tokenio / sdk-js Goto Github PK

Getting account info, balance and transactions works nice and was easy to implement thanks to the really cool expressjs sample app. But retrieving standing orders will return PERMISSION_DENIED.

The docs on your website state:

Get Standing Orders

AISPs can access a given standing order with the standingOrderId or a paged-list of standing order records.

    Get Standing Orders (Currently available only in Java)

If it does not currently work, I'd rather have an exception that states Not supported yet, please see xyz for more info instead of an obscure PERMISSION_DENIED error. This gave me quite some headscratching.

ps. Any info about when this feature will work?

The docs for custom engines are a bit hard to find, though it seems like a very important part of integrating tokenIO (if I need to write the keys into a SQL database for example).

https://github.com/tokenio/sdk-js/tree/master/core/src/security/engines

It might help to have a section in the main docs, as a little bonus it might help to have an example of how to implement a custom database.

static verify(message, signature, publicKey) { const msg = Util.wrapBuffer(message); const sig = Util.bufferKey(signature); const result = nacl.sign.detached.verify(msg, sig, publicKey); if (!result) { throw new Error( Invalid signature ${signature} on message ${message} with pk ${publicKey}); } }

The above function from the Crypto class does not return anything when the result is true.

npm audit is logging a prototype pollution vulnerability for node-forge < v0.10.0 as a dependency of @token-io/tpp and @token-io/core: https://npmjs.com/advisories/1561

Can it be updated when you get a chance? Thanks!

test

I'd love to see typescript support, it has a bigger community and better tooling than flow, its just the vastly more popular choice (https://www.npmtrends.com/babel-core-vs-typescript-vs-flow-bin).

Also IDE support within VSCode just works, even if you use pure JS, which makes for a better dev experience.

Its just a nitpick though.

I'd like to implement a custom KeyStore / CryptoEngine like:

export class CryptoEngine extends KeyStoreCryptoEngine {
  constructor(memberId: string) {
    super(memberId, myCustomkeyStore);
  }
}

But KeyStoreCryptoEngine is not exported by @token-io/tpp neither is any other except for the filesystem one (inside of TokenClient). I know it is exported from @token-io/core but since it uses esmodules and flow, I can't use it from my nodejs without transpiling.