@thru/passkey 0.2.13 → 0.2.14

package/src/server/handlers.ts

@@ -0,0 +1,93 @@
+import type { PasskeyContextResult } from './types';
+import { createPasskeyChallenge } from './challenge';
+import { submitPasskeyTransaction } from './submit';
+import type {
+  PasskeyChallengeSubmitPayload,
+  ThruClient,
+  TransactionResult,
+} from './types';
+
+export function createPasskeyHandlers<P>(opts: {
+  buildContext: (params: P) => Promise<PasskeyContextResult>;
+  adminPublicKey: Uint8Array;
+  adminPrivateKey: string;
+  client: ThruClient;
+  challengeTtlMs?: number;
+}) {
+  const pendingContexts = new Map<
+    string,
+    { context: PasskeyContextResult; createdAt: number }
+  >();
+  const challengeTtlMs = opts.challengeTtlMs ?? 5 * 60_000;
+
+  function createPendingContextKey(
+    walletAddress: string,
+    nonce: string,
+    challenge: string
+  ): string {
+    return `${walletAddress}:${nonce}:${challenge}`;
+  }
+
+  function prunePendingContexts(now = Date.now()): void {
+    for (const [nonce, entry] of pendingContexts.entries()) {
+      if (now - entry.createdAt > challengeTtlMs) {
+        pendingContexts.delete(nonce);
+      }
+    }
+  }
+
+  return {
+    challenge: async (walletAddress: string, params: P) => {
+      prunePendingContexts();
+
+      const context = await opts.buildContext(params);
+      const challenge = await createPasskeyChallenge({
+        client: opts.client,
+        walletAddress,
+        accountCtx: context.accountCtx,
+        invokeIx: context.invokeIx,
+      });
+
+      pendingContexts.set(
+        createPendingContextKey(walletAddress, challenge.nonce, challenge.challenge),
+        {
+          context,
+          createdAt: Date.now(),
+        }
+      );
+
+      return challenge;
+    },
+    submit: async (
+      walletAddress: string,
+      params: P,
+      payload: PasskeyChallengeSubmitPayload
+    ): Promise<TransactionResult> => {
+      void params;
+      prunePendingContexts();
+
+      const pendingKey = createPendingContextKey(
+        walletAddress,
+        payload.nonce,
+        payload.challenge
+      );
+      const pending = pendingContexts.get(pendingKey);
+      if (!pending) {
+        throw new Error('Missing or expired challenge nonce');
+      }
+
+      pendingContexts.delete(pendingKey);
+      const { nonce: _nonce, challenge: _challenge, ...signaturePayload } = payload;
+
+      return submitPasskeyTransaction({
+        client: opts.client,
+        adminPublicKey: opts.adminPublicKey,
+        adminPrivateKey: opts.adminPrivateKey,
+        walletAddress,
+        accountCtx: pending.context.accountCtx,
+        invokeIx: pending.context.invokeIx,
+        ...signaturePayload,
+      });
+    },
+  };
+}

package/src/server/index.ts

@@ -0,0 +1,13 @@
+export type {
+  ThruClient,
+  PasskeySignaturePayload,
+  PasskeyChallengeSubmitPayload,
+  TransactionResult,
+  PasskeyChallengeResult,
+  PasskeyContextResult,
+} from './types';
+
+export { createPasskeyWallet } from './create-wallet';
+export { createPasskeyChallenge } from './challenge';
+export { submitPasskeyTransaction } from './submit';
+export { createPasskeyHandlers } from './handlers';

package/src/server/submit.ts

@@ -0,0 +1,47 @@
+import {
+  PASSKEY_MANAGER_PROGRAM_ADDRESS,
+  concatenateInstructions,
+  encodeValidateInstruction,
+  hexToBytes,
+} from '@thru/passkey-manager';
+import type { AccountContext } from '@thru/passkey-manager';
+import { trackTransaction } from './utils';
+import type {
+  PasskeySignaturePayload,
+  ThruClient,
+  TransactionResult,
+} from './types';
+
+export async function submitPasskeyTransaction(opts: {
+  client: ThruClient;
+  adminPublicKey: Uint8Array;
+  adminPrivateKey: string;
+  walletAddress: string;
+  accountCtx: AccountContext;
+  invokeIx: Uint8Array;
+} & PasskeySignaturePayload): Promise<TransactionResult> {
+  const validateIx = encodeValidateInstruction({
+    walletAccountIdx: opts.accountCtx.walletAccountIdx,
+    authIdx: 0,
+    signatureR: hexToBytes(opts.signatureR),
+    signatureS: hexToBytes(opts.signatureS),
+    authenticatorData: Buffer.from(opts.authenticatorData, 'base64'),
+    clientDataJSON: Buffer.from(opts.clientDataJSON, 'base64'),
+  });
+
+  const instructionData = concatenateInstructions([validateIx, opts.invokeIx]);
+  const transaction = await opts.client.transactions.build({
+    feePayer: { publicKey: opts.adminPublicKey },
+    program: PASSKEY_MANAGER_PROGRAM_ADDRESS,
+    instructionData,
+    accounts: {
+      readWrite: opts.accountCtx.readWriteAddresses,
+      readOnly: opts.accountCtx.readOnlyAddresses,
+    },
+    header: { fee: 0n },
+  });
+
+  await transaction.sign(opts.adminPrivateKey);
+  const signature = await opts.client.transactions.send(transaction.toWire());
+  return trackTransaction(opts.client, signature);
+}

package/src/server/types.ts

@@ -0,0 +1,70 @@
+import type { AccountContext } from '@thru/passkey-manager';
+
+export interface ThruClient {
+  accounts: {
+    get: (address: string) => Promise<{ data?: { data?: Uint8Array } }>;
+  };
+  blocks: {
+    getBlockHeight: () => Promise<{ finalized: bigint }>;
+  };
+  proofs: {
+    generate: (params: {
+      address: string;
+      proofType: number;
+      targetSlot: bigint;
+    }) => Promise<{ proof?: Uint8Array }>;
+  };
+  transactions: {
+    build: (params: {
+      feePayer: { publicKey: Uint8Array };
+      program: string;
+      instructionData: Uint8Array;
+      accounts: {
+        readWrite: string[];
+        readOnly: string[];
+      };
+      header: { fee: bigint };
+    }) => Promise<{
+      sign: (privateKey: string) => Promise<unknown>;
+      toWire: () => Uint8Array;
+    }>;
+    send: (transaction: Uint8Array) => Promise<string>;
+    track: (
+      signature: string,
+      opts: { timeoutMs: number }
+    ) => AsyncIterable<{
+      executionResult?: {
+        userErrorCode: bigint;
+      };
+      statusCode?: number;
+    }>;
+  };
+}
+
+export interface PasskeySignaturePayload {
+  signatureR: string;
+  signatureS: string;
+  authenticatorData: string;
+  clientDataJSON: string;
+}
+
+export interface PasskeyChallengeSubmitPayload extends PasskeySignaturePayload {
+  challenge: string;
+  nonce: string;
+}
+
+export interface TransactionResult {
+  signature: string;
+  status: 'finalized' | 'failed' | 'timeout';
+  errorCode?: bigint;
+}
+
+export interface PasskeyChallengeResult {
+  challenge: string;
+  nonce: string;
+}
+
+export interface PasskeyContextResult {
+  accountCtx: AccountContext;
+  invokeIx: Uint8Array;
+}

package/src/server/utils.ts

@@ -0,0 +1,69 @@
+import { encodeAddress } from '@thru/helpers';
+import type { ThruClient, TransactionResult } from './types';
+
+export async function getStateProof(
+  client: ThruClient,
+  address: string,
+  proofType: number = 1,
+  targetSlot?: bigint
+): Promise<Uint8Array> {
+  const proofRequest: {
+    address: string;
+    proofType: number;
+    targetSlot?: bigint;
+  } = {
+    address,
+    proofType,
+  };
+
+  if (targetSlot !== undefined) {
+    proofRequest.targetSlot = targetSlot;
+  }
+
+  const proof = await client.proofs.generate(proofRequest);
+
+  if (!proof.proof || proof.proof.length === 0) {
+    throw new Error(`No state proof returned for ${address}`);
+  }
+
+  return proof.proof;
+}
+
+export async function trackTransaction(
+  client: ThruClient,
+  signature: string,
+  timeoutMs: number = 5000
+): Promise<TransactionResult> {
+  try {
+    for await (const update of client.transactions.track(signature, { timeoutMs })) {
+      if (update.executionResult) {
+        return {
+          signature,
+          status: update.executionResult.userErrorCode === 0n ? 'finalized' : 'failed',
+          errorCode: update.executionResult.userErrorCode,
+        };
+      }
+
+      if (update.statusCode === 3) {
+        return {
+          signature,
+          status: 'finalized',
+        };
+      }
+    }
+  } catch {
+    return {
+      signature,
+      status: 'timeout',
+    };
+  }
+
+  return {
+    signature,
+    status: 'timeout',
+  };
+}
+
+export function toThruAddress(bytes: Uint8Array): string {
+  return encodeAddress(bytes);
+}

package/src/types.ts

@@ -69,6 +69,7 @@ export interface PasskeyPopupGetRequestPayload {
 export interface PasskeyPopupCreateRequestPayload {
   alias: string;
   userId: string;
+  rpId: string;
 }
 
 export interface PasskeyPopupGetStoredRequestPayload {

package/src/web.ts

@@ -0,0 +1,51 @@
+export type {
+  PasskeyRegistrationResult,
+  PasskeySigningResult,
+  PasskeyDiscoverableSigningResult,
+  PasskeyStoredSigningResult,
+  PasskeyMetadata,
+  PasskeyClientCapabilities,
+  PasskeyPopupContext,
+  PasskeyPopupAccount,
+} from './types';
+
+export { registerPasskey } from './register';
+
+export {
+  signWithPasskey,
+  signWithStoredPasskey,
+  signWithDiscoverablePasskey,
+} from './sign';
+
+export {
+  parseDerSignature,
+  normalizeLowS,
+  normalizeSignatureComponent,
+  P256_N,
+  P256_HALF_N,
+  bytesToBigIntBE,
+  bigIntToBytesBE,
+} from '@thru/passkey-manager';
+
+export {
+  isWebAuthnSupported,
+  preloadPasskeyClientCapabilities,
+  getPasskeyClientCapabilities,
+  getCachedPasskeyClientCapabilities,
+  shouldUsePasskeyPopup,
+  isInIframe,
+  type PasskeyPromptAction,
+} from './capabilities';
+
+export {
+  arrayBufferToBase64Url,
+  base64UrlToArrayBuffer,
+  bytesToBase64,
+  bytesToBase64Url,
+  base64UrlToBytes,
+  bytesToHex,
+  hexToBytes,
+  bytesEqual,
+  compareBytes,
+  uniqueAccounts,
+} from '@thru/passkey-manager';

package/tsconfig.json

@@ -2,7 +2,12 @@
   "extends": "../tsconfig.base.json",
   "compilerOptions": {
     "outDir": "./dist",
-    "rootDir": "./src"
+    "rootDir": "..",
+    "baseUrl": ".",
+    "paths": {
+      "@thru/helpers": ["../helpers/src/index.ts"],
+      "@thru/passkey-manager": ["../passkey-manager/src/index.ts"]
+    }
   },
   "include": ["src/**/*"],
   "exclude": ["node_modules", "dist"]

package/tsup.config.ts

@@ -2,7 +2,15 @@ import { defineConfig } from 'tsup';
 
 export default defineConfig({
   format: ['esm', 'cjs'],
-  entry: { index: 'src/index.ts' },
+  entry: {
+    index: 'src/index.ts',
+    web: 'src/web.ts',
+    popup: 'src/popup-entry.ts',
+    mobile: 'src/mobile/index.ts',
+    auth: 'src/auth/index.ts',
+    server: 'src/server/index.ts',
+  },
+  external: ['expo-secure-store', 'react-native', 'react-native-passkeys', 'zustand'],
   dts: true,
   sourcemap: true,
   clean: true,