@rift-finance/wallet 1.4.33 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/dist/index.d.ts +4 -0
  2. package/dist/index.d.ts.map +1 -1
  3. package/dist/index.js +10 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/services/Deposits.js +2 -2
  6. package/dist/services/Deposits.js.map +1 -1
  7. package/dist/services/assets.js +7 -7
  8. package/dist/services/assets.js.map +1 -1
  9. package/dist/services/auth.d.ts +18 -1
  10. package/dist/services/auth.d.ts.map +1 -1
  11. package/dist/services/auth.js +42 -19
  12. package/dist/services/auth.js.map +1 -1
  13. package/dist/services/bridge.js +3 -3
  14. package/dist/services/bridge.js.map +1 -1
  15. package/dist/services/defi.js +1 -1
  16. package/dist/services/defi.js.map +1 -1
  17. package/dist/services/kyc.js +7 -7
  18. package/dist/services/kyc.js.map +1 -1
  19. package/dist/services/merchant.js +3 -3
  20. package/dist/services/merchant.js.map +1 -1
  21. package/dist/services/notifications.d.ts +23 -19
  22. package/dist/services/notifications.d.ts.map +1 -1
  23. package/dist/services/notifications.js +28 -43
  24. package/dist/services/notifications.js.map +1 -1
  25. package/dist/services/offramp.js +8 -8
  26. package/dist/services/offramp.js.map +1 -1
  27. package/dist/services/oidc-helper.d.ts +101 -0
  28. package/dist/services/oidc-helper.d.ts.map +1 -0
  29. package/dist/services/oidc-helper.js +171 -0
  30. package/dist/services/oidc-helper.js.map +1 -0
  31. package/dist/services/onramp_v2.js +3 -3
  32. package/dist/services/onramp_v2.js.map +1 -1
  33. package/dist/services/passkey-helper.d.ts +82 -0
  34. package/dist/services/passkey-helper.d.ts.map +1 -0
  35. package/dist/services/passkey-helper.js +229 -0
  36. package/dist/services/passkey-helper.js.map +1 -0
  37. package/dist/services/signer.js +4 -4
  38. package/dist/services/signer.js.map +1 -1
  39. package/dist/services/transactions.js +3 -3
  40. package/dist/services/transactions.js.map +1 -1
  41. package/dist/services/user-management.js +4 -4
  42. package/dist/services/user-management.js.map +1 -1
  43. package/dist/services/vault.js +19 -19
  44. package/dist/services/vault.js.map +1 -1
  45. package/dist/services/wallet-connect.js +6 -6
  46. package/dist/services/wallet-connect.js.map +1 -1
  47. package/dist/services/wallet.js +2 -2
  48. package/dist/services/wallet.js.map +1 -1
  49. package/dist/types.d.ts +84 -6
  50. package/dist/types.d.ts.map +1 -1
  51. package/dist/types.js +21 -0
  52. package/dist/types.js.map +1 -1
  53. package/package.json +41 -41
@@ -1 +1 @@
1
- {"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../src/services/notifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,WAAW,EACX,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,EAC7B,MAAM,UAAU,CAAC;AAElB,qBAAa,mBAAoB,SAAQ,WAAW;IAClD;;OAEG;IACG,oBAAoB,CACxB,OAAO,EAAE,+BAA+B,GACvC,OAAO,CAAC,WAAW,CAAC;QAAE,YAAY,EAAE,wBAAwB,CAAA;KAAE,CAAC,CAAC;IAcnE;;OAEG;IACG,WAAW,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAQnE;;OAEG;IACG,oBAAoB,IAAI,OAAO,CACnC,WAAW,CAAC;QACV,aAAa,EAAE,4BAA4B,EAAE,CAAC;QAC9C,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CACH;IAaD;;OAEG;IACG,oBAAoB,CACxB,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAa9C;;OAEG;IACG,wBAAwB,CAC5B,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC;IAYjD;;OAEG;IACG,sBAAsB,IAAI,OAAO,CACrC,WAAW,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CACtC;CAMF"}
1
+ {"version":3,"file":"notifications.d.ts","sourceRoot":"","sources":["../../src/services/notifications.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EACL,WAAW,EACX,+BAA+B,EAC/B,wBAAwB,EACxB,uBAAuB,EACvB,uBAAuB,EACvB,wBAAwB,EACxB,4BAA4B,EAC7B,MAAM,UAAU,CAAC;AAElB;;;;;;;;;GASG;AACH,qBAAa,mBAAoB,SAAQ,WAAW;IAClD,wEAAwE;IAClE,oBAAoB,CACxB,QAAQ,EAAE,+BAA+B,GACxC,OAAO,CAAC,WAAW,CAAC;QAAE,YAAY,EAAE,wBAAwB,CAAA;KAAE,CAAC,CAAC;IAMnE,wEAAwE;IAClE,WAAW,CAAC,aAAa,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC;IAIpE,wEAAwE;IAClE,oBAAoB,IAAI,OAAO,CACnC,WAAW,CAAC;QACV,aAAa,EAAE,4BAA4B,EAAE,CAAC;QAC9C,WAAW,EAAE,MAAM,CAAC;QACpB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC,CACH;IAID,wEAAwE;IAClE,sBAAsB,IAAI,OAAO,CAAC,WAAW,CAAC;QAAE,YAAY,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAI9E;;;;OAIG;IACG,oBAAoB,CACxB,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC;QAAE,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAY9C;;OAEG;IACG,wBAAwB,CAC5B,OAAO,EAAE,uBAAuB,GAC/B,OAAO,CAAC,WAAW,CAAC,wBAAwB,CAAC,CAAC;CAWlD"}
@@ -2,49 +2,43 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.NotificationService = void 0;
4
4
  const base_service_1 = require("../base-service");
5
+ /**
6
+ * NotificationService — email-only in v1.
7
+ *
8
+ * The backend dropped push notifications (Pusher Beams, Webpushr, Firebase)
9
+ * and the per-device subscription registry. The remaining surface is
10
+ * email delivery via Resend, branded per project. We keep the class
11
+ * signatures of the push methods for backwards compatibility but they
12
+ * now throw a clear error so callers can find them quickly. Use
13
+ * `sendTestNotification` and `sendToAllUserSubscribers` to deliver email.
14
+ */
5
15
  class NotificationService extends base_service_1.BaseService {
6
- /**
7
- * Register or update a notification subscription for the current user
8
- */
9
- async registerSubscription(request) {
10
- return this.authenticatedRequest({
11
- method: "POST",
12
- url: "/notifications/register",
13
- data: {
14
- subscriberId: request.subscriberId,
15
- deviceInfo: request.deviceInfo,
16
- platform: request.platform,
17
- },
18
- });
16
+ /** @deprecated Push notifications are removed in v1. No-op (throws). */
17
+ async registerSubscription(_request) {
18
+ throw new Error("registerSubscription was removed in v1 — push notifications are no longer supported. Email is delivered automatically to the user's recorded email.");
19
19
  }
20
- /**
21
- * Unsubscribe from notifications
22
- */
23
- async unsubscribe(subscriberId) {
24
- return this.authenticatedRequest({
25
- method: "POST",
26
- url: "/notifications/unsubscribe",
27
- data: { subscriberId },
28
- });
20
+ /** @deprecated Push notifications are removed in v1. No-op (throws). */
21
+ async unsubscribe(_subscriberId) {
22
+ throw new Error("unsubscribe was removed in v1 — there are no per-device push subscriptions to remove.");
29
23
  }
30
- /**
31
- * Get all notification subscriptions for the current user
32
- */
24
+ /** @deprecated Push notifications are removed in v1. No-op (throws). */
33
25
  async getUserSubscriptions() {
34
- return this.authenticatedRequest({
35
- method: "GET",
36
- url: "/notifications/subscriptions",
37
- });
26
+ throw new Error("getUserSubscriptions was removed in v1 — there are no per-device push subscriptions to list.");
27
+ }
28
+ /** @deprecated Push notifications are removed in v1. No-op (throws). */
29
+ async deleteAllSubscriptions() {
30
+ throw new Error("deleteAllSubscriptions was removed in v1 — there are no per-device push subscriptions to delete.");
38
31
  }
39
32
  /**
40
- * Send a test notification to a specific subscriber
33
+ * Send a test email notification to the authenticated user. The legacy
34
+ * `subscriberId` field is ignored (kept on the request shape for source
35
+ * compatibility); delivery is to the user's recorded email.
41
36
  */
42
37
  async sendTestNotification(request) {
43
38
  return this.authenticatedRequest({
44
39
  method: "POST",
45
- url: "/notifications/test",
40
+ url: "/v1/notifications/test",
46
41
  data: {
47
- subscriberId: request.subscriberId,
48
42
  message: request.message,
49
43
  targetUrl: request.targetUrl,
50
44
  title: request.title,
@@ -52,12 +46,12 @@ class NotificationService extends base_service_1.BaseService {
52
46
  });
53
47
  }
54
48
  /**
55
- * Send notification to all subscribers of the current user
49
+ * Send a notification email to the authenticated user.
56
50
  */
57
51
  async sendToAllUserSubscribers(request) {
58
52
  return this.authenticatedRequest({
59
53
  method: "POST",
60
- url: "/notifications/send",
54
+ url: "/v1/notifications/messages",
61
55
  data: {
62
56
  message: request.message,
63
57
  targetUrl: request.targetUrl,
@@ -65,15 +59,6 @@ class NotificationService extends base_service_1.BaseService {
65
59
  },
66
60
  });
67
61
  }
68
- /**
69
- * Delete all notification subscriptions for the current user
70
- */
71
- async deleteAllSubscriptions() {
72
- return this.authenticatedRequest({
73
- method: "DELETE",
74
- url: "/notifications/subscriptions",
75
- });
76
- }
77
62
  }
78
63
  exports.NotificationService = NotificationService;
79
64
  //# sourceMappingURL=notifications.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../src/services/notifications.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAW9C,MAAa,mBAAoB,SAAQ,0BAAW;IAClD;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAwC;QAExC,OAAO,IAAI,CAAC,oBAAoB,CAE9B;YACA,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,yBAAyB;YAC9B,IAAI,EAAE;gBACJ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,QAAQ,EAAE,OAAO,CAAC,QAAQ;aAC3B;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CAAC,YAAoB;QACpC,OAAO,IAAI,CAAC,oBAAoB,CAAoB;YAClD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,4BAA4B;YACjC,IAAI,EAAE,EAAE,YAAY,EAAE;SACvB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB;QAOxB,OAAO,IAAI,CAAC,oBAAoB,CAM9B;YACA,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,8BAA8B;SACpC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAAqC;YACnE,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,qBAAqB;YAC1B,IAAI,EAAE;gBACJ,YAAY,EAAE,OAAO,CAAC,YAAY;gBAClC,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAC5B,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAAwC;YACtE,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,qBAAqB;YAC1B,IAAI,EAAE;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB;QAG1B,OAAO,IAAI,CAAC,oBAAoB,CAAwC;YACtE,MAAM,EAAE,QAAQ;YAChB,GAAG,EAAE,8BAA8B;SACpC,CAAC,CAAC;IACL,CAAC;CACF;AAnGD,kDAmGC"}
1
+ {"version":3,"file":"notifications.js","sourceRoot":"","sources":["../../src/services/notifications.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAW9C;;;;;;;;;GASG;AACH,MAAa,mBAAoB,SAAQ,0BAAW;IAClD,wEAAwE;IACxE,KAAK,CAAC,oBAAoB,CACxB,QAAyC;QAEzC,MAAM,IAAI,KAAK,CACb,qJAAqJ,CACtJ,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,WAAW,CAAC,aAAqB;QACrC,MAAM,IAAI,KAAK,CAAC,uFAAuF,CAAC,CAAC;IAC3G,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,oBAAoB;QAOxB,MAAM,IAAI,KAAK,CAAC,8FAA8F,CAAC,CAAC;IAClH,CAAC;IAED,wEAAwE;IACxE,KAAK,CAAC,sBAAsB;QAC1B,MAAM,IAAI,KAAK,CAAC,kGAAkG,CAAC,CAAC;IACtH,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,oBAAoB,CACxB,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAAqC;YACnE,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAC5B,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAAwC;YACtE,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,4BAA4B;YACjC,IAAI,EAAE;gBACJ,OAAO,EAAE,OAAO,CAAC,OAAO;gBACxB,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,KAAK,EAAE,OAAO,CAAC,KAAK;aACrB;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAlED,kDAkEC"}
@@ -14,27 +14,27 @@ class OfframpService extends base_service_1.BaseService {
14
14
  async previewExchangeRate(request) {
15
15
  return this.authenticatedRequest({
16
16
  method: "POST",
17
- url: "/offramp/preview_exchange_rate",
17
+ url: "/v1/rates/quote",
18
18
  data: request,
19
19
  });
20
20
  }
21
21
  async getSupportedInstitutions(currency) {
22
22
  return this.authenticatedRequest({
23
23
  method: "GET",
24
- url: `/offramp/payment_methods/${currency}`,
24
+ url: `/v1/rails/${currency}/payment-methods`,
25
25
  });
26
26
  }
27
27
  async sendPaymentLink(request) {
28
28
  return this.authenticatedRequest({
29
29
  method: "POST",
30
- url: "/offramp/send-payment-link",
30
+ url: "/v1/invoices/notifications",
31
31
  data: request,
32
32
  });
33
33
  }
34
34
  async pay(request) {
35
35
  return this.authenticatedRequest({
36
36
  method: "POST",
37
- url: "/offramp/pay",
37
+ url: "/v1/offramps",
38
38
  data: request,
39
39
  });
40
40
  }
@@ -46,14 +46,14 @@ class OfframpService extends base_service_1.BaseService {
46
46
  async createOrder(request) {
47
47
  return this.authenticatedRequest({
48
48
  method: "POST",
49
- url: "/offramp/offramp",
49
+ url: "/v1/offramps",
50
50
  data: request,
51
51
  });
52
52
  }
53
53
  async getWithdrawalFee(amount) {
54
54
  return this.authenticatedRequest({
55
55
  method: "POST",
56
- url: "/offramp/get-withdrawal-fee",
56
+ url: "/v1/rates/withdrawal-fee",
57
57
  data: { amount }
58
58
  });
59
59
  }
@@ -65,7 +65,7 @@ class OfframpService extends base_service_1.BaseService {
65
65
  async pollOrderStatus(request) {
66
66
  return this.authenticatedRequest({
67
67
  method: "GET",
68
- url: "/offramp/poll_order_status",
68
+ url: "/v1/offramps/by-code",
69
69
  params: request
70
70
  });
71
71
  }
@@ -76,7 +76,7 @@ class OfframpService extends base_service_1.BaseService {
76
76
  async getOrders() {
77
77
  return this.authenticatedRequest({
78
78
  method: "GET",
79
- url: "/offramp/get_orders",
79
+ url: "/v1/offramps",
80
80
  });
81
81
  }
82
82
  }
@@ -1 +1 @@
1
- {"version":3,"file":"offramp.js","sourceRoot":"","sources":["../../src/services/offramp.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAoB9C,MAAa,cAAe,SAAQ,0BAAW;IAC7C,YAAY,UAA0B;QACpC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CACvB,OAAmC;QAEnC,OAAO,IAAI,CAAC,oBAAoB,CAA8B;YAC5D,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,gCAAgC;YACrC,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,wBAAwB,CAAC,QAAyB;QACtD,OAAO,IAAI,CAAC,oBAAoB,CAAmC;YACjE,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,4BAA4B,QAAQ,EAAE;SAC5C,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,OAA+B;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAA0B;YACxD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,4BAA4B;YACjC,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAE,OAAmB;QAC5B,OAAO,IAAI,CAAC,oBAAoB,CAAc;YAC5C,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,cAAc;YACnB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CACf,OAAkC;QAElC,OAAO,IAAI,CAAC,oBAAoB,CAA6B;YAC3D,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,kBAAkB;YACvB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,6BAA6B;YAClC,IAAI,EAAC,EAAC,MAAM,EAAC;SACd,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,4BAA4B;YACjC,MAAM,EAAE,OAAO;SAEhB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,qBAAqB;SAC3B,CAAC,CAAC;IACL,CAAC;CACF;AA9FD,wCA8FC"}
1
+ {"version":3,"file":"offramp.js","sourceRoot":"","sources":["../../src/services/offramp.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAoB9C,MAAa,cAAe,SAAQ,0BAAW;IAC7C,YAAY,UAA0B;QACpC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,mBAAmB,CACvB,OAAmC;QAEnC,OAAO,IAAI,CAAC,oBAAoB,CAA8B;YAC5D,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,iBAAiB;YACtB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,wBAAwB,CAAC,QAAyB;QACtD,OAAO,IAAI,CAAC,oBAAoB,CAAmC;YACjE,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,aAAa,QAAQ,kBAAkB;SAC7C,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,OAA+B;QACnD,OAAO,IAAI,CAAC,oBAAoB,CAA0B;YACxD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,4BAA4B;YACjC,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,GAAG,CAAE,OAAmB;QAC5B,OAAO,IAAI,CAAC,oBAAoB,CAAc;YAC5C,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,cAAc;YACnB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,WAAW,CACf,OAAkC;QAElC,OAAO,IAAI,CAAC,oBAAoB,CAA6B;YAC3D,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,cAAc;YACnB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,MAAc;QACnC,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,0BAA0B;YAC/B,IAAI,EAAC,EAAC,MAAM,EAAC;SACd,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CACnB,OAAgC;QAEhC,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,sBAAsB;YAC3B,MAAM,EAAE,OAAO;SAEhB,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,OAAO,IAAI,CAAC,oBAAoB,CAA2B;YACzD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,cAAc;SACpB,CAAC,CAAC;IACL,CAAC;CACF;AA9FD,wCA8FC"}
@@ -0,0 +1,101 @@
1
+ /**
2
+ * OIDC helper — browser-only.
3
+ *
4
+ * Wraps the Google Identity Services (GIS) flow to produce id_tokens
5
+ * with a `nonce` claim bound to a specific user-op hash. The enclave
6
+ * verifies that nonce matches the prehash it's about to sign, so a
7
+ * stolen token can only authorise the exact transaction it was minted
8
+ * for.
9
+ *
10
+ * Typical usage:
11
+ *
12
+ * // 1. Once, when the user clicks "Sign in with Google":
13
+ * const enrolment = await OidcHelper.fetchEnrolment({ clientId, nonce: enrolNonce });
14
+ * await sdk.auth.migrateToV3({ enrolledMethods: [enrolment.method] });
15
+ *
16
+ * // 2. Per transaction, when the user clicks "Send":
17
+ * const userOpHashHex = await sdk.transactions.previewUserOpHash({ ... });
18
+ * const proof = await OidcHelper.sign({ clientId, userOpHashHex });
19
+ * await sdk.transactions.send({ ..., authProof: proof });
20
+ *
21
+ * Requires the Google Sign-In script to be reachable from the page —
22
+ * we load it dynamically on first use, no <script> tag needed.
23
+ *
24
+ * Apple support: SAME shape, different IdP. Add `OidcHelper.signWithApple`
25
+ * later — the spec is identical, only the script URL + payload differ.
26
+ */
27
+ import type { AuthProof, EnrolledMethod } from "../types";
28
+ interface GisAccountsId {
29
+ initialize: (config: {
30
+ client_id: string;
31
+ nonce?: string;
32
+ callback: (resp: {
33
+ credential: string;
34
+ }) => void;
35
+ auto_select?: boolean;
36
+ cancel_on_tap_outside?: boolean;
37
+ use_fedcm_for_prompt?: boolean;
38
+ }) => void;
39
+ prompt: (listener?: (n: unknown) => void) => void;
40
+ renderButton: (el: HTMLElement, options: Record<string, unknown>) => void;
41
+ disableAutoSelect: () => void;
42
+ }
43
+ declare global {
44
+ interface Window {
45
+ google?: {
46
+ accounts?: {
47
+ id?: GisAccountsId;
48
+ };
49
+ };
50
+ }
51
+ }
52
+ export interface OidcEnrolmentResult {
53
+ /** Pass this directly to signup / login / migrateToV3 as enrolledMethods[i]. */
54
+ method: EnrolledMethod;
55
+ /** The raw id_token — useful if you also want to send it as a one-shot authProof. */
56
+ idToken: string;
57
+ }
58
+ export declare class OidcHelper {
59
+ /**
60
+ * Fetch a Google id_token for enrolment. The user picks a Google
61
+ * account in the consent flow. The returned `method` is what you
62
+ * pass to `auth.migrateToV3()` or as `enrolledMethods` at signup.
63
+ *
64
+ * The `nonce` here is anti-replay for enrolment only — you can use
65
+ * any opaque value (a random UUID is fine). For per-transaction
66
+ * signing, use `sign()` instead, which binds nonce=user_op_hash.
67
+ */
68
+ static fetchEnrolment(opts: {
69
+ clientId: string;
70
+ /** Random opaque value. Defaults to a fresh crypto.randomUUID(). */
71
+ nonce?: string;
72
+ /** Where to render the Google button. Required. */
73
+ buttonContainer: HTMLElement;
74
+ /** Optional button visual config — see GIS docs. */
75
+ buttonOptions?: Record<string, unknown>;
76
+ }): Promise<OidcEnrolmentResult>;
77
+ /**
78
+ * Sign a specific user-op hash via Google. The id_token's `nonce`
79
+ * claim will equal `userOpHashHex` (no 0x prefix), which the enclave
80
+ * uses to bind this proof to this specific transaction.
81
+ *
82
+ * `clientId` MUST be the same one you used at enrolment (it ends up
83
+ * in the JWT's `aud` claim, which the enclave checks against its
84
+ * pinned accept list).
85
+ */
86
+ static sign(opts: {
87
+ clientId: string;
88
+ /** 32-byte hash, hex, with or without 0x prefix. */
89
+ userOpHashHex: string;
90
+ buttonContainer: HTMLElement;
91
+ buttonOptions?: Record<string, unknown>;
92
+ }): Promise<AuthProof>;
93
+ /**
94
+ * Lower-level: render a Google Sign-In button and wait for the user
95
+ * to click it. Returns the raw id_token. Used internally by both
96
+ * fetchEnrolment and sign.
97
+ */
98
+ private static requestIdToken;
99
+ }
100
+ export {};
101
+ //# sourceMappingURL=oidc-helper.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oidc-helper.d.ts","sourceRoot":"","sources":["../../src/services/oidc-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAI1D,UAAU,aAAa;IACrB,UAAU,EAAE,CAAC,MAAM,EAAE;QACnB,SAAS,EAAE,MAAM,CAAC;QAClB,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,QAAQ,EAAE,CAAC,IAAI,EAAE;YAAE,UAAU,EAAE,MAAM,CAAA;SAAE,KAAK,IAAI,CAAC;QACjD,WAAW,CAAC,EAAE,OAAO,CAAC;QACtB,qBAAqB,CAAC,EAAE,OAAO,CAAC;QAChC,oBAAoB,CAAC,EAAE,OAAO,CAAC;KAChC,KAAK,IAAI,CAAC;IACX,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,IAAI,KAAK,IAAI,CAAC;IAClD,YAAY,EAAE,CACZ,EAAE,EAAE,WAAW,EACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,IAAI,CAAC;IACV,iBAAiB,EAAE,MAAM,IAAI,CAAC;CAC/B;AAED,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,MAAM;QACd,MAAM,CAAC,EAAE;YAAE,QAAQ,CAAC,EAAE;gBAAE,EAAE,CAAC,EAAE,aAAa,CAAA;aAAE,CAAA;SAAE,CAAC;KAChD;CACF;AA6DD,MAAM,WAAW,mBAAmB;IAClC,gFAAgF;IAChF,MAAM,EAAE,cAAc,CAAC;IACvB,qFAAqF;IACrF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,qBAAa,UAAU;IACrB;;;;;;;;OAQG;WACU,cAAc,CAAC,IAAI,EAAE;QAChC,QAAQ,EAAE,MAAM,CAAC;QACjB,oEAAoE;QACpE,KAAK,CAAC,EAAE,MAAM,CAAC;QACf,mDAAmD;QACnD,eAAe,EAAE,WAAW,CAAC;QAC7B,oDAAoD;QACpD,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACzC,GAAG,OAAO,CAAC,mBAAmB,CAAC;IAchC;;;;;;;;OAQG;WACU,IAAI,CAAC,IAAI,EAAE;QACtB,QAAQ,EAAE,MAAM,CAAC;QACjB,oDAAoD;QACpD,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,WAAW,CAAC;QAC7B,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACzC,GAAG,OAAO,CAAC,SAAS,CAAC;IActB;;;;OAIG;mBACkB,cAAc;CAuCpC"}
@@ -0,0 +1,171 @@
1
+ "use strict";
2
+ /**
3
+ * OIDC helper — browser-only.
4
+ *
5
+ * Wraps the Google Identity Services (GIS) flow to produce id_tokens
6
+ * with a `nonce` claim bound to a specific user-op hash. The enclave
7
+ * verifies that nonce matches the prehash it's about to sign, so a
8
+ * stolen token can only authorise the exact transaction it was minted
9
+ * for.
10
+ *
11
+ * Typical usage:
12
+ *
13
+ * // 1. Once, when the user clicks "Sign in with Google":
14
+ * const enrolment = await OidcHelper.fetchEnrolment({ clientId, nonce: enrolNonce });
15
+ * await sdk.auth.migrateToV3({ enrolledMethods: [enrolment.method] });
16
+ *
17
+ * // 2. Per transaction, when the user clicks "Send":
18
+ * const userOpHashHex = await sdk.transactions.previewUserOpHash({ ... });
19
+ * const proof = await OidcHelper.sign({ clientId, userOpHashHex });
20
+ * await sdk.transactions.send({ ..., authProof: proof });
21
+ *
22
+ * Requires the Google Sign-In script to be reachable from the page —
23
+ * we load it dynamically on first use, no <script> tag needed.
24
+ *
25
+ * Apple support: SAME shape, different IdP. Add `OidcHelper.signWithApple`
26
+ * later — the spec is identical, only the script URL + payload differ.
27
+ */
28
+ Object.defineProperty(exports, "__esModule", { value: true });
29
+ exports.OidcHelper = void 0;
30
+ const GIS_SRC = "https://accounts.google.com/gsi/client";
31
+ function assertBrowser() {
32
+ if (typeof window === "undefined" || typeof document === "undefined") {
33
+ throw new Error("OidcHelper can only be used in a browser — it depends on Google Identity Services. On the server, call your backend's OAuth-handling endpoint instead.");
34
+ }
35
+ }
36
+ async function loadGis() {
37
+ assertBrowser();
38
+ if (window.google?.accounts?.id)
39
+ return window.google.accounts.id;
40
+ await new Promise((resolve, reject) => {
41
+ const existing = document.querySelector(`script[src="${GIS_SRC}"]`);
42
+ if (existing) {
43
+ // Wait for it to load.
44
+ existing.addEventListener("load", () => resolve(), { once: true });
45
+ existing.addEventListener("error", () => reject(new Error("GIS script failed")), { once: true });
46
+ // If it's already loaded, the event has fired and we'll hang.
47
+ // Resolve immediately if google.accounts.id already exists.
48
+ if (window.google?.accounts?.id)
49
+ resolve();
50
+ return;
51
+ }
52
+ const s = document.createElement("script");
53
+ s.src = GIS_SRC;
54
+ s.async = true;
55
+ s.defer = true;
56
+ s.onload = () => resolve();
57
+ s.onerror = () => reject(new Error("failed to load Google Identity Services script"));
58
+ document.head.appendChild(s);
59
+ });
60
+ if (!window.google?.accounts?.id) {
61
+ throw new Error("Google Identity Services loaded but accounts.id is not available");
62
+ }
63
+ return window.google.accounts.id;
64
+ }
65
+ /**
66
+ * Decoded subset of the id_token claims we need to construct an
67
+ * `EnrolledMethod`. Decoded client-side; the enclave does the real
68
+ * verification — this is just to populate (iss, sub) for the user.
69
+ */
70
+ function decodeJwtUnverified(jwt) {
71
+ const parts = jwt.split(".");
72
+ if (parts.length !== 3)
73
+ throw new Error("not a JWT");
74
+ // base64url-decode the payload
75
+ const payloadB64 = parts[1].replace(/-/g, "+").replace(/_/g, "/");
76
+ const padded = payloadB64 + "===".slice(0, (4 - (payloadB64.length % 4)) % 4);
77
+ const json = atob(padded);
78
+ const obj = JSON.parse(json);
79
+ if (!obj.iss || !obj.sub) {
80
+ throw new Error("id_token missing iss or sub");
81
+ }
82
+ return { iss: obj.iss, sub: obj.sub };
83
+ }
84
+ class OidcHelper {
85
+ /**
86
+ * Fetch a Google id_token for enrolment. The user picks a Google
87
+ * account in the consent flow. The returned `method` is what you
88
+ * pass to `auth.migrateToV3()` or as `enrolledMethods` at signup.
89
+ *
90
+ * The `nonce` here is anti-replay for enrolment only — you can use
91
+ * any opaque value (a random UUID is fine). For per-transaction
92
+ * signing, use `sign()` instead, which binds nonce=user_op_hash.
93
+ */
94
+ static async fetchEnrolment(opts) {
95
+ const idToken = await OidcHelper.requestIdToken({
96
+ clientId: opts.clientId,
97
+ nonce: opts.nonce ?? crypto.randomUUID(),
98
+ buttonContainer: opts.buttonContainer,
99
+ buttonOptions: opts.buttonOptions,
100
+ });
101
+ const { iss, sub } = decodeJwtUnverified(idToken);
102
+ return {
103
+ method: { kind: "oidc", iss, sub },
104
+ idToken,
105
+ };
106
+ }
107
+ /**
108
+ * Sign a specific user-op hash via Google. The id_token's `nonce`
109
+ * claim will equal `userOpHashHex` (no 0x prefix), which the enclave
110
+ * uses to bind this proof to this specific transaction.
111
+ *
112
+ * `clientId` MUST be the same one you used at enrolment (it ends up
113
+ * in the JWT's `aud` claim, which the enclave checks against its
114
+ * pinned accept list).
115
+ */
116
+ static async sign(opts) {
117
+ const nonce = opts.userOpHashHex.replace(/^0x/i, "").toLowerCase();
118
+ if (!/^[0-9a-f]{64}$/.test(nonce)) {
119
+ throw new Error("userOpHashHex must be 32 bytes hex");
120
+ }
121
+ const idToken = await OidcHelper.requestIdToken({
122
+ clientId: opts.clientId,
123
+ nonce,
124
+ buttonContainer: opts.buttonContainer,
125
+ buttonOptions: opts.buttonOptions,
126
+ });
127
+ return { kind: "oidc", id_token: idToken };
128
+ }
129
+ /**
130
+ * Lower-level: render a Google Sign-In button and wait for the user
131
+ * to click it. Returns the raw id_token. Used internally by both
132
+ * fetchEnrolment and sign.
133
+ */
134
+ static async requestIdToken(opts) {
135
+ const gis = await loadGis();
136
+ return new Promise((resolve, reject) => {
137
+ let resolved = false;
138
+ try {
139
+ gis.initialize({
140
+ client_id: opts.clientId,
141
+ nonce: opts.nonce,
142
+ callback: (resp) => {
143
+ if (resolved)
144
+ return;
145
+ resolved = true;
146
+ if (!resp.credential) {
147
+ reject(new Error("Google returned no credential"));
148
+ return;
149
+ }
150
+ resolve(resp.credential);
151
+ },
152
+ auto_select: false,
153
+ cancel_on_tap_outside: false,
154
+ });
155
+ // Clear and render fresh button so the latest nonce sticks.
156
+ opts.buttonContainer.innerHTML = "";
157
+ gis.renderButton(opts.buttonContainer, {
158
+ theme: "outline",
159
+ size: "large",
160
+ text: "signin_with",
161
+ ...opts.buttonOptions,
162
+ });
163
+ }
164
+ catch (e) {
165
+ reject(e);
166
+ }
167
+ });
168
+ }
169
+ }
170
+ exports.OidcHelper = OidcHelper;
171
+ //# sourceMappingURL=oidc-helper.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oidc-helper.js","sourceRoot":"","sources":["../../src/services/oidc-helper.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;;;AAIH,MAAM,OAAO,GAAG,wCAAwC,CAAC;AAyBzD,SAAS,aAAa;IACpB,IAAI,OAAO,MAAM,KAAK,WAAW,IAAI,OAAO,QAAQ,KAAK,WAAW,EAAE,CAAC;QACrE,MAAM,IAAI,KAAK,CACb,wJAAwJ,CACzJ,CAAC;IACJ,CAAC;AACH,CAAC;AAED,KAAK,UAAU,OAAO;IACpB,aAAa,EAAE,CAAC;IAChB,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;QAAE,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;IAElE,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1C,MAAM,QAAQ,GAAG,QAAQ,CAAC,aAAa,CACrC,eAAe,OAAO,IAAI,CAC3B,CAAC;QACF,IAAI,QAAQ,EAAE,CAAC;YACb,uBAAuB;YACvB,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACnE,QAAQ,CAAC,gBAAgB,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACjG,8DAA8D;YAC9D,4DAA4D;YAC5D,IAAI,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE;gBAAE,OAAO,EAAE,CAAC;YAC3C,OAAO;QACT,CAAC;QACD,MAAM,CAAC,GAAG,QAAQ,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC,CAAC,GAAG,GAAG,OAAO,CAAC;QAChB,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC;QACf,CAAC,CAAC,KAAK,GAAG,IAAI,CAAC;QACf,CAAC,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC,CAAC,OAAO,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC,CAAC;QACtF,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;IACtF,CAAC;IACD,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;AACnC,CAAC;AAED;;;;GAIG;AACH,SAAS,mBAAmB,CAAC,GAAW;IACtC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,WAAW,CAAC,CAAC;IACrD,+BAA+B;IAC/B,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAClE,MAAM,MAAM,GAAG,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC;IAC1B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmC,CAAC;IAC/D,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;AACxC,CAAC;AASD,MAAa,UAAU;IACrB;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,IAQ3B;QACC,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;YAC9C,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,MAAM,CAAC,UAAU,EAAE;YACxC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;QACH,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;QAClD,OAAO;YACL,MAAM,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE;YAClC,OAAO;SACR,CAAC;IACJ,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAMjB;QACC,MAAM,KAAK,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;QACnE,IAAI,CAAC,gBAAgB,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,UAAU,CAAC,cAAc,CAAC;YAC9C,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,KAAK;YACL,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,aAAa,EAAE,IAAI,CAAC,aAAa;SAClC,CAAC,CAAC;QACH,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC;IAC7C,CAAC;IAED;;;;OAIG;IACK,MAAM,CAAC,KAAK,CAAC,cAAc,CAAC,IAKnC;QACC,MAAM,GAAG,GAAG,MAAM,OAAO,EAAE,CAAC;QAE5B,OAAO,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC7C,IAAI,QAAQ,GAAG,KAAK,CAAC;YACrB,IAAI,CAAC;gBACH,GAAG,CAAC,UAAU,CAAC;oBACb,SAAS,EAAE,IAAI,CAAC,QAAQ;oBACxB,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,QAAQ,EAAE,CAAC,IAAI,EAAE,EAAE;wBACjB,IAAI,QAAQ;4BAAE,OAAO;wBACrB,QAAQ,GAAG,IAAI,CAAC;wBAChB,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;4BACrB,MAAM,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;4BACnD,OAAO;wBACT,CAAC;wBACD,OAAO,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;oBAC3B,CAAC;oBACD,WAAW,EAAE,KAAK;oBAClB,qBAAqB,EAAE,KAAK;iBAC7B,CAAC,CAAC;gBACH,4DAA4D;gBAC5D,IAAI,CAAC,eAAe,CAAC,SAAS,GAAG,EAAE,CAAC;gBACpC,GAAG,CAAC,YAAY,CAAC,IAAI,CAAC,eAAe,EAAE;oBACrC,KAAK,EAAE,SAAS;oBAChB,IAAI,EAAE,OAAO;oBACb,IAAI,EAAE,aAAa;oBACnB,GAAG,IAAI,CAAC,aAAa;iBACtB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,MAAM,CAAC,CAAC,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAzGD,gCAyGC"}
@@ -9,14 +9,14 @@ class OnrampServiceV2 extends base_service_1.BaseService {
9
9
  async buy(request) {
10
10
  return this.authenticatedRequest({
11
11
  method: "POST",
12
- url: "/offramp/onramp",
12
+ url: "/v1/onramps",
13
13
  data: request,
14
14
  });
15
15
  }
16
16
  async getOnrampStatus(transactionCode) {
17
17
  return this.authenticatedRequest({
18
18
  method: "POST",
19
- url: `/offramp/onramp/status`,
19
+ url: `/v1/onramps/by-code`,
20
20
  data: {
21
21
  transaction_code: transactionCode,
22
22
  },
@@ -25,7 +25,7 @@ class OnrampServiceV2 extends base_service_1.BaseService {
25
25
  async getOnrampOrders(userId) {
26
26
  return this.authenticatedRequest({
27
27
  method: "GET",
28
- url: `/offramp/onramp/orders`,
28
+ url: `/v1/onramps`,
29
29
  params: {
30
30
  userId,
31
31
  },
@@ -1 +1 @@
1
- {"version":3,"file":"onramp_v2.js","sourceRoot":"","sources":["../../src/services/onramp_v2.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAU9C,MAAa,eAAgB,SAAQ,0BAAW;IAC9C,YAAY,UAA0B;QACpC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAmB;QAC3B,OAAO,IAAI,CAAC,oBAAoB,CAAc;YAC5C,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,iBAAiB;YACtB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,eAAuB;QAC3C,OAAO,IAAI,CAAC,oBAAoB,CAAuB;YACrD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,wBAAwB;YAC7B,IAAI,EAAE;gBACJ,gBAAgB,EAAE,eAAe;aAClC;SACF,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,OAAO,IAAI,CAAC,oBAAoB,CAAyB;YACvD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,wBAAwB;YAC7B,MAAM,EAAE;gBACN,MAAM;aACP;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAlCD,0CAkCC"}
1
+ {"version":3,"file":"onramp_v2.js","sourceRoot":"","sources":["../../src/services/onramp_v2.ts"],"names":[],"mappings":";;;AAAA,kDAA8C;AAU9C,MAAa,eAAgB,SAAQ,0BAAW;IAC9C,YAAY,UAA0B;QACpC,KAAK,CAAC,UAAU,CAAC,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,GAAG,CAAC,OAAmB;QAC3B,OAAO,IAAI,CAAC,oBAAoB,CAAc;YAC5C,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,aAAa;YAClB,IAAI,EAAE,OAAO;SACd,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,eAAuB;QAC3C,OAAO,IAAI,CAAC,oBAAoB,CAAuB;YACrD,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,qBAAqB;YAC1B,IAAI,EAAE;gBACJ,gBAAgB,EAAE,eAAe;aAClC;SACF,CAAC,CAAC;IACL,CAAC;IAGD,KAAK,CAAC,eAAe,CAAC,MAAc;QAClC,OAAO,IAAI,CAAC,oBAAoB,CAAyB;YACvD,MAAM,EAAE,KAAK;YACb,GAAG,EAAE,aAAa;YAClB,MAAM,EAAE;gBACN,MAAM;aACP;SACF,CAAC,CAAC;IACL,CAAC;CACF;AAlCD,0CAkCC"}
@@ -0,0 +1,82 @@
1
+ /**
2
+ * Passkey helper — browser-only.
3
+ *
4
+ * Wraps `navigator.credentials.create()` and `navigator.credentials.get()`
5
+ * with all the small encoding ceremonies the enclave expects:
6
+ *
7
+ * - Extracts X / Y coordinates from the SPKI-encoded public key the
8
+ * browser hands us and re-packs them as a COSE_Key CBOR blob (which
9
+ * is what the enclave's `webauthn_verification` module parses).
10
+ * - Binds the assertion's challenge to a specific user-op hash so the
11
+ * proof is non-replayable across transactions.
12
+ * - Returns ready-to-send `EnrolledMethod` / `AuthProof` objects.
13
+ *
14
+ * Algorithm: ES256 / P-256 (COSE alg -7). Covers virtually all modern
15
+ * platform authenticators (iOS Secure Enclave, Android Keystore, Windows
16
+ * Hello on TPM, most YubiKey models).
17
+ *
18
+ * Note about RP-ID: the enclave's pinned policy accepts a list of RP-IDs
19
+ * (typically your top-level domain + "localhost" for dev). You must pass
20
+ * the SAME `rpId` to enrol() and sign() — passkeys are bound to one RP.
21
+ */
22
+ import type { AuthProof, EnrolledMethod } from "../types";
23
+ /** Quick capability check for "should I offer a passkey UI?". */
24
+ export declare function isPasskeySupported(): boolean;
25
+ /**
26
+ * Async capability check that also asks "does this device have a built-in
27
+ * authenticator (Touch ID, Face ID, Windows Hello)?". Returns false on
28
+ * desktops without biometric hardware unless a roaming key is connected.
29
+ */
30
+ export declare function isPlatformPasskeySupported(): Promise<boolean>;
31
+ export interface PasskeyEnrolmentResult {
32
+ /** Pass to signup / login / migrateToV3 as enrolledMethods[i]. */
33
+ method: EnrolledMethod;
34
+ /** Raw credential ID (base64-padded). Same value as method.cred_id_b64. */
35
+ credentialIdB64: string;
36
+ /** Raw COSE_Key bytes (base64-padded). Same as method.cose_pubkey_b64. */
37
+ cosePublicKeyB64: string;
38
+ }
39
+ export declare class PasskeyHelper {
40
+ /**
41
+ * Run a WebAuthn enrolment ceremony. Prompts the user for biometric /
42
+ * device PIN. Returns an `EnrolledMethod` ready to pass to the SDK.
43
+ *
44
+ * `rpId` should be your eTLD+1 (e.g. "riftfi.xyz") or "localhost" for
45
+ * dev. The SAME rpId must appear in the enclave's pinned policy
46
+ * (see WebAuthnPolicy.accepted_rp_ids).
47
+ */
48
+ static enrol(opts: {
49
+ rpId: string;
50
+ rpName: string;
51
+ /** User identifier — any opaque 16-32 byte value. Defaults to randomUUID bytes. */
52
+ userId?: Uint8Array;
53
+ /** Display string for the user — usually email or username. */
54
+ userName: string;
55
+ userDisplayName?: string;
56
+ /**
57
+ * If true (default), requires biometric / PIN verification at enrolment.
58
+ * Set to false for "device PIN only" or roaming-key-only flows.
59
+ */
60
+ requireUserVerification?: boolean;
61
+ }): Promise<PasskeyEnrolmentResult>;
62
+ /**
63
+ * Produce an `AuthProof` for a specific user-op hash. Prompts the
64
+ * user for biometric / PIN. The assertion's challenge is the raw
65
+ * 32-byte hash, so the resulting proof is bound to this exact
66
+ * transaction.
67
+ *
68
+ * Pass the SAME `rpId` you used at enrolment.
69
+ *
70
+ * `allowedCredentialIdB64` — restrict to a specific credential. Pass
71
+ * the one you stored at enrolment. If omitted, the browser picks
72
+ * among all credentials for this RP (discoverable credentials).
73
+ */
74
+ static sign(opts: {
75
+ rpId: string;
76
+ /** 32-byte hash, hex, with or without 0x prefix. */
77
+ userOpHashHex: string;
78
+ allowedCredentialIdB64?: string;
79
+ requireUserVerification?: boolean;
80
+ }): Promise<AuthProof>;
81
+ }
82
+ //# sourceMappingURL=passkey-helper.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"passkey-helper.d.ts","sourceRoot":"","sources":["../../src/services/passkey-helper.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;GAoBG;AAEH,OAAO,KAAK,EAAE,SAAS,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAc1D,iEAAiE;AACjE,wBAAgB,kBAAkB,IAAI,OAAO,CAO5C;AAED;;;;GAIG;AACH,wBAAsB,0BAA0B,IAAI,OAAO,CAAC,OAAO,CAAC,CAOnE;AAuED,MAAM,WAAW,sBAAsB;IACrC,kEAAkE;IAClE,MAAM,EAAE,cAAc,CAAC;IACvB,2EAA2E;IAC3E,eAAe,EAAE,MAAM,CAAC;IACxB,0EAA0E;IAC1E,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AAED,qBAAa,aAAa;IACxB;;;;;;;OAOG;WACU,KAAK,CAAC,IAAI,EAAE;QACvB,IAAI,EAAE,MAAM,CAAC;QACb,MAAM,EAAE,MAAM,CAAC;QACf,mFAAmF;QACnF,MAAM,CAAC,EAAE,UAAU,CAAC;QACpB,+DAA+D;QAC/D,QAAQ,EAAE,MAAM,CAAC;QACjB,eAAe,CAAC,EAAE,MAAM,CAAC;QACzB;;;WAGG;QACH,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,GAAG,OAAO,CAAC,sBAAsB,CAAC;IA8CnC;;;;;;;;;;;OAWG;WACU,IAAI,CAAC,IAAI,EAAE;QACtB,IAAI,EAAE,MAAM,CAAC;QACb,oDAAoD;QACpD,aAAa,EAAE,MAAM,CAAC;QACtB,sBAAsB,CAAC,EAAE,MAAM,CAAC;QAChC,uBAAuB,CAAC,EAAE,OAAO,CAAC;KACnC,GAAG,OAAO,CAAC,SAAS,CAAC;CAmCvB"}