@privy-io/server-auth/dist/esm/wallet-api/utils.mjs

Server-side client for the Privy API

import{Chacha20Poly1305 as e}from"@hpke/chacha20poly1305";import{CipherSuite as r,DhkemP256HkdfSha256 as t,HkdfSha256 as i}from"@hpke/core";import{p256 as n}from"@noble/curves/p256";import{sha256 as a}from"@noble/hashes/sha256";import o from"canonicalize";import{AUTHORIZATION_PRIVATE_KEY_PREFIX as d,WALLET_API_PRIVATE_KEY_PREFIX as u}from"../constants.mjs";import{PrivyClientError as s}from"../errors.mjs";import{getWalletApiRpcPath as l,getUserByWalletAddressPath as p}from"../paths.mjs";const y=e=>Buffer.from(o(e)),c=(e,r)=>{let t=n.sign(a(e),r).toDERRawBytes();return Buffer.from(t)},f=e=>{let r=e.replace(d,"").replace(u,""),t=Buffer.from(r,"base64"),i=t.indexOf(Buffer.from([4,32]));if(-1===i)throw new s("Invalid wallet authorization private key");let a=t.subarray(i+2,i+34);return n.utils.normPrivateKeyToScalar(a)},w=e=>{if(void 0!==e.idempotencyKey)return{"privy-idempotency-key":e.idempotencyKey}},m=async(e,r)=>{let t;if("walletId"in e)t=l(e.walletId);else{if(!("address"in e))throw new s("Invalid RPC payload. Must include `walletId`.");{console.warn("Warning: using deprecated input 'address' this will be removed in a a future version. Use 'walletId' instead.");let i=await g(r,e.address);if(!i)throw new s(`No wallet account found for address ${e.address}`);t=l(i)}}return t},h=({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:n})=>{let a={version:1,method:e,url:r,body:t,headers:{"privy-app-id":i,...n}};return y(a)},b=({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:n,authorizationPrivateKey:a})=>{if("bigint"!=typeof a)return;let o=h({method:e,url:r,body:t,appId:i,idempotencyKeyHeader:n});return c(o,a).toString("base64")},K=({method:e,body:r,url:t,appId:i,idempotencyKeyHeader:n,authorizationPrivateKey:a})=>{let o=b({method:e,body:r,url:t,appId:i,idempotencyKeyHeader:n,authorizationPrivateKey:a});if(o)return{"privy-authorization-signature":o}};async function v(){let e=await crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!0,["sign","verify"]),r=await crypto.subtle.exportKey("spki",e.publicKey),t=await crypto.subtle.exportKey("pkcs8",e.privateKey);return{publicKey:Buffer.from(r),privateKey:Buffer.from(t)}}async function I({encryptionPublicKey:n,plaintext:a}){let o=new r({kem:new t,kdf:new i,aead:new e}),d=await o.kem.deserializePublicKey(n),u=await o.createSenderContext({recipientPublicKey:d}),s=await u.seal(a);return{encapsulatedKey:new Uint8Array(u.enc),ciphertext:new Uint8Array(s)}}async function k(n,a,o){let d=new r({kem:new t,kdf:new i,aead:new e}),u=await crypto.subtle.importKey("pkcs8",Uint8Array.from(atob(n),(e=>e.charCodeAt(0))).buffer,{name:"ECDH",namedCurve:"P-256"},!0,["deriveKey","deriveBits"]),s=await d.createRecipientContext({recipientKey:u,enc:Uint8Array.from(atob(a),(e=>e.charCodeAt(0))).buffer});return(new TextDecoder).decode(await s.open(Uint8Array.from(atob(o),(e=>e.charCodeAt(0))).buffer))}async function g(e,r){let t=p(),i=(await e.post(t,{address:r})).data.linked_accounts.find((e=>"wallet"===e.type&&e.address===r));return i?.id}function z({input:e}){if("ownerId"in e&&e.ownerId)return{owner_id:e.ownerId};if(!("owner"in e)||!e.owner)return{};if("publicKey"in e.owner&&e.owner.publicKey)return{owner:{public_key:e.owner.publicKey}};if("userId"in e.owner&&e.owner.userId)return{owner:{user_id:e.owner.userId}};throw new s("Invalid owner input. Must include either `publicKey` or `userId`.")}function P({input:e}){return"authorizationKeyIds"in e||"authorizationThreshold"in e?{authorization_key_ids:e.authorizationKeyIds,authorization_threshold:e.authorizationThreshold}:"additionalSigners"in e&&e.additionalSigners?{additional_signers:e.additionalSigners.map((e=>({signer_id:e.signerId,override_policy_ids:e.overridePolicyIds})))}:{}}export{K as createAuthorizationSignatureHeader,v as createP256KeyPair,k as decryptHPKEMessage,I as encryptHPKEMessage,w as extractIdempotencyKeyHeader,h as formatAuthorizationSignatureRequest,m as getRpcPathForRequest,g as getWalletIdFromAddress,f as normalizeP256PrivateKeyToScalar,y as serializePayloadToBuffer,b as signAuthorizationSignatureRequest,c as signWithP256,z as translateOwnerInput,P as translateSignersInput};