wiki-plugin-shoppe 0.0.41 → 0.0.43

package/CLAUDE.md

@@ -2,7 +2,7 @@
 
 Multi-tenant digital goods shoppe for Federated Wiki, powered by Sanora.
 
-**Current version**: 0.0.35
+**Current version**: 0.0.43
 
 ## Architecture
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wiki-plugin-shoppe",
-  "version": "0.0.41",
+  "version": "0.0.43",
   "description": "Multi-tenant digital goods shoppe for federated wiki, powered by Sanora",
   "keywords": [
     "wiki",

package/server/server.js

@@ -8,6 +8,15 @@ const multer = require('multer');
 const FormData = require('form-data');
 const AdmZip = require('adm-zip');
 const sessionless = require('sessionless-node');
+const { secp256k1: _secp256k1 } = require('ethereum-cryptography/secp256k1');
+const { keccak256: _keccak256 } = require('ethereum-cryptography/keccak.js');
+const { utf8ToBytes: _utf8ToBytes } = require('ethereum-cryptography/utils.js');
+
+// Race-safe signing: bypasses the shared sessionless.getKeys singleton.
+function signMessage(message, privateKey) {
+  const hash = _keccak256(_utf8ToBytes(message));
+  return _secp256k1.sign(hash, privateKey).toCompactHex();
+}
 
 // Stripe is used directly for Terminal (card-present) payments.
 // Set STRIPE_SECRET_KEY in the environment. If absent, Terminal endpoints return 503.
@@ -111,9 +120,8 @@ async function getOrCreateAffiliateAddieUser(shopperePublicKey) {
   if (affiliates[shopperePublicKey]) return affiliates[shopperePublicKey];
 
   const addieKeys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => addieKeys;
   const timestamp = Date.now().toString();
-  const signature = await sessionless.sign(timestamp + addieKeys.pubKey);
+  const signature = signMessage(timestamp + addieKeys.pubKey, addieKeys.privateKey);
 
   const resp = await fetch(`${getAddieUrl()}/user/create`, {
     method: 'PUT',
@@ -142,10 +150,9 @@ async function getOrCreateBuyerAddieUser(recoveryKey, productId) {
   if (buyers[buyerKey]) return buyers[buyerKey];
 
   const addieKeys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => addieKeys;
   const timestamp = Date.now().toString();
   const message = timestamp + addieKeys.pubKey;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, addieKeys.privateKey);
 
   const resp = await fetch(`${getAddieUrl()}/user/create`, {
     method: 'PUT',
@@ -183,10 +190,9 @@ async function getOrCreateBuyerAddieUserByPubKey(pubKey, productId) {
   if (buyers[buyerKey]) return buyers[buyerKey];
 
   const addieKeys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => addieKeys;
   const timestamp = Date.now().toString();
   const message = timestamp + addieKeys.pubKey;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, addieKeys.privateKey);
 
   const resp = await fetch(`${getAddieUrl()}/user/create`, {
     method: 'PUT',
@@ -208,9 +214,8 @@ async function getOrCreateBuyerAddieUserByPubKey(pubKey, productId) {
 async function hasPurchasedByPubKey(tenant, pubKey, productId) {
   const orderKey = crypto.createHash('sha256').update(pubKey + productId).digest('hex');
   const sanoraUrl = getSanoraUrl();
-  sessionless.getKeys = () => tenant.keys;
   const timestamp = Date.now().toString();
-  const signature = await sessionless.sign(timestamp + tenant.uuid);
+  const signature = signMessage(timestamp + tenant.uuid, tenant.keys.privateKey);
   try {
     const resp = await fetch(
       `${sanoraUrl}/user/${tenant.uuid}/orders/${encodeURIComponent(productId)}` +
@@ -479,10 +484,9 @@ function generateEmojicode(tenants) {
 
 async function addieCreateUser() {
   const addieKeys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => addieKeys;
   const timestamp = Date.now().toString();
   const message = timestamp + addieKeys.pubKey;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, addieKeys.privateKey);
 
   const resp = await fetch(`${getAddieUrl()}/user/create`, {
     method: 'PUT',
@@ -501,10 +505,9 @@ async function registerTenant(name) {
 
   // Create a dedicated Sanora user for this tenant
   const keys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => keys;
   const timestamp = Date.now().toString();
   const message = timestamp + keys.pubKey;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const resp = await fetch(`${getSanoraUrl()}/user/create`, {
     method: 'PUT',
@@ -605,8 +608,7 @@ async function sanoraEnsureUser(tenant) {
   const { keys } = tenant;
   const timestamp = Date.now().toString();
   const message = timestamp + keys.pubKey;
-  sessionless.getKeys = () => keys;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const resp = await fetch(`${getSanoraUrl()}/user/create`, {
     method: 'PUT',
@@ -656,8 +658,7 @@ async function sanoraCreateProduct(tenant, title, category, description, price,
   const safePrice = price || 0;
   const message = timestamp + uuid + title + (description || '') + safePrice;
 
-  sessionless.getKeys = () => keys;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const resp = await fetchWithRetry(
     `${getSanoraUrl()}/user/${uuid}/product/${encodeURIComponent(title)}`,
@@ -707,9 +708,8 @@ async function sanoraCreateProductResilient(tenant, title, category, description
 async function sanoraUploadArtifact(tenant, title, fileBuffer, filename, artifactType) {
   const { uuid, keys } = tenant;
   const timestamp = Date.now().toString();
-  sessionless.getKeys = () => keys;
   const message = timestamp + uuid + title;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const form = new FormData();
   form.append('artifact', fileBuffer, { filename, contentType: getMimeType(filename) });
@@ -741,9 +741,8 @@ async function sanoraUploadArtifact(tenant, title, fileBuffer, filename, artifac
 async function sanoraUploadImage(tenant, title, imageBuffer, filename) {
   const { uuid, keys } = tenant;
   const timestamp = Date.now().toString();
-  sessionless.getKeys = () => keys;
   const message = timestamp + uuid + title;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const form = new FormData();
   form.append('image', imageBuffer, { filename, contentType: getMimeType(filename) });
@@ -778,8 +777,7 @@ async function sanoraDeleteProduct(tenant, title) {
   const timestamp = Date.now().toString();
   const message = timestamp + uuid + title;
 
-  sessionless.getKeys = () => keys;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   await fetch(
     `${getSanoraUrl()}/user/${uuid}/product/${encodeURIComponent(title)}?timestamp=${timestamp}&signature=${encodeURIComponent(signature)}`,
@@ -792,10 +790,9 @@ async function sanoraDeleteProduct(tenant, title) {
 async function lucilleCreateUser(lucilleUrl) {
   const url = lucilleUrl || getLucilleUrl();
   const keys = await sessionless.generateKeys(() => {}, () => null);
-  sessionless.getKeys = () => keys;
   const timestamp = Date.now().toString();
   const message = timestamp + keys.pubKey;
-  const signature = await sessionless.sign(message);
+  const signature = signMessage(message, keys.privateKey);
 
   const resp = await fetch(`${url}/user/create`, {
     method: 'PUT',
@@ -824,8 +821,7 @@ async function lucilleRegisterVideo(tenant, title, description, tags, lucilleUrl
   const { lucilleKeys } = tenant;
   if (!lucilleKeys) throw new Error('Tenant has no Lucille user — re-register to enable video uploads');
   const timestamp = Date.now().toString();
-  sessionless.getKeys = () => lucilleKeys;
-  const signature = await sessionless.sign(timestamp + lucilleKeys.pubKey);
+  const signature = signMessage(timestamp + lucilleKeys.pubKey, lucilleKeys.privateKey);
 
   const resp = await fetch(
     `${url}/user/${lucilleKeys.uuid}/video/${encodeURIComponent(title)}`,
@@ -846,8 +842,7 @@ async function lucilleUploadVideo(tenant, title, fileBuffer, filename, lucilleUr
   const { lucilleKeys } = tenant;
   if (!lucilleKeys) throw new Error('Tenant has no Lucille user');
   const timestamp = Date.now().toString();
-  sessionless.getKeys = () => lucilleKeys;
-  const signature = await sessionless.sign(timestamp + lucilleKeys.pubKey);
+  const signature = signMessage(timestamp + lucilleKeys.pubKey, lucilleKeys.privateKey);
 
   const form = new FormData();
   form.append('video', fileBuffer, { filename, contentType: getMimeType(filename) });
@@ -1616,9 +1611,8 @@ async function getAppointmentSchedule(tenant, product) {
 async function getBookedSlots(tenant, productId) {
   const sanoraUrl = getSanoraUrl();
   const tenantKeys = tenant.keys;
-  sessionless.getKeys = () => tenantKeys;
   const timestamp = Date.now().toString();
-  const signature = await sessionless.sign(timestamp + tenant.uuid);
+  const signature = signMessage(timestamp + tenant.uuid, tenantKeys.privateKey);
   const resp = await fetch(
     `${sanoraUrl}/user/${tenant.uuid}/orders/${encodeURIComponent(productId)}?timestamp=${timestamp}&signature=${encodeURIComponent(signature)}`
   );
@@ -1695,9 +1689,8 @@ async function getSubscriptionStatus(tenant, productId, recoveryKey) {
   const orderKey  = crypto.createHash('sha256').update(recoveryKey + productId).digest('hex');
   const sanoraUrl = getSanoraUrl();
   const tenantKeys = tenant.keys;
-  sessionless.getKeys = () => tenantKeys;
   const timestamp = Date.now().toString();
-  const signature = await sessionless.sign(timestamp + tenant.uuid);
+  const signature = signMessage(timestamp + tenant.uuid, tenantKeys.privateKey);
   try {
     const resp = await fetch(
       `${sanoraUrl}/user/${tenant.uuid}/orders/${encodeURIComponent(productId)}?timestamp=${timestamp}&signature=${encodeURIComponent(signature)}`
@@ -1748,12 +1741,11 @@ async function getAllOrders(tenant) {
     console.warn(`[shoppe] getAllOrders: Sanora unreachable — ${err.message}`);
   }
 
-  sessionless.getKeys = () => tenant.keys;
 
   const results = [];
   for (const [title, product] of Object.entries(products)) {
     const timestamp = Date.now().toString();
-    const signature = await sessionless.sign(timestamp + tenant.uuid);
+    const signature = signMessage(timestamp + tenant.uuid, tenant.keys.privateKey);
     try {
       const resp = await fetch(
         `${sanoraUrl}/user/${tenant.uuid}/orders/${encodeURIComponent(product.productId)}` +
@@ -3426,10 +3418,9 @@ async function startServer(params) {
       }
 
       const addieKeys = { pubKey: tenant.addieKeys.pubKey, privateKey: tenant.addieKeys.privateKey };
-      sessionless.getKeys = () => addieKeys;
       const timestamp = Date.now().toString();
       const message   = timestamp + tenant.addieKeys.uuid;
-      const signature = await sessionless.sign(message);
+      const signature = signMessage(message, addieKeys.privateKey);
 
       const wikiOrigin = `${reqProto(req)}://${req.get('host')}`;
       const returnUrl  = `${wikiOrigin}/plugin/shoppe/${tenant.uuid}/payouts/return`;
@@ -3673,9 +3664,8 @@ async function startServer(params) {
           : tenant.addieKeys ? [{ pubKey: tenant.addieKeys.pubKey, amount }] : [];
       }
       const buyerKeys = { pubKey: buyer.pubKey, privateKey: buyer.privateKey };
-      sessionless.getKeys = () => buyerKeys;
       const intentTimestamp = Date.now().toString();
-      const intentSignature = await sessionless.sign(intentTimestamp + buyer.uuid + amount + 'USD');
+      const intentSignature = signMessage(intentTimestamp + buyer.uuid + amount + 'USD', buyerKeys.privateKey);
       const intentResp = await fetch(`${getAddieUrl()}/user/${buyer.uuid}/processor/stripe/intent`, {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
@@ -3728,9 +3718,8 @@ async function startServer(params) {
         // Shoppere subscription: orderKey = sha256(pubKey + productId)
         const orderKey = crypto.createHash('sha256').update(pubKey + productId).digest('hex');
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const ts  = Date.now().toString();
-        const sig = await sessionless.sign(ts + tenant.uuid);
+        const sig = signMessage(ts + tenant.uuid, tenantKeys.privateKey);
         const order = { orderKey, pubKey, paidAt: Date.now(), title, productId, renewalDays: renewalDays || 30, status: 'active' };
         await fetch(`${sanoraUrlInternal}/user/${tenant.uuid}/orders`, {
           method: 'PUT',
@@ -3745,9 +3734,8 @@ async function startServer(params) {
         // Shoppere appointment: record booking with pubKey credential
         const orderKey = crypto.createHash('sha256').update(pubKey + productId).digest('hex');
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const bookingTimestamp = Date.now().toString();
-        const bookingSignature = await sessionless.sign(bookingTimestamp + tenant.uuid);
+        const bookingSignature = signMessage(bookingTimestamp + tenant.uuid, tenantKeys.privateKey);
         const order = {
           orderKey,
           pubKey,
@@ -3770,9 +3758,8 @@ async function startServer(params) {
         // Shoppere digital product: record purchase with pubKey as credential
         const orderKey = crypto.createHash('sha256').update(pubKey + productId).digest('hex');
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const ts  = Date.now().toString();
-        const sig = await sessionless.sign(ts + tenant.uuid);
+        const sig = signMessage(ts + tenant.uuid, tenantKeys.privateKey);
         const order = { orderKey, pubKey, paidAt: Date.now(), title, productId, status: 'purchased' };
         await fetch(`${sanoraUrlInternal}/user/${tenant.uuid}/orders`, {
           method: 'PUT',
@@ -3780,7 +3767,15 @@ async function startServer(params) {
           body: JSON.stringify({ timestamp: ts, signature: sig, order })
         });
         triggerTransfer();
-        return res.json({ success: true });
+        // Return a download URL for digital goods so the Shoppere app can open the content
+        const sanoraUrl = getSanoraUrl();
+        const products = await fetchWithRetry(`${sanoraUrl}/products/${tenant.uuid}`).then(r => r.ok ? r.json() : {});
+        const product = Object.values(products).find(p => p.uuid === productId || p.title === title);
+        let downloadUrl = null;
+        if (product && ['book', 'post', 'video'].includes(product.category)) {
+          downloadUrl = `https://${req.get('host')}/plugin/shoppe/${tenant.uuid}/download/${encodeURIComponent(product.title)}`;
+        }
+        return res.json({ success: true, downloadUrl });
       }
 
       // ── Legacy recovery key paths ─────────────────────────────────────────
@@ -3790,9 +3785,8 @@ async function startServer(params) {
         // The recovery key itself is never stored; orderKey = sha256(recoveryKey + productId).
         const orderKey = crypto.createHash('sha256').update(recoveryKey + productId).digest('hex');
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const ts  = Date.now().toString();
-        const sig = await sessionless.sign(ts + tenant.uuid);
+        const sig = signMessage(ts + tenant.uuid, tenantKeys.privateKey);
         const order = { orderKey, paidAt: Date.now(), title, productId, renewalDays: renewalDays || 30, status: 'active' };
         await fetch(`${sanoraUrlInternal}/user/${tenant.uuid}/orders`, {
           method: 'PUT',
@@ -3811,9 +3805,8 @@ async function startServer(params) {
 
         // Record the booking in Sanora (contact info flows through the server, never direct from browser)
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const bookingTimestamp = Date.now().toString();
-        const bookingSignature = await sessionless.sign(bookingTimestamp + tenant.uuid);
+        const bookingSignature = signMessage(bookingTimestamp + tenant.uuid, tenantKeys.privateKey);
         const order = {
           productId,
           title,
@@ -3843,9 +3836,8 @@ async function startServer(params) {
         // Physical product — record order in Sanora signed by the tenant.
         // The shippingAddress is collected here (post-payment) and sent once, server-side.
         const tenantKeys = tenant.keys;
-        sessionless.getKeys = () => tenantKeys;
         const orderTimestamp = Date.now().toString();
-        const orderSignature = await sessionless.sign(orderTimestamp + tenant.uuid);
+        const orderSignature = signMessage(orderTimestamp + tenant.uuid, tenantKeys.privateKey);
         const order = {
           productId,
           title,
@@ -3964,8 +3956,7 @@ async function startServer(params) {
       // Record order in Sanora (fire-and-forget)
       if (productId && tenant.keys) {
         const ts = Date.now().toString();
-        sessionless.getKeys = () => tenant.keys;
-        const orderSig = await sessionless.sign(ts + tenant.uuid).catch(() => null);
+        const orderSig = signMessage(ts + tenant.uuid).catch(() => null, tenant.keys.privateKey);
         if (orderSig) {
           const order = {
             productId,
@@ -4127,8 +4118,7 @@ async function startServer(params) {
       const { uuid: lucilleUuid, pubKey, privateKey } = tenant.lucilleKeys;
 
       const timestamp = Date.now().toString();
-      sessionless.getKeys = () => ({ pubKey, privateKey });
-      const signature = await sessionless.sign(timestamp + pubKey);
+      const signature = signMessage(timestamp + pubKey, privateKey);
 
       const uploadUrl = `${lucilleBase}/user/${lucilleUuid}/video/${encodeURIComponent(title)}/file`;
       res.json({ uploadUrl, timestamp, signature });