Merge pull request #106 from ethereum-optimism/harry/session_signers_spike

feat: set up privy session signers on verbs demo

Author: tremarkley

package.json

@@ -46,6 +46,11 @@
     "tsx": "^4.0.0",
     "wait-port": "^1.1.0"
   },
+  "pnpm": {
+    "overrides": {
+      "nx>axios": "^1.12.0"
+    }
+  },
   "engines": {
     "node": ">=18"
   },

packages/demo/backend/.env.example

@@ -7,10 +7,6 @@ PORT=3000
 PRIVY_APP_ID=your_privy_app_id_here
 PRIVY_APP_SECRET=your_privy_app_secret_here
 
-# Clerk Configuration
-CLERK_SECRET_KEY=your_clerk_secret_key_here
-CLERK_PUBLISHABLE_KEY=your_clerk_publishable_key_here
-
 # Local chain
 RPC_URL=http://127.0.0.1:9545
 FAUCET_ADMIN_PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
@@ -19,4 +15,6 @@ FAUCET_ADDRESS=0x75538B7C906e09A5080b7CA08e794287e2DFd1d3
 # Gas sponsorship
 BASE_SEPOLIA_BUNDER_URL=SET_YOUR_GAS_SPONSOR_URL_HERE
 UNICHAIN_BUNDLER_URL=SET_YOUR_GAS_SPONSOR_URL_HERE
-UNICHAIN_BUNDLER_SPONSORSHIP_POLICY=SET_A_POLICY_HERE
+UNICHAIN_BUNDLER_SPONSORSHIP_POLICY=SET_A_POLICY_HERE
+
+SESSION_SIGNER_PK=

packages/demo/backend/package.json

@@ -36,7 +36,6 @@
     "attribution": "tsx scripts/attribution.ts"
   },
   "dependencies": {
-    "@clerk/backend": "^2.12.0",
     "@eth-optimism/utils-app": "^0.0.6",
     "@eth-optimism/verbs-sdk": "workspace:*",
     "@eth-optimism/viem": "^0.4.13",

packages/demo/backend/src/config/env.ts

@@ -44,8 +44,6 @@ export const env = cleanEnv(process.env, {
   PORT: port({ default: 3000 }),
   PRIVY_APP_ID: str({ devDefault: 'dummy' }),
   PRIVY_APP_SECRET: str({ devDefault: 'dummy' }),
-  CLERK_SECRET_KEY: str({ devDefault: 'dummy' }),
-  CLERK_PUBLISHABLE_KEY: str({ devDefault: 'dummy' }),
   LOCAL_DEV: bool({ default: false }),
   BASE_SEPOLIA_RPC_URL: str({ default: undefined }),
   UNICHAIN_RPC_URL: str({ default: undefined }),
@@ -59,4 +57,5 @@ export const env = cleanEnv(process.env, {
   BASE_SEPOLIA_BUNDER_URL: str({ devDefault: 'dummy' }),
   UNICHAIN_BUNDLER_URL: str({ devDefault: 'dummy' }),
   UNICHAIN_BUNDLER_SPONSORSHIP_POLICY: str({ devDefault: 'dummy' }),
+  SESSION_SIGNER_PK: str(),
 })

packages/demo/backend/src/config/verbs.ts

@@ -13,10 +13,7 @@ export function createVerbsConfig(): VerbsConfig<'privy'> {
         provider: {
           type: 'privy',
           config: {
-            privyClient: new PrivyClient(
-              env.PRIVY_APP_ID,
-              env.PRIVY_APP_SECRET,
-            ),
+            privyClient: getPrivyClient(),
           },
         },
       },
@@ -69,5 +66,9 @@ export function getVerbs() {
 }
 
 export function getPrivyClient() {
-  return new PrivyClient(env.PRIVY_APP_ID, env.PRIVY_APP_SECRET)
+  const privy = new PrivyClient(env.PRIVY_APP_ID, env.PRIVY_APP_SECRET)
+  if (env.SESSION_SIGNER_PK) {
+    privy.walletApi.updateAuthorizationKey(env.SESSION_SIGNER_PK)
+  }
+  return privy
 }

packages/demo/backend/src/controllers/lend.ts

@@ -3,6 +3,8 @@ import type { Context } from 'hono'
 import type { Address } from 'viem'
 import { z } from 'zod'
 
+import type { AuthContext } from '@/middleware/auth.js'
+
 import { validateRequest } from '../helpers/validation.js'
 import * as lendService from '../services/lend.js'
 import { serializeBigInt } from '../utils/serializers.js'
@@ -126,6 +128,39 @@ export class LendController {
       const {
         body: { walletId, amount, tokenAddress, chainId },
       } = validation.data
+      const auth = c.get('auth') as AuthContext | undefined
+
+      // TODO (https://github.com/ethereum-optimism/verbs/issues/124): enforce auth and clean
+      // up this route.
+      if (auth && auth.userId) {
+        const lendTransaction = await lendService.depositWithUserWallet(
+          auth.userId,
+          amount,
+          tokenAddress as Address,
+          chainId as SupportedChainId,
+        )
+
+        const result = await lendService.executeLendTransactionWithUserWallet(
+          auth.userId,
+          lendTransaction,
+          chainId as SupportedChainId,
+        )
+
+        return c.json({
+          transaction: {
+            blockExplorerUrl: result.blockExplorerUrl,
+            hash: result.hash,
+            amount: result.amount.toString(),
+            asset: result.asset,
+            marketId: result.marketId,
+            apy: result.apy,
+            timestamp: result.timestamp,
+            slippage: result.slippage,
+            transactionData: serializeBigInt(result.transactionData),
+          },
+        })
+      }
+
       const lendTransaction = await lendService.deposit(
         walletId,
         amount,

packages/demo/backend/src/controllers/wallet.ts

@@ -2,6 +2,7 @@ import type { Context } from 'hono'
 import type { Address } from 'viem'
 import { z } from 'zod'
 
+import type { AuthContext } from '@/middleware/auth.js'
 import type {
   CreateWalletResponse,
   GetAllWalletsResponse,
@@ -159,6 +160,19 @@ export class WalletController {
       const {
         params: { userId },
       } = validation.data
+      const auth = c.get('auth') as AuthContext | undefined
+
+      // TODO (https://github.com/ethereum-optimism/verbs/issues/124): enforce auth and clean
+      // up this route.
+      if (auth && auth.userId) {
+        const wallet = await walletService.getUserWallet(auth.userId)
+        if (!wallet) {
+          throw new Error('Wallet not found')
+        }
+        const balance = await walletService.getWalletBalance(wallet)
+        return c.json({ balance: serializeBigInt(balance) })
+      }
+
       const balance = await walletService.getBalance(userId)
 
       return c.json({ balance: serializeBigInt(balance) })
@@ -185,8 +199,23 @@ export class WalletController {
       const {
         params: { userId },
       } = validation.data
+      const auth = c.get('auth') as AuthContext | undefined
+      // TODO (https://github.com/ethereum-optimism/verbs/issues/124): enforce auth and clean
+      // up this route.
+      if (auth && auth.userId) {
+        const wallet = await walletService.getUserWallet(auth.userId)
+        if (!wallet) {
+          throw new Error('Wallet not found')
+        }
+        const result = await walletService.fundWallet(wallet)
+        return c.json(result)
+      }
 
-      const result = await walletService.fundWallet(userId)
+      const wallet = await walletService.getWallet(userId)
+      if (!wallet) {
+        throw new Error('Wallet not found')
+      }
+      const result = await walletService.fundWallet(wallet)
 
       return c.json(result)
     } catch (error) {

packages/demo/backend/src/middleware/auth.ts

@@ -1,72 +1,45 @@
-import { verifyToken } from '@clerk/backend'
 import type { Context, Next } from 'hono'
 
-import { env } from '../config/env.js'
+import { getPrivyClient } from '@/config/verbs.js'
 
 export interface AuthContext {
-  userId: string
-  clerkUserId: string
-  privyAuthKey?: string
+  userId?: string
 }
 
 export async function authMiddleware(c: Context, next: Next) {
   const authHeader = c.req.header('Authorization')
 
   if (!authHeader?.startsWith('Bearer ')) {
-    return c.json({ error: 'Missing or invalid authorization header' }, 401)
+    // TODO (https://github.com/ethereum-optimism/verbs/issues/124): enforce auth
+    // Fail silently
+    await next()
+    return
   }
 
-  const token = authHeader.substring(7)
+  const accessToken = parseAuthorizationHeader(authHeader)
+  const authContext: AuthContext = {}
 
   try {
-    const verifiedToken = await verifyToken(token, {
-      secretKey: env.CLERK_SECRET_KEY,
-      // Accept both the publishable key and localhost origins for development
-      authorizedParties: [
-        env.CLERK_PUBLISHABLE_KEY,
-        'http://localhost:5173',
-        'localhost:5173',
-      ],
-    })
-
-    if (!verifiedToken) {
-      return c.json({ error: 'Invalid token' }, 401)
-    }
-
-    const userId = verifiedToken.sub
-
-    const authContext: AuthContext = {
-      userId,
-      clerkUserId: userId,
-    }
-
-    try {
-      // Get Privy authorization key for the authenticated user
-      // This enables user-owned wallets via authenticated signers
-      const authKeyResponse = await fetch(
-        `https://auth.privy.io/api/v1/authorization/init`,
-        {
-          method: 'POST',
-          headers: {
-            'Content-Type': 'application/json',
-            'privy-app-id': env.PRIVY_APP_ID,
-            Authorization: `Bearer ${token}`,
-          },
-        },
-      )
+    const privy = getPrivyClient()
+    const verifiedPrivy = await privy
+      .verifyAuthToken(accessToken)
+      .catch((err) => {
+        console.error('❌ Auth middleware: Token verification failed:', err)
+        throw c.json({ error: 'Invalid or expired token' }, 401)
+      })
+    const userId = verifiedPrivy.userId
+    authContext.userId = userId
+  } catch {
+    // TODO (https://github.com/ethereum-optimism/verbs/issues/124): enforce auth
+    // Silently continue without Privy auth key if request fails
+  }
 
-      if (authKeyResponse.ok) {
-        const authKeyData = await authKeyResponse.json()
-        authContext.privyAuthKey = authKeyData.authorizationKey
-      }
-    } catch {
-      // Silently continue without Privy auth key if request fails
-    }
+  c.set('auth', authContext)
+  await next()
+}
 
-    c.set('auth', authContext)
-    await next()
-  } catch (error) {
-    console.error('❌ Auth middleware: Token verification failed:', error)
-    return c.json({ error: 'Invalid or expired token' }, 401)
-  }
+const parseAuthorizationHeader = (value: string) => {
+  return value.replace('Bearer', '').trim()
 }
+
+export const PRIVY_TOKEN_COOKIE_KEY = 'privy-token'

packages/demo/backend/src/router.ts

@@ -5,6 +5,7 @@ import { fileURLToPath } from 'url'
 
 import { LendController } from './controllers/lend.js'
 import { WalletController } from './controllers/wallet.js'
+import { authMiddleware } from './middleware/auth.js'
 
 export const router = new Hono()
 
@@ -44,8 +45,12 @@ router.get('/version', (c) => {
 router.get('/wallets', walletController.getAllWallets)
 router.post('/wallet/:userId', walletController.createWallet)
 router.get('/wallet/:userId', walletController.getWallet)
-router.get('/wallet/:userId/balance', walletController.getBalance)
-router.post('/wallet/:userId/fund', walletController.fundWallet)
+router.get(
+  '/wallet/:userId/balance',
+  authMiddleware,
+  walletController.getBalance,
+)
+router.post('/wallet/:userId/fund', authMiddleware, walletController.fundWallet)
 router.post('/wallet/send', walletController.sendTokens)
 
 // Lend endpoints
@@ -55,4 +60,4 @@ router.get(
   '/lend/market/:vaultAddress/balance/:walletId',
   lendController.getMarketBalance,
 )
-router.post('/lend/deposit', lendController.deposit)
+router.post('/lend/deposit', authMiddleware, lendController.deposit)

packages/demo/backend/src/services/lend.ts

@@ -8,7 +8,7 @@ import type { Address } from 'viem'
 import { baseSepolia, unichain } from 'viem/chains'
 
 import { getVerbs } from '../config/verbs.js'
-import { getWallet } from './wallet.js'
+import { getUserWallet, getWallet } from './wallet.js'
 
 interface MarketBalanceResult {
   balance: bigint
@@ -112,6 +112,27 @@ export async function formatMarketBalanceResponse(
   }
 }
 
+export async function depositWithUserWallet(
+  userId: string,
+  amount: number,
+  tokenAddress: Address,
+  chainId: SupportedChainId,
+): Promise<LendTransaction> {
+  const wallet = await getUserWallet(userId)
+
+  if (!wallet) {
+    throw new Error(`Wallet not found for user ID: ${userId}`)
+  }
+
+  if ('lendExecute' in wallet && typeof wallet.lendExecute === 'function') {
+    return await wallet.lendExecute(amount, tokenAddress, chainId)
+  } else {
+    throw new Error(
+      'Lend functionality not yet implemented for this wallet type.',
+    )
+  }
+}
+
 export async function deposit(
   walletId: string,
   amount: number,
@@ -133,6 +154,38 @@ export async function deposit(
   }
 }
 
+export async function executeLendTransactionWithUserWallet(
+  userId: string,
+  lendTransaction: LendTransaction,
+  chainId: SupportedChainId,
+): Promise<LendTransaction & { blockExplorerUrl: string }> {
+  const wallet = await getUserWallet(userId)
+
+  if (!wallet) {
+    throw new Error(`Wallet not found for user ID: ${userId}`)
+  }
+
+  if (!lendTransaction.transactionData) {
+    throw new Error('No transaction data available for execution')
+  }
+
+  const depositHash = lendTransaction.transactionData.approval
+    ? await wallet.sendBatch(
+        [
+          lendTransaction.transactionData.approval,
+          lendTransaction.transactionData.deposit,
+        ],
+        chainId,
+      )
+    : await wallet.send(lendTransaction.transactionData.deposit, chainId)
+
+  return {
+    ...lendTransaction,
+    hash: depositHash,
+    blockExplorerUrl: await getBlockExplorerUrl(chainId),
+  }
+}
+
 export async function executeLendTransaction(
   walletId: string,
   lendTransaction: LendTransaction,