npm - bitcoincash-oauth-client - Versions diffs - 0.1.0 - Mend

bitcoincash-oauth-client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,445 @@
+/**
+ * bitcoincash-oauth-client v1.0.0
+ * Universal Bitcoin Cash OAuth Client
+ * Works in both browser and Node.js environments
+ */
+import { instantiateSecp256k1, generatePrivateKey, CashAddressNetworkPrefix, encodeCashAddress, CashAddressType } from '@bitauth/libauth';
+/**
+ * Environment utilities for cross-platform crypto operations
+ * Handles browser vs Node.js differences
+ */
+let cryptoModule = null;
+/**
+ * Get the Node.js crypto module (cached)
+ * @returns {Object|null} Crypto module or null if not available
+ */
+async function getNodeCrypto() {
+  if (cryptoModule !== null) {
+    return cryptoModule;
+  }
+  try {
+    // Dynamic import for ES module compatibility
+    const crypto = await import('crypto');
+    cryptoModule = crypto.default || crypto;
+    return cryptoModule;
+  } catch (e) {
+    cryptoModule = false;
+    return null;
+  }
+}
+/**
+ * Generate secure random bytes (cross-platform)
+ * @param {number} length - Number of bytes to generate
+ * @returns {Uint8Array} Random bytes
+ */
+async function getRandomBytes(length) {
+  // Browser environment: use crypto.getRandomValues
+  if (typeof crypto !== 'undefined' && crypto.getRandomValues) {
+    return crypto.getRandomValues(new Uint8Array(length));
+  }
+  // Node.js environment: use crypto module
+  const nodeCrypto = await getNodeCrypto();
+  if (nodeCrypto) {
+    return new Uint8Array(nodeCrypto.randomBytes(length));
+  }
+  throw new Error('Unable to generate secure random bytes - no crypto implementation available');
+}
+/**
+ * SHA256 hash (cross-platform)
+ * @param {Uint8Array} data
+ * @returns {Promise<Uint8Array>}
+ */
+async function sha256(data) {
+  // Browser: use crypto.subtle
+  if (typeof crypto !== 'undefined' && crypto.subtle) {
+    const hashBuffer = await crypto.subtle.digest("SHA-256", data);
+    return new Uint8Array(hashBuffer);
+  }
+  // Node.js: use crypto module
+  const nodeCrypto = await getNodeCrypto();
+  if (nodeCrypto) {
+    return new Uint8Array(nodeCrypto.createHash('sha256').update(data).digest());
+  }
+  throw new Error('SHA256 not available');
+}
+/**
+ * RIPEMD160 hash (cross-platform)
+ * @param {Uint8Array} data
+ * @returns {Promise<Uint8Array>}
+ */
+async function ripemd160(data) {
+  // Node.js: use crypto module (preferred)
+  const nodeCrypto = await getNodeCrypto();
+  if (nodeCrypto) {
+    return new Uint8Array(nodeCrypto.createHash('ripemd160').update(data).digest());
+  }
+  throw new Error('RIPEMD160 not available. This is required for Bitcoin Cash address generation.');
+}
+/**
+ * Get fetch implementation for current environment
+ * @returns {Function} Fetch implementation
+ */
+function getFetch() {
+  // Use global fetch if available (browser or Node.js 18+)
+  if (typeof fetch !== 'undefined') {
+    return fetch;
+  }
+  throw new Error('No fetch implementation available. For Node.js < 18, install node-fetch and pass it as an option.');
+}
+/**
+ * Bitcoin Cash OAuth Client Library
+ * Universal client that works in both browser and Node.js environments
+ *
+ * Uses libauth for key generation and ECDSA signing
+ */
+/**
+ * @typedef {Object} Keypair
+ * @property {string} privateKey - Hex-encoded private key
+ * @property {string} publicKey - Hex-encoded compressed public key
+ * @property {string} address - Bitcoin Cash address
+ */
+/**
+ * @typedef {Object} OAuthClientOptions
+ * @property {string} [serverUrl="http://localhost:8000"] - OAuth server URL
+ * @property {string} [network="mainnet"] - Network type ("mainnet" or "testnet")
+ * @property {SecureStorage} [secureStorage] - Storage interface for tokens
+ * @property {Function} [fetch] - Custom fetch implementation (optional)
+ */
+/**
+ * @typedef {Object} SecureStorage
+ * @property {function(string): string|null} getItem
+ * @property {function(string, string): void} setItem
+ * @property {function(string): void} removeItem
+ */
+/**
+ * @typedef {Object} AuthenticationResult
+ * @property {string} access_token - JWT access token
+ * @property {string} refresh_token - Refresh token
+ * @property {number} expires_in - Token expiration in seconds
+ * @property {string} token_type - Token type (e.g., "bearer")
+ */
+/**
+ * Bitcoin Cash OAuth Client
+ * Universal client library for browser and Node.js
+ */
+class BitcoinCashOAuthClient {
+  /**
+   * Create a new OAuth client instance
+   * @param {OAuthClientOptions} options - Configuration options
+   */
+  constructor(options = {}) {
+    this.serverUrl = options.serverUrl || "http://localhost:8000";
+    this.network = options.network || "mainnet";
+    this.secureStorage = options.secureStorage || null;
+    this.fetchImpl = options.fetch || getFetch();
+    this.secp256k1 = null;
+  }
+  /**
+   * Initialize the client by instantiating secp256k1
+   * @returns {Promise<BitcoinCashOAuthClient>} The initialized client instance
+   */
+  async init() {
+    if (!this.secp256k1) {
+      this.secp256k1 = await instantiateSecp256k1();
+    }
+    return this;
+  }
+  /**
+   * Generate a new Bitcoin Cash keypair
+   * @returns {Promise<Keypair>} Keypair object with privateKey, publicKey, and address
+   */
+  async generateKeypair() {
+    await this.init();
+    // Generate random bytes for private key
+    const randomBytes = await getRandomBytes(32);
+    // libauth's generatePrivateKey expects a function that returns Uint8Array
+    // We create a closure that returns our pre-generated random bytes
+    const secureRandom = () => randomBytes;
+    // Generate private key (32 bytes)
+    const privateKeyBytes = generatePrivateKey(secureRandom);
+    // Derive compressed public key (33 bytes)
+    const publicKeyBytes = this.secp256k1.derivePublicKeyCompressed(privateKeyBytes);
+    // Convert to address
+    const address = await this.publicKeyToCashAddress(publicKeyBytes);
+    return {
+      privateKey: this.bytesToHex(privateKeyBytes),
+      publicKey: this.bytesToHex(publicKeyBytes),
+      address,
+    };
+  }
+  /**
+   * Convert public key to Bitcoin Cash CashAddr format
+   * @param {Uint8Array} publicKey - Compressed public key
+   * @returns {Promise<string>} Bitcoin Cash CashAddr address
+   */
+  async publicKeyToCashAddress(publicKey) {
+    // Hash public key: RIPEMD160(SHA256(publicKey))
+    const sha256Hash = await sha256(publicKey);
+    const ripemd160Hash = await ripemd160(sha256Hash);
+    // Determine network prefix
+    const prefix = this.network === "mainnet"
+      ? CashAddressNetworkPrefix.mainnet
+      : CashAddressNetworkPrefix.testnet;
+    // Encode as CashAddr (P2PKH type)
+    const address = encodeCashAddress(prefix, CashAddressType.P2PKH, ripemd160Hash);
+    if (typeof address !== 'string') {
+      throw new Error(`Failed to encode CashAddress: ${address}`);
+    }
+    return address;
+  }
+  /**
+   * Convert bytes to hex string
+   * @param {Uint8Array} bytes
+   * @returns {string}
+   */
+  bytesToHex(bytes) {
+    return Array.from(bytes)
+      .map(b => b.toString(16).padStart(2, "0"))
+      .join("");
+  }
+  /**
+   * Convert hex string to bytes
+   * @param {string} hex
+   * @returns {Uint8Array}
+   */
+  hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+      bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
+    }
+    return bytes;
+  }
+  /**
+   * Register a new user with the server
+   * @param {string} address - Bitcoin Cash address
+   * @param {string} [userId] - Optional user-provided ID
+   * @returns {Promise<Object>} Registration result with assigned userId
+   */
+  async register(address, userId = null) {
+    const response = await this.fetchImpl(`${this.serverUrl}/auth/register`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        address,
+        user_id: userId,
+      }),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Registration failed: ${response.status} ${response.statusText} - ${error}`);
+    }
+    return await response.json();
+  }
+  /**
+   * Create authentication message (protocol|domain|userId|timestamp)
+   * @param {string} userId
+   * @param {number} [timestamp] - Unix timestamp (defaults to now)
+   * @param {string} [domain] - Domain/host (defaults to window.location.host or 'oauth')
+   * @returns {string}
+   */
+  createAuthMessage(userId, timestamp = null, domain = null) {
+    const ts = timestamp || Math.floor(Date.now() / 1000);
+    const host = domain || (typeof window !== 'undefined' && window?.location?.host) || 'oauth';
+    return `bitcoincash-oauth|${host}|${userId}|${ts}`;
+  }
+  /**
+   * Sign authentication message with private key
+   * @param {string} message - The message to sign (userId,timestamp)
+   * @param {string} privateKeyHex - Hex-encoded private key
+   * @returns {Promise<string>} DER-encoded signature in hex
+   */
+  async signAuthMessage(message, privateKeyHex) {
+    await this.init();
+    const privateKey = this.hexToBytes(privateKeyHex);
+    // Hash the message using SHA256
+    const messageBytes = new TextEncoder().encode(message);
+    const messageHash = await sha256(messageBytes);
+    // Sign using secp256k1
+    const signature = this.secp256k1.signMessageHashDER(privateKey, messageHash);
+    return this.bytesToHex(signature);
+  }
+  /**
+   * Authenticate with the server
+   * @param {string} userId
+   * @param {string} privateKeyHex
+   * @param {string} publicKeyHex
+   * @param {number} [timestamp] - Optional timestamp
+   * @param {string} [domain] - Optional domain for message binding
+   * @returns {Promise<AuthenticationResult>} Authentication result with access_token
+   */
+  async authenticate(userId, privateKeyHex, publicKeyHex, timestamp = null, domain = null) {
+    const ts = timestamp || Math.floor(Date.now() / 1000);
+    const message = this.createAuthMessage(userId, ts, domain);
+    const signature = await this.signAuthMessage(message, privateKeyHex);
+    const response = await this.fetchImpl(`${this.serverUrl}/auth/token`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        user_id: userId,
+        timestamp: ts,
+        public_key: publicKeyHex,
+        signature: signature,
+      }),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Authentication failed: ${response.status} ${response.statusText} - ${error}`);
+    }
+    const result = await response.json();
+    // Store token if secure storage is available
+    if (this.secureStorage && result.access_token) {
+      this.secureStorage.setItem("oauth_token", result.access_token);
+    }
+    return result;
+  }
+  /**
+   * Get stored token
+   * @returns {string|null}
+   */
+  getToken() {
+    if (this.secureStorage) {
+      return this.secureStorage.getItem("oauth_token");
+    }
+    return null;
+  }
+  /**
+   * Make authenticated request
+   * @param {string} endpoint - API endpoint (relative to serverUrl)
+   * @param {Object} [options] - Fetch options
+   * @returns {Promise<Response>}
+   */
+  async authenticatedRequest(endpoint, options = {}) {
+    const token = this.getToken();
+    if (!token) {
+      throw new Error("No authentication token available");
+    }
+    const headers = {
+      "Authorization": `Bearer ${token}`,
+      ...options.headers,
+    };
+    return this.fetchImpl(`${this.serverUrl}${endpoint}`, {
+      ...options,
+      headers,
+    });
+  }
+  /**
+   * Refresh access token
+   * @param {string} refreshToken
+   * @returns {Promise<AuthenticationResult>}
+   */
+  async refreshToken(refreshToken) {
+    const response = await this.fetchImpl(`${this.serverUrl}/auth/refresh`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        refresh_token: refreshToken,
+      }),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Token refresh failed: ${response.status} ${response.statusText} - ${error}`);
+    }
+    const result = await response.json();
+    if (this.secureStorage && result.access_token) {
+      this.secureStorage.setItem("oauth_token", result.access_token);
+    }
+    return result;
+  }
+  /**
+   * Revoke token
+   * @param {string} token
+   * @returns {Promise<Object>}
+   */
+  async revokeToken(token) {
+    const response = await this.fetchImpl(`${this.serverUrl}/auth/revoke`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        token,
+      }),
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Token revocation failed: ${response.status} ${response.statusText} - ${error}`);
+    }
+    if (this.secureStorage) {
+      this.secureStorage.removeItem("oauth_token");
+    }
+    return await response.json();
+  }
+}
+export { BitcoinCashOAuthClient, BitcoinCashOAuthClient as default };

package/package.json ADDED Viewed

@@ -0,0 +1,60 @@
+{
+  "name": "bitcoincash-oauth-client",
+  "version": "0.1.0",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/paytaca/bitcoincash-oauth.git"
+  },
+  "description": "Universal JavaScript client library for Bitcoin Cash OAuth authentication - works in both browser and Node.js environments",
+  "main": "dist/index.cjs",
+  "module": "dist/index.mjs",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.cjs"
+      }
+    }
+  },
+  "files": [
+    "dist",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "rollup -c",
+    "prepublishOnly": "npm run build",
+    "test": "node test/test.js"
+  },
+  "keywords": [
+    "bitcoin-cash",
+    "bch",
+    "oauth",
+    "authentication",
+    "libauth",
+    "browser",
+    "nodejs",
+    "universal"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "@bitauth/libauth": "^1.19.1"
+  },
+  "devDependencies": {
+    "@rollup/plugin-commonjs": "^25.0.0",
+    "@rollup/plugin-node-resolve": "^15.0.0",
+    "@rollup/plugin-terser": "^0.4.0",
+    "rollup": "^4.0.0",
+    "typescript": "^5.3.0"
+  },
+  "engines": {
+    "node": ">=14.0.0"
+  }
+}