@turnkey/iframe-stamper
Advanced tools
Comparing version 1.0.0 to 1.1.0
@@ -21,5 +21,14 @@ 'use strict'; | ||
IframeEventType["InjectWalletExportBundle"] = "INJECT_WALLET_EXPORT_BUNDLE"; | ||
// Event sent by the parent to inject an import bundle into the iframe. | ||
// Value: the bundle to inject | ||
IframeEventType["InjectImportBundle"] = "INJECT_IMPORT_BUNDLE"; | ||
// Event sent by the parent to extract an encrypted bundle from the iframe. | ||
// Value: the bundle to inject | ||
IframeEventType["ExtractWalletEncryptedBundle"] = "EXTRACT_WALLET_ENCRYPTED_BUNDLE"; | ||
// Event sent by the iframe to its parent when `InjectBundle` is successful | ||
// Value: true (boolean) | ||
IframeEventType["BundleInjected"] = "BUNDLE_INJECTED"; | ||
// Event sent by the iframe to its parent when `ExtractEncryptedBundle` is successful | ||
// Value: the bundle encrypted in the iframe | ||
IframeEventType["EncryptedBundleExtracted"] = "ENCRYPTED_BUNDLE_EXTRACTED"; | ||
// Event sent by the parent page to request a signature | ||
@@ -176,2 +185,43 @@ // Value: payload to sign | ||
} | ||
async injectImportBundle(bundle) { | ||
this.iframe.contentWindow?.postMessage({ | ||
type: exports.IframeEventType.InjectImportBundle, | ||
value: bundle, | ||
}, "*"); | ||
return new Promise((resolve, reject) => { | ||
window.addEventListener("message", (event) => { | ||
if (event.origin !== this.iframeOrigin) { | ||
// There might be other things going on in the window, for example: react dev tools, other extensions, etc. | ||
// Instead of erroring out we simply return. Not our event! | ||
return; | ||
} | ||
if (event.data?.type === exports.IframeEventType.BundleInjected) { | ||
resolve(event.data["value"]); | ||
} | ||
if (event.data?.type === exports.IframeEventType.Error) { | ||
reject(event.data["value"]); | ||
} | ||
}, false); | ||
}); | ||
} | ||
async extractWalletEncryptedBundle() { | ||
this.iframe.contentWindow?.postMessage({ | ||
type: exports.IframeEventType.ExtractWalletEncryptedBundle, | ||
}, "*"); | ||
return new Promise((resolve, reject) => { | ||
window.addEventListener("message", (event) => { | ||
if (event.origin !== this.iframeOrigin) { | ||
// There might be other things going on in the window, for example: react dev tools, other extensions, etc. | ||
// Instead of erroring out we simply return. Not our event! | ||
return; | ||
} | ||
if (event.data?.type === exports.IframeEventType.EncryptedBundleExtracted) { | ||
resolve(event.data["value"]); | ||
} | ||
if (event.data?.type === exports.IframeEventType.Error) { | ||
reject(event.data["value"]); | ||
} | ||
}, false); | ||
}); | ||
} | ||
/** | ||
@@ -178,0 +228,0 @@ * Function to sign a payload with the underlying iframe |
# @turnkey/iframe-stamper | ||
## 1.1.0 | ||
### Minor Changes | ||
- 46a7d90: Add injectImportBundle and extractWalletEncryptedBundle to support wallet import. | ||
## 1.0.0 | ||
@@ -4,0 +10,0 @@ |
@@ -7,3 +7,6 @@ /// <reference lib="dom" /> | ||
InjectWalletExportBundle = "INJECT_WALLET_EXPORT_BUNDLE", | ||
InjectImportBundle = "INJECT_IMPORT_BUNDLE", | ||
ExtractWalletEncryptedBundle = "EXTRACT_WALLET_ENCRYPTED_BUNDLE", | ||
BundleInjected = "BUNDLE_INJECTED", | ||
EncryptedBundleExtracted = "ENCRYPTED_BUNDLE_EXTRACTED", | ||
StampRequest = "STAMP_REQUEST", | ||
@@ -69,2 +72,4 @@ Stamp = "STAMP", | ||
injectWalletExportBundle(bundle: string): Promise<boolean>; | ||
injectImportBundle(bundle: string): Promise<boolean>; | ||
extractWalletEncryptedBundle(): Promise<string>; | ||
/** | ||
@@ -71,0 +76,0 @@ * Function to sign a payload with the underlying iframe |
@@ -21,5 +21,14 @@ 'use strict'; | ||
IframeEventType["InjectWalletExportBundle"] = "INJECT_WALLET_EXPORT_BUNDLE"; | ||
// Event sent by the parent to inject an import bundle into the iframe. | ||
// Value: the bundle to inject | ||
IframeEventType["InjectImportBundle"] = "INJECT_IMPORT_BUNDLE"; | ||
// Event sent by the parent to extract an encrypted bundle from the iframe. | ||
// Value: the bundle to inject | ||
IframeEventType["ExtractWalletEncryptedBundle"] = "EXTRACT_WALLET_ENCRYPTED_BUNDLE"; | ||
// Event sent by the iframe to its parent when `InjectBundle` is successful | ||
// Value: true (boolean) | ||
IframeEventType["BundleInjected"] = "BUNDLE_INJECTED"; | ||
// Event sent by the iframe to its parent when `ExtractEncryptedBundle` is successful | ||
// Value: the bundle encrypted in the iframe | ||
IframeEventType["EncryptedBundleExtracted"] = "ENCRYPTED_BUNDLE_EXTRACTED"; | ||
// Event sent by the parent page to request a signature | ||
@@ -176,2 +185,43 @@ // Value: payload to sign | ||
} | ||
async injectImportBundle(bundle) { | ||
this.iframe.contentWindow?.postMessage({ | ||
type: exports.IframeEventType.InjectImportBundle, | ||
value: bundle, | ||
}, "*"); | ||
return new Promise((resolve, reject) => { | ||
window.addEventListener("message", (event) => { | ||
if (event.origin !== this.iframeOrigin) { | ||
// There might be other things going on in the window, for example: react dev tools, other extensions, etc. | ||
// Instead of erroring out we simply return. Not our event! | ||
return; | ||
} | ||
if (event.data?.type === exports.IframeEventType.BundleInjected) { | ||
resolve(event.data["value"]); | ||
} | ||
if (event.data?.type === exports.IframeEventType.Error) { | ||
reject(event.data["value"]); | ||
} | ||
}, false); | ||
}); | ||
} | ||
async extractWalletEncryptedBundle() { | ||
this.iframe.contentWindow?.postMessage({ | ||
type: exports.IframeEventType.ExtractWalletEncryptedBundle, | ||
}, "*"); | ||
return new Promise((resolve, reject) => { | ||
window.addEventListener("message", (event) => { | ||
if (event.origin !== this.iframeOrigin) { | ||
// There might be other things going on in the window, for example: react dev tools, other extensions, etc. | ||
// Instead of erroring out we simply return. Not our event! | ||
return; | ||
} | ||
if (event.data?.type === exports.IframeEventType.EncryptedBundleExtracted) { | ||
resolve(event.data["value"]); | ||
} | ||
if (event.data?.type === exports.IframeEventType.Error) { | ||
reject(event.data["value"]); | ||
} | ||
}, false); | ||
}); | ||
} | ||
/** | ||
@@ -178,0 +228,0 @@ * Function to sign a payload with the underlying iframe |
{ | ||
"name": "@turnkey/iframe-stamper", | ||
"version": "1.0.0", | ||
"version": "1.1.0", | ||
"main": "./dist/index.js", | ||
@@ -5,0 +5,0 @@ "module": "./dist/index.mjs", |
@@ -19,3 +19,3 @@ # @turnkey/iframe-stamper | ||
const iframeStamper = new IframeStamper({ | ||
iframeUrl: process.env.IFRAME_URL!, | ||
iframeUrl: process.env.AUTH_IFRAME_URL!, | ||
iframeContainer: document.getElementById(TurnkeyIframeContainerId), | ||
@@ -48,3 +48,3 @@ iframeElementId: TurnkeyIframeElementId, | ||
const iframeStamper = new IframeStamper({ | ||
iframeUrl: process.env.IFRAME_URL!, | ||
iframeUrl: process.env.EXPORT_IFRAME_URL!, | ||
iframeContainer: document.getElementById(TurnkeyIframeContainerId), | ||
@@ -57,4 +57,51 @@ iframeElementId: TurnkeyIframeElementId, | ||
// Injects a new wallet in the iframe | ||
// Injects a bundle containing the encrypted wallet seedphrase into the iframe | ||
// `exportBundle` is the response from requesting ACTIVITY_TYPE_EXPORT_WALLET | ||
const injected = await iframeStamper.injectWalletExportBundle(exportBundle); | ||
// If the bundle is successfully injected, the iframe is now displaying the | ||
// wallet seedphrase to the user | ||
if (injected !== true) { | ||
throw new Error("unexpected error while injecting export bundle"); | ||
} | ||
// Display the iframe to the user with their seedphrase. | ||
setIframeDisplay("block"); | ||
``` | ||
Key or Wallet Import | ||
```ts | ||
import { IframeStamper } from "@turnkey/iframe-stamper"; | ||
import { TurnkeyClient } from "@turnkey/http"; | ||
const TurnkeyIframeContainerId = "turnkey-iframe-container"; | ||
const TurnkeyIframeElementId = "turnkey-iframe"; | ||
const iframeStamper = new IframeStamper({ | ||
iframeUrl: process.env.IMPORT_IFRAME_URL!, | ||
iframeContainer: document.getElementById(TurnkeyIframeContainerId), | ||
iframeElementId: TurnkeyIframeElementId, | ||
}); | ||
// This inserts the iframe in the DOM | ||
await iframeStamper.init(); | ||
// Injects a bundle containing the secure enclave's public key into the iframe's local storage | ||
// `importBundle` is the response from requesting ACTIVITY_TYPE_INIT_IMPORT_WALLET | ||
const injected = await iframeStamper.injectImportBundle(importBundle); | ||
if (injected !== true) { | ||
throw new Error("unexpected error while injecting import bundle"); | ||
} | ||
// Display the text input that the user can enter their seedphrase into | ||
setIframeDisplay("block"); | ||
// Once the user has entered their seedphrase, trigger this call to the iframe that | ||
// 1) encrypts their seedphrase using the secure enclave's public key from the previous step | ||
// 2) sends this ciphertext and a public key generated by the client to your page | ||
const encryptedBundle = await iframeStamper.extractWalletEncryptedBundle(); | ||
// Now you can pass this encryptedBundle as a request to ACTIVITY_TYPE_IMPORT_WALLET. | ||
``` |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
69023
848
105
0