@canton-network/wallet-gateway-remote 0.22.0 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/auth/jwt-auth-service.d.ts.map +1 -1
- package/dist/auth/jwt-auth-service.js +23 -3
- package/dist/auth/jwt-unsafe-auth-service.d.ts.map +1 -1
- package/dist/auth/jwt-unsafe-auth-service.js +7 -1
- package/dist/config/Config.test.js +1 -1
- package/dist/dapp-api/controller.d.ts.map +1 -1
- package/dist/dapp-api/controller.js +5 -9
- package/dist/dapp-api/rpc-gen/typings.d.ts +32 -5
- package/dist/dapp-api/rpc-gen/typings.d.ts.map +1 -1
- package/dist/example-config.js +2 -2
- package/dist/ledger/wallet-allocation/signing-providers/blockdaemon-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/blockdaemon-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/fireblocks-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/fireblocks-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/kernel-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/kernel-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/participant-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/participant-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/wallet-allocation-service.d.ts +2 -2
- package/dist/ledger/wallet-allocation/wallet-allocation-service.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/wallet-allocation-service.js +10 -4
- package/dist/ledger/wallet-allocation/wallet-allocation-service.test.js +13 -12
- package/dist/ledger/wallet-sync-service.d.ts +4 -1
- package/dist/ledger/wallet-sync-service.d.ts.map +1 -1
- package/dist/ledger/wallet-sync-service.js +97 -18
- package/dist/ledger/wallet-sync-service.test.js +79 -0
- package/dist/user-api/controller.d.ts.map +1 -1
- package/dist/user-api/controller.js +57 -11
- package/dist/user-api/rpc-gen/typings.d.ts +11 -0
- package/dist/user-api/rpc-gen/typings.d.ts.map +1 -1
- package/dist/web/frontend/404/index.html +2 -2
- package/dist/web/frontend/approve/index.html +5 -4
- package/dist/web/frontend/assets/404-CwWne4gl.js +8 -0
- package/dist/web/frontend/assets/approve-sXtkk0nx.js +20 -0
- package/dist/web/frontend/assets/{callback-D_VLeaX-.js → callback-5r0xYoAY.js} +1 -1
- package/dist/web/frontend/assets/index-BY0dSIJ0.js +1698 -0
- package/dist/web/frontend/assets/index-C4_-rNJw.js +1 -0
- package/dist/web/frontend/assets/login-DwOvzCWW.js +7 -0
- package/dist/web/frontend/assets/settings-lXZlQ6-V.js +37 -0
- package/dist/web/frontend/assets/{state-PjJJ3Anb.js → state-Zh2baU_h.js} +1 -1
- package/dist/web/frontend/assets/{transactions-DGdh8VAO.js → transactions-gLP4M5t0.js} +3 -3
- package/dist/web/frontend/assets/{utils-D5kQDwtZ.js → utils-CI12TM_E.js} +1 -1
- package/dist/web/frontend/assets/{wallets-CjjRt-cQ.js → wallets-Cmwexted.js} +2 -2
- package/dist/web/frontend/callback/index.html +2 -2
- package/dist/web/frontend/index.html +1 -1
- package/dist/web/frontend/login/index.html +4 -3
- package/dist/web/frontend/settings/index.html +3 -3
- package/dist/web/frontend/transactions/index.html +4 -4
- package/dist/web/frontend/wallets/index.html +4 -4
- package/package.json +20 -20
- package/dist/web/frontend/assets/404-DzH9sSlT.js +0 -8
- package/dist/web/frontend/assets/approve-Duv1K5LE.js +0 -17
- package/dist/web/frontend/assets/index-Bj5VTWmh.js +0 -1686
- package/dist/web/frontend/assets/login-B-jF6DLr.js +0 -7
- package/dist/web/frontend/assets/settings-DZpeOwSh.js +0 -37
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import{o as T,e as c,l as A,f as X,c as ce,s as I,W as De,r as He,_ as $e,d as Ne,b as xe,w as Ue,t as ke}from"./index-Bj5VTWmh.js";import{r as de}from"./state-PjJJ3Anb.js";const Z=crypto,ye=t=>t instanceof CryptoKey,K=new TextEncoder,U=new TextDecoder;function Me(...t){const e=t.reduce((s,{length:o})=>s+o,0),r=new Uint8Array(e);let n=0;for(const s of t)r.set(s,n),n+=s.length;return r}const Le=t=>{let e=t;typeof e=="string"&&(e=K.encode(e));const r=32768,n=[];for(let s=0;s<e.length;s+=r)n.push(String.fromCharCode.apply(null,e.subarray(s,s+r)));return btoa(n.join(""))},j=t=>Le(t).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"),Fe=t=>{const e=atob(t),r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e.charCodeAt(n);return r},L=t=>{let e=t;e instanceof Uint8Array&&(e=U.decode(e)),e=e.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Fe(e)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}};class l extends Error{constructor(e,r){super(e,r),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}}l.code="ERR_JOSE_GENERIC";class Ve extends l{constructor(e,r,n="unspecified",s="unspecified"){super(e,{cause:{claim:n,reason:s,payload:r}}),this.code="ERR_JWT_CLAIM_VALIDATION_FAILED",this.claim=n,this.reason=s,this.payload=r}}Ve.code="ERR_JWT_CLAIM_VALIDATION_FAILED";class ze extends l{constructor(e,r,n="unspecified",s="unspecified"){super(e,{cause:{claim:n,reason:s,payload:r}}),this.code="ERR_JWT_EXPIRED",this.claim=n,this.reason=s,this.payload=r}}ze.code="ERR_JWT_EXPIRED";class je extends l{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}}je.code="ERR_JOSE_ALG_NOT_ALLOWED";class b extends l{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}}b.code="ERR_JOSE_NOT_SUPPORTED";class Ge extends l{constructor(e="decryption operation failed",r){super(e,r),this.code="ERR_JWE_DECRYPTION_FAILED"}}Ge.code="ERR_JWE_DECRYPTION_FAILED";class Be extends l{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}}Be.code="ERR_JWE_INVALID";class R extends l{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}}R.code="ERR_JWS_INVALID";class y extends l{constructor(){super(...arguments),this.code="ERR_JWT_INVALID"}}y.code="ERR_JWT_INVALID";class qe extends l{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}}qe.code="ERR_JWK_INVALID";class Ye extends l{constructor(){super(...arguments),this.code="ERR_JWKS_INVALID"}}Ye.code="ERR_JWKS_INVALID";class Xe extends l{constructor(e="no applicable key found in the JSON Web Key Set",r){super(e,r),this.code="ERR_JWKS_NO_MATCHING_KEY"}}Xe.code="ERR_JWKS_NO_MATCHING_KEY";class Ze extends l{constructor(e="multiple matching keys found in the JSON Web Key Set",r){super(e,r),this.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS"}}Ze.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";class Qe extends l{constructor(e="request timed out",r){super(e,r),this.code="ERR_JWKS_TIMEOUT"}}Qe.code="ERR_JWKS_TIMEOUT";class et extends l{constructor(e="signature verification failed",r){super(e,r),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}et.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED";function m(t,e="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${e} must be ${t}`)}function O(t,e){return t.name===e}function G(t){return parseInt(t.name.slice(4),10)}function tt(t){switch(t){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function rt(t,e){if(e.length&&!e.some(r=>t.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(e.length>2){const n=e.pop();r+=`one of ${e.join(", ")}, or ${n}.`}else e.length===2?r+=`one of ${e[0]} or ${e[1]}.`:r+=`${e[0]}.`;throw new TypeError(r)}}function nt(t,e,...r){switch(e){case"HS256":case"HS384":case"HS512":{if(!O(t.algorithm,"HMAC"))throw m("HMAC");const n=parseInt(e.slice(2),10);if(G(t.algorithm.hash)!==n)throw m(`SHA-${n}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!O(t.algorithm,"RSASSA-PKCS1-v1_5"))throw m("RSASSA-PKCS1-v1_5");const n=parseInt(e.slice(2),10);if(G(t.algorithm.hash)!==n)throw m(`SHA-${n}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!O(t.algorithm,"RSA-PSS"))throw m("RSA-PSS");const n=parseInt(e.slice(2),10);if(G(t.algorithm.hash)!==n)throw m(`SHA-${n}`,"algorithm.hash");break}case"EdDSA":{if(t.algorithm.name!=="Ed25519"&&t.algorithm.name!=="Ed448")throw m("Ed25519 or Ed448");break}case"Ed25519":{if(!O(t.algorithm,"Ed25519"))throw m("Ed25519");break}case"ES256":case"ES384":case"ES512":{if(!O(t.algorithm,"ECDSA"))throw m("ECDSA");const n=tt(e);if(t.algorithm.namedCurve!==n)throw m(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}rt(t,r)}function we(t,e,...r){if(r=r.filter(Boolean),r.length>2){const n=r.pop();t+=`one of type ${r.join(", ")}, or ${n}.`}else r.length===2?t+=`one of type ${r[0]} or ${r[1]}.`:t+=`of type ${r[0]}.`;return e==null?t+=` Received ${e}`:typeof e=="function"&&e.name?t+=` Received function ${e.name}`:typeof e=="object"&&e!=null&&e.constructor?.name&&(t+=` Received an instance of ${e.constructor.name}`),t}const le=(t,...e)=>we("Key must be ",t,...e);function ge(t,e,...r){return we(`Key for the ${t} algorithm must be `,e,...r)}const Se=t=>ye(t)?!0:t?.[Symbol.toStringTag]==="KeyObject",k=["CryptoKey"],st=(...t)=>{const e=t.filter(Boolean);if(e.length===0||e.length===1)return!0;let r;for(const n of e){const s=Object.keys(n);if(!r||r.size===0){r=new Set(s);continue}for(const o of s){if(r.has(o))return!1;r.add(o)}}return!0};function ot(t){return typeof t=="object"&&t!==null}function Q(t){if(!ot(t)||Object.prototype.toString.call(t)!=="[object Object]")return!1;if(Object.getPrototypeOf(t)===null)return!0;let e=t;for(;Object.getPrototypeOf(e)!==null;)e=Object.getPrototypeOf(e);return Object.getPrototypeOf(t)===e}const it=(t,e)=>{if(t.startsWith("RS")||t.startsWith("PS")){const{modulusLength:r}=e.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)}};function N(t){return Q(t)&&typeof t.kty=="string"}function at(t){return t.kty!=="oct"&&typeof t.d=="string"}function ct(t){return t.kty!=="oct"&&typeof t.d>"u"}function dt(t){return N(t)&&t.kty==="oct"&&typeof t.k=="string"}function lt(t){let e,r;switch(t.kty){case"RSA":{switch(t.alg){case"PS256":case"PS384":case"PS512":e={name:"RSA-PSS",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":e={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":e={name:"RSA-OAEP",hash:`SHA-${parseInt(t.alg.slice(-3),10)||1}`},r=t.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"EC":{switch(t.alg){case"ES256":e={name:"ECDSA",namedCurve:"P-256"},r=t.d?["sign"]:["verify"];break;case"ES384":e={name:"ECDSA",namedCurve:"P-384"},r=t.d?["sign"]:["verify"];break;case"ES512":e={name:"ECDSA",namedCurve:"P-521"},r=t.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":e={name:"ECDH",namedCurve:t.crv},r=t.d?["deriveBits"]:[];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"OKP":{switch(t.alg){case"Ed25519":e={name:"Ed25519"},r=t.d?["sign"]:["verify"];break;case"EdDSA":e={name:t.crv},r=t.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":e={name:t.crv},r=t.d?["deriveBits"]:[];break;default:throw new b('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new b('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:e,keyUsages:r}}const ht=async t=>{if(!t.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');const{algorithm:e,keyUsages:r}=lt(t),n=[e,t.ext??!1,t.key_ops??r],s={...t};return delete s.alg,delete s.use,Z.subtle.importKey("jwk",s,...n)},Ee=t=>L(t);let v,C;const be=t=>t?.[Symbol.toStringTag]==="KeyObject",M=async(t,e,r,n,s=!1)=>{let o=t.get(e);if(o?.[n])return o[n];const i=await ht({...r,alg:n});return s&&Object.freeze(e),o?o[n]=i:t.set(e,{[n]:i}),i},ut=(t,e)=>{if(be(t)){let r=t.export({format:"jwk"});return delete r.d,delete r.dp,delete r.dq,delete r.p,delete r.q,delete r.qi,r.k?Ee(r.k):(C||(C=new WeakMap),M(C,t,r,e))}return N(t)?t.k?L(t.k):(C||(C=new WeakMap),M(C,t,t,e,!0)):t},pt=(t,e)=>{if(be(t)){let r=t.export({format:"jwk"});return r.k?Ee(r.k):(v||(v=new WeakMap),M(v,t,r,e))}return N(t)?t.k?L(t.k):(v||(v=new WeakMap),M(v,t,t,e,!0)):t},ft={normalizePublicKey:ut,normalizePrivateKey:pt},W=t=>t?.[Symbol.toStringTag],q=(t,e,r)=>{if(e.use!==void 0&&e.use!=="sig")throw new TypeError("Invalid key for this operation, when present its use must be sig");if(e.key_ops!==void 0&&e.key_ops.includes?.(r)!==!0)throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${r}`);if(e.alg!==void 0&&e.alg!==t)throw new TypeError(`Invalid key for this operation, when present its alg must be ${t}`);return!0},mt=(t,e,r,n)=>{if(!(e instanceof Uint8Array)){if(n&&N(e)){if(dt(e)&&q(t,e,r))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!Se(e))throw new TypeError(ge(t,e,...k,"Uint8Array",n?"JSON Web Key":null));if(e.type!=="secret")throw new TypeError(`${W(e)} instances for symmetric algorithms must be of type "secret"`)}},_t=(t,e,r,n)=>{if(n&&N(e))switch(r){case"sign":if(at(e)&&q(t,e,r))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"verify":if(ct(e)&&q(t,e,r))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!Se(e))throw new TypeError(ge(t,e,...k,n?"JSON Web Key":null));if(e.type==="secret")throw new TypeError(`${W(e)} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&e.type==="public")throw new TypeError(`${W(e)} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&e.type==="public")throw new TypeError(`${W(e)} instances for asymmetric algorithm decryption must be of type "private"`);if(e.algorithm&&r==="verify"&&e.type==="private")throw new TypeError(`${W(e)} instances for asymmetric algorithm verifying must be of type "public"`);if(e.algorithm&&r==="encrypt"&&e.type==="private")throw new TypeError(`${W(e)} instances for asymmetric algorithm encryption must be of type "public"`)};function Te(t,e,r,n){e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?mt(e,r,n,t):_t(e,r,n,t)}Te.bind(void 0,!1);const yt=Te.bind(void 0,!0);function wt(t,e,r,n,s){if(s.crit!==void 0&&n?.crit===void 0)throw new t('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(i=>typeof i!="string"||i.length===0))throw new t('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;r!==void 0?o=new Map([...Object.entries(r),...e.entries()]):o=e;for(const i of n.crit){if(!o.has(i))throw new b(`Extension Header Parameter "${i}" is not recognized`);if(s[i]===void 0)throw new t(`Extension Header Parameter "${i}" is missing`);if(o.get(i)&&n[i]===void 0)throw new t(`Extension Header Parameter "${i}" MUST be integrity protected`)}return new Set(n.crit)}function gt(t,e){const r=`SHA-${t.slice(-3)}`;switch(t){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:t.slice(-3)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:e.namedCurve};case"Ed25519":return{name:"Ed25519"};case"EdDSA":return{name:e.name};default:throw new b(`alg ${t} is not supported either by JOSE or your javascript runtime`)}}async function St(t,e,r){if(e=await ft.normalizePrivateKey(e,t),ye(e))return nt(e,t,r),e;if(e instanceof Uint8Array){if(!t.startsWith("HS"))throw new TypeError(le(e,...k));return Z.subtle.importKey("raw",e,{hash:`SHA-${t.slice(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(le(e,...k,"Uint8Array","JSON Web Key"))}const S=t=>Math.floor(t.getTime()/1e3),Ae=60,Ie=Ae*60,ee=Ie*24,Et=ee*7,bt=ee*365.25,Tt=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,B=t=>{const e=Tt.exec(t);if(!e||e[4]&&e[1])throw new TypeError("Invalid time period format");const r=parseFloat(e[2]),n=e[3].toLowerCase();let s;switch(n){case"sec":case"secs":case"second":case"seconds":case"s":s=Math.round(r);break;case"minute":case"minutes":case"min":case"mins":case"m":s=Math.round(r*Ae);break;case"hour":case"hours":case"hr":case"hrs":case"h":s=Math.round(r*Ie);break;case"day":case"days":case"d":s=Math.round(r*ee);break;case"week":case"weeks":case"w":s=Math.round(r*Et);break;default:s=Math.round(r*bt);break}return e[1]==="-"||e[4]==="ago"?-s:s},At=async(t,e,r)=>{const n=await St(t,e,"sign");it(t,n);const s=await Z.subtle.sign(gt(t,n.algorithm),n,r);return new Uint8Array(s)};class It{constructor(e){if(!(e instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=e}setProtectedHeader(e){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=e,this}setUnprotectedHeader(e){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=e,this}async sign(e,r){if(!this._protectedHeader&&!this._unprotectedHeader)throw new R("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!st(this._protectedHeader,this._unprotectedHeader))throw new R("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const n={...this._protectedHeader,...this._unprotectedHeader},s=wt(R,new Map([["b64",!0]]),r?.crit,this._protectedHeader,n);let o=!0;if(s.has("b64")&&(o=this._protectedHeader.b64,typeof o!="boolean"))throw new R('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:i}=n;if(typeof i!="string"||!i)throw new R('JWS "alg" (Algorithm) Header Parameter missing or invalid');yt(i,e,"sign");let d=this._payload;o&&(d=K.encode(j(d)));let p;this._protectedHeader?p=K.encode(j(JSON.stringify(this._protectedHeader))):p=K.encode("");const _=Me(p,K.encode("."),d),g=await At(i,e,_),a={signature:j(g),payload:""};return o&&(a.payload=U.decode(d)),this._unprotectedHeader&&(a.header=this._unprotectedHeader),this._protectedHeader&&(a.protected=U.decode(p)),a}}class vt{constructor(e){this._flattened=new It(e)}setProtectedHeader(e){return this._flattened.setProtectedHeader(e),this}async sign(e,r){const n=await this._flattened.sign(e,r);if(n.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${n.protected}.${n.payload}.${n.signature}`}}function E(t,e){if(!Number.isFinite(e))throw new TypeError(`Invalid ${t} input`);return e}class Ct{constructor(e={}){if(!Q(e))throw new TypeError("JWT Claims Set MUST be an object");this._payload=e}setIssuer(e){return this._payload={...this._payload,iss:e},this}setSubject(e){return this._payload={...this._payload,sub:e},this}setAudience(e){return this._payload={...this._payload,aud:e},this}setJti(e){return this._payload={...this._payload,jti:e},this}setNotBefore(e){return typeof e=="number"?this._payload={...this._payload,nbf:E("setNotBefore",e)}:e instanceof Date?this._payload={...this._payload,nbf:E("setNotBefore",S(e))}:this._payload={...this._payload,nbf:S(new Date)+B(e)},this}setExpirationTime(e){return typeof e=="number"?this._payload={...this._payload,exp:E("setExpirationTime",e)}:e instanceof Date?this._payload={...this._payload,exp:E("setExpirationTime",S(e))}:this._payload={...this._payload,exp:S(new Date)+B(e)},this}setIssuedAt(e){return typeof e>"u"?this._payload={...this._payload,iat:S(new Date)}:e instanceof Date?this._payload={...this._payload,iat:E("setIssuedAt",S(e))}:typeof e=="string"?this._payload={...this._payload,iat:E("setIssuedAt",S(new Date)+B(e))}:this._payload={...this._payload,iat:E("setIssuedAt",e)},this}}class Rt extends Ct{setProtectedHeader(e){return this._protectedHeader=e,this}async sign(e,r){const n=new vt(K.encode(JSON.stringify(this._payload)));if(n.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new y("JWTs MUST NOT use unencoded payload");return n.sign(e,r)}}const Wt=L;function ve(t){if(typeof t!="string")throw new y("JWTs must use Compact JWS serialization, JWT must be a string");const{1:e,length:r}=t.split(".");if(r===5)throw new y("Only JWTs using Compact JWS serialization can be decoded");if(r!==3)throw new y("Invalid JWT");if(!e)throw new y("JWTs must contain a payload");let n;try{n=Wt(e)}catch{throw new y("Failed to base64url decode the payload")}let s;try{s=JSON.parse(U.decode(n))}catch{throw new y("Failed to parse the decoded payload as JSON")}if(!Q(s))throw new y("Invalid JWT Claims Set");return s}var Kt=Object.defineProperty,Pt=(t,e,r)=>e in t?Kt(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,Jt=(t,e,r)=>Pt(t,e+"",r);function Ot(t){const{sub:e}=ve(t);if(!e)throw new Error("token did not contain a subject field");return e}function he(t){try{const e=ve(t),r=Math.floor(Date.now()/1e3);return typeof e.exp=="number"&&e.exp<=r}catch{return!0}}var Dt=class{constructor(t,e){this.configUrl=t,this.logger=e}async fetchToken(t){try{const e=await this.getOIDCConfig(this.configUrl);this.logger?.debug({oidcConfig:e},"Fetched OIDC config");const n=await(await this.fetchTokenEndpoint(e.token_endpoint,t)).json();if(this.logger?.info({response:n},`Fetched admin token for clientId: ${t.clientId}`),!n.access_token)throw new Error("No access_token in token endpoint response");return n.access_token}catch(e){throw this.logger?.error({err:e},"Failed to fetch admin token"),e}}async fetchTokenEndpoint(t,e){const r=new URLSearchParams({grant_type:"client_credentials",client_id:e.clientId,client_secret:e.clientSecret,scope:e.scope??"",audience:e.audience??""}),n=await fetch(t,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:r.toString()});if(!n.ok)throw this.logger?.error({status:n.status,statusText:n.statusText},"Token endpoint error"),new Error(`Token endpoint error: ${n.status} ${n.statusText}`);return n}async getOIDCConfig(t){const e=await fetch(t);if(!e.ok){const r=await e.text();throw this.logger?.error({status:e.status,statusText:e.statusText,body:r},"Failed to fetch OIDC config"),new Error(`OIDC config error: ${e.status} ${e.statusText}`)}return e.json()}},Ht=(t,e)=>({fetchToken:async r=>new Dt(t,e).fetchToken(r)}),$t=class{static async fetchToken(t,e,r,n=3600){const s=new TextEncoder().encode(e.clientSecret),o=Math.floor(Date.now()/1e3),i=await new Rt({sub:e.clientId,aud:e.audience||"",scope:e.scope||"",iat:o,exp:o+n,iss:r}).setProtectedHeader({alg:"HS256"}).sign(s);return t.info(`Generated self-signed JWT token: ${i}`),i}},Nt=class x{constructor(e,r){this.config=e,this.logger=r,Jt(this,"cachedToken")}static fromToken(e,r){return new x({method:"static",token:e},r)}static fromGatewayConfig(e,r,n){if(r.method==="self_signed")return new x({method:r.method,issuer:r.issuer,credentials:{clientId:r.clientId,clientSecret:r.clientSecret,scope:r.scope,audience:r.audience}},n);if(r.method==="client_credentials"){if(e.type==="oauth")return new x({method:r.method,configUrl:e.configUrl,credentials:{clientId:r.clientId,clientSecret:r.clientSecret,scope:r.scope,audience:r.audience}},n);throw new Error(`IDP type ${e.type} not supported for client_credentials auth`)}throw new Error(`Auth method ${r.method} not supported for programmatic access token`)}async _fetchToken(){switch(this.logger.debug("Fetching user auth token"),this.config.method){case"static":return this.config.token;case"self_signed":return $t.fetchToken(this.logger,this.config.credentials,this.config.issuer);case"client_credentials":return Ht(this.config.configUrl,this.logger).fetchToken(this.config.credentials)}}async getAccessToken(){if(this.cachedToken&&!he(this.cachedToken))return this.cachedToken;{const e=await this._fetchToken();if(he(e))throw new Error("Attempted to refresh a token, but it came back expired.");return this.cachedToken=e,e}}async getAuthContext(){const e=await this.getAccessToken(),r=Ot(e);return{accessToken:e,userId:r}}},Ce=T({method:A("authorization_code"),audience:c(),scope:c(),clientId:c()}).meta({description:"Authorization code flow authentication configuration. This is used for browser-based application login."}),xt=T({method:A("client_credentials"),audience:c(),scope:c(),clientId:c(),clientSecret:c()}),Ut=T({method:A("self_signed"),issuer:c(),audience:c(),scope:c(),clientId:c(),clientSecret:c()}),kt=T({method:A("client_credentials"),audience:c(),scope:c(),clientId:c(),clientSecretEnv:c()}),Mt=T({method:A("self_signed"),issuer:c(),audience:c(),scope:c(),clientId:c(),clientSecretEnv:c()});X("method",[Ce,xt,Ut]);X("method",[Ce,kt,Mt]);X("type",[T({id:c(),type:A("self_signed"),issuer:c()}),T({id:c(),type:A("oauth"),issuer:c(),configUrl:c().url()})]);var Lt=Object.create,te=Object.defineProperty,Ft=Object.getOwnPropertyDescriptor,Re=(t,e)=>(e=Symbol[t])?e:Symbol.for("Symbol."+t),P=t=>{throw TypeError(t)},Vt=(t,e,r)=>e in t?te(t,e,{enumerable:!0,configurable:!0,writable:!0,value:r}):t[e]=r,ue=(t,e)=>te(t,"name",{value:e,configurable:!0}),zt=t=>[,,,Lt(t?.[Re("metadata")]??null)],We=["class","method","getter","setter","accessor","field","value","get","set"],D=t=>t!==void 0&&typeof t!="function"?P("Function expected"):t,jt=(t,e,r,n,s)=>({kind:We[t],name:e,metadata:n,addInitializer:o=>r._?P("Already initialized"):s.push(D(o||null))}),Gt=(t,e)=>Vt(e,Re("metadata"),t[3]),H=(t,e,r,n)=>{for(var s=0,o=t[e>>1],i=o&&o.length;s<i;s++)e&1?o[s].call(r):n=o[s].call(r,n);return n},re=(t,e,r,n,s,o)=>{var i,d,p,_,g,a=e&7,J=!!(e&8),f=!!(e&16),F=a>3?t.length+1:a?J?1:2:0,ie=We[a+5],ae=a>3&&(t[F-1]=[]),Oe=t[F]||(t[F]=[]),u=a&&(!f&&!J&&(s=s.prototype),a<5&&(a>3||!f)&&Ft(a<4?s:{get[r](){return pe(this,o)},set[r](h){return me(this,o,h)}},r));a?f&&a<4&&ue(o,(a>2?"set ":a>1?"get ":"")+r):ue(s,r);for(var V=n.length-1;V>=0;V--)_=jt(a,r,p={},t[3],Oe),a&&(_.static=J,_.private=f,g=_.access={has:f?h=>Bt(s,h):h=>r in h},a^3&&(g.get=f?h=>(a^1?pe:qt)(h,s,a^4?o:u.get):h=>h[r]),a>2&&(g.set=f?(h,z)=>me(h,s,z,a^4?o:u.set):(h,z)=>h[r]=z)),d=(0,n[V])(a?a<4?f?o:u[ie]:a>4?void 0:{get:u.get,set:u.set}:s,_),p._=1,a^4||d===void 0?D(d)&&(a>4?ae.unshift(d):a?f?o=d:u[ie]=d:s=d):typeof d!="object"||d===null?P("Object expected"):(D(i=d.get)&&(u.get=i),D(i=d.set)&&(u.set=i),D(i=d.init)&&ae.unshift(i));return a||Gt(t,s),u&&te(s,r,u),f?a^4?o:u:s},ne=(t,e,r)=>e.has(t)||P("Cannot "+r),Bt=(t,e)=>Object(e)!==e?P('Cannot use the "in" operator on this value'):t.has(e),pe=(t,e,r)=>(ne(t,e,"read from private field"),r?r.call(t):e.get(t)),fe=(t,e,r)=>e.has(t)?P("Cannot add the same private member more than once"):e instanceof WeakSet?e.add(t):e.set(t,r),me=(t,e,r,n)=>(ne(t,e,"write to private field"),n?n.call(t,r):e.set(t,r),r),qt=(t,e,r)=>(ne(t,e,"access private method"),r),Ke,Pe,Y,Je,w,se,oe;const Yt=64,_e=t=>{const e=String.fromCharCode(...t);return btoa(e).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/g,"")},Xt=async()=>{const t=crypto.getRandomValues(new Uint8Array(Yt)),e=_e(t),r=await crypto.subtle.digest("SHA-256",new TextEncoder().encode(e));return{verifier:e,challenge:_e(new Uint8Array(r))}};Je=[ke("user-ui-login")];class $ extends(Y=Ue,Pe=[de()],Ke=[de()],Y){constructor(){super(...arguments),fe(this,se,H(w,8,this,[])),H(w,11,this),fe(this,oe,H(w,12,this,[])),H(w,15,this)}async loadNetworks(){return(await(await ce(I.accessToken.get())).request({method:"listNetworks"})).networks}async loadIdps(){return(await(await ce(I.accessToken.get())).request({method:"listIdps"})).idps}async connectedCallback(){super.connectedCallback();try{this.networks=await this.loadNetworks(),this.idps=await this.loadIdps()}catch(e){De(e)}}get _loginForm(){return this.renderRoot.querySelector("wg-login-form")}async handleConnect(e){const{selectedNetwork:r,selectedIdp:n,clientId:s}=e;if(I.networkId.set(r.id),n.type==="self_signed")await this.selfSign({clientId:s,clientSecret:r.auth.clientSecret||"",scope:r.auth.scope,audience:r.auth.audience}),He();else if(n.type==="oauth")if(r.auth.method==="authorization_code"){const o=new URL($e("/callback"),window.location.origin).toString();this._loginForm?.setMessage(`Redirecting to ${r.name}...`,"info");const i=r.auth,d=await fetch(n.configUrl||"").then(J=>J.json()),p={configUrl:n.configUrl,clientId:i.clientId,audience:i.audience,stateId:crypto.randomUUID()},{verifier:_,challenge:g}=await Xt();sessionStorage.setItem(`oauth-pkce-${p.stateId}`,_);const a=new URLSearchParams({response_type:"code",client_id:r.auth.clientId||"",redirect_uri:o||"",nonce:crypto.randomUUID(),scope:i.scope||"",audience:i.audience||"",state:btoa(JSON.stringify(p)),code_challenge:g,code_challenge_method:"S256"});setTimeout(()=>{window.location.href=`${d.authorization_endpoint}?${a.toString()}`},400)}else this._loginForm?.setMessage("This authentication method is not valid.","error");else this._loginForm?.setMessage("This authentication type is not supported yet.","error")}async selfSign(e){const n=await new Nt({method:"self_signed",issuer:"unsafe-auth",credentials:e},console).getAccessToken(),s=JSON.parse(atob(n.split(".")[1]));I.expirationDate.set(new Date(s.exp*1e3).toISOString()),I.accessToken.set(n);const o=I.networkId.get()||"";Ne(n,o)}render(){return xe`
|
|
2
|
-
<wg-login-form
|
|
3
|
-
.networks=${this.networks}
|
|
4
|
-
.idps=${this.idps}
|
|
5
|
-
@login-connect=${this.handleConnect}
|
|
6
|
-
></wg-login-form>
|
|
7
|
-
`}}w=zt(Y);se=new WeakMap;oe=new WeakMap;re(w,4,"networks",Pe,$,se);re(w,4,"idps",Ke,$,oe);$=re(w,0,"LoginUI",Je,$);H(w,1,$);
|
|
@@ -1,37 +0,0 @@
|
|
|
1
|
-
import{c as u,s as _,W as f,g as ne,b as G,w as J,i as re,t as ae}from"./index-Bj5VTWmh.js";import{r as m}from"./state-PjJJ3Anb.js";var oe=Object.create,W=Object.defineProperty,de=Object.getOwnPropertyDescriptor,K=(s,e)=>(e=Symbol[s])?e:Symbol.for("Symbol."+s),y=s=>{throw TypeError(s)},ce=(s,e,t)=>e in s?W(s,e,{enumerable:!0,configurable:!0,writable:!0,value:t}):s[e]=t,R=(s,e)=>W(s,"name",{value:e,configurable:!0}),le=s=>[,,,oe(s?.[K("metadata")]??null)],L=["class","method","getter","setter","accessor","field","value","get","set"],A=s=>s!==void 0&&typeof s!="function"?y("Function expected"):s,he=(s,e,t,d,r)=>({kind:L[s],name:e,metadata:d,addInitializer:a=>t._?y("Already initialized"):r.push(A(a||null))}),pe=(s,e)=>ce(e,K("metadata"),s[3]),o=(s,e,t,d)=>{for(var r=0,a=s[e>>1],k=a&&a.length;r<k;r++)e&1?a[r].call(t):d=a[r].call(t,d);return d},v=(s,e,t,d,r,a)=>{var k,l,E,I,C,i=e&7,S=!!(e&8),w=!!(e&16),$=i>3?s.length+1:i?S?1:2:0,x=L[i+5],F=i>3&&(s[$-1]=[]),ie=s[$]||(s[$]=[]),h=i&&(!w&&!S&&(r=r.prototype),i<5&&(i>3||!w)&&de(i<4?r:{get[t](){return B(this,a)},set[t](c){return H(this,a,c)}},t));i?w&&i<4&&R(a,(i>2?"set ":i>1?"get ":"")+t):R(r,t);for(var b=d.length-1;b>=0;b--)I=he(i,t,E={},s[3],ie),i&&(I.static=S,I.private=w,C=I.access={has:w?c=>we(r,c):c=>t in c},i^3&&(C.get=w?c=>(i^1?B:ue)(c,r,i^4?a:h.get):c=>c[t]),i>2&&(C.set=w?(c,N)=>H(c,r,N,i^4?a:h.set):(c,N)=>c[t]=N)),l=(0,d[b])(i?i<4?w?a:h[x]:i>4?void 0:{get:h.get,set:h.set}:r,I),E._=1,i^4||l===void 0?A(l)&&(i>4?F.unshift(l):i?w?a=l:h[x]=l:r=l):typeof l!="object"||l===null?y("Object expected"):(A(k=l.get)&&(h.get=k),A(k=l.set)&&(h.set=k),A(k=l.init)&&F.unshift(k));return i||pe(s,r),h&&W(r,t,h),w?i^4?a:h:r},M=(s,e,t)=>e.has(s)||y("Cannot "+t),we=(s,e)=>Object(e)!==e?y('Cannot use the "in" operator on this value'):s.has(e),B=(s,e,t)=>(M(s,e,"read from private field"),t?t.call(s):e.get(s)),g=(s,e,t)=>e.has(s)?y("Cannot add the same private member more than once"):e instanceof WeakSet?e.add(s):e.set(s,t),H=(s,e,t,d)=>(M(s,e,"write to private field"),d?d.call(s,t):e.set(s,t),t),ue=(s,e,t)=>(M(s,e,"access private method"),t),Q,X,Y,Z,j,ee,te,U,se,n,T,q,z,D,P,O,V;se=[ae("user-ui-settings")];class p extends(U=J,te=[m()],ee=[m()],j=[m()],Z=[m()],Y=[m()],X=[m()],Q=[m()],U){constructor(){super(...arguments),g(this,T,o(n,8,this,[])),o(n,11,this),g(this,q,o(n,12,this,[])),o(n,15,this),g(this,z,o(n,16,this,[])),o(n,19,this),g(this,D,o(n,20,this,null)),o(n,23,this),g(this,P,o(n,24,this)),o(n,27,this),g(this,O,o(n,28,this,"")),o(n,31,this),g(this,V,o(n,32,this,!1)),o(n,35,this),this.handleNetworkSubmit=async e=>{e.preventDefault();const t=this.toApiAuth(e.network.auth),d=e.network.adminAuth?this.toApiAuth(e.network.adminAuth):{method:"client_credentials",audience:"",scope:"",clientId:"",clientSecret:""};try{await(await u(_.accessToken.get())).request({method:"addNetwork",params:{network:{id:e.network.id,name:e.network.name,description:e.network.description,identityProviderId:e.network.identityProviderId,...e.network.synchronizerId&&{synchronizerId:e.network.synchronizerId},ledgerApi:e.network.ledgerApi.baseUrl,auth:t,adminAuth:d}}}),await this.listNetworks()}catch(r){f(r)}},this.handleIdpSubmit=async e=>{console.log(e);try{await(await u(_.accessToken.get())).request({method:"addIdp",params:{idp:e.idp}}),await this.listIdps()}catch(t){f(t)}},this.handleIdpDelete=async e=>{console.log(e);try{await(await u(_.accessToken.get())).request({method:"removeIdp",params:{identityProviderId:e.idp.id}}),await this.listIdps()}catch(t){f(t)}}}async connectedCallback(){super.connectedCallback(),this.client=await u(_.accessToken.get()),this.listNetworks(),this.listSessions(),this.listIdps(),this.checkAdmin();const e=await fetch(ne("/.well-known/wallet-gateway-version")).then(t=>t.json()).then(t=>t.version);this.gatewayVersion=e?`v${e}`:"unknown_version"}async checkAdmin(){try{const t=await(await u(_.accessToken.get())).request({method:"getUser"});this.userId=t.userId,this.isAdmin=t.isAdmin}catch{this.isAdmin=!1}}async listNetworks(){const t=await(await u(_.accessToken.get())).request({method:"listNetworks"});this.networks=t.networks}async listSessions(){const t=await(await u(_.accessToken.get())).request({method:"listSessions"});this.sessions=t.sessions}async listIdps(){const t=await(await u(_.accessToken.get())).request({method:"listIdps"});this.idps=t.idps}toApiAuth(e){return{method:e.method,audience:e.audience??"",scope:e.scope??"",clientId:e.clientId??"",issuer:e.issuer??"",clientSecret:e.clientSecret??""}}async handleNetworkDelete(e){if(confirm(`Delete network "${e.network.name}"?`))try{await(await u(_.accessToken.get())).request({method:"removeNetwork",params:{networkName:e.network.id}}),await this.listNetworks()}catch(t){f(t)}}render(){return this.client?G`
|
|
2
|
-
<div>
|
|
3
|
-
<h1>Wallet Gateway (${this.gatewayVersion})</h1>
|
|
4
|
-
</div>
|
|
5
|
-
<div class="mb-4">
|
|
6
|
-
<p>
|
|
7
|
-
<strong>User:</strong> ${this.userId||"—"}
|
|
8
|
-
<strong>Role:</strong>
|
|
9
|
-
<span
|
|
10
|
-
class="badge ${this.isAdmin?"bg-primary":"bg-secondary"}"
|
|
11
|
-
>
|
|
12
|
-
${this.isAdmin?"Admin":"User"}
|
|
13
|
-
</span>
|
|
14
|
-
</p>
|
|
15
|
-
</div>
|
|
16
|
-
<wg-sessions .sessions=${this.sessions}></wg-sessions>
|
|
17
|
-
|
|
18
|
-
<wg-networks
|
|
19
|
-
.networks=${this.networks}
|
|
20
|
-
.activeSessions=${this.sessions}
|
|
21
|
-
.readonly=${!this.isAdmin}
|
|
22
|
-
@network-edit-save=${this.handleNetworkSubmit}
|
|
23
|
-
@delete=${this.handleNetworkDelete}
|
|
24
|
-
></wg-networks>
|
|
25
|
-
<wg-idps
|
|
26
|
-
.idps=${this.idps}
|
|
27
|
-
.readonly=${!this.isAdmin}
|
|
28
|
-
@delete=${this.handleIdpDelete}
|
|
29
|
-
@idp-add=${this.handleIdpSubmit}
|
|
30
|
-
></wg-idps>
|
|
31
|
-
`:G``}}n=le(U);T=new WeakMap;q=new WeakMap;z=new WeakMap;D=new WeakMap;P=new WeakMap;O=new WeakMap;V=new WeakMap;v(n,4,"networks",te,p,T);v(n,4,"sessions",ee,p,q);v(n,4,"idps",j,p,z);v(n,4,"client",Z,p,D);v(n,4,"gatewayVersion",Y,p,P);v(n,4,"userId",X,p,O);v(n,4,"isAdmin",Q,p,V);p=v(n,0,"UserUiSettings",se,p);p.styles=[J.styles,re`
|
|
32
|
-
:host {
|
|
33
|
-
display: block;
|
|
34
|
-
max-width: 900px;
|
|
35
|
-
margin: 0 auto;
|
|
36
|
-
}
|
|
37
|
-
`];o(n,1,p);
|