wao 0.27.3 → 0.28.0

package/cjs/id.js

@@ -0,0 +1,234 @@
+"use strict";
+
+Object.defineProperty(exports, "__esModule", {
+  value: true
+});
+exports.extractCommitmentIds = extractCommitmentIds;
+exports.generateCommitmentId = generateCommitmentId;
+exports.generateHmacCommitmentId = generateHmacCommitmentId;
+exports.generateRsaCommitmentId = generateRsaCommitmentId;
+exports.parseStructuredFieldDictionary = parseStructuredFieldDictionary;
+exports.verifyCommitmentId = verifyCommitmentId;
+var _fastSha = require("fast-sha256");
+function _toConsumableArray(r) { return _arrayWithoutHoles(r) || _iterableToArray(r) || _unsupportedIterableToArray(r) || _nonIterableSpread(); }
+function _nonIterableSpread() { throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _iterableToArray(r) { if ("undefined" != typeof Symbol && null != r[Symbol.iterator] || null != r["@@iterator"]) return Array.from(r); }
+function _arrayWithoutHoles(r) { if (Array.isArray(r)) return _arrayLikeToArray(r); }
+function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }
+function _nonIterableRest() { throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method."); }
+function _unsupportedIterableToArray(r, a) { if (r) { if ("string" == typeof r) return _arrayLikeToArray(r, a); var t = {}.toString.call(r).slice(8, -1); return "Object" === t && r.constructor && (t = r.constructor.name), "Map" === t || "Set" === t ? Array.from(r) : "Arguments" === t || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(t) ? _arrayLikeToArray(r, a) : void 0; } }
+function _arrayLikeToArray(r, a) { (null == a || a > r.length) && (a = r.length); for (var e = 0, n = Array(a); e < a; e++) n[e] = r[e]; return n; }
+function _iterableToArrayLimit(r, l) { var t = null == r ? null : "undefined" != typeof Symbol && r[Symbol.iterator] || r["@@iterator"]; if (null != t) { var e, n, i, u, a = [], f = !0, o = !1; try { if (i = (t = t.call(r)).next, 0 === l) { if (Object(t) !== t) return; f = !1; } else for (; !(f = (e = i.call(t)).done) && (a.push(e.value), a.length !== l); f = !0); } catch (r) { o = !0, n = r; } finally { try { if (!f && null != t["return"] && (u = t["return"](), Object(u) !== u)) return; } finally { if (o) throw n; } } return a; } }
+function _arrayWithHoles(r) { if (Array.isArray(r)) return r; }
+/**
+ * Parse structured field dictionary format
+ * Handles both complex format: name=(components);params
+ * and simple format: name=:value:
+ */
+function parseStructuredFieldDictionary(input) {
+  // Try complex format first
+  var match = input.match(/([^=]+)=\((.*?)\);(.*)$/);
+  if (match) {
+    var name = match[1];
+    var components = match[2].split(" ");
+    var params = {};
+    var paramPairs = match[3].split(";").filter(function (p) {
+      return p;
+    });
+    paramPairs.forEach(function (pair) {
+      var _pair$split = pair.split("="),
+        _pair$split2 = _slicedToArray(_pair$split, 2),
+        key = _pair$split2[0],
+        value = _pair$split2[1];
+      if (key && value) {
+        params[key] = value.replace(/"/g, "");
+      }
+    });
+    return {
+      name: name,
+      components: components,
+      params: params
+    };
+  }
+
+  // Try simple format
+  var simpleMatch = input.match(/([^=]+)=:([^:]+):/);
+  if (simpleMatch) {
+    return {
+      name: simpleMatch[1],
+      value: simpleMatch[2]
+    };
+  }
+  return null;
+}
+
+/**
+ * Convert base64url string to base64
+ */
+function base64urlToBase64(str) {
+  return str.replace(/-/g, "+").replace(/_/g, "/");
+}
+
+/**
+ * Convert Uint8Array to base64url string
+ */
+function uint8ArrayToBase64url(bytes) {
+  // Convert to base64
+  var binary = "";
+  for (var i = 0; i < bytes.length; i++) {
+    binary += String.fromCharCode(bytes[i]);
+  }
+  var base64 = btoa(binary);
+
+  // Convert to base64url
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+
+/**
+ * Generate commitment ID for RSA-PSS and ECDSA signatures
+ * The ID is the SHA256 hash of the raw signature bytes
+ *
+ * @param {Object} commitment - The commitment object containing signature
+ * @returns {string} The commitment ID in base64url format
+ */
+function generateRsaCommitmentId(commitment) {
+  // Extract the base64 signature from structured field format
+  // Format: "signature-name=:BASE64_SIGNATURE:"
+  var match = commitment.signature.match(/^[^=]+=:([^:]+):/);
+  if (!match) {
+    throw new Error("Invalid signature format");
+  }
+  var signatureBase64 = match[1];
+  // Convert base64 to Uint8Array
+  var signatureBinary = Uint8Array.from(atob(signatureBase64), function (c) {
+    return c.charCodeAt(0);
+  });
+
+  // SHA256 hash of the raw signature
+  var hashResult = (0, _fastSha.hash)(signatureBinary);
+  var id = uint8ArrayToBase64url(hashResult);
+  return id;
+}
+
+/**
+ * Generate HMAC commitment ID for HyperBEAM messages
+ * The ID is deterministic based on message content only
+ *
+ * The Erlang implementation sorts components WITH @ prefix included,
+ * then removes @ from derived components in the signature base.
+ *
+ * @param {Object} message - The message with signature and signature-input
+ * @returns {string} The commitment ID in base64url format
+ */
+function generateHmacCommitmentId(message) {
+  // Parse signature-input to get components
+  var parsed = parseStructuredFieldDictionary(message["signature-input"]);
+  if (!parsed || !parsed.components) {
+    throw new Error("Failed to parse signature-input");
+  }
+
+  // Sort components AS-IS (with quotes and @ prefix)
+  var sortedComponents = _toConsumableArray(parsed.components).sort();
+
+  // Build signature base in sorted order
+  var lines = [];
+  sortedComponents.forEach(function (component) {
+    var cleanComponent = component.replace(/"/g, "");
+    var fieldName = cleanComponent;
+    var value;
+
+    // For derived components (starting with @), remove @ in the signature base
+    if (cleanComponent.startsWith("@")) {
+      fieldName = cleanComponent.substring(1);
+      value = message[fieldName];
+    } else {
+      value = message[cleanComponent];
+    }
+    if (value === undefined || value === null) {
+      value = "";
+    } else if (typeof value === "number") {
+      value = value.toString();
+    }
+    lines.push("\"".concat(fieldName, "\": ").concat(value));
+  });
+
+  // Add signature-params line with sorted components (keeping @ prefix)
+  var paramsComponents = sortedComponents.join(" ");
+  lines.push("\"@signature-params\": (".concat(paramsComponents, ");alg=\"hmac-sha256\";keyid=\"ao\""));
+  var signatureBase = lines.join("\n");
+
+  // Generate HMAC with key "ao"
+  // Convert string to Uint8Array
+  var messageBytes = new TextEncoder().encode(signatureBase);
+  var keyBytes = new TextEncoder().encode("ao");
+  var hmacResult = (0, _fastSha.hmac)(keyBytes, messageBytes);
+  return uint8ArrayToBase64url(hmacResult);
+}
+
+/**
+ * Generate commitment ID based on the algorithm type
+ *
+ * @param {Object} commitment - The commitment object containing alg, signature, etc.
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {string} The commitment ID in base64url format
+ */
+function generateCommitmentId(commitment) {
+  var fullMessage = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : null;
+  switch (commitment.alg) {
+    case "rsa-pss-sha512":
+    case "ecdsa-p256-sha256":
+      return generateRsaCommitmentId(commitment);
+    case "hmac-sha256":
+      if (!fullMessage) {
+        throw new Error("HMAC commitment IDs require full message context");
+      }
+      return generateHmacCommitmentId(fullMessage);
+    default:
+      throw new Error("Unsupported algorithm: ".concat(commitment.alg));
+  }
+}
+
+/**
+ * Extract all commitment IDs from a HyperBEAM message
+ *
+ * @param {Object} message - The message with commitments
+ * @returns {Object} Map of commitment IDs to their types
+ */
+function extractCommitmentIds(message) {
+  var ids = {};
+  if (!message.commitments) {
+    return ids;
+  }
+  for (var _i = 0, _Object$entries = Object.entries(message.commitments); _i < _Object$entries.length; _i++) {
+    var _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2),
+      id = _Object$entries$_i[0],
+      commitment = _Object$entries$_i[1];
+    ids[id] = {
+      alg: commitment.alg,
+      committer: commitment.committer,
+      device: commitment["commitment-device"]
+    };
+  }
+  return ids;
+}
+
+/**
+ * Verify a commitment ID matches the expected value
+ *
+ * @param {Object} commitment - The commitment object
+ * @param {string} expectedId - The expected commitment ID
+ * @param {Object} fullMessage - The full message (required for HMAC)
+ * @returns {boolean} True if the ID matches
+ */
+function verifyCommitmentId(commitment, expectedId) {
+  var fullMessage = arguments.length > 2 && arguments[2] !== undefined ? arguments[2] : null;
+  try {
+    var calculatedId = generateCommitmentId(commitment, fullMessage);
+    return calculatedId === expectedId;
+  } catch (error) {
+    console.error("Error verifying commitment ID:", error);
+    return false;
+  }
+}
+
+// Export all functions

package/cjs/send.js

@@ -46,6 +46,8 @@ function _send() {
       while (1) switch (_context2.prev = _context2.next) {
         case 0:
           fetchImpl = _args2.length > 1 && _args2[1] !== undefined ? _args2[1] : fetch;
+          // IMPORTANT: Use the URL from signedMsg.url, NOT from any path header
+          // This ensures we send to the correct URL even if path header is different
           fetchOptions = {
             method: signedMsg.method,
             headers: signedMsg.headers,
@@ -54,6 +56,8 @@ function _send() {
           if (signedMsg.body !== undefined && signedMsg.method !== "GET" && signedMsg.method !== "HEAD") {
             fetchOptions.body = signedMsg.body;
           }
+
+          // Use the URL as provided, ignoring any path header
           _context2.next = 5;
           return fetchImpl(signedMsg.url, fetchOptions);
         case 5:

package/cjs/signer-utils.js

@@ -4,6 +4,7 @@ function _typeof(o) { "@babel/helpers - typeof"; return _typeof = "function" ==
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
+exports.extractPublicKeyFromHeaders = extractPublicKeyFromHeaders;
 exports.send = send;
 exports.toHttpSigner = void 0;
 exports.verify = verify;

package/cjs/signer.js

@@ -30,7 +30,9 @@ var joinUrl = function joinUrl(_ref) {
   if (path.startsWith("http://") || path.startsWith("https://")) {
     return path;
   }
-  return url.endsWith("/") ? url.slice(0, -1) + path : url + path;
+  // Ensure path starts with /
+  var normalizedPath = path.startsWith("/") ? path : "/" + path;
+  return url.endsWith("/") ? url.slice(0, -1) + normalizedPath : url + normalizedPath;
 };
 function signer(config) {
   var signer = config.signer,
@@ -41,15 +43,46 @@ function signer(config) {
   }
   return /*#__PURE__*/function () {
     var _sign = _asyncToGenerator(/*#__PURE__*/_regeneratorRuntime().mark(function _callee(fields) {
-      var _fields$path, path, _fields$method, method, restFields, aoFields, encoded, headersObj, body, _url, bodySize, lowercaseHeaders, _i, _Object$entries, _Object$entries$_i, key, value, signingFields, signedRequest, finalHeaders, _i2, _Object$entries2, _Object$entries2$_i, _key, _value, result;
+      var _ref2,
+        _ref2$path,
+        _path,
+        _fields$path,
+        path,
+        _fields$method,
+        method,
+        restFields,
+        aoFields,
+        encoded,
+        headersObj,
+        body,
+        _url,
+        bodySize,
+        lowercaseHeaders,
+        _i,
+        _Object$entries,
+        _Object$entries$_i,
+        key,
+        value,
+        bodyKeys,
+        signingFields,
+        signedRequest,
+        finalHeaders,
+        _i2,
+        _Object$entries2,
+        _Object$entries2$_i,
+        _key,
+        _value,
+        result,
+        _args = arguments;
       return _regeneratorRuntime().wrap(function _callee$(_context) {
         while (1) switch (_context.prev = _context.next) {
           case 0:
+            _ref2 = _args.length > 1 && _args[1] !== undefined ? _args[1] : {}, _ref2$path = _ref2.path, _path = _ref2$path === void 0 ? false : _ref2$path;
             _fields$path = fields.path, path = _fields$path === void 0 ? "/relay/process" : _fields$path, _fields$method = fields.method, method = _fields$method === void 0 ? "POST" : _fields$method, restFields = _objectWithoutProperties(fields, _excluded);
             aoFields = _objectSpread({}, restFields);
-            _context.next = 4;
+            _context.next = 5;
             return (0, _encode.enc)(aoFields);
-          case 4:
+          case 5:
             encoded = _context.sent;
             headersObj = encoded ? encoded.headers : {};
             body = encoded ? encoded.body : undefined;
@@ -57,6 +90,7 @@ function signer(config) {
               url: url,
               path: path
             });
+            headersObj["path"] = path;
             if (body && !headersObj["content-length"]) {
               bodySize = body.size || body.byteLength || 0;
               if (bodySize > 0) {
@@ -68,14 +102,27 @@ function signer(config) {
               _Object$entries$_i = _slicedToArray(_Object$entries[_i], 2), key = _Object$entries$_i[0], value = _Object$entries$_i[1];
               lowercaseHeaders[key.toLowerCase()] = value;
             }
+            if (lowercaseHeaders.path && /^\//.test(lowercaseHeaders.path)) {
+              //const sp = lowercaseHeaders.path.split("/")
+              //lowercaseHeaders.path = sp.slice(sp.length - 1).join("/")
+            }
+            // Parse body-keys if present
+            bodyKeys = headersObj["body-keys"] ? headersObj["body-keys"].replace(/"/g, "").split(",").map(function (k) {
+              return k.trim();
+            }) : []; // Collect fields to sign from headers
             signingFields = Object.keys(lowercaseHeaders).filter(function (key) {
-              return key !== "body-keys";
-            });
+              return key !== "body-keys" && key !== "path" && !bodyKeys.includes(key);
+            } // Also exclude fields that are in body-keys
+            ); // Always include @path in the signature
+            //if (!signingFields.includes("path")) signingFields.push("path")
+
+            if (_path) signingFields.push("path");
+            // Ensure we have at least one field to sign
             if (signingFields.length === 0 && !body) {
               lowercaseHeaders["content-length"] = "0";
               signingFields.push("content-length");
             }
-            _context.next = 15;
+            _context.next = 20;
             return (0, _send.toHttpSigner)(signer)({
               request: {
                 url: _url,
@@ -84,7 +131,7 @@ function signer(config) {
               },
               fields: signingFields
             });
-          case 15:
+          case 20:
             signedRequest = _context.sent;
             finalHeaders = {};
             for (_i2 = 0, _Object$entries2 = Object.entries(headersObj); _i2 < _Object$entries2.length; _i2++) {
@@ -103,7 +150,7 @@ function signer(config) {
             };
             if (body) result.body = body;
             return _context.abrupt("return", result);
-          case 24:
+          case 29:
           case "end":
             return _context.stop();
         }
@@ -114,4 +161,6 @@ function signer(config) {
     }
     return sign;
   }();
-}
+}
+
+// stack / simple-pay / patch / hyperbeam / hyperbeam-aos / scheduler / cron

package/cjs/utils.js

@@ -3,16 +3,30 @@
 Object.defineProperty(exports, "__esModule", {
   value: true
 });
-exports.isData = exports.isCheckComplete = exports.getTagVal = exports.getTag = exports.dirname = exports.checkTag = exports.buildTags = exports.allChecked = exports.action = void 0;
+exports.getTagVal = exports.getTag = exports.dirname = exports.checkTag = exports.buildTags = exports.allChecked = exports.action = void 0;
+Object.defineProperty(exports, "hmacid", {
+  enumerable: true,
+  get: function get() {
+    return _id.generateHmacCommitmentId;
+  }
+});
+exports.isData = exports.isCheckComplete = void 0;
 exports.isJSON = isJSON;
 exports.optServer = exports.optAO = exports.mergeOut = exports.mergeChecks = exports.ltags = exports.jsonToStr = exports.isRegExp = exports.isOutComplete = exports.isLocalhost = void 0;
 exports.parseSignatureInput = parseSignatureInput;
+Object.defineProperty(exports, "rsaid", {
+  enumerable: true,
+  get: function get() {
+    return _id.generateRsaCommitmentId;
+  }
+});
 exports.tags = exports.tagEq = exports.tag = exports.srcs = exports.searchTag = void 0;
 exports.toANS104Request = toANS104Request;
 exports.toAddr = toAddr;
 exports.wait = exports.validAddress = exports.udl = exports.toGraphObj = void 0;
 var _graphql = require("graphql");
 var _fastSha = _interopRequireDefault(require("fast-sha256"));
+var _id = require("./id.js");
 var _ramda = require("ramda");
 function _interopRequireDefault(e) { return e && e.__esModule ? e : { "default": e }; }
 function _slicedToArray(r, e) { return _arrayWithHoles(r) || _iterableToArrayLimit(r, e) || _unsupportedIterableToArray(r, e) || _nonIterableRest(); }