@tonconnect/sdk 3.3.0-beta.2 → 3.3.0-beta.3

package/lib/cjs/index.cjs

@@ -1476,22 +1476,6 @@ function getWindow() {
     }
     return window;
 }
-/**
- * The function try to get window keys, if it is not available it returns empty array.
- * As an example, for Safari's private mode it returns empty array, because the browser does not allow to get window keys.
- */
-function tryGetWindowKeys() {
-    const window = getWindow();
-    if (!window) {
-        return [];
-    }
-    try {
-        return Object.keys(window);
-    }
-    catch (_a) {
-        return [];
-    }
-}
 function getDocument() {
     if (typeof document === 'undefined') {
         return undefined;
@@ -1536,6 +1520,43 @@ function isLocalStorageAvailable() {
 function isNodeJs() {
     return (typeof process !== 'undefined' && process.versions != null && process.versions.node != null);
 }
+/**
+ * Returns the current domain (hostname) if available.
+ * In browser environment, returns window.location.hostname.
+ * In Node.js environment or when window is not available, returns null.
+ */
+function getDomain() {
+    try {
+        // In browser environment
+        if (typeof window !== 'undefined' && window.location) {
+            return window.location.hostname;
+        }
+        else {
+            // In Node.js environment, skip domain validation
+            return null;
+        }
+    }
+    catch (_a) {
+        return null;
+    }
+}
+/**
+ * Returns an array of [key, value] pairs from window object if available.
+ * In browser environment, returns Object.entries(window).
+ * In Node.js environment or when window is not available, returns empty array.
+ */
+function getWindowEntries() {
+    const window = getWindow();
+    if (!window) {
+        return [];
+    }
+    try {
+        return Object.entries(window);
+    }
+    catch (_a) {
+        return [];
+    }
+}
 
 class InjectedProvider {
     static fromStorage(storage) {
@@ -1558,8 +1579,8 @@ class InjectedProvider {
         if (!this.window) {
             return [];
         }
-        const windowKeys = tryGetWindowKeys();
-        const wallets = windowKeys.filter(([_, value]) => isJSBridgeWithMetadata(value));
+        const windowEntries = getWindowEntries();
+        const wallets = windowEntries.filter(([_key, value]) => isJSBridgeWithMetadata(value));
         return wallets.map(([jsBridgeKey, wallet]) => ({
             name: wallet.tonconnect.walletInfo.name,
             appName: wallet.tonconnect.walletInfo.app_name,
@@ -2105,11 +2126,6 @@ function enableQaMode() {
 function isQaModeEnabled() {
     return qaModeEnabled;
 }
-function logValidationError(message) {
-    if (isQaModeEnabled()) {
-        console.error(`[QA Mode] Validation failed: ${message}`);
-    }
-}
 function showQaModeBanner() {
     if (typeof window === 'undefined')
         return;
@@ -2210,8 +2226,8 @@ function startBannerObserver() {
 class WalletsListManager {
     constructor(options) {
         var _a;
-        this.walletsListCache = null;
-        this.walletsListCacheCreationTimestamp = null;
+        this.walletsListDTOCache = null;
+        this.walletsListDTOCacheCreationTimestamp = null;
         if (isQaModeEnabled()) {
             this.walletsListSource =
                 'https://raw.githubusercontent.com/ton-connect/wallets-list-staging/refs/heads/main/wallets-v2.json';
@@ -2224,23 +2240,11 @@ class WalletsListManager {
     }
     getWallets() {
         return __awaiter(this, void 0, void 0, function* () {
-            if (this.cacheTTLMs &&
-                this.walletsListCacheCreationTimestamp &&
-                Date.now() > this.walletsListCacheCreationTimestamp + this.cacheTTLMs) {
-                this.walletsListCache = null;
-            }
-            if (!this.walletsListCache) {
-                this.walletsListCache = this.fetchWalletsList();
-                this.walletsListCache
-                    .then(() => {
-                    this.walletsListCacheCreationTimestamp = Date.now();
-                })
-                    .catch(() => {
-                    this.walletsListCache = null;
-                    this.walletsListCacheCreationTimestamp = null;
-                });
-            }
-            return this.walletsListCache;
+            const [walletsListDTO, currentlyInjectedWallets] = yield Promise.all([
+                this.fetchWalletsListDTO(),
+                this.getCurrentlyInjectedWallets()
+            ]);
+            return this.mergeWalletsLists(this.walletConfigDTOListToWalletConfigList(walletsListDTO), currentlyInjectedWallets);
         });
     }
     getEmbeddedWallet() {
@@ -2250,7 +2254,28 @@ class WalletsListManager {
             return embeddedWallets.length === 1 ? embeddedWallets[0] : null;
         });
     }
-    fetchWalletsList() {
+    fetchWalletsListDTO() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.cacheTTLMs &&
+                this.walletsListDTOCacheCreationTimestamp &&
+                Date.now() > this.walletsListDTOCacheCreationTimestamp + this.cacheTTLMs) {
+                this.walletsListDTOCache = null;
+            }
+            if (!this.walletsListDTOCache) {
+                this.walletsListDTOCache = this.fetchWalletsListFromSource();
+                this.walletsListDTOCache
+                    .then(() => {
+                    this.walletsListDTOCacheCreationTimestamp = Date.now();
+                })
+                    .catch(() => {
+                    this.walletsListDTOCache = null;
+                    this.walletsListDTOCacheCreationTimestamp = null;
+                });
+            }
+            return this.walletsListDTOCache;
+        });
+    }
+    fetchWalletsListFromSource() {
         return __awaiter(this, void 0, void 0, function* () {
             let walletsList = [];
             try {
@@ -2271,16 +2296,21 @@ class WalletsListManager {
                 logError(e);
                 walletsList = FALLBACK_WALLETS_LIST;
             }
-            let currentlyInjectedWallets = [];
-            try {
-                currentlyInjectedWallets = InjectedProvider.getCurrentlyInjectedWallets();
-            }
-            catch (e) {
-                logError(e);
-            }
-            return this.mergeWalletsLists(this.walletConfigDTOListToWalletConfigList(walletsList), currentlyInjectedWallets);
+            return walletsList;
         });
     }
+    getCurrentlyInjectedWallets() {
+        if (!isQaModeEnabled()) {
+            return [];
+        }
+        try {
+            return InjectedProvider.getCurrentlyInjectedWallets();
+        }
+        catch (e) {
+            logError(e);
+            return [];
+        }
+    }
     walletConfigDTOListToWalletConfigList(walletConfigDTO) {
         return walletConfigDTO.map(walletConfigDTO => {
             const walletConfig = {
@@ -2923,8 +2953,9 @@ class TonConnectTracker {
     }
 }
 
-const tonConnectSdkVersion = "3.3.0-beta.2";
+const tonConnectSdkVersion = "3.3.0-beta.3";
 
+const bounceableTag = 0x11;
 const noBounceableTag = 0x51;
 const testOnlyTag = 0x80;
 /**
@@ -2994,25 +3025,40 @@ function parseUserFriendlyAddress(address) {
         throw new WrongAddressError(`Invalid address length: ${address}`);
     }
     const addr = decoded.slice(0, 34);
-    const checksum = decoded.slice(34);
+    const checksum = decoded.slice(34, 36);
     const calculatedChecksum = crc16(addr);
     if (!checksum.every((byte, i) => byte === calculatedChecksum[i])) {
         throw new WrongAddressError(`Invalid checksum in address: ${address}`);
     }
-    const tag = addr[0];
-    const wc = addr[1];
+    let tag = addr[0];
+    let isTestOnly = false;
+    let isBounceable = false;
+    if (tag & testOnlyTag) {
+        isTestOnly = true;
+        tag = tag ^ testOnlyTag;
+    }
+    if (tag !== bounceableTag && tag !== noBounceableTag) {
+        throw new WrongAddressError(`Unknown address tag: ${tag}`);
+    }
+    isBounceable = tag === bounceableTag;
+    let wc = null;
+    if (addr[1] === 0xff) {
+        // TODO we should read signed integer here
+        wc = -1;
+    }
+    else {
+        wc = addr[1];
+    }
     const hex = addr.slice(2);
     if (wc !== 0 && wc !== -1) {
         throw new WrongAddressError(`Invalid workchain: ${wc}`);
     }
-    const testOnly = (tag & testOnlyTag) !== 0;
-    const isBounceable = (tag & 0x40) !== 0;
     return {
         wc,
         hex: Array.from(hex)
             .map(b => b.toString(16).padStart(2, '0'))
             .join(''),
-        testOnly,
+        testOnly: isTestOnly,
         isBounceable
     };
 }
@@ -3089,12 +3135,21 @@ const BASE64_REGEX = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{
 const BOC_PREFIX = 'te6cc';
 const INTEGER_REGEX = /^-?\d+$/;
 const POSITIVE_INTEGER_REGEX = /^\d+$/;
+const MAX_DOMAIN_BYTES = 128;
+const MAX_PAYLOAD_BYTES = 128;
+const MAX_TOTAL_BYTES = 222;
 function isValidNumber(value) {
     return typeof value === 'number' && !isNaN(value);
 }
 function isValidString(value) {
     return typeof value === 'string' && value.length > 0;
 }
+function isValidAddress(value) {
+    return isValidString(value) && (isValidRawAddress(value) || isValidUserFriendlyAddress(value));
+}
+function isValidNetwork(value) {
+    return isValidString(value) && /^-?\d+$/.test(value);
+}
 function isValidBoc(value) {
     return typeof value === 'string' && BASE64_REGEX.test(value) && value.startsWith(BOC_PREFIX);
 }
@@ -3108,52 +3163,33 @@ function hasExtraProperties(obj, allowedKeys) {
     return Object.keys(obj).some(key => !allowedKeys.includes(key));
 }
 function validateSendTransactionRequest(data) {
-    // eslint-disable-next-line no-console
-    console.log('[Validation Debug] validateSendTransactionRequest called');
-    // eslint-disable-next-line no-console
-    console.log('[Validation Debug] isQaModeEnabled():', isQaModeEnabled());
     if (!isValidObject(data)) {
-        const error = 'Request must be an object';
-        logValidationError(error);
-        const shouldReturnNull = isQaModeEnabled();
-        // eslint-disable-next-line no-console
-        console.log('[Validation Debug] Should return null:', shouldReturnNull);
-        return shouldReturnNull ? null : error;
+        return 'Request must be an object';
     }
     const allowedKeys = ['validUntil', 'network', 'from', 'messages'];
     if (hasExtraProperties(data, allowedKeys)) {
-        const error = 'Request contains extra properties';
-        logValidationError(error);
-        return isQaModeEnabled() ? null : error;
-    }
-    if (!isValidNumber(data.validUntil)) {
-        const error = "Incorrect 'validUntil'";
-        logValidationError(error);
-        return isQaModeEnabled() ? null : error;
+        return 'Request contains extra properties';
     }
-    const now = Math.floor(Date.now() / 1000);
-    const fiveMinutesFromNow = now + 300;
-    if (data.validUntil > fiveMinutesFromNow) {
-        console.warn(`validUntil (${data.validUntil}) is more than 5 minutes from now (${now})`);
+    if (data.validUntil) {
+        if (!isValidNumber(data.validUntil)) {
+            return "Incorrect 'validUntil'";
+        }
+        const now = Math.floor(Date.now() / 1000);
+        const fiveMinutesFromNow = now + 300;
+        if (data.validUntil > fiveMinutesFromNow) {
+            console.warn(`validUntil (${data.validUntil}) is more than 5 minutes from now (${now})`);
+        }
     }
     if (data.network !== undefined) {
-        if (!isValidString(data.network) || !/^[\d-]+$/.test(data.network)) {
-            const error = "Invalid 'network' format";
-            logValidationError(error);
-            return isQaModeEnabled() ? null : error;
+        if (!isValidNetwork(data.network)) {
+            return "Invalid 'network' format";
         }
     }
-    if (data.from !== undefined) {
-        if (!isValidString(data.from) || !isValidRawAddress(data.from)) {
-            const error = "Invalid 'from' address format";
-            logValidationError(error);
-            return isQaModeEnabled() ? null : error;
-        }
+    if (data.from !== undefined && !isValidAddress(data.from)) {
+        return "Invalid 'from' address format";
     }
     if (!isValidArray(data.messages) || data.messages.length === 0) {
-        const error = "'messages' is required";
-        logValidationError(error);
-        return isQaModeEnabled() ? null : error;
+        return "'messages' is required";
     }
     for (let i = 0; i < data.messages.length; i++) {
         const message = data.messages[i];
@@ -3216,8 +3252,34 @@ function validateConnectAdditionalRequest(data) {
     if (hasExtraProperties(data, allowedKeys)) {
         return 'Request contains extra properties';
     }
-    if (data.tonProof !== undefined && !isValidString(data.tonProof)) {
-        return "Invalid 'tonProof'";
+    if (data.tonProof !== undefined) {
+        if (typeof data.tonProof !== 'string') {
+            return "Invalid 'tonProof'";
+        }
+        const payload = data.tonProof;
+        if (payload.length === 0) {
+            return "Empty 'tonProof' payload";
+        }
+        // Get current domain for validation first
+        const domain = getDomain();
+        if (!domain) {
+            // In Node.js environment, skip domain validation
+            return null;
+        }
+        // Validate domain size (max 128 bytes)
+        const domainBytes = new TextEncoder().encode(domain).length;
+        if (domainBytes > MAX_DOMAIN_BYTES) {
+            return 'Current domain exceeds 128 bytes limit';
+        }
+        // Validate payload size (max 128 bytes)
+        const payloadBytes = new TextEncoder().encode(payload).length;
+        if (payloadBytes > MAX_PAYLOAD_BYTES) {
+            return "'tonProof' payload exceeds 128 bytes limit";
+        }
+        // Validate total size (domain + payload <= 222 bytes)
+        if (domainBytes + payloadBytes > MAX_TOTAL_BYTES) {
+            return "'tonProof' domain + payload exceeds 222 bytes limit";
+        }
     }
     return null;
 }
@@ -3248,11 +3310,11 @@ function validateSignDataPayloadText(data) {
         return "'text' is required";
     }
     if (data.network !== undefined) {
-        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+        if (!isValidNetwork(data.network)) {
             return "Invalid 'network' format";
         }
     }
-    if (data.from !== undefined && !isValidString(data.from)) {
+    if (data.from !== undefined && !isValidAddress(data.from)) {
         return "Invalid 'from'";
     }
     return null;
@@ -3266,11 +3328,11 @@ function validateSignDataPayloadBinary(data) {
         return "'bytes' is required";
     }
     if (data.network !== undefined) {
-        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+        if (!isValidNetwork(data.network)) {
             return "Invalid 'network' format";
         }
     }
-    if (data.from !== undefined && !isValidString(data.from)) {
+    if (data.from !== undefined && !isValidAddress(data.from)) {
         return "Invalid 'from'";
     }
     return null;
@@ -3290,15 +3352,95 @@ function validateSignDataPayloadCell(data) {
         return "Invalid 'cell' format (must be valid base64)";
     }
     if (data.network !== undefined) {
-        if (!isValidString(data.network) || !/^\d+$/.test(data.network)) {
+        if (!isValidNetwork(data.network)) {
             return "Invalid 'network' format";
         }
     }
-    if (data.from !== undefined && !isValidString(data.from)) {
+    if (data.from !== undefined && !isValidAddress(data.from)) {
         return "Invalid 'from'";
     }
     return null;
 }
+/**
+ * Validates ton_proof item received from wallet in connect event.
+ */
+// eslint-disable-next-line complexity
+function validateTonProofItemReply(data) {
+    if (!isValidObject(data)) {
+        return 'ton_proof item must be an object';
+    }
+    const allowedKeys = ['error', 'proof', 'name'];
+    if (hasExtraProperties(data, allowedKeys)) {
+        return 'ton_proof item contains extra properties';
+    }
+    const hasProof = Object.prototype.hasOwnProperty.call(data, 'proof');
+    const hasError = Object.prototype.hasOwnProperty.call(data, 'error');
+    if (!hasProof && !hasError) {
+        return "'ton_proof' item must contain either 'proof' or 'error'";
+    }
+    if (hasProof && hasError) {
+        return "'ton_proof' item must contain either 'proof' or 'error', not both";
+    }
+    if (hasProof) {
+        const proof = data.proof;
+        if (!isValidObject(proof)) {
+            return "Invalid 'proof' object";
+        }
+        const allowedProofKeys = ['timestamp', 'domain', 'payload', 'signature'];
+        if (hasExtraProperties(proof, allowedProofKeys)) {
+            return 'ton_proof item contains extra properties';
+        }
+        if (!isValidNumber(proof.timestamp)) {
+            return "Invalid 'proof.timestamp'";
+        }
+        const domain = proof.domain;
+        if (!isValidObject(domain)) {
+            return "Invalid 'proof.domain'";
+        }
+        if (!isValidNumber(domain.lengthBytes)) {
+            return "Invalid 'proof.domain.lengthBytes'";
+        }
+        if (!isValidString(domain.value)) {
+            return "Invalid 'proof.domain.value'";
+        }
+        // Try to verify that provided byte length matches actual byte length of value
+        try {
+            const encoderAvailable = typeof TextEncoder !== 'undefined';
+            const actualLength = encoderAvailable
+                ? new TextEncoder().encode(domain.value).length
+                : domain.value.length;
+            if (actualLength !== domain.lengthBytes) {
+                return "'proof.domain.lengthBytes' does not match 'proof.domain.value'";
+            }
+        }
+        catch (_a) {
+            // Ignore environment issues; best-effort validation
+        }
+        if (!isValidString(proof.payload)) {
+            return "Invalid 'proof.payload'";
+        }
+        if (!isValidString(proof.signature) || !BASE64_REGEX.test(proof.signature)) {
+            return "Invalid 'proof.signature' format";
+        }
+    }
+    if (hasError) {
+        const error = data.error;
+        if (!isValidObject(error)) {
+            return "Invalid 'error' object";
+        }
+        const allowedErrorKeys = ['code', 'message'];
+        if (hasExtraProperties(error, allowedErrorKeys)) {
+            return 'ton_proof error contains extra properties';
+        }
+        if (!isValidNumber(error.code)) {
+            return "Invalid 'error.code'";
+        }
+        if (!isValidString(error.message)) {
+            return "Invalid 'error.message'";
+        }
+    }
+    return null;
+}
 
 class TonConnect {
     /**
@@ -3622,6 +3764,34 @@ class TonConnect {
             prevAbortController === null || prevAbortController === void 0 ? void 0 : prevAbortController.abort();
         });
     }
+    /**
+     * Gets the current session ID if available.
+     * @returns session ID string or null if not available.
+     */
+    getSessionId() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.provider || !this.connected) {
+                return null;
+            }
+            try {
+                const connection = yield this.bridgeConnectionStorage.getConnection();
+                if (!connection || connection.type === 'injected') {
+                    return null;
+                }
+                if ('sessionCrypto' in connection) {
+                    // Pending connection
+                    return connection.sessionCrypto.sessionId;
+                }
+                else {
+                    // Established connection
+                    return connection.session.sessionCrypto.sessionId;
+                }
+            }
+            catch (_a) {
+                return null;
+            }
+        });
+    }
     /**
      * Pause bridge HTTP connection. Might be helpful, if you want to pause connections while browser tab is unfocused,
      * or if you use SDK with NodeJS and want to save server resources.
@@ -3711,46 +3881,59 @@ class TonConnect {
             }
         };
         if (tonProofItem) {
+            const validationError = validateTonProofItemReply(tonProofItem);
             let tonProof = undefined;
-            try {
-                if ('proof' in tonProofItem) {
-                    // success
-                    tonProof = {
-                        name: 'ton_proof',
-                        proof: {
-                            timestamp: tonProofItem.proof.timestamp,
-                            domain: {
-                                lengthBytes: tonProofItem.proof.domain.lengthBytes,
-                                value: tonProofItem.proof.domain.value
-                            },
-                            payload: tonProofItem.proof.payload,
-                            signature: tonProofItem.proof.signature
-                        }
-                    };
-                }
-                else if ('error' in tonProofItem) {
-                    // error
-                    tonProof = {
-                        name: 'ton_proof',
-                        error: {
-                            code: tonProofItem.error.code,
-                            message: tonProofItem.error.message
-                        }
-                    };
-                }
-                else {
-                    throw new TonConnectError('Invalid data format');
+            if (validationError) {
+                if (isQaModeEnabled()) {
+                    console.error('TonProofItem validation failed: ' + validationError);
                 }
-            }
-            catch (e) {
                 tonProof = {
                     name: 'ton_proof',
                     error: {
                         code: protocol.CONNECT_ITEM_ERROR_CODES.UNKNOWN_ERROR,
-                        message: 'Invalid data format'
+                        message: validationError
                     }
                 };
             }
+            else {
+                try {
+                    if ('proof' in tonProofItem) {
+                        tonProof = {
+                            name: 'ton_proof',
+                            proof: {
+                                timestamp: tonProofItem.proof.timestamp,
+                                domain: {
+                                    lengthBytes: tonProofItem.proof.domain.lengthBytes,
+                                    value: tonProofItem.proof.domain.value
+                                },
+                                payload: tonProofItem.proof.payload,
+                                signature: tonProofItem.proof.signature
+                            }
+                        };
+                    }
+                    else if ('error' in tonProofItem) {
+                        tonProof = {
+                            name: 'ton_proof',
+                            error: {
+                                code: tonProofItem.error.code,
+                                message: tonProofItem.error.message
+                            }
+                        };
+                    }
+                    else {
+                        throw new TonConnectError('Invalid data format');
+                    }
+                }
+                catch (e) {
+                    tonProof = {
+                        name: 'ton_proof',
+                        error: {
+                            code: protocol.CONNECT_ITEM_ERROR_CODES.UNKNOWN_ERROR,
+                            message: 'Invalid data format'
+                        }
+                    };
+                }
+            }
             wallet.connectItems = { tonProof };
         }
         this.wallet = wallet;
@@ -3823,6 +4006,10 @@ Object.defineProperty(exports, "SIGN_DATA_ERROR_CODES", {
     enumerable: true,
     get: function () { return protocol.SIGN_DATA_ERROR_CODES; }
 });
+Object.defineProperty(exports, "SessionCrypto", {
+    enumerable: true,
+    get: function () { return protocol.SessionCrypto; }
+});
 exports.BadRequestError = BadRequestError;
 exports.BrowserEventDispatcher = BrowserEventDispatcher;
 exports.FetchWalletsError = FetchWalletsError;