@moon-x/node-sdk 0.4.0 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -4
- package/dist/index.d.mts +13 -7
- package/dist/index.d.ts +13 -7
- package/dist/index.js +14 -8
- package/dist/index.mjs +10 -4
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -64,14 +64,14 @@ Construct once per process. Holds in-memory caches; reuse across requests.
|
|
|
64
64
|
| Field | Type | Required | Default |
|
|
65
65
|
|---|---|---|---|
|
|
66
66
|
| `publishableKey` | `string` | Yes | — |
|
|
67
|
-
| `secretKey` | `string` |
|
|
67
|
+
| `secretKey` | `string` | For `ephemeralSigners` | n/a |
|
|
68
68
|
| `issuer` | `string` | No | `https://api.moonx-dev.com` |
|
|
69
69
|
| `baseUrl` | `string` | No | Same as `issuer` |
|
|
70
70
|
| `jwksTtlMs` | `number` | No | `300_000` (5 min) |
|
|
71
71
|
| `appResolveTtlMs` | `number` | No | `3_600_000` (1 hour) |
|
|
72
72
|
| `fetch` | `typeof fetch` | No | `globalThis.fetch` |
|
|
73
73
|
|
|
74
|
-
The publishable key (`moon_pk_*`) is the same one your iframe / browser SDK uses
|
|
74
|
+
The publishable key (`moon_pk_*`) is the same one your iframe / browser SDK uses; it resolves your app id and scopes JWKS lookups. The secret key (`moon_sk_*`) is required to use `ephemeralSigners` (the wallets server-side ephemeral-signer routes are secret-key-only) and by the v0.2 data + swaps modules. Read both from server-only env vars; never expose the secret key to the browser.
|
|
75
75
|
|
|
76
76
|
### `client.auth.verifyAccessToken(token)`
|
|
77
77
|
|
|
@@ -148,5 +148,5 @@ Auth providers ship server SDKs partly to abstract away `jose`-style JWT librari
|
|
|
148
148
|
|
|
149
149
|
## Roadmap
|
|
150
150
|
|
|
151
|
-
- **
|
|
152
|
-
- **v0.2 (
|
|
151
|
+
- **Current**: auth (`verifyAccessToken`, `verifyIdentityToken`, `verifySession`) plus `ephemeralSigners` (secret-key gated server-side signing).
|
|
152
|
+
- **v0.2 ([MX-124](https://linear.app/moonpay/issue/MX-124))**: adds `client.tokens.*` and `client.swaps.*`.
|
package/dist/index.d.mts
CHANGED
|
@@ -61,8 +61,9 @@ interface MoonXClientConfig {
|
|
|
61
61
|
publishableKey: string;
|
|
62
62
|
/**
|
|
63
63
|
* Optional. The secret key (`moon_sk_*`) for your MoonX app. Required
|
|
64
|
-
*
|
|
65
|
-
* (
|
|
64
|
+
* to use `ephemeralSigners`: the wallets server-side ephemeral-signer
|
|
65
|
+
* routes (/me/wallets, /sign) are secret-key-only (MX-124). Also used
|
|
66
|
+
* by the privileged datalayer / swaps endpoints in the v0.2 surface.
|
|
66
67
|
*
|
|
67
68
|
* NEVER hardcode. NEVER expose to the browser. Always read from a
|
|
68
69
|
* server-only env var.
|
|
@@ -104,8 +105,13 @@ interface MoonXClientConfig {
|
|
|
104
105
|
|
|
105
106
|
interface EphemeralSignersConfig {
|
|
106
107
|
baseUrl: string;
|
|
107
|
-
/**
|
|
108
|
-
|
|
108
|
+
/**
|
|
109
|
+
* MoonX secret key (`moon_sk_*`). The server-side ephemeral-signer
|
|
110
|
+
* routes (/me/wallets, /sign) are secret-key-only. Optional here
|
|
111
|
+
* because MoonXClient takes it optionally; sign() throws if it is
|
|
112
|
+
* absent. Server-only; never expose to the browser.
|
|
113
|
+
*/
|
|
114
|
+
secretKey?: string;
|
|
109
115
|
fetchImpl?: typeof fetch;
|
|
110
116
|
}
|
|
111
117
|
interface SignEphemeralSignerParams {
|
|
@@ -159,9 +165,9 @@ declare class EphemeralSigners {
|
|
|
159
165
|
* // session.identity?.email — OIDC profile claim (when identity token sent)
|
|
160
166
|
* // session.identity?.name — etc.
|
|
161
167
|
*
|
|
162
|
-
*
|
|
163
|
-
*
|
|
164
|
-
*
|
|
168
|
+
* Today this ships the `auth` namespace plus `ephemeralSigners` (the
|
|
169
|
+
* latter is secret-key gated; see `secretKey`). The `tokens` and `swaps`
|
|
170
|
+
* namespaces land in v0.2.
|
|
165
171
|
*/
|
|
166
172
|
declare class MoonXClient {
|
|
167
173
|
readonly auth: Auth;
|
package/dist/index.d.ts
CHANGED
|
@@ -61,8 +61,9 @@ interface MoonXClientConfig {
|
|
|
61
61
|
publishableKey: string;
|
|
62
62
|
/**
|
|
63
63
|
* Optional. The secret key (`moon_sk_*`) for your MoonX app. Required
|
|
64
|
-
*
|
|
65
|
-
* (
|
|
64
|
+
* to use `ephemeralSigners`: the wallets server-side ephemeral-signer
|
|
65
|
+
* routes (/me/wallets, /sign) are secret-key-only (MX-124). Also used
|
|
66
|
+
* by the privileged datalayer / swaps endpoints in the v0.2 surface.
|
|
66
67
|
*
|
|
67
68
|
* NEVER hardcode. NEVER expose to the browser. Always read from a
|
|
68
69
|
* server-only env var.
|
|
@@ -104,8 +105,13 @@ interface MoonXClientConfig {
|
|
|
104
105
|
|
|
105
106
|
interface EphemeralSignersConfig {
|
|
106
107
|
baseUrl: string;
|
|
107
|
-
/**
|
|
108
|
-
|
|
108
|
+
/**
|
|
109
|
+
* MoonX secret key (`moon_sk_*`). The server-side ephemeral-signer
|
|
110
|
+
* routes (/me/wallets, /sign) are secret-key-only. Optional here
|
|
111
|
+
* because MoonXClient takes it optionally; sign() throws if it is
|
|
112
|
+
* absent. Server-only; never expose to the browser.
|
|
113
|
+
*/
|
|
114
|
+
secretKey?: string;
|
|
109
115
|
fetchImpl?: typeof fetch;
|
|
110
116
|
}
|
|
111
117
|
interface SignEphemeralSignerParams {
|
|
@@ -159,9 +165,9 @@ declare class EphemeralSigners {
|
|
|
159
165
|
* // session.identity?.email — OIDC profile claim (when identity token sent)
|
|
160
166
|
* // session.identity?.name — etc.
|
|
161
167
|
*
|
|
162
|
-
*
|
|
163
|
-
*
|
|
164
|
-
*
|
|
168
|
+
* Today this ships the `auth` namespace plus `ephemeralSigners` (the
|
|
169
|
+
* latter is secret-key gated; see `secretKey`). The `tokens` and `swaps`
|
|
170
|
+
* namespaces land in v0.2.
|
|
165
171
|
*/
|
|
166
172
|
declare class MoonXClient {
|
|
167
173
|
readonly auth: Auth;
|
package/dist/index.js
CHANGED
|
@@ -23,7 +23,7 @@ __export(src_exports, {
|
|
|
23
23
|
AppResolutionError: () => AppResolutionError,
|
|
24
24
|
AudienceMismatchError: () => AudienceMismatchError,
|
|
25
25
|
ConfigurationError: () => ConfigurationError,
|
|
26
|
-
EphemeralSignerSignError: () =>
|
|
26
|
+
EphemeralSignerSignError: () => import_sdk3.EphemeralSignerSignError,
|
|
27
27
|
EphemeralSigners: () => EphemeralSigners,
|
|
28
28
|
ExpiredTokenError: () => ExpiredTokenError,
|
|
29
29
|
InvalidTokenError: () => InvalidTokenError,
|
|
@@ -468,7 +468,8 @@ var Auth = class {
|
|
|
468
468
|
};
|
|
469
469
|
|
|
470
470
|
// src/config.ts
|
|
471
|
-
var
|
|
471
|
+
var import_sdk = require("@moon-x/core/sdk");
|
|
472
|
+
var DEFAULT_ISSUER = import_sdk.DEFAULT_API_BASE_URL;
|
|
472
473
|
function resolveConfig(input) {
|
|
473
474
|
if (!input.publishableKey) {
|
|
474
475
|
throw new ConfigurationError(
|
|
@@ -480,7 +481,7 @@ function resolveConfig(input) {
|
|
|
480
481
|
"MoonXClient: publishableKey must start with 'moon_pk_' (got a string that doesn't \u2014 did you pass a secret key by mistake?)"
|
|
481
482
|
);
|
|
482
483
|
}
|
|
483
|
-
if (input.secretKey
|
|
484
|
+
if (input.secretKey && !input.secretKey.startsWith("moon_sk_")) {
|
|
484
485
|
throw new ConfigurationError(
|
|
485
486
|
"MoonXClient: secretKey must start with 'moon_sk_' (got a string that doesn't)"
|
|
486
487
|
);
|
|
@@ -503,7 +504,7 @@ function resolveConfig(input) {
|
|
|
503
504
|
}
|
|
504
505
|
|
|
505
506
|
// src/ephemeral-signers/index.ts
|
|
506
|
-
var
|
|
507
|
+
var import_sdk2 = require("@moon-x/core/sdk");
|
|
507
508
|
var EphemeralSigners = class {
|
|
508
509
|
constructor(cfg) {
|
|
509
510
|
this.cfg = cfg;
|
|
@@ -514,10 +515,15 @@ var EphemeralSigners = class {
|
|
|
514
515
|
* — that's an implementation detail consumed by SES internally).
|
|
515
516
|
*/
|
|
516
517
|
async sign(params) {
|
|
517
|
-
|
|
518
|
+
if (!this.cfg.secretKey) {
|
|
519
|
+
throw new Error(
|
|
520
|
+
"MoonXClient: secretKey is required to use ephemeralSigners. The wallets ephemeral-signer endpoints are secret-key-only; pass secretKey to new MoonXClient({ ... })."
|
|
521
|
+
);
|
|
522
|
+
}
|
|
523
|
+
return (0, import_sdk2.signWithEphemeralSigner)({
|
|
518
524
|
...params,
|
|
519
525
|
baseUrl: this.cfg.baseUrl,
|
|
520
|
-
|
|
526
|
+
secretKey: this.cfg.secretKey,
|
|
521
527
|
fetchImpl: this.cfg.fetchImpl
|
|
522
528
|
});
|
|
523
529
|
}
|
|
@@ -537,14 +543,14 @@ var MoonXClient = class {
|
|
|
537
543
|
});
|
|
538
544
|
this.ephemeralSigners = new EphemeralSigners({
|
|
539
545
|
baseUrl: cfg.baseUrl,
|
|
540
|
-
|
|
546
|
+
secretKey: cfg.secretKey,
|
|
541
547
|
fetchImpl: cfg.fetch
|
|
542
548
|
});
|
|
543
549
|
}
|
|
544
550
|
};
|
|
545
551
|
|
|
546
552
|
// src/index.ts
|
|
547
|
-
var
|
|
553
|
+
var import_sdk3 = require("@moon-x/core/sdk");
|
|
548
554
|
// Annotate the CommonJS export names for ESM import in node:
|
|
549
555
|
0 && (module.exports = {
|
|
550
556
|
AppResolutionError,
|
package/dist/index.mjs
CHANGED
|
@@ -428,7 +428,8 @@ var Auth = class {
|
|
|
428
428
|
};
|
|
429
429
|
|
|
430
430
|
// src/config.ts
|
|
431
|
-
|
|
431
|
+
import { DEFAULT_API_BASE_URL } from "@moon-x/core/sdk";
|
|
432
|
+
var DEFAULT_ISSUER = DEFAULT_API_BASE_URL;
|
|
432
433
|
function resolveConfig(input) {
|
|
433
434
|
if (!input.publishableKey) {
|
|
434
435
|
throw new ConfigurationError(
|
|
@@ -440,7 +441,7 @@ function resolveConfig(input) {
|
|
|
440
441
|
"MoonXClient: publishableKey must start with 'moon_pk_' (got a string that doesn't \u2014 did you pass a secret key by mistake?)"
|
|
441
442
|
);
|
|
442
443
|
}
|
|
443
|
-
if (input.secretKey
|
|
444
|
+
if (input.secretKey && !input.secretKey.startsWith("moon_sk_")) {
|
|
444
445
|
throw new ConfigurationError(
|
|
445
446
|
"MoonXClient: secretKey must start with 'moon_sk_' (got a string that doesn't)"
|
|
446
447
|
);
|
|
@@ -476,10 +477,15 @@ var EphemeralSigners = class {
|
|
|
476
477
|
* — that's an implementation detail consumed by SES internally).
|
|
477
478
|
*/
|
|
478
479
|
async sign(params) {
|
|
480
|
+
if (!this.cfg.secretKey) {
|
|
481
|
+
throw new Error(
|
|
482
|
+
"MoonXClient: secretKey is required to use ephemeralSigners. The wallets ephemeral-signer endpoints are secret-key-only; pass secretKey to new MoonXClient({ ... })."
|
|
483
|
+
);
|
|
484
|
+
}
|
|
479
485
|
return signWithEphemeralSigner({
|
|
480
486
|
...params,
|
|
481
487
|
baseUrl: this.cfg.baseUrl,
|
|
482
|
-
|
|
488
|
+
secretKey: this.cfg.secretKey,
|
|
483
489
|
fetchImpl: this.cfg.fetchImpl
|
|
484
490
|
});
|
|
485
491
|
}
|
|
@@ -499,7 +505,7 @@ var MoonXClient = class {
|
|
|
499
505
|
});
|
|
500
506
|
this.ephemeralSigners = new EphemeralSigners({
|
|
501
507
|
baseUrl: cfg.baseUrl,
|
|
502
|
-
|
|
508
|
+
secretKey: cfg.secretKey,
|
|
503
509
|
fetchImpl: cfg.fetch
|
|
504
510
|
});
|
|
505
511
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@moon-x/node-sdk",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"description": "MoonX server-side SDK for Node.js. Verify MoonX-issued access + identity tokens with zero runtime dependencies.",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"module": "dist/index.mjs",
|
|
@@ -30,7 +30,7 @@
|
|
|
30
30
|
"access": "public"
|
|
31
31
|
},
|
|
32
32
|
"dependencies": {
|
|
33
|
-
"@moon-x/core": "0.
|
|
33
|
+
"@moon-x/core": "0.9.0"
|
|
34
34
|
},
|
|
35
35
|
"devDependencies": {
|
|
36
36
|
"tsup": "8.5.1",
|