feat(#4528): add place holder for feature/node-4528-naga-sdk-add-a-make-a-request-function-to-take

Author: Ansonhkg

packages/auth/src/lib/AuthManager/auth-manager.ts

@@ -1,5 +1,6 @@
 import { getChildLogger } from '@lit-protocol/logger';
 import { AuthData, HexPrefixedSchema } from '@lit-protocol/schemas';
+// import { AuthSig, SessionKeyPair } from '@lit-protocol/types';
 import { z } from 'zod';
 import { AuthConfigV2 } from '../authenticators/types';
 import type { LitAuthStorageProvider } from '../storage/types';
@@ -73,6 +74,9 @@ export const createAuthManager = (authManagerParams: AuthManagerParams) => {
       pkpPublicKey: z.infer<typeof HexPrefixedSchema>;
       authConfig: AuthConfigV2;
       litClient: BaseAuthContext<any>['litClient'];
+      // Optional pre-generated auth materials for server-side usage
+      // sessionKeyPair?: SessionKeyPair;
+      // delegationAuthSig?: AuthSig;
     }) => {
       return getPkpAuthContextAdapter(authManagerParams, params);
     },

packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextAdapter.ts

@@ -3,7 +3,9 @@ import {
   AuthData,
   HexPrefixedSchema,
   NodeUrlsSchema,
+  // SessionKeyUriSchema,
 } from '@lit-protocol/schemas';
+// import { AuthSig, LitResourceAbilityRequest, SessionKeyPair } from '@lit-protocol/types';
 import { ethers } from 'ethers';
 import { z } from 'zod';
 import { AuthConfigV2 } from '../../authenticators/types';
@@ -19,6 +21,40 @@ export const PkpAuthDepsSchema = z.object({
   nodeUrls: NodeUrlsSchema,
 });
 
+/**
+ * Validates that the provided delegation auth sig hasn't expired and contains required resources
+ */
+// function validateDelegationAuthSig(
+//   delegationAuthSig: AuthSig,
+//   requiredResources: LitResourceAbilityRequest[],
+//   sessionKeyUri: string
+// ): void {
+//   try {
+//     // Parse the signed message to extract expiration and validate session key match
+//     const siweMessage = delegationAuthSig.signedMessage;
+    
+//     // Check expiration
+//     const expirationMatch = siweMessage.match(/^Expiration Time: (.*)$/m);
+//     if (expirationMatch && expirationMatch[1]) {
+//       const expiration = new Date(expirationMatch[1].trim());
+//       if (expiration.getTime() <= Date.now()) {
+//         throw new Error(`Delegation signature has expired at ${expiration.toISOString()}`);
+//       }
+//     }
+
+//     // Validate session key URI matches
+//     if (!siweMessage.includes(sessionKeyUri)) {
+//       throw new Error('Session key URI in delegation signature does not match provided session key pair');
+//     }
+
+//     // TODO: Add resource validation - check if delegationAuthSig has required resources
+//     // This would involve parsing the RECAP URN and checking against requiredResources
+    
+//   } catch (error) {
+//     throw new Error(`Invalid delegation signature: ${error instanceof Error ? error.message : 'Unknown error'}`);
+//   }
+// }
+
 export async function getPkpAuthContextAdapter(
   upstreamParams: AuthManagerParams,
   params: {
@@ -28,10 +64,53 @@ export async function getPkpAuthContextAdapter(
     litClient: {
       getContext: () => Promise<any>;
     };
+    // Optional pre-generated auth materials
+    // sessionKeyPair?: SessionKeyPair;
+    // delegationAuthSig?: AuthSig;
   }
 ) {
   const _resources = processResources(params.authConfig.resources);
 
+  // // Validate optional parameters
+  // if ((params.sessionKeyPair && !params.delegationAuthSig) || 
+  //     (!params.sessionKeyPair && params.delegationAuthSig)) {
+  //   throw new Error('Both sessionKeyPair and delegationAuthSig must be provided together, or neither should be provided');
+  // }
+
+  // // If pre-generated auth materials are provided, validate and use them
+  // if (params.sessionKeyPair && params.delegationAuthSig) {
+  //   // Generate sessionKeyUri from the public key
+  //   const sessionKeyUri = SessionKeyUriSchema.parse(params.sessionKeyPair.publicKey);
+    
+  //   // Validate the delegation signature
+  //   validateDelegationAuthSig(
+  //     params.delegationAuthSig,
+  //     _resources,
+  //     sessionKeyUri
+  //   );
+
+  //   // Return auth context using provided materials
+  //   return {
+  //     chain: 'ethereum',
+  //     pkpPublicKey: params.pkpPublicKey,
+  //     authData: params.authData,
+  //     authConfig: {
+  //       domain: params.authConfig.domain!,
+  //       resources: _resources,
+  //       capabilityAuthSigs: params.authConfig.capabilityAuthSigs!,
+  //       expiration: params.authConfig.expiration!,
+  //       statement: params.authConfig.statement!,
+  //     },
+  //     sessionKeyPair: {
+  //       ...params.sessionKeyPair,
+  //       sessionKeyUri, // Add the generated sessionKeyUri to match expected interface
+  //     },
+  //     // Provide the pre-generated delegation signature
+  //     authNeededCallback: async () => params.delegationAuthSig!,
+  //   };
+  // }
+
+  // Original logic for generating auth materials
   // TODO: 👇 The plan is to identify if the certain operations could be wrapped inside a single function
   // where different network modules can provide their own implementations.