@thru/wallet 0.2.25 → 0.2.28

package/dist/index.js

@@ -43,14 +43,20 @@ var ThruTransactionEncoding = {
 // src/protocol/postMessage.ts
 var POST_MESSAGE_REQUEST_TYPES = {
   CONNECT: "connect",
+  CREATE_ACCOUNT: "createAccount",
   DISCONNECT: "disconnect",
   SIGN_MESSAGE: "signMessage",
   SIGN_TRANSACTION: "signTransaction",
+  SIGN_PASSKEY_CHALLENGE: "signPasskeyChallenge",
   GET_ACCOUNTS: "getAccounts",
   GET_CONNECTION_STATE: "getConnectionState",
   GET_SIGNING_CONTEXT: "getSigningContext",
   SELECT_ACCOUNT: "selectAccount",
-  MANAGE_ACCOUNTS: "manageAccounts"
+  MANAGE_ACCOUNTS: "manageAccounts",
+  CREATE_SIGNING_SESSION: "createSigningSession",
+  CREATE_SIGNING_SESSION_INSTRUCTION: "createSigningSessionInstruction",
+  CONFIRM_SIGNING_SESSION: "confirmSigningSession",
+  REVOKE_SIGNING_SESSION: "revokeSigningSession"
 };
 var EMBEDDED_PROVIDER_EVENTS = {
   CONNECT_START: "connect_start",
@@ -64,7 +70,7 @@ var EMBEDDED_PROVIDER_EVENTS = {
 };
 var POST_MESSAGE_EVENT_TYPE = "event";
 var IFRAME_READY_EVENT = "iframe:ready";
-var DEFAULT_IFRAME_URL = "http://localhost:3000/embedded";
+var DEFAULT_IFRAME_URL = "http://localhost:3010/embedded";
 var REQUEST_ID_PREFIX = "req";
 var createRequestId = (prefix = REQUEST_ID_PREFIX) => {
   const random = Math.random().toString(36).slice(2, 11);
@@ -94,7 +100,10 @@ function normalizeConnectionStateResult(result) {
 }
 
 // src/provider/IframeManager.ts
-var PRODUCTION_IFRAME_ORIGINS = ["https://wallet.thru.org"];
+var PRODUCTION_IFRAME_ORIGINS = [
+  "https://wallet.thru.org",
+  "https://wallet.tid.sh"
+];
 var SLOW_REQUEST_TIMEOUT_MS = 5 * 60 * 1e3;
 var FAST_REQUEST_TIMEOUT_MS = 30 * 1e3;
 var PARENT_ORIGIN_SEARCH_PARAM = "tn_parent_origin";
@@ -102,7 +111,11 @@ var SLOW_REQUEST_TYPES = /* @__PURE__ */ new Set([
   POST_MESSAGE_REQUEST_TYPES.CONNECT,
   POST_MESSAGE_REQUEST_TYPES.SIGN_MESSAGE,
   POST_MESSAGE_REQUEST_TYPES.SIGN_TRANSACTION,
-  POST_MESSAGE_REQUEST_TYPES.MANAGE_ACCOUNTS
+  POST_MESSAGE_REQUEST_TYPES.SIGN_PASSKEY_CHALLENGE,
+  POST_MESSAGE_REQUEST_TYPES.MANAGE_ACCOUNTS,
+  POST_MESSAGE_REQUEST_TYPES.CREATE_SIGNING_SESSION,
+  POST_MESSAGE_REQUEST_TYPES.CREATE_SIGNING_SESSION_INSTRUCTION,
+  POST_MESSAGE_REQUEST_TYPES.CONFIRM_SIGNING_SESSION
 ]);
 function isPrivateIpv4Host(hostname) {
   const parts = hostname.split(".").map((part) => Number(part));
@@ -415,11 +428,202 @@ var IframeManager = class {
   }
 };
 
+// src/encoding.ts
+var BASE64_ALPHABET = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+var BASE64_LOOKUP = new Map(
+  [...BASE64_ALPHABET].map((char, index) => [char, index])
+);
+function base64ToBytes(value) {
+  const normalized = value.replace(/\s+/g, "");
+  if (normalized.length === 0) return new Uint8Array();
+  if (normalized.length % 4 === 1) {
+    throw new Error("Invalid base64 data");
+  }
+  const padded = normalized.padEnd(
+    normalized.length + (4 - normalized.length % 4) % 4,
+    "="
+  );
+  const padding = padded.endsWith("==") ? 2 : padded.endsWith("=") ? 1 : 0;
+  const output = new Uint8Array(padded.length / 4 * 3 - padding);
+  let outIdx = 0;
+  for (let i = 0; i < padded.length; i += 4) {
+    const chars = padded.slice(i, i + 4);
+    const a = BASE64_LOOKUP.get(chars[0]);
+    const b = BASE64_LOOKUP.get(chars[1]);
+    const c = chars[2] === "=" ? 0 : BASE64_LOOKUP.get(chars[2]);
+    const d = chars[3] === "=" ? 0 : BASE64_LOOKUP.get(chars[3]);
+    if (a === void 0 || b === void 0 || c === void 0 || d === void 0) {
+      throw new Error("Invalid base64 data");
+    }
+    const chunk = a << 18 | b << 12 | c << 6 | d;
+    if (outIdx < output.length) output[outIdx++] = chunk >> 16 & 255;
+    if (outIdx < output.length) output[outIdx++] = chunk >> 8 & 255;
+    if (outIdx < output.length) output[outIdx++] = chunk & 255;
+  }
+  return output;
+}
+
+// src/signing-sessions.ts
+var STORAGE_VERSION = 1;
+var KEY_PREFIX = "thru.wallet.signing-sessions.v1";
+function encodeKeyPart(input) {
+  return encodeURIComponent(input).replace(
+    /[!'()*]/g,
+    (char) => `%${char.charCodeAt(0).toString(16).toUpperCase()}`
+  );
+}
+function nowSeconds() {
+  return Math.floor(Date.now() / 1e3);
+}
+function resolveSigningSessionStorageKey(params) {
+  if (params.storageKey) return params.storageKey;
+  return `${KEY_PREFIX}:${encodeKeyPart(params.walletOrigin)}:${encodeKeyPart(params.appOrigin)}`;
+}
+function getDefaultBrowserSigningSessionStorage() {
+  if (typeof window === "undefined") return null;
+  try {
+    return window.localStorage ?? null;
+  } catch {
+    return null;
+  }
+}
+function normalizeExpiresAt(value, label = "expiresAt") {
+  if (value instanceof Date) {
+    const millis = value.getTime();
+    if (!Number.isFinite(millis)) throw new Error(`${label} must be a valid Date`);
+    return Math.floor(millis / 1e3);
+  }
+  if (typeof value === "bigint") {
+    if (value < 0n || value > BigInt(Number.MAX_SAFE_INTEGER)) {
+      throw new Error(`${label} must fit in a JavaScript safe integer`);
+    }
+    return Number(value);
+  }
+  if (typeof value === "string") {
+    const trimmed = value.trim();
+    if (!/^\d+$/.test(trimmed)) {
+      throw new Error(`${label} must be a Unix timestamp in seconds`);
+    }
+    return normalizeExpiresAt(BigInt(trimmed), label);
+  }
+  if (!Number.isFinite(value) || value < 0) {
+    throw new Error(`${label} must be a finite positive Unix timestamp`);
+  }
+  return Math.floor(value);
+}
+function resolveSessionExpirySeconds(options) {
+  const hasDuration = options.durationSeconds !== void 0;
+  const hasExpiresAt = options.expiresAt !== void 0;
+  if (hasDuration === hasExpiresAt) {
+    throw new Error("Provide exactly one of durationSeconds or expiresAt");
+  }
+  if (hasDuration) {
+    const duration = options.durationSeconds;
+    if (typeof duration !== "number" || !Number.isFinite(duration) || duration <= 0) {
+      throw new Error("durationSeconds must be a positive number");
+    }
+    return nowSeconds() + Math.floor(duration);
+  }
+  return normalizeExpiresAt(options.expiresAt, "expiresAt");
+}
+function assertSigningSessionWalletAccountIdx(walletAccountIdx) {
+  if (!Number.isInteger(walletAccountIdx) || walletAccountIdx < 2 || walletAccountIdx > 65535) {
+    throw new Error("walletAccountIdx must be an account index between 2 and 65535");
+  }
+}
+function normalizeDescriptor(descriptor) {
+  return {
+    id: descriptor.id,
+    walletAddress: descriptor.walletAddress,
+    publicKey: descriptor.publicKey,
+    authIdx: Number(descriptor.authIdx),
+    expiresAt: normalizeExpiresAt(descriptor.expiresAt, "descriptor.expiresAt"),
+    createdAt: normalizeExpiresAt(descriptor.createdAt, "descriptor.createdAt")
+  };
+}
+function isActive(descriptor) {
+  return nowSeconds() < descriptor.expiresAt;
+}
+var SigningSessionDescriptorStore = class {
+  constructor(storage, key) {
+    this.storage = storage;
+    this.key = key;
+  }
+  async list() {
+    const sessions = await this.read();
+    const active = sessions.filter(isActive);
+    if (active.length !== sessions.length) {
+      await this.write(active);
+    }
+    return active;
+  }
+  async get(id) {
+    const sessions = await this.list();
+    return sessions.find((session) => session.id === id) ?? null;
+  }
+  async save(descriptor) {
+    const normalized = normalizeDescriptor(descriptor);
+    const sessions = (await this.list()).filter((session) => session.id !== normalized.id);
+    sessions.push(normalized);
+    await this.write(sessions);
+  }
+  async saveReplacingWalletSessions(descriptor) {
+    const normalized = normalizeDescriptor(descriptor);
+    const sessions = (await this.list()).filter(
+      (session) => session.id === normalized.id || session.walletAddress !== normalized.walletAddress
+    );
+    const withoutCurrent = sessions.filter((session) => session.id !== normalized.id);
+    withoutCurrent.push(normalized);
+    await this.write(withoutCurrent);
+  }
+  async remove(id) {
+    const sessions = (await this.list()).filter((session) => session.id !== id);
+    if (sessions.length === 0) {
+      await this.storage.removeItem(this.key);
+      return;
+    }
+    await this.write(sessions);
+  }
+  async read() {
+    const raw = await this.storage.getItem(this.key);
+    if (!raw) return [];
+    try {
+      const parsed = JSON.parse(raw);
+      if (parsed.version !== STORAGE_VERSION || !Array.isArray(parsed.sessions)) {
+        await this.storage.removeItem(this.key);
+        return [];
+      }
+      return parsed.sessions.map(normalizeDescriptor);
+    } catch {
+      await this.storage.removeItem(this.key);
+      return [];
+    }
+  }
+  async write(sessions) {
+    const payload = {
+      version: STORAGE_VERSION,
+      sessions: sessions.map(normalizeDescriptor)
+    };
+    await this.storage.setItem(this.key, JSON.stringify(payload));
+  }
+};
+
 // src/provider/chains/ThruChain.ts
+function descriptorFromWire(session) {
+  return {
+    id: session.id,
+    walletAddress: session.walletAddress,
+    publicKey: session.publicKey,
+    authIdx: session.authIdx,
+    expiresAt: Number(BigInt(session.expiresAt)),
+    createdAt: Number(BigInt(session.createdAt))
+  };
+}
 var EmbeddedThruChain = class {
-  constructor(iframeManager, provider) {
+  constructor(iframeManager, provider, signingSessions) {
     this.iframeManager = iframeManager;
     this.provider = provider;
+    this.signingSessions = signingSessions;
   }
   get connected() {
     return this.provider.isConnected();
@@ -448,29 +652,172 @@ var EmbeddedThruChain = class {
     return response.result.signingContext;
   }
   async signTransaction(transaction) {
-    if (!this.provider.isConnected()) {
+    const signingSessionId = transaction.signingSessionId;
+    if (!signingSessionId && !this.provider.isConnected()) {
       throw new Error("Wallet not connected");
     }
-    this.iframeManager.show();
+    const session = signingSessionId ? await this.requireSigningSession(signingSessionId) : null;
+    const shouldShowWallet = !signingSessionId;
+    if (shouldShowWallet) {
+      this.iframeManager.show();
+    }
     try {
       const response = await this.iframeManager.sendMessage({
         id: createRequestId(),
         type: POST_MESSAGE_REQUEST_TYPES.SIGN_TRANSACTION,
         payload: {
-          walletAddress: transaction.walletAddress,
+          walletAddress: transaction.walletAddress ?? session?.walletAddress,
           programAddress: transaction.programAddress,
           instructionData: transaction.instructionData,
           readWriteAddresses: transaction.readWriteAddresses,
           readOnlyAddresses: transaction.readOnlyAddresses,
-          review: transaction.review
+          review: transaction.review,
+          signingSessionId
         },
         origin: window.location.origin
       });
       return response.result.signedTransaction;
+    } finally {
+      if (shouldShowWallet) {
+        this.iframeManager.hide();
+      }
+    }
+  }
+  async signPasskeyChallenge(challenge) {
+    if (!this.provider.isConnected()) {
+      throw new Error("Wallet not connected");
+    }
+    this.iframeManager.show();
+    try {
+      const response = await this.iframeManager.sendMessage({
+        id: createRequestId(),
+        type: POST_MESSAGE_REQUEST_TYPES.SIGN_PASSKEY_CHALLENGE,
+        payload: {
+          challenge: challenge.challenge,
+          walletAddress: challenge.walletAddress
+        },
+        origin: window.location.origin
+      });
+      return response.result;
+    } finally {
+      this.iframeManager.hide();
+    }
+  }
+  async createSigningSession(options) {
+    if (!this.provider.isConnected()) {
+      throw new Error("Wallet not connected");
+    }
+    if (!this.signingSessions) {
+      throw new Error("Signing session storage is not available");
+    }
+    const expiresAt = resolveSessionExpirySeconds(options);
+    this.iframeManager.show();
+    try {
+      const response = await this.iframeManager.sendMessage({
+        id: createRequestId(),
+        type: POST_MESSAGE_REQUEST_TYPES.CREATE_SIGNING_SESSION,
+        payload: {
+          walletAddress: options.walletAddress,
+          expiresAt: String(expiresAt),
+          review: options.review
+        },
+        origin: window.location.origin
+      });
+      const descriptor = descriptorFromWire(response.result.session);
+      await this.signingSessions.saveReplacingWalletSessions(descriptor);
+      return this.toSigningSession(descriptor);
     } finally {
       this.iframeManager.hide();
     }
   }
+  async createSigningSessionInstruction(options) {
+    if (!this.provider.isConnected()) {
+      throw new Error("Wallet not connected");
+    }
+    if (!this.signingSessions) {
+      throw new Error("Signing session storage is not available");
+    }
+    const expiresAt = resolveSessionExpirySeconds(options);
+    assertSigningSessionWalletAccountIdx(options.walletAccountIdx);
+    const response = await this.iframeManager.sendMessage({
+      id: createRequestId(),
+      type: POST_MESSAGE_REQUEST_TYPES.CREATE_SIGNING_SESSION_INSTRUCTION,
+      payload: {
+        walletAddress: options.walletAddress,
+        expiresAt: String(expiresAt),
+        walletAccountIdx: options.walletAccountIdx
+      },
+      origin: window.location.origin
+    });
+    const descriptor = descriptorFromWire(response.result.session);
+    return {
+      session: this.toSigningSession(descriptor),
+      programAddress: response.result.programAddress,
+      instructionData: base64ToBytes(response.result.instructionData)
+    };
+  }
+  async confirmSigningSession(id) {
+    if (!this.provider.isConnected()) {
+      throw new Error("Wallet not connected");
+    }
+    if (!this.signingSessions) {
+      throw new Error("Signing session storage is not available");
+    }
+    const response = await this.iframeManager.sendMessage({
+      id: createRequestId(),
+      type: POST_MESSAGE_REQUEST_TYPES.CONFIRM_SIGNING_SESSION,
+      payload: { sessionId: id },
+      origin: window.location.origin
+    });
+    const descriptor = descriptorFromWire(response.result.session);
+    await this.signingSessions.saveReplacingWalletSessions(descriptor);
+    return this.toSigningSession(descriptor);
+  }
+  async getSigningSession(id) {
+    if (!this.signingSessions) return null;
+    const descriptor = await this.signingSessions.get(id);
+    return descriptor ? this.toSigningSession(descriptor) : null;
+  }
+  async getSigningSessions() {
+    if (!this.signingSessions) return [];
+    return (await this.signingSessions.list()).map(
+      (descriptor) => this.toSigningSession(descriptor)
+    );
+  }
+  async revokeSigningSession(id) {
+    try {
+      await this.iframeManager.sendMessage({
+        id: createRequestId(),
+        type: POST_MESSAGE_REQUEST_TYPES.REVOKE_SIGNING_SESSION,
+        payload: { sessionId: id },
+        origin: window.location.origin
+      });
+    } finally {
+      await this.signingSessions?.remove(id);
+    }
+  }
+  async requireSigningSession(id) {
+    if (!this.signingSessions) {
+      throw new Error("Signing session storage is not available");
+    }
+    const session = await this.signingSessions.get(id);
+    if (!session) {
+      throw new Error("Signing session is not known to this app");
+    }
+    return session;
+  }
+  toSigningSession(descriptor) {
+    return {
+      ...descriptor,
+      signTransaction: (transaction) => this.signTransaction({
+        ...transaction,
+        walletAddress: transaction.walletAddress ?? descriptor.walletAddress,
+        signingSessionId: descriptor.id
+      }),
+      revoke: () => this.revokeSigningSession(descriptor.id),
+      toJSON: () => ({ ...descriptor })
+    };
+  }
 };
 
 // src/provider/EmbeddedProvider.ts
@@ -504,7 +851,11 @@ var EmbeddedProvider = class {
     };
     const addressTypes = config.addressTypes || [AddressType.THRU];
     if (addressTypes.includes(AddressType.THRU)) {
-      this._thruChain = new EmbeddedThruChain(this.iframeManager, this);
+      this._thruChain = new EmbeddedThruChain(
+        this.iframeManager,
+        this,
+        config.signingSessions
+      );
     }
   }
   /**
@@ -723,9 +1074,22 @@ var BrowserSDK = class {
     this.initialized = false;
     this.connectInFlight = null;
     this.lastConnectResult = null;
+    const iframeUrl = config.iframeUrl;
+    const walletOrigin = new URL(iframeUrl ?? DEFAULT_IFRAME_URL).origin;
+    const appOrigin = typeof window !== "undefined" && window.location.origin ? window.location.origin : "unknown";
+    const storage = config.signingSessionStorage === false ? null : config.signingSessionStorage ?? getDefaultBrowserSigningSessionStorage();
+    const signingSessions = storage ? new SigningSessionDescriptorStore(
+      storage,
+      resolveSigningSessionStorageKey({
+        walletOrigin,
+        appOrigin,
+        storageKey: config.signingSessionStorageKey
+      })
+    ) : void 0;
     this.provider = new EmbeddedProvider({
-      iframeUrl: config.iframeUrl,
-      addressTypes: config.addressTypes || [AddressType.THRU]
+      iframeUrl,
+      addressTypes: config.addressTypes || [AddressType.THRU],
+      signingSessions
     });
     this.thruClient = createThruClient({
       baseUrl: config.rpcUrl