@bandeira-tech/b3nd-web 0.3.4 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/{chunk-NEYGL7RS.js → chunk-45DWSOND.js} +27 -91
  2. package/dist/{chunk-B4VAPGAO.js → chunk-RW4GWQIG.js} +37 -39
  3. package/dist/src/mod.web.js +10 -10
  4. package/dist/wallet/mod.js +3 -3
  5. package/dist/wallet-server/adapters/browser.js +2 -2
  6. package/dist/wallet-server/mod.js +2 -2
  7. package/package.json +1 -1
package/dist/{chunk-NEYGL7RS.js → chunk-45DWSOND.js} RENAMED
@@ -1,11 +1,11 @@
1
1
  import {
2
2
  WalletServerCore
3
- } from "./chunk-B4VAPGAO.js";
3
+ } from "./chunk-RW4GWQIG.js";
4
4
  import {
5
+ createAuthenticatedMessageWithHex,
5
6
  exportPrivateKeyPem,
6
7
  generateEncryptionKeyPair,
7
- generateSigningKeyPair,
8
- signWithHex
8
+ generateSigningKeyPair
9
9
  } from "./chunk-JN75UL5C.js";
10
10
  import {
11
11
  MemoryClient,
@@ -143,31 +143,15 @@ var WalletClient = class {
143
143
  if (!session?.publicKeyHex || !session?.privateKeyHex) {
144
144
  throw new Error("session keypair is required");
145
145
  }
146
- let payloadToSign;
147
- if (credentials.type === "password") {
148
- payloadToSign = {
149
- sessionPubkey: session.publicKeyHex,
150
- type: "password",
151
- username: credentials.username,
152
- password: credentials.password
153
- };
154
- } else if (credentials.type === "google") {
155
- payloadToSign = {
156
- sessionPubkey: session.publicKeyHex,
157
- type: "google",
158
- googleIdToken: credentials.googleIdToken
159
- };
160
- } else {
161
- throw new Error(`Unknown credential type: ${credentials.type}`);
162
- }
163
- const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
146
+ const message = await createAuthenticatedMessageWithHex(
147
+ credentials,
148
+ session.publicKeyHex,
149
+ session.privateKeyHex
150
+ );
164
151
  const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/signup", appKey), {
165
152
  method: "POST",
166
153
  headers: { "Content-Type": "application/json" },
167
- body: JSON.stringify({
168
- ...payloadToSign,
169
- sessionSignature
170
- })
154
+ body: JSON.stringify(message)
171
155
  });
172
156
  const data = await response.json();
173
157
  if (!response.ok || !data.success) {
@@ -199,31 +183,15 @@ var WalletClient = class {
199
183
  if (!session?.publicKeyHex || !session?.privateKeyHex) {
200
184
  throw new Error("session keypair is required");
201
185
  }
202
- let payloadToSign;
203
- if (credentials.type === "password") {
204
- payloadToSign = {
205
- sessionPubkey: session.publicKeyHex,
206
- type: "password",
207
- username: credentials.username,
208
- password: credentials.password
209
- };
210
- } else if (credentials.type === "google") {
211
- payloadToSign = {
212
- sessionPubkey: session.publicKeyHex,
213
- type: "google",
214
- googleIdToken: credentials.googleIdToken
215
- };
216
- } else {
217
- throw new Error(`Unknown credential type: ${credentials.type}`);
218
- }
219
- const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
186
+ const message = await createAuthenticatedMessageWithHex(
187
+ credentials,
188
+ session.publicKeyHex,
189
+ session.privateKeyHex
190
+ );
220
191
  const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/login", appKey), {
221
192
  method: "POST",
222
193
  headers: { "Content-Type": "application/json" },
223
- body: JSON.stringify({
224
- ...payloadToSign,
225
- sessionSignature
226
- })
194
+ body: JSON.stringify(message)
227
195
  });
228
196
  const data = await response.json();
229
197
  if (!response.ok || !data.success) {
@@ -574,28 +542,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
574
542
  if (!session?.publicKeyHex || !session?.privateKeyHex) {
575
543
  throw new Error("session keypair is required");
576
544
  }
577
- let payloadToSign;
578
- if (credentials.type === "password") {
579
- payloadToSign = {
580
- sessionPubkey: session.publicKeyHex,
581
- type: "password",
582
- username: credentials.username,
583
- password: credentials.password
584
- };
585
- } else if (credentials.type === "google") {
586
- payloadToSign = {
587
- sessionPubkey: session.publicKeyHex,
588
- type: "google",
589
- googleIdToken: credentials.googleIdToken
590
- };
591
- } else {
592
- throw new Error(`Unknown credential type: ${credentials.type}`);
593
- }
594
- const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
595
- const response = await this.request("POST", `/auth/signup/${appKey}`, {
596
- ...payloadToSign,
597
- sessionSignature
598
- });
545
+ const message = await createAuthenticatedMessageWithHex(
546
+ credentials,
547
+ session.publicKeyHex,
548
+ session.privateKeyHex
549
+ );
550
+ const response = await this.request("POST", `/auth/signup/${appKey}`, message);
599
551
  const data = await response.json();
600
552
  if (!response.ok || !data.success) {
601
553
  throw new Error(data.error || `Signup failed: ${response.statusText}`);
@@ -626,28 +578,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
626
578
  if (!session?.publicKeyHex || !session?.privateKeyHex) {
627
579
  throw new Error("session keypair is required");
628
580
  }
629
- let payloadToSign;
630
- if (credentials.type === "password") {
631
- payloadToSign = {
632
- sessionPubkey: session.publicKeyHex,
633
- type: "password",
634
- username: credentials.username,
635
- password: credentials.password
636
- };
637
- } else if (credentials.type === "google") {
638
- payloadToSign = {
639
- sessionPubkey: session.publicKeyHex,
640
- type: "google",
641
- googleIdToken: credentials.googleIdToken
642
- };
643
- } else {
644
- throw new Error(`Unknown credential type: ${credentials.type}`);
645
- }
646
- const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
647
- const response = await this.request("POST", `/auth/login/${appKey}`, {
648
- ...payloadToSign,
649
- sessionSignature
650
- });
581
+ const message = await createAuthenticatedMessageWithHex(
582
+ credentials,
583
+ session.publicKeyHex,
584
+ session.privateKeyHex
585
+ );
586
+ const response = await this.request("POST", `/auth/login/${appKey}`, message);
651
587
  const data = await response.json();
652
588
  if (!response.ok || !data.success) {
653
589
  throw new Error(data.error || `Login failed: ${response.statusText}`);
package/dist/{chunk-B4VAPGAO.js → chunk-RW4GWQIG.js} RENAMED
@@ -1,3 +1,6 @@
1
+ import {
2
+ HttpClient
3
+ } from "./chunk-OY4CDOHY.js";
1
4
  import {
2
5
  createAuthenticatedMessage,
3
6
  createSignedEncryptedMessage,
@@ -8,9 +11,6 @@ import {
8
11
  verify,
9
12
  verifyPayload
10
13
  } from "./chunk-JN75UL5C.js";
11
- import {
12
- HttpClient
13
- } from "./chunk-OY4CDOHY.js";
14
14
 
15
15
  // wallet-server/interfaces.ts
16
16
  var defaultLogger = {
@@ -1407,10 +1407,12 @@ var WalletServerCore = class {
1407
1407
  if (!res.success) {
1408
1408
  return { valid: false, reason: "session_not_approved" };
1409
1409
  }
1410
- if (res.record?.data === 1) {
1410
+ const data = res.record?.data;
1411
+ const status = typeof data === "object" && data !== null && "payload" in data ? data.payload : data;
1412
+ if (status === 1) {
1411
1413
  return { valid: true };
1412
1414
  }
1413
- if (res.record?.data === 0) {
1415
+ if (status === 0) {
1414
1416
  return { valid: false, reason: "session_revoked" };
1415
1417
  }
1416
1418
  return { valid: false, reason: "invalid_session_status" };
@@ -1525,40 +1527,38 @@ var WalletServerCore = class {
1525
1527
  app.post("/api/v1/auth/signup/:appKey", async (c) => {
1526
1528
  try {
1527
1529
  const appKey = c.req.param("appKey");
1528
- const payload = await c.req.json();
1530
+ const message = await c.req.json();
1529
1531
  if (!appKey) {
1530
1532
  return c.json({ success: false, error: "appKey is required" }, 400);
1531
1533
  }
1532
- if (!payload.sessionPubkey) {
1533
- return c.json({ success: false, error: "sessionPubkey is required" }, 400);
1534
+ if (!message.auth?.[0]?.pubkey) {
1535
+ return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
1534
1536
  }
1535
- if (!payload.sessionSignature) {
1536
- return c.json({ success: false, error: "sessionSignature is required" }, 400);
1537
+ if (!message.auth?.[0]?.signature) {
1538
+ return c.json({ success: false, error: "auth[0].signature is required" }, 400);
1537
1539
  }
1538
- if (!payload.type) {
1540
+ if (!message.payload?.type) {
1539
1541
  return c.json({
1540
1542
  success: false,
1541
- error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
1543
+ error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
1542
1544
  }, 400);
1543
1545
  }
1544
- const signatureValid = await this.verifySessionSignature(
1545
- payload.sessionPubkey,
1546
- payload.sessionSignature,
1547
- payload
1548
- );
1549
- if (!signatureValid) {
1546
+ const sessionPubkey = message.auth[0].pubkey;
1547
+ const credentials = message.payload;
1548
+ const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
1549
+ if (!verified) {
1550
1550
  return c.json({ success: false, error: "Invalid session signature" }, 401);
1551
1551
  }
1552
- const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
1552
+ const sessionResult = await this.sessionExists(appKey, sessionPubkey);
1553
1553
  if (!sessionResult.valid) {
1554
1554
  return c.json({
1555
1555
  success: false,
1556
1556
  error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
1557
1557
  }, 401);
1558
1558
  }
1559
- const handler = getCredentialHandler(payload.type);
1559
+ const handler = getCredentialHandler(credentials.type);
1560
1560
  let googleClientId;
1561
- if (payload.type === "google") {
1561
+ if (credentials.type === "google") {
1562
1562
  const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
1563
1563
  const appProfileResult = await this.credentialClient.read(appProfileUri);
1564
1564
  if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1585,7 +1585,7 @@ var WalletServerCore = class {
1585
1585
  logger: this.logger,
1586
1586
  fetch: this.fetchImpl
1587
1587
  };
1588
- const result = await handler.signup(payload, context);
1588
+ const result = await handler.signup(credentials, context);
1589
1589
  const jwt = await createJwt(
1590
1590
  result.username,
1591
1591
  this.config.jwtSecret,
@@ -1613,40 +1613,38 @@ var WalletServerCore = class {
1613
1613
  app.post("/api/v1/auth/login/:appKey", async (c) => {
1614
1614
  try {
1615
1615
  const appKey = c.req.param("appKey");
1616
- const payload = await c.req.json();
1616
+ const message = await c.req.json();
1617
1617
  if (!appKey) {
1618
1618
  return c.json({ success: false, error: "appKey is required" }, 400);
1619
1619
  }
1620
- if (!payload.sessionPubkey) {
1621
- return c.json({ success: false, error: "sessionPubkey is required" }, 400);
1620
+ if (!message.auth?.[0]?.pubkey) {
1621
+ return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
1622
1622
  }
1623
- if (!payload.sessionSignature) {
1624
- return c.json({ success: false, error: "sessionSignature is required" }, 400);
1623
+ if (!message.auth?.[0]?.signature) {
1624
+ return c.json({ success: false, error: "auth[0].signature is required" }, 400);
1625
1625
  }
1626
- if (!payload.type) {
1626
+ if (!message.payload?.type) {
1627
1627
  return c.json({
1628
1628
  success: false,
1629
- error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
1629
+ error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
1630
1630
  }, 400);
1631
1631
  }
1632
- const signatureValid = await this.verifySessionSignature(
1633
- payload.sessionPubkey,
1634
- payload.sessionSignature,
1635
- payload
1636
- );
1637
- if (!signatureValid) {
1632
+ const sessionPubkey = message.auth[0].pubkey;
1633
+ const credentials = message.payload;
1634
+ const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
1635
+ if (!verified) {
1638
1636
  return c.json({ success: false, error: "Invalid session signature" }, 401);
1639
1637
  }
1640
- const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
1638
+ const sessionResult = await this.sessionExists(appKey, sessionPubkey);
1641
1639
  if (!sessionResult.valid) {
1642
1640
  return c.json({
1643
1641
  success: false,
1644
1642
  error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
1645
1643
  }, 401);
1646
1644
  }
1647
- const handler = getCredentialHandler(payload.type);
1645
+ const handler = getCredentialHandler(credentials.type);
1648
1646
  let googleClientId;
1649
- if (payload.type === "google") {
1647
+ if (credentials.type === "google") {
1650
1648
  const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
1651
1649
  const appProfileResult = await this.credentialClient.read(appProfileUri);
1652
1650
  if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1673,7 +1671,7 @@ var WalletServerCore = class {
1673
1671
  logger: this.logger,
1674
1672
  fetch: this.fetchImpl
1675
1673
  };
1676
- const result = await handler.login(payload, context);
1674
+ const result = await handler.login(credentials, context);
1677
1675
  const jwt = await createJwt(
1678
1676
  result.username,
1679
1677
  this.config.jwtSecret,
package/dist/src/mod.web.js CHANGED
@@ -1,23 +1,23 @@
1
- import {
2
- WebSocketClient
3
- } from "../chunk-UUHVOWVI.js";
4
1
  import {
5
2
  WalletClient
6
- } from "../chunk-NEYGL7RS.js";
3
+ } from "../chunk-45DWSOND.js";
4
+ import "../chunk-RW4GWQIG.js";
7
5
  import {
8
- AppsClient
9
- } from "../chunk-VAZUCGED.js";
10
- import "../chunk-B4VAPGAO.js";
6
+ HttpClient
7
+ } from "../chunk-OY4CDOHY.js";
11
8
  import {
12
9
  mod_exports
13
10
  } from "../chunk-JN75UL5C.js";
14
11
  import {
15
- HttpClient
16
- } from "../chunk-OY4CDOHY.js";
12
+ AppsClient
13
+ } from "../chunk-VAZUCGED.js";
14
+ import {
15
+ WebSocketClient
16
+ } from "../chunk-UUHVOWVI.js";
17
+ import "../chunk-O53KW746.js";
17
18
  import {
18
19
  LocalStorageClient
19
20
  } from "../chunk-PZFEKQ7F.js";
20
- import "../chunk-O53KW746.js";
21
21
  import "../chunk-MLKGABMK.js";
22
22
  export {
23
23
  AppsClient,
package/dist/wallet/mod.js CHANGED
@@ -4,10 +4,10 @@ import {
4
4
  createTestEnvironment,
5
5
  generateSessionKeypair,
6
6
  generateTestServerKeys
7
- } from "../chunk-NEYGL7RS.js";
8
- import "../chunk-B4VAPGAO.js";
9
- import "../chunk-JN75UL5C.js";
7
+ } from "../chunk-45DWSOND.js";
8
+ import "../chunk-RW4GWQIG.js";
10
9
  import "../chunk-OY4CDOHY.js";
10
+ import "../chunk-JN75UL5C.js";
11
11
  import "../chunk-O53KW746.js";
12
12
  import "../chunk-MLKGABMK.js";
13
13
  export {
package/dist/wallet-server/adapters/browser.js CHANGED
@@ -2,9 +2,9 @@ import {
2
2
  ConfigEnvironment,
3
3
  MemoryFileStorage,
4
4
  WalletServerCore
5
- } from "../../chunk-B4VAPGAO.js";
6
- import "../../chunk-JN75UL5C.js";
5
+ } from "../../chunk-RW4GWQIG.js";
7
6
  import "../../chunk-OY4CDOHY.js";
7
+ import "../../chunk-JN75UL5C.js";
8
8
  import {
9
9
  LocalStorageClient
10
10
  } from "../../chunk-PZFEKQ7F.js";
package/dist/wallet-server/mod.js CHANGED
@@ -34,9 +34,9 @@ import {
34
34
  userExists,
35
35
  verifyGoogleIdToken,
36
36
  verifyJwt
37
- } from "../chunk-B4VAPGAO.js";
38
- import "../chunk-JN75UL5C.js";
37
+ } from "../chunk-RW4GWQIG.js";
39
38
  import "../chunk-OY4CDOHY.js";
39
+ import "../chunk-JN75UL5C.js";
40
40
  import "../chunk-MLKGABMK.js";
41
41
  export {
42
42
  ConfigEnvironment,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@bandeira-tech/b3nd-web",
3
- "version": "0.3.4",
3
+ "version": "0.4.0",
4
4
  "description": "Browser-focused B3nd SDK bundle",
5
5
  "type": "module",
6
6
  "main": "./dist/src/mod.web.js",