@zerodev/wallet-react 0.0.1-alpha.14 → 0.0.1-alpha.16

package/CHANGELOG.md

@@ -1,5 +1,21 @@
 # @zerodev/wallet-react
 
+## 0.0.1-alpha.16
+
+### Patch Changes
+
+- feat: switch signing to validated backend endpoints
+- Updated dependencies
+  - @zerodev/wallet-core@0.0.1-alpha.15
+
+## 0.0.1-alpha.15
+
+### Patch Changes
+
+- feat: replace cookie-based OAuth with server-side session ID
+- Updated dependencies
+  - @zerodev/wallet-core@0.0.1-alpha.14
+
 ## 0.0.1-alpha.14
 
 ### Patch Changes

package/dist/_cjs/actions.js

@@ -83,11 +83,12 @@ async function authenticateOAuth(config, parameters) {
         throw new Error(`Failed to open ${parameters.provider} login window.`);
     }
     return new Promise((resolve, reject) => {
-        const cleanup = (0, oauth_js_1.listenForOAuthMessage)(authWindow, window.location.origin, async () => {
+        const cleanup = (0, oauth_js_1.listenForOAuthMessage)(authWindow, window.location.origin, async (sessionId) => {
             try {
                 await wallet.auth({
                     type: 'oauth',
                     provider: parameters.provider,
+                    sessionId,
                 });
                 const [session, eoaAccount] = await Promise.all([
                     wallet.getSession(),

package/dist/_cjs/connector.js

@@ -12,6 +12,7 @@ const store_js_1 = require("./store.js");
 const aaUtils_js_1 = require("./utils/aaUtils.js");
 const OAUTH_SUCCESS_PARAM = 'oauth_success';
 const OAUTH_PROVIDER_PARAM = 'oauth_provider';
+const OAUTH_SESSION_ID_PARAM = 'session_id';
 async function detectAndHandleOAuthCallback(wallet, store) {
     if (typeof window === 'undefined')
         return false;
@@ -26,8 +27,9 @@ async function detectAndHandleOAuthCallback(wallet, store) {
     console.log('OAuth callback detected, completing authentication...');
     const provider = (params.get(OAUTH_PROVIDER_PARAM) ||
         'google');
+    const sessionId = params.get(OAUTH_SESSION_ID_PARAM) || '';
     try {
-        await wallet.auth({ type: 'oauth', provider });
+        await wallet.auth({ type: 'oauth', provider, sessionId });
         const [session, eoaAccount] = await Promise.all([
             wallet.getSession(),
             wallet.toAccount(),
@@ -36,6 +38,7 @@ async function detectAndHandleOAuthCallback(wallet, store) {
         store.getState().setSession(session || null);
         params.delete(OAUTH_SUCCESS_PARAM);
         params.delete(OAUTH_PROVIDER_PARAM);
+        params.delete(OAUTH_SESSION_ID_PARAM);
         const newUrl = params.toString()
             ? `${window.location.pathname}?${params.toString()}`
             : window.location.pathname;

package/dist/_cjs/oauth.js

@@ -46,7 +46,7 @@ function listenForOAuthMessage(authWindow, expectedOrigin, onSuccess, onError) {
             return;
         if (event.data.type === 'oauth_success') {
             cleanup();
-            onSuccess();
+            onSuccess(event.data.sessionId || '');
         }
         else if (event.data.type === 'oauth_error') {
             cleanup();
@@ -73,9 +73,13 @@ function handleOAuthCallback(successParam = 'oauth_success') {
     const urlParams = new URLSearchParams(window.location.search);
     const isSuccess = urlParams.get(successParam) === 'true';
     const error = urlParams.get('error');
+    const sessionId = urlParams.get('session_id') ?? undefined;
     if (window.opener) {
         if (isSuccess) {
-            window.opener.postMessage({ type: 'oauth_success' }, window.location.origin);
+            const message = { type: 'oauth_success' };
+            if (sessionId)
+                message.sessionId = sessionId;
+            window.opener.postMessage(message, window.location.origin);
             window.close();
             return true;
         }

package/dist/_cjs/provider.js

@@ -130,7 +130,9 @@ function createProvider({ store, config, }) {
                     }
                     if (!account)
                         throw new Error('Not authenticated');
-                    return await account.signMessage({ message });
+                    return await account.signMessage({
+                        message: { raw: message },
+                    });
                 }
                 case 'eth_signTypedData_v4': {
                     if (!params || params.length < 2) {

package/dist/_esm/actions.js

@@ -93,13 +93,13 @@ export async function authenticateOAuth(config, parameters) {
     }
     // Listen for OAuth completion via postMessage
     return new Promise((resolve, reject) => {
-        const cleanup = listenForOAuthMessage(authWindow, window.location.origin, async () => {
+        const cleanup = listenForOAuthMessage(authWindow, window.location.origin, async (sessionId) => {
             try {
                 // Complete OAuth authentication with wallet-core
-                // The backend has stored the OAuth session in a cookie
                 await wallet.auth({
                     type: 'oauth',
                     provider: parameters.provider,
+                    sessionId,
                 });
                 const [session, eoaAccount] = await Promise.all([
                     wallet.getSession(),

package/dist/_esm/connector.js

@@ -10,6 +10,7 @@ import { getAAUrl } from './utils/aaUtils.js';
 // OAuth URL parameter used to detect callback
 const OAUTH_SUCCESS_PARAM = 'oauth_success';
 const OAUTH_PROVIDER_PARAM = 'oauth_provider';
+const OAUTH_SESSION_ID_PARAM = 'session_id';
 /**
  * Detect OAuth callback from URL params and handle it.
  * - If in popup: sends postMessage to opener and closes
@@ -31,8 +32,9 @@ async function detectAndHandleOAuthCallback(wallet, store) {
     console.log('OAuth callback detected, completing authentication...');
     const provider = (params.get(OAUTH_PROVIDER_PARAM) ||
         'google');
+    const sessionId = params.get(OAUTH_SESSION_ID_PARAM) || '';
     try {
-        await wallet.auth({ type: 'oauth', provider });
+        await wallet.auth({ type: 'oauth', provider, sessionId });
         const [session, eoaAccount] = await Promise.all([
             wallet.getSession(),
             wallet.toAccount(),
@@ -42,6 +44,7 @@ async function detectAndHandleOAuthCallback(wallet, store) {
         // Clean up URL params
         params.delete(OAUTH_SUCCESS_PARAM);
         params.delete(OAUTH_PROVIDER_PARAM);
+        params.delete(OAUTH_SESSION_ID_PARAM);
         const newUrl = params.toString()
             ? `${window.location.pathname}?${params.toString()}`
             : window.location.pathname;

package/dist/_esm/oauth.js

@@ -47,7 +47,7 @@ export function listenForOAuthMessage(authWindow, expectedOrigin, onSuccess, onE
             return;
         if (event.data.type === 'oauth_success') {
             cleanup();
-            onSuccess();
+            onSuccess(event.data.sessionId || '');
         }
         else if (event.data.type === 'oauth_error') {
             cleanup();
@@ -79,9 +79,13 @@ export function handleOAuthCallback(successParam = 'oauth_success') {
     const urlParams = new URLSearchParams(window.location.search);
     const isSuccess = urlParams.get(successParam) === 'true';
     const error = urlParams.get('error');
+    const sessionId = urlParams.get('session_id') ?? undefined;
     if (window.opener) {
         if (isSuccess) {
-            window.opener.postMessage({ type: 'oauth_success' }, window.location.origin);
+            const message = { type: 'oauth_success' };
+            if (sessionId)
+                message.sessionId = sessionId;
+            window.opener.postMessage(message, window.location.origin);
             window.close();
             return true;
         }

package/dist/_esm/provider.js

@@ -135,7 +135,9 @@ export function createProvider({ store, config, }) {
                     }
                     if (!account)
                         throw new Error('Not authenticated');
-                    return await account.signMessage({ message });
+                    return await account.signMessage({
+                        message: { raw: message },
+                    });
                 }
                 case 'eth_signTypedData_v4': {
                     if (!params || params.length < 2) {

package/dist/_types/connector.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"connector.d.ts","sourceRoot":"","sources":["../../src/connector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,iBAAiB,EAAmB,MAAM,aAAa,CAAA;AAOrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAE1D,OAAO,EAAE,KAAK,KAAK,EAA4B,MAAM,MAAM,CAAA;AAgE3D,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,SAAS,KAAK,EAAE,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,uBAAuB,CAAC,EAAE,MAAM,CAAA;CACjC,CAAA;AAED,wBAAgB,aAAa,CAC3B,MAAM,EAAE,4BAA4B,GACnC,iBAAiB,CA2TnB"}
+{"version":3,"file":"connector.d.ts","sourceRoot":"","sources":["../../src/connector.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,iBAAiB,EAAmB,MAAM,aAAa,CAAA;AAOrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAA;AAE1D,OAAO,EAAE,KAAK,KAAK,EAA4B,MAAM,MAAM,CAAA;AAmE3D,MAAM,MAAM,4BAA4B,GAAG;IACzC,SAAS,EAAE,MAAM,CAAA;IACjB,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,SAAS,KAAK,EAAE,CAAA;IACxB,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,kBAAkB,CAAC,EAAE,OAAO,CAAA;IAC5B,uBAAuB,CAAC,EAAE,MAAM,CAAA;CACjC,CAAA;AAED,wBAAgB,aAAa,CAC3B,MAAM,EAAE,4BAA4B,GACnC,iBAAiB,CA2TnB"}

package/dist/_types/oauth.d.ts

@@ -18,13 +18,14 @@ export declare function generateOAuthNonce(publicKey: string): string;
 export declare function buildBackendOAuthUrl(params: BackendOAuthFlowParams): string;
 export type OAuthMessageData = {
     type: 'oauth_success' | 'oauth_error';
+    sessionId?: string;
     error?: string;
 };
 /**
  * Listen for OAuth completion via postMessage from popup
  * The popup sends a message when it detects a successful redirect
  */
-export declare function listenForOAuthMessage(authWindow: Window, expectedOrigin: string, onSuccess: () => void, onError: (error: Error) => void): () => void;
+export declare function listenForOAuthMessage(authWindow: Window, expectedOrigin: string, onSuccess: (sessionId: string) => void, onError: (error: Error) => void): () => void;
 /**
  * Handle OAuth callback on the return page
  * Call this on the page that receives the OAuth redirect

package/dist/_types/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,eAAe;;CAElB,CAAA;AAEV,MAAM,MAAM,aAAa,GACvB,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAA;AAExD,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,aAAa,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAKD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiBzD;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,sBAAsB,GAAG,MAAM,CAa3E;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,eAAe,GAAG,aAAa,CAAA;IACrC,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,EACtB,SAAS,EAAE,MAAM,IAAI,EACrB,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,MAAM,IAAI,CAkCZ;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,SAAkB,GAAG,OAAO,CAyB3E"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../src/oauth.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,eAAe;;CAElB,CAAA;AAEV,MAAM,MAAM,aAAa,GACvB,CAAC,OAAO,eAAe,CAAC,CAAC,MAAM,OAAO,eAAe,CAAC,CAAA;AAExD,MAAM,MAAM,sBAAsB,GAAG;IACnC,QAAQ,EAAE,aAAa,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,SAAS,EAAE,MAAM,CAAA;IACjB,QAAQ,EAAE,MAAM,CAAA;CACjB,CAAA;AAKD,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAiBzD;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAE5D;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,sBAAsB,GAAG,MAAM,CAa3E;AAED,MAAM,MAAM,gBAAgB,GAAG;IAC7B,IAAI,EAAE,eAAe,GAAG,aAAa,CAAA;IACrC,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,KAAK,CAAC,EAAE,MAAM,CAAA;CACf,CAAA;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CACnC,UAAU,EAAE,MAAM,EAClB,cAAc,EAAE,MAAM,EACtB,SAAS,EAAE,CAAC,SAAS,EAAE,MAAM,KAAK,IAAI,EACtC,OAAO,EAAE,CAAC,KAAK,EAAE,KAAK,KAAK,IAAI,GAC9B,MAAM,IAAI,CAkCZ;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,YAAY,SAAkB,GAAG,OAAO,CAyB3E"}

package/dist/_types/provider.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AAC7B,OAAO,KAAK,EAAE,KAAK,EAAgB,MAAM,MAAM,CAAA;AAE/C,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAA;AAI1D,KAAK,oBAAoB,GAAG;IAC1B,KAAK,EAAE,UAAU,CAAC,OAAO,wBAAwB,CAAC,CAAA;IAClD,MAAM,EAAE,4BAA4B,CAAA;IACpC,MAAM,EAAE,KAAK,EAAE,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,QAAQ,CAAC,aAAa,CAAC,GAAG;IACxE,OAAO,CAAC,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACvE,OAAO,IAAI,IAAI,CAAA;CAChB,CAAA;AAED,wBAAgB,cAAc,CAAC,EAC7B,KAAK,EACL,MAAM,GACP,EAAE,oBAAoB,GAAG,eAAe,CAsNxC"}
+{"version":3,"file":"provider.d.ts","sourceRoot":"","sources":["../../src/provider.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAE,MAAM,IAAI,CAAA;AAC7B,OAAO,KAAK,EAAE,KAAK,EAAgB,MAAM,MAAM,CAAA;AAE/C,OAAO,KAAK,EAAE,4BAA4B,EAAE,MAAM,gBAAgB,CAAA;AAClE,OAAO,KAAK,EAAE,wBAAwB,EAAE,MAAM,YAAY,CAAA;AAI1D,KAAK,oBAAoB,GAAG;IAC1B,KAAK,EAAE,UAAU,CAAC,OAAO,wBAAwB,CAAC,CAAA;IAClD,MAAM,EAAE,4BAA4B,CAAA;IACpC,MAAM,EAAE,KAAK,EAAE,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,eAAe,GAAG,UAAU,CAAC,OAAO,QAAQ,CAAC,aAAa,CAAC,GAAG;IACxE,OAAO,CAAC,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,OAAO,EAAE,CAAA;KAAE,GAAG,OAAO,CAAC,OAAO,CAAC,CAAA;IACvE,OAAO,IAAI,IAAI,CAAA;CAChB,CAAA;AAED,wBAAgB,cAAc,CAAC,EAC7B,KAAK,EACL,MAAM,GACP,EAAE,oBAAoB,GAAG,eAAe,CAwNxC"}