Adds UTXOs to fund a transaction
a transaction builder object to add the inputs to. this object is always mutated. If not enough UTXOs exist to fund, the tx builder object will still contain as many inputs as could be found.
the amount of satoshis to fund in the transaction. the payer's utxos will be included to fund up to this amount of output and the corresponding fees for those additional inputs
the satoshis/byte fee rate to use for fee calculation
if true, this function will fund amountToFund and any new fees
associated with including the new inputs.
if false, this function will fund at most amountToFund
Decrypts data encrypted with encryptContent with the
transit private key.
encrypted content.
the hex string of the ECDSA private key to use for decryption. If not provided, will use user's appPrivateKey.
decrypted content.
Decrypt content encrypted using ECIES
secp256k1 private key hex string
object to decrypt, should contain: iv (initialization vector), cipherText (cipher text), mac (message authentication code), ephemeralPublicKey wasString (boolean indicating with or not to return a buffer or string on decrypt)
plaintext
Decrypt legacy triplesec keys
The encrypted key
Password for data
Decrypted seed
Encrypt a raw mnemonic phrase with a password
Buffer or hex-encoded string of the encrypted mnemonic
Password for data
the raw mnemonic phrase
Decrypts the hex encrypted private key
the private key corresponding to the public key for which the ciphertext was encrypted
the ciphertext
the decrypted private key
Deletes the specified file from the app's data store. Currently not implemented.
the path to the file to delete
that resolves when the file has been removed or rejects with an error
Makes sure that the identity address portion of
the decentralized identifier passed in the issuer iss
key of the token matches the public key
encoded and signed authentication token
if the identity address and public keys match
Looks up the identity address that owns the claimed username
in token using the lookup endpoint provided in nameLookupURL
to determine if the username is owned by the identity address
that matches the claimed public key
encoded and signed authentication token
a URL to the name lookup endpoint of the Blockstack Core API
returns a Promise that resolves to
true if the username is owned by the public key, otherwise the
Promise resolves to false
Checks if the ES256k signature on passed token match the claimed public key
in the payload key public_keys.
encoded and signed authentication token
Returns true if the signature matches the claimed public key
Encrypts the data provided with the app public key.
data to encrypt
the hex string of the ECDSA public key to use for encryption. If not provided, will use user's appPublicKey.
Stringified ciphertext object
Encrypt content to elliptic curve publicKey using ECIES
secp256k1 public key hex string
content to encrypt
Object containing (hex encoded): iv (initialization vector), cipherText (cipher text), mac (message authentication code), ephemeral public key wasString (boolean indicating with or not to return a buffer or string on decrypt) @private
Encrypt a raw mnemonic phrase to be password protected
Raw mnemonic phrase
Password to encrypt mnemonic with
The encrypted phrase
Encrypts the private key for decryption by the given public key.
hex encoded ciphertext
Estimates the cost of an announce transaction
the hash of the message
the number of utxos we expect will be required from the importer address
Estimates the cost of a name-import transaction
the fully-qualified name
the recipient
the zone file hash
the number of UTXOs we expect will be required from the importer address
Estimates cost of a namespace preorder transaction for a namespace
the namespace to preorder
the address to receive the namespace (this must be passed as the 'revealAddress' in the namespace-reveal transaction)
the address funding the preorder
the number of UTXOs we expect will be required from the payment address.
Estimates the cost of a namespace-ready transaction for a namespace
the namespace to ready
the number of UTXOs we expect will be required from the reveal address
Estimates cost of a namesapce reveal transaction for a namespace
the namespace to reveal
the address to receive the namespace (this must have been passed as 'revealAddress' to a prior namespace preorder)
the address that pays for this transaction
the number of UTXOs we expect will be required from the payment address
Estimates cost of a preorder transaction for a domain name.
the name to preorder
the address to receive the name (this must be passed as the 'registrationAddress' in the register transaction)
the address funding the preorder
the number of UTXOs we expect will be required from the payment address.
Estimates cost of a register transaction for a domain name.
the name to register
the address to receive the name
the address funding the register
whether or not we will broadcast a zonefile hash as part of the register
the number of UTXOs we expect will be required from the payment address.
Estimates cost of an transfer transaction for a domain name.
the name to renew
the next owner of the name
the current owner of the name
the address funding the transfer
whether or not we will broadcast a zonefile hash in the renewal operation
the number of UTXOs we expect will be required from the payment address.
Estimates cost of a revoke transaction for a domain name.
the name to revoke
the current owner of the name
the address funding the revoke
the number of UTXOs we expect will be required from the payment address.
Estimates the cost of a token-transfer transaction
the recipient of the tokens
the type of token to spend
a 64-bit unsigned BigInteger encoding the number of tokens to spend
an arbitrary string to store with the transaction
the number of utxos we expect will be required from the importer address
the number of outputs we expect to add beyond just the recipient output (default = 1, if the token owner is also the bitcoin funder)
Estimates cost of an transfer transaction for a domain name.
the name to transfer
the next owner of the name
the current owner of the name
the address funding the transfer
the number of UTXOs we expect will be required from the payment address.
Estimates cost of an update transaction for a domain name.
the name to update
the owner of the name
the address funding the update
the number of UTXOs we expect will be required from the payment address.
Extracts a profile from an encoded token and optionally verifies it,
if publicKeyOrAddress is provided.
the token to be extracted
the public key or address of the keypair that is thought to have signed the token
Fetches the contents of the manifest file specified in the authentication request
encoded and signed authentication request
Returns a Promise that resolves to the JSON
object manifest file unless there's an error in which case rejects with an error
message.
Generates a ECDSA keypair to use as the ephemeral app transit private key
the hex encoded private key
Get the app storage bucket URL
the gaia hub URL
the app private key used to generate the app address
That resolves to the URL of the app index file or rejects if it fails
Retrieves the authentication request from the query string
the authentication request or null if
the query string parameter authRequest is not found
Retrieve the authentication token from the URL query
the authentication token if it exists otherwise null
Get a core session token. Generate an auth request, sign it, send it to Core, and get back a session token.
Core API server's hostname
Core API server's port number
core api password
Application's private key
blockchain ID of the user signing in.
null if user has no blockchain ID
authentication request token
identifier for the current device
a Promise that resolves to a Core session token or rejects with an error message.
Retrieves the specified file from the app's data store.
the path to the file to read
the app to lookup for multi-player storage - defaults to current origin
the Blockstack ID to lookup for multi-player storage
Whether the content should be verified, only to be used
when putFile was set to sign = true
that resolves to the raw data in the file or rejects with an error
Get the URL for reading a file from an app's data store.
the path to the file to read
the app to lookup for multi-player storage - defaults to current origin
the Blockstack ID to lookup for multi-player storage
that resolves to the URL or rejects with an error
Fetch the public read URL of a user file for the specified app.
the path to the file to read
The Blockstack ID of the user to look up
The app origin
that resolves to the public read URL of the file or rejects with an error
Try to process any pending sign in request by returning a Promise that resolves
to the user data object if the sign in succeeds.
the endpoint against which to verify public keys match claimed username
the signed authentication response token
the transit private key that corresponds to the transit public key that was provided in the authentication request
that resolves to the user data object if successful and rejects if handling the sign in request fails or there was no pending sign in request.
Checks if the expiration date of the token is before the current time
encoded and signed authentication token
true if the token has not yet expired, false
if the token has expired
Checks if the if the token issuance time and date is after the current time and date.
encoded and signed authentication token
true if the token was issued after the current time,
otherwise returns false
Versioning
the left half of the version inequality
right half of the version inequality
iff v1 >= v2
Makes sure the manifest_uri is a same origin absolute URL.
encoded and signed authentication token
true if valid, otherwise false
Makes sure the redirect_uri is a same origin absolute URL.
encoded and signed authentication token
true if valid, otherwise false
Checks if both urls pass the same origin check & are absolute
first uri to check
second uri to check
true if they pass the same origin check
Check if there is a authentication request that hasn't been handled. Also checks for a protocol echo reply (which if detected then the page will be automatically redirected after this call).
true if there is a pending sign in, otherwise false
Check if a user is currently signed in.
true if the user is signed in, false if not.
Detects if the native auth-browser is installed and is successfully launched via a custom protocol URI.
The encoded authRequest to be used as a query param in the custom URI.
The callback that is invoked when the protocol handler was detected.
The callback that is invoked when the protocol handler was not detected.
List the set of files in this application's Gaia storage bucket.
a callback to invoke on each named file that
returns true to continue the listing operation or false to end it
instance calling this method
that resolves to the number of files listed
Loop over the list of files in a Gaia hub, and run a callback on each entry. Not meant to be called by external clients.
the Gaia hub config
the page ID
the loop count
the number of files listed so far
the callback to invoke on each file. If it returns a falsey value, then the loop stops. If it returns a truthy value, the loop continues.
that resolves to the number of files listed.
Retrieves the user data object. The user's profile is stored in the key profile.
User data object.
Look up a user profile by blockstack ID
The Blockstack ID of the profile to look up
that resolves to a profile object
Generates an announce transaction
the hash of the message to send. Should be an already-announced zone file hash
the private key that pays for the transaction. Should be the key that owns the name that the message recipients subscribe to
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates an authentication request that can be sent to the Blockstack
browser for the user to approve sign in. This authentication request can
then be used for sign in by passing it to the redirectToSignInWithAuthRequest
method.
Note: This method should only be used if you want to roll your own authentication
flow. Typically you'd use redirectToSignIn which takes care of this
under the hood.
hex encoded transit private key
location to redirect user to after sign in approval
location of this app's manifest file
the permissions this app is requesting
the origin of this app
the time at which this request is no longer valid
Any extra parameters you'd like to pass to the authenticator. Use this to pass options that aren't part of the Blockstack auth spec, but might be supported by special authenticators.
the authentication request
Generates a signed authentication response token for an app. This token is sent back to apps which use contents to access the resources and data requested by the app.
the identity key of the Blockstack ID generating the authentication response
the profile object for the Blockstack ID
the username of the Blockstack ID if any, otherwise null
an object containing metadata sent as part of the authentication
response including email if requested and available and a URL to the profile
core session token when responding to a legacy auth request
or null for current direct to gaia authentication requests
the application private key. This private key is unique and specific for every Blockstack ID and application combination.
an integer in the same format as
new Date().getTime(), milliseconds since the Unix epoch
the public key provide by the app in its authentication request with which secrets will be encrypted
URL to the write path of the user's Gaia hub
URL to the API endpoint to use
JWT that binds the app key to the identity key
signed and encoded authentication response token
Generates a bitcoin spend to a specified address. This will fund up to amount
of satoshis from the payer's UTXOs. It will generate a change output if and only
if the amount of leftover change is greater than the additional fees associated
with the extra output. If the requested amount is not enough to fund the transaction's
associated fees, then this will reject with a InvalidAmountError
UTXOs are selected largest to smallest, and UTXOs which cannot fund the fees associated with their own input will not be included.
If you specify an amount > the total balance of the payer address, then this will generate a maximum spend transaction
the address to receive the bitcoin payment
the private key used to fund the bitcoin spend
the amount in satoshis for the payment address to spend in this transaction
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Create an authentication token to be sent to the Core API server in order to generate a Core session JWT.
The unique application identifier (e.g. foo.app, www.foo.com, etc).
The list of API methods this application will need.
The application-specific private key
This is the blockchain ID of the requester
Identifier of the current device
a JWT signed by the app's private key
Generates a name import transaction for a namespace
the name to import
the address to receive the name
the hash of the zonefile to give this name
the private key that pays for the import
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a namespace preorder transaction for a namespace
the namespace to pre-order
the address to receive the namespace (this must be passed as the 'revealAddress' in the namespace-reveal transaction)
a hex string of the private key used to fund the transaction (or a TransactionSigner object)
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a namespace ready transaction for a namespace
the namespace to launch
the private key of the 'revealAddress' used to reveal the namespace
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a namespace reveal transaction for a namespace
the namespace to reveal
the address to receive the namespace (this must be passed as the 'revealAddress' in the namespace-reveal transaction)
a hex string (or a TransactionSigner object) of the private key used to fund the transaction
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a preorder transaction for a domain name.
the name to pre-order
the address to receive the name (this must be passed as the 'registrationAddress' in the register transaction)
a hex string of the private key used to fund the transaction or a transaction signer object
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a register transaction for a domain name.
the name to register
the address to receive the name (this must have been passed as the 'destinationAddress' in the preorder transaction) this address will receive a dust UTXO
a hex string of the private key (or a TransactionSigner object) used to fund the transaction (this must be the same as the payment address used to fund the preorder)
the zonefile data to include (this will be hashed to include in the transaction), the zonefile itself must be published after the UPDATE propagates.
the hash of the zone file data to include. It will be used instead of zonefile, if given
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a renewal transaction for a domain name.
the name to transfer
the address to receive the name after renewal this address will receive a dust UTXO
a hex string of the current owner's private key (or a TransactionSigner object)
a hex string of the private key used to fund the renewal (or a TransactionSigner object)
the zonefile data to include, if given (this will be hashed to include in the transaction), the zonefile itself must be published after the RENEWAL propagates.
the raw zone file hash to include (this will be used instead of zonefile, if given).
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a revoke transaction for a domain name.
the name to revoke
a hex string of the current owner's private key (or a TransactionSigner object)
a hex string of the private key used to fund the transaction (or a TransactionSigner object)
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a token-transfer transaction
the address to receive the tokens
the type of tokens to send
the BigInteger encoding of an unsigned 64-bit number of tokens to send
an arbitrary string to include with the transaction
the hex-encoded private key to send the tokens
the hex-encoded private key to fund the bitcoin fees for the transaction. Optional -- if not passed, will attempt to fund with sender key.
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Generates a transfer transaction for a domain name.
the name to transfer
the address to receive the name. this address will receive a dust UTXO
a hex string of the current owner's private key (or a TransactionSigner object)
a hex string of the private key used to fund the transaction (or a TransactionSigner object)
if true, then preserve the name's zone file
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
UUIDs
Generates an update transaction for a domain name.
the name to update
a hex string of the owner key, or a transaction signer object. This will provide one UTXO input, and also recieve a dust output.
a hex string, or a transaction signer object, of the private key used to fund the transaction's txfees
the zonefile data to update (this will be hashed to include in the transaction), the zonefile itself must be published after the UPDATE propagates.
if given, this is the hash to store (instead of zonefile). zonefile will be ignored if this is given.
optional boolean, defaults to false, indicating whether the function should attempt to return an unsigned (or not fully signed) transaction. Useful for passing around a TX for multi-sig input signing.
Time
Stores the data provided in the app's data store to to the file specified.
the path to store the data in
the data to store in the file
that resolves if the operation succeed and rejects if it failed
Generates an authentication request and redirects the user to the Blockstack browser to approve the sign in request.
Please note that this requires that the web browser properly handles the
blockstack: URL protocol handler.
Most applications should use this
method for sign in unless they require more fine grained control over how the
authentication request is generated. If your app falls into this category,
use makeAuthRequest and redirectToSignInWithAuthRequest to build your own sign in process.
Redirects the user to the Blockstack browser to approve the sign in request given.
The user is redirected to the blockstackIDHost if the blockstack:
protocol handler is not detected. Please note that the protocol handler detection
does not work on all browsers.
the authentication request generated by makeAuthRequest
the URL to redirect the user to if the blockstack protocol handler is not detected
Redirect the user's browser to the app using the redirect_uri
specified in the authentication request, passing the authentication
response token as a query parameter.
encoded and signed authentication request token
encoded and signed authentication response token
Send Core a request for a session token.
host name of the core node
port number of the core node
a signed JWT encoding the authentication request
the API password for Core
the resolves to a JWT signed with the Core API server's private key that authorizes the bearer to carry out the requested operations and rejects with an error message otherwise
Sign content using ECDSA
secp256k1 private key hex string
content to sign
contains: signature - Hex encoded DER signature public key - Hex encoded private string taken from privateKey
Signs a profile token
the JSON of the profile to be signed
the signing private key
the entity that the information is about
the entity that is issuing the token
the signing algorithm to use
the time of issuance of the token
the time of expiration of the token
Sign the user out and optionally redirect to given location.
Location to redirect user to after sign out.
Only used in environments with window available
Query Strings
Validates the social proofs in a user's profile. Currently supports validation of Facebook, Twitter, GitHub, Instagram, LinkedIn and HackerNews accounts.
The JSON of the profile to be validated
The owner bitcoin address to be validated
that resolves to an array of validated proof objects
Verify authentication request is valid. This function performs a number of checks on the authentication request token:
token has a valid issuance date & is not expiredtoken has a valid signature that matches the public key it claimsencoded and signed authentication request token
that resolves to true if the auth request is valid and false if it does not. It rejects with a String if the token is not signed @private
Verify the authentication request is valid and fetch the app manifest file if valid. Otherwise, reject the promise.
encoded and signed authentication request token
that resolves to the app manifest file in JSON format or rejects if the auth request or app manifest file is invalid
Verify the authentication response is valid
the authentication response token
the url use to verify owner of a username
that resolves to true if auth response is valid and false if it does not
Verify content using ECDSA
Content to verify was signed
secp256k1 private key hex string
Hex encoded DER signature
returns true when signature matches publickey + content, false if not
Verifies a profile token
the token to be verified
the public key or address of the keypair that is thought to have signed the token
Wraps a token for a profile token file
the token to be wrapped
token and decodedTokenGenerated using TypeDoc
This logic is in a separate file with no dependencies so that it can be loaded and executed as soon as possible to fulfill the purpose of the protocol detection technique. The effectiveness of this is obviously subject to how web apps bundle/consume the blockstack.js lib.