@tatchi-xyz/sdk 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
- package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/cjs/core/EmailRecovery/index.js +32 -13
- package/dist/cjs/core/EmailRecovery/index.js.map +1 -1
- package/dist/cjs/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/cjs/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/cjs/core/NearClient.js +2 -1
- package/dist/cjs/core/NearClient.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/cjs/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/faucets/createAccountRelayServer.js +1 -0
- package/dist/cjs/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/index.js +26 -0
- package/dist/cjs/core/TatchiPasskey/index.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/linkDevice.js +2 -0
- package/dist/cjs/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/login.js +15 -4
- package/dist/cjs/core/TatchiPasskey/login.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/recoverAccount.js +1 -0
- package/dist/cjs/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/relay.js +23 -1
- package/dist/cjs/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/scanDevice.js +1 -0
- package/dist/cjs/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/cjs/core/WalletIframe/client/IframeTransport.js +3 -0
- package/dist/cjs/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/cjs/core/WalletIframe/client/router.js +15 -2
- package/dist/cjs/core/WalletIframe/client/router.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +10 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +2 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +6 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +4 -15
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/index.js +17 -0
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +64 -54
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/credentialsHelpers.js +12 -2
- package/dist/cjs/core/WebAuthnManager/credentialsHelpers.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/index.js +6 -1
- package/dist/cjs/core/WebAuthnManager/index.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/touchIdPrompt.js +209 -201
- package/dist/cjs/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/cjs/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/cjs/core/defaultConfigs.js +1 -1
- package/dist/cjs/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/core/rpcCalls.js +8 -0
- package/dist/cjs/core/rpcCalls.js.map +1 -1
- package/dist/cjs/core/types/vrf-worker.js +10 -1
- package/dist/cjs/core/types/vrf-worker.js.map +1 -1
- package/dist/cjs/index.js +6 -2
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{LinkedDevicesModal-STvIsylA.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
- package/dist/{esm/react/components/AccountMenuButton/LinkedDevicesModal-STvIsylA.css.map → cjs/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{ProfileDropdown-iARgUwK1.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
- package/dist/{esm/react/components/AccountMenuButton/ProfileDropdown-iARgUwK1.css.map → cjs/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css → TouchIcon-BQWentvJ.css} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css → PasskeyAuthMenu-DwrzWMYx.css} +14 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js +122 -53
- package/dist/cjs/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js.map +1 -1
- package/dist/cjs/react/components/{ShowQRCode-DCnR__fx.css → ShowQRCode-CCN4h6Uv.css} +1 -1
- package/dist/cjs/react/components/{ShowQRCode-DCnR__fx.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
- package/dist/cjs/react/deviceDetection.js +75 -92
- package/dist/cjs/react/deviceDetection.js.map +1 -1
- package/dist/cjs/react/hooks/useQRCamera.js +1 -0
- package/dist/cjs/react/hooks/useQRCamera.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
- package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js +32 -13
- package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/cjs/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/NearClient.js +2 -1
- package/dist/cjs/react/sdk/src/core/NearClient.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js +26 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/linkDevice.js +2 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/login.js +15 -4
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/login.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/recoverAccount.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/scanDevice.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js +3 -0
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js +15 -2
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +10 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +2 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +6 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +4 -15
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js +17 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +64 -54
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js +12 -2
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/index.js +6 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js +209 -201
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/cjs/react/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/rpcCalls.js +8 -0
- package/dist/cjs/react/sdk/src/core/rpcCalls.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/types/vrf-worker.js +10 -1
- package/dist/cjs/react/sdk/src/core/types/vrf-worker.js.map +1 -1
- package/dist/cjs/react/sdk/src/utils/index.js +13 -3
- package/dist/cjs/server/email-recovery/emailEncryptor.js +11 -0
- package/dist/cjs/server/email-recovery/emailEncryptor.js.map +1 -1
- package/dist/cjs/server/email-recovery/emailParsers.js +57 -0
- package/dist/cjs/server/email-recovery/emailParsers.js.map +1 -1
- package/dist/cjs/server/email-recovery/index.js +1 -1
- package/dist/cjs/server/email-recovery/index.js.map +1 -1
- package/dist/cjs/server/email-recovery/rpcCalls.js +14 -1
- package/dist/cjs/server/email-recovery/rpcCalls.js.map +1 -1
- package/dist/cjs/server/index.js +1 -0
- package/dist/cjs/server/router/cloudflare.js.map +1 -1
- package/dist/cjs/server/router/express.js.map +1 -1
- package/dist/cjs/server/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/cjs/server/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/utils/index.js +13 -3
- package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
- package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/esm/core/EmailRecovery/index.js +28 -14
- package/dist/esm/core/EmailRecovery/index.js.map +1 -1
- package/dist/esm/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/esm/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/esm/core/NearClient.js +2 -1
- package/dist/esm/core/NearClient.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/esm/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/faucets/createAccountRelayServer.js +2 -1
- package/dist/esm/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/index.js +28 -2
- package/dist/esm/core/TatchiPasskey/index.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/linkDevice.js +4 -2
- package/dist/esm/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/login.js +13 -7
- package/dist/esm/core/TatchiPasskey/login.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/recoverAccount.js +2 -1
- package/dist/esm/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/relay.js +23 -1
- package/dist/esm/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/scanDevice.js +2 -1
- package/dist/esm/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/esm/core/WalletIframe/client/IframeTransport.js +4 -1
- package/dist/esm/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/esm/core/WalletIframe/client/router.js +16 -3
- package/dist/esm/core/WalletIframe/client/router.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +6 -2
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +4 -2
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/index.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +8 -2
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +5 -16
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/index.js +12 -0
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +61 -55
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/credentialsHelpers.js +8 -3
- package/dist/esm/core/WebAuthnManager/index.js +8 -3
- package/dist/esm/core/WebAuthnManager/index.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/touchIdPrompt.js +207 -204
- package/dist/esm/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/esm/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/esm/core/defaultConfigs.js +1 -1
- package/dist/esm/core/defaultConfigs.js.map +1 -1
- package/dist/esm/core/rpcCalls.js +8 -1
- package/dist/esm/core/rpcCalls.js.map +1 -1
- package/dist/esm/core/types/vrf-worker.js +6 -2
- package/dist/esm/index.js +4 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/react/components/AccountMenuButton/{LinkedDevicesModal-STvIsylA.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
- package/dist/{cjs/react/components/AccountMenuButton/LinkedDevicesModal-STvIsylA.css.map → esm/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{ProfileDropdown-iARgUwK1.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
- package/dist/{cjs/react/components/AccountMenuButton/ProfileDropdown-iARgUwK1.css.map → esm/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css → TouchIcon-BQWentvJ.css} +1 -1
- package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
- package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css → PasskeyAuthMenu-DwrzWMYx.css} +14 -1
- package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
- package/dist/esm/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js +123 -54
- package/dist/esm/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js.map +1 -1
- package/dist/esm/react/components/{ShowQRCode-DCnR__fx.css → ShowQRCode-CCN4h6Uv.css} +1 -1
- package/dist/esm/react/components/{ShowQRCode-DCnR__fx.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
- package/dist/esm/react/deviceDetection.js +72 -93
- package/dist/esm/react/deviceDetection.js.map +1 -1
- package/dist/esm/react/hooks/useQRCamera.js +2 -1
- package/dist/esm/react/hooks/useQRCamera.js.map +1 -1
- package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
- package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/esm/react/sdk/src/core/EmailRecovery/index.js +28 -14
- package/dist/esm/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/esm/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/esm/react/sdk/src/core/NearClient.js +2 -1
- package/dist/esm/react/sdk/src/core/NearClient.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js +28 -2
- package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/linkDevice.js +4 -2
- package/dist/esm/react/sdk/src/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/login.js +13 -7
- package/dist/esm/react/sdk/src/core/TatchiPasskey/login.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/recoverAccount.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/scanDevice.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js +4 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js +16 -3
- package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +6 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +4 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +8 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +5 -16
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js +12 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +61 -55
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js +8 -3
- package/dist/esm/react/sdk/src/core/WebAuthnManager/index.js +8 -3
- package/dist/esm/react/sdk/src/core/WebAuthnManager/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js +207 -204
- package/dist/esm/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/esm/react/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/esm/react/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/esm/react/sdk/src/core/rpcCalls.js +8 -1
- package/dist/esm/react/sdk/src/core/rpcCalls.js.map +1 -1
- package/dist/esm/react/sdk/src/core/types/vrf-worker.js +6 -2
- package/dist/esm/react/sdk/src/utils/index.js +10 -4
- package/dist/esm/react/styles/styles.css +13 -0
- package/dist/esm/sdk/{safari-fallbacks-oQKu9xUs.js → WebAuthnFallbacks-Bl4BTsNt.js} +131 -135
- package/dist/esm/sdk/{createAdapters-pNiL2KNq.js → createAdapters-BumKM2ft.js} +59 -54
- package/dist/esm/sdk/createAdapters-BumKM2ft.js.map +1 -0
- package/dist/esm/sdk/{createAdapters-BWLe9Ddo.js → createAdapters-qVGD6i0g.js} +10 -3
- package/dist/esm/sdk/{defaultConfigs-VzvDejmy.js → defaultConfigs-DpslkAQd.js} +1 -1
- package/dist/esm/sdk/{getDeviceNumber-CkWRT17I.js → getDeviceNumber-fXizNGQl.js} +2 -2
- package/dist/esm/sdk/getDeviceNumber-fXizNGQl.js.map +1 -0
- package/dist/esm/sdk/{getDeviceNumber-CfmlgfMX.js → getDeviceNumber-zsOHT_Um.js} +6 -3
- package/dist/esm/sdk/{localOnly-DnpSyDaF.js → localOnly-Byi3AK7A.js} +2 -2
- package/dist/esm/sdk/{localOnly-DnpSyDaF.js.map → localOnly-Byi3AK7A.js.map} +1 -1
- package/dist/esm/sdk/{localOnly-BdumO2st.js → localOnly-pXMTqh1m.js} +5 -4
- package/dist/esm/sdk/offline-export-app.js +46 -44
- package/dist/esm/sdk/offline-export-app.js.map +1 -1
- package/dist/esm/sdk/{overlay-BTqPGG-o.js → overlay-ZGbucXIa.js} +2 -0
- package/dist/esm/sdk/{registration-C633u6x8.js → registration-CBiS4Ua_.js} +2 -2
- package/dist/esm/sdk/{registration-C633u6x8.js.map → registration-CBiS4Ua_.js.map} +1 -1
- package/dist/esm/sdk/{registration-xyYUFRqk.js → registration-DLPLsGCz.js} +5 -4
- package/dist/esm/sdk/{requestHelpers-DLBGBHMw.js → requestHelpers-Dh1hEYL9.js} +206 -204
- package/dist/esm/sdk/{router-BG6KC_p7.js → router-DuGYOd3G.js} +19 -4
- package/dist/esm/sdk/{rpcCalls-fLObBbbz.js → rpcCalls-BQrJMTdg.js} +3 -3
- package/dist/esm/sdk/{rpcCalls-CAU5XYEF.js → rpcCalls-YVeUVMk2.js} +9 -2
- package/dist/esm/sdk/{transactions-jH38BZ-Q.js → transactions-BIqKZeR0.js} +6 -18
- package/dist/esm/sdk/transactions-BIqKZeR0.js.map +1 -0
- package/dist/esm/sdk/{transactions-CzZAt1Yn.js → transactions-Bk-VavcV.js} +10 -21
- package/dist/esm/sdk/tx-confirm-ui.js +53 -53
- package/dist/esm/sdk/{tx-confirmer-wrapper-CqfVBUaA.js → tx-confirmer-wrapper-lHNgz9i4.js} +53 -53
- package/dist/esm/sdk/tx-confirmer.css +6 -4
- package/dist/esm/sdk/w3a-tx-confirmer.js +1 -1
- package/dist/esm/sdk/wallet-iframe-host.js +782 -447
- package/dist/esm/server/email-recovery/emailEncryptor.js +11 -1
- package/dist/esm/server/email-recovery/emailEncryptor.js.map +1 -1
- package/dist/esm/server/email-recovery/emailParsers.js +55 -1
- package/dist/esm/server/email-recovery/emailParsers.js.map +1 -1
- package/dist/esm/server/email-recovery/index.js +2 -2
- package/dist/esm/server/email-recovery/index.js.map +1 -1
- package/dist/esm/server/email-recovery/rpcCalls.js +14 -1
- package/dist/esm/server/email-recovery/rpcCalls.js.map +1 -1
- package/dist/esm/server/index.js +2 -2
- package/dist/esm/server/router/cloudflare.js.map +1 -1
- package/dist/esm/server/router/express.js.map +1 -1
- package/dist/esm/server/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/esm/server/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/esm/utils/index.js +10 -4
- package/dist/esm/wasm_vrf_worker/pkg/wasm_vrf_worker.js +3 -0
- package/dist/esm/wasm_vrf_worker/pkg/wasm_vrf_worker_bg.wasm +0 -0
- package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts +25 -0
- package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts.map +1 -0
- package/dist/types/src/core/EmailRecovery/index.d.ts +1 -0
- package/dist/types/src/core/EmailRecovery/index.d.ts.map +1 -1
- package/dist/types/src/core/IndexedDBManager/passkeyClientDB.d.ts +11 -21
- package/dist/types/src/core/IndexedDBManager/passkeyClientDB.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts +45 -5
- package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/index.d.ts +10 -2
- package/dist/types/src/core/TatchiPasskey/index.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/relay.d.ts +2 -1
- package/dist/types/src/core/TatchiPasskey/relay.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/TatchiPasskeyIframe.d.ts +4 -0
- package/dist/types/src/core/WalletIframe/TatchiPasskeyIframe.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/client/router.d.ts +7 -3
- package/dist/types/src/core/WalletIframe/client/router.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/host/wallet-iframe-handlers.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/shared/messages.d.ts +6 -2
- package/dist/types/src/core/WalletIframe/shared/messages.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/index.d.ts.map +1 -1
- package/dist/types/src/core/defaultConfigs.d.ts.map +1 -1
- package/dist/types/src/core/rpcCalls.d.ts +9 -0
- package/dist/types/src/core/rpcCalls.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/emailEncryptor.d.ts +4 -0
- package/dist/types/src/server/email-recovery/emailEncryptor.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/emailParsers.d.ts +7 -0
- package/dist/types/src/server/email-recovery/emailParsers.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/index.d.ts +1 -1
- package/dist/types/src/server/email-recovery/rpcCalls.d.ts +1 -1
- package/dist/types/src/server/email-recovery/rpcCalls.d.ts.map +1 -1
- package/dist/types/src/wasm_vrf_worker/pkg/wasm_vrf_worker.d.ts.map +1 -1
- package/dist/workers/wasm_vrf_worker_bg.wasm +0 -0
- package/dist/workers/web3authn-vrf.worker.js +3 -0
- package/package.json +1 -1
- package/dist/esm/sdk/createAdapters-pNiL2KNq.js.map +0 -1
- package/dist/esm/sdk/getDeviceNumber-CkWRT17I.js.map +0 -1
- package/dist/esm/sdk/transactions-jH38BZ-Q.js.map +0 -1
package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"transactions.js","names":["SecureConfirmationType","getSignTransactionPayload","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getTxCount","getIntentDigest","ERROR_MESSAGES","uiVrfChallenge: VRFChallenge | undefined","uiVrfChallengeForUi: Partial<VRFChallenge> | undefined","err: unknown","toError","toAccountId","getLastLoggedInDeviceNumber","contractId: string | undefined","nearRpcUrl: string | undefined","PASSKEY_MANAGER_DEFAULT_CONFIGS","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n SigningSecureConfirmRequest,\n SigningAuthMode,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport {\n getNearAccountId,\n getIntentDigest,\n getTxCount,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getSignTransactionPayload,\n} from './index';\nimport { toAccountId } from '../../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../../../SignerWorkerManager/getDeviceNumber';\nimport { toError } from '../../../../../utils/errors';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nfunction getSigningAuthMode(request: SigningSecureConfirmRequest): SigningAuthMode {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n return getSignTransactionPayload(request).signingAuthMode ?? 'webauthn';\n }\n if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const p = request.payload as any;\n return (p?.signingAuthMode as SigningAuthMode | undefined) ?? 'webauthn';\n }\n return 'webauthn';\n}\n\nexport async function handleTransactionSigningFlow(\n ctx: VrfWorkerManagerContext,\n request: SigningSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n const signingAuthMode = getSigningAuthMode(request);\n const usesNeeded = getTxCount(request);\n\n // 1) NEAR context + nonce reservation\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: usesNeeded, reserveNonces: true });\n if (nearRpc.error && !nearRpc.transactionContext) {\n // eslint-disable-next-line no-console\n console.error('[SigningFlow] fetchNearContext failed', { error: nearRpc.error, details: nearRpc.details });\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n });\n }\n session.setReservedNonces(nearRpc.reservedNonces);\n let transactionContext = nearRpc.transactionContext as TransactionContext;\n\n // 2) Security context shown in the confirmer (rpId + block height).\n // For warmSession signing we still want to show this context even though\n // we won't collect a WebAuthn credential.\n const rpId = adapters.vrf.getRpId();\n let uiVrfChallenge: VRFChallenge | undefined;\n let uiVrfChallengeForUi: Partial<VRFChallenge> | undefined = rpId\n ? {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n }\n : undefined;\n\n // Initial VRF challenge (only needed for WebAuthn credential collection)\n if (signingAuthMode === 'webauthn') {\n uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n },\n request.requestId,\n );\n uiVrfChallengeForUi = uiVrfChallenge;\n }\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });\n if (!confirmed) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) Warm session: dispense WrapKeySeed and skip WebAuthn\n if (signingAuthMode === 'warmSession') {\n try {\n await adapters.vrf.dispenseSessionKey({ sessionId: request.requestId, uses: usesNeeded });\n } catch (err: unknown) {\n const msg = String((toError(err))?.message || err || '');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: msg || 'Failed to dispense warm session key',\n });\n }\n\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n transactionContext,\n });\n return;\n }\n\n // 5) JIT refresh VRF + ctx (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n transactionContext = refreshed.transactionContext;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n } catch (e) {\n console.debug('[SigningFlow] VRF JIT refresh skipped', e);\n }\n\n // 6) Collect authentication credential\n try {\n if (!uiVrfChallenge) {\n throw new Error('Missing vrfChallenge for WebAuthn signing flow');\n }\n const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge: uiVrfChallenge,\n onBeforePrompt: ({ authenticatorsForPrompt, vrfChallenge }) => {\n console.debug('[SigningFlow] Authenticators for transaction signing', {\n nearAccountId,\n authenticatorCount: authenticatorsForPrompt.length,\n authenticators: authenticatorsForPrompt.map(a => ({\n deviceNumber: a.deviceNumber,\n vrfPublicKey: a.vrfPublicKey,\n credentialId: a.credentialId,\n })),\n vrfChallengePublicKey: vrfChallenge.vrfPublicKey,\n });\n },\n });\n\n // 5c) Derive WrapKeySeed inside the VRF worker and deliver it to the signer worker via\n // the reserved WrapKeySeed MessagePort. Main thread only sees wrapKeySalt metadata.\n try {\n // Ensure VRF session is active and bound to the same account we are signing for.\n const vrfStatus = await adapters.vrf.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.');\n }\n if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(toAccountId(nearAccountId))) {\n throw new Error('VRF session is active but bound to a different account than the one being signed. Please log in again on this device.');\n }\n\n const deviceNumber = await getLastLoggedInDeviceNumber(toAccountId(nearAccountId), ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n // For v2+ vaults, wrapKeySalt is the canonical salt.\n const wrapKeySalt = encryptedKeyData?.wrapKeySalt || '';\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract contract verification context when available.\n // - SIGN_TRANSACTION: use per-request rpcCall (already normalized by caller).\n // - SIGN_NEP413_MESSAGE: allow per-request override; fall back to PASSKEY_MANAGER_DEFAULT_CONFIGS.\n let contractId: string | undefined;\n let nearRpcUrl: string | undefined;\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const payload = getSignTransactionPayload(request);\n contractId = payload?.rpcCall?.contractId;\n nearRpcUrl = payload?.rpcCall?.nearRpcUrl;\n } else if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const payload = request.payload as any;\n contractId = payload?.contractId\n || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n nearRpcUrl = payload?.nearRpcUrl\n || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;\n }\n\n await adapters.vrf.mintSessionKeysAndSendToSigner({\n sessionId: request.requestId,\n wrapKeySalt,\n contractId,\n nearRpcUrl,\n credential: serializedCredential,\n });\n\n } catch (err) {\n console.error('[SigningFlow] WrapKeySeed derivation failed:', err);\n throw err; // Don't silently ignore - propagate the error\n }\n\n // 6) Respond; keep nonces reserved for worker to use\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serializedCredential,\n // prfOutput intentionally omitted to keep signer PRF-free\n // WrapKeySeed travels only over the dedicated VRF→Signer MessagePort; do not echo in the main-thread envelope\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n } catch (err: unknown) {\n // Treat TouchID/FaceID cancellation and related errors as a negative decision\n const cancelled = isUserCancelledSecureConfirm(err);\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n const msg = String((toError(err))?.message || err || '');\n if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) {\n // Ensure UI is closed and nonces released, then rethrow\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n }\n const isWrongPasskeyError = /multiple passkeys \\(devicenumbers\\) for account/i.test(msg);\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isWrongPasskeyError ? msg : ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;AAwBA,SAAS,mBAAmB,SAAuD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,QAAOC,iDAA0B,SAAS,mBAAmB;AAE/D,KAAI,QAAQ,SAASD,qCAAuB,qBAAqB;EAC/D,MAAM,IAAI,QAAQ;AAClB,SAAQ,GAAG,mBAAmD;;AAEhE,QAAO;;AAGT,eAAsB,6BACpB,KACA,SACA,QACA,MACe;CACf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWE,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;CACvC,MAAM,kBAAkB,mBAAmB;CAC3C,MAAM,aAAaC,kCAAW;CAG9B,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAY,eAAe;;AAC1G,KAAI,QAAQ,SAAS,CAAC,QAAQ,oBAAoB;AAEhD,UAAQ,MAAM,yCAAyC;GAAE,OAAO,QAAQ;GAAO,SAAS,QAAQ;;AAChG,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcC,uCAAgB;GAC9B,WAAW;GACX,OAAO,GAAGC,8BAAe,cAAc,IAAI,QAAQ;;;AAGvD,SAAQ,kBAAkB,QAAQ;CAClC,IAAI,qBAAqB,QAAQ;CAKjC,MAAM,OAAO,SAAS,IAAI;CAC1B,IAAIC;CACJ,IAAIC,sBAAyD,OACzD;EACE,QAAQ;EACR;EACA,aAAa,mBAAmB;EAChC,WAAW,mBAAmB;KAEhC;AAGJ,KAAI,oBAAoB,YAAY;AAClC,mBAAiB,MAAM,SAAS,IAAI,+BAClC;GACE,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;KAEhC,QAAQ;AAEV,wBAAsB;;CAIxB,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,UACH,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcH,uCAAgB;EAC9B,WAAW;EACX,OAAO;;AAKX,KAAI,oBAAoB,eAAe;AACrC,MAAI;AACF,SAAM,SAAS,IAAI,mBAAmB;IAAE,WAAW,QAAQ;IAAW,MAAM;;WACrEI,KAAc;GACrB,MAAM,MAAM,OAAQC,uBAAQ,MAAO,WAAW,OAAO;AACrD,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcL,uCAAgB;IAC9B,WAAW;IACX,OAAO,OAAO;;;AAIlB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcA,uCAAgB;GAC9B,WAAW;GACX;;AAEF;;AAIF,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,uBAAqB,UAAU;AAC/B,UAAQ,SAAS,EAAE,cAAc;UAC1B,GAAG;AACV,UAAQ,MAAM,yCAAyC;;AAIzD,KAAI;AACF,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;EAElB,MAAM,uBAAuB,MAAM,SAAS,SAAS,uCAAuC;GAC1F;GACA,cAAc;GACd,iBAAiB,EAAE,yBAAyB,mBAAmB;AAC7D,YAAQ,MAAM,wDAAwD;KACpE;KACA,oBAAoB,wBAAwB;KAC5C,gBAAgB,wBAAwB,KAAI,OAAM;MAChD,cAAc,EAAE;MAChB,cAAc,EAAE;MAChB,cAAc,EAAE;;KAElB,uBAAuB,aAAa;;;;AAO1C,MAAI;GAEF,MAAM,YAAY,MAAM,SAAS,IAAI;AACrC,OAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAOM,+BAAY,gBACrF,OAAM,IAAI,MAAM;GAGlB,MAAM,eAAe,MAAMC,oDAA4BD,+BAAY,gBAAgB,IAAI,UAAU;GACjG,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;GAEvF,MAAM,cAAc,kBAAkB,eAAe;AACrD,OAAI,CAAC,YACH,OAAM,IAAI,MAAM;GAMlB,IAAIE;GACJ,IAAIC;AACJ,OAAI,QAAQ,SAASf,qCAAuB,kBAAkB;IAC5D,MAAM,UAAUC,iDAA0B;AAC1C,iBAAa,SAAS,SAAS;AAC/B,iBAAa,SAAS,SAAS;cACtB,QAAQ,SAASD,qCAAuB,qBAAqB;IACtE,MAAM,UAAU,QAAQ;AACxB,iBAAa,SAAS,cACjBgB,uDAAgC;AACrC,iBAAa,SAAS,cACjBA,uDAAgC;;AAGvC,SAAM,SAAS,IAAI,+BAA+B;IAChD,WAAW,QAAQ;IACnB;IACA;IACA;IACA,YAAY;;WAGP,KAAK;AACZ,WAAQ,MAAM,gDAAgD;AAC9D,SAAM;;AAIR,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcV,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAGZ,cAAc;GACd;;UAEKI,KAAc;EAErB,MAAM,YAAYO,4CAA6B;EAE/C,MAAM,MAAM,OAAQN,uBAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KAEjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAE3D,MAAM,sBAAsB,mDAAmD,KAAK;AACpF,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcL,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHC,8BAAe,YACd,sBAAsB,MAAMA,8BAAe"}
|
|
1
|
+
{"version":3,"file":"transactions.js","names":["SecureConfirmationType","getSignTransactionPayload","createConfirmTxFlowAdapters","createConfirmSession","getNearAccountId","getTxCount","getIntentDigest","ERROR_MESSAGES","uiVrfChallenge: VRFChallenge | undefined","uiVrfChallengeForUi: Partial<VRFChallenge> | undefined","err: unknown","toError","contractId: string | undefined","nearRpcUrl: string | undefined","toAccountId","getLastLoggedInDeviceNumber","PASSKEY_MANAGER_DEFAULT_CONFIGS","isUserCancelledSecureConfirm"],"sources":["../../../../../../../src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.ts"],"sourcesContent":["import type { VrfWorkerManagerContext } from '../../';\nimport type { ConfirmationConfig } from '../../../../types/signer-worker';\nimport {\n SecureConfirmationType,\n TransactionSummary,\n SigningSecureConfirmRequest,\n SigningAuthMode,\n} from '../types';\nimport { VRFChallenge, TransactionContext } from '../../../../types';\nimport {\n getNearAccountId,\n getIntentDigest,\n getTxCount,\n isUserCancelledSecureConfirm,\n ERROR_MESSAGES,\n getSignTransactionPayload,\n} from './index';\nimport { toAccountId } from '../../../../types/accountIds';\nimport { getLastLoggedInDeviceNumber } from '../../../SignerWorkerManager/getDeviceNumber';\nimport { toError } from '../../../../../utils/errors';\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from '../../../../defaultConfigs';\nimport { createConfirmSession } from '../adapters/session';\nimport { createConfirmTxFlowAdapters } from '../adapters/createAdapters';\n\nfunction getSigningAuthMode(request: SigningSecureConfirmRequest): SigningAuthMode {\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n return getSignTransactionPayload(request).signingAuthMode ?? 'webauthn';\n }\n if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const p = request.payload as any;\n return (p?.signingAuthMode as SigningAuthMode | undefined) ?? 'webauthn';\n }\n return 'webauthn';\n}\n\nexport async function handleTransactionSigningFlow(\n ctx: VrfWorkerManagerContext,\n request: SigningSecureConfirmRequest,\n worker: Worker,\n opts: { confirmationConfig: ConfirmationConfig; transactionSummary: TransactionSummary },\n): Promise<void> {\n const { confirmationConfig, transactionSummary } = opts;\n const adapters = createConfirmTxFlowAdapters(ctx);\n const session = createConfirmSession({\n adapters,\n worker,\n request,\n confirmationConfig,\n transactionSummary,\n });\n const nearAccountId = getNearAccountId(request);\n const signingAuthMode = getSigningAuthMode(request);\n const usesNeeded = getTxCount(request);\n\n // 1) NEAR context + nonce reservation\n const nearRpc = await adapters.near.fetchNearContext({ nearAccountId, txCount: usesNeeded, reserveNonces: true });\n if (nearRpc.error && !nearRpc.transactionContext) {\n // eslint-disable-next-line no-console\n console.error('[SigningFlow] fetchNearContext failed', { error: nearRpc.error, details: nearRpc.details });\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: `${ERROR_MESSAGES.nearRpcFailed}: ${nearRpc.details}`,\n });\n }\n session.setReservedNonces(nearRpc.reservedNonces);\n let transactionContext = nearRpc.transactionContext as TransactionContext;\n\n // 2) Security context shown in the confirmer (rpId + block height).\n // For warmSession signing we still want to show this context even though\n // we won't collect a WebAuthn credential.\n const rpId = adapters.vrf.getRpId();\n let uiVrfChallenge: VRFChallenge | undefined;\n let uiVrfChallengeForUi: Partial<VRFChallenge> | undefined = rpId\n ? {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n }\n : undefined;\n\n // Initial VRF challenge (only needed for WebAuthn credential collection)\n if (signingAuthMode === 'webauthn') {\n uiVrfChallenge = await adapters.vrf.generateVrfChallengeForSession(\n {\n userId: nearAccountId,\n rpId,\n blockHeight: transactionContext.txBlockHeight,\n blockHash: transactionContext.txBlockHash,\n },\n request.requestId,\n );\n uiVrfChallengeForUi = uiVrfChallenge;\n }\n\n // 3) UI confirm\n const { confirmed, error: uiError } = await session.promptUser({ vrfChallenge: uiVrfChallengeForUi });\n if (!confirmed) {\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: uiError,\n });\n }\n\n // 4) Warm session: dispense WrapKeySeed and skip WebAuthn\n if (signingAuthMode === 'warmSession') {\n try {\n await adapters.vrf.dispenseSessionKey({ sessionId: request.requestId, uses: usesNeeded });\n } catch (err: unknown) {\n const msg = String((toError(err))?.message || err || '');\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: msg || 'Failed to dispense warm session key',\n });\n }\n\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n transactionContext,\n });\n return;\n }\n\n // 5) JIT refresh VRF + ctx (best-effort)\n try {\n const refreshed = await adapters.vrf.maybeRefreshVrfChallenge(request, nearAccountId);\n uiVrfChallenge = refreshed.vrfChallenge;\n transactionContext = refreshed.transactionContext;\n session.updateUI({ vrfChallenge: uiVrfChallenge });\n } catch (e) {\n console.debug('[SigningFlow] VRF JIT refresh skipped', e);\n }\n\n // 6) Collect authentication credential\n try {\n if (!uiVrfChallenge) {\n throw new Error('Missing vrfChallenge for WebAuthn signing flow');\n }\n const serializedCredential = await adapters.webauthn.collectAuthenticationCredentialWithPRF({\n nearAccountId,\n vrfChallenge: uiVrfChallenge,\n });\n\n // 5c) Derive WrapKeySeed inside the VRF worker and deliver it to the signer worker via\n // the reserved WrapKeySeed MessagePort. Main thread only sees wrapKeySalt metadata.\n let contractId: string | undefined;\n let nearRpcUrl: string | undefined;\n try {\n // Ensure VRF session is active and bound to the same account we are signing for.\n const vrfStatus = await adapters.vrf.checkVrfStatus();\n if (!vrfStatus.active) {\n throw new Error('VRF keypair not active in memory. VRF session may have expired or was not properly initialized. Please refresh and try again.');\n }\n if (!vrfStatus.nearAccountId || String(vrfStatus.nearAccountId) !== String(toAccountId(nearAccountId))) {\n throw new Error('VRF session is active but bound to a different account than the one being signed. Please log in again on this device.');\n }\n\n const deviceNumber = await getLastLoggedInDeviceNumber(toAccountId(nearAccountId), ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n // For v2+ vaults, wrapKeySalt is the canonical salt.\n const wrapKeySalt = encryptedKeyData?.wrapKeySalt || '';\n if (!wrapKeySalt) {\n throw new Error('Missing wrapKeySalt in vault; re-register to upgrade vault format.');\n }\n\n // Extract contract verification context when available.\n // - SIGN_TRANSACTION: use per-request rpcCall (already normalized by caller).\n // - SIGN_NEP413_MESSAGE: allow per-request override; fall back to PASSKEY_MANAGER_DEFAULT_CONFIGS.\n if (request.type === SecureConfirmationType.SIGN_TRANSACTION) {\n const payload = getSignTransactionPayload(request);\n contractId = payload?.rpcCall?.contractId;\n nearRpcUrl = payload?.rpcCall?.nearRpcUrl;\n } else if (request.type === SecureConfirmationType.SIGN_NEP413_MESSAGE) {\n const payload = request.payload as any;\n contractId = payload?.contractId\n || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n nearRpcUrl = payload?.nearRpcUrl\n || PASSKEY_MANAGER_DEFAULT_CONFIGS.nearRpcUrl;\n }\n\n await adapters.vrf.mintSessionKeysAndSendToSigner({\n sessionId: request.requestId,\n wrapKeySalt,\n contractId,\n nearRpcUrl,\n credential: serializedCredential,\n });\n\t } catch (err) {\n\t console.error('[SigningFlow] WrapKeySeed derivation failed:', err);\n\t throw err; // Don't silently ignore - propagate the error\n\t }\n\n // 6) Respond; keep nonces reserved for worker to use\n session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: true,\n credential: serializedCredential,\n // prfOutput intentionally omitted to keep signer PRF-free\n // WrapKeySeed travels only over the dedicated VRF→Signer MessagePort; do not echo in the main-thread envelope\n vrfChallenge: uiVrfChallenge,\n transactionContext,\n });\n } catch (err: unknown) {\n // Treat TouchID/FaceID cancellation and related errors as a negative decision\n const cancelled = isUserCancelledSecureConfirm(err);\n // For missing PRF outputs, surface the error to caller (defensive path tests expect a throw)\n const msg = String((toError(err))?.message || err || '');\n if (/Missing PRF result/i.test(msg) || /Missing PRF results/i.test(msg)) {\n // Ensure UI is closed and nonces released, then rethrow\n return session.cleanupAndRethrow(err);\n }\n if (cancelled) {\n window.parent?.postMessage({ type: 'WALLET_UI_CLOSED' }, '*');\n }\n const isWrongPasskeyError = /multiple passkeys \\(devicenumbers\\) for account/i.test(msg);\n return session.confirmAndCloseModal({\n requestId: request.requestId,\n intentDigest: getIntentDigest(request),\n confirmed: false,\n error: cancelled\n ? ERROR_MESSAGES.cancelled\n : (isWrongPasskeyError ? msg : ERROR_MESSAGES.collectCredentialsFailed),\n });\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAwBA,SAAS,mBAAmB,SAAuD;AACjF,KAAI,QAAQ,SAASA,qCAAuB,iBAC1C,QAAOC,iDAA0B,SAAS,mBAAmB;AAE/D,KAAI,QAAQ,SAASD,qCAAuB,qBAAqB;EAC/D,MAAM,IAAI,QAAQ;AAClB,SAAQ,GAAG,mBAAmD;;AAEhE,QAAO;;AAGT,eAAsB,6BACpB,KACA,SACA,QACA,MACe;CACf,MAAM,EAAE,oBAAoB,uBAAuB;CACnD,MAAM,WAAWE,mDAA4B;CAC7C,MAAM,UAAUC,qCAAqB;EACnC;EACA;EACA;EACA;EACA;;CAEF,MAAM,gBAAgBC,wCAAiB;CACvC,MAAM,kBAAkB,mBAAmB;CAC3C,MAAM,aAAaC,kCAAW;CAG9B,MAAM,UAAU,MAAM,SAAS,KAAK,iBAAiB;EAAE;EAAe,SAAS;EAAY,eAAe;;AAC1G,KAAI,QAAQ,SAAS,CAAC,QAAQ,oBAAoB;AAEhD,UAAQ,MAAM,yCAAyC;GAAE,OAAO,QAAQ;GAAO,SAAS,QAAQ;;AAChG,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcC,uCAAgB;GAC9B,WAAW;GACX,OAAO,GAAGC,8BAAe,cAAc,IAAI,QAAQ;;;AAGvD,SAAQ,kBAAkB,QAAQ;CAClC,IAAI,qBAAqB,QAAQ;CAKjC,MAAM,OAAO,SAAS,IAAI;CAC1B,IAAIC;CACJ,IAAIC,sBAAyD,OACzD;EACE,QAAQ;EACR;EACA,aAAa,mBAAmB;EAChC,WAAW,mBAAmB;KAEhC;AAGJ,KAAI,oBAAoB,YAAY;AAClC,mBAAiB,MAAM,SAAS,IAAI,+BAClC;GACE,QAAQ;GACR;GACA,aAAa,mBAAmB;GAChC,WAAW,mBAAmB;KAEhC,QAAQ;AAEV,wBAAsB;;CAIxB,MAAM,EAAE,WAAW,OAAO,YAAY,MAAM,QAAQ,WAAW,EAAE,cAAc;AAC/E,KAAI,CAAC,UACH,QAAO,QAAQ,qBAAqB;EAClC,WAAW,QAAQ;EACnB,cAAcH,uCAAgB;EAC9B,WAAW;EACX,OAAO;;AAKX,KAAI,oBAAoB,eAAe;AACrC,MAAI;AACF,SAAM,SAAS,IAAI,mBAAmB;IAAE,WAAW,QAAQ;IAAW,MAAM;;WACrEI,KAAc;GACrB,MAAM,MAAM,OAAQC,uBAAQ,MAAO,WAAW,OAAO;AACrD,UAAO,QAAQ,qBAAqB;IAClC,WAAW,QAAQ;IACnB,cAAcL,uCAAgB;IAC9B,WAAW;IACX,OAAO,OAAO;;;AAIlB,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcA,uCAAgB;GAC9B,WAAW;GACX;;AAEF;;AAIF,KAAI;EACF,MAAM,YAAY,MAAM,SAAS,IAAI,yBAAyB,SAAS;AACvE,mBAAiB,UAAU;AAC3B,uBAAqB,UAAU;AAC/B,UAAQ,SAAS,EAAE,cAAc;UAC1B,GAAG;AACV,UAAQ,MAAM,yCAAyC;;AAIzD,KAAI;AACF,MAAI,CAAC,eACH,OAAM,IAAI,MAAM;EAElB,MAAM,uBAAuB,MAAM,SAAS,SAAS,uCAAuC;GAC1F;GACA,cAAc;;EAKhB,IAAIM;EACJ,IAAIC;AACJ,MAAI;GAEF,MAAM,YAAY,MAAM,SAAS,IAAI;AACrC,OAAI,CAAC,UAAU,OACb,OAAM,IAAI,MAAM;AAElB,OAAI,CAAC,UAAU,iBAAiB,OAAO,UAAU,mBAAmB,OAAOC,+BAAY,gBACrF,OAAM,IAAI,MAAM;GAGlB,MAAM,eAAe,MAAMC,oDAA4BD,+BAAY,gBAAgB,IAAI,UAAU;GACjG,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;GAEvF,MAAM,cAAc,kBAAkB,eAAe;AACrD,OAAI,CAAC,YACH,OAAM,IAAI,MAAM;AAMlB,OAAI,QAAQ,SAASd,qCAAuB,kBAAkB;IAC5D,MAAM,UAAUC,iDAA0B;AAC1C,iBAAa,SAAS,SAAS;AAC/B,iBAAa,SAAS,SAAS;cACtB,QAAQ,SAASD,qCAAuB,qBAAqB;IACtE,MAAM,UAAU,QAAQ;AACxB,iBAAa,SAAS,cACjBgB,uDAAgC;AACrC,iBAAa,SAAS,cACjBA,uDAAgC;;AAGvC,SAAM,SAAS,IAAI,+BAA+B;IAChD,WAAW,QAAQ;IACnB;IACA;IACA;IACA,YAAY;;WAEN,KAAK;AACZ,WAAQ,MAAM,gDAAgD;AAC9D,SAAM;;AAIT,UAAQ,qBAAqB;GAC3B,WAAW,QAAQ;GACnB,cAAcV,uCAAgB;GAC9B,WAAW;GACX,YAAY;GAGZ,cAAc;GACd;;UAEKI,KAAc;EAErB,MAAM,YAAYO,4CAA6B;EAE/C,MAAM,MAAM,OAAQN,uBAAQ,MAAO,WAAW,OAAO;AACrD,MAAI,sBAAsB,KAAK,QAAQ,uBAAuB,KAAK,KAEjE,QAAO,QAAQ,kBAAkB;AAEnC,MAAI,UACF,QAAO,QAAQ,YAAY,EAAE,MAAM,sBAAsB;EAE3D,MAAM,sBAAsB,mDAAmD,KAAK;AACpF,SAAO,QAAQ,qBAAqB;GAClC,WAAW,QAAQ;GACnB,cAAcL,uCAAgB;GAC9B,WAAW;GACX,OAAO,YACHC,8BAAe,YACd,sBAAsB,MAAMA,8BAAe"}
|
|
@@ -2,6 +2,7 @@ const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.
|
|
|
2
2
|
const require_vrf_worker = require('../../../types/vrf-worker.js');
|
|
3
3
|
|
|
4
4
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts
|
|
5
|
+
require_vrf_worker.init_vrf_worker();
|
|
5
6
|
/**
|
|
6
7
|
* Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.
|
|
7
8
|
*/
|
package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"deriveVrfKeypairFromPrf.js","names":["message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest>","validateVRFChallenge"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts"],"sourcesContent":["import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFWorkerMessage,\n WasmDeriveVrfKeypairFromPrfRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n */\nexport async function deriveVrfKeypairFromPrf(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData;\n saveInMemory?: boolean;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n}> {\n const saveInMemory = args.saveInMemory ?? true;\n await ctx.ensureWorkerReady();\n\n const vrfInputData = args.vrfInputData;\n const hasVrfInputData = vrfInputData?.blockHash\n && vrfInputData?.blockHeight\n && vrfInputData?.userId\n && vrfInputData?.rpId;\n\n const message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest> = {\n type: 'DERIVE_VRF_KEYPAIR_FROM_PRF',\n id: ctx.generateMessageId(),\n payload: {\n credential: args.credential,\n nearAccountId: args.nearAccountId,\n saveInMemory,\n vrfInputData: hasVrfInputData ? {\n userId: vrfInputData.userId,\n rpId: vrfInputData.rpId,\n blockHeight: String(vrfInputData.blockHeight),\n blockHash: vrfInputData.blockHash,\n } : undefined,\n }\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF keypair derivation failed: ${response.error}`);\n }\n const data = response.data as {\n vrfPublicKey?: string;\n vrfChallengeData?: VRFChallenge;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair?: ServerEncryptedVrfKeypair | null;\n };\n\n const vrfPublicKey = data.vrfPublicKey || data.vrfChallengeData?.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key not found in response');\n }\n if (!data.encryptedVrfKeypair) {\n throw new Error('Encrypted VRF keypair not found in response');\n }\n\n const vrfChallenge = data.vrfChallengeData\n ? validateVRFChallenge({\n vrfInput: data.vrfChallengeData.vrfInput,\n vrfOutput: data.vrfChallengeData.vrfOutput,\n vrfProof: data.vrfChallengeData.vrfProof,\n vrfPublicKey: data.vrfChallengeData.vrfPublicKey,\n userId: data.vrfChallengeData.userId,\n rpId: data.vrfChallengeData.rpId,\n blockHeight: data.vrfChallengeData.blockHeight,\n blockHash: data.vrfChallengeData.blockHash,\n })\n : null;\n\n if (saveInMemory) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair loaded in memory for ${args.nearAccountId}`);\n }\n\n return {\n vrfPublicKey,\n vrfChallenge,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: data.serverEncryptedVrfKeypair || null,\n };\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"file":"deriveVrfKeypairFromPrf.js","names":["message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest>","validateVRFChallenge"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts"],"sourcesContent":["import type { AccountId } from '../../../types/accountIds';\nimport type {\n EncryptedVRFKeypair,\n ServerEncryptedVrfKeypair,\n VRFInputData,\n VRFWorkerMessage,\n WasmDeriveVrfKeypairFromPrfRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { WebAuthnAuthenticationCredential, WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.\n */\nexport async function deriveVrfKeypairFromPrf(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n credential: WebAuthnRegistrationCredential | WebAuthnAuthenticationCredential;\n nearAccountId: AccountId;\n vrfInputData?: VRFInputData;\n saveInMemory?: boolean;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge | null;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair: ServerEncryptedVrfKeypair | null;\n}> {\n const saveInMemory = args.saveInMemory ?? true;\n await ctx.ensureWorkerReady();\n\n const vrfInputData = args.vrfInputData;\n const hasVrfInputData = vrfInputData?.blockHash\n && vrfInputData?.blockHeight\n && vrfInputData?.userId\n && vrfInputData?.rpId;\n\n const message: VRFWorkerMessage<WasmDeriveVrfKeypairFromPrfRequest> = {\n type: 'DERIVE_VRF_KEYPAIR_FROM_PRF',\n id: ctx.generateMessageId(),\n payload: {\n credential: args.credential,\n nearAccountId: args.nearAccountId,\n saveInMemory,\n vrfInputData: hasVrfInputData ? {\n userId: vrfInputData.userId,\n rpId: vrfInputData.rpId,\n blockHeight: String(vrfInputData.blockHeight),\n blockHash: vrfInputData.blockHash,\n } : undefined,\n }\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF keypair derivation failed: ${response.error}`);\n }\n const data = response.data as {\n vrfPublicKey?: string;\n vrfChallengeData?: VRFChallenge;\n encryptedVrfKeypair: EncryptedVRFKeypair;\n serverEncryptedVrfKeypair?: ServerEncryptedVrfKeypair | null;\n };\n\n const vrfPublicKey = data.vrfPublicKey || data.vrfChallengeData?.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key not found in response');\n }\n if (!data.encryptedVrfKeypair) {\n throw new Error('Encrypted VRF keypair not found in response');\n }\n\n const vrfChallenge = data.vrfChallengeData\n ? validateVRFChallenge({\n vrfInput: data.vrfChallengeData.vrfInput,\n vrfOutput: data.vrfChallengeData.vrfOutput,\n vrfProof: data.vrfChallengeData.vrfProof,\n vrfPublicKey: data.vrfChallengeData.vrfPublicKey,\n userId: data.vrfChallengeData.userId,\n rpId: data.vrfChallengeData.rpId,\n blockHeight: data.vrfChallengeData.blockHeight,\n blockHash: data.vrfChallengeData.blockHash,\n })\n : null;\n\n if (saveInMemory) {\n ctx.setCurrentVrfAccountId(args.nearAccountId);\n console.debug(`VRF Manager: VRF keypair loaded in memory for ${args.nearAccountId}`);\n }\n\n return {\n vrfPublicKey,\n vrfChallenge,\n encryptedVrfKeypair: data.encryptedVrfKeypair,\n serverEncryptedVrfKeypair: data.serverEncryptedVrfKeypair || null,\n };\n}\n"],"mappings":";;;;;;;;AAeA,eAAsB,wBACpB,KACA,MAWC;CACD,MAAM,eAAe,KAAK,gBAAgB;AAC1C,OAAM,IAAI;CAEV,MAAM,eAAe,KAAK;CAC1B,MAAM,kBAAkB,cAAc,aACjC,cAAc,eACd,cAAc,UACd,cAAc;CAEnB,MAAMA,UAAgE;EACpE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP,YAAY,KAAK;GACjB,eAAe,KAAK;GACpB;GACA,cAAc,kBAAkB;IAC9B,QAAQ,aAAa;IACrB,MAAM,aAAa;IACnB,aAAa,OAAO,aAAa;IACjC,WAAW,aAAa;OACtB;;;CAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,kCAAkC,SAAS;CAE7D,MAAM,OAAO,SAAS;CAOtB,MAAM,eAAe,KAAK,gBAAgB,KAAK,kBAAkB;AACjE,KAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,KAAI,CAAC,KAAK,oBACR,OAAM,IAAI,MAAM;CAGlB,MAAM,eAAe,KAAK,mBACtBC,wCAAqB;EACrB,UAAU,KAAK,iBAAiB;EAChC,WAAW,KAAK,iBAAiB;EACjC,UAAU,KAAK,iBAAiB;EAChC,cAAc,KAAK,iBAAiB;EACpC,QAAQ,KAAK,iBAAiB;EAC9B,MAAM,KAAK,iBAAiB;EAC5B,aAAa,KAAK,iBAAiB;EACnC,WAAW,KAAK,iBAAiB;MAEjC;AAEJ,KAAI,cAAc;AAChB,MAAI,uBAAuB,KAAK;AAChC,UAAQ,MAAM,iDAAiD,KAAK;;AAGtE,QAAO;EACL;EACA;EACA,qBAAqB,KAAK;EAC1B,2BAA2B,KAAK,6BAA6B"}
|
|
@@ -2,6 +2,7 @@ const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.
|
|
|
2
2
|
const require_vrf_worker = require('../../../types/vrf-worker.js');
|
|
3
3
|
|
|
4
4
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts
|
|
5
|
+
require_vrf_worker.init_vrf_worker();
|
|
5
6
|
/**
|
|
6
7
|
* Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.
|
|
7
8
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateVrfChallenge.js","names":["message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest>","validateVRFChallenge"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts"],"sourcesContent":["import type {\n VRFInputData,\n VRFWorkerMessage,\n WasmGenerateVrfChallengeRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.\n *\n * This is used by SecureConfirm flows so later steps (e.g. contract verification) can rely on\n * worker-owned challenge data instead of JS-provided state.\n */\nexport async function generateVrfChallengeForSession(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId: string\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData, sessionId);\n}\n\n/**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n *\n * Used for standalone WebAuthn prompts where we don't need to later look up the challenge by `sessionId`.\n */\nexport async function generateVrfChallengeOnce(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData);\n}\n\nasync function generateVrfChallengeInternal(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId?: string\n): Promise<VRFChallenge> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest> = {\n type: 'GENERATE_VRF_CHALLENGE',\n id: ctx.generateMessageId(),\n payload: {\n sessionId,\n vrfInputData: {\n userId: inputData.userId,\n rpId: inputData.rpId,\n blockHeight: String(inputData.blockHeight),\n blockHash: inputData.blockHash,\n },\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF challenge generation failed: ${response.error}`);\n }\n\n const data = response.data as unknown as VRFChallenge;\n console.debug('VRF Manager: VRF challenge generated successfully');\n return validateVRFChallenge(data);\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"file":"generateVrfChallenge.js","names":["message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest>","validateVRFChallenge"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts"],"sourcesContent":["import type {\n VRFInputData,\n VRFWorkerMessage,\n WasmGenerateVrfChallengeRequest,\n} from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.\n *\n * This is used by SecureConfirm flows so later steps (e.g. contract verification) can rely on\n * worker-owned challenge data instead of JS-provided state.\n */\nexport async function generateVrfChallengeForSession(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId: string\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData, sessionId);\n}\n\n/**\n * Generate a one-off VRF challenge without caching it in the VRF worker.\n *\n * Used for standalone WebAuthn prompts where we don't need to later look up the challenge by `sessionId`.\n */\nexport async function generateVrfChallengeOnce(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData\n): Promise<VRFChallenge> {\n return generateVrfChallengeInternal(ctx, inputData);\n}\n\nasync function generateVrfChallengeInternal(\n ctx: VrfWorkerManagerHandlerContext,\n inputData: VRFInputData,\n sessionId?: string\n): Promise<VRFChallenge> {\n await ctx.ensureWorkerReady(true);\n const message: VRFWorkerMessage<WasmGenerateVrfChallengeRequest> = {\n type: 'GENERATE_VRF_CHALLENGE',\n id: ctx.generateMessageId(),\n payload: {\n sessionId,\n vrfInputData: {\n userId: inputData.userId,\n rpId: inputData.rpId,\n blockHeight: String(inputData.blockHeight),\n blockHash: inputData.blockHash,\n },\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF challenge generation failed: ${response.error}`);\n }\n\n const data = response.data as unknown as VRFChallenge;\n console.debug('VRF Manager: VRF challenge generated successfully');\n return validateVRFChallenge(data);\n}\n"],"mappings":";;;;;;;;;;;AAcA,eAAsB,+BACpB,KACA,WACA,WACuB;AACvB,QAAO,6BAA6B,KAAK,WAAW;;;;;;;AAQtD,eAAsB,yBACpB,KACA,WACuB;AACvB,QAAO,6BAA6B,KAAK;;AAG3C,eAAe,6BACb,KACA,WACA,WACuB;AACvB,OAAM,IAAI,kBAAkB;CAC5B,MAAMA,UAA6D;EACjE,MAAM;EACN,IAAI,IAAI;EACR,SAAS;GACP;GACA,cAAc;IACZ,QAAQ,UAAU;IAClB,MAAM,UAAU;IAChB,aAAa,OAAO,UAAU;IAC9B,WAAW,UAAU;;;;CAK3B,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,KAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,oCAAoC,SAAS;CAG/D,MAAM,OAAO,SAAS;AACtB,SAAQ,MAAM;AACd,QAAOC,wCAAqB"}
|
package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js
CHANGED
|
@@ -2,6 +2,7 @@ const require_rolldown_runtime = require('../../../../_virtual/rolldown_runtime.
|
|
|
2
2
|
const require_vrf_worker = require('../../../types/vrf-worker.js');
|
|
3
3
|
|
|
4
4
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts
|
|
5
|
+
require_vrf_worker.init_vrf_worker();
|
|
5
6
|
/**
|
|
6
7
|
* Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)
|
|
7
8
|
* generate a VRF challenge from it.
|
package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generateVrfKeypairBootstrap.js","names":["message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest>","validateVRFChallenge","error: any"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts"],"sourcesContent":["import type { VRFInputData } from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VRFWorkerMessage, WasmGenerateVrfKeypairBootstrapRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)\n * generate a VRF challenge from it.\n *\n * This solves the \"chicken-and-egg\" problem during registration where you need a VRF challenge\n * before you have PRF outputs to encrypt the VRF keypair. The generated VRF keypair lives in\n * VRF worker memory until it is later encrypted with PRF output.\n */\nexport async function generateVrfKeypairBootstrap(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n}> {\n await ctx.ensureWorkerReady();\n try {\n const message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest> = {\n type: 'GENERATE_VRF_KEYPAIR_BOOTSTRAP',\n id: ctx.generateMessageId(),\n payload: {\n // Include VRF input data if provided for challenge generation\n sessionId: args.sessionId,\n vrfInputData: args.vrfInputData\n ? {\n userId: args.vrfInputData.userId,\n rpId: args.vrfInputData.rpId,\n blockHeight: String(args.vrfInputData.blockHeight),\n blockHash: args.vrfInputData.blockHash,\n }\n : undefined,\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF bootstrap keypair generation failed: ${response.error}`);\n }\n const data = response.data as { vrf_challenge_data?: VRFChallenge; vrfPublicKey?: string };\n const challengeData = data.vrf_challenge_data as VRFChallenge | undefined;\n if (!challengeData) {\n throw new Error('VRF challenge data failed to be generated');\n }\n const vrfPublicKey = data.vrfPublicKey || challengeData.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key missing in bootstrap response');\n }\n if (args.vrfInputData && args.saveInMemory) {\n // Track the account ID for this VRF session if saving in memory\n ctx.setCurrentVrfAccountId(args.vrfInputData.userId);\n }\n\n // TODO: strong types generated by Rust wasm-bindgen\n return {\n vrfPublicKey,\n vrfChallenge: validateVRFChallenge({\n vrfInput: challengeData.vrfInput,\n vrfOutput: challengeData.vrfOutput,\n vrfProof: challengeData.vrfProof,\n vrfPublicKey: challengeData.vrfPublicKey,\n userId: challengeData.userId,\n rpId: challengeData.rpId,\n blockHeight: challengeData.blockHeight,\n blockHash: challengeData.blockHash,\n })\n }\n\n } catch (error: any) {\n console.error('VRF Manager: Bootstrap VRF keypair generation failed:', error);\n throw new Error(`Failed to generate bootstrap VRF keypair: ${error.message}`);\n }\n}\n"],"mappings":"
|
|
1
|
+
{"version":3,"file":"generateVrfKeypairBootstrap.js","names":["message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest>","validateVRFChallenge","error: any"],"sources":["../../../../../../src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts"],"sourcesContent":["import type { VRFInputData } from '../../../types/vrf-worker';\nimport { validateVRFChallenge, type VRFChallenge } from '../../../types/vrf-worker';\nimport type { VRFWorkerMessage, WasmGenerateVrfKeypairBootstrapRequest } from '../../../types/vrf-worker';\nimport type { VrfWorkerManagerHandlerContext } from './types';\n\n/**\n * Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)\n * generate a VRF challenge from it.\n *\n * This solves the \"chicken-and-egg\" problem during registration where you need a VRF challenge\n * before you have PRF outputs to encrypt the VRF keypair. The generated VRF keypair lives in\n * VRF worker memory until it is later encrypted with PRF output.\n */\nexport async function generateVrfKeypairBootstrap(\n ctx: VrfWorkerManagerHandlerContext,\n args: {\n vrfInputData: VRFInputData;\n saveInMemory: boolean;\n sessionId?: string;\n }\n): Promise<{\n vrfPublicKey: string;\n vrfChallenge: VRFChallenge;\n}> {\n await ctx.ensureWorkerReady();\n try {\n const message: VRFWorkerMessage<WasmGenerateVrfKeypairBootstrapRequest> = {\n type: 'GENERATE_VRF_KEYPAIR_BOOTSTRAP',\n id: ctx.generateMessageId(),\n payload: {\n // Include VRF input data if provided for challenge generation\n sessionId: args.sessionId,\n vrfInputData: args.vrfInputData\n ? {\n userId: args.vrfInputData.userId,\n rpId: args.vrfInputData.rpId,\n blockHeight: String(args.vrfInputData.blockHeight),\n blockHash: args.vrfInputData.blockHash,\n }\n : undefined,\n },\n };\n\n const response = await ctx.sendMessage(message);\n\n if (!response.success || !response.data) {\n throw new Error(`VRF bootstrap keypair generation failed: ${response.error}`);\n }\n const data = response.data as { vrf_challenge_data?: VRFChallenge; vrfPublicKey?: string };\n const challengeData = data.vrf_challenge_data as VRFChallenge | undefined;\n if (!challengeData) {\n throw new Error('VRF challenge data failed to be generated');\n }\n const vrfPublicKey = data.vrfPublicKey || challengeData.vrfPublicKey;\n if (!vrfPublicKey) {\n throw new Error('VRF public key missing in bootstrap response');\n }\n if (args.vrfInputData && args.saveInMemory) {\n // Track the account ID for this VRF session if saving in memory\n ctx.setCurrentVrfAccountId(args.vrfInputData.userId);\n }\n\n // TODO: strong types generated by Rust wasm-bindgen\n return {\n vrfPublicKey,\n vrfChallenge: validateVRFChallenge({\n vrfInput: challengeData.vrfInput,\n vrfOutput: challengeData.vrfOutput,\n vrfProof: challengeData.vrfProof,\n vrfPublicKey: challengeData.vrfPublicKey,\n userId: challengeData.userId,\n rpId: challengeData.rpId,\n blockHeight: challengeData.blockHeight,\n blockHash: challengeData.blockHash,\n })\n }\n\n } catch (error: any) {\n console.error('VRF Manager: Bootstrap VRF keypair generation failed:', error);\n throw new Error(`Failed to generate bootstrap VRF keypair: ${error.message}`);\n }\n}\n"],"mappings":";;;;;;;;;;;;;AAaA,eAAsB,4BACpB,KACA,MAQC;AACD,OAAM,IAAI;AACV,KAAI;EACF,MAAMA,UAAoE;GACxE,MAAM;GACN,IAAI,IAAI;GACR,SAAS;IAEP,WAAW,KAAK;IAChB,cAAc,KAAK,eACf;KACE,QAAQ,KAAK,aAAa;KAC1B,MAAM,KAAK,aAAa;KACxB,aAAa,OAAO,KAAK,aAAa;KACtC,WAAW,KAAK,aAAa;QAE/B;;;EAIR,MAAM,WAAW,MAAM,IAAI,YAAY;AAEvC,MAAI,CAAC,SAAS,WAAW,CAAC,SAAS,KACjC,OAAM,IAAI,MAAM,4CAA4C,SAAS;EAEvE,MAAM,OAAO,SAAS;EACtB,MAAM,gBAAgB,KAAK;AAC3B,MAAI,CAAC,cACH,OAAM,IAAI,MAAM;EAElB,MAAM,eAAe,KAAK,gBAAgB,cAAc;AACxD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM;AAElB,MAAI,KAAK,gBAAgB,KAAK,aAE5B,KAAI,uBAAuB,KAAK,aAAa;AAI/C,SAAO;GACL;GACA,cAAcC,wCAAqB;IACjC,UAAU,cAAc;IACxB,WAAW,cAAc;IACzB,UAAU,cAAc;IACxB,cAAc,cAAc;IAC5B,QAAQ,cAAc;IACtB,MAAM,cAAc;IACpB,aAAa,cAAc;IAC3B,WAAW,cAAc;;;UAItBC,OAAY;AACnB,UAAQ,MAAM,yDAAyD;AACvE,QAAM,IAAI,MAAM,6CAA6C,MAAM"}
|
|
@@ -0,0 +1,17 @@
|
|
|
1
|
+
const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
|
|
2
|
+
const require_safari_fallbacks = require('./safari-fallbacks.js');
|
|
3
|
+
|
|
4
|
+
//#region src/core/WebAuthnManager/WebAuthnFallbacks/index.ts
|
|
5
|
+
var init_WebAuthnFallbacks = require_rolldown_runtime.__esm({ "src/core/WebAuthnManager/WebAuthnFallbacks/index.ts": (() => {
|
|
6
|
+
require_safari_fallbacks.init_safari_fallbacks();
|
|
7
|
+
}) });
|
|
8
|
+
|
|
9
|
+
//#endregion
|
|
10
|
+
init_WebAuthnFallbacks();
|
|
11
|
+
Object.defineProperty(exports, 'init_WebAuthnFallbacks', {
|
|
12
|
+
enumerable: true,
|
|
13
|
+
get: function () {
|
|
14
|
+
return init_WebAuthnFallbacks;
|
|
15
|
+
}
|
|
16
|
+
});
|
|
17
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../../../../src/core/WebAuthnManager/WebAuthnFallbacks/index.ts"],"sourcesContent":["export {\n executeWebAuthnWithParentFallbacksSafari,\n WebAuthnBridgeMessage,\n} from './safari-fallbacks';\n"],"mappings":""}
|
|
@@ -1,12 +1,6 @@
|
|
|
1
1
|
const require_rolldown_runtime = require('../../../_virtual/rolldown_runtime.js');
|
|
2
2
|
|
|
3
3
|
//#region src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.ts
|
|
4
|
-
const WebAuthnBridgeMessage = {
|
|
5
|
-
Create: "WALLET_WEBAUTHN_CREATE",
|
|
6
|
-
Get: "WALLET_WEBAUTHN_GET",
|
|
7
|
-
CreateResult: "WALLET_WEBAUTHN_CREATE_RESULT",
|
|
8
|
-
GetResult: "WALLET_WEBAUTHN_GET_RESULT"
|
|
9
|
-
};
|
|
10
4
|
function getResultTypeFor(kind) {
|
|
11
5
|
return kind === WebAuthnBridgeMessage.Get ? WebAuthnBridgeMessage.GetResult : WebAuthnBridgeMessage.CreateResult;
|
|
12
6
|
}
|
|
@@ -109,54 +103,6 @@ async function requestParentDomainWebAuthn(kind, publicKey, client, timeoutMs) {
|
|
|
109
103
|
if (kind === "create") return client.request(WebAuthnBridgeMessage.Create, publicKey, timeoutMs);
|
|
110
104
|
return client.request(WebAuthnBridgeMessage.Get, publicKey, timeoutMs);
|
|
111
105
|
}
|
|
112
|
-
var WindowParentDomainWebAuthnClient = class {
|
|
113
|
-
async request(kind, publicKey, timeoutMs = 6e4) {
|
|
114
|
-
const requestId = `${kind}:${Date.now()}:${Math.random().toString(36).slice(2)}`;
|
|
115
|
-
const resultType = getResultTypeFor(kind);
|
|
116
|
-
return new Promise((resolve) => {
|
|
117
|
-
let settled = false;
|
|
118
|
-
const finish = (val) => {
|
|
119
|
-
if (!settled) {
|
|
120
|
-
settled = true;
|
|
121
|
-
resolve(val);
|
|
122
|
-
}
|
|
123
|
-
};
|
|
124
|
-
const onMessage = (ev) => {
|
|
125
|
-
const payload = ev?.data;
|
|
126
|
-
if (!payload || typeof payload.type !== "string") return;
|
|
127
|
-
const t = payload.type;
|
|
128
|
-
if (t !== resultType) return;
|
|
129
|
-
const rid = payload.requestId;
|
|
130
|
-
if (rid !== requestId) return;
|
|
131
|
-
window.removeEventListener("message", onMessage);
|
|
132
|
-
const ok = !!payload.ok;
|
|
133
|
-
const cred = payload.credential;
|
|
134
|
-
const err = payload.error;
|
|
135
|
-
if (ok && cred) return finish({
|
|
136
|
-
ok: true,
|
|
137
|
-
credential: cred
|
|
138
|
-
});
|
|
139
|
-
return finish({
|
|
140
|
-
ok: false,
|
|
141
|
-
error: typeof err === "string" ? err : void 0
|
|
142
|
-
});
|
|
143
|
-
};
|
|
144
|
-
window.addEventListener("message", onMessage);
|
|
145
|
-
window.parent?.postMessage({
|
|
146
|
-
type: kind,
|
|
147
|
-
requestId,
|
|
148
|
-
publicKey
|
|
149
|
-
}, "*");
|
|
150
|
-
setTimeout(() => {
|
|
151
|
-
window.removeEventListener("message", onMessage);
|
|
152
|
-
finish({
|
|
153
|
-
ok: false,
|
|
154
|
-
timeout: true
|
|
155
|
-
});
|
|
156
|
-
}, timeoutMs);
|
|
157
|
-
});
|
|
158
|
-
}
|
|
159
|
-
};
|
|
160
106
|
function notAllowedError(message) {
|
|
161
107
|
const e = new Error(message);
|
|
162
108
|
e.name = "NotAllowedError";
|
|
@@ -193,8 +139,72 @@ async function attemptRefocus(maxRetries = 2, delays = [50, 120]) {
|
|
|
193
139
|
}
|
|
194
140
|
return document.hasFocus();
|
|
195
141
|
}
|
|
142
|
+
var WebAuthnBridgeMessage, WindowParentDomainWebAuthnClient;
|
|
143
|
+
var init_safari_fallbacks = require_rolldown_runtime.__esm({ "src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.ts": (() => {
|
|
144
|
+
WebAuthnBridgeMessage = {
|
|
145
|
+
Create: "WALLET_WEBAUTHN_CREATE",
|
|
146
|
+
Get: "WALLET_WEBAUTHN_GET",
|
|
147
|
+
CreateResult: "WALLET_WEBAUTHN_CREATE_RESULT",
|
|
148
|
+
GetResult: "WALLET_WEBAUTHN_GET_RESULT"
|
|
149
|
+
};
|
|
150
|
+
WindowParentDomainWebAuthnClient = class {
|
|
151
|
+
async request(kind, publicKey, timeoutMs = 6e4) {
|
|
152
|
+
const requestId = `${kind}:${Date.now()}:${Math.random().toString(36).slice(2)}`;
|
|
153
|
+
const resultType = getResultTypeFor(kind);
|
|
154
|
+
return new Promise((resolve) => {
|
|
155
|
+
let settled = false;
|
|
156
|
+
const finish = (val) => {
|
|
157
|
+
if (!settled) {
|
|
158
|
+
settled = true;
|
|
159
|
+
resolve(val);
|
|
160
|
+
}
|
|
161
|
+
};
|
|
162
|
+
const onMessage = (ev) => {
|
|
163
|
+
const payload = ev?.data;
|
|
164
|
+
if (!payload || typeof payload.type !== "string") return;
|
|
165
|
+
const t = payload.type;
|
|
166
|
+
if (t !== resultType) return;
|
|
167
|
+
const rid = payload.requestId;
|
|
168
|
+
if (rid !== requestId) return;
|
|
169
|
+
window.removeEventListener("message", onMessage);
|
|
170
|
+
const ok = !!payload.ok;
|
|
171
|
+
const cred = payload.credential;
|
|
172
|
+
const err = payload.error;
|
|
173
|
+
if (ok && cred) return finish({
|
|
174
|
+
ok: true,
|
|
175
|
+
credential: cred
|
|
176
|
+
});
|
|
177
|
+
return finish({
|
|
178
|
+
ok: false,
|
|
179
|
+
error: typeof err === "string" ? err : void 0
|
|
180
|
+
});
|
|
181
|
+
};
|
|
182
|
+
window.addEventListener("message", onMessage);
|
|
183
|
+
window.parent?.postMessage({
|
|
184
|
+
type: kind,
|
|
185
|
+
requestId,
|
|
186
|
+
publicKey
|
|
187
|
+
}, "*");
|
|
188
|
+
setTimeout(() => {
|
|
189
|
+
window.removeEventListener("message", onMessage);
|
|
190
|
+
finish({
|
|
191
|
+
ok: false,
|
|
192
|
+
timeout: true
|
|
193
|
+
});
|
|
194
|
+
}, timeoutMs);
|
|
195
|
+
});
|
|
196
|
+
}
|
|
197
|
+
};
|
|
198
|
+
}) });
|
|
196
199
|
|
|
197
200
|
//#endregion
|
|
201
|
+
init_safari_fallbacks();
|
|
198
202
|
exports.WebAuthnBridgeMessage = WebAuthnBridgeMessage;
|
|
199
203
|
exports.executeWebAuthnWithParentFallbacksSafari = executeWebAuthnWithParentFallbacksSafari;
|
|
204
|
+
Object.defineProperty(exports, 'init_safari_fallbacks', {
|
|
205
|
+
enumerable: true,
|
|
206
|
+
get: function () {
|
|
207
|
+
return init_safari_fallbacks;
|
|
208
|
+
}
|
|
209
|
+
});
|
|
200
210
|
//# sourceMappingURL=safari-fallbacks.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"safari-fallbacks.js","names":["be: unknown","e: unknown"],"sources":["../../../../../src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.ts"],"sourcesContent":["// Safari/WebAuthn fallbacks: centralized retry + top-level bridge\n// - Encapsulates Safari-specific error handling (ancestor-origin, not-focused)\n// - Bridges create/get to top-level via postMessage when needed\n// - Keeps helpers private to reduce file count and surface area\n\ntype Kind = 'create' | 'get';\n\n// Typed message names for parent-domain bridge\nexport const WebAuthnBridgeMessage = {\n Create: 'WALLET_WEBAUTHN_CREATE',\n Get: 'WALLET_WEBAUTHN_GET',\n CreateResult: 'WALLET_WEBAUTHN_CREATE_RESULT',\n GetResult: 'WALLET_WEBAUTHN_GET_RESULT',\n} as const;\n\nexport type BridgeKind = typeof WebAuthnBridgeMessage.Create | typeof WebAuthnBridgeMessage.Get;\nexport type BridgeResultKind = typeof WebAuthnBridgeMessage.CreateResult | typeof WebAuthnBridgeMessage.GetResult;\n\ntype ResultTypeFor<K extends BridgeKind> =\n K extends typeof WebAuthnBridgeMessage.Get\n ? typeof WebAuthnBridgeMessage.GetResult\n : typeof WebAuthnBridgeMessage.CreateResult;\n\nfunction getResultTypeFor<K extends BridgeKind>(kind: K): ResultTypeFor<K> {\n return (kind === WebAuthnBridgeMessage.Get\n ? WebAuthnBridgeMessage.GetResult\n : WebAuthnBridgeMessage.CreateResult) as ResultTypeFor<K>;\n}\n\ntype BridgeOk = { ok: true; credential: unknown };\ntype BridgeErr = { ok: false; error?: string; timeout?: boolean };\ntype BridgeResponse = BridgeOk | BridgeErr;\n\n// Client interface used to request WebAuthn from the parent/top-level context\nexport type ParentDomainWebAuthnClient = {\n request<K extends BridgeKind>(\n kind: K,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n timeoutMs?: number,\n ): Promise<BridgeResponse>;\n};\n\nexport interface OrchestratorDeps {\n rpId: string;\n inIframe: boolean;\n timeoutMs?: number;\n bridgeClient?: ParentDomainWebAuthnClient;\n // Gate for ancestor-error on GET; bridges for focus errors are always allowed when in iframe.\n permitGetBridgeOnAncestorError?: boolean;\n // Optional AbortSignal to cancel native navigator.credentials operations.\n // Note: parent-bridge path may not be abortable.\n abortSignal?: AbortSignal;\n}\n\n/**\n * Execute a WebAuthn operation with Safari-aware fallbacks.\n *\n * Steps:\n * 1) Try native WebAuthn via navigator.credentials.{create|get}\n * 2) If the failure matches Safari's ancestor-origin restriction and we are in an iframe,\n * ask the parent/top-level window to perform the WebAuthn operation (bridge). If the\n * parent reports a user cancellation, throw NotAllowedError; if it times out, continue.\n * 3) If the failure matches Safari's \"document not focused\" path, first attempt to refocus\n * and retry native once; if still blocked and in an iframe, ask the parent window to handle it.\n * 4) Generic last resort: when in an iframe (constrained context), always attempt the parent\n * WebAuthn once even if the error wasn't recognized as a Safari-specific case. If the parent\n * path times out, surface a deterministic timeout error without re-trying native again.\n * 5) Otherwise, rethrow the original error.\n */\nexport async function executeWebAuthnWithParentFallbacksSafari(\n kind: Kind,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n deps: OrchestratorDeps,\n): Promise<PublicKeyCredential | unknown> {\n\n const {\n rpId,\n inIframe,\n timeoutMs = 60000,\n permitGetBridgeOnAncestorError = true\n } = deps;\n const bridgeClient = deps.bridgeClient || new WindowParentDomainWebAuthnClient();\n\n const isTestForceNativeFail = (): boolean => {\n const g = (globalThis as any);\n const w = (typeof window !== 'undefined' ? (window as any) : undefined);\n return !!(g && g.__W3A_TEST_FORCE_NATIVE_FAIL) || !!(w && w.__W3A_TEST_FORCE_NATIVE_FAIL);\n };\n const bumpCounter = (key: string) => {\n const g = (globalThis as any);\n g[key] = (g[key] || 0) + 1;\n };\n\n // Test harness fast-path: when explicitly forcing native fail, skip native and go straight to bridge.\n // Still bump native attempt counters for determinism in tests.\n if (isTestForceNativeFail()) {\n if (kind === 'create') bumpCounter('__W3A_TEST_NATIVE_CREATE_ATTEMPTS');\n else bumpCounter('__W3A_TEST_NATIVE_GET_ATTEMPTS');\n try {\n const bridged = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridged?.ok) return bridged.credential;\n if (bridged && !bridged.timeout) {\n throw notAllowedError(bridged.error || 'WebAuthn cancelled or failed (bridge)');\n }\n throw new Error('WebAuthn bridge timeout');\n } catch (be: unknown) {\n // Ensure consistent error type for unit tests\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n const tryNative = async () => {\n if (kind === 'create') {\n bumpCounter('__W3A_TEST_NATIVE_CREATE_ATTEMPTS');\n if (isTestForceNativeFail()) throw notAllowedError('Forced native fail (create)');\n // Build options with optional AbortSignal\n return await navigator.credentials.create({\n publicKey: publicKey as PublicKeyCredentialCreationOptions,\n ...(deps.abortSignal ? { signal: deps.abortSignal } : {}),\n });\n } else {\n bumpCounter('__W3A_TEST_NATIVE_GET_ATTEMPTS');\n if (isTestForceNativeFail()) throw notAllowedError('Forced native fail (get)');\n return await navigator.credentials.get({\n publicKey: publicKey as PublicKeyCredentialRequestOptions,\n ...(deps.abortSignal ? { signal: deps.abortSignal } : {}),\n });\n }\n };\n\n // Step 1: native attempt\n try {\n return await tryNative();\n } catch (e: unknown) {\n // If the user explicitly cancelled (generic NotAllowedError without Safari-specific hints),\n // do not attempt any bridge fallbacks that would re-prompt Touch ID. Propagate immediately.\n // This avoids double prompts when a user cancels the native sheet.\n const name = safeName(e);\n if (name === 'NotAllowedError' && !isAncestorOriginError(e) && !isDocumentNotFocusedError(e)) {\n throw e;\n }\n\n // Step 2: ancestor-origin restriction → parent bridge (when in iframe)\n if (isAncestorOriginError(e) && inIframe) {\n if (kind === 'get' && !permitGetBridgeOnAncestorError) {\n throw e;\n }\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn get cancelled or failed (bridge)');\n }\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n // Step 3: document-not-focused → refocus + retry native; then parent bridge if still blocked\n if (isDocumentNotFocusedError(e)) {\n const focused = await attemptRefocus();\n if (focused) {\n try { return await tryNative(); } catch {}\n }\n if (inIframe) {\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn get cancelled or failed (bridge)');\n }\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n }\n\n // Step 4: generic last-resort bridge path for constrained iframe contexts\n if (inIframe) {\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn cancelled or failed (bridge)');\n }\n // Timeout: surface an explicit error without re‑trying native again\n throw new Error('WebAuthn bridge timeout');\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n // Step 5: not an iframe or no recognized fallback – rethrow original error\n throw e;\n }\n}\n\n// Request the parent/top-level window to perform the WebAuthn operation\nexport async function requestParentDomainWebAuthn(\n kind: Kind,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n client: ParentDomainWebAuthnClient,\n timeoutMs: number,\n): Promise<BridgeResponse> {\n if (kind === 'create') {\n return client.request(WebAuthnBridgeMessage.Create, publicKey as PublicKeyCredentialCreationOptions, timeoutMs);\n }\n return client.request(WebAuthnBridgeMessage.Get, publicKey as PublicKeyCredentialRequestOptions, timeoutMs);\n}\n\n// Default bridge client using window.parent postMessage protocol\nexport class WindowParentDomainWebAuthnClient implements ParentDomainWebAuthnClient {\n async request<K extends BridgeKind>(\n kind: K,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n timeoutMs = 60000,\n ): Promise<BridgeResponse> {\n const requestId = `${kind}:${Date.now()}:${Math.random().toString(36).slice(2)}`;\n const resultType = getResultTypeFor(kind);\n\n return new Promise((resolve) => {\n let settled = false;\n const finish = (val: BridgeResponse) => { if (!settled) { settled = true; resolve(val); } };\n\n const onMessage = (ev: MessageEvent) => {\n const payload = ev?.data as unknown;\n if (!payload || typeof (payload as { type?: unknown }).type !== 'string') return;\n const t = (payload as { type: string }).type;\n if (t !== resultType) return;\n const rid = (payload as { requestId?: unknown }).requestId;\n if (rid !== requestId) return;\n window.removeEventListener('message', onMessage);\n const ok = !!(payload as { ok?: unknown }).ok;\n const cred = (payload as { credential?: unknown }).credential;\n const err = (payload as { error?: unknown }).error;\n if (ok && cred) return finish({ ok: true, credential: cred });\n return finish({ ok: false, error: typeof err === 'string' ? err : undefined });\n };\n window.addEventListener('message', onMessage);\n window.parent?.postMessage({ type: kind, requestId, publicKey } as { type: K; requestId: string; publicKey: any }, '*');\n setTimeout(() => { window.removeEventListener('message', onMessage); finish({ ok: false, timeout: true }); }, timeoutMs);\n });\n }\n}\n\nfunction notAllowedError(message: string): Error {\n const e = new Error(message);\n (e as any).name = 'NotAllowedError';\n return e;\n}\n\n// Private: error classification helpers\nfunction isAncestorOriginError(err: unknown): boolean {\n const msg = safeMessage(err);\n return /origin of the document is not the same as its ancestors/i.test(msg);\n}\n\nfunction isDocumentNotFocusedError(err: unknown): boolean {\n const name = safeName(err);\n const msg = safeMessage(err);\n const isNotAllowed = name === 'NotAllowedError';\n const mentionsFocus = /document is not focused|not focused|focus/i.test(msg);\n return Boolean(isNotAllowed && mentionsFocus);\n}\n\nfunction safeMessage(err: unknown): string {\n return String((err as { message?: unknown })?.message || '');\n}\n\nfunction safeName(err: unknown): string {\n const n = (err as { name?: unknown })?.name;\n return typeof n === 'string' ? n : '';\n}\n\n// Private: focus utility to mitigate Safari focus issues\nasync function attemptRefocus(maxRetries = 2, delays: number[] = [50, 120]): Promise<boolean> {\n (window as any).focus?.();\n (document?.body as any)?.focus?.();\n\n const wait = (ms: number) => new Promise(r => setTimeout(r, ms));\n const total = Math.max(0, maxRetries);\n for (let i = 0; i <= total; i++) {\n const d = delays[i] ?? delays[delays.length - 1] ?? 80;\n await wait(d);\n if (document.hasFocus()) return true;\n (window as any).focus?.();\n }\n return document.hasFocus();\n}\n"],"mappings":";;;AAQA,MAAa,wBAAwB;CACnC,QAAQ;CACR,KAAK;CACL,cAAc;CACd,WAAW;;AAWb,SAAS,iBAAuC,MAA2B;AACzE,QAAQ,SAAS,sBAAsB,MACnC,sBAAsB,YACtB,sBAAsB;;;;;;;;;;;;;;;;;AA2C5B,eAAsB,yCACpB,MACA,WACA,MACwC;CAExC,MAAM,EACJ,MACA,UACA,YAAY,KACZ,iCAAiC,SAC/B;CACJ,MAAM,eAAe,KAAK,gBAAgB,IAAI;CAE9C,MAAM,8BAAuC;EAC3C,MAAM,IAAK;EACX,MAAM,IAAK,OAAO,WAAW,cAAe,SAAiB;AAC7D,SAAO,CAAC,EAAE,KAAK,EAAE,iCAAiC,CAAC,EAAE,KAAK,EAAE;;CAE9D,MAAM,eAAe,QAAgB;EACnC,MAAM,IAAK;AACX,IAAE,QAAQ,EAAE,QAAQ,KAAK;;AAK3B,KAAI,yBAAyB;AAC3B,MAAI,SAAS,SAAU,aAAY;MAC9B,aAAY;AACjB,MAAI;GACF,MAAM,UAAU,MAAM,4BAA4B,MAAM,WAAW,cAAc;AACjF,OAAI,SAAS,GAAI,QAAO,QAAQ;AAChC,OAAI,WAAW,CAAC,QAAQ,QACtB,OAAM,gBAAgB,QAAQ,SAAS;AAEzC,SAAM,IAAI,MAAM;WACTA,IAAa;AAEpB,SAAM,gBAAiB,IAAY,WAAW;;;CAIlD,MAAM,YAAY,YAAY;AAC5B,MAAI,SAAS,UAAU;AACrB,eAAY;AACZ,OAAI,wBAAyB,OAAM,gBAAgB;AAEnD,UAAO,MAAM,UAAU,YAAY,OAAO;IAC7B;IACX,GAAI,KAAK,cAAc,EAAE,QAAQ,KAAK,gBAAgB;;SAEnD;AACL,eAAY;AACZ,OAAI,wBAAyB,OAAM,gBAAgB;AACnD,UAAO,MAAM,UAAU,YAAY,IAAI;IAC1B;IACX,GAAI,KAAK,cAAc,EAAE,QAAQ,KAAK,gBAAgB;;;;AAM5D,KAAI;AACF,SAAO,MAAM;UACNC,GAAY;EAInB,MAAM,OAAO,SAAS;AACtB,MAAI,SAAS,qBAAqB,CAAC,sBAAsB,MAAM,CAAC,0BAA0B,GACxF,OAAM;AAIR,MAAI,sBAAsB,MAAM,UAAU;AACxC,OAAI,SAAS,SAAS,CAAC,+BACrB,OAAM;AAER,OAAI;IACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,QAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,QAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;YAE7CD,IAAa;AACpB,UAAM,gBAAiB,IAAY,WAAW;;;AAKlD,MAAI,0BAA0B,IAAI;GAChC,MAAM,UAAU,MAAM;AACtB,OAAI,QACF,KAAI;AAAE,WAAO,MAAM;WAAqB;AAE1C,OAAI,SACF,KAAI;IACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,QAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,QAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;YAE7CA,IAAa;AACpB,UAAM,gBAAiB,IAAY,WAAW;;;AAMpD,MAAI,SACF,KAAI;GACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,OAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,OAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;AAGpD,SAAM,IAAI,MAAM;WACTA,IAAa;AACpB,SAAM,gBAAiB,IAAY,WAAW;;AAKlD,QAAM;;;AAKV,eAAsB,4BACpB,MACA,WACA,QACA,WACyB;AACzB,KAAI,SAAS,SACX,QAAO,OAAO,QAAQ,sBAAsB,QAAQ,WAAiD;AAEvG,QAAO,OAAO,QAAQ,sBAAsB,KAAK,WAAgD;;AAInG,IAAa,mCAAb,MAAoF;CAClF,MAAM,QACJ,MACA,WACA,YAAY,KACa;EACzB,MAAM,YAAY,GAAG,KAAK,GAAG,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;EAC5E,MAAM,aAAa,iBAAiB;AAEpC,SAAO,IAAI,SAAS,YAAY;GAC9B,IAAI,UAAU;GACd,MAAM,UAAU,QAAwB;AAAE,QAAI,CAAC,SAAS;AAAE,eAAU;AAAM,aAAQ;;;GAElF,MAAM,aAAa,OAAqB;IACtC,MAAM,UAAU,IAAI;AACpB,QAAI,CAAC,WAAW,OAAQ,QAA+B,SAAS,SAAU;IAC1E,MAAM,IAAK,QAA6B;AACxC,QAAI,MAAM,WAAY;IACtB,MAAM,MAAO,QAAoC;AACjD,QAAI,QAAQ,UAAW;AACvB,WAAO,oBAAoB,WAAW;IACtC,MAAM,KAAK,CAAC,CAAE,QAA6B;IAC3C,MAAM,OAAQ,QAAqC;IACnD,MAAM,MAAO,QAAgC;AAC7C,QAAI,MAAM,KAAM,QAAO,OAAO;KAAE,IAAI;KAAM,YAAY;;AACtD,WAAO,OAAO;KAAE,IAAI;KAAO,OAAO,OAAO,QAAQ,WAAW,MAAM;;;AAEpE,UAAO,iBAAiB,WAAW;AACnC,UAAO,QAAQ,YAAY;IAAE,MAAM;IAAM;IAAW;MAA+D;AACnH,oBAAiB;AAAE,WAAO,oBAAoB,WAAW;AAAY,WAAO;KAAE,IAAI;KAAO,SAAS;;MAAY;;;;AAKpH,SAAS,gBAAgB,SAAwB;CAC/C,MAAM,IAAI,IAAI,MAAM;AACpB,CAAC,EAAU,OAAO;AAClB,QAAO;;AAIT,SAAS,sBAAsB,KAAuB;CACpD,MAAM,MAAM,YAAY;AACxB,QAAO,2DAA2D,KAAK;;AAGzE,SAAS,0BAA0B,KAAuB;CACxD,MAAM,OAAO,SAAS;CACtB,MAAM,MAAM,YAAY;CACxB,MAAM,eAAe,SAAS;CAC9B,MAAM,gBAAgB,6CAA6C,KAAK;AACxE,QAAO,QAAQ,gBAAgB;;AAGjC,SAAS,YAAY,KAAsB;AACzC,QAAO,OAAQ,KAA+B,WAAW;;AAG3D,SAAS,SAAS,KAAsB;CACtC,MAAM,IAAK,KAA4B;AACvC,QAAO,OAAO,MAAM,WAAW,IAAI;;AAIrC,eAAe,eAAe,aAAa,GAAG,SAAmB,CAAC,IAAI,MAAwB;AAC5F,CAAC,OAAe;AAChB,EAAC,UAAU,OAAc;CAEzB,MAAM,QAAQ,OAAe,IAAI,SAAQ,MAAK,WAAW,GAAG;CAC5D,MAAM,QAAQ,KAAK,IAAI,GAAG;AAC1B,MAAK,IAAI,IAAI,GAAG,KAAK,OAAO,KAAK;EAC/B,MAAM,IAAI,OAAO,MAAM,OAAO,OAAO,SAAS,MAAM;AACpD,QAAM,KAAK;AACX,MAAI,SAAS,WAAY,QAAO;AAChC,EAAC,OAAe;;AAElB,QAAO,SAAS"}
|
|
1
|
+
{"version":3,"file":"safari-fallbacks.js","names":["be: unknown","e: unknown"],"sources":["../../../../../src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.ts"],"sourcesContent":["// Safari/WebAuthn fallbacks: centralized retry + top-level bridge\n// - Encapsulates Safari-specific error handling (ancestor-origin, not-focused)\n// - Bridges create/get to top-level via postMessage when needed\n// - Keeps helpers private to reduce file count and surface area\n\ntype Kind = 'create' | 'get';\n\n// Typed message names for parent-domain bridge\nexport const WebAuthnBridgeMessage = {\n Create: 'WALLET_WEBAUTHN_CREATE',\n Get: 'WALLET_WEBAUTHN_GET',\n CreateResult: 'WALLET_WEBAUTHN_CREATE_RESULT',\n GetResult: 'WALLET_WEBAUTHN_GET_RESULT',\n} as const;\n\nexport type BridgeKind = typeof WebAuthnBridgeMessage.Create | typeof WebAuthnBridgeMessage.Get;\nexport type BridgeResultKind = typeof WebAuthnBridgeMessage.CreateResult | typeof WebAuthnBridgeMessage.GetResult;\n\ntype ResultTypeFor<K extends BridgeKind> =\n K extends typeof WebAuthnBridgeMessage.Get\n ? typeof WebAuthnBridgeMessage.GetResult\n : typeof WebAuthnBridgeMessage.CreateResult;\n\nfunction getResultTypeFor<K extends BridgeKind>(kind: K): ResultTypeFor<K> {\n return (kind === WebAuthnBridgeMessage.Get\n ? WebAuthnBridgeMessage.GetResult\n : WebAuthnBridgeMessage.CreateResult) as ResultTypeFor<K>;\n}\n\ntype BridgeOk = { ok: true; credential: unknown };\ntype BridgeErr = { ok: false; error?: string; timeout?: boolean };\ntype BridgeResponse = BridgeOk | BridgeErr;\n\n// Client interface used to request WebAuthn from the parent/top-level context\nexport type ParentDomainWebAuthnClient = {\n request<K extends BridgeKind>(\n kind: K,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n timeoutMs?: number,\n ): Promise<BridgeResponse>;\n};\n\nexport interface OrchestratorDeps {\n rpId: string;\n inIframe: boolean;\n timeoutMs?: number;\n bridgeClient?: ParentDomainWebAuthnClient;\n // Gate for ancestor-error on GET; bridges for focus errors are always allowed when in iframe.\n permitGetBridgeOnAncestorError?: boolean;\n // Optional AbortSignal to cancel native navigator.credentials operations.\n // Note: parent-bridge path may not be abortable.\n abortSignal?: AbortSignal;\n}\n\n/**\n * Execute a WebAuthn operation with Safari-aware fallbacks.\n *\n * Steps:\n * 1) Try native WebAuthn via navigator.credentials.{create|get}\n * 2) If the failure matches Safari's ancestor-origin restriction and we are in an iframe,\n * ask the parent/top-level window to perform the WebAuthn operation (bridge). If the\n * parent reports a user cancellation, throw NotAllowedError; if it times out, continue.\n * 3) If the failure matches Safari's \"document not focused\" path, first attempt to refocus\n * and retry native once; if still blocked and in an iframe, ask the parent window to handle it.\n * 4) Generic last resort: when in an iframe (constrained context), always attempt the parent\n * WebAuthn once even if the error wasn't recognized as a Safari-specific case. If the parent\n * path times out, surface a deterministic timeout error without re-trying native again.\n * 5) Otherwise, rethrow the original error.\n */\nexport async function executeWebAuthnWithParentFallbacksSafari(\n kind: Kind,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n deps: OrchestratorDeps,\n): Promise<PublicKeyCredential | unknown> {\n\n const {\n rpId,\n inIframe,\n timeoutMs = 60000,\n permitGetBridgeOnAncestorError = true\n } = deps;\n const bridgeClient = deps.bridgeClient || new WindowParentDomainWebAuthnClient();\n\n const isTestForceNativeFail = (): boolean => {\n const g = (globalThis as any);\n const w = (typeof window !== 'undefined' ? (window as any) : undefined);\n return !!(g && g.__W3A_TEST_FORCE_NATIVE_FAIL) || !!(w && w.__W3A_TEST_FORCE_NATIVE_FAIL);\n };\n const bumpCounter = (key: string) => {\n const g = (globalThis as any);\n g[key] = (g[key] || 0) + 1;\n };\n\n // Test harness fast-path: when explicitly forcing native fail, skip native and go straight to bridge.\n // Still bump native attempt counters for determinism in tests.\n if (isTestForceNativeFail()) {\n if (kind === 'create') bumpCounter('__W3A_TEST_NATIVE_CREATE_ATTEMPTS');\n else bumpCounter('__W3A_TEST_NATIVE_GET_ATTEMPTS');\n try {\n const bridged = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridged?.ok) return bridged.credential;\n if (bridged && !bridged.timeout) {\n throw notAllowedError(bridged.error || 'WebAuthn cancelled or failed (bridge)');\n }\n throw new Error('WebAuthn bridge timeout');\n } catch (be: unknown) {\n // Ensure consistent error type for unit tests\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n const tryNative = async () => {\n if (kind === 'create') {\n bumpCounter('__W3A_TEST_NATIVE_CREATE_ATTEMPTS');\n if (isTestForceNativeFail()) throw notAllowedError('Forced native fail (create)');\n // Build options with optional AbortSignal\n return await navigator.credentials.create({\n publicKey: publicKey as PublicKeyCredentialCreationOptions,\n ...(deps.abortSignal ? { signal: deps.abortSignal } : {}),\n });\n } else {\n bumpCounter('__W3A_TEST_NATIVE_GET_ATTEMPTS');\n if (isTestForceNativeFail()) throw notAllowedError('Forced native fail (get)');\n return await navigator.credentials.get({\n publicKey: publicKey as PublicKeyCredentialRequestOptions,\n ...(deps.abortSignal ? { signal: deps.abortSignal } : {}),\n });\n }\n };\n\n // Step 1: native attempt\n try {\n return await tryNative();\n } catch (e: unknown) {\n // If the user explicitly cancelled (generic NotAllowedError without Safari-specific hints),\n // do not attempt any bridge fallbacks that would re-prompt Touch ID. Propagate immediately.\n // This avoids double prompts when a user cancels the native sheet.\n const name = safeName(e);\n if (name === 'NotAllowedError' && !isAncestorOriginError(e) && !isDocumentNotFocusedError(e)) {\n throw e;\n }\n\n // Step 2: ancestor-origin restriction → parent bridge (when in iframe)\n if (isAncestorOriginError(e) && inIframe) {\n if (kind === 'get' && !permitGetBridgeOnAncestorError) {\n throw e;\n }\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn get cancelled or failed (bridge)');\n }\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n // Step 3: document-not-focused → refocus + retry native; then parent bridge if still blocked\n if (isDocumentNotFocusedError(e)) {\n const focused = await attemptRefocus();\n if (focused) {\n try { return await tryNative(); } catch {}\n }\n if (inIframe) {\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn get cancelled or failed (bridge)');\n }\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n }\n\n // Step 4: generic last-resort bridge path for constrained iframe contexts\n if (inIframe) {\n try {\n const bridgedCredentials = await requestParentDomainWebAuthn(kind, publicKey, bridgeClient, timeoutMs);\n if (bridgedCredentials?.ok) return bridgedCredentials.credential;\n if (bridgedCredentials && !bridgedCredentials.timeout) {\n throw notAllowedError(bridgedCredentials.error || 'WebAuthn cancelled or failed (bridge)');\n }\n // Timeout: surface an explicit error without re‑trying native again\n throw new Error('WebAuthn bridge timeout');\n } catch (be: unknown) {\n throw notAllowedError((be as any)?.message || 'WebAuthn bridge failed');\n }\n }\n\n // Step 5: not an iframe or no recognized fallback – rethrow original error\n throw e;\n }\n}\n\n// Request the parent/top-level window to perform the WebAuthn operation\nexport async function requestParentDomainWebAuthn(\n kind: Kind,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n client: ParentDomainWebAuthnClient,\n timeoutMs: number,\n): Promise<BridgeResponse> {\n if (kind === 'create') {\n return client.request(WebAuthnBridgeMessage.Create, publicKey as PublicKeyCredentialCreationOptions, timeoutMs);\n }\n return client.request(WebAuthnBridgeMessage.Get, publicKey as PublicKeyCredentialRequestOptions, timeoutMs);\n}\n\n// Default bridge client using window.parent postMessage protocol\nexport class WindowParentDomainWebAuthnClient implements ParentDomainWebAuthnClient {\n async request<K extends BridgeKind>(\n kind: K,\n publicKey: PublicKeyCredentialCreationOptions | PublicKeyCredentialRequestOptions,\n timeoutMs = 60000,\n ): Promise<BridgeResponse> {\n const requestId = `${kind}:${Date.now()}:${Math.random().toString(36).slice(2)}`;\n const resultType = getResultTypeFor(kind);\n\n return new Promise((resolve) => {\n let settled = false;\n const finish = (val: BridgeResponse) => { if (!settled) { settled = true; resolve(val); } };\n\n const onMessage = (ev: MessageEvent) => {\n const payload = ev?.data as unknown;\n if (!payload || typeof (payload as { type?: unknown }).type !== 'string') return;\n const t = (payload as { type: string }).type;\n if (t !== resultType) return;\n const rid = (payload as { requestId?: unknown }).requestId;\n if (rid !== requestId) return;\n window.removeEventListener('message', onMessage);\n const ok = !!(payload as { ok?: unknown }).ok;\n const cred = (payload as { credential?: unknown }).credential;\n const err = (payload as { error?: unknown }).error;\n if (ok && cred) return finish({ ok: true, credential: cred });\n return finish({ ok: false, error: typeof err === 'string' ? err : undefined });\n };\n window.addEventListener('message', onMessage);\n window.parent?.postMessage({ type: kind, requestId, publicKey } as { type: K; requestId: string; publicKey: any }, '*');\n setTimeout(() => { window.removeEventListener('message', onMessage); finish({ ok: false, timeout: true }); }, timeoutMs);\n });\n }\n}\n\nfunction notAllowedError(message: string): Error {\n const e = new Error(message);\n (e as any).name = 'NotAllowedError';\n return e;\n}\n\n// Private: error classification helpers\nfunction isAncestorOriginError(err: unknown): boolean {\n const msg = safeMessage(err);\n return /origin of the document is not the same as its ancestors/i.test(msg);\n}\n\nfunction isDocumentNotFocusedError(err: unknown): boolean {\n const name = safeName(err);\n const msg = safeMessage(err);\n const isNotAllowed = name === 'NotAllowedError';\n const mentionsFocus = /document is not focused|not focused|focus/i.test(msg);\n return Boolean(isNotAllowed && mentionsFocus);\n}\n\nfunction safeMessage(err: unknown): string {\n return String((err as { message?: unknown })?.message || '');\n}\n\nfunction safeName(err: unknown): string {\n const n = (err as { name?: unknown })?.name;\n return typeof n === 'string' ? n : '';\n}\n\n// Private: focus utility to mitigate Safari focus issues\nasync function attemptRefocus(maxRetries = 2, delays: number[] = [50, 120]): Promise<boolean> {\n (window as any).focus?.();\n (document?.body as any)?.focus?.();\n\n const wait = (ms: number) => new Promise(r => setTimeout(r, ms));\n const total = Math.max(0, maxRetries);\n for (let i = 0; i <= total; i++) {\n const d = delays[i] ?? delays[delays.length - 1] ?? 80;\n await wait(d);\n if (document.hasFocus()) return true;\n (window as any).focus?.();\n }\n return document.hasFocus();\n}\n"],"mappings":";;;AAuBA,SAAS,iBAAuC,MAA2B;AACzE,QAAQ,SAAS,sBAAsB,MACnC,sBAAsB,YACtB,sBAAsB;;;;;;;;;;;;;;;;;AA2C5B,eAAsB,yCACpB,MACA,WACA,MACwC;CAExC,MAAM,EACJ,MACA,UACA,YAAY,KACZ,iCAAiC,SAC/B;CACJ,MAAM,eAAe,KAAK,gBAAgB,IAAI;CAE9C,MAAM,8BAAuC;EAC3C,MAAM,IAAK;EACX,MAAM,IAAK,OAAO,WAAW,cAAe,SAAiB;AAC7D,SAAO,CAAC,EAAE,KAAK,EAAE,iCAAiC,CAAC,EAAE,KAAK,EAAE;;CAE9D,MAAM,eAAe,QAAgB;EACnC,MAAM,IAAK;AACX,IAAE,QAAQ,EAAE,QAAQ,KAAK;;AAK3B,KAAI,yBAAyB;AAC3B,MAAI,SAAS,SAAU,aAAY;MAC9B,aAAY;AACjB,MAAI;GACF,MAAM,UAAU,MAAM,4BAA4B,MAAM,WAAW,cAAc;AACjF,OAAI,SAAS,GAAI,QAAO,QAAQ;AAChC,OAAI,WAAW,CAAC,QAAQ,QACtB,OAAM,gBAAgB,QAAQ,SAAS;AAEzC,SAAM,IAAI,MAAM;WACTA,IAAa;AAEpB,SAAM,gBAAiB,IAAY,WAAW;;;CAIlD,MAAM,YAAY,YAAY;AAC5B,MAAI,SAAS,UAAU;AACrB,eAAY;AACZ,OAAI,wBAAyB,OAAM,gBAAgB;AAEnD,UAAO,MAAM,UAAU,YAAY,OAAO;IAC7B;IACX,GAAI,KAAK,cAAc,EAAE,QAAQ,KAAK,gBAAgB;;SAEnD;AACL,eAAY;AACZ,OAAI,wBAAyB,OAAM,gBAAgB;AACnD,UAAO,MAAM,UAAU,YAAY,IAAI;IAC1B;IACX,GAAI,KAAK,cAAc,EAAE,QAAQ,KAAK,gBAAgB;;;;AAM5D,KAAI;AACF,SAAO,MAAM;UACNC,GAAY;EAInB,MAAM,OAAO,SAAS;AACtB,MAAI,SAAS,qBAAqB,CAAC,sBAAsB,MAAM,CAAC,0BAA0B,GACxF,OAAM;AAIR,MAAI,sBAAsB,MAAM,UAAU;AACxC,OAAI,SAAS,SAAS,CAAC,+BACrB,OAAM;AAER,OAAI;IACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,QAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,QAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;YAE7CD,IAAa;AACpB,UAAM,gBAAiB,IAAY,WAAW;;;AAKlD,MAAI,0BAA0B,IAAI;GAChC,MAAM,UAAU,MAAM;AACtB,OAAI,QACF,KAAI;AAAE,WAAO,MAAM;WAAqB;AAE1C,OAAI,SACF,KAAI;IACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,QAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,QAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;YAE7CA,IAAa;AACpB,UAAM,gBAAiB,IAAY,WAAW;;;AAMpD,MAAI,SACF,KAAI;GACF,MAAM,qBAAqB,MAAM,4BAA4B,MAAM,WAAW,cAAc;AAC5F,OAAI,oBAAoB,GAAI,QAAO,mBAAmB;AACtD,OAAI,sBAAsB,CAAC,mBAAmB,QAC5C,OAAM,gBAAgB,mBAAmB,SAAS;AAGpD,SAAM,IAAI,MAAM;WACTA,IAAa;AACpB,SAAM,gBAAiB,IAAY,WAAW;;AAKlD,QAAM;;;AAKV,eAAsB,4BACpB,MACA,WACA,QACA,WACyB;AACzB,KAAI,SAAS,SACX,QAAO,OAAO,QAAQ,sBAAsB,QAAQ,WAAiD;AAEvG,QAAO,OAAO,QAAQ,sBAAsB,KAAK,WAAgD;;AAsCnG,SAAS,gBAAgB,SAAwB;CAC/C,MAAM,IAAI,IAAI,MAAM;AACpB,CAAC,EAAU,OAAO;AAClB,QAAO;;AAIT,SAAS,sBAAsB,KAAuB;CACpD,MAAM,MAAM,YAAY;AACxB,QAAO,2DAA2D,KAAK;;AAGzE,SAAS,0BAA0B,KAAuB;CACxD,MAAM,OAAO,SAAS;CACtB,MAAM,MAAM,YAAY;CACxB,MAAM,eAAe,SAAS;CAC9B,MAAM,gBAAgB,6CAA6C,KAAK;AACxE,QAAO,QAAQ,gBAAgB;;AAGjC,SAAS,YAAY,KAAsB;AACzC,QAAO,OAAQ,KAA+B,WAAW;;AAG3D,SAAS,SAAS,KAAsB;CACtC,MAAM,IAAK,KAA4B;AACvC,QAAO,OAAO,MAAM,WAAW,IAAI;;AAIrC,eAAe,eAAe,aAAa,GAAG,SAAmB,CAAC,IAAI,MAAwB;AAC5F,CAAC,OAAe;AAChB,EAAC,UAAU,OAAc;CAEzB,MAAM,QAAQ,OAAe,IAAI,SAAQ,MAAK,WAAW,GAAG;CAC5D,MAAM,QAAQ,KAAK,IAAI,GAAG;AAC1B,MAAK,IAAI,IAAI,GAAG,KAAK,OAAO,KAAK;EAC/B,MAAM,IAAI,OAAO,MAAM,OAAO,OAAO,SAAS,MAAM;AACpD,QAAM,KAAK;AACX,MAAI,SAAS,WAAY,QAAO;AAChC,EAAC,OAAe;;AAElB,QAAO,SAAS;;;;CAvRL,wBAAwB;EACnC,QAAQ;EACR,KAAK;EACL,cAAc;EACd,WAAW;;CAuMA,mCAAb,MAAoF;EAClF,MAAM,QACJ,MACA,WACA,YAAY,KACa;GACzB,MAAM,YAAY,GAAG,KAAK,GAAG,KAAK,MAAM,GAAG,KAAK,SAAS,SAAS,IAAI,MAAM;GAC5E,MAAM,aAAa,iBAAiB;AAEpC,UAAO,IAAI,SAAS,YAAY;IAC9B,IAAI,UAAU;IACd,MAAM,UAAU,QAAwB;AAAE,SAAI,CAAC,SAAS;AAAE,gBAAU;AAAM,cAAQ;;;IAElF,MAAM,aAAa,OAAqB;KACtC,MAAM,UAAU,IAAI;AACpB,SAAI,CAAC,WAAW,OAAQ,QAA+B,SAAS,SAAU;KAC1E,MAAM,IAAK,QAA6B;AACxC,SAAI,MAAM,WAAY;KACtB,MAAM,MAAO,QAAoC;AACjD,SAAI,QAAQ,UAAW;AACvB,YAAO,oBAAoB,WAAW;KACtC,MAAM,KAAK,CAAC,CAAE,QAA6B;KAC3C,MAAM,OAAQ,QAAqC;KACnD,MAAM,MAAO,QAAgC;AAC7C,SAAI,MAAM,KAAM,QAAO,OAAO;MAAE,IAAI;MAAM,YAAY;;AACtD,YAAO,OAAO;MAAE,IAAI;MAAO,OAAO,OAAO,QAAQ,WAAW,MAAM;;;AAEpE,WAAO,iBAAiB,WAAW;AACnC,WAAO,QAAQ,YAAY;KAAE,MAAM;KAAM;KAAW;OAA+D;AACnH,qBAAiB;AAAE,YAAO,oBAAoB,WAAW;AAAY,YAAO;MAAE,IAAI;MAAO,SAAS;;OAAY"}
|
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
const require_rolldown_runtime = require('../../_virtual/rolldown_runtime.js');
|
|
2
2
|
const require_validation = require('../WalletIframe/validation.js');
|
|
3
3
|
const require_base64 = require('../../utils/base64.js');
|
|
4
|
-
require('../../utils/index.js');
|
|
4
|
+
const require_index = require('../../utils/index.js');
|
|
5
5
|
|
|
6
6
|
//#region src/core/WebAuthnManager/credentialsHelpers.ts
|
|
7
|
-
require_validation.init_validation();
|
|
8
7
|
/**
|
|
9
8
|
* Serialize PublicKeyCredential for both authentication and registration for WASM worker
|
|
10
9
|
* - Uses base64url encoding for WASM compatibility
|
|
@@ -278,10 +277,21 @@ function normalizeClientExtensionOutputs(input) {
|
|
|
278
277
|
}
|
|
279
278
|
return out;
|
|
280
279
|
}
|
|
280
|
+
var init_credentialsHelpers = require_rolldown_runtime.__esm({ "src/core/WebAuthnManager/credentialsHelpers.ts": (() => {
|
|
281
|
+
require_index.init_utils();
|
|
282
|
+
require_validation.init_validation();
|
|
283
|
+
}) });
|
|
281
284
|
|
|
282
285
|
//#endregion
|
|
286
|
+
init_credentialsHelpers();
|
|
283
287
|
exports.generateChaCha20Salt = generateChaCha20Salt;
|
|
284
288
|
exports.generateEd25519Salt = generateEd25519Salt;
|
|
289
|
+
Object.defineProperty(exports, 'init_credentialsHelpers', {
|
|
290
|
+
enumerable: true,
|
|
291
|
+
get: function () {
|
|
292
|
+
return init_credentialsHelpers;
|
|
293
|
+
}
|
|
294
|
+
});
|
|
285
295
|
exports.isSerializedRegistrationCredential = isSerializedRegistrationCredential;
|
|
286
296
|
exports.normalizeRegistrationCredential = normalizeRegistrationCredential;
|
|
287
297
|
exports.removePrfOutputGuard = removePrfOutputGuard;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"credentialsHelpers.js","names":["transports: string[]","base64UrlEncode","isObject","normalized: Record<string, unknown>","isString","response: Record<string, unknown>","isArray","credentialWithoutPrf: C","out: AuthenticationExtensionsClientOutputs","outCp: CredentialPropertiesOutput"],"sources":["../../../../src/core/WebAuthnManager/credentialsHelpers.ts"],"sourcesContent":["import { base64UrlEncode } from \"../../utils\";\nimport { isObject, isString, isArray } from '../WalletIframe/validation';\nimport {\n type WebAuthnAuthenticationCredential,\n type WebAuthnRegistrationCredential,\n type AuthenticationExtensionsClientOutputs,\n type CredentialPropertiesOutput,\n} from '../types/webauthn';\n\ntype SerializableCredential = WebAuthnAuthenticationCredential | WebAuthnRegistrationCredential;\n\n/**\n * Serialize PublicKeyCredential for both authentication and registration for WASM worker\n * - Uses base64url encoding for WASM compatibility\n *\n * @returns SerializableCredential - The serialized credential\n * - Does not return PRF outputs\n */\nexport function serializeRegistrationCredential(\n credential: PublicKeyCredential,\n): WebAuthnRegistrationCredential {\n const response = credential.response as AuthenticatorAttestationResponse;\n // Safari and some platforms may not implement getTransports(); guard it.\n let transports: string[] = [];\n try {\n const fn = (response as { getTransports?: () => string[] })?.getTransports;\n if (typeof fn === 'function') {\n transports = fn.call(response) || [];\n }\n } catch {\n transports = [];\n }\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n type: credential.type,\n authenticatorAttachment: credential.authenticatorAttachment ?? undefined,\n response: {\n clientDataJSON: base64UrlEncode(response.clientDataJSON),\n attestationObject: base64UrlEncode(response.attestationObject),\n transports,\n },\n clientExtensionResults: {\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n },\n };\n}\n\nexport function serializeAuthenticationCredential(\n credential: PublicKeyCredential,\n): WebAuthnAuthenticationCredential {\n const response = credential.response as AuthenticatorAssertionResponse;\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n type: credential.type,\n authenticatorAttachment: credential.authenticatorAttachment ?? undefined,\n response: {\n clientDataJSON: base64UrlEncode(response.clientDataJSON),\n authenticatorData: base64UrlEncode(response.authenticatorData),\n signature: base64UrlEncode(response.signature),\n userHandle: response.userHandle ? base64UrlEncode(response.userHandle as ArrayBuffer) : undefined,\n },\n clientExtensionResults: {\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n },\n };\n}\n\n/**\n * Serialize PublicKeyCredential for both authentication and registration for WASM worker\n * @returns SerializableCredential - The serialized credential\n * - INCLUDES PRF outputs\n */\nexport function serializeRegistrationCredentialWithPRF({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = true,\n}: {\n credential: PublicKeyCredential,\n firstPrfOutput?: boolean,\n secondPrfOutput?: boolean,\n}): WebAuthnRegistrationCredential {\n const base = serializeRegistrationCredential(credential);\n const { chacha20PrfOutput, ed25519PrfOutput } = extractPrfFromCredential({\n credential,\n firstPrfOutput,\n secondPrfOutput,\n });\n return {\n ...base,\n clientExtensionResults: {\n prf: {\n results: {\n first: chacha20PrfOutput,\n second: ed25519PrfOutput,\n },\n },\n },\n };\n}\n\nexport function serializeAuthenticationCredentialWithPRF({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = false,\n}: {\n credential: PublicKeyCredential,\n firstPrfOutput?: boolean,\n secondPrfOutput?: boolean,\n}): WebAuthnAuthenticationCredential {\n const base = serializeAuthenticationCredential(credential);\n const { chacha20PrfOutput, ed25519PrfOutput } = extractPrfFromCredential({\n credential,\n firstPrfOutput,\n secondPrfOutput,\n });\n return {\n ...base,\n clientExtensionResults: {\n prf: {\n results: {\n first: chacha20PrfOutput,\n second: ed25519PrfOutput,\n },\n },\n },\n };\n}\n\n/////////////////////////////////////////\n// RUNTIME VALIDATION / NORMALIZATION\n/////////////////////////////////////////\n\n// Use shared type guards (isString/isArray) from WalletIframe/validation\n\n/**\n * Validates and normalizes a serialized WebAuthn registration credential.\n * Ensures required fields exist and have the expected primitive types.\n * Populates missing optional arrays like transports with [].\n */\nexport function normalizeRegistrationCredential(input: unknown): WebAuthnRegistrationCredential {\n if (!isObject(input)) throw new Error('Invalid credential: not an object');\n\n const candidate = input as Record<string, unknown>;\n const normalized: Record<string, unknown> = { ...candidate };\n\n if (!isString(normalized.id)) throw new Error('Invalid credential.id');\n if (!isString(normalized.type)) throw new Error('Invalid credential.type');\n\n if (!isString(normalized.rawId)) normalized.rawId = '';\n if (normalized.authenticatorAttachment !== undefined && !isString(normalized.authenticatorAttachment)) {\n normalized.authenticatorAttachment = String(normalized.authenticatorAttachment);\n }\n\n const response: Record<string, unknown> = isObject(normalized.response)\n ? { ...(normalized.response as Record<string, unknown>) }\n : {};\n\n if (!isString(response.clientDataJSON)) response.clientDataJSON = '';\n if (!isString(response.attestationObject)) response.attestationObject = '';\n if (!isArray<string>(response.transports)) response.transports = [];\n\n normalized.response = response;\n normalized.clientExtensionResults = normalizeClientExtensionOutputs(normalized.clientExtensionResults);\n\n return normalized as unknown as WebAuthnRegistrationCredential;\n}\n\n/**\n * Validates and normalizes a serialized WebAuthn authentication credential.\n * Ensures required fields exist and have the expected primitive types.\n */\nexport function normalizeAuthenticationCredential(input: unknown): WebAuthnAuthenticationCredential {\n if (!isObject(input)) throw new Error('Invalid credential: not an object');\n\n const candidate = input as Record<string, unknown>;\n const normalized: Record<string, unknown> = { ...candidate };\n\n if (!isString(normalized.id)) throw new Error('Invalid credential.id');\n if (!isString(normalized.type)) throw new Error('Invalid credential.type');\n\n if (!isString(normalized.rawId)) normalized.rawId = '';\n if (normalized.authenticatorAttachment !== undefined && !isString(normalized.authenticatorAttachment)) {\n normalized.authenticatorAttachment = String(normalized.authenticatorAttachment);\n }\n\n const response: Record<string, unknown> = isObject(normalized.response)\n ? { ...(normalized.response as Record<string, unknown>) }\n : {};\n\n if (!isString(response.clientDataJSON)) response.clientDataJSON = '';\n if (!isString(response.authenticatorData)) response.authenticatorData = '';\n if (!isString(response.signature)) response.signature = '';\n if (response.userHandle !== undefined && !isString(response.userHandle)) response.userHandle = undefined;\n\n normalized.response = response;\n normalized.clientExtensionResults = normalizeClientExtensionOutputs(normalized.clientExtensionResults);\n\n return normalized as unknown as WebAuthnAuthenticationCredential;\n}\n\n/**\n * Removes PRF outputs from the credential\n * @param credential - The WebAuthn credential containing PRF outputs\n * @returns Credential with PRF results cleared\n */\nexport function removePrfOutputGuard<C extends SerializableCredential>(credential: C): C {\n const credentialWithoutPrf: C = {\n ...credential,\n clientExtensionResults: {\n ...credential.clientExtensionResults,\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n }\n } as C;\n return credentialWithoutPrf;\n}\n\n/////////////////////////////////////////\n// TYPE GUARDS\n/////////////////////////////////////////\n\n/**\n * Returns true when the input looks like a serialized registration credential\n * (i.e., plain object with base64url string fields), not a live PublicKeyCredential.\n */\nexport function isSerializedRegistrationCredential(x: unknown): x is WebAuthnRegistrationCredential {\n if (!isObject(x)) return false;\n const candidate = x as {\n id?: unknown;\n rawId?: unknown;\n type?: unknown;\n response?: unknown;\n };\n\n if (!isString(candidate.id) || !isString(candidate.rawId) || !isString(candidate.type)) {\n return false;\n }\n\n if (!isObject(candidate.response)) return false;\n const response = candidate.response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n if (!isString(response.clientDataJSON) || !isString(response.attestationObject)) {\n return false;\n }\n\n return response.transports == null || isArray(response.transports);\n}\n\n/**\n * Generate ChaCha20Poly1305 salt using account-specific HKDF for encryption key derivation\n * @param nearAccountId - NEAR account ID to scope the salt to\n * @returns 32-byte Uint8Array salt for ChaCha20Poly1305 key derivation\n */\nexport function generateChaCha20Salt(nearAccountId: string): Uint8Array {\n const saltString = `chacha20-salt:${nearAccountId}`;\n const salt = new Uint8Array(32);\n const saltBytes = new TextEncoder().encode(saltString);\n salt.set(saltBytes.slice(0, 32));\n return salt;\n}\n\n/**\n * Generate Ed25519 salt using account-specific HKDF for signing key derivation\n * @param nearAccountId - NEAR account ID to scope the salt to\n * @returns 32-byte Uint8Array salt for Ed25519 key derivation\n */\nexport function generateEd25519Salt(nearAccountId: string): Uint8Array {\n const saltString = `ed25519-salt:${nearAccountId}`;\n const salt = new Uint8Array(32);\n const saltBytes = new TextEncoder().encode(saltString);\n salt.set(saltBytes.slice(0, 32));\n return salt;\n}\n\n/** Credential that may have extension results (live or serialized) */\ntype CredentialWithExtensions =\n | PublicKeyCredential\n | {\n clientExtensionResults?: unknown;\n getClientExtensionResults?: () => unknown;\n };\n\n/** Extension results structure - flexible to handle both live and serialized forms */\ntype ExtensionResults = {\n prf?: {\n enabled?: boolean;\n results?: {\n first?: unknown;\n second?: unknown;\n };\n };\n [key: string]: unknown;\n};\n\n/** PRF output values after extraction */\ntype PrfOutputs = {\n first?: unknown;\n second?: unknown;\n};\n\n/**\n * Dual PRF outputs for separate encryption and signing key derivation\n */\ninterface DualPrfOutputs {\n /** Base64-encoded PRF output from prf.results.first for ChaCha20Poly1305 encryption */\n chacha20PrfOutput: string;\n /** Base64-encoded PRF output from prf.results.second for Ed25519 signing */\n ed25519PrfOutput: string;\n}\n\n/**\n * Extract PRF outputs from WebAuthn credential extension results\n * ENCODING: Uses base64url for WASM compatibility\n * @param credential - WebAuthn credential with dual PRF extension results\n * @param firstPrfOutput - Whether to include the first PRF output (default: true)\n * @param secondPrfOutput - Whether to include the second PRF output (default: false)\n * @returns PRF outputs\n */\nfunction extractPrfFromCredential({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = false,\n}: {\n credential: CredentialWithExtensions;\n firstPrfOutput?: boolean | undefined;\n secondPrfOutput?: boolean;\n}): DualPrfOutputs {\n // Step 1: Get extension results (support both live and serialized credentials)\n const extensionResults = getExtensionResults(credential);\n\n // Step 2: Extract PRF results object\n const prfResults = extractPrfResultsObject(extensionResults);\n\n // Step 3: Validate PRF results exist and are not empty\n validatePrfResults(prfResults, firstPrfOutput, secondPrfOutput);\n\n // Step 4: Normalize and encode PRF outputs\n const firstEncoded = firstPrfOutput ? normalizePrfValueToBase64Url(prfResults.first) : undefined;\n const secondEncoded = secondPrfOutput ? normalizePrfValueToBase64Url(prfResults.second) : undefined;\n\n // Step 5: Validate required outputs are present\n if (firstPrfOutput && !firstEncoded) {\n throw new Error('Missing PRF result: first');\n }\n if (secondPrfOutput && !secondEncoded) {\n throw new Error('Missing PRF result: second');\n }\n\n return {\n chacha20PrfOutput: firstEncoded || '',\n ed25519PrfOutput: secondEncoded || '',\n };\n}\n\n/** Get extension results from credential (live or serialized) */\nfunction getExtensionResults(credential: CredentialWithExtensions): ExtensionResults | undefined {\n try {\n const fn = (credential as { getClientExtensionResults?: () => unknown }).getClientExtensionResults;\n if (typeof fn === 'function') {\n return fn.call(credential) as ExtensionResults;\n }\n } catch {\n // Fall through to direct property access\n }\n return (credential as { clientExtensionResults?: unknown }).clientExtensionResults as ExtensionResults | undefined;\n}\n\n/** Extract PRF results object from extension results */\nfunction extractPrfResultsObject(extensionResults: ExtensionResults | undefined): PrfOutputs | undefined {\n try {\n return extensionResults?.prf?.results;\n } catch {\n return undefined;\n }\n}\n\n/** Validate PRF results are present and not empty */\nfunction validatePrfResults(\n prfResults: PrfOutputs | undefined,\n firstRequired: boolean,\n secondRequired: boolean\n): asserts prfResults is PrfOutputs {\n if (!prfResults) {\n throw new Error('Missing PRF results from credential, use a PRF-enabled Authenticator');\n }\n\n // Check if PRF results object exists but is completely empty\n // This indicates a hard failure (not a platform limitation that should trigger GET fallback)\n const hasAnyPrfData = prfResults.first !== undefined || prfResults.second !== undefined;\n if (!hasAnyPrfData && (firstRequired || secondRequired)) {\n throw new Error('Missing PRF result - PRF evaluation failed: results object is empty');\n }\n}\n\n/** Normalize a PRF value to base64url string */\nfunction normalizePrfValueToBase64Url(value: unknown): string | undefined {\n if (!value) return undefined;\n\n // Already base64url encoded\n if (typeof value === 'string') return value;\n\n // ArrayBuffer\n if (value instanceof ArrayBuffer) return base64UrlEncode(value);\n\n // ArrayBufferView (TypedArray, DataView)\n if (ArrayBuffer.isView(value)) {\n return base64UrlEncode(value.buffer);\n }\n\n // Try to treat as ArrayBuffer-like\n try {\n return base64UrlEncode(value as ArrayBufferLike);\n } catch {\n // Last resort: wrap in Uint8Array\n try {\n return base64UrlEncode(new Uint8Array(value as ArrayBufferLike).buffer);\n } catch {\n return undefined;\n }\n }\n}\n\n/////////////////////////////////////////\n// EXTENSION OUTPUTS NORMALIZATION\n/////////////////////////////////////////\n\n/**\n * Normalize WebAuthn client extension outputs into an SDK‑local, clone‑safe shape.\n *\n * Purpose:\n * - Browsers return extension results on PublicKeyCredential in a variety of\n * shapes and with optional presence. This helper takes an unknown value\n * (either a live `credential.getClientExtensionResults()` object or a\n * serialized snapshot) and produces a strictly typed\n * `AuthenticationExtensionsClientOutputs` compatible with our WASM workers\n * and cross‑window message passing (structured‑clone safe).\n */\nfunction normalizeClientExtensionOutputs(input: unknown): AuthenticationExtensionsClientOutputs {\n const out: AuthenticationExtensionsClientOutputs = {\n prf: { results: { first: undefined, second: undefined } },\n } as AuthenticationExtensionsClientOutputs;\n\n const src = isObject(input) ? (input as Record<string, unknown>) : {};\n // appid\n if (typeof src.appid === 'boolean') out.appid = src.appid as boolean;\n // appidExclude\n if (typeof src.appidExclude === 'boolean') out.appidExclude = src.appidExclude as boolean;\n // hmacCreateSecret\n if (typeof src.hmacCreateSecret === 'boolean') out.hmacCreateSecret = src.hmacCreateSecret as boolean;\n // credProps\n if (isObject(src.credProps)) {\n const cp = src.credProps as Record<string, unknown>;\n const outCp: CredentialPropertiesOutput = {};\n if (typeof cp.rk === 'boolean') outCp.rk = cp.rk as boolean;\n out.credProps = outCp;\n }\n // uvm: expect array of 3-number tuples; tolerate nested arrays loosely\n if (isArray(src.uvm)) {\n const uvmArr = (src.uvm as unknown[]).filter(isArray).map((t) => {\n const a = t as unknown[];\n const n0 = typeof a[0] === 'number' ? (a[0] as number) : undefined;\n const n1 = typeof a[1] === 'number' ? (a[1] as number) : undefined;\n const n2 = typeof a[2] === 'number' ? (a[2] as number) : undefined;\n return (typeof n0 === 'number' && typeof n1 === 'number' && typeof n2 === 'number')\n ? [n0, n1, n2] as [number, number, number]\n : undefined;\n }).filter((x): x is [number, number, number] => Array.isArray(x));\n if (uvmArr.length > 0) out.uvm = uvmArr;\n }\n // prf\n if (isObject(src.prf)) {\n const prf = src.prf as Record<string, unknown>;\n const results = isObject(prf.results) ? (prf.results as Record<string, unknown>) : {};\n const first = results.first;\n const second = results.second;\n out.prf = {\n results: {\n first: isString(first) ? first : undefined,\n second: isString(second) ? second : undefined,\n },\n };\n }\n return out;\n}\n"],"mappings":";;;;;;;;;;;;;;AAkBA,SAAgB,gCACd,YACgC;CAChC,MAAM,WAAW,WAAW;CAE5B,IAAIA,aAAuB;AAC3B,KAAI;EACF,MAAM,KAAM,UAAiD;AAC7D,MAAI,OAAO,OAAO,WAChB,cAAa,GAAG,KAAK,aAAa;SAE9B;AACN,eAAa;;AAGf,QAAO;EACL,IAAI,WAAW;EACf,OAAOC,+BAAgB,WAAW;EAClC,MAAM,WAAW;EACjB,yBAAyB,WAAW,2BAA2B;EAC/D,UAAU;GACR,gBAAgBA,+BAAgB,SAAS;GACzC,mBAAmBA,+BAAgB,SAAS;GAC5C;;EAEF,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;AAOlB,SAAgB,kCACd,YACkC;CAClC,MAAM,WAAW,WAAW;AAE5B,QAAO;EACL,IAAI,WAAW;EACf,OAAOA,+BAAgB,WAAW;EAClC,MAAM,WAAW;EACjB,yBAAyB,WAAW,2BAA2B;EAC/D,UAAU;GACR,gBAAgBA,+BAAgB,SAAS;GACzC,mBAAmBA,+BAAgB,SAAS;GAC5C,WAAWA,+BAAgB,SAAS;GACpC,YAAY,SAAS,aAAaA,+BAAgB,SAAS,cAA6B;;EAE1F,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;;;;;;AAYlB,SAAgB,uCAAuC,EACrD,YACA,iBAAiB,MACjB,kBAAkB,QAKe;CACjC,MAAM,OAAO,gCAAgC;CAC7C,MAAM,EAAE,mBAAmB,qBAAqB,yBAAyB;EACvE;EACA;EACA;;AAEF,QAAO;EACL,GAAG;EACH,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;AAOlB,SAAgB,yCAAyC,EACvD,YACA,iBAAiB,MACjB,kBAAkB,SAKiB;CACnC,MAAM,OAAO,kCAAkC;CAC/C,MAAM,EAAE,mBAAmB,qBAAqB,yBAAyB;EACvE;EACA;EACA;;AAEF,QAAO;EACL,GAAG;EACH,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;;;;;;AAkBlB,SAAgB,gCAAgC,OAAgD;AAC9F,KAAI,CAACC,4BAAS,OAAQ,OAAM,IAAI,MAAM;CAEtC,MAAM,YAAY;CAClB,MAAMC,aAAsC,EAAE,GAAG;AAEjD,KAAI,CAACC,4BAAS,WAAW,IAAK,OAAM,IAAI,MAAM;AAC9C,KAAI,CAACA,4BAAS,WAAW,MAAO,OAAM,IAAI,MAAM;AAEhD,KAAI,CAACA,4BAAS,WAAW,OAAQ,YAAW,QAAQ;AACpD,KAAI,WAAW,4BAA4B,UAAa,CAACA,4BAAS,WAAW,yBAC3E,YAAW,0BAA0B,OAAO,WAAW;CAGzD,MAAMC,WAAoCH,4BAAS,WAAW,YAC1D,EAAE,GAAI,WAAW,aACjB;AAEJ,KAAI,CAACE,4BAAS,SAAS,gBAAiB,UAAS,iBAAiB;AAClE,KAAI,CAACA,4BAAS,SAAS,mBAAoB,UAAS,oBAAoB;AACxE,KAAI,CAACE,2BAAgB,SAAS,YAAa,UAAS,aAAa;AAEjE,YAAW,WAAW;AACtB,YAAW,yBAAyB,gCAAgC,WAAW;AAE/E,QAAO;;;;;;;AAyCT,SAAgB,qBAAuD,YAAkB;CACvF,MAAMC,uBAA0B;EAC9B,GAAG;EACH,wBAAwB;GACtB,GAAG,WAAW;GACd,KAAK,EACH,SAAS;IACP,OAAO;IACP,QAAQ;;;;AAKhB,QAAO;;;;;;AAWT,SAAgB,mCAAmC,GAAiD;AAClG,KAAI,CAACL,4BAAS,GAAI,QAAO;CACzB,MAAM,YAAY;AAOlB,KAAI,CAACE,4BAAS,UAAU,OAAO,CAACA,4BAAS,UAAU,UAAU,CAACA,4BAAS,UAAU,MAC/E,QAAO;AAGT,KAAI,CAACF,4BAAS,UAAU,UAAW,QAAO;CAC1C,MAAM,WAAW,UAAU;AAM3B,KAAI,CAACE,4BAAS,SAAS,mBAAmB,CAACA,4BAAS,SAAS,mBAC3D,QAAO;AAGT,QAAO,SAAS,cAAc,QAAQE,2BAAQ,SAAS;;;;;;;AAQzD,SAAgB,qBAAqB,eAAmC;CACtE,MAAM,aAAa,iBAAiB;CACpC,MAAM,OAAO,IAAI,WAAW;CAC5B,MAAM,YAAY,IAAI,cAAc,OAAO;AAC3C,MAAK,IAAI,UAAU,MAAM,GAAG;AAC5B,QAAO;;;;;;;AAQT,SAAgB,oBAAoB,eAAmC;CACrE,MAAM,aAAa,gBAAgB;CACnC,MAAM,OAAO,IAAI,WAAW;CAC5B,MAAM,YAAY,IAAI,cAAc,OAAO;AAC3C,MAAK,IAAI,UAAU,MAAM,GAAG;AAC5B,QAAO;;;;;;;;;;AA+CT,SAAS,yBAAyB,EAChC,YACA,iBAAiB,MACjB,kBAAkB,SAKD;CAEjB,MAAM,mBAAmB,oBAAoB;CAG7C,MAAM,aAAa,wBAAwB;AAG3C,oBAAmB,YAAY,gBAAgB;CAG/C,MAAM,eAAe,iBAAiB,6BAA6B,WAAW,SAAS;CACvF,MAAM,gBAAgB,kBAAkB,6BAA6B,WAAW,UAAU;AAG1F,KAAI,kBAAkB,CAAC,aACrB,OAAM,IAAI,MAAM;AAElB,KAAI,mBAAmB,CAAC,cACtB,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,mBAAmB,gBAAgB;EACnC,kBAAkB,iBAAiB;;;;AAKvC,SAAS,oBAAoB,YAAoE;AAC/F,KAAI;EACF,MAAM,KAAM,WAA6D;AACzE,MAAI,OAAO,OAAO,WAChB,QAAO,GAAG,KAAK;SAEX;AAGR,QAAQ,WAAoD;;;AAI9D,SAAS,wBAAwB,kBAAwE;AACvG,KAAI;AACF,SAAO,kBAAkB,KAAK;SACxB;AACN,SAAO;;;;AAKX,SAAS,mBACP,YACA,eACA,gBACkC;AAClC,KAAI,CAAC,WACH,OAAM,IAAI,MAAM;CAKlB,MAAM,gBAAgB,WAAW,UAAU,UAAa,WAAW,WAAW;AAC9E,KAAI,CAAC,kBAAkB,iBAAiB,gBACtC,OAAM,IAAI,MAAM;;;AAKpB,SAAS,6BAA6B,OAAoC;AACxE,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,OAAO,UAAU,SAAU,QAAO;AAGtC,KAAI,iBAAiB,YAAa,QAAOL,+BAAgB;AAGzD,KAAI,YAAY,OAAO,OACrB,QAAOA,+BAAgB,MAAM;AAI/B,KAAI;AACF,SAAOA,+BAAgB;SACjB;AAEN,MAAI;AACF,UAAOA,+BAAgB,IAAI,WAAW,OAA0B;UAC1D;AACN,UAAO;;;;;;;;;;;;;;;AAoBb,SAAS,gCAAgC,OAAuD;CAC9F,MAAMO,MAA6C,EACjD,KAAK,EAAE,SAAS;EAAE,OAAO;EAAW,QAAQ;;CAG9C,MAAM,MAAMN,4BAAS,SAAU,QAAoC;AAEnE,KAAI,OAAO,IAAI,UAAU,UAAW,KAAI,QAAQ,IAAI;AAEpD,KAAI,OAAO,IAAI,iBAAiB,UAAW,KAAI,eAAe,IAAI;AAElE,KAAI,OAAO,IAAI,qBAAqB,UAAW,KAAI,mBAAmB,IAAI;AAE1E,KAAIA,4BAAS,IAAI,YAAY;EAC3B,MAAM,KAAK,IAAI;EACf,MAAMO,QAAoC;AAC1C,MAAI,OAAO,GAAG,OAAO,UAAW,OAAM,KAAK,GAAG;AAC9C,MAAI,YAAY;;AAGlB,KAAIH,2BAAQ,IAAI,MAAM;EACpB,MAAM,SAAU,IAAI,IAAkB,OAAOA,4BAAS,KAAK,MAAM;GAC/D,MAAM,IAAI;GACV,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;GACzD,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;GACzD,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;AACzD,UAAQ,OAAO,OAAO,YAAY,OAAO,OAAO,YAAY,OAAO,OAAO,WACtE;IAAC;IAAI;IAAI;OACT;KACH,QAAQ,MAAqC,MAAM,QAAQ;AAC9D,MAAI,OAAO,SAAS,EAAG,KAAI,MAAM;;AAGnC,KAAIJ,4BAAS,IAAI,MAAM;EACrB,MAAM,MAAM,IAAI;EAChB,MAAM,UAAUA,4BAAS,IAAI,WAAY,IAAI,UAAsC;EACnF,MAAM,QAAQ,QAAQ;EACtB,MAAM,SAAS,QAAQ;AACvB,MAAI,MAAM,EACR,SAAS;GACP,OAAOE,4BAAS,SAAS,QAAQ;GACjC,QAAQA,4BAAS,UAAU,SAAS;;;AAI1C,QAAO"}
|
|
1
|
+
{"version":3,"file":"credentialsHelpers.js","names":["transports: string[]","base64UrlEncode","isObject","normalized: Record<string, unknown>","isString","response: Record<string, unknown>","isArray","credentialWithoutPrf: C","out: AuthenticationExtensionsClientOutputs","outCp: CredentialPropertiesOutput"],"sources":["../../../../src/core/WebAuthnManager/credentialsHelpers.ts"],"sourcesContent":["import { base64UrlEncode } from \"../../utils\";\nimport { isObject, isString, isArray } from '../WalletIframe/validation';\nimport {\n type WebAuthnAuthenticationCredential,\n type WebAuthnRegistrationCredential,\n type AuthenticationExtensionsClientOutputs,\n type CredentialPropertiesOutput,\n} from '../types/webauthn';\n\ntype SerializableCredential = WebAuthnAuthenticationCredential | WebAuthnRegistrationCredential;\n\n/**\n * Serialize PublicKeyCredential for both authentication and registration for WASM worker\n * - Uses base64url encoding for WASM compatibility\n *\n * @returns SerializableCredential - The serialized credential\n * - Does not return PRF outputs\n */\nexport function serializeRegistrationCredential(\n credential: PublicKeyCredential,\n): WebAuthnRegistrationCredential {\n const response = credential.response as AuthenticatorAttestationResponse;\n // Safari and some platforms may not implement getTransports(); guard it.\n let transports: string[] = [];\n try {\n const fn = (response as { getTransports?: () => string[] })?.getTransports;\n if (typeof fn === 'function') {\n transports = fn.call(response) || [];\n }\n } catch {\n transports = [];\n }\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n type: credential.type,\n authenticatorAttachment: credential.authenticatorAttachment ?? undefined,\n response: {\n clientDataJSON: base64UrlEncode(response.clientDataJSON),\n attestationObject: base64UrlEncode(response.attestationObject),\n transports,\n },\n clientExtensionResults: {\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n },\n };\n}\n\nexport function serializeAuthenticationCredential(\n credential: PublicKeyCredential,\n): WebAuthnAuthenticationCredential {\n const response = credential.response as AuthenticatorAssertionResponse;\n\n return {\n id: credential.id,\n rawId: base64UrlEncode(credential.rawId),\n type: credential.type,\n authenticatorAttachment: credential.authenticatorAttachment ?? undefined,\n response: {\n clientDataJSON: base64UrlEncode(response.clientDataJSON),\n authenticatorData: base64UrlEncode(response.authenticatorData),\n signature: base64UrlEncode(response.signature),\n userHandle: response.userHandle ? base64UrlEncode(response.userHandle as ArrayBuffer) : undefined,\n },\n clientExtensionResults: {\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n },\n };\n}\n\n/**\n * Serialize PublicKeyCredential for both authentication and registration for WASM worker\n * @returns SerializableCredential - The serialized credential\n * - INCLUDES PRF outputs\n */\nexport function serializeRegistrationCredentialWithPRF({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = true,\n}: {\n credential: PublicKeyCredential,\n firstPrfOutput?: boolean,\n secondPrfOutput?: boolean,\n}): WebAuthnRegistrationCredential {\n const base = serializeRegistrationCredential(credential);\n const { chacha20PrfOutput, ed25519PrfOutput } = extractPrfFromCredential({\n credential,\n firstPrfOutput,\n secondPrfOutput,\n });\n return {\n ...base,\n clientExtensionResults: {\n prf: {\n results: {\n first: chacha20PrfOutput,\n second: ed25519PrfOutput,\n },\n },\n },\n };\n}\n\nexport function serializeAuthenticationCredentialWithPRF({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = false,\n}: {\n credential: PublicKeyCredential,\n firstPrfOutput?: boolean,\n secondPrfOutput?: boolean,\n}): WebAuthnAuthenticationCredential {\n const base = serializeAuthenticationCredential(credential);\n const { chacha20PrfOutput, ed25519PrfOutput } = extractPrfFromCredential({\n credential,\n firstPrfOutput,\n secondPrfOutput,\n });\n return {\n ...base,\n clientExtensionResults: {\n prf: {\n results: {\n first: chacha20PrfOutput,\n second: ed25519PrfOutput,\n },\n },\n },\n };\n}\n\n/////////////////////////////////////////\n// RUNTIME VALIDATION / NORMALIZATION\n/////////////////////////////////////////\n\n// Use shared type guards (isString/isArray) from WalletIframe/validation\n\n/**\n * Validates and normalizes a serialized WebAuthn registration credential.\n * Ensures required fields exist and have the expected primitive types.\n * Populates missing optional arrays like transports with [].\n */\nexport function normalizeRegistrationCredential(input: unknown): WebAuthnRegistrationCredential {\n if (!isObject(input)) throw new Error('Invalid credential: not an object');\n\n const candidate = input as Record<string, unknown>;\n const normalized: Record<string, unknown> = { ...candidate };\n\n if (!isString(normalized.id)) throw new Error('Invalid credential.id');\n if (!isString(normalized.type)) throw new Error('Invalid credential.type');\n\n if (!isString(normalized.rawId)) normalized.rawId = '';\n if (normalized.authenticatorAttachment !== undefined && !isString(normalized.authenticatorAttachment)) {\n normalized.authenticatorAttachment = String(normalized.authenticatorAttachment);\n }\n\n const response: Record<string, unknown> = isObject(normalized.response)\n ? { ...(normalized.response as Record<string, unknown>) }\n : {};\n\n if (!isString(response.clientDataJSON)) response.clientDataJSON = '';\n if (!isString(response.attestationObject)) response.attestationObject = '';\n if (!isArray<string>(response.transports)) response.transports = [];\n\n normalized.response = response;\n normalized.clientExtensionResults = normalizeClientExtensionOutputs(normalized.clientExtensionResults);\n\n return normalized as unknown as WebAuthnRegistrationCredential;\n}\n\n/**\n * Validates and normalizes a serialized WebAuthn authentication credential.\n * Ensures required fields exist and have the expected primitive types.\n */\nexport function normalizeAuthenticationCredential(input: unknown): WebAuthnAuthenticationCredential {\n if (!isObject(input)) throw new Error('Invalid credential: not an object');\n\n const candidate = input as Record<string, unknown>;\n const normalized: Record<string, unknown> = { ...candidate };\n\n if (!isString(normalized.id)) throw new Error('Invalid credential.id');\n if (!isString(normalized.type)) throw new Error('Invalid credential.type');\n\n if (!isString(normalized.rawId)) normalized.rawId = '';\n if (normalized.authenticatorAttachment !== undefined && !isString(normalized.authenticatorAttachment)) {\n normalized.authenticatorAttachment = String(normalized.authenticatorAttachment);\n }\n\n const response: Record<string, unknown> = isObject(normalized.response)\n ? { ...(normalized.response as Record<string, unknown>) }\n : {};\n\n if (!isString(response.clientDataJSON)) response.clientDataJSON = '';\n if (!isString(response.authenticatorData)) response.authenticatorData = '';\n if (!isString(response.signature)) response.signature = '';\n if (response.userHandle !== undefined && !isString(response.userHandle)) response.userHandle = undefined;\n\n normalized.response = response;\n normalized.clientExtensionResults = normalizeClientExtensionOutputs(normalized.clientExtensionResults);\n\n return normalized as unknown as WebAuthnAuthenticationCredential;\n}\n\n/**\n * Removes PRF outputs from the credential\n * @param credential - The WebAuthn credential containing PRF outputs\n * @returns Credential with PRF results cleared\n */\nexport function removePrfOutputGuard<C extends SerializableCredential>(credential: C): C {\n const credentialWithoutPrf: C = {\n ...credential,\n clientExtensionResults: {\n ...credential.clientExtensionResults,\n prf: {\n results: {\n first: undefined,\n second: undefined\n }\n }\n }\n } as C;\n return credentialWithoutPrf;\n}\n\n/////////////////////////////////////////\n// TYPE GUARDS\n/////////////////////////////////////////\n\n/**\n * Returns true when the input looks like a serialized registration credential\n * (i.e., plain object with base64url string fields), not a live PublicKeyCredential.\n */\nexport function isSerializedRegistrationCredential(x: unknown): x is WebAuthnRegistrationCredential {\n if (!isObject(x)) return false;\n const candidate = x as {\n id?: unknown;\n rawId?: unknown;\n type?: unknown;\n response?: unknown;\n };\n\n if (!isString(candidate.id) || !isString(candidate.rawId) || !isString(candidate.type)) {\n return false;\n }\n\n if (!isObject(candidate.response)) return false;\n const response = candidate.response as {\n clientDataJSON?: unknown;\n attestationObject?: unknown;\n transports?: unknown;\n };\n\n if (!isString(response.clientDataJSON) || !isString(response.attestationObject)) {\n return false;\n }\n\n return response.transports == null || isArray(response.transports);\n}\n\n/**\n * Generate ChaCha20Poly1305 salt using account-specific HKDF for encryption key derivation\n * @param nearAccountId - NEAR account ID to scope the salt to\n * @returns 32-byte Uint8Array salt for ChaCha20Poly1305 key derivation\n */\nexport function generateChaCha20Salt(nearAccountId: string): Uint8Array {\n const saltString = `chacha20-salt:${nearAccountId}`;\n const salt = new Uint8Array(32);\n const saltBytes = new TextEncoder().encode(saltString);\n salt.set(saltBytes.slice(0, 32));\n return salt;\n}\n\n/**\n * Generate Ed25519 salt using account-specific HKDF for signing key derivation\n * @param nearAccountId - NEAR account ID to scope the salt to\n * @returns 32-byte Uint8Array salt for Ed25519 key derivation\n */\nexport function generateEd25519Salt(nearAccountId: string): Uint8Array {\n const saltString = `ed25519-salt:${nearAccountId}`;\n const salt = new Uint8Array(32);\n const saltBytes = new TextEncoder().encode(saltString);\n salt.set(saltBytes.slice(0, 32));\n return salt;\n}\n\n/** Credential that may have extension results (live or serialized) */\ntype CredentialWithExtensions =\n | PublicKeyCredential\n | {\n clientExtensionResults?: unknown;\n getClientExtensionResults?: () => unknown;\n };\n\n/** Extension results structure - flexible to handle both live and serialized forms */\ntype ExtensionResults = {\n prf?: {\n enabled?: boolean;\n results?: {\n first?: unknown;\n second?: unknown;\n };\n };\n [key: string]: unknown;\n};\n\n/** PRF output values after extraction */\ntype PrfOutputs = {\n first?: unknown;\n second?: unknown;\n};\n\n/**\n * Dual PRF outputs for separate encryption and signing key derivation\n */\ninterface DualPrfOutputs {\n /** Base64-encoded PRF output from prf.results.first for ChaCha20Poly1305 encryption */\n chacha20PrfOutput: string;\n /** Base64-encoded PRF output from prf.results.second for Ed25519 signing */\n ed25519PrfOutput: string;\n}\n\n/**\n * Extract PRF outputs from WebAuthn credential extension results\n * ENCODING: Uses base64url for WASM compatibility\n * @param credential - WebAuthn credential with dual PRF extension results\n * @param firstPrfOutput - Whether to include the first PRF output (default: true)\n * @param secondPrfOutput - Whether to include the second PRF output (default: false)\n * @returns PRF outputs\n */\nfunction extractPrfFromCredential({\n credential,\n firstPrfOutput = true,\n secondPrfOutput = false,\n}: {\n credential: CredentialWithExtensions;\n firstPrfOutput?: boolean | undefined;\n secondPrfOutput?: boolean;\n}): DualPrfOutputs {\n // Step 1: Get extension results (support both live and serialized credentials)\n const extensionResults = getExtensionResults(credential);\n\n // Step 2: Extract PRF results object\n const prfResults = extractPrfResultsObject(extensionResults);\n\n // Step 3: Validate PRF results exist and are not empty\n validatePrfResults(prfResults, firstPrfOutput, secondPrfOutput);\n\n // Step 4: Normalize and encode PRF outputs\n const firstEncoded = firstPrfOutput ? normalizePrfValueToBase64Url(prfResults.first) : undefined;\n const secondEncoded = secondPrfOutput ? normalizePrfValueToBase64Url(prfResults.second) : undefined;\n\n // Step 5: Validate required outputs are present\n if (firstPrfOutput && !firstEncoded) {\n throw new Error('Missing PRF result: first');\n }\n if (secondPrfOutput && !secondEncoded) {\n throw new Error('Missing PRF result: second');\n }\n\n return {\n chacha20PrfOutput: firstEncoded || '',\n ed25519PrfOutput: secondEncoded || '',\n };\n}\n\n/** Get extension results from credential (live or serialized) */\nfunction getExtensionResults(credential: CredentialWithExtensions): ExtensionResults | undefined {\n try {\n const fn = (credential as { getClientExtensionResults?: () => unknown }).getClientExtensionResults;\n if (typeof fn === 'function') {\n return fn.call(credential) as ExtensionResults;\n }\n } catch {\n // Fall through to direct property access\n }\n return (credential as { clientExtensionResults?: unknown }).clientExtensionResults as ExtensionResults | undefined;\n}\n\n/** Extract PRF results object from extension results */\nfunction extractPrfResultsObject(extensionResults: ExtensionResults | undefined): PrfOutputs | undefined {\n try {\n return extensionResults?.prf?.results;\n } catch {\n return undefined;\n }\n}\n\n/** Validate PRF results are present and not empty */\nfunction validatePrfResults(\n prfResults: PrfOutputs | undefined,\n firstRequired: boolean,\n secondRequired: boolean\n): asserts prfResults is PrfOutputs {\n if (!prfResults) {\n throw new Error('Missing PRF results from credential, use a PRF-enabled Authenticator');\n }\n\n // Check if PRF results object exists but is completely empty\n // This indicates a hard failure (not a platform limitation that should trigger GET fallback)\n const hasAnyPrfData = prfResults.first !== undefined || prfResults.second !== undefined;\n if (!hasAnyPrfData && (firstRequired || secondRequired)) {\n throw new Error('Missing PRF result - PRF evaluation failed: results object is empty');\n }\n}\n\n/** Normalize a PRF value to base64url string */\nfunction normalizePrfValueToBase64Url(value: unknown): string | undefined {\n if (!value) return undefined;\n\n // Already base64url encoded\n if (typeof value === 'string') return value;\n\n // ArrayBuffer\n if (value instanceof ArrayBuffer) return base64UrlEncode(value);\n\n // ArrayBufferView (TypedArray, DataView)\n if (ArrayBuffer.isView(value)) {\n return base64UrlEncode(value.buffer);\n }\n\n // Try to treat as ArrayBuffer-like\n try {\n return base64UrlEncode(value as ArrayBufferLike);\n } catch {\n // Last resort: wrap in Uint8Array\n try {\n return base64UrlEncode(new Uint8Array(value as ArrayBufferLike).buffer);\n } catch {\n return undefined;\n }\n }\n}\n\n/////////////////////////////////////////\n// EXTENSION OUTPUTS NORMALIZATION\n/////////////////////////////////////////\n\n/**\n * Normalize WebAuthn client extension outputs into an SDK‑local, clone‑safe shape.\n *\n * Purpose:\n * - Browsers return extension results on PublicKeyCredential in a variety of\n * shapes and with optional presence. This helper takes an unknown value\n * (either a live `credential.getClientExtensionResults()` object or a\n * serialized snapshot) and produces a strictly typed\n * `AuthenticationExtensionsClientOutputs` compatible with our WASM workers\n * and cross‑window message passing (structured‑clone safe).\n */\nfunction normalizeClientExtensionOutputs(input: unknown): AuthenticationExtensionsClientOutputs {\n const out: AuthenticationExtensionsClientOutputs = {\n prf: { results: { first: undefined, second: undefined } },\n } as AuthenticationExtensionsClientOutputs;\n\n const src = isObject(input) ? (input as Record<string, unknown>) : {};\n // appid\n if (typeof src.appid === 'boolean') out.appid = src.appid as boolean;\n // appidExclude\n if (typeof src.appidExclude === 'boolean') out.appidExclude = src.appidExclude as boolean;\n // hmacCreateSecret\n if (typeof src.hmacCreateSecret === 'boolean') out.hmacCreateSecret = src.hmacCreateSecret as boolean;\n // credProps\n if (isObject(src.credProps)) {\n const cp = src.credProps as Record<string, unknown>;\n const outCp: CredentialPropertiesOutput = {};\n if (typeof cp.rk === 'boolean') outCp.rk = cp.rk as boolean;\n out.credProps = outCp;\n }\n // uvm: expect array of 3-number tuples; tolerate nested arrays loosely\n if (isArray(src.uvm)) {\n const uvmArr = (src.uvm as unknown[]).filter(isArray).map((t) => {\n const a = t as unknown[];\n const n0 = typeof a[0] === 'number' ? (a[0] as number) : undefined;\n const n1 = typeof a[1] === 'number' ? (a[1] as number) : undefined;\n const n2 = typeof a[2] === 'number' ? (a[2] as number) : undefined;\n return (typeof n0 === 'number' && typeof n1 === 'number' && typeof n2 === 'number')\n ? [n0, n1, n2] as [number, number, number]\n : undefined;\n }).filter((x): x is [number, number, number] => Array.isArray(x));\n if (uvmArr.length > 0) out.uvm = uvmArr;\n }\n // prf\n if (isObject(src.prf)) {\n const prf = src.prf as Record<string, unknown>;\n const results = isObject(prf.results) ? (prf.results as Record<string, unknown>) : {};\n const first = results.first;\n const second = results.second;\n out.prf = {\n results: {\n first: isString(first) ? first : undefined,\n second: isString(second) ? second : undefined,\n },\n };\n }\n return out;\n}\n"],"mappings":";;;;;;;;;;;;;AAkBA,SAAgB,gCACd,YACgC;CAChC,MAAM,WAAW,WAAW;CAE5B,IAAIA,aAAuB;AAC3B,KAAI;EACF,MAAM,KAAM,UAAiD;AAC7D,MAAI,OAAO,OAAO,WAChB,cAAa,GAAG,KAAK,aAAa;SAE9B;AACN,eAAa;;AAGf,QAAO;EACL,IAAI,WAAW;EACf,OAAOC,+BAAgB,WAAW;EAClC,MAAM,WAAW;EACjB,yBAAyB,WAAW,2BAA2B;EAC/D,UAAU;GACR,gBAAgBA,+BAAgB,SAAS;GACzC,mBAAmBA,+BAAgB,SAAS;GAC5C;;EAEF,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;AAOlB,SAAgB,kCACd,YACkC;CAClC,MAAM,WAAW,WAAW;AAE5B,QAAO;EACL,IAAI,WAAW;EACf,OAAOA,+BAAgB,WAAW;EAClC,MAAM,WAAW;EACjB,yBAAyB,WAAW,2BAA2B;EAC/D,UAAU;GACR,gBAAgBA,+BAAgB,SAAS;GACzC,mBAAmBA,+BAAgB,SAAS;GAC5C,WAAWA,+BAAgB,SAAS;GACpC,YAAY,SAAS,aAAaA,+BAAgB,SAAS,cAA6B;;EAE1F,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;;;;;;AAYlB,SAAgB,uCAAuC,EACrD,YACA,iBAAiB,MACjB,kBAAkB,QAKe;CACjC,MAAM,OAAO,gCAAgC;CAC7C,MAAM,EAAE,mBAAmB,qBAAqB,yBAAyB;EACvE;EACA;EACA;;AAEF,QAAO;EACL,GAAG;EACH,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;AAOlB,SAAgB,yCAAyC,EACvD,YACA,iBAAiB,MACjB,kBAAkB,SAKiB;CACnC,MAAM,OAAO,kCAAkC;CAC/C,MAAM,EAAE,mBAAmB,qBAAqB,yBAAyB;EACvE;EACA;EACA;;AAEF,QAAO;EACL,GAAG;EACH,wBAAwB,EACtB,KAAK,EACH,SAAS;GACP,OAAO;GACP,QAAQ;;;;;;;;;AAkBlB,SAAgB,gCAAgC,OAAgD;AAC9F,KAAI,CAACC,4BAAS,OAAQ,OAAM,IAAI,MAAM;CAEtC,MAAM,YAAY;CAClB,MAAMC,aAAsC,EAAE,GAAG;AAEjD,KAAI,CAACC,4BAAS,WAAW,IAAK,OAAM,IAAI,MAAM;AAC9C,KAAI,CAACA,4BAAS,WAAW,MAAO,OAAM,IAAI,MAAM;AAEhD,KAAI,CAACA,4BAAS,WAAW,OAAQ,YAAW,QAAQ;AACpD,KAAI,WAAW,4BAA4B,UAAa,CAACA,4BAAS,WAAW,yBAC3E,YAAW,0BAA0B,OAAO,WAAW;CAGzD,MAAMC,WAAoCH,4BAAS,WAAW,YAC1D,EAAE,GAAI,WAAW,aACjB;AAEJ,KAAI,CAACE,4BAAS,SAAS,gBAAiB,UAAS,iBAAiB;AAClE,KAAI,CAACA,4BAAS,SAAS,mBAAoB,UAAS,oBAAoB;AACxE,KAAI,CAACE,2BAAgB,SAAS,YAAa,UAAS,aAAa;AAEjE,YAAW,WAAW;AACtB,YAAW,yBAAyB,gCAAgC,WAAW;AAE/E,QAAO;;;;;;;AAyCT,SAAgB,qBAAuD,YAAkB;CACvF,MAAMC,uBAA0B;EAC9B,GAAG;EACH,wBAAwB;GACtB,GAAG,WAAW;GACd,KAAK,EACH,SAAS;IACP,OAAO;IACP,QAAQ;;;;AAKhB,QAAO;;;;;;AAWT,SAAgB,mCAAmC,GAAiD;AAClG,KAAI,CAACL,4BAAS,GAAI,QAAO;CACzB,MAAM,YAAY;AAOlB,KAAI,CAACE,4BAAS,UAAU,OAAO,CAACA,4BAAS,UAAU,UAAU,CAACA,4BAAS,UAAU,MAC/E,QAAO;AAGT,KAAI,CAACF,4BAAS,UAAU,UAAW,QAAO;CAC1C,MAAM,WAAW,UAAU;AAM3B,KAAI,CAACE,4BAAS,SAAS,mBAAmB,CAACA,4BAAS,SAAS,mBAC3D,QAAO;AAGT,QAAO,SAAS,cAAc,QAAQE,2BAAQ,SAAS;;;;;;;AAQzD,SAAgB,qBAAqB,eAAmC;CACtE,MAAM,aAAa,iBAAiB;CACpC,MAAM,OAAO,IAAI,WAAW;CAC5B,MAAM,YAAY,IAAI,cAAc,OAAO;AAC3C,MAAK,IAAI,UAAU,MAAM,GAAG;AAC5B,QAAO;;;;;;;AAQT,SAAgB,oBAAoB,eAAmC;CACrE,MAAM,aAAa,gBAAgB;CACnC,MAAM,OAAO,IAAI,WAAW;CAC5B,MAAM,YAAY,IAAI,cAAc,OAAO;AAC3C,MAAK,IAAI,UAAU,MAAM,GAAG;AAC5B,QAAO;;;;;;;;;;AA+CT,SAAS,yBAAyB,EAChC,YACA,iBAAiB,MACjB,kBAAkB,SAKD;CAEjB,MAAM,mBAAmB,oBAAoB;CAG7C,MAAM,aAAa,wBAAwB;AAG3C,oBAAmB,YAAY,gBAAgB;CAG/C,MAAM,eAAe,iBAAiB,6BAA6B,WAAW,SAAS;CACvF,MAAM,gBAAgB,kBAAkB,6BAA6B,WAAW,UAAU;AAG1F,KAAI,kBAAkB,CAAC,aACrB,OAAM,IAAI,MAAM;AAElB,KAAI,mBAAmB,CAAC,cACtB,OAAM,IAAI,MAAM;AAGlB,QAAO;EACL,mBAAmB,gBAAgB;EACnC,kBAAkB,iBAAiB;;;;AAKvC,SAAS,oBAAoB,YAAoE;AAC/F,KAAI;EACF,MAAM,KAAM,WAA6D;AACzE,MAAI,OAAO,OAAO,WAChB,QAAO,GAAG,KAAK;SAEX;AAGR,QAAQ,WAAoD;;;AAI9D,SAAS,wBAAwB,kBAAwE;AACvG,KAAI;AACF,SAAO,kBAAkB,KAAK;SACxB;AACN,SAAO;;;;AAKX,SAAS,mBACP,YACA,eACA,gBACkC;AAClC,KAAI,CAAC,WACH,OAAM,IAAI,MAAM;CAKlB,MAAM,gBAAgB,WAAW,UAAU,UAAa,WAAW,WAAW;AAC9E,KAAI,CAAC,kBAAkB,iBAAiB,gBACtC,OAAM,IAAI,MAAM;;;AAKpB,SAAS,6BAA6B,OAAoC;AACxE,KAAI,CAAC,MAAO,QAAO;AAGnB,KAAI,OAAO,UAAU,SAAU,QAAO;AAGtC,KAAI,iBAAiB,YAAa,QAAOL,+BAAgB;AAGzD,KAAI,YAAY,OAAO,OACrB,QAAOA,+BAAgB,MAAM;AAI/B,KAAI;AACF,SAAOA,+BAAgB;SACjB;AAEN,MAAI;AACF,UAAOA,+BAAgB,IAAI,WAAW,OAA0B;UAC1D;AACN,UAAO;;;;;;;;;;;;;;;AAoBb,SAAS,gCAAgC,OAAuD;CAC9F,MAAMO,MAA6C,EACjD,KAAK,EAAE,SAAS;EAAE,OAAO;EAAW,QAAQ;;CAG9C,MAAM,MAAMN,4BAAS,SAAU,QAAoC;AAEnE,KAAI,OAAO,IAAI,UAAU,UAAW,KAAI,QAAQ,IAAI;AAEpD,KAAI,OAAO,IAAI,iBAAiB,UAAW,KAAI,eAAe,IAAI;AAElE,KAAI,OAAO,IAAI,qBAAqB,UAAW,KAAI,mBAAmB,IAAI;AAE1E,KAAIA,4BAAS,IAAI,YAAY;EAC3B,MAAM,KAAK,IAAI;EACf,MAAMO,QAAoC;AAC1C,MAAI,OAAO,GAAG,OAAO,UAAW,OAAM,KAAK,GAAG;AAC9C,MAAI,YAAY;;AAGlB,KAAIH,2BAAQ,IAAI,MAAM;EACpB,MAAM,SAAU,IAAI,IAAkB,OAAOA,4BAAS,KAAK,MAAM;GAC/D,MAAM,IAAI;GACV,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;GACzD,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;GACzD,MAAM,KAAK,OAAO,EAAE,OAAO,WAAY,EAAE,KAAgB;AACzD,UAAQ,OAAO,OAAO,YAAY,OAAO,OAAO,YAAY,OAAO,OAAO,WACtE;IAAC;IAAI;IAAI;OACT;KACH,QAAQ,MAAqC,MAAM,QAAQ;AAC9D,MAAI,OAAO,SAAS,EAAG,KAAI,MAAM;;AAGnC,KAAIJ,4BAAS,IAAI,MAAM;EACrB,MAAM,MAAM,IAAI;EAChB,MAAM,UAAUA,4BAAS,IAAI,WAAY,IAAI,UAAsC;EACnF,MAAM,QAAQ,QAAQ;EACtB,MAAM,SAAS,QAAQ;AACvB,MAAI,MAAM,EACR,SAAS;GACP,OAAOE,4BAAS,SAAS,QAAQ;GACjC,QAAQA,4BAAS,UAAU,SAAS;;;AAI1C,QAAO"}
|
|
@@ -13,7 +13,9 @@ const require_host_mode = require('../WalletIframe/host-mode.js');
|
|
|
13
13
|
|
|
14
14
|
//#region src/core/WebAuthnManager/index.ts
|
|
15
15
|
require_index.init_IndexedDBManager();
|
|
16
|
+
require_touchIdPrompt.init_touchIdPrompt();
|
|
16
17
|
require_accountIds.init_accountIds();
|
|
18
|
+
require_getDeviceNumber.init_getDeviceNumber();
|
|
17
19
|
/**
|
|
18
20
|
* WebAuthnManager - Main orchestrator for WebAuthn operations
|
|
19
21
|
*
|
|
@@ -536,6 +538,7 @@ var WebAuthnManager = class {
|
|
|
536
538
|
async storeUserData(userData) {
|
|
537
539
|
await require_index.IndexedDBManager.clientDB.storeWebAuthnUserData({
|
|
538
540
|
...userData,
|
|
541
|
+
deviceNumber: userData.deviceNumber ?? 1,
|
|
539
542
|
version: userData.version || 2
|
|
540
543
|
});
|
|
541
544
|
}
|
|
@@ -591,10 +594,12 @@ var WebAuthnManager = class {
|
|
|
591
594
|
return await require_index.IndexedDBManager.clientDB.registerUser(storeUserData);
|
|
592
595
|
}
|
|
593
596
|
async storeAuthenticator(authenticatorData) {
|
|
597
|
+
const deviceNumber = Number(authenticatorData.deviceNumber);
|
|
598
|
+
const normalizedDeviceNumber = Number.isSafeInteger(deviceNumber) && deviceNumber >= 1 ? deviceNumber : 1;
|
|
594
599
|
const authData = {
|
|
595
600
|
...authenticatorData,
|
|
596
601
|
nearAccountId: require_accountIds.toAccountId(authenticatorData.nearAccountId),
|
|
597
|
-
deviceNumber:
|
|
602
|
+
deviceNumber: normalizedDeviceNumber
|
|
598
603
|
};
|
|
599
604
|
return await require_index.IndexedDBManager.clientDB.storeAuthenticator(authData);
|
|
600
605
|
}
|