@embarkai/ui-kit 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +977 -0
  3. package/dist/iframe/_headers +49 -0
  4. package/dist/iframe/dkls23_wasm_bg.wasm +0 -0
  5. package/dist/iframe/index.html +881 -0
  6. package/dist/iframe/kyc/sumsub.html +102 -0
  7. package/dist/iframe/kyc/sumsub.js +237 -0
  8. package/dist/iframe/lumia-logo.svg +1 -0
  9. package/dist/iframe/main.js +5180 -0
  10. package/dist/iframe/main.js.map +1 -0
  11. package/dist/iframe/oauth/telegram.html +129 -0
  12. package/dist/iframe/oauth/telegram.js +112 -0
  13. package/dist/iframe/oauth/x.html +162 -0
  14. package/dist/iframe/oauth/x.js +436 -0
  15. package/dist/index.cjs +21115 -0
  16. package/dist/index.cjs.map +1 -0
  17. package/dist/index.d.cts +2719 -0
  18. package/dist/index.d.ts +2719 -0
  19. package/dist/index.js +20978 -0
  20. package/dist/index.js.map +1 -0
  21. package/dist/styles.css +1 -0
  22. package/package.json +96 -0
package/dist/iframe/_headers ADDED
@@ -0,0 +1,49 @@
1
+ # Cloudflare Pages Headers Configuration for Iframe Wallet
2
+ # This file configures security headers for the iframe at auth.lumiapassport.com
3
+
4
+ /*
5
+ # Content Security Policy - Strict security policy for iframe
6
+ # IMPORTANT: frame-ancestors 'https:' allows embedding on any HTTPS site
7
+ # Domain validation is performed via projectId check in JavaScript
8
+ # connect-src whitelist: only allowed TSS servers (where the second key share is stored) and lumiapassport.com subdomains
9
+ # script-src: Added https://telegram.org for Telegram Login Widget
10
+ # script-src: Added 'unsafe-eval' required by Telegram Widget (uses eval for callbacks)
11
+ # frame-src: Added https://oauth.telegram.org for Telegram OAuth iframe
12
+ # NOTE: http://localhost:* in frame-ancestors is for development testing only
13
+ Content-Security-Policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval' 'unsafe-eval' https://telegram.org https://static.sumsub.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self'; connect-src 'self' https://*.lumiapassport.com https://*.sumsub.com; frame-src https://oauth.telegram.org https://*.sumsub.com; frame-ancestors https: http://localhost:*; base-uri 'self'; form-action 'self';
14
+
15
+ # Allow iframe embedding from HTTPS sites (domain validation in JS)
16
+ # X-Frame-Options is NOT set (CSP frame-ancestors takes precedence)
17
+
18
+ # Prevent MIME type sniffing
19
+ X-Content-Type-Options: nosniff
20
+
21
+ # Referrer policy
22
+ Referrer-Policy: strict-origin-when-cross-origin
23
+
24
+ # Permissions policy (camera, microphone, geolocation needed for Sumsub KYC)
25
+ Permissions-Policy: geolocation=(self "https://*.sumsub.com"), microphone=(self "https://*.sumsub.com"), camera=(self "https://*.sumsub.com"), payment=(), usb=(), magnetometer=(), gyroscope=()
26
+
27
+ # HSTS - Force HTTPS (uncomment for production)
28
+ # Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
29
+
30
+ # CORS headers - Allow postMessage from any origin (we validate in JS)
31
+ Access-Control-Allow-Origin: *
32
+ Access-Control-Allow-Methods: GET, OPTIONS
33
+ Access-Control-Allow-Headers: Content-Type
34
+
35
+ # Cache control for HTML
36
+ Cache-Control: public, max-age=0, must-revalidate
37
+
38
+ /*.js
39
+ # Cache JavaScript files for 1 year
40
+ Cache-Control: public, max-age=31536000, immutable
41
+
42
+ /*.css
43
+ # Cache CSS files for 1 year
44
+ Cache-Control: public, max-age=31536000, immutable
45
+
46
+ /*.wasm
47
+ # Cache WASM files for 1 year
48
+ Cache-Control: public, max-age=31536000, immutable
49
+ Content-Type: application/wasm
package/dist/iframe/dkls23_wasm_bg.wasm ADDED
Binary file