UNPKG

accounts

Version:

Tempo Accounts SDK

158 lines 5.89 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
import { createClient, http } from 'viem'; import { tempo, tempoDevnet, tempoModerato } from 'viem/chains'; import * as z from 'zod/mini'; import * as CliAuth from '../../CliAuth.js'; import { from } from '../../Handler.js'; /** * Instantiates a generic device-code handler for access-key bootstrap. * * Exposes 4 endpoints: * - `GET /auth/pkce/pending/:code` * - `POST /auth/pkce/code` * - `POST /auth/pkce/poll/:code` * - `POST /auth/pkce` * * @param {codeAuth.Options} options - Options. * @returns {Handler} Request handler. */ export function codeAuth(options = {}) { const { chains = [tempo, tempoModerato, tempoDevnet], now, path = '/auth/pkce', maxBodyBytes = 16_384, policy, random, rateLimit = CliAuth.RateLimit.memory({ max: 120, windowMs: 60_000 }), rateLimitKey = getRateLimitKey, store = CliAuth.Store.memory(), transports = {}, ttlMs, ...rest } = options; const [defaultChain] = chains; const clients = new Map(); for (const chain of chains) { const transport = transports[chain.id] ?? http(); clients.set(chain.id, createClient({ chain, transport })); } function getClient(chainId) { const id = Number(chainId ?? defaultChain.id); const client = clients.get(id); if (!client) throw new Error(`Chain ${id} not configured`); return client; } const router = from(rest); async function checkRateLimit(request) { if (rateLimit === false) return undefined; const { success } = await rateLimit.limit({ key: rateLimitKey(request), request }); if (success) return undefined; return Response.json({ error: 'Rate limit exceeded.' }, { status: 429 }); } router.get(`${path}/pending/:code`, async (c) => { const limited = await checkRateLimit(c.req.raw); if (limited) return limited; try { const code = c.req.param('code'); const result = await CliAuth.pending({ code, ...(now ? { now } : {}), store, }); return Response.json(z.encode(CliAuth.pendingResponse, result)); } catch (error) { const status = error instanceof CliAuth.PendingError ? error.status : 400; return Response.json({ error: error.message }, { status }); } }); router.post(`${path}/code`, async (c) => { const limited = await checkRateLimit(c.req.raw); if (limited) return limited; try { const request = z.decode(CliAuth.createRequest, await readJson(c.req.raw, maxBodyBytes)); const chainId = request.chainId ?? defaultChain.id; getClient(chainId); const result = await CliAuth.createDeviceCode({ chainId, ...(now ? { now } : {}), ...(policy ? { policy } : {}), ...(random ? { random } : {}), request, store, ...(typeof ttlMs !== 'undefined' ? { ttlMs } : {}), }); return Response.json(z.encode(CliAuth.createResponse, result)); } catch (error) { return Response.json({ error: error.message }, { status: 400 }); } }); router.post(`${path}/poll/:code`, async (c) => { const limited = await checkRateLimit(c.req.raw); if (limited) return limited; try { const request = z.decode(CliAuth.pollRequest, await readJson(c.req.raw, maxBodyBytes)); const code = c.req.param('code'); const result = await CliAuth.poll({ code, ...(now ? { now } : {}), request, store, }); return Response.json(z.encode(CliAuth.pollResponse, result)); } catch (error) { return Response.json({ error: error.message }, { status: 400 }); } }); router.post(path, async (c) => { const limited = await checkRateLimit(c.req.raw); if (limited) return limited; try { const request = z.decode(CliAuth.authorizeRequest, await readJson(c.req.raw, maxBodyBytes)); const result = await CliAuth.authorize({ client: getClient(request.keyAuthorization.chainId), ...(now ? { now } : {}), request, store, }); return Response.json(z.encode(CliAuth.authorizeResponse, result)); } catch (error) { return Response.json({ error: error.message }, { status: 400 }); } }); return router; } async function readJson(request, maxBodyBytes) { const length = request.headers.get('content-length'); if (length && Number(length) > maxBodyBytes) throw new Error('Request body is too large.'); if (!request.body) return JSON.parse(''); const reader = request.body.getReader(); const chunks = []; let size = 0; try { while (true) { const { done, value } = await reader.read(); if (done) break; size += value.byteLength; if (size > maxBodyBytes) { await reader.cancel().catch(() => undefined); throw new Error('Request body is too large.'); } chunks.push(value); } } finally { reader.releaseLock(); } const bytes = new Uint8Array(size); let offset = 0; for (const chunk of chunks) { bytes.set(chunk, offset); offset += chunk.byteLength; } return JSON.parse(new TextDecoder().decode(bytes)); } function getRateLimitKey(request) { return request.headers.get('cf-connecting-ip') ?? 'unknown'; } //# sourceMappingURL=codeAuth.js.map