@coinbase/cdp-core 0.0.32 → 0.0.33

package/dist/web/index.web6.js

@@ -1,23 +1,24 @@
 import { logOutEndUser as l, refreshAccessToken as c, registerTemporaryWalletSecret as o } from "@coinbase/cdp-api-client";
 import { SignJWT as u } from "./index.web19.js";
 import "viem";
-import { toAuthState as S } from "./index.web12.js";
+import { toAuthState as f } from "./index.web12.js";
 import { getPlatformCrypto as n } from "./index.web2.js";
-import { sortKeys as w } from "./index.web16.js";
-const h = 60 * 1e3;
-class A {
+import { sortKeys as S } from "./index.web16.js";
+const i = 60 * 1e3;
+class p {
   projectId;
   authState = null;
   walletSecret = null;
   authStateChangeCallbacks = [];
   initPromise = null;
+  refreshTimeout = null;
   /**
    * Initializes the token manager.
    *
    * @param projectId - The project ID.
    */
-  constructor(t) {
-    this.projectId = t, this.initPromise = this._doInitialize();
+  constructor(e) {
+    this.projectId = e, this.initPromise = this._doInitialize();
   }
   /**
    * Gets the current user, or null if there is no user signed in.
@@ -29,12 +30,20 @@ class A {
   }
   /**
    * Returns whether the user is signed in - i.e., whether there is an unexpired
-   * access token and user.
+   * access token and user. Attempts to refresh the token if it's expired.
    *
    * @returns True if the user is signed in, false otherwise.
    */
   async isSignedIn() {
-    return this.authState ? Promise.resolve(this.authState.expiresAt > Date.now()) : Promise.resolve(!1);
+    if (!this.authState)
+      return !1;
+    if (this.authState.expiresAt > Date.now() + i)
+      return !0;
+    try {
+      return await this.getToken() !== null;
+    } catch {
+      return !1;
+    }
   }
   /**
    * Signs out the user, clearing all authentication state.
@@ -52,8 +61,8 @@ class A {
    *
    * @param callback - The function to call when the auth state changes.
    */
-  addAuthStateChangeCallback(t) {
-    this.authStateChangeCallbacks.push(t), t(this.authState?.user ?? null);
+  addAuthStateChangeCallback(e) {
+    this.authStateChangeCallbacks.push(e), e(this.authState?.user ?? null);
   }
   /**
    * Gets the access token, refreshing it if it is expired. Returns null if the user is not
@@ -84,32 +93,32 @@ class A {
    * @param options.requestData - The data of the request.
    * @returns The X-Wallet-Auth header.
    */
-  async getXWalletAuth(t) {
+  async getXWalletAuth(e) {
     if (!await this.isSignedIn())
       throw new Error("Cannot get X-Wallet-Auth header if the user is not signed in");
     this.shouldRefreshWalletSecret() && await this.refreshWalletSecret();
-    const e = `${t.requestMethod} ${t.requestHost}${t.requestPath}`, a = Math.floor(Date.now() / 1e3), r = n(), s = {
-      uris: [e]
+    const t = `${e.requestMethod} ${e.requestHost}${e.requestPath}`, r = Math.floor(Date.now() / 1e3), s = n(), a = {
+      uris: [t]
     };
-    if (t.requestData && Object.keys(t.requestData).length > 0) {
-      const i = w(t.requestData);
-      s.reqHash = await r.hash(new TextEncoder().encode(JSON.stringify(i)));
+    if (e.requestData && Object.keys(e.requestData).length > 0) {
+      const h = S(e.requestData);
+      a.reqHash = await s.hash(new TextEncoder().encode(JSON.stringify(h)));
     }
-    return await new u(s).setProtectedHeader({ alg: "ES256", typ: "JWT" }).setIssuedAt(a).setNotBefore(a).setJti(r.generateRandomId()).sign(this.walletSecret.keyPair.privateKey);
+    return await new u(a).setProtectedHeader({ alg: "ES256", typ: "JWT" }).setIssuedAt(r).setNotBefore(r).setJti(s.generateRandomId()).sign(this.walletSecret.keyPair.privateKey);
   }
   /**
    * Sets the authentication state.
    *
    * @param authState - The authentication state.
    */
-  async setAuthState(t) {
-    this.authState = t, this.authStateChangeCallbacks.forEach((e) => e(this.authState?.user ?? null));
+  async setAuthState(e) {
+    this.authState = e, this.authStateChangeCallbacks.forEach((t) => t(this.authState?.user ?? null)), this.scheduleTokenRefresh();
   }
   /**
    * Clears the authentication state.
    */
   async clearAuthState() {
-    this.authState = null, this.walletSecret = null, this.authStateChangeCallbacks.forEach((t) => t(null));
+    this.authState = null, this.walletSecret = null, this.cancelTokenRefresh(), this.authStateChangeCallbacks.forEach((e) => e(null));
   }
   /**
    * Ensures the AuthManager is initialized before proceeding.
@@ -128,8 +137,8 @@ class A {
   async _doInitialize() {
     try {
       await this.refreshAccessToken();
-    } catch (t) {
-      console.warn("Failed to refresh access token during initialization:", t);
+    } catch (e) {
+      console.warn("Failed to refresh access token during initialization:", e);
     }
   }
   /**
@@ -138,7 +147,7 @@ class A {
    * @returns True if the token should be refreshed, false otherwise.
    */
   shouldRefreshToken() {
-    return !(this.authState && this.authState.expiresAt > Date.now() + h);
+    return !(this.authState && this.authState.expiresAt > Date.now() + i);
   }
   /**
    * Refreshes the access token and transitions the auth state accordingly.
@@ -148,14 +157,14 @@ class A {
    */
   async refreshAccessToken() {
     try {
-      const t = await c(this.projectId, {
+      const e = await c(this.projectId, {
         grantType: "refresh_token"
-      }), e = S(
-        t.accessToken,
-        t.validUntil,
-        t.endUser
+      }), t = f(
+        e.accessToken,
+        e.validUntil,
+        e.endUser
       );
-      await this.setAuthState(e);
+      await this.setAuthState(t);
     } catch {
       await this.signOut();
     }
@@ -166,7 +175,7 @@ class A {
    * @returns True if the wallet secret should be refreshed, false otherwise.
    */
   shouldRefreshWalletSecret() {
-    return !(this.walletSecret && this.walletSecret.expiresAt > Date.now() + h);
+    return !(this.walletSecret && this.walletSecret.expiresAt > Date.now() + i);
   }
   /**
    * Refreshes the wallet secret. Assumes the user is signed in.
@@ -174,19 +183,37 @@ class A {
    * @returns The wallet secret.
    */
   async refreshWalletSecret() {
-    const t = n(), e = this.walletSecret?.walletSecretId ?? t.generateRandomId(), a = this.walletSecret?.keyPair ?? await t.createKeyPair(), r = this.authState.expiresAt, s = new Date(r).toISOString();
-    this.walletSecret = { walletSecretId: e, keyPair: a, expiresAt: r };
+    const e = n(), t = this.walletSecret?.walletSecretId ?? e.generateRandomId(), r = this.walletSecret?.keyPair ?? await e.createKeyPair(), s = this.authState.expiresAt, a = new Date(s).toISOString();
+    this.walletSecret = { walletSecretId: t, keyPair: r, expiresAt: s };
     try {
       await o(this.projectId, this.authState.user.userId, {
-        walletSecretId: e,
-        publicKey: a.publicKeyBase64,
-        validUntil: s
+        walletSecretId: t,
+        publicKey: r.publicKeyBase64,
+        validUntil: a
       });
-    } catch (i) {
-      throw this.walletSecret = null, i;
+    } catch (h) {
+      throw this.walletSecret = null, h;
     }
   }
+  /**
+   * Schedules a token refresh to occur exactly when shouldRefreshToken() would return true.
+   * Uses the same REFRESH_CREDENTIALS_BUFFER_MS timing as the rest of the auth system.
+   */
+  scheduleTokenRefresh() {
+    if (this.cancelTokenRefresh(), !this.authState)
+      return;
+    const t = this.authState.expiresAt - i - Date.now();
+    t <= 0 || (this.refreshTimeout = setTimeout(async () => {
+      await this.refreshAccessToken(), this.scheduleTokenRefresh();
+    }, t));
+  }
+  /**
+   * Cancels any scheduled token refresh.
+   */
+  cancelTokenRefresh() {
+    this.refreshTimeout && (clearTimeout(this.refreshTimeout), this.refreshTimeout = null);
+  }
 }
 export {
-  A as AuthManager
+  p as AuthManager
 };

package/dist/web/index.web75.js

@@ -1,11 +1,11 @@
-import { encode as d } from "./index.web89.js";
-import y from "./index.web90.js";
-import b from "./index.web91.js";
+import { encode as d } from "./index.web87.js";
+import y from "./index.web88.js";
+import b from "./index.web89.js";
 import { JWSInvalid as r } from "./index.web28.js";
 import { encoder as s, concat as u, decoder as h } from "./index.web76.js";
-import g from "./index.web92.js";
-import H from "./index.web93.js";
-import P from "./index.web94.js";
+import g from "./index.web90.js";
+import H from "./index.web91.js";
+import P from "./index.web92.js";
 class x {
   #r;
   #e;

package/dist/web/index.web84.js

@@ -1,4 +1,4 @@
-import { HashMD as D, SHA256_IV as b, Chi as g, Maj as p } from "./index.web88.js";
+import { HashMD as D, SHA256_IV as b, Chi as g, Maj as p } from "./index.web93.js";
 import { createHasher as u, clean as C, rotr as i } from "./index.web83.js";
 const B = /* @__PURE__ */ Uint32Array.from([
   1116352408,

package/dist/web/index.web87.js

@@ -1,12 +1,23 @@
-import { contracts as o } from "./index.web96.js";
-import { formatters as r } from "./index.web97.js";
-import { serializers as t } from "./index.web98.js";
-const e = {
-  blockTime: 2e3,
-  contracts: o,
-  formatters: r,
-  serializers: t
-};
+import { encoder as t, decoder as o } from "./index.web76.js";
+import { encodeBase64 as c, decodeBase64 as a } from "./index.web96.js";
+function i(r) {
+  if (Uint8Array.fromBase64)
+    return Uint8Array.fromBase64(typeof r == "string" ? r : o.decode(r), {
+      alphabet: "base64url"
+    });
+  let e = r;
+  e instanceof Uint8Array && (e = o.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
+  try {
+    return a(e);
+  } catch {
+    throw new TypeError("The input to be decoded is not correctly encoded.");
+  }
+}
+function p(r) {
+  let e = r;
+  return typeof e == "string" && (e = t.encode(e)), Uint8Array.prototype.toBase64 ? e.toBase64({ alphabet: "base64url", omitPadding: !0 }) : c(e).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
+}
 export {
-  e as chainConfig
+  i as decode,
+  p as encode
 };

package/dist/web/index.web88.js

@@ -1,81 +1,12 @@
-import { Hash as g, createView as l, aexists as b, toBytes as a, abytes as d, aoutput as x, clean as w } from "./index.web83.js";
-function y(o, t, s, n) {
-  if (typeof o.setBigUint64 == "function")
-    return o.setBigUint64(t, s, n);
-  const i = BigInt(32), h = BigInt(4294967295), e = Number(s >> i & h), r = Number(s & h), c = n ? 4 : 0, u = n ? 0 : 4;
-  o.setUint32(t + c, e, n), o.setUint32(t + u, r, n);
-}
-function U(o, t, s) {
-  return o & t ^ ~o & s;
-}
-function _(o, t, s) {
-  return o & t ^ o & s ^ t & s;
-}
-class m extends g {
-  constructor(t, s, n, i) {
-    super(), this.finished = !1, this.length = 0, this.pos = 0, this.destroyed = !1, this.blockLen = t, this.outputLen = s, this.padOffset = n, this.isLE = i, this.buffer = new Uint8Array(t), this.view = l(this.buffer);
-  }
-  update(t) {
-    b(this), t = a(t), d(t);
-    const { view: s, buffer: n, blockLen: i } = this, h = t.length;
-    for (let e = 0; e < h; ) {
-      const r = Math.min(i - this.pos, h - e);
-      if (r === i) {
-        const c = l(t);
-        for (; i <= h - e; e += i)
-          this.process(c, e);
-        continue;
-      }
-      n.set(t.subarray(e, e + r), this.pos), this.pos += r, e += r, this.pos === i && (this.process(s, 0), this.pos = 0);
-    }
-    return this.length += t.length, this.roundClean(), this;
-  }
-  digestInto(t) {
-    b(this), x(t, this), this.finished = !0;
-    const { buffer: s, view: n, blockLen: i, isLE: h } = this;
-    let { pos: e } = this;
-    s[e++] = 128, w(this.buffer.subarray(e)), this.padOffset > i - e && (this.process(n, 0), e = 0);
-    for (let f = e; f < i; f++)
-      s[f] = 0;
-    y(n, i - 8, BigInt(this.length * 8), h), this.process(n, 0);
-    const r = l(t), c = this.outputLen;
-    if (c % 4)
-      throw new Error("_sha2: outputLen should be aligned to 32bit");
-    const u = c / 4, p = this.get();
-    if (u > p.length)
-      throw new Error("_sha2: outputLen bigger than state");
-    for (let f = 0; f < u; f++)
-      r.setUint32(4 * f, p[f], h);
-  }
-  digest() {
-    const { buffer: t, outputLen: s } = this;
-    this.digestInto(t);
-    const n = t.slice(0, s);
-    return this.destroy(), n;
-  }
-  _cloneInto(t) {
-    t || (t = new this.constructor()), t.set(...this.get());
-    const { blockLen: s, buffer: n, length: i, finished: h, destroyed: e, pos: r } = this;
-    return t.destroyed = e, t.finished = h, t.length = i, t.pos = r, i % s && t.buffer.set(n), t;
-  }
-  clone() {
-    return this._cloneInto();
-  }
-}
-const B = /* @__PURE__ */ Uint32Array.from([
-  1779033703,
-  3144134277,
-  1013904242,
-  2773480762,
-  1359893119,
-  2600822924,
-  528734635,
-  1541459225
-]);
+import n from "./index.web97.js";
+import s from "./index.web98.js";
+import a from "./index.web99.js";
+const y = async (t, o, e) => {
+  const r = await a(t, o, "sign");
+  s(t, r);
+  const i = await crypto.subtle.sign(n(t, r.algorithm), r, e);
+  return new Uint8Array(i);
+};
 export {
-  U as Chi,
-  m as HashMD,
-  _ as Maj,
-  B as SHA256_IV,
-  y as setBigUint64
+  y as default
 };

package/dist/web/index.web89.js

@@ -1,23 +1,22 @@
-import { encoder as t, decoder as o } from "./index.web76.js";
-import { encodeBase64 as c, decodeBase64 as a } from "./index.web99.js";
-function i(r) {
-  if (Uint8Array.fromBase64)
-    return Uint8Array.fromBase64(typeof r == "string" ? r : o.decode(r), {
-      alphabet: "base64url"
-    });
-  let e = r;
-  e instanceof Uint8Array && (e = o.decode(e)), e = e.replace(/-/g, "+").replace(/_/g, "/").replace(/\s/g, "");
-  try {
-    return a(e);
-  } catch {
-    throw new TypeError("The input to be decoded is not correctly encoded.");
+const a = (...o) => {
+  const t = o.filter(Boolean);
+  if (t.length === 0 || t.length === 1)
+    return !0;
+  let e;
+  for (const s of t) {
+    const r = Object.keys(s);
+    if (!e || e.size === 0) {
+      e = new Set(r);
+      continue;
+    }
+    for (const n of r) {
+      if (e.has(n))
+        return !1;
+      e.add(n);
+    }
   }
-}
-function p(r) {
-  let e = r;
-  return typeof e == "string" && (e = t.encode(e)), Uint8Array.prototype.toBase64 ? e.toBase64({ alphabet: "base64url", omitPadding: !0 }) : c(e).replace(/=/g, "").replace(/\+/g, "-").replace(/\//g, "_");
-}
+  return !0;
+};
 export {
-  i as decode,
-  p as encode
+  a as default
 };

package/dist/web/index.web90.js

@@ -1,12 +1,96 @@
-import n from "./index.web100.js";
-import s from "./index.web101.js";
-import a from "./index.web102.js";
-const y = async (t, o, e) => {
-  const r = await a(t, o, "sign");
-  s(t, r);
-  const i = await crypto.subtle.sign(n(t, r.algorithm), r, e);
-  return new Uint8Array(i);
+import { withAlg as n } from "./index.web100.js";
+import c from "./index.web101.js";
+import { isJWK as p, isSecretJWK as a, isPublicJWK as y, isPrivateJWK as f } from "./index.web102.js";
+const s = (r) => r?.[Symbol.toStringTag], o = (r, e, t) => {
+  if (e.use !== void 0) {
+    let i;
+    switch (t) {
+      case "sign":
+      case "verify":
+        i = "sig";
+        break;
+      case "encrypt":
+      case "decrypt":
+        i = "enc";
+        break;
+    }
+    if (e.use !== i)
+      throw new TypeError(`Invalid key for this operation, its "use" must be "${i}" when present`);
+  }
+  if (e.alg !== void 0 && e.alg !== r)
+    throw new TypeError(`Invalid key for this operation, its "alg" must be "${r}" when present`);
+  if (Array.isArray(e.key_ops)) {
+    let i;
+    switch (!0) {
+      case t === "sign":
+      case r === "dir":
+      case r.includes("CBC-HS"):
+        i = t;
+        break;
+      case r.startsWith("PBES2"):
+        i = "deriveBits";
+        break;
+      case /^A\d{3}(?:GCM)?(?:KW)?$/.test(r):
+        !r.includes("GCM") && r.endsWith("KW") ? i = "unwrapKey" : i = t;
+        break;
+      case t === "encrypt":
+        i = "wrapKey";
+        break;
+      case t === "decrypt":
+        i = r.startsWith("RSA") ? "unwrapKey" : "deriveBits";
+        break;
+    }
+    if (i && e.key_ops?.includes?.(i) === !1)
+      throw new TypeError(`Invalid key for this operation, its "key_ops" must include "${i}" when present`);
+  }
+  return !0;
+}, h = (r, e, t) => {
+  if (!(e instanceof Uint8Array)) {
+    if (p(e)) {
+      if (a(e) && o(r, e, t))
+        return;
+      throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present');
+    }
+    if (!c(e))
+      throw new TypeError(n(r, e, "CryptoKey", "KeyObject", "JSON Web Key", "Uint8Array"));
+    if (e.type !== "secret")
+      throw new TypeError(`${s(e)} instances for symmetric algorithms must be of type "secret"`);
+  }
+}, m = (r, e, t) => {
+  if (p(e))
+    switch (t) {
+      case "decrypt":
+      case "sign":
+        if (f(e) && o(r, e, t))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a private JWK");
+      case "encrypt":
+      case "verify":
+        if (y(e) && o(r, e, t))
+          return;
+        throw new TypeError("JSON Web Key for this operation be a public JWK");
+    }
+  if (!c(e))
+    throw new TypeError(n(r, e, "CryptoKey", "KeyObject", "JSON Web Key"));
+  if (e.type === "secret")
+    throw new TypeError(`${s(e)} instances for asymmetric algorithms must not be of type "secret"`);
+  if (e.type === "public")
+    switch (t) {
+      case "sign":
+        throw new TypeError(`${s(e)} instances for asymmetric algorithm signing must be of type "private"`);
+      case "decrypt":
+        throw new TypeError(`${s(e)} instances for asymmetric algorithm decryption must be of type "private"`);
+    }
+  if (e.type === "private")
+    switch (t) {
+      case "verify":
+        throw new TypeError(`${s(e)} instances for asymmetric algorithm verifying must be of type "public"`);
+      case "encrypt":
+        throw new TypeError(`${s(e)} instances for asymmetric algorithm encryption must be of type "public"`);
+    }
+}, d = (r, e, t) => {
+  r.startsWith("HS") || r === "dir" || r.startsWith("PBES2") || /^A(?:128|192|256)(?:GCM)?(?:KW)?$/.test(r) || /^A(?:128|192|256)CBC-HS(?:256|384|512)$/.test(r) ? h(r, e, t) : m(r, e, t);
 };
 export {
-  y as default
+  d as default
 };

package/dist/web/index.web91.js

@@ -1,22 +1,23 @@
-const a = (...o) => {
-  const t = o.filter(Boolean);
-  if (t.length === 0 || t.length === 1)
-    return !0;
-  let e;
-  for (const s of t) {
-    const r = Object.keys(s);
-    if (!e || e.size === 0) {
-      e = new Set(r);
-      continue;
-    }
-    for (const n of r) {
-      if (e.has(n))
-        return !1;
-      e.add(n);
-    }
+import { JOSENotSupported as f } from "./index.web28.js";
+const w = (n, r, a, e, s) => {
+  if (s.crit !== void 0 && e?.crit === void 0)
+    throw new n('"crit" (Critical) Header Parameter MUST be integrity protected');
+  if (!e || e.crit === void 0)
+    return /* @__PURE__ */ new Set();
+  if (!Array.isArray(e.crit) || e.crit.length === 0 || e.crit.some((i) => typeof i != "string" || i.length === 0))
+    throw new n('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');
+  let t;
+  a !== void 0 ? t = new Map([...Object.entries(a), ...r.entries()]) : t = r;
+  for (const i of e.crit) {
+    if (!t.has(i))
+      throw new f(`Extension Header Parameter "${i}" is not recognized`);
+    if (s[i] === void 0)
+      throw new n(`Extension Header Parameter "${i}" is missing`);
+    if (t.get(i) && e[i] === void 0)
+      throw new n(`Extension Header Parameter "${i}" MUST be integrity protected`);
   }
-  return !0;
+  return new Set(e.crit);
 };
 export {
-  a as default
+  w as default
 };