npm - javascript-solid-server - Versions diffs - 0.0.101 → 0.0.102 - Mend

javascript-solid-server 0.0.101 → 0.0.102

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -1162,7 +1162,7 @@ npm run benchmark
 npm test
 ```
-Currently passing: **279 tests** (including 27 conformance tests)
+Currently passing: **289 tests** (including 27 conformance tests)
 ### Conformance Test Harness (CTH)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.101",
+  "version": "0.0.102",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/handlers/pay.js CHANGED Viewed

@@ -21,10 +21,35 @@
 import { getNostrPubkey, pubkeyToDidNostr } from '../auth/nostr.js';
 import { readLedger, writeLedger, getBalance, credit, debit } from '../webledger.js';
-import { verifyMrc20Deposit } from '../mrc20.js';
+import { verifyMrc20Deposit, verifyMrc20Anchor, jcs } from '../mrc20.js';
+import fs from 'fs-extra';
+import path from 'path';
 const DEFAULT_COST = 1; // satoshis per request
+// --- Replay protection ---
+const replayFile = () => path.join(process.env.DATA_ROOT || './data', '.well-known/webledgers/replay.json');
+async function loadReplaySet() {
+  try {
+    const data = await fs.readFile(replayFile(), 'utf8');
+    return new Set(JSON.parse(data));
+  } catch { return new Set(); }
+}
+async function saveReplaySet(set) {
+  await fs.ensureDir(path.dirname(replayFile()));
+  await fs.writeFile(replayFile(), JSON.stringify([...set]));
+}
+async function checkAndRecordState(stateHash) {
+  const seen = await loadReplaySet();
+  if (seen.has(stateHash)) return false; // replay!
+  seen.add(stateHash);
+  await saveReplaySet(seen);
+  return true;
+}
 // --- Deposit verification via mempool API ---
 async function verifySatsDeposit(txoUri, mempoolUrl) {
@@ -88,11 +113,11 @@ function parseDepositBody(body) {
 function classifyDepositObject(obj) {
   // Explicit type field
   if (obj.type === 'mrc20' && obj.state && obj.prevState) {
-    return { type: 'mrc20', state: obj.state, prevState: obj.prevState };
+    return { type: 'mrc20', state: obj.state, prevState: obj.prevState, anchor: obj.anchor };
   }
   // Auto-detect: if it has state + prevState with MRC20 profile
   if (obj.state?.profile === 'mono.mrc20.v0.1' && obj.prevState) {
-    return { type: 'mrc20', state: obj.state, prevState: obj.prevState };
+    return { type: 'mrc20', state: obj.state, prevState: obj.prevState, anchor: obj.anchor };
   }
   // Fall back to TXO URI in .txo field
   if (obj.txo) {
@@ -160,11 +185,34 @@ export function createPayHandler(options = {}) {
           });
         }
-        const result = verifyMrc20Deposit({
-          state: deposit.state,
-          prevState: deposit.prevState,
-          toAddress: payAddress
-        });
+        // Replay protection: reject duplicate state hashes
+        const stateHash = jcs(deposit.state);
+        const isNew = await checkAndRecordState(stateHash);
+        if (!isNew) {
+          return reply.code(400).send({ error: 'Replay: this state has already been used for a deposit' });
+        }
+        let result;
+        // Anchor verification (if anchor data provided)
+        if (deposit.anchor && deposit.anchor.pubkey && deposit.anchor.stateStrings) {
+          result = await verifyMrc20Anchor({
+            state: deposit.state,
+            prevState: deposit.prevState,
+            toAddress: payAddress,
+            pubkey: deposit.anchor.pubkey,
+            stateStrings: deposit.anchor.stateStrings,
+            mempoolUrl,
+            network: deposit.anchor.network || 'testnet4'
+          });
+        } else {
+          // Fallback: verify chain integrity only (no anchor check)
+          result = verifyMrc20Deposit({
+            state: deposit.state,
+            prevState: deposit.prevState,
+            toAddress: payAddress
+          });
+        }
         if (!result.valid) {
           return reply.code(400).send({ error: result.error });
@@ -180,7 +228,8 @@ export function createPayHandler(options = {}) {
           deposited: result.amount,
           ticker: result.ticker,
           balance: newBalance,
-          unit: 'token'
+          unit: 'token',
+          ...(result.address ? { anchor: result.address } : {})
         });
       }

package/src/mrc20.js CHANGED Viewed

@@ -13,10 +13,16 @@
  */
 import crypto from 'crypto';
+import { secp256k1 } from '@noble/curves/secp256k1';
 const MRC20_PROFILE = 'mono.mrc20.v0.1';
 const TRANSFER_OP = 'urn:mono:op:transfer';
+// --- BIP-341 key chaining constants ---
+const SECP_N = BigInt('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141');
+const BECH32_CHARSET = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l';
+const BECH32M = 0x2bc830a3;
 /**
  * JSON Canonicalization Scheme (RFC 8785)
  * Produces deterministic JSON — sorted keys, no whitespace.
@@ -144,3 +150,186 @@ export function verifyMrc20Deposit(params) {
     ticker: state.ticker || 'UNKNOWN'
   };
 }
+// --- BIP-341 key chaining (blocktrails anchor verification) ---
+function sha256Bytes(data) {
+  const buf = data instanceof Uint8Array ? Buffer.from(data) : Buffer.from(data, 'utf8');
+  return new Uint8Array(crypto.createHash('sha256').update(buf).digest());
+}
+function concatBytes(...arrays) {
+  const total = arrays.reduce((s, a) => s + a.length, 0);
+  const result = new Uint8Array(total);
+  let off = 0;
+  for (const a of arrays) { result.set(a, off); off += a.length; }
+  return result;
+}
+function bytesToBigInt(bytes) {
+  let r = 0n;
+  for (const b of bytes) r = (r << 8n) | BigInt(b);
+  return r;
+}
+function hexToU8(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  return bytes;
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+function taggedHash(tag, ...msgs) {
+  const tagHash = sha256Bytes(Buffer.from(tag, 'utf8'));
+  return sha256Bytes(concatBytes(tagHash, tagHash, ...msgs));
+}
+function btScalar(pubkeyCompressed, state) {
+  const xOnly = pubkeyCompressed.slice(1);
+  const stateBytes = typeof state === 'string' ? Buffer.from(state, 'utf8') : state;
+  const sh = sha256Bytes(stateBytes);
+  return bytesToBigInt(taggedHash('TapTweak', xOnly, sh)) % SECP_N;
+}
+function btDeriveChainedPubkey(pubkeyBase, states) {
+  let P = secp256k1.ProjectivePoint.fromHex(bytesToHex(pubkeyBase));
+  let cur = pubkeyBase;
+  for (const s of states) {
+    const t = btScalar(cur, s);
+    P = P.add(secp256k1.ProjectivePoint.BASE.multiply(t));
+    cur = new Uint8Array(P.toRawBytes(true));
+  }
+  return cur;
+}
+// --- Bech32m encoding ---
+function convertBits(data, from, to, pad) {
+  let acc = 0, bits = 0;
+  const ret = [], maxv = (1 << to) - 1;
+  for (const v of data) {
+    acc = (acc << from) | v;
+    bits += from;
+    while (bits >= to) { bits -= to; ret.push((acc >> bits) & maxv); }
+  }
+  if (pad && bits > 0) ret.push((acc << (to - bits)) & maxv);
+  return ret;
+}
+function hrpExpand(hrp) {
+  const r = [];
+  for (const c of hrp) r.push(c.charCodeAt(0) >> 5);
+  r.push(0);
+  for (const c of hrp) r.push(c.charCodeAt(0) & 31);
+  return r;
+}
+function polymod(values) {
+  const GEN = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
+  let chk = 1;
+  for (const v of values) {
+    const b = chk >> 25;
+    chk = ((chk & 0x1ffffff) << 5) ^ v;
+    for (let i = 0; i < 5; i++) if ((b >> i) & 1) chk ^= GEN[i];
+  }
+  return chk;
+}
+function bech32mEncode(hrp, version, program) {
+  const conv = convertBits(program, 8, 5, true);
+  const values = [version, ...conv];
+  const enc = [...hrpExpand(hrp), ...values, 0, 0, 0, 0, 0, 0];
+  const mod = polymod(enc) ^ BECH32M;
+  const checksum = [0, 1, 2, 3, 4, 5].map(i => (mod >> (5 * (5 - i))) & 31);
+  let result = hrp + '1';
+  for (const v of [...values, ...checksum]) result += BECH32_CHARSET[v];
+  return result;
+}
+/**
+ * Derive the taproot address for a state chain
+ * @param {string} pubkeyHex - Issuer's compressed pubkey (66-char hex)
+ * @param {string[]} states - JCS-encoded state strings
+ * @param {string} [network='testnet4'] - 'testnet4' or 'mainnet'
+ * @returns {string} Bech32m taproot address
+ */
+export function btAddress(pubkeyHex, states, network = 'testnet4') {
+  const pubkeyBase = hexToU8(pubkeyHex);
+  const P = btDeriveChainedPubkey(pubkeyBase, states);
+  const xOnly = P.slice(1);
+  const hrp = network === 'mainnet' ? 'bc' : 'tb';
+  return bech32mEncode(hrp, 1, xOnly);
+}
+/**
+ * Verify that an MRC20 state is anchored to a Bitcoin UTXO
+ * @param {object} params
+ * @param {object} params.state - Current state with transfer ops
+ * @param {object} params.prevState - Previous state (chain verification)
+ * @param {string} params.toAddress - Pod's address for transfer verification
+ * @param {string} params.pubkey - Issuer's compressed pubkey (66-char hex)
+ * @param {string[]} params.stateStrings - All JCS state strings (genesis to current)
+ * @param {string} [params.mempoolUrl] - Mempool API base URL
+ * @param {string} [params.network] - 'testnet4' or 'mainnet'
+ * @returns {Promise<{valid: boolean, amount?: number, ticker?: string, address?: string, error?: string}>}
+ */
+export async function verifyMrc20Anchor(params) {
+  const {
+    state, prevState, toAddress, pubkey, stateStrings,
+    mempoolUrl = 'https://mempool.space/testnet4',
+    network = 'testnet4'
+  } = params;
+  // 1. Standard deposit verification (chain integrity + transfers)
+  const depositCheck = verifyMrc20Deposit({ state, prevState, toAddress });
+  if (!depositCheck.valid) return depositCheck;
+  // 2. Verify stateStrings is provided and non-empty
+  if (!Array.isArray(stateStrings) || stateStrings.length === 0) {
+    return { valid: false, amount: 0, error: 'stateStrings required for anchor verification' };
+  }
+  // 3. Verify pubkey is provided
+  if (!pubkey || typeof pubkey !== 'string' || pubkey.length !== 66) {
+    return { valid: false, amount: 0, error: 'pubkey must be a 66-char compressed pubkey hex' };
+  }
+  // 4. Verify the last stateString matches the current state
+  const currentJcs = jcs(state);
+  const lastStateString = stateStrings[stateStrings.length - 1];
+  if (currentJcs !== lastStateString) {
+    return { valid: false, amount: 0, error: 'Last stateString does not match JCS(state)' };
+  }
+  // 5. Derive expected taproot address
+  let address;
+  try {
+    address = btAddress(pubkey, stateStrings, network);
+  } catch (err) {
+    return { valid: false, amount: 0, error: `Key derivation failed: ${err.message}` };
+  }
+  // 6. Query mempool for UTXO at derived address
+  try {
+    const resp = await fetch(`${mempoolUrl}/api/address/${address}/utxo`);
+    if (!resp.ok) {
+      return { valid: false, amount: 0, error: `Mempool API error: ${resp.status}` };
+    }
+    const utxos = await resp.json();
+    if (!Array.isArray(utxos) || utxos.length === 0) {
+      return { valid: false, amount: 0, error: `No UTXO at derived address ${address}` };
+    }
+  } catch (err) {
+    return { valid: false, amount: 0, error: `Mempool lookup failed: ${err.message}` };
+  }
+  return {
+    valid: true,
+    amount: depositCheck.amount,
+    ticker: depositCheck.ticker,
+    address
+  };
+}

package/test/mrc20.test.js CHANGED Viewed

@@ -11,8 +11,11 @@ import {
   validateMrc20State,
   extractTransfersTo,
   totalTransferredTo,
-  verifyMrc20Deposit
+  verifyMrc20Deposit,
+  btAddress,
+  verifyMrc20Anchor
 } from '../src/mrc20.js';
+import { secp256k1 } from '@noble/curves/secp256k1';
 const PROFILE = 'mono.mrc20.v0.1';
@@ -234,4 +237,107 @@ describe('MRC20 Verification', () => {
       assert.strictEqual(result.amount, 150);
     });
   });
+  describe('btAddress', () => {
+    // Use a known keypair for deterministic tests
+    const testPriv = Buffer.alloc(32, 1); // 0x0101...01
+    const testPub = Buffer.from(secp256k1.getPublicKey(testPriv, true)).toString('hex');
+    it('should derive a valid testnet bech32m address', () => {
+      const addr = btAddress(testPub, ['state0'], 'testnet4');
+      assert.ok(addr.startsWith('tb1p'), `Expected tb1p prefix, got ${addr}`);
+      assert.ok(addr.length >= 62, `Address too short: ${addr.length}`);
+    });
+    it('should derive a valid mainnet bech32m address', () => {
+      const addr = btAddress(testPub, ['state0'], 'mainnet');
+      assert.ok(addr.startsWith('bc1p'), `Expected bc1p prefix, got ${addr}`);
+    });
+    it('should be deterministic', () => {
+      const a1 = btAddress(testPub, ['s1', 's2']);
+      const a2 = btAddress(testPub, ['s1', 's2']);
+      assert.strictEqual(a1, a2);
+    });
+    it('should produce different addresses for different states', () => {
+      const a1 = btAddress(testPub, ['state-a']);
+      const a2 = btAddress(testPub, ['state-b']);
+      assert.notStrictEqual(a1, a2);
+    });
+    it('should produce different addresses for different pubkeys', () => {
+      const priv2 = Buffer.alloc(32, 2);
+      const pub2 = Buffer.from(secp256k1.getPublicKey(priv2, true)).toString('hex');
+      const a1 = btAddress(testPub, ['state']);
+      const a2 = btAddress(pub2, ['state']);
+      assert.notStrictEqual(a1, a2);
+    });
+    it('should chain multiple states', () => {
+      const a1 = btAddress(testPub, ['s1']);
+      const a2 = btAddress(testPub, ['s1', 's2']);
+      assert.notStrictEqual(a1, a2);
+    });
+  });
+  describe('verifyMrc20Anchor', () => {
+    const testPriv = Buffer.alloc(32, 1);
+    const testPub = Buffer.from(secp256k1.getPublicKey(testPriv, true)).toString('hex');
+    it('should reject missing stateStrings', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub, stateStrings: []
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('stateStrings'));
+    });
+    it('should reject bad pubkey', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: 'short', stateStrings: [jcs(state)]
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('pubkey'));
+    });
+    it('should reject mismatched last stateString', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub, stateStrings: ['wrong-jcs']
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('Last stateString'));
+    });
+    it('should reject when no UTXO exists (mempool returns empty)', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      // Use a fake mempool URL that will fail
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub,
+        stateStrings: [jcs(prevState), jcs(state)],
+        mempoolUrl: 'http://127.0.0.1:1' // will fail to connect
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('Mempool') || result.error.includes('failed'));
+    });
+  });
 });