@worldcoin/minikit-js 2.0.0-dev.1 → 2.0.0

package/build/{chunk-2UPJKPQ6.js → chunk-6SCI6OTQ.js}

@@ -1,6 +1,6 @@
 import {
   setFallbackAdapter
-} from "./chunk-Z2UGRZJ2.js";
+} from "./chunk-XHYUUG6Y.js";
 
 // src/commands/wagmi-fallback.ts
 var SIWE_NONCE_REGEX = /^[a-zA-Z0-9]{8,}$/;

package/build/{chunk-LHHKY77D.js → chunk-IYL4VCWR.js}

@@ -3,8 +3,7 @@ import {
   createPublicClient,
   getContract,
   hashMessage,
-  http,
-  recoverAddress
+  http
 } from "viem";
 import { worldchain } from "viem/chains";
 var PREAMBLE = " wants you to sign in with your Ethereum account:";
@@ -16,7 +15,6 @@ var IAT_TAG = "Issued At: ";
 var EXP_TAG = "Expiration Time: ";
 var NBF_TAG = "Not Before: ";
 var RID_TAG = "Request ID: ";
-var ERC_191_PREFIX = "Ethereum Signed Message:\n";
 var EIP1271_MAGICVALUE = "0x1626ba7e";
 var SAFE_CONTRACT_ABI = [
   {
@@ -160,14 +158,8 @@ var generateSiweMessage = (siweMessageData) => {
   return siweMessage;
 };
 var verifySiweMessage = (payload, nonce, statement, requestId, userProvider) => {
-  if (payload.version === 1) {
-    return verifySiweMessageV1(
-      payload,
-      nonce,
-      statement,
-      requestId,
-      userProvider
-    );
+  if (payload.version !== 2) {
+    throw new Error("Unsupported version returned");
   } else {
     return verifySiweMessageV2(
       payload,
@@ -208,39 +200,14 @@ var validateMessage = (siweMessageData, nonce, statement, requestId) => {
   }
   return true;
 };
-var verifySiweMessageV1 = async (payload, nonce, statement, requestId, userProvider) => {
-  if (typeof window !== "undefined") {
-    throw new Error("Wallet auth payload can only be verified in the backend");
-  }
-  const { message, signature, address } = payload;
-  const siweMessageData = parseSiweMessage(message);
-  validateMessage(siweMessageData, nonce, statement, requestId);
-  let provider = userProvider || createPublicClient({ chain: worldchain, transport: http() });
-  const signedMessage = `${ERC_191_PREFIX}${message.length}${message}`;
-  const hashedMessage = hashMessage(signedMessage);
-  const contract = getContract({
-    address,
-    abi: SAFE_CONTRACT_ABI,
-    client: provider
-  });
-  try {
-    const recoveredAddress = await recoverAddress({
-      hash: hashedMessage,
-      signature: `0x${signature}`
-    });
-    const isOwner = await contract.read.isOwner([recoveredAddress]);
-    if (!isOwner) {
-      throw new Error("Signature verification failed, invalid owner");
-    }
-  } catch (error) {
-    throw new Error("Signature verification failed");
-  }
-  return { isValid: true, siweMessageData };
-};
 var verifySiweMessageV2 = async (payload, nonce, statement, requestId, userProvider) => {
   if (typeof window !== "undefined") {
     throw new Error("Wallet auth payload can only be verified in the backend");
   }
+  const NONCE_REGEX = /^[a-zA-Z0-9]+$/;
+  if (!NONCE_REGEX.test(nonce)) {
+    throw new Error("Invalid nonce: must be alphanumeric only (per ERC-4361)");
+  }
   const { message, signature, address } = payload;
   const siweMessageData = parseSiweMessage(message);
   if (!validateMessage(siweMessageData, nonce, statement, requestId)) {

package/build/{chunk-TGXD24YD.js → chunk-QOFVDR5F.js}

@@ -1,6 +1,6 @@
 import {
   MiniKit
-} from "./chunk-EHBM7OXH.js";
+} from "./chunk-QOLIACKU.js";
 
 // src/provider.ts
 import { getAddress } from "viem";

package/build/{chunk-EHBM7OXH.js → chunk-QOLIACKU.js}

@@ -17,7 +17,7 @@ import {
   signTypedData,
   validateCommands,
   walletAuth
-} from "./chunk-Z2UGRZJ2.js";
+} from "./chunk-XHYUUG6Y.js";
 
 // src/helpers/microphone.ts
 var microphoneSetupDone = false;

package/build/{chunk-Z2UGRZJ2.js → chunk-XHYUUG6Y.js}

@@ -1,6 +1,6 @@
 import {
   generateSiweMessage
-} from "./chunk-LHHKY77D.js";
+} from "./chunk-IYL4VCWR.js";
 
 // src/commands/types.ts
 var Command = /* @__PURE__ */ ((Command2) => {
@@ -1514,7 +1514,11 @@ async function nativeWalletAuth(options, ctx) {
   });
   const walletAuthPayload = { siweMessage };
   const worldAppVersion = ctx.state.deviceProperties.worldAppVersion;
-  const walletAuthVersion = worldAppVersion && worldAppVersion > 2087900 ? COMMAND_VERSIONS["wallet-auth" /* WalletAuth */] : 1;
+  if (worldAppVersion && worldAppVersion <= 2087900) {
+    throw new Error(
+      "Wallet auth v1 is no longer supported. Please update World App to the latest version."
+    );
+  }
   const finalPayload = await new Promise(
     (resolve, reject) => {
       try {
@@ -1524,7 +1528,7 @@ async function nativeWalletAuth(options, ctx) {
         });
         sendMiniKitEvent({
           command: "wallet-auth" /* WalletAuth */,
-          version: walletAuthVersion,
+          version: COMMAND_VERSIONS["wallet-auth" /* WalletAuth */],
           payload: walletAuthPayload
         });
       } catch (error) {

package/build/command-exports.cjs

@@ -1643,7 +1643,11 @@ async function nativeWalletAuth(options, ctx) {
   });
   const walletAuthPayload = { siweMessage };
   const worldAppVersion = ctx.state.deviceProperties.worldAppVersion;
-  const walletAuthVersion = worldAppVersion && worldAppVersion > 2087900 ? COMMAND_VERSIONS["wallet-auth" /* WalletAuth */] : 1;
+  if (worldAppVersion && worldAppVersion <= 2087900) {
+    throw new Error(
+      "Wallet auth v1 is no longer supported. Please update World App to the latest version."
+    );
+  }
   const finalPayload = await new Promise(
     (resolve, reject) => {
       try {
@@ -1653,7 +1657,7 @@ async function nativeWalletAuth(options, ctx) {
         });
         sendMiniKitEvent({
           command: "wallet-auth" /* WalletAuth */,
-          version: walletAuthVersion,
+          version: COMMAND_VERSIONS["wallet-auth" /* WalletAuth */],
           payload: walletAuthPayload
         });
       } catch (error) {

package/build/command-exports.js

@@ -61,8 +61,8 @@ import {
   tokenToDecimals,
   validateCommands,
   walletAuth
-} from "./chunk-Z2UGRZJ2.js";
-import "./chunk-LHHKY77D.js";
+} from "./chunk-XHYUUG6Y.js";
+import "./chunk-IYL4VCWR.js";
 export {
   AttestationError,
   AttestationErrorCodes,

package/build/connector/index.cjs

@@ -1645,7 +1645,11 @@ async function nativeWalletAuth(options, ctx) {
   });
   const walletAuthPayload = { siweMessage };
   const worldAppVersion = ctx.state.deviceProperties.worldAppVersion;
-  const walletAuthVersion = worldAppVersion && worldAppVersion > 2087900 ? COMMAND_VERSIONS["wallet-auth" /* WalletAuth */] : 1;
+  if (worldAppVersion && worldAppVersion <= 2087900) {
+    throw new Error(
+      "Wallet auth v1 is no longer supported. Please update World App to the latest version."
+    );
+  }
   const finalPayload = await new Promise(
     (resolve, reject) => {
       try {
@@ -1655,7 +1659,7 @@ async function nativeWalletAuth(options, ctx) {
         });
         sendMiniKitEvent({
           command: "wallet-auth" /* WalletAuth */,
-          version: walletAuthVersion,
+          version: COMMAND_VERSIONS["wallet-auth" /* WalletAuth */],
           payload: walletAuthPayload
         });
       } catch (error) {

package/build/connector/index.js

@@ -3,15 +3,15 @@ import {
   _getAddress,
   _setAddress,
   getWorldAppProvider
-} from "../chunk-TGXD24YD.js";
+} from "../chunk-QOFVDR5F.js";
 import {
   setWagmiConfig
-} from "../chunk-2UPJKPQ6.js";
+} from "../chunk-6SCI6OTQ.js";
 import {
   MiniKit
-} from "../chunk-EHBM7OXH.js";
-import "../chunk-Z2UGRZJ2.js";
-import "../chunk-LHHKY77D.js";
+} from "../chunk-QOLIACKU.js";
+import "../chunk-XHYUUG6Y.js";
+import "../chunk-IYL4VCWR.js";
 
 // src/connector/connector.ts
 function worldApp(options = {}) {

package/build/index.cjs

@@ -1368,7 +1368,11 @@ async function nativeWalletAuth(options, ctx) {
   });
   const walletAuthPayload = { siweMessage };
   const worldAppVersion = ctx.state.deviceProperties.worldAppVersion;
-  const walletAuthVersion = worldAppVersion && worldAppVersion > 2087900 ? COMMAND_VERSIONS["wallet-auth" /* WalletAuth */] : 1;
+  if (worldAppVersion && worldAppVersion <= 2087900) {
+    throw new Error(
+      "Wallet auth v1 is no longer supported. Please update World App to the latest version."
+    );
+  }
   const finalPayload = await new Promise(
     (resolve, reject) => {
       try {
@@ -1378,7 +1382,7 @@ async function nativeWalletAuth(options, ctx) {
         });
         sendMiniKitEvent({
           command: "wallet-auth" /* WalletAuth */,
-          version: walletAuthVersion,
+          version: COMMAND_VERSIONS["wallet-auth" /* WalletAuth */],
           payload: walletAuthPayload
         });
       } catch (error) {

package/build/index.js

@@ -1,11 +1,11 @@
 import {
   getWorldAppProvider
-} from "./chunk-TGXD24YD.js";
+} from "./chunk-QOFVDR5F.js";
 import {
   MiniKit
-} from "./chunk-EHBM7OXH.js";
-import "./chunk-Z2UGRZJ2.js";
-import "./chunk-LHHKY77D.js";
+} from "./chunk-QOLIACKU.js";
+import "./chunk-XHYUUG6Y.js";
+import "./chunk-IYL4VCWR.js";
 export {
   MiniKit,
   getWorldAppProvider

package/build/minikit-provider.cjs

@@ -1648,7 +1648,11 @@ async function nativeWalletAuth(options, ctx) {
   });
   const walletAuthPayload = { siweMessage };
   const worldAppVersion = ctx.state.deviceProperties.worldAppVersion;
-  const walletAuthVersion = worldAppVersion && worldAppVersion > 2087900 ? COMMAND_VERSIONS["wallet-auth" /* WalletAuth */] : 1;
+  if (worldAppVersion && worldAppVersion <= 2087900) {
+    throw new Error(
+      "Wallet auth v1 is no longer supported. Please update World App to the latest version."
+    );
+  }
   const finalPayload = await new Promise(
     (resolve, reject) => {
       try {
@@ -1658,7 +1662,7 @@ async function nativeWalletAuth(options, ctx) {
         });
         sendMiniKitEvent({
           command: "wallet-auth" /* WalletAuth */,
-          version: walletAuthVersion,
+          version: COMMAND_VERSIONS["wallet-auth" /* WalletAuth */],
           payload: walletAuthPayload
         });
       } catch (error) {

package/build/minikit-provider.js

@@ -1,12 +1,12 @@
 "use client";
 import {
   setWagmiConfig
-} from "./chunk-2UPJKPQ6.js";
+} from "./chunk-6SCI6OTQ.js";
 import {
   MiniKit
-} from "./chunk-EHBM7OXH.js";
-import "./chunk-Z2UGRZJ2.js";
-import "./chunk-LHHKY77D.js";
+} from "./chunk-QOLIACKU.js";
+import "./chunk-XHYUUG6Y.js";
+import "./chunk-IYL4VCWR.js";
 
 // src/minikit-provider.tsx
 import {

package/build/siwe-exports.cjs

@@ -37,7 +37,6 @@ var IAT_TAG = "Issued At: ";
 var EXP_TAG = "Expiration Time: ";
 var NBF_TAG = "Not Before: ";
 var RID_TAG = "Request ID: ";
-var ERC_191_PREFIX = "Ethereum Signed Message:\n";
 var EIP1271_MAGICVALUE = "0x1626ba7e";
 var SAFE_CONTRACT_ABI = [
   {
@@ -136,14 +135,8 @@ var parseSiweMessage = (inputString) => {
   return siweMessageData;
 };
 var verifySiweMessage = (payload, nonce, statement, requestId, userProvider) => {
-  if (payload.version === 1) {
-    return verifySiweMessageV1(
-      payload,
-      nonce,
-      statement,
-      requestId,
-      userProvider
-    );
+  if (payload.version !== 2) {
+    throw new Error("Unsupported version returned");
   } else {
     return verifySiweMessageV2(
       payload,
@@ -184,39 +177,14 @@ var validateMessage = (siweMessageData, nonce, statement, requestId) => {
   }
   return true;
 };
-var verifySiweMessageV1 = async (payload, nonce, statement, requestId, userProvider) => {
-  if (typeof window !== "undefined") {
-    throw new Error("Wallet auth payload can only be verified in the backend");
-  }
-  const { message, signature, address } = payload;
-  const siweMessageData = parseSiweMessage(message);
-  validateMessage(siweMessageData, nonce, statement, requestId);
-  let provider = userProvider || (0, import_viem.createPublicClient)({ chain: import_chains.worldchain, transport: (0, import_viem.http)() });
-  const signedMessage = `${ERC_191_PREFIX}${message.length}${message}`;
-  const hashedMessage = (0, import_viem.hashMessage)(signedMessage);
-  const contract = (0, import_viem.getContract)({
-    address,
-    abi: SAFE_CONTRACT_ABI,
-    client: provider
-  });
-  try {
-    const recoveredAddress = await (0, import_viem.recoverAddress)({
-      hash: hashedMessage,
-      signature: `0x${signature}`
-    });
-    const isOwner = await contract.read.isOwner([recoveredAddress]);
-    if (!isOwner) {
-      throw new Error("Signature verification failed, invalid owner");
-    }
-  } catch (error) {
-    throw new Error("Signature verification failed");
-  }
-  return { isValid: true, siweMessageData };
-};
 var verifySiweMessageV2 = async (payload, nonce, statement, requestId, userProvider) => {
   if (typeof window !== "undefined") {
     throw new Error("Wallet auth payload can only be verified in the backend");
   }
+  const NONCE_REGEX = /^[a-zA-Z0-9]+$/;
+  if (!NONCE_REGEX.test(nonce)) {
+    throw new Error("Invalid nonce: must be alphanumeric only (per ERC-4361)");
+  }
   const { message, signature, address } = payload;
   const siweMessageData = parseSiweMessage(message);
   if (!validateMessage(siweMessageData, nonce, statement, requestId)) {

package/build/siwe-exports.js

@@ -1,7 +1,7 @@
 import {
   parseSiweMessage,
   verifySiweMessage
-} from "./chunk-LHHKY77D.js";
+} from "./chunk-IYL4VCWR.js";
 export {
   parseSiweMessage,
   verifySiweMessage

package/package.json

@@ -140,7 +140,7 @@
       ]
     }
   },
-  "version": "2.0.0-dev.1",
+  "version": "2.0.0",
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",