@canton-network/wallet-gateway-remote 0.21.0 → 0.23.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -3
- package/dist/auth/jwt-auth-service.d.ts.map +1 -1
- package/dist/auth/jwt-auth-service.js +23 -3
- package/dist/auth/jwt-unsafe-auth-service.d.ts.map +1 -1
- package/dist/auth/jwt-unsafe-auth-service.js +7 -1
- package/dist/config/Config.d.ts +145 -0
- package/dist/config/Config.d.ts.map +1 -1
- package/dist/config/Config.js +18 -2
- package/dist/config/Config.test.js +4 -1
- package/dist/config/ConfigUtils.d.ts.map +1 -1
- package/dist/config/ConfigUtils.js +41 -2
- package/dist/dapp-api/controller.d.ts.map +1 -1
- package/dist/dapp-api/controller.js +7 -14
- package/dist/dapp-api/rpc-gen/typings.d.ts +32 -5
- package/dist/dapp-api/rpc-gen/typings.d.ts.map +1 -1
- package/dist/env.d.ts +19 -0
- package/dist/env.d.ts.map +1 -0
- package/dist/env.js +16 -0
- package/dist/example-config.d.ts +3 -1
- package/dist/example-config.d.ts.map +1 -1
- package/dist/example-config.js +3 -3
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -2
- package/dist/init.d.ts.map +1 -1
- package/dist/init.js +8 -18
- package/dist/ledger/party-allocation-service.d.ts.map +1 -1
- package/dist/ledger/party-allocation-service.js +3 -0
- package/dist/ledger/transaction-service.d.ts +22 -0
- package/dist/ledger/transaction-service.d.ts.map +1 -0
- package/dist/ledger/transaction-service.js +296 -0
- package/dist/ledger/wallet-allocation/signing-providers/blockdaemon-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/blockdaemon-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/fireblocks-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/fireblocks-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/kernel-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/kernel-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/signing-providers/participant-wallet-allocator.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/signing-providers/participant-wallet-allocator.js +1 -0
- package/dist/ledger/wallet-allocation/wallet-allocation-service.d.ts +2 -2
- package/dist/ledger/wallet-allocation/wallet-allocation-service.d.ts.map +1 -1
- package/dist/ledger/wallet-allocation/wallet-allocation-service.js +10 -4
- package/dist/ledger/wallet-allocation/wallet-allocation-service.test.js +13 -12
- package/dist/ledger/wallet-sync-service.d.ts +4 -1
- package/dist/ledger/wallet-sync-service.d.ts.map +1 -1
- package/dist/ledger/wallet-sync-service.js +97 -18
- package/dist/ledger/wallet-sync-service.test.js +79 -0
- package/dist/user-api/controller.d.ts.map +1 -1
- package/dist/user-api/controller.js +79 -168
- package/dist/user-api/rpc-gen/typings.d.ts +41 -6
- package/dist/user-api/rpc-gen/typings.d.ts.map +1 -1
- package/dist/web/frontend/404/index.html +2 -2
- package/dist/web/frontend/approve/index.html +5 -4
- package/dist/web/frontend/assets/{404-C-OWOQ3D.js → 404-CwWne4gl.js} +2 -2
- package/dist/web/frontend/assets/approve-sXtkk0nx.js +20 -0
- package/dist/web/frontend/assets/{callback-Bev8B02C.js → callback-5r0xYoAY.js} +1 -1
- package/dist/web/frontend/assets/index-BY0dSIJ0.js +1698 -0
- package/dist/web/frontend/assets/index-C4_-rNJw.js +1 -0
- package/dist/web/frontend/assets/login-DwOvzCWW.js +7 -0
- package/dist/web/frontend/assets/settings-lXZlQ6-V.js +37 -0
- package/dist/web/frontend/assets/{state-BZtCpgb6.js → state-Zh2baU_h.js} +1 -1
- package/dist/web/frontend/assets/{transactions-n26INLpW.js → transactions-gLP4M5t0.js} +2 -2
- package/dist/web/frontend/assets/{utils-DqekxUsS.js → utils-CI12TM_E.js} +1 -1
- package/dist/web/frontend/assets/{wallets-dk9ilN4k.js → wallets-Cmwexted.js} +2 -2
- package/dist/web/frontend/callback/index.html +2 -2
- package/dist/web/frontend/index.html +1 -1
- package/dist/web/frontend/login/index.html +4 -3
- package/dist/web/frontend/settings/index.html +3 -3
- package/dist/web/frontend/transactions/index.html +4 -4
- package/dist/web/frontend/wallets/index.html +4 -4
- package/package.json +21 -20
- package/dist/web/frontend/assets/approve-CPkaFbuR.js +0 -17
- package/dist/web/frontend/assets/index-CZYV-CqB.js +0 -1679
- package/dist/web/frontend/assets/login-D2fXBXBX.js +0 -7
- package/dist/web/frontend/assets/settings-laHcyEOv.js +0 -37
package/README.md
CHANGED
|
@@ -48,9 +48,7 @@ The JSON-RPC API specs from `api-specs/` are generated into strongly-typed metho
|
|
|
48
48
|
|
|
49
49
|
1. Complete steps 1–3 from the instructions at https://github.com/hyperledger-labs/splice-wallet-kernel/tree/main/core/signing-fireblocks
|
|
50
50
|
|
|
51
|
-
2.
|
|
52
|
-
|
|
53
|
-
3. Create a file named `fireblocks_api.key` at the path `/splice-wallet-kernel/wallet-gateway/remote` and insert your Fireblocks API key into it (get it from `API User (ID)` column in fireblocks api users table). Make sure file doesn't end with new line character.
|
|
51
|
+
2. set the environment variable `FIREBLOCKS_API_KEY` (get it from `API User (ID)` column in fireblocks api users table).
|
|
54
52
|
|
|
55
53
|
## Postgres connection
|
|
56
54
|
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-auth-service.d.ts","sourceRoot":"","sources":["../../src/auth/jwt-auth-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,OAAO,KAAK,EAAE,QAAQ,MAAM,KAAG,
|
|
1
|
+
{"version":3,"file":"jwt-auth-service.d.ts","sourceRoot":"","sources":["../../src/auth/jwt-auth-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAE,MAAM,kCAAkC,CAAA;AAC9D,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,OAAO,KAAK,EAAE,QAAQ,MAAM,KAAG,WAwF5D,CAAA"}
|
|
@@ -9,6 +9,12 @@ import { createRemoteJWKSet, decodeJwt, jwtVerify } from 'jose';
|
|
|
9
9
|
*/
|
|
10
10
|
export const jwtAuthService = (store, logger) => ({
|
|
11
11
|
verifyToken: async (accessToken) => {
|
|
12
|
+
const getEmail = (value) => {
|
|
13
|
+
if (typeof value !== 'string' || value.length === 0) {
|
|
14
|
+
return undefined;
|
|
15
|
+
}
|
|
16
|
+
return value;
|
|
17
|
+
};
|
|
12
18
|
if (!accessToken || !accessToken.startsWith('Bearer ')) {
|
|
13
19
|
return undefined;
|
|
14
20
|
}
|
|
@@ -39,7 +45,12 @@ export const jwtAuthService = (store, logger) => ({
|
|
|
39
45
|
logger.warn('JWT does not contain a subject');
|
|
40
46
|
return undefined;
|
|
41
47
|
}
|
|
42
|
-
|
|
48
|
+
const email = getEmail(decoded.email);
|
|
49
|
+
return {
|
|
50
|
+
userId: sub,
|
|
51
|
+
accessToken: jwt,
|
|
52
|
+
...(email ? { email } : {}),
|
|
53
|
+
};
|
|
43
54
|
}
|
|
44
55
|
logger.debug(idp, 'Using IDP');
|
|
45
56
|
const response = await fetch(idp.configUrl);
|
|
@@ -51,8 +62,17 @@ export const jwtAuthService = (store, logger) => ({
|
|
|
51
62
|
if (!payload.sub) {
|
|
52
63
|
return undefined;
|
|
53
64
|
}
|
|
54
|
-
logger.debug({
|
|
55
|
-
|
|
65
|
+
logger.debug({
|
|
66
|
+
userId: payload.sub,
|
|
67
|
+
accessToken: jwt,
|
|
68
|
+
email: getEmail(decoded.email),
|
|
69
|
+
}, 'JWT verified');
|
|
70
|
+
const email = getEmail(decoded.email);
|
|
71
|
+
return {
|
|
72
|
+
userId: payload.sub,
|
|
73
|
+
accessToken: jwt,
|
|
74
|
+
...(email ? { email } : {}),
|
|
75
|
+
};
|
|
56
76
|
}
|
|
57
77
|
catch (error) {
|
|
58
78
|
if (error instanceof Error) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-unsafe-auth-service.d.ts","sourceRoot":"","sources":["../../src/auth/jwt-unsafe-auth-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,
|
|
1
|
+
{"version":3,"file":"jwt-unsafe-auth-service.d.ts","sourceRoot":"","sources":["../../src/auth/jwt-unsafe-auth-service.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,WAAW,EAAgB,MAAM,kCAAkC,CAAA;AAC5E,OAAO,EAAE,KAAK,EAAE,MAAM,mCAAmC,CAAA;AAEzD,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAE7B;;;;;GAKG;AACH,eAAO,MAAM,cAAc,GAAI,OAAO,KAAK,EAAE,QAAQ,MAAM,KAAG,WA2D5D,CAAA"}
|
|
@@ -1,5 +1,6 @@
|
|
|
1
1
|
// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
|
+
import { jwtUserEmail } from '@canton-network/core-wallet-auth';
|
|
3
4
|
import { decodeJwt } from 'jose';
|
|
4
5
|
/**
|
|
5
6
|
* Creates an AuthService that verifies unsafe JWT tokens.
|
|
@@ -41,8 +42,13 @@ export const jwtAuthService = (store, logger) => ({
|
|
|
41
42
|
logger.warn(`Cannot verify token for non-self-signed IDP: ${iss}`);
|
|
42
43
|
return undefined;
|
|
43
44
|
}
|
|
45
|
+
const email = jwtUserEmail(jwt);
|
|
44
46
|
// TODO: Verify JWT signature using idp.clientSecret / idp.admin.clientSecret
|
|
45
|
-
return {
|
|
47
|
+
return {
|
|
48
|
+
userId: sub,
|
|
49
|
+
accessToken: jwt,
|
|
50
|
+
...(email ? { email } : {}),
|
|
51
|
+
};
|
|
46
52
|
}
|
|
47
53
|
catch (error) {
|
|
48
54
|
if (error instanceof Error) {
|
package/dist/config/Config.d.ts
CHANGED
|
@@ -15,6 +15,150 @@ export declare const serverConfigSchema: z.ZodObject<{
|
|
|
15
15
|
requestRateLimit: z.ZodDefault<z.ZodNumber>;
|
|
16
16
|
admin: z.ZodOptional<z.ZodString>;
|
|
17
17
|
}, z.core.$strip>;
|
|
18
|
+
export declare const rawConfigSchema: z.ZodObject<{
|
|
19
|
+
kernel: z.ZodObject<{
|
|
20
|
+
id: z.ZodString;
|
|
21
|
+
publicUrl: z.ZodOptional<z.ZodString>;
|
|
22
|
+
clientType: z.ZodUnion<readonly [z.ZodLiteral<"browser">, z.ZodLiteral<"desktop">, z.ZodLiteral<"mobile">, z.ZodLiteral<"remote">]>;
|
|
23
|
+
}, z.core.$strip>;
|
|
24
|
+
server: z.ZodPipe<z.ZodTransform<{}, unknown>, z.ZodObject<{
|
|
25
|
+
port: z.ZodDefault<z.ZodNumber>;
|
|
26
|
+
dappPath: z.ZodDefault<z.ZodString>;
|
|
27
|
+
userPath: z.ZodDefault<z.ZodString>;
|
|
28
|
+
allowedOrigins: z.ZodDefault<z.ZodUnion<readonly [z.ZodLiteral<"*">, z.ZodArray<z.ZodString>]>>;
|
|
29
|
+
host: z.ZodOptional<z.ZodString>;
|
|
30
|
+
tls: z.ZodOptional<z.ZodBoolean>;
|
|
31
|
+
requestSizeLimit: z.ZodDefault<z.ZodString>;
|
|
32
|
+
requestRateLimit: z.ZodDefault<z.ZodNumber>;
|
|
33
|
+
admin: z.ZodOptional<z.ZodString>;
|
|
34
|
+
}, z.core.$strip>>;
|
|
35
|
+
store: z.ZodObject<{
|
|
36
|
+
connection: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
37
|
+
type: z.ZodLiteral<"memory">;
|
|
38
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
39
|
+
type: z.ZodLiteral<"sqlite">;
|
|
40
|
+
database: z.ZodString;
|
|
41
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
42
|
+
type: z.ZodLiteral<"postgres">;
|
|
43
|
+
host: z.ZodString;
|
|
44
|
+
port: z.ZodNumber;
|
|
45
|
+
user: z.ZodString;
|
|
46
|
+
password: z.ZodString;
|
|
47
|
+
database: z.ZodString;
|
|
48
|
+
}, z.core.$strip>], "type">;
|
|
49
|
+
}, z.core.$strip>;
|
|
50
|
+
signingStore: z.ZodObject<{
|
|
51
|
+
connection: z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
52
|
+
type: z.ZodLiteral<"memory">;
|
|
53
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
54
|
+
type: z.ZodLiteral<"sqlite">;
|
|
55
|
+
database: z.ZodString;
|
|
56
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
57
|
+
type: z.ZodLiteral<"postgres">;
|
|
58
|
+
host: z.ZodString;
|
|
59
|
+
port: z.ZodNumber;
|
|
60
|
+
user: z.ZodString;
|
|
61
|
+
password: z.ZodString;
|
|
62
|
+
database: z.ZodString;
|
|
63
|
+
}, z.core.$strip>], "type">;
|
|
64
|
+
}, z.core.$strip>;
|
|
65
|
+
bootstrap: z.ZodObject<{
|
|
66
|
+
idps: z.ZodArray<z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
67
|
+
id: z.ZodString;
|
|
68
|
+
type: z.ZodLiteral<"self_signed">;
|
|
69
|
+
issuer: z.ZodString;
|
|
70
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
71
|
+
id: z.ZodString;
|
|
72
|
+
type: z.ZodLiteral<"oauth">;
|
|
73
|
+
issuer: z.ZodString;
|
|
74
|
+
configUrl: z.ZodString;
|
|
75
|
+
}, z.core.$strip>], "type">>;
|
|
76
|
+
networks: z.ZodArray<z.ZodObject<{
|
|
77
|
+
id: z.ZodString;
|
|
78
|
+
name: z.ZodString;
|
|
79
|
+
description: z.ZodString;
|
|
80
|
+
synchronizerId: z.ZodOptional<z.ZodString>;
|
|
81
|
+
identityProviderId: z.ZodString;
|
|
82
|
+
ledgerApi: z.ZodObject<{
|
|
83
|
+
baseUrl: z.ZodString;
|
|
84
|
+
}, z.core.$strip>;
|
|
85
|
+
auth: z.ZodUnion<readonly [z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
86
|
+
method: z.ZodLiteral<"authorization_code">;
|
|
87
|
+
audience: z.ZodString;
|
|
88
|
+
scope: z.ZodString;
|
|
89
|
+
clientId: z.ZodString;
|
|
90
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
91
|
+
method: z.ZodLiteral<"client_credentials">;
|
|
92
|
+
audience: z.ZodString;
|
|
93
|
+
scope: z.ZodString;
|
|
94
|
+
clientId: z.ZodString;
|
|
95
|
+
clientSecret: z.ZodString;
|
|
96
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
97
|
+
method: z.ZodLiteral<"self_signed">;
|
|
98
|
+
issuer: z.ZodString;
|
|
99
|
+
audience: z.ZodString;
|
|
100
|
+
scope: z.ZodString;
|
|
101
|
+
clientId: z.ZodString;
|
|
102
|
+
clientSecret: z.ZodString;
|
|
103
|
+
}, z.core.$strip>], "method">, z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
104
|
+
method: z.ZodLiteral<"authorization_code">;
|
|
105
|
+
audience: z.ZodString;
|
|
106
|
+
scope: z.ZodString;
|
|
107
|
+
clientId: z.ZodString;
|
|
108
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
109
|
+
method: z.ZodLiteral<"client_credentials">;
|
|
110
|
+
audience: z.ZodString;
|
|
111
|
+
scope: z.ZodString;
|
|
112
|
+
clientId: z.ZodString;
|
|
113
|
+
clientSecretEnv: z.ZodString;
|
|
114
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
115
|
+
method: z.ZodLiteral<"self_signed">;
|
|
116
|
+
issuer: z.ZodString;
|
|
117
|
+
audience: z.ZodString;
|
|
118
|
+
scope: z.ZodString;
|
|
119
|
+
clientId: z.ZodString;
|
|
120
|
+
clientSecretEnv: z.ZodString;
|
|
121
|
+
}, z.core.$strip>], "method">]>;
|
|
122
|
+
adminAuth: z.ZodOptional<z.ZodUnion<readonly [z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
123
|
+
method: z.ZodLiteral<"authorization_code">;
|
|
124
|
+
audience: z.ZodString;
|
|
125
|
+
scope: z.ZodString;
|
|
126
|
+
clientId: z.ZodString;
|
|
127
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
128
|
+
method: z.ZodLiteral<"client_credentials">;
|
|
129
|
+
audience: z.ZodString;
|
|
130
|
+
scope: z.ZodString;
|
|
131
|
+
clientId: z.ZodString;
|
|
132
|
+
clientSecret: z.ZodString;
|
|
133
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
134
|
+
method: z.ZodLiteral<"self_signed">;
|
|
135
|
+
issuer: z.ZodString;
|
|
136
|
+
audience: z.ZodString;
|
|
137
|
+
scope: z.ZodString;
|
|
138
|
+
clientId: z.ZodString;
|
|
139
|
+
clientSecret: z.ZodString;
|
|
140
|
+
}, z.core.$strip>], "method">, z.ZodDiscriminatedUnion<[z.ZodObject<{
|
|
141
|
+
method: z.ZodLiteral<"authorization_code">;
|
|
142
|
+
audience: z.ZodString;
|
|
143
|
+
scope: z.ZodString;
|
|
144
|
+
clientId: z.ZodString;
|
|
145
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
146
|
+
method: z.ZodLiteral<"client_credentials">;
|
|
147
|
+
audience: z.ZodString;
|
|
148
|
+
scope: z.ZodString;
|
|
149
|
+
clientId: z.ZodString;
|
|
150
|
+
clientSecretEnv: z.ZodString;
|
|
151
|
+
}, z.core.$strip>, z.ZodObject<{
|
|
152
|
+
method: z.ZodLiteral<"self_signed">;
|
|
153
|
+
issuer: z.ZodString;
|
|
154
|
+
audience: z.ZodString;
|
|
155
|
+
scope: z.ZodString;
|
|
156
|
+
clientId: z.ZodString;
|
|
157
|
+
clientSecretEnv: z.ZodString;
|
|
158
|
+
}, z.core.$strip>], "method">]>>;
|
|
159
|
+
}, z.core.$strip>>;
|
|
160
|
+
}, z.core.$strip>;
|
|
161
|
+
}, z.core.$strip>;
|
|
18
162
|
export declare const configSchema: z.ZodObject<{
|
|
19
163
|
kernel: z.ZodObject<{
|
|
20
164
|
id: z.ZodString;
|
|
@@ -125,5 +269,6 @@ export declare const configSchema: z.ZodObject<{
|
|
|
125
269
|
}, z.core.$strip>;
|
|
126
270
|
export type KernelInfo = z.infer<typeof kernelInfoSchema>;
|
|
127
271
|
export type ServerConfig = z.infer<typeof serverConfigSchema>;
|
|
272
|
+
export type RawConfig = z.infer<typeof rawConfigSchema>;
|
|
128
273
|
export type Config = z.infer<typeof configSchema>;
|
|
129
274
|
//# sourceMappingURL=Config.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Config.d.ts","sourceRoot":"","sources":["../../src/config/Config.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"Config.d.ts","sourceRoot":"","sources":["../../src/config/Config.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AASvB,eAAO,MAAM,gBAAgB;;;;iBAY3B,CAAA;AAEF,eAAO,MAAM,kBAAkB;;;;;;;;;;iBA0C7B,CAAA;AAcF,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAM1B,CAAA;AAEF,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAMvB,CAAA;AAEF,MAAM,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,gBAAgB,CAAC,CAAA;AACzD,MAAM,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,kBAAkB,CAAC,CAAA;AAC7D,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAA;AACvD,MAAM,MAAM,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,YAAY,CAAC,CAAA"}
|
package/dist/config/Config.js
CHANGED
|
@@ -1,8 +1,9 @@
|
|
|
1
1
|
// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
|
-
import { storeConfigSchema, bootstrapConfigSchema, } from '@canton-network/core-wallet-store';
|
|
4
|
-
import { storeConfigSchema as signingStoreConfigSchema } from '@canton-network/core-signing-store-sql';
|
|
5
3
|
import { z } from 'zod';
|
|
4
|
+
import { storeConfigSchema, bootstrapConfigSchema, networkSchema, } from '@canton-network/core-wallet-store';
|
|
5
|
+
import { storeConfigSchema as signingStoreConfigSchema } from '@canton-network/core-signing-store-sql';
|
|
6
|
+
import { authFromEnvSchema, authSchema } from '@canton-network/core-wallet-auth';
|
|
6
7
|
export const kernelInfoSchema = z.object({
|
|
7
8
|
id: z.string(),
|
|
8
9
|
publicUrl: z.string().optional().meta({
|
|
@@ -51,6 +52,21 @@ export const serverConfigSchema = z.object({
|
|
|
51
52
|
description: 'The JWT claim (e.g. "sub") identifying the admin user. If set, requests with a matching claim will be granted admin privileges.',
|
|
52
53
|
}),
|
|
53
54
|
});
|
|
55
|
+
const authFromEnvOrConfig = z.union([authSchema, authFromEnvSchema]);
|
|
56
|
+
const bootstrapFromEnv = bootstrapConfigSchema.extend({
|
|
57
|
+
networks: z.array(networkSchema.extend({
|
|
58
|
+
auth: authFromEnvOrConfig,
|
|
59
|
+
adminAuth: authFromEnvOrConfig.optional(),
|
|
60
|
+
})),
|
|
61
|
+
});
|
|
62
|
+
// Includes secrets for networks as env vars, rather than defined explicitly
|
|
63
|
+
export const rawConfigSchema = z.object({
|
|
64
|
+
kernel: kernelInfoSchema,
|
|
65
|
+
server: z.preprocess((val) => val ?? {}, serverConfigSchema),
|
|
66
|
+
store: storeConfigSchema,
|
|
67
|
+
signingStore: signingStoreConfigSchema,
|
|
68
|
+
bootstrap: bootstrapFromEnv,
|
|
69
|
+
});
|
|
54
70
|
export const configSchema = z.object({
|
|
55
71
|
kernel: kernelInfoSchema,
|
|
56
72
|
server: z.preprocess((val) => val ?? {}, serverConfigSchema),
|
|
@@ -7,10 +7,13 @@ test('config from json file', async () => {
|
|
|
7
7
|
expect(resp.bootstrap.networks[0].name).toBe('Local (OAuth IDP)');
|
|
8
8
|
expect(resp.bootstrap.networks[0].ledgerApi.baseUrl).toBe('http://127.0.0.1:5003');
|
|
9
9
|
expect(resp.bootstrap.networks[0].auth.clientId).toBe('operator');
|
|
10
|
-
expect(resp.bootstrap.networks[0].auth.scope).toBe('openid daml_ledger_api offline_access');
|
|
10
|
+
expect(resp.bootstrap.networks[0].auth.scope).toBe('openid email daml_ledger_api offline_access');
|
|
11
11
|
expect(resp.bootstrap.networks[0].auth.method).toBe('authorization_code');
|
|
12
12
|
expect(resp.bootstrap.networks[2].auth.method).toBe('client_credentials');
|
|
13
13
|
if (resp.bootstrap.networks[2].auth.method === 'client_credentials') {
|
|
14
14
|
expect(resp.bootstrap.networks[2].auth.audience).toBe('https://daml.com/jwt/aud/participant/participant1::1220d44fc1c3ba0b5bdf7b956ee71bc94ebe2d23258dc268fdf0824fbaeff2c61424');
|
|
15
15
|
}
|
|
16
|
+
if (resp.bootstrap.networks[4].adminAuth?.method === 'client_credentials') {
|
|
17
|
+
expect(resp.bootstrap.networks[4].adminAuth.clientSecret).toBe('devnet_secret_testval');
|
|
18
|
+
}
|
|
16
19
|
});
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ConfigUtils.d.ts","sourceRoot":"","sources":["../../src/config/ConfigUtils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"ConfigUtils.d.ts","sourceRoot":"","sources":["../../src/config/ConfigUtils.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,MAAM,EAA8B,MAAM,aAAa,CAAA;AAGhE,qBAAa,WAAW;IACpB,MAAM,CAAC,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAsDlD;AA+FD,UAAU,IAAI;IACV,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;CACrB;AAOD,eAAO,MAAM,UAAU,GAAI,QAAQ,MAAM,EAAE,OAAO,MAAM,KAAG,IAa1D,CAAA"}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
1
|
// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
2
2
|
// SPDX-License-Identifier: Apache-2.0
|
|
3
3
|
import { readFileSync, existsSync } from 'fs';
|
|
4
|
-
import {
|
|
4
|
+
import { rawConfigSchema } from './Config.js';
|
|
5
|
+
import { Env } from '../env.js';
|
|
5
6
|
export class ConfigUtils {
|
|
6
7
|
static loadConfigFile(filePath) {
|
|
7
8
|
if (existsSync(filePath)) {
|
|
8
|
-
const
|
|
9
|
+
const rawConfig = rawConfigSchema.parse(JSON.parse(readFileSync(filePath, 'utf-8')));
|
|
10
|
+
const config = resolveRawConfig(rawConfig);
|
|
9
11
|
/**
|
|
10
12
|
* Perform extra config validation beyond schema validation.
|
|
11
13
|
* We want to enforce the following constraints:
|
|
@@ -38,6 +40,43 @@ export class ConfigUtils {
|
|
|
38
40
|
}
|
|
39
41
|
}
|
|
40
42
|
}
|
|
43
|
+
// The Wallet Gateway can accept adminAuth secrets from environment variables.
|
|
44
|
+
// However, the store expects strings. This function resolves the config from env vars
|
|
45
|
+
function resolveRawNetworkAuth(n) {
|
|
46
|
+
if (n.method === 'authorization_code') {
|
|
47
|
+
return n;
|
|
48
|
+
}
|
|
49
|
+
if ('clientSecret' in n) {
|
|
50
|
+
return n;
|
|
51
|
+
}
|
|
52
|
+
else {
|
|
53
|
+
const { clientSecretEnv, ...rest } = n;
|
|
54
|
+
const clientSecret = Env.get(clientSecretEnv, { required: true });
|
|
55
|
+
return {
|
|
56
|
+
...rest,
|
|
57
|
+
clientSecret,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
}
|
|
61
|
+
function resolveRawConfig(rawConfig) {
|
|
62
|
+
const rawNetworks = rawConfig.bootstrap.networks;
|
|
63
|
+
const networks = rawNetworks.map((n) => {
|
|
64
|
+
return {
|
|
65
|
+
...n,
|
|
66
|
+
auth: resolveRawNetworkAuth(n.auth),
|
|
67
|
+
adminAuth: n.adminAuth
|
|
68
|
+
? resolveRawNetworkAuth(n.adminAuth)
|
|
69
|
+
: undefined,
|
|
70
|
+
};
|
|
71
|
+
});
|
|
72
|
+
return {
|
|
73
|
+
...rawConfig,
|
|
74
|
+
bootstrap: {
|
|
75
|
+
...rawConfig.bootstrap,
|
|
76
|
+
networks,
|
|
77
|
+
},
|
|
78
|
+
};
|
|
79
|
+
}
|
|
41
80
|
function hasDuplicateElement(list) {
|
|
42
81
|
let duplicate;
|
|
43
82
|
list.forEach((item, i) => {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/dapp-api/controller.ts"],"names":[],"mappings":"AAGA,OAAO,EAEH,WAAW,EAEd,MAAM,kCAAkC,CAAA;
|
|
1
|
+
{"version":3,"file":"controller.d.ts","sourceRoot":"","sources":["../../src/dapp-api/controller.ts"],"names":[],"mappings":"AAGA,OAAO,EAEH,WAAW,EAEd,MAAM,kCAAkC,CAAA;AAYzC,OAAO,EAAE,KAAK,EAAe,MAAM,mCAAmC,CAAA;AAQtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,wCAAwC,CAAA;AAC5E,OAAO,EAAE,UAAU,IAAI,gBAAgB,EAAE,MAAM,qBAAqB,CAAA;AACpE,OAAO,EAAE,MAAM,EAAE,MAAM,MAAM,CAAA;AAI7B,eAAO,MAAM,cAAc,GACvB,YAAY,gBAAgB,EAC5B,SAAS,MAAM,EACf,SAAS,MAAM,EACf,OAAO,KAAK,EACZ,qBAAqB,mBAAmB,EACxC,SAAS,MAAM,EACf,QAAQ,MAAM,GAAG,IAAI,EACrB,UAAU,WAAW;;;;;;;;;;;;;;CAoRxB,CAAA"}
|
|
@@ -89,20 +89,16 @@ export const dappController = (kernelInfo, dappUrl, userUrl, store, notification
|
|
|
89
89
|
});
|
|
90
90
|
let result;
|
|
91
91
|
switch (params.requestMethod) {
|
|
92
|
-
case '
|
|
93
|
-
result = await ledgerClient.getWithRetry(params.resource);
|
|
92
|
+
case 'get':
|
|
93
|
+
result = await ledgerClient.getWithRetry(params.resource, undefined, { path: params.path ?? {}, query: params.query ?? {} });
|
|
94
94
|
break;
|
|
95
|
-
case '
|
|
96
|
-
result = await ledgerClient.postWithRetry(params.resource, params.body
|
|
97
|
-
? JSON.parse(params.body)
|
|
98
|
-
: undefined);
|
|
95
|
+
case 'post':
|
|
96
|
+
result = await ledgerClient.postWithRetry(params.resource, params.body, undefined, { query: params.query ?? {}, path: params.path ?? {} });
|
|
99
97
|
break;
|
|
100
98
|
default:
|
|
101
99
|
throw new Error(`Unsupported request method: ${params.requestMethod}`);
|
|
102
100
|
}
|
|
103
|
-
return
|
|
104
|
-
response: JSON.stringify(result),
|
|
105
|
-
};
|
|
101
|
+
return result;
|
|
106
102
|
},
|
|
107
103
|
prepareExecute: async (params) => {
|
|
108
104
|
const wallet = await store.getPrimaryWallet();
|
|
@@ -126,10 +122,6 @@ export const dappController = (kernelInfo, dappUrl, userUrl, store, notification
|
|
|
126
122
|
const synchronizerId = network.synchronizerId ??
|
|
127
123
|
(await ledgerClient.getSynchronizerId());
|
|
128
124
|
const response = await prepareSubmission(context.userId, wallet.partyId, synchronizerId, params, ledgerClient);
|
|
129
|
-
//TODO: remove and handle normally when v3_3 is not supported anymore
|
|
130
|
-
const costEstimation = 'costEstimation' in response
|
|
131
|
-
? response.costEstimation
|
|
132
|
-
: undefined;
|
|
133
125
|
const transaction = {
|
|
134
126
|
commandId,
|
|
135
127
|
status: 'pending',
|
|
@@ -145,7 +137,8 @@ export const dappController = (kernelInfo, dappUrl, userUrl, store, notification
|
|
|
145
137
|
userId: context.userId,
|
|
146
138
|
commandId,
|
|
147
139
|
commands: params.commands?.[0],
|
|
148
|
-
confirmationRequestTrafficCostEstimation: costEstimation
|
|
140
|
+
confirmationRequestTrafficCostEstimation: response.costEstimation
|
|
141
|
+
?.confirmationRequestTrafficCostEstimation,
|
|
149
142
|
}, 'prepared transaction traffic estimation');
|
|
150
143
|
store.setTransaction(transaction);
|
|
151
144
|
return {
|
|
@@ -84,9 +84,27 @@ export type PackageIdSelectionPreference = PackageId[];
|
|
|
84
84
|
*
|
|
85
85
|
*/
|
|
86
86
|
export type Message = string;
|
|
87
|
-
export type RequestMethod = '
|
|
87
|
+
export type RequestMethod = 'get' | 'post' | 'patch' | 'put' | 'delete';
|
|
88
88
|
export type Resource = string;
|
|
89
|
-
export
|
|
89
|
+
export interface Body {
|
|
90
|
+
[key: string]: any;
|
|
91
|
+
}
|
|
92
|
+
/**
|
|
93
|
+
*
|
|
94
|
+
* Query parameters as key-value pairs.
|
|
95
|
+
*
|
|
96
|
+
*/
|
|
97
|
+
export interface Query {
|
|
98
|
+
[key: string]: any;
|
|
99
|
+
}
|
|
100
|
+
/**
|
|
101
|
+
*
|
|
102
|
+
* Path parameters as key-value pairs.
|
|
103
|
+
*
|
|
104
|
+
*/
|
|
105
|
+
export interface Path {
|
|
106
|
+
[key: string]: any;
|
|
107
|
+
}
|
|
90
108
|
/**
|
|
91
109
|
*
|
|
92
110
|
* The unique identifier of the Provider.
|
|
@@ -209,7 +227,6 @@ export interface Session {
|
|
|
209
227
|
*
|
|
210
228
|
*/
|
|
211
229
|
export type Signature = string;
|
|
212
|
-
export type Response = string;
|
|
213
230
|
/**
|
|
214
231
|
*
|
|
215
232
|
* Set as primary wallet for dApp usage.
|
|
@@ -288,7 +305,15 @@ export interface Wallet {
|
|
|
288
305
|
topologyTransactions?: TopologyTransactions;
|
|
289
306
|
disabled?: Disabled;
|
|
290
307
|
reason?: Reason;
|
|
308
|
+
rights: Rights;
|
|
291
309
|
}
|
|
310
|
+
export type PartyLevelRight = any;
|
|
311
|
+
/**
|
|
312
|
+
*
|
|
313
|
+
* The rights of the wallet.
|
|
314
|
+
*
|
|
315
|
+
*/
|
|
316
|
+
export type Rights = PartyLevelRight[];
|
|
292
317
|
/**
|
|
293
318
|
*
|
|
294
319
|
* The status of the transaction.
|
|
@@ -414,6 +439,8 @@ export interface LedgerApiParams {
|
|
|
414
439
|
requestMethod: RequestMethod;
|
|
415
440
|
resource: Resource;
|
|
416
441
|
body?: Body;
|
|
442
|
+
query?: Query;
|
|
443
|
+
path?: Path;
|
|
417
444
|
}
|
|
418
445
|
export interface StatusEvent {
|
|
419
446
|
provider: Provider;
|
|
@@ -440,11 +467,11 @@ export interface SignMessageResult {
|
|
|
440
467
|
}
|
|
441
468
|
/**
|
|
442
469
|
*
|
|
443
|
-
* Ledger Api
|
|
470
|
+
* Ledger Api response
|
|
444
471
|
*
|
|
445
472
|
*/
|
|
446
473
|
export interface LedgerApiResult {
|
|
447
|
-
|
|
474
|
+
[key: string]: any;
|
|
448
475
|
}
|
|
449
476
|
/**
|
|
450
477
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"typings.d.ts","sourceRoot":"","sources":["../../../src/dapp-api/rpc-gen/typings.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAE9B;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAA;AAC1B;;;;GAIG;AACH,MAAM,MAAM,KAAK,GAAG,KAAK,EAAE,CAAA;AAC3B;;;;GAIG;AACH,MAAM,MAAM,MAAM,GAAG,KAAK,EAAE,CAAA;AAC5B;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAA;AAC/B;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAA;AAC/B;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAA;AACrC;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,MAAM,CAAA;AACnC;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,cAAc,CAAC,EAAE,cAAc,CAAA;CAClC;AACD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,EAAE,CAAA;AACpD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GAAG,SAAS,EAAE,CAAA;AACtD;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAA;AAC5B,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,QAAQ,CAAA;
|
|
1
|
+
{"version":3,"file":"typings.d.ts","sourceRoot":"","sources":["../../../src/dapp-api/rpc-gen/typings.ts"],"names":[],"mappings":"AAMA;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAE9B;;;;GAIG;AACH,MAAM,WAAW,UAAU;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,MAAM,KAAK,GAAG,MAAM,CAAA;AAC1B;;;;GAIG;AACH,MAAM,MAAM,KAAK,GAAG,KAAK,EAAE,CAAA;AAC3B;;;;GAIG;AACH,MAAM,MAAM,MAAM,GAAG,KAAK,EAAE,CAAA;AAC5B;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAA;AAC/B;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAA;AAC/B;;;;GAIG;AACH,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAA;AACrC;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,MAAM,CAAA;AACnC;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,UAAU,CAAC,EAAE,UAAU,CAAA;IACvB,gBAAgB,EAAE,gBAAgB,CAAA;IAClC,cAAc,CAAC,EAAE,cAAc,CAAA;CAClC;AACD;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,iBAAiB,EAAE,CAAA;AACpD,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,4BAA4B,GAAG,SAAS,EAAE,CAAA;AACtD;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAA;AAC5B,MAAM,MAAM,aAAa,GAAG,KAAK,GAAG,MAAM,GAAG,OAAO,GAAG,KAAK,GAAG,QAAQ,CAAA;AACvE,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAA;AAC7B,MAAM,WAAW,IAAI;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,WAAW,KAAK;IAClB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,WAAW,IAAI;IACjB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,MAAM,UAAU,GAAG,MAAM,CAAA;AAC/B;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAA;AAC5B;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAA;AACtE;;;;GAIG;AACH,MAAM,MAAM,GAAG,GAAG,MAAM,CAAA;AACxB;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAA;AAC5B;;;;GAIG;AACH,MAAM,WAAW,QAAQ;IACrB,EAAE,EAAE,UAAU,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,GAAG,CAAC,EAAE,GAAG,CAAA;IACT,OAAO,CAAC,EAAE,OAAO,CAAA;CACpB;AACD;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG,OAAO,CAAA;AACjC;;;;GAIG;AACH,MAAM,MAAM,MAAM,GAAG,MAAM,CAAA;AAC3B;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,OAAO,CAAA;AACxC;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,MAAM,CAAA;AAClC,MAAM,WAAW,aAAa;IAC1B,WAAW,EAAE,WAAW,CAAA;IACxB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,kBAAkB,EAAE,kBAAkB,CAAA;IACtC,aAAa,CAAC,EAAE,aAAa,CAAA;IAC7B,OAAO,CAAC,EAAE,OAAO,CAAA;CACpB;AACD;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAA;AACjC;;;;GAIG;AACH,MAAM,MAAM,WAAW,GAAG,MAAM,CAAA;AAChC;;;;GAIG;AACH,MAAM,WAAW,OAAO;IACpB,SAAS,EAAE,SAAS,CAAA;IACpB,SAAS,CAAC,EAAE,YAAY,CAAA;IACxB,WAAW,CAAC,EAAE,WAAW,CAAA;CAC5B;AACD;;;;GAIG;AACH,MAAM,MAAM,MAAM,GAAG,MAAM,CAAA;AAC3B;;;;GAIG;AACH,MAAM,WAAW,OAAO;IACpB,WAAW,EAAE,WAAW,CAAA;IACxB,MAAM,EAAE,MAAM,CAAA;CACjB;AACD;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,OAAO,CAAA;AAC7B;;;;GAIG;AACH,MAAM,MAAM,OAAO,GAAG,MAAM,CAAA;AAC5B;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,aAAa,GAAG,WAAW,GAAG,SAAS,CAAA;AAClE;;;;GAIG;AACH,MAAM,MAAM,IAAI,GAAG,MAAM,CAAA;AACzB;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,SAAS,GAAG,MAAM,CAAA;AAC9B;;;;GAIG;AACH,MAAM,MAAM,iBAAiB,GAAG,MAAM,CAAA;AACtC;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,MAAM,CAAA;AACjC;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,CAAA;AACzC;;;;GAIG;AACH,MAAM,MAAM,QAAQ,GAAG,OAAO,CAAA;AAC9B;;;;GAIG;AACH,MAAM,WAAW,MAAM;IACnB,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;IAChB,MAAM,EAAE,YAAY,CAAA;IACpB,IAAI,EAAE,IAAI,CAAA;IACV,SAAS,EAAE,SAAS,CAAA;IACpB,SAAS,EAAE,SAAS,CAAA;IACpB,SAAS,EAAE,SAAS,CAAA;IACpB,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,YAAY,CAAC,EAAE,YAAY,CAAA;IAC3B,oBAAoB,CAAC,EAAE,oBAAoB,CAAA;IAC3C,QAAQ,CAAC,EAAE,QAAQ,CAAA;IACnB,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;CACjB;AACD,MAAM,MAAM,eAAe,GAAG,GAAG,CAAA;AACjC;;;;GAIG;AACH,MAAM,MAAM,MAAM,GAAG,eAAe,EAAE,CAAA;AACtC;;;;GAIG;AACH,MAAM,MAAM,aAAa,GAAG,SAAS,CAAA;AACrC;;;;GAIG;AACH,MAAM,WAAW,qBAAqB;IAClC,MAAM,EAAE,aAAa,CAAA;IACrB,SAAS,EAAE,SAAS,CAAA;CACvB;AACD;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAA;AACnC;;;;GAIG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAA;AAC7B;;;;GAIG;AACH,MAAM,WAAW,sBAAsB;IACnC,SAAS,EAAE,SAAS,CAAA;IACpB,QAAQ,EAAE,QAAQ,CAAA;IAClB,KAAK,EAAE,KAAK,CAAA;CACf;AACD;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACjC,MAAM,EAAE,YAAY,CAAA;IACpB,SAAS,EAAE,SAAS,CAAA;IACpB,OAAO,EAAE,sBAAsB,CAAA;CAClC;AACD;;;;GAIG;AACH,MAAM,MAAM,cAAc,GAAG,UAAU,CAAA;AACvC;;;;GAIG;AACH,MAAM,MAAM,QAAQ,GAAG,MAAM,CAAA;AAC7B,MAAM,MAAM,gBAAgB,GAAG,MAAM,CAAA;AACrC;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACrC,QAAQ,EAAE,QAAQ,CAAA;IAClB,gBAAgB,EAAE,gBAAgB,CAAA;CACrC;AACD;;;;GAIG;AACH,MAAM,WAAW,sBAAsB;IACnC,MAAM,EAAE,cAAc,CAAA;IACtB,SAAS,EAAE,SAAS,CAAA;IACpB,OAAO,EAAE,wBAAwB,CAAA;CACpC;AACD;;;;GAIG;AACH,MAAM,MAAM,YAAY,GAAG,QAAQ,CAAA;AACnC;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACjC,MAAM,EAAE,YAAY,CAAA;IACpB,SAAS,EAAE,SAAS,CAAA;CACvB;AACD;;;;GAIG;AACH,MAAM,WAAW,oBAAoB;IACjC,SAAS,CAAC,EAAE,SAAS,CAAA;IACrB,QAAQ,EAAE,UAAU,CAAA;IACpB,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,kBAAkB,CAAC,EAAE,kBAAkB,CAAA;IACvC,cAAc,CAAC,EAAE,cAAc,CAAA;IAC/B,4BAA4B,CAAC,EAAE,4BAA4B,CAAA;CAC9D;AACD;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B,OAAO,EAAE,OAAO,CAAA;CACnB;AACD;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B,aAAa,EAAE,aAAa,CAAA;IAC5B,QAAQ,EAAE,QAAQ,CAAA;IAClB,IAAI,CAAC,EAAE,IAAI,CAAA;IACX,KAAK,CAAC,EAAE,KAAK,CAAA;IACb,IAAI,CAAC,EAAE,IAAI,CAAA;CACd;AACD,MAAM,WAAW,WAAW;IACxB,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,aAAa,CAAA;IACzB,OAAO,CAAC,EAAE,OAAO,CAAA;IACjB,OAAO,CAAC,EAAE,OAAO,CAAA;CACpB;AACD;;;;GAIG;AACH,MAAM,MAAM,IAAI,GAAG,IAAI,CAAA;AACvB,MAAM,WAAW,oBAAoB;IACjC,OAAO,EAAE,OAAO,CAAA;CACnB;AACD;;;;GAIG;AACH,MAAM,WAAW,iBAAiB;IAC9B,SAAS,EAAE,SAAS,CAAA;CACvB;AACD;;;;GAIG;AACH,MAAM,WAAW,eAAe;IAC5B,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAA;CACrB;AACD;;;;GAIG;AACH,MAAM,MAAM,oBAAoB,GAAG,MAAM,EAAE,CAAA;AAC3C;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,EAAE,CAAA;AACzC;;;;GAIG;AACH,MAAM,MAAM,cAAc,GACpB,qBAAqB,GACrB,oBAAoB,GACpB,sBAAsB,GACtB,oBAAoB,CAAA;AAC1B;;;;GAIG;AAEH,MAAM,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAA;AAC/C,MAAM,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,CAAC,CAAA;AAClD,MAAM,MAAM,UAAU,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAA;AAC5C,MAAM,MAAM,gBAAgB,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;AACrD,MAAM,MAAM,cAAc,GAAG,CACzB,MAAM,EAAE,oBAAoB,KAC3B,OAAO,CAAC,oBAAoB,CAAC,CAAA;AAClC,MAAM,MAAM,WAAW,GAAG,CACtB,MAAM,EAAE,iBAAiB,KACxB,OAAO,CAAC,iBAAiB,CAAC,CAAA;AAC/B,MAAM,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,eAAe,KAAK,OAAO,CAAC,eAAe,CAAC,CAAA;AAC7E,MAAM,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAA;AAClD,MAAM,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,CAAA;AACxD,MAAM,MAAM,eAAe,GAAG,MAAM,OAAO,CAAC,oBAAoB,CAAC,CAAA;AACjE,MAAM,MAAM,iBAAiB,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,CAAA;AACrD,MAAM,MAAM,YAAY,GAAG,MAAM,OAAO,CAAC,kBAAkB,CAAC,CAAA;AAC5D,MAAM,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,CAAA"}
|
package/dist/env.d.ts
ADDED
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
export declare class Env {
|
|
2
|
+
static FIREBLOCKS_API_KEY: () => string | undefined;
|
|
3
|
+
static FIREBLOCKS_SECRET: () => string | undefined;
|
|
4
|
+
static BLOCKDAEMON_API_URL: (fallback: string) => string;
|
|
5
|
+
static BLOCKDAEMON_API_KEY: (fallback: string) => string;
|
|
6
|
+
static get(key: string, options: {
|
|
7
|
+
required?: boolean;
|
|
8
|
+
fallback: string;
|
|
9
|
+
}): string;
|
|
10
|
+
static get(key: string, options: {
|
|
11
|
+
required: true;
|
|
12
|
+
fallback?: string;
|
|
13
|
+
}): string;
|
|
14
|
+
static get(key: string, options?: {
|
|
15
|
+
required?: boolean;
|
|
16
|
+
fallback?: string;
|
|
17
|
+
} | undefined): string | undefined;
|
|
18
|
+
}
|
|
19
|
+
//# sourceMappingURL=env.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"env.d.ts","sourceRoot":"","sources":["../src/env.ts"],"names":[],"mappings":"AAGA,qBAAa,GAAG;IACZ,MAAM,CAAC,kBAAkB,2BAAsC;IAC/D,MAAM,CAAC,iBAAiB,2BAAqC;IAC7D,MAAM,CAAC,mBAAmB,GAAI,UAAU,MAAM,YACE;IAChD,MAAM,CAAC,mBAAmB,GAAI,UAAU,MAAM,YACE;IAEhD,MAAM,CAAC,GAAG,CACN,GAAG,EAAE,MAAM,EACX,OAAO,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE,GAClD,MAAM;IACT,MAAM,CAAC,GAAG,CACN,GAAG,EAAE,MAAM,EACX,OAAO,EAAE;QAAE,QAAQ,EAAE,IAAI,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAC/C,MAAM;IACT,MAAM,CAAC,GAAG,CACN,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,OAAO,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,GAChE,MAAM,GAAG,SAAS;CAcxB"}
|
package/dist/env.js
ADDED
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
// Copyright (c) 2025-2026 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
2
|
+
// SPDX-License-Identifier: Apache-2.0
|
|
3
|
+
export class Env {
|
|
4
|
+
static { this.FIREBLOCKS_API_KEY = () => Env.get('FIREBLOCKS_API_KEY'); }
|
|
5
|
+
static { this.FIREBLOCKS_SECRET = () => Env.get('FIREBLOCKS_SECRET'); }
|
|
6
|
+
static { this.BLOCKDAEMON_API_URL = (fallback) => Env.get('BLOCKDAEMON_API_URL', { fallback }); }
|
|
7
|
+
static { this.BLOCKDAEMON_API_KEY = (fallback) => Env.get('BLOCKDAEMON_API_KEY', { fallback }); }
|
|
8
|
+
static get(key, options) {
|
|
9
|
+
const { fallback, required } = options || {};
|
|
10
|
+
const value = process.env[key]?.trim() || fallback?.trim();
|
|
11
|
+
if (required && !value) {
|
|
12
|
+
throw new Error(`Required environment variable (${key}) missing.`);
|
|
13
|
+
}
|
|
14
|
+
return value;
|
|
15
|
+
}
|
|
16
|
+
}
|
package/dist/example-config.d.ts
CHANGED
|
@@ -56,6 +56,7 @@ declare const _default: {
|
|
|
56
56
|
audience: string;
|
|
57
57
|
clientId: string;
|
|
58
58
|
clientSecret: string;
|
|
59
|
+
clientSecretEnv?: never;
|
|
59
60
|
};
|
|
60
61
|
ledgerApi: {
|
|
61
62
|
baseUrl: string;
|
|
@@ -78,8 +79,9 @@ declare const _default: {
|
|
|
78
79
|
scope: string;
|
|
79
80
|
audience: string;
|
|
80
81
|
clientId: string;
|
|
81
|
-
|
|
82
|
+
clientSecretEnv: string;
|
|
82
83
|
issuer?: never;
|
|
84
|
+
clientSecret?: never;
|
|
83
85
|
};
|
|
84
86
|
ledgerApi: {
|
|
85
87
|
baseUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"example-config.d.ts","sourceRoot":"","sources":["../src/example-config.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"example-config.d.ts","sourceRoot":"","sources":["../src/example-config.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,wBA6FqB"}
|
package/dist/example-config.js
CHANGED
|
@@ -50,7 +50,7 @@ export default {
|
|
|
50
50
|
method: 'self_signed',
|
|
51
51
|
issuer: 'self-signed',
|
|
52
52
|
audience: '<REPLACE_PARTICIPANT_AUDIENCE>',
|
|
53
|
-
scope: 'openid daml_ledger_api offline_access',
|
|
53
|
+
scope: 'openid email daml_ledger_api offline_access',
|
|
54
54
|
clientId: '<REPLACE_CLIENT_ID>',
|
|
55
55
|
clientSecret: 'unsafe',
|
|
56
56
|
},
|
|
@@ -74,7 +74,7 @@ export default {
|
|
|
74
74
|
auth: {
|
|
75
75
|
method: 'authorization_code',
|
|
76
76
|
clientId: '<REPLACE_USER_CLIENT_ID>',
|
|
77
|
-
scope: 'openid daml_ledger_api offline_access',
|
|
77
|
+
scope: 'openid email daml_ledger_api offline_access',
|
|
78
78
|
audience: '<REPLACE_PARTICIPANT_AUDIENCE>',
|
|
79
79
|
},
|
|
80
80
|
adminAuth: {
|
|
@@ -82,7 +82,7 @@ export default {
|
|
|
82
82
|
scope: 'daml_ledger_api',
|
|
83
83
|
audience: '<REPLACE_PARTICIPANT_AUDIENCE>',
|
|
84
84
|
clientId: '<REPLACE_ADMIN_CLIENT_ID>',
|
|
85
|
-
|
|
85
|
+
clientSecretEnv: 'MY_CLIENT_SECRET_ENV_VAR',
|
|
86
86
|
},
|
|
87
87
|
ledgerApi: {
|
|
88
88
|
baseUrl: 'http://127.0.0.1:2975',
|
package/dist/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAiEA,QAAA,MAAM,OAAO;;;;;;CAAiB,CAAA;AAE9B,MAAM,MAAM,UAAU,GAAG,OAAO,OAAO,CAAA"}
|