kentucky-signer-viem 0.1.0

package/dist/react/index.mjs

@@ -0,0 +1,791 @@
+// src/react/context.tsx
+import {
+  createContext,
+  useContext,
+  useState,
+  useCallback,
+  useEffect,
+  useMemo
+} from "react";
+
+// src/client.ts
+var KentuckySignerError = class extends Error {
+  constructor(message, code, details) {
+    super(message);
+    this.code = code;
+    this.details = details;
+    this.name = "KentuckySignerError";
+  }
+};
+var KentuckySignerClient = class {
+  constructor(options) {
+    this.baseUrl = options.baseUrl.replace(/\/$/, "");
+    this.fetchImpl = options.fetch ?? globalThis.fetch;
+    this.timeout = options.timeout ?? 3e4;
+  }
+  /**
+   * Make an authenticated request to the API
+   */
+  async request(path, options = {}) {
+    const { token, ...fetchOptions } = options;
+    const headers = {
+      "Content-Type": "application/json",
+      ...options.headers
+    };
+    if (token) {
+      ;
+      headers["Authorization"] = `Bearer ${token}`;
+    }
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+    try {
+      const response = await this.fetchImpl(`${this.baseUrl}${path}`, {
+        ...fetchOptions,
+        headers,
+        signal: controller.signal
+      });
+      const data = await response.json();
+      if (!response.ok || data.success === false) {
+        const error = data;
+        throw new KentuckySignerError(
+          error.error?.message ?? "Unknown error",
+          error.error?.code ?? "UNKNOWN_ERROR",
+          error.error?.details
+        );
+      }
+      return data;
+    } finally {
+      clearTimeout(timeoutId);
+    }
+  }
+  /**
+   * Get a challenge for passkey authentication
+   *
+   * @param accountId - Account ID to authenticate
+   * @returns Challenge response with 32-byte challenge
+   */
+  async getChallenge(accountId) {
+    return this.request("/api/auth/challenge", {
+      method: "POST",
+      body: JSON.stringify({ account_id: accountId })
+    });
+  }
+  /**
+   * Authenticate with a passkey credential
+   *
+   * @param accountId - Account ID to authenticate
+   * @param credential - WebAuthn credential from navigator.credentials.get()
+   * @returns Authentication response with JWT token
+   */
+  async authenticatePasskey(accountId, credential) {
+    return this.request("/api/auth/passkey", {
+      method: "POST",
+      body: JSON.stringify({
+        account_id: accountId,
+        credential_id: credential.credentialId,
+        client_data_json: credential.clientDataJSON,
+        authenticator_data: credential.authenticatorData,
+        signature: credential.signature,
+        user_handle: credential.userHandle
+      })
+    });
+  }
+  /**
+   * Refresh an authentication token
+   *
+   * @param token - Current JWT token
+   * @returns New authentication response with fresh token
+   */
+  async refreshToken(token) {
+    return this.request("/api/auth/refresh", {
+      method: "POST",
+      token
+    });
+  }
+  /**
+   * Logout and invalidate token
+   *
+   * @param token - JWT token to invalidate
+   */
+  async logout(token) {
+    await this.request("/api/auth/logout", {
+      method: "POST",
+      token
+    });
+  }
+  /**
+   * Get account information
+   *
+   * @param accountId - Account ID
+   * @param token - JWT token
+   * @returns Account info with addresses and passkeys
+   */
+  async getAccountInfo(accountId, token) {
+    return this.request(`/api/accounts/${accountId}`, {
+      method: "GET",
+      token
+    });
+  }
+  /**
+   * Check if an account exists
+   *
+   * @param accountId - Account ID
+   * @param token - JWT token
+   * @returns True if account exists
+   */
+  async accountExists(accountId, token) {
+    try {
+      await this.request(`/api/accounts/${accountId}`, {
+        method: "HEAD",
+        token
+      });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Sign an EVM transaction hash
+   *
+   * @param request - Sign request with tx_hash and chain_id
+   * @param token - JWT token
+   * @returns Signature response with r, s, v components
+   */
+  async signEvmTransaction(request, token) {
+    return this.request("/api/sign/evm", {
+      method: "POST",
+      token,
+      body: JSON.stringify(request)
+    });
+  }
+  /**
+   * Sign a raw hash for EVM
+   *
+   * Convenience method that wraps signEvmTransaction.
+   *
+   * @param hash - 32-byte hash to sign (hex encoded with 0x prefix)
+   * @param chainId - Chain ID
+   * @param token - JWT token
+   * @returns Full signature (hex encoded with 0x prefix)
+   */
+  async signHash(hash, chainId, token) {
+    const response = await this.signEvmTransaction(
+      { tx_hash: hash, chain_id: chainId },
+      token
+    );
+    return response.signature.full;
+  }
+  /**
+   * Create a new account with passkey authentication
+   *
+   * @param credential - WebAuthn credential from navigator.credentials.create()
+   * @returns Account creation response with account ID and addresses
+   */
+  async createAccountWithPasskey(credential) {
+    return this.request("/api/accounts/create/passkey", {
+      method: "POST",
+      body: JSON.stringify({
+        credential_id: credential.credentialId,
+        public_key: credential.publicKey,
+        client_data_json: credential.clientDataJSON,
+        authenticator_data: credential.authenticatorData
+      })
+    });
+  }
+  /**
+   * Create a new account with password authentication
+   *
+   * @param request - Password and confirmation
+   * @returns Account creation response with account ID and addresses
+   */
+  async createAccountWithPassword(request) {
+    return this.request("/api/accounts/create/password", {
+      method: "POST",
+      body: JSON.stringify(request)
+    });
+  }
+  /**
+   * Authenticate with password
+   *
+   * @param request - Account ID and password
+   * @returns Authentication response with JWT token
+   */
+  async authenticatePassword(request) {
+    return this.request("/api/auth/password", {
+      method: "POST",
+      body: JSON.stringify(request)
+    });
+  }
+  /**
+   * Health check
+   *
+   * @returns True if the API is healthy
+   */
+  async healthCheck() {
+    try {
+      const response = await this.request("/api/health", {
+        method: "GET"
+      });
+      return response.status === "ok";
+    } catch {
+      return false;
+    }
+  }
+  /**
+   * Get API version
+   *
+   * @returns Version string
+   */
+  async getVersion() {
+    const response = await this.request("/api/version", {
+      method: "GET"
+    });
+    return response.version;
+  }
+};
+
+// src/utils.ts
+function base64UrlEncode(data) {
+  let base64;
+  if (typeof Buffer !== "undefined") {
+    base64 = Buffer.from(data).toString("base64");
+  } else {
+    const binary = Array.from(data).map((byte) => String.fromCharCode(byte)).join("");
+    base64 = btoa(binary);
+  }
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+}
+function base64UrlDecode(str) {
+  let base64 = str.replace(/-/g, "+").replace(/_/g, "/");
+  const padding = (4 - base64.length % 4) % 4;
+  base64 += "=".repeat(padding);
+  if (typeof Buffer !== "undefined") {
+    return new Uint8Array(Buffer.from(base64, "base64"));
+  } else {
+    const binary = atob(base64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++) {
+      bytes[i] = binary.charCodeAt(i);
+    }
+    return bytes;
+  }
+}
+
+// src/auth.ts
+function isWebAuthnAvailable() {
+  return typeof window !== "undefined" && typeof window.PublicKeyCredential !== "undefined" && typeof navigator.credentials !== "undefined";
+}
+var LocalStorageTokenStorage = class {
+  constructor(keyPrefix = "kentucky_signer") {
+    this.keyPrefix = keyPrefix;
+  }
+  async getToken() {
+    if (typeof localStorage === "undefined") return null;
+    const token = localStorage.getItem(`${this.keyPrefix}_token`);
+    const expiresAt = localStorage.getItem(`${this.keyPrefix}_expires`);
+    if (token && expiresAt && Date.now() < parseInt(expiresAt, 10)) {
+      return token;
+    }
+    await this.clearToken();
+    return null;
+  }
+  async setToken(token, expiresAt) {
+    if (typeof localStorage === "undefined") return;
+    localStorage.setItem(`${this.keyPrefix}_token`, token);
+    localStorage.setItem(`${this.keyPrefix}_expires`, expiresAt.toString());
+  }
+  async clearToken() {
+    if (typeof localStorage === "undefined") return;
+    localStorage.removeItem(`${this.keyPrefix}_token`);
+    localStorage.removeItem(`${this.keyPrefix}_expires`);
+  }
+};
+function credentialToPasskey(credential) {
+  const response = credential.response;
+  return {
+    credentialId: base64UrlEncode(new Uint8Array(credential.rawId)),
+    clientDataJSON: base64UrlEncode(new Uint8Array(response.clientDataJSON)),
+    authenticatorData: base64UrlEncode(new Uint8Array(response.authenticatorData)),
+    signature: base64UrlEncode(new Uint8Array(response.signature)),
+    userHandle: response.userHandle ? base64UrlEncode(new Uint8Array(response.userHandle)) : void 0
+  };
+}
+async function authenticateWithPasskey(options) {
+  if (!isWebAuthnAvailable()) {
+    throw new KentuckySignerError(
+      "WebAuthn is not available in this environment",
+      "WEBAUTHN_NOT_AVAILABLE",
+      "Use authenticateWithToken() for server-side authentication"
+    );
+  }
+  const client = new KentuckySignerClient({ baseUrl: options.baseUrl });
+  const challengeResponse = await client.getChallenge(options.accountId);
+  const challengeBytes = base64UrlDecode(challengeResponse.challenge);
+  const credentialRequestOptions = {
+    publicKey: {
+      challenge: challengeBytes.buffer,
+      timeout: 6e4,
+      rpId: options.rpId ?? window.location.hostname,
+      userVerification: "preferred",
+      allowCredentials: options.allowCredentials?.map((id) => ({
+        type: "public-key",
+        id: base64UrlDecode(id).buffer
+      }))
+    }
+  };
+  const credential = await navigator.credentials.get(
+    credentialRequestOptions
+  );
+  if (!credential) {
+    throw new KentuckySignerError(
+      "User cancelled passkey authentication",
+      "USER_CANCELLED"
+    );
+  }
+  const passkeyCredential = credentialToPasskey(credential);
+  const authResponse = await client.authenticatePasskey(
+    options.accountId,
+    passkeyCredential
+  );
+  const accountInfo = await client.getAccountInfo(
+    options.accountId,
+    authResponse.token
+  );
+  const expiresAt = Date.now() + authResponse.expires_in * 1e3;
+  return {
+    token: authResponse.token,
+    accountId: options.accountId,
+    evmAddress: accountInfo.addresses.evm,
+    btcAddress: accountInfo.addresses.bitcoin,
+    solAddress: accountInfo.addresses.solana,
+    expiresAt
+  };
+}
+function isSessionValid(session, bufferMs = 6e4) {
+  return Date.now() + bufferMs < session.expiresAt;
+}
+async function refreshSessionIfNeeded(session, baseUrl, bufferMs = 6e4) {
+  if (isSessionValid(session, bufferMs)) {
+    return session;
+  }
+  const client = new KentuckySignerClient({ baseUrl });
+  const authResponse = await client.refreshToken(session.token);
+  return {
+    ...session,
+    token: authResponse.token,
+    expiresAt: Date.now() + authResponse.expires_in * 1e3
+  };
+}
+
+// src/account.ts
+import {
+  hashMessage,
+  hashTypedData,
+  keccak256,
+  serializeTransaction
+} from "viem";
+import { toAccount } from "viem/accounts";
+function createKentuckySignerAccount(options) {
+  const { config, defaultChainId = 1, onSessionExpired } = options;
+  let session = options.session;
+  const client = new KentuckySignerClient({ baseUrl: config.baseUrl });
+  async function getToken() {
+    if (Date.now() + 6e4 >= session.expiresAt) {
+      if (onSessionExpired) {
+        session = await onSessionExpired();
+      } else {
+        throw new KentuckySignerError(
+          "Session expired",
+          "SESSION_EXPIRED",
+          "Please re-authenticate with your passkey"
+        );
+      }
+    }
+    return session.token;
+  }
+  async function signHash(hash, chainId) {
+    const token = await getToken();
+    const response = await client.signEvmTransaction(
+      { tx_hash: hash, chain_id: chainId },
+      token
+    );
+    return response.signature.full;
+  }
+  function parseSignature(signature) {
+    const r = `0x${signature.slice(2, 66)}`;
+    const s = `0x${signature.slice(66, 130)}`;
+    const v = BigInt(`0x${signature.slice(130, 132)}`);
+    return { r, s, v };
+  }
+  const account = toAccount({
+    address: session.evmAddress,
+    /**
+     * Sign a message
+     *
+     * Supports string messages, hex messages, and raw bytes.
+     */
+    async signMessage({ message }) {
+      const messageHash = hashMessage(message);
+      return signHash(messageHash, defaultChainId);
+    },
+    /**
+     * Sign a transaction
+     *
+     * Serializes the transaction, hashes it, signs via Kentucky Signer,
+     * and returns the signed serialized transaction.
+     */
+    async signTransaction(transaction) {
+      const chainId = transaction.chainId ?? defaultChainId;
+      const serializedUnsigned = serializeTransaction(transaction);
+      const txHash = keccak256(serializedUnsigned);
+      const signature = await signHash(txHash, chainId);
+      const { r, s, v } = parseSignature(signature);
+      let yParity;
+      if (transaction.type === "eip1559" || transaction.type === "eip2930" || transaction.type === "eip4844" || transaction.type === "eip7702") {
+        yParity = Number(v) - 27;
+      } else {
+        yParity = Number(v);
+      }
+      const serializedSigned = serializeTransaction(transaction, {
+        r,
+        s,
+        v: BigInt(yParity),
+        yParity
+      });
+      return serializedSigned;
+    },
+    /**
+     * Sign typed data (EIP-712)
+     */
+    async signTypedData(typedData) {
+      const hash = hashTypedData(typedData);
+      return signHash(hash, defaultChainId);
+    }
+  });
+  account.source = "kentuckySigner";
+  account.accountId = config.accountId;
+  account.session = session;
+  account.updateSession = (newSession) => {
+    session = newSession;
+    if (newSession.evmAddress !== account.address) {
+      ;
+      account.address = newSession.evmAddress;
+    }
+  };
+  return account;
+}
+
+// src/react/context.tsx
+import { jsx } from "react/jsx-runtime";
+var KentuckySignerContext = createContext(null);
+function KentuckySignerProvider({
+  baseUrl,
+  defaultChainId = 1,
+  storageKeyPrefix = "kentucky_signer",
+  persistSession = true,
+  children
+}) {
+  const [state, setState] = useState({
+    isAuthenticating: false,
+    isAuthenticated: false,
+    session: null,
+    account: null,
+    error: null
+  });
+  const client = useMemo(
+    () => new KentuckySignerClient({ baseUrl }),
+    [baseUrl]
+  );
+  const storage = useMemo(
+    () => persistSession ? new LocalStorageTokenStorage(storageKeyPrefix) : null,
+    [persistSession, storageKeyPrefix]
+  );
+  const createAccount = useCallback(
+    (session) => {
+      return createKentuckySignerAccount({
+        config: { baseUrl, accountId: session.accountId },
+        session,
+        defaultChainId,
+        onSessionExpired: async () => {
+          const newSession = await refreshSessionIfNeeded(session, baseUrl, 0);
+          setState((s) => ({
+            ...s,
+            session: newSession,
+            account: s.account ? { ...s.account, session: newSession } : null
+          }));
+          return newSession;
+        }
+      });
+    },
+    [baseUrl, defaultChainId]
+  );
+  useEffect(() => {
+    async function restoreSession() {
+      if (!storage) return;
+      try {
+        const savedSession = localStorage.getItem(`${storageKeyPrefix}_session`);
+        if (!savedSession) return;
+        const session = JSON.parse(savedSession);
+        if (!isSessionValid(session)) {
+          try {
+            const refreshed = await refreshSessionIfNeeded(session, baseUrl, 0);
+            const account2 = createAccount(refreshed);
+            localStorage.setItem(
+              `${storageKeyPrefix}_session`,
+              JSON.stringify(refreshed)
+            );
+            setState({
+              isAuthenticating: false,
+              isAuthenticated: true,
+              session: refreshed,
+              account: account2,
+              error: null
+            });
+          } catch {
+            localStorage.removeItem(`${storageKeyPrefix}_session`);
+          }
+          return;
+        }
+        const account = createAccount(session);
+        setState({
+          isAuthenticating: false,
+          isAuthenticated: true,
+          session,
+          account,
+          error: null
+        });
+      } catch {
+        localStorage.removeItem(`${storageKeyPrefix}_session`);
+      }
+    }
+    restoreSession();
+  }, [storage, storageKeyPrefix, baseUrl, createAccount]);
+  const authenticate = useCallback(
+    async (accountId, options) => {
+      setState((s) => ({ ...s, isAuthenticating: true, error: null }));
+      try {
+        const session = await authenticateWithPasskey({
+          baseUrl,
+          accountId,
+          rpId: options?.rpId
+        });
+        const account = createAccount(session);
+        if (storage) {
+          localStorage.setItem(
+            `${storageKeyPrefix}_session`,
+            JSON.stringify(session)
+          );
+        }
+        setState({
+          isAuthenticating: false,
+          isAuthenticated: true,
+          session,
+          account,
+          error: null
+        });
+      } catch (error) {
+        setState((s) => ({
+          ...s,
+          isAuthenticating: false,
+          error
+        }));
+        throw error;
+      }
+    },
+    [baseUrl, createAccount, storage, storageKeyPrefix]
+  );
+  const logout = useCallback(async () => {
+    try {
+      if (state.session) {
+        await client.logout(state.session.token);
+      }
+    } catch {
+    }
+    if (storage) {
+      localStorage.removeItem(`${storageKeyPrefix}_session`);
+    }
+    setState({
+      isAuthenticating: false,
+      isAuthenticated: false,
+      session: null,
+      account: null,
+      error: null
+    });
+  }, [client, state.session, storage, storageKeyPrefix]);
+  const refreshSession = useCallback(async () => {
+    if (!state.session) return;
+    try {
+      const refreshed = await refreshSessionIfNeeded(state.session, baseUrl);
+      if (refreshed !== state.session) {
+        const account = createAccount(refreshed);
+        if (storage) {
+          localStorage.setItem(
+            `${storageKeyPrefix}_session`,
+            JSON.stringify(refreshed)
+          );
+        }
+        setState((s) => ({
+          ...s,
+          session: refreshed,
+          account
+        }));
+      }
+    } catch (error) {
+      setState((s) => ({ ...s, error }));
+    }
+  }, [state.session, baseUrl, createAccount, storage, storageKeyPrefix]);
+  const clearError = useCallback(() => {
+    setState((s) => ({ ...s, error: null }));
+  }, []);
+  const value = useMemo(
+    () => ({
+      ...state,
+      authenticate,
+      logout,
+      refreshSession,
+      clearError
+    }),
+    [state, authenticate, logout, refreshSession, clearError]
+  );
+  return /* @__PURE__ */ jsx(KentuckySignerContext.Provider, { value, children });
+}
+function useKentuckySignerContext() {
+  const context = useContext(KentuckySignerContext);
+  if (!context) {
+    throw new Error(
+      "useKentuckySignerContext must be used within a KentuckySignerProvider"
+    );
+  }
+  return context;
+}
+
+// src/react/hooks.ts
+import { useMemo as useMemo2, useCallback as useCallback2, useState as useState2 } from "react";
+import { createWalletClient, http } from "viem";
+function useKentuckySigner() {
+  const context = useKentuckySignerContext();
+  return {
+    isAuthenticated: context.isAuthenticated,
+    isAuthenticating: context.isAuthenticating,
+    session: context.session,
+    account: context.account,
+    error: context.error,
+    authenticate: context.authenticate,
+    logout: context.logout,
+    refreshSession: context.refreshSession,
+    clearError: context.clearError
+  };
+}
+function useKentuckySignerAccount() {
+  const { account } = useKentuckySignerContext();
+  return account;
+}
+function useWalletClient(options) {
+  const { account } = useKentuckySignerContext();
+  const { chain, rpcUrl } = options;
+  return useMemo2(() => {
+    if (!account) return null;
+    return createWalletClient({
+      account,
+      chain,
+      transport: http(rpcUrl)
+    });
+  }, [account, chain, rpcUrl]);
+}
+function usePasskeyAuth() {
+  const { authenticate, isAuthenticating, error, clearError } = useKentuckySignerContext();
+  const login = useCallback2(
+    async (accountId, options) => {
+      clearError();
+      await authenticate(accountId, options);
+    },
+    [authenticate, clearError]
+  );
+  return {
+    login,
+    isLoading: isAuthenticating,
+    error,
+    clearError
+  };
+}
+function useSignMessage() {
+  const { account } = useKentuckySignerContext();
+  const [isLoading, setIsLoading] = useState2(false);
+  const [error, setError] = useState2(null);
+  const signMessage = useCallback2(
+    async (message) => {
+      if (!account) {
+        throw new Error("Not authenticated");
+      }
+      setIsLoading(true);
+      setError(null);
+      try {
+        const signature = await account.signMessage({ message });
+        return signature;
+      } catch (err) {
+        setError(err);
+        throw err;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [account]
+  );
+  return {
+    signMessage,
+    isLoading,
+    error,
+    isAvailable: !!account
+  };
+}
+function useSignTypedData() {
+  const { account } = useKentuckySignerContext();
+  const [isLoading, setIsLoading] = useState2(false);
+  const [error, setError] = useState2(null);
+  const signTypedData = useCallback2(
+    async (typedData) => {
+      if (!account) {
+        throw new Error("Not authenticated");
+      }
+      setIsLoading(true);
+      setError(null);
+      try {
+        const signature = await account.signTypedData(typedData);
+        return signature;
+      } catch (err) {
+        setError(err);
+        throw err;
+      } finally {
+        setIsLoading(false);
+      }
+    },
+    [account]
+  );
+  return {
+    signTypedData,
+    isLoading,
+    error,
+    isAvailable: !!account
+  };
+}
+function useIsReady() {
+  const { isAuthenticated, account } = useKentuckySignerContext();
+  return isAuthenticated && account !== null;
+}
+function useAddress() {
+  const { account } = useKentuckySignerContext();
+  return account?.address;
+}
+export {
+  KentuckySignerProvider,
+  useAddress,
+  useIsReady,
+  useKentuckySigner,
+  useKentuckySignerAccount,
+  useKentuckySignerContext,
+  usePasskeyAuth,
+  useSignMessage,
+  useSignTypedData,
+  useWalletClient
+};
+//# sourceMappingURL=index.mjs.map