@oma3/omatrust 0.1.0-alpha.10 → 0.1.0-alpha.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/dist/app-registry/index.cjs +53 -0
- package/dist/app-registry/index.cjs.map +1 -1
- package/dist/app-registry/index.js +53 -0
- package/dist/app-registry/index.js.map +1 -1
- package/dist/identity/index.cjs +1028 -6
- package/dist/identity/index.cjs.map +1 -1
- package/dist/identity/index.d.cts +2 -1
- package/dist/identity/index.d.ts +2 -1
- package/dist/identity/index.js +984 -7
- package/dist/identity/index.js.map +1 -1
- package/dist/index-B5OC9_8B.d.cts +480 -0
- package/dist/index-Bu-xxcv9.d.ts +407 -0
- package/dist/index-C6WNgPRx.d.ts +480 -0
- package/dist/index-C7odEbp6.d.cts +407 -0
- package/dist/index.cjs +2498 -373
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +4 -3
- package/dist/index.d.ts +4 -3
- package/dist/index.js +2342 -236
- package/dist/index.js.map +1 -1
- package/dist/reputation/index.browser.cjs +949 -67
- package/dist/reputation/index.browser.cjs.map +1 -1
- package/dist/reputation/index.browser.d.cts +2 -2
- package/dist/reputation/index.browser.d.ts +2 -2
- package/dist/reputation/index.browser.js +947 -67
- package/dist/reputation/index.browser.js.map +1 -1
- package/dist/reputation/index.cjs +1745 -232
- package/dist/reputation/index.cjs.map +1 -1
- package/dist/reputation/index.d.cts +3 -2
- package/dist/reputation/index.d.ts +3 -2
- package/dist/reputation/index.js +1727 -232
- package/dist/reputation/index.js.map +1 -1
- package/dist/{subject-ownership-CXvzEjpH.d.cts → subject-ownership-B7cFlm8c.d.cts} +256 -26
- package/dist/{subject-ownership-CXvzEjpH.d.ts → subject-ownership-B7cFlm8c.d.ts} +256 -26
- package/dist/types-Dn0OwaNj.d.cts +307 -0
- package/dist/types-Dn0OwaNj.d.ts +307 -0
- package/dist/widgets/index.cjs +70 -27
- package/dist/widgets/index.cjs.map +1 -1
- package/dist/widgets/index.d.cts +45 -18
- package/dist/widgets/index.d.ts +45 -18
- package/dist/widgets/index.js +67 -26
- package/dist/widgets/index.js.map +1 -1
- package/package.json +5 -2
- package/dist/index-B9KW02US.d.cts +0 -119
- package/dist/index-DXrwBex9.d.ts +0 -119
- package/dist/index-QZDExA4I.d.cts +0 -90
- package/dist/index-QZDExA4I.d.ts +0 -90
package/dist/widgets/index.d.cts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Handles the postMessage protocol between a host page and an embedded
|
|
5
5
|
* OMATrust widget. Validates incoming EAS signing requests against the
|
|
6
|
-
* OMA3 trust
|
|
6
|
+
* OMA3 trust anchors before forwarding to the host's wallet.
|
|
7
7
|
*
|
|
8
8
|
* The bridge resolves the iframe element lazily by ID when messages arrive,
|
|
9
9
|
* avoiding React ref timing issues with conditionally rendered iframes.
|
|
@@ -34,8 +34,8 @@ type SigningBridgeOptions = {
|
|
|
34
34
|
signTypedData: (domain: Record<string, unknown>, types: Record<string, unknown>, message: Record<string, unknown>) => Promise<string>;
|
|
35
35
|
/**
|
|
36
36
|
* Override the allowed widget origin for local development.
|
|
37
|
-
* In production, the origin is derived from the trust
|
|
38
|
-
* (*.omatrust.org) plus any widgetOrigins in the
|
|
37
|
+
* In production, the origin is derived from the trust anchors domain
|
|
38
|
+
* (*.omatrust.org) plus any widgetOrigins in the trust anchors.
|
|
39
39
|
* Only set this for local dev (e.g., "http://localhost:3000").
|
|
40
40
|
*/
|
|
41
41
|
devOriginOverride?: string;
|
|
@@ -51,40 +51,67 @@ type SigningBridge = {
|
|
|
51
51
|
* creation time. This avoids React ref timing issues — the bridge can be
|
|
52
52
|
* created before the iframe is in the DOM.
|
|
53
53
|
*
|
|
54
|
-
* Fetches the OMA3 trust
|
|
54
|
+
* Fetches the OMA3 trust anchors on creation. Fails closed if unavailable.
|
|
55
55
|
*/
|
|
56
56
|
declare function createSigningBridge(options: SigningBridgeOptions): Promise<SigningBridge>;
|
|
57
57
|
|
|
58
58
|
/**
|
|
59
|
-
* Trust
|
|
59
|
+
* Trust anchors: fetches the OMA3 allowlist of EAS contracts and schemas.
|
|
60
60
|
*
|
|
61
|
-
*
|
|
62
|
-
*
|
|
61
|
+
* Used by the widget signing bridge for request validation and by the
|
|
62
|
+
* reputation module for chain/contract resolution.
|
|
63
|
+
*
|
|
64
|
+
* Chain keys use CAIP-2 identifiers (e.g., "eip155:66238").
|
|
63
65
|
*/
|
|
64
|
-
declare const
|
|
65
|
-
type
|
|
66
|
+
declare const TRUST_ANCHORS_URL = "https://api.omatrust.org/v1/trust-anchors";
|
|
67
|
+
type ChainAnchors = {
|
|
66
68
|
name: string;
|
|
67
69
|
easContract: string;
|
|
70
|
+
/** Schema name → schema UID mapping */
|
|
71
|
+
schemas: Record<string, string>;
|
|
72
|
+
};
|
|
73
|
+
type ApprovedIssuer = {
|
|
74
|
+
address: string;
|
|
75
|
+
label: string;
|
|
68
76
|
schemas: string[];
|
|
77
|
+
status: "active" | "revoked";
|
|
78
|
+
validFrom: string;
|
|
79
|
+
revokedAt?: string;
|
|
69
80
|
};
|
|
70
|
-
type
|
|
81
|
+
type TrustAnchors = {
|
|
71
82
|
version: number;
|
|
72
83
|
updatedAt: string;
|
|
73
84
|
widgetOrigins?: string[];
|
|
74
|
-
|
|
85
|
+
/** CAIP-2 chain identifier → chain-specific trust anchors */
|
|
86
|
+
chains: Record<string, ChainAnchors>;
|
|
87
|
+
registries?: Array<{
|
|
88
|
+
type: "approved-issuers";
|
|
89
|
+
issuers: ApprovedIssuer[];
|
|
90
|
+
}>;
|
|
75
91
|
};
|
|
76
92
|
/**
|
|
77
|
-
* Fetch the trust
|
|
93
|
+
* Fetch the trust anchors from the OMA3 API gateway.
|
|
78
94
|
* Caches the result for 5 minutes.
|
|
79
95
|
*
|
|
80
|
-
* @param url Override the trust
|
|
96
|
+
* @param url Override the trust anchors URL (for testing or custom deployments)
|
|
97
|
+
*/
|
|
98
|
+
declare function fetchTrustAnchors(url?: string): Promise<TrustAnchors>;
|
|
99
|
+
/**
|
|
100
|
+
* Look up chain anchors by CAIP-2 identifier.
|
|
101
|
+
* Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.
|
|
102
|
+
*/
|
|
103
|
+
declare function getChainAnchors(anchors: TrustAnchors, caip2: string): ChainAnchors;
|
|
104
|
+
/**
|
|
105
|
+
* Look up a schema UID by name for a given chain.
|
|
106
|
+
* Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.
|
|
107
|
+
* Throws INVALID_INPUT if the schema is not deployed on this chain.
|
|
81
108
|
*/
|
|
82
|
-
declare function
|
|
109
|
+
declare function getSchemaAnchor(anchors: TrustAnchors, caip2: string, schemaName: string): string;
|
|
83
110
|
/**
|
|
84
|
-
* Extract the allowed contracts and
|
|
85
|
-
* Returns all contracts and
|
|
111
|
+
* Extract the allowed contracts and schema UIDs from trust anchors.
|
|
112
|
+
* Returns all contracts and schema UIDs across all chains.
|
|
86
113
|
*/
|
|
87
|
-
declare function extractAllowlists(
|
|
114
|
+
declare function extractAllowlists(anchors: TrustAnchors): {
|
|
88
115
|
allowedContracts: string[];
|
|
89
116
|
allowedSchemas: string[];
|
|
90
117
|
};
|
|
@@ -131,4 +158,4 @@ type OmaTrustSignatureErrorMessage = {
|
|
|
131
158
|
};
|
|
132
159
|
type OmaTrustMessage = OmaTrustReadyMessage | OmaTrustHostReadyMessage | OmaTrustSignTypedDataMessage | OmaTrustSignatureMessage | OmaTrustSignatureErrorMessage;
|
|
133
160
|
|
|
134
|
-
export { type
|
|
161
|
+
export { type ApprovedIssuer, type ChainAnchors, OMATRUST_HOST_READY, OMATRUST_READY, OMATRUST_SIGNATURE, OMATRUST_SIGNATURE_ERROR, OMATRUST_SIGN_TYPED_DATA, type OmaTrustHostReadyMessage, type OmaTrustMessage, type OmaTrustReadyMessage, type OmaTrustSignTypedDataMessage, type OmaTrustSignatureErrorMessage, type OmaTrustSignatureMessage, type SigningBridge, type SigningBridgeOptions, TRUST_ANCHORS_URL, type TrustAnchors, createSigningBridge, extractAllowlists, fetchTrustAnchors, getChainAnchors, getSchemaAnchor };
|
package/dist/widgets/index.d.ts
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
*
|
|
4
4
|
* Handles the postMessage protocol between a host page and an embedded
|
|
5
5
|
* OMATrust widget. Validates incoming EAS signing requests against the
|
|
6
|
-
* OMA3 trust
|
|
6
|
+
* OMA3 trust anchors before forwarding to the host's wallet.
|
|
7
7
|
*
|
|
8
8
|
* The bridge resolves the iframe element lazily by ID when messages arrive,
|
|
9
9
|
* avoiding React ref timing issues with conditionally rendered iframes.
|
|
@@ -34,8 +34,8 @@ type SigningBridgeOptions = {
|
|
|
34
34
|
signTypedData: (domain: Record<string, unknown>, types: Record<string, unknown>, message: Record<string, unknown>) => Promise<string>;
|
|
35
35
|
/**
|
|
36
36
|
* Override the allowed widget origin for local development.
|
|
37
|
-
* In production, the origin is derived from the trust
|
|
38
|
-
* (*.omatrust.org) plus any widgetOrigins in the
|
|
37
|
+
* In production, the origin is derived from the trust anchors domain
|
|
38
|
+
* (*.omatrust.org) plus any widgetOrigins in the trust anchors.
|
|
39
39
|
* Only set this for local dev (e.g., "http://localhost:3000").
|
|
40
40
|
*/
|
|
41
41
|
devOriginOverride?: string;
|
|
@@ -51,40 +51,67 @@ type SigningBridge = {
|
|
|
51
51
|
* creation time. This avoids React ref timing issues — the bridge can be
|
|
52
52
|
* created before the iframe is in the DOM.
|
|
53
53
|
*
|
|
54
|
-
* Fetches the OMA3 trust
|
|
54
|
+
* Fetches the OMA3 trust anchors on creation. Fails closed if unavailable.
|
|
55
55
|
*/
|
|
56
56
|
declare function createSigningBridge(options: SigningBridgeOptions): Promise<SigningBridge>;
|
|
57
57
|
|
|
58
58
|
/**
|
|
59
|
-
* Trust
|
|
59
|
+
* Trust anchors: fetches the OMA3 allowlist of EAS contracts and schemas.
|
|
60
60
|
*
|
|
61
|
-
*
|
|
62
|
-
*
|
|
61
|
+
* Used by the widget signing bridge for request validation and by the
|
|
62
|
+
* reputation module for chain/contract resolution.
|
|
63
|
+
*
|
|
64
|
+
* Chain keys use CAIP-2 identifiers (e.g., "eip155:66238").
|
|
63
65
|
*/
|
|
64
|
-
declare const
|
|
65
|
-
type
|
|
66
|
+
declare const TRUST_ANCHORS_URL = "https://api.omatrust.org/v1/trust-anchors";
|
|
67
|
+
type ChainAnchors = {
|
|
66
68
|
name: string;
|
|
67
69
|
easContract: string;
|
|
70
|
+
/** Schema name → schema UID mapping */
|
|
71
|
+
schemas: Record<string, string>;
|
|
72
|
+
};
|
|
73
|
+
type ApprovedIssuer = {
|
|
74
|
+
address: string;
|
|
75
|
+
label: string;
|
|
68
76
|
schemas: string[];
|
|
77
|
+
status: "active" | "revoked";
|
|
78
|
+
validFrom: string;
|
|
79
|
+
revokedAt?: string;
|
|
69
80
|
};
|
|
70
|
-
type
|
|
81
|
+
type TrustAnchors = {
|
|
71
82
|
version: number;
|
|
72
83
|
updatedAt: string;
|
|
73
84
|
widgetOrigins?: string[];
|
|
74
|
-
|
|
85
|
+
/** CAIP-2 chain identifier → chain-specific trust anchors */
|
|
86
|
+
chains: Record<string, ChainAnchors>;
|
|
87
|
+
registries?: Array<{
|
|
88
|
+
type: "approved-issuers";
|
|
89
|
+
issuers: ApprovedIssuer[];
|
|
90
|
+
}>;
|
|
75
91
|
};
|
|
76
92
|
/**
|
|
77
|
-
* Fetch the trust
|
|
93
|
+
* Fetch the trust anchors from the OMA3 API gateway.
|
|
78
94
|
* Caches the result for 5 minutes.
|
|
79
95
|
*
|
|
80
|
-
* @param url Override the trust
|
|
96
|
+
* @param url Override the trust anchors URL (for testing or custom deployments)
|
|
97
|
+
*/
|
|
98
|
+
declare function fetchTrustAnchors(url?: string): Promise<TrustAnchors>;
|
|
99
|
+
/**
|
|
100
|
+
* Look up chain anchors by CAIP-2 identifier.
|
|
101
|
+
* Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.
|
|
102
|
+
*/
|
|
103
|
+
declare function getChainAnchors(anchors: TrustAnchors, caip2: string): ChainAnchors;
|
|
104
|
+
/**
|
|
105
|
+
* Look up a schema UID by name for a given chain.
|
|
106
|
+
* Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.
|
|
107
|
+
* Throws INVALID_INPUT if the schema is not deployed on this chain.
|
|
81
108
|
*/
|
|
82
|
-
declare function
|
|
109
|
+
declare function getSchemaAnchor(anchors: TrustAnchors, caip2: string, schemaName: string): string;
|
|
83
110
|
/**
|
|
84
|
-
* Extract the allowed contracts and
|
|
85
|
-
* Returns all contracts and
|
|
111
|
+
* Extract the allowed contracts and schema UIDs from trust anchors.
|
|
112
|
+
* Returns all contracts and schema UIDs across all chains.
|
|
86
113
|
*/
|
|
87
|
-
declare function extractAllowlists(
|
|
114
|
+
declare function extractAllowlists(anchors: TrustAnchors): {
|
|
88
115
|
allowedContracts: string[];
|
|
89
116
|
allowedSchemas: string[];
|
|
90
117
|
};
|
|
@@ -131,4 +158,4 @@ type OmaTrustSignatureErrorMessage = {
|
|
|
131
158
|
};
|
|
132
159
|
type OmaTrustMessage = OmaTrustReadyMessage | OmaTrustHostReadyMessage | OmaTrustSignTypedDataMessage | OmaTrustSignatureMessage | OmaTrustSignatureErrorMessage;
|
|
133
160
|
|
|
134
|
-
export { type
|
|
161
|
+
export { type ApprovedIssuer, type ChainAnchors, OMATRUST_HOST_READY, OMATRUST_READY, OMATRUST_SIGNATURE, OMATRUST_SIGNATURE_ERROR, OMATRUST_SIGN_TYPED_DATA, type OmaTrustHostReadyMessage, type OmaTrustMessage, type OmaTrustReadyMessage, type OmaTrustSignTypedDataMessage, type OmaTrustSignatureErrorMessage, type OmaTrustSignatureMessage, type SigningBridge, type SigningBridgeOptions, TRUST_ANCHORS_URL, type TrustAnchors, createSigningBridge, extractAllowlists, fetchTrustAnchors, getChainAnchors, getSchemaAnchor };
|
package/dist/widgets/index.js
CHANGED
|
@@ -5,35 +5,76 @@ var OMATRUST_SIGN_TYPED_DATA = "omatrust:signTypedData";
|
|
|
5
5
|
var OMATRUST_SIGNATURE = "omatrust:signature";
|
|
6
6
|
var OMATRUST_SIGNATURE_ERROR = "omatrust:signatureError";
|
|
7
7
|
|
|
8
|
-
// src/
|
|
9
|
-
var
|
|
10
|
-
|
|
11
|
-
|
|
8
|
+
// src/shared/errors.ts
|
|
9
|
+
var OmaTrustError = class extends Error {
|
|
10
|
+
code;
|
|
11
|
+
details;
|
|
12
|
+
constructor(code, message, details) {
|
|
13
|
+
super(message);
|
|
14
|
+
this.name = "OmaTrustError";
|
|
15
|
+
this.code = code;
|
|
16
|
+
this.details = details;
|
|
17
|
+
}
|
|
18
|
+
};
|
|
19
|
+
|
|
20
|
+
// src/shared/trust-anchors.ts
|
|
21
|
+
var DEFAULT_TRUST_ANCHORS_URL = "https://api.omatrust.org/v1/trust-anchors";
|
|
22
|
+
var TRUST_ANCHORS_URL = DEFAULT_TRUST_ANCHORS_URL;
|
|
23
|
+
var cachedAnchors = null;
|
|
12
24
|
var cacheTimestamp = 0;
|
|
13
25
|
var CACHE_TTL_MS = 5 * 60 * 1e3;
|
|
14
|
-
async function
|
|
26
|
+
async function fetchTrustAnchors(url) {
|
|
15
27
|
const now = Date.now();
|
|
16
|
-
if (
|
|
17
|
-
return
|
|
28
|
+
if (cachedAnchors && now - cacheTimestamp < CACHE_TTL_MS) {
|
|
29
|
+
return cachedAnchors;
|
|
30
|
+
}
|
|
31
|
+
let res;
|
|
32
|
+
try {
|
|
33
|
+
res = await fetch(url ?? TRUST_ANCHORS_URL);
|
|
34
|
+
} catch (err) {
|
|
35
|
+
throw new OmaTrustError("NETWORK_ERROR", "Failed to fetch trust anchors", { err });
|
|
18
36
|
}
|
|
19
|
-
const res = await fetch(url ?? TRUST_POLICY_URL);
|
|
20
37
|
if (!res.ok) {
|
|
21
|
-
throw new
|
|
38
|
+
throw new OmaTrustError("NETWORK_ERROR", `Failed to fetch trust anchors: ${res.status} ${res.statusText}`);
|
|
22
39
|
}
|
|
23
|
-
const
|
|
24
|
-
if (!
|
|
25
|
-
throw new
|
|
40
|
+
const anchors = await res.json();
|
|
41
|
+
if (!anchors.version || !anchors.chains || typeof anchors.chains !== "object") {
|
|
42
|
+
throw new OmaTrustError("INVALID_INPUT", "Invalid trust anchors format");
|
|
26
43
|
}
|
|
27
|
-
|
|
44
|
+
cachedAnchors = anchors;
|
|
28
45
|
cacheTimestamp = now;
|
|
29
|
-
return
|
|
46
|
+
return anchors;
|
|
30
47
|
}
|
|
31
|
-
function
|
|
48
|
+
function getChainAnchors(anchors, caip2) {
|
|
49
|
+
const chain = anchors.chains[caip2];
|
|
50
|
+
if (!chain) {
|
|
51
|
+
throw new OmaTrustError("UNSUPPORTED_CHAIN", `Chain ${caip2} is not in the trust anchors`, {
|
|
52
|
+
caip2,
|
|
53
|
+
supportedChains: Object.keys(anchors.chains)
|
|
54
|
+
});
|
|
55
|
+
}
|
|
56
|
+
return chain;
|
|
57
|
+
}
|
|
58
|
+
function getSchemaAnchor(anchors, caip2, schemaName) {
|
|
59
|
+
const chain = getChainAnchors(anchors, caip2);
|
|
60
|
+
const uid = chain.schemas[schemaName];
|
|
61
|
+
if (!uid) {
|
|
62
|
+
throw new OmaTrustError("INVALID_INPUT", `Schema "${schemaName}" not found in trust anchors for chain ${caip2}`, {
|
|
63
|
+
caip2,
|
|
64
|
+
schemaName,
|
|
65
|
+
availableSchemas: Object.keys(chain.schemas)
|
|
66
|
+
});
|
|
67
|
+
}
|
|
68
|
+
return uid;
|
|
69
|
+
}
|
|
70
|
+
function extractAllowlists(anchors) {
|
|
32
71
|
const contracts = [];
|
|
33
72
|
const schemas = [];
|
|
34
|
-
for (const chain of Object.values(
|
|
73
|
+
for (const chain of Object.values(anchors.chains)) {
|
|
35
74
|
if (chain.easContract) contracts.push(chain.easContract);
|
|
36
|
-
if (chain.schemas
|
|
75
|
+
if (chain.schemas && typeof chain.schemas === "object") {
|
|
76
|
+
schemas.push(...Object.values(chain.schemas));
|
|
77
|
+
}
|
|
37
78
|
}
|
|
38
79
|
return {
|
|
39
80
|
allowedContracts: [...new Set(contracts)],
|
|
@@ -44,7 +85,7 @@ function extractAllowlists(policy) {
|
|
|
44
85
|
// src/widgets/bridge.ts
|
|
45
86
|
function getTrustedBaseDomain() {
|
|
46
87
|
try {
|
|
47
|
-
const hostname = new URL(
|
|
88
|
+
const hostname = new URL(TRUST_ANCHORS_URL).hostname;
|
|
48
89
|
const parts = hostname.split(".");
|
|
49
90
|
return parts.length >= 2 ? parts.slice(-2).join(".") : hostname;
|
|
50
91
|
} catch {
|
|
@@ -87,7 +128,7 @@ function validateEasSigningRequest(data, allowedSchemas, allowedContracts) {
|
|
|
87
128
|
}
|
|
88
129
|
const contractLower = d.verifyingContract.toLowerCase();
|
|
89
130
|
if (!allowedContracts.some((c) => c.toLowerCase() === contractLower)) {
|
|
90
|
-
return { valid: false, reason: `Contract ${d.verifyingContract} is not in the OMA3 trust
|
|
131
|
+
return { valid: false, reason: `Contract ${d.verifyingContract} is not in the OMA3 trust anchors` };
|
|
91
132
|
}
|
|
92
133
|
if (!types || typeof types !== "object") {
|
|
93
134
|
return { valid: false, reason: "Missing types object" };
|
|
@@ -101,7 +142,7 @@ function validateEasSigningRequest(data, allowedSchemas, allowedContracts) {
|
|
|
101
142
|
}
|
|
102
143
|
const schemaLower = m.schema.toLowerCase();
|
|
103
144
|
if (!allowedSchemas.some((s) => s.toLowerCase() === schemaLower)) {
|
|
104
|
-
return { valid: false, reason: `Schema ${m.schema} is not in the OMA3 trust
|
|
145
|
+
return { valid: false, reason: `Schema ${m.schema} is not in the OMA3 trust anchors` };
|
|
105
146
|
}
|
|
106
147
|
if (typeof m.attester !== "string" || !HEX_ADDRESS_RE.test(m.attester)) {
|
|
107
148
|
return { valid: false, reason: `Invalid attester address: ${m.attester}` };
|
|
@@ -118,18 +159,18 @@ function validateEasSigningRequest(data, allowedSchemas, allowedContracts) {
|
|
|
118
159
|
}
|
|
119
160
|
async function createSigningBridge(options) {
|
|
120
161
|
const { iframeId, signTypedData, devOriginOverride } = options;
|
|
121
|
-
const
|
|
122
|
-
const { allowedContracts, allowedSchemas } = extractAllowlists(
|
|
162
|
+
const anchors = await fetchTrustAnchors();
|
|
163
|
+
const { allowedContracts, allowedSchemas } = extractAllowlists(anchors);
|
|
123
164
|
if (allowedContracts.length === 0 || allowedSchemas.length === 0) {
|
|
124
|
-
throw new Error("Trust
|
|
165
|
+
throw new Error("Trust anchors contain no allowed contracts or schemas");
|
|
125
166
|
}
|
|
126
167
|
const baseDomain = getTrustedBaseDomain();
|
|
127
|
-
const
|
|
168
|
+
const anchorOrigins = anchors.widgetOrigins ?? [];
|
|
128
169
|
async function handleMessage(event) {
|
|
129
170
|
const data = event.data;
|
|
130
171
|
if (!data || typeof data !== "object" || typeof data.type !== "string") return;
|
|
131
172
|
if (!String(data.type).startsWith("omatrust:")) return;
|
|
132
|
-
if (!isOriginTrusted(event.origin, baseDomain,
|
|
173
|
+
if (!isOriginTrusted(event.origin, baseDomain, anchorOrigins, devOriginOverride)) {
|
|
133
174
|
return;
|
|
134
175
|
}
|
|
135
176
|
const iframe = document.getElementById(iframeId);
|
|
@@ -180,6 +221,6 @@ async function createSigningBridge(options) {
|
|
|
180
221
|
};
|
|
181
222
|
}
|
|
182
223
|
|
|
183
|
-
export { OMATRUST_HOST_READY, OMATRUST_READY, OMATRUST_SIGNATURE, OMATRUST_SIGNATURE_ERROR, OMATRUST_SIGN_TYPED_DATA,
|
|
224
|
+
export { OMATRUST_HOST_READY, OMATRUST_READY, OMATRUST_SIGNATURE, OMATRUST_SIGNATURE_ERROR, OMATRUST_SIGN_TYPED_DATA, TRUST_ANCHORS_URL, createSigningBridge, extractAllowlists, fetchTrustAnchors, getChainAnchors, getSchemaAnchor };
|
|
184
225
|
//# sourceMappingURL=index.js.map
|
|
185
226
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"sources":["../../src/widgets/protocol.ts","../../src/widgets/trust-policy.ts","../../src/widgets/bridge.ts"],"names":[],"mappings":";AAaO,IAAM,cAAA,GAAiB;AACvB,IAAM,mBAAA,GAAsB;AAC5B,IAAM,wBAAA,GAA2B;AACjC,IAAM,kBAAA,GAAqB;AAC3B,IAAM,wBAAA,GAA2B;;;ACVxC,IAAM,wBAAA,GAA2B,0CAAA;AAE1B,IAAM,gBAAA,GAAmB;AAehC,IAAI,YAAA,GAAmC,IAAA;AACvC,IAAI,cAAA,GAAiB,CAAA;AACrB,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAQ9B,eAAsB,iBAAiB,GAAA,EAAoC;AACzE,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,IAAI,YAAA,IAAgB,GAAA,GAAM,cAAA,GAAiB,YAAA,EAAc;AACvD,IAAA,OAAO,YAAA;AAAA,EACT;AAEA,EAAA,MAAM,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,IAAO,gBAAgB,CAAA;AAC/C,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,IAAA,MAAM,IAAI,MAAM,CAAA,8BAAA,EAAiC,GAAA,CAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EACjF;AAEA,EAAA,MAAM,MAAA,GAAsB,MAAM,GAAA,CAAI,IAAA,EAAK;AAE3C,EAAA,IAAI,CAAC,OAAO,OAAA,IAAW,CAAC,OAAO,MAAA,IAAU,OAAO,MAAA,CAAO,MAAA,KAAW,QAAA,EAAU;AAC1E,IAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,EAC/C;AAEA,EAAA,YAAA,GAAe,MAAA;AACf,EAAA,cAAA,GAAiB,GAAA;AACjB,EAAA,OAAO,MAAA;AACT;AAMO,SAAS,kBAAkB,MAAA,EAGhC;AACA,EAAA,MAAM,YAAsB,EAAC;AAC7B,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,MAAA,CAAO,MAAA,CAAO,MAAM,CAAA,EAAG;AAChD,IAAA,IAAI,KAAA,CAAM,WAAA,EAAa,SAAA,CAAU,IAAA,CAAK,MAAM,WAAW,CAAA;AACvD,IAAA,IAAI,MAAM,OAAA,EAAS,OAAA,CAAQ,IAAA,CAAK,GAAG,MAAM,OAAO,CAAA;AAAA,EAClD;AAEA,EAAA,OAAO;AAAA,IACL,kBAAkB,CAAC,GAAG,IAAI,GAAA,CAAI,SAAS,CAAC,CAAA;AAAA,IACxC,gBAAgB,CAAC,GAAG,IAAI,GAAA,CAAI,OAAO,CAAC;AAAA,GACtC;AACF;;;ACRA,SAAS,oBAAA,GAA+B;AACtC,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,gBAAgB,CAAA,CAAE,QAAA;AAC3C,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AAChC,IAAA,OAAO,KAAA,CAAM,UAAU,CAAA,GAAI,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAAI,QAAA;AAAA,EACzD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,cAAA;AAAA,EACT;AACF;AAEA,SAAS,eAAA,CACP,aAAA,EACA,UAAA,EACA,aAAA,EACA,WAAA,EACS;AACT,EAAA,IAAI,WAAA,IAAe,aAAA,KAAkB,WAAA,EAAa,OAAO,IAAA;AAEzD,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,aAAa,CAAA,CAAE,QAAA;AACxC,IAAA,IAAI,QAAA,KAAa,cAAc,QAAA,CAAS,QAAA,CAAS,IAAI,UAAU,CAAA,CAAE,GAAG,OAAO,IAAA;AAAA,EAC7E,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,aAAA,CAAc,QAAA,CAAS,aAAa,CAAA,EAAG,OAAO,IAAA;AAElD,EAAA,OAAO,KAAA;AACT;AAMA,IAAM,cAAA,GAAiB,qBAAA;AACvB,IAAM,UAAA,GAAa,qBAAA;AAMnB,SAAS,yBAAA,CACP,IAAA,EACA,cAAA,EACA,gBAAA,EACkB;AAClB,EAAA,MAAM,EAAE,EAAA,EAAI,MAAA,EAAQ,KAAA,EAAO,SAAQ,GAAI,IAAA;AAEvC,EAAA,IAAI,CAAC,EAAA,IAAM,OAAO,EAAA,KAAO,QAAA,EAAU;AACjC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,+BAAA,EAAgC;AAAA,EACjE;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,uBAAA,EAAwB;AAAA,EACzD;AAEA,EAAA,MAAM,CAAA,GAAI,MAAA;AAEV,EAAA,IAAI,CAAA,CAAE,SAAS,KAAA,EAAO;AACpB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,yBAAA,EAA4B,CAAA,CAAE,IAAI,CAAA,kBAAA,CAAA,EAAqB;AAAA,EACxF;AACA,EAAA,IAAI,CAAA,CAAE,YAAY,OAAA,EAAS;AACzB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,4BAAA,EAA+B,CAAA,CAAE,OAAO,CAAA,oBAAA,CAAA,EAAuB;AAAA,EAChG;AACA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,CAAA,CAAE,OAAO,CAAA;AAChC,EAAA,IAAI,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,IAAK,WAAW,CAAA,EAAG;AAC9C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,wBAAA,EAA2B,CAAA,CAAE,OAAO,CAAA,CAAA,EAAG;AAAA,EACxE;AACA,EAAA,IAAI,OAAO,EAAE,iBAAA,KAAsB,QAAA,IAAY,CAAC,cAAA,CAAe,IAAA,CAAK,CAAA,CAAE,iBAAiB,CAAA,EAAG;AACxF,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,2BAAA,EAA8B,CAAA,CAAE,iBAAiB,CAAA,CAAA,EAAG;AAAA,EACrF;AAEA,EAAA,MAAM,aAAA,GAAiB,CAAA,CAAE,iBAAA,CAA6B,WAAA,EAAY;AAClE,EAAA,IAAI,CAAC,iBAAiB,IAAA,CAAK,CAAA,CAAA,KAAK,EAAE,WAAA,EAAY,KAAM,aAAa,CAAA,EAAG;AAClE,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,SAAA,EAAY,CAAA,CAAE,iBAAiB,CAAA,gCAAA,CAAA,EAAmC;AAAA,EACnG;AAEA,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sBAAA,EAAuB;AAAA,EACxD;AACA,EAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AAC3C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,wBAAA,EAAyB;AAAA,EAC1D;AAEA,EAAA,MAAM,CAAA,GAAI,OAAA;AAEV,EAAA,IAAI,OAAO,EAAE,MAAA,KAAW,QAAA,IAAY,CAAC,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,MAAM,CAAA,EAAG;AAC9D,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,oBAAA,EAAuB,CAAA,CAAE,MAAM,CAAA,CAAA,EAAG;AAAA,EACnE;AAEA,EAAA,MAAM,WAAA,GAAc,CAAA,CAAE,MAAA,CAAO,WAAA,EAAY;AACzC,EAAA,IAAI,CAAC,eAAe,IAAA,CAAK,CAAA,CAAA,KAAK,EAAE,WAAA,EAAY,KAAM,WAAW,CAAA,EAAG;AAC9D,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,OAAA,EAAU,CAAA,CAAE,MAAM,CAAA,gCAAA,CAAA,EAAmC;AAAA,EACtF;AAEA,EAAA,IAAI,OAAO,EAAE,QAAA,KAAa,QAAA,IAAY,CAAC,cAAA,CAAe,IAAA,CAAK,CAAA,CAAE,QAAQ,CAAA,EAAG;AACtE,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,0BAAA,EAA6B,CAAA,CAAE,QAAQ,CAAA,CAAA,EAAG;AAAA,EAC3E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAClC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,IAAK,YAAY,CAAA,EAAG;AAC/C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,kBAAA,EAAqB,CAAA,CAAE,QAAQ,CAAA,CAAA,EAAG;AAAA,EACnE;AACA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,IAAI,YAAY,GAAA,EAAK;AACnB,IAAA,OAAO,EAAE,OAAO,KAAA,EAAO,MAAA,EAAQ,wBAAwB,QAAQ,CAAA,IAAA,EAAO,GAAG,CAAA,CAAA,EAAG;AAAA,EAC9E;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAeA,eAAsB,oBAAoB,OAAA,EAAuD;AAC/F,EAAA,MAAM,EAAE,QAAA,EAAU,aAAA,EAAe,iBAAA,EAAkB,GAAI,OAAA;AAGvD,EAAA,MAAM,MAAA,GAAS,MAAM,gBAAA,EAAiB;AACtC,EAAA,MAAM,EAAE,gBAAA,EAAkB,cAAA,EAAe,GAAI,kBAAkB,MAAM,CAAA;AAErE,EAAA,IAAI,gBAAA,CAAiB,MAAA,KAAW,CAAA,IAAK,cAAA,CAAe,WAAW,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,EACzE;AAEA,EAAA,MAAM,aAAa,oBAAA,EAAqB;AACxC,EAAA,MAAM,aAAA,GAAgB,MAAA,CAAO,aAAA,IAAiB,EAAC;AAE/C,EAAA,eAAe,cAAc,KAAA,EAAqB;AAChD,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA;AACnB,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAO,IAAA,CAAK,SAAS,QAAA,EAAU;AACxE,IAAA,IAAI,CAAC,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,CAAW,WAAW,CAAA,EAAG;AAGhD,IAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,CAAM,QAAQ,UAAA,EAAY,aAAA,EAAe,iBAAiB,CAAA,EAAG;AAChF,MAAA;AAAA,IACF;AAIA,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,cAAA,CAAe,QAAQ,CAAA;AAC/C,IAAA,IAAI,CAAC,MAAA,EAAQ;AAGb,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,MAAA,CAAO,aAAA,EAAe;AACzC,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,KAAA,CAAM,MAAA;AAGrB,IAAA,MAAM,WAAA,GAAc,sBAAsB,MAAM;AAC9C,MAAA,IAAI;AAAE,QAAA,OAAO,IAAI,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,MAAA;AAAA,MAAQ,CAAA,CAAA,MACnC;AAAE,QAAA,OAAO,GAAA;AAAA,MAAK;AAAA,IACtB,CAAA,GAAG;AAEH,IAAA,SAAS,MAAM,GAAA,EAA8B;AAC3C,MAAA,MAAA,CAAO,WAAA,CAAY,KAAK,WAAW,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,MAAA,KAAA,CAAM,EAAE,IAAA,EAAM,mBAAA,EAAqB,CAAA;AACnC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,wBAAA,EAA0B;AAC1C,MAAA,MAAM,EAAE,EAAA,EAAI,MAAA,EAAQ,KAAA,EAAO,SAAQ,GAAI,IAAA;AAEvC,MAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,IAAA,EAAM,cAAA,EAAgB,gBAAgB,CAAA;AACnF,MAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,QAAA,KAAA,CAAM;AAAA,UACJ,IAAA,EAAM,wBAAA;AAAA,UACN,IAAI,EAAA,IAAM,SAAA;AAAA,UACV,KAAA,EAAO,CAAA,0BAAA,EAA6B,UAAA,CAAW,MAAM,CAAA;AAAA,SACtD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,GAAY,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,OAAO,CAAA;AAC5D,QAAA,KAAA,CAAM,EAAE,IAAA,EAAM,kBAAA,EAAoB,EAAA,EAAI,WAAW,CAAA;AAAA,MACnD,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,KAAA,GAAQ,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,gBAAA;AACnD,QAAA,KAAA,CAAM,EAAE,IAAA,EAAM,wBAAA,EAA0B,EAAA,EAAI,OAAO,CAAA;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,aAAa,CAAA;AAEhD,EAAA,OAAO;AAAA,IACL,OAAA,GAAU;AACR,MAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,aAAa,CAAA;AAAA,IACrD;AAAA,GACF;AACF","file":"index.js","sourcesContent":["/**\n * postMessage protocol constants and types for the OMATrust widget bridge.\n *\n * Widget (iframe) → Host:\n * omatrust:ready — widget loaded, requesting handshake\n * omatrust:signTypedData — widget requests EIP-712 signature\n *\n * Host → Widget (iframe):\n * omatrust:hostReady — host acknowledges the widget\n * omatrust:signature — host returns a signature\n * omatrust:signatureError — host reports a signing failure\n */\n\nexport const OMATRUST_READY = \"omatrust:ready\" as const;\nexport const OMATRUST_HOST_READY = \"omatrust:hostReady\" as const;\nexport const OMATRUST_SIGN_TYPED_DATA = \"omatrust:signTypedData\" as const;\nexport const OMATRUST_SIGNATURE = \"omatrust:signature\" as const;\nexport const OMATRUST_SIGNATURE_ERROR = \"omatrust:signatureError\" as const;\n\nexport type OmaTrustReadyMessage = {\n type: typeof OMATRUST_READY;\n};\n\nexport type OmaTrustHostReadyMessage = {\n type: typeof OMATRUST_HOST_READY;\n};\n\nexport type OmaTrustSignTypedDataMessage = {\n type: typeof OMATRUST_SIGN_TYPED_DATA;\n id: string;\n domain: Record<string, unknown>;\n types: Record<string, unknown>;\n message: Record<string, unknown>;\n};\n\nexport type OmaTrustSignatureMessage = {\n type: typeof OMATRUST_SIGNATURE;\n id: string;\n signature: string;\n};\n\nexport type OmaTrustSignatureErrorMessage = {\n type: typeof OMATRUST_SIGNATURE_ERROR;\n id: string;\n error: string;\n};\n\nexport type OmaTrustMessage =\n | OmaTrustReadyMessage\n | OmaTrustHostReadyMessage\n | OmaTrustSignTypedDataMessage\n | OmaTrustSignatureMessage\n | OmaTrustSignatureErrorMessage;\n","/**\n * Trust policy: fetches the OMA3 allowlist of EAS contracts and schemas.\n *\n * The bridge uses this to validate signing requests automatically.\n * Developers don't need to maintain their own allowlists.\n */\n\nconst DEFAULT_TRUST_POLICY_URL = \"https://api.omatrust.org/v1/trust-policy\";\n\nexport const TRUST_POLICY_URL = DEFAULT_TRUST_POLICY_URL;\n\nexport type ChainPolicy = {\n name: string;\n easContract: string;\n schemas: string[];\n};\n\nexport type TrustPolicy = {\n version: number;\n updatedAt: string;\n widgetOrigins?: string[];\n chains: Record<string, ChainPolicy>;\n};\n\nlet cachedPolicy: TrustPolicy | null = null;\nlet cacheTimestamp = 0;\nconst CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes\n\n/**\n * Fetch the trust policy from the OMA3 API gateway.\n * Caches the result for 5 minutes.\n *\n * @param url Override the trust policy URL (for testing or custom deployments)\n */\nexport async function fetchTrustPolicy(url?: string): Promise<TrustPolicy> {\n const now = Date.now();\n if (cachedPolicy && now - cacheTimestamp < CACHE_TTL_MS) {\n return cachedPolicy;\n }\n\n const res = await fetch(url ?? TRUST_POLICY_URL);\n if (!res.ok) {\n throw new Error(`Failed to fetch trust policy: ${res.status} ${res.statusText}`);\n }\n\n const policy: TrustPolicy = await res.json();\n\n if (!policy.version || !policy.chains || typeof policy.chains !== \"object\") {\n throw new Error(\"Invalid trust policy format\");\n }\n\n cachedPolicy = policy;\n cacheTimestamp = now;\n return policy;\n}\n\n/**\n * Extract the allowed contracts and schemas from a trust policy.\n * Returns all contracts and schemas across all chains.\n */\nexport function extractAllowlists(policy: TrustPolicy): {\n allowedContracts: string[];\n allowedSchemas: string[];\n} {\n const contracts: string[] = [];\n const schemas: string[] = [];\n\n for (const chain of Object.values(policy.chains)) {\n if (chain.easContract) contracts.push(chain.easContract);\n if (chain.schemas) schemas.push(...chain.schemas);\n }\n\n return {\n allowedContracts: [...new Set(contracts)],\n allowedSchemas: [...new Set(schemas)],\n };\n}\n","/**\n * Host-side signing bridge for OMATrust widget iframes.\n *\n * Handles the postMessage protocol between a host page and an embedded\n * OMATrust widget. Validates incoming EAS signing requests against the\n * OMA3 trust policy before forwarding to the host's wallet.\n *\n * The bridge resolves the iframe element lazily by ID when messages arrive,\n * avoiding React ref timing issues with conditionally rendered iframes.\n *\n * Usage:\n * import { createSigningBridge } from \"@oma3/omatrust/widgets\";\n *\n * const bridge = await createSigningBridge({\n * iframeId: \"omatrust-widget\",\n * signTypedData: async (domain, types, message) => {\n * return await signer.signTypedData(domain, types, message);\n * },\n * });\n *\n * bridge.destroy();\n */\n\nimport {\n OMATRUST_READY,\n OMATRUST_HOST_READY,\n OMATRUST_SIGN_TYPED_DATA,\n OMATRUST_SIGNATURE,\n OMATRUST_SIGNATURE_ERROR,\n} from \"./protocol\";\nimport { fetchTrustPolicy, extractAllowlists, TRUST_POLICY_URL } from \"./trust-policy\";\n\nexport type SigningBridgeOptions = {\n /**\n * The ID of the iframe element containing the widget.\n * The bridge looks up the element by ID when messages arrive,\n * so the iframe doesn't need to exist when the bridge is created.\n */\n iframeId: string;\n\n /**\n * Callback to sign EIP-712 typed data using the host's wallet.\n * Must return the hex-encoded signature string.\n */\n signTypedData: (\n domain: Record<string, unknown>,\n types: Record<string, unknown>,\n message: Record<string, unknown>\n ) => Promise<string>;\n\n /**\n * Override the allowed widget origin for local development.\n * In production, the origin is derived from the trust policy domain\n * (*.omatrust.org) plus any widgetOrigins in the policy.\n * Only set this for local dev (e.g., \"http://localhost:3000\").\n */\n devOriginOverride?: string;\n};\n\nexport type SigningBridge = {\n /** Remove all event listeners and stop the bridge. */\n destroy: () => void;\n};\n\n// ---------------------------------------------------------------------------\n// Origin resolution\n// ---------------------------------------------------------------------------\n\nfunction getTrustedBaseDomain(): string {\n try {\n const hostname = new URL(TRUST_POLICY_URL).hostname;\n const parts = hostname.split(\".\");\n return parts.length >= 2 ? parts.slice(-2).join(\".\") : hostname;\n } catch {\n return \"omatrust.org\";\n }\n}\n\nfunction isOriginTrusted(\n messageOrigin: string,\n baseDomain: string,\n policyOrigins: string[],\n devOverride?: string\n): boolean {\n if (devOverride && messageOrigin === devOverride) return true;\n\n try {\n const hostname = new URL(messageOrigin).hostname;\n if (hostname === baseDomain || hostname.endsWith(`.${baseDomain}`)) return true;\n } catch {\n // Invalid origin\n }\n\n if (policyOrigins.includes(messageOrigin)) return true;\n\n return false;\n}\n\n// ---------------------------------------------------------------------------\n// EAS request validation\n// ---------------------------------------------------------------------------\n\nconst HEX_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;\nconst BYTES32_RE = /^0x[a-fA-F0-9]{64}$/;\n\ntype ValidationResult =\n | { valid: true }\n | { valid: false; reason: string };\n\nfunction validateEasSigningRequest(\n data: Record<string, unknown>,\n allowedSchemas: string[],\n allowedContracts: string[]\n): ValidationResult {\n const { id, domain, types, message } = data;\n\n if (!id || typeof id !== \"string\") {\n return { valid: false, reason: \"Missing or invalid request id\" };\n }\n if (!domain || typeof domain !== \"object\") {\n return { valid: false, reason: \"Missing domain object\" };\n }\n\n const d = domain as Record<string, unknown>;\n\n if (d.name !== \"EAS\") {\n return { valid: false, reason: `Unexpected domain name: \"${d.name}\" (expected \"EAS\")` };\n }\n if (d.version !== \"1.4.0\") {\n return { valid: false, reason: `Unexpected domain version: \"${d.version}\" (expected \"1.4.0\")` };\n }\n const chainId = Number(d.chainId);\n if (!Number.isInteger(chainId) || chainId <= 0) {\n return { valid: false, reason: `Invalid domain chainId: ${d.chainId}` };\n }\n if (typeof d.verifyingContract !== \"string\" || !HEX_ADDRESS_RE.test(d.verifyingContract)) {\n return { valid: false, reason: `Invalid verifyingContract: ${d.verifyingContract}` };\n }\n\n const contractLower = (d.verifyingContract as string).toLowerCase();\n if (!allowedContracts.some(c => c.toLowerCase() === contractLower)) {\n return { valid: false, reason: `Contract ${d.verifyingContract} is not in the OMA3 trust policy` };\n }\n\n if (!types || typeof types !== \"object\") {\n return { valid: false, reason: \"Missing types object\" };\n }\n if (!message || typeof message !== \"object\") {\n return { valid: false, reason: \"Missing message object\" };\n }\n\n const m = message as Record<string, unknown>;\n\n if (typeof m.schema !== \"string\" || !BYTES32_RE.test(m.schema)) {\n return { valid: false, reason: `Invalid schema UID: ${m.schema}` };\n }\n\n const schemaLower = m.schema.toLowerCase();\n if (!allowedSchemas.some(s => s.toLowerCase() === schemaLower)) {\n return { valid: false, reason: `Schema ${m.schema} is not in the OMA3 trust policy` };\n }\n\n if (typeof m.attester !== \"string\" || !HEX_ADDRESS_RE.test(m.attester)) {\n return { valid: false, reason: `Invalid attester address: ${m.attester}` };\n }\n\n const deadline = Number(m.deadline);\n if (!Number.isFinite(deadline) || deadline <= 0) {\n return { valid: false, reason: `Invalid deadline: ${m.deadline}` };\n }\n const now = Math.floor(Date.now() / 1000);\n if (deadline <= now) {\n return { valid: false, reason: `Deadline has passed: ${deadline} <= ${now}` };\n }\n\n return { valid: true };\n}\n\n// ---------------------------------------------------------------------------\n// Bridge implementation\n// ---------------------------------------------------------------------------\n\n/**\n * Create a signing bridge between the host page and an OMATrust widget iframe.\n *\n * The bridge resolves the iframe element by ID when messages arrive, not at\n * creation time. This avoids React ref timing issues — the bridge can be\n * created before the iframe is in the DOM.\n *\n * Fetches the OMA3 trust policy on creation. Fails closed if unavailable.\n */\nexport async function createSigningBridge(options: SigningBridgeOptions): Promise<SigningBridge> {\n const { iframeId, signTypedData, devOriginOverride } = options;\n\n // Fetch the trust policy — fail closed if unavailable\n const policy = await fetchTrustPolicy();\n const { allowedContracts, allowedSchemas } = extractAllowlists(policy);\n\n if (allowedContracts.length === 0 || allowedSchemas.length === 0) {\n throw new Error(\"Trust policy contains no allowed contracts or schemas\");\n }\n\n const baseDomain = getTrustedBaseDomain();\n const policyOrigins = policy.widgetOrigins ?? [];\n\n async function handleMessage(event: MessageEvent) {\n const data = event.data;\n if (!data || typeof data !== \"object\" || typeof data.type !== \"string\") return;\n if (!String(data.type).startsWith(\"omatrust:\")) return;\n\n // Origin check\n if (!isOriginTrusted(event.origin, baseDomain, policyOrigins, devOriginOverride)) {\n return;\n }\n\n // Resolve the iframe element lazily by ID.\n // This works even if the iframe was mounted after the bridge was created.\n const iframe = document.getElementById(iframeId) as HTMLIFrameElement | null;\n if (!iframe) return;\n\n // Source check — must come from this specific iframe\n if (event.source !== iframe.contentWindow) {\n return;\n }\n\n const source = event.source as WindowProxy;\n\n // Determine reply origin from the iframe's current src\n const replyOrigin = devOriginOverride ?? (() => {\n try { return new URL(iframe.src).origin; }\n catch { return \"*\"; }\n })();\n\n function reply(msg: Record<string, unknown>) {\n source.postMessage(msg, replyOrigin);\n }\n\n // Handshake\n if (data.type === OMATRUST_READY) {\n reply({ type: OMATRUST_HOST_READY });\n return;\n }\n\n // Signing request\n if (data.type === OMATRUST_SIGN_TYPED_DATA) {\n const { id, domain, types, message } = data;\n\n const validation = validateEasSigningRequest(data, allowedSchemas, allowedContracts);\n if (!validation.valid) {\n reply({\n type: OMATRUST_SIGNATURE_ERROR,\n id: id ?? \"unknown\",\n error: `Signing request rejected: ${validation.reason}`,\n });\n return;\n }\n\n try {\n const signature = await signTypedData(domain, types, message);\n reply({ type: OMATRUST_SIGNATURE, id, signature });\n } catch (err) {\n const error = err instanceof Error ? err.message : \"Signing failed\";\n reply({ type: OMATRUST_SIGNATURE_ERROR, id, error });\n }\n }\n }\n\n window.addEventListener(\"message\", handleMessage);\n\n return {\n destroy() {\n window.removeEventListener(\"message\", handleMessage);\n },\n };\n}\n"]}
|
|
1
|
+
{"version":3,"sources":["../../src/widgets/protocol.ts","../../src/shared/errors.ts","../../src/shared/trust-anchors.ts","../../src/widgets/bridge.ts"],"names":[],"mappings":";AAaO,IAAM,cAAA,GAAiB;AACvB,IAAM,mBAAA,GAAsB;AAC5B,IAAM,wBAAA,GAA2B;AACjC,IAAM,kBAAA,GAAqB;AAC3B,IAAM,wBAAA,GAA2B;;;ACjBjC,IAAM,aAAA,GAAN,cAA4B,KAAA,CAAM;AAAA,EACvC,IAAA;AAAA,EACA,OAAA;AAAA,EAEA,WAAA,CAAY,IAAA,EAAc,OAAA,EAAiB,OAAA,EAAmB;AAC5D,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,eAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AACZ,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA;AAAA,EACjB;AACF,CAAA;;;ACCA,IAAM,yBAAA,GAA4B,2CAAA;AAE3B,IAAM,iBAAA,GAAoB;AA8BjC,IAAI,aAAA,GAAqC,IAAA;AACzC,IAAI,cAAA,GAAiB,CAAA;AACrB,IAAM,YAAA,GAAe,IAAI,EAAA,GAAK,GAAA;AAQ9B,eAAsB,kBAAkB,GAAA,EAAqC;AAC3E,EAAA,MAAM,GAAA,GAAM,KAAK,GAAA,EAAI;AACrB,EAAA,IAAI,aAAA,IAAiB,GAAA,GAAM,cAAA,GAAiB,YAAA,EAAc;AACxD,IAAA,OAAO,aAAA;AAAA,EACT;AAEA,EAAA,IAAI,GAAA;AACJ,EAAA,IAAI;AACF,IAAA,GAAA,GAAM,MAAM,KAAA,CAAM,GAAA,IAAO,iBAAiB,CAAA;AAAA,EAC5C,SAAS,GAAA,EAAK;AACZ,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,+BAAA,EAAiC,EAAE,KAAK,CAAA;AAAA,EACnF;AAEA,EAAA,IAAI,CAAC,IAAI,EAAA,EAAI;AACX,IAAA,MAAM,IAAI,cAAc,eAAA,EAAiB,CAAA,+BAAA,EAAkC,IAAI,MAAM,CAAA,CAAA,EAAI,GAAA,CAAI,UAAU,CAAA,CAAE,CAAA;AAAA,EAC3G;AAEA,EAAA,MAAM,OAAA,GAAwB,MAAM,GAAA,CAAI,IAAA,EAAK;AAE7C,EAAA,IAAI,CAAC,QAAQ,OAAA,IAAW,CAAC,QAAQ,MAAA,IAAU,OAAO,OAAA,CAAQ,MAAA,KAAW,QAAA,EAAU;AAC7E,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,8BAA8B,CAAA;AAAA,EACzE;AAEA,EAAA,aAAA,GAAgB,OAAA;AAChB,EAAA,cAAA,GAAiB,GAAA;AACjB,EAAA,OAAO,OAAA;AACT;AAMO,SAAS,eAAA,CAAgB,SAAuB,KAAA,EAA6B;AAClF,EAAA,MAAM,KAAA,GAAQ,OAAA,CAAQ,MAAA,CAAO,KAAK,CAAA;AAClC,EAAA,IAAI,CAAC,KAAA,EAAO;AACV,IAAA,MAAM,IAAI,aAAA,CAAc,mBAAA,EAAqB,CAAA,MAAA,EAAS,KAAK,CAAA,4BAAA,CAAA,EAAgC;AAAA,MACzF,KAAA;AAAA,MACA,eAAA,EAAiB,MAAA,CAAO,IAAA,CAAK,OAAA,CAAQ,MAAM;AAAA,KAC5C,CAAA;AAAA,EACH;AACA,EAAA,OAAO,KAAA;AACT;AAOO,SAAS,eAAA,CAAgB,OAAA,EAAuB,KAAA,EAAe,UAAA,EAA4B;AAChG,EAAA,MAAM,KAAA,GAAQ,eAAA,CAAgB,OAAA,EAAS,KAAK,CAAA;AAC5C,EAAA,MAAM,GAAA,GAAM,KAAA,CAAM,OAAA,CAAQ,UAAU,CAAA;AACpC,EAAA,IAAI,CAAC,GAAA,EAAK;AACR,IAAA,MAAM,IAAI,aAAA,CAAc,eAAA,EAAiB,WAAW,UAAU,CAAA,uCAAA,EAA0C,KAAK,CAAA,CAAA,EAAI;AAAA,MAC/G,KAAA;AAAA,MACA,UAAA;AAAA,MACA,gBAAA,EAAkB,MAAA,CAAO,IAAA,CAAK,KAAA,CAAM,OAAO;AAAA,KAC5C,CAAA;AAAA,EACH;AACA,EAAA,OAAO,GAAA;AACT;AAMO,SAAS,kBAAkB,OAAA,EAGhC;AACA,EAAA,MAAM,YAAsB,EAAC;AAC7B,EAAA,MAAM,UAAoB,EAAC;AAE3B,EAAA,KAAA,MAAW,KAAA,IAAS,MAAA,CAAO,MAAA,CAAO,OAAA,CAAQ,MAAM,CAAA,EAAG;AACjD,IAAA,IAAI,KAAA,CAAM,WAAA,EAAa,SAAA,CAAU,IAAA,CAAK,MAAM,WAAW,CAAA;AACvD,IAAA,IAAI,KAAA,CAAM,OAAA,IAAW,OAAO,KAAA,CAAM,YAAY,QAAA,EAAU;AACtD,MAAA,OAAA,CAAQ,KAAK,GAAG,MAAA,CAAO,MAAA,CAAO,KAAA,CAAM,OAAO,CAAC,CAAA;AAAA,IAC9C;AAAA,EACF;AAEA,EAAA,OAAO;AAAA,IACL,kBAAkB,CAAC,GAAG,IAAI,GAAA,CAAI,SAAS,CAAC,CAAA;AAAA,IACxC,gBAAgB,CAAC,GAAG,IAAI,GAAA,CAAI,OAAO,CAAC;AAAA,GACtC;AACF;;;ACpEA,SAAS,oBAAA,GAA+B;AACtC,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,iBAAiB,CAAA,CAAE,QAAA;AAC5C,IAAA,MAAM,KAAA,GAAQ,QAAA,CAAS,KAAA,CAAM,GAAG,CAAA;AAChC,IAAA,OAAO,KAAA,CAAM,UAAU,CAAA,GAAI,KAAA,CAAM,MAAM,CAAA,CAAE,CAAA,CAAE,IAAA,CAAK,GAAG,CAAA,GAAI,QAAA;AAAA,EACzD,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,cAAA;AAAA,EACT;AACF;AAEA,SAAS,eAAA,CACP,aAAA,EACA,UAAA,EACA,aAAA,EACA,WAAA,EACS;AACT,EAAA,IAAI,WAAA,IAAe,aAAA,KAAkB,WAAA,EAAa,OAAO,IAAA;AAEzD,EAAA,IAAI;AACF,IAAA,MAAM,QAAA,GAAW,IAAI,GAAA,CAAI,aAAa,CAAA,CAAE,QAAA;AACxC,IAAA,IAAI,QAAA,KAAa,cAAc,QAAA,CAAS,QAAA,CAAS,IAAI,UAAU,CAAA,CAAE,GAAG,OAAO,IAAA;AAAA,EAC7E,CAAA,CAAA,MAAQ;AAAA,EAER;AAEA,EAAA,IAAI,aAAA,CAAc,QAAA,CAAS,aAAa,CAAA,EAAG,OAAO,IAAA;AAElD,EAAA,OAAO,KAAA;AACT;AAMA,IAAM,cAAA,GAAiB,qBAAA;AACvB,IAAM,UAAA,GAAa,qBAAA;AAMnB,SAAS,yBAAA,CACP,IAAA,EACA,cAAA,EACA,gBAAA,EACkB;AAClB,EAAA,MAAM,EAAE,EAAA,EAAI,MAAA,EAAQ,KAAA,EAAO,SAAQ,GAAI,IAAA;AAEvC,EAAA,IAAI,CAAC,EAAA,IAAM,OAAO,EAAA,KAAO,QAAA,EAAU;AACjC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,+BAAA,EAAgC;AAAA,EACjE;AACA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,uBAAA,EAAwB;AAAA,EACzD;AAEA,EAAA,MAAM,CAAA,GAAI,MAAA;AAEV,EAAA,IAAI,CAAA,CAAE,SAAS,KAAA,EAAO;AACpB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,yBAAA,EAA4B,CAAA,CAAE,IAAI,CAAA,kBAAA,CAAA,EAAqB;AAAA,EACxF;AACA,EAAA,IAAI,CAAA,CAAE,YAAY,OAAA,EAAS;AACzB,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,4BAAA,EAA+B,CAAA,CAAE,OAAO,CAAA,oBAAA,CAAA,EAAuB;AAAA,EAChG;AACA,EAAA,MAAM,OAAA,GAAU,MAAA,CAAO,CAAA,CAAE,OAAO,CAAA;AAChC,EAAA,IAAI,CAAC,MAAA,CAAO,SAAA,CAAU,OAAO,CAAA,IAAK,WAAW,CAAA,EAAG;AAC9C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,wBAAA,EAA2B,CAAA,CAAE,OAAO,CAAA,CAAA,EAAG;AAAA,EACxE;AACA,EAAA,IAAI,OAAO,EAAE,iBAAA,KAAsB,QAAA,IAAY,CAAC,cAAA,CAAe,IAAA,CAAK,CAAA,CAAE,iBAAiB,CAAA,EAAG;AACxF,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,2BAAA,EAA8B,CAAA,CAAE,iBAAiB,CAAA,CAAA,EAAG;AAAA,EACrF;AAEA,EAAA,MAAM,aAAA,GAAiB,CAAA,CAAE,iBAAA,CAA6B,WAAA,EAAY;AAClE,EAAA,IAAI,CAAC,iBAAiB,IAAA,CAAK,CAAA,CAAA,KAAK,EAAE,WAAA,EAAY,KAAM,aAAa,CAAA,EAAG;AAClE,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,SAAA,EAAY,CAAA,CAAE,iBAAiB,CAAA,iCAAA,CAAA,EAAoC;AAAA,EACpG;AAEA,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACvC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sBAAA,EAAuB;AAAA,EACxD;AACA,EAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,QAAA,EAAU;AAC3C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,wBAAA,EAAyB;AAAA,EAC1D;AAEA,EAAA,MAAM,CAAA,GAAI,OAAA;AAEV,EAAA,IAAI,OAAO,EAAE,MAAA,KAAW,QAAA,IAAY,CAAC,UAAA,CAAW,IAAA,CAAK,CAAA,CAAE,MAAM,CAAA,EAAG;AAC9D,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,oBAAA,EAAuB,CAAA,CAAE,MAAM,CAAA,CAAA,EAAG;AAAA,EACnE;AAEA,EAAA,MAAM,WAAA,GAAc,CAAA,CAAE,MAAA,CAAO,WAAA,EAAY;AACzC,EAAA,IAAI,CAAC,eAAe,IAAA,CAAK,CAAA,CAAA,KAAK,EAAE,WAAA,EAAY,KAAM,WAAW,CAAA,EAAG;AAC9D,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,OAAA,EAAU,CAAA,CAAE,MAAM,CAAA,iCAAA,CAAA,EAAoC;AAAA,EACvF;AAEA,EAAA,IAAI,OAAO,EAAE,QAAA,KAAa,QAAA,IAAY,CAAC,cAAA,CAAe,IAAA,CAAK,CAAA,CAAE,QAAQ,CAAA,EAAG;AACtE,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,0BAAA,EAA6B,CAAA,CAAE,QAAQ,CAAA,CAAA,EAAG;AAAA,EAC3E;AAEA,EAAA,MAAM,QAAA,GAAW,MAAA,CAAO,CAAA,CAAE,QAAQ,CAAA;AAClC,EAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,QAAQ,CAAA,IAAK,YAAY,CAAA,EAAG;AAC/C,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,QAAQ,CAAA,kBAAA,EAAqB,CAAA,CAAE,QAAQ,CAAA,CAAA,EAAG;AAAA,EACnE;AACA,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,IAAI,YAAY,GAAA,EAAK;AACnB,IAAA,OAAO,EAAE,OAAO,KAAA,EAAO,MAAA,EAAQ,wBAAwB,QAAQ,CAAA,IAAA,EAAO,GAAG,CAAA,CAAA,EAAG;AAAA,EAC9E;AAEA,EAAA,OAAO,EAAE,OAAO,IAAA,EAAK;AACvB;AAeA,eAAsB,oBAAoB,OAAA,EAAuD;AAC/F,EAAA,MAAM,EAAE,QAAA,EAAU,aAAA,EAAe,iBAAA,EAAkB,GAAI,OAAA;AAGvD,EAAA,MAAM,OAAA,GAAU,MAAM,iBAAA,EAAkB;AACxC,EAAA,MAAM,EAAE,gBAAA,EAAkB,cAAA,EAAe,GAAI,kBAAkB,OAAO,CAAA;AAEtE,EAAA,IAAI,gBAAA,CAAiB,MAAA,KAAW,CAAA,IAAK,cAAA,CAAe,WAAW,CAAA,EAAG;AAChE,IAAA,MAAM,IAAI,MAAM,uDAAuD,CAAA;AAAA,EACzE;AAEA,EAAA,MAAM,aAAa,oBAAA,EAAqB;AACxC,EAAA,MAAM,aAAA,GAAgB,OAAA,CAAQ,aAAA,IAAiB,EAAC;AAEhD,EAAA,eAAe,cAAc,KAAA,EAAqB;AAChD,IAAA,MAAM,OAAO,KAAA,CAAM,IAAA;AACnB,IAAA,IAAI,CAAC,QAAQ,OAAO,IAAA,KAAS,YAAY,OAAO,IAAA,CAAK,SAAS,QAAA,EAAU;AACxE,IAAA,IAAI,CAAC,MAAA,CAAO,IAAA,CAAK,IAAI,CAAA,CAAE,UAAA,CAAW,WAAW,CAAA,EAAG;AAGhD,IAAA,IAAI,CAAC,eAAA,CAAgB,KAAA,CAAM,QAAQ,UAAA,EAAY,aAAA,EAAe,iBAAiB,CAAA,EAAG;AAChF,MAAA;AAAA,IACF;AAIA,IAAA,MAAM,MAAA,GAAS,QAAA,CAAS,cAAA,CAAe,QAAQ,CAAA;AAC/C,IAAA,IAAI,CAAC,MAAA,EAAQ;AAGb,IAAA,IAAI,KAAA,CAAM,MAAA,KAAW,MAAA,CAAO,aAAA,EAAe;AACzC,MAAA;AAAA,IACF;AAEA,IAAA,MAAM,SAAS,KAAA,CAAM,MAAA;AAGrB,IAAA,MAAM,WAAA,GAAc,sBAAsB,MAAM;AAC9C,MAAA,IAAI;AAAE,QAAA,OAAO,IAAI,GAAA,CAAI,MAAA,CAAO,GAAG,CAAA,CAAE,MAAA;AAAA,MAAQ,CAAA,CAAA,MACnC;AAAE,QAAA,OAAO,GAAA;AAAA,MAAK;AAAA,IACtB,CAAA,GAAG;AAEH,IAAA,SAAS,MAAM,GAAA,EAA8B;AAC3C,MAAA,MAAA,CAAO,WAAA,CAAY,KAAK,WAAW,CAAA;AAAA,IACrC;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,cAAA,EAAgB;AAChC,MAAA,KAAA,CAAM,EAAE,IAAA,EAAM,mBAAA,EAAqB,CAAA;AACnC,MAAA;AAAA,IACF;AAGA,IAAA,IAAI,IAAA,CAAK,SAAS,wBAAA,EAA0B;AAC1C,MAAA,MAAM,EAAE,EAAA,EAAI,MAAA,EAAQ,KAAA,EAAO,SAAQ,GAAI,IAAA;AAEvC,MAAA,MAAM,UAAA,GAAa,yBAAA,CAA0B,IAAA,EAAM,cAAA,EAAgB,gBAAgB,CAAA;AACnF,MAAA,IAAI,CAAC,WAAW,KAAA,EAAO;AACrB,QAAA,KAAA,CAAM;AAAA,UACJ,IAAA,EAAM,wBAAA;AAAA,UACN,IAAI,EAAA,IAAM,SAAA;AAAA,UACV,KAAA,EAAO,CAAA,0BAAA,EAA6B,UAAA,CAAW,MAAM,CAAA;AAAA,SACtD,CAAA;AACD,QAAA;AAAA,MACF;AAEA,MAAA,IAAI;AACF,QAAA,MAAM,SAAA,GAAY,MAAM,aAAA,CAAc,MAAA,EAAQ,OAAO,OAAO,CAAA;AAC5D,QAAA,KAAA,CAAM,EAAE,IAAA,EAAM,kBAAA,EAAoB,EAAA,EAAI,WAAW,CAAA;AAAA,MACnD,SAAS,GAAA,EAAK;AACZ,QAAA,MAAM,KAAA,GAAQ,GAAA,YAAe,KAAA,GAAQ,GAAA,CAAI,OAAA,GAAU,gBAAA;AACnD,QAAA,KAAA,CAAM,EAAE,IAAA,EAAM,wBAAA,EAA0B,EAAA,EAAI,OAAO,CAAA;AAAA,MACrD;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAA,CAAO,gBAAA,CAAiB,WAAW,aAAa,CAAA;AAEhD,EAAA,OAAO;AAAA,IACL,OAAA,GAAU;AACR,MAAA,MAAA,CAAO,mBAAA,CAAoB,WAAW,aAAa,CAAA;AAAA,IACrD;AAAA,GACF;AACF","file":"index.js","sourcesContent":["/**\n * postMessage protocol constants and types for the OMATrust widget bridge.\n *\n * Widget (iframe) → Host:\n * omatrust:ready — widget loaded, requesting handshake\n * omatrust:signTypedData — widget requests EIP-712 signature\n *\n * Host → Widget (iframe):\n * omatrust:hostReady — host acknowledges the widget\n * omatrust:signature — host returns a signature\n * omatrust:signatureError — host reports a signing failure\n */\n\nexport const OMATRUST_READY = \"omatrust:ready\" as const;\nexport const OMATRUST_HOST_READY = \"omatrust:hostReady\" as const;\nexport const OMATRUST_SIGN_TYPED_DATA = \"omatrust:signTypedData\" as const;\nexport const OMATRUST_SIGNATURE = \"omatrust:signature\" as const;\nexport const OMATRUST_SIGNATURE_ERROR = \"omatrust:signatureError\" as const;\n\nexport type OmaTrustReadyMessage = {\n type: typeof OMATRUST_READY;\n};\n\nexport type OmaTrustHostReadyMessage = {\n type: typeof OMATRUST_HOST_READY;\n};\n\nexport type OmaTrustSignTypedDataMessage = {\n type: typeof OMATRUST_SIGN_TYPED_DATA;\n id: string;\n domain: Record<string, unknown>;\n types: Record<string, unknown>;\n message: Record<string, unknown>;\n};\n\nexport type OmaTrustSignatureMessage = {\n type: typeof OMATRUST_SIGNATURE;\n id: string;\n signature: string;\n};\n\nexport type OmaTrustSignatureErrorMessage = {\n type: typeof OMATRUST_SIGNATURE_ERROR;\n id: string;\n error: string;\n};\n\nexport type OmaTrustMessage =\n | OmaTrustReadyMessage\n | OmaTrustHostReadyMessage\n | OmaTrustSignTypedDataMessage\n | OmaTrustSignatureMessage\n | OmaTrustSignatureErrorMessage;\n","export class OmaTrustError extends Error {\n code: string;\n details?: unknown;\n\n constructor(code: string, message: string, details?: unknown) {\n super(message);\n this.name = \"OmaTrustError\";\n this.code = code;\n this.details = details;\n }\n}\n\nexport function toOmaTrustError(\n code: string,\n message: string,\n details?: unknown\n): OmaTrustError {\n return new OmaTrustError(code, message, details);\n}\n","/**\n * Trust anchors: fetches the OMA3 allowlist of EAS contracts and schemas.\n *\n * Used by the widget signing bridge for request validation and by the\n * reputation module for chain/contract resolution.\n *\n * Chain keys use CAIP-2 identifiers (e.g., \"eip155:66238\").\n */\n\nimport { OmaTrustError } from \"./errors\";\n\nconst DEFAULT_TRUST_ANCHORS_URL = \"https://api.omatrust.org/v1/trust-anchors\";\n\nexport const TRUST_ANCHORS_URL = DEFAULT_TRUST_ANCHORS_URL;\n\nexport type ChainAnchors = {\n name: string;\n easContract: string;\n /** Schema name → schema UID mapping */\n schemas: Record<string, string>;\n};\n\nexport type ApprovedIssuer = {\n address: string;\n label: string;\n schemas: string[];\n status: \"active\" | \"revoked\";\n validFrom: string;\n revokedAt?: string;\n};\n\nexport type TrustAnchors = {\n version: number;\n updatedAt: string;\n widgetOrigins?: string[];\n /** CAIP-2 chain identifier → chain-specific trust anchors */\n chains: Record<string, ChainAnchors>;\n registries?: Array<{\n type: \"approved-issuers\";\n issuers: ApprovedIssuer[];\n }>;\n};\n\nlet cachedAnchors: TrustAnchors | null = null;\nlet cacheTimestamp = 0;\nconst CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes\n\n/**\n * Fetch the trust anchors from the OMA3 API gateway.\n * Caches the result for 5 minutes.\n *\n * @param url Override the trust anchors URL (for testing or custom deployments)\n */\nexport async function fetchTrustAnchors(url?: string): Promise<TrustAnchors> {\n const now = Date.now();\n if (cachedAnchors && now - cacheTimestamp < CACHE_TTL_MS) {\n return cachedAnchors;\n }\n\n let res: Response;\n try {\n res = await fetch(url ?? TRUST_ANCHORS_URL);\n } catch (err) {\n throw new OmaTrustError(\"NETWORK_ERROR\", \"Failed to fetch trust anchors\", { err });\n }\n\n if (!res.ok) {\n throw new OmaTrustError(\"NETWORK_ERROR\", `Failed to fetch trust anchors: ${res.status} ${res.statusText}`);\n }\n\n const anchors: TrustAnchors = await res.json();\n\n if (!anchors.version || !anchors.chains || typeof anchors.chains !== \"object\") {\n throw new OmaTrustError(\"INVALID_INPUT\", \"Invalid trust anchors format\");\n }\n\n cachedAnchors = anchors;\n cacheTimestamp = now;\n return anchors;\n}\n\n/**\n * Look up chain anchors by CAIP-2 identifier.\n * Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.\n */\nexport function getChainAnchors(anchors: TrustAnchors, caip2: string): ChainAnchors {\n const chain = anchors.chains[caip2];\n if (!chain) {\n throw new OmaTrustError(\"UNSUPPORTED_CHAIN\", `Chain ${caip2} is not in the trust anchors`, {\n caip2,\n supportedChains: Object.keys(anchors.chains),\n });\n }\n return chain;\n}\n\n/**\n * Look up a schema UID by name for a given chain.\n * Throws UNSUPPORTED_CHAIN if the chain is not in the trust anchors.\n * Throws INVALID_INPUT if the schema is not deployed on this chain.\n */\nexport function getSchemaAnchor(anchors: TrustAnchors, caip2: string, schemaName: string): string {\n const chain = getChainAnchors(anchors, caip2);\n const uid = chain.schemas[schemaName];\n if (!uid) {\n throw new OmaTrustError(\"INVALID_INPUT\", `Schema \"${schemaName}\" not found in trust anchors for chain ${caip2}`, {\n caip2,\n schemaName,\n availableSchemas: Object.keys(chain.schemas),\n });\n }\n return uid;\n}\n\n/**\n * Extract the allowed contracts and schema UIDs from trust anchors.\n * Returns all contracts and schema UIDs across all chains.\n */\nexport function extractAllowlists(anchors: TrustAnchors): {\n allowedContracts: string[];\n allowedSchemas: string[];\n} {\n const contracts: string[] = [];\n const schemas: string[] = [];\n\n for (const chain of Object.values(anchors.chains)) {\n if (chain.easContract) contracts.push(chain.easContract);\n if (chain.schemas && typeof chain.schemas === \"object\") {\n schemas.push(...Object.values(chain.schemas));\n }\n }\n\n return {\n allowedContracts: [...new Set(contracts)],\n allowedSchemas: [...new Set(schemas)],\n };\n}\n","/**\n * Host-side signing bridge for OMATrust widget iframes.\n *\n * Handles the postMessage protocol between a host page and an embedded\n * OMATrust widget. Validates incoming EAS signing requests against the\n * OMA3 trust anchors before forwarding to the host's wallet.\n *\n * The bridge resolves the iframe element lazily by ID when messages arrive,\n * avoiding React ref timing issues with conditionally rendered iframes.\n *\n * Usage:\n * import { createSigningBridge } from \"@oma3/omatrust/widgets\";\n *\n * const bridge = await createSigningBridge({\n * iframeId: \"omatrust-widget\",\n * signTypedData: async (domain, types, message) => {\n * return await signer.signTypedData(domain, types, message);\n * },\n * });\n *\n * bridge.destroy();\n */\n\nimport {\n OMATRUST_READY,\n OMATRUST_HOST_READY,\n OMATRUST_SIGN_TYPED_DATA,\n OMATRUST_SIGNATURE,\n OMATRUST_SIGNATURE_ERROR,\n} from \"./protocol\";\nimport { fetchTrustAnchors, extractAllowlists, TRUST_ANCHORS_URL } from \"../shared/trust-anchors\";\n\nexport type SigningBridgeOptions = {\n /**\n * The ID of the iframe element containing the widget.\n * The bridge looks up the element by ID when messages arrive,\n * so the iframe doesn't need to exist when the bridge is created.\n */\n iframeId: string;\n\n /**\n * Callback to sign EIP-712 typed data using the host's wallet.\n * Must return the hex-encoded signature string.\n */\n signTypedData: (\n domain: Record<string, unknown>,\n types: Record<string, unknown>,\n message: Record<string, unknown>\n ) => Promise<string>;\n\n /**\n * Override the allowed widget origin for local development.\n * In production, the origin is derived from the trust anchors domain\n * (*.omatrust.org) plus any widgetOrigins in the trust anchors.\n * Only set this for local dev (e.g., \"http://localhost:3000\").\n */\n devOriginOverride?: string;\n};\n\nexport type SigningBridge = {\n /** Remove all event listeners and stop the bridge. */\n destroy: () => void;\n};\n\n// ---------------------------------------------------------------------------\n// Origin resolution\n// ---------------------------------------------------------------------------\n\nfunction getTrustedBaseDomain(): string {\n try {\n const hostname = new URL(TRUST_ANCHORS_URL).hostname;\n const parts = hostname.split(\".\");\n return parts.length >= 2 ? parts.slice(-2).join(\".\") : hostname;\n } catch {\n return \"omatrust.org\";\n }\n}\n\nfunction isOriginTrusted(\n messageOrigin: string,\n baseDomain: string,\n policyOrigins: string[],\n devOverride?: string\n): boolean {\n if (devOverride && messageOrigin === devOverride) return true;\n\n try {\n const hostname = new URL(messageOrigin).hostname;\n if (hostname === baseDomain || hostname.endsWith(`.${baseDomain}`)) return true;\n } catch {\n // Invalid origin\n }\n\n if (policyOrigins.includes(messageOrigin)) return true;\n\n return false;\n}\n\n// ---------------------------------------------------------------------------\n// EAS request validation\n// ---------------------------------------------------------------------------\n\nconst HEX_ADDRESS_RE = /^0x[a-fA-F0-9]{40}$/;\nconst BYTES32_RE = /^0x[a-fA-F0-9]{64}$/;\n\ntype ValidationResult =\n | { valid: true }\n | { valid: false; reason: string };\n\nfunction validateEasSigningRequest(\n data: Record<string, unknown>,\n allowedSchemas: string[],\n allowedContracts: string[]\n): ValidationResult {\n const { id, domain, types, message } = data;\n\n if (!id || typeof id !== \"string\") {\n return { valid: false, reason: \"Missing or invalid request id\" };\n }\n if (!domain || typeof domain !== \"object\") {\n return { valid: false, reason: \"Missing domain object\" };\n }\n\n const d = domain as Record<string, unknown>;\n\n if (d.name !== \"EAS\") {\n return { valid: false, reason: `Unexpected domain name: \"${d.name}\" (expected \"EAS\")` };\n }\n if (d.version !== \"1.4.0\") {\n return { valid: false, reason: `Unexpected domain version: \"${d.version}\" (expected \"1.4.0\")` };\n }\n const chainId = Number(d.chainId);\n if (!Number.isInteger(chainId) || chainId <= 0) {\n return { valid: false, reason: `Invalid domain chainId: ${d.chainId}` };\n }\n if (typeof d.verifyingContract !== \"string\" || !HEX_ADDRESS_RE.test(d.verifyingContract)) {\n return { valid: false, reason: `Invalid verifyingContract: ${d.verifyingContract}` };\n }\n\n const contractLower = (d.verifyingContract as string).toLowerCase();\n if (!allowedContracts.some(c => c.toLowerCase() === contractLower)) {\n return { valid: false, reason: `Contract ${d.verifyingContract} is not in the OMA3 trust anchors` };\n }\n\n if (!types || typeof types !== \"object\") {\n return { valid: false, reason: \"Missing types object\" };\n }\n if (!message || typeof message !== \"object\") {\n return { valid: false, reason: \"Missing message object\" };\n }\n\n const m = message as Record<string, unknown>;\n\n if (typeof m.schema !== \"string\" || !BYTES32_RE.test(m.schema)) {\n return { valid: false, reason: `Invalid schema UID: ${m.schema}` };\n }\n\n const schemaLower = m.schema.toLowerCase();\n if (!allowedSchemas.some(s => s.toLowerCase() === schemaLower)) {\n return { valid: false, reason: `Schema ${m.schema} is not in the OMA3 trust anchors` };\n }\n\n if (typeof m.attester !== \"string\" || !HEX_ADDRESS_RE.test(m.attester)) {\n return { valid: false, reason: `Invalid attester address: ${m.attester}` };\n }\n\n const deadline = Number(m.deadline);\n if (!Number.isFinite(deadline) || deadline <= 0) {\n return { valid: false, reason: `Invalid deadline: ${m.deadline}` };\n }\n const now = Math.floor(Date.now() / 1000);\n if (deadline <= now) {\n return { valid: false, reason: `Deadline has passed: ${deadline} <= ${now}` };\n }\n\n return { valid: true };\n}\n\n// ---------------------------------------------------------------------------\n// Bridge implementation\n// ---------------------------------------------------------------------------\n\n/**\n * Create a signing bridge between the host page and an OMATrust widget iframe.\n *\n * The bridge resolves the iframe element by ID when messages arrive, not at\n * creation time. This avoids React ref timing issues — the bridge can be\n * created before the iframe is in the DOM.\n *\n * Fetches the OMA3 trust anchors on creation. Fails closed if unavailable.\n */\nexport async function createSigningBridge(options: SigningBridgeOptions): Promise<SigningBridge> {\n const { iframeId, signTypedData, devOriginOverride } = options;\n\n // Fetch the trust anchors: fail closed if unavailable.\n const anchors = await fetchTrustAnchors();\n const { allowedContracts, allowedSchemas } = extractAllowlists(anchors);\n\n if (allowedContracts.length === 0 || allowedSchemas.length === 0) {\n throw new Error(\"Trust anchors contain no allowed contracts or schemas\");\n }\n\n const baseDomain = getTrustedBaseDomain();\n const anchorOrigins = anchors.widgetOrigins ?? [];\n\n async function handleMessage(event: MessageEvent) {\n const data = event.data;\n if (!data || typeof data !== \"object\" || typeof data.type !== \"string\") return;\n if (!String(data.type).startsWith(\"omatrust:\")) return;\n\n // Origin check\n if (!isOriginTrusted(event.origin, baseDomain, anchorOrigins, devOriginOverride)) {\n return;\n }\n\n // Resolve the iframe element lazily by ID.\n // This works even if the iframe was mounted after the bridge was created.\n const iframe = document.getElementById(iframeId) as HTMLIFrameElement | null;\n if (!iframe) return;\n\n // Source check — must come from this specific iframe\n if (event.source !== iframe.contentWindow) {\n return;\n }\n\n const source = event.source as WindowProxy;\n\n // Determine reply origin from the iframe's current src\n const replyOrigin = devOriginOverride ?? (() => {\n try { return new URL(iframe.src).origin; }\n catch { return \"*\"; }\n })();\n\n function reply(msg: Record<string, unknown>) {\n source.postMessage(msg, replyOrigin);\n }\n\n // Handshake\n if (data.type === OMATRUST_READY) {\n reply({ type: OMATRUST_HOST_READY });\n return;\n }\n\n // Signing request\n if (data.type === OMATRUST_SIGN_TYPED_DATA) {\n const { id, domain, types, message } = data;\n\n const validation = validateEasSigningRequest(data, allowedSchemas, allowedContracts);\n if (!validation.valid) {\n reply({\n type: OMATRUST_SIGNATURE_ERROR,\n id: id ?? \"unknown\",\n error: `Signing request rejected: ${validation.reason}`,\n });\n return;\n }\n\n try {\n const signature = await signTypedData(domain, types, message);\n reply({ type: OMATRUST_SIGNATURE, id, signature });\n } catch (err) {\n const error = err instanceof Error ? err.message : \"Signing failed\";\n reply({ type: OMATRUST_SIGNATURE_ERROR, id, error });\n }\n }\n }\n\n window.addEventListener(\"message\", handleMessage);\n\n return {\n destroy() {\n window.removeEventListener(\"message\", handleMessage);\n },\n };\n}\n"]}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@oma3/omatrust",
|
|
3
|
-
"version": "0.1.0-alpha.
|
|
3
|
+
"version": "0.1.0-alpha.12",
|
|
4
4
|
"description": "Framework-agnostic TypeScript SDK for OMATrust",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -65,10 +65,13 @@
|
|
|
65
65
|
"clean": "rm -rf dist",
|
|
66
66
|
"typecheck": "tsc --noEmit",
|
|
67
67
|
"test": "vitest run",
|
|
68
|
+
"test:coverage": "vitest run --coverage",
|
|
68
69
|
"test:ci": "npm run typecheck && npm run test"
|
|
69
70
|
},
|
|
70
71
|
"dependencies": {
|
|
71
|
-
"canonicalize": "^2.1.0"
|
|
72
|
+
"canonicalize": "^2.1.0",
|
|
73
|
+
"jose": "^6.2.3",
|
|
74
|
+
"multiformats": "^13.4.2"
|
|
72
75
|
},
|
|
73
76
|
"peerDependencies": {
|
|
74
77
|
"@ethereum-attestation-service/eas-sdk": "^2.4.0",
|
|
@@ -1,119 +0,0 @@
|
|
|
1
|
-
import { D as Did, A as AttestationQueryResult, a as AttestationValidationError, B as BuildDelegatedTypedDataFromEncodedParams, C as CallControllerWitnessParams, b as CallControllerWitnessResult, c as ChainConstants, d as CreatePopEip712ProofParams, e as CreatePopJwsProofParams, E as EvidencePointerProof, f as EvmOwnershipProvider, G as GetAttestationParams, g as GetAttestationsByAttesterParams, h as GetLatestAttestationsParams, H as Hex, L as ListAttestationsParams, P as PopEip712Proof, i as PopJwsProof, j as PrepareDelegatedAttestationParams, k as PrepareDelegatedAttestationResult, l as ProofPurpose, m as ProofType, n as ProofWrapper, R as RevokeAttestationParams, o as RevokeAttestationResult, S as SchemaField, p as SubjectOwnershipVerificationMethod, q as SubjectOwnershipVerificationResult, r as SubmitAttestationParams, s as SubmitAttestationResult, t as SubmitDelegatedAttestationParams, u as SubmitDelegatedAttestationResult, T as TxEncodedValueProof, v as TxInteractionProof, V as VerifyAttestationParams, w as VerifyAttestationResult, x as VerifyDidJsonControllerDidOptions, y as VerifyDidPkhOwnershipParams, z as VerifyDidWebOwnershipParams, F as VerifyProofParams, I as VerifyProofResult, J as VerifySubjectOwnershipParams, X as X402OfferProof, K as X402ReceiptProof, M as buildDelegatedAttestationTypedData, N as buildDelegatedTypedDataFromEncoded, O as buildDnsTxtRecord, Q as buildEip712Domain, U as calculateAverageUserReviewRating, W as calculateTransferAmount, Y as calculateTransferAmountFromAddresses, Z as callControllerWitness, _ as constructSeed, $ as createEvidencePointerProof, a0 as createPopEip712Proof, a1 as createPopJwsProof, a2 as createTxEncodedValueProof, a3 as createTxInteractionProof, a4 as createX402OfferProof, a5 as createX402ReceiptProof, a6 as decodeAttestationData, a7 as deduplicateReviews, a8 as encodeAttestationData, a9 as extractAddressesFromDidDocument, aa as extractExpirationTime, ab as fetchDidDocument, ac as formatSchemaUid, ad as formatTransferAmount, ae as getAttestation, af as getAttestationsByAttester, ag as getAttestationsForDid, ah as getChainConstants, ai as getExplorerAddressUrl, aj as getExplorerTxUrl, ak as getLatestAttestations, al as getMajorVersion, am as getOmaTrustProofEip712Types, an as getSchemaDetails, ao as getSupportedChainIds, ap as hashSeed, aq as isChainSupported, ar as listAttestations, as as normalizeSchema, at as parseDnsTxtRecord, au as prepareDelegatedAttestation, av as revokeAttestation, aw as schemaToString, ax as splitSignature, ay as submitAttestation, az as submitDelegatedAttestation, aA as validateAttestationData, aB as verifyAttestation, aC as verifyDidDocumentControllerDid, aD as verifyDidJsonControllerDid, aE as verifyDidPkhOwnership, aF as verifyDidWebOwnership, aG as verifyEip712Signature, aH as verifyProof, aI as verifySchemaExists, aJ as verifySubjectOwnership } from './subject-ownership-CXvzEjpH.cjs';
|
|
2
|
-
|
|
3
|
-
interface VerifyDnsTxtControllerDidOptions {
|
|
4
|
-
resolveTxt?: (host: string) => Promise<string[][]>;
|
|
5
|
-
recordPrefix?: string;
|
|
6
|
-
}
|
|
7
|
-
declare function verifyDnsTxtControllerDid(domain: string, expectedControllerDid: Did, options?: VerifyDnsTxtControllerDidOptions): Promise<{
|
|
8
|
-
valid: boolean;
|
|
9
|
-
record?: string;
|
|
10
|
-
reason?: string;
|
|
11
|
-
}>;
|
|
12
|
-
|
|
13
|
-
declare const index_AttestationQueryResult: typeof AttestationQueryResult;
|
|
14
|
-
declare const index_AttestationValidationError: typeof AttestationValidationError;
|
|
15
|
-
declare const index_BuildDelegatedTypedDataFromEncodedParams: typeof BuildDelegatedTypedDataFromEncodedParams;
|
|
16
|
-
declare const index_CallControllerWitnessParams: typeof CallControllerWitnessParams;
|
|
17
|
-
declare const index_CallControllerWitnessResult: typeof CallControllerWitnessResult;
|
|
18
|
-
declare const index_ChainConstants: typeof ChainConstants;
|
|
19
|
-
declare const index_CreatePopEip712ProofParams: typeof CreatePopEip712ProofParams;
|
|
20
|
-
declare const index_CreatePopJwsProofParams: typeof CreatePopJwsProofParams;
|
|
21
|
-
declare const index_Did: typeof Did;
|
|
22
|
-
declare const index_EvidencePointerProof: typeof EvidencePointerProof;
|
|
23
|
-
declare const index_EvmOwnershipProvider: typeof EvmOwnershipProvider;
|
|
24
|
-
declare const index_GetAttestationParams: typeof GetAttestationParams;
|
|
25
|
-
declare const index_GetAttestationsByAttesterParams: typeof GetAttestationsByAttesterParams;
|
|
26
|
-
declare const index_GetLatestAttestationsParams: typeof GetLatestAttestationsParams;
|
|
27
|
-
declare const index_Hex: typeof Hex;
|
|
28
|
-
declare const index_ListAttestationsParams: typeof ListAttestationsParams;
|
|
29
|
-
declare const index_PopEip712Proof: typeof PopEip712Proof;
|
|
30
|
-
declare const index_PopJwsProof: typeof PopJwsProof;
|
|
31
|
-
declare const index_PrepareDelegatedAttestationParams: typeof PrepareDelegatedAttestationParams;
|
|
32
|
-
declare const index_PrepareDelegatedAttestationResult: typeof PrepareDelegatedAttestationResult;
|
|
33
|
-
declare const index_ProofPurpose: typeof ProofPurpose;
|
|
34
|
-
declare const index_ProofType: typeof ProofType;
|
|
35
|
-
declare const index_ProofWrapper: typeof ProofWrapper;
|
|
36
|
-
declare const index_RevokeAttestationParams: typeof RevokeAttestationParams;
|
|
37
|
-
declare const index_RevokeAttestationResult: typeof RevokeAttestationResult;
|
|
38
|
-
declare const index_SchemaField: typeof SchemaField;
|
|
39
|
-
declare const index_SubjectOwnershipVerificationMethod: typeof SubjectOwnershipVerificationMethod;
|
|
40
|
-
declare const index_SubjectOwnershipVerificationResult: typeof SubjectOwnershipVerificationResult;
|
|
41
|
-
declare const index_SubmitAttestationParams: typeof SubmitAttestationParams;
|
|
42
|
-
declare const index_SubmitAttestationResult: typeof SubmitAttestationResult;
|
|
43
|
-
declare const index_SubmitDelegatedAttestationParams: typeof SubmitDelegatedAttestationParams;
|
|
44
|
-
declare const index_SubmitDelegatedAttestationResult: typeof SubmitDelegatedAttestationResult;
|
|
45
|
-
declare const index_TxEncodedValueProof: typeof TxEncodedValueProof;
|
|
46
|
-
declare const index_TxInteractionProof: typeof TxInteractionProof;
|
|
47
|
-
declare const index_VerifyAttestationParams: typeof VerifyAttestationParams;
|
|
48
|
-
declare const index_VerifyAttestationResult: typeof VerifyAttestationResult;
|
|
49
|
-
declare const index_VerifyDidJsonControllerDidOptions: typeof VerifyDidJsonControllerDidOptions;
|
|
50
|
-
declare const index_VerifyDidPkhOwnershipParams: typeof VerifyDidPkhOwnershipParams;
|
|
51
|
-
declare const index_VerifyDidWebOwnershipParams: typeof VerifyDidWebOwnershipParams;
|
|
52
|
-
type index_VerifyDnsTxtControllerDidOptions = VerifyDnsTxtControllerDidOptions;
|
|
53
|
-
declare const index_VerifyProofParams: typeof VerifyProofParams;
|
|
54
|
-
declare const index_VerifyProofResult: typeof VerifyProofResult;
|
|
55
|
-
declare const index_VerifySubjectOwnershipParams: typeof VerifySubjectOwnershipParams;
|
|
56
|
-
declare const index_X402OfferProof: typeof X402OfferProof;
|
|
57
|
-
declare const index_X402ReceiptProof: typeof X402ReceiptProof;
|
|
58
|
-
declare const index_buildDelegatedAttestationTypedData: typeof buildDelegatedAttestationTypedData;
|
|
59
|
-
declare const index_buildDelegatedTypedDataFromEncoded: typeof buildDelegatedTypedDataFromEncoded;
|
|
60
|
-
declare const index_buildDnsTxtRecord: typeof buildDnsTxtRecord;
|
|
61
|
-
declare const index_buildEip712Domain: typeof buildEip712Domain;
|
|
62
|
-
declare const index_calculateAverageUserReviewRating: typeof calculateAverageUserReviewRating;
|
|
63
|
-
declare const index_calculateTransferAmount: typeof calculateTransferAmount;
|
|
64
|
-
declare const index_calculateTransferAmountFromAddresses: typeof calculateTransferAmountFromAddresses;
|
|
65
|
-
declare const index_callControllerWitness: typeof callControllerWitness;
|
|
66
|
-
declare const index_constructSeed: typeof constructSeed;
|
|
67
|
-
declare const index_createEvidencePointerProof: typeof createEvidencePointerProof;
|
|
68
|
-
declare const index_createPopEip712Proof: typeof createPopEip712Proof;
|
|
69
|
-
declare const index_createPopJwsProof: typeof createPopJwsProof;
|
|
70
|
-
declare const index_createTxEncodedValueProof: typeof createTxEncodedValueProof;
|
|
71
|
-
declare const index_createTxInteractionProof: typeof createTxInteractionProof;
|
|
72
|
-
declare const index_createX402OfferProof: typeof createX402OfferProof;
|
|
73
|
-
declare const index_createX402ReceiptProof: typeof createX402ReceiptProof;
|
|
74
|
-
declare const index_decodeAttestationData: typeof decodeAttestationData;
|
|
75
|
-
declare const index_deduplicateReviews: typeof deduplicateReviews;
|
|
76
|
-
declare const index_encodeAttestationData: typeof encodeAttestationData;
|
|
77
|
-
declare const index_extractAddressesFromDidDocument: typeof extractAddressesFromDidDocument;
|
|
78
|
-
declare const index_extractExpirationTime: typeof extractExpirationTime;
|
|
79
|
-
declare const index_fetchDidDocument: typeof fetchDidDocument;
|
|
80
|
-
declare const index_formatSchemaUid: typeof formatSchemaUid;
|
|
81
|
-
declare const index_formatTransferAmount: typeof formatTransferAmount;
|
|
82
|
-
declare const index_getAttestation: typeof getAttestation;
|
|
83
|
-
declare const index_getAttestationsByAttester: typeof getAttestationsByAttester;
|
|
84
|
-
declare const index_getAttestationsForDid: typeof getAttestationsForDid;
|
|
85
|
-
declare const index_getChainConstants: typeof getChainConstants;
|
|
86
|
-
declare const index_getExplorerAddressUrl: typeof getExplorerAddressUrl;
|
|
87
|
-
declare const index_getExplorerTxUrl: typeof getExplorerTxUrl;
|
|
88
|
-
declare const index_getLatestAttestations: typeof getLatestAttestations;
|
|
89
|
-
declare const index_getMajorVersion: typeof getMajorVersion;
|
|
90
|
-
declare const index_getOmaTrustProofEip712Types: typeof getOmaTrustProofEip712Types;
|
|
91
|
-
declare const index_getSchemaDetails: typeof getSchemaDetails;
|
|
92
|
-
declare const index_getSupportedChainIds: typeof getSupportedChainIds;
|
|
93
|
-
declare const index_hashSeed: typeof hashSeed;
|
|
94
|
-
declare const index_isChainSupported: typeof isChainSupported;
|
|
95
|
-
declare const index_listAttestations: typeof listAttestations;
|
|
96
|
-
declare const index_normalizeSchema: typeof normalizeSchema;
|
|
97
|
-
declare const index_parseDnsTxtRecord: typeof parseDnsTxtRecord;
|
|
98
|
-
declare const index_prepareDelegatedAttestation: typeof prepareDelegatedAttestation;
|
|
99
|
-
declare const index_revokeAttestation: typeof revokeAttestation;
|
|
100
|
-
declare const index_schemaToString: typeof schemaToString;
|
|
101
|
-
declare const index_splitSignature: typeof splitSignature;
|
|
102
|
-
declare const index_submitAttestation: typeof submitAttestation;
|
|
103
|
-
declare const index_submitDelegatedAttestation: typeof submitDelegatedAttestation;
|
|
104
|
-
declare const index_validateAttestationData: typeof validateAttestationData;
|
|
105
|
-
declare const index_verifyAttestation: typeof verifyAttestation;
|
|
106
|
-
declare const index_verifyDidDocumentControllerDid: typeof verifyDidDocumentControllerDid;
|
|
107
|
-
declare const index_verifyDidJsonControllerDid: typeof verifyDidJsonControllerDid;
|
|
108
|
-
declare const index_verifyDidPkhOwnership: typeof verifyDidPkhOwnership;
|
|
109
|
-
declare const index_verifyDidWebOwnership: typeof verifyDidWebOwnership;
|
|
110
|
-
declare const index_verifyDnsTxtControllerDid: typeof verifyDnsTxtControllerDid;
|
|
111
|
-
declare const index_verifyEip712Signature: typeof verifyEip712Signature;
|
|
112
|
-
declare const index_verifyProof: typeof verifyProof;
|
|
113
|
-
declare const index_verifySchemaExists: typeof verifySchemaExists;
|
|
114
|
-
declare const index_verifySubjectOwnership: typeof verifySubjectOwnership;
|
|
115
|
-
declare namespace index {
|
|
116
|
-
export { index_AttestationQueryResult as AttestationQueryResult, index_AttestationValidationError as AttestationValidationError, index_BuildDelegatedTypedDataFromEncodedParams as BuildDelegatedTypedDataFromEncodedParams, index_CallControllerWitnessParams as CallControllerWitnessParams, index_CallControllerWitnessResult as CallControllerWitnessResult, index_ChainConstants as ChainConstants, index_CreatePopEip712ProofParams as CreatePopEip712ProofParams, index_CreatePopJwsProofParams as CreatePopJwsProofParams, index_Did as Did, index_EvidencePointerProof as EvidencePointerProof, index_EvmOwnershipProvider as EvmOwnershipProvider, index_GetAttestationParams as GetAttestationParams, index_GetAttestationsByAttesterParams as GetAttestationsByAttesterParams, index_GetLatestAttestationsParams as GetLatestAttestationsParams, index_Hex as Hex, index_ListAttestationsParams as ListAttestationsParams, index_PopEip712Proof as PopEip712Proof, index_PopJwsProof as PopJwsProof, index_PrepareDelegatedAttestationParams as PrepareDelegatedAttestationParams, index_PrepareDelegatedAttestationResult as PrepareDelegatedAttestationResult, index_ProofPurpose as ProofPurpose, index_ProofType as ProofType, index_ProofWrapper as ProofWrapper, index_RevokeAttestationParams as RevokeAttestationParams, index_RevokeAttestationResult as RevokeAttestationResult, index_SchemaField as SchemaField, index_SubjectOwnershipVerificationMethod as SubjectOwnershipVerificationMethod, index_SubjectOwnershipVerificationResult as SubjectOwnershipVerificationResult, index_SubmitAttestationParams as SubmitAttestationParams, index_SubmitAttestationResult as SubmitAttestationResult, index_SubmitDelegatedAttestationParams as SubmitDelegatedAttestationParams, index_SubmitDelegatedAttestationResult as SubmitDelegatedAttestationResult, index_TxEncodedValueProof as TxEncodedValueProof, index_TxInteractionProof as TxInteractionProof, index_VerifyAttestationParams as VerifyAttestationParams, index_VerifyAttestationResult as VerifyAttestationResult, index_VerifyDidJsonControllerDidOptions as VerifyDidJsonControllerDidOptions, index_VerifyDidPkhOwnershipParams as VerifyDidPkhOwnershipParams, index_VerifyDidWebOwnershipParams as VerifyDidWebOwnershipParams, type index_VerifyDnsTxtControllerDidOptions as VerifyDnsTxtControllerDidOptions, index_VerifyProofParams as VerifyProofParams, index_VerifyProofResult as VerifyProofResult, index_VerifySubjectOwnershipParams as VerifySubjectOwnershipParams, index_X402OfferProof as X402OfferProof, index_X402ReceiptProof as X402ReceiptProof, index_buildDelegatedAttestationTypedData as buildDelegatedAttestationTypedData, index_buildDelegatedTypedDataFromEncoded as buildDelegatedTypedDataFromEncoded, index_buildDnsTxtRecord as buildDnsTxtRecord, index_buildEip712Domain as buildEip712Domain, index_calculateAverageUserReviewRating as calculateAverageUserReviewRating, index_calculateTransferAmount as calculateTransferAmount, index_calculateTransferAmountFromAddresses as calculateTransferAmountFromAddresses, index_callControllerWitness as callControllerWitness, index_constructSeed as constructSeed, index_createEvidencePointerProof as createEvidencePointerProof, index_createPopEip712Proof as createPopEip712Proof, index_createPopJwsProof as createPopJwsProof, index_createTxEncodedValueProof as createTxEncodedValueProof, index_createTxInteractionProof as createTxInteractionProof, index_createX402OfferProof as createX402OfferProof, index_createX402ReceiptProof as createX402ReceiptProof, index_decodeAttestationData as decodeAttestationData, index_deduplicateReviews as deduplicateReviews, index_encodeAttestationData as encodeAttestationData, index_extractAddressesFromDidDocument as extractAddressesFromDidDocument, index_extractExpirationTime as extractExpirationTime, index_fetchDidDocument as fetchDidDocument, index_formatSchemaUid as formatSchemaUid, index_formatTransferAmount as formatTransferAmount, index_getAttestation as getAttestation, index_getAttestationsByAttester as getAttestationsByAttester, index_getAttestationsForDid as getAttestationsForDid, index_getChainConstants as getChainConstants, index_getExplorerAddressUrl as getExplorerAddressUrl, index_getExplorerTxUrl as getExplorerTxUrl, index_getLatestAttestations as getLatestAttestations, index_getMajorVersion as getMajorVersion, index_getOmaTrustProofEip712Types as getOmaTrustProofEip712Types, index_getSchemaDetails as getSchemaDetails, index_getSupportedChainIds as getSupportedChainIds, index_hashSeed as hashSeed, index_isChainSupported as isChainSupported, index_listAttestations as listAttestations, index_normalizeSchema as normalizeSchema, index_parseDnsTxtRecord as parseDnsTxtRecord, index_prepareDelegatedAttestation as prepareDelegatedAttestation, index_revokeAttestation as revokeAttestation, index_schemaToString as schemaToString, index_splitSignature as splitSignature, index_submitAttestation as submitAttestation, index_submitDelegatedAttestation as submitDelegatedAttestation, index_validateAttestationData as validateAttestationData, index_verifyAttestation as verifyAttestation, index_verifyDidDocumentControllerDid as verifyDidDocumentControllerDid, index_verifyDidJsonControllerDid as verifyDidJsonControllerDid, index_verifyDidPkhOwnership as verifyDidPkhOwnership, index_verifyDidWebOwnership as verifyDidWebOwnership, index_verifyDnsTxtControllerDid as verifyDnsTxtControllerDid, index_verifyEip712Signature as verifyEip712Signature, index_verifyProof as verifyProof, index_verifySchemaExists as verifySchemaExists, index_verifySubjectOwnership as verifySubjectOwnership };
|
|
117
|
-
}
|
|
118
|
-
|
|
119
|
-
export { type VerifyDnsTxtControllerDidOptions as V, index as i, verifyDnsTxtControllerDid as v };
|