chore: move POC session auth middleware into separate file, add example as test

zone117x · zone117x · commit 3a7576bd3b2c · 2022-05-06T09:56:22.000+02:00
diff --git a/packages/common/src/fetchApiAuthMiddleware.ts b/packages/common/src/fetchApiAuthMiddleware.ts
@@ -0,0 +1,138 @@
+// **NOTE** This is an untested proof-of-concept for using fetch middleware to handle
+// session API key based authentication.
+
+import 'cross-fetch/polyfill';
+import { FetchMiddleware, ResponseContext } from './fetchUtil';
+
+export interface SessionAuthDataStore {
+  get(host: string): Promise<{ authKey: string } | undefined> | { authKey: string } | undefined;
+  set(host: string, authData: { authKey: string }): Promise<void> | void;
+  delete(host: string): Promise<void> | void;
+}
+
+export interface ApiSessionAuthMiddlewareOpts {
+  /** The middleware / API key header will only be added to requests matching this host. */
+  host?: RegExp | string;
+  /** The http header name used for specifying the API key value. */
+  httpHeader?: string;
+  authPath: string;
+  authRequestMetadata: Record<string, string>;
+  authDataStore?: SessionAuthDataStore;
+}
+
+export function createApiSessionAuthMiddleware({
+  host = /(.*)api(.*)\.stacks\.co$/i,
+  httpHeader = 'x-api-key',
+  authPath = '/request_key',
+  authRequestMetadata = {},
+  authDataStore = createInMemoryAuthDataStore(),
+}: ApiSessionAuthMiddlewareOpts): FetchMiddleware {
+  // Local temporary cache of auth request promises, used so that multiple re-auth requests are
+  // not running in parallel. Key is the request host.
+  const pendingAuthRequests = new Map<string, Promise<{ authKey: string }>>();
+
+  const authMiddleware: FetchMiddleware = {
+    pre: async context => {
+      const reqUrl = new URL(context.url);
+      let hostMatches = false;
+      if (typeof host === 'string') {
+        hostMatches = host === reqUrl.host;
+      } else {
+        hostMatches = !!host.exec(reqUrl.host);
+      }
+      if (hostMatches) {
+        const authData = await authDataStore.get(reqUrl.host);
+        if (authData) {
+          context.init.headers = setRequestHeader(context.init, httpHeader, authData.authKey);
+        }
+      }
+    },
+    post: async context => {
+      const reqUrl = new URL(context.url);
+      let hostMatches = false;
+      if (typeof host === 'string') {
+        hostMatches = host === reqUrl.host;
+      } else {
+        hostMatches = !!host.exec(reqUrl.host);
+      }
+
+      // If request is for configured host, and response was `401 Unauthorized`,
+      // then request auth key and retry request.
+      if (hostMatches && context.response.status === 401) {
+        // Check if for any currently pending auth requests and re-use it to avoid creating multiple in parallel.
+        let pendingAuthRequest = pendingAuthRequests.get(reqUrl.host);
+        if (!pendingAuthRequest) {
+          pendingAuthRequest = resolveAuthToken(context, authPath, authRequestMetadata)
+            .then(async result => {
+              // If the request is successfull, add the key to storage.
+              await authDataStore.set(reqUrl.host, result);
+              return result;
+            })
+            .finally(() => {
+              // When the request is completed (either successful or rejected) clear the promise.
+              pendingAuthRequests.delete(reqUrl.host);
+            });
+        }
+        const { authKey } = await pendingAuthRequest;
+        // Retry the request using the new API key auth header.
+        context.init.headers = setRequestHeader(context.init, httpHeader, authKey);
+        return context.fetch(context.url, context.init);
+      } else {
+        return context.response;
+      }
+    },
+  };
+  return authMiddleware;
+}
+
+function createInMemoryAuthDataStore(): SessionAuthDataStore {
+  const map = new Map<string, { authKey: string }>();
+  const store: SessionAuthDataStore = {
+    get: host => {
+      return map.get(host);
+    },
+    set: (host, authData) => {
+      map.set(host, authData);
+    },
+    delete: host => {
+      map.delete(host);
+    },
+  };
+  return store;
+}
+
+function setRequestHeader(requestInit: RequestInit, headerKey: string, headerValue: string) {
+  const headers = new Headers(requestInit.headers);
+  headers.set(headerKey, headerValue);
+  return headers;
+}
+
+async function resolveAuthToken(
+  context: ResponseContext,
+  authPath: string,
+  authRequestMetadata: Record<string, string>
+) {
+  const reqUrl = new URL(context.url);
+  const authEndpoint = new URL(reqUrl.origin);
+  authEndpoint.pathname = authPath;
+  const authReq = await context.fetch(authEndpoint.toString(), {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+    },
+    body: JSON.stringify(authRequestMetadata),
+  });
+  if (authReq.ok) {
+    const authRespBody: { auth_key: string } = await authReq.json();
+    return { authKey: authRespBody.auth_key };
+  } else {
+    let respBody = '';
+    try {
+      respBody = await authReq.text();
+    } catch (error) {
+      respBody = `Error fetching API auth key: ${authReq.status} - Error fetching response body: ${error}`;
+    }
+    throw new Error(`Error fetching API auth key: ${authReq.status} - ${respBody}`);
+  }
+}
diff --git a/packages/common/src/fetchUtil.ts b/packages/common/src/fetchUtil.ts
@@ -24,80 +24,6 @@ export interface FetchMiddleware {
   pre?: (context: RequestContext) => PromiseLike<FetchParams | void> | FetchParams | void;
   post?: (context: ResponseContext) => Promise<Response | void> | Response | void;
 }
-
-// TODO: make the value a promise so that multiple re-auth requests are not running in parallel
-// TODO: make the storage interface configurable
-// in-memory session auth data, keyed by the endpoint host
-const sessionAuthData = new Map<string, { authKey: string }>();
-
-export interface ApiSessionAuthMiddlewareOpts {
-  /** The middleware / API key header will only be added to requests matching this host. */
-  host?: RegExp | string;
-  /** The http header name used for specifying the API key value. */
-  httpHeader?: string;
-  authPath: string;
-  authRequestMetadata: Record<string, string>;
-}
-
-export function getApiSessionAuthMiddleware({
-  host = /(.*)api(.*)\.stacks\.co$/i,
-  httpHeader = 'x-api-key',
-  authPath = '/request_key',
-  authRequestMetadata = {},
-}: ApiSessionAuthMiddlewareOpts): FetchMiddleware {
-  const authMiddleware: FetchMiddleware = {
-    pre: context => {
-      const reqUrl = new URL(context.url);
-      let hostMatches = false;
-      if (typeof host === 'string') {
-        hostMatches = host === reqUrl.host;
-      } else {
-        hostMatches = !!host.exec(reqUrl.host);
-      }
-      const authData = sessionAuthData.get(reqUrl.host);
-      if (hostMatches && authData) {
-        const headers = new Headers(context.init.headers);
-        headers.set(httpHeader, authData.authKey);
-        context.init.headers = headers;
-      }
-    },
-    post: async context => {
-      const reqUrl = new URL(context.url);
-      let hostMatches = false;
-      if (typeof host === 'string') {
-        hostMatches = host === reqUrl.host;
-      } else {
-        hostMatches = !!host.exec(reqUrl.host);
-      }
-      // if request is for configured host, and response was `401 Unauthorized`,
-      // then request auth key and retry request.
-      if (hostMatches && context.response.status === 401) {
-        const authEndpoint = new URL(reqUrl.origin);
-        authEndpoint.pathname = authPath;
-        const authReq = await context.fetch(authEndpoint.toString(), {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            Accept: 'application/json',
-          },
-          body: JSON.stringify(authRequestMetadata),
-        });
-        const authResponseBody = await authReq.text();
-        if (authReq.ok) {
-          const authResp: { api_key: string } = JSON.parse(authResponseBody);
-          sessionAuthData.set(reqUrl.host, { authKey: authResp.api_key });
-          return context.fetch(context.url, context.init);
-        } else {
-          throw new Error(`Error fetching API auth key: ${authReq.status}: ${authResponseBody}`);
-        }
-      } else {
-        return context.response;
-      }
-    },
-  };
-  return authMiddleware;
-}
-
 export interface ApiKeyMiddlewareOpts {
   /** The middleware / API key header will only be added to requests matching this host. */
   host?: RegExp | string;
@@ -156,7 +82,7 @@ export function getDefaultFetchFn(...args: any[]): FetchFn {
   }
   const middlewares = [...getDefaultMiddleware(), ...middlewareOpt];
   const fetchFn = async (url: string, init?: RequestInit | undefined): Promise<Response> => {
-    let fetchParams = { url, init: init || {} };
+    let fetchParams = { url, init: init ?? {} };
     for (const middleware of middlewares) {
       if (middleware.pre) {
         const result = await Promise.resolve(
diff --git a/packages/network/src/index.ts b/packages/network/src/index.ts
@@ -126,7 +126,7 @@ export class StacksMainnet extends StacksNetwork {
   version = TransactionVersion.Mainnet;
   chainId = ChainID.Mainnet;
 
-  constructor(opts?: NetworkConfig) {
+  constructor(opts?: Partial<NetworkConfig>) {
     super({
       url: opts?.url ?? HIRO_MAINNET_DEFAULT,
       fetchFn: opts?.fetchFn,
@@ -138,7 +138,7 @@ export class StacksTestnet extends StacksNetwork {
   version = TransactionVersion.Testnet;
   chainId = ChainID.Testnet;
 
-  constructor(opts?: NetworkConfig) {
+  constructor(opts?: Partial<NetworkConfig>) {
     super({
       url: opts?.url ?? HIRO_TESTNET_DEFAULT,
       fetchFn: opts?.fetchFn,
@@ -150,7 +150,7 @@ export class StacksMocknet extends StacksNetwork {
   version = TransactionVersion.Testnet;
   chainId = ChainID.Testnet;
 
-  constructor(opts?: NetworkConfig) {
+  constructor(opts?: Partial<NetworkConfig>) {
     super({
       url: opts?.url ?? HIRO_MOCKNET_DEFAULT,
       fetchFn: opts?.fetchFn,
diff --git a/packages/transactions/tests/builder.test.ts b/packages/transactions/tests/builder.test.ts
@@ -1,3 +1,4 @@
+import { createApiKeyMiddleware, getDefaultFetchFn } from '@stacks/common';
 import { StacksMainnet, StacksTestnet } from '@stacks/network';
 import * as fs from 'fs';
 import fetchMock from 'jest-fetch-mock';
@@ -57,6 +58,26 @@ beforeEach(() => {
   jest.resetModules();
 });
 
+test('API key middleware - get nonce', async () => {
+  const senderAddress = 'STB44HYPYAT2BB2QE513NSP81HTMYWBJP02HPGK6';
+
+  const apiKey = '1234-my-api-key-example';
+  const fetchFn = getDefaultFetchFn(createApiKeyMiddleware({ apiKey }));
+  const network = new StacksMainnet({ fetchFn });
+
+  fetchMock.mockOnce(`{"balance": "0", "nonce": "123"}`);
+
+  const fetchNonce = await getNonce(senderAddress, network);
+  expect(fetchNonce).toBe(123n);
+  expect(fetchMock.mock.calls.length).toEqual(1);
+  expect(fetchMock.mock.calls[0][0]).toEqual(
+    'https://stacks-node-api.mainnet.stacks.co/v2/accounts/STB44HYPYAT2BB2QE513NSP81HTMYWBJP02HPGK6?proof=0'
+  );
+  const callHeaders = new Headers(fetchMock.mock.calls[0][1]?.headers);
+  expect(callHeaders.has('x-api-key')).toBeTruthy();
+  expect(callHeaders.get('x-api-key')).toBe(apiKey);
+});
+
 test('Make STX token transfer with set tx fee', async () => {
   const recipient = standardPrincipalCV('SP3FGQ8Z7JY9BWYZ5WM53E0M9NK7WHJF0691NZ159');
   const amount = 12345;
