@blazium/ton-connect-mobile 1.1.5 → 1.2.1

package/src/core/protocol.ts

@@ -248,14 +248,23 @@ export function parseCallbackURL(url: string, scheme: string): {
     }
 
     // Extract encoded payload
-    const encoded = url.substring(expectedPrefix.length);
+    let encoded = url.substring(expectedPrefix.length);
+
+    // CRITICAL FIX: Decode URL encoding first (wallet may URL-encode the payload)
+    try {
+      encoded = decodeURIComponent(encoded);
+    } catch (error) {
+      // If decodeURIComponent fails, try using the original encoded string
+      // Some wallets may not URL-encode the payload
+      console.log('[TON Connect] Payload not URL-encoded, using as-is');
+    }
 
     // CRITICAL FIX: Validate base64 payload size (prevent DoS)
     if (encoded.length === 0 || encoded.length > 5000) {
       return { type: 'unknown', data: null };
     }
 
-    // CRITICAL FIX: Validate base64 characters only
+    // CRITICAL FIX: Validate base64 characters only (after URL decoding)
     if (!/^[A-Za-z0-9_-]+$/.test(encoded)) {
       return { type: 'unknown', data: null };
     }
@@ -306,14 +315,20 @@ export function parseCallbackURL(url: string, scheme: string): {
 
 /**
  * Extract wallet info from connection response
+ * CRITICAL: This function assumes response has been validated by validateConnectionResponse
  */
 export function extractWalletInfo(
   response: ConnectionResponsePayload
 ): WalletInfo {
+  // CRITICAL FIX: Add null checks to prevent runtime errors
+  if (!response || !response.name || !response.address || !response.publicKey) {
+    throw new Error('Invalid connection response: missing required fields');
+  }
+  
   return {
     name: response.name,
-    appName: response.appName,
-    version: response.version,
+    appName: response.appName || response.name,
+    version: response.version || 'unknown',
     platform: response.platform || 'unknown',
     address: response.address,
     publicKey: response.publicKey,
@@ -360,13 +375,65 @@ export function validateTransactionRequest(
     return { valid: false, error: 'Transaction must have at least one message' };
   }
 
-  for (const msg of request.messages) {
-    if (!msg.address) {
-      return { valid: false, error: 'Message address is required' };
+  // CRITICAL: Validate each message
+  for (let i = 0; i < request.messages.length; i++) {
+    const msg = request.messages[i];
+    
+    // Validate address
+    if (!msg.address || typeof msg.address !== 'string') {
+      return { valid: false, error: `Message ${i + 1}: Address is required and must be a string` };
+    }
+    
+    // CRITICAL: Validate TON address format (EQ... or 0Q...)
+    if (!/^(EQ|0Q)[A-Za-z0-9_-]{46}$/.test(msg.address)) {
+      return { valid: false, error: `Message ${i + 1}: Invalid TON address format. Address must start with EQ or 0Q and be 48 characters long.` };
     }
-    if (!msg.amount || isNaN(Number(msg.amount))) {
-      return { valid: false, error: 'Message amount must be a valid number' };
+    
+    // Validate amount
+    if (!msg.amount || typeof msg.amount !== 'string') {
+      return { valid: false, error: `Message ${i + 1}: Amount is required and must be a string (nanotons)` };
+    }
+    
+    // CRITICAL: Validate amount is a valid positive number (nanotons)
+    try {
+      const amount = BigInt(msg.amount);
+      if (amount <= 0n) {
+        return { valid: false, error: `Message ${i + 1}: Amount must be greater than 0` };
+      }
+      // Check for reasonable maximum (prevent overflow)
+      if (amount > BigInt('1000000000000000000')) { // 1 billion TON
+        return { valid: false, error: `Message ${i + 1}: Amount exceeds maximum allowed (1 billion TON)` };
+      }
+    } catch (error) {
+      return { valid: false, error: `Message ${i + 1}: Amount must be a valid number string (nanotons)` };
     }
+    
+    // Validate payload if provided (must be base64)
+    if (msg.payload !== undefined && msg.payload !== null) {
+      if (typeof msg.payload !== 'string') {
+        return { valid: false, error: `Message ${i + 1}: Payload must be a base64 string` };
+      }
+      // Basic base64 validation
+      if (msg.payload.length > 0 && !/^[A-Za-z0-9+/=]+$/.test(msg.payload)) {
+        return { valid: false, error: `Message ${i + 1}: Payload must be valid base64 encoded` };
+      }
+    }
+    
+    // Validate stateInit if provided (must be base64)
+    if (msg.stateInit !== undefined && msg.stateInit !== null) {
+      if (typeof msg.stateInit !== 'string') {
+        return { valid: false, error: `Message ${i + 1}: StateInit must be a base64 string` };
+      }
+      // Basic base64 validation
+      if (msg.stateInit.length > 0 && !/^[A-Za-z0-9+/=]+$/.test(msg.stateInit)) {
+        return { valid: false, error: `Message ${i + 1}: StateInit must be valid base64 encoded` };
+      }
+    }
+  }
+
+  // CRITICAL: Limit maximum number of messages (prevent DoS)
+  if (request.messages.length > 255) {
+    return { valid: false, error: 'Transaction cannot have more than 255 messages' };
   }
 
   return { valid: true };

package/src/core/wallets.ts

@@ -31,7 +31,7 @@ export const SUPPORTED_WALLETS: WalletDefinition[] = [
     appName: 'Tonkeeper',
     universalLink: 'https://app.tonkeeper.com/ton-connect',
     deepLink: 'tonkeeper://',
-    platforms: ['ios', 'android'],
+    platforms: ['ios', 'android', 'web'], // CRITICAL FIX: Tonkeeper Web is supported
     preferredReturnStrategy: 'post_redirect', // CRITICAL FIX: 'back' strategy may not send callback properly, use 'post_redirect'
     requiresReturnScheme: true, // CRITICAL FIX: Mobile apps need returnScheme for proper callback handling
   },

package/src/index.ts

@@ -40,7 +40,7 @@ import { getWalletByName, getDefaultWallet, SUPPORTED_WALLETS, type WalletDefini
  * Custom error classes
  */
 export class TonConnectError extends Error {
-  constructor(message: string, public code?: string) {
+  constructor(message: string, public code?: string, public recoverySuggestion?: string) {
     super(message);
     this.name = 'TonConnectError';
   }
@@ -48,35 +48,55 @@ export class TonConnectError extends Error {
 
 export class ConnectionTimeoutError extends TonConnectError {
   constructor() {
-    super('Connection request timed out', 'CONNECTION_TIMEOUT');
+    super(
+      'Connection request timed out. The wallet did not respond in time.',
+      'CONNECTION_TIMEOUT',
+      'Please make sure the wallet app is installed and try again. If the issue persists, check your internet connection.'
+    );
     this.name = 'ConnectionTimeoutError';
   }
 }
 
 export class TransactionTimeoutError extends TonConnectError {
   constructor() {
-    super('Transaction request timed out', 'TRANSACTION_TIMEOUT');
+    super(
+      'Transaction request timed out. The wallet did not respond in time.',
+      'TRANSACTION_TIMEOUT',
+      'Please check the wallet app and try again. Make sure you approve or reject the transaction in the wallet.'
+    );
     this.name = 'TransactionTimeoutError';
   }
 }
 
 export class UserRejectedError extends TonConnectError {
-  constructor() {
-    super('User rejected the request', 'USER_REJECTED');
+  constructor(message?: string) {
+    super(
+      message || 'User rejected the request',
+      'USER_REJECTED',
+      'The user cancelled the operation in the wallet app.'
+    );
     this.name = 'UserRejectedError';
   }
 }
 
 export class ConnectionInProgressError extends TonConnectError {
   constructor() {
-    super('Connection request already in progress', 'CONNECTION_IN_PROGRESS');
+    super(
+      'Connection request already in progress',
+      'CONNECTION_IN_PROGRESS',
+      'Please wait for the current connection attempt to complete before trying again.'
+    );
     this.name = 'ConnectionInProgressError';
   }
 }
 
 export class TransactionInProgressError extends TonConnectError {
   constructor() {
-    super('Transaction request already in progress', 'TRANSACTION_IN_PROGRESS');
+    super(
+      'Transaction request already in progress',
+      'TRANSACTION_IN_PROGRESS',
+      'Please wait for the current transaction to complete before sending another one.'
+    );
     this.name = 'TransactionInProgressError';
   }
 }
@@ -235,8 +255,9 @@ export class TonConnectMobile {
     console.log('[TON Connect] Parsed callback:', parsed.type, parsed.data ? 'has data' : 'no data');
 
     // CRITICAL FIX: Check for sign data response first (before other handlers)
-    if (this.signDataPromise && !this.signDataPromise.timeout) {
-      // Sign data request is pending
+    // Note: We check if promise exists and hasn't timed out (timeout !== null means not timed out yet)
+    if (this.signDataPromise && this.signDataPromise.timeout !== null) {
+      // Sign data request is pending and hasn't timed out
       if (parsed.type === 'error' && parsed.data) {
         const errorData = parsed.data as ErrorResponse;
         if (errorData?.error) {
@@ -327,12 +348,18 @@ export class TonConnectMobile {
     this.notifyStatusChange();
 
     // Resolve connection promise
+    // CRITICAL: Only resolve if promise still exists and hasn't timed out
     if (this.connectionPromise) {
+      // Clear timeout if it exists
       if (this.connectionPromise.timeout !== null) {
         clearTimeout(this.connectionPromise.timeout);
       }
-      this.connectionPromise.resolve(wallet);
+      // Store reference before clearing to prevent race conditions
+      const promise = this.connectionPromise;
+      // Clear promise first
       this.connectionPromise = null;
+      // Then resolve
+      promise.resolve(wallet);
     }
   }
 
@@ -346,15 +373,21 @@ export class TonConnectMobile {
     }
 
     // Resolve transaction promise
+    // CRITICAL: Only resolve if promise still exists and hasn't timed out
     if (this.transactionPromise) {
+      // Clear timeout if it exists
       if (this.transactionPromise.timeout !== null) {
         clearTimeout(this.transactionPromise.timeout);
       }
-      this.transactionPromise.resolve({
+      // Store reference before clearing
+      const promise = this.transactionPromise;
+      // Clear promise first to prevent race conditions
+      this.transactionPromise = null;
+      // Then resolve
+      promise.resolve({
         boc: response.boc,
         signature: response.signature,
       });
-      this.transactionPromise = null;
     }
   }
 
@@ -376,6 +409,14 @@ export class TonConnectMobile {
       this.transactionPromise.reject(error);
       this.transactionPromise = null;
     }
+    // CRITICAL FIX: Also clear signDataPromise to prevent memory leaks
+    if (this.signDataPromise) {
+      if (this.signDataPromise.timeout !== null) {
+        clearTimeout(this.signDataPromise.timeout);
+      }
+      this.signDataPromise.reject(error);
+      this.signDataPromise = null;
+    }
   }
 
   /**
@@ -754,6 +795,38 @@ export class TonConnectMobile {
     return this.currentWallet;
   }
 
+  /**
+   * Check if a wallet is available on the current platform
+   * Note: This is a best-effort check and may not be 100% accurate
+   * CRITICAL FIX: On web, if wallet has universalLink, it's considered available
+   * because universal links can open in new tabs/windows
+   */
+  async isWalletAvailable(walletName?: string): Promise<boolean> {
+    const wallet = walletName ? getWalletByName(walletName) : this.currentWallet;
+    if (!wallet) {
+      return false;
+    }
+
+    // CRITICAL FIX: Check adapter type to reliably detect web platform
+    // WebAdapter is only used on web, so this is the most reliable check
+    const isWeb = this.adapter.constructor.name === 'WebAdapter';
+    
+    if (isWeb) {
+      // On web, if wallet has universalLink or supports web platform, it's available
+      // Universal links can open in a new tab on web
+      return wallet.platforms.includes('web') || !!wallet.universalLink;
+    }
+
+    // On mobile, we can't reliably check if wallet is installed
+    // Return true if wallet supports the current platform
+    // eslint-disable-next-line no-undef
+    const platform = typeof globalThis !== 'undefined' && (globalThis as any).Platform
+      ? (globalThis as any).Platform.OS === 'ios' ? 'ios' : 'android'
+      : 'android';
+    
+    return wallet.platforms.includes(platform);
+  }
+
   /**
    * Set preferred wallet for connections
    */
@@ -928,3 +1001,7 @@ export * from './types';
 export type { WalletDefinition } from './core/wallets';
 export { SUPPORTED_WALLETS, getWalletByName, getDefaultWallet, getWalletsForPlatform } from './core/wallets';
 
+// Export utilities
+export * from './utils/transactionBuilder';
+export * from './utils/retry';
+

package/src/react/TonConnectUIProvider.tsx

@@ -6,6 +6,7 @@
 import React, { createContext, useContext, useState, useEffect, useCallback, ReactNode } from 'react';
 import { TonConnectMobile, ConnectionStatus, WalletInfo, SendTransactionRequest } from '../index';
 import type { TonConnectMobileConfig } from '../types';
+import { WalletSelectionModal } from './WalletSelectionModal';
 
 /**
  * Account information (compatible with @tonconnect/ui-react)
@@ -108,7 +109,18 @@ export function TonConnectUIProvider({
   children,
   sdkInstance,
 }: TonConnectUIProviderProps): JSX.Element {
-  const [sdk] = useState<TonConnectMobile>(() => sdkInstance || new TonConnectMobile(config));
+  // CRITICAL: Initialize SDK only once
+  const [sdk] = useState<TonConnectMobile>(() => {
+    if (sdkInstance) {
+      return sdkInstance;
+    }
+    try {
+      return new TonConnectMobile(config);
+    } catch (error) {
+      console.error('[TonConnectUIProvider] Failed to initialize SDK:', error);
+      throw error;
+    }
+  });
   const [walletState, setWalletState] = useState<WalletState | null>(null);
   const [modalOpen, setModalOpen] = useState(false);
   const [isConnecting, setIsConnecting] = useState(false);
@@ -160,8 +172,10 @@ export function TonConnectUIProvider({
 
   // Open modal
   const openModal = useCallback(async () => {
-    setModalOpen(true);
-  }, []);
+    if (!walletState?.connected) {
+      setModalOpen(true);
+    }
+  }, [walletState?.connected]);
 
   // Close modal
   const closeModal = useCallback(() => {
@@ -199,11 +213,24 @@ export function TonConnectUIProvider({
   // Send transaction
   const sendTransaction = useCallback(
     async (transaction: SendTransactionRequest): Promise<TransactionResponse> => {
-      const response = await sdk.sendTransaction(transaction);
-      return {
-        boc: response.boc,
-        signature: response.signature,
-      };
+      try {
+        // Validate transaction before sending
+        if (!transaction || !transaction.messages || transaction.messages.length === 0) {
+          throw new Error('Invalid transaction: messages array is required and cannot be empty');
+        }
+        if (!transaction.validUntil || transaction.validUntil <= Date.now()) {
+          throw new Error('Invalid transaction: validUntil must be in the future');
+        }
+
+        const response = await sdk.sendTransaction(transaction);
+        return {
+          boc: response.boc,
+          signature: response.signature,
+        };
+      } catch (error) {
+        console.error('[TonConnectUIProvider] Transaction error:', error);
+        throw error;
+      }
     },
     [sdk]
   );
@@ -211,11 +238,21 @@ export function TonConnectUIProvider({
   // Sign data
   const signData = useCallback(
     async (request: SignDataRequest): Promise<SignDataResponse> => {
-      const response = await sdk.signData(request.data, request.version);
-      return {
-        signature: response.signature,
-        timestamp: response.timestamp,
-      };
+      try {
+        // Validate request
+        if (!request || (!request.data && request.data !== '')) {
+          throw new Error('Invalid sign data request: data is required');
+        }
+
+        const response = await sdk.signData(request.data, request.version);
+        return {
+          signature: response.signature,
+          timestamp: response.timestamp,
+        };
+      } catch (error) {
+        console.error('[TonConnectUIProvider] Sign data error:', error);
+        throw error;
+      }
     },
     [sdk]
   );
@@ -240,7 +277,16 @@ export function TonConnectUIProvider({
     sdk,
   };
 
-  return <TonConnectUIContext.Provider value={contextValue}>{children}</TonConnectUIContext.Provider>;
+  return (
+    <TonConnectUIContext.Provider value={contextValue}>
+      {children}
+      {/* Auto-show wallet selection modal when modalOpen is true */}
+      <WalletSelectionModal
+        visible={modalOpen && !walletState?.connected}
+        onClose={closeModal}
+      />
+    </TonConnectUIContext.Provider>
+  );
 }
 
 /**