@moon-x/core 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/{chunk-CDT4MC7S.mjs → chunk-I56GRKAG.mjs} +19 -39
- package/dist/{chunk-VVL65GIB.mjs → chunk-JU5MWLXH.mjs} +14 -0
- package/dist/index.d.mts +2 -3
- package/dist/index.d.ts +2 -3
- package/dist/index.js +14 -0
- package/dist/index.mjs +1 -1
- package/dist/{interfaces-Bm7fGOAI.d.ts → interfaces-1vfik3Ef.d.ts} +24 -1
- package/dist/{interfaces-CYtJHALV.d.mts → interfaces-BdIeMGGD.d.mts} +24 -1
- package/dist/lib/index.d.mts +33 -3
- package/dist/lib/index.d.ts +33 -3
- package/dist/lib/index.js +23 -47
- package/dist/lib/index.mjs +7 -15
- package/dist/passkey-cache-WnDFQ-v4.d.mts +26 -0
- package/dist/passkey-cache-WnDFQ-v4.d.ts +26 -0
- package/dist/{post-message-CmgAfkOS.d.mts → post-message-Z6cLf0mS.d.mts} +3 -0
- package/dist/{post-message-CmgAfkOS.d.ts → post-message-Z6cLf0mS.d.ts} +3 -0
- package/dist/react/ethereum.d.mts +0 -1
- package/dist/react/ethereum.d.ts +0 -1
- package/dist/react/index.d.mts +41 -3
- package/dist/react/index.d.ts +41 -3
- package/dist/react/index.js +138 -12
- package/dist/react/index.mjs +137 -12
- package/dist/react/solana.d.mts +0 -1
- package/dist/react/solana.d.ts +0 -1
- package/dist/sdk/index.d.mts +87 -16
- package/dist/sdk/index.d.ts +87 -16
- package/dist/sdk/index.js +456 -102
- package/dist/sdk/index.mjs +440 -80
- package/dist/types/index.d.mts +135 -12
- package/dist/types/index.d.ts +135 -12
- package/dist/utils/index.d.mts +1 -1
- package/dist/utils/index.d.ts +1 -1
- package/dist/utils/index.js +14 -0
- package/dist/utils/index.mjs +1 -1
- package/dist/web/index.d.mts +2 -2
- package/dist/web/index.d.ts +2 -2
- package/dist/web/index.js +29 -0
- package/dist/web/index.mjs +30 -1
- package/package.json +3 -1
- package/dist/chain-C9dvKXUY.d.mts +0 -48
- package/dist/chain-C9dvKXUY.d.ts +0 -48
- package/dist/passkey-cache-B9PT3AWX.d.mts +0 -47
- package/dist/passkey-cache-B9PT3AWX.d.ts +0 -47
package/README.md
CHANGED
|
@@ -18,7 +18,7 @@ This package owns everything that's identical between web and mobile:
|
|
|
18
18
|
- **Headless SDK factories** (`@moon-x/core/sdk`) — platform-agnostic implementations of `signMessage`, `signTransaction`, `sendTransaction`, etc. that take a `Transport` + `PasskeyAssertor` + `KvStorage` via DI. Web and RN both wire their platform impls into these factories.
|
|
19
19
|
- **Web platform impls** (`@moon-x/core/web`) — `createIframeTransport`, `createWebAuthnPasskey`, `createLocalStorageKv`. React-native has its own equivalents inside `@moon-x/react-native-sdk/platform/*`.
|
|
20
20
|
- **Shared React hooks** (`@moon-x/core/react`) — hooks that run identically on web + RN (`useUser`, `useWallets`, `useLogout`, `useLoginWithEmail`, `usePasskeyStatus`, `useAddPasskey`, `useRemovePasskey`, `useCreateWallet`, `useImportKey`, plus per-chain hooks under `@moon-x/core/react/ethereum` and `@moon-x/core/react/solana`). The platform SDKs re-export these directly so consumers never import from core.
|
|
21
|
-
- **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec +
|
|
21
|
+
- **Pure utilities** (`@moon-x/core/lib`) — EVM chain/gas helpers (`getEvmGasPrice`, `estimateEvmGas`, `getEvmNonce`, `chains`), `prepareEvmSignTransaction` / `prepareEvmSendTransaction` (chain + RPC + nonce/gas/fee auto-fill), SIWE/SIWS message builders, passkey codec + `generatePasskeyUserId`, AAGUID registry, Solana transaction log parser, etc. (The parent-side passkey-assertion cache was removed in Phase 4 of the presence-token gating work — every sensitive op now mints scope-bound single-use tokens via `getInternalPresenceTokens`.)
|
|
22
22
|
|
|
23
23
|
## Subpath exports
|
|
24
24
|
|
|
@@ -100,39 +100,6 @@ var toB64url = (bytes) => {
|
|
|
100
100
|
};
|
|
101
101
|
|
|
102
102
|
// src/lib/passkey/passkey-cache.ts
|
|
103
|
-
var cacheTtlMs = 0;
|
|
104
|
-
var cache = null;
|
|
105
|
-
var setAssertCacheTtlMs = (ms) => {
|
|
106
|
-
cacheTtlMs = Math.max(0, Math.floor(ms));
|
|
107
|
-
if (cacheTtlMs === 0) {
|
|
108
|
-
cache = null;
|
|
109
|
-
}
|
|
110
|
-
};
|
|
111
|
-
var getAssertCacheTtlMs = () => cacheTtlMs;
|
|
112
|
-
var clearParentAssertCache = () => {
|
|
113
|
-
cache = null;
|
|
114
|
-
};
|
|
115
|
-
var readParentAssertCache = () => {
|
|
116
|
-
if (cacheTtlMs <= 0) return null;
|
|
117
|
-
if (!cache) return null;
|
|
118
|
-
if (Date.now() - cache.ts >= cacheTtlMs) return null;
|
|
119
|
-
return {
|
|
120
|
-
userHandleB64url: cache.userHandleB64url,
|
|
121
|
-
credentialIdB64url: cache.credentialIdB64url
|
|
122
|
-
};
|
|
123
|
-
};
|
|
124
|
-
var writeParentAssertCache = (entry) => {
|
|
125
|
-
if (cacheTtlMs <= 0) return;
|
|
126
|
-
cache = { ...entry, ts: Date.now() };
|
|
127
|
-
};
|
|
128
|
-
var withClearOnFailure = async (fn) => {
|
|
129
|
-
try {
|
|
130
|
-
return await fn();
|
|
131
|
-
} catch (error) {
|
|
132
|
-
clearParentAssertCache();
|
|
133
|
-
throw error;
|
|
134
|
-
}
|
|
135
|
-
};
|
|
136
103
|
var generatePasskeyUserId = () => {
|
|
137
104
|
const bytes = crypto.getRandomValues(new Uint8Array(32));
|
|
138
105
|
return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
|
|
@@ -1458,6 +1425,23 @@ var broadcastSolanaSigned = async (rpcUrl, signedBase58) => {
|
|
|
1458
1425
|
return result.result;
|
|
1459
1426
|
};
|
|
1460
1427
|
|
|
1428
|
+
// src/lib/wallet-algorithm.ts
|
|
1429
|
+
function canonicalAlgorithmFor(chain) {
|
|
1430
|
+
switch (chain) {
|
|
1431
|
+
case "ethereum":
|
|
1432
|
+
return "ecdsa";
|
|
1433
|
+
case "solana":
|
|
1434
|
+
return "exportable-ed25519";
|
|
1435
|
+
default:
|
|
1436
|
+
throw new Error(`No canonical algorithm for chain: ${chain}`);
|
|
1437
|
+
}
|
|
1438
|
+
}
|
|
1439
|
+
function parseDerivationPath(path) {
|
|
1440
|
+
if (!path || path === "m") return new Uint32Array([]);
|
|
1441
|
+
const rest = path.startsWith("m/") ? path.slice(2) : path;
|
|
1442
|
+
return new Uint32Array(rest.split("/").map((s) => Number(s)));
|
|
1443
|
+
}
|
|
1444
|
+
|
|
1461
1445
|
// src/lib/wire-codec.ts
|
|
1462
1446
|
var arrayLikeToBytes = (value) => {
|
|
1463
1447
|
if (value instanceof Uint8Array) return value;
|
|
@@ -1492,12 +1476,6 @@ export {
|
|
|
1492
1476
|
verifyIdToken,
|
|
1493
1477
|
fromB64url,
|
|
1494
1478
|
toB64url,
|
|
1495
|
-
setAssertCacheTtlMs,
|
|
1496
|
-
getAssertCacheTtlMs,
|
|
1497
|
-
clearParentAssertCache,
|
|
1498
|
-
readParentAssertCache,
|
|
1499
|
-
writeParentAssertCache,
|
|
1500
|
-
withClearOnFailure,
|
|
1501
1479
|
generatePasskeyUserId,
|
|
1502
1480
|
formatPasskeyLabel,
|
|
1503
1481
|
resolvePasskeyMetadata,
|
|
@@ -1527,6 +1505,8 @@ export {
|
|
|
1527
1505
|
serializeEthereumTransaction,
|
|
1528
1506
|
broadcastEthereumRaw,
|
|
1529
1507
|
broadcastSolanaSigned,
|
|
1508
|
+
canonicalAlgorithmFor,
|
|
1509
|
+
parseDerivationPath,
|
|
1530
1510
|
arrayLikeToBytes,
|
|
1531
1511
|
bs58ToBytes
|
|
1532
1512
|
};
|
|
@@ -51,6 +51,20 @@ var PostMessageMethod = {
|
|
|
51
51
|
// dispatcher boring.
|
|
52
52
|
SIGN_HASH: "SIGN_HASH",
|
|
53
53
|
SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION",
|
|
54
|
+
// Provision a SES (Secure Ephemeral Signer) over one or more of the
|
|
55
|
+
// user's MPC wallets. Iframe verifies the Nitro attestation, decrypts
|
|
56
|
+
// the selected keyshares, HPKE-seals them to the verified enclave
|
|
57
|
+
// pubkey, and returns a freshly-generated Ed25519 signer keypair.
|
|
58
|
+
// MoonX never persists the private key — the parent must hand it to
|
|
59
|
+
// the user immediately.
|
|
60
|
+
PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER",
|
|
61
|
+
// List the user's active provisioned ephemeral signers from the
|
|
62
|
+
// wallets backend. Read-only; doesn't touch SES or the enclave.
|
|
63
|
+
LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS",
|
|
64
|
+
// Soft-revoke a previously-provisioned ephemeral signer. The wallets
|
|
65
|
+
// backend updates revoked_at locally and forwards the revoke to SES
|
|
66
|
+
// so the enclave drops the policy.
|
|
67
|
+
REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER",
|
|
54
68
|
VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP",
|
|
55
69
|
VERIFY_OAUTH: "VERIFY_OAUTH",
|
|
56
70
|
START_OAUTH: "START_OAUTH",
|
package/dist/index.d.mts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
|
|
1
|
+
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.mjs';
|
|
2
2
|
export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.mjs';
|
|
3
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-
|
|
4
|
-
export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.mjs';
|
|
3
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.mjs';
|
package/dist/index.d.ts
CHANGED
|
@@ -1,4 +1,3 @@
|
|
|
1
|
-
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
|
|
1
|
+
export { AccessTokenClaims, AppConfigRequest, AppConfigResponse, AttachOAuthTokenRequest, AttachOAuthTokenResponse, AuthAppearance, AuthFlow, AuthFlowComponent, AuthLoginMethod, AuthProviderConfig, BaseGetBalanceParams, BaseGetBalanceResult, BaseGetTokenAccountsParams, BaseSendTransactionParams, BaseSendTransactionResult, BaseSignMessageParams, BaseSignMessageResult, BaseSignTransactionParams, BaseSignTransactionResult, BaseTokenClaims, BaseUIOptions, BaseWalletHooks, BlockExplorer, Chain, ChainLikeWithId, ContractUIOptions, CreateWalletResponse, DefaultFundingMethod, DeleteSessionRequest, DeleteSessionResponse, DetachOAuthTokenRequest, DeviceFingerprint, DisplayMode, EmailOtpConfig, EmailOtpFlowState, EphemeralSigner, EphemeralSignerChain, EphemeralSignerScheme, EphemeralSignerWallet, EthereumChainConfig, EthereumFundingConfig, EthereumGetBalanceParams, EthereumGetBalanceResult, EthereumGetTokenAccountsByOwnerParams, EthereumGetTokenAccountsByOwnerResult, EthereumSendTransactionParams, EthereumSendTransactionRequest, EthereumSendTransactionResult, EthereumSign7702AuthorizationParams, EthereumSign7702AuthorizationResult, EthereumSignHashParams, EthereumSignHashResult, EthereumSignMessageParams, EthereumSignMessageResult, EthereumSignTransactionParams, EthereumSignTransactionResult, EthereumSignTypedDataParams, EthereumSignTypedDataResult, EthereumSwitchChainParams, ExportKeyConfig, Factor, FlexibleTheme, FundWalletConfig, FundingEvents, FundingMethod, FundingUIConfig, GetCurrentSessionRequest, GetCurrentSessionResponse, Hex, IdentityTokenClaims, IdpProvider, IsAuthenticatedRequest, IsAuthenticatedResponse, ListEphemeralSignersResult, LoginTokenBundle, LogoutRequest, LogoutResponse, MessageTypeProperty, MessageTypes, MoonKeyThemeConfig, MoonPaySignRequest, MoonPaySignResponse, MpcKeyShares, NativeCurrency, Network, OAuthRequest, OAuthResponse, OnrampFundingSettings, PasskeyEnrollConfig, PasskeySettings, PreferredCardProvider, PrefillConfig, PresenceTokenClaims, ProvisionEphemeralSignerParams, ProvisionEphemeralSignerResult, PublicEthereumWallet, PublicSessionData, PublicWallet, RefreshSessionRequest, RefreshSessionResponse, RetrieveWalletKeyRequest, RetrieveWalletKeyResponse, RevokeEphemeralSignerParams, RpcConfig, RpcUrls, SdkSettings, SendEmailOtpRequest, SendEmailOtpResponse, SendTransactionConfig, SendTransactionRequest, SessionData, SharesDeviceRequest, SharesDeviceResponse, Sign7702AuthorizationError, Sign7702AuthorizationParams, Sign7702AuthorizationResponse, Sign7702AuthorizationResult, SignMessageConfig, SignTransactionConfig, SignTypedDataError, SignTypedDataParams, SignTypedDataResponse, SignTypedDataResult, SmsSettings, SolanaChain, SolanaFundingConfig, SolanaGetBalanceParams, SolanaGetBalanceResult, SolanaGetTokenAccountsByOwnerParams, SolanaGetTokenAccountsByOwnerResult, SolanaSendTransactionParams, SolanaSendTransactionResult, SolanaSignMessageParams, SolanaSignMessageResult, SolanaSignTransactionParams, SolanaSignTransactionResult, TransactionCommitment, TransactionEncoding, TransactionUIOptions, TypedMessage, UseFundWalletInterface, UsersMePublicResponse, UsersMeRequest, UsersMeResponse, VerifiedSession, VerifyEmailOtpRequest, VerifyEmailOtpResponse, VerifyEmailOtpUser, VerifyOAuthTokenRequest, VerifyOAuthTokenResponse, VerifySiweWalletRegistrationRequest, WALLET_ERROR_CODES, Wallet, WalletChain, WalletChainType, WalletConnectConfig, WalletCreationError, WalletError, WalletErrorCode, WalletKeyRequest, WalletListEntry, WalletRegistrationNonceRequest, WalletRegistrationNonceResponse, WalletType, WalletVerifyRequest } from './types/index.js';
|
|
2
2
|
export { getIframeOrigin, getIframeUrl, getMoonKeyApiUrl } from './utils/index.js';
|
|
3
|
-
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-
|
|
4
|
-
export { B as BlockExplorer, C as Chain, a as ChainLikeWithId, E as EthereumChainConfig, N as NativeCurrency, R as RpcConfig, b as RpcUrls } from './chain-C9dvKXUY.js';
|
|
3
|
+
export { F as FORWARDED_ERROR_FIELDS, P as PostMessageClient, a as PostMessageMethod, b as PostMessageServer, c as PostMessageType } from './post-message-Z6cLf0mS.js';
|
package/dist/index.js
CHANGED
|
@@ -177,6 +177,20 @@ var PostMessageMethod = {
|
|
|
177
177
|
// dispatcher boring.
|
|
178
178
|
SIGN_HASH: "SIGN_HASH",
|
|
179
179
|
SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION",
|
|
180
|
+
// Provision a SES (Secure Ephemeral Signer) over one or more of the
|
|
181
|
+
// user's MPC wallets. Iframe verifies the Nitro attestation, decrypts
|
|
182
|
+
// the selected keyshares, HPKE-seals them to the verified enclave
|
|
183
|
+
// pubkey, and returns a freshly-generated Ed25519 signer keypair.
|
|
184
|
+
// MoonX never persists the private key — the parent must hand it to
|
|
185
|
+
// the user immediately.
|
|
186
|
+
PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER",
|
|
187
|
+
// List the user's active provisioned ephemeral signers from the
|
|
188
|
+
// wallets backend. Read-only; doesn't touch SES or the enclave.
|
|
189
|
+
LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS",
|
|
190
|
+
// Soft-revoke a previously-provisioned ephemeral signer. The wallets
|
|
191
|
+
// backend updates revoked_at locally and forwards the revoke to SES
|
|
192
|
+
// so the enclave drops the policy.
|
|
193
|
+
REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER",
|
|
180
194
|
VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP",
|
|
181
195
|
VERIFY_OAUTH: "VERIFY_OAUTH",
|
|
182
196
|
START_OAUTH: "START_OAUTH",
|
package/dist/index.mjs
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { c as PostMessageType, a as PostMessageMethod } from './post-message-
|
|
1
|
+
import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Transport — the bidirectional postMessage channel between the parent
|
|
@@ -87,6 +87,29 @@ interface PasskeyAssertor {
|
|
|
87
87
|
assertForServer(opts: {
|
|
88
88
|
optionsJSON: WebAuthnRequestOptions;
|
|
89
89
|
}): Promise<WebAuthnAssertionResponse>;
|
|
90
|
+
/**
|
|
91
|
+
* Internal-use variant of assertForServer. Runs the same WebAuthn
|
|
92
|
+
* ceremony and returns the same sanitized assertion (userHandle
|
|
93
|
+
* stripped on the platform boundary), but ALSO surfaces the
|
|
94
|
+
* captured userHandle + credential id separately for the SDK
|
|
95
|
+
* orchestrator's downstream postMessage payload — the iframe needs
|
|
96
|
+
* the userHandle bytes to do AES-GCM unwrap of the DEK after the
|
|
97
|
+
* presence ceremony mints the scoped tokens.
|
|
98
|
+
*
|
|
99
|
+
* DEK hygiene boundary: the sanitized `response` field still has
|
|
100
|
+
* `response.userHandle === undefined`. The separate
|
|
101
|
+
* `userHandleB64url` field stays inside the orchestrator and is
|
|
102
|
+
* postMessaged to the iframe — never sent over the network to the
|
|
103
|
+
* presence-verify server call. The strip is enforced by the impl;
|
|
104
|
+
* the separate surfacing is opt-in via this method.
|
|
105
|
+
*/
|
|
106
|
+
assertForInternalPresence(opts: {
|
|
107
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
108
|
+
}): Promise<{
|
|
109
|
+
response: WebAuthnAssertionResponse;
|
|
110
|
+
userHandleB64url: string;
|
|
111
|
+
credentialIdB64url: string;
|
|
112
|
+
}>;
|
|
90
113
|
}
|
|
91
114
|
/**
|
|
92
115
|
* Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { c as PostMessageType, a as PostMessageMethod } from './post-message-
|
|
1
|
+
import { c as PostMessageType, a as PostMessageMethod } from './post-message-Z6cLf0mS.mjs';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* Transport — the bidirectional postMessage channel between the parent
|
|
@@ -87,6 +87,29 @@ interface PasskeyAssertor {
|
|
|
87
87
|
assertForServer(opts: {
|
|
88
88
|
optionsJSON: WebAuthnRequestOptions;
|
|
89
89
|
}): Promise<WebAuthnAssertionResponse>;
|
|
90
|
+
/**
|
|
91
|
+
* Internal-use variant of assertForServer. Runs the same WebAuthn
|
|
92
|
+
* ceremony and returns the same sanitized assertion (userHandle
|
|
93
|
+
* stripped on the platform boundary), but ALSO surfaces the
|
|
94
|
+
* captured userHandle + credential id separately for the SDK
|
|
95
|
+
* orchestrator's downstream postMessage payload — the iframe needs
|
|
96
|
+
* the userHandle bytes to do AES-GCM unwrap of the DEK after the
|
|
97
|
+
* presence ceremony mints the scoped tokens.
|
|
98
|
+
*
|
|
99
|
+
* DEK hygiene boundary: the sanitized `response` field still has
|
|
100
|
+
* `response.userHandle === undefined`. The separate
|
|
101
|
+
* `userHandleB64url` field stays inside the orchestrator and is
|
|
102
|
+
* postMessaged to the iframe — never sent over the network to the
|
|
103
|
+
* presence-verify server call. The strip is enforced by the impl;
|
|
104
|
+
* the separate surfacing is opt-in via this method.
|
|
105
|
+
*/
|
|
106
|
+
assertForInternalPresence(opts: {
|
|
107
|
+
optionsJSON: WebAuthnRequestOptions;
|
|
108
|
+
}): Promise<{
|
|
109
|
+
response: WebAuthnAssertionResponse;
|
|
110
|
+
userHandleB64url: string;
|
|
111
|
+
credentialIdB64url: string;
|
|
112
|
+
}>;
|
|
90
113
|
}
|
|
91
114
|
/**
|
|
92
115
|
* Subset of `PublicKeyCredentialRequestOptionsJSON` we forward to the
|
package/dist/lib/index.d.mts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
export { C as CachedAssertion,
|
|
1
|
+
export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.mjs';
|
|
2
2
|
export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.mjs';
|
|
3
|
-
import {
|
|
3
|
+
import { Chain, WalletChain } from '../types/index.mjs';
|
|
4
4
|
import { SiweMessage } from 'siwe';
|
|
5
5
|
import { Connection, PublicKey } from '@solana/web3.js';
|
|
6
6
|
|
|
@@ -389,6 +389,36 @@ declare const serializeEthereumTransaction: (transaction: any) => Promise<string
|
|
|
389
389
|
declare const broadcastEthereumRaw: (rpcUrl: string, signedSerialized: string) => Promise<string>;
|
|
390
390
|
declare const broadcastSolanaSigned: (rpcUrl: string, signedBase58: string) => Promise<string>;
|
|
391
391
|
|
|
392
|
+
/**
|
|
393
|
+
* Canonical algorithm name written to `app_user_wallet_keyshares.algorithm`.
|
|
394
|
+
*
|
|
395
|
+
* Matches Sodot's Vertex API path segment exactly:
|
|
396
|
+
*
|
|
397
|
+
* ethereum → "ecdsa"
|
|
398
|
+
* solana → "exportable-ed25519"
|
|
399
|
+
*
|
|
400
|
+
* `Algorithm.name.toLowerCase()` from the Sodot SDK would give
|
|
401
|
+
* `"exportableed25519"` (no hyphen) for Solana, which doesn't match
|
|
402
|
+
* anything else in the stack and causes sign dispatch to fall through
|
|
403
|
+
* to the default error branch. Use this helper instead.
|
|
404
|
+
*/
|
|
405
|
+
declare function canonicalAlgorithmFor(chain: WalletChain): string;
|
|
406
|
+
/**
|
|
407
|
+
* Parse the canonical SES wire form of a derivation path into the
|
|
408
|
+
* integer array the Sodot MPC client expects.
|
|
409
|
+
*
|
|
410
|
+
* "m" → [] (root — imports + all
|
|
411
|
+
* exportable-ed25519 wallets)
|
|
412
|
+
* "m/44/60/0/0/0" → [44, 60, 0, 0, 0]
|
|
413
|
+
* "" → [] (legacy fallback; same as "m")
|
|
414
|
+
*
|
|
415
|
+
* Stays byte-for-byte identical to the Go-side `ParseDerivationPath`
|
|
416
|
+
* in `apps/wallets/internal/service/wallet.go` — both halves of the
|
|
417
|
+
* MPC ceremony have to agree on the path or Sodot returns "End-to-end
|
|
418
|
+
* decryption failed" with no further hint as to which input mismatched.
|
|
419
|
+
*/
|
|
420
|
+
declare function parseDerivationPath(path: string): Uint32Array;
|
|
421
|
+
|
|
392
422
|
/**
|
|
393
423
|
* Convert any wire representation of a byte array back into Uint8Array.
|
|
394
424
|
* Pass-through for actual `Uint8Array` and regular `number[]`. Used
|
|
@@ -407,4 +437,4 @@ declare const arrayLikeToBytes: (value: unknown) => Uint8Array;
|
|
|
407
437
|
*/
|
|
408
438
|
declare const bs58ToBytes: (value: unknown) => Promise<Uint8Array>;
|
|
409
439
|
|
|
410
|
-
export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
|
|
440
|
+
export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, canonicalAlgorithmFor, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, parseDerivationPath, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
|
package/dist/lib/index.d.ts
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
|
-
export { C as CachedAssertion,
|
|
1
|
+
export { C as CachedAssertion, g as generatePasskeyUserId } from '../passkey-cache-WnDFQ-v4.js';
|
|
2
2
|
export { a as PasskeyFormFactor, P as PasskeyMetadata, b as PasskeyMetadataInput, f as formatPasskeyLabel, r as resolvePasskeyMetadata } from '../passkey-metadata-QqFF2SWQ.js';
|
|
3
|
-
import {
|
|
3
|
+
import { Chain, WalletChain } from '../types/index.js';
|
|
4
4
|
import { SiweMessage } from 'siwe';
|
|
5
5
|
import { Connection, PublicKey } from '@solana/web3.js';
|
|
6
6
|
|
|
@@ -389,6 +389,36 @@ declare const serializeEthereumTransaction: (transaction: any) => Promise<string
|
|
|
389
389
|
declare const broadcastEthereumRaw: (rpcUrl: string, signedSerialized: string) => Promise<string>;
|
|
390
390
|
declare const broadcastSolanaSigned: (rpcUrl: string, signedBase58: string) => Promise<string>;
|
|
391
391
|
|
|
392
|
+
/**
|
|
393
|
+
* Canonical algorithm name written to `app_user_wallet_keyshares.algorithm`.
|
|
394
|
+
*
|
|
395
|
+
* Matches Sodot's Vertex API path segment exactly:
|
|
396
|
+
*
|
|
397
|
+
* ethereum → "ecdsa"
|
|
398
|
+
* solana → "exportable-ed25519"
|
|
399
|
+
*
|
|
400
|
+
* `Algorithm.name.toLowerCase()` from the Sodot SDK would give
|
|
401
|
+
* `"exportableed25519"` (no hyphen) for Solana, which doesn't match
|
|
402
|
+
* anything else in the stack and causes sign dispatch to fall through
|
|
403
|
+
* to the default error branch. Use this helper instead.
|
|
404
|
+
*/
|
|
405
|
+
declare function canonicalAlgorithmFor(chain: WalletChain): string;
|
|
406
|
+
/**
|
|
407
|
+
* Parse the canonical SES wire form of a derivation path into the
|
|
408
|
+
* integer array the Sodot MPC client expects.
|
|
409
|
+
*
|
|
410
|
+
* "m" → [] (root — imports + all
|
|
411
|
+
* exportable-ed25519 wallets)
|
|
412
|
+
* "m/44/60/0/0/0" → [44, 60, 0, 0, 0]
|
|
413
|
+
* "" → [] (legacy fallback; same as "m")
|
|
414
|
+
*
|
|
415
|
+
* Stays byte-for-byte identical to the Go-side `ParseDerivationPath`
|
|
416
|
+
* in `apps/wallets/internal/service/wallet.go` — both halves of the
|
|
417
|
+
* MPC ceremony have to agree on the path or Sodot returns "End-to-end
|
|
418
|
+
* decryption failed" with no further hint as to which input mismatched.
|
|
419
|
+
*/
|
|
420
|
+
declare function parseDerivationPath(path: string): Uint32Array;
|
|
421
|
+
|
|
392
422
|
/**
|
|
393
423
|
* Convert any wire representation of a byte array back into Uint8Array.
|
|
394
424
|
* Pass-through for actual `Uint8Array` and regular `number[]`. Used
|
|
@@ -407,4 +437,4 @@ declare const arrayLikeToBytes: (value: unknown) => Uint8Array;
|
|
|
407
437
|
*/
|
|
408
438
|
declare const bs58ToBytes: (value: unknown) => Promise<Uint8Array>;
|
|
409
439
|
|
|
410
|
-
export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
|
|
440
|
+
export { type BuildUrlConfig, DEFAULT_AUTH_URL, EthereumSiweMessage, type EthereumSiweMessageProps, type EvmTransactionInput, type EvmTxPrepWallet, type ManualSiweMessageProps, SiwsMessage, SolanaTransactionParser, type VerifyIdTokenResponse, arrayLikeToBytes, authState, broadcastEthereumRaw, broadcastSolanaSigned, bs58ToBytes, buildUrl, canonicalAlgorithmFor, createManualSiweMessage, estimateEvmGas, estimateEvmGasReserve, fromB64url, getChainById, getDefaultChain, getEvmGasPrice, getEvmMaxPriorityFeePerGas, getEvmNonce, getInstructionsForHTML, getRpcUrl, getSOLTransfersFromInstructions, getTransferInfoFromInstructions, isChainSupported, parseDerivationPath, prepareEvmSendTransaction, prepareEvmSignTransaction, resolveEvmChain, sanitizeUserData, serializeEthereumTransaction, setChainRpcUrl, toB64url, validateChainConfig, verifyIdToken };
|
package/dist/lib/index.js
CHANGED
|
@@ -40,14 +40,13 @@ __export(lib_exports, {
|
|
|
40
40
|
broadcastSolanaSigned: () => broadcastSolanaSigned,
|
|
41
41
|
bs58ToBytes: () => bs58ToBytes,
|
|
42
42
|
buildUrl: () => buildUrl,
|
|
43
|
-
|
|
43
|
+
canonicalAlgorithmFor: () => canonicalAlgorithmFor,
|
|
44
44
|
createManualSiweMessage: () => createManualSiweMessage,
|
|
45
45
|
estimateEvmGas: () => estimateEvmGas,
|
|
46
46
|
estimateEvmGasReserve: () => estimateEvmGasReserve,
|
|
47
47
|
formatPasskeyLabel: () => formatPasskeyLabel,
|
|
48
48
|
fromB64url: () => fromB64url,
|
|
49
49
|
generatePasskeyUserId: () => generatePasskeyUserId,
|
|
50
|
-
getAssertCacheTtlMs: () => getAssertCacheTtlMs,
|
|
51
50
|
getChainById: () => getChainById,
|
|
52
51
|
getDefaultChain: () => getDefaultChain,
|
|
53
52
|
getEvmGasPrice: () => getEvmGasPrice,
|
|
@@ -58,20 +57,17 @@ __export(lib_exports, {
|
|
|
58
57
|
getSOLTransfersFromInstructions: () => getSOLTransfersFromInstructions,
|
|
59
58
|
getTransferInfoFromInstructions: () => getTransferInfoFromInstructions,
|
|
60
59
|
isChainSupported: () => isChainSupported,
|
|
60
|
+
parseDerivationPath: () => parseDerivationPath,
|
|
61
61
|
prepareEvmSendTransaction: () => prepareEvmSendTransaction,
|
|
62
62
|
prepareEvmSignTransaction: () => prepareEvmSignTransaction,
|
|
63
|
-
readParentAssertCache: () => readParentAssertCache,
|
|
64
63
|
resolveEvmChain: () => resolveEvmChain,
|
|
65
64
|
resolvePasskeyMetadata: () => resolvePasskeyMetadata,
|
|
66
65
|
sanitizeUserData: () => sanitizeUserData,
|
|
67
66
|
serializeEthereumTransaction: () => serializeEthereumTransaction,
|
|
68
|
-
setAssertCacheTtlMs: () => setAssertCacheTtlMs,
|
|
69
67
|
setChainRpcUrl: () => setChainRpcUrl,
|
|
70
68
|
toB64url: () => toB64url,
|
|
71
69
|
validateChainConfig: () => validateChainConfig,
|
|
72
|
-
verifyIdToken: () => verifyIdToken
|
|
73
|
-
withClearOnFailure: () => withClearOnFailure,
|
|
74
|
-
writeParentAssertCache: () => writeParentAssertCache
|
|
70
|
+
verifyIdToken: () => verifyIdToken
|
|
75
71
|
});
|
|
76
72
|
module.exports = __toCommonJS(lib_exports);
|
|
77
73
|
|
|
@@ -190,39 +186,6 @@ var toB64url = (bytes) => {
|
|
|
190
186
|
};
|
|
191
187
|
|
|
192
188
|
// src/lib/passkey/passkey-cache.ts
|
|
193
|
-
var cacheTtlMs = 0;
|
|
194
|
-
var cache = null;
|
|
195
|
-
var setAssertCacheTtlMs = (ms) => {
|
|
196
|
-
cacheTtlMs = Math.max(0, Math.floor(ms));
|
|
197
|
-
if (cacheTtlMs === 0) {
|
|
198
|
-
cache = null;
|
|
199
|
-
}
|
|
200
|
-
};
|
|
201
|
-
var getAssertCacheTtlMs = () => cacheTtlMs;
|
|
202
|
-
var clearParentAssertCache = () => {
|
|
203
|
-
cache = null;
|
|
204
|
-
};
|
|
205
|
-
var readParentAssertCache = () => {
|
|
206
|
-
if (cacheTtlMs <= 0) return null;
|
|
207
|
-
if (!cache) return null;
|
|
208
|
-
if (Date.now() - cache.ts >= cacheTtlMs) return null;
|
|
209
|
-
return {
|
|
210
|
-
userHandleB64url: cache.userHandleB64url,
|
|
211
|
-
credentialIdB64url: cache.credentialIdB64url
|
|
212
|
-
};
|
|
213
|
-
};
|
|
214
|
-
var writeParentAssertCache = (entry) => {
|
|
215
|
-
if (cacheTtlMs <= 0) return;
|
|
216
|
-
cache = { ...entry, ts: Date.now() };
|
|
217
|
-
};
|
|
218
|
-
var withClearOnFailure = async (fn) => {
|
|
219
|
-
try {
|
|
220
|
-
return await fn();
|
|
221
|
-
} catch (error) {
|
|
222
|
-
clearParentAssertCache();
|
|
223
|
-
throw error;
|
|
224
|
-
}
|
|
225
|
-
};
|
|
226
189
|
var generatePasskeyUserId = () => {
|
|
227
190
|
const bytes = crypto.getRandomValues(new Uint8Array(32));
|
|
228
191
|
return { userIdB64url: toB64url(bytes), userIdBytes: bytes };
|
|
@@ -1548,6 +1511,23 @@ var broadcastSolanaSigned = async (rpcUrl, signedBase58) => {
|
|
|
1548
1511
|
return result.result;
|
|
1549
1512
|
};
|
|
1550
1513
|
|
|
1514
|
+
// src/lib/wallet-algorithm.ts
|
|
1515
|
+
function canonicalAlgorithmFor(chain) {
|
|
1516
|
+
switch (chain) {
|
|
1517
|
+
case "ethereum":
|
|
1518
|
+
return "ecdsa";
|
|
1519
|
+
case "solana":
|
|
1520
|
+
return "exportable-ed25519";
|
|
1521
|
+
default:
|
|
1522
|
+
throw new Error(`No canonical algorithm for chain: ${chain}`);
|
|
1523
|
+
}
|
|
1524
|
+
}
|
|
1525
|
+
function parseDerivationPath(path) {
|
|
1526
|
+
if (!path || path === "m") return new Uint32Array([]);
|
|
1527
|
+
const rest = path.startsWith("m/") ? path.slice(2) : path;
|
|
1528
|
+
return new Uint32Array(rest.split("/").map((s) => Number(s)));
|
|
1529
|
+
}
|
|
1530
|
+
|
|
1551
1531
|
// src/lib/wire-codec.ts
|
|
1552
1532
|
var arrayLikeToBytes = (value) => {
|
|
1553
1533
|
if (value instanceof Uint8Array) return value;
|
|
@@ -1587,14 +1567,13 @@ var bs58ToBytes = async (value) => {
|
|
|
1587
1567
|
broadcastSolanaSigned,
|
|
1588
1568
|
bs58ToBytes,
|
|
1589
1569
|
buildUrl,
|
|
1590
|
-
|
|
1570
|
+
canonicalAlgorithmFor,
|
|
1591
1571
|
createManualSiweMessage,
|
|
1592
1572
|
estimateEvmGas,
|
|
1593
1573
|
estimateEvmGasReserve,
|
|
1594
1574
|
formatPasskeyLabel,
|
|
1595
1575
|
fromB64url,
|
|
1596
1576
|
generatePasskeyUserId,
|
|
1597
|
-
getAssertCacheTtlMs,
|
|
1598
1577
|
getChainById,
|
|
1599
1578
|
getDefaultChain,
|
|
1600
1579
|
getEvmGasPrice,
|
|
@@ -1605,18 +1584,15 @@ var bs58ToBytes = async (value) => {
|
|
|
1605
1584
|
getSOLTransfersFromInstructions,
|
|
1606
1585
|
getTransferInfoFromInstructions,
|
|
1607
1586
|
isChainSupported,
|
|
1587
|
+
parseDerivationPath,
|
|
1608
1588
|
prepareEvmSendTransaction,
|
|
1609
1589
|
prepareEvmSignTransaction,
|
|
1610
|
-
readParentAssertCache,
|
|
1611
1590
|
resolveEvmChain,
|
|
1612
1591
|
resolvePasskeyMetadata,
|
|
1613
1592
|
sanitizeUserData,
|
|
1614
1593
|
serializeEthereumTransaction,
|
|
1615
|
-
setAssertCacheTtlMs,
|
|
1616
1594
|
setChainRpcUrl,
|
|
1617
1595
|
toB64url,
|
|
1618
1596
|
validateChainConfig,
|
|
1619
|
-
verifyIdToken
|
|
1620
|
-
withClearOnFailure,
|
|
1621
|
-
writeParentAssertCache
|
|
1597
|
+
verifyIdToken
|
|
1622
1598
|
});
|
package/dist/lib/index.mjs
CHANGED
|
@@ -9,14 +9,13 @@ import {
|
|
|
9
9
|
broadcastSolanaSigned,
|
|
10
10
|
bs58ToBytes,
|
|
11
11
|
buildUrl,
|
|
12
|
-
|
|
12
|
+
canonicalAlgorithmFor,
|
|
13
13
|
createManualSiweMessage,
|
|
14
14
|
estimateEvmGas,
|
|
15
15
|
estimateEvmGasReserve,
|
|
16
16
|
formatPasskeyLabel,
|
|
17
17
|
fromB64url,
|
|
18
18
|
generatePasskeyUserId,
|
|
19
|
-
getAssertCacheTtlMs,
|
|
20
19
|
getChainById,
|
|
21
20
|
getDefaultChain,
|
|
22
21
|
getEvmGasPrice,
|
|
@@ -27,21 +26,18 @@ import {
|
|
|
27
26
|
getSOLTransfersFromInstructions,
|
|
28
27
|
getTransferInfoFromInstructions,
|
|
29
28
|
isChainSupported,
|
|
29
|
+
parseDerivationPath,
|
|
30
30
|
prepareEvmSendTransaction,
|
|
31
31
|
prepareEvmSignTransaction,
|
|
32
|
-
readParentAssertCache,
|
|
33
32
|
resolveEvmChain,
|
|
34
33
|
resolvePasskeyMetadata,
|
|
35
34
|
sanitizeUserData,
|
|
36
35
|
serializeEthereumTransaction,
|
|
37
|
-
setAssertCacheTtlMs,
|
|
38
36
|
setChainRpcUrl,
|
|
39
37
|
toB64url,
|
|
40
38
|
validateChainConfig,
|
|
41
|
-
verifyIdToken
|
|
42
|
-
|
|
43
|
-
writeParentAssertCache
|
|
44
|
-
} from "../chunk-CDT4MC7S.mjs";
|
|
39
|
+
verifyIdToken
|
|
40
|
+
} from "../chunk-I56GRKAG.mjs";
|
|
45
41
|
import "../chunk-GQKIA37O.mjs";
|
|
46
42
|
export {
|
|
47
43
|
DEFAULT_AUTH_URL,
|
|
@@ -54,14 +50,13 @@ export {
|
|
|
54
50
|
broadcastSolanaSigned,
|
|
55
51
|
bs58ToBytes,
|
|
56
52
|
buildUrl,
|
|
57
|
-
|
|
53
|
+
canonicalAlgorithmFor,
|
|
58
54
|
createManualSiweMessage,
|
|
59
55
|
estimateEvmGas,
|
|
60
56
|
estimateEvmGasReserve,
|
|
61
57
|
formatPasskeyLabel,
|
|
62
58
|
fromB64url,
|
|
63
59
|
generatePasskeyUserId,
|
|
64
|
-
getAssertCacheTtlMs,
|
|
65
60
|
getChainById,
|
|
66
61
|
getDefaultChain,
|
|
67
62
|
getEvmGasPrice,
|
|
@@ -72,18 +67,15 @@ export {
|
|
|
72
67
|
getSOLTransfersFromInstructions,
|
|
73
68
|
getTransferInfoFromInstructions,
|
|
74
69
|
isChainSupported,
|
|
70
|
+
parseDerivationPath,
|
|
75
71
|
prepareEvmSendTransaction,
|
|
76
72
|
prepareEvmSignTransaction,
|
|
77
|
-
readParentAssertCache,
|
|
78
73
|
resolveEvmChain,
|
|
79
74
|
resolvePasskeyMetadata,
|
|
80
75
|
sanitizeUserData,
|
|
81
76
|
serializeEthereumTransaction,
|
|
82
|
-
setAssertCacheTtlMs,
|
|
83
77
|
setChainRpcUrl,
|
|
84
78
|
toB64url,
|
|
85
79
|
validateChainConfig,
|
|
86
|
-
verifyIdToken
|
|
87
|
-
withClearOnFailure,
|
|
88
|
-
writeParentAssertCache
|
|
80
|
+
verifyIdToken
|
|
89
81
|
};
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
interface CachedAssertion {
|
|
2
|
+
userHandleB64url: string;
|
|
3
|
+
credentialIdB64url: string;
|
|
4
|
+
}
|
|
5
|
+
/**
|
|
6
|
+
* Generate fresh user.id bytes for a new WebAuthn credential. The
|
|
7
|
+
* caller overrides `options.user.id` with these bytes before
|
|
8
|
+
* navigator.credentials.create so the authenticator persists them as
|
|
9
|
+
* the credential's user.id; on every subsequent assertion they come
|
|
10
|
+
* back as response.userHandle and serve as the AES-GCM key for that
|
|
11
|
+
* credential's DEK wrap.
|
|
12
|
+
*
|
|
13
|
+
* Returns the bytes both as base64url (what the WebAuthn options
|
|
14
|
+
* accept and what we ship over postMessage) and as raw bytes (for
|
|
15
|
+
* any caller that prefers direct binary).
|
|
16
|
+
*
|
|
17
|
+
* Requires a working `crypto.getRandomValues`. On RN this is provided
|
|
18
|
+
* by the `react-native-get-random-values` polyfill that the SDK's
|
|
19
|
+
* docs ask consumers to import at app entry.
|
|
20
|
+
*/
|
|
21
|
+
declare const generatePasskeyUserId: () => {
|
|
22
|
+
userIdB64url: string;
|
|
23
|
+
userIdBytes: Uint8Array;
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
export { type CachedAssertion as C, generatePasskeyUserId as g };
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
interface CachedAssertion {
|
|
2
|
+
userHandleB64url: string;
|
|
3
|
+
credentialIdB64url: string;
|
|
4
|
+
}
|
|
5
|
+
/**
|
|
6
|
+
* Generate fresh user.id bytes for a new WebAuthn credential. The
|
|
7
|
+
* caller overrides `options.user.id` with these bytes before
|
|
8
|
+
* navigator.credentials.create so the authenticator persists them as
|
|
9
|
+
* the credential's user.id; on every subsequent assertion they come
|
|
10
|
+
* back as response.userHandle and serve as the AES-GCM key for that
|
|
11
|
+
* credential's DEK wrap.
|
|
12
|
+
*
|
|
13
|
+
* Returns the bytes both as base64url (what the WebAuthn options
|
|
14
|
+
* accept and what we ship over postMessage) and as raw bytes (for
|
|
15
|
+
* any caller that prefers direct binary).
|
|
16
|
+
*
|
|
17
|
+
* Requires a working `crypto.getRandomValues`. On RN this is provided
|
|
18
|
+
* by the `react-native-get-random-values` polyfill that the SDK's
|
|
19
|
+
* docs ask consumers to import at app entry.
|
|
20
|
+
*/
|
|
21
|
+
declare const generatePasskeyUserId: () => {
|
|
22
|
+
userIdB64url: string;
|
|
23
|
+
userIdBytes: Uint8Array;
|
|
24
|
+
};
|
|
25
|
+
|
|
26
|
+
export { type CachedAssertion as C, generatePasskeyUserId as g };
|
|
@@ -31,6 +31,9 @@ declare const PostMessageMethod: {
|
|
|
31
31
|
readonly SIGN_TYPED_DATA: "SIGN_TYPED_DATA";
|
|
32
32
|
readonly SIGN_HASH: "SIGN_HASH";
|
|
33
33
|
readonly SIGN_7702_AUTHORIZATION: "SIGN_7702_AUTHORIZATION";
|
|
34
|
+
readonly PROVISION_EPHEMERAL_SIGNER: "PROVISION_EPHEMERAL_SIGNER";
|
|
35
|
+
readonly LIST_EPHEMERAL_SIGNERS: "LIST_EPHEMERAL_SIGNERS";
|
|
36
|
+
readonly REVOKE_EPHEMERAL_SIGNER: "REVOKE_EPHEMERAL_SIGNER";
|
|
34
37
|
readonly VERIFY_EMAIL_OTP: "VERIFY_EMAIL_OTP";
|
|
35
38
|
readonly VERIFY_OAUTH: "VERIFY_OAUTH";
|
|
36
39
|
readonly START_OAUTH: "START_OAUTH";
|