@reclaimprotocol/attestor-core 5.0.1-beta.13 → 5.0.1-beta.16

package/lib/types/index.js

@@ -1,10 +0,0 @@
-export * from "./providers.js";
-export * from "./general.js";
-export * from "./signatures.js";
-export * from "./claims.js";
-export * from "./zk.js";
-export * from "./client.js";
-export * from "./rpc.js";
-export * from "./tunnel.js";
-export * from "./handlers.js";
-export * from "./bgp.js";

package/lib/types/providers.gen.js

@@ -1,16 +0,0 @@
-const HttpProviderParametersJson = { "title": "HttpProviderParameters", "type": "object", "required": ["url", "method", "responseMatches"], "properties": { "url": { "type": "string", "format": "url", "description": "which URL does the request have to be made to Has to be a valid https URL for eg. https://amazon.in/orders?q=abcd" }, "method": { "type": "string", "enum": ["GET", "POST", "PUT", "PATCH"] }, "geoLocation": { "type": "string", "nullable": true, "description": "Specify the geographical location from where to proxy the request. 2-letter ISO country code or parameter (public or secret)" }, "proxySessionId": { "type": "string", "nullable": true, "description": 'Specify the unique session id for allowing use of same proxy ip across multiple requests. Can be a smallcase alphanumeric string of length 8-14 characters. eg. "mystring12345", "something1234".' }, "headers": { "type": "object", "description": "Any additional headers to be sent with the request Note: these will be revealed to the attestor & won't be redacted from the transcript. To add hidden headers, use 'secretParams.headers' instead", "additionalProperties": { "type": "string" } }, "body": { "description": "Body of the HTTP request", "oneOf": [{ "type": "string", "format": "binary" }, { "type": "string" }] }, "writeRedactionMode": { "type": "string", "description": `If the API doesn't perform well with the "key-update" method of redaction, you can switch to "zk" mode by setting this to "zk"`, "enum": ["zk", "key-update"] }, "additionalClientOptions": { "type": "object", "description": "Apply TLS configuration when creating the tunnel to the attestor.", "nullable": true, "properties": { "supportedProtocolVersions": { "type": "array", "minItems": 1, "uniqueItems": true, "items": { "type": "string", "enum": ["TLS1_2", "TLS1_3"] } } } }, "responseMatches": { "type": "array", "minItems": 1, "uniqueItems": true, "description": "The attestor will use this list to check that the redacted response does indeed match all the provided strings/regexes", "items": { "type": "object", "required": ["value", "type"], "properties": { "value": { "type": "string", "description": '"regex": the response must match the regex "contains": the response must contain the provided\n string exactly' }, "type": { "type": "string", "description": "The string/regex to match against", "enum": ["regex", "contains"] }, "invert": { "type": "boolean", "description": "Inverses the matching logic. Fail when match is found and proceed otherwise" } }, "additionalProperties": false } }, "responseRedactions": { "type": "array", "uniqueItems": true, "description": 'which portions to select from a response. These are selected in order, xpath => jsonPath => regex * These redactions are done client side and only the selected portions are sent to the attestor. The attestor will only be able to see the selected portions alongside the first line of the HTTP response (i.e. "HTTP/1.1 200 OK") * To disable any redactions, pass an empty array', "items": { "type": "object", "properties": { "xPath": { "type": "string", "nullable": true, "description": 'expect an HTML response, and to contain a certain xpath for eg. "/html/body/div.a1/div.a2/span.a5"' }, "jsonPath": { "type": "string", "nullable": true, "description": "expect a JSON response, retrieve the item at this path using dot notation for e.g. 'email.addresses.0'" }, "regex": { "type": "string", "nullable": true, "description": "select a regex match from the response" }, "hash": { "type": "string", "description": `If provided, the value inside will be hashed instead of being redacted. Useful for cases where the data inside is an identifiying piece of information that you don't want to reveal to the attestor, eg. an email address.
-If the hash function produces more bytes than the original value, the hash will be truncated.
-Eg. if hash is enabled, the original value is "hello", and hashed is "a1b2c", then the attestor will only see "a1b2c".
-Note: if a regex with named groups is provided, only the named groups will be hashed.`, "enum": ["oprf", "oprf-mpc", "oprf-raw"] } }, "additionalProperties": false } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in URL, responseMatches, responseRedactions, body, geolocation. Those in URL, responseMatches & geo will be put into context and signed This value will NOT be included in provider hash", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
-const HttpProviderSecretParametersJson = { "title": "HttpProviderSecretParameters", "type": "object", "description": "Secret parameters to be used with HTTP provider. None of the values in this object will be shown to the attestor", "properties": { "cookieStr": { "type": "string", "description": "cookie string for authorisation." }, "authorisationHeader": { "type": "string", "description": "authorisation header value" }, "headers": { "type": "object", "description": "Headers that need to be hidden from the attestor", "additionalProperties": { "type": "string" } }, "paramValues": { "type": "object", "description": "A map of parameter values which are user in form of {{param}} in body these parameters will NOT be shown to attestor and extracted", "additionalProperties": { "type": "string" } } }, "additionalProperties": false };
-const PROVIDER_SCHEMAS = {
-  http: {
-    parameters: HttpProviderParametersJson,
-    secretParameters: HttpProviderSecretParametersJson
-  }
-};
-export {
-  HttpProviderParametersJson,
-  HttpProviderSecretParametersJson,
-  PROVIDER_SCHEMAS
-};

package/lib/utils/auth.js

@@ -1,71 +0,0 @@
-import { getBytes } from "ethers";
-import { DEFAULT_AUTH_EXPIRY_S } from "#src/config/index.js";
-import { AuthenticatedUserData } from "#src/proto/api.js";
-import { getEnvVariable } from "#src/utils/env.js";
-import { AttestorError } from "#src/utils/error.js";
-import { unixTimestampSeconds } from "#src/utils/generics.js";
-import { SelectedServiceSignature, SIGNATURES } from "#src/utils/signatures/index.js";
-async function assertValidAuthRequest(request, signatureType) {
-  const publicKey = getEnvVariable("AUTHENTICATION_PUBLIC_KEY");
-  if (!request) {
-    if (publicKey) {
-      throw new AttestorError(
-        "ERROR_AUTHENTICATION_FAILED",
-        "User must be authenticated"
-      );
-    }
-    return;
-  }
-  if (!publicKey) {
-    throw new AttestorError(
-      "ERROR_BAD_REQUEST",
-      "The attestor is not configured for authentication"
-    );
-  }
-  const { signature, data } = request;
-  if (!data) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Missing data in auth request"
-    );
-  }
-  if (data.expiresAt < unixTimestampSeconds()) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Authentication request has expired"
-    );
-  }
-  const proto = AuthenticatedUserData.encode(data).finish();
-  const signatureAlg = SIGNATURES[signatureType];
-  const address = signatureAlg.getAddress(
-    getBytes(publicKey)
-  );
-  const verified = await signatureAlg.verify(proto, signature, address);
-  if (!verified) {
-    throw new AttestorError(
-      "ERROR_AUTHENTICATION_FAILED",
-      "Signature verification failed"
-    );
-  }
-}
-async function createAuthRequest(_data, privateKey) {
-  const createdAt = unixTimestampSeconds();
-  const data = {
-    createdAt,
-    expiresAt: createdAt + DEFAULT_AUTH_EXPIRY_S,
-    id: "",
-    hostWhitelist: [],
-    ..._data
-  };
-  const proto = AuthenticatedUserData.encode(data).finish();
-  const signature = await SelectedServiceSignature.sign(proto, privateKey);
-  const request = {
-    data,
-    signature
-  };
-  return request;
-}
-export {
-  assertValidAuthRequest,
-  createAuthRequest
-};

package/lib/utils/b64-json.js

@@ -1,17 +0,0 @@
-import { decodeBase64, encodeBase64 } from "ethers";
-const B64_JSON_REPLACER = (key, value) => {
-  if (value instanceof Uint8Array || typeof value === "object" && value && "buffer" in value && value.buffer instanceof ArrayBuffer) {
-    return { type: "uint8array", value: encodeBase64(value) };
-  }
-  return value;
-};
-const B64_JSON_REVIVER = (key, value) => {
-  if (value?.type === "uint8array") {
-    return decodeBase64(value.value);
-  }
-  return value;
-};
-export {
-  B64_JSON_REPLACER,
-  B64_JSON_REVIVER
-};

package/lib/utils/bgp-listener.js

@@ -1,123 +0,0 @@
-import CIDR from "ip-cidr";
-import { BGP_WS_URL } from "#src/config/index.js";
-import { makeWebSocket } from "#src/utils/ws.js";
-const ANNOUNCEMENT_OVERLAP = "announcement-overlap";
-class BGPAnnouncementOverlapEvent extends Event {
-  data;
-  constructor(data) {
-    super(ANNOUNCEMENT_OVERLAP);
-    this.data = data;
-  }
-}
-function createBgpListener(logger) {
-  let ws;
-  let closed = false;
-  const targetIps = /* @__PURE__ */ new Set();
-  const eventTarget = new EventTarget();
-  openWs();
-  return {
-    onOverlap(ips, callback) {
-      for (const ip of ips) {
-        targetIps.add(ip);
-      }
-      eventTarget.addEventListener(
-        ANNOUNCEMENT_OVERLAP,
-        _callback
-      );
-      return () => {
-        for (const ip of ips) {
-          targetIps.delete(ip);
-        }
-        eventTarget.removeEventListener(
-          ANNOUNCEMENT_OVERLAP,
-          _callback
-        );
-      };
-      function _callback(event) {
-        callback(event.data);
-      }
-    },
-    close() {
-      ws.onclose = null;
-      ws.onerror = null;
-      ws.close();
-      closed = true;
-    }
-  };
-  function openWs() {
-    logger.debug("connecting to BGP websocket");
-    ws = makeWebSocket(BGP_WS_URL);
-    ws.onopen = onOpen;
-    ws.onerror = (ev) => onClose(ev);
-    ws.onclose = () => onClose(new Error("Unexpected close"));
-    ws.onmessage = ({ data }) => {
-      const str = typeof data === "string" ? data : data.toString();
-      try {
-        onMessage(str);
-      } catch (err) {
-        logger.error({ data, err }, "error processing BGP message");
-      }
-    };
-  }
-  function onOpen() {
-    const subscriptionMessage = {
-      type: "ris_subscribe",
-      data: {
-        type: "UPDATE"
-      }
-    };
-    ws.send(JSON.stringify(subscriptionMessage));
-    logger.info("connected to BGP websocket");
-  }
-  function onClose(err) {
-    if (closed) {
-      return;
-    }
-    logger.info({ err }, "BGP websocket closed");
-    if (!err) {
-      return;
-    }
-    logger.info("reconnecting to BGP websocket");
-    openWs();
-  }
-  function onMessage(message) {
-    const data = JSON.parse(message);
-    const announcements = data?.data?.announcements;
-    logger.trace({ data }, "got BGP update");
-    if (!Array.isArray(announcements)) {
-      return;
-    }
-    const asPath = data?.data?.path;
-    for (const announcement of announcements) {
-      const prefixes = announcement?.prefixes;
-      const nextHop = announcement?.["next_hop"];
-      const hasPrefixes = prefixes?.length && (nextHop || asPath);
-      if (!hasPrefixes) {
-        return;
-      }
-      for (const prefix of prefixes) {
-        if (!overlapsTargetIps(prefix)) {
-          continue;
-        }
-        eventTarget.dispatchEvent(
-          new BGPAnnouncementOverlapEvent({ prefix })
-        );
-      }
-    }
-  }
-  function overlapsTargetIps(prefix) {
-    if (prefix.endsWith("/0")) {
-      return false;
-    }
-    const cidr = new CIDR(prefix);
-    for (const ip of targetIps) {
-      if (cidr.contains(ip)) {
-        return true;
-      }
-    }
-    return false;
-  }
-}
-export {
-  createBgpListener
-};

package/lib/utils/claims.js

@@ -1,89 +0,0 @@
-import canonicalize from "canonicalize";
-import { keccak256 } from "ethers";
-import { DEFAULT_METADATA } from "#src/config/index.js";
-import { ClaimTunnelResponse } from "#src/proto/api.js";
-import { SIGNATURES, strToUint8Array } from "#src/utils/index.js";
-function createSignDataForClaim(data) {
-  const lines = [
-    getIdentifierFromClaimInfo(data),
-    // we lowercase the owner to ensure that the
-    // ETH addresses always serialize the same way
-    data.owner.toLowerCase(),
-    data.timestampS.toString(),
-    data.epoch.toString()
-  ];
-  return lines.join("\n");
-}
-async function assertValidClaimSignatures({
-  signatures,
-  ...res
-}, metadata = DEFAULT_METADATA) {
-  if (!signatures) {
-    throw new Error("No signatures provided");
-  }
-  const {
-    resultSignature,
-    claimSignature,
-    attestorAddress
-  } = signatures;
-  const { verify } = SIGNATURES[metadata.signatureType];
-  if (signatures?.resultSignature) {
-    const resBytes = ClaimTunnelResponse.encode(ClaimTunnelResponse.create(res)).finish();
-    const verified = await verify(resBytes, resultSignature, attestorAddress);
-    if (!verified) {
-      throw new Error("Invalid result signature");
-    }
-  }
-  if (!res.claim) {
-    return;
-  }
-  const signData = createSignDataForClaim(res.claim);
-  const verifiedClaim = await verify(
-    strToUint8Array(signData),
-    claimSignature,
-    attestorAddress
-  );
-  if (!verifiedClaim) {
-    throw new Error("Invalid claim signature");
-  }
-}
-function getIdentifierFromClaimInfo(info) {
-  if (info.context?.length > 0) {
-    try {
-      const ctx = JSON.parse(info.context);
-      info.context = canonicalStringify(ctx);
-    } catch {
-      throw new Error("unable to parse non-empty context. Must be JSON");
-    }
-  }
-  const str = `${info.provider}
-${info.parameters}
-${info.context || ""}`;
-  return keccak256(strToUint8Array(str)).toLowerCase();
-}
-function canonicalStringify(params) {
-  if (!params) {
-    return "";
-  }
-  return canonicalize(params) || "";
-}
-function hashProviderParams(params) {
-  const filteredParams = {
-    url: params.url,
-    method: params.method,
-    body: params.body,
-    responseMatches: params.responseMatches,
-    responseRedactions: params.responseRedactions
-  };
-  const serializedParams = canonicalStringify(filteredParams);
-  return keccak256(
-    strToUint8Array(serializedParams)
-  ).toLowerCase();
-}
-export {
-  assertValidClaimSignatures,
-  canonicalStringify,
-  createSignDataForClaim,
-  getIdentifierFromClaimInfo,
-  hashProviderParams
-};

package/lib/utils/env.js

@@ -1,19 +0,0 @@
-function detectEnvironment() {
-  if (typeof navigator !== "undefined" && navigator.product === "ReactNative") {
-    return "react-native";
-  }
-  if (typeof window !== "undefined") {
-    return "browser";
-  }
-  return "node";
-}
-function getEnvVariable(name) {
-  if (typeof process === "undefined") {
-    return void 0;
-  }
-  return process?.env[name];
-}
-export {
-  detectEnvironment,
-  getEnvVariable
-};

package/lib/utils/error.js

@@ -1,54 +0,0 @@
-import { ErrorCode, ErrorData } from "#src/proto/api.js";
-const PROTO_ERROR = ErrorData.fromJSON({});
-class AttestorError extends Error {
-  name = "AttestorError";
-  code;
-  data;
-  constructor(code, message, data) {
-    super(message);
-    this.code = code;
-    this.data = data;
-  }
-  /**
-   * Encodes the error as a ErrorData
-   * protobuf message
-   */
-  toProto() {
-    return ErrorData.create({
-      code: ErrorCode[this.code],
-      message: this.message,
-      data: JSON.stringify(this.data)
-    });
-  }
-  static fromProto(data = PROTO_ERROR) {
-    return new AttestorError(
-      typeof data.code === "number" ? getKeyForValue(ErrorCode, data.code) || "UNRECOGNIZED" : data.code,
-      data.message,
-      data.data ? JSON.parse(data.data) : void 0
-    );
-  }
-  static fromError(err, code = "ERROR_INTERNAL") {
-    if (err instanceof AttestorError) {
-      return err;
-    }
-    return new AttestorError(code, err.message);
-  }
-  static badRequest(message, data) {
-    return new AttestorError(
-      "ERROR_BAD_REQUEST",
-      message,
-      data
-    );
-  }
-}
-function getKeyForValue(obj, value) {
-  for (const key in obj) {
-    if (obj[key] === value) {
-      return key;
-    }
-  }
-  return void 0;
-}
-export {
-  AttestorError
-};