chainstream_sdk/

wallet_auth.rs

//! Authentication middleware for ChainStream API.
//!
//! Supports three modes:
//! - API Key: `X-API-KEY` header (via `ApiKeyAuthMiddleware`)
//! - Wallet signature: `X-Wallet-*` headers for x402 (via `WalletAuthMiddleware`)
//! - Bearer token: `Authorization: Bearer` header (via `BearerAuthMiddleware` in tests)

use async_trait::async_trait;
use rand::Rng;
use std::time::{SystemTime, UNIX_EPOCH};

const SIGNATURE_PREFIX: &str = "chainstream";

/// Trait for wallet signers (EVM or Solana).
#[async_trait]
pub trait WalletSigner: Send + Sync {
    /// Returns "evm" or "solana".
    fn chain(&self) -> &str;
    /// Returns the wallet address (hex for EVM, Base58 for Solana).
    fn address(&self) -> &str;
    /// Sign a message and return the signature string.
    async fn sign_message(&self, message: &str) -> Result<String, Box<dyn std::error::Error + Send + Sync>>;
}

/// Build the message that must be signed for wallet auth.
pub fn build_sign_message(chain: &str, address: &str, timestamp: &str, nonce: &str) -> String {
    format!("{SIGNATURE_PREFIX}:{chain}:{address}:{timestamp}:{nonce}")
}

fn generate_nonce() -> String {
    let bytes: [u8; 16] = rand::thread_rng().gen();
    hex::encode(bytes)
}

/// Wallet auth headers for HTTP requests.
pub struct WalletAuthHeaders {
    pub address: String,
    pub chain: String,
    pub signature: String,
    pub timestamp: String,
    pub nonce: String,
}

/// Generate X-Wallet-* headers for a request.
pub async fn create_wallet_auth_headers(
    signer: &dyn WalletSigner,
) -> Result<WalletAuthHeaders, Box<dyn std::error::Error + Send + Sync>> {
    let timestamp = SystemTime::now()
        .duration_since(UNIX_EPOCH)?
        .as_secs()
        .to_string();
    let nonce = generate_nonce();
    let message = build_sign_message(signer.chain(), signer.address(), &timestamp, &nonce);
    let signature = signer.sign_message(&message).await?;

    Ok(WalletAuthHeaders {
        address: signer.address().to_string(),
        chain: signer.chain().to_string(),
        signature,
        timestamp,
        nonce,
    })
}

/// Middleware for reqwest that adds X-Wallet-* headers.
pub struct WalletAuthMiddleware {
    signer: Box<dyn WalletSigner>,
}

impl WalletAuthMiddleware {
    pub fn new(signer: Box<dyn WalletSigner>) -> Self {
        Self { signer }
    }
}

#[async_trait]
impl reqwest_middleware::Middleware for WalletAuthMiddleware {
    async fn handle(
        &self,
        mut req: reqwest::Request,
        extensions: &mut http::Extensions,
        next: reqwest_middleware::Next<'_>,
    ) -> reqwest_middleware::Result<reqwest::Response> {
        let headers = create_wallet_auth_headers(self.signer.as_ref())
            .await
            .map_err(|e| reqwest_middleware::Error::Middleware(anyhow::anyhow!("{e}")))?;

        let h = req.headers_mut();
        h.insert("X-Wallet-Address", headers.address.parse().unwrap());
        h.insert("X-Wallet-Chain", headers.chain.parse().unwrap());
        h.insert("X-Wallet-Signature", headers.signature.parse().unwrap());
        h.insert("X-Wallet-Timestamp", headers.timestamp.parse().unwrap());
        h.insert("X-Wallet-Nonce", headers.nonce.parse().unwrap());

        next.run(req, extensions).await
    }
}

/// Middleware for reqwest that adds X-API-KEY header.
pub struct ApiKeyAuthMiddleware {
    api_key: String,
}

impl ApiKeyAuthMiddleware {
    pub fn new(api_key: impl Into<String>) -> Self {
        Self {
            api_key: api_key.into(),
        }
    }
}

#[async_trait]
impl reqwest_middleware::Middleware for ApiKeyAuthMiddleware {
    async fn handle(
        &self,
        mut req: reqwest::Request,
        extensions: &mut http::Extensions,
        next: reqwest_middleware::Next<'_>,
    ) -> reqwest_middleware::Result<reqwest::Response> {
        req.headers_mut()
            .insert("X-API-KEY", self.api_key.parse().unwrap());
        next.run(req, extensions).await
    }
}