feat(experimental): Keypair auth (#494)

* reorganize helper file

* wip

* support keypair auth

* fix unit tests

* return error messages for keypair auth errors

* Don't catch JsonWebToken errors

* catch access token

* move public keys to db

* fix: add crud endpoints

* wip

* add algorithm

* add feature envvar

* handle each jwt type separately

* rename

* remove expiration limit

Author: arcoraven

.env.test

@@ -0,0 +1,5 @@
+THIRDWEB_API_SECRET_KEY="test"
+POSTGRES_CONNECTION_URL="postgresql://postgres:postgres@localhost:5432/postgres?sslmode=disable"
+ADMIN_WALLET_ADDRESS="test"
+ENCRYPTION_PASSWORD="test"
+ENABLE_KEYPAIR_AUTH="true"

package.json

@@ -59,6 +59,7 @@
     "fastify": "^4.15.0",
     "fastify-plugin": "^4.5.0",
     "http-status-codes": "^2.2.0",
+    "jsonwebtoken": "^9.0.2",
     "knex": "^3.1.0",
     "mnemonist": "^0.39.8",
     "node-cron": "^3.0.2",
@@ -77,6 +78,7 @@
     "@types/crypto-js": "^4.2.2",
     "@types/express": "^4.17.17",
     "@types/jest": "^29.5.11",
+    "@types/jsonwebtoken": "^9.0.6",
     "@types/node": "^18.15.4",
     "@types/node-cron": "^3.0.8",
     "@types/pg": "^8.6.6",

src/db/keypair/delete.ts

@@ -0,0 +1,12 @@
+import { Keypairs } from "@prisma/client";
+import { prisma } from "../client";
+
+export const deleteKeypair = async ({
+  hash,
+}: {
+  hash: string;
+}): Promise<Keypairs> => {
+  return prisma.keypairs.delete({
+    where: { hash },
+  });
+};

src/db/keypair/get.ts

@@ -0,0 +1,15 @@
+import { Keypairs } from "@prisma/client";
+import { createHash } from "crypto";
+import { prisma } from "../client";
+
+export const getKeypairByPublicKey = async ({
+  publicKey,
+}: {
+  publicKey: string;
+}): Promise<Keypairs | null> => {
+  const hash = createHash("sha256").update(publicKey).digest("hex");
+
+  return prisma.keypairs.findUnique({
+    where: { hash },
+  });
+};

src/db/keypair/insert.ts

@@ -0,0 +1,25 @@
+import { Keypairs } from "@prisma/client";
+import { createHash } from "crypto";
+import { KeypairAlgorithm } from "../../server/schemas/keypairs";
+import { prisma } from "../client";
+
+export const insertKeypair = async ({
+  publicKey,
+  algorithm,
+  label,
+}: {
+  publicKey: string;
+  algorithm: KeypairAlgorithm;
+  label?: string;
+}): Promise<Keypairs> => {
+  const hash = createHash("sha256").update(publicKey).digest("hex");
+
+  return prisma.keypairs.create({
+    data: {
+      hash,
+      publicKey,
+      algorithm,
+      label,
+    },
+  });
+};

src/db/keypair/list.ts

@@ -0,0 +1,6 @@
+import { Keypairs } from "@prisma/client";
+import { prisma } from "../client";
+
+export const listKeypairs = async (): Promise<Keypairs[]> => {
+  return prisma.keypairs.findMany();
+};

src/db/tokens/getToken.ts

@@ -1,15 +1,14 @@
 import { parseJWT } from "@thirdweb-dev/auth";
 import { prisma } from "../client";
 
-interface GetTokenParams {
-  jwt: string;
-}
-
-export const getToken = async ({ jwt }: GetTokenParams) => {
+export const getToken = async (jwt: string) => {
   const { payload } = parseJWT(jwt);
-  return prisma.tokens.findUnique({
-    where: {
-      id: payload.jti,
-    },
-  });
+  if (payload.jti) {
+    return prisma.tokens.findUnique({
+      where: {
+        id: payload.jti,
+      },
+    });
+  }
+  return null;
 };

src/prisma/migrations/20240327202800_add_keypairs/migration.sql

@@ -0,0 +1,8 @@
+-- CreateTable
+CREATE TABLE "keypairs" (
+    "hash" TEXT NOT NULL,
+    "publicKey" TEXT NOT NULL,
+    "createdAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP,
+
+    CONSTRAINT "keypairs_pkey" PRIMARY KEY ("hash")
+);

src/prisma/migrations/20240410015450_add_keypair_algorithm/migration.sql

@@ -0,0 +1,8 @@
+/*
+  Warnings:
+
+  - Added the required column `algorithm` to the `keypairs` table without a default value. This is not possible if the table is not empty.
+
+*/
+-- AlterTable
+ALTER TABLE "keypairs" ADD COLUMN     "algorithm" TEXT NOT NULL;

src/prisma/migrations/20240411235927_add_keypair_label/migration.sql

@@ -0,0 +1,3 @@
+-- AlterTable
+ALTER TABLE "keypairs" ADD COLUMN     "label" TEXT,
+ADD COLUMN     "updatedAt" TIMESTAMP(3) NOT NULL DEFAULT CURRENT_TIMESTAMP;

src/prisma/schema.prisma

@@ -265,3 +265,14 @@ model ChainIndexers {
 
   @@map("chain_indexers")
 }
+
+model Keypairs {
+  hash      String   @id
+  publicKey String
+  algorithm String
+  label     String?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @default(now())
+
+  @@map("keypairs")
+}