npm - signet-login - Versions diffs - 0.1.0 - Mend

signet-login 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/LICENSE +21 -0
package/README.md +234 -0
package/dist/callback.d.ts +27 -0
package/dist/callback.js +46 -0
package/dist/modal.d.ts +13 -0
package/dist/modal.js +401 -0
package/dist/redirect.d.ts +85 -0
package/dist/redirect.js +226 -0
package/dist/signers.d.ts +81 -0
package/dist/signers.js +128 -0
package/dist/signet-login.d.ts +87 -0
package/dist/signet-login.iife.js +77 -0
package/dist/signet-login.js +265 -0
package/dist/storage.d.ts +38 -0
package/dist/storage.js +159 -0
package/dist/types.d.ts +164 -0
package/dist/types.js +35 -0
package/dist/verify.d.ts +43 -0
package/dist/verify.js +117 -0
package/package.json +64 -0

package/dist/verify.d.ts ADDED Viewed

@@ -0,0 +1,43 @@
+/**
+ * Server-side verifier for Signet auth events.
+ *
+ * Run on your server when the client posts a SignetAuthEvent — this verifies
+ * the schnorr signature, the canonical event ID, and the embedded challenge /
+ * origin / app tags. Pure Node-friendly: no DOM, no relays, no fetch.
+ *
+ *   import { verifyLogin } from 'signet-login/verify';
+ *   const result = verifyLogin(authEvent, {
+ *     expectedChallenge: '...',
+ *     expectedOrigin: 'https://mygame.com',
+ *     expectedAppName: 'Asteroid Sats',
+ *   });
+ */
+export interface VerifyLoginOptions {
+    /** The challenge the consumer issued. 64 hex. */
+    expectedChallenge: string;
+    /** The origin the auth event must be bound to (e.g. 'https://mygame.com'). */
+    expectedOrigin: string;
+    /**
+     * Optional: the app name the consumer claimed at login time. If supplied,
+     * the auth event's `app` tag must match.
+     */
+    expectedAppName?: string;
+    /** Maximum age of the auth event in seconds. Default: 300 (5 min). */
+    maxAgeSeconds?: number;
+    /** Override Date.now() for testing. */
+    now?: () => number;
+}
+export type VerifyLoginResult = {
+    valid: true;
+    pubkey: string;
+    createdAt: number;
+} | {
+    valid: false;
+    error: VerifyLoginError;
+};
+export type VerifyLoginError = 'malformed-event' | 'wrong-kind' | 'invalid-event-id' | 'invalid-signature' | 'challenge-mismatch' | 'origin-mismatch' | 'app-mismatch' | 'too-old' | 'in-the-future';
+/**
+ * Verify a Signet kind-21236 auth event against the expected challenge, origin,
+ * and (optionally) app name.
+ */
+export declare function verifyLogin(event: unknown, opts: VerifyLoginOptions): VerifyLoginResult;

package/dist/verify.js ADDED Viewed

@@ -0,0 +1,117 @@
+/**
+ * Server-side verifier for Signet auth events.
+ *
+ * Run on your server when the client posts a SignetAuthEvent — this verifies
+ * the schnorr signature, the canonical event ID, and the embedded challenge /
+ * origin / app tags. Pure Node-friendly: no DOM, no relays, no fetch.
+ *
+ *   import { verifyLogin } from 'signet-login/verify';
+ *   const result = verifyLogin(authEvent, {
+ *     expectedChallenge: '...',
+ *     expectedOrigin: 'https://mygame.com',
+ *     expectedAppName: 'Asteroid Sats',
+ *   });
+ */
+import { schnorr } from '@noble/curves/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
+import { bytesToHex } from '@noble/hashes/utils';
+function hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < bytes.length; i++) {
+        bytes[i] = parseInt(hex.substr(i * 2, 2), 16);
+    }
+    return bytes;
+}
+function isHex(s, len) {
+    return typeof s === 'string' && new RegExp(`^[0-9a-f]{${len}}$`, 'i').test(s);
+}
+function getTag(tags, key) {
+    if (!Array.isArray(tags))
+        return undefined;
+    const tag = tags.find(t => Array.isArray(t) && t[0] === key && typeof t[1] === 'string');
+    return tag ? tag[1] : undefined;
+}
+/**
+ * Canonical Nostr event ID computation per NIP-01:
+ *   id = SHA-256(JSON.stringify([0, pubkey, created_at, kind, tags, content]))
+ */
+function computeEventId(event) {
+    const serialised = JSON.stringify([0, event.pubkey, event.created_at, event.kind, event.tags, event.content]);
+    return bytesToHex(sha256(new TextEncoder().encode(serialised)));
+}
+/**
+ * Verify a Signet kind-21236 auth event against the expected challenge, origin,
+ * and (optionally) app name.
+ */
+export function verifyLogin(event, opts) {
+    // Structural validation
+    if (typeof event !== 'object' || event === null)
+        return { valid: false, error: 'malformed-event' };
+    const e = event;
+    if (!isHex(e.id, 64))
+        return { valid: false, error: 'malformed-event' };
+    if (!isHex(e.pubkey, 64))
+        return { valid: false, error: 'malformed-event' };
+    if (!isHex(e.sig, 128))
+        return { valid: false, error: 'malformed-event' };
+    if (typeof e.created_at !== 'number')
+        return { valid: false, error: 'malformed-event' };
+    if (typeof e.content !== 'string')
+        return { valid: false, error: 'malformed-event' };
+    if (!Array.isArray(e.tags))
+        return { valid: false, error: 'malformed-event' };
+    if (e.kind !== 21236)
+        return { valid: false, error: 'wrong-kind' };
+    const ev = e;
+    // Verify event ID = SHA-256 of canonical serialisation
+    const expectedId = computeEventId({
+        pubkey: ev.pubkey,
+        created_at: ev.created_at,
+        kind: 21236,
+        tags: ev.tags,
+        content: ev.content,
+    });
+    if (expectedId !== ev.id.toLowerCase())
+        return { valid: false, error: 'invalid-event-id' };
+    // Verify schnorr signature
+    let sigOk = false;
+    try {
+        sigOk = schnorr.verify(hexToBytes(ev.sig), hexToBytes(ev.id), hexToBytes(ev.pubkey));
+    }
+    catch {
+        sigOk = false;
+    }
+    if (!sigOk)
+        return { valid: false, error: 'invalid-signature' };
+    // Challenge tag
+    const challengeTag = getTag(ev.tags, 'challenge');
+    if (!challengeTag)
+        return { valid: false, error: 'challenge-mismatch' };
+    if (!isHex(opts.expectedChallenge, 64))
+        return { valid: false, error: 'challenge-mismatch' };
+    if (challengeTag.toLowerCase() !== opts.expectedChallenge.toLowerCase()) {
+        return { valid: false, error: 'challenge-mismatch' };
+    }
+    // Origin tag
+    const originTag = getTag(ev.tags, 'origin');
+    if (!originTag || originTag !== opts.expectedOrigin) {
+        return { valid: false, error: 'origin-mismatch' };
+    }
+    // App tag (optional check)
+    if (opts.expectedAppName !== undefined) {
+        const appTag = getTag(ev.tags, 'app');
+        if (appTag !== opts.expectedAppName) {
+            return { valid: false, error: 'app-mismatch' };
+        }
+    }
+    // Freshness
+    const now = (opts.now ?? Date.now)() / 1000;
+    const maxAge = opts.maxAgeSeconds ?? 300;
+    const age = now - ev.created_at;
+    if (age > maxAge)
+        return { valid: false, error: 'too-old' };
+    // Allow 60 seconds of clock skew into the future
+    if (age < -60)
+        return { valid: false, error: 'in-the-future' };
+    return { valid: true, pubkey: ev.pubkey.toLowerCase(), createdAt: ev.created_at };
+}

package/package.json ADDED Viewed

@@ -0,0 +1,64 @@
+{
+  "name": "signet-login",
+  "version": "0.1.0",
+  "description": "Sign in with Signet — drop-in login SDK for Nostr-aware websites. NIP-07, bunker URI, and Signet redirect/QR in one unified API.",
+  "type": "module",
+  "main": "./dist/signet-login.js",
+  "types": "./dist/signet-login.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/signet-login.d.ts",
+      "import": "./dist/signet-login.js",
+      "default": "./dist/signet-login.js"
+    },
+    "./verify": {
+      "types": "./dist/verify.d.ts",
+      "import": "./dist/verify.js",
+      "default": "./dist/verify.js"
+    },
+    "./iife": "./dist/signet-login.iife.js"
+  },
+  "files": [
+    "dist"
+  ],
+  "publishConfig": {
+    "provenance": true
+  },
+  "scripts": {
+    "clean": "rm -rf dist",
+    "build": "npm run clean && tsc && npm run build:iife",
+    "build:iife": "esbuild src/signet-login.ts --bundle --format=iife --global-name=__SignetLoginIIFE --outfile=dist/signet-login.iife.js --minify --target=es2020 --footer:js='Object.assign((globalThis.Signet||={}),__SignetLoginIIFE);'",
+    "typecheck": "tsc --noEmit",
+    "test": "vitest run",
+    "test:watch": "vitest"
+  },
+  "dependencies": {
+    "@noble/curves": "^1.8.1",
+    "@noble/hashes": "^1.7.1",
+    "nostr-tools": "^2.23.3",
+    "signet-verify": "^0.3.1"
+  },
+  "devDependencies": {
+    "esbuild": "^0.28.0",
+    "jsdom": "^29.1.1",
+    "signet-protocol": "^1.6.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.2.4"
+  },
+  "keywords": [
+    "nostr",
+    "signet",
+    "login",
+    "authentication",
+    "nip-07",
+    "nip-46",
+    "bunker",
+    "decentralised-identity",
+    "sign-in-with-signet"
+  ],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/forgesworn/signet-login.git"
+  }
+}