cocod 0.0.1

package/src/routes.ts

@@ -0,0 +1,298 @@
+import { getDecodedToken } from "coco-cashu-core";
+import { generateMnemonic, mnemonicToSeedSync, validateMnemonic } from "@scure/bip39";
+import { wordlist } from "@scure/bip39/wordlists/english.js";
+import { nip19 } from "nostr-tools";
+import { encryptMnemonic } from "./utils/crypto.js";
+import { initializeWallet } from "./utils/wallet.js";
+import { CONFIG_FILE, SALT_FILE } from "./utils/config.js";
+import type { WalletConfig } from "./utils/config.js";
+import type {
+  DaemonStateManager,
+  LockedState,
+  UnlockedState,
+  RouteHandler,
+} from "./utils/state.js";
+
+export function createRouteHandlers(
+  stateManager: DaemonStateManager,
+): Record<string, { GET?: RouteHandler; POST?: RouteHandler }> {
+  return {
+    "/ping": {
+      GET: async () => Response.json({ output: "pong" }),
+    },
+    "/status": {
+      GET: async (_req, state) => {
+        return Response.json({ output: state.status });
+      },
+    },
+    "/init": {
+      POST: stateManager.requireUninitialized(async (req: Request) => {
+        try {
+          const body = (await req.json()) as {
+            mnemonic?: string;
+            passphrase?: string;
+            mintUrl?: string;
+          };
+
+          let mnemonic: string;
+          if (body.mnemonic) {
+            if (!validateMnemonic(body.mnemonic, wordlist)) {
+              return Response.json({ error: "Invalid mnemonic" }, { status: 400 });
+            }
+            mnemonic = body.mnemonic;
+          } else {
+            mnemonic = generateMnemonic(wordlist, 256);
+          }
+
+          const mintUrl = body.mintUrl || "https://mint.minibits.cash/Bitcoin";
+          const encrypted = !!body.passphrase;
+
+          await Bun.write(CONFIG_FILE, "");
+          await Bun.file(CONFIG_FILE).delete();
+
+          let config: WalletConfig;
+
+          if (encrypted && body.passphrase) {
+            const { ciphertext, salt } = await encryptMnemonic(mnemonic, body.passphrase);
+
+            await Bun.write(SALT_FILE, salt);
+
+            config = {
+              version: 1,
+              mnemonic: ciphertext,
+              encrypted: true,
+              mintUrl,
+              createdAt: new Date().toISOString(),
+            };
+
+            stateManager.setLocked(ciphertext, mintUrl);
+          } else {
+            config = {
+              version: 1,
+              mnemonic,
+              encrypted: false,
+              mintUrl,
+              createdAt: new Date().toISOString(),
+            };
+
+            const manager = await initializeWallet(config);
+            const seed = mnemonicToSeedSync(mnemonic);
+            stateManager.setUnlocked(manager, mintUrl, seed);
+          }
+
+          await Bun.write(CONFIG_FILE, JSON.stringify(config, null, 2));
+
+          const output = encrypted
+            ? `Initialized (locked). Mnemonic: ${mnemonic}\nIMPORTANT: Write down this mnemonic and keep it safe!`
+            : `Initialized. Mnemonic: ${mnemonic}\nIMPORTANT: Write down this mnemonic and keep it safe!`;
+
+          return Response.json({ output });
+        } catch (error) {
+          const message = error instanceof Error ? error.message : String(error);
+          return Response.json({ error: `Init failed: ${message}` }, { status: 500 });
+        }
+      }),
+    },
+    "/unlock": {
+      POST: stateManager.requireLocked(async (req: Request, state: LockedState) => {
+        try {
+          const body = (await req.json()) as { passphrase: string };
+
+          if (!body.passphrase) {
+            return Response.json({ error: "Passphrase required" }, { status: 400 });
+          }
+
+          const salt = await Bun.file(SALT_FILE).text();
+          const { decryptMnemonic } = await import("./utils/crypto.js");
+          const mnemonic = await decryptMnemonic(state.encryptedMnemonic, body.passphrase, salt);
+
+          const config: WalletConfig = {
+            version: 1,
+            mnemonic,
+            encrypted: false,
+            mintUrl: state.mintUrl,
+            createdAt: new Date().toISOString(),
+          };
+
+          const manager = await initializeWallet(config);
+          const seed = mnemonicToSeedSync(mnemonic);
+
+          stateManager.setUnlocked(manager, state.mintUrl, seed);
+
+          return Response.json({ output: "Unlocked" });
+        } catch (error) {
+          const message = error instanceof Error ? error.message : String(error);
+          return Response.json({ error: `Unlock failed: ${message}` }, { status: 401 });
+        }
+      }),
+    },
+    "/npc/address": {
+      GET: stateManager.requireUnlocked(async (_req, state: UnlockedState) => {
+        const info = await state.manager.ext.npc.getInfo();
+        if (info.name) {
+          return Response.json({ output: `${info.name}@npuby.cash` });
+        }
+        const npub = nip19.npubEncode(info.pubkey);
+        return Response.json({ output: `${npub}@npuby.cash` });
+      }),
+    },
+
+    "/balance": {
+      GET: stateManager.requireUnlocked(async (_req, state: UnlockedState) => {
+        const balance = await state.manager.wallet.getBalances();
+        const augmentedBalance: Record<string, { [unit: string]: number }> = {};
+        Object.keys(balance).forEach((url) => {
+          augmentedBalance[url] = { sats: balance[url] || 0 };
+        });
+        return Response.json({ output: augmentedBalance });
+      }),
+    },
+    "/receive": {
+      POST: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        try {
+          const body = (await req.json()) as { token: string };
+          const token = body.token;
+          const decoded = getDecodedToken(token);
+          await state.manager.wallet.receive(token);
+          const total = decoded.proofs.reduce(
+            (a: number, c: { amount: number }) => a + c.amount,
+            0,
+          );
+          return Response.json({ output: `Received ${total}` });
+        } catch {
+          return Response.json({ error: "Receive failed" });
+        }
+      }),
+    },
+    "/mints/add": {
+      POST: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        const body = (await req.json()) as { url: string };
+        await state.manager.mint.addMint(body.url, { trusted: true });
+        return Response.json({ output: `Added mint: ${body.url}` });
+      }),
+    },
+    "/mints/list": {
+      GET: stateManager.requireUnlocked(async (_req, state: UnlockedState) => {
+        const mints = await state.manager.mint.getAllTrustedMints();
+        console.log(mints);
+        return Response.json({
+          output: mints.map((m) => m.mintUrl).join("\n"),
+        });
+      }),
+    },
+    "/mints/info": {
+      POST: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        const body = (await req.json()) as { url: string };
+        const info = await state.manager.mint.getMintInfo(body.url);
+        return Response.json({ output: info });
+      }),
+    },
+
+    "/mints/bolt11": {
+      POST: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        const body = (await req.json()) as { amount: number };
+        const quote = await state.manager.quotes.createMintQuote(state.mintUrl, body.amount);
+        return Response.json({ output: quote.request });
+      }),
+    },
+    "/history": {
+      GET: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        const url = new URL(req.url);
+        const offsetParam = url.searchParams.get("offset");
+        const limitParam = url.searchParams.get("limit");
+
+        const offset = offsetParam ? parseInt(offsetParam, 10) : 0;
+        const limit = limitParam ? parseInt(limitParam, 10) : 20;
+
+        if (isNaN(offset) || offset < 0) {
+          return Response.json({ error: "Invalid offset parameter" }, { status: 400 });
+        }
+
+        if (isNaN(limit) || limit < 1 || limit > 100) {
+          return Response.json(
+            { error: "Invalid limit parameter (must be 1-100)" },
+            { status: 400 },
+          );
+        }
+
+        const entries = await state.manager.history.getPaginatedHistory(offset, limit);
+        return Response.json({ output: entries });
+      }),
+    },
+    "/events": {
+      GET: stateManager.requireUnlocked(async (req, state: UnlockedState) => {
+        const KEEP_ALIVE_INTERVAL = 5000; // 5 seconds (prevent 8-10s idle timeout)
+
+        const stream = new ReadableStream({
+          start(controller) {
+            // Subscribe to history updates
+            const unsubscribe = state.manager.on("history:updated", (payload) => {
+              const eventData = JSON.stringify({
+                type: "history:updated",
+                timestamp: new Date().toISOString(),
+                data: payload,
+              });
+              const sseData = `data: ${eventData}\n\n`;
+              controller.enqueue(new TextEncoder().encode(sseData));
+            });
+
+            // Send periodic keep-alive pings to prevent connection timeout
+            const keepAliveInterval = setInterval(() => {
+              controller.enqueue(new TextEncoder().encode(": ping\n\n"));
+            }, KEEP_ALIVE_INTERVAL);
+
+            // Cleanup on client disconnect
+            req.signal.addEventListener("abort", () => {
+              clearInterval(keepAliveInterval);
+              unsubscribe();
+              controller.close();
+            });
+          },
+        });
+
+        return new Response(stream, {
+          headers: {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-store",
+            Connection: "keep-alive",
+          },
+        });
+      }),
+    },
+  };
+}
+
+export function buildRoutes(
+  routeHandlers: Record<string, { GET?: RouteHandler; POST?: RouteHandler }>,
+  getState: () => import("./utils/state.js").DaemonState,
+): Record<
+  string,
+  {
+    GET?: (req: Request) => Promise<Response>;
+    POST?: (req: Request) => Promise<Response>;
+  }
+> {
+  const routes: Record<
+    string,
+    {
+      GET?: (req: Request) => Promise<Response>;
+      POST?: (req: Request) => Promise<Response>;
+    }
+  > = {};
+
+  for (const [path, handlers] of Object.entries(routeHandlers)) {
+    routes[path] = {};
+
+    if (handlers.GET) {
+      const handler = handlers.GET;
+      routes[path]!.GET = async (req: Request) => handler(req, getState());
+    }
+
+    if (handlers.POST) {
+      const handler = handlers.POST;
+      routes[path]!.POST = async (req: Request) => handler(req, getState());
+    }
+  }
+
+  return routes;
+}

package/src/utils/config.ts

@@ -0,0 +1,16 @@
+import { homedir } from "node:os";
+
+export const CONFIG_DIR = `${homedir()}/.cocod`;
+export const SOCKET_PATH = process.env.COCOD_SOCKET || `${CONFIG_DIR}/cocod.sock`;
+export const PID_FILE = process.env.COCOD_PID || `${CONFIG_DIR}/cocod.pid`;
+export const CONFIG_FILE = `${CONFIG_DIR}/config.json`;
+export const SALT_FILE = `${CONFIG_DIR}/salt`;
+export const DB_FILE = `${CONFIG_DIR}/coco.db`;
+
+export interface WalletConfig {
+  version: number;
+  mnemonic: string;
+  encrypted: boolean;
+  mintUrl: string;
+  createdAt: string;
+}

package/src/utils/crypto.ts

@@ -0,0 +1,68 @@
+export async function deriveKey(passphrase: string, salt: Uint8Array): Promise<CryptoKey> {
+  const encoder = new TextEncoder();
+  const passphraseData = encoder.encode(passphrase);
+
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    passphraseData,
+    { name: "PBKDF2" },
+    false,
+    ["deriveBits", "deriveKey"],
+  );
+
+  return crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt: Buffer.from(salt).buffer as ArrayBuffer,
+      iterations: 100000,
+      hash: "SHA-256",
+    },
+    keyMaterial,
+    { name: "AES-GCM", length: 256 },
+    false,
+    ["encrypt", "decrypt"],
+  );
+}
+
+export async function encryptMnemonic(
+  mnemonic: string,
+  passphrase: string,
+): Promise<{ ciphertext: string; salt: string }> {
+  const salt = crypto.getRandomValues(new Uint8Array(16));
+  const key = await deriveKey(passphrase, salt);
+
+  const encoder = new TextEncoder();
+  const plaintext = encoder.encode(mnemonic);
+
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+
+  const ciphertext = await crypto.subtle.encrypt({ name: "AES-GCM", iv: iv }, key, plaintext);
+
+  const combined = new Uint8Array(iv.length + new Uint8Array(ciphertext).length);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(ciphertext), iv.length);
+
+  return {
+    ciphertext: Buffer.from(combined).toString("base64"),
+    salt: Buffer.from(salt).toString("base64"),
+  };
+}
+
+export async function decryptMnemonic(
+  ciphertext: string,
+  passphrase: string,
+  salt: string,
+): Promise<string> {
+  const combined = Buffer.from(ciphertext, "base64");
+  const saltBytes = Buffer.from(salt, "base64");
+
+  const key = await deriveKey(passphrase, saltBytes);
+
+  const iv = combined.slice(0, 12);
+  const encrypted = combined.slice(12);
+
+  const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv: iv }, key, encrypted);
+
+  const decoder = new TextDecoder();
+  return decoder.decode(decrypted);
+}

package/src/utils/state.ts

@@ -0,0 +1,128 @@
+import type { Manager } from "coco-cashu-core";
+
+export interface UninitializedState {
+  status: "UNINITIALIZED";
+}
+
+export interface LockedState {
+  status: "LOCKED";
+  encryptedMnemonic: string;
+  mintUrl: string;
+}
+
+export interface UnlockedState {
+  status: "UNLOCKED";
+  manager: Manager;
+  mintUrl: string;
+  seed: Uint8Array;
+}
+
+export interface ErrorState {
+  status: "ERROR";
+  message: string;
+}
+
+export type DaemonState = UninitializedState | LockedState | UnlockedState | ErrorState;
+
+export type RouteHandler = (req: Request, state: DaemonState) => Promise<Response>;
+
+export class DaemonStateManager {
+  private state: DaemonState;
+
+  constructor(initialState: DaemonState = { status: "UNINITIALIZED" }) {
+    this.state = initialState;
+  }
+
+  getState(): DaemonState {
+    return this.state;
+  }
+
+  isUnlocked(): this is { getState: () => UnlockedState } {
+    return this.state.status === "UNLOCKED";
+  }
+
+  isLocked(): this is { getState: () => LockedState } {
+    return this.state.status === "LOCKED";
+  }
+
+  isUninitialized(): boolean {
+    return this.state.status === "UNINITIALIZED";
+  }
+
+  setLocked(encryptedMnemonic: string, mintUrl: string): void {
+    this.state = { status: "LOCKED", encryptedMnemonic, mintUrl };
+  }
+
+  setUnlocked(manager: Manager, mintUrl: string, seed: Uint8Array): void {
+    this.state = { status: "UNLOCKED", manager, mintUrl, seed };
+  }
+
+  setUninitialized(): void {
+    this.state = { status: "UNINITIALIZED" };
+  }
+
+  setError(message: string): void {
+    this.state = { status: "ERROR", message };
+  }
+
+  requireUnlocked(
+    handler: (req: Request, state: UnlockedState) => Promise<Response>,
+  ): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "UNLOCKED") {
+        if (state.status === "LOCKED") {
+          return Response.json(
+            {
+              error: "Wallet is locked. Run 'cocod unlock <passphrase>' to decrypt.",
+            },
+            { status: 403 },
+          );
+        }
+        if (state.status === "UNINITIALIZED") {
+          return Response.json(
+            {
+              error: "Wallet not initialized. Run 'cocod init [mnemonic]' first.",
+            },
+            { status: 503 },
+          );
+        }
+        return Response.json({ error: "Wallet error" }, { status: 500 });
+      }
+      return handler(req, state as UnlockedState);
+    };
+  }
+
+  requireUninitialized(handler: (req: Request) => Promise<Response>): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "UNINITIALIZED") {
+        return Response.json(
+          {
+            error: "Wallet already initialized. Delete ~/.cocod/config.json to reset.",
+          },
+          { status: 409 },
+        );
+      }
+      return handler(req);
+    };
+  }
+
+  requireLocked(handler: (req: Request, state: LockedState) => Promise<Response>): RouteHandler {
+    return async (req: Request, state: DaemonState) => {
+      if (state.status !== "LOCKED") {
+        if (state.status === "UNINITIALIZED") {
+          return Response.json(
+            {
+              error: "Wallet not initialized. Run 'cocod init [mnemonic]' first.",
+            },
+            { status: 503 },
+          );
+        }
+        if (state.status === "UNLOCKED") {
+          return Response.json({ error: "Wallet is already unlocked" }, { status: 409 });
+        }
+        return Response.json({ error: "Wallet error" }, { status: 500 });
+      }
+      return handler(req, state as LockedState);
+    };
+  }
+}

package/src/utils/wallet.ts

@@ -0,0 +1,49 @@
+import { initializeCoco, ConsoleLogger, type Manager } from "coco-cashu-core";
+import { SqliteRepositories } from "coco-cashu-sqlite3";
+import { mnemonicToSeedSync } from "@scure/bip39";
+import { Database } from "sqlite3";
+import { NPCPlugin } from "coco-cashu-plugin-npc";
+import { privateKeyFromSeedWords } from "nostr-tools/nip06";
+import { finalizeEvent, type EventTemplate } from "nostr-tools";
+import { decryptMnemonic } from "./crypto.js";
+import { SALT_FILE, DB_FILE } from "./config.js";
+import type { WalletConfig } from "./config.js";
+
+export async function initializeWallet(
+  config: WalletConfig,
+  passphrase?: string,
+): Promise<Manager> {
+  let mnemonic: string;
+
+  if (config.encrypted) {
+    if (!passphrase) {
+      throw new Error("Passphrase required for encrypted wallet");
+    }
+    const salt = await Bun.file(SALT_FILE).text();
+    mnemonic = await decryptMnemonic(config.mnemonic, passphrase, salt);
+  } else {
+    mnemonic = config.mnemonic;
+  }
+
+  const seed = mnemonicToSeedSync(mnemonic);
+
+  const repo = new SqliteRepositories({ database: new Database(DB_FILE) });
+  const logger = new ConsoleLogger("Coco", { level: "info" });
+  const sk = privateKeyFromSeedWords(mnemonic);
+  const signer = async (t: EventTemplate) => finalizeEvent(t, sk);
+  const npcPlugin = new NPCPlugin("https://npuby.cash", signer, {
+    useWebsocket: true,
+    logger,
+  });
+  const coco = await initializeCoco({
+    repo,
+    seedGetter: async () => seed,
+    logger,
+  });
+
+  coco.use(npcPlugin);
+
+  await coco.mint.addMint(config.mintUrl, { trusted: true });
+
+  return coco;
+}

package/tsconfig.json

@@ -0,0 +1,29 @@
+{
+  "compilerOptions": {
+    // Environment setup & latest features
+    "lib": ["ESNext"],
+    "target": "ESNext",
+    "module": "Preserve",
+    "moduleDetection": "force",
+    "jsx": "react-jsx",
+    "allowJs": true,
+
+    // Bundler mode
+    "moduleResolution": "bundler",
+    "allowImportingTsExtensions": true,
+    "verbatimModuleSyntax": true,
+    "noEmit": true,
+
+    // Best practices
+    "strict": true,
+    "skipLibCheck": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUncheckedIndexedAccess": true,
+    "noImplicitOverride": true,
+
+    // Some stricter flags (disabled by default)
+    "noUnusedLocals": false,
+    "noUnusedParameters": false,
+    "noPropertyAccessFromIndexSignature": false
+  }
+}