@buildonspark/issuer-sdk 0.1.4 → 0.1.6

package/CHANGELOG.md

@@ -1,5 +1,27 @@
 # @buildonspark/issuer-sdk
 
+## 0.1.6
+
+### Patch Changes
+
+- ### Improved Token Ownership Validation
+
+  Token metadata fetches now return only tokens owned by the issuer, with centralized ownership validation to prevent operating on non-owned tokens.
+
+  ### Stricter Token Identifier Requirements
+
+  Mint, burn, freeze, and unfreeze flows now require explicit token identifiers or validate that only a single token is available. This provides clearer validation and more descriptive error messages when operations fail.
+
+- Updated dependencies
+  - @buildonspark/spark-sdk@0.5.6
+
+## 0.1.5
+
+### Patch Changes
+
+- Updated dependencies
+  - @buildonspark/spark-sdk@0.5.5
+
 ## 0.1.4
 
 ### Patch Changes

package/dist/index.browser.d.ts

@@ -114,10 +114,12 @@ declare abstract class IssuerSparkWallet extends SparkWallet {
     getIssuerTokenMetadata(): Promise<IssuerTokenMetadata>;
     /**
      * Retrieves information about the tokens that were issued by this user.
+     * @param tokenIdentifiers - Optional array of specific token identifiers to fetch.
+     *                           If omitted, all tokens for this issuer are fetched.
      * @returns An array of objects containing token information including public key, name, symbol, decimals, max supply, freeze status, and extra metadata
      * @throws {SparkRequestError} If the token metadata cannot be retrieved
      */
-    getIssuerTokensMetadata(): Promise<IssuerTokenMetadata[]>;
+    getIssuerTokensMetadata(tokenIdentifiers?: Bech32mTokenIdentifier[]): Promise<IssuerTokenMetadata[]>;
     /**
      * Retrieves the bech32m encoded token identifier for the issuer's token.
      * @deprecated Use getIssuerTokenIdentifiers() instead. This method will be removed in a future version.
@@ -183,7 +185,7 @@ declare abstract class IssuerSparkWallet extends SparkWallet {
      */
     mintTokens({ tokenAmount, tokenIdentifier, }: {
         tokenAmount: bigint;
-        tokenIdentifier?: Bech32mTokenIdentifier;
+        tokenIdentifier: Bech32mTokenIdentifier;
     }): Promise<string>;
     /**
      * Burns issuer's tokens
@@ -205,7 +207,7 @@ declare abstract class IssuerSparkWallet extends SparkWallet {
      */
     burnTokens({ tokenAmount, tokenIdentifier, selectedOutputs, }: {
         tokenAmount: bigint;
-        tokenIdentifier?: Bech32mTokenIdentifier;
+        tokenIdentifier: Bech32mTokenIdentifier;
         selectedOutputs?: OutputWithPreviousTransactionData[];
     }): Promise<string>;
     /**
@@ -267,6 +269,14 @@ declare abstract class IssuerSparkWallet extends SparkWallet {
      * @throws {SparkError} This feature is not yet supported
      */
     getIssuerTokenDistribution(): Promise<TokenDistribution>;
+    /**
+     * This validates that the token belongs to this issuer.
+     * If a token is in the cache, it must belong to this issuer.
+     * @param tokenIdentifier - The bech32m encoded token identifier
+     * @throws {SparkValidationError} If the token is not found for this issuer
+     * @private
+     */
+    private validateTokenIssuer;
     protected getTraceName(methodName: string): string;
     private wrapIssuerPublicMethod;
     private wrapIssuerSparkWalletMethods;

package/dist/index.browser.js

@@ -433,88 +433,57 @@ var IssuerSparkWallet = class extends SparkWallet {
    * @throws {SparkValidationError} If multiple tokens are found for this issuer
    */
   async getIssuerTokenMetadata() {
-    const issuerPublicKey = await super.getIdentityPublicKey();
-    const sparkTokenClient = await this.connectionManager.createSparkTokenClient(
-      this.config.getCoordinatorAddress()
-    );
-    try {
-      const response = await sparkTokenClient.query_token_metadata({
-        issuerPublicKeys: Array.of(hexToBytes2(issuerPublicKey))
-      });
-      if (response.tokenMetadata.length === 0) {
-        throw new SparkValidationError3(
-          "Token metadata not found - If a token has not yet been created, please create it first. Try again in a few seconds.",
-          {
-            field: "tokenMetadata",
-            value: response.tokenMetadata,
-            expected: "non-empty array",
-            actualLength: response.tokenMetadata.length,
-            expectedLength: 1
-          }
-        );
-      }
-      if (response.tokenMetadata.length > 1) {
-        throw new SparkValidationError3(
-          "Multiple tokens found for this issuer. Please migrate to getIssuerTokensMetadata() instead.",
-          {
-            field: "tokenMetadata",
-            value: response.tokenMetadata
-          }
-        );
-      }
-      const metadata = response.tokenMetadata[0];
-      const bech32mTokenIdentifier = encodeBech32mTokenIdentifier({
-        tokenIdentifier: metadata.tokenIdentifier,
-        network: this.config.getNetworkType()
-      });
-      this.tokenMetadata.set(bech32mTokenIdentifier, metadata);
-      return {
-        tokenPublicKey: bytesToHex(metadata.issuerPublicKey),
-        rawTokenIdentifier: metadata.tokenIdentifier,
-        tokenName: metadata.tokenName,
-        tokenTicker: metadata.tokenTicker,
-        decimals: metadata.decimals,
-        maxSupply: bytesToNumberBE(metadata.maxSupply),
-        isFreezable: metadata.isFreezable,
-        extraMetadata: metadata.extraMetadata ? new Uint8Array(metadata.extraMetadata) : void 0,
-        bech32mTokenIdentifier
-      };
-    } catch (error) {
-      throw new SparkRequestError2("Failed to fetch token metadata", { error });
+    const tokensMetadata = await this.getIssuerTokensMetadata();
+    if (tokensMetadata.length === 0) {
+      throw new SparkValidationError3("No tokens found. Create a token first.");
+    }
+    if (tokensMetadata.length > 1) {
+      throw new SparkValidationError3(
+        "Multiple tokens found for this issuer. Please migrate to getIssuerTokensMetadata() instead.",
+        {
+          field: "tokenMetadata",
+          value: tokensMetadata
+        }
+      );
     }
+    return tokensMetadata[0];
   }
   /**
    * Retrieves information about the tokens that were issued by this user.
+   * @param tokenIdentifiers - Optional array of specific token identifiers to fetch.
+   *                           If omitted, all tokens for this issuer are fetched.
    * @returns An array of objects containing token information including public key, name, symbol, decimals, max supply, freeze status, and extra metadata
    * @throws {SparkRequestError} If the token metadata cannot be retrieved
    */
-  async getIssuerTokensMetadata() {
+  async getIssuerTokensMetadata(tokenIdentifiers) {
     const issuerPublicKey = await super.getIdentityPublicKey();
     const sparkTokenClient = await this.connectionManager.createSparkTokenClient(
       this.config.getCoordinatorAddress()
     );
+    const filterByIdentifiers = Array.isArray(tokenIdentifiers) && tokenIdentifiers.length > 0;
+    const tokenIdentifierSet = filterByIdentifiers ? new Set(tokenIdentifiers) : void 0;
+    const request = {};
+    if (filterByIdentifiers) {
+      request.tokenIdentifiers = tokenIdentifiers.map(
+        (id) => decodeBech32mTokenIdentifier(id, this.config.getNetworkType()).tokenIdentifier
+      );
+    } else {
+      request.issuerPublicKeys = Array.of(hexToBytes2(issuerPublicKey));
+    }
     try {
-      const response = await sparkTokenClient.query_token_metadata({
-        issuerPublicKeys: Array.of(hexToBytes2(issuerPublicKey))
-      });
-      if (response.tokenMetadata.length === 0) {
-        throw new SparkValidationError3(
-          "Token metadata not found - If a token has not yet been created, please create it first. Try again in a few seconds.",
-          {
-            field: "tokenMetadata",
-            value: response.tokenMetadata,
-            expected: "non-empty array",
-            actualLength: response.tokenMetadata.length,
-            expectedLength: 1
-          }
-        );
-      }
+      const response = await sparkTokenClient.query_token_metadata(request);
       const tokenMetadata = [];
       for (const metadata of response.tokenMetadata) {
         const bech32mTokenIdentifier = encodeBech32mTokenIdentifier({
           tokenIdentifier: metadata.tokenIdentifier,
           network: this.config.getNetworkType()
         });
+        if (bytesToHex(metadata.issuerPublicKey) !== issuerPublicKey) {
+          continue;
+        }
+        if (filterByIdentifiers && !tokenIdentifierSet.has(bech32mTokenIdentifier)) {
+          continue;
+        }
         this.tokenMetadata.set(bech32mTokenIdentifier, metadata);
         tokenMetadata.push({
           tokenPublicKey: bytesToHex(metadata.issuerPublicKey),
@@ -530,6 +499,9 @@ var IssuerSparkWallet = class extends SparkWallet {
       }
       return tokenMetadata;
     } catch (error) {
+      if (error instanceof SparkError) {
+        throw error;
+      }
       throw new SparkRequestError2("Failed to fetch token metadata", { error });
     }
   }
@@ -542,6 +514,9 @@ var IssuerSparkWallet = class extends SparkWallet {
    */
   async getIssuerTokenIdentifier() {
     const tokensMetadata = await this.getIssuerTokensMetadata();
+    if (tokensMetadata.length === 0) {
+      throw new SparkValidationError3("No tokens found. Create a token first.");
+    }
     if (tokensMetadata.length > 1) {
       throw new SparkValidationError3(
         "Multiple tokens found. Use getIssuerTokenIdentifiers() instead.",
@@ -558,9 +533,6 @@ var IssuerSparkWallet = class extends SparkWallet {
         }
       );
     }
-    if (tokensMetadata.length === 0) {
-      throw new SparkValidationError3("No tokens found. Create a token first.");
-    }
     return tokensMetadata[0].bech32mTokenIdentifier;
   }
   /**
@@ -674,8 +646,13 @@ var IssuerSparkWallet = class extends SparkWallet {
     }
     const issuerTokenPublicKey = await super.getIdentityPublicKey();
     const issuerTokenPublicKeyBytes = hexToBytes2(issuerTokenPublicKey);
-    const tokensMetadata = await this.getIssuerTokensMetadata();
     if (bech32mTokenIdentifier === void 0) {
+      const tokensMetadata = await this.getIssuerTokensMetadata();
+      if (tokensMetadata.length === 0) {
+        throw new SparkValidationError3(
+          "No tokens found. Create a token first."
+        );
+      }
       if (tokensMetadata.length > 1) {
         throw new SparkValidationError3(
           "Multiple tokens found. Please use mintTokens({ tokenAmount, tokenIdentifier }) instead.",
@@ -684,19 +661,14 @@ var IssuerSparkWallet = class extends SparkWallet {
             availableTokens: tokensMetadata.map((t) => ({
               tokenName: t.tokenName,
               tokenTicker: t.tokenTicker,
-              bech32mTokenIdentifier: encodeBech32mTokenIdentifier({
-                tokenIdentifier: t.rawTokenIdentifier,
-                network: this.config.getNetworkType()
-              })
+              bech32mTokenIdentifier: t.bech32mTokenIdentifier
             }))
           }
         );
       }
-      const encodedTokenIdentifier = encodeBech32mTokenIdentifier({
-        tokenIdentifier: tokensMetadata[0].rawTokenIdentifier,
-        network: this.config.getNetworkType()
-      });
-      bech32mTokenIdentifier = encodedTokenIdentifier;
+      bech32mTokenIdentifier = tokensMetadata[0].bech32mTokenIdentifier;
+    } else {
+      await this.validateTokenIssuer(bech32mTokenIdentifier);
     }
     const rawTokenIdentifier = decodeBech32mTokenIdentifier(
       bech32mTokenIdentifier,
@@ -723,13 +695,18 @@ var IssuerSparkWallet = class extends SparkWallet {
     }
   }
   async burnTokens(tokenAmountOrParams, selectedOutputs) {
-    let bech32mTokenIdentifier;
+    let burnTokenIdentifier;
     let tokenAmount;
     let outputs;
     if (typeof tokenAmountOrParams === "bigint") {
       tokenAmount = tokenAmountOrParams;
       outputs = selectedOutputs;
       const tokenIdentifiers = await this.getIssuerTokenIdentifiers();
+      if (tokenIdentifiers.length === 0) {
+        throw new SparkValidationError3(
+          "No tokens found. Create a token first."
+        );
+      }
       if (tokenIdentifiers.length > 1) {
         throw new SparkValidationError3(
           "Multiple tokens found. Use burnTokens({ tokenIdentifier, tokenAmount, selectedOutputs }) to specify which token to burn.",
@@ -739,52 +716,19 @@ var IssuerSparkWallet = class extends SparkWallet {
           }
         );
       }
-      if (tokenIdentifiers.length === 0) {
-        throw new SparkValidationError3(
-          "No tokens found. Create a token first."
-        );
-      }
-      bech32mTokenIdentifier = tokenIdentifiers[0];
+      burnTokenIdentifier = tokenIdentifiers[0];
     } else {
       tokenAmount = tokenAmountOrParams.tokenAmount;
       outputs = tokenAmountOrParams.selectedOutputs;
-      if (tokenAmountOrParams.tokenIdentifier) {
-        const tokenIdentifiers = await this.getIssuerTokenIdentifiers();
-        const tokenIdentifier = tokenIdentifiers.find(
-          (identifier) => identifier === tokenAmountOrParams.tokenIdentifier
-        );
-        if (!tokenIdentifier) {
-          throw new SparkValidationError3("Token not found for this issuer", {
-            field: "tokenIdentifier",
-            value: tokenAmountOrParams.tokenIdentifier
-          });
-        }
-        bech32mTokenIdentifier = tokenAmountOrParams.tokenIdentifier;
-      } else {
-        const tokenIdentifiers = await this.getIssuerTokenIdentifiers();
-        if (tokenIdentifiers.length === 0) {
-          throw new SparkValidationError3(
-            "No tokens found. Create a token first."
-          );
-        }
-        if (tokenIdentifiers.length > 1) {
-          throw new SparkValidationError3(
-            "Multiple tokens found. Please specify tokenIdentifier in parameters.",
-            {
-              field: "tokenIdentifier",
-              availableTokens: tokenIdentifiers
-            }
-          );
-        }
-        bech32mTokenIdentifier = tokenIdentifiers[0];
-      }
+      await this.validateTokenIssuer(tokenAmountOrParams.tokenIdentifier);
+      burnTokenIdentifier = tokenAmountOrParams.tokenIdentifier;
     }
     const burnAddress = encodeSparkAddress({
       identityPublicKey: BURN_ADDRESS,
       network: this.config.getNetworkType()
     });
     return await this.transferTokens({
-      tokenIdentifier: bech32mTokenIdentifier,
+      tokenIdentifier: burnTokenIdentifier,
       tokenAmount,
       receiverSparkAddress: burnAddress,
       selectedOutputs: outputs
@@ -821,6 +765,8 @@ var IssuerSparkWallet = class extends SparkWallet {
         );
       }
       bech32mTokenIdentifier = tokenIdentifiers[0];
+    } else {
+      await this.validateTokenIssuer(bech32mTokenIdentifier);
     }
     const rawTokenIdentifier = decodeBech32mTokenIdentifier(
       bech32mTokenIdentifier,
@@ -848,6 +794,11 @@ var IssuerSparkWallet = class extends SparkWallet {
     }
     if (bech32mTokenIdentifier === void 0) {
       const tokenIdentifiers = await this.getIssuerTokenIdentifiers();
+      if (tokenIdentifiers.length === 0) {
+        throw new SparkValidationError3(
+          "No tokens found. Create a token first."
+        );
+      }
       if (tokenIdentifiers.length > 1) {
         throw new SparkValidationError3(
           "Multiple tokens found. Use unfreezeTokens({ tokenIdentifier, sparkAddress }) instead.",
@@ -858,6 +809,8 @@ var IssuerSparkWallet = class extends SparkWallet {
         );
       }
       bech32mTokenIdentifier = tokenIdentifiers[0];
+    } else {
+      await this.validateTokenIssuer(bech32mTokenIdentifier);
     }
     const decodedOwnerPubkey = decodeSparkAddress(
       sparkAddress,
@@ -884,6 +837,45 @@ var IssuerSparkWallet = class extends SparkWallet {
   async getIssuerTokenDistribution() {
     throw new SparkError("Token distribution is not yet supported");
   }
+  /**
+   * This validates that the token belongs to this issuer.
+   * If a token is in the cache, it must belong to this issuer.
+   * @param tokenIdentifier - The bech32m encoded token identifier
+   * @throws {SparkValidationError} If the token is not found for this issuer
+   * @private
+   */
+  async validateTokenIssuer(tokenIdentifier) {
+    const issuerPublicKey = await super.getIdentityPublicKey();
+    const cachedMetadata = this.tokenMetadata.get(tokenIdentifier);
+    if (cachedMetadata) {
+      if (bytesToHex(cachedMetadata.issuerPublicKey) !== issuerPublicKey) {
+        throw new SparkValidationError3("Token was not issued by this issuer", {
+          field: "issuerPublicKey",
+          tokenIdentifier,
+          expected: issuerPublicKey,
+          actual: bytesToHex(cachedMetadata.issuerPublicKey)
+        });
+      }
+    } else {
+      const tokensMetadata = await this.getIssuerTokensMetadata([
+        tokenIdentifier
+      ]);
+      if (tokensMetadata.length === 0) {
+        throw new SparkValidationError3("Token not found for this issuer", {
+          field: "tokenIdentifier",
+          value: tokenIdentifier
+        });
+      }
+      if (tokensMetadata[0].tokenPublicKey !== issuerPublicKey) {
+        throw new SparkValidationError3("Token was not issued by this issuer", {
+          field: "issuerPublicKey",
+          tokenIdentifier,
+          expected: issuerPublicKey,
+          actual: tokensMetadata[0].tokenPublicKey
+        });
+      }
+    }
+  }
   getTraceName(methodName) {
     return `IssuerSparkWallet.${methodName}`;
   }