npm - epistery - Versions diffs - 1.2.3 → 1.2.4 - Mend

epistery 1.2.3 → 1.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.mjs CHANGED Viewed

@@ -45,6 +45,7 @@ class EpisteryAttach {
     this.rootPath = rootPath || '/.well-known/epistery';
     app.locals.epistery = this;
+    // Domain middleware - set domain from hostname
     app.use(async (req, res, next) => {
       if (req.app.locals.epistery.domain?.name !== req.hostname) {
         await req.app.locals.epistery.setDomain(req.hostname);
@@ -52,6 +53,25 @@ class EpisteryAttach {
       next();
     });
+    // Session middleware - restore req.episteryClient from _epistery cookie
+    app.use(async (req, res, next) => {
+      if (!req.episteryClient && req.cookies?._epistery) {
+        try {
+          const sessionData = JSON.parse(Buffer.from(req.cookies._epistery, 'base64').toString('utf8'));
+          if (sessionData && sessionData.rivetAddress) {
+            req.episteryClient = {
+              address: sessionData.rivetAddress,
+              publicKey: sessionData.publicKey,
+              authenticated: sessionData.authenticated || false
+            };
+          }
+        } catch (e) {
+          // Invalid session cookie, ignore
+        }
+      }
+      next();
+    });
     // Middleware to enrich request with notabot score
     app.use(async (req, res, next) => {
       // Check if client info is available (from key exchange or authentication)
@@ -174,6 +194,40 @@ class EpisteryAttach {
     );
   }
+  /**
+   * Get the contract sponsor (owner) address
+   * @returns {Promise<string>} The sponsor's Ethereum address
+   */
+  async getSponsor() {
+    if (!this.domain?.wallet) {
+      throw new Error('Server wallet not initialized for domain');
+    }
+    if (!this.domainName) {
+      throw new Error('Domain name not set');
+    }
+    // Initialize server wallet if not already done
+    const serverWallet = Utils.InitServerWallet(this.domainName);
+    if (!serverWallet) {
+      throw new Error('Server wallet not connected');
+    }
+    // Get contract address from domain config
+    this.config.setPath(`/${this.domainName}`);
+    const contractAddress = this.config.data?.agent_contract_address || process.env.AGENT_CONTRACT_ADDRESS;
+    if (!contractAddress) {
+      throw new Error('Agent contract address not configured for domain');
+    }
+    // Get sponsor from contract
+    const ethers = await import('ethers');
+    const AgentArtifact = await import('epistery-plugin/artifacts/contracts/agent.sol/Agent.json', { with: { type: 'json' } });
+    const contract = new ethers.Contract(contractAddress, AgentArtifact.default.abi, serverWallet.ethers);
+    return await contract.sponsor();
+  }
   /**
    * Add an address to a named list
    * @param {string} listName - Name of the list
@@ -463,7 +517,6 @@ class EpisteryAttach {
       "wallet.js": path.resolve(__dirname, "client/wallet.js"),
       "notabot.js": path.resolve(__dirname, "client/notabot.js"),
       "export.js": path.resolve(__dirname, "client/export.js"),
-      "delegation.js": path.resolve(__dirname, "client/delegation.js"),
       "ethers.js": path.resolve(__dirname, "client/ethers.js"),
       "ethers.min.js": path.resolve(__dirname, "client/ethers.min.js")
     };
@@ -529,24 +582,6 @@ class EpisteryAttach {
       res.send(template);
     });
-    // Delegation approval UI
-    router.get('/delegate', (req, res) => {
-      // Normalize rootPath to ensure it doesn't have trailing slash
-      let rootPath = req.baseUrl || '';
-      if (rootPath === '/') rootPath = '';
-      const templatePath = path.resolve(__dirname, 'client/delegate.html');
-      if (!fs.existsSync(templatePath)) {
-        return res.status(404).send('Delegation template not found');
-      }
-      let template = fs.readFileSync(templatePath, 'utf8');
-      template = template.replace(/\{\{epistery\.rootPath\}\}/g, rootPath);
-      res.send(template);
-    });
     // Key exchange endpoint - handles POST requests for key exchange
     router.post('/connect', async (req, res) => {
       try {
@@ -576,6 +611,22 @@ class EpisteryAttach {
         }
         req.episteryClient = clientInfo;
+        // Create session cookie with rivet identity
+        const sessionData = {
+          rivetAddress: data.clientAddress,
+          publicKey: data.clientPublicKey,
+          authenticated: clientInfo.authenticated || false,
+          timestamp: new Date().toISOString()
+        };
+        const sessionToken = Buffer.from(JSON.stringify(sessionData)).toString('base64');
+        res.cookie('_epistery', sessionToken, {
+          httpOnly: true,
+          secure: req.secure || req.headers['x-forwarded-proto'] === 'https',
+          sameSite: 'strict',
+          path: '/',
+          maxAge: 24 * 60 * 60 * 1000  // 24 hours
+        });
         // Call onAuthenticated hook if provided
         if (this.options.onAuthenticated && clientInfo.authenticated) {
           await this.options.onAuthenticated(clientInfo, req, res);
@@ -994,10 +1045,6 @@ class EpisteryAttach {
         const domain = req.hostname;
         const { provider } = body;
-        console.log(`[debug] Domain initialization request for: ${domain}`);
-        console.log(`[debug] Provider payload:`, JSON.stringify(provider, null, 2));
-        console.log(`[debug] Full request body:`, JSON.stringify(body, null, 2));
         if (!provider || !provider.name || !provider.chainId || !provider.rpc) {
           return res.status(400).json({ error: 'Invalid provider configuration' });
         }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "epistery",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "description": "Epistery brings blockchain capabilities to mundane web tasks like engagement metrics, authentication and commerce of all sorts.",
   "author": "Rootz Corp.",
   "license": "MIT",

package/client/delegate.html DELETED Viewed

@@ -1,403 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>Delegation Request - Epistery</title>
-  <style>
-    * {
-      box-sizing: border-box;
-      margin: 0;
-      padding: 0;
-    }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      padding: 20px;
-    }
-    .container {
-      background: white;
-      border-radius: 20px;
-      box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
-      max-width: 600px;
-      width: 100%;
-      padding: 40px;
-    }
-    .header {
-      text-align: center;
-      margin-bottom: 30px;
-    }
-    .icon {
-      font-size: 64px;
-      margin-bottom: 20px;
-    }
-    h1 {
-      color: #2d3748;
-      font-size: 28px;
-      margin-bottom: 10px;
-    }
-    .subtitle {
-      color: #718096;
-      font-size: 14px;
-    }
-    .request-info {
-      background: #f7fafc;
-      border-radius: 12px;
-      padding: 24px;
-      margin: 24px 0;
-    }
-    .request-item {
-      display: flex;
-      justify-content: space-between;
-      align-items: center;
-      padding: 12px 0;
-      border-bottom: 1px solid #e2e8f0;
-    }
-    .request-item:last-child {
-      border-bottom: none;
-    }
-    .request-label {
-      color: #4a5568;
-      font-weight: 600;
-      font-size: 14px;
-    }
-    .request-value {
-      color: #2d3748;
-      font-family: monospace;
-      font-size: 13px;
-      background: white;
-      padding: 6px 12px;
-      border-radius: 6px;
-      max-width: 60%;
-      overflow: hidden;
-      text-overflow: ellipsis;
-    }
-    .permissions {
-      margin: 24px 0;
-    }
-    .permissions h3 {
-      color: #2d3748;
-      font-size: 16px;
-      margin-bottom: 12px;
-    }
-    .permission-list {
-      list-style: none;
-    }
-    .permission-item {
-      padding: 12px;
-      background: #f0fff4;
-      border-left: 4px solid #48bb78;
-      margin-bottom: 8px;
-      border-radius: 6px;
-      color: #2d3748;
-      font-size: 14px;
-    }
-    .permission-item::before {
-      content: '✓ ';
-      color: #48bb78;
-      font-weight: bold;
-      margin-right: 8px;
-    }
-    .info-box {
-      background: #ebf8ff;
-      border-left: 4px solid #4299e1;
-      padding: 16px;
-      border-radius: 6px;
-      margin: 20px 0;
-    }
-    .info-box p {
-      color: #2c5282;
-      font-size: 14px;
-      line-height: 1.5;
-    }
-    .buttons {
-      display: flex;
-      gap: 12px;
-      margin-top: 24px;
-    }
-    button {
-      flex: 1;
-      padding: 16px 24px;
-      border: none;
-      border-radius: 10px;
-      font-size: 16px;
-      font-weight: 600;
-      cursor: pointer;
-      transition: all 0.2s;
-    }
-    .approve-btn {
-      background: #48bb78;
-      color: white;
-    }
-    .approve-btn:hover:not(:disabled) {
-      background: #38a169;
-      transform: translateY(-2px);
-      box-shadow: 0 4px 12px rgba(72, 187, 120, 0.4);
-    }
-    .deny-btn {
-      background: #e2e8f0;
-      color: #4a5568;
-    }
-    .deny-btn:hover:not(:disabled) {
-      background: #cbd5e0;
-    }
-    button:disabled {
-      opacity: 0.6;
-      cursor: not-allowed;
-    }
-    .loading {
-      text-align: center;
-      padding: 40px;
-    }
-    .spinner {
-      border: 4px solid #f3f4f6;
-      border-top: 4px solid #667eea;
-      border-radius: 50%;
-      width: 40px;
-      height: 40px;
-      animation: spin 1s linear infinite;
-      margin: 0 auto 20px;
-    }
-    @keyframes spin {
-      0% { transform: rotate(0deg); }
-      100% { transform: rotate(360deg); }
-    }
-    .error {
-      background: #fed7d7;
-      border-left: 4px solid #f56565;
-      padding: 16px;
-      border-radius: 6px;
-      margin: 20px 0;
-      color: #742a2a;
-    }
-    .merkle-info {
-      background: #fef5e7;
-      border-left: 4px solid #f59e0b;
-      padding: 16px;
-      border-radius: 6px;
-      margin: 20px 0;
-      font-size: 14px;
-      color: #78350f;
-    }
-    .merkle-info strong {
-      color: #92400e;
-    }
-  </style>
-</head>
-<body>
-  <div class="container" id="app">
-    <div class="loading">
-      <div class="spinner"></div>
-      <p>Loading delegation request...</p>
-    </div>
-  </div>
-  <script type="module">
-    import Witness from '{{epistery.rootPath}}/lib/witness.js';
-    import { createDelegationToken, getDelegatedDomains } from '{{epistery.rootPath}}/lib/delegation.js';
-    let witness = null;
-    const params = new URLSearchParams(window.location.search);
-    const targetDomain = params.get('domain');
-    const returnUrl = params.get('return');
-    const scopeParam = params.get('scope');
-    const scope = scopeParam ? JSON.parse(decodeURIComponent(scopeParam)) : ['whitelist:read'];
-    async function init() {
-      const app = document.getElementById('app');
-      try {
-        // Connect to Epistery
-        const rootPath = '{{epistery.rootPath}}';
-        witness = await Witness.connect({ rootPath });
-        if (!witness || !witness.wallet) {
-          throw new Error('Failed to connect to Epistery wallet');
-        }
-        // Validate parameters
-        if (!targetDomain || !returnUrl) {
-          throw new Error('Missing required parameters: domain and return URL');
-        }
-        // Render approval UI
-        renderApprovalUI(app);
-      } catch (error) {
-        console.error('Delegation init error:', error);
-        app.innerHTML = `
-          <div class="error">
-            <h3>Error</h3>
-            <p>${error.message}</p>
-          </div>
-          <div class="buttons">
-            <button onclick="window.close()" class="deny-btn">Close</button>
-          </div>
-        `;
-      }
-    }
-    function renderApprovalUI(container) {
-      const rivetAddress = witness.wallet.rivetAddress || witness.wallet.address;
-      const delegations = getDelegatedDomains();
-      const alreadyDelegated = delegations.includes(targetDomain);
-      container.innerHTML = `
-        <div class="header">
-          <div class="icon">🔐</div>
-          <h1>Delegation Request</h1>
-          <p class="subtitle">Epistery · Secure Authentication</p>
-        </div>
-        <div class="request-info">
-          <div class="request-item">
-            <span class="request-label">Requesting Site:</span>
-            <span class="request-value">${targetDomain}</span>
-          </div>
-          <div class="request-item">
-            <span class="request-label">Your Rivet:</span>
-            <span class="request-value">${rivetAddress.substring(0, 12)}...${rivetAddress.substring(rivetAddress.length - 8)}</span>
-          </div>
-          <div class="request-item">
-            <span class="request-label">Valid For:</span>
-            <span class="request-value">30 days</span>
-          </div>
-        </div>
-        <div class="permissions">
-          <h3>Requested Permissions:</h3>
-          <ul class="permission-list">
-            ${scope.map(s => `<li class="permission-item">${formatScope(s)}</li>`).join('')}
-          </ul>
-        </div>
-        ${alreadyDelegated ? `
-          <div class="merkle-info">
-            ⚠️ <strong>Note:</strong> You have already delegated access to <strong>${targetDomain}</strong>. Approving again will create a new token.
-          </div>
-        ` : `
-          <div class="merkle-info">
-            This will add <strong>${targetDomain}</strong> to your list of trusted domains.
-          </div>
-        `}
-        <div class="info-box">
-          <p>
-            <strong>What this means:</strong> ${targetDomain} will be able to verify your identity and whitelist status for the next 30 days. Your private key never leaves this page.
-          </p>
-        </div>
-        <div class="buttons">
-          <button onclick="window.approve()" class="approve-btn" id="approveBtn">
-            Approve for 30 Days
-          </button>
-          <button onclick="window.deny()" class="deny-btn">
-            Deny
-          </button>
-        </div>
-      `;
-    }
-    function formatScope(scopeStr) {
-      const labels = {
-        'whitelist:read': 'Read your whitelist status',
-        'whitelist:write': 'Modify whitelist settings',
-        'whitelist:admin': 'Full whitelist administration',
-        'delegation:create': 'Create sub-delegations'
-      };
-      return labels[scopeStr] || scopeStr;
-    }
-    window.approve = async function() {
-      const approveBtn = document.getElementById('approveBtn');
-      approveBtn.disabled = true;
-      approveBtn.textContent = 'Processing...';
-      try {
-        // Create delegation token
-        const token = await createDelegationToken({
-          domain: targetDomain,
-          scope: scope,
-          durationDays: 30
-        }, witness.wallet);
-        // Store in cookie for target domain
-        const cookieValue = encodeURIComponent(JSON.stringify(token));
-        const expires = new Date(token.delegation.expires).toUTCString();
-        // Set cookie with domain scope (leading dot allows subdomain sharing)
-        const baseDomain = getBaseDomain(targetDomain);
-        document.cookie =
-          `epistery_delegation=${cookieValue}; ` +
-          `Domain=.${baseDomain}; ` +
-          `Expires=${expires}; ` +
-          `Secure; ` +
-          `SameSite=Lax; ` +
-          `Path=/`;
-        // TODO: Update Merkle tree on-chain
-        // await updateDelegationTree(witness.wallet.rivetAddress, targetDomain);
-        // Redirect back to requesting site
-        window.location.href = decodeURIComponent(returnUrl);
-      } catch (error) {
-        console.error('Approval failed:', error);
-        alert(`Approval failed: ${error.message}`);
-        approveBtn.disabled = false;
-        approveBtn.textContent = 'Approve for 30 Days';
-      }
-    };
-    window.deny = function() {
-      // Redirect back without delegation
-      window.location.href = decodeURIComponent(returnUrl) + '?denied=1';
-    };
-    function getBaseDomain(hostname) {
-      // Extract base domain (e.g., "subdomain.example.com" → "example.com")
-      const parts = hostname.split('.');
-      if (parts.length >= 2) {
-        return parts.slice(-2).join('.');
-      }
-      return hostname;
-    }
-    // Initialize on load
-    init();
-  </script>
-</body>
-</html>

package/client/delegation.js DELETED Viewed

@@ -1,232 +0,0 @@
-/**
- * Epistery Delegation Module
- *
- * Handles creation and verification of delegation tokens for cross-subdomain authentication.
- * Allows rivet wallets to delegate signing authority to sister domains.
- */
-/**
- * Create a delegation token for a target domain
- *
- * @param {Object} options - Delegation options
- * @param {string} options.domain - Target domain (e.g., 'mydomain.com')
- * @param {string[]} options.scope - Permission scopes (e.g., ['whitelist:read'])
- * @param {number} options.durationDays - Token validity in days (default: 30)
- * @param {Object} wallet - Wallet object with rivetAddress and signing capability
- * @returns {Promise<Object>} Delegation token with signature
- */
-export async function createDelegationToken(options, wallet) {
-  const {
-    domain,
-    scope = ['whitelist:read'],
-    durationDays = 30
-  } = options;
-  if (!domain) {
-    throw new Error('Domain is required for delegation');
-  }
-  if (!wallet || !wallet.address) {
-    throw new Error('Wallet is required for delegation');
-  }
-  // Use rivet address if available (for identity contracts)
-  const rivetAddress = wallet.rivetAddress || wallet.address;
-  // Create delegation object
-  const delegation = {
-    issuer: window.location.hostname, // epistery.mydomain.com
-    subject: rivetAddress,
-    audience: domain,
-    scope: scope,
-    expires: Date.now() + (durationDays * 24 * 60 * 60 * 1000),
-    nonce: crypto.randomUUID(),
-    createdAt: Date.now(),
-    version: '1.0'
-  };
-  // Sign the delegation with rivet private key
-  const delegationString = JSON.stringify(delegation);
-  const messageBuffer = new TextEncoder().encode(delegationString);
-  let signature;
-  if (wallet.source === 'rivet' && typeof wallet.sign === 'function') {
-    // RivetWallet with sign() method
-    signature = await wallet.sign(delegationString, ethers);
-  } else if (wallet.source === 'rivet' && wallet.keyPair) {
-    // Legacy rivet key with keyPair
-    const signatureBuffer = await crypto.subtle.sign(
-      {
-        name: 'ECDSA',
-        hash: 'SHA-256'
-      },
-      wallet.keyPair.privateKey,
-      messageBuffer
-    );
-    signature = arrayBufferToHex(signatureBuffer);
-  } else if (wallet.signer) {
-    // Sign with ethers signer (web3/browser wallet)
-    const messageHash = ethers.utils.hashMessage(delegationString);
-    signature = await wallet.signer.signMessage(delegationString);
-  } else {
-    throw new Error('Wallet does not support signing');
-  }
-  // Store delegation in localStorage for this domain
-  const delegations = getDelegatedDomains();
-  if (!delegations.includes(domain)) {
-    delegations.push(domain);
-    saveDelegatedDomains(delegations);
-  }
-  return {
-    delegation,
-    signature,
-    publicKey: wallet.publicKey
-  };
-}
-/**
- * Verify a delegation token
- *
- * @param {Object} token - Token to verify
- * @param {string} expectedDomain - Expected audience domain
- * @returns {Promise<Object>} Verification result
- */
-export async function verifyDelegationToken(token, expectedDomain) {
-  try {
-    const { delegation, signature, publicKey } = token;
-    // 1. Check structure
-    if (!delegation || !signature) {
-      return { valid: false, error: 'Invalid token structure' };
-    }
-    // 2. Check expiration
-    if (Date.now() > delegation.expires) {
-      return { valid: false, error: 'Token expired' };
-    }
-    // 3. Check audience
-    if (expectedDomain && delegation.audience !== expectedDomain) {
-      return { valid: false, error: 'Audience mismatch' };
-    }
-    // 4. Verify signature
-    const delegationString = JSON.stringify(delegation);
-    const messageBuffer = new TextEncoder().encode(delegationString);
-    try {
-      // Import public key for verification
-      const publicKeyBuffer = hexToArrayBuffer(publicKey);
-      const cryptoKey = await crypto.subtle.importKey(
-        'spki',
-        publicKeyBuffer,
-        {
-          name: 'ECDSA',
-          namedCurve: 'P-256'
-        },
-        false,
-        ['verify']
-      );
-      const signatureBuffer = hexToArrayBuffer(signature);
-      const isValid = await crypto.subtle.verify(
-        {
-          name: 'ECDSA',
-          hash: 'SHA-256'
-        },
-        cryptoKey,
-        signatureBuffer,
-        messageBuffer
-      );
-      if (!isValid) {
-        return { valid: false, error: 'Invalid signature' };
-      }
-    } catch (error) {
-      // Fallback: try Ethereum signature recovery
-      try {
-        const recoveredAddress = ethers.utils.verifyMessage(delegationString, signature);
-        if (recoveredAddress.toLowerCase() !== delegation.subject.toLowerCase()) {
-          return { valid: false, error: 'Signature verification failed' };
-        }
-      } catch (e) {
-        return { valid: false, error: `Signature verification failed: ${error.message}` };
-      }
-    }
-    return {
-      valid: true,
-      rivetAddress: delegation.subject,
-      domain: delegation.audience,
-      scope: delegation.scope,
-      expires: delegation.expires
-    };
-  } catch (error) {
-    return { valid: false, error: error.message };
-  }
-}
-/**
- * Get list of delegated domains from localStorage
- */
-export function getDelegatedDomains() {
-  try {
-    const stored = localStorage.getItem('epistery_delegated_domains');
-    return stored ? JSON.parse(stored) : [];
-  } catch (e) {
-    return [];
-  }
-}
-/**
- * Save list of delegated domains to localStorage
- */
-function saveDelegatedDomains(domains) {
-  try {
-    localStorage.setItem('epistery_delegated_domains', JSON.stringify(domains));
-  } catch (e) {
-    console.error('Failed to save delegated domains:', e);
-  }
-}
-/**
- * Revoke delegation for a domain
- */
-export function revokeDelegation(domain) {
-  const delegations = getDelegatedDomains();
-  const filtered = delegations.filter(d => d !== domain);
-  saveDelegatedDomains(filtered);
-  // TODO: Update Merkle tree on-chain
-}
-/**
- * Helper: Convert ArrayBuffer to hex string
- */
-function arrayBufferToHex(buffer) {
-  return Array.from(new Uint8Array(buffer))
-    .map(b => b.toString(16).padStart(2, '0'))
-    .join('');
-}
-/**
- * Helper: Convert hex string to ArrayBuffer
- */
-function hexToArrayBuffer(hex) {
-  const bytes = new Uint8Array(hex.length / 2);
-  for (let i = 0; i < hex.length; i += 2) {
-    bytes[i / 2] = parseInt(hex.substr(i, 2), 16);
-  }
-  return bytes.buffer;
-}
-export default {
-  createDelegationToken,
-  verifyDelegationToken,
-  getDelegatedDomains,
-  revokeDelegation
-};