shogun-core 6.2.3 → 6.3.0

package/dist/plugins/webauthn/webauthnPlugin.js

@@ -1,490 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.WebauthnPlugin = void 0;
-const base_1 = require("../base");
-const webauthn_1 = require("./webauthn");
-const webauthnSigner_1 = require("./webauthnSigner");
-const errorHandler_1 = require("../../utils/errorHandler");
-const seedPhrase_1 = require("../../utils/seedPhrase");
-const webauthn_2 = require("./webauthn");
-/**
- * Plugin per la gestione delle funzionalità WebAuthn in ShogunCore
- */
-class WebauthnPlugin extends base_1.BasePlugin {
-    constructor() {
-        super(...arguments);
-        this.name = "webauthn";
-        this.version = "1.0.0";
-        this.description = "Provides WebAuthn authentication functionality for ShogunCore";
-        this.webauthn = null;
-        this.signer = null;
-    }
-    /**
-     * @inheritdoc
-     */
-    initialize(core) {
-        super.initialize(core);
-        // Verifica se siamo in ambiente browser
-        if (typeof window === "undefined") {
-            console.warn("[webauthnPlugin] WebAuthn plugin disabled - not in browser environment");
-            return;
-        }
-        // Verifica se WebAuthn è supportato
-        if (!this.isSupported()) {
-            console.warn("[webauthnPlugin] WebAuthn not supported in this environment");
-            return;
-        }
-        // Inizializziamo il modulo WebAuthn
-        this.webauthn = new webauthn_1.Webauthn(core.gun);
-        this.signer = new webauthnSigner_1.WebAuthnSigner(this.webauthn);
-        console.log("[webauthnPlugin] WebAuthn plugin initialized with signer support");
-    }
-    /**
-     * @inheritdoc
-     */
-    destroy() {
-        this.webauthn = null;
-        this.signer = null;
-        super.destroy();
-        console.log("[webauthnPlugin] WebAuthn plugin destroyed");
-    }
-    /**
-     * Assicura che il modulo Webauthn sia inizializzato
-     * @private
-     */
-    assertWebauthn() {
-        this.assertInitialized();
-        if (!this.webauthn) {
-            throw new Error("WebAuthn module not initialized");
-        }
-        return this.webauthn;
-    }
-    /**
-     * Assicura che il signer sia inizializzato
-     * @private
-     */
-    assertSigner() {
-        this.assertInitialized();
-        if (!this.signer) {
-            throw new Error("WebAuthn signer not initialized");
-        }
-        return this.signer;
-    }
-    /**
-     * Genera un pair SEA dalle credenziali WebAuthn
-     * @private
-     */
-    async generatePairFromCredentials(credentials) {
-        try {
-            // Use the signer to create a derived key pair from the WebAuthn credentials
-            const pair = await this.assertSigner().createDerivedKeyPair(credentials.credentialId, credentials.username);
-            return pair;
-        }
-        catch (error) {
-            console.error("Error generating pair from WebAuthn credentials:", error);
-            return null;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    isSupported() {
-        // Verifica se siamo in ambiente browser
-        if (typeof window === "undefined") {
-            return false;
-        }
-        // Check if PublicKeyCredential is available
-        if (typeof window.PublicKeyCredential === "undefined") {
-            return false;
-        }
-        // In test environment, allow initialization if window.PublicKeyCredential is mocked
-        if (process.env.NODE_ENV === "test") {
-            return typeof window.PublicKeyCredential !== "undefined";
-        }
-        // Se il plugin non è stato inizializzato, verifica direttamente il supporto
-        if (!this.webauthn) {
-            return typeof window.PublicKeyCredential !== "undefined";
-        }
-        return this.webauthn.isSupported();
-    }
-    /**
-     * @inheritdoc
-     */
-    async generateCredentials(username, existingCredential, isLogin = false) {
-        return this.assertWebauthn().generateCredentials(username, existingCredential, isLogin);
-    }
-    /**
-     * @inheritdoc
-     */
-    async createAccount(username, credentials, isNewDevice = false) {
-        return this.assertWebauthn().createAccount(username, credentials, isNewDevice);
-    }
-    /**
-     * @inheritdoc
-     */
-    async authenticateUser(username, salt, options) {
-        return this.assertWebauthn().authenticateUser(username, salt, options);
-    }
-    /**
-     * @inheritdoc
-     */
-    abortAuthentication() {
-        this.assertWebauthn().abortAuthentication();
-    }
-    /**
-     * @inheritdoc
-     */
-    async removeDevice(username, credentialId, credentials) {
-        return this.assertWebauthn().removeDevice(username, credentialId, credentials);
-    }
-    /**
-     * @inheritdoc
-     */
-    async createSigningCredential(username) {
-        try {
-            // Delegate to underlying WebAuthn module (tests mock these methods)
-            const wa = this.assertWebauthn();
-            if (typeof wa.createSigningCredential === "function") {
-                return await wa.createSigningCredential(username);
-            }
-            // Fallback to signer implementation if available
-            return await this.assertSigner().createSigningCredential(username);
-        }
-        catch (error) {
-            console.error(`Error creating signing credential: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    createAuthenticator(credentialId) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createAuthenticator === "function") {
-                return wa.createAuthenticator(credentialId);
-            }
-            return this.assertSigner().createAuthenticator(credentialId);
-        }
-        catch (error) {
-            console.error(`Error creating authenticator: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    async createDerivedKeyPair(credentialId, username, extra) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createDerivedKeyPair === "function") {
-                return await wa.createDerivedKeyPair(credentialId, username, extra);
-            }
-            return await this.assertSigner().createDerivedKeyPair(credentialId, username, extra);
-        }
-        catch (error) {
-            console.error(`Error creating derived key pair: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    async signWithDerivedKeys(data, credentialId, username, extra) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.signWithDerivedKeys === "function") {
-                return await wa.signWithDerivedKeys(data, credentialId, username, extra);
-            }
-            return await this.assertSigner().signWithDerivedKeys(data, credentialId, username, extra);
-        }
-        catch (error) {
-            console.error(`Error signing with derived keys: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * @inheritdoc
-     */
-    getSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getSigningCredential === "function") {
-            return wa.getSigningCredential(credentialId);
-        }
-        return this.assertSigner().getCredential(credentialId);
-    }
-    /**
-     * @inheritdoc
-     */
-    listSigningCredentials() {
-        const wa = this.assertWebauthn();
-        if (typeof wa.listSigningCredentials === "function") {
-            return wa.listSigningCredentials();
-        }
-        return this.assertSigner().listCredentials();
-    }
-    /**
-     * @inheritdoc
-     */
-    removeSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.removeSigningCredential === "function") {
-            return wa.removeSigningCredential(credentialId);
-        }
-        return this.assertSigner().removeCredential(credentialId);
-    }
-    // === CONSISTENCY METHODS ===
-    /**
-     * Creates a Gun user from WebAuthn signing credential
-     * This ensures the SAME user is created as with normal approach
-     */
-    async createGunUserFromSigningCredential(credentialId, username) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.createGunUserFromSigningCredential === "function") {
-                return await wa.createGunUserFromSigningCredential(credentialId, username);
-            }
-            const core = this.assertInitialized();
-            return await this.assertSigner().createGunUser(credentialId, username, core.gun);
-        }
-        catch (error) {
-            console.error(`Error creating Gun user from signing credential: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * Get the Gun user public key for a signing credential
-     */
-    getGunUserPubFromSigningCredential(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getGunUserPubFromSigningCredential === "function") {
-            return wa.getGunUserPubFromSigningCredential(credentialId);
-        }
-        return this.assertSigner().getGunUserPub(credentialId);
-    }
-    /**
-     * Get the hashed credential ID (for consistency checking)
-     */
-    getHashedCredentialId(credentialId) {
-        const wa = this.assertWebauthn();
-        if (typeof wa.getHashedCredentialId === "function") {
-            return wa.getHashedCredentialId(credentialId);
-        }
-        return this.assertSigner().getHashedCredentialId(credentialId);
-    }
-    /**
-     * Verify consistency between oneshot and normal approaches
-     * This ensures both approaches create the same Gun user
-     */
-    async verifyConsistency(credentialId, username, expectedUserPub) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.verifyConsistency === "function") {
-                return await wa.verifyConsistency(credentialId, username, expectedUserPub);
-            }
-            return await this.assertSigner().verifyConsistency(credentialId, username, expectedUserPub);
-        }
-        catch (error) {
-            console.error(`Error verifying consistency: ${error.message}`);
-            return { consistent: false };
-        }
-    }
-    /**
-     * Complete oneshot workflow that creates the SAME Gun user as normal approach
-     * This is the recommended method for oneshot signing with full consistency
-     */
-    async setupConsistentOneshotSigning(username) {
-        try {
-            const wa = this.assertWebauthn();
-            if (typeof wa.setupConsistentOneshotSigning === "function") {
-                return await wa.setupConsistentOneshotSigning(username);
-            }
-            // Fallback to local flow when not available
-            const credential = await this.createSigningCredential(username);
-            const authenticator = this.createAuthenticator(credential.id);
-            const gunUser = await this.createGunUserFromSigningCredential(credential.id, username);
-            return {
-                credential,
-                authenticator,
-                gunUser,
-                pub: credential.pub,
-                hashedCredentialId: credential.hashedCredentialId,
-            };
-        }
-        catch (error) {
-            console.error(`Error setting up consistent oneshot signing: ${error.message}`);
-            throw error;
-        }
-    }
-    /**
-     * Login with WebAuthn
-     * This is the recommended method for WebAuthn authentication
-     * @param username - Username
-     * @returns {Promise<AuthResult>} Authentication result
-     * @description Authenticates user using WebAuthn credentials.
-     * Requires browser support for WebAuthn and existing credentials.
-     */
-    async login(username) {
-        try {
-            const core = this.assertInitialized();
-            if (!username) {
-                throw new Error("Username required for WebAuthn login");
-            }
-            if (!this.isSupported()) {
-                throw new Error("WebAuthn is not supported by this browser");
-            }
-            // Prefer the oneshot consistent signing flow (tests mock this)
-            const { authenticator, pub } = (await this.setupConsistentOneshotSigning(username));
-            // If core has an authenticate method (tests), use it
-            if (core.authenticate) {
-                return await core.authenticate(username, authenticator, pub);
-            }
-            // Fallback to credentials-based flow
-            const credentials = await this.generateCredentials(username, null, true);
-            if (!credentials?.success) {
-                throw new Error(credentials?.error || "WebAuthn verification failed");
-            }
-            core.setAuthMethod("webauthn");
-            return await core.login(username, "", credentials.key);
-        }
-        catch (error) {
-            console.error(`Error during WebAuthn login: ${error}`);
-            // Log but do not depend on handler return value
-            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.WEBAUTHN, "WEBAUTHN_LOGIN_ERROR", error.message || "Error during WebAuthn login", error);
-            return {
-                success: false,
-                error: error.message || "Error during WebAuthn login",
-            };
-        }
-    }
-    /**
-     * Register new user with WebAuthn
-     * This is the recommended method for WebAuthn registration
-     * @param username - Username
-     * @param options - Optional signup options (seed phrase support)
-     * @returns {Promise<SignUpResult>} Registration result with optional seed phrase
-     * @description Creates a new user account using WebAuthn credentials.
-     * Requires browser support for WebAuthn.
-     * If generateSeedPhrase is true, returns a BIP39 mnemonic for multi-device support.
-     */
-    async signUp(username, options) {
-        try {
-            const core = this.assertInitialized();
-            if (!username) {
-                throw new Error("Username required for WebAuthn registration");
-            }
-            if (!this.isSupported()) {
-                throw new Error("WebAuthn is not supported by this browser");
-            }
-            // Determine seed phrase to use
-            let seedPhrase;
-            const shouldGenerateSeed = options?.generateSeedPhrase !== false; // Default to true
-            if (options?.seedPhrase) {
-                // Use provided seed phrase
-                if (!(0, seedPhrase_1.validateSeedPhrase)(options.seedPhrase)) {
-                    throw new Error("Invalid seed phrase provided");
-                }
-                seedPhrase = options.seedPhrase;
-            }
-            else if (shouldGenerateSeed) {
-                // Generate new seed phrase for multi-device support
-                seedPhrase = (0, seedPhrase_1.generateSeedPhrase)();
-                console.log("[webauthnPlugin] Generated seed phrase for multi-device support");
-            }
-            // Derive Gun credentials from seed phrase if available
-            let pair;
-            if (seedPhrase) {
-                // Use seed phrase derivation
-                const { password } = (0, seedPhrase_1.deriveCredentialsFromMnemonic)(seedPhrase, username);
-                const derivedKeys = await (0, webauthn_2.deriveWebauthnKeys)(username, seedPhrase, true);
-                pair = {
-                    pub: derivedKeys.pub,
-                    priv: derivedKeys.priv,
-                    epub: derivedKeys.epub,
-                    epriv: derivedKeys.epriv,
-                };
-            }
-            else {
-                // Legacy WebAuthn credential-based flow (device-bound)
-                const credentials = await this.generateCredentials(username, null, false);
-                if (!credentials?.success) {
-                    throw new Error(credentials?.error || "Unable to generate WebAuthn credentials");
-                }
-                // Use the key directly from credentials instead of calling generatePairFromCredentials
-                // since generateCredentials already returns the derived key pair
-                if (!credentials.key) {
-                    throw new Error("Failed to generate SEA pair from WebAuthn credentials");
-                }
-                pair = credentials.key;
-            }
-            core.setAuthMethod("webauthn");
-            // Register user with Gun (using email parameter slot for pair)
-            const result = await core.signUp(username, undefined, pair);
-            // Add seed phrase to result if generated
-            if (seedPhrase && shouldGenerateSeed) {
-                return {
-                    ...result,
-                    message: seedPhrase
-                        ? "🔑 IMPORTANT: Save your 12-word seed phrase to access your account from other devices!"
-                        : result.message,
-                    seedPhrase: seedPhrase,
-                };
-            }
-            return result;
-        }
-        catch (error) {
-            console.error(`Error during WebAuthn registration: ${error}`);
-            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.WEBAUTHN, "WEBAUTHN_SIGNUP_ERROR", error.message || "Error during WebAuthn registration", error);
-            return {
-                success: false,
-                error: error.message || "Error during WebAuthn registration",
-            };
-        }
-    }
-    /**
-     * Import existing account from seed phrase
-     * Allows accessing the same account across multiple devices
-     * @param username - Username
-     * @param seedPhrase - 12-word BIP39 mnemonic seed phrase
-     * @returns {Promise<SignUpResult>} Registration result
-     */
-    async importFromSeed(username, seedPhrase) {
-        try {
-            if (!username) {
-                throw new Error("Username required");
-            }
-            // Normalize and validate seed phrase
-            const normalizedSeed = (0, seedPhrase_1.normalizeSeedPhrase)(seedPhrase);
-            if (!(0, seedPhrase_1.validateSeedPhrase)(normalizedSeed)) {
-                throw new Error("Invalid seed phrase. Please check and try again.");
-            }
-            console.log("[webauthnPlugin] Importing account from seed phrase");
-            // Use signUp with existing seed phrase
-            return await this.signUp(username, {
-                seedPhrase: normalizedSeed,
-                generateSeedPhrase: false, // Don't generate new seed
-            });
-        }
-        catch (error) {
-            console.error(`Error importing from seed: ${error.message}`);
-            errorHandler_1.ErrorHandler.handle(errorHandler_1.ErrorType.WEBAUTHN, "WEBAUTHN_IMPORT_ERROR", error.message || "Error importing from seed phrase", error);
-            return {
-                success: false,
-                error: error.message || "Error importing from seed phrase",
-            };
-        }
-    }
-    /**
-     * Get seed phrase for current user (if stored)
-     * Note: Seed phrases are NOT stored by default for security
-     * Users should save their seed phrase during registration
-     * @param username - Username
-     * @returns {Promise<string | null>} Seed phrase or null
-     */
-    async getSeedPhrase(username) {
-        console.warn("[webauthnPlugin] Seed phrases are not stored for security reasons");
-        console.warn("[webauthnPlugin] Users must save their seed phrase during registration");
-        return null;
-    }
-}
-exports.WebauthnPlugin = WebauthnPlugin;