shogun-core 3.0.4 → 3.0.5

package/dist/gundb/derive.js

@@ -0,0 +1,229 @@
+import { p256 } from "@noble/curves/p256";
+import { secp256k1 } from "@noble/curves/secp256k1";
+import { sha256 } from "@noble/hashes/sha256";
+import { keccak_256 } from "@noble/hashes/sha3";
+import { ripemd160 } from "@noble/hashes/ripemd160";
+export default async function (pwd, extra, options = {}) {
+    const TEXT_ENCODER = new TextEncoder();
+    const pwdBytes = pwd
+        ? typeof pwd === "string"
+            ? TEXT_ENCODER.encode(normalizeString(pwd))
+            : pwd
+        : crypto.getRandomValues(new Uint8Array(32));
+    // Mix extra into password bytes to ensure different results for different inputs
+    const extras = extra
+        ? (Array.isArray(extra) ? extra : [extra]).map((e) => normalizeString(e.toString()))
+        : [];
+    const extraBuf = TEXT_ENCODER.encode(extras.join("|"));
+    const combinedInput = new Uint8Array(pwdBytes.length + extraBuf.length);
+    combinedInput.set(pwdBytes);
+    combinedInput.set(extraBuf, pwdBytes.length);
+    if (combinedInput.length < 16) {
+        throw new Error(`Insufficient input entropy (${combinedInput.length})`);
+    }
+    const version = "v1";
+    const result = {};
+    // Mantieni comportamento esistente (P-256) come default
+    const { includeP256 = true, includeSecp256k1Bitcoin = true, includeSecp256k1Ethereum = true, } = options;
+    if (includeP256) {
+        const salts = [
+            { label: "signing", type: "pub/priv" },
+            { label: "encryption", type: "epub/epriv" },
+        ];
+        const [signingKeys, encryptionKeys] = await Promise.all(salts.map(async ({ label }) => {
+            const salt = TEXT_ENCODER.encode(`${label}-${version}`);
+            const privateKey = await stretchKey(combinedInput, salt);
+            if (!p256.utils.isValidPrivateKey(privateKey)) {
+                throw new Error(`Invalid private key for ${label}`);
+            }
+            const publicKey = p256.getPublicKey(privateKey, false);
+            return {
+                pub: keyBufferToJwk(publicKey),
+                priv: arrayBufToBase64UrlEncode(privateKey),
+            };
+        }));
+        // Chiavi P-256 esistenti
+        result.pub = signingKeys.pub;
+        result.priv = signingKeys.priv;
+        result.epub = encryptionKeys.pub;
+        result.epriv = encryptionKeys.priv;
+    }
+    // Derivazione Bitcoin P2PKH (secp256k1 + SHA256 + RIPEMD160 + Base58)
+    if (includeSecp256k1Bitcoin) {
+        const bitcoinSalt = TEXT_ENCODER.encode(`secp256k1-bitcoin-${version}`);
+        const bitcoinPrivateKey = await stretchKey(combinedInput, bitcoinSalt);
+        if (!secp256k1.utils.isValidPrivateKey(bitcoinPrivateKey)) {
+            throw new Error("Invalid secp256k1 private key for Bitcoin");
+        }
+        const bitcoinPublicKey = secp256k1.getPublicKey(bitcoinPrivateKey, true); // Compressed
+        result.secp256k1Bitcoin = {
+            privateKey: bytesToHex(bitcoinPrivateKey),
+            publicKey: bytesToHex(bitcoinPublicKey),
+            address: deriveP2PKHAddress(bitcoinPublicKey),
+        };
+    }
+    // Derivazione Ethereum (secp256k1 + Keccak256)
+    if (includeSecp256k1Ethereum) {
+        const ethereumSalt = TEXT_ENCODER.encode(`secp256k1-ethereum-${version}`);
+        const ethereumPrivateKey = await stretchKey(combinedInput, ethereumSalt);
+        if (!secp256k1.utils.isValidPrivateKey(ethereumPrivateKey)) {
+            throw new Error("Invalid secp256k1 private key for Ethereum");
+        }
+        const ethereumPublicKey = secp256k1.getPublicKey(ethereumPrivateKey, false); // Uncompressed
+        result.secp256k1Ethereum = {
+            privateKey: "0x" + bytesToHex(ethereumPrivateKey),
+            publicKey: "0x" + bytesToHex(ethereumPublicKey),
+            address: deriveKeccak256Address(ethereumPublicKey),
+        };
+    }
+    return result;
+}
+function arrayBufToBase64UrlEncode(buf) {
+    return btoa(String.fromCharCode(...buf))
+        .replace(/\//g, "_")
+        .replace(/=/g, "")
+        .replace(/\+/g, "-");
+}
+function keyBufferToJwk(publicKeyBuffer) {
+    if (publicKeyBuffer[0] !== 4)
+        throw new Error("Invalid uncompressed public key format");
+    return [
+        arrayBufToBase64UrlEncode(publicKeyBuffer.slice(1, 33)), // x
+        arrayBufToBase64UrlEncode(publicKeyBuffer.slice(33, 65)), // y
+    ].join(".");
+}
+function normalizeString(str) {
+    return str.normalize("NFC").trim();
+}
+async function stretchKey(input, salt, iterations = 300_000) {
+    try {
+        const baseKey = await crypto.subtle.importKey("raw", input, { name: "PBKDF2" }, false, ["deriveBits"]);
+        const keyBits = await crypto.subtle.deriveBits({
+            name: "PBKDF2",
+            salt: salt,
+            iterations,
+            hash: "SHA-256",
+        }, baseKey, 256);
+        const keyBytes = new Uint8Array(keyBits);
+        // Ensure the key is valid for secp256k1
+        return ensureValidSecp256k1Key(keyBytes);
+    }
+    catch (error) {
+        // Fallback: generate a deterministic key from input and salt
+        const fallbackKey = generateFallbackKey(input, salt);
+        return ensureValidSecp256k1Key(fallbackKey);
+    }
+}
+function generateFallbackKey(input, salt) {
+    // Simple deterministic key generation as fallback
+    const key = new Uint8Array(32);
+    for (let i = 0; i < 32; i++) {
+        key[i] = (i * 7 + salt[i % salt.length]) % 256;
+    }
+    return key;
+}
+function ensureValidSecp256k1Key(keyBytes) {
+    // Ensure the key is not all zeros
+    if (keyBytes.every((byte) => byte === 0)) {
+        keyBytes[0] = 1;
+    }
+    // secp256k1 curve order is approximately 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
+    const maxValidKey = new Uint8Array([
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+        0xff, 0xff, 0xff, 0xfe, 0xba, 0xae, 0xdc, 0xe6,
+    ]);
+    // If the key is greater than or equal to the curve order, reduce it
+    let isGreaterOrEqual = true;
+    for (let i = 0; i < 32; i++) {
+        if (keyBytes[i] < maxValidKey[i]) {
+            isGreaterOrEqual = false;
+            break;
+        }
+        else if (keyBytes[i] > maxValidKey[i]) {
+            break;
+        }
+    }
+    if (isGreaterOrEqual) {
+        // Reduce the key by setting it to a safe value
+        keyBytes[31] = 0xe5; // Set to a value less than the curve order
+    }
+    // Additional validation: ensure the key is not too small
+    if (keyBytes.every((byte) => byte === 0) ||
+        keyBytes.every((byte) => byte === 1)) {
+        // Set to a safe default value
+        keyBytes.fill(0);
+        keyBytes[0] = 0x01;
+        keyBytes[31] = 0xff;
+    }
+    return keyBytes;
+}
+function bytesToHex(bytes) {
+    return Array.from(bytes)
+        .map((b) => b.toString(16).padStart(2, "0"))
+        .join("");
+}
+// Base58 encoding per Bitcoin
+const BASE58_ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function base58Encode(bytes) {
+    if (bytes.length === 0)
+        return "";
+    // Count leading zeros
+    let zeros = 0;
+    for (let i = 0; i < bytes.length && bytes[i] === 0; i++) {
+        zeros++;
+    }
+    // Convert to base58
+    const digits = [0];
+    for (let i = zeros; i < bytes.length; i++) {
+        let carry = bytes[i];
+        for (let j = 0; j < digits.length; j++) {
+            carry += digits[j] << 8;
+            digits[j] = carry % 58;
+            carry = (carry / 58) | 0;
+        }
+        while (carry > 0) {
+            digits.push(carry % 58);
+            carry = (carry / 58) | 0;
+        }
+    }
+    // Convert to string
+    let result = "";
+    for (let i = 0; i < zeros; i++) {
+        result += BASE58_ALPHABET[0];
+    }
+    for (let i = digits.length - 1; i >= 0; i--) {
+        result += BASE58_ALPHABET[digits[i]];
+    }
+    return result;
+}
+function deriveP2PKHAddress(publicKey) {
+    // Bitcoin P2PKH address derivation
+    // 1. SHA256 hash del public key
+    const sha256Hash = sha256(publicKey);
+    // 2. RIPEMD160 hash del risultato
+    const ripemd160Hash = ripemd160(sha256Hash);
+    // 3. Aggiungi version byte (0x00 per mainnet P2PKH)
+    const versionedHash = new Uint8Array(21);
+    versionedHash[0] = 0x00; // Mainnet P2PKH version
+    versionedHash.set(ripemd160Hash, 1);
+    // 4. Double SHA256 per checksum
+    const checksum = sha256(sha256(versionedHash));
+    // 5. Aggiungi i primi 4 byte del checksum
+    const addressBytes = new Uint8Array(25);
+    addressBytes.set(versionedHash);
+    addressBytes.set(checksum.slice(0, 4), 21);
+    // 6. Base58 encode
+    return base58Encode(addressBytes);
+}
+function deriveKeccak256Address(publicKey) {
+    // Ethereum address derivation usando Keccak256
+    // 1. Rimuovi il prefix byte (0x04) dalla chiave pubblica non compressa
+    const publicKeyWithoutPrefix = publicKey.slice(1);
+    // 2. Calcola Keccak256 hash
+    const hash = keccak_256(publicKeyWithoutPrefix);
+    // 3. Prendi gli ultimi 20 byte
+    const address = hash.slice(-20);
+    // 4. Aggiungi '0x' prefix e converti in hex
+    return "0x" + bytesToHex(address);
+}

package/dist/gundb/errors.js

@@ -0,0 +1,66 @@
+/**
+ * Error classes for Gun and Auth
+ */
+/**
+ * Base error for Gun
+ */
+export class GunError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = "GunError";
+    }
+}
+/**
+ * Generic authentication error
+ */
+export class AuthError extends GunError {
+    constructor(message) {
+        super(message);
+        this.name = "AuthError";
+    }
+}
+/**
+ * Invalid credentials error
+ */
+export class InvalidCredentials extends AuthError {
+    constructor(message = "Credenziali non valide") {
+        super(message);
+        this.name = "InvalidCredentials";
+    }
+}
+/**
+ * User already exists error
+ */
+export class UserExists extends AuthError {
+    constructor(message = "Utente già esistente") {
+        super(message);
+        this.name = "UserExists";
+    }
+}
+/**
+ * Timeout error
+ */
+export class TimeoutError extends GunError {
+    constructor(message = "Timeout durante l'operazione") {
+        super(message);
+        this.name = "TimeoutError";
+    }
+}
+/**
+ * Multiple authentication error
+ */
+export class MultipleAuthError extends AuthError {
+    constructor(message = "Autenticazione multipla in corso") {
+        super(message);
+        this.name = "MultipleAuthError";
+    }
+}
+/** Base error related to the network. */
+export class NetworkError extends GunError {
+}
+const withDefaultMessage = (args, defaultMessage) => {
+    if (args.length === 0 || (args.length === 1 && !args[0])) {
+        args = [defaultMessage];
+    }
+    return args;
+};

package/dist/gundb/index.js

@@ -0,0 +1,6 @@
+// Export the main class
+export * from "./db";
+// Export improved types
+export * from "./types";
+// Export simplified API
+export * from "./simple-api";

package/dist/gundb/restricted-put.js

@@ -0,0 +1,81 @@
+// Functional programming style implementation
+const gunHeaderModule = (Gun) => {
+    // Closure for token state
+    const tokenState = {
+        value: undefined,
+    };
+    // Pure function to create a new token state
+    const setToken = (newToken) => {
+        tokenState.value = newToken;
+        setupTokenMiddleware();
+        return tokenState.value;
+    };
+    // Pure function to retrieve token
+    const getToken = () => tokenState.value;
+    // Function to add token to headers
+    const addTokenToHeaders = (msg) => ({
+        ...msg,
+        headers: {
+            ...msg.headers,
+            token: tokenState.value,
+        },
+    });
+    // Setup middleware
+    const setupTokenMiddleware = () => {
+        Gun.on("opt", function (ctx) {
+            if (ctx.once)
+                return;
+            ctx.on("out", function (msg) {
+                const to = this.to;
+                // Apply pure function to add headers
+                const msgWithHeaders = addTokenToHeaders(msg);
+                //console.log('[PUT HEADERS]', msgWithHeaders)
+                to.next(msgWithHeaders); // pass to next middleware
+            });
+        });
+    };
+    // Initialize middleware
+    setupTokenMiddleware();
+    // Expose public API
+    return {
+        setToken,
+        getToken,
+    };
+};
+// Module instance and exports
+let moduleInstance;
+/**
+ * Initialize the Gun headers module with Gun instance and optional token
+ * @param Gun - Gun instance
+ * @param token - Optional authentication token
+ */
+export const restrictedPut = (Gun, token) => {
+    moduleInstance = gunHeaderModule(Gun);
+    if (token) {
+        moduleInstance.setToken(token);
+    }
+};
+/**
+ * Set the authentication token for Gun requests
+ * @param newToken - Token to set
+ */
+export const setToken = (newToken) => {
+    if (!moduleInstance) {
+        throw new Error("Gun headers module not initialized. Call init(Gun, token) first.");
+    }
+    return moduleInstance.setToken(newToken);
+};
+/**
+ * Get the current authentication token
+ */
+export const getToken = () => {
+    if (!moduleInstance) {
+        throw new Error("Gun headers module not initialized. Call init(Gun, token) first.");
+    }
+    return moduleInstance.getToken();
+};
+// Export the functions to global window (if in browser environment)
+if (typeof window !== "undefined") {
+    window.setToken = setToken;
+    window.getToken = getToken;
+}