npm - @dynamic-labs-sdk/client - Versions diffs - 0.17.1 → 0.17.3 - Mend

@dynamic-labs-sdk/client 0.17.1 → 0.17.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (120) hide show

package/dist/index.cjs.js CHANGED Viewed

@@ -1,14 +1,14 @@
-const require_InvalidParamError = require('./InvalidParamError-zIxsXkiH.cjs.js');
-const require_getNetworkProviderFromNetworkId = require('./getNetworkProviderFromNetworkId-BJR1GciB.cjs.js');
-const require_getVerifiedCredentialForWalletAccount = require('./getVerifiedCredentialForWalletAccount-D25Vyxub.cjs.js');
-const require_NotWaasWalletAccountError = require('./NotWaasWalletAccountError-B_Wl6sTh.cjs.js');
-const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-CYYU8V1B.cjs.js');
+const require_getNetworkProviderFromNetworkId = require('./getNetworkProviderFromNetworkId-DK9fnM_Y.cjs.js');
+const require_InvalidParamError = require('./InvalidParamError-DvFYOkxL.cjs.js');
+const require_getVerifiedCredentialForWalletAccount = require('./getVerifiedCredentialForWalletAccount-CyLnpS2G.cjs.js');
+const require_NotWaasWalletAccountError = require('./NotWaasWalletAccountError-CHSFUjd9.cjs.js');
+const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-BrRKwK_i.cjs.js');
 let _dynamic_labs_sdk_assert_package_version = require("@dynamic-labs-sdk/assert-package-version");
 let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
 let zod_mini = require("zod/mini");
-zod_mini = require_InvalidParamError.__toESM(zod_mini);
+zod_mini = require_getNetworkProviderFromNetworkId.__toESM(zod_mini);
 let eventemitter3 = require("eventemitter3");
-eventemitter3 = require_InvalidParamError.__toESM(eventemitter3);
+eventemitter3 = require_getNetworkProviderFromNetworkId.__toESM(eventemitter3);
 let _simplewebauthn_browser = require("@simplewebauthn/browser");
 //#region src/modules/state/raiseStateEvents/events.ts
@@ -86,7 +86,7 @@ const isSignedIn = (client = require_InvalidParamError.getDefaultClient()) => Bo
 /**
 * The schema to track the expiration time of the project settings.
 */
-const projectSettingsExpirationStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
+const projectSettingsExpirationStorageKeySchema = require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 	key: "projectSettingsExpiration",
 	schema: zod_mini.number()
 });
@@ -205,6 +205,7 @@ const logout = async (client = require_InvalidParamError.getDefaultClient()) =>
 		*/
 		if (require_InvalidParamError.isCookieEnabled(client)) require_getVerifiedCredentialForWalletAccount.setCookie(`${require_getVerifiedCredentialForWalletAccount.DYNAMIC_AUTH_COOKIE_NAME}=; Max-Age=-99999999; path=/; SameSite=Lax`);
 	}
+	await core.keychain.removeKey("session");
 	core.state.set({
 		captchaToken: null,
 		elevatedAccessTokens: [],
@@ -298,20 +299,6 @@ const setupCrossTabEventSync = (client) => {
 	core.crossTabBroadcast.on("deviceRegistrationCompleted", handleCrossTabDeviceRegistrationCompleted);
 };
-//#endregion
-//#region src/modules/state/raiseStateEvents/raiseStateEvents.ts
-const raiseStateEvents = (client) => {
-	require_InvalidParamError.getCore(client).state.subscribe((value, previous) => {
-		Object.entries(stateChangeEvents).forEach(([key, event]) => {
-			if (require_getNetworkProviderFromNetworkId.isEqualShallow(value[key], previous[key])) return;
-			require_getVerifiedCredentialForWalletAccount.emitEvent({
-				args: { [key]: value[key] },
-				event
-			}, client);
-		});
-	});
-};
 //#endregion
 //#region src/modules/wallets/unverifiedWalletAccounts/schema.ts
 const unverifiedWalletAccountSchema = zod_mini.object({
@@ -334,7 +321,7 @@ const walletProviderKeyMapSchema = zod_mini.record(zod_mini.string(), zod_mini.s
 //#endregion
 //#region src/modules/storageSync/schema.ts
-const stateStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
+const stateStorageKeySchema = require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 	key: "state",
 	schema: zod_mini.object({
 		apiVersion: zod_mini.string(),
@@ -346,7 +333,7 @@ const stateStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
 		walletProviderKeyMap: walletProviderKeyMapSchema
 	})
 });
-const sessionStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
+const sessionStorageKeySchema = require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 	key: "session",
 	schema: zod_mini.object({
 		captchaToken: zod_mini.nullable(zod_mini.string()),
@@ -364,6 +351,87 @@ const sessionStorageKeySchema = require_InvalidParamError.createStorageKeySchema
 	})
 });
+//#endregion
+//#region src/modules/keychainMigration/migrateSessionKeyToKeychain/KeyMigrationError.ts
+var KeyMigrationError = class extends require_InvalidParamError.BaseError {
+	constructor(expectedPublicKey, importedPublicKey) {
+		super({
+			cause: null,
+			code: "key_migration_public_key_mismatch",
+			docsUrl: null,
+			name: "KeyMigrationError",
+			shortMessage: `Public key mismatch after import: expected "${expectedPublicKey}", got "${importedPublicKey}"`
+		});
+	}
+};
+//#endregion
+//#region src/modules/keychainMigration/migrateSessionKeyToKeychain/migrateSessionKeyToKeychain.ts
+/**
+* Migrates legacy session keys from the hydrated state into the IndexedDB keychain
+* as non-extractable CryptoKey objects.
+*
+* Must run after hydrateStateWithStorage so that state.sessionKeys already holds
+* the legacy base64 blob (or the new public key hex if already migrated).
+*
+* Idempotent: skips if the keychain already has a `session` key.
+* Throws on failure — callers should handle errors (e.g. .catch(() => logout(client))).
+*/
+const migrateSessionKeyToKeychain = async ({ keychain, logger, state, storage }) => {
+	if (require_getNetworkProviderFromNetworkId.isServerSideRendering()) return;
+	logger.debug("[migrateSessionKeyToKeychain] Checking for existing session key in keychain");
+	if (await keychain.hasKey("session")) {
+		logger.debug("[migrateSessionKeyToKeychain] Session key already exists in keychain, skipping migration");
+		return;
+	}
+	const encodedSessionKeys = state.get().sessionKeys;
+	if (!encodedSessionKeys) {
+		logger.debug("[migrateSessionKeyToKeychain] No session keys in state, nothing to migrate");
+		return;
+	}
+	let blob;
+	try {
+		blob = JSON.parse(require_getNetworkProviderFromNetworkId.getBuffer().from(encodedSessionKeys, "base64").toString());
+	} catch {
+		logger.debug("[migrateSessionKeyToKeychain] Session keys are not a legacy blob, skipping migration");
+		return;
+	}
+	const { privateKeyJwk, publicKey } = blob;
+	if (!privateKeyJwk || !publicKey) {
+		logger.debug("[migrateSessionKeyToKeychain] Legacy blob missing privateKeyJwk or publicKey, skipping migration");
+		return;
+	}
+	logger.debug("[migrateSessionKeyToKeychain] Found legacy session key, importing into keychain", { expectedPublicKey: publicKey });
+	const importedPublicKey = await keychain.importKey("session", privateKeyJwk);
+	logger.debug("[migrateSessionKeyToKeychain] Key imported", {
+		expectedPublicKey: publicKey,
+		importedPublicKey
+	});
+	if (importedPublicKey !== publicKey) throw new KeyMigrationError(publicKey, importedPublicKey);
+	logger.debug("[migrateSessionKeyToKeychain] Public key validated, updating state and storage");
+	state.set({ sessionKeys: importedPublicKey });
+	const currentSession = await storage.getItem(sessionStorageKeySchema);
+	if (currentSession) await storage.setItem(sessionStorageKeySchema, {
+		...currentSession,
+		sessionKeys: importedPublicKey
+	});
+	logger.debug("[migrateSessionKeyToKeychain] Migration complete");
+};
+//#endregion
+//#region src/modules/state/raiseStateEvents/raiseStateEvents.ts
+const raiseStateEvents = (client) => {
+	require_InvalidParamError.getCore(client).state.subscribe((value, previous) => {
+		Object.entries(stateChangeEvents).forEach(([key, event]) => {
+			if (require_getNetworkProviderFromNetworkId.isEqualShallow(value[key], previous[key])) return;
+			require_getVerifiedCredentialForWalletAccount.emitEvent({
+				args: { [key]: value[key] },
+				event
+			}, client);
+		});
+	});
+};
 //#endregion
 //#region src/modules/storageSync/hydrateStateWithStorage/hydrateStateWithStorage.ts
 const hydrateStateWithStorage = async (client) => {
@@ -479,6 +547,14 @@ const initializeClient = async (client = require_InvalidParamError.getDefaultCli
 	setupCrossTabEventSync(client);
 	const initializeStorageSyncPromise = initializeStorageSync(client);
 	const fetchProjectSettingsPromise = initializeStorageSyncPromise.then(async () => {
+		await migrateSessionKeyToKeychain({
+			keychain: core.keychain,
+			logger: core.logger,
+			state: core.state,
+			storage: core.storage
+		}).catch(() => logout(client));
+		if (core.state.get().sessionKeys && !await core.keychain.hasKey("session")) await logout(client);
+	}).then(async () => {
 		if (!core.state.get().projectSettings) await fetchProjectSettings(client);
 	});
 	fetchProjectSettingsPromise.then(() => prefetchNoncesIfNeeded(client)).catch((error) => {
@@ -627,6 +703,59 @@ const createWebFetch = () => {
 	return window.fetch.bind(window);
 };
+//#endregion
+//#region src/services/instrumentation/constants.ts
+const DEFAULT_PII_FIELDS = [
+	"password",
+	"token",
+	"secret",
+	"privateKey",
+	"mnemonic",
+	"seed",
+	"email",
+	"phone",
+	"ssn",
+	"address",
+	"authorization"
+];
+//#endregion
+//#region src/services/instrumentation/createInstrumentation/createInstrumentation.ts
+const buildPiiFields = (customFields = []) => {
+	const merged = [...DEFAULT_PII_FIELDS, ...customFields];
+	return [...new Set(merged)];
+};
+/**
+* Creates the instrumentation service that gates event emission behind an
+* enabled flag and delegates to a pluggable transport.
+*
+* The transport is intentionally optional at creation time — it is wired in
+* later via setTransport so the SDK can initialise without one. Events logged
+* before a transport is set are simply dropped.
+*
+* Custom piiFields are merged with and deduplicated against the defaults so
+* callers only need to list additional fields, not replicate the baseline.
+*/
+const createInstrumentation = ({ config: inputConfig } = {}) => {
+	let transport;
+	const config = {
+		enabled: inputConfig?.enabled ?? true,
+		piiFields: buildPiiFields(inputConfig?.piiFields)
+	};
+	return {
+		config,
+		log: (event) => {
+			if (config.enabled) transport?.log(event);
+		},
+		setEnabled: (value) => {
+			config.enabled = value;
+		},
+		setTransport: (t) => {
+			transport = t;
+		}
+	};
+};
 //#endregion
 //#region src/services/navigate/createNavigationHandler/createNavigationHandler.ts
 /**
@@ -842,9 +971,13 @@ const createCore = (config) => {
 	const debouncedMutex = createDebouncedMutex();
 	const eventEmitter = createEventEmitter();
 	const initTrack = createAsyncTrack();
+	const sdkSessionId = require_InvalidParamError.randomString({ length: 32 });
+	const instrumentation = createInstrumentation({ config: config.instrumentation });
 	const runtimeServices = createRuntimeServices();
 	const passkey = config.coreConfig?.passkey ?? createWebPasskeyService();
+	const realtime = config.coreConfig?.realtime ?? require_getNetworkProviderFromNetworkId.createRealtimeService();
 	const deviceSigner = config.coreConfig?.deviceSigner;
+	const keychain = config.coreConfig?.keychain ?? require_getNetworkProviderFromNetworkId.createIndexedDBKeychainService({ dbName: `dynamic_${config.environmentId}_keychain` });
 	return {
 		apiBaseUrl,
 		crossTabBroadcast: config.coreConfig?.crossTabBroadcast ?? require_getNetworkProviderFromNetworkId.createCrossTabBroadcast({ channelName: `dynamic_${config.environmentId}_broadcast` }),
@@ -856,6 +989,8 @@ const createCore = (config) => {
 		fetch,
 		getApiHeaders: config.coreConfig?.getApiHeaders ?? (() => ({})),
 		initTrack,
+		instrumentation,
+		keychain,
 		logger,
 		metadata: {
 			...config.metadata,
@@ -864,7 +999,9 @@ const createCore = (config) => {
 		navigate,
 		openDeeplink,
 		passkey,
+		realtime,
 		runtimeServices,
+		sdkSessionId,
 		state,
 		storage,
 		transformers: config.transformers,
@@ -1287,47 +1424,6 @@ const signInWithExternalJwt = async ({ externalJwt, sessionPublicKey } = {}, cli
 	return response;
 };
-//#endregion
-//#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
-/**
-* Gets an elevated access token by scope.
-*
-* This function retrieves an elevated access token that contains the specified scope.
-* Expired tokens are automatically filtered out.
-*
-* If the token has `singleUse: true`, it will be automatically
-* consumed (removed from state) after retrieval. Otherwise, it remains in state
-* for future use.
-*
-* @param params - The parameters object.
-* @param params.scope - The scope to match (e.g., 'wallet:export').
-* @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
-* @returns The elevated access token if found and not expired, or undefined if not found or expired.
-*
-* @example
-* ```typescript
-* const token = getElevatedAccessToken({ scope: 'wallet:export' });
-* if (token) {
-*   // Use the token
-*   // Token is automatically consumed if singleUse: true
-* }
-* ```
-*/
-const getElevatedAccessToken = ({ scope }, client = require_InvalidParamError.getDefaultClient()) => {
-	const core = require_InvalidParamError.getCore(client);
-	const now = /* @__PURE__ */ new Date();
-	const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
-	const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
-	if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
-	const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
-	if (!token) return;
-	if (token.singleUse) {
-		const updatedTokens = validTokens.filter((t) => t !== token);
-		core.state.set({ elevatedAccessTokens: updatedTokens });
-	}
-	return token.token;
-};
 //#endregion
 //#region src/modules/auth/passkeys/deletePasskey/deletePasskey.ts
 /**
@@ -1339,7 +1435,10 @@ const getElevatedAccessToken = ({ scope }, client = require_InvalidParamError.ge
 */
 const deletePasskey = async ({ passkeyId }, client = require_InvalidParamError.getDefaultClient()) => {
 	const core = require_InvalidParamError.getCore(client);
-	await require_InvalidParamError.createApiClient({ includeMfaToken: true }, client).deletePasskey({
+	await require_InvalidParamError.createApiClient({
+		elevatedAccessTokenScope: _dynamic_labs_sdk_api_core.TokenScope.Credentialunlink,
+		includeMfaToken: true
+	}, client).deletePasskey({
 		deleteUserPasskeyRequest: { passkeyId },
 		environmentId: core.environmentId
 	});
@@ -1372,7 +1471,7 @@ const getPasskeyRegistrationOptions = async (client) => {
 //#region src/modules/auth/passkeys/serverRegisterPasskey/serverRegisterPasskey.ts
 const serverRegisterPasskey = async ({ registration, createMfaToken }, client) => {
 	const core = require_InvalidParamError.getCore(client);
-	return await require_InvalidParamError.createApiClient({}, client).registerPasskey({
+	return await require_InvalidParamError.createApiClient({ elevatedAccessTokenScope: _dynamic_labs_sdk_api_core.TokenScope.Credentiallink }, client).registerPasskey({
 		environmentId: core.environmentId,
 		passkeyRegisterRequest: {
 			...registration,
@@ -1494,7 +1593,7 @@ const removeDynamicOauthParamsFromUrl = (url) => {
 //#endregion
 //#region src/modules/auth/social/oauth/redirectStateStorageSchema/redirectStateStorageSchema.ts
 /** The schema to track the state of the OAuth flow. */
-const redirectStateStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
+const redirectStateStorageKeySchema = require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 	key: "redirectState",
 	schema: zod_mini.object({
 		codeVerifier: zod_mini.optional(zod_mini.string()),
@@ -1805,7 +1904,7 @@ const getMultichainBalances = async ({ balanceRequest }, client = require_Invali
 //#endregion
 //#region src/modules/checkout/utils/createCheckoutSessionTokenStorageKey/createCheckoutSessionTokenStorageKey.ts
 const createCheckoutSessionTokenStorageKey = (transactionId) => {
-	return require_InvalidParamError.createStorageKeySchema({
+	return require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 		key: `checkoutSessionToken:${transactionId}`,
 		schema: zod_mini.string()
 	});
@@ -2447,7 +2546,7 @@ const fetchWithTimeout = async (client) => {
 /**
 * The schema to store the cached wallet book data.
 */
-const walletBookCacheStorageKeySchema = require_InvalidParamError.createStorageKeySchema({
+const walletBookCacheStorageKeySchema = require_getNetworkProviderFromNetworkId.createStorageKeySchema({
 	key: "legacyWalletBookCache",
 	schema: zod_mini.object({
 		groups: zod_mini.record(zod_mini.string(), zod_mini.any()),
@@ -3041,23 +3140,27 @@ const createNewMfaRecoveryCodes = async (client = require_InvalidParamError.getD
 /**
 * Deletes a specific MFA device from the user's account.
 *
-* This function removes a multi-factor authentication device such as
-* a TOTP authenticator from the user's registered devices.
+* When an elevated access token for `credential:unlink` is available,
+* it is sent via the `x-dyn-elevated-access-token` header and the
+* MFA auth token is not required. Otherwise, `mfaAuthToken` must be
+* provided for backward compatibility with the legacy MFA flow.
 *
 * @param params.deviceId - The unique identifier of the MFA device to delete.
-* @param params.mfaAuthToken - The MFA authentication token required for device deletion.
+* @param params.mfaAuthToken - The MFA authentication token. Optional when using elevated access tokens.
 * @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
 * @returns A promise that resolves when the MFA device is successfully deleted.
 */
 const deleteMfaDevice = async ({ deviceId, mfaAuthToken }, client = require_InvalidParamError.getDefaultClient()) => {
 	const core = require_InvalidParamError.getCore(client);
-	const apiClient = require_InvalidParamError.createApiClient({}, client);
 	require_InvalidParamError.assertDefined(deviceId, "deviceId is required");
-	require_InvalidParamError.assertDefined(mfaAuthToken, "mfaAuthToken is required");
-	return apiClient.deleteMfaDevice({
+	if (!require_InvalidParamError.getElevatedAccessToken({
+		consume: false,
+		scope: _dynamic_labs_sdk_api_core.TokenScope.Credentialunlink
+	}, client)) require_InvalidParamError.assertDefined(mfaAuthToken, "mfaAuthToken is required");
+	return require_InvalidParamError.createApiClient({ elevatedAccessTokenScope: _dynamic_labs_sdk_api_core.TokenScope.Credentialunlink }, client).deleteMfaDevice({
 		environmentId: core.environmentId,
 		mfaDeviceId: deviceId,
-		xMfaAuthToken: mfaAuthToken
+		xMfaAuthToken: mfaAuthToken ?? ""
 	});
 };
@@ -3144,7 +3247,7 @@ const isUserMissingMfaAuth = (client = require_InvalidParamError.getDefaultClien
 */
 const registerTotpMfaDevice = async (client = require_InvalidParamError.getDefaultClient()) => {
 	const core = require_InvalidParamError.getCore(client);
-	return require_InvalidParamError.createApiClient({}, client).registerTotpMfaDevice({ environmentId: core.environmentId });
+	return require_InvalidParamError.createApiClient({ elevatedAccessTokenScope: _dynamic_labs_sdk_api_core.TokenScope.Credentiallink }, client).registerTotpMfaDevice({ environmentId: core.environmentId });
 };
 //#endregion
@@ -5201,7 +5304,7 @@ exports.getCoinbaseBuyUrl = getCoinbaseBuyUrl;
 exports.getConnectedAddresses = getConnectedAddresses;
 exports.getDefaultClient = require_InvalidParamError.getDefaultClient;
 exports.getDeviceRegistrationTokenFromUrl = getDeviceRegistrationTokenFromUrl;
-exports.getElevatedAccessToken = getElevatedAccessToken;
+exports.getElevatedAccessToken = require_InvalidParamError.getElevatedAccessToken;
 exports.getKrakenAccounts = getKrakenAccounts;
 exports.getKrakenWhitelistedAddresses = getKrakenWhitelistedAddresses;
 exports.getMfaDevices = getMfaDevices;