@yeying-community/web3-bs 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -22,7 +22,7 @@ npm install @yeying-community/web3-bs
22
22
 
23
23
  - `getProvider` / `requireProvider`
24
24
  - `watchProvider`
25
- - `requestAccounts` / `focusPendingApproval` / `getAccounts` / `getPreferredAccount` / `watchAccounts`
25
+ - `requestAccounts` / `focusPendingApproval` / `getAccounts` / `getPreferredAccount` / `resolveWalletAccount` / `watchAccounts`
26
26
  - `getChainId` / `getBalance`
27
27
  - `onAccountsChanged` / `onChainChanged`
28
28
  - `classifyWalletError` / `isUserRejectedWalletAction` / `isWalletReconnectError`
@@ -30,6 +30,14 @@ npm install @yeying-community/web3-bs
30
30
  `requestAccounts` 默认会复用同一 provider 上尚未完成的连接请求,避免用户重复点击时触发多个钱包授权弹窗。
31
31
  当钱包已经存在待确认的连接、签名或解锁窗口时,可调用 `focusPendingApproval` 将该窗口重新拉到前台,而不是再发起一次新的请求。
32
32
 
33
+ `resolveWalletAccount` 用于处理“应用传入期望地址”和“钱包当前地址”之间的关系:
34
+ - 未传 `expectedAccount`:直接采用钱包当前地址,返回 `status: "wallet"`
35
+ - 传了且与钱包当前地址一致:返回 `status: "matched"`
36
+ - 传了但与钱包当前地址不一致:返回 `status: "mismatch"`
37
+ - 钱包当前没有可用地址:返回 `status: "unavailable"`
38
+
39
+ 它只返回结构化决策结果,不负责弹窗、toast 或业务状态写入,适合在登录、授权、签名前由应用自行决定是继续使用当前钱包地址,还是要求用户切换钱包账户。
40
+
33
41
  ### 2) SIWE + JWT
34
42
 
35
43
  - `signMessage`
@@ -1,4 +1,4 @@
1
- import { Eip1193Provider, ProviderDiscoveryOptions, ProviderInfo, RequestAccountsOptions, AccountSelection, PreferredAccountOptions, WatchAccountsOptions, AccountsChangedHandler, WatchProviderOptions, ProviderChangedHandler, WalletErrorInfo, FocusPendingApprovalResult } from './types';
1
+ import { Eip1193Provider, ProviderDiscoveryOptions, ProviderInfo, RequestAccountsOptions, AccountSelection, PreferredAccountOptions, ResolveWalletAccountOptions, WalletAccountResolution, WatchAccountsOptions, AccountsChangedHandler, WatchProviderOptions, ProviderChangedHandler, WalletErrorInfo, FocusPendingApprovalResult } from './types';
2
2
  export declare function isYeYingProvider(provider?: Eip1193Provider | null, info?: ProviderInfo): boolean;
3
3
  export declare function getProvider(options?: ProviderDiscoveryOptions): Promise<Eip1193Provider | null>;
4
4
  export declare function watchProvider(handler: ProviderChangedHandler, options?: WatchProviderOptions): () => void;
@@ -13,6 +13,7 @@ export declare function focusPendingApproval(provider?: Eip1193Provider): Promis
13
13
  export declare function getAccounts(provider?: Eip1193Provider): Promise<string[]>;
14
14
  export declare function getChainId(provider?: Eip1193Provider): Promise<string | null>;
15
15
  export declare function getPreferredAccount(options?: PreferredAccountOptions): Promise<AccountSelection>;
16
+ export declare function resolveWalletAccount(options?: ResolveWalletAccountOptions): Promise<WalletAccountResolution>;
16
17
  export declare function watchAccounts(provider: Eip1193Provider, handler: AccountsChangedHandler, options?: WatchAccountsOptions): () => void;
17
18
  export declare function getBalance(provider?: Eip1193Provider, address?: string, blockTag?: string): Promise<string>;
18
19
  export declare function onAccountsChanged(provider: Eip1193Provider, handler: (accounts: string[]) => void): () => void;
@@ -67,6 +67,35 @@ export interface PreferredAccountOptions extends RequestAccountsOptions {
67
67
  autoConnect?: boolean;
68
68
  preferStored?: boolean;
69
69
  }
70
+ export interface ResolveWalletAccountOptions extends RequestAccountsOptions {
71
+ expectedAccount?: string | null;
72
+ autoConnect?: boolean;
73
+ }
74
+ export type WalletAccountResolution = {
75
+ status: 'wallet';
76
+ account: string;
77
+ walletAccount: string;
78
+ expectedAccount: null;
79
+ accounts: string[];
80
+ } | {
81
+ status: 'matched';
82
+ account: string;
83
+ walletAccount: string;
84
+ expectedAccount: string;
85
+ accounts: string[];
86
+ } | {
87
+ status: 'mismatch';
88
+ account: null;
89
+ walletAccount: string;
90
+ expectedAccount: string;
91
+ accounts: string[];
92
+ } | {
93
+ status: 'unavailable';
94
+ account: null;
95
+ walletAccount: null;
96
+ expectedAccount: string | null;
97
+ accounts: string[];
98
+ };
70
99
  export interface WatchAccountsOptions {
71
100
  storageKey?: string;
72
101
  preferStored?: boolean;
@@ -120,6 +120,32 @@ export type UcanAuthErrorInfo = {
120
120
  status?: number;
121
121
  code?: string | number;
122
122
  };
123
+ export type ResolveUcanAuthorizationReason = 'missing_root' | 'expired' | 'not_before' | 'missing_account' | 'invalid_issuer' | 'issuer_mismatch' | 'capability_mismatch' | 'audience_mismatch' | 'service_host_mismatch';
124
+ export type ResolveUcanAuthorizationOptions = {
125
+ sessionId?: string;
126
+ root?: UcanRootProof | null;
127
+ currentAccount?: string | null;
128
+ expectedCapabilities?: UcanCapability[];
129
+ expectedAudience?: string | null;
130
+ expectedServiceHosts?: Record<string, string | null | undefined>;
131
+ recoverAccountFromRoot?: boolean;
132
+ nowMs?: number;
133
+ };
134
+ export type ResolveUcanAuthorizationResult = {
135
+ status: 'authorized';
136
+ account: string;
137
+ root: UcanRootProof;
138
+ restoredAccount: boolean;
139
+ expiresAt: number;
140
+ } | {
141
+ status: 'unauthorized';
142
+ reason: ResolveUcanAuthorizationReason;
143
+ root?: UcanRootProof | null;
144
+ account?: string | null;
145
+ expiresAt?: number;
146
+ expected?: string;
147
+ actual?: string;
148
+ };
123
149
  export declare const DEFAULT_UCAN_SESSION_TTL_MS: number;
124
150
  export declare const DEFAULT_UCAN_TOKEN_TTL_MS: number;
125
151
  export declare const DEFAULT_UCAN_TOKEN_SKEW_MS: number;
@@ -132,6 +158,7 @@ export declare function normalizeUcanCapabilities(caps: UcanCapability[] | undef
132
158
  includeLegacyAliases?: boolean;
133
159
  }): UcanCapability[];
134
160
  export declare function normalizeUcanExpiry(exp: number | undefined, fallbackMs: number): number;
161
+ export declare function parseUcanAccountFromIssuer(issuer?: string | null): string | null;
135
162
  export declare function decodeUcanPayload(token: string): UcanTokenPayload | null;
136
163
  export declare function getUcanTokenTiming(token: string, options?: {
137
164
  nowMs?: number;
@@ -145,6 +172,7 @@ export declare function createUcanSession(options?: CreateUcanSessionOptions): P
145
172
  export declare function clearUcanSession(id?: string): Promise<void>;
146
173
  export declare function storeUcanRoot(root: UcanRootProof, id?: string): Promise<void>;
147
174
  export declare function getStoredUcanRoot(id?: string): Promise<UcanRootProof | null>;
175
+ export declare function resolveUcanAuthorization(options?: ResolveUcanAuthorizationOptions): Promise<ResolveUcanAuthorizationResult>;
148
176
  export declare function getOrCreateUcanRoot(options: CreateRootUcanOptions): Promise<UcanRootProof>;
149
177
  export declare function createRootUcan(options: CreateRootUcanOptions): Promise<UcanRootProof>;
150
178
  export declare function createDelegationUcan(options: CreateUcanTokenOptions): Promise<string>;
@@ -73,6 +73,17 @@ function selectPreferredAccount(accounts, stored, preferStored) {
73
73
  }
74
74
  return accounts[0] || null;
75
75
  }
76
+ function normalizeAccount(account) {
77
+ const normalized = (account || '').trim();
78
+ return normalized || null;
79
+ }
80
+ function isSameAccount(left, right) {
81
+ const normalizedLeft = normalizeAccount(left);
82
+ const normalizedRight = normalizeAccount(right);
83
+ return Boolean(normalizedLeft &&
84
+ normalizedRight &&
85
+ normalizedLeft.toLowerCase() === normalizedRight.toLowerCase());
86
+ }
76
87
  function isYeYingProvider(provider, info) {
77
88
  if (!provider)
78
89
  return false;
@@ -336,6 +347,49 @@ async function getPreferredAccount(options = {}) {
336
347
  writeStoredAccount(storageKey, account);
337
348
  return { account, accounts };
338
349
  }
350
+ async function resolveWalletAccount(options = {}) {
351
+ const provider = options.provider || (await requireProvider());
352
+ let accounts = await getAccounts(provider);
353
+ if (accounts.length === 0 && options.autoConnect) {
354
+ accounts = await requestAccounts({ provider });
355
+ }
356
+ const expectedAccount = normalizeAccount(options.expectedAccount);
357
+ const walletAccount = normalizeAccount(accounts[0]);
358
+ if (!walletAccount) {
359
+ return {
360
+ status: 'unavailable',
361
+ account: null,
362
+ walletAccount: null,
363
+ expectedAccount,
364
+ accounts,
365
+ };
366
+ }
367
+ if (!expectedAccount) {
368
+ return {
369
+ status: 'wallet',
370
+ account: walletAccount,
371
+ walletAccount,
372
+ expectedAccount: null,
373
+ accounts,
374
+ };
375
+ }
376
+ if (isSameAccount(expectedAccount, walletAccount)) {
377
+ return {
378
+ status: 'matched',
379
+ account: walletAccount,
380
+ walletAccount,
381
+ expectedAccount,
382
+ accounts,
383
+ };
384
+ }
385
+ return {
386
+ status: 'mismatch',
387
+ account: null,
388
+ walletAccount,
389
+ expectedAccount,
390
+ accounts,
391
+ };
392
+ }
339
393
  function watchAccounts(provider, handler, options = {}) {
340
394
  const storageKey = options.storageKey || DEFAULT_ACCOUNT_STORAGE_KEY;
341
395
  const preferStored = options.preferStored !== false;
@@ -810,6 +864,73 @@ function normalizeExpiry(exp, fallbackMs) {
810
864
  function normalizeUcanExpiry(exp, fallbackMs) {
811
865
  return normalizeExpiry(exp, fallbackMs);
812
866
  }
867
+ function normalizeEthAccount(account) {
868
+ return String(account || '').trim().toLowerCase();
869
+ }
870
+ function parseUcanAccountFromIssuer(issuer) {
871
+ const normalized = String(issuer || '').trim().toLowerCase();
872
+ const prefix = 'did:pkh:eth:';
873
+ if (!normalized.startsWith(prefix))
874
+ return null;
875
+ const account = normalized.slice(prefix.length);
876
+ return account || null;
877
+ }
878
+ function getUcanIssuerForAccount(account) {
879
+ return `did:pkh:eth:${normalizeEthAccount(account)}`;
880
+ }
881
+ function extractUcanStatementPayload(message) {
882
+ if (!message || typeof message !== 'string')
883
+ return null;
884
+ const marker = 'UCAN-AUTH';
885
+ const index = message.indexOf(marker);
886
+ if (index < 0)
887
+ return null;
888
+ const jsonStart = message.indexOf('{', index + marker.length);
889
+ const jsonEnd = message.lastIndexOf('}');
890
+ if (jsonStart < 0 || jsonEnd < jsonStart)
891
+ return null;
892
+ try {
893
+ const parsed = JSON.parse(message.slice(jsonStart, jsonEnd + 1));
894
+ if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
895
+ return null;
896
+ }
897
+ return parsed;
898
+ }
899
+ catch {
900
+ return null;
901
+ }
902
+ }
903
+ function getUcanRootServiceHosts(root) {
904
+ const payload = extractUcanStatementPayload(root.siwe?.message);
905
+ const hosts = payload?.service_hosts;
906
+ if (!hosts || typeof hosts !== 'object' || Array.isArray(hosts)) {
907
+ return null;
908
+ }
909
+ return hosts;
910
+ }
911
+ function getServiceHostMismatch(root, expectedServiceHosts) {
912
+ if (!expectedServiceHosts)
913
+ return null;
914
+ const entries = Object.entries(expectedServiceHosts)
915
+ .map(([key, value]) => [key, String(value || '').trim()])
916
+ .filter(([, value]) => Boolean(value));
917
+ if (!entries.length)
918
+ return null;
919
+ const hosts = getUcanRootServiceHosts(root);
920
+ if (!hosts) {
921
+ return {
922
+ expected: entries.map(([key, value]) => `${key}:${value}`).join('|'),
923
+ actual: '',
924
+ };
925
+ }
926
+ for (const [key, expected] of entries) {
927
+ const actual = typeof hosts[key] === 'string' ? hosts[key].trim() : '';
928
+ if (actual !== expected) {
929
+ return { expected, actual };
930
+ }
931
+ }
932
+ return null;
933
+ }
813
934
  function decodeUcanPayload(token) {
814
935
  const parts = String(token || '').split('.');
815
936
  if (parts.length < 2)
@@ -1237,6 +1358,105 @@ function capsEqual(a, b) {
1237
1358
  function isRootExpired(root, nowMs) {
1238
1359
  return Boolean(root.exp && nowMs > root.exp);
1239
1360
  }
1361
+ async function resolveUcanAuthorization(options = {}) {
1362
+ const root = options.root === undefined
1363
+ ? await getStoredUcanRoot(options.sessionId || DEFAULT_SESSION_ID)
1364
+ : options.root;
1365
+ const nowMs = options.nowMs ?? Date.now();
1366
+ if (!root) {
1367
+ return { status: 'unauthorized', reason: 'missing_root', root };
1368
+ }
1369
+ if (typeof root.exp !== 'number' || root.exp <= nowMs) {
1370
+ return {
1371
+ status: 'unauthorized',
1372
+ reason: 'expired',
1373
+ root,
1374
+ expiresAt: root.exp,
1375
+ };
1376
+ }
1377
+ if (typeof root.nbf === 'number' && root.nbf > nowMs) {
1378
+ return {
1379
+ status: 'unauthorized',
1380
+ reason: 'not_before',
1381
+ root,
1382
+ expiresAt: root.exp,
1383
+ };
1384
+ }
1385
+ const accountFromIssuer = parseUcanAccountFromIssuer(root.iss);
1386
+ if (!accountFromIssuer) {
1387
+ return {
1388
+ status: 'unauthorized',
1389
+ reason: 'invalid_issuer',
1390
+ root,
1391
+ expiresAt: root.exp,
1392
+ actual: root.iss,
1393
+ };
1394
+ }
1395
+ const currentAccount = normalizeEthAccount(options.currentAccount);
1396
+ if (!currentAccount && !options.recoverAccountFromRoot) {
1397
+ return {
1398
+ status: 'unauthorized',
1399
+ reason: 'missing_account',
1400
+ root,
1401
+ account: null,
1402
+ expiresAt: root.exp,
1403
+ };
1404
+ }
1405
+ const account = currentAccount || accountFromIssuer;
1406
+ const expectedIssuer = getUcanIssuerForAccount(account);
1407
+ if (root.iss !== expectedIssuer) {
1408
+ return {
1409
+ status: 'unauthorized',
1410
+ reason: 'issuer_mismatch',
1411
+ root,
1412
+ account,
1413
+ expiresAt: root.exp,
1414
+ expected: expectedIssuer,
1415
+ actual: root.iss,
1416
+ };
1417
+ }
1418
+ if (options.expectedCapabilities &&
1419
+ !capsEqual(root.cap, options.expectedCapabilities)) {
1420
+ return {
1421
+ status: 'unauthorized',
1422
+ reason: 'capability_mismatch',
1423
+ root,
1424
+ account,
1425
+ expiresAt: root.exp,
1426
+ };
1427
+ }
1428
+ const expectedAudience = String(options.expectedAudience || '').trim();
1429
+ if (expectedAudience && root.aud !== expectedAudience) {
1430
+ return {
1431
+ status: 'unauthorized',
1432
+ reason: 'audience_mismatch',
1433
+ root,
1434
+ account,
1435
+ expiresAt: root.exp,
1436
+ expected: expectedAudience,
1437
+ actual: root.aud,
1438
+ };
1439
+ }
1440
+ const serviceHostMismatch = getServiceHostMismatch(root, options.expectedServiceHosts);
1441
+ if (serviceHostMismatch) {
1442
+ return {
1443
+ status: 'unauthorized',
1444
+ reason: 'service_host_mismatch',
1445
+ root,
1446
+ account,
1447
+ expiresAt: root.exp,
1448
+ expected: serviceHostMismatch.expected,
1449
+ actual: serviceHostMismatch.actual,
1450
+ };
1451
+ }
1452
+ return {
1453
+ status: 'authorized',
1454
+ account,
1455
+ root,
1456
+ restoredAccount: !currentAccount && account === accountFromIssuer,
1457
+ expiresAt: root.exp,
1458
+ };
1459
+ }
1240
1460
  async function getOrCreateUcanRoot(options) {
1241
1461
  const provider = options.provider || (await requireProvider());
1242
1462
  const session = options.session || (await createUcanSession({ id: options.sessionId, provider }));
@@ -2471,5 +2691,5 @@ async function initDappSession(options) {
2471
2691
  return result;
2472
2692
  }
2473
2693
 
2474
- export { CipherError, DEFAULT_UCAN_SESSION_TTL_MS, DEFAULT_UCAN_TOKEN_SKEW_MS, DEFAULT_UCAN_TOKEN_TTL_MS, WebDavClient, authCentralUcanFetch, authFetch, authUcanFetch, base64ToBytes, bytesToBase64, classifyUcanAuthError, classifyWalletError, clearAccessToken, clearCentralSessionToken, clearUcanSession, createAndIssueCentralUcan, createCentralSession, createDelegationUcan, createInvocationUcan, createRootUcan, createUcanSession, createWebDavClient, decodeUcanPayload, decrypt, deriveAppIdFromHost, deriveAppIdFromLocation, encrypt, focusPendingApproval, getAccessToken, getAccounts, getBalance, getCapabilityAction, getCapabilityResource, getCentralIssuerInfo, getCentralSessionToken, getChainId, getOrCreateInvocationUcan, getOrCreateUcanRoot, getPreferredAccount, getProvider, getStoredUcanRoot, getSupportedCipherSuites, getUcanSession, getUcanTokenTiming, getWalletErrorCode, getWalletErrorMessage, initDappSession, initWebDavStorage, isUcanTokenFresh, isUserRejectedWalletAction, isWalletReconnectError, isYeYingProvider, issueCentralUcan, loginWithChallenge, logout, normalizeAppHostnameForAppId, normalizeUcanCapabilities, normalizeUcanCapability, normalizeUcanExpiry, onAccountsChanged, onChainChanged, refreshAccessToken, requestAccounts, requireProvider, setAccessToken, setCentralSessionToken, signMessage, storeUcanRoot, watchAccounts, watchProvider };
2694
+ export { CipherError, DEFAULT_UCAN_SESSION_TTL_MS, DEFAULT_UCAN_TOKEN_SKEW_MS, DEFAULT_UCAN_TOKEN_TTL_MS, WebDavClient, authCentralUcanFetch, authFetch, authUcanFetch, base64ToBytes, bytesToBase64, classifyUcanAuthError, classifyWalletError, clearAccessToken, clearCentralSessionToken, clearUcanSession, createAndIssueCentralUcan, createCentralSession, createDelegationUcan, createInvocationUcan, createRootUcan, createUcanSession, createWebDavClient, decodeUcanPayload, decrypt, deriveAppIdFromHost, deriveAppIdFromLocation, encrypt, focusPendingApproval, getAccessToken, getAccounts, getBalance, getCapabilityAction, getCapabilityResource, getCentralIssuerInfo, getCentralSessionToken, getChainId, getOrCreateInvocationUcan, getOrCreateUcanRoot, getPreferredAccount, getProvider, getStoredUcanRoot, getSupportedCipherSuites, getUcanSession, getUcanTokenTiming, getWalletErrorCode, getWalletErrorMessage, initDappSession, initWebDavStorage, isUcanTokenFresh, isUserRejectedWalletAction, isWalletReconnectError, isYeYingProvider, issueCentralUcan, loginWithChallenge, logout, normalizeAppHostnameForAppId, normalizeUcanCapabilities, normalizeUcanCapability, normalizeUcanExpiry, onAccountsChanged, onChainChanged, parseUcanAccountFromIssuer, refreshAccessToken, requestAccounts, requireProvider, resolveUcanAuthorization, resolveWalletAccount, setAccessToken, setCentralSessionToken, signMessage, storeUcanRoot, watchAccounts, watchProvider };
2475
2695
  //# sourceMappingURL=web3-bs.esm.js.map