accounts 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/README.md +38 -7
- package/dist/cli/Provider.d.ts +12 -0
- package/dist/cli/Provider.d.ts.map +1 -0
- package/dist/cli/Provider.js +19 -0
- package/dist/cli/Provider.js.map +1 -0
- package/dist/cli/adapter.d.ts +24 -0
- package/dist/cli/adapter.d.ts.map +1 -0
- package/dist/cli/adapter.js +173 -0
- package/dist/cli/adapter.js.map +1 -0
- package/dist/cli/index.d.ts +3 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +3 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/core/Dialog.d.ts.map +1 -1
- package/dist/core/Dialog.js +25 -1
- package/dist/core/Dialog.js.map +1 -1
- package/dist/core/IntersectionObserver.d.ts +3 -0
- package/dist/core/IntersectionObserver.d.ts.map +1 -0
- package/dist/core/IntersectionObserver.js +6 -0
- package/dist/core/IntersectionObserver.js.map +1 -0
- package/dist/core/Messenger.d.ts +14 -3
- package/dist/core/Messenger.d.ts.map +1 -1
- package/dist/core/Messenger.js +4 -4
- package/dist/core/Messenger.js.map +1 -1
- package/dist/core/Remote.d.ts +6 -3
- package/dist/core/Remote.d.ts.map +1 -1
- package/dist/core/Remote.js +3 -6
- package/dist/core/Remote.js.map +1 -1
- package/dist/core/adapters/local.d.ts.map +1 -1
- package/dist/core/adapters/local.js +2 -2
- package/dist/core/adapters/local.js.map +1 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -0
- package/dist/index.js.map +1 -1
- package/dist/react/Remote.d.ts +21 -0
- package/dist/react/Remote.d.ts.map +1 -0
- package/dist/react/Remote.js +51 -0
- package/dist/react/Remote.js.map +1 -0
- package/dist/react/index.d.ts +2 -0
- package/dist/react/index.d.ts.map +1 -0
- package/dist/react/index.js +2 -0
- package/dist/react/index.js.map +1 -0
- package/dist/server/CliAuth.d.ts +553 -0
- package/dist/server/CliAuth.d.ts.map +1 -0
- package/dist/server/CliAuth.js +446 -0
- package/dist/server/CliAuth.js.map +1 -0
- package/dist/server/Handler.d.ts +36 -2
- package/dist/server/Handler.d.ts.map +1 -1
- package/dist/server/Handler.js +84 -0
- package/dist/server/Handler.js.map +1 -1
- package/dist/server/index.d.ts +1 -0
- package/dist/server/index.d.ts.map +1 -1
- package/dist/server/index.js +1 -0
- package/dist/server/index.js.map +1 -1
- package/package.json +16 -54
- package/src/cli/Provider.test-d.ts +28 -0
- package/src/cli/Provider.test.ts +235 -0
- package/src/cli/Provider.ts +26 -0
- package/src/cli/adapter.ts +229 -0
- package/src/cli/index.ts +2 -0
- package/src/core/Dialog.ts +31 -1
- package/src/core/IntersectionObserver.ts +6 -0
- package/src/core/Messenger.ts +18 -8
- package/src/core/Provider.test.ts +12 -2
- package/src/core/Remote.ts +9 -10
- package/src/core/adapters/local.ts +7 -2
- package/src/index.ts +1 -0
- package/src/react/Remote.ts +94 -0
- package/src/react/index.ts +1 -0
- package/src/server/CliAuth.test-d.ts +56 -0
- package/src/server/CliAuth.test.ts +800 -0
- package/src/server/CliAuth.ts +634 -0
- package/src/server/Handler.ts +123 -1
- package/src/server/index.ts +1 -0
|
@@ -0,0 +1,446 @@
|
|
|
1
|
+
import { Address as core_Address, Base64, Hex, PublicKey } from 'ox';
|
|
2
|
+
import { KeyAuthorization as TempoKeyAuthorization, SignatureEnvelope } from 'ox/tempo';
|
|
3
|
+
import { createClient, http } from 'viem';
|
|
4
|
+
import { verifyHash } from 'viem/actions';
|
|
5
|
+
import { tempo } from 'viem/chains';
|
|
6
|
+
import * as z from 'zod/mini';
|
|
7
|
+
import * as u from '../core/zod/utils.js';
|
|
8
|
+
/** Supported access-key types for CLI bootstrap. */
|
|
9
|
+
export const keyType = z.union([z.literal('secp256k1'), z.literal('p256'), z.literal('webAuthn')]);
|
|
10
|
+
/** Signed key authorization returned by the device-code flow. */
|
|
11
|
+
export const keyAuthorization = z.object({
|
|
12
|
+
address: u.address(),
|
|
13
|
+
chainId: u.bigint(),
|
|
14
|
+
expiry: z.nullish(u.number()),
|
|
15
|
+
keyId: u.address(),
|
|
16
|
+
keyType,
|
|
17
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
18
|
+
signature: z.custom(),
|
|
19
|
+
});
|
|
20
|
+
/** Request body for `POST /auth/pkce/code`. */
|
|
21
|
+
export const createRequest = z.object({
|
|
22
|
+
account: z.optional(u.address()),
|
|
23
|
+
codeChallenge: z.string(),
|
|
24
|
+
expiry: z.optional(z.number()),
|
|
25
|
+
keyType: z.optional(keyType),
|
|
26
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
27
|
+
pubKey: u.hex(),
|
|
28
|
+
});
|
|
29
|
+
/** Response body for `POST /cli-auth/device-code`. */
|
|
30
|
+
export const createResponse = z.object({
|
|
31
|
+
code: z.string(),
|
|
32
|
+
});
|
|
33
|
+
/** Request body for `POST /auth/pkce/poll/:code`. */
|
|
34
|
+
export const pollRequest = z.object({
|
|
35
|
+
codeVerifier: z.string(),
|
|
36
|
+
});
|
|
37
|
+
/** Response body for `POST /auth/pkce/poll/:code`. */
|
|
38
|
+
export const pollResponse = u.oneOf([
|
|
39
|
+
z.object({
|
|
40
|
+
status: z.literal('pending'),
|
|
41
|
+
}),
|
|
42
|
+
z.object({
|
|
43
|
+
status: z.literal('authorized'),
|
|
44
|
+
accountAddress: u.address(),
|
|
45
|
+
keyAuthorization: keyAuthorization,
|
|
46
|
+
}),
|
|
47
|
+
z.object({
|
|
48
|
+
status: z.literal('expired'),
|
|
49
|
+
}),
|
|
50
|
+
]);
|
|
51
|
+
/** Response body for `GET /auth/pkce/pending/:code`. */
|
|
52
|
+
export const pendingResponse = z.object({
|
|
53
|
+
accessKeyAddress: u.address(),
|
|
54
|
+
account: z.optional(u.address()),
|
|
55
|
+
chainId: u.bigint(),
|
|
56
|
+
code: z.string(),
|
|
57
|
+
expiry: z.number(),
|
|
58
|
+
keyType,
|
|
59
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
60
|
+
pubKey: u.hex(),
|
|
61
|
+
status: z.literal('pending'),
|
|
62
|
+
});
|
|
63
|
+
/** Request body for `POST /auth/pkce`. */
|
|
64
|
+
export const authorizeRequest = z.object({
|
|
65
|
+
accountAddress: u.address(),
|
|
66
|
+
code: z.string(),
|
|
67
|
+
keyAuthorization: keyAuthorization,
|
|
68
|
+
});
|
|
69
|
+
/** Response body for `POST /cli-auth/authorize`. */
|
|
70
|
+
export const authorizeResponse = z.object({
|
|
71
|
+
status: z.literal('authorized'),
|
|
72
|
+
});
|
|
73
|
+
/** Stored device-code entry schema. */
|
|
74
|
+
export const entry = u.oneOf([
|
|
75
|
+
z.object({
|
|
76
|
+
account: z.optional(u.address()),
|
|
77
|
+
chainId: u.bigint(),
|
|
78
|
+
code: z.string(),
|
|
79
|
+
codeChallenge: z.string(),
|
|
80
|
+
createdAt: z.number(),
|
|
81
|
+
expiresAt: z.number(),
|
|
82
|
+
expiry: z.number(),
|
|
83
|
+
keyType,
|
|
84
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
85
|
+
pubKey: u.hex(),
|
|
86
|
+
status: z.literal('pending'),
|
|
87
|
+
}),
|
|
88
|
+
z.object({
|
|
89
|
+
account: z.optional(u.address()),
|
|
90
|
+
accountAddress: u.address(),
|
|
91
|
+
authorizedAt: z.number(),
|
|
92
|
+
chainId: u.bigint(),
|
|
93
|
+
code: z.string(),
|
|
94
|
+
codeChallenge: z.string(),
|
|
95
|
+
createdAt: z.number(),
|
|
96
|
+
expiresAt: z.number(),
|
|
97
|
+
expiry: z.number(),
|
|
98
|
+
keyAuthorization,
|
|
99
|
+
keyType,
|
|
100
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
101
|
+
pubKey: u.hex(),
|
|
102
|
+
status: z.literal('authorized'),
|
|
103
|
+
}),
|
|
104
|
+
z.object({
|
|
105
|
+
account: z.optional(u.address()),
|
|
106
|
+
accountAddress: u.address(),
|
|
107
|
+
authorizedAt: z.number(),
|
|
108
|
+
chainId: u.bigint(),
|
|
109
|
+
code: z.string(),
|
|
110
|
+
codeChallenge: z.string(),
|
|
111
|
+
consumedAt: z.number(),
|
|
112
|
+
createdAt: z.number(),
|
|
113
|
+
expiresAt: z.number(),
|
|
114
|
+
expiry: z.number(),
|
|
115
|
+
keyAuthorization,
|
|
116
|
+
keyType,
|
|
117
|
+
limits: z.optional(z.readonly(z.array(z.object({ token: u.address(), limit: u.bigint() })))),
|
|
118
|
+
pubKey: u.hex(),
|
|
119
|
+
status: z.literal('consumed'),
|
|
120
|
+
}),
|
|
121
|
+
]);
|
|
122
|
+
/** Error thrown when pending device-code lookup cannot return a pending request. */
|
|
123
|
+
export class PendingError extends Error {
|
|
124
|
+
status;
|
|
125
|
+
constructor(message, status) {
|
|
126
|
+
super(message);
|
|
127
|
+
this.name = 'PendingError';
|
|
128
|
+
this.status = status;
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
/** Built-in device-code store helpers. */
|
|
132
|
+
export const Store = {
|
|
133
|
+
/**
|
|
134
|
+
* Creates an in-memory device-code store.
|
|
135
|
+
*
|
|
136
|
+
* Useful for tests and single-process servers.
|
|
137
|
+
*/
|
|
138
|
+
memory() {
|
|
139
|
+
const entries = new Map();
|
|
140
|
+
return {
|
|
141
|
+
async authorize(options) {
|
|
142
|
+
const current = entries.get(options.code);
|
|
143
|
+
if (!current || current.status !== 'pending')
|
|
144
|
+
return undefined;
|
|
145
|
+
const next = {
|
|
146
|
+
...current,
|
|
147
|
+
accountAddress: options.accountAddress,
|
|
148
|
+
authorizedAt: Date.now(),
|
|
149
|
+
keyAuthorization: options.keyAuthorization,
|
|
150
|
+
status: 'authorized',
|
|
151
|
+
};
|
|
152
|
+
entries.set(options.code, next);
|
|
153
|
+
return next;
|
|
154
|
+
},
|
|
155
|
+
async consume(code) {
|
|
156
|
+
const current = entries.get(code);
|
|
157
|
+
if (!current || current.status !== 'authorized')
|
|
158
|
+
return undefined;
|
|
159
|
+
entries.set(code, {
|
|
160
|
+
...current,
|
|
161
|
+
consumedAt: Date.now(),
|
|
162
|
+
status: 'consumed',
|
|
163
|
+
});
|
|
164
|
+
return current;
|
|
165
|
+
},
|
|
166
|
+
async create(entry_) {
|
|
167
|
+
entries.set(entry_.code, entry_);
|
|
168
|
+
},
|
|
169
|
+
async delete(code) {
|
|
170
|
+
entries.delete(code);
|
|
171
|
+
},
|
|
172
|
+
async get(code) {
|
|
173
|
+
return entries.get(code);
|
|
174
|
+
},
|
|
175
|
+
};
|
|
176
|
+
},
|
|
177
|
+
/**
|
|
178
|
+
* Creates a key-value backed device-code store.
|
|
179
|
+
*
|
|
180
|
+
* Stored values are encoded through the shared entry schema so they remain
|
|
181
|
+
* JSON-safe across KV implementations.
|
|
182
|
+
*/
|
|
183
|
+
kv(kv, options = {}) {
|
|
184
|
+
const key = options.key ?? 'cli-auth';
|
|
185
|
+
function toKey(code) {
|
|
186
|
+
return `${key}:${code}`;
|
|
187
|
+
}
|
|
188
|
+
return {
|
|
189
|
+
async authorize(options) {
|
|
190
|
+
const current = await this.get(options.code);
|
|
191
|
+
if (!current || current.status !== 'pending')
|
|
192
|
+
return undefined;
|
|
193
|
+
const next = {
|
|
194
|
+
...current,
|
|
195
|
+
accountAddress: options.accountAddress,
|
|
196
|
+
authorizedAt: Date.now(),
|
|
197
|
+
keyAuthorization: options.keyAuthorization,
|
|
198
|
+
status: 'authorized',
|
|
199
|
+
};
|
|
200
|
+
await kv.set(toKey(options.code), z.encode(entry, next));
|
|
201
|
+
return next;
|
|
202
|
+
},
|
|
203
|
+
async consume(code) {
|
|
204
|
+
const current = await this.get(code);
|
|
205
|
+
if (!current || current.status !== 'authorized')
|
|
206
|
+
return undefined;
|
|
207
|
+
await kv.set(toKey(code), z.encode(entry, {
|
|
208
|
+
...current,
|
|
209
|
+
consumedAt: Date.now(),
|
|
210
|
+
status: 'consumed',
|
|
211
|
+
}));
|
|
212
|
+
return current;
|
|
213
|
+
},
|
|
214
|
+
async create(entry_) {
|
|
215
|
+
await kv.set(toKey(entry_.code), z.encode(entry, entry_));
|
|
216
|
+
},
|
|
217
|
+
async delete(code) {
|
|
218
|
+
await kv.delete(toKey(code));
|
|
219
|
+
},
|
|
220
|
+
async get(code) {
|
|
221
|
+
const value = await kv.get(toKey(code));
|
|
222
|
+
if (!value)
|
|
223
|
+
return undefined;
|
|
224
|
+
return z.decode(entry, value);
|
|
225
|
+
},
|
|
226
|
+
};
|
|
227
|
+
},
|
|
228
|
+
};
|
|
229
|
+
/** Built-in policy helpers. */
|
|
230
|
+
export const Policy = {
|
|
231
|
+
/** Creates an allow-all policy with a default 24-hour expiry when omitted. */
|
|
232
|
+
allow() {
|
|
233
|
+
return {
|
|
234
|
+
validate({ expiry, limits }) {
|
|
235
|
+
return {
|
|
236
|
+
expiry: expiry ?? Math.floor(Date.now() / 1000) + 60 * 60 * 24,
|
|
237
|
+
...(limits ? { limits } : {}),
|
|
238
|
+
};
|
|
239
|
+
},
|
|
240
|
+
};
|
|
241
|
+
},
|
|
242
|
+
/** Returns the provided policy unchanged. */
|
|
243
|
+
from(policy) {
|
|
244
|
+
return policy;
|
|
245
|
+
},
|
|
246
|
+
};
|
|
247
|
+
/** Creates and stores a new device code. */
|
|
248
|
+
export async function createDeviceCode(options) {
|
|
249
|
+
const { chainId = BigInt(tempo.id), now = Date.now, policy = Policy.allow(), random = randomBytes, request, store = Store.memory(), ttlMs = 10 * 60 * 1_000, } = options;
|
|
250
|
+
const { account, codeChallenge, pubKey } = request;
|
|
251
|
+
const keyType = request.keyType ?? 'secp256k1';
|
|
252
|
+
const approved = await policy.validate({
|
|
253
|
+
...(account ? { account } : {}),
|
|
254
|
+
expiry: request.expiry,
|
|
255
|
+
keyType,
|
|
256
|
+
...(request.limits ? { limits: request.limits } : {}),
|
|
257
|
+
pubKey,
|
|
258
|
+
});
|
|
259
|
+
let code;
|
|
260
|
+
for (let i = 0; i < 10; i++) {
|
|
261
|
+
const candidate = createCode(random);
|
|
262
|
+
if (await store.get(candidate))
|
|
263
|
+
continue;
|
|
264
|
+
code = candidate;
|
|
265
|
+
break;
|
|
266
|
+
}
|
|
267
|
+
if (!code)
|
|
268
|
+
throw new Error('Unable to allocate device code.');
|
|
269
|
+
const createdAt = now();
|
|
270
|
+
await store.create({
|
|
271
|
+
...(account ? { account } : {}),
|
|
272
|
+
chainId: typeof chainId === 'bigint' ? chainId : BigInt(chainId),
|
|
273
|
+
code,
|
|
274
|
+
codeChallenge,
|
|
275
|
+
createdAt,
|
|
276
|
+
expiresAt: createdAt + ttlMs,
|
|
277
|
+
expiry: approved.expiry,
|
|
278
|
+
keyType,
|
|
279
|
+
...(approved.limits ? { limits: approved.limits } : {}),
|
|
280
|
+
pubKey,
|
|
281
|
+
status: 'pending',
|
|
282
|
+
});
|
|
283
|
+
return { code };
|
|
284
|
+
}
|
|
285
|
+
/** Looks up a pending device code for browser approval UIs. */
|
|
286
|
+
export async function pending(options) {
|
|
287
|
+
const { code, now = Date.now, store = Store.memory() } = options;
|
|
288
|
+
const normalized = normalizeCode(code);
|
|
289
|
+
const current = await store.get(normalized);
|
|
290
|
+
if (!current)
|
|
291
|
+
throw new PendingError('Unknown device code.', 404);
|
|
292
|
+
if (isExpired(current, now)) {
|
|
293
|
+
await store.delete(normalized);
|
|
294
|
+
throw new PendingError('Expired device code.', 404);
|
|
295
|
+
}
|
|
296
|
+
if (current.status !== 'pending')
|
|
297
|
+
throw new PendingError('Device code already completed.', 400);
|
|
298
|
+
return {
|
|
299
|
+
accessKeyAddress: core_Address.fromPublicKey(PublicKey.from(current.pubKey)),
|
|
300
|
+
...(current.account ? { account: current.account } : {}),
|
|
301
|
+
chainId: current.chainId,
|
|
302
|
+
code: current.code,
|
|
303
|
+
expiry: current.expiry,
|
|
304
|
+
keyType: current.keyType,
|
|
305
|
+
...(current.limits ? { limits: current.limits } : {}),
|
|
306
|
+
pubKey: current.pubKey,
|
|
307
|
+
status: 'pending',
|
|
308
|
+
};
|
|
309
|
+
}
|
|
310
|
+
/** Polls a device code with PKCE verification. */
|
|
311
|
+
export async function poll(options) {
|
|
312
|
+
const { code, now = Date.now, request, store = Store.memory() } = options;
|
|
313
|
+
const normalized = normalizeCode(code);
|
|
314
|
+
const current = await store.get(normalized);
|
|
315
|
+
if (!current)
|
|
316
|
+
return { status: 'expired' };
|
|
317
|
+
if (isExpired(current, now)) {
|
|
318
|
+
await store.delete(normalized);
|
|
319
|
+
return { status: 'expired' };
|
|
320
|
+
}
|
|
321
|
+
if (!(await verifyCodeChallenge(request.codeVerifier, current.codeChallenge)))
|
|
322
|
+
throw new Error('Invalid code verifier.');
|
|
323
|
+
if (current.status === 'pending')
|
|
324
|
+
return { status: 'pending' };
|
|
325
|
+
if (current.status === 'consumed') {
|
|
326
|
+
await store.delete(normalized);
|
|
327
|
+
return { status: 'expired' };
|
|
328
|
+
}
|
|
329
|
+
const authorized = await store.consume(normalized);
|
|
330
|
+
if (!authorized)
|
|
331
|
+
return { status: 'expired' };
|
|
332
|
+
return {
|
|
333
|
+
accountAddress: authorized.accountAddress,
|
|
334
|
+
keyAuthorization: authorized.keyAuthorization,
|
|
335
|
+
status: 'authorized',
|
|
336
|
+
};
|
|
337
|
+
}
|
|
338
|
+
/** Authorizes a pending device code after validating the signed key authorization. */
|
|
339
|
+
export async function authorize(options) {
|
|
340
|
+
const { chainId, client = getClient({ chainId }), now = Date.now, request, store = Store.memory(), } = options;
|
|
341
|
+
const code = normalizeCode(request.code);
|
|
342
|
+
const current = await store.get(code);
|
|
343
|
+
if (!current)
|
|
344
|
+
throw new Error('Unknown device code.');
|
|
345
|
+
if (isExpired(current, now)) {
|
|
346
|
+
await store.delete(code);
|
|
347
|
+
throw new Error('Expired device code.');
|
|
348
|
+
}
|
|
349
|
+
if (current.status !== 'pending')
|
|
350
|
+
throw new Error('Device code already completed.');
|
|
351
|
+
if (current.account && current.account.toLowerCase() !== request.accountAddress.toLowerCase())
|
|
352
|
+
throw new Error('Account does not match requested account.');
|
|
353
|
+
const expected = expectedKeyAuthorization(current);
|
|
354
|
+
const actual = normalizeKeyAuthorization(request.keyAuthorization);
|
|
355
|
+
if (actual.keyId.toLowerCase() !== expected.address.toLowerCase())
|
|
356
|
+
throw new Error('Key authorization key does not match the device-code request.');
|
|
357
|
+
if (actual.address.toLowerCase() !== expected.address.toLowerCase())
|
|
358
|
+
throw new Error('Key authorization address does not match the device-code request.');
|
|
359
|
+
if (actual.keyType !== expected.type)
|
|
360
|
+
throw new Error('Key authorization key type does not match the device-code request.');
|
|
361
|
+
if (actual.chainId !== expected.chainId)
|
|
362
|
+
throw new Error('Key authorization chain does not match the device-code request.');
|
|
363
|
+
if ((actual.expiry ?? undefined) !== (expected.expiry ?? undefined))
|
|
364
|
+
throw new Error('Key authorization expiry does not match the device-code request.');
|
|
365
|
+
if (!sameLimits(actual.limits, expected.limits))
|
|
366
|
+
throw new Error('Key authorization limits do not match the device-code request.');
|
|
367
|
+
const valid = await verifyHash(client, {
|
|
368
|
+
address: request.accountAddress,
|
|
369
|
+
hash: TempoKeyAuthorization.getSignPayload(expected),
|
|
370
|
+
signature: SignatureEnvelope.serialize(SignatureEnvelope.fromRpc(actual.signature), {
|
|
371
|
+
magic: actual.signature.type === 'webAuthn',
|
|
372
|
+
}),
|
|
373
|
+
});
|
|
374
|
+
if (!valid)
|
|
375
|
+
throw new Error('Key authorization signature is invalid.');
|
|
376
|
+
const authorized = await store.authorize({
|
|
377
|
+
accountAddress: request.accountAddress,
|
|
378
|
+
code,
|
|
379
|
+
keyAuthorization: request.keyAuthorization,
|
|
380
|
+
});
|
|
381
|
+
if (!authorized)
|
|
382
|
+
throw new Error('Unable to authorize device code.');
|
|
383
|
+
return { status: 'authorized' };
|
|
384
|
+
}
|
|
385
|
+
const alphabet = 'ABCDEFGHJKLMNPQRSTUVWXYZ23456789';
|
|
386
|
+
function createCode(random) {
|
|
387
|
+
const bytes = random(8);
|
|
388
|
+
let code = '';
|
|
389
|
+
for (const byte of bytes)
|
|
390
|
+
code += alphabet[byte % alphabet.length];
|
|
391
|
+
return code;
|
|
392
|
+
}
|
|
393
|
+
function normalizeCode(code) {
|
|
394
|
+
return code.replaceAll('-', '').toUpperCase();
|
|
395
|
+
}
|
|
396
|
+
function expectedKeyAuthorization(entry) {
|
|
397
|
+
return TempoKeyAuthorization.from({
|
|
398
|
+
address: core_Address.fromPublicKey(PublicKey.from(entry.pubKey)),
|
|
399
|
+
chainId: entry.chainId,
|
|
400
|
+
expiry: entry.expiry,
|
|
401
|
+
...(entry.limits ? { limits: entry.limits } : {}),
|
|
402
|
+
type: entry.keyType,
|
|
403
|
+
});
|
|
404
|
+
}
|
|
405
|
+
function getClient(options = {}) {
|
|
406
|
+
const chainId = options.chainId;
|
|
407
|
+
return createClient({
|
|
408
|
+
chain: chainId
|
|
409
|
+
? {
|
|
410
|
+
...tempo,
|
|
411
|
+
id: typeof chainId === 'bigint' ? Number(chainId) : chainId,
|
|
412
|
+
}
|
|
413
|
+
: tempo,
|
|
414
|
+
transport: http(),
|
|
415
|
+
});
|
|
416
|
+
}
|
|
417
|
+
function isExpired(entry, now) {
|
|
418
|
+
return now() > entry.expiresAt;
|
|
419
|
+
}
|
|
420
|
+
function normalizeKeyAuthorization(value) {
|
|
421
|
+
return {
|
|
422
|
+
...value,
|
|
423
|
+
expiry: value.expiry ?? undefined,
|
|
424
|
+
limits: value.limits ?? undefined,
|
|
425
|
+
};
|
|
426
|
+
}
|
|
427
|
+
function randomBytes(size) {
|
|
428
|
+
return crypto.getRandomValues(new Uint8Array(size));
|
|
429
|
+
}
|
|
430
|
+
function sameLimits(a, b) {
|
|
431
|
+
if (!a && !b)
|
|
432
|
+
return true;
|
|
433
|
+
if (!a || !b || a.length !== b.length)
|
|
434
|
+
return false;
|
|
435
|
+
return a.every((limit, i) => {
|
|
436
|
+
const other = b[i];
|
|
437
|
+
if (!other)
|
|
438
|
+
return false;
|
|
439
|
+
return limit.token.toLowerCase() === other.token.toLowerCase() && limit.limit === other.limit;
|
|
440
|
+
});
|
|
441
|
+
}
|
|
442
|
+
async function verifyCodeChallenge(codeVerifier, codeChallenge) {
|
|
443
|
+
const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(codeVerifier));
|
|
444
|
+
return Base64.fromBytes(new Uint8Array(hash), { pad: false, url: true }) === codeChallenge;
|
|
445
|
+
}
|
|
446
|
+
//# sourceMappingURL=CliAuth.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"CliAuth.js","sourceRoot":"","sources":["../../src/server/CliAuth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,IAAI,CAAA;AACpE,OAAO,EAAE,gBAAgB,IAAI,qBAAqB,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAA;AACvF,OAAO,EAAE,YAAY,EAAE,IAAI,EAA2C,MAAM,MAAM,CAAA;AAElF,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AACzC,OAAO,EAAE,KAAK,EAAE,MAAM,aAAa,CAAA;AACnC,OAAO,KAAK,CAAC,MAAM,UAAU,CAAA;AAE7B,OAAO,KAAK,CAAC,MAAM,sBAAsB,CAAA;AAIzC,oDAAoD;AACpD,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;AAElG,iEAAiE;AACjE,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE;IACpB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC7B,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE;IAClB,OAAO;IACP,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5F,SAAS,EAAE,CAAC,CAAC,MAAM,EAA0C;CAC9D,CAAC,CAAA;AAEF,+CAA+C;AAC/C,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IACpC,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAChC,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC9B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC;IAC5B,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5F,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;CAChB,CAAC,CAAA;AAEF,sDAAsD;AACtD,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAA;AAEF,qDAAqD;AACrD,MAAM,CAAC,MAAM,WAAW,GAAG,CAAC,CAAC,MAAM,CAAC;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;CACzB,CAAC,CAAA;AAEF,sDAAsD;AACtD,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,CAAC,KAAK,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC;QACP,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;KAC7B,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACP,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;QAC/B,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;QAC3B,gBAAgB,EAAE,gBAAgB;KACnC,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACP,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;KAC7B,CAAC;CACH,CAAC,CAAA;AAEF,wDAAwD;AACxD,MAAM,CAAC,MAAM,eAAe,GAAG,CAAC,CAAC,MAAM,CAAC;IACtC,gBAAgB,EAAE,CAAC,CAAC,OAAO,EAAE;IAC7B,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;IAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;IACnB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,OAAO;IACP,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;IAC5F,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;IACf,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;CAC7B,CAAC,CAAA;AAEF,0CAA0C;AAC1C,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;IAC3B,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,gBAAgB,EAAE,gBAAgB;CACnC,CAAC,CAAA;AAEF,oDAAoD;AACpD,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC,MAAM,CAAC;IACxC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;CAChC,CAAC,CAAA;AAEF,uCAAuC;AACvC,MAAM,CAAC,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC,CAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAChC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,OAAO;QACP,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;QACf,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,SAAS,CAAC;KAC7B,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAChC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;QAC3B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,gBAAgB;QAChB,OAAO;QACP,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;QACf,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC;KAChC,CAAC;IACF,CAAC,CAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAChC,cAAc,EAAE,CAAC,CAAC,OAAO,EAAE;QAC3B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE;QACxB,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;QACzB,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE;QACtB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;QACrB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;QAClB,gBAAgB;QAChB,OAAO;QACP,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC,OAAO,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAC5F,MAAM,EAAE,CAAC,CAAC,GAAG,EAAE;QACf,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;KAC9B,CAAC;CACH,CAAC,CAAA;AAgDF,oFAAoF;AACpF,MAAM,OAAO,YAAa,SAAQ,KAAK;IACrC,MAAM,CAAW;IAEjB,YAAY,OAAe,EAAE,MAAiB;QAC5C,KAAK,CAAC,OAAO,CAAC,CAAA;QACd,IAAI,CAAC,IAAI,GAAG,cAAc,CAAA;QAC1B,IAAI,CAAC,MAAM,GAAG,MAAM,CAAA;IACtB,CAAC;CACF;AAgCD,0CAA0C;AAC1C,MAAM,CAAC,MAAM,KAAK,GAAG;IACnB;;;;OAIG;IACH,MAAM;QACJ,MAAM,OAAO,GAAG,IAAI,GAAG,EAAiB,CAAA;QAExC,OAAO;YACL,KAAK,CAAC,SAAS,CAAC,OAAO;gBACrB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;gBACzC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;oBAAE,OAAO,SAAS,CAAA;gBAC9D,MAAM,IAAI,GAAG;oBACX,GAAG,OAAO;oBACV,cAAc,EAAE,OAAO,CAAC,cAAc;oBACtC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;oBACxB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;oBAC1C,MAAM,EAAE,YAAY;iBACM,CAAA;gBAC5B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;gBAC/B,OAAO,IAAI,CAAA;YACb,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,IAAI;gBAChB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACjC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY;oBAAE,OAAO,SAAS,CAAA;gBACjE,OAAO,CAAC,GAAG,CAAC,IAAI,EAAE;oBAChB,GAAG,OAAO;oBACV,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;oBACtB,MAAM,EAAE,UAAU;iBACM,CAAC,CAAA;gBAC3B,OAAO,OAAO,CAAA;YAChB,CAAC;YACD,KAAK,CAAC,MAAM,CAAC,MAAM;gBACjB,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;YAClC,CAAC;YACD,KAAK,CAAC,MAAM,CAAC,IAAI;gBACf,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;YACtB,CAAC;YACD,KAAK,CAAC,GAAG,CAAC,IAAI;gBACZ,OAAO,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;YAC1B,CAAC;SACF,CAAA;IACH,CAAC;IACD;;;;;OAKG;IACH,EAAE,CAAC,EAAM,EAAE,UAA4B,EAAE;QACvC,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,IAAI,UAAU,CAAA;QAErC,SAAS,KAAK,CAAC,IAAY;YACzB,OAAO,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;QACzB,CAAC;QAED,OAAO;YACL,KAAK,CAAC,SAAS,CAAC,OAAO;gBACrB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;gBAC5C,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;oBAAE,OAAO,SAAS,CAAA;gBAC9D,MAAM,IAAI,GAAG;oBACX,GAAG,OAAO;oBACV,cAAc,EAAE,OAAO,CAAC,cAAc;oBACtC,YAAY,EAAE,IAAI,CAAC,GAAG,EAAE;oBACxB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;oBAC1C,MAAM,EAAE,YAAY;iBACM,CAAA;gBAC5B,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;gBACxD,OAAO,IAAI,CAAA;YACb,CAAC;YACD,KAAK,CAAC,OAAO,CAAC,IAAI;gBAChB,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;gBACpC,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,YAAY;oBAAE,OAAO,SAAS,CAAA;gBACjE,MAAM,EAAE,CAAC,GAAG,CACV,KAAK,CAAC,IAAI,CAAC,EACX,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE;oBACd,GAAG,OAAO;oBACV,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE;oBACtB,MAAM,EAAE,UAAU;iBACM,CAAC,CAC5B,CAAA;gBACD,OAAO,OAAO,CAAA;YAChB,CAAC;YACD,KAAK,CAAC,MAAM,CAAC,MAAM;gBACjB,MAAM,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAA;YAC3D,CAAC;YACD,KAAK,CAAC,MAAM,CAAC,IAAI;gBACf,MAAM,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;YAC9B,CAAC;YACD,KAAK,CAAC,GAAG,CAAC,IAAI;gBACZ,MAAM,KAAK,GAAG,MAAM,EAAE,CAAC,GAAG,CAAwB,KAAK,CAAC,IAAI,CAAC,CAAC,CAAA;gBAC9D,IAAI,CAAC,KAAK;oBAAE,OAAO,SAAS,CAAA;gBAC5B,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;YAC/B,CAAC;SACF,CAAA;IACH,CAAC;CACF,CAAA;AAED,+BAA+B;AAC/B,MAAM,CAAC,MAAM,MAAM,GAAG;IACpB,8EAA8E;IAC9E,KAAK;QACH,OAAO;YACL,QAAQ,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE;gBACzB,OAAO;oBACL,MAAM,EAAE,MAAM,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;oBAC9D,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBAC9B,CAAA;YACH,CAAC;SACF,CAAA;IACH,CAAC;IACD,6CAA6C;IAC7C,IAAI,CAAC,MAAc;QACjB,OAAO,MAAM,CAAA;IACf,CAAC;CACF,CAAA;AAED,4CAA4C;AAC5C,MAAM,CAAC,KAAK,UAAU,gBAAgB,CACpC,OAAiC;IAEjC,MAAM,EACJ,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,EAC1B,GAAG,GAAG,IAAI,CAAC,GAAG,EACd,MAAM,GAAG,MAAM,CAAC,KAAK,EAAE,EACvB,MAAM,GAAG,WAAW,EACpB,OAAO,EACP,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,EACtB,KAAK,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,GACxB,GAAG,OAAO,CAAA;IACX,MAAM,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,OAAO,CAAA;IAClD,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,WAAW,CAAA;IAC9C,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,QAAQ,CAAC;QACrC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO;QACP,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM;KACP,CAAC,CAAA;IAEF,IAAI,IAAwB,CAAA;IAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,SAAS,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;QACpC,IAAI,MAAM,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC;YAAE,SAAQ;QACxC,IAAI,GAAG,SAAS,CAAA;QAChB,MAAK;IACP,CAAC;IACD,IAAI,CAAC,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;IAE7D,MAAM,SAAS,GAAG,GAAG,EAAE,CAAA;IAEvB,MAAM,KAAK,CAAC,MAAM,CAAC;QACjB,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;QAChE,IAAI;QACJ,aAAa;QACb,SAAS;QACT,SAAS,EAAE,SAAS,GAAG,KAAK;QAC5B,MAAM,EAAE,QAAQ,CAAC,MAAM;QACvB,OAAO;QACP,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvD,MAAM;QACN,MAAM,EAAE,SAAS;KAClB,CAAC,CAAA;IAEF,OAAO,EAAE,IAAI,EAAE,CAAA;AACjB,CAAC;AAuBD,+DAA+D;AAC/D,MAAM,CAAC,KAAK,UAAU,OAAO,CAAC,OAAwB;IACpD,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,EAAE,GAAG,OAAO,CAAA;IAChE,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAA;IACtC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC3C,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,YAAY,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAA;IACjE,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAC9B,MAAM,IAAI,YAAY,CAAC,sBAAsB,EAAE,GAAG,CAAC,CAAA;IACrD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,MAAM,IAAI,YAAY,CAAC,gCAAgC,EAAE,GAAG,CAAC,CAAA;IAE/F,OAAO;QACL,gBAAgB,EAAE,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5E,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACxD,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,MAAM,EAAE,OAAO,CAAC,MAAM;QACtB,MAAM,EAAE,SAAS;KAClB,CAAA;AACH,CAAC;AAeD,kDAAkD;AAClD,MAAM,CAAC,KAAK,UAAU,IAAI,CAAC,OAAqB;IAC9C,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,OAAO,EAAE,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,EAAE,GAAG,OAAO,CAAA;IACzE,MAAM,UAAU,GAAG,aAAa,CAAC,IAAI,CAAC,CAAA;IACtC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAA;IAC3C,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IAC1C,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAC9B,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IAC9B,CAAC;IACD,IAAI,CAAC,CAAC,MAAM,mBAAmB,CAAC,OAAO,CAAC,YAAY,EAAE,OAAO,CAAC,aAAa,CAAC,CAAC;QAC3E,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAA;IAC3C,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IAC9D,IAAI,OAAO,CAAC,MAAM,KAAK,UAAU,EAAE,CAAC;QAClC,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;QAC9B,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IAC9B,CAAC;IACD,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAA;IAClD,IAAI,CAAC,UAAU;QAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAA;IAC7C,OAAO;QACL,cAAc,EAAE,UAAU,CAAC,cAAc;QACzC,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;QAC7C,MAAM,EAAE,YAAY;KACrB,CAAA;AACH,CAAC;AAiBD,sFAAsF;AACtF,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,OAA0B;IACxD,MAAM,EACJ,OAAO,EACP,MAAM,GAAG,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,EAC/B,GAAG,GAAG,IAAI,CAAC,GAAG,EACd,OAAO,EACP,KAAK,GAAG,KAAK,CAAC,MAAM,EAAE,GACvB,GAAG,OAAO,CAAA;IACX,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAA;IACxC,MAAM,OAAO,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;IACrC,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;IACrD,IAAI,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;QACxB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAA;IACzC,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAA;IACnF,IAAI,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,OAAO,CAAC,cAAc,CAAC,WAAW,EAAE;QAC3F,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAA;IAE9D,MAAM,QAAQ,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;IAClD,MAAM,MAAM,GAAG,yBAAyB,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IAElE,IAAI,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE;QAC/D,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAA;IAClF,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,QAAQ,CAAC,OAAO,CAAC,WAAW,EAAE;QACjE,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAA;IACtF,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,IAAI;QAClC,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAA;IACvF,IAAI,MAAM,CAAC,OAAO,KAAK,QAAQ,CAAC,OAAO;QACrC,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,CAAA;IACpF,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,IAAI,SAAS,CAAC;QACjE,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAA;IACrF,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;QAC7C,MAAM,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAA;IAEnF,MAAM,KAAK,GAAG,MAAM,UAAU,CAAC,MAAe,EAAE;QAC9C,OAAO,EAAE,OAAO,CAAC,cAAc;QAC/B,IAAI,EAAE,qBAAqB,CAAC,cAAc,CAAC,QAAQ,CAAC;QACpD,SAAS,EAAE,iBAAiB,CAAC,SAAS,CAAC,iBAAiB,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE;YAClF,KAAK,EAAE,MAAM,CAAC,SAAS,CAAC,IAAI,KAAK,UAAU;SAC5C,CAAC;KACH,CAAC,CAAA;IACF,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;IAEtE,MAAM,UAAU,GAAG,MAAM,KAAK,CAAC,SAAS,CAAC;QACvC,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,IAAI;QACJ,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;KAC3C,CAAC,CAAA;IACF,IAAI,CAAC,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAEpE,OAAO,EAAE,MAAM,EAAE,YAAY,EAAE,CAAA;AACjC,CAAC;AAmBD,MAAM,QAAQ,GAAG,kCAAkC,CAAA;AAEnD,SAAS,UAAU,CAAC,MAAoC;IACtD,MAAM,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAA;IACvB,IAAI,IAAI,GAAG,EAAE,CAAA;IACb,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,IAAI,IAAI,QAAQ,CAAC,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAA;IAClE,OAAO,IAAI,CAAA;AACb,CAAC;AAED,SAAS,aAAa,CAAC,IAAY;IACjC,OAAO,IAAI,CAAC,UAAU,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAA;AAC/C,CAAC;AAED,SAAS,wBAAwB,CAAC,KAAoB;IACpD,OAAO,qBAAqB,CAAC,IAAI,CAAC;QAChC,OAAO,EAAE,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjE,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,MAAM,EAAE,KAAK,CAAC,MAAM;QACpB,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACjD,IAAI,EAAE,KAAK,CAAC,OAAO;KACpB,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,UAAqD,EAAE;IACxE,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;IAC/B,OAAO,YAAY,CAAC;QAClB,KAAK,EAAE,OAAO;YACZ,CAAC,CAAC;gBACE,GAAG,KAAK;gBACR,EAAE,EAAE,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,OAAO;aAC5D;YACH,CAAC,CAAC,KAAK;QACT,SAAS,EAAE,IAAI,EAAE;KAClB,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,KAAY,EAAE,GAAiB;IAChD,OAAO,GAAG,EAAE,GAAG,KAAK,CAAC,SAAS,CAAA;AAChC,CAAC;AAED,SAAS,yBAAyB,CAAC,KAAwC;IACzE,OAAO;QACL,GAAG,KAAK;QACR,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,SAAS;QACjC,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,SAAS;KAClC,CAAA;AACH,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAA;AACrD,CAAC;AAED,SAAS,UAAU,CACjB,CAA2D,EAC3D,CAA2D;IAE3D,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IACzB,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACnD,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1B,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAA;QAClB,IAAI,CAAC,KAAK;YAAE,OAAO,KAAK,CAAA;QACxB,OAAO,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,IAAI,KAAK,CAAC,KAAK,KAAK,KAAK,CAAC,KAAK,CAAA;IAC/F,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,YAAoB,EAAE,aAAqB;IAC5E,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,CAAA;IAC1F,OAAO,MAAM,CAAC,SAAS,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,KAAK,aAAa,CAAA;AAC5F,CAAC"}
|
package/dist/server/Handler.d.ts
CHANGED
|
@@ -1,13 +1,14 @@
|
|
|
1
1
|
import { type Router, type RouterOptions } from '@remix-run/fetch-router';
|
|
2
2
|
import { RpcRequest } from 'ox';
|
|
3
|
-
import { type Chain, type Transport } from 'viem';
|
|
3
|
+
import { type Chain, type Client, type Transport } from 'viem';
|
|
4
4
|
import type { LocalAccount } from 'viem/accounts';
|
|
5
|
+
import * as CliAuth from './CliAuth.js';
|
|
5
6
|
import type { Kv } from './Kv.js';
|
|
6
7
|
export type Handler = Omit<Router, 'fetch'> & {
|
|
7
8
|
fetch: (input: string | URL | Request, ...args: any[]) => Promise<Response>;
|
|
8
9
|
listener: (req: any, res: any) => void;
|
|
9
10
|
};
|
|
10
|
-
export declare function compose(handlers: Handler
|
|
11
|
+
export declare function compose(handlers: Array<Handler>, options?: compose.Options): Handler;
|
|
11
12
|
export declare namespace compose {
|
|
12
13
|
type Options = from.Options & {
|
|
13
14
|
/** The path to use for the handler. */
|
|
@@ -200,6 +201,39 @@ export declare namespace feePayer {
|
|
|
200
201
|
transports?: Record<number, Transport> | undefined;
|
|
201
202
|
};
|
|
202
203
|
}
|
|
204
|
+
/**
|
|
205
|
+
* Instantiates a generic device-code handler for access-key bootstrap.
|
|
206
|
+
*
|
|
207
|
+
* Exposes 4 endpoints:
|
|
208
|
+
* - `GET /auth/pkce/pending/:code`
|
|
209
|
+
* - `POST /auth/pkce/code`
|
|
210
|
+
* - `POST /auth/pkce/poll/:code`
|
|
211
|
+
* - `POST /auth/pkce`
|
|
212
|
+
*
|
|
213
|
+
* @param options - Options.
|
|
214
|
+
* @returns Request handler.
|
|
215
|
+
*/
|
|
216
|
+
export declare function codeAuth(options?: codeAuth.Options): Handler;
|
|
217
|
+
export declare namespace codeAuth {
|
|
218
|
+
type Options = from.Options & {
|
|
219
|
+
/** Chain ID embedded into authorized access keys. Defaults to the client chain or tempo.id. */
|
|
220
|
+
chainId?: bigint | number | undefined;
|
|
221
|
+
/** Client used to verify signed key authorizations. */
|
|
222
|
+
client?: Client<Transport, Chain | undefined> | undefined;
|
|
223
|
+
/** Time source used for TTL evaluation. */
|
|
224
|
+
now?: (() => number) | undefined;
|
|
225
|
+
/** Path prefix for the code auth endpoints. @default "/auth/pkce" */
|
|
226
|
+
path?: string | undefined;
|
|
227
|
+
/** Policy used to validate and default requested CLI auth fields. */
|
|
228
|
+
policy?: CliAuth.Policy | undefined;
|
|
229
|
+
/** Random byte generator used for device-code allocation. */
|
|
230
|
+
random?: ((size: number) => Uint8Array) | undefined;
|
|
231
|
+
/** Device-code store. */
|
|
232
|
+
store?: CliAuth.Store | undefined;
|
|
233
|
+
/** Pending entry TTL in milliseconds. @default 600000 */
|
|
234
|
+
ttlMs?: number | undefined;
|
|
235
|
+
};
|
|
236
|
+
}
|
|
203
237
|
/**
|
|
204
238
|
* Instantiates a WebAuthn ceremony handler that manages registration and
|
|
205
239
|
* authentication flows server-side.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Handler.d.ts","sourceRoot":"","sources":["../../src/server/Handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,MAAM,EACX,KAAK,aAAa,EACnB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAsB,UAAU,EAAe,MAAM,IAAI,CAAA;AAEhE,OAAO,EAAE,KAAK,KAAK,
|
|
1
|
+
{"version":3,"file":"Handler.d.ts","sourceRoot":"","sources":["../../src/server/Handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,MAAM,EACX,KAAK,aAAa,EACnB,MAAM,yBAAyB,CAAA;AAChC,OAAO,EAAsB,UAAU,EAAe,MAAM,IAAI,CAAA;AAEhE,OAAO,EAAE,KAAK,KAAK,EAAE,KAAK,MAAM,EAAsB,KAAK,SAAS,EAAE,MAAM,MAAM,CAAA;AAClF,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAWjD,OAAO,KAAK,OAAO,MAAM,cAAc,CAAA;AAEvC,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,SAAS,CAAA;AAEjC,MAAM,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG;IAC5C,KAAK,EAAE,CAAC,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,OAAO,EAAE,GAAG,IAAI,EAAE,GAAG,EAAE,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAA;IAC3E,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,IAAI,CAAA;CACvC,CAAA;AAED,wBAAgB,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,OAAO,CAAC,EAAE,OAAO,GAAE,OAAO,CAAC,OAAY,GAAG,OAAO,CAkBxF;AAED,MAAM,CAAC,OAAO,WAAW,OAAO,CAAC;IAC/B,KAAY,OAAO,GAAG,IAAI,CAAC,OAAO,GAAG;QACnC,uCAAuC;QACvC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC1B,CAAA;CACF;AAED;;;;;GAKG;AACH,wBAAgB,IAAI,CAAC,OAAO,GAAE,IAAI,CAAC,OAAY,GAAG,OAAO,CAiBxD;AAED,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC;IAC5B,KAAY,OAAO,GAAG,aAAa,GAAG;QACpC;;;;;WAKG;QACH,IAAI,CAAC,EAAE,OAAO,GAAG,IAAI,GAAG,SAAS,CAAA;QACjC,sCAAsC;QACtC,OAAO,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;KACvD,CAAA;IAED,KAAY,IAAI,GAAG;QACjB,0CAA0C;QAC1C,MAAM,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAA;QACtC,wEAAwE;QACxE,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,qDAAqD;QACrD,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,oCAAoC;QACpC,WAAW,CAAC,EAAE,OAAO,GAAG,SAAS,CAAA;QACjC,wCAAwC;QACxC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAClC,8CAA8C;QAC9C,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC5B,CAAA;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoIG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,WA8FjD;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAY,OAAO,GAAG,IAAI,CAAC,OAAO,GAAG;QACnC,uCAAuC;QACvC,OAAO,EAAE,YAAY,CAAA;QACrB;;;;WAIG;QACH,MAAM,CAAC,EAAE,SAAS,CAAC,KAAK,EAAE,GAAG,KAAK,EAAE,CAAC,GAAG,SAAS,CAAA;QACjD,oDAAoD;QACpD,SAAS,CAAC,EAAE,CAAC,OAAO,EAAE,UAAU,CAAC,UAAU,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;QAC7D,mCAAmC;QACnC,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,yEAAyE;QACzE,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,SAAS,CAAC,GAAG,SAAS,CAAA;KACnD,CAAA;CACF;AAED;;;;;;;;;;;GAWG;AACH,wBAAgB,QAAQ,CAAC,OAAO,GAAE,QAAQ,CAAC,OAAY,GAAG,OAAO,CAqFhE;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAY,OAAO,GAAG,IAAI,CAAC,OAAO,GAAG;QACnC,+FAA+F;QAC/F,OAAO,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAAA;QACrC,uDAAuD;QACvD,MAAM,CAAC,EAAE,MAAM,CAAC,SAAS,EAAE,KAAK,GAAG,SAAS,CAAC,GAAG,SAAS,CAAA;QACzD,2CAA2C;QAC3C,GAAG,CAAC,EAAE,CAAC,MAAM,MAAM,CAAC,GAAG,SAAS,CAAA;QAChC,qEAAqE;QACrE,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,qEAAqE;QACrE,MAAM,CAAC,EAAE,OAAO,CAAC,MAAM,GAAG,SAAS,CAAA;QACnC,6DAA6D;QAC7D,MAAM,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,KAAK,UAAU,CAAC,GAAG,SAAS,CAAA;QACnD,yBAAyB;QACzB,KAAK,CAAC,EAAE,OAAO,CAAC,KAAK,GAAG,SAAS,CAAA;QACjC,yDAAyD;QACzD,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC3B,CAAA;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;GAyBG;AACH,wBAAgB,QAAQ,CAAC,OAAO,EAAE,QAAQ,CAAC,OAAO,GAAG,OAAO,CAqI3D;AAED,MAAM,CAAC,OAAO,WAAW,QAAQ,CAAC;IAChC,KAAK,OAAO,GAAG,IAAI,CAAC,OAAO,GAAG;QAC5B,4EAA4E;QAC5E,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACjC,sDAAsD;QACtD,EAAE,EAAE,EAAE,CAAA;QACN,8GAA8G;QAC9G,UAAU,CAAC,EAAE,CAAC,UAAU,EAAE;YACxB,YAAY,EAAE,MAAM,CAAA;YACpB,SAAS,EAAE,MAAM,CAAA;YACjB,OAAO,EAAE,OAAO,CAAA;SACjB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,gHAAgH;QAChH,cAAc,CAAC,EAAE,CAAC,UAAU,EAAE;YAC5B,YAAY,EAAE,MAAM,CAAA;YACpB,SAAS,EAAE,MAAM,CAAA;YACjB,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;YAC3B,OAAO,EAAE,OAAO,CAAA;SACjB,KAAK,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAA;QACzD,iGAAiG;QACjG,MAAM,EAAE,MAAM,GAAG,SAAS,MAAM,EAAE,CAAA;QAClC,+EAA+E;QAC/E,IAAI,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QACzB,+CAA+C;QAC/C,IAAI,EAAE,MAAM,CAAA;KACb,CAAA;CACF"}
|
package/dist/server/Handler.js
CHANGED
|
@@ -6,6 +6,8 @@ import { signTransaction } from 'viem/actions';
|
|
|
6
6
|
import { tempo, tempoModerato } from 'viem/chains';
|
|
7
7
|
import { Transaction } from 'viem/tempo';
|
|
8
8
|
import { Authentication, Registration, } from 'webauthx/server';
|
|
9
|
+
import * as z from 'zod/mini';
|
|
10
|
+
import * as CliAuth from './CliAuth.js';
|
|
9
11
|
import * as RequestListener from './internal/requestListener.js';
|
|
10
12
|
export function compose(handlers, options = {}) {
|
|
11
13
|
const path = options.path ?? '/';
|
|
@@ -245,6 +247,88 @@ export function feePayer(options) {
|
|
|
245
247
|
});
|
|
246
248
|
return router;
|
|
247
249
|
}
|
|
250
|
+
/**
|
|
251
|
+
* Instantiates a generic device-code handler for access-key bootstrap.
|
|
252
|
+
*
|
|
253
|
+
* Exposes 4 endpoints:
|
|
254
|
+
* - `GET /auth/pkce/pending/:code`
|
|
255
|
+
* - `POST /auth/pkce/code`
|
|
256
|
+
* - `POST /auth/pkce/poll/:code`
|
|
257
|
+
* - `POST /auth/pkce`
|
|
258
|
+
*
|
|
259
|
+
* @param options - Options.
|
|
260
|
+
* @returns Request handler.
|
|
261
|
+
*/
|
|
262
|
+
export function codeAuth(options = {}) {
|
|
263
|
+
const { chainId, client, now, path = '/auth/pkce', policy, random, store = CliAuth.Store.memory(), ttlMs, ...rest } = options;
|
|
264
|
+
const router = from(rest);
|
|
265
|
+
router.get(`${path}/pending/:code`, async ({ params }) => {
|
|
266
|
+
try {
|
|
267
|
+
const { code } = params;
|
|
268
|
+
const result = await CliAuth.pending({
|
|
269
|
+
code,
|
|
270
|
+
...(now ? { now } : {}),
|
|
271
|
+
store,
|
|
272
|
+
});
|
|
273
|
+
return Response.json(z.encode(CliAuth.pendingResponse, result));
|
|
274
|
+
}
|
|
275
|
+
catch (error) {
|
|
276
|
+
const status = error instanceof CliAuth.PendingError ? error.status : 400;
|
|
277
|
+
return Response.json({ error: error.message }, { status });
|
|
278
|
+
}
|
|
279
|
+
});
|
|
280
|
+
router.post(`${path}/code`, async ({ request: req }) => {
|
|
281
|
+
try {
|
|
282
|
+
const request = z.decode(CliAuth.createRequest, await req.json());
|
|
283
|
+
const result = await CliAuth.createDeviceCode({
|
|
284
|
+
...(typeof chainId !== 'undefined' ? { chainId } : {}),
|
|
285
|
+
...(now ? { now } : {}),
|
|
286
|
+
...(policy ? { policy } : {}),
|
|
287
|
+
...(random ? { random } : {}),
|
|
288
|
+
request,
|
|
289
|
+
store,
|
|
290
|
+
...(typeof ttlMs !== 'undefined' ? { ttlMs } : {}),
|
|
291
|
+
});
|
|
292
|
+
return Response.json(z.encode(CliAuth.createResponse, result));
|
|
293
|
+
}
|
|
294
|
+
catch (error) {
|
|
295
|
+
return Response.json({ error: error.message }, { status: 400 });
|
|
296
|
+
}
|
|
297
|
+
});
|
|
298
|
+
router.post(`${path}/poll/:code`, async ({ params, request: req }) => {
|
|
299
|
+
try {
|
|
300
|
+
const request = z.decode(CliAuth.pollRequest, await req.json());
|
|
301
|
+
const { code } = params;
|
|
302
|
+
const result = await CliAuth.poll({
|
|
303
|
+
code,
|
|
304
|
+
...(now ? { now } : {}),
|
|
305
|
+
request,
|
|
306
|
+
store,
|
|
307
|
+
});
|
|
308
|
+
return Response.json(z.encode(CliAuth.pollResponse, result));
|
|
309
|
+
}
|
|
310
|
+
catch (error) {
|
|
311
|
+
return Response.json({ error: error.message }, { status: 400 });
|
|
312
|
+
}
|
|
313
|
+
});
|
|
314
|
+
router.post(path, async ({ request: req }) => {
|
|
315
|
+
try {
|
|
316
|
+
const request = z.decode(CliAuth.authorizeRequest, await req.json());
|
|
317
|
+
const result = await CliAuth.authorize({
|
|
318
|
+
...(typeof chainId !== 'undefined' ? { chainId } : {}),
|
|
319
|
+
...(client ? { client } : {}),
|
|
320
|
+
...(now ? { now } : {}),
|
|
321
|
+
request,
|
|
322
|
+
store,
|
|
323
|
+
});
|
|
324
|
+
return Response.json(z.encode(CliAuth.authorizeResponse, result));
|
|
325
|
+
}
|
|
326
|
+
catch (error) {
|
|
327
|
+
return Response.json({ error: error.message }, { status: 400 });
|
|
328
|
+
}
|
|
329
|
+
});
|
|
330
|
+
return router;
|
|
331
|
+
}
|
|
248
332
|
/**
|
|
249
333
|
* Instantiates a WebAuthn ceremony handler that manages registration and
|
|
250
334
|
* authentication flows server-side.
|