@dynamic-labs-wallet/forward-mpc-shared 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.cjs CHANGED
@@ -100,6 +100,57 @@ var OptionalStringCodec = ioTs.union([
100
100
  ioTs.string,
101
101
  ioTs.undefined
102
102
  ]);
103
+ function BoundedIntCodec(name, min, max) {
104
+ return new ioTs.Type(name, (u) => typeof u === "number" && Number.isInteger(u) && u >= min && u <= max, (u, c) => {
105
+ if (typeof u !== "number") {
106
+ return ioTs.failure(u, c, `${name}: expected a number`);
107
+ }
108
+ if (!Number.isInteger(u)) {
109
+ return ioTs.failure(u, c, `${name}: expected an integer`);
110
+ }
111
+ if (u < min || u > max) {
112
+ return ioTs.failure(u, c, `${name}: value ${u} out of range [${min}, ${max}]`);
113
+ }
114
+ return ioTs.success(u);
115
+ }, (a) => a);
116
+ }
117
+ __name(BoundedIntCodec, "BoundedIntCodec");
118
+ var DomainCodec = new ioTs.Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
119
+ if (typeof u !== "string") {
120
+ return ioTs.failure(u, c, "Value must be a string");
121
+ }
122
+ const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
123
+ if (!domainPattern.test(u)) {
124
+ return ioTs.failure(u, c, "Invalid domain format");
125
+ }
126
+ return ioTs.success(u);
127
+ }, ioTs.identity);
128
+
129
+ // src/codecs/RelayDomainCodec.ts
130
+ var BLOCKED_PATTERNS = [
131
+ /^localhost(:\d+)?$/i,
132
+ /^127\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
133
+ /^0\.0\.0\.0(:\d+)?$/,
134
+ /^10\.\d{1,3}\.\d{1,3}\.\d{1,3}(:\d+)?$/,
135
+ /^172\.(1[6-9]|2\d|3[01])\.\d{1,3}\.\d{1,3}(:\d+)?$/,
136
+ /^192\.168\.\d{1,3}\.\d{1,3}(:\d+)?$/,
137
+ /^169\.254\.\d{1,3}\.\d{1,3}(:\d+)?$/,
138
+ /^\[::1\](:\d+)?$/,
139
+ /^\[fd[0-9a-f]{2}:/i,
140
+ /^\[fe80:/i,
141
+ /^instance-data\.ec2\.internal(:\d+)?$/i
142
+ ];
143
+ var RelayDomainCodec = new ioTs.Type("RelayDomainCodec", (u) => typeof u === "string", (u, c) => {
144
+ const base = DomainCodec.decode(u);
145
+ if (base._tag === "Left") return base;
146
+ const domain = base.right;
147
+ for (const pattern of BLOCKED_PATTERNS) {
148
+ if (pattern.test(domain)) {
149
+ return ioTs.failure(u, c, "Relay domain must not be a private, loopback, or link-local address");
150
+ }
151
+ }
152
+ return ioTs.success(domain);
153
+ }, ioTs.identity);
103
154
  function buildMessageSchema(messageType, version, additionalFields = {}, ...additionalSchemas) {
104
155
  const schema = ioTs.type({
105
156
  type: ioTs.literal(messageType),
@@ -437,16 +488,6 @@ var WebSocketCloseCode = {
437
488
  /** Abnormal closure — no close frame (network drop, etc.). */
438
489
  ABNORMAL: 1006
439
490
  };
440
- var DomainCodec = new ioTs.Type("DomainCodec", (u) => typeof u === "string", (u, c) => {
441
- if (typeof u !== "string") {
442
- return ioTs.failure(u, c, "Value must be a string");
443
- }
444
- const domainPattern = /^[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*(?::\d{1,5})?$/;
445
- if (!domainPattern.test(u)) {
446
- return ioTs.failure(u, c, "Invalid domain format");
447
- }
448
- return ioTs.success(u);
449
- }, ioTs.identity);
450
491
  var Uint8ArrayOrHexCodec = new ioTs.Type(
451
492
  "Uint8ArrayOrHex",
452
493
  (u) => u instanceof Uint8Array,
@@ -479,7 +520,7 @@ var Uint8ArrayOrHexCodec = new ioTs.Type(
479
520
 
480
521
  // src/messages/SignMessageV1Request.ts
481
522
  var SignMessageRequestSchema = buildMessageSchema("signMessage", 1, {
482
- relayDomain: DomainCodec,
523
+ relayDomain: RelayDomainCodec,
483
524
  keyshare: EncryptedPayloadCodec,
484
525
  message: Uint8ArrayOrHexCodec,
485
526
  roomUuid: ioTs.string,
@@ -567,11 +608,14 @@ var ConnectionAckV1ResponseMessage = createSimpleMessage({
567
608
  version: 1,
568
609
  schema: ConnectionAckResponseSchema
569
610
  });
611
+ var MAX_KEYGEN_PARTIES = 10;
612
+ var NumPartiesCodec = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
613
+ var ThresholdCodec = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
570
614
  var BaseKeygenParamsCodec = ioTs.type({
571
- relayDomain: DomainCodec,
615
+ relayDomain: RelayDomainCodec,
572
616
  roomUuid: ioTs.string,
573
- numParties: ioTs.number,
574
- threshold: ioTs.number,
617
+ numParties: NumPartiesCodec,
618
+ threshold: ThresholdCodec,
575
619
  keygenInit: EncryptedPayloadCodec,
576
620
  keygenIds: ioTs.array(ioTs.string),
577
621
  userId: OptionalStringCodec,
@@ -591,10 +635,10 @@ var KeygenAlgoParamsCodec = ioTs.union([
591
635
  BIP340KeygenParamsCodec
592
636
  ]);
593
637
  var KeygenRequestSchema = buildMessageSchema("keygen", 1, {
594
- relayDomain: DomainCodec,
638
+ relayDomain: RelayDomainCodec,
595
639
  roomUuid: ioTs.string,
596
- numParties: ioTs.number,
597
- threshold: ioTs.number,
640
+ numParties: NumPartiesCodec,
641
+ threshold: ThresholdCodec,
598
642
  keygenInit: EncryptedPayloadCodec,
599
643
  keygenIds: ioTs.array(ioTs.string),
600
644
  userId: OptionalStringCodec,
@@ -644,12 +688,14 @@ var KeygenV1ResponseMessage = createStandardMessage({
644
688
  error: decoded.error
645
689
  }))
646
690
  });
691
+ var NumPartiesCodec2 = BoundedIntCodec("numParties", 2, MAX_KEYGEN_PARTIES);
692
+ var ThresholdCodec2 = BoundedIntCodec("threshold", 1, MAX_KEYGEN_PARTIES);
647
693
  var ReceiveKeyRequestSchema = buildMessageSchema("receiveKey", 1, {
648
- relayDomain: DomainCodec,
694
+ relayDomain: RelayDomainCodec,
649
695
  signingAlgo: ioTs.literal("ed25519"),
650
696
  roomUuid: ioTs.string,
651
- numParties: ioTs.number,
652
- threshold: ioTs.number,
697
+ numParties: NumPartiesCodec2,
698
+ threshold: ThresholdCodec2,
653
699
  keygenInit: EncryptedPayloadCodec,
654
700
  keygenIds: ioTs.array(ioTs.string),
655
701
  userId: OptionalStringCodec,
@@ -1032,6 +1078,7 @@ exports.ALL_SIGNING_ALGORITHM_SCHEMA = ALL_SIGNING_ALGORITHM_SCHEMA;
1032
1078
  exports.BIP340SigningAlgorithm = BIP340SigningAlgorithm;
1033
1079
  exports.BaseMessage = BaseMessage;
1034
1080
  exports.BaseSigningAlgorithm = BaseSigningAlgorithm;
1081
+ exports.BoundedIntCodec = BoundedIntCodec;
1035
1082
  exports.ConnectionAckRequestSchema = ConnectionAckRequestSchema;
1036
1083
  exports.ConnectionAckResponseSchema = ConnectionAckResponseSchema;
1037
1084
  exports.ConnectionAckV1RequestMessage = ConnectionAckV1RequestMessage;
@@ -1049,12 +1096,14 @@ exports.KeygenRequestSchema = KeygenRequestSchema;
1049
1096
  exports.KeygenResponseSchema = KeygenResponseSchema;
1050
1097
  exports.KeygenV1RequestMessage = KeygenV1RequestMessage;
1051
1098
  exports.KeygenV1ResponseMessage = KeygenV1ResponseMessage;
1099
+ exports.MAX_KEYGEN_PARTIES = MAX_KEYGEN_PARTIES;
1052
1100
  exports.MessageRegistry = MessageRegistry;
1053
1101
  exports.OptionalStringCodec = OptionalStringCodec;
1054
1102
  exports.ReceiveKeyRequestSchema = ReceiveKeyRequestSchema;
1055
1103
  exports.ReceiveKeyResponseSchema = ReceiveKeyResponseSchema;
1056
1104
  exports.ReceiveKeyV1RequestMessage = ReceiveKeyV1RequestMessage;
1057
1105
  exports.ReceiveKeyV1ResponseMessage = ReceiveKeyV1ResponseMessage;
1106
+ exports.RelayDomainCodec = RelayDomainCodec;
1058
1107
  exports.SIGNING_ALGORITHM_CLASSES = SIGNING_ALGORITHM_CLASSES;
1059
1108
  exports.SIGNING_ALGORITHM_INSTANCES = SIGNING_ALGORITHM_INSTANCES;
1060
1109
  exports.SignMessageRequestSchema = SignMessageRequestSchema;