feat(admin-api): enable auth headers for admin api routes

crates/server/src/admin/service.rs

@@ -11,11 +11,11 @@ use calimero_store::Store;
 use libp2p::identity::Keypair;
 use serde::{Deserialize, Serialize};
 use serde_json::json;
-use tower_http::services::{ServeDir, ServeFile};
-use tower_http::set_status::SetStatus;
 use tower_sessions::{MemoryStore, SessionManagerLayer};
 use tracing::info;
 
+use crate::middleware;
+
 use super::handlers::add_client_key::add_client_key_handler;
 use super::handlers::challenge::request_challenge_handler;
 use super::handlers::context::{
@@ -24,6 +24,7 @@ use super::handlers::context::{
 };
 use super::handlers::fetch_did::fetch_did_handler;
 use super::handlers::root_keys::create_root_key_handler;
+use super::storage::did::get_or_create_did;
 
 #[derive(Debug, Serialize, Deserialize)]
 pub struct AdminConfig {
@@ -56,18 +57,15 @@ pub(crate) fn setup(
     let session_layer = SessionManagerLayer::new(session_store).with_secure(false);
 
     let shared_state = Arc::new(AdminState {
-        store,
+        store: store.clone(),
         keypair: config.identity.clone(),
         application_manager,
     });
 
-    let admin_router = Router::new()
-        .route("/health", get(health_check_handler))
+    let protected_router = Router::new()
         .route("/root-key", post(create_root_key_handler))
-        .route("/request-challenge", post(request_challenge_handler))
         .route("/install-application", post(install_application_handler))
         .route("/applications", get(list_applications_handler))
-        .route("/add-client-key", post(add_client_key_handler))
         .route("/did", get(fetch_did_handler))
         .route("/contexts", post(create_context_handler))
         .route("/contexts/:context_id", delete(delete_context_handler))
@@ -76,7 +74,18 @@ pub(crate) fn setup(
         .route("/contexts/:context_id/client-keys", get(get_context_client_keys_handler))
         .route("/contexts/:context_id/storage", get(get_context_storage_handler))
         .route("/contexts", get(get_contexts_handler))
-        .layer(Extension(shared_state))
+        .layer(middleware::auth::AuthSignatureLayer::new(store.clone()))
+        .layer(Extension(shared_state.clone()));
+
+    let unprotected_router = Router::new()
+        .route("/health", get(health_check_handler))
+        .route("/request-challenge", post(request_challenge_handler))
+        .route("/add-client-key", post(add_client_key_handler))
+        .layer(Extension(shared_state.clone()));
+
+    let admin_router = Router::new()
+        .nest("/", unprotected_router)
+        .nest("/", protected_router)
         .layer(session_layer);
 
     Ok(Some((admin_path, admin_router)))

packages/calimero-sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@calimero-is-near/calimero-p2p-sdk",
-  "version": "0.0.21",
+  "version": "0.0.22",
   "description": "Javascript library to interact with Calimero P2P node",
   "type": "module",
   "main": "lib/index.js",

packages/calimero-sdk/src/api/nodeApi.ts

@@ -50,12 +50,14 @@ export interface LoginRequest {
   walletSignature: String;
   payload: Payload;
   walletMetadata: WalletMetadata;
+  contextId: string;
 }
 
 export interface RootKeyRequest {
   walletSignature: String;
   payload: Payload;
   walletMetadata: WalletMetadata;
+  contextId: string;
 }
 
 export interface NodeChallenge {

packages/calimero-sdk/src/crypto/crypto.ts

@@ -0,0 +1,54 @@
+import { unmarshalPrivateKey } from '@libp2p/crypto/keys';
+import { PrivateKey } from '@libp2p/interface';
+import bs58 from 'bs58';
+import { WalletType } from '../api/nodeApi';
+import { ClientKey } from '../types/storage';
+import { getStorageClientKey } from '../storage/storage';
+
+export interface AxiosHeader {
+  [key: string]: string;
+}
+
+export async function createAuthHeader(
+  payload: string,
+): Promise<AxiosHeader | null> {
+  const privateKey: PrivateKey = await getPrivateKey();
+
+  if (!privateKey) {
+    return null;
+  }
+
+  const encoder = new TextEncoder();
+  const contentBuff = encoder.encode(payload);
+
+  const signing_key = bs58.encode(privateKey.public.bytes);
+
+  const hashBuffer = await crypto.subtle.digest('SHA-256', contentBuff);
+  const hashArray = new Uint8Array(hashBuffer);
+
+  const signature = await privateKey.sign(hashArray);
+  const signatureBase58 = bs58.encode(signature);
+  const contentBase58 = bs58.encode(hashArray);
+
+  const headers: AxiosHeader = {
+    wallet_type: JSON.stringify(WalletType.NEAR),
+    signing_key: signing_key,
+    signature: signatureBase58,
+    challenge: contentBase58,
+  };
+
+  return headers;
+}
+
+export async function getPrivateKey(): Promise<PrivateKey | null> {
+  try {
+    const clientKey: ClientKey | null = getStorageClientKey();
+    if (!clientKey) {
+      return null;
+    }
+    return await unmarshalPrivateKey(bs58.decode(clientKey.privateKey));
+  } catch (error) {
+    console.error('Error extracting private key:', error);
+    return null;
+  }
+}

packages/calimero-sdk/src/crypto/index.ts

@@ -0,0 +1,2 @@
+export * from './crypto';
+export * from './ed25519';

packages/calimero-sdk/src/index.ts

@@ -5,3 +5,4 @@ export * from './setup';
 export * from './components';
 export * from './types';
 export * from './api/nodeApi';
+export * from './crypto';

packages/calimero-sdk/src/storage/storage.ts

@@ -1,16 +1,17 @@
 import { ClientKey } from '../types/storage';
 
-export const CLIENT_KEY = 'client-key';
-export const AUTHORIZED = 'node-authorized';
+export const CLIENT_KEY = "client-key";
+export const APP_URL = "app-url";
+export const AUTHORIZED = "node-authorized";
 
 export const setStorageClientKey = (clientKey: ClientKey) => {
   localStorage.setItem(CLIENT_KEY, JSON.stringify(clientKey));
 };
 
 export const getStorageClientKey = (): ClientKey | null => {
-  if (typeof window !== 'undefined' && window.localStorage) {
+  if (typeof window !== "undefined" && window.localStorage) {
     let clientKeystore: ClientKey = JSON.parse(
-      localStorage.getItem(CLIENT_KEY)!,
+      localStorage.getItem(CLIENT_KEY)
     );
     if (clientKeystore) {
       return clientKeystore;
@@ -28,8 +29,8 @@ export const setStorageNodeAuthorized = () => {
 };
 
 export const getStorageNodeAuthorized = (): boolean | null => {
-  if (typeof window !== 'undefined' && window.localStorage) {
-    let authorized: boolean = JSON.parse(localStorage.getItem(AUTHORIZED)!);
+  if (typeof window !== "undefined" && window.localStorage) {
+    let authorized: boolean = JSON.parse(localStorage.getItem(AUTHORIZED));
     if (authorized) {
       return authorized;
     }
@@ -40,3 +41,21 @@ export const getStorageNodeAuthorized = (): boolean | null => {
 export const clearNodeAuthorized = () => {
   localStorage.removeItem(AUTHORIZED);
 };
+
+export const clearAppEndpoint = () => {
+  localStorage.removeItem(APP_URL);
+};
+
+export const setAppEndpointKey = (url: String) => {
+  localStorage.setItem(APP_URL, JSON.stringify(url));
+};
+
+export const getAppEndpointKey = (): String | null => {
+  if (typeof window !== "undefined" && window.localStorage) {
+    let url: String = JSON.parse(localStorage.getItem(APP_URL));
+    if (url) {
+      return url;
+    }
+  }
+  return null;
+};

packages/calimero-sdk/src/wallets/MetamaskLogin/LoginWithMetamask.tsx

@@ -118,6 +118,7 @@ export function LoginWithMetamask({
         walletSignature: signData,
         payload: walletSignatureData?.payload,
         walletMetadata: walletMetadata,
+        contextId: applicationId,
       };
       await apiClient
         .node()

packages/calimero-sdk/src/wallets/MetamaskLogin/MetamaskRootKey.tsx

@@ -116,6 +116,7 @@ export function MetamaskRootKey({
         walletSignature: signData,
         payload: walletSignatureData?.payload,
         walletMetadata: walletMetadata,
+        contextId: applicationId
       };
       await apiClient
         .node()

packages/calimero-sdk/src/wallets/NearLogin/NearLogin.tsx

@@ -238,6 +238,7 @@ export const NearLogin: React.FC<NearLoginProps> = ({
         walletSignature: signature,
         payload: walletSignatureData.payload!,
         walletMetadata: walletMetadata,
+        contextId: appId,
       };
 
       await apiClient

packages/calimero-sdk/src/wallets/NearLogin/NearRootKey.tsx

@@ -226,6 +226,7 @@ export const NearRootKey: React.FC<NearRootKeyProps> = ({
         walletSignature: signature,
         payload: payload,
         walletMetadata: walletMetadata,
+        contextId: appId
       };
 
       await apiClient