@bandeira-tech/b3nd-web 0.3.3 → 0.4.0

package/dist/{chunk-OOWKYTYM.js → chunk-45DWSOND.js}

@@ -1,16 +1,16 @@
-import {
-  MemoryClient,
-  createTestSchema
-} from "./chunk-O53KW746.js";
 import {
   WalletServerCore
-} from "./chunk-B4VAPGAO.js";
+} from "./chunk-RW4GWQIG.js";
 import {
+  createAuthenticatedMessageWithHex,
   exportPrivateKeyPem,
   generateEncryptionKeyPair,
-  generateSigningKeyPair,
-  signWithHex
+  generateSigningKeyPair
 } from "./chunk-JN75UL5C.js";
+import {
+  MemoryClient,
+  createTestSchema
+} from "./chunk-O53KW746.js";
 
 // wallet/client.ts
 var WalletClient = class {
@@ -143,31 +143,15 @@ var WalletClient = class {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
     const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/signup", appKey), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        ...payloadToSign,
-        sessionSignature
-      })
+      body: JSON.stringify(message)
     });
     const data = await response.json();
     if (!response.ok || !data.success) {
@@ -199,31 +183,15 @@ var WalletClient = class {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
     const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/login", appKey), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        ...payloadToSign,
-        sessionSignature
-      })
+      body: JSON.stringify(message)
     });
     const data = await response.json();
     if (!response.ok || !data.success) {
@@ -574,28 +542,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
-    const response = await this.request("POST", `/auth/signup/${appKey}`, {
-      ...payloadToSign,
-      sessionSignature
-    });
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
+    const response = await this.request("POST", `/auth/signup/${appKey}`, message);
     const data = await response.json();
     if (!response.ok || !data.success) {
       throw new Error(data.error || `Signup failed: ${response.statusText}`);
@@ -626,28 +578,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
-    const response = await this.request("POST", `/auth/login/${appKey}`, {
-      ...payloadToSign,
-      sessionSignature
-    });
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
+    const response = await this.request("POST", `/auth/login/${appKey}`, message);
     const data = await response.json();
     if (!response.ok || !data.success) {
       throw new Error(data.error || `Login failed: ${response.statusText}`);

package/dist/{chunk-B4VAPGAO.js → chunk-RW4GWQIG.js}

@@ -1,3 +1,6 @@
+import {
+  HttpClient
+} from "./chunk-OY4CDOHY.js";
 import {
   createAuthenticatedMessage,
   createSignedEncryptedMessage,
@@ -8,9 +11,6 @@ import {
   verify,
   verifyPayload
 } from "./chunk-JN75UL5C.js";
-import {
-  HttpClient
-} from "./chunk-OY4CDOHY.js";
 
 // wallet-server/interfaces.ts
 var defaultLogger = {
@@ -1407,10 +1407,12 @@ var WalletServerCore = class {
     if (!res.success) {
       return { valid: false, reason: "session_not_approved" };
     }
-    if (res.record?.data === 1) {
+    const data = res.record?.data;
+    const status = typeof data === "object" && data !== null && "payload" in data ? data.payload : data;
+    if (status === 1) {
       return { valid: true };
     }
-    if (res.record?.data === 0) {
+    if (status === 0) {
       return { valid: false, reason: "session_revoked" };
     }
     return { valid: false, reason: "invalid_session_status" };
@@ -1525,40 +1527,38 @@ var WalletServerCore = class {
     app.post("/api/v1/auth/signup/:appKey", async (c) => {
       try {
         const appKey = c.req.param("appKey");
-        const payload = await c.req.json();
+        const message = await c.req.json();
         if (!appKey) {
           return c.json({ success: false, error: "appKey is required" }, 400);
         }
-        if (!payload.sessionPubkey) {
-          return c.json({ success: false, error: "sessionPubkey is required" }, 400);
+        if (!message.auth?.[0]?.pubkey) {
+          return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
         }
-        if (!payload.sessionSignature) {
-          return c.json({ success: false, error: "sessionSignature is required" }, 400);
+        if (!message.auth?.[0]?.signature) {
+          return c.json({ success: false, error: "auth[0].signature is required" }, 400);
         }
-        if (!payload.type) {
+        if (!message.payload?.type) {
           return c.json({
             success: false,
-            error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
+            error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
           }, 400);
         }
-        const signatureValid = await this.verifySessionSignature(
-          payload.sessionPubkey,
-          payload.sessionSignature,
-          payload
-        );
-        if (!signatureValid) {
+        const sessionPubkey = message.auth[0].pubkey;
+        const credentials = message.payload;
+        const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
+        if (!verified) {
           return c.json({ success: false, error: "Invalid session signature" }, 401);
         }
-        const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
+        const sessionResult = await this.sessionExists(appKey, sessionPubkey);
         if (!sessionResult.valid) {
           return c.json({
             success: false,
             error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
           }, 401);
         }
-        const handler = getCredentialHandler(payload.type);
+        const handler = getCredentialHandler(credentials.type);
         let googleClientId;
-        if (payload.type === "google") {
+        if (credentials.type === "google") {
           const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
           const appProfileResult = await this.credentialClient.read(appProfileUri);
           if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1585,7 +1585,7 @@ var WalletServerCore = class {
           logger: this.logger,
           fetch: this.fetchImpl
         };
-        const result = await handler.signup(payload, context);
+        const result = await handler.signup(credentials, context);
         const jwt = await createJwt(
           result.username,
           this.config.jwtSecret,
@@ -1613,40 +1613,38 @@ var WalletServerCore = class {
     app.post("/api/v1/auth/login/:appKey", async (c) => {
       try {
         const appKey = c.req.param("appKey");
-        const payload = await c.req.json();
+        const message = await c.req.json();
         if (!appKey) {
           return c.json({ success: false, error: "appKey is required" }, 400);
         }
-        if (!payload.sessionPubkey) {
-          return c.json({ success: false, error: "sessionPubkey is required" }, 400);
+        if (!message.auth?.[0]?.pubkey) {
+          return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
         }
-        if (!payload.sessionSignature) {
-          return c.json({ success: false, error: "sessionSignature is required" }, 400);
+        if (!message.auth?.[0]?.signature) {
+          return c.json({ success: false, error: "auth[0].signature is required" }, 400);
         }
-        if (!payload.type) {
+        if (!message.payload?.type) {
           return c.json({
             success: false,
-            error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
+            error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
           }, 400);
         }
-        const signatureValid = await this.verifySessionSignature(
-          payload.sessionPubkey,
-          payload.sessionSignature,
-          payload
-        );
-        if (!signatureValid) {
+        const sessionPubkey = message.auth[0].pubkey;
+        const credentials = message.payload;
+        const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
+        if (!verified) {
           return c.json({ success: false, error: "Invalid session signature" }, 401);
         }
-        const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
+        const sessionResult = await this.sessionExists(appKey, sessionPubkey);
         if (!sessionResult.valid) {
           return c.json({
             success: false,
             error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
           }, 401);
         }
-        const handler = getCredentialHandler(payload.type);
+        const handler = getCredentialHandler(credentials.type);
         let googleClientId;
-        if (payload.type === "google") {
+        if (credentials.type === "google") {
           const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
           const appProfileResult = await this.credentialClient.read(appProfileUri);
           if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1673,7 +1671,7 @@ var WalletServerCore = class {
           logger: this.logger,
           fetch: this.fetchImpl
         };
-        const result = await handler.login(payload, context);
+        const result = await handler.login(credentials, context);
         const jwt = await createJwt(
           result.username,
           this.config.jwtSecret,

package/dist/src/mod.web.js

@@ -1,23 +1,23 @@
 import {
   WalletClient
-} from "../chunk-OOWKYTYM.js";
-import "../chunk-O53KW746.js";
-import "../chunk-B4VAPGAO.js";
-import {
-  mod_exports
-} from "../chunk-JN75UL5C.js";
+} from "../chunk-45DWSOND.js";
+import "../chunk-RW4GWQIG.js";
 import {
   HttpClient
 } from "../chunk-OY4CDOHY.js";
 import {
-  LocalStorageClient
-} from "../chunk-PZFEKQ7F.js";
+  mod_exports
+} from "../chunk-JN75UL5C.js";
 import {
   AppsClient
 } from "../chunk-VAZUCGED.js";
 import {
   WebSocketClient
 } from "../chunk-UUHVOWVI.js";
+import "../chunk-O53KW746.js";
+import {
+  LocalStorageClient
+} from "../chunk-PZFEKQ7F.js";
 import "../chunk-MLKGABMK.js";
 export {
   AppsClient,

package/dist/wallet/mod.js

@@ -4,11 +4,11 @@ import {
   createTestEnvironment,
   generateSessionKeypair,
   generateTestServerKeys
-} from "../chunk-OOWKYTYM.js";
-import "../chunk-O53KW746.js";
-import "../chunk-B4VAPGAO.js";
-import "../chunk-JN75UL5C.js";
+} from "../chunk-45DWSOND.js";
+import "../chunk-RW4GWQIG.js";
 import "../chunk-OY4CDOHY.js";
+import "../chunk-JN75UL5C.js";
+import "../chunk-O53KW746.js";
 import "../chunk-MLKGABMK.js";
 export {
   MemoryWalletClient,

package/dist/wallet-server/adapters/browser.js

@@ -2,9 +2,9 @@ import {
   ConfigEnvironment,
   MemoryFileStorage,
   WalletServerCore
-} from "../../chunk-B4VAPGAO.js";
-import "../../chunk-JN75UL5C.js";
+} from "../../chunk-RW4GWQIG.js";
 import "../../chunk-OY4CDOHY.js";
+import "../../chunk-JN75UL5C.js";
 import {
   LocalStorageClient
 } from "../../chunk-PZFEKQ7F.js";

package/dist/wallet-server/mod.js

@@ -34,9 +34,9 @@ import {
   userExists,
   verifyGoogleIdToken,
   verifyJwt
-} from "../chunk-B4VAPGAO.js";
-import "../chunk-JN75UL5C.js";
+} from "../chunk-RW4GWQIG.js";
 import "../chunk-OY4CDOHY.js";
+import "../chunk-JN75UL5C.js";
 import "../chunk-MLKGABMK.js";
 export {
   ConfigEnvironment,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bandeira-tech/b3nd-web",
-  "version": "0.3.3",
+  "version": "0.4.0",
   "description": "Browser-focused B3nd SDK bundle",
   "type": "module",
   "main": "./dist/src/mod.web.js",