npm - @pooflabs/web - Versions diffs - 0.0.83 → 0.0.85-rc1 - Mend

@pooflabs/web 0.0.83 → 0.0.85-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (79) hide show

package/dist/auth/providers/solana-mobile-wallet-provider.d.ts +42 -20
package/dist/{index-CpaP1yGp.esm.js → index-4TKz3Mn_.esm.js} +14 -364
package/dist/index-4TKz3Mn_.esm.js.map +1 -0
package/dist/{index-FviRSm3S.js → index-BoWQVxMI.js} +13 -363
package/dist/index-BoWQVxMI.js.map +1 -0
package/dist/{index-CP_wLmYu.esm.js → index-Buu8v-Oe.esm.js} +13 -363
package/dist/index-Buu8v-Oe.esm.js.map +1 -0
package/dist/{index-BxXQhFLQ.js → index-C2p1Cldz.js} +14 -364
package/dist/index-C2p1Cldz.js.map +1 -0
package/dist/index-COF6zNCs.esm.js +6 -0
package/dist/index-COF6zNCs.esm.js.map +1 -0
package/dist/{index-DQWyH96R.js → index-DlyeWzMk.js} +2 -2
package/dist/index-DlyeWzMk.js.map +1 -0
package/dist/{index-DP0xF34Z.js → index-R7cvXys2.js} +486 -299
package/dist/index-R7cvXys2.js.map +1 -0
package/dist/{index-B7yaLhND.esm.js → index-ZKzq5QT_.esm.js} +487 -300
package/dist/index-ZKzq5QT_.esm.js.map +1 -0
package/dist/{index.browser-_zN3Uapq.js → index.browser-BQSN-6X2.js} +846 -815
package/dist/index.browser-BQSN-6X2.js.map +1 -0
package/dist/index.browser-DZCNegue.js +6070 -0
package/dist/index.browser-DZCNegue.js.map +1 -0
package/dist/{index.browser-B_wQp2A8.esm.js → index.browser-tPepE5fo.esm.js} +836 -802
package/dist/index.browser-tPepE5fo.esm.js.map +1 -0
package/dist/index.browser-zfGYm0ST.esm.js +6060 -0
package/dist/index.browser-zfGYm0ST.esm.js.map +1 -0
package/dist/index.esm.js +1 -1
package/dist/index.js +1 -1
package/dist/{index.native-Dkf8NZ2O.js → index.native-BGaUOX9f.js} +61 -42
package/dist/index.native-BGaUOX9f.js.map +1 -0
package/dist/{index.native-CyEwEeKr.esm.js → index.native-BPQqeP6_.esm.js} +62 -43
package/dist/index.native-BPQqeP6_.esm.js.map +1 -0
package/dist/index.native.esm.js +1 -1
package/dist/index.native.js +1 -1
package/dist/{phantom-wallet-provider-fkcFbwPk.esm.js → phantom-wallet-provider-DheGhOp4.esm.js} +37 -6
package/dist/phantom-wallet-provider-DheGhOp4.esm.js.map +1 -0
package/dist/{phantom-wallet-provider-CVyVJmH0.js → phantom-wallet-provider-MFcwrRpJ.js} +37 -6
package/dist/phantom-wallet-provider-MFcwrRpJ.js.map +1 -0
package/dist/{privy-wallet-provider-CrBZ52nR.js → privy-wallet-provider-CFw6o7O5.js} +3 -3
package/dist/privy-wallet-provider-CFw6o7O5.js.map +1 -0
package/dist/{privy-wallet-provider-CpHAxPcv.esm.js → privy-wallet-provider-D15Au3j8.esm.js} +3 -3
package/dist/privy-wallet-provider-D15Au3j8.esm.js.map +1 -0
package/dist/solana-mobile-wallet-provider-BM9wdF0m.js +719 -0
package/dist/solana-mobile-wallet-provider-BM9wdF0m.js.map +1 -0
package/dist/solana-mobile-wallet-provider-ChHh-U_p.esm.js +698 -0
package/dist/solana-mobile-wallet-provider-ChHh-U_p.esm.js.map +1 -0
package/package.json +3 -2
package/dist/index-B7yaLhND.esm.js.map +0 -1
package/dist/index-BxXQhFLQ.js.map +0 -1
package/dist/index-CP_wLmYu.esm.js.map +0 -1
package/dist/index-CpaP1yGp.esm.js.map +0 -1
package/dist/index-DP0xF34Z.js.map +0 -1
package/dist/index-DQWyH96R.js.map +0 -1
package/dist/index-DfOd8wW4.esm.js +0 -6
package/dist/index-DfOd8wW4.esm.js.map +0 -1
package/dist/index-FviRSm3S.js.map +0 -1
package/dist/index.browser-1_M66nQ6.esm.js +0 -1096
package/dist/index.browser-1_M66nQ6.esm.js.map +0 -1
package/dist/index.browser-B_wQp2A8.esm.js.map +0 -1
package/dist/index.browser-BfnOoa_h.js +0 -1099
package/dist/index.browser-BfnOoa_h.js.map +0 -1
package/dist/index.browser-BhppfDyf.js +0 -105
package/dist/index.browser-BhppfDyf.js.map +0 -1
package/dist/index.browser-OvGNsMPu.esm.js +0 -1002
package/dist/index.browser-OvGNsMPu.esm.js.map +0 -1
package/dist/index.browser-_zN3Uapq.js.map +0 -1
package/dist/index.browser-vUinl_9y.esm.js +0 -102
package/dist/index.browser-vUinl_9y.esm.js.map +0 -1
package/dist/index.browser-vuTr40so.js +0 -1008
package/dist/index.browser-vuTr40so.js.map +0 -1
package/dist/index.native-CyEwEeKr.esm.js.map +0 -1
package/dist/index.native-Dkf8NZ2O.js.map +0 -1
package/dist/phantom-wallet-provider-CVyVJmH0.js.map +0 -1
package/dist/phantom-wallet-provider-fkcFbwPk.esm.js.map +0 -1
package/dist/privy-wallet-provider-CpHAxPcv.esm.js.map +0 -1
package/dist/privy-wallet-provider-CrBZ52nR.js.map +0 -1
package/dist/solana-mobile-wallet-provider-CAaGfPZJ.js +0 -579
package/dist/solana-mobile-wallet-provider-CAaGfPZJ.js.map +0 -1
package/dist/solana-mobile-wallet-provider-DGyWHJVI.esm.js +0 -558
package/dist/solana-mobile-wallet-provider-DGyWHJVI.esm.js.map +0 -1

package/dist/index.esm.js CHANGED Viewed

@@ -1,4 +1,4 @@
-export { H as DEFAULT_TEST_ADDRESS, L as InsufficientBalanceError, M as MockAuthProvider, O as OffchainAuthProvider, P as PhantomWalletProvider, K as PrivyExpoProvider, G as PrivyWalletProvider, R as ReactNativeSessionManager, N as ServerSessionManager, S as SolanaMobileWalletProvider, W as WebSessionManager, z as aggregate, Q as buildSetDocumentsTransaction, T as clearCache, U as closeAllSubscriptions, V as convertRemainingAccounts, y as count, X as createSessionWithPrivy, Y as createSessionWithSignature, C as deserializeTransaction, Z as genAuthNonce, _ as genSolanaMessage, k as get, e as getAuthLoading, j as getAuthProvider, $ as getCachedData, h as getConfig, c as getCurrentUser, p as getFiles, D as getIdToken, a0 as getMany, F as getPlatform, i as init, I as isMobileWalletAvailable, l as login, f as logout, d as onAuthLoadingChanged, o as onAuthStateChanged, a1 as reconnectWithNewAuth, a2 as refreshSession, J as registerMobileWalletAdapter, t as runExpression, u as runExpressionMany, r as runQuery, q as runQueryMany, s as set, n as setFile, m as setMany, E as setPlatform, x as signAndSubmitTransaction, v as signMessage, a3 as signSessionCreateMessage, w as signTransaction, A as subscribe, B as useAuth } from './index-B7yaLhND.esm.js';
+export { H as DEFAULT_TEST_ADDRESS, L as InsufficientBalanceError, M as MockAuthProvider, O as OffchainAuthProvider, P as PhantomWalletProvider, K as PrivyExpoProvider, G as PrivyWalletProvider, R as ReactNativeSessionManager, N as ServerSessionManager, S as SolanaMobileWalletProvider, W as WebSessionManager, z as aggregate, Q as buildSetDocumentsTransaction, T as clearCache, U as closeAllSubscriptions, V as convertRemainingAccounts, y as count, X as createSessionWithPrivy, Y as createSessionWithSignature, C as deserializeTransaction, Z as genAuthNonce, _ as genSolanaMessage, k as get, e as getAuthLoading, j as getAuthProvider, $ as getCachedData, h as getConfig, c as getCurrentUser, p as getFiles, D as getIdToken, a0 as getMany, F as getPlatform, i as init, I as isMobileWalletAvailable, l as login, f as logout, d as onAuthLoadingChanged, o as onAuthStateChanged, a1 as reconnectWithNewAuth, a2 as refreshSession, J as registerMobileWalletAdapter, t as runExpression, u as runExpressionMany, r as runQuery, q as runQueryMany, s as set, n as setFile, m as setMany, E as setPlatform, x as signAndSubmitTransaction, v as signMessage, a3 as signSessionCreateMessage, w as signTransaction, A as subscribe, B as useAuth } from './index-ZKzq5QT_.esm.js';
 import 'axios';
 import '@solana/web3.js';
 import '@coral-xyz/anchor';

package/dist/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 'use strict';
-var index = require('./index-DP0xF34Z.js');
+var index = require('./index-R7cvXys2.js');
 require('axios');
 require('@solana/web3.js');
 require('@coral-xyz/anchor');

package/dist/{index.native-Dkf8NZ2O.js → index.native-BGaUOX9f.js} RENAMED Viewed

@@ -22,21 +22,6 @@ function _interopNamespaceDefault(e) {
 	return Object.freeze(n);
 }
-function _mergeNamespaces(n, m) {
-	m.forEach(function (e) {
-		e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
-			if (k !== 'default' && !(k in n)) {
-				var d = Object.getOwnPropertyDescriptor(e, k);
-				Object.defineProperty(n, k, d.get ? d : {
-					enumerable: true,
-					get: function () { return e[k]; }
-				});
-			}
-		});
-	});
-	return Object.freeze(n);
-}
 var anchor__namespace = /*#__PURE__*/_interopNamespaceDefault(anchor);
 var React__namespace = /*#__PURE__*/_interopNamespaceDefault(React);
@@ -6785,6 +6770,28 @@ class WebSessionManager {
     static async storeSession(address, accessToken, idToken, refreshToken) {
         if (typeof window === "undefined")
             return;
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave localStorage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9483,11 +9490,11 @@ function requireSrc$1 () {
 }
 var bs58$1;
-var hasRequiredBs58$1;
+var hasRequiredBs58;
-function requireBs58$1 () {
-	if (hasRequiredBs58$1) return bs58$1;
-	hasRequiredBs58$1 = 1;
+function requireBs58 () {
+	if (hasRequiredBs58) return bs58$1;
+	hasRequiredBs58 = 1;
 	var basex = requireSrc$1();
 	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
@@ -9495,8 +9502,8 @@ function requireBs58$1 () {
 	return bs58$1;
 }
-var bs58Exports$1 = requireBs58$1();
-var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
+var bs58Exports = requireBs58();
+var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
 // ─────────────────────────────────────────────────────────────
 // Local implementation of getSimulationComputeUnits
@@ -9758,7 +9765,7 @@ function loadKeypairFromEnv() {
     try {
         const secretKey = secret.trim().startsWith("[")
             ? Uint8Array.from(JSON.parse(secret))
-            : bs58$2.decode(secret.trim());
+            : bs58.decode(secret.trim());
         return web3_js.Keypair.fromSecretKey(secretKey);
     }
     catch (err) {
@@ -11703,6 +11710,28 @@ class ReactNativeSessionManager {
     /* STORE                                                              */
     /* ------------------------------------------------------------------ */
     static async storeSession(address, accessToken, idToken, refreshToken) {
+        // JWT-wallet binding: refuse to store a session whose idToken is bound
+        // to a different wallet than `address`. Prevents races that would otherwise
+        // leave storage with mismatched address/token state.
+        try {
+            const payloadB64 = idToken.split(".")[1];
+            if (payloadB64) {
+                const payload = JSON.parse(this.decodeBase64Url(payloadB64));
+                const tokenWallet = payload["custom:walletAddress"];
+                if (tokenWallet && tokenWallet !== address) {
+                    throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
+                }
+                if (!tokenWallet) {
+                    console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
+                }
+            }
+        }
+        catch (err) {
+            if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
+                throw err;
+            }
+            console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
+        }
         const config = await getConfig();
         const currentAppId = config.appId;
         this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -12857,15 +12886,15 @@ function clearIncompatibleSession() {
 // Lazy loaders for web-only providers.
 // Using dynamic import() ensures Metro (RN) never resolves these modules.
 async function loadPrivyWalletProvider() {
-    const mod = await Promise.resolve().then(function () { return require('./privy-wallet-provider-CrBZ52nR.js'); });
+    const mod = await Promise.resolve().then(function () { return require('./privy-wallet-provider-CFw6o7O5.js'); });
     return mod.PrivyWalletProvider;
 }
 async function loadPhantomWalletProvider() {
-    const mod = await Promise.resolve().then(function () { return require('./phantom-wallet-provider-CVyVJmH0.js'); });
+    const mod = await Promise.resolve().then(function () { return require('./phantom-wallet-provider-MFcwrRpJ.js'); });
     return { PhantomWalletProvider: mod.PhantomWalletProvider };
 }
 async function loadSolanaMobileWalletProvider() {
-    const mod = await Promise.resolve().then(function () { return require('./solana-mobile-wallet-provider-CAaGfPZJ.js'); });
+    const mod = await Promise.resolve().then(function () { return require('./solana-mobile-wallet-provider-BM9wdF0m.js'); });
     return mod.SolanaMobileWalletProvider;
 }
 async function hotSwapToPrivyProvider(config) {
@@ -15861,26 +15890,16 @@ function requireSrc () {
 	return src;
 }
-var bs58;
-var hasRequiredBs58;
+var srcExports = requireSrc();
+var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
-function requireBs58 () {
-	if (hasRequiredBs58) return bs58;
-	hasRequiredBs58 = 1;
-	var basex = requireSrc();
-	var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
+var base58 = basex(ALPHABET);
-	bs58 = basex(ALPHABET);
-	return bs58;
-}
-var bs58Exports = requireBs58();
-var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
-var index = /*#__PURE__*/_mergeNamespaces({
+var index = /*#__PURE__*/Object.freeze({
 	__proto__: null,
 	default: base58
-}, [bs58Exports]);
+});
 /**
  * Privy Expo Auth Provider — React Native implementation of AuthProvider.
@@ -16283,4 +16302,4 @@ exports.signSessionCreateMessage = signSessionCreateMessage;
 exports.signTransaction = signTransaction;
 exports.subscribe = subscribe;
 exports.useAuth = useAuth;
-//# sourceMappingURL=index.native-Dkf8NZ2O.js.map
+//# sourceMappingURL=index.native-BGaUOX9f.js.map