@edge-markets/connect-link 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -20,16 +20,18 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
20
20
  // src/index.ts
21
21
  var index_exports = {};
22
22
  __export(index_exports, {
23
- ALL_EDGE_SCOPES: () => import_connect3.ALL_EDGE_SCOPES,
24
- EDGE_SCOPES: () => import_connect3.EDGE_SCOPES,
25
- EdgeError: () => import_connect2.EdgeError,
23
+ ALL_EDGE_SCOPES: () => import_connect4.ALL_EDGE_SCOPES,
24
+ EDGE_SCOPES: () => import_connect4.EDGE_SCOPES,
25
+ EdgeError: () => import_connect3.EdgeError,
26
26
  EdgeLink: () => EdgeLink,
27
- EdgePopupBlockedError: () => import_connect2.EdgePopupBlockedError,
28
- EdgeStateMismatchError: () => import_connect2.EdgeStateMismatchError,
27
+ EdgePopupBlockedError: () => import_connect3.EdgePopupBlockedError,
28
+ EdgeStateMismatchError: () => import_connect3.EdgeStateMismatchError,
29
+ EdgeTransferVerify: () => EdgeTransferVerify,
30
+ IframeManager: () => IframeManager,
29
31
  assertCryptoAvailable: () => assertCryptoAvailable,
30
32
  generatePKCE: () => generatePKCE,
31
33
  generateState: () => generateState,
32
- isEdgeError: () => import_connect2.isEdgeError,
34
+ isEdgeError: () => import_connect3.isEdgeError,
33
35
  useEdgeLink: () => useEdgeLink
34
36
  });
35
37
  module.exports = __toCommonJS(index_exports);
@@ -645,9 +647,546 @@ function useEdgeLink(config) {
645
647
  return { open, ready, error, isOpen };
646
648
  }
647
649
 
648
- // src/index.ts
650
+ // src/edge-transfer-verify.ts
649
651
  var import_connect2 = require("@edge-markets/connect");
652
+
653
+ // src/iframe-manager.ts
654
+ var DEFAULT_TITLE = "EDGE Connect Transfer Verification";
655
+ var IFRAME_SANDBOX = "allow-scripts allow-same-origin allow-forms";
656
+ var IframeManager = class {
657
+ constructor() {
658
+ this.iframe = null;
659
+ this.loadingEl = null;
660
+ this.container = null;
661
+ this.callbacks = {};
662
+ }
663
+ /**
664
+ * Creates and mounts the iframe into the provided container.
665
+ *
666
+ * Displays a branded loading state while the iframe loads,
667
+ * then swaps to the iframe once it's ready.
668
+ *
669
+ * @param config - Iframe configuration
670
+ * @param callbacks - Optional lifecycle callbacks
671
+ */
672
+ mount(config, callbacks = {}) {
673
+ this.destroy();
674
+ this.container = config.container;
675
+ this.callbacks = callbacks;
676
+ this.renderLoadingState(config.container);
677
+ this.iframe = document.createElement("iframe");
678
+ this.iframe.src = config.url;
679
+ this.iframe.width = config.width || "100%";
680
+ this.iframe.height = config.height || "100%";
681
+ this.iframe.title = config.title || DEFAULT_TITLE;
682
+ this.iframe.setAttribute("sandbox", IFRAME_SANDBOX);
683
+ this.iframe.setAttribute("allow", "clipboard-write");
684
+ this.iframe.style.border = "none";
685
+ this.iframe.style.display = "none";
686
+ this.iframe.style.width = config.width || "100%";
687
+ this.iframe.style.height = config.height || "100%";
688
+ this.iframe.style.minHeight = "400px";
689
+ this.iframe.style.borderRadius = "8px";
690
+ this.iframe.addEventListener("load", () => {
691
+ this.hideLoadingState();
692
+ this.callbacks.onLoad?.();
693
+ });
694
+ this.iframe.addEventListener("error", () => {
695
+ this.hideLoadingState();
696
+ const error = new Error("Failed to load transfer verification iframe");
697
+ this.callbacks.onError?.(error);
698
+ });
699
+ config.container.appendChild(this.iframe);
700
+ }
701
+ /**
702
+ * Gets the iframe's content window for postMessage communication.
703
+ *
704
+ * @returns The iframe's contentWindow, or null if not mounted
705
+ */
706
+ getContentWindow() {
707
+ return this.iframe?.contentWindow ?? null;
708
+ }
709
+ /**
710
+ * Checks if the iframe is currently mounted in the DOM.
711
+ */
712
+ isMounted() {
713
+ return this.iframe !== null && this.iframe.isConnected;
714
+ }
715
+ /**
716
+ * Removes the iframe and loading state from the DOM.
717
+ * Cleans up all references for garbage collection.
718
+ */
719
+ destroy() {
720
+ if (this.loadingEl && this.loadingEl.parentNode) {
721
+ this.loadingEl.parentNode.removeChild(this.loadingEl);
722
+ }
723
+ this.loadingEl = null;
724
+ if (this.iframe && this.iframe.parentNode) {
725
+ this.iframe.parentNode.removeChild(this.iframe);
726
+ }
727
+ this.iframe = null;
728
+ this.container = null;
729
+ this.callbacks = {};
730
+ }
731
+ // ===========================================================================
732
+ // PRIVATE METHODS
733
+ // ===========================================================================
734
+ /**
735
+ * Renders a branded loading state in the container.
736
+ *
737
+ * This displays immediately while the iframe loads the verification URL.
738
+ * Matches the visual style of the PopupManager loading state.
739
+ */
740
+ renderLoadingState(container) {
741
+ this.loadingEl = document.createElement("div");
742
+ this.loadingEl.setAttribute("data-edge-loading", "true");
743
+ this.loadingEl.innerHTML = `
744
+ <div style="
745
+ display: flex;
746
+ align-items: center;
747
+ justify-content: center;
748
+ min-height: 400px;
749
+ background: linear-gradient(135deg, #1a1a2e 0%, #16213e 50%, #0f3460 100%);
750
+ border-radius: 8px;
751
+ color: white;
752
+ font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif;
753
+ ">
754
+ <div style="text-align: center; padding: 40px;">
755
+ <div style="
756
+ width: 64px;
757
+ height: 64px;
758
+ margin: 0 auto 24px;
759
+ background: linear-gradient(135deg, #00d4aa 0%, #00a080 100%);
760
+ border-radius: 16px;
761
+ display: flex;
762
+ align-items: center;
763
+ justify-content: center;
764
+ font-size: 28px;
765
+ font-weight: bold;
766
+ box-shadow: 0 8px 32px rgba(0, 212, 170, 0.3);
767
+ ">E</div>
768
+ <div style="
769
+ width: 40px;
770
+ height: 40px;
771
+ border: 3px solid rgba(255, 255, 255, 0.2);
772
+ border-top-color: #00d4aa;
773
+ border-radius: 50%;
774
+ animation: edge-spin 1s linear infinite;
775
+ margin: 0 auto 24px;
776
+ "></div>
777
+ <h1 style="
778
+ font-size: 22px;
779
+ font-weight: 600;
780
+ margin-bottom: 8px;
781
+ letter-spacing: -0.5px;
782
+ ">Transfer Verification</h1>
783
+ <p style="
784
+ font-size: 15px;
785
+ color: rgba(255, 255, 255, 0.7);
786
+ line-height: 1.5;
787
+ ">Loading secure verification...</p>
788
+ <div style="
789
+ display: flex;
790
+ align-items: center;
791
+ justify-content: center;
792
+ gap: 6px;
793
+ margin-top: 32px;
794
+ font-size: 13px;
795
+ color: rgba(255, 255, 255, 0.5);
796
+ ">
797
+ <svg width="14" height="14" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
798
+ <rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect>
799
+ <path d="M7 11V7a5 5 0 0 1 10 0v4"></path>
800
+ </svg>
801
+ <span>256-bit encryption</span>
802
+ </div>
803
+ </div>
804
+ </div>
805
+ <style>
806
+ @keyframes edge-spin {
807
+ to { transform: rotate(360deg); }
808
+ }
809
+ </style>
810
+ `;
811
+ container.appendChild(this.loadingEl);
812
+ }
813
+ /**
814
+ * Hides the loading state and shows the iframe.
815
+ */
816
+ hideLoadingState() {
817
+ if (this.loadingEl && this.loadingEl.parentNode) {
818
+ this.loadingEl.parentNode.removeChild(this.loadingEl);
819
+ this.loadingEl = null;
820
+ }
821
+ if (this.iframe) {
822
+ this.iframe.style.display = "block";
823
+ }
824
+ }
825
+ };
826
+
827
+ // src/edge-transfer-verify.ts
828
+ function generateNonce() {
829
+ const array = new Uint8Array(32);
830
+ crypto.getRandomValues(array);
831
+ return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join("");
832
+ }
833
+ function isValidTransferVerifyMessage(data) {
834
+ if (!data || typeof data !== "object") return false;
835
+ const msg = data;
836
+ const validTypes = [
837
+ "edge:transfer-verify:success",
838
+ "edge:transfer-verify:error",
839
+ "edge:transfer-verify:cancel",
840
+ "edge:transfer-verify:expired",
841
+ "edge:transfer-verify:loaded"
842
+ ];
843
+ if (typeof msg.type !== "string" || !validTypes.includes(msg.type)) {
844
+ return false;
845
+ }
846
+ if (typeof msg.sessionId !== "string" || msg.sessionId.length === 0) return false;
847
+ if (typeof msg.transferId !== "string" || msg.transferId.length === 0) return false;
848
+ if (typeof msg.nonce !== "string" || msg.nonce.length === 0) return false;
849
+ if (typeof msg.timestamp !== "string" || msg.timestamp.length === 0) return false;
850
+ if (msg.error !== void 0 && typeof msg.error !== "string") return false;
851
+ return true;
852
+ }
853
+ var EdgeTransferVerify = class {
854
+ /**
855
+ * Creates a new EdgeTransferVerify instance.
856
+ *
857
+ * @param config - Configuration options
858
+ * @throws Error if required config is missing or invalid
859
+ */
860
+ constructor(config) {
861
+ this.popupManager = null;
862
+ this.iframeManager = null;
863
+ this.messageHandler = null;
864
+ this.isDestroyed = false;
865
+ this.isOpened = false;
866
+ if (!config.verificationUrl) {
867
+ throw new Error("EdgeTransferVerify: verificationUrl is required");
868
+ }
869
+ if (!config.sessionId) {
870
+ throw new Error("EdgeTransferVerify: sessionId is required");
871
+ }
872
+ const mode = config.mode || "iframe";
873
+ if (mode === "iframe" && !config.container) {
874
+ throw new Error("EdgeTransferVerify: container is required for iframe mode");
875
+ }
876
+ this.config = config;
877
+ this.mode = mode;
878
+ this.nonce = config.nonce || generateNonce();
879
+ this.expectedOrigin = new URL(config.verificationUrl).origin;
880
+ this.setupMessageListener();
881
+ }
882
+ // ===========================================================================
883
+ // PUBLIC API
884
+ // ===========================================================================
885
+ /**
886
+ * Opens the transfer verification UI.
887
+ *
888
+ * In iframe mode, this mounts the iframe into the configured container.
889
+ * In popup mode, this opens a popup window.
890
+ *
891
+ * **Popup mode MUST be called directly from a user click handler!**
892
+ * Iframe mode can be called from any context.
893
+ *
894
+ * @throws EdgePopupBlockedError if popup mode and popup is blocked
895
+ * @throws Error if the instance has been destroyed or is already open
896
+ *
897
+ * @example
898
+ * ```typescript
899
+ * // Iframe mode — can call anywhere
900
+ * verify.open()
901
+ *
902
+ * // Popup mode — must call from click handler
903
+ * button.onclick = () => verify.open()
904
+ * ```
905
+ */
906
+ open() {
907
+ if (this.isDestroyed) {
908
+ throw new Error("EdgeTransferVerify: Cannot open - instance has been destroyed");
909
+ }
910
+ if (this.isOpened) {
911
+ if (this.mode === "popup" && this.popupManager?.isOpen()) {
912
+ this.popupManager.focus();
913
+ return;
914
+ }
915
+ if (this.mode === "iframe" && this.iframeManager?.isMounted()) {
916
+ return;
917
+ }
918
+ }
919
+ const url = this.buildVerificationUrl();
920
+ if (this.mode === "popup") {
921
+ this.openPopup(url);
922
+ } else {
923
+ this.openIframe(url);
924
+ }
925
+ this.isOpened = true;
926
+ }
927
+ /**
928
+ * Closes the verification UI.
929
+ *
930
+ * In popup mode, closes the popup window.
931
+ * In iframe mode, removes the iframe from the container.
932
+ * Does not trigger any callbacks.
933
+ */
934
+ close() {
935
+ if (this.mode === "popup") {
936
+ this.popupManager?.close();
937
+ this.popupManager = null;
938
+ } else {
939
+ this.iframeManager?.destroy();
940
+ this.iframeManager = null;
941
+ }
942
+ this.isOpened = false;
943
+ }
944
+ /**
945
+ * Destroys the EdgeTransferVerify instance.
946
+ *
947
+ * Closes the UI, removes the postMessage listener, and cleans up all resources.
948
+ * After destroy(), the instance cannot be reused.
949
+ *
950
+ * @example
951
+ * ```typescript
952
+ * // React cleanup
953
+ * useEffect(() => {
954
+ * const verify = new EdgeTransferVerify({ ... })
955
+ * verify.open()
956
+ * return () => verify.destroy()
957
+ * }, [])
958
+ * ```
959
+ */
960
+ destroy() {
961
+ this.isDestroyed = true;
962
+ this.close();
963
+ this.removeMessageListener();
964
+ }
965
+ /**
966
+ * Checks if the verification UI is currently displayed.
967
+ */
968
+ isOpen() {
969
+ if (this.mode === "popup") {
970
+ return this.popupManager?.isOpen() ?? false;
971
+ }
972
+ return this.iframeManager?.isMounted() ?? false;
973
+ }
974
+ /**
975
+ * Returns the nonce being used for this verification session.
976
+ * Useful for debugging and logging.
977
+ */
978
+ getNonce() {
979
+ return this.nonce;
980
+ }
981
+ // ===========================================================================
982
+ // PRIVATE — LAUNCH METHODS
983
+ // ===========================================================================
984
+ /**
985
+ * Builds the verification URL with nonce and parent origin parameters.
986
+ *
987
+ * Appends:
988
+ * - `nonce` — for replay protection / message correlation
989
+ * - `origin` — so the verification page knows where to postMessage back to
990
+ */
991
+ buildVerificationUrl() {
992
+ const url = new URL(this.config.verificationUrl);
993
+ url.searchParams.set("nonce", this.nonce);
994
+ url.searchParams.set("origin", window.location.origin);
995
+ return url.toString();
996
+ }
997
+ /**
998
+ * Opens the verification UI in a popup window.
999
+ *
1000
+ * Uses PopupManager from the existing EdgeLink infrastructure.
1001
+ * The popup opens immediately (preserving user gesture) and navigates
1002
+ * to the verification URL.
1003
+ *
1004
+ * @param url - The verification URL to load
1005
+ * @throws EdgePopupBlockedError if the popup is blocked
1006
+ */
1007
+ openPopup(url) {
1008
+ this.popupManager = new PopupManager();
1009
+ const win = this.popupManager.open({
1010
+ onUserClose: () => this.handleUserClose()
1011
+ });
1012
+ if (!win) {
1013
+ this.popupManager = null;
1014
+ this.config.onError?.({
1015
+ type: "edge:transfer-verify:error",
1016
+ sessionId: this.config.sessionId,
1017
+ transferId: "",
1018
+ nonce: this.nonce,
1019
+ timestamp: (/* @__PURE__ */ new Date()).toISOString(),
1020
+ error: "Popup was blocked by the browser. Please allow popups for this site."
1021
+ });
1022
+ throw new import_connect2.EdgePopupBlockedError();
1023
+ }
1024
+ this.popupManager.navigateTo(url);
1025
+ }
1026
+ /**
1027
+ * Opens the verification UI in an iframe.
1028
+ *
1029
+ * Uses IframeManager to create and mount the iframe into the configured container.
1030
+ *
1031
+ * @param url - The verification URL to load
1032
+ */
1033
+ openIframe(url) {
1034
+ this.iframeManager = new IframeManager();
1035
+ this.iframeManager.mount(
1036
+ {
1037
+ url,
1038
+ container: this.config.container,
1039
+ title: "EDGE Connect Transfer Verification"
1040
+ },
1041
+ {
1042
+ onError: (error) => {
1043
+ this.config.onError?.({
1044
+ type: "edge:transfer-verify:error",
1045
+ sessionId: this.config.sessionId,
1046
+ transferId: "",
1047
+ nonce: this.nonce,
1048
+ timestamp: (/* @__PURE__ */ new Date()).toISOString(),
1049
+ error: error.message
1050
+ });
1051
+ }
1052
+ }
1053
+ );
1054
+ }
1055
+ // ===========================================================================
1056
+ // PRIVATE — MESSAGE HANDLING
1057
+ // ===========================================================================
1058
+ /**
1059
+ * Sets up the postMessage listener for receiving events from the verification page.
1060
+ *
1061
+ * SECURITY: Every incoming message is validated for:
1062
+ * 1. Origin matches the expected EDGE verification origin
1063
+ * 2. Message schema matches TransferVerifyMessage
1064
+ * 3. Nonce matches the nonce we sent
1065
+ * 4. SessionId matches the session we opened
1066
+ */
1067
+ setupMessageListener() {
1068
+ this.messageHandler = (event) => {
1069
+ if (event.origin !== this.expectedOrigin) {
1070
+ return;
1071
+ }
1072
+ const data = event.data;
1073
+ if (!isValidTransferVerifyMessage(data)) {
1074
+ return;
1075
+ }
1076
+ if (data.nonce !== this.nonce) {
1077
+ return;
1078
+ }
1079
+ if (data.sessionId !== this.config.sessionId) {
1080
+ return;
1081
+ }
1082
+ const verifiedEvent = {
1083
+ type: data.type,
1084
+ sessionId: data.sessionId,
1085
+ transferId: data.transferId,
1086
+ nonce: data.nonce,
1087
+ timestamp: data.timestamp,
1088
+ error: data.error
1089
+ };
1090
+ this.config.onEvent?.(verifiedEvent);
1091
+ switch (data.type) {
1092
+ case "edge:transfer-verify:success":
1093
+ this.handleSuccess(verifiedEvent);
1094
+ break;
1095
+ case "edge:transfer-verify:error":
1096
+ this.handleError(verifiedEvent);
1097
+ break;
1098
+ case "edge:transfer-verify:cancel":
1099
+ this.handleCancel(verifiedEvent);
1100
+ break;
1101
+ case "edge:transfer-verify:expired":
1102
+ this.handleExpired(verifiedEvent);
1103
+ break;
1104
+ case "edge:transfer-verify:loaded":
1105
+ this.handleLoaded(verifiedEvent);
1106
+ break;
1107
+ }
1108
+ };
1109
+ window.addEventListener("message", this.messageHandler);
1110
+ }
1111
+ /**
1112
+ * Removes the postMessage listener.
1113
+ */
1114
+ removeMessageListener() {
1115
+ if (this.messageHandler) {
1116
+ window.removeEventListener("message", this.messageHandler);
1117
+ this.messageHandler = null;
1118
+ }
1119
+ }
1120
+ // ===========================================================================
1121
+ // PRIVATE — EVENT HANDLERS
1122
+ // ===========================================================================
1123
+ /**
1124
+ * Handles a successful verification event.
1125
+ *
1126
+ * Closes the UI and notifies the consumer.
1127
+ */
1128
+ handleSuccess(event) {
1129
+ this.close();
1130
+ this.config.onSuccess?.(event);
1131
+ }
1132
+ /**
1133
+ * Handles a verification error event.
1134
+ *
1135
+ * Does NOT close the UI — the verification page may allow retry.
1136
+ * The consumer can call close() or destroy() if they want to dismiss.
1137
+ */
1138
+ handleError(event) {
1139
+ this.config.onError?.(event);
1140
+ }
1141
+ /**
1142
+ * Handles a cancellation event from the user.
1143
+ *
1144
+ * Closes the UI and notifies the consumer.
1145
+ */
1146
+ handleCancel(event) {
1147
+ this.close();
1148
+ this.config.onCancel?.(event);
1149
+ }
1150
+ /**
1151
+ * Handles a session/OTP expiration event.
1152
+ *
1153
+ * Closes the UI and notifies the consumer.
1154
+ */
1155
+ handleExpired(event) {
1156
+ this.close();
1157
+ this.config.onExpired?.(event);
1158
+ }
1159
+ /**
1160
+ * Handles the loaded event from the verification page.
1161
+ *
1162
+ * The verification UI is ready for user interaction.
1163
+ */
1164
+ handleLoaded(event) {
1165
+ this.config.onLoaded?.(event);
1166
+ }
1167
+ /**
1168
+ * Handles user closing the popup manually (popup mode only).
1169
+ *
1170
+ * Treated as a cancellation — we fire onCancel with a synthetic event.
1171
+ */
1172
+ handleUserClose() {
1173
+ this.isOpened = false;
1174
+ this.popupManager = null;
1175
+ const syntheticEvent = {
1176
+ type: "edge:transfer-verify:cancel",
1177
+ sessionId: this.config.sessionId,
1178
+ transferId: "",
1179
+ nonce: this.nonce,
1180
+ timestamp: (/* @__PURE__ */ new Date()).toISOString()
1181
+ };
1182
+ this.config.onEvent?.(syntheticEvent);
1183
+ this.config.onCancel?.(syntheticEvent);
1184
+ }
1185
+ };
1186
+
1187
+ // src/index.ts
650
1188
  var import_connect3 = require("@edge-markets/connect");
1189
+ var import_connect4 = require("@edge-markets/connect");
651
1190
  // Annotate the CommonJS export names for ESM import in node:
652
1191
  0 && (module.exports = {
653
1192
  ALL_EDGE_SCOPES,
@@ -656,6 +1195,8 @@ var import_connect3 = require("@edge-markets/connect");
656
1195
  EdgeLink,
657
1196
  EdgePopupBlockedError,
658
1197
  EdgeStateMismatchError,
1198
+ EdgeTransferVerify,
1199
+ IframeManager,
659
1200
  assertCryptoAvailable,
660
1201
  generatePKCE,
661
1202
  generateState,