@oxyhq/services 5.16.44 → 5.17.0

package/src/crypto/__tests__/core.test.ts

@@ -1,203 +0,0 @@
-/**
- * Tests for the shared crypto core module
- * These tests verify that signature verification is consistent across platforms
- */
-
-import {
-  verifySignatureCore,
-  isValidPublicKey,
-  isValidPrivateKey,
-  isTimestampFresh,
-  buildAuthMessage,
-  buildRegistrationMessage,
-  buildRequestMessage,
-  shortenPublicKey,
-  derivePublicKey,
-  getEllipticCurve,
-  CHALLENGE_TTL_MS,
-  MAX_SIGNATURE_AGE_MS,
-} from '../core';
-
-describe('Crypto Core Module', () => {
-  // Test key pair (for testing only - never use in production)
-  const testPrivateKey = '1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef';
-  // Public key derived from the private key above
-  const testPublicKey = '04bb50e2d89a4ed70663d080659fe0ad4b9bc3e06c17a227433966cb59ceee020decddbf6e00192011648d13b1c00af770c0c1bb609d4d3a5c98a43772e0e18ef4';
-  
-  describe('Public/Private Key Validation', () => {
-    it('should validate correct public keys', () => {
-      expect(isValidPublicKey(testPublicKey)).toBe(true);
-    });
-
-    it('should reject invalid public keys', () => {
-      expect(isValidPublicKey('invalid')).toBe(false);
-      expect(isValidPublicKey('')).toBe(false);
-      expect(isValidPublicKey('1234')).toBe(false);
-    });
-
-    it('should validate correct private keys', () => {
-      expect(isValidPrivateKey(testPrivateKey)).toBe(true);
-    });
-
-    it('should reject invalid private keys', () => {
-      expect(isValidPrivateKey('invalid')).toBe(false);
-      expect(isValidPrivateKey('')).toBe(false);
-      expect(isValidPrivateKey('1234')).toBe(false);
-    });
-
-    it('should derive public key from private key', () => {
-      const derived = derivePublicKey(testPrivateKey);
-      expect(derived).toBe(testPublicKey);
-    });
-  });
-
-  describe('Utility Functions', () => {
-    it('should shorten public keys correctly', () => {
-      const shortened = shortenPublicKey(testPublicKey);
-      expect(shortened).toBe('04bb50e2...e0e18ef4');
-      expect(shortened.length).toBeLessThan(testPublicKey.length);
-    });
-
-    it('should not shorten already short keys', () => {
-      const shortKey = '1234567890';
-      expect(shortenPublicKey(shortKey)).toBe(shortKey);
-    });
-  });
-
-  describe('Timestamp Validation', () => {
-    it('should accept fresh timestamps', () => {
-      const now = Date.now();
-      expect(isTimestampFresh(now)).toBe(true);
-      expect(isTimestampFresh(now - 1000)).toBe(true); // 1 second ago
-    });
-
-    it('should reject old timestamps', () => {
-      const old = Date.now() - (MAX_SIGNATURE_AGE_MS + 1000);
-      expect(isTimestampFresh(old)).toBe(false);
-    });
-
-    it('should respect custom max age', () => {
-      const timestamp = Date.now() - 10000; // 10 seconds ago
-      expect(isTimestampFresh(timestamp, 5000)).toBe(false); // max 5 seconds
-      expect(isTimestampFresh(timestamp, 15000)).toBe(true); // max 15 seconds
-    });
-  });
-
-  describe('Message Building', () => {
-    it('should build auth messages correctly', () => {
-      const publicKey = 'abc123';
-      const challenge = 'challenge456';
-      const timestamp = 1234567890;
-      
-      const message = buildAuthMessage(publicKey, challenge, timestamp);
-      expect(message).toBe('auth:abc123:challenge456:1234567890');
-    });
-
-    it('should build registration messages correctly', () => {
-      const publicKey = 'abc123';
-      const timestamp = 1234567890;
-      
-      const message = buildRegistrationMessage(publicKey, timestamp);
-      expect(message).toBe('oxy:register:abc123:1234567890');
-    });
-
-    it('should build request messages with canonical data', () => {
-      const publicKey = 'abc123';
-      const timestamp = 1234567890;
-      const data = {
-        username: 'testuser',
-        action: 'update',
-        id: 42,
-      };
-      
-      const message = buildRequestMessage(publicKey, timestamp, data);
-      
-      // Keys should be sorted alphabetically
-      expect(message).toContain('action:"update"');
-      expect(message).toContain('id:42');
-      expect(message).toContain('username:"testuser"');
-      expect(message).toContain('request:abc123:1234567890:');
-    });
-
-    it('should produce consistent canonical strings', () => {
-      const publicKey = 'key';
-      const timestamp = 1000;
-      
-      // Same data, different order
-      const data1 = { b: 2, a: 1, c: 3 };
-      const data2 = { c: 3, a: 1, b: 2 };
-      
-      const message1 = buildRequestMessage(publicKey, timestamp, data1);
-      const message2 = buildRequestMessage(publicKey, timestamp, data2);
-      
-      expect(message1).toBe(message2);
-    });
-  });
-
-  describe('Signature Verification Core', () => {
-    it('should verify valid signatures', () => {
-      const ec = getEllipticCurve();
-      const keyPair = ec.keyFromPrivate(testPrivateKey);
-      
-      // Create a test message hash
-      const messageHash = 'abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890';
-      
-      // Sign it
-      const signature = keyPair.sign(messageHash);
-      const signatureHex = signature.toDER('hex');
-      
-      // Verify it
-      const isValid = verifySignatureCore(messageHash, signatureHex, testPublicKey);
-      expect(isValid).toBe(true);
-    });
-
-    it('should reject invalid signatures', () => {
-      const messageHash = 'abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890';
-      const invalidSignature = '1234567890abcdef';
-      
-      const isValid = verifySignatureCore(messageHash, invalidSignature, testPublicKey);
-      expect(isValid).toBe(false);
-    });
-
-    it('should reject signatures with wrong public key', () => {
-      const ec = getEllipticCurve();
-      const keyPair = ec.keyFromPrivate(testPrivateKey);
-      
-      const messageHash = 'abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890';
-      const signature = keyPair.sign(messageHash);
-      const signatureHex = signature.toDER('hex');
-      
-      // Use a different public key
-      const wrongPublicKey = '04' + 'a'.repeat(128);
-      
-      const isValid = verifySignatureCore(messageHash, signatureHex, wrongPublicKey);
-      expect(isValid).toBe(false);
-    });
-  });
-
-  describe('Constants', () => {
-    it('should export correct TTL constants', () => {
-      expect(CHALLENGE_TTL_MS).toBe(5 * 60 * 1000); // 5 minutes
-      expect(MAX_SIGNATURE_AGE_MS).toBe(5 * 60 * 1000); // 5 minutes
-    });
-  });
-
-  describe('Elliptic Curve', () => {
-    it('should provide secp256k1 curve', () => {
-      const ec = getEllipticCurve();
-      expect(ec).toBeDefined();
-      expect(ec.curve.type).toBe('short');
-    });
-
-    it('should generate valid key pairs', () => {
-      const ec = getEllipticCurve();
-      const keyPair = ec.genKeyPair();
-      
-      const privateKey = keyPair.getPrivate('hex');
-      const publicKey = keyPair.getPublic('hex');
-      
-      expect(isValidPrivateKey(privateKey)).toBe(true);
-      expect(isValidPublicKey(publicKey)).toBe(true);
-    });
-  });
-});

package/src/crypto/core.ts

@@ -1,142 +0,0 @@
-/**
- * Core Cryptographic Functions - Platform Agnostic
- * 
- * This module contains the core signature verification logic
- * that is shared between all platforms (React Native, Node.js, Web).
- * Platform-specific implementations (hashing, random generation) are injected.
- */
-
-import { ec as EC } from 'elliptic';
-import type { EC as ECType } from 'elliptic';
-
-const ec = new EC('secp256k1');
-
-// Constants for signature validation
-export const CHALLENGE_TTL_MS = 5 * 60 * 1000; // 5 minutes
-export const MAX_SIGNATURE_AGE_MS = 5 * 60 * 1000; // 5 minutes
-
-/**
- * Core signature verification using elliptic curve
- * This is platform-agnostic and works everywhere
- */
-export function verifySignatureCore(
-  messageHash: string,
-  signature: string,
-  publicKey: string
-): boolean {
-  try {
-    const key = ec.keyFromPublic(publicKey, 'hex');
-    return key.verify(messageHash, signature);
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Validate that a string is a valid public key
- */
-export function isValidPublicKey(publicKey: string): boolean {
-  // Reject empty strings
-  if (!publicKey || publicKey.trim().length === 0) {
-    return false;
-  }
-  
-  try {
-    ec.keyFromPublic(publicKey, 'hex');
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Validate that a string is a valid private key
- */
-export function isValidPrivateKey(privateKey: string): boolean {
-  // Reject empty strings
-  if (!privateKey || privateKey.trim().length === 0) {
-    return false;
-  }
-  
-  // Private keys must be 64 hex characters (32 bytes)
-  if (!/^[0-9a-fA-F]{64}$/.test(privateKey)) {
-    return false;
-  }
-  
-  try {
-    const keyPair = ec.keyFromPrivate(privateKey);
-    // Verify it can derive a public key and the key is valid
-    keyPair.getPublic('hex');
-    // Check that the private key is not zero (which would be invalid)
-    const priv = keyPair.getPrivate();
-    if (!priv || priv.isZero()) {
-      return false;
-    }
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-/**
- * Get a shortened display version of a public key
- * Format: first 8 chars...last 8 chars
- */
-export function shortenPublicKey(publicKey: string): string {
-  if (publicKey.length <= 20) return publicKey;
-  return `${publicKey.slice(0, 8)}...${publicKey.slice(-8)}`;
-}
-
-/**
- * Derive public key from a private key (without storing)
- */
-export function derivePublicKey(privateKey: string): string {
-  const keyPair = ec.keyFromPrivate(privateKey);
-  return keyPair.getPublic('hex');
-}
-
-/**
- * Check timestamp freshness
- */
-export function isTimestampFresh(timestamp: number, maxAgeMs: number = MAX_SIGNATURE_AGE_MS): boolean {
-  const now = Date.now();
-  return (now - timestamp) <= maxAgeMs;
-}
-
-/**
- * Build authentication challenge message
- * Format: auth:{publicKey}:{challenge}:{timestamp}
- */
-export function buildAuthMessage(publicKey: string, challenge: string, timestamp: number): string {
-  return `auth:${publicKey}:${challenge}:${timestamp}`;
-}
-
-/**
- * Build registration message
- * Format: oxy:register:{publicKey}:{timestamp}
- */
-export function buildRegistrationMessage(publicKey: string, timestamp: number): string {
-  return `oxy:register:${publicKey}:${timestamp}`;
-}
-
-/**
- * Build request signature message
- * Format: request:{publicKey}:{timestamp}:{canonicalString}
- */
-export function buildRequestMessage(
-  publicKey: string,
-  timestamp: number,
-  data: Record<string, unknown>
-): string {
-  const sortedKeys = Object.keys(data).sort();
-  const canonicalParts = sortedKeys.map(key => `${key}:${JSON.stringify(data[key])}`);
-  const canonicalString = canonicalParts.join('|');
-  return `request:${publicKey}:${timestamp}:${canonicalString}`;
-}
-
-/**
- * Get the elliptic curve instance (for key generation)
- */
-export function getEllipticCurve(): ECType {
-  return ec;
-}

package/src/node/signatureService.ts

@@ -1,126 +0,0 @@
-/**
- * Node.js Signature Service
- * 
- * Provides synchronous signature operations for Node.js backend.
- * Uses Node's crypto module for hashing and the shared core for verification.
- */
-
-import crypto from 'crypto';
-import {
-  verifySignatureCore,
-  isValidPublicKey,
-  isTimestampFresh,
-  buildAuthMessage,
-  buildRegistrationMessage,
-  buildRequestMessage,
-  shortenPublicKey,
-  CHALLENGE_TTL_MS,
-  MAX_SIGNATURE_AGE_MS,
-} from '../crypto/core';
-
-export class SignatureService {
-  /**
-   * Generate a random challenge string
-   */
-  static generateChallenge(): string {
-    return crypto.randomBytes(32).toString('hex');
-  }
-
-  /**
-   * Compute SHA-256 hash of a message (synchronous)
-   */
-  static hashMessage(message: string): string {
-    return crypto.createHash('sha256').update(message).digest('hex');
-  }
-
-  /**
-   * Verify an ECDSA signature (synchronous)
-   * 
-   * @param message - The original message that was signed
-   * @param signature - The signature in DER format (hex encoded)
-   * @param publicKey - The public key (hex encoded, uncompressed)
-   * @returns true if the signature is valid
-   */
-  static verifySignature(message: string, signature: string, publicKey: string): boolean {
-    const messageHash = SignatureService.hashMessage(message);
-    return verifySignatureCore(messageHash, signature, publicKey);
-  }
-
-  /**
-   * Verify an authentication challenge response
-   * 
-   * @param publicKey - The user's public key
-   * @param challenge - The original challenge string
-   * @param signature - The signature of the auth message
-   * @param timestamp - The timestamp when the signature was created
-   * @returns true if the challenge response is valid
-   */
-  static verifyChallengeResponse(
-    publicKey: string,
-    challenge: string,
-    signature: string,
-    timestamp: number
-  ): boolean {
-    // Check timestamp is not too old
-    if (!isTimestampFresh(timestamp, CHALLENGE_TTL_MS)) {
-      return false;
-    }
-
-    // Build the message and verify signature
-    const message = buildAuthMessage(publicKey, challenge, timestamp);
-    return SignatureService.verifySignature(message, signature, publicKey);
-  }
-
-  /**
-   * Verify a registration signature
-   * Signature format: oxy:register:{publicKey}:{timestamp}
-   */
-  static verifyRegistrationSignature(
-    publicKey: string,
-    signature: string,
-    timestamp: number
-  ): boolean {
-    // Check timestamp freshness
-    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
-      return false;
-    }
-
-    const message = buildRegistrationMessage(publicKey, timestamp);
-    return SignatureService.verifySignature(message, signature, publicKey);
-  }
-
-  /**
-   * Verify a signed request
-   * Used for authenticated API operations
-   */
-  static verifyRequestSignature(
-    publicKey: string,
-    data: Record<string, unknown>,
-    signature: string,
-    timestamp: number
-  ): boolean {
-    // Check timestamp freshness
-    if (!isTimestampFresh(timestamp, MAX_SIGNATURE_AGE_MS)) {
-      return false;
-    }
-
-    const message = buildRequestMessage(publicKey, timestamp, data);
-    return SignatureService.verifySignature(message, signature, publicKey);
-  }
-
-  /**
-   * Validate that a string is a valid public key
-   */
-  static isValidPublicKey(publicKey: string): boolean {
-    return isValidPublicKey(publicKey);
-  }
-
-  /**
-   * Get a shortened display version of a public key
-   */
-  static shortenPublicKey(publicKey: string): string {
-    return shortenPublicKey(publicKey);
-  }
-}
-
-export default SignatureService;

package/src/ui/hooks/auth/index.ts

@@ -1,9 +0,0 @@
-/**
- * Auth-related hooks
- */
-export { useUsernameValidation, USERNAME_MIN_LENGTH, USERNAME_REGEX, USERNAME_FORMAT_ERROR, USERNAME_DEBOUNCE_MS } from './useUsernameValidation';
-export type { UsernameValidationResult } from './useUsernameValidation';
-
-
-
-

package/src/ui/hooks/auth/useUsernameValidation.ts

@@ -1,177 +0,0 @@
-import { useMemo } from 'react';
-import { useQuery } from '@tanstack/react-query';
-import type { OxyServices } from '../../../core';
-import { handleHttpError, ErrorCodes } from '../../../utils/errorUtils';
-import { useDebounce } from '../../../utils/hookUtils';
-
-/**
- * Username validation constants
- */
-export const USERNAME_MIN_LENGTH = 4;
-export const USERNAME_REGEX = /^[a-z0-9]+$/i;
-export const USERNAME_FORMAT_ERROR = 'You can use a-z, 0-9. Minimum length is 4 characters.';
-export const USERNAME_DEBOUNCE_MS = 500;
-
-/**
- * Username validation result interface
- */
-export interface UsernameValidationResult {
-  isValid: boolean;
-  isAvailable: boolean | null; // null = not checked yet
-  error: string | null;
-  isChecking: boolean;
-}
-
-/**
- * Validate username format using services validation utilities
- */
-function validateUsernameFormat(username: string): boolean {
-  // Use stricter validation: lowercase alphanumeric only, min 4 chars
-  return username.length >= USERNAME_MIN_LENGTH && USERNAME_REGEX.test(username);
-}
-
-/**
- * Check if an error is a network or timeout error
- */
-function isNetworkOrTimeoutError(error: unknown): boolean {
-  const apiError = handleHttpError(error);
-  return (
-    apiError.code === ErrorCodes.NETWORK_ERROR ||
-    apiError.code === ErrorCodes.TIMEOUT ||
-    apiError.code === ErrorCodes.CONNECTION_FAILED
-  );
-}
-
-/**
- * Extract error message from an unknown error shape
- */
-function extractAuthErrorMessage(error: unknown, fallbackMessage = 'An error occurred'): string {
-  const apiError = handleHttpError(error);
-  return apiError.message || fallbackMessage;
-}
-
-/**
- * Hook for username validation with debouncing and availability checking
- * 
- * Uses TanStack Query for efficient API calls with:
- * - Automatic request cancellation when username changes
- * - Built-in caching (same username checked multiple times = cached result)
- * - Request deduplication (multiple components checking same username = single request)
- * - Proper error handling
- * 
- * @param username - The username to validate
- * @param oxyServices - OxyServices instance for API calls
- * @returns Username validation state and result
- */
-export function useUsernameValidation(
-  username: string,
-  oxyServices: OxyServices | null
-): UsernameValidationResult {
-  // Debounce the username input to avoid excessive API calls
-  const debouncedUsername = useDebounce(username.trim().toLowerCase(), USERNAME_DEBOUNCE_MS);
-  
-  // Validate format synchronously (no API call needed)
-  const isValid = useMemo(() => validateUsernameFormat(username), [username]);
-  
-  // Determine if we should check availability
-  const shouldCheckAvailability = useMemo(() => {
-    if (!debouncedUsername || debouncedUsername.length < USERNAME_MIN_LENGTH) {
-      return false;
-    }
-    return validateUsernameFormat(debouncedUsername);
-  }, [debouncedUsername]);
-  
-  // Use TanStack Query for the API call
-  // This provides automatic caching, request cancellation, and deduplication
-  const {
-    data: availabilityResult,
-    isLoading: isChecking,
-    error: queryError,
-    isFetching,
-  } = useQuery({
-    queryKey: ['username', 'availability', debouncedUsername],
-    queryFn: async () => {
-      if (!oxyServices) {
-        throw new Error('OxyServices not available');
-      }
-      return await oxyServices.checkUsernameAvailability(debouncedUsername);
-    },
-    enabled: shouldCheckAvailability && !!oxyServices,
-    staleTime: 5 * 60 * 1000, // Cache for 5 minutes (usernames don't change often)
-    gcTime: 30 * 60 * 1000, // Keep in cache for 30 minutes
-    retry: (failureCount, error) => {
-      // Don't retry on network/timeout errors (user might be offline)
-      if (isNetworkOrTimeoutError(error)) {
-        return false;
-      }
-      // Retry up to 2 times for other errors
-      return failureCount < 2;
-    },
-    retryDelay: (attemptIndex) => Math.min(1000 * 2 ** attemptIndex, 3000),
-  });
-  
-  // Compute the result based on validation and query state
-  return useMemo(() => {
-    // If username is too short or invalid format, return early validation
-    if (!username || username.length < USERNAME_MIN_LENGTH) {
-      return {
-        isValid: false,
-        isAvailable: null,
-        error: null,
-        isChecking: false,
-      };
-    }
-    
-    if (!isValid) {
-      return {
-        isValid: false,
-        isAvailable: false,
-        error: USERNAME_FORMAT_ERROR,
-        isChecking: false,
-      };
-    }
-    
-    // If we're not checking yet (debounce period), show checking state only if user is typing
-    const isCurrentlyChecking = isChecking || isFetching;
-    
-    // Handle network/timeout errors gracefully
-    if (queryError && isNetworkOrTimeoutError(queryError)) {
-      // Allow proceeding if offline/network issue (optimistic)
-      return {
-        isValid: true,
-        isAvailable: true, // Optimistic: allow proceeding
-        error: null,
-        isChecking: false,
-      };
-    }
-    
-    // Handle other errors
-    if (queryError) {
-      return {
-        isValid: true,
-        isAvailable: false,
-        error: extractAuthErrorMessage(queryError, 'Failed to check username availability'),
-        isChecking: false,
-      };
-    }
-    
-    // If we have a result, use it
-    if (availabilityResult) {
-      return {
-        isValid: true,
-        isAvailable: availabilityResult.available,
-        error: availabilityResult.available ? null : (availabilityResult.message || 'Username is already taken'),
-        isChecking: false,
-      };
-    }
-    
-    // Still checking (or waiting for debounce)
-    return {
-      isValid: true,
-      isAvailable: null,
-      error: null,
-      isChecking: isCurrentlyChecking,
-    };
-  }, [username, isValid, availabilityResult, isChecking, isFetching, queryError]);
-}
-