@thirdweb-dev/service-utils 0.4.38 → 0.4.39

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.cjs.prod.js

@@ -1,226 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-var index = require('../../dist/index-23f268d8.cjs.prod.js');
-var aws4fetch = require('aws4fetch');
-var client = require('../../dist/client-84e46164.cjs.prod.js');
-require('zod');
-
-// Initialize a singleton for AWS usage.
-let _aws;
-function getAws(options) {
-  if (!_aws) {
-    _aws = new aws4fetch.AwsClient(options);
-  }
-  return _aws;
-}
-
-/**
- * Publish usage events. Provide the relevant fields for your application.
- *
- * Usage in Cloudflare Workers:
- *    ctx.waitUntil(
- *      publishUsageEvents(
- *        [event1, event2],
- *        { queueUrl, accessKeyId, secretAccessKey },
- *      )
- *    )
- *
- * @param usageEvents
- * @param config
- */
-async function publishUsageEvents(usageEvents, config) {
-  const {
-    queueUrl,
-    accessKeyId,
-    secretAccessKey,
-    region = "us-west-2"
-  } = config;
-  const entries = usageEvents.map(event => {
-    // Enforce schema of usage event.
-    const parsed = index.usageEventSchema.parse(event);
-    return {
-      Id: crypto.randomUUID(),
-      MessageBody: JSON.stringify(parsed)
-    };
-  });
-  const aws = getAws({
-    accessKeyId,
-    secretAccessKey,
-    region
-  });
-  await aws.fetch(`https://sqs.${region}.amazonaws.com`, {
-    headers: {
-      "X-Amz-Target": "AmazonSQS.SendMessageBatch",
-      "X-Amz-Date": new Date().toISOString(),
-      "Content-Type": "application/x-amz-json-1.0"
-    },
-    body: JSON.stringify({
-      QueueUrl: queueUrl,
-      Entries: entries
-    })
-  });
-}
-
-const DEFAULT_CACHE_TTL_SECONDS = 60;
-async function authorizeWorker(authInput, serviceConfig) {
-  let authData;
-  try {
-    authData = await extractAuthorizationData(authInput);
-  } catch (e) {
-    if (e instanceof Error && e.message === "KEY_CONFLICT") {
-      return {
-        authorized: false,
-        status: 400,
-        errorMessage: "Please pass either a client id or a secret key.",
-        errorCode: "KEY_CONFLICT"
-      };
-    }
-    return {
-      authorized: false,
-      status: 500,
-      errorMessage: "Internal Server Error",
-      errorCode: "INTERNAL_SERVER_ERROR"
-    };
-  }
-  return await index.authorize(authData, serviceConfig, {
-    get: async clientId => serviceConfig.kvStore.get(clientId),
-    put: (clientId, apiKeyMeta) => serviceConfig.ctx.waitUntil(serviceConfig.kvStore.put(clientId, JSON.stringify({
-      updatedAt: Date.now(),
-      apiKeyMeta
-    }), {
-      expirationTtl: serviceConfig.cacheTtlSeconds && serviceConfig.cacheTtlSeconds >= DEFAULT_CACHE_TTL_SECONDS ? serviceConfig.cacheTtlSeconds : DEFAULT_CACHE_TTL_SECONDS
-    })),
-    cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
-  });
-}
-async function extractAuthorizationData(authInput) {
-  const requestUrl = new URL(authInput.req.url);
-  const headers = authInput.req.headers;
-  const secretKey = headers.get("x-secret-key");
-
-  // prefer clientId that is explicitly passed in
-  let clientId = authInput.clientId ?? null;
-  if (!clientId) {
-    // next preference is clientId from header
-    clientId = headers.get("x-client-id");
-  }
-
-  // next preference is search param
-  if (!clientId) {
-    clientId = requestUrl.searchParams.get("clientId");
-  }
-  // bundle id from header is first preference
-  let bundleId = headers.get("x-bundle-id");
-
-  // next preference is search param
-  if (!bundleId) {
-    bundleId = requestUrl.searchParams.get("bundleId");
-  }
-  let origin = headers.get("origin");
-  // if origin header is not available we'll fall back to referrer;
-  if (!origin) {
-    origin = headers.get("referer");
-  }
-  // if we have an origin at this point, normalize it
-  if (origin) {
-    try {
-      origin = new URL(origin).host;
-    } catch (e) {
-      console.warn("failed to parse origin", origin, e);
-    }
-  }
-
-  // handle if we a secret key is passed in the headers
-  let secretKeyHash = null;
-  if (secretKey) {
-    // hash the secret key
-    secretKeyHash = await hashSecretKey(secretKey);
-    // derive the client id from the secret key hash
-    const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
-    // if we already have a client id passed in we need to make sure they match
-    if (clientId && clientId !== derivedClientId) {
-      throw new Error("KEY_CONFLICT");
-    }
-    // otherwise set the client id to the derived client id (client id based off of secret key)
-    clientId = derivedClientId;
-  }
-  let jwt = null;
-  if (headers.has("authorization")) {
-    const authHeader = headers.get("authorization");
-    if (authHeader) {
-      const [type, token] = authHeader.split(" ");
-      if (type?.toLowerCase() === "bearer" && !!token) {
-        jwt = token;
-      }
-    }
-  }
-  return {
-    jwt,
-    hashedJWT: jwt ? await hashSecretKey(jwt) : null,
-    secretKey,
-    clientId,
-    origin,
-    bundleId,
-    secretKeyHash,
-    targetAddress: authInput.targetAddress
-  };
-}
-async function hashSecretKey(secretKey) {
-  return bufferToHex(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(secretKey)));
-}
-function deriveClientIdFromSecretKeyHash(secretKeyHash) {
-  return secretKeyHash.slice(0, 32);
-}
-function bufferToHex(buffer) {
-  return [...new Uint8Array(buffer)].map(x => x.toString(16).padStart(2, "0")).join("");
-}
-async function logHttpRequest(_ref) {
-  let {
-    clientId,
-    req,
-    res,
-    isAuthed,
-    statusMessage,
-    latencyMs
-  } = _ref;
-  try {
-    const authorizationData = await extractAuthorizationData({
-      req,
-      clientId
-    });
-    const headers = req.headers;
-    console.log(JSON.stringify({
-      method: req.method,
-      pathname: req.url,
-      hasSecretKey: !!authorizationData.secretKey,
-      hasClientId: !!authorizationData.clientId,
-      hasJwt: !!authorizationData.jwt,
-      clientId: authorizationData.clientId,
-      isAuthed,
-      status: res.status,
-      sdkName: headers.get("x-sdk-name") ?? undefined,
-      sdkVersion: headers.get("x-sdk-version") ?? undefined,
-      platform: headers.get("x-sdk-platform") ?? undefined,
-      os: headers.get("x-sdk-os") ?? undefined,
-      latencyMs
-    }));
-    if (statusMessage) {
-      console.log(`statusMessage=${statusMessage}`);
-    }
-  } catch (err) {}
-}
-
-exports.rateLimit = index.rateLimit;
-exports.usageLimit = index.usageLimit;
-exports.SERVICES = client.SERVICES;
-exports.SERVICE_DEFINITIONS = client.SERVICE_DEFINITIONS;
-exports.SERVICE_NAMES = client.SERVICE_NAMES;
-exports.getServiceByName = client.getServiceByName;
-exports.authorizeWorker = authorizeWorker;
-exports.deriveClientIdFromSecretKeyHash = deriveClientIdFromSecretKeyHash;
-exports.extractAuthorizationData = extractAuthorizationData;
-exports.hashSecretKey = hashSecretKey;
-exports.logHttpRequest = logHttpRequest;
-exports.publishUsageEvents = publishUsageEvents;

package/cf-worker/dist/thirdweb-dev-service-utils-cf-worker.esm.js

@@ -1,212 +0,0 @@
-import { u as usageEventSchema, a as authorize } from '../../dist/index-5dc16842.esm.js';
-export { r as rateLimit, b as usageLimit } from '../../dist/index-5dc16842.esm.js';
-import { AwsClient } from 'aws4fetch';
-export { d as SERVICES, S as SERVICE_DEFINITIONS, c as SERVICE_NAMES, g as getServiceByName } from '../../dist/client-8440b8fb.esm.js';
-import 'zod';
-
-// Initialize a singleton for AWS usage.
-let _aws;
-function getAws(options) {
-  if (!_aws) {
-    _aws = new AwsClient(options);
-  }
-  return _aws;
-}
-
-/**
- * Publish usage events. Provide the relevant fields for your application.
- *
- * Usage in Cloudflare Workers:
- *    ctx.waitUntil(
- *      publishUsageEvents(
- *        [event1, event2],
- *        { queueUrl, accessKeyId, secretAccessKey },
- *      )
- *    )
- *
- * @param usageEvents
- * @param config
- */
-async function publishUsageEvents(usageEvents, config) {
-  const {
-    queueUrl,
-    accessKeyId,
-    secretAccessKey,
-    region = "us-west-2"
-  } = config;
-  const entries = usageEvents.map(event => {
-    // Enforce schema of usage event.
-    const parsed = usageEventSchema.parse(event);
-    return {
-      Id: crypto.randomUUID(),
-      MessageBody: JSON.stringify(parsed)
-    };
-  });
-  const aws = getAws({
-    accessKeyId,
-    secretAccessKey,
-    region
-  });
-  await aws.fetch(`https://sqs.${region}.amazonaws.com`, {
-    headers: {
-      "X-Amz-Target": "AmazonSQS.SendMessageBatch",
-      "X-Amz-Date": new Date().toISOString(),
-      "Content-Type": "application/x-amz-json-1.0"
-    },
-    body: JSON.stringify({
-      QueueUrl: queueUrl,
-      Entries: entries
-    })
-  });
-}
-
-const DEFAULT_CACHE_TTL_SECONDS = 60;
-async function authorizeWorker(authInput, serviceConfig) {
-  let authData;
-  try {
-    authData = await extractAuthorizationData(authInput);
-  } catch (e) {
-    if (e instanceof Error && e.message === "KEY_CONFLICT") {
-      return {
-        authorized: false,
-        status: 400,
-        errorMessage: "Please pass either a client id or a secret key.",
-        errorCode: "KEY_CONFLICT"
-      };
-    }
-    return {
-      authorized: false,
-      status: 500,
-      errorMessage: "Internal Server Error",
-      errorCode: "INTERNAL_SERVER_ERROR"
-    };
-  }
-  return await authorize(authData, serviceConfig, {
-    get: async clientId => serviceConfig.kvStore.get(clientId),
-    put: (clientId, apiKeyMeta) => serviceConfig.ctx.waitUntil(serviceConfig.kvStore.put(clientId, JSON.stringify({
-      updatedAt: Date.now(),
-      apiKeyMeta
-    }), {
-      expirationTtl: serviceConfig.cacheTtlSeconds && serviceConfig.cacheTtlSeconds >= DEFAULT_CACHE_TTL_SECONDS ? serviceConfig.cacheTtlSeconds : DEFAULT_CACHE_TTL_SECONDS
-    })),
-    cacheTtlSeconds: serviceConfig.cacheTtlSeconds ?? DEFAULT_CACHE_TTL_SECONDS
-  });
-}
-async function extractAuthorizationData(authInput) {
-  const requestUrl = new URL(authInput.req.url);
-  const headers = authInput.req.headers;
-  const secretKey = headers.get("x-secret-key");
-
-  // prefer clientId that is explicitly passed in
-  let clientId = authInput.clientId ?? null;
-  if (!clientId) {
-    // next preference is clientId from header
-    clientId = headers.get("x-client-id");
-  }
-
-  // next preference is search param
-  if (!clientId) {
-    clientId = requestUrl.searchParams.get("clientId");
-  }
-  // bundle id from header is first preference
-  let bundleId = headers.get("x-bundle-id");
-
-  // next preference is search param
-  if (!bundleId) {
-    bundleId = requestUrl.searchParams.get("bundleId");
-  }
-  let origin = headers.get("origin");
-  // if origin header is not available we'll fall back to referrer;
-  if (!origin) {
-    origin = headers.get("referer");
-  }
-  // if we have an origin at this point, normalize it
-  if (origin) {
-    try {
-      origin = new URL(origin).host;
-    } catch (e) {
-      console.warn("failed to parse origin", origin, e);
-    }
-  }
-
-  // handle if we a secret key is passed in the headers
-  let secretKeyHash = null;
-  if (secretKey) {
-    // hash the secret key
-    secretKeyHash = await hashSecretKey(secretKey);
-    // derive the client id from the secret key hash
-    const derivedClientId = deriveClientIdFromSecretKeyHash(secretKeyHash);
-    // if we already have a client id passed in we need to make sure they match
-    if (clientId && clientId !== derivedClientId) {
-      throw new Error("KEY_CONFLICT");
-    }
-    // otherwise set the client id to the derived client id (client id based off of secret key)
-    clientId = derivedClientId;
-  }
-  let jwt = null;
-  if (headers.has("authorization")) {
-    const authHeader = headers.get("authorization");
-    if (authHeader) {
-      const [type, token] = authHeader.split(" ");
-      if (type?.toLowerCase() === "bearer" && !!token) {
-        jwt = token;
-      }
-    }
-  }
-  return {
-    jwt,
-    hashedJWT: jwt ? await hashSecretKey(jwt) : null,
-    secretKey,
-    clientId,
-    origin,
-    bundleId,
-    secretKeyHash,
-    targetAddress: authInput.targetAddress
-  };
-}
-async function hashSecretKey(secretKey) {
-  return bufferToHex(await crypto.subtle.digest("SHA-256", new TextEncoder().encode(secretKey)));
-}
-function deriveClientIdFromSecretKeyHash(secretKeyHash) {
-  return secretKeyHash.slice(0, 32);
-}
-function bufferToHex(buffer) {
-  return [...new Uint8Array(buffer)].map(x => x.toString(16).padStart(2, "0")).join("");
-}
-async function logHttpRequest(_ref) {
-  let {
-    clientId,
-    req,
-    res,
-    isAuthed,
-    statusMessage,
-    latencyMs
-  } = _ref;
-  try {
-    const authorizationData = await extractAuthorizationData({
-      req,
-      clientId
-    });
-    const headers = req.headers;
-    console.log(JSON.stringify({
-      method: req.method,
-      pathname: req.url,
-      hasSecretKey: !!authorizationData.secretKey,
-      hasClientId: !!authorizationData.clientId,
-      hasJwt: !!authorizationData.jwt,
-      clientId: authorizationData.clientId,
-      isAuthed,
-      status: res.status,
-      sdkName: headers.get("x-sdk-name") ?? undefined,
-      sdkVersion: headers.get("x-sdk-version") ?? undefined,
-      platform: headers.get("x-sdk-platform") ?? undefined,
-      os: headers.get("x-sdk-os") ?? undefined,
-      latencyMs
-    }));
-    if (statusMessage) {
-      console.log(`statusMessage=${statusMessage}`);
-    }
-  } catch (err) {}
-}
-
-export { authorizeWorker, deriveClientIdFromSecretKeyHash, extractAuthorizationData, hashSecretKey, logHttpRequest, publishUsageEvents };

package/cf-worker/package.json

@@ -1,4 +0,0 @@
-{
-  "main": "dist/thirdweb-dev-service-utils-cf-worker.cjs.js",
-  "module": "dist/thirdweb-dev-service-utils-cf-worker.esm.js"
-}

package/dist/client-8440b8fb.esm.js

@@ -1,195 +0,0 @@
-const SERVICE_DEFINITIONS = {
-  storage: {
-    name: "storage",
-    title: "Storage",
-    description: "IPFS Upload and Download",
-    actions: [{
-      name: "read",
-      title: "Download",
-      description: "Download a file from Storage"
-    }, {
-      name: "write",
-      title: "Upload",
-      description: "Upload a file to Storage"
-    }]
-  },
-  rpc: {
-    name: "rpc",
-    title: "RPC",
-    description: "Accelerated RPC Edge",
-    // all actions allowed
-    actions: []
-  },
-  bundler: {
-    name: "bundler",
-    title: "Account Abstraction",
-    description: "Bundler & Paymaster services",
-    // all actions allowed
-    actions: []
-  },
-  relayer: {
-    name: "relayer",
-    title: "Gasless Relayer",
-    description: "Enable gasless transactions",
-    // all actions allowed
-    actions: []
-  },
-  embeddedWallets: {
-    name: "embeddedWallets",
-    title: "In-App Wallets",
-    description: "E-mail and social login wallets for easy web3 onboarding",
-    // all actions allowed
-    actions: []
-  },
-  pay: {
-    name: "pay",
-    title: "Pay",
-    description: "Pay for a blockchain transaction with any currency",
-    // all actions allowed
-    actions: []
-  },
-  chainsaw: {
-    name: "chainsaw",
-    title: "Chainsaw",
-    description: "Indexed data for any EVM chain",
-    // all actions allowed
-    actions: []
-  }
-};
-const SERVICE_NAMES = Object.keys(SERVICE_DEFINITIONS);
-const SERVICES = Object.values(SERVICE_DEFINITIONS);
-function getServiceByName(name) {
-  return SERVICE_DEFINITIONS[name];
-}
-
-function authorizeClient(authOptions, apiKeyMeta) {
-  const {
-    origin,
-    bundleId,
-    secretKeyHash: providedSecretHash
-  } = authOptions;
-  const {
-    domains,
-    bundleIds,
-    secretHash
-  } = apiKeyMeta;
-  const authResult = {
-    authorized: true,
-    apiKeyMeta,
-    accountMeta: {
-      id: apiKeyMeta.accountId,
-      // TODO update this later
-      name: "",
-      creatorWalletAddress: apiKeyMeta.creatorWalletAddress,
-      limits: apiKeyMeta.limits,
-      rateLimits: apiKeyMeta.rateLimits,
-      usage: apiKeyMeta.usage
-    }
-  };
-
-  // check for public restrictions
-  if (domains.includes("*")) {
-    return authResult;
-  }
-
-  // check for secretHash
-  if (providedSecretHash) {
-    if (secretHash !== providedSecretHash) {
-      return {
-        authorized: false,
-        errorMessage: "Incorrect key provided. You can view your active API keys at https://thirdweb.com/dashboard/settings",
-        errorCode: "SECRET_INVALID",
-        status: 401
-      };
-    }
-    return authResult;
-  }
-
-  // validate domains
-  if (origin) {
-    if (authorizeDomain({
-      domains,
-      origin
-    })) {
-      return authResult;
-    }
-    return {
-      authorized: false,
-      errorMessage: `Invalid request: Unauthorized domain: ${origin}. You can view the restrictions on this API key at https://thirdweb.com/create-api-key`,
-      errorCode: "ORIGIN_UNAUTHORIZED",
-      status: 401
-    };
-  }
-
-  // validate bundleId
-  if (bundleId) {
-    if (authorizeBundleId({
-      bundleIds,
-      bundleId
-    })) {
-      return authResult;
-    }
-    return {
-      authorized: false,
-      errorMessage: `Invalid request: Unauthorized Bundle ID: ${bundleId}. You can view the restrictions on this API key at https://thirdweb.com/create-api-key`,
-      errorCode: "BUNDLE_UNAUTHORIZED",
-      status: 401
-    };
-  }
-  return {
-    authorized: false,
-    errorMessage: "The keys are invalid. Please check the secret-key/clientId and try again.",
-    errorCode: "UNAUTHORIZED",
-    status: 401
-  };
-}
-
-// Exposed for use in validating ecosystem partners settings
-function authorizeDomain(_ref) {
-  let {
-    domains,
-    origin
-  } = _ref;
-  // find matching domain, or if all domains allowed
-  // embedded-wallet.thirdweb(-dev).com is automatically allowed
-  // because the rpc is passed from user's domain to embedded-wallet.thirdweb.com iframe for use.
-  // Note this doesn't allow embedded-wallets from being used if it's disabled. The service check that runs after enforces that.
-  return !![...domains, "embedded-wallet.thirdweb.com", "embedded-wallet.thirdweb-dev.com"].find(d => {
-    // if any domain is allowed, we'll return true
-    if (d === "*") {
-      return true;
-    }
-
-    // special rule for `localhost`
-    // if the domain is localhost, we'll allow any origin that starts with localhost
-    if (d === "localhost" && origin.startsWith("localhost")) {
-      return true;
-    }
-
-    // If the allowedDomain has a wildcard,
-    // we'll check that the ending of our domain matches the wildcard
-    if (d.startsWith("*.")) {
-      // get rid of the * and check if it ends with the `.<domain>.<tld>`
-      const domainRoot = d.slice(1);
-      return origin.endsWith(domainRoot);
-    }
-
-    // If there's no wildcard, we'll check for an exact match
-    return d === origin;
-  });
-}
-function authorizeBundleId(_ref2) {
-  let {
-    bundleIds,
-    bundleId
-  } = _ref2;
-  // find matching bundle id, or if all bundles allowed
-  return !!bundleIds.find(b => {
-    if (b === "*") {
-      return true;
-    }
-    return b === bundleId;
-  });
-}
-
-export { SERVICE_DEFINITIONS as S, authorizeBundleId as a, authorizeDomain as b, SERVICE_NAMES as c, SERVICES as d, authorizeClient as e, getServiceByName as g };