Make invite link payload 2 times shorter, add # to don't send private key to server

[davidyuk]

Make invite link payload 2 times shorter

The private keys that we use have a length of 64 bytes, for performance reasons they contain both seed and public key. The public key can be generated by seed. I'm proposing to encode exactly the seed into the invite URL, this would make its payload 2 times shorter.

import nacl from 'tweetnacl';
import { decode, encode, MemoryAccount } from '@aeternity/aepp-sdk';

const url = new URL('https://wallet.superhero.com/invite/7heh8jzN54669JMV34vHcfp2SKJAzcAAZCe2XtC76hec2E4f6jGJtYQT8nrf52oRiGpEQ95srA5dT4DFQatRo6XrFqFXa');

const payload = url.pathname.split('/').at(-1);
const privateKey = decode(`nm_${payload}`, 'nm');
console.log('privateKey.length', privateKey.length);
console.log('address by private key', new MemoryAccount(privateKey).address);

const { secretKey } = nacl.sign.keyPair.fromSeed(privateKey.slice(0, 32));
// would print the same address by length of key / 2
console.log('address by        seed', new MemoryAccount(secretKey).address);

url.pathname = url.pathname.replace(payload, encode(privateKey.slice(0, 32), 'nm').slice(3));
console.log('url after', url.toString());

privateKey.length 64
address by private key ak_wweEkw78HToxLbjCnKhQJWzfFG9DqzYkDYzMLrtCbHFweABWw
address by        seed ak_wweEkw78HToxLbjCnKhQJWzfFG9DqzYkDYzMLrtCbHFweABWw
url after https://wallet.superhero.com/invite/PZK6m94Sc5X2ibggH4sFPnG98GGdhCMzbpbHju4jSWxpoD4uB

related issue aeternity/aepp-sdk-js#1815

Pass payload in anchor to don't submit to server

This would increase security a bit.

Summarising two proposals
https://wallet.superhero.com/invite/7heh8jzN54669JMV34vHcfp2SKJAzcAAZCe2XtC76hec2E4f6jGJtYQT8nrf52oRiGpEQ95srA5dT4DFQatRo6XrFqFXa
should be replaced with
https://wallet.superhero.com/invite#PZK6m94Sc5X2ibggH4sFPnG98GGdhCMzbpbHju4jSWxpoD4uB