squarefi-bff-api-module 1.11.2 → 1.12.0

package/README.md

@@ -107,12 +107,13 @@ Access different API functionalities through the client:
 
 ## ⚙️ Environment Variables
 
-| Variable   | Description                       | Required | Example              |
-| ---------- | --------------------------------- | -------- | -------------------- |
-| API_URL    | Base URL for the Squarefi BFF API | Yes      | `https://api-v1.url` |
-| API_V2_URL | Base URL for the Squarefi BFF API | Yes      | `https://api-v2.url` |
-| TENANT_ID  | Your tenant identifier            | Yes      | `tenant_12345`       |
-| LOGOUT_URL | Your frontend-app logout route    | No       | '/auth/logout'       |
+| Variable                 | Description                                   | Required | Example              |
+| ------------------------ | --------------------------------------------- | -------- | -------------------- |
+| API_URL                  | Base URL for the Squarefi BFF API             | Yes      | `https://api-v1.url` |
+| API_V2_URL               | Base URL for the Squarefi BFF API             | Yes      | `https://api-v2.url` |
+| TENANT_ID                | Your tenant identifier                        | Yes      | `tenant_12345`       |
+| LOGOUT_URL               | Your frontend-app logout route                | No       | '/auth/logout'       |
+| SERVER_PUBLIC_KEY_BASE64 | Server provides base64-encoded PEM format key | Yes      | 'example'            |
 
 ## 🚀 Features
 

package/dist/api/auth.d.ts

@@ -1,5 +1,5 @@
 import { API } from './types';
-export declare const telegramSignInPath = "/auth/signin/telegram";
+export declare const telegramSignInPath = "/auth/sign-in/telegram";
 export declare const telegramSignUpPath = "/auth/sign-up/telegram";
 export declare const refreshTokenPath = "/auth/refresh/refresh-token";
 export declare const auth: {

package/dist/api/auth.js

@@ -14,8 +14,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.auth = exports.refreshTokenPath = exports.telegramSignUpPath = exports.telegramSignInPath = void 0;
 const apiClientFactory_1 = require("../utils/apiClientFactory");
 const converters_1 = require("../utils/converters");
-// export const telegramSignInPath = '/auth/sign-in/telegram'; V2 path
-exports.telegramSignInPath = '/auth/signin/telegram'; // V1 path
+exports.telegramSignInPath = '/auth/sign-in/telegram'; // V2 path
+// export const telegramSignInPath = '/auth/signin/telegram'; // V1 path
 exports.telegramSignUpPath = '/auth/sign-up/telegram';
 exports.refreshTokenPath = '/auth/refresh/refresh-token';
 exports.auth = {
@@ -39,7 +39,7 @@ exports.auth = {
                 });
             },
         },
-        telegram: (data) => apiClientFactory_1.apiClientV1.postRequest(exports.telegramSignInPath, { data }),
+        telegram: (data) => apiClientFactory_1.apiClientV2.postRequest(exports.telegramSignInPath, { data }),
         password: (email, password // check on backend V2
         ) => apiClientFactory_1.apiClientV2.postRequest('/auth/sign-in/password/email', {
             data: { email, password },

package/dist/api/issuing.d.ts

@@ -13,6 +13,11 @@ export declare const issuing: {
         getById: (card_id: string) => Promise<API.Cards.IssuingCardDetailItem>;
         sensitiveData: {
             get: (card_id: string) => Promise<API.Cards.SensitiveData>;
+            encrypted: {
+                secretKey: {
+                    get: (card_id: string) => Promise<any>;
+                };
+            };
             otp: {
                 get: (card_id: string) => Promise<API.Cards.OTP>;
             };

package/dist/api/issuing.js

@@ -1,4 +1,37 @@
 "use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -13,6 +46,7 @@ exports.issuing = void 0;
 const apiClientFactory_1 = require("../utils/apiClientFactory");
 const constants_1 = require("../constants");
 const fiat_accounts_1 = require("./fiat_accounts");
+const common_1 = require("../utils/common");
 exports.issuing = {
     cards: {
         create: {
@@ -34,6 +68,36 @@ exports.issuing = {
         }),
         sensitiveData: {
             get: (card_id) => apiClientFactory_1.apiClientV1.getRequest(`/issuing/cards/${card_id}/sensitive`),
+            encrypted: {
+                secretKey: {
+                    get: (card_id) => __awaiter(void 0, void 0, void 0, function* () {
+                        const serverPublicKey = process.env.SERVER_PUBLIC_KEY_BASE64;
+                        if (!serverPublicKey) {
+                            throw new Error('SERVER_PUBLIC_KEY_BASE64 is not set');
+                        }
+                        const secretKey = (0, common_1.generate256bitSecretKey)();
+                        const secretKeyBase64 = (0, common_1.arrayBufferToBase64)(secretKey);
+                        const JSEncrypt = (yield Promise.resolve().then(() => __importStar(require('jsencrypt')))).default;
+                        const encrypt = new JSEncrypt();
+                        const serverPublicKeyPEM = (0, common_1.decodePEMFromBase64)(serverPublicKey);
+                        encrypt.setPublicKey(serverPublicKeyPEM);
+                        const payload = {
+                            key: secretKeyBase64,
+                            timestamp: Date.now(),
+                        };
+                        const encrypted_key = encrypt.encrypt(JSON.stringify(payload));
+                        const response = yield apiClientFactory_1.apiClientV1.postRequest(`/issuing/cards/${card_id}/sensitive/secretkey`, {
+                            data: {
+                                encrypted_key,
+                            },
+                        });
+                        if (response.success && response.encrypted && response.data && response.iv) {
+                            const decryptedData = yield (0, common_1.decryptSensitiveData)(response.data, response.iv, secretKey);
+                            return decryptedData;
+                        }
+                    }),
+                },
+            },
             otp: {
                 // have to update
                 get: (card_id) => apiClientFactory_1.apiClientV1.getRequest(`/vcards/cards/${card_id}/sensitive/otp`),

package/dist/api/types.d.ts

@@ -287,6 +287,12 @@ export declare namespace API {
             expiry_year: number;
             security_code?: string;
         }
+        interface SensitiveDataEncrypted {
+            data?: string;
+            success?: boolean;
+            encrypted?: boolean;
+            iv?: string;
+        }
         interface OTP {
             created_at: number;
             internal_card_id: string;

package/dist/utils/common.d.ts

@@ -0,0 +1,5 @@
+export declare const generate256bitSecretKey: () => Uint8Array<ArrayBuffer>;
+export declare const arrayBufferToBase64: (buffer: Uint8Array<ArrayBuffer>) => string;
+export declare const decodePEMFromBase64: (base64EncodedPEM: string) => string;
+export declare const base64ToArrayBuffer: (base64: string) => ArrayBuffer;
+export declare const decryptSensitiveData: (encryptedData: string, iv: string, secretKey: BufferSource) => Promise<any>;

package/dist/utils/common.js

@@ -0,0 +1,48 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decryptSensitiveData = exports.base64ToArrayBuffer = exports.decodePEMFromBase64 = exports.arrayBufferToBase64 = exports.generate256bitSecretKey = void 0;
+const generate256bitSecretKey = () => {
+    const array = new Uint8Array(32);
+    window.crypto.getRandomValues(array);
+    return array;
+};
+exports.generate256bitSecretKey = generate256bitSecretKey;
+const arrayBufferToBase64 = (buffer) => {
+    return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+};
+exports.arrayBufferToBase64 = arrayBufferToBase64;
+const decodePEMFromBase64 = (base64EncodedPEM) => {
+    return atob(base64EncodedPEM);
+};
+exports.decodePEMFromBase64 = decodePEMFromBase64;
+const base64ToArrayBuffer = (base64) => {
+    const binaryString = atob(base64);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+        bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes.buffer;
+};
+exports.base64ToArrayBuffer = base64ToArrayBuffer;
+const decryptSensitiveData = (encryptedData, iv, secretKey) => __awaiter(void 0, void 0, void 0, function* () {
+    const key = yield window.crypto.subtle.importKey('raw', secretKey, { name: 'AES-CBC' }, false, ['decrypt']);
+    const encryptedBuffer = (0, exports.base64ToArrayBuffer)(encryptedData);
+    const ivBuffer = (0, exports.base64ToArrayBuffer)(iv);
+    const decryptedBuffer = yield window.crypto.subtle.decrypt({
+        name: 'AES-CBC',
+        iv: ivBuffer,
+    }, key, encryptedBuffer);
+    const decoder = new TextDecoder();
+    const jsonText = decoder.decode(decryptedBuffer);
+    return JSON.parse(jsonText);
+});
+exports.decryptSensitiveData = decryptSensitiveData;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "squarefi-bff-api-module",
-  "version": "1.11.2",
+  "version": "1.12.0",
   "description": "Squarefi BFF API client module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -19,7 +19,8 @@
   "license": "MIT",
   "dependencies": {
     "@telegram-apps/sdk-react": "^3.1.2",
-    "axios": "^1.6.7"
+    "axios": "^1.6.7",
+    "jsencrypt": "^3.3.2"
   },
   "devDependencies": {
     "@types/jest": "^29.x.x",

package/src/api/auth.ts

@@ -1,10 +1,10 @@
 import { API } from './types';
 
-import { apiClientV1, apiClientV2 } from '../utils/apiClientFactory';
+import { apiClientV2 } from '../utils/apiClientFactory';
 import { convertPhoneToSupabaseFormat } from '../utils/converters';
 
-// export const telegramSignInPath = '/auth/sign-in/telegram'; V2 path
-export const telegramSignInPath = '/auth/signin/telegram'; // V1 path
+export const telegramSignInPath = '/auth/sign-in/telegram'; // V2 path
+// export const telegramSignInPath = '/auth/signin/telegram'; // V1 path
 
 export const telegramSignUpPath = '/auth/sign-up/telegram';
 export const refreshTokenPath = '/auth/refresh/refresh-token';
@@ -32,7 +32,7 @@ export const auth = {
         }),
     },
     telegram: (data: API.Auth.Telegram.Signin) =>
-      apiClientV1.postRequest<API.Auth.Tokens>(telegramSignInPath, { data }),
+      apiClientV2.postRequest<API.Auth.Tokens>(telegramSignInPath, { data }),
     password: (
       email: string,
       password: string // check on backend V2

package/src/api/issuing.ts

@@ -4,6 +4,12 @@ import { apiClientV1 } from '../utils/apiClientFactory';
 
 import { defaultPaginationParams, SubAccountType } from '../constants';
 import { fiat_accounts } from './fiat_accounts';
+import {
+  arrayBufferToBase64,
+  decodePEMFromBase64,
+  decryptSensitiveData,
+  generate256bitSecretKey,
+} from '../utils/common';
 
 export const issuing = {
   cards: {
@@ -31,6 +37,43 @@ export const issuing = {
     },
     sensitiveData: {
       get: (card_id: string) => apiClientV1.getRequest<API.Cards.SensitiveData>(`/issuing/cards/${card_id}/sensitive`),
+      encrypted: {
+        secretKey: {
+          get: async (card_id: string) => {
+            const serverPublicKey = process.env.SERVER_PUBLIC_KEY_BASE64;
+            if (!serverPublicKey) {
+              throw new Error('SERVER_PUBLIC_KEY_BASE64 is not set');
+            }
+            const secretKey = generate256bitSecretKey();
+            const secretKeyBase64 = arrayBufferToBase64(secretKey);
+            const JSEncrypt = (await import('jsencrypt')).default;
+            const encrypt = new JSEncrypt();
+            const serverPublicKeyPEM = decodePEMFromBase64(serverPublicKey);
+            encrypt.setPublicKey(serverPublicKeyPEM);
+
+            const payload = {
+              key: secretKeyBase64,
+              timestamp: Date.now(),
+            };
+
+            const encrypted_key = encrypt.encrypt(JSON.stringify(payload));
+
+            const response = await apiClientV1.postRequest<API.Cards.SensitiveDataEncrypted>(
+              `/issuing/cards/${card_id}/sensitive/secretkey`,
+              {
+                data: {
+                  encrypted_key,
+                },
+              }
+            );
+            if (response.success && response.encrypted && response.data && response.iv) {
+              const decryptedData = await decryptSensitiveData(response.data, response.iv, secretKey);
+
+              return decryptedData;
+            }
+          },
+        },
+      },
       otp: {
         // have to update
         get: (card_id: string) => apiClientV1.getRequest<API.Cards.OTP>(`/vcards/cards/${card_id}/sensitive/otp`),

package/src/api/types.ts

@@ -335,6 +335,13 @@ export namespace API {
       security_code?: string;
     }
 
+    export interface SensitiveDataEncrypted {
+      data?: string;
+      success?: boolean;
+      encrypted?: boolean;
+      iv?: string;
+    }
+
     export interface OTP {
       created_at: number;
       internal_card_id: string;

package/src/utils/common.ts

@@ -0,0 +1,42 @@
+export const generate256bitSecretKey = () => {
+  const array = new Uint8Array(32);
+  window.crypto.getRandomValues(array);
+  return array;
+};
+
+export const arrayBufferToBase64 = (buffer: Uint8Array<ArrayBuffer>) => {
+  return btoa(String.fromCharCode(...new Uint8Array(buffer)));
+};
+
+export const decodePEMFromBase64 = (base64EncodedPEM: string) => {
+  return atob(base64EncodedPEM);
+};
+
+export const base64ToArrayBuffer = (base64: string) => {
+  const binaryString = atob(base64);
+  const bytes = new Uint8Array(binaryString.length);
+  for (let i = 0; i < binaryString.length; i++) {
+    bytes[i] = binaryString.charCodeAt(i);
+  }
+  return bytes.buffer;
+};
+
+export const decryptSensitiveData = async (encryptedData: string, iv: string, secretKey: BufferSource) => {
+  const key = await window.crypto.subtle.importKey('raw', secretKey, { name: 'AES-CBC' }, false, ['decrypt']);
+
+  const encryptedBuffer = base64ToArrayBuffer(encryptedData);
+  const ivBuffer = base64ToArrayBuffer(iv);
+
+  const decryptedBuffer = await window.crypto.subtle.decrypt(
+    {
+      name: 'AES-CBC',
+      iv: ivBuffer,
+    },
+    key,
+    encryptedBuffer
+  );
+
+  const decoder = new TextDecoder();
+  const jsonText = decoder.decode(decryptedBuffer);
+  return JSON.parse(jsonText);
+};