@yeying-community/web3-bs 1.0.16 → 1.0.17

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,668 @@
1
+ openapi: 3.0.3
2
+ info:
3
+ title: YeYing Node Auth & Central UCAN Issuer API
4
+ version: 1.1.0
5
+ description: |
6
+ OpenAPI contract aligned with the Node v1 implementation.
7
+
8
+ Notes:
9
+ - All responses use unified envelope: { code, message, data, timestamp }.
10
+ - code = 0 means success; non-zero means failure and data should be null.
11
+ - /refresh uses httpOnly refresh cookie; clients should send credentials.
12
+ - Central issuer APIs are under /api/v1/public/auth/central/*.
13
+ servers:
14
+ - url: http://127.0.0.1:8100
15
+ paths:
16
+ /api/v1/public/auth/challenge:
17
+ post:
18
+ summary: Create SIWE challenge
19
+ description: Generate challenge for wallet signature.
20
+ requestBody:
21
+ required: true
22
+ content:
23
+ application/json:
24
+ schema:
25
+ $ref: '#/components/schemas/ChallengeRequest'
26
+ responses:
27
+ '200':
28
+ description: Challenge created
29
+ content:
30
+ application/json:
31
+ schema:
32
+ $ref: '#/components/schemas/ChallengeResponse'
33
+ '400':
34
+ description: Missing address
35
+ content:
36
+ application/json:
37
+ schema:
38
+ $ref: '#/components/schemas/ErrorResponse'
39
+ /api/v1/public/auth/verify:
40
+ post:
41
+ summary: Verify SIWE signature
42
+ description: Verify challenge signature and issue access token + refresh cookie.
43
+ requestBody:
44
+ required: true
45
+ content:
46
+ application/json:
47
+ schema:
48
+ $ref: '#/components/schemas/VerifyRequest'
49
+ responses:
50
+ '200':
51
+ description: Verified
52
+ headers:
53
+ Set-Cookie:
54
+ description: httpOnly refresh token cookie
55
+ schema:
56
+ type: string
57
+ content:
58
+ application/json:
59
+ schema:
60
+ $ref: '#/components/schemas/TokenResponse'
61
+ '400':
62
+ description: Missing fields or challenge expired
63
+ content:
64
+ application/json:
65
+ schema:
66
+ $ref: '#/components/schemas/ErrorResponse'
67
+ '401':
68
+ description: Invalid signature
69
+ content:
70
+ application/json:
71
+ schema:
72
+ $ref: '#/components/schemas/ErrorResponse'
73
+ '500':
74
+ description: Verify failed
75
+ content:
76
+ application/json:
77
+ schema:
78
+ $ref: '#/components/schemas/ErrorResponse'
79
+ /api/v1/public/auth/refresh:
80
+ post:
81
+ summary: Refresh access token
82
+ description: Rotate refresh cookie and issue new access token.
83
+ responses:
84
+ '200':
85
+ description: Refreshed
86
+ headers:
87
+ Set-Cookie:
88
+ description: Rotated httpOnly refresh token cookie
89
+ schema:
90
+ type: string
91
+ content:
92
+ application/json:
93
+ schema:
94
+ $ref: '#/components/schemas/TokenResponse'
95
+ '401':
96
+ description: Missing or invalid refresh token
97
+ content:
98
+ application/json:
99
+ schema:
100
+ $ref: '#/components/schemas/ErrorResponse'
101
+ '500':
102
+ description: Refresh failed
103
+ content:
104
+ application/json:
105
+ schema:
106
+ $ref: '#/components/schemas/ErrorResponse'
107
+ /api/v1/public/auth/logout:
108
+ post:
109
+ summary: Logout
110
+ description: Revoke refresh session and clear refresh cookie.
111
+ responses:
112
+ '200':
113
+ description: Logged out
114
+ headers:
115
+ Set-Cookie:
116
+ description: Cleared refresh token cookie
117
+ schema:
118
+ type: string
119
+ content:
120
+ application/json:
121
+ schema:
122
+ $ref: '#/components/schemas/LogoutResponse'
123
+ /api/v1/public/auth/central/issuer:
124
+ get:
125
+ summary: Get central issuer status
126
+ description: Read central UCAN issuer capability and runtime readiness.
127
+ responses:
128
+ '200':
129
+ description: Issuer status returned
130
+ content:
131
+ application/json:
132
+ schema:
133
+ $ref: '#/components/schemas/CentralIssuerStatusResponse'
134
+ /api/v1/public/auth/central/session:
135
+ post:
136
+ summary: Create central issue session
137
+ description: |
138
+ Create short-lived central issue session token.
139
+ Requires Bearer JWT access token.
140
+ security:
141
+ - accessTokenAuth: []
142
+ requestBody:
143
+ required: false
144
+ content:
145
+ application/json:
146
+ schema:
147
+ $ref: '#/components/schemas/CentralSessionRequest'
148
+ responses:
149
+ '200':
150
+ description: Session created
151
+ content:
152
+ application/json:
153
+ schema:
154
+ $ref: '#/components/schemas/CentralSessionResponse'
155
+ '400':
156
+ description: Missing subject or bad request
157
+ content:
158
+ application/json:
159
+ schema:
160
+ $ref: '#/components/schemas/ErrorResponse'
161
+ '401':
162
+ description: Missing or invalid access token
163
+ content:
164
+ application/json:
165
+ schema:
166
+ $ref: '#/components/schemas/ErrorResponse'
167
+ '403':
168
+ description: Subject mismatch or issue mode disabled
169
+ content:
170
+ application/json:
171
+ schema:
172
+ $ref: '#/components/schemas/ErrorResponse'
173
+ '503':
174
+ description: Issuer not ready
175
+ content:
176
+ application/json:
177
+ schema:
178
+ $ref: '#/components/schemas/ErrorResponse'
179
+ '500':
180
+ description: Internal issuer error
181
+ content:
182
+ application/json:
183
+ schema:
184
+ $ref: '#/components/schemas/ErrorResponse'
185
+ /api/v1/public/auth/central/issue:
186
+ post:
187
+ summary: Issue central UCAN
188
+ description: |
189
+ Issue UCAN with central issuer by using session token.
190
+ Requires Authorization: Bearer <sessionToken>.
191
+ security:
192
+ - sessionTokenAuth: []
193
+ requestBody:
194
+ required: false
195
+ content:
196
+ application/json:
197
+ schema:
198
+ $ref: '#/components/schemas/CentralIssueRequest'
199
+ responses:
200
+ '200':
201
+ description: Central UCAN issued
202
+ content:
203
+ application/json:
204
+ schema:
205
+ $ref: '#/components/schemas/CentralIssueResponse'
206
+ '400':
207
+ description: Invalid request body
208
+ content:
209
+ application/json:
210
+ schema:
211
+ $ref: '#/components/schemas/ErrorResponse'
212
+ '401':
213
+ description: Missing or invalid session token
214
+ content:
215
+ application/json:
216
+ schema:
217
+ $ref: '#/components/schemas/ErrorResponse'
218
+ '403':
219
+ description: Issuer mode denied
220
+ content:
221
+ application/json:
222
+ schema:
223
+ $ref: '#/components/schemas/ErrorResponse'
224
+ '503':
225
+ description: Issuer not ready
226
+ content:
227
+ application/json:
228
+ schema:
229
+ $ref: '#/components/schemas/ErrorResponse'
230
+ '500':
231
+ description: Internal issuer error
232
+ content:
233
+ application/json:
234
+ schema:
235
+ $ref: '#/components/schemas/ErrorResponse'
236
+ /api/v1/public/auth/central/revoke:
237
+ post:
238
+ summary: Revoke central issue session
239
+ description: Revoke previously created central issue session token.
240
+ security:
241
+ - sessionTokenAuth: []
242
+ responses:
243
+ '200':
244
+ description: Session revoked (or already absent)
245
+ content:
246
+ application/json:
247
+ schema:
248
+ $ref: '#/components/schemas/CentralRevokeResponse'
249
+ '401':
250
+ description: Missing session token
251
+ content:
252
+ application/json:
253
+ schema:
254
+ $ref: '#/components/schemas/ErrorResponse'
255
+ /api/v1/public/profile/me:
256
+ get:
257
+ summary: Verify and read current auth profile
258
+ description: |
259
+ Protected endpoint used to verify backend auth/authorization.
260
+ Supports JWT and UCAN via Authorization header.
261
+ security:
262
+ - accessTokenAuth: []
263
+ - ucanAuth: []
264
+ responses:
265
+ '200':
266
+ description: Profile returned
267
+ content:
268
+ application/json:
269
+ schema:
270
+ $ref: '#/components/schemas/ProfileMeResponse'
271
+ '401':
272
+ description: Missing or invalid token
273
+ content:
274
+ application/json:
275
+ schema:
276
+ $ref: '#/components/schemas/ErrorResponse'
277
+ components:
278
+ securitySchemes:
279
+ accessTokenAuth:
280
+ type: http
281
+ scheme: bearer
282
+ bearerFormat: JWT
283
+ ucanAuth:
284
+ type: http
285
+ scheme: bearer
286
+ bearerFormat: UCAN
287
+ sessionTokenAuth:
288
+ type: http
289
+ scheme: bearer
290
+ bearerFormat: OpaqueSessionToken
291
+ schemas:
292
+ BaseResponse:
293
+ type: object
294
+ required:
295
+ - code
296
+ - message
297
+ - timestamp
298
+ properties:
299
+ code:
300
+ type: integer
301
+ description: 0 for success, non-zero for failure
302
+ example: 0
303
+ message:
304
+ type: string
305
+ example: ok
306
+ timestamp:
307
+ type: integer
308
+ format: int64
309
+ example: 1730000000000
310
+ ErrorResponse:
311
+ allOf:
312
+ - $ref: '#/components/schemas/BaseResponse'
313
+ - type: object
314
+ required:
315
+ - data
316
+ properties:
317
+ data:
318
+ type: object
319
+ nullable: true
320
+ description: Always null when code != 0
321
+ UcanCapability:
322
+ type: object
323
+ properties:
324
+ with:
325
+ type: string
326
+ description: Preferred resource field
327
+ example: app:all:localhost-8100
328
+ can:
329
+ type: string
330
+ description: Preferred action field
331
+ example: invoke
332
+ resource:
333
+ type: string
334
+ description: Legacy alias of with
335
+ example: app:all:localhost-8100
336
+ action:
337
+ type: string
338
+ description: Legacy alias of can
339
+ example: invoke
340
+ ChallengeRequest:
341
+ type: object
342
+ required:
343
+ - address
344
+ properties:
345
+ address:
346
+ type: string
347
+ example: '0x751aa8b544c8aa6457d9428da5e38a24469f8d83'
348
+ VerifyRequest:
349
+ type: object
350
+ required:
351
+ - address
352
+ - signature
353
+ properties:
354
+ address:
355
+ type: string
356
+ example: '0x751aa8b544c8aa6457d9428da5e38a24469f8d83'
357
+ signature:
358
+ type: string
359
+ example: '0x...'
360
+ ChallengeData:
361
+ type: object
362
+ required:
363
+ - address
364
+ - challenge
365
+ - nonce
366
+ - issuedAt
367
+ - expiresAt
368
+ properties:
369
+ address:
370
+ type: string
371
+ challenge:
372
+ type: string
373
+ nonce:
374
+ type: string
375
+ issuedAt:
376
+ type: integer
377
+ format: int64
378
+ description: Unix epoch milliseconds
379
+ expiresAt:
380
+ type: integer
381
+ format: int64
382
+ description: Unix epoch milliseconds
383
+ TokenData:
384
+ type: object
385
+ required:
386
+ - address
387
+ - token
388
+ - expiresAt
389
+ - refreshExpiresAt
390
+ properties:
391
+ address:
392
+ type: string
393
+ token:
394
+ type: string
395
+ description: JWT access token
396
+ expiresAt:
397
+ type: integer
398
+ format: int64
399
+ description: Unix epoch milliseconds
400
+ refreshExpiresAt:
401
+ type: integer
402
+ format: int64
403
+ description: Unix epoch milliseconds
404
+ LogoutData:
405
+ type: object
406
+ required:
407
+ - logout
408
+ properties:
409
+ logout:
410
+ type: boolean
411
+ example: true
412
+ ProfileMeData:
413
+ type: object
414
+ required:
415
+ - address
416
+ - issuedAt
417
+ properties:
418
+ address:
419
+ type: string
420
+ issuer:
421
+ type: string
422
+ nullable: true
423
+ description: UCAN issuer DID when authType=ucan
424
+ ucanSource:
425
+ type: string
426
+ nullable: true
427
+ enum:
428
+ - wallet
429
+ - central
430
+ description: UCAN source when authType=ucan
431
+ authType:
432
+ type: string
433
+ nullable: true
434
+ enum:
435
+ - jwt
436
+ - ucan
437
+ issuedAt:
438
+ type: integer
439
+ format: int64
440
+ description: Unix epoch milliseconds
441
+ CentralIssuerStatusData:
442
+ type: object
443
+ required:
444
+ - enabled
445
+ - mode
446
+ - ready
447
+ - sessionTtlMs
448
+ - tokenTtlMs
449
+ - defaultAudience
450
+ - defaultCapabilities
451
+ properties:
452
+ enabled:
453
+ type: boolean
454
+ mode:
455
+ type: string
456
+ enum:
457
+ - verify
458
+ - issue
459
+ - hybrid
460
+ ready:
461
+ type: boolean
462
+ issuerDid:
463
+ type: string
464
+ nullable: true
465
+ sessionTtlMs:
466
+ type: integer
467
+ format: int64
468
+ tokenTtlMs:
469
+ type: integer
470
+ format: int64
471
+ defaultAudience:
472
+ type: string
473
+ defaultCapabilities:
474
+ type: array
475
+ items:
476
+ $ref: '#/components/schemas/UcanCapability'
477
+ error:
478
+ type: string
479
+ nullable: true
480
+ CentralSessionRequest:
481
+ type: object
482
+ properties:
483
+ subject:
484
+ type: string
485
+ description: Optional, must match access token address when provided
486
+ example: '0x751aa8b544c8aa6457d9428da5e38a24469f8d83'
487
+ sessionTtlMs:
488
+ type: integer
489
+ format: int64
490
+ description: Optional override, positive integer milliseconds
491
+ example: 300000
492
+ CentralSessionData:
493
+ type: object
494
+ required:
495
+ - subject
496
+ - issuerDid
497
+ - sessionToken
498
+ - issuedAt
499
+ - expiresAt
500
+ properties:
501
+ subject:
502
+ type: string
503
+ issuerDid:
504
+ type: string
505
+ sessionToken:
506
+ type: string
507
+ issuedAt:
508
+ type: integer
509
+ format: int64
510
+ description: Unix epoch milliseconds
511
+ expiresAt:
512
+ type: integer
513
+ format: int64
514
+ description: Unix epoch milliseconds
515
+ CentralIssueRequest:
516
+ type: object
517
+ properties:
518
+ audience:
519
+ type: string
520
+ description: Optional override, fallback to configured default audience
521
+ example: did:web:localhost:8100
522
+ capabilities:
523
+ type: array
524
+ items:
525
+ $ref: '#/components/schemas/UcanCapability'
526
+ expiresInMs:
527
+ type: integer
528
+ format: int64
529
+ description: Optional UCAN TTL override in milliseconds
530
+ example: 300000
531
+ ttlMs:
532
+ type: integer
533
+ format: int64
534
+ description: Compatibility alias of expiresInMs
535
+ example: 300000
536
+ CentralIssueData:
537
+ type: object
538
+ required:
539
+ - ucan
540
+ - issuer
541
+ - issuerDid
542
+ - subject
543
+ - audience
544
+ - capabilities
545
+ - notBefore
546
+ - expiresAt
547
+ - nbf
548
+ - exp
549
+ - iat
550
+ properties:
551
+ ucan:
552
+ type: string
553
+ issuer:
554
+ type: string
555
+ description: DID of central issuer
556
+ issuerDid:
557
+ type: string
558
+ description: Alias of issuer
559
+ subject:
560
+ type: string
561
+ description: UCAN sub claim
562
+ audience:
563
+ type: string
564
+ description: UCAN aud claim
565
+ capabilities:
566
+ type: array
567
+ items:
568
+ $ref: '#/components/schemas/UcanCapability'
569
+ notBefore:
570
+ type: integer
571
+ format: int64
572
+ description: Unix epoch seconds
573
+ expiresAt:
574
+ type: integer
575
+ format: int64
576
+ description: Unix epoch seconds
577
+ nbf:
578
+ type: integer
579
+ format: int64
580
+ description: Alias of notBefore (seconds)
581
+ exp:
582
+ type: integer
583
+ format: int64
584
+ description: Alias of expiresAt (seconds)
585
+ iat:
586
+ type: integer
587
+ format: int64
588
+ description: Alias of notBefore (seconds)
589
+ CentralRevokeData:
590
+ type: object
591
+ required:
592
+ - revoked
593
+ properties:
594
+ revoked:
595
+ type: boolean
596
+ example: true
597
+ ChallengeResponse:
598
+ allOf:
599
+ - $ref: '#/components/schemas/BaseResponse'
600
+ - type: object
601
+ required:
602
+ - data
603
+ properties:
604
+ data:
605
+ $ref: '#/components/schemas/ChallengeData'
606
+ TokenResponse:
607
+ allOf:
608
+ - $ref: '#/components/schemas/BaseResponse'
609
+ - type: object
610
+ required:
611
+ - data
612
+ properties:
613
+ data:
614
+ $ref: '#/components/schemas/TokenData'
615
+ LogoutResponse:
616
+ allOf:
617
+ - $ref: '#/components/schemas/BaseResponse'
618
+ - type: object
619
+ required:
620
+ - data
621
+ properties:
622
+ data:
623
+ $ref: '#/components/schemas/LogoutData'
624
+ ProfileMeResponse:
625
+ allOf:
626
+ - $ref: '#/components/schemas/BaseResponse'
627
+ - type: object
628
+ required:
629
+ - data
630
+ properties:
631
+ data:
632
+ $ref: '#/components/schemas/ProfileMeData'
633
+ CentralIssuerStatusResponse:
634
+ allOf:
635
+ - $ref: '#/components/schemas/BaseResponse'
636
+ - type: object
637
+ required:
638
+ - data
639
+ properties:
640
+ data:
641
+ $ref: '#/components/schemas/CentralIssuerStatusData'
642
+ CentralSessionResponse:
643
+ allOf:
644
+ - $ref: '#/components/schemas/BaseResponse'
645
+ - type: object
646
+ required:
647
+ - data
648
+ properties:
649
+ data:
650
+ $ref: '#/components/schemas/CentralSessionData'
651
+ CentralIssueResponse:
652
+ allOf:
653
+ - $ref: '#/components/schemas/BaseResponse'
654
+ - type: object
655
+ required:
656
+ - data
657
+ properties:
658
+ data:
659
+ $ref: '#/components/schemas/CentralIssueData'
660
+ CentralRevokeResponse:
661
+ allOf:
662
+ - $ref: '#/components/schemas/BaseResponse'
663
+ - type: object
664
+ required:
665
+ - data
666
+ properties:
667
+ data:
668
+ $ref: '#/components/schemas/CentralRevokeData'