npm - @tatchi-xyz/sdk - Versions diffs - 0.20.0 → 0.31.0 - Mend

@tatchi-xyz/sdk 0.20.0 → 0.31.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2491) hide show

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js DELETED Viewed

@@ -1,32 +0,0 @@
-import { __esm } from "../../../../../_virtual/rolldown_runtime.js";
-import { init_accountIds, toAccountId } from "../../types/accountIds.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts
-function parseDeviceNumber(value, options = {}) {
-	const deviceNumber = Number(value);
-	const min = options.min ?? 1;
-	if (!Number.isSafeInteger(deviceNumber) || deviceNumber < min) return null;
-	return deviceNumber;
-}
-/**
-* Return the deviceNumber for the last logged-in user for the given account.
-* This uses the app-state "last user" pointer only; if it does not match the
-* requested account, an error is thrown instead of silently falling back.
-*/
-async function getLastLoggedInDeviceNumber(nearAccountId, clientDB) {
-	const accountId = toAccountId(nearAccountId);
-	const last = await clientDB.getLastUser();
-	if (last && last.nearAccountId === accountId) {
-		const deviceNumber = parseDeviceNumber(last.deviceNumber, { min: 1 });
-		if (deviceNumber !== null) return deviceNumber;
-	}
-	throw new Error(`No last user session for account ${accountId}`);
-}
-var init_getDeviceNumber = __esm({ "src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts": (() => {
-	init_accountIds();
-}) });
-//#endregion
-init_getDeviceNumber();
-export { getLastLoggedInDeviceNumber, init_getDeviceNumber, parseDeviceNumber };
-//# sourceMappingURL=getDeviceNumber.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"getDeviceNumber.js","names":[],"sources":["../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/getDeviceNumber.ts"],"sourcesContent":["import type { PasskeyClientDBManager } from '@/core/IndexedDBManager';\nimport { toAccountId, type AccountId } from '../../types/accountIds';\n\nexport function parseDeviceNumber(\n value: unknown,\n options: { min?: number } = {}\n): number | null {\n const deviceNumber = Number(value);\n const min = options.min ?? 1;\n if (!Number.isSafeInteger(deviceNumber) || deviceNumber < min) {\n return null;\n }\n return deviceNumber;\n}\n\n/**\n * Return the deviceNumber for the last logged-in user for the given account.\n * This uses the app-state \"last user\" pointer only; if it does not match the\n * requested account, an error is thrown instead of silently falling back.\n */\nexport async function getLastLoggedInDeviceNumber(\n nearAccountId: AccountId | string,\n clientDB: PasskeyClientDBManager\n): Promise<number> {\n const accountId = toAccountId(nearAccountId);\n const last = await clientDB.getLastUser();\n if (last && last.nearAccountId === accountId) {\n const deviceNumber = parseDeviceNumber((last as any).deviceNumber, { min: 1 });\n if (deviceNumber !== null) {\n return deviceNumber;\n }\n }\n throw new Error(`No last user session for account ${accountId}`);\n}\n"],"mappings":";;;;AAGA,SAAgB,kBACd,OACA,UAA4B,IACb;CACf,MAAM,eAAe,OAAO;CAC5B,MAAM,MAAM,QAAQ,OAAO;AAC3B,KAAI,CAAC,OAAO,cAAc,iBAAiB,eAAe,IACxD,QAAO;AAET,QAAO;;;;;;;AAQT,eAAsB,4BACpB,eACA,UACiB;CACjB,MAAM,YAAY,YAAY;CAC9B,MAAM,OAAO,MAAM,SAAS;AAC5B,KAAI,QAAQ,KAAK,kBAAkB,WAAW;EAC5C,MAAM,eAAe,kBAAmB,KAAa,cAAc,EAAE,KAAK;AAC1E,MAAI,iBAAiB,KACnB,QAAO;;AAGX,OAAM,IAAI,MAAM,oCAAoC"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js DELETED Viewed

@@ -1,70 +0,0 @@
-import { init_validation, isObject, isString } from "../../../WalletIframe/validation.js";
-import { errorMessage, init_errors } from "../../../../utils/errors.js";
-import { init_credentialsHelpers, removePrfOutputGuard, serializeRegistrationCredentialWithPRF } from "../../credentialsHelpers.js";
-import { PASSKEY_MANAGER_DEFAULT_CONFIGS, init_defaultConfigs } from "../../../defaultConfigs.js";
-import { checkCanRegisterUserContractCall, init_rpcCalls } from "../../../rpcCalls.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts
-init_defaultConfigs();
-init_rpcCalls();
-init_credentialsHelpers();
-init_errors();
-init_validation();
-async function checkCanRegisterUser({ ctx, vrfChallenge, credential, contractId, nearRpcUrl, authenticatorOptions, onEvent }) {
-	try {
-		const isSerialized = (cred) => {
-			if (!isObject(cred)) return false;
-			const resp = cred.response;
-			if (!isObject(resp)) return false;
-			return isString(resp.clientDataJSON) && isString(resp.attestationObject);
-		};
-		const serializedCredential = isSerialized(credential) ? credential : serializeRegistrationCredentialWithPRF({ credential });
-		const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;
-		onEvent?.({
-			step: 3,
-			phase: "REGISTRATION_CONTRACT_PRE_CHECK",
-			status: "PROGRESS",
-			message: "Calling check_can_register_user on contract..."
-		});
-		const strippedCredential = removePrfOutputGuard(serializedCredential);
-		const result = await checkCanRegisterUserContractCall({
-			nearClient: ctx.nearClient,
-			contractId: resolvedContractId,
-			vrfChallenge,
-			credential: strippedCredential,
-			authenticatorOptions
-		});
-		if (!result.success) throw new Error(result.error || "Registration pre-check RPC failed");
-		const wasmResult = {
-			verified: result.verified,
-			registrationInfo: void 0,
-			logs: result.logs,
-			error: result.error
-		};
-		onEvent?.({
-			step: 3,
-			phase: "REGISTRATION_CONTRACT_PRE_CHECK",
-			status: result.verified ? "SUCCESS" : "ERROR",
-			message: result.verified ? "Registration pre-check succeeded" : result.error || "Registration pre-check failed"
-		});
-		return {
-			success: true,
-			verified: wasmResult.verified,
-			registrationInfo: wasmResult.registrationInfo,
-			logs: wasmResult.logs,
-			error: wasmResult.error
-		};
-	} catch (error) {
-		console.error("checkCanRegisterUser failed:", error);
-		return {
-			success: false,
-			verified: false,
-			error: errorMessage(error) || "Unknown error occurred",
-			logs: []
-		};
-	}
-}
-//#endregion
-export { checkCanRegisterUser };
-//# sourceMappingURL=checkCanRegisterUser.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"checkCanRegisterUser.js","names":["serializedCredential: WebAuthnRegistrationCredential","result: CheckCanRegisterUserResult","error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/checkCanRegisterUser.ts"],"sourcesContent":["\nimport { PASSKEY_MANAGER_DEFAULT_CONFIGS } from \"../../../defaultConfigs\";\nimport type { CheckCanRegisterUserResult } from '../../../rpcCalls';\nimport { checkCanRegisterUserContractCall } from '../../../rpcCalls';\nimport { serializeRegistrationCredentialWithPRF, removePrfOutputGuard } from '../../credentialsHelpers';\nimport { VRFChallenge } from '../../../types/vrf-worker';\nimport type { onProgressEvents } from '../../../types/sdkSentEvents';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '../../../types/webauthn';\nimport { errorMessage } from '@/utils/errors';\nimport { isObject, isString } from '../../../WalletIframe/validation';\n\n\nexport async function checkCanRegisterUser({\n ctx,\n vrfChallenge,\n credential,\n contractId,\n nearRpcUrl,\n authenticatorOptions,\n onEvent,\n}: {\n ctx: SignerWorkerManagerContext,\n vrfChallenge: VRFChallenge,\n credential: WebAuthnRegistrationCredential,\n contractId: string;\n nearRpcUrl: string;\n authenticatorOptions?: AuthenticatorOptions; // Authenticator options for registration check\n onEvent?: (update: onProgressEvents) => void;\n}): Promise<{\n success: boolean;\n verified?: boolean;\n registrationInfo?: {\n credentialId: Uint8Array;\n credentialPublicKey: Uint8Array;\n userId: string;\n vrfPublicKey: Uint8Array | undefined;\n };\n logs?: string[];\n signedTransactionBorsh?: number[];\n error?: string;\n}> {\n try {\n // Accept either a real PublicKeyCredential or an already-serialized credential\n const isSerialized = (cred: unknown): cred is WebAuthnRegistrationCredential => {\n if (!isObject(cred)) return false;\n const resp = (cred as { response?: unknown }).response;\n if (!isObject(resp)) return false;\n return isString((resp as { clientDataJSON?: unknown }).clientDataJSON)\n && isString((resp as { attestationObject?: unknown }).attestationObject);\n };\n\n const serializedCredential: WebAuthnRegistrationCredential = isSerialized(credential)\n ? credential\n : serializeRegistrationCredentialWithPRF({ credential: credential });\n\n // Ensure required fields are present; avoid undefined which gets dropped by JSON.stringify in the worker\n const resolvedContractId = contractId || PASSKEY_MANAGER_DEFAULT_CONFIGS.contractId;\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: 'PROGRESS' as any,\n message: 'Calling check_can_register_user on contract...',\n });\n\n // PRF outputs must never be sent over the network. Strip them before\n // calling the contract while preserving the rest of the credential shape.\n const strippedCredential = removePrfOutputGuard<WebAuthnRegistrationCredential>(serializedCredential);\n\n const result: CheckCanRegisterUserResult = await checkCanRegisterUserContractCall({\n nearClient: ctx.nearClient,\n contractId: resolvedContractId,\n vrfChallenge,\n credential: strippedCredential,\n authenticatorOptions,\n });\n\n if (!result.success) {\n throw new Error(result.error || 'Registration pre-check RPC failed');\n }\n\n const wasmResult = {\n verified: result.verified,\n registrationInfo: undefined,\n logs: result.logs,\n error: result.error,\n };\n\n onEvent?.({\n step: 3,\n phase: 'REGISTRATION_CONTRACT_PRE_CHECK' as any,\n status: result.verified ? 'SUCCESS' as any : 'ERROR' as any,\n message: result.verified ? 'Registration pre-check succeeded' : (result.error || 'Registration pre-check failed'),\n });\n\n return {\n success: true,\n verified: wasmResult.verified,\n registrationInfo: wasmResult.registrationInfo,\n logs: wasmResult.logs,\n error: wasmResult.error,\n };\n\n } catch (error: unknown) {\n // Preserve the detailed error message instead of converting to generic error\n console.error('checkCanRegisterUser failed:', error);\n return {\n success: false,\n verified: false,\n error: errorMessage(error) || 'Unknown error occurred',\n logs: [],\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;AAcA,eAAsB,qBAAqB,EACzC,KACA,cACA,YACA,YACA,YACA,sBACA,WAqBC;AACD,KAAI;EAEF,MAAM,gBAAgB,SAA0D;AAC9E,OAAI,CAAC,SAAS,MAAO,QAAO;GAC5B,MAAM,OAAQ,KAAgC;AAC9C,OAAI,CAAC,SAAS,MAAO,QAAO;AAC5B,UAAO,SAAU,KAAsC,mBAClD,SAAU,KAAyC;;EAG1D,MAAMA,uBAAuD,aAAa,cACtE,aACA,uCAAuC,EAAc;EAGzD,MAAM,qBAAqB,cAAc,gCAAgC;AAEzE,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ;GACR,SAAS;;EAKX,MAAM,qBAAqB,qBAAqD;EAEhF,MAAMC,SAAqC,MAAM,iCAAiC;GAChF,YAAY,IAAI;GAChB,YAAY;GACZ;GACA,YAAY;GACZ;;AAGF,MAAI,CAAC,OAAO,QACV,OAAM,IAAI,MAAM,OAAO,SAAS;EAGlC,MAAM,aAAa;GACjB,UAAU,OAAO;GACjB,kBAAkB;GAClB,MAAM,OAAO;GACb,OAAO,OAAO;;AAGhB,YAAU;GACR,MAAM;GACN,OAAO;GACP,QAAQ,OAAO,WAAW,YAAmB;GAC7C,SAAS,OAAO,WAAW,qCAAsC,OAAO,SAAS;;AAGnF,SAAO;GACL,SAAS;GACT,UAAU,WAAW;GACrB,kBAAkB,WAAW;GAC7B,MAAM,WAAW;GACjB,OAAO,WAAW;;UAGbC,OAAgB;AAEvB,UAAQ,MAAM,gCAAgC;AAC9C,SAAO;GACL,SAAS;GACT,UAAU;GACV,OAAO,aAAa,UAAU;GAC9B,MAAM"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js DELETED Viewed

@@ -1,46 +0,0 @@
-import { init_accountIds, toAccountId } from "../../../types/accountIds.js";
-import { WorkerRequestType, init_signer_worker, isDecryptPrivateKeyWithPrfSuccess } from "../../../types/signer-worker.js";
-import { init_validation, isObject } from "../../../WalletIframe/validation.js";
-import { getLastLoggedInDeviceNumber, init_getDeviceNumber } from "../getDeviceNumber.js";
-import { withSessionId } from "./session.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts
-init_signer_worker();
-init_accountIds();
-init_getDeviceNumber();
-init_validation();
-async function decryptPrivateKeyWithPrf({ ctx, nearAccountId, authenticators, sessionId }) {
-	try {
-		console.info("WebAuthnManager: Starting private key decryption with dual PRF (local operation)");
-		const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);
-		const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);
-		if (!encryptedKeyData) throw new Error(`No encrypted key found for account: ${nearAccountId}`);
-		const response = await ctx.sendMessage({
-			sessionId,
-			message: {
-				type: WorkerRequestType.DecryptPrivateKeyWithPrf,
-				payload: withSessionId(sessionId, {
-					nearAccountId,
-					encryptedPrivateKeyData: encryptedKeyData.encryptedData,
-					encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u
-				})
-			}
-		});
-		if (!isDecryptPrivateKeyWithPrfSuccess(response)) {
-			console.error("WebAuthnManager: Dual PRF private key decryption failed:", response);
-			const payloadError = isObject(response?.payload) && response?.payload?.error;
-			throw new Error(payloadError || "Private key decryption failed");
-		}
-		return {
-			decryptedPrivateKey: response.payload.privateKey,
-			nearAccountId: toAccountId(response.payload.nearAccountId)
-		};
-	} catch (error) {
-		console.error("WebAuthnManager: Dual PRF private key decryption error:", error);
-		throw error;
-	}
-}
-//#endregion
-export { decryptPrivateKeyWithPrf };
-//# sourceMappingURL=decryptPrivateKeyWithPrf.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"decryptPrivateKeyWithPrf.js","names":["error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/decryptPrivateKeyWithPrf.ts"],"sourcesContent":["\nimport { ClientAuthenticatorData } from '../../../IndexedDBManager';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\n\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { isObject } from '../../../WalletIframe/validation';\nimport { withSessionId } from './session';\n\nexport async function decryptPrivateKeyWithPrf({\n ctx,\n nearAccountId,\n authenticators,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n nearAccountId: AccountId,\n authenticators: ClientAuthenticatorData[],\n sessionId: string,\n}): Promise<{ decryptedPrivateKey: string; nearAccountId: AccountId }> {\n try {\n console.info('WebAuthnManager: Starting private key decryption with dual PRF (local operation)');\n // Retrieve encrypted key data from IndexedDB in main thread\n const deviceNumber = await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const encryptedKeyData = await ctx.indexedDB.nearKeysDB.getEncryptedKey(nearAccountId, deviceNumber);\n if (!encryptedKeyData) {\n throw new Error(`No encrypted key found for account: ${nearAccountId}`);\n }\n\n const response = await ctx.sendMessage({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n encryptedPrivateKeyData: encryptedKeyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: encryptedKeyData.chacha20NonceB64u,\n })\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Dual PRF private key decryption failed:', response);\n const payloadError = isObject(response?.payload) && (response as any)?.payload?.error;\n throw new Error(payloadError || 'Private key decryption failed');\n }\n return {\n decryptedPrivateKey: response.payload.privateKey,\n nearAccountId: toAccountId(response.payload.nearAccountId)\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: Dual PRF private key decryption error:', error);\n throw error;\n }\n}\n"],"mappings":";;;;;;;;;;;AAaA,eAAsB,yBAAyB,EAC7C,KACA,eACA,gBACA,aAMqE;AACrE,KAAI;AACF,UAAQ,KAAK;EAEb,MAAM,eAAe,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACpF,MAAM,mBAAmB,MAAM,IAAI,UAAU,WAAW,gBAAgB,eAAe;AACvF,MAAI,CAAC,iBACH,OAAM,IAAI,MAAM,uCAAuC;EAGzD,MAAM,WAAW,MAAM,IAAI,YAAY;GACrC;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf,yBAAyB,iBAAiB;KAC1C,sCAAsC,iBAAiB;;;;AAK7D,MAAI,CAAC,kCAAkC,WAAW;AAChD,WAAQ,MAAM,4DAA4D;GAC1E,MAAM,eAAe,SAAS,UAAU,YAAa,UAAkB,SAAS;AAChF,SAAM,IAAI,MAAM,gBAAgB;;AAElC,SAAO;GACL,qBAAqB,SAAS,QAAQ;GACtC,eAAe,YAAY,SAAS,QAAQ;;UAEvCA,OAAgB;AACvB,UAAQ,MAAM,2DAA2D;AACzE,QAAM"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js DELETED Viewed

@@ -1,70 +0,0 @@
-import { init_accountIds, toAccountId } from "../../../types/accountIds.js";
-import { WorkerRequestType, init_signer_worker, isDeriveNearKeypairAndEncryptSuccess } from "../../../types/signer-worker.js";
-import { getLastLoggedInDeviceNumber, init_getDeviceNumber } from "../getDeviceNumber.js";
-import { toEnumUserVerificationPolicy } from "../../../types/authenticatorOptions.js";
-import { withSessionId } from "./session.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts
-init_signer_worker();
-init_accountIds();
-init_getDeviceNumber();
-/**
-* Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential
-* (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.
-*/
-async function deriveNearKeypairAndEncryptFromSerialized({ ctx, credential, nearAccountId, options, sessionId }) {
-	try {
-		if (!sessionId) throw new Error("Missing sessionId for registration WrapKeySeed delivery");
-		const response = await ctx.sendMessage({
-			sessionId,
-			message: {
-				type: WorkerRequestType.DeriveNearKeypairAndEncrypt,
-				payload: withSessionId(sessionId, {
-					nearAccountId,
-					credential,
-					authenticatorOptions: options?.authenticatorOptions ? {
-						userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),
-						originPolicy: options.authenticatorOptions.originPolicy
-					} : void 0
-				})
-			}
-		});
-		if (!isDeriveNearKeypairAndEncryptSuccess(response)) throw new Error("Dual PRF registration (from serialized) failed");
-		const wasmResult = response.payload;
-		const version = wasmResult.version ?? 2;
-		const wrapKeySaltPersisted = wasmResult.wrapKeySalt;
-		const deviceNumber = typeof options?.deviceNumber === "number" ? options.deviceNumber : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);
-		const chacha20NonceB64u = wasmResult.chacha20NonceB64u;
-		if (!chacha20NonceB64u) throw new Error("Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result");
-		const keyData = {
-			nearAccountId,
-			deviceNumber,
-			encryptedData: wasmResult.encryptedData,
-			chacha20NonceB64u,
-			wrapKeySalt: wrapKeySaltPersisted,
-			version,
-			timestamp: Date.now()
-		};
-		await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);
-		return {
-			success: true,
-			nearAccountId: toAccountId(wasmResult.nearAccountId),
-			publicKey: wasmResult.publicKey,
-			chacha20NonceB64u,
-			wrapKeySalt: wrapKeySaltPersisted
-		};
-	} catch (error) {
-		console.error("WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:", error);
-		const message = String(error?.message || error || "");
-		return {
-			success: false,
-			nearAccountId,
-			publicKey: "",
-			error: message
-		};
-	}
-}
-//#endregion
-export { deriveNearKeypairAndEncryptFromSerialized };
-//# sourceMappingURL=deriveNearKeypairAndEncryptFromSerialized.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"deriveNearKeypairAndEncryptFromSerialized.js","names":["keyData: EncryptedKeyData","error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/deriveNearKeypairAndEncryptFromSerialized.ts"],"sourcesContent":["\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport type { AuthenticatorOptions } from '../../../types/authenticatorOptions';\nimport {\n WorkerRequestType,\n isDeriveNearKeypairAndEncryptSuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport { toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\nimport { withSessionId } from './session';\n\n/**\n * Derive NEAR keypair and encrypt it from a serialized WebAuthn registration credential\n * (shape compatible with SerializedRegistrationCredential from WASM) by extracting PRF outputs from it.\n */\nexport async function deriveNearKeypairAndEncryptFromSerialized({\n ctx,\n credential,\n nearAccountId,\n options,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext,\n credential: WebAuthnRegistrationCredential;\n nearAccountId: AccountId,\n options?: {\n authenticatorOptions?: AuthenticatorOptions;\n deviceNumber?: number;\n };\n sessionId: string;\n}): Promise<{\n success: boolean;\n nearAccountId: AccountId;\n publicKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n wrapKeySalt?: string;\n error?: string;\n}> {\n try {\n // PRF outputs are now extracted by VRF worker and delivered to signer worker via MessagePort\n // No need to extract or send them through main thread\n if (!sessionId) throw new Error('Missing sessionId for registration WrapKeySeed delivery');\n\n const response = await ctx.sendMessage<WorkerRequestType.DeriveNearKeypairAndEncrypt>({\n sessionId,\n message: {\n type: WorkerRequestType.DeriveNearKeypairAndEncrypt,\n payload: withSessionId(sessionId, {\n nearAccountId: nearAccountId,\n credential,\n authenticatorOptions: options?.authenticatorOptions ? {\n userVerification: toEnumUserVerificationPolicy(options.authenticatorOptions.userVerification),\n originPolicy: options.authenticatorOptions.originPolicy,\n } : undefined,\n })\n },\n });\n\n if (!isDeriveNearKeypairAndEncryptSuccess(response)) {\n throw new Error('Dual PRF registration (from serialized) failed');\n }\n\n const wasmResult = response.payload;\n const version = (wasmResult as any).version ?? 2;\n const wrapKeySaltPersisted = wasmResult.wrapKeySalt;\n // Prefer explicitly provided deviceNumber, else derive from IndexedDB state\n const deviceNumber = (typeof options?.deviceNumber === 'number')\n ? options!.deviceNumber!\n : await getLastLoggedInDeviceNumber(nearAccountId, ctx.indexedDB.clientDB);\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in deriveNearKeypairAndEncrypt result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId: nearAccountId,\n deviceNumber,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n version,\n timestamp: Date.now()\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n return {\n success: true,\n nearAccountId: toAccountId(wasmResult.nearAccountId),\n publicKey: wasmResult.publicKey,\n chacha20NonceB64u,\n wrapKeySalt: wrapKeySaltPersisted,\n };\n } catch (error: unknown) {\n console.error('WebAuthnManager: deriveNearKeypairAndEncryptFromSerialized error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n nearAccountId,\n publicKey: '',\n error: message\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;AAkBA,eAAsB,0CAA0C,EAC9D,KACA,YACA,eACA,SACA,aAoBC;AACD,KAAI;AAGF,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAEhC,MAAM,WAAW,MAAM,IAAI,YAA2D;GACpF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KACjB;KACf;KACA,sBAAsB,SAAS,uBAAuB;MACpD,kBAAkB,6BAA6B,QAAQ,qBAAqB;MAC5E,cAAc,QAAQ,qBAAqB;SACzC;;;;AAKV,MAAI,CAAC,qCAAqC,UACxC,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;EAC5B,MAAM,UAAW,WAAmB,WAAW;EAC/C,MAAM,uBAAuB,WAAW;EAExC,MAAM,eAAgB,OAAO,SAAS,iBAAiB,WACnD,QAAS,eACT,MAAM,4BAA4B,eAAe,IAAI,UAAU;EACnE,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMA,UAA4B;GACjB;GACf;GACA,eAAe,WAAW;GAC1B;GACA,aAAa;GACb;GACA,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,SAAO;GACL,SAAS;GACT,eAAe,YAAY,WAAW;GACtC,WAAW,WAAW;GACtB;GACA,aAAa;;UAERC,OAAgB;AACvB,UAAQ,MAAM,qEAAqE;EACnF,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT;GACA,WAAW;GACX,OAAO"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js DELETED Viewed

@@ -1,66 +0,0 @@
-import { init_accountIds, toAccountId } from "../../../types/accountIds.js";
-import { WorkerRequestType, init_signer_worker, isDecryptPrivateKeyWithPrfSuccess } from "../../../types/signer-worker.js";
-import { init_validation, isObject } from "../../../WalletIframe/validation.js";
-import { getLastLoggedInDeviceNumber, init_getDeviceNumber } from "../getDeviceNumber.js";
-import { SecureConfirmationType } from "../../VrfWorkerManager/confirmTxFlow/types.js";
-import { runSecureConfirm } from "../../VrfWorkerManager/secureConfirmBridge.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts
-init_validation();
-init_accountIds();
-init_signer_worker();
-init_getDeviceNumber();
-/**
-* Two-phase export (worker-driven):
-*  - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker
-*  - Decrypt inside signer worker (session-bound)
-*  - Phase 2: show export UI with decrypted key (kept open until user closes)
-*/
-async function exportNearKeypairUi({ ctx, nearAccountId, variant, theme, sessionId }) {
-	const accountId = toAccountId(nearAccountId);
-	const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);
-	const [keyData, user] = await Promise.all([ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber), ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber)]);
-	const publicKey = user?.clientNearPublicKey || "";
-	if (!keyData || !publicKey) throw new Error("Missing local key material for export. Re-register to upgrade vault.");
-	const response = await ctx.sendMessage({
-		sessionId,
-		message: {
-			type: WorkerRequestType.DecryptPrivateKeyWithPrf,
-			payload: {
-				nearAccountId: accountId,
-				encryptedPrivateKeyData: keyData.encryptedData,
-				encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u
-			}
-		}
-	});
-	if (!isDecryptPrivateKeyWithPrfSuccess(response)) {
-		console.error("WebAuthnManager: Export decrypt failed:", response);
-		const payloadError = isObject(response?.payload) && response?.payload?.error;
-		const msg = String(payloadError || "Export decrypt failed");
-		throw new Error(msg);
-	}
-	const privateKey = response.payload.privateKey;
-	const showReq = {
-		schemaVersion: 2,
-		requestId: sessionId,
-		type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,
-		summary: {
-			operation: "Export Private Key",
-			accountId,
-			publicKey,
-			warning: "Anyone with your private key can fully control your account. Never share it."
-		},
-		payload: {
-			nearAccountId: accountId,
-			publicKey,
-			privateKey,
-			variant,
-			theme
-		}
-	};
-	await runSecureConfirm(ctx, showReq);
-}
-//#endregion
-export { exportNearKeypairUi };
-//# sourceMappingURL=exportNearKeypairUi.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"exportNearKeypairUi.js","names":[],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/exportNearKeypairUi.ts"],"sourcesContent":["import { isObject } from '../../../WalletIframe/validation';\nimport { AccountId, toAccountId } from '../../../types/accountIds';\nimport {\n WorkerRequestType,\n isDecryptPrivateKeyWithPrfSuccess,\n} from '../../../types/signer-worker';\nimport { runSecureConfirm } from '../../VrfWorkerManager/secureConfirmBridge';\nimport { SecureConfirmationType } from '../../VrfWorkerManager/confirmTxFlow/types';\nimport { SignerWorkerManagerContext } from '..';\nimport { getLastLoggedInDeviceNumber } from '../getDeviceNumber';\n\n/**\n * Two-phase export (worker-driven):\n * - Phase 1: collect PRF (uiMode: 'skip') and derive WrapKeySeed in VRF worker\n * - Decrypt inside signer worker (session-bound)\n * - Phase 2: show export UI with decrypted key (kept open until user closes)\n */\nexport async function exportNearKeypairUi({\n ctx,\n nearAccountId,\n variant,\n theme,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n nearAccountId: AccountId;\n variant?: 'drawer' | 'modal';\n theme?: 'dark' | 'light';\n sessionId: string;\n}): Promise<void> {\n const accountId = toAccountId(nearAccountId);\n\n // Gather encrypted key + ChaCha20 nonce and public key from IndexedDB\n const deviceNumber = await getLastLoggedInDeviceNumber(accountId, ctx.indexedDB.clientDB);\n const [keyData, user] = await Promise.all([\n ctx.indexedDB.nearKeysDB.getEncryptedKey(accountId, deviceNumber),\n ctx.indexedDB.clientDB.getUserByDevice(accountId, deviceNumber),\n ]);\n const publicKey = user?.clientNearPublicKey || '';\n if (!keyData || !publicKey) {\n throw new Error('Missing local key material for export. Re-register to upgrade vault.');\n }\n\n // Decrypt inside signer worker using the reserved session\n const response = await ctx.sendMessage<WorkerRequestType.DecryptPrivateKeyWithPrf>({\n sessionId,\n message: {\n type: WorkerRequestType.DecryptPrivateKeyWithPrf,\n payload: {\n nearAccountId: accountId,\n encryptedPrivateKeyData: keyData.encryptedData,\n encryptedPrivateKeyChacha20NonceB64u: keyData.chacha20NonceB64u,\n },\n },\n });\n\n if (!isDecryptPrivateKeyWithPrfSuccess(response)) {\n console.error('WebAuthnManager: Export decrypt failed:', response);\n const payloadError = isObject(response?.payload) && response?.payload?.error;\n const msg = String(payloadError || 'Export decrypt failed');\n throw new Error(msg);\n }\n\n const privateKey = response.payload.privateKey;\n\n // Phase 2: show secure UI (VRF-driven viewer)\n const showReq = {\n schemaVersion: 2 as const,\n requestId: sessionId,\n type: SecureConfirmationType.SHOW_SECURE_PRIVATE_KEY_UI,\n summary: {\n operation: 'Export Private Key' as const,\n accountId,\n publicKey,\n warning: 'Anyone with your private key can fully control your account. Never share it.',\n },\n payload: {\n nearAccountId: accountId,\n publicKey,\n privateKey,\n variant,\n theme,\n },\n };\n await runSecureConfirm(ctx, showReq);\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;AAiBA,eAAsB,oBAAoB,EACxC,KACA,eACA,SACA,OACA,aAOgB;CAChB,MAAM,YAAY,YAAY;CAG9B,MAAM,eAAe,MAAM,4BAA4B,WAAW,IAAI,UAAU;CAChF,MAAM,CAAC,SAAS,QAAQ,MAAM,QAAQ,IAAI,CACxC,IAAI,UAAU,WAAW,gBAAgB,WAAW,eACpD,IAAI,UAAU,SAAS,gBAAgB,WAAW;CAEpD,MAAM,YAAY,MAAM,uBAAuB;AAC/C,KAAI,CAAC,WAAW,CAAC,UACf,OAAM,IAAI,MAAM;CAIlB,MAAM,WAAW,MAAM,IAAI,YAAwD;EACjF;EACA,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS;IACP,eAAe;IACf,yBAAyB,QAAQ;IACjC,sCAAsC,QAAQ;;;;AAKpD,KAAI,CAAC,kCAAkC,WAAW;AAChD,UAAQ,MAAM,2CAA2C;EACzD,MAAM,eAAe,SAAS,UAAU,YAAY,UAAU,SAAS;EACvE,MAAM,MAAM,OAAO,gBAAgB;AACnC,QAAM,IAAI,MAAM;;CAGlB,MAAM,aAAa,SAAS,QAAQ;CAGpC,MAAM,UAAU;EACd,eAAe;EACf,WAAW;EACX,MAAM,uBAAuB;EAC7B,SAAS;GACP,WAAW;GACX;GACA;GACA,SAAS;;EAEX,SAAS;GACP,eAAe;GACf;GACA;GACA;GACA;;;AAGJ,OAAM,iBAAiB,KAAK"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.js DELETED Viewed

@@ -1,24 +0,0 @@
-import { WorkerRequestType, init_signer_worker, isExtractCosePublicKeySuccess } from "../../../types/signer-worker.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.ts
-init_signer_worker();
-/**
-* Extract COSE public key from WebAuthn attestation object
-* Simple operation that doesn't require TouchID or progress updates
-*/
-async function extractCosePublicKey({ ctx, attestationObjectBase64url }) {
-	try {
-		const response = await ctx.sendMessage({ message: {
-			type: WorkerRequestType.ExtractCosePublicKey,
-			payload: { attestationObjectBase64url }
-		} });
-		if (isExtractCosePublicKeySuccess(response)) return response.payload.cosePublicKeyBytes;
-		else throw new Error("COSE public key extraction failed in WASM worker");
-	} catch (error) {
-		throw error;
-	}
-}
-//#endregion
-export { extractCosePublicKey };
-//# sourceMappingURL=extractCosePublicKey.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"extractCosePublicKey.js","names":["error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/extractCosePublicKey.ts"],"sourcesContent":["\nimport { WorkerRequestType, isExtractCosePublicKeySuccess } from '../../../types/signer-worker';\nimport { SignerWorkerManagerContext } from '..';\n\n\n/**\n * Extract COSE public key from WebAuthn attestation object\n * Simple operation that doesn't require TouchID or progress updates\n */\nexport async function extractCosePublicKey({ ctx, attestationObjectBase64url }: {\n ctx: SignerWorkerManagerContext;\n attestationObjectBase64url: string;\n}): Promise<Uint8Array> {\n try {\n const response = await ctx.sendMessage<WorkerRequestType.ExtractCosePublicKey>({\n message: {\n type: WorkerRequestType.ExtractCosePublicKey,\n payload: {\n attestationObjectBase64url\n }\n }\n });\n\n if (isExtractCosePublicKeySuccess(response)) {\n return response.payload.cosePublicKeyBytes;\n } else {\n throw new Error('COSE public key extraction failed in WASM worker');\n }\n } catch (error: unknown) {\n throw error;\n }\n}\n"],"mappings":";;;;;;;;AASA,eAAsB,qBAAqB,EAAE,KAAK,8BAG1B;AACtB,KAAI;EACF,MAAM,WAAW,MAAM,IAAI,YAAoD,EAC7E,SAAS;GACP,MAAM,kBAAkB;GACxB,SAAS,EACP;;AAKN,MAAI,8BAA8B,UAChC,QAAO,SAAS,QAAQ;MAExB,OAAM,IAAI,MAAM;UAEXA,OAAgB;AACvB,QAAM"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.js DELETED Viewed

@@ -1,43 +0,0 @@
-import { WorkerRequestType, init_signer_worker, isRecoverKeypairFromPasskeySuccess } from "../../../types/signer-worker.js";
-import { withSessionId } from "./session.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.ts
-init_signer_worker();
-/**
-* Recover keypair from authentication credential for account recovery
-* Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption
-*/
-async function recoverKeypairFromPasskey({ ctx, credential, accountIdHint, sessionId }) {
-	try {
-		console.info("SignerWorkerManager: Starting dual PRF-based keypair recovery from authentication credential");
-		if (!credential.clientExtensionResults?.prf?.results?.first || !credential.clientExtensionResults?.prf?.results?.second) throw new Error("Dual PRF outputs required for account recovery - both ChaCha20 and Ed25519 PRF outputs must be available");
-		if (!sessionId) throw new Error("Missing sessionId for recovery WrapKeySeed delivery");
-		const response = await ctx.sendMessage({
-			sessionId,
-			message: {
-				type: WorkerRequestType.RecoverKeypairFromPasskey,
-				payload: withSessionId(sessionId, {
-					credential,
-					accountIdHint
-				})
-			}
-		});
-		if (!isRecoverKeypairFromPasskeySuccess(response)) throw new Error("Dual PRF keypair recovery failed in WASM worker");
-		const chacha20NonceB64u = response.payload.chacha20NonceB64u;
-		if (!chacha20NonceB64u) throw new Error("Missing chacha20NonceB64u in recovery result");
-		return {
-			publicKey: response.payload.publicKey,
-			encryptedPrivateKey: response.payload.encryptedData,
-			chacha20NonceB64u,
-			accountIdHint: response.payload.accountIdHint,
-			wrapKeySalt: response.payload.wrapKeySalt
-		};
-	} catch (error) {
-		console.error("SignerWorkerManager: Dual PRF keypair recovery error:", error);
-		throw error;
-	}
-}
-//#endregion
-export { recoverKeypairFromPasskey };
-//# sourceMappingURL=recoverKeypairFromPasskey.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"recoverKeypairFromPasskey.js","names":["error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/recoverKeypairFromPasskey.ts"],"sourcesContent":["import {\n WorkerRequestType, // from wasm worker\n isRecoverKeypairFromPasskeySuccess,\n} from '../../../types/signer-worker';\nimport type { WebAuthnAuthenticationCredential } from '../../../types/webauthn';\nimport { SignerWorkerManagerContext } from '..';\nimport { withSessionId } from './session';\n\n/**\n * Recover keypair from authentication credential for account recovery\n * Uses dual PRF-based Ed25519 key derivation with account-specific HKDF and AES encryption\n */\nexport async function recoverKeypairFromPasskey({\n ctx,\n credential,\n accountIdHint,\n sessionId,\n}: {\n ctx: SignerWorkerManagerContext;\n credential: WebAuthnAuthenticationCredential;\n accountIdHint?: string;\n sessionId: string;\n}): Promise<{\n publicKey: string;\n encryptedPrivateKey: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u: string;\n accountIdHint?: string;\n wrapKeySalt: string;\n}> {\n try {\n console.info('SignerWorkerManager: Starting dual PRF-based keypair recovery from authentication credential');\n // Accept either live PublicKeyCredential or already-serialized auth credential\n\n // Verify dual PRF outputs are available\n if (\n !credential.clientExtensionResults?.prf?.results?.first ||\n !credential.clientExtensionResults?.prf?.results?.second\n ) {\n throw new Error('Dual PRF outputs required for account recovery - both ChaCha20 and Ed25519 PRF outputs must be available');\n }\n\n if (!sessionId) throw new Error('Missing sessionId for recovery WrapKeySeed delivery');\n\n // Use generic sendMessage with specific request type for better type safety\n const response = await ctx.sendMessage<WorkerRequestType.RecoverKeypairFromPasskey>({\n sessionId,\n message: {\n type: WorkerRequestType.RecoverKeypairFromPasskey,\n payload: withSessionId(sessionId, {\n credential,\n accountIdHint,\n })\n },\n });\n\n // response is RecoverKeypairSuccessResponse | RecoverKeypairFailureResponse\n if (!isRecoverKeypairFromPasskeySuccess(response)) {\n throw new Error('Dual PRF keypair recovery failed in WASM worker');\n }\n\n const chacha20NonceB64u = response.payload.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in recovery result');\n }\n return {\n publicKey: response.payload.publicKey,\n encryptedPrivateKey: response.payload.encryptedData,\n chacha20NonceB64u,\n accountIdHint: response.payload.accountIdHint,\n wrapKeySalt: response.payload.wrapKeySalt,\n };\n\n } catch (error: unknown) {\n console.error('SignerWorkerManager: Dual PRF keypair recovery error:', error);\n throw error;\n }\n}\n"],"mappings":";;;;;;;;;AAYA,eAAsB,0BAA0B,EAC9C,KACA,YACA,eACA,aAeC;AACD,KAAI;AACF,UAAQ,KAAK;AAIb,MACE,CAAC,WAAW,wBAAwB,KAAK,SAAS,SAClD,CAAC,WAAW,wBAAwB,KAAK,SAAS,OAElD,OAAM,IAAI,MAAM;AAGlB,MAAI,CAAC,UAAW,OAAM,IAAI,MAAM;EAGhC,MAAM,WAAW,MAAM,IAAI,YAAyD;GAClF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;;;;AAMN,MAAI,CAAC,mCAAmC,UACtC,OAAM,IAAI,MAAM;EAGlB,MAAM,oBAAoB,SAAS,QAAQ;AAC3C,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;AAElB,SAAO;GACL,WAAW,SAAS,QAAQ;GAC5B,qBAAqB,SAAS,QAAQ;GACtC;GACA,eAAe,SAAS,QAAQ;GAChC,aAAa,SAAS,QAAQ;;UAGzBA,OAAgB;AACvB,UAAQ,MAAM,yDAAyD;AACvE,QAAM"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js DELETED Viewed

@@ -1,115 +0,0 @@
-import { WorkerRequestType, init_signer_worker, isRegisterDevice2WithDerivedKeySuccess } from "../../../types/signer-worker.js";
-import { base64UrlDecode } from "../../../../utils/base64.js";
-import { init_utils } from "../../../../utils/index.js";
-import { UserVerificationPolicy, toEnumUserVerificationPolicy } from "../../../types/authenticatorOptions.js";
-import { withSessionId } from "./session.js";
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts
-init_utils();
-init_signer_worker();
-/**
-* Combined Device2 registration flow: derive NEAR keypair + sign registration transaction
-* in a single operation without requiring a separate authentication prompt.
-*
-* This handler orchestrates:
-* 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)
-* 2. Deriving NEAR ed25519 keypair from PRF.second
-* 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)
-* 4. Building the Device2 registration transaction (`link_device_register_user`)
-* 5. Signing the transaction with the derived NEAR keypair
-* 6. Storing encrypted key data in IndexedDB
-*
-* Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered
-* directly from VRF worker to Signer worker via MessagePort.
-*/
-async function registerDevice2WithDerivedKey({ ctx, sessionId, nearAccountId, credential, vrfChallenge, transactionContext, contractId, wrapKeySalt, deviceNumber, deterministicVrfPublicKey }) {
-	try {
-		if (!sessionId) throw new Error("Missing sessionId for Device2 registration");
-		console.debug("[SignerWorkerManager] Starting Device2 combined registration", {
-			nearAccountId,
-			sessionId,
-			deviceNumber
-		});
-		const b64ToBytes = (s) => {
-			if (!s) return [];
-			return Array.from(base64UrlDecode(s));
-		};
-		const finalContractArgs = {
-			vrf_data: {
-				vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),
-				vrf_output: b64ToBytes(vrfChallenge.vrfOutput),
-				vrf_proof: b64ToBytes(vrfChallenge.vrfProof),
-				public_key: b64ToBytes(vrfChallenge.vrfPublicKey),
-				user_id: vrfChallenge.userId,
-				rp_id: vrfChallenge.rpId,
-				block_height: Number(vrfChallenge.blockHeight),
-				block_hash: b64ToBytes(vrfChallenge.blockHash)
-			},
-			webauthn_registration: credential,
-			deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),
-			authenticator_options: {
-				userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),
-				originPolicy: {
-					single: void 0,
-					all_subdomains: true,
-					multiple: void 0
-				}
-			}
-		};
-		const response = await ctx.sendMessage({
-			sessionId,
-			message: {
-				type: WorkerRequestType.RegisterDevice2WithDerivedKey,
-				payload: withSessionId(sessionId, {
-					credential,
-					nearAccountId,
-					transactionContext: {
-						txBlockHash: transactionContext.txBlockHash,
-						txBlockHeight: transactionContext.txBlockHeight,
-						baseNonce: transactionContext.nextNonce
-					},
-					contractId,
-					contractArgsJson: JSON.stringify(finalContractArgs)
-				})
-			}
-		});
-		if (!isRegisterDevice2WithDerivedKeySuccess(response)) throw new Error("Device2 combined registration failed");
-		const wasmResult = response.payload;
-		console.debug("[SignerWorkerManager] Device2 registration complete, storing encrypted key");
-		const chacha20NonceB64u = wasmResult.chacha20NonceB64u;
-		if (!chacha20NonceB64u) throw new Error("Missing chacha20NonceB64u in Device2 registration result");
-		const keyData = {
-			nearAccountId,
-			deviceNumber: deviceNumber ?? 2,
-			encryptedData: wasmResult.encryptedData,
-			chacha20NonceB64u,
-			wrapKeySalt: wasmResult.wrapKeySalt,
-			version: 2,
-			timestamp: Date.now()
-		};
-		await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);
-		console.debug("[SignerWorkerManager] Device2 encrypted key stored successfully");
-		return {
-			success: true,
-			publicKey: wasmResult.publicKey,
-			signedTransaction: wasmResult.signedTransaction,
-			wrapKeySalt: wasmResult.wrapKeySalt,
-			encryptedData: wasmResult.encryptedData,
-			chacha20NonceB64u
-		};
-	} catch (error) {
-		console.error("[SignerWorkerManager] registerDevice2WithDerivedKey error:", error);
-		const message = String(error?.message || error || "");
-		return {
-			success: false,
-			publicKey: "",
-			signedTransaction: null,
-			wrapKeySalt: "",
-			error: message
-		};
-	}
-}
-//#endregion
-export { registerDevice2WithDerivedKey };
-//# sourceMappingURL=registerDevice2WithDerivedKey.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"registerDevice2WithDerivedKey.js","names":["keyData: EncryptedKeyData","error: unknown"],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/registerDevice2WithDerivedKey.ts"],"sourcesContent":["import { base64UrlDecode } from '../../../../utils';\nimport type { EncryptedKeyData } from '../../../IndexedDBManager/passkeyNearKeysDB';\nimport {\n WorkerRequestType,\n isRegisterDevice2WithDerivedKeySuccess,\n} from '../../../types/signer-worker';\nimport { AccountId, toAccountId } from \"../../../types/accountIds\";\nimport { SignerWorkerManagerContext } from '..';\nimport type { WebAuthnRegistrationCredential } from '@/core/types/webauthn';\nimport type { VRFChallenge } from '../../../types/vrf-worker';\nimport type { TransactionContext } from '../../../types/rpc';\nimport { withSessionId } from './session';\nimport { UserVerificationPolicy, toEnumUserVerificationPolicy } from '../../../types/authenticatorOptions';\n\n/**\n * Combined Device2 registration flow: derive NEAR keypair + sign registration transaction\n * in a single operation without requiring a separate authentication prompt.\n *\n * This handler orchestrates:\n * 1. Retrieving PRF.second and WrapKeySeed from session storage (delivered via MessagePort)\n * 2. Deriving NEAR ed25519 keypair from PRF.second\n * 3. Encrypting the NEAR private key with KEK (derived from WrapKeySeed + wrapKeySalt)\n * 4. Building the Device2 registration transaction (`link_device_register_user`)\n * 5. Signing the transaction with the derived NEAR keypair\n * 6. Storing encrypted key data in IndexedDB\n *\n * Security: PRF.second and WrapKeySeed never traverse the main thread - they're delivered\n * directly from VRF worker to Signer worker via MessagePort.\n */\nexport async function registerDevice2WithDerivedKey({\n ctx,\n sessionId,\n nearAccountId,\n credential,\n vrfChallenge,\n transactionContext,\n contractId,\n wrapKeySalt,\n deviceNumber,\n deterministicVrfPublicKey,\n}: {\n ctx: SignerWorkerManagerContext;\n sessionId: string;\n nearAccountId: AccountId;\n credential: WebAuthnRegistrationCredential;\n vrfChallenge: VRFChallenge;\n transactionContext: TransactionContext;\n contractId: string;\n wrapKeySalt: string;\n deviceNumber?: number;\n deterministicVrfPublicKey?: string;\n}): Promise<{\n success: boolean;\n publicKey: string;\n signedTransaction: any;\n wrapKeySalt: string;\n encryptedData?: string;\n /**\n * Base64url-encoded AEAD nonce (ChaCha20-Poly1305) for the encrypted private key.\n */\n chacha20NonceB64u?: string;\n error?: string;\n}> {\n try {\n if (!sessionId) {\n throw new Error('Missing sessionId for Device2 registration');\n }\n\n console.debug('[SignerWorkerManager] Starting Device2 combined registration', {\n nearAccountId,\n sessionId,\n deviceNumber,\n });\n\n // Helper to convert base64url string to byte array (number[])\n const b64ToBytes = (s: string | undefined): number[] => {\n if (!s) return [];\n return Array.from(base64UrlDecode(s));\n };\n // Construct contractArgs in TypeScript and use JSON.stringify() here.\n // This is native to JS, extremely fast, and means the Rust worker just receives a \"dumb\" string that it can blindly convert to bytes\n const finalContractArgs = {\n vrf_data: {\n vrf_input_data: b64ToBytes(vrfChallenge.vrfInput),\n vrf_output: b64ToBytes(vrfChallenge.vrfOutput),\n vrf_proof: b64ToBytes(vrfChallenge.vrfProof),\n public_key: b64ToBytes(vrfChallenge.vrfPublicKey),\n user_id: vrfChallenge.userId,\n rp_id: vrfChallenge.rpId,\n block_height: Number(vrfChallenge.blockHeight),\n block_hash: b64ToBytes(vrfChallenge.blockHash),\n },\n webauthn_registration: credential,\n deterministic_vrf_public_key: b64ToBytes(deterministicVrfPublicKey),\n authenticator_options: {\n userVerification: toEnumUserVerificationPolicy(UserVerificationPolicy.Preferred),\n originPolicy: {\n single: undefined,\n all_subdomains: true,\n multiple: undefined,\n },\n },\n };\n\n // Build request payload for combined Device2 registration\n const response = await ctx.sendMessage<WorkerRequestType.RegisterDevice2WithDerivedKey>({\n sessionId,\n message: {\n type: WorkerRequestType.RegisterDevice2WithDerivedKey,\n payload: withSessionId(sessionId, {\n credential,\n nearAccountId,\n transactionContext: {\n txBlockHash: transactionContext.txBlockHash,\n txBlockHeight: transactionContext.txBlockHeight,\n baseNonce: transactionContext.nextNonce,\n },\n contractId,\n contractArgsJson: JSON.stringify(finalContractArgs),\n }),\n },\n });\n\n if (!isRegisterDevice2WithDerivedKeySuccess(response)) {\n throw new Error('Device2 combined registration failed');\n }\n\n const wasmResult = response.payload;\n\n console.debug('[SignerWorkerManager] Device2 registration complete, storing encrypted key');\n\n // Store encrypted NEAR key in IndexedDB\n const chacha20NonceB64u = wasmResult.chacha20NonceB64u;\n if (!chacha20NonceB64u) {\n throw new Error('Missing chacha20NonceB64u in Device2 registration result');\n }\n const keyData: EncryptedKeyData = {\n nearAccountId,\n deviceNumber: deviceNumber ?? 2, // Default to device 2\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n wrapKeySalt: wasmResult.wrapKeySalt,\n version: 2,\n timestamp: Date.now(),\n };\n await ctx.indexedDB.nearKeysDB.storeEncryptedKey(keyData);\n\n console.debug('[SignerWorkerManager] Device2 encrypted key stored successfully');\n\n return {\n success: true,\n publicKey: wasmResult.publicKey,\n signedTransaction: wasmResult.signedTransaction,\n wrapKeySalt: wasmResult.wrapKeySalt,\n encryptedData: wasmResult.encryptedData,\n chacha20NonceB64u,\n };\n } catch (error: unknown) {\n console.error('[SignerWorkerManager] registerDevice2WithDerivedKey error:', error);\n const message = String((error as { message?: unknown })?.message || error || '');\n return {\n success: false,\n publicKey: '',\n signedTransaction: null,\n wrapKeySalt: '',\n error: message,\n };\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA6BA,eAAsB,8BAA8B,EAClD,KACA,WACA,eACA,YACA,cACA,oBACA,YACA,aACA,cACA,6BAuBC;AACD,KAAI;AACF,MAAI,CAAC,UACH,OAAM,IAAI,MAAM;AAGlB,UAAQ,MAAM,gEAAgE;GAC5E;GACA;GACA;;EAIF,MAAM,cAAc,MAAoC;AACtD,OAAI,CAAC,EAAG,QAAO;AACf,UAAO,MAAM,KAAK,gBAAgB;;EAIpC,MAAM,oBAAoB;GACxB,UAAU;IACR,gBAAgB,WAAW,aAAa;IACxC,YAAY,WAAW,aAAa;IACpC,WAAW,WAAW,aAAa;IACnC,YAAY,WAAW,aAAa;IACpC,SAAS,aAAa;IACtB,OAAO,aAAa;IACpB,cAAc,OAAO,aAAa;IAClC,YAAY,WAAW,aAAa;;GAEtC,uBAAuB;GACvB,8BAA8B,WAAW;GACzC,uBAAuB;IACrB,kBAAkB,6BAA6B,uBAAuB;IACtE,cAAc;KACZ,QAAQ;KACR,gBAAgB;KAChB,UAAU;;;;EAMhB,MAAM,WAAW,MAAM,IAAI,YAA6D;GACtF;GACA,SAAS;IACP,MAAM,kBAAkB;IACxB,SAAS,cAAc,WAAW;KAChC;KACA;KACA,oBAAoB;MAClB,aAAa,mBAAmB;MAChC,eAAe,mBAAmB;MAClC,WAAW,mBAAmB;;KAEhC;KACA,kBAAkB,KAAK,UAAU;;;;AAKvC,MAAI,CAAC,uCAAuC,UAC1C,OAAM,IAAI,MAAM;EAGlB,MAAM,aAAa,SAAS;AAE5B,UAAQ,MAAM;EAGd,MAAM,oBAAoB,WAAW;AACrC,MAAI,CAAC,kBACH,OAAM,IAAI,MAAM;EAElB,MAAMA,UAA4B;GAChC;GACA,cAAc,gBAAgB;GAC9B,eAAe,WAAW;GAC1B;GACA,aAAa,WAAW;GACxB,SAAS;GACT,WAAW,KAAK;;AAElB,QAAM,IAAI,UAAU,WAAW,kBAAkB;AAEjD,UAAQ,MAAM;AAEd,SAAO;GACL,SAAS;GACT,WAAW,WAAW;GACtB,mBAAmB,WAAW;GAC9B,aAAa,WAAW;GACxB,eAAe,WAAW;GAC1B;;UAEKC,OAAgB;AACvB,UAAQ,MAAM,8DAA8D;EAC5E,MAAM,UAAU,OAAQ,OAAiC,WAAW,SAAS;AAC7E,SAAO;GACL,SAAS;GACT,WAAW;GACX,mBAAmB;GACnB,aAAa;GACb,OAAO"}

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/session.js DELETED Viewed

@@ -1,14 +0,0 @@
-//#region src/core/WebAuthnManager/SignerWorkerManager/handlers/session.ts
-function withSessionId(sessionId, payload) {
-	if (!sessionId) throw new Error("withSessionId: sessionId is required");
-	const existing = payload?.sessionId;
-	if (existing && existing !== sessionId) throw new Error(`withSessionId: payload.sessionId (${existing}) does not match provided sessionId (${sessionId})`);
-	return {
-		...payload,
-		sessionId
-	};
-}
-//#endregion
-export { withSessionId };
-//# sourceMappingURL=session.js.map

package/dist/esm/react/sdk/src/core/WebAuthnManager/SignerWorkerManager/handlers/session.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"session.js","names":[],"sources":["../../../../../../../../../src/core/WebAuthnManager/SignerWorkerManager/handlers/session.ts"],"sourcesContent":["\nexport function withSessionId<T>(\n sessionId: string,\n payload: T,\n): T & { sessionId: string } {\n\n if (!sessionId) {\n throw new Error('withSessionId: sessionId is required');\n }\n\n const existing = (payload as any)?.sessionId as string | undefined;\n if (existing && existing !== sessionId) {\n throw new Error(\n `withSessionId: payload.sessionId (${existing}) does not match provided sessionId (${sessionId})`,\n );\n }\n\n return { ...payload, sessionId };\n}\n"],"mappings":";AACA,SAAgB,cACd,WACA,SAC2B;AAE3B,KAAI,CAAC,UACH,OAAM,IAAI,MAAM;CAGlB,MAAM,WAAY,SAAiB;AACnC,KAAI,YAAY,aAAa,UAC3B,OAAM,IAAI,MACR,qCAAqC,SAAS,uCAAuC,UAAU;AAInG,QAAO;EAAE,GAAG;EAAS"}