@tomo-inc/cubist-wallet-sdk 0.0.4

package/src/cube-mfa.ts

@@ -0,0 +1,494 @@
+import { CubeAccountService } from "./cube-account";
+import { CubeSignerClient } from "./cube-libs";
+
+import { ApiClient, BizType, CubeRes, MfaAnswer, MfaConfig, MfaInfo, MfaReceipt, MfaType, TotpInfo } from "./types";
+
+import { isEmail } from "@tomo-inc/wallet-utils";
+import { getMfaInfoConfig } from "const";
+import { addPasskey, closeWindow, CubeRelayConfig, verifyPasskey } from "./passkey";
+import { applyLocalDevFixes } from "./utils";
+
+export class CubeMfaService {
+  private static instance: CubeMfaService;
+
+  private cubeAccountService: CubeAccountService | null;
+  public cubeSignerClient: CubeSignerClient | null;
+  public apiClient: ApiClient;
+
+  private mfaType: MfaType;
+  private mfaAnswer: MfaAnswer | null;
+  private mfaChallenge: any;
+  private registerChallenge: any;
+
+  public constructor() {
+    this.mfaType = "fido";
+    this.cubeAccountService = null;
+    this.cubeSignerClient = null;
+    this.apiClient = null;
+    this.mfaAnswer = null;
+    this.mfaChallenge = null;
+    this.registerChallenge = null;
+  }
+
+  public static getInstance() {
+    if (!CubeMfaService.instance) {
+      CubeMfaService.instance = new CubeMfaService();
+    }
+    return CubeMfaService.instance;
+  }
+
+  public init(cubeAccountService: CubeAccountService) {
+    this.cubeSignerClient = cubeAccountService.cubeSignerClient;
+    this.apiClient = cubeAccountService.apiClient;
+    this.cubeAccountService = cubeAccountService;
+    return this;
+  }
+
+  public setMfaType(mfaType: MfaType): void {
+    if (!mfaType) {
+      throw new Error("mfaType is required");
+    }
+    this.mfaType = mfaType;
+  }
+
+  public setMfaAnswer(mfaAnswer: MfaAnswer): void {
+    this.mfaAnswer = mfaAnswer;
+  }
+
+  public async getMfaInfo(bizType?: BizType): Promise<MfaInfo | null> {
+    if (!bizType) {
+      throw new Error("mfaRequestType is required");
+    }
+
+    const MfaInfoConfig = getMfaInfoConfig(this.cubeAccountService?.config?.cubeStage || "gamma");
+    const config = MfaInfoConfig[bizType];
+    if (!config) {
+      throw new Error("mfaRequestType is not supported");
+    }
+
+    //['Totp', 'EmailOtp#172800', 'Fido']
+    const { method, path } = config;
+
+    const mfaList: MfaInfo[] = await this.apiClient.mfaList();
+    const mfaInfo = mfaList.find((mfa) => {
+      const _method = mfa?.request.method;
+      const _path = mfa?.request.path + "/";
+      return _method === method && _path.indexOf(path) > -1;
+    });
+    if (!mfaInfo) {
+      return null;
+    }
+
+    let mfaRequired: any = null;
+    const allowed_mfa_types: string[] = mfaInfo?.status?.allowed_mfa_types || [];
+    for (const type of allowed_mfa_types) {
+      mfaRequired = mfaRequired || {};
+      const types = type.toLowerCase().split("#");
+      mfaRequired[types[0]] = types[1] ? Number(types[1]) : true;
+    }
+
+    const { receipt, created_at } = mfaInfo;
+    let emailOtpRemainTime = 0;
+    if (typeof mfaRequired.emailOtp === "number") {
+      const remainTime = mfaRequired.emailOtp - (Date.now() / 1000 - created_at);
+      emailOtpRemainTime = Math.max(0, Math.ceil(remainTime));
+    }
+    if (mfaRequired.emailOtp) {
+      mfaRequired.emailOtpRemainTime = emailOtpRemainTime;
+    }
+
+    const verifyStatus = receipt !== null ? "approved" : "pending";
+
+    return { ...mfaInfo, verifyStatus, mfaRequired };
+  }
+
+  public async answerRegister(code: string): Promise<CubeRes> {
+    const challenge = this.registerChallenge;
+    if (!challenge) {
+      throw new Error("challenge is required");
+    }
+    try {
+      const receipt = (await challenge.answer(code)) || null;
+      this.registerChallenge = null;
+      return {
+        success: true,
+        data: receipt,
+      };
+    } catch (error: any) {
+      return {
+        success: false,
+        message: error?.message || "answer error",
+        error,
+      };
+    }
+  }
+
+  public async executeBizWithMfa(bizType: BizType, mfaInfo?: MfaInfo | null): Promise<CubeRes> {
+    if (!bizType) {
+      throw new Error("bizType is required");
+    }
+    if (!mfaInfo) {
+      mfaInfo = (await this.getMfaInfo(bizType)) || null;
+    }
+    if (!mfaInfo?.id) {
+      throw new Error("mfa not exists, please create mfa first");
+    }
+
+    const { success, data: receipt } = (await this.approvalMfa(mfaInfo?.id || "")) || {};
+    if (!success) {
+      return {
+        success: false,
+        message: `approval with ${this.mfaType} error.`,
+      };
+    }
+
+    if (bizType === "createSession") {
+      const result = await this.cubeAccountService?.createSession(receipt);
+      return {
+        success: !!result,
+        message: !result ? "create session error" : "",
+        data: result,
+      };
+    }
+
+    if (bizType === "addFido") {
+      const name = mfaInfo.request?.body?.name;
+      const res = await this.addFido(name, receipt);
+      return {
+        success: !!res,
+        message: !res ? "addFido error" : "",
+        data: res,
+      };
+    }
+
+    if (bizType === "deleteFido") {
+      const path = mfaInfo?.request?.path || "";
+      const fidoId = path.split("/user/me/fido/")[1] || "";
+      if (!fidoId) {
+        throw new Error("fidoId is required");
+      }
+      const res = await this.deleteFido(decodeURIComponent(fidoId), receipt);
+      return {
+        success: !!res,
+        message: !res ? "deleteFido error" : "",
+        data: res,
+      };
+    }
+
+    if (bizType === "registerTotp") {
+      const issuer = mfaInfo.request?.body?.issuer;
+      const res = await this.registerTotp(issuer, receipt);
+      return {
+        success: !!res,
+        message: !res ? "registerTotp error" : "",
+        data: res,
+      };
+    }
+
+    if (bizType === "deleteTotp") {
+      const res = await this.deleteTotp(receipt);
+      return {
+        success: !!res,
+        message: !res ? "deleteTotp error" : "",
+        data: res,
+      };
+    }
+
+    if (bizType === "registerEmailOtp") {
+      const email = mfaInfo.request?.body?.email;
+      const res = await this.registerEmailOtp(email, receipt);
+      return {
+        success: !!res,
+        message: !res ? "registerEmailOtp error" : "",
+        data: res,
+      };
+    }
+
+    const cubeExportService = this.cubeAccountService?.cubeExportService;
+    if (bizType === "initExport") {
+      const res = await cubeExportService?.initExport(receipt);
+      return {
+        success: !!res,
+        message: !res ? "init export error" : "",
+        data: res,
+      };
+    }
+
+    if (bizType === "completeExport") {
+      const res = await cubeExportService?.completeExport(receipt);
+      return {
+        success: !!res,
+        message: !res ? "complete export error" : "",
+        data: res,
+      };
+    }
+
+    return {
+      success: false,
+      message: "bizType is not supported",
+    };
+  }
+
+  public async approvalMfa(mfaId: string): Promise<CubeRes> {
+    const apis = {
+      totp: "approvalTotp",
+      emailOtp: "approvalEmailOtp",
+      fido: "approvalFido",
+    };
+    const mfaType: MfaType = this.mfaType;
+
+    if (!mfaType || !apis[mfaType]) {
+      return {
+        success: false,
+        message: "mfaType is required",
+      };
+    }
+    let receipt: MfaReceipt | null = null;
+    try {
+      switch (mfaType) {
+        case "totp":
+          receipt = await this.approvalTotp(mfaId);
+          break;
+        case "emailOtp":
+          receipt = await this.approvalEmailOtp(mfaId);
+          break;
+        case "fido":
+          receipt = await this.approvalFido(mfaId);
+          break;
+        default:
+          return {
+            success: false,
+            message: "Unsupported MFA type",
+          };
+      }
+    } catch (error) {
+      return {
+        success: false,
+        message: `approval ${mfaType} error: ${error instanceof Error ? error.message : "Unknown error"}`,
+      };
+    }
+    if (!receipt) {
+      return {
+        success: false,
+        message: `approval ${mfaType} error.`,
+      };
+    }
+    return {
+      success: true,
+      data: receipt,
+    };
+  }
+
+  private getPasskeyConfig(): CubeRelayConfig {
+    const { config } = this.cubeAccountService || {};
+    delete config?.cubeSalt;
+    delete config?.jwtToken;
+    return config as CubeRelayConfig;
+  }
+
+  public passkeyClear(): void {
+    closeWindow();
+  }
+
+  public async addFido(fidoName: string, receipt?: MfaReceipt): Promise<any> {
+    const config = this.getPasskeyConfig();
+    return await addPasskey({ fidoName, receipt }, config);
+  }
+
+  public async addFidoLocal(fidoName: string, receipt?: MfaReceipt): Promise<MfaInfo | null | boolean> {
+    if (!fidoName || typeof fidoName !== "string") {
+      throw new Error("name is required");
+    }
+
+    try {
+      const mfaConfig = (await this.cubeAccountService?.getMfaConfig()) as MfaConfig;
+      const fidos = mfaConfig?.fido?.data || [];
+      const existingFido = fidos.find((fido) => fido?.name === fidoName);
+      if (existingFido) {
+        throw new Error(`FIDO key with name "${fidoName}" already exists`);
+      }
+
+      const cubeSignerClient = this.cubeSignerClient;
+      const addFidoResp: any = await cubeSignerClient?.addFido(fidoName, receipt);
+      if (addFidoResp.requiresMfa()) {
+        return await this.getMfaInfo("addFido");
+      }
+
+      const config = {
+        userId: mfaConfig?.account?.userId,
+        rpId: this.cubeAccountService?.config?.rpId || window.location.hostname,
+        fidoName,
+      };
+      const challenge = applyLocalDevFixes("add", addFidoResp.data(), config);
+      await challenge.createCredentialAndAnswer();
+      return true;
+    } catch (error) {
+      console.error("addFido error", error);
+      return false;
+    }
+  }
+
+  public async deleteFido(fidoId: string, receipt?: MfaReceipt): Promise<MfaInfo | null> {
+    try {
+      const cubeSignerClient = this.cubeSignerClient;
+      const deleteFidoResp: any = await cubeSignerClient?.deleteFido(fidoId, receipt);
+      if (deleteFidoResp.requiresMfa()) {
+        return await this.getMfaInfo("deleteFido");
+      }
+      return deleteFidoResp.data();
+    } catch (error) {
+      return null;
+    }
+  }
+
+  public async approvalFido(mfaId: string): Promise<MfaReceipt> {
+    const config = this.getPasskeyConfig();
+    const receipt = await verifyPasskey({ mfaId }, config);
+    return receipt;
+  }
+
+  public async approvalFidoLocal(mfaId: string): Promise<MfaReceipt> {
+    const apiClient = this.apiClient;
+
+    const mfaConfig = (await this.cubeAccountService?.getMfaConfig()) as MfaConfig;
+    //mfaVoteFidoComplete
+    let challenge = await apiClient.mfaFidoInit(mfaId);
+
+    const config = {
+      userId: mfaConfig?.account?.userId,
+      rpId: this.cubeAccountService?.config?.rpId || window.location.hostname,
+      fidoName: "",
+    };
+    challenge = applyLocalDevFixes("approval", challenge, config);
+
+    const mfa = await challenge.createCredentialAndAnswer("approve");
+    const receipt = await mfa.receipt();
+    return receipt;
+  }
+
+  public async registerTotp(issuer: string, receipt?: MfaReceipt): Promise<MfaInfo | TotpInfo | null> {
+    if (issuer === "") {
+      throw new Error("issuer are required");
+    }
+
+    const totpResp = await this.apiClient.userTotpResetInit(issuer, receipt);
+    if (totpResp.requiresMfa()) {
+      return await this.getMfaInfo("registerTotp");
+    }
+
+    const challenge = totpResp.data();
+    this.registerChallenge = challenge;
+
+    const searchParams = new URL(challenge?.url).searchParams;
+
+    const totpInfo: TotpInfo = {
+      id: challenge?.id,
+      url: challenge?.url,
+      secret: searchParams.get("secret") || "",
+      issuer: searchParams.get("issuer") || issuer,
+    };
+    return totpInfo;
+  }
+
+  public async deleteTotp(receipt?: MfaReceipt): Promise<MfaInfo | null> {
+    const deleteTotpResp = await this.apiClient.userTotpDelete(receipt);
+
+    if (deleteTotpResp.requiresMfa()) {
+      return await this.getMfaInfo("deleteTotp");
+    }
+
+    return deleteTotpResp.data();
+  }
+
+  public async approvalTotp(mfaId: string): Promise<MfaReceipt> {
+    if (!mfaId) {
+      throw new Error("MFA ID not found");
+    }
+
+    const totpCode = this.mfaAnswer?.totpCode;
+    if (!totpCode || !/^\d{6}$/.test(totpCode)) {
+      console.error("TOTP code is required");
+      throw new Error("TOTP code is required");
+    }
+
+    const mfa = await this.apiClient.mfaVoteTotp(mfaId, totpCode, "approve");
+    const mfaOrgId = this.cubeSignerClient?.org()?.id || this.cubeAccountService?.cubeOrgId || "";
+    const receipt = {
+      mfaId: mfa.id,
+      mfaConf: mfa?.receipt?.confirmation,
+      mfaOrgId,
+    };
+    return receipt;
+  }
+
+  public async registerEmailOtp(email: string, receipt?: MfaReceipt): Promise<MfaInfo | null> {
+    if (!email || !isEmail(email)) {
+      throw new Error("email is required");
+    }
+
+    const cubeSignerClient = await this.cubeAccountService?.getOidcClient();
+    const apiClient = cubeSignerClient.apiClient;
+
+    const params = {
+      email,
+      allow_otp_login: true,
+    };
+    const registerEmailOtpResp = await apiClient.userEmailResetInit(params, receipt);
+    if (registerEmailOtpResp.requiresMfa()) {
+      return await this.getMfaInfo("registerEmailOtp");
+    }
+
+    this.registerChallenge = registerEmailOtpResp.data();
+    return this.registerChallenge;
+  }
+
+  //48hour countdown
+  //mfaVoteEmailComplete
+  public async approvalEmailOtp(mfaId: string): Promise<MfaReceipt | null> {
+    if (!mfaId) {
+      throw new Error("MFA ID not found");
+    }
+
+    if (!this.mfaChallenge) {
+      const mfaChallenge = await this.apiClient.mfaVoteEmailInit(mfaId, "approve");
+      this.mfaChallenge = mfaChallenge;
+      return null;
+    }
+
+    //answer with code by user input
+    let emailCode = this.mfaAnswer?.emailCode || "";
+    emailCode = emailCode.split(/\s/).join("");
+
+    if (!emailCode) {
+      throw new Error("emailCode is required");
+    }
+    try {
+      const mfa = await this.mfaChallenge.answer(emailCode);
+      const mfaOrgId = this.cubeSignerClient?.org()?.id || this.cubeAccountService?.cubeOrgId || "";
+      const receipt = {
+        mfaId: mfa.id,
+        mfaConf: mfa?.receipt?.confirmation,
+        mfaOrgId,
+      };
+      this.mfaChallenge = null;
+
+      return receipt;
+    } catch (error) {
+      console.warn("approvalEmailOtp error", error);
+      return null;
+    }
+  }
+
+  public async sendEmailCode(mfaId: string): Promise<boolean> {
+    if (!mfaId) {
+      throw new Error("mfaId is required");
+    }
+    try {
+      const mfaChallenge = await this.apiClient.mfaVoteEmailInit(mfaId, "approve");
+      this.mfaChallenge = mfaChallenge;
+      return true;
+    } catch (error) {
+      return false;
+    }
+  }
+}

package/src/cube-sign.ts

@@ -0,0 +1,210 @@
+import { ChainTypes } from "@tomo-inc/wallet-utils";
+import {
+  getKeys,
+  signDogeMessage,
+  signDogePsbt,
+  signEvmMessage,
+  signEvmTransaction,
+  signEvmTypedData,
+  signSolanaMessage,
+  signSolanaTransaction,
+  signTronMessage,
+  signTronRawTransaction,
+  signTronTypeDaya,
+  TypedData,
+} from "./cube-libs";
+
+export const recoverEVMTxData = (unsignedTx: string, numberType?: "bigint" | "string") => {
+  try {
+    const { data, types } = JSON.parse(unsignedTx);
+
+    // https://viem.sh/docs/actions/wallet/signTransaction#value-optional
+
+    for (const prop in types) {
+      if (types[prop] === "bigint") {
+        data[prop] = BigInt(data[prop]);
+        if (numberType === "string") {
+          data[prop] = data[prop].toString();
+        }
+      }
+    }
+    return data;
+  } catch (error) {
+    throw new Error("Invalid unsigned transaction");
+    return {};
+  }
+};
+
+export class CubeSignService {
+  private static instance: CubeSignService;
+  private cubeSession: any;
+  private services: any;
+
+  public async init({ cubeSession }: { cubeSession: any }) {
+    this.cubeSession = cubeSession;
+    if (!this.services) {
+      // return the services map for sign
+      this.services = await getKeys(cubeSession);
+    }
+  }
+
+  public static getInstance() {
+    if (!CubeSignService.instance) {
+      CubeSignService.instance = new CubeSignService();
+    }
+    return CubeSignService.instance;
+  }
+
+  /**
+   * Get specific services by chainType and address
+   * @param chainType Chain type (EVM, TRON, SOL, DOGE)
+   * @param address Wallet address
+   * @returns The matching services object or null if not found
+   */
+  public async getServiceByChainAndAddress(chainType: string, address: string): Promise<any> {
+    if (!this.services) {
+      this.services = await getKeys(this.cubeSession);
+    }
+
+    // Create the expected key ID based on chainType and address
+    const keyId = this.buildKeyId(chainType, address);
+
+    // Find the sign service with matching ID
+    const service = this.services.find((k: any) => k.id === keyId);
+
+    if (!service) {
+      console.warn(`service not found for chainType: ${chainType}`);
+      return null;
+    }
+
+    return service;
+  }
+
+  /**
+   * Build key ID from chainType and address following the pattern in the services data
+   * @param chainType Chain type
+   * @param address Wallet address
+   * @returns Key ID string
+   */
+  private buildKeyId(chainType: string, address: string): string {
+    switch (chainType) {
+      case ChainTypes.EVM:
+        return `Key#${address}`;
+      case ChainTypes.TRON:
+        return `Key#Tron_${address}`;
+      case ChainTypes.SOL:
+        return `Key#Solana_${address}`;
+      case ChainTypes.DOGE:
+        return `Key#Doge_${address}`;
+      default:
+        return `Key#${address}`;
+    }
+  }
+
+  /**
+   * Unified transaction signing method for all supported chains
+   * @param chainType Chain type (EVM, SOL, DOGE, TRON, BTC)
+   * @param address User's wallet address
+   * @param params Signing parameters specific to each chain (always JSON stringified from social account)
+   * @returns Signed transaction
+   */
+  public async signTransaction(chainType: string, address: string, params: any): Promise<string> {
+    const sessionInfo = this?.cubeSession;
+    const service = await this.getServiceByChainAndAddress(chainType, address);
+
+    if (!service) {
+      throw new Error(`service not found for chain ${chainType}`);
+    }
+
+    // Parse the JSON stringified params from social account
+    const parsedParams = typeof params === "string" ? JSON.parse(params) : params;
+
+    switch (chainType) {
+      case ChainTypes.EVM: {
+        // EVM expects: { data: preparedTx, types: preparedTxPropsType }
+        const transaction = recoverEVMTxData(params, "string");
+        return await signEvmTransaction(service, transaction, transaction.chainId, sessionInfo);
+      }
+
+      case ChainTypes.SOL: {
+        // Solana expects: { rawTransaction: string, walletId: -1, rpcUrl: string }
+        return await signSolanaTransaction(service, parsedParams.rawTransaction, sessionInfo);
+      }
+
+      case ChainTypes.DOGE: {
+        // DOGE expects: { psbtBase64: string }
+        return await signDogePsbt(service, parsedParams.psbtBase64, sessionInfo);
+      }
+
+      case ChainTypes.TRON: {
+        // TRON expects: { type: "signRawTx", data: { rawTransaction: string, walletId: -1 }}
+        const rawTransaction = parsedParams.data?.rawTransaction || parsedParams.rawTransaction;
+        return await signTronRawTransaction(service, rawTransaction, sessionInfo);
+      }
+      default:
+        throw new Error(`Unsupported chain type: ${chainType}`);
+    }
+  }
+
+  /**
+   * Unified message signing method for all supported chains
+   * @param chainType Chain type (EVM, SOL, DOGE, TRON)
+   * @param address User's wallet address
+   * @param message Message to be signed
+   * @returns Message signature
+   */
+  public async signMessage(chainType: string, address: string, message: string): Promise<string> {
+    const sessionInfo = this?.cubeSession;
+    const service = await this.getServiceByChainAndAddress(chainType, address);
+
+    if (!service) {
+      throw new Error(`service not found for chain ${chainType}`);
+    }
+
+    switch (chainType) {
+      case ChainTypes.EVM:
+        return await signEvmMessage(service, message, sessionInfo);
+
+      case ChainTypes.SOL:
+        return await signSolanaMessage(service, message, sessionInfo);
+
+      case ChainTypes.DOGE:
+        return (await signDogeMessage(service, message, sessionInfo)).signature;
+
+      case ChainTypes.TRON:
+        return await signTronMessage(service, message, sessionInfo);
+
+      default:
+        throw new Error(`Unsupported chain type: ${chainType}`);
+    }
+  }
+
+  /**
+   * Unified typed data signing method (supports EVM and TRON)
+   * @param chainType Chain type (EVM, TRON)
+   * @param address User's wallet address
+   * @param typedData Typed data to be signed
+   * @returns Typed data signature
+   */
+  public async signTypedData(chainType: string, address: string, typedData: TypedData): Promise<string> {
+    const sessionInfo = this?.cubeSession;
+    const service = await this.getServiceByChainAndAddress(chainType, address);
+
+    if (!service) {
+      throw new Error(`service not found for chain ${chainType}`);
+    }
+
+    switch (chainType) {
+      case ChainTypes.EVM:
+        return await signEvmTypedData(service, typedData as TypedData, sessionInfo);
+
+      case ChainTypes.TRON: {
+        // For Tron EIP712 signing, we convert TypedData to JSON string and use signTronMessage
+        return await signTronTypeDaya(service, typedData.message as string, sessionInfo);
+      }
+
+      default:
+        throw new Error(`Unsupported chain type: ${chainType}`);
+    }
+  }
+}