shogun-core 3.0.3 → 3.0.4

package/dist/plugins/webauthn/webauthnPlugin.js

@@ -1,398 +0,0 @@
-import { BasePlugin } from "../base";
-import { Webauthn } from "./webauthn";
-import { WebAuthnSigner } from "./webauthnSigner";
-import { ErrorHandler, ErrorType } from "../../utils/errorHandler";
-/**
- * Plugin per la gestione delle funzionalità WebAuthn in ShogunCore
- */
-export class WebauthnPlugin extends BasePlugin {
-    name = "webauthn";
-    version = "1.0.0";
-    description = "Provides WebAuthn authentication functionality for ShogunCore";
-    webauthn = null;
-    signer = null;
-    /**
-     * @inheritdoc
-     */
-    initialize(core) {
-        super.initialize(core);
-        // Verifica se siamo in ambiente browser
-        if (typeof window === "undefined") {
-            console.warn("[webauthnPlugin] WebAuthn plugin disabled - not in browser environment");
-            return;
-        }
-        // Verifica se WebAuthn è supportato
-        if (!this.isSupported()) {
-            console.warn("[webauthnPlugin] WebAuthn not supported in this environment");
-            return;
-        }
-        // Inizializziamo il modulo WebAuthn
-        this.webauthn = new Webauthn(core.gun);
-        this.signer = new WebAuthnSigner(this.webauthn);
-        console.log("[webauthnPlugin] WebAuthn plugin initialized with signer support");
-    }
-    /**
-     * @inheritdoc
-     */
-    destroy() {
-        this.webauthn = null;
-        this.signer = null;
-        super.destroy();
-        console.log("[webauthnPlugin] WebAuthn plugin destroyed");
-    }
-    /**
-     * Assicura che il modulo Webauthn sia inizializzato
-     * @private
-     */
-    assertWebauthn() {
-        this.assertInitialized();
-        if (!this.webauthn) {
-            throw new Error("WebAuthn module not initialized");
-        }
-        return this.webauthn;
-    }
-    /**
-     * Assicura che il signer sia inizializzato
-     * @private
-     */
-    assertSigner() {
-        this.assertInitialized();
-        if (!this.signer) {
-            throw new Error("WebAuthn signer not initialized");
-        }
-        return this.signer;
-    }
-    /**
-     * Genera un pair SEA dalle credenziali WebAuthn
-     * @private
-     */
-    async generatePairFromCredentials(credentials) {
-        try {
-            // Use the signer to create a derived key pair from the WebAuthn credentials
-            const pair = await this.assertSigner().createDerivedKeyPair(credentials.credentialId, credentials.username);
-            return pair;
-        }
-        catch (error) {
-            console.error("Error generating pair from WebAuthn credentials:", error);
-            return null;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    isSupported() {
-        // Verifica se siamo in ambiente browser
-        if (typeof window === "undefined") {
-            return false;
-        }
-        // Check if PublicKeyCredential is available
-        if (typeof window.PublicKeyCredential === "undefined") {
-            return false;
-        }
-        // In test environment, allow initialization if window.PublicKeyCredential is mocked
-        if (process.env.NODE_ENV === "test") {
-            return typeof window.PublicKeyCredential !== "undefined";
-        }
-        // Se il plugin non è stato inizializzato, verifica direttamente il supporto
-        if (!this.webauthn) {
-            return typeof window.PublicKeyCredential !== "undefined";
-        }
-        return this.webauthn.isSupported();
-    }
-    /**
-     * @inheritdoc
-     */
-    async generateCredentials(username, existingCredential, isLogin = false) {
-        return this.assertWebauthn().generateCredentials(username, existingCredential, isLogin);
-    }
-    /**
-     * @inheritdoc
-     */
-    async createAccount(username, credentials, isNewDevice = false) {
-        return this.assertWebauthn().createAccount(username, credentials, isNewDevice);
-    }
-    /**
-     * @inheritdoc
-     */
-    async authenticateUser(username, salt, options) {
-        return this.assertWebauthn().authenticateUser(username, salt, options);
-    }
-    /**
-     * @inheritdoc
-     */
-    abortAuthentication() {
-        this.assertWebauthn().abortAuthentication();
-    }
-    /**
-     * @inheritdoc
-     */
-    async removeDevice(username, credentialId, credentials) {
-        return this.assertWebauthn().removeDevice(username, credentialId, credentials);
-    }
-    /**
-     * @inheritdoc
-     */
-    async createSigningCredential(username) {
-        try {
-            // Delegate to underlying WebAuthn module (tests mock these methods)
-            const wa = this.assertWebauthn();
-            if (typeof wa.createSigningCredential === "function") {
-                return await wa.createSigningCredential(username);
-            }
-            // Fallback to signer implementation if available
-            return await this.assertSigner().createSigningCredential(username);
-        }
-        catch (error) {
-            console.error(`Error creating signing credential: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    createAuthenticator(credentialId) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createAuthenticator === "function") {
-                return wa.createAuthenticator(credentialId);
-            }
-            return this.assertSigner().createAuthenticator(credentialId);
-        }
-        catch (error) {
-            console.error(`Error creating authenticator: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    async createDerivedKeyPair(credentialId, username, extra) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createDerivedKeyPair === "function") {
-                return await wa.createDerivedKeyPair(credentialId, username, extra);
-            }
-            return await this.assertSigner().createDerivedKeyPair(credentialId, username, extra);
-        }
-        catch (error) {
-            console.error(`Error creating derived key pair: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    async signWithDerivedKeys(data, credentialId, username, extra) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.signWithDerivedKeys === "function") {
-                return await wa.signWithDerivedKeys(data, credentialId, username, extra);
-            }
-            return await this.assertSigner().signWithDerivedKeys(data, credentialId, username, extra);
-        }
-        catch (error) {
-            console.error(`Error signing with derived keys: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    getSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getSigningCredential === "function") {
-            return wa.getSigningCredential(credentialId);
-        }
-        return this.assertSigner().getCredential(credentialId);
-    }
-    /**
-     * @inheritdoc
-     */
-    listSigningCredentials() {
-        const wa = this.assertWebauthn();
-        if (typeof wa.listSigningCredentials === "function") {
-            return wa.listSigningCredentials();
-        }
-        return this.assertSigner().listCredentials();
-    }
-    /**
-     * @inheritdoc
-     */
-    removeSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.removeSigningCredential === "function") {
-            return wa.removeSigningCredential(credentialId);
-        }
-        return this.assertSigner().removeCredential(credentialId);
-    }
-    // === CONSISTENCY METHODS ===
-    /**
-     * Creates a Gun user from WebAuthn signing credential
-     * This ensures the SAME user is created as with normal approach
-     */
-    async createGunUserFromSigningCredential(credentialId, username) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createGunUserFromSigningCredential === "function") {
-                return await wa.createGunUserFromSigningCredential(credentialId, username);
-            }
-            const core = this.assertInitialized();
-            return await this.assertSigner().createGunUser(credentialId, username, core.gun);
-        }
-        catch (error) {
-            console.error(`Error creating Gun user from signing credential: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * Get the Gun user public key for a signing credential
-     */
-    getGunUserPubFromSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getGunUserPubFromSigningCredential === "function") {
-            return wa.getGunUserPubFromSigningCredential(credentialId);
-        }
-        return this.assertSigner().getGunUserPub(credentialId);
-    }
-    /**
-     * Get the hashed credential ID (for consistency checking)
-     */
-    getHashedCredentialId(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getHashedCredentialId === "function") {
-            return wa.getHashedCredentialId(credentialId);
-        }
-        return this.assertSigner().getHashedCredentialId(credentialId);
-    }
-    /**
-     * Verify consistency between oneshot and normal approaches
-     * This ensures both approaches create the same Gun user
-     */
-    async verifyConsistency(credentialId, username, expectedUserPub) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.verifyConsistency === "function") {
-                return await wa.verifyConsistency(credentialId, username, expectedUserPub);
-            }
-            return await this.assertSigner().verifyConsistency(credentialId, username, expectedUserPub);
-        }
-        catch (error) {
-            console.error(`Error verifying consistency: ${error.message}`);
-            return { consistent: false };
-        }
-    }
-    /**
-     * Complete oneshot workflow that creates the SAME Gun user as normal approach
-     * This is the recommended method for oneshot signing with full consistency
-     */
-    async setupConsistentOneshotSigning(username) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.setupConsistentOneshotSigning === "function") {
-                return await wa.setupConsistentOneshotSigning(username);
-            }
-            // Fallback to local flow when not available
-            const credential = await this.createSigningCredential(username);
-            const authenticator = this.createAuthenticator(credential.id);
-            const gunUser = await this.createGunUserFromSigningCredential(credential.id, username);
-            return {
-                credential,
-                authenticator,
-                gunUser,
-                pub: credential.pub,
-                hashedCredentialId: credential.hashedCredentialId,
-            };
-        }
-        catch (error) {
-            console.error(`Error setting up consistent oneshot signing: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * Login with WebAuthn
-     * This is the recommended method for WebAuthn authentication
-     * @param username - Username
-     * @returns {Promise<AuthResult>} Authentication result
-     * @description Authenticates user using WebAuthn credentials.
-     * Requires browser support for WebAuthn and existing credentials.
-     */
-    async login(username) {
-        try {
-            const core = this.assertInitialized();
-            if (!username) {
-                throw new Error("Username required for WebAuthn login");
-            }
-            if (!this.isSupported()) {
-                throw new Error("WebAuthn is not supported by this browser");
-            }
-            // Prefer the oneshot consistent signing flow (tests mock this)
-            const { authenticator, pub } = (await this.setupConsistentOneshotSigning(username));
-            // If core has an authenticate method (tests), use it
-            if (core.authenticate) {
-                return await core.authenticate(username, authenticator, pub);
-            }
-            // Fallback to credentials-based flow
-            const credentials = await this.generateCredentials(username, null, true);
-            if (!credentials?.success) {
-                throw new Error(credentials?.error || "WebAuthn verification failed");
-            }
-            core.setAuthMethod("webauthn");
-            return await core.login(username, "", credentials.key);
-        }
-        catch (error) {
-            console.error(`Error during WebAuthn login: ${error}`);
-            // Log but do not depend on handler return value
-            ErrorHandler.handle(ErrorType.WEBAUTHN, "WEBAUTHN_LOGIN_ERROR", error.message || "Error during WebAuthn login", error);
-            return {
-                success: false,
-                error: error.message || "Error during WebAuthn login",
-            };
-        }
-    }
-    /**
-     * Register new user with WebAuthn
-     * This is the recommended method for WebAuthn registration
-     * @param username - Username
-     * @returns {Promise<SignUpResult>} Registration result
-     * @description Creates a new user account using WebAuthn credentials.
-     * Requires browser support for WebAuthn.
-     */
-    async signUp(username) {
-        try {
-            const core = this.assertInitialized();
-            if (!username) {
-                throw new Error("Username required for WebAuthn registration");
-            }
-            if (!this.isSupported()) {
-                throw new Error("WebAuthn is not supported by this browser");
-            }
-            // Prefer the oneshot consistent signing flow (tests mock this)
-            const { authenticator, pub } = (await this.setupConsistentOneshotSigning(username));
-            if (core.signUp) {
-                // Some tests stub signUp directly
-                return await core.signUp(username, authenticator, pub);
-            }
-            // Fallback to credentials-based flow
-            const credentials = await this.generateCredentials(username, null, false);
-            if (!credentials?.success) {
-                throw new Error(credentials?.error || "Unable to generate WebAuthn credentials");
-            }
-            core.setAuthMethod("webauthn");
-            // Convert WebAuthn credentials to SEA pair
-            const pair = await this.generatePairFromCredentials(credentials);
-            if (!pair) {
-                throw new Error("Failed to generate SEA pair from WebAuthn credentials");
-            }
-            // Use pair-based authentication instead of password
-            return await core.signUp(username, undefined, pair);
-        }
-        catch (error) {
-            console.error(`Error during WebAuthn registration: ${error}`);
-            ErrorHandler.handle(ErrorType.WEBAUTHN, "WEBAUTHN_SIGNUP_ERROR", error.message || "Error during WebAuthn registration", error);
-            return {
-                success: false,
-                error: error.message || "Error during WebAuthn registration",
-            };
-        }
-    }
-}

package/dist/plugins/webauthn/webauthnSigner.js

@@ -1,304 +0,0 @@
-import { Webauthn } from "./webauthn";
-import { p256 } from "@noble/curves/p256";
-import { sha256 } from "@noble/hashes/sha256";
-import derive from "../../gundb/derive";
-import { ethers } from "ethers";
-/**
- * Base64URL encoding utilities
- */
-const base64url = {
-    encode: function (buffer) {
-        const bytes = new Uint8Array(buffer);
-        return btoa(String.fromCharCode(...bytes))
-            .replace(/\+/g, "-")
-            .replace(/\//g, "_")
-            .replace(/=/g, "");
-    },
-    decode: function (str) {
-        str = str.replace(/-/g, "+").replace(/_/g, "/");
-        while (str.length % 4)
-            str += "=";
-        const binary = atob(str);
-        return new Uint8Array(binary.split("").map((c) => c.charCodeAt(0)));
-    },
-};
-/**
- * WebAuthn Signer - Provides oneshot signing functionality
- * Similar to webauthn.js but integrated with our architecture
- * CONSISTENT with normal WebAuthn approach
- */
-export class WebAuthnSigner {
-    webauthn;
-    credentials = new Map();
-    constructor(webauthn) {
-        this.webauthn = webauthn || new Webauthn();
-    }
-    /**
-     * Creates a new WebAuthn credential for signing
-     * Similar to webauthn.js create functionality but CONSISTENT with normal approach
-     */
-    async createSigningCredential(username) {
-        try {
-            const credential = (await navigator.credentials.create({
-                publicKey: {
-                    challenge: crypto.getRandomValues(new Uint8Array(32)),
-                    rp: {
-                        id: window.location.hostname === "localhost"
-                            ? "localhost"
-                            : window.location.hostname,
-                        name: "Shogun Wallet",
-                    },
-                    user: {
-                        id: new TextEncoder().encode(username),
-                        name: username,
-                        displayName: username,
-                    },
-                    // Use the same algorithms as webauthn.js for SEA compatibility
-                    pubKeyCredParams: [
-                        { type: "public-key", alg: -7 }, // ECDSA, P-256 curve, for signing
-                        { type: "public-key", alg: -25 }, // ECDH, P-256 curve, for creating shared secrets
-                        { type: "public-key", alg: -257 },
-                    ],
-                    authenticatorSelection: {
-                        userVerification: "preferred",
-                    },
-                    timeout: 60000,
-                    attestation: "none",
-                },
-            }));
-            if (!credential) {
-                throw new Error("Failed to create WebAuthn credential");
-            }
-            // Extract public key in the same way as webauthn.js
-            const response = credential.response;
-            const publicKey = response.getPublicKey();
-            if (!publicKey) {
-                throw new Error("Failed to get public key from credential");
-            }
-            const rawKey = new Uint8Array(publicKey);
-            // Extract coordinates like webauthn.js (slice positions may need adjustment)
-            const xCoord = rawKey.slice(27, 59);
-            const yCoord = rawKey.slice(59, 91);
-            const x = base64url.encode(xCoord);
-            const y = base64url.encode(yCoord);
-            const pub = `${x}.${y}`;
-            // CONSISTENCY: Use the same hashing approach as normal WebAuthn
-            const hashedCredentialId = ethers.keccak256(ethers.toUtf8Bytes(credential.id));
-            const signingCredential = {
-                id: credential.id,
-                rawId: credential.rawId,
-                publicKey: { x, y },
-                pub,
-                hashedCredentialId, // This ensures consistency
-            };
-            // Store credential for later use
-            this.credentials.set(credential.id, signingCredential);
-            return signingCredential;
-        }
-        catch (error) {
-            console.error("Error creating signing credential:", error);
-            throw new Error(`Failed to create signing credential: ${error.message}`);
-        }
-    }
-    /**
-     * Creates an authenticator function compatible with SEA.sign
-     * This is the key function that makes it work like webauthn.js
-     */
-    createAuthenticator(credentialId) {
-        const credential = this.credentials.get(credentialId);
-        if (!credential) {
-            throw new Error(`Credential ${credentialId} not found`);
-        }
-        return async (data) => {
-            try {
-                const challenge = new TextEncoder().encode(JSON.stringify(data));
-                const options = {
-                    challenge,
-                    rpId: window.location.hostname === "localhost"
-                        ? "localhost"
-                        : window.location.hostname,
-                    userVerification: "preferred",
-                    allowCredentials: [
-                        {
-                            type: "public-key",
-                            id: credential.rawId,
-                        },
-                    ],
-                    timeout: 60000,
-                };
-                const assertion = (await navigator.credentials.get({
-                    publicKey: options,
-                }));
-                if (!assertion) {
-                    throw new Error("WebAuthn assertion failed");
-                }
-                return assertion.response;
-            }
-            catch (error) {
-                console.error("WebAuthn assertion error:", error);
-                throw error;
-            }
-        };
-    }
-    /**
-     * Creates a derived key pair from WebAuthn credential
-     * CONSISTENT with normal approach: uses hashedCredentialId as password
-     */
-    async createDerivedKeyPair(credentialId, username, extra) {
-        const credential = this.credentials.get(credentialId);
-        if (!credential) {
-            throw new Error(`Credential ${credentialId} not found`);
-        }
-        try {
-            // CONSISTENCY: Use the same approach as normal WebAuthn
-            // Use hashedCredentialId as password (same as normal approach)
-            const derivedKeys = await derive(credential.hashedCredentialId, // This is the key change!
-            extra, { includeP256: true });
-            return {
-                pub: derivedKeys.pub,
-                priv: derivedKeys.priv,
-                epub: derivedKeys.epub,
-                epriv: derivedKeys.epriv,
-            };
-        }
-        catch (error) {
-            console.error("Error deriving keys from WebAuthn credential:", error);
-            throw error;
-        }
-    }
-    /**
-     * Creates a Gun user from WebAuthn credential
-     * This ensures the SAME user is created as with normal approach
-     * FIX: Use derived pair instead of username/password for GunDB auth
-     */
-    async createGunUser(credentialId, username, gunInstance) {
-        const credential = this.credentials.get(credentialId);
-        if (!credential) {
-            throw new Error(`Credential ${credentialId} not found`);
-        }
-        try {
-            // FIX: Use derived pair for GunDB authentication instead of username/password
-            const derivedPair = await this.createDerivedKeyPair(credentialId, username);
-            return new Promise((resolve) => {
-                // Use the derived pair directly for GunDB auth
-                gunInstance.user().create(derivedPair, (ack) => {
-                    if (ack.err) {
-                        // Try to login if user already exists
-                        gunInstance.user().auth(derivedPair, (authAck) => {
-                            if (authAck.err) {
-                                resolve({ success: false, error: authAck.err });
-                            }
-                            else {
-                                const userPub = authAck.pub;
-                                // Update credential with Gun user pub
-                                credential.gunUserPub = userPub;
-                                this.credentials.set(credentialId, credential);
-                                resolve({ success: true, userPub });
-                            }
-                        });
-                    }
-                    else {
-                        // User created, now login
-                        gunInstance.user().auth(derivedPair, (authAck) => {
-                            if (authAck.err) {
-                                resolve({ success: false, error: authAck.err });
-                            }
-                            else {
-                                const userPub = authAck.pub;
-                                // Update credential with Gun user pub
-                                credential.gunUserPub = userPub;
-                                this.credentials.set(credentialId, credential);
-                                resolve({ success: true, userPub });
-                            }
-                        });
-                    }
-                });
-            });
-        }
-        catch (error) {
-            console.error("Error creating Gun user:", error);
-            return { success: false, error: error.message };
-        }
-    }
-    /**
-     * Signs data using WebAuthn + derived keys
-     * This provides a hybrid approach: WebAuthn for user verification + derived keys for actual signing
-     * CONSISTENT with normal approach
-     */
-    async signWithDerivedKeys(data, credentialId, username, extra) {
-        try {
-            // First, verify user with WebAuthn
-            const authenticator = this.createAuthenticator(credentialId);
-            await authenticator(data); // This verifies the user
-            // Then use derived keys for actual signing (CONSISTENT approach)
-            const keyPair = await this.createDerivedKeyPair(credentialId, username, extra);
-            // Create signature using P-256 (same as SEA)
-            const message = JSON.stringify(data);
-            const messageHash = sha256(new TextEncoder().encode(message));
-            // Convert base64url private key to bytes
-            const privKeyBytes = base64url.decode(keyPair.priv);
-            // Sign with P-256
-            const signature = p256.sign(messageHash, privKeyBytes);
-            // Format like SEA signature
-            const seaSignature = {
-                m: message,
-                s: base64url.encode(signature.toCompactRawBytes()),
-            };
-            return "SEA" + JSON.stringify(seaSignature);
-        }
-        catch (error) {
-            console.error("Error signing with derived keys:", error);
-            throw error;
-        }
-    }
-    /**
-     * Get the Gun user public key for a credential
-     * This allows checking if the same user would be created
-     */
-    getGunUserPub(credentialId) {
-        const credential = this.credentials.get(credentialId);
-        return credential?.gunUserPub;
-    }
-    /**
-     * Get the hashed credential ID (for consistency checking)
-     */
-    getHashedCredentialId(credentialId) {
-        const credential = this.credentials.get(credentialId);
-        return credential?.hashedCredentialId;
-    }
-    /**
-     * Check if this credential would create the same Gun user as normal approach
-     */
-    async verifyConsistency(credentialId, username, expectedUserPub) {
-        const credential = this.credentials.get(credentialId);
-        if (!credential) {
-            return { consistent: false };
-        }
-        // The derived keys should be the same as normal approach
-        const derivedKeys = await this.createDerivedKeyPair(credentialId, username);
-        return {
-            consistent: expectedUserPub ? derivedKeys.pub === expectedUserPub : true,
-            actualUserPub: derivedKeys.pub,
-            expectedUserPub,
-        };
-    }
-    /**
-     * Get credential by ID
-     */
-    getCredential(credentialId) {
-        return this.credentials.get(credentialId);
-    }
-    /**
-     * List all stored credentials
-     */
-    listCredentials() {
-        return Array.from(this.credentials.values());
-    }
-    /**
-     * Remove a credential
-     */
-    removeCredential(credentialId) {
-        return this.credentials.delete(credentialId);
-    }
-}
-export default WebAuthnSigner;