walletkit-core 0.19.0

Reference implementation for the World ID Protocol. Core functionality to use a World ID.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314

use alloy_core::primitives::{address, Address};
use world_id_core::primitives::{Config, ServiceEndpoint};

use crate::{error::WalletKitError, Environment, Region};

/// The World ID Registry contract address on World Chain Mainnet.
pub static WORLD_ID_REGISTRY: Address =
    address!("0x0000000000aE079eB8a274cD51c0f44a9E4d67d4");

/// The **Staging** World ID Registry contract address also on World Chain Mainnet.
pub static STAGING_WORLD_ID_REGISTRY: Address =
    address!("0x8556d07D75025f286fe757C7EeEceC40D54FA16D");

/// The `PoH` Recovery Agent contract address on the staging environment.
pub static POH_RECOVERY_AGENT_ADDRESS_STAGING: Address =
    address!("0x8df366ed8ef894f0d1d25dc21b7e36e2d97a7140");

/// The `PoH` Recovery Agent contract address on the production environment.
pub static POH_RECOVERY_AGENT_ADDRESS_PRODUCTION: Address =
    address!("0x00000000CBBA8Cb46C8CD414B62213F1B334fC59");

pub(crate) fn poh_recovery_agent_address(environment: &Environment) -> Address {
    match environment {
        Environment::Staging => POH_RECOVERY_AGENT_ADDRESS_STAGING,
        Environment::Production => POH_RECOVERY_AGENT_ADDRESS_PRODUCTION,
    }
}

const OPRF_NODE_COUNT: usize = 5;

/// Generates the list of OPRF node URLs for a given region and environment.
fn oprf_node_urls(region: Region, environment: &Environment) -> Vec<String> {
    let env_segment = match environment {
        Environment::Staging => ".staging",
        Environment::Production => "",
    };

    (0..OPRF_NODE_COUNT)
        .map(|i| {
            format!("https://node{i}.{region}{env_segment}.world.oprf.taceo.network")
        })
        .collect()
}

fn indexer_url(region: Region, environment: &Environment) -> String {
    let domain = match environment {
        Environment::Staging => "worldcoin.dev",
        Environment::Production => "world.org",
    };
    format!("https://indexer.{region}.id-infra.{domain}")
}

fn gateway_url(environment: &Environment) -> String {
    match environment {
        Environment::Staging => "https://gateway.id-infra.worldcoin.dev".to_string(),
        Environment::Production => "https://gateway.id-infra.world.org".to_string(),
    }
}

fn ohttp_relay_url(region: Region, environment: &Environment) -> String {
    let path = match environment {
        Environment::Staging => format!("{region}-world-id-stage"),
        Environment::Production => format!("{region}-world-id"),
    };
    let host = match environment {
        Environment::Staging => "staging.privacy-relay.cloudflare.com",
        Environment::Production => "privacy-relay.cloudflare.com",
    };
    format!("https://{host}/{path}")
}

// Base64-encoded `application/ohttp-keys` payloads fetched from /ohttp-keys endpoints.
// Each region has an independent HPKE key derived from its own seed secret.
// To refresh, run the `refresh-ohttp-keys` GitHub Action workflow.
const OHTTP_KEY_CONFIG_STAGING_US: &str = include_str!("ohttp_keys/staging_us.b64");
const OHTTP_KEY_CONFIG_STAGING_EU: &str = include_str!("ohttp_keys/staging_eu.b64");
const OHTTP_KEY_CONFIG_STAGING_AP: &str = include_str!("ohttp_keys/staging_ap.b64");
const OHTTP_KEY_CONFIG_PRODUCTION_US: &str =
    include_str!("ohttp_keys/production_us.b64");
const OHTTP_KEY_CONFIG_PRODUCTION_EU: &str =
    include_str!("ohttp_keys/production_eu.b64");
const OHTTP_KEY_CONFIG_PRODUCTION_AP: &str =
    include_str!("ohttp_keys/production_ap.b64");

const fn ohttp_key_config(region: Region, environment: &Environment) -> &'static str {
    match (environment, region) {
        (Environment::Staging, Region::Us) => OHTTP_KEY_CONFIG_STAGING_US,
        (Environment::Staging, Region::Eu) => OHTTP_KEY_CONFIG_STAGING_EU,
        (Environment::Staging, Region::Ap) => OHTTP_KEY_CONFIG_STAGING_AP,
        (Environment::Production, Region::Us) => OHTTP_KEY_CONFIG_PRODUCTION_US,
        (Environment::Production, Region::Eu) => OHTTP_KEY_CONFIG_PRODUCTION_EU,
        (Environment::Production, Region::Ap) => OHTTP_KEY_CONFIG_PRODUCTION_AP,
    }
}

fn ohttp_endpoint(
    url: String,
    region: Region,
    environment: &Environment,
) -> ServiceEndpoint {
    ServiceEndpoint::ohttp(
        url,
        ohttp_relay_url(region, environment),
        ohttp_key_config(region, environment).to_string(),
    )
}

fn build_config(
    environment: &Environment,
    rpc_url: Option<String>,
    region: Region,
    indexer: ServiceEndpoint,
    gateway: ServiceEndpoint,
) -> Result<Config, WalletKitError> {
    let (chain_id, registry_address) = match environment {
        // Staging also runs on World Chain Mainnet.
        Environment::Staging => (480, STAGING_WORLD_ID_REGISTRY),
        Environment::Production => (480, WORLD_ID_REGISTRY),
    };

    Config::new(
        rpc_url,
        chain_id,
        registry_address,
        indexer,
        gateway,
        oprf_node_urls(region, environment),
        3,
    )
    .map_err(WalletKitError::from)
}

/// Builds a [`Config`] for the given [`Environment`] using direct (non-OHTTP)
/// service endpoints — the default for SDK consumers.
///
/// # Errors
///
/// Returns [`WalletKitError`] if the configuration cannot be constructed
/// (e.g. invalid RPC URL).
pub fn default_config(
    environment: &Environment,
    rpc_url: Option<String>,
    region: Option<Region>,
) -> Result<Config, WalletKitError> {
    let region = region.unwrap_or_default();
    let indexer = ServiceEndpoint::direct(indexer_url(region, environment));
    let gateway = ServiceEndpoint::direct(gateway_url(environment));
    build_config(environment, rpc_url, region, indexer, gateway)
}

/// Builds a [`Config`] for the given [`Environment`] using OHTTP endpoints.
///
/// Opt-in alternative to [`default_config`] for consumers that want their
/// indexer/gateway traffic to flow through the Cloudflare OHTTP relay.
/// The indexer endpoint follows the caller's region; the gateway endpoint is
/// always pinned to the US OHTTP relay because the `world-id-gateway` is
/// centralised in the US cluster.
///
/// # Errors
///
/// Returns [`WalletKitError`] if the configuration cannot be constructed
/// (e.g. invalid RPC URL).
pub fn default_config_with_ohttp(
    environment: &Environment,
    rpc_url: Option<String>,
    region: Option<Region>,
) -> Result<Config, WalletKitError> {
    let region = region.unwrap_or_default();
    let indexer = ohttp_endpoint(indexer_url(region, environment), region, environment);
    let gateway = ohttp_endpoint(gateway_url(environment), Region::Us, environment);
    build_config(environment, rpc_url, region, indexer, gateway)
}

#[cfg(test)]
mod tests {
    use super::*;

    const ALL_ENVS: &[Environment] = &[Environment::Staging, Environment::Production];
    const ALL_REGIONS: &[Region] = &[Region::Us, Region::Eu, Region::Ap];

    #[test]
    fn default_config_builds_direct_endpoints_for_every_env_and_region() {
        for env in ALL_ENVS {
            for region in ALL_REGIONS {
                let config = default_config(env, None, Some(*region))
                    .expect("default_config should succeed");

                assert!(
                    matches!(config.indexer(), ServiceEndpoint::Direct { .. }),
                    "indexer should be Direct for env={env:?} region={region:?}"
                );
                assert!(
                    matches!(config.gateway(), ServiceEndpoint::Direct { .. }),
                    "gateway should be Direct for env={env:?} region={region:?}"
                );
                assert_eq!(config.indexer_url(), indexer_url(*region, env));
                assert_eq!(config.gateway_url(), gateway_url(env));
            }
        }
    }

    #[test]
    fn default_config_with_ohttp_builds_ohttp_endpoints_with_region_specific_relays() {
        for env in ALL_ENVS {
            for region in ALL_REGIONS {
                let config = default_config_with_ohttp(env, None, Some(*region))
                    .expect("default_config_with_ohttp should succeed");

                match config.indexer() {
                    ServiceEndpoint::Ohttp {
                        url,
                        relay_url,
                        key_config_base64,
                    } => {
                        assert_eq!(url, &indexer_url(*region, env));
                        assert_eq!(relay_url, &ohttp_relay_url(*region, env));
                        assert_eq!(key_config_base64, ohttp_key_config(*region, env));
                    }
                    direct @ ServiceEndpoint::Direct { .. } => panic!(
                        "indexer should be Ohttp for env={env:?} region={region:?}, got {direct:?}"
                    ),
                }
            }
        }
    }

    #[test]
    fn default_config_with_ohttp_pins_gateway_to_us_relay_regardless_of_region() {
        for env in ALL_ENVS {
            for region in ALL_REGIONS {
                let config = default_config_with_ohttp(env, None, Some(*region))
                    .expect("default_config_with_ohttp should succeed");

                match config.gateway() {
                    ServiceEndpoint::Ohttp {
                        url,
                        relay_url,
                        key_config_base64,
                    } => {
                        assert_eq!(url, &gateway_url(env));
                        assert_eq!(relay_url, &ohttp_relay_url(Region::Us, env));
                        assert_eq!(
                            key_config_base64,
                            ohttp_key_config(Region::Us, env)
                        );
                    }
                    direct @ ServiceEndpoint::Direct { .. } => panic!(
                        "gateway should be Ohttp for env={env:?} region={region:?}, got {direct:?}"
                    ),
                }
            }
        }
    }

    #[test]
    fn default_config_defaults_region_when_not_specified() {
        let with_default = default_config(&Environment::Staging, None, None).unwrap();
        let with_explicit_default =
            default_config(&Environment::Staging, None, Some(Region::default()))
                .unwrap();
        assert_eq!(
            with_default.indexer_url(),
            with_explicit_default.indexer_url(),
        );
    }

    #[test]
    fn default_config_with_ohttp_defaults_region_when_not_specified() {
        let with_default =
            default_config_with_ohttp(&Environment::Staging, None, None).unwrap();
        let with_explicit_default = default_config_with_ohttp(
            &Environment::Staging,
            None,
            Some(Region::default()),
        )
        .unwrap();
        assert_eq!(
            with_default.indexer_url(),
            with_explicit_default.indexer_url(),
        );
    }

    #[test]
    fn both_builders_round_trip_through_config_json() {
        for env in ALL_ENVS {
            for region in ALL_REGIONS {
                let direct = default_config(env, None, Some(*region)).unwrap();
                let direct_json = serde_json::to_string(&direct).unwrap();
                let direct_parsed = Config::from_json(&direct_json).unwrap();
                assert!(matches!(
                    direct_parsed.indexer(),
                    ServiceEndpoint::Direct { .. }
                ));
                assert!(matches!(
                    direct_parsed.gateway(),
                    ServiceEndpoint::Direct { .. }
                ));

                let ohttp =
                    default_config_with_ohttp(env, None, Some(*region)).unwrap();
                let ohttp_json = serde_json::to_string(&ohttp).unwrap();
                let ohttp_parsed = Config::from_json(&ohttp_json).unwrap();
                assert!(matches!(
                    ohttp_parsed.indexer(),
                    ServiceEndpoint::Ohttp { .. }
                ));
                assert!(matches!(
                    ohttp_parsed.gateway(),
                    ServiceEndpoint::Ohttp { .. }
                ));
            }
        }
    }
}