javascript-solid-server 0.0.101 → 0.0.102

package/README.md

@@ -1162,7 +1162,7 @@ npm run benchmark
 npm test
 ```
 
-Currently passing: **279 tests** (including 27 conformance tests)
+Currently passing: **289 tests** (including 27 conformance tests)
 
 ### Conformance Test Harness (CTH)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "javascript-solid-server",
-  "version": "0.0.101",
+  "version": "0.0.102",
   "description": "A minimal, fast Solid server",
   "main": "src/index.js",
   "type": "module",

package/src/handlers/pay.js

@@ -21,10 +21,35 @@
 
 import { getNostrPubkey, pubkeyToDidNostr } from '../auth/nostr.js';
 import { readLedger, writeLedger, getBalance, credit, debit } from '../webledger.js';
-import { verifyMrc20Deposit } from '../mrc20.js';
+import { verifyMrc20Deposit, verifyMrc20Anchor, jcs } from '../mrc20.js';
+import fs from 'fs-extra';
+import path from 'path';
 
 const DEFAULT_COST = 1; // satoshis per request
 
+// --- Replay protection ---
+const replayFile = () => path.join(process.env.DATA_ROOT || './data', '.well-known/webledgers/replay.json');
+
+async function loadReplaySet() {
+  try {
+    const data = await fs.readFile(replayFile(), 'utf8');
+    return new Set(JSON.parse(data));
+  } catch { return new Set(); }
+}
+
+async function saveReplaySet(set) {
+  await fs.ensureDir(path.dirname(replayFile()));
+  await fs.writeFile(replayFile(), JSON.stringify([...set]));
+}
+
+async function checkAndRecordState(stateHash) {
+  const seen = await loadReplaySet();
+  if (seen.has(stateHash)) return false; // replay!
+  seen.add(stateHash);
+  await saveReplaySet(seen);
+  return true;
+}
+
 // --- Deposit verification via mempool API ---
 
 async function verifySatsDeposit(txoUri, mempoolUrl) {
@@ -88,11 +113,11 @@ function parseDepositBody(body) {
 function classifyDepositObject(obj) {
   // Explicit type field
   if (obj.type === 'mrc20' && obj.state && obj.prevState) {
-    return { type: 'mrc20', state: obj.state, prevState: obj.prevState };
+    return { type: 'mrc20', state: obj.state, prevState: obj.prevState, anchor: obj.anchor };
   }
   // Auto-detect: if it has state + prevState with MRC20 profile
   if (obj.state?.profile === 'mono.mrc20.v0.1' && obj.prevState) {
-    return { type: 'mrc20', state: obj.state, prevState: obj.prevState };
+    return { type: 'mrc20', state: obj.state, prevState: obj.prevState, anchor: obj.anchor };
   }
   // Fall back to TXO URI in .txo field
   if (obj.txo) {
@@ -160,11 +185,34 @@ export function createPayHandler(options = {}) {
           });
         }
 
-        const result = verifyMrc20Deposit({
-          state: deposit.state,
-          prevState: deposit.prevState,
-          toAddress: payAddress
-        });
+        // Replay protection: reject duplicate state hashes
+        const stateHash = jcs(deposit.state);
+        const isNew = await checkAndRecordState(stateHash);
+        if (!isNew) {
+          return reply.code(400).send({ error: 'Replay: this state has already been used for a deposit' });
+        }
+
+        let result;
+
+        // Anchor verification (if anchor data provided)
+        if (deposit.anchor && deposit.anchor.pubkey && deposit.anchor.stateStrings) {
+          result = await verifyMrc20Anchor({
+            state: deposit.state,
+            prevState: deposit.prevState,
+            toAddress: payAddress,
+            pubkey: deposit.anchor.pubkey,
+            stateStrings: deposit.anchor.stateStrings,
+            mempoolUrl,
+            network: deposit.anchor.network || 'testnet4'
+          });
+        } else {
+          // Fallback: verify chain integrity only (no anchor check)
+          result = verifyMrc20Deposit({
+            state: deposit.state,
+            prevState: deposit.prevState,
+            toAddress: payAddress
+          });
+        }
 
         if (!result.valid) {
           return reply.code(400).send({ error: result.error });
@@ -180,7 +228,8 @@ export function createPayHandler(options = {}) {
           deposited: result.amount,
           ticker: result.ticker,
           balance: newBalance,
-          unit: 'token'
+          unit: 'token',
+          ...(result.address ? { anchor: result.address } : {})
         });
       }
 

package/src/mrc20.js

@@ -13,10 +13,16 @@
  */
 
 import crypto from 'crypto';
+import { secp256k1 } from '@noble/curves/secp256k1';
 
 const MRC20_PROFILE = 'mono.mrc20.v0.1';
 const TRANSFER_OP = 'urn:mono:op:transfer';
 
+// --- BIP-341 key chaining constants ---
+const SECP_N = BigInt('0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141');
+const BECH32_CHARSET = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l';
+const BECH32M = 0x2bc830a3;
+
 /**
  * JSON Canonicalization Scheme (RFC 8785)
  * Produces deterministic JSON — sorted keys, no whitespace.
@@ -144,3 +150,186 @@ export function verifyMrc20Deposit(params) {
     ticker: state.ticker || 'UNKNOWN'
   };
 }
+
+// --- BIP-341 key chaining (blocktrails anchor verification) ---
+
+function sha256Bytes(data) {
+  const buf = data instanceof Uint8Array ? Buffer.from(data) : Buffer.from(data, 'utf8');
+  return new Uint8Array(crypto.createHash('sha256').update(buf).digest());
+}
+
+function concatBytes(...arrays) {
+  const total = arrays.reduce((s, a) => s + a.length, 0);
+  const result = new Uint8Array(total);
+  let off = 0;
+  for (const a of arrays) { result.set(a, off); off += a.length; }
+  return result;
+}
+
+function bytesToBigInt(bytes) {
+  let r = 0n;
+  for (const b of bytes) r = (r << 8n) | BigInt(b);
+  return r;
+}
+
+function hexToU8(hex) {
+  const bytes = new Uint8Array(hex.length / 2);
+  for (let i = 0; i < bytes.length; i++) bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);
+  return bytes;
+}
+
+function bytesToHex(bytes) {
+  return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
+}
+
+function taggedHash(tag, ...msgs) {
+  const tagHash = sha256Bytes(Buffer.from(tag, 'utf8'));
+  return sha256Bytes(concatBytes(tagHash, tagHash, ...msgs));
+}
+
+function btScalar(pubkeyCompressed, state) {
+  const xOnly = pubkeyCompressed.slice(1);
+  const stateBytes = typeof state === 'string' ? Buffer.from(state, 'utf8') : state;
+  const sh = sha256Bytes(stateBytes);
+  return bytesToBigInt(taggedHash('TapTweak', xOnly, sh)) % SECP_N;
+}
+
+function btDeriveChainedPubkey(pubkeyBase, states) {
+  let P = secp256k1.ProjectivePoint.fromHex(bytesToHex(pubkeyBase));
+  let cur = pubkeyBase;
+  for (const s of states) {
+    const t = btScalar(cur, s);
+    P = P.add(secp256k1.ProjectivePoint.BASE.multiply(t));
+    cur = new Uint8Array(P.toRawBytes(true));
+  }
+  return cur;
+}
+
+// --- Bech32m encoding ---
+
+function convertBits(data, from, to, pad) {
+  let acc = 0, bits = 0;
+  const ret = [], maxv = (1 << to) - 1;
+  for (const v of data) {
+    acc = (acc << from) | v;
+    bits += from;
+    while (bits >= to) { bits -= to; ret.push((acc >> bits) & maxv); }
+  }
+  if (pad && bits > 0) ret.push((acc << (to - bits)) & maxv);
+  return ret;
+}
+
+function hrpExpand(hrp) {
+  const r = [];
+  for (const c of hrp) r.push(c.charCodeAt(0) >> 5);
+  r.push(0);
+  for (const c of hrp) r.push(c.charCodeAt(0) & 31);
+  return r;
+}
+
+function polymod(values) {
+  const GEN = [0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3];
+  let chk = 1;
+  for (const v of values) {
+    const b = chk >> 25;
+    chk = ((chk & 0x1ffffff) << 5) ^ v;
+    for (let i = 0; i < 5; i++) if ((b >> i) & 1) chk ^= GEN[i];
+  }
+  return chk;
+}
+
+function bech32mEncode(hrp, version, program) {
+  const conv = convertBits(program, 8, 5, true);
+  const values = [version, ...conv];
+  const enc = [...hrpExpand(hrp), ...values, 0, 0, 0, 0, 0, 0];
+  const mod = polymod(enc) ^ BECH32M;
+  const checksum = [0, 1, 2, 3, 4, 5].map(i => (mod >> (5 * (5 - i))) & 31);
+  let result = hrp + '1';
+  for (const v of [...values, ...checksum]) result += BECH32_CHARSET[v];
+  return result;
+}
+
+/**
+ * Derive the taproot address for a state chain
+ * @param {string} pubkeyHex - Issuer's compressed pubkey (66-char hex)
+ * @param {string[]} states - JCS-encoded state strings
+ * @param {string} [network='testnet4'] - 'testnet4' or 'mainnet'
+ * @returns {string} Bech32m taproot address
+ */
+export function btAddress(pubkeyHex, states, network = 'testnet4') {
+  const pubkeyBase = hexToU8(pubkeyHex);
+  const P = btDeriveChainedPubkey(pubkeyBase, states);
+  const xOnly = P.slice(1);
+  const hrp = network === 'mainnet' ? 'bc' : 'tb';
+  return bech32mEncode(hrp, 1, xOnly);
+}
+
+/**
+ * Verify that an MRC20 state is anchored to a Bitcoin UTXO
+ * @param {object} params
+ * @param {object} params.state - Current state with transfer ops
+ * @param {object} params.prevState - Previous state (chain verification)
+ * @param {string} params.toAddress - Pod's address for transfer verification
+ * @param {string} params.pubkey - Issuer's compressed pubkey (66-char hex)
+ * @param {string[]} params.stateStrings - All JCS state strings (genesis to current)
+ * @param {string} [params.mempoolUrl] - Mempool API base URL
+ * @param {string} [params.network] - 'testnet4' or 'mainnet'
+ * @returns {Promise<{valid: boolean, amount?: number, ticker?: string, address?: string, error?: string}>}
+ */
+export async function verifyMrc20Anchor(params) {
+  const {
+    state, prevState, toAddress, pubkey, stateStrings,
+    mempoolUrl = 'https://mempool.space/testnet4',
+    network = 'testnet4'
+  } = params;
+
+  // 1. Standard deposit verification (chain integrity + transfers)
+  const depositCheck = verifyMrc20Deposit({ state, prevState, toAddress });
+  if (!depositCheck.valid) return depositCheck;
+
+  // 2. Verify stateStrings is provided and non-empty
+  if (!Array.isArray(stateStrings) || stateStrings.length === 0) {
+    return { valid: false, amount: 0, error: 'stateStrings required for anchor verification' };
+  }
+
+  // 3. Verify pubkey is provided
+  if (!pubkey || typeof pubkey !== 'string' || pubkey.length !== 66) {
+    return { valid: false, amount: 0, error: 'pubkey must be a 66-char compressed pubkey hex' };
+  }
+
+  // 4. Verify the last stateString matches the current state
+  const currentJcs = jcs(state);
+  const lastStateString = stateStrings[stateStrings.length - 1];
+  if (currentJcs !== lastStateString) {
+    return { valid: false, amount: 0, error: 'Last stateString does not match JCS(state)' };
+  }
+
+  // 5. Derive expected taproot address
+  let address;
+  try {
+    address = btAddress(pubkey, stateStrings, network);
+  } catch (err) {
+    return { valid: false, amount: 0, error: `Key derivation failed: ${err.message}` };
+  }
+
+  // 6. Query mempool for UTXO at derived address
+  try {
+    const resp = await fetch(`${mempoolUrl}/api/address/${address}/utxo`);
+    if (!resp.ok) {
+      return { valid: false, amount: 0, error: `Mempool API error: ${resp.status}` };
+    }
+    const utxos = await resp.json();
+    if (!Array.isArray(utxos) || utxos.length === 0) {
+      return { valid: false, amount: 0, error: `No UTXO at derived address ${address}` };
+    }
+  } catch (err) {
+    return { valid: false, amount: 0, error: `Mempool lookup failed: ${err.message}` };
+  }
+
+  return {
+    valid: true,
+    amount: depositCheck.amount,
+    ticker: depositCheck.ticker,
+    address
+  };
+}

package/test/mrc20.test.js

@@ -11,8 +11,11 @@ import {
   validateMrc20State,
   extractTransfersTo,
   totalTransferredTo,
-  verifyMrc20Deposit
+  verifyMrc20Deposit,
+  btAddress,
+  verifyMrc20Anchor
 } from '../src/mrc20.js';
+import { secp256k1 } from '@noble/curves/secp256k1';
 
 const PROFILE = 'mono.mrc20.v0.1';
 
@@ -234,4 +237,107 @@ describe('MRC20 Verification', () => {
       assert.strictEqual(result.amount, 150);
     });
   });
+
+  describe('btAddress', () => {
+    // Use a known keypair for deterministic tests
+    const testPriv = Buffer.alloc(32, 1); // 0x0101...01
+    const testPub = Buffer.from(secp256k1.getPublicKey(testPriv, true)).toString('hex');
+
+    it('should derive a valid testnet bech32m address', () => {
+      const addr = btAddress(testPub, ['state0'], 'testnet4');
+      assert.ok(addr.startsWith('tb1p'), `Expected tb1p prefix, got ${addr}`);
+      assert.ok(addr.length >= 62, `Address too short: ${addr.length}`);
+    });
+
+    it('should derive a valid mainnet bech32m address', () => {
+      const addr = btAddress(testPub, ['state0'], 'mainnet');
+      assert.ok(addr.startsWith('bc1p'), `Expected bc1p prefix, got ${addr}`);
+    });
+
+    it('should be deterministic', () => {
+      const a1 = btAddress(testPub, ['s1', 's2']);
+      const a2 = btAddress(testPub, ['s1', 's2']);
+      assert.strictEqual(a1, a2);
+    });
+
+    it('should produce different addresses for different states', () => {
+      const a1 = btAddress(testPub, ['state-a']);
+      const a2 = btAddress(testPub, ['state-b']);
+      assert.notStrictEqual(a1, a2);
+    });
+
+    it('should produce different addresses for different pubkeys', () => {
+      const priv2 = Buffer.alloc(32, 2);
+      const pub2 = Buffer.from(secp256k1.getPublicKey(priv2, true)).toString('hex');
+      const a1 = btAddress(testPub, ['state']);
+      const a2 = btAddress(pub2, ['state']);
+      assert.notStrictEqual(a1, a2);
+    });
+
+    it('should chain multiple states', () => {
+      const a1 = btAddress(testPub, ['s1']);
+      const a2 = btAddress(testPub, ['s1', 's2']);
+      assert.notStrictEqual(a1, a2);
+    });
+  });
+
+  describe('verifyMrc20Anchor', () => {
+    const testPriv = Buffer.alloc(32, 1);
+    const testPub = Buffer.from(secp256k1.getPublicKey(testPriv, true)).toString('hex');
+
+    it('should reject missing stateStrings', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub, stateStrings: []
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('stateStrings'));
+    });
+
+    it('should reject bad pubkey', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: 'short', stateStrings: [jcs(state)]
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('pubkey'));
+    });
+
+    it('should reject mismatched last stateString', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub, stateStrings: ['wrong-jcs']
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('Last stateString'));
+    });
+
+    it('should reject when no UTXO exists (mempool returns empty)', async () => {
+      const { prevState, state } = createStatePair(
+        [{ op: 'urn:mono:op:transfer', from: 'user', to: 'pod', amt: 100 }],
+        'pod'
+      );
+      // Use a fake mempool URL that will fail
+      const result = await verifyMrc20Anchor({
+        state, prevState, toAddress: 'pod',
+        pubkey: testPub,
+        stateStrings: [jcs(prevState), jcs(state)],
+        mempoolUrl: 'http://127.0.0.1:1' // will fail to connect
+      });
+      assert.strictEqual(result.valid, false);
+      assert.ok(result.error.includes('Mempool') || result.error.includes('failed'));
+    });
+  });
 });