@worldcoin/idkit-core 1.1.3 → 1.2.0

package/build/{config-325e0567.d.ts → config-f327cc3d.d.ts}

@@ -20,12 +20,12 @@ declare enum VerificationLevel {
 type IDKitConfig = {
     /** Unique identifier for the app verifying the action. This should be the app ID obtained from the Developer Portal. */
     app_id: `app_${string}`;
+    /** Identifier for the action the user is performing. Should be left blank for [Sign in with Worldcoin](https://docs.worldcoin.org/id/sign-in). */
+    action: AbiEncodedValue | string;
     /** The description of the specific action (shown to users in World App). Only recommended for actions created on-the-fly. */
     action_description?: string;
     /** Encodes data into a proof that must match when validating. Read more on the [On-chain section](https://docs.worldcoin.org/advanced/on-chain). */
     signal?: AbiEncodedValue | string;
-    /** Identifier for the action the user is performing. Should be left blank for [Sign in with Worldcoin](https://docs.worldcoin.org/id/sign-in). */
-    action?: AbiEncodedValue | string;
     /** URL to a third-party bridge to use when connecting to the World App. Optional. */
     bridge_url?: string;
     /** The minimum required level of verification. Defaults to "orb". */

package/build/index.cjs

@@ -69,6 +69,45 @@ var VerificationLevel = /* @__PURE__ */ ((VerificationLevel2) => {
 // src/bridge.ts
 var import_zustand = require("zustand");
 
+// src/lib/validation.ts
+function validate_bridge_url(bridge_url, is_staging) {
+  try {
+    new URL(bridge_url);
+  } catch (e) {
+    return { valid: false, errors: ["Failed to parse Bridge URL."] };
+  }
+  const test_url = new URL(bridge_url);
+  const errors = [];
+  if (is_staging && ["localhost", "127.0.0.1"].includes(test_url.hostname)) {
+    console.log("Using staging app_id with localhost bridge_url. Skipping validation.");
+    return { valid: true };
+  }
+  if (test_url.protocol !== "https:") {
+    errors.push("Bridge URL must use HTTPS.");
+  }
+  if (test_url.port) {
+    errors.push("Bridge URL must use the default port (443).");
+  }
+  if (test_url.pathname !== "/") {
+    errors.push("Bridge URL must not have a path.");
+  }
+  if (test_url.search) {
+    errors.push("Bridge URL must not have query parameters.");
+  }
+  if (test_url.hash) {
+    errors.push("Bridge URL must not have a fragment.");
+  }
+  if (!test_url.hostname.endsWith(".worldcoin.org") && !test_url.hostname.endsWith(".toolsforhumanity.com")) {
+    console.warn(
+      "Bridge URL should be a subdomain of worldcoin.org or toolsforhumanity.com. The user's identity wallet may refuse to connect. This is a temporary measure and may be removed in the future."
+    );
+  }
+  if (errors.length) {
+    return { valid: false, errors };
+  }
+  return { valid: true };
+}
+
 // src/lib/hashing.ts
 var import_buffer = require("buffer/index.js");
 var import_viem = require("viem");
@@ -177,7 +216,15 @@ var useWorldBridgeStore = (0, import_zustand.create)((set, get) => ({
   verificationState: "loading_widget" /* PreparingClient */,
   createClient: async ({ bridge_url, app_id, verification_level, action_description, action, signal }) => {
     const { key, iv } = await generateKey();
-    const res = await fetch(`${bridge_url ?? DEFAULT_BRIDGE_URL}/request`, {
+    if (bridge_url) {
+      const validation = validate_bridge_url(bridge_url, app_id.includes("staging"));
+      if (!validation.valid) {
+        console.error(validation.errors.join("\n"));
+        set({ verificationState: "failed" /* Failed */ });
+        throw new Error("Invalid bridge_url. Please check the console for more details.");
+      }
+    }
+    const res = await fetch(new URL("/request", bridge_url ?? DEFAULT_BRIDGE_URL), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(
@@ -217,7 +264,7 @@ var useWorldBridgeStore = (0, import_zustand.create)((set, get) => ({
     const key = get().key;
     if (!key)
       throw new Error("No keypair found. Please call `createClient` first.");
-    const res = await fetch(`${get().bridge_url}/response/${get().requestId}`);
+    const res = await fetch(new URL(`/response/${get().requestId}`, get().bridge_url));
     if (!res.ok) {
       return set({
         errorCode: "connection_failed" /* ConnectionFailed */,

package/build/index.d.cts

@@ -1,39 +1,9 @@
-import { V as VerificationLevel, I as IDKitConfig } from './config-325e0567.js';
-export { A as AbiEncodedValue, C as CredentialType } from './config-325e0567.js';
+import { I as ISuccessResult, A as AppErrorCodes, V as VerificationState } from './result-01cf95f2.js';
+export { a as IErrorState } from './result-01cf95f2.js';
+import { I as IDKitConfig, V as VerificationLevel } from './config-f327cc3d.js';
+export { A as AbiEncodedValue, C as CredentialType } from './config-f327cc3d.js';
 import * as zustand from 'zustand';
 
-declare enum AppErrorCodes {
-    ConnectionFailed = "connection_failed",
-    VerificationRejected = "verification_rejected",
-    MaxVerificationsReached = "max_verifications_reached",
-    CredentialUnavailable = "credential_unavailable",
-    MalformedRequest = "malformed_request",
-    InvalidNetwork = "invalid_network",
-    InclusionProofFailed = "inclusion_proof_failed",
-    InclusionProofPending = "inclusion_proof_pending",
-    UnexpectedResponse = "unexpected_response",// NOTE: when the World app returns an unexpected response
-    FailedByHostApp = "failed_by_host_app",// NOTE: Host app failed/rejected verification (does not come from World App / simulator)
-    GenericError = "generic_error"
-}
-declare enum VerificationState {
-    PreparingClient = "loading_widget",
-    WaitingForConnection = "awaiting_connection",// Awaiting connection from the wallet
-    WaitingForApp = "awaiting_app",// Awaiting user confirmation in wallet
-    Confirmed = "confirmed",
-    Failed = "failed"
-}
-
-interface ISuccessResult {
-    proof: string;
-    merkle_root: string;
-    nullifier_hash: string;
-    verification_level: VerificationLevel;
-}
-interface IErrorState {
-    code: AppErrorCodes;
-    message?: string;
-}
-
 type WorldBridgeStore = {
     bridge_url: string;
     iv: Uint8Array | null;
@@ -57,4 +27,4 @@ declare const DEFAULT_VERIFICATION_LEVEL = VerificationLevel.Orb;
  */
 declare const verification_level_to_credential_types: (verification_level: VerificationLevel) => string[];
 
-export { AppErrorCodes, DEFAULT_VERIFICATION_LEVEL, IDKitConfig, IErrorState, ISuccessResult, VerificationLevel, VerificationState, WorldBridgeStore, useWorldBridgeStore, verification_level_to_credential_types };
+export { AppErrorCodes, DEFAULT_VERIFICATION_LEVEL, IDKitConfig, ISuccessResult, VerificationLevel, VerificationState, WorldBridgeStore, useWorldBridgeStore, verification_level_to_credential_types };

package/build/index.d.ts

@@ -1,39 +1,9 @@
-import { V as VerificationLevel, I as IDKitConfig } from './config-325e0567.js';
-export { A as AbiEncodedValue, C as CredentialType } from './config-325e0567.js';
+import { I as ISuccessResult, A as AppErrorCodes, V as VerificationState } from './result-01cf95f2.js';
+export { a as IErrorState } from './result-01cf95f2.js';
+import { I as IDKitConfig, V as VerificationLevel } from './config-f327cc3d.js';
+export { A as AbiEncodedValue, C as CredentialType } from './config-f327cc3d.js';
 import * as zustand from 'zustand';
 
-declare enum AppErrorCodes {
-    ConnectionFailed = "connection_failed",
-    VerificationRejected = "verification_rejected",
-    MaxVerificationsReached = "max_verifications_reached",
-    CredentialUnavailable = "credential_unavailable",
-    MalformedRequest = "malformed_request",
-    InvalidNetwork = "invalid_network",
-    InclusionProofFailed = "inclusion_proof_failed",
-    InclusionProofPending = "inclusion_proof_pending",
-    UnexpectedResponse = "unexpected_response",// NOTE: when the World app returns an unexpected response
-    FailedByHostApp = "failed_by_host_app",// NOTE: Host app failed/rejected verification (does not come from World App / simulator)
-    GenericError = "generic_error"
-}
-declare enum VerificationState {
-    PreparingClient = "loading_widget",
-    WaitingForConnection = "awaiting_connection",// Awaiting connection from the wallet
-    WaitingForApp = "awaiting_app",// Awaiting user confirmation in wallet
-    Confirmed = "confirmed",
-    Failed = "failed"
-}
-
-interface ISuccessResult {
-    proof: string;
-    merkle_root: string;
-    nullifier_hash: string;
-    verification_level: VerificationLevel;
-}
-interface IErrorState {
-    code: AppErrorCodes;
-    message?: string;
-}
-
 type WorldBridgeStore = {
     bridge_url: string;
     iv: Uint8Array | null;
@@ -57,4 +27,4 @@ declare const DEFAULT_VERIFICATION_LEVEL = VerificationLevel.Orb;
  */
 declare const verification_level_to_credential_types: (verification_level: VerificationLevel) => string[];
 
-export { AppErrorCodes, DEFAULT_VERIFICATION_LEVEL, IDKitConfig, IErrorState, ISuccessResult, VerificationLevel, VerificationState, WorldBridgeStore, useWorldBridgeStore, verification_level_to_credential_types };
+export { AppErrorCodes, DEFAULT_VERIFICATION_LEVEL, IDKitConfig, ISuccessResult, VerificationLevel, VerificationState, WorldBridgeStore, useWorldBridgeStore, verification_level_to_credential_types };

package/build/index.js

@@ -42,6 +42,45 @@ var VerificationLevel = /* @__PURE__ */ ((VerificationLevel2) => {
 // src/bridge.ts
 import { create } from "zustand";
 
+// src/lib/validation.ts
+function validate_bridge_url(bridge_url, is_staging) {
+  try {
+    new URL(bridge_url);
+  } catch (e) {
+    return { valid: false, errors: ["Failed to parse Bridge URL."] };
+  }
+  const test_url = new URL(bridge_url);
+  const errors = [];
+  if (is_staging && ["localhost", "127.0.0.1"].includes(test_url.hostname)) {
+    console.log("Using staging app_id with localhost bridge_url. Skipping validation.");
+    return { valid: true };
+  }
+  if (test_url.protocol !== "https:") {
+    errors.push("Bridge URL must use HTTPS.");
+  }
+  if (test_url.port) {
+    errors.push("Bridge URL must use the default port (443).");
+  }
+  if (test_url.pathname !== "/") {
+    errors.push("Bridge URL must not have a path.");
+  }
+  if (test_url.search) {
+    errors.push("Bridge URL must not have query parameters.");
+  }
+  if (test_url.hash) {
+    errors.push("Bridge URL must not have a fragment.");
+  }
+  if (!test_url.hostname.endsWith(".worldcoin.org") && !test_url.hostname.endsWith(".toolsforhumanity.com")) {
+    console.warn(
+      "Bridge URL should be a subdomain of worldcoin.org or toolsforhumanity.com. The user's identity wallet may refuse to connect. This is a temporary measure and may be removed in the future."
+    );
+  }
+  if (errors.length) {
+    return { valid: false, errors };
+  }
+  return { valid: true };
+}
+
 // src/lib/utils.ts
 import { Buffer } from "buffer/index.js";
 var DEFAULT_VERIFICATION_LEVEL = "orb" /* Orb */;
@@ -109,7 +148,15 @@ var useWorldBridgeStore = create((set, get) => ({
   verificationState: "loading_widget" /* PreparingClient */,
   createClient: async ({ bridge_url, app_id, verification_level, action_description, action, signal }) => {
     const { key, iv } = await generateKey();
-    const res = await fetch(`${bridge_url ?? DEFAULT_BRIDGE_URL}/request`, {
+    if (bridge_url) {
+      const validation = validate_bridge_url(bridge_url, app_id.includes("staging"));
+      if (!validation.valid) {
+        console.error(validation.errors.join("\n"));
+        set({ verificationState: "failed" /* Failed */ });
+        throw new Error("Invalid bridge_url. Please check the console for more details.");
+      }
+    }
+    const res = await fetch(new URL("/request", bridge_url ?? DEFAULT_BRIDGE_URL), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(
@@ -149,7 +196,7 @@ var useWorldBridgeStore = create((set, get) => ({
     const key = get().key;
     if (!key)
       throw new Error("No keypair found. Please call `createClient` first.");
-    const res = await fetch(`${get().bridge_url}/response/${get().requestId}`);
+    const res = await fetch(new URL(`/response/${get().requestId}`, get().bridge_url));
     if (!res.ok) {
       return set({
         errorCode: "connection_failed" /* ConnectionFailed */,

package/build/lib/backend.cjs

@@ -0,0 +1,71 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/lib/backend.ts
+var backend_exports = {};
+__export(backend_exports, {
+  verifyCloudProof: () => verifyCloudProof
+});
+module.exports = __toCommonJS(backend_exports);
+
+// src/lib/hashing.ts
+var import_buffer = require("buffer/index.js");
+var import_viem = require("viem");
+function hashToField(input) {
+  if ((0, import_viem.isBytes)(input) || (0, import_viem.isHex)(input))
+    return hashEncodedBytes(input);
+  return hashString(input);
+}
+function hashString(input) {
+  const bytesInput = import_buffer.Buffer.from(input);
+  return hashEncodedBytes(bytesInput);
+}
+function hashEncodedBytes(input) {
+  const hash = BigInt((0, import_viem.keccak256)(input)) >> 8n;
+  const rawDigest = hash.toString(16);
+  return { hash, digest: `0x${rawDigest.padStart(64, "0")}` };
+}
+
+// src/lib/backend.ts
+var import_browser_or_node = require("browser-or-node");
+async function verifyCloudProof(proof, app_id, action, signal, endpoint) {
+  if (import_browser_or_node.isBrowser) {
+    throw new Error("verifyCloudProof can only be used in the backend.");
+  }
+  const response = await fetch(endpoint ?? `https://developer.worldcoin.org/api/v2/verify/${app_id}`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      ...proof,
+      action,
+      signal_hash: hashToField(signal ?? "").digest
+    })
+  });
+  if (response.ok) {
+    return { success: true };
+  } else {
+    return { success: false, ...await response.json() };
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifyCloudProof
+});

package/build/lib/backend.d.cts

@@ -0,0 +1,12 @@
+import { I as ISuccessResult } from '../result-01cf95f2.js';
+import '../config-f327cc3d.js';
+
+interface IVerifyResponse {
+    success: boolean;
+    code?: string;
+    detail?: string;
+    attribute?: string | null;
+}
+declare function verifyCloudProof(proof: ISuccessResult, app_id: `app_${string}`, action: string, signal?: string, endpoint?: URL | string): Promise<IVerifyResponse>;
+
+export { IVerifyResponse, verifyCloudProof };

package/build/lib/backend.d.ts

@@ -0,0 +1,12 @@
+import { I as ISuccessResult } from '../result-01cf95f2.js';
+import '../config-f327cc3d.js';
+
+interface IVerifyResponse {
+    success: boolean;
+    code?: string;
+    detail?: string;
+    attribute?: string | null;
+}
+declare function verifyCloudProof(proof: ISuccessResult, app_id: `app_${string}`, action: string, signal?: string, endpoint?: URL | string): Promise<IVerifyResponse>;
+
+export { IVerifyResponse, verifyCloudProof };

package/build/lib/backend.js

@@ -0,0 +1,30 @@
+import {
+  hashToField
+} from "../chunk-XHZXOIDF.js";
+
+// src/lib/backend.ts
+import { isBrowser } from "browser-or-node";
+async function verifyCloudProof(proof, app_id, action, signal, endpoint) {
+  if (isBrowser) {
+    throw new Error("verifyCloudProof can only be used in the backend.");
+  }
+  const response = await fetch(endpoint ?? `https://developer.worldcoin.org/api/v2/verify/${app_id}`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      ...proof,
+      action,
+      signal_hash: hashToField(signal ?? "").digest
+    })
+  });
+  if (response.ok) {
+    return { success: true };
+  } else {
+    return { success: false, ...await response.json() };
+  }
+}
+export {
+  verifyCloudProof
+};

package/build/lib/hashing.d.cts

@@ -1,4 +1,4 @@
-import { A as AbiEncodedValue, I as IDKitConfig } from '../config-325e0567.js';
+import { A as AbiEncodedValue, I as IDKitConfig } from '../config-f327cc3d.js';
 
 interface HashFunctionOutput {
     hash: bigint;

package/build/lib/hashing.d.ts

@@ -1,4 +1,4 @@
-import { A as AbiEncodedValue, I as IDKitConfig } from '../config-325e0567.js';
+import { A as AbiEncodedValue, I as IDKitConfig } from '../config-f327cc3d.js';
 
 interface HashFunctionOutput {
     hash: bigint;

package/build/result-01cf95f2.d.ts

@@ -0,0 +1,35 @@
+import { V as VerificationLevel } from './config-f327cc3d.js';
+
+declare enum AppErrorCodes {
+    ConnectionFailed = "connection_failed",
+    VerificationRejected = "verification_rejected",
+    MaxVerificationsReached = "max_verifications_reached",
+    CredentialUnavailable = "credential_unavailable",
+    MalformedRequest = "malformed_request",
+    InvalidNetwork = "invalid_network",
+    InclusionProofFailed = "inclusion_proof_failed",
+    InclusionProofPending = "inclusion_proof_pending",
+    UnexpectedResponse = "unexpected_response",// NOTE: when the World app returns an unexpected response
+    FailedByHostApp = "failed_by_host_app",// NOTE: Host app failed/rejected verification (does not come from World App / simulator)
+    GenericError = "generic_error"
+}
+declare enum VerificationState {
+    PreparingClient = "loading_widget",
+    WaitingForConnection = "awaiting_connection",// Awaiting connection from the wallet
+    WaitingForApp = "awaiting_app",// Awaiting user confirmation in wallet
+    Confirmed = "confirmed",
+    Failed = "failed"
+}
+
+interface ISuccessResult {
+    proof: string;
+    merkle_root: string;
+    nullifier_hash: string;
+    verification_level: VerificationLevel;
+}
+interface IErrorState {
+    code: AppErrorCodes;
+    message?: string;
+}
+
+export { AppErrorCodes as A, ISuccessResult as I, VerificationState as V, IErrorState as a };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@worldcoin/idkit-core",
-  "version": "1.1.3",
+  "version": "1.2.0",
   "homepage": "https://docs.worldcoin.org/id/idkit",
   "license": "MIT",
   "private": false,
@@ -21,10 +21,18 @@
       "import": "./build/lib/hashing.js",
       "types": "./build/lib/hashing.d.ts",
       "require": "./build/lib/hashing.cjs"
+    },
+    "./backend": {
+      "import": "./build/lib/backend.js",
+      "types": "./build/lib/backend.d.ts",
+      "require": "./build/lib/backend.cjs"
     }
   },
   "typesVersions": {
     "*": {
+      "backend": [
+        "./build/lib/backend.d.ts"
+      ],
       "hashing": [
         "./build/lib/hashing.d.ts"
       ],
@@ -48,9 +56,10 @@
     "sybil resistance"
   ],
   "dependencies": {
+    "browser-or-node": "3.0.0-pre.0",
     "buffer": "^6.0.3",
     "viem": "^1.19.11",
-    "zustand": "^4.3.3"
+    "zustand": "^4.5"
   },
   "devDependencies": {
     "@typescript-eslint/eslint-plugin": "^6.13.1",