@thirdweb-dev/service-utils 0.4.38 → 0.4.39

package/dist/esm/core/authorize/service.js

@@ -0,0 +1,55 @@
+export function authorizeService(apiKeyMetadata, serviceConfig, authorizationPayload) {
+    const { services } = apiKeyMetadata;
+    // validate services
+    const service = services.find((srv) => srv.name === serviceConfig.serviceScope);
+    if (!service) {
+        return {
+            authorized: false,
+            errorMessage: `Invalid request: Unauthorized service: ${serviceConfig.serviceScope}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+            errorCode: "SERVICE_UNAUTHORIZED",
+            status: 403,
+        };
+    }
+    // validate service actions
+    if (serviceConfig.serviceAction) {
+        const isActionAllowed = service.actions.includes(serviceConfig.serviceAction);
+        if (!isActionAllowed) {
+            return {
+                authorized: false,
+                errorMessage: `Invalid request: Unauthorized action: ${serviceConfig.serviceScope} ${serviceConfig.serviceAction}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+                errorCode: "SERVICE_ACTION_UNAUTHORIZED",
+                status: 403,
+            };
+        }
+    }
+    // validate service target addresses
+    // the service has to pass in the target address for this to be validated
+    if (authorizationPayload?.targetAddress) {
+        const checkedAddresses = Array.isArray(authorizationPayload.targetAddress)
+            ? authorizationPayload.targetAddress
+            : [authorizationPayload.targetAddress];
+        const allAllowed = service.targetAddresses.includes("*");
+        if (!allAllowed &&
+            checkedAddresses.some((ta) => !service.targetAddresses.includes(ta))) {
+            return {
+                authorized: false,
+                errorMessage: `Invalid request: Unauthorized address: ${serviceConfig.serviceScope} ${checkedAddresses}. You can view the restrictions on this API key in your dashboard:  https://thirdweb.com/create-api-key`,
+                errorCode: "SERVICE_TARGET_ADDRESS_UNAUTHORIZED",
+                status: 403,
+            };
+        }
+    }
+    return {
+        authorized: true,
+        apiKeyMeta: apiKeyMetadata,
+        accountMeta: {
+            id: apiKeyMetadata.accountId,
+            name: "",
+            creatorWalletAddress: apiKeyMetadata.creatorWalletAddress,
+            limits: apiKeyMetadata.limits,
+            rateLimits: apiKeyMetadata.rateLimits,
+            usage: apiKeyMetadata.usage,
+        },
+    };
+}
+//# sourceMappingURL=service.js.map

package/dist/esm/core/authorize/service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"service.js","sourceRoot":"","sources":["../../../../src/core/authorize/service.ts"],"names":[],"mappings":"AAKA,MAAM,UAAU,gBAAgB,CAC9B,cAA8B,EAC9B,aAAgC,EAChC,oBAAkD;IAElD,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;IACpC,oBAAoB;IACpB,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAC3B,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,aAAa,CAAC,YAAY,CACjD,CAAC;IACF,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,YAAY,EAAE,0CAA0C,aAAa,CAAC,YAAY,yGAAyG;YAC3L,SAAS,EAAE,sBAAsB;YACjC,MAAM,EAAE,GAAG;SACZ,CAAC;IACJ,CAAC;IAED,2BAA2B;IAC3B,IAAI,aAAa,CAAC,aAAa,EAAE,CAAC;QAChC,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,CAAC,QAAQ,CAC9C,aAAa,CAAC,aAAa,CAC5B,CAAC;QACF,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,YAAY,EAAE,yCAAyC,aAAa,CAAC,YAAY,IAAI,aAAa,CAAC,aAAa,yGAAyG;gBACzN,SAAS,EAAE,6BAA6B;gBACxC,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,yEAAyE;IACzE,IAAI,oBAAoB,EAAE,aAAa,EAAE,CAAC;QACxC,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,oBAAoB,CAAC,aAAa,CAAC;YACxE,CAAC,CAAC,oBAAoB,CAAC,aAAa;YACpC,CAAC,CAAC,CAAC,oBAAoB,CAAC,aAAa,CAAC,CAAC;QAEzC,MAAM,UAAU,GAAG,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAEzD,IACE,CAAC,UAAU;YACX,gBAAgB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,eAAe,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,EACpE,CAAC;YACD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,YAAY,EAAE,0CAA0C,aAAa,CAAC,YAAY,IAAI,gBAAgB,yGAAyG;gBAC/M,SAAS,EAAE,qCAAqC;gBAChD,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,cAAc;QAC1B,WAAW,EAAE;YACX,EAAE,EAAE,cAAc,CAAC,SAAS;YAC5B,IAAI,EAAE,EAAE;YACR,oBAAoB,EAAE,cAAc,CAAC,oBAAoB;YACzD,MAAM,EAAE,cAAc,CAAC,MAAM;YAC7B,UAAU,EAAE,cAAc,CAAC,UAAU;YACrC,KAAK,EAAE,cAAc,CAAC,KAAK;SAC5B;KACF,CAAC;AACJ,CAAC"}

package/dist/esm/core/authorize/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/core/authorize/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/authorize/types.ts"],"names":[],"mappings":""}

package/dist/esm/core/rateLimit/index.js

@@ -0,0 +1,61 @@
+import { updateRateLimitedAt } from "../api.js";
+const RATE_LIMIT_WINDOW_SECONDS = 10;
+export async function rateLimit(args) {
+    const { authzResult, serviceConfig, redis, sampleRate = 1.0 } = args;
+    const shouldSampleRequest = Math.random() < sampleRate;
+    if (!shouldSampleRequest || !authzResult.authorized) {
+        return {
+            rateLimited: false,
+            requestCount: 0,
+            rateLimit: 0,
+        };
+    }
+    const { apiKeyMeta, accountMeta } = authzResult;
+    const accountId = apiKeyMeta?.accountId || accountMeta?.id;
+    const { serviceScope } = serviceConfig;
+    const limitPerSecond = apiKeyMeta?.rateLimits?.[serviceScope] ??
+        accountMeta?.rateLimits?.[serviceScope];
+    if (!limitPerSecond) {
+        // No rate limit is provided. Assume the request is not rate limited.
+        return {
+            rateLimited: false,
+            requestCount: 0,
+            rateLimit: 0,
+        };
+    }
+    // Gets the 10-second window for the current timestamp.
+    const timestampWindow = Math.floor(Date.now() / (1000 * RATE_LIMIT_WINDOW_SECONDS)) *
+        RATE_LIMIT_WINDOW_SECONDS;
+    const key = `rate-limit:${serviceScope}:${accountId}:${timestampWindow}`;
+    // Increment and get the current request count in this window.
+    const requestCount = await redis.incr(key);
+    if (requestCount === 1) {
+        // For the first increment, set an expiration to clean up this key.
+        await redis.expire(key, RATE_LIMIT_WINDOW_SECONDS);
+    }
+    // Get the limit for this window accounting for the sample rate.
+    const limitPerWindow = limitPerSecond * sampleRate * RATE_LIMIT_WINDOW_SECONDS;
+    if (requestCount > limitPerWindow) {
+        // Report rate limit hits.
+        if (apiKeyMeta?.id) {
+            await updateRateLimitedAt(apiKeyMeta.id, serviceConfig);
+        }
+        // Reject requests when they've exceeded 2x the rate limit.
+        if (requestCount > 2 * limitPerWindow) {
+            return {
+                rateLimited: true,
+                requestCount,
+                rateLimit: limitPerWindow,
+                status: 429,
+                errorMessage: `You've exceeded your ${serviceScope} rate limit at ${limitPerSecond} reqs/sec. To get higher rate limits, contact us at https://thirdweb.com/contact-us.`,
+                errorCode: "RATE_LIMIT_EXCEEDED",
+            };
+        }
+    }
+    return {
+        rateLimited: false,
+        requestCount,
+        rateLimit: limitPerWindow,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/esm/core/rateLimit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/rateLimit/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAA0B,mBAAmB,EAAE,MAAM,WAAW,CAAC;AAIxE,MAAM,yBAAyB,GAAG,EAAE,CAAC;AAQrC,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAU/B;IACC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,KAAK,EAAE,UAAU,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;IAErE,MAAM,mBAAmB,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,UAAU,CAAC;IACvD,IAAI,CAAC,mBAAmB,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QACpD,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,CAAC;SACb,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IAChD,MAAM,SAAS,GAAG,UAAU,EAAE,SAAS,IAAI,WAAW,EAAE,EAAE,CAAC;IAE3D,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IACvC,MAAM,cAAc,GAClB,UAAU,EAAE,UAAU,EAAE,CAAC,YAAY,CAAC;QACtC,WAAW,EAAE,UAAU,EAAE,CAAC,YAAY,CAAC,CAAC;IAE1C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,qEAAqE;QACrE,OAAO;YACL,WAAW,EAAE,KAAK;YAClB,YAAY,EAAE,CAAC;YACf,SAAS,EAAE,CAAC;SACb,CAAC;IACJ,CAAC;IAED,uDAAuD;IACvD,MAAM,eAAe,GACnB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,GAAG,yBAAyB,CAAC,CAAC;QAC3D,yBAAyB,CAAC;IAC5B,MAAM,GAAG,GAAG,cAAc,YAAY,IAAI,SAAS,IAAI,eAAe,EAAE,CAAC;IAEzE,8DAA8D;IAC9D,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC3C,IAAI,YAAY,KAAK,CAAC,EAAE,CAAC;QACvB,mEAAmE;QACnE,MAAM,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IACrD,CAAC;IAED,gEAAgE;IAChE,MAAM,cAAc,GAClB,cAAc,GAAG,UAAU,GAAG,yBAAyB,CAAC;IAE1D,IAAI,YAAY,GAAG,cAAc,EAAE,CAAC;QAClC,0BAA0B;QAC1B,IAAI,UAAU,EAAE,EAAE,EAAE,CAAC;YACnB,MAAM,mBAAmB,CAAC,UAAU,CAAC,EAAE,EAAE,aAAa,CAAC,CAAC;QAC1D,CAAC;QAED,2DAA2D;QAC3D,IAAI,YAAY,GAAG,CAAC,GAAG,cAAc,EAAE,CAAC;YACtC,OAAO;gBACL,WAAW,EAAE,IAAI;gBACjB,YAAY;gBACZ,SAAS,EAAE,cAAc;gBACzB,MAAM,EAAE,GAAG;gBACX,YAAY,EAAE,wBAAwB,YAAY,kBAAkB,cAAc,sFAAsF;gBACxK,SAAS,EAAE,qBAAqB;aACjC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,WAAW,EAAE,KAAK;QAClB,YAAY;QACZ,SAAS,EAAE,cAAc;KAC1B,CAAC;AACJ,CAAC"}

package/dist/esm/core/rateLimit/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/core/rateLimit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/rateLimit/types.ts"],"names":[],"mappings":""}

package/dist/esm/core/services.js

@@ -0,0 +1,67 @@
+export const SERVICE_DEFINITIONS = {
+    storage: {
+        name: "storage",
+        title: "Storage",
+        description: "IPFS Upload and Download",
+        actions: [
+            {
+                name: "read",
+                title: "Download",
+                description: "Download a file from Storage",
+            },
+            {
+                name: "write",
+                title: "Upload",
+                description: "Upload a file to Storage",
+            },
+        ],
+    },
+    rpc: {
+        name: "rpc",
+        title: "RPC",
+        description: "Accelerated RPC Edge",
+        // all actions allowed
+        actions: [],
+    },
+    bundler: {
+        name: "bundler",
+        title: "Account Abstraction",
+        description: "Bundler & Paymaster services",
+        // all actions allowed
+        actions: [],
+    },
+    relayer: {
+        name: "relayer",
+        title: "Gasless Relayer",
+        description: "Enable gasless transactions",
+        // all actions allowed
+        actions: [],
+    },
+    embeddedWallets: {
+        name: "embeddedWallets",
+        title: "In-App Wallets",
+        description: "E-mail and social login wallets for easy web3 onboarding",
+        // all actions allowed
+        actions: [],
+    },
+    pay: {
+        name: "pay",
+        title: "Pay",
+        description: "Pay for a blockchain transaction with any currency",
+        // all actions allowed
+        actions: [],
+    },
+    chainsaw: {
+        name: "chainsaw",
+        title: "Chainsaw",
+        description: "Indexed data for any EVM chain",
+        // all actions allowed
+        actions: [],
+    },
+};
+export const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
+export const SERVICES = Object.values(SERVICE_DEFINITIONS);
+export function getServiceByName(name) {
+    return SERVICE_DEFINITIONS[name];
+}
+//# sourceMappingURL=services.js.map

package/dist/esm/core/services.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"services.js","sourceRoot":"","sources":["../../../src/core/services.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,mBAAmB,GAAG;IACjC,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,SAAS;QAChB,WAAW,EAAE,0BAA0B;QACvC,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,KAAK,EAAE,UAAU;gBACjB,WAAW,EAAE,8BAA8B;aAC5C;YACD;gBACE,IAAI,EAAE,OAAO;gBACb,KAAK,EAAE,QAAQ;gBACf,WAAW,EAAE,0BAA0B;aACxC;SACF;KACF;IACD,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,sBAAsB;QACnC,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,qBAAqB;QAC5B,WAAW,EAAE,8BAA8B;QAC3C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,OAAO,EAAE;QACP,IAAI,EAAE,SAAS;QACf,KAAK,EAAE,iBAAiB;QACxB,WAAW,EAAE,6BAA6B;QAC1C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,eAAe,EAAE;QACf,IAAI,EAAE,iBAAiB;QACvB,KAAK,EAAE,gBAAgB;QACvB,WAAW,EAAE,0DAA0D;QACvE,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,GAAG,EAAE;QACH,IAAI,EAAE,KAAK;QACX,KAAK,EAAE,KAAK;QACZ,WAAW,EAAE,oDAAoD;QACjE,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;IACD,QAAQ,EAAE;QACR,IAAI,EAAE,UAAU;QAChB,KAAK,EAAE,UAAU;QACjB,WAAW,EAAE,gCAAgC;QAC7C,sBAAsB;QACtB,OAAO,EAAE,EAAE;KACZ;CACO,CAAC;AAEX,MAAM,CAAC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CACtC,mBAAmB,CACoB,CAAC;AAE1C,MAAM,CAAC,MAAM,QAAQ,GAAG,MAAM,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAa3D,MAAM,UAAU,gBAAgB,CAAC,IAAiB;IAChD,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;AACnC,CAAC"}

package/dist/esm/core/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/esm/core/usage.js

@@ -0,0 +1,90 @@
+import { z } from "zod";
+export const usageEventSchema = z.object({
+    source: z.enum([
+        "ecosystemWallets",
+        "embeddedWallets",
+        "rpc",
+        "storage",
+        "bundler",
+        "paymaster",
+        "relayer",
+        "connectWallet",
+        "checkout",
+        "engine",
+        "pay",
+        "rpcV2",
+    ]),
+    action: z.string(),
+    /**
+     * The following fields are optional.
+     */
+    accountId: z.string().optional(),
+    isClientEvent: z.boolean().optional(),
+    apiKeyId: z.string().optional(),
+    creatorWalletAddress: z.string().optional(),
+    clientId: z.string().optional(),
+    walletAddress: z.string().optional(),
+    walletType: z.string().optional(),
+    chainId: z.number().int().positive().optional(),
+    provider: z.string().optional(),
+    mimeType: z.string().optional(),
+    fileSize: z.number().int().nonnegative().optional(),
+    fileCid: z.string().optional(),
+    evmMethod: z.string().optional(),
+    userOpHash: z.string().optional(),
+    gasLimit: z.number().nonnegative().optional(),
+    gasPricePerUnit: z.string().optional(),
+    transactionFeeUsd: z.number().optional(),
+    transactionHash: z.string().optional(),
+    sdkName: z.string().optional(),
+    sdkVersion: z.string().optional(),
+    sdkPlatform: z.string().optional(),
+    sdkOS: z.string().optional(),
+    productName: z.string().optional(),
+    transactionValue: z.string().optional(),
+    pathname: z.string().optional(),
+    contractAddress: z.string().optional(),
+    errorCode: z.string().optional(),
+    httpStatusCode: z.number().int().nonnegative().optional(),
+    functionName: z.string().optional(),
+    extension: z.string().optional(),
+    retryCount: z.number().int().nonnegative().optional(),
+    policyId: z.string().optional(),
+    msSinceQueue: z.number().nonnegative().optional(),
+    msSinceSend: z.number().nonnegative().optional(),
+    msTotalDuration: z.number().nonnegative().optional(),
+    swapId: z.string().optional(),
+    tokenAddress: z.string().optional(),
+    amountWei: z.string().optional(),
+    amountUSDCents: z.number().nonnegative().optional(),
+    httpMethod: z
+        .enum([
+        "GET",
+        "POST",
+        "PUT",
+        "DELETE",
+        "PATCH",
+        "HEAD",
+        "CONNECT",
+        "OPTIONS",
+        "TRACE",
+    ])
+        .optional(),
+    // Used to identify the ecosystem that the an ecosystem wallet belongs too
+    ecosystemId: z.string().optional(),
+    ecosystemPartnerId: z.string().optional(),
+    authenticationMethod: z.string().optional(),
+    chainName: z.string().optional(),
+    tokenSymbol: z.string().optional(),
+    dstChainId: z.number().optional(),
+    dstTokenAddress: z.string().optional(),
+    dstChainName: z.string().optional(),
+    dstTokenSymbol: z.string().optional(),
+    msLatency: z.number().optional(),
+    toAmountUSDCents: z.number().optional(),
+    secondaryProvider: z.string().optional(),
+    onRampId: z.string().optional(),
+    evmRequestParams: z.string().optional(),
+    providerIp: z.string().optional(),
+});
+//# sourceMappingURL=usage.js.map

package/dist/esm/core/usage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"usage.js","sourceRoot":"","sources":["../../../src/core/usage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC;QACb,kBAAkB;QAClB,iBAAiB;QACjB,KAAK;QACL,SAAS;QACT,SAAS;QACT,WAAW;QACX,SAAS;QACT,eAAe;QACf,UAAU;QACV,QAAQ;QACR,KAAK;QACL,OAAO;KACR,CAAC;IACF,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAElB;;OAEG;IAEH,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IAC/C,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACnD,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAC7C,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACzD,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACrD,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACjD,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IAChD,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACpD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACnD,UAAU,EAAE,CAAC;SACV,IAAI,CAAC;QACJ,KAAK;QACL,MAAM;QACN,KAAK;QACL,QAAQ;QACR,OAAO;QACP,MAAM;QACN,SAAS;QACT,SAAS;QACT,OAAO;KACR,CAAC;SACD,QAAQ,EAAE;IACb,0EAA0E;IAC1E,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,kBAAkB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACzC,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,eAAe,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,iBAAiB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,QAAQ,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACvC,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAClC,CAAC,CAAC"}

package/dist/esm/core/usageLimit/index.js

@@ -0,0 +1,42 @@
+export async function usageLimit(authzResult, serviceConfig) {
+    if (!authzResult.authorized) {
+        return {
+            usageLimited: false,
+        };
+    }
+    const { apiKeyMeta, accountMeta } = authzResult;
+    const { limits, usage } = apiKeyMeta || accountMeta || {};
+    const { serviceScope } = serviceConfig;
+    if (!usage ||
+        !(serviceScope in usage) ||
+        !limits ||
+        !(serviceScope in limits)) {
+        // No usage limit is provided. Assume the request is not limited.
+        return {
+            usageLimited: false,
+        };
+    }
+    if (serviceScope === "storage" &&
+        (usage.storage?.sumFileSizeBytes ?? 0) > (limits.storage ?? 0)) {
+        return {
+            usageLimited: true,
+            status: 402,
+            errorMessage: `You've used all of your total usage credits for Storage Pinning. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+            errorCode: "PAYMENT_METHOD_REQUIRED",
+        };
+    }
+    if (serviceScope === "embeddedWallets" &&
+        (usage.embeddedWallets?.countWalletAddresses ?? 0) >
+            (limits.embeddedWallets ?? 0)) {
+        return {
+            usageLimited: true,
+            status: 402,
+            errorMessage: `You've used all of your total usage credits for Embedded Wallets. Please add your payment method at https://thirdweb.com/dashboard/settings/billing.`,
+            errorCode: "PAYMENT_METHOD_REQUIRED",
+        };
+    }
+    return {
+        usageLimited: false,
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/esm/core/usageLimit/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/core/usageLimit/index.ts"],"names":[],"mappings":"AAIA,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,WAAgC,EAChC,aAAgC;IAEhC,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,CAAC;QAC5B,OAAO;YACL,YAAY,EAAE,KAAK;SACpB,CAAC;IACJ,CAAC;IAED,MAAM,EAAE,UAAU,EAAE,WAAW,EAAE,GAAG,WAAW,CAAC;IAChD,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,UAAU,IAAI,WAAW,IAAI,EAAE,CAAC;IAC1D,MAAM,EAAE,YAAY,EAAE,GAAG,aAAa,CAAC;IAEvC,IACE,CAAC,KAAK;QACN,CAAC,CAAC,YAAY,IAAI,KAAK,CAAC;QACxB,CAAC,MAAM;QACP,CAAC,CAAC,YAAY,IAAI,MAAM,CAAC,EACzB,CAAC;QACD,iEAAiE;QACjE,OAAO;YACL,YAAY,EAAE,KAAK;SACpB,CAAC;IACJ,CAAC;IAED,IACE,YAAY,KAAK,SAAS;QAC1B,CAAC,KAAK,CAAC,OAAO,EAAE,gBAAgB,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,CAAC,EAC9D,CAAC;QACD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,qJAAqJ;YACnK,SAAS,EAAE,yBAAyB;SACrC,CAAC;IACJ,CAAC;IAED,IACE,YAAY,KAAK,iBAAiB;QAClC,CAAC,KAAK,CAAC,eAAe,EAAE,oBAAoB,IAAI,CAAC,CAAC;YAChD,CAAC,MAAM,CAAC,eAAe,IAAI,CAAC,CAAC,EAC/B,CAAC;QACD,OAAO;YACL,YAAY,EAAE,IAAI;YAClB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,sJAAsJ;YACpK,SAAS,EAAE,yBAAyB;SACrC,CAAC;IACJ,CAAC;IAED,OAAO;QACL,YAAY,EAAE,KAAK;KACpB,CAAC;AACJ,CAAC"}

package/dist/esm/core/usageLimit/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/esm/core/usageLimit/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/core/usageLimit/types.ts"],"names":[],"mappings":""}

package/dist/esm/index.js

@@ -0,0 +1,4 @@
+// Exports the public service definitions.
+export * from "./core/services.js";
+export { authorizeBundleId, authorizeDomain, } from "./core/authorize/client.js";
+//# sourceMappingURL=index.js.map

package/dist/esm/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,0CAA0C;AAC1C,cAAc,oBAAoB,CAAC;AAEnC,OAAO,EACL,iBAAiB,EACjB,eAAe,GAChB,MAAM,4BAA4B,CAAC"}

package/dist/esm/mocks.js

@@ -0,0 +1,50 @@
+export const validApiKeyMeta = {
+    id: "1",
+    key: "your-api-key",
+    creatorWalletAddress: "creator-address",
+    secretHash: "secret-hash",
+    walletAddresses: [],
+    domains: ["example.com", "*.example.com"],
+    bundleIds: [],
+    redirectUrls: [],
+    accountId: "test-account-id",
+    accountStatus: "noCustomer",
+    accountPlan: "free",
+    services: [
+        {
+            name: "storage",
+            targetAddresses: ["target1", "target2"],
+            actions: ["action1", "action2"],
+        },
+        {
+            name: "service2",
+            targetAddresses: ["target3"],
+            actions: ["action3"],
+        },
+        {
+            name: "bundler",
+            targetAddresses: ["*"],
+            actions: ["action3"],
+        },
+    ],
+    limits: {
+        storage: 100,
+    },
+    rateLimits: {
+        rpc: 25,
+    },
+};
+export const validServiceConfig = {
+    apiUrl: "https://api.example.com",
+    serviceScope: "storage",
+    serviceApiKey: "service-api-key",
+    serviceAction: "action1",
+    enforceAuth: true,
+};
+export const validBundlerServiceConfig = {
+    apiUrl: "https://api.example.com",
+    serviceScope: "bundler",
+    serviceApiKey: "service-api-key",
+    enforceAuth: true,
+};
+//# sourceMappingURL=mocks.js.map

package/dist/esm/mocks.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mocks.js","sourceRoot":"","sources":["../../src/mocks.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAmB;IAC7C,EAAE,EAAE,GAAG;IACP,GAAG,EAAE,cAAc;IACnB,oBAAoB,EAAE,iBAAiB;IACvC,UAAU,EAAE,aAAa;IACzB,eAAe,EAAE,EAAE;IACnB,OAAO,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC;IACzC,SAAS,EAAE,EAAE;IACb,YAAY,EAAE,EAAE;IAChB,SAAS,EAAE,iBAAiB;IAC5B,aAAa,EAAE,YAAY;IAC3B,WAAW,EAAE,MAAM;IACnB,QAAQ,EAAE;QACR;YACE,IAAI,EAAE,SAAS;YACf,eAAe,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;YACvC,OAAO,EAAE,CAAC,SAAS,EAAE,SAAS,CAAC;SAChC;QACD;YACE,IAAI,EAAE,UAAU;YAChB,eAAe,EAAE,CAAC,SAAS,CAAC;YAC5B,OAAO,EAAE,CAAC,SAAS,CAAC;SACrB;QACD;YACE,IAAI,EAAE,SAAS;YACf,eAAe,EAAE,CAAC,GAAG,CAAC;YACtB,OAAO,EAAE,CAAC,SAAS,CAAC;SACrB;KACF;IACD,MAAM,EAAE;QACN,OAAO,EAAE,GAAG;KACb;IACD,UAAU,EAAE;QACV,GAAG,EAAE,EAAE;KACR;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,kBAAkB,GAAsB;IACnD,MAAM,EAAE,yBAAyB;IACjC,YAAY,EAAE,SAAS;IACvB,aAAa,EAAE,iBAAiB;IAChC,aAAa,EAAE,SAAS;IACxB,WAAW,EAAE,IAAI;CAClB,CAAC;AAEF,MAAM,CAAC,MAAM,yBAAyB,GAAsB;IAC1D,MAAM,EAAE,yBAAyB;IACjC,YAAY,EAAE,SAAS;IACvB,aAAa,EAAE,iBAAiB;IAChC,WAAW,EAAE,IAAI;CAClB,CAAC"}

package/dist/esm/node/index.js

@@ -0,0 +1,165 @@
+import { createHash } from "node:crypto";
+import { authorize } from "../core/authorize/index.js";
+export * from "../core/usage.js";
+export * from "../core/rateLimit/index.js";
+export * from "../core/services.js";
+export * from "../core/usageLimit/index.js";
+/**
+ *
+ * @param {AuthInput['req']} authInput.req - The incoming request from which information will be pulled from. These information includes (checks are in order and terminates on first match):
+ * - clientId: Checks header `x-client-id`, search param `clientId`
+ * - bundleId: Checks header `x-bundle-id`, search param `bundleId`
+ * - secretKey: Checks header `x-secret-key`
+ * - origin (the requesting domain): Checks header `origin`, `referer`
+ * @param {AuthInput['clientId']} authInput.clientId - Overrides any clientId found on the `req` object
+ * @param {AuthInput['targetAddress']} authInput.targetAddress - Only used in smart wallets to determine if the request is authorized to interact with the target address.
+ * @param {NodeServiceConfig['enforceAuth']} serviceConfig - Always `true` unless you need to turn auth off. Tells the service whether or not to enforce auth.
+ * @param {NodeServiceConfig['apiUrl']} serviceConfig.apiUrl - The url of the api server to fetch information for verification. `https://api.thirdweb.com` for production and `https://api.staging.thirdweb.com` for staging
+ * @param {NodeServiceConfig['serviceApiKey']} serviceConfig.serviceApiKey - secret key to be used authenticate the caller of the api-server. Check the api-server's env variable for the keys.
+ * @param {NodeServiceConfig['serviceScope']} serviceConfig.serviceScope - The service that we are requesting authorization for. E.g. `relayer`, `rpc`, 'bundler', 'storage' etc.
+ * @param {NodeServiceConfig['serviceAction']} serviceConfig.serviceAction - Needed when the `serviceScope` is `storage`. Can be either `read` or `write`.
+ * @param {NodeServiceConfig['useWalletAuth']} serviceConfig.useWalletAuth - If true it pings the `wallet/me` or else, `account/me`. You most likely can leave this as false.
+ * @returns {AuthorizationResult} authorizationResult - contains if the request is authorized, and information about the account if it is authorized. Otherwise, it contains the error message and status code.
+ */
+export async function authorizeNode(authInput, serviceConfig) {
+    let authData;
+    try {
+        authData = extractAuthorizationData(authInput);
+    }
+    catch (e) {
+        if (e instanceof Error && e.message === "KEY_CONFLICT") {
+            return {
+                authorized: false,
+                status: 400,
+                errorMessage: "Please pass either a client id or a secret key.",
+                errorCode: "KEY_CONFLICT",
+            };
+        }
+        return {
+            authorized: false,
+            status: 500,
+            errorMessage: "Internal Server Error",
+            errorCode: "INTERNAL_SERVER_ERROR",
+        };
+    }
+    return await authorize(authData, serviceConfig);
+}
+function getHeader(headers, headerName) {
+    const header = headers[headerName];
+    if (Array.isArray(header)) {
+        return header?.[0] ?? null;
+    }
+    return header ?? null;
+}
+export function extractAuthorizationData(authInput) {
+    let requestUrl;
+    try {
+        requestUrl = new URL(authInput.req.url || "", `http://${authInput.req.headers.host}`);
+    }
+    catch (error) {
+        console.log("** Node URL Error **", error);
+        throw error;
+    }
+    const headers = authInput.req.headers;
+    const secretKey = getHeader(headers, "x-secret-key");
+    // prefer clientId that is explicitly passed in
+    let clientId = authInput.clientId ?? null;
+    if (!clientId) {
+        // next preference is clientId from header
+        clientId = getHeader(headers, "x-client-id");
+    }
+    // next preference is search param
+    if (!clientId) {
+        clientId = requestUrl.searchParams.get("clientId");
+    }
+    // bundle id from header is first preference
+    let bundleId = getHeader(headers, "x-bundle-id");
+    // next preference is search param
+    if (!bundleId) {
+        bundleId = requestUrl.searchParams.get("bundleId");
+    }
+    let origin = getHeader(headers, "origin");
+    // if origin header is not available we'll fall back to referrer;
+    if (!origin) {
+        origin = getHeader(headers, "referer");
+    }
+    // if we have an origin at this point, normalize it
+    if (origin) {
+        try {
+            origin = new URL(origin).host;
+        }
+        catch (e) {
+            console.warn("failed to parse origin", origin, e);
+        }
+    }
+    // handle if we a secret key is passed in the headers
+    let secretKeyHash = null;
+    if (secretKey) {
+        // hash the secret key
+        secretKeyHash = hashSecretKey(secretKey);
+        // derive the client id from the secret key hash
+        const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
+        // if we already have a client id passed in we need to make sure they match
+        if (clientId && clientId !== derivedClientId) {
+            throw new Error("KEY_CONFLICT");
+        }
+        // otherwise set the client id to the derived client id (client id based off of secret key)
+        clientId = derivedClientId;
+    }
+    let jwt = null;
+    let useWalletAuth = null;
+    // check for authorization header on the request
+    const authorizationHeader = getHeader(headers, "authorization");
+    if (authorizationHeader) {
+        const [type, token] = authorizationHeader.split(" ");
+        if (type?.toLowerCase() === "bearer" && !!token) {
+            jwt = token;
+            const walletAuthHeader = getHeader(headers, "x-authorize-wallet");
+            // IK a stringified boolean is not ideal, but it's required to pass it in the headers.
+            if (walletAuthHeader?.toLowerCase() === "true") {
+                useWalletAuth = walletAuthHeader;
+            }
+        }
+    }
+    return {
+        jwt,
+        hashedJWT: jwt ? hashSecretKey(jwt) : null,
+        secretKeyHash,
+        secretKey,
+        clientId,
+        origin,
+        bundleId,
+        targetAddress: authInput.targetAddress,
+        useWalletAuth,
+    };
+}
+export function hashSecretKey(secretKey) {
+    return createHash("sha256").update(secretKey).digest("hex");
+}
+export function deriveClientIdFromSecretKeyHash(secretKeyHash) {
+    return secretKeyHash.slice(0, 32);
+}
+export function logHttpRequest({ clientId, req, res, isAuthed, statusMessage, latencyMs, }) {
+    try {
+        const authorizationData = extractAuthorizationData({ req, clientId });
+        const headers = req.headers;
+        console.log(JSON.stringify({
+            method: req.method,
+            pathname: req.url,
+            hasSecretKey: !!authorizationData.secretKey,
+            hasClientId: !!authorizationData.clientId,
+            hasJwt: !!authorizationData.jwt,
+            clientId: authorizationData.clientId,
+            isAuthed,
+            status: res.statusCode,
+            statusMessage,
+            sdkName: headers["x-sdk-name"] ?? undefined,
+            sdkVersion: headers["x-sdk-version"] ?? undefined,
+            platform: headers["x-sdk-platform"] ?? undefined,
+            os: headers["x-sdk-os"] ?? undefined,
+            latencyMs,
+        }));
+    }
+    catch { }
+}
+//# sourceMappingURL=index.js.map

package/dist/esm/node/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/node/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAOzC,OAAO,EAAE,SAAS,EAAE,MAAM,4BAA4B,CAAC;AAIvD,cAAc,kBAAkB,CAAC;AACjC,cAAc,4BAA4B,CAAC;AAC3C,cAAc,qBAAqB,CAAC;AACpC,cAAc,6BAA6B,CAAC;AAO5C;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,SAAoB,EACpB,aAAgC;IAEhC,IAAI,QAA4B,CAAC;IACjC,IAAI,CAAC;QACH,QAAQ,GAAG,wBAAwB,CAAC,SAAS,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,KAAK,cAAc,EAAE,CAAC;YACvD,OAAO;gBACL,UAAU,EAAE,KAAK;gBACjB,MAAM,EAAE,GAAG;gBACX,YAAY,EAAE,iDAAiD;gBAC/D,SAAS,EAAE,cAAc;aAC1B,CAAC;QACJ,CAAC;QACD,OAAO;YACL,UAAU,EAAE,KAAK;YACjB,MAAM,EAAE,GAAG;YACX,YAAY,EAAE,uBAAuB;YACrC,SAAS,EAAE,uBAAuB;SACnC,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,SAAS,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC;AAClD,CAAC;AAED,SAAS,SAAS,CAChB,OAA4B,EAC5B,UAAkB;IAElB,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IACnC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1B,OAAO,MAAM,EAAE,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;IAC7B,CAAC;IACD,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED,MAAM,UAAU,wBAAwB,CACtC,SAAoB;IAEpB,IAAI,UAAe,CAAC;IAEpB,IAAI,CAAC;QACH,UAAU,GAAG,IAAI,GAAG,CAClB,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EACvB,UAAU,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CACvC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,sBAAsB,EAAE,KAAK,CAAC,CAAC;QAC3C,MAAM,KAAK,CAAC;IACd,CAAC;IAED,MAAM,OAAO,GAAG,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC;IACtC,MAAM,SAAS,GAAG,SAAS,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;IACrD,+CAA+C;IAC/C,IAAI,QAAQ,GAAG,SAAS,CAAC,QAAQ,IAAI,IAAI,CAAC;IAE1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,0CAA0C;QAC1C,QAAQ,GAAG,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAC/C,CAAC;IAED,kCAAkC;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IACD,4CAA4C;IAC5C,IAAI,QAAQ,GAAG,SAAS,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;IAEjD,kCAAkC;IAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,QAAQ,GAAG,UAAU,CAAC,YAAY,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC1C,iEAAiE;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,GAAG,SAAS,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IACzC,CAAC;IACD,mDAAmD;IACnD,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC;QAChC,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,wBAAwB,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACpD,CAAC;IACH,CAAC;IAED,qDAAqD;IACrD,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,IAAI,SAAS,EAAE,CAAC;QACd,sBAAsB;QACtB,aAAa,GAAG,aAAa,CAAC,SAAS,CAAC,CAAC;QACzC,gDAAgD;QAChD,MAAM,eAAe,GAAG,+BAA+B,CAAC,aAAa,CAAC,CAAC;QACvE,2EAA2E;QAC3E,IAAI,QAAQ,IAAI,QAAQ,KAAK,eAAe,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;QAClC,CAAC;QACD,2FAA2F;QAC3F,QAAQ,GAAG,eAAe,CAAC;IAC7B,CAAC;IAED,IAAI,GAAG,GAAkB,IAAI,CAAC;IAC9B,IAAI,aAAa,GAAkB,IAAI,CAAC;IACxC,gDAAgD;IAChD,MAAM,mBAAmB,GAAG,SAAS,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAChE,IAAI,mBAAmB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,mBAAmB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACrD,IAAI,IAAI,EAAE,WAAW,EAAE,KAAK,QAAQ,IAAI,CAAC,CAAC,KAAK,EAAE,CAAC;YAChD,GAAG,GAAG,KAAK,CAAC;YACZ,MAAM,gBAAgB,GAAG,SAAS,CAAC,OAAO,EAAE,oBAAoB,CAAC,CAAC;YAClE,sFAAsF;YACtF,IAAI,gBAAgB,EAAE,WAAW,EAAE,KAAK,MAAM,EAAE,CAAC;gBAC/C,aAAa,GAAG,gBAAgB,CAAC;YACnC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO;QACL,GAAG;QACH,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI;QAC1C,aAAa;QACb,SAAS;QACT,QAAQ;QACR,MAAM;QACN,QAAQ;QACR,aAAa,EAAE,SAAS,CAAC,aAAa;QACtC,aAAa;KACd,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,SAAiB;IAC7C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC;AAED,MAAM,UAAU,+BAA+B,CAAC,aAAqB;IACnE,OAAO,aAAa,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,EAC7B,QAAQ,EACR,GAAG,EACH,GAAG,EACH,QAAQ,EACR,aAAa,EACb,SAAS,GAQV;IACC,IAAI,CAAC;QACH,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QACtE,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;QAE5B,OAAO,CAAC,GAAG,CACT,IAAI,CAAC,SAAS,CAAC;YACb,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,QAAQ,EAAE,GAAG,CAAC,GAAG;YACjB,YAAY,EAAE,CAAC,CAAC,iBAAiB,CAAC,SAAS;YAC3C,WAAW,EAAE,CAAC,CAAC,iBAAiB,CAAC,QAAQ;YACzC,MAAM,EAAE,CAAC,CAAC,iBAAiB,CAAC,GAAG;YAC/B,QAAQ,EAAE,iBAAiB,CAAC,QAAQ;YACpC,QAAQ;YACR,MAAM,EAAE,GAAG,CAAC,UAAU;YACtB,aAAa;YACb,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,IAAI,SAAS;YAC3C,UAAU,EAAE,OAAO,CAAC,eAAe,CAAC,IAAI,SAAS;YACjD,QAAQ,EAAE,OAAO,CAAC,gBAAgB,CAAC,IAAI,SAAS;YAChD,EAAE,EAAE,OAAO,CAAC,UAAU,CAAC,IAAI,SAAS;YACpC,SAAS;SACV,CAAC,CACH,CAAC;IACJ,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;AACZ,CAAC"}

package/dist/esm/package.json

@@ -0,0 +1 @@
+{"type": "module","sideEffects":false}

package/dist/{declarations/src → types}/cf-worker/index.d.ts

@@ -1,13 +1,13 @@
 import type { ExecutionContext, KVNamespace, Response } from "@cloudflare/workers-types";
-import type { CoreServiceConfig } from "../core/api";
 import type { Request } from "@cloudflare/workers-types";
-import type { AuthorizationInput } from "../core/authorize";
-import type { AuthorizationResult } from "../core/authorize/types";
-import type { CoreAuthInput } from "../core/types";
-export * from "./usage";
-export * from "../core/services";
-export * from "../core/rateLimit";
-export * from "../core/usageLimit";
+import type { CoreServiceConfig } from "../core/api.js";
+import type { AuthorizationInput } from "../core/authorize/index.js";
+import type { AuthorizationResult } from "../core/authorize/types.js";
+import type { CoreAuthInput } from "../core/types.js";
+export * from "./usage.js";
+export * from "../core/services.js";
+export * from "../core/rateLimit/index.js";
+export * from "../core/usageLimit/index.js";
 export type WorkerServiceConfig = CoreServiceConfig & {
     kvStore: KVNamespace;
     ctx: ExecutionContext;