Update /use and types to v2 (#5708)

## Problem solved

CNCT-2640

<!-- start pr-codex -->

---

## PR-Codex overview
This PR focuses on refactoring the `service-utils` package to remove the `usageLimit` module, update types and endpoints to version 2, and enhance authorization logic by integrating team and project responses.

### Detailed summary
- Deleted `usageLimit` module files.
- Updated API endpoint and types to version 2.
- Modified `authorizeClient` and `authorizeService` functions to use `TeamAndProjectResponse`.
- Adjusted authorization tests to reflect new structure.
- Revised caching logic for keys.
- Enhanced rate limiting to use project IDs instead of account IDs.

> ✨ Ask PR-Codex anything about this PR by commenting with `/codex {your question}`

<!-- end pr-codex -->

Author: joaquim-verges

.changeset/odd-flies-eat.md

@@ -0,0 +1,5 @@
+---
+"@thirdweb-dev/service-utils": minor
+---
+
+Update /use endpoint and types to v2

packages/service-utils/src/cf-worker/index.ts

@@ -4,11 +4,7 @@ import type {
   Response,
 } from "@cloudflare/workers-types";
 import type { Request } from "@cloudflare/workers-types";
-import type {
-  AccountMetadata,
-  ApiKeyMetadata,
-  CoreServiceConfig,
-} from "../core/api.js";
+import type { CoreServiceConfig, TeamAndProjectResponse } from "../core/api.js";
 import { authorize } from "../core/authorize/index.js";
 import type { AuthorizationInput } from "../core/authorize/index.js";
 import type { AuthorizationResult } from "../core/authorize/types.js";
@@ -17,7 +13,6 @@ import type { CoreAuthInput } from "../core/types.js";
 export * from "./usage.js";
 export * from "../core/services.js";
 export * from "../core/rateLimit/index.js";
-export * from "../core/usageLimit/index.js";
 
 export type WorkerServiceConfig = CoreServiceConfig & {
   kvStore: KVNamespace;
@@ -57,13 +52,13 @@ export async function authorizeWorker(
 
   return await authorize(authData, serviceConfig, {
     get: async (clientId: string) => serviceConfig.kvStore.get(clientId),
-    put: (clientId: string, apiKeyMeta: ApiKeyMetadata | AccountMetadata) =>
+    put: (clientId: string, data: TeamAndProjectResponse) =>
       serviceConfig.ctx.waitUntil(
         serviceConfig.kvStore.put(
           clientId,
           JSON.stringify({
             updatedAt: Date.now(),
-            apiKeyMeta,
+            data,
           }),
           {
             expirationTtl:

packages/service-utils/src/core/api.ts

@@ -1,3 +1,4 @@
+import type { AuthorizationInput } from "./authorize/index.js";
 import type { ServiceName } from "./services.js";
 
 export type UserOpData = {
@@ -14,7 +15,6 @@ export type PolicyResult = {
 };
 
 export type CoreServiceConfig = {
-  enforceAuth?: boolean;
   apiUrl: string;
   serviceScope: ServiceName;
   serviceApiKey: string;
@@ -23,105 +23,131 @@ export type CoreServiceConfig = {
   includeUsage?: boolean;
 };
 
-type Usage = {
-  storage?: {
-    sumFileSizeBytes: number;
-  };
-  embeddedWallets?: {
-    countWalletAddresses: number;
+export type TeamAndProjectResponse = {
+  team: TeamResponse;
+  project?: ProjectResponse | null;
+};
+
+export type ApiResponse = {
+  data: TeamAndProjectResponse | null;
+  error: {
+    code: string;
+    statusCode: number;
+    message: string;
   };
 };
 
-export type ApiKeyMetadata = {
+export type TeamResponse = {
   id: string;
-  key: string;
-  accountId: string;
-  accountStatus: "noCustomer" | "noPayment" | "validPayment" | "invalidPayment";
-  accountPlan: "free" | "growth" | "pro" | "enterprise";
-  creatorWalletAddress: string;
-  secretHash: string;
-  walletAddresses: string[];
-  domains: string[];
-  bundleIds: string[];
-  redirectUrls: string[];
-  services: {
-    name: string;
-    targetAddresses: string[];
-    actions: string[];
-  }[];
-  usage?: Usage;
-  limits: Partial<Record<ServiceName, number>>;
-  rateLimits: Partial<Record<ServiceName, number>>;
-  policyResult?: PolicyResult;
+  name: string;
+  slug: string;
+  image: string | null;
+  billingPlan: string;
+  createdAt: Date;
+  updatedAt: Date | null;
+  billingEmail: string | null;
+  billingStatus: string | null;
+  growthTrialEligible: boolean | null;
+  enabledScopes: ServiceName[];
 };
 
-export type AccountMetadata = {
+export type ProjectResponse = {
   id: string;
+  teamId: string;
+  createdAt: Date;
+  updatedAt: Date | null;
+  publishableKey: string;
   name: string;
-  creatorWalletAddress: string;
-  usage?: Usage;
-  limits: Partial<Record<ServiceName, number>>;
-  rateLimits: Partial<Record<ServiceName, number>>;
+  slug: string;
+  image: string | null;
+  domains: string[];
+  bundleIds: string[];
+  services: (
+    | {
+        name: "pay";
+        actions: never[];
+        payoutAddress: string | null;
+      }
+    | {
+        name: "storage";
+        actions: ("read" | "write")[];
+      }
+    | {
+        name: "rpc";
+        actions: never[];
+      }
+    | {
+        name: "insight";
+        actions: never[];
+      }
+    | {
+        name: "nebula";
+        actions: never[];
+      }
+    | {
+        name: "bundler";
+        actions: never[];
+        allowedChainIds?: number[] | null;
+        allowedContractAddresses?: string[] | null;
+        allowedWallets?: string[] | null;
+        blockedWallets?: string[] | null;
+        bypassWallets?: string[] | null;
+        limits?: {
+          global?: {
+            maxSpend: string;
+            maxSpendUnit: "usd" | "native";
+          } | null;
+        } | null;
+        serverVerifier?: {
+          url: string;
+          headers?: {
+            key: string;
+            value: string;
+          }[];
+        } | null;
+      }
+    | {
+        name: "embeddedWallets";
+        actions: never[];
+        redirectUrls?: string[] | null;
+        applicationName?: string | null;
+        applicationImageUrl?: string | null;
+        recoveryShareManagement?: string | null;
+        customAuthentication?: CustomAuthenticationServiceSchema | null;
+        customAuthEndpoint?: CustomAuthEndpointServiceSchema | null;
+      }
+  )[];
+  walletAddresses: string[];
 };
 
-export type ApiResponse = {
-  data: ApiKeyMetadata | null;
-  error: {
-    code: string;
-    statusCode: number;
-    message: string;
-  };
+type CustomAuthenticationServiceSchema = {
+  jwksUri: string;
+  aud: string;
 };
 
-export type ApiAccountResponse = {
-  data: AccountMetadata | null;
-  error: {
-    code: string;
-    statusCode: number;
-    message: string;
-  };
+type CustomAuthEndpointServiceSchema = {
+  authEndpoint: string;
+  customHeaders: {
+    key: string;
+    value: string;
+  }[];
 };
 
-export async function fetchKeyMetadataFromApi(
-  clientId: string,
+export async function fetchTeamAndProject(
+  authData: AuthorizationInput,
   config: CoreServiceConfig,
 ): Promise<ApiResponse> {
-  const { apiUrl, serviceScope, serviceApiKey, includeUsage = true } = config;
-  const url = `${apiUrl}/v1/keys/use?clientId=${clientId}&scope=${serviceScope}&includeUsage=${includeUsage}`;
-  const response = await fetch(url, {
-    method: "GET",
-    headers: {
-      "x-service-api-key": serviceApiKey,
-      "content-type": "application/json",
-    },
-  });
-
-  let text = "";
-  try {
-    text = await response.text();
-    return JSON.parse(text);
-  } catch {
-    throw new Error(
-      `Error fetching key metadata from API: ${response.status} - ${text}`,
-    );
-  }
-}
+  const { apiUrl, serviceApiKey } = config;
 
-export async function fetchAccountFromApi(
-  jwt: string,
-  config: CoreServiceConfig,
-  useWalletAuth: boolean,
-): Promise<ApiAccountResponse> {
-  const { apiUrl, serviceApiKey, includeUsage = true } = config;
-  const url = useWalletAuth
-    ? `${apiUrl}/v1/wallet/me?includeUsage=${includeUsage}`
-    : `${apiUrl}/v1/account/me?includeUsage=${includeUsage}`;
+  const clientId = authData.clientId;
+  const url = `${apiUrl}/v2/keys/use${clientId ? `?clientId=${clientId}` : ""}`;
   const response = await fetch(url, {
     method: "GET",
     headers: {
+      ...(authData.secretKey ? { "x-secret-key": authData.secretKey } : {}),
+      ...(authData.jwt ? { Authorization: `Bearer ${authData.jwt}` } : {}),
       "x-service-api-key": serviceApiKey,
       "content-type": "application/json",
-      authorization: `Bearer ${jwt}`,
     },
   });
 
@@ -131,13 +157,13 @@ export async function fetchAccountFromApi(
     return JSON.parse(text);
   } catch {
     throw new Error(
-      `Error fetching account from API: ${response.status} - ${text}`,
+      `Error fetching key metadata from API: ${response.status} - ${text}`,
     );
   }
 }
 
 export async function updateRateLimitedAt(
-  apiKeyId: string,
+  projectId: string,
   config: CoreServiceConfig,
 ): Promise<void> {
   const { apiUrl, serviceScope: scope, serviceApiKey } = config;
@@ -151,7 +177,7 @@ export async function updateRateLimitedAt(
       "content-type": "application/json",
     },
     body: JSON.stringify({
-      apiKeyId,
+      apiKeyId: projectId, // projectId is the apiKeyId
       scope,
     }),
   });

packages/service-utils/src/core/authorize/authorize.test.ts

@@ -6,11 +6,10 @@ const validServiceConfig: CoreServiceConfig = {
   apiUrl: "https://api.example.com",
   serviceScope: "storage",
   serviceApiKey: "service key",
-  enforceAuth: false,
 };
 
 describe("authorizeClient", () => {
-  it("should skip authorization if auth not enforced and no credentials", async () => {
+  it("should not authorize if auth not enforced and no credentials", async () => {
     const result = (await authorize(
       {
         secretKey: null,
@@ -20,30 +19,13 @@ describe("authorizeClient", () => {
         secretKeyHash: null,
         hashedJWT: null,
         jwt: null,
+        ecosystemId: null,
+        ecosystemPartnerId: null,
       },
       validServiceConfig,
       // biome-ignore lint/suspicious/noExplicitAny: test only
     )) as any;
 
-    expect(result.authorized).toBe(true);
-    expect(result.apiKeyMeta).toEqual(null);
-  });
-
-  it("should continue authorization if auth enforced", async () => {
-    const result = (await authorize(
-      {
-        secretKey: null,
-        clientId: null,
-        origin: null,
-        bundleId: null,
-        secretKeyHash: null,
-        hashedJWT: null,
-        jwt: null,
-      },
-      { ...validServiceConfig, enforceAuth: true },
-      // biome-ignore lint/suspicious/noExplicitAny: test only
-    )) as any;
-
     expect(result.authorized).toBe(false);
   });
 });