npm - @pooflabs/core - Versions diffs - 0.0.47 → 0.0.49 - Mend

@pooflabs/core 0.0.47 → 0.0.49

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/client/subscription-v2.d.ts +17 -0
package/dist/index.d.ts +1 -0
package/dist/index.js +187 -2
package/dist/index.js.map +1 -1
package/dist/index.mjs +182 -3
package/dist/index.mjs.map +1 -1
package/package.json +1 -1

package/dist/client/subscription-v2.d.ts CHANGED Viewed

@@ -40,6 +40,23 @@ export declare function reconnectWithNewAuthV2(): Promise<void>;
  * a complete teardown and rebuild of connections.
  */
 export declare function forceReconnectV2(): Promise<void>;
+/**
+ * Returns true if there is an active v2 WebSocket connection open.
+ */
+export declare function hasActiveConnection(): boolean;
+export declare function wsGet(path: string): Promise<any>;
+export declare function wsSet(documents: Array<{
+    destinationPath: string;
+    document: any;
+}>): Promise<any>;
+export declare function wsQuery(path: string, opts?: {
+    filter?: any;
+    sort?: any;
+    limit?: number;
+    includeSubPaths?: boolean;
+}): Promise<any>;
+export declare function wsDelete(path: string): Promise<any>;
+export declare function wsGetMany(paths: string[]): Promise<any>;
 declare global {
     interface Window {
         CUSTOM_TAROBASE_APP_ID_HEADER?: string;

package/dist/index.d.ts CHANGED Viewed

@@ -2,6 +2,7 @@ export { init } from './client/config';
 export { getConfig, ClientConfig } from './client/config';
 export { get, getMany, set, setMany, setFile, getFiles, runQuery, runQueryMany, runExpression, runExpressionMany, signMessage, signTransaction, signAndSubmitTransaction, count, aggregate, RequestOverrides, SetOptions, GetOptions, RunQueryOptions, CountOptions, AggregateOptions, AggregateOperation, AggregateResult, RunExpressionOptions, RunExpressionResult, InsufficientBalanceError, GetManyResult } from './client/operations';
 export { subscribe, closeAllSubscriptions, clearCache, getCachedData, reconnectWithNewAuth } from './client/subscription';
+export { hasActiveConnection, wsGet, wsSet, wsQuery, wsDelete, wsGetMany } from './client/subscription-v2';
 export * from './types';
 export { getIdToken } from './utils/utils';
 export { WebSessionManager } from './utils/web-session-manager';

package/dist/index.js CHANGED Viewed

@@ -396,6 +396,28 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave localStorage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -4742,6 +4764,7 @@ async function getOrCreateConnection(appId, isServer) {
         subscriptions: new Map(),
         pendingSubscriptions: new Map(),
         pendingUnsubscriptions: new Map(),
+        pendingRequests: new Map(),
         isConnecting: false,
         isConnected: false,
         appId,
@@ -4840,11 +4863,17 @@ async function getOrCreateConnection(appId, isServer) {
             clearInterval(connection.tokenRefreshTimer);
             connection.tokenRefreshTimer = null;
         }
+        // Reject all pending WS CRUD requests on disconnect (fail fast)
+        for (const [id, pending] of connection.pendingRequests) {
+            clearTimeout(pending.timer);
+            pending.reject(new Error('WebSocket disconnected'));
+        }
+        connection.pendingRequests.clear();
     });
     return connection;
 }
 function handleServerMessage(connection, message) {
-    var _a;
+    var _a, _b;
     switch (message.type) {
         case 'subscribed': {
             const subscription = connection.subscriptions.get(message.subscriptionId);
@@ -4889,8 +4918,45 @@ function handleServerMessage(connection, message) {
             }
             break;
         }
+        case 'response': {
+            const pendingReq = connection.pendingRequests.get(message.requestId);
+            if (pendingReq) {
+                connection.pendingRequests.delete(message.requestId);
+                clearTimeout(pendingReq.timer);
+                if (message.status >= 400) {
+                    pendingReq.reject(new Error(`Request failed with status ${message.status}`));
+                }
+                else {
+                    pendingReq.resolve(message.data);
+                }
+            }
+            break;
+        }
+        case 'setResponse': {
+            const pendingSet = connection.pendingRequests.get(message.requestId);
+            if (pendingSet) {
+                connection.pendingRequests.delete(message.requestId);
+                clearTimeout(pendingSet.timer);
+                if (message.statusCode >= 400) {
+                    pendingSet.reject(new Error(((_a = message.body) === null || _a === void 0 ? void 0 : _a.message) || `Set failed with status ${message.statusCode}`));
+                }
+                else {
+                    pendingSet.resolve(message.body);
+                }
+            }
+            break;
+        }
         case 'error': {
             console.error('[WS v2] Server error:', message.code, message.message);
+            // Handle CRUD request errors (requestId present)
+            if (message.requestId) {
+                const pendingReq = connection.pendingRequests.get(message.requestId);
+                if (pendingReq) {
+                    connection.pendingRequests.delete(message.requestId);
+                    clearTimeout(pendingReq.timer);
+                    pendingReq.reject(new Error(`${message.code}: ${message.message}`));
+                }
+            }
             if (message.subscriptionId) {
                 // Reject pending subscription if this is a subscription error
                 const pending = connection.pendingSubscriptions.get(message.subscriptionId);
@@ -4902,7 +4968,7 @@ function handleServerMessage(connection, message) {
                 const subscription = connection.subscriptions.get(message.subscriptionId);
                 if (subscription) {
                     for (const callback of subscription.callbacks) {
-                        (_a = callback.onError) === null || _a === void 0 ? void 0 : _a.call(callback, new Error(`${message.code}: ${message.message}`));
+                        (_b = callback.onError) === null || _b === void 0 ? void 0 : _b.call(callback, new Error(`${message.code}: ${message.message}`));
                     }
                 }
             }
@@ -5191,6 +5257,97 @@ async function doReconnectWithNewAuth() {
         }
     }
 }
+// ============ CRUD over WebSocket ============
+const WS_REQUEST_TIMEOUT_MS = 30000;
+function generateRequestId() {
+    return `req_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
+}
+/**
+ * Returns true if there is an active v2 WebSocket connection open.
+ */
+function hasActiveConnection() {
+    for (const connection of connections.values()) {
+        if (connection.ws && connection.isConnected) {
+            return true;
+        }
+    }
+    return false;
+}
+async function sendRequest(msgBuilder) {
+    const config = await getConfig();
+    const appId = config.appId;
+    const connection = await getOrCreateConnection(appId, config.isServer);
+    // Wait for the connection to be open (getOrCreateConnection may return
+    // while still connecting).
+    if (!connection.isConnected && connection.ws) {
+        await new Promise((resolve, reject) => {
+            const timeout = setTimeout(() => {
+                var _a;
+                (_a = connection.ws) === null || _a === void 0 ? void 0 : _a.removeEventListener('open', onOpen);
+                reject(new Error('WebSocket connection timeout'));
+            }, 10000);
+            const onOpen = () => { clearTimeout(timeout); resolve(); };
+            if (connection.isConnected) {
+                clearTimeout(timeout);
+                resolve();
+                return;
+            }
+            connection.ws.addEventListener('open', onOpen);
+        });
+    }
+    if (!connection.ws || !connection.isConnected) {
+        throw new Error('WebSocket connection not available');
+    }
+    const requestId = generateRequestId();
+    const message = msgBuilder(requestId);
+    return new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            connection.pendingRequests.delete(requestId);
+            reject(new Error(`WebSocket request timed out after ${WS_REQUEST_TIMEOUT_MS}ms`));
+        }, WS_REQUEST_TIMEOUT_MS);
+        connection.pendingRequests.set(requestId, { resolve, reject, timer });
+        try {
+            connection.ws.send(JSON.stringify(message));
+        }
+        catch (error) {
+            connection.pendingRequests.delete(requestId);
+            clearTimeout(timer);
+            reject(error);
+        }
+    });
+}
+async function wsGet(path) {
+    return sendRequest((requestId) => ({
+        type: 'get',
+        requestId,
+        path,
+    }));
+}
+async function wsSet(documents) {
+    return sendRequest((requestId) => ({
+        type: 'set',
+        requestId,
+        documents,
+    }));
+}
+async function wsQuery(path, opts) {
+    return sendRequest((requestId) => (Object.assign(Object.assign(Object.assign(Object.assign({ type: 'query', requestId,
+        path }, ((opts === null || opts === void 0 ? void 0 : opts.filter) ? { filter: opts.filter } : {})), ((opts === null || opts === void 0 ? void 0 : opts.sort) ? { sort: opts.sort } : {})), ((opts === null || opts === void 0 ? void 0 : opts.limit) !== undefined ? { limit: opts.limit } : {})), ((opts === null || opts === void 0 ? void 0 : opts.includeSubPaths) ? { includeSubPaths: opts.includeSubPaths } : {}))));
+}
+async function wsDelete(path) {
+    return sendRequest((requestId) => ({
+        type: 'delete',
+        requestId,
+        path,
+    }));
+}
+async function wsGetMany(paths) {
+    return sendRequest((requestId) => ({
+        type: 'getMany',
+        requestId,
+        paths,
+    }));
+}
 /**
  * WebSocket Subscription Module
@@ -5314,6 +5471,28 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave storage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -5443,6 +5622,7 @@ exports.getConfig = getConfig;
 exports.getFiles = getFiles;
 exports.getIdToken = getIdToken;
 exports.getMany = getMany;
+exports.hasActiveConnection = hasActiveConnection;
 exports.init = init;
 exports.reconnectWithNewAuth = reconnectWithNewAuth;
 exports.refreshSession = refreshSession;
@@ -5458,4 +5638,9 @@ exports.signMessage = signMessage;
 exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
+exports.wsDelete = wsDelete;
+exports.wsGet = wsGet;
+exports.wsGetMany = wsGetMany;
+exports.wsQuery = wsQuery;
+exports.wsSet = wsSet;
 //# sourceMappingURL=index.js.map