npm - @weblock-wallet/sdk - Versions diffs - 0.1.66 → 0.1.68 - Mend

@weblock-wallet/sdk 0.1.66 → 0.1.68

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -1733,11 +1733,11 @@ var storage = localforage.createInstance({
   description: "WeBlock Wallet SDK Secure Storage"
 });
 var LocalForage = {
-  async save(key, value, expiry) {
+  async save(key, value, expiryEpochMs) {
     try {
       const item = {
         value,
-        expiry
+        expiryEpochMs
       };
       await storage.setItem(key, item);
     } catch (err) {
@@ -1747,10 +1747,8 @@ var LocalForage = {
   async get(key) {
     try {
       const item = await storage.getItem(key);
-      if (!item) {
-        return null;
-      }
-      if (item.expiry && Date.now() > item.expiry * 1e3) {
+      if (!item) return null;
+      if (item.expiryEpochMs && Date.now() > item.expiryEpochMs) {
         await storage.removeItem(key);
         return null;
       }
@@ -1893,26 +1891,6 @@ var AuthService = class {
 import { Wallet, Interface, Transaction as EthersTx } from "ethers";
 import { generateMnemonic, mnemonicToSeed } from "bip39";
-// src/utils/secrets.ts
-import { split, combine } from "shamir-secret-sharing";
-var Secrets = {
-  async split(secret, total, threshold) {
-    if (secret.startsWith("0x")) {
-      secret = secret.substring(2);
-    }
-    const array = await split(
-      new Uint8Array(Buffer.from(secret, "hex")),
-      total,
-      threshold
-    );
-    return array.map((item) => Buffer.from(item).toString("hex"));
-  },
-  async combine(shares) {
-    const array = shares.map((item) => new Uint8Array(Buffer.from(item, "hex")));
-    return `0x${Buffer.from(await combine(array)).toString("hex")}`;
-  }
-};
 // node_modules/.pnpm/@jspm+core@2.1.0/node_modules/@jspm/core/nodelibs/browser/chunk-CcCWfKp1.js
 var exports$22 = {};
 var _dewExec$12 = false;
@@ -103928,6 +103906,26 @@ var webcrypto = exports11.webcrypto;
 var getRandomValues = exports11.getRandomValues;
 var randomUUID = exports11.randomUUID;
+// src/utils/secrets.ts
+import { split, combine } from "shamir-secret-sharing";
+var Secrets = {
+  async split(secret, total, threshold) {
+    if (secret.startsWith("0x")) {
+      secret = secret.substring(2);
+    }
+    const array = await split(
+      new Uint8Array(Buffer.from(secret, "hex")),
+      total,
+      threshold
+    );
+    return array.map((item) => Buffer.from(item).toString("hex"));
+  },
+  async combine(shares) {
+    const array = shares.map((item) => new Uint8Array(Buffer.from(item, "hex")));
+    return `0x${Buffer.from(await combine(array)).toString("hex")}`;
+  }
+};
 // src/utils/crypto.ts
 import * as ed from "@noble/ed25519";
 function urlEncode(pemKey) {
@@ -103975,6 +103973,65 @@ var Crypto = {
   }
 };
+// src/utils/numbers.ts
+import { parseUnits, formatUnits } from "ethers";
+var TokenAmount = class {
+  /**
+   * Wei 단위의 값을 사용자가 읽을 수 있는 형태로 변환
+   * @param value - Wei 단위의 값 (hex string 또는 decimal string)
+   * @param decimals - 토큰의 소수점 자리수
+   * @returns 변환된 문자열
+   */
+  static fromWei(value, decimals) {
+    try {
+      return formatUnits(value, decimals);
+    } catch (error) {
+      console.error("Error converting from wei:", error);
+      return "0.0";
+    }
+  }
+  /**
+   * 사용자 입력값을 Wei 단위로 변환
+   * @param value - 사용자 입력값 (예: "1.5")
+   * @param decimals - 토큰의 소수점 자리수
+   * @returns Wei 단위의 값
+   */
+  static toWei(value, decimals) {
+    try {
+      return parseUnits(value, decimals).toString();
+    } catch (error) {
+      console.error("Error converting to wei:", error);
+      return "0";
+    }
+  }
+  /**
+   * 표시용 포맷으로 변환
+   * @param value - Wei 단위의 값
+   * @param decimals - 토큰의 소수점 자리수
+   * @param maxDecimals - 최대 표시할 소수점 자리수 (기본값: 4)
+   * @returns 포맷된 문자열
+   */
+  static format(value, decimals, maxDecimals = 4) {
+    const fullNumber = this.fromWei(value, decimals);
+    const [beforeDecimal, afterDecimal = ""] = fullNumber.split(".");
+    return `${beforeDecimal}.${afterDecimal.slice(0, maxDecimals)}`;
+  }
+  /**
+   * 값이 유효한지 검증
+   * @param value - 검증할 값
+   * @returns 유효성 여부
+   */
+  static isValid(value) {
+    return /^\d*\.?\d*$/.test(value) && value !== "";
+  }
+};
+var DECIMALS = {
+  ETH: 18,
+  USDC: 6,
+  USDT: 6,
+  DAI: 18
+};
 // src/types/error.ts
 var SDKErrorCode = /* @__PURE__ */ ((SDKErrorCode2) => {
   SDKErrorCode2["NOT_INITIALIZED"] = "NOT_INITIALIZED";
@@ -104043,65 +104100,6 @@ var SignInStatus = /* @__PURE__ */ ((SignInStatus2) => {
   return SignInStatus2;
 })(SignInStatus || {});
-// src/utils/numbers.ts
-import { parseUnits, formatUnits } from "ethers";
-var TokenAmount = class {
-  /**
-   * Wei 단위의 값을 사용자가 읽을 수 있는 형태로 변환
-   * @param value - Wei 단위의 값 (hex string 또는 decimal string)
-   * @param decimals - 토큰의 소수점 자리수
-   * @returns 변환된 문자열
-   */
-  static fromWei(value, decimals) {
-    try {
-      return formatUnits(value, decimals);
-    } catch (error) {
-      console.error("Error converting from wei:", error);
-      return "0.0";
-    }
-  }
-  /**
-   * 사용자 입력값을 Wei 단위로 변환
-   * @param value - 사용자 입력값 (예: "1.5")
-   * @param decimals - 토큰의 소수점 자리수
-   * @returns Wei 단위의 값
-   */
-  static toWei(value, decimals) {
-    try {
-      return parseUnits(value, decimals).toString();
-    } catch (error) {
-      console.error("Error converting to wei:", error);
-      return "0";
-    }
-  }
-  /**
-   * 표시용 포맷으로 변환
-   * @param value - Wei 단위의 값
-   * @param decimals - 토큰의 소수점 자리수
-   * @param maxDecimals - 최대 표시할 소수점 자리수 (기본값: 4)
-   * @returns 포맷된 문자열
-   */
-  static format(value, decimals, maxDecimals = 4) {
-    const fullNumber = this.fromWei(value, decimals);
-    const [beforeDecimal, afterDecimal = ""] = fullNumber.split(".");
-    return `${beforeDecimal}.${afterDecimal.slice(0, maxDecimals)}`;
-  }
-  /**
-   * 값이 유효한지 검증
-   * @param value - 검증할 값
-   * @returns 유효성 여부
-   */
-  static isValid(value) {
-    return /^\d*\.?\d*$/.test(value) && value !== "";
-  }
-};
-var DECIMALS = {
-  ETH: 18,
-  USDC: 6,
-  USDT: 6,
-  DAI: 18
-};
 // src/core/services/wallet.ts
 var ERC20_ABI = [
   "function balanceOf(address owner) view returns (uint256)",
@@ -104127,7 +104125,7 @@ var WalletService = class {
     this.walletAddress = null;
   }
   /**
-   * Wallet PIN/password mismatch handling.
+   * Password/PIN mismatch detection for decrypt errors.
    */
   isInvalidPasswordError(error) {
     if (!error) return false;
@@ -104146,9 +104144,8 @@ var WalletService = class {
     return /^[0-9]{6}$/.test(pin);
   }
   /**
-   * deviceSecret은 "PIN과 무관한 로컬 복구용 비밀값"입니다.
-   * - 같은 디바이스에서만 PIN reset이 가능하도록 하는 역할
-   * - 서버에는 절대 전달하지 않습니다.
+   * deviceSecret: local-only secret for device recovery material.
+   * This must never be sent to server.
    */
   async getOrCreateDeviceSecret() {
     const key = STORAGE_KEYS.deviceSecret(this.orgHost);
@@ -104158,19 +104155,20 @@ var WalletService = class {
     await LocalForage.save(key, secret);
     return secret;
   }
+  /**
+   * PATCH APPLIED:
+   * Always overwrite encryptedShare2_device when we have a fresh share2.
+   * Keeping an old device share causes (share1 new + share2 old) => different derived wallet.
+   */
   async ensureDeviceEncryptedShare2(share2Plain, firebaseId) {
     const encryptedKey = STORAGE_KEYS.encryptedShare2Device(this.orgHost);
-    const existing = await LocalForage.get(encryptedKey);
-    if (existing) return;
     const deviceSecret = await this.getOrCreateDeviceSecret();
     const encrypted = Crypto.encryptShare(share2Plain, deviceSecret, firebaseId);
     await LocalForage.save(encryptedKey, encrypted);
   }
   async getAddress() {
     try {
-      if (this.walletAddress) {
-        return this.walletAddress;
-      }
+      if (this.walletAddress) return this.walletAddress;
       const savedAddress = await LocalForage.get(
         STORAGE_KEYS.walletAddress(this.orgHost)
       );
@@ -104201,7 +104199,6 @@ var WalletService = class {
       const firebaseId = await LocalForage.get(
         STORAGE_KEYS.firebaseId(this.orgHost)
       );
-      console.log("1. FirebaseId:", firebaseId);
       if (!firebaseId) {
         throw new SDKError("Not logged in", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
       }
@@ -104223,27 +104220,18 @@ var WalletService = class {
           "WALLET_ALREADY_EXISTS" /* WALLET_ALREADY_EXISTS */
         );
       }
-      console.log("2. Generating wallet...");
       const mnemonic = generateMnemonic();
       const seed = await mnemonicToSeed(mnemonic);
       const wallet = new Wallet(seed.slice(0, 32).toString("hex"));
-      console.log("3. Wallet created:", {
-        address: wallet.address,
-        publicKey: wallet.signingKey.publicKey
-      });
-      console.log("4. Splitting private key...");
       const shares = await Secrets.split(wallet.privateKey, 3, 2);
       const [share1, share2, share3] = shares;
-      console.log("6. Encrypting shares...");
       const encryptedShare2 = Crypto.encryptShare(share2, password, firebaseId);
       const encryptedShare3 = Crypto.encryptShare(share3, password, firebaseId);
-      console.log("8. Saving encryptedShare2 to LocalForage...");
       await LocalForage.save(
         STORAGE_KEYS.encryptedShare2(this.orgHost),
         encryptedShare2
       );
       await this.ensureDeviceEncryptedShare2(share2, firebaseId);
-      console.log("10. Creating wallet on server...");
       await this.walletClient.createWallet({
         address: wallet.address,
         publicKey: wallet.signingKey.publicKey,
@@ -104257,7 +104245,6 @@ var WalletService = class {
       );
       return wallet.address;
     } catch (error) {
-      console.error("Error in create wallet:", error);
       if (error instanceof SDKError) throw error;
       throw new SDKError(
         "Failed to create wallet",
@@ -104312,8 +104299,13 @@ var WalletService = class {
           share2 = decryptShareOrThrow(encryptedShare2);
           await LocalForage.save(STORAGE_KEYS.share2(this.orgHost), share2);
         } else {
-          const share3 = decryptShareOrThrow(walletInfo.encryptedShare3);
-          const privateKey2 = await Secrets.combine([walletInfo.share1, share3]);
+          const share3 = decryptShareOrThrow(
+            walletInfo.encryptedShare3
+          );
+          const privateKey2 = await Secrets.combine([
+            walletInfo.share1,
+            share3
+          ]);
           const wallet2 = new Wallet(privateKey2);
           const newShares = await Secrets.split(wallet2.privateKey, 3, 2);
           const [newShare1, newShare2, newShare3] = newShares;
@@ -104340,7 +104332,10 @@ var WalletService = class {
           return wallet2.address;
         }
       }
-      const privateKey = await Secrets.combine([walletInfo.share1, share2]);
+      const privateKey = await Secrets.combine([
+        walletInfo.share1,
+        share2
+      ]);
       const wallet = new Wallet(privateKey);
       await this.ensureDeviceEncryptedShare2(share2, firebaseId);
       this.walletAddress = wallet.address;
@@ -104353,7 +104348,6 @@ var WalletService = class {
     } catch (error) {
       this.walletAddress = null;
       await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
-      console.error("Error in retrieveWallet:", error);
       if (error instanceof SDKError) throw error;
       throw new SDKError(
         "Failed to retrieve wallet",
@@ -104363,9 +104357,7 @@ var WalletService = class {
     }
   }
   /**
-   * NEW: PIN reset (프라이빗키/주소 유지)
-   * - 같은 디바이스에 남아있는 encryptedShare2_device를 이용
-   * - 서버는 PATCH /v1/wallets/keys 로 share1 / encryptedShare3 만 업데이트
+   * PIN reset (same private key/address) using encryptedShare2_device.
    */
   async resetPin(newPassword) {
     try {
@@ -104390,16 +104382,10 @@ var WalletService = class {
       const encryptedDevice = await LocalForage.get(
         STORAGE_KEYS.encryptedShare2Device(this.orgHost)
       );
-      if (!encryptedDevice) {
-        throw new SDKError(
-          "PIN reset is not available on this device",
-          "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
-        );
-      }
       const deviceSecret = await LocalForage.get(
         STORAGE_KEYS.deviceSecret(this.orgHost)
       );
-      if (!deviceSecret) {
+      if (!encryptedDevice || !deviceSecret) {
         throw new SDKError(
           "PIN reset is not available on this device",
           "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
@@ -104416,7 +104402,10 @@ var WalletService = class {
         );
       }
       const walletInfo = await this.walletClient.getWallet();
-      const privateKey = await Secrets.combine([walletInfo.share1, share2]);
+      const privateKey = await Secrets.combine([
+        walletInfo.share1,
+        share2
+      ]);
       const wallet = new Wallet(privateKey);
       const newShares = await Secrets.split(wallet.privateKey, 3, 2);
       const [newShare1, newShare2, newShare3] = newShares;
@@ -104432,15 +104421,7 @@ var WalletService = class {
         STORAGE_KEYS.encryptedShare2(this.orgHost),
         Crypto.encryptShare(newShare2, newPassword, firebaseId)
       );
-      const newEncryptedDevice = Crypto.encryptShare(
-        newShare2,
-        deviceSecret,
-        firebaseId
-      );
-      await LocalForage.save(
-        STORAGE_KEYS.encryptedShare2Device(this.orgHost),
-        newEncryptedDevice
-      );
+      await this.ensureDeviceEncryptedShare2(newShare2, firebaseId);
       this.walletAddress = wallet.address;
       await LocalForage.save(
         STORAGE_KEYS.walletAddress(this.orgHost),
@@ -104449,7 +104430,6 @@ var WalletService = class {
       await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
       return wallet.address;
     } catch (error) {
-      console.error("Error in resetPin:", error);
       if (error instanceof SDKError) throw error;
       throw new SDKError(
         "Failed to reset PIN",
@@ -104487,38 +104467,20 @@ var WalletService = class {
     const rawBalance = await this.rpcClient.sendRpc({
       chainId,
       method: "eth_call" /* ETH_CALL */,
-      params: [
-        {
-          to: tokenAddress,
-          data
-        },
-        "latest"
-      ]
+      params: [{ to: tokenAddress, data }, "latest"]
     });
     const decimalsData = erc20.encodeFunctionData("decimals", []);
     const decimalsRes = await this.rpcClient.sendRpc({
       chainId,
       method: "eth_call" /* ETH_CALL */,
-      params: [
-        {
-          to: tokenAddress,
-          data: decimalsData
-        },
-        "latest"
-      ]
+      params: [{ to: tokenAddress, data: decimalsData }, "latest"]
     });
     const decimals = parseInt(decimalsRes.result, 16);
     const symbolData = erc20.encodeFunctionData("symbol", []);
     const symbolRes = await this.rpcClient.sendRpc({
       chainId,
       method: "eth_call" /* ETH_CALL */,
-      params: [
-        {
-          to: tokenAddress,
-          data: symbolData
-        },
-        "latest"
-      ]
+      params: [{ to: tokenAddress, data: symbolData }, "latest"]
     });
     const symbol = erc20.decodeFunctionResult("symbol", symbolRes.result)[0];
     return {
@@ -104607,34 +104569,36 @@ var WalletService = class {
         method: "eth_getTransactionCount" /* ETH_GET_TRANSACTION_COUNT */,
         params: [address, "latest"]
       });
-      if (!nonce.result || nonce.result === "0x0") {
-        return void 0;
-      }
+      if (!nonce.result || nonce.result === "0x0") return void 0;
       return {
         hash: "",
         status: "SUCCESS" /* SUCCESS */,
         timestamp: Date.now(),
         value: "0"
       };
-    } catch (error) {
-      console.error("Failed to get latest transaction:", error);
+    } catch {
       return void 0;
     }
   }
+  /**
+   * PATCH APPLIED (critical):
+   * - Never overwrite cached walletAddress with derived signer address.
+   * - If server/cached address != derived address => throw WALLET_RECOVERY_FAILED.
+   */
   async sendTransaction(params) {
+    const toHexQuantity = (v5) => {
+      if (v5 === void 0 || v5 === null) return "0x0";
+      const s5 = String(v5).trim();
+      if (!s5) return "0x0";
+      if (s5.startsWith("0x") || s5.startsWith("0X")) return s5;
+      try {
+        const bi = BigInt(s5);
+        return "0x" + bi.toString(16);
+      } catch {
+        return s5;
+      }
+    };
     try {
-      const toHexQuantity = (v5) => {
-        if (v5 === void 0 || v5 === null) return "0x0";
-        const s5 = String(v5).trim();
-        if (!s5) return "0x0";
-        if (s5.startsWith("0x") || s5.startsWith("0X")) return s5;
-        try {
-          const bi = BigInt(s5);
-          return "0x" + bi.toString(16);
-        } catch {
-          return s5;
-        }
-      };
       const walletInfo = await this.walletClient.getWallet();
       const share1 = walletInfo?.share1;
       let share2 = await LocalForage.get(
@@ -104671,25 +104635,25 @@ var WalletService = class {
       const privateKey = await Secrets.combine([share1, share2]);
       const wallet = new Wallet(privateKey);
       const from = wallet.address;
-      const cachedAddress = await LocalForage.get(
-        STORAGE_KEYS.walletAddress(this.orgHost)
-      );
-      if (cachedAddress && cachedAddress.toLowerCase() !== from.toLowerCase()) {
-        console.warn(
-          "[WalletService] walletAddress mismatch detected. cached=",
-          cachedAddress,
-          "derived=",
-          from
+      const serverAddress = String(walletInfo?.address ?? "").trim();
+      const cachedAddress = String(
+        await LocalForage.get(
+          STORAGE_KEYS.walletAddress(this.orgHost)
+        ) ?? ""
+      ).trim();
+      const mismatch = (a5, b4) => a5 && b4 && a5.toLowerCase() !== b4.toLowerCase();
+      if (mismatch(serverAddress, from) || mismatch(cachedAddress, from)) {
+        throw new SDKError(
+          `Wallet share mismatch detected. server=${serverAddress || "N/A"} cached=${cachedAddress || "N/A"} derived=${from}. Please re-enter PIN (retrieveWallet/resetPin) to refresh shares.`,
+          "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
         );
-        this.walletAddress = from;
-        await LocalForage.save(STORAGE_KEYS.walletAddress(this.orgHost), from);
       }
       const nativeBal = await this.rpcClient.sendRpc({
         chainId: params.chainId,
         method: "eth_getBalance" /* ETH_GET_BALANCE */,
         params: [from, "latest"]
       });
-      if (!nativeBal?.result || BigInt(nativeBal.result) === BigInt(0)) {
+      if (!nativeBal?.result || BigInt(nativeBal.result) === 0n) {
         throw new SDKError(
           `Insufficient native balance for gas. sender=${from} balance=${nativeBal?.result ?? "0x0"}`,
           "TRANSACTION_FAILED" /* TRANSACTION_FAILED */
@@ -104725,17 +104689,16 @@ var WalletService = class {
           );
           const buffered = Math.max(21e3, Math.ceil(est * 1.2));
           gasLimit = "0x" + buffered.toString(16);
-        } catch (e7) {
+        } catch {
           const data = (params.data || "0x").toLowerCase();
           const isApprove = data.startsWith("0x095ea7b3");
           const fallback = isApprove ? 12e4 : data !== "0x" ? 8e5 : 21e3;
           gasLimit = "0x" + fallback.toString(16);
         }
       }
-      const value = params.value ?? "0";
       const signedTx = await wallet.signTransaction({
         to: params.to,
-        value,
+        value: params.value ?? "0",
         data: params.data || "0x",
         chainId: params.chainId,
         nonce,
@@ -104746,12 +104709,10 @@ var WalletService = class {
         const parsed = EthersTx.from(signedTx);
         const derivedFrom = parsed?.from;
         if (derivedFrom && String(derivedFrom).toLowerCase() !== from.toLowerCase()) {
-          console.warn(
-            "[WalletService] signedTx sender mismatch. wallet=",
-            from,
-            "txFrom=",
-            derivedFrom
-          );
+          console.warn("[WalletService] signedTx sender mismatch.", {
+            walletFrom: from,
+            txFrom: derivedFrom
+          });
         }
       } catch {
       }
@@ -104759,9 +104720,8 @@ var WalletService = class {
       await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
       return txHash;
     } catch (error) {
-      if (error instanceof SDKError) {
-        throw error;
-      }
+      await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
+      if (error instanceof SDKError) throw error;
       const msg = (() => {
         try {
           const anyErr = error;
@@ -104910,10 +104870,26 @@ var HttpClient = class {
       if (!accessToken) {
         throw new SDKError("No access token found", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
       }
+      ;
       headers["Authorization"] = `Bearer ${accessToken}`;
     }
     return headers;
   }
+  async safeReadErrorDetails(response) {
+    const contentType = response.headers.get("content-type") || "";
+    try {
+      if (contentType.includes("application/json")) {
+        return await response.json();
+      }
+    } catch {
+    }
+    try {
+      const text = await response.text();
+      return text || void 0;
+    } catch {
+      return void 0;
+    }
+  }
   async request(method, path, data, config2 = {}) {
     const headers = await this.getHeaders(config2.needsAccessToken);
     const requestInit = {
@@ -104924,20 +104900,28 @@ var HttpClient = class {
       },
       credentials: config2.credentials
     };
-    if (data) {
+    if (data !== void 0) {
       requestInit.body = JSON.stringify(data);
     }
     const response = await fetch(`${this.baseUrl}${path}`, requestInit);
     if (!response.ok) {
+      if (config2.needsAccessToken && (response.status === 401 || response.status === 403)) {
+        await LocalForage.delete(`${this.orgHost}:accessToken`);
+        throw new SDKError(
+          `Authentication required (status: ${response.status})`,
+          "AUTH_REQUIRED" /* AUTH_REQUIRED */,
+          await this.safeReadErrorDetails(response)
+        );
+      }
       throw new SDKError(
         `HTTP error! status: ${response.status}`,
         "REQUEST_FAILED" /* REQUEST_FAILED */,
-        await response.json()
+        await this.safeReadErrorDetails(response)
       );
     }
-    if (response.status === 200 && response.headers.get("content-length") === "0") {
-      return void 0;
-    }
+    if (response.status === 204) return void 0;
+    const contentLength = response.headers.get("content-length");
+    if (contentLength === "0") return void 0;
     try {
       return await response.json();
     } catch {