@avaprotocol/sdk-js 3.0.0 → 3.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/dist/index.js +35 -8
- package/dist/index.mjs +35 -8
- package/dist/v4/auth.d.ts +18 -5
- package/dist/v4/auth.d.ts.map +1 -1
- package/dist/v4/auth.js +28 -12
- package/dist/v4/resources/auth.d.ts +8 -5
- package/dist/v4/resources/auth.d.ts.map +1 -1
- package/dist/v4/resources/auth.js +7 -5
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# @avaprotocol/sdk-js
|
|
2
2
|
|
|
3
|
+
## 3.1.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- 3b4e2df: fix: `buildAuthMessage`, `signAuthMessage`, and `AuthResource.exchangeWithKey` now require a `uri` parameter (the origin URL the user is authenticating against). This replaces the previously hardcoded `https://app.avaprotocol.org` value so wallet popups display the correct site. The `uri` value is validated as a non-empty, syntactically valid URL at runtime; whitespace-only strings and non-URL values throw immediately.
|
|
8
|
+
|
|
3
9
|
## 3.0.0
|
|
4
10
|
|
|
5
11
|
### Major Changes — REST cutover
|
package/dist/index.js
CHANGED
|
@@ -195,13 +195,26 @@ var Transport = class {
|
|
|
195
195
|
var import_ethers = require("ethers");
|
|
196
196
|
var AUTH_TEMPLATE = `Please sign the below text for ownership verification.
|
|
197
197
|
|
|
198
|
-
URI:
|
|
198
|
+
URI: {uri}
|
|
199
199
|
Chain ID: {chainId}
|
|
200
200
|
Version: {version}
|
|
201
201
|
Issued At: {issuedAt}
|
|
202
202
|
Expire At: {expireAt}
|
|
203
203
|
Wallet: {wallet}`;
|
|
204
204
|
function buildAuthMessage(input) {
|
|
205
|
+
const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
|
|
206
|
+
if (!trimmedUri) {
|
|
207
|
+
throw new Error(
|
|
208
|
+
"buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin)."
|
|
209
|
+
);
|
|
210
|
+
}
|
|
211
|
+
try {
|
|
212
|
+
new URL(trimmedUri);
|
|
213
|
+
} catch {
|
|
214
|
+
throw new Error(
|
|
215
|
+
"buildAuthMessage: uri must be a valid URL (e.g. window.location.origin)."
|
|
216
|
+
);
|
|
217
|
+
}
|
|
205
218
|
if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
|
|
206
219
|
throw new Error(
|
|
207
220
|
"buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain)."
|
|
@@ -215,18 +228,30 @@ function buildAuthMessage(input) {
|
|
|
215
228
|
const issuedAt = input.issuedAt ?? /* @__PURE__ */ new Date();
|
|
216
229
|
const expireAt = input.expireAt ?? new Date(issuedAt.getTime() + 24 * 60 * 60 * 1e3);
|
|
217
230
|
const ownerAddress = (0, import_ethers.getAddress)(input.ownerAddress);
|
|
218
|
-
const
|
|
231
|
+
const replacements = {
|
|
232
|
+
"{uri}": trimmedUri,
|
|
233
|
+
"{chainId}": String(input.chainId),
|
|
234
|
+
"{version}": input.version,
|
|
235
|
+
"{issuedAt}": toRFC3339Millis(issuedAt),
|
|
236
|
+
"{expireAt}": toRFC3339Millis(expireAt),
|
|
237
|
+
"{wallet}": ownerAddress
|
|
238
|
+
};
|
|
239
|
+
const message = AUTH_TEMPLATE.replace(
|
|
240
|
+
/\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g,
|
|
241
|
+
(m) => replacements[m]
|
|
242
|
+
);
|
|
219
243
|
return { message, chainId: input.chainId, ownerAddress, expireAt };
|
|
220
244
|
}
|
|
221
245
|
async function signAuthMessage(privateKey, input) {
|
|
222
246
|
if (input == null || typeof input !== "object") {
|
|
223
247
|
throw new Error(
|
|
224
|
-
"signAuthMessage: input is required \u2014 pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check())."
|
|
248
|
+
"signAuthMessage: input is required \u2014 pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check())."
|
|
225
249
|
);
|
|
226
250
|
}
|
|
227
251
|
const signer = new import_ethers.Wallet(privateKey);
|
|
228
252
|
const built = buildAuthMessage({
|
|
229
253
|
ownerAddress: input.ownerAddress ?? signer.address,
|
|
254
|
+
uri: input.uri,
|
|
230
255
|
chainId: input.chainId,
|
|
231
256
|
version: input.version,
|
|
232
257
|
issuedAt: input.issuedAt,
|
|
@@ -273,11 +298,13 @@ var AuthResource = class {
|
|
|
273
298
|
* callers should use `buildAuthMessage` + a wallet's
|
|
274
299
|
* `personal_sign` and then call `exchange()` directly.
|
|
275
300
|
*
|
|
276
|
-
* `chainId
|
|
277
|
-
* `buildAuthMessage` —
|
|
278
|
-
* mis-route
|
|
279
|
-
* `version` is the gateway binary version;
|
|
280
|
-
* is the `version` field returned by
|
|
301
|
+
* `uri`, `chainId`, and `version` are required for the same reasons
|
|
302
|
+
* as `buildAuthMessage` — silent defaults would lie about the origin
|
|
303
|
+
* the user is signing for, mis-route wallet RPCs, or hide which
|
|
304
|
+
* gateway minted the JWT. `version` is the gateway binary version;
|
|
305
|
+
* the simplest source is the `version` field returned by
|
|
306
|
+
* `client.health.check()`. `uri` is the calling origin (the studio
|
|
307
|
+
* URL the user is on right now).
|
|
281
308
|
*/
|
|
282
309
|
async exchangeWithKey(privateKey, opts) {
|
|
283
310
|
const signed = await signAuthMessage(privateKey, opts);
|
package/dist/index.mjs
CHANGED
|
@@ -149,13 +149,26 @@ var Transport = class {
|
|
|
149
149
|
import { Wallet, getAddress } from "ethers";
|
|
150
150
|
var AUTH_TEMPLATE = `Please sign the below text for ownership verification.
|
|
151
151
|
|
|
152
|
-
URI:
|
|
152
|
+
URI: {uri}
|
|
153
153
|
Chain ID: {chainId}
|
|
154
154
|
Version: {version}
|
|
155
155
|
Issued At: {issuedAt}
|
|
156
156
|
Expire At: {expireAt}
|
|
157
157
|
Wallet: {wallet}`;
|
|
158
158
|
function buildAuthMessage(input) {
|
|
159
|
+
const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
|
|
160
|
+
if (!trimmedUri) {
|
|
161
|
+
throw new Error(
|
|
162
|
+
"buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin)."
|
|
163
|
+
);
|
|
164
|
+
}
|
|
165
|
+
try {
|
|
166
|
+
new URL(trimmedUri);
|
|
167
|
+
} catch {
|
|
168
|
+
throw new Error(
|
|
169
|
+
"buildAuthMessage: uri must be a valid URL (e.g. window.location.origin)."
|
|
170
|
+
);
|
|
171
|
+
}
|
|
159
172
|
if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
|
|
160
173
|
throw new Error(
|
|
161
174
|
"buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain)."
|
|
@@ -169,18 +182,30 @@ function buildAuthMessage(input) {
|
|
|
169
182
|
const issuedAt = input.issuedAt ?? /* @__PURE__ */ new Date();
|
|
170
183
|
const expireAt = input.expireAt ?? new Date(issuedAt.getTime() + 24 * 60 * 60 * 1e3);
|
|
171
184
|
const ownerAddress = getAddress(input.ownerAddress);
|
|
172
|
-
const
|
|
185
|
+
const replacements = {
|
|
186
|
+
"{uri}": trimmedUri,
|
|
187
|
+
"{chainId}": String(input.chainId),
|
|
188
|
+
"{version}": input.version,
|
|
189
|
+
"{issuedAt}": toRFC3339Millis(issuedAt),
|
|
190
|
+
"{expireAt}": toRFC3339Millis(expireAt),
|
|
191
|
+
"{wallet}": ownerAddress
|
|
192
|
+
};
|
|
193
|
+
const message = AUTH_TEMPLATE.replace(
|
|
194
|
+
/\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g,
|
|
195
|
+
(m) => replacements[m]
|
|
196
|
+
);
|
|
173
197
|
return { message, chainId: input.chainId, ownerAddress, expireAt };
|
|
174
198
|
}
|
|
175
199
|
async function signAuthMessage(privateKey, input) {
|
|
176
200
|
if (input == null || typeof input !== "object") {
|
|
177
201
|
throw new Error(
|
|
178
|
-
"signAuthMessage: input is required \u2014 pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check())."
|
|
202
|
+
"signAuthMessage: input is required \u2014 pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check())."
|
|
179
203
|
);
|
|
180
204
|
}
|
|
181
205
|
const signer = new Wallet(privateKey);
|
|
182
206
|
const built = buildAuthMessage({
|
|
183
207
|
ownerAddress: input.ownerAddress ?? signer.address,
|
|
208
|
+
uri: input.uri,
|
|
184
209
|
chainId: input.chainId,
|
|
185
210
|
version: input.version,
|
|
186
211
|
issuedAt: input.issuedAt,
|
|
@@ -227,11 +252,13 @@ var AuthResource = class {
|
|
|
227
252
|
* callers should use `buildAuthMessage` + a wallet's
|
|
228
253
|
* `personal_sign` and then call `exchange()` directly.
|
|
229
254
|
*
|
|
230
|
-
* `chainId
|
|
231
|
-
* `buildAuthMessage` —
|
|
232
|
-
* mis-route
|
|
233
|
-
* `version` is the gateway binary version;
|
|
234
|
-
* is the `version` field returned by
|
|
255
|
+
* `uri`, `chainId`, and `version` are required for the same reasons
|
|
256
|
+
* as `buildAuthMessage` — silent defaults would lie about the origin
|
|
257
|
+
* the user is signing for, mis-route wallet RPCs, or hide which
|
|
258
|
+
* gateway minted the JWT. `version` is the gateway binary version;
|
|
259
|
+
* the simplest source is the `version` field returned by
|
|
260
|
+
* `client.health.check()`. `uri` is the calling origin (the studio
|
|
261
|
+
* URL the user is on right now).
|
|
235
262
|
*/
|
|
236
263
|
async exchangeWithKey(privateKey, opts) {
|
|
237
264
|
const signed = await signAuthMessage(privateKey, opts);
|
package/dist/v4/auth.d.ts
CHANGED
|
@@ -6,10 +6,21 @@
|
|
|
6
6
|
* (build + sign) so non-SDK callers (web wallets, smart-account
|
|
7
7
|
* signers) can produce a message that exchanges cleanly.
|
|
8
8
|
*/
|
|
9
|
-
export declare const AUTH_TEMPLATE = "Please sign the below text for ownership verification.\n\nURI:
|
|
9
|
+
export declare const AUTH_TEMPLATE = "Please sign the below text for ownership verification.\n\nURI: {uri}\nChain ID: {chainId}\nVersion: {version}\nIssued At: {issuedAt}\nExpire At: {expireAt}\nWallet: {wallet}";
|
|
10
10
|
export interface BuildAuthMessageInput {
|
|
11
11
|
/** EOA the JWT will be bound to. Lowercased / checksummed both work. */
|
|
12
12
|
ownerAddress: string;
|
|
13
|
+
/**
|
|
14
|
+
* Origin URL the user is authenticating against. Required — callers
|
|
15
|
+
* MUST pass the actual studio/app origin the user is on right now
|
|
16
|
+
* (e.g. `https://app.avaprotocol.org` in production, `http://localhost:3000`
|
|
17
|
+
* in local dev). Shows up in the wallet popup as the "site" the user
|
|
18
|
+
* is granting access to, so a dishonest value reads as a phishing
|
|
19
|
+
* attempt or a config bug. The aggregator currently does not validate
|
|
20
|
+
* this field, but it's a candidate for cross-origin replay protection
|
|
21
|
+
* if it's ever turned on server-side.
|
|
22
|
+
*/
|
|
23
|
+
uri: string;
|
|
13
24
|
/**
|
|
14
25
|
* Chain ID to embed in the canonical message. Required — callers
|
|
15
26
|
* MUST pass the user's currently-connected wallet chain (e.g.
|
|
@@ -52,7 +63,8 @@ export interface BuiltAuthMessage {
|
|
|
52
63
|
* @example
|
|
53
64
|
* const { version } = await client.health.check();
|
|
54
65
|
* const chainId = await wallet.getChainId();
|
|
55
|
-
* const
|
|
66
|
+
* const uri = window.location.origin; // or the studio's getSiteUrlOrDefault()
|
|
67
|
+
* const { message } = buildAuthMessage({ ownerAddress, uri, chainId, version });
|
|
56
68
|
* const signature = await wallet.signMessage(message);
|
|
57
69
|
* const { token } = await client.auth.exchange({ ownerAddress, message, signature });
|
|
58
70
|
*/
|
|
@@ -64,9 +76,10 @@ export declare function buildAuthMessage(input: BuildAuthMessageInput): BuiltAut
|
|
|
64
76
|
* where the private key is in hand; browser flows use
|
|
65
77
|
* `buildAuthMessage` + a wallet's `personal_sign`.
|
|
66
78
|
*
|
|
67
|
-
* `chainId
|
|
68
|
-
* `buildAuthMessage` — silent defaults would lie about the
|
|
69
|
-
* the JWT is bound to
|
|
79
|
+
* `uri`, `chainId`, and `version` are required for the same reasons as
|
|
80
|
+
* `buildAuthMessage` — silent defaults would lie about the origin the
|
|
81
|
+
* user is signing for, the chain the JWT is bound to, or the gateway
|
|
82
|
+
* it was signed against.
|
|
70
83
|
*/
|
|
71
84
|
export declare function signAuthMessage(privateKey: string, input: Omit<BuildAuthMessageInput, "ownerAddress"> & {
|
|
72
85
|
ownerAddress?: string;
|
package/dist/v4/auth.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/v4/auth.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,eAAO,MAAM,aAAa,
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/v4/auth.ts"],"names":[],"mappings":"AAEA;;;;;;;GAOG;AACH,eAAO,MAAM,aAAa,kLAOT,CAAC;AAElB,MAAM,WAAW,qBAAqB;IACpC,wEAAwE;IACxE,YAAY,EAAE,MAAM,CAAC;IACrB;;;;;;;;;OASG;IACH,GAAG,EAAE,MAAM,CAAC;IACZ;;;;;;;;;;;;;OAaG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB;;;;;;OAMG;IACH,OAAO,EAAE,MAAM,CAAC;IAChB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,IAAI,CAAC;IAChB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,IAAI,CAAC;CACjB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,IAAI,CAAC;CACzB;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,qBAAqB,GAAG,gBAAgB,CA0C/E;AAED;;;;;;;;;;;GAWG;AACH,wBAAsB,eAAe,CACnC,UAAU,EAAE,MAAM,EAClB,KAAK,EAAE,IAAI,CAAC,qBAAqB,EAAE,cAAc,CAAC,GAAG;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GAC7E,OAAO,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,IAAI,CAAA;CAAE,CAAC,CA4BvF"}
|
package/dist/v4/auth.js
CHANGED
|
@@ -9,7 +9,7 @@ import { Wallet, getAddress } from "ethers";
|
|
|
9
9
|
*/
|
|
10
10
|
export const AUTH_TEMPLATE = `Please sign the below text for ownership verification.
|
|
11
11
|
|
|
12
|
-
URI:
|
|
12
|
+
URI: {uri}
|
|
13
13
|
Chain ID: {chainId}
|
|
14
14
|
Version: {version}
|
|
15
15
|
Issued At: {issuedAt}
|
|
@@ -23,11 +23,22 @@ Wallet: {wallet}`;
|
|
|
23
23
|
* @example
|
|
24
24
|
* const { version } = await client.health.check();
|
|
25
25
|
* const chainId = await wallet.getChainId();
|
|
26
|
-
* const
|
|
26
|
+
* const uri = window.location.origin; // or the studio's getSiteUrlOrDefault()
|
|
27
|
+
* const { message } = buildAuthMessage({ ownerAddress, uri, chainId, version });
|
|
27
28
|
* const signature = await wallet.signMessage(message);
|
|
28
29
|
* const { token } = await client.auth.exchange({ ownerAddress, message, signature });
|
|
29
30
|
*/
|
|
30
31
|
export function buildAuthMessage(input) {
|
|
32
|
+
const trimmedUri = typeof input.uri === "string" ? input.uri.trim() : "";
|
|
33
|
+
if (!trimmedUri) {
|
|
34
|
+
throw new Error("buildAuthMessage: uri must be a non-empty string (the origin the user is signing into, e.g. window.location.origin).");
|
|
35
|
+
}
|
|
36
|
+
try {
|
|
37
|
+
new URL(trimmedUri);
|
|
38
|
+
}
|
|
39
|
+
catch {
|
|
40
|
+
throw new Error("buildAuthMessage: uri must be a valid URL (e.g. window.location.origin).");
|
|
41
|
+
}
|
|
31
42
|
if (!Number.isInteger(input.chainId) || input.chainId <= 0) {
|
|
32
43
|
throw new Error("buildAuthMessage: chainId must be a positive integer (the wallet's currently-connected chain).");
|
|
33
44
|
}
|
|
@@ -39,12 +50,15 @@ export function buildAuthMessage(input) {
|
|
|
39
50
|
// Canonicalize the address so the wire form matches what the
|
|
40
51
|
// aggregator extracts via crypto.PubkeyToAddress.
|
|
41
52
|
const ownerAddress = getAddress(input.ownerAddress);
|
|
42
|
-
const
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
53
|
+
const replacements = {
|
|
54
|
+
"{uri}": trimmedUri,
|
|
55
|
+
"{chainId}": String(input.chainId),
|
|
56
|
+
"{version}": input.version,
|
|
57
|
+
"{issuedAt}": toRFC3339Millis(issuedAt),
|
|
58
|
+
"{expireAt}": toRFC3339Millis(expireAt),
|
|
59
|
+
"{wallet}": ownerAddress,
|
|
60
|
+
};
|
|
61
|
+
const message = AUTH_TEMPLATE.replace(/\{uri\}|\{chainId\}|\{version\}|\{issuedAt\}|\{expireAt\}|\{wallet\}/g, (m) => replacements[m]);
|
|
48
62
|
return { message, chainId: input.chainId, ownerAddress, expireAt };
|
|
49
63
|
}
|
|
50
64
|
/**
|
|
@@ -54,9 +68,10 @@ export function buildAuthMessage(input) {
|
|
|
54
68
|
* where the private key is in hand; browser flows use
|
|
55
69
|
* `buildAuthMessage` + a wallet's `personal_sign`.
|
|
56
70
|
*
|
|
57
|
-
* `chainId
|
|
58
|
-
* `buildAuthMessage` — silent defaults would lie about the
|
|
59
|
-
* the JWT is bound to
|
|
71
|
+
* `uri`, `chainId`, and `version` are required for the same reasons as
|
|
72
|
+
* `buildAuthMessage` — silent defaults would lie about the origin the
|
|
73
|
+
* user is signing for, the chain the JWT is bound to, or the gateway
|
|
74
|
+
* it was signed against.
|
|
60
75
|
*/
|
|
61
76
|
export async function signAuthMessage(privateKey, input) {
|
|
62
77
|
// Defensive runtime guard for JS callers / TS callers casting through
|
|
@@ -64,11 +79,12 @@ export async function signAuthMessage(privateKey, input) {
|
|
|
64
79
|
// undefined" inside buildAuthMessage. The type-level requirement
|
|
65
80
|
// stands; this just makes the breaking-change error legible.
|
|
66
81
|
if (input == null || typeof input !== "object") {
|
|
67
|
-
throw new Error("signAuthMessage: input is required — pass { chainId, version } (chainId from the wallet's connected chain, version from client.health.check()).");
|
|
82
|
+
throw new Error("signAuthMessage: input is required — pass { uri, chainId, version } (uri from the calling origin, chainId from the wallet's connected chain, version from client.health.check()).");
|
|
68
83
|
}
|
|
69
84
|
const signer = new Wallet(privateKey);
|
|
70
85
|
const built = buildAuthMessage({
|
|
71
86
|
ownerAddress: input.ownerAddress ?? signer.address,
|
|
87
|
+
uri: input.uri,
|
|
72
88
|
chainId: input.chainId,
|
|
73
89
|
version: input.version,
|
|
74
90
|
issuedAt: input.issuedAt,
|
|
@@ -25,14 +25,17 @@ export declare class AuthResource {
|
|
|
25
25
|
* callers should use `buildAuthMessage` + a wallet's
|
|
26
26
|
* `personal_sign` and then call `exchange()` directly.
|
|
27
27
|
*
|
|
28
|
-
* `chainId
|
|
29
|
-
* `buildAuthMessage` —
|
|
30
|
-
* mis-route
|
|
31
|
-
* `version` is the gateway binary version;
|
|
32
|
-
* is the `version` field returned by
|
|
28
|
+
* `uri`, `chainId`, and `version` are required for the same reasons
|
|
29
|
+
* as `buildAuthMessage` — silent defaults would lie about the origin
|
|
30
|
+
* the user is signing for, mis-route wallet RPCs, or hide which
|
|
31
|
+
* gateway minted the JWT. `version` is the gateway binary version;
|
|
32
|
+
* the simplest source is the `version` field returned by
|
|
33
|
+
* `client.health.check()`. `uri` is the calling origin (the studio
|
|
34
|
+
* URL the user is on right now).
|
|
33
35
|
*/
|
|
34
36
|
exchangeWithKey(privateKey: string, opts: {
|
|
35
37
|
ownerAddress?: string;
|
|
38
|
+
uri: string;
|
|
36
39
|
chainId: number;
|
|
37
40
|
version: string;
|
|
38
41
|
}): Promise<v4.AuthExchangeResponse>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/v4/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAG7C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD;;;;;;;GAOG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAEjD;;;;;OAKG;IACG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,GAAG,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IAY7E
|
|
1
|
+
{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/v4/resources/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,oBAAoB,CAAC;AAG7C,OAAO,EAAE,SAAS,EAAE,MAAM,uBAAuB,CAAC;AAElD;;;;;;;GAOG;AACH,qBAAa,YAAY;IACX,OAAO,CAAC,QAAQ,CAAC,SAAS;gBAAT,SAAS,EAAE,SAAS;IAEjD;;;;;OAKG;IACG,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,mBAAmB,GAAG,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IAY7E;;;;;;;;;;;;;;OAcG;IACG,eAAe,CACnB,UAAU,EAAE,MAAM,EAClB,IAAI,EAAE;QAAE,YAAY,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAC7E,OAAO,CAAC,EAAE,CAAC,oBAAoB,CAAC;IASnC;;;OAGG;IACH,KAAK,IAAI,IAAI;CAGd"}
|
|
@@ -35,11 +35,13 @@ export class AuthResource {
|
|
|
35
35
|
* callers should use `buildAuthMessage` + a wallet's
|
|
36
36
|
* `personal_sign` and then call `exchange()` directly.
|
|
37
37
|
*
|
|
38
|
-
* `chainId
|
|
39
|
-
* `buildAuthMessage` —
|
|
40
|
-
* mis-route
|
|
41
|
-
* `version` is the gateway binary version;
|
|
42
|
-
* is the `version` field returned by
|
|
38
|
+
* `uri`, `chainId`, and `version` are required for the same reasons
|
|
39
|
+
* as `buildAuthMessage` — silent defaults would lie about the origin
|
|
40
|
+
* the user is signing for, mis-route wallet RPCs, or hide which
|
|
41
|
+
* gateway minted the JWT. `version` is the gateway binary version;
|
|
42
|
+
* the simplest source is the `version` field returned by
|
|
43
|
+
* `client.health.check()`. `uri` is the calling origin (the studio
|
|
44
|
+
* URL the user is on right now).
|
|
43
45
|
*/
|
|
44
46
|
async exchangeWithKey(privateKey, opts) {
|
|
45
47
|
const signed = await signAuthMessage(privateKey, opts);
|
package/package.json
CHANGED