@worldcoin/minikit-js 2.0.0-dev.0 → 2.0.0

package/README.md

@@ -86,7 +86,10 @@ import {
   SendTransactionErrorCodes,
 } from '@worldcoin/minikit-js/commands';
 import { getIsUserVerified } from '@worldcoin/minikit-js/address-book';
-import { parseSiweMessage, verifySiweMessage } from '@worldcoin/minikit-js/siwe';
+import {
+  parseSiweMessage,
+  verifySiweMessage,
+} from '@worldcoin/minikit-js/siwe';
 ```
 
 You can still import `MiniKit` itself from the package root:

package/build/chunk-6SCI6OTQ.js

@@ -0,0 +1,272 @@
+import {
+  setFallbackAdapter
+} from "./chunk-XHYUUG6Y.js";
+
+// src/commands/wagmi-fallback.ts
+var SIWE_NONCE_REGEX = /^[a-zA-Z0-9]{8,}$/;
+var WAGMI_KEY = "__minikit_wagmi_config__";
+function setWagmiConfig(config) {
+  globalThis[WAGMI_KEY] = config;
+  registerWagmiFallbacks();
+}
+function getWagmiConfig() {
+  return globalThis[WAGMI_KEY];
+}
+function hasWagmiConfig() {
+  return globalThis[WAGMI_KEY] !== void 0;
+}
+function registerWagmiFallbacks() {
+  setFallbackAdapter({
+    walletAuth: wagmiWalletAuth,
+    signMessage: wagmiSignMessage,
+    signTypedData: wagmiSignTypedData,
+    sendTransaction: wagmiSendTransaction
+  });
+}
+async function loadWagmiActions() {
+  console.log("[MiniKit WagmiFallback] loadWagmiActions:start", {
+    hasWindow: typeof window !== "undefined",
+    hasWagmiConfig: hasWagmiConfig()
+  });
+  try {
+    const actions = await import(
+      /* webpackIgnore: true */
+      "wagmi/actions"
+    );
+    console.log("[MiniKit WagmiFallback] loadWagmiActions:success");
+    return actions;
+  } catch (error) {
+    console.log("[MiniKit WagmiFallback] loadWagmiActions:error", {
+      message: error instanceof Error ? error.message : String(error)
+    });
+    const wrappedError = new Error(
+      'Wagmi fallback requires the "wagmi" package. Install wagmi or provide a custom fallback.'
+    );
+    wrappedError.cause = error;
+    throw wrappedError;
+  }
+}
+async function loadSiwe() {
+  try {
+    return await import(
+      /* webpackIgnore: true */
+      "siwe"
+    );
+  } catch (error) {
+    const wrappedError = new Error(
+      'Wagmi walletAuth fallback requires the "siwe" package. Install siwe or provide a custom fallback.'
+    );
+    wrappedError.cause = error;
+    throw wrappedError;
+  }
+}
+async function checksumAddress(addr) {
+  try {
+    const { getAddress } = await import(
+      /* webpackIgnore: true */
+      "viem"
+    );
+    return getAddress(addr);
+  } catch {
+    return addr;
+  }
+}
+async function ensureConnected(config) {
+  const { connect, getConnections } = await loadWagmiActions();
+  const isWorldApp = typeof window !== "undefined" && Boolean(window.WorldApp);
+  const existingConnection = getConnections(config).find(
+    (connection) => connection.accounts && connection.accounts.length > 0 && (isWorldApp || connection.connector?.id !== "worldApp")
+  );
+  if (existingConnection && existingConnection.accounts) {
+    return checksumAddress(existingConnection.accounts[0]);
+  }
+  const connectors = config.connectors;
+  if (!connectors || connectors.length === 0) {
+    throw new Error("No Wagmi connectors configured");
+  }
+  const candidateConnectors = isWorldApp ? connectors : connectors.filter(
+    (connector) => connector.id !== "worldApp"
+  );
+  if (!isWorldApp && candidateConnectors.length === 0) {
+    throw new Error(
+      "No web Wagmi connectors configured. Add a web connector (e.g. injected or walletConnect) after worldApp()."
+    );
+  }
+  const selectedConnector = candidateConnectors[0];
+  try {
+    const result = await connect(config, { connector: selectedConnector });
+    if (result.accounts.length > 0) {
+      const account = result.accounts[0];
+      const address = typeof account === "string" ? account : account.address;
+      if (address) {
+        return checksumAddress(address);
+      }
+    }
+  } catch (error) {
+    const connectorId = selectedConnector.id ?? "unknown";
+    const wrappedError = new Error(
+      `Failed to connect with connector "${connectorId}". Reorder connectors to change the default connector.`
+    );
+    wrappedError.cause = error;
+    throw wrappedError;
+  }
+  throw new Error("Failed to connect wallet");
+}
+async function wagmiWalletAuth(params) {
+  console.log("[MiniKit WagmiFallback] walletAuth:start", {
+    hasWagmiConfig: hasWagmiConfig(),
+    nonceLength: params.nonce?.length ?? 0
+  });
+  const config = getWagmiConfig();
+  if (!config) {
+    console.log("[MiniKit WagmiFallback] walletAuth:error:no-config");
+    throw new Error(
+      "Wagmi config not available. Pass wagmiConfig to MiniKitProvider."
+    );
+  }
+  const { signMessage } = await loadWagmiActions();
+  const { SiweMessage } = await loadSiwe();
+  const address = await ensureConnected(config);
+  if (!SIWE_NONCE_REGEX.test(params.nonce)) {
+    throw new Error(
+      "Invalid nonce: must be alphanumeric and at least 8 characters (EIP-4361)"
+    );
+  }
+  const siweMessage = new SiweMessage({
+    domain: typeof window !== "undefined" ? window.location.host : "localhost",
+    address,
+    statement: params.statement,
+    uri: typeof window !== "undefined" ? window.location.origin : "http://localhost",
+    version: "1",
+    chainId: 480,
+    // World Chain
+    nonce: params.nonce,
+    expirationTime: params.expirationTime?.toISOString()
+  });
+  const message = siweMessage.prepareMessage();
+  const signature = await signMessage(config, { message });
+  return {
+    address,
+    message,
+    signature
+  };
+}
+async function wagmiSignMessage(params) {
+  console.log("[MiniKit WagmiFallback] signMessage:start", {
+    hasWagmiConfig: hasWagmiConfig()
+  });
+  const config = getWagmiConfig();
+  if (!config) {
+    console.log("[MiniKit WagmiFallback] signMessage:error:no-config");
+    throw new Error(
+      "Wagmi config not available. Pass wagmiConfig to MiniKitProvider."
+    );
+  }
+  const { signMessage } = await loadWagmiActions();
+  const address = await ensureConnected(config);
+  const signature = await signMessage(config, {
+    account: address,
+    message: params.message
+  });
+  return {
+    status: "success",
+    version: 1,
+    signature,
+    address
+  };
+}
+async function wagmiSignTypedData(params) {
+  console.log("[MiniKit WagmiFallback] signTypedData:start", {
+    hasWagmiConfig: hasWagmiConfig(),
+    hasChainId: params.chainId !== void 0
+  });
+  const config = getWagmiConfig();
+  if (!config) {
+    console.log("[MiniKit WagmiFallback] signTypedData:error:no-config");
+    throw new Error(
+      "Wagmi config not available. Pass wagmiConfig to MiniKitProvider."
+    );
+  }
+  const { getChainId, signTypedData, switchChain } = await loadWagmiActions();
+  const address = await ensureConnected(config);
+  if (params.chainId !== void 0) {
+    const currentChainId = await getChainId(config);
+    if (currentChainId !== params.chainId) {
+      await switchChain(config, { chainId: params.chainId });
+    }
+  }
+  const signature = await signTypedData(config, {
+    account: address,
+    types: params.types,
+    primaryType: params.primaryType,
+    domain: params.domain,
+    message: params.message
+  });
+  return {
+    status: "success",
+    version: 1,
+    signature,
+    address
+  };
+}
+function isChainMismatchError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  return message.includes("does not match the target chain");
+}
+async function wagmiSendTransaction(params) {
+  console.log("[MiniKit WagmiFallback] sendTransaction:start", {
+    hasWagmiConfig: hasWagmiConfig(),
+    chainId: params.chainId,
+    hasData: Boolean(params.transaction.data)
+  });
+  const config = getWagmiConfig();
+  if (!config) {
+    console.log("[MiniKit WagmiFallback] sendTransaction:error:no-config");
+    throw new Error(
+      "Wagmi config not available. Pass wagmiConfig to MiniKitProvider."
+    );
+  }
+  const { getChainId, getWalletClient, sendTransaction, switchChain } = await loadWagmiActions();
+  await ensureConnected(config);
+  const targetChainId = params.chainId ?? config.chains?.[0]?.id;
+  const ensureTargetChain = async () => {
+    if (targetChainId === void 0) return;
+    const currentChainId = await getChainId(config);
+    if (currentChainId !== targetChainId) {
+      await switchChain(config, { chainId: targetChainId });
+    }
+    const walletClient = await getWalletClient(config);
+    const providerChainId = walletClient ? await walletClient.getChainId() : await getChainId(config);
+    if (providerChainId !== targetChainId) {
+      throw new Error(
+        `Wallet network mismatch: expected chain ${targetChainId}, got ${providerChainId}. Please switch networks in your wallet and retry.`
+      );
+    }
+  };
+  await ensureTargetChain();
+  let transactionHash;
+  try {
+    transactionHash = await sendTransaction(config, {
+      chainId: targetChainId,
+      to: params.transaction.address,
+      data: params.transaction.data,
+      value: params.transaction.value ? BigInt(params.transaction.value) : void 0
+    });
+  } catch (error) {
+    if (targetChainId === void 0 || !isChainMismatchError(error)) {
+      throw error;
+    }
+    await ensureTargetChain();
+    transactionHash = await sendTransaction(config, {
+      chainId: targetChainId,
+      to: params.transaction.address,
+      data: params.transaction.data,
+      value: params.transaction.value ? BigInt(params.transaction.value) : void 0
+    });
+  }
+  return { transactionHash };
+}
+
+export {
+  setWagmiConfig
+};

package/build/{chunk-LHHKY77D.js → chunk-IYL4VCWR.js}

@@ -3,8 +3,7 @@ import {
   createPublicClient,
   getContract,
   hashMessage,
-  http,
-  recoverAddress
+  http
 } from "viem";
 import { worldchain } from "viem/chains";
 var PREAMBLE = " wants you to sign in with your Ethereum account:";
@@ -16,7 +15,6 @@ var IAT_TAG = "Issued At: ";
 var EXP_TAG = "Expiration Time: ";
 var NBF_TAG = "Not Before: ";
 var RID_TAG = "Request ID: ";
-var ERC_191_PREFIX = "Ethereum Signed Message:\n";
 var EIP1271_MAGICVALUE = "0x1626ba7e";
 var SAFE_CONTRACT_ABI = [
   {
@@ -160,14 +158,8 @@ var generateSiweMessage = (siweMessageData) => {
   return siweMessage;
 };
 var verifySiweMessage = (payload, nonce, statement, requestId, userProvider) => {
-  if (payload.version === 1) {
-    return verifySiweMessageV1(
-      payload,
-      nonce,
-      statement,
-      requestId,
-      userProvider
-    );
+  if (payload.version !== 2) {
+    throw new Error("Unsupported version returned");
   } else {
     return verifySiweMessageV2(
       payload,
@@ -208,39 +200,14 @@ var validateMessage = (siweMessageData, nonce, statement, requestId) => {
   }
   return true;
 };
-var verifySiweMessageV1 = async (payload, nonce, statement, requestId, userProvider) => {
-  if (typeof window !== "undefined") {
-    throw new Error("Wallet auth payload can only be verified in the backend");
-  }
-  const { message, signature, address } = payload;
-  const siweMessageData = parseSiweMessage(message);
-  validateMessage(siweMessageData, nonce, statement, requestId);
-  let provider = userProvider || createPublicClient({ chain: worldchain, transport: http() });
-  const signedMessage = `${ERC_191_PREFIX}${message.length}${message}`;
-  const hashedMessage = hashMessage(signedMessage);
-  const contract = getContract({
-    address,
-    abi: SAFE_CONTRACT_ABI,
-    client: provider
-  });
-  try {
-    const recoveredAddress = await recoverAddress({
-      hash: hashedMessage,
-      signature: `0x${signature}`
-    });
-    const isOwner = await contract.read.isOwner([recoveredAddress]);
-    if (!isOwner) {
-      throw new Error("Signature verification failed, invalid owner");
-    }
-  } catch (error) {
-    throw new Error("Signature verification failed");
-  }
-  return { isValid: true, siweMessageData };
-};
 var verifySiweMessageV2 = async (payload, nonce, statement, requestId, userProvider) => {
   if (typeof window !== "undefined") {
     throw new Error("Wallet auth payload can only be verified in the backend");
   }
+  const NONCE_REGEX = /^[a-zA-Z0-9]+$/;
+  if (!NONCE_REGEX.test(nonce)) {
+    throw new Error("Invalid nonce: must be alphanumeric only (per ERC-4361)");
+  }
   const { message, signature, address } = payload;
   const siweMessageData = parseSiweMessage(message);
   if (!validateMessage(siweMessageData, nonce, statement, requestId)) {

package/build/chunk-QOFVDR5F.js

@@ -0,0 +1,279 @@
+import {
+  MiniKit
+} from "./chunk-QOLIACKU.js";
+
+// src/provider.ts
+import { getAddress } from "viem";
+function _getAddress() {
+  if (typeof window === "undefined") return void 0;
+  return window.__worldapp_eip1193_address__;
+}
+function _setAddress(addr) {
+  if (typeof window === "undefined") return;
+  try {
+    window.__worldapp_eip1193_address__ = getAddress(addr);
+  } catch {
+    window.__worldapp_eip1193_address__ = addr;
+  }
+}
+function _clearAddress() {
+  if (typeof window === "undefined") return;
+  window.__worldapp_eip1193_address__ = void 0;
+}
+function rpcError(code, message) {
+  return Object.assign(new Error(message), { code });
+}
+function isHexString(value) {
+  return /^0x[0-9a-fA-F]*$/.test(value);
+}
+function isAddressString(value) {
+  return /^0x[0-9a-fA-F]{40}$/.test(value);
+}
+function decodeHexToUtf8(hex) {
+  const raw = hex.slice(2);
+  if (raw.length % 2 !== 0) {
+    throw new Error("Invalid hex string length");
+  }
+  const bytes = new Uint8Array(raw.length / 2);
+  for (let i = 0; i < raw.length; i += 2) {
+    bytes[i / 2] = parseInt(raw.slice(i, i + 2), 16);
+  }
+  return new TextDecoder().decode(bytes);
+}
+function asArrayParams(params) {
+  if (params === void 0) return [];
+  return Array.isArray(params) ? params : [params];
+}
+function decodeMaybeHexMessage(value) {
+  if (!isHexString(value)) {
+    return value;
+  }
+  try {
+    return decodeHexToUtf8(value);
+  } catch {
+    return value;
+  }
+}
+function extractPersonalSignMessage(params) {
+  const items = asArrayParams(params);
+  if (items.length === 0) {
+    throw new Error("Missing personal_sign params");
+  }
+  const [first, second] = items;
+  const maybeMessage = typeof first === "string" && isAddressString(first) && typeof second === "string" ? second : first;
+  if (typeof maybeMessage !== "string") {
+    throw new Error("Invalid personal_sign message payload");
+  }
+  return decodeMaybeHexMessage(maybeMessage);
+}
+function extractEthSignMessage(params) {
+  const items = asArrayParams(params);
+  if (items.length === 0) {
+    throw new Error("Missing eth_sign params");
+  }
+  const [first, second] = items;
+  const maybeMessage = typeof second === "string" ? second : typeof first === "string" && !isAddressString(first) ? first : void 0;
+  if (typeof maybeMessage !== "string") {
+    throw new Error("Invalid eth_sign message payload");
+  }
+  return decodeMaybeHexMessage(maybeMessage);
+}
+function parseTypedDataInput(params) {
+  const items = asArrayParams(params);
+  const candidate = items.length > 1 ? items[1] : items[0];
+  if (!candidate) {
+    throw new Error("Missing typed data payload");
+  }
+  const parsed = typeof candidate === "string" ? JSON.parse(candidate) : candidate;
+  if (!parsed || typeof parsed !== "object" || typeof parsed.primaryType !== "string" || typeof parsed.message !== "object" || !parsed.message || typeof parsed.types !== "object" || !parsed.types) {
+    throw new Error("Invalid typed data payload");
+  }
+  const domainValue = parsed.domain;
+  const chainIdValue = domainValue?.chainId ?? parsed.chainId;
+  const parsedChainId = typeof chainIdValue === "string" ? Number(chainIdValue) : typeof chainIdValue === "number" ? chainIdValue : void 0;
+  return {
+    types: parsed.types,
+    primaryType: parsed.primaryType,
+    domain: domainValue,
+    message: parsed.message,
+    ...Number.isFinite(parsedChainId) ? { chainId: parsedChainId } : {}
+  };
+}
+function normalizeRpcValue(value) {
+  if (value === void 0 || value === null) return void 0;
+  if (typeof value === "string") return value;
+  if (typeof value === "bigint") return `0x${value.toString(16)}`;
+  if (typeof value === "number") return `0x${value.toString(16)}`;
+  return String(value);
+}
+function extractTransactionParams(params) {
+  const items = asArrayParams(params);
+  const tx = items[0] ?? {};
+  if (typeof tx.to !== "string" || !isAddressString(tx.to)) {
+    throw new Error('Invalid transaction "to" address');
+  }
+  const chainId = typeof tx.chainId === "string" ? Number(tx.chainId) : typeof tx.chainId === "number" ? tx.chainId : void 0;
+  const normalizedValue = normalizeRpcValue(tx.value);
+  return {
+    to: tx.to,
+    ...typeof tx.data === "string" ? { data: tx.data } : {},
+    ...normalizedValue !== void 0 ? { value: normalizedValue } : {},
+    ...Number.isFinite(chainId) ? { chainId } : {}
+  };
+}
+function extractSwitchChainId(params) {
+  const items = asArrayParams(params);
+  const payload = items[0] ?? {};
+  const rawChainId = payload.chainId;
+  const chainId = typeof rawChainId === "string" ? Number(rawChainId) : typeof rawChainId === "number" ? rawChainId : NaN;
+  if (!Number.isFinite(chainId)) {
+    throw new Error("Invalid chainId for wallet_switchEthereumChain");
+  }
+  return chainId;
+}
+function createProvider() {
+  const listeners = {};
+  function emit(event, ...args) {
+    listeners[event]?.forEach((fn) => fn(...args));
+  }
+  let authInFlight;
+  async function doAuth() {
+    if (!MiniKit.isInWorldApp() || !MiniKit.isInstalled()) {
+      throw rpcError(
+        4900,
+        "World App provider only works inside World App and must be installed"
+      );
+    }
+    try {
+      const result = await MiniKit.walletAuth({
+        nonce: crypto.randomUUID().replace(/-/g, ""),
+        statement: "Sign in with World App"
+      });
+      _setAddress(result.data.address);
+      const addr = _getAddress();
+      emit("accountsChanged", [addr]);
+      return [addr];
+    } catch (e) {
+      throw rpcError(4001, `World App wallet auth failed: ${e.message}`);
+    }
+  }
+  return {
+    async request({ method, params }) {
+      switch (method) {
+        case "eth_requestAccounts": {
+          const existing = _getAddress();
+          if (existing) return [existing];
+          if (!authInFlight) {
+            authInFlight = doAuth().finally(() => {
+              authInFlight = void 0;
+            });
+          }
+          return authInFlight;
+        }
+        case "eth_accounts": {
+          const addr = _getAddress();
+          return addr ? [addr] : [];
+        }
+        case "eth_chainId":
+          return "0x1e0";
+        // 480 = World Chain
+        case "personal_sign": {
+          const message = extractPersonalSignMessage(params);
+          try {
+            const result = await MiniKit.signMessage({ message });
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign message failed: ${e.message}`);
+          }
+        }
+        case "eth_sign": {
+          const message = extractEthSignMessage(params);
+          try {
+            const result = await MiniKit.signMessage({ message });
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign message failed: ${e.message}`);
+          }
+        }
+        case "eth_signTypedData":
+        case "eth_signTypedData_v3":
+        case "eth_signTypedData_v4": {
+          try {
+            const typedData = parseTypedDataInput(params);
+            const result = await MiniKit.signTypedData({
+              types: typedData.types,
+              primaryType: typedData.primaryType,
+              domain: typedData.domain,
+              message: typedData.message,
+              chainId: typedData.chainId
+            });
+            if (result.data.status === "error") {
+              throw rpcError(
+                4001,
+                `Sign typed data failed: ${result.data.error_code}`
+              );
+            }
+            return result.data.signature;
+          } catch (e) {
+            throw rpcError(4001, `Sign typed data failed: ${e.message}`);
+          }
+        }
+        case "eth_sendTransaction": {
+          const tx = extractTransactionParams(params);
+          if (tx.chainId !== void 0 && tx.chainId !== 480) {
+            throw rpcError(4902, "World App only supports World Chain (480)");
+          }
+          try {
+            const result = await MiniKit.sendTransaction({
+              chainId: tx.chainId ?? 480,
+              transactions: [
+                {
+                  to: tx.to,
+                  ...tx.data && tx.data !== "0x" ? { data: tx.data } : {},
+                  value: tx.value
+                }
+              ]
+            });
+            return result.data.userOpHash;
+          } catch (e) {
+            throw rpcError(4001, `Send transaction failed: ${e.message}`);
+          }
+        }
+        case "wallet_switchEthereumChain": {
+          const chainId = extractSwitchChainId(params);
+          if (chainId !== 480) {
+            throw rpcError(4902, "World App only supports World Chain (480)");
+          }
+          return null;
+        }
+        case "wallet_addEthereumChain": {
+          throw rpcError(4200, "World App only supports World Chain (480)");
+        }
+        default:
+          throw rpcError(4200, `Unsupported method: ${method}`);
+      }
+    },
+    on(event, fn) {
+      (listeners[event] ?? (listeners[event] = /* @__PURE__ */ new Set())).add(fn);
+    },
+    removeListener(event, fn) {
+      listeners[event]?.delete(fn);
+    }
+  };
+}
+function getWorldAppProvider() {
+  if (typeof window === "undefined") {
+    return createProvider();
+  }
+  if (!window.__worldapp_eip1193_provider__) {
+    window.__worldapp_eip1193_provider__ = createProvider();
+  }
+  return window.__worldapp_eip1193_provider__;
+}
+
+export {
+  _getAddress,
+  _setAddress,
+  _clearAddress,
+  getWorldAppProvider
+};