Add pkp signing

Author: spacesailor24

lit-access-control-conditions-stellar/nodejs/.env.example

@@ -1,3 +1,5 @@
-ETHEREUM_PRIVATE_KEY=
 STELLAR_SECRET=
-STELLAR_ACCOUNT_SEQUENCE_NUMBER=0
+STELLAR_ACCOUNT_SEQUENCE_NUMBER=0
+ETHEREUM_PRIVATE_KEY=
+LIT_ACTION_IPFS_CID=
+LIT_PKP_PUBLIC_KEY=

lit-access-control-conditions-stellar/nodejs/README.md

@@ -0,0 +1,5 @@
+# How to Run
+
+1. `yarn`
+2. `cp .env.example .env` and fill out the ENVs
+3. `yarn start`

lit-access-control-conditions-stellar/nodejs/esbuild.js

@@ -3,7 +3,7 @@ import { denoPlugins } from "jsr:@luca/esbuild-deno-loader@^0.10.3";
 
 esbuild.build({
   plugins: [...denoPlugins()],
-  entryPoints: ["src/litAction.ts"],
+  entryPoints: ["src/litAction.js"],
   outdir: "dist/",
   bundle: true,
   platform: "browser",

lit-access-control-conditions-stellar/nodejs/src/index.ts

@@ -19,26 +19,42 @@ const getEnv = (name: string): string => {
   return env;
 };
 
-const ETHEREUM_PRIVATE_KEY = getEnv("ETHEREUM_PRIVATE_KEY");
 const STELLAR_SECRET = getEnv("STELLAR_SECRET");
-// const LIT_PKP_PUBLIC_KEY = getEnv("LIT_PKP_PUBLIC_KEY");
 const STELLAR_ACCOUNT_SEQUENCE_NUMBER = getEnv(
   "STELLAR_ACCOUNT_SEQUENCE_NUMBER"
 );
+const ETHEREUM_PRIVATE_KEY = getEnv("ETHEREUM_PRIVATE_KEY");
+const LIT_ACTION_IPFS_CID = getEnv("LIT_ACTION_IPFS_CID");
+const LIT_PKP_PUBLIC_KEY = getEnv("LIT_PKP_PUBLIC_KEY");
 
 let litNodeClient: LitNodeClientNodeJs | undefined = undefined;
 
 try {
+  const stellarKeyPair = StellarBase.Keypair.fromSecret(STELLAR_SECRET);
+  const stellarAccount = new StellarBase.Account(
+    stellarKeyPair.publicKey(),
+    STELLAR_ACCOUNT_SEQUENCE_NUMBER
+  );
+
+  const stellarAuthTx = new StellarBase.TransactionBuilder(stellarAccount, {
+    fee: StellarBase.BASE_FEE,
+    networkPassphrase: StellarBase.Networks.TESTNET,
+  })
+    .setTimeout(60 * 60 * 24) // 24 hours
+    .build();
+  stellarAuthTx.sign(stellarKeyPair);
+
+  litNodeClient = new LitNodeClientNodeJs({
+    litNetwork: LitNetwork.Cayenne,
+  });
+  await litNodeClient.connect();
+
   const ethersWallet = new Ethers.Wallet(
     ETHEREUM_PRIVATE_KEY,
     new Ethers.providers.JsonRpcProvider(
       "https://chain-rpc.litprotocol.com/http"
     )
   );
-  litNodeClient = new LitNodeClientNodeJs({
-    litNetwork: LitNetwork.Cayenne,
-  });
-  await litNodeClient.connect();
   const sessionSigs = await litNodeClient.getSessionSigs({
     chain: "ethereum",
     expiration: new Date(Date.now() + 1000 * 60 * 60 * 24).toISOString(), // 24 hours
@@ -74,37 +90,19 @@ try {
       });
     },
   });
-  const stellarKeyPair = StellarBase.Keypair.fromSecret(STELLAR_SECRET);
-  const stellarAccount = new StellarBase.Account(
-    stellarKeyPair.publicKey(),
-    STELLAR_ACCOUNT_SEQUENCE_NUMBER
-  );
 
-  const stellarAuthTx = new StellarBase.TransactionBuilder(stellarAccount, {
-    fee: StellarBase.BASE_FEE,
-    networkPassphrase: StellarBase.Networks.TESTNET,
-  })
-    .setTimeout(60 * 60 * 24) // 24 hours
-    .build();
-  stellarAuthTx.sign(stellarKeyPair);
-  const authTxSignature = stellarAuthTx.signatures[0];
-  console.log({
-    stellarPublicKey: stellarKeyPair.publicKey(),
-    stellarAuthTxHash: stellarAuthTx.hash(),
-    stellarAuthTxSignature: authTxSignature.signature(),
-  });
-  const litActionSignatures = await litNodeClient.executeJs({
+  const litPkpSignature = await litNodeClient.executeJs({
     sessionSigs,
-    ipfsId: "QmbyhacLykPWYP7fDa5cdhJgSFnQuKnpK57NTqqcD3dd3R",
+    ipfsId: LIT_ACTION_IPFS_CID,
     jsParams: {
       stellarPublicKey: stellarKeyPair.publicKey(),
       stellarAuthTxHash: stellarAuthTx.hash(),
-      stellarAuthTxSignature: authTxSignature.signature(),
-      sourcePubkey: stellarKeyPair.publicKey(),
-      sourceSequence: "0",
+      stellarAuthTxSignature: stellarAuthTx.signatures[0].signature(),
+      stellarAccountSequenceNumber: STELLAR_ACCOUNT_SEQUENCE_NUMBER,
+      litPkpPublicKey: LIT_PKP_PUBLIC_KEY,
     },
   });
-  console.log("litActionSignatures: ", litActionSignatures);
+  console.log("litPkpSignature: ", litPkpSignature);
 } catch (error) {
   console.error(error);
 } finally {

lit-access-control-conditions-stellar/nodejs/src/litAction.js

@@ -0,0 +1,99 @@
+import "jsr:/@kitsonk/xhr";
+import * as StellarSdk from "https://cdnjs.cloudflare.com/ajax/libs/stellar-sdk/12.0.0-rc.2/stellar-sdk.js";
+
+const ALLOW_LIST_CONTRACT_ADDRESS =
+  "CAZEGBTBD7ZAL62YHHLS3W5EC2ZNVV2T32YGCQ6WRYAUF7O3EICW7UFF";
+const STELLAR_TESTNET_RPC_URL = "https://soroban-testnet.stellar.org";
+
+class BufferShim extends Uint8Array {
+  toJSON() {
+    // Return an object similar to Node.js Buffer's .toJSON output
+    return {
+      type: "Buffer",
+      data: Array.from(this),
+    };
+  }
+}
+
+(async () => {
+  const stellarKeyPair = StellarSdk.Keypair.fromPublicKey(stellarPublicKey);
+  const signatureVerified = stellarKeyPair.verify(
+    new BufferShim(stellarAuthTxHash),
+    new BufferShim(stellarAuthTxSignature)
+  );
+  if (!signatureVerified) {
+    LitActions.setResponse({
+      response:
+        "provided signature does not verify with provided stellarPublicKey and stellarAuthTxHash",
+    });
+    return;
+  }
+
+  const stellarSenderAccount = new StellarSdk.Account(
+    stellarPublicKey,
+    stellarAccountSequenceNumber
+  );
+  const builtTransaction = new StellarSdk.TransactionBuilder(
+    stellarSenderAccount,
+    {
+      fee: "100",
+      networkPassphrase: StellarSdk.Networks.TESTNET,
+    }
+  )
+    .addOperation(
+      new StellarSdk.Contract(ALLOW_LIST_CONTRACT_ADDRESS).call(
+        "is_allowed",
+        StellarSdk.nativeToScVal(stellarPublicKey, {
+          type: "address",
+        })
+      )
+    )
+    .setTimeout(90)
+    .build();
+
+  const requestBody = {
+    jsonrpc: "2.0",
+    id: 42,
+    method: "simulateTransaction",
+    params: {
+      transaction: builtTransaction.toXDR(),
+      resourceConfig: {
+        instructionLeeway: 3000000,
+      },
+    },
+  };
+  const result = await fetch(STELLAR_TESTNET_RPC_URL, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(requestBody),
+  });
+
+  const xdrObject = StellarSdk.xdr.ScVal.fromXDR(
+    (await result.json()).result.results[0].xdr,
+    "base64"
+  );
+  const isAllowed = xdrObject.value();
+  if (!isAllowed) {
+    LitActions.setResponse({
+      response: "provided Stellar address is not authorized",
+    });
+    return;
+  }
+
+  // sigShare is a special variable that's automatically returned by the Lit Action
+  const sigShare = await LitActions.signEcdsa({
+    toSign: ethers.utils.arrayify(
+      ethers.utils.keccak256(
+        new TextEncoder().encode(`${stellarPublicKey} is authorized`)
+      )
+    ),
+    publicKey: litPkpPublicKey,
+    sigName: "authorizationSignature",
+  });
+
+  LitActions.setResponse({
+    response: "provided Stellar address is authorized",
+  });
+})();