Decrypt API Rework (#560)

nucypher · Aug 20, 2024 · 43786ce · 43786ce
2 parents ae5186f + 1e528aa
commit 43786ce
Show file tree

Hide file tree

Showing 26 changed files with 464 additions and 356 deletions.
diff --git a/examples/taco/nextjs/src/hooks/useTaco.ts b/examples/taco/nextjs/src/hooks/useTaco.ts
@@ -6,6 +6,7 @@ import {
   encrypt,
   initialize,
   ThresholdMessageKit,
+  USER_ADDRESS_PARAM_DEFAULT,
 } from '@nucypher/taco';
 import { ethers } from 'ethers';
 import { useCallback, useEffect, useState } from 'react';
@@ -32,12 +33,13 @@ export default function useTaco({
       }
       const messageKit = ThresholdMessageKit.fromBytes(encryptedBytes);
       const authProvider = new EIP4361AuthProvider(provider, signer);
-      return decrypt(
-        provider,
-        domain,
-        messageKit,
+      const conditionContext =
+        conditions.context.ConditionContext.fromMessageKit(messageKit);
+      conditionContext.addAuthProvider(
+        USER_ADDRESS_PARAM_DEFAULT,
         authProvider,
       );
+      return decrypt(provider, domain, messageKit, conditionContext);
     },
     [isInit, provider, domain],
   );

diff --git a/examples/taco/nodejs/src/index.ts b/examples/taco/nodejs/src/index.ts
@@ -1,15 +1,16 @@
 import { format } from 'node:util';
 
 import {
+  EIP4361AuthProvider,
+  ThresholdMessageKit,
+  USER_ADDRESS_PARAM_DEFAULT,
   conditions,
   decrypt,
   domains,
-  EIP4361AuthProvider,
   encrypt,
   fromBytes,
   initialize,
   isAuthorized,
-  ThresholdMessageKit,
   toBytes,
   toHexString,
 } from '@nucypher/taco';
@@ -108,17 +109,22 @@ const decryptFromBytes = async (encryptedBytes: Uint8Array) => {
     domain: 'localhost',
     uri: 'http://localhost:3000',
   };
-  const authProvider = new EIP4361AuthProvider(
-    provider,
-    consumerSigner,
-    siweParams,
-  );
-  return decrypt(
-    provider,
-    domain,
-    messageKit,
-    authProvider,
-  );
+  const conditionContext =
+    conditions.context.ConditionContext.fromMessageKit(messageKit);
+
+  // illustrative optional example of checking what context parameters are required
+  // unnecessary if you already know what the condition contains
+  if (
+    conditionContext.requestedContextParameters.has(USER_ADDRESS_PARAM_DEFAULT)
+  ) {
+    const authProvider = new EIP4361AuthProvider(
+      provider,
+      consumerSigner,
+      siweParams,
+    );
+    conditionContext.addAuthProvider(USER_ADDRESS_PARAM_DEFAULT, authProvider);
+  }
+  return decrypt(provider, domain, messageKit, conditionContext);
 };
 
 const runExample = async () => {

diff --git a/examples/taco/react/src/hooks/useTaco.ts b/examples/taco/react/src/hooks/useTaco.ts
@@ -6,6 +6,7 @@ import {
   encrypt,
   initialize,
   ThresholdMessageKit,
+  USER_ADDRESS_PARAM_DEFAULT,
 } from '@nucypher/taco';
 import { ethers } from 'ethers';
 import { useCallback, useEffect, useState } from 'react';
@@ -32,12 +33,13 @@ export default function useTaco({
       }
       const messageKit = ThresholdMessageKit.fromBytes(encryptedBytes);
       const authProvider = new EIP4361AuthProvider(provider, signer);
-      return decrypt(
-        provider,
-        domain,
-        messageKit,
+      const conditionContext =
+        conditions.context.ConditionContext.fromMessageKit(messageKit);
+      conditionContext.addAuthProvider(
+        USER_ADDRESS_PARAM_DEFAULT,
         authProvider,
       );
+      return decrypt(provider, domain, messageKit, conditionContext);
     },
     [isInit, provider, domain],
   );

diff --git a/examples/taco/webpack-5/src/index.ts b/examples/taco/webpack-5/src/index.ts
@@ -7,6 +7,7 @@ import {
   fromBytes,
   initialize,
   toBytes,
+  USER_ADDRESS_PARAM_DEFAULT,
 } from '@nucypher/taco';
 import { ethers } from 'ethers';
 import { hexlify } from 'ethers/lib/utils';
@@ -61,11 +62,14 @@ const runExample = async () => {
 
   console.log('Decrypting message...');
   const authProvider = new EIP4361AuthProvider(provider, signer);
+  const conditionContext =
+    conditions.context.ConditionContext.fromMessageKit(messageKit);
+  conditionContext.addAuthProvider(USER_ADDRESS_PARAM_DEFAULT, authProvider);
   const decryptedBytes = await decrypt(
     provider,
     domain,
     messageKit,
-    authProvider,
+    conditionContext,
   );
   const decryptedMessage = fromBytes(decryptedBytes);
   console.log('Decrypted message:', decryptedMessage);

diff --git a/packages/shared/src/porter.ts b/packages/shared/src/porter.ts
@@ -38,9 +38,7 @@ export const getPorterUri = async (domain: Domain): Promise<string> => {
   return (await getPorterUris(domain))[0];
 };
 
-export const getPorterUris = async (
-  domain: Domain,
-): Promise<string[]> => {
+export const getPorterUris = async (domain: Domain): Promise<string[]> => {
   const fullList = [];
   const uri = defaultPorterUri[domain];
   if (!uri) {

diff --git a/packages/shared/test/porter.test.ts b/packages/shared/test/porter.test.ts
@@ -57,7 +57,7 @@ describe('getPorterUris', () => {
   it('Get URIs from source', async () => {
     for (const domain of Object.values(domains)) {
       const uris = await getPorterUrisFromSource(domain);
-      expect(uris.length).toBeGreaterThan(0);
+      expect(uris.length).toBeGreaterThanOrEqual(0);
       const fullList = await getPorterUris(domain);
       expect(fullList).toEqual(expect.arrayContaining(uris));
     }

diff --git a/packages/taco-auth/src/auth-provider.ts b/packages/taco-auth/src/auth-provider.ts
@@ -1,20 +1,5 @@
 import { AuthSignature } from './auth-sig';
-import { EIP4361AuthProvider } from './providers';
-
-export const EIP4361_AUTH_METHOD = 'EIP4361';
 
 export interface AuthProvider {
   getOrCreateAuthSignature(): Promise<AuthSignature>;
 }
-
-export type AuthProviders = {
-  [EIP4361_AUTH_METHOD]?: EIP4361AuthProvider;
-  // Fallback to satisfy type checking
-  [key: string]: AuthProvider | undefined;
-};
-
-export const USER_ADDRESS_PARAM_DEFAULT = ':userAddress';
-
-export const AUTH_METHOD_FOR_PARAM: Record<string, string> = {
-  [USER_ADDRESS_PARAM_DEFAULT]: EIP4361_AUTH_METHOD,
-};
diff --git a/packages/taco-auth/src/auth-sig.ts b/packages/taco-auth/src/auth-sig.ts
@@ -1,8 +1,10 @@
 import { EthAddressSchema } from '@nucypher/shared';
 import { z } from 'zod';
 
-import { EIP4361_AUTH_METHOD } from './auth-provider';
-import { EIP4361TypedDataSchema } from './providers';
+import {
+  EIP4361_AUTH_METHOD,
+  EIP4361TypedDataSchema,
+} from './providers/eip4361/common';
 
 export const authSignatureSchema = z.object({
   signature: z.string(),

diff --git a/packages/taco-auth/src/providers/eip4361/common.ts b/packages/taco-auth/src/providers/eip4361/common.ts
@@ -0,0 +1,17 @@
+import { SiweMessage } from 'siwe';
+import { z } from 'zod';
+
+export const EIP4361_AUTH_METHOD = 'EIP4361';
+
+const isSiweMessage = (message: string): boolean => {
+  try {
+    new SiweMessage(message);
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+export const EIP4361TypedDataSchema = z
+  .string()
+  .refine(isSiweMessage, { message: 'Invalid SIWE message' });
diff --git a/packages/taco-auth/src/providers/eip4361.ts → ...aco-auth/src/providers/eip4361/eip4361.ts b/packages/taco-auth/src/providers/eip4361.ts → ...aco-auth/src/providers/eip4361/eip4361.ts
@@ -1,23 +1,12 @@
 import { ethers } from 'ethers';
 import { generateNonce, SiweMessage } from 'siwe';
-import { z } from 'zod';
 
-import { EIP4361_AUTH_METHOD } from '../auth-provider';
-import { AuthSignature } from '../auth-sig';
-import { LocalStorage } from '../storage';
+import { AuthSignature } from '../../auth-sig';
+import { LocalStorage } from '../../storage';
 
-const isSiweMessage = (message: string): boolean => {
-  try {
-    new SiweMessage(message);
-    return true;
-  } catch {
-    return false;
-  }
-};
+import { EIP4361_AUTH_METHOD } from './common';
 
-export const EIP4361TypedDataSchema = z
-  .string()
-  .refine(isSiweMessage, { message: 'Invalid SIWE message' });
+export const USER_ADDRESS_PARAM_DEFAULT = ':userAddress';
 
 export type EIP4361AuthProviderParams = {
   domain: string;

diff --git a/...co-auth/src/providers/external-eip4361.ts → ...src/providers/eip4361/external-eip4361.ts b/...co-auth/src/providers/external-eip4361.ts → ...src/providers/eip4361/external-eip4361.ts
@@ -1,7 +1,11 @@
 import { SiweMessage } from 'siwe';
 
-import { EIP4361_AUTH_METHOD } from '../auth-provider';
-import { AuthSignature } from '../auth-sig';
+import { AuthSignature } from '../../auth-sig';
+
+import { EIP4361_AUTH_METHOD } from './common';
+
+export const USER_ADDRESS_PARAM_EXTERNAL_EIP4361 =
+  ':userAddressExternalEIP4361';
 
 export class SingleSignOnEIP4361AuthProvider {
   public static async fromExistingSiweInfo(
@@ -22,7 +26,7 @@ export class SingleSignOnEIP4361AuthProvider {
 
   private constructor(
     private readonly existingSiweMessage: string,
-    private readonly address: string,
+    public readonly address: string,
     private readonly signature: string,
   ) {}
 

diff --git a/packages/taco-auth/src/providers/index.ts b/packages/taco-auth/src/providers/index.ts
@@ -1,2 +1,2 @@
-export * from './eip4361';
-export * from './external-eip4361';
+export * from './eip4361/eip4361';
+export * from './eip4361/external-eip4361';
diff --git a/packages/taco-auth/test/auth-provider.test.ts b/packages/taco-auth/test/auth-provider.test.ts
@@ -7,7 +7,8 @@ import {
 import { SiweMessage } from 'siwe';
 import { describe, expect, it } from 'vitest';
 
-import { EIP4361AuthProvider, EIP4361TypedDataSchema } from '../src';
+import { EIP4361AuthProvider } from '../src/providers';
+import { EIP4361TypedDataSchema } from '../src/providers/eip4361/common';
 
 describe('auth provider', () => {
   const provider = fakeProvider(bobSecretKeyBytes);

diff --git a/packages/taco/examples/encrypt-decrypt.ts b/packages/taco/examples/encrypt-decrypt.ts
@@ -10,6 +10,7 @@ import {
   initialize,
   ThresholdMessageKit,
   toBytes,
+  USER_ADDRESS_PARAM_DEFAULT,
 } from '../src';
 
 const ritualId = 1;
@@ -49,11 +50,14 @@ const run = async () => {
       web3Provider,
       web3Provider.getSigner(),
     );
+    const conditionContext =
+      conditions.context.ConditionContext.fromMessageKit(messageKit);
+    conditionContext.addAuthProvider(USER_ADDRESS_PARAM_DEFAULT, authProvider);
     const decryptedMessage = await decrypt(
       web3Provider,
       domains.TESTNET,
       messageKit,
-      authProvider,
+      conditionContext,
     );
     return decryptedMessage;
   };

diff --git a/packages/taco/src/conditions/condition-expr.ts b/packages/taco/src/conditions/condition-expr.ts
@@ -1,11 +1,9 @@
 import { Conditions as CoreConditions } from '@nucypher/nucypher-core';
 import { toJSON } from '@nucypher/shared';
-import { AuthProviders } from '@nucypher/taco-auth';
 import { SemVer } from 'semver';
 
 import { Condition } from './condition';
 import { ConditionFactory } from './condition-factory';
-import { ConditionContext, CustomContextParam } from './context';
 
 const ERR_VERSION = (provided: string, current: string) =>
   `Version provided, ${provided}, is incompatible with current version, ${current}`;
@@ -64,17 +62,6 @@ export class ConditionExpression {
     return ConditionExpression.fromJSON(conditions.toString());
   }
 
-  public buildContext(
-    customParameters: Record<string, CustomContextParam> = {},
-    authProviders: AuthProviders = {},
-  ): ConditionContext {
-    return new ConditionContext(
-      this.condition,
-      customParameters,
-      authProviders,
-    );
-  }
-
   public equals(other: ConditionExpression): boolean {
     return [
       this.version === other.version,

diff --git a/packages/taco/src/conditions/const.ts b/packages/taco/src/conditions/const.ts
@@ -1,8 +1,8 @@
 import { ChainId } from '@nucypher/shared';
-import { USER_ADDRESS_PARAM_DEFAULT } from '@nucypher/taco-auth';
-
-export const USER_ADDRESS_PARAM_EXTERNAL_EIP4361 =
-  ':userAddressExternalEIP4361';
+import {
+  USER_ADDRESS_PARAM_DEFAULT,
+  USER_ADDRESS_PARAM_EXTERNAL_EIP4361,
+} from '@nucypher/taco-auth';
 
 // Only allow alphanumeric characters and underscores
 export const CONTEXT_PARAM_REGEXP = new RegExp('^:[a-zA-Z_][a-zA-Z0-9_]*$');
@@ -21,8 +21,3 @@ export const USER_ADDRESS_PARAMS = [
   // Ordering matters, this should always be last
   USER_ADDRESS_PARAM_DEFAULT,
 ];
-
-export const RESERVED_CONTEXT_PARAMS = [
-  USER_ADDRESS_PARAM_DEFAULT,
-  // USER_ADDRESS_PARAM_EXTERNAL_EIP4361 is not reserved and can be used as a custom context parameter
-];