UNPKG

@privy-io/server-auth

Version:

Server-side client for the Privy API

docs.privy.io

2 lines (1 loc) 4.37 kB
1
2
"use strict";var e=require("@hpke/chacha20poly1305"),r=require("@hpke/core"),t=require("@noble/curves/p256"),i=require("@noble/hashes/sha256"),a=require("canonicalize"),n=require("../constants.js"),o=require("../errors.js"),d=require("../paths.js");function s(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var u=/*#__PURE__*/s(a);const l=e=>Buffer.from(u.default(e)),p=(e,r)=>{let a=t.p256.sign(i.sha256(e),r).toDERRawBytes();return Buffer.from(a)},y=({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:a})=>{let n={version:1,method:e,url:r,body:t,headers:{"privy-app-id":i,...a}};return l(n)},c=({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:a,authorizationPrivateKey:n})=>{if("bigint"!=typeof n)return;let o=y({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:a});return p(o,n).toString("base64")};async function f(e,r){let t=d.getUserByWalletAddressPath(),i=(await e.post(t,{address:r})).data.linked_accounts.find((e=>"wallet"===e.type&&e.address===r));return i?.id}exports.createAuthorizationSignatureHeader=({method:e,body:r,url:t,appId:i,idempotencyKeyHeader:a,authorizationPrivateKey:n})=>{let o=c({method:e,body:r,url:t,appId:i,idempotencyKeyHeader:a,authorizationPrivateKey:n});if(o)return{"privy-authorization-signature":o}},exports.createP256KeyPair=async function(){let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!0,["sign","verify"]),r=await crypto.subtle.exportKey("spki",e.publicKey),t=await crypto.subtle.exportKey("pkcs8",e.privateKey);return{publicKey:Buffer.from(r),privateKey:Buffer.from(t)}},exports.decryptHPKEMessage=async function(t,i,a){let n=new r.CipherSuite({kem:new r.DhkemP256HkdfSha256,kdf:new r.HkdfSha256,aead:new e.Chacha20Poly1305}),o=await crypto.subtle.importKey("pkcs8",Uint8Array.from(atob(t),(e=>e.charCodeAt(0))).buffer,{name:"ECDH",namedCurve:"P-256"},!0,["deriveKey","deriveBits"]),d=await n.createRecipientContext({recipientKey:o,enc:Uint8Array.from(atob(i),(e=>e.charCodeAt(0))).buffer});return(new TextDecoder).decode(await d.open(Uint8Array.from(atob(a),(e=>e.charCodeAt(0))).buffer))},exports.encryptHPKEMessage=async function({encryptionPublicKey:t,plaintext:i}){let a=new r.CipherSuite({kem:new r.DhkemP256HkdfSha256,kdf:new r.HkdfSha256,aead:new e.Chacha20Poly1305}),n=await a.kem.deserializePublicKey(t),o=await a.createSenderContext({recipientPublicKey:n}),d=await o.seal(i);return{encapsulatedKey:new Uint8Array(o.enc),ciphertext:new Uint8Array(d)}},exports.extractIdempotencyKeyHeader=e=>{if(void 0!==e.idempotencyKey)return{"privy-idempotency-key":e.idempotencyKey}},exports.formatAuthorizationSignatureRequest=y,exports.getRpcPathForRequest=async(e,r)=>{let t;if("walletId"in e)t=d.getWalletApiRpcPath(e.walletId);else{if(!("address"in e))throw new o.PrivyClientError("Invalid RPC payload. Must include `walletId`.");{console.warn("Warning: using deprecated input 'address' this will be removed in a a future version. Use 'walletId' instead.");let i=await f(r,e.address);if(!i)throw new o.PrivyClientError(`No wallet account found for address ${e.address}`);t=d.getWalletApiRpcPath(i)}}return t},exports.getWalletIdFromAddress=f,exports.normalizeP256PrivateKeyToScalar=e=>{let r=e.replace(n.AUTHORIZATION_PRIVATE_KEY_PREFIX,"").replace(n.WALLET_API_PRIVATE_KEY_PREFIX,""),i=Buffer.from(r,"base64"),a=i.indexOf(Buffer.from([4,32]));if(-1===a)throw new o.PrivyClientError("Invalid wallet authorization private key");let d=i.subarray(a+2,a+34);return t.p256.utils.normPrivateKeyToScalar(d)},exports.serializePayloadToBuffer=l,exports.signAuthorizationSignatureRequest=c,exports.signWithP256=p,exports.translateOwnerInput=function({input:e}){if("ownerId"in e&&e.ownerId)return{owner_id:e.ownerId};if(!("owner"in e)||!e.owner)return{};if("publicKey"in e.owner&&e.owner.publicKey)return{owner:{public_key:e.owner.publicKey}};if("userId"in e.owner&&e.owner.userId)return{owner:{user_id:e.owner.userId}};throw new o.PrivyClientError("Invalid owner input. Must include either `publicKey` or `userId`.")},exports.translateSignersInput=function({input:e}){return"authorizationKeyIds"in e||"authorizationThreshold"in e?{authorization_key_ids:e.authorizationKeyIds,authorization_threshold:e.authorizationThreshold}:"additionalSigners"in e&&e.additionalSigners?{additional_signers:e.additionalSigners.map((e=>({signer_id:e.signerId,override_policy_ids:e.overridePolicyIds})))}:{}};