npm - sunuid-sdk - Versions diffs - 1.0.54 → 1.0.56 - Mend

sunuid-sdk 1.0.54 → 1.0.56

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +20 -2
package/dist/sunuid-sdk.esm.js +53 -33
package/dist/sunuid-sdk.esm.js.map +1 -1
package/dist/sunuid-sdk.js +53 -33
package/dist/sunuid-sdk.js.map +1 -1
package/dist/sunuid-sdk.min.js +3 -3
package/dist/sunuid-sdk.min.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,4 +1,4 @@
-# 🔒 SunuID JavaScript SDK - Version 1.0.52
+# 🔒 SunuID JavaScript SDK - Version 1.0.54
 SDK JavaScript sécurisé pour l'intégration des QR codes d'authentification et KYC SunuID.
@@ -17,7 +17,7 @@ npm install sunuid-sdk
 <script src="https://cdn.socket.io/4.7.4/socket.io.min.js"></script>
 <!-- SunuID SDK -->
-<script src="https://unpkg.com/sunuid-sdk@1.0.52/dist/sunuid-sdk.min.js"></script>
+<script src="https://unpkg.com/sunuid-sdk@1.0.54/dist/sunuid-sdk.min.js"></script>
 ```
 ### Via Yarn
@@ -439,6 +439,24 @@ npm run test:coverage
 npm run security-check
 ```
+## 🆕 Dernières Améliorations (v1.0.54)
+### 🔄 Dépendances Mises à Jour
+- **Rollup** : 3.x → 4.x (performance améliorée)
+- **ESLint** : 8.x → 9.x (nouvelles règles de sécurité)
+- **Jest** : 29.x → 30.x (tests modernisés)
+- **Plugins Rollup** : Versions les plus récentes
+### 🚀 Améliorations de Performance
+- Build plus rapide avec Rollup 4.x
+- Meilleure optimisation du code
+- Support amélioré des navigateurs modernes
+### 🛡️ Sécurité Renforcée
+- ESLint 9.x avec nouvelles règles de sécurité
+- Validation des entrées améliorée
+- Logs de sécurité plus détaillés
 ## 📚 Documentation
 - [Guide de Sécurisation](docs/SECURITY_GUIDE.md)

package/dist/sunuid-sdk.esm.js CHANGED Viewed

@@ -478,7 +478,7 @@ function _unsupportedIterableToArray(r, a) {
       key: "secureInit",
       value: (function () {
         var _secureInit = _asyncToGenerator(/*#__PURE__*/_regenerator().m(function _callee3() {
-          var initData, response, result, decodedToken, _t2;
+          var _result$response, _result$response2, _result$data, _result$response3, _result$data2, _result$response4, _result$data3, initData, response, result, token, decodedToken, clientId, secretId, apiUrl, _t2;
           return _regenerator().w(function (_context3) {
             while (1) switch (_context3.p = _context3.n) {
               case 0:
@@ -517,44 +517,56 @@ function _unsupportedIterableToArray(r, a) {
                 }
                 throw new Error(result.error || 'Erreur lors de l\'initialisation sécurisée');
               case 4:
-                // Stocker le token et les données sécurisées
-                this.config.token = result.data.token;
-                this.config.apiUrl = result.data.api_url;
+                // Extraire le token depuis différents chemins possibles
+                token = (result === null || result === void 0 || (_result$response = result.response) === null || _result$response === void 0 || (_result$response = _result$response.response) === null || _result$response === void 0 ? void 0 : _result$response.token) || (result === null || result === void 0 || (_result$response2 = result.response) === null || _result$response2 === void 0 ? void 0 : _result$response2.token) || (result === null || result === void 0 || (_result$data = result.data) === null || _result$data === void 0 ? void 0 : _result$data.token) || (result === null || result === void 0 ? void 0 : result.token);
+                if (!(!token || typeof token !== 'string')) {
+                  _context3.n = 5;
+                  break;
+                }
+                throw new Error('Token non trouvé dans la réponse');
+              case 5:
+                // Stocker le token
+                this.config.token = token;
                 // Décoder le token pour récupérer les credentials
-                decodedToken = this.decodeSecureToken(result.data.token);
+                decodedToken = this.decodeSecureToken(token);
                 if (!decodedToken) {
-                  _context3.n = 5;
+                  _context3.n = 6;
                   break;
                 }
-                this.config.clientId = decodedToken.client_id;
-                this.config.secretId = decodedToken.secret_id;
-                _context3.n = 6;
+                clientId = decodedToken.clientId || decodedToken.client_id;
+                secretId = decodedToken.secretId || decodedToken.secret_id;
+                apiUrl = decodedToken.apiUrl || decodedToken.api_url;
+                if (clientId) this.config.clientId = clientId;
+                if (secretId) this.config.secretId = secretId;
+                if (apiUrl) this.config.apiUrl = apiUrl;
+                _context3.n = 7;
                 break;
-              case 5:
-                throw new Error('Impossible de décoder le token sécurisé');
               case 6:
-                this.config.expiresIn = result.data.expires_in;
-                this.config.maxRequests = result.data.max_requests;
+                throw new Error('Impossible de décoder le token sécurisé');
+              case 7:
+                // Récupérer expiration et limites depuis la réponse si présentes
+                this.config.expiresIn = (result === null || result === void 0 || (_result$response3 = result.response) === null || _result$response3 === void 0 ? void 0 : _result$response3.expires_in) || (result === null || result === void 0 || (_result$data2 = result.data) === null || _result$data2 === void 0 ? void 0 : _result$data2.expires_in) || (result === null || result === void 0 ? void 0 : result.expires_in) || this.config.expiresIn;
+                this.config.maxRequests = (result === null || result === void 0 || (_result$response4 = result.response) === null || _result$response4 === void 0 ? void 0 : _result$response4.max_requests) || (result === null || result === void 0 || (_result$data3 = result.data) === null || _result$data3 === void 0 ? void 0 : _result$data3.max_requests) || (result === null || result === void 0 ? void 0 : result.max_requests) || this.config.maxRequests;
                 this.config.requestCount = 0;
                 this.logSecurityEvent('SECURE_INIT_SUCCESS', {
-                  expiresIn: result.data.expires_in,
-                  maxRequests: result.data.max_requests
+                  expiresIn: this.config.expiresIn,
+                  maxRequests: this.config.maxRequests
                 });
                 console.log('✅ Initialisation sécurisée réussie');
-                _context3.n = 8;
+                _context3.n = 9;
                 break;
-              case 7:
-                _context3.p = 7;
+              case 8:
+                _context3.p = 8;
                 _t2 = _context3.v;
                 this.logSecurityEvent('SECURE_INIT_ERROR', {
                   error: _t2.message
                 });
                 throw new Error("\xC9chec de l'initialisation s\xE9curis\xE9e: ".concat(_t2.message));
-              case 8:
+              case 9:
                 return _context3.a(2);
             }
-          }, _callee3, this, [[0, 7]]);
+          }, _callee3, this, [[0, 8]]);
         }));
         function secureInit() {
           return _secureInit.apply(this, arguments);
@@ -569,21 +581,29 @@ function _unsupportedIterableToArray(r, a) {
       key: "decodeSecureToken",
       value: function decodeSecureToken(token) {
         try {
-          var parts = token.split('.');
-          if (parts.length !== 2) {
-            console.error('❌ Format de token invalide');
-            return null;
-          }
-          var _parts = _slicedToArray(parts, 2),
-            payload = _parts[0],
-            signature = _parts[1];
+          if (!token || typeof token !== 'string') return null;
-          // Décoder le payload (base64)
-          var decodedPayload = atob(payload);
-          var tokenData = JSON.parse(decodedPayload);
+          // Helper: décodage base64/base64url avec padding
+          var decodeBase64Any = function decodeBase64Any(str) {
+            var s = String(str).replace(/-/g, '+').replace(/_/g, '/');
+            while (s.length % 4 !== 0) s += '=';
+            return atob(s);
+          };
+          var tokenData = null;
+          if (token.includes('.')) {
+            // JWT-like: header.payload.signature ou header.payload
+            var parts = token.split('.');
+            var payloadPart = parts.length >= 2 ? parts[1] : parts[0];
+            var json = decodeBase64Any(payloadPart);
+            tokenData = JSON.parse(json);
+          } else {
+            // Base64("{json}") simple
+            var _json = decodeBase64Any(token);
+            tokenData = JSON.parse(_json);
+          }
-          // Vérifier l'expiration
-          if (tokenData.exp && tokenData.exp < Date.now() / 1000) {
+          // Vérifier l'expiration (en secondes)
+          if (tokenData && tokenData.exp && Number(tokenData.exp) < Math.floor(Date.now() / 1000)) {
             console.error('❌ Token expiré');
             return null;
           }