npm - @reclaimprotocol/attestor-core - Versions diffs - 5.0.1-beta.1 → 5.0.1-beta.2 - Mend

@reclaimprotocol/attestor-core 5.0.1-beta.1 → 5.0.1-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (261) hide show

package/lib/avs/abis/avsDirectoryABI.d.ts +60 -0
package/lib/avs/abis/avsDirectoryABI.js +343 -0
package/lib/avs/abis/delegationABI.d.ts +126 -0
package/lib/avs/abis/delegationABI.js +4 -0
package/lib/avs/abis/registryABI.d.ts +136 -0
package/lib/avs/abis/registryABI.js +728 -0
package/lib/avs/client/create-claim-on-avs.d.ts +12 -0
package/lib/avs/client/create-claim-on-avs.js +168 -0
package/lib/avs/config.d.ts +7 -0
package/lib/avs/config.js +26 -0
package/lib/avs/contracts/ReclaimServiceManager.d.ts +601 -0
package/lib/avs/contracts/ReclaimServiceManager.js +0 -0
package/lib/avs/contracts/common.d.ts +50 -0
package/lib/avs/contracts/common.js +0 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.d.ts +890 -0
package/lib/avs/contracts/factories/ReclaimServiceManager__factory.js +1183 -0
package/lib/avs/contracts/factories/index.d.ts +1 -0
package/lib/avs/contracts/factories/index.js +4 -0
package/lib/avs/contracts/index.d.ts +3 -0
package/lib/avs/contracts/index.js +6 -0
package/lib/avs/types/index.d.ts +55 -0
package/lib/avs/types/index.js +0 -0
package/lib/avs/utils/contracts.d.ts +21 -0
package/lib/avs/utils/contracts.js +53 -0
package/lib/avs/utils/register.d.ts +27 -0
package/lib/avs/utils/register.js +74 -0
package/lib/avs/utils/tasks.d.ts +22 -0
package/lib/avs/utils/tasks.js +48 -0
package/lib/client/create-claim.d.ts +5 -0
package/lib/client/create-claim.js +461 -0
package/lib/client/index.d.ts +3 -0
package/lib/client/index.js +3 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.d.ts +16 -0
package/lib/client/tunnels/make-rpc-tcp-tunnel.js +53 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.d.ts +26 -0
package/lib/client/tunnels/make-rpc-tls-tunnel.js +127 -0
package/lib/client/utils/attestor-pool.d.ts +8 -0
package/lib/client/utils/attestor-pool.js +24 -0
package/lib/client/utils/client-socket.d.ts +11 -0
package/lib/client/utils/client-socket.js +120 -0
package/lib/client/utils/message-handler.d.ts +4 -0
package/lib/client/utils/message-handler.js +97 -0
package/lib/config/index.d.ts +31 -0
package/lib/config/index.js +62 -0
package/lib/external-rpc/benchmark.d.ts +1 -0
package/lib/external-rpc/benchmark.js +82 -0
package/lib/external-rpc/event-bus.d.ts +7 -0
package/lib/external-rpc/event-bus.js +17 -0
package/lib/external-rpc/global.d.js +0 -0
package/lib/external-rpc/handle-incoming-msg.d.ts +2 -0
package/lib/external-rpc/handle-incoming-msg.js +241 -0
package/lib/external-rpc/index.d.ts +3 -0
package/lib/external-rpc/index.js +3 -0
package/lib/external-rpc/jsc-polyfills/1.d.ts +14 -0
package/lib/external-rpc/jsc-polyfills/1.js +80 -0
package/lib/external-rpc/jsc-polyfills/2.d.ts +1 -0
package/lib/external-rpc/jsc-polyfills/2.js +15 -0
package/lib/external-rpc/jsc-polyfills/event.d.ts +10 -0
package/lib/external-rpc/jsc-polyfills/event.js +19 -0
package/lib/external-rpc/jsc-polyfills/index.d.ts +2 -0
package/lib/external-rpc/jsc-polyfills/index.js +2 -0
package/lib/external-rpc/jsc-polyfills/ws.d.ts +21 -0
package/lib/external-rpc/jsc-polyfills/ws.js +83 -0
package/lib/external-rpc/setup-browser.d.ts +6 -0
package/lib/external-rpc/setup-browser.js +33 -0
package/lib/external-rpc/setup-jsc.d.ts +24 -0
package/lib/external-rpc/setup-jsc.js +22 -0
package/lib/external-rpc/types.d.ts +213 -0
package/lib/external-rpc/types.js +0 -0
package/lib/external-rpc/utils.d.ts +20 -0
package/lib/external-rpc/utils.js +100 -0
package/lib/external-rpc/zk.d.ts +14 -0
package/lib/external-rpc/zk.js +58 -0
package/lib/index.d.ts +9 -0
package/lib/index.js +13 -0
package/lib/mechain/abis/governanceABI.d.ts +50 -0
package/lib/mechain/abis/governanceABI.js +461 -0
package/lib/mechain/abis/taskABI.d.ts +157 -0
package/lib/mechain/abis/taskABI.js +512 -0
package/lib/mechain/client/create-claim-on-mechain.d.ts +10 -0
package/lib/mechain/client/create-claim-on-mechain.js +33 -0
package/lib/mechain/client/index.d.ts +1 -0
package/lib/mechain/client/index.js +1 -0
package/lib/mechain/constants/index.d.ts +3 -0
package/lib/mechain/constants/index.js +8 -0
package/lib/mechain/index.d.ts +2 -0
package/lib/mechain/index.js +2 -0
package/lib/mechain/types/index.d.ts +23 -0
package/lib/mechain/types/index.js +0 -0
package/lib/proto/api.d.ts +651 -0
package/lib/proto/api.js +4250 -0
package/lib/proto/tee-bundle.d.ts +156 -0
package/lib/proto/tee-bundle.js +1296 -0
package/lib/providers/http/index.d.ts +18 -0
package/lib/providers/http/index.js +640 -0
package/lib/providers/http/patch-parse5-tree.d.ts +6 -0
package/lib/providers/http/patch-parse5-tree.js +34 -0
package/lib/providers/http/utils.d.ts +77 -0
package/lib/providers/http/utils.js +283 -0
package/lib/providers/index.d.ts +4 -0
package/lib/providers/index.js +7 -0
package/lib/scripts/build-browser.d.ts +1 -0
package/lib/scripts/build-jsc.d.ts +1 -0
package/lib/scripts/build-lib.d.ts +1 -0
package/lib/scripts/check-avs-registration.d.ts +1 -0
package/lib/scripts/check-avs-registration.js +28 -0
package/lib/scripts/fallbacks/crypto.d.ts +1 -0
package/lib/scripts/fallbacks/crypto.js +4 -0
package/lib/scripts/fallbacks/empty.d.ts +3 -0
package/lib/scripts/fallbacks/empty.js +4 -0
package/lib/scripts/fallbacks/re2.d.ts +1 -0
package/lib/scripts/fallbacks/re2.js +7 -0
package/lib/scripts/fallbacks/snarkjs.d.ts +1 -0
package/lib/scripts/fallbacks/snarkjs.js +10 -0
package/lib/scripts/fallbacks/stwo.d.ts +6 -0
package/lib/scripts/fallbacks/stwo.js +159 -0
package/lib/scripts/generate-provider-types.d.ts +5 -0
package/lib/scripts/generate-provider-types.js +101 -0
package/lib/scripts/generate-receipt.d.ts +9 -0
package/lib/scripts/generate-receipt.js +101 -0
package/lib/scripts/generate-toprf-keys.d.ts +1 -0
package/lib/scripts/generate-toprf-keys.js +24 -0
package/lib/scripts/jsc-cli-rpc.d.ts +1 -0
package/lib/scripts/jsc-cli-rpc.js +35 -0
package/lib/scripts/register-avs-operator.d.ts +1 -0
package/lib/scripts/register-avs-operator.js +3 -0
package/lib/scripts/start-server.d.ts +1 -0
package/lib/scripts/start-server.js +11 -0
package/lib/scripts/update-avs-metadata.d.ts +1 -0
package/lib/scripts/update-avs-metadata.js +20 -0
package/lib/scripts/utils.d.ts +1 -0
package/lib/scripts/utils.js +10 -0
package/lib/scripts/whitelist-operator.d.ts +1 -0
package/lib/scripts/whitelist-operator.js +16 -0
package/lib/server/create-server.d.ts +8 -0
package/lib/server/create-server.js +105 -0
package/lib/server/handlers/claimTeeBundle.d.ts +6 -0
package/lib/server/handlers/claimTeeBundle.js +232 -0
package/lib/server/handlers/claimTunnel.d.ts +2 -0
package/lib/server/handlers/claimTunnel.js +80 -0
package/lib/server/handlers/completeClaimOnChain.d.ts +2 -0
package/lib/server/handlers/completeClaimOnChain.js +29 -0
package/lib/server/handlers/createClaimOnChain.d.ts +2 -0
package/lib/server/handlers/createClaimOnChain.js +32 -0
package/lib/server/handlers/createTaskOnMechain.d.ts +2 -0
package/lib/server/handlers/createTaskOnMechain.js +57 -0
package/lib/server/handlers/createTunnel.d.ts +2 -0
package/lib/server/handlers/createTunnel.js +98 -0
package/lib/server/handlers/disconnectTunnel.d.ts +2 -0
package/lib/server/handlers/disconnectTunnel.js +8 -0
package/lib/server/handlers/fetchCertificateBytes.d.ts +2 -0
package/lib/server/handlers/fetchCertificateBytes.js +57 -0
package/lib/server/handlers/index.d.ts +4 -0
package/lib/server/handlers/index.js +25 -0
package/lib/server/handlers/init.d.ts +2 -0
package/lib/server/handlers/init.js +33 -0
package/lib/server/handlers/toprf.d.ts +2 -0
package/lib/server/handlers/toprf.js +19 -0
package/lib/server/index.d.ts +4 -0
package/lib/server/index.js +4 -0
package/lib/server/socket.d.ts +13 -0
package/lib/server/socket.js +112 -0
package/lib/server/tunnels/make-tcp-tunnel.d.ts +22 -0
package/lib/server/tunnels/make-tcp-tunnel.js +202 -0
package/lib/server/utils/apm.d.ts +11 -0
package/lib/server/utils/apm.js +29 -0
package/lib/server/utils/assert-valid-claim-request.d.ts +31 -0
package/lib/server/utils/assert-valid-claim-request.js +354 -0
package/lib/server/utils/config-env.d.ts +1 -0
package/lib/server/utils/config-env.js +4 -0
package/lib/server/utils/dns.d.ts +1 -0
package/lib/server/utils/dns.js +24 -0
package/lib/server/utils/gcp-attestation.d.ts +17 -0
package/lib/server/utils/gcp-attestation.js +237 -0
package/lib/server/utils/generics.d.ts +22 -0
package/lib/server/utils/generics.js +45 -0
package/lib/server/utils/iso.d.ts +1 -0
package/lib/server/utils/iso.js +259 -0
package/lib/server/utils/keep-alive.d.ts +7 -0
package/lib/server/utils/keep-alive.js +38 -0
package/lib/server/utils/nitro-attestation.d.ts +33 -0
package/lib/server/utils/nitro-attestation.js +249 -0
package/lib/server/utils/oprf-raw.d.ts +21 -0
package/lib/server/utils/oprf-raw.js +61 -0
package/lib/server/utils/process-handshake.d.ts +13 -0
package/lib/server/utils/process-handshake.js +233 -0
package/lib/server/utils/proxy-session.d.ts +1 -0
package/lib/server/utils/proxy-session.js +6 -0
package/lib/server/utils/tee-oprf-mpc-verification.d.ts +16 -0
package/lib/server/utils/tee-oprf-mpc-verification.js +86 -0
package/lib/server/utils/tee-oprf-verification.d.ts +24 -0
package/lib/server/utils/tee-oprf-verification.js +151 -0
package/lib/server/utils/tee-transcript-reconstruction.d.ts +24 -0
package/lib/server/utils/tee-transcript-reconstruction.js +140 -0
package/lib/server/utils/tee-verification.d.ts +28 -0
package/lib/server/utils/tee-verification.js +358 -0
package/lib/server/utils/validation.d.ts +2 -0
package/lib/server/utils/validation.js +45 -0
package/lib/types/bgp.d.ts +11 -0
package/lib/types/bgp.js +0 -0
package/lib/types/claims.d.ts +70 -0
package/lib/types/claims.js +0 -0
package/lib/types/client.d.ts +163 -0
package/lib/types/client.js +0 -0
package/lib/types/general.d.ts +76 -0
package/lib/types/general.js +0 -0
package/lib/types/handlers.d.ts +10 -0
package/lib/types/handlers.js +0 -0
package/lib/types/index.d.ts +10 -0
package/lib/types/index.js +10 -0
package/lib/types/providers.d.ts +161 -0
package/lib/types/providers.gen.d.ts +443 -0
package/lib/types/providers.gen.js +16 -0
package/lib/types/providers.js +0 -0
package/lib/types/rpc.d.ts +35 -0
package/lib/types/rpc.js +0 -0
package/lib/types/signatures.d.ts +28 -0
package/lib/types/signatures.js +0 -0
package/lib/types/tunnel.d.ts +18 -0
package/lib/types/tunnel.js +0 -0
package/lib/types/zk.d.ts +38 -0
package/lib/types/zk.js +0 -0
package/lib/utils/auth.d.ts +8 -0
package/lib/utils/auth.js +71 -0
package/lib/utils/b64-json.d.ts +2 -0
package/lib/utils/b64-json.js +17 -0
package/lib/utils/bgp-listener.d.ts +7 -0
package/lib/utils/bgp-listener.js +123 -0
package/lib/utils/claims.d.ts +33 -0
package/lib/utils/claims.js +89 -0
package/lib/utils/env.d.ts +3 -0
package/lib/utils/env.js +19 -0
package/lib/utils/error.d.ts +26 -0
package/lib/utils/error.js +54 -0
package/lib/utils/generics.d.ts +114 -0
package/lib/utils/generics.js +268 -0
package/lib/utils/http-parser.d.ts +59 -0
package/lib/utils/http-parser.js +201 -0
package/lib/utils/index.d.ts +13 -0
package/lib/utils/index.js +13 -0
package/lib/utils/logger.d.ts +13 -0
package/lib/utils/logger.js +82 -0
package/lib/utils/prepare-packets.d.ts +16 -0
package/lib/utils/prepare-packets.js +69 -0
package/lib/utils/redactions.d.ts +73 -0
package/lib/utils/redactions.js +135 -0
package/lib/utils/retries.d.ts +12 -0
package/lib/utils/retries.js +26 -0
package/lib/utils/signatures/eth.d.ts +2 -0
package/lib/utils/signatures/eth.js +31 -0
package/lib/utils/signatures/index.d.ts +5 -0
package/lib/utils/signatures/index.js +12 -0
package/lib/utils/socket-base.d.ts +23 -0
package/lib/utils/socket-base.js +96 -0
package/lib/utils/tls.d.ts +2 -0
package/lib/utils/tls.js +58 -0
package/lib/utils/ws.d.ts +7 -0
package/lib/utils/ws.js +22 -0
package/lib/utils/zk.d.ts +71 -0
package/lib/utils/zk.js +625 -0
package/package.json +2 -2

package/lib/server/handlers/init.js ADDED Viewed

@@ -0,0 +1,33 @@
+import { getBytes } from "ethers";
+import { getAttestorAddress } from "../../server/utils/generics.js";
+import { assertValidAuthRequest } from "../../utils/auth.js";
+import { getEnvVariable } from "../../utils/env.js";
+import { AttestorError } from "../../utils/index.js";
+import { SIGNATURES } from "../../utils/signatures/index.js";
+const TOPRF_PUBLIC_KEY = getEnvVariable("TOPRF_PUBLIC_KEY");
+const init = async (initRequest, { client }) => {
+  if (client.isInitialised) {
+    throw AttestorError.badRequest("Client already initialised");
+  }
+  if (!SIGNATURES[initRequest.signatureType]) {
+    throw AttestorError.badRequest("Unsupported signature type");
+  }
+  if (initRequest.clientVersion <= 0) {
+    throw AttestorError.badRequest("Unsupported client version");
+  }
+  await assertValidAuthRequest(initRequest.auth, initRequest.signatureType);
+  if (initRequest.auth?.data) {
+    client.logger = client.logger.child({
+      userId: initRequest.auth.data.id
+    });
+  }
+  client.metadata = initRequest;
+  client.isInitialised = true;
+  return {
+    toprfPublicKey: TOPRF_PUBLIC_KEY ? getBytes(TOPRF_PUBLIC_KEY) : new Uint8Array(),
+    attestorAddress: getAttestorAddress(initRequest.signatureType)
+  };
+};
+export {
+  init
+};

package/lib/server/handlers/toprf.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ import type { RPCHandler } from '#src/types/index.ts';
2	+ export declare const toprf: RPCHandler<'toprf'>;

package/lib/server/handlers/toprf.js ADDED Viewed

@@ -0,0 +1,19 @@
+import { getBytes } from "ethers";
+import { getEnvVariable } from "../../utils/env.js";
+import { getEngineString, makeDefaultOPRFOperator } from "../../utils/index.js";
+const toprf = async ({ maskedData, engine }, { logger }) => {
+  const PRIVATE_KEY_STR = getEnvVariable("TOPRF_SHARE_PRIVATE_KEY");
+  const PUBLIC_KEY_STR = getEnvVariable("TOPRF_SHARE_PUBLIC_KEY");
+  if (!PRIVATE_KEY_STR || !PUBLIC_KEY_STR) {
+    throw new Error("private/public keys not set. Cannot execute OPRF");
+  }
+  const PRIVATE_KEY = getBytes(PRIVATE_KEY_STR);
+  const PUBLIC_KEY = getBytes(PUBLIC_KEY_STR);
+  const engineStr = getEngineString(engine);
+  const operator = makeDefaultOPRFOperator("chacha20", engineStr, logger);
+  const res = await operator.evaluateOPRF(PRIVATE_KEY, maskedData);
+  return { ...res, publicKeyShare: PUBLIC_KEY };
+};
+export {
+  toprf
+};

package/lib/server/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from './utils/config-env.ts';
+export * from './create-server.ts';
+export * from './tunnels/make-tcp-tunnel.ts';
+export * from './utils/assert-valid-claim-request.ts';

package/lib/server/index.js ADDED Viewed

@@ -0,0 +1,4 @@
+export * from "./utils/config-env.js";
+export * from "./create-server.js";
+export * from "./tunnels/make-tcp-tunnel.js";
+export * from "./utils/assert-valid-claim-request.js";

package/lib/server/socket.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+import type { WebSocket as WS } from 'ws';
+import type { TunnelMessage } from '#src/proto/api.ts';
+import type { AcceptNewConnectionOpts, BGPListener, IAttestorServerSocket } from '#src/types/index.ts';
+import { AttestorSocket } from '#src/utils/socket-base.ts';
+export declare class AttestorServerSocket extends AttestorSocket implements IAttestorServerSocket {
+    tunnels: IAttestorServerSocket['tunnels'];
+    readonly sessionId: number;
+    readonly bgpListener: BGPListener | undefined;
+    private constructor();
+    getTunnel(tunnelId: number): import("#src/types/index.ts").Tunnel<import("#src/types/index.ts").TCPSocketProperties>;
+    removeTunnel(tunnelId: TunnelMessage['tunnelId']): void;
+    static acceptConnection(socket: WS, { req, logger, bgpListener }: AcceptNewConnectionOpts): Promise<AttestorServerSocket | undefined>;
+}

package/lib/server/socket.js ADDED Viewed

@@ -0,0 +1,112 @@
+import { promisify } from "util";
+import { handleMessage } from "../client/utils/message-handler.js";
+import { DEFAULT_RPC_TIMEOUT_MS } from "../config/index.js";
+import { HANDLERS } from "../server/handlers/index.js";
+import { getApm } from "../server/utils/apm.js";
+import { getInitialMessagesFromQuery } from "../server/utils/generics.js";
+import { AttestorError, generateSessionId } from "../utils/index.js";
+import { AttestorSocket } from "../utils/socket-base.js";
+class AttestorServerSocket extends AttestorSocket {
+  tunnels = {};
+  sessionId;
+  bgpListener;
+  constructor(socket, sessionId, bgpListener, logger) {
+    super(socket, {}, logger);
+    this.sessionId = sessionId;
+    this.bgpListener = bgpListener;
+    this.addEventListener("rpc-request", handleRpcRequest.bind(this));
+    this.addEventListener("tunnel-message", handleTunnelMessage.bind(this));
+    this.addEventListener("connection-terminated", () => {
+      for (const tunnelId in this.tunnels) {
+        const tunnel = this.tunnels[tunnelId];
+        void tunnel.close(new Error("WS session terminated"));
+      }
+    });
+  }
+  getTunnel(tunnelId) {
+    const tunnel = this.tunnels[tunnelId];
+    if (!tunnel) {
+      throw new AttestorError(
+        "ERROR_NOT_FOUND",
+        `Tunnel "${tunnelId}" not found`
+      );
+    }
+    return tunnel;
+  }
+  removeTunnel(tunnelId) {
+    delete this.tunnels[tunnelId];
+  }
+  static async acceptConnection(socket, { req, logger, bgpListener }) {
+    const bindSend = socket.send.bind(socket);
+    socket.send = promisify(bindSend);
+    const sessionId = generateSessionId();
+    logger = logger.child({ sessionId });
+    const client = new AttestorServerSocket(
+      socket,
+      sessionId,
+      bgpListener,
+      logger
+    );
+    try {
+      const initMsgs = getInitialMessagesFromQuery(req);
+      logger.trace(
+        { initMsgs: initMsgs.length },
+        "new connection, validating..."
+      );
+      for (const msg of initMsgs) {
+        await handleMessage.call(client, msg);
+      }
+      logger.debug("connection accepted");
+    } catch (err) {
+      logger.error({ err }, "error in new connection");
+      if (client.isOpen) {
+        await client.terminateConnection(
+          err instanceof AttestorError ? err : AttestorError.badRequest(err.message)
+        );
+      }
+      return;
+    }
+    return client;
+  }
+}
+async function handleTunnelMessage({ data: { tunnelId, message } }) {
+  try {
+    const tunnel = this.getTunnel(tunnelId);
+    await tunnel.write(message);
+  } catch (err) {
+    this.logger?.error({ err, tunnelId }, "error writing to tunnel");
+  }
+}
+async function handleRpcRequest({ data: { data, requestId, respond, type } }) {
+  const logger = this.logger.child({ rpc: type, requestId });
+  const apm = getApm();
+  const tx = apm?.startTransaction(type);
+  tx?.setLabel("requestId", requestId);
+  tx?.setLabel("sessionId", this.sessionId.toString());
+  const userId = this.metadata.auth?.data?.id;
+  if (userId) {
+    tx?.setLabel("authUserId", userId);
+  }
+  const timeout = setTimeout(() => {
+    logger.warn({ type, requestId }, "RPC took too long to respond");
+  }, DEFAULT_RPC_TIMEOUT_MS);
+  try {
+    logger.debug({ data }, "handling RPC request");
+    const handler = HANDLERS[type];
+    const res = await handler(data, { client: this, logger, tx });
+    respond(res);
+    logger.debug({ res }, "handled RPC request");
+    tx?.setOutcome("success");
+  } catch (err) {
+    logger.error({ err }, "error in RPC request");
+    respond(AttestorError.fromError(err));
+    tx?.setOutcome("failure");
+    apm?.captureError(err, { parent: tx });
+  } finally {
+    clearTimeout(timeout);
+    tx?.end();
+  }
+}
+export {
+  AttestorServerSocket
+};

package/lib/server/tunnels/make-tcp-tunnel.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { CreateTunnelRequest } from '#src/proto/api.ts';
+import type { Logger } from '#src/types/index.ts';
+import type { MakeTunnelFn, TCPSocketProperties } from '#src/types/index.ts';
+type ExtraOpts = Omit<CreateTunnelRequest, 'id' | 'initialMessage'> & {
+    logger: Logger;
+};
+/**
+ * Builds a TCP tunnel to the given host and port.
+ * If a geolocation is provided -- an HTTPS proxy is used
+ * to connect to the host.
+ * If a proxySessionId is provided -- a static ip is used with HTTPS proxy
+ * across multiple requests with this same proxySessionId.
+ *
+ * HTTPS proxy essentially creates an opaque tunnel to the
+ * host using the CONNECT method. Any data can be sent through
+ * this tunnel to the end host.
+ * https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/CONNECT
+ *
+ * The tunnel also retains a transcript of all messages sent and received.
+ */
+export declare const makeTcpTunnel: MakeTunnelFn<ExtraOpts, TCPSocketProperties>;
+export {};

package/lib/server/tunnels/make-tcp-tunnel.js ADDED Viewed

@@ -0,0 +1,202 @@
+import { HttpsProxyAgent } from "https-proxy-agent";
+import { Socket } from "net";
+import { CONNECTION_TIMEOUT_MS } from "../../config/index.js";
+import { resolveHostnames } from "../../server/utils/dns.js";
+import { isValidCountryCode } from "../../server/utils/iso.js";
+import { isValidProxySessionId } from "../../server/utils/proxy-session.js";
+import { getEnvVariable } from "../../utils/env.js";
+import { AttestorError } from "../../utils/index.js";
+const HTTPS_PROXY_URL = getEnvVariable("HTTPS_PROXY_URL");
+const makeTcpTunnel = async ({
+  onClose,
+  onMessage,
+  logger,
+  ...opts
+}) => {
+  const transcript = [];
+  const socket = await connectTcp({ ...opts, logger });
+  let closed = false;
+  socket.on("data", (message) => {
+    if (closed) {
+      logger.warn("socket is closed, dropping message");
+      return;
+    }
+    onMessage?.(message);
+    transcript.push({ sender: "server", message });
+  });
+  socket.once("close", () => onSocketClose(void 0));
+  return {
+    socket,
+    transcript,
+    createRequest: opts,
+    async write(data) {
+      transcript.push({ sender: "client", message: data });
+      await new Promise((resolve, reject) => {
+        socket.write(data, (err) => {
+          if (err) {
+            reject(err);
+          } else {
+            resolve();
+          }
+        });
+      });
+    },
+    close(err) {
+      if (closed) {
+        return;
+      }
+      socket.destroy(err);
+    }
+  };
+  function onSocketClose(err) {
+    if (closed) {
+      return;
+    }
+    logger.debug({ err }, "closing socket");
+    closed = true;
+    onClose?.(err);
+    onClose = void 0;
+  }
+};
+async function connectTcp({ host, port, geoLocation, proxySessionId, logger }) {
+  let connectTimeout;
+  let socket;
+  try {
+    await new Promise(async (resolve, reject) => {
+      try {
+        connectTimeout = setTimeout(
+          () => reject(
+            new AttestorError(
+              "ERROR_NETWORK_ERROR",
+              "Server connection timed out"
+            )
+          ),
+          CONNECTION_TIMEOUT_MS
+        );
+        socket = await getSocket({
+          host,
+          port,
+          geoLocation,
+          proxySessionId,
+          logger
+        });
+        socket.once("connect", resolve);
+        socket.once("error", reject);
+        socket.once("end", () => reject(
+          new AttestorError(
+            "ERROR_NETWORK_ERROR",
+            "connection closed"
+          )
+        ));
+      } catch (err) {
+        reject(err);
+      }
+    });
+    logger.debug({ addr: `${host}:${port}` }, "connected");
+    return socket;
+  } catch (err) {
+    socket?.end();
+    throw err;
+  } finally {
+    clearTimeout(connectTimeout);
+  }
+}
+async function getSocket(opts) {
+  const { logger } = opts;
+  try {
+    return await _getSocket(opts);
+  } catch (err) {
+    if (!(err instanceof AttestorError) || err.data?.code !== 403) {
+      throw err;
+    }
+    const addrs = await resolveHostnames(opts.host);
+    logger.info(
+      { addrs, host: opts.host },
+      "failed to connect due to restricted IP, trying via raw addr"
+    );
+    for (const addr of addrs) {
+      try {
+        return await _getSocket({ ...opts, host: addr });
+      } catch (err2) {
+        logger.error(
+          { addr, err: err2 },
+          "failed to connect to host"
+        );
+      }
+    }
+    throw err;
+  }
+}
+async function _getSocket({
+  host,
+  port,
+  geoLocation,
+  proxySessionId,
+  logger
+}) {
+  const socket = new Socket();
+  if ((proxySessionId || geoLocation) && !HTTPS_PROXY_URL) {
+    logger.warn(
+      { geoLocation, proxySessionId },
+      "geoLocation or proxySessionId provided but no proxy URL found"
+    );
+    geoLocation = "";
+    proxySessionId = "";
+  }
+  if (!geoLocation && !proxySessionId) {
+    socket.connect({ host, port });
+    return socket;
+  }
+  if (!isValidCountryCode(geoLocation)) {
+    throw AttestorError.badRequest(
+      `Geolocation "${geoLocation}" is invalid. Must be 2 letter ISO country code`,
+      { geoLocation }
+    );
+  }
+  if (proxySessionId && !isValidProxySessionId(proxySessionId)) {
+    throw AttestorError.badRequest(
+      `proxySessionId "${proxySessionId}" is invalid. Must be a lowercase alphanumeric string of length 8-14 characters. eg. "mystring12345", "something1234".`,
+      { proxySessionId }
+    );
+  }
+  const agentUrl = HTTPS_PROXY_URL.replace(
+    "{{geoLocation}}",
+    geoLocation?.toLowerCase() || ""
+  ).replace(
+    "{{proxySessionId}}",
+    proxySessionId ? `-session-${proxySessionId}` : ""
+  );
+  const agent = new HttpsProxyAgent(agentUrl);
+  const waitForProxyRes = new Promise((resolve) => {
+    socket.once("proxyConnect", resolve);
+  });
+  const proxySocket = await agent.connect(
+    // ignore, because https-proxy-agent
+    // expects an http request object
+    // @ts-ignore
+    socket,
+    { host, port, timeout: CONNECTION_TIMEOUT_MS }
+  );
+  const res = await waitForProxyRes;
+  if (res.statusCode !== 200) {
+    logger.error(
+      { geoLocation, proxySessionId, res },
+      "Proxy geo location or session id failed"
+    );
+    throw new AttestorError(
+      "ERROR_PROXY_ERROR",
+      `Proxy via ${geoLocation ? `geo location "${geoLocation}"` : ""}${geoLocation && proxySessionId ? ", or " : ""}${proxySessionId ? `session id "${proxySessionId}"` : ""} failed with status code: ${res.statusCode}, message: ${res.statusText}`,
+      {
+        code: res.statusCode,
+        message: res.statusText
+      }
+    );
+  }
+  process.nextTick(() => {
+    proxySocket.emit("connect");
+  });
+  return proxySocket;
+}
+export {
+  makeTcpTunnel
+};

package/lib/server/utils/apm.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+import type { Agent } from 'elastic-apm-node';
+/**
+ * Initialises the APM agent if required,
+ * and returns it.
+ * If ELASTIC_APM_SERVER_URL & ELASTIC_APM_SECRET_TOKEN
+ * are not set will return undefined
+ *
+ * Utilises the standard env variables mentioned
+ * here: https://www.elastic.co/guide/en/apm/agent/nodejs/current/custom-stack.html#custom-stack-advanced-configuration
+ */
+export declare function getApm(): Agent | undefined;

package/lib/server/utils/apm.js ADDED Viewed

@@ -0,0 +1,29 @@
+import ElasticAPM from "elastic-apm-node";
+import { getEnvVariable } from "../../utils/env.js";
+import { logger } from "../../utils/logger.js";
+let apm;
+function getApm() {
+  if (!getEnvVariable("ELASTIC_APM_SERVER_URL") || !getEnvVariable("ELASTIC_APM_SECRET_TOKEN")) {
+    logger.info(
+      "ELASTIC_APM_SERVER_URL or ELASTIC_APM_SECRET_TOKEN not found in env, APM agent not initialised"
+    );
+    return void 0;
+  }
+  if (!apm) {
+    const sampleRate = +(getEnvVariable("ELASTIC_APM_SAMPLE_RATE") || "0.1");
+    apm = ElasticAPM.start({
+      serviceName: "reclaim_attestor",
+      serviceVersion: "4.0.0",
+      transactionSampleRate: sampleRate,
+      instrumentIncomingHTTPRequests: true,
+      usePathAsTransactionName: true,
+      instrument: true,
+      captureHeaders: true
+    });
+    logger.info("initialised APM agent");
+  }
+  return apm;
+}
+export {
+  getApm
+};

package/lib/server/utils/assert-valid-claim-request.d.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import type { ZKEngine } from '@reclaimprotocol/zk-symmetric-crypto';
+import type { InitRequest, ProviderClaimInfo } from '#src/proto/api.ts';
+import { ClaimTunnelRequest } from '#src/proto/api.ts';
+import type { IDecryptedTranscript, Logger, OPRFRawReplacement, ProviderCtx, TCPSocketProperties, Transcript } from '#src/types/index.ts';
+/**
+ * Asserts that the claim request is valid.
+ *
+ * 1. We begin by verifying the signature of the claim request.
+ * 2. Next, we produce the transcript of the TLS exchange
+ * from the proofs provided by the client.
+ * 3. We then pull the provider the client is trying to claim
+ * from
+ * 4. We then use the provider's verification function to verify
+ *  whether the claim is valid.
+ *
+ * If any of these steps fail, we throw an error.
+ */
+export declare function assertValidClaimRequest(request: ClaimTunnelRequest, metadata: InitRequest, logger: Logger): Promise<import("#src/proto/api.ts").ClaimRequestData>;
+/**
+ * Verify that the transcript contains a valid claim
+ * for the provider.
+ */
+export declare function assertValidProviderTranscript<T extends ProviderClaimInfo>(applData: Transcript<Uint8Array>, info: T, logger: Logger, providerCtx: ProviderCtx, oprfRawReplacements?: OPRFRawReplacement[]): Promise<T>;
+/**
+ * Verify that the transcript provided by the client
+ * matches the transcript of the tunnel, the server
+ * has created.
+ */
+export declare function assertTranscriptsMatch(clientTranscript: ClaimTunnelRequest['transcript'], tunnelTranscript: TCPSocketProperties['transcript']): void;
+export declare function decryptTranscript(transcript: ClaimTunnelRequest['transcript'], logger: Logger, zkEngine: ZKEngine, serverIV: Uint8Array, clientIV: Uint8Array): Promise<IDecryptedTranscript>;
+export declare function getWithoutHeader(message: Uint8Array): Uint8Array<ArrayBuffer>;