fix: key exposed in api call, closes #1152

packages/wallet-sdk/src/derive.ts

@@ -1,9 +1,9 @@
 import { BIP32Interface } from 'bip32';
-import { Buffer } from '@stacks/common';
+import { Buffer, ChainID, TransactionVersion } from '@stacks/common';
 import { ECPair } from 'bitcoinjs-lib';
 import { createSha2Hash, ecPairToHexString } from '@stacks/encryption';
 
-import { assertIsTruthy } from './utils';
+import { assertIsTruthy, whenChainId } from './utils';
 import { Account, WalletKeys } from './models/common';
 import { StacksNetwork } from '@stacks/network';
 import { getAddressFromPrivateKey } from '@stacks/transactions';
@@ -176,14 +176,20 @@ const selectUsernameForAccount = async ({
   network?: StacksNetwork;
 }): Promise<{ username: string | undefined; derivationType: DerivationType }> => {
   // try to find existing usernames owned by stx derivation path
-  const address = deriveStxPrivateKey({ rootNode, index });
   if (network) {
+    const txVersion = whenChainId(network.chainId)({
+      [ChainID.Mainnet]: TransactionVersion.Mainnet,
+      [ChainID.Testnet]: TransactionVersion.Testnet,
+    });
+    const stxPrivateKey = deriveStxPrivateKey({ rootNode, index });
+    const address = getAddressFromPrivateKey(stxPrivateKey, txVersion);
     let username = await fetchFirstName(address, network);
     if (username) {
       return { username, derivationType: DerivationType.Wallet };
     } else {
       // try to find existing usernames owned by data derivation path
-      const address = deriveDataPrivateKey({ rootNode, index });
+      const dataPrivateKey = deriveDataPrivateKey({ rootNode, index });
+      const address = getAddressFromPrivateKey(dataPrivateKey, txVersion);
       username = await fetchFirstName(address, network);
       if (username) {
         return { username, derivationType: DerivationType.Data };

packages/wallet-sdk/src/utils.ts

@@ -5,7 +5,7 @@ import { AssertionError } from 'assert';
 import { parseZoneFile } from 'zone-file';
 import { GaiaHubConfig } from '@stacks/storage';
 import { TokenSigner, Json } from 'jsontokens';
-import { fetchPrivate } from '@stacks/common';
+import { ChainID, fetchPrivate } from '@stacks/common';
 
 export function assertIsTruthy<T>(val: T): asserts val is NonNullable<T> {
   if (val === undefined || val === null) {
@@ -124,3 +124,11 @@ export const makeGaiaAssociationToken = ({
   const token = tokenSigner.sign(payload);
   return token;
 };
+
+interface WhenChainIdMap<T> {
+  [ChainID.Mainnet]: T;
+  [ChainID.Testnet]: T;
+}
+export function whenChainId(chainId: ChainID) {
+  return <T>(chainIdMap: WhenChainIdMap<T>): T => chainIdMap[chainId];
+}

packages/wallet-sdk/tests/derive.test.ts

@@ -113,6 +113,7 @@ test('derive derivation path with new username owned by address of stx derivatio
   const { username, stxDerivationType } = await selectStxDerivation({ username: undefined, rootNode, index: 0, network });
   expect(username).toEqual("public_profile_for_testing.id.blockstack");
   expect(stxDerivationType).toEqual(DerivationType.Wallet);
+  expect(fetchMock.mock.calls[0][0]).toEqual(`https://stacks-node-api.mainnet.stacks.co/v1/addresses/stacks/${WALLET_ADDRESS}`);
 })
 
 
@@ -129,6 +130,8 @@ test('derive derivation path with new username owned by address of data derivati
   const { username, stxDerivationType } = await selectStxDerivation({ username: undefined, rootNode, index: 0, network });
   expect(username).toEqual("public_profile_for_testing.id.blockstack");
   expect(stxDerivationType).toEqual(DerivationType.Data);
+  expect(fetchMock.mock.calls[0][0]).toEqual(`https://stacks-node-api.mainnet.stacks.co/v1/addresses/stacks/${WALLET_ADDRESS}`);
+  expect(fetchMock.mock.calls[1][0]).toEqual(`https://stacks-node-api.mainnet.stacks.co/v1/addresses/stacks/${DATA_ADDRESS}`)
 })