@pooflabs/core 0.0.39 → 0.0.41

package/dist/client/config.d.ts

@@ -3,7 +3,8 @@ export interface ClientConfig {
     name: string;
     logoUrl: string;
     apiKey: string;
-    authMethod: 'none' | 'privy' | 'wallet' | 'rainbowkit' | 'coinbase-smart-wallet' | 'onboard' | 'phantom' | 'mobile-wallet-adapter';
+    /** Auth method. 'privy-expo' is client-only — mapped to 'privy' before sending to the backend. */
+    authMethod: 'none' | 'privy' | 'privy-expo' | 'wallet' | 'rainbowkit' | 'coinbase-smart-wallet' | 'onboard' | 'phantom' | 'mobile-wallet-adapter';
     wsApiUrl: string;
     apiUrl: string;
     appId: string;
@@ -36,6 +37,8 @@ export interface ClientConfig {
         cluster?: string;
         theme?: 'light' | 'dark';
     };
+    /** Pre-created PrivyExpoProvider instance for React Native (required when authMethod is 'privy-expo'). */
+    privyExpoProvider?: AuthProvider;
     mockAuth?: boolean;
 }
 export declare let clientConfig: ClientConfig;

package/dist/index.d.ts

@@ -5,6 +5,8 @@ export { subscribe, closeAllSubscriptions, clearCache, getCachedData, reconnectW
 export * from './types';
 export { getIdToken } from './utils/utils';
 export { WebSessionManager } from './utils/web-session-manager';
+export { ReactNativeSessionManager } from './utils/rn-session-manager';
+export type { RNStorageAdapter } from './utils/rn-session-manager';
 export { ServerSessionManager } from './utils/server-session-manager';
 export { createSessionWithPrivy, createSessionWithSignature, refreshSession, signSessionCreateMessage, genAuthNonce } from './utils/auth-api';
 export { Tarobase as Tarobase6 } from './utils/sol/taro6CvKqwrYrDc16ufYgzQ2NZcyyVKStffbtudrhRuDevnet-program';

package/dist/index.js

@@ -62,7 +62,12 @@ async function createSessionWithSignature(address, message, signature) {
     return response.data;
 }
 async function createSessionWithPrivy(authToken, address, privyIdToken) {
-    if (typeof window === 'undefined')
+    var _a;
+    // Block in true SSR/Node.js. Allow in browser (window exists) and React Native (no window,
+    // but not Node — detected via process.versions.node). Node 21+ defines navigator globally,
+    // so we can't rely on navigator alone.
+    const isNode = typeof process !== 'undefined' && !!((_a = process.versions) === null || _a === void 0 ? void 0 : _a.node);
+    if (typeof window === 'undefined' && isNode)
         return;
     const client = await getAxiosAuthClient();
     const config = await getConfig();
@@ -90,6 +95,19 @@ async function signSessionCreateMessage(_signMessageFunction) {
 }
 
 class WebSessionManager {
+    /**
+     * Decode a base64url-encoded string (used by JWT payloads).
+     * Normalises base64url → standard base64 before calling browser atob().
+     */
+    static decodeBase64Url(input) {
+        let b64 = input.replace(/-/g, '+').replace(/_/g, '/');
+        const pad = b64.length % 4;
+        if (pad === 2)
+            b64 += '==';
+        else if (pad === 3)
+            b64 += '=';
+        return atob(b64);
+    }
     /* ------------------------------------------------------------------ */
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
@@ -125,7 +143,7 @@ class WebSessionManager {
         /* ---------- check JWT expiration ---------- */
         try {
             const { accessToken } = sessionObj;
-            const { exp } = JSON.parse(atob(accessToken.split(".")[1]));
+            const { exp } = JSON.parse(this.decodeBase64Url(accessToken.split(".")[1]));
             if (Date.now() > exp * 1000) {
                 const { refreshToken } = sessionObj;
                 if (!refreshToken)
@@ -2959,7 +2977,7 @@ function convertRemainingAccounts(remainingAccounts) {
 // ─────────────────────────────────────────────────────────────
 // Updated Transaction Builder: It now accepts a PublicKey for the payer
 // ─────────────────────────────────────────────────────────────
-async function buildSetDocumentsTransaction(connection, idl, anchorProvider, payerPublicKey, args, remainingAccounts, lutKey, preInstructions, simulate) {
+async function buildSetDocumentsTransaction(connection, idl, anchorProvider, payerPublicKey, args, remainingAccounts, lutKey, preInstructions, simulate, additionalLutAddresses) {
     const computeBudgetIx = web3_js.ComputeBudgetProgram.setComputeUnitLimit({
         units: 1400000,
     });
@@ -3000,8 +3018,25 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
     tx.feePayer = payerPublicKey;
     const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash("confirmed");
     tx.recentBlockhash = blockhash;
-    if (lutKey == null) {
-        const isSurfnet = anchorProvider.connection.rpcEndpoint == "https://surfpool.fly.dev";
+    // Resolve LUTs: additionalLutAddresses (when present) is the authoritative set.
+    // Falls back to lutKey alone for backwards compatibility.
+    const lookupTables = [];
+    const isSurfnet = anchorProvider.connection.rpcEndpoint == "https://surfpool.fly.dev";
+    if (additionalLutAddresses && additionalLutAddresses.length > 0) {
+        const results = await Promise.all(additionalLutAddresses.map(addr => connection.getAddressLookupTable(new web3_js.PublicKey(addr)).catch(() => null)));
+        for (const result of results) {
+            if (result === null || result === void 0 ? void 0 : result.value) {
+                lookupTables.push(result.value);
+            }
+        }
+    }
+    else if (lutKey != null) {
+        const { value: table } = await connection.getAddressLookupTable(new web3_js.PublicKey(lutKey));
+        if (!table)
+            throw new Error('LUT not found after creation/extend');
+        lookupTables.push(table);
+    }
+    if (lookupTables.length === 0) {
         const computeUnits = isSurfnet ? 1400000 : await getSimulationComputeUnits(connection, tx.instructions, payerPublicKey, []);
         const computeBudgetIxOptimized = web3_js.ComputeBudgetProgram.setComputeUnitLimit({
             units: computeUnits ? computeUnits * 1.2 : 1400000,
@@ -3009,11 +3044,7 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
         tx.instructions[0] = computeBudgetIxOptimized;
         return { tx, blockhash, lastValidBlockHeight };
     }
-    const { value: table } = await connection.getAddressLookupTable(new web3_js.PublicKey(lutKey));
-    if (!table)
-        throw new Error('LUT not found after creation/extend');
-    const isSurfnet = anchorProvider.connection.rpcEndpoint == "https://surfpool.fly.dev";
-    const computeUnits = isSurfnet ? 1400000 : await getSimulationComputeUnits(connection, tx.instructions, payerPublicKey, [table]);
+    const computeUnits = isSurfnet ? 1400000 : await getSimulationComputeUnits(connection, tx.instructions, payerPublicKey, lookupTables);
     const computeBudgetIxOptimized = web3_js.ComputeBudgetProgram.setComputeUnitLimit({
         units: computeUnits ? computeUnits * 1.2 : 1400000,
     }); // 20% buffer
@@ -3022,7 +3053,7 @@ async function buildSetDocumentsTransaction(connection, idl, anchorProvider, pay
         payerKey: payerPublicKey,
         recentBlockhash: blockhash,
         instructions: tx.instructions,
-    }).compileToV0Message([table]);
+    }).compileToV0Message(lookupTables);
     const vTx = new anchor__namespace.web3.VersionedTransaction(msgV0);
     return { tx: vTx, blockhash, lastValidBlockHeight };
 }
@@ -3139,6 +3170,41 @@ var serverSessionManager = /*#__PURE__*/Object.freeze({
     ServerSessionManager: ServerSessionManager
 });
 
+/**
+ * Safe base64 helpers for tarobase-core.
+ *
+ * Uses the global atob/btoa when available (browser, RN with polyfill),
+ * falls back to the 'buffer' package (Node.js / SSR / RN without polyfill).
+ *
+ * These are used instead of bare `atob()`/`btoa()` so the core package
+ * works in React Native without requiring the consumer to polyfill globals.
+ */
+function safeAtob(input) {
+    if (typeof globalThis.atob === 'function') {
+        return globalThis.atob(input);
+    }
+    return bufferExports.Buffer.from(input, 'base64').toString('binary');
+}
+function safeBtoa(input) {
+    if (typeof globalThis.btoa === 'function') {
+        return globalThis.btoa(input);
+    }
+    return bufferExports.Buffer.from(input, 'binary').toString('base64');
+}
+/**
+ * Decode a base64url-encoded string (used by JWT payloads).
+ * Normalises base64url → standard base64 before decoding.
+ */
+function decodeBase64Url(input) {
+    let b64 = input.replace(/-/g, '+').replace(/_/g, '/');
+    const pad = b64.length % 4;
+    if (pad === 2)
+        b64 += '==';
+    else if (pad === 3)
+        b64 += '=';
+    return safeAtob(b64);
+}
+
 async function createBearerToken(isServer) {
     if (isServer) {
         const sessionMgr = ServerSessionManager.instance;
@@ -3638,7 +3704,7 @@ async function get(path, opts = {}) {
                 }
                 else {
                     const path = encodeURIComponent(normalizedPath);
-                    const promptQueryParam = (opts === null || opts === void 0 ? void 0 : opts.prompt) ? `&prompt=${btoa(opts.prompt)}` : "";
+                    const promptQueryParam = (opts === null || opts === void 0 ? void 0 : opts.prompt) ? `&prompt=${safeBtoa(opts.prompt)}` : "";
                     const apiPath = `items?path=${path}${promptQueryParam}${includeSubPathsParam}${shapeParam}${limitParam}${cursorParam}`;
                     response = await makeApiRequest('GET', apiPath, null, opts._overrides);
                 }
@@ -3871,6 +3937,7 @@ async function setMany(many, options) {
             appId: config.appId,
             txArgs: [solTransactionData],
             lutKey: (_c = tx.lutAddress) !== null && _c !== void 0 ? _c : null,
+            additionalLutAddresses: tx.additionalLutAddresses,
             network: tx.network,
             preInstructions: (_e = (_d = tx.preInstructions) === null || _d === void 0 ? void 0 : _d.map((ix) => {
                 var _a;
@@ -4093,7 +4160,7 @@ function getCacheKey(path, prompt, shape, limit, cursor) {
 }
 function isTokenExpired(token) {
     try {
-        const payload = JSON.parse(atob(token.split('.')[1]));
+        const payload = JSON.parse(decodeBase64Url(token.split('.')[1]));
         const expirationTime = payload.exp * 1000;
         const currentTime = Date.now();
         return currentTime > (expirationTime - 60000); // 60 second buffer
@@ -4105,7 +4172,7 @@ function isTokenExpired(token) {
 }
 function getTokenExpirationTime(token) {
     try {
-        const payload = JSON.parse(atob(token.split('.')[1]));
+        const payload = JSON.parse(decodeBase64Url(token.split('.')[1]));
         return payload.exp ? payload.exp * 1000 : null;
     }
     catch (_a) {
@@ -4433,7 +4500,7 @@ function sendSubscribe(connection, subscription) {
         type: 'subscribe',
         subscriptionId: subscription.subscriptionId,
         path: subscription.path,
-        prompt: subscription.prompt ? btoa(subscription.prompt) : undefined,
+        prompt: subscription.prompt ? safeBtoa(subscription.prompt) : undefined,
         includeSubPaths: subscription.includeSubPaths,
         shape: subscription.shape && Object.keys(subscription.shape).length > 0
             ? subscription.shape
@@ -4759,7 +4826,170 @@ async function reconnectWithNewAuth() {
     return reconnectWithNewAuthV2();
 }
 
+let _config = null;
+class ReactNativeSessionManager {
+    /**
+     * Must be called once before any other method.
+     *
+     * ```ts
+     * import { ReactNativeSessionManager } from '@pooflabs/core';
+     * import { MMKV } from 'react-native-mmkv';
+     * import { decode } from 'base-64';
+     *
+     * const mmkv = new MMKV();
+     * ReactNativeSessionManager.configure({
+     *   storage: {
+     *     getItem: (k) => mmkv.getString(k) ?? null,
+     *     setItem: (k, v) => mmkv.set(k, v),
+     *     removeItem: (k) => mmkv.delete(k),
+     *   },
+     *   atob: decode,
+     * });
+     * ```
+     */
+    static configure(cfg) {
+        _config = cfg;
+    }
+    static getStorage() {
+        if (!_config) {
+            throw new Error("ReactNativeSessionManager.configure() must be called before using session methods.");
+        }
+        return _config.storage;
+    }
+    static decodeBase64(input) {
+        if (!_config) {
+            throw new Error("ReactNativeSessionManager.configure() must be called before using session methods.");
+        }
+        return _config.atob(input);
+    }
+    /**
+     * Decode a base64url-encoded string (used by JWT payloads).
+     * Normalises base64url → standard base64 before decoding.
+     */
+    static decodeBase64Url(input) {
+        let b64 = input.replace(/-/g, '+').replace(/_/g, '/');
+        const pad = b64.length % 4;
+        if (pad === 2)
+            b64 += '==';
+        else if (pad === 3)
+            b64 += '=';
+        return this.decodeBase64(b64);
+    }
+    /* ------------------------------------------------------------------ */
+    /* STORE                                                              */
+    /* ------------------------------------------------------------------ */
+    static async storeSession(address, accessToken, idToken, refreshToken) {
+        const config = await getConfig();
+        const currentAppId = config.appId;
+        this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
+            address,
+            accessToken,
+            idToken,
+            refreshToken,
+            appId: currentAppId,
+        }));
+    }
+    /* ------------------------------------------------------------------ */
+    /* GET                                                                */
+    /* ------------------------------------------------------------------ */
+    static async getSession() {
+        const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+        if (!session)
+            return null;
+        const sessionObj = JSON.parse(session);
+        /* ---------- validate app-id ---------- */
+        const config = await getConfig();
+        if (sessionObj.appId && sessionObj.appId !== config.appId) {
+            this.clearSession();
+            return null;
+        }
+        /* ---------- check JWT expiration ---------- */
+        try {
+            const { accessToken } = sessionObj;
+            const { exp } = JSON.parse(this.decodeBase64Url(accessToken.split(".")[1]));
+            if (Date.now() > exp * 1000) {
+                const { refreshToken } = sessionObj;
+                if (!refreshToken)
+                    return null;
+                const refreshed = await refreshSession(refreshToken);
+                if ((refreshed === null || refreshed === void 0 ? void 0 : refreshed.idToken) && (refreshed === null || refreshed === void 0 ? void 0 : refreshed.accessToken)) {
+                    await this.updateIdTokenAndAccessToken(refreshed.idToken, refreshed.accessToken);
+                    const newSession = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+                    if (!newSession)
+                        return null;
+                    const newObj = JSON.parse(newSession);
+                    return { address: newObj.address, session: newObj };
+                }
+                // Refresh failed — clear stale session to prevent retry loops
+                this.clearSession();
+                return null;
+            }
+        }
+        catch (err) {
+            // Token decode or refresh failed — clear stale session to prevent retry loops
+            this.clearSession();
+            return null;
+        }
+        return { address: sessionObj.address, session: sessionObj };
+    }
+    /* ------------------------------------------------------------------ */
+    /* CLEAR                                                              */
+    /* ------------------------------------------------------------------ */
+    static clearSession() {
+        this.getStorage().removeItem(this.TAROBASE_SESSION_STORAGE_KEY);
+    }
+    /* ------------------------------------------------------------------ */
+    /* IS-AUTH                                                            */
+    /* ------------------------------------------------------------------ */
+    static isAuthenticated() {
+        return !!this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+    }
+    /* ------------------------------------------------------------------ */
+    /* TOKEN HELPERS                                                      */
+    /* ------------------------------------------------------------------ */
+    static getIdToken() {
+        try {
+            const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+            return session ? JSON.parse(session).idToken : null;
+        }
+        catch (_a) {
+            return null;
+        }
+    }
+    static getRefreshToken() {
+        try {
+            const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+            return session ? JSON.parse(session).refreshToken : null;
+        }
+        catch (_a) {
+            return null;
+        }
+    }
+    /* ------------------------------------------------------------------ */
+    /* UPDATE TOKENS                                                      */
+    /* ------------------------------------------------------------------ */
+    static async updateIdTokenAndAccessToken(idToken, accessToken) {
+        var _a;
+        const session = this.getStorage().getItem(this.TAROBASE_SESSION_STORAGE_KEY);
+        if (!session)
+            return;
+        const sessionObj = JSON.parse(session);
+        /* ---------- app-id guard ---------- */
+        const config = await getConfig();
+        if (sessionObj.appId && sessionObj.appId !== config.appId) {
+            this.clearSession();
+            return;
+        }
+        sessionObj.idToken = idToken;
+        sessionObj.accessToken = accessToken;
+        (_a = sessionObj.appId) !== null && _a !== void 0 ? _a : (sessionObj.appId = config.appId);
+        this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify(sessionObj));
+    }
+}
+ReactNativeSessionManager.TAROBASE_SESSION_STORAGE_KEY = "tarobase_session_storage";
+
 exports.InsufficientBalanceError = InsufficientBalanceError;
+exports.ReactNativeSessionManager = ReactNativeSessionManager;
 exports.ServerSessionManager = ServerSessionManager;
 exports.WebSessionManager = WebSessionManager;
 exports.aggregate = aggregate;