@tatchi-xyz/sdk 0.16.0 → 0.18.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
- package/dist/cjs/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/cjs/core/EmailRecovery/index.js +32 -13
- package/dist/cjs/core/EmailRecovery/index.js.map +1 -1
- package/dist/cjs/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/cjs/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/cjs/core/NearClient.js +2 -1
- package/dist/cjs/core/NearClient.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/cjs/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/faucets/createAccountRelayServer.js +1 -0
- package/dist/cjs/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/index.js +26 -0
- package/dist/cjs/core/TatchiPasskey/index.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/linkDevice.js +2 -0
- package/dist/cjs/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/login.js +15 -4
- package/dist/cjs/core/TatchiPasskey/login.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/recoverAccount.js +1 -0
- package/dist/cjs/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/relay.js +23 -1
- package/dist/cjs/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/cjs/core/TatchiPasskey/scanDevice.js +1 -0
- package/dist/cjs/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/cjs/core/WalletIframe/client/IframeTransport.js +3 -0
- package/dist/cjs/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/cjs/core/WalletIframe/client/router.js +15 -2
- package/dist/cjs/core/WalletIframe/client/router.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/cjs/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +10 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +2 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js +1 -0
- package/dist/cjs/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +6 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +4 -15
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +1 -0
- package/dist/cjs/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/index.js +17 -0
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +64 -54
- package/dist/cjs/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/credentialsHelpers.js +12 -2
- package/dist/cjs/core/WebAuthnManager/credentialsHelpers.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/index.js +6 -1
- package/dist/cjs/core/WebAuthnManager/index.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/touchIdPrompt.js +209 -201
- package/dist/cjs/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/cjs/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/cjs/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/cjs/core/defaultConfigs.js +1 -1
- package/dist/cjs/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/core/rpcCalls.js +8 -0
- package/dist/cjs/core/rpcCalls.js.map +1 -1
- package/dist/cjs/core/types/vrf-worker.js +10 -1
- package/dist/cjs/core/types/vrf-worker.js.map +1 -1
- package/dist/cjs/index.js +6 -2
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{LinkedDevicesModal-STvIsylA.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
- package/dist/{esm/react/components/AccountMenuButton/LinkedDevicesModal-STvIsylA.css.map → cjs/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{ProfileDropdown-iARgUwK1.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
- package/dist/{esm/react/components/AccountMenuButton/ProfileDropdown-iARgUwK1.css.map → cjs/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css → TouchIcon-BQWentvJ.css} +1 -1
- package/dist/cjs/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css → PasskeyAuthMenu-DwrzWMYx.css} +14 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
- package/dist/cjs/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js +122 -53
- package/dist/cjs/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js.map +1 -1
- package/dist/cjs/react/components/{ShowQRCode-DCnR__fx.css → ShowQRCode-CCN4h6Uv.css} +1 -1
- package/dist/cjs/react/components/{ShowQRCode-DCnR__fx.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
- package/dist/cjs/react/deviceDetection.js +75 -92
- package/dist/cjs/react/deviceDetection.js.map +1 -1
- package/dist/cjs/react/hooks/useQRCamera.js +1 -0
- package/dist/cjs/react/hooks/useQRCamera.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +69 -0
- package/dist/cjs/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js +32 -13
- package/dist/cjs/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/cjs/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/NearClient.js +2 -1
- package/dist/cjs/react/sdk/src/core/NearClient.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js +26 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/linkDevice.js +2 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/login.js +15 -4
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/login.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/recoverAccount.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/scanDevice.js +1 -0
- package/dist/cjs/react/sdk/src/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js +3 -0
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js +15 -2
- package/dist/cjs/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +10 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +2 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +6 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +4 -15
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js +17 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +64 -54
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js +12 -2
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/index.js +6 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/index.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js +209 -201
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/cjs/react/sdk/src/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/cjs/react/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/rpcCalls.js +8 -0
- package/dist/cjs/react/sdk/src/core/rpcCalls.js.map +1 -1
- package/dist/cjs/react/sdk/src/core/types/vrf-worker.js +10 -1
- package/dist/cjs/react/sdk/src/core/types/vrf-worker.js.map +1 -1
- package/dist/cjs/react/sdk/src/utils/index.js +13 -3
- package/dist/cjs/server/email-recovery/emailEncryptor.js +11 -0
- package/dist/cjs/server/email-recovery/emailEncryptor.js.map +1 -1
- package/dist/cjs/server/email-recovery/emailParsers.js +57 -0
- package/dist/cjs/server/email-recovery/emailParsers.js.map +1 -1
- package/dist/cjs/server/email-recovery/index.js +1 -1
- package/dist/cjs/server/email-recovery/index.js.map +1 -1
- package/dist/cjs/server/email-recovery/rpcCalls.js +14 -1
- package/dist/cjs/server/email-recovery/rpcCalls.js.map +1 -1
- package/dist/cjs/server/index.js +1 -0
- package/dist/cjs/server/router/cloudflare.js.map +1 -1
- package/dist/cjs/server/router/express.js.map +1 -1
- package/dist/cjs/server/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/cjs/server/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/cjs/utils/index.js +13 -3
- package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
- package/dist/esm/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/esm/core/EmailRecovery/index.js +28 -14
- package/dist/esm/core/EmailRecovery/index.js.map +1 -1
- package/dist/esm/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/esm/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/esm/core/NearClient.js +2 -1
- package/dist/esm/core/NearClient.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/esm/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/faucets/createAccountRelayServer.js +2 -1
- package/dist/esm/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/index.js +28 -2
- package/dist/esm/core/TatchiPasskey/index.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/linkDevice.js +4 -2
- package/dist/esm/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/login.js +13 -7
- package/dist/esm/core/TatchiPasskey/login.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/recoverAccount.js +2 -1
- package/dist/esm/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/relay.js +23 -1
- package/dist/esm/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/esm/core/TatchiPasskey/scanDevice.js +2 -1
- package/dist/esm/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/esm/core/WalletIframe/client/IframeTransport.js +4 -1
- package/dist/esm/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/esm/core/WalletIframe/client/router.js +16 -3
- package/dist/esm/core/WalletIframe/client/router.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/esm/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +6 -2
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +4 -2
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/index.js +2 -1
- package/dist/esm/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +8 -2
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +5 -16
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +2 -1
- package/dist/esm/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/index.js +12 -0
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +61 -55
- package/dist/esm/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/credentialsHelpers.js +8 -3
- package/dist/esm/core/WebAuthnManager/index.js +8 -3
- package/dist/esm/core/WebAuthnManager/index.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/touchIdPrompt.js +207 -204
- package/dist/esm/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/esm/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/esm/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/esm/core/defaultConfigs.js +1 -1
- package/dist/esm/core/defaultConfigs.js.map +1 -1
- package/dist/esm/core/rpcCalls.js +8 -1
- package/dist/esm/core/rpcCalls.js.map +1 -1
- package/dist/esm/core/types/vrf-worker.js +6 -2
- package/dist/esm/index.js +4 -1
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/react/components/AccountMenuButton/{LinkedDevicesModal-STvIsylA.css → LinkedDevicesModal-CSSowiHP.css} +1 -1
- package/dist/{cjs/react/components/AccountMenuButton/LinkedDevicesModal-STvIsylA.css.map → esm/react/components/AccountMenuButton/LinkedDevicesModal-CSSowiHP.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{ProfileDropdown-iARgUwK1.css → ProfileDropdown-CEPMZ1gY.css} +1 -1
- package/dist/{cjs/react/components/AccountMenuButton/ProfileDropdown-iARgUwK1.css.map → esm/react/components/AccountMenuButton/ProfileDropdown-CEPMZ1gY.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css → Web3AuthProfileButton-DopOg7Xc.css} +1 -1
- package/dist/esm/react/components/AccountMenuButton/{Web3AuthProfileButton-Db3NeoAC.css.map → Web3AuthProfileButton-DopOg7Xc.css.map} +1 -1
- package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css → TouchIcon-BQWentvJ.css} +1 -1
- package/dist/esm/react/components/AccountMenuButton/icons/{TouchIcon-BXM5NR4A.css.map → TouchIcon-BQWentvJ.css.map} +1 -1
- package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css → PasskeyAuthMenu-DwrzWMYx.css} +14 -1
- package/dist/esm/react/components/PasskeyAuthMenu/{PasskeyAuthMenu-De1qTSmU.css.map → PasskeyAuthMenu-DwrzWMYx.css.map} +1 -1
- package/dist/esm/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js +123 -54
- package/dist/esm/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.js.map +1 -1
- package/dist/esm/react/components/{ShowQRCode-DCnR__fx.css → ShowQRCode-CCN4h6Uv.css} +1 -1
- package/dist/esm/react/components/{ShowQRCode-DCnR__fx.css.map → ShowQRCode-CCN4h6Uv.css.map} +1 -1
- package/dist/esm/react/deviceDetection.js +72 -93
- package/dist/esm/react/deviceDetection.js.map +1 -1
- package/dist/esm/react/hooks/useQRCamera.js +2 -1
- package/dist/esm/react/hooks/useQRCamera.js.map +1 -1
- package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js +63 -0
- package/dist/esm/react/sdk/src/core/EmailRecovery/emailRecoveryPendingStore.js.map +1 -0
- package/dist/esm/react/sdk/src/core/EmailRecovery/index.js +28 -14
- package/dist/esm/react/sdk/src/core/EmailRecovery/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js +35 -36
- package/dist/esm/react/sdk/src/core/IndexedDBManager/passkeyClientDB.js.map +1 -1
- package/dist/esm/react/sdk/src/core/NearClient.js +2 -1
- package/dist/esm/react/sdk/src/core/NearClient.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js +557 -377
- package/dist/esm/react/sdk/src/core/TatchiPasskey/emailRecovery.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/faucets/createAccountRelayServer.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js +28 -2
- package/dist/esm/react/sdk/src/core/TatchiPasskey/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/linkDevice.js +4 -2
- package/dist/esm/react/sdk/src/core/TatchiPasskey/linkDevice.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/login.js +13 -7
- package/dist/esm/react/sdk/src/core/TatchiPasskey/login.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/recoverAccount.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/recoverAccount.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js +23 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/relay.js.map +1 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/scanDevice.js +2 -1
- package/dist/esm/react/sdk/src/core/TatchiPasskey/scanDevice.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js +4 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/IframeTransport.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js +16 -3
- package/dist/esm/react/sdk/src/core/WalletIframe/client/router.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js +52 -52
- package/dist/esm/react/sdk/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js +6 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signDelegateAction.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/signTransactionsWithActions.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js +4 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js +1 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js +8 -2
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/localOnly.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/registration.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js +5 -16
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js +12 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/index.js.map +1 -0
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js +61 -55
- package/dist/esm/react/sdk/src/core/WebAuthnManager/WebAuthnFallbacks/safari-fallbacks.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/credentialsHelpers.js +8 -3
- package/dist/esm/react/sdk/src/core/WebAuthnManager/index.js +8 -3
- package/dist/esm/react/sdk/src/core/WebAuthnManager/index.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js +207 -204
- package/dist/esm/react/sdk/src/core/WebAuthnManager/touchIdPrompt.js.map +1 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/userHandle.js +2 -1
- package/dist/esm/react/sdk/src/core/WebAuthnManager/userHandle.js.map +1 -1
- package/dist/esm/react/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/esm/react/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/esm/react/sdk/src/core/rpcCalls.js +8 -1
- package/dist/esm/react/sdk/src/core/rpcCalls.js.map +1 -1
- package/dist/esm/react/sdk/src/core/types/vrf-worker.js +6 -2
- package/dist/esm/react/sdk/src/utils/index.js +10 -4
- package/dist/esm/react/styles/styles.css +13 -0
- package/dist/esm/sdk/{safari-fallbacks-oQKu9xUs.js → WebAuthnFallbacks-Bl4BTsNt.js} +131 -135
- package/dist/esm/sdk/{createAdapters-pNiL2KNq.js → createAdapters-BumKM2ft.js} +59 -54
- package/dist/esm/sdk/createAdapters-BumKM2ft.js.map +1 -0
- package/dist/esm/sdk/{createAdapters-BWLe9Ddo.js → createAdapters-qVGD6i0g.js} +10 -3
- package/dist/esm/sdk/{defaultConfigs-VzvDejmy.js → defaultConfigs-DpslkAQd.js} +1 -1
- package/dist/esm/sdk/{getDeviceNumber-CkWRT17I.js → getDeviceNumber-fXizNGQl.js} +2 -2
- package/dist/esm/sdk/getDeviceNumber-fXizNGQl.js.map +1 -0
- package/dist/esm/sdk/{getDeviceNumber-CfmlgfMX.js → getDeviceNumber-zsOHT_Um.js} +6 -3
- package/dist/esm/sdk/{localOnly-DnpSyDaF.js → localOnly-Byi3AK7A.js} +2 -2
- package/dist/esm/sdk/{localOnly-DnpSyDaF.js.map → localOnly-Byi3AK7A.js.map} +1 -1
- package/dist/esm/sdk/{localOnly-BdumO2st.js → localOnly-pXMTqh1m.js} +5 -4
- package/dist/esm/sdk/offline-export-app.js +46 -44
- package/dist/esm/sdk/offline-export-app.js.map +1 -1
- package/dist/esm/sdk/{overlay-BTqPGG-o.js → overlay-ZGbucXIa.js} +2 -0
- package/dist/esm/sdk/{registration-C633u6x8.js → registration-CBiS4Ua_.js} +2 -2
- package/dist/esm/sdk/{registration-C633u6x8.js.map → registration-CBiS4Ua_.js.map} +1 -1
- package/dist/esm/sdk/{registration-xyYUFRqk.js → registration-DLPLsGCz.js} +5 -4
- package/dist/esm/sdk/{requestHelpers-DLBGBHMw.js → requestHelpers-Dh1hEYL9.js} +206 -204
- package/dist/esm/sdk/{router-BG6KC_p7.js → router-DuGYOd3G.js} +19 -4
- package/dist/esm/sdk/{rpcCalls-fLObBbbz.js → rpcCalls-BQrJMTdg.js} +3 -3
- package/dist/esm/sdk/{rpcCalls-CAU5XYEF.js → rpcCalls-YVeUVMk2.js} +9 -2
- package/dist/esm/sdk/{transactions-jH38BZ-Q.js → transactions-BIqKZeR0.js} +6 -18
- package/dist/esm/sdk/transactions-BIqKZeR0.js.map +1 -0
- package/dist/esm/sdk/{transactions-CzZAt1Yn.js → transactions-Bk-VavcV.js} +10 -21
- package/dist/esm/sdk/tx-confirm-ui.js +53 -53
- package/dist/esm/sdk/{tx-confirmer-wrapper-CqfVBUaA.js → tx-confirmer-wrapper-lHNgz9i4.js} +53 -53
- package/dist/esm/sdk/tx-confirmer.css +6 -4
- package/dist/esm/sdk/w3a-tx-confirmer.js +1 -1
- package/dist/esm/sdk/wallet-iframe-host.js +782 -447
- package/dist/esm/server/email-recovery/emailEncryptor.js +11 -1
- package/dist/esm/server/email-recovery/emailEncryptor.js.map +1 -1
- package/dist/esm/server/email-recovery/emailParsers.js +55 -1
- package/dist/esm/server/email-recovery/emailParsers.js.map +1 -1
- package/dist/esm/server/email-recovery/index.js +2 -2
- package/dist/esm/server/email-recovery/index.js.map +1 -1
- package/dist/esm/server/email-recovery/rpcCalls.js +14 -1
- package/dist/esm/server/email-recovery/rpcCalls.js.map +1 -1
- package/dist/esm/server/index.js +2 -2
- package/dist/esm/server/router/cloudflare.js.map +1 -1
- package/dist/esm/server/router/express.js.map +1 -1
- package/dist/esm/server/sdk/src/core/defaultConfigs.js +1 -1
- package/dist/esm/server/sdk/src/core/defaultConfigs.js.map +1 -1
- package/dist/esm/utils/index.js +10 -4
- package/dist/esm/wasm_vrf_worker/pkg/wasm_vrf_worker.js +3 -0
- package/dist/esm/wasm_vrf_worker/pkg/wasm_vrf_worker_bg.wasm +0 -0
- package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts +25 -0
- package/dist/types/src/core/EmailRecovery/emailRecoveryPendingStore.d.ts.map +1 -0
- package/dist/types/src/core/EmailRecovery/index.d.ts +1 -0
- package/dist/types/src/core/EmailRecovery/index.d.ts.map +1 -1
- package/dist/types/src/core/IndexedDBManager/passkeyClientDB.d.ts +11 -21
- package/dist/types/src/core/IndexedDBManager/passkeyClientDB.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts +45 -5
- package/dist/types/src/core/TatchiPasskey/emailRecovery.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/index.d.ts +10 -2
- package/dist/types/src/core/TatchiPasskey/index.d.ts.map +1 -1
- package/dist/types/src/core/TatchiPasskey/relay.d.ts +2 -1
- package/dist/types/src/core/TatchiPasskey/relay.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/TatchiPasskeyIframe.d.ts +4 -0
- package/dist/types/src/core/WalletIframe/TatchiPasskeyIframe.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/client/router.d.ts +7 -3
- package/dist/types/src/core/WalletIframe/client/router.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/host/wallet-iframe-handlers.d.ts.map +1 -1
- package/dist/types/src/core/WalletIframe/shared/messages.d.ts +6 -2
- package/dist/types/src/core/WalletIframe/shared/messages.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-drawer.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/LitComponents/IframeTxConfirmer/viewer-modal.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/vrf.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/adapters/webauthn.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/flows/transactions.d.ts.map +1 -1
- package/dist/types/src/core/WebAuthnManager/index.d.ts.map +1 -1
- package/dist/types/src/core/defaultConfigs.d.ts.map +1 -1
- package/dist/types/src/core/rpcCalls.d.ts +9 -0
- package/dist/types/src/core/rpcCalls.d.ts.map +1 -1
- package/dist/types/src/index.d.ts +1 -0
- package/dist/types/src/index.d.ts.map +1 -1
- package/dist/types/src/react/components/PasskeyAuthMenu/ui/EmailRecoverySlide.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/emailEncryptor.d.ts +4 -0
- package/dist/types/src/server/email-recovery/emailEncryptor.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/emailParsers.d.ts +7 -0
- package/dist/types/src/server/email-recovery/emailParsers.d.ts.map +1 -1
- package/dist/types/src/server/email-recovery/index.d.ts +1 -1
- package/dist/types/src/server/email-recovery/rpcCalls.d.ts +1 -1
- package/dist/types/src/server/email-recovery/rpcCalls.d.ts.map +1 -1
- package/dist/types/src/wasm_vrf_worker/pkg/wasm_vrf_worker.d.ts.map +1 -1
- package/dist/workers/wasm_vrf_worker_bg.wasm +0 -0
- package/dist/workers/web3authn-vrf.worker.js +3 -0
- package/package.json +1 -1
- package/dist/esm/sdk/createAdapters-pNiL2KNq.js.map +0 -1
- package/dist/esm/sdk/getDeviceNumber-CkWRT17I.js.map +0 -1
- package/dist/esm/sdk/transactions-jH38BZ-Q.js.map +0 -1
|
@@ -10,13 +10,13 @@ import { base64UrlDecode } from "./base64-DBPGuXh4.js";
|
|
|
10
10
|
import { ActionType, init_actions, toActionArgsWasm, validateActionArgsWasm } from "./actions-O1FD5Bq8.js";
|
|
11
11
|
import { ensureKnownW3aElement } from "./ensure-defined-CHInSx7l.js";
|
|
12
12
|
import { base58Encode, errorMessage, esm_default, getNearShortErrorMessage, getUserFriendlyErrorMessage, init_base58, init_encoders, init_errors, init_esm, isTouchIdCancellationError, toError } from "./errors-D9ar28Dr.js";
|
|
13
|
-
import { init_validation as init_validation$1, needsExplicitActivation, normalizeRegistrationCredential, removePrfOutputGuard, serializeRegistrationCredential, serializeRegistrationCredentialWithPRF, validateNearAccountId } from "./
|
|
14
|
-
import { MinimalNearClient, SignedTransaction, isOffline, openOfflineExport } from "./overlay-
|
|
13
|
+
import { init_credentialsHelpers, init_utils, init_validation as init_validation$1, needsExplicitActivation, normalizeRegistrationCredential, removePrfOutputGuard, serializeRegistrationCredential, serializeRegistrationCredentialWithPRF, validateNearAccountId } from "./WebAuthnFallbacks-Bl4BTsNt.js";
|
|
14
|
+
import { MinimalNearClient, SignedTransaction, isOffline, openOfflineExport } from "./overlay-ZGbucXIa.js";
|
|
15
15
|
import { AccountRecoveryPhase, AccountRecoveryStatus, ActionPhase, ActionStatus, DEFAULT_WAIT_STATUS, DeviceLinkingPhase, DeviceLinkingStatus, EmailRecoveryPhase, EmailRecoveryStatus, LoginPhase, LoginStatus, RegistrationPhase, RegistrationStatus, init_rpc, init_sdkSentEvents } from "./sdkSentEvents-_jrJLIhw.js";
|
|
16
|
-
import { SecureConfirmMessageType, SecureConfirmationType, TouchIdPrompt, authenticatorsToAllowCredentials, createRandomVRFChallenge, getIntentDigest, init_accountIds, parseTransactionSummary, sanitizeForPostMessage, sendConfirmResponse, toAccountId, validateVRFChallenge } from "./requestHelpers-
|
|
17
|
-
import { PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, init_defaultConfigs } from "./defaultConfigs-
|
|
18
|
-
import { buildSetRecoveryEmailsActions, checkCanRegisterUserContractCall, executeDeviceLinkingContractCalls, getCredentialIdsContractCall, getDeviceLinkingAccountContractCall, getRecoveryEmailHashesContractCall, init_rpcCalls, syncAuthenticatorsContractCall, verifyAuthenticationResponse } from "./rpcCalls-
|
|
19
|
-
import { getLastLoggedInDeviceNumber, parseDeviceNumber } from "./getDeviceNumber-
|
|
16
|
+
import { SecureConfirmMessageType, SecureConfirmationType, TouchIdPrompt, authenticatorsToAllowCredentials, createRandomVRFChallenge, getIntentDigest, init_accountIds, init_touchIdPrompt, init_vrf_worker, parseTransactionSummary, sanitizeForPostMessage, sendConfirmResponse, toAccountId, validateVRFChallenge } from "./requestHelpers-Dh1hEYL9.js";
|
|
17
|
+
import { PASSKEY_MANAGER_DEFAULT_CONFIGS, buildConfigsFromEnv, init_defaultConfigs } from "./defaultConfigs-DpslkAQd.js";
|
|
18
|
+
import { buildSetRecoveryEmailsActions, checkCanRegisterUserContractCall, executeDeviceLinkingContractCalls, getCredentialIdsContractCall, getDeviceLinkingAccountContractCall, getRecoveryEmailHashesContractCall, init_rpcCalls, syncAuthenticatorsContractCall, verifyAuthenticationResponse } from "./rpcCalls-YVeUVMk2.js";
|
|
19
|
+
import { getLastLoggedInDeviceNumber, init_getDeviceNumber, parseDeviceNumber } from "./getDeviceNumber-zsOHT_Um.js";
|
|
20
20
|
|
|
21
21
|
//#region src/core/sdkPaths/workers.ts
|
|
22
22
|
/**
|
|
@@ -1417,22 +1417,17 @@ var init_passkeyClientDB = __esm({ "src/core/IndexedDBManager/passkeyClientDB.ts
|
|
|
1417
1417
|
* @returns filtered authenticators for allowCredentials, plus optional wrongPasskeyError
|
|
1418
1418
|
*/
|
|
1419
1419
|
async ensureCurrentPasskey(nearAccountId, authenticators, selectedCredentialRawId) {
|
|
1420
|
-
|
|
1421
|
-
|
|
1422
|
-
|
|
1423
|
-
|
|
1424
|
-
|
|
1425
|
-
|
|
1426
|
-
|
|
1427
|
-
|
|
1428
|
-
|
|
1429
|
-
|
|
1430
|
-
|
|
1431
|
-
const matched = authenticators.find((a) => a.credentialId === selectedCredentialRawId);
|
|
1432
|
-
if (matched && matched.deviceNumber !== expectedDeviceNumber) wrongPasskeyError = `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, but used a passkey from a different device. Please use the passkey for the most recently logged-in device.`;
|
|
1433
|
-
}
|
|
1434
|
-
}
|
|
1435
|
-
}
|
|
1420
|
+
if (authenticators.length <= 1) return { authenticatorsForPrompt: authenticators };
|
|
1421
|
+
const accountIdNormalized = toAccountId(nearAccountId);
|
|
1422
|
+
const lastUser = await this.getLastUser().catch(() => null);
|
|
1423
|
+
if (!lastUser || lastUser.nearAccountId !== accountIdNormalized) return { authenticatorsForPrompt: authenticators };
|
|
1424
|
+
const expectedDeviceNumber = lastUser.deviceNumber;
|
|
1425
|
+
const byDeviceNumber = authenticators.filter((a) => a.deviceNumber === expectedDeviceNumber);
|
|
1426
|
+
let expectedCredentialId = lastUser.passkeyCredential.rawId;
|
|
1427
|
+
if (byDeviceNumber.length > 0 && !byDeviceNumber.some((a) => a.credentialId === expectedCredentialId)) expectedCredentialId = byDeviceNumber[0].credentialId;
|
|
1428
|
+
const byCredentialId = authenticators.filter((a) => a.credentialId === expectedCredentialId);
|
|
1429
|
+
const authenticatorsForPrompt = byCredentialId.length > 0 ? byCredentialId : byDeviceNumber.length > 0 ? byDeviceNumber : authenticators;
|
|
1430
|
+
const wrongPasskeyError = selectedCredentialRawId && selectedCredentialRawId !== expectedCredentialId ? `You have multiple passkeys (deviceNumbers) for account ${accountIdNormalized}, but used a different passkey than the most recently logged-in one. Please use the passkey for the most recently logged-in device.` : void 0;
|
|
1436
1431
|
return {
|
|
1437
1432
|
authenticatorsForPrompt,
|
|
1438
1433
|
wrongPasskeyError
|
|
@@ -1543,30 +1538,34 @@ var init_passkeyClientDB = __esm({ "src/core/IndexedDBManager/passkeyClientDB.ts
|
|
|
1543
1538
|
* @param userData - User data with nearAccountId as primary identifier
|
|
1544
1539
|
*/
|
|
1545
1540
|
async storeWebAuthnUserData(userData) {
|
|
1546
|
-
if (userData.deviceNumber === void 0) console.warn("WARNING: deviceNumber is undefined in storeWebAuthnUserData, will default to 1");
|
|
1547
1541
|
const validation = this.validateNearAccountId(userData.nearAccountId);
|
|
1548
1542
|
if (!validation.valid) throw new Error(`Cannot store WebAuthn data for invalid account ID: ${validation.error}`);
|
|
1549
|
-
|
|
1550
|
-
|
|
1551
|
-
|
|
1552
|
-
|
|
1553
|
-
|
|
1554
|
-
|
|
1555
|
-
clientNearPublicKey: userData.clientNearPublicKey,
|
|
1556
|
-
passkeyCredential: userData.passkeyCredential,
|
|
1557
|
-
encryptedVrfKeypair: userData.encryptedVrfKeypair,
|
|
1558
|
-
version: userData.version || 2,
|
|
1559
|
-
serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair
|
|
1560
|
-
});
|
|
1561
|
-
}
|
|
1562
|
-
const finalDeviceNumber = userData.deviceNumber || existingUser.deviceNumber;
|
|
1563
|
-
await this.updateUser(userData.nearAccountId, {
|
|
1543
|
+
const accountId = toAccountId(userData.nearAccountId);
|
|
1544
|
+
const deviceNumber = userData.deviceNumber;
|
|
1545
|
+
let user = await this.getUser(accountId, deviceNumber);
|
|
1546
|
+
if (!user) user = await this.registerUser({
|
|
1547
|
+
nearAccountId: accountId,
|
|
1548
|
+
deviceNumber,
|
|
1564
1549
|
clientNearPublicKey: userData.clientNearPublicKey,
|
|
1550
|
+
passkeyCredential: userData.passkeyCredential,
|
|
1565
1551
|
encryptedVrfKeypair: userData.encryptedVrfKeypair,
|
|
1566
|
-
|
|
1567
|
-
|
|
1568
|
-
|
|
1569
|
-
|
|
1552
|
+
version: userData.version || 2,
|
|
1553
|
+
serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair
|
|
1554
|
+
});
|
|
1555
|
+
const updatedUser = {
|
|
1556
|
+
...user,
|
|
1557
|
+
clientNearPublicKey: userData.clientNearPublicKey,
|
|
1558
|
+
passkeyCredential: userData.passkeyCredential,
|
|
1559
|
+
encryptedVrfKeypair: userData.encryptedVrfKeypair,
|
|
1560
|
+
serverEncryptedVrfKeypair: userData.serverEncryptedVrfKeypair ?? user.serverEncryptedVrfKeypair,
|
|
1561
|
+
version: userData.version ?? user.version,
|
|
1562
|
+
lastUpdated: userData.lastUpdated ?? Date.now()
|
|
1563
|
+
};
|
|
1564
|
+
await this.storeUser(updatedUser);
|
|
1565
|
+
this.emitEvent({
|
|
1566
|
+
type: "user-updated",
|
|
1567
|
+
accountId,
|
|
1568
|
+
data: { updatedUser }
|
|
1570
1569
|
});
|
|
1571
1570
|
}
|
|
1572
1571
|
async getAllUsers() {
|
|
@@ -2220,6 +2219,13 @@ const DEVICE_LINKING_CONFIG = {
|
|
|
2220
2219
|
|
|
2221
2220
|
//#endregion
|
|
2222
2221
|
//#region src/core/workerControlMessages.ts
|
|
2222
|
+
init_touchIdPrompt();
|
|
2223
|
+
init_credentialsHelpers();
|
|
2224
|
+
init_vrf_worker();
|
|
2225
|
+
init_utils();
|
|
2226
|
+
init_encoders();
|
|
2227
|
+
init_base58();
|
|
2228
|
+
init_esm();
|
|
2223
2229
|
/**
|
|
2224
2230
|
* Control messages exchanged between worker shims and the main thread.
|
|
2225
2231
|
*
|
|
@@ -2375,11 +2381,9 @@ async function checkCanRegisterUser({ ctx, vrfChallenge, credential, contractId,
|
|
|
2375
2381
|
|
|
2376
2382
|
//#endregion
|
|
2377
2383
|
//#region src/core/types/authenticatorOptions.ts
|
|
2384
|
+
init_getDeviceNumber();
|
|
2378
2385
|
init_sdkSentEvents();
|
|
2379
2386
|
init_rpc();
|
|
2380
|
-
init_encoders();
|
|
2381
|
-
init_base58();
|
|
2382
|
-
init_esm();
|
|
2383
2387
|
init_actions();
|
|
2384
2388
|
init_wasm_signer_worker();
|
|
2385
2389
|
/**
|
|
@@ -2500,6 +2504,7 @@ async function deriveNearKeypairAndEncryptFromSerialized({ ctx, credential, near
|
|
|
2500
2504
|
//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts
|
|
2501
2505
|
init_signer_worker();
|
|
2502
2506
|
init_accountIds();
|
|
2507
|
+
init_getDeviceNumber();
|
|
2503
2508
|
init_validation();
|
|
2504
2509
|
async function decryptPrivateKeyWithPrf({ ctx, nearAccountId, authenticators, sessionId }) {
|
|
2505
2510
|
try {
|
|
@@ -2567,6 +2572,7 @@ const generateSessionId = () => {
|
|
|
2567
2572
|
init_signer_worker();
|
|
2568
2573
|
init_defaultConfigs();
|
|
2569
2574
|
init_accountIds();
|
|
2575
|
+
init_getDeviceNumber();
|
|
2570
2576
|
init_validation();
|
|
2571
2577
|
/**
|
|
2572
2578
|
* Sign multiple transactions with shared VRF challenge and credential
|
|
@@ -2662,6 +2668,7 @@ async function signTransactionsWithActions$1({ ctx, transactions, rpcCall, onEve
|
|
|
2662
2668
|
|
|
2663
2669
|
//#endregion
|
|
2664
2670
|
//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/validation.ts
|
|
2671
|
+
init_credentialsHelpers();
|
|
2665
2672
|
init_validation();
|
|
2666
2673
|
function validateTransactionContextMaybe(input) {
|
|
2667
2674
|
if (input == null) return void 0;
|
|
@@ -2737,6 +2744,7 @@ init_defaultConfigs();
|
|
|
2737
2744
|
init_accountIds();
|
|
2738
2745
|
init_actions();
|
|
2739
2746
|
init_signer_worker();
|
|
2747
|
+
init_getDeviceNumber();
|
|
2740
2748
|
async function signDelegateAction$1({ ctx, delegate, rpcCall, onEvent, confirmationConfigOverride, title, body, sessionId: providedSessionId }) {
|
|
2741
2749
|
const sessionId = providedSessionId ?? generateSessionId();
|
|
2742
2750
|
const nearAccountId = rpcCall.nearAccountId || delegate.senderId;
|
|
@@ -2938,6 +2946,7 @@ async function signTransactionWithKeyPair({ ctx, nearPrivateKey, signerAccountId
|
|
|
2938
2946
|
//#endregion
|
|
2939
2947
|
//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/signNep413Message.ts
|
|
2940
2948
|
init_signer_worker();
|
|
2949
|
+
init_getDeviceNumber();
|
|
2941
2950
|
init_validation();
|
|
2942
2951
|
/**
|
|
2943
2952
|
* Sign a NEP-413 message using the user's passkey-derived private key
|
|
@@ -3112,6 +3121,7 @@ async function registerDevice2WithDerivedKey({ ctx, sessionId, nearAccountId, cr
|
|
|
3112
3121
|
|
|
3113
3122
|
//#endregion
|
|
3114
3123
|
//#region src/core/WebAuthnManager/VrfWorkerManager/confirmTxFlow/determineConfirmationConfig.ts
|
|
3124
|
+
init_utils();
|
|
3115
3125
|
/**
|
|
3116
3126
|
* determineConfirmationConfig
|
|
3117
3127
|
*
|
|
@@ -3261,42 +3271,42 @@ async function importFlow(label, loader) {
|
|
|
3261
3271
|
}
|
|
3262
3272
|
const HANDLERS = {
|
|
3263
3273
|
[SecureConfirmationType.DECRYPT_PRIVATE_KEY_WITH_PRF]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3264
|
-
const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-
|
|
3274
|
+
const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-pXMTqh1m.js"));
|
|
3265
3275
|
await handleLocalOnlyFlow(ctx, request, worker, {
|
|
3266
3276
|
confirmationConfig,
|
|
3267
3277
|
transactionSummary
|
|
3268
3278
|
});
|
|
3269
3279
|
},
|
|
3270
3280
|
[SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3271
|
-
const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-
|
|
3281
|
+
const { handleLocalOnlyFlow } = await importFlow("localOnly", () => import("./localOnly-pXMTqh1m.js"));
|
|
3272
3282
|
await handleLocalOnlyFlow(ctx, request, worker, {
|
|
3273
3283
|
confirmationConfig,
|
|
3274
3284
|
transactionSummary
|
|
3275
3285
|
});
|
|
3276
3286
|
},
|
|
3277
3287
|
[SecureConfirmationType.REGISTER_ACCOUNT]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3278
|
-
const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-
|
|
3288
|
+
const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-DLPLsGCz.js"));
|
|
3279
3289
|
await handleRegistrationFlow(ctx, request, worker, {
|
|
3280
3290
|
confirmationConfig,
|
|
3281
3291
|
transactionSummary
|
|
3282
3292
|
});
|
|
3283
3293
|
},
|
|
3284
3294
|
[SecureConfirmationType.LINK_DEVICE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3285
|
-
const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-
|
|
3295
|
+
const { handleRegistrationFlow } = await importFlow("registration", () => import("./registration-DLPLsGCz.js"));
|
|
3286
3296
|
await handleRegistrationFlow(ctx, request, worker, {
|
|
3287
3297
|
confirmationConfig,
|
|
3288
3298
|
transactionSummary
|
|
3289
3299
|
});
|
|
3290
3300
|
},
|
|
3291
3301
|
[SecureConfirmationType.SIGN_TRANSACTION]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3292
|
-
const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-
|
|
3302
|
+
const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-Bk-VavcV.js"));
|
|
3293
3303
|
await handleTransactionSigningFlow(ctx, request, worker, {
|
|
3294
3304
|
confirmationConfig,
|
|
3295
3305
|
transactionSummary
|
|
3296
3306
|
});
|
|
3297
3307
|
},
|
|
3298
3308
|
[SecureConfirmationType.SIGN_NEP413_MESSAGE]: async ({ ctx, request, worker, confirmationConfig, transactionSummary }) => {
|
|
3299
|
-
const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-
|
|
3309
|
+
const { handleTransactionSigningFlow } = await importFlow("transactions", () => import("./transactions-Bk-VavcV.js"));
|
|
3300
3310
|
await handleTransactionSigningFlow(ctx, request, worker, {
|
|
3301
3311
|
confirmationConfig,
|
|
3302
3312
|
transactionSummary
|
|
@@ -3329,6 +3339,7 @@ async function runSecureConfirm(ctx, request) {
|
|
|
3329
3339
|
init_validation();
|
|
3330
3340
|
init_accountIds();
|
|
3331
3341
|
init_signer_worker();
|
|
3342
|
+
init_getDeviceNumber();
|
|
3332
3343
|
/**
|
|
3333
3344
|
* Two-phase export (worker-driven):
|
|
3334
3345
|
* - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker
|
|
@@ -4129,6 +4140,7 @@ async function createSigningSessionChannel(ctx, sessionId) {
|
|
|
4129
4140
|
|
|
4130
4141
|
//#endregion
|
|
4131
4142
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/deriveVrfKeypairFromPrf.ts
|
|
4143
|
+
init_vrf_worker();
|
|
4132
4144
|
/**
|
|
4133
4145
|
* Derive deterministic VRF keypair from PRF output embedded in a WebAuthn credential.
|
|
4134
4146
|
*/
|
|
@@ -4246,6 +4258,7 @@ async function dispenseSessionKey(ctx, args) {
|
|
|
4246
4258
|
|
|
4247
4259
|
//#endregion
|
|
4248
4260
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfChallenge.ts
|
|
4261
|
+
init_vrf_worker();
|
|
4249
4262
|
/**
|
|
4250
4263
|
* Generate a VRF challenge and cache it under `sessionId` inside the VRF worker.
|
|
4251
4264
|
*
|
|
@@ -4287,6 +4300,7 @@ async function generateVrfChallengeInternal(ctx, inputData, sessionId) {
|
|
|
4287
4300
|
|
|
4288
4301
|
//#endregion
|
|
4289
4302
|
//#region src/core/WebAuthnManager/VrfWorkerManager/handlers/generateVrfKeypairBootstrap.ts
|
|
4303
|
+
init_vrf_worker();
|
|
4290
4304
|
/**
|
|
4291
4305
|
* Registration bootstrap: generate a fresh random VRF keypair in the VRF worker and (optionally)
|
|
4292
4306
|
* generate a VRF challenge from it.
|
|
@@ -5631,7 +5645,9 @@ function __isWalletIframeHostMode() {
|
|
|
5631
5645
|
//#endregion
|
|
5632
5646
|
//#region src/core/WebAuthnManager/index.ts
|
|
5633
5647
|
init_IndexedDBManager();
|
|
5648
|
+
init_touchIdPrompt();
|
|
5634
5649
|
init_accountIds();
|
|
5650
|
+
init_getDeviceNumber();
|
|
5635
5651
|
/**
|
|
5636
5652
|
* WebAuthnManager - Main orchestrator for WebAuthn operations
|
|
5637
5653
|
*
|
|
@@ -6154,6 +6170,7 @@ var WebAuthnManager = class {
|
|
|
6154
6170
|
async storeUserData(userData) {
|
|
6155
6171
|
await IndexedDBManager.clientDB.storeWebAuthnUserData({
|
|
6156
6172
|
...userData,
|
|
6173
|
+
deviceNumber: userData.deviceNumber ?? 1,
|
|
6157
6174
|
version: userData.version || 2
|
|
6158
6175
|
});
|
|
6159
6176
|
}
|
|
@@ -6209,10 +6226,12 @@ var WebAuthnManager = class {
|
|
|
6209
6226
|
return await IndexedDBManager.clientDB.registerUser(storeUserData);
|
|
6210
6227
|
}
|
|
6211
6228
|
async storeAuthenticator(authenticatorData) {
|
|
6229
|
+
const deviceNumber = Number(authenticatorData.deviceNumber);
|
|
6230
|
+
const normalizedDeviceNumber = Number.isSafeInteger(deviceNumber) && deviceNumber >= 1 ? deviceNumber : 1;
|
|
6212
6231
|
const authData = {
|
|
6213
6232
|
...authenticatorData,
|
|
6214
6233
|
nearAccountId: toAccountId(authenticatorData.nearAccountId),
|
|
6215
|
-
deviceNumber:
|
|
6234
|
+
deviceNumber: normalizedDeviceNumber
|
|
6216
6235
|
};
|
|
6217
6236
|
return await IndexedDBManager.clientDB.storeAuthenticator(authData);
|
|
6218
6237
|
}
|
|
@@ -6477,9 +6496,6 @@ var WebAuthnManager = class {
|
|
|
6477
6496
|
|
|
6478
6497
|
//#endregion
|
|
6479
6498
|
//#region src/core/TatchiPasskey/login.ts
|
|
6480
|
-
init_errors();
|
|
6481
|
-
init_IndexedDBManager();
|
|
6482
|
-
init_rpcCalls();
|
|
6483
6499
|
/**
|
|
6484
6500
|
* Core login function that handles passkey authentication without React dependencies.
|
|
6485
6501
|
*
|
|
@@ -7027,9 +7043,17 @@ async function logoutAndClearSession(context) {
|
|
|
7027
7043
|
webAuthnManager.getNonceManager().clear();
|
|
7028
7044
|
} catch {}
|
|
7029
7045
|
}
|
|
7046
|
+
var init_login = __esm({ "src/core/TatchiPasskey/login.ts": (() => {
|
|
7047
|
+
init_errors();
|
|
7048
|
+
init_vrf_worker();
|
|
7049
|
+
init_touchIdPrompt();
|
|
7050
|
+
init_IndexedDBManager();
|
|
7051
|
+
init_rpcCalls();
|
|
7052
|
+
}) });
|
|
7030
7053
|
|
|
7031
7054
|
//#endregion
|
|
7032
7055
|
//#region src/core/TatchiPasskey/actions.ts
|
|
7056
|
+
init_login();
|
|
7033
7057
|
init_actions();
|
|
7034
7058
|
init_sdkSentEvents();
|
|
7035
7059
|
init_errors();
|
|
@@ -7472,6 +7496,7 @@ async function wasmAuthenticateAndSignTransactions(context, nearAccountId, trans
|
|
|
7472
7496
|
|
|
7473
7497
|
//#endregion
|
|
7474
7498
|
//#region src/core/WebAuthnManager/userHandle.ts
|
|
7499
|
+
init_utils();
|
|
7475
7500
|
init_validation$1();
|
|
7476
7501
|
/**
|
|
7477
7502
|
* Parse a WebAuthn userHandle into a NEAR account ID.
|
|
@@ -7506,6 +7531,7 @@ function parseAccountIdFromUserHandle(userHandle) {
|
|
|
7506
7531
|
init_sdkSentEvents();
|
|
7507
7532
|
init_validation$1();
|
|
7508
7533
|
init_accountIds();
|
|
7534
|
+
init_vrf_worker();
|
|
7509
7535
|
init_IndexedDBManager();
|
|
7510
7536
|
init_rpcCalls();
|
|
7511
7537
|
/**
|
|
@@ -7921,6 +7947,7 @@ async function restoreAuthenticators({ webAuthnManager, accountId, contractAuthe
|
|
|
7921
7947
|
//#endregion
|
|
7922
7948
|
//#region src/core/TatchiPasskey/faucets/createAccountRelayServer.ts
|
|
7923
7949
|
init_sdkSentEvents();
|
|
7950
|
+
init_credentialsHelpers();
|
|
7924
7951
|
init_validation();
|
|
7925
7952
|
init_errors();
|
|
7926
7953
|
/**
|
|
@@ -8881,6 +8908,7 @@ init_IndexedDBManager();
|
|
|
8881
8908
|
init_actions();
|
|
8882
8909
|
init_rpcCalls();
|
|
8883
8910
|
init_sdkSentEvents();
|
|
8911
|
+
init_getDeviceNumber();
|
|
8884
8912
|
async function generateQRCodeDataURL(data) {
|
|
8885
8913
|
const { default: QRCode } = await import("./browser-B3uuzKL0.js").then(__toDynamicImportESM(1));
|
|
8886
8914
|
return QRCode.toDataURL(data, {
|
|
@@ -9571,6 +9599,7 @@ var LinkDeviceFlow = class {
|
|
|
9571
9599
|
//#endregion
|
|
9572
9600
|
//#region src/core/TatchiPasskey/scanDevice.ts
|
|
9573
9601
|
init_validation$1();
|
|
9602
|
+
init_login();
|
|
9574
9603
|
init_sdkSentEvents();
|
|
9575
9604
|
init_rpcCalls();
|
|
9576
9605
|
/**
|
|
@@ -9816,8 +9845,30 @@ async function signDelegateAction(args) {
|
|
|
9816
9845
|
//#endregion
|
|
9817
9846
|
//#region src/core/TatchiPasskey/relay.ts
|
|
9818
9847
|
init_sdkSentEvents();
|
|
9848
|
+
const toNumberArray = (value) => Array.isArray(value) ? value : Array.from(value);
|
|
9849
|
+
const normalizeSignedDelegateForRelay = (signedDelegate) => {
|
|
9850
|
+
const delegateAction = signedDelegate.delegateAction;
|
|
9851
|
+
const signature = signedDelegate.signature;
|
|
9852
|
+
return {
|
|
9853
|
+
delegateAction: {
|
|
9854
|
+
...delegateAction,
|
|
9855
|
+
publicKey: {
|
|
9856
|
+
...delegateAction.publicKey,
|
|
9857
|
+
keyData: toNumberArray(delegateAction.publicKey.keyData)
|
|
9858
|
+
}
|
|
9859
|
+
},
|
|
9860
|
+
signature: {
|
|
9861
|
+
...signature,
|
|
9862
|
+
signatureData: toNumberArray(signature.signatureData)
|
|
9863
|
+
}
|
|
9864
|
+
};
|
|
9865
|
+
};
|
|
9819
9866
|
async function sendDelegateActionViaRelayer(args) {
|
|
9820
9867
|
const { url, payload, signal, options } = args;
|
|
9868
|
+
const normalizedPayload = {
|
|
9869
|
+
...payload,
|
|
9870
|
+
signedDelegate: normalizeSignedDelegateForRelay(payload.signedDelegate)
|
|
9871
|
+
};
|
|
9821
9872
|
const emit = (event) => options?.onEvent?.(event);
|
|
9822
9873
|
const emitError = (message) => {
|
|
9823
9874
|
emit({
|
|
@@ -9839,7 +9890,7 @@ async function sendDelegateActionViaRelayer(args) {
|
|
|
9839
9890
|
res = await fetch(url, {
|
|
9840
9891
|
method: "POST",
|
|
9841
9892
|
headers: { "content-type": "application/json" },
|
|
9842
|
-
body: JSON.stringify(
|
|
9893
|
+
body: JSON.stringify(normalizedPayload),
|
|
9843
9894
|
signal
|
|
9844
9895
|
});
|
|
9845
9896
|
} catch (err$1) {
|
|
@@ -9904,21 +9955,65 @@ const OFFLINE_EXPORT_FALLBACK = "OFFLINE_EXPORT_FALLBACK";
|
|
|
9904
9955
|
const WALLET_UI_CLOSED = "WALLET_UI_CLOSED";
|
|
9905
9956
|
const EXPORT_NEAR_KEYPAIR_CANCELLED = "EXPORT_NEAR_KEYPAIR_CANCELLED";
|
|
9906
9957
|
|
|
9958
|
+
//#endregion
|
|
9959
|
+
//#region src/core/EmailRecovery/emailRecoveryPendingStore.ts
|
|
9960
|
+
var EmailRecoveryPendingStore;
|
|
9961
|
+
var init_emailRecoveryPendingStore = __esm({ "src/core/EmailRecovery/emailRecoveryPendingStore.ts": (() => {
|
|
9962
|
+
init_IndexedDBManager();
|
|
9963
|
+
EmailRecoveryPendingStore = class {
|
|
9964
|
+
getPendingTtlMs;
|
|
9965
|
+
now;
|
|
9966
|
+
constructor(options) {
|
|
9967
|
+
this.getPendingTtlMs = options.getPendingTtlMs;
|
|
9968
|
+
this.now = options.now ?? Date.now;
|
|
9969
|
+
}
|
|
9970
|
+
getPendingIndexKey(accountId) {
|
|
9971
|
+
return `pendingEmailRecovery:${accountId}`;
|
|
9972
|
+
}
|
|
9973
|
+
getPendingRecordKey(accountId, nearPublicKey) {
|
|
9974
|
+
return `${this.getPendingIndexKey(accountId)}:${nearPublicKey}`;
|
|
9975
|
+
}
|
|
9976
|
+
async get(accountId, nearPublicKey) {
|
|
9977
|
+
const pendingTtlMs = this.getPendingTtlMs();
|
|
9978
|
+
const indexKey = this.getPendingIndexKey(accountId);
|
|
9979
|
+
const indexedNearPublicKey = await IndexedDBManager.clientDB.getAppState(indexKey);
|
|
9980
|
+
const resolvedNearPublicKey = nearPublicKey ?? indexedNearPublicKey;
|
|
9981
|
+
if (!resolvedNearPublicKey) return null;
|
|
9982
|
+
const recordKey = this.getPendingRecordKey(accountId, resolvedNearPublicKey);
|
|
9983
|
+
const record = await IndexedDBManager.clientDB.getAppState(recordKey);
|
|
9984
|
+
const shouldClearIndex = indexedNearPublicKey === resolvedNearPublicKey;
|
|
9985
|
+
if (!record) {
|
|
9986
|
+
if (shouldClearIndex) await IndexedDBManager.clientDB.setAppState(indexKey, void 0).catch(() => {});
|
|
9987
|
+
return null;
|
|
9988
|
+
}
|
|
9989
|
+
if (this.now() - record.createdAt > pendingTtlMs) {
|
|
9990
|
+
await IndexedDBManager.clientDB.setAppState(recordKey, void 0).catch(() => {});
|
|
9991
|
+
if (shouldClearIndex) await IndexedDBManager.clientDB.setAppState(indexKey, void 0).catch(() => {});
|
|
9992
|
+
return null;
|
|
9993
|
+
}
|
|
9994
|
+
await this.touchIndex(accountId, record.nearPublicKey);
|
|
9995
|
+
return record;
|
|
9996
|
+
}
|
|
9997
|
+
async set(record) {
|
|
9998
|
+
const key = this.getPendingRecordKey(record.accountId, record.nearPublicKey);
|
|
9999
|
+
await IndexedDBManager.clientDB.setAppState(key, record);
|
|
10000
|
+
await this.touchIndex(record.accountId, record.nearPublicKey);
|
|
10001
|
+
}
|
|
10002
|
+
async clear(accountId, nearPublicKey) {
|
|
10003
|
+
const indexKey = this.getPendingIndexKey(accountId);
|
|
10004
|
+
const idx = await IndexedDBManager.clientDB.getAppState(indexKey).catch(() => void 0);
|
|
10005
|
+
const resolvedNearPublicKey = nearPublicKey || idx || "";
|
|
10006
|
+
if (resolvedNearPublicKey) await IndexedDBManager.clientDB.setAppState(this.getPendingRecordKey(accountId, resolvedNearPublicKey), void 0).catch(() => {});
|
|
10007
|
+
if (!nearPublicKey || idx === nearPublicKey) await IndexedDBManager.clientDB.setAppState(indexKey, void 0).catch(() => {});
|
|
10008
|
+
}
|
|
10009
|
+
async touchIndex(accountId, nearPublicKey) {
|
|
10010
|
+
await IndexedDBManager.clientDB.setAppState(this.getPendingIndexKey(accountId), nearPublicKey).catch(() => {});
|
|
10011
|
+
}
|
|
10012
|
+
};
|
|
10013
|
+
}) });
|
|
10014
|
+
|
|
9907
10015
|
//#endregion
|
|
9908
10016
|
//#region src/core/EmailRecovery/index.ts
|
|
9909
|
-
init_accountIds();
|
|
9910
|
-
init_IndexedDBManager();
|
|
9911
|
-
const canonicalizeEmail = (email) => {
|
|
9912
|
-
let addr = email;
|
|
9913
|
-
const angleStart = email.indexOf("<");
|
|
9914
|
-
const angleEnd = email.indexOf(">");
|
|
9915
|
-
if (angleStart !== -1 && angleEnd > angleStart) addr = email.slice(angleStart + 1, angleEnd);
|
|
9916
|
-
return addr.trim().toLowerCase();
|
|
9917
|
-
};
|
|
9918
|
-
const bytesToHex = (bytes) => {
|
|
9919
|
-
const arr = bytes instanceof Uint8Array ? bytes : Uint8Array.from(bytes);
|
|
9920
|
-
return `0x${Array.from(arr).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
|
|
9921
|
-
};
|
|
9922
10017
|
async function hashRecoveryEmails(emails, accountId) {
|
|
9923
10018
|
const encoder = new TextEncoder();
|
|
9924
10019
|
const salt = (accountId || "").trim().toLowerCase();
|
|
@@ -9965,6 +10060,30 @@ async function prepareRecoveryEmails(nearAccountId, recoveryEmails) {
|
|
|
9965
10060
|
async function getLocalRecoveryEmails(nearAccountId) {
|
|
9966
10061
|
return IndexedDBManager.getRecoveryEmails(nearAccountId);
|
|
9967
10062
|
}
|
|
10063
|
+
var canonicalizeEmail, bytesToHex;
|
|
10064
|
+
var init_EmailRecovery = __esm({ "src/core/EmailRecovery/index.ts": (() => {
|
|
10065
|
+
init_accountIds();
|
|
10066
|
+
init_IndexedDBManager();
|
|
10067
|
+
init_emailRecoveryPendingStore();
|
|
10068
|
+
canonicalizeEmail = (email) => {
|
|
10069
|
+
const raw = String(email || "").trim();
|
|
10070
|
+
if (!raw) return "";
|
|
10071
|
+
const withoutHeaderName = raw.replace(/^[a-z0-9-]+\s*:\s*/i, "").trim();
|
|
10072
|
+
const emailRegex = /([a-zA-Z0-9.!#$%&'*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*)/;
|
|
10073
|
+
const angleMatch = withoutHeaderName.match(/<([^>]+)>/);
|
|
10074
|
+
const candidates = [angleMatch?.[1], withoutHeaderName].filter((v) => typeof v === "string" && v.length > 0);
|
|
10075
|
+
for (const candidate of candidates) {
|
|
10076
|
+
const cleaned = candidate.replace(/^mailto:\s*/i, "");
|
|
10077
|
+
const match = cleaned.match(emailRegex);
|
|
10078
|
+
if (match?.[1]) return match[1].trim().toLowerCase();
|
|
10079
|
+
}
|
|
10080
|
+
return withoutHeaderName.toLowerCase();
|
|
10081
|
+
};
|
|
10082
|
+
bytesToHex = (bytes) => {
|
|
10083
|
+
const arr = bytes instanceof Uint8Array ? bytes : Uint8Array.from(bytes);
|
|
10084
|
+
return `0x${Array.from(arr).map((b) => b.toString(16).padStart(2, "0")).join("")}`;
|
|
10085
|
+
};
|
|
10086
|
+
}) });
|
|
9968
10087
|
|
|
9969
10088
|
//#endregion
|
|
9970
10089
|
//#region src/core/TatchiPasskey/emailRecovery.ts
|
|
@@ -10007,9 +10126,15 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10007
10126
|
init_validation$1();
|
|
10008
10127
|
init_accountIds();
|
|
10009
10128
|
init_sdkSentEvents();
|
|
10129
|
+
init_vrf_worker();
|
|
10130
|
+
init_rpc();
|
|
10131
|
+
init_getDeviceNumber();
|
|
10132
|
+
init_login();
|
|
10133
|
+
init_EmailRecovery();
|
|
10010
10134
|
EmailRecoveryFlow = class {
|
|
10011
10135
|
context;
|
|
10012
10136
|
options;
|
|
10137
|
+
pendingStore;
|
|
10013
10138
|
pending = null;
|
|
10014
10139
|
phase = EmailRecoveryPhase.STEP_1_PREPARATION;
|
|
10015
10140
|
pollingTimer;
|
|
@@ -10020,6 +10145,7 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10020
10145
|
constructor(context, options) {
|
|
10021
10146
|
this.context = context;
|
|
10022
10147
|
this.options = options;
|
|
10148
|
+
this.pendingStore = options?.pendingStore ?? new EmailRecoveryPendingStore({ getPendingTtlMs: () => this.getConfig().pendingTtlMs });
|
|
10023
10149
|
}
|
|
10024
10150
|
setOptions(options) {
|
|
10025
10151
|
if (!options) return;
|
|
@@ -10027,6 +10153,7 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10027
10153
|
...this.options || {},
|
|
10028
10154
|
...options
|
|
10029
10155
|
};
|
|
10156
|
+
if (options.pendingStore) this.pendingStore = options.pendingStore;
|
|
10030
10157
|
}
|
|
10031
10158
|
emit(event) {
|
|
10032
10159
|
this.options?.onEvent?.(event);
|
|
@@ -10045,18 +10172,139 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10045
10172
|
this.options?.onError?.(err$1);
|
|
10046
10173
|
return err$1;
|
|
10047
10174
|
}
|
|
10175
|
+
async fail(step, message) {
|
|
10176
|
+
const err$1 = this.emitError(step, message);
|
|
10177
|
+
await this.options?.afterCall?.(false);
|
|
10178
|
+
throw err$1;
|
|
10179
|
+
}
|
|
10180
|
+
async assertValidAccountIdOrFail(step, accountId) {
|
|
10181
|
+
const validation = validateNearAccountId(accountId);
|
|
10182
|
+
if (!validation.valid) await this.fail(step, `Invalid NEAR account ID: ${validation.error}`);
|
|
10183
|
+
return toAccountId(accountId);
|
|
10184
|
+
}
|
|
10185
|
+
async resolvePendingOrFail(step, args, options) {
|
|
10186
|
+
const { allowErrorStatus = true, missingMessage = "No pending email recovery record found for this account", errorStatusMessage = "Pending email recovery is in an error state; please restart the flow" } = options ?? {};
|
|
10187
|
+
let rec = this.pending;
|
|
10188
|
+
if (!rec || rec.accountId !== args.accountId || args.nearPublicKey && rec.nearPublicKey !== args.nearPublicKey) {
|
|
10189
|
+
rec = await this.loadPending(args.accountId, args.nearPublicKey);
|
|
10190
|
+
this.pending = rec;
|
|
10191
|
+
}
|
|
10192
|
+
if (!rec) await this.fail(step, missingMessage);
|
|
10193
|
+
const resolved = rec;
|
|
10194
|
+
if (!allowErrorStatus && resolved.status === "error") await this.fail(step, errorStatusMessage);
|
|
10195
|
+
return resolved;
|
|
10196
|
+
}
|
|
10048
10197
|
getConfig() {
|
|
10049
10198
|
return getEmailRecoveryConfig(this.context.configs);
|
|
10050
10199
|
}
|
|
10051
|
-
|
|
10200
|
+
toBigInt(value) {
|
|
10201
|
+
if (typeof value === "bigint") return value;
|
|
10202
|
+
if (typeof value === "number") return BigInt(value);
|
|
10203
|
+
if (typeof value === "string" && value.length > 0) return BigInt(value);
|
|
10204
|
+
return BigInt(0);
|
|
10205
|
+
}
|
|
10206
|
+
computeAvailableBalance(accountView) {
|
|
10207
|
+
const STORAGE_PRICE_PER_BYTE = BigInt("10000000000000000000");
|
|
10208
|
+
const amount = this.toBigInt(accountView.amount);
|
|
10209
|
+
const locked = this.toBigInt(accountView.locked);
|
|
10210
|
+
const storageUsage = this.toBigInt(accountView.storage_usage);
|
|
10211
|
+
const storageCost = storageUsage * STORAGE_PRICE_PER_BYTE;
|
|
10212
|
+
const rawAvailable = amount - locked - storageCost;
|
|
10213
|
+
return rawAvailable > 0 ? rawAvailable : BigInt(0);
|
|
10214
|
+
}
|
|
10215
|
+
async assertSufficientBalance(nearAccountId) {
|
|
10216
|
+
const { minBalanceYocto } = this.getConfig();
|
|
10217
|
+
try {
|
|
10218
|
+
const accountView = await this.context.nearClient.viewAccount(nearAccountId);
|
|
10219
|
+
const available = this.computeAvailableBalance(accountView);
|
|
10220
|
+
if (available < BigInt(minBalanceYocto)) await this.fail(1, `This account does not have enough NEAR to finalize recovery. Available: ${available.toString()} yocto; required: ${String(minBalanceYocto)}. Please top up and try again.`);
|
|
10221
|
+
} catch (e) {
|
|
10222
|
+
await this.fail(1, e?.message || "Failed to fetch account balance for recovery");
|
|
10223
|
+
}
|
|
10224
|
+
}
|
|
10225
|
+
async getCanonicalRecoveryEmailOrFail(recoveryEmail) {
|
|
10226
|
+
const canonicalEmail = String(recoveryEmail || "").trim().toLowerCase();
|
|
10227
|
+
if (!canonicalEmail) await this.fail(1, "Recovery email is required for email-based account recovery");
|
|
10228
|
+
return canonicalEmail;
|
|
10229
|
+
}
|
|
10230
|
+
async getNextDeviceNumberFromContract(nearAccountId) {
|
|
10231
|
+
try {
|
|
10232
|
+
const { syncAuthenticatorsContractCall: syncAuthenticatorsContractCall$1 } = await import("./rpcCalls-BQrJMTdg.js");
|
|
10233
|
+
const authenticators = await syncAuthenticatorsContractCall$1(this.context.nearClient, this.context.configs.contractId, nearAccountId);
|
|
10234
|
+
const numbers = authenticators.map((a) => a?.authenticator?.deviceNumber).filter((n) => typeof n === "number" && Number.isFinite(n));
|
|
10235
|
+
const max = numbers.length > 0 ? Math.max(...numbers) : 0;
|
|
10236
|
+
return max + 1;
|
|
10237
|
+
} catch {
|
|
10238
|
+
return 1;
|
|
10239
|
+
}
|
|
10240
|
+
}
|
|
10241
|
+
async collectRecoveryCredentialOrFail(nearAccountId, deviceNumber) {
|
|
10242
|
+
const confirmerText = {
|
|
10243
|
+
title: this.options?.confirmerText?.title ?? "Register New Recovery Account",
|
|
10244
|
+
body: this.options?.confirmerText?.body ?? "Create a recovery account and send an encrypted email to recover your account."
|
|
10245
|
+
};
|
|
10246
|
+
const confirm = await this.context.webAuthnManager.requestRegistrationCredentialConfirmation({
|
|
10247
|
+
nearAccountId,
|
|
10248
|
+
deviceNumber,
|
|
10249
|
+
confirmerText,
|
|
10250
|
+
confirmationConfigOverride: this.options?.confirmationConfig
|
|
10251
|
+
});
|
|
10252
|
+
if (!confirm.confirmed || !confirm.credential) await this.fail(2, "User cancelled email recovery TouchID confirmation");
|
|
10253
|
+
return {
|
|
10254
|
+
credential: confirm.credential,
|
|
10255
|
+
vrfChallenge: confirm.vrfChallenge || void 0
|
|
10256
|
+
};
|
|
10257
|
+
}
|
|
10258
|
+
async deriveRecoveryKeysOrFail(nearAccountId, deviceNumber, credential) {
|
|
10259
|
+
const vrfDerivationResult = await this.context.webAuthnManager.deriveVrfKeypair({
|
|
10260
|
+
credential,
|
|
10261
|
+
nearAccountId
|
|
10262
|
+
});
|
|
10263
|
+
if (!vrfDerivationResult.success || !vrfDerivationResult.encryptedVrfKeypair) await this.fail(2, "Failed to derive VRF keypair from PRF for email recovery");
|
|
10264
|
+
const nearKeyResult = await this.context.webAuthnManager.deriveNearKeypairAndEncryptFromSerialized({
|
|
10265
|
+
nearAccountId,
|
|
10266
|
+
credential,
|
|
10267
|
+
options: { deviceNumber }
|
|
10268
|
+
});
|
|
10269
|
+
if (!nearKeyResult.success || !nearKeyResult.publicKey) await this.fail(2, "Failed to derive NEAR keypair for email recovery");
|
|
10270
|
+
return {
|
|
10271
|
+
encryptedVrfKeypair: vrfDerivationResult.encryptedVrfKeypair,
|
|
10272
|
+
serverEncryptedVrfKeypair: vrfDerivationResult.serverEncryptedVrfKeypair || null,
|
|
10273
|
+
vrfPublicKey: vrfDerivationResult.vrfPublicKey,
|
|
10274
|
+
nearPublicKey: nearKeyResult.publicKey
|
|
10275
|
+
};
|
|
10276
|
+
}
|
|
10277
|
+
emitAwaitEmail(rec, mailtoUrl) {
|
|
10278
|
+
this.phase = EmailRecoveryPhase.STEP_3_AWAIT_EMAIL;
|
|
10279
|
+
this.emit({
|
|
10280
|
+
step: 3,
|
|
10281
|
+
phase: EmailRecoveryPhase.STEP_3_AWAIT_EMAIL,
|
|
10282
|
+
status: EmailRecoveryStatus.PROGRESS,
|
|
10283
|
+
message: "New device key created; please send the recovery email from your registered address.",
|
|
10284
|
+
data: {
|
|
10285
|
+
accountId: rec.accountId,
|
|
10286
|
+
recoveryEmail: rec.recoveryEmail,
|
|
10287
|
+
nearPublicKey: rec.nearPublicKey,
|
|
10288
|
+
requestId: rec.requestId,
|
|
10289
|
+
mailtoUrl
|
|
10290
|
+
}
|
|
10291
|
+
});
|
|
10292
|
+
}
|
|
10293
|
+
emitAutoLoginEvent(status, message, data) {
|
|
10294
|
+
this.emit({
|
|
10295
|
+
step: 5,
|
|
10296
|
+
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10297
|
+
status,
|
|
10298
|
+
message,
|
|
10299
|
+
data
|
|
10300
|
+
});
|
|
10301
|
+
}
|
|
10302
|
+
async checkViaDkimViewMethod(rec) {
|
|
10052
10303
|
const { dkimVerifierAccountId, verificationViewMethod } = this.getConfig();
|
|
10053
10304
|
if (!dkimVerifierAccountId) return null;
|
|
10054
10305
|
try {
|
|
10055
|
-
const
|
|
10056
|
-
|
|
10057
|
-
method: verificationViewMethod,
|
|
10058
|
-
args: { request_id: rec.requestId }
|
|
10059
|
-
});
|
|
10306
|
+
const { getEmailRecoveryVerificationResult } = await import("./rpcCalls-BQrJMTdg.js");
|
|
10307
|
+
const result = await getEmailRecoveryVerificationResult(this.context.nearClient, dkimVerifierAccountId, verificationViewMethod, rec.requestId);
|
|
10060
10308
|
if (!result) return {
|
|
10061
10309
|
completed: false,
|
|
10062
10310
|
success: false
|
|
@@ -10066,49 +10314,100 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10066
10314
|
return {
|
|
10067
10315
|
completed: true,
|
|
10068
10316
|
success: false,
|
|
10069
|
-
errorMessage: errorMessage$1
|
|
10317
|
+
errorMessage: errorMessage$1,
|
|
10318
|
+
transactionHash: result.transaction_hash
|
|
10070
10319
|
};
|
|
10071
10320
|
}
|
|
10072
10321
|
if (result.account_id && result.account_id !== rec.accountId) return {
|
|
10073
10322
|
completed: true,
|
|
10074
10323
|
success: false,
|
|
10075
|
-
errorMessage: "Email verification account_id does not match requested account."
|
|
10324
|
+
errorMessage: "Email verification account_id does not match requested account.",
|
|
10325
|
+
transactionHash: result.transaction_hash
|
|
10076
10326
|
};
|
|
10077
10327
|
if (result.new_public_key && result.new_public_key !== rec.nearPublicKey) return {
|
|
10078
10328
|
completed: true,
|
|
10079
10329
|
success: false,
|
|
10080
|
-
errorMessage: "Email verification new_public_key does not match expected recovery key."
|
|
10330
|
+
errorMessage: "Email verification new_public_key does not match expected recovery key.",
|
|
10331
|
+
transactionHash: result.transaction_hash
|
|
10081
10332
|
};
|
|
10082
10333
|
return {
|
|
10083
10334
|
completed: true,
|
|
10084
|
-
success: true
|
|
10335
|
+
success: true,
|
|
10336
|
+
transactionHash: result.transaction_hash
|
|
10085
10337
|
};
|
|
10086
10338
|
} catch (err$1) {
|
|
10087
|
-
console.warn("[EmailRecoveryFlow] get_verification_result view failed;
|
|
10339
|
+
console.warn("[EmailRecoveryFlow] get_verification_result view failed; will retry", err$1);
|
|
10088
10340
|
return null;
|
|
10089
10341
|
}
|
|
10090
10342
|
}
|
|
10091
|
-
|
|
10092
|
-
|
|
10093
|
-
|
|
10094
|
-
|
|
10095
|
-
|
|
10096
|
-
|
|
10097
|
-
|
|
10098
|
-
|
|
10099
|
-
|
|
10343
|
+
buildPollingEventData(rec, details) {
|
|
10344
|
+
return {
|
|
10345
|
+
accountId: rec.accountId,
|
|
10346
|
+
requestId: rec.requestId,
|
|
10347
|
+
nearPublicKey: rec.nearPublicKey,
|
|
10348
|
+
transactionHash: details.transactionHash,
|
|
10349
|
+
elapsedMs: details.elapsedMs,
|
|
10350
|
+
pollCount: details.pollCount
|
|
10351
|
+
};
|
|
10352
|
+
}
|
|
10353
|
+
async sleepForPollInterval(ms) {
|
|
10354
|
+
await new Promise((resolve) => {
|
|
10355
|
+
this.pollIntervalResolver = resolve;
|
|
10356
|
+
this.pollingTimer = setTimeout(() => {
|
|
10357
|
+
this.pollIntervalResolver = void 0;
|
|
10358
|
+
this.pollingTimer = void 0;
|
|
10359
|
+
resolve();
|
|
10360
|
+
}, ms);
|
|
10361
|
+
}).finally(() => {
|
|
10362
|
+
this.pollIntervalResolver = void 0;
|
|
10363
|
+
});
|
|
10364
|
+
}
|
|
10365
|
+
async pollUntil(args) {
|
|
10366
|
+
const now = args.now ?? Date.now;
|
|
10367
|
+
const sleep = args.sleep ?? this.sleepForPollInterval.bind(this);
|
|
10368
|
+
const startedAt = now();
|
|
10369
|
+
let pollCount = 0;
|
|
10370
|
+
while (!args.isCancelled()) {
|
|
10371
|
+
pollCount += 1;
|
|
10372
|
+
const elapsedMs$1 = now() - startedAt;
|
|
10373
|
+
if (elapsedMs$1 > args.timeoutMs) return {
|
|
10374
|
+
status: "timedOut",
|
|
10375
|
+
elapsedMs: elapsedMs$1,
|
|
10376
|
+
pollCount
|
|
10377
|
+
};
|
|
10378
|
+
const result = await args.tick({
|
|
10379
|
+
elapsedMs: elapsedMs$1,
|
|
10380
|
+
pollCount
|
|
10381
|
+
});
|
|
10382
|
+
if (result.done) return {
|
|
10383
|
+
status: "completed",
|
|
10384
|
+
value: result.value,
|
|
10385
|
+
elapsedMs: elapsedMs$1,
|
|
10386
|
+
pollCount
|
|
10387
|
+
};
|
|
10388
|
+
if (args.isCancelled()) return {
|
|
10389
|
+
status: "cancelled",
|
|
10390
|
+
elapsedMs: elapsedMs$1,
|
|
10391
|
+
pollCount
|
|
10392
|
+
};
|
|
10393
|
+
await sleep(args.intervalMs);
|
|
10100
10394
|
}
|
|
10101
|
-
|
|
10395
|
+
const elapsedMs = now() - startedAt;
|
|
10396
|
+
return {
|
|
10397
|
+
status: "cancelled",
|
|
10398
|
+
elapsedMs,
|
|
10399
|
+
pollCount
|
|
10400
|
+
};
|
|
10401
|
+
}
|
|
10402
|
+
async loadPending(accountId, nearPublicKey) {
|
|
10403
|
+
return this.pendingStore.get(accountId, nearPublicKey);
|
|
10102
10404
|
}
|
|
10103
10405
|
async savePending(rec) {
|
|
10104
|
-
|
|
10105
|
-
await IndexedDBManager.clientDB.setAppState(key, rec);
|
|
10406
|
+
await this.pendingStore.set(rec);
|
|
10106
10407
|
this.pending = rec;
|
|
10107
10408
|
}
|
|
10108
10409
|
async clearPending(accountId, nearPublicKey) {
|
|
10109
|
-
|
|
10110
|
-
const key = nearPublicKey ? `${keyPrefix}:${nearPublicKey}` : keyPrefix;
|
|
10111
|
-
await IndexedDBManager.clientDB.setAppState(key, void 0);
|
|
10410
|
+
await this.pendingStore.clear(accountId, nearPublicKey);
|
|
10112
10411
|
if (this.pending && this.pending.accountId === accountId && (!nearPublicKey || this.pending.nearPublicKey === nearPublicKey)) this.pending = null;
|
|
10113
10412
|
}
|
|
10114
10413
|
getState() {
|
|
@@ -10122,48 +10421,14 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10122
10421
|
const { accountId, nearPublicKey } = args;
|
|
10123
10422
|
this.cancelled = false;
|
|
10124
10423
|
this.error = void 0;
|
|
10125
|
-
const
|
|
10126
|
-
|
|
10127
|
-
|
|
10128
|
-
|
|
10129
|
-
|
|
10130
|
-
|
|
10131
|
-
const nearAccountId = toAccountId(accountId);
|
|
10132
|
-
let rec = this.pending;
|
|
10133
|
-
if (!rec || rec.accountId !== nearAccountId || nearPublicKey && rec.nearPublicKey !== nearPublicKey) {
|
|
10134
|
-
rec = await this.loadPending(nearAccountId, nearPublicKey);
|
|
10135
|
-
this.pending = rec;
|
|
10136
|
-
}
|
|
10137
|
-
if (!rec) {
|
|
10138
|
-
const err$1 = this.emitError(3, "No pending email recovery record found for this account");
|
|
10139
|
-
await this.options?.afterCall?.(false);
|
|
10140
|
-
throw err$1;
|
|
10141
|
-
}
|
|
10142
|
-
if (rec.status === "error") {
|
|
10143
|
-
const err$1 = this.emitError(3, "Pending email recovery is in an error state; please restart the flow");
|
|
10144
|
-
await this.options?.afterCall?.(false);
|
|
10145
|
-
throw err$1;
|
|
10146
|
-
}
|
|
10147
|
-
if (rec.status === "finalizing" || rec.status === "complete") {
|
|
10148
|
-
const err$1 = this.emitError(3, "Recovery email has already been processed on-chain for this request");
|
|
10149
|
-
await this.options?.afterCall?.(false);
|
|
10150
|
-
throw err$1;
|
|
10151
|
-
}
|
|
10424
|
+
const nearAccountId = await this.assertValidAccountIdOrFail(3, accountId);
|
|
10425
|
+
const rec = await this.resolvePendingOrFail(3, {
|
|
10426
|
+
accountId: nearAccountId,
|
|
10427
|
+
nearPublicKey
|
|
10428
|
+
}, { allowErrorStatus: false });
|
|
10429
|
+
if (rec.status === "finalizing" || rec.status === "complete") await this.fail(3, "Recovery email has already been processed on-chain for this request");
|
|
10152
10430
|
const mailtoUrl = rec.status === "awaiting-email" ? await this.buildMailtoUrlAndUpdateStatus(rec) : this.buildMailtoUrlInternal(rec);
|
|
10153
|
-
this.
|
|
10154
|
-
this.emit({
|
|
10155
|
-
step: 3,
|
|
10156
|
-
phase: EmailRecoveryPhase.STEP_3_AWAIT_EMAIL,
|
|
10157
|
-
status: EmailRecoveryStatus.PROGRESS,
|
|
10158
|
-
message: "New device key created; please send the recovery email from your registered address.",
|
|
10159
|
-
data: {
|
|
10160
|
-
accountId: rec.accountId,
|
|
10161
|
-
recoveryEmail: rec.recoveryEmail,
|
|
10162
|
-
nearPublicKey: rec.nearPublicKey,
|
|
10163
|
-
requestId: rec.requestId,
|
|
10164
|
-
mailtoUrl
|
|
10165
|
-
}
|
|
10166
|
-
});
|
|
10431
|
+
this.emitAwaitEmail(rec, mailtoUrl);
|
|
10167
10432
|
await this.options?.afterCall?.(true, void 0);
|
|
10168
10433
|
return mailtoUrl;
|
|
10169
10434
|
}
|
|
@@ -10178,49 +10443,10 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10178
10443
|
status: EmailRecoveryStatus.PROGRESS,
|
|
10179
10444
|
message: "Preparing email recovery..."
|
|
10180
10445
|
});
|
|
10181
|
-
const
|
|
10182
|
-
|
|
10183
|
-
|
|
10184
|
-
|
|
10185
|
-
throw err$1;
|
|
10186
|
-
}
|
|
10187
|
-
const nearAccountId = toAccountId(accountId);
|
|
10188
|
-
const { minBalanceYocto } = this.getConfig();
|
|
10189
|
-
const STORAGE_PRICE_PER_BYTE = BigInt("10000000000000000000");
|
|
10190
|
-
try {
|
|
10191
|
-
const accountView = await this.context.nearClient.viewAccount(nearAccountId);
|
|
10192
|
-
const amount = BigInt(accountView.amount || "0");
|
|
10193
|
-
const locked = BigInt(accountView.locked || "0");
|
|
10194
|
-
const storageUsage = BigInt(accountView.storage_usage || 0);
|
|
10195
|
-
const storageCost = storageUsage * STORAGE_PRICE_PER_BYTE;
|
|
10196
|
-
const rawAvailable = amount - locked - storageCost;
|
|
10197
|
-
const available = rawAvailable > 0 ? rawAvailable : BigInt(0);
|
|
10198
|
-
if (available < BigInt(minBalanceYocto)) {
|
|
10199
|
-
const err$1 = this.emitError(1, `This account does not have enough NEAR to finalize recovery. Available: ${available.toString()} yocto; required: ${String(minBalanceYocto)}. Please top up and try again.`);
|
|
10200
|
-
await this.options?.afterCall?.(false);
|
|
10201
|
-
throw err$1;
|
|
10202
|
-
}
|
|
10203
|
-
} catch (e) {
|
|
10204
|
-
const err$1 = this.emitError(1, e?.message || "Failed to fetch account balance for recovery");
|
|
10205
|
-
await this.options?.afterCall?.(false);
|
|
10206
|
-
throw err$1;
|
|
10207
|
-
}
|
|
10208
|
-
const canonicalEmail = String(recoveryEmail || "").trim().toLowerCase();
|
|
10209
|
-
if (!canonicalEmail) {
|
|
10210
|
-
const err$1 = this.emitError(1, "Recovery email is required for email-based account recovery");
|
|
10211
|
-
await this.options?.afterCall?.(false);
|
|
10212
|
-
throw err$1;
|
|
10213
|
-
}
|
|
10214
|
-
let deviceNumber = 1;
|
|
10215
|
-
try {
|
|
10216
|
-
const { syncAuthenticatorsContractCall: syncAuthenticatorsContractCall$1 } = await import("./rpcCalls-fLObBbbz.js");
|
|
10217
|
-
const authenticators = await syncAuthenticatorsContractCall$1(this.context.nearClient, this.context.configs.contractId, nearAccountId);
|
|
10218
|
-
const numbers = authenticators.map((a) => a?.authenticator?.deviceNumber).filter((n) => typeof n === "number" && Number.isFinite(n));
|
|
10219
|
-
const max = numbers.length > 0 ? Math.max(...numbers) : 0;
|
|
10220
|
-
deviceNumber = max + 1;
|
|
10221
|
-
} catch {
|
|
10222
|
-
deviceNumber = 1;
|
|
10223
|
-
}
|
|
10446
|
+
const nearAccountId = await this.assertValidAccountIdOrFail(1, accountId);
|
|
10447
|
+
await this.assertSufficientBalance(nearAccountId);
|
|
10448
|
+
const canonicalEmail = await this.getCanonicalRecoveryEmailOrFail(recoveryEmail);
|
|
10449
|
+
const deviceNumber = await this.getNextDeviceNumberFromContract(nearAccountId);
|
|
10224
10450
|
this.phase = EmailRecoveryPhase.STEP_2_TOUCH_ID_REGISTRATION;
|
|
10225
10451
|
this.emit({
|
|
10226
10452
|
step: 2,
|
|
@@ -10229,66 +10455,24 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10229
10455
|
message: "Collecting passkey for email recovery..."
|
|
10230
10456
|
});
|
|
10231
10457
|
try {
|
|
10232
|
-
const
|
|
10233
|
-
const
|
|
10234
|
-
nearAccountId,
|
|
10235
|
-
deviceNumber,
|
|
10236
|
-
confirmerText,
|
|
10237
|
-
confirmationConfigOverride: this.options?.confirmationConfig
|
|
10238
|
-
});
|
|
10239
|
-
if (!confirm.confirmed || !confirm.credential) {
|
|
10240
|
-
const err$1 = this.emitError(2, "User cancelled email recovery TouchID confirmation");
|
|
10241
|
-
await this.options?.afterCall?.(false);
|
|
10242
|
-
throw err$1;
|
|
10243
|
-
}
|
|
10244
|
-
const vrfDerivationResult = await this.context.webAuthnManager.deriveVrfKeypair({
|
|
10245
|
-
credential: confirm.credential,
|
|
10246
|
-
nearAccountId
|
|
10247
|
-
});
|
|
10248
|
-
if (!vrfDerivationResult.success || !vrfDerivationResult.encryptedVrfKeypair) {
|
|
10249
|
-
const err$1 = this.emitError(2, "Failed to derive VRF keypair from PRF for email recovery");
|
|
10250
|
-
await this.options?.afterCall?.(false);
|
|
10251
|
-
throw err$1;
|
|
10252
|
-
}
|
|
10253
|
-
const nearKeyResult = await this.context.webAuthnManager.deriveNearKeypairAndEncryptFromSerialized({
|
|
10254
|
-
nearAccountId,
|
|
10255
|
-
credential: confirm.credential,
|
|
10256
|
-
options: { deviceNumber }
|
|
10257
|
-
});
|
|
10258
|
-
if (!nearKeyResult.success || !nearKeyResult.publicKey) {
|
|
10259
|
-
const err$1 = this.emitError(2, "Failed to derive NEAR keypair for email recovery");
|
|
10260
|
-
await this.options?.afterCall?.(false);
|
|
10261
|
-
throw err$1;
|
|
10262
|
-
}
|
|
10458
|
+
const confirm = await this.collectRecoveryCredentialOrFail(nearAccountId, deviceNumber);
|
|
10459
|
+
const derivedKeys = await this.deriveRecoveryKeysOrFail(nearAccountId, deviceNumber, confirm.credential);
|
|
10263
10460
|
const rec = {
|
|
10264
10461
|
accountId: nearAccountId,
|
|
10265
10462
|
recoveryEmail: canonicalEmail,
|
|
10266
10463
|
deviceNumber,
|
|
10267
|
-
nearPublicKey:
|
|
10464
|
+
nearPublicKey: derivedKeys.nearPublicKey,
|
|
10268
10465
|
requestId: generateEmailRecoveryRequestId(),
|
|
10269
|
-
encryptedVrfKeypair:
|
|
10270
|
-
serverEncryptedVrfKeypair:
|
|
10271
|
-
vrfPublicKey:
|
|
10466
|
+
encryptedVrfKeypair: derivedKeys.encryptedVrfKeypair,
|
|
10467
|
+
serverEncryptedVrfKeypair: derivedKeys.serverEncryptedVrfKeypair,
|
|
10468
|
+
vrfPublicKey: derivedKeys.vrfPublicKey,
|
|
10272
10469
|
credential: confirm.credential,
|
|
10273
10470
|
vrfChallenge: confirm.vrfChallenge || void 0,
|
|
10274
10471
|
createdAt: Date.now(),
|
|
10275
10472
|
status: "awaiting-email"
|
|
10276
10473
|
};
|
|
10277
10474
|
const mailtoUrl = await this.buildMailtoUrlAndUpdateStatus(rec);
|
|
10278
|
-
this.
|
|
10279
|
-
this.emit({
|
|
10280
|
-
step: 3,
|
|
10281
|
-
phase: EmailRecoveryPhase.STEP_3_AWAIT_EMAIL,
|
|
10282
|
-
status: EmailRecoveryStatus.PROGRESS,
|
|
10283
|
-
message: "New device key created; please send the recovery email from your registered address.",
|
|
10284
|
-
data: {
|
|
10285
|
-
accountId: rec.accountId,
|
|
10286
|
-
recoveryEmail: rec.recoveryEmail,
|
|
10287
|
-
nearPublicKey: rec.nearPublicKey,
|
|
10288
|
-
requestId: rec.requestId,
|
|
10289
|
-
mailtoUrl
|
|
10290
|
-
}
|
|
10291
|
-
});
|
|
10475
|
+
this.emitAwaitEmail(rec, mailtoUrl);
|
|
10292
10476
|
await this.options?.afterCall?.(true, void 0);
|
|
10293
10477
|
return {
|
|
10294
10478
|
mailtoUrl,
|
|
@@ -10316,28 +10500,11 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10316
10500
|
const { accountId, nearPublicKey } = args;
|
|
10317
10501
|
this.cancelled = false;
|
|
10318
10502
|
this.error = void 0;
|
|
10319
|
-
const
|
|
10320
|
-
|
|
10321
|
-
|
|
10322
|
-
|
|
10323
|
-
|
|
10324
|
-
}
|
|
10325
|
-
const nearAccountId = toAccountId(accountId);
|
|
10326
|
-
let rec = this.pending;
|
|
10327
|
-
if (!rec || rec.accountId !== nearAccountId || nearPublicKey && rec.nearPublicKey !== nearPublicKey) {
|
|
10328
|
-
rec = await this.loadPending(nearAccountId, nearPublicKey);
|
|
10329
|
-
this.pending = rec;
|
|
10330
|
-
}
|
|
10331
|
-
if (!rec) {
|
|
10332
|
-
const err$1 = this.emitError(4, "No pending email recovery record found for this account");
|
|
10333
|
-
await this.options?.afterCall?.(false);
|
|
10334
|
-
throw err$1;
|
|
10335
|
-
}
|
|
10336
|
-
if (rec.status === "error") {
|
|
10337
|
-
const err$1 = this.emitError(4, "Pending email recovery is in an error state; please restart the flow");
|
|
10338
|
-
await this.options?.afterCall?.(false);
|
|
10339
|
-
throw err$1;
|
|
10340
|
-
}
|
|
10503
|
+
const nearAccountId = await this.assertValidAccountIdOrFail(4, accountId);
|
|
10504
|
+
const rec = await this.resolvePendingOrFail(4, {
|
|
10505
|
+
accountId: nearAccountId,
|
|
10506
|
+
nearPublicKey
|
|
10507
|
+
}, { allowErrorStatus: false });
|
|
10341
10508
|
if (rec.status === "complete" || rec.status === "finalizing") {
|
|
10342
10509
|
await this.options?.afterCall?.(true, void 0);
|
|
10343
10510
|
return;
|
|
@@ -10357,27 +10524,31 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10357
10524
|
this.pollIntervalResolver = void 0;
|
|
10358
10525
|
}
|
|
10359
10526
|
}
|
|
10527
|
+
/**
|
|
10528
|
+
* Best-effort cancellation and local state reset so callers can retry.
|
|
10529
|
+
* This does not remove any passkey created in the browser/OS (WebAuthn has no delete API),
|
|
10530
|
+
* but it will stop polling and clear the pending IndexedDB record for the given key.
|
|
10531
|
+
*/
|
|
10532
|
+
async cancelAndReset(args) {
|
|
10533
|
+
this.stopPolling();
|
|
10534
|
+
const normalizedAccountId = (args?.accountId || this.pending?.accountId || "").toString().trim();
|
|
10535
|
+
const nearPublicKey = (args?.nearPublicKey || this.pending?.nearPublicKey || "").toString().trim();
|
|
10536
|
+
if (normalizedAccountId) try {
|
|
10537
|
+
await this.clearPending(toAccountId(normalizedAccountId), nearPublicKey);
|
|
10538
|
+
} catch {}
|
|
10539
|
+
this.pending = null;
|
|
10540
|
+
this.error = void 0;
|
|
10541
|
+
this.phase = EmailRecoveryPhase.STEP_1_PREPARATION;
|
|
10542
|
+
}
|
|
10360
10543
|
async finalize(args) {
|
|
10361
10544
|
const { accountId, nearPublicKey } = args;
|
|
10362
10545
|
this.cancelled = false;
|
|
10363
10546
|
this.error = void 0;
|
|
10364
|
-
const
|
|
10365
|
-
|
|
10366
|
-
|
|
10367
|
-
|
|
10368
|
-
|
|
10369
|
-
}
|
|
10370
|
-
const nearAccountId = toAccountId(accountId);
|
|
10371
|
-
let rec = this.pending;
|
|
10372
|
-
if (!rec || rec.accountId !== nearAccountId || nearPublicKey && rec.nearPublicKey !== nearPublicKey) {
|
|
10373
|
-
rec = await this.loadPending(nearAccountId, nearPublicKey);
|
|
10374
|
-
this.pending = rec;
|
|
10375
|
-
}
|
|
10376
|
-
if (!rec) {
|
|
10377
|
-
const err$1 = this.emitError(4, "No pending email recovery record found for this account");
|
|
10378
|
-
await this.options?.afterCall?.(false);
|
|
10379
|
-
throw err$1;
|
|
10380
|
-
}
|
|
10547
|
+
const nearAccountId = await this.assertValidAccountIdOrFail(4, accountId);
|
|
10548
|
+
const rec = await this.resolvePendingOrFail(4, {
|
|
10549
|
+
accountId: nearAccountId,
|
|
10550
|
+
nearPublicKey
|
|
10551
|
+
}, { allowErrorStatus: true });
|
|
10381
10552
|
this.emit({
|
|
10382
10553
|
step: 0,
|
|
10383
10554
|
phase: EmailRecoveryPhase.RESUMED_FROM_PENDING,
|
|
@@ -10413,141 +10584,318 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10413
10584
|
}
|
|
10414
10585
|
this.phase = EmailRecoveryPhase.STEP_4_POLLING_VERIFICATION_RESULT;
|
|
10415
10586
|
this.pollingStartedAt = Date.now();
|
|
10416
|
-
|
|
10417
|
-
|
|
10418
|
-
|
|
10419
|
-
|
|
10420
|
-
|
|
10421
|
-
const
|
|
10587
|
+
const pollResult = await this.pollUntil({
|
|
10588
|
+
intervalMs: pollingIntervalMs,
|
|
10589
|
+
timeoutMs: maxPollingDurationMs,
|
|
10590
|
+
isCancelled: () => this.cancelled,
|
|
10591
|
+
tick: async ({ elapsedMs, pollCount }) => {
|
|
10592
|
+
const verification = await this.checkViaDkimViewMethod(rec);
|
|
10593
|
+
const completed = verification?.completed === true;
|
|
10594
|
+
const success = verification?.success === true;
|
|
10595
|
+
this.emit({
|
|
10596
|
+
step: 4,
|
|
10597
|
+
phase: EmailRecoveryPhase.STEP_4_POLLING_VERIFICATION_RESULT,
|
|
10598
|
+
status: EmailRecoveryStatus.PROGRESS,
|
|
10599
|
+
message: completed && success ? `Email verified for request ${rec.requestId}; finalizing registration` : `Waiting for email verification for request ${rec.requestId}`,
|
|
10600
|
+
data: this.buildPollingEventData(rec, {
|
|
10601
|
+
transactionHash: verification?.transactionHash,
|
|
10602
|
+
elapsedMs,
|
|
10603
|
+
pollCount
|
|
10604
|
+
})
|
|
10605
|
+
});
|
|
10606
|
+
if (!completed) return { done: false };
|
|
10607
|
+
if (!success) return {
|
|
10608
|
+
done: true,
|
|
10609
|
+
value: {
|
|
10610
|
+
outcome: "failed",
|
|
10611
|
+
errorMessage: verification?.errorMessage || "Email verification failed"
|
|
10612
|
+
}
|
|
10613
|
+
};
|
|
10614
|
+
return {
|
|
10615
|
+
done: true,
|
|
10616
|
+
value: { outcome: "verified" }
|
|
10617
|
+
};
|
|
10618
|
+
}
|
|
10619
|
+
});
|
|
10620
|
+
if (pollResult.status === "completed") {
|
|
10621
|
+
if (pollResult.value.outcome === "failed") {
|
|
10622
|
+
const err$2 = this.emitError(4, pollResult.value.errorMessage);
|
|
10422
10623
|
rec.status = "error";
|
|
10423
10624
|
await this.savePending(rec);
|
|
10424
10625
|
await this.options?.afterCall?.(false);
|
|
10425
10626
|
throw err$2;
|
|
10426
10627
|
}
|
|
10427
|
-
|
|
10428
|
-
|
|
10429
|
-
|
|
10430
|
-
|
|
10431
|
-
|
|
10432
|
-
|
|
10433
|
-
|
|
10434
|
-
|
|
10435
|
-
|
|
10436
|
-
|
|
10437
|
-
requestId: rec.requestId,
|
|
10438
|
-
nearPublicKey: rec.nearPublicKey,
|
|
10439
|
-
elapsedMs: elapsed,
|
|
10440
|
-
pollCount
|
|
10441
|
-
}
|
|
10442
|
-
});
|
|
10443
|
-
if (completed) {
|
|
10444
|
-
if (!success) {
|
|
10445
|
-
const err$2 = this.emitError(4, verification?.errorMessage || "Email verification failed");
|
|
10446
|
-
rec.status = "error";
|
|
10447
|
-
await this.savePending(rec);
|
|
10448
|
-
await this.options?.afterCall?.(false);
|
|
10449
|
-
throw err$2;
|
|
10450
|
-
}
|
|
10451
|
-
rec.status = "finalizing";
|
|
10452
|
-
await this.savePending(rec);
|
|
10453
|
-
return;
|
|
10454
|
-
}
|
|
10455
|
-
await new Promise((resolve) => {
|
|
10456
|
-
this.pollIntervalResolver = resolve;
|
|
10457
|
-
this.pollingTimer = setTimeout(() => {
|
|
10458
|
-
this.pollIntervalResolver = void 0;
|
|
10459
|
-
this.pollingTimer = void 0;
|
|
10460
|
-
resolve();
|
|
10461
|
-
}, pollingIntervalMs);
|
|
10462
|
-
}).finally(() => {
|
|
10463
|
-
this.pollIntervalResolver = void 0;
|
|
10464
|
-
});
|
|
10628
|
+
rec.status = "finalizing";
|
|
10629
|
+
await this.savePending(rec);
|
|
10630
|
+
return;
|
|
10631
|
+
}
|
|
10632
|
+
if (pollResult.status === "timedOut") {
|
|
10633
|
+
const err$2 = this.emitError(4, "Timed out waiting for recovery email to be processed on-chain");
|
|
10634
|
+
rec.status = "error";
|
|
10635
|
+
await this.savePending(rec);
|
|
10636
|
+
await this.options?.afterCall?.(false);
|
|
10637
|
+
throw err$2;
|
|
10465
10638
|
}
|
|
10466
10639
|
const err$1 = this.emitError(4, "Email recovery polling was cancelled");
|
|
10467
10640
|
await this.options?.afterCall?.(false);
|
|
10468
10641
|
throw err$1;
|
|
10469
10642
|
}
|
|
10470
|
-
|
|
10471
|
-
this.phase = EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION;
|
|
10472
|
-
this.emit({
|
|
10473
|
-
step: 5,
|
|
10474
|
-
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10475
|
-
status: EmailRecoveryStatus.PROGRESS,
|
|
10476
|
-
message: "Finalizing email recovery registration...",
|
|
10477
|
-
data: {
|
|
10478
|
-
accountId: rec.accountId,
|
|
10479
|
-
nearPublicKey: rec.nearPublicKey
|
|
10480
|
-
}
|
|
10481
|
-
});
|
|
10643
|
+
initializeNonceManager(rec) {
|
|
10482
10644
|
const nonceManager = this.context.webAuthnManager.getNonceManager();
|
|
10483
10645
|
const accountId = toAccountId(rec.accountId);
|
|
10484
10646
|
nonceManager.initializeUser(accountId, rec.nearPublicKey);
|
|
10647
|
+
return {
|
|
10648
|
+
nonceManager,
|
|
10649
|
+
accountId
|
|
10650
|
+
};
|
|
10651
|
+
}
|
|
10652
|
+
async signRegistrationTx(rec, accountId) {
|
|
10653
|
+
const vrfChallenge = rec.vrfChallenge;
|
|
10654
|
+
if (!vrfChallenge) return this.fail(5, "Missing VRF challenge for email recovery registration");
|
|
10655
|
+
const registrationResult = await this.context.webAuthnManager.signDevice2RegistrationWithStoredKey({
|
|
10656
|
+
nearAccountId: accountId,
|
|
10657
|
+
credential: rec.credential,
|
|
10658
|
+
vrfChallenge,
|
|
10659
|
+
deterministicVrfPublicKey: rec.vrfPublicKey,
|
|
10660
|
+
deviceNumber: rec.deviceNumber
|
|
10661
|
+
});
|
|
10662
|
+
if (!registrationResult.success || !registrationResult.signedTransaction) await this.fail(5, registrationResult.error || "Failed to sign email recovery registration transaction");
|
|
10663
|
+
return registrationResult.signedTransaction;
|
|
10664
|
+
}
|
|
10665
|
+
async broadcastRegistrationTxAndWaitFinal(rec, signedTx) {
|
|
10485
10666
|
try {
|
|
10486
|
-
|
|
10487
|
-
const err$1 = this.emitError(5, "Missing VRF challenge for email recovery registration");
|
|
10488
|
-
await this.options?.afterCall?.(false);
|
|
10489
|
-
throw err$1;
|
|
10490
|
-
}
|
|
10491
|
-
const registrationResult = await this.context.webAuthnManager.signDevice2RegistrationWithStoredKey({
|
|
10492
|
-
nearAccountId: accountId,
|
|
10493
|
-
credential: rec.credential,
|
|
10494
|
-
vrfChallenge: rec.vrfChallenge,
|
|
10495
|
-
deterministicVrfPublicKey: rec.vrfPublicKey,
|
|
10496
|
-
deviceNumber: rec.deviceNumber
|
|
10497
|
-
});
|
|
10498
|
-
if (!registrationResult.success || !registrationResult.signedTransaction) {
|
|
10499
|
-
const err$1 = this.emitError(5, registrationResult.error || "Failed to sign email recovery registration transaction");
|
|
10500
|
-
await this.options?.afterCall?.(false);
|
|
10501
|
-
throw err$1;
|
|
10502
|
-
}
|
|
10503
|
-
const signedTx = registrationResult.signedTransaction;
|
|
10504
|
-
try {
|
|
10505
|
-
await this.context.nearClient.sendTransaction(signedTx);
|
|
10506
|
-
} catch (e) {
|
|
10507
|
-
const msg = String(e?.message || "");
|
|
10508
|
-
const err$1 = this.emitError(5, msg || "Failed to broadcast email recovery registration transaction (insufficient funds or RPC error)");
|
|
10509
|
-
await this.options?.afterCall?.(false);
|
|
10510
|
-
throw err$1;
|
|
10511
|
-
}
|
|
10667
|
+
const txResult = await this.context.nearClient.sendTransaction(signedTx, DEFAULT_WAIT_STATUS.linkDeviceRegistration);
|
|
10512
10668
|
try {
|
|
10513
|
-
const
|
|
10514
|
-
if (
|
|
10669
|
+
const txHash = txResult?.transaction?.hash || txResult?.transaction_hash;
|
|
10670
|
+
if (txHash) this.emit({
|
|
10671
|
+
step: 5,
|
|
10672
|
+
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10673
|
+
status: EmailRecoveryStatus.PROGRESS,
|
|
10674
|
+
message: "Registration transaction confirmed",
|
|
10675
|
+
data: {
|
|
10676
|
+
accountId: rec.accountId,
|
|
10677
|
+
nearPublicKey: rec.nearPublicKey,
|
|
10678
|
+
transactionHash: txHash
|
|
10679
|
+
}
|
|
10680
|
+
});
|
|
10681
|
+
return txHash;
|
|
10515
10682
|
} catch {}
|
|
10516
|
-
|
|
10517
|
-
|
|
10683
|
+
} catch (e) {
|
|
10684
|
+
const msg = String(e?.message || "");
|
|
10685
|
+
await this.fail(5, msg || "Failed to broadcast email recovery registration transaction (insufficient funds or RPC error)");
|
|
10686
|
+
}
|
|
10687
|
+
return void 0;
|
|
10688
|
+
}
|
|
10689
|
+
async persistRecoveredUserRecordBestEffort(rec, accountId) {
|
|
10690
|
+
try {
|
|
10691
|
+
await IndexedDBManager.clientDB.storeWebAuthnUserData({
|
|
10518
10692
|
nearAccountId: accountId,
|
|
10519
10693
|
deviceNumber: rec.deviceNumber,
|
|
10520
10694
|
clientNearPublicKey: rec.nearPublicKey,
|
|
10521
|
-
lastUpdated: Date.now(),
|
|
10522
10695
|
passkeyCredential: {
|
|
10523
10696
|
id: rec.credential.id,
|
|
10524
10697
|
rawId: rec.credential.rawId
|
|
10525
10698
|
},
|
|
10526
|
-
encryptedVrfKeypair:
|
|
10527
|
-
encryptedVrfDataB64u: rec.encryptedVrfKeypair.encryptedVrfDataB64u,
|
|
10528
|
-
chacha20NonceB64u: rec.encryptedVrfKeypair.chacha20NonceB64u
|
|
10529
|
-
},
|
|
10699
|
+
encryptedVrfKeypair: rec.encryptedVrfKeypair,
|
|
10530
10700
|
serverEncryptedVrfKeypair: rec.serverEncryptedVrfKeypair || void 0
|
|
10531
10701
|
});
|
|
10532
|
-
|
|
10533
|
-
|
|
10534
|
-
|
|
10535
|
-
|
|
10536
|
-
|
|
10537
|
-
|
|
10538
|
-
|
|
10539
|
-
|
|
10540
|
-
|
|
10541
|
-
|
|
10542
|
-
|
|
10543
|
-
|
|
10544
|
-
|
|
10545
|
-
|
|
10546
|
-
|
|
10547
|
-
|
|
10548
|
-
|
|
10549
|
-
|
|
10550
|
-
|
|
10702
|
+
return true;
|
|
10703
|
+
} catch (err$1) {
|
|
10704
|
+
console.warn("[EmailRecoveryFlow] Failed to store recovery user record:", err$1);
|
|
10705
|
+
return false;
|
|
10706
|
+
}
|
|
10707
|
+
}
|
|
10708
|
+
mapAuthenticatorsFromContract(authenticators) {
|
|
10709
|
+
return authenticators.map(({ authenticator }) => ({
|
|
10710
|
+
credentialId: authenticator.credentialId,
|
|
10711
|
+
credentialPublicKey: authenticator.credentialPublicKey,
|
|
10712
|
+
transports: authenticator.transports,
|
|
10713
|
+
name: authenticator.name,
|
|
10714
|
+
registered: authenticator.registered.toISOString(),
|
|
10715
|
+
vrfPublicKey: authenticator.vrfPublicKeys?.[0] || "",
|
|
10716
|
+
deviceNumber: authenticator.deviceNumber
|
|
10717
|
+
}));
|
|
10718
|
+
}
|
|
10719
|
+
async syncAuthenticatorsBestEffort(accountId) {
|
|
10720
|
+
try {
|
|
10721
|
+
const { syncAuthenticatorsContractCall: syncAuthenticatorsContractCall$1 } = await import("./rpcCalls-BQrJMTdg.js");
|
|
10722
|
+
const authenticators = await syncAuthenticatorsContractCall$1(this.context.nearClient, this.context.configs.contractId, accountId);
|
|
10723
|
+
const mappedAuthenticators = this.mapAuthenticatorsFromContract(authenticators);
|
|
10724
|
+
await IndexedDBManager.clientDB.syncAuthenticatorsFromContract(accountId, mappedAuthenticators);
|
|
10725
|
+
return true;
|
|
10726
|
+
} catch (err$1) {
|
|
10727
|
+
console.warn("[EmailRecoveryFlow] Failed to sync authenticators after recovery:", err$1);
|
|
10728
|
+
return false;
|
|
10729
|
+
}
|
|
10730
|
+
}
|
|
10731
|
+
async setLastUserBestEffort(accountId, deviceNumber) {
|
|
10732
|
+
try {
|
|
10733
|
+
await IndexedDBManager.clientDB.setLastUser(accountId, deviceNumber);
|
|
10734
|
+
return true;
|
|
10735
|
+
} catch (err$1) {
|
|
10736
|
+
console.warn("[EmailRecoveryFlow] Failed to set last user after recovery:", err$1);
|
|
10737
|
+
return false;
|
|
10738
|
+
}
|
|
10739
|
+
}
|
|
10740
|
+
async updateNonceBestEffort(nonceManager, signedTx) {
|
|
10741
|
+
try {
|
|
10742
|
+
const txNonce = signedTx.transaction?.nonce;
|
|
10743
|
+
if (txNonce != null) await nonceManager.updateNonceFromBlockchain(this.context.nearClient, String(txNonce));
|
|
10744
|
+
} catch {}
|
|
10745
|
+
}
|
|
10746
|
+
async persistRecoveredUserData(rec, accountId) {
|
|
10747
|
+
const { webAuthnManager } = this.context;
|
|
10748
|
+
const payload = {
|
|
10749
|
+
nearAccountId: accountId,
|
|
10750
|
+
deviceNumber: rec.deviceNumber,
|
|
10751
|
+
clientNearPublicKey: rec.nearPublicKey,
|
|
10752
|
+
lastUpdated: Date.now(),
|
|
10753
|
+
passkeyCredential: {
|
|
10754
|
+
id: rec.credential.id,
|
|
10755
|
+
rawId: rec.credential.rawId
|
|
10756
|
+
},
|
|
10757
|
+
encryptedVrfKeypair: {
|
|
10758
|
+
encryptedVrfDataB64u: rec.encryptedVrfKeypair.encryptedVrfDataB64u,
|
|
10759
|
+
chacha20NonceB64u: rec.encryptedVrfKeypair.chacha20NonceB64u
|
|
10760
|
+
},
|
|
10761
|
+
serverEncryptedVrfKeypair: rec.serverEncryptedVrfKeypair || void 0
|
|
10762
|
+
};
|
|
10763
|
+
await webAuthnManager.storeUserData(payload);
|
|
10764
|
+
}
|
|
10765
|
+
async persistAuthenticatorBestEffort(rec, accountId) {
|
|
10766
|
+
try {
|
|
10767
|
+
const { webAuthnManager } = this.context;
|
|
10768
|
+
const attestationB64u = rec.credential.response.attestationObject;
|
|
10769
|
+
const credentialPublicKey = await webAuthnManager.extractCosePublicKey(attestationB64u);
|
|
10770
|
+
await webAuthnManager.storeAuthenticator({
|
|
10771
|
+
nearAccountId: accountId,
|
|
10772
|
+
deviceNumber: rec.deviceNumber,
|
|
10773
|
+
credentialId: rec.credential.rawId,
|
|
10774
|
+
credentialPublicKey,
|
|
10775
|
+
transports: ["internal"],
|
|
10776
|
+
name: `Device ${rec.deviceNumber} Passkey for ${rec.accountId.split(".")[0]}`,
|
|
10777
|
+
registered: (/* @__PURE__ */ new Date()).toISOString(),
|
|
10778
|
+
syncedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
10779
|
+
vrfPublicKey: rec.vrfPublicKey
|
|
10780
|
+
});
|
|
10781
|
+
} catch {}
|
|
10782
|
+
}
|
|
10783
|
+
async markCompleteAndClearPending(rec) {
|
|
10784
|
+
rec.status = "complete";
|
|
10785
|
+
await this.savePending(rec);
|
|
10786
|
+
await this.clearPending(rec.accountId, rec.nearPublicKey);
|
|
10787
|
+
}
|
|
10788
|
+
async assertVrfActiveForAccount(accountId, message) {
|
|
10789
|
+
const vrfStatus = await this.context.webAuthnManager.checkVrfStatus();
|
|
10790
|
+
const vrfActiveForAccount = vrfStatus.active && vrfStatus.nearAccountId && String(vrfStatus.nearAccountId) === String(accountId);
|
|
10791
|
+
if (!vrfActiveForAccount) throw new Error(message);
|
|
10792
|
+
}
|
|
10793
|
+
async finalizeLocalLoginState(accountId, deviceNumber) {
|
|
10794
|
+
const { webAuthnManager } = this.context;
|
|
10795
|
+
await webAuthnManager.setLastUser(accountId, deviceNumber);
|
|
10796
|
+
await webAuthnManager.initializeCurrentUser(accountId, this.context.nearClient);
|
|
10797
|
+
try {
|
|
10798
|
+
await getLoginSession(this.context, accountId);
|
|
10799
|
+
} catch {}
|
|
10800
|
+
}
|
|
10801
|
+
async tryShamirUnlock(rec, accountId, deviceNumber) {
|
|
10802
|
+
if (!rec.serverEncryptedVrfKeypair || !rec.serverEncryptedVrfKeypair.serverKeyId || !this.context.configs.vrfWorkerConfigs?.shamir3pass?.relayServerUrl) return false;
|
|
10803
|
+
try {
|
|
10804
|
+
const { webAuthnManager } = this.context;
|
|
10805
|
+
const unlockResult = await webAuthnManager.shamir3PassDecryptVrfKeypair({
|
|
10806
|
+
nearAccountId: accountId,
|
|
10807
|
+
kek_s_b64u: rec.serverEncryptedVrfKeypair.kek_s_b64u,
|
|
10808
|
+
ciphertextVrfB64u: rec.serverEncryptedVrfKeypair.ciphertextVrfB64u,
|
|
10809
|
+
serverKeyId: rec.serverEncryptedVrfKeypair.serverKeyId
|
|
10810
|
+
});
|
|
10811
|
+
if (!unlockResult.success) return false;
|
|
10812
|
+
await this.assertVrfActiveForAccount(accountId, "VRF session inactive after Shamir3Pass unlock");
|
|
10813
|
+
await this.finalizeLocalLoginState(accountId, deviceNumber);
|
|
10814
|
+
return true;
|
|
10815
|
+
} catch (err$1) {
|
|
10816
|
+
console.warn("[EmailRecoveryFlow] Shamir 3-pass unlock failed, falling back to TouchID", err$1);
|
|
10817
|
+
return false;
|
|
10818
|
+
}
|
|
10819
|
+
}
|
|
10820
|
+
async tryTouchIdUnlock(rec, accountId, deviceNumber) {
|
|
10821
|
+
try {
|
|
10822
|
+
const { webAuthnManager } = this.context;
|
|
10823
|
+
const authChallenge = createRandomVRFChallenge();
|
|
10824
|
+
const storedCredentialId = String(rec.credential?.rawId || rec.credential?.id || "").trim();
|
|
10825
|
+
const credentialIds = storedCredentialId ? [storedCredentialId] : [];
|
|
10826
|
+
const authenticators = credentialIds.length > 0 ? [] : await webAuthnManager.getAuthenticatorsByUser(accountId);
|
|
10827
|
+
const authCredential = await webAuthnManager.getAuthenticationCredentialsSerializedDualPrf({
|
|
10828
|
+
nearAccountId: accountId,
|
|
10829
|
+
challenge: authChallenge,
|
|
10830
|
+
credentialIds: credentialIds.length > 0 ? credentialIds : authenticators.map((a) => a.credentialId)
|
|
10831
|
+
});
|
|
10832
|
+
if (storedCredentialId && authCredential.rawId !== storedCredentialId) return {
|
|
10833
|
+
success: false,
|
|
10834
|
+
reason: "Wrong passkey selected during recovery auto-login; please use the newly recovered passkey."
|
|
10835
|
+
};
|
|
10836
|
+
const vrfUnlockResult = await webAuthnManager.unlockVRFKeypair({
|
|
10837
|
+
nearAccountId: accountId,
|
|
10838
|
+
encryptedVrfKeypair: rec.encryptedVrfKeypair,
|
|
10839
|
+
credential: authCredential
|
|
10840
|
+
});
|
|
10841
|
+
if (!vrfUnlockResult.success) return {
|
|
10842
|
+
success: false,
|
|
10843
|
+
reason: vrfUnlockResult.error || "VRF unlock failed during auto-login"
|
|
10844
|
+
};
|
|
10845
|
+
await this.assertVrfActiveForAccount(accountId, "VRF session inactive after TouchID unlock");
|
|
10846
|
+
await this.finalizeLocalLoginState(accountId, deviceNumber);
|
|
10847
|
+
return { success: true };
|
|
10848
|
+
} catch (err$1) {
|
|
10849
|
+
return {
|
|
10850
|
+
success: false,
|
|
10851
|
+
reason: err$1?.message || String(err$1)
|
|
10852
|
+
};
|
|
10853
|
+
}
|
|
10854
|
+
}
|
|
10855
|
+
async handleAutoLoginFailure(reason, err$1) {
|
|
10856
|
+
console.warn("[EmailRecoveryFlow] Auto-login failed after recovery", err$1 ?? reason);
|
|
10857
|
+
try {
|
|
10858
|
+
await this.context.webAuthnManager.clearVrfSession();
|
|
10859
|
+
} catch {}
|
|
10860
|
+
return {
|
|
10861
|
+
success: false,
|
|
10862
|
+
reason
|
|
10863
|
+
};
|
|
10864
|
+
}
|
|
10865
|
+
async finalizeRegistration(rec) {
|
|
10866
|
+
this.phase = EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION;
|
|
10867
|
+
this.emit({
|
|
10868
|
+
step: 5,
|
|
10869
|
+
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10870
|
+
status: EmailRecoveryStatus.PROGRESS,
|
|
10871
|
+
message: "Finalizing email recovery registration...",
|
|
10872
|
+
data: {
|
|
10873
|
+
accountId: rec.accountId,
|
|
10874
|
+
nearPublicKey: rec.nearPublicKey
|
|
10875
|
+
}
|
|
10876
|
+
});
|
|
10877
|
+
try {
|
|
10878
|
+
const { nonceManager, accountId } = this.initializeNonceManager(rec);
|
|
10879
|
+
const signedTx = await this.signRegistrationTx(rec, accountId);
|
|
10880
|
+
const txHash = await this.broadcastRegistrationTxAndWaitFinal(rec, signedTx);
|
|
10881
|
+
if (txHash) {
|
|
10882
|
+
const storedUser = await this.persistRecoveredUserRecordBestEffort(rec, accountId);
|
|
10883
|
+
if (storedUser) {
|
|
10884
|
+
const syncedAuthenticators = await this.syncAuthenticatorsBestEffort(accountId);
|
|
10885
|
+
if (syncedAuthenticators) await this.setLastUserBestEffort(accountId, rec.deviceNumber);
|
|
10886
|
+
}
|
|
10887
|
+
}
|
|
10888
|
+
await this.updateNonceBestEffort(nonceManager, signedTx);
|
|
10889
|
+
await this.persistRecoveredUserData(rec, accountId);
|
|
10890
|
+
await this.persistAuthenticatorBestEffort(rec, accountId);
|
|
10891
|
+
this.emitAutoLoginEvent(EmailRecoveryStatus.PROGRESS, "Attempting auto-login with recovered device...", { autoLogin: "progress" });
|
|
10892
|
+
const autoLoginResult = await this.attemptAutoLogin(rec);
|
|
10893
|
+
if (autoLoginResult.success) this.emitAutoLoginEvent(EmailRecoveryStatus.SUCCESS, `Welcome ${accountId}`, { autoLogin: "success" });
|
|
10894
|
+
else this.emitAutoLoginEvent(EmailRecoveryStatus.ERROR, "Auto-login failed; please log in manually on this device.", {
|
|
10895
|
+
error: autoLoginResult.reason,
|
|
10896
|
+
autoLogin: "error"
|
|
10897
|
+
});
|
|
10898
|
+
await this.markCompleteAndClearPending(rec);
|
|
10551
10899
|
this.phase = EmailRecoveryPhase.STEP_6_COMPLETE;
|
|
10552
10900
|
this.emit({
|
|
10553
10901
|
step: 6,
|
|
@@ -10567,77 +10915,22 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10567
10915
|
}
|
|
10568
10916
|
async attemptAutoLogin(rec) {
|
|
10569
10917
|
try {
|
|
10570
|
-
this.emit({
|
|
10571
|
-
step: 5,
|
|
10572
|
-
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10573
|
-
status: EmailRecoveryStatus.PROGRESS,
|
|
10574
|
-
message: "Attempting auto-login with recovered device...",
|
|
10575
|
-
data: { autoLogin: "progress" }
|
|
10576
|
-
});
|
|
10577
|
-
const { webAuthnManager } = this.context;
|
|
10578
10918
|
const accountId = toAccountId(rec.accountId);
|
|
10579
|
-
|
|
10580
|
-
|
|
10581
|
-
|
|
10582
|
-
|
|
10583
|
-
|
|
10584
|
-
|
|
10585
|
-
|
|
10586
|
-
|
|
10587
|
-
|
|
10588
|
-
|
|
10589
|
-
|
|
10590
|
-
|
|
10591
|
-
|
|
10592
|
-
status: EmailRecoveryStatus.SUCCESS,
|
|
10593
|
-
message: `Welcome ${accountId}`,
|
|
10594
|
-
data: { autoLogin: "success" }
|
|
10595
|
-
});
|
|
10596
|
-
return;
|
|
10597
|
-
}
|
|
10598
|
-
} catch (err$1) {
|
|
10599
|
-
console.warn("[EmailRecoveryFlow] Shamir 3-pass unlock failed, falling back to TouchID", err$1);
|
|
10600
|
-
}
|
|
10601
|
-
const { txBlockHash, txBlockHeight } = await webAuthnManager.getNonceManager().getNonceBlockHashAndHeight(this.context.nearClient);
|
|
10602
|
-
const authChallenge = await webAuthnManager.generateVrfChallengeOnce({
|
|
10603
|
-
userId: accountId,
|
|
10604
|
-
rpId: webAuthnManager.getRpId(),
|
|
10605
|
-
blockHash: txBlockHash,
|
|
10606
|
-
blockHeight: txBlockHeight
|
|
10607
|
-
});
|
|
10608
|
-
const authenticators = await webAuthnManager.getAuthenticatorsByUser(accountId);
|
|
10609
|
-
const authCredential = await webAuthnManager.getAuthenticationCredentialsSerializedDualPrf({
|
|
10610
|
-
nearAccountId: accountId,
|
|
10611
|
-
challenge: authChallenge,
|
|
10612
|
-
credentialIds: authenticators.map((a) => a.credentialId)
|
|
10613
|
-
});
|
|
10614
|
-
const vrfUnlockResult = await webAuthnManager.unlockVRFKeypair({
|
|
10615
|
-
nearAccountId: accountId,
|
|
10616
|
-
encryptedVrfKeypair: rec.encryptedVrfKeypair,
|
|
10617
|
-
credential: authCredential
|
|
10618
|
-
});
|
|
10619
|
-
if (!vrfUnlockResult.success) throw new Error(vrfUnlockResult.error || "VRF unlock failed during auto-login");
|
|
10620
|
-
await webAuthnManager.initializeCurrentUser(accountId, this.context.nearClient);
|
|
10621
|
-
await webAuthnManager.setLastUser(accountId, rec.deviceNumber);
|
|
10622
|
-
this.emit({
|
|
10623
|
-
step: 5,
|
|
10624
|
-
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10625
|
-
status: EmailRecoveryStatus.SUCCESS,
|
|
10626
|
-
message: `Welcome ${accountId}`,
|
|
10627
|
-
data: { autoLogin: "success" }
|
|
10628
|
-
});
|
|
10919
|
+
const deviceNumber = parseDeviceNumber(rec.deviceNumber, { min: 1 });
|
|
10920
|
+
if (deviceNumber === null) return this.handleAutoLoginFailure(`Invalid deviceNumber for auto-login: ${String(rec.deviceNumber)}`);
|
|
10921
|
+
const shamirUnlocked = await this.tryShamirUnlock(rec, accountId, deviceNumber);
|
|
10922
|
+
if (shamirUnlocked) return {
|
|
10923
|
+
success: true,
|
|
10924
|
+
method: "shamir"
|
|
10925
|
+
};
|
|
10926
|
+
const touchIdResult = await this.tryTouchIdUnlock(rec, accountId, deviceNumber);
|
|
10927
|
+
if (touchIdResult.success) return {
|
|
10928
|
+
success: true,
|
|
10929
|
+
method: "touchid"
|
|
10930
|
+
};
|
|
10931
|
+
return this.handleAutoLoginFailure(touchIdResult.reason || "Auto-login failed");
|
|
10629
10932
|
} catch (err$1) {
|
|
10630
|
-
|
|
10631
|
-
this.emit({
|
|
10632
|
-
step: 5,
|
|
10633
|
-
phase: EmailRecoveryPhase.STEP_5_FINALIZING_REGISTRATION,
|
|
10634
|
-
status: EmailRecoveryStatus.ERROR,
|
|
10635
|
-
message: "Auto-login failed; please log in manually on this device.",
|
|
10636
|
-
data: {
|
|
10637
|
-
error: err$1?.message || String(err$1),
|
|
10638
|
-
autoLogin: "error"
|
|
10639
|
-
}
|
|
10640
|
-
});
|
|
10933
|
+
return this.handleAutoLoginFailure(err$1?.message || String(err$1), err$1);
|
|
10641
10934
|
}
|
|
10642
10935
|
}
|
|
10643
10936
|
};
|
|
@@ -10645,12 +10938,14 @@ var init_emailRecovery = __esm({ "src/core/TatchiPasskey/emailRecovery.ts": (()
|
|
|
10645
10938
|
|
|
10646
10939
|
//#endregion
|
|
10647
10940
|
//#region src/core/TatchiPasskey/index.ts
|
|
10941
|
+
init_login();
|
|
10648
10942
|
init_sdkSentEvents();
|
|
10649
10943
|
init_accountIds();
|
|
10650
10944
|
init_IndexedDBManager();
|
|
10651
10945
|
init_actions();
|
|
10652
10946
|
init_errors();
|
|
10653
10947
|
init_rpcCalls();
|
|
10948
|
+
init_EmailRecovery();
|
|
10654
10949
|
init_defaultConfigs();
|
|
10655
10950
|
let warnedAboutSameOriginWallet = false;
|
|
10656
10951
|
/**
|
|
@@ -10707,7 +11002,7 @@ var TatchiPasskey = class {
|
|
|
10707
11002
|
} catch {}
|
|
10708
11003
|
if (!this.iframeRouter) {
|
|
10709
11004
|
if (!this.walletIframeInitInFlight) this.walletIframeInitInFlight = (async () => {
|
|
10710
|
-
const { WalletIframeRouter } = await import("./router-
|
|
11005
|
+
const { WalletIframeRouter } = await import("./router-DuGYOd3G.js");
|
|
10711
11006
|
this.iframeRouter = new WalletIframeRouter({
|
|
10712
11007
|
walletOrigin,
|
|
10713
11008
|
servicePath: walletIframeConfig?.walletServicePath || "/wallet-service",
|
|
@@ -11795,6 +12090,30 @@ var TatchiPasskey = class {
|
|
|
11795
12090
|
});
|
|
11796
12091
|
}
|
|
11797
12092
|
/**
|
|
12093
|
+
* Best-effort cancellation for an in-flight email recovery flow.
|
|
12094
|
+
* Intended for UI "user cancelled sending email" / retry UX.
|
|
12095
|
+
*/
|
|
12096
|
+
async cancelEmailRecovery(args) {
|
|
12097
|
+
const { accountId, nearPublicKey } = args || {};
|
|
12098
|
+
if (this.shouldUseWalletIframe()) {
|
|
12099
|
+
try {
|
|
12100
|
+
const router = await this.requireWalletIframeRouter();
|
|
12101
|
+
await router.stopEmailRecovery({
|
|
12102
|
+
accountId,
|
|
12103
|
+
nearPublicKey
|
|
12104
|
+
});
|
|
12105
|
+
} catch {}
|
|
12106
|
+
return;
|
|
12107
|
+
}
|
|
12108
|
+
try {
|
|
12109
|
+
await this.activeEmailRecoveryFlow?.cancelAndReset({
|
|
12110
|
+
accountId,
|
|
12111
|
+
nearPublicKey
|
|
12112
|
+
});
|
|
12113
|
+
} catch {}
|
|
12114
|
+
this.activeEmailRecoveryFlow = null;
|
|
12115
|
+
}
|
|
12116
|
+
/**
|
|
11798
12117
|
* Device2: Start device linking flow
|
|
11799
12118
|
* Returns QR payload and data URL to render; emits onEvent during the flow.
|
|
11800
12119
|
* Runs inside iframe when available for better isolation.
|
|
@@ -12462,6 +12781,22 @@ function createWalletIframeHandlers(deps) {
|
|
|
12462
12781
|
requestId: req.requestId,
|
|
12463
12782
|
payload: { ok: true }
|
|
12464
12783
|
});
|
|
12784
|
+
},
|
|
12785
|
+
PM_STOP_EMAIL_RECOVERY: async (req) => {
|
|
12786
|
+
const pm = getTatchiPasskey$1();
|
|
12787
|
+
const { accountId, nearPublicKey } = req.payload || {};
|
|
12788
|
+
try {
|
|
12789
|
+
const maybeCancel = pm.cancelEmailRecovery;
|
|
12790
|
+
if (typeof maybeCancel === "function") await maybeCancel.call(pm, {
|
|
12791
|
+
accountId,
|
|
12792
|
+
nearPublicKey
|
|
12793
|
+
});
|
|
12794
|
+
} catch {}
|
|
12795
|
+
post$1({
|
|
12796
|
+
type: "PM_RESULT",
|
|
12797
|
+
requestId: req.requestId,
|
|
12798
|
+
payload: { ok: true }
|
|
12799
|
+
});
|
|
12465
12800
|
}
|
|
12466
12801
|
};
|
|
12467
12802
|
}
|