[poc] feat: fetch interface session

package.json

@@ -67,14 +67,14 @@
     "rollup-plugin-node-globals": "^1.4.0",
     "rollup-plugin-terser": "^7.0.2",
     "stream-http": "^3.2.0",
-    "typedoc": "^0.22.13",
+    "typedoc": "^0.22.15",
     "typescript": "^4.2.4",
     "vite-compatible-readable-stream": "^3.6.0"
   },
   "scripts": {
     "bootstrap": "lerna bootstrap",
     "build": "lerna run build",
-    "build:docs": "rimraf docs && typedoc --tsconfig tsconfig.typedoc.json packages/**/src/index.ts --release-version $(node -p \"require('./lerna.json').version\")",
+    "build:docs": "rimraf docs && RELEASE_VERSION=$(node -p \"require('./lerna.json').version\") && typedoc --tsconfig tsconfig.typedoc.json packages/**/src/index.ts --release-version $RELEASE_VERSION",
     "clean": "lerna clean",
     "lerna": "lerna",
     "lint": "npm run lint:eslint && npm run lint:prettier",

packages/auth/src/profile.ts

@@ -1,5 +1,4 @@
 import { resolveZoneFileToProfile } from '@stacks/profile';
-import { fetchPrivate } from '@stacks/common';
 import { StacksMainnet, StacksNetwork, StacksNetworkName } from '@stacks/network';
 
 export interface ProfileLookupOptions {
@@ -31,13 +30,13 @@ export function lookupProfile(lookupOptions: ProfileLookupOptions): Promise<Reco
   let lookupPromise;
   if (options.zoneFileLookupURL) {
     const url = `${options.zoneFileLookupURL.replace(/\/$/, '')}/${options.username}`;
-    lookupPromise = fetchPrivate(url).then(response => response.json());
+    lookupPromise = network.fetchFn(url).then(response => response.json());
   } else {
     lookupPromise = network.getNameInfo(options.username);
   }
   return lookupPromise.then((responseJSON: any) => {
     if (responseJSON.hasOwnProperty('zonefile') && responseJSON.hasOwnProperty('address')) {
-      return resolveZoneFileToProfile(responseJSON.zonefile, responseJSON.address);
+      return resolveZoneFileToProfile(responseJSON.zonefile, responseJSON.address, network.fetchFn);
     } else {
       throw new Error(
         'Invalid zonefile lookup response: did not contain `address`' + ' or `zonefile` field'

packages/auth/src/provider.ts

@@ -1,6 +1,6 @@
 import * as queryString from 'query-string';
 import { decodeToken } from 'jsontokens';
-import { BLOCKSTACK_HANDLER, getGlobalObject, fetchPrivate } from '@stacks/common';
+import { BLOCKSTACK_HANDLER, getGlobalObject, createFetchFn, FetchFn } from '@stacks/common';
 
 /**
  * Retrieves the authentication request from the query string
@@ -36,7 +36,10 @@ export function getAuthRequestFromURL() {
  * @private
  * @ignore
  */
-export async function fetchAppManifest(authRequest: string): Promise<any> {
+export async function fetchAppManifest(
+  authRequest: string,
+  fetchFn: FetchFn = createFetchFn()
+): Promise<any> {
   if (!authRequest) {
     throw new Error('Invalid auth request');
   }
@@ -47,7 +50,7 @@ export async function fetchAppManifest(authRequest: string): Promise<any> {
   const manifestURI = payload.manifest_uri as string;
   try {
     // Logger.debug(`Fetching manifest from ${manifestURI}`)
-    const response = await fetchPrivate(manifestURI);
+    const response = await fetchFn(manifestURI);
     const responseText = await response.text();
     const responseJSON = JSON.parse(responseText);
     return { ...responseJSON, manifestURI };

packages/auth/src/userSession.ts

@@ -1,5 +1,5 @@
 // @ts-ignore
-import { Buffer } from '@stacks/common';
+import { Buffer, FetchFn, createFetchFn } from '@stacks/common';
 import { AppConfig } from './appConfig';
 import { SessionOptions } from './sessionData';
 import { InstanceDataStore, LocalStorageStore, SessionDataStore } from './sessionStore';
@@ -15,7 +15,6 @@ import {
 import { getAddressFromDID } from './dids';
 import {
   BLOCKSTACK_DEFAULT_GAIA_HUB_URL,
-  fetchPrivate,
   getGlobalObject,
   InvalidStateError,
   isLaterVersion,
@@ -214,7 +213,8 @@ export class UserSession {
    * if handling the sign in request fails or there was no pending sign in request.
    */
   async handlePendingSignIn(
-    authResponseToken: string = this.getAuthResponseToken()
+    authResponseToken: string = this.getAuthResponseToken(),
+    fetchFn: FetchFn = createFetchFn()
   ): Promise<UserData> {
     const sessionData = this.store.getSessionData();
 
@@ -312,7 +312,7 @@ export class UserSession {
     };
     const profileURL = tokenPayload.profile_url as string;
     if (!userData.profile && profileURL) {
-      const response = await fetchPrivate(profileURL);
+      const response = await fetchFn(profileURL);
       if (!response.ok) {
         // return blank profile if we fail to fetch
         userData.profile = Object.assign({}, DEFAULT_PROFILE);

packages/cli/src/network.ts

@@ -1,11 +1,11 @@
 import blockstack from 'blockstack';
 import * as bitcoin from 'bitcoinjs-lib';
 import BN from 'bn.js';
-import fetch from 'node-fetch';
 
 import { CLI_CONFIG_TYPE } from './argparse';
 
 import { BlockstackNetwork } from 'blockstack/lib/network';
+import { FetchFn, createFetchFn } from '@stacks/common';
 
 export interface CLI_NETWORK_OPTS {
   consensusHash: string | null;
@@ -187,15 +187,16 @@ export class CLINetworkAdapter {
   getNamespaceBurnAddress(
     namespace: string,
     useCLI: boolean = true,
-    receiveFeesPeriod: number = -1
+    receiveFeesPeriod: number = -1,
+    fetchFn: FetchFn = createFetchFn()
   ): Promise<string> {
     // override with CLI option
     if (this.namespaceBurnAddress && useCLI) {
       return new Promise((resolve: any) => resolve(this.namespaceBurnAddress));
     }
 
     return Promise.all([
-      fetch(`${this.legacyNetwork.blockstackAPIUrl}/v1/namespaces/${namespace}`),
+      fetchFn(`${this.legacyNetwork.blockstackAPIUrl}/v1/namespaces/${namespace}`),
       this.legacyNetwork.getBlockHeight(),
     ])
       .then(([resp, blockHeight]: [any, number]) => {
@@ -245,10 +246,10 @@ export class CLINetworkAdapter {
     });
   }
 
-  getBlockchainNameRecord(name: string): Promise<any> {
+  getBlockchainNameRecord(name: string, fetchFn: FetchFn = createFetchFn()): Promise<any> {
     // TODO: send to blockstack.js
     const url = `${this.legacyNetwork.blockstackAPIUrl}/v1/blockchains/bitcoin/names/${name}`;
-    return fetch(url)
+    return fetchFn(url)
       .then(resp => {
         if (resp.status !== 200) {
           throw new Error(`Bad response status: ${resp.status}`);
@@ -268,10 +269,14 @@ export class CLINetworkAdapter {
       });
   }
 
-  getNameHistory(name: string, page: number): Promise<Record<string, any[]>> {
+  getNameHistory(
+    name: string,
+    page: number,
+    fetchFn: FetchFn = createFetchFn()
+  ): Promise<Record<string, any[]>> {
     // TODO: send to blockstack.js
     const url = `${this.legacyNetwork.blockstackAPIUrl}/v1/names/${name}/history?page=${page}`;
-    return fetch(url)
+    return fetchFn(url)
       .then(resp => {
         if (resp.status !== 200) {
           throw new Error(`Bad response status: ${resp.status}`);

packages/common/src/fetchApiAuthMiddleware.ts

@@ -0,0 +1,126 @@
+// **NOTE** This is an untested proof-of-concept for using fetch middleware to handle
+// session API key based authentication.
+
+import 'cross-fetch/polyfill';
+import { FetchMiddleware, hostMatches, ResponseContext } from './fetchUtil';
+
+export interface SessionAuthDataStore {
+  get(host: string): Promise<{ authKey: string } | undefined> | { authKey: string } | undefined;
+  set(host: string, authData: { authKey: string }): Promise<void> | void;
+  delete(host: string): Promise<void> | void;
+}
+
+export interface ApiSessionAuthMiddlewareOpts {
+  /** The middleware / API key header will only be added to requests matching this host. */
+  host?: RegExp | string;
+  /** The http header name used for specifying the API key value. */
+  httpHeader?: string;
+  authPath: string;
+  authRequestMetadata: Record<string, string>;
+  authDataStore?: SessionAuthDataStore;
+}
+
+export function createApiSessionAuthMiddleware({
+  host = /(.*)api(.*)\.stacks\.co$/i,
+  httpHeader = 'x-api-key',
+  authPath = '/request_key',
+  authRequestMetadata = {},
+  authDataStore = createInMemoryAuthDataStore(),
+}: ApiSessionAuthMiddlewareOpts): FetchMiddleware {
+  // Local temporary cache of any previous auth request promise, used so that
+  // multiple re-auth requests are not running in parallel.
+  let pendingAuthRequest: Promise<{ authKey: string }> | null = null;
+
+  const authMiddleware: FetchMiddleware = {
+    pre: async context => {
+      // Skip middleware if host does not match pattern
+      const reqUrl = new URL(context.url);
+      if (!hostMatches(reqUrl.host, host)) return;
+
+      const authData = await authDataStore.get(reqUrl.host);
+      if (authData) {
+        context.init.headers = setRequestHeader(context.init, httpHeader, authData.authKey);
+      }
+    },
+    post: async context => {
+      // Skip middleware if response was successful
+      if (context.response.status !== 401) return;
+
+      // Skip middleware if host does not match pattern
+      const reqUrl = new URL(context.url);
+      if (!hostMatches(reqUrl.host, host)) return;
+
+      // Retry original request after authorization request
+      if (!pendingAuthRequest) {
+        // Check if for any currently pending auth requests and re-use it to avoid creating multiple in parallel
+        pendingAuthRequest = resolveAuthToken(context, authPath, authRequestMetadata)
+          .then(async result => {
+            // If the request is successfull, add the key to storage.
+            await authDataStore.set(reqUrl.host, result);
+            return result;
+          })
+          .finally(() => {
+            // When the request is completed (either successful or rejected) remove reference
+            pendingAuthRequest = null;
+          });
+      }
+      const { authKey } = await pendingAuthRequest;
+      // Retry the request using the new API key auth header.
+      context.init.headers = setRequestHeader(context.init, httpHeader, authKey);
+      return context.fetch(context.url, context.init);
+    },
+  };
+  return authMiddleware;
+}
+
+function createInMemoryAuthDataStore(): SessionAuthDataStore {
+  const map = new Map<string, { authKey: string }>();
+  const store: SessionAuthDataStore = {
+    get: host => {
+      return map.get(host);
+    },
+    set: (host, authData) => {
+      map.set(host, authData);
+    },
+    delete: host => {
+      map.delete(host);
+    },
+  };
+  return store;
+}
+
+function setRequestHeader(requestInit: RequestInit, headerKey: string, headerValue: string) {
+  const headers = new Headers(requestInit.headers);
+  headers.set(headerKey, headerValue);
+  return headers;
+}
+
+async function resolveAuthToken(
+  context: ResponseContext,
+  authPath: string,
+  authRequestMetadata: Record<string, string>
+) {
+  const reqUrl = new URL(context.url);
+  const authEndpoint = new URL(reqUrl.origin);
+  authEndpoint.pathname = authPath;
+  const authReq = await context.fetch(authEndpoint.toString(), {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Accept: 'application/json',
+    },
+    body: JSON.stringify(authRequestMetadata),
+  });
+  if (authReq.ok) {
+    const authRespBody: { auth_key: string } = await authReq.json();
+    return { authKey: authRespBody.auth_key };
+  } else {
+    let respBody = '';
+    try {
+      respBody = await authReq.text();
+    } catch (error) {
+      respBody = `Error fetching API auth key: ${authReq.status} - Error fetching response body: ${error}`;
+    }
+    throw new Error(`Error fetching API auth key: ${authReq.status} - ${respBody}`);
+  }
+}