Initial commit

Once again a weird place to commit, I have already done a lot of work, but I am just bad at using git, okay.

example-app/server/api/pow/challenge.get.ts

@@ -0,0 +1,44 @@
+import { defineEventHandler } from 'h3'
+import { config } from '~~/server/utils/config';
+import { generate_challenge } from '@impost/lib/validator';
+import { ChallengeStrategy } from '@impost/lib';
+import { CHALLENGE_TIMEOUT_MS, outstandingChallenges } from '~~/server/utils/pow';
+
+export default defineEventHandler(async () => {
+    let challenge_config;
+    switch (config.strategy) {
+        case ChallengeStrategy.LeadingZeroes:
+            challenge_config = {
+                parameters: { expires_at: CHALLENGE_TIMEOUT_MS },
+                strategy: config.strategy,
+                difficulty: config.leading_zeroes?.difficulty!,
+            };
+            break;
+        case ChallengeStrategy.TargetNumber:
+            challenge_config = {
+                parameters: { expires_at: CHALLENGE_TIMEOUT_MS },
+                strategy: config.strategy,
+                max_number: config.target_number.max_number,
+            };
+            break;
+    }
+
+    let challenge = await generate_challenge(challenge_config);
+    if (challenge === null) {
+        throw createError({
+            statusCode: 500,
+            statusMessage: 'Failed to generate challenge'
+        });
+    }
+
+    outstandingChallenges.set(challenge.salt, {
+        challenge, timeout: setTimeout(() => {
+            console.log("Challenge timed out:", challenge.salt);
+            outstandingChallenges.delete(challenge.salt);
+        }, CHALLENGE_TIMEOUT_MS)
+    });
+
+    return {
+        challenge,
+    }
+})

example-app/server/api/pow/challenge.post.ts

@@ -0,0 +1,45 @@
+import { defineEventHandler } from 'h3'
+import { validate_challenge } from '@impost/lib/validator';
+import * as z from 'zod';
+import { outstandingChallenges } from '~~/server/utils/pow';
+
+const challengeSchema = z.object({
+    challenge: z.string(),
+    nonce: z.string()
+})
+
+// post handler that takes in the challenge, and the nonce
+export default defineEventHandler(async (event) => {
+    const body = await readValidatedBody(event, challengeSchema.safeParse);
+
+    if (!body.success) {
+        throw createError({
+            statusCode: 400,
+            statusMessage: 'Validation failed'
+        })
+    }
+
+    let target = body.data.challenge;
+    let nonce = body.data.nonce;
+
+    // check if the challenge is valid
+    let challenge_valid = await validate_challenge(outstandingChallenges.get(target)!.challenge, {
+        challenge: target,
+        nonce: nonce
+    });
+
+    if (challenge_valid) {
+        // clear the challenge
+        clearTimeout(outstandingChallenges.get(target)!.timeout);
+        outstandingChallenges.delete(target);
+
+        return {
+            message: 'Challenge solved'
+        };
+    }
+
+    throw createError({
+        statusCode: 400,
+        statusMessage: 'Challenge is not valid'
+    })
+})

example-app/server/api/pow/difficulty.get.ts

@@ -0,0 +1,19 @@
+import { defineEventHandler } from 'h3'
+import { ChallengeStrategy } from '@impost/lib';
+
+export default defineEventHandler((event) => {
+    let difficulty: number;
+
+    switch (config.strategy) {
+        case ChallengeStrategy.LeadingZeroes:
+            difficulty = config.leading_zeroes.difficulty!;
+            break;
+        case ChallengeStrategy.TargetNumber:
+            difficulty = config.target_number.max_number!;
+            break;
+    }
+
+    return {
+        difficulty
+    }
+})

example-app/server/api/pow/difficulty.put.ts

@@ -0,0 +1,35 @@
+import { defineEventHandler } from 'h3'
+import { ChallengeStrategy } from '@impost/lib';
+
+export default defineEventHandler(async (event) => {
+    const body = await readBody(event)
+
+    let difficulty = body.difficulty;
+
+    switch (config.strategy) {
+        case ChallengeStrategy.LeadingZeroes:
+            if (!difficulty || difficulty < 1 || difficulty > 64) {
+                throw createError({
+                    statusCode: 400,
+                    statusMessage: 'Invalid request',
+                });
+            }
+
+            config.leading_zeroes.difficulty = difficulty;
+            break;
+        case ChallengeStrategy.TargetNumber:
+            if (!difficulty || difficulty < 1 || difficulty > 100_000_000) {
+                throw createError({
+                    statusCode: 400,
+                    statusMessage: 'Invalid request',
+                });
+            }
+
+            config.target_number.max_number = difficulty;
+            break;
+    }
+
+    return {
+        message: 'Challenge difficulty set'
+    };
+});

example-app/server/middleware/secure-context.ts

@@ -0,0 +1,10 @@
+import { defineEventHandler, setHeader } from 'h3'; // H3 is the underlying HTTP framework in Nuxt 3
+
+export default defineEventHandler((event) => {
+    setHeader(event, 'Strict-Transport-Security', 'max-age=63072000; includeSubDomains; preload');
+    setHeader(event, 'X-Frame-Options', 'DENY');
+    setHeader(event, 'X-XSS-Protection', '1; mode=block');
+    setHeader(event, 'Cross-Origin-Opener-Policy', 'same-origin');
+    setHeader(event, 'Cross-Origin-Embedder-Policy', 'require-corp');
+    setHeader(event, 'access-control-allow-origin', '*');
+});

example-app/server/utils/config.ts

@@ -0,0 +1,42 @@
+import { readFileSync } from 'fs';
+import { load } from 'js-toml';
+import z from 'zod';
+import { ChallengeStrategy } from "@impost/lib";
+
+const LeadingZeroesSchema = z.object({
+    strategy: z.literal(ChallengeStrategy.LeadingZeroes),
+    leading_zeroes: z.object({
+        difficulty: z.number().int().min(1).max(64),
+    }),
+});
+
+const TargetNumberSchema = z.object({
+    strategy: z.literal(ChallengeStrategy.TargetNumber),
+    target_number: z.object({
+        max_number: z.number().int().min(1).max(100_000),
+    }),
+});
+
+
+export type Config = z.infer<typeof Config>;
+
+export const Config = z.discriminatedUnion('strategy', [
+    LeadingZeroesSchema,
+    TargetNumberSchema,
+]);
+
+export let config: Config;
+
+try {
+    config = Config.parse(load(readFileSync('./config.toml', 'utf-8')));
+} catch (error: any) {
+    if (error instanceof z.ZodError) {
+        console.error("Failed to parse config:");
+        for (const issue of error.issues) {
+            console.error(issue.message, issue.path);
+        }
+    } else {
+        console.error("Failed to parse config:", error);
+    }
+    process.exit(1);
+}

example-app/server/utils/pow.ts

@@ -0,0 +1,6 @@
+import { Challenge } from "@impost/lib";
+
+export const outstandingChallenges = new Map<string, { challenge: Challenge, timeout: NodeJS.Timeout }>();
+
+// 1 hour
+export const CHALLENGE_TIMEOUT_MS = 3600000;