAAE,KAAK;EAChB,UAAU,EAAE,KAAK;EACjB,iBAAiB,EAAE,KAAK;EACxB,eAAe,EAAE,QAAQ;EACzB,cAAc,EAAE,QAAQ;EACxB,gBAAgB,EAAE,QAAQ;EAC1B,2BAA2B,EAAE,QAAQ;EACrC,kBAAkB,EAAE,MAAM;EAC1B,sBAAsB,EAAE,MAAM;EAC9B,gBAAgB,EAAE,MAAM;EACxB,qBAAqB,EAAE;AACzB,CAAC;;AAED;AACA;AACA;;AAeA;AACA;AACA;;AAkBA","ignoreList":[]}

package/lib/module/node/index.js

@@ -15,6 +15,9 @@ export { OxyServices, OXY_CLOUD_URL, oxyClient };
 export { Models }; // Export all models as a namespace
 export * from '../models/interfaces'; // Export all models directly
 
+// ------------- Node-Specific Crypto Exports -------------
+export { SignatureService } from './signatureService';
+
 // Default export for consistency or specific use cases if needed
 export default OxyServices;
 //# sourceMappingURL=index.js.map

package/lib/module/node/index.js.map

@@ -1 +1 @@
-{"version":3,"names":["OxyServices","OXY_CLOUD_URL","oxyClient","Models"],"sourceRoot":"../../../src","sources":["node/index.ts"],"mappings":";;AAAA;AACA;AACA;;AAEA;AACA,SAASA,WAAW,EAAEC,aAAa,EAAEC,SAAS,QAAQ,SAAS,CAAC,CAAC;AACjE,OAAO,KAAKC,MAAM,MAAM,sBAAsB,CAAC,CAAC;;AAEhD;AACA,SAASH,WAAW,EAAEC,aAAa,EAAEC,SAAS;;AAE9C;AACA,SAASC,MAAM,GAAG,CAAE;AACpB,cAAc,sBAAsB,CAAC,CAAC;;AAEtC;AACA,eAAeH,WAAW","ignoreList":[]}
+{"version":3,"names":["OxyServices","OXY_CLOUD_URL","oxyClient","Models","SignatureService"],"sourceRoot":"../../../src","sources":["node/index.ts"],"mappings":";;AAAA;AACA;AACA;;AAEA;AACA,SAASA,WAAW,EAAEC,aAAa,EAAEC,SAAS,QAAQ,SAAS,CAAC,CAAC;AACjE,OAAO,KAAKC,MAAM,MAAM,sBAAsB,CAAC,CAAC;;AAEhD;AACA,SAASH,WAAW,EAAEC,aAAa,EAAEC,SAAS;;AAE9C;AACA,SAASC,MAAM,GAAG,CAAE;AACpB,cAAc,sBAAsB,CAAC,CAAC;;AAEtC;AACA,SAASC,gBAAgB,QAAQ,oBAAoB;;AAErD;AACA,eAAeJ,WAAW","ignoreList":[]}

package/lib/module/node/signatureService.js

@@ -0,0 +1,101 @@
+"use strict";
+
+/**
+ * Node.js Signature Service
+ * 
+ * Provides synchronous signature operations for Node.js backend.
+ * Uses Node's crypto module for hashing and the shared core for verification.
+ */
+
+import crypto from 'crypto';
+import { verifySignatureCore, isValidPublicKey, isTimestampFresh, buildAuthMessage, buildRegistrationMessage, buildRequestMessage, shortenPublicKey, CHALLENGE_TTL_MS, MAX_SIGNATURE_AGE_MS } from '../crypto/core';
+export class SignatureService {
+  /**
+   * Generate a random challenge string
+   */
+  static generateChallenge() {
+    return crypto.randomBytes(32).toString('hex');
+  }
+
+  /**
+   * Compute SHA-256 hash of a message (synchronous)
+   */
+  static hashMessage(message) {
+    return crypto.createHash('sha256').update(message).digest('hex');
+  }
+
+  /**
+   * Verify an ECDSA signature (synchronous)
+   * 
+   * @param message - The original message that was signed
+   * @param signature - The signature in DER format (hex encoded)
+   * @param publicKey - The public key (hex encoded, uncompressed)
+   * @returns true if the signature is valid
+   */
+  static verifySignature(message, signature, publicKey) {
+    const messageHash = SignatureService.hashMessage(message);
+    return verifySignatureCore(messageHash, signature, publicKey);
+  }
+
+  /**
+   * Verify an authentication challenge response
+   * 
+   * @param publicKey - The user's public key
+   * @param challenge - The original challenge string
+   * @param signature - The signature of the auth message
+   * @param timestamp - The timestamp when the signature was created
+   * @returns true if the challenge response is valid
+   */
+  static verifyChallengeResponse(publicKey, challenge, signature, timestamp) {
+    // Check timestamp is not too old
+    if (!isTimestampFresh(timestamp, CHALLENGE_TTL_MS)) {
+      return false;
+    }
+
+    // Build the message and verify signature
+    const message = buildAuthMessage(publicKey, challenge, timestamp);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Verify a registration signature
+   * Signature format: oxy:register:{publicKey}:{timestamp}
+   */
+  static verifyRegistrationSignature(publicKey, signature, timestamp) {
+    // Check timestamp freshness
+    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
+      return false;
+    }
+    const message = buildRegistrationMessage(publicKey, timestamp);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Verify a signed request
+   * Used for authenticated API operations
+   */
+  static verifyRequestSignature(publicKey, data, signature, timestamp) {
+    // Check timestamp freshness
+    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
+      return false;
+    }
+    const message = buildRequestMessage(publicKey, timestamp, data);
+    return SignatureService.verifySignature(message, signature, publicKey);
+  }
+
+  /**
+   * Validate that a string is a valid public key
+   */
+  static isValidPublicKey(publicKey) {
+    return isValidPublicKey(publicKey);
+  }
+
+  /**
+   * Get a shortened display version of a public key
+   */
+  static shortenPublicKey(publicKey) {
+    return shortenPublicKey(publicKey);
+  }
+}
+export default SignatureService;
+//# sourceMappingURL=signatureService.js.map

package/lib/module/node/signatureService.js.map

@@ -0,0 +1 @@
+{"version":3,"names":["crypto","verifySignatureCore","isValidPublicKey","isTimestampFresh","buildAuthMessage","buildRegistrationMessage","buildRequestMessage","shortenPublicKey","CHALLENGE_TTL_MS","MAX_SIGNATURE_AGE_MS","SignatureService","generateChallenge","randomBytes","toString","hashMessage","message","createHash","update","digest","verifySignature","signature","publicKey","messageHash","verifyChallengeResponse","challenge","timestamp","verifyRegistrationSignature","verifyRequestSignature","data"],"sourceRoot":"../../../src","sources":["node/signatureService.ts"],"mappings":";;AAAA;AACA;AACA;AACA;AACA;AACA;;AAEA,OAAOA,MAAM,MAAM,QAAQ;AAC3B,SACEC,mBAAmB,EACnBC,gBAAgB,EAChBC,gBAAgB,EAChBC,gBAAgB,EAChBC,wBAAwB,EACxBC,mBAAmB,EACnBC,gBAAgB,EAChBC,gBAAgB,EAChBC,oBAAoB,QACf,gBAAgB;AAEvB,OAAO,MAAMC,gBAAgB,CAAC;EAC5B;AACF;AACA;EACE,OAAOC,iBAAiBA,CAAA,EAAW;IACjC,OAAOX,MAAM,CAACY,WAAW,CAAC,EAAE,CAAC,CAACC,QAAQ,CAAC,KAAK,CAAC;EAC/C;;EAEA;AACF;AACA;EACE,OAAOC,WAAWA,CAACC,OAAe,EAAU;IAC1C,OAAOf,MAAM,CAACgB,UAAU,CAAC,QAAQ,CAAC,CAACC,MAAM,CAACF,OAAO,CAAC,CAACG,MAAM,CAAC,KAAK,CAAC;EAClE;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOC,eAAeA,CAACJ,OAAe,EAAEK,SAAiB,EAAEC,SAAiB,EAAW;IACrF,MAAMC,WAAW,GAAGZ,gBAAgB,CAACI,WAAW,CAACC,OAAO,CAAC;IACzD,OAAOd,mBAAmB,CAACqB,WAAW,EAAEF,SAAS,EAAEC,SAAS,CAAC;EAC/D;;EAEA;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;EACE,OAAOE,uBAAuBA,CAC5BF,SAAiB,EACjBG,SAAiB,EACjBJ,SAAiB,EACjBK,SAAiB,EACR;IACT;IACA,IAAI,CAACtB,gBAAgB,CAACsB,SAAS,EAAEjB,gBAAgB,CAAC,EAAE;MAClD,OAAO,KAAK;IACd;;IAEA;IACA,MAAMO,OAAO,GAAGX,gBAAgB,CAACiB,SAAS,EAAEG,SAAS,EAAEC,SAAS,CAAC;IACjE,OAAOf,gBAAgB,CAACS,eAAe,CAACJ,OAAO,EAAEK,SAAS,EAAEC,SAAS,CAAC;EACxE;;EAEA;AACF;AACA;AACA;EACE,OAAOK,2BAA2BA,CAChCL,SAAiB,EACjBD,SAAiB,EACjBK,SAAiB,EACR;IACT;IACA,IAAI,CAACtB,gBAAgB,CAACsB,SAAS,EAAEhB,oBAAoB,CAAC,EAAE;MACtD,OAAO,KAAK;IACd;IAEA,MAAMM,OAAO,GAAGV,wBAAwB,CAACgB,SAAS,EAAEI,SAAS,CAAC;IAC9D,OAAOf,gBAAgB,CAACS,eAAe,CAACJ,OAAO,EAAEK,SAAS,EAAEC,SAAS,CAAC;EACxE;;EAEA;AACF;AACA;AACA;EACE,OAAOM,sBAAsBA,CAC3BN,SAAiB,EACjBO,IAA6B,EAC7BR,SAAiB,EACjBK,SAAiB,EACR;IACT;IACA,IAAI,CAACtB,gBAAgB,CAACsB,SAAS,EAAEhB,oBAAoB,CAAC,EAAE;MACtD,OAAO,KAAK;IACd;IAEA,MAAMM,OAAO,GAAGT,mBAAmB,CAACe,SAAS,EAAEI,SAAS,EAAEG,IAAI,CAAC;IAC/D,OAAOlB,gBAAgB,CAACS,eAAe,CAACJ,OAAO,EAAEK,SAAS,EAAEC,SAAS,CAAC;EACxE;;EAEA;AACF;AACA;EACE,OAAOnB,gBAAgBA,CAACmB,SAAiB,EAAW;IAClD,OAAOnB,gBAAgB,CAACmB,SAAS,CAAC;EACpC;;EAEA;AACF;AACA;EACE,OAAOd,gBAAgBA,CAACc,SAAiB,EAAU;IACjD,OAAOd,gBAAgB,CAACc,SAAS,CAAC;EACpC;AACF;AAEA,eAAeX,gBAAgB","ignoreList":[]}

package/lib/module/ui/context/OxyContext.js

@@ -467,9 +467,21 @@ export const OxyProvider = ({
     }
     setTokenReady(false);
     try {
+      // CRITICAL: Get current identity's public key first
+      // Only restore sessions that belong to this identity
+      const currentPublicKey = await KeyManager.getPublicKey().catch(() => null);
       const storedSessionIdsJson = await storage.getItem(storageKeys.sessionIds);
       const storedSessionIds = storedSessionIdsJson ? JSON.parse(storedSessionIdsJson) : [];
       const storedActiveSessionId = await storage.getItem(storageKeys.activeSessionId);
+
+      // If no identity exists, clear all sessions and return
+      if (!currentPublicKey) {
+        if (storedSessionIds.length > 0 || storedActiveSessionId) {
+          await clearSessionState();
+        }
+        setTokenReady(true);
+        return;
+      }
       const validSessions = [];
       if (storedSessionIds.length > 0) {
         for (const sessionId of storedSessionIds) {
@@ -478,6 +490,17 @@ export const OxyProvider = ({
               useHeaderValidation: true
             });
             if (validation?.valid && validation.user) {
+              // CRITICAL: Verify session belongs to current identity
+              // IMPORTANT: In OxyAccounts, user.id is set to the publicKey (as confirmed by line 754 comment below)
+              // This is different from the JWT's userId field which contains MongoDB ObjectId
+              // We compare user.id (publicKey) to currentPublicKey to ensure session ownership
+              if (validation.user.id !== currentPublicKey) {
+                // Session belongs to different identity - skip it
+                if (__DEV__) {
+                  logger('Skipping session from different identity during restoration');
+                }
+                continue;
+              }
               const now = new Date();
               validSessions.push({
                 sessionId,