@usemirrorworld/approval.middleware
v1.4.1
Published
Medusa SDK Core
Downloads
1
Readme
Approval Middleware
This middleware is used to authorize actions executed by users. This prevents external entities from performing actions on behalf of users. The way it works is that the user approves an action, which creates a token that is valid for 60 seconds on the Mirror World SSO.
This token should then be used to authenticate the user's action on the target service.
Installation
yarn add @mirrorworld/approval.middleware
Usage
import myRedisClient from '../path/to/redis';
import { ActionApprovalClient } from '@mirrorworld/approval.middleware';
const secret = process.env.MY_JWT_SECRET;
const algorithm = process.env.MY_JWT_ALGORITHM;
// 1. Create Action approval client
const approvalClient = new ActionApprovalClient({
redisClient: myRedisClient,
jwt: {
secret: secret,
algorithm: algorithm,
},
});
// 2. Create middleware instance
const approvalMiddleware = approvalClient.createValidateActionMiddleware(
'x-authorization-token'
);
// 3. Add middleware to request
router.post('/v1/transfer', approvalMiddleware, async (req, res, next) => {
// Execute authorized action transfer
});
Supported Actions
export type ActionType =
| 'mint_nft'
| 'update_nft'
| 'transfer_sol'
| 'transfer_spl_token'
| 'create_collection'
| 'create_sub_collection'
| 'list_nft'
| 'buy_nft'
| 'cancel_listing'
| 'update_listing'
| 'transfer_nft'
| 'interaction'
| 'create_marketplace'
| 'update_marketplace'
| 'transfer_bnb'
| 'transfer_matic'
| 'transfer_eth'
| 'transfer_erc20_token'
| 'sign_transaction'
| 'personal_sign'
| 'sign_typed_data'
| 'sign_typed_data_with_version';