@coinbase/cdp-api-client 0.0.91 → 0.0.93

package/dist/esm/index3.js

@@ -1,2 +1,2 @@
-import { __require as r } from "./index17.js";
+import { __require as r } from "./index12.js";
 r();

package/dist/esm/index4.js

@@ -1,4 +1,4 @@
-const o = "0.0.91";
+const o = "0.0.93";
 export {
   o as VERSION
 };

package/dist/esm/index7.js

@@ -1,69 +1,89 @@
 import { Analytics as o } from "./index2.js";
 import "./index3.js";
-import h from "axios";
+import l from "axios";
 import { ERROR_DOCS_PAGE_URL as c } from "./index9.js";
-import { UnknownApiError as v, HttpErrorType as u, isOpenAPIError as R, APIError as d, UnknownError as g } from "./index8.js";
-const l = () => typeof window < "u" && typeof document < "u";
-let n = h.create({
+import { UnknownApiError as g, HttpErrorType as u, isOpenAPIError as R, APIError as d, UnknownError as y } from "./index8.js";
+const w = () => typeof window < "u" && typeof document < "u";
+let n = l.create({
   baseURL: "https://api.cdp.coinbase.com/platform"
 }), i = null;
-const x = (r) => {
-  n = h.create({
+const X = (r) => {
+  n = l.create({
     baseURL: r.basePath || "https://api.cdp.coinbase.com/platform",
     // Only enable cookies in browser environments where they're supported
-    withCredentials: l()
-  }), n.interceptors.request.use(async (t) => {
-    const e = T(t), s = p(t);
-    if (!i || f(s.pathname) || m(s.pathname) && !await i.isSignedIn() || !S(s.pathname))
-      return t;
+    withCredentials: w()
+  }), n.interceptors.request.use(async (e) => {
+    const t = U(e), s = m(e);
+    if (!i || v(s.pathname) || A(s.pathname) && !await i.isSignedIn() || !$(s.pathname))
+      return e;
     const a = await i.getXWalletAuth({
-      requestMethod: e,
+      requestMethod: t,
       requestHost: s.host,
       requestPath: s.pathname,
-      requestData: t.data
+      requestData: e.data
     });
-    return a && (t.headers["X-Wallet-Auth"] = a), t;
-  }), n.interceptors.request.use(async (t) => {
-    const e = p(t);
-    if (!i || f(e.pathname) || m(e.pathname) && !await i.isSignedIn())
-      return t;
+    return a && (e.headers["X-Wallet-Auth"] = a), e;
+  }), n.interceptors.request.use(async (e) => {
+    const t = m(e);
+    if (!i || v(t.pathname) || A(t.pathname) && !await i.isSignedIn())
+      return e;
     const s = await i.getToken();
-    return s && s !== "" && (t.headers.Authorization = `Bearer ${s}`), t;
-  }), l() || n.interceptors.request.use(async (t) => {
-    let e = t.headers["User-Agent"];
-    return e = e ? `${e} CDP/reactnative` : "CDP/reactnative", t.headers["User-Agent"] = e, t;
-  }), r.refreshTokenStorage && _(r.refreshTokenStorage), r.debugging && (n.interceptors.request.use((t) => (console.log("Request:", t), t)), n.interceptors.response.use((t) => (console.log("Response:", t), t)));
-}, j = (r) => {
+    return s && s !== "" && (e.headers.Authorization = `Bearer ${s}`), e;
+  }), w() || n.interceptors.request.use(async (e) => {
+    let t = e.headers["User-Agent"];
+    return t = t ? `${t} CDP/reactnative` : "CDP/reactnative", e.headers["User-Agent"] = t, e;
+  }), r.refreshTokenStorage && _(r.refreshTokenStorage), r.generateAssertion && k(r.generateAssertion), r.debugging && (n.interceptors.request.use((e) => (console.log("Request:", e), e)), n.interceptors.response.use((e) => (console.log("Response:", e), e)));
+}, O = (r) => {
   i = r;
-}, k = (r, t) => ({
+}, k = (r) => {
+  n.interceptors.request.use(async (e) => {
+    const t = m(e);
+    if (!I(t.pathname))
+      return e;
+    try {
+      const s = t.pathname.match(/\/projects\/([^/]+)\//);
+      if (!s || !s[1])
+        return e;
+      const p = `/v2/embedded-wallet-api/projects/${s[1]}/attestation/challenge`, f = (await n.post(p)).data.challenge;
+      if (!f)
+        return console.warn("Failed to fetch assertion challenge"), e;
+      const h = await r(f);
+      return h.keyId ? (e.headers["X-App-Attestation-Assertion"] = h.assertion, e.headers["X-App-Attestation-Key-ID"] = h.keyId, e.headers["X-App-Attestation-Challenge"] = f) : e.headers["X-Integrity-Token"] = h.assertion, e;
+    } catch (s) {
+      throw new Error(
+        `App attestation required but assertion generation failed: ${s instanceof Error ? s.message : String(s)}`
+      );
+    }
+  });
+}, E = (r, e) => ({
   ...r,
   headers: {
     ...r.headers || {},
-    "X-Idempotency-Key": t
+    "X-Idempotency-Key": e
   }
-}), I = async (r, t) => {
-  P(r), t && t !== "" && (r = k(r, t));
+}), D = async (r, e) => {
+  S(r), e && e !== "" && (r = E(r, e));
   try {
     return (await n(r)).data;
-  } catch (e) {
-    if (h.isAxiosError(e) && !e.response)
-      throw new v(
+  } catch (t) {
+    if (l.isAxiosError(t) && !t.response)
+      throw new g(
         u.unknown,
-        e.cause instanceof Error ? e.cause.message : e.message,
-        e.cause
+        t.cause instanceof Error ? t.cause.message : t.message,
+        t.cause
       );
-    if (h.isAxiosError(e) && e.response) {
-      if (R(e.response.data))
+    if (l.isAxiosError(t) && t.response) {
+      if (R(t.response.data))
         throw new d(
-          e.response.status,
-          e.response.data.errorType,
-          e.response.data.errorMessage,
-          e.response.data.correlationId,
-          e.response.data.errorLink,
-          e.cause
+          t.response.status,
+          t.response.data.errorType,
+          t.response.data.errorMessage,
+          t.response.data.correlationId,
+          t.response.data.errorLink,
+          t.cause
         );
       {
-        const s = e.response.status;
+        const s = t.response.status;
         switch (s) {
           case 401:
             throw new d(
@@ -72,7 +92,7 @@ const x = (r) => {
               "Unauthorized.",
               void 0,
               `${c}#unauthorized`,
-              e.cause
+              t.cause
             );
           case 404:
             throw new d(
@@ -81,7 +101,7 @@ const x = (r) => {
               "API not found.",
               void 0,
               `${c}#not_found`,
-              e.cause
+              t.cause
             );
           case 502:
             throw new d(
@@ -90,7 +110,7 @@ const x = (r) => {
               "Bad gateway.",
               void 0,
               `${c}`,
-              e.cause
+              t.cause
             );
           case 503:
             throw new d(
@@ -99,47 +119,47 @@ const x = (r) => {
               "Service unavailable. Please try again later.",
               void 0,
               `${c}`,
-              e.cause
+              t.cause
             );
           default: {
             let a = "";
-            if (e.response.data)
+            if (t.response.data)
               try {
-                a = JSON.stringify(e.response.data);
+                a = JSON.stringify(t.response.data);
               } catch {
-                a = String(e.response.data);
+                a = String(t.response.data);
               }
-            const w = a ? `An unexpected error occurred: ${a}` : "An unexpected error occurred.";
+            const p = a ? `An unexpected error occurred: ${a}` : "An unexpected error occurred.";
             throw new d(
               s,
               u.unexpected_error,
-              w,
+              p,
               void 0,
               `${c}`,
-              e.cause
+              t.cause
             );
           }
         }
       }
     }
-    throw new g(
+    throw new y(
       "Something went wrong. Please reach out at https://discord.com/channels/1220414409550336183/1271495764580896789 for help.",
-      e instanceof Error ? e : void 0
+      t instanceof Error ? t : void 0
     );
   }
 }, _ = (r) => {
   n.interceptors.response.use(
-    async (t) => {
+    async (e) => {
       try {
-        if (E(t)) {
+        if (T(e)) {
           o.sendSessionRefreshEvent({
             name: "refresh_token_response"
           });
-          const e = t.data?.refreshToken;
-          e && (o.sendSessionRefreshEvent({
+          const t = e.data?.refreshToken;
+          t && (o.sendSessionRefreshEvent({
             name: "refresh_token_received"
           }), await Promise.race([
-            r.setRefreshToken(e),
+            r.setRefreshToken(t),
             new Promise(
               (s, a) => setTimeout(() => a(new Error("setRefreshToken timed out after 5000ms")), 5e3)
             )
@@ -147,65 +167,71 @@ const x = (r) => {
             name: "refresh_token_stored"
           }));
         }
-      } catch (e) {
-        const s = e instanceof Error ? e.message : String(e);
+      } catch (t) {
+        const s = t instanceof Error ? t.message : String(t);
         o.sendSessionRefreshEvent({
           name: "refresh_token_store_failed",
           error_message: s
-        }), console.warn("Failed to store refresh token:", e);
+        }), console.warn("Failed to store refresh token:", t);
       }
-      return t;
+      return e;
     },
-    (t) => Promise.reject(t)
-  ), n.interceptors.request.use(async (t) => {
+    (e) => Promise.reject(e)
+  ), n.interceptors.request.use(async (e) => {
     try {
-      if (A(t.url)) {
-        const e = await r.getRefreshToken();
-        e ? (o.sendSessionRefreshEvent({
+      if (b(e.url)) {
+        const t = await r.getRefreshToken();
+        t ? (o.sendSessionRefreshEvent({
           name: "refresh_token_retrieved"
-        }), t.data = {
-          ...t.data,
-          refreshToken: e
+        }), e.data = {
+          ...e.data,
+          refreshToken: t
         }) : o.sendSessionRefreshEvent({
           name: "refresh_token_missing"
         });
       }
-      y(t.url) && await r.removeRefreshToken();
-    } catch (e) {
-      const s = e instanceof Error ? e.message : String(e);
+      P(e.url) && await r.removeRefreshToken();
+    } catch (t) {
+      const s = t instanceof Error ? t.message : String(t);
       o.sendSessionRefreshEvent({
         name: "refresh_token_retrieve_failed",
         error_message: s
-      }), console.warn("Failed to retrieve refresh token:", e);
+      }), console.warn("Failed to retrieve refresh token:", t);
     }
-    return t;
+    return e;
   });
-}, y = (r) => r ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/logout$/.test(r) : !1, A = (r) => r ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(refresh|logout)$/.test(r) : !1, E = (r) => {
-  const t = r.config.url;
-  return t ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(verify\/(email|sms|oauth\/.*)|refresh)$/.test(
-    t
+}, P = (r) => r ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/logout$/.test(r) : !1, b = (r) => r ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(refresh|logout)$/.test(r) : !1, T = (r) => {
+  const e = r.config.url;
+  return e ? /^\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(verify\/(email|sms|oauth\/.*)|refresh)$/.test(
+    e
   ) : !1;
-}, P = (r) => {
+}, S = (r) => {
   if (!n.getUri() || n.getUri() === "")
     throw new Error("CDP client URI not configured. Call configure() first.");
   if (!r.url || r.url === "")
     throw new Error("AxiosRequestConfig URL is empty. This should never happen.");
   if (!r.method || r.method === "")
     throw new Error("AxiosRequestConfig method is empty. This should never happen.");
-}, T = (r) => r.method?.toString().toUpperCase() || "GET", p = (r) => {
+}, U = (r) => r.method?.toString().toUpperCase() || "GET", m = (r) => {
   if (!r.url)
     throw new Error("URL is required for authentication");
-  const t = n.getUri() + r.url;
-  return new URL(t);
-}, f = (r) => {
-  const t = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(refresh|logout)$/, e = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(mfa)$/, s = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/config$/;
-  return t.test(r) || e.test(r) || s.test(r);
-}, S = (r) => !/^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/custom\/authenticate$/.test(r), m = (r) => {
-  const t = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(init)$/, e = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/verify\//;
-  return t.test(r) || e.test(r);
-};
+  const e = n.getUri() + r.url;
+  return new URL(e);
+}, v = (r) => {
+  const e = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(refresh|logout)$/, t = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(mfa)$/, s = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/config$/, a = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/attestation\/(challenge|register)$/;
+  return e.test(r) || t.test(r) || s.test(r) || a.test(r);
+}, $ = (r) => !/^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/custom\/authenticate$/.test(r), A = (r) => {
+  const e = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/(init)$/, t = /^\/platform\/v2\/embedded-wallet-api\/projects\/[^/]+\/auth\/verify\//;
+  return e.test(r) || t.test(r);
+}, I = (r) => [
+  // Auth flows: prevent account takeover on mobile clients
+  /\/auth\/verify\//,
+  // VerifyEmailAuthentication, VerifySmsAuthentication, VerifyOAuthCode, VerifyOAuthEndUserIdentity
+  /\/auth\/refresh$/
+  // RefreshAccessToken
+].some((t) => t.test(r));
 export {
-  I as cdpApiClient,
-  x as configureCdpApiClient,
-  j as setAuthManager
+  D as cdpApiClient,
+  X as configureCdpApiClient,
+  O as setAuthManager
 };

package/dist/types/index.d.ts

@@ -320,6 +320,10 @@ export declare type CdpOptions = {
     debugging?: boolean;
     basePath?: string;
     refreshTokenStorage?: RefreshTokenStorage;
+    generateAssertion?: (clientData: string) => Promise<{
+        assertion: string;
+        keyId?: string;
+    }>;
 };
 
 export declare interface CommonSwapResponse {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@coinbase/cdp-api-client",
-  "version": "0.0.91",
+  "version": "0.0.93",
   "type": "module",
   "files": [
     "dist/**",