@bandeira-tech/b3nd-web 0.3.4 → 0.5.0

package/dist/{chunk-OY4CDOHY.js → chunk-32YBATXQ.js}

@@ -48,9 +48,15 @@ var HttpClient = class {
     try {
       const { protocol, domain, path } = this.parseUri(uri);
       const requestPath = `/api/v1/write/${protocol}/${domain}${path}`;
+      const isBinary = value instanceof Uint8Array;
+      const body = isBinary ? value : JSON.stringify({ value });
+      const contentType = isBinary ? "application/octet-stream" : "application/json";
       const response = await this.request(requestPath, {
         method: "POST",
-        body: JSON.stringify({ value })
+        body,
+        headers: {
+          "Content-Type": contentType
+        }
       });
       const result = await response.json();
       if (!response.ok) {
@@ -90,6 +96,16 @@ var HttpClient = class {
           error: `Read failed: ${response.statusText}`
         };
       }
+      const contentType = response.headers.get("Content-Type") || "";
+      const isBinary = contentType === "application/octet-stream" || contentType.startsWith("image/") || contentType.startsWith("audio/") || contentType.startsWith("video/") || contentType.startsWith("font/") || contentType === "application/wasm";
+      if (isBinary) {
+        const buffer = await response.arrayBuffer();
+        const data = new Uint8Array(buffer);
+        return {
+          success: true,
+          record: { data, ts: Date.now() }
+        };
+      }
       const result = await response.json();
       return {
         success: true,

package/dist/{chunk-B4VAPGAO.js → chunk-7PZMJECC.js}

@@ -5,12 +5,11 @@ import {
   decrypt,
   encodeHex,
   encrypt,
-  verify,
   verifyPayload
 } from "./chunk-JN75UL5C.js";
 import {
   HttpClient
-} from "./chunk-OY4CDOHY.js";
+} from "./chunk-32YBATXQ.js";
 
 // wallet-server/interfaces.ts
 var defaultLogger = {
@@ -1407,28 +1406,16 @@ var WalletServerCore = class {
     if (!res.success) {
       return { valid: false, reason: "session_not_approved" };
     }
-    if (res.record?.data === 1) {
+    const data = res.record?.data;
+    const status = typeof data === "object" && data !== null && "payload" in data ? data.payload : data;
+    if (status === 1) {
       return { valid: true };
     }
-    if (res.record?.data === 0) {
+    if (status === 0) {
       return { valid: false, reason: "session_revoked" };
     }
     return { valid: false, reason: "invalid_session_status" };
   }
-  /**
-   * Verify that a login request signature is valid for the given session pubkey.
-   * The signature should be over the stringified login payload (without the signature field).
-   * Uses SDK crypto for consistent verification across the codebase.
-   */
-  async verifySessionSignature(sessionPubkey, signature, payload) {
-    try {
-      const { sessionSignature: _, ...signedPayload } = payload;
-      return await verify(sessionPubkey, signature, signedPayload);
-    } catch (error) {
-      this.logger.error("Session signature verification failed:", error);
-      return false;
-    }
-  }
   createApp() {
     const app = new Hono();
     const serverPublicKey = this.serverKeys.identityKey.publicKeyHex;
@@ -1525,40 +1512,38 @@ var WalletServerCore = class {
     app.post("/api/v1/auth/signup/:appKey", async (c) => {
       try {
         const appKey = c.req.param("appKey");
-        const payload = await c.req.json();
+        const message = await c.req.json();
         if (!appKey) {
           return c.json({ success: false, error: "appKey is required" }, 400);
         }
-        if (!payload.sessionPubkey) {
-          return c.json({ success: false, error: "sessionPubkey is required" }, 400);
+        if (!message.auth?.[0]?.pubkey) {
+          return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
         }
-        if (!payload.sessionSignature) {
-          return c.json({ success: false, error: "sessionSignature is required" }, 400);
+        if (!message.auth?.[0]?.signature) {
+          return c.json({ success: false, error: "auth[0].signature is required" }, 400);
         }
-        if (!payload.type) {
+        if (!message.payload?.type) {
           return c.json({
             success: false,
-            error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
+            error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
           }, 400);
         }
-        const signatureValid = await this.verifySessionSignature(
-          payload.sessionPubkey,
-          payload.sessionSignature,
-          payload
-        );
-        if (!signatureValid) {
+        const sessionPubkey = message.auth[0].pubkey;
+        const credentials = message.payload;
+        const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
+        if (!verified) {
           return c.json({ success: false, error: "Invalid session signature" }, 401);
         }
-        const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
+        const sessionResult = await this.sessionExists(appKey, sessionPubkey);
         if (!sessionResult.valid) {
           return c.json({
             success: false,
             error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
           }, 401);
         }
-        const handler = getCredentialHandler(payload.type);
+        const handler = getCredentialHandler(credentials.type);
         let googleClientId;
-        if (payload.type === "google") {
+        if (credentials.type === "google") {
           const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
           const appProfileResult = await this.credentialClient.read(appProfileUri);
           if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1585,7 +1570,7 @@ var WalletServerCore = class {
           logger: this.logger,
           fetch: this.fetchImpl
         };
-        const result = await handler.signup(payload, context);
+        const result = await handler.signup(credentials, context);
         const jwt = await createJwt(
           result.username,
           this.config.jwtSecret,
@@ -1613,40 +1598,38 @@ var WalletServerCore = class {
     app.post("/api/v1/auth/login/:appKey", async (c) => {
       try {
         const appKey = c.req.param("appKey");
-        const payload = await c.req.json();
+        const message = await c.req.json();
         if (!appKey) {
           return c.json({ success: false, error: "appKey is required" }, 400);
         }
-        if (!payload.sessionPubkey) {
-          return c.json({ success: false, error: "sessionPubkey is required" }, 400);
+        if (!message.auth?.[0]?.pubkey) {
+          return c.json({ success: false, error: "auth[0].pubkey (session public key) is required" }, 400);
         }
-        if (!payload.sessionSignature) {
-          return c.json({ success: false, error: "sessionSignature is required" }, 400);
+        if (!message.auth?.[0]?.signature) {
+          return c.json({ success: false, error: "auth[0].signature is required" }, 400);
         }
-        if (!payload.type) {
+        if (!message.payload?.type) {
           return c.json({
             success: false,
-            error: `type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
+            error: `payload.type is required. Supported: ${getSupportedCredentialTypes().join(", ")}`
           }, 400);
         }
-        const signatureValid = await this.verifySessionSignature(
-          payload.sessionPubkey,
-          payload.sessionSignature,
-          payload
-        );
-        if (!signatureValid) {
+        const sessionPubkey = message.auth[0].pubkey;
+        const credentials = message.payload;
+        const { verified } = await verifyPayload({ payload: credentials, auth: message.auth });
+        if (!verified) {
           return c.json({ success: false, error: "Invalid session signature" }, 401);
         }
-        const sessionResult = await this.sessionExists(appKey, payload.sessionPubkey);
+        const sessionResult = await this.sessionExists(appKey, sessionPubkey);
         if (!sessionResult.valid) {
           return c.json({
             success: false,
             error: sessionResult.reason === "session_revoked" ? "Session has been revoked" : sessionResult.reason === "session_not_approved" ? "Session not approved by app" : "Invalid session"
           }, 401);
         }
-        const handler = getCredentialHandler(payload.type);
+        const handler = getCredentialHandler(credentials.type);
         let googleClientId;
-        if (payload.type === "google") {
+        if (credentials.type === "google") {
           const appProfileUri = `mutable://accounts/${appKey}/app-profile`;
           const appProfileResult = await this.credentialClient.read(appProfileUri);
           if (appProfileResult.success && appProfileResult.record?.data) {
@@ -1673,7 +1656,7 @@ var WalletServerCore = class {
           logger: this.logger,
           fetch: this.fetchImpl
         };
-        const result = await handler.login(payload, context);
+        const result = await handler.login(credentials, context);
         const jwt = await createJwt(
           result.username,
           this.config.jwtSecret,

package/dist/{chunk-NEYGL7RS.js → chunk-PYCSO5U6.js}

@@ -1,11 +1,11 @@
 import {
   WalletServerCore
-} from "./chunk-B4VAPGAO.js";
+} from "./chunk-7PZMJECC.js";
 import {
+  createAuthenticatedMessageWithHex,
   exportPrivateKeyPem,
   generateEncryptionKeyPair,
-  generateSigningKeyPair,
-  signWithHex
+  generateSigningKeyPair
 } from "./chunk-JN75UL5C.js";
 import {
   MemoryClient,
@@ -143,31 +143,15 @@ var WalletClient = class {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
     const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/signup", appKey), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        ...payloadToSign,
-        sessionSignature
-      })
+      body: JSON.stringify(message)
     });
     const data = await response.json();
     if (!response.ok || !data.success) {
@@ -199,31 +183,15 @@ var WalletClient = class {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
     const response = await this.fetchImpl(this.buildAppKeyUrl("/auth/login", appKey), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        ...payloadToSign,
-        sessionSignature
-      })
+      body: JSON.stringify(message)
     });
     const data = await response.json();
     if (!response.ok || !data.success) {
@@ -574,28 +542,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
-    const response = await this.request("POST", `/auth/signup/${appKey}`, {
-      ...payloadToSign,
-      sessionSignature
-    });
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
+    const response = await this.request("POST", `/auth/signup/${appKey}`, message);
     const data = await response.json();
     if (!response.ok || !data.success) {
       throw new Error(data.error || `Signup failed: ${response.statusText}`);
@@ -626,28 +578,12 @@ var MemoryWalletClient = class _MemoryWalletClient {
     if (!session?.publicKeyHex || !session?.privateKeyHex) {
       throw new Error("session keypair is required");
     }
-    let payloadToSign;
-    if (credentials.type === "password") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "password",
-        username: credentials.username,
-        password: credentials.password
-      };
-    } else if (credentials.type === "google") {
-      payloadToSign = {
-        sessionPubkey: session.publicKeyHex,
-        type: "google",
-        googleIdToken: credentials.googleIdToken
-      };
-    } else {
-      throw new Error(`Unknown credential type: ${credentials.type}`);
-    }
-    const sessionSignature = await signWithHex(session.privateKeyHex, payloadToSign);
-    const response = await this.request("POST", `/auth/login/${appKey}`, {
-      ...payloadToSign,
-      sessionSignature
-    });
+    const message = await createAuthenticatedMessageWithHex(
+      credentials,
+      session.publicKeyHex,
+      session.privateKeyHex
+    );
+    const response = await this.request("POST", `/auth/login/${appKey}`, message);
     const data = await response.json();
     if (!response.ok || !data.success) {
       throw new Error(data.error || `Login failed: ${response.statusText}`);

package/dist/clients/http/mod.js

@@ -1,6 +1,6 @@
 import {
   HttpClient
-} from "../../chunk-OY4CDOHY.js";
+} from "../../chunk-32YBATXQ.js";
 import "../../chunk-MLKGABMK.js";
 export {
   HttpClient

package/dist/{core-ClnuubZw.d.ts → core-BGUpkKnP.d.ts}

@@ -279,12 +279,6 @@ declare class WalletServerCore {
      * @returns { valid: true } if approved, { valid: false, reason } if not
      */
     private sessionExists;
-    /**
-     * Verify that a login request signature is valid for the given session pubkey.
-     * The signature should be over the stringified login payload (without the signature field).
-     * Uses SDK crypto for consistent verification across the codebase.
-     */
-    private verifySessionSignature;
     private createApp;
 }
 

package/dist/src/mod.web.js

@@ -1,19 +1,19 @@
 import {
   WebSocketClient
 } from "../chunk-UUHVOWVI.js";
-import {
-  WalletClient
-} from "../chunk-NEYGL7RS.js";
 import {
   AppsClient
 } from "../chunk-VAZUCGED.js";
-import "../chunk-B4VAPGAO.js";
+import {
+  WalletClient
+} from "../chunk-PYCSO5U6.js";
+import "../chunk-7PZMJECC.js";
 import {
   mod_exports
 } from "../chunk-JN75UL5C.js";
 import {
   HttpClient
-} from "../chunk-OY4CDOHY.js";
+} from "../chunk-32YBATXQ.js";
 import {
   LocalStorageClient
 } from "../chunk-PZFEKQ7F.js";

package/dist/wallet/mod.d.ts

@@ -1,7 +1,7 @@
 import { A as AuthSession, H as HealthResponse, S as SessionKeypair, U as UserCredentials, P as PasswordResetToken, a as UserPublicKeys, b as ProxyWriteRequest, c as ProxyWriteResponse, d as ProxyReadRequest, e as ProxyReadResponse, f as ProxyReadMultiRequest, g as ProxyReadMultiResponse } from '../client-DHCiJ9I7.js';
 export { l as ApiResponse, C as ChangePasswordResponse, G as GoogleAuthSession, q as GoogleLoginResponse, p as GoogleSignupResponse, L as LoginResponse, k as ProxyReadMultiResultItem, n as PublicKeysResponse, R as RequestPasswordResetResponse, o as ResetPasswordResponse, m as SignupResponse, W as WalletClient, j as WalletClientConfig, i as WalletClientInterface, h as generateSessionKeypair } from '../client-DHCiJ9I7.js';
 import { N as NodeProtocolInterface, S as Schema } from '../types-uuvn4oKw.js';
-import { S as ServerKeys, W as WalletServerCore } from '../core-ClnuubZw.js';
+import { S as ServerKeys, W as WalletServerCore } from '../core-BGUpkKnP.js';
 import { MemoryClient } from '../clients/memory/mod.js';
 import 'hono';
 

package/dist/wallet/mod.js

@@ -4,10 +4,10 @@ import {
   createTestEnvironment,
   generateSessionKeypair,
   generateTestServerKeys
-} from "../chunk-NEYGL7RS.js";
-import "../chunk-B4VAPGAO.js";
+} from "../chunk-PYCSO5U6.js";
+import "../chunk-7PZMJECC.js";
 import "../chunk-JN75UL5C.js";
-import "../chunk-OY4CDOHY.js";
+import "../chunk-32YBATXQ.js";
 import "../chunk-O53KW746.js";
 import "../chunk-MLKGABMK.js";
 export {

package/dist/wallet-server/adapters/browser.d.ts

@@ -1,5 +1,5 @@
-import { F as FileStorage, S as ServerKeys, W as WalletServerCore } from '../../core-ClnuubZw.js';
-export { C as BrowserEnvironment, M as BrowserMemoryStorage } from '../../core-ClnuubZw.js';
+import { F as FileStorage, S as ServerKeys, W as WalletServerCore } from '../../core-BGUpkKnP.js';
+export { C as BrowserEnvironment, M as BrowserMemoryStorage } from '../../core-BGUpkKnP.js';
 import 'hono';
 import '../../types-uuvn4oKw.js';
 

package/dist/wallet-server/adapters/browser.js

@@ -2,9 +2,9 @@ import {
   ConfigEnvironment,
   MemoryFileStorage,
   WalletServerCore
-} from "../../chunk-B4VAPGAO.js";
+} from "../../chunk-7PZMJECC.js";
 import "../../chunk-JN75UL5C.js";
-import "../../chunk-OY4CDOHY.js";
+import "../../chunk-32YBATXQ.js";
 import {
   LocalStorageClient
 } from "../../chunk-PZFEKQ7F.js";

package/dist/wallet-server/mod.d.ts

@@ -1,5 +1,5 @@
-import { P as ProxyWriteRequest, a as ProxyWriteResponse, b as ProxyReadResponse, U as UserKeys, L as Logger, H as HttpFetch } from '../core-ClnuubZw.js';
-export { A as AppBackendConfig, f as AuthSessionResponse, C as ConfigEnvironment, E as Environment, F as FileStorage, h as HealthResponse, M as MemoryFileStorage, g as PublicKeysResponse, R as ResolvedWalletServerConfig, e as ServerKeyPair, S as ServerKeys, i as ServerKeysResponse, c as WalletServerConfig, W as WalletServerCore, d as WalletServerDeps, j as defaultLogger } from '../core-ClnuubZw.js';
+import { P as ProxyWriteRequest, a as ProxyWriteResponse, b as ProxyReadResponse, U as UserKeys, L as Logger, H as HttpFetch } from '../core-BGUpkKnP.js';
+export { A as AppBackendConfig, f as AuthSessionResponse, C as ConfigEnvironment, E as Environment, F as FileStorage, h as HealthResponse, M as MemoryFileStorage, g as PublicKeysResponse, R as ResolvedWalletServerConfig, e as ServerKeyPair, S as ServerKeys, i as ServerKeysResponse, c as WalletServerConfig, W as WalletServerCore, d as WalletServerDeps, j as defaultLogger } from '../core-BGUpkKnP.js';
 import { N as NodeProtocolInterface } from '../types-uuvn4oKw.js';
 import { S as SignedEncryptedMessage, E as EncryptedPayload } from '../mod-CII9wqu2.js';
 import 'hono';

package/dist/wallet-server/mod.js

@@ -34,9 +34,9 @@ import {
   userExists,
   verifyGoogleIdToken,
   verifyJwt
-} from "../chunk-B4VAPGAO.js";
+} from "../chunk-7PZMJECC.js";
 import "../chunk-JN75UL5C.js";
-import "../chunk-OY4CDOHY.js";
+import "../chunk-32YBATXQ.js";
 import "../chunk-MLKGABMK.js";
 export {
   ConfigEnvironment,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bandeira-tech/b3nd-web",
-  "version": "0.3.4",
+  "version": "0.5.0",
   "description": "Browser-focused B3nd SDK bundle",
   "type": "module",
   "main": "./dist/src/mod.web.js",