@reverbia/sdk 1.0.0 → 1.1.0-next.20251230221037

package/dist/react/chunk-T56Y62G7.mjs

@@ -0,0 +1,410 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __decorateClass = (decorators, target, key, kind) => {
+  var result = kind > 1 ? void 0 : kind ? __getOwnPropDesc(target, key) : target;
+  for (var i = decorators.length - 1, decorator; i >= 0; i--)
+    if (decorator = decorators[i])
+      result = (kind ? decorator(target, key, result) : decorator(result)) || result;
+  if (kind && result) __defProp(target, key, result);
+  return result;
+};
+
+// src/lib/validation.ts
+function isValidWalletAddress(address) {
+  if (!address || typeof address !== "string") return false;
+  const ethereumAddressRegex = /^0x[a-fA-F0-9]{40}$/;
+  return ethereumAddressRegex.test(address);
+}
+
+// src/react/useEncryption.ts
+var SIGN_MESSAGE = "The app is asking you to sign this message to generate encryption keys, which will be used to encrypt data and for encryption with cloud services.";
+var encryptionKeyStore = /* @__PURE__ */ new Map();
+var keyPairStore = /* @__PURE__ */ new Map();
+function getStoredKey(address) {
+  return encryptionKeyStore.get(address) ?? null;
+}
+function setStoredKey(address, keyHex) {
+  encryptionKeyStore.set(address, keyHex);
+}
+function clearEncryptionKey(address) {
+  encryptionKeyStore.delete(address);
+}
+function clearAllEncryptionKeys() {
+  encryptionKeyStore.clear();
+}
+function hexToBytes(hex) {
+  const cleanHex = hex.startsWith("0x") ? hex.slice(2) : hex;
+  const bytes = new Uint8Array(cleanHex.length / 2);
+  for (let i = 0; i < cleanHex.length; i += 2) {
+    bytes[i / 2] = parseInt(cleanHex.slice(i, i + 2), 16);
+  }
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+async function deriveKeyFromSignature(signature) {
+  const sigBytes = hexToBytes(signature);
+  const hashBuffer = await crypto.subtle.digest(
+    "SHA-256",
+    sigBytes.buffer
+  );
+  const hashBytes = new Uint8Array(hashBuffer);
+  return bytesToHex(hashBytes);
+}
+function getStoredKeyPair(address) {
+  return keyPairStore.get(address) ?? null;
+}
+function setStoredKeyPair(address, keyPair) {
+  keyPairStore.set(address, keyPair);
+}
+async function deriveKeyPairFromSignature(signature, walletAddress) {
+  const sigBytes = hexToBytes(signature);
+  const seedBuffer = await crypto.subtle.digest(
+    "SHA-256",
+    sigBytes.buffer
+  );
+  const seed = new Uint8Array(seedBuffer);
+  const addressBytes = hexToBytes(walletAddress);
+  const hkdfKey = await crypto.subtle.importKey(
+    "raw",
+    seed.buffer,
+    { name: "HKDF" },
+    false,
+    ["deriveBits"]
+  );
+  const saltBytes = new Uint8Array(addressBytes);
+  const derivedBits = await crypto.subtle.deriveBits(
+    {
+      name: "HKDF",
+      hash: "SHA-256",
+      salt: saltBytes,
+      // Use wallet address as salt for deterministic derivation
+      info: new TextEncoder().encode("ECDH-P256-KeyPair")
+      // Context info
+    },
+    hkdfKey,
+    256
+    // 32 bytes = 256 bits
+  );
+  const privateKeyBytes = new Uint8Array(derivedBits);
+  if (privateKeyBytes.every((b) => b === 0)) {
+    privateKeyBytes[31] = 1;
+  }
+  const privateKey = await crypto.subtle.importKey(
+    "pkcs8",
+    await createPKCS8PrivateKey(privateKeyBytes),
+    {
+      name: "ECDH",
+      namedCurve: "P-256"
+    },
+    true,
+    // extractable so we can export to JWK
+    ["deriveBits", "deriveKey"]
+  );
+  const privateKeyJwk = await crypto.subtle.exportKey("jwk", privateKey);
+  if (!privateKeyJwk.x || !privateKeyJwk.y) {
+    throw new Error("Failed to derive public key from private key");
+  }
+  const publicKey = await crypto.subtle.importKey(
+    "jwk",
+    {
+      kty: "EC",
+      crv: "P-256",
+      x: privateKeyJwk.x,
+      y: privateKeyJwk.y
+    },
+    {
+      name: "ECDH",
+      namedCurve: "P-256"
+    },
+    true,
+    // extractable
+    []
+    // no key usage needed for public key
+  );
+  return {
+    privateKey,
+    publicKey
+  };
+}
+async function createPKCS8PrivateKey(privateKeyBytes) {
+  const ecPublicKeyOID = new Uint8Array([
+    6,
+    7,
+    42,
+    134,
+    72,
+    206,
+    61,
+    2,
+    1
+  ]);
+  const prime256v1OID = new Uint8Array([
+    6,
+    8,
+    42,
+    134,
+    72,
+    206,
+    61,
+    3,
+    1,
+    7
+  ]);
+  const version = new Uint8Array([2, 1, 1]);
+  const privateKeyOctet = new Uint8Array([
+    4,
+    32,
+    // OCTET STRING, 32 bytes
+    ...privateKeyBytes
+  ]);
+  const ecPrivateKeyContent = new Uint8Array([
+    ...version,
+    ...privateKeyOctet
+  ]);
+  const ecPrivateKeyLength = ecPrivateKeyContent.length;
+  const ecPrivateKeySeq = new Uint8Array([
+    48,
+    // SEQUENCE
+    ecPrivateKeyLength,
+    // Length
+    ...ecPrivateKeyContent
+  ]);
+  const wrappedPrivateKey = new Uint8Array([
+    4,
+    // OCTET STRING
+    ecPrivateKeySeq.length,
+    // Length
+    ...ecPrivateKeySeq
+  ]);
+  const algorithmIdContent = new Uint8Array([
+    ...ecPublicKeyOID,
+    ...prime256v1OID
+  ]);
+  const algorithmIdLength = algorithmIdContent.length;
+  const algorithmIdSeq = new Uint8Array([
+    48,
+    // SEQUENCE
+    algorithmIdLength,
+    // Length
+    ...algorithmIdContent
+  ]);
+  const pkcs8Version = new Uint8Array([2, 1, 0]);
+  const pkcs8Content = new Uint8Array([
+    ...pkcs8Version,
+    ...algorithmIdSeq,
+    ...wrappedPrivateKey
+  ]);
+  const pkcs8ContentLength = pkcs8Content.length;
+  const pkcs8Seq = new Uint8Array([
+    48,
+    // SEQUENCE
+    pkcs8ContentLength,
+    // Length
+    ...pkcs8Content
+  ]);
+  return pkcs8Seq.buffer;
+}
+async function getEncryptionKey(address) {
+  const keyHex = getStoredKey(address);
+  if (!keyHex) {
+    throw new Error(
+      "Encryption key not found. Please sign a message to generate your encryption key."
+    );
+  }
+  const keyBytes = hexToBytes(keyHex);
+  return crypto.subtle.importKey(
+    "raw",
+    keyBytes.buffer,
+    { name: "AES-GCM" },
+    false,
+    ["encrypt", "decrypt"]
+  );
+}
+async function encryptData(plaintext, address) {
+  if (!isValidWalletAddress(address)) {
+    throw new Error(`Invalid wallet address: ${address}. Wallet address must be a valid Ethereum address (0x followed by 40 hex characters).`);
+  }
+  const key = await getEncryptionKey(address);
+  const plaintextBytes = typeof plaintext === "string" ? new TextEncoder().encode(plaintext) : plaintext;
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const encryptedData = await crypto.subtle.encrypt(
+    {
+      name: "AES-GCM",
+      iv
+    },
+    key,
+    plaintextBytes.buffer
+  );
+  const encryptedBytes = new Uint8Array(encryptedData);
+  const combined = new Uint8Array(iv.length + encryptedBytes.length);
+  combined.set(iv, 0);
+  combined.set(encryptedBytes, iv.length);
+  return bytesToHex(combined);
+}
+async function decryptData(encryptedHex, address) {
+  if (!isValidWalletAddress(address)) {
+    throw new Error(`Invalid wallet address: ${address}. Wallet address must be a valid Ethereum address (0x followed by 40 hex characters).`);
+  }
+  const key = await getEncryptionKey(address);
+  const combined = hexToBytes(encryptedHex);
+  const iv = combined.slice(0, 12);
+  const encryptedData = combined.slice(12);
+  const decryptedData = await crypto.subtle.decrypt(
+    {
+      name: "AES-GCM",
+      iv
+    },
+    key,
+    encryptedData
+  );
+  return new TextDecoder().decode(decryptedData);
+}
+async function decryptDataBytes(encryptedHex, address) {
+  const key = await getEncryptionKey(address);
+  const combined = hexToBytes(encryptedHex);
+  const iv = combined.slice(0, 12);
+  const encryptedData = combined.slice(12);
+  const decryptedData = await crypto.subtle.decrypt(
+    {
+      name: "AES-GCM",
+      iv
+    },
+    key,
+    encryptedData
+  );
+  return new Uint8Array(decryptedData);
+}
+function hasEncryptionKey(address) {
+  return getStoredKey(address) !== null;
+}
+function isRateLimitError(error) {
+  if (!error) return false;
+  if (typeof error === "object") {
+    const err = error;
+    if (err.status === 429 || err.statusCode === 429) return true;
+    if (err.code === "429" || err.code === "RATE_LIMIT_EXCEEDED") return true;
+    if (err.message?.includes("429") || err.message?.toLowerCase().includes("rate limit")) return true;
+  }
+  if (typeof error === "string") {
+    return error.includes("429") || error.toLowerCase().includes("rate limit");
+  }
+  return false;
+}
+async function signMessageWithRetry(signMessage, message, maxRetries = 3, initialDelay = 1e3) {
+  let lastError;
+  for (let attempt = 0; attempt <= maxRetries; attempt++) {
+    try {
+      return await signMessage(message);
+    } catch (error) {
+      lastError = error;
+      if (!isRateLimitError(error)) {
+        throw error;
+      }
+      if (attempt === maxRetries) {
+        throw new Error(
+          `Rate limit exceeded: Unable to sign message after ${maxRetries + 1} attempts. Please wait a moment and try again. Privy allows 5 signatures per 60 seconds.`
+        );
+      }
+      const delay = Math.min(
+        initialDelay * Math.pow(2, attempt),
+        6e4
+        // Max 60 seconds
+      );
+      if (process.env.NODE_ENV === "development") {
+        console.warn(
+          `[Encryption] Rate limit hit (attempt ${attempt + 1}/${maxRetries + 1}). Retrying in ${Math.ceil(delay / 1e3)}s...`
+        );
+      }
+      await new Promise((resolve) => setTimeout(resolve, delay));
+    }
+  }
+  throw lastError;
+}
+async function requestEncryptionKey(walletAddress, signMessage) {
+  if (!isValidWalletAddress(walletAddress)) {
+    throw new Error(`Invalid wallet address: ${walletAddress}. Wallet address must be a valid Ethereum address (0x followed by 40 hex characters).`);
+  }
+  const existingKey = getStoredKey(walletAddress);
+  if (existingKey) {
+    try {
+      const { reEncryptUnencryptedTokens } = await import("./storage-Z2NBANCK.mjs");
+      await reEncryptUnencryptedTokens(walletAddress);
+    } catch {
+    }
+    return;
+  }
+  const signature = await signMessageWithRetry(signMessage, SIGN_MESSAGE);
+  const encryptionKey = await deriveKeyFromSignature(signature);
+  setStoredKey(walletAddress, encryptionKey);
+  try {
+    const { reEncryptUnencryptedTokens } = await import("./storage-Z2NBANCK.mjs");
+    await reEncryptUnencryptedTokens(walletAddress);
+  } catch {
+  }
+}
+async function getKeyPair(address, signMessage) {
+  const existingKeyPair = getStoredKeyPair(address);
+  if (existingKeyPair) {
+    return existingKeyPair;
+  }
+  await requestKeyPair(address, signMessage);
+  const keyPair = getStoredKeyPair(address);
+  if (!keyPair) {
+    throw new Error(
+      "Key pair not found. Please sign a message to generate your key pair."
+    );
+  }
+  return keyPair;
+}
+async function requestKeyPair(walletAddress, signMessage) {
+  const existingKeyPair = getStoredKeyPair(walletAddress);
+  if (existingKeyPair) {
+    return;
+  }
+  const signature = await signMessageWithRetry(signMessage, SIGN_MESSAGE);
+  const keyPair = await deriveKeyPairFromSignature(signature, walletAddress);
+  setStoredKeyPair(walletAddress, keyPair);
+}
+async function exportPublicKey(address, signMessage) {
+  const keyPair = await getKeyPair(address, signMessage);
+  const spkiBuffer = await crypto.subtle.exportKey("spki", keyPair.publicKey);
+  const spkiBytes = new Uint8Array(spkiBuffer);
+  return btoa(String.fromCharCode(...spkiBytes));
+}
+function hasKeyPair(address) {
+  return getStoredKeyPair(address) !== null;
+}
+function clearKeyPair(address) {
+  keyPairStore.delete(address);
+}
+function clearAllKeyPairs() {
+  keyPairStore.clear();
+}
+function useEncryption(signMessage) {
+  return {
+    requestEncryptionKey: (walletAddress) => requestEncryptionKey(walletAddress, signMessage),
+    requestKeyPair: (walletAddress) => requestKeyPair(walletAddress, signMessage),
+    exportPublicKey: (walletAddress) => exportPublicKey(walletAddress, signMessage),
+    hasKeyPair: (walletAddress) => hasKeyPair(walletAddress),
+    clearKeyPair: (walletAddress) => clearKeyPair(walletAddress)
+  };
+}
+
+export {
+  __decorateClass,
+  clearEncryptionKey,
+  clearAllEncryptionKeys,
+  encryptData,
+  decryptData,
+  decryptDataBytes,
+  hasEncryptionKey,
+  requestEncryptionKey,
+  requestKeyPair,
+  exportPublicKey,
+  hasKeyPair,
+  clearKeyPair,
+  clearAllKeyPairs,
+  useEncryption
+};