npm - @farcaster/snap - Versions diffs - 1.17.2 → 1.18.0 - Mend

@farcaster/snap 1.17.2 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/schemas.d.ts +6 -11
package/dist/schemas.js +2 -9
package/dist/server/parseRequest.js +20 -27
package/package.json +1 -1
package/src/schemas.ts +2 -9
package/src/server/parseRequest.ts +21 -31

package/dist/schemas.d.ts CHANGED Viewed

@@ -68,17 +68,12 @@ export type SnapHandlerResult = {
     effects?: z.input<typeof snapResponseSchema>["effects"];
     ui: SnapSpecInput;
 };
-/**
- * @deprecated `nonce` and `audience` are currently optional for backward
- * compatibility but will become **required** in a future major version.
- * Clients should always include both fields.
- */
 export declare const payloadSchema: z.ZodObject<{
     fid: z.ZodNumber;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodOptional<z.ZodString>;
-    audience: z.ZodOptional<z.ZodString>;
+    nonce: z.ZodString;
+    audience: z.ZodString;
 }, z.core.$strip>;
 export type SnapPayload = z.infer<typeof payloadSchema>;
 export declare const ACTION_TYPE_GET: "get";
@@ -91,8 +86,8 @@ declare const snapPostActionSchema: z.ZodObject<{
     fid: z.ZodNumber;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodOptional<z.ZodString>;
-    audience: z.ZodOptional<z.ZodString>;
+    nonce: z.ZodString;
+    audience: z.ZodString;
     type: z.ZodLiteral<"post">;
 }, z.core.$strip>;
 export type SnapPostAction = z.infer<typeof snapPostActionSchema>;
@@ -102,8 +97,8 @@ export declare const snapActionSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     fid: z.ZodNumber;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodOptional<z.ZodString>;
-    audience: z.ZodOptional<z.ZodString>;
+    nonce: z.ZodString;
+    audience: z.ZodString;
     type: z.ZodLiteral<"post">;
 }, z.core.$strip>], "type">;
 export type SnapAction = z.infer<typeof snapActionSchema>;

package/dist/schemas.js CHANGED Viewed

@@ -31,20 +31,13 @@ const postInputValueSchema = z.union([
     z.boolean(),
     z.array(z.string()),
 ]);
-/**
- * @deprecated `nonce` and `audience` are currently optional for backward
- * compatibility but will become **required** in a future major version.
- * Clients should always include both fields.
- */
 export const payloadSchema = z
     .object({
     fid: z.number().int().nonnegative(),
     inputs: z.record(z.string(), postInputValueSchema).default({}),
     timestamp: z.number().int(),
-    /** @deprecated Will become required. Clients should always send a unique nonce. */
-    nonce: z.string().optional(),
-    /** @deprecated Will become required. Clients should always send the target server origin. */
-    audience: z.string().optional(),
+    nonce: z.string(),
+    audience: z.string(),
 })
     .strip();
 export const ACTION_TYPE_GET = "get";

package/dist/server/parseRequest.js CHANGED Viewed

@@ -77,36 +77,29 @@ export async function parseRequest(request, options = {}) {
             },
         };
     }
-    // Deprecation: nonce and audience will become required in a future major version.
-    if (body.nonce === undefined || body.audience === undefined) {
-        console.warn("[snap] POST payload is missing nonce and/or audience. " +
-            "These fields will be required in a future major version. " +
-            "Please update your client to include both fields.");
-    }
-    if (body.audience !== undefined) {
-        let expectedOrigin = options.requestOrigin;
-        if (expectedOrigin === undefined) {
-            try {
-                const url = new URL(request.url);
-                const proto = request.headers.get("x-forwarded-proto") ??
-                    url.protocol.replace(":", "");
-                const host = request.headers.get("x-forwarded-host") ?? url.host;
-                expectedOrigin = `${proto}://${host}`;
-            }
-            catch {
-                // do nothing
-            }
+    // Audience validation: ensure the payload audience matches the server origin.
+    let expectedOrigin = options.requestOrigin;
+    if (expectedOrigin === undefined) {
+        try {
+            const url = new URL(request.url);
+            const proto = request.headers.get("x-forwarded-proto") ??
+                url.protocol.replace(":", "");
+            const host = request.headers.get("x-forwarded-host") ?? url.host;
+            expectedOrigin = `${proto}://${host}`;
         }
-        if (expectedOrigin !== undefined && body.audience !== expectedOrigin) {
-            return {
-                success: false,
-                error: {
-                    type: "origin_mismatch",
-                    message: `payload audience "${body.audience}" does not match expected origin "${expectedOrigin}"`,
-                },
-            };
+        catch {
+            // do nothing
         }
     }
+    if (expectedOrigin !== undefined && body.audience !== expectedOrigin) {
+        return {
+            success: false,
+            error: {
+                type: "origin_mismatch",
+                message: `payload audience "${body.audience}" does not match expected origin "${expectedOrigin}"`,
+            },
+        };
+    }
     return {
         success: true,
         action: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@farcaster/snap",
-  "version": "1.17.2",
+  "version": "1.18.0",
   "description": "Farcaster Snaps 🫰",
   "repository": {
     "type": "git",

package/src/schemas.ts CHANGED Viewed

@@ -81,20 +81,13 @@ const postInputValueSchema = z.union([
   z.array(z.string()),
 ]);
-/**
- * @deprecated `nonce` and `audience` are currently optional for backward
- * compatibility but will become **required** in a future major version.
- * Clients should always include both fields.
- */
 export const payloadSchema = z
   .object({
     fid: z.number().int().nonnegative(),
     inputs: z.record(z.string(), postInputValueSchema).default({}),
     timestamp: z.number().int(),
-    /** @deprecated Will become required. Clients should always send a unique nonce. */
-    nonce: z.string().optional(),
-    /** @deprecated Will become required. Clients should always send the target server origin. */
-    audience: z.string().optional(),
+    nonce: z.string(),
+    audience: z.string(),
   })
   .strip();

package/src/server/parseRequest.ts CHANGED Viewed

@@ -148,39 +148,29 @@ export async function parseRequest(
     };
   }
-  // Deprecation: nonce and audience will become required in a future major version.
-  if (body.nonce === undefined || body.audience === undefined) {
-    console.warn(
-      "[snap] POST payload is missing nonce and/or audience. " +
-        "These fields will be required in a future major version. " +
-        "Please update your client to include both fields.",
-    );
-  }
-  if (body.audience !== undefined) {
-    let expectedOrigin = options.requestOrigin;
-    if (expectedOrigin === undefined) {
-      try {
-        const url = new URL(request.url);
-        const proto =
-          request.headers.get("x-forwarded-proto") ??
-          url.protocol.replace(":", "");
-        const host = request.headers.get("x-forwarded-host") ?? url.host;
-        expectedOrigin = `${proto}://${host}`;
-      } catch {
-        // do nothing
-      }
+  // Audience validation: ensure the payload audience matches the server origin.
+  let expectedOrigin = options.requestOrigin;
+  if (expectedOrigin === undefined) {
+    try {
+      const url = new URL(request.url);
+      const proto =
+        request.headers.get("x-forwarded-proto") ??
+        url.protocol.replace(":", "");
+      const host = request.headers.get("x-forwarded-host") ?? url.host;
+      expectedOrigin = `${proto}://${host}`;
+    } catch {
+      // do nothing
     }
+  }
-    if (expectedOrigin !== undefined && body.audience !== expectedOrigin) {
-      return {
-        success: false,
-        error: {
-          type: "origin_mismatch",
-          message: `payload audience "${body.audience}" does not match expected origin "${expectedOrigin}"`,
-        },
-      };
-    }
+  if (expectedOrigin !== undefined && body.audience !== expectedOrigin) {
+    return {
+      success: false,
+      error: {
+        type: "origin_mismatch",
+        message: `payload audience "${body.audience}" does not match expected origin "${expectedOrigin}"`,
+      },
+    };
   }
   return {