Merge remote-tracking branch 'origin/main'

Author: peterpeterparker

.env.development.example

@@ -3,4 +3,5 @@ GITHUB_CLIENT_SECRET=your_github_oauth_client_secret
 GITHUB_AUTH_ISSUER=https://your_unique_authentication_issuer
 JWT_PRIVATE_KEY_PATH=./private-key.pem
 JWT_PUBLIC_KEY_PATH=./public-key.pem
-JWT_KEY_ID=your-api-key-1
+JWT_KEY_ID=your-api-key-1
+CORS_ORIGIN=

.env.production.example

@@ -2,4 +2,5 @@ GITHUB_CLIENT_ID=your_github_oauth_client_id
 GITHUB_CLIENT_SECRET=your_github_oauth_client_secret
 GITHUB_AUTH_ISSUER=https://your_unique_authentication_issuer
 COOKIE_DOMAIN=.yourdomain.com
-COOKIE_SAME_SITE=lax
+COOKIE_SAME_SITE=lax
+CORS_ORIGIN=

README.md

@@ -11,6 +11,8 @@ This API is designed to be deployed independently, giving you full control over
 - **GitHub:**
   - Proxy OAuth integration with JWT token generation
   - JWKS Endpoint: Public key discovery for the token verification by Juno's authentication module
+- **Exchange:**
+  - ICP/USD price feed proxied from a public market data source, no API key required
 
 ## Quick Start
 
@@ -33,9 +35,10 @@ GITHUB_AUTH_ISSUER=https://your-domain.com/auth/github
 > [!NOTE]
 > The issuer must be unique for the service. The authentication modules use it to distinguish the providers.
 
-3. (Optional) Configure cookie settings for cross-subdomain support in `.env.production`:
+3. (Optional) Configure CORS and cookie settings in `.env.production`:
 
 ```bash
+CORS_ORIGIN=https://yourapp.yourdomain.com
 COOKIE_DOMAIN=.yourdomain.com
 COOKIE_SAME_SITE=lax
 ```

bunfig.toml

@@ -1,2 +1,2 @@
 [test]
-preload = ["./test-setup.ts"]
+preload = ["./test-setup.ts"]

src/context.ts

@@ -1,8 +1,10 @@
 import type { Context, RouteSchema } from 'elysia';
+import type { ExchangeDecorator } from './decorators/exchange';
 import type { GitHubDecorator } from './decorators/github';
 import type { JwtDecorator } from './decorators/jwt';
 
 export type ApiContext<Route extends RouteSchema = RouteSchema> = Context<Route> & {
 	github: GitHubDecorator;
 	jwt: JwtDecorator;
+	exchange: ExchangeDecorator;
 };

src/decorators/exchange.ts

@@ -0,0 +1,58 @@
+import { z } from 'zod';
+import { FetchApiError } from '../errors';
+
+const BinanceTickerPriceSchema = z.strictObject({
+	symbol: z.string(),
+	price: z.string()
+});
+
+type BinanceTickerPrice = z.infer<typeof BinanceTickerPriceSchema>;
+
+const ExchangePriceSchema = z.strictObject({
+	...BinanceTickerPriceSchema.shape,
+	fetchedAt: z.iso.datetime()
+});
+
+type ExchangePrice = z.infer<typeof ExchangePriceSchema>;
+
+const CACHE_TTL = 60_000;
+
+export class ExchangeDecorator {
+	#priceCache = new Map<BinanceTickerPrice['symbol'], ExchangePrice>();
+
+	fetchPrice = async ({ symbol }: { symbol: string }): Promise<ExchangePrice> => {
+		const cached = this.#priceCache.get(symbol);
+
+		if (cached !== undefined && Date.now() < new Date(cached.fetchedAt).getTime() + CACHE_TTL) {
+			return cached;
+		}
+
+		const price = await this.#fetchBinanceTickerPrice({ symbol });
+
+		const tickerPrice = { ...price, fetchedAt: new Date().toISOString() };
+
+		this.#priceCache.set(symbol, tickerPrice);
+
+		return tickerPrice;
+	};
+
+	#fetchBinanceTickerPrice = async ({
+		symbol
+	}: {
+		symbol: string;
+	}): Promise<BinanceTickerPrice> => {
+		// Market data only URL do not require an API key or attribution.
+		// Reference: https://developers.binance.com/docs/binance-spot-api-docs/faqs/market_data_only
+		const response = await fetch(
+			`https://data-api.binance.vision/api/v3/ticker/price?symbol=${symbol}`
+		);
+
+		if (!response.ok) {
+			throw new FetchApiError(response.status, `Binance API error: ${response.status}`);
+		}
+
+		const data = await response.json();
+
+		return BinanceTickerPriceSchema.parse(data);
+	};
+}

src/handlers/exchange/price.ts

@@ -0,0 +1,26 @@
+import { t } from 'elysia';
+import type { ApiContext } from '../../context';
+import { assertNonNullish } from '../../utils/assert';
+
+export const ExchangePriceSchema = t.Object({
+	ledgerId: t.String()
+});
+
+type ExchangePrice = (typeof ExchangePriceSchema)['static'];
+
+export const LEDGER_TO_SYMBOL: Record<string, string> = {
+	'ryjl3-tyaaa-aaaaa-aaaba-cai': 'ICPUSDT'
+};
+
+export const exchangePrice = async ({
+	params,
+	exchange
+}: ApiContext<{ params: ExchangePrice }>) => {
+	const { ledgerId } = params;
+
+	const symbol = LEDGER_TO_SYMBOL[ledgerId];
+	assertNonNullish(symbol, 'Ledger ID not supported');
+
+	const price = await exchange.fetchPrice({ symbol });
+	return { price };
+};

src/server.ts

@@ -2,19 +2,23 @@ import { cors } from '@elysiajs/cors';
 import { openapi } from '@elysiajs/openapi';
 import { Elysia } from 'elysia';
 import packageJson from '../package.json';
+import { ExchangeDecorator } from './decorators/exchange';
 import { GitHubDecorator } from './decorators/github';
 import { JwtDecorator } from './decorators/jwt';
 import { FetchApiError, GitHubAuthUnauthorizedError, NullishError } from './errors';
 import {
-	GitHubAuthFinalizeSchema,
-	GitHubAuthInitSchema,
 	githubAuthFinalize,
-	githubAuthInit
+	GitHubAuthFinalizeSchema,
+	githubAuthInit,
+	GitHubAuthInitSchema
 } from './handlers/auth/github';
 import { authJwks } from './handlers/auth/jwks';
+import { exchangePrice, ExchangePriceSchema } from './handlers/exchange/price';
 
 const { version: appVersion, name: appName, description: appDescription } = packageJson;
 
+const corsOrigin = process.env.CORS_ORIGIN;
+
 export const app = new Elysia()
 	.error({
 		FetchApiError,
@@ -42,22 +46,31 @@ export const app = new Elysia()
 			}
 		})
 	)
-	.use(cors())
+	.use(
+		cors({
+			...(corsOrigin !== undefined && { origin: corsOrigin })
+		})
+	)
 	.decorate('github', new GitHubDecorator())
 	.decorate('jwt', new JwtDecorator())
+	.decorate('exchange', new ExchangeDecorator())
 	.group('/v1', (app) =>
-		app.group('/auth', (app) =>
-			app
-				.get('/certs', authJwks)
-				.group('/finalize', (app) =>
-					app.post('/github', githubAuthFinalize, {
-						body: GitHubAuthFinalizeSchema
-					})
-				)
-				.group('/init', (app) =>
-					app.get('/github', githubAuthInit, { query: GitHubAuthInitSchema })
-				)
-		)
+		app
+			.group('/auth', (app) =>
+				app
+					.get('/certs', authJwks)
+					.group('/finalize', (app) =>
+						app.post('/github', githubAuthFinalize, {
+							body: GitHubAuthFinalizeSchema
+						})
+					)
+					.group('/init', (app) =>
+						app.get('/github', githubAuthInit, { query: GitHubAuthInitSchema })
+					)
+			)
+			.group('/exchange', (app) =>
+				app.get('/price/:ledgerId', exchangePrice, { params: ExchangePriceSchema })
+			)
 	)
 	.listen(3000);
 

test/decorators/exchange.test.ts

@@ -0,0 +1,87 @@
+import { afterEach, beforeEach, describe, expect, it, mock, spyOn } from 'bun:test';
+import { ExchangeDecorator } from '../../src/decorators/exchange';
+import { FetchApiError } from '../../src/errors';
+
+describe('decorators > exchange', () => {
+	const mockTickerPrice = { symbol: 'ICPUSDT', price: '2.23800000' };
+
+	let exchange: ExchangeDecorator;
+
+	beforeEach(() => {
+		exchange = new ExchangeDecorator();
+	});
+
+	afterEach(() => {
+		mock.clearAllMocks();
+		mock.restore();
+	});
+
+	describe('fetchTickerPrice', () => {
+		it('should fetch and return ticker price', async () => {
+			spyOn(global, 'fetch').mockResolvedValueOnce(Response.json(mockTickerPrice));
+
+			const result = await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+
+			expect(result.symbol).toBe('ICPUSDT');
+			expect(result.price).toBe('2.23800000');
+			expect(result.fetchedAt).toBeString();
+			expect(new Date(result.fetchedAt).toISOString()).toBe(result.fetchedAt);
+		});
+
+		it('should call Binance API with correct URL', async () => {
+			spyOn(global, 'fetch').mockResolvedValueOnce(Response.json(mockTickerPrice));
+
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+
+			expect(global.fetch).toHaveBeenCalledWith(
+				'https://data-api.binance.vision/api/v3/ticker/price?symbol=ICPUSDT'
+			);
+		});
+
+		it('should return cached value within TTL', async () => {
+			const fetchSpy = spyOn(global, 'fetch').mockResolvedValueOnce(Response.json(mockTickerPrice));
+
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+
+			expect(fetchSpy).toHaveBeenCalledTimes(1);
+		});
+
+		it('should refetch after TTL expires', async () => {
+			const fetchSpy = spyOn(global, 'fetch')
+				.mockResolvedValueOnce(Response.json(mockTickerPrice))
+				.mockResolvedValueOnce(Response.json(mockTickerPrice));
+
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+
+			spyOn(Date, 'now').mockReturnValue(Date.now() + 61_000);
+
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+
+			expect(fetchSpy).toHaveBeenCalledTimes(2);
+		});
+
+		it('should cache different symbols independently', async () => {
+			const fetchSpy = spyOn(global, 'fetch')
+				.mockResolvedValueOnce(Response.json({ symbol: 'ICPUSDT', price: '2.23800000' }))
+				.mockResolvedValueOnce(Response.json({ symbol: 'BTCUSDT', price: '50000.00' }));
+
+			await exchange.fetchPrice({ symbol: 'ICPUSDT' });
+			await exchange.fetchPrice({ symbol: 'BTCUSDT' });
+
+			expect(fetchSpy).toHaveBeenCalledTimes(2);
+		});
+
+		it('should throw on Binance API error', async () => {
+			spyOn(global, 'fetch').mockResolvedValueOnce(new Response('{}', { status: 500 }));
+
+			expect(exchange.fetchPrice({ symbol: 'ICPUSDT' })).rejects.toThrow(FetchApiError);
+		});
+
+		it('should throw on invalid response schema', async () => {
+			spyOn(global, 'fetch').mockResolvedValueOnce(Response.json({ unexpected: 'data' }));
+
+			expect(exchange.fetchPrice({ symbol: 'ICPUSDT' })).rejects.toThrow();
+		});
+	});
+});

test/decorators/jwt.test.ts

@@ -1,4 +1,4 @@
-import { beforeAll, describe, expect, it } from 'bun:test';
+import { afterEach, beforeAll, describe, expect, it, mock } from 'bun:test';
 import { JwtDecorator } from '../../src/decorators/jwt';
 
 describe('decorators > jwt', () => {
@@ -8,6 +8,11 @@ describe('decorators > jwt', () => {
 		jwt = new JwtDecorator();
 	});
 
+	afterEach(() => {
+		mock.clearAllMocks();
+		mock.restore();
+	});
+
 	describe('signOpenIdJwt', () => {
 		it('should create valid OpenID JWT', async () => {
 			const token = await jwt.signOpenIdJwt({