UNPKG

@aptos-labs/siwa

Version:

Library of utilities for Sign in with Aptos

github.com/aptos-labs/sign-in-with-aptos

aptos-labs/sign-in-with-aptos

1 lines 32.7 kB
1
{"version":3,"sources":["../../src/legacy/core.ts","../../src/core.ts","../../src/internal.ts","../../src/signatures.ts","../../src/utils.ts","../../src/deps.ts","../../src/legacy/serializers.ts"],"sourcesContent":["import {\n AccountAddress,\n AccountPublicKey,\n type Aptos,\n Hex,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n} from \"@aptos-labs/wallet-standard\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { createSignInMessage } from \"../core.js\";\nimport { mainnet } from \"../internal.js\";\nimport { verifySignature } from \"../signatures.js\";\nimport type { VerificationError } from \"../types.js\";\n\nexport type VerificationFullMessageError = \"invalid_full_message\";\n\ntype LegacyVerificationError = VerificationError | VerificationFullMessageError;\n\nexport type LegacyVerificationResult<T> =\n | { valid: true; data: T }\n | { valid: false; errors: LegacyVerificationError[] };\n\nexport const createLegacySignInMessage = (\n input: AptosSignInInput & AptosSignInBoundFields,\n) => {\n let message = createSignInMessage(input);\n message += `\\n\\nHash: ${Hex.fromHexInput(sha3_256(message)).toString()}`;\n return message;\n};\n\nexport const verifyLegacySignIn = async (\n input: AptosSignInInput & AptosSignInBoundFields,\n output: {\n publicKey: PublicKey;\n signature: Signature;\n message: string;\n },\n options: { aptos?: Aptos } = {},\n): Promise<\n LegacyVerificationResult<AptosSignInInput & AptosSignInBoundFields>\n> => {\n const embeddedMessage = createLegacySignInMessage(input);\n\n if (!output.message.includes(embeddedMessage)) {\n return { valid: false, errors: [\"invalid_full_message\"] };\n }\n\n if (!(output.publicKey instanceof AccountPublicKey)) {\n return { valid: false, errors: [\"invalid_public_key\"] };\n }\n\n const authKey = output.publicKey.authKey().derivedAddress();\n\n const originalAddress = await (\n options.aptos ?? mainnet\n ).lookupOriginalAccountAddress({ authenticationKey: authKey });\n\n if (\n !AccountAddress.from(input.address, {\n maxMissingChars: 63,\n }).equals(originalAddress)\n ) {\n return { valid: false, errors: [\"invalid_auth_key\"] };\n }\n\n const isSignatureValid = await verifySignature(\n {\n publicKey: output.publicKey,\n signature: output.signature,\n signingMessage: output.message,\n },\n { aptos: options.aptos },\n );\n\n if (!isSignatureValid) return { valid: false, errors: [\"invalid_signature\"] };\n\n return { valid: true, data: input };\n};\n","import {\n AccountAddress,\n AccountPublicKey,\n type Aptos,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport type {\n AptosSignInBoundFields,\n AptosSignInInput,\n} from \"@aptos-labs/wallet-standard\";\nimport { sha3_256 } from \"@noble/hashes/sha3\";\nimport { arraysEqual, asyncTryOrDefault, mainnet } from \"./internal.js\";\nimport { verifySignature } from \"./signatures.js\";\nimport type {\n VerificationError,\n VerificationMessageError,\n VerificationResult,\n VerificationResultWithData,\n} from \"./types.js\";\n\n/**\n * Create a SIWA message from the input following the ABNF format defined in the Sign in with Aptos specifications.\n *\n * @param input The input to create the SIWA message from.\n *\n * @returns The SIWA message text.\n */\nexport function createSignInMessage(\n input: AptosSignInInput & AptosSignInBoundFields,\n): string {\n let message = `${input.domain} wants you to sign in with your Aptos account:\\n`;\n message += `${input.address}`;\n\n if (input.statement) {\n message += `\\n\\n${input.statement}`;\n }\n\n const fields: string[] = [];\n if (input.uri) {\n fields.push(`URI: ${input.uri}`);\n }\n if (input.version) {\n fields.push(`Version: ${input.version}`);\n }\n if (input.nonce) {\n fields.push(`Nonce: ${input.nonce}`);\n }\n if (input.issuedAt) {\n fields.push(`Issued At: ${input.issuedAt}`);\n }\n if (input.expirationTime) {\n fields.push(`Expiration Time: ${input.expirationTime}`);\n }\n if (input.notBefore) {\n fields.push(`Not Before: ${input.notBefore}`);\n }\n if (input.requestId) {\n fields.push(`Request ID: ${input.requestId}`);\n }\n if (input.chainId) {\n fields.push(`Chain ID: ${input.chainId}`);\n }\n if (input.resources) {\n fields.push(\"Resources:\");\n for (const resource of input.resources) {\n fields.push(`- ${resource}`);\n }\n }\n\n if (fields.length) {\n message += `\\n\\n${fields.join(\"\\n\")}`;\n }\n\n return message;\n}\n\n/**\n * Generate a signing message using the SIWA signing algorithm.\n * ( sha3_256(b\"SIGN_IN_WITH_APTOS::\" ) || <message> )\n *\n * @param message The SIWA message to sign.\n *\n * @returns The signing message.\n */\nexport function createSignInSigningMessage(message: string): Uint8Array {\n const domainSeparator = \"SIGN_IN_WITH_APTOS::\";\n const domainSeparatorHash = sha3_256(domainSeparator);\n return new Uint8Array([\n ...domainSeparatorHash,\n ...new TextEncoder().encode(message),\n ]);\n}\n\nconst DOMAIN =\n \"(?<domain>[^\\\\n]+?) wants you to sign in with your Aptos account:\\\\n\";\nconst ADDRESS = \"(?<address>[^\\\\n]+)(?:\\\\n|$)\";\nconst STATEMENT = \"(?:\\\\n(?<statement>[\\\\S\\\\s]*?)(?:\\\\n|$))??\";\nconst URI = \"(?:\\\\nURI: (?<uri>[^\\\\n]+))?\";\nconst VERSION = \"(?:\\\\nVersion: (?<version>[^\\\\n]+))?\";\nconst NONCE = \"(?:\\\\nNonce: (?<nonce>[^\\\\n]+))?\";\nconst ISSUED_AT = \"(?:\\\\nIssued At: (?<issuedAt>[^\\\\n]+))?\";\nconst EXPIRATION_TIME = \"(?:\\\\nExpiration Time: (?<expirationTime>[^\\\\n]+))?\";\nconst NOT_BEFORE = \"(?:\\\\nNot Before: (?<notBefore>[^\\\\n]+))?\";\nconst REQUEST_ID = \"(?:\\\\nRequest ID: (?<requestId>[^\\\\n]+))?\";\nconst CHAIN_ID = \"(?:\\\\nChain ID: (?<chainId>[^\\\\n]+))?\";\nconst RESOURCES = \"(?:\\\\nResources:(?<resources>(?:\\\\n- [^\\\\n]+)*))?\";\nconst FIELDS = `${URI}${VERSION}${NONCE}${ISSUED_AT}${EXPIRATION_TIME}${NOT_BEFORE}${REQUEST_ID}${CHAIN_ID}${RESOURCES}`;\nconst MESSAGE = new RegExp(`^${DOMAIN}${ADDRESS}${STATEMENT}${FIELDS}\\\\n*$`);\n\n/**\n * Parse a SIWA message into an `AptosSignInInput` object with the required fields.\n *\n * @param text The SIWA message to parse.\n *\n * @returns The parsed `AptosSignInInput` object with the required fields.\n */\nexport function parseSignInMessage(\n text: string,\n): VerificationResultWithData<AptosSignInInput & AptosSignInBoundFields> {\n const match = MESSAGE.exec(text);\n if (!match) return { valid: false, errors: [\"invalid_message\"] };\n\n const groups = match.groups;\n if (!groups) return { valid: false, errors: [\"invalid_message\"] };\n\n const errors: VerificationMessageError[] = [];\n\n if (!groups.domain || groups.domain === \"undefined\")\n errors.push(\"message_domain_missing\");\n if (!groups.address || groups.address === \"undefined\")\n errors.push(\"message_address_missing\");\n if (!groups.version || groups.version === \"undefined\")\n errors.push(\"message_version_missing\");\n if (!groups.chainId || groups.chainId === \"undefined\")\n errors.push(\"message_chain_id_missing\");\n\n if (errors.length) return { valid: false, errors };\n\n return {\n valid: true,\n data: {\n domain: groups.domain,\n address: groups.address,\n statement: groups.statement,\n uri: groups.uri,\n version: groups.version,\n nonce: groups.nonce,\n chainId: groups.chainId,\n issuedAt: groups.issuedAt,\n expirationTime: groups.expirationTime,\n notBefore: groups.notBefore,\n requestId: groups.requestId,\n resources: groups.resources?.split(\"\\n- \").slice(1),\n },\n };\n}\n\n/**\n * Verifies a SIWA plain text message against expected `AptosSignInInput` fields (including required fields).\n *\n * @param params.publicKey The public key of the user that is signing in.\n * @param params.expected The expected fields to verify against the input.\n * @param params.message The SIWA plain text message to verify.\n *\n * @param options.aptosConfig The Aptos configuration to use for the verification.\n * @param options.excludedResources The resources to exclude from the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignInMessage(\n params: {\n publicKey: PublicKey;\n // From the beginning of the flow\n expected: AptosSignInInput & { domain: string };\n // From wallet, AptosSignInOutput\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos; excludedResources?: string[] } = {},\n): Promise<VerificationResult> {\n const { expected, input, publicKey } = params;\n\n if (!(publicKey instanceof AccountPublicKey)) {\n return { valid: false, errors: [\"invalid_public_key\"] };\n }\n\n // 1. Check that the authentication key of the account at `input.address` matches the `PublicKey`'s derived authentication key\n const accountAddress = input.address;\n const accountAuthenticationKey = await asyncTryOrDefault(\n async () =>\n (await (options.aptos ?? mainnet).getAccountInfo({ accountAddress }))\n .authentication_key,\n accountAddress,\n );\n const publicKeyAuthenticationKey = publicKey.authKey().derivedAddress();\n if (\n !AccountAddress.from(accountAuthenticationKey, {\n maxMissingChars: 63,\n }).equals(publicKeyAuthenticationKey)\n ) {\n return { valid: false, errors: [\"invalid_auth_key\"] };\n }\n\n // 2. Check if the `expected` fields match the `input` fields\n const errors: VerificationError[] = [];\n\n if (expected.domain && expected.domain !== input.domain)\n errors.push(\"message_domain_mismatch\");\n if (expected.address && expected.address !== input.address)\n errors.push(\"message_address_mismatch\");\n if (expected.statement !== input.statement)\n errors.push(\"message_statement_mismatch\");\n if (expected.uri && expected.uri !== input.uri)\n errors.push(\"message_uri_mismatch\");\n if (expected.version && expected.version !== input.version)\n errors.push(\"message_version_mismatch\");\n if (expected.chainId && expected.chainId !== input.chainId)\n errors.push(\"message_chain_id_mismatch\");\n if (expected.nonce !== input.nonce) errors.push(\"message_nonce_mismatch\");\n if (expected.issuedAt !== input.issuedAt)\n errors.push(\"message_issued_at_mismatch\");\n if (expected.expirationTime !== input.expirationTime)\n errors.push(\"message_expiration_time_mismatch\");\n if (expected.notBefore !== input.notBefore)\n errors.push(\"message_not_before_mismatch\");\n if (expected.requestId !== input.requestId)\n errors.push(\"message_request_id_mismatch\");\n if (expected.resources) {\n if (!input.resources) {\n errors.push(\"message_resources_missing\");\n } else if (\n !arraysEqual(\n expected.resources,\n input.resources,\n // If there is resource injection, exclude the resource since the expected value is not known\n options?.excludedResources,\n )\n ) {\n errors.push(\"message_resources_mismatch\");\n }\n } else if (input.resources) {\n errors.push(\"message_resources_unexpected\");\n }\n\n // 3. Do timebased comparisons on `expirationTime` and `notBefore`\n const currentTime = new Date();\n\n if (\n expected.expirationTime &&\n currentTime.getTime() >= new Date(expected.expirationTime).getTime()\n ) {\n errors.push(\"message_expired\");\n }\n\n if (\n expected.notBefore &&\n currentTime.getTime() < new Date(expected.notBefore).getTime()\n ) {\n errors.push(\"message_not_yet_valid\");\n }\n\n if (errors.length) return { valid: false, errors };\n\n return { valid: true };\n}\n\n/**\n * Using the `publicKey` and `signature`, verify that the `signature` is valid for the `message`.\n *\n * @param output The `AptosSignInOutput` to verify against the input.\n *\n * @returns The `AptosSignInInput` fields that are parsed from the message.\n */\nexport async function verifySignInSignature(\n output: {\n publicKey: PublicKey;\n signature: Signature;\n input: AptosSignInInput & AptosSignInBoundFields;\n },\n options: { aptos?: Aptos } = {},\n): Promise<VerificationResult> {\n const siwaMessage = createSignInMessage(output.input);\n\n const signingMessage = createSignInSigningMessage(siwaMessage);\n\n const isSignatureValid = await verifySignature(\n {\n publicKey: output.publicKey,\n signature: output.signature,\n signingMessage,\n },\n options,\n );\n if (!isSignatureValid) return { valid: false, errors: [\"invalid_signature\"] };\n\n return { valid: true };\n}\n","import { Aptos, AptosConfig, Network } from \"@aptos-labs/ts-sdk\";\n\n/**\n * @internal\n *\n * Type with a numeric `length` and numerically indexed elements of a generic type `T`.\n *\n * For example, `Array<T>` and `Uint8Array`.\n *\n * @group Internal\n */\nexport interface Indexed<T> {\n length: number;\n [index: number]: T;\n}\n\n/**\n * @internal\n *\n * Efficiently compare {@link Indexed} arrays (e.g. `Array` and `Uint8Array`).\n *\n * @param a An array.\n * @param b Another array.\n * @param excludedValues Values to exclude from `a` the comparison.\n *\n * @return `true` if the arrays have the same length and elements, `false` otherwise.\n *\n * @group Internal\n */\nexport function arraysEqual<T>(\n a: Indexed<T>,\n b: Indexed<T>,\n excludedValues?: T[],\n): boolean {\n if (a === b) return true;\n\n const length = a.length;\n if (length !== b.length) return false;\n\n for (let i = 0; i < length; i++) {\n if (excludedValues?.includes(a[i])) continue;\n if (a[i] !== b[i]) return false;\n }\n\n return true;\n}\n\n/**\n * @internal\n *\n * Encode a `Uint8Array` to a base64 string.\n *\n * @param bytes A `Uint8Array` to encode.\n *\n * @returns A base64 encoded string.\n *\n * @group Internal\n */\nexport function encodeBase64(bytes: Uint8Array): string {\n const base64Alphabet =\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/\";\n let result = \"\";\n for (let i = 0; i < bytes.byteLength; i += 3) {\n let buffer = 0;\n let bufferBitSize = 0;\n for (let j = 0; j < 3 && i + j < bytes.byteLength; j++) {\n buffer = (buffer << 8) | bytes[i + j];\n bufferBitSize += 8;\n }\n for (let j = 0; j < 4; j++) {\n if (bufferBitSize >= 6) {\n result += base64Alphabet[(buffer >> (bufferBitSize - 6)) & 0x3f];\n bufferBitSize -= 6;\n } else if (bufferBitSize > 0) {\n result += base64Alphabet[(buffer << (6 - bufferBitSize)) & 0x3f];\n bufferBitSize = 0;\n }\n }\n }\n return result;\n}\n\nexport async function asyncTryOrDefault<T>(\n fn: () => Promise<T>,\n defaultValue: T,\n): Promise<T> {\n try {\n return await fn();\n } catch (_) {\n return defaultValue;\n }\n}\n\nexport const mainnet = new Aptos(new AptosConfig({ network: Network.MAINNET }));\n","import {\n type Aptos,\n Hex,\n type HexInput,\n type PublicKey,\n type Signature,\n} from \"@aptos-labs/ts-sdk\";\nimport { mainnet } from \"./internal.js\";\n\n/**\n * Helper function to convert a message to sign or to verify to a valid message input\n *\n * @param message a message as a string or Uint8Array\n *\n * @returns a valid HexInput - string or Uint8Array\n * @group Implementation\n * @category Serialization\n */\nexport const convertSigningMessage = (message: HexInput): HexInput => {\n // if message is of type string, verify it is a valid Hex string\n if (typeof message === \"string\") {\n const isValid = Hex.isValid(message);\n // If message is not a valid Hex string, convert it\n if (!isValid.valid) {\n return new TextEncoder().encode(message);\n }\n // If message is a valid Hex string, return it\n return message;\n }\n // message is a Uint8Array\n return message;\n};\n\n/**\n * Verifies a signature using the Sign in with Aptos signing algorithm.\n *\n * @param output The AptosSignInOutput to verify the signature against.\n * @param options The options to use for the verification.\n *\n * @returns The verification result.\n */\nexport async function verifySignature(\n params: {\n publicKey: PublicKey;\n signature: Signature;\n signingMessage: HexInput;\n },\n options: { aptos?: Aptos } = {},\n): Promise<boolean> {\n return params.publicKey.verifySignatureAsync({\n aptosConfig: options.aptos?.config ?? mainnet.config,\n message: convertSigningMessage(params.signingMessage),\n signature: params.signature,\n });\n}\n","import {\n AnyPublicKey,\n AnySignature,\n Deserializer,\n Ed25519PublicKey,\n Ed25519Signature,\n Hex,\n type HexInput,\n MultiEd25519PublicKey,\n MultiEd25519Signature,\n MultiKey,\n MultiKeySignature,\n type PublicKey,\n type Signature,\n SigningScheme,\n} from \"@aptos-labs/ts-sdk\";\nimport {\n tryImportDerivedWalletEthereum,\n tryImportDerivedWalletSolana,\n} from \"./deps.js\";\nimport { encodeBase64 } from \"./internal.js\";\n\n/**\n * Check if the scheme is a valid public key scheme\n *\n * @param scheme The scheme to check.\n *\n * @returns True if the scheme is a valid public key scheme, false otherwise.\n */\nexport const isValidPublicKeyScheme = (\n scheme: string,\n): scheme is\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\"\n | \"solana_derived\"\n | \"ethereum_derived\" => {\n return (\n scheme === \"ed25519\" ||\n scheme === \"multi_ed25519\" ||\n scheme === \"single_key\" ||\n scheme === \"multi_key\" ||\n scheme === \"solana_derived\" ||\n scheme === \"ethereum_derived\"\n );\n};\n\n/**\n * Get the signing scheme of a public key.\n *\n * @param value The public key or signing scheme to get the scheme of.\n *\n * @returns The signing scheme of the public key.\n */\nexport async function getSignInPublicKeyScheme(\n value: SigningScheme | PublicKey,\n): Promise<string> {\n // If the value is a PublicKey\n if (typeof value === \"object\") {\n if (Ed25519PublicKey.isInstance(value)) {\n return \"ed25519\";\n }\n if (AnyPublicKey.isInstance(value)) {\n return \"single_key\";\n }\n if (MultiKey.isInstance(value)) {\n return \"multi_key\";\n }\n if (value instanceof MultiEd25519PublicKey) {\n return \"multi_ed25519\";\n }\n const solanaWallet = await tryImportDerivedWalletSolana();\n if (solanaWallet?.SolanaDerivedPublicKey.isInstance(value)) {\n return \"solana_derived\";\n }\n const ethereumWallet = await tryImportDerivedWalletEthereum();\n if (ethereumWallet?.EIP1193DerivedPublicKey.isInstance(value)) {\n return \"ethereum_derived\";\n }\n throw new Error(`Unknown public key type for instance: ${value}`);\n }\n\n // If the value is a SigningScheme\n switch (value) {\n case SigningScheme.Ed25519:\n return \"ed25519\";\n case SigningScheme.MultiEd25519:\n return \"multi_ed25519\";\n case SigningScheme.SingleKey:\n return \"single_key\";\n case SigningScheme.MultiKey:\n return \"multi_key\";\n default:\n throw new Error(`Unknown public key type for signing scheme: ${value}`);\n }\n}\n\n/**\n * Deserialize a public key from a hex string.\n *\n * @param scheme The signing scheme of the public key.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized public key.\n */\nexport async function deserializeSignInPublicKey(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\"\n | \"solana_derived\"\n | \"ethereum_derived\",\n value: HexInput,\n): Promise<PublicKey> {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519PublicKey.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519PublicKey.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnyPublicKey.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKey.deserialize(deserializer);\n default:\n throw new Error(\n `Unknown public key type for signing scheme: ${scheme}`,\n );\n }\n }\n\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519PublicKey.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519PublicKey.deserialize(deserializer);\n case \"single_key\":\n return AnyPublicKey.deserialize(deserializer);\n case \"multi_key\":\n return MultiKey.deserialize(deserializer);\n case \"solana_derived\": {\n const solanaWallet = await tryImportDerivedWalletSolana();\n if (!solanaWallet) {\n throw new Error(\"Solana derived public key is not supported\");\n }\n return solanaWallet.SolanaDerivedPublicKey.deserialize(deserializer);\n }\n case \"ethereum_derived\": {\n const ethereumWallet = await tryImportDerivedWalletEthereum();\n if (!ethereumWallet) {\n throw new Error(\"Ethereum derived public key is not supported\");\n }\n return ethereumWallet.EIP1193DerivedPublicKey.deserialize(deserializer);\n }\n default:\n throw new Error(`Unknown public key type: ${scheme}`);\n }\n}\n\n/**\n * Deserialize a signature from a hex string.\n *\n * @param scheme The signing scheme of the signature.\n * @param value The hex string to deserialize.\n *\n * @returns The deserialized signature.\n */\nexport async function deserializeSignInSignature(\n scheme:\n | SigningScheme\n | \"ed25519\"\n | \"multi_ed25519\"\n | \"single_key\"\n | \"multi_key\"\n | \"solana_derived\"\n | \"ethereum_derived\",\n value: HexInput,\n): Promise<Signature> {\n const deserializer = new Deserializer(Hex.fromHexInput(value).toUint8Array());\n\n if (typeof scheme !== \"string\") {\n switch (scheme) {\n case SigningScheme.Ed25519:\n return Ed25519Signature.deserialize(deserializer);\n case SigningScheme.MultiEd25519:\n return MultiEd25519Signature.deserialize(deserializer);\n case SigningScheme.SingleKey:\n return AnySignature.deserialize(deserializer);\n case SigningScheme.MultiKey:\n return MultiKeySignature.deserialize(deserializer);\n default:\n throw new Error(`Unknown signature type for signing scheme: ${scheme}`);\n }\n }\n // If the type is a string\n switch (scheme) {\n case \"ed25519\":\n return Ed25519Signature.deserialize(deserializer);\n case \"multi_ed25519\":\n return MultiEd25519Signature.deserialize(deserializer);\n case \"single_key\":\n return AnySignature.deserialize(deserializer);\n case \"multi_key\":\n return MultiKeySignature.deserialize(deserializer);\n case \"solana_derived\":\n return Ed25519Signature.deserialize(deserializer);\n case \"ethereum_derived\": {\n const ethereumWallet = await tryImportDerivedWalletEthereum();\n if (!ethereumWallet) {\n throw new Error(\"Ethereum derived signature is not supported\");\n }\n return ethereumWallet.EIP1193PersonalSignature.deserialize(deserializer);\n }\n default:\n throw new Error(`Unknown signature type: ${scheme}`);\n }\n}\n\n/**\n * Generates a random nonce using the `crypto.getRandomValues` API.\n *\n * @returns A random nonce.\n */\nexport function generateNonce(): string {\n const bytes = new Uint8Array(12);\n crypto.getRandomValues(bytes);\n return encodeBase64(bytes);\n}\n","export const tryImportDerivedWalletSolana = async () => {\n try {\n return await import(\n /* webpackIgnore: true */ /* @vite-ignore */ \"@aptos-labs/derived-wallet-solana\"\n );\n } catch {\n return null;\n }\n};\n\nexport const tryImportDerivedWalletEthereum = async () => {\n try {\n return await import(\n /* webpackIgnore: true */ /* @vite-ignore */ \"@aptos-labs/derived-wallet-ethereum\"\n );\n } catch {\n return null;\n }\n};\n","import type { PublicKey, Signature } from \"@aptos-labs/ts-sdk\";\nimport type { AptosSignInOutput } from \"@aptos-labs/wallet-standard\";\nimport {\n deserializeSignInPublicKey,\n deserializeSignInSignature,\n isValidPublicKeyScheme,\n} from \"../utils.js\";\n\nexport const CURRENT_LEGACY_SERIALIZATION_VERSION = \"2\";\n\nexport type LegacySerializationVersion = \"2\";\n\nexport type SerializedLegacyAptosSignInOutput = {\n version: \"2\";\n type: string;\n signature: string;\n message: string;\n publicKey: string;\n};\n\nexport type DeserializedLegacyAptosSignInOutput = {\n version: \"2\";\n type: string;\n signature: Signature;\n message: string;\n publicKey: PublicKey;\n};\n\nexport const serializeLegacySignInOutput = (\n output: Pick<AptosSignInOutput, \"type\" | \"signature\" | \"account\"> & {\n message: string;\n },\n): SerializedLegacyAptosSignInOutput => ({\n version: CURRENT_LEGACY_SERIALIZATION_VERSION,\n type: output.type,\n signature: output.signature.bcsToHex().toString(),\n message: output.message,\n publicKey: output.account.publicKey.bcsToHex().toString(),\n});\n\nexport const deserializeLegacySignInOutput = async (\n serialized: SerializedLegacyAptosSignInOutput,\n): Promise<DeserializedLegacyAptosSignInOutput> => {\n const { version } = serialized;\n\n if (version === \"2\") {\n if (!isValidPublicKeyScheme(serialized.type)) {\n throw new Error(`Unexpected public key scheme: ${serialized.type}`);\n }\n\n return {\n version: \"2\",\n type: serialized.type,\n signature: await deserializeSignInSignature(\n serialized.type,\n serialized.signature,\n ),\n publicKey: await deserializeSignInPublicKey(\n serialized.type,\n serialized.publicKey,\n ),\n message: serialized.message,\n };\n }\n\n throw new Error(`Unexpected serialization version: ${version}`);\n};\n"],"mappings":"AAAA,OACE,kBAAAA,EACA,oBAAAC,EAEA,OAAAC,MAGK,qBAKP,OAAS,YAAAC,MAAgB,qBCZzB,OACE,kBAAAC,GACA,oBAAAC,OAIK,qBAKP,OAAS,YAAAC,OAAgB,qBCXzB,OAAS,SAAAC,EAAO,eAAAC,EAAa,WAAAC,MAAe,qBA6FrC,IAAMC,EAAU,IAAIC,EAAM,IAAIC,EAAY,CAAE,QAASC,EAAQ,OAAQ,CAAC,CAAC,EC7F9E,OAEE,OAAAC,MAIK,qBAYA,IAAMC,EAAyBC,GAEhC,OAAOA,GAAY,SACLC,EAAI,QAAQD,CAAO,EAEtB,MAINA,EAHE,IAAI,YAAY,EAAE,OAAOA,CAAO,EAMpCA,EAWT,eAAsBE,EACpBC,EAKAC,EAA6B,CAAC,EACZ,CAClB,OAAOD,EAAO,UAAU,qBAAqB,CAC3C,YAAaC,EAAQ,OAAO,QAAUC,EAAQ,OAC9C,QAASN,EAAsBI,EAAO,cAAc,EACpD,UAAWA,EAAO,SACpB,CAAC,CACH,CF1BO,SAASG,EACdC,EACQ,CACR,IAAIC,EAAU,GAAGD,EAAM,MAAM;AAAA,EAC7BC,GAAW,GAAGD,EAAM,OAAO,GAEvBA,EAAM,YACRC,GAAW;AAAA;AAAA,EAAOD,EAAM,SAAS,IAGnC,IAAME,EAAmB,CAAC,EAyB1B,GAxBIF,EAAM,KACRE,EAAO,KAAK,QAAQF,EAAM,GAAG,EAAE,EAE7BA,EAAM,SACRE,EAAO,KAAK,YAAYF,EAAM,OAAO,EAAE,EAErCA,EAAM,OACRE,EAAO,KAAK,UAAUF,EAAM,KAAK,EAAE,EAEjCA,EAAM,UACRE,EAAO,KAAK,cAAcF,EAAM,QAAQ,EAAE,EAExCA,EAAM,gBACRE,EAAO,KAAK,oBAAoBF,EAAM,cAAc,EAAE,EAEpDA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,WACRE,EAAO,KAAK,eAAeF,EAAM,SAAS,EAAE,EAE1CA,EAAM,SACRE,EAAO,KAAK,aAAaF,EAAM,OAAO,EAAE,EAEtCA,EAAM,UAAW,CACnBE,EAAO,KAAK,YAAY,EACxB,QAAWC,KAAYH,EAAM,UAC3BE,EAAO,KAAK,KAAKC,CAAQ,EAAE,CAE/B,CAEA,OAAID,EAAO,SACTD,GAAW;AAAA;AAAA,EAAOC,EAAO,KAAK;AAAA,CAAI,CAAC,IAG9BD,CACT,CAmBA,IAAMG,EACJ,uEACIC,EAAU,+BACVC,EAAY,6CACZC,EAAM,+BACNC,EAAU,uCACVC,EAAQ,mCACRC,EAAY,0CACZC,EAAkB,sDAClBC,EAAa,4CACbC,EAAa,4CACbC,EAAW,wCACXC,EAAY,oDACZC,EAAS,GAAGT,CAAG,GAAGC,CAAO,GAAGC,CAAK,GAAGC,CAAS,GAAGC,CAAe,GAAGC,CAAU,GAAGC,CAAU,GAAGC,CAAQ,GAAGC,CAAS,GAChHE,GAAU,IAAI,OAAO,IAAIb,CAAM,GAAGC,CAAO,GAAGC,CAAS,GAAGU,CAAM,OAAO,EDlFpE,IAAME,EACXC,GACG,CACH,IAAIC,EAAUC,EAAoBF,CAAK,EACvC,OAAAC,GAAW;AAAA;AAAA,QAAaE,EAAI,aAAaC,EAASH,CAAO,CAAC,EAAE,SAAS,CAAC,GAC/DA,CACT,EAEaI,GAAqB,MAChCL,EACAM,EAKAC,EAA6B,CAAC,IAG3B,CACH,IAAMC,EAAkBT,EAA0BC,CAAK,EAEvD,GAAI,CAACM,EAAO,QAAQ,SAASE,CAAe,EAC1C,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,sBAAsB,CAAE,EAG1D,GAAI,EAAEF,EAAO,qBAAqBG,GAChC,MAAO,CAAE,MAAO,GAAO,OAAQ,CAAC,oBAAoB,CAAE,EAGxD,IAAMC,EAAUJ,EAAO,UAAU,QAAQ,EAAE,eAAe,EAEpDK,EAAkB,MACtBJ,EAAQ,OAASK,GACjB,6BAA6B,CAAE,kBAAmBF,CAAQ,CAAC,EAE7D,OACGG,EAAe,KAAKb,EAAM,QAAS,CAClC,gBAAiB,EACnB,CAAC,EAAE,OAAOW,CAAe,EAKF,MAAMG,EAC7B,CACE,UAAWR,EAAO,UAClB,UAAWA,EAAO,UAClB,eAAgBA,EAAO,OACzB,EACA,CAAE,MAAOC,EAAQ,KAAM,CACzB,EAIO,CAAE,MAAO,GAAM,KAAMP,CAAM,EAFJ,CAAE,MAAO,GAAO,OAAQ,CAAC,mBAAmB,CAAE,EAZnE,CAAE,MAAO,GAAO,OAAQ,CAAC,kBAAkB,CAAE,CAexD,EIjFA,OACE,gBAAAe,EACA,gBAAAC,EACA,gBAAAC,EACA,oBAAAC,EACA,oBAAAC,EACA,OAAAC,EAEA,yBAAAC,EACA,yBAAAC,EACA,YAAAC,EACA,qBAAAC,EAGA,iBAAAC,MACK,qBCfA,IAAMC,EAA+B,SAAY,CACtD,GAAI,CACF,OAAO,KAAM,QACkC,mCAC/C,CACF,MAAQ,CACN,OAAO,IACT,CACF,EAEaC,EAAiC,SAAY,CACxD,GAAI,CACF,OAAO,KAAM,QACkC,qCAC/C,CACF,MAAQ,CACN,OAAO,IACT,CACF,EDWO,IAAMC,EACXC,GASEA,IAAW,WACXA,IAAW,iBACXA,IAAW,cACXA,IAAW,aACXA,IAAW,kBACXA,IAAW,mBA8Df,eAAsBC,EACpBC,EAQAC,EACoB,CACpB,IAAMC,EAAe,IAAIC,EAAaC,EAAI,aAAaH,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOD,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAKK,EAAc,QACjB,OAAOC,EAAiB,YAAYJ,CAAY,EAClD,KAAKG,EAAc,aACjB,OAAOE,EAAsB,YAAYL,CAAY,EACvD,KAAKG,EAAc,UACjB,OAAOG,EAAa,YAAYN,CAAY,EAC9C,KAAKG,EAAc,SACjB,OAAOI,EAAS,YAAYP,CAAY,EAC1C,QACE,MAAM,IAAI,MACR,+CAA+CF,CAAM,EACvD,CACJ,CAIF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAOM,EAAiB,YAAYJ,CAAY,EAClD,IAAK,gBACH,OAAOK,EAAsB,YAAYL,CAAY,EACvD,IAAK,aACH,OAAOM,EAAa,YAAYN,CAAY,EAC9C,IAAK,YACH,OAAOO,EAAS,YAAYP,CAAY,EAC1C,IAAK,iBAAkB,CACrB,IAAMQ,EAAe,MAAMC,EAA6B,EACxD,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,4CAA4C,EAE9D,OAAOA,EAAa,uBAAuB,YAAYR,CAAY,CACrE,CACA,IAAK,mBAAoB,CACvB,IAAMU,EAAiB,MAAMC,EAA+B,EAC5D,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,8CAA8C,EAEhE,OAAOA,EAAe,wBAAwB,YAAYV,CAAY,CACxE,CACA,QACE,MAAM,IAAI,MAAM,4BAA4BF,CAAM,EAAE,CACxD,CACF,CAUA,eAAsBc,EACpBd,EAQAC,EACoB,CACpB,IAAMC,EAAe,IAAIC,EAAaC,EAAI,aAAaH,CAAK,EAAE,aAAa,CAAC,EAE5E,GAAI,OAAOD,GAAW,SACpB,OAAQA,EAAQ,CACd,KAAKK,EAAc,QACjB,OAAOU,EAAiB,YAAYb,CAAY,EAClD,KAAKG,EAAc,aACjB,OAAOW,EAAsB,YAAYd,CAAY,EACvD,KAAKG,EAAc,UACjB,OAAOY,EAAa,YAAYf,CAAY,EAC9C,KAAKG,EAAc,SACjB,OAAOa,EAAkB,YAAYhB,CAAY,EACnD,QACE,MAAM,IAAI,MAAM,8CAA8CF,CAAM,EAAE,CAC1E,CAGF,OAAQA,EAAQ,CACd,IAAK,UACH,OAAOe,EAAiB,YAAYb,CAAY,EAClD,IAAK,gBACH,OAAOc,EAAsB,YAAYd,CAAY,EACvD,IAAK,aACH,OAAOe,EAAa,YAAYf,CAAY,EAC9C,IAAK,YACH,OAAOgB,EAAkB,YAAYhB,CAAY,EACnD,IAAK,iBACH,OAAOa,EAAiB,YAAYb,CAAY,EAClD,IAAK,mBAAoB,CACvB,IAAMU,EAAiB,MAAMC,EAA+B,EAC5D,GAAI,CAACD,EACH,MAAM,IAAI,MAAM,6CAA6C,EAE/D,OAAOA,EAAe,yBAAyB,YAAYV,CAAY,CACzE,CACA,QACE,MAAM,IAAI,MAAM,2BAA2BF,CAAM,EAAE,CACvD,CACF,CEtNO,IAAMmB,EAAuC,IAoBvCC,GACXC,IAGuC,CACvC,QAASF,EACT,KAAME,EAAO,KACb,UAAWA,EAAO,UAAU,SAAS,EAAE,SAAS,EAChD,QAASA,EAAO,QAChB,UAAWA,EAAO,QAAQ,UAAU,SAAS,EAAE,SAAS,CAC1D,GAEaC,GAAgC,MAC3CC,GACiD,CACjD,GAAM,CAAE,QAAAC,CAAQ,EAAID,EAEpB,GAAIC,IAAY,IAAK,CACnB,GAAI,CAACC,EAAuBF,EAAW,IAAI,EACzC,MAAM,IAAI,MAAM,iCAAiCA,EAAW,IAAI,EAAE,EAGpE,MAAO,CACL,QAAS,IACT,KAAMA,EAAW,KACjB,UAAW,MAAMG,EACfH,EAAW,KACXA,EAAW,SACb,EACA,UAAW,MAAMI,EACfJ,EAAW,KACXA,EAAW,SACb,EACA,QAASA,EAAW,OACtB,CACF,CAEA,MAAM,IAAI,MAAM,qCAAqCC,CAAO,EAAE,CAChE","names":["AccountAddress","AccountPublicKey","Hex","sha3_256","AccountAddress","AccountPublicKey","sha3_256","Aptos","AptosConfig","Network","mainnet","Aptos","AptosConfig","Network","Hex","convertSigningMessage","message","Hex","verifySignature","params","options","mainnet","createSignInMessage","input","message","fields","resource","DOMAIN","ADDRESS","STATEMENT","URI","VERSION","NONCE","ISSUED_AT","EXPIRATION_TIME","NOT_BEFORE","REQUEST_ID","CHAIN_ID","RESOURCES","FIELDS","MESSAGE","createLegacySignInMessage","input","message","createSignInMessage","Hex","sha3_256","verifyLegacySignIn","output","options","embeddedMessage","AccountPublicKey","authKey","originalAddress","mainnet","AccountAddress","verifySignature","AnyPublicKey","AnySignature","Deserializer","Ed25519PublicKey","Ed25519Signature","Hex","MultiEd25519PublicKey","MultiEd25519Signature","MultiKey","MultiKeySignature","SigningScheme","tryImportDerivedWalletSolana","tryImportDerivedWalletEthereum","isValidPublicKeyScheme","scheme","deserializeSignInPublicKey","scheme","value","deserializer","Deserializer","Hex","SigningScheme","Ed25519PublicKey","MultiEd25519PublicKey","AnyPublicKey","MultiKey","solanaWallet","tryImportDerivedWalletSolana","ethereumWallet","tryImportDerivedWalletEthereum","deserializeSignInSignature","Ed25519Signature","MultiEd25519Signature","AnySignature","MultiKeySignature","CURRENT_LEGACY_SERIALIZATION_VERSION","serializeLegacySignInOutput","output","deserializeLegacySignInOutput","serialized","version","isValidPublicKeyScheme","deserializeSignInSignature","deserializeSignInPublicKey"]}