@stacks/auth/dist/messages.js

Authentication for Stacks apps.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.makeAuthResponse = exports.decryptPrivateKey = exports.encryptPrivateKey = exports.makeAuthRequestToken = exports.makeAuthRequest = exports.generateTransitKey = void 0;
const common_1 = require("@stacks/common");
const encryption_1 = require("@stacks/encryption");
const jsontokens_1 = require("jsontokens");
const constants_1 = require("./constants");
const dids_1 = require("./dids");
const VERSION = '1.4.0';
function generateTransitKey() {
    const transitKey = (0, encryption_1.makeECPrivateKey)();
    return transitKey;
}
exports.generateTransitKey = generateTransitKey;
exports.makeAuthRequest = makeAuthRequestToken;
function makeAuthRequestToken(transitPrivateKey, redirectURI, manifestURI, scopes = constants_1.DEFAULT_SCOPE.slice(), appDomain, expiresAt = (0, common_1.nextMonth)().getTime(), extraParams = {}) {
    const getWindowOrigin = (paramName) => {
        const location = (0, common_1.getGlobalObject)('location', {
            throwIfUnavailable: true,
            usageDesc: `makeAuthRequest([${paramName}=undefined])`,
        });
        return location?.origin;
    };
    if (!redirectURI) {
        redirectURI = `${getWindowOrigin('redirectURI')}/`;
    }
    if (!manifestURI) {
        manifestURI = `${getWindowOrigin('manifestURI')}/manifest.json`;
    }
    if (!appDomain) {
        appDomain = getWindowOrigin('appDomain');
    }
    const payload = Object.assign({}, extraParams, {
        jti: (0, common_1.makeUUID4)(),
        iat: Math.floor(new Date().getTime() / 1000),
        exp: Math.floor(expiresAt / 1000),
        iss: null,
        public_keys: [],
        domain_name: appDomain,
        manifest_uri: manifestURI,
        redirect_uri: redirectURI,
        version: VERSION,
        do_not_include_profile: true,
        supports_hub_url: true,
        scopes,
    });
    const publicKey = jsontokens_1.SECP256K1Client.derivePublicKey(transitPrivateKey);
    payload.public_keys = [publicKey];
    const address = (0, encryption_1.publicKeyToBtcAddress)(publicKey);
    payload.iss = (0, dids_1.makeDIDFromAddress)(address);
    const tokenSigner = new jsontokens_1.TokenSigner('ES256k', transitPrivateKey);
    const token = tokenSigner.sign(payload);
    return token;
}
exports.makeAuthRequestToken = makeAuthRequestToken;
async function encryptPrivateKey(publicKey, privateKey) {
    const encryptedObj = await (0, encryption_1.encryptECIES)(publicKey, (0, common_1.utf8ToBytes)(privateKey), true);
    const encryptedJSON = JSON.stringify(encryptedObj);
    return (0, common_1.bytesToHex)((0, common_1.utf8ToBytes)(encryptedJSON));
}
exports.encryptPrivateKey = encryptPrivateKey;
async function decryptPrivateKey(privateKey, hexedEncrypted) {
    const unhexedString = (0, common_1.bytesToUtf8)((0, common_1.hexToBytes)(hexedEncrypted));
    const encryptedObj = JSON.parse(unhexedString);
    const decrypted = await (0, encryption_1.decryptECIES)(privateKey, encryptedObj);
    if (typeof decrypted !== 'string') {
        throw new Error('Unable to correctly decrypt private key');
    }
    else {
        return decrypted;
    }
}
exports.decryptPrivateKey = decryptPrivateKey;
async function makeAuthResponse(privateKey, profile = {}, metadata, coreToken = null, appPrivateKey = null, expiresAt = (0, common_1.nextMonth)().getTime(), transitPublicKey = null, hubUrl = null, blockstackAPIUrl = null, associationToken = null, appPrivateKeyFromWalletSalt = null) {
    const publicKey = jsontokens_1.SECP256K1Client.derivePublicKey(privateKey);
    const address = (0, encryption_1.publicKeyToBtcAddress)(publicKey);
    let privateKeyPayload = appPrivateKey;
    let coreTokenPayload = coreToken;
    let additionalProperties = {};
    if (appPrivateKey !== undefined && appPrivateKey !== null) {
        if (transitPublicKey !== undefined && transitPublicKey !== null) {
            privateKeyPayload = await encryptPrivateKey(transitPublicKey, appPrivateKey);
            if (coreToken !== undefined && coreToken !== null) {
                coreTokenPayload = await encryptPrivateKey(transitPublicKey, coreToken);
            }
        }
        additionalProperties = {
            email: metadata?.email ? metadata.email : null,
            profile_url: metadata?.profileUrl ? metadata.profileUrl : null,
            hubUrl,
            blockstackAPIUrl,
            associationToken,
            version: VERSION,
        };
    }
    else {
    }
    const payload = Object.assign({}, {
        jti: (0, common_1.makeUUID4)(),
        iat: Math.floor(new Date().getTime() / 1000),
        exp: Math.floor(expiresAt / 1000),
        iss: (0, dids_1.makeDIDFromAddress)(address),
        private_key: privateKeyPayload,
        public_keys: [publicKey],
        appPrivateKeyFromWalletSalt,
        profile,
        core_token: coreTokenPayload,
    }, additionalProperties);
    const tokenSigner = new jsontokens_1.TokenSigner('ES256k', privateKey);
    return tokenSigner.sign(payload);
}
exports.makeAuthResponse = makeAuthResponse;
//# sourceMappingURL=messages.js.map