@thirdweb-dev/service-utils 0.4.38 → 0.4.39

package/dist/cjs/core/authorize/service.js

@@ -0,0 +1,58 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizeService = authorizeService;
+function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
+    const { services } = apiKeyMetadata;
+    // validate services
+    const service = services.find((srv) => srv.name === serviceConfig.serviceScope);
+    if (!service) {
+        return {
+            authorized: false,
+            errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+            errorCode: "SERVICE_UNAUTHORIZED",
+            status: 403,
+        };
+    }
+    // validate service actions
+    if (serviceConfig.serviceAction) {
+        const isActionAllowed = service.actions.includes(serviceConfig.serviceAction);
+        if (!isActionAllowed) {
+            return {
+                authorized: false,
+                errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+                errorCode: "SERVICE_ACTION_UNAUTHORIZED",
+                status: 403,
+            };
+        }
+    }
+    // validate service target addresses
+    // the service has to pass in the target address for this to be validated
+    if (authorizationPayload?.targetAddress) {
+        const checkedAddresses = Array.isArray(authorizationPayload.targetAddress)
+            ? authorizationPayload.targetAddress
+            : [authorizationPayload.targetAddress];
+        const allAllowed = service.targetAddresses.includes("*");
+        if (!allAllowed &&
+            checkedAddresses.some((ta) => !service.targetAddresses.includes(ta))) {
+            return {
+                authorized: false,
+                errorMessage: `Invalid request: Unauthorized address: ${serviceConfig.serviceScope} ${checkedAddresses}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+                errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
+                status: 403,
+            };
+        }
+    }
+    return {
+        authorized: true,
+        apiKeyMeta: apiKeyMetadata,
+        accountMeta: {
+            id: apiKeyMetadata.accountId,
+            name: "",
+            creatorWalletAddress: apiKeyMetadata.creatorWalletAddress,
+            limits: apiKeyMetadata.limits,
+            rateLimits: apiKeyMetadata.rateLimits,
+            usage: apiKeyMetadata.usage,
+        },
+    };
+}
+//# sourceMappingURL=service.js.map

package/dist/cjs/core/authorize/service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.js","sourceRoot":"","sources":["../../../../src/core/authorize/service.ts"],"names":[],"mappings":";;AAKA,4CAoEC;AApED,SAAgB,gBAAgB,CAC9B,cAA8B,EAC9B,aAAgC,EAChC,oBAAkD;IAElD,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;IACpC,oBAAoB;IACpB,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAC3B,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,CAAC,YAAY,CACjD,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,0CAA0C,aAAa,CAAC,YAAY,yGAAyG;YAC3L,SAAS,EAAE,sBAAsB;YACjC,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAChC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAC9C,aAAa,CAAC,aAAa,CAC5B,CAAC;QACF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,YAAY,EAAE,yCAAyC,aAAa,CAAC,YAAY,IAAI,aAAa,CAAC,aAAa,yGAAyG;gBACzN,SAAS,EAAE,6BAA6B;gBACxC,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,yEAAyE;IACzE,IAAI,oBAAoB,EAAE,aAAa,EAAE,CAAC;QACxC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;YACxE,CAAC,CAAC,oBAAoB,CAAC,aAAa;YACpC,CAAC,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;QAEzC,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEzD,IACE,CAAC,UAAU;YACX,gBAAgB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EACpE,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,YAAY,EAAE,0CAA0C,aAAa,CAAC,YAAY,IAAI,gBAAgB,yGAAyG;gBAC/M,SAAS,EAAE,qCAAqC;gBAChD,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE;YACX,EAAE,EAAE,cAAc,CAAC,SAAS;YAC5B,IAAI,EAAE,EAAE;YACR,oBAAoB,EAAE,cAAc,CAAC,oBAAoB;YACzD,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,UAAU,EAAE,cAAc,CAAC,UAAU;YACrC,KAAK,EAAE,cAAc,CAAC,KAAK;SAC5B;KACF,CAAC;AACJ,CAAC"}

package/dist/cjs/core/authorize/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/core/authorize/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/authorize/types.ts"],"names":[],"mappings":""}

package/dist/cjs/core/rateLimit/index.js

@@ -0,0 +1,64 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rateLimit = rateLimit;
+const api_js_1 = require("../api.js");
+const RATE_LIMIT_WINDOW_SECONDS = 10;
+async function rateLimit(args) {
+    const { authzResult, serviceConfig, redis, sampleRate = 1.0 } = args;
+    const shouldSampleRequest = Math.random() < sampleRate;
+    if (!shouldSampleRequest || !authzResult.authorized) {
+        return {
+            rateLimited: false,
+            requestCount: 0,
+            rateLimit: 0,
+        };
+    }
+    const { apiKeyMeta, accountMeta } = authzResult;
+    const accountId = apiKeyMeta?.accountId || accountMeta?.id;
+    const { serviceScope } = serviceConfig;
+    const limitPerSecond = apiKeyMeta?.rateLimits?.[serviceScope] ??
+        accountMeta?.rateLimits?.[serviceScope];
+    if (!limitPerSecond) {
+        // No rate limit is provided. Assume the request is not rate limited.
+        return {
+            rateLimited: false,
+            requestCount: 0,
+            rateLimit: 0,
+        };
+    }
+    // Gets the 10-second window for the current timestamp.
+    const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) *
+        RATE_LIMIT_WINDOW_SECONDS;
+    const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+    // Increment and get the current request count in this window.
+    const requestCount = await redis.incr(key);
+    if (requestCount === 1) {
+        // For the first increment, set an expiration to clean up this key.
+        await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+    }
+    // Get the limit for this window accounting for the sample rate.
+    const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+    if (requestCount > limitPerWindow) {
+        // Report rate limit hits.
+        if (apiKeyMeta?.id) {
+            await (0, api_js_1.updateRateLimitedAt)(apiKeyMeta.id, serviceConfig);
+        }
+        // Reject requests when they've exceeded 2x the rate limit.
+        if (requestCount > 2 * limitPerWindow) {
+            return {
+                rateLimited: true,
+                requestCount,
+                rateLimit: limitPerWindow,
+                status: 429,
+                errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+                errorCode: "RATE_LIMIT_EXCEEDED",
+            };
+        }
+    }
+    return {
+        rateLimited: false,
+        requestCount,
+        rateLimit: limitPerWindow,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/cjs/core/rateLimit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/rateLimit/index.ts"],"names":[],"mappings":";;AAYA,8BAgFC;AA5FD,sCAAwE;AAIxE,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAQ9B,KAAK,UAAU,SAAS,CAAC,IAU/B;IACC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;IAErE,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC;IACvD,IAAI,CAAC,mBAAmB,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QACpD,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,CAAC;SACb,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IAChD,MAAM,SAAS,GAAG,UAAU,EAAE,SAAS,IAAI,WAAW,EAAE,EAAE,CAAC;IAE3D,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IACvC,MAAM,cAAc,GAClB,UAAU,EAAE,UAAU,EAAE,CAAC,YAAY,CAAC;QACtC,WAAW,EAAE,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;IAE1C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,CAAC;SACb,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,eAAe,GACnB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,GAAG,yBAAyB,CAAC,CAAC;QAC3D,yBAAyB,CAAC;IAC5B,MAAM,GAAG,GAAG,cAAc,YAAY,IAAI,SAAS,IAAI,eAAe,EAAE,CAAC;IAEzE,8DAA8D;IAC9D,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;QACvB,mEAAmE;QACnE,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,MAAM,cAAc,GAClB,cAAc,GAAG,UAAU,GAAG,yBAAyB,CAAC;IAE1D,IAAI,YAAY,GAAG,cAAc,EAAE,CAAC;QAClC,0BAA0B;QAC1B,IAAI,UAAU,EAAE,EAAE,EAAE,CAAC;YACnB,MAAM,IAAA,4BAAmB,EAAC,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;QAC1D,CAAC;QAED,2DAA2D;QAC3D,IAAI,YAAY,GAAG,CAAC,GAAG,cAAc,EAAE,CAAC;YACtC,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,YAAY;gBACZ,SAAS,EAAE,cAAc;gBACzB,MAAM,EAAE,GAAG;gBACX,YAAY,EAAE,wBAAwB,YAAY,kBAAkB,cAAc,sFAAsF;gBACxK,SAAS,EAAE,qBAAqB;aACjC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,KAAK;QAClB,YAAY;QACZ,SAAS,EAAE,cAAc;KAC1B,CAAC;AACJ,CAAC"}

package/dist/cjs/core/rateLimit/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/core/rateLimit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/rateLimit/types.ts"],"names":[],"mappings":""}

package/dist/cjs/core/services.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SERVICES = exports.SERVICE_NAMES = exports.SERVICE_DEFINITIONS = void 0;
+exports.getServiceByName = getServiceByName;
+exports.SERVICE_DEFINITIONS = {
+    storage: {
+        name: "storage",
+        title: "Storage",
+        description: "IPFS Upload and Download",
+        actions: [
+            {
+                name: "read",
+                title: "Download",
+                description: "Download a file from Storage",
+            },
+            {
+                name: "write",
+                title: "Upload",
+                description: "Upload a file to Storage",
+            },
+        ],
+    },
+    rpc: {
+        name: "rpc",
+        title: "RPC",
+        description: "Accelerated RPC Edge",
+        // all actions allowed
+        actions: [],
+    },
+    bundler: {
+        name: "bundler",
+        title: "Account Abstraction",
+        description: "Bundler & Paymaster services",
+        // all actions allowed
+        actions: [],
+    },
+    relayer: {
+        name: "relayer",
+        title: "Gasless Relayer",
+        description: "Enable gasless transactions",
+        // all actions allowed
+        actions: [],
+    },
+    embeddedWallets: {
+        name: "embeddedWallets",
+        title: "In-App Wallets",
+        description: "E-mail and social login wallets for easy web3 onboarding",
+        // all actions allowed
+        actions: [],
+    },
+    pay: {
+        name: "pay",
+        title: "Pay",
+        description: "Pay for a blockchain transaction with any currency",
+        // all actions allowed
+        actions: [],
+    },
+    chainsaw: {
+        name: "chainsaw",
+        title: "Chainsaw",
+        description: "Indexed data for any EVM chain",
+        // all actions allowed
+        actions: [],
+    },
+};
+exports.SERVICE_NAMES = Object.keys(exports.SERVICE_DEFINITIONS);
+exports.SERVICES = Object.values(exports.SERVICE_DEFINITIONS);
+function getServiceByName(name) {
+    return exports.SERVICE_DEFINITIONS[name];
+}
+//# sourceMappingURL=services.js.map

package/dist/cjs/core/services.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"services.js","sourceRoot":"","sources":["../../../src/core/services.ts"],"names":[],"mappings":";;;AA+EA,4CAEC;AAjFY,QAAA,mBAAmB,GAAG;IACjC,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,0BAA0B;QACvC,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,UAAU;gBACjB,WAAW,EAAE,8BAA8B;aAC5C;YACD;gBACE,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,0BAA0B;aACxC;SACF;KACF;IACD,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,sBAAsB;QACnC,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,8BAA8B;QAC3C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,6BAA6B;QAC1C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,eAAe,EAAE;QACf,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,0DAA0D;QACvE,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,oDAAoD;QACjE,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,gCAAgC;QAC7C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;CACO,CAAC;AAEE,QAAA,aAAa,GAAG,MAAM,CAAC,IAAI,CACtC,2BAAmB,CACoB,CAAC;AAE7B,QAAA,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,2BAAmB,CAAC,CAAC;AAa3D,SAAgB,gBAAgB,CAAC,IAAiB;IAChD,OAAO,2BAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC"}

package/dist/cjs/core/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/cjs/core/usage.js

@@ -0,0 +1,93 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.usageEventSchema = void 0;
+const zod_1 = require("zod");
+exports.usageEventSchema = zod_1.z.object({
+    source: zod_1.z.enum([
+        "ecosystemWallets",
+        "embeddedWallets",
+        "rpc",
+        "storage",
+        "bundler",
+        "paymaster",
+        "relayer",
+        "connectWallet",
+        "checkout",
+        "engine",
+        "pay",
+        "rpcV2",
+    ]),
+    action: zod_1.z.string(),
+    /**
+     * The following fields are optional.
+     */
+    accountId: zod_1.z.string().optional(),
+    isClientEvent: zod_1.z.boolean().optional(),
+    apiKeyId: zod_1.z.string().optional(),
+    creatorWalletAddress: zod_1.z.string().optional(),
+    clientId: zod_1.z.string().optional(),
+    walletAddress: zod_1.z.string().optional(),
+    walletType: zod_1.z.string().optional(),
+    chainId: zod_1.z.number().int().positive().optional(),
+    provider: zod_1.z.string().optional(),
+    mimeType: zod_1.z.string().optional(),
+    fileSize: zod_1.z.number().int().nonnegative().optional(),
+    fileCid: zod_1.z.string().optional(),
+    evmMethod: zod_1.z.string().optional(),
+    userOpHash: zod_1.z.string().optional(),
+    gasLimit: zod_1.z.number().nonnegative().optional(),
+    gasPricePerUnit: zod_1.z.string().optional(),
+    transactionFeeUsd: zod_1.z.number().optional(),
+    transactionHash: zod_1.z.string().optional(),
+    sdkName: zod_1.z.string().optional(),
+    sdkVersion: zod_1.z.string().optional(),
+    sdkPlatform: zod_1.z.string().optional(),
+    sdkOS: zod_1.z.string().optional(),
+    productName: zod_1.z.string().optional(),
+    transactionValue: zod_1.z.string().optional(),
+    pathname: zod_1.z.string().optional(),
+    contractAddress: zod_1.z.string().optional(),
+    errorCode: zod_1.z.string().optional(),
+    httpStatusCode: zod_1.z.number().int().nonnegative().optional(),
+    functionName: zod_1.z.string().optional(),
+    extension: zod_1.z.string().optional(),
+    retryCount: zod_1.z.number().int().nonnegative().optional(),
+    policyId: zod_1.z.string().optional(),
+    msSinceQueue: zod_1.z.number().nonnegative().optional(),
+    msSinceSend: zod_1.z.number().nonnegative().optional(),
+    msTotalDuration: zod_1.z.number().nonnegative().optional(),
+    swapId: zod_1.z.string().optional(),
+    tokenAddress: zod_1.z.string().optional(),
+    amountWei: zod_1.z.string().optional(),
+    amountUSDCents: zod_1.z.number().nonnegative().optional(),
+    httpMethod: zod_1.z
+        .enum([
+        "GET",
+        "POST",
+        "PUT",
+        "DELETE",
+        "PATCH",
+        "HEAD",
+        "CONNECT",
+        "OPTIONS",
+        "TRACE",
+    ])
+        .optional(),
+    // Used to identify the ecosystem that the an ecosystem wallet belongs too
+    ecosystemId: zod_1.z.string().optional(),
+    ecosystemPartnerId: zod_1.z.string().optional(),
+    authenticationMethod: zod_1.z.string().optional(),
+    chainName: zod_1.z.string().optional(),
+    tokenSymbol: zod_1.z.string().optional(),
+    dstChainId: zod_1.z.number().optional(),
+    dstTokenAddress: zod_1.z.string().optional(),
+    dstChainName: zod_1.z.string().optional(),
+    dstTokenSymbol: zod_1.z.string().optional(),
+    msLatency: zod_1.z.number().optional(),
+    toAmountUSDCents: zod_1.z.number().optional(),
+    secondaryProvider: zod_1.z.string().optional(),
+    onRampId: zod_1.z.string().optional(),
+    evmRequestParams: zod_1.z.string().optional(),
+    providerIp: zod_1.z.string().optional(),
+});
+//# sourceMappingURL=usage.js.map

package/dist/cjs/core/usage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usage.js","sourceRoot":"","sources":["../../../src/core/usage.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AAEX,QAAA,gBAAgB,GAAG,OAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,OAAC,CAAC,IAAI,CAAC;QACb,kBAAkB;QAClB,iBAAiB;QACjB,KAAK;QACL,SAAS;QACT,SAAS;QACT,WAAW;QACX,SAAS;QACT,eAAe;QACf,UAAU;QACV,QAAQ;QACR,KAAK;QACL,OAAO;KACR,CAAC;IACF,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;IAElB;;OAEG;IAEH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC/C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACnD,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC7C,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACzD,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACrD,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACjD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAChD,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACpD,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACnD,UAAU,EAAE,OAAC;SACV,IAAI,CAAC;QACJ,KAAK;QACL,MAAM;QACN,KAAK;QACL,QAAQ;QACR,OAAO;QACP,MAAM;QACN,SAAS;QACT,SAAS;QACT,OAAO;KACR,CAAC;SACD,QAAQ,EAAE;IACb,0EAA0E;IAC1E,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,kBAAkB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC"}

package/dist/cjs/core/usageLimit/index.js

@@ -0,0 +1,45 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.usageLimit = usageLimit;
+async function usageLimit(authzResult, serviceConfig) {
+    if (!authzResult.authorized) {
+        return {
+            usageLimited: false,
+        };
+    }
+    const { apiKeyMeta, accountMeta } = authzResult;
+    const { limits, usage } = apiKeyMeta || accountMeta || {};
+    const { serviceScope } = serviceConfig;
+    if (!usage ||
+        !(serviceScope in usage) ||
+        !limits ||
+        !(serviceScope in limits)) {
+        // No usage limit is provided. Assume the request is not limited.
+        return {
+            usageLimited: false,
+        };
+    }
+    if (serviceScope === "storage" &&
+        (usage.storage?.sumFileSizeBytes ?? 0) > (limits.storage ?? 0)) {
+        return {
+            usageLimited: true,
+            status: 402,
+            errorMessage: `You've used all of your total usage credits for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+            errorCode: "PAYMENT_METHOD_REQUIRED",
+        };
+    }
+    if (serviceScope === "embeddedWallets" &&
+        (usage.embeddedWallets?.countWalletAddresses ?? 0) >
+            (limits.embeddedWallets ?? 0)) {
+        return {
+            usageLimited: true,
+            status: 402,
+            errorMessage: `You've used all of your total usage credits for Embedded Wallets. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+            errorCode: "PAYMENT_METHOD_REQUIRED",
+        };
+    }
+    return {
+        usageLimited: false,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/cjs/core/usageLimit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/usageLimit/index.ts"],"names":[],"mappings":";;AAIA,gCAsDC;AAtDM,KAAK,UAAU,UAAU,CAC9B,WAAgC,EAChC,aAAgC;IAEhC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QAC5B,OAAO;YACL,YAAY,EAAE,KAAK;SACpB,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IAChD,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,UAAU,IAAI,WAAW,IAAI,EAAE,CAAC;IAC1D,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAEvC,IACE,CAAC,KAAK;QACN,CAAC,CAAC,YAAY,IAAI,KAAK,CAAC;QACxB,CAAC,MAAM;QACP,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,EACzB,CAAC;QACD,iEAAiE;QACjE,OAAO;YACL,YAAY,EAAE,KAAK;SACpB,CAAC;IACJ,CAAC;IAED,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,KAAK,CAAC,OAAO,EAAE,gBAAgB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,EAC9D,CAAC;QACD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,qJAAqJ;YACnK,SAAS,EAAE,yBAAyB;SACrC,CAAC;IACJ,CAAC;IAED,IACE,YAAY,KAAK,iBAAiB;QAClC,CAAC,KAAK,CAAC,eAAe,EAAE,oBAAoB,IAAI,CAAC,CAAC;YAChD,CAAC,MAAM,CAAC,eAAe,IAAI,CAAC,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,sJAAsJ;YACpK,SAAS,EAAE,yBAAyB;SACrC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/cjs/core/usageLimit/types.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/cjs/core/usageLimit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/usageLimit/types.ts"],"names":[],"mappings":""}

package/dist/cjs/index.js

@@ -0,0 +1,10 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizeDomain = exports.authorizeBundleId = void 0;
+const tslib_1 = require("tslib");
+// Exports the public service definitions.
+tslib_1.__exportStar(require("./core/services.js"), exports);
+var client_js_1 = require("./core/authorize/client.js");
+Object.defineProperty(exports, "authorizeBundleId", { enumerable: true, get: function () { return client_js_1.authorizeBundleId; } });
+Object.defineProperty(exports, "authorizeDomain", { enumerable: true, get: function () { return client_js_1.authorizeDomain; } });
+//# sourceMappingURL=index.js.map

package/dist/cjs/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":";;;;AAAA,0CAA0C;AAC1C,6DAAmC;AAEnC,wDAGoC;AAFlC,8GAAA,iBAAiB,OAAA;AACjB,4GAAA,eAAe,OAAA"}

package/dist/cjs/mocks.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.validBundlerServiceConfig = exports.validServiceConfig = exports.validApiKeyMeta = void 0;
+exports.validApiKeyMeta = {
+    id: "1",
+    key: "your-api-key",
+    creatorWalletAddress: "creator-address",
+    secretHash: "secret-hash",
+    walletAddresses: [],
+    domains: ["example.com", "*.example.com"],
+    bundleIds: [],
+    redirectUrls: [],
+    accountId: "test-account-id",
+    accountStatus: "noCustomer",
+    accountPlan: "free",
+    services: [
+        {
+            name: "storage",
+            targetAddresses: ["target1", "target2"],
+            actions: ["action1", "action2"],
+        },
+        {
+            name: "service2",
+            targetAddresses: ["target3"],
+            actions: ["action3"],
+        },
+        {
+            name: "bundler",
+            targetAddresses: ["*"],
+            actions: ["action3"],
+        },
+    ],
+    limits: {
+        storage: 100,
+    },
+    rateLimits: {
+        rpc: 25,
+    },
+};
+exports.validServiceConfig = {
+    apiUrl: "https://api.example.com",
+    serviceScope: "storage",
+    serviceApiKey: "service-api-key",
+    serviceAction: "action1",
+    enforceAuth: true,
+};
+exports.validBundlerServiceConfig = {
+    apiUrl: "https://api.example.com",
+    serviceScope: "bundler",
+    serviceApiKey: "service-api-key",
+    enforceAuth: true,
+};
+//# sourceMappingURL=mocks.js.map

package/dist/cjs/mocks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mocks.js","sourceRoot":"","sources":["../../src/mocks.ts"],"names":[],"mappings":";;;AAEa,QAAA,eAAe,GAAmB;IAC7C,EAAE,EAAE,GAAG;IACP,GAAG,EAAE,cAAc;IACnB,oBAAoB,EAAE,iBAAiB;IACvC,UAAU,EAAE,aAAa;IACzB,eAAe,EAAE,EAAE;IACnB,OAAO,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;IACzC,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,SAAS,EAAE,iBAAiB;IAC5B,aAAa,EAAE,YAAY;IAC3B,WAAW,EAAE,MAAM;IACnB,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,SAAS;YACf,eAAe,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;YACvC,OAAO,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;SAChC;QACD;YACE,IAAI,EAAE,UAAU;YAChB,eAAe,EAAE,CAAC,SAAS,CAAC;YAC5B,OAAO,EAAE,CAAC,SAAS,CAAC;SACrB;QACD;YACE,IAAI,EAAE,SAAS;YACf,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,OAAO,EAAE,CAAC,SAAS,CAAC;SACrB;KACF;IACD,MAAM,EAAE;QACN,OAAO,EAAE,GAAG;KACb;IACD,UAAU,EAAE;QACV,GAAG,EAAE,EAAE;KACR;CACF,CAAC;AAEW,QAAA,kBAAkB,GAAsB;IACnD,MAAM,EAAE,yBAAyB;IACjC,YAAY,EAAE,SAAS;IACvB,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,SAAS;IACxB,WAAW,EAAE,IAAI;CAClB,CAAC;AAEW,QAAA,yBAAyB,GAAsB;IAC1D,MAAM,EAAE,yBAAyB;IACjC,YAAY,EAAE,SAAS;IACvB,aAAa,EAAE,iBAAiB;IAChC,WAAW,EAAE,IAAI;CAClB,CAAC"}

package/dist/cjs/node/index.js

@@ -0,0 +1,173 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorizeNode = authorizeNode;
+exports.extractAuthorizationData = extractAuthorizationData;
+exports.hashSecretKey = hashSecretKey;
+exports.deriveClientIdFromSecretKeyHash = deriveClientIdFromSecretKeyHash;
+exports.logHttpRequest = logHttpRequest;
+const tslib_1 = require("tslib");
+const node_crypto_1 = require("node:crypto");
+const index_js_1 = require("../core/authorize/index.js");
+tslib_1.__exportStar(require("../core/usage.js"), exports);
+tslib_1.__exportStar(require("../core/rateLimit/index.js"), exports);
+tslib_1.__exportStar(require("../core/services.js"), exports);
+tslib_1.__exportStar(require("../core/usageLimit/index.js"), exports);
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
+async function authorizeNode(authInput, serviceConfig) {
+    let authData;
+    try {
+        authData = extractAuthorizationData(authInput);
+    }
+    catch (e) {
+        if (e instanceof Error && e.message === "KEY_CONFLICT") {
+            return {
+                authorized: false,
+                status: 400,
+                errorMessage: "Please pass either a client id or a secret key.",
+                errorCode: "KEY_CONFLICT",
+            };
+        }
+        return {
+            authorized: false,
+            status: 500,
+            errorMessage: "Internal Server Error",
+            errorCode: "INTERNAL_SERVER_ERROR",
+        };
+    }
+    return await (0, index_js_1.authorize)(authData, serviceConfig);
+}
+function getHeader(headers, headerName) {
+    const header = headers[headerName];
+    if (Array.isArray(header)) {
+        return header?.[0] ?? null;
+    }
+    return header ?? null;
+}
+function extractAuthorizationData(authInput) {
+    let requestUrl;
+    try {
+        requestUrl = new URL(authInput.req.url || "", `http://${authInput.req.headers.host}`);
+    }
+    catch (error) {
+        console.log("** Node URL Error **", error);
+        throw error;
+    }
+    const headers = authInput.req.headers;
+    const secretKey = getHeader(headers, "x-secret-key");
+    // prefer clientId that is explicitly passed in
+    let clientId = authInput.clientId ?? null;
+    if (!clientId) {
+        // next preference is clientId from header
+        clientId = getHeader(headers, "x-client-id");
+    }
+    // next preference is search param
+    if (!clientId) {
+        clientId = requestUrl.searchParams.get("clientId");
+    }
+    // bundle id from header is first preference
+    let bundleId = getHeader(headers, "x-bundle-id");
+    // next preference is search param
+    if (!bundleId) {
+        bundleId = requestUrl.searchParams.get("bundleId");
+    }
+    let origin = getHeader(headers, "origin");
+    // if origin header is not available we'll fall back to referrer;
+    if (!origin) {
+        origin = getHeader(headers, "referer");
+    }
+    // if we have an origin at this point, normalize it
+    if (origin) {
+        try {
+            origin = new URL(origin).host;
+        }
+        catch (e) {
+            console.warn("failed to parse origin", origin, e);
+        }
+    }
+    // handle if we a secret key is passed in the headers
+    let secretKeyHash = null;
+    if (secretKey) {
+        // hash the secret key
+        secretKeyHash = hashSecretKey(secretKey);
+        // derive the client id from the secret key hash
+        const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
+        // if we already have a client id passed in we need to make sure they match
+        if (clientId && clientId !== derivedClientId) {
+            throw new Error("KEY_CONFLICT");
+        }
+        // otherwise set the client id to the derived client id (client id based off of secret key)
+        clientId = derivedClientId;
+    }
+    let jwt = null;
+    let useWalletAuth = null;
+    // check for authorization header on the request
+    const authorizationHeader = getHeader(headers, "authorization");
+    if (authorizationHeader) {
+        const [type, token] = authorizationHeader.split(" ");
+        if (type?.toLowerCase() === "bearer" && !!token) {
+            jwt = token;
+            const walletAuthHeader = getHeader(headers, "x-authorize-wallet");
+            // IK a stringified boolean is not ideal, but it's required to pass it in the headers.
+            if (walletAuthHeader?.toLowerCase() === "true") {
+                useWalletAuth = walletAuthHeader;
+            }
+        }
+    }
+    return {
+        jwt,
+        hashedJWT: jwt ? hashSecretKey(jwt) : null,
+        secretKeyHash,
+        secretKey,
+        clientId,
+        origin,
+        bundleId,
+        targetAddress: authInput.targetAddress,
+        useWalletAuth,
+    };
+}
+function hashSecretKey(secretKey) {
+    return (0, node_crypto_1.createHash)("sha256").update(secretKey).digest("hex");
+}
+function deriveClientIdFromSecretKeyHash(secretKeyHash) {
+    return secretKeyHash.slice(0, 32);
+}
+function logHttpRequest({ clientId, req, res, isAuthed, statusMessage, latencyMs, }) {
+    try {
+        const authorizationData = extractAuthorizationData({ req, clientId });
+        const headers = req.headers;
+        console.log(JSON.stringify({
+            method: req.method,
+            pathname: req.url,
+            hasSecretKey: !!authorizationData.secretKey,
+            hasClientId: !!authorizationData.clientId,
+            hasJwt: !!authorizationData.jwt,
+            clientId: authorizationData.clientId,
+            isAuthed,
+            status: res.statusCode,
+            statusMessage,
+            sdkName: headers["x-sdk-name"] ?? undefined,
+            sdkVersion: headers["x-sdk-version"] ?? undefined,
+            platform: headers["x-sdk-platform"] ?? undefined,
+            os: headers["x-sdk-os"] ?? undefined,
+            latencyMs,
+        }));
+    }
+    catch { }
+}
+//# sourceMappingURL=index.js.map