four-flap-meme-sdk 1.4.96 → 1.4.98

package/dist/flap/portal-bundle-merkle/create-to-dex.js

@@ -158,13 +158,29 @@ function splitAmount(totalAmount, count) {
         allocated += amount;
     }
     amounts.push(totalAmount - allocated);
-    // 随机打乱
-    for (let i = amounts.length - 1; i > 0; i--) {
-        const j = Math.floor(Math.random() * (i + 1));
-        [amounts[i], amounts[j]] = [amounts[j], amounts[i]];
-    }
     return amounts;
 }
+/** 解析输入金额字符串为 bigint（按是否原生币选择 parseEther / parseUnits） */
+function parseQuoteAmount(amount, useNativeToken, quoteTokenDecimals) {
+    const v = String(amount ?? '').trim();
+    if (!v)
+        return 0n;
+    return useNativeToken ? ethers.parseEther(v) : ethers.parseUnits(v, quoteTokenDecimals);
+}
+/**
+ * 计算每个买家的买入金额（优先使用 params 传入的 buyAmount；否则 fallback 到按总额随机拆分）
+ * 说明：memeweb 前端已根据 average/random/custom 计算出每个钱包 buyAmount；
+ * 若 SDK 这里再次 splitAmount，会导致实际 buyAmount 与 UI/预期不一致，并引发余额不足（insufficient funds）。
+ */
+function resolveBuyerAmounts(buyers, totalAmountStr, useNativeToken, quoteTokenDecimals) {
+    const provided = buyers.map(b => b?.buyAmount).filter(v => v != null && String(v).trim() !== '');
+    const allProvided = provided.length === buyers.length;
+    if (allProvided) {
+        return buyers.map(b => parseQuoteAmount(String(b.buyAmount), useNativeToken, quoteTokenDecimals));
+    }
+    const totalWei = parseQuoteAmount(totalAmountStr, useNativeToken, quoteTokenDecimals);
+    return splitAmount(totalWei, buyers.length);
+}
 // ==================== 主函数 ====================
 /**
  * Flap 发币 + 一键买到外盘捆绑交易
@@ -231,17 +247,11 @@ export async function flapBundleCreateToDex(params) {
     const bribeAmount = getBribeAmount(config);
     const needBribeTx = bribeAmount > 0n;
     // ✅ 计算内盘买入金额
-    const curveTotalWei = useNativeToken
-        ? ethers.parseEther(curveTotalBuyAmount)
-        : ethers.parseUnits(curveTotalBuyAmount, quoteTokenDecimals);
-    const curveBuyAmounts = splitAmount(curveTotalWei, curveBuyers.length);
+    const curveBuyAmounts = resolveBuyerAmounts(curveBuyers, curveTotalBuyAmount, useNativeToken, quoteTokenDecimals);
     // ✅ 计算外盘买入金额
     let dexBuyAmounts = [];
     if (enableDexBuy && dexBuyers.length > 0 && dexTotalBuyAmount) {
-        const dexTotalWei = useNativeToken
-            ? ethers.parseEther(dexTotalBuyAmount)
-            : ethers.parseUnits(dexTotalBuyAmount, quoteTokenDecimals);
-        dexBuyAmounts = splitAmount(dexTotalWei, dexBuyers.length);
+        dexBuyAmounts = resolveBuyerAmounts(dexBuyers, dexTotalBuyAmount, useNativeToken, quoteTokenDecimals);
     }
     // ✅ 计算利润
     const totalBuyAmount = curveBuyAmounts.reduce((a, b) => a + b, 0n)
@@ -249,7 +259,7 @@ export async function flapBundleCreateToDex(params) {
     const profitAmount = (totalBuyAmount * BigInt(PROFIT_CONFIG.RATE_BPS)) / 10000n;
     // ==================== 构建交易 ====================
     const allTransactions = [];
-    // 使用第一个内盘买家作为贿赂和利润支付者
+    // 使用第一个内盘买家作为贿赂支付者（提高 bundle 打包优先级）
     const mainBuyerWallet = curveWallets[0].wallet;
     // 1. 贿赂交易
     if (needBribeTx) {
@@ -479,11 +489,13 @@ export async function flapBundleCreateToDex(params) {
     // 5. 利润多跳转账
     let profitHopWallets;
     if (profitAmount > 0n) {
-        const mainAddr = mainBuyerWallet.address.toLowerCase();
-        const profitNonce = noncesMap.get(mainAddr);
+        // ✅ 调整：利润从 Dev 钱包（devPrivateKey）支付，避免第一个内盘买家余额不足导致 want 过高
+        // 注意：利润交易会额外消耗原生币（profitAmount + gas），请确保 Dev 钱包留足余额
+        const devAddr = devWallet.address.toLowerCase();
+        const profitNonce = noncesMap.get(devAddr);
         const profitResult = await buildProfitHopTransactions({
             provider,
-            payerWallet: mainBuyerWallet,
+            payerWallet: devWallet,
             profitAmount,
             profitRecipient: getProfitRecipient(),
             hopCount: PROFIT_HOP_COUNT,

package/dist/flap/portal-bundle-merkle/encryption.d.ts

@@ -0,0 +1,16 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export declare function encryptWithPublicKey(signedTransactions: string[], publicKeyBase64: string): Promise<string>;
+/**
+ * 验证公钥格式（Base64）
+ */
+export declare function validatePublicKey(publicKeyBase64: string): boolean;

package/dist/flap/portal-bundle-merkle/encryption.js

@@ -0,0 +1,146 @@
+/**
+ * ECDH + AES-GCM 加密工具（浏览器兼容）
+ * 用于将签名交易用服务器公钥加密
+ */
+/**
+ * 获取全局 crypto 对象（最简单直接的方式）
+ */
+function getCryptoAPI() {
+    // 尝试所有可能的全局对象，优先浏览器环境
+    const cryptoObj = (typeof window !== 'undefined' && window.crypto) ||
+        (typeof self !== 'undefined' && self.crypto) ||
+        (typeof global !== 'undefined' && global.crypto) ||
+        (typeof globalThis !== 'undefined' && globalThis.crypto);
+    if (!cryptoObj) {
+        const env = typeof window !== 'undefined' ? 'Browser' : 'Node.js';
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        throw new Error(`❌ Crypto API 不可用。环境: ${env}, 协议: ${protocol}. ` +
+            '请确保在 HTTPS 或 localhost 下运行');
+    }
+    return cryptoObj;
+}
+/**
+ * 获取 SubtleCrypto（用于加密操作）
+ */
+function getSubtleCrypto() {
+    const crypto = getCryptoAPI();
+    if (!crypto.subtle) {
+        const protocol = typeof location !== 'undefined' ? location.protocol : 'unknown';
+        const hostname = typeof location !== 'undefined' ? location.hostname : 'unknown';
+        throw new Error(`❌ SubtleCrypto API 不可用。协议: ${protocol}, 主机: ${hostname}. ` +
+            '请确保：1) 使用 HTTPS (或 localhost)；2) 浏览器支持 Web Crypto API；' +
+            '3) 不在无痕/隐私浏览模式下');
+    }
+    return crypto.subtle;
+}
+/**
+ * Base64 转 ArrayBuffer（优先使用浏览器 API）
+ */
+function base64ToArrayBuffer(base64) {
+    // 浏览器环境（优先）
+    if (typeof atob !== 'undefined') {
+        const binaryString = atob(base64);
+        const bytes = new Uint8Array(binaryString.length);
+        for (let i = 0; i < binaryString.length; i++) {
+            bytes[i] = binaryString.charCodeAt(i);
+        }
+        return bytes.buffer;
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(base64, 'base64').buffer;
+    }
+    throw new Error('❌ Base64 解码不可用');
+}
+/**
+ * ArrayBuffer 转 Base64（优先使用浏览器 API）
+ */
+function arrayBufferToBase64(buffer) {
+    // 浏览器环境（优先）
+    if (typeof btoa !== 'undefined') {
+        const bytes = new Uint8Array(buffer);
+        let binary = '';
+        for (let i = 0; i < bytes.length; i++) {
+            binary += String.fromCharCode(bytes[i]);
+        }
+        return btoa(binary);
+    }
+    // Node.js 环境（fallback）
+    if (typeof Buffer !== 'undefined') {
+        return Buffer.from(buffer).toString('base64');
+    }
+    throw new Error('❌ Base64 编码不可用');
+}
+/**
+ * 生成随机 Hex 字符串
+ */
+function randomHex(length) {
+    const crypto = getCryptoAPI();
+    const array = new Uint8Array(length);
+    crypto.getRandomValues(array);
+    return Array.from(array)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+}
+/**
+ * 用服务器公钥加密签名交易（ECDH + AES-GCM）
+ *
+ * @param signedTransactions 签名后的交易数组
+ * @param publicKeyBase64 服务器提供的公钥（Base64 格式）
+ * @returns JSON 字符串 {e: 临时公钥, i: IV, d: 密文}
+ */
+export async function encryptWithPublicKey(signedTransactions, publicKeyBase64) {
+    try {
+        // 0. 获取 SubtleCrypto 和 Crypto API
+        const subtle = getSubtleCrypto();
+        const crypto = getCryptoAPI();
+        // 1. 准备数据
+        const payload = {
+            signedTransactions,
+            timestamp: Date.now(),
+            nonce: randomHex(8)
+        };
+        const plaintext = JSON.stringify(payload);
+        // 2. 生成临时 ECDH 密钥对
+        const ephemeralKeyPair = await subtle.generateKey({ name: 'ECDH', namedCurve: 'P-256' }, true, ['deriveKey']);
+        // 3. 导入服务器公钥
+        const publicKeyBuffer = base64ToArrayBuffer(publicKeyBase64);
+        const publicKey = await subtle.importKey('raw', publicKeyBuffer, { name: 'ECDH', namedCurve: 'P-256' }, false, []);
+        // 4. 派生共享密钥（AES-256）
+        const sharedKey = await subtle.deriveKey({ name: 'ECDH', public: publicKey }, ephemeralKeyPair.privateKey, { name: 'AES-GCM', length: 256 }, false, ['encrypt']);
+        // 5. AES-GCM 加密
+        const iv = crypto.getRandomValues(new Uint8Array(12));
+        const encrypted = await subtle.encrypt({ name: 'AES-GCM', iv }, sharedKey, new TextEncoder().encode(plaintext));
+        // 6. 导出临时公钥
+        const ephemeralPublicKeyRaw = await subtle.exportKey('raw', ephemeralKeyPair.publicKey);
+        // 7. 返回加密包（JSON 格式）
+        return JSON.stringify({
+            e: arrayBufferToBase64(ephemeralPublicKeyRaw), // 临时公钥
+            i: arrayBufferToBase64(iv.buffer), // IV
+            d: arrayBufferToBase64(encrypted) // 密文
+        });
+    }
+    catch (error) {
+        throw new Error(`加密失败: ${error?.message || String(error)}`);
+    }
+}
+/**
+ * 验证公钥格式（Base64）
+ */
+export function validatePublicKey(publicKeyBase64) {
+    try {
+        if (!publicKeyBase64)
+            return false;
+        // Base64 字符集验证
+        if (!/^[A-Za-z0-9+/=]+$/.test(publicKeyBase64))
+            return false;
+        // ECDH P-256 公钥固定长度 65 字节（未压缩）
+        // Base64 编码后约 88 字符
+        if (publicKeyBase64.length < 80 || publicKeyBase64.length > 100)
+            return false;
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "four-flap-meme-sdk",
-  "version": "1.4.96",
+  "version": "1.4.98",
   "description": "SDK for Flap bonding curve and four.meme TokenManager",
   "type": "module",
   "main": "dist/index.js",