@zkpassport/sdk 0.1.2 → 0.2.0

package/dist/{json-rpc.d.ts → cjs/json-rpc.d.ts}

@@ -1,4 +1,4 @@
-import { JsonRpcRequest, JsonRpcResponse } from './types/json-rpc';
+import type { JsonRpcRequest, JsonRpcResponse } from '@zkpassport/utils';
 import { WebSocketClient } from './websocket';
 export declare function createJsonRpcRequest(method: string, params: any): JsonRpcRequest;
 export declare function createEncryptedJsonRpcRequest(method: string, params: any, sharedSecret: Uint8Array, topic: string): Promise<JsonRpcRequest>;

package/dist/cjs/json-rpc.js

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createJsonRpcRequest = createJsonRpcRequest;
+exports.createEncryptedJsonRpcRequest = createEncryptedJsonRpcRequest;
+exports.sendEncryptedJsonRpcRequest = sendEncryptedJsonRpcRequest;
+exports.createJsonRpcResponse = createJsonRpcResponse;
+const tslib_1 = require("tslib");
+const crypto_1 = require("crypto");
+const encryption_1 = require("./encryption");
+const logger_1 = tslib_1.__importDefault(require("./logger"));
+function createJsonRpcRequest(method, params) {
+    return {
+        jsonrpc: '2.0',
+        id: (0, crypto_1.randomBytes)(16).toString('hex'),
+        method,
+        params,
+    };
+}
+async function createEncryptedJsonRpcRequest(method, params, sharedSecret, topic) {
+    const encryptedMessage = await (0, encryption_1.encrypt)(JSON.stringify({ method, params: params || {} }), sharedSecret, topic);
+    return createJsonRpcRequest('encryptedMessage', {
+        payload: Buffer.from(encryptedMessage).toString('base64'),
+    });
+}
+async function sendEncryptedJsonRpcRequest(method, params, sharedSecret, topic, wsClient) {
+    try {
+        const message = { method, params: params || {} };
+        const encryptedMessage = await (0, encryption_1.encrypt)(JSON.stringify(message), sharedSecret, topic);
+        const request = createJsonRpcRequest('encryptedMessage', {
+            payload: Buffer.from(encryptedMessage).toString('base64'),
+        });
+        logger_1.default.debug('Sending encrypted message (original):', message);
+        logger_1.default.debug('Sending encrypted message (encrypted):', request);
+        wsClient.send(JSON.stringify(request));
+        return true;
+    }
+    catch (error) {
+        logger_1.default.error('Error sending encrypted message:', error);
+        return false;
+    }
+}
+function createJsonRpcResponse(id, result) {
+    return {
+        jsonrpc: '2.0',
+        id,
+        result,
+    };
+}

package/dist/{logger.js → cjs/logger.js}

@@ -2,15 +2,6 @@
 // import { createLogger, transports, format } from 'winston'
 // import colors from 'colors/safe'
 // import util from 'util'
-var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
-    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
-        if (ar || !(i in from)) {
-            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
-            ar[i] = from[i];
-        }
-    }
-    return to.concat(ar || Array.prototype.slice.call(from));
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 // const logger = createLogger({
 //   level: 'debug',
@@ -39,34 +30,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 //   warn: (message: string, ...args: any[]) => logger.warn(message, { additionalInfo: args }),
 //   error: (message: string, ...args: any[]) => logger.error(message, { additionalInfo: args }),
 // }
-var customLogger = {
-    debug: function (message) {
-        var args = [];
-        for (var _i = 1; _i < arguments.length; _i++) {
-            args[_i - 1] = arguments[_i];
-        }
-        return console.debug.apply(console, __spreadArray([message], args, false));
-    },
-    info: function (message) {
-        var args = [];
-        for (var _i = 1; _i < arguments.length; _i++) {
-            args[_i - 1] = arguments[_i];
-        }
-        return console.info.apply(console, __spreadArray([message], args, false));
-    },
-    warn: function (message) {
-        var args = [];
-        for (var _i = 1; _i < arguments.length; _i++) {
-            args[_i - 1] = arguments[_i];
-        }
-        return console.warn.apply(console, __spreadArray([message], args, false));
-    },
-    error: function (message) {
-        var args = [];
-        for (var _i = 1; _i < arguments.length; _i++) {
-            args[_i - 1] = arguments[_i];
-        }
-        return console.error.apply(console, __spreadArray([message], args, false));
-    },
+const customLogger = {
+    debug: (message, ...args) => console.debug(message, ...args),
+    info: (message, ...args) => console.info(message, ...args),
+    warn: (message, ...args) => console.warn(message, ...args),
+    error: (message, ...args) => console.error(message, ...args),
 };
 exports.default = customLogger;

package/dist/cjs/mobile.js

@@ -0,0 +1,131 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ZkPassportProver = void 0;
+const tslib_1 = require("tslib");
+const utils_1 = require("@noble/ciphers/utils");
+const websocket_1 = require("./websocket");
+const json_rpc_1 = require("./json-rpc");
+const encryption_1 = require("./encryption");
+const logger_1 = tslib_1.__importDefault(require("./logger"));
+class ZkPassportProver {
+    constructor() {
+        this.topicToKeyPair = {};
+        this.topicToWebSocketClient = {};
+        this.topicToRemoteDomainVerified = {};
+        this.topicToSharedSecret = {};
+        this.topicToRemotePublicKey = {};
+        this.onDomainVerifiedCallbacks = {};
+        this.onBridgeConnectCallbacks = {};
+        this.onWebsiteDomainVerifyFailureCallbacks = {};
+    }
+    /**
+     * @notice Handle an encrypted message.
+     * @param request The request.
+     * @param outerRequest The outer request.
+     */
+    async handleEncryptedMessage(topic, request, outerRequest) {
+        logger_1.default.debug('Received encrypted message:', request);
+        if (request.method === 'hello') {
+            logger_1.default.info(`Successfully verified origin domain name: ${outerRequest.origin}`);
+            this.topicToRemoteDomainVerified[topic] = true;
+            await Promise.all(this.onDomainVerifiedCallbacks[topic].map((callback) => callback()));
+        }
+        else if (request.method === 'closed_page') {
+            // TODO: Implement
+        }
+    }
+    /**
+     * @notice Scan a credentirequest QR code.
+     * @returns
+     */
+    async scan(url, { keyPairOverride, } = {}) {
+        const parsedUrl = new URL(url);
+        const domain = parsedUrl.searchParams.get('d');
+        const topic = parsedUrl.searchParams.get('t');
+        const pubkeyHex = parsedUrl.searchParams.get('p');
+        if (!domain || !topic || !pubkeyHex) {
+            throw new Error('Invalid URL: missing required parameters');
+        }
+        const pubkey = new Uint8Array(Buffer.from(pubkeyHex, 'hex'));
+        this.domain = domain;
+        const keyPair = keyPairOverride || (await (0, encryption_1.generateECDHKeyPair)());
+        this.topicToKeyPair[topic] = {
+            privateKey: keyPair.privateKey,
+            publicKey: keyPair.publicKey,
+        };
+        this.topicToRemotePublicKey[topic] = pubkey;
+        this.topicToSharedSecret[topic] = await (0, encryption_1.getSharedSecret)((0, utils_1.bytesToHex)(keyPair.privateKey), (0, utils_1.bytesToHex)(pubkey));
+        this.topicToRemoteDomainVerified[topic] = false;
+        this.onDomainVerifiedCallbacks[topic] = [];
+        this.onBridgeConnectCallbacks[topic] = [];
+        // Set up WebSocket connection
+        const wsClient = (0, websocket_1.getWebSocketClient)(`wss://bridge.zkpassport.id?topic=${topic}&pubkey=${(0, utils_1.bytesToHex)(keyPair.publicKey)}`);
+        this.topicToWebSocketClient[topic] = wsClient;
+        wsClient.onopen = async () => {
+            logger_1.default.info('[mobile] WebSocket connection established');
+            await Promise.all(this.onBridgeConnectCallbacks[topic].map((callback) => callback()));
+            // Server sends handshake automatically (when it sees a pubkey in websocket URI)
+            // wsClient.send(
+            //   JSON.stringify(
+            //     createJsonRpcRequest('handshake', {
+            //       pubkey: bytesToHex(keyPair.publicKey),
+            //     }),
+            //   ),
+            // )
+        };
+        wsClient.addEventListener('message', async (event) => {
+            logger_1.default.info('[mobile] Received message:', event.data);
+            try {
+                const data = JSON.parse(event.data);
+                const originDomain = data.origin ? new URL(data.origin).hostname : undefined;
+                // Origin domain must match domain in QR code
+                if (originDomain !== this.domain) {
+                    logger_1.default.warn(`[mobile] Origin does not match domain in QR code. Expected ${this.domain} but got ${originDomain}`);
+                    return;
+                }
+                if (data.method === 'encryptedMessage') {
+                    // Decode the payload from base64 to Uint8Array
+                    const payload = new Uint8Array(atob(data.params.payload)
+                        .split('')
+                        .map((c) => c.charCodeAt(0)));
+                    try {
+                        // Decrypt the payload using the shared secret
+                        const decrypted = await (0, encryption_1.decrypt)(payload, this.topicToSharedSecret[topic], topic);
+                        const decryptedJson = JSON.parse(decrypted);
+                        await this.handleEncryptedMessage(topic, decryptedJson, data);
+                    }
+                    catch (error) {
+                        logger_1.default.error('[mobile] Error decrypting message:', error);
+                    }
+                }
+            }
+            catch (error) {
+                logger_1.default.error('[mobile] Error:', error);
+            }
+        });
+        wsClient.onerror = (error) => {
+            logger_1.default.error('[mobile] WebSocket error:', error);
+        };
+        return {
+            domain: this.domain,
+            requestId: topic,
+            isBridgeConnected: () => this.topicToWebSocketClient[topic].readyState === WebSocket.OPEN,
+            isDomainVerified: () => this.topicToRemoteDomainVerified[topic] === true,
+            onDomainVerified: (callback) => this.onDomainVerifiedCallbacks[topic].push(callback),
+            onBridgeConnect: (callback) => this.onBridgeConnectCallbacks[topic].push(callback),
+            notifyReject: async () => {
+                await (0, json_rpc_1.sendEncryptedJsonRpcRequest)('reject', null, this.topicToSharedSecret[topic], topic, this.topicToWebSocketClient[topic]);
+            },
+            notifyAccept: async () => {
+                await (0, json_rpc_1.sendEncryptedJsonRpcRequest)('accept', null, this.topicToSharedSecret[topic], topic, this.topicToWebSocketClient[topic]);
+            },
+            notifyDone: async (proof) => {
+                await (0, json_rpc_1.sendEncryptedJsonRpcRequest)('done', { proof }, this.topicToSharedSecret[topic], topic, this.topicToWebSocketClient[topic]);
+            },
+            notifyError: async (error) => {
+                await (0, json_rpc_1.sendEncryptedJsonRpcRequest)('error', { error }, this.topicToSharedSecret[topic], topic, this.topicToWebSocketClient[topic]);
+            },
+        };
+    }
+}
+exports.ZkPassportProver = ZkPassportProver;

package/dist/{websocket.js → cjs/websocket.js}

@@ -8,8 +8,8 @@ function getWebSocketClient(url, origin) {
     }
     else {
         // Node.js environment
-        var WebSocket_1 = require('ws');
-        return new WebSocket_1(url, {
+        const WebSocket = require('ws');
+        return new WebSocket(url, {
             headers: {
                 Origin: origin || 'nodejs',
             },

package/dist/esm/encryption.d.ts

@@ -0,0 +1,7 @@
+export declare function generateECDHKeyPair(): Promise<{
+    privateKey: Uint8Array;
+    publicKey: Uint8Array;
+}>;
+export declare function getSharedSecret(privateKey: string, publicKey: string): Promise<Uint8Array>;
+export declare function encrypt(message: string, sharedSecret: Uint8Array, topic: string): Promise<Uint8Array>;
+export declare function decrypt(ciphertext: Uint8Array, sharedSecret: Uint8Array, topic: string): Promise<string>;

package/dist/esm/encryption.js

@@ -0,0 +1,40 @@
+import { gcm } from '@noble/ciphers/aes';
+import { utf8ToBytes } from '@noble/ciphers/utils';
+async function sha256Truncate(topic) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(topic);
+    const hashBuffer = await crypto.subtle.digest('SHA-256', data);
+    const fullHashArray = new Uint8Array(hashBuffer);
+    const truncatedHashArray = fullHashArray.slice(0, 12);
+    return truncatedHashArray;
+}
+export async function generateECDHKeyPair() {
+    const secp256k1 = await import('@noble/secp256k1');
+    const privKey = secp256k1.utils.randomPrivateKey();
+    const pubKey = secp256k1.getPublicKey(privKey);
+    return {
+        privateKey: privKey,
+        publicKey: pubKey,
+    };
+}
+export async function getSharedSecret(privateKey, publicKey) {
+    const secp256k1 = await import('@noble/secp256k1');
+    const sharedSecret = secp256k1.getSharedSecret(privateKey, publicKey);
+    return sharedSecret.slice(0, 32);
+}
+export async function encrypt(message, sharedSecret, topic) {
+    // Nonce must be 12 bytes
+    const nonce = await sha256Truncate(topic);
+    const aes = gcm(sharedSecret, nonce);
+    const data = utf8ToBytes(message);
+    const ciphertext = aes.encrypt(data);
+    return ciphertext;
+}
+export async function decrypt(ciphertext, sharedSecret, topic) {
+    // Nonce must be 12 bytes
+    const nonce = await sha256Truncate(topic);
+    const aes = gcm(sharedSecret, nonce);
+    const data = aes.decrypt(ciphertext);
+    const dataString = new TextDecoder().decode(data);
+    return dataString;
+}

package/dist/esm/index.d.ts

@@ -0,0 +1,191 @@
+import { type DisclosableIDCredential, type IDCredential, type IDCredentialValue, type NumericalIDCredential, type ProofResult, type QueryResult } from '@zkpassport/utils';
+export type * from '@zkpassport/utils';
+export { SANCTIONED_COUNTRIES, EU_COUNTRIES, EEA_COUNTRIES, SCHENGEN_COUNTRIES, ASEAN_COUNTRIES, MERCOSUR_COUNTRIES, } from '@zkpassport/utils';
+export type QueryBuilderResult = {
+    /**
+     * The URL of the request.
+     *
+     * You can either encode the URL in a QR code or let the user click the link
+     * to this URL on your website if they're visiting your website on their phone.
+     */
+    url: string;
+    /**
+     * The id of the request.
+     */
+    requestId: string;
+    /**
+     * Called when the user has scanned the QR code or clicked the link to the request.
+     *
+     * This means the user is currently viewing the request popup with your website information
+     * and the information requested from them.
+     */
+    onRequestReceived: (callback: () => void) => void;
+    /**
+     * Called when the user has accepted the request and
+     * started to generate the proof on their phone.
+     */
+    onGeneratingProof: (callback: () => void) => void;
+    /**
+     * Called when the SDK successfully connects to the bridge with the mobile app.
+     */
+    onBridgeConnect: (callback: () => void) => void;
+    /**
+     * Called when the user has generated a proof.
+     *
+     * There is a minimum of 4 proofs, but there can be more depending
+     * on the type of information requested from the user.
+     */
+    onProofGenerated: (callback: (proof: ProofResult) => void) => void;
+    /**
+     * Called when the user has sent the query result.
+     *
+     * The response contains the unique identifier associated to the user,
+     * your domain name and chosen scope, along with the query result and whether
+     * the proofs were successfully verified.
+     */
+    onResult: (callback: (response: {
+        uniqueIdentifier: string | undefined;
+        verified: boolean;
+        result: QueryResult;
+    }) => void) => void;
+    /**
+     * Called when the user has rejected the request.
+     */
+    onReject: (callback: () => void) => void;
+    /**
+     * Called when an error occurs, such as one of the requirements not being met
+     * or a proof failing to be generated.
+     */
+    onError: (callback: (error: string) => void) => void;
+    /**
+     * @returns true if the bridge with the mobile app is connected
+     */
+    isBridgeConnected: () => boolean;
+    /**
+     * Get if the user has scanned the QR code or the link to this request
+     * @returns true if the request has been received by the user on their phone
+     */
+    requestReceived: () => boolean;
+};
+export type QueryBuilder = {
+    /**
+     * Requires this attribute to be equal to the provided value.
+     * @param key The attribute to compare.
+     * @param value The value of the attribute you require.
+     */
+    eq: <T extends IDCredential>(key: T, value: IDCredentialValue<T>) => QueryBuilder;
+    /**
+     * Requires this attribute to be greater than or equal to the provided value.
+     * @param key The attribute to compare.
+     * @param value The value of the attribute you require.
+     */
+    gte: <T extends NumericalIDCredential>(key: T, value: IDCredentialValue<T>) => QueryBuilder;
+    /**
+     * Requires this attribute to be less than or equal to the provided value.
+     * @param key The attribute to compare.
+     * @param value The value of the attribute you require.
+     */
+    lte: <T extends 'birthdate' | 'expiry_date'>(key: T, value: IDCredentialValue<T>) => QueryBuilder;
+    /**
+     * Requires this attribute to be less than the provided value.
+     * @param key The attribute to compare.
+     * @param value The value of the attribute you require.
+     */
+    lt: <T extends 'age'>(key: T, value: IDCredentialValue<T>) => QueryBuilder;
+    /**
+     * Requires this attribute to be included in the provided range.
+     * @param key The attribute to compare.
+     * @param start The start of the range.
+     * @param end The end of the range.
+     */
+    range: <T extends NumericalIDCredential>(key: T, start: IDCredentialValue<T>, end: IDCredentialValue<T>) => QueryBuilder;
+    /**
+     * Requires this attribute to be included in the provided list.
+     * @param key The attribute to compare.
+     * @param value The list of values to check inclusion against.
+     */
+    in: <T extends 'nationality'>(key: T, value: IDCredentialValue<T>[]) => QueryBuilder;
+    /**
+     * Requires this attribute to be excluded from the provided list.
+     * @param key The attribute to compare.
+     * @param value The list of values to check exclusion against.
+     */
+    out: <T extends 'nationality'>(key: T, value: IDCredentialValue<T>[]) => QueryBuilder;
+    /**
+     * Requires this attribute to be disclosed.
+     * @param key The attribute to disclose.
+     */
+    disclose: (key: DisclosableIDCredential) => QueryBuilder;
+    /**
+     * Builds the request.
+     *
+     * This will return the URL of the request, which you can either encode in a QR code
+     * or provide as a link to the user if they're visiting your website on their phone.
+     * It also returns all the callbacks you can use to handle the user's response.
+     */
+    done: () => QueryBuilderResult;
+};
+export declare class ZKPassport {
+    private domain;
+    private topicToConfig;
+    private topicToKeyPair;
+    private topicToWebSocketClient;
+    private topicToSharedSecret;
+    private topicToRequestReceived;
+    private topicToService;
+    private topicToProofs;
+    private onRequestReceivedCallbacks;
+    private onGeneratingProofCallbacks;
+    private onBridgeConnectCallbacks;
+    private onProofGeneratedCallbacks;
+    private onResultCallbacks;
+    private onRejectCallbacks;
+    private onErrorCallbacks;
+    constructor(_domain?: string);
+    /**
+     * @notice Handle an encrypted message.
+     * @param request The request.
+     * @param outerRequest The outer request.
+     */
+    private handleEncryptedMessage;
+    private getZkPassportRequest;
+    /**
+     * @notice Create a new request.
+     * @returns The query builder object.
+     */
+    request({ name, logo, purpose, scope, topicOverride, keyPairOverride, }: {
+        name: string;
+        logo: string;
+        purpose: string;
+        scope?: string;
+        topicOverride?: string;
+        keyPairOverride?: {
+            privateKey: Uint8Array;
+            publicKey: Uint8Array;
+        };
+    }): Promise<QueryBuilder>;
+    private checkPublicInputs;
+    /**
+     * @notice Verify the proofs received from the mobile app.
+     * @param requestId The request ID.
+     * @param proofs The proofs to verify.
+     * @param queryResult The query result to verify against
+     * @returns An object containing the unique identifier associated to the user
+     * and a boolean indicating whether the proofs were successfully verified.
+     */
+    verify(requestId: string, proofs?: Array<ProofResult>, queryResult?: QueryResult): Promise<{
+        uniqueIdentifier: string | undefined;
+        verified: boolean;
+    }>;
+    /**
+     * @notice Returns the URL of the request.
+     * @param requestId The request ID.
+     * @returns The URL of the request.
+     */
+    getUrl(requestId: string): string;
+    /**
+     * @notice Cancels a request by closing the WebSocket connection and deleting the associated data.
+     * @param requestId The request ID.
+     */
+    cancelRequest(requestId: string): void;
+}