@cedros/login-react 0.0.1 → 0.0.2

package/dist/silentWalletEnroll-CQK5i65l.js

@@ -0,0 +1,42 @@
+import { g as m, b as f, D as p, c as w, t as K, d as r, A as b, w as D } from "./ErrorMessage-C8vKB0JG.js";
+import { s as S, a as T, g as k, p as v } from "./solanaKeypair-BD7Kq1Mw.js";
+async function C(u) {
+  const { password: A, serverUrl: h, accessToken: t, timeoutMs: y = 3e4 } = u, s = [];
+  try {
+    const e = m();
+    s.push(e);
+    const { shareA: a, shareB: o } = S(e);
+    s.push(a, o);
+    const n = f(), c = await T(A, n, p);
+    s.push(c);
+    const l = await w(a, K(c)), d = k(e), i = v(d), g = {
+      solanaPubkey: i,
+      shareAAuthMethod: "password",
+      shareACiphertext: l.ciphertext,
+      shareANonce: l.nonce,
+      shareB: r(o),
+      shareAKdfSalt: r(n),
+      shareAKdfParams: p,
+      // Send seed as recovery data - server will store based on recovery mode
+      recoveryData: r(e)
+    };
+    return await new b({
+      baseUrl: h,
+      timeoutMs: y,
+      getAccessToken: t ? () => t : void 0
+    }).post("/wallet/enroll", g), {
+      success: !0,
+      solanaPubkey: i
+    };
+  } catch (e) {
+    return {
+      success: !1,
+      error: e instanceof Error ? e.message : "Wallet enrollment failed"
+    };
+  } finally {
+    D(...s);
+  }
+}
+export {
+  C as silentWalletEnroll
+};

package/dist/silentWalletEnroll-CQK5i65l.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"silentWalletEnroll-CQK5i65l.js","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n  generateSeed,\n  generateArgon2Salt,\n  splitSecret,\n  argon2DeriveInWorker,\n  aesGcmEncryptToBase64,\n  uint8ArrayToBase64,\n  getPublicKeyFromSeed,\n  publicKeyToBase58,\n  wipeAll,\n  toEncryptionKey,\n  DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n  /** User's password for Share A encryption */\n  password: string;\n  /** Server base URL */\n  serverUrl: string;\n  /** Access token for authentication (optional if using cookies) */\n  accessToken?: string;\n  /** Request timeout in ms */\n  timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n  success: boolean;\n  solanaPubkey?: string;\n  error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n  options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n  const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n  // Track sensitive data for cleanup\n  const sensitiveData: Uint8Array[] = [];\n\n  try {\n    // Step 1: Generate seed\n    const seed = generateSeed();\n    sensitiveData.push(seed);\n\n    // Step 2: Split into shares\n    const { shareA, shareB } = splitSecret(seed);\n    sensitiveData.push(shareA, shareB);\n\n    // Step 3: Derive encryption key from password\n    const salt = generateArgon2Salt();\n    const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n    sensitiveData.push(key);\n\n    // Step 4: Encrypt Share A\n    const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n    // Step 5: Derive Solana public key\n    const publicKey = getPublicKeyFromSeed(seed);\n    const solanaPubkey = publicKeyToBase58(publicKey);\n\n    // Step 6: Build enrollment request\n    // Include recovery data (seed) for server to store if recovery mode is enabled\n    const request: WalletEnrollRequest = {\n      solanaPubkey,\n      shareAAuthMethod: 'password',\n      shareACiphertext: encryptedA.ciphertext,\n      shareANonce: encryptedA.nonce,\n      shareB: uint8ArrayToBase64(shareB),\n      shareAKdfSalt: uint8ArrayToBase64(salt),\n      shareAKdfParams: DEFAULT_KDF_PARAMS,\n      // Send seed as recovery data - server will store based on recovery mode\n      recoveryData: uint8ArrayToBase64(seed),\n    };\n\n    // Step 7: Upload to server\n    // If accessToken provided, use it; otherwise rely on cookies\n    const apiClient = new ApiClient({\n      baseUrl: serverUrl,\n      timeoutMs,\n      getAccessToken: accessToken ? () => accessToken : undefined,\n    });\n\n    await apiClient.post('/wallet/enroll', request);\n\n    return {\n      success: true,\n      solanaPubkey,\n    };\n  } catch (err) {\n    const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n    // Silent failure - don't break registration flow\n    return {\n      success: false,\n      error: errorMessage,\n    };\n  } finally {\n    // Always wipe sensitive data\n    wipeAll(...sensitiveData);\n  }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":";;AA2DA,eAAsBA,EACpBC,GAC6B;AAC7B,QAAM,EAAE,UAAAC,GAAU,WAAAC,GAAW,aAAAC,GAAa,WAAAC,IAAY,QAAUJ,GAG1DK,IAA8B,CAAA;AAEpC,MAAI;AAEF,UAAMC,IAAOC,EAAA;AACb,IAAAF,EAAc,KAAKC,CAAI;AAGvB,UAAM,EAAE,QAAAE,GAAQ,QAAAC,MAAWC,EAAYJ,CAAI;AAC3C,IAAAD,EAAc,KAAKG,GAAQC,CAAM;AAGjC,UAAME,IAAOC,EAAA,GACPC,IAAM,MAAMC,EAAqBb,GAAUU,GAAMI,CAAkB;AACzE,IAAAV,EAAc,KAAKQ,CAAG;AAGtB,UAAMG,IAAa,MAAMC,EAAsBT,GAAQU,EAAgBL,CAAG,CAAC,GAGrEM,IAAYC,EAAqBd,CAAI,GACrCe,IAAeC,EAAkBH,CAAS,GAI1CI,IAA+B;AAAA,MACnC,cAAAF;AAAA,MACA,kBAAkB;AAAA,MAClB,kBAAkBL,EAAW;AAAA,MAC7B,aAAaA,EAAW;AAAA,MACxB,QAAQQ,EAAmBf,CAAM;AAAA,MACjC,eAAee,EAAmBb,CAAI;AAAA,MACtC,iBAAiBI;AAAA;AAAA,MAEjB,cAAcS,EAAmBlB,CAAI;AAAA,IAAA;AAWvC,iBANkB,IAAImB,EAAU;AAAA,MAC9B,SAASvB;AAAA,MACT,WAAAE;AAAA,MACA,gBAAgBD,IAAc,MAAMA,IAAc;AAAA,IAAA,CACnD,EAEe,KAAK,kBAAkBoB,CAAO,GAEvC;AAAA,MACL,SAAS;AAAA,MACT,cAAAF;AAAA,IAAA;AAAA,EAEJ,SAASK,GAAK;AAGZ,WAAO;AAAA,MACL,SAAS;AAAA,MACT,OAJmBA,aAAe,QAAQA,EAAI,UAAU;AAAA,IAIjD;AAAA,EAEX,UAAA;AAEE,IAAAC,EAAQ,GAAGtB,CAAa;AAAA,EAC1B;AACF;"}

package/dist/silentWalletEnroll-DBfS2sLe.cjs

@@ -0,0 +1 @@
+"use strict";Object.defineProperty(exports,Symbol.toStringTag,{value:"Module"});const e=require("./ErrorMessage-CntMyn93.cjs"),t=require("./solanaKeypair-CBQxm2hw.cjs");async function T(A){const{password:p,serverUrl:y,accessToken:n,timeoutMs:h=3e4}=A,s=[];try{const r=e.generateSeed();s.push(r);const{shareA:a,shareB:o}=t.splitSecret(r);s.push(a,o);const c=e.generateArgon2Salt(),l=await t.argon2DeriveInWorker(p,c,e.DEFAULT_KDF_PARAMS);s.push(l);const i=await e.aesGcmEncryptToBase64(a,e.toEncryptionKey(l)),d=t.getPublicKeyFromSeed(r),u=t.publicKeyToBase58(d),g={solanaPubkey:u,shareAAuthMethod:"password",shareACiphertext:i.ciphertext,shareANonce:i.nonce,shareB:e.uint8ArrayToBase64(o),shareAKdfSalt:e.uint8ArrayToBase64(c),shareAKdfParams:e.DEFAULT_KDF_PARAMS,recoveryData:e.uint8ArrayToBase64(r)};return await new e.ApiClient({baseUrl:y,timeoutMs:h,getAccessToken:n?()=>n:void 0}).post("/wallet/enroll",g),{success:!0,solanaPubkey:u}}catch(r){return{success:!1,error:r instanceof Error?r.message:"Wallet enrollment failed"}}finally{e.wipeAll(...s)}}exports.silentWalletEnroll=T;

package/dist/silentWalletEnroll-DBfS2sLe.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"silentWalletEnroll-DBfS2sLe.cjs","sources":["../src/utils/silentWalletEnroll.ts"],"sourcesContent":["/**\n * Silent wallet enrollment utility\n *\n * Performs wallet enrollment in the background without UI interaction.\n * Used for auto-enrolling wallets during registration.\n *\n * Security: Uses the same Shamir Secret Sharing scheme as manual enrollment.\n * The recovery phrase is not shown - user can retrieve it later if needed.\n */\n\nimport {\n  generateSeed,\n  generateArgon2Salt,\n  splitSecret,\n  argon2DeriveInWorker,\n  aesGcmEncryptToBase64,\n  uint8ArrayToBase64,\n  getPublicKeyFromSeed,\n  publicKeyToBase58,\n  wipeAll,\n  toEncryptionKey,\n  DEFAULT_KDF_PARAMS,\n} from '../crypto';\nimport { ApiClient } from './apiClient';\nimport type { WalletEnrollRequest } from '../types/wallet';\n\nexport interface SilentEnrollOptions {\n  /** User's password for Share A encryption */\n  password: string;\n  /** Server base URL */\n  serverUrl: string;\n  /** Access token for authentication (optional if using cookies) */\n  accessToken?: string;\n  /** Request timeout in ms */\n  timeoutMs?: number;\n}\n\nexport interface SilentEnrollResult {\n  success: boolean;\n  solanaPubkey?: string;\n  error?: string;\n}\n\n/**\n * Silently enroll a wallet for a user\n *\n * This function performs the complete wallet enrollment process:\n * 1. Generate 32-byte seed\n * 2. Split into 3 Shamir shares (threshold 2)\n * 3. Encrypt Share A with password-derived key (Argon2id)\n * 4. Derive Solana public key from seed\n * 5. Upload encrypted Share A + plaintext Share B to server\n *\n * The recovery phrase (Share C) is not returned - user can recover it\n * later through the wallet recovery flow if needed.\n *\n * @param options - Enrollment options\n * @returns Result with success status and Solana public key\n */\nexport async function silentWalletEnroll(\n  options: SilentEnrollOptions\n): Promise<SilentEnrollResult> {\n  const { password, serverUrl, accessToken, timeoutMs = 30000 } = options;\n\n  // Track sensitive data for cleanup\n  const sensitiveData: Uint8Array[] = [];\n\n  try {\n    // Step 1: Generate seed\n    const seed = generateSeed();\n    sensitiveData.push(seed);\n\n    // Step 2: Split into shares\n    const { shareA, shareB } = splitSecret(seed);\n    sensitiveData.push(shareA, shareB);\n\n    // Step 3: Derive encryption key from password\n    const salt = generateArgon2Salt();\n    const key = await argon2DeriveInWorker(password, salt, DEFAULT_KDF_PARAMS);\n    sensitiveData.push(key);\n\n    // Step 4: Encrypt Share A\n    const encryptedA = await aesGcmEncryptToBase64(shareA, toEncryptionKey(key));\n\n    // Step 5: Derive Solana public key\n    const publicKey = getPublicKeyFromSeed(seed);\n    const solanaPubkey = publicKeyToBase58(publicKey);\n\n    // Step 6: Build enrollment request\n    // Include recovery data (seed) for server to store if recovery mode is enabled\n    const request: WalletEnrollRequest = {\n      solanaPubkey,\n      shareAAuthMethod: 'password',\n      shareACiphertext: encryptedA.ciphertext,\n      shareANonce: encryptedA.nonce,\n      shareB: uint8ArrayToBase64(shareB),\n      shareAKdfSalt: uint8ArrayToBase64(salt),\n      shareAKdfParams: DEFAULT_KDF_PARAMS,\n      // Send seed as recovery data - server will store based on recovery mode\n      recoveryData: uint8ArrayToBase64(seed),\n    };\n\n    // Step 7: Upload to server\n    // If accessToken provided, use it; otherwise rely on cookies\n    const apiClient = new ApiClient({\n      baseUrl: serverUrl,\n      timeoutMs,\n      getAccessToken: accessToken ? () => accessToken : undefined,\n    });\n\n    await apiClient.post('/wallet/enroll', request);\n\n    return {\n      success: true,\n      solanaPubkey,\n    };\n  } catch (err) {\n    const errorMessage = err instanceof Error ? err.message : 'Wallet enrollment failed';\n    // Silent failure - don't break registration flow\n    return {\n      success: false,\n      error: errorMessage,\n    };\n  } finally {\n    // Always wipe sensitive data\n    wipeAll(...sensitiveData);\n  }\n}\n"],"names":["silentWalletEnroll","options","password","serverUrl","accessToken","timeoutMs","sensitiveData","seed","generateSeed","shareA","shareB","splitSecret","salt","generateArgon2Salt","key","argon2DeriveInWorker","DEFAULT_KDF_PARAMS","encryptedA","aesGcmEncryptToBase64","toEncryptionKey","publicKey","getPublicKeyFromSeed","solanaPubkey","publicKeyToBase58","request","uint8ArrayToBase64","ApiClient","err","wipeAll"],"mappings":"yKA2DA,eAAsBA,EACpBC,EAC6B,CAC7B,KAAM,CAAE,SAAAC,EAAU,UAAAC,EAAW,YAAAC,EAAa,UAAAC,EAAY,KAAUJ,EAG1DK,EAA8B,CAAA,EAEpC,GAAI,CAEF,MAAMC,EAAOC,EAAAA,aAAA,EACbF,EAAc,KAAKC,CAAI,EAGvB,KAAM,CAAE,OAAAE,EAAQ,OAAAC,GAAWC,EAAAA,YAAYJ,CAAI,EAC3CD,EAAc,KAAKG,EAAQC,CAAM,EAGjC,MAAME,EAAOC,EAAAA,mBAAA,EACPC,EAAM,MAAMC,EAAAA,qBAAqBb,EAAUU,EAAMI,EAAAA,kBAAkB,EACzEV,EAAc,KAAKQ,CAAG,EAGtB,MAAMG,EAAa,MAAMC,EAAAA,sBAAsBT,EAAQU,EAAAA,gBAAgBL,CAAG,CAAC,EAGrEM,EAAYC,EAAAA,qBAAqBd,CAAI,EACrCe,EAAeC,EAAAA,kBAAkBH,CAAS,EAI1CI,EAA+B,CACnC,aAAAF,EACA,iBAAkB,WAClB,iBAAkBL,EAAW,WAC7B,YAAaA,EAAW,MACxB,OAAQQ,EAAAA,mBAAmBf,CAAM,EACjC,cAAee,EAAAA,mBAAmBb,CAAI,EACtC,gBAAiBI,EAAAA,mBAEjB,aAAcS,EAAAA,mBAAmBlB,CAAI,CAAA,EAWvC,aANkB,IAAImB,YAAU,CAC9B,QAASvB,EACT,UAAAE,EACA,eAAgBD,EAAc,IAAMA,EAAc,MAAA,CACnD,EAEe,KAAK,iBAAkBoB,CAAO,EAEvC,CACL,QAAS,GACT,aAAAF,CAAA,CAEJ,OAASK,EAAK,CAGZ,MAAO,CACL,QAAS,GACT,MAJmBA,aAAe,MAAQA,EAAI,QAAU,0BAIjD,CAEX,QAAA,CAEEC,EAAAA,QAAQ,GAAGtB,CAAa,CAC1B,CACF"}

package/dist/solana-only.js

@@ -1,5 +1,5 @@
-import { C as s, E as r, L as e, a as n, u } from "./ErrorMessage-Bm1j5mBT.js";
-import { S as t, u as g } from "./SolanaLoginButton-h32xN2PQ.js";
+import { C as s, E as r, L as e, a as n, u } from "./ErrorMessage-C8vKB0JG.js";
+import { S as t, u as g } from "./SolanaLoginButton-CqVOcPa7.js";
 export {
   s as CedrosLoginProvider,
   r as ErrorMessage,