@tomo-inc/cubist-wallet-sdk 0.0.4

package/src/cube-account.ts

@@ -0,0 +1,324 @@
+import { CubeOrgIds, CubeStage, CubeStages } from "@tomo-inc/wallet-utils";
+import { CubeExportService } from "./cube-export";
+import { CubeSignerClient, SessionData, envs, getOidcClient, getOidcResp, proof } from "./cube-libs";
+import { CubeMfaService } from "./cube-mfa";
+import { CubeSignService } from "./cube-sign";
+
+import { addUserToCube, updateUserInfo } from "./api";
+
+import { CUBE_LIFETIME, CUBE_SALTS, CUBE_SCOPES, ISS_MAP, OIDC_TOKEN_LIFETIME } from "./const";
+import {
+  AccountType,
+  ApiClient,
+  CubeConfig,
+  CubeIdentity,
+  CubeUserInfo,
+  FidoKey,
+  LoginRes,
+  MfaConfig,
+  MfaInfo,
+  MfaReceipt,
+} from "./types";
+
+import { cache } from "@tomo-inc/wallet-utils";
+
+export class CubeAccountService {
+  public config: CubeConfig;
+  private static instance: CubeAccountService;
+  private jwtToken: string;
+  public accountData: any;
+
+  public cubeUserInfo: CubeUserInfo | null;
+  public cubeIdentity: CubeIdentity | null;
+  private cubeSession: SessionData | null;
+
+  public cubeSignerClient: CubeSignerClient | null;
+  public apiClient: ApiClient | null;
+
+  public cubeMfaService: CubeMfaService | null;
+  public cubeExportService: CubeExportService | null;
+
+  public accountWallet: any;
+  public cubeEnv: any;
+  public cubeOrgId: string;
+
+  public constructor(config: CubeConfig) {
+    this.jwtToken = "";
+    this.accountData = null;
+    this.cubeUserInfo = null;
+    this.cubeIdentity = null;
+    this.cubeSession = null;
+    this.cubeSignerClient = null;
+    this.apiClient = null;
+    this.cubeMfaService = null;
+    this.cubeExportService = null;
+    this.cubeOrgId = "";
+    this.config = config;
+    this.cubeEnv = null;
+  }
+
+  public static getInstance(config?: CubeConfig) {
+    if (CubeAccountService.instance) {
+      return CubeAccountService.instance;
+    }
+
+    if (!config?.tomoStage || !CubeStages[config?.tomoStage]) {
+      throw new Error("tomoStage not 'dev' or 'pre' or 'prod'");
+    }
+
+    const cubeSalt = CUBE_SALTS[config?.tomoStage];
+    if (!cubeSalt) {
+      throw new Error("cubeSalt is required");
+    }
+
+    const cubeStage = CubeStages[config?.tomoStage] as CubeStage;
+    const env = envs[cubeStage];
+    const cubeOrgId = CubeOrgIds[config?.tomoStage];
+
+    CubeAccountService.instance = new CubeAccountService({ ...config, cubeSalt, cubeStage });
+    CubeAccountService.instance.cubeEnv = env;
+    CubeAccountService.instance.cubeOrgId = cubeOrgId;
+    return CubeAccountService.instance;
+  }
+
+  //no api dependency
+  public async getCubeIdentity(): Promise<CubeIdentity | null> {
+    const oidcToken = this?.config?.oidcToken;
+    if (!oidcToken) {
+      const cubeIdentityCache = await cache.get("cubeIdentity");
+      if (cubeIdentityCache) {
+        this.cubeIdentity = cubeIdentityCache;
+        return this.cubeIdentity;
+      }
+      console.warn("oidcToken is required");
+      return null;
+    }
+    const cubeOrgId = this.cubeOrgId;
+    const cubeIdentity: any = await proof(oidcToken, this.cubeEnv, cubeOrgId);
+    await cache.set("cubeIdentity", cubeIdentity, false);
+    this.cubeIdentity = cubeIdentity;
+    return cubeIdentity;
+  }
+
+  //login + reg new user by wallet-api
+  public async loginOrRegister(oidcToken: string, options?: any): Promise<LoginRes> {
+    this.config = { ...this.config, oidcToken };
+    const cubeIdentity = await this.getCubeIdentity();
+
+    const req = {
+      cubistUserID: cubeIdentity?.user_info?.user_id,
+      aud: cubeIdentity?.aud,
+      email: cubeIdentity?.email || options?.email || null, //must null
+      iss: cubeIdentity?.identity?.iss,
+      sub: cubeIdentity?.identity?.sub,
+      initialized: cubeIdentity?.user_info?.initialized,
+    };
+
+    //add user by tomo api, return userInfo + tomo jwt token + all wallet address
+    const accountData = await addUserToCube(req, this.config);
+    const { userToken, user, accountBaseInfo, accountWallet } = accountData;
+    this.accountData = accountData;
+    this.accountWallet = accountWallet;
+    this.jwtToken = userToken.accessToken;
+    return {
+      user: { userId: user.userID, nickname: user.nickname, avatar: user.avatar },
+      accountBaseInfo,
+      accountWallet,
+      walletId: accountWallet?.walletID,
+    };
+  }
+
+  public async updateUserInfo(userInfo: { nickname: string; avatar: `https://${string}` }): Promise<boolean> {
+    const nickname = userInfo.nickname.trim();
+    if (nickname.length < 6 || nickname.length > 20) {
+      throw new Error("name length 6~20");
+    }
+    const config = { ...this.config, jwtToken: this.jwtToken };
+    const result = await updateUserInfo(userInfo, config);
+    return result;
+  }
+
+  /*
+  all functions below must after loginOrRegister
+  user only can user cube apis after added by org manager with loginOrRegister
+  cube session = loginOrRegister + cube connected
+  */
+  public async createSessionByOidcToken(oidcToken: string): Promise<boolean> {
+    oidcToken = oidcToken || this?.config?.oidcToken || "";
+    if (!oidcToken) {
+      console.warn("oidcToken is required");
+      return false;
+    }
+    const scopes = CUBE_SCOPES as any;
+    const oidcSessionResp = await getOidcResp(oidcToken, this.cubeEnv, this.cubeOrgId, OIDC_TOKEN_LIFETIME, scopes);
+    const cubeSession: any = oidcSessionResp.data();
+    this.setCubeSession(cubeSession as SessionData);
+    return !!cubeSession;
+  }
+
+  //with mfa
+  public async createSession(receipt?: MfaReceipt): Promise<MfaInfo | null | SessionData> {
+    const purpose = "wallet_operations";
+    const oidcSessionResp = await this.apiClient.sessionCreateExtended(purpose, CUBE_SCOPES, CUBE_LIFETIME, receipt);
+    if (oidcSessionResp.requiresMfa()) {
+      return (await this.cubeMfaService?.getMfaInfo("createSession")) || null;
+    }
+
+    const cubeSession: any = oidcSessionResp.data();
+    this.setCubeSession(cubeSession as SessionData);
+    return cubeSession;
+  }
+
+  public async refreshSession(): Promise<boolean> {
+    const purpose = "wallet_operations";
+    const oidcSessionResp = await this.apiClient.sessionCreate(purpose, CUBE_SCOPES, CUBE_LIFETIME);
+    const cubeSession: any = oidcSessionResp.data();
+    this.setCubeSession(cubeSession as SessionData);
+    return !!cubeSession;
+  }
+
+  public getCubeSession(): SessionData | null {
+    return this.cubeSession;
+  }
+
+  private setCubeSession(cubeSession: SessionData): void {
+    this.cubeSession = cubeSession;
+  }
+
+  public sessionRevoke(): void {
+    const apiClient = this.apiClient;
+    this.cubeSession = null;
+    apiClient?.sessionRevoke();
+  }
+
+  private async refreshCubeClient(cubeSession: SessionData): Promise<void> {
+    try {
+      await this.createCubeSignerClient(cubeSession);
+      this.initSubServices();
+    } catch (error) {
+      console.error("refreshCubeClient error", error);
+    }
+  }
+
+  private async createCubeSignerClient(session: SessionData): Promise<CubeSignerClient> {
+    const cubeSignerClient = await CubeSignerClient.create(session as any);
+    this.cubeSignerClient = cubeSignerClient;
+    this.apiClient = this.cubeSignerClient.apiClient;
+    return cubeSignerClient;
+  }
+
+  public async getOidcClient(receipt?: MfaReceipt): Promise<any> {
+    const oidcToken = this?.config?.oidcToken || "";
+    if (!oidcToken) {
+      console.warn("oidcToken is required");
+      return;
+    }
+    const scopes = CUBE_SCOPES as any;
+    const cubeSignerClient: any = await getOidcClient(
+      oidcToken,
+      this.cubeEnv,
+      this.cubeOrgId,
+      OIDC_TOKEN_LIFETIME,
+      scopes,
+      receipt,
+    );
+    return cubeSignerClient;
+  }
+
+  private async autoLogin(session: SessionData): Promise<void> {
+    await this.refreshCubeClient(session);
+    await this.setCubeSession(session);
+  }
+
+  public async init(oidcToken?: string): Promise<boolean> {
+    oidcToken = oidcToken || this?.config?.oidcToken || "";
+    if (!oidcToken) {
+      console.warn("oidcToken is required");
+      return false;
+    }
+    try {
+      this.config = { ...this.config, oidcToken };
+      const cubeSignerClient: CubeSignerClient = await this.getOidcClient();
+      this.cubeSignerClient = cubeSignerClient;
+      this.apiClient = this.cubeSignerClient.apiClient;
+
+      const result = await this.createSessionByOidcToken(oidcToken);
+      if (!result) {
+        throw new Error("create session by oidc token failed");
+      }
+      this.initSubServices();
+      return true;
+    } catch (error) {
+      console.error("init error", error);
+      throw error;
+    }
+  }
+
+  public async initSubServices(): Promise<void> {
+    const cubeMfaService = CubeMfaService.getInstance();
+    this.cubeMfaService = cubeMfaService.init(this);
+
+    const cubeExportService = CubeExportService.getInstance();
+    this.cubeExportService = cubeExportService.init(this);
+  }
+
+  public async initCubeSignService(): Promise<CubeSignService> {
+    const cubeSession = this.getCubeSession();
+    const cubeSignService = CubeSignService.getInstance();
+    await cubeSignService.init({ cubeSession });
+    return cubeSignService;
+  }
+
+  public async getCubeUserInfo(): Promise<CubeUserInfo | null> {
+    try {
+      const cubeUserInfo: CubeUserInfo = await this.apiClient?.userGet();
+      this.cubeUserInfo = cubeUserInfo;
+      return cubeUserInfo;
+    } catch (error) {
+      return null;
+    }
+  }
+
+  public async getMfaConfig(): Promise<MfaConfig> {
+    const [cubeUserInfo, cubeIdentity]: [CubeUserInfo | null, CubeIdentity | null] = await Promise.all([
+      this.getCubeUserInfo(),
+      this.getCubeIdentity(),
+    ]);
+
+    const name = cubeUserInfo?.name || cubeIdentity?.preferred_username || "";
+    const iss = cubeIdentity?.identity?.iss || "";
+    const accountType: AccountType = ISS_MAP?.[iss as keyof typeof ISS_MAP] || "email";
+
+    const verifiedEmail = cubeUserInfo?.verified_email?.email || "";
+    const email = cubeUserInfo?.email || "";
+    const emailOtpEnabled = verifiedEmail !== "" || email !== "";
+
+    const configuredMfa = cubeUserInfo?.mfa || [];
+    const fidos: FidoKey[] = configuredMfa.filter((item) => item.type === "fido");
+    const totp = configuredMfa.filter((item) => item.type === "totp");
+
+    return {
+      noMfa: !emailOtpEnabled && fidos.length === 0 && totp.length === 0,
+      hasMfa: emailOtpEnabled || fidos.length > 0 || totp.length > 0,
+      account: {
+        name,
+        email,
+        otpEmail: verifiedEmail,
+        accountType,
+        userId: cubeUserInfo?.user_id || "",
+      },
+      emailOtp: {
+        data: email || verifiedEmail,
+        enabled: emailOtpEnabled,
+      },
+      fido: {
+        data: fidos,
+        enabled: fidos.length > 0,
+      },
+      totp: {
+        data: totp[0],
+        enabled: totp.length > 0,
+      },
+    };
+  }
+}

package/src/cube-connect.ts

@@ -0,0 +1,22 @@
+import { CubeConfig } from "types";
+import { CubeAccountService } from "./cube-account";
+
+export const CubeConnect = async (config: CubeConfig) => {
+  const cubeAccount = CubeAccountService.getInstance(config);
+
+  if (!config.oidcToken) {
+    throw new Error("oidcToken is required");
+  }
+
+  await cubeAccount.loginOrRegister(config.oidcToken);
+  await cubeAccount.init(config.oidcToken);
+
+  const cubeMfaService = cubeAccount.cubeMfaService;
+  const cubeExportService = cubeAccount.cubeExportService;
+
+  return {
+    cubeAccount,
+    cubeMfa: cubeMfaService,
+    cubeExport: cubeExportService,
+  };
+};

package/src/cube-export.ts

@@ -0,0 +1,125 @@
+import { EXPORT_KEY_PREFIX } from "./const";
+import { CubeSignerClient, userExportDecrypt, userExportKeygen } from "./cube-libs";
+import { CubeAccountService } from "./cube-account";
+
+import { CubeRes, MfaInfo, MfaReceipt, SeedPhrase, SeedPhraseExportInfo } from "./types";
+
+export class CubeExportService {
+  private static instance: CubeExportService;
+
+  private cubeAccountService: CubeAccountService | null;
+  private cubeSignerClient: CubeSignerClient | null;
+
+  private seedPhraseKey: string;
+  private exportKey: any;
+
+  public constructor() {
+    this.seedPhraseKey = "";
+    this.cubeAccountService = null;
+    this.cubeSignerClient = null;
+    this.exportKey = null;
+    userExportKeygen().then((key) => {
+      this.exportKey = key;
+    });
+  }
+
+  public static getInstance() {
+    if (!CubeExportService.instance) {
+      CubeExportService.instance = new CubeExportService();
+    }
+    return CubeExportService.instance;
+  }
+
+  public init(cubeAccountService: CubeAccountService) {
+    this.cubeAccountService = cubeAccountService;
+    this.cubeSignerClient = cubeAccountService.cubeSignerClient;
+    return this;
+  }
+
+  public async getExportKey(): Promise<string> {
+    if (this.seedPhraseKey) {
+      return this.seedPhraseKey;
+    }
+    const sessionKeys: any[] = (await this.cubeSignerClient?.sessionKeys()) || [];
+    const key: any = sessionKeys.find((key) => key?.id.indexOf(EXPORT_KEY_PREFIX) === 0);
+    this.seedPhraseKey = key?.id || "";
+    return this.seedPhraseKey;
+  }
+
+  public async getExportInfo(): Promise<SeedPhraseExportInfo | null> {
+    if (!this.cubeSignerClient) {
+      return null;
+    }
+    const keyId = await this.getExportKey();
+    const exports = this.cubeSignerClient?.org()?.exports(keyId);
+    const exportData = await exports?.fetch();
+
+    if (exportData?.length === 0) {
+      return { ready: true };
+    }
+
+    const { valid_epoch = 0, exp_epoch = 0 } = exportData[0];
+    let lastTime = valid_epoch - Date.now() / 1000;
+    lastTime = Math.max(Math.ceil(lastTime), 0);
+    const duration = exp_epoch - valid_epoch;
+    return {
+      ready: true,
+      keyId,
+      lastTime,
+      duration,
+      valid_epoch,
+      exp_epoch,
+    };
+  }
+
+  public async initExport(receipt?: MfaReceipt): Promise<MfaInfo | null> {
+    if (!this.cubeSignerClient || !this.cubeAccountService) {
+      throw new Error("cubeSignerClient is not initialized");
+    }
+    const keyId = await this.getExportKey();
+    const initExportResp: any = await this.cubeSignerClient.org().initExport(keyId, receipt);
+
+    if (initExportResp.requiresMfa()) {
+      return (await this.cubeAccountService?.cubeMfaService?.getMfaInfo("initExport")) || null;
+    }
+
+    return initExportResp.data();
+  }
+
+  public async completeExport(receipt?: MfaReceipt): Promise<MfaInfo | SeedPhrase | null> {
+    if (!this.cubeSignerClient || !this.cubeAccountService) {
+      throw new Error("cubeSignerClient is not initialized");
+    }
+    const keyId = await this.getExportKey();
+
+    const exportResp: any = await this.cubeSignerClient.org().completeExport(keyId, this.exportKey.publicKey, receipt);
+    if (exportResp.requiresMfa()) {
+      return (await this.cubeAccountService?.cubeMfaService?.getMfaInfo("completeExport")) || null;
+    }
+
+    const encryptedData = exportResp.data();
+    const seedPhrase: SeedPhrase = await userExportDecrypt(this.exportKey.privateKey, encryptedData);
+    return seedPhrase;
+  }
+
+  public async deleteExport(): Promise<CubeRes> {
+    if (!this.cubeSignerClient || !this.cubeAccountService) {
+      throw new Error("cubeSignerClient is not initialized");
+    }
+
+    try {
+      const keyId = await this.getExportKey();
+      const res = await this.cubeSignerClient.org().deleteExport(keyId);
+      return {
+        success: true,
+        data: res,
+      };
+    } catch (error: any) {
+      return {
+        success: false,
+        message: error?.message || "delete export error",
+        error,
+      };
+    }
+  }
+}

package/src/cube-libs.ts

@@ -0,0 +1,29 @@
+import { CubeSignerClient, SessionData, envs, userExportDecrypt, userExportKeygen } from "@cubist-labs/cubesigner-sdk";
+
+export { CubeSignerClient, envs, userExportDecrypt, userExportKeygen };
+export type { SessionData };
+
+import {
+  getOidcClient,
+  getOidcResp,
+  getOidcUserInfoSession,
+  emailLogin as loginToCubeByEmail,
+  proof,
+} from "@tomo-inc/cubist-sig-sdk";
+export { getOidcClient, getOidcResp, getOidcUserInfoSession, loginToCubeByEmail, proof };
+
+export {
+  getKeys,
+  signDogeMessage,
+  signDogePsbt,
+  signEvmMessage,
+  signEvmTransaction,
+  signEvmTypedData,
+  signSolanaMessage,
+  signSolanaTransaction,
+  signTronMessage,
+  signTronRawTransaction,
+  signTronTypeDaya,
+} from "@tomo-inc/cubist-sig-sdk";
+
+export type { TypedData } from "@tomo-inc/cubist-sig-sdk";