@thirdweb-dev/service-utils 0.0.0-dev-c3925f3-20230905155015 → 0.0.0-dev-92be883-20230913130717

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js

@@ -2,10 +2,10 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-cd4f96ef.cjs.dev.js');
-var services = require('../../dist/services-a3f36057.cjs.dev.js');
+var index = require('../../dist/index-4e1ffe00.cjs.dev.js');
 var aws4fetch = require('aws4fetch');
 var zod = require('zod');
+var services = require('../../dist/services-a3f36057.cjs.dev.js');
 
 // Initialize a singleton for aws usage.
 let _aws;
@@ -86,6 +86,8 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
+// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -117,6 +119,14 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
+async function rateLimitWorker(apiKeyMeta, serviceConfig) {
+  return await index.rateLimit(apiKeyMeta, serviceConfig, {
+    get: async bucketId => serviceConfig.kvStore.get(bucketId),
+    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
+      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
+    })
+  });
+}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -228,6 +238,8 @@ async function logHttpRequest(_ref) {
   console.log(`statusMessage=${statusMessage ?? res.statusText}`);
 }
 
+exports.rateLimit = index.rateLimit;
+exports.usageLimit = index.usageLimit;
 exports.SERVICES = services.SERVICES;
 exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
 exports.SERVICE_NAMES = services.SERVICE_NAMES;
@@ -238,3 +250,4 @@ exports.extractAuthorizationData = extractAuthorizationData;
 exports.hashSecretKey = hashSecretKey;
 exports.logHttpRequest = logHttpRequest;
 exports.publishUsageEvents = publishUsageEvents;
+exports.rateLimitWorker = rateLimitWorker;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js

@@ -2,10 +2,10 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-var index = require('../../dist/index-6e0ecc5f.cjs.prod.js');
-var services = require('../../dist/services-9e185105.cjs.prod.js');
+var index = require('../../dist/index-21ba31a2.cjs.prod.js');
 var aws4fetch = require('aws4fetch');
 var zod = require('zod');
+var services = require('../../dist/services-9e185105.cjs.prod.js');
 
 // Initialize a singleton for aws usage.
 let _aws;
@@ -86,6 +86,8 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
+// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -117,6 +119,14 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
+async function rateLimitWorker(apiKeyMeta, serviceConfig) {
+  return await index.rateLimit(apiKeyMeta, serviceConfig, {
+    get: async bucketId => serviceConfig.kvStore.get(bucketId),
+    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
+      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
+    })
+  });
+}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -228,6 +238,8 @@ async function logHttpRequest(_ref) {
   console.log(`statusMessage=${statusMessage ?? res.statusText}`);
 }
 
+exports.rateLimit = index.rateLimit;
+exports.usageLimit = index.usageLimit;
 exports.SERVICES = services.SERVICES;
 exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
 exports.SERVICE_NAMES = services.SERVICE_NAMES;
@@ -238,3 +250,4 @@ exports.extractAuthorizationData = extractAuthorizationData;
 exports.hashSecretKey = hashSecretKey;
 exports.logHttpRequest = logHttpRequest;
 exports.publishUsageEvents = publishUsageEvents;
+exports.rateLimitWorker = rateLimitWorker;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js

@@ -1,7 +1,8 @@
-import { a as authorize } from '../../dist/index-ffddf746.esm.js';
-export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
+import { a as authorize, r as rateLimit } from '../../dist/index-524baaec.esm.js';
+export { r as rateLimit, u as usageLimit } from '../../dist/index-524baaec.esm.js';
 import { AwsClient } from 'aws4fetch';
 import { z } from 'zod';
+export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
 
 // Initialize a singleton for aws usage.
 let _aws;
@@ -82,6 +83,8 @@ async function publishUsageEvents(usageEvents, config) {
 }
 
 const DEFAULT_CACHE_TTL_SECONDS = 60;
+// must be > DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+const DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS = 60;
 async function authorizeWorker(authInput, serviceConfig) {
   let authData;
   try {
@@ -113,6 +116,14 @@ async function authorizeWorker(authInput, serviceConfig) {
     cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
   });
 }
+async function rateLimitWorker(apiKeyMeta, serviceConfig) {
+  return await rateLimit(apiKeyMeta, serviceConfig, {
+    get: async bucketId => serviceConfig.kvStore.get(bucketId),
+    put: (bucketId, count) => serviceConfig.kvStore.put(bucketId, count, {
+      expirationTtl: DEFAULT_RATE_LIMIT_CACHE_TTL_SECONDS
+    })
+  });
+}
 async function extractAuthorizationData(authInput) {
   const requestUrl = new URL(authInput.req.url);
   const headers = authInput.req.headers;
@@ -224,4 +235,4 @@ async function logHttpRequest(_ref) {
   console.log(`statusMessage=${statusMessage ?? res.statusText}`);
 }
 
-export { authorizeWorker, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey, logHttpRequest, publishUsageEvents };
+export { authorizeWorker, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey, logHttpRequest, publishUsageEvents, rateLimitWorker };

package/dist/declarations/src/cf-worker/index.d.ts

@@ -1,11 +1,14 @@
 import type { ExecutionContext, KVNamespace, Response } from "@cloudflare/workers-types";
-import type { CoreServiceConfig } from "../core/api";
+import type { ApiKeyMetadata, CoreServiceConfig } from "../core/api";
 import type { Request } from "@cloudflare/workers-types";
 import type { AuthorizationInput } from "../core/authorize";
 import type { AuthorizationResult } from "../core/authorize/types";
+import type { RateLimitResult } from "../core/rateLimit/types";
 import type { CoreAuthInput } from "../core/types";
-export * from "../core/services";
 export * from "./usage";
+export * from "../core/services";
+export * from "../core/rateLimit";
+export * from "../core/usageLimit";
 type WorkerServiceConfig = CoreServiceConfig & {
     kvStore: KVNamespace;
     ctx: ExecutionContext;
@@ -15,6 +18,7 @@ type AuthInput = CoreAuthInput & {
     req: Request;
 };
 export declare function authorizeWorker(authInput: AuthInput, serviceConfig: WorkerServiceConfig): Promise<AuthorizationResult>;
+export declare function rateLimitWorker(apiKeyMeta: ApiKeyMetadata, serviceConfig: WorkerServiceConfig): Promise<RateLimitResult>;
 export declare function extractAuthorizationData(authInput: AuthInput): Promise<AuthorizationInput>;
 export declare function hashSecretKey(secretKey: string): Promise<string>;
 export declare function deriveClientIdFromSecretKeyHash(secretKeyHash: string): string;

package/dist/declarations/src/cf-worker/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACT,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAGV,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AACjC,cAAc,SAAS,CAAC;AAExB,KAAK,mBAAmB,GAAG,iBAAiB,GAAG;IAC7C,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,gBAAgB,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAIF,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd,CAAC;AAEF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA0C9B;AAED,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,kBAAkB,CAAC,CA2E7B;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,mBAIpD;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAQD,wBAAsB,cAAc,CAAC,EACnC,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,QAAQ,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,iBAoBA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,QAAQ,EACT,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EACV,cAAc,EAEd,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAC;AAC/D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAGnD,cAAc,SAAS,CAAC;AACxB,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,KAAK,mBAAmB,GAAG,iBAAiB,GAAG;IAC7C,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,gBAAgB,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAMF,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd,CAAC;AAEF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA0C9B;AAED,wBAAsB,eAAe,CACnC,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,eAAe,CAAC,CAQ1B;AAED,wBAAsB,wBAAwB,CAC5C,SAAS,EAAE,SAAS,GACnB,OAAO,CAAC,kBAAkB,CAAC,CA2E7B;AAED,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,mBAIpD;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAQD,wBAAsB,cAAc,CAAC,EACnC,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,QAAQ,CAAC;IACd,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,iBAoBA"}

package/dist/declarations/src/cf-worker/usage.d.ts

@@ -21,8 +21,8 @@ declare const usageEventSchema: z.ZodObject<{
     userOpHash: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     source: "storage" | "rpc" | "bundler" | "relayer" | "wallet" | "paymaster";
-    action: string;
     accountId: string;
+    action: string;
     apiKeyId?: string | undefined;
     creatorWalletAddress?: string | undefined;
     clientId?: string | undefined;
@@ -38,8 +38,8 @@ declare const usageEventSchema: z.ZodObject<{
     userOpHash?: string | undefined;
 }, {
     source: "storage" | "rpc" | "bundler" | "relayer" | "wallet" | "paymaster";
-    action: string;
     accountId: string;
+    action: string;
     apiKeyId?: string | undefined;
     creatorWalletAddress?: string | undefined;
     clientId?: string | undefined;

package/dist/declarations/src/core/api.d.ts

@@ -1,6 +1,6 @@
 import type { ServiceName } from "./services";
 export type CoreServiceConfig = {
-    enforceAuth: boolean;
+    enforceAuth?: boolean;
     apiUrl: string;
     serviceScope: ServiceName;
     serviceApiKey: string;
@@ -23,6 +23,20 @@ export type ApiKeyMetadata = {
         targetAddresses: string[];
         actions: string[];
     }[];
+    usage?: {
+        bundler?: {
+            chainId: number;
+            sumTransactionFee: number;
+        }[];
+        storage?: {
+            sumFileSizeBytes: number;
+        };
+        embeddedWallets?: {
+            countWalletAddresses: number;
+        };
+    };
+    limits: Partial<Record<ServiceName, number>>;
+    rateLimits: Partial<Record<ServiceName, number>>;
 };
 export type AccountMetadata = {
     id: string;
@@ -47,4 +61,5 @@ export type ApiAccountResponse = {
 };
 export declare function fetchKeyMetadataFromApi(clientId: string, config: CoreServiceConfig): Promise<ApiResponse>;
 export declare function fetchAccountFromApi(jwt: string, config: CoreServiceConfig, useWalletAuth: boolean): Promise<ApiAccountResponse>;
+export declare function updateRateLimitedAt(apiKeyId: string, config: CoreServiceConfig): Promise<void>;
 //# sourceMappingURL=api.d.ts.map

package/dist/declarations/src/core/api.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"api.d.ts","sourceRoot":"../../../../src/core","sources":["api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,WAAW,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,YAAY,GAAG,WAAW,GAAG,cAAc,GAAG,gBAAgB,CAAC;IAC9E,WAAW,EAAE,MAAM,GAAG,YAAY,CAAC;IACnC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;CACL,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,eAAe,GAAG,IAAI,CAAC;IAC7B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,WAAW,CAAC,CAiBtB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,iBAAiB,EACzB,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAkB7B"}
+{"version":3,"file":"api.d.ts","sourceRoot":"../../../../src/core","sources":["api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,WAAW,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,YAAY,GAAG,WAAW,GAAG,cAAc,GAAG,gBAAgB,CAAC;IAC9E,WAAW,EAAE,MAAM,GAAG,YAAY,CAAC;IACnC,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;IACJ,KAAK,CAAC,EAAE;QACN,OAAO,CAAC,EAAE;YACR,OAAO,EAAE,MAAM,CAAC;YAChB,iBAAiB,EAAE,MAAM,CAAC;SAC3B,EAAE,CAAC;QACJ,OAAO,CAAC,EAAE;YACR,gBAAgB,EAAE,MAAM,CAAC;SAC1B,CAAC;QACF,eAAe,CAAC,EAAE;YAChB,oBAAoB,EAAE,MAAM,CAAC;SAC9B,CAAC;KACH,CAAC;IACF,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;IAC7C,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;CAClD,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,eAAe,GAAG,IAAI,CAAC;IAC7B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,WAAW,CAAC,CAqBtB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,iBAAiB,EACzB,aAAa,EAAE,OAAO,GACrB,OAAO,CAAC,kBAAkB,CAAC,CAwB7B;AAED,wBAAsB,mBAAmB,CACvC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,IAAI,CAAC,CAgBf"}

package/dist/declarations/src/core/rateLimit/index.d.ts

@@ -0,0 +1,9 @@
+import { ApiKeyMetadata, CoreServiceConfig } from "../api";
+import { RateLimitResult } from "./types";
+type CacheOptions = {
+    get: (bucketId: string) => Promise<string | null>;
+    put: (bucketId: string, count: string) => Promise<void> | void;
+};
+export declare function rateLimit(apiKeyMeta: ApiKeyMetadata, serviceConfig: CoreServiceConfig, cacheOptions: CacheOptions): Promise<RateLimitResult>;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/core/rateLimit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAuB,MAAM,QAAQ,CAAC;AAEhF,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAI1C,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAChE,CAAC;AAEF,wBAAsB,SAAS,CAC7B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,iBAAiB,EAChC,YAAY,EAAE,YAAY,GACzB,OAAO,CAAC,eAAe,CAAC,CAsC1B"}

package/dist/declarations/src/core/rateLimit/types.d.ts

@@ -0,0 +1,9 @@
+export type RateLimitResult = {
+    rateLimited: false;
+} | {
+    rateLimited: true;
+    status: number;
+    errorMessage: string;
+    errorCode: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/core/rateLimit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/rateLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,eAAe,GACvB;IACE,WAAW,EAAE,KAAK,CAAC;CACpB,GACD;IACE,WAAW,EAAE,IAAI,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/declarations/src/core/usageLimit/index.d.ts

@@ -0,0 +1,4 @@
+import { ApiKeyMetadata, CoreServiceConfig } from "../api";
+import { UsageLimitResult } from "./types";
+export declare function usageLimit(apiKeyMeta: ApiKeyMetadata, serviceConfig: CoreServiceConfig): Promise<UsageLimitResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/core/usageLimit/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/usageLimit","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAE3D,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAE3C,wBAAsB,UAAU,CAC9B,UAAU,EAAE,cAAc,EAC1B,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,gBAAgB,CAAC,CA4B3B"}

package/dist/declarations/src/core/usageLimit/types.d.ts

@@ -0,0 +1,9 @@
+export type UsageLimitResult = {
+    usageLimited: false;
+} | {
+    usageLimited: true;
+    status: number;
+    errorMessage: string;
+    errorCode: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/core/usageLimit/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/usageLimit","sources":["types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,gBAAgB,GACxB;IACE,YAAY,EAAE,KAAK,CAAC;CACrB,GACD;IACE,YAAY,EAAE,IAAI,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}

package/dist/declarations/src/node/index.d.ts

@@ -1,15 +1,34 @@
 /// <reference types="node" />
+import type { ServerResponse } from "http";
 import type { IncomingMessage } from "node:http";
-import type { AuthorizationInput } from "../core/authorize";
 import type { CoreServiceConfig } from "../core/api";
+import type { AuthorizationInput } from "../core/authorize";
 import type { AuthorizationResult } from "../core/authorize/types";
 import type { CoreAuthInput } from "../core/types";
-import type { ServerResponse } from "http";
 export * from "../core/services";
+export * from "../core/rateLimit";
+export * from "../core/usageLimit";
 type NodeServiceConfig = CoreServiceConfig;
 export type AuthInput = CoreAuthInput & {
     req: IncomingMessage;
 };
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
 export declare function authorizeNode(authInput: AuthInput, serviceConfig: NodeServiceConfig): Promise<AuthorizationResult>;
 export declare function extractAuthorizationData(authInput: AuthInput): AuthorizationInput;
 export declare function hashSecretKey(secretKey: string): string;

package/dist/declarations/src/node/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAGA,OAAO,KAAK,EAAuB,eAAe,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AACnD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAE3C,cAAc,kBAAkB,CAAC;AAEjC,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,CA2FpB;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,UAE9C;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAED,wBAAgB,cAAc,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,cAAc,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,QAsBA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAGA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,MAAM,CAAC;AAC3C,OAAO,KAAK,EAAuB,eAAe,EAAE,MAAM,WAAW,CAAC;AACtE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AACrD,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AACjC,cAAc,mBAAmB,CAAC;AAClC,cAAc,oBAAoB,CAAC;AAEnC,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,CA2FpB;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,UAE9C;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE;AAED,wBAAgB,cAAc,CAAC,EAC7B,MAAM,EACN,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,GACd,EAAE,SAAS,GAAG;IACb,MAAM,EAAE,MAAM,CAAC;IACf,GAAG,EAAE,cAAc,CAAC;IACpB,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,aAAa,CAAC,EAAE,KAAK,GAAG,MAAM,CAAC;CAChC,QAsBA"}

package/dist/{index-6e0ecc5f.cjs.prod.js → index-21ba31a2.cjs.prod.js}

@@ -44,6 +44,25 @@ async function fetchAccountFromApi(jwt, config, useWalletAuth) {
   }
   return json;
 }
+async function updateRateLimitedAt(apiKeyId, config) {
+  const {
+    apiUrl,
+    serviceScope: scope,
+    serviceApiKey
+  } = config;
+  const url = `${apiUrl}/usage/rateLimit`;
+  await fetch(url, {
+    method: "PUT",
+    headers: {
+      "x-service-api-key": serviceApiKey,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      apiKeyId,
+      scope
+    })
+  });
+}
 
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
@@ -421,4 +440,76 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
+const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
+async function rateLimit(apiKeyMeta, serviceConfig, cacheOptions) {
+  const {
+    id,
+    rateLimits,
+    accountId
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = rateLimits[serviceScope];
+  if (limit === undefined) {
+    // No rate limit is provided. Assume the request is not rate limited.
+    return {
+      rateLimited: false
+    };
+  }
+
+  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
+  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
+  const key = [serviceScope, accountId, bucketId].join(":");
+  const value = parseInt((await cacheOptions.get(key)) || "0");
+  const current = value + 1;
+
+  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+  if (current > limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS) {
+    // report rate limit hits
+    await updateRateLimitedAt(id, serviceConfig);
+    return {
+      rateLimited: true,
+      status: 429,
+      errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+      errorCode: "RATE_LIMIT_EXCEEDED"
+    };
+  } else {
+    await cacheOptions.put(key, current.toString());
+  }
+  return {
+    rateLimited: false
+  };
+}
+
+async function usageLimit(apiKeyMeta, serviceConfig) {
+  const {
+    limits,
+    usage
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = limits[serviceScope];
+  if (!usage || !(serviceScope in usage) || limit === undefined) {
+    // No usage limit is provided. Assume the request is not limited.
+    return {
+      usageLimited: false
+    };
+  }
+  if (serviceScope === "storage" && (usage.storage?.sumFileSizeBytes || 0) > limit) {
+    return {
+      usageLimited: true,
+      status: 402,
+      errorMessage: `You've used all of your total usage limit for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+      errorCode: "PAYMENT_METHOD_REQUIRED"
+    };
+  }
+  return {
+    usageLimited: false
+  };
+}
+
 exports.authorize = authorize;
+exports.rateLimit = rateLimit;
+exports.usageLimit = usageLimit;

package/dist/{index-cd4f96ef.cjs.dev.js → index-4e1ffe00.cjs.dev.js}

@@ -44,6 +44,25 @@ async function fetchAccountFromApi(jwt, config, useWalletAuth) {
   }
   return json;
 }
+async function updateRateLimitedAt(apiKeyId, config) {
+  const {
+    apiUrl,
+    serviceScope: scope,
+    serviceApiKey
+  } = config;
+  const url = `${apiUrl}/usage/rateLimit`;
+  await fetch(url, {
+    method: "PUT",
+    headers: {
+      "x-service-api-key": serviceApiKey,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      apiKeyId,
+      scope
+    })
+  });
+}
 
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
@@ -421,4 +440,76 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
+const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
+async function rateLimit(apiKeyMeta, serviceConfig, cacheOptions) {
+  const {
+    id,
+    rateLimits,
+    accountId
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = rateLimits[serviceScope];
+  if (limit === undefined) {
+    // No rate limit is provided. Assume the request is not rate limited.
+    return {
+      rateLimited: false
+    };
+  }
+
+  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
+  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
+  const key = [serviceScope, accountId, bucketId].join(":");
+  const value = parseInt((await cacheOptions.get(key)) || "0");
+  const current = value + 1;
+
+  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+  if (current > limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS) {
+    // report rate limit hits
+    await updateRateLimitedAt(id, serviceConfig);
+    return {
+      rateLimited: true,
+      status: 429,
+      errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+      errorCode: "RATE_LIMIT_EXCEEDED"
+    };
+  } else {
+    await cacheOptions.put(key, current.toString());
+  }
+  return {
+    rateLimited: false
+  };
+}
+
+async function usageLimit(apiKeyMeta, serviceConfig) {
+  const {
+    limits,
+    usage
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = limits[serviceScope];
+  if (!usage || !(serviceScope in usage) || limit === undefined) {
+    // No usage limit is provided. Assume the request is not limited.
+    return {
+      usageLimited: false
+    };
+  }
+  if (serviceScope === "storage" && (usage.storage?.sumFileSizeBytes || 0) > limit) {
+    return {
+      usageLimited: true,
+      status: 402,
+      errorMessage: `You've used all of your total usage limit for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+      errorCode: "PAYMENT_METHOD_REQUIRED"
+    };
+  }
+  return {
+    usageLimited: false
+  };
+}
+
 exports.authorize = authorize;
+exports.rateLimit = rateLimit;
+exports.usageLimit = usageLimit;

package/dist/{index-ffddf746.esm.js → index-524baaec.esm.js}

@@ -42,6 +42,25 @@ async function fetchAccountFromApi(jwt, config, useWalletAuth) {
   }
   return json;
 }
+async function updateRateLimitedAt(apiKeyId, config) {
+  const {
+    apiUrl,
+    serviceScope: scope,
+    serviceApiKey
+  } = config;
+  const url = `${apiUrl}/usage/rateLimit`;
+  await fetch(url, {
+    method: "PUT",
+    headers: {
+      "x-service-api-key": serviceApiKey,
+      "content-type": "application/json"
+    },
+    body: JSON.stringify({
+      apiKeyId,
+      scope
+    })
+  });
+}
 
 function authorizeClient(authOptions, apiKeyMeta) {
   const {
@@ -419,4 +438,74 @@ async function authorize(authData, serviceConfig, cacheOptions) {
   };
 }
 
-export { authorize as a };
+const DEFAULT_RATE_LIMIT_WINDOW_SECONDS = 10;
+async function rateLimit(apiKeyMeta, serviceConfig, cacheOptions) {
+  const {
+    id,
+    rateLimits,
+    accountId
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = rateLimits[serviceScope];
+  if (limit === undefined) {
+    // No rate limit is provided. Assume the request is not rate limited.
+    return {
+      rateLimited: false
+    };
+  }
+
+  // Floors the current time to the nearest DEFAULT_RATE_LIMIT_WINDOW_SECONDS.
+  const bucketId = Math.floor(Date.now() / (1000 * DEFAULT_RATE_LIMIT_WINDOW_SECONDS)) * DEFAULT_RATE_LIMIT_WINDOW_SECONDS;
+  const key = [serviceScope, accountId, bucketId].join(":");
+  const value = parseInt((await cacheOptions.get(key)) || "0");
+  const current = value + 1;
+
+  // limit is in seconds, but we need in DEFAULT_RATE_LIMIT_WINDOW_SECONDS
+  if (current > limit * DEFAULT_RATE_LIMIT_WINDOW_SECONDS) {
+    // report rate limit hits
+    await updateRateLimitedAt(id, serviceConfig);
+    return {
+      rateLimited: true,
+      status: 429,
+      errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limit} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+      errorCode: "RATE_LIMIT_EXCEEDED"
+    };
+  } else {
+    await cacheOptions.put(key, current.toString());
+  }
+  return {
+    rateLimited: false
+  };
+}
+
+async function usageLimit(apiKeyMeta, serviceConfig) {
+  const {
+    limits,
+    usage
+  } = apiKeyMeta;
+  const {
+    serviceScope
+  } = serviceConfig;
+  const limit = limits[serviceScope];
+  if (!usage || !(serviceScope in usage) || limit === undefined) {
+    // No usage limit is provided. Assume the request is not limited.
+    return {
+      usageLimited: false
+    };
+  }
+  if (serviceScope === "storage" && (usage.storage?.sumFileSizeBytes || 0) > limit) {
+    return {
+      usageLimited: true,
+      status: 402,
+      errorMessage: `You've used all of your total usage limit for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+      errorCode: "PAYMENT_METHOD_REQUIRED"
+    };
+  }
+  return {
+    usageLimited: false
+  };
+}
+
+export { authorize as a, rateLimit as r, usageLimit as u };

package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js

@@ -3,9 +3,26 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-cd4f96ef.cjs.dev.js');
+var index = require('../../dist/index-4e1ffe00.cjs.dev.js');
 var services = require('../../dist/services-a3f36057.cjs.dev.js');
 
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
 async function authorizeNode(authInput, serviceConfig) {
   let authData;
   try {
@@ -156,6 +173,8 @@ function logHttpRequest(_ref) {
   console.log(`statusMessage=${_statusMessage}`);
 }
 
+exports.rateLimit = index.rateLimit;
+exports.usageLimit = index.usageLimit;
 exports.SERVICES = services.SERVICES;
 exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
 exports.SERVICE_NAMES = services.SERVICE_NAMES;

package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js

@@ -3,9 +3,26 @@
 Object.defineProperty(exports, '__esModule', { value: true });
 
 var node_crypto = require('node:crypto');
-var index = require('../../dist/index-6e0ecc5f.cjs.prod.js');
+var index = require('../../dist/index-21ba31a2.cjs.prod.js');
 var services = require('../../dist/services-9e185105.cjs.prod.js');
 
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
 async function authorizeNode(authInput, serviceConfig) {
   let authData;
   try {
@@ -156,6 +173,8 @@ function logHttpRequest(_ref) {
   console.log(`statusMessage=${_statusMessage}`);
 }
 
+exports.rateLimit = index.rateLimit;
+exports.usageLimit = index.usageLimit;
 exports.SERVICES = services.SERVICES;
 exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
 exports.SERVICE_NAMES = services.SERVICE_NAMES;

package/node/dist/thirdweb-dev-service-utils-node.esm.js

@@ -1,7 +1,25 @@
 import { createHash } from 'node:crypto';
-import { a as authorize } from '../../dist/index-ffddf746.esm.js';
+import { a as authorize } from '../../dist/index-524baaec.esm.js';
+export { r as rateLimit, u as usageLimit } from '../../dist/index-524baaec.esm.js';
 export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
 
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
 async function authorizeNode(authInput, serviceConfig) {
   let authData;
   try {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.0.0-dev-c3925f3-20230905155015",
+  "version": "0.0.0-dev-92be883-20230913130717",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {
@@ -52,6 +52,7 @@
     "eslint-config-thirdweb": "^0.1.6",
     "jest": "^29.6.2",
     "prettier": "^3.0.0",
+    "ts-jest": "^29.1.1",
     "typescript": "^5.1.6"
   },
   "dependencies": {