@thirdweb-dev/service-utils 0.4.38 → 0.4.39

package/dist/index-88f1ffb6.cjs.dev.js

@@ -1,540 +0,0 @@
-'use strict';
-
-var client = require('./client-a5cc5822.cjs.dev.js');
-var zod = require('zod');
-
-async function fetchKeyMetadataFromApi(clientId, config) {
-  const {
-    apiUrl,
-    serviceScope,
-    serviceApiKey,
-    checkPolicy,
-    policyMetadata
-  } = config;
-  const policyQuery = checkPolicy && policyMetadata ? `&checkPolicy=true&policyMetadata=${encodeURIComponent(JSON.stringify(policyMetadata))}` : "";
-  const url = `${apiUrl}/v1/keys/use?clientId=${clientId}&scope=${serviceScope}&includeUsage=true${policyQuery}`;
-  const response = await fetch(url, {
-    method: "GET",
-    headers: {
-      "x-service-api-key": serviceApiKey,
-      "content-type": "application/json"
-    }
-  });
-  let text = "";
-  try {
-    text = await response.text();
-    return JSON.parse(text);
-  } catch (e) {
-    throw new Error(`Error fetching key metadata from API: ${response.status} - ${text}`);
-  }
-}
-async function fetchAccountFromApi(jwt, config, useWalletAuth) {
-  const {
-    apiUrl,
-    serviceApiKey
-  } = config;
-  const url = useWalletAuth ? `${apiUrl}/v1/wallet/me?includeUsage=true` : `${apiUrl}/v1/account/me?includeUsage=true`;
-  const response = await fetch(url, {
-    method: "GET",
-    headers: {
-      "x-service-api-key": serviceApiKey,
-      "content-type": "application/json",
-      authorization: `Bearer ${jwt}`
-    }
-  });
-  let text = "";
-  try {
-    text = await response.text();
-    return JSON.parse(text);
-  } catch (e) {
-    throw new Error(`Error fetching account from API: ${response.status} - ${text}`);
-  }
-}
-async function updateRateLimitedAt(apiKeyId, config) {
-  const {
-    apiUrl,
-    serviceScope: scope,
-    serviceApiKey
-  } = config;
-  const url = `${apiUrl}/usage/rateLimit`;
-  await fetch(url, {
-    method: "PUT",
-    headers: {
-      "x-service-api-key": serviceApiKey,
-      "content-type": "application/json"
-    },
-    body: JSON.stringify({
-      apiKeyId,
-      scope
-    })
-  });
-}
-
-function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
-  const {
-    services
-  } = apiKeyMetadata;
-  // validate services
-  const service = services.find(srv => srv.name === serviceConfig.serviceScope);
-  if (!service) {
-    return {
-      authorized: false,
-      errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
-      errorCode: "SERVICE_UNAUTHORIZED",
-      status: 403
-    };
-  }
-
-  // validate service actions
-  if (serviceConfig.serviceAction) {
-    const isActionAllowed = service.actions.includes(serviceConfig.serviceAction);
-    if (!isActionAllowed) {
-      return {
-        authorized: false,
-        errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
-        errorCode: "SERVICE_ACTION_UNAUTHORIZED",
-        status: 403
-      };
-    }
-  }
-
-  // validate service target addresses
-  // the service has to pass in the target address for this to be validated
-  if (authorizationPayload?.targetAddress) {
-    const checkedAddresses = Array.isArray(authorizationPayload.targetAddress) ? authorizationPayload.targetAddress : [authorizationPayload.targetAddress];
-    const allAllowed = service.targetAddresses.includes("*");
-    if (!allAllowed && checkedAddresses.some(ta => !service.targetAddresses.includes(ta))) {
-      return {
-        authorized: false,
-        errorMessage: `Invalid request: Unauthorized address: ${serviceConfig.serviceScope} ${checkedAddresses}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
-        errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
-        status: 403
-      };
-    }
-  }
-  return {
-    authorized: true,
-    apiKeyMeta: apiKeyMetadata,
-    accountMeta: {
-      id: apiKeyMetadata.accountId,
-      name: "",
-      creatorWalletAddress: apiKeyMetadata.creatorWalletAddress,
-      limits: apiKeyMetadata.limits,
-      rateLimits: apiKeyMetadata.rateLimits,
-      usage: apiKeyMetadata.usage
-    }
-  };
-}
-
-async function authorize(authData, serviceConfig, cacheOptions) {
-  const {
-    clientId,
-    targetAddress,
-    secretKeyHash,
-    jwt,
-    hashedJWT,
-    useWalletAuth
-  } = authData;
-  const {
-    enforceAuth
-  } = serviceConfig;
-
-  // BACKWARDS COMPAT: if auth not enforced and we don't have auth credentials bypass
-  if (!enforceAuth && !clientId && !secretKeyHash) {
-    return {
-      authorized: true,
-      apiKeyMeta: null,
-      accountMeta: null
-    };
-  }
-  // if we come in with a JWT then we only check the account is valid
-  if (jwt && hashedJWT) {
-    let accountMeta = null;
-    if (cacheOptions) {
-      try {
-        const cachedAccountInfo = await cacheOptions.get(hashedJWT);
-        if (cachedAccountInfo) {
-          const parsed = JSON.parse(cachedAccountInfo);
-          if ("updatedAt" in parsed) {
-            // we want to compare the updatedAt time to the current time
-            // if the difference is greater than the cacheTtl we want to ignore the cached data
-            const now = Date.now();
-            const diff = now - parsed.updatedAt;
-            const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
-            // only if the diff is less than the cacheTtl do we want to use the cached key
-            if (diff < cacheTtlMs) {
-              accountMeta = parsed.apiKeyMeta;
-            }
-          } else {
-            accountMeta = parsed;
-          }
-        }
-      } catch (err) {
-        // ignore errors, proceed as if not in cache
-      }
-    }
-    if (!accountMeta) {
-      try {
-        const {
-          data,
-          error
-        } = await fetchAccountFromApi(jwt, serviceConfig, useWalletAuth?.toLowerCase() === "true");
-        if (error) {
-          return {
-            authorized: false,
-            errorCode: error.code,
-            errorMessage: error.message,
-            status: error.statusCode
-          };
-        }
-        if (!data) {
-          return {
-            authorized: false,
-            errorCode: "NO_ACCOUNT",
-            errorMessage: "No error but also no account returned.",
-            status: 500
-          };
-        }
-        accountMeta = data;
-        if (cacheOptions) {
-          await cacheOptions.put(hashedJWT, accountMeta);
-        }
-      } catch (err) {
-        console.warn("failed to fetch account from api", err);
-        return {
-          authorized: false,
-          status: 500,
-          errorMessage: "Failed to get account information.",
-          errorCode: "FAILED_TO_LOAD_ACCOUNT"
-        };
-      }
-    }
-    // if we still don't have an accountMeta at this point we can't authorize
-    if (!accountMeta) {
-      return {
-        authorized: false,
-        status: 401,
-        errorMessage: "Missing account information.",
-        errorCode: "MISSING_ACCOUNT"
-      };
-    }
-    // otherwise we want to return early with the accountMeta
-    return {
-      authorized: true,
-      apiKeyMeta: null,
-      accountMeta
-    };
-  }
-
-  // if we don't have a client id at this point we can't authorize
-  if (!clientId) {
-    return {
-      authorized: false,
-      status: 401,
-      errorMessage: "Missing clientId or secretKey.",
-      errorCode: "MISSING_KEY"
-    };
-  }
-  let apiKeyMeta = null;
-  // if we have cache options we want to check the cache first
-  if (cacheOptions) {
-    try {
-      const cachedKey = await cacheOptions.get(clientId);
-      if (cachedKey) {
-        const parsed = JSON.parse(cachedKey);
-        if ("updatedAt" in parsed) {
-          // we want to compare the updatedAt time to the current time
-          // if the difference is greater than the cacheTtl we want to ignore the cached data
-          const now = Date.now();
-          const diff = now - parsed.updatedAt;
-          const cacheTtlMs = cacheOptions.cacheTtlSeconds * 1000;
-          // only if the diff is less than the cacheTtl do we want to use the cached key
-          if (diff < cacheTtlMs) {
-            apiKeyMeta = parsed.apiKeyMeta;
-          }
-        } else {
-          apiKeyMeta = parsed;
-        }
-      }
-    } catch (err) {
-      // ignore errors, proceed as if not in cache
-    }
-  }
-
-  // if we don't have a cached key, fetch from the API
-  if (!apiKeyMeta) {
-    try {
-      const {
-        data,
-        error
-      } = await fetchKeyMetadataFromApi(clientId, serviceConfig);
-      if (error) {
-        return {
-          authorized: false,
-          errorCode: error.code,
-          errorMessage: error.message,
-          status: error.statusCode
-        };
-      }
-      if (!data) {
-        return {
-          authorized: false,
-          errorCode: "NO_KEY",
-          errorMessage: "No error but also no key returned.",
-          status: 500
-        };
-      }
-      // if we have a key for sure then assign it
-      apiKeyMeta = data;
-
-      // cache the retrieved key if we have cache options
-      if (cacheOptions) {
-        // we await this always because it can be a promise or not
-        await cacheOptions.put(clientId, data);
-      }
-    } catch (err) {
-      console.warn("failed to fetch key metadata from api", err);
-      return {
-        authorized: false,
-        status: 500,
-        errorMessage: "Failed to fetch key metadata. Please check your secret-key/clientId.",
-        errorCode: "FAILED_TO_FETCH_KEY"
-      };
-    }
-  }
-  if (!apiKeyMeta) {
-    return {
-      authorized: false,
-      status: 401,
-      errorMessage: "Key is invalid. Please check your secret-key/clientId.",
-      errorCode: "INVALID_KEY"
-    };
-  }
-  // now we can validate the key itself
-  const clientAuth = client.authorizeClient(authData, apiKeyMeta);
-  if (!clientAuth.authorized) {
-    return {
-      errorCode: clientAuth.errorCode,
-      authorized: false,
-      status: 401,
-      errorMessage: clientAuth.errorMessage
-    };
-  }
-
-  // if we've made it this far we need to check service specific authorization
-  const serviceAuth = authorizeService(apiKeyMeta, serviceConfig, {
-    targetAddress
-  });
-  if (!serviceAuth.authorized) {
-    return {
-      errorCode: serviceAuth.errorCode,
-      authorized: false,
-      status: 403,
-      errorMessage: serviceAuth.errorMessage
-    };
-  }
-
-  // if we reach this point we are authorized!
-  return {
-    authorized: true,
-    apiKeyMeta,
-    accountMeta: {
-      id: apiKeyMeta.accountId,
-      // TODO update this later
-      name: "",
-      limits: apiKeyMeta.limits,
-      rateLimits: apiKeyMeta.rateLimits,
-      usage: apiKeyMeta.usage,
-      creatorWalletAddress: apiKeyMeta.creatorWalletAddress
-    }
-  };
-}
-
-const usageEventSchema = zod.z.object({
-  source: zod.z.enum(["ecosystemWallets", "embeddedWallets", "rpc", "storage", "bundler", "paymaster", "relayer", "connectWallet", "checkout", "engine", "pay", "rpcV2"]),
-  action: zod.z.string(),
-  /**
-   * The following fields are optional.
-   */
-
-  accountId: zod.z.string().optional(),
-  isClientEvent: zod.z.boolean().optional(),
-  apiKeyId: zod.z.string().optional(),
-  creatorWalletAddress: zod.z.string().optional(),
-  clientId: zod.z.string().optional(),
-  walletAddress: zod.z.string().optional(),
-  walletType: zod.z.string().optional(),
-  chainId: zod.z.number().int().positive().optional(),
-  provider: zod.z.string().optional(),
-  mimeType: zod.z.string().optional(),
-  fileSize: zod.z.number().int().nonnegative().optional(),
-  fileCid: zod.z.string().optional(),
-  evmMethod: zod.z.string().optional(),
-  userOpHash: zod.z.string().optional(),
-  gasLimit: zod.z.number().nonnegative().optional(),
-  gasPricePerUnit: zod.z.string().optional(),
-  transactionFeeUsd: zod.z.number().optional(),
-  transactionHash: zod.z.string().optional(),
-  sdkName: zod.z.string().optional(),
-  sdkVersion: zod.z.string().optional(),
-  sdkPlatform: zod.z.string().optional(),
-  sdkOS: zod.z.string().optional(),
-  productName: zod.z.string().optional(),
-  transactionValue: zod.z.string().optional(),
-  pathname: zod.z.string().optional(),
-  contractAddress: zod.z.string().optional(),
-  errorCode: zod.z.string().optional(),
-  httpStatusCode: zod.z.number().int().nonnegative().optional(),
-  functionName: zod.z.string().optional(),
-  extension: zod.z.string().optional(),
-  retryCount: zod.z.number().int().nonnegative().optional(),
-  policyId: zod.z.string().optional(),
-  msSinceQueue: zod.z.number().nonnegative().optional(),
-  msSinceSend: zod.z.number().nonnegative().optional(),
-  msTotalDuration: zod.z.number().nonnegative().optional(),
-  swapId: zod.z.string().optional(),
-  tokenAddress: zod.z.string().optional(),
-  amountWei: zod.z.string().optional(),
-  amountUSDCents: zod.z.number().nonnegative().optional(),
-  httpMethod: zod.z.enum(["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "CONNECT", "OPTIONS", "TRACE"]).optional(),
-  // Used to identify the ecosystem that the an ecosystem wallet belongs too
-  ecosystemId: zod.z.string().optional(),
-  ecosystemPartnerId: zod.z.string().optional(),
-  authenticationMethod: zod.z.string().optional(),
-  chainName: zod.z.string().optional(),
-  tokenSymbol: zod.z.string().optional(),
-  dstChainId: zod.z.number().optional(),
-  dstTokenAddress: zod.z.string().optional(),
-  dstChainName: zod.z.string().optional(),
-  dstTokenSymbol: zod.z.string().optional(),
-  msLatency: zod.z.number().optional(),
-  toAmountUSDCents: zod.z.number().optional(),
-  secondaryProvider: zod.z.string().optional(),
-  onRampId: zod.z.string().optional(),
-  evmRequestParams: zod.z.string().optional(),
-  providerIp: zod.z.string().optional()
-});
-
-const RATE_LIMIT_WINDOW_SECONDS = 10;
-
-// Redis interface compatible with ioredis (Node) and upstash (Cloudflare Workers).
-
-async function rateLimit(args) {
-  const {
-    authzResult,
-    serviceConfig,
-    redis,
-    sampleRate = 1.0
-  } = args;
-  const shouldSampleRequest = Math.random() < sampleRate;
-  if (!shouldSampleRequest || !authzResult.authorized) {
-    return {
-      rateLimited: false,
-      requestCount: 0,
-      rateLimit: 0
-    };
-  }
-  const {
-    apiKeyMeta,
-    accountMeta
-  } = authzResult;
-  const accountId = apiKeyMeta?.accountId || accountMeta?.id;
-  const {
-    serviceScope
-  } = serviceConfig;
-  const limitPerSecond = apiKeyMeta?.rateLimits?.[serviceScope] ?? accountMeta?.rateLimits?.[serviceScope];
-  if (!limitPerSecond) {
-    // No rate limit is provided. Assume the request is not rate limited.
-    return {
-      rateLimited: false,
-      requestCount: 0,
-      rateLimit: 0
-    };
-  }
-
-  // Gets the 10-second window for the current timestamp.
-  const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) * RATE_LIMIT_WINDOW_SECONDS;
-  const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
-
-  // Increment and get the current request count in this window.
-  const requestCount = await redis.incr(key);
-  if (requestCount === 1) {
-    // For the first increment, set an expiration to clean up this key.
-    await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
-  }
-
-  // Get the limit for this window accounting for the sample rate.
-  const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
-  if (requestCount > limitPerWindow) {
-    // Report rate limit hits.
-    if (apiKeyMeta?.id) {
-      await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
-    }
-
-    // Reject requests when they've exceeded 2x the rate limit.
-    if (requestCount > 2 * limitPerWindow) {
-      return {
-        rateLimited: true,
-        requestCount,
-        rateLimit: limitPerWindow,
-        status: 429,
-        errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
-        errorCode: "RATE_LIMIT_EXCEEDED"
-      };
-    }
-  }
-  return {
-    rateLimited: false,
-    requestCount,
-    rateLimit: limitPerWindow
-  };
-}
-
-async function usageLimit(authzResult, serviceConfig) {
-  if (!authzResult.authorized) {
-    return {
-      usageLimited: false
-    };
-  }
-  const {
-    apiKeyMeta,
-    accountMeta
-  } = authzResult;
-  const {
-    limits,
-    usage
-  } = apiKeyMeta || accountMeta || {};
-  const {
-    serviceScope
-  } = serviceConfig;
-  if (!usage || !(serviceScope in usage) || !limits || !(serviceScope in limits)) {
-    // No usage limit is provided. Assume the request is not limited.
-    return {
-      usageLimited: false
-    };
-  }
-  if (serviceScope === "storage" && (usage.storage?.sumFileSizeBytes ?? 0) > (limits.storage ?? 0)) {
-    return {
-      usageLimited: true,
-      status: 403,
-      errorMessage: `You've used all of your total usage credits for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
-      errorCode: "PAYMENT_METHOD_REQUIRED"
-    };
-  }
-  if (serviceScope === "embeddedWallets" && (usage.embeddedWallets?.countWalletAddresses ?? 0) > (limits.embeddedWallets ?? 0)) {
-    return {
-      usageLimited: true,
-      status: 403,
-      errorMessage: `You've used all of your total usage credits for Embedded Wallets. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
-      errorCode: "PAYMENT_METHOD_REQUIRED"
-    };
-  }
-  return {
-    usageLimited: false
-  };
-}
-
-exports.authorize = authorize;
-exports.rateLimit = rateLimit;
-exports.usageEventSchema = usageEventSchema;
-exports.usageLimit = usageLimit;

package/dist/thirdweb-dev-service-utils.cjs.d.ts

@@ -1,2 +0,0 @@
-export * from "./declarations/src/index";
-//# sourceMappingURL=thirdweb-dev-service-utils.cjs.d.ts.map

package/dist/thirdweb-dev-service-utils.cjs.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"thirdweb-dev-service-utils.cjs.d.ts","sourceRoot":"","sources":["./declarations/src/index.d.ts"],"names":[],"mappings":"AAAA"}

package/dist/thirdweb-dev-service-utils.cjs.dev.js

@@ -1,14 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-var client = require('./client-a5cc5822.cjs.dev.js');
-
-
-
-exports.SERVICES = client.SERVICES;
-exports.SERVICE_DEFINITIONS = client.SERVICE_DEFINITIONS;
-exports.SERVICE_NAMES = client.SERVICE_NAMES;
-exports.authorizeBundleId = client.authorizeBundleId;
-exports.authorizeDomain = client.authorizeDomain;
-exports.getServiceByName = client.getServiceByName;

package/dist/thirdweb-dev-service-utils.cjs.js

@@ -1,7 +0,0 @@
-'use strict';
-
-if (process.env.NODE_ENV === "production") {
-  module.exports = require("./thirdweb-dev-service-utils.cjs.prod.js");
-} else {
-  module.exports = require("./thirdweb-dev-service-utils.cjs.dev.js");
-}

package/dist/thirdweb-dev-service-utils.cjs.prod.js

@@ -1,14 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-var client = require('./client-84e46164.cjs.prod.js');
-
-
-
-exports.SERVICES = client.SERVICES;
-exports.SERVICE_DEFINITIONS = client.SERVICE_DEFINITIONS;
-exports.SERVICE_NAMES = client.SERVICE_NAMES;
-exports.authorizeBundleId = client.authorizeBundleId;
-exports.authorizeDomain = client.authorizeDomain;
-exports.getServiceByName = client.getServiceByName;

package/dist/thirdweb-dev-service-utils.esm.js

@@ -1 +0,0 @@
-export { d as SERVICES, S as SERVICE_DEFINITIONS, c as SERVICE_NAMES, a as authorizeBundleId, b as authorizeDomain, g as getServiceByName } from './client-8440b8fb.esm.js';

package/node/dist/thirdweb-dev-service-utils-node.cjs.d.ts

@@ -1,2 +0,0 @@
-export * from "../../dist/declarations/src/node/index";
-//# sourceMappingURL=thirdweb-dev-service-utils-node.cjs.d.ts.map

package/node/dist/thirdweb-dev-service-utils-node.cjs.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"thirdweb-dev-service-utils-node.cjs.d.ts","sourceRoot":"","sources":["../../dist/declarations/src/node/index.d.ts"],"names":[],"mappings":"AAAA"}