npm - @weblock-wallet/sdk - Versions diffs - 0.1.68 → 0.1.70 - Mend

@weblock-wallet/sdk 0.1.68 → 0.1.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.cjs CHANGED Viewed

@@ -104109,6 +104109,7 @@ var SDKErrorCode = /* @__PURE__ */ ((SDKErrorCode2) => {
   SDKErrorCode2["NOT_LOGGED_IN"] = "NOT_LOGGED_IN";
   SDKErrorCode2["NETWORK_SWITCH_FAILED"] = "NETWORK_SWITCH_FAILED";
   SDKErrorCode2["TRANSACTION_FAILED"] = "TRANSACTION_FAILED";
+  SDKErrorCode2["INVALID_PIN"] = "INVALID_PIN";
   return SDKErrorCode2;
 })(SDKErrorCode || {});
 var SDKError = class extends Error {
@@ -104298,91 +104299,69 @@ var WalletService = class {
       );
     }
   }
+  // client/src/core/services/wallet.ts
+  // Full version of retrieveWallet() with the address-mismatch guard added.
+  // Assumes existing imports/types in this file:
+  // - SDKError, SDKErrorCode
+  // - LocalForage
+  // - STORAGE_KEYS
+  // - Crypto (encryptShare/decryptShare)
+  // - Secrets (combine)
+  // - Wallet (ethers Wallet or equivalent)
+  // - this.walletClient.getWallet()
+  // - this.orgHost, this.walletAddress
+  // - this.isSixDigitPin(password)
   async retrieveWallet(password) {
     try {
-      const accessToken = await LocalForage.get(
-        STORAGE_KEYS.accessToken(this.orgHost)
-      );
-      if (!accessToken) {
-        throw new SDKError("Access token not found", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
-      }
       const firebaseId = await LocalForage.get(
         STORAGE_KEYS.firebaseId(this.orgHost)
       );
       if (!firebaseId) {
         throw new SDKError("Not logged in", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
       }
-      if (!this.isSixDigitPin(password)) {
+      if (!password || !this.isSixDigitPin(password)) {
         throw new SDKError(
           "PIN must be a 6-digit number",
           "INVALID_PARAMS" /* INVALID_PARAMS */
         );
       }
-      const decryptShareOrThrow = (encryptedShare) => {
-        try {
-          return Crypto.decryptShare(encryptedShare, password, firebaseId);
-        } catch (e7) {
-          if (this.isInvalidPasswordError(e7)) {
-            throw new SDKError(
-              "Incorrect PIN code",
-              "INVALID_PASSWORD" /* INVALID_PASSWORD */,
-              e7
-            );
-          }
-          throw e7;
-        }
-      };
       const walletInfo = await this.walletClient.getWallet();
-      let share2 = await LocalForage.get(
-        STORAGE_KEYS.share2(this.orgHost)
+      const share1 = walletInfo.share1;
+      const serverAddr = walletInfo.address?.toLowerCase?.() ?? "";
+      if (!share1) {
+        throw new SDKError(
+          "Wallet is not initialized on the server",
+          "WALLET_NOT_FOUND" /* WALLET_NOT_FOUND */
+        );
+      }
+      const encryptedShare2 = await LocalForage.get(
+        STORAGE_KEYS.encryptedShare2(this.orgHost)
       );
-      if (!share2) {
-        const encryptedShare2 = await LocalForage.get(
-          STORAGE_KEYS.encryptedShare2(this.orgHost)
+      if (!encryptedShare2) {
+        throw new SDKError(
+          "Local recovery material is missing on this device",
+          "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
         );
-        if (encryptedShare2) {
-          share2 = decryptShareOrThrow(encryptedShare2);
-          await LocalForage.save(STORAGE_KEYS.share2(this.orgHost), share2);
-        } else {
-          const share3 = decryptShareOrThrow(
-            walletInfo.encryptedShare3
-          );
-          const privateKey2 = await Secrets.combine([
-            walletInfo.share1,
-            share3
-          ]);
-          const wallet2 = new import_ethers2.Wallet(privateKey2);
-          const newShares = await Secrets.split(wallet2.privateKey, 3, 2);
-          const [newShare1, newShare2, newShare3] = newShares;
-          await this.walletClient.updateWalletKey({
-            share1: newShare1,
-            encryptedShare3: Crypto.encryptShare(
-              newShare3,
-              password,
-              firebaseId
-            )
-          });
-          await LocalForage.save(STORAGE_KEYS.share2(this.orgHost), newShare2);
-          await LocalForage.save(
-            STORAGE_KEYS.encryptedShare2(this.orgHost),
-            Crypto.encryptShare(newShare2, password, firebaseId)
-          );
-          await this.ensureDeviceEncryptedShare2(newShare2, firebaseId);
-          this.walletAddress = wallet2.address;
-          await LocalForage.save(
-            STORAGE_KEYS.walletAddress(this.orgHost),
-            wallet2.address
-          );
-          await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
-          return wallet2.address;
-        }
       }
-      const privateKey = await Secrets.combine([
-        walletInfo.share1,
-        share2
-      ]);
+      let share2;
+      try {
+        share2 = Crypto.decryptShare(encryptedShare2, password, firebaseId);
+      } catch (e7) {
+        throw new SDKError(
+          "Invalid PIN or corrupted local recovery material",
+          "INVALID_PIN" /* INVALID_PIN */,
+          e7
+        );
+      }
+      const privateKey = await Secrets.combine([share1, share2]);
       const wallet = new import_ethers2.Wallet(privateKey);
-      await this.ensureDeviceEncryptedShare2(share2, firebaseId);
+      const derivedAddr = wallet.address.toLowerCase();
+      if (serverAddr && derivedAddr !== serverAddr) {
+        throw new SDKError(
+          `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr}`,
+          "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
+        );
+      }
       this.walletAddress = wallet.address;
       await LocalForage.save(
         STORAGE_KEYS.walletAddress(this.orgHost),
@@ -104391,8 +104370,6 @@ var WalletService = class {
       await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
       return wallet.address;
     } catch (error) {
-      this.walletAddress = null;
-      await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
       if (error instanceof SDKError) throw error;
       throw new SDKError(
         "Failed to retrieve wallet",
@@ -104452,6 +104429,17 @@ var WalletService = class {
         share2
       ]);
       const wallet = new import_ethers2.Wallet(privateKey);
+      const serverAddr = walletInfo.address?.toLowerCase?.() ?? "";
+      const derivedAddr = wallet.address.toLowerCase();
+      const cachedAddr = await LocalForage.get(
+        STORAGE_KEYS.walletAddress(this.orgHost)
+      ) ?? null;
+      if (serverAddr && derivedAddr !== serverAddr) {
+        throw new SDKError(
+          `Device recovery material does not match server wallet. server=${serverAddr} derived=${derivedAddr} cached=${cachedAddr ?? "null"}`,
+          "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
+        );
+      }
       const newShares = await Secrets.split(wallet.privateKey, 3, 2);
       const [newShare1, newShare2, newShare3] = newShares;
       await this.walletClient.updateWalletKey({
@@ -106611,6 +106599,8 @@ var InternalCoreImpl = class {
       getAddress: () => this.walletService.getAddress(),
       create: (password) => this.walletService.create(password),
       retrieveWallet: (password) => this.walletService.retrieveWallet(password),
+      // Fix: expose resetPin to InternalCore wallet facade
+      resetPin: (newPassword) => this.walletService.resetPin(newPassword),
       getBalance: (address, chainId) => this.walletService.getBalance(address, chainId),
       getTokenBalance: (tokenAddress, walletAddress, chainId) => this.walletService.getTokenBalance(tokenAddress, walletAddress, chainId),
       sendTransaction: (params) => this.walletService.sendTransaction(params),
@@ -106633,24 +106623,13 @@ var InternalCoreImpl = class {
     this.asset = {
       transfer: (params) => this.assetService.transfer(params),
       addToken: (params) => this.assetService.addToken(params),
-      // New ERC20 methods
       getTokenBalance: (params) => this.assetService.getTokenBalance(params),
-      // ERC1155 / RBT helpers
       getERC1155Balance: (params) => this.assetService.getERC1155Balance(params),
       getRbtClaimable: (params) => this.assetService.getRbtClaimable(params),
       claimRbt: (params) => this.assetService.claimRbt(params),
       approveToken: (params) => this.assetService.approveToken(params),
       getAllowance: (params) => this.assetService.getAllowance(params),
-      // getTokenInfo: (params: TokenInfoParams) =>
-      //   this.assetService.getTokenInfo(params),
       addNFTCollection: (params) => this.assetService.addNFTCollection(params),
-      // checkSecurityTokenCompliance: (params: {
-      //   networkId: string
-      //   tokenAddress: string
-      //   from: string
-      //   to: string
-      //   amount: string
-      // }) => this.assetService.checkSecurityTokenCompliance(params),
       on: (event, listener) => this.assetService.on(event, listener),
       off: (event, listener) => this.assetService.off(event, listener),
       getTokenInfo: (params) => this.assetService.getTokenInfo(params),