@levrbet/shared 0.1.95 → 0.1.96
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/core/types/auth.types.d.ts +25 -2
- package/dist/core/types/auth.types.js +4 -2
- package/dist/core/types/auth.types.js.map +1 -1
- package/dist/server/config/cloudflare.d.ts +30 -0
- package/dist/server/config/cloudflare.js +42 -0
- package/dist/server/config/cloudflare.js.map +1 -0
- package/dist/server/config/constants.js +2 -2
- package/dist/server/config/constants.js.map +1 -1
- package/dist/server/config/dotenv.d.ts +3 -7
- package/dist/server/config/dotenv.js +5 -14
- package/dist/server/config/dotenv.js.map +1 -1
- package/dist/server/config/index.d.ts +1 -0
- package/dist/server/config/index.js +1 -0
- package/dist/server/config/index.js.map +1 -1
- package/dist/server/config/urls.js +2 -2
- package/dist/server/config/urls.js.map +1 -1
- package/dist/server/contracts/instances.d.ts +1 -1
- package/dist/server/contracts/instances.js +3 -3
- package/dist/server/contracts/instances.js.map +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.js +1 -1
- package/dist/server/index.js.map +1 -1
- package/dist/server/middleware/auth/cloudflare.handler.d.ts +7 -0
- package/dist/server/middleware/auth/cloudflare.handler.js +31 -0
- package/dist/server/middleware/auth/cloudflare.handler.js.map +1 -0
- package/dist/server/middleware/auth/hmac.handler.d.ts +19 -0
- package/dist/server/middleware/auth/hmac.handler.js +129 -0
- package/dist/server/middleware/auth/hmac.handler.js.map +1 -0
- package/dist/server/middleware/auth/index.d.ts +3 -0
- package/dist/server/middleware/auth/index.js +4 -0
- package/dist/server/middleware/auth/index.js.map +1 -0
- package/dist/server/middleware/auth/privy.handler.d.ts +8 -0
- package/dist/server/middleware/auth/privy.handler.js +29 -0
- package/dist/server/middleware/auth/privy.handler.js.map +1 -0
- package/dist/server/middleware/index.d.ts +0 -2
- package/dist/server/middleware/index.js +0 -2
- package/dist/server/middleware/index.js.map +1 -1
- package/dist/server/middleware/multiAuth.examples.d.ts +43 -0
- package/dist/server/middleware/multiAuth.examples.js +114 -0
- package/dist/server/middleware/multiAuth.examples.js.map +1 -0
- package/dist/server/middleware/mutiAuth.middleware.d.ts +31 -1
- package/dist/server/middleware/mutiAuth.middleware.js +81 -2
- package/dist/server/middleware/mutiAuth.middleware.js.map +1 -1
- package/dist/server/services/cloudflare.service.d.ts +12 -0
- package/dist/server/services/cloudflare.service.js +21 -0
- package/dist/server/services/cloudflare.service.js.map +1 -0
- package/dist/server/services/index.d.ts +2 -0
- package/dist/server/services/index.js +2 -0
- package/dist/server/services/index.js.map +1 -1
- package/dist/server/services/privy.service.js.map +1 -0
- package/dist/server/types/express.types.d.ts +27 -0
- package/dist/server/types/express.types.js +2 -0
- package/dist/server/types/express.types.js.map +1 -0
- package/dist/server/types/index.d.ts +1 -0
- package/dist/server/types/index.js +2 -0
- package/dist/server/types/index.js.map +1 -0
- package/package.json +1 -1
- package/dist/server/auth/index.d.ts +0 -2
- package/dist/server/auth/index.js +0 -3
- package/dist/server/auth/index.js.map +0 -1
- package/dist/server/auth/kms.d.ts +0 -34
- package/dist/server/auth/kms.js +0 -122
- package/dist/server/auth/kms.js.map +0 -1
- package/dist/server/auth/middleware/index.d.ts +0 -17
- package/dist/server/auth/middleware/index.js +0 -62
- package/dist/server/auth/middleware/index.js.map +0 -1
- package/dist/server/auth/privy.service.js.map +0 -1
- package/dist/server/middleware/apiKey.middleware.d.ts +0 -2
- package/dist/server/middleware/apiKey.middleware.js +0 -67
- package/dist/server/middleware/apiKey.middleware.js.map +0 -1
- package/dist/server/middleware/privy.middleware.d.ts +0 -3
- package/dist/server/middleware/privy.middleware.js +0 -43
- package/dist/server/middleware/privy.middleware.js.map +0 -1
- /package/dist/server/{auth → services}/privy.service.d.ts +0 -0
- /package/dist/server/{auth → services}/privy.service.js +0 -0
|
@@ -1,8 +1,31 @@
|
|
|
1
|
+
import { ApiKeyScope, LevrService } from "../prisma";
|
|
1
2
|
export declare enum LevrAuth {
|
|
2
3
|
PRIVY_USER = "privyUser",
|
|
3
4
|
PRIVY_ADMIN = "privyAdmin",
|
|
4
5
|
CLOUDFLARE = "cloudflare",
|
|
5
|
-
|
|
6
|
-
|
|
6
|
+
HMAC = "hmac",
|
|
7
|
+
SERVICE_HMAC = "serviceHmac"
|
|
7
8
|
}
|
|
8
9
|
export declare const LEVR_AUTH_HEADER = "x-levr-auth-type";
|
|
10
|
+
export interface MultiAuthOptions {
|
|
11
|
+
/**
|
|
12
|
+
* Array of authentication methods to support for this route.
|
|
13
|
+
* Client will specify which one to use via the x-levr-auth-type header.
|
|
14
|
+
*/
|
|
15
|
+
methods: LevrAuth[];
|
|
16
|
+
/**
|
|
17
|
+
* Required API key scopes (applies to HMAC and SERVICE_HMAC auth only).
|
|
18
|
+
* If specified, the API key must have at least one of these scopes.
|
|
19
|
+
*/
|
|
20
|
+
requiredScopes?: ApiKeyScope[];
|
|
21
|
+
/**
|
|
22
|
+
* Required services (applies to SERVICE_HMAC auth only).
|
|
23
|
+
* If specified, the API key must belong to one of these services.
|
|
24
|
+
*/
|
|
25
|
+
requiredServices?: LevrService[];
|
|
26
|
+
/**
|
|
27
|
+
* Auto-enforce Write scope for mutating HTTP methods (POST, PUT, PATCH, DELETE).
|
|
28
|
+
* Defaults to true.
|
|
29
|
+
*/
|
|
30
|
+
autoEnforceWriteScope?: boolean;
|
|
31
|
+
}
|
|
@@ -3,8 +3,10 @@ export var LevrAuth;
|
|
|
3
3
|
LevrAuth["PRIVY_USER"] = "privyUser";
|
|
4
4
|
LevrAuth["PRIVY_ADMIN"] = "privyAdmin";
|
|
5
5
|
LevrAuth["CLOUDFLARE"] = "cloudflare";
|
|
6
|
-
LevrAuth["
|
|
7
|
-
LevrAuth["
|
|
6
|
+
LevrAuth["HMAC"] = "hmac";
|
|
7
|
+
LevrAuth["SERVICE_HMAC"] = "serviceHmac";
|
|
8
8
|
})(LevrAuth || (LevrAuth = {}));
|
|
9
|
+
// clients will set this header to indicate which auth method they are using
|
|
10
|
+
// if the route doesn't support that auth method, it will be rejected
|
|
9
11
|
export const LEVR_AUTH_HEADER = "x-levr-auth-type";
|
|
10
12
|
//# sourceMappingURL=auth.types.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"auth.types.js","sourceRoot":"","sources":["../../../src/core/types/auth.types.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"auth.types.js","sourceRoot":"","sources":["../../../src/core/types/auth.types.ts"],"names":[],"mappings":"AAEA,MAAM,CAAN,IAAY,QAMX;AAND,WAAY,QAAQ;IAChB,oCAAwB,CAAA;IACxB,sCAA0B,CAAA;IAC1B,qCAAyB,CAAA;IACzB,yBAAa,CAAA;IACb,wCAA4B,CAAA;AAChC,CAAC,EANW,QAAQ,KAAR,QAAQ,QAMnB;AAED,4EAA4E;AAC5E,qEAAqE;AACrE,MAAM,CAAC,MAAM,gBAAgB,GAAG,kBAAkB,CAAA"}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
import type { JWTVerifyGetKey } from "jose";
|
|
2
|
+
export interface CloudflareConfigData {
|
|
3
|
+
jwks: JWTVerifyGetKey;
|
|
4
|
+
issuer: string;
|
|
5
|
+
audience: string;
|
|
6
|
+
}
|
|
7
|
+
declare class CloudflareConfig {
|
|
8
|
+
private jwks;
|
|
9
|
+
private _config;
|
|
10
|
+
private initialized;
|
|
11
|
+
/**
|
|
12
|
+
* Initialize Cloudflare configuration from environment variables.
|
|
13
|
+
* Must be called before using cloudflareAuthService.
|
|
14
|
+
*
|
|
15
|
+
* @example
|
|
16
|
+
* ```typescript
|
|
17
|
+
* // Loads from CLOUDFLARE_JWK_URL, CLOUDFLARE_ISSUER, CLOUDFLARE_AUDIENCE env vars
|
|
18
|
+
* cloudflareConfig.init()
|
|
19
|
+
* ```
|
|
20
|
+
*/
|
|
21
|
+
init(): void;
|
|
22
|
+
/**
|
|
23
|
+
* Get the Cloudflare configuration data.
|
|
24
|
+
*
|
|
25
|
+
* @throws Error if CloudflareConfig has not been initialized
|
|
26
|
+
*/
|
|
27
|
+
get config(): CloudflareConfigData;
|
|
28
|
+
}
|
|
29
|
+
export declare const cloudflareConfig: CloudflareConfig;
|
|
30
|
+
export {};
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
import { createRemoteJWKSet } from "jose";
|
|
2
|
+
import { Config } from "../../core";
|
|
3
|
+
import { cloudflareSchema } from "./dotenv";
|
|
4
|
+
class CloudflareConfig {
|
|
5
|
+
constructor() {
|
|
6
|
+
this.jwks = null;
|
|
7
|
+
this._config = null;
|
|
8
|
+
this.initialized = false;
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Initialize Cloudflare configuration from environment variables.
|
|
12
|
+
* Must be called before using cloudflareAuthService.
|
|
13
|
+
*
|
|
14
|
+
* @example
|
|
15
|
+
* ```typescript
|
|
16
|
+
* // Loads from CLOUDFLARE_JWK_URL, CLOUDFLARE_ISSUER, CLOUDFLARE_AUDIENCE env vars
|
|
17
|
+
* cloudflareConfig.init()
|
|
18
|
+
* ```
|
|
19
|
+
*/
|
|
20
|
+
init() {
|
|
21
|
+
this._config = Config.init(cloudflareSchema);
|
|
22
|
+
this.jwks = createRemoteJWKSet(new URL(this._config.CLOUDFLARE_JWK_URL));
|
|
23
|
+
this.initialized = true;
|
|
24
|
+
}
|
|
25
|
+
/**
|
|
26
|
+
* Get the Cloudflare configuration data.
|
|
27
|
+
*
|
|
28
|
+
* @throws Error if CloudflareConfig has not been initialized
|
|
29
|
+
*/
|
|
30
|
+
get config() {
|
|
31
|
+
if (!this.initialized || !this.jwks || !this._config) {
|
|
32
|
+
throw new Error("CloudflareConfig not initialized. Call cloudflareConfig.init() before use.");
|
|
33
|
+
}
|
|
34
|
+
return {
|
|
35
|
+
jwks: this.jwks,
|
|
36
|
+
issuer: this._config.CLOUDFLARE_ISSUER,
|
|
37
|
+
audience: this._config.CLOUDFLARE_AUDIENCE,
|
|
38
|
+
};
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
export const cloudflareConfig = new CloudflareConfig();
|
|
42
|
+
//# sourceMappingURL=cloudflare.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare.js","sourceRoot":"","sources":["../../../src/server/config/cloudflare.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,kBAAkB,EAAE,MAAM,MAAM,CAAA;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAA;AACnC,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;AAc3C,MAAM,gBAAgB;IAAtB;QACY,SAAI,GAAiD,IAAI,CAAA;QACzD,YAAO,GAAgC,IAAI,CAAA;QAC3C,gBAAW,GAAG,KAAK,CAAA;IAkC/B,CAAC;IAhCG;;;;;;;;;OASG;IACH,IAAI;QACA,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;QAC5C,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAA;QACxE,IAAI,CAAC,WAAW,GAAG,IAAI,CAAA;IAC3B,CAAC;IAED;;;;OAIG;IACH,IAAI,MAAM;QACN,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,4EAA4E,CAAC,CAAA;QACjG,CAAC;QAED,OAAO;YACH,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;YACtC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,mBAAmB;SAC7C,CAAA;IACL,CAAC;CACJ;AAED,MAAM,CAAC,MAAM,gBAAgB,GAAG,IAAI,gBAAgB,EAAE,CAAA"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
1
|
import { getSupportedChainIds } from "../../core";
|
|
2
|
-
import {
|
|
3
|
-
export const supportedChainIds = getSupportedChainIds(
|
|
2
|
+
import { LEVR_ENV } from "./dotenv";
|
|
3
|
+
export const supportedChainIds = getSupportedChainIds(LEVR_ENV);
|
|
4
4
|
//# sourceMappingURL=constants.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/server/config/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AACjD,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/server/config/constants.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAEnC,MAAM,CAAC,MAAM,iBAAiB,GAAG,oBAAoB,CAAC,QAAQ,CAAC,CAAA"}
|
|
@@ -8,14 +8,14 @@ export declare const opentelemetrySchema: z.ZodObject<{
|
|
|
8
8
|
OTEL_SERVICE_VERSION: z.ZodString;
|
|
9
9
|
LEVR_ENV: z.ZodEnum<typeof LevrEnv>;
|
|
10
10
|
}, z.core.$strip>;
|
|
11
|
+
export declare const LEVR_ENV: LevrEnv;
|
|
11
12
|
export declare const awsCredsSchema: z.ZodObject<{
|
|
12
13
|
AWS_ACCESS_KEY_ID: z.ZodString;
|
|
13
14
|
AWS_SECRET_ACCESS_KEY: z.ZodString;
|
|
14
15
|
AWS_REGION: z.ZodDefault<z.ZodString>;
|
|
15
16
|
}, z.core.$strip>;
|
|
16
|
-
export declare const
|
|
17
|
-
|
|
18
|
-
CLOUDFLARE_JWK_URL: z.ZodString;
|
|
17
|
+
export declare const cloudflareSchema: z.ZodObject<{
|
|
18
|
+
CLOUDFLARE_JWK_URL: z.ZodURL;
|
|
19
19
|
CLOUDFLARE_ISSUER: z.ZodString;
|
|
20
20
|
CLOUDFLARE_AUDIENCE: z.ZodString;
|
|
21
21
|
}, z.core.$strip>;
|
|
@@ -26,10 +26,6 @@ export declare const redisSchema: z.ZodObject<{
|
|
|
26
26
|
REDIS_URL: z.ZodURL;
|
|
27
27
|
REDIS_REPLICA_ENDPOINTS: z.ZodDefault<z.ZodString>;
|
|
28
28
|
}, z.core.$strip>;
|
|
29
|
-
export declare const levrSharedConfig: Readonly<{
|
|
30
|
-
LEVR_ENV: LevrEnv;
|
|
31
|
-
}>;
|
|
32
29
|
export declare const relayerSchema: z.ZodObject<{
|
|
33
30
|
RELAYER_ACCESS_TOKEN: z.ZodUUID;
|
|
34
31
|
}, z.core.$strip>;
|
|
35
|
-
export declare const kmsEnvConfig: z.infer<typeof kmsSchema>;
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import "dotenv/config";
|
|
2
2
|
import { z } from "zod";
|
|
3
3
|
import { commaSeparatedUrlsSchema, Config, LevrEnv } from "../../core";
|
|
4
|
-
///@dev example of using the Config class
|
|
5
4
|
export const opentelemetrySchema = z.object({
|
|
6
5
|
OTEL_EXPORTER_OTLP_HEADERS: z.string().min(1),
|
|
7
6
|
OTEL_EXPORTER_OTLP_ENDPOINT: z.string().min(1),
|
|
@@ -12,16 +11,16 @@ export const opentelemetrySchema = z.object({
|
|
|
12
11
|
const levrSharedSchema = z.object({
|
|
13
12
|
LEVR_ENV: z.enum(LevrEnv),
|
|
14
13
|
});
|
|
14
|
+
export const { LEVR_ENV } = Config.init(levrSharedSchema);
|
|
15
15
|
export const awsCredsSchema = z.object({
|
|
16
16
|
AWS_ACCESS_KEY_ID: z.string().min(1, "AWS_ACCESS_KEY_ID is required"),
|
|
17
17
|
AWS_SECRET_ACCESS_KEY: z.string().min(1, "AWS_SECRET_ACCESS_KEY is required"),
|
|
18
18
|
AWS_REGION: z.string().default("ap-south-1"),
|
|
19
19
|
});
|
|
20
|
-
export const
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
CLOUDFLARE_AUDIENCE: z.string().min(1),
|
|
20
|
+
export const cloudflareSchema = z.object({
|
|
21
|
+
CLOUDFLARE_JWK_URL: z.url("CLOUDFLARE_JWK_URL must be a valid URL"),
|
|
22
|
+
CLOUDFLARE_ISSUER: z.string().min(1, "CLOUDFLARE_ISSUER is required"),
|
|
23
|
+
CLOUDFLARE_AUDIENCE: z.string().min(1, "CLOUDFLARE_AUDIENCE is required"),
|
|
25
24
|
});
|
|
26
25
|
export const mongoSchema = z.object({
|
|
27
26
|
MONGO_URI: z.url("MONGO_URI must be a valid URI"),
|
|
@@ -30,15 +29,7 @@ export const redisSchema = z.object({
|
|
|
30
29
|
REDIS_URL: z.url("REDIS_URL must be a valid URI"),
|
|
31
30
|
REDIS_REPLICA_ENDPOINTS: commaSeparatedUrlsSchema,
|
|
32
31
|
});
|
|
33
|
-
export const levrSharedConfig = Config.init(levrSharedSchema);
|
|
34
32
|
export const relayerSchema = z.object({
|
|
35
33
|
RELAYER_ACCESS_TOKEN: z.uuid(),
|
|
36
34
|
});
|
|
37
|
-
// Initialize KMS config from environment variables
|
|
38
|
-
export const kmsEnvConfig = {
|
|
39
|
-
HMAC_KEY_ALIAS: process.env.HMAC_KEY_ALIAS || "alias/levr-server-to-server-auth-hmac",
|
|
40
|
-
CLOUDFLARE_JWK_URL: process.env.CLOUDFLARE_JWK_URL || "",
|
|
41
|
-
CLOUDFLARE_ISSUER: process.env.CLOUDFLARE_ISSUER || "",
|
|
42
|
-
CLOUDFLARE_AUDIENCE: process.env.CLOUDFLARE_AUDIENCE || "",
|
|
43
|
-
};
|
|
44
35
|
//# sourceMappingURL=dotenv.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dotenv.js","sourceRoot":"","sources":["../../../src/server/config/dotenv.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEtE,
|
|
1
|
+
{"version":3,"file":"dotenv.js","sourceRoot":"","sources":["../../../src/server/config/dotenv.ts"],"names":[],"mappings":"AAAA,OAAO,eAAe,CAAA;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAA;AACvB,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AAEtE,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,0BAA0B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7C,2BAA2B,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9C,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACpC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;CAC5B,CAAC,CAAA;AAEF,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9B,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;CAC5B,CAAC,CAAA;AACF,MAAM,CAAC,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;AAEzD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACnC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,mCAAmC,CAAC;IAC7E,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC;CAC/C,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,kBAAkB,EAAE,CAAC,CAAC,GAAG,CAAC,wCAAwC,CAAC;IACnE,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,+BAA+B,CAAC;IACrE,mBAAmB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,iCAAiC,CAAC;CAC5E,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;CACpD,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAChC,SAAS,EAAE,CAAC,CAAC,GAAG,CAAC,+BAA+B,CAAC;IACjD,uBAAuB,EAAE,wBAAwB;CACpD,CAAC,CAAA;AAEF,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,oBAAoB,EAAE,CAAC,CAAC,IAAI,EAAE;CACjC,CAAC,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/config/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAA;AAC3B,cAAc,UAAU,CAAA;AACxB,cAAc,OAAO,CAAA;AACrB,cAAc,UAAU,CAAA;AACxB,cAAc,SAAS,CAAA;AACvB,cAAc,QAAQ,CAAA;AACtB,cAAc,WAAW,CAAA;AACzB,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,WAAW,CAAA"}
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/config/index.ts"],"names":[],"mappings":"AAAA,cAAc,cAAc,CAAA;AAC5B,cAAc,aAAa,CAAA;AAC3B,cAAc,UAAU,CAAA;AACxB,cAAc,OAAO,CAAA;AACrB,cAAc,UAAU,CAAA;AACxB,cAAc,SAAS,CAAA;AACvB,cAAc,QAAQ,CAAA;AACtB,cAAc,WAAW,CAAA;AACzB,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,WAAW,CAAA"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"urls.js","sourceRoot":"","sources":["../../../src/server/config/urls.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"urls.js","sourceRoot":"","sources":["../../../src/server/config/urls.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,UAAU,CAAA;AAEnC,MAAM,CAAC,MAAM,IAAI,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAA"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { abis, LevrBaseMarket, LevrChain, LevrMarketId, LevrRelayerGroup, type CustomWalletClient } from "../../core";
|
|
2
1
|
import type { GetContractReturnType, PublicClient, WalletClient } from "viem";
|
|
2
|
+
import { abis, LevrBaseMarket, LevrChain, LevrMarketId, LevrRelayerGroup, type CustomWalletClient } from "../../core";
|
|
3
3
|
interface ClientOptions {
|
|
4
4
|
relayer?: LevrRelayerGroup;
|
|
5
5
|
walletClient?: WalletClient;
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { getLevrContract, getLevrMarketContract, publicClientService, } from "../../core";
|
|
2
|
-
import {
|
|
2
|
+
import { LEVR_ENV } from "../config";
|
|
3
3
|
import ozRelayerService from "./clients/ozRelayerService";
|
|
4
4
|
/**
|
|
5
5
|
* Retrieves a Levr contract instance using a relayer if provided.
|
|
@@ -17,7 +17,7 @@ export async function getLevrContractWithRelayer(contractName, chainId, { relaye
|
|
|
17
17
|
walletClient = await ozRelayerService.getWalletClient(chainId, relayer);
|
|
18
18
|
if (!publicClient)
|
|
19
19
|
publicClient = await publicClientService.getPremiumPubClient(chainId);
|
|
20
|
-
return getLevrContract(contractName, chainId,
|
|
20
|
+
return getLevrContract(contractName, chainId, LEVR_ENV, { publicClient, walletClient });
|
|
21
21
|
}
|
|
22
22
|
/**
|
|
23
23
|
* Retrieves a Levr market contract instance using a relayer or a provided wallet client.
|
|
@@ -38,6 +38,6 @@ export async function getLevrMarketContractWithRelayer(marketId, chainId, { rela
|
|
|
38
38
|
walletClient = await ozRelayerService.getWalletClient(chainId, relayer);
|
|
39
39
|
if (!publicClient)
|
|
40
40
|
publicClient = await publicClientService.getPremiumPubClient(chainId);
|
|
41
|
-
return getLevrMarketContract(marketId, chainId,
|
|
41
|
+
return getLevrMarketContract(marketId, chainId, LEVR_ENV, { publicClient, walletClient });
|
|
42
42
|
}
|
|
43
43
|
//# sourceMappingURL=instances.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"instances.js","sourceRoot":"","sources":["../../../src/server/contracts/instances.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"instances.js","sourceRoot":"","sources":["../../../src/server/contracts/instances.ts"],"names":[],"mappings":"AACA,OAAO,EAEH,eAAe,EACf,qBAAqB,EAKrB,mBAAmB,GAEtB,MAAM,YAAY,CAAA;AACnB,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAA;AACpC,OAAO,gBAAgB,MAAM,4BAA4B,CAAA;AAQzD;;;;;;;;;;GAUG;AACH,MAAM,CAAC,KAAK,UAAU,0BAA0B,CAC5C,YAAe,EACf,OAAkB,EAClB,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAiB;IAEtD,IAAI,OAAO,IAAI,CAAC,YAAY;QAAE,YAAY,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IACrG,IAAI,CAAC,YAAY;QAAE,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAA;IACxF,OAAO,eAAe,CAAC,YAAY,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAA;AAC3F,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,KAAK,UAAU,gCAAgC,CAClD,QAAsB,EACtB,OAAkB,EAClB,EAAE,OAAO,EAAE,YAAY,EAAE,YAAY,EAAiB;IAEtD,IAAI,OAAO,IAAI,CAAC,YAAY;QAAE,YAAY,GAAG,MAAM,gBAAgB,CAAC,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;IACrG,IAAI,CAAC,YAAY;QAAE,YAAY,GAAG,MAAM,mBAAmB,CAAC,mBAAmB,CAAC,OAAO,CAAC,CAAA;IACxF,OAAO,qBAAqB,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,EAAE,YAAY,EAAE,YAAY,EAAE,CAAC,CAAA;AAC7F,CAAC"}
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
export * from "../core";
|
|
2
|
-
export * from "./auth";
|
|
3
2
|
export * from "./config";
|
|
4
3
|
export * from "./contracts";
|
|
5
4
|
export * from "./liquidation-engine";
|
|
@@ -8,4 +7,5 @@ export * from "./middleware";
|
|
|
8
7
|
export * from "./oracle";
|
|
9
8
|
export * from "./repositories";
|
|
10
9
|
export * from "./services";
|
|
10
|
+
export * from "./types";
|
|
11
11
|
export * from "./utils";
|
package/dist/server/index.js
CHANGED
|
@@ -5,7 +5,6 @@ if (typeof globalThis.window !== "undefined") {
|
|
|
5
5
|
"📖 See documentation: https://github.com/LEVR-LABS/levr-shared#package-structure");
|
|
6
6
|
}
|
|
7
7
|
export * from "../core";
|
|
8
|
-
export * from "./auth";
|
|
9
8
|
export * from "./config";
|
|
10
9
|
export * from "./contracts";
|
|
11
10
|
export * from "./liquidation-engine";
|
|
@@ -14,6 +13,7 @@ export * from "./middleware";
|
|
|
14
13
|
export * from "./oracle";
|
|
15
14
|
export * from "./repositories";
|
|
16
15
|
export * from "./services";
|
|
16
|
+
export * from "./types";
|
|
17
17
|
export * from "./utils";
|
|
18
18
|
// export { sdk } from "./instrumentation"
|
|
19
19
|
// export { sdk as instrumentation } from "./instrumentation"
|
package/dist/server/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,IAAI,OAAQ,UAAkB,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;IACpD,MAAM,IAAI,KAAK,CACX,0EAA0E;QACtE,0GAA0G;QAC1G,kFAAkF,CACzF,CAAA;AACL,CAAC;AAED,cAAc,SAAS,CAAA;AACvB,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,iFAAiF;AACjF,IAAI,OAAQ,UAAkB,CAAC,MAAM,KAAK,WAAW,EAAE,CAAC;IACpD,MAAM,IAAI,KAAK,CACX,0EAA0E;QACtE,0GAA0G;QAC1G,kFAAkF,CACzF,CAAA;AACL,CAAC;AAED,cAAc,SAAS,CAAA;AACvB,cAAc,UAAU,CAAA;AACxB,cAAc,aAAa,CAAA;AAC3B,cAAc,sBAAsB,CAAA;AACpC,cAAc,WAAW,CAAA;AACzB,cAAc,cAAc,CAAA;AAC5B,cAAc,UAAU,CAAA;AACxB,cAAc,gBAAgB,CAAA;AAC9B,cAAc,YAAY,CAAA;AAC1B,cAAc,SAAS,CAAA;AACvB,cAAc,SAAS,CAAA;AAEvB,0CAA0C;AAC1C,6DAA6D"}
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { Request } from "express";
|
|
2
|
+
import "../../types/express.types";
|
|
3
|
+
import type { AuthResult } from "./hmac.handler";
|
|
4
|
+
/**
|
|
5
|
+
* Handles Cloudflare Access authentication
|
|
6
|
+
*/
|
|
7
|
+
export declare function handleCloudflareAuth(req: Request): Promise<AuthResult>;
|
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
import { LevrAuth } from "../../../core";
|
|
2
|
+
import { cloudflareAuthService } from "../../services";
|
|
3
|
+
import "../../types/express.types";
|
|
4
|
+
/**
|
|
5
|
+
* Handles Cloudflare Access authentication
|
|
6
|
+
*/
|
|
7
|
+
export async function handleCloudflareAuth(req) {
|
|
8
|
+
const jwt = req.headers["cf-access-jwt-assertion"]?.toString();
|
|
9
|
+
if (!jwt) {
|
|
10
|
+
return {
|
|
11
|
+
success: false,
|
|
12
|
+
error: "Missing CF-Access-JWT-Assertion header",
|
|
13
|
+
statusCode: 401,
|
|
14
|
+
};
|
|
15
|
+
}
|
|
16
|
+
try {
|
|
17
|
+
await cloudflareAuthService.verifyJwt(jwt);
|
|
18
|
+
req.authMethod = LevrAuth.CLOUDFLARE;
|
|
19
|
+
return { success: true };
|
|
20
|
+
}
|
|
21
|
+
catch (err) {
|
|
22
|
+
const errorMsg = err instanceof Error ? err.message : String(err);
|
|
23
|
+
console.error("Cloudflare JWT verification error:", errorMsg);
|
|
24
|
+
return {
|
|
25
|
+
success: false,
|
|
26
|
+
error: `Invalid Cloudflare JWT: ${errorMsg}`,
|
|
27
|
+
statusCode: 401,
|
|
28
|
+
};
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
//# sourceMappingURL=cloudflare.handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cloudflare.handler.js","sourceRoot":"","sources":["../../../../src/server/middleware/auth/cloudflare.handler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAA;AACxC,OAAO,EAAE,qBAAqB,EAAE,MAAM,gBAAgB,CAAA;AACtD,OAAO,2BAA2B,CAAA;AAGlC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CAAC,GAAY;IACnD,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC,EAAE,QAAQ,EAAE,CAAA;IAE9D,IAAI,CAAC,GAAG,EAAE,CAAC;QACP,OAAO;YACH,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,wCAAwC;YAC/C,UAAU,EAAE,GAAG;SAClB,CAAA;IACL,CAAC;IAED,IAAI,CAAC;QACD,MAAM,qBAAqB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAA;QAC1C,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC,UAAU,CAAA;QACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,MAAM,QAAQ,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QACjE,OAAO,CAAC,KAAK,CAAC,oCAAoC,EAAE,QAAQ,CAAC,CAAA;QAC7D,OAAO;YACH,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,2BAA2B,QAAQ,EAAE;YAC5C,UAAU,EAAE,GAAG;SAClB,CAAA;IACL,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
import type { Request } from "express";
|
|
2
|
+
import { MultiAuthOptions } from "../../../core";
|
|
3
|
+
import "../../types/express.types";
|
|
4
|
+
/**
|
|
5
|
+
* Authentication result from individual auth handlers
|
|
6
|
+
*/
|
|
7
|
+
export interface AuthResult {
|
|
8
|
+
success: boolean;
|
|
9
|
+
error?: string;
|
|
10
|
+
statusCode?: number;
|
|
11
|
+
}
|
|
12
|
+
/**
|
|
13
|
+
* Handles HMAC authentication (user API keys)
|
|
14
|
+
*/
|
|
15
|
+
export declare function handleHmacAuth(req: Request, options: MultiAuthOptions): Promise<AuthResult>;
|
|
16
|
+
/**
|
|
17
|
+
* Handles SERVICE_HMAC authentication (service-to-service API keys)
|
|
18
|
+
*/
|
|
19
|
+
export declare function handleServiceHmacAuth(req: Request, options: MultiAuthOptions): Promise<AuthResult>;
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
import crypto from "crypto";
|
|
2
|
+
import ms from "ms";
|
|
3
|
+
import { ApiKeyScope, LevrAuth } from "../../../core";
|
|
4
|
+
import { apiKeyRepository } from "../../repositories";
|
|
5
|
+
import { cryptoService } from "../../services";
|
|
6
|
+
import "../../types/express.types";
|
|
7
|
+
/**
|
|
8
|
+
* Validates that the API key has the required scopes
|
|
9
|
+
*/
|
|
10
|
+
function validateScopes(apiKeyScopes, requiredScopes) {
|
|
11
|
+
if (!requiredScopes || requiredScopes.length === 0)
|
|
12
|
+
return true;
|
|
13
|
+
return requiredScopes.some((scope) => apiKeyScopes.includes(scope));
|
|
14
|
+
}
|
|
15
|
+
/**
|
|
16
|
+
* Determines required scopes based on HTTP method and options
|
|
17
|
+
*/
|
|
18
|
+
function getRequiredScopes(method, options) {
|
|
19
|
+
const scopes = options.requiredScopes || [];
|
|
20
|
+
const autoEnforce = options.autoEnforceWriteScope !== false; // default true
|
|
21
|
+
if (autoEnforce && ["POST", "PUT", "PATCH", "DELETE"].includes(method.toUpperCase())) {
|
|
22
|
+
if (!scopes.includes(ApiKeyScope.Write)) {
|
|
23
|
+
return [...scopes, ApiKeyScope.Write];
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
return scopes;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
29
|
+
* Shared HMAC authentication logic for both user and service API keys
|
|
30
|
+
*/
|
|
31
|
+
async function handleHmacAuthBase(req, options, isServiceAuth) {
|
|
32
|
+
// Parse Authorization header
|
|
33
|
+
const auth = req.header("Authorization");
|
|
34
|
+
if (!auth) {
|
|
35
|
+
return { success: false, error: "Missing Authorization header", statusCode: 401 };
|
|
36
|
+
}
|
|
37
|
+
const m = auth.match(/^HMAC\s+([A-Za-z0-9-]+):(.+)$/);
|
|
38
|
+
if (!m) {
|
|
39
|
+
return { success: false, error: "Invalid Authorization header format", statusCode: 401 };
|
|
40
|
+
}
|
|
41
|
+
const [, apiKeyId, sigB64] = m;
|
|
42
|
+
if (!apiKeyId || !sigB64) {
|
|
43
|
+
return { success: false, error: "Invalid Authorization header format", statusCode: 401 };
|
|
44
|
+
}
|
|
45
|
+
// Fetch API key
|
|
46
|
+
const apiKey = await apiKeyRepository.getApiKey({ apiKeyId });
|
|
47
|
+
if (!apiKey) {
|
|
48
|
+
return { success: false, error: "Unknown API key", statusCode: 401 };
|
|
49
|
+
}
|
|
50
|
+
// Validate key type matches auth method
|
|
51
|
+
if (isServiceAuth && !apiKey.isService) {
|
|
52
|
+
return { success: false, error: "This endpoint requires a service API key", statusCode: 403 };
|
|
53
|
+
}
|
|
54
|
+
if (!isServiceAuth && apiKey.isService) {
|
|
55
|
+
return { success: false, error: "Service API keys cannot be used with HMAC auth", statusCode: 403 };
|
|
56
|
+
}
|
|
57
|
+
// Check expiration
|
|
58
|
+
if (apiKey.expiresAt && apiKey.expiresAt < new Date()) {
|
|
59
|
+
return { success: false, error: "API key has expired", statusCode: 401 };
|
|
60
|
+
}
|
|
61
|
+
// Validate service restriction (SERVICE_HMAC only)
|
|
62
|
+
if (isServiceAuth && options.requiredServices && options.requiredServices.length > 0) {
|
|
63
|
+
if (!apiKey.service || !options.requiredServices.includes(apiKey.service)) {
|
|
64
|
+
return {
|
|
65
|
+
success: false,
|
|
66
|
+
error: `Service not allowed. Required one of: [${options.requiredServices.join(", ")}], Got: ${apiKey.service}`,
|
|
67
|
+
statusCode: 403,
|
|
68
|
+
};
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
// Validate scopes
|
|
72
|
+
const requiredScopes = getRequiredScopes(req.method, options);
|
|
73
|
+
if (!validateScopes(apiKey.scopes, requiredScopes)) {
|
|
74
|
+
return {
|
|
75
|
+
success: false,
|
|
76
|
+
error: `Insufficient scopes. Required: ${requiredScopes.join(", ")}`,
|
|
77
|
+
statusCode: 403,
|
|
78
|
+
};
|
|
79
|
+
}
|
|
80
|
+
// Verify HMAC signature
|
|
81
|
+
try {
|
|
82
|
+
const plaintext = await cryptoService.getPlaintextKey(apiKeyId, apiKey.ciphertext);
|
|
83
|
+
const method = req.method.toUpperCase();
|
|
84
|
+
const path = req.originalUrl.split("?")[0];
|
|
85
|
+
const timestamp = req.header("x-request-timestamp");
|
|
86
|
+
const nonce = req.header("x-request-nonce") || "";
|
|
87
|
+
if (!timestamp) {
|
|
88
|
+
return { success: false, error: "Missing x-request-timestamp header", statusCode: 400 };
|
|
89
|
+
}
|
|
90
|
+
const ts = parseInt(timestamp, 10);
|
|
91
|
+
if (Number.isNaN(ts)) {
|
|
92
|
+
return { success: false, error: "Invalid timestamp format", statusCode: 400 };
|
|
93
|
+
}
|
|
94
|
+
// Prevent replay attacks (5 minutes window)
|
|
95
|
+
if (Math.abs(Date.now() - ts) > ms("5m")) {
|
|
96
|
+
return { success: false, error: "Request timestamp expired", statusCode: 401 };
|
|
97
|
+
}
|
|
98
|
+
const expectedSig = cryptoService.signRequest({ method, path, ts, body: req.body, nonce, plaintext });
|
|
99
|
+
const providedSig = sigB64;
|
|
100
|
+
const ok = crypto.timingSafeEqual(Buffer.from(expectedSig, "base64"), Buffer.from(providedSig, "base64"));
|
|
101
|
+
if (!ok) {
|
|
102
|
+
return { success: false, error: "Invalid signature", statusCode: 401 };
|
|
103
|
+
}
|
|
104
|
+
// Set auth context
|
|
105
|
+
req.apiUser = { id: apiKey.userId, isService: apiKey.isService, service: apiKey.service };
|
|
106
|
+
req.ethAddress = apiKey.ethAddress;
|
|
107
|
+
req.authMethod = isServiceAuth ? LevrAuth.SERVICE_HMAC : LevrAuth.HMAC;
|
|
108
|
+
// Update last used timestamp
|
|
109
|
+
await apiKeyRepository.updateApiKey({ apiKeyId }, { lastUsedAt: new Date(), usageCount: { increment: 1 } });
|
|
110
|
+
return { success: true };
|
|
111
|
+
}
|
|
112
|
+
catch (err) {
|
|
113
|
+
console.error(`${isServiceAuth ? "Service " : ""}HMAC verification error:`, err);
|
|
114
|
+
return { success: false, error: "Signature verification failed", statusCode: 401 };
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
/**
|
|
118
|
+
* Handles HMAC authentication (user API keys)
|
|
119
|
+
*/
|
|
120
|
+
export async function handleHmacAuth(req, options) {
|
|
121
|
+
return handleHmacAuthBase(req, options, false);
|
|
122
|
+
}
|
|
123
|
+
/**
|
|
124
|
+
* Handles SERVICE_HMAC authentication (service-to-service API keys)
|
|
125
|
+
*/
|
|
126
|
+
export async function handleServiceHmacAuth(req, options) {
|
|
127
|
+
return handleHmacAuthBase(req, options, true);
|
|
128
|
+
}
|
|
129
|
+
//# sourceMappingURL=hmac.handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hmac.handler.js","sourceRoot":"","sources":["../../../../src/server/middleware/auth/hmac.handler.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAA;AAE3B,OAAO,EAAE,MAAM,IAAI,CAAA;AAEnB,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAoB,MAAM,eAAe,CAAA;AAEvE,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAA;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,gBAAgB,CAAA;AAC9C,OAAO,2BAA2B,CAAA;AAWlC;;GAEG;AACH,SAAS,cAAc,CAAC,YAAiC,EAAE,cAAmC;IAC1F,IAAI,CAAC,cAAc,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAC/D,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAA;AACvE,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAAc,EAAE,OAAyB;IAChE,MAAM,MAAM,GAAG,OAAO,CAAC,cAAc,IAAI,EAAE,CAAA;IAC3C,MAAM,WAAW,GAAG,OAAO,CAAC,qBAAqB,KAAK,KAAK,CAAA,CAAC,eAAe;IAE3E,IAAI,WAAW,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;QACnF,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,CAAC;YACtC,OAAO,CAAC,GAAG,MAAM,EAAE,WAAW,CAAC,KAAK,CAAC,CAAA;QACzC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAA;AACjB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,OAAyB,EAAE,aAAsB;IAC7F,6BAA6B;IAC7B,MAAM,IAAI,GAAG,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;IACxC,IAAI,CAAC,IAAI,EAAE,CAAC;QACR,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACrF,CAAC;IAED,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAA;IACrD,IAAI,CAAC,CAAC,EAAE,CAAC;QACL,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IAC5F,CAAC;IAED,MAAM,CAAC,EAAE,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,CAAA;IAC9B,IAAI,CAAC,QAAQ,IAAI,CAAC,MAAM,EAAE,CAAC;QACvB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qCAAqC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IAC5F,CAAC;IAED,gBAAgB;IAChB,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAA;IAC7D,IAAI,CAAC,MAAM,EAAE,CAAC;QACV,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACxE,CAAC;IAED,wCAAwC;IACxC,IAAI,aAAa,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0CAA0C,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACjG,CAAC;IACD,IAAI,CAAC,aAAa,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gDAAgD,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACvG,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,CAAC,SAAS,IAAI,MAAM,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;QACpD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,qBAAqB,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IAC5E,CAAC;IAED,mDAAmD;IACnD,IAAI,aAAa,IAAI,OAAO,CAAC,gBAAgB,IAAI,OAAO,CAAC,gBAAgB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnF,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACxE,OAAO;gBACH,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,0CAA0C,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,WAAW,MAAM,CAAC,OAAO,EAAE;gBAC/G,UAAU,EAAE,GAAG;aAClB,CAAA;QACL,CAAC;IACL,CAAC;IAED,kBAAkB;IAClB,MAAM,cAAc,GAAG,iBAAiB,CAAC,GAAG,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IAC7D,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,EAAE,cAAc,CAAC,EAAE,CAAC;QACjD,OAAO;YACH,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,kCAAkC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;YACpE,UAAU,EAAE,GAAG;SAClB,CAAA;IACL,CAAC;IAED,wBAAwB;IACxB,IAAI,CAAC;QACD,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,UAAU,CAAC,CAAA;QAElF,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,WAAW,EAAE,CAAA;QACvC,MAAM,IAAI,GAAG,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAC1C,MAAM,SAAS,GAAG,GAAG,CAAC,MAAM,CAAC,qBAAqB,CAAC,CAAA;QACnD,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAA;QAEjD,IAAI,CAAC,SAAS,EAAE,CAAC;YACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;QAC3F,CAAC;QAED,MAAM,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,CAAA;QAClC,IAAI,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC;YACnB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;QACjF,CAAC;QAED,4CAA4C;QAC5C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;YACvC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;QAClF,CAAC;QAED,MAAM,WAAW,GAAG,aAAa,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAA;QACrG,MAAM,WAAW,GAAG,MAAM,CAAA;QAE1B,MAAM,EAAE,GAAG,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAA;QACzG,IAAI,CAAC,EAAE,EAAE,CAAC;YACN,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;QAC1E,CAAC;QAED,mBAAmB;QACnB,GAAG,CAAC,OAAO,GAAG,EAAE,EAAE,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,CAAA;QACzF,GAAG,CAAC,UAAU,GAAG,MAAM,CAAC,UAA4B,CAAA;QACpD,GAAG,CAAC,UAAU,GAAG,aAAa,CAAC,CAAC,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAA;QAEtE,6BAA6B;QAC7B,MAAM,gBAAgB,CAAC,YAAY,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,UAAU,EAAE,IAAI,IAAI,EAAE,EAAE,UAAU,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC,CAAA;QAE3G,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;IAC5B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACX,OAAO,CAAC,KAAK,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,0BAA0B,EAAE,GAAG,CAAC,CAAA;QAChF,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACtF,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,GAAY,EAAE,OAAyB;IACxE,OAAO,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,CAAA;AAClD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,qBAAqB,CAAC,GAAY,EAAE,OAAyB;IAC/E,OAAO,kBAAkB,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,CAAA;AACjD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/server/middleware/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,sBAAsB,CAAA;AACpC,cAAc,gBAAgB,CAAA;AAC9B,cAAc,iBAAiB,CAAA"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
import type { Request } from "express";
|
|
2
|
+
import { LevrAuth, PrivyRole } from "../../../core";
|
|
3
|
+
import "../../types/express.types";
|
|
4
|
+
import type { AuthResult } from "./hmac.handler";
|
|
5
|
+
/**
|
|
6
|
+
* Handles Privy authentication (User or Admin)
|
|
7
|
+
*/
|
|
8
|
+
export declare function handlePrivyAuth(req: Request, role: PrivyRole, authType: LevrAuth): Promise<AuthResult>;
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
import { getAddress, isAddress } from "viem";
|
|
2
|
+
import { ETH_ADDRESS_HEADER, PRIVY_ACCESS_TOKEN_HEADER, PRIVY_ID_TOKEN_HEADER } from "../../../core";
|
|
3
|
+
import { privyService } from "../../services";
|
|
4
|
+
import "../../types/express.types";
|
|
5
|
+
/**
|
|
6
|
+
* Handles Privy authentication (User or Admin)
|
|
7
|
+
*/
|
|
8
|
+
export async function handlePrivyAuth(req, role, authType) {
|
|
9
|
+
const privyToken = req.headers[PRIVY_ACCESS_TOKEN_HEADER]?.toString();
|
|
10
|
+
const privyIdToken = req.headers[PRIVY_ID_TOKEN_HEADER]?.toString();
|
|
11
|
+
const ethAddress = req.headers[ETH_ADDRESS_HEADER]?.toString();
|
|
12
|
+
if (!privyToken || !privyIdToken) {
|
|
13
|
+
return {
|
|
14
|
+
success: false,
|
|
15
|
+
error: `Missing ${PRIVY_ACCESS_TOKEN_HEADER} or ${PRIVY_ID_TOKEN_HEADER} header`,
|
|
16
|
+
statusCode: 401,
|
|
17
|
+
};
|
|
18
|
+
}
|
|
19
|
+
const privyUser = await privyService.authenticate({ privyToken, privyIdToken, ethAddress, role });
|
|
20
|
+
if (!privyUser) {
|
|
21
|
+
return { success: false, error: "Privy authentication failed", statusCode: 401 };
|
|
22
|
+
}
|
|
23
|
+
// Set auth context
|
|
24
|
+
req.privyUser = privyUser;
|
|
25
|
+
req.ethAddress = ethAddress && isAddress(ethAddress) ? getAddress(ethAddress) : privyService.getUserEthAddress(privyUser);
|
|
26
|
+
req.authMethod = authType;
|
|
27
|
+
return { success: true };
|
|
28
|
+
}
|
|
29
|
+
//# sourceMappingURL=privy.handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"privy.handler.js","sourceRoot":"","sources":["../../../../src/server/middleware/auth/privy.handler.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAC5C,OAAO,EAAE,kBAAkB,EAAY,yBAAyB,EAAE,qBAAqB,EAAa,MAAM,eAAe,CAAA;AACzH,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAA;AAC7C,OAAO,2BAA2B,CAAA;AAGlC;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,GAAY,EAAE,IAAe,EAAE,QAAkB;IACnF,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,yBAAyB,CAAC,EAAE,QAAQ,EAAE,CAAA;IACrE,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,qBAAqB,CAAC,EAAE,QAAQ,EAAE,CAAA;IACnE,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE,QAAQ,EAAE,CAAA;IAE9D,IAAI,CAAC,UAAU,IAAI,CAAC,YAAY,EAAE,CAAC;QAC/B,OAAO;YACH,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,WAAW,yBAAyB,OAAO,qBAAqB,SAAS;YAChF,UAAU,EAAE,GAAG;SAClB,CAAA;IACL,CAAC;IAED,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,YAAY,CAAC,EAAE,UAAU,EAAE,YAAY,EAAE,UAAU,EAAE,IAAI,EAAE,CAAC,CAAA;IAEjG,IAAI,CAAC,SAAS,EAAE,CAAC;QACb,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,UAAU,EAAE,GAAG,EAAE,CAAA;IACpF,CAAC;IAED,mBAAmB;IACnB,GAAG,CAAC,SAAS,GAAG,SAAS,CAAA;IACzB,GAAG,CAAC,UAAU,GAAG,UAAU,IAAI,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAA;IACzH,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAA;IAEzB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAA;AAC5B,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/server/middleware/index.ts"],"names":[],"mappings":"AAAA,cAAc,uBAAuB,CAAA;AACrC,cAAc,wBAAwB,CAAA"}
|