@bandeira-tech/b3nd-web 0.2.1 → 0.2.3

package/dist/src/mod.web.js

@@ -1,6 +1,9 @@
 import {
   mod_exports
-} from "../chunk-FUMSJI3N.js";
+} from "../chunk-K3ZSSVHR.js";
+import {
+  WalletClient
+} from "../chunk-S7NJA6B6.js";
 import {
   HttpClient
 } from "../chunk-LFUC4ETD.js";
@@ -12,10 +15,7 @@ import {
 } from "../chunk-T43IWAQK.js";
 import {
   AppsClient
-} from "../chunk-YJKJJ323.js";
-import {
-  WalletClient
-} from "../chunk-Z3LAGZSM.js";
+} from "../chunk-VAZUCGED.js";
 import "../chunk-MLKGABMK.js";
 export {
   AppsClient,

package/dist/wallet/mod.d.ts

@@ -70,10 +70,29 @@ interface ProxyWriteResponse {
         ts: number;
     };
 }
+/**
+ * Read proxy request
+ */
+interface ProxyReadRequest {
+    uri: string;
+}
+/**
+ * Read proxy response
+ */
+interface ProxyReadResponse {
+    success: boolean;
+    uri: string;
+    record?: {
+        data: unknown;
+        ts: number;
+    };
+    decrypted?: unknown;
+    error?: string;
+}
 /**
  * API response wrapper
  */
-interface ApiResponse<T = unknown> {
+interface ApiResponse {
     success: boolean;
     error?: string;
     [key: string]: unknown;
@@ -132,6 +151,36 @@ interface HealthResponse extends ApiResponse {
     server: string;
     timestamp: string;
 }
+/**
+ * Google OAuth session (extended AuthSession with Google profile info)
+ */
+interface GoogleAuthSession extends AuthSession {
+    email: string;
+    name?: string;
+    picture?: string;
+}
+/**
+ * Google signup response
+ */
+interface GoogleSignupResponse extends ApiResponse {
+    username: string;
+    email: string;
+    name?: string;
+    picture?: string;
+    token: string;
+    expiresIn: number;
+}
+/**
+ * Google login response
+ */
+interface GoogleLoginResponse extends ApiResponse {
+    username: string;
+    email: string;
+    name?: string;
+    picture?: string;
+    token: string;
+    expiresIn: number;
+}
 
 /**
  * B3nd Wallet Client
@@ -178,6 +227,8 @@ declare class WalletClient {
     private fetchImpl;
     private currentSession;
     constructor(config: WalletClientConfig);
+    private buildUrl;
+    private buildAppKeyUrl;
     /**
      * Get the current authenticated session
      */
@@ -220,7 +271,7 @@ declare class WalletClient {
      * Change password for current user
      * Requires active authentication session
      */
-    changePassword(oldPassword: string, newPassword: string): Promise<void>;
+    changePassword(appKey: string, oldPassword: string, newPassword: string): Promise<void>;
     /**
      * Request a password reset token
      * Does not require authentication
@@ -234,35 +285,41 @@ declare class WalletClient {
     /**
      * Sign up with app token (scoped to an app)
      */
-    signupWithToken(token: string, credentials: UserCredentials): Promise<AuthSession>;
+    signupWithToken(appKey: string, tokenOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
     /**
      * Login with app token and session (scoped to an app)
      */
-    loginWithTokenSession(token: string, session: string, credentials: UserCredentials): Promise<AuthSession>;
+    loginWithTokenSession(appKey: string, tokenOrSession: string, sessionOrCredentials: string | UserCredentials, maybeCredentials?: UserCredentials): Promise<AuthSession>;
     /**
      * Request password reset scoped to app token
      */
-    requestPasswordResetWithToken(token: string, username: string): Promise<PasswordResetToken>;
+    requestPasswordResetWithToken(appKey: string, tokenOrUsername: string, maybeUsername?: string): Promise<PasswordResetToken>;
     /**
-     * Reset password scoped to app token
+     * Reset password scoped to an app
      */
-    resetPasswordWithToken(token: string, username: string, resetToken: string, newPassword: string): Promise<AuthSession>;
+    resetPasswordWithToken(appKey: string, _tokenOrUsername: string, usernameOrReset: string, resetToken?: string, newPassword?: string): Promise<AuthSession>;
     /**
      * Get public keys for the current authenticated user.
      * Requires an active authentication session.
      */
-    getPublicKeys(): Promise<UserPublicKeys>;
+    getPublicKeys(appKey: string): Promise<UserPublicKeys>;
     /**
      * Proxy a write request through the wallet server
      * The server signs the write with its identity key
      * Requires active authentication session
      */
     proxyWrite(request: ProxyWriteRequest): Promise<ProxyWriteResponse>;
+    /**
+     * Proxy a read request through the wallet server
+     * The server decrypts encrypted data using user's encryption key
+     * Requires active authentication session
+     */
+    proxyRead(request: ProxyReadRequest): Promise<ProxyReadResponse>;
     /**
      * Convenience method: Get current user's public keys
      * Requires active authentication session
      */
-    getMyPublicKeys(): Promise<UserPublicKeys>;
+    getMyPublicKeys(appKey: string): Promise<UserPublicKeys>;
     /**
      * Get server's public keys
      *
@@ -273,6 +330,25 @@ declare class WalletClient {
         identityPublicKeyHex: string;
         encryptionPublicKeyHex: string;
     }>;
+    /**
+     * Sign up with Google OAuth (scoped to app token)
+     * Returns session data with Google profile info - call setSession() to activate it
+     *
+     * @param token - App token from app server
+     * @param googleIdToken - Google ID token from Google Sign-In
+     * @returns GoogleAuthSession with username, JWT token, and Google profile info
+     */
+    signupWithGoogle(appKey: string, token: string, googleIdToken: string): Promise<GoogleAuthSession>;
+    /**
+     * Login with Google OAuth (scoped to app token and session)
+     * Returns session data with Google profile info - call setSession() to activate it
+     *
+     * @param token - App token from app server
+     * @param session - Session key from app server
+     * @param googleIdToken - Google ID token from Google Sign-In
+     * @returns GoogleAuthSession with username, JWT token, and Google profile info
+     */
+    loginWithGoogle(appKey: string, token: string, session: string, googleIdToken: string): Promise<GoogleAuthSession>;
 }
 
-export { type ApiResponse, type AuthSession, type ChangePasswordResponse, type HealthResponse, type LoginResponse, type PasswordResetToken, type ProxyWriteRequest, type ProxyWriteResponse, type PublicKeysResponse, type RequestPasswordResetResponse, type ResetPasswordResponse, type SignupResponse, type UserCredentials, type UserPublicKeys, WalletClient, type WalletClientConfig };
+export { type ApiResponse, type AuthSession, type ChangePasswordResponse, type GoogleAuthSession, type GoogleLoginResponse, type GoogleSignupResponse, type HealthResponse, type LoginResponse, type PasswordResetToken, type ProxyReadRequest, type ProxyReadResponse, type ProxyWriteRequest, type ProxyWriteResponse, type PublicKeysResponse, type RequestPasswordResetResponse, type ResetPasswordResponse, type SignupResponse, type UserCredentials, type UserPublicKeys, WalletClient, type WalletClientConfig };

package/dist/wallet/mod.js

@@ -1,6 +1,6 @@
 import {
   WalletClient
-} from "../chunk-Z3LAGZSM.js";
+} from "../chunk-S7NJA6B6.js";
 import "../chunk-MLKGABMK.js";
 export {
   WalletClient

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bandeira-tech/b3nd-web",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "Browser-focused B3nd SDK bundle",
   "type": "module",
   "main": "./dist/src/mod.web.js",

package/dist/chunk-FUMSJI3N.js

@@ -1,327 +0,0 @@
-import {
-  __export
-} from "./chunk-MLKGABMK.js";
-
-// encrypt/mod.ts
-var mod_exports = {};
-__export(mod_exports, {
-  createAuthenticatedMessage: () => createAuthenticatedMessage,
-  createSignedEncryptedMessage: () => createSignedEncryptedMessage,
-  decrypt: () => decrypt,
-  decryptWithHex: () => decryptWithHex,
-  encrypt: () => encrypt,
-  generateEncryptionKeyPair: () => generateEncryptionKeyPair,
-  generateNonce: () => generateNonce,
-  generateRandomData: () => generateRandomData,
-  generateSigningKeyPair: () => generateSigningKeyPair,
-  sign: () => sign,
-  signWithHex: () => signWithHex,
-  verify: () => verify,
-  verifyAndDecrypt: () => verifyAndDecrypt
-});
-
-// shared/encoding.ts
-function encodeHex(bytes) {
-  return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
-}
-function decodeHex(hex) {
-  if (hex.length % 2 !== 0) {
-    throw new Error("Invalid hex input");
-  }
-  const buffer = new ArrayBuffer(hex.length / 2);
-  const bytes = new Uint8Array(buffer);
-  for (let i = 0; i < hex.length; i += 2) {
-    bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
-  }
-  return bytes;
-}
-function encodeBase64(bytes) {
-  if (typeof Buffer !== "undefined") {
-    return Buffer.from(bytes).toString("base64");
-  }
-  let binary = "";
-  bytes.forEach((b) => binary += String.fromCharCode(b));
-  return btoa(binary);
-}
-function decodeBase64(b64) {
-  if (typeof Buffer !== "undefined") {
-    return new Uint8Array(Buffer.from(b64, "base64"));
-  }
-  const binary = atob(b64);
-  const bytes = new Uint8Array(binary.length);
-  for (let i = 0; i < binary.length; i++) {
-    bytes[i] = binary.charCodeAt(i);
-  }
-  return bytes;
-}
-
-// encrypt/mod.ts
-async function generateSigningKeyPair() {
-  const keyPair = await crypto.subtle.generateKey(
-    {
-      name: "Ed25519",
-      namedCurve: "Ed25519"
-    },
-    true,
-    ["sign", "verify"]
-  );
-  const publicKeyBytes = await crypto.subtle.exportKey("raw", keyPair.publicKey);
-  const privateKeyBytes = await crypto.subtle.exportKey(
-    "pkcs8",
-    keyPair.privateKey
-  );
-  return {
-    publicKey: keyPair.publicKey,
-    privateKey: keyPair.privateKey,
-    publicKeyHex: encodeHex(new Uint8Array(publicKeyBytes)),
-    privateKeyHex: encodeHex(new Uint8Array(privateKeyBytes))
-  };
-}
-async function generateEncryptionKeyPair() {
-  const keyPair = await crypto.subtle.generateKey(
-    {
-      name: "X25519",
-      namedCurve: "X25519"
-    },
-    true,
-    ["deriveBits"]
-  );
-  const publicKeyBytes = await crypto.subtle.exportKey("raw", keyPair.publicKey);
-  return {
-    publicKey: keyPair.publicKey,
-    privateKey: keyPair.privateKey,
-    publicKeyHex: encodeHex(new Uint8Array(publicKeyBytes))
-  };
-}
-async function sign(privateKey, payload) {
-  const encoder = new TextEncoder();
-  const data = encoder.encode(JSON.stringify(payload));
-  const signature = await crypto.subtle.sign("Ed25519", privateKey, data);
-  return encodeHex(new Uint8Array(signature));
-}
-async function signWithHex(privateKeyHex, payload) {
-  const privateKeyBytes = decodeHex(privateKeyHex).buffer;
-  const privateKey = await crypto.subtle.importKey(
-    "pkcs8",
-    privateKeyBytes,
-    {
-      name: "Ed25519",
-      namedCurve: "Ed25519"
-    },
-    false,
-    ["sign"]
-  );
-  return await sign(privateKey, payload);
-}
-async function verify(publicKeyHex, signatureHex, payload) {
-  try {
-    const publicKeyBytes = decodeHex(publicKeyHex).buffer;
-    const publicKey = await crypto.subtle.importKey(
-      "raw",
-      publicKeyBytes,
-      {
-        name: "Ed25519",
-        namedCurve: "Ed25519"
-      },
-      false,
-      ["verify"]
-    );
-    const encoder = new TextEncoder();
-    const data = encoder.encode(JSON.stringify(payload));
-    const signatureBytes = decodeHex(signatureHex).buffer;
-    return await crypto.subtle.verify(
-      "Ed25519",
-      publicKey,
-      signatureBytes,
-      data
-    );
-  } catch (error) {
-    console.error("Verification error:", error);
-    return false;
-  }
-}
-async function encrypt(data, recipientPublicKeyHex) {
-  const ephemeralKeyPair = await generateEncryptionKeyPair();
-  const recipientPublicKeyBytes = decodeHex(recipientPublicKeyHex).buffer;
-  const recipientPublicKey = await crypto.subtle.importKey(
-    "raw",
-    recipientPublicKeyBytes,
-    {
-      name: "X25519",
-      namedCurve: "X25519"
-    },
-    false,
-    []
-  );
-  const sharedSecret = await crypto.subtle.deriveBits(
-    {
-      name: "X25519",
-      public: recipientPublicKey
-    },
-    ephemeralKeyPair.privateKey,
-    256
-  );
-  const aesKey = await crypto.subtle.importKey(
-    "raw",
-    sharedSecret,
-    {
-      name: "AES-GCM",
-      length: 256
-    },
-    false,
-    ["encrypt"]
-  );
-  const nonce = crypto.getRandomValues(new Uint8Array(12));
-  const encoder = new TextEncoder();
-  const plaintext = encoder.encode(JSON.stringify(data));
-  const ciphertext = await crypto.subtle.encrypt(
-    {
-      name: "AES-GCM",
-      iv: nonce
-    },
-    aesKey,
-    plaintext
-  );
-  return {
-    data: encodeBase64(new Uint8Array(ciphertext)),
-    nonce: encodeBase64(nonce),
-    ephemeralPublicKey: ephemeralKeyPair.publicKeyHex
-  };
-}
-async function decrypt(encryptedPayload, recipientPrivateKey) {
-  if (!encryptedPayload.ephemeralPublicKey) {
-    throw new Error("Missing ephemeral public key");
-  }
-  const ephemeralPublicKeyBytes = decodeHex(
-    encryptedPayload.ephemeralPublicKey
-  ).buffer;
-  const ephemeralPublicKey = await crypto.subtle.importKey(
-    "raw",
-    ephemeralPublicKeyBytes,
-    {
-      name: "X25519",
-      namedCurve: "X25519"
-    },
-    false,
-    []
-  );
-  const sharedSecret = await crypto.subtle.deriveBits(
-    {
-      name: "X25519",
-      public: ephemeralPublicKey
-    },
-    recipientPrivateKey,
-    256
-  );
-  const aesKey = await crypto.subtle.importKey(
-    "raw",
-    sharedSecret,
-    {
-      name: "AES-GCM",
-      length: 256
-    },
-    false,
-    ["decrypt"]
-  );
-  const ciphertext = new Uint8Array(decodeBase64(encryptedPayload.data));
-  const nonce = new Uint8Array(decodeBase64(encryptedPayload.nonce));
-  const plaintext = await crypto.subtle.decrypt(
-    {
-      name: "AES-GCM",
-      iv: nonce
-    },
-    aesKey,
-    ciphertext
-  );
-  const decoder = new TextDecoder();
-  const json = decoder.decode(plaintext);
-  return JSON.parse(json);
-}
-async function decryptWithHex(encryptedPayload, recipientPrivateKeyHex) {
-  const privateKeyBytes = decodeHex(recipientPrivateKeyHex).buffer;
-  const privateKey = await crypto.subtle.importKey(
-    "raw",
-    privateKeyBytes,
-    {
-      name: "X25519",
-      namedCurve: "X25519"
-    },
-    false,
-    ["deriveBits"]
-  );
-  return await decrypt(encryptedPayload, privateKey);
-}
-async function createAuthenticatedMessage(payload, signers) {
-  const auth = await Promise.all(
-    signers.map(async (signer) => {
-      const signature = await sign(signer.privateKey, payload);
-      return {
-        pubkey: signer.publicKeyHex,
-        signature
-      };
-    })
-  );
-  return {
-    auth,
-    payload
-  };
-}
-async function createSignedEncryptedMessage(data, signers, recipientPublicKeyHex) {
-  const encrypted = await encrypt(data, recipientPublicKeyHex);
-  const auth = await Promise.all(
-    signers.map(async (signer) => {
-      const signature = await sign(signer.privateKey, encrypted);
-      return {
-        pubkey: signer.publicKeyHex,
-        signature
-      };
-    })
-  );
-  return {
-    auth,
-    payload: encrypted
-  };
-}
-async function verifyAndDecrypt(message, recipientPrivateKey) {
-  const verificationResults = await Promise.all(
-    message.auth.map(async (authEntry) => {
-      const verified2 = await verify(
-        authEntry.pubkey,
-        authEntry.signature,
-        message.payload
-      );
-      return { pubkey: authEntry.pubkey, verified: verified2 };
-    })
-  );
-  const verified = verificationResults.every((r) => r.verified);
-  const signers = verificationResults.filter((r) => r.verified).map((r) => r.pubkey);
-  const data = await decrypt(message.payload, recipientPrivateKey);
-  return {
-    data,
-    verified,
-    signers
-  };
-}
-function generateNonce(length = 12) {
-  return crypto.getRandomValues(new Uint8Array(length));
-}
-function generateRandomData(size) {
-  return crypto.getRandomValues(new Uint8Array(size));
-}
-
-export {
-  generateSigningKeyPair,
-  generateEncryptionKeyPair,
-  sign,
-  signWithHex,
-  verify,
-  encrypt,
-  decrypt,
-  decryptWithHex,
-  createAuthenticatedMessage,
-  createSignedEncryptedMessage,
-  verifyAndDecrypt,
-  generateNonce,
-  generateRandomData,
-  mod_exports
-};

package/dist/mod-DHjjiF1o.d.ts

@@ -1,111 +0,0 @@
-interface KeyPair {
-    publicKey: CryptoKey;
-    privateKey: CryptoKey;
-    publicKeyHex: string;
-    privateKeyHex: string;
-}
-interface EncryptionKeyPair {
-    publicKey: CryptoKey;
-    privateKey: CryptoKey;
-    publicKeyHex: string;
-}
-interface EncryptedPayload {
-    data: string;
-    nonce: string;
-    ephemeralPublicKey?: string;
-}
-interface AuthenticatedMessage<T = unknown> {
-    auth: Array<{
-        pubkey: string;
-        signature: string;
-    }>;
-    payload: T;
-}
-interface SignedEncryptedMessage {
-    auth: Array<{
-        pubkey: string;
-        signature: string;
-    }>;
-    payload: EncryptedPayload;
-}
-/**
- * Generate an Ed25519 keypair for signing
- */
-declare function generateSigningKeyPair(): Promise<KeyPair>;
-/**
- * Generate an X25519 keypair for encryption (ECDH)
- */
-declare function generateEncryptionKeyPair(): Promise<EncryptionKeyPair>;
-/**
- * Sign a payload with an Ed25519 private key
- */
-declare function sign<T>(privateKey: CryptoKey, payload: T): Promise<string>;
-/**
- * Sign a payload with an Ed25519 private key from hex
- */
-declare function signWithHex<T>(privateKeyHex: string, payload: T): Promise<string>;
-/**
- * Verify a signature using Ed25519 public key
- */
-declare function verify<T>(publicKeyHex: string, signatureHex: string, payload: T): Promise<boolean>;
-/**
- * Encrypt data using X25519 ECDH + AES-GCM
- * Uses ephemeral keypair for forward secrecy
- */
-declare function encrypt(data: unknown, recipientPublicKeyHex: string): Promise<EncryptedPayload>;
-/**
- * Decrypt data using X25519 ECDH + AES-GCM
- */
-declare function decrypt(encryptedPayload: EncryptedPayload, recipientPrivateKey: CryptoKey): Promise<unknown>;
-/**
- * Decrypt data using private key from hex
- */
-declare function decryptWithHex(encryptedPayload: EncryptedPayload, recipientPrivateKeyHex: string): Promise<unknown>;
-/**
- * Create an authenticated message (signed but not encrypted)
- */
-declare function createAuthenticatedMessage<T>(payload: T, signers: Array<{
-    privateKey: CryptoKey;
-    publicKeyHex: string;
-}>): Promise<AuthenticatedMessage<T>>;
-/**
- * Create a signed and encrypted message
- */
-declare function createSignedEncryptedMessage(data: unknown, signers: Array<{
-    privateKey: CryptoKey;
-    publicKeyHex: string;
-}>, recipientPublicKeyHex: string): Promise<SignedEncryptedMessage>;
-/**
- * Verify and decrypt a signed encrypted message
- */
-declare function verifyAndDecrypt(message: SignedEncryptedMessage, recipientPrivateKey: CryptoKey): Promise<{
-    data: unknown;
-    verified: boolean;
-    signers: string[];
-}>;
-declare function generateNonce(length?: number): Uint8Array;
-declare function generateRandomData(size: number): Uint8Array;
-
-type mod_AuthenticatedMessage<T = unknown> = AuthenticatedMessage<T>;
-type mod_EncryptedPayload = EncryptedPayload;
-type mod_EncryptionKeyPair = EncryptionKeyPair;
-type mod_KeyPair = KeyPair;
-type mod_SignedEncryptedMessage = SignedEncryptedMessage;
-declare const mod_createAuthenticatedMessage: typeof createAuthenticatedMessage;
-declare const mod_createSignedEncryptedMessage: typeof createSignedEncryptedMessage;
-declare const mod_decrypt: typeof decrypt;
-declare const mod_decryptWithHex: typeof decryptWithHex;
-declare const mod_encrypt: typeof encrypt;
-declare const mod_generateEncryptionKeyPair: typeof generateEncryptionKeyPair;
-declare const mod_generateNonce: typeof generateNonce;
-declare const mod_generateRandomData: typeof generateRandomData;
-declare const mod_generateSigningKeyPair: typeof generateSigningKeyPair;
-declare const mod_sign: typeof sign;
-declare const mod_signWithHex: typeof signWithHex;
-declare const mod_verify: typeof verify;
-declare const mod_verifyAndDecrypt: typeof verifyAndDecrypt;
-declare namespace mod {
-  export { type mod_AuthenticatedMessage as AuthenticatedMessage, type mod_EncryptedPayload as EncryptedPayload, type mod_EncryptionKeyPair as EncryptionKeyPair, type mod_KeyPair as KeyPair, type mod_SignedEncryptedMessage as SignedEncryptedMessage, mod_createAuthenticatedMessage as createAuthenticatedMessage, mod_createSignedEncryptedMessage as createSignedEncryptedMessage, mod_decrypt as decrypt, mod_decryptWithHex as decryptWithHex, mod_encrypt as encrypt, mod_generateEncryptionKeyPair as generateEncryptionKeyPair, mod_generateNonce as generateNonce, mod_generateRandomData as generateRandomData, mod_generateSigningKeyPair as generateSigningKeyPair, mod_sign as sign, mod_signWithHex as signWithHex, mod_verify as verify, mod_verifyAndDecrypt as verifyAndDecrypt };
-}
-
-export { type AuthenticatedMessage as A, type EncryptionKeyPair as E, type KeyPair as K, type SignedEncryptedMessage as S, type EncryptedPayload as a, generateEncryptionKeyPair as b, signWithHex as c, decrypt as d, encrypt as e, decryptWithHex as f, generateSigningKeyPair as g, createAuthenticatedMessage as h, createSignedEncryptedMessage as i, verifyAndDecrypt as j, generateNonce as k, generateRandomData as l, mod as m, sign as s, verify as v };