four-flap-meme-sdk 1.3.2 → 1.3.3

package/dist/flap/portal-bundle-merkle/core.js

@@ -34,7 +34,6 @@ export async function createTokenWithBundleBuyMerkle(params) {
         throw new Error(getErrorMessage('AMOUNT_MISMATCH', buyAmounts.length, privateKeys.length - 1));
     }
     const { provider, chainId } = createChainContext(chain, config.rpcUrl);
-    const gasPrice = await resolveGasPrice(provider, config);
     const nonceManager = new NonceManager(provider);
     const signedTxs = [];
     const devWallet = new Wallet(privateKeys[0], provider);
@@ -42,8 +41,9 @@ export async function createTokenWithBundleBuyMerkle(params) {
     const originalPortalAddr = FLAP_ORIGINAL_PORTAL_ADDRESSES[chain];
     const portal = new ethers.Contract(originalPortalAddr, PORTAL_ABI, devWallet);
     const useV3 = !!params.extensionID;
-    const createTxUnsigned = useV3
-        ? await portal.newTokenV3.populateTransaction({
+    // ✅ 优化：并行获取 gasPrice、devWallet nonce 和 createTx
+    const createTxPromise = useV3
+        ? portal.newTokenV3.populateTransaction({
             name: tokenInfo.name,
             symbol: tokenInfo.symbol,
             meta: tokenInfo.meta,
@@ -58,7 +58,7 @@ export async function createTokenWithBundleBuyMerkle(params) {
             extensionID: params.extensionID,
             extensionData: params.extensionData ?? '0x'
         })
-        : await portal.newTokenV2.populateTransaction({
+        : portal.newTokenV2.populateTransaction({
             name: tokenInfo.name,
             symbol: tokenInfo.symbol,
             meta: tokenInfo.meta,
@@ -71,10 +71,15 @@ export async function createTokenWithBundleBuyMerkle(params) {
             beneficiary: devWallet.address,
             permitData: '0x'
         });
+    const [gasPrice, createTxUnsigned, devNonce] = await Promise.all([
+        resolveGasPrice(provider, config),
+        createTxPromise,
+        nonceManager.getNextNonce(devWallet)
+    ]);
     const createTxRequest = {
         ...createTxUnsigned,
         from: devWallet.address,
-        nonce: await nonceManager.getNextNonce(devWallet),
+        nonce: devNonce,
         gasLimit: getGasLimit(config),
         gasPrice,
         chainId,
@@ -99,8 +104,11 @@ export async function createTokenWithBundleBuyMerkle(params) {
         console.log('🔍 createToken SDK 精度转换: 18 -> ', params.quoteTokenDecimals, ', 原始:', fundsList, ', 转换后:', adjustedFundsList);
     }
     console.log('🔍 createToken SDK - quoteToken:', params.quoteToken, 'inputToken:', inputToken, 'useNativeToken:', useNativeToken);
-    const unsignedBuys = await populateBuyTransactionsWithQuote(buyers, portalAddr, tokenAddress, adjustedFundsList, inputToken, useNativeToken);
-    const buyerNonces = await allocateBuyerNonces(buyers, extractProfit, maxFundsIndex, totalProfit, nonceManager);
+    // ✅ 优化：并行获取 unsignedBuys 和 buyerNonces
+    const [unsignedBuys, buyerNonces] = await Promise.all([
+        populateBuyTransactionsWithQuote(buyers, portalAddr, tokenAddress, adjustedFundsList, inputToken, useNativeToken),
+        allocateBuyerNonces(buyers, extractProfit, maxFundsIndex, totalProfit, nonceManager)
+    ]);
     const signedBuys = await signBuyTransactions({
         unsignedBuys,
         buyers,
@@ -170,12 +178,12 @@ export async function batchBuyWithBundleMerkle(params) {
     console.log('🔍 SDK inputToken 计算结果:', inputToken);
     console.log('🔍 SDK useNativeToken:', useNativeToken);
     console.log('🔍 SDK adjustedFundsList:', adjustedFundsList);
-    // ✅ 优化：并行执行 gasPrice 和 populateBuyTransactions（最耗时的两个操作）
-    const [gasPrice, unsignedBuys] = await Promise.all([
+    // ✅ 优化：并行执行 gasPrice、populateBuyTransactions 和 allocateBuyerNonces（三个最耗时的 RPC 操作）
+    const [gasPrice, unsignedBuys, buyerNonces] = await Promise.all([
         resolveGasPrice(provider, config),
-        populateBuyTransactionsWithQuote(buyers, FLAP_PORTAL_ADDRESSES[chain], tokenAddress, adjustedFundsList, inputToken, useNativeToken)
+        populateBuyTransactionsWithQuote(buyers, FLAP_PORTAL_ADDRESSES[chain], tokenAddress, adjustedFundsList, inputToken, useNativeToken),
+        allocateBuyerNonces(buyers, extractProfit, maxFundsIndex, totalProfit, nonceManager)
     ]);
-    const buyerNonces = await allocateBuyerNonces(buyers, extractProfit, maxFundsIndex, totalProfit, nonceManager);
     const signedBuys = await signBuyTransactions({
         unsignedBuys,
         buyers,
@@ -343,19 +351,23 @@ function buildGasLimitList(length, config) {
     const gasLimit = getGasLimit(config);
     return new Array(length).fill(gasLimit);
 }
+/**
+ * ✅ 优化：并行获取所有钱包的 nonce
+ * 之前是串行循环，每个钱包一次 RPC 调用，非常慢
+ * 现在并行获取，大幅提升性能
+ */
 async function allocateBuyerNonces(buyers, extractProfit, maxIndex, totalProfit, nonceManager) {
-    const nonces = [];
-    for (let i = 0; i < buyers.length; i++) {
-        if (extractProfit && totalProfit > 0n && i === maxIndex) {
-            const [nonce] = await nonceManager.getNextNonceBatch(buyers[i], 2);
-            nonces.push(nonce);
-        }
-        else {
-            const nonce = await nonceManager.getNextNonce(buyers[i]);
-            nonces.push(nonce);
-        }
+    // ✅ 并行获取所有钱包的初始 nonce
+    const initialNonces = await Promise.all(buyers.map(buyer => nonceManager.getNextNonce(buyer)));
+    // 如果需要提取利润，maxIndex 钱包需要额外一个 nonce（用于利润转账）
+    // 但这里只返回买入交易的 nonce，利润交易的 nonce 在 appendProfitTransaction 中处理
+    // NonceManager 内部会追踪已分配的 nonce
+    // 如果 maxIndex 钱包需要 2 个 nonce，提前预留
+    if (extractProfit && totalProfit > 0n && maxIndex >= 0 && maxIndex < buyers.length) {
+        // 再获取一个 nonce 给利润交易（NonceManager 内部会自增）
+        await nonceManager.getNextNonce(buyers[maxIndex]);
     }
-    return nonces;
+    return initialNonces;
 }
 async function signBuyTransactions({ unsignedBuys, buyers, nonces, gasLimits, gasPrice, chainId, config, fundsList, useNativeToken = true // ✅ 默认使用原生代币
  }) {

package/dist/flap/portal-bundle-merkle/encryption.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export declare function encryptWithPublicKey(signedTransactions: string[], publicKeyBase64: string): Promise<string>;
+/**
+ * 验证公钥格式（Base64）
+ */
+export declare function validatePublicKey(publicKeyBase64: string): boolean;

package/dist/flap/portal-bundle-merkle/encryption.js

@@ -0,0 +1,146 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 获取全局 crypto 对象（最简单直接的方式）
+ */
+function getCryptoAPI() {
+    // 尝试所有可能的全局对象，优先浏览器环境
+    const cryptoObj = (typeof window !== 'undefined' && window.crypto) ||
+        (typeof self !== 'undefined' && self.crypto) ||
+        (typeof global !== 'undefined' && global.crypto) ||
+        (typeof globalThis !== 'undefined' && globalThis.crypto);
+    if (!cryptoObj) {
+        const env = typeof window !== 'undefined' ? 'Browser' : 'Node.js';
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        throw new Error(`❌ Crypto API 不可用。环境: ${env}, 协议: ${protocol}. ` +
+            '请确保在 HTTPS 或 localhost 下运行');
+    }
+    return cryptoObj;
+}
+/**
+ * 获取 SubtleCrypto（用于加密操作）
+ */
+function getSubtleCrypto() {
+    const crypto = getCryptoAPI();
+    if (!crypto.subtle) {
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        const hostname = typeof location !== 'undefined' ? location.hostname : 'unknown';
+        throw new Error(`❌ SubtleCrypto API 不可用。协议: ${protocol}, 主机: ${hostname}. ` +
+            '请确保：1) 使用 HTTPS (或 localhost)；2) 浏览器支持 Web Crypto API；' +
+            '3) 不在无痕/隐私浏览模式下');
+    }
+    return crypto.subtle;
+}
+/**
+ * Base64 转 ArrayBuffer（优先使用浏览器 API）
+ */
+function base64ToArrayBuffer(base64) {
+    // 浏览器环境（优先）
+    if (typeof atob !== 'undefined') {
+        const binaryString = atob(base64);
+        const bytes = new Uint8Array(binaryString.length);
+        for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes.buffer;
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(base64, 'base64').buffer;
+    }
+    throw new Error('❌ Base64 解码不可用');
+}
+/**
+ * ArrayBuffer 转 Base64（优先使用浏览器 API）
+ */
+function arrayBufferToBase64(buffer) {
+    // 浏览器环境（优先）
+    if (typeof btoa !== 'undefined') {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        for (let i = 0; i < bytes.length; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary);
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(buffer).toString('base64');
+    }
+    throw new Error('❌ Base64 编码不可用');
+}
+/**
+ * 生成随机 Hex 字符串
+ */
+function randomHex(length) {
+    const crypto = getCryptoAPI();
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export async function encryptWithPublicKey(signedTransactions, publicKeyBase64) {
+    try {
+        // 0. 获取 SubtleCrypto 和 Crypto API
+        const subtle = getSubtleCrypto();
+        const crypto = getCryptoAPI();
+        // 1. 准备数据
+        const payload = {
+            signedTransactions,
+            timestamp: Date.now(),
+            nonce: randomHex(8)
+        };
+        const plaintext = JSON.stringify(payload);
+        // 2. 生成临时 ECDH 密钥对
+        const ephemeralKeyPair = await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveKey']);
+        // 3. 导入服务器公钥
+        const publicKeyBuffer = base64ToArrayBuffer(publicKeyBase64);
+        const publicKey = await subtle.importKey('raw', publicKeyBuffer, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
+        // 4. 派生共享密钥（AES-256）
+        const sharedKey = await subtle.deriveKey({ name: 'ECDH', public: publicKey }, ephemeralKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
+        // 5. AES-GCM 加密
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const encrypted = await subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, new TextEncoder().encode(plaintext));
+        // 6. 导出临时公钥
+        const ephemeralPublicKeyRaw = await subtle.exportKey('raw', ephemeralKeyPair.publicKey);
+        // 7. 返回加密包（JSON 格式）
+        return JSON.stringify({
+            e: arrayBufferToBase64(ephemeralPublicKeyRaw), // 临时公钥
+            i: arrayBufferToBase64(iv.buffer), // IV
+            d: arrayBufferToBase64(encrypted) // 密文
+        });
+    }
+    catch (error) {
+        throw new Error(`加密失败: ${error?.message || String(error)}`);
+    }
+}
+/**
+ * 验证公钥格式（Base64）
+ */
+export function validatePublicKey(publicKeyBase64) {
+    try {
+        if (!publicKeyBase64)
+            return false;
+        // Base64 字符集验证
+        if (!/^[A-Za-z0-9+/=]+$/.test(publicKeyBase64))
+            return false;
+        // ECDH P-256 公钥固定长度 65 字节（未压缩）
+        // Base64 编码后约 88 字符
+        if (publicKeyBase64.length < 80 || publicKeyBase64.length > 100)
+            return false;
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "four-flap-meme-sdk",
-  "version": "1.3.2",
+  "version": "1.3.3",
   "description": "SDK for Flap bonding curve and four.meme TokenManager",
   "type": "module",
   "main": "dist/index.js",