@bufinance/web3-signin 0.1.0 → 0.1.1

package/README.md

@@ -8,12 +8,9 @@ It wraps three things:
 2. **Supabase Web3 auth** — `signInWithWeb3` (EIP-4361 "Sign in with Ethereum"). Supabase builds the SIWE message, the wallet signs, GoTrue verifies server-side and mints the session. No custom SIWE backend.
 3. **Turnstile CAPTCHA** (wallet logins only) — renders the Cloudflare Turnstile widget and hands the token to `signInWithWeb3` as `captchaToken`. **No siteverify Worker** — Supabase verifies the token with the secret set in its dashboard.
 
-## Install (GitHub Packages)
+## Install (public npm)
 
 ```
-# .npmrc
-@bufinance:registry=https://npm.pkg.github.com
-
 bun add @bufinance/web3-signin
 ```
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bufinance/web3-signin",
-  "version": "0.1.0",
+  "version": "0.1.1",
   "description": "Headless cross-app Web3 wallet sign-in for BUFI: EIP-6963 wallet discovery + Supabase signInWithWeb3 (EIP-4361) + Turnstile captcha. Shared by desk-v1 and defi-web-app. Source of truth lives here; both apps consume it.",
   "type": "module",
   "main": "./src/index.ts",
@@ -9,7 +9,9 @@
     ".": "./src/index.ts",
     "./react": "./src/react/index.ts"
   },
-  "files": ["src"],
+  "files": [
+    "src"
+  ],
   "scripts": {
     "typecheck": "tsc --noEmit",
     "test": "bun test"

package/src/react/turnstile.tsx

@@ -9,14 +9,18 @@ import { useEffect, useRef } from "react";
  * token up via `onToken`, which the caller passes as `captchaToken` to
  * `signInWithWeb3`. Reset it after each auth attempt (tokens are single-use).
  */
-declare global {
-  interface Window {
-    turnstile?: {
-      render: (el: HTMLElement, opts: TurnstileRenderOpts) => string;
-      reset: (id?: string) => void;
-      remove: (id?: string) => void;
-    };
-  }
+interface TurnstileApi {
+  render: (el: HTMLElement, opts: TurnstileRenderOpts) => string;
+  reset: (id?: string) => void;
+  remove: (id?: string) => void;
+}
+
+/** Read window.turnstile without `declare global` — augmenting the global
+ *  Window collides with consumers that already declare their own turnstile
+ *  type. A local intersection cast keeps this package self-contained. */
+function getTurnstile(): TurnstileApi | undefined {
+  if (typeof window === "undefined") return undefined;
+  return (window as Window & { turnstile?: TurnstileApi }).turnstile;
 }
 
 interface TurnstileRenderOpts {
@@ -35,7 +39,7 @@ let scriptPromise: Promise<void> | null = null;
 
 function loadScript(): Promise<void> {
   if (typeof window === "undefined") return Promise.resolve();
-  if (window.turnstile) return Promise.resolve();
+  if (getTurnstile()) return Promise.resolve();
   if (scriptPromise) return scriptPromise;
   scriptPromise = new Promise<void>((resolve, reject) => {
     const s = document.createElement("script");
@@ -79,8 +83,10 @@ export function Turnstile({
     if (!sitekey) return;
     loadScript()
       .then(() => {
-        if (cancelled || !ref.current || !window.turnstile) return;
-        widgetId.current = window.turnstile.render(ref.current, {
+        if (cancelled || !ref.current) return;
+        const api = getTurnstile();
+        if (!api) return;
+        widgetId.current = api.render(ref.current, {
           sitekey,
           action: "bufi-wallet-login",
           theme,
@@ -93,9 +99,10 @@ export function Turnstile({
       .catch(() => cb.current.onError?.());
     return () => {
       cancelled = true;
-      if (widgetId.current && window.turnstile) {
+      const api = getTurnstile();
+      if (widgetId.current && api) {
         try {
-          window.turnstile.remove(widgetId.current);
+          api.remove(widgetId.current);
         } catch {
           /* widget already gone */
         }
@@ -110,5 +117,5 @@ export function Turnstile({
 /** Imperatively reset the rendered widget (tokens are single-use; reset after
  *  each auth attempt). Pass the same sitekey instance's container. */
 export function resetTurnstile(): void {
-  if (typeof window !== "undefined") window.turnstile?.reset();
+  getTurnstile()?.reset();
 }