@turnkey/http - npm Package Compare versions

Comparing version 0.7.1-beta.0 to 0.8.0-beta.0

CHANGELOG.md

 # @turnkey/http
 
+## 0.8.0
+
+### Minor Changes
+
+- Added browser runtime support — `@turnkey/http` is now a universal (isomorphic) package
+- Dropped support for Node.js v14; we recommend using Node v18+
+
 ## 0.7.0
@@ -4,0 +11,0 @@

dist/base.js

 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.stableStringify = exports.request = void 0;
-const node_fetch_1 = __importDefault(require("node-fetch"));
+const universal_1 = require("./universal");
 const stamp_1 = require("./stamp");
 const config_1 = require("./config");
+const encoding_1 = require("./encoding");
 const sharedHeaders = {};
@@ -23,8 +21,9 @@ const sharedRequestOptions = {
     const sealedBody = stableStringify(inputBody);
-    const jsonStamp = Buffer.from(stableStringify((0, stamp_1.stamp)({
+    const sealedStamp = stableStringify(await (0, stamp_1.stamp)({
         content: sealedBody,
         privateKey: apiPrivateKey,
         publicKey: apiPublicKey,
-    })));
-    const response = await (0, node_fetch_1.default)(url.toString(), {
+    }));
+    const xStamp = (0, encoding_1.stringToBase64urlString)(sealedStamp);
+    const response = await (0, universal_1.fetch)(url.toString(), {
         ...sharedRequestOptions,
@@ -35,3 +34,3 @@ method,
             ...inputHeaders,
-            "X-Stamp": jsonStamp.toString("base64url"),
+            "X-Stamp": xStamp,
         },
@@ -38,0 +37,0 @@ body: sealedBody,

dist/stamp.d.ts

@@ -5,7 +5,7 @@ export declare function stamp(input: {
     privateKey: string;
-}): {
+}): Promise<{
     publicKey: string;
     scheme: string;
     signature: string;
-};
+}>;
 //# sourceMappingURL=stamp.d.ts.map

dist/stamp.js

 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.stamp = void 0;
-const crypto = __importStar(require("crypto"));
-// Specific byte-sequence for curve prime256v1 (DER encoding)
-const PRIVATE_KEY_PREFIX = Buffer.from("308141020100301306072a8648ce3d020106082a8648ce3d030107042730250201010420", "hex");
-function stamp(input) {
+const universal_1 = require("./universal");
+const encoding_1 = require("./encoding");
+const elliptic_curves_1 = require("./tink/elliptic_curves");
+async function stamp(input) {
     const { content, publicKey, privateKey } = input;
-    const privateKeyBuffer = Buffer.from(privateKey, "hex");
-    const privateKeyPkcs8Der = Buffer.concat([
-        PRIVATE_KEY_PREFIX,
-        privateKeyBuffer,
-    ]);
-    const privateKeyObject = crypto.createPrivateKey({
-        type: "pkcs8",
-        format: "der",
-        key: privateKeyPkcs8Der,
+    const key = await importTurnkeyApiKey({
+        uncompressedPrivateKeyHex: privateKey,
+        compressedPublicKeyHex: publicKey,
     });
-    const sign = crypto.createSign("SHA256");
-    sign.write(Buffer.from(content));
-    sign.end();
-    const signature = sign.sign(privateKeyObject, "hex");
+    const signature = await signMessage({ key, content });
     return {
@@ -53,2 +21,98 @@ publicKey: publicKey,
 exports.stamp = stamp;
+async function importTurnkeyApiKey(input) {
+    const { uncompressedPrivateKeyHex, compressedPublicKeyHex } = input;
+    const jwk = convertTurnkeyApiKeyToJwk({
+        uncompressedPrivateKeyHex,
+        compressedPublicKeyHex,
+    });
+    return await universal_1.subtle.importKey("jwk", jwk, {
+        name: "ECDSA",
+        namedCurve: "P-256",
+    }, false, // not extractable
+    ["sign"] // allow signing
+    );
+}
+async function signMessage(input) {
+    const { key, content } = input;
+    const signatureIeee1363 = await universal_1.subtle.sign({
+        name: "ECDSA",
+        hash: "SHA-256",
+    }, key, new universal_1.TextEncoder().encode(content));
+    const signatureDer = convertEcdsaIeee1363ToDer(new Uint8Array(signatureIeee1363));
+    return (0, encoding_1.uint8ArrayToHexString)(signatureDer);
+}
+function convertTurnkeyApiKeyToJwk(input) {
+    const { uncompressedPrivateKeyHex, compressedPublicKeyHex } = input;
+    const jwk = (0, elliptic_curves_1.pointDecode)((0, encoding_1.hexStringToUint8Array)(compressedPublicKeyHex));
+    jwk.d = (0, encoding_1.hexStringToBase64urlString)(uncompressedPrivateKeyHex);
+    return jwk;
+}
+/**
+ * `SubtleCrypto.sign(...)` outputs signature in IEEE P1363 format:
+ * - https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa
+ *
+ * Turnkey expects the signature encoding to be DER-encoded ASN.1:
+ * - https://github.com/tkhq/tkcli/blob/7f0159af5a73387ff050647180d1db4d3a3aa033/src/internal/apikey/apikey.go#L149
+ *
+ * Code modified from https://github.com/google/tink/blob/6f74b99a2bfe6677e3670799116a57268fd067fa/javascript/subtle/elliptic_curves.ts#L114
+ *
+ * Transform an ECDSA signature in IEEE 1363 encoding to DER encoding.
+ *
+ * @param ieee the ECDSA signature in IEEE encoding
+ * @return ECDSA signature in DER encoding
+ */
+function convertEcdsaIeee1363ToDer(ieee) {
+    if (ieee.length % 2 != 0 || ieee.length == 0 || ieee.length > 132) {
+        throw new Error("Invalid IEEE P1363 signature encoding. Length: " + ieee.length);
+    }
+    const r = toUnsignedBigNum(ieee.subarray(0, ieee.length / 2));
+    const s = toUnsignedBigNum(ieee.subarray(ieee.length / 2, ieee.length));
+    let offset = 0;
+    const length = 1 + 1 + r.length + 1 + 1 + s.length;
+    let der;
+    if (length >= 128) {
+        der = new Uint8Array(length + 3);
+        der[offset++] = 48;
+        der[offset++] = 128 + 1;
+        der[offset++] = length;
+    }
+    else {
+        der = new Uint8Array(length + 2);
+        der[offset++] = 48;
+        der[offset++] = length;
+    }
+    der[offset++] = 2;
+    der[offset++] = r.length;
+    der.set(r, offset);
+    offset += r.length;
+    der[offset++] = 2;
+    der[offset++] = s.length;
+    der.set(s, offset);
+    return der;
+}
+/**
+ * Code modified from https://github.com/google/tink/blob/6f74b99a2bfe6677e3670799116a57268fd067fa/javascript/subtle/elliptic_curves.ts#L311
+ *
+ * Transform a big integer in big endian to minimal unsigned form which has
+ * no extra zero at the beginning except when the highest bit is set.
+ */
+function toUnsignedBigNum(bytes) {
+    // Remove zero prefixes.
+    let start = 0;
+    while (start < bytes.length && bytes[start] == 0) {
+        start++;
+    }
+    if (start == bytes.length) {
+        start = bytes.length - 1;
+    }
+    let extraZero = 0;
+    // If the 1st bit is not zero, add 1 zero byte.
+    if ((bytes[start] & 128) == 128) {
+        // Add extra zero.
+        extraZero = 1;
+    }
+    const res = new Uint8Array(bytes.length - start + extraZero);
+    res.set(bytes.subarray(start), extraZero);
+    return res;
+}
 //# sourceMappingURL=stamp.js.map

package.json

 {
   "name": "@turnkey/http",
-  "version": "0.7.1-beta.0",
+  "version": "0.8.0-beta.0",
   "main": "./dist/index.js",
@@ -32,5 +32,7 @@ "types": "./dist/index.d.ts",
   "dependencies": {
-    "@types/node-fetch": "^2.6.2",
-    "node-fetch": "^2.6.8"
+    "undici": "^5.21.2"
   },
+  "engines": {
+    "node": ">=16.0.0"
+  },
   "scripts": {
@@ -37,0 +39,0 @@ "build": "tsc",

README.md

@@ -5,4 +5,6 @@ # @turnkey/http
 
-Typed HTTP client for interacting with [Turnkey](https://turnkey.io) API.
+A lower-level, fully typed HTTP client for interacting with [Turnkey](https://turnkey.io) API.
 
+For signing transactions and messages, check out the higher-level [`@turnkey/ethers`](/packages/ethers/) Signer.
+
 API Docs: https://turnkey.readme.io/
@@ -9,0 +11,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

381741

increased by7.3%

Dependency count

1

decreased by-50%

Number of package files

56

increased by40%

Lines of code

7369

increased by6.32%

Number of lines in readme file

90

increased by2.27%

Dependency changes

• + Addedundici@^5.21.2

• + Added@fastify/busboy@2.1.1(transitive)

• + Addedundici@5.28.4(transitive)

• - Removed@types/node-fetch@^2.6.2

• - Removednode-fetch@^2.6.8

• - Removed@types/node@22.9.0(transitive)

• - Removed@types/node-fetch@2.6.11(transitive)

• - Removedasynckit@0.4.0(transitive)

• - Removedcombined-stream@1.0.8(transitive)

• - Removeddelayed-stream@1.0.0(transitive)

• - Removedform-data@4.0.1(transitive)

• - Removedmime-db@1.52.0(transitive)

• - Removedmime-types@2.1.35(transitive)

• - Removednode-fetch@2.7.0(transitive)

• - Removedtr46@0.0.3(transitive)

• - Removedundici-types@6.19.8(transitive)

• - Removedwebidl-conversions@3.0.1(transitive)

• - Removedwhatwg-url@5.0.0(transitive)