npm - @pymthouse/builder-sdk - Versions diffs - 0.3.1 → 0.4.1-rc.2 - Mend

@pymthouse/builder-sdk 0.3.1 → 0.4.1-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/README.md +54 -28
package/dist/{client-BHfjDvIe.d.ts → client-CauCfGa7.d.ts} +1 -1
package/dist/{client-CvhJEhjV.d.cts → client-D1Xz-xlx.d.cts} +1 -1
package/dist/config.cjs +0 -21
package/dist/config.cjs.map +1 -1
package/dist/config.d.cts +1 -5
package/dist/config.d.ts +1 -5
package/dist/config.js +1 -20
package/dist/config.js.map +1 -1
package/dist/device-initiate.cjs.map +1 -1
package/dist/device-initiate.js.map +1 -1
package/dist/device.cjs.map +1 -1
package/dist/device.d.cts +1 -1
package/dist/device.d.ts +1 -1
package/dist/device.js.map +1 -1
package/dist/env.cjs +13 -4
package/dist/env.cjs.map +1 -1
package/dist/env.d.cts +2 -2
package/dist/env.d.ts +2 -2
package/dist/env.js +13 -4
package/dist/env.js.map +1 -1
package/dist/index-B0ryx942.d.cts +66 -0
package/dist/index-CvV5syf_.d.ts +66 -0
package/dist/index.cjs +13 -4
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +29 -5
package/dist/index.d.ts +29 -5
package/dist/index.js +13 -4
package/dist/index.js.map +1 -1
package/dist/{ingest-DoKJTWU9.d.ts → proxy-JrT6raU_.d.cts} +5 -42
package/dist/{ingest-B3Yi8Tb1.d.cts → proxy-U32DFNuj.d.ts} +5 -42
package/dist/signer/server.cjs +799 -895
package/dist/signer/server.cjs.map +1 -1
package/dist/signer/server.d.cts +11 -15
package/dist/signer/server.d.ts +11 -15
package/dist/signer/server.js +799 -893
package/dist/signer/server.js.map +1 -1
package/dist/signer/webhook/adapters/api-key.cjs +82 -0
package/dist/signer/webhook/adapters/api-key.cjs.map +1 -0
package/dist/signer/webhook/adapters/api-key.d.cts +18 -0
package/dist/signer/webhook/adapters/api-key.d.ts +18 -0
package/dist/signer/webhook/adapters/api-key.js +80 -0
package/dist/signer/webhook/adapters/api-key.js.map +1 -0
package/dist/signer/webhook/adapters/composite.cjs +60 -0
package/dist/signer/webhook/adapters/composite.cjs.map +1 -0
package/dist/signer/webhook/adapters/composite.d.cts +5 -0
package/dist/signer/webhook/adapters/composite.d.ts +5 -0
package/dist/signer/webhook/adapters/composite.js +58 -0
package/dist/signer/webhook/adapters/composite.js.map +1 -0
package/dist/signer/webhook/adapters/oauth1.cjs +18 -0
package/dist/signer/webhook/adapters/oauth1.cjs.map +1 -0
package/dist/signer/webhook/adapters/oauth1.d.cts +19 -0
package/dist/signer/webhook/adapters/oauth1.d.ts +19 -0
package/dist/signer/webhook/adapters/oauth1.js +16 -0
package/dist/signer/webhook/adapters/oauth1.js.map +1 -0
package/dist/signer/webhook/adapters/oidc.cjs +533 -0
package/dist/signer/webhook/adapters/oidc.cjs.map +1 -0
package/dist/signer/webhook/adapters/oidc.d.cts +4 -0
package/dist/signer/webhook/adapters/oidc.d.ts +4 -0
package/dist/signer/webhook/adapters/oidc.js +526 -0
package/dist/signer/webhook/adapters/oidc.js.map +1 -0
package/dist/signer/webhook/adapters/trusted-headers.cjs +110 -0
package/dist/signer/webhook/adapters/trusted-headers.cjs.map +1 -0
package/dist/signer/webhook/adapters/trusted-headers.d.cts +18 -0
package/dist/signer/webhook/adapters/trusted-headers.d.ts +18 -0
package/dist/signer/webhook/adapters/trusted-headers.js +106 -0
package/dist/signer/webhook/adapters/trusted-headers.js.map +1 -0
package/dist/signer/webhook.cjs +759 -0
package/dist/signer/webhook.cjs.map +1 -0
package/dist/signer/webhook.d.cts +26 -0
package/dist/signer/webhook.d.ts +26 -0
package/dist/signer/webhook.js +732 -0
package/dist/signer/webhook.js.map +1 -0
package/dist/tokens.d.cts +1 -1
package/dist/tokens.d.ts +1 -1
package/dist/{types-_R1AwEZp.d.cts → types-BORaHW_x.d.cts} +5 -5
package/dist/{types-_R1AwEZp.d.ts → types-BORaHW_x.d.ts} +5 -5
package/dist/verifier-B-WFDMz6.d.cts +48 -0
package/dist/verifier-B-WFDMz6.d.ts +48 -0
package/dist/verify.cjs.map +1 -1
package/dist/verify.d.cts +1 -1
package/dist/verify.d.ts +1 -1
package/dist/verify.js.map +1 -1
package/package.json +30 -30
package/dist/gateway/client/index.cjs +0 -492
package/dist/gateway/client/index.cjs.map +0 -1
package/dist/gateway/client/index.d.cts +0 -63
package/dist/gateway/client/index.d.ts +0 -63
package/dist/gateway/client/index.js +0 -489
package/dist/gateway/client/index.js.map +0 -1
package/dist/gateway/index.cjs +0 -16
package/dist/gateway/index.cjs.map +0 -1
package/dist/gateway/index.d.cts +0 -52
package/dist/gateway/index.d.ts +0 -52
package/dist/gateway/index.js +0 -10
package/dist/gateway/index.js.map +0 -1
package/dist/gateway/server/index.cjs +0 -1248
package/dist/gateway/server/index.cjs.map +0 -1
package/dist/gateway/server/index.d.cts +0 -31
package/dist/gateway/server/index.d.ts +0 -31
package/dist/gateway/server/index.js +0 -1233
package/dist/gateway/server/index.js.map +0 -1
package/gateway/proto/lp_rpc.proto +0 -542

package/dist/index-B0ryx942.d.cts ADDED Viewed

@@ -0,0 +1,66 @@
+import { F as FetchLike } from './types-BORaHW_x.cjs';
+import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-B-WFDMz6.cjs';
+import { TrustedHeadersEndUserAuthConfig } from './signer/webhook/adapters/trusted-headers.cjs';
+type WebhookIdentityClaimMapping = {
+    claimClientId: string;
+    claimUsageSubject: string;
+    usageSubjectType: string;
+};
+declare const DEFAULT_WEBHOOK_IDENTITY_CLAIMS: WebhookIdentityClaimMapping;
+declare function identityFromWebhookClaims(claims: Record<string, unknown>, mapping?: Partial<WebhookIdentityClaimMapping>): UsageIdentity;
+declare function claimExpirySeconds(claims: Record<string, unknown>, fallbackTtlSeconds?: number): number;
+type WebhookAuthorizeContext = {
+    authorization: string;
+    payload: PaymentWebhookRequest;
+    request: Request;
+    verified: VerifiedEndUserAuth;
+    identity: VerifiedEndUserAuth["identity"];
+};
+type RemoteSignerWebhookConfig = {
+    webhookSecret: string;
+    endUserAuth: EndUserAuthVerifier;
+    afterVerify?: (context: WebhookAuthorizeContext) => Promise<void>;
+};
+declare function authenticateWebhookCaller(request: Request, secret: string): boolean;
+declare function handleRemoteSignerAuthorize(request: Request, config: RemoteSignerWebhookConfig): Promise<Response>;
+declare function createRemoteSignerAuthorizeHandler(config: RemoteSignerWebhookConfig): (request: Request) => Promise<Response>;
+declare function routeRemoteSignerWebhookRequest(request: Request, config: RemoteSignerWebhookConfig): Promise<Response | null>;
+/** Returns the token after `Bearer `, or null when the header is missing or not Bearer. */
+declare function optionalBearerToken(authorization: string): string | null;
+declare function bearerTokenFromAuthorization(authorization: string): string;
+type OidcEndUserAuthConfig = {
+    jwtIssuer: string;
+    jwtAudience: string;
+    claimMapping?: Partial<WebhookIdentityClaimMapping>;
+    allowInsecureHttp?: boolean;
+    fetch?: FetchLike;
+    requiredScopes?: string[];
+    webhookSecret: string;
+};
+declare function handleRemoteSignerRefreshJwks(request: Request, config: Pick<OidcEndUserAuthConfig, "webhookSecret" | "jwtIssuer" | "fetch" | "allowInsecureHttp">): Promise<Response>;
+declare function createOidcEndUserVerifier(config: OidcEndUserAuthConfig): EndUserAuthVerifier;
+type OidcRemoteSignerWebhookConfigInput = OidcEndUserAuthConfig & {
+    afterVerify?: (context: WebhookAuthorizeContext) => Promise<void>;
+};
+type SignerDmzRemoteSignerWebhookConfigInput = OidcRemoteSignerWebhookConfigInput & {
+    /** When true (default), accept Apache DMZ X-Livepeer-* identity headers. */
+    dmzTrustedHeaders?: boolean;
+    trustedHeaders?: Omit<TrustedHeadersEndUserAuthConfig, "expectedIssuer">;
+};
+declare function createOidcRemoteSignerWebhookConfig(input: OidcRemoteSignerWebhookConfigInput): RemoteSignerWebhookConfig;
+/**
+ * PymtHouse signer-dmz: Apache validates the end-user JWT (iss/aud = issuer), injects
+ * X-Livepeer-* headers, and go-livepeer forwards those headers to this webhook per
+ * go-livepeer remote-signer.md. Falls back to Bearer JWT verification when present.
+ */
+declare function createSignerDmzRemoteSignerWebhookConfig(input: SignerDmzRemoteSignerWebhookConfigInput): RemoteSignerWebhookConfig;
+declare function readOidcRemoteSignerWebhookConfigFromEnv(env?: NodeJS.ProcessEnv): RemoteSignerWebhookConfig;
+/** @deprecated Use readOidcRemoteSignerWebhookConfigFromEnv */
+declare const readRemoteSignerWebhookConfigFromEnv: typeof readOidcRemoteSignerWebhookConfigFromEnv;
+export { DEFAULT_WEBHOOK_IDENTITY_CLAIMS as D, type OidcRemoteSignerWebhookConfigInput as O, type RemoteSignerWebhookConfig as R, type SignerDmzRemoteSignerWebhookConfigInput as S, type WebhookAuthorizeContext as W, type OidcEndUserAuthConfig as a, type WebhookIdentityClaimMapping as b, authenticateWebhookCaller as c, bearerTokenFromAuthorization as d, claimExpirySeconds as e, createOidcEndUserVerifier as f, createOidcRemoteSignerWebhookConfig as g, createRemoteSignerAuthorizeHandler as h, createSignerDmzRemoteSignerWebhookConfig as i, handleRemoteSignerAuthorize as j, handleRemoteSignerRefreshJwks as k, identityFromWebhookClaims as l, readRemoteSignerWebhookConfigFromEnv as m, routeRemoteSignerWebhookRequest as n, optionalBearerToken as o, readOidcRemoteSignerWebhookConfigFromEnv as r };

package/dist/index-CvV5syf_.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import { F as FetchLike } from './types-BORaHW_x.js';
+import { U as UsageIdentity, P as PaymentWebhookRequest, V as VerifiedEndUserAuth, E as EndUserAuthVerifier } from './verifier-B-WFDMz6.js';
+import { TrustedHeadersEndUserAuthConfig } from './signer/webhook/adapters/trusted-headers.js';
+type WebhookIdentityClaimMapping = {
+    claimClientId: string;
+    claimUsageSubject: string;
+    usageSubjectType: string;
+};
+declare const DEFAULT_WEBHOOK_IDENTITY_CLAIMS: WebhookIdentityClaimMapping;
+declare function identityFromWebhookClaims(claims: Record<string, unknown>, mapping?: Partial<WebhookIdentityClaimMapping>): UsageIdentity;
+declare function claimExpirySeconds(claims: Record<string, unknown>, fallbackTtlSeconds?: number): number;
+type WebhookAuthorizeContext = {
+    authorization: string;
+    payload: PaymentWebhookRequest;
+    request: Request;
+    verified: VerifiedEndUserAuth;
+    identity: VerifiedEndUserAuth["identity"];
+};
+type RemoteSignerWebhookConfig = {
+    webhookSecret: string;
+    endUserAuth: EndUserAuthVerifier;
+    afterVerify?: (context: WebhookAuthorizeContext) => Promise<void>;
+};
+declare function authenticateWebhookCaller(request: Request, secret: string): boolean;
+declare function handleRemoteSignerAuthorize(request: Request, config: RemoteSignerWebhookConfig): Promise<Response>;
+declare function createRemoteSignerAuthorizeHandler(config: RemoteSignerWebhookConfig): (request: Request) => Promise<Response>;
+declare function routeRemoteSignerWebhookRequest(request: Request, config: RemoteSignerWebhookConfig): Promise<Response | null>;
+/** Returns the token after `Bearer `, or null when the header is missing or not Bearer. */
+declare function optionalBearerToken(authorization: string): string | null;
+declare function bearerTokenFromAuthorization(authorization: string): string;
+type OidcEndUserAuthConfig = {
+    jwtIssuer: string;
+    jwtAudience: string;
+    claimMapping?: Partial<WebhookIdentityClaimMapping>;
+    allowInsecureHttp?: boolean;
+    fetch?: FetchLike;
+    requiredScopes?: string[];
+    webhookSecret: string;
+};
+declare function handleRemoteSignerRefreshJwks(request: Request, config: Pick<OidcEndUserAuthConfig, "webhookSecret" | "jwtIssuer" | "fetch" | "allowInsecureHttp">): Promise<Response>;
+declare function createOidcEndUserVerifier(config: OidcEndUserAuthConfig): EndUserAuthVerifier;
+type OidcRemoteSignerWebhookConfigInput = OidcEndUserAuthConfig & {
+    afterVerify?: (context: WebhookAuthorizeContext) => Promise<void>;
+};
+type SignerDmzRemoteSignerWebhookConfigInput = OidcRemoteSignerWebhookConfigInput & {
+    /** When true (default), accept Apache DMZ X-Livepeer-* identity headers. */
+    dmzTrustedHeaders?: boolean;
+    trustedHeaders?: Omit<TrustedHeadersEndUserAuthConfig, "expectedIssuer">;
+};
+declare function createOidcRemoteSignerWebhookConfig(input: OidcRemoteSignerWebhookConfigInput): RemoteSignerWebhookConfig;
+/**
+ * PymtHouse signer-dmz: Apache validates the end-user JWT (iss/aud = issuer), injects
+ * X-Livepeer-* headers, and go-livepeer forwards those headers to this webhook per
+ * go-livepeer remote-signer.md. Falls back to Bearer JWT verification when present.
+ */
+declare function createSignerDmzRemoteSignerWebhookConfig(input: SignerDmzRemoteSignerWebhookConfigInput): RemoteSignerWebhookConfig;
+declare function readOidcRemoteSignerWebhookConfigFromEnv(env?: NodeJS.ProcessEnv): RemoteSignerWebhookConfig;
+/** @deprecated Use readOidcRemoteSignerWebhookConfigFromEnv */
+declare const readRemoteSignerWebhookConfigFromEnv: typeof readOidcRemoteSignerWebhookConfigFromEnv;
+export { DEFAULT_WEBHOOK_IDENTITY_CLAIMS as D, type OidcRemoteSignerWebhookConfigInput as O, type RemoteSignerWebhookConfig as R, type SignerDmzRemoteSignerWebhookConfigInput as S, type WebhookAuthorizeContext as W, type OidcEndUserAuthConfig as a, type WebhookIdentityClaimMapping as b, authenticateWebhookCaller as c, bearerTokenFromAuthorization as d, claimExpirySeconds as e, createOidcEndUserVerifier as f, createOidcRemoteSignerWebhookConfig as g, createRemoteSignerAuthorizeHandler as h, createSignerDmzRemoteSignerWebhookConfig as i, handleRemoteSignerAuthorize as j, handleRemoteSignerRefreshJwks as k, identityFromWebhookClaims as l, readRemoteSignerWebhookConfigFromEnv as m, routeRemoteSignerWebhookRequest as n, optionalBearerToken as o, readOidcRemoteSignerWebhookConfigFromEnv as r };

package/dist/index.cjs CHANGED Viewed

@@ -244,8 +244,14 @@ var init_fetch_json = __esm({
 });
 // src/signer/handler-errors.ts
-function signerHandlerErrorResponse(error) {
+function isPmtHouseError(error) {
   if (error instanceof exports.PmtHouseError) {
+    return true;
+  }
+  return error instanceof Error && typeof error.status === "number" && typeof error.code === "string";
+}
+function signerHandlerErrorResponse(error) {
+  if (isPmtHouseError(error)) {
     return new Response(
       JSON.stringify({
         error: error.code,
@@ -298,6 +304,9 @@ var init_json_fields = __esm({
 });
 // src/signer/mint-token.ts
+function signerJwtAudience(issuerUrl) {
+  return stripTrailingSlashes(issuerUrl);
+}
 function parseMintUserSignerTokenResponse(body, ttlRefreshRatio = DEFAULT_TTL_REFRESH_RATIO) {
   const accessToken = readStringField(body, "access_token", TOKEN_RESPONSE_ERROR, "Token response");
   const expiresIn = readExpiresIn(body, TOKEN_RESPONSE_ERROR);
@@ -324,11 +333,11 @@ function parseMintUserSignerTokenResponse(body, ttlRefreshRatio = DEFAULT_TTL_RE
     lifetimeGrantedUsdMicros
   };
 }
-var LIVEPEER_REMOTE_SIGNER_AUDIENCE, DEFAULT_TTL_REFRESH_RATIO, TOKEN_RESPONSE_ERROR;
+var DEFAULT_TTL_REFRESH_RATIO, TOKEN_RESPONSE_ERROR;
 var init_mint_token = __esm({
   "src/signer/mint-token.ts"() {
+    init_string_utils();
     init_json_fields();
-    LIVEPEER_REMOTE_SIGNER_AUDIENCE = "livepeer-remote-signer";
     DEFAULT_TTL_REFRESH_RATIO = 0.8;
     TOKEN_RESPONSE_ERROR = "invalid_token_response";
   }
@@ -395,7 +404,7 @@ async function mintSignerTokenFromDeviceToken(options) {
       code: "oidc_discovery_invalid"
     });
   }
-  const audience = options.audience?.trim() || LIVEPEER_REMOTE_SIGNER_AUDIENCE;
+  const audience = options.audience?.trim() || signerJwtAudience(issuerUrl);
   const params = new URLSearchParams({
     grant_type: TOKEN_EXCHANGE_GRANT,
     subject_token: options.deviceToken,