@tomo-inc/cubist-wallet-sdk 0.0.4

package/CHANGELOG.md

@@ -0,0 +1,11 @@
+# @tomo-inc/cubist-wallet-sdk
+
+## 0.0.1
+
+## 0.0.2
+
+1.passkey relay add origin for postMessage
+
+## 0.0.3
+
+1. passkey relay in rn

package/README.md

@@ -0,0 +1,14 @@
+# @tomo-inc/cubist-wallet-sdk
+
+## support
+
+1. new user register
+2. user login: get tomoToken + accountAddressList
+3. mfa: config + approval
+4. seed phrase export
+
+## todo
+
+1. passkey + rpId
+2. integrate more oidc provider
+3. session manage + keep login status

package/RN.md

@@ -0,0 +1,54 @@
+# Use passkeyRelay in RN
+
+## passkeyRelay compatible
+
+1. waiting for passkeyRelay info
+
+```
+const onMessage = (event) => {
+  const data = JSON.parse(event.nativeEvent.data);
+
+  if (data.type === 'OPEN_PASSKEY_RELAY') {
+    const { url, name } = data.message;
+    openPasskeyModal(url);
+  }
+};
+```
+
+2. open passkeyRelay url in RN
+
+> origin not allow \*
+
+```
+const openPasskeyModal = (url) => {
+  //just for example
+  this.setState({
+    showPasskeyModal: true,
+    passkeyUrl: `${url}?origin=${origin}`
+  });
+};
+```
+
+3. waiting for passkeyRelay result
+
+```
+const onMessage = (event) => {
+  const data = JSON.parse(event.nativeEvent.data);
+
+  if(data.type === "PASSKEY_RELAY_MESSAGE" && event.origin === origin){
+    const result = data.message;
+  }
+};
+```
+
+## approvalFido
+
+```
+const receipt = await cubeMfa.approvalFido(mfaId: string);
+```
+
+## addFido
+
+```
+const res = await cubeMfa.addFido(fidoName, receipt);
+```

package/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@tomo-inc/cubist-wallet-sdk",
+  "version": "0.0.4",
+  "author": "tomo.inc",
+  "license": "MIT",
+  "private": false,
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "dependencies": {
+    "@cubist-labs/cubesigner-sdk": "0.4.98-0",
+    "@tomo-inc/cubist-sig-sdk": "1.1.0",
+    "axios": "^1.11.0",
+    "crypto-js": "^4.2.0",
+    "@tomo-inc/wallet-utils": "0.0.2"
+  },
+  "devDependencies": {
+    "@types/crypto-js": "^4.2.2",
+    "@types/node": "^20.0.0",
+    "@types/supertest": "^2.0.12",
+    "supertest": "^6.3.0",
+    "tsup": "^8.0.0",
+    "tsx": "^4.19.2",
+    "typescript": "^5.0.0",
+    "@vitest/browser": "^3.2.4",
+    "playwright": "^1.44.1",
+    "vitest": "^3.2.4"
+  },
+  "scripts": {
+    "build": "tsup"
+  }
+}

package/project.json

@@ -0,0 +1,59 @@
+{
+  "name": "cubist-wallet-sdk",
+  "sourceRoot": "packages/cubist-wallet-sdk/src",
+  "projectType": "library",
+  "targets": {
+    "build": {
+      "executor": "nx:run-commands",
+      "outputs": ["{projectRoot}/dist"],
+      "options": {
+        "command": "tsup src/index.ts --format esm,cjs --dts --treeshake",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "dev": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "tsup src/index.ts --format esm,cjs --watch --dts",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "lint": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "eslint src/**/*.ts",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "lint:fix": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "eslint src/**/*.ts --fix",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "format": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "prettier --write \"src/**/*.{ts,tsx}\"",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "test": {
+      "executor": "nx:run-commands",
+      "outputs": ["{projectRoot}/coverage"],
+      "options": {
+        "command": "vitest run",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    },
+    "test:watch": {
+      "executor": "nx:run-commands",
+      "options": {
+        "command": "vitest",
+        "cwd": "packages/cubist-wallet-sdk"
+      }
+    }
+  },
+  "tags": ["npm:private", "scope:cubist-wallet-sdk", "type:library"]
+}

package/src/__tests__/cube-mfa.test.ts

@@ -0,0 +1,64 @@
+import { describe, it, expect } from "vitest";
+import { CubeMfaService } from "../cube-mfa";
+
+describe("CubeMfaService", () => {
+  describe("extractSecretFromOtpUri", () => {
+    it("should extract secret from valid OTP URI", () => {
+      const otpUri = "otpauth://totp/productName:?secret=6JOGJWLATLOOJB7EFULZF73DDLQGUE4F&issuer=productName";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBe("6JOGJWLATLOOJB7EFULZF73DDLQGUE4F");
+    });
+
+    it("should extract secret from OTP URI with different format", () => {
+      const otpUri = "otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBe("JBSWY3DPEHPK3PXP");
+    });
+
+    it("should extract secret from OTP URI with only secret parameter", () => {
+      const otpUri = "otpauth://totp/productName:?secret=ABCDEFGHIJKLMNOP";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBe("ABCDEFGHIJKLMNOP");
+    });
+
+    it("should return null for invalid OTP URI", () => {
+      const otpUri = "https://example.com?secret=123";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBeNull();
+    });
+
+    it("should return null for OTP URI without secret parameter", () => {
+      const otpUri = "otpauth://totp/productName:?issuer=productName";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBeNull();
+    });
+
+    it("should return null for empty string", () => {
+      const secret = CubeMfaService.extractSecretFromOtpUri("");
+      expect(secret).toBeNull();
+    });
+
+    it("should return null for null input", () => {
+      const secret = CubeMfaService.extractSecretFromOtpUri(null as any);
+      expect(secret).toBeNull();
+    });
+
+    it("should return null for undefined input", () => {
+      const secret = CubeMfaService.extractSecretFromOtpUri(undefined as any);
+      expect(secret).toBeNull();
+    });
+
+    it("should handle malformed URI with regex fallback", () => {
+      const otpUri = "otpauth://totp/productName:?secret=6JOGJWLATLOOJB7EFULZF73DDLQGUE4F&issuer=productName";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBe("6JOGJWLATLOOJB7EFULZF73DDLQGUE4F");
+    });
+
+    it("should handle URI with multiple parameters", () => {
+      const otpUri =
+        "otpauth://totp/productName:?algorithm=SHA1&digits=6&period=30&secret=6JOGJWLATLOOJB7EFULZF73DDLQGUE4F&issuer=productName";
+      const secret = CubeMfaService.extractSecretFromOtpUri(otpUri);
+      expect(secret).toBe("6JOGJWLATLOOJB7EFULZF73DDLQGUE4F");
+    });
+  });
+});

package/src/api.ts

@@ -0,0 +1,64 @@
+import { TomoApiDomains } from "@tomo-inc/wallet-utils";
+import axios from "axios";
+import { generateCubeSignature } from "./signature";
+import { CubeConfig } from "./types";
+
+function getTomoApi(config: CubeConfig) {
+  const { tomoStage = "dev", tomoClientId, jwtToken } = config;
+  const tomoApi = axios.create({
+    baseURL: `${TomoApiDomains[tomoStage] || TomoApiDomains.dev}/user`,
+    timeout: 20000,
+  });
+
+  tomoApi.interceptors.request.use(
+    async (config) => {
+      config.headers["client-id"] = tomoClientId;
+      if (jwtToken) {
+        config.headers["Authorization"] = `Bearer ${jwtToken}`;
+      }
+      return config;
+    },
+    (error) => {
+      if (error?.response?.status === 401) {
+        return Promise.reject(error);
+      }
+    },
+  );
+
+  return tomoApi;
+}
+
+export const addUserToCube = async (req: any, config: CubeConfig) => {
+  // sign for api
+  const { iss, sub } = req;
+  const cubeSalt = config.cubeSalt || "";
+  if (!cubeSalt) {
+    throw new Error("tomoStage error.");
+  }
+  const { timestamp, signature } = await generateCubeSignature({ iss, sub }, cubeSalt);
+  const signedReq = { ...req, timestamp, signature };
+
+  // send signatrue
+  const tomoApi = getTomoApi(config);
+  const res = await tomoApi.post("/api/login/loginByCubistV2", signedReq);
+  return res?.data?.data || {};
+};
+
+export const updateUserInfo = async (
+  userInfo: { nickname: string; avatar: string },
+  config: CubeConfig,
+): Promise<boolean> => {
+  // send signatrue
+  const tomoApi = getTomoApi(config);
+
+  const res = await tomoApi.post("/api/user/getUserInfo");
+  const userInfoBefore = res?.data?.data.user || {};
+
+  const nickname = userInfo.nickname.trim();
+  userInfo = { ...userInfoBefore, ...userInfo, nickname, username: nickname };
+
+  const result = await tomoApi.post("/api/setting/updateUserInfo", userInfo, {
+    headers: {},
+  });
+  return !!result?.data?.success;
+};

package/src/const.ts

@@ -0,0 +1,96 @@
+import { CubeStage } from "@tomo-inc/wallet-utils";
+import { AccountType, BizType } from "types";
+
+// export const CUBE_RP_ID = "cubist.dev";
+export const SEED_PHRASE_EXPORT_DURATION = 48; //hour
+export const EXPORT_TIME_FORMAT = "yyyy-MM-dd hh:mm:ss";
+export const OIDC_TOKEN_LIFETIME = 30 * 24 * 60 * 60; //seconds
+export const CUBE_LIFETIME = {
+  auth: OIDC_TOKEN_LIFETIME,
+  refresh: OIDC_TOKEN_LIFETIME * 2,
+};
+
+export const CUBE_SCOPES = [
+  "sign:*",
+  "export:*",
+  "manage:session:extend",
+
+  "manage:mfa:*",
+  "manage:mfa:register:email",
+  "manage:mfa:register:fido",
+  "manage:mfa:unregister:fido",
+  "manage:mfa:register:totp",
+  "manage:mfa:unregister:totp",
+
+  "manage:export:user:delete",
+  "manage:export:user:list",
+];
+
+export const EXPORT_KEY_PREFIX = "Key#Mnemonic_";
+
+export const ISS_MAP: Record<string, AccountType> = {
+  "https://accounts.google.com": "google",
+  "https://shim.oauth2.cubist.dev/twitter": "x",
+};
+
+export const CUBE_SALTS = {
+  prod: "xnPWRJT5XG2WyevuydMjMpZq",
+  pre: "xnPWRJT5XG2WyevuydMjMpZq",
+  dev: "dev@tomo",
+};
+
+export const getMfaInfoConfig = (cubeStage: CubeStage) => {
+  const lastTime = cubeStage === "prod" ? 172800 : 300;
+  const AllowedMfaTypes = {
+    Login: ["Fido", "EmailOtp", "Totp"],
+    AddIdentity: ["Fido", "EmailOtp", "Totp"],
+    RegisterMfa: ["Fido", `EmailOtp#${lastTime}`, "Totp"],
+    Export: ["Fido", "Totp"],
+  };
+
+  //bindSocailAccount: = ["Fido", "EmailOtp", "Totp"]
+  const MfaRequestConfig: Record<BizType, { method: string; path: string; _allowed_mfa_types: string[] }> = {
+    createSession: {
+      method: "POST",
+      path: "/session/",
+      _allowed_mfa_types: AllowedMfaTypes.Login,
+    },
+    addFido: {
+      method: "POST",
+      path: "/user/me/fido/",
+      _allowed_mfa_types: AllowedMfaTypes.RegisterMfa,
+    },
+    deleteFido: {
+      method: "DELETE",
+      path: "/user/me/fido/",
+      _allowed_mfa_types: AllowedMfaTypes.RegisterMfa,
+    },
+    registerTotp: {
+      method: "POST",
+      path: "/user/me/totp/",
+      _allowed_mfa_types: AllowedMfaTypes.RegisterMfa,
+    },
+    deleteTotp: {
+      method: "DELETE",
+      path: "/user/me/totp/",
+      _allowed_mfa_types: AllowedMfaTypes.RegisterMfa,
+    },
+    registerEmailOtp: {
+      method: "POST",
+      path: "/user/me/email/",
+      _allowed_mfa_types: AllowedMfaTypes.RegisterMfa,
+    },
+    initExport: {
+      method: "POST",
+      path: "/user/me/export/",
+      _allowed_mfa_types: AllowedMfaTypes.Export,
+    },
+    completeExport: {
+      method: "PATCH",
+      path: "/user/me/export/",
+      _allowed_mfa_types: AllowedMfaTypes.Export,
+    },
+  };
+
+  return MfaRequestConfig;
+};