terry/Arkie-Library-Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: require signature for tokenpocket direct login

Browse Source
This commit is contained in:
TerryM
2026-06-04 07:23:05 +08:00
parent 57dc25e5eb
commit 526facb261
3 changed files with 54 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/wallet/AutoInjectedLogin.tsx
View File

@@ -1,10 +1,10 @@
import { useEffect } from "react";
import {
connectInjectedWallet,
getInjectedWallet,
signInWithInjectedWallet,
type WalletKind,
} from "./injected";
import { localWalletToken, useWallet } from "./WalletProvider";
import { useWallet } from "./WalletProvider";
const AUTO_LOGIN_PARAM = "autoLogin";
const ETHEREUM_WAIT_MS = 8000;
@@ -46,8 +46,9 @@ function waitForInjected(kind: WalletKind): Promise<boolean> {
/**
* When the page is opened via a `?autoLogin=<wallet>` deeplink (typically from
* inside TokenPocket / imToken in-app browsers), wait for the wallet to inject
* `window.ethereum`, then complete a local wallet session automatically. Bypasses
* WalletConnect entirely so it works on networks where the WC relay is blocked.
* `window.ethereum`, then require a wallet signature and complete a verified
* backend wallet session. Bypasses WalletConnect entirely so it works on
* networks where the WC relay is blocked.
*/
export function AutoInjectedLogin() {
const { completeLogin, status } = useWallet();
@@ -65,9 +66,9 @@ export function AutoInjectedLogin() {
void waitForInjected(kind).then(async (ready) => {
if (cancelled || !ready) return;
try {
const address = await connectInjectedWallet(kind);
const res = await signInWithInjectedWallet(kind);
if (cancelled) return;
completeLogin(localWalletToken(address), address);
completeLogin(res.token, res.wallet);
} catch (err) {
// eslint-disable-next-line no-console
console.warn("[wallet-autologin] failed", err);

21
src/wallet/useWalletConnectLogin.ts
View File

@@ -3,8 +3,8 @@ import { useAccount, useConnect, useDisconnect } from "wagmi";
import { bsc } from "wagmi/chains";
import { hasWalletConnectProjectId } from "./RainbowWalletProvider";
import {
connectInjectedWallet,
getInjectedWallet,
signInWithInjectedWallet,
type WalletKind,
} from "./injected";
import { localWalletToken, useWallet } from "./WalletProvider";
@@ -98,8 +98,8 @@ function connectorMatchesWallet(
* MetaMask / imToken QR fallback via RainbowKit + WalletConnect.
*
* Flow: connect through RainbowKit/Wagmi on BNB Chain -> once an account is
* connected, complete a local frontend wallet session. No message signature,
* backend nonce, or verify call is required.
* connected, complete a local frontend wallet session. WalletConnect fallback
* does not require message signature, backend nonce, or verify call.
*
* Entirely gated behind a real `VITE_WALLETCONNECT_PROJECT_ID`: when it is
* missing `available` is false and `start` is a no-op, so callers can hide or
@@ -177,21 +177,26 @@ export function useWalletConnectLogin() {
getInjectedWallet(preferredWallet)
) {
try {
const injectedAddress = await connectInjectedWallet(preferredWallet);
console.info("[wallet-login] injected connected", {
setState("signing");
const result = await signInWithInjectedWallet(preferredWallet);
console.info("[wallet-login] injected verified", {
preferredWallet,
address: injectedAddress,
address: result.wallet,
chain: "BNB Chain",
chainId: bsc.id,
});
completeLogin(localWalletToken(injectedAddress), injectedAddress);
completeLogin(result.token, result.wallet);
setState("idle");
return;
} catch (err) {
console.info("[wallet-login] injected connect fallback to wc", {
pendingRef.current = false;
setState("idle");
setError(err instanceof Error ? err.message : "Wallet login failed");
console.info("[wallet-login] injected verification failed", {
preferredWallet,
message: err instanceof Error ? err.message : String(err),
});
return;
}
}