@thirdweb-dev/service-utils 0.0.0-dev-7899994-20230714075259 → 0.0.0-dev-1d8a47a-20230714075515

package/node/dist/thirdweb-dev-service-utils-node.esm.js

@@ -0,0 +1,102 @@
+import { createHash } from 'node:crypto';
+import { a as authorize } from '../../dist/index-9343e4ac.esm.js';
+export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
+
+async function authorizeNode(authInput, serviceConfig) {
+  let authData;
+  try {
+    authData = extractAuthorizationData(authInput);
+  } catch (e) {
+    if (e instanceof Error && e.message === "KEY_CONFLICT") {
+      return {
+        authorized: false,
+        status: 400,
+        errorMessage: "Please pass either a client id or a secret key.",
+        errorCode: "KEY_CONFLICT"
+      };
+    }
+    return {
+      authorized: false,
+      status: 500,
+      errorMessage: "Internal Server Error",
+      errorCode: "INTERNAL_SERVER_ERROR"
+    };
+  }
+  return await authorize(authData, serviceConfig);
+}
+function getHeader(headers, headerName) {
+  const header = headers[headerName];
+  if (Array.isArray(header)) {
+    return header[0];
+  }
+  return header ?? null;
+}
+function extractAuthorizationData(authInput) {
+  if (!authInput.req.url) {
+    throw new Error("no req.url in authInput.req");
+  }
+  const requestUrl = new URL(authInput.req.url, authInput.req.headers.host);
+  const headers = authInput.req.headers;
+  const secretKey = getHeader(headers, "x-secret-key");
+  // prefer clientId that is explicitly passed in
+  let clientId = authInput.clientId ?? null;
+  if (!clientId) {
+    // next preference is clientId from header
+    clientId = getHeader(headers, "x-client-id");
+  }
+
+  // next preference is search param
+  if (!clientId) {
+    clientId = requestUrl.searchParams.get("clientId");
+  }
+  // bundle id from header is first preference
+  let bundleId = getHeader(headers, "x-bundle-id");
+
+  // next preference is search param
+  if (!bundleId) {
+    bundleId = requestUrl.searchParams.get("bundleId");
+  }
+  let origin = getHeader(headers, "origin");
+  // if origin header is not available we'll fall back to referrer;
+  if (!origin) {
+    origin = getHeader(headers, "referer");
+  }
+  // if we have an origin at this point, normalize it
+  if (origin) {
+    try {
+      origin = new URL(origin).hostname;
+    } catch (e) {
+      console.warn("failed to parse origin", origin, e);
+    }
+  }
+
+  // handle if we a secret key is passed in the headers
+  let secretKeyHash = null;
+  if (secretKey) {
+    // hash the secret key
+    secretKeyHash = hashSecretKey(secretKey);
+    // derive the client id from the secret key hash
+    const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
+    // if we already have a client id passed in we need to make sure they match
+    if (clientId && clientId !== derivedClientId) {
+      throw new Error("KEY_CONFLICT");
+    }
+    // otherwise set the client id to the derived client id (client id based off of secret key)
+    clientId = derivedClientId;
+  }
+  return {
+    secretKeyHash,
+    secretKey,
+    clientId,
+    origin,
+    bundleId
+  };
+}
+function hashSecretKey(secretKey) {
+  return createHash("sha256").update(secretKey).digest("hex");
+}
+function deriveClientIdFromSecretKeyHash(secretKeyHash) {
+  return secretKeyHash.slice(0, 32);
+}
+
+export { authorizeNode, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.0.0-dev-7899994-20230714075259",
+  "version": "0.0.0-dev-1d8a47a-20230714075515",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {