@blazium/ton-connect-mobile 1.2.4 → 1.2.6

package/README.md

@@ -144,7 +144,6 @@ Access the TonConnectUI instance with all methods and features.
 ```typescript
 const tonConnectUI = useTonConnectUI();
 
-<<<<<<< HEAD
 // Connection methods:
 await tonConnectUI.connectWallet();
 await tonConnectUI.disconnect();
@@ -241,7 +240,6 @@ new TonConnectMobile(config: TonConnectMobileConfig)
 - `manifestUrl` (required): URL to your TonConnect manifest file
 - `scheme` (required): Your app's deep link scheme
 - `storageKeyPrefix` (optional): Prefix for storage keys (default: `'tonconnect_'`)
-<<<<<<< HEAD
 - `connectionTimeout` (optional): Connection timeout in ms (default: `300000` = 5 minutes)
 - `transactionTimeout` (optional): Transaction timeout in ms (default: `300000` = 5 minutes)
 - `skipCanOpenURLCheck` (optional): Skip canOpenURL check (default: `true` for Android compatibility)
@@ -325,7 +323,6 @@ const unsubscribe = ton.onStatusChange((status) => {
 });
 ```
 
-<<<<<<< HEAD
 ##### `getNetwork(): Network`
 
 Get current network (mainnet or testnet).
@@ -445,20 +442,6 @@ ton.removeAllListeners(); // Remove all listeners
 - iOS device or simulator
 - Web browsers (for wallets with web support like Tonkeeper Web)
 
-## Platform Support
-
-- ✅ **Android**: Full support via Expo or React Native CLI
-- ✅ **iOS**: Full support via Expo or React Native CLI  
-- ⚠️ **Web**: Deep links are not supported. The SDK will throw a clear error message if you try to use it in a web browser.
-
-**Why?** The `tonconnect://` protocol is a custom URI scheme that requires a mobile app handler. Web browsers cannot handle these custom protocols.
-
-**Testing**: To test wallet connections, use:
-- Android device or emulator
-- iOS device or simulator
-- Not web browsers
->>>>>>> af0bd46f78c13fb8e9799027e48d4fa228a49e3c
-
 ## Configuration
 
 ### Expo Setup
@@ -526,13 +509,13 @@ The manifest URL must be accessible via HTTPS.
 
 ## Supported Wallets
 
-<<<<<<< HEAD
 - **Tonkeeper** - Full support (iOS, Android, Web)
 - **MyTonWallet** - Full support (iOS, Android, Web)
 - **Tonhub** - Full support (iOS, Android)
 - **Wallet in Telegram** - Full support (iOS, Android)
 
 **Note**: Wallet icons are automatically loaded from official sources. If an icon fails to load, a placeholder with the wallet's initial is shown.
+
 ## Migration from @tonconnect/ui-react
 
 This SDK is a drop-in replacement for `@tonconnect/ui-react` in React Native/Expo environments.
@@ -613,7 +596,6 @@ MIT
 For issues and questions:
 - GitHub Issues: [https://github.com/blaziumdev/ton-connect-mobile/issues](https://github.com/blaziumdev/ton-connect-mobile/issues)
 
-<<<<<<< HEAD
 ## New Features in v1.2.3
 
 ### 🌐 Network Switching
@@ -847,6 +829,11 @@ try {
 
 ## Changelog
 
+### v1.2.5
+- ✅ **FIXED**: Connection response validation - `appName` and `version` fields are now optional, improving compatibility with wallets that don't send these fields
+- ✅ **FIXED**: ReactNativeAdapter URL listener error handling - Added try-catch block to prevent app crashes if URL listeners throw errors
+- ✅ **IMPROVED**: Enhanced error handling robustness across the SDK
+
 ### v1.2.3
 - ✅ **NEW**: Network switching - Switch between mainnet and testnet dynamically
 - ✅ **NEW**: Event emitters - Listen to connect, disconnect, transaction, and error events
@@ -863,6 +850,7 @@ try {
 - ✅ **IMPROVED**: Chain ID automatically updates when network changes
 - ✅ **FIXED**: Tonkeeper now correctly shows as available on web
 
+
 ### v1.2.0
 - ✅ **NEW**: Beautiful wallet selection modal component
 - ✅ **NEW**: Transaction builder utilities (`buildTransferTransaction`, `tonToNano`, etc.)
@@ -873,7 +861,6 @@ try {
 - ✅ Enhanced logging and debugging
 - ✅ Better TypeScript types
 
-
 ### v1.1.5
 - ✅ Full `@tonconnect/ui-react` compatibility
 - ✅ React integration layer with hooks and components

package/dist/adapters/react-native.js

@@ -34,7 +34,14 @@ class ReactNativeAdapter {
         }
         // Listen for deep links when app is already open
         this.subscription = Linking.addEventListener('url', (event) => {
-            this.urlListeners.forEach((listener) => listener(event.url));
+            this.urlListeners.forEach((listener) => {
+                try {
+                    listener(event.url);
+                }
+                catch (error) {
+                    console.error('[ReactNativeAdapter] Error in URL listener:', error);
+                }
+            });
         });
     }
     async openURL(url, skipCanOpenURLCheck = true) {

package/dist/core/bridge.d.ts

@@ -0,0 +1,61 @@
+/**
+ * TON Connect v2 Bridge Gateway
+ * Handles SSE connection for receiving wallet responses and POST for sending messages
+ */
+/**
+ * Bridge message received from wallet
+ */
+export interface BridgeIncomingMessage {
+    from: string;
+    message: string;
+}
+/**
+ * Bridge Gateway for TON Connect v2 HTTP Bridge
+ */
+export declare class BridgeGateway {
+    private xhr;
+    private lastEventId;
+    private active;
+    private reconnectTimer;
+    private bridgeUrl;
+    private clientId;
+    private onMessageCallback;
+    private onErrorCallback;
+    /**
+     * Connect to the bridge SSE endpoint
+     * Listens for incoming messages from the wallet
+     */
+    connect(bridgeUrl: string, clientId: string, onMessage: (msg: BridgeIncomingMessage) => void, onError?: (error: Error) => void): void;
+    /**
+     * Open SSE connection using XMLHttpRequest (works in React Native)
+     */
+    private openSSE;
+    /**
+     * Fallback: poll bridge with fetch (for environments without XMLHttpRequest streaming)
+     */
+    private pollWithFetch;
+    /**
+     * Handle a single SSE event data
+     */
+    private handleEventData;
+    /**
+     * Schedule reconnection after a delay
+     */
+    private scheduleReconnect;
+    /**
+     * Send an encrypted message via the bridge
+     */
+    send(bridgeUrl: string, fromClientId: string, toClientId: string, encryptedMessage: Uint8Array, ttl?: number): Promise<void>;
+    /**
+     * Close the bridge connection
+     */
+    close(): void;
+    /**
+     * Check if bridge is currently connected/active
+     */
+    get isConnected(): boolean;
+    /**
+     * Parse SSE text into events
+     */
+    private parseSSE;
+}

package/dist/core/bridge.js

@@ -0,0 +1,237 @@
+"use strict";
+/**
+ * TON Connect v2 Bridge Gateway
+ * Handles SSE connection for receiving wallet responses and POST for sending messages
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BridgeGateway = void 0;
+const session_1 = require("./session");
+/**
+ * Bridge Gateway for TON Connect v2 HTTP Bridge
+ */
+class BridgeGateway {
+    constructor() {
+        this.xhr = null;
+        this.lastEventId = '';
+        this.active = false;
+        this.reconnectTimer = null;
+        this.bridgeUrl = '';
+        this.clientId = '';
+        this.onMessageCallback = null;
+        this.onErrorCallback = null;
+    }
+    /**
+     * Connect to the bridge SSE endpoint
+     * Listens for incoming messages from the wallet
+     */
+    connect(bridgeUrl, clientId, onMessage, onError) {
+        this.bridgeUrl = bridgeUrl;
+        this.clientId = clientId;
+        this.onMessageCallback = onMessage;
+        this.onErrorCallback = onError || null;
+        this.active = true;
+        this.openSSE();
+    }
+    /**
+     * Open SSE connection using XMLHttpRequest (works in React Native)
+     */
+    openSSE() {
+        if (!this.active)
+            return;
+        // Build URL
+        let url = `${this.bridgeUrl}/events?client_id=${this.clientId}`;
+        if (this.lastEventId) {
+            url += `&last_event_id=${this.lastEventId}`;
+        }
+        console.log('[Bridge] Opening SSE connection:', url);
+        // Use XMLHttpRequest for SSE (available in React Native)
+        if (typeof XMLHttpRequest === 'undefined') {
+            // Fallback: use fetch-based polling
+            this.pollWithFetch(url);
+            return;
+        }
+        const xhr = new XMLHttpRequest();
+        this.xhr = xhr;
+        let processedLength = 0;
+        let buffer = '';
+        xhr.onreadystatechange = () => {
+            // LOADING (3) or DONE (4) — process incoming data
+            if (xhr.readyState >= 3) {
+                try {
+                    const newData = xhr.responseText.substring(processedLength);
+                    processedLength = xhr.responseText.length;
+                    if (newData) {
+                        buffer += newData;
+                        const parsed = this.parseSSE(buffer);
+                        buffer = parsed.remaining;
+                        for (const event of parsed.events) {
+                            if (event.id) {
+                                this.lastEventId = event.id;
+                            }
+                            if (event.data) {
+                                this.handleEventData(event.data);
+                            }
+                        }
+                    }
+                }
+                catch (e) {
+                    // Ignore parse errors, continue listening
+                    console.warn('[Bridge] SSE parse error:', e);
+                }
+            }
+            // Connection closed (readyState 4) — reconnect if still active
+            if (xhr.readyState === 4 && this.active) {
+                console.log('[Bridge] SSE connection closed, reconnecting...');
+                this.scheduleReconnect();
+            }
+        };
+        xhr.onerror = () => {
+            console.error('[Bridge] SSE connection error');
+            if (this.active) {
+                this.scheduleReconnect();
+            }
+        };
+        xhr.open('GET', url, true);
+        xhr.setRequestHeader('Accept', 'text/event-stream');
+        xhr.send();
+    }
+    /**
+     * Fallback: poll bridge with fetch (for environments without XMLHttpRequest streaming)
+     */
+    async pollWithFetch(url) {
+        while (this.active) {
+            try {
+                let pollUrl = `${this.bridgeUrl}/events?client_id=${this.clientId}`;
+                if (this.lastEventId) {
+                    pollUrl += `&last_event_id=${this.lastEventId}`;
+                }
+                const controller = new AbortController();
+                const timeoutId = setTimeout(() => controller.abort(), 25000);
+                const response = await fetch(pollUrl, {
+                    headers: { 'Accept': 'text/event-stream' },
+                    signal: controller.signal,
+                });
+                clearTimeout(timeoutId);
+                const text = await response.text();
+                const parsed = this.parseSSE(text);
+                for (const event of parsed.events) {
+                    if (event.id) {
+                        this.lastEventId = event.id;
+                    }
+                    if (event.data) {
+                        this.handleEventData(event.data);
+                    }
+                }
+            }
+            catch (error) {
+                if (error?.name === 'AbortError') {
+                    // Timeout — reconnect
+                    continue;
+                }
+                console.error('[Bridge] Fetch poll error:', error);
+                // Wait before retrying
+                await new Promise((resolve) => setTimeout(() => resolve(), 2000));
+            }
+        }
+    }
+    /**
+     * Handle a single SSE event data
+     */
+    handleEventData(data) {
+        try {
+            const parsed = JSON.parse(data);
+            if (parsed.from && parsed.message) {
+                console.log('[Bridge] Received message from:', parsed.from.substring(0, 16) + '...');
+                if (this.onMessageCallback) {
+                    this.onMessageCallback(parsed);
+                }
+            }
+        }
+        catch (e) {
+            // Might be a heartbeat or other non-JSON data — ignore
+            console.log('[Bridge] Non-message event:', data.substring(0, 50));
+        }
+    }
+    /**
+     * Schedule reconnection after a delay
+     */
+    scheduleReconnect() {
+        if (this.reconnectTimer) {
+            clearTimeout(this.reconnectTimer);
+        }
+        this.reconnectTimer = setTimeout(() => {
+            if (this.active) {
+                this.openSSE();
+            }
+        }, 1500);
+    }
+    /**
+     * Send an encrypted message via the bridge
+     */
+    async send(bridgeUrl, fromClientId, toClientId, encryptedMessage, ttl = 300) {
+        const base64Message = (0, session_1.bytesToBase64)(encryptedMessage);
+        const url = `${bridgeUrl}/message?client_id=${fromClientId}&to=${toClientId}&ttl=${ttl}`;
+        console.log('[Bridge] Sending message to:', toClientId.substring(0, 16) + '...');
+        const response = await fetch(url, {
+            method: 'POST',
+            body: base64Message,
+            headers: {
+                'Content-Type': 'text/plain',
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Bridge send failed: ${response.status} ${response.statusText}`);
+        }
+        console.log('[Bridge] Message sent successfully');
+    }
+    /**
+     * Close the bridge connection
+     */
+    close() {
+        console.log('[Bridge] Closing connection');
+        this.active = false;
+        if (this.xhr) {
+            this.xhr.abort();
+            this.xhr = null;
+        }
+        if (this.reconnectTimer) {
+            clearTimeout(this.reconnectTimer);
+            this.reconnectTimer = null;
+        }
+        this.onMessageCallback = null;
+        this.onErrorCallback = null;
+    }
+    /**
+     * Check if bridge is currently connected/active
+     */
+    get isConnected() {
+        return this.active;
+    }
+    /**
+     * Parse SSE text into events
+     */
+    parseSSE(text) {
+        const events = [];
+        const parts = text.split('\n\n');
+        const remaining = parts.pop() || '';
+        for (const part of parts) {
+            if (!part.trim())
+                continue;
+            const event = {};
+            const lines = part.split('\n');
+            for (const line of lines) {
+                if (line.startsWith('id:')) {
+                    event.id = line.substring(3).trim();
+                }
+                else if (line.startsWith('data:')) {
+                    event.data = (event.data || '') + line.substring(5).trim();
+                }
+            }
+            if (event.data || event.id) {
+                events.push(event);
+            }
+        }
+        return { events, remaining };
+    }
+}
+exports.BridgeGateway = BridgeGateway;

package/dist/core/crypto.d.ts

@@ -1,28 +1,17 @@
 /**
  * Cryptographic utilities for TonConnect
- * Uses tweetnacl for signature verification
+ * Legacy module — primary crypto is now in session.ts
+ * This module provides helper functions that may be used externally
  */
-import { ConnectionResponsePayload } from '../types';
 /**
- * Verify connection proof signature
- * The proof is signed by the wallet to verify authenticity
+ * Convert hex string to Uint8Array
  */
-export declare function verifyConnectionProof(response: ConnectionResponsePayload, manifestUrl: string): boolean;
-/**
- * Verify transaction signature
- *
- * WARNING: This function only performs basic format validation.
- * Full signature verification requires parsing the BOC (Bag of Cells) and
- * verifying the signature against the transaction hash, which requires
- * TON library integration (@ton/core or @ton/crypto).
- *
- * For production use, transaction signatures should be verified server-side
- * using proper TON libraries.
- *
- * @returns false - Always returns false to be safe until proper implementation
- */
-export declare function verifyTransactionSignature(boc: string, signature: string, publicKey: string): boolean;
+export declare function hexToBytes(hex: string): Uint8Array;
 /**
  * Generate random session ID
  */
 export declare function generateSessionId(): string;
+/**
+ * Verify Ed25519 signature
+ */
+export declare function verifySignature(message: Uint8Array, signature: Uint8Array, publicKey: Uint8Array): boolean;

package/dist/core/crypto.js

@@ -1,153 +1,20 @@
 "use strict";
 /**
  * Cryptographic utilities for TonConnect
- * Uses tweetnacl for signature verification
+ * Legacy module — primary crypto is now in session.ts
+ * This module provides helper functions that may be used externally
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifyConnectionProof = verifyConnectionProof;
-exports.verifyTransactionSignature = verifyTransactionSignature;
+exports.hexToBytes = hexToBytes;
 exports.generateSessionId = generateSessionId;
+exports.verifySignature = verifySignature;
 // eslint-disable-next-line @typescript-eslint/no-var-requires
 const nacl = require('tweetnacl');
-/**
- * Decode base64 string to Uint8Array
- */
-function decodeBase64(base64) {
-    // Remove padding and convert URL-safe to standard base64
-    const cleanBase64 = base64.replace(/-/g, '+').replace(/_/g, '/');
-    const padded = cleanBase64 + '='.repeat((4 - (cleanBase64.length % 4)) % 4);
-    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
-    const bytes = [];
-    let buffer = 0;
-    let bitsCollected = 0;
-    for (let i = 0; i < padded.length; i++) {
-        const ch = padded[i];
-        if (ch === '=')
-            break;
-        const index = chars.indexOf(ch);
-        if (index === -1)
-            continue;
-        buffer = (buffer << 6) | index;
-        bitsCollected += 6;
-        if (bitsCollected >= 8) {
-            bitsCollected -= 8;
-            bytes.push((buffer >> bitsCollected) & 0xff);
-            buffer &= (1 << bitsCollected) - 1;
-        }
-    }
-    return new Uint8Array(bytes);
-}
-/**
- * Get TextEncoder with fallback
- */
-function getTextEncoder() {
-    if (typeof TextEncoder !== 'undefined') {
-        return new TextEncoder();
-    }
-    // Fallback implementation for older React Native
-    throw new Error('TextEncoder is not available. Please use React Native 0.59+ or add a polyfill.');
-}
-/**
- * Verify connection proof signature
- * The proof is signed by the wallet to verify authenticity
- */
-function verifyConnectionProof(response, manifestUrl) {
-    // HIGH FIX: Log warning if proof is missing but allow for compatibility
-    if (!response.proof) {
-        console.warn('TON Connect: Connection proof missing - wallet may not support proof verification');
-        // Allow connection for compatibility, but log warning
-        return true;
-    }
-    try {
-        const { timestamp, domain, signature } = response.proof;
-        // Validate proof structure
-        if (typeof timestamp !== 'number' || !domain || typeof domain.lengthBytes !== 'number' || typeof domain.value !== 'string' || typeof signature !== 'string') {
-            return false;
-        }
-        // Build the message that was signed
-        // Format: <timestamp>.<domain_length>.<domain_value>.<address>.<publicKey>
-        const domainLength = domain.lengthBytes;
-        const message = `${timestamp}.${domainLength}.${domain.value}.${response.address}.${response.publicKey}`;
-        // Convert public key from hex to Uint8Array
-        const publicKeyBytes = hexToBytes(response.publicKey);
-        if (publicKeyBytes.length !== 32) {
-            return false;
-        }
-        // Convert signature from base64 to Uint8Array
-        const signatureBytes = decodeBase64(signature);
-        if (signatureBytes.length !== 64) {
-            return false;
-        }
-        // Verify signature using nacl
-        const encoder = getTextEncoder();
-        const messageBytes = encoder.encode(message);
-        return nacl.sign.detached.verify(messageBytes, signatureBytes, publicKeyBytes);
-    }
-    catch (error) {
-        // If verification fails, return false
-        console.error('TON Connect: Proof verification error:', error);
-        return false;
-    }
-}
-/**
- * Verify transaction signature
- *
- * WARNING: This function only performs basic format validation.
- * Full signature verification requires parsing the BOC (Bag of Cells) and
- * verifying the signature against the transaction hash, which requires
- * TON library integration (@ton/core or @ton/crypto).
- *
- * For production use, transaction signatures should be verified server-side
- * using proper TON libraries.
- *
- * @returns false - Always returns false to be safe until proper implementation
- */
-function verifyTransactionSignature(boc, signature, publicKey) {
-    // CRITICAL FIX: This function does not actually verify signatures
-    // It only checks format. For security, we return false until proper implementation.
-    try {
-        // Basic format validation
-        if (!boc || typeof boc !== 'string' || boc.length === 0) {
-            return false;
-        }
-        if (!signature || typeof signature !== 'string' || signature.length === 0) {
-            return false;
-        }
-        if (!publicKey || typeof publicKey !== 'string' || publicKey.length === 0) {
-            return false;
-        }
-        // Convert public key from hex to Uint8Array
-        const publicKeyBytes = hexToBytes(publicKey);
-        if (publicKeyBytes.length !== 32) {
-            return false;
-        }
-        // Convert signature from base64 to Uint8Array
-        const signatureBytes = decodeBase64(signature);
-        if (signatureBytes.length !== 64) {
-            return false;
-        }
-        // Convert BOC from base64 to Uint8Array
-        const bocBytes = decodeBase64(boc);
-        if (bocBytes.length === 0) {
-            return false;
-        }
-        // CRITICAL: Return false - actual signature verification requires TON library
-        // TODO: Integrate @ton/core or @ton/crypto for proper BOC parsing and signature verification
-        console.warn('TON Connect: Transaction signature verification not fully implemented. Signature format is valid but not cryptographically verified. Verify server-side using @ton/core.');
-        return false; // Fail-safe: reject until properly implemented
-    }
-    catch (error) {
-        console.error('TON Connect: Transaction signature verification error:', error);
-        return false;
-    }
-}
 /**
  * Convert hex string to Uint8Array
  */
 function hexToBytes(hex) {
-    // Remove 0x prefix if present
     const cleanHex = hex.startsWith('0x') ? hex.slice(2) : hex;
-    // Handle odd-length hex strings
     const paddedHex = cleanHex.length % 2 === 0 ? cleanHex : '0' + cleanHex;
     const bytes = new Uint8Array(paddedHex.length / 2);
     for (let i = 0; i < paddedHex.length; i += 2) {
@@ -160,13 +27,11 @@ function hexToBytes(hex) {
  */
 function getSecureRandomBytes(length) {
     const bytes = new Uint8Array(length);
-    // Try to use crypto.getRandomValues (available in React Native with polyfill)
     // eslint-disable-next-line no-undef
     if (typeof globalThis !== 'undefined' && globalThis.crypto && globalThis.crypto.getRandomValues) {
         globalThis.crypto.getRandomValues(bytes);
         return bytes;
     }
-    // HIGH FIX: Throw error instead of using insecure Math.random()
     throw new Error('Cryptographically secure random number generation not available. ' +
         'Please install react-native-get-random-values or use React Native 0.59+');
 }
@@ -174,10 +39,19 @@ function getSecureRandomBytes(length) {
  * Generate random session ID
  */
 function generateSessionId() {
-    // HIGH FIX: Use secure random bytes
     const bytes = getSecureRandomBytes(32);
-    // Convert to hex string
     return Array.from(bytes)
         .map((b) => b.toString(16).padStart(2, '0'))
         .join('');
 }
+/**
+ * Verify Ed25519 signature
+ */
+function verifySignature(message, signature, publicKey) {
+    try {
+        return nacl.sign.detached.verify(message, signature, publicKey);
+    }
+    catch {
+        return false;
+    }
+}

package/dist/core/index.d.ts

@@ -1,5 +1,7 @@
 /**
- * Core protocol exports
+ * Core module exports
  */
-export * from './protocol';
-export * from './crypto';
+export { SessionCrypto } from './session';
+export { BridgeGateway } from './bridge';
+export { buildConnectUniversalLink, buildReturnUniversalLink, buildSendTransactionRpcRequest, buildDisconnectRpcRequest, parseConnectResponse, parseRpcResponse, extractWalletInfoFromEvent, validateTransactionRequest, } from './protocol';
+export { SUPPORTED_WALLETS, getWalletByName, getDefaultWallet, getWalletsForPlatform } from './wallets';