@lumiapassport/ui-kit 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Lumia
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/dist/iframe/_headers

@@ -0,0 +1,45 @@
+# Cloudflare Pages Headers Configuration for Iframe Wallet
+# This file configures security headers for the iframe at auth.lumiapassport.com
+
+/*
+  # Content Security Policy - Strict security policy for iframe
+  # IMPORTANT: frame-ancestors 'https:' allows embedding on any HTTPS site
+  # Domain validation is performed via projectId check in JavaScript
+  # connect-src whitelist: only allowed TSS servers (where the second key share is stored)
+  Content-Security-Policy: default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' https://api.lumiapassport.com https://lumiaid-demo.18102024.xyz http://localhost:*; frame-ancestors https: http://localhost:*; base-uri 'self'; form-action 'self';
+
+  # Allow iframe embedding from HTTPS sites (domain validation in JS)
+  # X-Frame-Options is NOT set (CSP frame-ancestors takes precedence)
+
+  # Prevent MIME type sniffing
+  X-Content-Type-Options: nosniff
+
+  # Referrer policy
+  Referrer-Policy: strict-origin-when-cross-origin
+
+  # Permissions policy (disable unnecessary features)
+  Permissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=()
+
+  # HSTS - Force HTTPS (uncomment for production)
+  # Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
+
+  # CORS headers - Allow postMessage from any origin (we validate in JS)
+  Access-Control-Allow-Origin: *
+  Access-Control-Allow-Methods: GET, OPTIONS
+  Access-Control-Allow-Headers: Content-Type
+
+  # Cache control for HTML
+  Cache-Control: public, max-age=0, must-revalidate
+
+/*.js
+  # Cache JavaScript files for 1 year
+  Cache-Control: public, max-age=31536000, immutable
+
+/*.css
+  # Cache CSS files for 1 year
+  Cache-Control: public, max-age=31536000, immutable
+
+/*.wasm
+  # Cache WASM files for 1 year
+  Cache-Control: public, max-age=31536000, immutable
+  Content-Type: application/wasm

package/dist/iframe/index.html

@@ -0,0 +1,408 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+    <!-- Security Headers -->
+    <!-- NOTE: These are fallback headers for development. Production uses _headers file from Cloudflare -->
+    <!-- WARNING: frame-ancestors MUST be set via HTTP headers, not meta tags (it's ignored in meta) -->
+    <meta
+      http-equiv="Content-Security-Policy"
+      content="default-src 'self'; script-src 'self' 'wasm-unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self' http://localhost:* https:; base-uri 'self'; form-action 'self';"
+    />
+    <meta http-equiv="X-Content-Type-Options" content="nosniff" />
+    <meta http-equiv="Referrer-Policy" content="strict-origin-when-cross-origin" />
+
+    <title>Lumia Passport Secure Wallet</title>
+
+    <!-- Styles will be injected by build process -->
+    <style>
+      * {
+        margin: 0;
+        padding: 0;
+        box-sizing: border-box;
+      }
+
+      body {
+        font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Roboto', 'Helvetica', 'Arial', sans-serif;
+        background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+        color: #333;
+        min-height: 100vh;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      #app {
+        width: 100%;
+        height: 100vh;
+        display: flex;
+        align-items: center;
+        justify-content: center;
+      }
+
+      /* Ready Indicator */
+      .ready-indicator {
+        text-align: center;
+        background: white;
+        padding: 3rem;
+        border-radius: 16px;
+        box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+        max-width: 400px;
+      }
+
+      .status-icon {
+        font-size: 4rem;
+        margin-bottom: 1rem;
+      }
+
+      .ready-indicator h2 {
+        font-size: 1.5rem;
+        margin-bottom: 0.5rem;
+        color: #333;
+      }
+
+      .ready-indicator p {
+        color: #666;
+        margin-bottom: 1.5rem;
+      }
+
+      .info {
+        background: #f5f5f5;
+        border-radius: 8px;
+        padding: 1rem;
+        text-align: left;
+      }
+
+      .info-row {
+        display: flex;
+        justify-content: space-between;
+        padding: 0.5rem 0;
+      }
+
+      .info-row:not(:last-child) {
+        border-bottom: 1px solid #e0e0e0;
+      }
+
+      .status-active {
+        color: #10b981;
+        font-weight: 600;
+      }
+
+      /* Loading Indicator */
+      .loading-indicator {
+        text-align: center;
+        color: white;
+      }
+
+      .spinner {
+        width: 50px;
+        height: 50px;
+        margin: 0 auto 1rem;
+        border: 4px solid rgba(255, 255, 255, 0.3);
+        border-top-color: white;
+        border-radius: 50%;
+        animation: spin 1s linear infinite;
+      }
+
+      @keyframes spin {
+        to { transform: rotate(360deg); }
+      }
+
+      .loading-indicator p {
+        font-size: 1.1rem;
+      }
+
+      /* Error Indicator */
+      .error-indicator {
+        text-align: center;
+        background: white;
+        padding: 3rem;
+        border-radius: 16px;
+        box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+        max-width: 400px;
+      }
+
+      .error-icon {
+        font-size: 4rem;
+        margin-bottom: 1rem;
+      }
+
+      .error-indicator h2 {
+        font-size: 1.5rem;
+        margin-bottom: 0.5rem;
+        color: #ef4444;
+      }
+
+      .error-indicator p {
+        color: #666;
+      }
+
+      /* Modal Overlays */
+      /* Transaction confirmation modal container */
+      .transaction-confirmation-modal {
+        position: fixed;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        z-index: 10000;
+      }
+
+      .modal-overlay {
+        position: fixed;
+        top: 0;
+        left: 0;
+        right: 0;
+        bottom: 0;
+        background: rgba(0, 0, 0, 0.7);
+        display: flex;
+        align-items: center;
+        justify-content: center;
+        z-index: 10000;
+      }
+
+      .modal-content {
+        background: white;
+        border-radius: 12px;
+        padding: 2rem;
+        max-width: 90%;
+        max-height: 90%;
+        overflow-y: auto;
+        box-shadow: 0 20px 60px rgba(0, 0, 0, 0.4);
+      }
+
+      .modal-content h2 {
+        font-size: 1.5rem;
+        margin-bottom: 1rem;
+        color: #333;
+      }
+
+      .modal-content h3 {
+        font-size: 1.1rem;
+        margin: 1rem 0 0.5rem;
+        color: #555;
+      }
+
+      .app-identity {
+        text-align: center;
+        padding: 1rem;
+        border-bottom: 1px solid #e0e0e0;
+        margin-bottom: 1.5rem;
+      }
+
+      .app-logo {
+        width: 64px;
+        height: 64px;
+        margin-bottom: 0.5rem;
+        border-radius: 8px;
+      }
+
+      .app-origin {
+        font-size: 0.9rem;
+        margin-top: 0.5rem;
+      }
+
+      .app-origin.verified {
+        color: #10b981;
+      }
+
+      .app-origin.unverified {
+        color: #f59e0b;
+      }
+
+      .actions {
+        display: flex;
+        gap: 1rem;
+        margin-top: 1.5rem;
+      }
+
+      button {
+        flex: 1;
+        padding: 0.75rem 1.5rem;
+        border: none;
+        border-radius: 8px;
+        font-size: 1rem;
+        cursor: pointer;
+        font-weight: 600;
+        transition: all 0.2s;
+      }
+
+      .cancel-btn {
+        background: #e5e7eb;
+        color: #374151;
+      }
+
+      .cancel-btn:hover {
+        background: #d1d5db;
+      }
+
+      .confirm-btn,
+      .authorize-btn {
+        background: #667eea;
+        color: white;
+      }
+
+      .confirm-btn:hover,
+      .authorize-btn:hover {
+        background: #5568d3;
+      }
+
+      button:disabled {
+        opacity: 0.5;
+        cursor: not-allowed;
+      }
+
+      .tx-details {
+        background: #f9fafb;
+        border-radius: 8px;
+        padding: 1rem;
+        margin: 1rem 0;
+      }
+
+      .detail-row {
+        display: flex;
+        justify-content: space-between;
+        padding: 0.5rem 0;
+        font-size: 0.9rem;
+      }
+
+      .detail-row:not(:last-child) {
+        border-bottom: 1px solid #e5e7eb;
+      }
+
+      .detail-row code {
+        font-family: 'Courier New', monospace;
+        font-size: 0.85rem;
+        color: #6b7280;
+      }
+
+      .security-notice {
+        background: #fef3c7;
+        border-left: 4px solid #f59e0b;
+        padding: 1rem;
+        margin: 1rem 0;
+        border-radius: 4px;
+      }
+
+      .security-notice p {
+        font-size: 0.9rem;
+        color: #92400e;
+        margin: 0;
+      }
+
+      .risk-warning {
+        padding: 1rem;
+        border-radius: 8px;
+        margin: 1rem 0;
+      }
+
+      .risk-warning.medium-risk {
+        background: #fef3c7;
+        border-left: 4px solid #f59e0b;
+      }
+
+      .risk-warning.high-risk {
+        background: #fee2e2;
+        border-left: 4px solid #ef4444;
+      }
+
+      .risk-warning.critical-risk {
+        background: #fce7f3;
+        border-left: 4px solid #ec4899;
+      }
+
+      .permissions-list ul {
+        list-style: none;
+        padding: 0;
+      }
+
+      .permissions-list li {
+        padding: 0.5rem 0;
+        color: #555;
+      }
+
+      /* Additional modal styles for transaction confirmation */
+      .app-identity .app-info h3 {
+        font-size: 1.2rem;
+        margin-bottom: 0.25rem;
+      }
+
+      .app-identity .app-info .origin {
+        font-size: 0.9rem;
+        color: #6b7280;
+      }
+
+      .app-identity.low-risk {
+        border-color: #10b981;
+      }
+
+      .app-identity.medium-risk {
+        border-color: #f59e0b;
+      }
+
+      .app-identity.high-risk {
+        border-color: #ef4444;
+      }
+
+      .app-identity.critical-risk {
+        border-color: #ec4899;
+      }
+
+      .risk-warning strong {
+        display: block;
+        margin-bottom: 0.5rem;
+        font-size: 1rem;
+      }
+
+      /* Trust app checkbox section */
+      .trust-app-section {
+        margin: 1rem 0;
+        padding: 0.75rem;
+        background: #f9fafb;
+        border-radius: 6px;
+        border: 1px solid #e5e7eb;
+      }
+
+      .trust-app-label {
+        display: flex;
+        align-items: center;
+        gap: 0.5rem;
+        cursor: pointer;
+        font-size: 0.9rem;
+        color: #374151;
+      }
+
+      .trust-app-checkbox {
+        width: 18px;
+        height: 18px;
+        cursor: pointer;
+        flex-shrink: 0;
+      }
+
+      .trust-app-label span {
+        line-height: 1.4;
+        user-select: none;
+      }
+
+      .trust-app-label:hover {
+        color: #111827;
+      }
+    </style>
+  </head>
+  <body>
+    <div id="app">
+      <!-- App content will be injected here by main.ts -->
+      <div class="loading-indicator">
+        <div class="spinner"></div>
+        <p>Initializing secure wallet...</p>
+      </div>
+    </div>
+
+    <!-- Main script -->
+    <!-- In dev mode (Vite): loads TypeScript from src/ -->
+    <!-- In production: loads compiled JavaScript from dist/ -->
+    <script type="module" src="./main.js"></script>
+  </body>
+</html>