v2 token re-validation on 401

Author: tsmbl

packages/blockchain-sdk-solana/src/auth/v2/sign-message/solana-sign-message-v2-authentication-facade-factory.ts

@@ -2,10 +2,10 @@ import {
   AuthenticationFacade,
   AuthenticationFacadeFactory,
   Authenticator,
+  AuthV2Api,
   Ed25519TokenBodyParser,
   TokenParser,
   TokenSigner,
-  AuthV2Api,
 } from '@dialectlabs/sdk';
 
 import { SolanaSignMessageV2TokenGenerator } from './solana-sign-message-v2-token-generator';
@@ -14,26 +14,25 @@ import { SolanaV2TokenValidator } from '../solana-v2-token-validator';
 export class SolanaSignMessageV2AuthenticationFacadeFactory extends AuthenticationFacadeFactory {
   constructor(
     private readonly tokenSigner: TokenSigner,
-    private readonly baseUrl: string,
+    private readonly api: AuthV2Api,
   ) {
     super();
   }
 
-  static createAuthenticator(): Authenticator {
+  static createAuthenticator(api: AuthV2Api): Authenticator {
     return new Authenticator(
       new TokenParser(new Ed25519TokenBodyParser()),
-      new SolanaV2TokenValidator(),
+      new SolanaV2TokenValidator(api),
     );
   }
 
   get(): AuthenticationFacade {
     return new AuthenticationFacade(
       this.tokenSigner,
-      new SolanaSignMessageV2TokenGenerator(
-        this.tokenSigner,
-        new AuthV2Api(this.baseUrl),
+      new SolanaSignMessageV2TokenGenerator(this.tokenSigner, this.api),
+      SolanaSignMessageV2AuthenticationFacadeFactory.createAuthenticator(
+        this.api,
       ),
-      SolanaSignMessageV2AuthenticationFacadeFactory.createAuthenticator(),
     );
   }
 }

packages/blockchain-sdk-solana/src/auth/v2/sign-message/solana-sign-message-v2-token-generator.ts

@@ -5,17 +5,19 @@ import {
   type Token,
   TokenGenerator,
   type TokenSigner,
+  withApiErrorParsing,
 } from '@dialectlabs/sdk';
 import bs58 from 'bs58';
+import { v2tokenValidationCache } from '../solana-v2-token-validator';
 
 export class SolanaSignMessageV2TokenGenerator extends TokenGenerator {
   constructor(signer: TokenSigner, private readonly api: AuthV2Api) {
     super(signer);
   }
 
   override async generate(): Promise<Token> {
-    const prepareResponse = await this.api.prepareSolanaAuth(
-      this.signer.subject,
+    const prepareResponse = await withApiErrorParsing(
+      this.api.prepareSolanaAuth(this.signer.subject),
     );
 
     const messageToSign = prepareResponse.message;
@@ -24,9 +26,8 @@ export class SolanaSignMessageV2TokenGenerator extends TokenGenerator {
       new TextEncoder().encode(messageToSign),
     );
 
-    const tokenResponse = await this.api.verifySolanaAuth(
-      messageToSign,
-      bs58.encode(signature),
+    const tokenResponse = await withApiErrorParsing(
+      this.api.verifySolanaAuth(messageToSign, bs58.encode(signature)),
     );
 
     const tokenStr = tokenResponse.token;
@@ -36,6 +37,11 @@ export class SolanaSignMessageV2TokenGenerator extends TokenGenerator {
       throw new Error('Invalid token format from backend');
     }
 
+    v2tokenValidationCache[tokenStr] = {
+      lastValidatedAt: new Date(),
+      isValid: true,
+    };
+
     return {
       rawValue: tokenStr,
       header: jsonParseFromBase64(base64Header),

packages/blockchain-sdk-solana/src/auth/v2/sign-tx/solana-sign-tx-v2-authentication-facade-factory.ts

@@ -14,26 +14,23 @@ import type { SolanaEd25519TokenSigner } from '../../ed25519/solana-ed25519-toke
 export class SolanaSignTxV2AuthenticationFacadeFactory extends AuthenticationFacadeFactory {
   constructor(
     private readonly tokenSigner: SolanaEd25519TokenSigner,
-    private readonly baseUrl: string,
+    private readonly api: AuthV2Api,
   ) {
     super();
   }
 
-  static createAuthenticator(): Authenticator {
+  static createAuthenticator(api: AuthV2Api): Authenticator {
     return new Authenticator(
       new TokenParser(new Ed25519TokenBodyParser()),
-      new SolanaV2TokenValidator(),
+      new SolanaV2TokenValidator(api),
     );
   }
 
   get(): AuthenticationFacade {
     return new AuthenticationFacade(
       this.tokenSigner,
-      new SolanaSignTxV2TokenGenerator(
-        this.tokenSigner,
-        new AuthV2Api(this.baseUrl),
-      ),
-      SolanaSignTxV2AuthenticationFacadeFactory.createAuthenticator(),
+      new SolanaSignTxV2TokenGenerator(this.tokenSigner, this.api),
+      SolanaSignTxV2AuthenticationFacadeFactory.createAuthenticator(this.api),
     );
   }
 }

packages/blockchain-sdk-solana/src/auth/v2/sign-tx/solana-sign-tx-v2-token-generator.ts

@@ -1,20 +1,22 @@
 import {
+  type AuthV2Api,
   bytesFromBase64,
   jsonParseFromBase64,
-  type AuthV2Api,
   type Token,
   TokenGenerator,
   type TokenSigner,
+  withApiErrorParsing,
 } from '@dialectlabs/sdk';
+import { v2tokenValidationCache } from '../solana-v2-token-validator';
 
 export class SolanaSignTxV2TokenGenerator extends TokenGenerator {
   constructor(signer: TokenSigner, private readonly api: AuthV2Api) {
     super(signer);
   }
 
   override async generate(): Promise<Token> {
-    const prepareResponse = await this.api.prepareSolanaTxAuth(
-      this.signer.subject,
+    const prepareResponse = await withApiErrorParsing(
+      this.api.prepareSolanaTxAuth(this.signer.subject),
     );
 
     const transactionBase64 = prepareResponse.transaction;
@@ -23,8 +25,8 @@ export class SolanaSignTxV2TokenGenerator extends TokenGenerator {
       Buffer.from(transactionBase64, 'base64'),
     );
 
-    const tokenResponse = await this.api.verifySolanaTxAuth(
-      Buffer.from(signature).toString('base64'),
+    const tokenResponse = await withApiErrorParsing(
+      this.api.verifySolanaTxAuth(Buffer.from(signature).toString('base64')),
     );
 
     const tokenStr = tokenResponse.token;
@@ -34,6 +36,11 @@ export class SolanaSignTxV2TokenGenerator extends TokenGenerator {
       throw new Error('Invalid token format from backend');
     }
 
+    v2tokenValidationCache[tokenStr] = {
+      lastValidatedAt: new Date(),
+      isValid: true,
+    };
+
     return {
       rawValue: tokenStr,
       header: jsonParseFromBase64(base64Header),

packages/blockchain-sdk-solana/src/auth/v2/solana-v2-token-validator.ts

@@ -1,16 +1,82 @@
-import type { TokenHeader } from '@dialectlabs/sdk';
-import { TokenValidator } from '@dialectlabs/sdk';
+import type { AuthV2Api, Token, TokenHeader } from '@dialectlabs/sdk';
+import {
+  AuthenticationError,
+  TokenValidator,
+  withApiErrorParsing,
+} from '@dialectlabs/sdk';
+
+export const v2tokenValidationCache: Record<
+  string,
+  {
+    lastValidatedAt: Date;
+    isValid: boolean;
+  }
+> = {};
+
+const VALIDATION_CACHE_TTL = 1000 * 60; // 1 minute
+
+const validationPromises: Record<string, Promise<void>> = {};
 
 export class SolanaV2TokenValidator extends TokenValidator {
-  constructor() {
+  constructor(private readonly api: AuthV2Api) {
     super();
   }
 
   override canValidate(tokenHeader: TokenHeader): boolean {
     return tokenHeader.typ === 'JWT' && tokenHeader.alg === 'HS256';
   }
 
-  override isSignatureValid(): boolean {
-    return true;
+  override isSignatureValid(token: Token): boolean {
+    const cachedValidation = v2tokenValidationCache[token.rawValue];
+    const shouldRevalidate =
+      !cachedValidation ||
+      !cachedValidation.isValid ||
+      cachedValidation.lastValidatedAt.getTime() + VALIDATION_CACHE_TTL <
+        Date.now();
+
+    if (shouldRevalidate) {
+      this.validateAndCache(token).catch(console.error);
+    }
+
+    if (!cachedValidation) {
+      return true;
+    }
+    if (!cachedValidation.isValid) {
+      return false;
+    }
+    return cachedValidation.isValid;
+  }
+
+  private async validateAndCache(token: Token) {
+    if (validationPromises[token.rawValue]) {
+      return validationPromises[token.rawValue];
+    }
+
+    const now = new Date();
+
+    validationPromises[token.rawValue] = new Promise(async (resolve) => {
+      try {
+        await withApiErrorParsing(this.api.getAuth(token.rawValue));
+        v2tokenValidationCache[token.rawValue] = {
+          lastValidatedAt: now,
+          isValid: true,
+        };
+        resolve();
+      } catch (e) {
+        if (e instanceof AuthenticationError) {
+          v2tokenValidationCache[token.rawValue] = {
+            lastValidatedAt: now,
+            isValid: false,
+          };
+        } else {
+          console.error(`Failed to validate token: ${JSON.stringify(e)}`);
+        }
+        resolve();
+      } finally {
+        delete validationPromises[token.rawValue];
+      }
+    });
+
+    return validationPromises[token.rawValue];
   }
 }

packages/blockchain-sdk-solana/src/sdk/sdk.ts

@@ -1,11 +1,13 @@
 import { DialectSolanaWalletAdapterWrapper } from '../wallet-adapter/dialect-solana-wallet-adapter-wrapper';
-import type {
+import {
+  AuthV2Api,
   BlockchainSdk,
   BlockchainSdkFactory,
   Config,
+  EncryptionKeysProvider,
   Environment,
+  IllegalArgumentError,
 } from '@dialectlabs/sdk';
-import { EncryptionKeysProvider, IllegalArgumentError } from '@dialectlabs/sdk';
 import type { DialectSolanaWalletAdapter } from '../wallet-adapter/dialect-solana-wallet-adapter.interface';
 import { DialectSolanaWalletAdapterEncryptionKeysProvider } from '../encryption/encryption-keys-provider';
 import { SolanaEd25519AuthenticationFacadeFactory } from '../auth/ed25519/solana-ed25519-authentication-facade-factory';
@@ -100,21 +102,27 @@ Solana settings:
         );
       }
     }
-    if (config.dialectCloud.apiVersion === 2) {
+    if (
+      config.dialectCloud.apiVersion === 2 ||
+      config.dialectCloud.apiVersion === '2_compat'
+    ) {
+      const v2AuthApi = new AuthV2Api(config.dialectCloud.v2Url);
       if (solanaConfig.wallet.canSignMessage()) {
         return new SolanaSignMessageV2AuthenticationFacadeFactory(
           new DialectWalletAdapterSolanaEd25519TokenSigner(solanaConfig.wallet),
-          config.dialectCloud.v2Url,
+          v2AuthApi,
         );
       }
       if (solanaConfig.wallet.canSignTransaction()) {
         return new SolanaSignTxV2AuthenticationFacadeFactory(
           new DialectWalletAdapterSolanaTxSigner(solanaConfig.wallet),
-          config.dialectCloud.v2Url,
+          v2AuthApi,
         );
       }
     }
-    throw new IllegalArgumentError('Unsupported authentication');
+    throw new IllegalArgumentError(
+      `Unable to create authentication facade, ${config.dialectCloud.apiVersion} is not supported`,
+    );
   }
 
   private initializeSolanaConfig(): SolanaConfig {

packages/sdk/src/dialect-cloud-api/data-service-errors.ts

@@ -52,3 +52,5 @@ export async function withErrorParsing<T>(
 function createMessage(e: ApiError) {
   return `${e.message ?? JSON.stringify(e.error)}`;
 }
+
+export const withApiErrorParsing = withErrorParsing;

packages/sdk/src/dialect-cloud-api/v2/auth-api.ts

@@ -1,9 +1,4 @@
-import {
-  ApiError,
-  createHeaders,
-  NetworkError,
-  XRequestIdHeader,
-} from '../utils';
+import { ApiError, createHeaders, XRequestIdHeader } from '../utils';
 
 export interface AuthResponse {
   walletAddress: string;
@@ -69,8 +64,12 @@ export class AuthV2Api {
     );
   }
 
-  async getAuth(): Promise<AuthResponse> {
-    return this.fetch<AuthResponse>('/v2/auth');
+  async getAuth(token: string): Promise<AuthResponse> {
+    return this.fetch<AuthResponse>('/v2/auth', {
+      headers: {
+        Authorization: `Bearer ${token}`,
+      },
+    });
   }
 
   async prepareSolanaAuth(walletAddress: string): Promise<AuthPrepareResponse> {

packages/sdk/src/index.ts

@@ -34,3 +34,4 @@ export * from './dialect-cloud-api/v2/auth-api';
 export * from './version';
 export * from './dialect-cloud-api/smart-message-spec.dto';
 export * from './dialect-cloud-api/smart-message.dto';
+export * from './dialect-cloud-api/data-service-errors';