more progress

Author: pcarranzav

apps/connect/src/routes/authenticate.tsx

@@ -2,14 +2,16 @@ import { CreateSpace } from '@/components/create-space';
 import { Button } from '@/components/ui/button';
 import { useSpaces } from '@/hooks/use-spaces';
 import { Connect, type Identity, Key, type Messages, StoreConnect, Utils } from '@graphprotocol/hypergraph';
+import { GEOGENESIS, GEO_TESTNET } from '@graphprotocol/hypergraph/connect/smart-account';
 import { useIdentityToken, usePrivy, useWallets } from '@privy-io/react-auth';
 import { createFileRoute } from '@tanstack/react-router';
 import { createStore } from '@xstate/store';
 import { useSelector } from '@xstate/store/react';
 import { Effect, Schema } from 'effect';
 import { useEffect } from 'react';
 import { createWalletClient, custom } from 'viem';
-import { mainnet } from 'viem/chains';
+
+const CHAIN = import.meta.env.VITE_HYPERGRAPH_CHAIN === 'geogenesis' ? GEOGENESIS : GEO_TESTNET;
 
 type AuthenticateSearch = {
   data: unknown;
@@ -288,6 +290,7 @@ function AuthenticateComponent() {
         nonce: appInfo.appNonce,
         ephemeralPublicKey: appInfo.ephemeralEncryptionPublicKey,
         appIdentityAddress: appIdentity.address,
+        permissionId: appIdentity.permissionId,
         encryptionPrivateKey: appIdentity.encryptionPrivateKey,
         signaturePrivateKey: appIdentity.signaturePrivateKey,
         signaturePublicKey: appIdentity.signaturePublicKey,
@@ -316,7 +319,7 @@ function AuthenticateComponent() {
     try {
       const privyProvider = await embeddedWallet.getEthereumProvider();
       const walletClient = createWalletClient({
-        chain: mainnet,
+        chain: CHAIN,
         transport: custom(privyProvider),
       });
 
@@ -336,11 +339,26 @@ function AuthenticateComponent() {
       };
 
       const newAppIdentity = Connect.createAppIdentity();
+      // TODO: add spaces and additional actions
+      const permissionId = await Connect.createSmartSession(
+        walletClient,
+        accountAddress,
+        newAppIdentity.addressPrivateKey,
+        CHAIN,
+        import.meta.env.VITE_HYPERGRAPH_RPC_URL,
+        {
+          allowCreateSpace: true,
+          spaces: [],
+          additionalActions: [],
+        },
+      );
+
       const { ciphertext, nonce } = await Connect.encryptAppIdentity(
         signer,
         accountAddress,
         newAppIdentity.address,
         newAppIdentity.addressPrivateKey,
+        permissionId,
         keys,
       );
       const { accountProof, keyProof } = await Connect.proveIdentityOwnership(signer, accountAddress, keys);
@@ -377,6 +395,7 @@ function AuthenticateComponent() {
           signaturePublicKey: newAppIdentity.signaturePublicKey,
           sessionToken: appIdentityResponse.appIdentity.sessionToken,
           sessionTokenExpires: new Date(appIdentityResponse.appIdentity.sessionTokenExpires),
+          permissionId,
         },
         appInfo: state.appInfo,
       });
@@ -397,7 +416,7 @@ function AuthenticateComponent() {
 
     const privyProvider = await embeddedWallet.getEthereumProvider();
     const walletClient = createWalletClient({
-      chain: mainnet,
+      chain: CHAIN,
       transport: custom(privyProvider),
     });
 
@@ -418,7 +437,6 @@ function AuthenticateComponent() {
 
     const decryptedIdentity = await Connect.decryptAppIdentity(
       signer,
-      state.appIdentityResponse.accountAddress,
       state.appIdentityResponse.ciphertext,
       state.appIdentityResponse.nonce,
     );
@@ -427,6 +445,7 @@ function AuthenticateComponent() {
       appIdentity: {
         address: decryptedIdentity.address,
         addressPrivateKey: decryptedIdentity.addressPrivateKey,
+        permissionId: decryptedIdentity.permissionId,
         encryptionPrivateKey: decryptedIdentity.encryptionPrivateKey,
         signaturePrivateKey: decryptedIdentity.signaturePrivateKey,
         encryptionPublicKey: decryptedIdentity.encryptionPublicKey,

apps/connect/src/routes/login.lazy.tsx

@@ -1,9 +1,8 @@
 import { Button } from '@/components/ui/button';
-import { Connect, type Identity, StoreConnect } from '@graphprotocol/hypergraph';
+import { Connect, type Identity } from '@graphprotocol/hypergraph';
 import { GEOGENESIS, GEO_TESTNET } from '@graphprotocol/hypergraph/connect/smart-account';
 import { type ConnectedWallet, useIdentityToken, usePrivy, useWallets } from '@privy-io/react-auth';
 import { createLazyFileRoute, useRouter } from '@tanstack/react-router';
-import { useSelector } from 'node_modules/@xstate/store/dist/declarations/src/react';
 import { useCallback, useEffect, useState } from 'react';
 import { type WalletClient, createWalletClient, custom } from 'viem';
 import { mainnet } from 'viem/chains';
@@ -79,7 +78,7 @@ function Login() {
         }
       })();
     }
-  }, [privyAuthenticated, walletsReady, wallets, signMessage, hypergraphLogin, navigate, hypergraphLoginStarted]);
+  }, [privyAuthenticated, walletsReady, wallets, hypergraphLogin, navigate, hypergraphLoginStarted]);
 
   return (
     <div className="flex flex-1 justify-center items-center flex-col gap-4">

packages/hypergraph/src/connect/create-callback-params.ts

@@ -6,6 +6,7 @@ type CreateAuthUrlParams = {
   expiry: number;
   nonce: string;
   appId: string;
+  permissionId: string;
   appIdentityAddress: string;
   appIdentityAddressPrivateKey: string;
   signaturePublicKey: string;

packages/hypergraph/src/connect/identity-encryption.ts

@@ -138,6 +138,7 @@ export const encryptAppIdentity = async (
   accountAddress: string,
   appIdentityAddress: string,
   appIdentityAddressPrivateKey: string,
+  permissionId: string,
   keys: IdentityKeys,
 ): Promise<{ ciphertext: string; nonce: string }> => {
   const nonce = randomBytes(32);
@@ -164,6 +165,7 @@ export const encryptAppIdentity = async (
     keys.signaturePrivateKey,
     appIdentityAddress,
     appIdentityAddressPrivateKey,
+    permissionId,
   ].join('\n');
   const keysMsg = new TextEncoder().encode(keysTxt);
   const ciphertext = encrypt(keysMsg, secretKey);
@@ -172,7 +174,6 @@ export const encryptAppIdentity = async (
 
 export const decryptAppIdentity = async (
   signer: Signer,
-  accountAddress: string,
   ciphertext: string,
   nonce: string,
 ): Promise<Omit<PrivateAppIdentity, 'sessionToken' | 'sessionTokenExpires'>> => {
@@ -181,7 +182,7 @@ export const decryptAppIdentity = async (
 
   // Check that the signature is valid
   const valid = await verifyMessage({
-    address: accountAddress as Hex,
+    address: (await signer.getAddress()) as Hex,
     message,
     signature,
   });
@@ -209,21 +210,21 @@ export const decryptAppIdentity = async (
   }
   const keysTxt = new TextDecoder().decode(keysMsg);
   const [
-    accountAddress,
     encryptionPublicKey,
     encryptionPrivateKey,
     signaturePublicKey,
     signaturePrivateKey,
     appIdentityAddress,
     appIdentityAddressPrivateKey,
+    permissionId,
   ] = keysTxt.split('\n');
   return {
-    accountAddress,
     encryptionPublicKey,
     encryptionPrivateKey,
     signaturePublicKey,
     signaturePrivateKey,
     address: appIdentityAddress,
     addressPrivateKey: appIdentityAddressPrivateKey,
+    permissionId,
   };
 };

packages/hypergraph/src/connect/login.ts

@@ -6,7 +6,7 @@ import { loadAccountAddress, storeAccountAddress, storeKeys } from './auth-stora
 import { createIdentityKeys } from './create-identity-keys.js';
 import { decryptIdentity, encryptIdentity } from './identity-encryption.js';
 import { proveIdentityOwnership } from './prove-ownership.js';
-import { getSmartAccountWalletClient } from './smart-account.js';
+import { getSmartAccountWalletClient, smartAccountNeedsUpdate, updateLegacySmartAccount } from './smart-account.js';
 import type { IdentityKeys, Signer, Storage } from './types.js';
 
 export async function identityExists(accountAddress: string, syncServerUri: string) {
@@ -115,6 +115,10 @@ export async function login({
   if (!smartAccountWalletClient.account) {
     throw new Error('Smart account wallet client not found');
   }
+  // This will prompt the user to sign a user operation to update the smart account
+  if (await smartAccountNeedsUpdate(smartAccountWalletClient, chain, rpcUrl)) {
+    await updateLegacySmartAccount(smartAccountWalletClient, chain, rpcUrl);
+  }
   const accountAddress = smartAccountWalletClient.account.address;
   if (accountAddressFromStorage === undefined) {
     storeAccountAddress(storage, accountAddress);

packages/hypergraph/src/connect/parse-callback-params.ts

@@ -52,6 +52,7 @@ export const parseCallbackParams = ({
     return Effect.succeed({
       appIdentityAddress: data.appIdentityAddress,
       appIdentityAddressPrivateKey: data.appIdentityAddressPrivateKey,
+      permissionId: data.permissionId,
       signaturePublicKey: data.signaturePublicKey,
       signaturePrivateKey: data.signaturePrivateKey,
       encryptionPublicKey: data.encryptionPublicKey,

packages/hypergraph/src/connect/smart-account.ts

@@ -168,32 +168,6 @@ export type SmartSessionClient = {
   signMessage: ({ message }: { message: SignableMessage }) => Promise<Hex>;
 };
 
-const getOwnerAccount = (owner: WalletClient | string): { account: Account | WalletClient; address: Address } => {
-  if (typeof owner === 'string') {
-    return {
-      account: toAccount({
-        address: owner as `0x${string}`,
-        signMessage: async () => {
-          throw new Error('This account cannot sign messages');
-        },
-        signTransaction: async () => {
-          throw new Error('This account cannot sign transactions');
-        },
-        signTypedData: async () => {
-          throw new Error('This account cannot sign typed data');
-        },
-      }),
-      address: owner as `0x${string}`,
-    };
-  }
-  if (!owner.account) {
-    throw new Error('Wallet client must be an account');
-  }
-  return {
-    account: owner,
-    address: owner.account.address,
-  };
-};
 // Gets the legacy Geo smart account wallet client. If the smart account returned
 // by this function is deployed, it means it might need to be updated to have the 7579 module installed
 const getLegacySmartAccountWalletClient = async ({
@@ -202,7 +176,7 @@ const getLegacySmartAccountWalletClient = async ({
   rpcUrl = DEFAULT_RPC_URL,
   apiKey = DEFAULT_API_KEY,
 }: {
-  owner: WalletClient | string;
+  owner: WalletClient | Account;
   chain?: Chain;
   rpcUrl?: string;
   apiKey?: string;
@@ -215,7 +189,7 @@ const getLegacySmartAccountWalletClient = async ({
 
   const safeAccount = await toSafeSmartAccount({
     client: publicClient,
-    owners: [getOwnerAccount(owner).account],
+    owners: [owner],
     entryPoint: {
       // optional, defaults to 0.7
       address: entryPoint07Address,
@@ -257,29 +231,31 @@ const get7579SmartAccountWalletClient = async ({
   rpcUrl = DEFAULT_RPC_URL,
   apiKey = DEFAULT_API_KEY,
 }: {
-  owner: WalletClient | string;
+  owner: WalletClient | Account;
   address?: Hex;
   chain?: Chain;
   rpcUrl?: string;
   apiKey?: string;
 }): Promise<SmartAccountClient> => {
-  const ownerAccount = getOwnerAccount(owner);
-
   const transport = http(rpcUrl);
   const publicClient = createPublicClient({
     transport,
     chain,
   });
+  const ownerAddress = 'account' in owner ? owner.account?.address : owner.address;
+  if (!ownerAddress) {
+    throw new Error('Owner address not found');
+  }
 
   const ownableValidator = getOwnableValidator({
-    owners: [ownerAccount.address],
+    owners: [ownerAddress],
     threshold: 1,
   });
   const smartSessionsValidator = getSmartSessionsValidator({});
 
   const safeAccountParams: ToSafeSmartAccountParameters<'0.7', Hex> = {
     client: publicClient,
-    owners: [ownerAccount.account],
+    owners: [owner],
     version: '1.4.1' as const,
     entryPoint: {
       address: entryPoint07Address,
@@ -349,7 +325,7 @@ export const getSmartAccountWalletClient = async ({
   rpcUrl = DEFAULT_RPC_URL,
   apiKey = DEFAULT_API_KEY,
 }: {
-  owner: WalletClient | string;
+  owner: WalletClient | Account;
   address?: Hex;
   chain?: Chain;
   rpcUrl?: string;
@@ -559,7 +535,7 @@ const getSpaceActions = (space: { address: Hex; type: 'personal' | 'public' }) =
 // It will return the permissionId that can be used to create a smart session client.
 export const createSmartSession = async (
   walletClient: WalletClient,
-  smartAccountClient: SmartAccountClient,
+  accountAddress: Hex,
   sessionPrivateKey: Hex,
   chain: Chain,
   rpcUrl: string,
@@ -576,12 +552,21 @@ export const createSmartSession = async (
     additionalActions?: Action[];
   } = {},
 ): Promise<Hex> => {
+  const smartAccountClient = await getSmartAccountWalletClient({
+    owner: walletClient,
+    address: accountAddress,
+    chain,
+    rpcUrl,
+  });
   if (!smartAccountClient.account) {
-    throw new Error('Invalid smart account');
+    throw new Error('Invalid wallet client');
   }
   if (!smartAccountClient.account.isDeployed()) {
     throw new Error('Smart account must be deployed');
   }
+  if (await smartAccountNeedsUpdate(smartAccountClient, chain, rpcUrl)) {
+    throw new Error('Smart account needs to be updated');
+  }
   if (!smartAccountClient.chain) {
     throw new Error('Invalid smart account chain');
   }
@@ -746,16 +731,30 @@ export const createSmartSession = async (
 // This is the function that we use on the end user app to create a smart session client that can send transactions to the smart account.
 // The session must have previously been created by the createSmartSession function.
 // The client also includes a signMessage function that can be used to sign messages with the session key.
-export const getSmartSessionClient = (
-  smartAccountClient: SmartAccountClient,
-  sessionPrivateKey: Hex,
-  permissionId: Hex,
-  chain: Chain,
-  rpcUrl: string,
-): SmartSessionClient => {
-  if (!smartAccountClient.account) {
-    throw new Error('Invalid smart account');
-  }
+export const getSmartSessionClient = async ({
+  accountAddress,
+  chain = GEOGENESIS,
+  rpcUrl = DEFAULT_RPC_URL,
+  apiKey = DEFAULT_API_KEY,
+  sessionPrivateKey,
+  permissionId,
+}: {
+  accountAddress: Hex;
+  chain?: Chain;
+  rpcUrl?: string;
+  apiKey?: string;
+  sessionPrivateKey: Hex;
+  permissionId: Hex;
+}): Promise<SmartSessionClient> => {
+  const sessionKeyAccount = privateKeyToAccount(sessionPrivateKey);
+  const smartAccountClient = await getSmartAccountWalletClient({
+    owner: sessionKeyAccount, // Won't really be used, but we need to pass in an account
+    address: accountAddress,
+    chain,
+    rpcUrl,
+    apiKey,
+  });
+
   const sessionDetails = {
     mode: SmartSessionMode.USE,
     permissionId,
@@ -768,7 +767,7 @@ export const getSmartSessionClient = (
     transport: http(rpcUrl),
     chain,
   });
-  const sessionKeyAccount = privateKeyToAccount(sessionPrivateKey);
+
   return {
     sendTransaction: async <const calls extends readonly unknown[]>({ calls }: { calls: calls }) => {
       if (!smartAccountClient.account) {

packages/hypergraph/src/connect/types.ts

@@ -58,6 +58,7 @@ export type PublicAppIdentity = {
 export type PrivateAppIdentity = IdentityKeys & {
   address: string;
   addressPrivateKey: string;
+  permissionId: string;
   sessionToken: string;
   sessionTokenExpires: Date;
 };