feat(auth): add optional caching for delegation auth signature

- Introduced a cache parameter in the auth manager and related functions to control caching behavior for delegation auth signatures.
- Updated the GetPkpAuthContextSchema to include an optional cache object.
- Enhanced tryGetCachedDelegationAuthSig to generate a new signature if caching is disabled, improving flexibility in auth signature management.

Author: Ansonhkg

packages/auth/src/lib/AuthManager/auth-manager.ts

@@ -74,6 +74,9 @@ export const createAuthManager = (authManagerParams: AuthManagerParams) => {
       pkpPublicKey: z.infer<typeof HexPrefixedSchema>;
       authConfig: AuthConfigV2;
       litClient: BaseAuthContext<any>['litClient'];
+      cache?: {
+        delegationAuthSig?: boolean;
+      }
       // Optional pre-generated auth materials for server-side usage
       // sessionKeyPair?: SessionKeyPair;
       // delegationAuthSig?: AuthSig;

packages/auth/src/lib/AuthManager/authAdapters/getPkpAuthContextAdapter.ts

@@ -64,6 +64,9 @@ export async function getPkpAuthContextAdapter(
     litClient: {
       getContext: () => Promise<any>;
     };
+    cache?: {
+      delegationAuthSig?: boolean;
+    }
     // Optional pre-generated auth materials
     // sessionKeyPair?: SessionKeyPair;
     // delegationAuthSig?: AuthSig;
@@ -172,5 +175,6 @@ export async function getPkpAuthContextAdapter(
       storage: upstreamParams.storage,
       pkpAddress: pkpAddress,
     },
+    cache: params.cache,
   });
 }

packages/auth/src/lib/AuthManager/authContexts/getPkpAuthContext.ts

@@ -50,6 +50,9 @@ export const GetPkpAuthContextSchema = z.object({
     // @depreacted - to be removed. testing only.
     pkpAddress: z.string(),
   }),
+  cache: z.object({
+    delegationAuthSig: z.boolean().optional(),
+  }).optional(),
 });
 
 interface PreparePkpAuthRequestBodyParams {
@@ -139,6 +142,7 @@ export const getPkpAuthContext = async (
   };
 
   const delegationAuthSig = await tryGetCachedDelegationAuthSig({
+    cache: _params.cache?.delegationAuthSig,
     storage: _params.deps.storage,
     address: _params.deps.pkpAddress,
     expiration: _params.authConfig.expiration,

packages/auth/src/lib/AuthManager/try-getters/tryGetCachedDelegationAuthSig.ts

@@ -10,7 +10,29 @@ export async function tryGetCachedDelegationAuthSig(params: {
   address: string;
   expiration: string; // Desired expiration for new sigs, not used for checking existing
   signSessionKey: any; // This is assumed to be a Promise resolving to the auth sig
+  cache?: boolean; // If false, always generate a new auth sig
 }) {
+  // If cache is explicitly disabled, skip cache reading and generate new auth sig
+  if (!params.cache) {
+    _logger.info(
+      'tryGetCachedDelegationAuthSig: Cache disabled, generating new delegation auth sig.',
+      {
+        address: params.address,
+      }
+    );
+
+    const newDelegationAuthSig = await params.signSessionKey();
+
+    _logger.info(
+      'tryGetCachedDelegationAuthSig: Generated new delegation auth sig (cache disabled, not saved).',
+      {
+        address: params.address,
+      }
+    );
+
+    return newDelegationAuthSig;
+  }
+
   const delegationAuthSigString =
     await params.storage.readInnerDelegationAuthSig({
       publicKey: params.address,

packages/lit-client/src/lib/LitNodeClient/LitNodeApi/src/helper/sendNodeRequest.ts

@@ -63,8 +63,8 @@ export async function sendNodeRequest<T>(
     const curlCommand = generateCurlCommand(_fullUrl, req);
     _logger.info('🔄 CURL command:', curlCommand);
 
-    // if (_fullUrl.includes('pkp/sign/v2')) {
-    //   console.log('🔄 req', req);
+    // if (_fullUrl.includes('sign_session_key')) {
+    //   console.log("Curl command: ", curlCommand);
     //   process.exit();
     // }