UNPKG

@chainlink/functions-toolkit

Version:

An NPM package with collection of functions that can be used for working with Chainlink Functions.

github.com/smartcontractkit/functions-toolkit

smartcontractkit/functions-toolkit

348 lines (347 loc) 15.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.SecretsManager = void 0; const axios_1 = __importDefault(require("axios")); const cbor_1 = __importDefault(require("cbor")); const ethers_1 = require("ethers"); const eth_crypto_1 = __importDefault(require("eth-crypto")); const tdh2_js_1 = require("./tdh2.js"); const v1_contract_sources_1 = require("./v1_contract_sources"); class SecretsManager { signer; functionsRouter; functionsCoordinator; donId; initialized = false; constructor({ signer, functionsRouterAddress, donId, }) { this.signer = signer; this.donId = donId; if (!signer.provider) { throw Error('The signer used to instantiate the Secrets Manager must have a provider'); } this.functionsRouter = new ethers_1.Contract(functionsRouterAddress, v1_contract_sources_1.FunctionsRouterSource.abi, signer); } async initialize() { const donIdBytes32 = ethers_1.utils.formatBytes32String(this.donId); let functionsCoordinatorAddress; try { functionsCoordinatorAddress = await this.functionsRouter.getContractById(donIdBytes32); } catch (error) { throw Error(`${error}\n\nError encountered when attempting to fetch the FunctionsCoordinator address.\nEnsure the FunctionsRouter address and donId are correct and that that the provider is able to connect to the blockchain.`); } this.functionsCoordinator = new ethers_1.Contract(functionsCoordinatorAddress, v1_contract_sources_1.FunctionsCoordinatorSource.abi, this.signer); this.initialized = true; } isInitialized = () => { if (!this.initialized) { throw Error('SecretsManager has not been initialized. Call the initialize() method first.'); } }; /** * @returns a Promise that resolves to an object that contains the DONpublicKey and an object that maps node addresses to their public keys */ async fetchKeys() { this.isInitialized(); const thresholdPublicKeyBytes = await this.functionsCoordinator.getThresholdPublicKey(); const thresholdPublicKey = JSON.parse(Buffer.from(thresholdPublicKeyBytes.slice(2), 'hex').toString('utf-8')); const donPublicKey = (await this.functionsCoordinator.getDONPublicKey()).slice(2); return { thresholdPublicKey, donPublicKey }; } async encryptSecretsUrls(secretsUrls) { if (!Array.isArray(secretsUrls) || secretsUrls.length === 0) { throw Error('Must provide an array of secrets URLs'); } if (!secretsUrls.every(url => typeof url === 'string')) { throw Error('All secrets URLs must be strings'); } try { secretsUrls.forEach(url => new URL(url)); } catch (e) { throw Error(`Error encountered when attempting to validate a secrets URL: ${e}`); } const donPublicKey = (await this.fetchKeys()).donPublicKey; const encrypted = await eth_crypto_1.default.encryptWithPublicKey(donPublicKey, secretsUrls.join(' ')); return '0x' + eth_crypto_1.default.cipher.stringify(encrypted); } async verifyOffchainSecrets(secretsUrls) { let lastFetchedEncryptedSecrets; for (const url of secretsUrls) { let response; try { response = await axios_1.default.get(url); } catch (e) { throw Error(`Error encountered when attempting to fetch URL ${url}: ${e}`); } if (!response.data?.encryptedSecrets) { throw Error(`URL ${url} did not return a JSON object with an encryptedSecrets field`); } if (!ethers_1.utils.isHexString(response.data.encryptedSecrets)) { throw Error(`URL ${url} did not return a valid hex string for the encryptedSecrets field`); } if (lastFetchedEncryptedSecrets && lastFetchedEncryptedSecrets !== response.data.encryptedSecrets) { throw Error(`URL ${url} returned a different encryptedSecrets field than the previous URL`); } lastFetchedEncryptedSecrets = response.data.encryptedSecrets; } return true; } async encryptSecrets(secrets) { if (!secrets || Object.keys(secrets).length === 0) { throw Error('Secrets are empty'); } if (typeof secrets !== 'object' || !Object.values(secrets).every(s => { return typeof s === 'string'; })) { throw Error('Secrets are not a string map'); } const { thresholdPublicKey, donPublicKey } = await this.fetchKeys(); const message = JSON.stringify(secrets); const signature = await this.signer.signMessage(message); const signedSecrets = JSON.stringify({ message, signature, }); const encryptedSignedSecrets = eth_crypto_1.default.cipher.stringify(await eth_crypto_1.default.encryptWithPublicKey(donPublicKey, signedSecrets)); const donKeyEncryptedSecrets = { '0x0': Buffer.from(encryptedSignedSecrets, 'hex').toString('base64'), }; const encryptedSecretsHexstring = '0x' + Buffer.from((0, tdh2_js_1.encrypt)(thresholdPublicKey, Buffer.from(JSON.stringify(donKeyEncryptedSecrets)))).toString('hex'); return { encryptedSecrets: encryptedSecretsHexstring, }; } async uploadEncryptedSecretsToDON({ encryptedSecretsHexstring, gatewayUrls, slotId, minutesUntilExpiration, }) { this.isInitialized(); this.validateGatewayUrls(gatewayUrls); if (!ethers_1.utils.isHexString(encryptedSecretsHexstring)) { throw Error('encryptedSecretsHexstring must be a valid hex string'); } if (!Number.isInteger(slotId) || slotId < 0) { throw Error('slotId must be a integer of at least 0'); } if (!Number.isInteger(minutesUntilExpiration) || minutesUntilExpiration < 5) { throw Error('minutesUntilExpiration must be an integer of at least 5'); } const encryptedSecretsBase64 = Buffer.from(encryptedSecretsHexstring.slice(2), 'hex').toString('base64'); const signerAddress = await this.signer.getAddress(); const signerAddressBase64 = Buffer.from(signerAddress.slice(2), 'hex').toString('base64'); const secretsVersion = Math.floor(Date.now() / 1000); const secretsExpiration = Date.now() + minutesUntilExpiration * 60 * 1000; const message = { address: signerAddressBase64, slotid: slotId, payload: encryptedSecretsBase64, version: secretsVersion, expiration: secretsExpiration, }; const storageSignature = await this.signer.signMessage(JSON.stringify(message)); const storageSignatureBase64 = Buffer.from(storageSignature.slice(2), 'hex').toString('base64'); const payload = { slot_id: slotId, version: secretsVersion, payload: encryptedSecretsBase64, expiration: secretsExpiration, signature: storageSignatureBase64, }; const gatewayResponse = await this.sendMessageToGateways({ gatewayUrls, method: 'secrets_set', don_id: this.donId, payload, }); let totalErrorCount = 0; for (const nodeResponse of gatewayResponse.nodeResponses) { if (!nodeResponse.success) { console.log(`WARNING: Node connected to gateway URL ${gatewayResponse.gatewayUrl} failed to store the encrypted secrets:\n${nodeResponse}`); totalErrorCount++; } } if (totalErrorCount === gatewayResponse.nodeResponses.length) { throw Error('All nodes failed to store the encrypted secrets'); } if (totalErrorCount > 0) { return { version: secretsVersion, success: false }; } return { version: secretsVersion, success: true }; } validateGatewayUrls(gatewayUrls) { if (!Array.isArray(gatewayUrls) || gatewayUrls.length === 0) { throw Error('gatewayUrls must be a non-empty array of strings'); } for (const url of gatewayUrls) { try { new URL(url); } catch (e) { throw Error(`gatewayUrl ${url} is not a valid URL`); } } } async sendMessageToGateways(gatewayRpcMessageConfig) { let gatewayResponse; let i = 0; for (const url of gatewayRpcMessageConfig.gatewayUrls) { i++; try { const response = await axios_1.default.post(url, await this.createGatewayMessage(gatewayRpcMessageConfig)); if (!response.data?.result?.body?.payload?.success) { throw Error(`Gateway response indicated failure:\n${JSON.stringify(response.data)}`); } const nodeResponses = this.extractNodeResponses(response); gatewayResponse = { gatewayUrl: url, nodeResponses, }; break; // Break after first successful message is sent to a gateway } catch (e) { // eslint-disable-next-line @typescript-eslint/no-explicit-any const error = e; const errorResponseData = error?.response?.data; console.log(`Error encountered when attempting to send request to DON gateway URL #${i} of ${gatewayRpcMessageConfig.gatewayUrls.length}\n${url}:\n${errorResponseData ? JSON.stringify(errorResponseData) : error}`); } } if (!gatewayResponse) { throw Error(`Failed to send request to any of the DON gateway URLs:\n${JSON.stringify(gatewayRpcMessageConfig.gatewayUrls)}`); } return gatewayResponse; } async createGatewayMessage({ method, don_id, payload, }) { const body = { message_id: `${Math.floor(Math.random() * Math.pow(2, 32))}`, method, don_id, receiver: '', payload, }; const gatewaySignature = await this.signer.signMessage(this.createGatewayMessageBody(body)); return JSON.stringify({ id: body.message_id, jsonrpc: '2.0', method: body.method, params: { body, signature: gatewaySignature, }, }); } createGatewayMessageBody({ message_id, method, don_id, receiver, payload, }) { const MessageIdMaxLen = 128; const MessageMethodMaxLen = 64; const MessageDonIdMaxLen = 64; const MessageReceiverLen = 2 + 2 * 20; const alignedMessageId = Buffer.alloc(MessageIdMaxLen); Buffer.from(message_id).copy(alignedMessageId); const alignedMethod = Buffer.alloc(MessageMethodMaxLen); Buffer.from(method).copy(alignedMethod); const alignedDonId = Buffer.alloc(MessageDonIdMaxLen); Buffer.from(don_id).copy(alignedDonId); const alignedReceiver = Buffer.alloc(MessageReceiverLen); Buffer.from(receiver).copy(alignedReceiver); let payloadJson = ''; if (payload) { payloadJson = JSON.stringify(payload); } return Buffer.concat([ alignedMessageId, alignedMethod, alignedDonId, alignedReceiver, Buffer.from(payloadJson), ]); } extractNodeResponses(gatewayResponse) { if (!gatewayResponse.data?.result?.body?.payload?.node_responses) { throw Error(`Unexpected response data from DON gateway:\n${JSON.stringify(gatewayResponse.data)}`); } if (gatewayResponse.data?.result?.body?.payload?.node_responses.length < 1) { throw Error('No nodes responded to gateway request'); } const responses = gatewayResponse.data.result.body.payload.node_responses; // eslint-disable-next-line @typescript-eslint/no-explicit-any const nodeResponses = responses.map((r) => { const nodeResponse = { success: r.body.payload.success, }; if (r.body.payload.rows) { nodeResponse.rows = r.body.payload.rows; } return nodeResponse; }); return nodeResponses; } async listDONHostedEncryptedSecrets(gatewayUrls) { this.isInitialized(); this.validateGatewayUrls(gatewayUrls); const gatewayResponse = await this.sendMessageToGateways({ gatewayUrls, method: 'secrets_list', don_id: this.donId, }); try { this.verifyDONHostedSecrets([gatewayResponse]); return { result: gatewayResponse }; } catch (e) { return { result: gatewayResponse, error: e?.toString() }; } } verifyDONHostedSecrets(gatewayResponses) { // Create a single array of all the node responses const nodeResponses = []; for (const gatewayResponse of gatewayResponses) { nodeResponses.push(...gatewayResponse.nodeResponses); } const didAllNodesReturnFailure = nodeResponses.every(nodeResponse => { return nodeResponse.success === false; }); if (didAllNodesReturnFailure) { throw Error('All nodes returned a failure response'); } // Verify that every node response was successful for (const nodeResponse of nodeResponses) { if (!nodeResponse.success) { throw Error('One or more nodes failed to respond to the request with a success confirmation'); } } // Verify that every node responded with the same rows const rows = nodeResponses[0].rows; for (const nodeResponse of nodeResponses) { if (!nodeResponse.rows || nodeResponse.rows.length !== rows.length) { throw Error('One or more nodes responded with a different number of secrets entries'); } for (let i = 0; i < rows.length; i++) { if (nodeResponse.rows[i].slot_id !== rows[i].slot_id || nodeResponse.rows[i].version !== rows[i].version || nodeResponse.rows[i].expiration !== rows[i].expiration) { throw Error('One or more nodes responded with different secrets entries'); } } } } buildDONHostedEncryptedSecretsReference = ({ slotId, version, }) => { if (typeof slotId !== 'number' || slotId < 0 || !Number.isInteger(slotId)) { throw Error('Invalid slotId'); } if (typeof version !== 'number' || version < 0 || !Number.isInteger(version)) { throw Error('Invalid version'); } return ('0x' + cbor_1.default .encodeCanonical({ slotId, version, }) .toString('hex')); }; } exports.SecretsManager = SecretsManager;