npm - @lumiapassport/ui-kit - Versions diffs - 1.15.13 → 1.16.1 - Mend

@lumiapassport/ui-kit 1.15.13 → 1.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/iframe/index.html CHANGED Viewed

@@ -15,7 +15,7 @@
     <meta http-equiv="X-Content-Type-Options" content="nosniff" />
     <meta http-equiv="Referrer-Policy" content="strict-origin-when-cross-origin" />
-    <title>Lumia Passport Secure Wallet - iframe version 1.15.13</title>
+    <title>Lumia Passport Secure Wallet - iframe version 1.16.1</title>
     <!-- Styles will be injected by build process -->
     <style>

package/dist/iframe/main.js CHANGED Viewed

@@ -3265,7 +3265,7 @@ var SecureMessenger = class {
     this.allowedOrigins = /* @__PURE__ */ new Set();
     this.usedNonces = /* @__PURE__ */ new Set();
     this.pendingMessages = /* @__PURE__ */ new Map();
-    this.sessionToken = null;
+    this.channelToken = null;
     this.messageHandlers = [];
     this.MESSAGE_TIMEOUT = 6e4;
     // 60 seconds
@@ -3344,7 +3344,7 @@ var SecureMessenger = class {
       console.error("[iframe][Messenger] Nonce already used (replay attack?)");
       return;
     }
-    if (this.sessionToken && message.hmac) {
+    if (this.channelToken && message.hmac) {
       const expectedHmac = await this.computeHMAC(message);
       if (!this.constantTimeCompare(expectedHmac, message.hmac)) {
         console.error("[iframe][Messenger] HMAC validation failed");
@@ -3410,11 +3410,18 @@ var SecureMessenger = class {
     console.log(`[iframe][Messenger] Removed allowed origin: ${origin}`);
   }
   /**
-   * Set session token for HMAC
+   * Set channel token for HMAC authentication
+   * @deprecated Use setChannelToken instead
    */
   setSessionToken(token) {
-    this.sessionToken = token;
-    console.log("[iframe][Messenger] Session token set");
+    this.setChannelToken(token);
+  }
+  /**
+   * Set SDK channel token for HMAC authentication
+   */
+  setChannelToken(token) {
+    this.channelToken = token;
+    console.log("[iframe][Messenger] SDK channel token set");
   }
   /**
    * Quick check if message looks like Lumia Passport protocol
@@ -3423,6 +3430,7 @@ var SecureMessenger = class {
   isLumiaMessage(message) {
     const validTypes = [
       "SDK_AUTH",
+      "SDK_CHANNEL_HEARTBEAT",
       "AUTHENTICATE",
       "START_DKG",
       "SIGN_TRANSACTION",
@@ -3431,6 +3439,7 @@ var SecureMessenger = class {
       "CHECK_KEYSHARE",
       "GET_TRUSTED_APPS",
       "REMOVE_TRUSTED_APP",
+      "CLEAR_AUTHORIZATIONS",
       "CREATE_BACKUP",
       "ENCRYPT_BACKUP_DATA",
       "RESTORE_BACKUP",
@@ -3473,8 +3482,8 @@ var SecureMessenger = class {
    * Compute HMAC-SHA256 for message authentication
    */
   async computeHMAC(message) {
-    if (!this.sessionToken) {
-      throw new Error("No session token for HMAC");
+    if (!this.channelToken) {
+      throw new Error("No SDK channel token for HMAC");
     }
     const encoder3 = new TextEncoder();
     const payload = JSON.stringify({
@@ -3485,7 +3494,7 @@ var SecureMessenger = class {
       data: JSON.stringify(message.data)
     });
     const data = encoder3.encode(payload);
-    const key = encoder3.encode(this.sessionToken);
+    const key = encoder3.encode(this.channelToken);
     const cryptoKey = await crypto.subtle.importKey("raw", key, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
     const signature = await crypto.subtle.sign("HMAC", cryptoKey, data);
     return Array.from(new Uint8Array(signature)).map((b) => b.toString(16).padStart(2, "0")).join("");
@@ -3523,79 +3532,78 @@ var SecureMessenger = class {
   }
 };
-// src/iframe/lib/session-manager.ts
-var SessionManager = class {
+// src/iframe/lib/sdk-channel-manager.ts
+var SdkChannelManager = class {
   // 30 minutes
   constructor() {
-    this.sessions = /* @__PURE__ */ new Map();
-    this.SESSION_TIMEOUT = 30 * 60 * 1e3;
-    setInterval(() => this.cleanupExpiredSessions(), 5 * 60 * 1e3);
+    this.channels = /* @__PURE__ */ new Map();
+    this.CHANNEL_TIMEOUT = 30 * 60 * 1e3;
+    setInterval(() => this.cleanupExpiredChannels(), 5 * 60 * 1e3);
   }
   /**
-   * Create a new session
+   * Create a new SDK channel
    */
-  createSession(projectId, origin) {
-    const sessionToken = this.generateSecureToken();
-    const session = {
-      token: sessionToken,
+  createChannel(projectId, origin) {
+    const channelToken = this.generateSecureToken();
+    const channel = {
+      token: channelToken,
       projectId,
       origin,
       createdAt: Date.now(),
       lastActivity: Date.now()
     };
-    this.sessions.set(sessionToken, session);
-    console.log(`[iframe][Session] Created session for origin: ${origin}`);
-    console.log(`[iframe][Session] Project ID: ${projectId}`);
-    return sessionToken;
+    this.channels.set(channelToken, channel);
+    console.log(`[iframe][SdkChannel] \u2713 Created: ${channelToken.slice(0, 16)}... origin=${origin}, total=${this.channels.size}`);
+    return channelToken;
   }
   /**
-   * Validate session token and origin
+   * Validate channel token and origin
    */
-  validateSession(sessionToken, origin) {
-    const session = this.sessions.get(sessionToken);
-    if (!session) {
-      console.warn(`[iframe][Session] Session not found: ${sessionToken}`);
+  validateChannel(channelToken, origin) {
+    const channel = this.channels.get(channelToken);
+    if (!channel) {
+      console.warn(`[iframe][SdkChannel] \u2717 NOT FOUND: ${channelToken.slice(0, 16)}... (active channels: ${this.channels.size})`);
       return false;
     }
-    if (session.origin !== origin) {
-      console.error(`[iframe][Session] Origin mismatch: expected ${session.origin}, got ${origin}`);
+    if (channel.origin !== origin) {
+      console.error(`[iframe][SdkChannel] \u2717 ORIGIN MISMATCH: expected ${channel.origin}, got ${origin}`);
       return false;
     }
-    const age = Date.now() - session.lastActivity;
-    if (age > this.SESSION_TIMEOUT) {
-      console.warn(`[iframe][Session] Session expired (age: ${age}ms)`);
-      this.sessions.delete(sessionToken);
+    const age = Date.now() - channel.lastActivity;
+    if (age > this.CHANNEL_TIMEOUT) {
+      console.warn(`[iframe][SdkChannel] \u2717 EXPIRED: age=${Math.round(age / 1e3)}s > timeout=${this.CHANNEL_TIMEOUT / 1e3}s`);
+      this.channels.delete(channelToken);
       return false;
     }
-    session.lastActivity = Date.now();
+    channel.lastActivity = Date.now();
     return true;
   }
   /**
-   * Get session by token
+   * Get channel by token
    */
-  getSession(sessionToken) {
-    return this.sessions.get(sessionToken) || null;
+  getChannel(channelToken) {
+    return this.channels.get(channelToken) || null;
   }
   /**
-   * Invalidate session
+   * Invalidate channel
    */
-  invalidateSession(sessionToken) {
-    const session = this.sessions.get(sessionToken);
-    if (session) {
-      console.log(`[iframe][Session] Invalidated session for origin: ${session.origin}`);
-      this.sessions.delete(sessionToken);
+  invalidateChannel(channelToken) {
+    const channel = this.channels.get(channelToken);
+    if (channel) {
+      console.log(`[iframe][SdkChannel] Invalidated channel for origin: ${channel.origin}`);
+      this.channels.delete(channelToken);
     }
   }
   /**
-   * Get all sessions for a project
+   * Get all channels for a project
    */
-  getProjectSessions(projectId) {
-    return Array.from(this.sessions.values()).filter(
-      (session) => session.projectId === projectId
+  getProjectChannels(projectId) {
+    return Array.from(this.channels.values()).filter(
+      (channel) => channel.projectId === projectId
     );
   }
   /**
-   * Generate cryptographically secure session token
+   * Generate cryptographically secure channel token
    */
   generateSecureToken() {
     const buffer = new Uint8Array(32);
@@ -3603,31 +3611,31 @@ var SessionManager = class {
     return Array.from(buffer, (byte) => byte.toString(16).padStart(2, "0")).join("");
   }
   /**
-   * Cleanup expired sessions
+   * Cleanup expired channels
    */
-  cleanupExpiredSessions() {
+  cleanupExpiredChannels() {
     const now = Date.now();
     let cleanedCount = 0;
-    for (const [token, session] of this.sessions.entries()) {
-      const age = now - session.lastActivity;
-      if (age > this.SESSION_TIMEOUT) {
-        this.sessions.delete(token);
+    for (const [token, channel] of this.channels.entries()) {
+      const age = now - channel.lastActivity;
+      if (age > this.CHANNEL_TIMEOUT) {
+        this.channels.delete(token);
         cleanedCount++;
       }
     }
     if (cleanedCount > 0) {
-      console.log(`[iframe][Session] Cleaned up ${cleanedCount} expired sessions`);
+      console.log(`[iframe][SdkChannel] Cleaned up ${cleanedCount} expired channels`);
     }
   }
   /**
-   * Check if there is an active session for a given origin
+   * Check if there is an active channel for a given origin
    */
-  hasSession(origin) {
+  hasChannel(origin) {
     const now = Date.now();
-    for (const session of this.sessions.values()) {
-      if (session.origin === origin) {
-        const age = now - session.lastActivity;
-        if (age <= this.SESSION_TIMEOUT) {
+    for (const channel of this.channels.values()) {
+      if (channel.origin === origin) {
+        const age = now - channel.lastActivity;
+        if (age <= this.CHANNEL_TIMEOUT) {
           return true;
         }
       }
@@ -3635,15 +3643,15 @@ var SessionManager = class {
     return false;
   }
   /**
-   * Get session statistics
+   * Get channel statistics
    */
   getStats() {
     const stats = {
-      total: this.sessions.size,
+      total: this.channels.size,
       byProject: {}
     };
-    for (const session of this.sessions.values()) {
-      stats.byProject[session.projectId] = (stats.byProject[session.projectId] || 0) + 1;
+    for (const channel of this.channels.values()) {
+      stats.byProject[channel.projectId] = (stats.byProject[channel.projectId] || 0) + 1;
     }
     return stats;
   }
@@ -4403,14 +4411,14 @@ var SigningManager = class extends TokenRefreshApiClient {
 };
 // src/iframe/main.ts
-var IFRAME_VERSION = "1.15.13";
+var IFRAME_VERSION = "1.16.1";
 var IframeWallet = class {
   constructor() {
     console.log("=".repeat(60));
     console.log(`  Lumia Passport Secure Wallet - iframe version ${IFRAME_VERSION}`);
     console.log("=".repeat(60));
     this.messenger = new SecureMessenger();
-    this.sessionManager = new SessionManager();
+    this.sdkChannelManager = new SdkChannelManager();
     this.dkgManager = new DKGManager();
     this.signingManager = new SigningManager();
     this.authManager = new AuthorizationManager();
@@ -4454,6 +4462,9 @@ var IframeWallet = class {
         case type === "SDK_AUTH":
           await this.handleSDKAuth(message, origin);
           break;
+        case type === "SDK_CHANNEL_HEARTBEAT":
+          await this.handleHeartbeat(message, origin);
+          break;
         case type === "AUTHENTICATE":
           await this.handleAuthenticate(message, origin);
           break;
@@ -4507,6 +4518,21 @@ var IframeWallet = class {
       this.messenger.sendError(messageId, error instanceof Error ? error : new Error("Unknown error"), origin);
     }
   }
+  /**
+   * Handle SDK channel heartbeat - allows parent to check if channel is still valid
+   */
+  async handleHeartbeat(message, origin) {
+    const { sessionToken } = message.data;
+    const { messageId } = message;
+    const isValid = this.sdkChannelManager.validateChannel(sessionToken, origin);
+    const stats = this.sdkChannelManager.getStats();
+    this.messenger.sendResponse(messageId, {
+      type: "LUMIA_PASSPORT_HEARTBEAT_RESPONSE",
+      valid: isValid,
+      channelsCount: stats.total
+    }, origin);
+    console.log(`[iframe] HEARTBEAT: valid=${isValid}, channels=${stats.total}`);
+  }
   async handleSDKAuth(message, origin) {
     const { projectId } = message.data;
     const { messageId } = message;
@@ -4516,8 +4542,8 @@ var IframeWallet = class {
     if (!isHttps && !isLocalhost) {
       throw new Error("Only HTTPS origins are allowed (or localhost for dev)");
     }
-    const sessionToken = this.sessionManager.createSession(projectId, origin);
-    this.messenger.setSessionToken(sessionToken);
+    const sessionToken = this.sdkChannelManager.createChannel(projectId, origin);
+    this.messenger.setChannelToken(sessionToken);
     this.messenger.addAllowedOrigin(origin);
     this.messenger.sendResponse(
       messageId,
@@ -4532,8 +4558,8 @@ var IframeWallet = class {
   async handleAuthenticate(message, origin) {
     const { sessionToken, projectId, userId, avatar, displayName } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     console.log(`[iframe] AUTHENTICATE: userId=${userId}, projectId=${projectId}`);
     const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
@@ -4601,8 +4627,8 @@ var IframeWallet = class {
   async handleStartDKG(message, origin) {
     const { sessionToken, userId, projectId, accessToken } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
     if (!isAuthorized) {
@@ -4636,8 +4662,8 @@ var IframeWallet = class {
   async handleSignTransaction(message, origin) {
     const { sessionToken, userId, projectId, transaction, accessToken, avatar, displayName } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
     if (!isAuthorized) {
@@ -4666,8 +4692,8 @@ var IframeWallet = class {
   async handleSignTypedData(message, origin) {
     const { sessionToken, userId, projectId, typedData, digest32, accessToken, avatar, displayName } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     const isAuthorized = await this.authManager.checkAuthorization(userId, projectId);
     if (!isAuthorized) {
@@ -4701,8 +4727,8 @@ var IframeWallet = class {
   async handleGetAddress(message, origin) {
     const { sessionToken, userId } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     const address = this.storage.getOwnerAddress(userId);
     this.messenger.sendResponse(
@@ -4717,8 +4743,8 @@ var IframeWallet = class {
   async handleCheckKeyshare(message, origin) {
     const { sessionToken, userId } = message.data;
     const { messageId } = message;
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
-      throw new Error("Invalid session");
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
+      throw new Error("Invalid SDK channel");
     }
     const hasKeyshare = this.storage.hasKeyshare(userId);
     const address = hasKeyshare ? this.storage.getOwnerAddress(userId) : void 0;
@@ -4736,9 +4762,9 @@ var IframeWallet = class {
     const { sessionToken, userId } = message.data;
     const { messageId } = message;
     console.log(`[iframe] GET_TRUSTED_APPS: userId=${userId}, sessionToken=${sessionToken ? "present" : "missing"}`);
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] GET_TRUSTED_APPS: Session validation failed");
-      throw new Error("Invalid session");
+      throw new Error("Invalid SDK channel");
     }
     const trustedApps = this.trustedApps.getTrustedAppsForUser(userId);
     this.messenger.sendResponse(
@@ -4755,9 +4781,9 @@ var IframeWallet = class {
     const { sessionToken, userId, projectId, appOrigin } = message.data;
     const { messageId } = message;
     console.log(`[iframe] REMOVE_TRUSTED_APP: userId=${userId}, projectId=${projectId}, origin=${appOrigin}`);
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] REMOVE_TRUSTED_APP: Session validation failed");
-      throw new Error("Invalid session");
+      throw new Error("Invalid SDK channel");
     }
     const isEcosystemApp = await this.authManager.isTrustedAuthorizedApp(projectId);
     if (isEcosystemApp) {
@@ -4783,9 +4809,9 @@ var IframeWallet = class {
     const { sessionToken, projectId } = message.data;
     const { messageId } = message;
     console.log(`[iframe] CLEAR_AUTHORIZATIONS: projectId=${projectId}`);
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] CLEAR_AUTHORIZATIONS: Session validation failed");
-      throw new Error("Invalid session");
+      throw new Error("Invalid SDK channel");
     }
     const storage = this.storage;
     const allKeys = Object.keys(localStorage).filter((key) => key.startsWith("auth_"));
@@ -4831,9 +4857,9 @@ var IframeWallet = class {
       this.messenger.sendError(messageId, "backupRequest is required", origin);
       return;
     }
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] CREATE_BACKUP: Session validation failed", { sessionToken, origin });
-      this.messenger.sendError(messageId, "Invalid session", origin);
+      this.messenger.sendError(messageId, "Invalid SDK channel", origin);
       return;
     }
     try {
@@ -4860,9 +4886,9 @@ var IframeWallet = class {
     const { sessionToken, userId } = message.data;
     const { messageId } = message;
     console.log(`[iframe] GET_BACKUP_STATUS: userId=${userId}`);
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] GET_BACKUP_STATUS: Session validation failed");
-      throw new Error("Invalid session");
+      throw new Error("Invalid SDK channel");
     }
     const status = this.backupManager.getBackupStatus(userId);
     this.messenger.sendResponse(
@@ -4879,9 +4905,9 @@ var IframeWallet = class {
     const { sessionToken } = message.data;
     const { messageId } = message;
     console.log(`[iframe] GET_CLOUD_PROVIDERS`);
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] GET_CLOUD_PROVIDERS: Session validation failed");
-      throw new Error("Invalid session");
+      throw new Error("Invalid SDK channel");
     }
     const providers = this.backupManager.getAvailableCloudProviders();
     this.messenger.sendResponse(
@@ -4909,9 +4935,9 @@ var IframeWallet = class {
       this.messenger.sendError(messageId, "userId is required", origin);
       return;
     }
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] RESTORE_BACKUP: Session validation failed", { sessionToken, origin });
-      this.messenger.sendError(messageId, "Invalid session", origin);
+      this.messenger.sendError(messageId, "Invalid SDK channel", origin);
       return;
     }
     try {
@@ -4967,9 +4993,9 @@ var IframeWallet = class {
       this.messenger.sendError(messageId, "fileContent is required", origin);
       return;
     }
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] RESTORE_FROM_FILE: Session validation failed", { sessionToken, origin });
-      this.messenger.sendError(messageId, "Invalid session", origin);
+      this.messenger.sendError(messageId, "Invalid SDK channel", origin);
       return;
     }
     try {
@@ -5019,9 +5045,9 @@ var IframeWallet = class {
       this.messenger.sendError(messageId, "userId is required", origin);
       return;
     }
-    if (!this.sessionManager.validateSession(sessionToken, origin)) {
+    if (!this.sdkChannelManager.validateChannel(sessionToken, origin)) {
       console.error("[iframe] ENCRYPT_BACKUP_DATA: Session validation failed", { sessionToken, origin });
-      this.messenger.sendError(messageId, "Invalid session", origin);
+      this.messenger.sendError(messageId, "Invalid SDK channel", origin);
       return;
     }
     try {
@@ -5058,13 +5084,15 @@ var IframeWallet = class {
   sendWalletReadyStatus(userId, origin) {
     const hasKeyshare = this.storage.hasKeyshare(userId);
     const address = hasKeyshare ? this.storage.getOwnerAddress(userId) : void 0;
-    const hasSession = this.sessionManager.hasSession(origin);
+    const hasChannel = this.sdkChannelManager.hasChannel(origin);
     const status = {
-      ready: hasKeyshare && hasSession,
+      ready: hasKeyshare && hasChannel,
       userId,
       address,
       hasKeyshare,
-      hasSession,
+      hasChannel,
+      hasSession: hasChannel,
+      // backward compatibility
       timestamp: Date.now()
     };
     if (window.parent) {