@worldcoin/idkit-server 1.0.0

package/dist/index.cjs

@@ -0,0 +1,76 @@
+'use strict';
+
+var sha3 = require('@noble/hashes/sha3');
+var utils = require('@noble/hashes/utils');
+var hmac = require('@noble/hashes/hmac');
+var sha2 = require('@noble/hashes/sha2');
+var secp256k1 = require('@noble/secp256k1');
+
+// src/lib/signing.ts
+
+// src/lib/platform.ts
+var isServerEnvironment = () => {
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return true;
+  }
+  if (typeof globalThis.Deno !== "undefined") {
+    return true;
+  }
+  if (typeof globalThis.Bun !== "undefined") {
+    return true;
+  }
+  return false;
+};
+
+// src/lib/signing.ts
+secp256k1.etc.hmacSha256Sync = (key, ...msgs) => hmac.hmac(sha2.sha256, key, secp256k1.etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function hashToField(input) {
+  const hash = BigInt("0x" + utils.bytesToHex(sha3.keccak_256(input))) >> 8n;
+  return utils.hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
+  if (!isServerEnvironment()) {
+    throw new Error(
+      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
+    );
+  }
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = secp256k1.etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = sha3.keccak_256(message);
+  const recSig = secp256k1.sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + utils.bytesToHex(sig65),
+    nonce: "0x" + utils.bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
+}
+
+exports.computeRpSignatureMessage = computeRpSignatureMessage;
+exports.signRequest = signRequest;

package/dist/index.d.cts

@@ -0,0 +1,36 @@
+interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+}
+/**
+ * Builds the 48-byte message that gets signed for RP signature verification.
+ *
+ * Message format: nonce(32) || createdAt_u64_be(8) || expiresAt_u64_be(8)
+ *
+ * Matches Rust `compute_rp_signature_msg`:
+ * https://github.com/worldcoin/world-id-protocol/blob/0008eab1efe200e572f27258793f9be5cb32858b/crates/primitives/src/rp.rs#L95-L105
+ *
+ * @param nonceBytes - 32-byte nonce as Uint8Array
+ * @param createdAt - unix timestamp in seconds
+ * @param expiresAt - unix timestamp in seconds
+ * @returns 48-byte message ready to be hashed and signed
+ */
+declare function computeRpSignatureMessage(nonceBytes: Uint8Array, createdAt: number, expiresAt: number): Uint8Array;
+/**
+ * Signs an RP request using pure JS (no WASM required).
+ *
+ * Algorithm matches Rust implementation in rust/core/src/rp_signature.rs
+ *
+ * Nonce generation matches `from_arbitrary_raw_bytes`:
+ * https://github.com/worldcoin/world-id-protocol/blob/31405df8bcd5a2784e04ad9890cf095111dcac13/crates/primitives/src/lib.rs#L134-L149
+ *
+ * @param action - The action tied to the proof request (accepted for API compat, not used in signature)
+ * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * @param ttl - Time-to-live in seconds (defaults to 300 = 5 minutes)
+ * @returns RpSignature object with sig, nonce, createdAt, expiresAt
+ */
+declare function signRequest(_action: string, signingKeyHex: string, ttl?: number): RpSignature;
+
+export { type RpSignature, computeRpSignatureMessage, signRequest };

package/dist/index.d.ts

@@ -0,0 +1,36 @@
+interface RpSignature {
+    sig: string;
+    nonce: string;
+    createdAt: number;
+    expiresAt: number;
+}
+/**
+ * Builds the 48-byte message that gets signed for RP signature verification.
+ *
+ * Message format: nonce(32) || createdAt_u64_be(8) || expiresAt_u64_be(8)
+ *
+ * Matches Rust `compute_rp_signature_msg`:
+ * https://github.com/worldcoin/world-id-protocol/blob/0008eab1efe200e572f27258793f9be5cb32858b/crates/primitives/src/rp.rs#L95-L105
+ *
+ * @param nonceBytes - 32-byte nonce as Uint8Array
+ * @param createdAt - unix timestamp in seconds
+ * @param expiresAt - unix timestamp in seconds
+ * @returns 48-byte message ready to be hashed and signed
+ */
+declare function computeRpSignatureMessage(nonceBytes: Uint8Array, createdAt: number, expiresAt: number): Uint8Array;
+/**
+ * Signs an RP request using pure JS (no WASM required).
+ *
+ * Algorithm matches Rust implementation in rust/core/src/rp_signature.rs
+ *
+ * Nonce generation matches `from_arbitrary_raw_bytes`:
+ * https://github.com/worldcoin/world-id-protocol/blob/31405df8bcd5a2784e04ad9890cf095111dcac13/crates/primitives/src/lib.rs#L134-L149
+ *
+ * @param action - The action tied to the proof request (accepted for API compat, not used in signature)
+ * @param signingKeyHex - The ECDSA private key as hex (0x-prefixed or not, 32 bytes)
+ * @param ttl - Time-to-live in seconds (defaults to 300 = 5 minutes)
+ * @returns RpSignature object with sig, nonce, createdAt, expiresAt
+ */
+declare function signRequest(_action: string, signingKeyHex: string, ttl?: number): RpSignature;
+
+export { type RpSignature, computeRpSignatureMessage, signRequest };

package/dist/index.js

@@ -0,0 +1,73 @@
+import { keccak_256 } from '@noble/hashes/sha3';
+import { bytesToHex, hexToBytes } from '@noble/hashes/utils';
+import { hmac } from '@noble/hashes/hmac';
+import { sha256 } from '@noble/hashes/sha2';
+import { etc, sign } from '@noble/secp256k1';
+
+// src/lib/signing.ts
+
+// src/lib/platform.ts
+var isServerEnvironment = () => {
+  if (typeof process !== "undefined" && process.versions?.node) {
+    return true;
+  }
+  if (typeof globalThis.Deno !== "undefined") {
+    return true;
+  }
+  if (typeof globalThis.Bun !== "undefined") {
+    return true;
+  }
+  return false;
+};
+
+// src/lib/signing.ts
+etc.hmacSha256Sync = (key, ...msgs) => hmac(sha256, key, etc.concatBytes(...msgs));
+var DEFAULT_TTL_SEC = 300;
+function hashToField(input) {
+  const hash = BigInt("0x" + bytesToHex(keccak_256(input))) >> 8n;
+  return hexToBytes(hash.toString(16).padStart(64, "0"));
+}
+function computeRpSignatureMessage(nonceBytes, createdAt, expiresAt) {
+  const message = new Uint8Array(48);
+  message.set(nonceBytes, 0);
+  const view = new DataView(message.buffer);
+  view.setBigUint64(32, BigInt(createdAt), false);
+  view.setBigUint64(40, BigInt(expiresAt), false);
+  return message;
+}
+function signRequest(_action, signingKeyHex, ttl = DEFAULT_TTL_SEC) {
+  if (!isServerEnvironment()) {
+    throw new Error(
+      "signRequest can only be used in Node.js environments. This function requires access to signing keys and should never be called from browser/client-side code."
+    );
+  }
+  const keyHex = signingKeyHex.startsWith("0x") ? signingKeyHex.slice(2) : signingKeyHex;
+  if (!/^[0-9a-fA-F]+$/.test(keyHex)) {
+    throw new Error("Invalid signing key: contains non-hex characters");
+  }
+  if (keyHex.length !== 64) {
+    throw new Error(
+      `Invalid signing key: expected 32 bytes (64 hex chars), got ${keyHex.length / 2} bytes`
+    );
+  }
+  const privKey = etc.hexToBytes(keyHex);
+  const randomBytes = crypto.getRandomValues(new Uint8Array(32));
+  const nonceBytes = hashToField(randomBytes);
+  const createdAt = Math.floor(Date.now() / 1e3);
+  const expiresAt = createdAt + ttl;
+  const message = computeRpSignatureMessage(nonceBytes, createdAt, expiresAt);
+  const msgHash = keccak_256(message);
+  const recSig = sign(msgHash, privKey);
+  const compact = recSig.toCompactRawBytes();
+  const sig65 = new Uint8Array(65);
+  sig65.set(compact, 0);
+  sig65[64] = recSig.recovery + 27;
+  return {
+    sig: "0x" + bytesToHex(sig65),
+    nonce: "0x" + bytesToHex(nonceBytes),
+    createdAt,
+    expiresAt
+  };
+}
+
+export { computeRpSignatureMessage, signRequest };

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "@worldcoin/idkit-server",
+  "version": "1.0.0",
+  "description": "Server-side IDKit SDK for World ID - RP signing utilities",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "type-check": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage"
+  },
+  "keywords": [
+    "worldcoin",
+    "world-id",
+    "idkit",
+    "identity",
+    "proof-of-personhood",
+    "zero-knowledge",
+    "server"
+  ],
+  "author": "Tools for Humanity",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/worldcoin/idkit"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {
+    "@noble/hashes": "^1.7.2",
+    "@noble/secp256k1": "^2.2.3"
+  },
+  "devDependencies": {
+    "@types/node": "^20.19.30",
+    "@vitest/coverage-v8": "^4.0.18",
+    "tsup": "^8.5.1",
+    "typescript": "^5.9.3",
+    "vitest": "^4.0.18"
+  }
+}