UNPKG

@stellar/stellar-sdk

Version:

A library for working with the Stellar network, including communication with the Horizon and Soroban RPC servers.

github.com/stellar/js-stellar-sdk

stellar/js-stellar-sdk

236 lines (235 loc) 11.2 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
import { Keypair, Transaction } from "@stellar/stellar-base"; import { ServerApi } from "../horizon/server_api"; /** * Returns a valid {@link https://stellar.org/protocol/sep-10 | SEP-10} * challenge transaction which you can use for Stellar Web Authentication. * @param serverKeypair Keypair for server's signing account. * @param clientAccountID The stellar account (G...) or muxed account * (M...) that the wallet wishes to authenticate with the server. * @param homeDomain The fully qualified domain name of the service * requiring authentication * @param timeout Challenge duration (default to 5 minutes). * @param networkPassphrase The network passphrase. If you pass this * argument then timeout is required. * @param webAuthDomain The fully qualified domain name of the service * issuing the challenge. * @param memo The memo to attach to the challenge transaction. The * memo must be of type `id`. If the `clientaccountID` is a muxed account, * memos cannot be used. * @param clientDomain The fully qualified domain of the client * requesting the challenge. Only necessary when the 'client_domain' * parameter is passed. * @param clientSigningKey The public key assigned to the SIGNING_KEY * attribute specified on the stellar.toml hosted on the client domain. Only * necessary when the 'client_domain' parameter is passed. * @returns A base64 encoded string of the raw TransactionEnvelope xdr * struct for the transaction. * @throws {Error} Will throw if `clientAccountID is a muxed account, and `memo` * is present. * @throws {Error} Will throw if `clientDomain` is provided, but * `clientSigningKey` is missing * @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth} * @example * import { Keypair, Networks, WebAuth } from 'stellar-sdk' * * let serverKeyPair = Keypair.fromSecret("server-secret") * let challenge = WebAuth.buildChallengeTx( * serverKeyPair, * "client-stellar-account-id", * "stellar.org", * 300, * Networks.TESTNET); */ export declare function buildChallengeTx(serverKeypair: Keypair, clientAccountID: string, homeDomain: string, timeout: number | undefined, networkPassphrase: string, webAuthDomain: string, memo?: string | null, clientDomain?: string | null, clientSigningKey?: string | null): string; /** * Reads a SEP-10 challenge transaction and returns the decoded transaction and * client account ID contained within. * * It also verifies that the transaction has been signed by the server. * * It does not verify that the transaction has been signed by the client or that * any signatures other than the server's on the transaction are valid. Use one * of the following functions to completely verify the transaction: * * - {@link module:WebAuth~verifyChallengeTxThreshold} * - {@link module:WebAuth~verifyChallengeTxSigners} * @param challengeTx SEP0010 challenge transaction in base64. * @param serverAccountID The server's stellar account (public key). * @param networkPassphrase The network passphrase, e.g.: 'Test SDF * Network ; September 2015' (see {@link Networks}) * @param homeDomains The home domain that is expected * to be included in the first Manage Data operation's string key. If an * array is provided, one of the domain names in the array must match. * @param webAuthDomain The home domain that is expected to be included * as the value of the Manage Data operation with the 'web_auth_domain' key. * If no such operation is included, this parameter is not used. * @returns The actual transaction and the * Stellar public key (master key) used to sign the Manage Data operation, * the matched home domain, and the memo attached to the transaction, which * will be null if not present. * @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth} */ export declare function readChallengeTx(challengeTx: string, serverAccountID: string, networkPassphrase: string, homeDomains: string | string[], webAuthDomain: string): { tx: Transaction; clientAccountID: string; matchedHomeDomain: string; memo: string | null; }; /** * Verifies that for a SEP 10 challenge transaction all signatures on the * transaction are accounted for. A transaction is verified if it is signed by * the server account, and all other signatures match a signer that has been * provided as an argument (as the accountIDs list). Additional signers can be * provided that do not have a signature, but all signatures must be matched to * a signer (accountIDs) for verification to succeed. If verification succeeds, * a list of signers that were found is returned, not including the server * account ID. * * Signers that are not prefixed as an address/account ID strkey (G...) will be * ignored. * * Errors will be raised if: * - The transaction is invalid according to * {@link module:WebAuth~readChallengeTx}. * - No client signatures are found on the transaction. * - One or more signatures in the transaction are not identifiable as the * server account or one of the signers provided in the arguments. * @param challengeTx SEP0010 challenge transaction in base64. * @param serverAccountID The server's stellar account (public key). * @param networkPassphrase The network passphrase, e.g.: 'Test SDF * Network ; September 2015' (see {@link Networks}). * @param signers The signers public keys. This list should * contain the public keys for all signers that have signed the transaction. * @param homeDomains The home domain(s) that should * be included in the first Manage Data operation's string key. Required in * readChallengeTx(). * @param webAuthDomain The home domain that is expected to be included * as the value of the Manage Data operation with the 'web_auth_domain' key, * if present. Used in readChallengeTx(). * @returns The list of signers public keys that have signed * the transaction, excluding the server account ID. * @see {@link https://stellar.org/protocol/sep-10|SEP-10: Stellar Web Auth} * @example * import { Networks, TransactionBuilder, WebAuth } from 'stellar-sdk'; * * const serverKP = Keypair.random(); * const clientKP1 = Keypair.random(); * const clientKP2 = Keypair.random(); * * // Challenge, possibly built in the server side * const challenge = WebAuth.buildChallengeTx( * serverKP, * clientKP1.publicKey(), * "SDF", * 300, * Networks.TESTNET * ); * * // clock.tick(200); // Simulates a 200 ms delay when communicating from server to client * * // Transaction gathered from a challenge, possibly from the client side * const transaction = TransactionBuilder.fromXDR(challenge, Networks.TESTNET); * transaction.sign(clientKP1, clientKP2); * const signedChallenge = transaction * .toEnvelope() * .toXDR("base64") * .toString(); * * // The result below should be equal to [clientKP1.publicKey(), clientKP2.publicKey()] * WebAuth.verifyChallengeTxSigners( * signedChallenge, * serverKP.publicKey(), * Networks.TESTNET, * threshold, * [clientKP1.publicKey(), clientKP2.publicKey()] * ); */ export declare function verifyChallengeTxSigners(challengeTx: string, serverAccountID: string, networkPassphrase: string, signers: string[], homeDomains: string | string[], webAuthDomain: string): string[]; /** * Verifies that for a SEP-10 challenge transaction all signatures on the * transaction are accounted for and that the signatures meet a threshold on an * account. A transaction is verified if it is signed by the server account, and * all other signatures match a signer that has been provided as an argument, * and those signatures meet a threshold on the account. * * Signers that are not prefixed as an address/account ID strkey (G...) will be * ignored. * * Errors will be raised if: * - The transaction is invalid according to * {@link module:WebAuth~readChallengeTx}. * - No client signatures are found on the transaction. * - One or more signatures in the transaction are not identifiable as the * server account or one of the signers provided in the arguments. * - The signatures are all valid but do not meet the threshold. * @param challengeTx SEP0010 challenge transaction in base64. * @param serverAccountID The server's stellar account (public key). * @param networkPassphrase The network passphrase, e.g.: 'Test SDF * Network ; September 2015' (see {@link Networks}). * @param threshold The required signatures threshold for verifying * this transaction. * @param signerSummary a map of all * authorized signers to their weights. It's used to validate if the * transaction signatures have met the given threshold. * @param homeDomains The home domain(s) that should * be included in the first Manage Data operation's string key. Required in * verifyChallengeTxSigners() => readChallengeTx(). * @param webAuthDomain The home domain that is expected to be included * as the value of the Manage Data operation with the 'web_auth_domain' key, * if present. Used in verifyChallengeTxSigners() => readChallengeTx(). * @returns The list of signers public keys that have signed * the transaction, excluding the server account ID, given that the threshold * was met. * @throws {module:WebAuth.InvalidChallengeError} Will throw if the collective * weight of the transaction's signers does not meet the necessary threshold * to verify this transaction. * @see {@link https://stellar.org/protocol/sep-10 | SEP-10: Stellar Web Auth} * @example * import { Networks, TransactionBuilder, WebAuth } from 'stellar-sdk'; * * const serverKP = Keypair.random(); * const clientKP1 = Keypair.random(); * const clientKP2 = Keypair.random(); * * // Challenge, possibly built in the server side * const challenge = WebAuth.buildChallengeTx( * serverKP, * clientKP1.publicKey(), * "SDF", * 300, * Networks.TESTNET * ); * * // clock.tick(200); // Simulates a 200 ms delay when communicating from server to client * * // Transaction gathered from a challenge, possibly from the client side * const transaction = TransactionBuilder.fromXDR(challenge, Networks.TESTNET); * transaction.sign(clientKP1, clientKP2); * const signedChallenge = transaction * .toEnvelope() * .toXDR("base64") * .toString(); * * // Defining the threshold and signerSummary * const threshold = 3; * const signerSummary = [ * { * key: this.clientKP1.publicKey(), * weight: 1, * }, * { * key: this.clientKP2.publicKey(), * weight: 2, * }, * ]; * * // The result below should be equal to [clientKP1.publicKey(), clientKP2.publicKey()] * WebAuth.verifyChallengeTxThreshold( * signedChallenge, * serverKP.publicKey(), * Networks.TESTNET, * threshold, * signerSummary * ); */ export declare function verifyChallengeTxThreshold(challengeTx: string, serverAccountID: string, networkPassphrase: string, threshold: number, signerSummary: ServerApi.AccountRecordSigners[], homeDomains: string | string[], webAuthDomain: string): string[];