@thirdweb-dev/service-utils 0.2.4 → 0.2.5-nightly-3b6b0746-20230802053251
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js +13 -1
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js +13 -1
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js +13 -1
- package/dist/declarations/src/cf-worker/index.d.ts.map +1 -1
- package/dist/declarations/src/core/api.d.ts +14 -0
- package/dist/declarations/src/core/api.d.ts.map +1 -1
- package/dist/declarations/src/core/authorize/client.d.ts.map +1 -1
- package/dist/declarations/src/core/authorize/index.d.ts +4 -2
- package/dist/declarations/src/core/authorize/index.d.ts.map +1 -1
- package/dist/declarations/src/core/authorize/service.d.ts.map +1 -1
- package/dist/declarations/src/core/authorize/types.d.ts +2 -1
- package/dist/declarations/src/core/authorize/types.d.ts.map +1 -1
- package/dist/declarations/src/node/index.d.ts.map +1 -1
- package/dist/{index-1a9e95da.esm.js → index-3a529ebb.esm.js} +141 -26
- package/dist/{index-2a55e378.cjs.prod.js → index-8a9496b0.cjs.dev.js} +141 -26
- package/dist/{index-c30ff05a.cjs.dev.js → index-92289057.cjs.prod.js} +141 -26
- package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js +12 -1
- package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js +12 -1
- package/node/dist/thirdweb-dev-service-utils-node.esm.js +12 -1
- package/package.json +1 -1
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
var index = require('../../dist/index-
|
|
5
|
+
var index = require('../../dist/index-8a9496b0.cjs.dev.js');
|
|
6
6
|
var services = require('../../dist/services-a3f36057.cjs.dev.js');
|
|
7
7
|
|
|
8
8
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -88,7 +88,19 @@ async function extractAuthorizationData(authInput) {
|
|
|
88
88
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
89
89
|
clientId = derivedClientId;
|
|
90
90
|
}
|
|
91
|
+
let jwt = null;
|
|
92
|
+
if (headers.has("authorization")) {
|
|
93
|
+
const authHeader = headers.get("authorization");
|
|
94
|
+
if (authHeader) {
|
|
95
|
+
const [type, token] = authHeader.split(" ");
|
|
96
|
+
if (type.toLowerCase() === "bearer") {
|
|
97
|
+
jwt = token;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
}
|
|
91
101
|
return {
|
|
102
|
+
jwt,
|
|
103
|
+
hashedJWT: jwt ? await hashSecretKey(jwt) : null,
|
|
92
104
|
secretKey,
|
|
93
105
|
clientId,
|
|
94
106
|
origin,
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
|
-
var index = require('../../dist/index-
|
|
5
|
+
var index = require('../../dist/index-92289057.cjs.prod.js');
|
|
6
6
|
var services = require('../../dist/services-9e185105.cjs.prod.js');
|
|
7
7
|
|
|
8
8
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -88,7 +88,19 @@ async function extractAuthorizationData(authInput) {
|
|
|
88
88
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
89
89
|
clientId = derivedClientId;
|
|
90
90
|
}
|
|
91
|
+
let jwt = null;
|
|
92
|
+
if (headers.has("authorization")) {
|
|
93
|
+
const authHeader = headers.get("authorization");
|
|
94
|
+
if (authHeader) {
|
|
95
|
+
const [type, token] = authHeader.split(" ");
|
|
96
|
+
if (type.toLowerCase() === "bearer") {
|
|
97
|
+
jwt = token;
|
|
98
|
+
}
|
|
99
|
+
}
|
|
100
|
+
}
|
|
91
101
|
return {
|
|
102
|
+
jwt,
|
|
103
|
+
hashedJWT: jwt ? await hashSecretKey(jwt) : null,
|
|
92
104
|
secretKey,
|
|
93
105
|
clientId,
|
|
94
106
|
origin,
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { a as authorize } from '../../dist/index-
|
|
1
|
+
import { a as authorize } from '../../dist/index-3a529ebb.esm.js';
|
|
2
2
|
export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
|
|
3
3
|
|
|
4
4
|
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
@@ -84,7 +84,19 @@ async function extractAuthorizationData(authInput) {
|
|
|
84
84
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
85
85
|
clientId = derivedClientId;
|
|
86
86
|
}
|
|
87
|
+
let jwt = null;
|
|
88
|
+
if (headers.has("authorization")) {
|
|
89
|
+
const authHeader = headers.get("authorization");
|
|
90
|
+
if (authHeader) {
|
|
91
|
+
const [type, token] = authHeader.split(" ");
|
|
92
|
+
if (type.toLowerCase() === "bearer") {
|
|
93
|
+
jwt = token;
|
|
94
|
+
}
|
|
95
|
+
}
|
|
96
|
+
}
|
|
87
97
|
return {
|
|
98
|
+
jwt,
|
|
99
|
+
hashedJWT: jwt ? await hashSecretKey(jwt) : null,
|
|
88
100
|
secretKey,
|
|
89
101
|
clientId,
|
|
90
102
|
origin,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/cf-worker","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAC/E,OAAO,KAAK,EAGV,iBAAiB,EAClB,MAAM,aAAa,CAAC;AAGrB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,2BAA2B,CAAC;AAEzD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,KAAK,mBAAmB,GAAG,iBAAiB,GAAG;IAC7C,OAAO,EAAE,WAAW,CAAC;IACrB,GAAG,EAAE,gBAAgB,CAAC;IACtB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B,CAAC;AAIF,KAAK,SAAS,GAAG,aAAa,GAAG;IAC/B,GAAG,EAAE,OAAO,CAAC;CACd,CAAC;AAEF,wBAAsB,eAAe,CACnC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,mBAAmB,GACjC,OAAO,CAAC,mBAAmB,CAAC,CA0C9B;AAiFD,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,mBAIpD;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE"}
|
|
@@ -21,6 +21,11 @@ export type ApiKeyMetadata = {
|
|
|
21
21
|
actions: string[];
|
|
22
22
|
}[];
|
|
23
23
|
};
|
|
24
|
+
export type AccountMetadata = {
|
|
25
|
+
id: string;
|
|
26
|
+
name: string;
|
|
27
|
+
creatorWalletAddress: string;
|
|
28
|
+
};
|
|
24
29
|
export type ApiResponse = {
|
|
25
30
|
data: ApiKeyMetadata | null;
|
|
26
31
|
error: {
|
|
@@ -29,5 +34,14 @@ export type ApiResponse = {
|
|
|
29
34
|
message: string;
|
|
30
35
|
};
|
|
31
36
|
};
|
|
37
|
+
export type ApiAccountResponse = {
|
|
38
|
+
data: AccountMetadata | null;
|
|
39
|
+
error: {
|
|
40
|
+
code: string;
|
|
41
|
+
statusCode: number;
|
|
42
|
+
message: string;
|
|
43
|
+
};
|
|
44
|
+
};
|
|
32
45
|
export declare function fetchKeyMetadataFromApi(clientId: string, config: CoreServiceConfig): Promise<ApiResponse>;
|
|
46
|
+
export declare function fetchAccountFromApi(jwt: string, config: CoreServiceConfig): Promise<ApiAccountResponse>;
|
|
33
47
|
//# sourceMappingURL=api.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"api.d.ts","sourceRoot":"../../../../src/core","sources":["api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,WAAW,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;CACL,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,WAAW,CAAC,CAgBtB"}
|
|
1
|
+
{"version":3,"file":"api.d.ts","sourceRoot":"../../../../src/core","sources":["api.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C,MAAM,MAAM,iBAAiB,GAAG;IAC9B,WAAW,EAAE,OAAO,CAAC;IACrB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,WAAW,CAAC;IAC1B,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,oBAAoB,EAAE,MAAM,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE;QACR,IAAI,EAAE,MAAM,CAAC;QACb,eAAe,EAAE,MAAM,EAAE,CAAC;QAC1B,OAAO,EAAE,MAAM,EAAE,CAAC;KACnB,EAAE,CAAC;CACL,CAAC;AAEF,MAAM,MAAM,eAAe,GAAG;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,MAAM,CAAC;IACb,oBAAoB,EAAE,MAAM,CAAC;CAC9B,CAAC;AAEF,MAAM,MAAM,WAAW,GAAG;IACxB,IAAI,EAAE,cAAc,GAAG,IAAI,CAAC;IAC5B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC/B,IAAI,EAAE,eAAe,GAAG,IAAI,CAAC;IAC7B,KAAK,EAAE;QACL,IAAI,EAAE,MAAM,CAAC;QACb,UAAU,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,MAAM,CAAC;KACjB,CAAC;CACH,CAAC;AAEF,wBAAsB,uBAAuB,CAC3C,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,WAAW,CAAC,CAgBtB;AAED,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,MAAM,EACX,MAAM,EAAE,iBAAiB,GACxB,OAAO,CAAC,kBAAkB,CAAC,CAe7B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"client.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,0BAA0B,GAAG;IACvC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,wBAAgB,eAAe,CAC7B,WAAW,EAAE,0BAA0B,EACvC,UAAU,EAAE,cAAc,GACzB,mBAAmB,
|
|
1
|
+
{"version":3,"file":"client.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["client.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAC7C,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAEnD,MAAM,MAAM,0BAA0B,GAAG;IACvC,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB,CAAC;AAEF,wBAAgB,eAAe,CAC7B,WAAW,EAAE,0BAA0B,EACvC,UAAU,EAAE,cAAc,GACzB,mBAAmB,CAuGrB"}
|
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ApiKeyMetadata, CoreServiceConfig } from "../api";
|
|
1
|
+
import { AccountMetadata, ApiKeyMetadata, CoreServiceConfig } from "../api";
|
|
2
2
|
import { AuthorizationResult } from "./types";
|
|
3
3
|
export type AuthorizationInput = {
|
|
4
4
|
secretKey: string | null;
|
|
@@ -6,11 +6,13 @@ export type AuthorizationInput = {
|
|
|
6
6
|
origin: string | null;
|
|
7
7
|
bundleId: string | null;
|
|
8
8
|
secretKeyHash: string | null;
|
|
9
|
+
jwt: string | null;
|
|
10
|
+
hashedJWT: string | null;
|
|
9
11
|
targetAddress?: string | string[];
|
|
10
12
|
};
|
|
11
13
|
type CacheOptions = {
|
|
12
14
|
get: (clientId: string) => Promise<string | null>;
|
|
13
|
-
put: (clientId: string, data: ApiKeyMetadata) => Promise<void> | void;
|
|
15
|
+
put: (clientId: string, data: ApiKeyMetadata | AccountMetadata) => Promise<void> | void;
|
|
14
16
|
cacheTtlSeconds: number;
|
|
15
17
|
};
|
|
16
18
|
export declare function authorize(authData: AuthorizationInput, serviceConfig: CoreServiceConfig, cacheOptions?: CacheOptions): Promise<AuthorizationResult>;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,iBAAiB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,eAAe,EACf,cAAc,EACd,iBAAiB,EAGlB,MAAM,QAAQ,CAAC;AAGhB,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,MAAM,kBAAkB,GAAG;IAC/B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;IACtB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC;IACnB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACnC,CAAC;AAEF,KAAK,YAAY,GAAG;IAClB,GAAG,EAAE,CAAC,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAClD,GAAG,EAAE,CACH,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,cAAc,GAAG,eAAe,KACnC,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAC1B,eAAe,EAAE,MAAM,CAAC;CACzB,CAAC;AAgBF,wBAAsB,SAAS,CAC7B,QAAQ,EAAE,kBAAkB,EAC5B,aAAa,EAAE,iBAAiB,EAChC,YAAY,CAAC,EAAE,YAAY,GAC1B,OAAO,CAAC,mBAAmB,CAAC,CAmN9B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"service.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,MAAM,2BAA2B,GAAG;IAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAC;AAEhF,wBAAgB,gBAAgB,CAC9B,cAAc,EAAE,cAAc,EAC9B,aAAa,EAAE,iBAAiB,EAChC,oBAAoB,CAAC,EAAE,2BAA2B,GACjD,mBAAmB,
|
|
1
|
+
{"version":3,"file":"service.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["service.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,iBAAiB,EAAE,MAAM,QAAQ,CAAC;AAC3D,OAAO,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AAE9C,MAAM,MAAM,2BAA2B,GAAG;IAAE,aAAa,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAA;CAAE,CAAC;AAEhF,wBAAgB,gBAAgB,CAC9B,cAAc,EAAE,cAAc,EAC9B,aAAa,EAAE,iBAAiB,EAChC,oBAAoB,CAAC,EAAE,2BAA2B,GACjD,mBAAmB,CA6DrB"}
|
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import { ApiKeyMetadata } from "../api";
|
|
1
|
+
import { AccountMetadata, ApiKeyMetadata } from "../api";
|
|
2
2
|
export type AuthorizationResult = {
|
|
3
3
|
authorized: true;
|
|
4
4
|
apiKeyMeta: ApiKeyMetadata | null;
|
|
5
|
+
accountMeta: AccountMetadata | null;
|
|
5
6
|
} | {
|
|
6
7
|
authorized: false;
|
|
7
8
|
status: number;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"../../../../../src/core/authorize","sources":["types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,QAAQ,CAAC;AAEzD,MAAM,MAAM,mBAAmB,GAC3B;IACE,UAAU,EAAE,IAAI,CAAC;IACjB,UAAU,EAAE,cAAc,GAAG,IAAI,CAAC;IAClC,WAAW,EAAE,eAAe,GAAG,IAAI,CAAC;CACrC,GACD;IACE,UAAU,EAAE,KAAK,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAuB,eAAe,EAAE,MAAM,WAAW,CAAC;AAEtE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"../../../../src/node","sources":["index.ts"],"names":[],"mappings":";AAAA,OAAO,KAAK,EAAuB,eAAe,EAAE,MAAM,WAAW,CAAC;AAEtE,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAErD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAEnD,cAAc,kBAAkB,CAAC;AAEjC,KAAK,iBAAiB,GAAG,iBAAiB,CAAC;AAE3C,MAAM,MAAM,SAAS,GAAG,aAAa,GAAG;IACtC,GAAG,EAAE,eAAe,CAAC;CACtB,CAAC;AAEF,wBAAsB,aAAa,CACjC,SAAS,EAAE,SAAS,EACpB,aAAa,EAAE,iBAAiB,GAC/B,OAAO,CAAC,mBAAmB,CAAC,CAsB9B;AAaD,wBAAgB,wBAAwB,CACtC,SAAS,EAAE,SAAS,GACnB,kBAAkB,CAoFpB;AAED,wBAAgB,aAAa,CAAC,SAAS,EAAE,MAAM,UAE9C;AAED,wBAAgB,+BAA+B,CAAC,aAAa,EAAE,MAAM,UAEpE"}
|
|
@@ -17,6 +17,25 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
17
17
|
}
|
|
18
18
|
return await response.json();
|
|
19
19
|
}
|
|
20
|
+
async function fetchAccountFromApi(jwt, config) {
|
|
21
|
+
const {
|
|
22
|
+
apiUrl,
|
|
23
|
+
serviceApiKey
|
|
24
|
+
} = config;
|
|
25
|
+
const url = `${apiUrl}/v1/account/me`;
|
|
26
|
+
const response = await fetch(url, {
|
|
27
|
+
method: "GET",
|
|
28
|
+
headers: {
|
|
29
|
+
"x-service-api-key": serviceApiKey,
|
|
30
|
+
"content-type": "application/json",
|
|
31
|
+
authorization: `Bearer ${jwt}`
|
|
32
|
+
}
|
|
33
|
+
});
|
|
34
|
+
if (!response.ok) {
|
|
35
|
+
throw new Error(`Error fetching account from API: ${response.statusText}`);
|
|
36
|
+
}
|
|
37
|
+
return await response.json();
|
|
38
|
+
}
|
|
20
39
|
|
|
21
40
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
22
41
|
const {
|
|
@@ -29,6 +48,21 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
29
48
|
bundleIds,
|
|
30
49
|
secretHash
|
|
31
50
|
} = apiKeyMeta;
|
|
51
|
+
const authResult = {
|
|
52
|
+
authorized: true,
|
|
53
|
+
apiKeyMeta,
|
|
54
|
+
accountMeta: {
|
|
55
|
+
id: apiKeyMeta.accountId,
|
|
56
|
+
// TODO update this later
|
|
57
|
+
name: "",
|
|
58
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
59
|
+
}
|
|
60
|
+
};
|
|
61
|
+
|
|
62
|
+
// check for public restrictions
|
|
63
|
+
if (domains.includes("*")) {
|
|
64
|
+
return authResult;
|
|
65
|
+
}
|
|
32
66
|
|
|
33
67
|
// check for secretHash
|
|
34
68
|
if (providedSecretHash) {
|
|
@@ -40,18 +74,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
40
74
|
status: 401
|
|
41
75
|
};
|
|
42
76
|
}
|
|
43
|
-
return
|
|
44
|
-
authorized: true,
|
|
45
|
-
apiKeyMeta
|
|
46
|
-
};
|
|
47
|
-
}
|
|
48
|
-
|
|
49
|
-
// check for public restrictions
|
|
50
|
-
if (domains.includes("*")) {
|
|
51
|
-
return {
|
|
52
|
-
authorized: true,
|
|
53
|
-
apiKeyMeta
|
|
54
|
-
};
|
|
77
|
+
return authResult;
|
|
55
78
|
}
|
|
56
79
|
|
|
57
80
|
// validate domains
|
|
@@ -59,24 +82,29 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
59
82
|
if (
|
|
60
83
|
// find matching domain, or if all domains allowed
|
|
61
84
|
domains.find(d => {
|
|
85
|
+
// if any domain is allowed, we'll return true
|
|
62
86
|
if (d === "*") {
|
|
63
87
|
return true;
|
|
64
88
|
}
|
|
65
89
|
|
|
90
|
+
// special rule for `localhost`
|
|
91
|
+
// if the domain is localhost, we'll allow any origin that starts with localhost
|
|
92
|
+
if (d === "localhost" && origin.startsWith("localhost")) {
|
|
93
|
+
return true;
|
|
94
|
+
}
|
|
95
|
+
|
|
66
96
|
// If the allowedDomain has a wildcard,
|
|
67
97
|
// we'll check that the ending of our domain matches the wildcard
|
|
68
98
|
if (d.startsWith("*.")) {
|
|
69
|
-
|
|
99
|
+
// get rid of the * and check if it ends with the `.<domain>.<tld>`
|
|
100
|
+
const domainRoot = d.slice(1);
|
|
70
101
|
return origin.endsWith(domainRoot);
|
|
71
102
|
}
|
|
72
103
|
|
|
73
104
|
// If there's no wildcard, we'll check for an exact match
|
|
74
105
|
return d === origin;
|
|
75
106
|
})) {
|
|
76
|
-
return
|
|
77
|
-
authorized: true,
|
|
78
|
-
apiKeyMeta
|
|
79
|
-
};
|
|
107
|
+
return authResult;
|
|
80
108
|
}
|
|
81
109
|
return {
|
|
82
110
|
authorized: false,
|
|
@@ -96,10 +124,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
96
124
|
}
|
|
97
125
|
return b === bundleId;
|
|
98
126
|
})) {
|
|
99
|
-
return
|
|
100
|
-
authorized: true,
|
|
101
|
-
apiKeyMeta
|
|
102
|
-
};
|
|
127
|
+
return authResult;
|
|
103
128
|
}
|
|
104
129
|
return {
|
|
105
130
|
authorized: false,
|
|
@@ -160,6 +185,11 @@ function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
160
185
|
}
|
|
161
186
|
return {
|
|
162
187
|
authorized: true,
|
|
188
|
+
accountMeta: {
|
|
189
|
+
id: apiKeyMetadata.accountId,
|
|
190
|
+
name: "",
|
|
191
|
+
creatorWalletAddress: apiKeyMetadata.creatorWalletAddress
|
|
192
|
+
},
|
|
163
193
|
apiKeyMeta: apiKeyMetadata
|
|
164
194
|
};
|
|
165
195
|
}
|
|
@@ -168,18 +198,97 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
168
198
|
const {
|
|
169
199
|
clientId,
|
|
170
200
|
targetAddress,
|
|
171
|
-
secretKeyHash
|
|
201
|
+
secretKeyHash,
|
|
202
|
+
jwt,
|
|
203
|
+
hashedJWT
|
|
172
204
|
} = authData;
|
|
173
205
|
const {
|
|
174
206
|
enforceAuth
|
|
175
207
|
} = serviceConfig;
|
|
176
208
|
|
|
177
|
-
// BACKWARDS COMPAT: if auth not enforced and
|
|
178
|
-
// we don't have auth credentials bypass
|
|
209
|
+
// BACKWARDS COMPAT: if auth not enforced and we don't have auth credentials bypass
|
|
179
210
|
if (!enforceAuth && !clientId && !secretKeyHash) {
|
|
180
211
|
return {
|
|
181
212
|
authorized: true,
|
|
182
|
-
apiKeyMeta: null
|
|
213
|
+
apiKeyMeta: null,
|
|
214
|
+
accountMeta: null
|
|
215
|
+
};
|
|
216
|
+
}
|
|
217
|
+
// if we come in with a JWT then we only check the account is valid
|
|
218
|
+
if (jwt && hashedJWT) {
|
|
219
|
+
let accountMeta = null;
|
|
220
|
+
if (cacheOptions) {
|
|
221
|
+
try {
|
|
222
|
+
const cachedAccountInfo = await cacheOptions.get(hashedJWT);
|
|
223
|
+
if (cachedAccountInfo) {
|
|
224
|
+
const parsed = JSON.parse(cachedAccountInfo);
|
|
225
|
+
if ("updatedAt" in parsed) {
|
|
226
|
+
// we want to compare the updatedAt time to the current time
|
|
227
|
+
// if the difference is greater than the cacheTtl we want to ignore the cached data
|
|
228
|
+
const now = Date.now();
|
|
229
|
+
const diff = now - parsed.updatedAt;
|
|
230
|
+
const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
|
|
231
|
+
// only if the diff is less than the cacheTtl do we want to use the cached key
|
|
232
|
+
if (diff < cacheTtl * 1000) {
|
|
233
|
+
accountMeta = parsed.apiKeyMeta;
|
|
234
|
+
}
|
|
235
|
+
} else {
|
|
236
|
+
accountMeta = parsed;
|
|
237
|
+
}
|
|
238
|
+
}
|
|
239
|
+
} catch (err) {
|
|
240
|
+
// ignore errors, proceed as if not in cache
|
|
241
|
+
}
|
|
242
|
+
}
|
|
243
|
+
if (!accountMeta) {
|
|
244
|
+
try {
|
|
245
|
+
const {
|
|
246
|
+
data,
|
|
247
|
+
error
|
|
248
|
+
} = await fetchAccountFromApi(jwt, serviceConfig);
|
|
249
|
+
if (error) {
|
|
250
|
+
return {
|
|
251
|
+
authorized: false,
|
|
252
|
+
errorCode: error.code,
|
|
253
|
+
errorMessage: error.message,
|
|
254
|
+
status: error.statusCode
|
|
255
|
+
};
|
|
256
|
+
} else if (!data) {
|
|
257
|
+
return {
|
|
258
|
+
authorized: false,
|
|
259
|
+
errorCode: "NO_ACCOUNT",
|
|
260
|
+
errorMessage: "No error but also no account returned.",
|
|
261
|
+
status: 500
|
|
262
|
+
};
|
|
263
|
+
}
|
|
264
|
+
accountMeta = data;
|
|
265
|
+
if (cacheOptions) {
|
|
266
|
+
await cacheOptions.put(hashedJWT, accountMeta);
|
|
267
|
+
}
|
|
268
|
+
} catch (err) {
|
|
269
|
+
console.warn("failed to fetch account from api", err);
|
|
270
|
+
return {
|
|
271
|
+
authorized: false,
|
|
272
|
+
status: 500,
|
|
273
|
+
errorMessage: "Failed to account information.",
|
|
274
|
+
errorCode: "FAILED_TO_ACCOUNT"
|
|
275
|
+
};
|
|
276
|
+
}
|
|
277
|
+
}
|
|
278
|
+
// if we still don't have an accountMeta at this point we can't authorize
|
|
279
|
+
if (!accountMeta) {
|
|
280
|
+
return {
|
|
281
|
+
authorized: false,
|
|
282
|
+
status: 401,
|
|
283
|
+
errorMessage: "Missing account information.",
|
|
284
|
+
errorCode: "MISSING_ACCOUNT"
|
|
285
|
+
};
|
|
286
|
+
}
|
|
287
|
+
// otherwise we want to return early with the accountMeta
|
|
288
|
+
return {
|
|
289
|
+
authorized: true,
|
|
290
|
+
apiKeyMeta: null,
|
|
291
|
+
accountMeta
|
|
183
292
|
};
|
|
184
293
|
}
|
|
185
294
|
|
|
@@ -293,7 +402,13 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
293
402
|
// if we reach this point we are authorized!
|
|
294
403
|
return {
|
|
295
404
|
authorized: true,
|
|
296
|
-
apiKeyMeta
|
|
405
|
+
apiKeyMeta,
|
|
406
|
+
accountMeta: {
|
|
407
|
+
id: apiKeyMeta.accountId,
|
|
408
|
+
// TODO update this later
|
|
409
|
+
name: "",
|
|
410
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
411
|
+
}
|
|
297
412
|
};
|
|
298
413
|
}
|
|
299
414
|
|
|
@@ -19,6 +19,25 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
19
19
|
}
|
|
20
20
|
return await response.json();
|
|
21
21
|
}
|
|
22
|
+
async function fetchAccountFromApi(jwt, config) {
|
|
23
|
+
const {
|
|
24
|
+
apiUrl,
|
|
25
|
+
serviceApiKey
|
|
26
|
+
} = config;
|
|
27
|
+
const url = `${apiUrl}/v1/account/me`;
|
|
28
|
+
const response = await fetch(url, {
|
|
29
|
+
method: "GET",
|
|
30
|
+
headers: {
|
|
31
|
+
"x-service-api-key": serviceApiKey,
|
|
32
|
+
"content-type": "application/json",
|
|
33
|
+
authorization: `Bearer ${jwt}`
|
|
34
|
+
}
|
|
35
|
+
});
|
|
36
|
+
if (!response.ok) {
|
|
37
|
+
throw new Error(`Error fetching account from API: ${response.statusText}`);
|
|
38
|
+
}
|
|
39
|
+
return await response.json();
|
|
40
|
+
}
|
|
22
41
|
|
|
23
42
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
24
43
|
const {
|
|
@@ -31,6 +50,21 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
31
50
|
bundleIds,
|
|
32
51
|
secretHash
|
|
33
52
|
} = apiKeyMeta;
|
|
53
|
+
const authResult = {
|
|
54
|
+
authorized: true,
|
|
55
|
+
apiKeyMeta,
|
|
56
|
+
accountMeta: {
|
|
57
|
+
id: apiKeyMeta.accountId,
|
|
58
|
+
// TODO update this later
|
|
59
|
+
name: "",
|
|
60
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
61
|
+
}
|
|
62
|
+
};
|
|
63
|
+
|
|
64
|
+
// check for public restrictions
|
|
65
|
+
if (domains.includes("*")) {
|
|
66
|
+
return authResult;
|
|
67
|
+
}
|
|
34
68
|
|
|
35
69
|
// check for secretHash
|
|
36
70
|
if (providedSecretHash) {
|
|
@@ -42,18 +76,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
42
76
|
status: 401
|
|
43
77
|
};
|
|
44
78
|
}
|
|
45
|
-
return
|
|
46
|
-
authorized: true,
|
|
47
|
-
apiKeyMeta
|
|
48
|
-
};
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
// check for public restrictions
|
|
52
|
-
if (domains.includes("*")) {
|
|
53
|
-
return {
|
|
54
|
-
authorized: true,
|
|
55
|
-
apiKeyMeta
|
|
56
|
-
};
|
|
79
|
+
return authResult;
|
|
57
80
|
}
|
|
58
81
|
|
|
59
82
|
// validate domains
|
|
@@ -61,24 +84,29 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
61
84
|
if (
|
|
62
85
|
// find matching domain, or if all domains allowed
|
|
63
86
|
domains.find(d => {
|
|
87
|
+
// if any domain is allowed, we'll return true
|
|
64
88
|
if (d === "*") {
|
|
65
89
|
return true;
|
|
66
90
|
}
|
|
67
91
|
|
|
92
|
+
// special rule for `localhost`
|
|
93
|
+
// if the domain is localhost, we'll allow any origin that starts with localhost
|
|
94
|
+
if (d === "localhost" && origin.startsWith("localhost")) {
|
|
95
|
+
return true;
|
|
96
|
+
}
|
|
97
|
+
|
|
68
98
|
// If the allowedDomain has a wildcard,
|
|
69
99
|
// we'll check that the ending of our domain matches the wildcard
|
|
70
100
|
if (d.startsWith("*.")) {
|
|
71
|
-
|
|
101
|
+
// get rid of the * and check if it ends with the `.<domain>.<tld>`
|
|
102
|
+
const domainRoot = d.slice(1);
|
|
72
103
|
return origin.endsWith(domainRoot);
|
|
73
104
|
}
|
|
74
105
|
|
|
75
106
|
// If there's no wildcard, we'll check for an exact match
|
|
76
107
|
return d === origin;
|
|
77
108
|
})) {
|
|
78
|
-
return
|
|
79
|
-
authorized: true,
|
|
80
|
-
apiKeyMeta
|
|
81
|
-
};
|
|
109
|
+
return authResult;
|
|
82
110
|
}
|
|
83
111
|
return {
|
|
84
112
|
authorized: false,
|
|
@@ -98,10 +126,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
98
126
|
}
|
|
99
127
|
return b === bundleId;
|
|
100
128
|
})) {
|
|
101
|
-
return
|
|
102
|
-
authorized: true,
|
|
103
|
-
apiKeyMeta
|
|
104
|
-
};
|
|
129
|
+
return authResult;
|
|
105
130
|
}
|
|
106
131
|
return {
|
|
107
132
|
authorized: false,
|
|
@@ -162,6 +187,11 @@ function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
162
187
|
}
|
|
163
188
|
return {
|
|
164
189
|
authorized: true,
|
|
190
|
+
accountMeta: {
|
|
191
|
+
id: apiKeyMetadata.accountId,
|
|
192
|
+
name: "",
|
|
193
|
+
creatorWalletAddress: apiKeyMetadata.creatorWalletAddress
|
|
194
|
+
},
|
|
165
195
|
apiKeyMeta: apiKeyMetadata
|
|
166
196
|
};
|
|
167
197
|
}
|
|
@@ -170,18 +200,97 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
170
200
|
const {
|
|
171
201
|
clientId,
|
|
172
202
|
targetAddress,
|
|
173
|
-
secretKeyHash
|
|
203
|
+
secretKeyHash,
|
|
204
|
+
jwt,
|
|
205
|
+
hashedJWT
|
|
174
206
|
} = authData;
|
|
175
207
|
const {
|
|
176
208
|
enforceAuth
|
|
177
209
|
} = serviceConfig;
|
|
178
210
|
|
|
179
|
-
// BACKWARDS COMPAT: if auth not enforced and
|
|
180
|
-
// we don't have auth credentials bypass
|
|
211
|
+
// BACKWARDS COMPAT: if auth not enforced and we don't have auth credentials bypass
|
|
181
212
|
if (!enforceAuth && !clientId && !secretKeyHash) {
|
|
182
213
|
return {
|
|
183
214
|
authorized: true,
|
|
184
|
-
apiKeyMeta: null
|
|
215
|
+
apiKeyMeta: null,
|
|
216
|
+
accountMeta: null
|
|
217
|
+
};
|
|
218
|
+
}
|
|
219
|
+
// if we come in with a JWT then we only check the account is valid
|
|
220
|
+
if (jwt && hashedJWT) {
|
|
221
|
+
let accountMeta = null;
|
|
222
|
+
if (cacheOptions) {
|
|
223
|
+
try {
|
|
224
|
+
const cachedAccountInfo = await cacheOptions.get(hashedJWT);
|
|
225
|
+
if (cachedAccountInfo) {
|
|
226
|
+
const parsed = JSON.parse(cachedAccountInfo);
|
|
227
|
+
if ("updatedAt" in parsed) {
|
|
228
|
+
// we want to compare the updatedAt time to the current time
|
|
229
|
+
// if the difference is greater than the cacheTtl we want to ignore the cached data
|
|
230
|
+
const now = Date.now();
|
|
231
|
+
const diff = now - parsed.updatedAt;
|
|
232
|
+
const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
|
|
233
|
+
// only if the diff is less than the cacheTtl do we want to use the cached key
|
|
234
|
+
if (diff < cacheTtl * 1000) {
|
|
235
|
+
accountMeta = parsed.apiKeyMeta;
|
|
236
|
+
}
|
|
237
|
+
} else {
|
|
238
|
+
accountMeta = parsed;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
} catch (err) {
|
|
242
|
+
// ignore errors, proceed as if not in cache
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
if (!accountMeta) {
|
|
246
|
+
try {
|
|
247
|
+
const {
|
|
248
|
+
data,
|
|
249
|
+
error
|
|
250
|
+
} = await fetchAccountFromApi(jwt, serviceConfig);
|
|
251
|
+
if (error) {
|
|
252
|
+
return {
|
|
253
|
+
authorized: false,
|
|
254
|
+
errorCode: error.code,
|
|
255
|
+
errorMessage: error.message,
|
|
256
|
+
status: error.statusCode
|
|
257
|
+
};
|
|
258
|
+
} else if (!data) {
|
|
259
|
+
return {
|
|
260
|
+
authorized: false,
|
|
261
|
+
errorCode: "NO_ACCOUNT",
|
|
262
|
+
errorMessage: "No error but also no account returned.",
|
|
263
|
+
status: 500
|
|
264
|
+
};
|
|
265
|
+
}
|
|
266
|
+
accountMeta = data;
|
|
267
|
+
if (cacheOptions) {
|
|
268
|
+
await cacheOptions.put(hashedJWT, accountMeta);
|
|
269
|
+
}
|
|
270
|
+
} catch (err) {
|
|
271
|
+
console.warn("failed to fetch account from api", err);
|
|
272
|
+
return {
|
|
273
|
+
authorized: false,
|
|
274
|
+
status: 500,
|
|
275
|
+
errorMessage: "Failed to account information.",
|
|
276
|
+
errorCode: "FAILED_TO_ACCOUNT"
|
|
277
|
+
};
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
// if we still don't have an accountMeta at this point we can't authorize
|
|
281
|
+
if (!accountMeta) {
|
|
282
|
+
return {
|
|
283
|
+
authorized: false,
|
|
284
|
+
status: 401,
|
|
285
|
+
errorMessage: "Missing account information.",
|
|
286
|
+
errorCode: "MISSING_ACCOUNT"
|
|
287
|
+
};
|
|
288
|
+
}
|
|
289
|
+
// otherwise we want to return early with the accountMeta
|
|
290
|
+
return {
|
|
291
|
+
authorized: true,
|
|
292
|
+
apiKeyMeta: null,
|
|
293
|
+
accountMeta
|
|
185
294
|
};
|
|
186
295
|
}
|
|
187
296
|
|
|
@@ -295,7 +404,13 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
295
404
|
// if we reach this point we are authorized!
|
|
296
405
|
return {
|
|
297
406
|
authorized: true,
|
|
298
|
-
apiKeyMeta
|
|
407
|
+
apiKeyMeta,
|
|
408
|
+
accountMeta: {
|
|
409
|
+
id: apiKeyMeta.accountId,
|
|
410
|
+
// TODO update this later
|
|
411
|
+
name: "",
|
|
412
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
413
|
+
}
|
|
299
414
|
};
|
|
300
415
|
}
|
|
301
416
|
|
|
@@ -19,6 +19,25 @@ async function fetchKeyMetadataFromApi(clientId, config) {
|
|
|
19
19
|
}
|
|
20
20
|
return await response.json();
|
|
21
21
|
}
|
|
22
|
+
async function fetchAccountFromApi(jwt, config) {
|
|
23
|
+
const {
|
|
24
|
+
apiUrl,
|
|
25
|
+
serviceApiKey
|
|
26
|
+
} = config;
|
|
27
|
+
const url = `${apiUrl}/v1/account/me`;
|
|
28
|
+
const response = await fetch(url, {
|
|
29
|
+
method: "GET",
|
|
30
|
+
headers: {
|
|
31
|
+
"x-service-api-key": serviceApiKey,
|
|
32
|
+
"content-type": "application/json",
|
|
33
|
+
authorization: `Bearer ${jwt}`
|
|
34
|
+
}
|
|
35
|
+
});
|
|
36
|
+
if (!response.ok) {
|
|
37
|
+
throw new Error(`Error fetching account from API: ${response.statusText}`);
|
|
38
|
+
}
|
|
39
|
+
return await response.json();
|
|
40
|
+
}
|
|
22
41
|
|
|
23
42
|
function authorizeClient(authOptions, apiKeyMeta) {
|
|
24
43
|
const {
|
|
@@ -31,6 +50,21 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
31
50
|
bundleIds,
|
|
32
51
|
secretHash
|
|
33
52
|
} = apiKeyMeta;
|
|
53
|
+
const authResult = {
|
|
54
|
+
authorized: true,
|
|
55
|
+
apiKeyMeta,
|
|
56
|
+
accountMeta: {
|
|
57
|
+
id: apiKeyMeta.accountId,
|
|
58
|
+
// TODO update this later
|
|
59
|
+
name: "",
|
|
60
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
61
|
+
}
|
|
62
|
+
};
|
|
63
|
+
|
|
64
|
+
// check for public restrictions
|
|
65
|
+
if (domains.includes("*")) {
|
|
66
|
+
return authResult;
|
|
67
|
+
}
|
|
34
68
|
|
|
35
69
|
// check for secretHash
|
|
36
70
|
if (providedSecretHash) {
|
|
@@ -42,18 +76,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
42
76
|
status: 401
|
|
43
77
|
};
|
|
44
78
|
}
|
|
45
|
-
return
|
|
46
|
-
authorized: true,
|
|
47
|
-
apiKeyMeta
|
|
48
|
-
};
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
// check for public restrictions
|
|
52
|
-
if (domains.includes("*")) {
|
|
53
|
-
return {
|
|
54
|
-
authorized: true,
|
|
55
|
-
apiKeyMeta
|
|
56
|
-
};
|
|
79
|
+
return authResult;
|
|
57
80
|
}
|
|
58
81
|
|
|
59
82
|
// validate domains
|
|
@@ -61,24 +84,29 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
61
84
|
if (
|
|
62
85
|
// find matching domain, or if all domains allowed
|
|
63
86
|
domains.find(d => {
|
|
87
|
+
// if any domain is allowed, we'll return true
|
|
64
88
|
if (d === "*") {
|
|
65
89
|
return true;
|
|
66
90
|
}
|
|
67
91
|
|
|
92
|
+
// special rule for `localhost`
|
|
93
|
+
// if the domain is localhost, we'll allow any origin that starts with localhost
|
|
94
|
+
if (d === "localhost" && origin.startsWith("localhost")) {
|
|
95
|
+
return true;
|
|
96
|
+
}
|
|
97
|
+
|
|
68
98
|
// If the allowedDomain has a wildcard,
|
|
69
99
|
// we'll check that the ending of our domain matches the wildcard
|
|
70
100
|
if (d.startsWith("*.")) {
|
|
71
|
-
|
|
101
|
+
// get rid of the * and check if it ends with the `.<domain>.<tld>`
|
|
102
|
+
const domainRoot = d.slice(1);
|
|
72
103
|
return origin.endsWith(domainRoot);
|
|
73
104
|
}
|
|
74
105
|
|
|
75
106
|
// If there's no wildcard, we'll check for an exact match
|
|
76
107
|
return d === origin;
|
|
77
108
|
})) {
|
|
78
|
-
return
|
|
79
|
-
authorized: true,
|
|
80
|
-
apiKeyMeta
|
|
81
|
-
};
|
|
109
|
+
return authResult;
|
|
82
110
|
}
|
|
83
111
|
return {
|
|
84
112
|
authorized: false,
|
|
@@ -98,10 +126,7 @@ function authorizeClient(authOptions, apiKeyMeta) {
|
|
|
98
126
|
}
|
|
99
127
|
return b === bundleId;
|
|
100
128
|
})) {
|
|
101
|
-
return
|
|
102
|
-
authorized: true,
|
|
103
|
-
apiKeyMeta
|
|
104
|
-
};
|
|
129
|
+
return authResult;
|
|
105
130
|
}
|
|
106
131
|
return {
|
|
107
132
|
authorized: false,
|
|
@@ -162,6 +187,11 @@ function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
|
|
|
162
187
|
}
|
|
163
188
|
return {
|
|
164
189
|
authorized: true,
|
|
190
|
+
accountMeta: {
|
|
191
|
+
id: apiKeyMetadata.accountId,
|
|
192
|
+
name: "",
|
|
193
|
+
creatorWalletAddress: apiKeyMetadata.creatorWalletAddress
|
|
194
|
+
},
|
|
165
195
|
apiKeyMeta: apiKeyMetadata
|
|
166
196
|
};
|
|
167
197
|
}
|
|
@@ -170,18 +200,97 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
170
200
|
const {
|
|
171
201
|
clientId,
|
|
172
202
|
targetAddress,
|
|
173
|
-
secretKeyHash
|
|
203
|
+
secretKeyHash,
|
|
204
|
+
jwt,
|
|
205
|
+
hashedJWT
|
|
174
206
|
} = authData;
|
|
175
207
|
const {
|
|
176
208
|
enforceAuth
|
|
177
209
|
} = serviceConfig;
|
|
178
210
|
|
|
179
|
-
// BACKWARDS COMPAT: if auth not enforced and
|
|
180
|
-
// we don't have auth credentials bypass
|
|
211
|
+
// BACKWARDS COMPAT: if auth not enforced and we don't have auth credentials bypass
|
|
181
212
|
if (!enforceAuth && !clientId && !secretKeyHash) {
|
|
182
213
|
return {
|
|
183
214
|
authorized: true,
|
|
184
|
-
apiKeyMeta: null
|
|
215
|
+
apiKeyMeta: null,
|
|
216
|
+
accountMeta: null
|
|
217
|
+
};
|
|
218
|
+
}
|
|
219
|
+
// if we come in with a JWT then we only check the account is valid
|
|
220
|
+
if (jwt && hashedJWT) {
|
|
221
|
+
let accountMeta = null;
|
|
222
|
+
if (cacheOptions) {
|
|
223
|
+
try {
|
|
224
|
+
const cachedAccountInfo = await cacheOptions.get(hashedJWT);
|
|
225
|
+
if (cachedAccountInfo) {
|
|
226
|
+
const parsed = JSON.parse(cachedAccountInfo);
|
|
227
|
+
if ("updatedAt" in parsed) {
|
|
228
|
+
// we want to compare the updatedAt time to the current time
|
|
229
|
+
// if the difference is greater than the cacheTtl we want to ignore the cached data
|
|
230
|
+
const now = Date.now();
|
|
231
|
+
const diff = now - parsed.updatedAt;
|
|
232
|
+
const cacheTtl = cacheOptions.cacheTtlSeconds * 1000;
|
|
233
|
+
// only if the diff is less than the cacheTtl do we want to use the cached key
|
|
234
|
+
if (diff < cacheTtl * 1000) {
|
|
235
|
+
accountMeta = parsed.apiKeyMeta;
|
|
236
|
+
}
|
|
237
|
+
} else {
|
|
238
|
+
accountMeta = parsed;
|
|
239
|
+
}
|
|
240
|
+
}
|
|
241
|
+
} catch (err) {
|
|
242
|
+
// ignore errors, proceed as if not in cache
|
|
243
|
+
}
|
|
244
|
+
}
|
|
245
|
+
if (!accountMeta) {
|
|
246
|
+
try {
|
|
247
|
+
const {
|
|
248
|
+
data,
|
|
249
|
+
error
|
|
250
|
+
} = await fetchAccountFromApi(jwt, serviceConfig);
|
|
251
|
+
if (error) {
|
|
252
|
+
return {
|
|
253
|
+
authorized: false,
|
|
254
|
+
errorCode: error.code,
|
|
255
|
+
errorMessage: error.message,
|
|
256
|
+
status: error.statusCode
|
|
257
|
+
};
|
|
258
|
+
} else if (!data) {
|
|
259
|
+
return {
|
|
260
|
+
authorized: false,
|
|
261
|
+
errorCode: "NO_ACCOUNT",
|
|
262
|
+
errorMessage: "No error but also no account returned.",
|
|
263
|
+
status: 500
|
|
264
|
+
};
|
|
265
|
+
}
|
|
266
|
+
accountMeta = data;
|
|
267
|
+
if (cacheOptions) {
|
|
268
|
+
await cacheOptions.put(hashedJWT, accountMeta);
|
|
269
|
+
}
|
|
270
|
+
} catch (err) {
|
|
271
|
+
console.warn("failed to fetch account from api", err);
|
|
272
|
+
return {
|
|
273
|
+
authorized: false,
|
|
274
|
+
status: 500,
|
|
275
|
+
errorMessage: "Failed to account information.",
|
|
276
|
+
errorCode: "FAILED_TO_ACCOUNT"
|
|
277
|
+
};
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
// if we still don't have an accountMeta at this point we can't authorize
|
|
281
|
+
if (!accountMeta) {
|
|
282
|
+
return {
|
|
283
|
+
authorized: false,
|
|
284
|
+
status: 401,
|
|
285
|
+
errorMessage: "Missing account information.",
|
|
286
|
+
errorCode: "MISSING_ACCOUNT"
|
|
287
|
+
};
|
|
288
|
+
}
|
|
289
|
+
// otherwise we want to return early with the accountMeta
|
|
290
|
+
return {
|
|
291
|
+
authorized: true,
|
|
292
|
+
apiKeyMeta: null,
|
|
293
|
+
accountMeta
|
|
185
294
|
};
|
|
186
295
|
}
|
|
187
296
|
|
|
@@ -295,7 +404,13 @@ async function authorize(authData, serviceConfig, cacheOptions) {
|
|
|
295
404
|
// if we reach this point we are authorized!
|
|
296
405
|
return {
|
|
297
406
|
authorized: true,
|
|
298
|
-
apiKeyMeta
|
|
407
|
+
apiKeyMeta,
|
|
408
|
+
accountMeta: {
|
|
409
|
+
id: apiKeyMeta.accountId,
|
|
410
|
+
// TODO update this later
|
|
411
|
+
name: "",
|
|
412
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress
|
|
413
|
+
}
|
|
299
414
|
};
|
|
300
415
|
}
|
|
301
416
|
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var node_crypto = require('node:crypto');
|
|
6
|
-
var index = require('../../dist/index-
|
|
6
|
+
var index = require('../../dist/index-8a9496b0.cjs.dev.js');
|
|
7
7
|
var services = require('../../dist/services-a3f36057.cjs.dev.js');
|
|
8
8
|
|
|
9
9
|
async function authorizeNode(authInput, serviceConfig) {
|
|
@@ -91,7 +91,18 @@ function extractAuthorizationData(authInput) {
|
|
|
91
91
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
92
92
|
clientId = derivedClientId;
|
|
93
93
|
}
|
|
94
|
+
let jwt = null;
|
|
95
|
+
// check for authorization header on the request
|
|
96
|
+
const authorizationHeader = getHeader(headers, "authorization");
|
|
97
|
+
if (authorizationHeader) {
|
|
98
|
+
const [type, token] = authorizationHeader.split(" ");
|
|
99
|
+
if (type.toLowerCase() === "bearer") {
|
|
100
|
+
jwt = token;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
94
103
|
return {
|
|
104
|
+
jwt,
|
|
105
|
+
hashedJWT: jwt ? hashSecretKey(jwt) : null,
|
|
95
106
|
secretKeyHash,
|
|
96
107
|
secretKey,
|
|
97
108
|
clientId,
|
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
Object.defineProperty(exports, '__esModule', { value: true });
|
|
4
4
|
|
|
5
5
|
var node_crypto = require('node:crypto');
|
|
6
|
-
var index = require('../../dist/index-
|
|
6
|
+
var index = require('../../dist/index-92289057.cjs.prod.js');
|
|
7
7
|
var services = require('../../dist/services-9e185105.cjs.prod.js');
|
|
8
8
|
|
|
9
9
|
async function authorizeNode(authInput, serviceConfig) {
|
|
@@ -91,7 +91,18 @@ function extractAuthorizationData(authInput) {
|
|
|
91
91
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
92
92
|
clientId = derivedClientId;
|
|
93
93
|
}
|
|
94
|
+
let jwt = null;
|
|
95
|
+
// check for authorization header on the request
|
|
96
|
+
const authorizationHeader = getHeader(headers, "authorization");
|
|
97
|
+
if (authorizationHeader) {
|
|
98
|
+
const [type, token] = authorizationHeader.split(" ");
|
|
99
|
+
if (type.toLowerCase() === "bearer") {
|
|
100
|
+
jwt = token;
|
|
101
|
+
}
|
|
102
|
+
}
|
|
94
103
|
return {
|
|
104
|
+
jwt,
|
|
105
|
+
hashedJWT: jwt ? hashSecretKey(jwt) : null,
|
|
95
106
|
secretKeyHash,
|
|
96
107
|
secretKey,
|
|
97
108
|
clientId,
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import { createHash } from 'node:crypto';
|
|
2
|
-
import { a as authorize } from '../../dist/index-
|
|
2
|
+
import { a as authorize } from '../../dist/index-3a529ebb.esm.js';
|
|
3
3
|
export { b as SERVICES, S as SERVICE_DEFINITIONS, a as SERVICE_NAMES, g as getServiceByName } from '../../dist/services-86283509.esm.js';
|
|
4
4
|
|
|
5
5
|
async function authorizeNode(authInput, serviceConfig) {
|
|
@@ -87,7 +87,18 @@ function extractAuthorizationData(authInput) {
|
|
|
87
87
|
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
88
88
|
clientId = derivedClientId;
|
|
89
89
|
}
|
|
90
|
+
let jwt = null;
|
|
91
|
+
// check for authorization header on the request
|
|
92
|
+
const authorizationHeader = getHeader(headers, "authorization");
|
|
93
|
+
if (authorizationHeader) {
|
|
94
|
+
const [type, token] = authorizationHeader.split(" ");
|
|
95
|
+
if (type.toLowerCase() === "bearer") {
|
|
96
|
+
jwt = token;
|
|
97
|
+
}
|
|
98
|
+
}
|
|
90
99
|
return {
|
|
100
|
+
jwt,
|
|
101
|
+
hashedJWT: jwt ? hashSecretKey(jwt) : null,
|
|
91
102
|
secretKeyHash,
|
|
92
103
|
secretKey,
|
|
93
104
|
clientId,
|
package/package.json
CHANGED