@weblock-wallet/sdk 0.1.69 → 0.1.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/index.cjs +57 -69
  2. package/dist/index.cjs.map +1 -1
  3. package/dist/index.d.cts +2 -1
  4. package/dist/index.d.ts +2 -1
  5. package/dist/index.js +57 -69
  6. package/dist/index.js.map +1 -1
  7. package/package.json +1 -1
package/dist/index.cjs CHANGED
@@ -104109,6 +104109,7 @@ var SDKErrorCode = /* @__PURE__ */ ((SDKErrorCode2) => {
104109
104109
  SDKErrorCode2["NOT_LOGGED_IN"] = "NOT_LOGGED_IN";
104110
104110
  SDKErrorCode2["NETWORK_SWITCH_FAILED"] = "NETWORK_SWITCH_FAILED";
104111
104111
  SDKErrorCode2["TRANSACTION_FAILED"] = "TRANSACTION_FAILED";
104112
+ SDKErrorCode2["INVALID_PIN"] = "INVALID_PIN";
104112
104113
  return SDKErrorCode2;
104113
104114
  })(SDKErrorCode || {});
104114
104115
  var SDKError = class extends Error {
@@ -104298,91 +104299,69 @@ var WalletService = class {
104298
104299
  );
104299
104300
  }
104300
104301
  }
104302
+ // client/src/core/services/wallet.ts
104303
+ // Full version of retrieveWallet() with the address-mismatch guard added.
104304
+ // Assumes existing imports/types in this file:
104305
+ // - SDKError, SDKErrorCode
104306
+ // - LocalForage
104307
+ // - STORAGE_KEYS
104308
+ // - Crypto (encryptShare/decryptShare)
104309
+ // - Secrets (combine)
104310
+ // - Wallet (ethers Wallet or equivalent)
104311
+ // - this.walletClient.getWallet()
104312
+ // - this.orgHost, this.walletAddress
104313
+ // - this.isSixDigitPin(password)
104301
104314
  async retrieveWallet(password) {
104302
104315
  try {
104303
- const accessToken = await LocalForage.get(
104304
- STORAGE_KEYS.accessToken(this.orgHost)
104305
- );
104306
- if (!accessToken) {
104307
- throw new SDKError("Access token not found", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
104308
- }
104309
104316
  const firebaseId = await LocalForage.get(
104310
104317
  STORAGE_KEYS.firebaseId(this.orgHost)
104311
104318
  );
104312
104319
  if (!firebaseId) {
104313
104320
  throw new SDKError("Not logged in", "AUTH_REQUIRED" /* AUTH_REQUIRED */);
104314
104321
  }
104315
- if (!this.isSixDigitPin(password)) {
104322
+ if (!password || !this.isSixDigitPin(password)) {
104316
104323
  throw new SDKError(
104317
104324
  "PIN must be a 6-digit number",
104318
104325
  "INVALID_PARAMS" /* INVALID_PARAMS */
104319
104326
  );
104320
104327
  }
104321
- const decryptShareOrThrow = (encryptedShare) => {
104322
- try {
104323
- return Crypto.decryptShare(encryptedShare, password, firebaseId);
104324
- } catch (e7) {
104325
- if (this.isInvalidPasswordError(e7)) {
104326
- throw new SDKError(
104327
- "Incorrect PIN code",
104328
- "INVALID_PASSWORD" /* INVALID_PASSWORD */,
104329
- e7
104330
- );
104331
- }
104332
- throw e7;
104333
- }
104334
- };
104335
104328
  const walletInfo = await this.walletClient.getWallet();
104336
- let share2 = await LocalForage.get(
104337
- STORAGE_KEYS.share2(this.orgHost)
104329
+ const share1 = walletInfo.share1;
104330
+ const serverAddr = walletInfo.address?.toLowerCase?.() ?? "";
104331
+ if (!share1) {
104332
+ throw new SDKError(
104333
+ "Wallet is not initialized on the server",
104334
+ "WALLET_NOT_FOUND" /* WALLET_NOT_FOUND */
104335
+ );
104336
+ }
104337
+ const encryptedShare2 = await LocalForage.get(
104338
+ STORAGE_KEYS.encryptedShare2(this.orgHost)
104338
104339
  );
104339
- if (!share2) {
104340
- const encryptedShare2 = await LocalForage.get(
104341
- STORAGE_KEYS.encryptedShare2(this.orgHost)
104340
+ if (!encryptedShare2) {
104341
+ throw new SDKError(
104342
+ "Local recovery material is missing on this device",
104343
+ "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
104342
104344
  );
104343
- if (encryptedShare2) {
104344
- share2 = decryptShareOrThrow(encryptedShare2);
104345
- await LocalForage.save(STORAGE_KEYS.share2(this.orgHost), share2);
104346
- } else {
104347
- const share3 = decryptShareOrThrow(
104348
- walletInfo.encryptedShare3
104349
- );
104350
- const privateKey2 = await Secrets.combine([
104351
- walletInfo.share1,
104352
- share3
104353
- ]);
104354
- const wallet2 = new import_ethers2.Wallet(privateKey2);
104355
- const newShares = await Secrets.split(wallet2.privateKey, 3, 2);
104356
- const [newShare1, newShare2, newShare3] = newShares;
104357
- await this.walletClient.updateWalletKey({
104358
- share1: newShare1,
104359
- encryptedShare3: Crypto.encryptShare(
104360
- newShare3,
104361
- password,
104362
- firebaseId
104363
- )
104364
- });
104365
- await LocalForage.save(STORAGE_KEYS.share2(this.orgHost), newShare2);
104366
- await LocalForage.save(
104367
- STORAGE_KEYS.encryptedShare2(this.orgHost),
104368
- Crypto.encryptShare(newShare2, password, firebaseId)
104369
- );
104370
- await this.ensureDeviceEncryptedShare2(newShare2, firebaseId);
104371
- this.walletAddress = wallet2.address;
104372
- await LocalForage.save(
104373
- STORAGE_KEYS.walletAddress(this.orgHost),
104374
- wallet2.address
104375
- );
104376
- await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
104377
- return wallet2.address;
104378
- }
104379
104345
  }
104380
- const privateKey = await Secrets.combine([
104381
- walletInfo.share1,
104382
- share2
104383
- ]);
104346
+ let share2;
104347
+ try {
104348
+ share2 = Crypto.decryptShare(encryptedShare2, password, firebaseId);
104349
+ } catch (e7) {
104350
+ throw new SDKError(
104351
+ "Invalid PIN or corrupted local recovery material",
104352
+ "INVALID_PIN" /* INVALID_PIN */,
104353
+ e7
104354
+ );
104355
+ }
104356
+ const privateKey = await Secrets.combine([share1, share2]);
104384
104357
  const wallet = new import_ethers2.Wallet(privateKey);
104385
- await this.ensureDeviceEncryptedShare2(share2, firebaseId);
104358
+ const derivedAddr = wallet.address.toLowerCase();
104359
+ if (serverAddr && derivedAddr !== serverAddr) {
104360
+ throw new SDKError(
104361
+ `Recovered wallet address mismatch. server=${serverAddr} derived=${derivedAddr}`,
104362
+ "WALLET_RECOVERY_FAILED" /* WALLET_RECOVERY_FAILED */
104363
+ );
104364
+ }
104386
104365
  this.walletAddress = wallet.address;
104387
104366
  await LocalForage.save(
104388
104367
  STORAGE_KEYS.walletAddress(this.orgHost),
@@ -104391,8 +104370,6 @@ var WalletService = class {
104391
104370
  await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
104392
104371
  return wallet.address;
104393
104372
  } catch (error) {
104394
- this.walletAddress = null;
104395
- await LocalForage.delete(STORAGE_KEYS.share2(this.orgHost));
104396
104373
  if (error instanceof SDKError) throw error;
104397
104374
  throw new SDKError(
104398
104375
  "Failed to retrieve wallet",
@@ -104452,6 +104429,17 @@ var WalletService = class {
104452
104429
  share2
104453
104430
  ]);
104454
104431
  const wallet = new import_ethers2.Wallet(privateKey);
104432
+ const serverAddr = walletInfo.address?.toLowerCase?.() ?? "";
104433
+ const derivedAddr = wallet.address.toLowerCase();
104434
+ const cachedAddr = await LocalForage.get(
104435
+ STORAGE_KEYS.walletAddress(this.orgHost)
104436
+ ) ?? null;
104437
+ if (serverAddr && derivedAddr !== serverAddr) {
104438
+ throw new SDKError(
104439
+ `Device recovery material does not match server wallet. server=${serverAddr} derived=${derivedAddr} cached=${cachedAddr ?? "null"}`,
104440
+ "RECOVERY_NOT_AVAILABLE" /* RECOVERY_NOT_AVAILABLE */
104441
+ );
104442
+ }
104455
104443
  const newShares = await Secrets.split(wallet.privateKey, 3, 2);
104456
104444
  const [newShare1, newShare2, newShare3] = newShares;
104457
104445
  await this.walletClient.updateWalletKey({