From c9bbc27d205efa5553e8af6b2b22a390c8579459 Mon Sep 17 00:00:00 2001
From: mtyszczak <mateusz.tyszczak@gmail.com>
Date: Wed, 26 Mar 2025 12:35:51 +0100
Subject: [PATCH] Explicitly provide username and role in hb auth signing
 provider

---
 .../ts/signature-extension/test/index.html    |  2 +-
 ts/packages/signers-hb-auth/README.md         |  2 +-
 ts/packages/signers-hb-auth/src/index.ts      | 37 +++++++------------
 3 files changed, 16 insertions(+), 25 deletions(-)

diff --git a/examples/ts/signature-extension/test/index.html b/examples/ts/signature-extension/test/index.html
index e33167c1b..b6df9ac48 100644
--- a/examples/ts/signature-extension/test/index.html
+++ b/examples/ts/signature-extension/test/index.html
@@ -106,7 +106,7 @@
         workerUrl: './worker.js',
         sessionTimeout: 900
       });
-      const hbAuthProvider = await HBAuthProvider.for(hbAuthClient);
+      const hbAuthProvider = await HBAuthProvider.for(hbAuthClient, accountName, testEnv.role);
       try {
         await hbAuthClient.initialize();
         const registeredUser = await hbAuthClient.getRegisteredUserByUsername(accountName);
diff --git a/ts/packages/signers-hb-auth/README.md b/ts/packages/signers-hb-auth/README.md
index 6abd32c5e..3bbea6cc6 100644
--- a/ts/packages/signers-hb-auth/README.md
+++ b/ts/packages/signers-hb-auth/README.md
@@ -10,7 +10,7 @@ import HBAuthProvider from "@hiveio/wax-signers-hb-auth";
 
 const chain = await createHiveChain();
 
-const provider = HBAuthProvider.for(hbAuthClient);
+const provider = HBAuthProvider.for(hbAuthClient, "gtg", "posting");
 
 // Create a transaction using the Wax Hive chain instance
 const tx = await chain.createTransaction();
diff --git a/ts/packages/signers-hb-auth/src/index.ts b/ts/packages/signers-hb-auth/src/index.ts
index c49ca0290..2ac4e5cee 100644
--- a/ts/packages/signers-hb-auth/src/index.ts
+++ b/ts/packages/signers-hb-auth/src/index.ts
@@ -1,4 +1,4 @@
-import type { IOnlineSignatureProvider, ITransaction } from "@hiveio/wax";
+import type { IOnlineSignatureProvider, ITransaction, TRole } from "@hiveio/wax";
 
 import { type OfflineClient, type OnlineClient } from "@hiveio/hb-auth";
 
@@ -10,7 +10,7 @@ export class WaxHBAuthProviderError extends Error {}
  *
  * @example
  * ```
- * const provider = HBAuthProvider.for(hbAuthClient);
+ * const provider = HBAuthProvider.for(hbAuthClient, "gtg", "posting");
  *
  * // Create a transaction using the Wax Hive chain instance
  * const tx = await chain.createTransaction();
@@ -27,31 +27,21 @@ export class WaxHBAuthProviderError extends Error {}
 class HBAuthProvider implements IOnlineSignatureProvider {
   private constructor(
     public readonly client: OnlineClient | OfflineClient,
-    public readonly username?: string
+    public readonly username: string,
+    public readonly role: TRole
   ) {}
 
-  public static for(client: OnlineClient | OfflineClient, username?: string): HBAuthProvider {
-    return new HBAuthProvider(client, username);
+  public static for(client: OnlineClient | OfflineClient, username: string, role: TRole): HBAuthProvider {
+    if (role !== 'active' && role !== 'owner' && role !== 'posting')
+      throw new WaxHBAuthProviderError(`Invalid role: ${role}`);
+
+    return new HBAuthProvider(client, username, role);
   }
 
   public async signTransaction(transaction: ITransaction): Promise<void> {
-    const requiredAuthorities = transaction.requiredAuthorities;
-
-    const signatures: string[] = [];
-
-    const digest = transaction.sigDigest;
-
-    for(const auth in requiredAuthorities)
-      if (auth !== "other")
-        for(const actor of requiredAuthorities[auth])
-          if (this.username === undefined || actor === this.username)
-            signatures.push(await this.client.sign(actor, digest, auth as 'posting' | 'active' | 'owner'));
-
-    if (signatures.length === 0)
-      throw new WaxHBAuthProviderError(`Failed to sign the transaction`);
+    const signature = await this.client.sign(this.username, transaction.sigDigest, this.role as 'active' | 'owner' | 'posting');
 
-    for(const signature of signatures)
-      transaction.sign(signature);
+    transaction.sign(signature);
   }
 }
 
@@ -60,9 +50,10 @@ export interface WaxHBAuthProviderCreator {
    * We assume you already called #initialize() on the client and client has imported the keys.
    *
    * @param client - The hb-auth client instance.
-   * @param username - The username to sign the transaction with. If not provided - every user imported to the hb-auth will be allowed to sign the transaction.
+   * @param username - The username to sign the transaction with
+   * @param role - The role to sign the transaction with
    */
-  for(client: OnlineClient | OfflineClient, username?: string): HBAuthProvider;
+  for(client: OnlineClient | OfflineClient, username: string, role: TRole): HBAuthProvider;
 }
 
 export default HBAuthProvider as WaxHBAuthProviderCreator;
-- 
GitLab