@dynamic-labs-sdk/client 1.13.0 → 1.15.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/{InvalidParamError-C7c-OLz1.cjs → InvalidParamError-BPY2yug_.cjs} +842 -852
- package/dist/InvalidParamError-BPY2yug_.cjs.map +1 -0
- package/dist/{InvalidParamError-BeCPhfVz.esm.js → InvalidParamError-CXCYtY0p.esm.js} +1236 -1246
- package/dist/InvalidParamError-CXCYtY0p.esm.js.map +1 -0
- package/dist/{InvalidParamError-CGiSxym5.native.esm.js → InvalidParamError-DSXDW6g4.native.esm.js} +1059 -1069
- package/dist/InvalidParamError-DSXDW6g4.native.esm.js.map +1 -0
- package/dist/core.cjs +6 -6
- package/dist/core.esm.js +6 -6
- package/dist/core.native.esm.js +7 -7
- package/dist/{getNetworkProviderFromNetworkId-D8cpx0xz.cjs → getNetworkProviderFromNetworkId-DCwFIoM3.cjs} +4 -4
- package/dist/{getNetworkProviderFromNetworkId-D8cpx0xz.cjs.map → getNetworkProviderFromNetworkId-DCwFIoM3.cjs.map} +1 -1
- package/dist/{getNetworkProviderFromNetworkId-CP9gl1B1.esm.js → getNetworkProviderFromNetworkId-_pvqm2fB.esm.js} +3 -3
- package/dist/{getNetworkProviderFromNetworkId-CP9gl1B1.esm.js.map → getNetworkProviderFromNetworkId-_pvqm2fB.esm.js.map} +1 -1
- package/dist/{getNetworkProviderFromNetworkId-Be_UK4_7.native.esm.js → getNetworkProviderFromNetworkId-b-H_ta9Q.native.esm.js} +5 -5
- package/dist/{getNetworkProviderFromNetworkId-Be_UK4_7.native.esm.js.map → getNetworkProviderFromNetworkId-b-H_ta9Q.native.esm.js.map} +1 -1
- package/dist/{getSignedSessionId-D9w3Wbhk.native.esm.js → getSignedSessionId-Co8y0azF.native.esm.js} +3 -3
- package/dist/{getSignedSessionId-D9w3Wbhk.native.esm.js.map → getSignedSessionId-Co8y0azF.native.esm.js.map} +1 -1
- package/dist/{getSignedSessionId-Bq7xBsA3.esm.js → getSignedSessionId-D7Q9q-oy.esm.js} +3 -3
- package/dist/{getSignedSessionId-Bq7xBsA3.esm.js.map → getSignedSessionId-D7Q9q-oy.esm.js.map} +1 -1
- package/dist/{getSignedSessionId-BeK0vWep.cjs → getSignedSessionId-NZR0A-EZ.cjs} +3 -3
- package/dist/{getSignedSessionId-BeK0vWep.cjs.map → getSignedSessionId-NZR0A-EZ.cjs.map} +1 -1
- package/dist/{getWaasWalletProviderFromWalletAccount-CfqTF_82.cjs → getWaasWalletProviderFromWalletAccount-CUgNeKaa.cjs} +3 -3
- package/dist/{getWaasWalletProviderFromWalletAccount-CfqTF_82.cjs.map → getWaasWalletProviderFromWalletAccount-CUgNeKaa.cjs.map} +1 -1
- package/dist/{getWaasWalletProviderFromWalletAccount-BzpLoZTm.native.esm.js → getWaasWalletProviderFromWalletAccount-DLq_TjmC.native.esm.js} +3 -3
- package/dist/{getWaasWalletProviderFromWalletAccount-BzpLoZTm.native.esm.js.map → getWaasWalletProviderFromWalletAccount-DLq_TjmC.native.esm.js.map} +1 -1
- package/dist/{getWaasWalletProviderFromWalletAccount-BKHO68FO.esm.js → getWaasWalletProviderFromWalletAccount-DNBPKg4j.esm.js} +3 -3
- package/dist/{getWaasWalletProviderFromWalletAccount-BKHO68FO.esm.js.map → getWaasWalletProviderFromWalletAccount-DNBPKg4j.esm.js.map} +1 -1
- package/dist/{getWalletProviderByKey-BMzoL_69.esm.js → getWalletProviderByKey-C4KTyeYY.esm.js} +2 -2
- package/dist/{getWalletProviderByKey-BMzoL_69.esm.js.map → getWalletProviderByKey-C4KTyeYY.esm.js.map} +1 -1
- package/dist/{getWalletProviderByKey-DCKYAida.cjs → getWalletProviderByKey-DZrpcmPE.cjs} +3 -3
- package/dist/{getWalletProviderByKey-DCKYAida.cjs.map → getWalletProviderByKey-DZrpcmPE.cjs.map} +1 -1
- package/dist/{getWalletProviderByKey-DDDxBsdv.native.esm.js → getWalletProviderByKey-Dk_K8Lg8.native.esm.js} +2 -2
- package/dist/{getWalletProviderByKey-DDDxBsdv.native.esm.js.map → getWalletProviderByKey-Dk_K8Lg8.native.esm.js.map} +1 -1
- package/dist/index.cjs +53 -14
- package/dist/index.cjs.map +1 -1
- package/dist/index.esm.js +53 -14
- package/dist/index.esm.js.map +1 -1
- package/dist/index.native.esm.js +53 -14
- package/dist/index.native.esm.js.map +1 -1
- package/dist/{isDynamicWaasEnabled-BMQq5uNX.esm.js → isDynamicWaasEnabled-C9aVoXek.esm.js} +2 -2
- package/dist/{isDynamicWaasEnabled-BMQq5uNX.esm.js.map → isDynamicWaasEnabled-C9aVoXek.esm.js.map} +1 -1
- package/dist/{isDynamicWaasEnabled-ChdeBFbN.native.esm.js → isDynamicWaasEnabled-DNtxO0Bc.native.esm.js} +2 -2
- package/dist/{isDynamicWaasEnabled-ChdeBFbN.native.esm.js.map → isDynamicWaasEnabled-DNtxO0Bc.native.esm.js.map} +1 -1
- package/dist/{isDynamicWaasEnabled-BtbzDbdz.cjs → isDynamicWaasEnabled-DQ1mtWZv.cjs} +3 -3
- package/dist/{isDynamicWaasEnabled-BtbzDbdz.cjs.map → isDynamicWaasEnabled-DQ1mtWZv.cjs.map} +1 -1
- package/dist/{isMfaRequiredForAction-dAtK8Pl6.native.esm.js → isMfaRequiredForAction-BXnpnD2X.native.esm.js} +2 -2
- package/dist/{isMfaRequiredForAction-dAtK8Pl6.native.esm.js.map → isMfaRequiredForAction-BXnpnD2X.native.esm.js.map} +1 -1
- package/dist/{isMfaRequiredForAction-Diwsf9GB.esm.js → isMfaRequiredForAction-BhLg6M8J.esm.js} +2 -2
- package/dist/{isMfaRequiredForAction-Diwsf9GB.esm.js.map → isMfaRequiredForAction-BhLg6M8J.esm.js.map} +1 -1
- package/dist/{isMfaRequiredForAction-CgWBU6kM.cjs → isMfaRequiredForAction-DsOwHl4C.cjs} +2 -2
- package/dist/{isMfaRequiredForAction-CgWBU6kM.cjs.map → isMfaRequiredForAction-DsOwHl4C.cjs.map} +1 -1
- package/dist/{isUserOnboardingComplete-DO2_gSAp.native.esm.js → isUserOnboardingComplete-BRfyMejK.native.esm.js} +3 -3
- package/dist/{isUserOnboardingComplete-DO2_gSAp.native.esm.js.map → isUserOnboardingComplete-BRfyMejK.native.esm.js.map} +1 -1
- package/dist/{isUserOnboardingComplete-OP4uyUlE.cjs → isUserOnboardingComplete-DrgtJIFi.cjs} +4 -4
- package/dist/{isUserOnboardingComplete-OP4uyUlE.cjs.map → isUserOnboardingComplete-DrgtJIFi.cjs.map} +1 -1
- package/dist/{isUserOnboardingComplete-D4Y3sdr3.esm.js → isUserOnboardingComplete-KFfpvN4R.esm.js} +3 -3
- package/dist/{isUserOnboardingComplete-D4Y3sdr3.esm.js.map → isUserOnboardingComplete-KFfpvN4R.esm.js.map} +1 -1
- package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts +1 -2
- package/dist/modules/auth/getElevatedAccessToken/getElevatedAccessToken.d.ts.map +1 -1
- package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts +12 -1
- package/dist/modules/flow/attachFlowSource/attachFlowSource.d.ts.map +1 -1
- package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts +4 -0
- package/dist/modules/funding/moonpay/getMoonPayUrl/getMoonPayUrl.d.ts.map +1 -1
- package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts +4 -1
- package/dist/modules/mfa/registerTotpMfaDevice/registerTotpMfaDevice.d.ts.map +1 -1
- package/dist/modules/wallets/verifyWalletAccountForSignInOrTransfer/verifyWalletAccountForSignInOrTransfer.d.ts.map +1 -1
- package/dist/modules/wallets/walletProvider/walletProvider.types.d.ts +8 -0
- package/dist/modules/wallets/walletProvider/walletProvider.types.d.ts.map +1 -1
- package/dist/{refreshAuth-BTPctQtq.esm.js → refreshAuth-BnkCuIdw.esm.js} +3 -3
- package/dist/{refreshAuth-BTPctQtq.esm.js.map → refreshAuth-BnkCuIdw.esm.js.map} +1 -1
- package/dist/{refreshAuth-C3issn5b.native.esm.js → refreshAuth-CfUYFXh_.native.esm.js} +3 -3
- package/dist/{refreshAuth-C3issn5b.native.esm.js.map → refreshAuth-CfUYFXh_.native.esm.js.map} +1 -1
- package/dist/{refreshAuth-ByIVzawo.cjs → refreshAuth-DvHy0g8j.cjs} +3 -3
- package/dist/{refreshAuth-ByIVzawo.cjs.map → refreshAuth-DvHy0g8j.cjs.map} +1 -1
- package/dist/services/instrumentation/constants.d.ts.map +1 -1
- package/dist/tsconfig.lib.tsbuildinfo +1 -1
- package/dist/utils/retryOnFetchError/index.d.ts +2 -0
- package/dist/utils/retryOnFetchError/index.d.ts.map +1 -0
- package/dist/utils/retryOnFetchError/retryOnFetchError.d.ts +36 -0
- package/dist/utils/retryOnFetchError/retryOnFetchError.d.ts.map +1 -0
- package/dist/waas.cjs +6 -6
- package/dist/waas.esm.js +5 -5
- package/dist/waas.native.esm.js +5 -5
- package/dist/waasCore.cjs +10 -10
- package/dist/waasCore.cjs.map +1 -1
- package/dist/waasCore.esm.js +10 -10
- package/dist/waasCore.esm.js.map +1 -1
- package/dist/waasCore.native.esm.js +11 -11
- package/dist/waasCore.native.esm.js.map +1 -1
- package/package.json +2 -2
- package/dist/InvalidParamError-BeCPhfVz.esm.js.map +0 -1
- package/dist/InvalidParamError-C7c-OLz1.cjs.map +0 -1
- package/dist/InvalidParamError-CGiSxym5.native.esm.js.map +0 -1
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-
|
|
1
|
+
const require_isMfaRequiredForAction = require('./isMfaRequiredForAction-DsOwHl4C.cjs');
|
|
2
2
|
let _dynamic_labs_sdk_api_core = require("@dynamic-labs/sdk-api-core");
|
|
3
3
|
|
|
4
4
|
//#region package.json
|
|
5
5
|
var name = "@dynamic-labs-sdk/client";
|
|
6
|
-
var version = "1.
|
|
6
|
+
var version = "1.15.0";
|
|
7
7
|
var dependencies = {
|
|
8
8
|
"@dynamic-labs-sdk/assert-package-version": "workspace:*",
|
|
9
9
|
"@dynamic-labs-wallet/browser-wallet-client": "1.0.39",
|
|
@@ -152,757 +152,304 @@ const randomString = ({ chars = DEFAULT_CHARS, length }) => {
|
|
|
152
152
|
};
|
|
153
153
|
|
|
154
154
|
//#endregion
|
|
155
|
-
//#region src/modules/auth/
|
|
155
|
+
//#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
|
|
156
156
|
/**
|
|
157
|
-
*
|
|
157
|
+
* Gets an elevated access token by scope.
|
|
158
158
|
*
|
|
159
|
-
*
|
|
160
|
-
*
|
|
161
|
-
* authenticated session, without ever forwarding the full token.
|
|
159
|
+
* This function retrieves an elevated access token that contains the specified scope.
|
|
160
|
+
* Expired tokens are automatically filtered out.
|
|
162
161
|
*
|
|
163
|
-
*
|
|
164
|
-
*
|
|
162
|
+
* By default, if the token has `singleUse: true`, it will be automatically
|
|
163
|
+
* consumed (removed from state) after retrieval. Pass `consume: false` to
|
|
164
|
+
* check for token existence without consuming it.
|
|
165
|
+
*
|
|
166
|
+
* @param params - The parameters object.
|
|
167
|
+
* @param params.scope - The scope to match (e.g., 'wallet:export').
|
|
168
|
+
* @param params.consume - Whether to consume single-use tokens (default: true).
|
|
169
|
+
* @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
|
|
170
|
+
* @returns The elevated access token if found and not expired, or undefined if not found or expired.
|
|
171
|
+
*
|
|
172
|
+
* @example
|
|
173
|
+
* ```typescript
|
|
174
|
+
* // Retrieve and consume (default)
|
|
175
|
+
* const token = getElevatedAccessToken({ scope: 'wallet:export' });
|
|
176
|
+
*
|
|
177
|
+
* // Check existence without consuming
|
|
178
|
+
* const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });
|
|
179
|
+
* ```
|
|
165
180
|
* @notInstrumented
|
|
166
181
|
*/
|
|
167
|
-
const
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
182
|
+
const getElevatedAccessToken = ({ consume = true, scope }, client = getDefaultClient()) => {
|
|
183
|
+
const core = getCore(client);
|
|
184
|
+
const now = /* @__PURE__ */ new Date();
|
|
185
|
+
const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
|
|
186
|
+
const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
|
|
187
|
+
if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
|
|
188
|
+
const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
|
|
189
|
+
if (!token) return;
|
|
190
|
+
if (consume && token.singleUse) {
|
|
191
|
+
const updatedTokens = validTokens.filter((t) => t !== token);
|
|
192
|
+
core.state.set({ elevatedAccessTokens: updatedTokens });
|
|
173
193
|
}
|
|
194
|
+
return token.token;
|
|
174
195
|
};
|
|
175
196
|
|
|
176
197
|
//#endregion
|
|
177
|
-
//#region src/
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
*/
|
|
188
|
-
const getOperatingSystem = () => {
|
|
189
|
-
try {
|
|
190
|
-
const ua = navigator.userAgent;
|
|
191
|
-
if (/iPhone|iPad|iPod/.test(ua)) return "ios";
|
|
192
|
-
if (/Android/.test(ua)) return "android";
|
|
193
|
-
if (/Windows/.test(ua)) return "windows";
|
|
194
|
-
if (/Macintosh|Mac OS X/.test(ua)) return "macos";
|
|
195
|
-
if (/Linux/.test(ua)) return "linux";
|
|
196
|
-
return "unknown";
|
|
197
|
-
} catch {
|
|
198
|
-
return "unknown";
|
|
198
|
+
//#region src/errors/ValueMustBeDefinedError.ts
|
|
199
|
+
var ValueMustBeDefinedError = class extends BaseError {
|
|
200
|
+
constructor(message) {
|
|
201
|
+
super({
|
|
202
|
+
cause: null,
|
|
203
|
+
code: "value_must_be_defined_error",
|
|
204
|
+
docsUrl: null,
|
|
205
|
+
name: "ValueMustBeDefined",
|
|
206
|
+
shortMessage: message
|
|
207
|
+
});
|
|
199
208
|
}
|
|
200
209
|
};
|
|
201
210
|
|
|
202
211
|
//#endregion
|
|
203
|
-
//#region src/utils/
|
|
212
|
+
//#region src/utils/assertDefined/assertDefined.ts
|
|
204
213
|
/**
|
|
205
|
-
*
|
|
214
|
+
* Asserts that a value is not null or undefined, throwing an error if it is.
|
|
215
|
+
* This function acts as a type guard, narrowing the type to exclude null and undefined.
|
|
206
216
|
*
|
|
207
|
-
*
|
|
208
|
-
*
|
|
209
|
-
*
|
|
210
|
-
* @
|
|
217
|
+
* @template T - The type of the value being checked
|
|
218
|
+
* @param value - The value to check for null or undefined
|
|
219
|
+
* @param message - The error message to throw if the value is null or undefined
|
|
220
|
+
* @throws Throws an error with the provided message if value is null or undefined
|
|
221
|
+
* @example
|
|
222
|
+
* ```typescript
|
|
223
|
+
* const maybeString: string | null = getValue();
|
|
224
|
+
* assertDefined(maybeString, 'String value is required');
|
|
225
|
+
* // maybeString is now typed as string (null is excluded)
|
|
226
|
+
* ```
|
|
211
227
|
*/
|
|
212
|
-
|
|
228
|
+
function assertDefined(value, message) {
|
|
229
|
+
if (value === null || value === void 0) throw new ValueMustBeDefinedError(message);
|
|
230
|
+
}
|
|
213
231
|
|
|
214
232
|
//#endregion
|
|
215
|
-
//#region src/
|
|
233
|
+
//#region src/modules/projectSettings/isCookieEnabled/isCookieEnabled.ts
|
|
216
234
|
/**
|
|
217
|
-
* Returns the
|
|
218
|
-
* instrumentation events.
|
|
219
|
-
*
|
|
220
|
-
* Falls back to an empty string in environments where `navigator` is not
|
|
221
|
-
* available (e.g., Node.js SSR, service workers) so that callers never need
|
|
222
|
-
* to guard against undefined.
|
|
235
|
+
* Returns true if the client is using Dynamic cookies or a BYO JWT cookie.
|
|
223
236
|
* @notInstrumented
|
|
224
237
|
*/
|
|
225
|
-
const
|
|
226
|
-
|
|
227
|
-
|
|
228
|
-
|
|
229
|
-
|
|
230
|
-
|
|
238
|
+
const isCookieEnabled = (client) => {
|
|
239
|
+
assertDefined(client.projectSettings, "Project settings are not defined");
|
|
240
|
+
const securitySettings = client.projectSettings.security;
|
|
241
|
+
if (!securitySettings) return false;
|
|
242
|
+
const dynamicCookiesEnabled = (securitySettings.auth?.storage || []).includes(_dynamic_labs_sdk_api_core.AuthStorageEnum.Cookie);
|
|
243
|
+
const byoJwtCookieEnabled = Boolean(securitySettings.externalAuth?.cookieName);
|
|
244
|
+
return dynamicCookiesEnabled || byoJwtCookieEnabled;
|
|
231
245
|
};
|
|
232
246
|
|
|
233
247
|
//#endregion
|
|
234
|
-
//#region src/
|
|
235
|
-
/**
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
* 1. Explicit keys listed here — matched exactly (case-insensitive). Use this
|
|
242
|
-
* for keys that don't end in a generic credential suffix (e.g. `mnemonic`,
|
|
243
|
-
* `seed`, `verificationCode`, `keyShare`).
|
|
244
|
-
* 2. Suffix matching in {@link scrubParameters} for the credential suffixes
|
|
245
|
-
* enumerated by {@link PII_KEY_SUFFIXES} — catches any field whose name
|
|
246
|
-
* ends in `token` or `jwt` (e.g. `mfaToken`, `minifiedJwt`, `accessToken`,
|
|
247
|
-
* `idToken`, `captchaToken`, …) without needing to enumerate them here.
|
|
248
|
-
*/
|
|
249
|
-
const DEFAULT_PII_FIELDS = [
|
|
250
|
-
"password",
|
|
251
|
-
"token",
|
|
252
|
-
"secret",
|
|
253
|
-
"privateKey",
|
|
254
|
-
"privateJwk",
|
|
255
|
-
"mnemonic",
|
|
256
|
-
"seed",
|
|
257
|
-
"keyShare",
|
|
258
|
-
"keyShares",
|
|
259
|
-
"email",
|
|
260
|
-
"phone",
|
|
261
|
-
"ssn",
|
|
262
|
-
"address",
|
|
263
|
-
"authorization",
|
|
264
|
-
"verificationCode",
|
|
265
|
-
"recoveryCodes",
|
|
266
|
-
"codeVerifier",
|
|
267
|
-
"pkce",
|
|
268
|
-
"bearer",
|
|
269
|
-
"apiKey"
|
|
270
|
-
];
|
|
271
|
-
/**
|
|
272
|
-
* Lowercased suffixes used by {@link scrubParameters} to match credential-like
|
|
273
|
-
* keys without enumerating every variant (e.g. `mfaToken`, `accessToken`,
|
|
274
|
-
* `refreshToken`, `legacyToken`, `minifiedJwt`). Only suffixes that are
|
|
275
|
-
* unambiguously credentials belong here — `key` (matches `publicKey`) and
|
|
276
|
-
* `code` (matches `countryCode`) are too broad and must not be added.
|
|
277
|
-
*/
|
|
278
|
-
const PII_KEY_SUFFIXES = ["token", "jwt"];
|
|
279
|
-
const REDACTED_VALUE = "[REDACTED]";
|
|
280
|
-
const MAX_STRING_LENGTH = 500;
|
|
281
|
-
const TRUNCATED_SUFFIX = "...[truncated]";
|
|
282
|
-
/**
|
|
283
|
-
* Label prefix for binary data placeholders. The full placeholder includes the
|
|
284
|
-
* byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size
|
|
285
|
-
* without the actual bytes appearing in logs.
|
|
286
|
-
*/
|
|
287
|
-
const BINARY_LABEL = "Binary";
|
|
288
|
-
/**
|
|
289
|
-
* Placeholder emitted when a circular reference is detected in the value tree.
|
|
290
|
-
* Using a named constant makes it easy to search for or filter in downstream
|
|
291
|
-
* log tooling.
|
|
292
|
-
*/
|
|
293
|
-
const CIRCULAR_VALUE = "[Circular]";
|
|
248
|
+
//#region src/modules/sessionKeys/getSessionKeys/getSessionKeys.ts
|
|
249
|
+
/** @notInstrumented */
|
|
250
|
+
const getSessionKeys = (client) => {
|
|
251
|
+
const publicKey = getCore(client).state.get().sessionKeys;
|
|
252
|
+
if (!publicKey) return;
|
|
253
|
+
return { publicKey };
|
|
254
|
+
};
|
|
294
255
|
|
|
295
256
|
//#endregion
|
|
296
|
-
//#region src/
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
257
|
+
//#region src/errors/APIError/APIError.ts
|
|
258
|
+
var APIError = class APIError extends BaseError {
|
|
259
|
+
status;
|
|
260
|
+
constructor(message, code, status) {
|
|
261
|
+
super({
|
|
262
|
+
cause: null,
|
|
263
|
+
code,
|
|
264
|
+
docsUrl: null,
|
|
265
|
+
name: "APIError",
|
|
266
|
+
shortMessage: message
|
|
267
|
+
});
|
|
268
|
+
this.status = status;
|
|
269
|
+
}
|
|
270
|
+
static async fromResponse(response) {
|
|
271
|
+
try {
|
|
272
|
+
const errorBody = await response.clone().json();
|
|
273
|
+
if (errorBody && "error" in errorBody && typeof errorBody.error === "string") {
|
|
274
|
+
const errorCode = "code" in errorBody && typeof errorBody.code === "string" ? errorBody.code : "unknown_error";
|
|
275
|
+
return new APIError(errorBody.error, errorCode, response.status);
|
|
276
|
+
}
|
|
277
|
+
return null;
|
|
278
|
+
} catch {
|
|
279
|
+
return null;
|
|
280
|
+
}
|
|
281
|
+
}
|
|
308
282
|
};
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
313
|
-
})
|
|
314
|
-
|
|
315
|
-
|
|
316
|
-
|
|
283
|
+
|
|
284
|
+
//#endregion
|
|
285
|
+
//#region src/errors/InvalidExternalAuthError.ts
|
|
286
|
+
var InvalidExternalAuthError = class extends BaseError {
|
|
287
|
+
constructor({ cause }) {
|
|
288
|
+
super({
|
|
289
|
+
cause,
|
|
290
|
+
code: "invalid_external_auth_error",
|
|
291
|
+
docsUrl: "https://www.dynamic.xyz/docs/external-auth/third-party-auth-overview",
|
|
292
|
+
name: "InvalidExternalAuthError",
|
|
293
|
+
shortMessage: "Error authenticating with external JWT"
|
|
294
|
+
});
|
|
295
|
+
}
|
|
317
296
|
};
|
|
318
|
-
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
context.visited.add(value);
|
|
332
|
-
const result = Object.create(null);
|
|
333
|
-
for (const key of Object.keys(value)) result[key] = scrubValue({
|
|
334
|
-
context,
|
|
335
|
-
key,
|
|
336
|
-
value: value[key]
|
|
337
|
-
});
|
|
338
|
-
context.visited.delete(value);
|
|
339
|
-
return result;
|
|
297
|
+
|
|
298
|
+
//#endregion
|
|
299
|
+
//#region src/errors/LinkCredentialError.ts
|
|
300
|
+
var LinkCredentialError = class extends BaseError {
|
|
301
|
+
constructor({ cause }) {
|
|
302
|
+
super({
|
|
303
|
+
cause,
|
|
304
|
+
code: "link_credential_error",
|
|
305
|
+
docsUrl: null,
|
|
306
|
+
name: "LinkCredentialError",
|
|
307
|
+
shortMessage: "The credential you are trying to link is associated with another account and cannot be reassigned."
|
|
308
|
+
});
|
|
309
|
+
}
|
|
340
310
|
};
|
|
341
|
-
|
|
342
|
-
|
|
343
|
-
|
|
344
|
-
|
|
345
|
-
|
|
346
|
-
|
|
347
|
-
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
value
|
|
353
|
-
});
|
|
354
|
-
if (Array.isArray(value)) return scrubArray({
|
|
355
|
-
context,
|
|
356
|
-
value
|
|
357
|
-
});
|
|
358
|
-
if (value instanceof Set) {
|
|
359
|
-
if (context.visited.has(value)) return [CIRCULAR_VALUE];
|
|
360
|
-
context.visited.add(value);
|
|
361
|
-
const setResult = scrubArray({
|
|
362
|
-
context,
|
|
363
|
-
value: [...value]
|
|
311
|
+
|
|
312
|
+
//#endregion
|
|
313
|
+
//#region src/errors/MfaInvalidOtpError.ts
|
|
314
|
+
var MfaInvalidOtpError = class extends BaseError {
|
|
315
|
+
constructor({ cause }) {
|
|
316
|
+
super({
|
|
317
|
+
cause,
|
|
318
|
+
code: "mfa_invalid_otp_error",
|
|
319
|
+
docsUrl: null,
|
|
320
|
+
name: "MfaInvalidOtpError",
|
|
321
|
+
shortMessage: "Invalid OTP"
|
|
364
322
|
});
|
|
365
|
-
context.visited.delete(value);
|
|
366
|
-
return setResult;
|
|
367
323
|
}
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
|
|
371
|
-
|
|
372
|
-
|
|
373
|
-
|
|
374
|
-
|
|
375
|
-
|
|
324
|
+
};
|
|
325
|
+
|
|
326
|
+
//#endregion
|
|
327
|
+
//#region src/errors/MfaRateLimitedError.ts
|
|
328
|
+
var MfaRateLimitedError = class extends BaseError {
|
|
329
|
+
constructor({ cause }) {
|
|
330
|
+
super({
|
|
331
|
+
cause,
|
|
332
|
+
code: "mfa_rate_limited_error",
|
|
333
|
+
docsUrl: null,
|
|
334
|
+
name: "MfaRateLimitedError",
|
|
335
|
+
shortMessage: "Rate limited"
|
|
376
336
|
});
|
|
377
|
-
context.visited.delete(value);
|
|
378
|
-
return mapResult;
|
|
379
337
|
}
|
|
380
|
-
if (value instanceof WeakMap) return "[WeakMap]";
|
|
381
|
-
if (value instanceof WeakSet) return "[WeakSet]";
|
|
382
|
-
if (value instanceof Date) return value.toISOString();
|
|
383
|
-
if (value instanceof Error) return `[Error: ${value.message}]`;
|
|
384
|
-
if (typeof value === "object") return scrubObject({
|
|
385
|
-
context,
|
|
386
|
-
value
|
|
387
|
-
});
|
|
388
|
-
return value;
|
|
389
338
|
};
|
|
390
|
-
|
|
391
|
-
|
|
392
|
-
|
|
393
|
-
|
|
394
|
-
|
|
395
|
-
|
|
396
|
-
|
|
397
|
-
|
|
398
|
-
|
|
399
|
-
|
|
339
|
+
|
|
340
|
+
//#endregion
|
|
341
|
+
//#region src/errors/SandboxMaximumThresholdReachedError.ts
|
|
342
|
+
var SandboxMaximumThresholdReachedError = class extends BaseError {
|
|
343
|
+
constructor({ cause }) {
|
|
344
|
+
super({
|
|
345
|
+
cause,
|
|
346
|
+
code: "sandbox_maximum_threshold_reached_error",
|
|
347
|
+
docsUrl: "https://www.dynamic.xyz/docs/developer-dashboard/sandbox-vs-live#sandbox-vs-live",
|
|
348
|
+
name: "SandboxMaximumThresholdReachedError",
|
|
349
|
+
shortMessage: "Your sandbox environment has reached the maximum MAU. Please use a live environment for production traffic."
|
|
350
|
+
});
|
|
351
|
+
}
|
|
400
352
|
};
|
|
401
353
|
|
|
402
354
|
//#endregion
|
|
403
|
-
//#region src/
|
|
355
|
+
//#region src/modules/apiClient/utils/clientErrorMapper/clientErrorMapper.ts
|
|
404
356
|
/**
|
|
405
|
-
*
|
|
406
|
-
* into a flat `Record<string, unknown>` suitable for structured logging.
|
|
407
|
-
*
|
|
408
|
-
* ## Why this is needed
|
|
357
|
+
* Default error mapper for the client that handles common API error codes.
|
|
409
358
|
*
|
|
410
|
-
*
|
|
411
|
-
*
|
|
412
|
-
*
|
|
359
|
+
* This mapper transforms specific API error codes into more specific error types:
|
|
360
|
+
* - `mfa_invalid_code` → `MfaInvalidOtpError`
|
|
361
|
+
* - `mfa_rate_limited` → `MfaRateLimitedError`
|
|
413
362
|
*
|
|
414
|
-
* -
|
|
415
|
-
*
|
|
416
|
-
* SDK functions follow the single-object-parameter convention, so the object
|
|
417
|
-
* already carries named keys (`{ amount, to }`, etc.).
|
|
418
|
-
* - **Everything else** (multiple args, a single primitive, a single array) →
|
|
419
|
-
* each value is indexed as `arg0`, `arg1`, …
|
|
363
|
+
* @param error - The error to be mapped
|
|
364
|
+
* @returns A transformed error if the error code matches a known pattern, or null if no transformation is needed
|
|
420
365
|
*
|
|
421
|
-
*
|
|
366
|
+
* @example
|
|
367
|
+
* ```typescript
|
|
368
|
+
* // This will be automatically applied to all API errors
|
|
369
|
+
* const apiClient = createApiClient({}, client);
|
|
422
370
|
*
|
|
423
|
-
*
|
|
424
|
-
*
|
|
425
|
-
*
|
|
426
|
-
* misleading and inconsistent with how multi-arg calls are handled. Instead,
|
|
427
|
-
* arrays fall through to the indexed `arg0` path.
|
|
371
|
+
* // The clientErrorMapper will automatically convert mfa_invalid_code errors
|
|
372
|
+
* // to MfaInvalidOtpError instances
|
|
373
|
+
* ```
|
|
428
374
|
* @notInstrumented
|
|
429
375
|
*/
|
|
430
|
-
const
|
|
431
|
-
if (
|
|
432
|
-
|
|
433
|
-
|
|
434
|
-
|
|
435
|
-
|
|
376
|
+
const clientErrorMapper = (error) => {
|
|
377
|
+
if (error instanceof APIError) {
|
|
378
|
+
if (error.code === "mfa_invalid_code") return new MfaInvalidOtpError({ cause: error });
|
|
379
|
+
if (error.code === "mfa_rate_limited") return new MfaRateLimitedError({ cause: error });
|
|
380
|
+
if (error.code === "invalid_external_auth") return new InvalidExternalAuthError({ cause: error });
|
|
381
|
+
if (error.code === "sandbox_maximum_threshold_reached") return new SandboxMaximumThresholdReachedError({ cause: error });
|
|
382
|
+
if (error.code === "merge_accounts_invalid" || error.code === "reassign_wallet_error") return new LinkCredentialError({ cause: error });
|
|
383
|
+
}
|
|
384
|
+
return null;
|
|
436
385
|
};
|
|
437
386
|
|
|
438
387
|
//#endregion
|
|
439
|
-
//#region src/
|
|
388
|
+
//#region src/modules/apiClient/utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware.ts
|
|
440
389
|
/**
|
|
441
|
-
*
|
|
442
|
-
*
|
|
443
|
-
*
|
|
444
|
-
*
|
|
390
|
+
* Creates middleware that converts HTTP error responses to APIError instances
|
|
391
|
+
* and optionally applies custom error mappers to transform them into specific error types.
|
|
392
|
+
*
|
|
393
|
+
* @param options.errorMappers - Array of error mappers to apply to API errors
|
|
394
|
+
* @returns A middleware function that handles error conversion and mapping
|
|
445
395
|
* @notInstrumented
|
|
446
396
|
*/
|
|
447
|
-
const
|
|
448
|
-
|
|
449
|
-
|
|
450
|
-
|
|
451
|
-
|
|
397
|
+
const createConvertToApiErrorMiddleware = ({ errorMappers = [] }) => ({ post: async (context) => {
|
|
398
|
+
if (context.response.status >= 400) {
|
|
399
|
+
const apiError = await APIError.fromResponse(context.response);
|
|
400
|
+
if (apiError) {
|
|
401
|
+
let errorToThrow = apiError;
|
|
402
|
+
for (const mapper of errorMappers) {
|
|
403
|
+
const newError = mapper(apiError);
|
|
404
|
+
if (newError) {
|
|
405
|
+
errorToThrow = newError;
|
|
406
|
+
break;
|
|
407
|
+
}
|
|
408
|
+
}
|
|
409
|
+
throw errorToThrow;
|
|
410
|
+
}
|
|
411
|
+
}
|
|
412
|
+
return context.response;
|
|
413
|
+
} });
|
|
452
414
|
|
|
453
415
|
//#endregion
|
|
454
|
-
//#region src/
|
|
455
|
-
|
|
456
|
-
|
|
457
|
-
|
|
458
|
-
|
|
459
|
-
|
|
460
|
-
|
|
416
|
+
//#region src/utils/getNonce/getNonce.ts
|
|
417
|
+
/**
|
|
418
|
+
* Returns a nonce for wallet ownership verification.
|
|
419
|
+
*
|
|
420
|
+
* Pops the first nonce from the prefetched pool. When the pool is running low
|
|
421
|
+
* (≤1 remaining after pop) a background refetch is triggered. If the pool is
|
|
422
|
+
* empty, nonces are fetched on-demand before returning.
|
|
423
|
+
* @notInstrumented
|
|
424
|
+
*/
|
|
425
|
+
const getNonce = async (client) => {
|
|
426
|
+
const core = getCore(client);
|
|
427
|
+
const pool = core.state.get().prefetchedNonces;
|
|
428
|
+
if (pool.length > 0) {
|
|
429
|
+
const [nonce, ...remaining] = pool;
|
|
430
|
+
core.state.set({ prefetchedNonces: remaining });
|
|
431
|
+
if (remaining.length <= 1) fetchAndStoreNonces(client);
|
|
432
|
+
return nonce;
|
|
433
|
+
}
|
|
434
|
+
await fetchAndStoreNonces(client);
|
|
435
|
+
return getNonce(client);
|
|
436
|
+
};
|
|
437
|
+
|
|
438
|
+
//#endregion
|
|
439
|
+
//#region src/modules/deviceRegistration/getDeviceSigner/getDeviceSigner.ts
|
|
440
|
+
/** @notInstrumented */
|
|
441
|
+
const getDeviceSigner = async (client) => {
|
|
442
|
+
const { deviceSigner, keychain } = getCore(client);
|
|
443
|
+
/**
|
|
444
|
+
* If the device signer is available, it should handle the device signing.
|
|
445
|
+
* This is used for mobile devices with secure enclave.
|
|
446
|
+
*/
|
|
447
|
+
if (deviceSigner) return deviceSigner;
|
|
448
|
+
const keyName = "device";
|
|
449
|
+
if (!await keychain.getPublicKey(keyName)) await keychain.generateKey(keyName);
|
|
461
450
|
return {
|
|
462
|
-
|
|
463
|
-
|
|
464
|
-
};
|
|
465
|
-
};
|
|
466
|
-
/**
|
|
467
|
-
* Wraps a function so that each invocation emits a structured
|
|
468
|
-
* `FunctionInstrumentationEvent` at three lifecycle points:
|
|
469
|
-
*
|
|
470
|
-
* - **started** — immediately before the function body executes, with the
|
|
471
|
-
* PII-scrubbed call parameters.
|
|
472
|
-
* - **resolved** — after the function (or its returned Promise) settles
|
|
473
|
-
* successfully, with the PII-scrubbed return value.
|
|
474
|
-
* - **rejected** — if the function throws synchronously or its returned
|
|
475
|
-
* Promise rejects.
|
|
476
|
-
*
|
|
477
|
-
* The original return value (or thrown error) is always forwarded to the
|
|
478
|
-
* caller unchanged — instrumentation is purely observational.
|
|
479
|
-
*
|
|
480
|
-
* ## Usage
|
|
481
|
-
*
|
|
482
|
-
* ```ts
|
|
483
|
-
* const transfer = instrumentFunction({
|
|
484
|
-
* fn: rawTransfer,
|
|
485
|
-
* functionName: 'transfer',
|
|
486
|
-
* getCore: () => core,
|
|
487
|
-
* });
|
|
488
|
-
*
|
|
489
|
-
* // When called, three events are emitted automatically:
|
|
490
|
-
* await transfer({ amount: 1, to: '0xabc' });
|
|
491
|
-
* ```
|
|
492
|
-
*
|
|
493
|
-
* ## How functions are wrapped
|
|
494
|
-
*
|
|
495
|
-
* `instrumentFunction` is not called manually in application code. Instead,
|
|
496
|
-
* the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
|
|
497
|
-
* it at build time: any exported function annotated with `@instrumented` in its
|
|
498
|
-
* JSDoc is automatically wrapped by the plugin during the build step.
|
|
499
|
-
* The plugin strips the original `export`, renames the function, and re-exports
|
|
500
|
-
* it under the original name via `instrumentFunction(...)` — so the public API
|
|
501
|
-
* is unchanged and no call sites need to be updated.
|
|
502
|
-
*
|
|
503
|
-
* ## Opting out
|
|
504
|
-
*
|
|
505
|
-
* Instrumentation is skipped entirely when:
|
|
506
|
-
* - `getCore()` returns `undefined` (SDK not initialised), or
|
|
507
|
-
* - `core.instrumentation.config.enabled` is `false`.
|
|
508
|
-
*
|
|
509
|
-
* In both cases the original function is called directly with no overhead.
|
|
510
|
-
*
|
|
511
|
-
* ## PII scrubbing
|
|
512
|
-
*
|
|
513
|
-
* All string values whose key appears in `piiFields` are replaced with
|
|
514
|
-
* `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
|
|
515
|
-
* every field, regardless of key name.
|
|
516
|
-
* @notInstrumented
|
|
517
|
-
*/
|
|
518
|
-
const instrumentFunction = ({ fn, functionName, getCore: getCore$1, redactAll }) => {
|
|
519
|
-
const wrapped = (...args) => {
|
|
520
|
-
const core = getCore$1();
|
|
521
|
-
if (!core) return fn(...args);
|
|
522
|
-
if (!core.instrumentation.config.enabled) return fn(...args);
|
|
523
|
-
const instrumentation = core.instrumentation;
|
|
524
|
-
const state = core.state.get();
|
|
525
|
-
const baseEvent = {
|
|
526
|
-
environmentId: core.environmentId,
|
|
527
|
-
functionName,
|
|
528
|
-
operatingSystem: getOperatingSystem(),
|
|
529
|
-
parameters: scrubParameters({
|
|
530
|
-
piiFields: instrumentation.config.piiFields,
|
|
531
|
-
redactAll,
|
|
532
|
-
value: extractParams(args)
|
|
533
|
-
}),
|
|
534
|
-
platform: getPlatform(),
|
|
535
|
-
registeredExtensionKeys: Array.from(core.extensions),
|
|
536
|
-
sdkSessionId: core.sdkSessionId,
|
|
537
|
-
sdkVersion: core.version,
|
|
538
|
-
status: "info",
|
|
539
|
-
tokenSessionId: state.token ? extractSessionId(state.token) : null,
|
|
540
|
-
userAgent: getUserAgent(),
|
|
541
|
-
userId: state.user?.id ?? null
|
|
542
|
-
};
|
|
543
|
-
instrumentation.logFunction({
|
|
544
|
-
...baseEvent,
|
|
545
|
-
phase: "started",
|
|
546
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
547
|
-
});
|
|
548
|
-
try {
|
|
549
|
-
const result = fn(...args);
|
|
550
|
-
if (result instanceof Promise) return result.then((value) => {
|
|
551
|
-
instrumentation.logFunction({
|
|
552
|
-
...baseEvent,
|
|
553
|
-
phase: "resolved",
|
|
554
|
-
resolvedValue: scrubResolvedValue({
|
|
555
|
-
piiFields: instrumentation.config.piiFields,
|
|
556
|
-
redactAll,
|
|
557
|
-
value
|
|
558
|
-
}),
|
|
559
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
560
|
-
});
|
|
561
|
-
return value;
|
|
562
|
-
}).catch((error) => {
|
|
563
|
-
instrumentation.logFunction({
|
|
564
|
-
...baseEvent,
|
|
565
|
-
phase: "rejected",
|
|
566
|
-
rejectedError: serializeError(error),
|
|
567
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
568
|
-
});
|
|
569
|
-
throw error;
|
|
570
|
-
});
|
|
571
|
-
instrumentation.logFunction({
|
|
572
|
-
...baseEvent,
|
|
573
|
-
phase: "resolved",
|
|
574
|
-
resolvedValue: scrubResolvedValue({
|
|
575
|
-
piiFields: instrumentation.config.piiFields,
|
|
576
|
-
redactAll,
|
|
577
|
-
value: result
|
|
578
|
-
}),
|
|
579
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
580
|
-
});
|
|
581
|
-
return result;
|
|
582
|
-
} catch (error) {
|
|
583
|
-
instrumentation.logFunction({
|
|
584
|
-
...baseEvent,
|
|
585
|
-
phase: "rejected",
|
|
586
|
-
rejectedError: serializeError(error),
|
|
587
|
-
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
588
|
-
});
|
|
589
|
-
throw error;
|
|
590
|
-
}
|
|
591
|
-
};
|
|
592
|
-
return wrapped;
|
|
593
|
-
};
|
|
594
|
-
|
|
595
|
-
//#endregion
|
|
596
|
-
//#region src/modules/auth/getElevatedAccessToken/getElevatedAccessToken.ts
|
|
597
|
-
/**
|
|
598
|
-
* Gets an elevated access token by scope.
|
|
599
|
-
*
|
|
600
|
-
* This function retrieves an elevated access token that contains the specified scope.
|
|
601
|
-
* Expired tokens are automatically filtered out.
|
|
602
|
-
*
|
|
603
|
-
* By default, if the token has `singleUse: true`, it will be automatically
|
|
604
|
-
* consumed (removed from state) after retrieval. Pass `consume: false` to
|
|
605
|
-
* check for token existence without consuming it.
|
|
606
|
-
*
|
|
607
|
-
* @param params - The parameters object.
|
|
608
|
-
* @param params.scope - The scope to match (e.g., 'wallet:export').
|
|
609
|
-
* @param params.consume - Whether to consume single-use tokens (default: true).
|
|
610
|
-
* @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
|
|
611
|
-
* @returns The elevated access token if found and not expired, or undefined if not found or expired.
|
|
612
|
-
*
|
|
613
|
-
* @example
|
|
614
|
-
* ```typescript
|
|
615
|
-
* // Retrieve and consume (default)
|
|
616
|
-
* const token = getElevatedAccessToken({ scope: 'wallet:export' });
|
|
617
|
-
*
|
|
618
|
-
* // Check existence without consuming
|
|
619
|
-
* const token = getElevatedAccessToken({ scope: 'credential:unlink', consume: false });
|
|
620
|
-
* ```
|
|
621
|
-
* @notInstrumented
|
|
622
|
-
*/
|
|
623
|
-
const getElevatedAccessToken = ({ consume = true, scope }, client = getDefaultClient()) => {
|
|
624
|
-
const core = getCore(client);
|
|
625
|
-
const now = /* @__PURE__ */ new Date();
|
|
626
|
-
const elevatedAccessTokens = core.state.get().elevatedAccessTokens || [];
|
|
627
|
-
const validTokens = elevatedAccessTokens.filter((token$1) => !token$1.expiresAt || token$1.expiresAt > now);
|
|
628
|
-
if (validTokens.length !== elevatedAccessTokens.length) core.state.set({ elevatedAccessTokens: validTokens });
|
|
629
|
-
const token = validTokens.find((token$1) => token$1.scopes.includes(scope));
|
|
630
|
-
if (!token) return;
|
|
631
|
-
if (consume && token.singleUse) {
|
|
632
|
-
const updatedTokens = validTokens.filter((t) => t !== token);
|
|
633
|
-
core.state.set({ elevatedAccessTokens: updatedTokens });
|
|
634
|
-
}
|
|
635
|
-
return token.token;
|
|
636
|
-
};
|
|
637
|
-
const __getElevatedAccessToken_impl = getElevatedAccessToken;
|
|
638
|
-
const __getElevatedAccessToken_wrapped = instrumentFunction({
|
|
639
|
-
fn: __getElevatedAccessToken_impl,
|
|
640
|
-
functionName: "getElevatedAccessToken",
|
|
641
|
-
getCore: () => {
|
|
642
|
-
try {
|
|
643
|
-
return getCore(getDefaultClient());
|
|
644
|
-
} catch {
|
|
645
|
-
return;
|
|
646
|
-
}
|
|
647
|
-
}
|
|
648
|
-
});
|
|
649
|
-
|
|
650
|
-
//#endregion
|
|
651
|
-
//#region src/errors/ValueMustBeDefinedError.ts
|
|
652
|
-
var ValueMustBeDefinedError = class extends BaseError {
|
|
653
|
-
constructor(message) {
|
|
654
|
-
super({
|
|
655
|
-
cause: null,
|
|
656
|
-
code: "value_must_be_defined_error",
|
|
657
|
-
docsUrl: null,
|
|
658
|
-
name: "ValueMustBeDefined",
|
|
659
|
-
shortMessage: message
|
|
660
|
-
});
|
|
661
|
-
}
|
|
662
|
-
};
|
|
663
|
-
|
|
664
|
-
//#endregion
|
|
665
|
-
//#region src/utils/assertDefined/assertDefined.ts
|
|
666
|
-
/**
|
|
667
|
-
* Asserts that a value is not null or undefined, throwing an error if it is.
|
|
668
|
-
* This function acts as a type guard, narrowing the type to exclude null and undefined.
|
|
669
|
-
*
|
|
670
|
-
* @template T - The type of the value being checked
|
|
671
|
-
* @param value - The value to check for null or undefined
|
|
672
|
-
* @param message - The error message to throw if the value is null or undefined
|
|
673
|
-
* @throws Throws an error with the provided message if value is null or undefined
|
|
674
|
-
* @example
|
|
675
|
-
* ```typescript
|
|
676
|
-
* const maybeString: string | null = getValue();
|
|
677
|
-
* assertDefined(maybeString, 'String value is required');
|
|
678
|
-
* // maybeString is now typed as string (null is excluded)
|
|
679
|
-
* ```
|
|
680
|
-
*/
|
|
681
|
-
function assertDefined(value, message) {
|
|
682
|
-
if (value === null || value === void 0) throw new ValueMustBeDefinedError(message);
|
|
683
|
-
}
|
|
684
|
-
|
|
685
|
-
//#endregion
|
|
686
|
-
//#region src/modules/projectSettings/isCookieEnabled/isCookieEnabled.ts
|
|
687
|
-
/**
|
|
688
|
-
* Returns true if the client is using Dynamic cookies or a BYO JWT cookie.
|
|
689
|
-
* @notInstrumented
|
|
690
|
-
*/
|
|
691
|
-
const isCookieEnabled = (client) => {
|
|
692
|
-
assertDefined(client.projectSettings, "Project settings are not defined");
|
|
693
|
-
const securitySettings = client.projectSettings.security;
|
|
694
|
-
if (!securitySettings) return false;
|
|
695
|
-
const dynamicCookiesEnabled = (securitySettings.auth?.storage || []).includes(_dynamic_labs_sdk_api_core.AuthStorageEnum.Cookie);
|
|
696
|
-
const byoJwtCookieEnabled = Boolean(securitySettings.externalAuth?.cookieName);
|
|
697
|
-
return dynamicCookiesEnabled || byoJwtCookieEnabled;
|
|
698
|
-
};
|
|
699
|
-
|
|
700
|
-
//#endregion
|
|
701
|
-
//#region src/modules/sessionKeys/getSessionKeys/getSessionKeys.ts
|
|
702
|
-
/** @notInstrumented */
|
|
703
|
-
const getSessionKeys = (client) => {
|
|
704
|
-
const publicKey = getCore(client).state.get().sessionKeys;
|
|
705
|
-
if (!publicKey) return;
|
|
706
|
-
return { publicKey };
|
|
707
|
-
};
|
|
708
|
-
|
|
709
|
-
//#endregion
|
|
710
|
-
//#region src/errors/APIError/APIError.ts
|
|
711
|
-
var APIError = class APIError extends BaseError {
|
|
712
|
-
status;
|
|
713
|
-
constructor(message, code, status) {
|
|
714
|
-
super({
|
|
715
|
-
cause: null,
|
|
716
|
-
code,
|
|
717
|
-
docsUrl: null,
|
|
718
|
-
name: "APIError",
|
|
719
|
-
shortMessage: message
|
|
720
|
-
});
|
|
721
|
-
this.status = status;
|
|
722
|
-
}
|
|
723
|
-
static async fromResponse(response) {
|
|
724
|
-
try {
|
|
725
|
-
const errorBody = await response.clone().json();
|
|
726
|
-
if (errorBody && "error" in errorBody && typeof errorBody.error === "string") {
|
|
727
|
-
const errorCode = "code" in errorBody && typeof errorBody.code === "string" ? errorBody.code : "unknown_error";
|
|
728
|
-
return new APIError(errorBody.error, errorCode, response.status);
|
|
729
|
-
}
|
|
730
|
-
return null;
|
|
731
|
-
} catch {
|
|
732
|
-
return null;
|
|
733
|
-
}
|
|
734
|
-
}
|
|
735
|
-
};
|
|
736
|
-
|
|
737
|
-
//#endregion
|
|
738
|
-
//#region src/errors/InvalidExternalAuthError.ts
|
|
739
|
-
var InvalidExternalAuthError = class extends BaseError {
|
|
740
|
-
constructor({ cause }) {
|
|
741
|
-
super({
|
|
742
|
-
cause,
|
|
743
|
-
code: "invalid_external_auth_error",
|
|
744
|
-
docsUrl: "https://www.dynamic.xyz/docs/external-auth/third-party-auth-overview",
|
|
745
|
-
name: "InvalidExternalAuthError",
|
|
746
|
-
shortMessage: "Error authenticating with external JWT"
|
|
747
|
-
});
|
|
748
|
-
}
|
|
749
|
-
};
|
|
750
|
-
|
|
751
|
-
//#endregion
|
|
752
|
-
//#region src/errors/LinkCredentialError.ts
|
|
753
|
-
var LinkCredentialError = class extends BaseError {
|
|
754
|
-
constructor({ cause }) {
|
|
755
|
-
super({
|
|
756
|
-
cause,
|
|
757
|
-
code: "link_credential_error",
|
|
758
|
-
docsUrl: null,
|
|
759
|
-
name: "LinkCredentialError",
|
|
760
|
-
shortMessage: "The credential you are trying to link is associated with another account and cannot be reassigned."
|
|
761
|
-
});
|
|
762
|
-
}
|
|
763
|
-
};
|
|
764
|
-
|
|
765
|
-
//#endregion
|
|
766
|
-
//#region src/errors/MfaInvalidOtpError.ts
|
|
767
|
-
var MfaInvalidOtpError = class extends BaseError {
|
|
768
|
-
constructor({ cause }) {
|
|
769
|
-
super({
|
|
770
|
-
cause,
|
|
771
|
-
code: "mfa_invalid_otp_error",
|
|
772
|
-
docsUrl: null,
|
|
773
|
-
name: "MfaInvalidOtpError",
|
|
774
|
-
shortMessage: "Invalid OTP"
|
|
775
|
-
});
|
|
776
|
-
}
|
|
777
|
-
};
|
|
778
|
-
|
|
779
|
-
//#endregion
|
|
780
|
-
//#region src/errors/MfaRateLimitedError.ts
|
|
781
|
-
var MfaRateLimitedError = class extends BaseError {
|
|
782
|
-
constructor({ cause }) {
|
|
783
|
-
super({
|
|
784
|
-
cause,
|
|
785
|
-
code: "mfa_rate_limited_error",
|
|
786
|
-
docsUrl: null,
|
|
787
|
-
name: "MfaRateLimitedError",
|
|
788
|
-
shortMessage: "Rate limited"
|
|
789
|
-
});
|
|
790
|
-
}
|
|
791
|
-
};
|
|
792
|
-
|
|
793
|
-
//#endregion
|
|
794
|
-
//#region src/errors/SandboxMaximumThresholdReachedError.ts
|
|
795
|
-
var SandboxMaximumThresholdReachedError = class extends BaseError {
|
|
796
|
-
constructor({ cause }) {
|
|
797
|
-
super({
|
|
798
|
-
cause,
|
|
799
|
-
code: "sandbox_maximum_threshold_reached_error",
|
|
800
|
-
docsUrl: "https://www.dynamic.xyz/docs/developer-dashboard/sandbox-vs-live#sandbox-vs-live",
|
|
801
|
-
name: "SandboxMaximumThresholdReachedError",
|
|
802
|
-
shortMessage: "Your sandbox environment has reached the maximum MAU. Please use a live environment for production traffic."
|
|
803
|
-
});
|
|
804
|
-
}
|
|
805
|
-
};
|
|
806
|
-
|
|
807
|
-
//#endregion
|
|
808
|
-
//#region src/modules/apiClient/utils/clientErrorMapper/clientErrorMapper.ts
|
|
809
|
-
/**
|
|
810
|
-
* Default error mapper for the client that handles common API error codes.
|
|
811
|
-
*
|
|
812
|
-
* This mapper transforms specific API error codes into more specific error types:
|
|
813
|
-
* - `mfa_invalid_code` → `MfaInvalidOtpError`
|
|
814
|
-
* - `mfa_rate_limited` → `MfaRateLimitedError`
|
|
815
|
-
*
|
|
816
|
-
* @param error - The error to be mapped
|
|
817
|
-
* @returns A transformed error if the error code matches a known pattern, or null if no transformation is needed
|
|
818
|
-
*
|
|
819
|
-
* @example
|
|
820
|
-
* ```typescript
|
|
821
|
-
* // This will be automatically applied to all API errors
|
|
822
|
-
* const apiClient = createApiClient({}, client);
|
|
823
|
-
*
|
|
824
|
-
* // The clientErrorMapper will automatically convert mfa_invalid_code errors
|
|
825
|
-
* // to MfaInvalidOtpError instances
|
|
826
|
-
* ```
|
|
827
|
-
* @notInstrumented
|
|
828
|
-
*/
|
|
829
|
-
const clientErrorMapper = (error) => {
|
|
830
|
-
if (error instanceof APIError) {
|
|
831
|
-
if (error.code === "mfa_invalid_code") return new MfaInvalidOtpError({ cause: error });
|
|
832
|
-
if (error.code === "mfa_rate_limited") return new MfaRateLimitedError({ cause: error });
|
|
833
|
-
if (error.code === "invalid_external_auth") return new InvalidExternalAuthError({ cause: error });
|
|
834
|
-
if (error.code === "sandbox_maximum_threshold_reached") return new SandboxMaximumThresholdReachedError({ cause: error });
|
|
835
|
-
if (error.code === "merge_accounts_invalid" || error.code === "reassign_wallet_error") return new LinkCredentialError({ cause: error });
|
|
836
|
-
}
|
|
837
|
-
return null;
|
|
838
|
-
};
|
|
839
|
-
|
|
840
|
-
//#endregion
|
|
841
|
-
//#region src/modules/apiClient/utils/convertToApiErrorMiddleware/convertToApiErrorMiddleware.ts
|
|
842
|
-
/**
|
|
843
|
-
* Creates middleware that converts HTTP error responses to APIError instances
|
|
844
|
-
* and optionally applies custom error mappers to transform them into specific error types.
|
|
845
|
-
*
|
|
846
|
-
* @param options.errorMappers - Array of error mappers to apply to API errors
|
|
847
|
-
* @returns A middleware function that handles error conversion and mapping
|
|
848
|
-
* @notInstrumented
|
|
849
|
-
*/
|
|
850
|
-
const createConvertToApiErrorMiddleware = ({ errorMappers = [] }) => ({ post: async (context) => {
|
|
851
|
-
if (context.response.status >= 400) {
|
|
852
|
-
const apiError = await APIError.fromResponse(context.response);
|
|
853
|
-
if (apiError) {
|
|
854
|
-
let errorToThrow = apiError;
|
|
855
|
-
for (const mapper of errorMappers) {
|
|
856
|
-
const newError = mapper(apiError);
|
|
857
|
-
if (newError) {
|
|
858
|
-
errorToThrow = newError;
|
|
859
|
-
break;
|
|
860
|
-
}
|
|
861
|
-
}
|
|
862
|
-
throw errorToThrow;
|
|
863
|
-
}
|
|
864
|
-
}
|
|
865
|
-
return context.response;
|
|
866
|
-
} });
|
|
867
|
-
|
|
868
|
-
//#endregion
|
|
869
|
-
//#region src/utils/getNonce/getNonce.ts
|
|
870
|
-
/**
|
|
871
|
-
* Returns a nonce for wallet ownership verification.
|
|
872
|
-
*
|
|
873
|
-
* Pops the first nonce from the prefetched pool. When the pool is running low
|
|
874
|
-
* (≤1 remaining after pop) a background refetch is triggered. If the pool is
|
|
875
|
-
* empty, nonces are fetched on-demand before returning.
|
|
876
|
-
* @notInstrumented
|
|
877
|
-
*/
|
|
878
|
-
const getNonce = async (client) => {
|
|
879
|
-
const core = getCore(client);
|
|
880
|
-
const pool = core.state.get().prefetchedNonces;
|
|
881
|
-
if (pool.length > 0) {
|
|
882
|
-
const [nonce, ...remaining] = pool;
|
|
883
|
-
core.state.set({ prefetchedNonces: remaining });
|
|
884
|
-
if (remaining.length <= 1) fetchAndStoreNonces(client);
|
|
885
|
-
return nonce;
|
|
886
|
-
}
|
|
887
|
-
await fetchAndStoreNonces(client);
|
|
888
|
-
return getNonce(client);
|
|
889
|
-
};
|
|
890
|
-
|
|
891
|
-
//#endregion
|
|
892
|
-
//#region src/modules/deviceRegistration/getDeviceSigner/getDeviceSigner.ts
|
|
893
|
-
/** @notInstrumented */
|
|
894
|
-
const getDeviceSigner = async (client) => {
|
|
895
|
-
const { deviceSigner, keychain } = getCore(client);
|
|
896
|
-
/**
|
|
897
|
-
* If the device signer is available, it should handle the device signing.
|
|
898
|
-
* This is used for mobile devices with secure enclave.
|
|
899
|
-
*/
|
|
900
|
-
if (deviceSigner) return deviceSigner;
|
|
901
|
-
const keyName = "device";
|
|
902
|
-
if (!await keychain.getPublicKey(keyName)) await keychain.generateKey(keyName);
|
|
903
|
-
return {
|
|
904
|
-
getPublicKey: () => keychain.getPublicKey(keyName),
|
|
905
|
-
sign: (payload) => keychain.sign(keyName, payload)
|
|
451
|
+
getPublicKey: () => keychain.getPublicKey(keyName),
|
|
452
|
+
sign: (payload) => keychain.sign(keyName, payload)
|
|
906
453
|
};
|
|
907
454
|
};
|
|
908
455
|
|
|
@@ -1010,7 +557,7 @@ const createApiClient = (options = {}, client) => {
|
|
|
1010
557
|
if (client.projectSettings && isCookieEnabled(client)) settings.credentials = "include";
|
|
1011
558
|
if (options.includeMfaToken && coreState.mfaToken) settings.headers[MFA_TOKEN_HEADER] = coreState.mfaToken;
|
|
1012
559
|
if (options.elevatedAccessTokenScope) {
|
|
1013
|
-
const elevatedToken =
|
|
560
|
+
const elevatedToken = getElevatedAccessToken({ scope: options.elevatedAccessTokenScope }, client);
|
|
1014
561
|
if (elevatedToken) settings.headers[ELEVATED_ACCESS_TOKEN_HEADER] = elevatedToken;
|
|
1015
562
|
}
|
|
1016
563
|
const sessionPublicKey = getSessionKeys(client)?.publicKey;
|
|
@@ -1439,187 +986,630 @@ const getWalletAccountsFromState = ({ unverifiedWalletAccounts, user }, client)
|
|
|
1439
986
|
};
|
|
1440
987
|
|
|
1441
988
|
//#endregion
|
|
1442
|
-
//#region src/modules/wallets/getWalletAccounts/getWalletAccounts.ts
|
|
989
|
+
//#region src/modules/wallets/getWalletAccounts/getWalletAccounts.ts
|
|
990
|
+
/**
|
|
991
|
+
* Retrieves all wallet accounts associated with the current session.
|
|
992
|
+
*
|
|
993
|
+
* This function returns both verified and unverified wallet accounts,
|
|
994
|
+
* combining data from user credentials and local unverified accounts.
|
|
995
|
+
* You can differentiate between verified and unverified wallet accounts by
|
|
996
|
+
* checking the `verifiedCredentialId` property.
|
|
997
|
+
*
|
|
998
|
+
* @param [client] - The Dynamic client instance. Only required when using multiple Dynamic clients.
|
|
999
|
+
* @returns An array of wallet accounts associated with the session.
|
|
1000
|
+
* @notInstrumented
|
|
1001
|
+
* @hook Exposed as a hook so consumers get the reactive list of wallet accounts.
|
|
1002
|
+
*/
|
|
1003
|
+
const getWalletAccounts = (client = getDefaultClient()) => {
|
|
1004
|
+
const { unverifiedWalletAccounts, user } = getCore(client).state.get();
|
|
1005
|
+
return getWalletAccountsFromState({
|
|
1006
|
+
unverifiedWalletAccounts,
|
|
1007
|
+
user
|
|
1008
|
+
}, client);
|
|
1009
|
+
};
|
|
1010
|
+
|
|
1011
|
+
//#endregion
|
|
1012
|
+
//#region src/errors/NoWalletProviderFoundError.ts
|
|
1013
|
+
var NoWalletProviderFoundError = class extends BaseError {
|
|
1014
|
+
constructor({ walletProviderKey }) {
|
|
1015
|
+
super({
|
|
1016
|
+
cause: null,
|
|
1017
|
+
code: "no_wallet_provider_found_error",
|
|
1018
|
+
docsUrl: null,
|
|
1019
|
+
name: "NoWalletProviderFoundError",
|
|
1020
|
+
shortMessage: `No wallet provider found with key: ${walletProviderKey}`
|
|
1021
|
+
});
|
|
1022
|
+
}
|
|
1023
|
+
};
|
|
1024
|
+
|
|
1025
|
+
//#endregion
|
|
1026
|
+
//#region src/services/runtimeServices/createRuntimeServiceAccessKey/createRuntimeServiceAccessKey.ts
|
|
1027
|
+
/**
|
|
1028
|
+
* Creates a service accessor function that manages service instantiation and caching.
|
|
1029
|
+
* The returned function will either retrieve an existing service from the registry or
|
|
1030
|
+
* create a new one using the provided builder function.
|
|
1031
|
+
*
|
|
1032
|
+
* @template - The type of service to be created/accessed
|
|
1033
|
+
* @param key - Unique identifier for the service in the registry
|
|
1034
|
+
* @param builder - Function that creates the service instance when called with a DynamicClient
|
|
1035
|
+
* @notInstrumented
|
|
1036
|
+
*/
|
|
1037
|
+
const createRuntimeServiceAccessKey = (key, builder) => (client) => {
|
|
1038
|
+
const { runtimeServices } = getCore(client);
|
|
1039
|
+
const currentService = runtimeServices.getByKey(key);
|
|
1040
|
+
if (currentService) return currentService;
|
|
1041
|
+
const service = builder(client);
|
|
1042
|
+
runtimeServices.register(key, service);
|
|
1043
|
+
return service;
|
|
1044
|
+
};
|
|
1045
|
+
|
|
1046
|
+
//#endregion
|
|
1047
|
+
//#region src/modules/wallets/walletProviderRegistry/createWalletProviderRegistry/createWalletProviderRegistry.ts
|
|
1048
|
+
/**
|
|
1049
|
+
* Creates a new wallet provider registry that manages wallet providers with priority-based registration.
|
|
1050
|
+
*
|
|
1051
|
+
* @returns The wallet provider registry instance
|
|
1052
|
+
*
|
|
1053
|
+
* @example
|
|
1054
|
+
* ```typescript
|
|
1055
|
+
* const registry = createWalletProviderRegistry();
|
|
1056
|
+
*
|
|
1057
|
+
* registry.register({
|
|
1058
|
+
* priority: WalletProviderPriority.WALLET_SDK,
|
|
1059
|
+
* walletProvider: myWalletProvider
|
|
1060
|
+
* });
|
|
1061
|
+
*
|
|
1062
|
+
* const provider = registry.getByKey('my-wallet-key');
|
|
1063
|
+
* const providers = registry.listProviders();
|
|
1064
|
+
* ```
|
|
1065
|
+
* @notInstrumented
|
|
1066
|
+
*/
|
|
1067
|
+
const createWalletProviderRegistry = (client) => {
|
|
1068
|
+
const registry = /* @__PURE__ */ new Map();
|
|
1069
|
+
return {
|
|
1070
|
+
getByKey: (key) => registry.get(key)?.walletProvider,
|
|
1071
|
+
listProviderEntries: () => Array.from(registry.values()),
|
|
1072
|
+
listProviders: () => Array.from(registry.values()).map((v) => v.walletProvider),
|
|
1073
|
+
register: (args) => {
|
|
1074
|
+
const existingEntry = registry.get(args.walletProvider.key);
|
|
1075
|
+
if (existingEntry) {
|
|
1076
|
+
if (existingEntry.priority < args.priority) {
|
|
1077
|
+
registry.set(args.walletProvider.key, args);
|
|
1078
|
+
emitEvent({
|
|
1079
|
+
args: { walletProviderKey: args.walletProvider.key },
|
|
1080
|
+
event: "walletProviderChanged"
|
|
1081
|
+
}, client);
|
|
1082
|
+
}
|
|
1083
|
+
} else {
|
|
1084
|
+
registry.set(args.walletProvider.key, args);
|
|
1085
|
+
emitEvent({
|
|
1086
|
+
args: { walletProvider: args.walletProvider },
|
|
1087
|
+
event: "walletProviderRegistered"
|
|
1088
|
+
}, client);
|
|
1089
|
+
emitEvent({
|
|
1090
|
+
args: { walletProviderKey: args.walletProvider.key },
|
|
1091
|
+
event: "walletProviderChanged"
|
|
1092
|
+
}, client);
|
|
1093
|
+
}
|
|
1094
|
+
},
|
|
1095
|
+
unregister: (key) => {
|
|
1096
|
+
registry.delete(key);
|
|
1097
|
+
emitEvent({
|
|
1098
|
+
args: { walletProviderKey: key },
|
|
1099
|
+
event: "walletProviderUnregistered"
|
|
1100
|
+
}, client);
|
|
1101
|
+
}
|
|
1102
|
+
};
|
|
1103
|
+
};
|
|
1104
|
+
|
|
1105
|
+
//#endregion
|
|
1106
|
+
//#region src/modules/wallets/walletProviderRegistry/getWalletProviderRegistry/getWalletProviderRegistry.ts
|
|
1107
|
+
/**
|
|
1108
|
+
* This function provides access to a shared instance of the wallet provider registry.
|
|
1109
|
+
*
|
|
1110
|
+
* It ensures that the same registry instance is used throughout the client to maintaining
|
|
1111
|
+
* consistency of registered wallet providers across different parts of the codebase.
|
|
1112
|
+
*
|
|
1113
|
+
* @returns The wallet provider registry instance
|
|
1114
|
+
*
|
|
1115
|
+
* @example
|
|
1116
|
+
* ```typescript
|
|
1117
|
+
* // Get the registry instance
|
|
1118
|
+
* const registry = getWalletProviderRegistry();
|
|
1119
|
+
*
|
|
1120
|
+
* // Register a wallet provider
|
|
1121
|
+
* registry.register({
|
|
1122
|
+
* priority: WalletProviderPriority.WALLET_SDK,
|
|
1123
|
+
* walletProvider: myWalletProvider
|
|
1124
|
+
* });
|
|
1125
|
+
*
|
|
1126
|
+
* // Retrieve a specific provider
|
|
1127
|
+
* const provider = registry.getByKey('metamaskevm');
|
|
1128
|
+
* ```
|
|
1129
|
+
*/
|
|
1130
|
+
const getWalletProviderRegistry = createRuntimeServiceAccessKey("walletProviderRegistry", (client) => createWalletProviderRegistry(client));
|
|
1131
|
+
|
|
1132
|
+
//#endregion
|
|
1133
|
+
//#region src/modules/wallets/walletProviderRegistry/walletProviderRegistry.types.ts
|
|
1134
|
+
let WalletProviderPriority = /* @__PURE__ */ function(WalletProviderPriority$1) {
|
|
1135
|
+
/**
|
|
1136
|
+
* Highest priority should be used by wallet providers that implement
|
|
1137
|
+
* the most reliable wallet integration.
|
|
1138
|
+
* example: The SDK provided by the wallet provider.
|
|
1139
|
+
*/
|
|
1140
|
+
WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SDK"] = 100] = "WALLET_SDK";
|
|
1141
|
+
/**
|
|
1142
|
+
* Medium priority should be used by wallet providers that implement
|
|
1143
|
+
* a wallet integration via some reliable standard.
|
|
1144
|
+
* example: A wallet provider that uses EIP6963 announcement.
|
|
1145
|
+
*/
|
|
1146
|
+
WalletProviderPriority$1[WalletProviderPriority$1["WALLET_SELF_ANNOUNCEMENT_STANDARD"] = 50] = "WALLET_SELF_ANNOUNCEMENT_STANDARD";
|
|
1147
|
+
/**
|
|
1148
|
+
* Low priority should be used by wallet providers that implement
|
|
1149
|
+
* a wallet integration on a less reliable standard.
|
|
1150
|
+
* example: A wallet provider that uses window.ethereum, where the
|
|
1151
|
+
* window key can be overridden by other extensions.
|
|
1152
|
+
*/
|
|
1153
|
+
WalletProviderPriority$1[WalletProviderPriority$1["WINDOW_INJECT"] = 20] = "WINDOW_INJECT";
|
|
1154
|
+
return WalletProviderPriority$1;
|
|
1155
|
+
}({});
|
|
1156
|
+
|
|
1157
|
+
//#endregion
|
|
1158
|
+
//#region src/modules/wallets/utils/getWalletProviderFromWalletAccount/getWalletProviderFromWalletAccount.ts
|
|
1159
|
+
/** @notInstrumented */
|
|
1160
|
+
const getWalletProviderFromWalletAccount = ({ walletAccount }, client) => {
|
|
1161
|
+
const walletProvider = getWalletProviderRegistry(client).getByKey(walletAccount.walletProviderKey);
|
|
1162
|
+
if (!walletProvider) throw new NoWalletProviderFoundError({ walletProviderKey: walletAccount.walletProviderKey });
|
|
1163
|
+
return walletProvider;
|
|
1164
|
+
};
|
|
1165
|
+
|
|
1166
|
+
//#endregion
|
|
1167
|
+
//#region src/modules/auth/consts.ts
|
|
1168
|
+
const DYNAMIC_AUTH_COOKIE_NAME = "DYNAMIC_JWT_TOKEN";
|
|
1169
|
+
|
|
1170
|
+
//#endregion
|
|
1171
|
+
//#region src/modules/auth/extractSessionId/extractSessionId.ts
|
|
1172
|
+
/**
|
|
1173
|
+
* Extracts the session ID (`sid` claim) from a JWT token string.
|
|
1174
|
+
*
|
|
1175
|
+
* Decodes the base64url-encoded payload segment of the token and reads the
|
|
1176
|
+
* `sid` field. This is used to correlate instrumentation events with the
|
|
1177
|
+
* authenticated session, without ever forwarding the full token.
|
|
1178
|
+
*
|
|
1179
|
+
* Returns `null` when no token is present, when the token is malformed, or
|
|
1180
|
+
* when the payload does not contain a `sid` claim.
|
|
1181
|
+
* @notInstrumented
|
|
1182
|
+
*/
|
|
1183
|
+
const extractSessionId = (token) => {
|
|
1184
|
+
try {
|
|
1185
|
+
const payload = token.split(".")[1];
|
|
1186
|
+
return JSON.parse(atob(payload)).sid ?? null;
|
|
1187
|
+
} catch {
|
|
1188
|
+
return null;
|
|
1189
|
+
}
|
|
1190
|
+
};
|
|
1191
|
+
|
|
1192
|
+
//#endregion
|
|
1193
|
+
//#region src/utils/getOperatingSystem/getOperatingSystem.ts
|
|
1194
|
+
/**
|
|
1195
|
+
* Detects the operating system from `navigator.userAgent` for web environments.
|
|
1196
|
+
*
|
|
1197
|
+
* The React Native bundler (Metro) resolves `getOperatingSystem.native.ts`
|
|
1198
|
+
* instead when building for React Native, which uses `Platform.OS` directly.
|
|
1199
|
+
*
|
|
1200
|
+
* Falls back to `'unknown'` when `navigator` is unavailable (SSR, service
|
|
1201
|
+
* workers) or when the user-agent string doesn't match a known OS pattern.
|
|
1202
|
+
* @notInstrumented
|
|
1203
|
+
*/
|
|
1204
|
+
const getOperatingSystem = () => {
|
|
1205
|
+
try {
|
|
1206
|
+
const ua = navigator.userAgent;
|
|
1207
|
+
if (/iPhone|iPad|iPod/.test(ua)) return "ios";
|
|
1208
|
+
if (/Android/.test(ua)) return "android";
|
|
1209
|
+
if (/Windows/.test(ua)) return "windows";
|
|
1210
|
+
if (/Macintosh|Mac OS X/.test(ua)) return "macos";
|
|
1211
|
+
if (/Linux/.test(ua)) return "linux";
|
|
1212
|
+
return "unknown";
|
|
1213
|
+
} catch {
|
|
1214
|
+
return "unknown";
|
|
1215
|
+
}
|
|
1216
|
+
};
|
|
1217
|
+
|
|
1218
|
+
//#endregion
|
|
1219
|
+
//#region src/utils/getPlatform/getPlatform.ts
|
|
1443
1220
|
/**
|
|
1444
|
-
*
|
|
1221
|
+
* Returns the platform the SDK is running on.
|
|
1445
1222
|
*
|
|
1446
|
-
* This
|
|
1447
|
-
*
|
|
1448
|
-
*
|
|
1449
|
-
*
|
|
1223
|
+
* This is the web implementation — the React Native bundler resolves
|
|
1224
|
+
* `getPlatform.native.ts` instead when building for React Native, which
|
|
1225
|
+
* returns `'react-native'`.
|
|
1226
|
+
* @notInstrumented
|
|
1227
|
+
*/
|
|
1228
|
+
const getPlatform = () => "web";
|
|
1229
|
+
|
|
1230
|
+
//#endregion
|
|
1231
|
+
//#region src/utils/getUserAgent/getUserAgent.ts
|
|
1232
|
+
/**
|
|
1233
|
+
* Returns the browser's `navigator.userAgent` string for inclusion in
|
|
1234
|
+
* instrumentation events.
|
|
1450
1235
|
*
|
|
1451
|
-
*
|
|
1452
|
-
*
|
|
1236
|
+
* Falls back to an empty string in environments where `navigator` is not
|
|
1237
|
+
* available (e.g., Node.js SSR, service workers) so that callers never need
|
|
1238
|
+
* to guard against undefined.
|
|
1453
1239
|
* @notInstrumented
|
|
1454
|
-
* @hook Exposed as a hook so consumers get the reactive list of wallet accounts.
|
|
1455
1240
|
*/
|
|
1456
|
-
const
|
|
1457
|
-
|
|
1458
|
-
|
|
1459
|
-
|
|
1460
|
-
|
|
1461
|
-
}
|
|
1241
|
+
const getUserAgent = () => {
|
|
1242
|
+
try {
|
|
1243
|
+
return navigator.userAgent;
|
|
1244
|
+
} catch {
|
|
1245
|
+
return "";
|
|
1246
|
+
}
|
|
1462
1247
|
};
|
|
1463
1248
|
|
|
1464
1249
|
//#endregion
|
|
1465
|
-
//#region src/
|
|
1466
|
-
|
|
1467
|
-
|
|
1468
|
-
|
|
1469
|
-
|
|
1470
|
-
|
|
1471
|
-
|
|
1472
|
-
|
|
1473
|
-
|
|
1250
|
+
//#region src/services/instrumentation/constants.ts
|
|
1251
|
+
/**
|
|
1252
|
+
* Default key-based PII scrubber list, lowercased and matched against the
|
|
1253
|
+
* lowercased object key.
|
|
1254
|
+
*
|
|
1255
|
+
* Two complementary mechanisms cover credential leakage:
|
|
1256
|
+
*
|
|
1257
|
+
* 1. Explicit keys listed here — matched exactly (case-insensitive). Use this
|
|
1258
|
+
* for keys that don't end in a generic credential suffix (e.g. `mnemonic`,
|
|
1259
|
+
* `seed`, `verificationCode`, `keyShare`).
|
|
1260
|
+
* 2. Suffix matching in {@link scrubParameters} for the credential suffixes
|
|
1261
|
+
* enumerated by {@link PII_KEY_SUFFIXES} — catches any field whose name
|
|
1262
|
+
* ends in `token` or `jwt` (e.g. `mfaToken`, `minifiedJwt`, `accessToken`,
|
|
1263
|
+
* `idToken`, `captchaToken`, …) without needing to enumerate them here.
|
|
1264
|
+
*/
|
|
1265
|
+
const DEFAULT_PII_FIELDS = [
|
|
1266
|
+
"password",
|
|
1267
|
+
"token",
|
|
1268
|
+
"secret",
|
|
1269
|
+
"privateKey",
|
|
1270
|
+
"privateJwk",
|
|
1271
|
+
"mnemonic",
|
|
1272
|
+
"seed",
|
|
1273
|
+
"keyShare",
|
|
1274
|
+
"keyShares",
|
|
1275
|
+
"email",
|
|
1276
|
+
"phone",
|
|
1277
|
+
"ssn",
|
|
1278
|
+
"address",
|
|
1279
|
+
"authorization",
|
|
1280
|
+
"verificationCode",
|
|
1281
|
+
"recoveryCodes",
|
|
1282
|
+
"codeVerifier",
|
|
1283
|
+
"pkce",
|
|
1284
|
+
"bearer",
|
|
1285
|
+
"apiKey",
|
|
1286
|
+
"alias",
|
|
1287
|
+
"publicIdentifier"
|
|
1288
|
+
];
|
|
1289
|
+
/**
|
|
1290
|
+
* Lowercased suffixes used by {@link scrubParameters} to match credential-like
|
|
1291
|
+
* keys without enumerating every variant (e.g. `mfaToken`, `accessToken`,
|
|
1292
|
+
* `refreshToken`, `legacyToken`, `minifiedJwt`). Only suffixes that are
|
|
1293
|
+
* unambiguously credentials belong here — `key` (matches `publicKey`) and
|
|
1294
|
+
* `code` (matches `countryCode`) are too broad and must not be added.
|
|
1295
|
+
*/
|
|
1296
|
+
const PII_KEY_SUFFIXES = ["token", "jwt"];
|
|
1297
|
+
const REDACTED_VALUE = "[REDACTED]";
|
|
1298
|
+
const MAX_STRING_LENGTH = 500;
|
|
1299
|
+
const TRUNCATED_SUFFIX = "...[truncated]";
|
|
1300
|
+
/**
|
|
1301
|
+
* Label prefix for binary data placeholders. The full placeholder includes the
|
|
1302
|
+
* byte length, e.g. `[Binary:16 bytes]`, so consumers can gauge data size
|
|
1303
|
+
* without the actual bytes appearing in logs.
|
|
1304
|
+
*/
|
|
1305
|
+
const BINARY_LABEL = "Binary";
|
|
1306
|
+
/**
|
|
1307
|
+
* Placeholder emitted when a circular reference is detected in the value tree.
|
|
1308
|
+
* Using a named constant makes it easy to search for or filter in downstream
|
|
1309
|
+
* log tooling.
|
|
1310
|
+
*/
|
|
1311
|
+
const CIRCULAR_VALUE = "[Circular]";
|
|
1312
|
+
|
|
1313
|
+
//#endregion
|
|
1314
|
+
//#region src/services/instrumentation/scrubParameters/scrubParameters.ts
|
|
1315
|
+
/**
|
|
1316
|
+
* Returns true when `key` should be redacted based on the configured PII
|
|
1317
|
+
* field list. A key matches when its lowercased form either equals one of
|
|
1318
|
+
* `piiFieldsLower` exactly, or ends in one of the curated credential
|
|
1319
|
+
* suffixes in {@link PII_KEY_SUFFIXES} (currently `token` and `jwt`). The
|
|
1320
|
+
* suffix check is what catches `mfaToken`, `minifiedJwt`, `accessToken`,
|
|
1321
|
+
* etc. without needing every variant enumerated explicitly.
|
|
1322
|
+
*/
|
|
1323
|
+
const keyMatchesPiiField = ({ keyLower, piiFieldsLower }) => {
|
|
1324
|
+
if (piiFieldsLower.includes(keyLower)) return true;
|
|
1325
|
+
return PII_KEY_SUFFIXES.some((suffix) => keyLower.endsWith(suffix));
|
|
1326
|
+
};
|
|
1327
|
+
const scrubString = ({ key, piiFieldsLower, redactAll, value }) => {
|
|
1328
|
+
if (keyMatchesPiiField({
|
|
1329
|
+
keyLower: key.toLowerCase(),
|
|
1330
|
+
piiFieldsLower
|
|
1331
|
+
})) return REDACTED_VALUE;
|
|
1332
|
+
if (redactAll) return REDACTED_VALUE;
|
|
1333
|
+
if (value.length > MAX_STRING_LENGTH) return value.slice(0, MAX_STRING_LENGTH) + TRUNCATED_SUFFIX;
|
|
1334
|
+
return value;
|
|
1335
|
+
};
|
|
1336
|
+
const scrubArray = ({ context, value }) => {
|
|
1337
|
+
if (context.visited.has(value)) return [CIRCULAR_VALUE];
|
|
1338
|
+
context.visited.add(value);
|
|
1339
|
+
const result = value.map((item, index) => scrubValue({
|
|
1340
|
+
context,
|
|
1341
|
+
key: String(index),
|
|
1342
|
+
value: item
|
|
1343
|
+
}));
|
|
1344
|
+
context.visited.delete(value);
|
|
1345
|
+
return result;
|
|
1346
|
+
};
|
|
1347
|
+
const scrubObject = ({ context, value }) => {
|
|
1348
|
+
if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
|
|
1349
|
+
context.visited.add(value);
|
|
1350
|
+
const result = Object.create(null);
|
|
1351
|
+
for (const key of Object.keys(value)) result[key] = scrubValue({
|
|
1352
|
+
context,
|
|
1353
|
+
key,
|
|
1354
|
+
value: value[key]
|
|
1355
|
+
});
|
|
1356
|
+
context.visited.delete(value);
|
|
1357
|
+
return result;
|
|
1358
|
+
};
|
|
1359
|
+
const scrubValue = ({ context, key, value }) => {
|
|
1360
|
+
if (value === null || value === void 0) return value;
|
|
1361
|
+
if (value instanceof Uint8Array) return `[${BINARY_LABEL}:${value.byteLength} bytes]`;
|
|
1362
|
+
if (keyMatchesPiiField({
|
|
1363
|
+
keyLower: key.toLowerCase(),
|
|
1364
|
+
piiFieldsLower: context.piiFieldsLower
|
|
1365
|
+
})) return REDACTED_VALUE;
|
|
1366
|
+
if (typeof value === "string") return scrubString({
|
|
1367
|
+
key,
|
|
1368
|
+
piiFieldsLower: context.piiFieldsLower,
|
|
1369
|
+
redactAll: context.redactAll,
|
|
1370
|
+
value
|
|
1371
|
+
});
|
|
1372
|
+
if (Array.isArray(value)) return scrubArray({
|
|
1373
|
+
context,
|
|
1374
|
+
value
|
|
1375
|
+
});
|
|
1376
|
+
if (value instanceof Set) {
|
|
1377
|
+
if (context.visited.has(value)) return [CIRCULAR_VALUE];
|
|
1378
|
+
context.visited.add(value);
|
|
1379
|
+
const setResult = scrubArray({
|
|
1380
|
+
context,
|
|
1381
|
+
value: [...value]
|
|
1382
|
+
});
|
|
1383
|
+
context.visited.delete(value);
|
|
1384
|
+
return setResult;
|
|
1385
|
+
}
|
|
1386
|
+
if (value instanceof Map) {
|
|
1387
|
+
if (context.visited.has(value)) return { [CIRCULAR_VALUE]: true };
|
|
1388
|
+
context.visited.add(value);
|
|
1389
|
+
const asObject = Object.create(null);
|
|
1390
|
+
for (const [k, v] of value.entries()) asObject[String(k)] = v;
|
|
1391
|
+
const mapResult = scrubObject({
|
|
1392
|
+
context,
|
|
1393
|
+
value: asObject
|
|
1474
1394
|
});
|
|
1395
|
+
context.visited.delete(value);
|
|
1396
|
+
return mapResult;
|
|
1475
1397
|
}
|
|
1398
|
+
if (value instanceof WeakMap) return "[WeakMap]";
|
|
1399
|
+
if (value instanceof WeakSet) return "[WeakSet]";
|
|
1400
|
+
if (value instanceof Date) return value.toISOString();
|
|
1401
|
+
if (value instanceof Error) return `[Error: ${value.message}]`;
|
|
1402
|
+
if (typeof value === "object") return scrubObject({
|
|
1403
|
+
context,
|
|
1404
|
+
value
|
|
1405
|
+
});
|
|
1406
|
+
return value;
|
|
1407
|
+
};
|
|
1408
|
+
/** @notInstrumented */
|
|
1409
|
+
const scrubParameters = ({ piiFields, redactAll, value }) => {
|
|
1410
|
+
return scrubObject({
|
|
1411
|
+
context: {
|
|
1412
|
+
piiFieldsLower: piiFields.map((field) => field.toLowerCase()),
|
|
1413
|
+
redactAll,
|
|
1414
|
+
visited: /* @__PURE__ */ new WeakSet()
|
|
1415
|
+
},
|
|
1416
|
+
value
|
|
1417
|
+
});
|
|
1476
1418
|
};
|
|
1477
1419
|
|
|
1478
1420
|
//#endregion
|
|
1479
|
-
//#region src/services/
|
|
1421
|
+
//#region src/services/instrumentation/instrumentFunction/extractParams/extractParams.ts
|
|
1480
1422
|
/**
|
|
1481
|
-
*
|
|
1482
|
-
*
|
|
1483
|
-
* create a new one using the provided builder function.
|
|
1423
|
+
* Normalises the raw positional arguments of an instrumented function call
|
|
1424
|
+
* into a flat `Record<string, unknown>` suitable for structured logging.
|
|
1484
1425
|
*
|
|
1485
|
-
*
|
|
1486
|
-
*
|
|
1487
|
-
*
|
|
1426
|
+
* ## Why this is needed
|
|
1427
|
+
*
|
|
1428
|
+
* Instrumented functions are wrapped with `(...args: unknown[])`, so their
|
|
1429
|
+
* parameters arrive as an array. Logging a raw array loses the semantic names
|
|
1430
|
+
* of each argument. This function recovers a named representation:
|
|
1431
|
+
*
|
|
1432
|
+
* - **No arguments** → `{}`
|
|
1433
|
+
* - **Single plain-object argument** → that object is returned as-is, because
|
|
1434
|
+
* SDK functions follow the single-object-parameter convention, so the object
|
|
1435
|
+
* already carries named keys (`{ amount, to }`, etc.).
|
|
1436
|
+
* - **Everything else** (multiple args, a single primitive, a single array) →
|
|
1437
|
+
* each value is indexed as `arg0`, `arg1`, …
|
|
1438
|
+
*
|
|
1439
|
+
* ## Why arrays are NOT treated as plain objects
|
|
1440
|
+
*
|
|
1441
|
+
* `typeof [] === 'object'` and `[] !== null`, so without the `Array.isArray`
|
|
1442
|
+
* guard a single-array argument would be returned as-is. That would produce
|
|
1443
|
+
* an object with numeric string keys (`{ '0': ..., '1': ... }`), which is
|
|
1444
|
+
* misleading and inconsistent with how multi-arg calls are handled. Instead,
|
|
1445
|
+
* arrays fall through to the indexed `arg0` path.
|
|
1488
1446
|
* @notInstrumented
|
|
1489
1447
|
*/
|
|
1490
|
-
const
|
|
1491
|
-
|
|
1492
|
-
|
|
1493
|
-
|
|
1494
|
-
|
|
1495
|
-
|
|
1496
|
-
return service;
|
|
1448
|
+
const extractParams = (args) => {
|
|
1449
|
+
if (args.length === 0) return {};
|
|
1450
|
+
if (args.length === 1 && typeof args[0] === "object" && args[0] !== null && !Array.isArray(args[0])) return args[0];
|
|
1451
|
+
const result = {};
|
|
1452
|
+
for (let i = 0; i < args.length; i++) result[`arg${i}`] = args[i];
|
|
1453
|
+
return result;
|
|
1497
1454
|
};
|
|
1498
1455
|
|
|
1499
1456
|
//#endregion
|
|
1500
|
-
//#region src/
|
|
1457
|
+
//#region src/services/instrumentation/instrumentFunction/scrubResolvedValue/scrubResolvedValue.ts
|
|
1501
1458
|
/**
|
|
1502
|
-
*
|
|
1503
|
-
*
|
|
1504
|
-
*
|
|
1505
|
-
*
|
|
1506
|
-
* @example
|
|
1507
|
-
* ```typescript
|
|
1508
|
-
* const registry = createWalletProviderRegistry();
|
|
1509
|
-
*
|
|
1510
|
-
* registry.register({
|
|
1511
|
-
* priority: WalletProviderPriority.WALLET_SDK,
|
|
1512
|
-
* walletProvider: myWalletProvider
|
|
1513
|
-
* });
|
|
1514
|
-
*
|
|
1515
|
-
* const provider = registry.getByKey('my-wallet-key');
|
|
1516
|
-
* const providers = registry.listProviders();
|
|
1517
|
-
* ```
|
|
1459
|
+
* Scrubs a resolved return value of any type before logging it.
|
|
1460
|
+
* Routes through `scrubParameters` by wrapping the value so that strings,
|
|
1461
|
+
* arrays, Dates, Errors, and all other types are handled identically to
|
|
1462
|
+
* nested object fields.
|
|
1518
1463
|
* @notInstrumented
|
|
1519
1464
|
*/
|
|
1520
|
-
const
|
|
1521
|
-
|
|
1465
|
+
const scrubResolvedValue = ({ piiFields, redactAll, value }) => scrubParameters({
|
|
1466
|
+
piiFields,
|
|
1467
|
+
redactAll,
|
|
1468
|
+
value: { result: value }
|
|
1469
|
+
}).result;
|
|
1470
|
+
|
|
1471
|
+
//#endregion
|
|
1472
|
+
//#region src/services/instrumentation/instrumentFunction/instrumentFunction.ts
|
|
1473
|
+
const serializeError = (error) => {
|
|
1474
|
+
if (error instanceof Error) return {
|
|
1475
|
+
message: error.message,
|
|
1476
|
+
name: error.name,
|
|
1477
|
+
stack: error.stack
|
|
1478
|
+
};
|
|
1522
1479
|
return {
|
|
1523
|
-
|
|
1524
|
-
|
|
1525
|
-
listProviders: () => Array.from(registry.values()).map((v) => v.walletProvider),
|
|
1526
|
-
register: (args) => {
|
|
1527
|
-
const existingEntry = registry.get(args.walletProvider.key);
|
|
1528
|
-
if (existingEntry) {
|
|
1529
|
-
if (existingEntry.priority < args.priority) {
|
|
1530
|
-
registry.set(args.walletProvider.key, args);
|
|
1531
|
-
emitEvent({
|
|
1532
|
-
args: { walletProviderKey: args.walletProvider.key },
|
|
1533
|
-
event: "walletProviderChanged"
|
|
1534
|
-
}, client);
|
|
1535
|
-
}
|
|
1536
|
-
} else {
|
|
1537
|
-
registry.set(args.walletProvider.key, args);
|
|
1538
|
-
emitEvent({
|
|
1539
|
-
args: { walletProvider: args.walletProvider },
|
|
1540
|
-
event: "walletProviderRegistered"
|
|
1541
|
-
}, client);
|
|
1542
|
-
emitEvent({
|
|
1543
|
-
args: { walletProviderKey: args.walletProvider.key },
|
|
1544
|
-
event: "walletProviderChanged"
|
|
1545
|
-
}, client);
|
|
1546
|
-
}
|
|
1547
|
-
},
|
|
1548
|
-
unregister: (key) => {
|
|
1549
|
-
registry.delete(key);
|
|
1550
|
-
emitEvent({
|
|
1551
|
-
args: { walletProviderKey: key },
|
|
1552
|
-
event: "walletProviderUnregistered"
|
|
1553
|
-
}, client);
|
|
1554
|
-
}
|
|
1480
|
+
message: String(error),
|
|
1481
|
+
name: "UnknownError"
|
|
1555
1482
|
};
|
|
1556
1483
|
};
|
|
1557
|
-
|
|
1558
|
-
//#endregion
|
|
1559
|
-
//#region src/modules/wallets/walletProviderRegistry/getWalletProviderRegistry/getWalletProviderRegistry.ts
|
|
1560
1484
|
/**
|
|
1561
|
-
*
|
|
1485
|
+
* Wraps a function so that each invocation emits a structured
|
|
1486
|
+
* `FunctionInstrumentationEvent` at three lifecycle points:
|
|
1562
1487
|
*
|
|
1563
|
-
*
|
|
1564
|
-
*
|
|
1488
|
+
* - **started** — immediately before the function body executes, with the
|
|
1489
|
+
* PII-scrubbed call parameters.
|
|
1490
|
+
* - **resolved** — after the function (or its returned Promise) settles
|
|
1491
|
+
* successfully, with the PII-scrubbed return value.
|
|
1492
|
+
* - **rejected** — if the function throws synchronously or its returned
|
|
1493
|
+
* Promise rejects.
|
|
1565
1494
|
*
|
|
1566
|
-
*
|
|
1495
|
+
* The original return value (or thrown error) is always forwarded to the
|
|
1496
|
+
* caller unchanged — instrumentation is purely observational.
|
|
1567
1497
|
*
|
|
1568
|
-
*
|
|
1569
|
-
* ```typescript
|
|
1570
|
-
* // Get the registry instance
|
|
1571
|
-
* const registry = getWalletProviderRegistry();
|
|
1498
|
+
* ## Usage
|
|
1572
1499
|
*
|
|
1573
|
-
*
|
|
1574
|
-
*
|
|
1575
|
-
*
|
|
1576
|
-
*
|
|
1500
|
+
* ```ts
|
|
1501
|
+
* const transfer = instrumentFunction({
|
|
1502
|
+
* fn: rawTransfer,
|
|
1503
|
+
* functionName: 'transfer',
|
|
1504
|
+
* getCore: () => core,
|
|
1577
1505
|
* });
|
|
1578
1506
|
*
|
|
1579
|
-
* //
|
|
1580
|
-
*
|
|
1507
|
+
* // When called, three events are emitted automatically:
|
|
1508
|
+
* await transfer({ amount: 1, to: '0xabc' });
|
|
1581
1509
|
* ```
|
|
1510
|
+
*
|
|
1511
|
+
* ## How functions are wrapped
|
|
1512
|
+
*
|
|
1513
|
+
* `instrumentFunction` is not called manually in application code. Instead,
|
|
1514
|
+
* the esbuild instrumentation plugin (`tools/instrumentation-plugin`) injects
|
|
1515
|
+
* it at build time: any exported function annotated with `@instrumented` in its
|
|
1516
|
+
* JSDoc is automatically wrapped by the plugin during the build step.
|
|
1517
|
+
* The plugin strips the original `export`, renames the function, and re-exports
|
|
1518
|
+
* it under the original name via `instrumentFunction(...)` — so the public API
|
|
1519
|
+
* is unchanged and no call sites need to be updated.
|
|
1520
|
+
*
|
|
1521
|
+
* ## Opting out
|
|
1522
|
+
*
|
|
1523
|
+
* Instrumentation is skipped entirely when:
|
|
1524
|
+
* - `getCore()` returns `undefined` (SDK not initialised), or
|
|
1525
|
+
* - `core.instrumentation.config.enabled` is `false`.
|
|
1526
|
+
*
|
|
1527
|
+
* In both cases the original function is called directly with no overhead.
|
|
1528
|
+
*
|
|
1529
|
+
* ## PII scrubbing
|
|
1530
|
+
*
|
|
1531
|
+
* All string values whose key appears in `piiFields` are replaced with
|
|
1532
|
+
* `"[redacted]"` before events are emitted. Pass `redactAll: true` to redact
|
|
1533
|
+
* every field, regardless of key name.
|
|
1534
|
+
* @notInstrumented
|
|
1582
1535
|
*/
|
|
1583
|
-
const
|
|
1584
|
-
|
|
1585
|
-
|
|
1586
|
-
|
|
1587
|
-
|
|
1588
|
-
|
|
1589
|
-
|
|
1590
|
-
|
|
1591
|
-
|
|
1592
|
-
|
|
1593
|
-
|
|
1594
|
-
|
|
1595
|
-
|
|
1596
|
-
|
|
1597
|
-
|
|
1598
|
-
|
|
1599
|
-
|
|
1600
|
-
|
|
1601
|
-
|
|
1602
|
-
|
|
1603
|
-
|
|
1604
|
-
|
|
1605
|
-
|
|
1606
|
-
|
|
1607
|
-
|
|
1608
|
-
|
|
1609
|
-
|
|
1610
|
-
|
|
1611
|
-
|
|
1612
|
-
|
|
1613
|
-
|
|
1614
|
-
|
|
1615
|
-
|
|
1616
|
-
|
|
1536
|
+
const instrumentFunction = ({ fn, functionName, getCore: getCore$1, redactAll }) => {
|
|
1537
|
+
const wrapped = (...args) => {
|
|
1538
|
+
const core = getCore$1();
|
|
1539
|
+
if (!core) return fn(...args);
|
|
1540
|
+
if (!core.instrumentation.config.enabled) return fn(...args);
|
|
1541
|
+
const instrumentation = core.instrumentation;
|
|
1542
|
+
const state = core.state.get();
|
|
1543
|
+
const baseEvent = {
|
|
1544
|
+
environmentId: core.environmentId,
|
|
1545
|
+
functionName,
|
|
1546
|
+
operatingSystem: getOperatingSystem(),
|
|
1547
|
+
parameters: scrubParameters({
|
|
1548
|
+
piiFields: instrumentation.config.piiFields,
|
|
1549
|
+
redactAll,
|
|
1550
|
+
value: extractParams(args)
|
|
1551
|
+
}),
|
|
1552
|
+
platform: getPlatform(),
|
|
1553
|
+
registeredExtensionKeys: Array.from(core.extensions),
|
|
1554
|
+
sdkSessionId: core.sdkSessionId,
|
|
1555
|
+
sdkVersion: core.version,
|
|
1556
|
+
status: "info",
|
|
1557
|
+
tokenSessionId: state.token ? extractSessionId(state.token) : null,
|
|
1558
|
+
userAgent: getUserAgent(),
|
|
1559
|
+
userId: state.user?.id ?? null
|
|
1560
|
+
};
|
|
1561
|
+
instrumentation.logFunction({
|
|
1562
|
+
...baseEvent,
|
|
1563
|
+
phase: "started",
|
|
1564
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
1565
|
+
});
|
|
1566
|
+
try {
|
|
1567
|
+
const result = fn(...args);
|
|
1568
|
+
if (result instanceof Promise) return result.then((value) => {
|
|
1569
|
+
instrumentation.logFunction({
|
|
1570
|
+
...baseEvent,
|
|
1571
|
+
phase: "resolved",
|
|
1572
|
+
resolvedValue: scrubResolvedValue({
|
|
1573
|
+
piiFields: instrumentation.config.piiFields,
|
|
1574
|
+
redactAll,
|
|
1575
|
+
value
|
|
1576
|
+
}),
|
|
1577
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
1578
|
+
});
|
|
1579
|
+
return value;
|
|
1580
|
+
}).catch((error) => {
|
|
1581
|
+
instrumentation.logFunction({
|
|
1582
|
+
...baseEvent,
|
|
1583
|
+
phase: "rejected",
|
|
1584
|
+
rejectedError: serializeError(error),
|
|
1585
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
1586
|
+
});
|
|
1587
|
+
throw error;
|
|
1588
|
+
});
|
|
1589
|
+
instrumentation.logFunction({
|
|
1590
|
+
...baseEvent,
|
|
1591
|
+
phase: "resolved",
|
|
1592
|
+
resolvedValue: scrubResolvedValue({
|
|
1593
|
+
piiFields: instrumentation.config.piiFields,
|
|
1594
|
+
redactAll,
|
|
1595
|
+
value: result
|
|
1596
|
+
}),
|
|
1597
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
1598
|
+
});
|
|
1599
|
+
return result;
|
|
1600
|
+
} catch (error) {
|
|
1601
|
+
instrumentation.logFunction({
|
|
1602
|
+
...baseEvent,
|
|
1603
|
+
phase: "rejected",
|
|
1604
|
+
rejectedError: serializeError(error),
|
|
1605
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString()
|
|
1606
|
+
});
|
|
1607
|
+
throw error;
|
|
1608
|
+
}
|
|
1609
|
+
};
|
|
1610
|
+
return wrapped;
|
|
1617
1611
|
};
|
|
1618
1612
|
|
|
1619
|
-
//#endregion
|
|
1620
|
-
//#region src/modules/auth/consts.ts
|
|
1621
|
-
const DYNAMIC_AUTH_COOKIE_NAME = "DYNAMIC_JWT_TOKEN";
|
|
1622
|
-
|
|
1623
1613
|
//#endregion
|
|
1624
1614
|
//#region src/constants.ts
|
|
1625
1615
|
const SDK_API_CORE_VERSION = dependencies["@dynamic-labs/sdk-api-core"];
|
|
@@ -1825,12 +1815,6 @@ Object.defineProperty(exports, 'WalletProviderPriority', {
|
|
|
1825
1815
|
return WalletProviderPriority;
|
|
1826
1816
|
}
|
|
1827
1817
|
});
|
|
1828
|
-
Object.defineProperty(exports, '__getElevatedAccessToken_wrapped', {
|
|
1829
|
-
enumerable: true,
|
|
1830
|
-
get: function () {
|
|
1831
|
-
return __getElevatedAccessToken_wrapped;
|
|
1832
|
-
}
|
|
1833
|
-
});
|
|
1834
1818
|
Object.defineProperty(exports, 'assertDefined', {
|
|
1835
1819
|
enumerable: true,
|
|
1836
1820
|
get: function () {
|
|
@@ -1909,6 +1893,12 @@ Object.defineProperty(exports, 'getDeviceSigner', {
|
|
|
1909
1893
|
return getDeviceSigner;
|
|
1910
1894
|
}
|
|
1911
1895
|
});
|
|
1896
|
+
Object.defineProperty(exports, 'getElevatedAccessToken', {
|
|
1897
|
+
enumerable: true,
|
|
1898
|
+
get: function () {
|
|
1899
|
+
return getElevatedAccessToken;
|
|
1900
|
+
}
|
|
1901
|
+
});
|
|
1912
1902
|
Object.defineProperty(exports, 'getHeadersForNonceSignedByDeviceSigners', {
|
|
1913
1903
|
enumerable: true,
|
|
1914
1904
|
get: function () {
|
|
@@ -2065,4 +2055,4 @@ Object.defineProperty(exports, 'version', {
|
|
|
2065
2055
|
return version;
|
|
2066
2056
|
}
|
|
2067
2057
|
});
|
|
2068
|
-
//# sourceMappingURL=InvalidParamError-
|
|
2058
|
+
//# sourceMappingURL=InvalidParamError-BPY2yug_.cjs.map
|