@unicitylabs/sphere-sdk 0.7.1 → 0.7.2

package/README.md

@@ -159,64 +159,6 @@ sphere.setPriceProvider(createPriceProvider({
 }));
 ```
 
-## Building a Sphere-authenticated backend
-
-If your service needs to authenticate users via their Sphere wallet, use `verifySphereAuth`. It performs signature verification and identity derivation in one misuse-resistant call.
-
-```typescript
-import { randomBytes } from 'crypto';
-import { verifySphereAuth, AuthVerificationError } from '@unicitylabs/sphere-sdk';
-
-const challenges = new Map<string, { challenge: string; expiresAt: number }>();
-
-// POST /auth/challenge — issue a one-shot nonce challenge
-server.post('/auth/challenge', async (req) => {
-  const { chainPubkey } = req.body;
-  const nonce = randomBytes(16).toString('hex');
-  const challenge = `Sign in to MyApp\nPubkey: ${chainPubkey}\nNonce: ${nonce}\nIssued At: ${new Date().toISOString()}`;
-  challenges.set(chainPubkey, { challenge, expiresAt: Date.now() + 5 * 60_000 });
-  return { challenge };
-});
-
-// POST /auth/verify — turn a signed challenge into a session
-server.post('/auth/verify', async (req, reply) => {
-  const { chainPubkey, signature } = req.body;
-  const stored = challenges.get(chainPubkey);
-  if (!stored || Date.now() > stored.expiresAt) {
-    return reply.status(401).send({ error: 'No valid challenge — request a new one' });
-  }
-  challenges.delete(chainPubkey); // one-shot
-
-  try {
-    const { chainPubkey: pk, directAddress } = await verifySphereAuth({
-      challenge: stored.challenge,
-      signature,
-      chainPubkey,
-    });
-    // pk and directAddress are now safe to use as user identifiers —
-    // neither is a client claim, both are derived from cryptographic proof.
-    const token = server.jwt.sign({ sub: pk, addr: directAddress }, { expiresIn: '24h' });
-    return { token };
-  } catch (err) {
-    if (err instanceof AuthVerificationError) {
-      return reply.status(401).send({ error: err.message, code: err.code });
-    }
-    throw err;
-  }
-});
-```
-
-### Why not accept `directAddress` from the client?
-
-`verifySphereAuth` deliberately does not take a `directAddress` parameter. The signature proves that the client owns the privkey to the pubkey they presented — but it does NOT prove that the pubkey corresponds to any particular `directAddress`. If you accept `directAddress` as a separate body field and use it as the user-identifier key, an attacker can pre-bind any unregistered address to their own pubkey — locking the rightful owner out forever. `verifySphereAuth` derives `directAddress` from `chainPubkey` server-side instead, eliminating the bug class.
-
-If you need just the address derivation in a custom flow, use the primitive directly:
-
-```typescript
-import { computeDirectAddressFromChainPubkey } from '@unicitylabs/sphere-sdk';
-const addr = await computeDirectAddressFromChainPubkey(chainPubkey);
-```
-
 ## Testnet Faucet
 
 To get test tokens on testnet, you **must first register a nametag**:

package/dist/core/index.cjs

@@ -881,7 +881,6 @@ __export(core_exports, {
   base58Encode: () => base58Encode,
   bytesToHex: () => bytesToHex3,
   checkNetworkHealth: () => checkNetworkHealth,
-  computeDirectAddressFromChainPubkey: () => computeDirectAddressFromChainPubkey,
   computeHash160: () => computeHash160,
   convertBits: () => convertBits,
   createAddress: () => createAddress,
@@ -939,6 +938,7 @@ __export(core_exports, {
   randomBytes: () => randomBytes2,
   randomHex: () => randomHex,
   randomUUID: () => randomUUID,
+  recoverPubkeyFromSignature: () => recoverPubkeyFromSignature,
   ripemd160: () => ripemd160,
   scanAddressesImpl: () => scanAddressesImpl,
   serializeEncrypted: () => serializeEncrypted,
@@ -4918,6 +4918,27 @@ function verifySignedMessage(message, signature, expectedPubkey) {
     return false;
   }
 }
+function recoverPubkeyFromSignature(message, signature) {
+  if (signature.length !== 130) {
+    throw new SphereError(
+      `Invalid signature length: expected 130 hex chars, got ${signature.length}`,
+      "SIGNING_ERROR"
+    );
+  }
+  const v = parseInt(signature.slice(0, 2), 16) - 31;
+  const r = signature.slice(2, 66);
+  const s = signature.slice(66, 130);
+  if (v < 0 || v > 3) {
+    throw new SphereError(
+      `Invalid recovery byte: v=${v} out of range [0..3]`,
+      "SIGNING_ERROR"
+    );
+  }
+  const hashHex = hashSignMessage(message);
+  const hashBytes = Buffer.from(hashHex, "hex");
+  const recovered = ec.recoverPubKey(hashBytes, { r, s }, v);
+  return recovered.encode("hex", true);
+}
 
 // l1/crypto.ts
 var import_crypto_js3 = __toESM(require("crypto-js"), 1);
@@ -27450,42 +27471,27 @@ async function parseAndDecryptWalletDat(data, password, onProgress) {
 
 // core/Sphere.ts
 var import_SigningService2 = require("@unicitylabs/state-transition-sdk/lib/sign/SigningService");
-var import_nostr_js_sdk5 = require("@unicitylabs/nostr-js-sdk");
-
-// core/address-derivation.ts
 var import_TokenType5 = require("@unicitylabs/state-transition-sdk/lib/token/TokenType");
 var import_HashAlgorithm7 = require("@unicitylabs/state-transition-sdk/lib/hash/HashAlgorithm");
 var import_UnmaskedPredicateReference3 = require("@unicitylabs/state-transition-sdk/lib/predicate/embedded/UnmaskedPredicateReference");
-var UNICITY_TOKEN_TYPE_HEX2 = "f8aa13834268d29355ff12183066f0cb902003629bbc5eb9ef0efbe397867509";
-var COMPRESSED_PUBKEY_RE = /^(02|03)[0-9a-fA-F]{64}$/;
-async function computeDirectAddressFromChainPubkey(chainPubkey) {
-  if (typeof chainPubkey !== "string" || !COMPRESSED_PUBKEY_RE.test(chainPubkey)) {
-    throw new Error(
-      `computeDirectAddressFromChainPubkey: chainPubkey must be 66-char hex with 02/03 prefix, got "${String(chainPubkey).slice(0, 12)}..."`
-    );
-  }
-  const tokenTypeBytes = Buffer.from(UNICITY_TOKEN_TYPE_HEX2, "hex");
-  const tokenType = new import_TokenType5.TokenType(tokenTypeBytes);
-  const publicKeyBytes = Buffer.from(chainPubkey, "hex");
-  const predicateRef = await import_UnmaskedPredicateReference3.UnmaskedPredicateReference.create(
-    tokenType,
-    "secp256k1",
-    publicKeyBytes,
-    import_HashAlgorithm7.HashAlgorithm.SHA256
-  );
-  return (await predicateRef.toAddress()).toString();
-}
-
-// core/Sphere.ts
+var import_nostr_js_sdk5 = require("@unicitylabs/nostr-js-sdk");
 function isValidNametag2(nametag) {
   if ((0, import_nostr_js_sdk5.isPhoneNumber)(nametag)) return true;
   return /^[a-z0-9_-]{3,20}$/.test(nametag);
 }
+var UNICITY_TOKEN_TYPE_HEX2 = "f8aa13834268d29355ff12183066f0cb902003629bbc5eb9ef0efbe397867509";
 async function deriveL3PredicateAddress(privateKey) {
   const secret = Buffer.from(privateKey, "hex");
   const signingService = await import_SigningService2.SigningService.createFromSecret(secret);
-  const pubkeyHex = Buffer.from(signingService.publicKey).toString("hex");
-  return computeDirectAddressFromChainPubkey(pubkeyHex);
+  const tokenTypeBytes = Buffer.from(UNICITY_TOKEN_TYPE_HEX2, "hex");
+  const tokenType = new import_TokenType5.TokenType(tokenTypeBytes);
+  const predicateRef = import_UnmaskedPredicateReference3.UnmaskedPredicateReference.create(
+    tokenType,
+    signingService.algorithm,
+    signingService.publicKey,
+    import_HashAlgorithm7.HashAlgorithm.SHA256
+  );
+  return (await (await predicateRef).toAddress()).toString();
 }
 var Sphere = class _Sphere {
   // Singleton
@@ -30870,7 +30876,6 @@ async function runCustomCheck(name, checkFn, timeoutMs) {
   base58Encode,
   bytesToHex,
   checkNetworkHealth,
-  computeDirectAddressFromChainPubkey,
   computeHash160,
   convertBits,
   createAddress,
@@ -30928,6 +30933,7 @@ async function runCustomCheck(name, checkFn, timeoutMs) {
   randomBytes,
   randomHex,
   randomUUID,
+  recoverPubkeyFromSignature,
   ripemd160,
   scanAddressesImpl,
   serializeEncrypted,