lightning-auth-and-payment/dist/auth/index.js

Lightning Network authentication and payment processing library for modern web applications

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.LightningAuth = void 0;
const jose_1 = require("jose");
const crypto_1 = require("crypto");
const bech32_1 = require("bech32");
const elliptic_1 = __importDefault(require("elliptic"));
class LightningAuth {
    constructor(config) {
        this.config = config;
        this.secret = new TextEncoder().encode(config.sessionSecret);
    }
    async createSession(userId) {
        const payload = { userId };
        const jwt = await new jose_1.SignJWT(payload)
            .setProtectedHeader({ alg: "HS256" })
            .setIssuedAt()
            .setExpirationTime("30d")
            .sign(this.secret);
        return jwt;
    }
    async verifySession(token) {
        try {
            const { payload } = await (0, jose_1.jwtVerify)(token, this.secret);
            const p = payload;
            return {
                userId: String(p.userId),
                lnPubkey: p.lnPubkey ? String(p.lnPubkey) : undefined,
            };
        }
        catch {
            return null;
        }
    }
    generateK1Challenge() {
        return (0, crypto_1.randomBytes)(32).toString("hex");
    }
    generateLnurl(k1, baseUrl) {
        const url = baseUrl || this.config.baseUrl || "http://localhost:3000";
        const callback = `${url}/api/auth/callback`;
        const urlObj = new URL(callback);
        urlObj.searchParams.set("tag", "login");
        urlObj.searchParams.set("k1", k1);
        urlObj.searchParams.set("action", "login");
        const words = bech32_1.bech32.toWords(Buffer.from(urlObj.toString(), "utf8"));
        return bech32_1.bech32.encode("lnurl", words, 1023);
    }
    verifyLnurlSignature(k1, sig, key) {
        try {
            const ec = new elliptic_1.default.ec("secp256k1");
            const pub = ec.keyFromPublic(key, "hex");
            const ok = ec.verify(k1, sig, pub);
            return !!ok;
        }
        catch (e) {
            return false;
        }
    }
    getCookieConfig() {
        const base = {
            httpOnly: true,
            secure: this.config.isProduction ?? process.env.NODE_ENV === "production",
            sameSite: "lax",
            maxAge: 30 * 24 * 60 * 60,
            path: "/",
        };
        if (this.config.sessionCookieDomain) {
            base.domain = this.config.sessionCookieDomain;
        }
        return base;
    }
    getClearCookieConfig() {
        const base = {
            httpOnly: true,
            secure: this.config.isProduction ?? process.env.NODE_ENV === "production",
            sameSite: "lax",
            path: "/",
            expires: new Date(0),
            maxAge: 0,
        };
        if (this.config.sessionCookieDomain) {
            base.domain = this.config.sessionCookieDomain;
        }
        return base;
    }
    // Additional methods for API route compatibility
    async getSession() {
        // This should be implemented by the calling application
        // as it requires access to cookies/headers
        throw new Error("getSession must be implemented by the calling application");
    }
    async setSessionCookie(token) {
        // This should be implemented by the calling application
        // as it requires access to the response object
        throw new Error("setSessionCookie must be implemented by the calling application");
    }
    async clearSession() {
        // This should be implemented by the calling application
        // as it requires access to the response object
        throw new Error("clearSession must be implemented by the calling application");
    }
}
exports.LightningAuth = LightningAuth;
//# sourceMappingURL=index.js.map