@moon-x/core 0.2.0 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/{chunk-CDT4MC7S.mjs → chunk-6LTEG7VN.mjs} +0 -39
- package/dist/{chunk-SOKLPX7V.mjs → chunk-VVL65GIB.mjs} +10 -0
- package/dist/index.d.mts +2 -2
- package/dist/index.d.ts +2 -2
- package/dist/index.js +10 -0
- package/dist/index.mjs +1 -1
- package/dist/interfaces-cdKh3sLA.d.mts +192 -0
- package/dist/interfaces-pNTEOKaK.d.ts +192 -0
- package/dist/lib/index.d.mts +1 -1
- package/dist/lib/index.d.ts +1 -1
- package/dist/lib/index.js +2 -47
- package/dist/lib/index.mjs +3 -15
- package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
- package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
- package/dist/{post-message-C_99BCBh.d.mts → post-message-CmgAfkOS.d.mts} +2 -0
- package/dist/{post-message-C_99BCBh.d.ts → post-message-CmgAfkOS.d.ts} +2 -0
- package/dist/react/index.d.mts +1 -0
- package/dist/react/index.d.ts +1 -0
- package/dist/react/index.js +2 -1
- package/dist/react/index.mjs +3 -2
- package/dist/sdk/index.d.mts +52 -21
- package/dist/sdk/index.d.ts +52 -21
- package/dist/sdk/index.js +252 -102
- package/dist/sdk/index.mjs +241 -80
- package/dist/types/index.d.mts +19 -12
- package/dist/types/index.d.ts +19 -12
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +10 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +50 -114
- package/dist/web/index.mjs +51 -58
- package/package.json +6 -2
- package/dist/interfaces-9k0eKCc4.d.ts +0 -120
- package/dist/interfaces-fNhwnCeY.d.mts +0 -120
- package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
- package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/package.json
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@moon-x/core",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
|
+
"license": "UNLICENSED",
|
|
4
5
|
"main": "dist/index.js",
|
|
5
6
|
"types": "dist/index.d.ts",
|
|
6
7
|
"exports": {
|
|
@@ -56,12 +57,15 @@
|
|
|
56
57
|
"publishConfig": {
|
|
57
58
|
"access": "public"
|
|
58
59
|
},
|
|
60
|
+
"dependencies": {
|
|
61
|
+
"@simplewebauthn/browser": "^13.2.2"
|
|
62
|
+
},
|
|
59
63
|
"devDependencies": {
|
|
60
64
|
"@testing-library/react": "16.3.2",
|
|
61
65
|
"@types/react": "19.2.14",
|
|
62
66
|
"@types/react-dom": "19.2.3",
|
|
63
67
|
"@vitest/ui": "1.6.1",
|
|
64
|
-
"happy-dom": "
|
|
68
|
+
"happy-dom": "20.8.9",
|
|
65
69
|
"react": "18.3.1",
|
|
66
70
|
"react-dom": "18.3.1",
|
|
67
71
|
"tsup": "8.5.1",
|
|
@@ -1,120 +0,0 @@
|
|
|
1
|
-
import { c as PostMessageType, a as PostMessageMethod } from './post-message-C_99BCBh.js';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Transport — the bidirectional postMessage channel between the parent
|
|
5
|
-
* (web SDK or RN SDK) and the iframe-app. Web wraps
|
|
6
|
-
* `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
|
|
7
|
-
* wraps a `WebViewBridge` over react-native-webview.
|
|
8
|
-
*
|
|
9
|
-
* `send` resolves with the iframe handler's raw return value and rejects
|
|
10
|
-
* with the handler's thrown error (canonical envelope, no
|
|
11
|
-
* {success, data} unwrap at the call site).
|
|
12
|
-
*/
|
|
13
|
-
interface Transport {
|
|
14
|
-
send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
|
|
15
|
-
/**
|
|
16
|
-
* Register a handler for inbound messages from the iframe-app. Only
|
|
17
|
-
* needed by the parent-side `*WithUI` flow path, where the modal
|
|
18
|
-
* postMessages a result back that the SDK's pending Promise needs to
|
|
19
|
-
* resolve. Returns an unregister fn.
|
|
20
|
-
*/
|
|
21
|
-
register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
|
|
22
|
-
/**
|
|
23
|
-
* Whether the underlying iframe / WebView is loaded and ready to
|
|
24
|
-
* receive messages. SDK methods short-circuit with "SDK not ready"
|
|
25
|
-
* before calling `send` if this returns false.
|
|
26
|
-
*/
|
|
27
|
-
isReady(): boolean;
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* PasskeyAssertor — runs the WebAuthn ceremony in the *parent* (where
|
|
31
|
-
* user activation lives — cross-origin iframes/WebViews can't reliably
|
|
32
|
-
* get their own click handler).
|
|
33
|
-
*
|
|
34
|
-
* Both `assert` and `create` use empty `allowCredentials` on the
|
|
35
|
-
* underlying API to force the discoverable-login codepath where
|
|
36
|
-
* userHandle is REQUIRED. The userHandle bytes are the wrap key the
|
|
37
|
-
* iframe-app uses to unwrap the DEK before signing.
|
|
38
|
-
*/
|
|
39
|
-
interface PasskeyAssertor {
|
|
40
|
-
/**
|
|
41
|
-
* Run a WebAuthn assertion (`navigator.credentials.get` on web,
|
|
42
|
-
* `passkeyGet` from react-native-passkeys on RN). Returns the
|
|
43
|
-
* platform-decoded base64url forms of the credential id and userHandle.
|
|
44
|
-
*/
|
|
45
|
-
assert(opts: {
|
|
46
|
-
rpId: string;
|
|
47
|
-
challenge: string;
|
|
48
|
-
/**
|
|
49
|
-
* The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
|
|
50
|
-
* passed through for platforms that want to use it. Note both
|
|
51
|
-
* platforms today pass an empty array to the underlying API; this
|
|
52
|
-
* field is informational only (e.g. for telemetry or for a future
|
|
53
|
-
* platform that prefers non-discoverable login).
|
|
54
|
-
*/
|
|
55
|
-
allowCredentials: string[];
|
|
56
|
-
}): Promise<{
|
|
57
|
-
rawIdB64url: string;
|
|
58
|
-
userHandleB64url: string;
|
|
59
|
-
}>;
|
|
60
|
-
/**
|
|
61
|
-
* Run a WebAuthn registration (`navigator.credentials.create` on web,
|
|
62
|
-
* `passkeyCreate` from react-native-passkeys on RN). Used by passkey
|
|
63
|
-
* register flows.
|
|
64
|
-
*/
|
|
65
|
-
create(opts: {
|
|
66
|
-
rpId: string;
|
|
67
|
-
rpName: string;
|
|
68
|
-
userId: Uint8Array;
|
|
69
|
-
userName: string;
|
|
70
|
-
userDisplayName: string;
|
|
71
|
-
challenge: string;
|
|
72
|
-
excludeCredentials?: string[];
|
|
73
|
-
}): Promise<{
|
|
74
|
-
rawIdB64url: string;
|
|
75
|
-
clientDataJSONB64url: string;
|
|
76
|
-
attestationObjectB64url: string;
|
|
77
|
-
}>;
|
|
78
|
-
}
|
|
79
|
-
/**
|
|
80
|
-
* KvStorage — async key/value storage for ID tokens + session metadata.
|
|
81
|
-
* Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
|
|
82
|
-
* wraps `@react-native-async-storage/async-storage` (natively async).
|
|
83
|
-
*
|
|
84
|
-
* Always async at the interface to unify both platforms.
|
|
85
|
-
*/
|
|
86
|
-
interface KvStorage {
|
|
87
|
-
get(key: string): Promise<string | null>;
|
|
88
|
-
set(key: string, value: string): Promise<void>;
|
|
89
|
-
remove(key: string): Promise<void>;
|
|
90
|
-
}
|
|
91
|
-
/**
|
|
92
|
-
* OAuthOpener — start an OAuth authorize request and wait for the
|
|
93
|
-
* provider redirect to return with `code` + `state`. Web uses a
|
|
94
|
-
* full-page redirect or popup (completion picked up by
|
|
95
|
-
* `useOAuthCompletion` listening for postMessages); RN uses
|
|
96
|
-
* `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
|
|
97
|
-
* deep-link callback).
|
|
98
|
-
*/
|
|
99
|
-
interface OAuthOpener {
|
|
100
|
-
open(opts: {
|
|
101
|
-
authorizeUrl: string;
|
|
102
|
-
redirectUrl: string;
|
|
103
|
-
}): Promise<{
|
|
104
|
-
code: string;
|
|
105
|
-
state: string;
|
|
106
|
-
}>;
|
|
107
|
-
}
|
|
108
|
-
/**
|
|
109
|
-
* The bundle of platform impls that the SDK factories accept. Provider
|
|
110
|
-
* components on each platform construct one of these once and pass it
|
|
111
|
-
* through to the factories.
|
|
112
|
-
*/
|
|
113
|
-
interface PlatformImpls {
|
|
114
|
-
transport: Transport;
|
|
115
|
-
passkey: PasskeyAssertor;
|
|
116
|
-
storage: KvStorage;
|
|
117
|
-
oauth: OAuthOpener;
|
|
118
|
-
}
|
|
119
|
-
|
|
120
|
-
export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, PlatformImpls as a };
|
|
@@ -1,120 +0,0 @@
|
|
|
1
|
-
import { c as PostMessageType, a as PostMessageMethod } from './post-message-C_99BCBh.mjs';
|
|
2
|
-
|
|
3
|
-
/**
|
|
4
|
-
* Transport — the bidirectional postMessage channel between the parent
|
|
5
|
-
* (web SDK or RN SDK) and the iframe-app. Web wraps
|
|
6
|
-
* `createPostMessageClient(iframeRef.current.contentWindow, ...)`; RN
|
|
7
|
-
* wraps a `WebViewBridge` over react-native-webview.
|
|
8
|
-
*
|
|
9
|
-
* `send` resolves with the iframe handler's raw return value and rejects
|
|
10
|
-
* with the handler's thrown error (canonical envelope, no
|
|
11
|
-
* {success, data} unwrap at the call site).
|
|
12
|
-
*/
|
|
13
|
-
interface Transport {
|
|
14
|
-
send<P, R>(type: PostMessageType, method: PostMessageMethod, payload: P): Promise<R>;
|
|
15
|
-
/**
|
|
16
|
-
* Register a handler for inbound messages from the iframe-app. Only
|
|
17
|
-
* needed by the parent-side `*WithUI` flow path, where the modal
|
|
18
|
-
* postMessages a result back that the SDK's pending Promise needs to
|
|
19
|
-
* resolve. Returns an unregister fn.
|
|
20
|
-
*/
|
|
21
|
-
register?<P, R>(type: PostMessageType, method: PostMessageMethod, handler: (payload: P) => Promise<R> | R): () => void;
|
|
22
|
-
/**
|
|
23
|
-
* Whether the underlying iframe / WebView is loaded and ready to
|
|
24
|
-
* receive messages. SDK methods short-circuit with "SDK not ready"
|
|
25
|
-
* before calling `send` if this returns false.
|
|
26
|
-
*/
|
|
27
|
-
isReady(): boolean;
|
|
28
|
-
}
|
|
29
|
-
/**
|
|
30
|
-
* PasskeyAssertor — runs the WebAuthn ceremony in the *parent* (where
|
|
31
|
-
* user activation lives — cross-origin iframes/WebViews can't reliably
|
|
32
|
-
* get their own click handler).
|
|
33
|
-
*
|
|
34
|
-
* Both `assert` and `create` use empty `allowCredentials` on the
|
|
35
|
-
* underlying API to force the discoverable-login codepath where
|
|
36
|
-
* userHandle is REQUIRED. The userHandle bytes are the wrap key the
|
|
37
|
-
* iframe-app uses to unwrap the DEK before signing.
|
|
38
|
-
*/
|
|
39
|
-
interface PasskeyAssertor {
|
|
40
|
-
/**
|
|
41
|
-
* Run a WebAuthn assertion (`navigator.credentials.get` on web,
|
|
42
|
-
* `passkeyGet` from react-native-passkeys on RN). Returns the
|
|
43
|
-
* platform-decoded base64url forms of the credential id and userHandle.
|
|
44
|
-
*/
|
|
45
|
-
assert(opts: {
|
|
46
|
-
rpId: string;
|
|
47
|
-
challenge: string;
|
|
48
|
-
/**
|
|
49
|
-
* The wire `allow_credential_ids_b64url` list from GET_DEK_INFO,
|
|
50
|
-
* passed through for platforms that want to use it. Note both
|
|
51
|
-
* platforms today pass an empty array to the underlying API; this
|
|
52
|
-
* field is informational only (e.g. for telemetry or for a future
|
|
53
|
-
* platform that prefers non-discoverable login).
|
|
54
|
-
*/
|
|
55
|
-
allowCredentials: string[];
|
|
56
|
-
}): Promise<{
|
|
57
|
-
rawIdB64url: string;
|
|
58
|
-
userHandleB64url: string;
|
|
59
|
-
}>;
|
|
60
|
-
/**
|
|
61
|
-
* Run a WebAuthn registration (`navigator.credentials.create` on web,
|
|
62
|
-
* `passkeyCreate` from react-native-passkeys on RN). Used by passkey
|
|
63
|
-
* register flows.
|
|
64
|
-
*/
|
|
65
|
-
create(opts: {
|
|
66
|
-
rpId: string;
|
|
67
|
-
rpName: string;
|
|
68
|
-
userId: Uint8Array;
|
|
69
|
-
userName: string;
|
|
70
|
-
userDisplayName: string;
|
|
71
|
-
challenge: string;
|
|
72
|
-
excludeCredentials?: string[];
|
|
73
|
-
}): Promise<{
|
|
74
|
-
rawIdB64url: string;
|
|
75
|
-
clientDataJSONB64url: string;
|
|
76
|
-
attestationObjectB64url: string;
|
|
77
|
-
}>;
|
|
78
|
-
}
|
|
79
|
-
/**
|
|
80
|
-
* KvStorage — async key/value storage for ID tokens + session metadata.
|
|
81
|
-
* Web wraps `localStorage` (sync, lifted to a resolved Promise); RN
|
|
82
|
-
* wraps `@react-native-async-storage/async-storage` (natively async).
|
|
83
|
-
*
|
|
84
|
-
* Always async at the interface to unify both platforms.
|
|
85
|
-
*/
|
|
86
|
-
interface KvStorage {
|
|
87
|
-
get(key: string): Promise<string | null>;
|
|
88
|
-
set(key: string, value: string): Promise<void>;
|
|
89
|
-
remove(key: string): Promise<void>;
|
|
90
|
-
}
|
|
91
|
-
/**
|
|
92
|
-
* OAuthOpener — start an OAuth authorize request and wait for the
|
|
93
|
-
* provider redirect to return with `code` + `state`. Web uses a
|
|
94
|
-
* full-page redirect or popup (completion picked up by
|
|
95
|
-
* `useOAuthCompletion` listening for postMessages); RN uses
|
|
96
|
-
* `expo-web-browser.openAuthSessionAsync` (single Promise resolves on
|
|
97
|
-
* deep-link callback).
|
|
98
|
-
*/
|
|
99
|
-
interface OAuthOpener {
|
|
100
|
-
open(opts: {
|
|
101
|
-
authorizeUrl: string;
|
|
102
|
-
redirectUrl: string;
|
|
103
|
-
}): Promise<{
|
|
104
|
-
code: string;
|
|
105
|
-
state: string;
|
|
106
|
-
}>;
|
|
107
|
-
}
|
|
108
|
-
/**
|
|
109
|
-
* The bundle of platform impls that the SDK factories accept. Provider
|
|
110
|
-
* components on each platform construct one of these once and pass it
|
|
111
|
-
* through to the factories.
|
|
112
|
-
*/
|
|
113
|
-
interface PlatformImpls {
|
|
114
|
-
transport: Transport;
|
|
115
|
-
passkey: PasskeyAssertor;
|
|
116
|
-
storage: KvStorage;
|
|
117
|
-
oauth: OAuthOpener;
|
|
118
|
-
}
|
|
119
|
-
|
|
120
|
-
export type { KvStorage as K, OAuthOpener as O, PasskeyAssertor as P, Transport as T, PlatformImpls as a };
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
interface CachedAssertion {
|
|
2
|
-
userHandleB64url: string;
|
|
3
|
-
credentialIdB64url: string;
|
|
4
|
-
}
|
|
5
|
-
declare const setAssertCacheTtlMs: (ms: number) => void;
|
|
6
|
-
declare const getAssertCacheTtlMs: () => number;
|
|
7
|
-
declare const clearParentAssertCache: () => void;
|
|
8
|
-
declare const readParentAssertCache: () => CachedAssertion | null;
|
|
9
|
-
declare const writeParentAssertCache: (entry: CachedAssertion) => void;
|
|
10
|
-
/**
|
|
11
|
-
* Run `fn` inside a try/catch that clears the parent-side assertion
|
|
12
|
-
* cache on failure. Used by every wallet-interaction SDK method
|
|
13
|
-
* (sign / send / etc.) so that if the operation fails for any reason
|
|
14
|
-
* — backend rejection, network error, MPC ceremony failure — the
|
|
15
|
-
* next user attempt re-prompts biometric instead of silently reusing
|
|
16
|
-
* a possibly-bad cached assertion.
|
|
17
|
-
*
|
|
18
|
-
* The cache is set inside the platform-specific `assertPasskeyInParent`
|
|
19
|
-
* only on a successful ceremony, so cancellations / activation
|
|
20
|
-
* failures don't pollute it. This wrapper specifically handles the
|
|
21
|
-
* "assertion succeeded but downstream work failed" case where the
|
|
22
|
-
* cache is set but the user is stuck — without the clear, the user
|
|
23
|
-
* would have to refresh to escape.
|
|
24
|
-
*/
|
|
25
|
-
declare const withClearOnFailure: <T>(fn: () => Promise<T>) => Promise<T>;
|
|
26
|
-
/**
|
|
27
|
-
* Generate fresh user.id bytes for a new WebAuthn credential. The
|
|
28
|
-
* caller overrides `options.user.id` with these bytes before
|
|
29
|
-
* navigator.credentials.create so the authenticator persists them as
|
|
30
|
-
* the credential's user.id; on every subsequent assertion they come
|
|
31
|
-
* back as response.userHandle and serve as the AES-GCM key for that
|
|
32
|
-
* credential's DEK wrap.
|
|
33
|
-
*
|
|
34
|
-
* Returns the bytes both as base64url (what the WebAuthn options
|
|
35
|
-
* accept and what we ship over postMessage) and as raw bytes (for
|
|
36
|
-
* any caller that prefers direct binary).
|
|
37
|
-
*
|
|
38
|
-
* Requires a working `crypto.getRandomValues`. On RN this is provided
|
|
39
|
-
* by the `react-native-get-random-values` polyfill that the SDK's
|
|
40
|
-
* docs ask consumers to import at app entry.
|
|
41
|
-
*/
|
|
42
|
-
declare const generatePasskeyUserId: () => {
|
|
43
|
-
userIdB64url: string;
|
|
44
|
-
userIdBytes: Uint8Array;
|
|
45
|
-
};
|
|
46
|
-
|
|
47
|
-
export { type CachedAssertion as C, getAssertCacheTtlMs as a, writeParentAssertCache as b, clearParentAssertCache as c, generatePasskeyUserId as g, readParentAssertCache as r, setAssertCacheTtlMs as s, withClearOnFailure as w };
|
|
@@ -1,47 +0,0 @@
|
|
|
1
|
-
interface CachedAssertion {
|
|
2
|
-
userHandleB64url: string;
|
|
3
|
-
credentialIdB64url: string;
|
|
4
|
-
}
|
|
5
|
-
declare const setAssertCacheTtlMs: (ms: number) => void;
|
|
6
|
-
declare const getAssertCacheTtlMs: () => number;
|
|
7
|
-
declare const clearParentAssertCache: () => void;
|
|
8
|
-
declare const readParentAssertCache: () => CachedAssertion | null;
|
|
9
|
-
declare const writeParentAssertCache: (entry: CachedAssertion) => void;
|
|
10
|
-
/**
|
|
11
|
-
* Run `fn` inside a try/catch that clears the parent-side assertion
|
|
12
|
-
* cache on failure. Used by every wallet-interaction SDK method
|
|
13
|
-
* (sign / send / etc.) so that if the operation fails for any reason
|
|
14
|
-
* — backend rejection, network error, MPC ceremony failure — the
|
|
15
|
-
* next user attempt re-prompts biometric instead of silently reusing
|
|
16
|
-
* a possibly-bad cached assertion.
|
|
17
|
-
*
|
|
18
|
-
* The cache is set inside the platform-specific `assertPasskeyInParent`
|
|
19
|
-
* only on a successful ceremony, so cancellations / activation
|
|
20
|
-
* failures don't pollute it. This wrapper specifically handles the
|
|
21
|
-
* "assertion succeeded but downstream work failed" case where the
|
|
22
|
-
* cache is set but the user is stuck — without the clear, the user
|
|
23
|
-
* would have to refresh to escape.
|
|
24
|
-
*/
|
|
25
|
-
declare const withClearOnFailure: <T>(fn: () => Promise<T>) => Promise<T>;
|
|
26
|
-
/**
|
|
27
|
-
* Generate fresh user.id bytes for a new WebAuthn credential. The
|
|
28
|
-
* caller overrides `options.user.id` with these bytes before
|
|
29
|
-
* navigator.credentials.create so the authenticator persists them as
|
|
30
|
-
* the credential's user.id; on every subsequent assertion they come
|
|
31
|
-
* back as response.userHandle and serve as the AES-GCM key for that
|
|
32
|
-
* credential's DEK wrap.
|
|
33
|
-
*
|
|
34
|
-
* Returns the bytes both as base64url (what the WebAuthn options
|
|
35
|
-
* accept and what we ship over postMessage) and as raw bytes (for
|
|
36
|
-
* any caller that prefers direct binary).
|
|
37
|
-
*
|
|
38
|
-
* Requires a working `crypto.getRandomValues`. On RN this is provided
|
|
39
|
-
* by the `react-native-get-random-values` polyfill that the SDK's
|
|
40
|
-
* docs ask consumers to import at app entry.
|
|
41
|
-
*/
|
|
42
|
-
declare const generatePasskeyUserId: () => {
|
|
43
|
-
userIdB64url: string;
|
|
44
|
-
userIdBytes: Uint8Array;
|
|
45
|
-
};
|
|
46
|
-
|
|
47
|
-
export { type CachedAssertion as C, getAssertCacheTtlMs as a, writeParentAssertCache as b, clearParentAssertCache as c, generatePasskeyUserId as g, readParentAssertCache as r, setAssertCacheTtlMs as s, withClearOnFailure as w };
|