@dubsdotapp/expo 0.2.10 → 0.2.12

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dubsdotapp/expo",
-  "version": "0.2.10",
+  "version": "0.2.12",
   "description": "React Native SDK for the Dubs betting platform",
   "main": "./dist/index.js",
   "module": "./dist/index.mjs",
@@ -24,7 +24,8 @@
     "clean": "rm -rf dist"
   },
   "dependencies": {
-    "bs58": "^5.0.0"
+    "bs58": "^5.0.0",
+    "tweetnacl": "^1.0.3"
   },
   "peerDependencies": {
     "@solana/web3.js": "^1.90.0",

package/src/index.ts

@@ -67,6 +67,8 @@ export type { DubsProviderProps, DubsContextValue } from './provider';
 export type { WalletAdapter } from './wallet';
 export { MwaWalletAdapter } from './wallet';
 export type { MwaAdapterConfig, MwaTransactFn } from './wallet';
+export { PhantomDeeplinkAdapter } from './wallet';
+export type { PhantomDeeplinkAdapterConfig, PhantomSession } from './wallet';
 
 // Hooks
 export {

package/src/managed-wallet.tsx

@@ -1,10 +1,16 @@
 import React, { createContext, useContext, useState, useEffect, useRef, useCallback } from 'react';
+import { Platform } from 'react-native';
 import { MwaWalletAdapter } from './wallet/mwa-adapter';
+import { PhantomDeeplinkAdapter } from './wallet/phantom-deeplink';
+import type { PhantomSession } from './wallet/phantom-deeplink';
+import type { WalletAdapter } from './wallet/types';
 import { ConnectWalletScreen } from './ui/ConnectWalletScreen';
 import type { ConnectWalletScreenProps } from './ui/ConnectWalletScreen';
 import type { TokenStorage } from './storage';
 import { STORAGE_KEYS } from './storage';
 
+const TAG = '[Dubs:ManagedWallet]';
+
 // ── Disconnect Context (internal) ──
 
 type DisconnectFn = () => Promise<void>;
@@ -26,7 +32,11 @@ interface ManagedWalletProviderProps {
   accentColor?: string;
   appIcon?: string;
   tagline?: string;
-  children: (adapter: MwaWalletAdapter) => React.ReactNode;
+  /** Deeplink redirect URI for Phantom (required on iOS, optional on Android) */
+  redirectUri?: string;
+  /** App URL shown in Phantom's connect screen */
+  appUrl?: string;
+  children: (adapter: WalletAdapter) => React.ReactNode;
 }
 
 // ── Component ──
@@ -39,79 +49,156 @@ export function ManagedWalletProvider({
   accentColor,
   appIcon,
   tagline,
+  redirectUri,
+  appUrl,
   children,
 }: ManagedWalletProviderProps) {
   const [connected, setConnected] = useState(false);
   const [connecting, setConnecting] = useState(false);
   const [isReady, setIsReady] = useState(false);
   const [error, setError] = useState<string | null>(null);
-  const adapterRef = useRef<MwaWalletAdapter | null>(null);
+
+  // Determine which adapter to use:
+  // - iOS always uses Phantom deeplinks
+  // - Android uses MWA (default) unless redirectUri is provided and MWA is unavailable
+  const usePhantom = Platform.OS === 'ios' && !!redirectUri;
+
+  console.log(TAG, `Platform: ${Platform.OS}, redirectUri: ${redirectUri ? 'provided' : 'not set'}, usePhantom: ${usePhantom}`);
+
+  const adapterRef = useRef<WalletAdapter | null>(null);
   const transactRef = useRef<any>(null);
 
   // Lazily create adapter
   if (!adapterRef.current) {
-    adapterRef.current = new MwaWalletAdapter({
-      transact: (...args: any[]) => {
-        if (!transactRef.current) {
-          throw new Error(
-            '@dubsdotapp/expo: @solana-mobile/mobile-wallet-adapter-protocol-web3js is required. ' +
-            'Install it with: npm install @solana-mobile/mobile-wallet-adapter-protocol-web3js',
-          );
-        }
-        return transactRef.current(...args);
-      },
-      appIdentity: { name: appName },
-      cluster,
-      onAuthTokenChange: (token) => {
-        if (token) {
-          storage.setItem(STORAGE_KEYS.MWA_AUTH_TOKEN, token).catch(() => {});
-        } else {
-          storage.deleteItem(STORAGE_KEYS.MWA_AUTH_TOKEN).catch(() => {});
-        }
-      },
-    });
+    if (usePhantom) {
+      console.log(TAG, 'Creating PhantomDeeplinkAdapter');
+      adapterRef.current = new PhantomDeeplinkAdapter({
+        redirectUri: redirectUri!,
+        appUrl,
+        cluster,
+        onSessionChange: (session) => {
+          if (session) {
+            console.log(TAG, 'Phantom session changed — saving to storage, wallet:', session.walletPublicKey);
+            storage.setItem(STORAGE_KEYS.PHANTOM_SESSION, JSON.stringify(session)).catch((err) => {
+              console.log(TAG, 'Failed to save Phantom session:', err);
+            });
+          } else {
+            console.log(TAG, 'Phantom session cleared — removing from storage');
+            storage.deleteItem(STORAGE_KEYS.PHANTOM_SESSION).catch((err) => {
+              console.log(TAG, 'Failed to delete Phantom session:', err);
+            });
+          }
+        },
+      });
+    } else {
+      console.log(TAG, 'Creating MwaWalletAdapter');
+      adapterRef.current = new MwaWalletAdapter({
+        transact: (...args: any[]) => {
+          if (!transactRef.current) {
+            throw new Error(
+              '@dubsdotapp/expo: @solana-mobile/mobile-wallet-adapter-protocol-web3js is required. ' +
+              'Install it with: npm install @solana-mobile/mobile-wallet-adapter-protocol-web3js',
+            );
+          }
+          return transactRef.current(...args);
+        },
+        appIdentity: { name: appName },
+        cluster,
+        onAuthTokenChange: (token) => {
+          if (token) {
+            storage.setItem(STORAGE_KEYS.MWA_AUTH_TOKEN, token).catch(() => {});
+          } else {
+            storage.deleteItem(STORAGE_KEYS.MWA_AUTH_TOKEN).catch(() => {});
+          }
+        },
+      });
+    }
   }
   const adapter = adapterRef.current;
 
-  // Dynamic-import transact on mount
+  // Restore session / dynamic-import on mount
   useEffect(() => {
     let cancelled = false;
 
     (async () => {
-      try {
-        const mwa = await import('@solana-mobile/mobile-wallet-adapter-protocol-web3js');
-        if (cancelled) return;
-        transactRef.current = mwa.transact;
-      } catch {
-        // MWA not installed — transact calls will throw a clear error
-      }
+      if (usePhantom) {
+        console.log(TAG, 'Phantom path — checking for saved session...');
+        // Attempt to restore a saved Phantom session
+        try {
+          const savedJson = await storage.getItem(STORAGE_KEYS.PHANTOM_SESSION);
+          if (savedJson && !cancelled) {
+            console.log(TAG, 'Found saved Phantom session, restoring...');
+            const saved: PhantomSession = JSON.parse(savedJson);
+            (adapter as PhantomDeeplinkAdapter).restoreSession(saved);
+            if (!cancelled) {
+              console.log(TAG, 'Session restored, marking connected');
+              setConnected(true);
+            }
+          } else {
+            console.log(TAG, 'No saved Phantom session found');
+          }
+        } catch (err) {
+          console.log(TAG, 'Failed to restore Phantom session:', err instanceof Error ? err.message : err);
+          // Session expired or corrupt — user will tap Connect manually
+        } finally {
+          if (!cancelled) {
+            console.log(TAG, 'Phantom init complete, marking ready');
+            setIsReady(true);
+          }
+        }
+      } else {
+        console.log(TAG, 'MWA path — dynamic-importing transact...');
+        // MWA path — dynamic-import transact
+        try {
+          const mwa = await import('@solana-mobile/mobile-wallet-adapter-protocol-web3js');
+          if (cancelled) return;
+          transactRef.current = mwa.transact;
+          console.log(TAG, 'MWA transact loaded');
+        } catch {
+          console.log(TAG, 'MWA not installed — transact will throw on use');
+        }
 
-      // Attempt silent reconnect from saved token
-      try {
-        const savedToken = await storage.getItem(STORAGE_KEYS.MWA_AUTH_TOKEN);
-        if (savedToken && !cancelled) {
-          adapter.setAuthToken(savedToken);
-          await adapter.connect();
-          if (!cancelled) setConnected(true);
+        // Attempt silent reconnect from saved auth token
+        try {
+          const savedToken = await storage.getItem(STORAGE_KEYS.MWA_AUTH_TOKEN);
+          if (savedToken && !cancelled) {
+            console.log(TAG, 'Found saved MWA auth token, reconnecting...');
+            (adapter as MwaWalletAdapter).setAuthToken(savedToken);
+            await adapter.connect!();
+            if (!cancelled) {
+              console.log(TAG, 'MWA reconnected from saved token');
+              setConnected(true);
+            }
+          } else {
+            console.log(TAG, 'No saved MWA auth token');
+          }
+        } catch (err) {
+          console.log(TAG, 'MWA silent reconnect failed:', err instanceof Error ? err.message : err);
+        } finally {
+          if (!cancelled) {
+            console.log(TAG, 'MWA init complete, marking ready');
+            setIsReady(true);
+          }
         }
-      } catch {
-        // Token expired or wallet unavailable — user will tap Connect manually
-      } finally {
-        if (!cancelled) setIsReady(true);
       }
     })();
 
-    return () => { cancelled = true; };
-  }, [adapter, storage]);
+    return () => {
+      cancelled = true;
+    };
+  }, [adapter, storage, usePhantom]);
 
   const handleConnect = useCallback(async () => {
+    console.log(TAG, 'handleConnect() — user tapped connect');
     setConnecting(true);
     setError(null);
     try {
-      await adapter.connect();
+      await adapter.connect!();
+      console.log(TAG, 'handleConnect() — success, wallet:', adapter.publicKey?.toBase58());
       setConnected(true);
     } catch (err) {
       const message = err instanceof Error ? err.message : 'Connection failed';
+      console.log(TAG, 'handleConnect() — failed:', message);
       setError(message);
     } finally {
       setConnecting(false);
@@ -119,14 +206,30 @@ export function ManagedWalletProvider({
   }, [adapter]);
 
   const disconnect = useCallback(async () => {
-    adapter.disconnect();
+    console.log(TAG, 'disconnect() — clearing all state');
+    adapter.disconnect?.();
     await storage.deleteItem(STORAGE_KEYS.MWA_AUTH_TOKEN).catch(() => {});
+    await storage.deleteItem(STORAGE_KEYS.PHANTOM_SESSION).catch(() => {});
     await storage.deleteItem(STORAGE_KEYS.JWT_TOKEN).catch(() => {});
     setConnected(false);
+    console.log(TAG, 'disconnect() — done');
   }, [adapter, storage]);
 
+  // Cleanup deeplink handler on unmount
+  useEffect(() => {
+    return () => {
+      if (usePhantom && adapter && 'destroy' in adapter) {
+        console.log(TAG, 'Unmounting — destroying Phantom adapter');
+        (adapter as PhantomDeeplinkAdapter).destroy();
+      }
+    };
+  }, [adapter, usePhantom]);
+
   // Show nothing until we've attempted silent reconnect
-  if (!isReady) return null;
+  if (!isReady) {
+    console.log(TAG, 'Not ready yet — rendering null');
+    return null;
+  }
 
   // Not connected — show connect screen
   if (!connected) {
@@ -150,6 +253,7 @@ export function ManagedWalletProvider({
   }
 
   // Connected — render children with adapter + disconnect
+  console.log(TAG, 'Rendering children — connected with wallet:', adapter.publicKey?.toBase58());
   return (
     <DisconnectContext.Provider value={disconnect}>
       {children(adapter)}

package/src/provider.tsx

@@ -51,6 +51,10 @@ export interface DubsProviderProps {
   renderRegistration?: (props: RegistrationScreenProps) => React.ReactNode;
   /** Set to false to skip AuthGate and connect screen (headless/BYOA mode). Default: true. */
   managed?: boolean;
+  /** Deeplink redirect URI for Phantom wallet (required for iOS support). */
+  redirectUri?: string;
+  /** App URL shown in Phantom's connect screen. */
+  appUrl?: string;
 }
 
 // ── Provider ──
@@ -69,6 +73,8 @@ export function DubsProvider({
   renderError,
   renderRegistration,
   managed = true,
+  redirectUri,
+  appUrl,
 }: DubsProviderProps) {
   // Resolve network config — explicit props override network defaults
   const config = NETWORK_CONFIG[network];
@@ -130,6 +136,8 @@ export function DubsProvider({
       accentColor={uiConfig.accentColor}
       appIcon={uiConfig.appIcon}
       tagline={uiConfig.tagline}
+      redirectUri={redirectUri}
+      appUrl={appUrl}
     >
       {(adapter) => (
         <ManagedInner

package/src/storage.ts

@@ -7,6 +7,7 @@ export interface TokenStorage {
 export const STORAGE_KEYS = {
   MWA_AUTH_TOKEN: 'dubs_mwa_auth_token',
   JWT_TOKEN: 'dubs_jwt_token',
+  PHANTOM_SESSION: 'dubs_phantom_session',
 } as const;
 
 /**

package/src/wallet/index.ts

@@ -1,3 +1,5 @@
 export type { WalletAdapter } from './types';
 export { MwaWalletAdapter } from './mwa-adapter';
 export type { MwaAdapterConfig, MwaTransactFn } from './mwa-adapter';
+export { PhantomDeeplinkAdapter } from './phantom-deeplink';
+export type { PhantomDeeplinkAdapterConfig, PhantomSession } from './phantom-deeplink';

package/src/wallet/phantom-deeplink/crypto.ts

@@ -0,0 +1,49 @@
+import nacl from 'tweetnacl';
+import bs58 from 'bs58';
+
+export interface KeyPair {
+  publicKey: Uint8Array;
+  secretKey: Uint8Array;
+}
+
+/** Generate an x25519 keypair for Diffie-Hellman key exchange with Phantom. */
+export function generateKeyPair(): KeyPair {
+  const kp = nacl.box.keyPair();
+  return { publicKey: kp.publicKey, secretKey: kp.secretKey };
+}
+
+/** Derive a shared secret from our secret key and Phantom's public key. */
+export function deriveSharedSecret(
+  ourSecretKey: Uint8Array,
+  theirPublicKey: Uint8Array,
+): Uint8Array {
+  return nacl.box.before(theirPublicKey, ourSecretKey);
+}
+
+/** Encrypt a payload for Phantom using the shared secret. */
+export function encryptPayload(
+  payload: object,
+  sharedSecret: Uint8Array,
+): { nonce: string; ciphertext: string } {
+  const nonce = nacl.randomBytes(24);
+  const message = new TextEncoder().encode(JSON.stringify(payload));
+  const encrypted = nacl.box.after(message, nonce, sharedSecret);
+  if (!encrypted) throw new Error('Encryption failed');
+  return {
+    nonce: bs58.encode(nonce),
+    ciphertext: bs58.encode(encrypted),
+  };
+}
+
+/** Decrypt a payload returned by Phantom using the shared secret. */
+export function decryptPayload(
+  ciphertextBase58: string,
+  nonceBase58: string,
+  sharedSecret: Uint8Array,
+): Record<string, any> {
+  const ciphertext = bs58.decode(ciphertextBase58);
+  const nonce = bs58.decode(nonceBase58);
+  const decrypted = nacl.box.open.after(ciphertext, nonce, sharedSecret);
+  if (!decrypted) throw new Error('Decryption failed — invalid shared secret or corrupted data');
+  return JSON.parse(new TextDecoder().decode(decrypted));
+}

package/src/wallet/phantom-deeplink/deeplink-handler.ts

@@ -0,0 +1,177 @@
+import { Linking } from 'react-native';
+
+const TAG = '[Dubs:DeeplinkHandler]';
+
+export interface DeeplinkResponse {
+  /** All query parameters from the redirect URL */
+  params: Record<string, string>;
+}
+
+interface PendingRequest {
+  resolve: (response: DeeplinkResponse) => void;
+  reject: (error: Error) => void;
+  timer: ReturnType<typeof setTimeout>;
+}
+
+/**
+ * Manages the deeplink round-trip with Phantom:
+ *   1. Opens a Phantom deeplink URL
+ *   2. Waits for Phantom to redirect back to our `redirectBase`
+ *   3. Routes the response to the correct pending promise via request ID
+ */
+export class DeeplinkHandler {
+  private readonly redirectBase: string;
+  private readonly pending = new Map<string, PendingRequest>();
+  private subscription: ReturnType<typeof Linking.addEventListener> | null = null;
+
+  constructor(redirectBase: string) {
+    // Strip trailing slashes for consistent matching
+    this.redirectBase = redirectBase.replace(/\/+$/, '');
+    console.log(TAG, 'Created with redirectBase:', this.redirectBase);
+  }
+
+  /** Start listening for incoming deeplinks. Call once on adapter init. */
+  start(): void {
+    if (this.subscription) {
+      console.log(TAG, 'Already listening, skipping start()');
+      return;
+    }
+
+    console.log(TAG, 'Starting URL listener');
+    this.subscription = Linking.addEventListener('url', ({ url }) => {
+      console.log(TAG, 'Received URL event:', url);
+      this.handleUrl(url);
+    });
+
+    // Check for cold-start URL (app was launched via deeplink)
+    Linking.getInitialURL().then((url) => {
+      if (url) {
+        console.log(TAG, 'Cold-start URL found:', url);
+        this.handleUrl(url);
+      } else {
+        console.log(TAG, 'No cold-start URL');
+      }
+    });
+  }
+
+  /** Stop listening and reject all pending requests. */
+  destroy(): void {
+    console.log(TAG, 'Destroying — pending requests:', this.pending.size);
+    this.subscription?.remove();
+    this.subscription = null;
+
+    for (const [id, req] of this.pending) {
+      clearTimeout(req.timer);
+      req.reject(new Error('DeeplinkHandler destroyed'));
+      this.pending.delete(id);
+    }
+  }
+
+  /**
+   * Open a Phantom deeplink and wait for the redirect response.
+   * @param url The full Phantom deeplink URL to open
+   * @param requestId Unique ID embedded in the redirect_link param
+   * @param timeoutMs How long to wait before rejecting (default 120s)
+   */
+  async send(url: string, requestId: string, timeoutMs = 120_000): Promise<DeeplinkResponse> {
+    console.log(TAG, `send() requestId=${requestId} timeout=${timeoutMs}ms`);
+    console.log(TAG, 'Opening URL:', url.substring(0, 120) + (url.length > 120 ? '...' : ''));
+
+    return new Promise<DeeplinkResponse>((resolve, reject) => {
+      const timer = setTimeout(() => {
+        console.log(TAG, `Timeout reached for requestId=${requestId}`);
+        this.pending.delete(requestId);
+        reject(new Error(`Phantom deeplink timed out after ${timeoutMs / 1000}s`));
+      }, timeoutMs);
+
+      this.pending.set(requestId, { resolve, reject, timer });
+
+      Linking.openURL(url).catch((err) => {
+        console.log(TAG, `Failed to open URL: ${err.message}`);
+        this.pending.delete(requestId);
+        clearTimeout(timer);
+        reject(new Error(`Failed to open Phantom: ${err.message}`));
+      });
+    });
+  }
+
+  private handleUrl(url: string): void {
+    // Only process URLs that match our redirect base
+    if (!url.startsWith(this.redirectBase)) {
+      console.log(TAG, 'Ignoring URL (not our redirect base):', url.substring(0, 80));
+      return;
+    }
+
+    console.log(TAG, 'Processing redirect URL:', url.substring(0, 120) + (url.length > 120 ? '...' : ''));
+
+    const parsed = new URL(url);
+    const params: Record<string, string> = {};
+    parsed.searchParams.forEach((value, key) => {
+      params[key] = value;
+    });
+
+    const paramKeys = Object.keys(params);
+    console.log(TAG, 'Parsed params keys:', paramKeys.join(', '));
+
+    // Check for Phantom error
+    if (params.errorCode) {
+      const errorMessage = params.errorMessage
+        ? decodeURIComponent(params.errorMessage)
+        : `Phantom error code: ${params.errorCode}`;
+      console.log(TAG, `Phantom returned error: code=${params.errorCode} message="${errorMessage}"`);
+
+      // Route error to the pending request if we can identify it
+      const requestId = this.extractRequestId(url);
+      if (requestId && this.pending.has(requestId)) {
+        console.log(TAG, `Routing error to requestId=${requestId}`);
+        const req = this.pending.get(requestId)!;
+        clearTimeout(req.timer);
+        this.pending.delete(requestId);
+        req.reject(new Error(errorMessage));
+        return;
+      }
+
+      // If we can't route it, reject all pending (only one is typically active)
+      console.log(TAG, `Cannot route error to specific request, rejecting all ${this.pending.size} pending`);
+      for (const [id, req] of this.pending) {
+        clearTimeout(req.timer);
+        req.reject(new Error(errorMessage));
+        this.pending.delete(id);
+      }
+      return;
+    }
+
+    // Route success to the correct pending request
+    const requestId = this.extractRequestId(url);
+    console.log(TAG, `Extracted requestId=${requestId}, pending requests: [${[...this.pending.keys()].join(', ')}]`);
+
+    if (requestId && this.pending.has(requestId)) {
+      console.log(TAG, `Resolving requestId=${requestId}`);
+      const req = this.pending.get(requestId)!;
+      clearTimeout(req.timer);
+      this.pending.delete(requestId);
+      req.resolve({ params });
+      return;
+    }
+
+    // Fallback: resolve the first (and usually only) pending request
+    const first = this.pending.entries().next().value;
+    if (first) {
+      const [id, req] = first;
+      console.log(TAG, `Fallback: resolving first pending requestId=${id}`);
+      clearTimeout(req.timer);
+      this.pending.delete(id);
+      req.resolve({ params });
+    } else {
+      console.log(TAG, 'No pending requests to resolve — redirect may have arrived late');
+    }
+  }
+
+  /** Try to extract a request ID from the URL path segment after the redirect base. */
+  private extractRequestId(url: string): string | null {
+    const afterBase = url.slice(this.redirectBase.length);
+    // Expected format: /requestId?params... or ?params...
+    const match = afterBase.match(/^\/?([a-zA-Z0-9_-]+)/);
+    return match?.[1] ?? null;
+  }
+}

package/src/wallet/phantom-deeplink/index.ts

@@ -0,0 +1,2 @@
+export { PhantomDeeplinkAdapter } from './phantom-deeplink-adapter';
+export type { PhantomDeeplinkAdapterConfig, PhantomSession } from './phantom-deeplink-adapter';