@dynamic-labs/embedded-wallet 3.0.0-alpha.8

package/src/lib/AuthenticatorHandler/TurnkeyAuthenticatorRecoveryHandler.js

@@ -0,0 +1,222 @@
+'use client'
+import { __awaiter } from '../../../_virtual/_tslib.js';
+import { IframeStamper } from '@turnkey/iframe-stamper';
+import { TurnkeyClient } from '@turnkey/http';
+import { DynamicError, getTLD, PlatformService } from '@dynamic-labs/utils';
+import { logger } from '@dynamic-labs/wallet-connector-core';
+import { PasskeyService } from '../utils/PasskeyService/PasskeyService.js';
+
+const turnkeyBaseUrl = 'https://api.turnkey.com';
+const turnkeyPasskeyRecoveryUrl = 'https://recovery.turnkey.com';
+const turnkeyEmailRecoveryUrl = 'https://auth.turnkey.com';
+const TURNKEY_RECOVERY_CREDENTIAL_EXPIRATION_SECONDS = 900; // 15 seconds
+const TURNKEY_SESSION_EXPIRATION_SECONDS = 1800; //30 seconds
+const EMAIL_AUTH_CREDENTIAL_TYPE = 'CREDENTIAL_TYPE_API_KEY_P256';
+const PASSKEY_RECOVERY_CREDENTIAL_TYPE = 'CREDENTIAL_TYPE_RECOVER_USER_KEY_P256';
+class TurnkeyAuthenticatorRecoveryHandler {
+    constructor() {
+        this.isSessionActive = () => {
+            // it's only used for email auth session
+            if (!this.__createdAt || this.__recoveryType !== 'email') {
+                return false;
+            }
+            const isExpired = this.isExpired(this.__createdAt, this.__sessionExpiration || TURNKEY_SESSION_EXPIRATION_SECONDS);
+            if (isExpired) {
+                this.clear();
+                return false;
+            }
+            return true;
+        };
+        this.isValidCode = (organizationId) => __awaiter(this, void 0, void 0, function* () {
+            var _a, _b, _c, _d;
+            if (!organizationId || !this.__turnkeyRecoveryUserId) {
+                throw new DynamicError('Cannot proceed with your request');
+            }
+            const userResponse = yield ((_a = this.__client) === null || _a === void 0 ? void 0 : _a.getUser({
+                organizationId,
+                userId: this.__turnkeyRecoveryUserId,
+            }));
+            const credentialTypeMap = {
+                email: EMAIL_AUTH_CREDENTIAL_TYPE,
+                passkey: PASSKEY_RECOVERY_CREDENTIAL_TYPE,
+            };
+            const recoveryCredential = (_d = (_c = (_b = userResponse === null || userResponse === void 0 ? void 0 : userResponse.user) === null || _b === void 0 ? void 0 : _b.apiKeys) === null || _c === void 0 ? void 0 : _c.filter((k) => k.credential.type === credentialTypeMap[this.__recoveryType])) === null || _d === void 0 ? void 0 : _d.pop();
+            if (!recoveryCredential) {
+                return false;
+            }
+            const isExpired = this.isExpired(parseInt(recoveryCredential.createdAt.seconds, 10), TURNKEY_RECOVERY_CREDENTIAL_EXPIRATION_SECONDS);
+            if (isExpired) {
+                return false;
+            }
+            this.__createdAt = parseInt(recoveryCredential.createdAt.seconds, 10);
+            return true;
+        });
+        this.isExpired = (createdAtSeconds, expirationTimeSeconds) => {
+            const recoveryExpirationSeconds = createdAtSeconds + expirationTimeSeconds;
+            const expirationTime = new Date(recoveryExpirationSeconds * 1000);
+            if (new Date() >= expirationTime) {
+                return true;
+            }
+            return false;
+        };
+    }
+    get publicKey() {
+        return this.__publicKey;
+    }
+    get client() {
+        return this.__client;
+    }
+    get recoveryType() {
+        return this.__recoveryType;
+    }
+    get recoveryUserId() {
+        return this.__turnkeyRecoveryUserId || '';
+    }
+    set recoveryUserId(turnkeyRecoveryUserId) {
+        this.__turnkeyRecoveryUserId = turnkeyRecoveryUserId;
+    }
+    clear() {
+        var _a;
+        (_a = this.__iframeStamper) === null || _a === void 0 ? void 0 : _a.clear();
+        this.__recoveryType = undefined;
+        this.__iframeStamper = undefined;
+        this.__publicKey = undefined;
+        this.__client = undefined;
+        this.__turnkeyRecoveryUserId = undefined;
+        this.__createdAt = undefined;
+    }
+    initRecovery(authType, iframeContainer, iframeElementId, sessionExpiration) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.__recoveryType) {
+                this.clear();
+            }
+            this.__sessionExpiration = sessionExpiration;
+            this.__recoveryType = authType;
+            const iframeUrl = authType === 'passkey'
+                ? turnkeyPasskeyRecoveryUrl
+                : turnkeyEmailRecoveryUrl;
+            this.__iframeStamper = new IframeStamper({
+                iframeContainer,
+                iframeElementId,
+                iframeUrl,
+            });
+            yield this.__iframeStamper.init();
+            this.__publicKey = this.__iframeStamper.publicKey();
+            return this.__publicKey;
+        });
+    }
+    verifyRecoveryCode(recoveryBundle, organizationId) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.__iframeStamper) {
+                throw new DynamicError('Cannot proceed with your request');
+            }
+            try {
+                yield this.__iframeStamper.injectCredentialBundle(recoveryBundle);
+                this.__client = new TurnkeyClient({
+                    baseUrl: turnkeyBaseUrl,
+                }, this.__iframeStamper);
+                if (!organizationId || !this.__turnkeyRecoveryUserId) {
+                    throw new DynamicError('Cannot proceed with your request');
+                }
+                if (!(yield this.isValidCode(organizationId))) {
+                    throw new DynamicError('The code is invalid or expired.');
+                }
+            }
+            catch (err) {
+                logger.error('Error while verifying recovery code', err);
+                if (err instanceof DynamicError) {
+                    throw err;
+                }
+                throw new DynamicError('The code is invalid or expired.');
+            }
+        });
+    }
+    completeRecovery(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ attestation, challenge, turnkeySubOrganizationId, }) {
+            if (!this.__client || !this.__turnkeyRecoveryUserId) {
+                throw new DynamicError('Cannot proceed with your request');
+            }
+            try {
+                return this.__client.recoverUser({
+                    organizationId: turnkeySubOrganizationId,
+                    parameters: {
+                        authenticator: {
+                            attestation: attestation,
+                            authenticatorName: 'Passkey',
+                            challenge,
+                        },
+                        userId: this.__turnkeyRecoveryUserId,
+                    },
+                    timestampMs: String(Date.now()),
+                    type: 'ACTIVITY_TYPE_RECOVER_USER',
+                });
+            }
+            catch (err) {
+                logger.error('Error while completing recovery process', err);
+                throw err;
+            }
+        });
+    }
+    addPasskeyAuthenticator(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ attestation, challenge, turnkeySubOrganizationId, }) {
+            if (!this.__client || !this.__turnkeyRecoveryUserId) {
+                throw new DynamicError('Cannot proceed with your request');
+            }
+            try {
+                return this.__client.createAuthenticators({
+                    organizationId: turnkeySubOrganizationId,
+                    parameters: {
+                        authenticators: [
+                            {
+                                attestation: attestation,
+                                authenticatorName: 'Passkey',
+                                challenge,
+                            },
+                        ],
+                        userId: this.__turnkeyRecoveryUserId,
+                    },
+                    timestampMs: String(Date.now()),
+                    type: 'ACTIVITY_TYPE_CREATE_AUTHENTICATORS_V2',
+                });
+            }
+            catch (err) {
+                logger.error('Error while creating new authenticator', err);
+                throw err;
+            }
+        });
+    }
+    addEmailRecovery(_a) {
+        return __awaiter(this, arguments, void 0, function* ({ organizationId, email, turnkeyUserId, }) {
+            let rpId = getTLD();
+            if (!rpId) {
+                rpId = PlatformService.getHostname();
+            }
+            const stamper = PasskeyService.createWebauthnStamper({
+                rpId,
+            });
+            const client = new TurnkeyClient({
+                baseUrl: turnkeyBaseUrl,
+            }, stamper);
+            try {
+                const signedRequest = yield client.stampUpdateUser({
+                    organizationId,
+                    parameters: {
+                        userEmail: email,
+                        userId: turnkeyUserId,
+                        userTagIds: [],
+                    },
+                    timestampMs: String(Date.now()),
+                    type: 'ACTIVITY_TYPE_UPDATE_USER',
+                });
+                return { signedRequest, userId: turnkeyUserId };
+            }
+            catch (err) {
+                logger.error('Error while adding email recovery', err);
+                throw err;
+            }
+        });
+    }
+}
+const turnkeyAuthenticatorRecoveryHandler = new TurnkeyAuthenticatorRecoveryHandler();
+
+export { turnkeyAuthenticatorRecoveryHandler };

package/src/lib/AuthenticatorHandler/index.d.ts

@@ -0,0 +1 @@
+export { turnkeyAuthenticatorRecoveryHandler } from './TurnkeyAuthenticatorRecoveryHandler';

package/src/lib/ExportHandler/ExportHandler.cjs

@@ -0,0 +1,141 @@
+'use client'
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var _tslib = require('../../../_virtual/_tslib.cjs');
+var iframeStamper = require('@turnkey/iframe-stamper');
+var http = require('@turnkey/http');
+var utils = require('@dynamic-labs/utils');
+var walletConnectorCore = require('@dynamic-labs/wallet-connector-core');
+var TurnkeyAuthenticatorRecoveryHandler = require('../AuthenticatorHandler/TurnkeyAuthenticatorRecoveryHandler.cjs');
+var PasskeyService = require('../utils/PasskeyService/PasskeyService.cjs');
+
+const turnkeyBaseUrl = 'https://api.turnkey.com';
+const turnkeyExportUrl = 'https://export.turnkey.com';
+class ExportHandler {
+    get publicKey() {
+        return this.__publicKey;
+    }
+    clear() {
+        var _a;
+        (_a = this.__iframeStamper) === null || _a === void 0 ? void 0 : _a.clear();
+        this.__iframeStamper = undefined;
+        this.__publicKey = undefined;
+        this.__turnkeyClient = undefined;
+    }
+    initExport(iframeContainer, iframeElementId) {
+        return _tslib.__awaiter(this, void 0, void 0, function* () {
+            this.__iframeStamper = new iframeStamper.IframeStamper({
+                iframeContainer,
+                iframeElementId,
+                iframeUrl: turnkeyExportUrl,
+            });
+            yield this.__iframeStamper.init();
+            this.__publicKey = this.__iframeStamper.publicKey();
+            if (TurnkeyAuthenticatorRecoveryHandler.turnkeyAuthenticatorRecoveryHandler.isSessionActive()) {
+                this.__turnkeyClient = TurnkeyAuthenticatorRecoveryHandler.turnkeyAuthenticatorRecoveryHandler.client;
+            }
+            else {
+                let rpId = utils.getTLD();
+                if (!rpId) {
+                    rpId = utils.PlatformService.getHostname();
+                }
+                const passkeyStamper = PasskeyService.PasskeyService.createWebauthnStamper({
+                    rpId,
+                });
+                const apiKeyStamper = ExportHandler === null || ExportHandler === void 0 ? void 0 : ExportHandler.apiKeyStamper;
+                const stamper = apiKeyStamper !== null && apiKeyStamper !== void 0 ? apiKeyStamper : passkeyStamper;
+                this.__turnkeyClient = new http.TurnkeyClient({
+                    baseUrl: turnkeyBaseUrl,
+                }, stamper);
+            }
+            return this.__publicKey;
+        });
+    }
+    verifyExportWallet(_a) {
+        return _tslib.__awaiter(this, arguments, void 0, function* ({ exportBundle, organizationId, }) {
+            if (!this.__iframeStamper) {
+                throw new utils.DynamicError('Cannot proceed with your request');
+            }
+            try {
+                return yield this.__iframeStamper.injectWalletExportBundle(exportBundle, organizationId);
+            }
+            catch (err) {
+                walletConnectorCore.logger.error('Error while verifying export wallet', err);
+                throw err;
+            }
+        });
+    }
+    verifyExportPrivateKey(_a) {
+        return _tslib.__awaiter(this, arguments, void 0, function* ({ exportBundle, organizationId, chain, }) {
+            if (!this.__iframeStamper) {
+                throw new utils.DynamicError('Cannot proceed with your request');
+            }
+            try {
+                return yield this.__iframeStamper.injectKeyExportBundle(exportBundle, organizationId, chain === 'solana' ? iframeStamper.KeyFormat.Solana : iframeStamper.KeyFormat.Hexadecimal);
+            }
+            catch (err) {
+                walletConnectorCore.logger.error('Error while verifying export private key', err);
+                throw err;
+            }
+        });
+    }
+    exportPrivateKey(_a) {
+        return _tslib.__awaiter(this, arguments, void 0, function* ({ privateKeyId, organizationId, }) {
+            if (!this.__iframeStamper ||
+                !this.__publicKey ||
+                !this.__turnkeyClient ||
+                !privateKeyId) {
+                throw new utils.DynamicError('Cannot proceed with your request');
+            }
+            try {
+                const newActivity = yield this.__turnkeyClient.exportPrivateKey({
+                    organizationId,
+                    parameters: { privateKeyId, targetPublicKey: this.__publicKey },
+                    timestampMs: String(Date.now()),
+                    type: 'ACTIVITY_TYPE_EXPORT_PRIVATE_KEY',
+                });
+                return newActivity.activity;
+            }
+            catch (err) {
+                walletConnectorCore.logger.error('Error while completing export private key process', err);
+                throw err;
+            }
+        });
+    }
+    exportWallet(_a) {
+        return _tslib.__awaiter(this, arguments, void 0, function* ({ walletId, organizationId, address, }) {
+            if (!this.__iframeStamper ||
+                !this.__publicKey ||
+                !this.__turnkeyClient ||
+                !walletId) {
+                throw new utils.DynamicError('Cannot proceed with your request');
+            }
+            try {
+                if (address) {
+                    const newActivity = yield this.__turnkeyClient.exportWalletAccount({
+                        organizationId,
+                        parameters: { address, targetPublicKey: this.__publicKey },
+                        timestampMs: String(Date.now()),
+                        type: 'ACTIVITY_TYPE_EXPORT_WALLET_ACCOUNT',
+                    });
+                    return newActivity.activity;
+                }
+                const newActivity = yield this.__turnkeyClient.exportWallet({
+                    organizationId,
+                    parameters: { targetPublicKey: this.__publicKey, walletId },
+                    timestampMs: String(Date.now()),
+                    type: 'ACTIVITY_TYPE_EXPORT_WALLET',
+                });
+                return newActivity.activity;
+            }
+            catch (err) {
+                walletConnectorCore.logger.error('Error while completing export wallet process', err);
+                throw err;
+            }
+        });
+    }
+}
+
+exports.ExportHandler = ExportHandler;