@reclaimprotocol/attestor-core 4.0.2 → 5.0.1-beta.1

package/lib/server/utils/apm.js

@@ -1,43 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.getApm = getApm;
-const elastic_apm_node_1 = __importDefault(require("elastic-apm-node"));
-const env_1 = require("../../utils/env");
-const logger_1 = require("../../utils/logger");
-let apm;
-/**
- * Initialises the APM agent if required,
- * and returns it.
- * If ELASTIC_APM_SERVER_URL & ELASTIC_APM_SECRET_TOKEN
- * are not set will return undefined
- *
- * Utilises the standard env variables mentioned
- * here: https://www.elastic.co/guide/en/apm/agent/nodejs/current/custom-stack.html#custom-stack-advanced-configuration
- */
-function getApm() {
-    if (!(0, env_1.getEnvVariable)('ELASTIC_APM_SERVER_URL')
-        || !(0, env_1.getEnvVariable)('ELASTIC_APM_SECRET_TOKEN')) {
-        logger_1.logger.info('ELASTIC_APM_SERVER_URL or ELASTIC_APM_SECRET_TOKEN not found'
-            + ' in env, APM agent not initialised');
-        return undefined;
-    }
-    if (!apm) {
-        const sampleRate = +((0, env_1.getEnvVariable)('ELASTIC_APM_SAMPLE_RATE')
-            || '0.1');
-        apm = elastic_apm_node_1.default.start({
-            serviceName: 'reclaim_attestor',
-            serviceVersion: '4.0.0',
-            transactionSampleRate: sampleRate,
-            instrumentIncomingHTTPRequests: true,
-            usePathAsTransactionName: true,
-            instrument: true,
-            captureHeaders: true,
-        });
-        logger_1.logger.info('initialised APM agent');
-    }
-    return apm;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBtLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlcnZlci91dGlscy9hcG0udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7QUFlQSx3QkE4QkM7QUE3Q0Qsd0VBQW9EO0FBQ3BELHVDQUE4QztBQUM5Qyw2Q0FBeUM7QUFFekMsSUFBSSxHQUFzQixDQUFBO0FBRTFCOzs7Ozs7OztHQVFHO0FBQ0gsU0FBZ0IsTUFBTTtJQUNyQixJQUNDLENBQUMsSUFBQSxvQkFBYyxFQUFDLHdCQUF3QixDQUFDO1dBQ3RDLENBQUMsSUFBQSxvQkFBYyxFQUFDLDBCQUEwQixDQUFDLEVBQzdDLENBQUM7UUFDRixlQUFNLENBQUMsSUFBSSxDQUNWLDhEQUE4RDtjQUM1RCxvQ0FBb0MsQ0FDdEMsQ0FBQTtRQUNELE9BQU8sU0FBUyxDQUFBO0lBQ2pCLENBQUM7SUFFRCxJQUFHLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDVCxNQUFNLFVBQVUsR0FBRyxDQUFDLENBQ25CLElBQUEsb0JBQWMsRUFBQyx5QkFBeUIsQ0FBQztlQUN0QyxLQUFLLENBQ1IsQ0FBQTtRQUNELEdBQUcsR0FBRywwQkFBVSxDQUFDLEtBQUssQ0FBQztZQUN0QixXQUFXLEVBQUUsa0JBQWtCO1lBQy9CLGNBQWMsRUFBRSxPQUFPO1lBQ3ZCLHFCQUFxQixFQUFFLFVBQVU7WUFDakMsOEJBQThCLEVBQUUsSUFBSTtZQUNwQyx3QkFBd0IsRUFBRSxJQUFJO1lBQzlCLFVBQVUsRUFBRSxJQUFJO1lBQ2hCLGNBQWMsRUFBRSxJQUFJO1NBQ3BCLENBQUMsQ0FBQTtRQUNGLGVBQU0sQ0FBQyxJQUFJLENBQUMsdUJBQXVCLENBQUMsQ0FBQTtJQUNyQyxDQUFDO0lBRUQsT0FBTyxHQUFHLENBQUE7QUFDWCxDQUFDIn0=

package/lib/server/utils/assert-valid-claim-request.d.ts

@@ -1,30 +0,0 @@
-import { ZKEngine } from '@reclaimprotocol/zk-symmetric-crypto';
-import { ClaimTunnelRequest, InitRequest, ProviderClaimInfo } from '../../proto/api';
-import { IDecryptedTranscript, Logger, ProviderCtx, TCPSocketProperties, Transcript } from '../../types';
-/**
- * Asserts that the claim request is valid.
- *
- * 1. We begin by verifying the signature of the claim request.
- * 2. Next, we produce the transcript of the TLS exchange
- * from the proofs provided by the client.
- * 3. We then pull the provider the client is trying to claim
- * from
- * 4. We then use the provider's verification function to verify
- *  whether the claim is valid.
- *
- * If any of these steps fail, we throw an error.
- */
-export declare function assertValidClaimRequest(request: ClaimTunnelRequest, metadata: InitRequest, logger: Logger): Promise<import("../../proto/api").ClaimRequestData>;
-/**
- * Verify that the transcript contains a valid claim
- * for the provider.
- */
-export declare function assertValidProviderTranscript<T extends ProviderClaimInfo>(applData: Transcript<Uint8Array>, info: T, logger: Logger, providerCtx: ProviderCtx): Promise<T>;
-/**
- * Verify that the transcript provided by the client
- * matches the transcript of the tunnel, the server
- * has created.
- */
-export declare function assertTranscriptsMatch(clientTranscript: ClaimTunnelRequest['transcript'], tunnelTranscript: TCPSocketProperties['transcript']): void;
-export declare function decryptTranscript(transcript: ClaimTunnelRequest['transcript'], logger: Logger, zkEngine: ZKEngine, serverIV: Uint8Array, clientIV: Uint8Array): Promise<IDecryptedTranscript>;
-export declare function getWithoutHeader(message: Uint8Array): Uint8Array<ArrayBuffer>;

package/lib/server/utils/assert-valid-claim-request.js

@@ -1,200 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.assertValidClaimRequest = assertValidClaimRequest;
-exports.assertValidProviderTranscript = assertValidProviderTranscript;
-exports.assertTranscriptsMatch = assertTranscriptsMatch;
-exports.decryptTranscript = decryptTranscript;
-exports.getWithoutHeader = getWithoutHeader;
-const tls_1 = require("@reclaimprotocol/tls");
-const api_1 = require("../../proto/api");
-const providers_1 = require("../../providers");
-const generics_1 = require("../../server/utils/generics");
-const process_handshake_1 = require("../../server/utils/process-handshake");
-const utils_1 = require("../../utils");
-const signatures_1 = require("../../utils/signatures");
-/**
- * Asserts that the claim request is valid.
- *
- * 1. We begin by verifying the signature of the claim request.
- * 2. Next, we produce the transcript of the TLS exchange
- * from the proofs provided by the client.
- * 3. We then pull the provider the client is trying to claim
- * from
- * 4. We then use the provider's verification function to verify
- *  whether the claim is valid.
- *
- * If any of these steps fail, we throw an error.
- */
-async function assertValidClaimRequest(request, metadata, logger) {
-    var _a;
-    const { data, signatures: { requestSignature } = {}, zkEngine, fixedServerIV, fixedClientIV } = request;
-    if (!data) {
-        throw new utils_1.AttestorError('ERROR_INVALID_CLAIM', 'No info provided on claim request');
-    }
-    if (!(requestSignature === null || requestSignature === void 0 ? void 0 : requestSignature.length)) {
-        throw new utils_1.AttestorError('ERROR_INVALID_CLAIM', 'No signature provided on claim request');
-    }
-    // verify request signature
-    const serialisedReq = api_1.ClaimTunnelRequest
-        .encode({ ...request, signatures: undefined })
-        .finish();
-    const { verify: verifySig } = signatures_1.SIGNATURES[metadata.signatureType];
-    const verified = await verifySig(serialisedReq, requestSignature, data.owner);
-    if (!verified) {
-        throw new utils_1.AttestorError('ERROR_INVALID_CLAIM', 'Invalid signature on claim request');
-    }
-    const receipt = await decryptTranscript(request.transcript, logger, zkEngine === api_1.ZKProofEngine.ZK_ENGINE_GNARK ? 'gnark' : 'snarkjs', fixedServerIV, fixedClientIV);
-    const reqHost = (_a = request.request) === null || _a === void 0 ? void 0 : _a.host;
-    if (receipt.hostname !== reqHost) {
-        throw new Error(`Expected server name ${reqHost}, got ${receipt.hostname}`);
-    }
-    // get all application data messages
-    const applData = (0, utils_1.extractApplicationDataFromTranscript)(receipt);
-    const newData = await assertValidProviderTranscript(applData, data, logger, { version: metadata.clientVersion });
-    if (newData !== data) {
-        logger.info({ newData }, 'updated claim info');
-    }
-    return newData;
-}
-/**
- * Verify that the transcript contains a valid claim
- * for the provider.
- */
-async function assertValidProviderTranscript(applData, info, logger, providerCtx) {
-    var _a;
-    const providerName = info.provider;
-    const provider = providers_1.providers[providerName];
-    if (!provider) {
-        throw new utils_1.AttestorError('ERROR_INVALID_CLAIM', `Unsupported provider: ${providerName}`);
-    }
-    const params = (0, generics_1.niceParseJsonObject)(info.parameters, 'params');
-    const ctx = (0, generics_1.niceParseJsonObject)(info.context, 'context');
-    (0, utils_1.assertValidateProviderParams)(providerName, params);
-    const rslt = await provider.assertValidProviderReceipt({
-        receipt: applData,
-        params,
-        logger,
-        ctx: providerCtx
-    });
-    ctx.providerHash = (0, utils_1.hashProviderParams)(params);
-    const extractedParameters = (rslt === null || rslt === void 0 ? void 0 : rslt.extractedParameters) || {};
-    if (Object.keys(extractedParameters).length) {
-        ctx.extractedParameters = extractedParameters;
-    }
-    info.context = (_a = (0, utils_1.canonicalStringify)(ctx)) !== null && _a !== void 0 ? _a : '';
-    return info;
-}
-/**
- * Verify that the transcript provided by the client
- * matches the transcript of the tunnel, the server
- * has created.
- */
-function assertTranscriptsMatch(clientTranscript, tunnelTranscript) {
-    const clientSends = (0, tls_1.concatenateUint8Arrays)(clientTranscript
-        .filter(m => m.sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT)
-        .map(m => m.message));
-    const tunnelSends = (0, tls_1.concatenateUint8Arrays)(tunnelTranscript
-        .filter(m => m.sender === 'client')
-        .map(m => m.message));
-    if (!(0, tls_1.areUint8ArraysEqual)(clientSends, tunnelSends)) {
-        throw utils_1.AttestorError.badRequest('Outgoing messages from client do not match the tunnel transcript');
-    }
-    const clientRecvs = (0, tls_1.concatenateUint8Arrays)(clientTranscript
-        .filter(m => m.sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER)
-        .map(m => m.message));
-    const tunnelRecvs = (0, tls_1.concatenateUint8Arrays)(tunnelTranscript
-        .filter(m => m.sender === 'server')
-        .map(m => m.message))
-        // We only need to compare the first N messages
-        // that the client claims to have received
-        // the rest are not relevant -- so even if they're
-        // not present in the tunnel transcript, it's fine
-        .slice(0, clientRecvs.length);
-    if (!(0, tls_1.areUint8ArraysEqual)(clientRecvs, tunnelRecvs)) {
-        throw utils_1.AttestorError.badRequest('Incoming messages from server do not match the tunnel transcript');
-    }
-}
-async function decryptTranscript(transcript, logger, zkEngine, serverIV, clientIV) {
-    const { tlsVersion, cipherSuite, hostname, nextMsgIndex } = await (0, process_handshake_1.processHandshake)(transcript, logger);
-    let clientRecordNumber = tlsVersion === 'TLS1_3' ? -1 : 0; // TLS 1.3 has already one record encrypted at this point
-    let serverRecordNumber = clientRecordNumber;
-    transcript = transcript.slice(nextMsgIndex);
-    const decryptedTranscript = [];
-    for (const [i, { sender, message, reveal: { zkReveal, directReveal } = {} }] of transcript.entries()) {
-        //start with first message after last handshake message
-        await getDecryptedMessage(sender, message, directReveal, zkReveal, i);
-    }
-    return {
-        transcript: decryptedTranscript,
-        hostname: hostname,
-        tlsVersion: tlsVersion,
-    };
-    async function getDecryptedMessage(sender, message, directReveal, zkReveal, i) {
-        var _a, _b;
-        try {
-            const isServer = sender === api_1.TranscriptMessageSenderType
-                .TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER;
-            const recordHeader = message.slice(0, 5);
-            const content = getWithoutHeader(message);
-            if (isServer) {
-                serverRecordNumber++;
-            }
-            else {
-                clientRecordNumber++;
-            }
-            let redacted = true;
-            let plaintext = undefined;
-            let plaintextLength;
-            if ((_a = directReveal === null || directReveal === void 0 ? void 0 : directReveal.key) === null || _a === void 0 ? void 0 : _a.length) {
-                const result = await (0, utils_1.decryptDirect)(directReveal, cipherSuite, recordHeader, tlsVersion, content);
-                plaintext = result.plaintext;
-                redacted = false;
-                plaintextLength = plaintext.length;
-            }
-            else if ((_b = zkReveal === null || zkReveal === void 0 ? void 0 : zkReveal.proofs) === null || _b === void 0 ? void 0 : _b.length) {
-                const result = await (0, utils_1.verifyZkPacket)({
-                    ciphertext: content,
-                    zkReveal,
-                    logger,
-                    cipherSuite,
-                    zkEngine: zkEngine,
-                    iv: sender === api_1.TranscriptMessageSenderType
-                        .TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER
-                        ? serverIV
-                        : clientIV,
-                    recordNumber: isServer
-                        ? serverRecordNumber
-                        : clientRecordNumber
-                });
-                plaintext = result.redactedPlaintext;
-                redacted = false;
-                plaintextLength = plaintext.length;
-            }
-            else {
-                plaintext = content;
-                plaintextLength = plaintext.length;
-            }
-            decryptedTranscript.push({
-                sender: sender === api_1.TranscriptMessageSenderType
-                    .TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT
-                    ? 'client'
-                    : 'server',
-                redacted,
-                message: plaintext,
-                recordHeader,
-                plaintextLength,
-            });
-        }
-        catch (error) {
-            throw new utils_1.AttestorError('ERROR_INVALID_CLAIM', `error in handling packet at idx ${i}: ${error}`, {
-                packetIdx: i,
-                error: error,
-            });
-        }
-    }
-}
-function getWithoutHeader(message) {
-    // strip the record header (xx 03 03 xx xx)
-    return message.slice(5);
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0LXZhbGlkLWNsYWltLXJlcXVlc3QuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VydmVyL3V0aWxzL2Fzc2VydC12YWxpZC1jbGFpbS1yZXF1ZXN0LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBK0NBLDBEQW9FQztBQU1ELHNFQXFDQztBQU9ELHdEQTJDQztBQUVELDhDQTZHQztBQUVELDRDQUdDO0FBcFVELDhDQUc2QjtBQUU3Qix1Q0FRc0I7QUFDdEIsNkNBQXlDO0FBQ3pDLHdEQUErRDtBQUMvRCwwRUFBcUU7QUFTckUscUNBTWtCO0FBQ2xCLHFEQUFpRDtBQUVqRDs7Ozs7Ozs7Ozs7O0dBWUc7QUFDSSxLQUFLLFVBQVUsdUJBQXVCLENBQzVDLE9BQTJCLEVBQzNCLFFBQXFCLEVBQ3JCLE1BQWM7O0lBRWQsTUFBTSxFQUNMLElBQUksRUFDSixVQUFVLEVBQUUsRUFBRSxnQkFBZ0IsRUFBRSxHQUFHLEVBQUUsRUFDckMsUUFBUSxFQUNSLGFBQWEsRUFDYixhQUFhLEVBQ2IsR0FBRyxPQUFPLENBQUE7SUFDWCxJQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDVixNQUFNLElBQUkscUJBQWEsQ0FDdEIscUJBQXFCLEVBQ3JCLG1DQUFtQyxDQUNuQyxDQUFBO0lBQ0YsQ0FBQztJQUVELElBQUcsQ0FBQyxDQUFBLGdCQUFnQixhQUFoQixnQkFBZ0IsdUJBQWhCLGdCQUFnQixDQUFFLE1BQU0sQ0FBQSxFQUFFLENBQUM7UUFDOUIsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLHFCQUFxQixFQUNyQix3Q0FBd0MsQ0FDeEMsQ0FBQTtJQUNGLENBQUM7SUFFRCwyQkFBMkI7SUFDM0IsTUFBTSxhQUFhLEdBQUcsd0JBQWtCO1NBQ3RDLE1BQU0sQ0FBQyxFQUFFLEdBQUcsT0FBTyxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsQ0FBQztTQUM3QyxNQUFNLEVBQUUsQ0FBQTtJQUNWLE1BQU0sRUFBRSxNQUFNLEVBQUUsU0FBUyxFQUFFLEdBQUcsdUJBQVUsQ0FBQyxRQUFRLENBQUMsYUFBYSxDQUFDLENBQUE7SUFDaEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxTQUFTLENBQy9CLGFBQWEsRUFDYixnQkFBZ0IsRUFDaEIsSUFBSSxDQUFDLEtBQUssQ0FDVixDQUFBO0lBQ0QsSUFBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ2QsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLHFCQUFxQixFQUNyQixvQ0FBb0MsQ0FDcEMsQ0FBQTtJQUNGLENBQUM7SUFFRCxNQUFNLE9BQU8sR0FBRyxNQUFNLGlCQUFpQixDQUN0QyxPQUFPLENBQUMsVUFBVSxFQUNsQixNQUFNLEVBQ04sUUFBUSxLQUFLLG1CQUFhLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLFNBQVMsRUFDaEUsYUFBYSxFQUNiLGFBQWEsQ0FDYixDQUFBO0lBQ0QsTUFBTSxPQUFPLEdBQUcsTUFBQSxPQUFPLENBQUMsT0FBTywwQ0FBRSxJQUFJLENBQUE7SUFDckMsSUFBRyxPQUFPLENBQUMsUUFBUSxLQUFLLE9BQU8sRUFBRSxDQUFDO1FBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2Qsd0JBQXdCLE9BQU8sU0FBUyxPQUFPLENBQUMsUUFBUSxFQUFFLENBQzFELENBQUE7SUFDRixDQUFDO0lBR0Qsb0NBQW9DO0lBQ3BDLE1BQU0sUUFBUSxHQUFHLElBQUEsNENBQW9DLEVBQUMsT0FBTyxDQUFDLENBQUE7SUFDOUQsTUFBTSxPQUFPLEdBQUcsTUFBTSw2QkFBNkIsQ0FDbEQsUUFBUSxFQUFFLElBQUksRUFBRSxNQUFNLEVBQUUsRUFBRSxPQUFPLEVBQUUsUUFBUSxDQUFDLGFBQWEsRUFBRSxDQUMzRCxDQUFBO0lBQ0QsSUFBRyxPQUFPLEtBQUssSUFBSSxFQUFFLENBQUM7UUFDckIsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLE9BQU8sRUFBRSxFQUFFLG9CQUFvQixDQUFDLENBQUE7SUFDL0MsQ0FBQztJQUVELE9BQU8sT0FBTyxDQUFBO0FBQ2YsQ0FBQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSw2QkFBNkIsQ0FDbEQsUUFBZ0MsRUFDaEMsSUFBTyxFQUNQLE1BQWMsRUFDZCxXQUF3Qjs7SUFFeEIsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFFBQXdCLENBQUE7SUFDbEQsTUFBTSxRQUFRLEdBQUcscUJBQVMsQ0FBQyxZQUFZLENBQUMsQ0FBQTtJQUN4QyxJQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDZCxNQUFNLElBQUkscUJBQWEsQ0FDdEIscUJBQXFCLEVBQ3JCLHlCQUF5QixZQUFZLEVBQUUsQ0FDdkMsQ0FBQTtJQUNGLENBQUM7SUFFRCxNQUFNLE1BQU0sR0FBRyxJQUFBLDhCQUFtQixFQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsUUFBUSxDQUFDLENBQUE7SUFDN0QsTUFBTSxHQUFHLEdBQUcsSUFBQSw4QkFBbUIsRUFBQyxJQUFJLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFBO0lBRXhELElBQUEsb0NBQTRCLEVBQUMsWUFBWSxFQUFFLE1BQU0sQ0FBQyxDQUFBO0lBRWxELE1BQU0sSUFBSSxHQUFHLE1BQU0sUUFBUSxDQUFDLDBCQUEwQixDQUFDO1FBQ3RELE9BQU8sRUFBRSxRQUFRO1FBQ2pCLE1BQU07UUFDTixNQUFNO1FBQ04sR0FBRyxFQUFFLFdBQVc7S0FDaEIsQ0FBQyxDQUFBO0lBRUYsR0FBRyxDQUFDLFlBQVksR0FBRyxJQUFBLDBCQUFrQixFQUFDLE1BQU0sQ0FBQyxDQUFBO0lBRTdDLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQSxJQUFJLGFBQUosSUFBSSx1QkFBSixJQUFJLENBQUUsbUJBQW1CLEtBQUksRUFBRSxDQUFBO0lBQzNELElBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQzVDLEdBQUcsQ0FBQyxtQkFBbUIsR0FBRyxtQkFBbUIsQ0FBQTtJQUM5QyxDQUFDO0lBRUQsSUFBSSxDQUFDLE9BQU8sR0FBRyxNQUFBLElBQUEsMEJBQWtCLEVBQUMsR0FBRyxDQUFDLG1DQUFJLEVBQUUsQ0FBQTtJQUU1QyxPQUFPLElBQUksQ0FBQTtBQUNaLENBQUM7QUFFRDs7OztHQUlHO0FBQ0gsU0FBZ0Isc0JBQXNCLENBQ3JDLGdCQUFrRCxFQUNsRCxnQkFBbUQ7SUFFbkQsTUFBTSxXQUFXLEdBQUcsSUFBQSw0QkFBc0IsRUFDekMsZ0JBQWdCO1NBQ2QsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sS0FBSyxpQ0FBMkIsQ0FBQyxxQ0FBcUMsQ0FBQztTQUMzRixHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQ3JCLENBQUE7SUFFRCxNQUFNLFdBQVcsR0FBRyxJQUFBLDRCQUFzQixFQUN6QyxnQkFBZ0I7U0FDZCxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLFFBQVEsQ0FBQztTQUNsQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQ3JCLENBQUE7SUFFRCxJQUFHLENBQUMsSUFBQSx5QkFBbUIsRUFBQyxXQUFXLEVBQUUsV0FBVyxDQUFDLEVBQUUsQ0FBQztRQUNuRCxNQUFNLHFCQUFhLENBQUMsVUFBVSxDQUM3QixrRUFBa0UsQ0FDbEUsQ0FBQTtJQUNGLENBQUM7SUFFRCxNQUFNLFdBQVcsR0FBRyxJQUFBLDRCQUFzQixFQUN6QyxnQkFBZ0I7U0FDZCxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLGlDQUEyQixDQUFDLHFDQUFxQyxDQUFDO1NBQzNGLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FDckIsQ0FBQTtJQUVELE1BQU0sV0FBVyxHQUFHLElBQUEsNEJBQXNCLEVBQ3pDLGdCQUFnQjtTQUNkLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLEtBQUssUUFBUSxDQUFDO1NBQ2xDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FDckI7UUFDQSwrQ0FBK0M7UUFDL0MsMENBQTBDO1FBQzFDLGtEQUFrRDtRQUNsRCxrREFBa0Q7U0FDakQsS0FBSyxDQUFDLENBQUMsRUFBRSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUE7SUFDOUIsSUFBRyxDQUFDLElBQUEseUJBQW1CLEVBQUMsV0FBVyxFQUFFLFdBQVcsQ0FBQyxFQUFFLENBQUM7UUFDbkQsTUFBTSxxQkFBYSxDQUFDLFVBQVUsQ0FDN0Isa0VBQWtFLENBQ2xFLENBQUE7SUFDRixDQUFDO0FBQ0YsQ0FBQztBQUVNLEtBQUssVUFBVSxpQkFBaUIsQ0FDdEMsVUFBNEMsRUFDNUMsTUFBYyxFQUNkLFFBQWtCLEVBQ2xCLFFBQW9CLEVBQ3BCLFFBQW9CO0lBR3BCLE1BQU0sRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLFFBQVEsRUFBRSxZQUFZLEVBQUUsR0FBRyxNQUFNLElBQUEsb0NBQWdCLEVBQUMsVUFBVSxFQUFFLE1BQU0sQ0FBQyxDQUFBO0lBRXRHLElBQUksa0JBQWtCLEdBQUcsVUFBVSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQSxDQUFDLHlEQUF5RDtJQUNuSCxJQUFJLGtCQUFrQixHQUFHLGtCQUFrQixDQUFBO0lBRTNDLFVBQVUsR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFBO0lBRTNDLE1BQU0sbUJBQW1CLEdBQWtDLEVBQUUsQ0FBQTtJQUU3RCxLQUFJLE1BQU0sQ0FBQyxDQUFDLEVBQUUsRUFDYixNQUFNLEVBQ04sT0FBTyxFQUNQLE1BQU0sRUFBRSxFQUFFLFFBQVEsRUFBRSxZQUFZLEVBQUUsR0FBRyxFQUFFLEVBQ3ZDLENBQUMsSUFBSSxVQUFVLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQztRQUM1Qix1REFBdUQ7UUFDdkQsTUFBTSxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsT0FBTyxFQUFFLFlBQVksRUFBRSxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUE7SUFDdEUsQ0FBQztJQUVELE9BQU87UUFDTixVQUFVLEVBQUUsbUJBQW1CO1FBQy9CLFFBQVEsRUFBRSxRQUFRO1FBQ2xCLFVBQVUsRUFBRSxVQUFVO0tBQ3RCLENBQUE7SUFFRCxLQUFLLFVBQVUsbUJBQW1CLENBQ2pDLE1BQW1DLEVBQ25DLE9BQW1CLEVBQ25CLFlBQTZDLEVBQzdDLFFBQXFDLEVBQ3JDLENBQVM7O1FBRVQsSUFBSSxDQUFDO1lBQ0osTUFBTSxRQUFRLEdBQUcsTUFBTSxLQUFLLGlDQUEyQjtpQkFDckQscUNBQXFDLENBQUE7WUFDdkMsTUFBTSxZQUFZLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUE7WUFDeEMsTUFBTSxPQUFPLEdBQUcsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLENBQUE7WUFDekMsSUFBRyxRQUFRLEVBQUUsQ0FBQztnQkFDYixrQkFBa0IsRUFBRSxDQUFBO1lBQ3JCLENBQUM7aUJBQU0sQ0FBQztnQkFDUCxrQkFBa0IsRUFBRSxDQUFBO1lBQ3JCLENBQUM7WUFFRCxJQUFJLFFBQVEsR0FBRyxJQUFJLENBQUE7WUFDbkIsSUFBSSxTQUFTLEdBQTJCLFNBQVMsQ0FBQTtZQUNqRCxJQUFJLGVBQXVCLENBQUE7WUFFM0IsSUFBRyxNQUFBLFlBQVksYUFBWixZQUFZLHVCQUFaLFlBQVksQ0FBRSxHQUFHLDBDQUFFLE1BQU0sRUFBRSxDQUFDO2dCQUM5QixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUEscUJBQWEsRUFDakMsWUFBWSxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQ3ZDLFVBQVUsRUFBRSxPQUFPLENBQ25CLENBQUE7Z0JBQ0QsU0FBUyxHQUFHLE1BQU0sQ0FBQyxTQUFTLENBQUE7Z0JBQzVCLFFBQVEsR0FBRyxLQUFLLENBQUE7Z0JBQ2hCLGVBQWUsR0FBRyxTQUFTLENBQUMsTUFBTSxDQUFBO1lBQ25DLENBQUM7aUJBQU0sSUFBRyxNQUFBLFFBQVEsYUFBUixRQUFRLHVCQUFSLFFBQVEsQ0FBRSxNQUFNLDBDQUFFLE1BQU0sRUFBRSxDQUFDO2dCQUNwQyxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUEsc0JBQWMsRUFDbEM7b0JBQ0MsVUFBVSxFQUFFLE9BQU87b0JBQ25CLFFBQVE7b0JBQ1IsTUFBTTtvQkFDTixXQUFXO29CQUNYLFFBQVEsRUFBRSxRQUFRO29CQUNsQixFQUFFLEVBQUUsTUFBTSxLQUFLLGlDQUEyQjt5QkFDeEMscUNBQXFDO3dCQUN0QyxDQUFDLENBQUMsUUFBUTt3QkFDVixDQUFDLENBQUMsUUFBUTtvQkFDWCxZQUFZLEVBQUUsUUFBUTt3QkFDckIsQ0FBQyxDQUFDLGtCQUFrQjt3QkFDcEIsQ0FBQyxDQUFDLGtCQUFrQjtpQkFDckIsQ0FDRCxDQUFBO2dCQUNELFNBQVMsR0FBRyxNQUFNLENBQUMsaUJBQWlCLENBQUE7Z0JBQ3BDLFFBQVEsR0FBRyxLQUFLLENBQUE7Z0JBQ2hCLGVBQWUsR0FBRyxTQUFTLENBQUMsTUFBTSxDQUFBO1lBQ25DLENBQUM7aUJBQU0sQ0FBQztnQkFDUCxTQUFTLEdBQUcsT0FBTyxDQUFBO2dCQUNuQixlQUFlLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQTtZQUNuQyxDQUFDO1lBRUQsbUJBQW1CLENBQUMsSUFBSSxDQUFDO2dCQUN4QixNQUFNLEVBQUUsTUFBTSxLQUFLLGlDQUEyQjtxQkFDNUMscUNBQXFDO29CQUN0QyxDQUFDLENBQUMsUUFBUTtvQkFDVixDQUFDLENBQUMsUUFBUTtnQkFDWCxRQUFRO2dCQUNSLE9BQU8sRUFBRSxTQUFTO2dCQUNsQixZQUFZO2dCQUNaLGVBQWU7YUFDZixDQUFDLENBQUE7UUFFSCxDQUFDO1FBQUMsT0FBTSxLQUFLLEVBQUUsQ0FBQztZQUNmLE1BQU0sSUFBSSxxQkFBYSxDQUN0QixxQkFBcUIsRUFDckIsbUNBQW1DLENBQUMsS0FBSyxLQUFLLEVBQUUsRUFDaEQ7Z0JBQ0MsU0FBUyxFQUFFLENBQUM7Z0JBQ1osS0FBSyxFQUFFLEtBQUs7YUFDWixDQUNELENBQUE7UUFDRixDQUFDO0lBQ0YsQ0FBQztBQUNGLENBQUM7QUFFRCxTQUFnQixnQkFBZ0IsQ0FBQyxPQUFtQjtJQUNuRCwyQ0FBMkM7SUFDM0MsT0FBTyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFBO0FBQ3hCLENBQUMifQ==

package/lib/server/utils/config-env.d.ts

@@ -1 +0,0 @@
-export {};

package/lib/server/utils/config-env.js

@@ -1,7 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const dotenv_1 = require("dotenv");
-const env_1 = require("../../utils/env");
-const nodeEnv = (0, env_1.getEnvVariable)('NODE_ENV') || 'development';
-(0, dotenv_1.config)({ path: `.env.${nodeEnv}` });
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY29uZmlnLWVudi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9zZXJ2ZXIvdXRpbHMvY29uZmlnLWVudi50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQUFBLG1DQUErQjtBQUMvQix1Q0FBOEM7QUFFOUMsTUFBTSxPQUFPLEdBQUcsSUFBQSxvQkFBYyxFQUFDLFVBQVUsQ0FBQyxJQUFJLGFBQWEsQ0FBQTtBQUMzRCxJQUFBLGVBQU0sRUFBQyxFQUFFLElBQUksRUFBRSxRQUFRLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQSJ9

package/lib/server/utils/dns.d.ts

@@ -1 +0,0 @@
-export declare function resolveHostnames(hostname: string): Promise<string[]>;

package/lib/server/utils/dns.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.resolveHostnames = resolveHostnames;
-const dns_1 = require("dns");
-const config_1 = require("../../config");
-setDnsServers();
-async function resolveHostnames(hostname) {
-    return new Promise((_resolve, reject) => {
-        (0, dns_1.resolve)(hostname, (err, addresses) => {
-            if (err) {
-                reject(new Error(`Could not resolve hostname: ${hostname}, ${err.message}`));
-            }
-            else {
-                _resolve(addresses);
-            }
-        });
-    });
-}
-function setDnsServers() {
-    (0, dns_1.setServers)(config_1.DNS_SERVERS);
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG5zLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlcnZlci91dGlscy9kbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFLQSw0Q0FjQztBQW5CRCw2QkFBeUM7QUFDekMsdUNBQXdDO0FBRXhDLGFBQWEsRUFBRSxDQUFBO0FBRVIsS0FBSyxVQUFVLGdCQUFnQixDQUFDLFFBQWdCO0lBQ3RELE9BQU8sSUFBSSxPQUFPLENBQVcsQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLEVBQUU7UUFDakQsSUFBQSxhQUFPLEVBQUMsUUFBUSxFQUFFLENBQUMsR0FBRyxFQUFFLFNBQVMsRUFBRSxFQUFFO1lBQ3BDLElBQUcsR0FBRyxFQUFFLENBQUM7Z0JBQ1IsTUFBTSxDQUNMLElBQUksS0FBSyxDQUNSLCtCQUErQixRQUFRLEtBQUssR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUN6RCxDQUNELENBQUE7WUFDRixDQUFDO2lCQUFNLENBQUM7Z0JBQ1AsUUFBUSxDQUFDLFNBQVMsQ0FBQyxDQUFBO1lBQ3BCLENBQUM7UUFDRixDQUFDLENBQUMsQ0FBQTtJQUNILENBQUMsQ0FBQyxDQUFBO0FBQ0gsQ0FBQztBQUVELFNBQVMsYUFBYTtJQUNyQixJQUFBLGdCQUFVLEVBQUMsb0JBQVcsQ0FBQyxDQUFBO0FBQ3hCLENBQUMifQ==

package/lib/server/utils/generics.d.ts

@@ -1,22 +0,0 @@
-import { IncomingMessage } from 'http';
-import { ServiceSignatureType } from '../../proto/api';
-/**
- * Sign message using the PRIVATE_KEY env var.
- */
-export declare function signAsAttestor(data: Uint8Array | string, scheme: ServiceSignatureType): Uint8Array<ArrayBufferLike> | Promise<Uint8Array<ArrayBufferLike>>;
-/**
- * Obtain the address on chain, from the PRIVATE_KEY env var.
- */
-export declare function getAttestorAddress(scheme: ServiceSignatureType): string;
-/**
- * Nice parse JSON with a key.
- * If the data is empty, returns an empty object.
- * And if the JSON is invalid, throws a bad request error,
- * with the key in the error message.
- */
-export declare function niceParseJsonObject(data: string, key: string): any;
-/**
- * Extract any initial messages sent via the query string,
- * in the `messages` parameter.
- */
-export declare function getInitialMessagesFromQuery(req: IncomingMessage): import("../../proto/api").RPCMessage[];

package/lib/server/utils/generics.js

@@ -1,59 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.signAsAttestor = signAsAttestor;
-exports.getAttestorAddress = getAttestorAddress;
-exports.niceParseJsonObject = niceParseJsonObject;
-exports.getInitialMessagesFromQuery = getInitialMessagesFromQuery;
-const tls_1 = require("@reclaimprotocol/tls");
-const api_1 = require("../../proto/api");
-const utils_1 = require("../../utils");
-const env_1 = require("../../utils/env");
-const signatures_1 = require("../../utils/signatures");
-const PRIVATE_KEY = (0, env_1.getEnvVariable)('PRIVATE_KEY');
-/**
- * Sign message using the PRIVATE_KEY env var.
- */
-function signAsAttestor(data, scheme) {
-    const { sign } = signatures_1.SIGNATURES[scheme];
-    return sign(typeof data === 'string' ? (0, tls_1.strToUint8Array)(data) : data, PRIVATE_KEY);
-}
-/**
- * Obtain the address on chain, from the PRIVATE_KEY env var.
- */
-function getAttestorAddress(scheme) {
-    const { getAddress, getPublicKey } = signatures_1.SIGNATURES[scheme];
-    const publicKey = getPublicKey(PRIVATE_KEY);
-    return getAddress(publicKey);
-}
-/**
- * Nice parse JSON with a key.
- * If the data is empty, returns an empty object.
- * And if the JSON is invalid, throws a bad request error,
- * with the key in the error message.
- */
-function niceParseJsonObject(data, key) {
-    if (!data) {
-        return {};
-    }
-    try {
-        return JSON.parse(data);
-    }
-    catch (e) {
-        throw utils_1.AttestorError.badRequest(`Invalid JSON in ${key}: ${e.message}`);
-    }
-}
-/**
- * Extract any initial messages sent via the query string,
- * in the `messages` parameter.
- */
-function getInitialMessagesFromQuery(req) {
-    const url = new URL(req.url, 'http://localhost');
-    const messagesB64 = url.searchParams.get('messages');
-    if (!(messagesB64 === null || messagesB64 === void 0 ? void 0 : messagesB64.length)) {
-        return [];
-    }
-    const msgsBytes = Buffer.from(messagesB64, 'base64');
-    const msgs = api_1.RPCMessages.decode(msgsBytes);
-    return msgs.messages;
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJpY3MuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VydmVyL3V0aWxzL2dlbmVyaWNzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBWUEsd0NBU0M7QUFLRCxnREFJQztBQVFELGtEQVlDO0FBTUQsa0VBVUM7QUFsRUQsOENBQXNEO0FBRXRELHVDQUFpRTtBQUNqRSxxQ0FBeUM7QUFDekMsdUNBQThDO0FBQzlDLHFEQUFpRDtBQUVqRCxNQUFNLFdBQVcsR0FBRyxJQUFBLG9CQUFjLEVBQUMsYUFBYSxDQUFFLENBQUE7QUFFbEQ7O0dBRUc7QUFDSCxTQUFnQixjQUFjLENBQzdCLElBQXlCLEVBQ3pCLE1BQTRCO0lBRTVCLE1BQU0sRUFBRSxJQUFJLEVBQUUsR0FBRyx1QkFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFBO0lBQ25DLE9BQU8sSUFBSSxDQUNWLE9BQU8sSUFBSSxLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsSUFBQSxxQkFBZSxFQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLEVBQ3ZELFdBQVcsQ0FDWCxDQUFBO0FBQ0YsQ0FBQztBQUVEOztHQUVHO0FBQ0gsU0FBZ0Isa0JBQWtCLENBQUMsTUFBNEI7SUFDOUQsTUFBTSxFQUFFLFVBQVUsRUFBRSxZQUFZLEVBQUUsR0FBRyx1QkFBVSxDQUFDLE1BQU0sQ0FBQyxDQUFBO0lBQ3ZELE1BQU0sU0FBUyxHQUFHLFlBQVksQ0FBQyxXQUFXLENBQUMsQ0FBQTtJQUMzQyxPQUFPLFVBQVUsQ0FBQyxTQUFTLENBQUMsQ0FBQTtBQUM3QixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFnQixtQkFBbUIsQ0FBQyxJQUFZLEVBQUUsR0FBVztJQUM1RCxJQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDVixPQUFPLEVBQUUsQ0FBQTtJQUNWLENBQUM7SUFFRCxJQUFJLENBQUM7UUFDSixPQUFPLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUE7SUFDeEIsQ0FBQztJQUFDLE9BQU0sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLHFCQUFhLENBQUMsVUFBVSxDQUM3QixtQkFBbUIsR0FBRyxLQUFLLENBQUMsQ0FBQyxPQUFPLEVBQUUsQ0FDdEMsQ0FBQTtJQUNGLENBQUM7QUFDRixDQUFDO0FBRUQ7OztHQUdHO0FBQ0gsU0FBZ0IsMkJBQTJCLENBQUMsR0FBb0I7SUFDL0QsTUFBTSxHQUFHLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLEdBQUksRUFBRSxrQkFBa0IsQ0FBQyxDQUFBO0lBQ2pELE1BQU0sV0FBVyxHQUFHLEdBQUcsQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFBO0lBQ3BELElBQUcsQ0FBQyxDQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxNQUFNLENBQUEsRUFBRSxDQUFDO1FBQ3pCLE9BQU8sRUFBRSxDQUFBO0lBQ1YsQ0FBQztJQUVELE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFBO0lBQ3BELE1BQU0sSUFBSSxHQUFHLGlCQUFXLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFBO0lBQzFDLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQTtBQUNyQixDQUFDIn0=

package/lib/server/utils/iso.d.ts

@@ -1 +0,0 @@
-export declare function isValidCountryCode(countryCode: string): boolean;