@farcaster/snap 1.22.1 → 2.0.1

package/dist/react/snap-view-core.js

@@ -39,7 +39,7 @@ export function applyStatePaths(model, changes) {
     }
 }
 const CONFETTI_COLORS = [
-    "#8B5CF6",
+    "#907AA9",
     "#EC4899",
     "#3B82F6",
     "#10B981",

package/dist/react-native/confetti-overlay.js

@@ -2,7 +2,7 @@ import { jsx as _jsx } from "react/jsx-runtime";
 import { useEffect, useMemo, useRef } from "react";
 import { Animated, StyleSheet, View, useWindowDimensions, } from "react-native";
 const CONFETTI_COLORS = [
-    "#8B5CF6",
+    "#907AA9",
     "#EC4899",
     "#3B82F6",
     "#10B981",

package/dist/schemas.d.ts

@@ -69,11 +69,24 @@ export type SnapHandlerResult = {
     ui: SnapSpecInput;
 };
 export declare const payloadSchema: z.ZodObject<{
-    fid: z.ZodNumber;
+    fid: z.ZodOptional<z.ZodNumber>;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodString;
     audience: z.ZodString;
+    user: z.ZodObject<{
+        fid: z.ZodNumber;
+    }, z.core.$strip>;
+    surface: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"cast">;
+        cast: z.ZodObject<{
+            hash: z.ZodString;
+            author: z.ZodObject<{
+                fid: z.ZodNumber;
+            }, z.core.$strip>;
+        }, z.core.$strip>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"standalone">;
+    }, z.core.$strip>], "type">;
 }, z.core.$strip>;
 export type SnapPayload = z.infer<typeof payloadSchema>;
 export declare const ACTION_TYPE_GET: "get";
@@ -83,22 +96,48 @@ declare const snapGetActionSchema: z.ZodObject<{
 }, z.core.$strip>;
 export type SnapGetAction = z.infer<typeof snapGetActionSchema>;
 declare const snapPostActionSchema: z.ZodObject<{
-    fid: z.ZodNumber;
+    fid: z.ZodOptional<z.ZodNumber>;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodString;
     audience: z.ZodString;
+    user: z.ZodObject<{
+        fid: z.ZodNumber;
+    }, z.core.$strip>;
+    surface: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"cast">;
+        cast: z.ZodObject<{
+            hash: z.ZodString;
+            author: z.ZodObject<{
+                fid: z.ZodNumber;
+            }, z.core.$strip>;
+        }, z.core.$strip>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"standalone">;
+    }, z.core.$strip>], "type">;
     type: z.ZodLiteral<"post">;
 }, z.core.$strip>;
 export type SnapPostAction = z.infer<typeof snapPostActionSchema>;
 export declare const snapActionSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
     type: z.ZodLiteral<"get">;
 }, z.core.$strip>, z.ZodObject<{
-    fid: z.ZodNumber;
+    fid: z.ZodOptional<z.ZodNumber>;
     inputs: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodNumber, z.ZodBoolean, z.ZodArray<z.ZodString>]>>>;
     timestamp: z.ZodNumber;
-    nonce: z.ZodString;
     audience: z.ZodString;
+    user: z.ZodObject<{
+        fid: z.ZodNumber;
+    }, z.core.$strip>;
+    surface: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"cast">;
+        cast: z.ZodObject<{
+            hash: z.ZodString;
+            author: z.ZodObject<{
+                fid: z.ZodNumber;
+            }, z.core.$strip>;
+        }, z.core.$strip>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"standalone">;
+    }, z.core.$strip>], "type">;
     type: z.ZodLiteral<"post">;
 }, z.core.$strip>], "type">;
 export type SnapAction = z.infer<typeof snapActionSchema>;

package/dist/schemas.js

@@ -1,5 +1,5 @@
 import { z } from "zod";
-import { EFFECT_VALUES, SUPPORTED_SPEC_VERSIONS } from "./constants.js";
+import { EFFECT_VALUES, SUPPORTED_SPEC_VERSIONS, } from "./constants.js";
 import { DEFAULT_THEME_ACCENT, PALETTE_COLOR_VALUES } from "./colors.js";
 // ─── Theme ─────────────────────────────────────────────
 const themeAccentSchema = z.enum(PALETTE_COLOR_VALUES, {
@@ -31,13 +31,32 @@ const postInputValueSchema = z.union([
     z.boolean(),
     z.array(z.string()),
 ]);
+const standaloneSurfaceSchema = z.object({
+    type: z.literal("standalone"),
+});
+const castSurfaceSchema = z.object({
+    type: z.literal("cast"),
+    cast: z.object({
+        hash: z.string(),
+        author: z.object({
+            fid: z.number().int().nonnegative(),
+        }),
+    }),
+});
+const surfaceSchema = z.discriminatedUnion("type", [
+    castSurfaceSchema,
+    standaloneSurfaceSchema,
+]);
 export const payloadSchema = z
     .object({
-    fid: z.number().int().nonnegative(),
+    fid: z.number().int().nonnegative().optional(), // deprecated in favor of user.fid
     inputs: z.record(z.string(), postInputValueSchema).default({}),
     timestamp: z.number().int(),
-    nonce: z.string(),
     audience: z.string(),
+    user: z.object({
+        fid: z.number().int().nonnegative(),
+    }),
+    surface: surfaceSchema,
 })
     .strip();
 export const ACTION_TYPE_GET = "get";

package/dist/server/parseRequest.d.ts

@@ -18,6 +18,9 @@ export type ParseRequestError = {
 } | {
     type: "origin_mismatch";
     message: string;
+} | {
+    type: "fid_mismatch";
+    message: string;
 };
 export type ParseRequestOptions = {
     /**

package/dist/server/parseRequest.js

@@ -51,6 +51,14 @@ export async function parseRequest(request, options = {}) {
             error: { type: "invalid_json", message: parsed.error.message },
         };
     }
+    const payloadParsed = payloadSchema.safeParse(decodePayload(parsed.data.payload));
+    if (!payloadParsed.success) {
+        return {
+            success: false,
+            error: { type: "validation", issues: payloadParsed.error.issues },
+        };
+    }
+    const body = payloadParsed.data;
     if (!options.skipJFSVerification) {
         const jfs = await verifyJFSRequestBody(parsed.data);
         if (!jfs.valid) {
@@ -59,15 +67,16 @@ export async function parseRequest(request, options = {}) {
                 error: { type: "signature", message: jfs.error.message },
             };
         }
+        if (jfs.signingUserFid !== body.user.fid) {
+            return {
+                success: false,
+                error: {
+                    type: "fid_mismatch",
+                    message: `JFS header fid "${jfs.signingUserFid}" does not match user.fid "${body.user.fid}"`,
+                },
+            };
+        }
     }
-    const payloadParsed = payloadSchema.safeParse(decodePayload(parsed.data.payload));
-    if (!payloadParsed.success) {
-        return {
-            success: false,
-            error: { type: "validation", issues: payloadParsed.error.issues },
-        };
-    }
-    const body = payloadParsed.data;
     if (Math.abs(nowSec - body.timestamp) > maxSkew) {
         return {
             success: false,
@@ -100,6 +109,15 @@ export async function parseRequest(request, options = {}) {
             },
         };
     }
+    if (body.fid !== undefined && body.fid !== body.user.fid) {
+        return {
+            success: false,
+            error: {
+                type: "fid_mismatch",
+                message: `fid "${body.fid}" does not match user.fid "${body.user.fid}"`,
+            },
+        };
+    }
     return {
         success: true,
         action: {

package/dist/server/verify.d.ts

@@ -9,6 +9,7 @@ export declare function verifyJFSRequestBody<TPayload>(requestBody: {
     error: Error;
 } | {
     valid: true;
+    signingUserFid: number;
     data: TPayload;
 }>;
 export declare function decodePayload<TPayload>(payload: string): TPayload;

package/dist/server/verify.js

@@ -69,6 +69,7 @@ export async function verifyJFSRequestBody(requestBody, options = {}) {
     return {
         valid: true,
         data: payload,
+        signingUserFid: header.fid,
     };
 }
 export function decodePayload(payload) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@farcaster/snap",
-  "version": "1.22.1",
+  "version": "2.0.1",
   "description": "Farcaster Snaps 🫰",
   "repository": {
     "type": "git",

package/src/react/snap-view-core.tsx

@@ -53,7 +53,7 @@ export function applyStatePaths(
 }
 
 const CONFETTI_COLORS = [
-  "#8B5CF6",
+  "#907AA9",
   "#EC4899",
   "#3B82F6",
   "#10B981",

package/src/react-native/confetti-overlay.tsx

@@ -7,7 +7,7 @@ import {
 } from "react-native";
 
 const CONFETTI_COLORS = [
-  "#8B5CF6",
+  "#907AA9",
   "#EC4899",
   "#3B82F6",
   "#10B981",

package/src/schemas.ts

@@ -1,6 +1,10 @@
 import { z } from "zod";
 import type { Spec } from "@json-render/core";
-import { EFFECT_VALUES, SUPPORTED_SPEC_VERSIONS, type SpecVersion } from "./constants";
+import {
+  EFFECT_VALUES,
+  SUPPORTED_SPEC_VERSIONS,
+  type SpecVersion,
+} from "./constants";
 import { DEFAULT_THEME_ACCENT, PALETTE_COLOR_VALUES } from "./colors";
 
 // ─── Theme ─────────────────────────────────────────────
@@ -81,13 +85,35 @@ const postInputValueSchema = z.union([
   z.array(z.string()),
 ]);
 
+const standaloneSurfaceSchema = z.object({
+  type: z.literal("standalone"),
+});
+
+const castSurfaceSchema = z.object({
+  type: z.literal("cast"),
+  cast: z.object({
+    hash: z.string(),
+    author: z.object({
+      fid: z.number().int().nonnegative(),
+    }),
+  }),
+});
+
+const surfaceSchema = z.discriminatedUnion("type", [
+  castSurfaceSchema,
+  standaloneSurfaceSchema,
+]);
+
 export const payloadSchema = z
   .object({
-    fid: z.number().int().nonnegative(),
+    fid: z.number().int().nonnegative().optional(), // deprecated in favor of user.fid
     inputs: z.record(z.string(), postInputValueSchema).default({}),
     timestamp: z.number().int(),
-    nonce: z.string(),
     audience: z.string(),
+    user: z.object({
+      fid: z.number().int().nonnegative(),
+    }),
+    surface: surfaceSchema,
   })
   .strip();
 

package/src/server/parseRequest.ts

@@ -33,6 +33,10 @@ export type ParseRequestError =
   | {
       type: "origin_mismatch";
       message: string;
+    }
+  | {
+      type: "fid_mismatch";
+      message: string;
     };
 
 export type ParseRequestOptions = {
@@ -52,7 +56,6 @@ export type ParseRequestOptions = {
    * The origin of the request. Derived from the request when not provided.
    */
   requestOrigin?: string;
-
 };
 
 export type ParseRequestResult =
@@ -117,16 +120,6 @@ export async function parseRequest(
     };
   }
 
-  if (!options.skipJFSVerification) {
-    const jfs = await verifyJFSRequestBody(parsed.data);
-    if (!jfs.valid) {
-      return {
-        success: false,
-        error: { type: "signature", message: jfs.error.message },
-      };
-    }
-  }
-
   const payloadParsed = payloadSchema.safeParse(
     decodePayload(parsed.data.payload),
   );
@@ -138,6 +131,26 @@ export async function parseRequest(
   }
 
   const body = payloadParsed.data;
+
+  if (!options.skipJFSVerification) {
+    const jfs = await verifyJFSRequestBody(parsed.data);
+    if (!jfs.valid) {
+      return {
+        success: false,
+        error: { type: "signature", message: jfs.error.message },
+      };
+    }
+    if (jfs.signingUserFid !== body.user.fid) {
+      return {
+        success: false,
+        error: {
+          type: "fid_mismatch",
+          message: `JFS header fid "${jfs.signingUserFid}" does not match user.fid "${body.user.fid}"`,
+        },
+      };
+    }
+  }
+
   if (Math.abs(nowSec - body.timestamp) > maxSkew) {
     return {
       success: false,
@@ -173,6 +186,16 @@ export async function parseRequest(
     };
   }
 
+  if (body.fid !== undefined && body.fid !== body.user.fid) {
+    return {
+      success: false,
+      error: {
+        type: "fid_mismatch",
+        message: `fid "${body.fid}" does not match user.fid "${body.user.fid}"`,
+      },
+    };
+  }
+
   return {
     success: true,
     action: {

package/src/server/verify.ts

@@ -27,6 +27,7 @@ export async function verifyJFSRequestBody<TPayload>(
     }
   | {
       valid: true;
+      signingUserFid: number; // the FID of the user who signed the request
       data: TPayload;
     }
 > {
@@ -108,6 +109,7 @@ export async function verifyJFSRequestBody<TPayload>(
   return {
     valid: true,
     data: payload,
+    signingUserFid: header.fid,
   };
 }
 

package/src/ui/README.md

@@ -8,14 +8,14 @@ Snaps use a fixed set of named colors called the **palette**:
 
 | Name     | Light hex | Dark hex  |
 | -------- | --------- | --------- |
-| `gray`   | `#8F8F8F` | `#8F8F8F` |
-| `blue`   | `#006BFF` | `#006FFE` |
-| `red`    | `#FC0036` | `#F13342` |
-| `amber`  | `#FFAE00` | `#FFAE00` |
-| `green`  | `#28A948` | `#00AC3A` |
-| `teal`   | `#00AC96` | `#00AA96` |
-| `purple` | `#8B5CF6` | `#A78BFA` |
-| `pink`   | `#F32782` | `#F12B82` |
+| `gray`   | `#6E6A86` | `#908CAA` |
+| `blue`   | `#286983` | `#9CCFD8` |
+| `red`    | `#B4637A` | `#EB6F92` |
+| `amber`  | `#EA9D34` | `#F6C177` |
+| `green`  | `#3E8F8F` | `#56D4A4` |
+| `teal`   | `#56949F` | `#3E8FB0` |
+| `purple` | `#907AA9` | `#C4A7E7` |
+| `pink`   | `#D7827E` | `#EBBCBA` |
 
 These are exported from `@farcaster/snap` as `PALETTE_LIGHT_HEX`, `PALETTE_DARK_HEX`, and the `PaletteColor` type. Clients resolve the correct hex for their current light/dark mode.