@pooflabs/web 0.0.83 → 0.0.85-rc1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. package/dist/auth/providers/solana-mobile-wallet-provider.d.ts +42 -20
  2. package/dist/{index-CpaP1yGp.esm.js → index-4TKz3Mn_.esm.js} +14 -364
  3. package/dist/index-4TKz3Mn_.esm.js.map +1 -0
  4. package/dist/{index-FviRSm3S.js → index-BoWQVxMI.js} +13 -363
  5. package/dist/index-BoWQVxMI.js.map +1 -0
  6. package/dist/{index-CP_wLmYu.esm.js → index-Buu8v-Oe.esm.js} +13 -363
  7. package/dist/index-Buu8v-Oe.esm.js.map +1 -0
  8. package/dist/{index-BxXQhFLQ.js → index-C2p1Cldz.js} +14 -364
  9. package/dist/index-C2p1Cldz.js.map +1 -0
  10. package/dist/index-COF6zNCs.esm.js +6 -0
  11. package/dist/index-COF6zNCs.esm.js.map +1 -0
  12. package/dist/{index-DQWyH96R.js → index-DlyeWzMk.js} +2 -2
  13. package/dist/index-DlyeWzMk.js.map +1 -0
  14. package/dist/{index-DP0xF34Z.js → index-R7cvXys2.js} +486 -299
  15. package/dist/index-R7cvXys2.js.map +1 -0
  16. package/dist/{index-B7yaLhND.esm.js → index-ZKzq5QT_.esm.js} +487 -300
  17. package/dist/index-ZKzq5QT_.esm.js.map +1 -0
  18. package/dist/{index.browser-_zN3Uapq.js → index.browser-BQSN-6X2.js} +846 -815
  19. package/dist/index.browser-BQSN-6X2.js.map +1 -0
  20. package/dist/index.browser-DZCNegue.js +6070 -0
  21. package/dist/index.browser-DZCNegue.js.map +1 -0
  22. package/dist/{index.browser-B_wQp2A8.esm.js → index.browser-tPepE5fo.esm.js} +836 -802
  23. package/dist/index.browser-tPepE5fo.esm.js.map +1 -0
  24. package/dist/index.browser-zfGYm0ST.esm.js +6060 -0
  25. package/dist/index.browser-zfGYm0ST.esm.js.map +1 -0
  26. package/dist/index.esm.js +1 -1
  27. package/dist/index.js +1 -1
  28. package/dist/{index.native-Dkf8NZ2O.js → index.native-BGaUOX9f.js} +61 -42
  29. package/dist/index.native-BGaUOX9f.js.map +1 -0
  30. package/dist/{index.native-CyEwEeKr.esm.js → index.native-BPQqeP6_.esm.js} +62 -43
  31. package/dist/index.native-BPQqeP6_.esm.js.map +1 -0
  32. package/dist/index.native.esm.js +1 -1
  33. package/dist/index.native.js +1 -1
  34. package/dist/{phantom-wallet-provider-fkcFbwPk.esm.js → phantom-wallet-provider-DheGhOp4.esm.js} +37 -6
  35. package/dist/phantom-wallet-provider-DheGhOp4.esm.js.map +1 -0
  36. package/dist/{phantom-wallet-provider-CVyVJmH0.js → phantom-wallet-provider-MFcwrRpJ.js} +37 -6
  37. package/dist/phantom-wallet-provider-MFcwrRpJ.js.map +1 -0
  38. package/dist/{privy-wallet-provider-CrBZ52nR.js → privy-wallet-provider-CFw6o7O5.js} +3 -3
  39. package/dist/privy-wallet-provider-CFw6o7O5.js.map +1 -0
  40. package/dist/{privy-wallet-provider-CpHAxPcv.esm.js → privy-wallet-provider-D15Au3j8.esm.js} +3 -3
  41. package/dist/privy-wallet-provider-D15Au3j8.esm.js.map +1 -0
  42. package/dist/solana-mobile-wallet-provider-BM9wdF0m.js +719 -0
  43. package/dist/solana-mobile-wallet-provider-BM9wdF0m.js.map +1 -0
  44. package/dist/solana-mobile-wallet-provider-ChHh-U_p.esm.js +698 -0
  45. package/dist/solana-mobile-wallet-provider-ChHh-U_p.esm.js.map +1 -0
  46. package/package.json +3 -2
  47. package/dist/index-B7yaLhND.esm.js.map +0 -1
  48. package/dist/index-BxXQhFLQ.js.map +0 -1
  49. package/dist/index-CP_wLmYu.esm.js.map +0 -1
  50. package/dist/index-CpaP1yGp.esm.js.map +0 -1
  51. package/dist/index-DP0xF34Z.js.map +0 -1
  52. package/dist/index-DQWyH96R.js.map +0 -1
  53. package/dist/index-DfOd8wW4.esm.js +0 -6
  54. package/dist/index-DfOd8wW4.esm.js.map +0 -1
  55. package/dist/index-FviRSm3S.js.map +0 -1
  56. package/dist/index.browser-1_M66nQ6.esm.js +0 -1096
  57. package/dist/index.browser-1_M66nQ6.esm.js.map +0 -1
  58. package/dist/index.browser-B_wQp2A8.esm.js.map +0 -1
  59. package/dist/index.browser-BfnOoa_h.js +0 -1099
  60. package/dist/index.browser-BfnOoa_h.js.map +0 -1
  61. package/dist/index.browser-BhppfDyf.js +0 -105
  62. package/dist/index.browser-BhppfDyf.js.map +0 -1
  63. package/dist/index.browser-OvGNsMPu.esm.js +0 -1002
  64. package/dist/index.browser-OvGNsMPu.esm.js.map +0 -1
  65. package/dist/index.browser-_zN3Uapq.js.map +0 -1
  66. package/dist/index.browser-vUinl_9y.esm.js +0 -102
  67. package/dist/index.browser-vUinl_9y.esm.js.map +0 -1
  68. package/dist/index.browser-vuTr40so.js +0 -1008
  69. package/dist/index.browser-vuTr40so.js.map +0 -1
  70. package/dist/index.native-CyEwEeKr.esm.js.map +0 -1
  71. package/dist/index.native-Dkf8NZ2O.js.map +0 -1
  72. package/dist/phantom-wallet-provider-CVyVJmH0.js.map +0 -1
  73. package/dist/phantom-wallet-provider-fkcFbwPk.esm.js.map +0 -1
  74. package/dist/privy-wallet-provider-CpHAxPcv.esm.js.map +0 -1
  75. package/dist/privy-wallet-provider-CrBZ52nR.js.map +0 -1
  76. package/dist/solana-mobile-wallet-provider-CAaGfPZJ.js +0 -579
  77. package/dist/solana-mobile-wallet-provider-CAaGfPZJ.js.map +0 -1
  78. package/dist/solana-mobile-wallet-provider-DGyWHJVI.esm.js +0 -558
  79. package/dist/solana-mobile-wallet-provider-DGyWHJVI.esm.js.map +0 -1
package/dist/{index.native-CyEwEeKr.esm.js → index.native-BPQqeP6_.esm.js} RENAMED
@@ -4,21 +4,6 @@ import * as anchor from '@coral-xyz/anchor';
4
4
  import { Program } from '@coral-xyz/anchor';
5
5
  import * as React from 'react';
6
6
 
7
- function _mergeNamespaces(n, m) {
8
- m.forEach(function (e) {
9
- e && typeof e !== 'string' && !Array.isArray(e) && Object.keys(e).forEach(function (k) {
10
- if (k !== 'default' && !(k in n)) {
11
- var d = Object.getOwnPropertyDescriptor(e, k);
12
- Object.defineProperty(n, k, d.get ? d : {
13
- enumerable: true,
14
- get: function () { return e[k]; }
15
- });
16
- }
17
- });
18
- });
19
- return Object.freeze(n);
20
- }
21
-
22
7
  function getDefaultExportFromCjs$1 (x) {
23
8
  return x && x.__esModule && Object.prototype.hasOwnProperty.call(x, 'default') ? x['default'] : x;
24
9
  }
@@ -6764,6 +6749,28 @@ class WebSessionManager {
6764
6749
  static async storeSession(address, accessToken, idToken, refreshToken) {
6765
6750
  if (typeof window === "undefined")
6766
6751
  return;
6752
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
6753
+ // to a different wallet than `address`. Prevents races that would otherwise
6754
+ // leave localStorage with mismatched address/token state.
6755
+ try {
6756
+ const payloadB64 = idToken.split(".")[1];
6757
+ if (payloadB64) {
6758
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
6759
+ const tokenWallet = payload["custom:walletAddress"];
6760
+ if (tokenWallet && tokenWallet !== address) {
6761
+ throw new Error(`[WebSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
6762
+ }
6763
+ if (!tokenWallet) {
6764
+ console.warn("[WebSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
6765
+ }
6766
+ }
6767
+ }
6768
+ catch (err) {
6769
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
6770
+ throw err;
6771
+ }
6772
+ console.warn("[WebSessionManager] storeSession: failed to decode idToken for validation:", err);
6773
+ }
6767
6774
  const config = await getConfig();
6768
6775
  const currentAppId = config.appId;
6769
6776
  localStorage.setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -9462,11 +9469,11 @@ function requireSrc$1 () {
9462
9469
  }
9463
9470
 
9464
9471
  var bs58$1;
9465
- var hasRequiredBs58$1;
9472
+ var hasRequiredBs58;
9466
9473
 
9467
- function requireBs58$1 () {
9468
- if (hasRequiredBs58$1) return bs58$1;
9469
- hasRequiredBs58$1 = 1;
9474
+ function requireBs58 () {
9475
+ if (hasRequiredBs58) return bs58$1;
9476
+ hasRequiredBs58 = 1;
9470
9477
  var basex = requireSrc$1();
9471
9478
  var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
9472
9479
 
@@ -9474,8 +9481,8 @@ function requireBs58$1 () {
9474
9481
  return bs58$1;
9475
9482
  }
9476
9483
 
9477
- var bs58Exports$1 = requireBs58$1();
9478
- var bs58$2 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports$1);
9484
+ var bs58Exports = requireBs58();
9485
+ var bs58 = /*@__PURE__*/getDefaultExportFromCjs(bs58Exports);
9479
9486
 
9480
9487
  // ─────────────────────────────────────────────────────────────
9481
9488
  // Local implementation of getSimulationComputeUnits
@@ -9737,7 +9744,7 @@ function loadKeypairFromEnv() {
9737
9744
  try {
9738
9745
  const secretKey = secret.trim().startsWith("[")
9739
9746
  ? Uint8Array.from(JSON.parse(secret))
9740
- : bs58$2.decode(secret.trim());
9747
+ : bs58.decode(secret.trim());
9741
9748
  return Keypair.fromSecretKey(secretKey);
9742
9749
  }
9743
9750
  catch (err) {
@@ -11682,6 +11689,28 @@ class ReactNativeSessionManager {
11682
11689
  /* STORE */
11683
11690
  /* ------------------------------------------------------------------ */
11684
11691
  static async storeSession(address, accessToken, idToken, refreshToken) {
11692
+ // JWT-wallet binding: refuse to store a session whose idToken is bound
11693
+ // to a different wallet than `address`. Prevents races that would otherwise
11694
+ // leave storage with mismatched address/token state.
11695
+ try {
11696
+ const payloadB64 = idToken.split(".")[1];
11697
+ if (payloadB64) {
11698
+ const payload = JSON.parse(this.decodeBase64Url(payloadB64));
11699
+ const tokenWallet = payload["custom:walletAddress"];
11700
+ if (tokenWallet && tokenWallet !== address) {
11701
+ throw new Error(`[ReactNativeSessionManager] Refusing to store session: address (${address}) does not match idToken custom:walletAddress (${tokenWallet})`);
11702
+ }
11703
+ if (!tokenWallet) {
11704
+ console.warn("[ReactNativeSessionManager] storeSession: idToken has no custom:walletAddress claim — writing without validation");
11705
+ }
11706
+ }
11707
+ }
11708
+ catch (err) {
11709
+ if (typeof (err === null || err === void 0 ? void 0 : err.message) === "string" && err.message.includes("Refusing to store session")) {
11710
+ throw err;
11711
+ }
11712
+ console.warn("[ReactNativeSessionManager] storeSession: failed to decode idToken for validation:", err);
11713
+ }
11685
11714
  const config = await getConfig();
11686
11715
  const currentAppId = config.appId;
11687
11716
  this.getStorage().setItem(this.TAROBASE_SESSION_STORAGE_KEY, JSON.stringify({
@@ -12836,15 +12865,15 @@ function clearIncompatibleSession() {
12836
12865
  // Lazy loaders for web-only providers.
12837
12866
  // Using dynamic import() ensures Metro (RN) never resolves these modules.
12838
12867
  async function loadPrivyWalletProvider() {
12839
- const mod = await import('./privy-wallet-provider-CpHAxPcv.esm.js');
12868
+ const mod = await import('./privy-wallet-provider-D15Au3j8.esm.js');
12840
12869
  return mod.PrivyWalletProvider;
12841
12870
  }
12842
12871
  async function loadPhantomWalletProvider() {
12843
- const mod = await import('./phantom-wallet-provider-fkcFbwPk.esm.js');
12872
+ const mod = await import('./phantom-wallet-provider-DheGhOp4.esm.js');
12844
12873
  return { PhantomWalletProvider: mod.PhantomWalletProvider };
12845
12874
  }
12846
12875
  async function loadSolanaMobileWalletProvider() {
12847
- const mod = await import('./solana-mobile-wallet-provider-DGyWHJVI.esm.js');
12876
+ const mod = await import('./solana-mobile-wallet-provider-ChHh-U_p.esm.js');
12848
12877
  return mod.SolanaMobileWalletProvider;
12849
12878
  }
12850
12879
  async function hotSwapToPrivyProvider(config) {
@@ -15840,26 +15869,16 @@ function requireSrc () {
15840
15869
  return src;
15841
15870
  }
15842
15871
 
15843
- var bs58;
15844
- var hasRequiredBs58;
15845
-
15846
- function requireBs58 () {
15847
- if (hasRequiredBs58) return bs58;
15848
- hasRequiredBs58 = 1;
15849
- var basex = requireSrc();
15850
- var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
15851
-
15852
- bs58 = basex(ALPHABET);
15853
- return bs58;
15854
- }
15872
+ var srcExports = requireSrc();
15873
+ var basex = /*@__PURE__*/getDefaultExportFromCjs$1(srcExports);
15855
15874
 
15856
- var bs58Exports = requireBs58();
15857
- var base58 = /*@__PURE__*/getDefaultExportFromCjs$1(bs58Exports);
15875
+ var ALPHABET = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';
15876
+ var base58 = basex(ALPHABET);
15858
15877
 
15859
- var index = /*#__PURE__*/_mergeNamespaces({
15878
+ var index = /*#__PURE__*/Object.freeze({
15860
15879
  __proto__: null,
15861
15880
  default: base58
15862
- }, [bs58Exports]);
15881
+ });
15863
15882
 
15864
15883
  /**
15865
15884
  * Privy Expo Auth Provider — React Native implementation of AuthProvider.
@@ -16200,5 +16219,5 @@ class PrivyExpoProvider {
16200
16219
  }
16201
16220
  }
16202
16221
 
16203
- export { ReactNativeSessionManager as $, getAuthProvider as A, get as B, set as C, setMany as D, setFile as E, getFiles as F, runQuery as G, runQueryMany as H, runExpression as I, runExpressionMany as J, signMessage as K, signTransaction as L, signAndSubmitTransaction as M, count as N, aggregate as O, subscribe as P, useAuth as Q, deserializeTransaction as R, SOLANA_MAINNET_RPC_URL as S, getIdToken as T, setPlatform as U, MockAuthProvider as V, WebSessionManager as W, DEFAULT_TEST_ADDRESS as X, OffchainAuthProvider as Y, PrivyExpoProvider as Z, InsufficientBalanceError as _, SOLANA_DEVNET_RPC_URL as a, ServerSessionManager as a0, clearCache as a1, closeAllSubscriptions as a2, getCachedData as a3, getMany as a4, reconnectWithNewAuth as a5, refreshSession as a6, signSessionCreateMessage as a7, buildSetDocumentsTransaction as b, convertRemainingAccounts as c, base58 as d, confirmAndCheckTransaction as e, createSessionWithPrivy as f, getPlatform as g, SURFNET_RPC_URL$1 as h, index as i, detectMobile as j, detectAndroid as k, setAuthLoading as l, genAuthNonce as m, genSolanaMessage as n, createSessionWithSignature as o, getDefaultExportFromCjs$1 as p, init as q, requireBuffer as r, setCurrentUser as s, getCurrentUser as t, onAuthStateChanged as u, onAuthLoadingChanged as v, getAuthLoading as w, login as x, logout as y, getConfig as z };
16204
- //# sourceMappingURL=index.native-CyEwEeKr.esm.js.map
16222
+ export { ServerSessionManager as $, get as A, set as B, setMany as C, setFile as D, getFiles as E, runQuery as F, runQueryMany as G, runExpression as H, runExpressionMany as I, signMessage as J, signTransaction as K, signAndSubmitTransaction as L, count as M, aggregate as N, subscribe as O, useAuth as P, deserializeTransaction as Q, getIdToken as R, SOLANA_MAINNET_RPC_URL as S, setPlatform as T, MockAuthProvider as U, DEFAULT_TEST_ADDRESS as V, WebSessionManager as W, OffchainAuthProvider as X, PrivyExpoProvider as Y, InsufficientBalanceError as Z, ReactNativeSessionManager as _, SOLANA_DEVNET_RPC_URL as a, clearCache as a0, closeAllSubscriptions as a1, getCachedData as a2, getMany as a3, reconnectWithNewAuth as a4, refreshSession as a5, signSessionCreateMessage as a6, index as a7, buildSetDocumentsTransaction as b, convertRemainingAccounts as c, base58 as d, confirmAndCheckTransaction as e, createSessionWithPrivy as f, getPlatform as g, SURFNET_RPC_URL$1 as h, detectMobile as i, detectAndroid as j, setAuthLoading as k, genAuthNonce as l, genSolanaMessage as m, createSessionWithSignature as n, getDefaultExportFromCjs$1 as o, init as p, getCurrentUser as q, requireBuffer as r, setCurrentUser as s, onAuthStateChanged as t, onAuthLoadingChanged as u, getAuthLoading as v, login as w, logout as x, getConfig as y, getAuthProvider as z };
16223
+ //# sourceMappingURL=index.native-BPQqeP6_.esm.js.map