@thirdweb-dev/service-utils 0.0.0-dev-d4941e0-20230714040644 → 0.0.0-dev-f8121eb-20230714072905

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.0.0-dev-d4941e0-20230714040644",
+  "version": "0.0.0-dev-f8121eb-20230714072905",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {
@@ -8,6 +8,14 @@
       "module": "./dist/thirdweb-dev-service-utils.esm.js",
       "default": "./dist/thirdweb-dev-service-utils.cjs.js"
     },
+    "./node": {
+      "module": "./node/dist/thirdweb-dev-service-utils-node.esm.js",
+      "default": "./node/dist/thirdweb-dev-service-utils-node.cjs.js"
+    },
+    "./cf-worker": {
+      "module": "./cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js",
+      "default": "./cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.js"
+    },
     "./package.json": "./package.json"
   },
   "repository": "https://github.com/thirdweb-dev/js/tree/main/packages/pay",
@@ -17,29 +25,32 @@
   },
   "author": "thirdweb eng <eng@thirdweb.com>",
   "files": [
-    "dist/"
+    "dist/",
+    "node/",
+    "cf-worker/"
   ],
   "preconstruct": {
     "entrypoints": [
-      "index.ts"
+      "index.ts",
+      "cf-worker/index.ts",
+      "node/index.ts"
     ],
     "exports": true
   },
   "sideEffects": false,
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20230710.0",
+    "@preconstruct/cli": "^2.8.1",
+    "@thirdweb-dev/tsconfig": "^0.1.7",
+    "@types/jest": "^29.5.2",
     "@types/node": "^20.4.1",
     "@typescript-eslint/eslint-plugin": "^6.0.0",
     "@typescript-eslint/parser": "^6.0.0",
     "eslint": "^8.44.0",
     "eslint-config-prettier": "^8.8.0",
-    "lint-staged": "^13.2.3",
-    "prettier": "^3.0.0",
-    "sort-package-json": "^2.5.1",
-    "ts-node": "^10.9.1",
-    "@preconstruct/cli": "^2.7.0",
-    "@thirdweb-dev/tsconfig": "^0.1.7",
     "eslint-config-thirdweb": "^0.1.5",
+    "jest": "^29.4.3",
+    "prettier": "^3.0.0",
     "typescript": "^5.1.6"
   },
   "scripts": {
@@ -48,6 +59,7 @@
     "fix": "eslint src/ --fix",
     "clean": "rm -rf dist/",
     "build": "tsc && preconstruct build",
-    "push": "yalc push"
+    "push": "yalc push",
+    "test": "jest"
   }
 }

package/dist/declarations/src/auth/index.d.ts

@@ -1,4 +0,0 @@
-import { AuthorizationResponse, AuthorizeCFWorkerOptions, AuthorizeNodeServiceOptions } from "./types";
-export declare function authorizeCFWorkerService(options: AuthorizeCFWorkerOptions): Promise<AuthorizationResponse>;
-export declare function authorizeNodeService(options: AuthorizeNodeServiceOptions): Promise<AuthorizationResponse>;
-//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/auth/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/auth","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,qBAAqB,EAErB,wBAAwB,EACxB,2BAA2B,EAE5B,MAAM,SAAS,CAAC;AAEjB,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,wBAAwB,kCAkClC;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,2BAA2B,kCASrC"}

package/dist/declarations/src/auth/types.d.ts

@@ -1,62 +0,0 @@
-import { KVNamespace, ExecutionContext } from "@cloudflare/workers-types";
-import { ServiceName } from "../types";
-export interface AuthOptions {
-    clientId: string;
-    secretHash?: string;
-    bundleId?: string;
-    origin?: string;
-}
-export interface AuthorizeCFWorkerOptions {
-    ctx: ExecutionContext;
-    kvStore: KVNamespace<string>;
-    authOptions: AuthOptions;
-    serviceConfig: ServiceConfiguration;
-    validations: AuthorizationValidations;
-}
-export interface AuthorizeNodeServiceOptions {
-    authOptions: AuthOptions;
-    serviceConfig: ServiceConfiguration;
-    validations: AuthorizationValidations;
-}
-export interface ServiceConfiguration {
-    apiUrl: string;
-    scope: ServiceName;
-    serviceKey: string;
-    cachedKey?: ApiKey;
-    cacheTtl?: number;
-    onRefetchComplete?: (key: ApiKey) => void;
-}
-export interface AuthorizationValidations {
-    serviceTargetAddresses?: string[];
-    serviceAction?: string;
-}
-export interface AuthorizationResponse {
-    authorized: boolean;
-    errorMessage?: string;
-    errorCode?: string;
-    statusCode?: number;
-    data?: ApiKey;
-}
-export interface ApiResponse {
-    data: ApiKey | null;
-    error: {
-        code: string;
-        statusCode: number;
-        message: string;
-    };
-}
-export interface ApiKey {
-    id: string;
-    key: string;
-    creatorWalletAddress: string;
-    secretHash: string;
-    walletAddresses: string[];
-    domains: string[];
-    bundleIds: string[];
-    services: {
-        name: string;
-        targetAddresses: string[];
-        actions: string[];
-    }[];
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/auth/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/auth","sources":["types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC1E,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,gBAAgB,CAAC;IACtB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,EAAE,oBAAoB,CAAC;IACpC,WAAW,EAAE,wBAAwB,CAAC;CACvC;AAED,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,EAAE,oBAAoB,CAAC;IACpC,WAAW,EAAE,wBAAwB,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC3C;AAED,MAAM,WAAW,wBAAwB;IACvC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;CACL"}

package/dist/declarations/src/index.d.ts

@@ -1,4 +0,0 @@
-export declare function getServiceByName(name: string): import("./types").Service | undefined;
-export * from "./types";
-export * from "./auth";
-//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../src","sources":["index.ts"],"names":[],"mappings":"AAEA,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,yCAE5C;AAED,cAAc,SAAS,CAAC;AACxB,cAAc,QAAQ,CAAC"}

package/dist/declarations/src/types.d.ts

@@ -1,15 +0,0 @@
-export declare const SERVICE_NAMES: readonly ["bundler", "rpc", "storage"];
-export declare const SERVICES: Service[];
-export type ServiceName = (typeof SERVICE_NAMES)[number];
-export interface ServiceAction {
-    name: string;
-    title: string;
-    description?: string;
-}
-export interface Service {
-    name: ServiceName;
-    title: string;
-    description?: string;
-    actions: ServiceAction[];
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"../../../src","sources":["types.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,aAAa,wCAAyC,CAAC;AAEpE,eAAO,MAAM,QAAQ,EAAE,OAAO,EAgC7B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,OAAO;IACtB,IAAI,EAAE,WAAW,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,OAAO,EAAE,aAAa,EAAE,CAAC;CAC1B"}

package/dist/thirdweb-dev-service-utils.cjs.d.ts

@@ -1,2 +0,0 @@
-export * from "./declarations/src/index";
-//# sourceMappingURL=thirdweb-dev-service-utils.cjs.d.ts.map

package/dist/thirdweb-dev-service-utils.cjs.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"thirdweb-dev-service-utils.cjs.d.ts","sourceRoot":"","sources":["./declarations/src/index.d.ts"],"names":[],"mappings":"AAAA"}

package/dist/thirdweb-dev-service-utils.cjs.dev.js

@@ -1,279 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-const SERVICE_NAMES = ["bundler", "rpc", "storage"];
-const SERVICES = [{
-  name: "storage",
-  title: "Storage",
-  description: "IPFS Upload and Download",
-  actions: [{
-    name: "read",
-    title: "Download",
-    description: "Download a file from Storage"
-  }, {
-    name: "write",
-    title: "Upload",
-    description: "Upload a file to Storage"
-  }]
-}, {
-  name: "rpc",
-  title: "RPC",
-  description: "Accelerated RPC Edge",
-  // all actions allowed
-  actions: []
-}, {
-  name: "bundler",
-  title: "Smart Wallets",
-  description: "Bundler & Paymaster services",
-  // all actions allowed
-  actions: []
-}];
-
-async function authorizeCFWorkerService(options) {
-  const {
-    kvStore,
-    ctx,
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  const {
-    clientId
-  } = authOptions;
-  let cachedKey;
-
-  // first, check if the key is in KV
-  try {
-    const kvKey = await kvStore.get(clientId);
-    if (kvKey) {
-      cachedKey = JSON.parse(kvKey);
-    }
-  } catch (err) {
-    // ignore JSON parse, assuming not valid
-  }
-  const updateKv = async keyData => {
-    kvStore.put(clientId, JSON.stringify(keyData), {
-      expirationTtl: serviceConfig.cacheTtl || 60
-    });
-  };
-  return authorize({
-    authOptions,
-    serviceConfig: {
-      ...serviceConfig,
-      cachedKey,
-      onRefetchComplete: keyData => {
-        ctx.waitUntil(updateKv(keyData));
-      }
-    },
-    validations
-  });
-}
-async function authorizeNodeService(options) {
-  const {
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  return authorize({
-    authOptions,
-    serviceConfig,
-    validations
-  });
-}
-
-/**
- * Authorizes a request for a given client ID
- *
- * @returns The Promise AuthorizationResponse
- */
-async function authorize(options) {
-  try {
-    const {
-      authOptions,
-      serviceConfig,
-      validations
-    } = options;
-    const {
-      clientId
-    } = authOptions;
-    const {
-      apiUrl,
-      scope,
-      serviceKey,
-      cachedKey,
-      onRefetchComplete
-    } = serviceConfig;
-    let keyData = cachedKey;
-
-    // no cached key, re-fetch from API
-    if (!keyData) {
-      const response = await fetch(`${apiUrl}/v1/keys/use?scope=${scope}&clientId=${clientId}`, {
-        method: "GET",
-        headers: {
-          "x-service-api-key": serviceKey,
-          "content-type": "application/json"
-        }
-      });
-      const apiResponse = await response.json();
-      if (!response.ok) {
-        const {
-          error
-        } = apiResponse;
-        return {
-          authorized: false,
-          errorMessage: error.message,
-          errorCode: error.code || "",
-          statusCode: error.statusCode || 401
-        };
-      }
-      keyData = apiResponse.data;
-      if (onRefetchComplete) {
-        onRefetchComplete(keyData);
-      }
-    }
-
-    //
-    // Run validations
-    //
-    const authResponse = authAccess(authOptions, keyData);
-    if (!authResponse?.authorized) {
-      return authResponse;
-    }
-    const authzResponse = authzServices(validations, keyData, scope);
-    if (!authzResponse?.authorized) {
-      return authzResponse;
-    }
-    // FIXME: validate bundleId
-
-    return {
-      authorized: true,
-      data: keyData
-    };
-  } catch (err) {
-    console.error("Failed to authorize this key.", err);
-    return {
-      authorized: false,
-      errorMessage: "Internal error",
-      errorCode: "INTERNAL_ERROR",
-      statusCode: 500
-    };
-  }
-}
-function authAccess(authOptions, apiKey) {
-  const {
-    origin,
-    secretHash: providedSecretHash
-  } = authOptions;
-  const {
-    domains,
-    secretHash
-  } = apiKey;
-  if (providedSecretHash) {
-    if (secretHash !== providedSecretHash) {
-      return {
-        authorized: false,
-        errorMessage: "The secret is invalid.",
-        errorCode: "SECRET_INVALID",
-        statusCode: 401
-      };
-    }
-    return {
-      authorized: true
-    };
-  }
-
-  // validate domains
-  if (origin) {
-    if (
-    // find matching domain, or if all domains allowed
-    domains.find(d => {
-      if (d === "*") {
-        return true;
-      }
-
-      // If the allowedDomain has a wildcard,
-      // we'll check that the ending of our domain matches the wildcard
-      if (d.startsWith("*.")) {
-        const domainRoot = d.slice(2);
-        return origin.endsWith(domainRoot);
-      }
-
-      // If there's no wildcard, we'll check for an exact match
-      return d === origin;
-    })) {
-      return {
-        authorized: true
-      };
-    }
-    return {
-      authorized: false,
-      errorMessage: "The origin is not authorized for this key.",
-      errorCode: "ORIGIN_UNAUTHORIZED",
-      statusCode: 401
-    };
-  }
-
-  // FIXME: validate bundle id
-  return {
-    authorized: false,
-    errorMessage: "The keys are invalid.",
-    errorCode: "UNAUTHORIZED",
-    statusCode: 401
-  };
-}
-function authzServices(validations, apiKey, scope) {
-  const {
-    services
-  } = apiKey;
-  const {
-    serviceTargetAddresses,
-    serviceAction
-  } = validations;
-
-  // validate services
-  const service = services.find(srv => srv.name === scope);
-  if (!service) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" is not authorized for this key.`,
-      errorCode: "SERVICE_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-
-  // validate service actions
-  if (serviceAction) {
-    if (!service.actions.includes(serviceAction)) {
-      return {
-        authorized: false,
-        errorMessage: `The service "${scope}" action "${serviceAction}" is not authorized for this key.`,
-        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
-        statusCode: 403
-      };
-    }
-  }
-
-  // validate service target addresses
-  if (serviceTargetAddresses && !service.targetAddresses.find(addr => addr === "*" || serviceTargetAddresses.includes(addr))) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" target address is not authorized for this key.`,
-      errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-  return {
-    authorized: true
-  };
-}
-
-function getServiceByName(name) {
-  return SERVICES.find(srv => srv.name === name);
-}
-
-exports.SERVICES = SERVICES;
-exports.SERVICE_NAMES = SERVICE_NAMES;
-exports.authorizeCFWorkerService = authorizeCFWorkerService;
-exports.authorizeNodeService = authorizeNodeService;
-exports.getServiceByName = getServiceByName;

package/dist/thirdweb-dev-service-utils.cjs.js

@@ -1,7 +0,0 @@
-'use strict';
-
-if (process.env.NODE_ENV === "production") {
-  module.exports = require("./thirdweb-dev-service-utils.cjs.prod.js");
-} else {
-  module.exports = require("./thirdweb-dev-service-utils.cjs.dev.js");
-}

package/dist/thirdweb-dev-service-utils.cjs.prod.js

@@ -1,279 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-const SERVICE_NAMES = ["bundler", "rpc", "storage"];
-const SERVICES = [{
-  name: "storage",
-  title: "Storage",
-  description: "IPFS Upload and Download",
-  actions: [{
-    name: "read",
-    title: "Download",
-    description: "Download a file from Storage"
-  }, {
-    name: "write",
-    title: "Upload",
-    description: "Upload a file to Storage"
-  }]
-}, {
-  name: "rpc",
-  title: "RPC",
-  description: "Accelerated RPC Edge",
-  // all actions allowed
-  actions: []
-}, {
-  name: "bundler",
-  title: "Smart Wallets",
-  description: "Bundler & Paymaster services",
-  // all actions allowed
-  actions: []
-}];
-
-async function authorizeCFWorkerService(options) {
-  const {
-    kvStore,
-    ctx,
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  const {
-    clientId
-  } = authOptions;
-  let cachedKey;
-
-  // first, check if the key is in KV
-  try {
-    const kvKey = await kvStore.get(clientId);
-    if (kvKey) {
-      cachedKey = JSON.parse(kvKey);
-    }
-  } catch (err) {
-    // ignore JSON parse, assuming not valid
-  }
-  const updateKv = async keyData => {
-    kvStore.put(clientId, JSON.stringify(keyData), {
-      expirationTtl: serviceConfig.cacheTtl || 60
-    });
-  };
-  return authorize({
-    authOptions,
-    serviceConfig: {
-      ...serviceConfig,
-      cachedKey,
-      onRefetchComplete: keyData => {
-        ctx.waitUntil(updateKv(keyData));
-      }
-    },
-    validations
-  });
-}
-async function authorizeNodeService(options) {
-  const {
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  return authorize({
-    authOptions,
-    serviceConfig,
-    validations
-  });
-}
-
-/**
- * Authorizes a request for a given client ID
- *
- * @returns The Promise AuthorizationResponse
- */
-async function authorize(options) {
-  try {
-    const {
-      authOptions,
-      serviceConfig,
-      validations
-    } = options;
-    const {
-      clientId
-    } = authOptions;
-    const {
-      apiUrl,
-      scope,
-      serviceKey,
-      cachedKey,
-      onRefetchComplete
-    } = serviceConfig;
-    let keyData = cachedKey;
-
-    // no cached key, re-fetch from API
-    if (!keyData) {
-      const response = await fetch(`${apiUrl}/v1/keys/use?scope=${scope}&clientId=${clientId}`, {
-        method: "GET",
-        headers: {
-          "x-service-api-key": serviceKey,
-          "content-type": "application/json"
-        }
-      });
-      const apiResponse = await response.json();
-      if (!response.ok) {
-        const {
-          error
-        } = apiResponse;
-        return {
-          authorized: false,
-          errorMessage: error.message,
-          errorCode: error.code || "",
-          statusCode: error.statusCode || 401
-        };
-      }
-      keyData = apiResponse.data;
-      if (onRefetchComplete) {
-        onRefetchComplete(keyData);
-      }
-    }
-
-    //
-    // Run validations
-    //
-    const authResponse = authAccess(authOptions, keyData);
-    if (!authResponse?.authorized) {
-      return authResponse;
-    }
-    const authzResponse = authzServices(validations, keyData, scope);
-    if (!authzResponse?.authorized) {
-      return authzResponse;
-    }
-    // FIXME: validate bundleId
-
-    return {
-      authorized: true,
-      data: keyData
-    };
-  } catch (err) {
-    console.error("Failed to authorize this key.", err);
-    return {
-      authorized: false,
-      errorMessage: "Internal error",
-      errorCode: "INTERNAL_ERROR",
-      statusCode: 500
-    };
-  }
-}
-function authAccess(authOptions, apiKey) {
-  const {
-    origin,
-    secretHash: providedSecretHash
-  } = authOptions;
-  const {
-    domains,
-    secretHash
-  } = apiKey;
-  if (providedSecretHash) {
-    if (secretHash !== providedSecretHash) {
-      return {
-        authorized: false,
-        errorMessage: "The secret is invalid.",
-        errorCode: "SECRET_INVALID",
-        statusCode: 401
-      };
-    }
-    return {
-      authorized: true
-    };
-  }
-
-  // validate domains
-  if (origin) {
-    if (
-    // find matching domain, or if all domains allowed
-    domains.find(d => {
-      if (d === "*") {
-        return true;
-      }
-
-      // If the allowedDomain has a wildcard,
-      // we'll check that the ending of our domain matches the wildcard
-      if (d.startsWith("*.")) {
-        const domainRoot = d.slice(2);
-        return origin.endsWith(domainRoot);
-      }
-
-      // If there's no wildcard, we'll check for an exact match
-      return d === origin;
-    })) {
-      return {
-        authorized: true
-      };
-    }
-    return {
-      authorized: false,
-      errorMessage: "The origin is not authorized for this key.",
-      errorCode: "ORIGIN_UNAUTHORIZED",
-      statusCode: 401
-    };
-  }
-
-  // FIXME: validate bundle id
-  return {
-    authorized: false,
-    errorMessage: "The keys are invalid.",
-    errorCode: "UNAUTHORIZED",
-    statusCode: 401
-  };
-}
-function authzServices(validations, apiKey, scope) {
-  const {
-    services
-  } = apiKey;
-  const {
-    serviceTargetAddresses,
-    serviceAction
-  } = validations;
-
-  // validate services
-  const service = services.find(srv => srv.name === scope);
-  if (!service) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" is not authorized for this key.`,
-      errorCode: "SERVICE_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-
-  // validate service actions
-  if (serviceAction) {
-    if (!service.actions.includes(serviceAction)) {
-      return {
-        authorized: false,
-        errorMessage: `The service "${scope}" action "${serviceAction}" is not authorized for this key.`,
-        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
-        statusCode: 403
-      };
-    }
-  }
-
-  // validate service target addresses
-  if (serviceTargetAddresses && !service.targetAddresses.find(addr => addr === "*" || serviceTargetAddresses.includes(addr))) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" target address is not authorized for this key.`,
-      errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-  return {
-    authorized: true
-  };
-}
-
-function getServiceByName(name) {
-  return SERVICES.find(srv => srv.name === name);
-}
-
-exports.SERVICES = SERVICES;
-exports.SERVICE_NAMES = SERVICE_NAMES;
-exports.authorizeCFWorkerService = authorizeCFWorkerService;
-exports.authorizeNodeService = authorizeNodeService;
-exports.getServiceByName = getServiceByName;

package/dist/thirdweb-dev-service-utils.esm.js

@@ -1,271 +0,0 @@
-const SERVICE_NAMES = ["bundler", "rpc", "storage"];
-const SERVICES = [{
-  name: "storage",
-  title: "Storage",
-  description: "IPFS Upload and Download",
-  actions: [{
-    name: "read",
-    title: "Download",
-    description: "Download a file from Storage"
-  }, {
-    name: "write",
-    title: "Upload",
-    description: "Upload a file to Storage"
-  }]
-}, {
-  name: "rpc",
-  title: "RPC",
-  description: "Accelerated RPC Edge",
-  // all actions allowed
-  actions: []
-}, {
-  name: "bundler",
-  title: "Smart Wallets",
-  description: "Bundler & Paymaster services",
-  // all actions allowed
-  actions: []
-}];
-
-async function authorizeCFWorkerService(options) {
-  const {
-    kvStore,
-    ctx,
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  const {
-    clientId
-  } = authOptions;
-  let cachedKey;
-
-  // first, check if the key is in KV
-  try {
-    const kvKey = await kvStore.get(clientId);
-    if (kvKey) {
-      cachedKey = JSON.parse(kvKey);
-    }
-  } catch (err) {
-    // ignore JSON parse, assuming not valid
-  }
-  const updateKv = async keyData => {
-    kvStore.put(clientId, JSON.stringify(keyData), {
-      expirationTtl: serviceConfig.cacheTtl || 60
-    });
-  };
-  return authorize({
-    authOptions,
-    serviceConfig: {
-      ...serviceConfig,
-      cachedKey,
-      onRefetchComplete: keyData => {
-        ctx.waitUntil(updateKv(keyData));
-      }
-    },
-    validations
-  });
-}
-async function authorizeNodeService(options) {
-  const {
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  return authorize({
-    authOptions,
-    serviceConfig,
-    validations
-  });
-}
-
-/**
- * Authorizes a request for a given client ID
- *
- * @returns The Promise AuthorizationResponse
- */
-async function authorize(options) {
-  try {
-    const {
-      authOptions,
-      serviceConfig,
-      validations
-    } = options;
-    const {
-      clientId
-    } = authOptions;
-    const {
-      apiUrl,
-      scope,
-      serviceKey,
-      cachedKey,
-      onRefetchComplete
-    } = serviceConfig;
-    let keyData = cachedKey;
-
-    // no cached key, re-fetch from API
-    if (!keyData) {
-      const response = await fetch(`${apiUrl}/v1/keys/use?scope=${scope}&clientId=${clientId}`, {
-        method: "GET",
-        headers: {
-          "x-service-api-key": serviceKey,
-          "content-type": "application/json"
-        }
-      });
-      const apiResponse = await response.json();
-      if (!response.ok) {
-        const {
-          error
-        } = apiResponse;
-        return {
-          authorized: false,
-          errorMessage: error.message,
-          errorCode: error.code || "",
-          statusCode: error.statusCode || 401
-        };
-      }
-      keyData = apiResponse.data;
-      if (onRefetchComplete) {
-        onRefetchComplete(keyData);
-      }
-    }
-
-    //
-    // Run validations
-    //
-    const authResponse = authAccess(authOptions, keyData);
-    if (!authResponse?.authorized) {
-      return authResponse;
-    }
-    const authzResponse = authzServices(validations, keyData, scope);
-    if (!authzResponse?.authorized) {
-      return authzResponse;
-    }
-    // FIXME: validate bundleId
-
-    return {
-      authorized: true,
-      data: keyData
-    };
-  } catch (err) {
-    console.error("Failed to authorize this key.", err);
-    return {
-      authorized: false,
-      errorMessage: "Internal error",
-      errorCode: "INTERNAL_ERROR",
-      statusCode: 500
-    };
-  }
-}
-function authAccess(authOptions, apiKey) {
-  const {
-    origin,
-    secretHash: providedSecretHash
-  } = authOptions;
-  const {
-    domains,
-    secretHash
-  } = apiKey;
-  if (providedSecretHash) {
-    if (secretHash !== providedSecretHash) {
-      return {
-        authorized: false,
-        errorMessage: "The secret is invalid.",
-        errorCode: "SECRET_INVALID",
-        statusCode: 401
-      };
-    }
-    return {
-      authorized: true
-    };
-  }
-
-  // validate domains
-  if (origin) {
-    if (
-    // find matching domain, or if all domains allowed
-    domains.find(d => {
-      if (d === "*") {
-        return true;
-      }
-
-      // If the allowedDomain has a wildcard,
-      // we'll check that the ending of our domain matches the wildcard
-      if (d.startsWith("*.")) {
-        const domainRoot = d.slice(2);
-        return origin.endsWith(domainRoot);
-      }
-
-      // If there's no wildcard, we'll check for an exact match
-      return d === origin;
-    })) {
-      return {
-        authorized: true
-      };
-    }
-    return {
-      authorized: false,
-      errorMessage: "The origin is not authorized for this key.",
-      errorCode: "ORIGIN_UNAUTHORIZED",
-      statusCode: 401
-    };
-  }
-
-  // FIXME: validate bundle id
-  return {
-    authorized: false,
-    errorMessage: "The keys are invalid.",
-    errorCode: "UNAUTHORIZED",
-    statusCode: 401
-  };
-}
-function authzServices(validations, apiKey, scope) {
-  const {
-    services
-  } = apiKey;
-  const {
-    serviceTargetAddresses,
-    serviceAction
-  } = validations;
-
-  // validate services
-  const service = services.find(srv => srv.name === scope);
-  if (!service) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" is not authorized for this key.`,
-      errorCode: "SERVICE_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-
-  // validate service actions
-  if (serviceAction) {
-    if (!service.actions.includes(serviceAction)) {
-      return {
-        authorized: false,
-        errorMessage: `The service "${scope}" action "${serviceAction}" is not authorized for this key.`,
-        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
-        statusCode: 403
-      };
-    }
-  }
-
-  // validate service target addresses
-  if (serviceTargetAddresses && !service.targetAddresses.find(addr => addr === "*" || serviceTargetAddresses.includes(addr))) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" target address is not authorized for this key.`,
-      errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-  return {
-    authorized: true
-  };
-}
-
-function getServiceByName(name) {
-  return SERVICES.find(srv => srv.name === name);
-}
-
-export { SERVICES, SERVICE_NAMES, authorizeCFWorkerService, authorizeNodeService, getServiceByName };