@levrbet/shared 0.0.1

package/dist/server/services/crypto.service.js

@@ -0,0 +1,50 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.cryptoService = void 0;
+const client_kms_1 = require("@aws-sdk/client-kms");
+const crypto_1 = __importDefault(require("crypto"));
+const lodash_1 = __importDefault(require("lodash"));
+const config_1 = require("../config");
+const CACHE_TTL = 5 * 60; // 5 minutes in seconds
+exports.cryptoService = {
+    async generateDataKey() {
+        const { client, KeyId } = config_1.kmsClientManager;
+        const gdk = await client.send(new client_kms_1.GenerateDataKeyCommand({ KeyId, KeySpec: "AES_256" }));
+        if (lodash_1.default.isNil(gdk.Plaintext) || lodash_1.default.isNil(gdk.CiphertextBlob))
+            throw new Error("Failed to generate data key");
+        const secretKey = Buffer.from(gdk.Plaintext).toString("base64");
+        const ciphertext = Buffer.from(gdk.CiphertextBlob).toString("base64");
+        return { ciphertext, secretKey };
+    },
+    signRequest({ method, path, ts, body, nonce, secretKey }) {
+        const bodyString = body && Object.keys((body ?? {})).length > 0 ? JSON.stringify(body) : "";
+        const bodyHash = crypto_1.default.createHash("sha256").update(bodyString).digest("hex");
+        const toSign = `${method}\n${path ?? ""}\n${ts.toString()}\n${bodyHash}\n${nonce}`;
+        const h = crypto_1.default.createHmac("sha256", secretKey);
+        h.update(toSign);
+        return h.digest("base64");
+    },
+    async getSecretKey(apiKeyId, ciphertextBase64) {
+        const cacheKey = `api_key_secret:${apiKeyId}`;
+        try {
+            const cached = await config_1.redisClientManager.primaryClient.get(cacheKey);
+            if (cached)
+                return cached;
+            const ciphertext = Buffer.from(ciphertextBase64, "base64");
+            const resp = await config_1.kmsClientManager.client.send(new client_kms_1.DecryptCommand({ CiphertextBlob: ciphertext }));
+            if (!resp.Plaintext)
+                throw new Error("KMS Decrypt failed: No plaintext returned");
+            const secretKey = Buffer.from(resp.Plaintext).toString("base64");
+            await config_1.redisClientManager.primaryClient.setex(cacheKey, CACHE_TTL, secretKey);
+            return secretKey;
+        }
+        catch (err) {
+            config_1.logger.error("Failed to get secret key:", err);
+            throw err;
+        }
+    },
+};
+//# sourceMappingURL=crypto.service.js.map

package/dist/server/services/crypto.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.js","sourceRoot":"","sources":["../../../src/server/services/crypto.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4E;AAC5E,oDAA2B;AAC3B,oDAAsB;AACtB,sCAAwE;AAWxE,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,CAAA,CAAC,uBAAuB;AAEnC,QAAA,aAAa,GAAG;IACzB,KAAK,CAAC,eAAe;QACjB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,yBAAgB,CAAA;QAC1C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,mCAAsB,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;QACxF,IAAI,gBAAC,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,gBAAC,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;QAEzG,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAErE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;IACpC,CAAC;IACD,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAqB;QACvE,MAAM,UAAU,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,EAAE,CAAW,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QACrG,MAAM,QAAQ,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC7E,MAAM,MAAM,GAAG,GAAG,MAAM,KAAK,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,QAAQ,KAAK,KAAK,EAAE,CAAA;QAClF,MAAM,CAAC,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAChD,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAChB,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC7B,CAAC;IACD,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,gBAAwB;QACzD,MAAM,QAAQ,GAAG,kBAAkB,QAAQ,EAAE,CAAA;QAE7C,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,2BAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YACnE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YAEzB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAA;YAC1D,MAAM,IAAI,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,2BAAc,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;YAEjF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;YAEhE,MAAM,2BAAkB,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;YAE5E,OAAO,SAAS,CAAA;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,eAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAA;YAC9C,MAAM,GAAG,CAAA;QACb,CAAC;IACL,CAAC;CACJ,CAAA"}

package/dist/server/services/hmac.service.d.ts

@@ -0,0 +1,52 @@
+import type { AxiosInstance } from "axios";
+interface GenerateAuthHeadersParams {
+    apiKeyId: string;
+    secretKey: string;
+    method: string;
+    path: string;
+    body?: any;
+    nonce?: string;
+    isService?: boolean;
+}
+interface HmacAuthHeaders {
+    "x-levr-auth-type": string;
+    Authorization: string;
+    "x-request-timestamp": string;
+    "x-request-nonce": string;
+}
+/**
+ * Handles HMAC signing and optional Axios integration
+ */
+declare class HmacService {
+    private initialized;
+    private serviceApiKeyId?;
+    private serviceSecretKey?;
+    init(): void;
+    generateAuthHeaders({ apiKeyId, secretKey, method, path, body, nonce, isService, }: GenerateAuthHeadersParams): HmacAuthHeaders;
+    generateServiceAuthHeaders(params: Omit<GenerateAuthHeadersParams, "isService" | "apiKeyId" | "secretKey"> & Partial<Pick<GenerateAuthHeadersParams, "apiKeyId" | "secretKey">>): HmacAuthHeaders;
+    /**
+     * Attaches an Axios request interceptor that signs requests when config.sign === true
+     *
+     * Usage example:
+     *
+     *   import axios from "axios"
+     *   import { hmacService } from "@levr/shared/src/server/services/hmac.service"
+     *
+     *   // On startup (loads SERVICE_API_KEY_ID and SERVICE_API_KEY_SECRET from env)
+     *   hmacService.init()
+     *
+     *   // Create axios client and attach the interceptor
+     *   const client = axios.create({ baseURL: "https://api.my-service.com" })
+     *   hmacService.attachInterceptor(client)
+     *
+     *   // Make a signed request by setting `sign: true`
+     *   await client.post(
+     *     "/v1/some/endpoint",
+     *     { foo: "bar" },
+     *     { sign: true }
+     *   )
+     */
+    attachInterceptor(client: AxiosInstance): void;
+}
+export declare const hmacService: HmacService;
+export {};

package/dist/server/services/hmac.service.js

@@ -0,0 +1,115 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.hmacService = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const core_1 = require("../../core");
+const dotenv_1 = require("../config/dotenv");
+const crypto_service_1 = require("./crypto.service");
+/**
+ * Handles HMAC signing and optional Axios integration
+ */
+class HmacService {
+    constructor() {
+        this.initialized = false;
+    }
+    init() {
+        if (this.initialized)
+            return;
+        this.initialized = true;
+        const { SERVICE_API_KEY_ID, SERVICE_API_KEY_SECRET } = core_1.Config.init(dotenv_1.serviceHmacSchema);
+        this.serviceApiKeyId = SERVICE_API_KEY_ID;
+        this.serviceSecretKey = SERVICE_API_KEY_SECRET;
+    }
+    generateAuthHeaders({ apiKeyId, secretKey, method, path, body, nonce, isService = false, }) {
+        const ts = Date.now();
+        const actualNonce = nonce || crypto_1.default.randomBytes(16).toString("hex");
+        const signature = crypto_service_1.cryptoService.signRequest({
+            method: method.toUpperCase(),
+            path,
+            ts,
+            body,
+            nonce: actualNonce,
+            secretKey,
+        });
+        return {
+            "x-levr-auth-type": isService ? core_1.LevrAuth.SERVICE_HMAC : core_1.LevrAuth.HMAC,
+            Authorization: `HMAC ${apiKeyId}:${signature}`,
+            "x-request-timestamp": ts.toString(),
+            "x-request-nonce": actualNonce,
+        };
+    }
+    generateServiceAuthHeaders(params) {
+        const apiKeyId = params.apiKeyId ?? this.serviceApiKeyId;
+        const secretKey = params.secretKey ?? this.serviceSecretKey;
+        if (!apiKeyId || !secretKey) {
+            throw new Error("Service keys not initialized. Call hmacService.init() or pass apiKeyId and secretKey in params.");
+        }
+        return this.generateAuthHeaders({ ...params, apiKeyId, secretKey, isService: true });
+    }
+    /**
+     * Attaches an Axios request interceptor that signs requests when config.sign === true
+     *
+     * Usage example:
+     *
+     *   import axios from "axios"
+     *   import { hmacService } from "@levr/shared/src/server/services/hmac.service"
+     *
+     *   // On startup (loads SERVICE_API_KEY_ID and SERVICE_API_KEY_SECRET from env)
+     *   hmacService.init()
+     *
+     *   // Create axios client and attach the interceptor
+     *   const client = axios.create({ baseURL: "https://api.my-service.com" })
+     *   hmacService.attachInterceptor(client)
+     *
+     *   // Make a signed request by setting `sign: true`
+     *   await client.post(
+     *     "/v1/some/endpoint",
+     *     { foo: "bar" },
+     *     { sign: true }
+     *   )
+     */
+    attachInterceptor(client) {
+        client.interceptors.request.use((config) => {
+            if (!config.sign)
+                return config; // skip if not explicitly signed
+            // Determine the pathname to sign (server expects path without query string)
+            // Support both absolute URLs and relative paths.
+            const rawUrl = config.url || "/";
+            let pathname;
+            if (rawUrl.startsWith("http://") || rawUrl.startsWith("https://")) {
+                try {
+                    pathname = new URL(rawUrl).pathname;
+                }
+                catch {
+                    // Fallback to splitting if URL parsing fails
+                    pathname = rawUrl.split("?", 2)[0] || "/";
+                }
+            }
+            else {
+                pathname = rawUrl.split("?", 2)[0] || "/";
+                if (!pathname.startsWith("/"))
+                    pathname = `/${pathname}`;
+            }
+            const headers = this.generateServiceAuthHeaders({
+                method: config.method?.toUpperCase() || "GET",
+                path: pathname,
+                body: config.data || {},
+            });
+            // Merge headers safely for both AxiosHeaders and plain object
+            const target = config.headers;
+            if (target && typeof target.set === "function") {
+                for (const [k, v] of Object.entries(headers))
+                    target.set(k, v);
+            }
+            else {
+                config.headers = { ...config.headers, ...headers };
+            }
+            return config;
+        });
+    }
+}
+exports.hmacService = new HmacService();
+//# sourceMappingURL=hmac.service.js.map

package/dist/server/services/hmac.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hmac.service.js","sourceRoot":"","sources":["../../../src/server/services/hmac.service.ts"],"names":[],"mappings":";;;;;;AACA,oDAA2B;AAC3B,qCAA6C;AAC7C,6CAAoD;AACpD,qDAAgD;AAmBhD;;GAEG;AACH,MAAM,WAAW;IAAjB;QACY,gBAAW,GAAG,KAAK,CAAA;IAmH/B,CAAC;IA/GG,IAAI;QACA,IAAI,IAAI,CAAC,WAAW;YAAE,OAAM;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;QAEvB,MAAM,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,GAAG,aAAM,CAAC,IAAI,CAAC,0BAAiB,CAAC,CAAA;QACrF,IAAI,CAAC,eAAe,GAAG,kBAAkB,CAAA;QACzC,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAA;IAClD,CAAC;IAED,mBAAmB,CAAC,EAChB,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,SAAS,GAAG,KAAK,GACO;QACxB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACrB,MAAM,WAAW,GAAG,KAAK,IAAI,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAEnE,MAAM,SAAS,GAAG,8BAAa,CAAC,WAAW,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;YAC5B,IAAI;YACJ,EAAE;YACF,IAAI;YACJ,KAAK,EAAE,WAAW;YAClB,SAAS;SACZ,CAAC,CAAA;QAEF,OAAO;YACH,kBAAkB,EAAE,SAAS,CAAC,CAAC,CAAC,eAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,eAAQ,CAAC,IAAI;YACrE,aAAa,EAAE,QAAQ,QAAQ,IAAI,SAAS,EAAE;YAC9C,qBAAqB,EAAE,EAAE,CAAC,QAAQ,EAAE;YACpC,iBAAiB,EAAE,WAAW;SACjC,CAAA;IACL,CAAC;IAED,0BAA0B,CACtB,MACsE;QAEtE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,eAAe,CAAA;QACxD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,gBAAgB,CAAA;QAE3D,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,iGAAiG,CAAC,CAAA;QACtH,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACxF,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,iBAAiB,CAAC,MAAqB;QACnC,MAAM,CAAC,YAAY,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,MAAqE,EAAE,EAAE;YACtG,IAAI,CAAC,MAAM,CAAC,IAAI;gBAAE,OAAO,MAAM,CAAA,CAAC,gCAAgC;YAEhE,4EAA4E;YAC5E,iDAAiD;YACjD,MAAM,MAAM,GAAG,MAAM,CAAC,GAAG,IAAI,GAAG,CAAA;YAChC,IAAI,QAAgB,CAAA;YACpB,IAAI,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChE,IAAI,CAAC;oBACD,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAA;gBACvC,CAAC;gBAAC,MAAM,CAAC;oBACL,6CAA6C;oBAC7C,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAA;gBAC7C,CAAC;YACL,CAAC;iBAAM,CAAC;gBACJ,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAA;gBACzC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;oBAAE,QAAQ,GAAG,IAAI,QAAQ,EAAE,CAAA;YAC5D,CAAC;YAED,MAAM,OAAO,GAAG,IAAI,CAAC,0BAA0B,CAAC;gBAC5C,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,WAAW,EAAE,IAAI,KAAK;gBAC7C,IAAI,EAAE,QAAQ;gBACd,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,EAAE;aAC1B,CAAC,CAAA;YAEF,8DAA8D;YAC9D,MAAM,MAAM,GAAQ,MAAM,CAAC,OAAc,CAAA;YACzC,IAAI,MAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,UAAU,EAAE,CAAC;gBAC7C,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;oBAAE,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,CAAQ,CAAC,CAAA;YACzE,CAAC;iBAAM,CAAC;gBACJ,MAAM,CAAC,OAAO,GAAG,EAAE,GAAI,MAAM,CAAC,OAAe,EAAE,GAAG,OAAO,EAAS,CAAA;YACtE,CAAC;YAED,OAAO,MAAM,CAAA;QACjB,CAAC,CAAC,CAAA;IACN,CAAC;CACJ;AAEY,QAAA,WAAW,GAAG,IAAI,WAAW,EAAE,CAAA"}

package/dist/server/services/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./cloudflare.service";
+export * from "./crypto.service";
+export * from "./hmac.service";
+export * from "./privy.service";
+export * from "./presigned.urls";

package/dist/server/services/index.js

@@ -0,0 +1,22 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./cloudflare.service"), exports);
+__exportStar(require("./crypto.service"), exports);
+__exportStar(require("./hmac.service"), exports);
+__exportStar(require("./privy.service"), exports);
+__exportStar(require("./presigned.urls"), exports);
+//# sourceMappingURL=index.js.map

package/dist/server/services/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/services/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,uDAAoC;AACpC,mDAAgC;AAChC,iDAA8B;AAC9B,kDAA+B;AAC/B,mDAAgC"}

package/dist/server/services/presigned.urls.d.ts

@@ -0,0 +1,11 @@
+/**
+ * Handles AWS S3 presigned URL generation
+ */
+declare class PresignedUrlService {
+    private initialized;
+    private s3?;
+    init(): void;
+    generatePresignedImageUrl(keyId: string): Promise<string>;
+}
+export declare const presignedUrlService: PresignedUrlService;
+export {};

package/dist/server/services/presigned.urls.js

@@ -0,0 +1,41 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.presignedUrlService = void 0;
+const client_s3_1 = require("@aws-sdk/client-s3");
+const s3_request_presigner_1 = require("@aws-sdk/s3-request-presigner");
+const core_1 = require("../../core");
+const config_1 = require("../config");
+/**
+ * Handles AWS S3 presigned URL generation
+ */
+class PresignedUrlService {
+    constructor() {
+        this.initialized = false;
+    }
+    init() {
+        if (this.initialized)
+            return;
+        this.initialized = true;
+        const { AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY } = core_1.Config.init(config_1.awsCredsSchema);
+        this.s3 = new client_s3_1.S3Client({
+            region: "ap-south-1",
+            credentials: {
+                accessKeyId: AWS_ACCESS_KEY_ID,
+                secretAccessKey: AWS_SECRET_ACCESS_KEY,
+            },
+        });
+    }
+    async generatePresignedImageUrl(keyId) {
+        if (!this.s3) {
+            throw new Error("S3 client not initialized. Call presignedUrlService.init().");
+        }
+        const command = new client_s3_1.GetObjectCommand({
+            Bucket: "levr-v1-assets-dev",
+            Key: keyId,
+        });
+        const imageUrl = await (0, s3_request_presigner_1.getSignedUrl)(this.s3, command, { expiresIn: 172800 }); // 48 hour expiry
+        return imageUrl;
+    }
+}
+exports.presignedUrlService = new PresignedUrlService();
+//# sourceMappingURL=presigned.urls.js.map

package/dist/server/services/presigned.urls.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"presigned.urls.js","sourceRoot":"","sources":["../../../src/server/services/presigned.urls.ts"],"names":[],"mappings":";;;AAAA,kDAA+D;AAC/D,wEAA4D;AAC5D,qCAAmC;AACnC,sCAA0C;AAE1C;;GAEG;AACH,MAAM,mBAAmB;IAAzB;QACY,gBAAW,GAAG,KAAK,CAAA;IA8B/B,CAAC;IA3BG,IAAI;QACA,IAAI,IAAI,CAAC,WAAW;YAAE,OAAM;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;QAEvB,MAAM,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,GAAG,aAAM,CAAC,IAAI,CAAC,uBAAc,CAAC,CAAA;QAChF,IAAI,CAAC,EAAE,GAAG,IAAI,oBAAQ,CAAC;YACnB,MAAM,EAAE,YAAY;YACpB,WAAW,EAAE;gBACT,WAAW,EAAE,iBAAiB;gBAC9B,eAAe,EAAE,qBAAqB;aACzC;SACJ,CAAC,CAAA;IACN,CAAC;IAED,KAAK,CAAC,yBAAyB,CAAC,KAAa;QACzC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAA;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,4BAAgB,CAAC;YACjC,MAAM,EAAE,oBAAoB;YAC5B,GAAG,EAAE,KAAK;SACb,CAAC,CAAA;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAA,mCAAY,EAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE,CAAC,CAAA,CAAC,iBAAiB;QAC9F,OAAO,QAAQ,CAAA;IACnB,CAAC;CACJ;AAEY,QAAA,mBAAmB,GAAG,IAAI,mBAAmB,EAAE,CAAA"}

package/dist/server/services/privy.service.d.ts

@@ -0,0 +1,30 @@
+import { User as PrivyUser } from "@privy-io/node";
+import { Address } from "viem";
+import { PrivyRole } from "../../core";
+interface AuthRequest {
+    privyToken?: string;
+    privyIdToken?: string;
+    ethAddress?: string;
+    role: PrivyRole;
+}
+declare class PrivyService {
+    authenticate({ privyToken, privyIdToken, ethAddress, role }: AuthRequest): Promise<PrivyUser | undefined>;
+    /**
+     * Fetch a Privy user by id. We don't always know whether the user was created
+     * under the regular "User" app or the Admin app, so try the User client first
+     * and fall back to the Admin client if not found.
+     */
+    getUserById(userId: string): Promise<PrivyUser | undefined>;
+    /**
+     * Gets the user's Ethereum wallet address, prioritizing external wallets over Privy wallets.
+     * Returns the first external wallet found, or falls back to a Privy wallet if none exist.
+     */
+    getUserEthAddress: (user: PrivyUser) => Address | undefined;
+    /**
+     * Verifies that an Ethereum address belongs to a user by checking their linked accounts.
+     */
+    private verifyUserOwnsAddress;
+    private getPrivyClients;
+}
+export declare const privyService: PrivyService;
+export {};

package/dist/server/services/privy.service.js

@@ -0,0 +1,122 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.privyService = void 0;
+const node_1 = require("@privy-io/node");
+const ms_1 = __importDefault(require("ms"));
+const typescript_memoize_1 = require("typescript-memoize");
+const viem_1 = require("viem");
+const zod_1 = __importDefault(require("zod"));
+const core_1 = require("../../core");
+const constants_1 = require("../../core/privy/constants");
+const config_1 = require("../config");
+class PrivyService {
+    constructor() {
+        /**
+         * Gets the user's Ethereum wallet address, prioritizing external wallets over Privy wallets.
+         * Returns the first external wallet found, or falls back to a Privy wallet if none exist.
+         */
+        this.getUserEthAddress = (user) => {
+            let address = undefined;
+            for (const account of user.linked_accounts) {
+                if (account.type !== "wallet" || account.chain_type !== "ethereum")
+                    continue;
+                address = account.address;
+                if (account.wallet_client_type !== "privy")
+                    break;
+            }
+            return address ? (0, viem_1.getAddress)(address) : undefined;
+        };
+        /**
+         * Verifies that an Ethereum address belongs to a user by checking their linked accounts.
+         */
+        this.verifyUserOwnsAddress = (user, addressToVerify) => {
+            return user.linked_accounts.some((account) => account.type === "wallet" &&
+                account.chain_type === "ethereum" &&
+                account.address?.toLowerCase() === addressToVerify.toLowerCase());
+        };
+    }
+    async authenticate({ privyToken, privyIdToken, ethAddress, role }) {
+        if (!privyToken || !privyIdToken)
+            return undefined;
+        const privyClient = this.getPrivyClients()[role];
+        try {
+            await privyClient.utils().auth().verifyAuthToken(privyToken);
+            const user = await privyClient.users().get({ id_token: privyIdToken });
+            if (ethAddress && !this.verifyUserOwnsAddress(user, ethAddress)) {
+                config_1.logger.warn(`User ${user.id} attempted to authenticate with an unlinked address ${ethAddress}.`);
+                return undefined;
+            }
+            return user;
+        }
+        catch (error) {
+            config_1.logger.warn(`Privy authentication failed with error ${error.message}.`);
+            config_1.logger.error(error);
+        }
+    }
+    /**
+     * Fetch a Privy user by id. We don't always know whether the user was created
+     * under the regular "User" app or the Admin app, so try the User client first
+     * and fall back to the Admin client if not found.
+     */
+    async getUserById(userId) {
+        const clients = this.getPrivyClients();
+        // Try regular user client first
+        try {
+            const user = await clients[core_1.PrivyRole.User].users()._get(userId);
+            if (user)
+                return user;
+        }
+        catch (err) {
+            // Not fatal — fall through to admin client
+            config_1.logger.debug(`Privy user client lookup failed for id=${userId}: ${err?.message ?? err}`);
+        }
+        // Try admin client as a fallback
+        try {
+            const adminUser = await clients[core_1.PrivyRole.Admin].users()._get(userId);
+            if (adminUser)
+                return adminUser;
+        }
+        catch (err) {
+            config_1.logger.debug(`Privy admin client lookup failed for id=${userId}: ${err?.message ?? err}`);
+        }
+        return undefined;
+    }
+    getPrivyClients() {
+        const schema = zod_1.default.object({
+            PRIVY_APP_SECRET: zod_1.default.string().min(1),
+            PRIVY_ADMIN_APP_SECRET: zod_1.default.string().min(1),
+        });
+        const { PRIVY_APP_SECRET, PRIVY_ADMIN_APP_SECRET } = core_1.Config.init(schema);
+        const privyClient = new node_1.PrivyClient({
+            appId: constants_1.PRIVY_APP_ID,
+            appSecret: PRIVY_APP_SECRET,
+            jwtVerificationKey: constants_1.PRIVY_VERIFICATION_KEY,
+        });
+        const privyAdminClient = new node_1.PrivyClient({
+            appId: constants_1.PRIVY_ADMIN_APP_ID,
+            appSecret: PRIVY_ADMIN_APP_SECRET,
+            jwtVerificationKey: constants_1.PRIVY_ADMIN_VERIFICATION_KEY,
+        });
+        return {
+            [core_1.PrivyRole.User]: privyClient,
+            [core_1.PrivyRole.Admin]: privyAdminClient,
+        };
+    }
+}
+__decorate([
+    (0, typescript_memoize_1.MemoizeExpiring)((0, ms_1.default)("10m")) // TODO: cache with redis
+], PrivyService.prototype, "getUserById", null);
+__decorate([
+    (0, typescript_memoize_1.Memoize)()
+], PrivyService.prototype, "getPrivyClients", null);
+exports.privyService = new PrivyService();
+//# sourceMappingURL=privy.service.js.map

package/dist/server/services/privy.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"privy.service.js","sourceRoot":"","sources":["../../../src/server/services/privy.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,yCAA+D;AAC/D,4CAAmB;AACnB,2DAA6D;AAC7D,+BAA0C;AAC1C,8CAAmB;AACnB,qCAA8C;AAC9C,0DAKmC;AACnC,sCAAkC;AASlC,MAAM,YAAY;IAAlB;QAmDI;;;WAGG;QACH,sBAAiB,GAAG,CAAC,IAAe,EAAuB,EAAE;YACzD,IAAI,OAAO,GAAwB,SAAS,CAAA;YAE5C,KAAK,MAAM,OAAO,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;gBACzC,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ,IAAI,OAAO,CAAC,UAAU,KAAK,UAAU;oBAAE,SAAQ;gBAC5E,OAAO,GAAG,OAAO,CAAC,OAAkB,CAAA;gBACpC,IAAI,OAAO,CAAC,kBAAkB,KAAK,OAAO;oBAAE,MAAK;YACrD,CAAC;YAED,OAAO,OAAO,CAAC,CAAC,CAAC,IAAA,iBAAU,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAA;QACpD,CAAC,CAAA;QAED;;WAEG;QACK,0BAAqB,GAAG,CAAC,IAAe,EAAE,eAAuB,EAAW,EAAE;YAClF,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAC5B,CAAC,OAAO,EAAE,EAAE,CACR,OAAO,CAAC,IAAI,KAAK,QAAQ;gBACzB,OAAO,CAAC,UAAU,KAAK,UAAU;gBACjC,OAAO,CAAC,OAAO,EAAE,WAAW,EAAE,KAAK,eAAe,CAAC,WAAW,EAAE,CACvE,CAAA;QACL,CAAC,CAAA;IA2BL,CAAC;IAvGG,KAAK,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAe;QAC1E,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY;YAAE,OAAO,SAAS,CAAA;QAElD,MAAM,WAAW,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAA;QAEhD,IAAI,CAAC;YACD,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,CAAC,eAAe,CAAC,UAAU,CAAC,CAAA;YAC5D,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,CAAA;YAEtE,IAAI,UAAU,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC;gBAC9D,eAAM,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,EAAE,uDAAuD,UAAU,GAAG,CAAC,CAAA;gBAChG,OAAO,SAAS,CAAA;YACpB,CAAC;YAED,OAAO,IAAI,CAAA;QACf,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YAClB,eAAM,CAAC,IAAI,CAAC,0CAA0C,KAAK,CAAC,OAAO,GAAG,CAAC,CAAA;YACvE,eAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;QACvB,CAAC;IACL,CAAC;IAED;;;;OAIG;IAEG,AAAN,KAAK,CAAC,WAAW,CAAC,MAAc;QAC5B,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAA;QAEtC,gCAAgC;QAChC,IAAI,CAAC;YACD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,gBAAS,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YAC/D,IAAI,IAAI;gBAAE,OAAO,IAAI,CAAA;QACzB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,2CAA2C;YAC3C,eAAM,CAAC,KAAK,CAAC,0CAA0C,MAAM,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAA;QAC5F,CAAC;QAED,iCAAiC;QACjC,IAAI,CAAC;YACD,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,gBAAS,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;YACrE,IAAI,SAAS;gBAAE,OAAO,SAAS,CAAA;QACnC,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAChB,eAAM,CAAC,KAAK,CAAC,2CAA2C,MAAM,KAAK,GAAG,EAAE,OAAO,IAAI,GAAG,EAAE,CAAC,CAAA;QAC7F,CAAC;QAED,OAAO,SAAS,CAAA;IACpB,CAAC;IA+BO,eAAe;QACnB,MAAM,MAAM,GAAG,aAAC,CAAC,MAAM,CAAC;YACpB,gBAAgB,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YACnC,sBAAsB,EAAE,aAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;SAC5C,CAAC,CAAA;QACF,MAAM,EAAE,gBAAgB,EAAE,sBAAsB,EAAE,GAAG,aAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QAExE,MAAM,WAAW,GAAG,IAAI,kBAAW,CAAC;YAChC,KAAK,EAAE,wBAAY;YACnB,SAAS,EAAE,gBAAgB;YAC3B,kBAAkB,EAAE,kCAAsB;SAC7C,CAAC,CAAA;QAEF,MAAM,gBAAgB,GAAG,IAAI,kBAAW,CAAC;YACrC,KAAK,EAAE,8BAAkB;YACzB,SAAS,EAAE,sBAAsB;YACjC,kBAAkB,EAAE,wCAA4B;SACnD,CAAC,CAAA;QAEF,OAAO;YACH,CAAC,gBAAS,CAAC,IAAI,CAAC,EAAE,WAAW;YAC7B,CAAC,gBAAS,CAAC,KAAK,CAAC,EAAE,gBAAgB;SACtC,CAAA;IACL,CAAC;CACJ;AA5ES;IADL,IAAA,oCAAe,EAAC,IAAA,YAAE,EAAC,KAAK,CAAC,CAAC,CAAC,yBAAyB;+CAsBpD;AA+BO;IADP,IAAA,4BAAO,GAAE;mDAwBT;AAGQ,QAAA,YAAY,GAAG,IAAI,YAAY,EAAE,CAAA"}

package/dist/server/test-relayers.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server/test-relayers.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const index_1 = require("./index");
+index_1.redisClientManager.init({ db: index_1.RedisDb.AUTH });
+const test = async () => {
+    const storage = await (0, index_1.getLevrContractWithRelayer)("storage", index_1.LevrChain.MONAD_TESTNET, { relayer: index_1.LevrRelayerGroup.GAME_ADMIN });
+    const value = BigInt(Date.now());
+    console.log(`Storing value: ${value.toString()}`);
+    const hash = await storage.write.store([value, false]);
+    console.log("Transaction hash:", hash);
+    const result = await storage.read.retrieve();
+    console.log("Stored value:", result.toString());
+};
+Promise.all([test(), test() /*test(), test(), test(), test(), test(), test(), test(), test()*/])
+    .catch(console.error)
+    .finally(() => process.exit(0));
+//# sourceMappingURL=test-relayers.js.map

package/dist/server/test-relayers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"test-relayers.js","sourceRoot":"","sources":["../../src/server/test-relayers.ts"],"names":[],"mappings":";;AAAA,mCAA8G;AAE9G,0BAAkB,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,eAAO,CAAC,IAAI,EAAE,CAAC,CAAA;AAE7C,MAAM,IAAI,GAAG,KAAK,IAAmB,EAAE;IACnC,MAAM,OAAO,GAAG,MAAM,IAAA,kCAA0B,EAAC,SAAS,EAAE,iBAAS,CAAC,aAAa,EAAE,EAAE,OAAO,EAAE,wBAAgB,CAAC,UAAU,EAAE,CAAC,CAAA;IAC9H,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAA;IAChC,OAAO,CAAC,GAAG,CAAC,kBAAkB,KAAK,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAA;IACjD,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAA;IACtD,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAA;IACtC,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAA;IAC5C,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;AACnD,CAAC,CAAA;AAED,OAAO,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,kEAAkE,CAAC,CAAC;KAC3F,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;KACpB,OAAO,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA"}

package/dist/server/types/auth.types.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Authentication result from individual auth handlers
+ */
+export interface AuthResult {
+    success: boolean;
+    error?: string;
+    statusCode?: number;
+}

package/dist/server/types/auth.types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=auth.types.js.map

package/dist/server/types/auth.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.types.js","sourceRoot":"","sources":["../../../src/server/types/auth.types.ts"],"names":[],"mappings":""}

package/dist/server/types/global.types.d.ts

@@ -0,0 +1,35 @@
+import type { User as PrivyUser } from "@privy-io/node";
+import "axios";
+import type { Address } from "viem";
+import type { LevrService } from "../../core";
+declare module "axios" {
+    interface AxiosRequestConfig {
+        sign?: boolean;
+    }
+    interface InternalAxiosRequestConfig {
+        sign?: boolean;
+    }
+}
+declare module "express-serve-static-core" {
+    interface Request {
+        /**
+         * Authenticated Privy user (set by PRIVY_USER or PRIVY_ADMIN auth)
+         */
+        privyUser?: PrivyUser;
+        /**
+         * Authenticated API key user (set by HMAC or SERVICE_HMAC auth)
+         */
+        apiUser?: {
+            id: string;
+            service?: LevrService | null;
+        };
+        /**
+         * Ethereum address associated with the authenticated user
+         */
+        ethAddress?: Address | null;
+        /**
+         * The authentication method used for this request
+         */
+        authMethod?: string;
+    }
+}

package/dist/server/types/global.types.js

@@ -0,0 +1,4 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+require("axios");
+//# sourceMappingURL=global.types.js.map

package/dist/server/types/global.types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"global.types.js","sourceRoot":"","sources":["../../../src/server/types/global.types.ts"],"names":[],"mappings":";;AACA,iBAAc"}

package/dist/server/types/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./auth.types";
+export * from "./global.types";

package/dist/server/types/index.js

@@ -0,0 +1,19 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./auth.types"), exports);
+__exportStar(require("./global.types"), exports);
+//# sourceMappingURL=index.js.map

package/dist/server/types/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,+CAA4B;AAC5B,iDAA8B"}

package/dist/server/utils/express.utils.d.ts

@@ -0,0 +1,24 @@
+import type { Request, Response } from "express";
+import type { ZodType } from "zod";
+/**
+ * Validates a part of an Express request using a Zod schema and returns the validated data.
+ *
+ * @param schema - The Zod schema to validate against
+ * @param req - The Express request object
+ * @param part - The part of the request to validate ("body", "query", "params", etc.)
+ * @param res - The Express response object
+ * @returns The validated data if successful, undefined if validation fails (and sends 400 response)
+ *
+ * @example
+ * ```typescript
+ * const bodySchema = z.object({ name: z.string() });
+ *
+ * app.post("/api", (req, res) => {
+ *   const body = validateRequest(bodySchema, req, "body", res);
+ *   if (!body) return;
+ *   // body is now typed as { name: string }
+ *   console.log(body.name);
+ * });
+ * ```
+ */
+export declare function validateRequest<T>(schema: ZodType<T>, req: Request, part: keyof Request, res: Response): T | undefined;