@powerhousedao/reactor-api 1.21.2 → 1.22.0

package/src/subgraphs/auth/index.ts

@@ -1,321 +0,0 @@
-import { GraphQLResolverMap } from "@apollo/subgraph/dist/schema-helper";
-import { generateUUID } from "document-drive";
-import { GraphQLError } from "graphql";
-import { gql } from "graphql-tag";
-import { SiweMessage } from "siwe";
-import { Db } from "src/types";
-import { Subgraph } from "../base";
-import { Context } from "../types";
-import { AuthContext, Challenge, Session, SessionInput } from "./types";
-import { generateTokenAndSession } from "./utils/helpers";
-import {
-  authenticate,
-  createAuthenticationSession,
-  verifySignature,
-} from "./utils/session";
-import { getUser, upsertUser } from "./utils/user";
-
-export class AuthSubgraph extends Subgraph {
-  name = "auth";
-  typeDefs = gql`
-    type Query {
-      me: User
-      sessions: [Session!]!
-    }
-
-    type Mutation {
-      createChallenge(address: String!): Challenge
-      solveChallenge(nonce: String!, signature: String!): SessionOutput
-      createSession(session: SessionInput!): SessionOutput
-      revokeSession(sessionId: String!): SessionOutput
-    }
-
-    type User {
-      address: String!
-      createdAt: DateTime!
-    }
-
-    type Challenge {
-      nonce: String!
-      message: String!
-      hex: String!
-    }
-
-    type SessionOutput {
-      id: ID!
-      token: String
-    }
-
-    type Session {
-      id: ID!
-      userId: String!
-      address: String!
-      expiresAt: DateTime!
-      createdAt: DateTime!
-      updatedAt: DateTime!
-      referenceTokenId: String!
-      createdBy: String!
-      referenceExpiryDate: DateTime
-      isUserCreated: Boolean!
-      name: String
-      allowedOrigins: String
-      revokedAt: DateTime
-    }
-
-    input SessionInput {
-      expiryDurationSeconds: Int
-      name: String!
-      allowedOrigins: String!
-    }
-  `;
-
-  resolvers: GraphQLResolverMap<AuthContext> = {
-    Query: {
-      me: async (_, __, ctx) => {
-        const db = ctx.db as Db;
-        const session = await authenticate(ctx);
-        const user = await getUser(db, session.createdBy);
-        return user;
-      },
-      sessions: async (_: unknown, __: unknown, ctx: Context) => {
-        const session = await authenticate(ctx);
-        const db = ctx.db as Db;
-        const sessions = await db<Session>("Session")
-          .select()
-          .where("createdBy", session.createdBy)
-          .orderBy("createdAt", "desc");
-        return sessions;
-      },
-    },
-    Mutation: {
-      createChallenge: async (
-        _: unknown,
-        { address }: { address: string },
-        ctx: Context,
-      ) => {
-        const db = ctx.db as Db;
-        const { API_ORIGIN } = process.env;
-
-        const origin = API_ORIGIN ?? "http://localhost:3000";
-        const domain = new URL(origin).hostname;
-
-        if (!domain) {
-          throw new GraphQLError("Invalid origin");
-        }
-
-        const nonce = generateUUID().replace(/-/g, "");
-
-        const message = new SiweMessage({
-          address,
-          nonce,
-          uri: origin,
-          domain,
-          version: "1",
-          chainId: 1,
-        }).prepareMessage();
-        const textToHex = (textMessage: string) =>
-          `0x${Buffer.from(textMessage, "utf8").toString("hex")}`;
-        if (!message || typeof message !== "string") {
-          throw new GraphQLError("Failed to create challenge");
-        }
-        const hexMessage = textToHex(message);
-
-        await db("Challenge").insert({
-          nonce,
-          message,
-          updatedAt: new Date().toISOString(),
-        });
-
-        return {
-          nonce,
-          message,
-          hex: hexMessage,
-        };
-      },
-      solveChallenge: async (
-        _: unknown,
-        { nonce, signature }: { nonce: string; signature: string },
-        ctx: Context,
-      ) => {
-        const db = ctx.db as Db;
-        const data = await db.transaction(async (tx) => {
-          const [challenge] = await tx<Challenge>("Challenge")
-            .select()
-            .where("nonce", nonce);
-
-          // check that challenge with this nonce exists
-          if (!challenge) {
-            throw new GraphQLError("The nonce is not known");
-          }
-
-          // check that challenge was not used
-          if (challenge.signature) {
-            throw new GraphQLError("The signature was already used");
-          }
-
-          // verify signature
-
-          const parsedMessage = new SiweMessage(challenge.message);
-          try {
-            await verifySignature(parsedMessage, signature);
-          } catch (error) {
-            throw new GraphQLError("Signature validation has failed");
-          }
-
-          // mark challenge as used
-          await tx<Challenge>("Challenge")
-            .update({
-              signature,
-            })
-            .where("nonce", nonce);
-
-          // create user and session
-          const user = await upsertUser(db, {
-            address: parsedMessage.address as `0x${string}`,
-            networkId: "1",
-            chainId: 1,
-          });
-
-          if (!user) {
-            throw new GraphQLError("User not found");
-          }
-
-          const tokenAndSession = await createAuthenticationSession(
-            db,
-            user.address,
-          );
-
-          return tokenAndSession;
-        });
-
-        return data;
-      },
-      createSession: async (
-        _: unknown,
-        { session }: { session: SessionInput },
-        ctx: Context,
-      ) => {
-        const db = ctx.db as Db;
-        const sessionAuth = await authenticate(ctx);
-        const tokenAndSession = await generateTokenAndSession(
-          db,
-          session,
-          sessionAuth.createdBy,
-          sessionAuth.isUserCreated,
-        );
-        if (!tokenAndSession) {
-          throw new GraphQLError("Failed to create session");
-        }
-        return tokenAndSession;
-      },
-      revokeSession: async (
-        _: unknown,
-        { sessionId }: { sessionId: string },
-        ctx: Context,
-      ): Promise<{ id: string }> => {
-        const user = await authenticate(ctx);
-        const db = ctx.db as Db;
-        const [session] = await db<Session>("Session").select().where({
-          id: sessionId,
-          createdBy: user.createdBy,
-        });
-
-        if (!session) {
-          throw new GraphQLError("Session not found", {
-            extensions: { code: "SESSION_NOT_FOUND" },
-          });
-        }
-        if (session.revokedAt !== null) {
-          throw new GraphQLError("Session already revoked", {
-            extensions: { code: "SESSION_ALREADY_REVOKED" },
-          });
-        }
-
-        await db<Session>("Session")
-          .update({
-            revokedAt: new Date().toISOString(),
-          })
-          .where({
-            id: sessionId,
-            createdBy: user.createdBy,
-          });
-
-        return { id: session.id };
-      },
-    },
-  };
-
-  async onSetup() {
-    await super.onSetup();
-    await this.#createTables();
-    this.subgraphManager.setAdditionalContextFields({
-      session: async (ctx: Context) => {
-        const bearerToken = ctx.headers.authorization?.split(" ")[1];
-        if (!bearerToken) {
-          return null;
-        }
-
-        // @todo: optimize and cache this
-        const db = ctx.db as Db;
-        const [session] = await db<Session>("Session")
-          .select()
-          .where({
-            referenceTokenId: bearerToken,
-          })
-          .limit(1);
-
-        return session;
-      },
-    });
-  }
-
-  async #createTables() {
-    if (!(await this.operationalStore.schema.hasTable("User"))) {
-      await this.operationalStore.schema.createTable("User", (table) => {
-        table.string("address").primary().notNullable();
-        table.timestamp("createdAt").notNullable().defaultTo(`now()`);
-        table.timestamp("updatedAt").notNullable().defaultTo(`now()`);
-      });
-    }
-
-    if (!(await this.operationalStore.schema.hasTable("Session"))) {
-      await this.operationalStore.schema.createTable("Session", (table) => {
-        table.string("id").primary().notNullable();
-        table.timestamp("createdAt").notNullable().defaultTo(`now()`);
-        table.string("createdBy").notNullable();
-        table.string("referenceExpiryDate");
-        table.string("name");
-        table.string("revokedAt");
-        table.string("referenceTokenId").notNullable();
-        table.boolean("isUserCreated").notNullable().defaultTo(false);
-        table.string("allowedOrigins").notNullable();
-
-        table.index(["createdBy", "id"], "Session_createdBy_id_key", {
-          indexType: "UNIQUE",
-          storageEngineIndexType: "btree",
-        });
-
-        table
-          .foreign("createdBy")
-          .references("User.address")
-          .onDelete("cascade")
-          .onUpdate("cascade");
-      });
-    }
-
-    if (!(await this.operationalStore.schema.hasTable("Challenge"))) {
-      await this.operationalStore.schema.createTable("Challenge", (table) => {
-        table.string("nonce").primary().notNullable();
-        table.string("message").notNullable();
-        table.string("signature");
-        table.timestamp("createdAt").notNullable().defaultTo(`now()`);
-        table.timestamp("updatedAt").notNullable();
-
-        table.index("nonce", "Challenge_message_key", {
-          indexType: "UNIQUE",
-          storageEngineIndexType: "btree",
-        });
-      });
-    }
-  }
-}

package/src/subgraphs/auth/types.ts

@@ -1,39 +0,0 @@
-import { Context } from "../types";
-
-export interface SessionInput {
-  name: string;
-  allowedOrigins: string[];
-  expiresAt?: string;
-}
-
-export interface SessionOutput {
-  session: Session;
-  token: string;
-}
-
-export interface Session {
-  id: string;
-  userId: string;
-  address: string;
-  name?: string;
-  expiresAt: string;
-  createdAt: string;
-  updatedAt: string;
-  revokedAt: string | null;
-  allowedOrigins: string;
-  referenceExpiryDate: string;
-  referenceTokenId: string;
-  isUserCreated: boolean;
-  createdBy: string;
-}
-
-export interface Challenge {
-  id: string;
-  nonce: string;
-  signature: string;
-  message: string;
-}
-
-export type AuthContext = Context & {
-  session: Session;
-};

package/src/subgraphs/auth/utils/helpers.ts

@@ -1,132 +0,0 @@
-import { randomUUID } from "crypto";
-import { GraphQLError } from "graphql";
-import jwt from "jsonwebtoken";
-import ms from "ms";
-import wildcard from "wildcard-match";
-import z from "zod";
-import { Db } from "../../../utils/db";
-import { JWT_EXPIRATION_PERIOD, JWT_SECRET } from "../env";
-import { Session, SessionInput } from "../types";
-const jwtSchema = z.object({
-  sessionId: z.string(),
-  exp: z.optional(z.number()),
-});
-
-export const formatToken = (token: string) =>
-  `${token.slice(0, 4)}...${token.slice(-4)}`;
-
-/** Generate a JWT token
- * - If expiryDurationSeconds is null, the token will never expire
- * - If expiryDurationSeconds is undefined, the token will expire after the default expiry period
- */
-const generateToken = (
-  sessionId: string,
-  expiryDurationSeconds?: number | null,
-): string => {
-  if (expiryDurationSeconds === null) {
-    return jwt.sign({ sessionId }, JWT_SECRET);
-  }
-
-  const expiresIn = expiryDurationSeconds
-    ? ms(expiryDurationSeconds * 1000)
-    : (JWT_EXPIRATION_PERIOD ?? 3600);
-  return jwt.sign({ sessionId }, JWT_SECRET, { expiresIn });
-};
-
-const getExpiryDateFromToken = (token: string): Date | null => {
-  const { exp } = jwtSchema.parse(jwt.verify(token, JWT_SECRET));
-  if (!exp) {
-    return null;
-  }
-  return new Date(exp * 1000);
-};
-
-export const verifyToken = (
-  token: string,
-): { sessionId: string } | undefined => {
-  const verified = jwt.verify(token, JWT_SECRET, (err, decoded) => {
-    if (err) {
-      throw new GraphQLError(
-        err.name === "TokenExpiredError"
-          ? "Token expired"
-          : "Invalid authentication token",
-        { extensions: { code: "AUTHENTICATION_TOKEN_ERROR" } },
-      );
-    }
-    return decoded;
-  }) as { sessionId: string } | undefined;
-  if (!verified) {
-    return undefined;
-  }
-  const validated = jwtSchema.parse(verified);
-  return validated;
-};
-
-function parseOriginMarkup(originParam: string): string {
-  if (originParam === "*") {
-    return "*";
-  }
-  const trimmedOriginParam = originParam.trim();
-  const origins = trimmedOriginParam.split(",").map((origin) => origin.trim());
-  origins.forEach((origin) => {
-    if (!origin.startsWith("http://") && !origin.startsWith("https://")) {
-      throw new GraphQLError("Origin must start with 'http://' or 'https://'", {
-        extensions: { code: "INVALID_ORIGIN_PROTOCOL" },
-      });
-    }
-  });
-  return origins.join(",");
-}
-
-export function validateOriginAgainstAllowed(
-  allowedOrigins: string,
-  originReceived?: string,
-) {
-  if (allowedOrigins === "*") {
-    return;
-  }
-  if (!originReceived) {
-    throw new GraphQLError("Origin not provided", {
-      extensions: { code: "ORIGIN_HEADER_MISSING" },
-    });
-  }
-  const allowedOriginsSplit = allowedOrigins.split(",");
-  if (!wildcard(allowedOriginsSplit)(originReceived)) {
-    throw new GraphQLError(
-      `Access denied due to origin restriction: ${allowedOrigins}, ${originReceived}`,
-      {
-        extensions: { code: "ORIGIN_FORBIDDEN" },
-      },
-    );
-  }
-}
-
-export const generateTokenAndSession = async (
-  db: Db,
-  session: SessionInput,
-  userId: string,
-  isUserCreated: boolean,
-) => {
-  const sessionId = randomUUID();
-  const generatedToken = generateToken(sessionId, Number(session.expiresAt));
-  const referenceExpiryDate = getExpiryDateFromToken(generatedToken);
-  const referenceTokenId = formatToken(generatedToken);
-  const allowedOrigins = parseOriginMarkup(
-    Array.isArray(session.allowedOrigins)
-      ? session.allowedOrigins.join(",")
-      : session.allowedOrigins,
-  );
-  const createdSession = await db<Session>("Session").insert({
-    id: sessionId,
-    name: session.name,
-    allowedOrigins,
-    referenceExpiryDate: referenceExpiryDate?.toISOString(),
-    referenceTokenId,
-    isUserCreated: isUserCreated,
-    createdBy: userId,
-  });
-  return {
-    token: generatedToken,
-    session: createdSession,
-  };
-};

package/src/subgraphs/auth/utils/session.ts

@@ -1,144 +0,0 @@
-import { GraphQLError } from "graphql";
-import ms from "ms";
-import { SiweMessage } from "siwe";
-import { JWT_EXPIRATION_PERIOD } from "../env";
-import { Session } from "../types";
-import {
-  generateTokenAndSession,
-  validateOriginAgainstAllowed,
-  verifyToken,
-} from "./helpers";
-import { Db } from "../../../types";
-import { Context } from "src/subgraphs/types";
-
-export const createAuthenticationSession = async (
-  db: Db,
-  userId: string,
-  allowedOrigins = ["*"],
-) => {
-  return generateTokenAndSession(
-    db,
-    {
-      expiresAt: new Date(
-        new Date().getTime() + ms(JWT_EXPIRATION_PERIOD),
-      ).toISOString(),
-      name: "Sign in/Sign up",
-      allowedOrigins,
-    },
-    userId,
-    true,
-  );
-};
-
-export const createCustomSession = async (
-  db: Db,
-  userId: string,
-  session: {
-    expiryDurationSeconds?: number | null;
-    name: string;
-    allowedOrigins: string[];
-  },
-  isUserCreated = false,
-) => {
-  return generateTokenAndSession(db, session, userId, isUserCreated);
-};
-
-export const listSessions = async (db: Db, userId: string) => {
-  return db<Session>("Session").select().where("createdBy", userId);
-};
-
-export const revoke = async (db: Db, sessionId: string, userId: string) => {
-  const [session] = await db<Session>("Session").select().where({
-    id: sessionId,
-    userId,
-  });
-
-  if (!session) {
-    throw new GraphQLError("Session not found", {
-      extensions: { code: "SESSION_NOT_FOUND" },
-    });
-  }
-  if (session.revokedAt !== null) {
-    throw new GraphQLError("Session already revoked", {
-      extensions: { code: "SESSION_ALREADY_REVOKED" },
-    });
-  }
-  await db<Session>("Session")
-    .update({
-      revokedAt: new Date().toISOString(),
-    })
-    .where({
-      id: sessionId,
-      userId,
-    });
-};
-
-export const authenticate = async (context: Context) => {
-  const authorization = context.headers.authorization;
-  const db = context.db as Db;
-  if (!authorization) {
-    throw new GraphQLError("Not authenticated", {
-      extensions: { code: "NOT_AUTHENTICATED" },
-    });
-  }
-  const token = authorization.replace("Bearer ", "");
-  const origin = context.headers.origin;
-  const session = await getSessionByToken(db, origin, token);
-  return session;
-};
-
-export const getSessionByToken = async (
-  db: Db,
-  origin?: string,
-  token?: string,
-) => {
-  if (!token) {
-    throw new GraphQLError("Not authenticated", {
-      extensions: { code: "NOT_AUTHENTICATED" },
-    });
-  }
-  const verificationTokenResult = verifyToken(token);
-  if (!verificationTokenResult) {
-    throw new GraphQLError("Invalid token", {
-      extensions: { code: "INVALID_TOKEN" },
-    });
-  }
-  const { sessionId } = verificationTokenResult;
-  const [session] = await db<Session>("Session").select().where({
-    id: sessionId,
-  });
-  if (!session) {
-    throw new GraphQLError("Session not found", {
-      extensions: { code: "SESSION_NOT_FOUND" },
-    });
-  }
-  if (session.revokedAt) {
-    throw new GraphQLError("Session expired", {
-      extensions: { code: "SESSION_EXPIRED" },
-    });
-  }
-  if (
-    origin &&
-    (!session.allowedOrigins ||
-      session.allowedOrigins === "*" ||
-      session.allowedOrigins.includes(origin))
-  ) {
-    validateOriginAgainstAllowed(session.allowedOrigins, origin);
-  }
-  return session;
-};
-
-export const verifySignature = async (
-  parsedMessage: SiweMessage,
-  signature: string,
-) => {
-  try {
-    const response = await parsedMessage.verify({
-      time: new Date().toISOString(),
-      signature,
-    });
-    return response;
-  } catch (error) {
-    throw new GraphQLError("Invalid signature");
-  }
-};

package/src/subgraphs/auth/utils/user.ts

@@ -1,40 +0,0 @@
-import { GraphQLError } from "graphql";
-import { Db } from "../../../utils/db";
-
-interface User {
-  address: string;
-  createdAt?: string;
-  updatedAt?: string;
-  networkId: string;
-  chainId: number;
-}
-export const upsertUser = async (db: Db, user: User) => {
-  const { AUTH_SIGNUP_DISABLED } = process.env;
-  if (AUTH_SIGNUP_DISABLED) {
-    throw new GraphQLError("Sign up is disabled");
-  }
-
-  const [existingUser] = await db<User>("User")
-    .select()
-    .where("address", user.address);
-
-  if (existingUser) {
-    return existingUser;
-  }
-
-  const date = new Date().toISOString();
-  const [newUser] = await db<User>("User")
-    .insert({
-      address: user.address,
-      updatedAt: date,
-      createdAt: date,
-    })
-    .returning("*");
-
-  return newUser;
-};
-
-export const getUser = async (db: Db, address: string) => {
-  const [user] = await db<User>("User").select().where("address", address);
-  return user;
-};

package/src/subgraphs/base/index.ts

@@ -1,34 +0,0 @@
-import { ISubgraph } from "../types";
-import { DocumentNode } from "graphql";
-import { IDocumentDriveServer } from "document-drive";
-import { SubgraphArgs } from "../types";
-import { GraphQLResolverMap } from "@apollo/subgraph/dist/schema-helper";
-import { gql } from "graphql-tag";
-import { Context } from "../types";
-import { Db } from "src/types";
-import { SubgraphManager } from "../manager";
-
-export class Subgraph implements ISubgraph {
-  name = "example";
-  resolvers: Record<string, any> = {
-    Query: {
-      hello: () => this.name,
-    },
-  };
-  typeDefs: DocumentNode = gql`
-    type Query {
-      hello: String
-    }
-  `;
-  reactor: IDocumentDriveServer;
-  subgraphManager: SubgraphManager;
-  operationalStore: Db;
-  constructor(args: SubgraphArgs) {
-    this.reactor = args.reactor;
-    this.subgraphManager = args.subgraphManager;
-    this.operationalStore = args.operationalStore;
-  }
-  async onSetup() {
-    // noop
-  }
-}