chore: wip adding server endpoints

Author: pcarranzav

apps/server/src/handlers/getIdentity.ts

@@ -10,7 +10,17 @@ type Params =
       signaturePublicKey: string;
     };
 
-export const getIdentity = async (params: Params) => {
+export type GetIdentityResult = {
+  accountId: string;
+  ciphertext: string;
+  nonce: string;
+  signaturePublicKey: string;
+  encryptionPublicKey: string;
+  accountProof: string;
+  keyProof: string;
+};
+
+export const getIdentity = async (params: Params): Promise<GetIdentityResult> => {
   if (!params.accountId && !params.signaturePublicKey) {
     throw new Error('Either accountId or signaturePublicKey must be provided');
   }

apps/server/src/handlers/getSpaceInbox.ts

@@ -0,0 +1,30 @@
+
+export async function getSpaceInbox({ spaceId, inboxId }: { spaceId: string; inboxId: string }) {
+  const inbox = await prisma.spaceInbox.findUnique({
+    where: { id: inboxId, spaceId },
+    select: {
+      id: true,
+      isPublic: true,
+      authPolicy: true,
+      encryptionPublicKey: true,
+    },
+    include: {
+      spaceEvent: {
+        select: {
+          event: true,
+        },
+      },
+    },
+  });
+  if (!inbox) {
+    throw new Error('Inbox not found');
+  }
+
+  return {
+    inboxId: inbox.id,
+    isPublic: inbox.isPublic,
+    authPolicy: inbox.authPolicy,
+    encryptionPublicKey: inbox.encryptionPublicKey,
+    creationEvent: JSON.parse(inbox.spaceEvent),
+  };
+}

apps/server/src/handlers/listPublicSpaceInboxes.ts

@@ -0,0 +1,29 @@
+import { prisma } from "../prisma";
+
+export async function listPublicSpaceInboxes({ spaceId }: { spaceId: string }) {
+  const inboxes = await prisma.spaceInbox.findMany({
+    where: { spaceId, isPublic: true },
+    select: {
+      id: true,
+      isPublic: true,
+      authPolicy: true,
+      encryptionPublicKey: true,
+    },
+    include: {
+      spaceEvent: {
+        select: {
+          event: true,
+        },
+      },
+    },
+  });
+  return inboxes.map((inbox) => {
+    return {
+      inboxId: inbox.id,
+      isPublic: inbox.isPublic,
+      authPolicy: inbox.authPolicy,
+      encryptionPublicKey: inbox.encryptionPublicKey,
+      creationEvent: JSON.parse(inbox.spaceEvent),
+    };
+  });
+}

apps/server/src/index.ts

@@ -10,13 +10,17 @@ import { applySpaceEvent } from './handlers/applySpaceEvent.js';
 import { createIdentity } from './handlers/createIdentity.js';
 import { createSpace } from './handlers/createSpace.js';
 import { createUpdate } from './handlers/createUpdate.js';
-import { getIdentity } from './handlers/getIdentity.js';
+import { getIdentity, GetIdentityResult } from './handlers/getIdentity.js';
 import { getSpace } from './handlers/getSpace.js';
 import { listInvitations } from './handlers/listInvitations.js';
 import { listSpaces } from './handlers/listSpaces.js';
 import { createSessionNonce, getSessionNonce } from './handlers/sessionNonce.js';
 import { createSessionToken, getAccountIdBySessionToken } from './handlers/sessionToken.js';
 import { tmpInitAccount } from './handlers/tmpInitAccount.js';
+import { listPublicSpaceInboxes } from './handlers/listPublicSpaceInboxes.js';
+import { getSpaceInbox } from './handlers/getSpaceInbox.js';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { sha256 } from '@noble/hashes/sha256';
 
 interface CustomWebSocket extends WebSocket {
   accountId: string;
@@ -271,6 +275,98 @@ app.get('/identity', async (req, res) => {
   }
 });
 
+app.get('/spaces/:spaceId/inboxes', async (req, res) => {
+  console.log('GET spaces/:spaceId/inboxes');
+  const spaceId = req.params.spaceId;
+  const inboxes = await listPublicSpaceInboxes({ spaceId });
+  const outgoingMessage: Messages.ResponseListSpaceInboxesPublic = {
+    inboxes,
+  };
+  res.status(200).send(outgoingMessage);
+});
+
+app.get('/spaces/:spaceId/inboxes/:inboxId', async (req, res) => {
+  console.log('GET spaces/:spaceId/inboxes/:inboxId');
+  const spaceId = req.params.spaceId;
+  const inboxId = req.params.inboxId;
+  const inbox = await getSpaceInbox({ spaceId, inboxId });
+  const outgoingMessage: Messages.ResponseSpaceInboxPublic = {
+    inbox,
+  };
+  res.status(200).send(outgoingMessage);
+});
+
+app.post('/spaces/:spaceId/inboxes/:inboxId/messages', async (req, res) => {
+  console.log('POST spaces/:spaceId/inboxes/:inboxId/messages');
+  const spaceId = req.params.spaceId;
+  const inboxId = req.params.inboxId;
+  const message = req.body;
+  let spaceInbox: Messages.SpaceInboxPublic;
+  try {
+    spaceInbox = await getSpaceInbox({ spaceId, inboxId });
+  } catch (error) {
+    res.status(404).send({ error: 'Inbox not found' });
+    return;
+  }
+
+  if (spaceInbox.authPolicy === 'auth_required') {
+    if (!message.signature) {
+      res.status(400).send({ error: 'Signature required for auth_required inbox' });
+      return;
+    }
+
+    // Recover the public key from the signature
+    // TODO: move this to inboxes in the hypergraph package
+    let signatureInstance = secp256k1.Signature.fromCompact(message.signature.hex);
+    signatureInstance = signatureInstance.addRecoveryBit(message.signature.recovery);
+    const authorPublicKey = `0x${signatureInstance.recoverPublicKey(sha256(Utils.stringToUint8Array(Utils.canonicalize(message)))).toHex()}`;
+
+    // Check if this public key corresponds to a member's identity
+    let authorIdentity: GetIdentityResult;
+    try {
+      authorIdentity = await getIdentity({ signaturePublicKey: authorPublicKey });
+    } catch (error) {
+      res.status(403).send({ error: 'Not authorized to post to this inbox' });
+      return;
+    }
+  }
+  await createSpaceInboxMessage({ spaceId, inboxId, message });
+  res.status(200).send({})  ;
+  broadcastSpaceInboxMessage({ spaceId, inboxId, message });
+});
+
+// TODO same as above but for account inboxes
+app.get('/accounts/:accountId/inboxes', async (req, res) => {
+  console.log('GET accounts/:accountId/inboxes');
+  const accountId = req.params.accountId;
+  const inboxes = await listPublicAccountInboxes({ accountId });
+  const outgoingMessage: Messages.ResponseListAccountInboxesPublic = {
+    inboxes,
+  };
+  res.status(200).send(outgoingMessage);
+});
+
+app.get('/accounts/:accountId/inboxes/:inboxId', async (req, res) => {
+  console.log('GET accounts/:accountId/inboxes/:inboxId');
+  const accountId = req.params.accountId;
+  const inboxId = req.params.inboxId;
+  const inbox = await getAccountInbox({ accountId, inboxId });
+  const outgoingMessage: Messages.ResponseAccountInboxPublic = {
+    inbox,
+  };
+  res.status(200).send(outgoingMessage);
+});
+
+app.post('/accounts/:accountId/inboxes/:inboxId/messages', async (req, res) => {
+  console.log('POST accounts/:accountId/inboxes/:inboxId/messages');
+  const accountId = req.params.accountId;
+  const inboxId = req.params.inboxId;
+  const message = req.body;
+  await createAccountInboxMessage({ accountId, inboxId, message });
+  res.status(200).send({});
+  broadcastAccountInboxMessage({ accountId, inboxId, message });
+});
+
 const server = app.listen(PORT, () => {
   console.log(`Listening on port ${PORT}`);
 });

packages/hypergraph-react/src/HypergraphAppContext.tsx

@@ -475,6 +475,26 @@ export function HypergraphAppProvider({
                 state: applyEventResult.value,
               });
             }
+            if (response.event.transaction.type === 'create-space-inbox') {
+              const inbox = {
+                inboxId: response.event.transaction.id,
+                isPublic: response.event.transaction.isPublic,
+                authPolicy: response.event.transaction.authPolicy,
+                encryptionPublicKey: response.event.transaction.encryptionPublicKey,
+                secretKey: Utils.bytesToHex(
+                  Messages.decryptMessage({
+                    nonceAndCiphertext: Utils.hexToBytes(response.event.transaction.secretKey),
+                    secretKey: Utils.hexToBytes(space.keys[0].key),
+                  }),
+                ),
+                messages: [],
+              };
+              store.send({
+                type: 'setSpaceInbox',
+                spaceId: response.spaceId,
+                inbox,
+              });
+            }
 
             break;
           }
@@ -513,6 +533,23 @@ export function HypergraphAppProvider({
             await applyUpdates(response.spaceId, space.keys[0].key, space.automergeDocHandle, response.updates);
             break;
           }
+          case 'account-inbox': {
+            // Validate the signature of the inbox corresponds to the current account's identity
+            if (!keys.signaturePrivateKey) {
+              console.error('No signature private key found to process account inbox');
+              return;
+            }
+            const inboxCreator = Inboxes.recoverAccountInboxCreatorKey(response.inbox);
+            if (inboxCreator !== keys.signaturePublicKey) {
+              console.error('Invalid inbox creator', response.inbox);
+              return;
+            }
+            store.send({
+              type: 'setAccountInbox',
+              inbox: response.inbox,
+            });
+            break;
+          }
           default: {
             Utils.assertExhaustive(response);
           }

packages/hypergraph/src/inboxes/index.ts

@@ -1 +1,2 @@
 export * from './create-inbox.js';
+export * from './recover-inbox-creator.js';

packages/hypergraph/src/inboxes/recover-inbox-creator.ts

@@ -0,0 +1,30 @@
+import { sha256 } from '@noble/hashes/sha256';
+import { secp256k1 } from '@noble/curves/secp256k1';
+import { stringToUint8Array } from '../utils/index.js';
+import { canonicalize } from '../utils/index.js';
+import { AccountInbox } from '../messages/index.js';
+import { CreateSpaceInboxEvent } from '../space-events/index.js';
+
+export const recoverAccountInboxCreatorKey = (inbox: AccountInbox): string => {
+  const messageToVerify = stringToUint8Array(
+    canonicalize({
+      accountId: inbox.accountId,
+      inboxId: inbox.inboxId,
+      encryptionPublicKey: inbox.encryptionPublicKey,
+    }),
+  );
+  const signature = inbox.signature;
+  let signatureInstance = secp256k1.Signature.fromCompact(signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(signature.recovery);
+  const authorPublicKey = `0x${signatureInstance.recoverPublicKey(sha256(messageToVerify)).toHex()}`;
+  return authorPublicKey;
+};
+
+export const recoverSpaceInboxCreatorKey = (event: CreateSpaceInboxEvent): string => {
+  const messageToVerify = stringToUint8Array(canonicalize(event.transaction));
+  const signature = event.author.signature;
+  let signatureInstance = secp256k1.Signature.fromCompact(signature.hex);
+  signatureInstance = signatureInstance.addRecoveryBit(signature.recovery);
+  const authorPublicKey = `0x${signatureInstance.recoverPublicKey(sha256(messageToVerify)).toHex()}`;
+  return authorPublicKey;
+};

packages/hypergraph/src/messages/types.ts

@@ -237,6 +237,25 @@ export const SpaceInbox = Schema.Struct({
 
 export type SpaceInbox = Schema.Schema.Type<typeof SpaceInbox>;
 
+export const AccountInbox = Schema.Struct({
+  accountId: Schema.String,
+  inboxId: Schema.String,
+  isPublic: Schema.Boolean,
+  authPolicy: Schema.String,
+  encryptionPublicKey: Schema.String,
+  signature: SignatureWithRecovery,
+  messages: Schema.Array(InboxMessage),
+});
+
+export type AccountInbox = Schema.Schema.Type<typeof AccountInbox>;
+
+export const ResponseAccountInbox = Schema.Struct({
+  type: Schema.Literal('account-inbox'),
+  inbox: AccountInbox,
+});
+
+export type ResponseAccountInbox = Schema.Schema.Type<typeof ResponseAccountInbox>;
+
 export const ResponseSpace = Schema.Struct({
   type: Schema.Literal('space'),
   id: Schema.String,
@@ -272,6 +291,7 @@ export const ResponseMessage = Schema.Union(
   ResponseSpaceEvent,
   ResponseUpdateConfirmed,
   ResponseUpdatesNotification,
+  ResponseAccountInbox,
 );
 
 export type ResponseMessage = Schema.Schema.Type<typeof ResponseMessage>;
@@ -310,6 +330,51 @@ export const ResponseIdentity = Schema.Struct({
 
 export type ResponseIdentity = Schema.Schema.Type<typeof ResponseIdentity>;
 
+export const SpaceInboxPublic = Schema.Struct({
+  inboxId: Schema.String,
+  isPublic: Schema.Boolean,
+  authPolicy: Schema.String,
+  encryptionPublicKey: Schema.String,
+  creationEvent: CreateSpaceInboxEvent,
+});
+
+export type SpaceInboxPublic = Schema.Schema.Type<typeof SpaceInboxPublic>;
+
+export const ResponseSpaceInboxPublic = Schema.Struct({
+  inbox: SpaceInboxPublic,
+});
+
+export type ResponseSpaceInboxPublic = Schema.Schema.Type<typeof ResponseSpaceInboxPublic>;
+
+export const ResponseListSpaceInboxesPublic = Schema.Struct({
+  inboxes: Schema.Array(SpaceInboxPublic),
+});
+
+export type ResponseListSpaceInboxesPublic = Schema.Schema.Type<typeof ResponseListSpaceInboxesPublic>;
+
+export const AccountInboxPublic = Schema.Struct({
+  accountId: Schema.String,
+  inboxId: Schema.String,
+  isPublic: Schema.Boolean,
+  authPolicy: Schema.String,
+  encryptionPublicKey: Schema.String,
+  signature: SignatureWithRecovery,
+});
+
+export type AccountInboxPublic = Schema.Schema.Type<typeof AccountInboxPublic>;
+
+export const ResponseAccountInboxPublic = Schema.Struct({
+  inbox: AccountInboxPublic,
+});
+
+export type ResponseAccountInboxPublic = Schema.Schema.Type<typeof ResponseAccountInboxPublic>;
+
+export const ResponseListAccountInboxesPublic = Schema.Struct({
+  inboxes: Schema.Array(AccountInboxPublic),
+});
+
+export type ResponseListAccountInboxesPublic = Schema.Schema.Type<typeof ResponseListAccountInboxesPublic>;
+
 export const ResponseIdentityNotFoundError = Schema.Struct({
   accountId: Schema.String,
 });