@worldcoin/minikit-js 1.11.0 → 2.0.0-dev.1

package/build/chunk-LHHKY77D.js

@@ -0,0 +1,274 @@
+// src/commands/wallet-auth/siwe.ts
+import {
+  createPublicClient,
+  getContract,
+  hashMessage,
+  http,
+  recoverAddress
+} from "viem";
+import { worldchain } from "viem/chains";
+var PREAMBLE = " wants you to sign in with your Ethereum account:";
+var URI_TAG = "URI: ";
+var VERSION_TAG = "Version: ";
+var CHAIN_TAG = "Chain ID: ";
+var NONCE_TAG = "Nonce: ";
+var IAT_TAG = "Issued At: ";
+var EXP_TAG = "Expiration Time: ";
+var NBF_TAG = "Not Before: ";
+var RID_TAG = "Request ID: ";
+var ERC_191_PREFIX = "Ethereum Signed Message:\n";
+var EIP1271_MAGICVALUE = "0x1626ba7e";
+var SAFE_CONTRACT_ABI = [
+  {
+    inputs: [
+      {
+        internalType: "address",
+        name: "owner",
+        type: "address"
+      }
+    ],
+    name: "isOwner",
+    outputs: [
+      {
+        internalType: "bool",
+        name: "",
+        type: "bool"
+      }
+    ],
+    stateMutability: "view",
+    type: "function"
+  },
+  {
+    inputs: [
+      {
+        internalType: "bytes32",
+        name: "_message",
+        type: "bytes32"
+      },
+      {
+        internalType: "bytes",
+        name: "_signature",
+        type: "bytes"
+      }
+    ],
+    name: "isValidSignature",
+    outputs: [
+      {
+        internalType: "bytes4",
+        name: "",
+        type: "bytes4"
+      }
+    ],
+    stateMutability: "view",
+    type: "function"
+  }
+];
+var tagged = (line, tag) => {
+  if (line && line.includes(tag)) {
+    return line.replace(tag, "");
+  } else {
+    throw new Error(`Missing '${tag}'`);
+  }
+};
+var parseSiweMessage = (inputString) => {
+  const lines = inputString.split("\n")[Symbol.iterator]();
+  const domain = tagged(lines.next()?.value, PREAMBLE);
+  const address = lines.next()?.value;
+  lines.next();
+  const nextValue = lines.next()?.value;
+  let statement;
+  if (nextValue) {
+    statement = nextValue;
+    lines.next();
+  }
+  const uri = tagged(lines.next()?.value, URI_TAG);
+  const version = tagged(lines.next()?.value, VERSION_TAG);
+  const chain_id = tagged(lines.next()?.value, CHAIN_TAG);
+  const nonce = tagged(lines.next()?.value, NONCE_TAG);
+  const issued_at = tagged(lines.next()?.value, IAT_TAG);
+  let expiration_time, not_before, request_id;
+  for (let line of lines) {
+    if (line.startsWith(EXP_TAG)) {
+      expiration_time = tagged(line, EXP_TAG);
+    } else if (line.startsWith(NBF_TAG)) {
+      not_before = tagged(line, NBF_TAG);
+    } else if (line.startsWith(RID_TAG)) {
+      request_id = tagged(line, RID_TAG);
+    }
+  }
+  if (lines.next().done === false) {
+    throw new Error("Extra lines in the input");
+  }
+  const siweMessageData = {
+    domain,
+    address,
+    statement,
+    uri,
+    version,
+    chain_id,
+    nonce,
+    issued_at,
+    expiration_time,
+    not_before,
+    request_id
+  };
+  return siweMessageData;
+};
+var generateSiweMessage = (siweMessageData) => {
+  let siweMessage = "";
+  if (siweMessageData.scheme) {
+    siweMessage += `${siweMessageData.scheme}://${siweMessageData.domain} wants you to sign in with your Ethereum account:
+`;
+  } else {
+    siweMessage += `${siweMessageData.domain} wants you to sign in with your Ethereum account:
+`;
+  }
+  if (siweMessageData.address) {
+    siweMessage += `${siweMessageData.address}
+`;
+  } else {
+    siweMessage += "{address}\n";
+  }
+  siweMessage += "\n";
+  if (siweMessageData.statement) {
+    siweMessage += `${siweMessageData.statement}
+`;
+  }
+  siweMessage += "\n";
+  siweMessage += `URI: ${siweMessageData.uri}
+`;
+  siweMessage += `Version: ${siweMessageData.version}
+`;
+  siweMessage += `Chain ID: ${siweMessageData.chain_id}
+`;
+  siweMessage += `Nonce: ${siweMessageData.nonce}
+`;
+  siweMessage += `Issued At: ${siweMessageData.issued_at}
+`;
+  if (siweMessageData.expiration_time) {
+    siweMessage += `Expiration Time: ${siweMessageData.expiration_time}
+`;
+  }
+  if (siweMessageData.not_before) {
+    siweMessage += `Not Before: ${siweMessageData.not_before}
+`;
+  }
+  if (siweMessageData.request_id) {
+    siweMessage += `Request ID: ${siweMessageData.request_id}
+`;
+  }
+  return siweMessage;
+};
+var verifySiweMessage = (payload, nonce, statement, requestId, userProvider) => {
+  if (payload.version === 1) {
+    return verifySiweMessageV1(
+      payload,
+      nonce,
+      statement,
+      requestId,
+      userProvider
+    );
+  } else {
+    return verifySiweMessageV2(
+      payload,
+      nonce,
+      statement,
+      requestId,
+      userProvider
+    );
+  }
+};
+var validateMessage = (siweMessageData, nonce, statement, requestId) => {
+  if (siweMessageData.expiration_time) {
+    const expirationTime = new Date(siweMessageData.expiration_time);
+    if (expirationTime < /* @__PURE__ */ new Date()) {
+      throw new Error("Expired message");
+    }
+  }
+  if (siweMessageData.not_before) {
+    const notBefore = new Date(siweMessageData.not_before);
+    if (notBefore > /* @__PURE__ */ new Date()) {
+      throw new Error("Not Before time has not passed");
+    }
+  }
+  if (nonce && siweMessageData.nonce !== nonce) {
+    throw new Error(
+      `Nonce mismatch. Got: ${siweMessageData.nonce}, Expected: ${nonce}`
+    );
+  }
+  if (statement && siweMessageData.statement !== statement) {
+    throw new Error(
+      `Statement mismatch. Got: ${siweMessageData.statement}, Expected: ${statement}`
+    );
+  }
+  if (requestId && siweMessageData.request_id !== requestId) {
+    throw new Error(
+      `Request ID mismatch. Got: ${siweMessageData.request_id}, Expected: ${requestId}`
+    );
+  }
+  return true;
+};
+var verifySiweMessageV1 = async (payload, nonce, statement, requestId, userProvider) => {
+  if (typeof window !== "undefined") {
+    throw new Error("Wallet auth payload can only be verified in the backend");
+  }
+  const { message, signature, address } = payload;
+  const siweMessageData = parseSiweMessage(message);
+  validateMessage(siweMessageData, nonce, statement, requestId);
+  let provider = userProvider || createPublicClient({ chain: worldchain, transport: http() });
+  const signedMessage = `${ERC_191_PREFIX}${message.length}${message}`;
+  const hashedMessage = hashMessage(signedMessage);
+  const contract = getContract({
+    address,
+    abi: SAFE_CONTRACT_ABI,
+    client: provider
+  });
+  try {
+    const recoveredAddress = await recoverAddress({
+      hash: hashedMessage,
+      signature: `0x${signature}`
+    });
+    const isOwner = await contract.read.isOwner([recoveredAddress]);
+    if (!isOwner) {
+      throw new Error("Signature verification failed, invalid owner");
+    }
+  } catch (error) {
+    throw new Error("Signature verification failed");
+  }
+  return { isValid: true, siweMessageData };
+};
+var verifySiweMessageV2 = async (payload, nonce, statement, requestId, userProvider) => {
+  if (typeof window !== "undefined") {
+    throw new Error("Wallet auth payload can only be verified in the backend");
+  }
+  const { message, signature, address } = payload;
+  const siweMessageData = parseSiweMessage(message);
+  if (!validateMessage(siweMessageData, nonce, statement, requestId)) {
+    throw new Error("Validation failed");
+  }
+  try {
+    const walletContract = getContract({
+      address,
+      abi: SAFE_CONTRACT_ABI,
+      client: userProvider || createPublicClient({ chain: worldchain, transport: http() })
+    });
+    const hashedMessage = hashMessage(message);
+    const res = await walletContract.read.isValidSignature([
+      hashedMessage,
+      signature
+    ]);
+    return {
+      isValid: res === EIP1271_MAGICVALUE,
+      siweMessageData
+    };
+  } catch (error) {
+    console.log(error);
+    throw new Error("Signature verification failed");
+  }
+};
+
+export {
+  parseSiweMessage,
+  generateSiweMessage,
+  verifySiweMessage
+};

package/build/chunk-TGXD24YD.js

@@ -0,0 +1,279 @@
+import {
+  MiniKit
+} from "./chunk-EHBM7OXH.js";
+
+// src/provider.ts
+import { getAddress } from "viem";
+function _getAddress() {
+  if (typeof window === "undefined") return void 0;
+  return window.__worldapp_eip1193_address__;
+}
+function _setAddress(addr) {
+  if (typeof window === "undefined") return;
+  try {
+    window.__worldapp_eip1193_address__ = getAddress(addr);
+  } catch {
+    window.__worldapp_eip1193_address__ = addr;
+  }
+}
+function _clearAddress() {
+  if (typeof window === "undefined") return;
+  window.__worldapp_eip1193_address__ = void 0;
+}
+function rpcError(code, message) {
+  return Object.assign(new Error(message), { code });
+}
+function isHexString(value) {
+  return /^0x[0-9a-fA-F]*$/.test(value);
+}
+function isAddressString(value) {
+  return /^0x[0-9a-fA-F]{40}$/.test(value);
+}
+function decodeHexToUtf8(hex) {
+  const raw = hex.slice(2);
+  if (raw.length % 2 !== 0) {
+    throw new Error("Invalid hex string length");
+  }
+  const bytes = new Uint8Array(raw.length / 2);
+  for (let i = 0; i < raw.length; i += 2) {
+    bytes[i / 2] = parseInt(raw.slice(i, i + 2), 16);
+  }
+  return new TextDecoder().decode(bytes);
+}
+function asArrayParams(params) {
+  if (params === void 0) return [];
+  return Array.isArray(params) ? params : [params];
+}
+function decodeMaybeHexMessage(value) {
+  if (!isHexString(value)) {
+    return value;
+  }
+  try {
+    return decodeHexToUtf8(value);
+  } catch {
+    return value;
+  }
+}
+function extractPersonalSignMessage(params) {
+  const items = asArrayParams(params);
+  if (items.length === 0) {
+    throw new Error("Missing personal_sign params");
+  }
+  const [first, second] = items;
+  const maybeMessage = typeof first === "string" && isAddressString(first) && typeof second === "string" ? second : first;
+  if (typeof maybeMessage !== "string") {
+    throw new Error("Invalid personal_sign message payload");
+  }
+  return decodeMaybeHexMessage(maybeMessage);
+}
+function extractEthSignMessage(params) {
+  const items = asArrayParams(params);
+  if (items.length === 0) {
+    throw new Error("Missing eth_sign params");
+  }
+  const [first, second] = items;
+  const maybeMessage = typeof second === "string" ? second : typeof first === "string" && !isAddressString(first) ? first : void 0;
+  if (typeof maybeMessage !== "string") {
+    throw new Error("Invalid eth_sign message payload");
+  }
+  return decodeMaybeHexMessage(maybeMessage);
+}
+function parseTypedDataInput(params) {
+  const items = asArrayParams(params);
+  const candidate = items.length > 1 ? items[1] : items[0];
+  if (!candidate) {
+    throw new Error("Missing typed data payload");
+  }
+  const parsed = typeof candidate === "string" ? JSON.parse(candidate) : candidate;
+  if (!parsed || typeof parsed !== "object" || typeof parsed.primaryType !== "string" || typeof parsed.message !== "object" || !parsed.message || typeof parsed.types !== "object" || !parsed.types) {
+    throw new Error("Invalid typed data payload");
+  }
+  const domainValue = parsed.domain;
+  const chainIdValue = domainValue?.chainId ?? parsed.chainId;
+  const parsedChainId = typeof chainIdValue === "string" ? Number(chainIdValue) : typeof chainIdValue === "number" ? chainIdValue : void 0;
+  return {
+    types: parsed.types,
+    primaryType: parsed.primaryType,
+    domain: domainValue,
+    message: parsed.message,
+    ...Number.isFinite(parsedChainId) ? { chainId: parsedChainId } : {}
+  };
+}
+function normalizeRpcValue(value) {
+  if (value === void 0 || value === null) return void 0;
+  if (typeof value === "string") return value;
+  if (typeof value === "bigint") return `0x${value.toString(16)}`;
+  if (typeof value === "number") return `0x${value.toString(16)}`;
+  return String(value);
+}
+function extractTransactionParams(params) {
+  const items = asArrayParams(params);
+  const tx = items[0] ?? {};
+  if (typeof tx.to !== "string" || !isAddressString(tx.to)) {
+    throw new Error('Invalid transaction "to" address');
+  }
+  const chainId = typeof tx.chainId === "string" ? Number(tx.chainId) : typeof tx.chainId === "number" ? tx.chainId : void 0;
+  const normalizedValue = normalizeRpcValue(tx.value);
+  return {
+    to: tx.to,
+    ...typeof tx.data === "string" ? { data: tx.data } : {},
+    ...normalizedValue !== void 0 ? { value: normalizedValue } : {},
+    ...Number.isFinite(chainId) ? { chainId } : {}
+  };
+}
+function extractSwitchChainId(params) {
+  const items = asArrayParams(params);
+  const payload = items[0] ?? {};
+  const rawChainId = payload.chainId;
+  const chainId = typeof rawChainId === "string" ? Number(rawChainId) : typeof rawChainId === "number" ? rawChainId : NaN;
+  if (!Number.isFinite(chainId)) {
+    throw new Error("Invalid chainId for wallet_switchEthereumChain");
+  }
+  return chainId;
+}
+function createProvider() {
+  const listeners = {};
+  function emit(event, ...args) {
+    listeners[event]?.forEach((fn) => fn(...args));
+  }
+  let authInFlight;
+  async function doAuth() {
+    if (!MiniKit.isInWorldApp() || !MiniKit.isInstalled()) {
+      throw rpcError(
+        4900,
+        "World App provider only works inside World App and must be installed"
+      );
+    }
+    try {
+      const result = await MiniKit.walletAuth({
+        nonce: crypto.randomUUID().replace(/-/g, ""),
+        statement: "Sign in with World App"
+      });
+      _setAddress(result.data.address);
+      const addr = _getAddress();
+      emit("accountsChanged", [addr]);
+      return [addr];
+    } catch (e) {
+      throw rpcError(4001, `World App wallet auth failed: ${e.message}`);
+    }
+  }
+  return {
+    async request({ method, params }) {
+      switch (method) {
+        case "eth_requestAccounts": {
+          const existing = _getAddress();
+          if (existing) return [existing];
+          if (!authInFlight) {
+            authInFlight = doAuth().finally(() => {
+              authInFlight = void 0;
+            });
+          }
+          return authInFlight;
+        }
+        case "eth_accounts": {
+          const addr = _getAddress();
+          return addr ? [addr] : [];
+        }
+        case "eth_chainId":
+          return "0x1e0";
+        // 480 = World Chain
+        case "personal_sign": {
+          const message = extractPersonalSignMessage(params);
+          try {
+            const result = await MiniKit.signMessage({ message });
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign message failed: ${e.message}`);
+          }
+        }
+        case "eth_sign": {
+          const message = extractEthSignMessage(params);
+          try {
+            const result = await MiniKit.signMessage({ message });
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign message failed: ${e.message}`);
+          }
+        }
+        case "eth_signTypedData":
+        case "eth_signTypedData_v3":
+        case "eth_signTypedData_v4": {
+          try {
+            const typedData = parseTypedDataInput(params);
+            const result = await MiniKit.signTypedData({
+              types: typedData.types,
+              primaryType: typedData.primaryType,
+              domain: typedData.domain,
+              message: typedData.message,
+              chainId: typedData.chainId
+            });
+            if (result.data.status === "error") {
+              throw rpcError(
+                4001,
+                `Sign typed data failed: ${result.data.error_code}`
+              );
+            }
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign typed data failed: ${e.message}`);
+          }
+        }
+        case "eth_sendTransaction": {
+          const tx = extractTransactionParams(params);
+          if (tx.chainId !== void 0 && tx.chainId !== 480) {
+            throw rpcError(4902, "World App only supports World Chain (480)");
+          }
+          try {
+            const result = await MiniKit.sendTransaction({
+              chainId: tx.chainId ?? 480,
+              transactions: [
+                {
+                  to: tx.to,
+                  ...tx.data && tx.data !== "0x" ? { data: tx.data } : {},
+                  value: tx.value
+                }
+              ]
+            });
+            return result.data.userOpHash;
+          } catch (e) {
+            throw rpcError(4001, `Send transaction failed: ${e.message}`);
+          }
+        }
+        case "wallet_switchEthereumChain": {
+          const chainId = extractSwitchChainId(params);
+          if (chainId !== 480) {
+            throw rpcError(4902, "World App only supports World Chain (480)");
+          }
+          return null;
+        }
+        case "wallet_addEthereumChain": {
+          throw rpcError(4200, "World App only supports World Chain (480)");
+        }
+        default:
+          throw rpcError(4200, `Unsupported method: ${method}`);
+      }
+    },
+    on(event, fn) {
+      (listeners[event] ?? (listeners[event] = /* @__PURE__ */ new Set())).add(fn);
+    },
+    removeListener(event, fn) {
+      listeners[event]?.delete(fn);
+    }
+  };
+}
+function getWorldAppProvider() {
+  if (typeof window === "undefined") {
+    return createProvider();
+  }
+  if (!window.__worldapp_eip1193_provider__) {
+    window.__worldapp_eip1193_provider__ = createProvider();
+  }
+  return window.__worldapp_eip1193_provider__;
+}
+
+export {
+  _getAddress,
+  _setAddress,
+  _clearAddress,
+  getWorldAppProvider
+};