@thirdweb-dev/service-utils 0.4.38 → 0.4.39
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/cf-worker/index.js +155 -0
- package/dist/cjs/cf-worker/index.js.map +1 -0
- package/dist/cjs/cf-worker/usage.js +55 -0
- package/dist/cjs/cf-worker/usage.js.map +1 -0
- package/dist/cjs/core/api.js +65 -0
- package/dist/cjs/core/api.js.map +1 -0
- package/dist/cjs/core/authorize/client.js +115 -0
- package/dist/cjs/core/authorize/client.js.map +1 -0
- package/dist/cjs/core/authorize/index.js +215 -0
- package/dist/cjs/core/authorize/index.js.map +1 -0
- package/dist/cjs/core/authorize/service.js +58 -0
- package/dist/cjs/core/authorize/service.js.map +1 -0
- package/dist/cjs/core/authorize/types.js +3 -0
- package/dist/cjs/core/authorize/types.js.map +1 -0
- package/dist/cjs/core/rateLimit/index.js +64 -0
- package/dist/cjs/core/rateLimit/index.js.map +1 -0
- package/dist/cjs/core/rateLimit/types.js +3 -0
- package/dist/cjs/core/rateLimit/types.js.map +1 -0
- package/dist/cjs/core/services.js +71 -0
- package/dist/cjs/core/services.js.map +1 -0
- package/dist/cjs/core/types.js +3 -0
- package/dist/cjs/core/types.js.map +1 -0
- package/dist/cjs/core/usage.js +93 -0
- package/dist/cjs/core/usage.js.map +1 -0
- package/dist/cjs/core/usageLimit/index.js +45 -0
- package/dist/cjs/core/usageLimit/index.js.map +1 -0
- package/dist/cjs/core/usageLimit/types.js +3 -0
- package/dist/cjs/core/usageLimit/types.js.map +1 -0
- package/dist/cjs/index.js +10 -0
- package/dist/cjs/index.js.map +1 -0
- package/dist/cjs/mocks.js +53 -0
- package/dist/cjs/mocks.js.map +1 -0
- package/dist/cjs/node/index.js +173 -0
- package/dist/cjs/node/index.js.map +1 -0
- package/dist/cjs/package.json +1 -0
- package/dist/esm/cf-worker/index.js +147 -0
- package/dist/esm/cf-worker/index.js.map +1 -0
- package/dist/esm/cf-worker/usage.js +54 -0
- package/dist/esm/cf-worker/usage.js.map +1 -0
- package/dist/esm/core/api.js +60 -0
- package/dist/esm/core/api.js.map +1 -0
- package/dist/esm/core/authorize/client.js +110 -0
- package/dist/esm/core/authorize/client.js.map +1 -0
- package/dist/esm/core/authorize/index.js +212 -0
- package/dist/esm/core/authorize/index.js.map +1 -0
- package/dist/esm/core/authorize/service.js +55 -0
- package/dist/esm/core/authorize/service.js.map +1 -0
- package/dist/esm/core/authorize/types.js +2 -0
- package/dist/esm/core/authorize/types.js.map +1 -0
- package/dist/esm/core/rateLimit/index.js +61 -0
- package/dist/esm/core/rateLimit/index.js.map +1 -0
- package/dist/esm/core/rateLimit/types.js +2 -0
- package/dist/esm/core/rateLimit/types.js.map +1 -0
- package/dist/esm/core/services.js +67 -0
- package/dist/esm/core/services.js.map +1 -0
- package/dist/esm/core/types.js +2 -0
- package/dist/esm/core/types.js.map +1 -0
- package/dist/esm/core/usage.js +90 -0
- package/dist/esm/core/usage.js.map +1 -0
- package/dist/esm/core/usageLimit/index.js +42 -0
- package/dist/esm/core/usageLimit/index.js.map +1 -0
- package/dist/esm/core/usageLimit/types.js +2 -0
- package/dist/esm/core/usageLimit/types.js.map +1 -0
- package/dist/esm/index.js +4 -0
- package/dist/esm/index.js.map +1 -0
- package/dist/esm/mocks.js +50 -0
- package/dist/esm/mocks.js.map +1 -0
- package/dist/esm/node/index.js +165 -0
- package/dist/esm/node/index.js.map +1 -0
- package/dist/esm/package.json +1 -0
- package/dist/{declarations/src → types}/cf-worker/index.d.ts +8 -8
- package/dist/types/cf-worker/index.d.ts.map +1 -0
- package/dist/{declarations/src → types}/cf-worker/usage.d.ts +3 -2
- package/dist/types/cf-worker/usage.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/api.d.ts +1 -1
- package/dist/types/core/api.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/authorize/client.d.ts +2 -2
- package/dist/types/core/authorize/client.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/authorize/index.d.ts +2 -2
- package/dist/types/core/authorize/index.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/authorize/service.d.ts +2 -2
- package/dist/types/core/authorize/service.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/authorize/types.d.ts +1 -1
- package/dist/types/core/authorize/types.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/rateLimit/index.d.ts +3 -3
- package/dist/types/core/rateLimit/index.d.ts.map +1 -0
- package/dist/types/core/rateLimit/types.d.ts.map +1 -0
- package/dist/types/core/services.d.ts.map +1 -0
- package/dist/types/core/types.d.ts.map +1 -0
- package/dist/{declarations/src → types}/core/usage.d.ts +2 -2
- package/dist/types/core/usage.d.ts.map +1 -0
- package/dist/types/core/usageLimit/index.d.ts +5 -0
- package/dist/types/core/usageLimit/index.d.ts.map +1 -0
- package/dist/types/core/usageLimit/types.d.ts.map +1 -0
- package/dist/types/index.d.ts +3 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/mocks.d.ts +5 -0
- package/dist/types/mocks.d.ts.map +1 -0
- package/dist/{declarations/src → types}/node/index.d.ts +8 -8
- package/dist/types/node/index.d.ts.map +1 -0
- package/package.json +36 -29
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.d.ts +0 -2
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.d.ts.map +0 -1
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.dev.js +0 -226
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.js +0 -7
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js +0 -226
- package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js +0 -212
- package/cf-worker/package.json +0 -4
- package/dist/client-8440b8fb.esm.js +0 -195
- package/dist/client-84e46164.cjs.prod.js +0 -203
- package/dist/client-a5cc5822.cjs.dev.js +0 -203
- package/dist/declarations/src/cf-worker/index.d.ts.map +0 -1
- package/dist/declarations/src/cf-worker/usage.d.ts.map +0 -1
- package/dist/declarations/src/core/api.d.ts.map +0 -1
- package/dist/declarations/src/core/authorize/client.d.ts.map +0 -1
- package/dist/declarations/src/core/authorize/index.d.ts.map +0 -1
- package/dist/declarations/src/core/authorize/service.d.ts.map +0 -1
- package/dist/declarations/src/core/authorize/types.d.ts.map +0 -1
- package/dist/declarations/src/core/rateLimit/index.d.ts.map +0 -1
- package/dist/declarations/src/core/rateLimit/types.d.ts.map +0 -1
- package/dist/declarations/src/core/services.d.ts.map +0 -1
- package/dist/declarations/src/core/types.d.ts.map +0 -1
- package/dist/declarations/src/core/usage.d.ts.map +0 -1
- package/dist/declarations/src/core/usageLimit/index.d.ts +0 -5
- package/dist/declarations/src/core/usageLimit/index.d.ts.map +0 -1
- package/dist/declarations/src/core/usageLimit/types.d.ts.map +0 -1
- package/dist/declarations/src/index.d.ts +0 -3
- package/dist/declarations/src/index.d.ts.map +0 -1
- package/dist/declarations/src/node/index.d.ts.map +0 -1
- package/dist/index-23f268d8.cjs.prod.js +0 -540
- package/dist/index-5dc16842.esm.js +0 -535
- package/dist/index-88f1ffb6.cjs.dev.js +0 -540
- package/dist/thirdweb-dev-service-utils.cjs.d.ts +0 -2
- package/dist/thirdweb-dev-service-utils.cjs.d.ts.map +0 -1
- package/dist/thirdweb-dev-service-utils.cjs.dev.js +0 -14
- package/dist/thirdweb-dev-service-utils.cjs.js +0 -7
- package/dist/thirdweb-dev-service-utils.cjs.prod.js +0 -14
- package/dist/thirdweb-dev-service-utils.esm.js +0 -1
- package/node/dist/thirdweb-dev-service-utils-node.cjs.d.ts +0 -2
- package/node/dist/thirdweb-dev-service-utils-node.cjs.d.ts.map +0 -1
- package/node/dist/thirdweb-dev-service-utils-node.cjs.dev.js +0 -190
- package/node/dist/thirdweb-dev-service-utils-node.cjs.js +0 -7
- package/node/dist/thirdweb-dev-service-utils-node.cjs.prod.js +0 -190
- package/node/dist/thirdweb-dev-service-utils-node.esm.js +0 -176
- package/node/package.json +0 -4
- /package/dist/{declarations/src → types}/core/rateLimit/types.d.ts +0 -0
- /package/dist/{declarations/src → types}/core/services.d.ts +0 -0
- /package/dist/{declarations/src → types}/core/types.d.ts +0 -0
- /package/dist/{declarations/src → types}/core/usageLimit/types.d.ts +0 -0
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.authorizeWorker = authorizeWorker;
|
|
4
|
+
exports.extractAuthorizationData = extractAuthorizationData;
|
|
5
|
+
exports.hashSecretKey = hashSecretKey;
|
|
6
|
+
exports.deriveClientIdFromSecretKeyHash = deriveClientIdFromSecretKeyHash;
|
|
7
|
+
exports.logHttpRequest = logHttpRequest;
|
|
8
|
+
const tslib_1 = require("tslib");
|
|
9
|
+
const index_js_1 = require("../core/authorize/index.js");
|
|
10
|
+
tslib_1.__exportStar(require("./usage.js"), exports);
|
|
11
|
+
tslib_1.__exportStar(require("../core/services.js"), exports);
|
|
12
|
+
tslib_1.__exportStar(require("../core/rateLimit/index.js"), exports);
|
|
13
|
+
tslib_1.__exportStar(require("../core/usageLimit/index.js"), exports);
|
|
14
|
+
const DEFAULT_CACHE_TTL_SECONDS = 60;
|
|
15
|
+
async function authorizeWorker(authInput, serviceConfig) {
|
|
16
|
+
let authData;
|
|
17
|
+
try {
|
|
18
|
+
authData = await extractAuthorizationData(authInput);
|
|
19
|
+
}
|
|
20
|
+
catch (e) {
|
|
21
|
+
if (e instanceof Error && e.message === "KEY_CONFLICT") {
|
|
22
|
+
return {
|
|
23
|
+
authorized: false,
|
|
24
|
+
status: 400,
|
|
25
|
+
errorMessage: "Please pass either a client id or a secret key.",
|
|
26
|
+
errorCode: "KEY_CONFLICT",
|
|
27
|
+
};
|
|
28
|
+
}
|
|
29
|
+
return {
|
|
30
|
+
authorized: false,
|
|
31
|
+
status: 500,
|
|
32
|
+
errorMessage: "Internal Server Error",
|
|
33
|
+
errorCode: "INTERNAL_SERVER_ERROR",
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
return await (0, index_js_1.authorize)(authData, serviceConfig, {
|
|
37
|
+
get: async (clientId) => serviceConfig.kvStore.get(clientId),
|
|
38
|
+
put: (clientId, apiKeyMeta) => serviceConfig.ctx.waitUntil(serviceConfig.kvStore.put(clientId, JSON.stringify({
|
|
39
|
+
updatedAt: Date.now(),
|
|
40
|
+
apiKeyMeta,
|
|
41
|
+
}), {
|
|
42
|
+
expirationTtl: serviceConfig.cacheTtlSeconds &&
|
|
43
|
+
serviceConfig.cacheTtlSeconds >= DEFAULT_CACHE_TTL_SECONDS
|
|
44
|
+
? serviceConfig.cacheTtlSeconds
|
|
45
|
+
: DEFAULT_CACHE_TTL_SECONDS,
|
|
46
|
+
})),
|
|
47
|
+
cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS,
|
|
48
|
+
});
|
|
49
|
+
}
|
|
50
|
+
async function extractAuthorizationData(authInput) {
|
|
51
|
+
const requestUrl = new URL(authInput.req.url);
|
|
52
|
+
const headers = authInput.req.headers;
|
|
53
|
+
const secretKey = headers.get("x-secret-key");
|
|
54
|
+
// prefer clientId that is explicitly passed in
|
|
55
|
+
let clientId = authInput.clientId ?? null;
|
|
56
|
+
if (!clientId) {
|
|
57
|
+
// next preference is clientId from header
|
|
58
|
+
clientId = headers.get("x-client-id");
|
|
59
|
+
}
|
|
60
|
+
// next preference is search param
|
|
61
|
+
if (!clientId) {
|
|
62
|
+
clientId = requestUrl.searchParams.get("clientId");
|
|
63
|
+
}
|
|
64
|
+
// bundle id from header is first preference
|
|
65
|
+
let bundleId = headers.get("x-bundle-id");
|
|
66
|
+
// next preference is search param
|
|
67
|
+
if (!bundleId) {
|
|
68
|
+
bundleId = requestUrl.searchParams.get("bundleId");
|
|
69
|
+
}
|
|
70
|
+
let origin = headers.get("origin");
|
|
71
|
+
// if origin header is not available we'll fall back to referrer;
|
|
72
|
+
if (!origin) {
|
|
73
|
+
origin = headers.get("referer");
|
|
74
|
+
}
|
|
75
|
+
// if we have an origin at this point, normalize it
|
|
76
|
+
if (origin) {
|
|
77
|
+
try {
|
|
78
|
+
origin = new URL(origin).host;
|
|
79
|
+
}
|
|
80
|
+
catch (e) {
|
|
81
|
+
console.warn("failed to parse origin", origin, e);
|
|
82
|
+
}
|
|
83
|
+
}
|
|
84
|
+
// handle if we a secret key is passed in the headers
|
|
85
|
+
let secretKeyHash = null;
|
|
86
|
+
if (secretKey) {
|
|
87
|
+
// hash the secret key
|
|
88
|
+
secretKeyHash = await hashSecretKey(secretKey);
|
|
89
|
+
// derive the client id from the secret key hash
|
|
90
|
+
const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
|
|
91
|
+
// if we already have a client id passed in we need to make sure they match
|
|
92
|
+
if (clientId && clientId !== derivedClientId) {
|
|
93
|
+
throw new Error("KEY_CONFLICT");
|
|
94
|
+
}
|
|
95
|
+
// otherwise set the client id to the derived client id (client id based off of secret key)
|
|
96
|
+
clientId = derivedClientId;
|
|
97
|
+
}
|
|
98
|
+
let jwt = null;
|
|
99
|
+
if (headers.has("authorization")) {
|
|
100
|
+
const authHeader = headers.get("authorization");
|
|
101
|
+
if (authHeader) {
|
|
102
|
+
const [type, token] = authHeader.split(" ");
|
|
103
|
+
if (type?.toLowerCase() === "bearer" && !!token) {
|
|
104
|
+
jwt = token;
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
return {
|
|
109
|
+
jwt,
|
|
110
|
+
hashedJWT: jwt ? await hashSecretKey(jwt) : null,
|
|
111
|
+
secretKey,
|
|
112
|
+
clientId,
|
|
113
|
+
origin,
|
|
114
|
+
bundleId,
|
|
115
|
+
secretKeyHash,
|
|
116
|
+
targetAddress: authInput.targetAddress,
|
|
117
|
+
};
|
|
118
|
+
}
|
|
119
|
+
async function hashSecretKey(secretKey) {
|
|
120
|
+
return bufferToHex(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(secretKey)));
|
|
121
|
+
}
|
|
122
|
+
function deriveClientIdFromSecretKeyHash(secretKeyHash) {
|
|
123
|
+
return secretKeyHash.slice(0, 32);
|
|
124
|
+
}
|
|
125
|
+
function bufferToHex(buffer) {
|
|
126
|
+
return [...new Uint8Array(buffer)]
|
|
127
|
+
.map((x) => x.toString(16).padStart(2, "0"))
|
|
128
|
+
.join("");
|
|
129
|
+
}
|
|
130
|
+
async function logHttpRequest({ clientId, req, res, isAuthed, statusMessage, latencyMs, }) {
|
|
131
|
+
try {
|
|
132
|
+
const authorizationData = await extractAuthorizationData({ req, clientId });
|
|
133
|
+
const headers = req.headers;
|
|
134
|
+
console.log(JSON.stringify({
|
|
135
|
+
method: req.method,
|
|
136
|
+
pathname: req.url,
|
|
137
|
+
hasSecretKey: !!authorizationData.secretKey,
|
|
138
|
+
hasClientId: !!authorizationData.clientId,
|
|
139
|
+
hasJwt: !!authorizationData.jwt,
|
|
140
|
+
clientId: authorizationData.clientId,
|
|
141
|
+
isAuthed,
|
|
142
|
+
status: res.status,
|
|
143
|
+
sdkName: headers.get("x-sdk-name") ?? undefined,
|
|
144
|
+
sdkVersion: headers.get("x-sdk-version") ?? undefined,
|
|
145
|
+
platform: headers.get("x-sdk-platform") ?? undefined,
|
|
146
|
+
os: headers.get("x-sdk-os") ?? undefined,
|
|
147
|
+
latencyMs,
|
|
148
|
+
}));
|
|
149
|
+
if (statusMessage) {
|
|
150
|
+
console.log(`statusMessage=${statusMessage}`);
|
|
151
|
+
}
|
|
152
|
+
}
|
|
153
|
+
catch { }
|
|
154
|
+
}
|
|
155
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/cf-worker/index.ts"],"names":[],"mappings":";;AAiCA,0CA6CC;AAED,4DA6EC;AAED,sCAIC;AAED,0EAEC;AAQD,wCAwCC;;AA5MD,yDAAuD;AAKvD,qDAA2B;AAC3B,8DAAoC;AACpC,qEAA2C;AAC3C,sEAA4C;AAQ5C,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAM9B,KAAK,UAAU,eAAe,CACnC,SAAoB,EACpB,aAAkC;IAElC,IAAI,QAA4B,CAAC;IACjC,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACvD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;YACvD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,GAAG;gBACX,YAAY,EAAE,iDAAiD;gBAC/D,SAAS,EAAE,cAAc;aAC1B,CAAC;QACJ,CAAC;QACD,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,uBAAuB;YACrC,SAAS,EAAE,uBAAuB;SACnC,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,IAAA,oBAAS,EAAC,QAAQ,EAAE,aAAa,EAAE;QAC9C,GAAG,EAAE,KAAK,EAAE,QAAgB,EAAE,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;QACpE,GAAG,EAAE,CAAC,QAAgB,EAAE,UAA4C,EAAE,EAAE,CACtE,aAAa,CAAC,GAAG,CAAC,SAAS,CACzB,aAAa,CAAC,OAAO,CAAC,GAAG,CACvB,QAAQ,EACR,IAAI,CAAC,SAAS,CAAC;YACb,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,UAAU;SACX,CAAC,EACF;YACE,aAAa,EACX,aAAa,CAAC,eAAe;gBAC7B,aAAa,CAAC,eAAe,IAAI,yBAAyB;gBACxD,CAAC,CAAC,aAAa,CAAC,eAAe;gBAC/B,CAAC,CAAC,yBAAyB;SAChC,CACF,CACF;QACH,eAAe,EAAE,aAAa,CAAC,eAAe,IAAI,yBAAyB;KAC5E,CAAC,CAAC;AACL,CAAC;AAEM,KAAK,UAAU,wBAAwB,CAC5C,SAAoB;IAEpB,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;IACtC,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAE9C,+CAA+C;IAC/C,IAAI,QAAQ,GAAG,SAAS,CAAC,QAAQ,IAAI,IAAI,CAAC;IAE1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,0CAA0C;QAC1C,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IACxC,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IACD,4CAA4C;IAC5C,IAAI,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAE1C,kCAAkC;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;IACnC,iEAAiE;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IACD,mDAAmD;IACnD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,wBAAwB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,sBAAsB;QACtB,aAAa,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,CAAC;QAC/C,gDAAgD;QAChD,MAAM,eAAe,GAAG,+BAA+B,CAAC,aAAa,CAAC,CAAC;QACvE,2EAA2E;QAC3E,IAAI,QAAQ,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC;QACD,2FAA2F;QAC3F,QAAQ,GAAG,eAAe,CAAC;IAC7B,CAAC;IAED,IAAI,GAAG,GAAkB,IAAI,CAAC;IAC9B,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC;QACjC,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;QAChD,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,IAAI,EAAE,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;gBAChD,GAAG,GAAG,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG;QACH,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAChD,SAAS;QACT,QAAQ;QACR,MAAM;QACN,QAAQ;QACR,aAAa;QACb,aAAa,EAAE,SAAS,CAAC,aAAa;KACvC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,aAAa,CAAC,SAAiB;IACnD,OAAO,WAAW,CAChB,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAC3E,CAAC;AACJ,CAAC;AAED,SAAgB,+BAA+B,CAAC,aAAqB;IACnE,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,WAAW,CAAC,MAAmB;IACtC,OAAO,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;SAC/B,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;SAC3C,IAAI,CAAC,EAAE,CAAC,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,cAAc,CAAC,EACnC,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,EACb,SAAS,GAQV;IACC,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,MAAM,wBAAwB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAE5B,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,QAAQ,EAAE,GAAG,CAAC,GAAG;YACjB,YAAY,EAAE,CAAC,CAAC,iBAAiB,CAAC,SAAS;YAC3C,WAAW,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ;YACzC,MAAM,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG;YAC/B,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,QAAQ;YACR,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,SAAS;YAC/C,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,IAAI,SAAS;YACrD,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,SAAS;YACpD,EAAE,EAAE,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,SAAS;YACxC,SAAS;SACV,CAAC,CACH,CAAC;QACF,IAAI,aAAa,EAAE,CAAC;YAClB,OAAO,CAAC,GAAG,CAAC,iBAAiB,aAAa,EAAE,CAAC,CAAC;QAChD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;AACZ,CAAC"}
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.publishUsageEvents = publishUsageEvents;
|
|
4
|
+
const aws4fetch_1 = require("aws4fetch");
|
|
5
|
+
const usage_js_1 = require("../core/usage.js");
|
|
6
|
+
// Initialize a singleton for AWS usage.
|
|
7
|
+
let _aws;
|
|
8
|
+
function getAws(options) {
|
|
9
|
+
if (!_aws) {
|
|
10
|
+
_aws = new aws4fetch_1.AwsClient(options);
|
|
11
|
+
}
|
|
12
|
+
return _aws;
|
|
13
|
+
}
|
|
14
|
+
/**
|
|
15
|
+
* Publish usage events. Provide the relevant fields for your application.
|
|
16
|
+
*
|
|
17
|
+
* Usage in Cloudflare Workers:
|
|
18
|
+
* ctx.waitUntil(
|
|
19
|
+
* publishUsageEvents(
|
|
20
|
+
* [event1, event2],
|
|
21
|
+
* { queueUrl, accessKeyId, secretAccessKey },
|
|
22
|
+
* )
|
|
23
|
+
* )
|
|
24
|
+
*
|
|
25
|
+
* @param usageEvents
|
|
26
|
+
* @param config
|
|
27
|
+
*/
|
|
28
|
+
async function publishUsageEvents(usageEvents, config) {
|
|
29
|
+
const { queueUrl, accessKeyId, secretAccessKey, region = "us-west-2", } = config;
|
|
30
|
+
const entries = usageEvents.map((event) => {
|
|
31
|
+
// Enforce schema of usage event.
|
|
32
|
+
const parsed = usage_js_1.usageEventSchema.parse(event);
|
|
33
|
+
return {
|
|
34
|
+
Id: crypto.randomUUID(),
|
|
35
|
+
MessageBody: JSON.stringify(parsed),
|
|
36
|
+
};
|
|
37
|
+
});
|
|
38
|
+
const aws = getAws({
|
|
39
|
+
accessKeyId,
|
|
40
|
+
secretAccessKey,
|
|
41
|
+
region,
|
|
42
|
+
});
|
|
43
|
+
await aws.fetch(`https://sqs.${region}.amazonaws.com`, {
|
|
44
|
+
headers: {
|
|
45
|
+
"X-Amz-Target": "AmazonSQS.SendMessageBatch",
|
|
46
|
+
"X-Amz-Date": new Date().toISOString(),
|
|
47
|
+
"Content-Type": "application/x-amz-json-1.0",
|
|
48
|
+
},
|
|
49
|
+
body: JSON.stringify({
|
|
50
|
+
QueueUrl: queueUrl,
|
|
51
|
+
Entries: entries,
|
|
52
|
+
}),
|
|
53
|
+
});
|
|
54
|
+
}
|
|
55
|
+
//# sourceMappingURL=usage.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"usage.js","sourceRoot":"","sources":["../../../src/cf-worker/usage.ts"],"names":[],"mappings":";;AAsES,gDAAkB;AAtE3B,yCAAsC;AACtC,+CAAqE;AAGrE,wCAAwC;AACxC,IAAI,IAA2B,CAAC;AAChC,SAAS,MAAM,CAAC,OAAmD;IACjE,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,GAAG,IAAI,qBAAS,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,KAAK,UAAU,kBAAkB,CAC/B,WAAyB,EACzB,MAKC;IAED,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,eAAe,EACf,MAAM,GAAG,WAAW,GACrB,GAAG,MAAM,CAAC;IAEX,MAAM,OAAO,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE;QACxC,iCAAiC;QACjC,MAAM,MAAM,GAAG,2BAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAC7C,OAAO;YACL,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;YACvB,WAAW,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC;SACpC,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,CAAC;QACjB,WAAW;QACX,eAAe;QACf,MAAM;KACP,CAAC,CAAC;IACH,MAAM,GAAG,CAAC,KAAK,CAAC,eAAe,MAAM,gBAAgB,EAAE;QACrD,OAAO,EAAE;YACP,cAAc,EAAE,4BAA4B;YAC5C,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACtC,cAAc,EAAE,4BAA4B;SAC7C;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ,EAAE,QAAQ;YAClB,OAAO,EAAE,OAAO;SACjB,CAAC;KACH,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.fetchKeyMetadataFromApi = fetchKeyMetadataFromApi;
|
|
4
|
+
exports.fetchAccountFromApi = fetchAccountFromApi;
|
|
5
|
+
exports.updateRateLimitedAt = updateRateLimitedAt;
|
|
6
|
+
async function fetchKeyMetadataFromApi(clientId, config) {
|
|
7
|
+
const { apiUrl, serviceScope, serviceApiKey, checkPolicy, policyMetadata } = config;
|
|
8
|
+
const policyQuery = checkPolicy && policyMetadata
|
|
9
|
+
? `&checkPolicy=true&policyMetadata=${encodeURIComponent(JSON.stringify(policyMetadata))}`
|
|
10
|
+
: "";
|
|
11
|
+
const url = `${apiUrl}/v1/keys/use?clientId=${clientId}&scope=${serviceScope}&includeUsage=true${policyQuery}`;
|
|
12
|
+
const response = await fetch(url, {
|
|
13
|
+
method: "GET",
|
|
14
|
+
headers: {
|
|
15
|
+
"x-service-api-key": serviceApiKey,
|
|
16
|
+
"content-type": "application/json",
|
|
17
|
+
},
|
|
18
|
+
});
|
|
19
|
+
let text = "";
|
|
20
|
+
try {
|
|
21
|
+
text = await response.text();
|
|
22
|
+
return JSON.parse(text);
|
|
23
|
+
}
|
|
24
|
+
catch {
|
|
25
|
+
throw new Error(`Error fetching key metadata from API: ${response.status} - ${text}`);
|
|
26
|
+
}
|
|
27
|
+
}
|
|
28
|
+
async function fetchAccountFromApi(jwt, config, useWalletAuth) {
|
|
29
|
+
const { apiUrl, serviceApiKey } = config;
|
|
30
|
+
const url = useWalletAuth
|
|
31
|
+
? `${apiUrl}/v1/wallet/me?includeUsage=true`
|
|
32
|
+
: `${apiUrl}/v1/account/me?includeUsage=true`;
|
|
33
|
+
const response = await fetch(url, {
|
|
34
|
+
method: "GET",
|
|
35
|
+
headers: {
|
|
36
|
+
"x-service-api-key": serviceApiKey,
|
|
37
|
+
"content-type": "application/json",
|
|
38
|
+
authorization: `Bearer ${jwt}`,
|
|
39
|
+
},
|
|
40
|
+
});
|
|
41
|
+
let text = "";
|
|
42
|
+
try {
|
|
43
|
+
text = await response.text();
|
|
44
|
+
return JSON.parse(text);
|
|
45
|
+
}
|
|
46
|
+
catch {
|
|
47
|
+
throw new Error(`Error fetching account from API: ${response.status} - ${text}`);
|
|
48
|
+
}
|
|
49
|
+
}
|
|
50
|
+
async function updateRateLimitedAt(apiKeyId, config) {
|
|
51
|
+
const { apiUrl, serviceScope: scope, serviceApiKey } = config;
|
|
52
|
+
const url = `${apiUrl}/usage/rateLimit`;
|
|
53
|
+
await fetch(url, {
|
|
54
|
+
method: "PUT",
|
|
55
|
+
headers: {
|
|
56
|
+
"x-service-api-key": serviceApiKey,
|
|
57
|
+
"content-type": "application/json",
|
|
58
|
+
},
|
|
59
|
+
body: JSON.stringify({
|
|
60
|
+
apiKeyId,
|
|
61
|
+
scope,
|
|
62
|
+
}),
|
|
63
|
+
});
|
|
64
|
+
}
|
|
65
|
+
//# sourceMappingURL=api.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"api.js","sourceRoot":"","sources":["../../../src/core/api.ts"],"names":[],"mappings":";;AAwFA,0DA8BC;AAED,kDA2BC;AAED,kDAmBC;AAhFM,KAAK,UAAU,uBAAuB,CAC3C,QAAgB,EAChB,MAAyB;IAEzB,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,cAAc,EAAE,GACxE,MAAM,CAAC;IACT,MAAM,WAAW,GACf,WAAW,IAAI,cAAc;QAC3B,CAAC,CAAC,oCAAoC,kBAAkB,CACpD,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,CAC/B,EAAE;QACL,CAAC,CAAC,EAAE,CAAC;IACT,MAAM,GAAG,GAAG,GAAG,MAAM,yBAAyB,QAAQ,UAAU,YAAY,qBAAqB,WAAW,EAAE,CAAC;IAC/G,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,mBAAmB,EAAE,aAAa;YAClC,cAAc,EAAE,kBAAkB;SACnC;KACF,CAAC,CAAC;IAEH,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,yCAAyC,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CACrE,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,GAAW,EACX,MAAyB,EACzB,aAAsB;IAEtB,MAAM,EAAE,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IACzC,MAAM,GAAG,GAAG,aAAa;QACvB,CAAC,CAAC,GAAG,MAAM,iCAAiC;QAC5C,CAAC,CAAC,GAAG,MAAM,kCAAkC,CAAC;IAChD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAChC,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,mBAAmB,EAAE,aAAa;YAClC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,GAAG,EAAE;SAC/B;KACF,CAAC,CAAC;IAEH,IAAI,IAAI,GAAG,EAAE,CAAC;IACd,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CACb,oCAAoC,QAAQ,CAAC,MAAM,MAAM,IAAI,EAAE,CAChE,CAAC;IACJ,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,QAAgB,EAChB,MAAyB;IAEzB,MAAM,EAAE,MAAM,EAAE,YAAY,EAAE,KAAK,EAAE,aAAa,EAAE,GAAG,MAAM,CAAC;IAE9D,MAAM,GAAG,GAAG,GAAG,MAAM,kBAAkB,CAAC;IAExC,MAAM,KAAK,CAAC,GAAG,EAAE;QACf,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,mBAAmB,EAAE,aAAa;YAClC,cAAc,EAAE,kBAAkB;SACnC;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,QAAQ;YACR,KAAK;SACN,CAAC;KACH,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.authorizeClient = authorizeClient;
|
|
4
|
+
exports.authorizeDomain = authorizeDomain;
|
|
5
|
+
exports.authorizeBundleId = authorizeBundleId;
|
|
6
|
+
function authorizeClient(authOptions, apiKeyMeta) {
|
|
7
|
+
const { origin, bundleId, secretKeyHash: providedSecretHash } = authOptions;
|
|
8
|
+
const { domains, bundleIds, secretHash } = apiKeyMeta;
|
|
9
|
+
const authResult = {
|
|
10
|
+
authorized: true,
|
|
11
|
+
apiKeyMeta,
|
|
12
|
+
accountMeta: {
|
|
13
|
+
id: apiKeyMeta.accountId,
|
|
14
|
+
// TODO update this later
|
|
15
|
+
name: "",
|
|
16
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress,
|
|
17
|
+
limits: apiKeyMeta.limits,
|
|
18
|
+
rateLimits: apiKeyMeta.rateLimits,
|
|
19
|
+
usage: apiKeyMeta.usage,
|
|
20
|
+
},
|
|
21
|
+
};
|
|
22
|
+
// check for public restrictions
|
|
23
|
+
if (domains.includes("*")) {
|
|
24
|
+
return authResult;
|
|
25
|
+
}
|
|
26
|
+
// check for secretHash
|
|
27
|
+
if (providedSecretHash) {
|
|
28
|
+
if (secretHash !== providedSecretHash) {
|
|
29
|
+
return {
|
|
30
|
+
authorized: false,
|
|
31
|
+
errorMessage: "Incorrect key provided. You can view your active API keys at https://thirdweb.com/dashboard/settings",
|
|
32
|
+
errorCode: "SECRET_INVALID",
|
|
33
|
+
status: 401,
|
|
34
|
+
};
|
|
35
|
+
}
|
|
36
|
+
return authResult;
|
|
37
|
+
}
|
|
38
|
+
// validate domains
|
|
39
|
+
if (origin) {
|
|
40
|
+
if (authorizeDomain({
|
|
41
|
+
domains,
|
|
42
|
+
origin,
|
|
43
|
+
})) {
|
|
44
|
+
return authResult;
|
|
45
|
+
}
|
|
46
|
+
return {
|
|
47
|
+
authorized: false,
|
|
48
|
+
errorMessage: `Invalid request: Unauthorized domain: ${origin}. You can view the restrictions on this API key at https://thirdweb.com/create-api-key`,
|
|
49
|
+
errorCode: "ORIGIN_UNAUTHORIZED",
|
|
50
|
+
status: 401,
|
|
51
|
+
};
|
|
52
|
+
}
|
|
53
|
+
// validate bundleId
|
|
54
|
+
if (bundleId) {
|
|
55
|
+
if (authorizeBundleId({
|
|
56
|
+
bundleIds,
|
|
57
|
+
bundleId,
|
|
58
|
+
})) {
|
|
59
|
+
return authResult;
|
|
60
|
+
}
|
|
61
|
+
return {
|
|
62
|
+
authorized: false,
|
|
63
|
+
errorMessage: `Invalid request: Unauthorized Bundle ID: ${bundleId}. You can view the restrictions on this API key at https://thirdweb.com/create-api-key`,
|
|
64
|
+
errorCode: "BUNDLE_UNAUTHORIZED",
|
|
65
|
+
status: 401,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
return {
|
|
69
|
+
authorized: false,
|
|
70
|
+
errorMessage: "The keys are invalid. Please check the secret-key/clientId and try again.",
|
|
71
|
+
errorCode: "UNAUTHORIZED",
|
|
72
|
+
status: 401,
|
|
73
|
+
};
|
|
74
|
+
}
|
|
75
|
+
// Exposed for use in validating ecosystem partners settings
|
|
76
|
+
function authorizeDomain({ domains, origin, }) {
|
|
77
|
+
// find matching domain, or if all domains allowed
|
|
78
|
+
// embedded-wallet.thirdweb(-dev).com is automatically allowed
|
|
79
|
+
// because the rpc is passed from user's domain to embedded-wallet.thirdweb.com iframe for use.
|
|
80
|
+
// Note this doesn't allow embedded-wallets from being used if it's disabled. The service check that runs after enforces that.
|
|
81
|
+
return !![
|
|
82
|
+
...domains,
|
|
83
|
+
"embedded-wallet.thirdweb.com",
|
|
84
|
+
"embedded-wallet.thirdweb-dev.com",
|
|
85
|
+
].find((d) => {
|
|
86
|
+
// if any domain is allowed, we'll return true
|
|
87
|
+
if (d === "*") {
|
|
88
|
+
return true;
|
|
89
|
+
}
|
|
90
|
+
// special rule for `localhost`
|
|
91
|
+
// if the domain is localhost, we'll allow any origin that starts with localhost
|
|
92
|
+
if (d === "localhost" && origin.startsWith("localhost")) {
|
|
93
|
+
return true;
|
|
94
|
+
}
|
|
95
|
+
// If the allowedDomain has a wildcard,
|
|
96
|
+
// we'll check that the ending of our domain matches the wildcard
|
|
97
|
+
if (d.startsWith("*.")) {
|
|
98
|
+
// get rid of the * and check if it ends with the `.<domain>.<tld>`
|
|
99
|
+
const domainRoot = d.slice(1);
|
|
100
|
+
return origin.endsWith(domainRoot);
|
|
101
|
+
}
|
|
102
|
+
// If there's no wildcard, we'll check for an exact match
|
|
103
|
+
return d === origin;
|
|
104
|
+
});
|
|
105
|
+
}
|
|
106
|
+
function authorizeBundleId({ bundleIds, bundleId, }) {
|
|
107
|
+
// find matching bundle id, or if all bundles allowed
|
|
108
|
+
return !!bundleIds.find((b) => {
|
|
109
|
+
if (b === "*") {
|
|
110
|
+
return true;
|
|
111
|
+
}
|
|
112
|
+
return b === bundleId;
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
//# sourceMappingURL=client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"client.js","sourceRoot":"","sources":["../../../../src/core/authorize/client.ts"],"names":[],"mappings":";;AASA,0CAsFC;AAGD,0CAmCC;AAED,8CAYC;AA1ID,SAAgB,eAAe,CAC7B,WAAuC,EACvC,UAA0B;IAE1B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,aAAa,EAAE,kBAAkB,EAAE,GAAG,WAAW,CAAC;IAC5E,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,UAAU,EAAE,GAAG,UAAU,CAAC;IAEtD,MAAM,UAAU,GAAwB;QACtC,UAAU,EAAE,IAAI;QAChB,UAAU;QACV,WAAW,EAAE;YACX,EAAE,EAAE,UAAU,CAAC,SAAS;YACxB,yBAAyB;YACzB,IAAI,EAAE,EAAE;YACR,oBAAoB,EAAE,UAAU,CAAC,oBAAoB;YACrD,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,KAAK,EAAE,UAAU,CAAC,KAAK;SACxB;KACF,CAAC;IAEF,gCAAgC;IAChC,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QAC1B,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,uBAAuB;IACvB,IAAI,kBAAkB,EAAE,CAAC;QACvB,IAAI,UAAU,KAAK,kBAAkB,EAAE,CAAC;YACtC,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,YAAY,EACV,sGAAsG;gBACxG,SAAS,EAAE,gBAAgB;gBAC3B,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,mBAAmB;IACnB,IAAI,MAAM,EAAE,CAAC;QACX,IACE,eAAe,CAAC;YACd,OAAO;YACP,MAAM;SACP,CAAC,EACF,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,yCAAyC,MAAM,wFAAwF;YACrJ,SAAS,EAAE,qBAAqB;YAChC,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IAED,oBAAoB;IACpB,IAAI,QAAQ,EAAE,CAAC;QACb,IACE,iBAAiB,CAAC;YAChB,SAAS;YACT,QAAQ;SACT,CAAC,EACF,CAAC;YACD,OAAO,UAAU,CAAC;QACpB,CAAC;QAED,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,4CAA4C,QAAQ,wFAAwF;YAC1J,SAAS,EAAE,qBAAqB;YAChC,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IAED,OAAO;QACL,UAAU,EAAE,KAAK;QACjB,YAAY,EACV,2EAA2E;QAC7E,SAAS,EAAE,cAAc;QACzB,MAAM,EAAE,GAAG;KACZ,CAAC;AACJ,CAAC;AAED,4DAA4D;AAC5D,SAAgB,eAAe,CAAC,EAC9B,OAAO,EACP,MAAM,GACgC;IACtC,kDAAkD;IAClD,8DAA8D;IAC9D,+FAA+F;IAC/F,8HAA8H;IAC9H,OAAO,CAAC,CAAC;QACP,GAAG,OAAO;QACV,8BAA8B;QAC9B,kCAAkC;KACnC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QACX,8CAA8C;QAC9C,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,+BAA+B;QAC/B,gFAAgF;QAChF,IAAI,CAAC,KAAK,WAAW,IAAI,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;YACxD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,uCAAuC;QACvC,iEAAiE;QACjE,IAAI,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,mEAAmE;YACnE,MAAM,UAAU,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;YAC9B,OAAO,MAAM,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACrC,CAAC;QAED,yDAAyD;QACzD,OAAO,CAAC,KAAK,MAAM,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,iBAAiB,CAAC,EAChC,SAAS,EACT,QAAQ,GACkC;IAC1C,qDAAqD;IACrD,OAAO,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE;QAC5B,IAAI,CAAC,KAAK,GAAG,EAAE,CAAC;YACd,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,CAAC,KAAK,QAAQ,CAAC;IACxB,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -0,0 +1,215 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.authorize = authorize;
|
|
4
|
+
const api_js_1 = require("../api.js");
|
|
5
|
+
const client_js_1 = require("./client.js");
|
|
6
|
+
const service_js_1 = require("./service.js");
|
|
7
|
+
async function authorize(authData, serviceConfig, cacheOptions) {
|
|
8
|
+
const { clientId, targetAddress, secretKeyHash, jwt, hashedJWT, useWalletAuth, } = authData;
|
|
9
|
+
const { enforceAuth } = serviceConfig;
|
|
10
|
+
// BACKWARDS COMPAT: if auth not enforced and we don't have auth credentials bypass
|
|
11
|
+
if (!enforceAuth && !clientId && !secretKeyHash) {
|
|
12
|
+
return {
|
|
13
|
+
authorized: true,
|
|
14
|
+
apiKeyMeta: null,
|
|
15
|
+
accountMeta: null,
|
|
16
|
+
};
|
|
17
|
+
}
|
|
18
|
+
// if we come in with a JWT then we only check the account is valid
|
|
19
|
+
if (jwt && hashedJWT) {
|
|
20
|
+
let accountMeta = null;
|
|
21
|
+
if (cacheOptions) {
|
|
22
|
+
try {
|
|
23
|
+
const cachedAccountInfo = await cacheOptions.get(hashedJWT);
|
|
24
|
+
if (cachedAccountInfo) {
|
|
25
|
+
const parsed = JSON.parse(cachedAccountInfo);
|
|
26
|
+
if ("updatedAt" in parsed) {
|
|
27
|
+
// we want to compare the updatedAt time to the current time
|
|
28
|
+
// if the difference is greater than the cacheTtl we want to ignore the cached data
|
|
29
|
+
const now = Date.now();
|
|
30
|
+
const diff = now - parsed.updatedAt;
|
|
31
|
+
const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
|
|
32
|
+
// only if the diff is less than the cacheTtl do we want to use the cached key
|
|
33
|
+
if (diff < cacheTtlMs) {
|
|
34
|
+
accountMeta = parsed.apiKeyMeta;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
else {
|
|
38
|
+
accountMeta = parsed;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
}
|
|
42
|
+
catch {
|
|
43
|
+
// ignore errors, proceed as if not in cache
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
if (!accountMeta) {
|
|
47
|
+
try {
|
|
48
|
+
const { data, error } = await (0, api_js_1.fetchAccountFromApi)(jwt, serviceConfig, useWalletAuth?.toLowerCase() === "true");
|
|
49
|
+
if (error) {
|
|
50
|
+
return {
|
|
51
|
+
authorized: false,
|
|
52
|
+
errorCode: error.code,
|
|
53
|
+
errorMessage: error.message,
|
|
54
|
+
status: error.statusCode,
|
|
55
|
+
};
|
|
56
|
+
}
|
|
57
|
+
if (!data) {
|
|
58
|
+
return {
|
|
59
|
+
authorized: false,
|
|
60
|
+
errorCode: "NO_ACCOUNT",
|
|
61
|
+
errorMessage: "No error but also no account returned.",
|
|
62
|
+
status: 500,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
accountMeta = data;
|
|
66
|
+
if (cacheOptions) {
|
|
67
|
+
await cacheOptions.put(hashedJWT, accountMeta);
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
catch (err) {
|
|
71
|
+
console.warn("failed to fetch account from api", err);
|
|
72
|
+
return {
|
|
73
|
+
authorized: false,
|
|
74
|
+
status: 500,
|
|
75
|
+
errorMessage: "Failed to get account information.",
|
|
76
|
+
errorCode: "FAILED_TO_LOAD_ACCOUNT",
|
|
77
|
+
};
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
// if we still don't have an accountMeta at this point we can't authorize
|
|
81
|
+
if (!accountMeta) {
|
|
82
|
+
return {
|
|
83
|
+
authorized: false,
|
|
84
|
+
status: 401,
|
|
85
|
+
errorMessage: "Missing account information.",
|
|
86
|
+
errorCode: "MISSING_ACCOUNT",
|
|
87
|
+
};
|
|
88
|
+
}
|
|
89
|
+
// otherwise we want to return early with the accountMeta
|
|
90
|
+
return {
|
|
91
|
+
authorized: true,
|
|
92
|
+
apiKeyMeta: null,
|
|
93
|
+
accountMeta,
|
|
94
|
+
};
|
|
95
|
+
}
|
|
96
|
+
// if we don't have a client id at this point we can't authorize
|
|
97
|
+
if (!clientId) {
|
|
98
|
+
return {
|
|
99
|
+
authorized: false,
|
|
100
|
+
status: 401,
|
|
101
|
+
errorMessage: "Missing clientId or secretKey.",
|
|
102
|
+
errorCode: "MISSING_KEY",
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
let apiKeyMeta = null;
|
|
106
|
+
// if we have cache options we want to check the cache first
|
|
107
|
+
if (cacheOptions) {
|
|
108
|
+
try {
|
|
109
|
+
const cachedKey = await cacheOptions.get(clientId);
|
|
110
|
+
if (cachedKey) {
|
|
111
|
+
const parsed = JSON.parse(cachedKey);
|
|
112
|
+
if ("updatedAt" in parsed) {
|
|
113
|
+
// we want to compare the updatedAt time to the current time
|
|
114
|
+
// if the difference is greater than the cacheTtl we want to ignore the cached data
|
|
115
|
+
const now = Date.now();
|
|
116
|
+
const diff = now - parsed.updatedAt;
|
|
117
|
+
const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
|
|
118
|
+
// only if the diff is less than the cacheTtl do we want to use the cached key
|
|
119
|
+
if (diff < cacheTtlMs) {
|
|
120
|
+
apiKeyMeta = parsed.apiKeyMeta;
|
|
121
|
+
}
|
|
122
|
+
}
|
|
123
|
+
else {
|
|
124
|
+
apiKeyMeta = parsed;
|
|
125
|
+
}
|
|
126
|
+
}
|
|
127
|
+
}
|
|
128
|
+
catch {
|
|
129
|
+
// ignore errors, proceed as if not in cache
|
|
130
|
+
}
|
|
131
|
+
}
|
|
132
|
+
// if we don't have a cached key, fetch from the API
|
|
133
|
+
if (!apiKeyMeta) {
|
|
134
|
+
try {
|
|
135
|
+
const { data, error } = await (0, api_js_1.fetchKeyMetadataFromApi)(clientId, serviceConfig);
|
|
136
|
+
if (error) {
|
|
137
|
+
return {
|
|
138
|
+
authorized: false,
|
|
139
|
+
errorCode: error.code,
|
|
140
|
+
errorMessage: error.message,
|
|
141
|
+
status: error.statusCode,
|
|
142
|
+
};
|
|
143
|
+
}
|
|
144
|
+
if (!data) {
|
|
145
|
+
return {
|
|
146
|
+
authorized: false,
|
|
147
|
+
errorCode: "NO_KEY",
|
|
148
|
+
errorMessage: "No error but also no key returned.",
|
|
149
|
+
status: 500,
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
// if we have a key for sure then assign it
|
|
153
|
+
apiKeyMeta = data;
|
|
154
|
+
// cache the retrieved key if we have cache options
|
|
155
|
+
if (cacheOptions) {
|
|
156
|
+
// we await this always because it can be a promise or not
|
|
157
|
+
await cacheOptions.put(clientId, data);
|
|
158
|
+
}
|
|
159
|
+
}
|
|
160
|
+
catch (err) {
|
|
161
|
+
console.warn("failed to fetch key metadata from api", err);
|
|
162
|
+
return {
|
|
163
|
+
authorized: false,
|
|
164
|
+
status: 500,
|
|
165
|
+
errorMessage: "Failed to fetch key metadata. Please check your secret-key/clientId.",
|
|
166
|
+
errorCode: "FAILED_TO_FETCH_KEY",
|
|
167
|
+
};
|
|
168
|
+
}
|
|
169
|
+
}
|
|
170
|
+
if (!apiKeyMeta) {
|
|
171
|
+
return {
|
|
172
|
+
authorized: false,
|
|
173
|
+
status: 401,
|
|
174
|
+
errorMessage: "Key is invalid. Please check your secret-key/clientId.",
|
|
175
|
+
errorCode: "INVALID_KEY",
|
|
176
|
+
};
|
|
177
|
+
}
|
|
178
|
+
// now we can validate the key itself
|
|
179
|
+
const clientAuth = (0, client_js_1.authorizeClient)(authData, apiKeyMeta);
|
|
180
|
+
if (!clientAuth.authorized) {
|
|
181
|
+
return {
|
|
182
|
+
errorCode: clientAuth.errorCode,
|
|
183
|
+
authorized: false,
|
|
184
|
+
status: 401,
|
|
185
|
+
errorMessage: clientAuth.errorMessage,
|
|
186
|
+
};
|
|
187
|
+
}
|
|
188
|
+
// if we've made it this far we need to check service specific authorization
|
|
189
|
+
const serviceAuth = (0, service_js_1.authorizeService)(apiKeyMeta, serviceConfig, {
|
|
190
|
+
targetAddress,
|
|
191
|
+
});
|
|
192
|
+
if (!serviceAuth.authorized) {
|
|
193
|
+
return {
|
|
194
|
+
errorCode: serviceAuth.errorCode,
|
|
195
|
+
authorized: false,
|
|
196
|
+
status: 403,
|
|
197
|
+
errorMessage: serviceAuth.errorMessage,
|
|
198
|
+
};
|
|
199
|
+
}
|
|
200
|
+
// if we reach this point we are authorized!
|
|
201
|
+
return {
|
|
202
|
+
authorized: true,
|
|
203
|
+
apiKeyMeta,
|
|
204
|
+
accountMeta: {
|
|
205
|
+
id: apiKeyMeta.accountId,
|
|
206
|
+
// TODO update this later
|
|
207
|
+
name: "",
|
|
208
|
+
limits: apiKeyMeta.limits,
|
|
209
|
+
rateLimits: apiKeyMeta.rateLimits,
|
|
210
|
+
usage: apiKeyMeta.usage,
|
|
211
|
+
creatorWalletAddress: apiKeyMeta.creatorWalletAddress,
|
|
212
|
+
},
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/authorize/index.ts"],"names":[],"mappings":";;AA+CA,8BAuOC;AAtRD,sCAMmB;AACnB,2CAA8C;AAC9C,6CAAgD;AAuCzC,KAAK,UAAU,SAAS,CAC7B,QAA4B,EAC5B,aAAgC,EAChC,YAA2B;IAE3B,MAAM,EACJ,QAAQ,EACR,aAAa,EACb,aAAa,EACb,GAAG,EACH,SAAS,EACT,aAAa,GACd,GAAG,QAAQ,CAAC;IACb,MAAM,EAAE,WAAW,EAAE,GAAG,aAAa,CAAC;IAEtC,mFAAmF;IACnF,IAAI,CAAC,WAAW,IAAI,CAAC,QAAQ,IAAI,CAAC,aAAa,EAAE,CAAC;QAChD,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,IAAI;YAChB,WAAW,EAAE,IAAI;SAClB,CAAC;IACJ,CAAC;IACD,mEAAmE;IACnE,IAAI,GAAG,IAAI,SAAS,EAAE,CAAC;QACrB,IAAI,WAAW,GAA2B,IAAI,CAAC;QAC/C,IAAI,YAAY,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,iBAAiB,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC5D,IAAI,iBAAiB,EAAE,CAAC;oBACtB,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CACvB,iBAAiB,CACa,CAAC;oBACjC,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;wBAC1B,4DAA4D;wBAC5D,mFAAmF;wBACnF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;wBACvB,MAAM,IAAI,GAAG,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;wBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,eAAe,GAAG,IAAI,CAAC;wBACvD,8EAA8E;wBAC9E,IAAI,IAAI,GAAG,UAAU,EAAE,CAAC;4BACtB,WAAW,GAAG,MAAM,CAAC,UAAU,CAAC;wBAClC,CAAC;oBACH,CAAC;yBAAM,CAAC;wBACN,WAAW,GAAG,MAAM,CAAC;oBACvB,CAAC;gBACH,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4CAA4C;YAC9C,CAAC;QACH,CAAC;QACD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,4BAAmB,EAC/C,GAAG,EACH,aAAa,EACb,aAAa,EAAE,WAAW,EAAE,KAAK,MAAM,CACxC,CAAC;gBACF,IAAI,KAAK,EAAE,CAAC;oBACV,OAAO;wBACL,UAAU,EAAE,KAAK;wBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;wBACrB,YAAY,EAAE,KAAK,CAAC,OAAO;wBAC3B,MAAM,EAAE,KAAK,CAAC,UAAU;qBACzB,CAAC;gBACJ,CAAC;gBACD,IAAI,CAAC,IAAI,EAAE,CAAC;oBACV,OAAO;wBACL,UAAU,EAAE,KAAK;wBACjB,SAAS,EAAE,YAAY;wBACvB,YAAY,EAAE,wCAAwC;wBACtD,MAAM,EAAE,GAAG;qBACZ,CAAC;gBACJ,CAAC;gBACD,WAAW,GAAG,IAAI,CAAC;gBACnB,IAAI,YAAY,EAAE,CAAC;oBACjB,MAAM,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;gBACjD,CAAC;YACH,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,OAAO,CAAC,IAAI,CAAC,kCAAkC,EAAE,GAAG,CAAC,CAAC;gBACtD,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,MAAM,EAAE,GAAG;oBACX,YAAY,EAAE,oCAAoC;oBAClD,SAAS,EAAE,wBAAwB;iBACpC,CAAC;YACJ,CAAC;QACH,CAAC;QACD,yEAAyE;QACzE,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,GAAG;gBACX,YAAY,EAAE,8BAA8B;gBAC5C,SAAS,EAAE,iBAAiB;aAC7B,CAAC;QACJ,CAAC;QACD,yDAAyD;QACzD,OAAO;YACL,UAAU,EAAE,IAAI;YAChB,UAAU,EAAE,IAAI;YAChB,WAAW;SACZ,CAAC;IACJ,CAAC;IAED,gEAAgE;IAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,gCAAgC;YAC9C,SAAS,EAAE,aAAa;SACzB,CAAC;IACJ,CAAC;IAED,IAAI,UAAU,GAA0B,IAAI,CAAC;IAC7C,4DAA4D;IAC5D,IAAI,YAAY,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnD,IAAI,SAAS,EAAE,CAAC;gBACd,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAA+B,CAAC;gBACnE,IAAI,WAAW,IAAI,MAAM,EAAE,CAAC;oBAC1B,4DAA4D;oBAC5D,mFAAmF;oBACnF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;oBACvB,MAAM,IAAI,GAAG,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC;oBACpC,MAAM,UAAU,GAAG,YAAY,CAAC,eAAe,GAAG,IAAI,CAAC;oBACvD,8EAA8E;oBAC9E,IAAI,IAAI,GAAG,UAAU,EAAE,CAAC;wBACtB,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;oBACjC,CAAC;gBACH,CAAC;qBAAM,CAAC;oBACN,UAAU,GAAG,MAAM,CAAC;gBACtB,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4CAA4C;QAC9C,CAAC;IACH,CAAC;IAED,oDAAoD;IACpD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,MAAM,IAAA,gCAAuB,EACnD,QAAQ,EACR,aAAa,CACd,CAAC;YACF,IAAI,KAAK,EAAE,CAAC;gBACV,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS,EAAE,KAAK,CAAC,IAAI;oBACrB,YAAY,EAAE,KAAK,CAAC,OAAO;oBAC3B,MAAM,EAAE,KAAK,CAAC,UAAU;iBACzB,CAAC;YACJ,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO;oBACL,UAAU,EAAE,KAAK;oBACjB,SAAS,EAAE,QAAQ;oBACnB,YAAY,EAAE,oCAAoC;oBAClD,MAAM,EAAE,GAAG;iBACZ,CAAC;YACJ,CAAC;YACD,2CAA2C;YAC3C,UAAU,GAAG,IAAI,CAAC;YAElB,mDAAmD;YACnD,IAAI,YAAY,EAAE,CAAC;gBACjB,0DAA0D;gBAC1D,MAAM,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,IAAI,CAAC,uCAAuC,EAAE,GAAG,CAAC,CAAC;YAC3D,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,GAAG;gBACX,YAAY,EACV,sEAAsE;gBACxE,SAAS,EAAE,qBAAqB;aACjC,CAAC;QACJ,CAAC;IACH,CAAC;IACD,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,wDAAwD;YACtE,SAAS,EAAE,aAAa;SACzB,CAAC;IACJ,CAAC;IACD,qCAAqC;IACrC,MAAM,UAAU,GAAG,IAAA,2BAAe,EAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;IAEzD,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAC3B,OAAO;YACL,SAAS,EAAE,UAAU,CAAC,SAAS;YAC/B,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,UAAU,CAAC,YAAY;SACtC,CAAC;IACJ,CAAC;IAED,4EAA4E;IAC5E,MAAM,WAAW,GAAG,IAAA,6BAAgB,EAAC,UAAU,EAAE,aAAa,EAAE;QAC9D,aAAa;KACd,CAAC,CAAC;IAEH,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QAC5B,OAAO;YACL,SAAS,EAAE,WAAW,CAAC,SAAS;YAChC,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,WAAW,CAAC,YAAY;SACvC,CAAC;IACJ,CAAC;IAED,4CAA4C;IAC5C,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,UAAU;QACV,WAAW,EAAE;YACX,EAAE,EAAE,UAAU,CAAC,SAAS;YACxB,yBAAyB;YACzB,IAAI,EAAE,EAAE;YACR,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,UAAU,EAAE,UAAU,CAAC,UAAU;YACjC,KAAK,EAAE,UAAU,CAAC,KAAK;YACvB,oBAAoB,EAAE,UAAU,CAAC,oBAAoB;SACtD;KACF,CAAC;AACJ,CAAC"}
|