@blazium/ton-connect-mobile 1.2.0 → 1.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blazium/ton-connect-mobile",
-  "version": "1.2.0",
+  "version": "1.2.3",
   "description": "Production-ready TON Connect Mobile SDK for React Native and Expo. Implements the real TonConnect protocol for mobile applications using deep links and callbacks.",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/adapters/expo.ts

@@ -78,14 +78,14 @@ export class ExpoAdapter implements PlatformAdapter {
         console.log('[ExpoAdapter] Skipping canOpenURL check (Android compatibility)');
       }
       
-      // CRITICAL FIX: Android'de canOpenURL() tonconnect:// protokolünü tanımayabilir
-      // Bu yüzden direkt openURL() çağırıyoruz. Eğer açılamazsa hata fırlatır.
+      // CRITICAL FIX: On Android, canOpenURL() may not recognize tonconnect:// protocol
+      // So we call openURL() directly. If it fails, it will throw an error.
       await Linking.openURL(url);
       console.log('[ExpoAdapter] URL opened successfully');
       return true;
     } catch (error: any) {
       console.error('[ExpoAdapter] Error in openURL:', error);
-      // Android'de tonconnect:// protokolü tanınmıyorsa veya cüzdan yüklü değilse hata verir
+      // On Android, if tonconnect:// protocol is not recognized or wallet is not installed, it will throw an error
       const errorMessage = error?.message || String(error);
       if (errorMessage.includes('No Activity found') || errorMessage.includes('No app found') || errorMessage.includes('Cannot open URL')) {
         throw new Error(

package/src/adapters/react-native.ts

@@ -67,14 +67,14 @@ export class ReactNativeAdapter implements PlatformAdapter {
         console.log('[ReactNativeAdapter] Skipping canOpenURL check (Android compatibility)');
       }
       
-      // CRITICAL FIX: Android'de canOpenURL() tonconnect:// protokolünü tanımayabilir
-      // Bu yüzden direkt openURL() çağırıyoruz. Eğer açılamazsa hata fırlatır.
+      // CRITICAL FIX: On Android, canOpenURL() may not recognize tonconnect:// protocol
+      // So we call openURL() directly. If it fails, it will throw an error.
       await Linking.openURL(url);
       console.log('[ReactNativeAdapter] URL opened successfully');
       return true;
     } catch (error: any) {
       console.error('[ReactNativeAdapter] Error in openURL:', error);
-      // Android'de tonconnect:// protokolü tanınmıyorsa veya cüzdan yüklü değilse hata verir
+      // On Android, if tonconnect:// protocol is not recognized or wallet is not installed, it will throw an error
       const errorMessage = error?.message || String(error);
       if (errorMessage.includes('No Activity found') || errorMessage.includes('No app found') || errorMessage.includes('Cannot open URL')) {
         throw new Error(

package/src/core/protocol.ts

@@ -248,14 +248,23 @@ export function parseCallbackURL(url: string, scheme: string): {
     }
 
     // Extract encoded payload
-    const encoded = url.substring(expectedPrefix.length);
+    let encoded = url.substring(expectedPrefix.length);
+
+    // CRITICAL FIX: Decode URL encoding first (wallet may URL-encode the payload)
+    try {
+      encoded = decodeURIComponent(encoded);
+    } catch (error) {
+      // If decodeURIComponent fails, try using the original encoded string
+      // Some wallets may not URL-encode the payload
+      console.log('[TON Connect] Payload not URL-encoded, using as-is');
+    }
 
     // CRITICAL FIX: Validate base64 payload size (prevent DoS)
     if (encoded.length === 0 || encoded.length > 5000) {
       return { type: 'unknown', data: null };
     }
 
-    // CRITICAL FIX: Validate base64 characters only
+    // CRITICAL FIX: Validate base64 characters only (after URL decoding)
     if (!/^[A-Za-z0-9_-]+$/.test(encoded)) {
       return { type: 'unknown', data: null };
     }
@@ -306,14 +315,20 @@ export function parseCallbackURL(url: string, scheme: string): {
 
 /**
  * Extract wallet info from connection response
+ * CRITICAL: This function assumes response has been validated by validateConnectionResponse
  */
 export function extractWalletInfo(
   response: ConnectionResponsePayload
 ): WalletInfo {
+  // CRITICAL FIX: Add null checks to prevent runtime errors
+  if (!response || !response.name || !response.address || !response.publicKey) {
+    throw new Error('Invalid connection response: missing required fields');
+  }
+  
   return {
     name: response.name,
-    appName: response.appName,
-    version: response.version,
+    appName: response.appName || response.name,
+    version: response.version || 'unknown',
     platform: response.platform || 'unknown',
     address: response.address,
     publicKey: response.publicKey,
@@ -360,13 +375,65 @@ export function validateTransactionRequest(
     return { valid: false, error: 'Transaction must have at least one message' };
   }
 
-  for (const msg of request.messages) {
-    if (!msg.address) {
-      return { valid: false, error: 'Message address is required' };
+  // CRITICAL: Validate each message
+  for (let i = 0; i < request.messages.length; i++) {
+    const msg = request.messages[i];
+    
+    // Validate address
+    if (!msg.address || typeof msg.address !== 'string') {
+      return { valid: false, error: `Message ${i + 1}: Address is required and must be a string` };
+    }
+    
+    // CRITICAL: Validate TON address format (EQ... or 0Q...)
+    if (!/^(EQ|0Q)[A-Za-z0-9_-]{46}$/.test(msg.address)) {
+      return { valid: false, error: `Message ${i + 1}: Invalid TON address format. Address must start with EQ or 0Q and be 48 characters long.` };
     }
-    if (!msg.amount || isNaN(Number(msg.amount))) {
-      return { valid: false, error: 'Message amount must be a valid number' };
+    
+    // Validate amount
+    if (!msg.amount || typeof msg.amount !== 'string') {
+      return { valid: false, error: `Message ${i + 1}: Amount is required and must be a string (nanotons)` };
+    }
+    
+    // CRITICAL: Validate amount is a valid positive number (nanotons)
+    try {
+      const amount = BigInt(msg.amount);
+      if (amount <= 0n) {
+        return { valid: false, error: `Message ${i + 1}: Amount must be greater than 0` };
+      }
+      // Check for reasonable maximum (prevent overflow)
+      if (amount > BigInt('1000000000000000000')) { // 1 billion TON
+        return { valid: false, error: `Message ${i + 1}: Amount exceeds maximum allowed (1 billion TON)` };
+      }
+    } catch (error) {
+      return { valid: false, error: `Message ${i + 1}: Amount must be a valid number string (nanotons)` };
     }
+    
+    // Validate payload if provided (must be base64)
+    if (msg.payload !== undefined && msg.payload !== null) {
+      if (typeof msg.payload !== 'string') {
+        return { valid: false, error: `Message ${i + 1}: Payload must be a base64 string` };
+      }
+      // Basic base64 validation
+      if (msg.payload.length > 0 && !/^[A-Za-z0-9+/=]+$/.test(msg.payload)) {
+        return { valid: false, error: `Message ${i + 1}: Payload must be valid base64 encoded` };
+      }
+    }
+    
+    // Validate stateInit if provided (must be base64)
+    if (msg.stateInit !== undefined && msg.stateInit !== null) {
+      if (typeof msg.stateInit !== 'string') {
+        return { valid: false, error: `Message ${i + 1}: StateInit must be a base64 string` };
+      }
+      // Basic base64 validation
+      if (msg.stateInit.length > 0 && !/^[A-Za-z0-9+/=]+$/.test(msg.stateInit)) {
+        return { valid: false, error: `Message ${i + 1}: StateInit must be valid base64 encoded` };
+      }
+    }
+  }
+
+  // CRITICAL: Limit maximum number of messages (prevent DoS)
+  if (request.messages.length > 255) {
+    return { valid: false, error: 'Transaction cannot have more than 255 messages' };
   }
 
   return { valid: true };

package/src/core/wallets.ts

@@ -31,7 +31,8 @@ export const SUPPORTED_WALLETS: WalletDefinition[] = [
     appName: 'Tonkeeper',
     universalLink: 'https://app.tonkeeper.com/ton-connect',
     deepLink: 'tonkeeper://',
-    platforms: ['ios', 'android'],
+    iconUrl: 'https://tonkeeper.com/assets/tonconnect-icon.png',
+    platforms: ['ios', 'android', 'web'], // CRITICAL FIX: Tonkeeper Web is supported
     preferredReturnStrategy: 'post_redirect', // CRITICAL FIX: 'back' strategy may not send callback properly, use 'post_redirect'
     requiresReturnScheme: true, // CRITICAL FIX: Mobile apps need returnScheme for proper callback handling
   },
@@ -40,6 +41,7 @@ export const SUPPORTED_WALLETS: WalletDefinition[] = [
     appName: 'MyTonWallet',
     universalLink: 'https://connect.mytonwallet.org',
     deepLink: 'mytonwallet://',
+    iconUrl: 'https://static.mytonwallet.io/icon-256.png',
     platforms: ['ios', 'android', 'web'],
     preferredReturnStrategy: 'post_redirect',
     requiresReturnScheme: true, // MyTonWallet requires explicit returnScheme
@@ -49,6 +51,7 @@ export const SUPPORTED_WALLETS: WalletDefinition[] = [
     appName: 'Wallet',
     universalLink: 'https://wallet.tonapi.io/ton-connect',
     deepLink: 'tg://',
+    iconUrl: 'https://wallet.tonapi.io/icon.png',
     platforms: ['ios', 'android'],
     preferredReturnStrategy: 'post_redirect',
     requiresReturnScheme: true, // Telegram Wallet requires explicit returnScheme
@@ -58,6 +61,7 @@ export const SUPPORTED_WALLETS: WalletDefinition[] = [
     appName: 'Tonhub',
     universalLink: 'https://tonhub.com/ton-connect',
     deepLink: 'tonhub://',
+    iconUrl: 'https://tonhub.com/tonconnect_logo.png',
     platforms: ['ios', 'android'],
     preferredReturnStrategy: 'post_redirect',
     requiresReturnScheme: true, // Tonhub requires explicit returnScheme for proper callback