@levrbet/shared 0.1.106 → 0.1.107
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/server/config/dotenv.d.ts +4 -0
- package/dist/server/config/dotenv.js +5 -1
- package/dist/server/config/dotenv.js.map +1 -1
- package/dist/server/config/kms.d.ts +2 -0
- package/dist/server/config/kms.js +15 -14
- package/dist/server/config/kms.js.map +1 -1
- package/dist/server/middleware/multiAuth.examples.js +2 -2
- package/dist/server/middleware/multiAuth.examples.js.map +1 -1
- package/dist/server/services/crypto.service.d.ts +0 -1
- package/dist/server/services/crypto.service.js +2 -3
- package/dist/server/services/crypto.service.js.map +1 -1
- package/dist/server/services/hmac.service.d.ts +13 -2
- package/dist/server/services/hmac.service.js +26 -2
- package/dist/server/services/hmac.service.js.map +1 -1
- package/package.json +1 -1
|
@@ -29,3 +29,7 @@ export declare const redisSchema: z.ZodObject<{
|
|
|
29
29
|
export declare const relayerSchema: z.ZodObject<{
|
|
30
30
|
RELAYER_ACCESS_TOKEN: z.ZodUUID;
|
|
31
31
|
}, z.core.$strip>;
|
|
32
|
+
export declare const serviceHmacSchema: z.ZodObject<{
|
|
33
|
+
SERVICE_API_KEY_ID: z.ZodString;
|
|
34
|
+
SERVICE_API_KEY_SECRET: z.ZodString;
|
|
35
|
+
}, z.core.$strip>;
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.relayerSchema = exports.redisSchema = exports.mongoSchema = exports.cloudflareSchema = exports.awsCredsSchema = exports.LEVR_ENV = exports.opentelemetrySchema = void 0;
|
|
3
|
+
exports.serviceHmacSchema = exports.relayerSchema = exports.redisSchema = exports.mongoSchema = exports.cloudflareSchema = exports.awsCredsSchema = exports.LEVR_ENV = exports.opentelemetrySchema = void 0;
|
|
4
4
|
require("dotenv/config");
|
|
5
5
|
const zod_1 = require("zod");
|
|
6
6
|
const core_1 = require("../../core");
|
|
@@ -35,4 +35,8 @@ exports.redisSchema = zod_1.z.object({
|
|
|
35
35
|
exports.relayerSchema = zod_1.z.object({
|
|
36
36
|
RELAYER_ACCESS_TOKEN: zod_1.z.uuid(),
|
|
37
37
|
});
|
|
38
|
+
exports.serviceHmacSchema = zod_1.z.object({
|
|
39
|
+
SERVICE_API_KEY_ID: zod_1.z.string().min(1, "SERVICE_API_KEY_ID is required"),
|
|
40
|
+
SERVICE_API_KEY_SECRET: zod_1.z.string().min(1, "SERVICE_API_KEY_SECRET is required"),
|
|
41
|
+
});
|
|
38
42
|
//# sourceMappingURL=dotenv.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotenv.js","sourceRoot":"","sources":["../../../src/server/config/dotenv.ts"],"names":[],"mappings":";;;AAAA,yBAAsB;AACtB,6BAAuB;AACvB,qCAAsE;AAEzD,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7C,2BAA2B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,cAAO,CAAC;CAC5B,CAAC,CAAA;AAEF,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,cAAO,CAAC;CAC5B,CAAC,CAAA;AACa,gBAAQ,GAAK,aAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAA;AAE5C,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mCAAmC,CAAC;IAC7E,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC;CAC/C,CAAC,CAAA;AAEW,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,kBAAkB,EAAE,OAAC,CAAC,GAAG,CAAC,wCAAwC,CAAC;IACnE,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,iCAAiC,CAAC;CAC5E,CAAC,CAAA;AAEW,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,OAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;CACpD,CAAC,CAAA;AAEW,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,OAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACjD,uBAAuB,EAAE,+BAAwB;CACpD,CAAC,CAAA;AAEW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,oBAAoB,EAAE,OAAC,CAAC,IAAI,EAAE;CACjC,CAAC,CAAA"}
|
|
1
|
+
{"version":3,"file":"dotenv.js","sourceRoot":"","sources":["../../../src/server/config/dotenv.ts"],"names":[],"mappings":";;;AAAA,yBAAsB;AACtB,6BAAuB;AACvB,qCAAsE;AAEzD,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,0BAA0B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7C,2BAA2B,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,cAAO,CAAC;CAC5B,CAAC,CAAA;AAEF,MAAM,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9B,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,cAAO,CAAC;CAC5B,CAAC,CAAA;AACa,gBAAQ,GAAK,aAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,UAAA;AAE5C,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mCAAmC,CAAC;IAC7E,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC;CAC/C,CAAC,CAAA;AAEW,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC,kBAAkB,EAAE,OAAC,CAAC,GAAG,CAAC,wCAAwC,CAAC;IACnE,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,iCAAiC,CAAC;CAC5E,CAAC,CAAA;AAEW,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,OAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;CACpD,CAAC,CAAA;AAEW,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,OAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACjD,uBAAuB,EAAE,+BAAwB;CACpD,CAAC,CAAA;AAEW,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,oBAAoB,EAAE,OAAC,CAAC,IAAI,EAAE;CACjC,CAAC,CAAA;AAEW,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,CAAC;IACtC,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,gCAAgC,CAAC;IACvE,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,oCAAoC,CAAC;CAClF,CAAC,CAAA"}
|
|
@@ -8,6 +8,13 @@ class KmsClientManager {
|
|
|
8
8
|
constructor() {
|
|
9
9
|
this._client = null;
|
|
10
10
|
this.initialized = false;
|
|
11
|
+
this.kmsKeyIds = {
|
|
12
|
+
[core_1.LevrEnv.LOCAL]: "b6050d0f-be5b-418c-9056-c53c1d982dec",
|
|
13
|
+
[core_1.LevrEnv.DEV]: "b6050d0f-be5b-418c-9056-c53c1d982dec",
|
|
14
|
+
[core_1.LevrEnv.STAGING]: "b6050d0f-be5b-418c-9056-c53c1d982dec",
|
|
15
|
+
[core_1.LevrEnv.PROD]: "b6050d0f-be5b-418c-9056-c53c1d982dec",
|
|
16
|
+
};
|
|
17
|
+
this.KeyId = this.kmsKeyIds[dotenv_1.LEVR_ENV];
|
|
11
18
|
}
|
|
12
19
|
/**
|
|
13
20
|
* Initializes the KMS client for AWS cryptographic operations.
|
|
@@ -21,23 +28,17 @@ class KmsClientManager {
|
|
|
21
28
|
* ```
|
|
22
29
|
*/
|
|
23
30
|
init() {
|
|
24
|
-
if (this.initialized)
|
|
25
|
-
console.log("KmsClientManager already initialized, skipping...");
|
|
26
|
-
return;
|
|
27
|
-
}
|
|
31
|
+
if (this.initialized)
|
|
32
|
+
return console.log("KmsClientManager already initialized, skipping...");
|
|
28
33
|
this.initialized = true;
|
|
29
|
-
const { AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY } = core_1.Config.init(dotenv_1.awsCredsSchema);
|
|
30
|
-
|
|
31
|
-
region:
|
|
32
|
-
|
|
33
|
-
// Only add credentials if both access key and secret are defined
|
|
34
|
-
if (AWS_ACCESS_KEY_ID && AWS_SECRET_ACCESS_KEY) {
|
|
35
|
-
config.credentials = {
|
|
34
|
+
const { AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION } = core_1.Config.init(dotenv_1.awsCredsSchema);
|
|
35
|
+
this._client = new client_kms_1.KMSClient({
|
|
36
|
+
region: AWS_REGION,
|
|
37
|
+
credentials: {
|
|
36
38
|
accessKeyId: AWS_ACCESS_KEY_ID,
|
|
37
39
|
secretAccessKey: AWS_SECRET_ACCESS_KEY,
|
|
38
|
-
}
|
|
39
|
-
}
|
|
40
|
-
this._client = new client_kms_1.KMSClient(config);
|
|
40
|
+
},
|
|
41
|
+
});
|
|
41
42
|
}
|
|
42
43
|
get client() {
|
|
43
44
|
if (!this._client)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../../src/server/config/kms.ts"],"names":[],"mappings":";;;AAAA,oDAA+C;AAC/C,
|
|
1
|
+
{"version":3,"file":"kms.js","sourceRoot":"","sources":["../../../src/server/config/kms.ts"],"names":[],"mappings":";;;AAAA,oDAA+C;AAC/C,qCAA4C;AAC5C,qCAAmD;AAEnD,MAAM,gBAAgB;IAAtB;QACY,YAAO,GAAqB,IAAI,CAAA;QAChC,gBAAW,GAAG,KAAK,CAAA;QACnB,cAAS,GAAG;YAChB,CAAC,cAAO,CAAC,KAAK,CAAC,EAAE,sCAAsC;YACvD,CAAC,cAAO,CAAC,GAAG,CAAC,EAAE,sCAAsC;YACrD,CAAC,cAAO,CAAC,OAAO,CAAC,EAAE,sCAAsC;YACzD,CAAC,cAAO,CAAC,IAAI,CAAC,EAAE,sCAAsC;SACzD,CAAA;QACD,UAAK,GAAG,IAAI,CAAC,SAAS,CAAC,iBAAQ,CAAC,CAAA;IAiCpC,CAAC;IA/BG;;;;;;;;;;OAUG;IACH,IAAI;QACA,IAAI,IAAI,CAAC,WAAW;YAAE,OAAO,OAAO,CAAC,GAAG,CAAC,mDAAmD,CAAC,CAAA;QAE7F,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;QAEvB,MAAM,EAAE,iBAAiB,EAAE,qBAAqB,EAAE,UAAU,EAAE,GAAG,aAAM,CAAC,IAAI,CAAC,uBAAc,CAAC,CAAA;QAE5F,IAAI,CAAC,OAAO,GAAG,IAAI,sBAAS,CAAC;YACzB,MAAM,EAAE,UAAU;YAClB,WAAW,EAAE;gBACT,WAAW,EAAE,iBAAiB;gBAC9B,eAAe,EAAE,qBAAqB;aACzC;SACJ,CAAC,CAAA;IACN,CAAC;IAED,IAAI,MAAM;QACN,IAAI,CAAC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAA;QAC7F,OAAO,IAAI,CAAC,OAAO,CAAA;IACvB,CAAC;CACJ;AAEY,QAAA,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAA"}
|
|
@@ -40,7 +40,7 @@ router.post("/search", (0, multiAuth_middleware_1.multiAuth)({
|
|
|
40
40
|
methods: [core_1.LevrAuth.PRIVY_USER, core_1.LevrAuth.HMAC],
|
|
41
41
|
requiredScopes: [core_1.ApiKeyScope.Read],
|
|
42
42
|
autoEnforceWriteScope: false, // POST doesn't require Write scope
|
|
43
|
-
}), (
|
|
43
|
+
}), (_req, res) => {
|
|
44
44
|
// This POST route only needs Read scope
|
|
45
45
|
res.json({ results: [] });
|
|
46
46
|
});
|
|
@@ -74,7 +74,7 @@ router.put("/markets/:id", (0, multiAuth_middleware_1.multiAuth)({
|
|
|
74
74
|
router.get("/private-data", (0, multiAuth_middleware_1.multiAuth)({
|
|
75
75
|
methods: [core_1.LevrAuth.PRIVY_USER, core_1.LevrAuth.HMAC],
|
|
76
76
|
requiredScopes: [core_1.ApiKeyScope.Read],
|
|
77
|
-
}), (
|
|
77
|
+
}), (_req, res) => {
|
|
78
78
|
res.json({ data: "sensitive information" });
|
|
79
79
|
});
|
|
80
80
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"multiAuth.examples.js","sourceRoot":"","sources":["../../../src/server/middleware/multiAuth.examples.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAEH,qCAAgC;AAChC,qCAA+D;AAC/D,iEAAkD;AAElD,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAA;AAEvB,4EAA4E;AAC5E,8CAA8C;AAC9C,MAAM,CAAC,IAAI,CACP,SAAS,EACT,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,UAAU,EAAE,eAAQ,CAAC,IAAI,CAAC;CAChD,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,iCAAiC;IACjC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IAC7D,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAChD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAE3C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/B,CAAC,CACJ,CAAA;AAED,8BAA8B;AAC9B,MAAM,CAAC,MAAM,CACT,kBAAkB,EAClB,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,WAAW,CAAC;CAClC,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,oCAAoC;IACpC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;IAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/B,CAAC,CACJ,CAAA;AAED,8DAA8D;AAC9D,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACP,SAAS,EACT,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,UAAU,EAAE,eAAQ,CAAC,IAAI,CAAC;IAC7C,cAAc,EAAE,CAAC,kBAAW,CAAC,IAAI,CAAC;IAClC,qBAAqB,EAAE,KAAK,EAAE,mCAAmC;CACpE,CAAC,EACF,CAAC,
|
|
1
|
+
{"version":3,"file":"multiAuth.examples.js","sourceRoot":"","sources":["../../../src/server/middleware/multiAuth.examples.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;AAEH,qCAAgC;AAChC,qCAA+D;AAC/D,iEAAkD;AAElD,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAA;AAEvB,4EAA4E;AAC5E,8CAA8C;AAC9C,MAAM,CAAC,IAAI,CACP,SAAS,EACT,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,UAAU,EAAE,eAAQ,CAAC,IAAI,CAAC;CAChD,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,iCAAiC;IACjC,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IAC7D,CAAC;SAAM,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,CAAC,4BAA4B,EAAE,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA;IAC7D,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAChD,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAE3C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/B,CAAC,CACJ,CAAA;AAED,8BAA8B;AAC9B,MAAM,CAAC,MAAM,CACT,kBAAkB,EAClB,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,WAAW,CAAC;CAClC,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,oCAAoC;IACpC,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,GAAG,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;IAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/B,CAAC,CACJ,CAAA;AAED,8DAA8D;AAC9D,mDAAmD;AACnD,MAAM,CAAC,IAAI,CACP,SAAS,EACT,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,UAAU,EAAE,eAAQ,CAAC,IAAI,CAAC;IAC7C,cAAc,EAAE,CAAC,kBAAW,CAAC,IAAI,CAAC;IAClC,qBAAqB,EAAE,KAAK,EAAE,mCAAmC;CACpE,CAAC,EACF,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACV,wCAAwC;IACxC,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAA;AAC7B,CAAC,CACJ,CAAA;AAED,+CAA+C;AAC/C,oDAAoD;AACpD,MAAM,CAAC,IAAI,CACP,wBAAwB,EACxB,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,YAAY,CAAC;IAChC,eAAe,EAAE,CAAC,kBAAW,CAAC,SAAS,EAAE,kBAAW,CAAC,UAAU,CAAC;CACnE,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,oCAAoC;IACpC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IAC7C,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;AAC9B,CAAC,CACJ,CAAA;AAED,8DAA8D;AAC9D,MAAM,CAAC,GAAG,CACN,cAAc,EACd,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,WAAW,EAAE,eAAQ,CAAC,YAAY,CAAC;IACtD,cAAc,EAAE,CAAC,kBAAW,CAAC,KAAK,CAAC,EAAE,2BAA2B;IAChE,eAAe,EAAE,CAAC,kBAAW,CAAC,SAAS,EAAE,kBAAW,CAAC,GAAG,CAAC;CAC5D,CAAC,EACF,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACT,qDAAqD;IACrD,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC,CAAA;IAC3D,CAAC;SAAM,CAAC;QACJ,OAAO,CAAC,GAAG,CAAC,0BAA0B,EAAE,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IACjE,CAAC;IACD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAA;AAC/B,CAAC,CACJ,CAAA;AAED,0CAA0C;AAC1C,0DAA0D;AAC1D,MAAM,CAAC,GAAG,CACN,eAAe,EACf,IAAA,gCAAS,EAAC;IACN,OAAO,EAAE,CAAC,eAAQ,CAAC,UAAU,EAAE,eAAQ,CAAC,IAAI,CAAC;IAC7C,cAAc,EAAE,CAAC,kBAAW,CAAC,IAAI,CAAC;CACrC,CAAC,EACF,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IACV,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,uBAAuB,EAAE,CAAC,CAAA;AAC/C,CAAC,CACJ,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAqCG;AAEH,kBAAe,MAAM,CAAA"}
|
|
@@ -10,10 +10,9 @@ const lodash_1 = __importDefault(require("lodash"));
|
|
|
10
10
|
const config_1 = require("../config");
|
|
11
11
|
const CACHE_TTL = 5 * 60; // 5 minutes in seconds
|
|
12
12
|
exports.cryptoService = {
|
|
13
|
-
CMK_ID: "b6050d0f-be5b-418c-9056-c53c1d982dec", // TODO: make per env
|
|
14
13
|
async generateDataKey() {
|
|
15
|
-
const
|
|
16
|
-
const gdk = await
|
|
14
|
+
const { client, KeyId } = config_1.kmsClientManager;
|
|
15
|
+
const gdk = await client.send(new client_kms_1.GenerateDataKeyCommand({ KeyId, KeySpec: "AES_256" }));
|
|
17
16
|
if (lodash_1.default.isNil(gdk.Plaintext) || lodash_1.default.isNil(gdk.CiphertextBlob))
|
|
18
17
|
throw new Error("Failed to generate data key");
|
|
19
18
|
const secretKey = Buffer.from(gdk.Plaintext).toString("base64");
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.service.js","sourceRoot":"","sources":["../../../src/server/services/crypto.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4E;AAC5E,oDAA2B;AAC3B,oDAAsB;AACtB,sCAAgE;AAWhE,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,CAAA,CAAC,uBAAuB;AAEnC,QAAA,aAAa,GAAG;IACzB,
|
|
1
|
+
{"version":3,"file":"crypto.service.js","sourceRoot":"","sources":["../../../src/server/services/crypto.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4E;AAC5E,oDAA2B;AAC3B,oDAAsB;AACtB,sCAAgE;AAWhE,MAAM,SAAS,GAAG,CAAC,GAAG,EAAE,CAAA,CAAC,uBAAuB;AAEnC,QAAA,aAAa,GAAG;IACzB,KAAK,CAAC,eAAe;QACjB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,yBAAgB,CAAA;QAC1C,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,IAAI,mCAAsB,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAA;QACxF,IAAI,gBAAC,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,gBAAC,CAAC,KAAK,CAAC,GAAG,CAAC,cAAc,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;QAEzG,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAC/D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;QAErE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,CAAA;IACpC,CAAC;IACD,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAqB;QACvE,MAAM,UAAU,GAAG,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,IAAI,EAAE,CAAW,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;QACrG,MAAM,QAAQ,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;QAC7E,MAAM,MAAM,GAAG,GAAG,MAAM,KAAK,IAAI,IAAI,EAAE,KAAK,EAAE,CAAC,QAAQ,EAAE,KAAK,QAAQ,KAAK,KAAK,EAAE,CAAA;QAClF,MAAM,CAAC,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAA;QAChD,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QAChB,OAAO,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IAC7B,CAAC;IACD,KAAK,CAAC,YAAY,CAAC,QAAgB,EAAE,gBAAwB;QACzD,MAAM,QAAQ,GAAG,kBAAkB,QAAQ,EAAE,CAAA;QAE7C,IAAI,CAAC;YACD,MAAM,MAAM,GAAG,MAAM,2BAAkB,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAA;YACnE,IAAI,MAAM;gBAAE,OAAO,MAAM,CAAA;YAEzB,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAA;YAC1D,MAAM,IAAI,GAAG,MAAM,yBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,2BAAc,CAAC,EAAE,cAAc,EAAE,UAAU,EAAE,CAAC,CAAC,CAAA;YACnG,IAAI,CAAC,IAAI,CAAC,SAAS;gBAAE,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;YAEjF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;YAEhE,MAAM,2BAAkB,CAAC,aAAa,CAAC,KAAK,CAAC,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAA;YAE5E,OAAO,SAAS,CAAA;QACpB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,GAAG,CAAC,CAAA;YAC/C,MAAM,GAAG,CAAA;QACb,CAAC;IACL,CAAC;CACJ,CAAA"}
|
|
@@ -14,14 +14,25 @@ interface HmacAuthHeaders {
|
|
|
14
14
|
"x-request-nonce": string;
|
|
15
15
|
}
|
|
16
16
|
declare class HmacService {
|
|
17
|
+
private initialized;
|
|
18
|
+
private serviceApiKeyId?;
|
|
19
|
+
private serviceSecretKey?;
|
|
20
|
+
/**
|
|
21
|
+
* Initializes the HMAC service using SERVICE_API_KEY_ID and SERVICE_API_KEY_SECRET
|
|
22
|
+
* from environment. Call this on application startup if you want to use
|
|
23
|
+
* `generateServiceAuthHeaders` without passing explicit keys.
|
|
24
|
+
*/
|
|
25
|
+
init(): void;
|
|
17
26
|
/**
|
|
18
27
|
* Generates HMAC authentication headers for making authenticated requests
|
|
19
28
|
*/
|
|
20
29
|
generateAuthHeaders({ apiKeyId, secretKey, method, path, body, nonce, isService, }: GenerateAuthHeadersParams): HmacAuthHeaders;
|
|
21
30
|
/**
|
|
22
|
-
* Generates service-to-service HMAC authentication headers
|
|
31
|
+
* Generates service-to-service HMAC authentication headers.
|
|
32
|
+
* If `apiKeyId` and `secretKey` are not provided in `params`, the stored
|
|
33
|
+
* service keys (set via `init()`) will be used. Throws if keys are missing.
|
|
23
34
|
*/
|
|
24
|
-
generateServiceAuthHeaders(params: Omit<GenerateAuthHeadersParams, "isService">): HmacAuthHeaders;
|
|
35
|
+
generateServiceAuthHeaders(params: Omit<GenerateAuthHeadersParams, "isService"> & Partial<Pick<GenerateAuthHeadersParams, "apiKeyId" | "secretKey">>): HmacAuthHeaders;
|
|
25
36
|
}
|
|
26
37
|
export declare const hmacService: HmacService;
|
|
27
38
|
export {};
|
|
@@ -6,8 +6,25 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
6
6
|
exports.hmacService = void 0;
|
|
7
7
|
const crypto_1 = __importDefault(require("crypto"));
|
|
8
8
|
const core_1 = require("../../core");
|
|
9
|
+
const dotenv_1 = require("../config/dotenv");
|
|
9
10
|
const crypto_service_1 = require("./crypto.service");
|
|
10
11
|
class HmacService {
|
|
12
|
+
constructor() {
|
|
13
|
+
this.initialized = false;
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Initializes the HMAC service using SERVICE_API_KEY_ID and SERVICE_API_KEY_SECRET
|
|
17
|
+
* from environment. Call this on application startup if you want to use
|
|
18
|
+
* `generateServiceAuthHeaders` without passing explicit keys.
|
|
19
|
+
*/
|
|
20
|
+
init() {
|
|
21
|
+
if (this.initialized)
|
|
22
|
+
return;
|
|
23
|
+
this.initialized = true;
|
|
24
|
+
const { SERVICE_API_KEY_ID, SERVICE_API_KEY_SECRET } = core_1.Config.init(dotenv_1.serviceHmacSchema);
|
|
25
|
+
this.serviceApiKeyId = SERVICE_API_KEY_ID;
|
|
26
|
+
this.serviceSecretKey = SERVICE_API_KEY_SECRET;
|
|
27
|
+
}
|
|
11
28
|
/**
|
|
12
29
|
* Generates HMAC authentication headers for making authenticated requests
|
|
13
30
|
*/
|
|
@@ -32,10 +49,17 @@ class HmacService {
|
|
|
32
49
|
return headers;
|
|
33
50
|
}
|
|
34
51
|
/**
|
|
35
|
-
* Generates service-to-service HMAC authentication headers
|
|
52
|
+
* Generates service-to-service HMAC authentication headers.
|
|
53
|
+
* If `apiKeyId` and `secretKey` are not provided in `params`, the stored
|
|
54
|
+
* service keys (set via `init()`) will be used. Throws if keys are missing.
|
|
36
55
|
*/
|
|
37
56
|
generateServiceAuthHeaders(params) {
|
|
38
|
-
|
|
57
|
+
const apiKeyId = params.apiKeyId ?? this.serviceApiKeyId;
|
|
58
|
+
const secretKey = params.secretKey ?? this.serviceSecretKey;
|
|
59
|
+
if (!apiKeyId || !secretKey) {
|
|
60
|
+
throw new Error("Service keys not initialized. Call hmacService.init() or pass apiKeyId and secretKey in params.");
|
|
61
|
+
}
|
|
62
|
+
return this.generateAuthHeaders({ ...params, apiKeyId, secretKey, isService: true });
|
|
39
63
|
}
|
|
40
64
|
}
|
|
41
65
|
exports.hmacService = new HmacService();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hmac.service.js","sourceRoot":"","sources":["../../../src/server/services/hmac.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA2B;AAC3B,
|
|
1
|
+
{"version":3,"file":"hmac.service.js","sourceRoot":"","sources":["../../../src/server/services/hmac.service.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA2B;AAC3B,qCAA6C;AAC7C,6CAAoD;AACpD,qDAAgD;AAmBhD,MAAM,WAAW;IAAjB;QACY,gBAAW,GAAG,KAAK,CAAA;IAoE/B,CAAC;IAhEG;;;;OAIG;IACH,IAAI;QACA,IAAI,IAAI,CAAC,WAAW;YAAE,OAAM;QAC5B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;QACvB,MAAM,EAAE,kBAAkB,EAAE,sBAAsB,EAAE,GAAG,aAAM,CAAC,IAAI,CAAC,0BAAiB,CAAC,CAAA;QACrF,IAAI,CAAC,eAAe,GAAG,kBAAkB,CAAA;QACzC,IAAI,CAAC,gBAAgB,GAAG,sBAAsB,CAAA;IAClD,CAAC;IACD;;OAEG;IACH,mBAAmB,CAAC,EAChB,QAAQ,EACR,SAAS,EACT,MAAM,EACN,IAAI,EACJ,IAAI,EACJ,KAAK,EACL,SAAS,GAAG,KAAK,GACO;QACxB,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;QACrB,MAAM,WAAW,GAAG,KAAK,IAAI,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAA;QAEnE,8CAA8C;QAC9C,MAAM,SAAS,GAAG,8BAAa,CAAC,WAAW,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,WAAW,EAAE;YAC5B,IAAI;YACJ,EAAE;YACF,IAAI;YACJ,KAAK,EAAE,WAAW;YAClB,SAAS;SACZ,CAAC,CAAA;QAEF,MAAM,OAAO,GAAoB;YAC7B,kBAAkB,EAAE,SAAS,CAAC,CAAC,CAAC,eAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,eAAQ,CAAC,IAAI;YACrE,aAAa,EAAE,QAAQ,QAAQ,IAAI,SAAS,EAAE;YAC9C,qBAAqB,EAAE,EAAE,CAAC,QAAQ,EAAE;YACpC,iBAAiB,EAAE,WAAW;SACjC,CAAA;QAED,OAAO,OAAO,CAAA;IAClB,CAAC;IAED;;;;OAIG;IACH,0BAA0B,CACtB,MAAyH;QAEzH,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,IAAI,CAAC,eAAe,CAAA;QACxD,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,IAAI,CAAC,gBAAgB,CAAA;QAE3D,IAAI,CAAC,QAAQ,IAAI,CAAC,SAAS,EAAE,CAAC;YAC1B,MAAM,IAAI,KAAK,CAAC,iGAAiG,CAAC,CAAA;QACtH,CAAC;QAED,OAAO,IAAI,CAAC,mBAAmB,CAAC,EAAE,GAAG,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACxF,CAAC;CACJ;AAEY,QAAA,WAAW,GAAG,IAAI,WAAW,EAAE,CAAA"}
|