@zkp2p/reclaim-witness-sdk/lib/utils/auth.js

<div> <div> <img src="https://raw.githubusercontent.com/reclaimprotocol/.github/main/assets/banners/Attestor-Core.png" /> </div> </div>

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.assertValidAuthRequest = assertValidAuthRequest;
exports.createAuthRequest = createAuthRequest;
const ethers_1 = require("ethers");
const config_1 = require("../config");
const api_1 = require("../proto/api");
const env_1 = require("../utils/env");
const error_1 = require("../utils/error");
const generics_1 = require("../utils/generics");
const signatures_1 = require("../utils/signatures");
async function assertValidAuthRequest(request, signatureType) {
    const publicKey = (0, env_1.getEnvVariable)('AUTHENTICATION_PUBLIC_KEY');
    // nothing to verify
    if (!request) {
        // if pub key is provided -- but user didn't attempt to
        // authenticate, then we should throw an error
        if (publicKey) {
            throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'User must be authenticated');
        }
        return;
    }
    if (!publicKey) {
        throw new error_1.AttestorError('ERROR_BAD_REQUEST', 'The attestor is not configured for authentication');
    }
    const { signature, data } = request;
    if (!data) {
        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Missing data in auth request');
    }
    if (data.expiresAt < (0, generics_1.unixTimestampSeconds)()) {
        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Authentication request has expired');
    }
    const proto = api_1.AuthenticatedUserData.encode(data).finish();
    const signatureAlg = signatures_1.SIGNATURES[signatureType];
    const address = signatureAlg.getAddress(await ethers_1.ethers.utils.arrayify(publicKey));
    const verified = await signatureAlg
        .verify(proto, signature, address);
    if (!verified) {
        throw new error_1.AttestorError('ERROR_AUTHENTICATION_FAILED', 'Signature verification failed');
    }
}
/**
 * Create an authentication request with the given data and private key,
 * which can then be used to authenticate with the service.
 */
async function createAuthRequest(_data, privateKey) {
    const createdAt = (0, generics_1.unixTimestampSeconds)();
    const data = {
        createdAt,
        expiresAt: createdAt + config_1.DEFAULT_AUTH_EXPIRY_S,
        id: '',
        hostWhitelist: [],
        ..._data,
    };
    const proto = api_1.AuthenticatedUserData.encode(data).finish();
    const signature = await signatures_1.SelectedServiceSignature
        .sign(proto, privateKey);
    const request = {
        data,
        signature
    };
    return request;
}
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy91dGlscy9hdXRoLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBUUEsd0RBc0RDO0FBTUQsOENBcUJDO0FBekZELG1DQUErQjtBQUMvQix1Q0FBa0Q7QUFDbEQsdUNBQWtHO0FBQ2xHLHVDQUE4QztBQUM5QywyQ0FBK0M7QUFDL0MsaURBQXlEO0FBQ3pELHFEQUEyRTtBQUVwRSxLQUFLLFVBQVUsc0JBQXNCLENBQzNDLE9BQTBDLEVBQzFDLGFBQW1DO0lBRW5DLE1BQU0sU0FBUyxHQUFHLElBQUEsb0JBQWMsRUFBQywyQkFBMkIsQ0FBQyxDQUFBO0lBQzdELG9CQUFvQjtJQUNwQixJQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYix1REFBdUQ7UUFDdkQsOENBQThDO1FBQzlDLElBQUcsU0FBUyxFQUFFLENBQUM7WUFDZCxNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLDRCQUE0QixDQUM1QixDQUFBO1FBQ0YsQ0FBQztRQUVELE9BQU07SUFDUCxDQUFDO0lBRUQsSUFBRyxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ2YsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLG1CQUFtQixFQUNuQixtREFBbUQsQ0FDbkQsQ0FBQTtJQUNGLENBQUM7SUFFRCxNQUFNLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxHQUFHLE9BQU8sQ0FBQTtJQUNuQyxJQUFHLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDVixNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLDhCQUE4QixDQUM5QixDQUFBO0lBQ0YsQ0FBQztJQUVELElBQUcsSUFBSSxDQUFDLFNBQVMsR0FBRyxJQUFBLCtCQUFvQixHQUFFLEVBQUUsQ0FBQztRQUM1QyxNQUFNLElBQUkscUJBQWEsQ0FDdEIsNkJBQTZCLEVBQzdCLG9DQUFvQyxDQUNwQyxDQUFBO0lBQ0YsQ0FBQztJQUVELE1BQU0sS0FBSyxHQUFHLDJCQUFxQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQTtJQUN6RCxNQUFNLFlBQVksR0FBRyx1QkFBVSxDQUFDLGFBQWEsQ0FBQyxDQUFBO0lBQzlDLE1BQU0sT0FBTyxHQUFHLFlBQVksQ0FBQyxVQUFVLENBQ3RDLE1BQU0sZUFBTSxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQ3RDLENBQUE7SUFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLFlBQVk7U0FDakMsTUFBTSxDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDbkMsSUFBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQ2QsTUFBTSxJQUFJLHFCQUFhLENBQ3RCLDZCQUE2QixFQUM3QiwrQkFBK0IsQ0FDL0IsQ0FBQTtJQUNGLENBQUM7QUFDRixDQUFDO0FBRUQ7OztHQUdHO0FBQ0ksS0FBSyxVQUFVLGlCQUFpQixDQUN0QyxLQUFxQyxFQUNyQyxVQUFrQjtJQUVsQixNQUFNLFNBQVMsR0FBRyxJQUFBLCtCQUFvQixHQUFFLENBQUE7SUFDeEMsTUFBTSxJQUFJLEdBQTBCO1FBQ25DLFNBQVM7UUFDVCxTQUFTLEVBQUUsU0FBUyxHQUFHLDhCQUFxQjtRQUM1QyxFQUFFLEVBQUUsRUFBRTtRQUNOLGFBQWEsRUFBRSxFQUFFO1FBQ2pCLEdBQUcsS0FBSztLQUNSLENBQUE7SUFDRCxNQUFNLEtBQUssR0FBRywyQkFBcUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUE7SUFDekQsTUFBTSxTQUFTLEdBQUcsTUFBTSxxQ0FBd0I7U0FDOUMsSUFBSSxDQUFDLEtBQUssRUFBRSxVQUFVLENBQUMsQ0FBQTtJQUN6QixNQUFNLE9BQU8sR0FBMEI7UUFDdEMsSUFBSTtRQUNKLFNBQVM7S0FDVCxDQUFBO0lBRUQsT0FBTyxPQUFPLENBQUE7QUFDZixDQUFDIn0=