wip

nikgraf · nikgraf · commit ea90224bc1a9 · 2025-01-28T22:52:33.000+01:00
diff --git a/packages/hypergraph-react/src/HypergraphAppContext.tsx b/packages/hypergraph-react/src/HypergraphAppContext.tsx
@@ -17,10 +17,7 @@ import {
   useRef,
   useState,
 } from 'react';
-import { SiweMessage } from 'siwe';
-import type { Hex } from 'viem';
 import { type Address, getAddress } from 'viem';
-import { privateKeyToAccount } from 'viem/accounts';
 
 const decodeResponseMessage = Schema.decodeUnknownEither(Messages.ResponseMessage);
 
@@ -127,228 +124,8 @@ export function HypergraphAppProvider({
   const sessionToken = useSelectorStore(store, (state) => state.context.sessionToken);
   const keys = useSelectorStore(store, (state) => state.context.keys);
 
-  function prepareSiweMessage(address: Address, nonce: string) {
-    return new SiweMessage({
-      domain: window.location.host,
-      address,
-      statement: 'Sign in to Hypergraph',
-      uri: window.location.origin,
-      version: '1',
-      chainId,
-      nonce,
-      expirationTime: new Date(Date.now() + 1000 * 60 * 60 * 24 * 30).toISOString(),
-    }).prepareMessage();
-  }
-
-  async function getSessionNonce(accountId: string) {
-    const nonceReq = { accountId } as const satisfies Messages.RequestLoginNonce;
-    const res = await fetch(new URL('/login/nonce', syncServerUri), {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(nonceReq),
-    });
-    const decoded = Schema.decodeUnknownSync(Messages.ResponseLoginNonce)(await res.json());
-    return decoded.sessionNonce;
-  }
-
-  async function identityExists(accountId: string) {
-    const res = await fetch(new URL(`/identity?accountId=${accountId}`, syncServerUri), {
-      method: 'GET',
-    });
-    return res.status === 200;
-  }
-
-  async function loginWithWallet(signer: Identity.Signer, accountId: Address, retryCount = 0) {
-    const sessionToken = Identity.loadSyncServerSessionToken(storage, accountId);
-    if (!sessionToken) {
-      const sessionNonce = await getSessionNonce(accountId);
-      // Use SIWE to login with the server and get a token
-      const message = prepareSiweMessage(accountId, sessionNonce);
-      const signature = await signer.signMessage(message);
-      const loginReq = { accountId, message, signature } as const satisfies Messages.RequestLogin;
-      const res = await fetch(new URL('/login', syncServerUri), {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-        },
-        body: JSON.stringify(loginReq),
-      });
-      const decoded = Schema.decodeUnknownSync(Messages.ResponseLogin)(await res.json());
-      Identity.storeAccountId(storage, accountId);
-      Identity.storeSyncServerSessionToken(storage, accountId, decoded.sessionToken);
-      const keys = await restoreKeys(signer, accountId, decoded.sessionToken);
-      return {
-        accountId,
-        sessionToken: decoded.sessionToken,
-        keys,
-      };
-    }
-    // use whoami to check if the session token is still valid
-    const res = await fetch(new URL('/whoami', syncServerUri), {
-      headers: {
-        Authorization: `Bearer ${sessionToken}`,
-      },
-    });
-    if (res.status !== 200 || (await res.text()) !== accountId) {
-      console.warn('Session token is invalid, wiping state and retrying login with wallet');
-      Identity.wipeSyncServerSessionToken(storage, accountId);
-      if (retryCount > 3) {
-        throw new Error('Could not login with wallet after several attempts');
-      }
-      return await loginWithWallet(signer, accountId, retryCount + 1);
-    }
-    const keys = await restoreKeys(signer, accountId, sessionToken);
-    return {
-      accountId,
-      sessionToken,
-      keys,
-    };
-  }
-
-  async function loginWithKeys(keys: Identity.IdentityKeys, accountId: Address, retryCount = 0) {
-    const sessionToken = Identity.loadSyncServerSessionToken(storage, accountId);
-    if (sessionToken) {
-      // use whoami to check if the session token is still valid
-      const res = await fetch(new URL('/whoami', syncServerUri), {
-        headers: {
-          Authorization: `Bearer ${sessionToken}`,
-        },
-      });
-      if (res.status !== 200 || (await res.text()) !== accountId) {
-        console.warn('Session token is invalid, wiping state and retrying login with keys');
-        Identity.wipeSyncServerSessionToken(storage, accountId);
-        if (retryCount > 3) {
-          throw new Error('Could not login with keys after several attempts');
-        }
-        return await loginWithKeys(keys, accountId, retryCount + 1);
-      }
-      throw new Error('Could not login with keys');
-    }
-
-    const account = privateKeyToAccount(keys.signaturePrivateKey as Hex);
-    const sessionNonce = await getSessionNonce(account.address);
-    const message = prepareSiweMessage(account.address, sessionNonce);
-    const signature = await account.signMessage({ message });
-    const req = {
-      accountId,
-      message,
-      publicKey: keys.signaturePublicKey,
-      signature,
-    } as const satisfies Messages.RequestLoginWithSigningKey;
-    const res = await fetch(new URL('/login/with-signing-key', syncServerUri), {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(req),
-    });
-    if (res.status !== 200) {
-      throw new Error('Error logging in with signing key');
-    }
-    const decoded = Schema.decodeUnknownSync(Messages.ResponseLogin)(await res.json());
-    Identity.storeAccountId(storage, accountId);
-    Identity.storeSyncServerSessionToken(storage, accountId, decoded.sessionToken);
-    return {
-      accountId,
-      sessionToken: decoded.sessionToken,
-      keys,
-    };
-  }
-
-  async function restoreKeys(signer: Identity.Signer, accountId: Address, sessionToken: string) {
-    const keys = Identity.loadKeys(storage, accountId);
-    if (keys) {
-      return keys;
-    }
-    // Try to get the users identity from the sync server
-    const res = await fetch(new URL('/identity/encrypted', syncServerUri), {
-      headers: {
-        Authorization: `Bearer ${sessionToken}`,
-      },
-    });
-    if (res.status === 200) {
-      console.log('Identity found');
-      const decoded = Schema.decodeUnknownSync(Messages.ResponseIdentityEncrypted)(await res.json());
-      const { keyBox } = decoded;
-      const { ciphertext, nonce } = keyBox;
-      const keys = await Identity.decryptIdentity(signer, accountId, ciphertext, nonce);
-      Identity.storeKeys(storage, accountId, keys);
-      return keys;
-    }
-    throw new Error(`Error fetching identity ${res.status}`);
-  }
-
-  async function signup(signer: Identity.Signer, accountId: Address) {
-    const keys = Identity.createIdentityKeys();
-    const { ciphertext, nonce } = await Identity.encryptIdentity(signer, accountId, keys);
-    const { accountProof, keyProof } = await Identity.proveIdentityOwnership(signer, accountId, keys);
-
-    const account = privateKeyToAccount(keys.signaturePrivateKey as Hex);
-    const sessionNonce = await getSessionNonce(accountId);
-    const message = prepareSiweMessage(account.address, sessionNonce);
-    const signature = await account.signMessage({ message });
-    const req = {
-      keyBox: { accountId, ciphertext, nonce },
-      accountProof,
-      keyProof,
-      message,
-      signaturePublicKey: keys.signaturePublicKey,
-      encryptionPublicKey: keys.encryptionPublicKey,
-      signature,
-    } as const satisfies Messages.RequestCreateIdentity;
-    const res = await fetch(new URL('/identity', syncServerUri), {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-      },
-      body: JSON.stringify(req),
-    });
-    if (res.status !== 200) {
-      // TODO: handle this better?
-      throw new Error(`Error creating identity: ${res.status}`);
-    }
-    const decoded = Schema.decodeUnknownSync(Messages.ResponseCreateIdentity)(await res.json());
-    Identity.storeAccountId(storage, accountId);
-    Identity.storeSyncServerSessionToken(storage, accountId, decoded.sessionToken);
-    Identity.storeKeys(storage, accountId, keys);
-
-    return {
-      accountId,
-      sessionToken: decoded.sessionToken,
-      keys,
-    };
-  }
-
   async function login(signer: Identity.Signer) {
-    if (!signer) {
-      return;
-    }
-    const address = await signer.getAddress();
-    if (!address) {
-      return;
-    }
-    const accountId = getAddress(address);
-    const keys = Identity.loadKeys(storage, accountId);
-    let authData: {
-      accountId: Address;
-      sessionToken: string;
-      keys: Identity.IdentityKeys;
-    };
-    if (!keys && !(await identityExists(accountId))) {
-      authData = await signup(signer, accountId);
-    } else if (keys) {
-      authData = await loginWithKeys(keys, accountId);
-    } else {
-      authData = await loginWithWallet(signer, accountId);
-    }
-    console.log('Identity initialized');
-    store.send({
-      ...authData,
-      type: 'setAuth',
-    });
-    store.send({ type: 'reset' });
+    return Identity.login(signer, chainId, storage, syncServerUri);
   }
 
   function logout() {
diff --git a/packages/hypergraph/src/identity/index.ts b/packages/hypergraph/src/identity/index.ts
@@ -1,5 +1,6 @@
 export * from './auth-storage.js';
 export * from './create-identity-keys.js';
 export * from './identity-encryption.js';
+export * from './login.js';
 export * from './prove-ownership.js';
 export * from './types.js';
diff --git a/packages/hypergraph/src/identity/login.ts b/packages/hypergraph/src/identity/login.ts
