@thirdweb-dev/service-utils 0.0.0-dev-6a40ee6-20230714154440 → 0.0.0-dev-ae6f264-20230714181935

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-f45a96ee.cjs.dev.js');
+var index = require('../../dist/index-ab78c807.cjs.dev.js');
 var services = require('../../dist/services-a3f36057.cjs.dev.js');
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js

@@ -2,7 +2,7 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-8a3bbee6.cjs.prod.js');
+var index = require('../../dist/index-e567dd4f.cjs.prod.js');
 var services = require('../../dist/services-9e185105.cjs.prod.js');
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js

@@ -1,4 +1,4 @@
-import { a as authorize } from '../../dist/index-bdbd7887.esm.js';
+import { a as authorize } from '../../dist/index-a4e1d99c.esm.js';
 export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;

package/dist/declarations/src/core/authorize/index.d.ts

@@ -6,7 +6,7 @@ export type AuthorizationInput = {
     origin: string | null;
     bundleId: string | null;
     secretKeyHash: string | null;
-    targetAddress?: string;
+    targetAddress?: string | string[];
 };
 type CacheOptions = {
     get: (clientId: string) => Promise<string | null>;

package/dist/declarations/src/core/authorize/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,iBAAiB,EAElB,kBAAe;AAGhB,OAAO,EAAE,mBAAmB,EAAE,mBAAgB;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACtE,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AASF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,iBAAiB,EAChC,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CAoH9B"}
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,iBAAiB,EAElB,kBAAe;AAGhB,OAAO,EAAE,mBAAmB,EAAE,mBAAgB;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACtE,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AASF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,iBAAiB,EAChC,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CAoH9B"}

package/dist/declarations/src/core/types.d.ts

@@ -1,5 +1,5 @@
 export type CoreAuthInput = {
     clientId?: string;
-    targetAddress?: string;
+    targetAddress?: string | string[];
 };
 //# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/core/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/core","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC"}
+{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/core","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC"}

package/dist/{index-bdbd7887.esm.js → index-a4e1d99c.esm.js}

@@ -7,7 +7,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
   const url = new URL(`${apiUrl}/v1/keys/use`);
   url.searchParams.set("clientId", clientId);
   url.searchParams.set("scope", serviceScope);
-  const response = await fetch(url.href, {
+  const response = await fetch(url.toString(), {
     method: "GET",
     headers: {
       "x-service-api-key": serviceApiKey,
@@ -23,10 +23,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
     origin,
+    bundleId,
     secretKeyHash: providedSecretHash
   } = authOptions;
   const {
     domains,
+    bundleIds,
     secretHash
   } = apiKeyMeta;
   if (providedSecretHash) {
@@ -76,7 +78,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
     };
   }
 
-  // FIXME: validate bundle id
+  // validate bundleId
+  if (bundleId) {
+    if (
+    // find matching bundle id, or if all bundles allowed
+    bundleIds.find(b => {
+      if (b === "*") {
+        return true;
+      }
+      return b === bundleId;
+    })) {
+      return {
+        authorized: true,
+        apiKeyMeta
+      };
+    }
+    return {
+      authorized: false,
+      errorMessage: "The bundle is not authorized for this key.",
+      errorCode: "BUNDLE_UNAUTHORIZED",
+      status: 401
+    };
+  }
   return {
     authorized: false,
     errorMessage: "The keys are invalid.",
@@ -85,12 +108,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
   };
 }
 
-function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
+function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
   const {
     services
-  } = apikeyMetadata;
-  // const { serviceTargetAddresses, serviceAction } = validations;
-
+  } = apiKeyMetadata;
   // validate services
   const service = services.find(srv => srv.name === serviceConfig.serviceScope);
   if (!service) {
@@ -118,11 +139,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   // validate service target addresses
   // the service has to pass in the target address for this to be validated
   if (authorizationPayload?.targetAddress) {
-    const isTargetAddressAllowed = service.targetAddresses.includes(authorizationPayload.targetAddress);
-    if (!isTargetAddressAllowed) {
+    const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
+    if (service.targetAddresses.includes("*")) {
+      return {
+        authorized: true,
+        apiKeyMeta: apiKeyMetadata
+      };
+    }
+    if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
       return {
         authorized: false,
-        errorMessage: `The service "${serviceConfig.serviceScope}" target address "${authorizationPayload.targetAddress}" is not authorized for this key.`,
+        errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
         errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
         status: 403
       };
@@ -130,7 +157,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   }
   return {
     authorized: true,
-    apiKeyMeta: apikeyMetadata
+    apiKeyMeta: apiKeyMetadata
   };
 }
 

package/dist/{index-8a3bbee6.cjs.prod.js → index-ab78c807.cjs.dev.js}

@@ -9,7 +9,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
   const url = new URL(`${apiUrl}/v1/keys/use`);
   url.searchParams.set("clientId", clientId);
   url.searchParams.set("scope", serviceScope);
-  const response = await fetch(url.href, {
+  const response = await fetch(url.toString(), {
     method: "GET",
     headers: {
       "x-service-api-key": serviceApiKey,
@@ -25,10 +25,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
     origin,
+    bundleId,
     secretKeyHash: providedSecretHash
   } = authOptions;
   const {
     domains,
+    bundleIds,
     secretHash
   } = apiKeyMeta;
   if (providedSecretHash) {
@@ -78,7 +80,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
     };
   }
 
-  // FIXME: validate bundle id
+  // validate bundleId
+  if (bundleId) {
+    if (
+    // find matching bundle id, or if all bundles allowed
+    bundleIds.find(b => {
+      if (b === "*") {
+        return true;
+      }
+      return b === bundleId;
+    })) {
+      return {
+        authorized: true,
+        apiKeyMeta
+      };
+    }
+    return {
+      authorized: false,
+      errorMessage: "The bundle is not authorized for this key.",
+      errorCode: "BUNDLE_UNAUTHORIZED",
+      status: 401
+    };
+  }
   return {
     authorized: false,
     errorMessage: "The keys are invalid.",
@@ -87,12 +110,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
   };
 }
 
-function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
+function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
   const {
     services
-  } = apikeyMetadata;
-  // const { serviceTargetAddresses, serviceAction } = validations;
-
+  } = apiKeyMetadata;
   // validate services
   const service = services.find(srv => srv.name === serviceConfig.serviceScope);
   if (!service) {
@@ -120,11 +141,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   // validate service target addresses
   // the service has to pass in the target address for this to be validated
   if (authorizationPayload?.targetAddress) {
-    const isTargetAddressAllowed = service.targetAddresses.includes(authorizationPayload.targetAddress);
-    if (!isTargetAddressAllowed) {
+    const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
+    if (service.targetAddresses.includes("*")) {
+      return {
+        authorized: true,
+        apiKeyMeta: apiKeyMetadata
+      };
+    }
+    if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
       return {
         authorized: false,
-        errorMessage: `The service "${serviceConfig.serviceScope}" target address "${authorizationPayload.targetAddress}" is not authorized for this key.`,
+        errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
         errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
         status: 403
       };
@@ -132,7 +159,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   }
   return {
     authorized: true,
-    apiKeyMeta: apikeyMetadata
+    apiKeyMeta: apiKeyMetadata
   };
 }
 

package/dist/{index-f45a96ee.cjs.dev.js → index-e567dd4f.cjs.prod.js}

@@ -9,7 +9,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
   const url = new URL(`${apiUrl}/v1/keys/use`);
   url.searchParams.set("clientId", clientId);
   url.searchParams.set("scope", serviceScope);
-  const response = await fetch(url.href, {
+  const response = await fetch(url.toString(), {
     method: "GET",
     headers: {
       "x-service-api-key": serviceApiKey,
@@ -25,10 +25,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
     origin,
+    bundleId,
     secretKeyHash: providedSecretHash
   } = authOptions;
   const {
     domains,
+    bundleIds,
     secretHash
   } = apiKeyMeta;
   if (providedSecretHash) {
@@ -78,7 +80,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
     };
   }
 
-  // FIXME: validate bundle id
+  // validate bundleId
+  if (bundleId) {
+    if (
+    // find matching bundle id, or if all bundles allowed
+    bundleIds.find(b => {
+      if (b === "*") {
+        return true;
+      }
+      return b === bundleId;
+    })) {
+      return {
+        authorized: true,
+        apiKeyMeta
+      };
+    }
+    return {
+      authorized: false,
+      errorMessage: "The bundle is not authorized for this key.",
+      errorCode: "BUNDLE_UNAUTHORIZED",
+      status: 401
+    };
+  }
   return {
     authorized: false,
     errorMessage: "The keys are invalid.",
@@ -87,12 +110,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
   };
 }
 
-function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
+function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
   const {
     services
-  } = apikeyMetadata;
-  // const { serviceTargetAddresses, serviceAction } = validations;
-
+  } = apiKeyMetadata;
   // validate services
   const service = services.find(srv => srv.name === serviceConfig.serviceScope);
   if (!service) {
@@ -120,11 +141,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   // validate service target addresses
   // the service has to pass in the target address for this to be validated
   if (authorizationPayload?.targetAddress) {
-    const isTargetAddressAllowed = service.targetAddresses.includes(authorizationPayload.targetAddress);
-    if (!isTargetAddressAllowed) {
+    const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
+    if (service.targetAddresses.includes("*")) {
+      return {
+        authorized: true,
+        apiKeyMeta: apiKeyMetadata
+      };
+    }
+    if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
       return {
         authorized: false,
-        errorMessage: `The service "${serviceConfig.serviceScope}" target address "${authorizationPayload.targetAddress}" is not authorized for this key.`,
+        errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
         errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
         status: 403
       };
@@ -132,7 +159,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
   }
   return {
     authorized: true,
-    apiKeyMeta: apikeyMetadata
+    apiKeyMeta: apiKeyMetadata
   };
 }
 

package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-f45a96ee.cjs.dev.js');
+var index = require('../../dist/index-ab78c807.cjs.dev.js');
 var services = require('../../dist/services-a3f36057.cjs.dev.js');
 
 async function authorizeNode(authInput, serviceConfig) {

package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js

@@ -3,7 +3,7 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-8a3bbee6.cjs.prod.js');
+var index = require('../../dist/index-e567dd4f.cjs.prod.js');
 var services = require('../../dist/services-9e185105.cjs.prod.js');
 
 async function authorizeNode(authInput, serviceConfig) {

package/node/dist/thirdweb-dev-service-utils-node.esm.js

@@ -1,5 +1,5 @@
 import { createHash } from 'node:crypto';
-import { a as authorize } from '../../dist/index-bdbd7887.esm.js';
+import { a as authorize } from '../../dist/index-a4e1d99c.esm.js';
 export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
 
 async function authorizeNode(authInput, serviceConfig) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.0.0-dev-6a40ee6-20230714154440",
+  "version": "0.0.0-dev-ae6f264-20230714181935",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {