@thirdweb-dev/service-utils 0.0.0-dev-6a40ee6-20230714154440 → 0.0.0-dev-ae6f264-20230714181935
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js +1 -1
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js +1 -1
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js +1 -1
- package/dist/declarations/src/core/authorize/index.d.ts +1 -1
- package/dist/declarations/src/core/authorize/index.d.ts.map +1 -1
- package/dist/declarations/src/core/types.d.ts +1 -1
- package/dist/declarations/src/core/types.d.ts.map +1 -1
- package/dist/{index-bdbd7887.esm.js → index-a4e1d99c.esm.js} +37 -10
- package/dist/{index-8a3bbee6.cjs.prod.js → index-ab78c807.cjs.dev.js} +37 -10
- package/dist/{index-f45a96ee.cjs.dev.js → index-e567dd4f.cjs.prod.js} +37 -10
- package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js +1 -1
- package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js +1 -1
- package/node/dist/thirdweb-dev-service-utils-node.esm.js +1 -1
- package/package.json +1 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
var index = require('../../dist/index-
|
|
5
|
+
var index = require('../../dist/index-ab78c807.cjs.dev.js');
|
|
6
6
|
var services = require('../../dist/services-a3f36057.cjs.dev.js');
|
|
7
7
|
|
|
8
8
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
var index = require('../../dist/index-
|
|
5
|
+
var index = require('../../dist/index-e567dd4f.cjs.prod.js');
|
|
6
6
|
var services = require('../../dist/services-9e185105.cjs.prod.js');
|
|
7
7
|
|
|
8
8
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as authorize } from '../../dist/index-
|
|
1
|
+
import { a as authorize } from '../../dist/index-a4e1d99c.esm.js';
|
|
2
2
|
export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
|
|
3
3
|
|
|
4
4
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -6,7 +6,7 @@ export type AuthorizationInput = {
|
|
|
6
6
|
origin: string | null;
|
|
7
7
|
bundleId: string | null;
|
|
8
8
|
secretKeyHash: string | null;
|
|
9
|
-
targetAddress?: string;
|
|
9
|
+
targetAddress?: string | string[];
|
|
10
10
|
};
|
|
11
11
|
type CacheOptions = {
|
|
12
12
|
get: (clientId: string) => Promise<string | null>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,iBAAiB,EAElB,kBAAe;AAGhB,OAAO,EAAE,mBAAmB,EAAE,mBAAgB;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,iBAAiB,EAElB,kBAAe;AAGhB,OAAO,EAAE,mBAAmB,EAAE,mBAAgB;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,cAAc,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACtE,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AASF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,iBAAiB,EAChC,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CAoH9B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/core","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/core","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,aAAa,GAAG;IAE1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC"}
|
|
@@ -7,7 +7,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
7
7
|
const url = new URL(`${apiUrl}/v1/keys/use`);
|
|
8
8
|
url.searchParams.set("clientId", clientId);
|
|
9
9
|
url.searchParams.set("scope", serviceScope);
|
|
10
|
-
const response = await fetch(url.
|
|
10
|
+
const response = await fetch(url.toString(), {
|
|
11
11
|
method: "GET",
|
|
12
12
|
headers: {
|
|
13
13
|
"x-service-api-key": serviceApiKey,
|
|
@@ -23,10 +23,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
23
23
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
24
24
|
const {
|
|
25
25
|
origin,
|
|
26
|
+
bundleId,
|
|
26
27
|
secretKeyHash: providedSecretHash
|
|
27
28
|
} = authOptions;
|
|
28
29
|
const {
|
|
29
30
|
domains,
|
|
31
|
+
bundleIds,
|
|
30
32
|
secretHash
|
|
31
33
|
} = apiKeyMeta;
|
|
32
34
|
if (providedSecretHash) {
|
|
@@ -76,7 +78,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
76
78
|
};
|
|
77
79
|
}
|
|
78
80
|
|
|
79
|
-
//
|
|
81
|
+
// validate bundleId
|
|
82
|
+
if (bundleId) {
|
|
83
|
+
if (
|
|
84
|
+
// find matching bundle id, or if all bundles allowed
|
|
85
|
+
bundleIds.find(b => {
|
|
86
|
+
if (b === "*") {
|
|
87
|
+
return true;
|
|
88
|
+
}
|
|
89
|
+
return b === bundleId;
|
|
90
|
+
})) {
|
|
91
|
+
return {
|
|
92
|
+
authorized: true,
|
|
93
|
+
apiKeyMeta
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
return {
|
|
97
|
+
authorized: false,
|
|
98
|
+
errorMessage: "The bundle is not authorized for this key.",
|
|
99
|
+
errorCode: "BUNDLE_UNAUTHORIZED",
|
|
100
|
+
status: 401
|
|
101
|
+
};
|
|
102
|
+
}
|
|
80
103
|
return {
|
|
81
104
|
authorized: false,
|
|
82
105
|
errorMessage: "The keys are invalid.",
|
|
@@ -85,12 +108,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
85
108
|
};
|
|
86
109
|
}
|
|
87
110
|
|
|
88
|
-
function authorizeService(
|
|
111
|
+
function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
89
112
|
const {
|
|
90
113
|
services
|
|
91
|
-
} =
|
|
92
|
-
// const { serviceTargetAddresses, serviceAction } = validations;
|
|
93
|
-
|
|
114
|
+
} = apiKeyMetadata;
|
|
94
115
|
// validate services
|
|
95
116
|
const service = services.find(srv => srv.name === serviceConfig.serviceScope);
|
|
96
117
|
if (!service) {
|
|
@@ -118,11 +139,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
118
139
|
// validate service target addresses
|
|
119
140
|
// the service has to pass in the target address for this to be validated
|
|
120
141
|
if (authorizationPayload?.targetAddress) {
|
|
121
|
-
const
|
|
122
|
-
if (
|
|
142
|
+
const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
|
|
143
|
+
if (service.targetAddresses.includes("*")) {
|
|
144
|
+
return {
|
|
145
|
+
authorized: true,
|
|
146
|
+
apiKeyMeta: apiKeyMetadata
|
|
147
|
+
};
|
|
148
|
+
}
|
|
149
|
+
if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
|
|
123
150
|
return {
|
|
124
151
|
authorized: false,
|
|
125
|
-
errorMessage: `The service "${serviceConfig.serviceScope}" target address
|
|
152
|
+
errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
|
|
126
153
|
errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
|
|
127
154
|
status: 403
|
|
128
155
|
};
|
|
@@ -130,7 +157,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
130
157
|
}
|
|
131
158
|
return {
|
|
132
159
|
authorized: true,
|
|
133
|
-
apiKeyMeta:
|
|
160
|
+
apiKeyMeta: apiKeyMetadata
|
|
134
161
|
};
|
|
135
162
|
}
|
|
136
163
|
|
|
@@ -9,7 +9,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
9
9
|
const url = new URL(`${apiUrl}/v1/keys/use`);
|
|
10
10
|
url.searchParams.set("clientId", clientId);
|
|
11
11
|
url.searchParams.set("scope", serviceScope);
|
|
12
|
-
const response = await fetch(url.
|
|
12
|
+
const response = await fetch(url.toString(), {
|
|
13
13
|
method: "GET",
|
|
14
14
|
headers: {
|
|
15
15
|
"x-service-api-key": serviceApiKey,
|
|
@@ -25,10 +25,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
25
25
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
26
26
|
const {
|
|
27
27
|
origin,
|
|
28
|
+
bundleId,
|
|
28
29
|
secretKeyHash: providedSecretHash
|
|
29
30
|
} = authOptions;
|
|
30
31
|
const {
|
|
31
32
|
domains,
|
|
33
|
+
bundleIds,
|
|
32
34
|
secretHash
|
|
33
35
|
} = apiKeyMeta;
|
|
34
36
|
if (providedSecretHash) {
|
|
@@ -78,7 +80,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
78
80
|
};
|
|
79
81
|
}
|
|
80
82
|
|
|
81
|
-
//
|
|
83
|
+
// validate bundleId
|
|
84
|
+
if (bundleId) {
|
|
85
|
+
if (
|
|
86
|
+
// find matching bundle id, or if all bundles allowed
|
|
87
|
+
bundleIds.find(b => {
|
|
88
|
+
if (b === "*") {
|
|
89
|
+
return true;
|
|
90
|
+
}
|
|
91
|
+
return b === bundleId;
|
|
92
|
+
})) {
|
|
93
|
+
return {
|
|
94
|
+
authorized: true,
|
|
95
|
+
apiKeyMeta
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
return {
|
|
99
|
+
authorized: false,
|
|
100
|
+
errorMessage: "The bundle is not authorized for this key.",
|
|
101
|
+
errorCode: "BUNDLE_UNAUTHORIZED",
|
|
102
|
+
status: 401
|
|
103
|
+
};
|
|
104
|
+
}
|
|
82
105
|
return {
|
|
83
106
|
authorized: false,
|
|
84
107
|
errorMessage: "The keys are invalid.",
|
|
@@ -87,12 +110,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
87
110
|
};
|
|
88
111
|
}
|
|
89
112
|
|
|
90
|
-
function authorizeService(
|
|
113
|
+
function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
91
114
|
const {
|
|
92
115
|
services
|
|
93
|
-
} =
|
|
94
|
-
// const { serviceTargetAddresses, serviceAction } = validations;
|
|
95
|
-
|
|
116
|
+
} = apiKeyMetadata;
|
|
96
117
|
// validate services
|
|
97
118
|
const service = services.find(srv => srv.name === serviceConfig.serviceScope);
|
|
98
119
|
if (!service) {
|
|
@@ -120,11 +141,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
120
141
|
// validate service target addresses
|
|
121
142
|
// the service has to pass in the target address for this to be validated
|
|
122
143
|
if (authorizationPayload?.targetAddress) {
|
|
123
|
-
const
|
|
124
|
-
if (
|
|
144
|
+
const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
|
|
145
|
+
if (service.targetAddresses.includes("*")) {
|
|
146
|
+
return {
|
|
147
|
+
authorized: true,
|
|
148
|
+
apiKeyMeta: apiKeyMetadata
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
|
|
125
152
|
return {
|
|
126
153
|
authorized: false,
|
|
127
|
-
errorMessage: `The service "${serviceConfig.serviceScope}" target address
|
|
154
|
+
errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
|
|
128
155
|
errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
|
|
129
156
|
status: 403
|
|
130
157
|
};
|
|
@@ -132,7 +159,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
132
159
|
}
|
|
133
160
|
return {
|
|
134
161
|
authorized: true,
|
|
135
|
-
apiKeyMeta:
|
|
162
|
+
apiKeyMeta: apiKeyMetadata
|
|
136
163
|
};
|
|
137
164
|
}
|
|
138
165
|
|
|
@@ -9,7 +9,7 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
9
9
|
const url = new URL(`${apiUrl}/v1/keys/use`);
|
|
10
10
|
url.searchParams.set("clientId", clientId);
|
|
11
11
|
url.searchParams.set("scope", serviceScope);
|
|
12
|
-
const response = await fetch(url.
|
|
12
|
+
const response = await fetch(url.toString(), {
|
|
13
13
|
method: "GET",
|
|
14
14
|
headers: {
|
|
15
15
|
"x-service-api-key": serviceApiKey,
|
|
@@ -25,10 +25,12 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
25
25
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
26
26
|
const {
|
|
27
27
|
origin,
|
|
28
|
+
bundleId,
|
|
28
29
|
secretKeyHash: providedSecretHash
|
|
29
30
|
} = authOptions;
|
|
30
31
|
const {
|
|
31
32
|
domains,
|
|
33
|
+
bundleIds,
|
|
32
34
|
secretHash
|
|
33
35
|
} = apiKeyMeta;
|
|
34
36
|
if (providedSecretHash) {
|
|
@@ -78,7 +80,28 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
78
80
|
};
|
|
79
81
|
}
|
|
80
82
|
|
|
81
|
-
//
|
|
83
|
+
// validate bundleId
|
|
84
|
+
if (bundleId) {
|
|
85
|
+
if (
|
|
86
|
+
// find matching bundle id, or if all bundles allowed
|
|
87
|
+
bundleIds.find(b => {
|
|
88
|
+
if (b === "*") {
|
|
89
|
+
return true;
|
|
90
|
+
}
|
|
91
|
+
return b === bundleId;
|
|
92
|
+
})) {
|
|
93
|
+
return {
|
|
94
|
+
authorized: true,
|
|
95
|
+
apiKeyMeta
|
|
96
|
+
};
|
|
97
|
+
}
|
|
98
|
+
return {
|
|
99
|
+
authorized: false,
|
|
100
|
+
errorMessage: "The bundle is not authorized for this key.",
|
|
101
|
+
errorCode: "BUNDLE_UNAUTHORIZED",
|
|
102
|
+
status: 401
|
|
103
|
+
};
|
|
104
|
+
}
|
|
82
105
|
return {
|
|
83
106
|
authorized: false,
|
|
84
107
|
errorMessage: "The keys are invalid.",
|
|
@@ -87,12 +110,10 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
87
110
|
};
|
|
88
111
|
}
|
|
89
112
|
|
|
90
|
-
function authorizeService(
|
|
113
|
+
function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
91
114
|
const {
|
|
92
115
|
services
|
|
93
|
-
} =
|
|
94
|
-
// const { serviceTargetAddresses, serviceAction } = validations;
|
|
95
|
-
|
|
116
|
+
} = apiKeyMetadata;
|
|
96
117
|
// validate services
|
|
97
118
|
const service = services.find(srv => srv.name === serviceConfig.serviceScope);
|
|
98
119
|
if (!service) {
|
|
@@ -120,11 +141,17 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
120
141
|
// validate service target addresses
|
|
121
142
|
// the service has to pass in the target address for this to be validated
|
|
122
143
|
if (authorizationPayload?.targetAddress) {
|
|
123
|
-
const
|
|
124
|
-
if (
|
|
144
|
+
const targetAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
|
|
145
|
+
if (service.targetAddresses.includes("*")) {
|
|
146
|
+
return {
|
|
147
|
+
authorized: true,
|
|
148
|
+
apiKeyMeta: apiKeyMetadata
|
|
149
|
+
};
|
|
150
|
+
}
|
|
151
|
+
if (targetAddresses.some(ta => !service.targetAddresses.includes(ta))) {
|
|
125
152
|
return {
|
|
126
153
|
authorized: false,
|
|
127
|
-
errorMessage: `The service "${serviceConfig.serviceScope}" target address
|
|
154
|
+
errorMessage: `The service "${serviceConfig.serviceScope}" target address is not authorized for this key.`,
|
|
128
155
|
errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
|
|
129
156
|
status: 403
|
|
130
157
|
};
|
|
@@ -132,7 +159,7 @@ function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
132
159
|
}
|
|
133
160
|
return {
|
|
134
161
|
authorized: true,
|
|
135
|
-
apiKeyMeta:
|
|
162
|
+
apiKeyMeta: apiKeyMetadata
|
|
136
163
|
};
|
|
137
164
|
}
|
|
138
165
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var node_crypto = require('node:crypto');
|
|
6
|
-
var index = require('../../dist/index-
|
|
6
|
+
var index = require('../../dist/index-ab78c807.cjs.dev.js');
|
|
7
7
|
var services = require('../../dist/services-a3f36057.cjs.dev.js');
|
|
8
8
|
|
|
9
9
|
async function authorizeNode(authInput, serviceConfig) {
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var node_crypto = require('node:crypto');
|
|
6
|
-
var index = require('../../dist/index-
|
|
6
|
+
var index = require('../../dist/index-e567dd4f.cjs.prod.js');
|
|
7
7
|
var services = require('../../dist/services-9e185105.cjs.prod.js');
|
|
8
8
|
|
|
9
9
|
async function authorizeNode(authInput, serviceConfig) {
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { createHash } from 'node:crypto';
|
|
2
|
-
import { a as authorize } from '../../dist/index-
|
|
2
|
+
import { a as authorize } from '../../dist/index-a4e1d99c.esm.js';
|
|
3
3
|
export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
|
|
4
4
|
|
|
5
5
|
async function authorizeNode(authInput, serviceConfig) {
|
package/package.json
CHANGED