feat(auth-services): add API key support when gating is enabled:

```ts
await client.authService.mintWithAuth({
  authData,
  authServiceBaseUrl,
  scopes,
  apiKey: 'YOUR_API_KEY',
});
```

```ts
await WebAuthnAuthenticator.registerAndMintPKP({
  authServiceBaseUrl,
  scopes,
  apiKey: 'YOUR_API_KEY',
});
```

Upcoming PR to use .overrides authBaseUrl and API key instead.

Author: Ansonhkg

packages/auth-services/src/auth-server/server.ts

@@ -1,6 +1,7 @@
 import express, { Express } from 'express';
 import cors from 'cors';
 import helmet from 'helmet';
+// import path from 'node:path';
 import { logger, requestLogger } from '../auth-server/src/providers/logger';
 
 export const createLoginApp = (origin: string): Express => {
@@ -9,7 +10,14 @@ export const createLoginApp = (origin: string): Express => {
   app.use(cors({ origin: true, credentials: true }));
   app.use(requestLogger);
 
-  // No static UI; consumer should handle any front-end routing/UI.
+  // app.use(
+  //   express.static(
+  //     path.join(process.cwd(), 'packages/auth-services/src/login-server/public')
+  //   )
+  // );
+
+  // app.get('/', (_req, res) => res.redirect('/index.html'));
+  // app.get('/error', (_req, res) => res.redirect('/error.html'));
 
   // The OAuth flows remain functionally the same, mapped into Express
   // (You can migrate the Google/Discord handlers here 1:1 from Elysia logic.)

packages/auth-services/src/login-server/app.ts

@@ -56,6 +56,7 @@ const handleAuthServerRequest = async <T>(params: {
   path: '/pkp/mint';
   body: any;
   jobName: string;
+  headers?: Record<string, string>;
 }): Promise<AuthServerTx<T>> => {
   const _body = JSON.stringify(params.body);
   const _url = `${params.serverUrl}${params.path}`;
@@ -64,6 +65,7 @@ const handleAuthServerRequest = async <T>(params: {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
+      ...(params.headers || {}),
     },
     body: _body,
   });
@@ -149,6 +151,8 @@ export class WebAuthnAuthenticator {
   public static async registerAndMintPKP(params: {
     username?: string;
     authServiceBaseUrl: string;
+    scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
+    apiKey?: string;
   }): Promise<{
     pkpInfo: PKPData;
 
@@ -191,6 +195,7 @@ export class WebAuthnAuthenticator {
       serverUrl: params.authServiceBaseUrl,
       path: '/pkp/mint',
       body: authData,
+      headers: params.apiKey ? { 'x-api-key': params.apiKey } : undefined,
     });
 
     return {

packages/auth/src/lib/authenticators/native/WebAuthnAuthenticator.ts

@@ -6,6 +6,7 @@ export const handleAuthServerRequest = async <T>(params: {
   path: '/pkp/mint';
   body: any;
   jobName: string;
+  headers?: Record<string, string>;
 }): Promise<AuthServerTx<T>> => {
   const _body = JSON.stringify(params.body);
   const _url = `${params.serverUrl}${params.path}`;
@@ -14,6 +15,7 @@ export const handleAuthServerRequest = async <T>(params: {
     method: 'POST',
     headers: {
       'Content-Type': 'application/json',
+      ...(params.headers || {}),
     },
     body: _body,
   });

packages/networks/src/networks/shared/helpers/handleAuthServerRequest.ts

@@ -421,6 +421,7 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
         authData: AuthData;
         authServiceBaseUrl?: string;
         scopes?: ('sign-anything' | 'personal-sign' | 'no-permissions')[];
+        apiKey?: string;
       }) => {
         return await handleAuthServerRequest<PKPData>({
           jobName: 'PKP Minting',
@@ -434,6 +435,7 @@ export function createBaseModule<T, M>(config: BaseModuleConfig<T, M>) {
             pubkey: params.authData.publicKey,
             scopes: params.scopes,
           },
+          headers: params.apiKey ? { 'x-api-key': params.apiKey } : undefined,
         });
       },
     },