@tomo-inc/cubist-wallet-sdk 0.0.4

package/src/export-key.ts

@@ -0,0 +1,150 @@
+import { userExportKeygen } from "./cube-libs";
+
+const EXPORT_KEY_STORAGE_KEY = "cubist_export_key";
+
+interface StoredKeyPair {
+  publicKey: JsonWebKey;
+  privateKey: JsonWebKey;
+}
+
+export class CubeExportKeyService {
+  private static instance: CubeExportKeyService;
+  public exportKey: CryptoKeyPair | null = null;
+
+  public constructor() {
+    if (!window?.localStorage) {
+      throw new Error("localStorage is not available");
+    }
+    this.ensureExportKey();
+  }
+
+  public static getInstance() {
+    if (!CubeExportKeyService.instance) {
+      CubeExportKeyService.instance = new CubeExportKeyService();
+    }
+    return CubeExportKeyService.instance;
+  }
+
+  /**
+   * Recover exportKey from localStorage
+   */
+  private async recoverExportKey(): Promise<void> {
+    if (typeof window === "undefined" || !window.localStorage) {
+      return;
+    }
+
+    try {
+      const storedKey = window.localStorage.getItem(EXPORT_KEY_STORAGE_KEY);
+      if (storedKey) {
+        const keyData: StoredKeyPair = JSON.parse(storedKey);
+
+        // Import public key from JWK
+        const publicKey = await crypto.subtle.importKey(
+          "jwk",
+          keyData.publicKey,
+          {
+            name: "ECDH",
+            namedCurve: "P-256",
+          },
+          true,
+          [],
+        );
+
+        // Import private key from JWK
+        const privateKey = await crypto.subtle.importKey(
+          "jwk",
+          keyData.privateKey,
+          {
+            name: "ECDH",
+            namedCurve: "P-256",
+          },
+          true,
+          ["deriveKey", "deriveBits"],
+        );
+
+        this.exportKey = { publicKey, privateKey };
+      }
+    } catch (error) {
+      console.error("Failed to recover exportKey from localStorage:", error);
+      // If recovery fails, clear corrupted data
+      this.clearStoredExportKey();
+    }
+  }
+
+  /**
+   * Generate new exportKey and store it in localStorage
+   */
+  private async generateAndStoreExportKey(): Promise<void> {
+    try {
+      const key = await userExportKeygen();
+      this.exportKey = key;
+      await this.storeExportKey(key);
+    } catch (error) {
+      console.error("Failed to generate exportKey:", error);
+    }
+  }
+
+  /**
+   * Store exportKey in localStorage by exporting to JWK format
+   */
+  private async storeExportKey(keyPair: CryptoKeyPair): Promise<void> {
+    if (typeof window === "undefined" || !window.localStorage) {
+      return;
+    }
+
+    try {
+      // Export public key to JWK format
+      const publicKeyJwk = await crypto.subtle.exportKey("jwk", keyPair.publicKey);
+
+      // Export private key to JWK format
+      const privateKeyJwk = await crypto.subtle.exportKey("jwk", keyPair.privateKey);
+
+      // Store as JSON
+      const keyData: StoredKeyPair = {
+        publicKey: publicKeyJwk,
+        privateKey: privateKeyJwk,
+      };
+
+      window.localStorage.setItem(EXPORT_KEY_STORAGE_KEY, JSON.stringify(keyData));
+    } catch (error) {
+      console.error("Failed to store exportKey in localStorage:", error);
+      // Handle quota exceeded error
+      if (error instanceof DOMException && error.name === "QuotaExceededError") {
+        console.warn("localStorage quota exceeded, clearing old data");
+        // Optionally clear old data or handle gracefully
+      }
+    }
+  }
+
+  /**
+   * Clear stored exportKey from localStorage
+   */
+  private clearStoredExportKey(): void {
+    if (typeof window === "undefined" || !window.localStorage) {
+      return;
+    }
+
+    try {
+      window.localStorage.removeItem(EXPORT_KEY_STORAGE_KEY);
+    } catch (error) {
+      console.error("Failed to clear exportKey from localStorage:", error);
+    }
+  }
+
+  /**
+   * Ensure exportKey is ready before use
+   */
+  private async ensureExportKey(): Promise<void> {
+    if (this.exportKey) {
+      return;
+    }
+
+    // Try to recover from localStorage
+    await this.recoverExportKey();
+
+    // If still not available, generate a new one
+    if (!this.exportKey) {
+      await this.generateAndStoreExportKey();
+    }
+  }
+}

package/src/index.ts

@@ -0,0 +1,15 @@
+import { CubeConnect } from "./cube-connect";
+import { CubeExportService } from "./cube-export";
+import { CubeAccountService } from "./cube-account";
+import { CubeMfaService } from "./cube-mfa";
+import { CubeSignService } from "./cube-sign";
+
+export * from "./const";
+
+export { CubeConnect, CubeExportService, CubeAccountService, CubeMfaService, CubeSignService };
+
+export * from "./types";
+
+export type { SessionData } from "./cube-libs";
+import { CubeConfig } from "./types";
+export type { CubeConfig };

package/src/passkey.ts

@@ -0,0 +1,221 @@
+import { cache, CubeStage, RelayOrigins, TomoStage } from "@tomo-inc/wallet-utils";
+import { UserToken } from "./types";
+
+const RELAY_NAME = "passkey-relay";
+const SENDER_NAME = "cubist-sdk";
+
+let passkeyRelayWindow: any = null;
+let windowCloseInterval: NodeJS.Timeout | null = null;
+
+export interface CubeRelayConfig {
+  rpId: string;
+  tomoStage: TomoStage;
+  cubeStage?: CubeStage;
+  tomoClientId: string;
+  oidcToken?: string;
+}
+
+export const openWindow = ({ url, name, width, height }: any): Window | null => {
+  const RN = (window as any).ReactNativeWebView;
+  if (RN) {
+    const message = {
+      url,
+      name,
+    };
+    RN.postMessage(
+      JSON.stringify({
+        type: "OPEN_PASSKEY_RELAY",
+        message,
+      }),
+    );
+
+    return {
+      closed: false,
+      postMessage: (message: any) => {
+        RN.postMessage(
+          JSON.stringify({
+            type: "PASSKEY_RELAY_MESSAGE",
+            message,
+          }),
+        );
+      },
+    } as any;
+  }
+
+  const top = (window.innerHeight - (height || 400)) / 2 + window.screenY;
+  const left = (window.innerWidth - (width || 400)) / 2 + window.screenX;
+
+  try {
+    const relyWindow = window.open(
+      url,
+      name,
+      `dialog=yes,top=${top}px,left=${left},width=${width !== undefined ? width : 400}px,height=${height !== undefined ? height : 600}px`,
+    );
+
+    // Fallback to iframe modal if:
+    // 1. window.open is blocked by browser
+    // 2. iOS Safari requires user interaction for window.open
+    if (!relyWindow) {
+      return null;
+    }
+
+    return relyWindow;
+  } catch (error) {
+    console.error("Failed to open window:", error);
+    return null;
+  }
+};
+
+export const closeWindow = () => {
+  try {
+    if (passkeyRelayWindow && !passkeyRelayWindow.closed) {
+      passkeyRelayWindow.close();
+    }
+  } catch (error) {
+    console.error("Failed to close window:", error);
+  } finally {
+    passkeyRelayWindow = null;
+    if (windowCloseInterval) {
+      clearInterval(windowCloseInterval);
+      windowCloseInterval = null;
+    }
+  }
+};
+
+// const addWindowCloseListener = (onClose: () => void) => {
+//   if (windowCloseInterval) {
+//     clearInterval(windowCloseInterval);
+//   }
+
+//   windowCloseInterval = setInterval(() => {
+//     if (passkeyRelayWindow && passkeyRelayWindow.closed) {
+//       console.log("Passkey window was closed by user");
+//       onClose();
+//       if (windowCloseInterval) {
+//         clearInterval(windowCloseInterval);
+//         windowCloseInterval = null;
+//       }
+//       passkeyRelayWindow = null;
+//     }
+//   }, 1000);
+// };
+
+// const removeWindowCloseListener = () => {
+//   if (windowCloseInterval) {
+//     clearInterval(windowCloseInterval);
+//     windowCloseInterval = null;
+//   }
+// };
+
+export const sendPasskeyMessage = async (message: any, tomoStage: TomoStage) => {
+  if (passkeyRelayWindow === null) {
+    throw new Error("Failed to open relay window");
+  }
+  const origin = RelayOrigins[tomoStage] || RelayOrigins["dev"];
+  passkeyRelayWindow.postMessage({ ...message, from: SENDER_NAME }, origin);
+};
+
+export const initPasskeyPage = async (config: CubeRelayConfig): Promise<UserToken> => {
+  return new Promise((resolve, reject) => {
+    config = (config || cache.get("cubeConfig")) as CubeRelayConfig;
+    if (!config.oidcToken || !config.tomoClientId) {
+      reject({ message: "oidcToken/tomoClientId is required" });
+      return;
+    }
+
+    const PASSKEY_ORIGIN = RelayOrigins[config.tomoStage];
+    if (!PASSKEY_ORIGIN) {
+      reject({ message: "tomoStage must be dev/pre/prod." });
+      return;
+    }
+
+    passkeyRelayWindow = openWindow({
+      url: `${PASSKEY_ORIGIN}/passkey?origin=${window.location.origin}`,
+      name: "relay-passkey",
+      width: 400,
+      height: 600,
+    });
+
+    const handleMessage = (event: MessageEvent) => {
+      const { type, data, from, error } = event.data;
+
+      if (type === "passkey-relay-loaded" && from === RELAY_NAME) {
+        sendPasskeyMessage({ type: "init", params: config }, config.tomoStage);
+      }
+
+      if (type === "passkey-relay-init" && from === RELAY_NAME) {
+        window.removeEventListener("message", handleMessage);
+        resolve(data);
+      }
+      // else if (type === "error" || type === "cancel") {
+      //   window.removeEventListener("message", handleMessage);
+      //   reject(new Error(error || "Passkey initialization cancelled"));
+      // }
+    };
+
+    // addWindowCloseListener(() => {
+    //   window.removeEventListener("message", handleMessage);
+    //   reject(new Error("Passkey window was closed by user"));
+    // });
+
+    window.addEventListener("message", handleMessage);
+  });
+};
+
+export const addPasskey = async (
+  params: { fidoName: string; receipt?: any },
+  config: CubeRelayConfig,
+): Promise<any> => {
+  if (!passkeyRelayWindow) {
+    await initPasskeyPage(config);
+  }
+
+  return new Promise((resolve, reject) => {
+    const handleMessage = (event: MessageEvent) => {
+      const { type, data, from, error } = event.data;
+
+      if (type === "passkey-relay-addFido" && from === RELAY_NAME) {
+        window.removeEventListener("message", handleMessage);
+        // removeWindowCloseListener();
+        resolve(data);
+      }
+    };
+
+    // addWindowCloseListener(() => {
+    //   window.removeEventListener("message", handleMessage);
+    //   reject(new Error("Add passkey window was closed by user"));
+    // });
+
+    window.addEventListener("message", handleMessage);
+    sendPasskeyMessage({ type: "addFido", params }, config.tomoStage);
+  });
+};
+
+export const verifyPasskey = async (params: { mfaId: string }, config: CubeRelayConfig): Promise<any> => {
+  if (!passkeyRelayWindow) {
+    await initPasskeyPage(config);
+  }
+  return new Promise((resolve, reject) => {
+    const handleMessage = (event: MessageEvent) => {
+      const { type, data: receipt, from, error } = event.data;
+
+      if (type === "passkey-relay-verify" && from === RELAY_NAME) {
+        window.removeEventListener("message", handleMessage);
+        // removeWindowCloseListener();
+        resolve(receipt);
+      }
+      // else if (type === "error" || type === "cancel") {
+      //   window.removeEventListener("message", handleMessage);
+      //   reject(new Error(error || "Passkey verification cancelled"));
+      // }
+    };
+
+    // addWindowCloseListener(() => {
+    //   window.removeEventListener("message", handleMessage);
+    //   reject(new Error("Verify passkey window was closed by user"));
+    // });
+
+    window.addEventListener("message", handleMessage);
+    sendPasskeyMessage({ type: "verify", params }, config.tomoStage);
+  });
+};

package/src/signature.ts

@@ -0,0 +1,23 @@
+import CryptoJS from "crypto-js";
+
+/**
+ * Cube signature generation function
+ * @param cubeToken - Cube token
+ * @param salt - salt, default is "dev@tomo"
+ * @returns signed request object
+ */
+export const generateCubeSignature = async (data: any, salt: string) => {
+  if (!salt) {
+    throw new Error("salt is required");
+  }
+
+  const timestamp = Date.now().toString();
+  const req = {
+    ...data,
+    timestamp,
+  };
+  const reqString = JSON.stringify(req);
+  const signature = CryptoJS.SHA256(reqString + salt).toString();
+
+  return { timestamp, signature };
+};

package/src/types.ts

@@ -0,0 +1,269 @@
+import { CubeStage, TomoStage } from "@tomo-inc/wallet-utils";
+
+export type MfaType = "fido" | "emailOtp" | "totp";
+
+export type SeedPhrase = any;
+
+export interface MfaInfo {
+  success?: boolean;
+  message?: string;
+  data?: any;
+  error?: string;
+  id: string;
+  name: string;
+  type: MfaType;
+  status: {
+    allowed_approvers: string[];
+    allowed_mfa_types: string[];
+    approved_by: any;
+    count: number;
+    num_auth_factors: 1;
+  };
+  created_at: number;
+  created_by: string;
+  expires_at: number;
+  provenance: string;
+  receipt: any;
+  related_ids: string[];
+  request: {
+    body: any;
+    method: "DELETE" | "POST" | "PUT" | "DELETE" | "GET";
+    path: string;
+  };
+  verifyStatus?: "pending" | "approved" | "rejected";
+  mfaRequired?: {
+    fido: boolean;
+    totp: boolean;
+    emailOtp: boolean | number; //seconds
+    emailOtpRemainTime: number;
+  } | null;
+}
+
+export type BizType =
+  | "createSession"
+  | "addFido"
+  | "deleteFido"
+  | "registerTotp"
+  | "registerEmailOtp"
+  | "deleteTotp"
+  | "initExport"
+  | "completeExport";
+
+export interface MfaReceipt {
+  mfaId: string;
+  mfaConf: string;
+  mfaOrgId: string;
+}
+export type MfaRequest = any;
+
+export interface MfaAnswer {
+  totpCode?: string;
+  email?: string;
+  emailCode?: string;
+}
+
+export interface MfaVerifyResult {
+  success: boolean;
+  receipt: any;
+  error?: any;
+}
+
+export interface MfaFinishResult {
+  success: boolean;
+  error?: any;
+}
+
+export type AccountType = "google" | "x" | "email";
+
+export interface CubeAccount {
+  userId: string;
+  name: string;
+  email: string;
+  otpEmail: string;
+  accountType: AccountType;
+}
+
+export interface MfaConfig {
+  noMfa: boolean;
+  hasMfa: boolean;
+  account: CubeAccount;
+  emailOtp: {
+    data: string;
+    enabled: boolean;
+  };
+  fido: {
+    data: FidoKey[];
+    enabled: boolean;
+  };
+  totp: {
+    data: any;
+    enabled: boolean;
+  };
+}
+
+export type OidcSessionResp = any;
+export type CubeSignerClient = any;
+export type ApiClient = any;
+
+export interface CubeUserInfo {
+  user_id: string;
+  mfa: FidoKey[];
+  name?: string;
+  email?: string;
+  org_ids?: string[];
+  orgs?: any[];
+  verified_email?: {
+    email?: string;
+    updated_at?: number;
+  };
+}
+
+export interface TotpInfo {
+  id: string;
+  url: string;
+  secret: string;
+  issuer: string;
+}
+
+export interface FidoKey {
+  type: string;
+  id: string;
+  name: string;
+  updated_at: string;
+  status: string;
+  user_id: string;
+  discoverable: boolean;
+  created_at: number;
+  last_used_at: number;
+  aaguid: string;
+}
+
+export interface CubeIdentity {
+  id: string;
+  preferred_username?: string;
+  aud?: any;
+  email?: string;
+  identity?: {
+    iss: string;
+    sub: string;
+  };
+  user_info?: {
+    user_id?: string;
+    initialized?: boolean;
+    configured_mfa?: any[];
+  };
+  exp_epoch?: number;
+}
+
+export interface SeedPhraseExportInfo {
+  ready: boolean;
+  keyId?: string;
+  lastTime?: number;
+  duration?: number;
+  valid_epoch?: number;
+  exp_epoch?: number;
+}
+
+export interface CubeRes {
+  success: boolean;
+  error?: any;
+  data?: any;
+  message?: string;
+}
+
+export interface Mfa {
+  created_at?: number;
+  created_by: string;
+  expires_at: number;
+  id: string;
+  not_valid_until?: number;
+  provenance: "EditPolicy" | "Key" | "Role" | "KeyInRole" | "User";
+  receipt?: { confirmation: string; final_approver: string; timestamp: number };
+  related_ids?: string[];
+  request: { body?: Record<string, unknown>; method: string; path: string };
+  status: {
+    allowed_approvers: string[];
+    allowed_mfa_types?: string[];
+    approved_by: { [key: string]: object };
+    count: number;
+    num_auth_factors: number;
+    request_comparer?:
+      | "Eq"
+      | { EvmTx: { grace?: number; ignore_gas?: boolean; ignore_nonce?: boolean } }
+      | { SolanaTx: { ignore_blockhash?: boolean } };
+  };
+}
+
+export interface UserToken {
+  accessToken: string;
+  refreshToken: string;
+  expireTime: number;
+}
+
+export interface User {
+  userId: string;
+  userID?: string;
+  accountID?: string;
+  tenantID?: string;
+  username?: string;
+  nickname: string;
+  avatar: string;
+  freePasswordAuth?: string;
+  forbidden?: boolean;
+  deleted?: boolean;
+}
+
+export interface UserAddressType {
+  bitcoinP2pkhAddress: string;
+  bitcoinP2trAddress: string;
+  bitcoinP2shAddress: string;
+  bitcoinP2wpkhAddress: string;
+  ethereumAddress: string;
+  solanaAddress: string;
+  tronAddress: string;
+  tonAddressTest: string;
+  tonAddress: string;
+  tonPublicKey: string;
+  suiAddress: string;
+}
+
+export interface LoginRes {
+  userToken?: UserToken;
+  user: User;
+  accountBaseInfo: any;
+  accountWallet: any;
+  walletId?: string;
+}
+
+export enum LoginError {
+  FIDO_NOT_ALLOWED = "NotAllowedError",
+  MFA_NOT_APPROVED = "MFA not approved yet",
+  MFA_REQUIRED = "MFA should not be required after approval",
+  OIDC_TOKEN_NOT_FOUND = "Oidc token not found",
+  CUBE_IDENTITY_NOT_FOUND = "Cube identity not found",
+  CUBE_USER_INFO_NOT_FOUND = "Cube user info not found",
+  OIDC_TOKEN_EXPIRED = "ExpiredSignature",
+  FAILED_OPEN_POPUP = "Failed to open popup window",
+  OAUTH_LOGIN_TIMEOUT = "OAuth login timeout",
+  USER_CANCELLED_LOGIN = "User cancelled login",
+}
+
+export interface CubeConfig {
+  rpId?: string;
+  tomoStage: TomoStage;
+  cubeSalt?: string;
+  cubeStage?: CubeStage;
+  tomoClientId: string;
+  jwtToken?: string;
+  oidcToken?: string;
+  name?: string;
+  logo?: string;
+}
+
+export interface CubeConnectResult {
+  walletId: string;
+  session: object;
+  accountWallet: Record<string, any>;
+  token: object;
+  user: Record<string, any>;
+}