@diviswap/sdk 1.9.1 → 2.0.0

package/dist/index.mjs

@@ -1,3 +1,4 @@
+import { keccak_256 } from '@noble/hashes/sha3';
 import crypto from 'crypto';
 
 var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
@@ -64,31 +65,43 @@ var AuthModule = class {
    * ```
    */
   async register(data) {
+    if (!data.email || !data.password) {
+      throw new ValidationError("Email and password are required");
+    }
+    if (!data.firstName || !data.lastName) {
+      throw new ValidationError("First name and last name are required for KYC compliance");
+    }
+    if (!data.individual) {
+      throw new ValidationError(
+        "Complete individual KYC information is required for registration. Please provide residential address, date of birth, and government ID information."
+      );
+    }
+    const individual = data.individual;
+    const requiredIndividualFields = [
+      "residential_country_code",
+      "residential_address_line_one",
+      "residential_city",
+      "residential_state",
+      "residential_postal_code",
+      "id_country_code",
+      "dob",
+      "id_number"
+    ];
+    for (const field of requiredIndividualFields) {
+      const value = individual[field];
+      if (value === void 0 || value === null || value === "") {
+        throw new ValidationError(
+          `Missing required KYC field: ${field}. All identity information must be provided for compliance.`
+        );
+      }
+    }
     const requestData = {
       email: data.email,
       password: data.password,
-      first_name: data.firstName || "Test",
-      last_name: data.lastName || "User",
-      // Individual object is REQUIRED by the backend
-      individual: {
-        // Use 'USA' (3-letter code) as seen in working lbx-landing implementation
-        residential_country_code: "USA",
-        residential_address_line_one: "123 Main Street",
-        residential_address_line_two: "",
-        residential_city: "Anytown",
-        residential_state: "CA",
-        residential_postal_code: "12345",
-        id_type: "ssn",
-        // Add id_type field as seen in lbx-landing
-        id_country_code: "USA",
-        dob: "1990-01-01",
-        id_number: "123456789"
-        // Remove dashes from SSN like lbx-landing does
-      }
+      first_name: data.firstName,
+      last_name: data.lastName,
+      individual: data.individual
     };
-    if (data.individual) {
-      requestData.individual = data.individual;
-    }
     if (data.phone) requestData.phone = data.phone;
     if (data.referralCode) requestData.referral_code = data.referralCode;
     const response = await this.client.post(
@@ -519,19 +532,116 @@ var STABLECOIN_ADDRESSES = {
     // Wrapped SOL
   }
 };
+function isValidEthereumAddress(address) {
+  if (!/^0x[0-9a-fA-F]{40}$/.test(address)) {
+    return false;
+  }
+  if (address === address.toLowerCase() || address === address.toUpperCase()) {
+    return true;
+  }
+  return address === toChecksumAddress(address);
+}
+function toChecksumAddress(address) {
+  if (!address.startsWith("0x")) {
+    throw new Error("Invalid Ethereum address: must start with 0x");
+  }
+  const lowerAddress = address.toLowerCase().replace("0x", "");
+  const hash = keccak256(lowerAddress);
+  let checksumAddress = "0x";
+  for (let i = 0; i < lowerAddress.length; i++) {
+    const hashByte = parseInt(hash[i], 16);
+    checksumAddress += hashByte >= 8 ? lowerAddress[i].toUpperCase() : lowerAddress[i];
+  }
+  return checksumAddress;
+}
+function keccak256(input) {
+  const bytes = new TextEncoder().encode(input);
+  const hash = keccak_256(bytes);
+  return Array.from(hash).map((b) => b.toString(16).padStart(2, "0")).join("");
+}
+function isValidSolanaAddress(address) {
+  const base58Regex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+  if (!base58Regex.test(address)) {
+    return false;
+  }
+  if (/[0OIl]/.test(address)) {
+    return false;
+  }
+  return true;
+}
+function isValidBitcoinAddress(address) {
+  const legacyRegex = /^1[1-9A-HJ-NP-Za-km-z]{25,34}$/;
+  const segwitRegex = /^3[1-9A-HJ-NP-Za-km-z]{25,34}$/;
+  const bech32Regex = /^bc1[a-z0-9]{39,87}$/i;
+  return legacyRegex.test(address) || segwitRegex.test(address) || bech32Regex.test(address);
+}
+function isValidTronAddress(address) {
+  if (!address.startsWith("T") || address.length !== 34) {
+    return false;
+  }
+  const base58Regex = /^T[1-9A-HJ-NP-Za-km-z]{33}$/;
+  return base58Regex.test(address);
+}
+function isValidCryptoAddress(address, chain) {
+  const chainLower = chain.toLowerCase();
+  switch (chainLower) {
+    case "ethereum":
+    case "eth":
+    case "polygon":
+    case "matic":
+    case "arbitrum":
+    case "optimism":
+    case "base":
+    case "avalanche":
+    case "bsc":
+    case "binance":
+      return isValidEthereumAddress(address);
+    case "solana":
+    case "sol":
+      return isValidSolanaAddress(address);
+    case "bitcoin":
+    case "btc":
+      return isValidBitcoinAddress(address);
+    case "tron":
+    case "trx":
+      return isValidTronAddress(address);
+    default:
+      throw new Error(`Unsupported chain: ${chain}`);
+  }
+}
+function extractTransactionHash(result) {
+  if (typeof result === "string") {
+    return result;
+  }
+  if ("hash" in result && result.hash) {
+    return result.hash;
+  }
+  if ("transactionHash" in result && result.transactionHash) {
+    return result.transactionHash;
+  }
+  throw new Error(
+    'Unable to extract transaction hash from result. Expected string or object with "hash" or "transactionHash" property.'
+  );
+}
 
 // src/modules/transactions.ts
-var TransactionsModule = class {
+var _TransactionsModule = class _TransactionsModule {
   constructor(client, environment = "sandbox") {
     this.client = client;
     this.depositAddresses = getDepositAddresses(environment);
   }
   /**
-   * Map chain name to chain ID
+   * Map chain name to chain ID with validation
    * @private
    */
   getChainId(chain) {
-    const chainId = CHAIN_NAME_TO_ID[chain.toLowerCase()];
+    const chainLower = chain.toLowerCase();
+    if (!_TransactionsModule.SUPPORTED_CHAINS.includes(chainLower)) {
+      throw new ValidationError(
+        `Unsupported chain: ${chain}. Supported chains: ${_TransactionsModule.SUPPORTED_CHAINS.filter((c, i, arr) => arr.indexOf(c) === i).join(", ")}`
+      );
+    }
+    const chainId = CHAIN_NAME_TO_ID[chainLower];
     return chainId ? chainId.toString() : chain;
   }
   /**
@@ -620,17 +730,30 @@ var TransactionsModule = class {
    */
   async offramp(data) {
     if (!data.txHash || data.txHash.trim() === "") {
-      throw new Error("txHash is required for offramp transactions.");
+      throw new ValidationError("txHash is required for offramp transactions.");
+    }
+    const chain = data.chain || "ethereum";
+    const chainId = this.getChainId(chain);
+    if (!isValidCryptoAddress(data.fromAddress, chain)) {
+      throw new ValidationError(
+        `Invalid ${chain} address: ${data.fromAddress}. Please check the address format.`
+      );
+    }
+    const toAddress = data.toAddress || this.getDepositAddress(chain);
+    if (!isValidCryptoAddress(toAddress, chain)) {
+      throw new ValidationError(
+        `Invalid ${chain} deposit address: ${toAddress}. Please contact support.`
+      );
     }
     const payload = {
       payee_id: data.payeeId,
       tx_hash: data.txHash,
       // Required: must send crypto first
       from_address: data.fromAddress,
-      to_address: data.toAddress || this.getDepositAddress(data.chain || "ethereum"),
+      to_address: toAddress,
       amount: data.amount,
       currency: data.currency,
-      chain_id: this.getChainId(data.chain || "ethereum")
+      chain_id: chainId
     };
     if (data.memo) {
       payload.memo = data.memo;
@@ -818,6 +941,26 @@ var TransactionsModule = class {
     return STABLECOIN_ADDRESSES[chainName] || {};
   }
 };
+// Supported chains for validation
+_TransactionsModule.SUPPORTED_CHAINS = [
+  "ethereum",
+  "eth",
+  "polygon",
+  "matic",
+  "arbitrum",
+  "optimism",
+  "base",
+  "avalanche",
+  "bsc",
+  "binance",
+  "solana",
+  "sol",
+  "bitcoin",
+  "btc",
+  "tron",
+  "trx"
+];
+var TransactionsModule = _TransactionsModule;
 
 // src/modules/kyc.ts
 var KycModule = class {
@@ -1533,8 +1676,8 @@ var MemoryTokenStorage = class {
   }
 };
 var LocalStorageTokenStorage = class {
-  constructor() {
-    this.key = "liberex_tokens";
+  constructor(userId) {
+    this.key = userId ? `liberex_tokens_${userId}` : "liberex_tokens";
   }
   get() {
     if (typeof globalThis.window === "undefined") return null;
@@ -1556,9 +1699,14 @@ var LocalStorageTokenStorage = class {
   }
 };
 var TokenManager = class {
-  constructor(useLocalStorage = false) {
+  /**
+   * Create a new TokenManager
+   * @param useLocalStorage Whether to use localStorage (default: memory storage for security)
+   * @param userId Optional user ID for multi-user session isolation
+   */
+  constructor(useLocalStorage = false, userId) {
     this.refreshPromise = null;
-    this.storage = useLocalStorage && typeof globalThis.window !== "undefined" ? new LocalStorageTokenStorage() : new MemoryTokenStorage();
+    this.storage = useLocalStorage && typeof globalThis.window !== "undefined" ? new LocalStorageTokenStorage(userId) : new MemoryTokenStorage();
   }
   /**
    * Parse JWT token to extract expiration
@@ -1659,6 +1807,18 @@ var PartnerAuth = class {
   constructor(credentials) {
     this.credentials = credentials;
   }
+  /**
+   * Override toJSON to prevent accidental serialization of secret key
+   */
+  toJSON() {
+    return {
+      keyId: this.credentials.keyId,
+      customerId: this.credentials.customerId,
+      customerEmail: this.credentials.customerEmail,
+      secretKey: "***REDACTED***"
+      // Never expose secret key
+    };
+  }
   /**
    * Generate HMAC authentication headers for a request
    */
@@ -1750,17 +1910,54 @@ var PartnerAuth = class {
 // src/api/unified-client.ts
 var UnifiedApiClient = class _UnifiedApiClient {
   constructor(config, useLocalStorage = true) {
-    this.config = config;
+    Object.defineProperty(this, "_secureApiKey", {
+      value: config.apiKey,
+      writable: false,
+      enumerable: false,
+      configurable: false
+    });
+    Object.defineProperty(this, "_secureSecretKey", {
+      value: config.secretKey,
+      writable: false,
+      enumerable: false,
+      configurable: false
+    });
+    const { apiKey, secretKey, ...safeConfig } = config;
+    this.config = safeConfig;
     this.tokenManager = new TokenManager(useLocalStorage);
-    if (config.mode === "partner" && config.keyId && config.secretKey) {
+    const secureSecretKey = this._secureSecretKey;
+    if (config.mode === "partner" && config.keyId && secureSecretKey) {
       this.partnerAuth = new PartnerAuth({
         keyId: config.keyId,
-        secretKey: config.secretKey,
+        secretKey: secureSecretKey,
         customerId: config.customerId,
         customerEmail: config.customerEmail
       });
     }
   }
+  /**
+   * Override toJSON to prevent accidental serialization of sensitive data
+   */
+  toJSON() {
+    return {
+      mode: this.config.mode,
+      baseUrl: this.config.baseUrl,
+      timeout: this.config.timeout,
+      debug: this.config.debug,
+      // Never expose credentials
+      apiKey: this.config.apiKey ? "***REDACTED***" : void 0,
+      secretKey: this.config.secretKey ? "***REDACTED***" : void 0,
+      keyId: this.config.keyId,
+      clientId: this.config.clientId
+    };
+  }
+  /**
+   * Get the actual API key (for internal use only)
+   * @internal
+   */
+  getApiKey() {
+    return this._secureApiKey;
+  }
   /**
    * Create client from legacy user config (backward compatibility)
    */
@@ -1908,7 +2105,15 @@ var UnifiedApiClient = class _UnifiedApiClient {
         this.config.timeout
       );
       if (this.config.debug) {
-        console.log(`[Diviswap SDK] ${method} ${url}`);
+        const safeHeaders = { ...requestHeaders };
+        if (safeHeaders["X-API-Key"]) safeHeaders["X-API-Key"] = "***REDACTED***";
+        if (safeHeaders["Authorization"]?.startsWith("Bearer ")) {
+          safeHeaders["Authorization"] = "Bearer ***REDACTED***";
+        }
+        if (safeHeaders["Authorization"]?.startsWith("HMAC ")) {
+          safeHeaders["Authorization"] = "HMAC ***REDACTED***";
+        }
+        console.log(`[Diviswap SDK] ${method} ${url}`, { headers: safeHeaders });
       }
       const response = await fetch(url, {
         method,
@@ -1976,12 +2181,13 @@ var UnifiedApiClient = class _UnifiedApiClient {
    * Add user authentication headers (legacy)
    */
   async addUserAuth(useApiKey, headers) {
-    if (!this.config.apiKey || !this.config.clientId) {
+    const apiKey = this.getApiKey();
+    if (!apiKey || !this.config.clientId) {
       throw new AuthenticationError("User authentication not configured");
     }
     headers["X-CLIENT-ID"] = this.config.clientId;
     headers["X-TIMESTAMP"] = Math.floor(Date.now() / 1e3).toString();
-    headers["X-API-Key"] = this.config.apiKey;
+    headers["X-API-Key"] = apiKey;
     if (!useApiKey) {
       const accessToken = await this.tokenManager.getValidAccessToken(
         this.refreshCallback
@@ -2417,17 +2623,6 @@ function setupWalletTracking(diviswap, wallet, config) {
   return tracker;
 }
 
-// src/utils/web3.ts
-function extractTransactionHash(result) {
-  if (typeof result === "string") {
-    return result;
-  }
-  if (typeof result === "object" && result !== null && "hash" in result) {
-    return result.hash;
-  }
-  return result;
-}
-
 export { AuthenticationError, CHAIN_IDS, CHAIN_ID_TO_NAME, CHAIN_NAME_TO_ID, ConfigurationError, Diviswap, DiviswapError, Diviswap as LiberEx, LiberExError, NetworkError, PRODUCTION_DEPOSIT_ADDRESSES, SANDBOX_DEPOSIT_ADDRESSES, STABLECOIN_ADDRESSES, ValidationError, WalletTracker, connectWallet, extractTransactionHash, getDepositAddresses, setupWalletTracking, trackCurrentWallet };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map