npm - @stellar/typescript-wallet-sdk - Versions diffs - 3.0.0-beta.1776280959813 → 3.0.0-beta.1779920488639 - Mend

@stellar/typescript-wallet-sdk 3.0.0-beta.1776280959813 → 3.0.0-beta.1779920488639

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.MD +1 -1
package/lib/bundle.js +68 -34
package/lib/bundle.js.map +1 -1
package/lib/bundle_browser.js +68 -34
package/lib/bundle_browser.js.map +1 -1
package/lib/walletSdk/Exceptions/index.d.ts +3 -0
package/package.json +1 -1
package/src/walletSdk/Auth/index.ts +21 -8
package/src/walletSdk/Exceptions/index.ts +9 -0
package/src/walletSdk/Horizon/Stellar.ts +32 -12
package/test/auth.test.ts +104 -1
package/test/stellar.test.ts +121 -1

package/CHANGELOG.MD CHANGED Viewed

@@ -2,8 +2,8 @@
 ### BREAKING CHANGES
 * Upgraded `@stellar/stellar-sdk` from `14.5.0` to `15.0.1` — Protocol 26 support
-* XDR integer construction now throws on overflow/underflow (upstream change)
 * `TransactionBase.networkPassphrase` setter now throws to enforce immutability (upstream change)
+* XDR integer strict validation: i64/u64 `fromString()` throws on overflow/underflow, i32/u32 throws at XDR serialization (upstream change)
 # Release notes - Typescript Wallet SDK - 2.0.0

package/lib/bundle.js CHANGED Viewed

@@ -1857,9 +1857,9 @@ var Sep10 = /** @class */ (function () {
     Sep10.prototype.sign = function (_a) {
         var accountKp = _a.accountKp, challengeResponse = _a.challengeResponse, walletSigner = _a.walletSigner;
         return __awaiter(this, void 0, void 0, function () {
-            var networkPassphrase, webAuthDomain, transaction, _i, _b, op;
-            return __generator(this, function (_c) {
-                switch (_c.label) {
+            var networkPassphrase, webAuthDomain, transaction, hasClientDomain, originalHash, returned;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0:
                         networkPassphrase = this.cfg.stellar.network;
                         if (challengeResponse.network_passphrase &&
@@ -1874,24 +1874,26 @@ var Sep10 = /** @class */ (function () {
                             throw new Exceptions_1.ChallengeValidationFailedError(e instanceof Error ? e : new Error(String(e)));
                         }
                         transaction = stellar_sdk_1.TransactionBuilder.fromXDR(challengeResponse.transaction, networkPassphrase);
-                        _i = 0, _b = transaction.operations;
-                        _c.label = 1;
-                    case 1:
-                        if (!(_i < _b.length)) return [3 /*break*/, 4];
-                        op = _b[_i];
-                        if (!(op.type === "manageData" && op.name === "client_domain")) return [3 /*break*/, 3];
+                        hasClientDomain = transaction.operations.some(function (op) { return op.type === "manageData" && op.name === "client_domain"; });
+                        if (!hasClientDomain) return [3 /*break*/, 2];
+                        originalHash = transaction.hash();
                         return [4 /*yield*/, walletSigner.signWithDomainAccount({
                                 transactionXDR: challengeResponse.transaction,
                                 networkPassphrase: networkPassphrase,
                                 accountKp: accountKp,
                             })];
+                    case 1:
+                        returned = _b.sent();
+                        // Transaction.hash() covers the envelope body but excludes signatures, so
+                        // a domain signer that only appends its signature preserves the hash. Any
+                        // change to the operations, source account, memo, or other body fields
+                        // changes the hash and is rejected here.
+                        if (!returned.hash().equals(originalHash)) {
+                            throw new Exceptions_1.DomainSigningModifiedError();
+                        }
+                        transaction = returned;
+                        _b.label = 2;
                     case 2:
-                        transaction = _c.sent();
-                        _c.label = 3;
-                    case 3:
-                        _i++;
-                        return [3 /*break*/, 1];
-                    case 4:
                         walletSigner.signWithClientAccount({ transaction: transaction, accountKp: accountKp });
                         return [2 /*return*/, transaction];
                 }
@@ -2232,7 +2234,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.Sep7UriTypeNotSupportedError = exports.Sep7LongMsgError = exports.Sep7InvalidUriError = exports.AuthHeaderClientDomainRequiredError = exports.AuthHeaderSigningKeypairRequiredError = exports.DefaultSignerDomainAccountError = exports.SigningKeypairMissingSecretError = exports.InvalidJsonError = exports.UnknownAnchorTransactionError = exports.AllowHttpOnNonTestnetError = exports.ChallengeTxnInvalidSignatureError = exports.ChallengeTxnIncorrectSequenceError = exports.NetworkPassphraseMismatchError = exports.ChallengeValidationFailedError = exports.MissingSigningKeyError = exports.Sep38PriceOnlyOneAmountError = exports.NoAccountAndNoSponsorError = exports.DeviceKeyEqualsMasterKeyError = exports.NoAccountSignersError = exports.UnableToDeduceKeyError = exports.NoDeviceKeyForAccountError = exports.LostSignerKeyNotFound = exports.NotAllSignaturesFetchedError = exports.RecoveryIdentityNotFoundError = exports.RecoveryServerNotFoundError = exports.KYCServerNotFoundError = exports.CustomerNotFoundError = exports.Sep9InfoRequiredError = exports.WithdrawalTxMemoError = exports.PathPayOnlyOneAmountError = exports.WithdrawalTxMissingMemoError = exports.WithdrawalTxMissingDestinationError = exports.WithdrawalTxNotPendingUserTransferStartError = exports.OperationsLimitExceededError = exports.SignerRequiredError = exports.TransactionSubmitWithFeeIncreaseFailedError = exports.ExpiredTokenError = exports.InvalidTokenError = exports.MissingTokenError = exports.InsufficientStartingBalanceError = exports.TransactionSubmitFailedError = exports.AccountDoesNotExistError = exports.InvalidTransactionsResponseError = exports.InvalidTransactionResponseError = exports.MissingTransactionIdError = exports.ClientDomainWithMemoError = exports.InvalidMemoError = exports.AssetNotSupportedError = exports.ServerRequestFailedError = void 0;
+exports.Sep7UriTypeNotSupportedError = exports.Sep7LongMsgError = exports.Sep7InvalidUriError = exports.AuthHeaderClientDomainRequiredError = exports.AuthHeaderSigningKeypairRequiredError = exports.DomainSigningModifiedError = exports.DefaultSignerDomainAccountError = exports.SigningKeypairMissingSecretError = exports.InvalidJsonError = exports.UnknownAnchorTransactionError = exports.AllowHttpOnNonTestnetError = exports.ChallengeTxnInvalidSignatureError = exports.ChallengeTxnIncorrectSequenceError = exports.NetworkPassphraseMismatchError = exports.ChallengeValidationFailedError = exports.MissingSigningKeyError = exports.Sep38PriceOnlyOneAmountError = exports.NoAccountAndNoSponsorError = exports.DeviceKeyEqualsMasterKeyError = exports.NoAccountSignersError = exports.UnableToDeduceKeyError = exports.NoDeviceKeyForAccountError = exports.LostSignerKeyNotFound = exports.NotAllSignaturesFetchedError = exports.RecoveryIdentityNotFoundError = exports.RecoveryServerNotFoundError = exports.KYCServerNotFoundError = exports.CustomerNotFoundError = exports.Sep9InfoRequiredError = exports.WithdrawalTxMemoError = exports.PathPayOnlyOneAmountError = exports.WithdrawalTxMissingMemoError = exports.WithdrawalTxMissingDestinationError = exports.WithdrawalTxNotPendingUserTransferStartError = exports.OperationsLimitExceededError = exports.SignerRequiredError = exports.TransactionSubmitWithFeeIncreaseFailedError = exports.ExpiredTokenError = exports.InvalidTokenError = exports.MissingTokenError = exports.InsufficientStartingBalanceError = exports.TransactionSubmitFailedError = exports.AccountDoesNotExistError = exports.InvalidTransactionsResponseError = exports.InvalidTransactionResponseError = exports.MissingTransactionIdError = exports.ClientDomainWithMemoError = exports.InvalidMemoError = exports.AssetNotSupportedError = exports.ServerRequestFailedError = void 0;
 var axios_1 = __importDefault(__webpack_require__(/*! axios */ "../../node_modules/axios/dist/node/axios.cjs"));
 var Utils_1 = __webpack_require__(/*! ../Utils */ "./src/walletSdk/Utils/index.ts");
 var ServerRequestFailedError = /** @class */ (function (_super) {
@@ -2686,6 +2688,16 @@ var DefaultSignerDomainAccountError = /** @class */ (function (_super) {
     return DefaultSignerDomainAccountError;
 }(Error));
 exports.DefaultSignerDomainAccountError = DefaultSignerDomainAccountError;
+var DomainSigningModifiedError = /** @class */ (function (_super) {
+    __extends(DomainSigningModifiedError, _super);
+    function DomainSigningModifiedError() {
+        var _this = _super.call(this, "Domain signer returned a transaction whose body differs from the original challenge. Only the client_domain signature should be added.") || this;
+        Object.setPrototypeOf(_this, DomainSigningModifiedError.prototype);
+        return _this;
+    }
+    return DomainSigningModifiedError;
+}(Error));
+exports.DomainSigningModifiedError = DomainSigningModifiedError;
 var AuthHeaderSigningKeypairRequiredError = /** @class */ (function (_super) {
     __extends(AuthHeaderSigningKeypairRequiredError, _super);
     function AuthHeaderSigningKeypairRequiredError() {
@@ -3013,6 +3025,12 @@ var TransactionBuilder_1 = __webpack_require__(/*! ./Transaction/TransactionBuil
 var Exceptions_1 = __webpack_require__(/*! ../Exceptions */ "./src/walletSdk/Exceptions/index.ts");
 var getResultCode_1 = __webpack_require__(/*! ../Utils/getResultCode */ "./src/walletSdk/Utils/getResultCode.ts");
 var Account_1 = __webpack_require__(/*! ./Account */ "./src/walletSdk/Horizon/Account.ts");
+var SUBMIT_504_MAX_RETRIES = 5;
+var SUBMIT_504_BASE_DELAY_MS = 1000;
+var SUBMIT_504_MAX_DELAY_MS = 30000;
+var sleep = function (ms) {
+    return new Promise(function (resolve) { return setTimeout(resolve, ms); });
+};
 /**
  * Interaction with the Stellar Network.
  * Do not create this object directly, use the Wallet class.
@@ -3096,30 +3114,45 @@ var Stellar = /** @class */ (function () {
      * @throws {TransactionSubmitFailedError} If the transaction submission fails.
      */
     Stellar.prototype.submitTransaction = function (signedTransaction) {
+        var _a;
         return __awaiter(this, void 0, void 0, function () {
-            var response, e_2;
-            return __generator(this, function (_a) {
-                switch (_a.label) {
+            var lastError, attempt, response, e_2, cappedDelay, jitter;
+            return __generator(this, function (_b) {
+                switch (_b.label) {
                     case 0:
-                        _a.trys.push([0, 2, , 5]);
-                        return [4 /*yield*/, this.server.submitTransaction(signedTransaction)];
+                        attempt = 0;
+                        _b.label = 1;
                     case 1:
-                        response = _a.sent();
+                        if (!(attempt <= SUBMIT_504_MAX_RETRIES)) return [3 /*break*/, 7];
+                        _b.label = 2;
+                    case 2:
+                        _b.trys.push([2, 4, , 6]);
+                        return [4 /*yield*/, this.server.submitTransaction(signedTransaction)];
+                    case 3:
+                        response = _b.sent();
                         if (!response.successful) {
                             throw new Exceptions_1.TransactionSubmitFailedError(response);
                         }
                         return [2 /*return*/, true];
-                    case 2:
-                        e_2 = _a.sent();
-                        if (!(e_2.response.status === 504)) return [3 /*break*/, 4];
-                        return [4 /*yield*/, this.submitTransaction(signedTransaction)];
-                    case 3:
-                    // in case of 504, keep retrying this tx until submission succeeds or we get a different error
-                    // https://developers.stellar.org/api/errors/http-status-codes/horizon-specific/timeout
-                    // https://developers.stellar.org/docs/encyclopedia/error-handling#timeouts
-                    return [2 /*return*/, _a.sent()];
-                    case 4: throw e_2;
-                    case 5: return [2 /*return*/];
+                    case 4:
+                        e_2 = _b.sent();
+                        if (((_a = e_2 === null || e_2 === void 0 ? void 0 : e_2.response) === null || _a === void 0 ? void 0 : _a.status) !== 504) {
+                            throw e_2;
+                        }
+                        lastError = e_2;
+                        if (attempt === SUBMIT_504_MAX_RETRIES) {
+                            return [3 /*break*/, 7];
+                        }
+                        cappedDelay = Math.min(SUBMIT_504_BASE_DELAY_MS * Math.pow(2, attempt), SUBMIT_504_MAX_DELAY_MS);
+                        jitter = Math.random() * (cappedDelay / 2);
+                        return [4 /*yield*/, sleep(cappedDelay + jitter)];
+                    case 5:
+                        _b.sent();
+                        return [3 /*break*/, 6];
+                    case 6:
+                        attempt++;
+                        return [3 /*break*/, 1];
+                    case 7: throw lastError;
                 }
             });
         });
@@ -3180,7 +3213,7 @@ var Stellar = /** @class */ (function () {
                         resultCode = (0, getResultCode_1.getResultCode)(e_3);
                         if (resultCode === "tx_too_late") {
                             newFee = parseInt(transaction.fee) + baseFeeIncrease;
-                            if (maxFee && newFee > maxFee) {
+                            if (maxFee !== undefined && newFee > maxFee) {
                                 throw new Exceptions_1.TransactionSubmitWithFeeIncreaseFailedError(maxFee, e_3);
                             }
                             return [2 /*return*/, this.submitWithFeeIncrease({
@@ -3191,6 +3224,7 @@ var Stellar = /** @class */ (function () {
                                     signerFunction: signerFunction,
                                     baseFee: newFee,
                                     memo: memo,
+                                    maxFee: maxFee,
                                 })];
                         }
                         throw e_3;