@dainprotocol/service-sdk 2.0.2 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/dist/client/service-auth.d.ts +61 -0
  2. package/dist/client/service-auth.js +93 -0
  3. package/dist/client/service-auth.js.map +1 -0
  4. package/dist/client/user-auth.d.ts +74 -0
  5. package/dist/client/user-auth.js +137 -0
  6. package/dist/client/user-auth.js.map +1 -0
  7. package/dist/service/auth.js +59 -20
  8. package/dist/service/auth.js.map +1 -1
  9. package/dist/service/index.d.ts +3 -1
  10. package/dist/service/index.js +7 -1
  11. package/dist/service/index.js.map +1 -1
  12. package/dist/service/server.d.ts +13 -0
  13. package/dist/service/server.js +38 -7
  14. package/dist/service/server.js.map +1 -1
  15. package/package.json +1 -1
  16. package/dist/__tests__/oauth-context-simple.test.d.ts +0 -1
  17. package/dist/__tests__/oauth-context-simple.test.js +0 -90
  18. package/dist/__tests__/oauth-context-simple.test.js.map +0 -1
  19. package/dist/__tests__/oauth-context.test.d.ts +0 -1
  20. package/dist/__tests__/oauth-context.test.js +0 -282
  21. package/dist/__tests__/oauth-context.test.js.map +0 -1
  22. package/dist/__tests__/oauth2-client-context.test.d.ts +0 -1
  23. package/dist/__tests__/oauth2-client-context.test.js +0 -165
  24. package/dist/__tests__/oauth2-client-context.test.js.map +0 -1
  25. package/dist/__tests__/oauth2-client-simple.test.d.ts +0 -1
  26. package/dist/__tests__/oauth2-client-simple.test.js +0 -144
  27. package/dist/__tests__/oauth2-client-simple.test.js.map +0 -1
package/dist/client/service-auth.d.ts ADDED
@@ -0,0 +1,61 @@
1
+ /**
2
+ * Service/Agent Authentication - Legacy Keypair-based
3
+ *
4
+ * This class is for SERVICE and AGENT authentication using legacy keypair-based signatures.
5
+ * End users should NOT use this class - they must use DainUserAuth with JWT tokens.
6
+ */
7
+ import { DainClientAuth } from './client-auth';
8
+ export interface DainServiceAuthConfig {
9
+ /** Service API key (format: sk_agent_org_<orgId>_<agentId>_<keypair>) */
10
+ apiKey?: string;
11
+ /** OR provide individual components: */
12
+ /** Base58-encoded Ed25519 private key */
13
+ privateKeyBase58?: string;
14
+ /** Agent ID */
15
+ agentId?: string;
16
+ /** Organization ID */
17
+ orgId?: string;
18
+ /** Smart Account PDA on Solana (optional) */
19
+ smartAccountPDA?: string;
20
+ /** Webhook URL for async operations (optional) */
21
+ webhookUrl?: string;
22
+ }
23
+ /**
24
+ * DainServiceAuth - Legacy keypair-based authentication for services and agents
25
+ *
26
+ * @example
27
+ * ```typescript
28
+ * // Authenticate as a service with API key
29
+ * const serviceAuth = new DainServiceAuth({
30
+ * apiKey: "sk_agent_org_123_agent_456_<base58key>"
31
+ * });
32
+ *
33
+ * // OR with individual components
34
+ * const serviceAuth = new DainServiceAuth({
35
+ * privateKeyBase58: "49bhyNKM...",
36
+ * agentId: "agent_456",
37
+ * orgId: "org_123"
38
+ * });
39
+ * ```
40
+ */
41
+ export declare class DainServiceAuth extends DainClientAuth {
42
+ constructor(config: DainServiceAuthConfig);
43
+ /**
44
+ * Get the service's agent ID
45
+ */
46
+ getServiceAgentId(): string;
47
+ /**
48
+ * Get the service's organization ID
49
+ */
50
+ getServiceOrgId(): string;
51
+ /**
52
+ * Override to prevent JWT methods
53
+ * @deprecated Not supported for service authentication
54
+ */
55
+ getSmartAccountId(): never;
56
+ /**
57
+ * Override to prevent JWT methods
58
+ * @deprecated Not supported for service authentication
59
+ */
60
+ getJWT(): never;
61
+ }
package/dist/client/service-auth.js ADDED
@@ -0,0 +1,93 @@
1
+ "use strict";
2
+ //File: src/client/service-auth.ts
3
+ /**
4
+ * Service/Agent Authentication - Legacy Keypair-based
5
+ *
6
+ * This class is for SERVICE and AGENT authentication using legacy keypair-based signatures.
7
+ * End users should NOT use this class - they must use DainUserAuth with JWT tokens.
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.DainServiceAuth = void 0;
11
+ const client_auth_1 = require("./client-auth");
12
+ /**
13
+ * DainServiceAuth - Legacy keypair-based authentication for services and agents
14
+ *
15
+ * @example
16
+ * ```typescript
17
+ * // Authenticate as a service with API key
18
+ * const serviceAuth = new DainServiceAuth({
19
+ * apiKey: "sk_agent_org_123_agent_456_<base58key>"
20
+ * });
21
+ *
22
+ * // OR with individual components
23
+ * const serviceAuth = new DainServiceAuth({
24
+ * privateKeyBase58: "49bhyNKM...",
25
+ * agentId: "agent_456",
26
+ * orgId: "org_123"
27
+ * });
28
+ * ```
29
+ */
30
+ class DainServiceAuth extends client_auth_1.DainClientAuth {
31
+ constructor(config) {
32
+ if (!config.apiKey && !(config.privateKeyBase58 && config.agentId && config.orgId)) {
33
+ throw new Error('Invalid service authentication configuration.\n' +
34
+ 'Provide either:\n' +
35
+ ' - apiKey: "sk_agent_org_<orgId>_<agentId>_<keypair>"\n' +
36
+ ' OR\n' +
37
+ ' - privateKeyBase58, agentId, and orgId\n\n' +
38
+ 'Note: This is for SERVICES and AGENTS only.\n' +
39
+ 'If you are authenticating as a user, use DainUserAuth with a JWT token instead.');
40
+ }
41
+ // Call parent with legacy auth config
42
+ super({
43
+ apiKey: config.apiKey,
44
+ privateKeyBase58: config.privateKeyBase58,
45
+ agentId: config.agentId,
46
+ orgId: config.orgId,
47
+ smartAccountPDA: config.smartAccountPDA,
48
+ webhookUrl: config.webhookUrl,
49
+ });
50
+ // Verify auth method is legacy
51
+ if (this.getAuthMethod() !== 'legacy') {
52
+ throw new Error('DainServiceAuth must use legacy authentication');
53
+ }
54
+ }
55
+ /**
56
+ * Get the service's agent ID
57
+ */
58
+ getServiceAgentId() {
59
+ const agentId = this.getAgentId();
60
+ if (!agentId) {
61
+ throw new Error('Agent ID not available');
62
+ }
63
+ return agentId;
64
+ }
65
+ /**
66
+ * Get the service's organization ID
67
+ */
68
+ getServiceOrgId() {
69
+ const orgId = this.getOrgId();
70
+ if (!orgId) {
71
+ throw new Error('Organization ID not available');
72
+ }
73
+ return orgId;
74
+ }
75
+ /**
76
+ * Override to prevent JWT methods
77
+ * @deprecated Not supported for service authentication
78
+ */
79
+ getSmartAccountId() {
80
+ throw new Error('getSmartAccountId() is not supported for service authentication.\n' +
81
+ 'Use getServiceAgentId() instead.');
82
+ }
83
+ /**
84
+ * Override to prevent JWT methods
85
+ * @deprecated Not supported for service authentication
86
+ */
87
+ getJWT() {
88
+ throw new Error('getJWT() is not supported for service authentication.\n' +
89
+ 'Services use keypair-based authentication, not JWT.');
90
+ }
91
+ }
92
+ exports.DainServiceAuth = DainServiceAuth;
93
+ //# sourceMappingURL=service-auth.js.map
package/dist/client/service-auth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"service-auth.js","sourceRoot":"","sources":["../../src/client/service-auth.ts"],"names":[],"mappings":";AAAA,kCAAkC;AAClC;;;;;GAKG;;;AAEH,+CAA+C;AAqB/C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAa,eAAgB,SAAQ,4BAAc;IACjD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,MAAM,CAAC,gBAAgB,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;YACnF,MAAM,IAAI,KAAK,CACb,iDAAiD;gBACjD,mBAAmB;gBACnB,0DAA0D;gBAC1D,QAAQ;gBACR,8CAA8C;gBAC9C,+CAA+C;gBAC/C,iFAAiF,CAClF,CAAC;QACJ,CAAC;QAED,sCAAsC;QACtC,KAAK,CAAC;YACJ,MAAM,EAAE,MAAM,CAAC,MAAM;YACrB,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;YACzC,OAAO,EAAE,MAAM,CAAC,OAAO;YACvB,KAAK,EAAE,MAAM,CAAC,KAAK;YACnB,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,UAAU,EAAE,MAAM,CAAC,UAAU;SAC9B,CAAC,CAAC;QAEH,+BAA+B;QAC/B,IAAI,IAAI,CAAC,aAAa,EAAE,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,MAAM,OAAO,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAClC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,eAAe;QACb,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;QAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED;;;OAGG;IACH,iBAAiB;QACf,MAAM,IAAI,KAAK,CACb,oEAAoE;YACpE,kCAAkC,CACnC,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM;QACJ,MAAM,IAAI,KAAK,CACb,yDAAyD;YACzD,qDAAqD,CACtD,CAAC;IACJ,CAAC;CACF;AAzED,0CAyEC"}
package/dist/client/user-auth.d.ts ADDED
@@ -0,0 +1,74 @@
1
+ /**
2
+ * User Authentication - JWT ONLY
3
+ *
4
+ * Users authenticate with JWT tokens from DAIN ID OAuth.
5
+ * NO orgId, NO agentId, NO keypair - completely removed for users.
6
+ */
7
+ export interface DainUserAuthConfig {
8
+ /** JWT access token from DAIN ID OAuth */
9
+ jwt: string;
10
+ /** Smart Account ID (optional, will be extracted from JWT if not provided) */
11
+ smartAccountId?: string;
12
+ /** Smart Account PDA on Solana (optional) */
13
+ smartAccountPDA?: string;
14
+ /** Webhook URL for async operations (optional) */
15
+ webhookUrl?: string;
16
+ }
17
+ /**
18
+ * DainUserAuth - JWT-only authentication for end users
19
+ *
20
+ * Users have:
21
+ * - JWT token (for authentication)
22
+ * - Smart Account ID (their unique identifier)
23
+ * - NO orgId, NO agentId, NO keypair
24
+ */
25
+ export declare class DainUserAuth {
26
+ private jwt;
27
+ private smartAccountId;
28
+ private smartAccountPDA?;
29
+ private webhookUrl?;
30
+ constructor(config: DainUserAuthConfig);
31
+ /**
32
+ * Decode JWT payload (without verification)
33
+ */
34
+ private decodeJWTPayload;
35
+ /**
36
+ * Sign request - NOT NEEDED for JWT, returns empty
37
+ */
38
+ signRequest(_method: string, _path: string, _body: string): Promise<{
39
+ signature: string;
40
+ timestamp: string;
41
+ }>;
42
+ /**
43
+ * Get headers for HTTP requests
44
+ */
45
+ getHeaders(_signature: string, _timestamp: string): Record<string, string>;
46
+ /**
47
+ * Get the user's smart account ID
48
+ */
49
+ getSmartAccountId(): string;
50
+ /**
51
+ * Get JWT token
52
+ */
53
+ getJWT(): string;
54
+ /**
55
+ * Get smart account PDA
56
+ */
57
+ getSmartAccountPDA(): string | undefined;
58
+ /**
59
+ * Get webhook URL
60
+ */
61
+ getWebhookUrl(): string | undefined;
62
+ /**
63
+ * Check if using JWT authentication (always true for users)
64
+ */
65
+ isJWT(): boolean;
66
+ /**
67
+ * Serialize user auth
68
+ */
69
+ serialize(): string;
70
+ /**
71
+ * Deserialize user auth
72
+ */
73
+ static deserialize(serialized: string): DainUserAuth;
74
+ }
package/dist/client/user-auth.js ADDED
@@ -0,0 +1,137 @@
1
+ "use strict";
2
+ //File: src/client/user-auth.ts
3
+ /**
4
+ * User Authentication - JWT ONLY
5
+ *
6
+ * Users authenticate with JWT tokens from DAIN ID OAuth.
7
+ * NO orgId, NO agentId, NO keypair - completely removed for users.
8
+ */
9
+ Object.defineProperty(exports, "__esModule", { value: true });
10
+ exports.DainUserAuth = void 0;
11
+ /**
12
+ * DainUserAuth - JWT-only authentication for end users
13
+ *
14
+ * Users have:
15
+ * - JWT token (for authentication)
16
+ * - Smart Account ID (their unique identifier)
17
+ * - NO orgId, NO agentId, NO keypair
18
+ */
19
+ class DainUserAuth {
20
+ jwt;
21
+ smartAccountId;
22
+ smartAccountPDA;
23
+ webhookUrl;
24
+ constructor(config) {
25
+ if (!config.jwt) {
26
+ throw new Error('JWT token is required for user authentication');
27
+ }
28
+ this.jwt = config.jwt;
29
+ // Extract smartAccountId from config or decode from JWT
30
+ if (config.smartAccountId) {
31
+ this.smartAccountId = config.smartAccountId;
32
+ }
33
+ else {
34
+ const payload = this.decodeJWTPayload(config.jwt);
35
+ this.smartAccountId = payload.smart_account_id || payload.sub;
36
+ }
37
+ this.smartAccountPDA = config.smartAccountPDA;
38
+ this.webhookUrl = config.webhookUrl;
39
+ }
40
+ /**
41
+ * Decode JWT payload (without verification)
42
+ */
43
+ decodeJWTPayload(jwt) {
44
+ const parts = jwt.split('.');
45
+ if (parts.length !== 3) {
46
+ throw new Error('Invalid JWT format');
47
+ }
48
+ const payload = Buffer.from(parts[1], 'base64').toString('utf-8');
49
+ return JSON.parse(payload);
50
+ }
51
+ /**
52
+ * Sign request - NOT NEEDED for JWT, returns empty
53
+ */
54
+ async signRequest(_method, _path, _body) {
55
+ return { signature: '', timestamp: '' };
56
+ }
57
+ /**
58
+ * Get headers for HTTP requests
59
+ */
60
+ getHeaders(_signature, _timestamp) {
61
+ const headers = {
62
+ "Authorization": `Bearer ${this.jwt}`,
63
+ };
64
+ if (this.smartAccountPDA) {
65
+ headers["X-DAIN-SMART-ACCOUNT-PDA"] = this.smartAccountPDA;
66
+ }
67
+ if (this.webhookUrl) {
68
+ headers["X-DAIN-WEBHOOK-URL"] = this.webhookUrl;
69
+ }
70
+ return headers;
71
+ }
72
+ /**
73
+ * Get the user's smart account ID
74
+ */
75
+ getSmartAccountId() {
76
+ return this.smartAccountId;
77
+ }
78
+ /**
79
+ * Get JWT token
80
+ */
81
+ getJWT() {
82
+ return this.jwt;
83
+ }
84
+ /**
85
+ * Get smart account PDA
86
+ */
87
+ getSmartAccountPDA() {
88
+ return this.smartAccountPDA;
89
+ }
90
+ /**
91
+ * Get webhook URL
92
+ */
93
+ getWebhookUrl() {
94
+ return this.webhookUrl;
95
+ }
96
+ /**
97
+ * Check if using JWT authentication (always true for users)
98
+ */
99
+ isJWT() {
100
+ return true;
101
+ }
102
+ /**
103
+ * Serialize user auth
104
+ */
105
+ serialize() {
106
+ const data = {
107
+ authMethod: 'jwt',
108
+ jwt: this.jwt,
109
+ smartAccountId: this.smartAccountId,
110
+ smartAccountPDA: this.smartAccountPDA,
111
+ webhookUrl: this.webhookUrl
112
+ };
113
+ return Buffer.from(JSON.stringify(data)).toString('base64');
114
+ }
115
+ /**
116
+ * Deserialize user auth
117
+ */
118
+ static deserialize(serialized) {
119
+ try {
120
+ const data = JSON.parse(Buffer.from(serialized, 'base64').toString());
121
+ if (data.authMethod !== 'jwt') {
122
+ throw new Error('Invalid auth method for user');
123
+ }
124
+ return new DainUserAuth({
125
+ jwt: data.jwt,
126
+ smartAccountId: data.smartAccountId,
127
+ smartAccountPDA: data.smartAccountPDA,
128
+ webhookUrl: data.webhookUrl
129
+ });
130
+ }
131
+ catch (error) {
132
+ throw new Error('Failed to deserialize DainUserAuth: ' + error.message);
133
+ }
134
+ }
135
+ }
136
+ exports.DainUserAuth = DainUserAuth;
137
+ //# sourceMappingURL=user-auth.js.map
package/dist/client/user-auth.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"user-auth.js","sourceRoot":"","sources":["../../src/client/user-auth.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B;;;;;GAKG;;;AAgBH;;;;;;;GAOG;AACH,MAAa,YAAY;IACf,GAAG,CAAS;IACZ,cAAc,CAAS;IACvB,eAAe,CAAU;IACzB,UAAU,CAAU;IAE5B,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,CAAC;QAEtB,wDAAwD;QACxD,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;YAC1B,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,OAAO,GAAG,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAClD,IAAI,CAAC,cAAc,GAAG,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG,CAAC;QAChE,CAAC;QAED,IAAI,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;QAC9C,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;IACtC,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,GAAW;QAClC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QACD,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAClE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,WAAW,CACf,OAAe,EACf,KAAa,EACb,KAAa;QAEb,OAAO,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,UAAkB,EAAE,UAAkB;QAC/C,MAAM,OAAO,GAA2B;YACtC,eAAe,EAAE,UAAU,IAAI,CAAC,GAAG,EAAE;SACtC,CAAC;QAEF,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YACzB,OAAO,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,eAAe,CAAC;QAC7D,CAAC;QAED,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,OAAO,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC;QAClD,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,MAAM;QACJ,OAAO,IAAI,CAAC,GAAG,CAAC;IAClB,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,OAAO,IAAI,CAAC,eAAe,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,KAAK;QACH,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,SAAS;QACP,MAAM,IAAI,GAAG;YACX,UAAU,EAAE,KAAK;YACjB,GAAG,EAAE,IAAI,CAAC,GAAG;YACb,cAAc,EAAE,IAAI,CAAC,cAAc;YACnC,eAAe,EAAE,IAAI,CAAC,eAAe;YACrC,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC;QACF,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC9D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,WAAW,CAAC,UAAkB;QACnC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEtE,IAAI,IAAI,CAAC,UAAU,KAAK,KAAK,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;YAClD,CAAC;YAED,OAAO,IAAI,YAAY,CAAC;gBACtB,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,cAAc,EAAE,IAAI,CAAC,cAAc;gBACnC,eAAe,EAAE,IAAI,CAAC,eAAe;gBACrC,UAAU,EAAE,IAAI,CAAC,UAAU;aAC5B,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAI,KAAe,CAAC,OAAO,CAAC,CAAC;QACrF,CAAC;IACH,CAAC;CACF;AAzID,oCAyIC"}
package/dist/service/auth.js CHANGED
@@ -112,9 +112,12 @@ function isValidSolanaAddress(address) {
112
112
  return false;
113
113
  }
114
114
  }
115
- // Simple JWKS cache (public key strings)
115
+ // JWKS cache with kid support
116
116
  const jwksCache = new Map();
117
117
  const CACHE_TTL = 3600000; // 1 hour
118
+ const MAX_CACHE_SIZE = 100; // Prevent memory exhaustion
119
+ const JWKS_TIMEOUT = 5000; // 5 second timeout
120
+ const MAX_JWKS_SIZE = 10000; // 10KB max response size
118
121
  function extractBearerToken(authHeader) {
119
122
  if (!authHeader)
120
123
  return null;
@@ -124,27 +127,57 @@ function extractBearerToken(authHeader) {
124
127
  return parts[1];
125
128
  }
126
129
  /**
127
- * Fetch public key from JWKS endpoint (with caching)
130
+ * Fetch public key from JWKS endpoint (with caching and security)
128
131
  */
129
- async function fetchPublicKey(dainIdUrl) {
130
- // Check cache
131
- const cached = jwksCache.get(dainIdUrl);
132
+ async function fetchPublicKey(dainIdUrl, kid) {
133
+ // SECURITY: Enforce HTTPS to prevent MITM attacks
134
+ if (!dainIdUrl.startsWith('https://') && !dainIdUrl.includes('localhost')) {
135
+ throw new Error('JWKS URL must use HTTPS');
136
+ }
137
+ // Check cache (with kid)
138
+ const cacheKey = `${dainIdUrl}:${kid || 'default'}`;
139
+ const cached = jwksCache.get(cacheKey);
132
140
  if (cached && Date.now() - cached.timestamp < CACHE_TTL) {
133
141
  return cached.publicKey;
134
142
  }
135
- // Fetch JWKS
143
+ // Fetch JWKS with timeout
136
144
  const jwksUrl = `${dainIdUrl}/api/oauth/.well-known/jwks.json`;
137
- const response = await fetch(jwksUrl);
138
- if (!response.ok) {
139
- throw new Error(`Failed to fetch JWKS: ${response.statusText}`);
145
+ const controller = new AbortController();
146
+ const timeoutId = setTimeout(() => controller.abort(), JWKS_TIMEOUT);
147
+ try {
148
+ const response = await fetch(jwksUrl, {
149
+ signal: controller.signal,
150
+ headers: { 'Accept': 'application/json' }
151
+ });
152
+ if (!response.ok) {
153
+ throw new Error(`Failed to fetch JWKS: ${response.statusText}`);
154
+ }
155
+ // Check response size to prevent memory exhaustion
156
+ const text = await response.text();
157
+ if (text.length > MAX_JWKS_SIZE) {
158
+ throw new Error('JWKS response too large');
159
+ }
160
+ const jwks = JSON.parse(text);
161
+ // Find key by kid (or use first key)
162
+ let key = kid ? jwks.keys.find((k) => k.kid === kid) : jwks.keys[0];
163
+ if (!key) {
164
+ throw new Error(kid ? `No key found with kid: ${kid}` : 'No keys in JWKS');
165
+ }
166
+ // Convert JWK to PEM
167
+ const publicKey = jwkToPem(key);
168
+ // Cache with LRU eviction
169
+ jwksCache.set(cacheKey, { publicKey, timestamp: Date.now() });
170
+ // Evict oldest if cache too large
171
+ if (jwksCache.size > MAX_CACHE_SIZE) {
172
+ const oldest = Array.from(jwksCache.entries())
173
+ .sort((a, b) => a[1].timestamp - b[1].timestamp)[0][0];
174
+ jwksCache.delete(oldest);
175
+ }
176
+ return publicKey;
177
+ }
178
+ finally {
179
+ clearTimeout(timeoutId);
140
180
  }
141
- const jwks = await response.json();
142
- const key = jwks.keys[0]; // Use first key
143
- // Convert JWK to PEM
144
- const publicKey = jwkToPem(key);
145
- // Cache it
146
- jwksCache.set(dainIdUrl, { publicKey, timestamp: Date.now() });
147
- return publicKey;
148
181
  }
149
182
  /**
150
183
  * Convert JWK to PEM format (simple RSA only)
@@ -156,10 +189,16 @@ function jwkToPem(jwk) {
156
189
  }
157
190
  async function verifyJWT(token, publicKeyPEMOrUrl, options) {
158
191
  try {
159
- // Fetch public key if URL provided
160
- const publicKey = publicKeyPEMOrUrl.startsWith("http")
161
- ? await fetchPublicKey(publicKeyPEMOrUrl)
162
- : publicKeyPEMOrUrl;
192
+ let publicKey;
193
+ if (publicKeyPEMOrUrl.startsWith("http")) {
194
+ // Extract kid from JWT header for key matching
195
+ const header = jsonwebtoken_1.default.decode(token, { complete: true })?.header;
196
+ const kid = header?.kid;
197
+ publicKey = await fetchPublicKey(publicKeyPEMOrUrl, kid);
198
+ }
199
+ else {
200
+ publicKey = publicKeyPEMOrUrl;
201
+ }
163
202
  // Verify JWT
164
203
  const payload = jsonwebtoken_1.default.verify(token, publicKey, {
165
204
  algorithms: ["RS256"],
package/dist/service/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/service/auth.ts"],"names":[],"mappings":";AAAA,4BAA4B;;AAQ5B,0DAMC;AAED,4CAKC;AAED,0CAeC;AAED,0CA8BC;AACD,oCAaC;AAED,wCAmBC;AACD,wDA4BC;AAED,oDAOC;AAkCD,gDAKC;AAwCD,8BA8BC;AAsBD,kCAyBC;AAOD,kDAEC;AAKD,sCAGC;AAQD,gEAmBC;AAaD,4BAeC;AAQD,oCAEC;AAQD,kCAEC;;AArYD,mDAAgD;AAChD,iDAA8C;AAC9C,+CAA0E;AAC1E,wDAAwB;AACxB,wEAA+B;AAE/B,SAAgB,uBAAuB,CAAC,OAAe;IACrD,IAAI,CAAC;QACH,OAAO,cAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,eAAe,CAC7B,SAAiB,EACjB,OAAe,EACf,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QAEpC,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,OAAgC;IAEhC,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IACE,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,KAAK,KAAK,QAAQ,EACzB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC;aAAM,IACL,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YACpB,KAAK,CAAC,MAAM,GAAG,CAAC,EAChB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC3F,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;SACzD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,GAAG,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAA4B,CAAC,CAAC;IAEnC,OAAO,sBAAsB,CAAC;AAChC,CAAC;AACD,SAAgB,YAAY,CAC1B,UAAsB,EACtB,YAAoB;IAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;IACF,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAC5B,SAAqB,EACrB,YAAoB,EACpB,SAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AACD,SAAgB,sBAAsB,CACpC,SAAiB,EACjB,MAAc,EACd,IAAY,EACZ,OAA+B,EAC/B,IAAY,EACZ,OAAe,EACf,eAAuB;IAEvB,4BAA4B;IAE5B,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uCAAuC;IAEvC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnC,mCAAmC;IAEnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,IAAI,SAAS,IAC1D,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAChB,EAAE,CAAC;IAEH,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,oBAAoB,CAAC,OAAe;IAClD,IAAI,CAAC;QACH,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AA8BD,yCAAyC;AACzC,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoD,CAAC;AAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,SAAS;AAEpC,SAAgB,kBAAkB,CAAC,UAA8B;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAAiB;IAC7C,cAAc;IACd,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;QACxD,OAAO,MAAM,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,aAAa;IACb,MAAM,OAAO,GAAG,GAAG,SAAS,kCAAkC,CAAC;IAC/D,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,CAAC;IAEtC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IACnC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;IAE1C,qBAAqB;IACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;IAEhC,WAAW;IACX,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC/D,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACrE,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,iBAAyB,EACzB,OAAgD;IAEhD,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,SAAS,GAAG,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC;YACpD,CAAC,CAAC,MAAM,cAAc,CAAC,iBAAiB,CAAC;YACzC,CAAC,CAAC,iBAAiB,CAAC;QAEtB,aAAa;QACb,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC5B,CAAqB,CAAC;QAEvB,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG;YACvD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAiBD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,mDAAmD;IACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;IAE9D,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,OAAO;QACP,KAAK;QACL,MAAM;QACN,GAAG,EAAE,MAAM;KACZ,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,MAAc;IAChD,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,OAA2C;IACvE,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtE,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,eAAe,2CAA2C,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtH,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,+CAA+C;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,MAAgB,EAAE,aAAqB;IAC9D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjD,eAAe;IACf,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,iBAAiB;IACjB,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACzD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;IAClD,CAAC;IAED,6BAA6B;IAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAgB,EAAE,cAAwB;IACrE,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAgB,EAAE,cAAwB;IACpE,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/D,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/service/auth.ts"],"names":[],"mappings":";AAAA,4BAA4B;;AAQ5B,0DAMC;AAED,4CAKC;AAED,0CAeC;AAED,0CA8BC;AACD,oCAaC;AAED,wCAmBC;AACD,wDA4BC;AAED,oDAOC;AAqCD,gDAKC;AA4ED,8BAqCC;AAsBD,kCAyBC;AAOD,kDAEC;AAKD,sCAGC;AAQD,gEAmBC;AAaD,4BAeC;AAQD,oCAEC;AAQD,kCAEC;;AAnbD,mDAAgD;AAChD,iDAA8C;AAC9C,+CAA0E;AAC1E,wDAAwB;AACxB,wEAA+B;AAE/B,SAAgB,uBAAuB,CAAC,OAAe;IACrD,IAAI,CAAC;QACH,OAAO,cAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;IACnD,CAAC;AACH,CAAC;AAED,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,IAAI,CAAC,oBAAoB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;QAC1C,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC9C,CAAC;IACD,OAAO,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,eAAe,CAC7B,SAAiB,EACjB,OAAe,EACf,OAAe;IAEf,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACnD,MAAM,cAAc,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAA,eAAM,EAAC,OAAO,CAAC,CAAC;QAEpC,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAgB,eAAe,CAC7B,OAAgC;IAEhC,MAAM,gBAAgB,GAA2B,EAAE,CAAC;IAEpD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,IACE,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,OAAO,KAAK,KAAK,QAAQ,EACzB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC;aAAM,IACL,CAAC,QAAQ,KAAK,cAAc,IAAI,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;YAC1D,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YACpB,KAAK,CAAC,MAAM,GAAG,CAAC,EAChB,CAAC;YACD,gBAAgB,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,0CAA0C;QAC3F,CAAC;IACH,CAAC;IAED,qCAAqC;IACrC,MAAM,sBAAsB,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC;SACzD,IAAI,EAAE;SACN,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACnB,GAAG,CAAC,GAAG,CAAC,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACjC,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,EAA4B,CAAC,CAAC;IAEnC,OAAO,sBAAsB,CAAC;AAChC,CAAC;AACD,SAAgB,YAAY,CAC1B,UAAsB,EACtB,YAAoB;IAEpB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IACxC,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;IACF,MAAM,SAAS,GAAG,iBAAO,CAAC,IAAI,CAAC,WAAW,EAAE,UAAU,CAAC,CAAC;IACxD,OAAO,EAAE,SAAS,EAAE,IAAA,kBAAU,EAAC,SAAS,CAAC,EAAE,SAAS,EAAE,CAAC;AACzD,CAAC;AAED,SAAgB,cAAc,CAC5B,SAAqB,EACrB,YAAoB,EACpB,SAAiB,EACjB,SAAiB;IAEjB,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,IAAA,eAAM,EACxB,IAAA,mBAAW,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,EACtC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CACpC,CACF,CAAC;QACF,MAAM,cAAc,GAAG,IAAA,kBAAU,EAAC,SAAS,CAAC,CAAC;QAC7C,OAAO,iBAAO,CAAC,MAAM,CAAC,cAAc,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;IAChE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,8BAA8B,EAAE,KAAK,CAAC,CAAC;QACrD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AACD,SAAgB,sBAAsB,CACpC,SAAiB,EACjB,MAAc,EACd,IAAY,EACZ,OAA+B,EAC/B,IAAY,EACZ,OAAe,EACf,eAAuB;IAEvB,4BAA4B;IAE5B,MAAM,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAC9C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;IAED,uCAAuC;IAEvC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IACnC,mCAAmC;IAEnC,OAAO,OAAO,CAAC,kBAAkB,CAAC,CAAC;IAEnC,MAAM,OAAO,GAAG,GAAG,MAAM,CAAC,WAAW,EAAE,IAAI,IAAI,IAAI,SAAS,IAC1D,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAChB,EAAE,CAAC;IAEH,OAAO,eAAe,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AACtD,CAAC;AAED,SAAgB,oBAAoB,CAAC,OAAe;IAClD,IAAI,CAAC;QACH,uBAAuB,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AA8BD,8BAA8B;AAC9B,MAAM,SAAS,GAAG,IAAI,GAAG,EAAoD,CAAC;AAC9E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,SAAS;AACpC,MAAM,cAAc,GAAG,GAAG,CAAC,CAAC,4BAA4B;AACxD,MAAM,YAAY,GAAG,IAAI,CAAC,CAAC,mBAAmB;AAC9C,MAAM,aAAa,GAAG,KAAK,CAAC,CAAC,yBAAyB;AAEtD,SAAgB,kBAAkB,CAAC,UAA8B;IAC/D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACpC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC7D,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,cAAc,CAAC,SAAiB,EAAE,GAAY;IAC3D,kDAAkD;IAClD,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;QAC1E,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,yBAAyB;IACzB,MAAM,QAAQ,GAAG,GAAG,SAAS,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;IACpD,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACvC,IAAI,MAAM,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;QACxD,OAAO,MAAM,CAAC,SAAS,CAAC;IAC1B,CAAC;IAED,0BAA0B;IAC1B,MAAM,OAAO,GAAG,GAAG,SAAS,kCAAkC,CAAC;IAC/D,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,YAAY,CAAC,CAAC;IAErE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,OAAO,EAAE,EAAE,QAAQ,EAAE,kBAAkB,EAAE;SAC1C,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,yBAAyB,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;QAClE,CAAC;QAED,mDAAmD;QACnD,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,IAAI,CAAC,MAAM,GAAG,aAAa,EAAE,CAAC;YAChC,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE9B,qCAAqC;QACrC,IAAI,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAEzE,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,0BAA0B,GAAG,EAAE,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC;QAC7E,CAAC;QAED,qBAAqB;QACrB,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEhC,0BAA0B;QAC1B,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAE9D,kCAAkC;QAClC,IAAI,SAAS,CAAC,IAAI,GAAG,cAAc,EAAE,CAAC;YACpC,MAAM,MAAM,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;iBAC3C,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;QAC3B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,SAAS,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,GAAQ;IACxB,MAAM,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;IACjC,MAAM,SAAS,GAAG,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,OAAO,SAAS,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,CAAW,CAAC;AACrE,CAAC;AAEM,KAAK,UAAU,SAAS,CAC7B,KAAa,EACb,iBAAyB,EACzB,OAAgD;IAEhD,IAAI,CAAC;QACH,IAAI,SAAiB,CAAC;QAEtB,IAAI,iBAAiB,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACzC,+CAA+C;YAC/C,MAAM,MAAM,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,CAAC;YAC7D,MAAM,GAAG,GAAG,MAAM,EAAE,GAAG,CAAC;YAExB,SAAS,GAAG,MAAM,cAAc,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;QAC3D,CAAC;aAAM,CAAC;YACN,SAAS,GAAG,iBAAiB,CAAC;QAChC,CAAC;QAED,aAAa;QACb,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,EAAE;YAC3C,UAAU,EAAE,CAAC,OAAO,CAAC;YACrB,MAAM,EAAE,OAAO,EAAE,MAAM;YACvB,QAAQ,EAAE,OAAO,EAAE,QAAQ;SAC5B,CAAqB,CAAC;QAEvB,OAAO;YACL,KAAK,EAAE,IAAI;YACX,OAAO;YACP,cAAc,EAAE,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,GAAG;YACvD,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;SAC3B,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAiBD;;;;GAIG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAChC,mDAAmD;IACnD,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,qBAAqB;IAE9D,IAAI,CAAC,OAAO,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,EAAE,CAAC;QAClC,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO;QACL,OAAO;QACP,KAAK;QACL,MAAM;QACN,GAAG,EAAE,MAAM;KACZ,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,SAAgB,mBAAmB,CAAC,MAAc;IAChD,OAAO,WAAW,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,aAAa,CAAC,OAA2C;IACvE,MAAM,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACtE,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED;;;;;GAKG;AACI,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,eAAuB;IAEvB,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,eAAe,2CAA2C,kBAAkB,CAAC,MAAM,CAAC,EAAE,EAAE;YACtH,MAAM,EAAE,KAAK;SACd,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACrC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,+CAA+C;IAC1E,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;QACnD,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,+EAA+E;AAC/E,6BAA6B;AAC7B,+EAA+E;AAE/E;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,MAAgB,EAAE,aAAqB;IAC9D,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAEjD,eAAe;IACf,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;QAAE,OAAO,IAAI,CAAC;IAEhD,iBAAiB;IACjB,MAAM,KAAK,GAAG,aAAa,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACvC,KAAK,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QACtC,MAAM,aAAa,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;QACzD,IAAI,MAAM,CAAC,QAAQ,CAAC,aAAa,CAAC;YAAE,OAAO,IAAI,CAAC;IAClD,CAAC;IAED,6BAA6B;IAC7B,OAAO,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC9B,CAAC;AAED;;;;;GAKG;AACH,SAAgB,YAAY,CAAC,MAAgB,EAAE,cAAwB;IACrE,OAAO,cAAc,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAChE,CAAC;AAED;;;;;GAKG;AACH,SAAgB,WAAW,CAAC,MAAgB,EAAE,cAAwB;IACpE,OAAO,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,CAAC;AAC/D,CAAC"}
package/dist/service/index.d.ts CHANGED
@@ -5,7 +5,9 @@ import { defineDAINService as defineCloudflareService } from "./cloudflareServic
5
5
  import { createNextDainService } from "./nextService";
6
6
  import { createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent } from "./core";
7
7
  import { ProcessHandler, RedisProcessStore, MemoryProcessStore } from "./processes";
8
+ import { requireScope } from "./server";
9
+ import { hasScope, hasAllScopes, hasAnyScope } from "./auth";
8
10
  export declare const defineDAINService: (config: DAINServiceConfig) => DAINService;
9
- export { defineNodeService, defineDenoService, defineCloudflareService, createNextDainService, createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent, ProcessHandler, RedisProcessStore, MemoryProcessStore, };
11
+ export { defineNodeService, defineDenoService, defineCloudflareService, createNextDainService, createTool, createService, createToolbox, CoreUtils, createOAuth2Tool, createAgent, ProcessHandler, RedisProcessStore, MemoryProcessStore, requireScope, hasScope, hasAllScopes, hasAnyScope, };
10
12
  export * from './types';
11
13
  export * from './oauth2Store';
package/dist/service/index.js CHANGED
@@ -1,7 +1,7 @@
1
1
  "use strict";
2
2
  // File: src/service/index.ts
3
3
  Object.defineProperty(exports, "__esModule", { value: true });
4
- exports.MemoryProcessStore = exports.RedisProcessStore = exports.ProcessHandler = exports.createAgent = exports.createOAuth2Tool = exports.CoreUtils = exports.createToolbox = exports.createService = exports.createTool = exports.createNextDainService = exports.defineCloudflareService = exports.defineDenoService = exports.defineNodeService = exports.defineDAINService = void 0;
4
+ exports.hasAnyScope = exports.hasAllScopes = exports.hasScope = exports.requireScope = exports.MemoryProcessStore = exports.RedisProcessStore = exports.ProcessHandler = exports.createAgent = exports.createOAuth2Tool = exports.CoreUtils = exports.createToolbox = exports.createService = exports.createTool = exports.createNextDainService = exports.defineCloudflareService = exports.defineDenoService = exports.defineNodeService = exports.defineDAINService = void 0;
5
5
  const tslib_1 = require("tslib");
6
6
  const nodeService_1 = require("./nodeService");
7
7
  Object.defineProperty(exports, "defineNodeService", { enumerable: true, get: function () { return nodeService_1.defineDAINService; } });
@@ -22,6 +22,12 @@ const processes_1 = require("./processes");
22
22
  Object.defineProperty(exports, "ProcessHandler", { enumerable: true, get: function () { return processes_1.ProcessHandler; } });
23
23
  Object.defineProperty(exports, "RedisProcessStore", { enumerable: true, get: function () { return processes_1.RedisProcessStore; } });
24
24
  Object.defineProperty(exports, "MemoryProcessStore", { enumerable: true, get: function () { return processes_1.MemoryProcessStore; } });
25
+ const server_1 = require("./server");
26
+ Object.defineProperty(exports, "requireScope", { enumerable: true, get: function () { return server_1.requireScope; } });
27
+ const auth_1 = require("./auth");
28
+ Object.defineProperty(exports, "hasScope", { enumerable: true, get: function () { return auth_1.hasScope; } });
29
+ Object.defineProperty(exports, "hasAllScopes", { enumerable: true, get: function () { return auth_1.hasAllScopes; } });
30
+ Object.defineProperty(exports, "hasAnyScope", { enumerable: true, get: function () { return auth_1.hasAnyScope; } });
25
31
  const defineDAINService = (config) => {
26
32
  throw new Error("This is a fallback implementation. Use the appropriate runtime-specific import.");
27
33
  };
package/dist/service/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/service/index.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;AAG7B,+CAAuE;AAYrE,kGAZ4B,+BAAiB,OAY5B;AAXnB,+CAAuE;AAYrE,kGAZ4B,+BAAiB,OAY5B;AAXnB,2DAAmF;AAYjF,wGAZ4B,qCAAuB,OAY5B;AAXzB,+CAAsD;AAYpD,sGAZO,mCAAqB,OAYP;AAXvB,iCAA4G;AAY1G,2FAZO,iBAAU,OAYP;AACV,8FAbmB,oBAAa,OAanB;AACb,8FAdkC,oBAAa,OAclC;AACb,0FAfiD,gBAAS,OAejD;AACT,iGAhB4D,uBAAgB,OAgB5D;AAChB,4FAjB8E,kBAAW,OAiB9E;AAhBb,2CAAoF;AAiBlF,+FAjBO,0BAAc,OAiBP;AACd,kGAlBuB,6BAAiB,OAkBvB;AACjB,mGAnB0C,8BAAkB,OAmB1C;AAjBb,MAAM,iBAAiB,GAAG,CAAC,MAAyB,EAAe,EAAE;IAC1E,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;AACrG,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAkBF,sBAAsB;AACtB,kDAAwB;AAExB,wDAA8B"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/service/index.ts"],"names":[],"mappings":";AAAA,6BAA6B;;;;AAG7B,+CAAuE;AAcrE,kGAd4B,+BAAiB,OAc5B;AAbnB,+CAAuE;AAcrE,kGAd4B,+BAAiB,OAc5B;AAbnB,2DAAmF;AAcjF,wGAd4B,qCAAuB,OAc5B;AAbzB,+CAAsD;AAcpD,sGAdO,mCAAqB,OAcP;AAbvB,iCAA4G;AAc1G,2FAdO,iBAAU,OAcP;AACV,8FAfmB,oBAAa,OAenB;AACb,8FAhBkC,oBAAa,OAgBlC;AACb,0FAjBiD,gBAAS,OAiBjD;AACT,iGAlB4D,uBAAgB,OAkB5D;AAChB,4FAnB8E,kBAAW,OAmB9E;AAlBb,2CAAoF;AAmBlF,+FAnBO,0BAAc,OAmBP;AACd,kGApBuB,6BAAiB,OAoBvB;AACjB,mGArB0C,8BAAkB,OAqB1C;AApBpB,qCAAwC;AAqBtC,6FArBO,qBAAY,OAqBP;AApBd,iCAA6D;AAqB3D,yFArBO,eAAQ,OAqBP;AACR,6FAtBiB,mBAAY,OAsBjB;AACZ,4FAvB+B,kBAAW,OAuB/B;AArBN,MAAM,iBAAiB,GAAG,CAAC,MAAyB,EAAe,EAAE;IAC1E,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;AACrG,CAAC,CAAC;AAFW,QAAA,iBAAiB,qBAE5B;AAsBF,sBAAsB;AACtB,kDAAwB;AAExB,wDAA8B"}
package/dist/service/server.d.ts CHANGED
@@ -1,2 +1,15 @@
1
+ import { Context } from "hono";
1
2
  import { DAINServiceConfig, ToolConfig, ServiceConfig, ToolboxConfig, Metadata, ServiceContext, ServiceWidget, DAINHono, ServiceDatasource, ServiceAgent } from "./types";
3
+ /**
4
+ * Middleware factory to require specific OAuth scopes
5
+ * Defense-in-depth: Validates scopes even though JWT middleware already checked them
6
+ *
7
+ * @param requiredScope Single scope or array of scopes (ANY match required)
8
+ * @returns Hono middleware
9
+ *
10
+ * @example
11
+ * app.get("/widgets", requireScope("widgets.read"), async (c) => { ... })
12
+ * app.post("/admin", requireScope(["admin.*", "super.admin"]), async (c) => { ... })
13
+ */
14
+ export declare function requireScope(requiredScope: string | string[]): (c: Context, next: () => Promise<void>) => Promise<void>;
2
15
  export declare function setupHttpServer(config: DAINServiceConfig, tools: ToolConfig[], services: ServiceConfig[], toolboxes: ToolboxConfig[], metadata: Metadata, privateKey: Uint8Array, contexts: ServiceContext[], widgets: ServiceWidget[], datasources?: ServiceDatasource[], agents?: ServiceAgent[]): DAINHono;