@thirdweb-dev/service-utils 0.1.1-nightly-7dc685bb-20230714041905 → 0.2.0-nightly-5eb6fc1b-20230714082745

package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js

@@ -0,0 +1,113 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var node_crypto = require('node:crypto');
+var index = require('../../dist/index-3060948e.cjs.prod.js');
+var services = require('../../dist/services-9e185105.cjs.prod.js');
+
+async function authorizeNode(authInput, serviceConfig) {
+  let authData;
+  try {
+    authData = extractAuthorizationData(authInput);
+  } catch (e) {
+    if (e instanceof Error && e.message === "KEY_CONFLICT") {
+      return {
+        authorized: false,
+        status: 400,
+        errorMessage: "Please pass either a client id or a secret key.",
+        errorCode: "KEY_CONFLICT"
+      };
+    }
+    return {
+      authorized: false,
+      status: 500,
+      errorMessage: "Internal Server Error",
+      errorCode: "INTERNAL_SERVER_ERROR"
+    };
+  }
+  return await index.authorize(authData, serviceConfig);
+}
+function getHeader(headers, headerName) {
+  const header = headers[headerName];
+  if (Array.isArray(header)) {
+    return header[0];
+  }
+  return header ?? null;
+}
+function extractAuthorizationData(authInput) {
+  if (!authInput.req.url) {
+    throw new Error("no req.url in authInput.req");
+  }
+  const requestUrl = new URL(authInput.req.url, authInput.req.headers.host);
+  const headers = authInput.req.headers;
+  const secretKey = getHeader(headers, "x-secret-key");
+  // prefer clientId that is explicitly passed in
+  let clientId = authInput.clientId ?? null;
+  if (!clientId) {
+    // next preference is clientId from header
+    clientId = getHeader(headers, "x-client-id");
+  }
+
+  // next preference is search param
+  if (!clientId) {
+    clientId = requestUrl.searchParams.get("clientId");
+  }
+  // bundle id from header is first preference
+  let bundleId = getHeader(headers, "x-bundle-id");
+
+  // next preference is search param
+  if (!bundleId) {
+    bundleId = requestUrl.searchParams.get("bundleId");
+  }
+  let origin = getHeader(headers, "origin");
+  // if origin header is not available we'll fall back to referrer;
+  if (!origin) {
+    origin = getHeader(headers, "referer");
+  }
+  // if we have an origin at this point, normalize it
+  if (origin) {
+    try {
+      origin = new URL(origin).hostname;
+    } catch (e) {
+      console.warn("failed to parse origin", origin, e);
+    }
+  }
+
+  // handle if we a secret key is passed in the headers
+  let secretKeyHash = null;
+  if (secretKey) {
+    // hash the secret key
+    secretKeyHash = hashSecretKey(secretKey);
+    // derive the client id from the secret key hash
+    const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
+    // if we already have a client id passed in we need to make sure they match
+    if (clientId && clientId !== derivedClientId) {
+      throw new Error("KEY_CONFLICT");
+    }
+    // otherwise set the client id to the derived client id (client id based off of secret key)
+    clientId = derivedClientId;
+  }
+  return {
+    secretKeyHash,
+    secretKey,
+    clientId,
+    origin,
+    bundleId
+  };
+}
+function hashSecretKey(secretKey) {
+  return node_crypto.createHash("sha256").update(secretKey).digest("hex");
+}
+function deriveClientIdFromSecretKeyHash(secretKeyHash) {
+  return secretKeyHash.slice(0, 32);
+}
+
+exports.SERVICES = services.SERVICES;
+exports.SERVICE_DEFINITIONS = services.SERVICE_DEFINITIONS;
+exports.SERVICE_NAMES = services.SERVICE_NAMES;
+exports.getServiceByName = services.getServiceByName;
+exports.authorizeNode = authorizeNode;
+exports.deriveClientIdFromSecretKeyHash = deriveClientIdFromSecretKeyHash;
+exports.extractAuthorizationData = extractAuthorizationData;
+exports.hashSecretKey = hashSecretKey;

package/node/dist/thirdweb-dev-service-utils-node.esm.js

@@ -0,0 +1,102 @@
+import { createHash } from 'node:crypto';
+import { a as authorize } from '../../dist/index-294e111f.esm.js';
+export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
+
+async function authorizeNode(authInput, serviceConfig) {
+  let authData;
+  try {
+    authData = extractAuthorizationData(authInput);
+  } catch (e) {
+    if (e instanceof Error && e.message === "KEY_CONFLICT") {
+      return {
+        authorized: false,
+        status: 400,
+        errorMessage: "Please pass either a client id or a secret key.",
+        errorCode: "KEY_CONFLICT"
+      };
+    }
+    return {
+      authorized: false,
+      status: 500,
+      errorMessage: "Internal Server Error",
+      errorCode: "INTERNAL_SERVER_ERROR"
+    };
+  }
+  return await authorize(authData, serviceConfig);
+}
+function getHeader(headers, headerName) {
+  const header = headers[headerName];
+  if (Array.isArray(header)) {
+    return header[0];
+  }
+  return header ?? null;
+}
+function extractAuthorizationData(authInput) {
+  if (!authInput.req.url) {
+    throw new Error("no req.url in authInput.req");
+  }
+  const requestUrl = new URL(authInput.req.url, authInput.req.headers.host);
+  const headers = authInput.req.headers;
+  const secretKey = getHeader(headers, "x-secret-key");
+  // prefer clientId that is explicitly passed in
+  let clientId = authInput.clientId ?? null;
+  if (!clientId) {
+    // next preference is clientId from header
+    clientId = getHeader(headers, "x-client-id");
+  }
+
+  // next preference is search param
+  if (!clientId) {
+    clientId = requestUrl.searchParams.get("clientId");
+  }
+  // bundle id from header is first preference
+  let bundleId = getHeader(headers, "x-bundle-id");
+
+  // next preference is search param
+  if (!bundleId) {
+    bundleId = requestUrl.searchParams.get("bundleId");
+  }
+  let origin = getHeader(headers, "origin");
+  // if origin header is not available we'll fall back to referrer;
+  if (!origin) {
+    origin = getHeader(headers, "referer");
+  }
+  // if we have an origin at this point, normalize it
+  if (origin) {
+    try {
+      origin = new URL(origin).hostname;
+    } catch (e) {
+      console.warn("failed to parse origin", origin, e);
+    }
+  }
+
+  // handle if we a secret key is passed in the headers
+  let secretKeyHash = null;
+  if (secretKey) {
+    // hash the secret key
+    secretKeyHash = hashSecretKey(secretKey);
+    // derive the client id from the secret key hash
+    const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
+    // if we already have a client id passed in we need to make sure they match
+    if (clientId && clientId !== derivedClientId) {
+      throw new Error("KEY_CONFLICT");
+    }
+    // otherwise set the client id to the derived client id (client id based off of secret key)
+    clientId = derivedClientId;
+  }
+  return {
+    secretKeyHash,
+    secretKey,
+    clientId,
+    origin,
+    bundleId
+  };
+}
+function hashSecretKey(secretKey) {
+  return createHash("sha256").update(secretKey).digest("hex");
+}
+function deriveClientIdFromSecretKeyHash(secretKeyHash) {
+  return secretKeyHash.slice(0, 32);
+}
+
+export { authorizeNode, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey };

package/node/package.json

@@ -0,0 +1,4 @@
+{
+  "main": "dist/thirdweb-dev-service-utils-node.cjs.js",
+  "module": "dist/thirdweb-dev-service-utils-node.esm.js"
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@thirdweb-dev/service-utils",
-  "version": "0.1.1-nightly-7dc685bb-20230714041905",
+  "version": "0.2.0-nightly-5eb6fc1b-20230714082745",
   "main": "dist/thirdweb-dev-service-utils.cjs.js",
   "module": "dist/thirdweb-dev-service-utils.esm.js",
   "exports": {
@@ -8,6 +8,14 @@
       "module": "./dist/thirdweb-dev-service-utils.esm.js",
       "default": "./dist/thirdweb-dev-service-utils.cjs.js"
     },
+    "./node": {
+      "module": "./node/dist/thirdweb-dev-service-utils-node.esm.js",
+      "default": "./node/dist/thirdweb-dev-service-utils-node.cjs.js"
+    },
+    "./cf-worker": {
+      "module": "./cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js",
+      "default": "./cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.js"
+    },
     "./package.json": "./package.json"
   },
   "repository": "https://github.com/thirdweb-dev/js/tree/main/packages/pay",
@@ -17,29 +25,32 @@
   },
   "author": "thirdweb eng <eng@thirdweb.com>",
   "files": [
-    "dist/"
+    "dist/",
+    "node/",
+    "cf-worker/"
   ],
   "preconstruct": {
     "entrypoints": [
-      "index.ts"
+      "index.ts",
+      "cf-worker/index.ts",
+      "node/index.ts"
     ],
     "exports": true
   },
   "sideEffects": false,
   "devDependencies": {
     "@cloudflare/workers-types": "^4.20230710.0",
+    "@preconstruct/cli": "^2.8.1",
+    "@thirdweb-dev/tsconfig": "^0.1.7",
+    "@types/jest": "^29.5.2",
     "@types/node": "^20.4.1",
     "@typescript-eslint/eslint-plugin": "^6.0.0",
     "@typescript-eslint/parser": "^6.0.0",
     "eslint": "^8.44.0",
     "eslint-config-prettier": "^8.8.0",
-    "lint-staged": "^13.2.3",
-    "prettier": "^3.0.0",
-    "sort-package-json": "^2.5.1",
-    "ts-node": "^10.9.1",
-    "@preconstruct/cli": "^2.7.0",
-    "@thirdweb-dev/tsconfig": "^0.1.7",
     "eslint-config-thirdweb": "^0.1.5",
+    "jest": "^29.4.3",
+    "prettier": "^3.0.0",
     "typescript": "^5.1.6"
   },
   "scripts": {
@@ -48,6 +59,7 @@
     "fix": "eslint src/ --fix",
     "clean": "rm -rf dist/",
     "build": "tsc && preconstruct build",
-    "push": "yalc push"
+    "push": "yalc push",
+    "test": "jest"
   }
 }

package/dist/declarations/src/auth/index.d.ts

@@ -1,4 +0,0 @@
-import type { AuthorizationResponse, AuthorizeCFWorkerOptions, AuthorizeNodeServiceOptions } from "./types";
-export declare function authorizeCFWorkerService(options: AuthorizeCFWorkerOptions): Promise<AuthorizationResponse>;
-export declare function authorizeNodeService(options: AuthorizeNodeServiceOptions): Promise<AuthorizationResponse>;
-//# sourceMappingURL=index.d.ts.map

package/dist/declarations/src/auth/index.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/auth","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAIV,qBAAqB,EAErB,wBAAwB,EACxB,2BAA2B,EAE5B,MAAM,SAAS,CAAC;AAEjB,wBAAsB,wBAAwB,CAC5C,OAAO,EAAE,wBAAwB,kCAkClC;AAED,wBAAsB,oBAAoB,CACxC,OAAO,EAAE,2BAA2B,kCASrC"}

package/dist/declarations/src/auth/types.d.ts

@@ -1,62 +0,0 @@
-import type { KVNamespace, ExecutionContext } from "@cloudflare/workers-types";
-import type { ServiceName } from "../services";
-export interface AuthOptions {
-    clientId: string;
-    secretHash?: string;
-    bundleId?: string;
-    origin?: string;
-}
-export interface AuthorizeCFWorkerOptions {
-    ctx: ExecutionContext;
-    kvStore: KVNamespace<string>;
-    authOptions: AuthOptions;
-    serviceConfig: ServiceConfiguration;
-    validations: AuthorizationValidations;
-}
-export interface AuthorizeNodeServiceOptions {
-    authOptions: AuthOptions;
-    serviceConfig: ServiceConfiguration;
-    validations: AuthorizationValidations;
-}
-export interface ServiceConfiguration {
-    apiUrl: string;
-    scope: ServiceName;
-    serviceKey: string;
-    cachedKey?: ApiKey;
-    cacheTtl?: number;
-    onRefetchComplete?: (key: ApiKey) => void;
-}
-export interface AuthorizationValidations {
-    serviceTargetAddresses?: string[];
-    serviceAction?: string;
-}
-export interface AuthorizationResponse {
-    authorized: boolean;
-    errorMessage?: string;
-    errorCode?: string;
-    statusCode?: number;
-    data?: ApiKey;
-}
-export interface ApiResponse {
-    data: ApiKey | null;
-    error: {
-        code: string;
-        statusCode: number;
-        message: string;
-    };
-}
-export interface ApiKey {
-    id: string;
-    key: string;
-    creatorWalletAddress: string;
-    secretHash: string;
-    walletAddresses: string[];
-    domains: string[];
-    bundleIds: string[];
-    services: {
-        name: string;
-        targetAddresses: string[];
-        actions: string[];
-    }[];
-}
-//# sourceMappingURL=types.d.ts.map

package/dist/declarations/src/auth/types.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"../../../../src/auth","sources":["types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,gBAAgB,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE/C,MAAM,WAAW,WAAW;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,gBAAgB,CAAC;IACtB,OAAO,EAAE,WAAW,CAAC,MAAM,CAAC,CAAC;IAC7B,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,EAAE,oBAAoB,CAAC;IACpC,WAAW,EAAE,wBAAwB,CAAC;CACvC;AAED,MAAM,WAAW,2BAA2B;IAC1C,WAAW,EAAE,WAAW,CAAC;IACzB,aAAa,EAAE,oBAAoB,CAAC;IACpC,WAAW,EAAE,wBAAwB,CAAC;CACvC;AAED,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,MAAM,CAAC;IACf,KAAK,EAAE,WAAW,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,iBAAiB,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CAC3C;AAED,MAAM,WAAW,wBAAwB;IACvC,sBAAsB,CAAC,EAAE,MAAM,EAAE,CAAC;IAClC,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,qBAAqB;IACpC,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,WAAW;IAC1B,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH;AAED,MAAM,WAAW,MAAM;IACrB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;CACL"}

package/dist/declarations/src/services.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"services.d.ts","sourceRoot":"../../../src","sources":["services.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,mBAAmB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAuCtB,CAAC;AAEX,eAAO,MAAM,aAAa,+CAEe,CAAC;AAE1C,eAAO,MAAM,QAAQ;;;;;;;;;;;;;;;;;;;;;;;;;;;;IAAqC,CAAC;AAE3D,MAAM,MAAM,WAAW,GAAG,CAAC,OAAO,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG;IAC1B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB,CAAC;AAEF,MAAM,MAAM,OAAO,GACjB,CAAC,OAAO,mBAAmB,CAAC,CAAC,MAAM,OAAO,mBAAmB,CAAC,CAAC;AAEjE,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAEjD"}