@thirdweb-dev/service-utils 0.1.1-nightly-7dc685bb-20230714041905 → 0.2.0-nightly-5eb6fc1b-20230714082745

package/dist/index-fcf69a55.cjs.dev.js

@@ -0,0 +1,254 @@
+'use strict';
+
+async function fetchKeyMetadataFromApi(clientId, config) {
+  const {
+    apiUrl,
+    serviceScope,
+    serviceApiKey
+  } = config;
+  const url = new URL(`${apiUrl}/v1/keys/use`);
+  url.searchParams.set("clientId", clientId);
+  url.searchParams.set("scope", serviceScope);
+  const response = await fetch(url, {
+    method: "GET",
+    headers: {
+      "x-service-api-key": serviceApiKey,
+      "content-type": "application/json"
+    }
+  });
+  if (!response.ok) {
+    throw new Error(`Error fetching key metadata from API: ${response.statusText}`);
+  }
+  return await response.json();
+}
+
+function authorizeClient(authOptions, apiKeyMeta) {
+  const {
+    origin,
+    secretKeyHash: providedSecretHash
+  } = authOptions;
+  const {
+    domains,
+    secretHash
+  } = apiKeyMeta;
+  if (providedSecretHash) {
+    if (secretHash !== providedSecretHash) {
+      return {
+        authorized: false,
+        errorMessage: "The secret is invalid.",
+        errorCode: "SECRET_INVALID",
+        status: 401
+      };
+    }
+    return {
+      authorized: true,
+      apiKeyMeta
+    };
+  }
+
+  // validate domains
+  if (origin) {
+    if (
+    // find matching domain, or if all domains allowed
+    domains.find(d => {
+      if (d === "*") {
+        return true;
+      }
+
+      // If the allowedDomain has a wildcard,
+      // we'll check that the ending of our domain matches the wildcard
+      if (d.startsWith("*.")) {
+        const domainRoot = d.slice(2);
+        return origin.endsWith(domainRoot);
+      }
+
+      // If there's no wildcard, we'll check for an exact match
+      return d === origin;
+    })) {
+      return {
+        authorized: true,
+        apiKeyMeta
+      };
+    }
+    return {
+      authorized: false,
+      errorMessage: "The origin is not authorized for this key.",
+      errorCode: "ORIGIN_UNAUTHORIZED",
+      status: 401
+    };
+  }
+
+  // FIXME: validate bundle id
+  return {
+    authorized: false,
+    errorMessage: "The keys are invalid.",
+    errorCode: "UNAUTHORIZED",
+    status: 401
+  };
+}
+
+function authorizeService(apikeyMetadata, serviceConfig, authorizationPayload) {
+  const {
+    services
+  } = apikeyMetadata;
+  // const { serviceTargetAddresses, serviceAction } = validations;
+
+  // validate services
+  const service = services.find(srv => srv.name === serviceConfig.serviceScope);
+  if (!service) {
+    return {
+      authorized: false,
+      errorMessage: `The service "${serviceConfig.serviceScope}" is not authorized for this key.`,
+      errorCode: "SERVICE_UNAUTHORIZED",
+      status: 403
+    };
+  }
+
+  // validate service actions
+  if (serviceConfig.serviceAction) {
+    const isActionAllowed = service.actions.includes(serviceConfig.serviceAction);
+    if (!isActionAllowed) {
+      return {
+        authorized: false,
+        errorMessage: `The service "${serviceConfig.serviceScope}" action "${serviceConfig.serviceAction}" is not authorized for this key.`,
+        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
+        status: 403
+      };
+    }
+  }
+
+  // validate service target addresses
+  // the service has to pass in the target address for this to be validated
+  if (authorizationPayload?.targetAddress) {
+    const isTargetAddressAllowed = service.targetAddresses.includes(authorizationPayload.targetAddress);
+    if (!isTargetAddressAllowed) {
+      return {
+        authorized: false,
+        errorMessage: `The service "${serviceConfig.serviceScope}" target address "${authorizationPayload.targetAddress}" is not authorized for this key.`,
+        errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
+        status: 403
+      };
+    }
+  }
+  return {
+    authorized: true,
+    apiKeyMeta: apikeyMetadata
+  };
+}
+
+async function authorize(authData, serviceConfig, cacheOptions) {
+  // if we don't have a client id at this point we can't authorize
+  if (!authData.clientId) {
+    return {
+      authorized: false,
+      status: 401,
+      errorMessage: "Missing clientId or secretKey.",
+      errorCode: "MISSING_KEY"
+    };
+  }
+  let apiKeyMeta = null;
+  // if we have cache options we want to check the cache first
+  if (cacheOptions) {
+    try {
+      const cachedKey = await cacheOptions.get(authData.clientId);
+      if (cachedKey) {
+        const parsed = JSON.parse(cachedKey);
+        if ("updatedAt" in parsed) {
+          // we want to compare the updatedAt time to the current time
+          // if the difference is greater than the cacheTtl we want to ignore the cached data
+          const now = Date.now();
+          const diff = now - parsed.updatedAt;
+          const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
+          // only if the diff is less than the cacheTtl do we want to use the cached key
+          if (diff < cacheTtl * 1000) {
+            apiKeyMeta = parsed.apiKeyMeta;
+          }
+        } else {
+          apiKeyMeta = parsed;
+        }
+      }
+    } catch (err) {
+      // ignore errors, proceed as if not in cache
+    }
+  }
+
+  // if we don't have a cached key, fetch from the API
+  if (!apiKeyMeta) {
+    try {
+      const {
+        data,
+        error
+      } = await fetchKeyMetadataFromApi(authData.clientId, serviceConfig);
+      if (error) {
+        return {
+          authorized: false,
+          errorCode: error.code,
+          errorMessage: error.message,
+          status: error.statusCode
+        };
+      } else if (!data) {
+        return {
+          authorized: false,
+          errorCode: "NO_KEY",
+          errorMessage: "No error but also no key returned.",
+          status: 500
+        };
+      }
+      // if we have a key for sure then assign it
+      apiKeyMeta = data;
+
+      // cache the retrieved key if we have cache options
+      if (cacheOptions) {
+        // we await this always because it can be a promise or not
+        await cacheOptions.put(authData.clientId, data);
+      }
+    } catch (err) {
+      console.warn("failed to fetch key metadata from api", err);
+      return {
+        authorized: false,
+        status: 500,
+        errorMessage: "Failed to fetch key metadata.",
+        errorCode: "FAILED_TO_FETCH_KEY"
+      };
+    }
+  }
+  if (!apiKeyMeta) {
+    return {
+      authorized: false,
+      status: 401,
+      errorMessage: "Key is invalid.",
+      errorCode: "INVALID_KEY"
+    };
+  }
+  // now we can validate the key itself
+  const clientAuth = authorizeClient(authData, apiKeyMeta);
+  if (!clientAuth.authorized) {
+    return {
+      errorCode: clientAuth.errorCode,
+      authorized: false,
+      status: 401,
+      errorMessage: clientAuth.errorMessage
+    };
+  }
+
+  // if we've made it this far we need to check service specific authorization
+  const serviceAuth = authorizeService(apiKeyMeta, serviceConfig, {
+    targetAddress: authData.targetAddress
+  });
+  if (!serviceAuth.authorized) {
+    return {
+      errorCode: serviceAuth.errorCode,
+      authorized: false,
+      status: 403,
+      errorMessage: serviceAuth.errorMessage
+    };
+  }
+
+  // if we reach this point we are authorized!
+  return {
+    authorized: true,
+    apiKeyMeta
+  };
+}
+
+exports.authorize = authorize;

package/dist/services-86283509.esm.js

@@ -0,0 +1,44 @@
+const SERVICE_DEFINITIONS = {
+  storage: {
+    name: "storage",
+    title: "Storage",
+    description: "IPFS Upload and Download",
+    actions: [{
+      name: "read",
+      title: "Download",
+      description: "Download a file from Storage"
+    }, {
+      name: "write",
+      title: "Upload",
+      description: "Upload a file to Storage"
+    }]
+  },
+  rpc: {
+    name: "rpc",
+    title: "RPC",
+    description: "Accelerated RPC Edge",
+    // all actions allowed
+    actions: []
+  },
+  bundler: {
+    name: "bundler",
+    title: "Smart Wallets",
+    description: "Bundler & Paymaster services",
+    // all actions allowed
+    actions: []
+  },
+  relayer: {
+    name: "relayer",
+    title: "Gasless Relayer",
+    description: "Enable gasless transactions",
+    // all actions allowed
+    actions: []
+  }
+};
+const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
+const SERVICES = Object.values(SERVICE_DEFINITIONS);
+function getServiceByName(name) {
+  return SERVICE_DEFINITIONS[name];
+}
+
+export { SERVICE_DEFINITIONS as S, SERVICE_NAMES as a, SERVICES as b, getServiceByName as g };

package/dist/services-9e185105.cjs.prod.js

@@ -0,0 +1,49 @@
+'use strict';
+
+const SERVICE_DEFINITIONS = {
+  storage: {
+    name: "storage",
+    title: "Storage",
+    description: "IPFS Upload and Download",
+    actions: [{
+      name: "read",
+      title: "Download",
+      description: "Download a file from Storage"
+    }, {
+      name: "write",
+      title: "Upload",
+      description: "Upload a file to Storage"
+    }]
+  },
+  rpc: {
+    name: "rpc",
+    title: "RPC",
+    description: "Accelerated RPC Edge",
+    // all actions allowed
+    actions: []
+  },
+  bundler: {
+    name: "bundler",
+    title: "Smart Wallets",
+    description: "Bundler & Paymaster services",
+    // all actions allowed
+    actions: []
+  },
+  relayer: {
+    name: "relayer",
+    title: "Gasless Relayer",
+    description: "Enable gasless transactions",
+    // all actions allowed
+    actions: []
+  }
+};
+const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
+const SERVICES = Object.values(SERVICE_DEFINITIONS);
+function getServiceByName(name) {
+  return SERVICE_DEFINITIONS[name];
+}
+
+exports.SERVICES = SERVICES;
+exports.SERVICE_DEFINITIONS = SERVICE_DEFINITIONS;
+exports.SERVICE_NAMES = SERVICE_NAMES;
+exports.getServiceByName = getServiceByName;

package/dist/services-a3f36057.cjs.dev.js

@@ -0,0 +1,49 @@
+'use strict';
+
+const SERVICE_DEFINITIONS = {
+  storage: {
+    name: "storage",
+    title: "Storage",
+    description: "IPFS Upload and Download",
+    actions: [{
+      name: "read",
+      title: "Download",
+      description: "Download a file from Storage"
+    }, {
+      name: "write",
+      title: "Upload",
+      description: "Upload a file to Storage"
+    }]
+  },
+  rpc: {
+    name: "rpc",
+    title: "RPC",
+    description: "Accelerated RPC Edge",
+    // all actions allowed
+    actions: []
+  },
+  bundler: {
+    name: "bundler",
+    title: "Smart Wallets",
+    description: "Bundler & Paymaster services",
+    // all actions allowed
+    actions: []
+  },
+  relayer: {
+    name: "relayer",
+    title: "Gasless Relayer",
+    description: "Enable gasless transactions",
+    // all actions allowed
+    actions: []
+  }
+};
+const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
+const SERVICES = Object.values(SERVICE_DEFINITIONS);
+function getServiceByName(name) {
+  return SERVICE_DEFINITIONS[name];
+}
+
+exports.SERVICES = SERVICES;
+exports.SERVICE_DEFINITIONS = SERVICE_DEFINITIONS;
+exports.SERVICE_NAMES = SERVICE_NAMES;
+exports.getServiceByName = getServiceByName;

package/dist/thirdweb-dev-service-utils.cjs.dev.js

@@ -2,290 +2,11 @@
 
 Object.defineProperty(exports, '__esModule', { value: true });
 
-const SERVICE_DEFINITIONS = {
-  storage: {
-    name: "storage",
-    title: "Storage",
-    description: "IPFS Upload and Download",
-    actions: [{
-      name: "read",
-      title: "Download",
-      description: "Download a file from Storage"
-    }, {
-      name: "write",
-      title: "Upload",
-      description: "Upload a file to Storage"
-    }]
-  },
-  rpc: {
-    name: "rpc",
-    title: "RPC",
-    description: "Accelerated RPC Edge",
-    // all actions allowed
-    actions: []
-  },
-  bundler: {
-    name: "bundler",
-    title: "Smart Wallets",
-    description: "Bundler & Paymaster services",
-    // all actions allowed
-    actions: []
-  },
-  relayer: {
-    name: "relayer",
-    title: "Gasless Relayer",
-    description: "Enable gasless transactions",
-    // all actions allowed
-    actions: []
-  }
-};
-const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
-const SERVICES = Object.values(SERVICE_DEFINITIONS);
-function getServiceByName(name) {
-  return SERVICE_DEFINITIONS[name];
-}
+var services = require('./services-a3f36057.cjs.dev.js');
 
-async function authorizeCFWorkerService(options) {
-  const {
-    kvStore,
-    ctx,
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  const {
-    clientId
-  } = authOptions;
-  let cachedKey;
 
-  // first, check if the key is in KV
-  try {
-    const kvKey = await kvStore.get(clientId);
-    if (kvKey) {
-      cachedKey = JSON.parse(kvKey);
-    }
-  } catch (err) {
-    // ignore JSON parse, assuming not valid
-  }
-  const updateKv = async keyData => {
-    kvStore.put(clientId, JSON.stringify(keyData), {
-      expirationTtl: serviceConfig.cacheTtl || 60
-    });
-  };
-  return authorize({
-    authOptions,
-    serviceConfig: {
-      ...serviceConfig,
-      cachedKey,
-      onRefetchComplete: keyData => {
-        ctx.waitUntil(updateKv(keyData));
-      }
-    },
-    validations
-  });
-}
-async function authorizeNodeService(options) {
-  const {
-    authOptions,
-    serviceConfig,
-    validations
-  } = options;
-  return authorize({
-    authOptions,
-    serviceConfig,
-    validations
-  });
-}
 
-/**
- * Authorizes a request for a given client ID
- *
- * @returns The Promise AuthorizationResponse
- */
-async function authorize(options) {
-  try {
-    const {
-      authOptions,
-      serviceConfig,
-      validations
-    } = options;
-    const {
-      clientId
-    } = authOptions;
-    const {
-      apiUrl,
-      scope,
-      serviceKey,
-      cachedKey,
-      onRefetchComplete
-    } = serviceConfig;
-    let keyData = cachedKey;
-
-    // no cached key, re-fetch from API
-    if (!keyData) {
-      const response = await fetch(`${apiUrl}/v1/keys/use?scope=${scope}&clientId=${clientId}`, {
-        method: "GET",
-        headers: {
-          "x-service-api-key": serviceKey,
-          "content-type": "application/json"
-        }
-      });
-      const apiResponse = await response.json();
-      if (!response.ok) {
-        const {
-          error
-        } = apiResponse;
-        return {
-          authorized: false,
-          errorMessage: error.message,
-          errorCode: error.code || "",
-          statusCode: error.statusCode || 401
-        };
-      }
-      keyData = apiResponse.data;
-      if (onRefetchComplete) {
-        onRefetchComplete(keyData);
-      }
-    }
-
-    //
-    // Run validations
-    //
-    const authResponse = authAccess(authOptions, keyData);
-    if (!authResponse?.authorized) {
-      return authResponse;
-    }
-    const authzResponse = authzServices(validations, keyData, scope);
-    if (!authzResponse?.authorized) {
-      return authzResponse;
-    }
-    // FIXME: validate bundleId
-
-    return {
-      authorized: true,
-      data: keyData
-    };
-  } catch (err) {
-    console.error("Failed to authorize this key.", err);
-    return {
-      authorized: false,
-      errorMessage: "Internal error",
-      errorCode: "INTERNAL_ERROR",
-      statusCode: 500
-    };
-  }
-}
-function authAccess(authOptions, apiKey) {
-  const {
-    origin,
-    secretHash: providedSecretHash
-  } = authOptions;
-  const {
-    domains,
-    secretHash
-  } = apiKey;
-  if (providedSecretHash) {
-    if (secretHash !== providedSecretHash) {
-      return {
-        authorized: false,
-        errorMessage: "The secret is invalid.",
-        errorCode: "SECRET_INVALID",
-        statusCode: 401
-      };
-    }
-    return {
-      authorized: true
-    };
-  }
-
-  // validate domains
-  if (origin) {
-    if (
-    // find matching domain, or if all domains allowed
-    domains.find(d => {
-      if (d === "*") {
-        return true;
-      }
-
-      // If the allowedDomain has a wildcard,
-      // we'll check that the ending of our domain matches the wildcard
-      if (d.startsWith("*.")) {
-        const domainRoot = d.slice(2);
-        return origin.endsWith(domainRoot);
-      }
-
-      // If there's no wildcard, we'll check for an exact match
-      return d === origin;
-    })) {
-      return {
-        authorized: true
-      };
-    }
-    return {
-      authorized: false,
-      errorMessage: "The origin is not authorized for this key.",
-      errorCode: "ORIGIN_UNAUTHORIZED",
-      statusCode: 401
-    };
-  }
-
-  // FIXME: validate bundle id
-  return {
-    authorized: false,
-    errorMessage: "The keys are invalid.",
-    errorCode: "UNAUTHORIZED",
-    statusCode: 401
-  };
-}
-function authzServices(validations, apiKey, scope) {
-  const {
-    services
-  } = apiKey;
-  const {
-    serviceTargetAddresses,
-    serviceAction
-  } = validations;
-
-  // validate services
-  const service = services.find(srv => srv.name === scope);
-  if (!service) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" is not authorized for this key.`,
-      errorCode: "SERVICE_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-
-  // validate service actions
-  if (serviceAction) {
-    if (!service.actions.includes(serviceAction)) {
-      return {
-        authorized: false,
-        errorMessage: `The service "${scope}" action "${serviceAction}" is not authorized for this key.`,
-        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
-        statusCode: 403
-      };
-    }
-  }
-
-  // validate service target addresses
-  if (serviceTargetAddresses && !service.targetAddresses.find(addr => addr === "*" || serviceTargetAddresses.includes(addr))) {
-    return {
-      authorized: false,
-      errorMessage: `The service "${scope}" target address is not authorized for this key.`,
-      errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
-      statusCode: 403
-    };
-  }
-  return {
-    authorized: true
-  };
-}
-
-exports.SERVICES = SERVICES;
-exports.SERVICE_DEFINITIONS = SERVICE_DEFINITIONS;
-exports.SERVICE_NAMES = SERVICE_NAMES;
-exports.authorizeCFWorkerService = authorizeCFWorkerService;
-exports.authorizeNodeService = authorizeNodeService;
-exports.getServiceByName = getServiceByName;
+exports.SERVICES = services.SERVICES;
+exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
+exports.SERVICE_NAMES = services.SERVICE_NAMES;
+exports.getServiceByName = services.getServiceByName;