anchorage_layer_simple/service-login-verify
ncantu fe7f49b6cd Update API anchorage, services, and website skeleton
**Motivations:**
- Synchronisation des modifications sur l'API anchorage, les services et le website skeleton
- Ajout de scripts de monitoring et de diagnostic pour l'API anchorage
- Documentation des problèmes de mutex et de provisioning UTXO

**Root causes:**
- N/A (commit de synchronisation)

**Correctifs:**
- N/A (commit de synchronisation)

**Evolutions:**
- Ajout de scripts de monitoring et de diagnostic pour l'API anchorage
- Amélioration de la gestion des mutex et des UTXOs
- Mise à jour de la documentation

**Pages affectées:**
- api-anchorage/src/bitcoin-rpc.js
- api-anchorage/src/routes/anchor.js
- api-anchorage/src/routes/health.js
- api-anchorage/src/server.js
- api-anchorage/README-MONITORING.md
- api-anchorage/cleanup-stale-locks.mjs
- api-anchorage/diagnose.mjs
- api-anchorage/unlock-utxos.mjs
- service-login-verify/src/persistentNonceCache.ts
- signet-dashboard/src/server.js
- signet-dashboard/public/*
- userwallet/src/hooks/useChannel.ts
- userwallet/src/services/relayNotificationService.ts
- userwallet/src/utils/defaultContract.ts
- website-skeleton/src/*
- docs/DOMAINS_AND_PORTS.md
- docs/INTERFACES.md
- features/*
- fixKnowledge/*
2026-01-28 15:11:59 +01:00
..

service-login-verify

Verify login proof and anti-replay policy for services that embed UserWallet in an iframe.

Purpose

The service is the parent application that embeds UserWallet. It receives login-proof via postMessage and must verify the proof before accepting a session, without a central server. This package provides:

  • verifyLoginProof(proof, context) full verification (crypto, allowed pubkeys, timestamp window, nonce anti-replay)
  • NonceCache in-memory anti-replay cache (TTL configurable)
  • buildAllowedPubkeysFromValidateurs(validateurs) build allowed pubkeys from action login validators (cle_publique only)

Usage

See features/service-login-verify.md for explanation and usage example.

Install

From the repo root:

cd service-login-verify && npm install && npm run build

Consuming apps can add a workspace dependency or link to ../service-login-verify.

References

  • features/service-login-verify.md
  • features/userwallet-contrat-login-reste-a-faire.md (§ 3.7)