@0xmonaco/core 0.8.7 → 0.8.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/applications/api.d.ts +61 -8
- package/dist/api/applications/api.js +71 -7
- package/dist/api/auth/api.d.ts +44 -76
- package/dist/api/auth/api.js +61 -104
- package/dist/api/base.d.ts +48 -7
- package/dist/api/base.js +95 -12
- package/dist/api/delegated-agents/api.d.ts +2 -1
- package/dist/api/delegated-agents/api.js +4 -0
- package/dist/api/faucet/api.d.ts +25 -0
- package/dist/api/faucet/api.js +29 -0
- package/dist/api/faucet/index.d.ts +1 -0
- package/dist/api/faucet/index.js +1 -0
- package/dist/api/index.d.ts +4 -0
- package/dist/api/index.js +4 -0
- package/dist/api/margin-accounts/api.d.ts +3 -4
- package/dist/api/margin-accounts/api.js +8 -15
- package/dist/api/market/api.d.ts +3 -1
- package/dist/api/market/api.js +8 -0
- package/dist/api/orderbook/api.js +2 -1
- package/dist/api/perp/routes.d.ts +62 -4
- package/dist/api/perp/routes.js +27 -4
- package/dist/api/profile/api.d.ts +18 -1
- package/dist/api/profile/api.js +41 -1
- package/dist/api/sub-accounts/api.d.ts +62 -0
- package/dist/api/sub-accounts/api.js +80 -0
- package/dist/api/sub-accounts/index.d.ts +1 -0
- package/dist/api/sub-accounts/index.js +1 -0
- package/dist/api/trades/api.d.ts +12 -1
- package/dist/api/trades/api.js +13 -1
- package/dist/api/trading/api.d.ts +5 -2
- package/dist/api/trading/api.js +13 -27
- package/dist/api/websocket/types.d.ts +5 -5
- package/dist/api/websocket/websocket.js +43 -22
- package/dist/api/whitelist/api.d.ts +27 -0
- package/dist/api/whitelist/api.js +32 -0
- package/dist/api/whitelist/index.d.ts +1 -0
- package/dist/api/whitelist/index.js +1 -0
- package/dist/api/withdrawals/api.d.ts +15 -0
- package/dist/api/withdrawals/api.js +27 -0
- package/dist/api/withdrawals/index.d.ts +1 -0
- package/dist/api/withdrawals/index.js +1 -0
- package/dist/coverage.d.ts +85 -0
- package/dist/coverage.js +85 -0
- package/dist/crypto/session.d.ts +40 -0
- package/dist/crypto/session.js +60 -0
- package/dist/sdk.d.ts +56 -18
- package/dist/sdk.js +156 -53
- package/package.json +5 -3
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Whitelist API Implementation
|
|
3
|
+
*
|
|
4
|
+
* Public (unauthenticated) whitelist/waitlist application submission. The
|
|
5
|
+
* server validates and de-duplicates by wallet address and email, creating an
|
|
6
|
+
* inactive user pending manual approval. This is an onboarding endpoint, not a
|
|
7
|
+
* trading operation.
|
|
8
|
+
*
|
|
9
|
+
* @example
|
|
10
|
+
* ```typescript
|
|
11
|
+
* const { message, user_id } = await sdk.whitelist.submit({
|
|
12
|
+
* wallet_address: "0x...",
|
|
13
|
+
* email: "user@example.com",
|
|
14
|
+
* });
|
|
15
|
+
* ```
|
|
16
|
+
*/
|
|
17
|
+
import { BaseAPI } from "../base";
|
|
18
|
+
import { perpRoutes } from "../perp/routes";
|
|
19
|
+
export class WhitelistAPIImpl extends BaseAPI {
|
|
20
|
+
/**
|
|
21
|
+
* Submits a whitelist (waitlist) application. Public — no auth required.
|
|
22
|
+
*
|
|
23
|
+
* @param body - Applicant details
|
|
24
|
+
* @returns Promise resolving to the status message and created user id
|
|
25
|
+
*/
|
|
26
|
+
async submit(body) {
|
|
27
|
+
return await this.makePublicRequest(perpRoutes.whitelist.submit(), {
|
|
28
|
+
method: "POST",
|
|
29
|
+
body: JSON.stringify(body),
|
|
30
|
+
});
|
|
31
|
+
}
|
|
32
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { WhitelistAPIImpl } from "./api";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export { WhitelistAPIImpl } from "./api";
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { InitiateWithdrawalRequest, WithdrawalResponse, WithdrawalsAPI } from "@0xmonaco/types";
|
|
2
|
+
import { BaseAPI } from "../base";
|
|
3
|
+
/**
|
|
4
|
+
* Low-level withdrawals client.
|
|
5
|
+
*
|
|
6
|
+
* `initiateWithdrawal` debits the caller's balance via the matching engine and
|
|
7
|
+
* returns the target vault address plus pre-signed `executeSignedWithdrawal`
|
|
8
|
+
* calldata; `getWithdrawal` re-fetches that calldata for a previously-initiated
|
|
9
|
+
* index. Neither submits on-chain — use the high-level vault API for the flow
|
|
10
|
+
* that also broadcasts the transaction.
|
|
11
|
+
*/
|
|
12
|
+
export declare class WithdrawalsAPIImpl extends BaseAPI implements WithdrawalsAPI {
|
|
13
|
+
initiateWithdrawal(request: InitiateWithdrawalRequest): Promise<WithdrawalResponse>;
|
|
14
|
+
getWithdrawal(withdrawalIndex: number): Promise<WithdrawalResponse>;
|
|
15
|
+
}
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
import { BaseAPI } from "../base";
|
|
2
|
+
import { perpRoutes } from "../perp";
|
|
3
|
+
/**
|
|
4
|
+
* Low-level withdrawals client.
|
|
5
|
+
*
|
|
6
|
+
* `initiateWithdrawal` debits the caller's balance via the matching engine and
|
|
7
|
+
* returns the target vault address plus pre-signed `executeSignedWithdrawal`
|
|
8
|
+
* calldata; `getWithdrawal` re-fetches that calldata for a previously-initiated
|
|
9
|
+
* index. Neither submits on-chain — use the high-level vault API for the flow
|
|
10
|
+
* that also broadcasts the transaction.
|
|
11
|
+
*/
|
|
12
|
+
export class WithdrawalsAPIImpl extends BaseAPI {
|
|
13
|
+
async initiateWithdrawal(request) {
|
|
14
|
+
return this.makeAuthenticatedRequest(perpRoutes.withdrawals.initiate(), {
|
|
15
|
+
method: "POST",
|
|
16
|
+
body: JSON.stringify({
|
|
17
|
+
asset_id: request.assetId,
|
|
18
|
+
amount: request.amount,
|
|
19
|
+
destination: request.destination,
|
|
20
|
+
}),
|
|
21
|
+
});
|
|
22
|
+
}
|
|
23
|
+
async getWithdrawal(withdrawalIndex) {
|
|
24
|
+
// Public lookup — no auth required.
|
|
25
|
+
return this.makePublicRequest(perpRoutes.withdrawals.byIndex(withdrawalIndex));
|
|
26
|
+
}
|
|
27
|
+
}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./api";
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export * from "./api";
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/** operationId → the @0xmonaco/core client method that covers it. */
|
|
2
|
+
export declare const COVERED: {
|
|
3
|
+
add_position_margin: string;
|
|
4
|
+
attach_position_tp_sl: string;
|
|
5
|
+
batch_cancel_all: string;
|
|
6
|
+
batch_cancel_all_by_pair: string;
|
|
7
|
+
batch_cancel_orders: string;
|
|
8
|
+
batch_create_orders: string;
|
|
9
|
+
batch_replace_orders: string;
|
|
10
|
+
cancel_conditional_order: string;
|
|
11
|
+
cancel_order: string;
|
|
12
|
+
close_position: string;
|
|
13
|
+
create_challenge: string;
|
|
14
|
+
create_delegated_session: string;
|
|
15
|
+
create_order: string;
|
|
16
|
+
create_sub_account_limit: string;
|
|
17
|
+
delete_sub_account_limit: string;
|
|
18
|
+
get_application_config: string;
|
|
19
|
+
get_application_stats: string;
|
|
20
|
+
get_available_collateral: string;
|
|
21
|
+
get_candles: string;
|
|
22
|
+
get_funding_state: string;
|
|
23
|
+
get_index_price: string;
|
|
24
|
+
get_margin_account_movements: string;
|
|
25
|
+
get_margin_account_summary: string;
|
|
26
|
+
get_mark_price: string;
|
|
27
|
+
get_market_metadata: string;
|
|
28
|
+
get_open_interest: string;
|
|
29
|
+
get_order_by_id: string;
|
|
30
|
+
get_orderbook_snapshot: string;
|
|
31
|
+
get_orders: string;
|
|
32
|
+
get_perp_market_config: string;
|
|
33
|
+
get_perp_market_summary: string;
|
|
34
|
+
get_portfolio_chart: string;
|
|
35
|
+
get_portfolio_stats: string;
|
|
36
|
+
get_position: string;
|
|
37
|
+
get_position_risk: string;
|
|
38
|
+
get_screener: string;
|
|
39
|
+
get_sub_account_limits: string;
|
|
40
|
+
get_trade_by_id: string;
|
|
41
|
+
get_trades: string;
|
|
42
|
+
get_trading_pair_by_id: string;
|
|
43
|
+
get_user_balance_by_asset: string;
|
|
44
|
+
get_user_balances: string;
|
|
45
|
+
get_user_movements: string;
|
|
46
|
+
get_user_profile: string;
|
|
47
|
+
get_user_trades: string;
|
|
48
|
+
get_withdrawal: string;
|
|
49
|
+
initiate_withdrawal: string;
|
|
50
|
+
list_application_balances: string;
|
|
51
|
+
list_application_movements: string;
|
|
52
|
+
list_application_orders: string;
|
|
53
|
+
list_application_users: string;
|
|
54
|
+
list_conditional_orders: string;
|
|
55
|
+
list_delegated_agent_owners: string;
|
|
56
|
+
list_delegated_agents: string;
|
|
57
|
+
list_funding_history: string;
|
|
58
|
+
list_funding_payments: string;
|
|
59
|
+
list_margin_accounts: string;
|
|
60
|
+
list_position_history: string;
|
|
61
|
+
list_positions: string;
|
|
62
|
+
list_sub_accounts_with_balances: string;
|
|
63
|
+
list_trading_pairs: string;
|
|
64
|
+
mint_tokens: string;
|
|
65
|
+
reduce_position_margin: string;
|
|
66
|
+
refresh_session: string;
|
|
67
|
+
replace_order: string;
|
|
68
|
+
revoke_delegated_agent: string;
|
|
69
|
+
revoke_session: string;
|
|
70
|
+
simulate_auto_margin_order_risk: string;
|
|
71
|
+
simulate_fees: string;
|
|
72
|
+
simulate_order_risk: string;
|
|
73
|
+
submit_whitelist: string;
|
|
74
|
+
transfer_collateral_from_margin_account: string;
|
|
75
|
+
transfer_collateral_to_auto_margin_account: string;
|
|
76
|
+
transfer_collateral_to_margin_account: string;
|
|
77
|
+
update_sub_account_limit: string;
|
|
78
|
+
upsert_delegated_agent: string;
|
|
79
|
+
verify_signature: string;
|
|
80
|
+
};
|
|
81
|
+
/** operationId → reason it is intentionally not covered by @0xmonaco/core. */
|
|
82
|
+
export declare const INTENTIONALLY_EXCLUDED: {
|
|
83
|
+
authenticate_backend: string;
|
|
84
|
+
health_check: string;
|
|
85
|
+
};
|
package/dist/coverage.js
ADDED
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
/** operationId → the @0xmonaco/core client method that covers it. */
|
|
2
|
+
export const COVERED = {
|
|
3
|
+
add_position_margin: "addPositionMargin",
|
|
4
|
+
attach_position_tp_sl: "attachPositionTpSl",
|
|
5
|
+
batch_cancel_all: "batchCancelAll",
|
|
6
|
+
batch_cancel_all_by_pair: "batchCancelAll (with tradingPairId)",
|
|
7
|
+
batch_cancel_orders: "batchCancel",
|
|
8
|
+
batch_create_orders: "batchCreate",
|
|
9
|
+
batch_replace_orders: "batchReplace",
|
|
10
|
+
cancel_conditional_order: "cancelConditionalOrder",
|
|
11
|
+
cancel_order: "cancelOrder",
|
|
12
|
+
close_position: "closePosition",
|
|
13
|
+
create_challenge: "createChallenge",
|
|
14
|
+
create_delegated_session: "createDelegatedSession",
|
|
15
|
+
create_order: "placeLimitOrder / placeMarketOrder",
|
|
16
|
+
create_sub_account_limit: "subAccounts.createLimit",
|
|
17
|
+
delete_sub_account_limit: "subAccounts.deleteLimit",
|
|
18
|
+
get_application_config: "getApplicationConfig",
|
|
19
|
+
get_application_stats: "getApplicationStats",
|
|
20
|
+
get_available_collateral: "getAvailableCollateral",
|
|
21
|
+
get_candles: "getCandlesticks",
|
|
22
|
+
get_funding_state: "getFundingState",
|
|
23
|
+
get_index_price: "getIndexPrice",
|
|
24
|
+
get_margin_account_movements: "getMarginAccountMovements",
|
|
25
|
+
get_margin_account_summary: "getMarginAccountSummary",
|
|
26
|
+
get_mark_price: "getMarkPrice",
|
|
27
|
+
get_market_metadata: "getMarketMetadata",
|
|
28
|
+
get_open_interest: "getOpenInterest",
|
|
29
|
+
get_order_by_id: "getOrder",
|
|
30
|
+
get_orderbook_snapshot: "getOrderbook",
|
|
31
|
+
get_orders: "getPaginatedOrders",
|
|
32
|
+
get_perp_market_config: "getPerpMarketConfig",
|
|
33
|
+
get_perp_market_summary: "getPerpMarketSummary",
|
|
34
|
+
get_portfolio_chart: "getPortfolioChart",
|
|
35
|
+
get_portfolio_stats: "getPortfolioStats",
|
|
36
|
+
get_position: "getPosition",
|
|
37
|
+
get_position_risk: "getPositionRisk",
|
|
38
|
+
get_screener: "getScreener",
|
|
39
|
+
get_sub_account_limits: "subAccounts.getLimits",
|
|
40
|
+
get_trade_by_id: "getTradeById",
|
|
41
|
+
get_trades: "getTrades",
|
|
42
|
+
get_trading_pair_by_id: "getTradingPair",
|
|
43
|
+
get_user_balance_by_asset: "getUserBalanceByAssetId",
|
|
44
|
+
get_user_balances: "getUserBalances",
|
|
45
|
+
get_user_movements: "getPaginatedUserMovements",
|
|
46
|
+
get_user_profile: "getProfile",
|
|
47
|
+
get_user_trades: "getUserTrades",
|
|
48
|
+
get_withdrawal: "getWithdrawal",
|
|
49
|
+
initiate_withdrawal: "initiateWithdrawal",
|
|
50
|
+
list_application_balances: "listApplicationBalances",
|
|
51
|
+
list_application_movements: "listApplicationMovements",
|
|
52
|
+
list_application_orders: "listApplicationOrders",
|
|
53
|
+
list_application_users: "listApplicationUsers",
|
|
54
|
+
list_conditional_orders: "listConditionalOrders",
|
|
55
|
+
list_delegated_agent_owners: "listDelegatedOwners",
|
|
56
|
+
list_delegated_agents: "listDelegatedAgents",
|
|
57
|
+
list_funding_history: "listFundingHistory",
|
|
58
|
+
list_funding_payments: "listFundingPayments",
|
|
59
|
+
list_margin_accounts: "listMarginAccounts",
|
|
60
|
+
list_position_history: "listPositionHistory",
|
|
61
|
+
list_positions: "listPositions",
|
|
62
|
+
list_sub_accounts_with_balances: "subAccounts.list",
|
|
63
|
+
list_trading_pairs: "getPaginatedTradingPairs",
|
|
64
|
+
mint_tokens: "faucet.mint",
|
|
65
|
+
reduce_position_margin: "reducePositionMargin",
|
|
66
|
+
refresh_session: "refreshSession",
|
|
67
|
+
replace_order: "replaceOrder",
|
|
68
|
+
revoke_delegated_agent: "revokeDelegatedAgent",
|
|
69
|
+
revoke_session: "revokeSession",
|
|
70
|
+
simulate_auto_margin_order_risk: "simulateAutoMarginOrderRisk",
|
|
71
|
+
simulate_fees: "simulateFees",
|
|
72
|
+
simulate_order_risk: "simulateOrderRisk",
|
|
73
|
+
submit_whitelist: "whitelist.submit",
|
|
74
|
+
transfer_collateral_from_margin_account: "transferCollateralFromMarginAccount",
|
|
75
|
+
transfer_collateral_to_auto_margin_account: "transferCollateralToAutoMarginAccount",
|
|
76
|
+
transfer_collateral_to_margin_account: "transferCollateralToMarginAccount",
|
|
77
|
+
update_sub_account_limit: "subAccounts.updateLimit",
|
|
78
|
+
upsert_delegated_agent: "upsertDelegatedAgent",
|
|
79
|
+
verify_signature: "verifySignature",
|
|
80
|
+
};
|
|
81
|
+
/** operationId → reason it is intentionally not covered by @0xmonaco/core. */
|
|
82
|
+
export const INTENTIONALLY_EXCLUDED = {
|
|
83
|
+
authenticate_backend: "Backend auth is header-based via setServerKey()/the x-server-key header, not an endpoint method (MON-1486).",
|
|
84
|
+
health_check: "Infrastructure liveness probe (GET /health); not part of the data SDK surface.",
|
|
85
|
+
};
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Session keypair crypto for noncustodial request signing.
|
|
3
|
+
*
|
|
4
|
+
* On login the SDK generates a random ed25519 keypair locally. The public key
|
|
5
|
+
* is registered with the server (bound by the wallet's signature on the
|
|
6
|
+
* challenge); every subsequent authenticated request is signed with the
|
|
7
|
+
* private key. The server verifies the signature against the stored public
|
|
8
|
+
* key — it never sees the private key, so it cannot mint requests as the user.
|
|
9
|
+
*/
|
|
10
|
+
/** A locally-generated ed25519 session keypair (raw 32-byte values). */
|
|
11
|
+
export interface SessionKeypair {
|
|
12
|
+
/** 32-byte ed25519 public key */
|
|
13
|
+
publicKey: Uint8Array;
|
|
14
|
+
/** 32-byte ed25519 private key (seed) */
|
|
15
|
+
privateKey: Uint8Array;
|
|
16
|
+
}
|
|
17
|
+
/**
|
|
18
|
+
* Generate a fresh ed25519 session keypair.
|
|
19
|
+
*
|
|
20
|
+
* `@noble/curves` sources entropy from `crypto.getRandomValues`. Environments
|
|
21
|
+
* without it (very old Node without webcrypto, locked-down sandboxes) will
|
|
22
|
+
* throw — we surface a clear error rather than producing a weak key.
|
|
23
|
+
*/
|
|
24
|
+
export declare function generateSessionKeypair(): SessionKeypair;
|
|
25
|
+
export declare function publicKeyHex(keypair: SessionKeypair): string;
|
|
26
|
+
export declare function privateKeyHex(keypair: SessionKeypair): string;
|
|
27
|
+
/** Reconstruct a keypair from its hex-encoded halves (e.g. restored from storage). */
|
|
28
|
+
export declare function keypairFromHex(publicKeyHex: string, privateKeyHex: string): SessionKeypair;
|
|
29
|
+
/** Lowercase-hex sha256 of the given bytes. Use over an empty array for no-body requests. */
|
|
30
|
+
export declare function sha256Hex(data: Uint8Array): string;
|
|
31
|
+
/**
|
|
32
|
+
* Canonical per-request signing string. Mirrors the server
|
|
33
|
+
* (`handlers::auth::compose_signing_string`):
|
|
34
|
+
* `METHOD\nPATH_WITH_QUERY\nTIMESTAMP_MS\nSHA256_BODY_HEX`.
|
|
35
|
+
*/
|
|
36
|
+
export declare function composeSigningString(method: string, pathWithQuery: string, timestampMs: number, bodySha256Hex: string): string;
|
|
37
|
+
/** Canonical WebSocket handshake signing string: `WS-AUTH\n<pubkey-hex>\n<ts>`. */
|
|
38
|
+
export declare function composeWsSigningString(publicKeyHex: string, timestampMs: number): string;
|
|
39
|
+
/** Sign an arbitrary string with the session private key, returning lowercase hex. */
|
|
40
|
+
export declare function signMessage(privateKey: Uint8Array, message: string): string;
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Session keypair crypto for noncustodial request signing.
|
|
3
|
+
*
|
|
4
|
+
* On login the SDK generates a random ed25519 keypair locally. The public key
|
|
5
|
+
* is registered with the server (bound by the wallet's signature on the
|
|
6
|
+
* challenge); every subsequent authenticated request is signed with the
|
|
7
|
+
* private key. The server verifies the signature against the stored public
|
|
8
|
+
* key — it never sees the private key, so it cannot mint requests as the user.
|
|
9
|
+
*/
|
|
10
|
+
import { ed25519 } from "@noble/curves/ed25519";
|
|
11
|
+
import { sha256 } from "@noble/hashes/sha2";
|
|
12
|
+
import { bytesToHex, hexToBytes, utf8ToBytes } from "@noble/hashes/utils";
|
|
13
|
+
/**
|
|
14
|
+
* Generate a fresh ed25519 session keypair.
|
|
15
|
+
*
|
|
16
|
+
* `@noble/curves` sources entropy from `crypto.getRandomValues`. Environments
|
|
17
|
+
* without it (very old Node without webcrypto, locked-down sandboxes) will
|
|
18
|
+
* throw — we surface a clear error rather than producing a weak key.
|
|
19
|
+
*/
|
|
20
|
+
export function generateSessionKeypair() {
|
|
21
|
+
if (typeof globalThis.crypto?.getRandomValues !== "function") {
|
|
22
|
+
throw new Error("Secure randomness (crypto.getRandomValues) is unavailable; cannot generate a session keypair.");
|
|
23
|
+
}
|
|
24
|
+
const privateKey = ed25519.utils.randomPrivateKey();
|
|
25
|
+
const publicKey = ed25519.getPublicKey(privateKey);
|
|
26
|
+
return { publicKey, privateKey };
|
|
27
|
+
}
|
|
28
|
+
export function publicKeyHex(keypair) {
|
|
29
|
+
return bytesToHex(keypair.publicKey);
|
|
30
|
+
}
|
|
31
|
+
export function privateKeyHex(keypair) {
|
|
32
|
+
return bytesToHex(keypair.privateKey);
|
|
33
|
+
}
|
|
34
|
+
/** Reconstruct a keypair from its hex-encoded halves (e.g. restored from storage). */
|
|
35
|
+
export function keypairFromHex(publicKeyHex, privateKeyHex) {
|
|
36
|
+
return {
|
|
37
|
+
publicKey: hexToBytes(publicKeyHex),
|
|
38
|
+
privateKey: hexToBytes(privateKeyHex),
|
|
39
|
+
};
|
|
40
|
+
}
|
|
41
|
+
/** Lowercase-hex sha256 of the given bytes. Use over an empty array for no-body requests. */
|
|
42
|
+
export function sha256Hex(data) {
|
|
43
|
+
return bytesToHex(sha256(data));
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* Canonical per-request signing string. Mirrors the server
|
|
47
|
+
* (`handlers::auth::compose_signing_string`):
|
|
48
|
+
* `METHOD\nPATH_WITH_QUERY\nTIMESTAMP_MS\nSHA256_BODY_HEX`.
|
|
49
|
+
*/
|
|
50
|
+
export function composeSigningString(method, pathWithQuery, timestampMs, bodySha256Hex) {
|
|
51
|
+
return `${method.toUpperCase()}\n${pathWithQuery}\n${timestampMs}\n${bodySha256Hex}`;
|
|
52
|
+
}
|
|
53
|
+
/** Canonical WebSocket handshake signing string: `WS-AUTH\n<pubkey-hex>\n<ts>`. */
|
|
54
|
+
export function composeWsSigningString(publicKeyHex, timestampMs) {
|
|
55
|
+
return `WS-AUTH\n${publicKeyHex}\n${timestampMs}`;
|
|
56
|
+
}
|
|
57
|
+
/** Sign an arbitrary string with the session private key, returning lowercase hex. */
|
|
58
|
+
export function signMessage(privateKey, message) {
|
|
59
|
+
return bytesToHex(ed25519.sign(utf8ToBytes(message), privateKey));
|
|
60
|
+
}
|
package/dist/sdk.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ApplicationsAPI, AuthAPI, AuthState, DelegatedAgentsAPI, FeesAPI, MarginAccountsAPI, MarketAPI, MonacoSDK, Network, PositionsAPI, ProfileAPI, SDKConfig, TradingAPI, VaultAPI } from "@0xmonaco/types";
|
|
1
|
+
import type { ApplicationsAPI, AuthAPI, AuthState, DelegatedAgentsAPI, FaucetAPI, FeesAPI, MarginAccountsAPI, MarketAPI, MonacoSDK, Network, PositionsAPI, ProfileAPI, SDKConfig, SubAccountsAPI, TradingAPI, VaultAPI, WhitelistAPI, WithdrawalsAPI } from "@0xmonaco/types";
|
|
2
2
|
import { type PublicClient, type TransactionReceipt, type WalletClient } from "viem";
|
|
3
3
|
import { type MonacoWebSocket, OrderbookAPIImpl, TradesAPIImpl } from "./api";
|
|
4
4
|
export declare class MonacoSDKImpl implements MonacoSDK {
|
|
@@ -7,10 +7,14 @@ export declare class MonacoSDKImpl implements MonacoSDK {
|
|
|
7
7
|
applications: ApplicationsAPI;
|
|
8
8
|
fees: FeesAPI;
|
|
9
9
|
vault: VaultAPI;
|
|
10
|
+
withdrawals: WithdrawalsAPI;
|
|
10
11
|
trading: TradingAPI;
|
|
11
12
|
market: MarketAPI;
|
|
12
13
|
marginAccounts: MarginAccountsAPI;
|
|
13
14
|
positions: PositionsAPI;
|
|
15
|
+
subAccounts: SubAccountsAPI;
|
|
16
|
+
faucet: FaucetAPI;
|
|
17
|
+
whitelist: WhitelistAPI;
|
|
14
18
|
profile: ProfileAPI;
|
|
15
19
|
orderbook: OrderbookAPIImpl;
|
|
16
20
|
trades: TradesAPIImpl;
|
|
@@ -21,21 +25,44 @@ export declare class MonacoSDKImpl implements MonacoSDK {
|
|
|
21
25
|
private readonly network;
|
|
22
26
|
private readonly chain;
|
|
23
27
|
/**
|
|
24
|
-
* Propagate the
|
|
28
|
+
* Propagate the session keypair (or `undefined` to clear) to all APIs and
|
|
29
|
+
* the WebSocket client.
|
|
25
30
|
*/
|
|
26
|
-
private
|
|
31
|
+
private propagateSession;
|
|
32
|
+
/**
|
|
33
|
+
* Set (or clear) the application secret key used for backend-authenticated
|
|
34
|
+
* requests (those annotated `#[require_backend]` on the gateway, e.g. the
|
|
35
|
+
* `applications` reporting endpoints).
|
|
36
|
+
*
|
|
37
|
+
* The raw `sk_...` key is sent in the `x-server-key` header on each such
|
|
38
|
+
* request. This is independent of {@link login}/session auth — a client may
|
|
39
|
+
* hold both a session and a server key at once.
|
|
40
|
+
*
|
|
41
|
+
* @param serverKey - The application secret key (`sk_...`), or `undefined` to clear.
|
|
42
|
+
*
|
|
43
|
+
* @example
|
|
44
|
+
* ```typescript
|
|
45
|
+
* sdk.setServerKey("sk_live_...");
|
|
46
|
+
* const orders = await sdk.applications.listApplicationOrders({ status: "FILLED" });
|
|
47
|
+
* ```
|
|
48
|
+
*/
|
|
49
|
+
setServerKey(serverKey: string | undefined): void;
|
|
50
|
+
/** Extract the session keypair from an auth state. */
|
|
51
|
+
private sessionFromAuthState;
|
|
27
52
|
constructor(cfg: SDKConfig);
|
|
28
53
|
/**
|
|
29
54
|
* Authenticate the user
|
|
30
55
|
*
|
|
31
|
-
*
|
|
32
|
-
*
|
|
33
|
-
* - `
|
|
34
|
-
*
|
|
56
|
+
* Generates a session keypair, has the wallet authorize it, and returns an
|
|
57
|
+
* AuthState object containing:
|
|
58
|
+
* - `sessionPublicKey` / `sessionPrivateKey`: the session keypair used to
|
|
59
|
+
* sign subsequent requests (the private key is the credential — persist it
|
|
60
|
+
* to survive reloads without re-prompting the wallet)
|
|
61
|
+
* - `expiresAt`: When the session expires
|
|
35
62
|
* - `user`: User information
|
|
36
63
|
*
|
|
37
|
-
* Note: Use `sdk.logout()` to revoke the
|
|
38
|
-
* `sdk.auth.
|
|
64
|
+
* Note: Use `sdk.logout()` to revoke the session and clean up, or call
|
|
65
|
+
* `sdk.auth.revokeSession()` directly to just revoke.
|
|
39
66
|
*
|
|
40
67
|
* @param clientId - The client ID for authentication
|
|
41
68
|
* @param options - Optional configuration
|
|
@@ -49,18 +76,24 @@ export declare class MonacoSDKImpl implements MonacoSDK {
|
|
|
49
76
|
* // Login and auto-connect WebSocket
|
|
50
77
|
* const authState = await sdk.login(clientId, { connectWebSocket: true });
|
|
51
78
|
*
|
|
52
|
-
* // Manual WebSocket connection
|
|
53
|
-
* await sdk.ws.connect();
|
|
54
|
-
*
|
|
55
79
|
* // Later, to revoke:
|
|
56
|
-
* await sdk.auth.
|
|
80
|
+
* await sdk.auth.revokeSession(); // ✅
|
|
57
81
|
* // Or revoke and disconnect WebSocket:
|
|
58
|
-
* await sdk.logout(); // ✅ Calls
|
|
82
|
+
* await sdk.logout(); // ✅ Calls revokeSession internally and disconnects WebSocket
|
|
59
83
|
* ```
|
|
60
84
|
*/
|
|
61
85
|
login(clientId: string, options?: {
|
|
62
86
|
connectWebSocket?: boolean;
|
|
63
87
|
}): Promise<AuthState>;
|
|
88
|
+
/**
|
|
89
|
+
* Create and adopt an owner-scoped delegated session.
|
|
90
|
+
*
|
|
91
|
+
* This must be called while authenticated as the agent wallet. The delegated
|
|
92
|
+
* session uses a fresh ed25519 keypair generated locally; the current agent
|
|
93
|
+
* session signs the registration request, and subsequent SDK calls use the
|
|
94
|
+
* delegated session keypair.
|
|
95
|
+
*/
|
|
96
|
+
loginAsDelegatedOwner(ownerUserId: string): Promise<AuthState>;
|
|
64
97
|
/**
|
|
65
98
|
* Get the current authentication state
|
|
66
99
|
*
|
|
@@ -77,19 +110,24 @@ export declare class MonacoSDKImpl implements MonacoSDK {
|
|
|
77
110
|
/**
|
|
78
111
|
* Log the user out
|
|
79
112
|
*
|
|
80
|
-
* This method revokes the
|
|
113
|
+
* This method revokes the session (if authenticated), disconnects all authenticated
|
|
81
114
|
* WebSocket channels, and clears the local auth state.
|
|
82
|
-
* It internally calls `auth.
|
|
115
|
+
* It internally calls `auth.revokeSession()` to invalidate the session on the server.
|
|
83
116
|
*
|
|
84
117
|
* @example
|
|
85
118
|
* ```typescript
|
|
86
119
|
* await sdk.logout();
|
|
87
|
-
* //
|
|
120
|
+
* // Session is revoked, authenticated WebSockets disconnected, and local state cleared
|
|
88
121
|
* ```
|
|
89
122
|
*/
|
|
90
123
|
logout(): Promise<void>;
|
|
91
124
|
/**
|
|
92
|
-
* Refresh the
|
|
125
|
+
* Refresh the current session, extending its expiry.
|
|
126
|
+
*
|
|
127
|
+
* Signs a refresh request with the active session key and updates the local
|
|
128
|
+
* `expiresAt`. The session keypair is unchanged. If no session is active, or
|
|
129
|
+
* the session has expired/been revoked, this throws.
|
|
130
|
+
*
|
|
93
131
|
* @returns The updated authentication state
|
|
94
132
|
*/
|
|
95
133
|
refreshAuth(): Promise<AuthState>;
|