prividium 0.1.9 → 0.2.0

package/dist/cli/commands/proxy.js

@@ -45,6 +45,9 @@ async function startServer(opts) {
         },
         onCall(methodName) {
             workflow.onMessage(methodName);
+        },
+        onReAuthNeeded() {
+            workflow.onMessage(`Please login again: ${serverUrl}`);
         }
     });
     checkHostAndPortWarnings(opts.host, opts.port, opts.allowExternalAccess);
@@ -52,7 +55,8 @@ async function startServer(opts) {
         port: opts.port,
         host: opts.host
     });
-    await workflow.waitForAuthentication(`http://${opts.host}:${opts.port}`);
+    const serverUrl = `http://${opts.host}:${opts.port}`;
+    await workflow.waitForAuthentication(serverUrl);
 }
 export const addProxy = (cli) => {
     return cli.command('proxy', 'Starts authenticated rpc proxy server', (yargs) => yargs
@@ -82,7 +86,7 @@ export const addProxy = (cli) => {
         .option('host', {
         alias: 'h',
         description: 'Host used for local server. By default traffic from outside localhost is disabled.',
-        default: 'localhost',
+        default: '127.0.0.1',
         type: 'string'
     })
         .option('unsecureAllowOutsideAccess', {

package/dist/cli/server/server.js

@@ -14,12 +14,17 @@ function randomStateString() {
 }
 const rpcCallSchema = z.object({ method: z.string() });
 const rpcReqSchema = z.union([rpcCallSchema, rpcCallSchema.array()]);
+export const sessionSchema = z.object({
+    type: z.string(),
+    expiresAt: z.coerce.date()
+});
 export function buildServer(config) {
     const app = fastifyApp();
     const validHosts = config.host === 'localhost' || config.host === '127.0.0.1' ? ['localhost', '127.0.0.1'] : [config.host];
     app.setValidatorCompiler(validatorCompiler);
     const state = randomStateString();
     let accessToken = '';
+    let expiresAt = new Date();
     app.register(fastifyStatic, { root: path.join(import.meta.dirname, '..', 'static') });
     app.get('/health', async (_req, reply) => {
         return reply.send('ok');
@@ -51,6 +56,16 @@ export function buildServer(config) {
         if (req.body.state !== state) {
             throw new Error('invalid state received');
         }
+        const { expiresAt: expirationMoment } = await fetch(config.prividiumRpcUrl.replace('rpc', 'api/auth/current-session'), {
+            method: 'GET',
+            headers: { authorization: `Bearer ${req.body.token}` }
+        }).then((res) => {
+            if (!res.ok || res.status !== 200) {
+                throw new Error('Error interacting with api');
+            }
+            return res.json().then((json) => sessionSchema.parse(json));
+        });
+        expiresAt = expirationMoment;
         accessToken = req.body.token;
         await config.onSubmit();
         return reply.send('ok');
@@ -63,6 +78,11 @@ export function buildServer(config) {
         routes: ['/'],
         preValidation: (request, _reply, done) => {
             const method = rpcReqSchema.safeParse(request.body);
+            if (new Date() > expiresAt) {
+                config.onReAuthNeeded();
+                done(new Error('err'));
+                return;
+            }
             if (!method.success) {
                 config.onCall('unknown');
             }

package/dist/sdk/errors.d.ts

@@ -0,0 +1,3 @@
+export declare class PrividiumSessionError extends Error {
+    constructor();
+}

package/dist/sdk/errors.js

@@ -0,0 +1,5 @@
+export class PrividiumSessionError extends Error {
+    constructor() {
+        super('No session started or previous session expired. Please call authorize() first.');
+    }
+}

package/dist/sdk/popup-auth.d.ts

@@ -12,7 +12,6 @@ export interface PopupAuthConfig {
     clientId: string;
     redirectUri: string;
     tokenManager: TokenManager;
-    onAuthExpiry?: () => void;
 }
 export declare class PopupAuth {
     private config;

package/dist/sdk/popup-auth.js

@@ -71,21 +71,22 @@ export class PopupAuth {
                     return;
                 }
                 // Success - store token and resolve
-                try {
-                    const tokenData = this.config.tokenManager.setToken(token);
+                this.config.tokenManager
+                    .setToken(token)
+                    .then((tokenData) => {
                     this.config.tokenManager.clearState();
                     popup.close();
                     cleanup();
                     resolve(tokenData.rawToken);
-                }
-                catch (error) {
+                })
+                    .catch((error) => {
                     popup.close();
                     cleanup();
                     this.config.tokenManager.clearState();
                     this.config.tokenManager.clearToken();
                     // eslint-disable-next-line @typescript-eslint/prefer-promise-reject-errors
                     reject(error);
-                }
+                });
             };
             // Listen for postMessage from callback page
             window.addEventListener('message', messageHandler);

package/dist/sdk/prividium-chain.js

@@ -1,8 +1,11 @@
 import { http } from 'viem';
 import { mainnet } from 'viem/chains';
+import { authorizeTransactionResponseSchema, profileSchema } from './types.js';
 import { LocalStorage, TokenManager } from './storage.js';
 import { PopupAuth } from './popup-auth.js';
 import { hasPrividiumUnauthorizedError } from './error-utils.js';
+import { PrividiumSessionError } from './errors';
+import { z } from 'zod';
 function rpcUrl(apiUrl) {
     return new URL('/rpc', apiUrl).toString();
 }
@@ -14,23 +17,49 @@ export function createPrividiumChain(config) {
         throw new Error('"permissionsApiBaseUrl" was deprecated. Please use "prividiumApiBaseUrl" instead.');
     }
     const storage = config.storage || new LocalStorage();
-    const tokenManager = new TokenManager(storage, config.chain.id);
+    const tokenManager = new TokenManager(storage, config.chain.id, config.prividiumApiBaseUrl, config.onAuthExpiry);
     const popupAuth = new PopupAuth({
         clientId: config.clientId,
         authBaseUrl: config.authBaseUrl,
         redirectUri: config.redirectUrl,
-        tokenManager,
-        onAuthExpiry: config.onAuthExpiry
+        tokenManager
     });
     const getAuthHeaders = () => {
-        const token = tokenManager.getToken();
-        if (token) {
-            return {
-                Authorization: `Bearer ${token.rawToken}`
-            };
+        const tokenData = tokenManager.getToken();
+        if (!tokenData) {
+            return null;
         }
-        return null;
+        return {
+            Authorization: `Bearer ${tokenData.rawToken}`
+        };
     };
+    async function prividiumApiCall(schema, url, method, body) {
+        const headers = getAuthHeaders();
+        if (!headers) {
+            throw new PrividiumSessionError();
+        }
+        const response = await fetch(url, {
+            method,
+            headers: {
+                'Content-Type': 'application/json',
+                ...(body && { body }),
+                ...headers
+            }
+        });
+        if (response.status === 403 || response.status === 401) {
+            tokenManager.clearToken();
+            config.onAuthExpiry?.();
+            throw new PrividiumSessionError();
+        }
+        if (!response.ok) {
+            throw new Error(`Error calling ${url}: ${response.status} ${response.statusText}`);
+        }
+        const parsed = schema.safeParse(await response.json());
+        if (!parsed.success) {
+            throw new Error(`Unexpected api response response calling ${url}`);
+        }
+        return parsed.data;
+    }
     // Create transport with auth integration using viem callbacks
     const transport = http(rpcUrl(config.prividiumApiBaseUrl), {
         batch: false,
@@ -75,108 +104,27 @@ export function createPrividiumChain(config) {
         },
         getAuthHeaders,
         async fetchUser() {
-            const headers = getAuthHeaders();
-            if (!headers) {
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            const response = await fetch(`${config.prividiumApiBaseUrl}/api/profiles/me`, {
-                method: 'GET',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...headers
-                }
-            });
-            if (response.status === 403) {
-                tokenManager.clearToken();
-                config.onAuthExpiry?.();
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            if (!response.ok) {
-                throw new Error(`Failed to fetch user profile: ${response.status} ${response.statusText}`);
-            }
-            const userData = (await response.json());
-            return {
-                userId: userData.userId,
-                createdAt: new Date(userData.createdAt),
-                displayName: userData.displayName,
-                updatedAt: new Date(userData.updatedAt),
-                roles: userData.roles,
-                walletAddresses: userData.walletAddresses
-            };
+            return await prividiumApiCall(profileSchema, `${config.prividiumApiBaseUrl}/api/profiles/me`, 'GET');
         },
         async getWalletToken() {
-            const headers = getAuthHeaders();
-            if (!headers) {
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            const response = await fetch(`${config.prividiumApiBaseUrl}/api/wallet/personal-rpc-token`, {
-                method: 'GET',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...headers
-                }
-            });
-            if (response.status === 403) {
-                tokenManager.clearToken();
-                config.onAuthExpiry?.();
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            if (!response.ok) {
-                throw new Error(`Failed to fetch wallet token: ${response.status} ${response.statusText}`);
-            }
-            const data = (await response.json());
-            return data.token;
+            const { token } = await prividiumApiCall(z.object({ token: z.string() }), `${config.prividiumApiBaseUrl}/api/wallet/personal-rpc-token`, 'GET');
+            return token;
         },
         async getWalletRpcUrl() {
             const walletToken = await this.getWalletToken();
             return walletRpcUrl(config.prividiumApiBaseUrl, walletToken);
         },
         async invalidateWalletToken() {
-            const headers = getAuthHeaders();
-            if (!headers) {
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            const response = await fetch(`${config.prividiumApiBaseUrl}/api/wallet/invalidate`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...headers
-                }
-            });
-            if (!response.ok) {
-                throw new Error(`Failed to invalidate wallet token: ${response.status} ${response.statusText}`);
-            }
-            const result = (await response.json());
-            return result.newWalletToken;
+            const { newWalletToken } = await prividiumApiCall(z.object({ newWalletToken: z.string(), message: z.string() }), `${config.prividiumApiBaseUrl}/api/wallet/invalidate`, 'POST');
+            return newWalletToken;
         },
         async authorizeTransaction(params) {
-            const headers = getAuthHeaders();
-            if (!headers) {
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            const response = await fetch(`${config.prividiumApiBaseUrl}/api/wallet/transaction-authorization`, {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    ...headers
-                },
-                body: JSON.stringify({
-                    ...params,
-                    // Always pass calldata and value, even if undefined
-                    calldata: params?.calldata ?? '0x',
-                    value: params.value?.toString() ?? '0'
-                })
-            });
-            if (response.status === 403) {
-                tokenManager.clearToken();
-                config.onAuthExpiry?.();
-                throw new Error('Authentication required. Please call authorize() first.');
-            }
-            if (!response.ok) {
-                throw new Error(`Failed to authorize transaction: ${response.status} ${response.statusText}`);
-            }
-            const result = (await response.json());
-            return result;
+            return prividiumApiCall(authorizeTransactionResponseSchema, `${config.prividiumApiBaseUrl}/api/wallet/transaction-authorization`, 'POST', JSON.stringify({
+                ...params,
+                // Always pass calldata and value, even if undefined
+                calldata: params?.calldata ?? '0x',
+                value: params.value?.toString() ?? '0'
+            }));
         },
         async addNetworkToWallet(params) {
             if (typeof window === 'undefined' || !window.ethereum) {

package/dist/sdk/storage.d.ts

@@ -5,14 +5,17 @@ export declare class LocalStorage implements Storage {
     removeItem(key: string): void;
 }
 export declare class TokenManager {
-    private storage;
+    storage: Storage;
     private chainId;
+    private prividiumApiUrl;
     private tokenCache;
-    constructor(storage: Storage, chainId: number);
+    private onAuthExpiry;
+    constructor(storage: Storage, chainId: number, prividiumApiUrl: string, onAuthExpiry?: () => void);
     private get tokenKey();
     private get stateKey();
     getToken(): TokenData | null;
-    setToken(rawToken: string): TokenData;
+    private getTokenExpiration;
+    setToken(rawToken: string): Promise<TokenData>;
     clearToken(): void;
     isAuthorized(): boolean;
     setState(state: string): void;

package/dist/sdk/storage.js

@@ -1,4 +1,6 @@
-import { STORAGE_KEYS } from './types.js';
+import { STORAGE_KEYS, tokenDataSchema } from './types.js';
+import { z } from 'zod';
+import { addYears } from 'date-fns/addYears';
 export class LocalStorage {
     getItem(key) {
         if (typeof localStorage === 'undefined') {
@@ -20,10 +22,14 @@ export class LocalStorage {
 export class TokenManager {
     storage;
     chainId;
+    prividiumApiUrl;
     tokenCache = null;
-    constructor(storage, chainId) {
+    onAuthExpiry;
+    constructor(storage, chainId, prividiumApiUrl, onAuthExpiry) {
         this.storage = storage;
         this.chainId = chainId;
+        this.prividiumApiUrl = prividiumApiUrl;
+        this.onAuthExpiry = onAuthExpiry ?? function () { };
     }
     get tokenKey() {
         return `${STORAGE_KEYS.TOKEN_PREFIX}${this.chainId}`;
@@ -35,20 +41,63 @@ export class TokenManager {
         if (this.tokenCache) {
             return this.tokenCache;
         }
-        const rawToken = this.storage.getItem(this.tokenKey);
-        if (!rawToken) {
+        const tokenDataStr = this.storage.getItem(this.tokenKey);
+        if (!tokenDataStr) {
             return null;
         }
-        const tokenData = {
-            rawToken
-        };
-        this.tokenCache = tokenData;
-        return tokenData;
+        try {
+            const tokenData = tokenDataSchema.safeParse(JSON.parse(tokenDataStr));
+            if (!tokenData.success) {
+                return null;
+            }
+            if (new Date() > tokenData.data.expiresAt) {
+                this.clearToken();
+                this.onAuthExpiry();
+                return null;
+            }
+            this.tokenCache = tokenData.data;
+            return tokenData.data;
+        }
+        catch (e) {
+            if (e instanceof SyntaxError) {
+                return null;
+            }
+            throw e;
+        }
     }
-    setToken(rawToken) {
+    async getTokenExpiration(token) {
+        const currentSessionRes = await fetch(new URL('/api/auth/current-session', this.prividiumApiUrl), {
+            headers: {
+                authorization: `Bearer ${token}`
+            }
+        });
+        if (!currentSessionRes.ok) {
+            throw new Error('Error accessing prividium api');
+        }
+        if (currentSessionRes.status === 404) {
+            // NOTE: 404 indicates /api/auth/current-session is unavailable (older API),
+            // so the token expiration cannot be retrieved. The SDK must defer expiry
+            // handling until a 403 response is received; a far-future date prevents
+            // premature onExpiry callbacks before validation fails.
+            return addYears(new Date(), 100);
+        }
+        if (!currentSessionRes.ok || currentSessionRes.status !== 200) {
+            throw new Error('Error accessing prividium api');
+        }
+        const schema = z.object({
+            expiresAt: z.iso.datetime()
+        });
+        const parsed = schema.safeParse(await currentSessionRes.json());
+        if (!parsed.success) {
+            throw new Error('Invalid response from prividium api');
+        }
+        return new Date(parsed.data.expiresAt);
+    }
+    async setToken(rawToken) {
         try {
-            const tokenData = { rawToken };
-            this.storage.setItem(this.tokenKey, rawToken);
+            const expiresAt = await this.getTokenExpiration(rawToken);
+            const tokenData = { rawToken, expiresAt };
+            this.storage.setItem(this.tokenKey, JSON.stringify(tokenData));
             this.tokenCache = tokenData;
             return tokenData;
         }
@@ -62,8 +111,16 @@ export class TokenManager {
         this.storage.removeItem(this.tokenKey);
     }
     isAuthorized() {
-        const token = this.getToken();
-        return token !== null;
+        const tokenData = this.getToken();
+        if (tokenData === null) {
+            return false;
+        }
+        const isExpired = new Date() > tokenData.expiresAt;
+        if (isExpired) {
+            this.onAuthExpiry();
+            this.clearToken();
+        }
+        return !isExpired;
     }
     setState(state) {
         this.storage.setItem(this.stateKey, state);

package/dist/sdk/test-utils.d.ts

@@ -0,0 +1,2 @@
+export declare function minutesInTheFuture(minutes: number): Date;
+export declare function mockSessionResponse(token: string, expiration: Date): void;

package/dist/sdk/test-utils.js

@@ -0,0 +1,11 @@
+import { vi } from 'vitest';
+import { addMinutes } from 'date-fns';
+export function minutesInTheFuture(minutes) {
+    return addMinutes(new Date(), minutes);
+}
+export function mockSessionResponse(token, expiration) {
+    vi.spyOn(globalThis, 'fetch').mockResolvedValueOnce(new Response(JSON.stringify({
+        token: token,
+        expiresAt: expiration.toISOString()
+    })));
+}

package/dist/sdk/types.d.ts

@@ -1,5 +1,6 @@
 import { type Address, type Chain, type Hex, type Transport } from 'viem';
 import { type OauthScope } from './popup-auth.js';
+import { z } from 'zod';
 export interface Storage {
     getItem(key: string): string | null;
     setItem(key: string, value: string): void;
@@ -18,17 +19,21 @@ export interface PrividiumConfig {
     storage?: Storage;
     onAuthExpiry?: () => void;
 }
-export interface UserRole {
-    roleName: string;
-}
-export interface UserProfile {
-    userId: string;
-    createdAt: Date;
-    displayName: string | null;
-    updatedAt: Date;
-    roles: UserRole[];
-    walletAddresses: string[];
-}
+export declare const roleSchema: z.ZodObject<{
+    roleName: z.ZodString;
+}, z.core.$strip>;
+export type UserRole = z.infer<typeof roleSchema>;
+export declare const profileSchema: z.ZodObject<{
+    id: z.ZodString;
+    createdAt: z.ZodCoercedDate<unknown>;
+    displayName: z.ZodNullable<z.ZodString>;
+    updatedAt: z.ZodCoercedDate<unknown>;
+    roles: z.ZodArray<z.ZodObject<{
+        roleName: z.ZodString;
+    }, z.core.$strip>>;
+    wallets: z.ZodArray<z.ZodUnknown>;
+}, z.core.$strip>;
+export type UserProfile = z.infer<typeof profileSchema>;
 export interface AddNetworkParams {
     chainName?: string;
     chainId: string;
@@ -58,10 +63,11 @@ export type AuthorizeTransactionParams = {
     calldata?: never;
     value: bigint;
 };
-export interface AuthorizeTransactionResponse {
-    message: string;
-    activeUntil: string;
-}
+export declare const authorizeTransactionResponseSchema: z.ZodObject<{
+    message: z.ZodString;
+    activeUntil: z.ZodString;
+}, z.core.$strip>;
+export type AuthorizeTransactionResponse = z.infer<typeof authorizeTransactionResponseSchema>;
 export interface PrividiumChain {
     chain: Chain;
     transport: Transport;
@@ -76,8 +82,13 @@ export interface PrividiumChain {
     authorizeTransaction(params: AuthorizeTransactionParams): Promise<AuthorizeTransactionResponse>;
     addNetworkToWallet(params?: AddNetworkParams): Promise<void>;
 }
+export declare const tokenDataSchema: z.ZodObject<{
+    rawToken: z.ZodString;
+    expiresAt: z.ZodCoercedDate<unknown>;
+}, z.core.$strip>;
 export interface TokenData {
     rawToken: string;
+    expiresAt: Date;
 }
 export interface PopupOptions {
     popupSize?: {

package/dist/sdk/types.js

@@ -1,3 +1,23 @@
+import { z } from 'zod';
+export const roleSchema = z.object({
+    roleName: z.string()
+});
+export const profileSchema = z.object({
+    id: z.string(),
+    createdAt: z.coerce.date(),
+    displayName: z.string().nullable(),
+    updatedAt: z.coerce.date(),
+    roles: roleSchema.array(),
+    wallets: z.unknown().array()
+});
+export const authorizeTransactionResponseSchema = z.object({
+    message: z.string(),
+    activeUntil: z.string()
+});
+export const tokenDataSchema = z.object({
+    rawToken: z.string(),
+    expiresAt: z.coerce.date()
+});
 export const AUTH_ERRORS = {
     INVALID_STATE: 'Invalid state parameter',
     NO_RECEIVED_STATE: 'No state parameter',

package/dist/tsconfig.sdk.tsbuildinfo

@@ -1 +1 @@
-{"root":["../src/create-prividium-client.ts","../src/error-utils.ts","../src/index.ts","../src/popup-auth.ts","../src/prividium-chain.ts","../src/rpc-error-codes.ts","../src/storage.ts","../src/token-utils.ts","../src/types.ts"],"version":"5.8.3"}
+{"root":["../src/create-prividium-client.ts","../src/error-utils.ts","../src/errors.ts","../src/index.ts","../src/popup-auth.ts","../src/prividium-chain.ts","../src/rpc-error-codes.ts","../src/storage.ts","../src/test-utils.ts","../src/token-utils.ts","../src/types.ts"],"version":"5.8.3"}

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "prividium",
-  "version": "0.1.9",
+  "version": "0.2.0",
   "bin": {
-    "prividium": "./bin/cli.js"
+    "prividium": "bin/cli.js"
   },
   "exports": {
     ".": {
@@ -46,11 +46,14 @@
   },
   "devDependencies": {
     "@repo/eslint-config": "workspace:*",
+    "@semantic-release/exec": "^7.1.0",
     "@types/node": "^22.8.6",
     "@types/yargs": "^17.0.34",
     "@vitest/coverage-v8": "3.2.4",
+    "date-fns": "^4.1.0",
     "eslint": "^8",
     "jsdom": "^25.0.0",
+    "semantic-release": "^25.0.2",
     "tsx": "^4.20.6",
     "typescript": "^5.8.3",
     "vitest": "^3.2.4"