From 53eab4a066b0926ce504531c6c506bef2e4e8e94 Mon Sep 17 00:00:00 2001
From: TerryM <chiachintat10@gmail.com>
Date: Thu, 4 Jun 2026 09:39:14 +0800
Subject: [PATCH] fix: restore imtoken direct login path

---
 ...imtoken-restore-local-session-login-fix.md | 38 +++++++++++++++++++
 src/wallet/AutoInjectedLogin.tsx              | 10 ++++-
 src/wallet/useWalletConnectLogin.ts           | 15 ++++++++
 3 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 .unipi/docs/fix/2026-06-04-imtoken-restore-local-session-login-fix.md

diff --git a/.unipi/docs/fix/2026-06-04-imtoken-restore-local-session-login-fix.md b/.unipi/docs/fix/2026-06-04-imtoken-restore-local-session-login-fix.md
new file mode 100644
index 0000000..6ae6e37
--- /dev/null
+++ b/.unipi/docs/fix/2026-06-04-imtoken-restore-local-session-login-fix.md
@@ -0,0 +1,38 @@
+---
+title: "Restore imToken direct injected login path — Quick Fix"
+type: quick-fix
+date: 2026-06-04
+---
+
+# Restore imToken direct injected login path — Quick Fix
+
+## Bug
+
+imToken could log in on the 2026-06-03 22:00 Malaysia-time-era build, but the current build can no longer log in after opening imToken's in-app browser.
+
+## Root Cause
+
+The working 2026-06-03 evening flow used `connectInjectedWallet()` and completed a local frontend session for TokenPocket/imToken direct in-app-browser login. Later changes switched injected direct login to `signInWithInjectedWallet()`, which requires backend nonce + `personal_sign` verification. imToken mobile appears incompatible or unstable with that newer signature-verification path in this flow.
+
+## Fix
+
+Restored the old local-session direct injected path for imToken only:
+
+- imToken `?autoLogin=` in-app-browser flow now uses `connectInjectedWallet()` and `localWalletToken(address)`.
+- imToken direct injected login from the wallet modal uses the same local-session path.
+- TokenPocket still uses the newer backend signature verification path.
+
+### Files Modified
+
+- `src/wallet/AutoInjectedLogin.tsx` — restores imToken auto-login to the 2026-06-03 direct injected local-session behavior.
+- `src/wallet/useWalletConnectLogin.ts` — restores imToken injected deeplink login to the local-session behavior.
+
+## Verification
+
+- `npx tsc --noEmit`
+- `npm run format:check`
+- `npm test`
+
+## Notes
+
+This is intentionally scoped to imToken to match the known-working Malaysia 10pm behavior without undoing the TokenPocket signature-verification work.
diff --git a/src/wallet/AutoInjectedLogin.tsx b/src/wallet/AutoInjectedLogin.tsx
index 0ef2d80..2ae0e2e 100644
--- a/src/wallet/AutoInjectedLogin.tsx
+++ b/src/wallet/AutoInjectedLogin.tsx
@@ -1,10 +1,11 @@
 import { useEffect } from "react";
 import {
+  connectInjectedWallet,
   getInjectedWallet,
   signInWithInjectedWallet,
   type WalletKind,
 } from "./injected";
-import { useWallet } from "./WalletProvider";
+import { localWalletToken, useWallet } from "./WalletProvider";
 
 const AUTO_LOGIN_PARAM = "autoLogin";
 const ETHEREUM_WAIT_MS = 8000;
@@ -67,6 +68,13 @@ export function AutoInjectedLogin() {
     void waitForInjected(kind).then(async (ready) => {
       if (cancelled || !ready) return;
       try {
+        if (kind === "imToken") {
+          const address = await connectInjectedWallet(kind);
+          if (cancelled) return;
+          completeLogin(localWalletToken(address), address);
+          return;
+        }
+
         const res = await signInWithInjectedWallet(kind);
         if (cancelled) return;
         completeLogin(res.token, res.wallet);
diff --git a/src/wallet/useWalletConnectLogin.ts b/src/wallet/useWalletConnectLogin.ts
index 849c17c..ca7036c 100644
--- a/src/wallet/useWalletConnectLogin.ts
+++ b/src/wallet/useWalletConnectLogin.ts
@@ -3,6 +3,7 @@ import { useAccount, useConnect, useDisconnect } from "wagmi";
 import { bsc } from "wagmi/chains";
 import { hasWalletConnectProjectId } from "./RainbowWalletProvider";
 import {
+  connectInjectedWallet,
   getInjectedWallet,
   signInWithInjectedWallet,
   type WalletKind,
@@ -177,6 +178,20 @@ export function useWalletConnectLogin() {
         getInjectedWallet(preferredWallet)
       ) {
         try {
+          if (preferredWallet === "imToken") {
+            const injectedAddress =
+              await connectInjectedWallet(preferredWallet);
+            console.info("[wallet-login] injected connected", {
+              preferredWallet,
+              address: injectedAddress,
+              chain: "BNB Chain",
+              chainId: bsc.id,
+            });
+            completeLogin(localWalletToken(injectedAddress), injectedAddress);
+            setState("idle");
+            return;
+          }
+
           setState("signing");
           const result = await signInWithInjectedWallet(preferredWallet);
           console.info("[wallet-login] injected verified", {