@coinbase/cdp-core 0.0.50 → 0.0.51

package/dist/web/index.web137.js

@@ -1,44 +1,10 @@
-import { InvalidAddressError as a } from "./index.web79.js";
-import { isAddress as f } from "./index.web53.js";
-import { concatHex as p } from "./index.web54.js";
-import { toHex as i } from "./index.web48.js";
-import { toRlp as x } from "./index.web67.js";
-import { serializeTransaction as l } from "./index.web26.js";
-function T(r, e) {
-  return h(r) ? z(r) : l(r, e);
-}
-const E = {
-  transaction: T
+const o = (t, r) => {
+  if (t.startsWith("RS") || t.startsWith("PS")) {
+    const { modulusLength: e } = r.algorithm;
+    if (typeof e != "number" || e < 2048)
+      throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`);
+  }
 };
-function z(r) {
-  w(r);
-  const { sourceHash: e, data: o, from: m, gas: t, isSystemTx: u, mint: s, to: c, value: n } = r, d = [
-    e,
-    m,
-    c ?? "0x",
-    s ? i(s) : "0x",
-    n ? i(n) : "0x",
-    t ? i(t) : "0x",
-    u ? "0x1" : "0x",
-    o ?? "0x"
-  ];
-  return p([
-    "0x7e",
-    x(d)
-  ]);
-}
-function h(r) {
-  return r.type === "deposit" || typeof r.sourceHash < "u";
-}
-function w(r) {
-  const { from: e, to: o } = r;
-  if (e && !f(e))
-    throw new a({ address: e });
-  if (o && !f(o))
-    throw new a({ address: o });
-}
 export {
-  w as assertTransactionDeposit,
-  T as serializeTransaction,
-  E as serializers
+  o as default
 };

package/dist/web/index.web138.js

@@ -1,81 +1,13 @@
-function r(t, e = "algorithm.name") {
-  return new TypeError(`CryptoKey does not support this operation, its ${e} must be ${t}`);
-}
-function o(t, e) {
-  return t.name === e;
-}
-function c(t) {
-  return parseInt(t.name.slice(4), 10);
-}
-function h(t) {
-  switch (t) {
-    case "ES256":
-      return "P-256";
-    case "ES384":
-      return "P-384";
-    case "ES512":
-      return "P-521";
-    default:
-      throw new Error("unreachable");
+import { checkSigCryptoKey as i } from "./index.web143.js";
+import o from "./index.web139.js";
+const s = async (t, r, e) => {
+  if (r instanceof Uint8Array) {
+    if (!t.startsWith("HS"))
+      throw new TypeError(o(r, "CryptoKey", "KeyObject", "JSON Web Key"));
+    return crypto.subtle.importKey("raw", r, { hash: `SHA-${t.slice(-3)}`, name: "HMAC" }, !1, [e]);
   }
-}
-function i(t, e) {
-  if (!t.usages.includes(e))
-    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${e}.`);
-}
-function u(t, e, n) {
-  switch (e) {
-    case "HS256":
-    case "HS384":
-    case "HS512": {
-      if (!o(t.algorithm, "HMAC"))
-        throw r("HMAC");
-      const a = parseInt(e.slice(2), 10);
-      if (c(t.algorithm.hash) !== a)
-        throw r(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "RS256":
-    case "RS384":
-    case "RS512": {
-      if (!o(t.algorithm, "RSASSA-PKCS1-v1_5"))
-        throw r("RSASSA-PKCS1-v1_5");
-      const a = parseInt(e.slice(2), 10);
-      if (c(t.algorithm.hash) !== a)
-        throw r(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "PS256":
-    case "PS384":
-    case "PS512": {
-      if (!o(t.algorithm, "RSA-PSS"))
-        throw r("RSA-PSS");
-      const a = parseInt(e.slice(2), 10);
-      if (c(t.algorithm.hash) !== a)
-        throw r(`SHA-${a}`, "algorithm.hash");
-      break;
-    }
-    case "Ed25519":
-    case "EdDSA": {
-      if (!o(t.algorithm, "Ed25519"))
-        throw r("Ed25519");
-      break;
-    }
-    case "ES256":
-    case "ES384":
-    case "ES512": {
-      if (!o(t.algorithm, "ECDSA"))
-        throw r("ECDSA");
-      const a = h(e);
-      if (t.algorithm.namedCurve !== a)
-        throw r(a, "algorithm.namedCurve");
-      break;
-    }
-    default:
-      throw new TypeError("CryptoKey does not support this operation");
-  }
-  i(t, n);
-}
+  return i(r, t, e), r;
+};
 export {
-  u as checkSigCryptoKey
+  s as default
 };

package/dist/web/index.web139.js

@@ -0,0 +1,15 @@
+function i(n, e, ...o) {
+  if (o = o.filter(Boolean), o.length > 2) {
+    const f = o.pop();
+    n += `one of type ${o.join(", ")}, or ${f}.`;
+  } else o.length === 2 ? n += `one of type ${o[0]} or ${o[1]}.` : n += `of type ${o[0]}.`;
+  return e == null ? n += ` Received ${e}` : typeof e == "function" && e.name ? n += ` Received function ${e.name}` : typeof e == "object" && e != null && e.constructor?.name && (n += ` Received an instance of ${e.constructor.name}`), n;
+}
+const r = (n, ...e) => i("Key must be ", n, ...e);
+function t(n, e, ...o) {
+  return i(`Key for the ${n} algorithm must be `, e, ...o);
+}
+export {
+  r as default,
+  t as withAlg
+};

package/dist/web/index.web14.js

@@ -1,35 +1,17 @@
-class n extends Error {
-  /**
-   * The name of the missing module.
-   */
-  moduleName;
-  /**
-   * The API or feature that requires the missing module.
-   */
-  requiredFor;
-  /**
-   * Creates a new ModuleResolutionError.
-   *
-   * @param moduleName - The name of the missing module.
-   * @param requiredFor - The API or feature that requires the module.
-   * @param message - Optional custom error message.
-   */
-  constructor(e, r, t) {
-    const o = `${r} is not available in this React Native environment. Please ensure ${e} is installed.`;
-    super(t || o), this.name = "ModuleResolutionError", this.moduleName = e, this.requiredFor = r;
-  }
-}
-class i extends Error {
-  /**
-   * Creates a new UserInputValidationError.
-   *
-   * @param message - The validation error message.
-   */
-  constructor(e) {
-    super(e), this.name = "InputValidationError";
-  }
+import { initiateAuthentication as e } from "@coinbase/cdp-api-client";
+import { getPlatformOAuth as i } from "./index.web2.js";
+import { getCoreAuthManager as n, getConfig as r } from "./index.web30.js";
+async function c() {
+  if (!await n().isSignedIn())
+    throw new Error("User must be signed in to link an Apple account");
+  const t = await e(r().projectId, {
+    type: "apple",
+    redirectUrl: i().getRedirectUrl()
+  });
+  if (!("authUrl" in t))
+    throw new Error("Failed to initiate Apple authentication");
+  i().initiateOAuthFlow(t.authUrl);
 }
 export {
-  i as InputValidationError,
-  n as ModuleResolutionError
+  c as linkApple
 };

package/dist/web/index.web140.js

@@ -0,0 +1,12 @@
+function e(t) {
+  return t?.[Symbol.toStringTag] === "CryptoKey";
+}
+function r(t) {
+  return t?.[Symbol.toStringTag] === "KeyObject";
+}
+const n = (t) => e(t) || r(t);
+export {
+  n as default,
+  e as isCryptoKey,
+  r as isKeyObject
+};

package/dist/web/index.web141.js

@@ -0,0 +1,19 @@
+import n from "./index.web104.js";
+function r(t) {
+  return n(t) && typeof t.kty == "string";
+}
+function o(t) {
+  return t.kty !== "oct" && typeof t.d == "string";
+}
+function e(t) {
+  return t.kty !== "oct" && typeof t.d > "u";
+}
+function c(t) {
+  return t.kty === "oct" && typeof t.k == "string";
+}
+export {
+  r as isJWK,
+  o as isPrivateJWK,
+  e as isPublicJWK,
+  c as isSecretJWK
+};

package/dist/web/index.web142.js

@@ -0,0 +1,83 @@
+import { JOSENotSupported as s } from "./index.web47.js";
+function n(e) {
+  let a, r;
+  switch (e.kty) {
+    case "RSA": {
+      switch (e.alg) {
+        case "PS256":
+        case "PS384":
+        case "PS512":
+          a = { name: "RSA-PSS", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "RS256":
+        case "RS384":
+        case "RS512":
+          a = { name: "RSASSA-PKCS1-v1_5", hash: `SHA-${e.alg.slice(-3)}` }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "RSA-OAEP":
+        case "RSA-OAEP-256":
+        case "RSA-OAEP-384":
+        case "RSA-OAEP-512":
+          a = {
+            name: "RSA-OAEP",
+            hash: `SHA-${parseInt(e.alg.slice(-3), 10) || 1}`
+          }, r = e.d ? ["decrypt", "unwrapKey"] : ["encrypt", "wrapKey"];
+          break;
+        default:
+          throw new s('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    case "EC": {
+      switch (e.alg) {
+        case "ES256":
+          a = { name: "ECDSA", namedCurve: "P-256" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ES384":
+          a = { name: "ECDSA", namedCurve: "P-384" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ES512":
+          a = { name: "ECDSA", namedCurve: "P-521" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          a = { name: "ECDH", namedCurve: e.crv }, r = e.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new s('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    case "OKP": {
+      switch (e.alg) {
+        case "Ed25519":
+        case "EdDSA":
+          a = { name: "Ed25519" }, r = e.d ? ["sign"] : ["verify"];
+          break;
+        case "ECDH-ES":
+        case "ECDH-ES+A128KW":
+        case "ECDH-ES+A192KW":
+        case "ECDH-ES+A256KW":
+          a = { name: e.crv }, r = e.d ? ["deriveBits"] : [];
+          break;
+        default:
+          throw new s('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');
+      }
+      break;
+    }
+    default:
+      throw new s('Invalid or unsupported JWK "kty" (Key Type) Parameter value');
+  }
+  return { algorithm: a, keyUsages: r };
+}
+const i = async (e) => {
+  if (!e.alg)
+    throw new TypeError('"alg" argument is required when "jwk.alg" is not present');
+  const { algorithm: a, keyUsages: r } = n(e), t = { ...e };
+  return delete t.alg, delete t.use, crypto.subtle.importKey("jwk", t, a, e.ext ?? !e.d, e.key_ops ?? r);
+};
+export {
+  i as default
+};

package/dist/web/index.web143.js

@@ -0,0 +1,81 @@
+function r(t, e = "algorithm.name") {
+  return new TypeError(`CryptoKey does not support this operation, its ${e} must be ${t}`);
+}
+function o(t, e) {
+  return t.name === e;
+}
+function c(t) {
+  return parseInt(t.name.slice(4), 10);
+}
+function h(t) {
+  switch (t) {
+    case "ES256":
+      return "P-256";
+    case "ES384":
+      return "P-384";
+    case "ES512":
+      return "P-521";
+    default:
+      throw new Error("unreachable");
+  }
+}
+function i(t, e) {
+  if (!t.usages.includes(e))
+    throw new TypeError(`CryptoKey does not support this operation, its usages must include ${e}.`);
+}
+function u(t, e, n) {
+  switch (e) {
+    case "HS256":
+    case "HS384":
+    case "HS512": {
+      if (!o(t.algorithm, "HMAC"))
+        throw r("HMAC");
+      const a = parseInt(e.slice(2), 10);
+      if (c(t.algorithm.hash) !== a)
+        throw r(`SHA-${a}`, "algorithm.hash");
+      break;
+    }
+    case "RS256":
+    case "RS384":
+    case "RS512": {
+      if (!o(t.algorithm, "RSASSA-PKCS1-v1_5"))
+        throw r("RSASSA-PKCS1-v1_5");
+      const a = parseInt(e.slice(2), 10);
+      if (c(t.algorithm.hash) !== a)
+        throw r(`SHA-${a}`, "algorithm.hash");
+      break;
+    }
+    case "PS256":
+    case "PS384":
+    case "PS512": {
+      if (!o(t.algorithm, "RSA-PSS"))
+        throw r("RSA-PSS");
+      const a = parseInt(e.slice(2), 10);
+      if (c(t.algorithm.hash) !== a)
+        throw r(`SHA-${a}`, "algorithm.hash");
+      break;
+    }
+    case "Ed25519":
+    case "EdDSA": {
+      if (!o(t.algorithm, "Ed25519"))
+        throw r("Ed25519");
+      break;
+    }
+    case "ES256":
+    case "ES384":
+    case "ES512": {
+      if (!o(t.algorithm, "ECDSA"))
+        throw r("ECDSA");
+      const a = h(e);
+      if (t.algorithm.namedCurve !== a)
+        throw r(a, "algorithm.namedCurve");
+      break;
+    }
+    default:
+      throw new TypeError("CryptoKey does not support this operation");
+  }
+  i(t, n);
+}
+export {
+  u as checkSigCryptoKey
+};

package/dist/web/index.web15.js

@@ -1,34 +1,220 @@
-function a(e) {
-  if (typeof btoa < "u")
-    return btoa(
-      Array.from(e).map((t) => String.fromCharCode(t)).join("")
-    );
-  const c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-  let r = "";
-  for (let t = 0; t < e.length; t += 3) {
-    const h = e[t], n = t + 1 < e.length ? e[t + 1] : 0, s = t + 2 < e.length ? e[t + 2] : 0, o = h << 16 | n << 8 | s;
-    r += c.charAt(o >> 18 & 63), r += c.charAt(o >> 12 & 63), r += t + 1 < e.length ? c.charAt(o >> 6 & 63) : "=", r += t + 2 < e.length ? c.charAt(o & 63) : "=";
-  }
-  return r;
-}
-function g(e) {
-  if (typeof atob < "u") {
-    const n = atob(e), s = new Uint8Array(n.length);
-    for (let o = 0; o < n.length; o++)
-      s[o] = n.charCodeAt(o);
-    return s;
-  }
-  const c = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/", r = {};
-  for (let n = 0; n < c.length; n++)
-    r[c[n]] = n;
-  const t = e.replace(/[^A-Za-z0-9+/]/g, ""), h = [];
-  for (let n = 0; n < t.length; n += 4) {
-    const s = r[t[n]] || 0, o = r[t[n + 1]] || 0, l = r[t[n + 2]] || 0, f = r[t[n + 3]] || 0, i = s << 18 | o << 12 | l << 6 | f;
-    h.push(i >> 16 & 255), n + 2 < t.length && h.push(i >> 8 & 255), n + 3 < t.length && h.push(i & 255);
-  }
-  return new Uint8Array(h);
+import { logOutEndUser as l, refreshAccessToken as o, registerTemporaryWalletSecret as c } from "@coinbase/cdp-api-client";
+import { SignJWT as u } from "./index.web33.js";
+import { toAuthState as f } from "./index.web24.js";
+import "viem";
+import { getPlatformCrypto as n } from "./index.web2.js";
+import { sortKeys as S } from "./index.web29.js";
+import { getCoreOAuthManager as w } from "./index.web30.js";
+const i = 60 * 1e3;
+class I {
+  projectId;
+  authState = null;
+  walletSecret = null;
+  authStateChangeCallbacks = [];
+  initPromise = null;
+  refreshTimeout = null;
+  /**
+   * Initializes the token manager.
+   *
+   * @param projectId - The project ID.
+   */
+  constructor(e) {
+    this.projectId = e, this.initPromise = this._doInitialize();
+  }
+  /**
+   * Gets the current user, or null if there is no user signed in.
+   *
+   * @returns The current user.
+   */
+  async getUser() {
+    return this.authState?.user ?? null;
+  }
+  /**
+   * Returns whether the user is signed in - i.e., whether there is an unexpired
+   * access token and user. Attempts to refresh the token if it's expired.
+   *
+   * @returns True if the user is signed in, false otherwise.
+   */
+  async isSignedIn() {
+    if (!this.authState)
+      return !1;
+    if (this.authState.expiresAt > Date.now() + i)
+      return !0;
+    try {
+      return await this.getToken() !== null;
+    } catch {
+      return !1;
+    }
+  }
+  /**
+   * Signs out the user, clearing all authentication state.
+   */
+  async signOut() {
+    try {
+      await l(this.projectId);
+    } catch {
+    } finally {
+      await this.clearAuthState();
+    }
+  }
+  /**
+   * Adds a callback to be called when the auth state changes.
+   *
+   * @param callback - The function to call when the auth state changes.
+   */
+  addAuthStateChangeCallback(e) {
+    this.authStateChangeCallbacks.push(e), e(this.authState?.user ?? null);
+  }
+  /**
+   * Gets the access token, refreshing it if it is expired. Returns null if the user is not
+   * signed in.
+   *
+   * @returns The access token.
+   */
+  async getToken() {
+    return this.shouldRefreshToken() && await this.refreshAccessToken(), this.authState?.accessToken ?? null;
+  }
+  /**
+   * Gets the currently registered wallet secret ID. Rejects if the user is not signed in.
+   *
+   * @returns The wallet secret ID.
+   */
+  async getWalletSecretId() {
+    if (!await this.isSignedIn())
+      throw new Error("Cannot get wallet secret ID if the user is not signed in");
+    return this.shouldRefreshWalletSecret() && await this.refreshWalletSecret(), this.walletSecret.walletSecretId;
+  }
+  /**
+   * Gets the X-Wallet-Auth header. Rejects if the user is not signed in.
+   *
+   * @param options - The options for the request.
+   * @param options.requestMethod - The HTTP method of the request.
+   * @param options.requestHost - The host of the request.
+   * @param options.requestPath - The path of the request.
+   * @param options.requestData - The data of the request.
+   * @returns The X-Wallet-Auth header.
+   */
+  async getXWalletAuth(e) {
+    if (!await this.isSignedIn())
+      throw new Error("Cannot get X-Wallet-Auth header if the user is not signed in");
+    this.shouldRefreshWalletSecret() && await this.refreshWalletSecret();
+    const t = `${e.requestMethod} ${e.requestHost}${e.requestPath}`, r = Math.floor(Date.now() / 1e3), a = n(), s = {
+      uris: [t]
+    };
+    if (e.requestData && Object.keys(e.requestData).length > 0) {
+      const h = S(e.requestData);
+      s.reqHash = await a.hash(new TextEncoder().encode(JSON.stringify(h)));
+    }
+    return await new u(s).setProtectedHeader({ alg: "ES256", typ: "JWT" }).setIssuedAt(r).setNotBefore(r).setJti(a.generateRandomId()).sign(this.walletSecret.keyPair.privateKey);
+  }
+  /**
+   * Sets the authentication state.
+   *
+   * @param authState - The authentication state.
+   */
+  async setAuthState(e) {
+    this.authState = e, this.authStateChangeCallbacks.forEach((t) => t(this.authState?.user ?? null)), this.scheduleTokenRefresh();
+  }
+  /**
+   * Clears the authentication state.
+   */
+  async clearAuthState() {
+    this.authState = null, this.walletSecret = null, this.cancelTokenRefresh(), this.authStateChangeCallbacks.forEach((e) => e(null));
+  }
+  /**
+   * Ensures the AuthManager is initialized before proceeding.
+   * If initialization is already in progress, waits for it to complete.
+   */
+  async ensureInitialized() {
+    if (this.initPromise) {
+      await this.initPromise;
+      return;
+    }
+    throw new Error("AuthManager not initialized");
+  }
+  /**
+   * Internal async initialization logic.
+   */
+  async _doInitialize() {
+    try {
+      await this.refreshAccessToken(), await w().handleOAuthCode();
+    } catch (e) {
+      console.warn("Failed to refresh access token during initialization:", e);
+    }
+  }
+  /**
+   * Returns whether the token should be refreshed.
+   *
+   * @returns True if the token should be refreshed, false otherwise.
+   */
+  shouldRefreshToken() {
+    return !(this.authState && this.authState.expiresAt > Date.now() + i);
+  }
+  /**
+   * Refreshes the access token and transitions the auth state accordingly.
+   * If a refresh is already in progress, it will wait for that refresh to complete.
+   *
+   * @returns The new access token.
+   */
+  async refreshAccessToken() {
+    try {
+      const e = await o(this.projectId, {
+        grantType: "refresh_token"
+      }), t = f(
+        e.accessToken,
+        e.validUntil,
+        e.endUser
+      );
+      await this.setAuthState(t);
+    } catch {
+      await this.signOut();
+    }
+  }
+  /**
+   * Returns whether the wallet secret should be refreshed.
+   *
+   * @returns True if the wallet secret should be refreshed, false otherwise.
+   */
+  shouldRefreshWalletSecret() {
+    return !(this.walletSecret && this.walletSecret.expiresAt > Date.now() + i);
+  }
+  /**
+   * Refreshes the wallet secret. Assumes the user is signed in.
+   *
+   * @returns The wallet secret.
+   */
+  async refreshWalletSecret() {
+    const e = n(), t = this.walletSecret?.walletSecretId ?? e.generateRandomId(), r = this.walletSecret?.keyPair ?? await e.createKeyPair(), a = this.authState.expiresAt, s = new Date(a).toISOString();
+    this.walletSecret = { walletSecretId: t, keyPair: r, expiresAt: a };
+    try {
+      await c(this.projectId, this.authState.user.userId, {
+        walletSecretId: t,
+        publicKey: r.publicKeyBase64,
+        validUntil: s
+      });
+    } catch (h) {
+      throw this.walletSecret = null, h;
+    }
+  }
+  /**
+   * Schedules a token refresh to occur exactly when shouldRefreshToken() would return true.
+   * Uses the same REFRESH_CREDENTIALS_BUFFER_MS timing as the rest of the auth system.
+   */
+  scheduleTokenRefresh() {
+    if (this.cancelTokenRefresh(), !this.authState)
+      return;
+    const t = this.authState.expiresAt - i - Date.now();
+    t <= 0 || (this.refreshTimeout = setTimeout(async () => {
+      await this.refreshAccessToken(), this.scheduleTokenRefresh();
+    }, t));
+  }
+  /**
+   * Cancels any scheduled token refresh.
+   */
+  cancelTokenRefresh() {
+    this.refreshTimeout && (clearTimeout(this.refreshTimeout), this.refreshTimeout = null);
+  }
 }
 export {
-  g as decodeBase64,
-  a as encodeBase64
+  I as AuthManager
 };