Merge branch 'main' into nft-quest-setup

Author: cpb8010

.github/workflows/deploy-auth-server.yml

@@ -59,7 +59,8 @@ jobs:
 
       - name: Build apps
         env:
-          NUXT_PUBLIC_DEFAULT_CHAIN_ID: 11155111
+          NUXT_PUBLIC_DEFAULT_CHAIN_ID: 8022833
+          NUXT_PUBLIC_AUTH_SERVER_API_URL: https://auth-server-api.stage-sso.zksync.dev
           NUXT_PUBLIC_SALT_SERVICE_URL: "https://sso-oidc.zksync.dev/salt"
         run: pnpm nx build auth-server
 

.github/workflows/deploy-preview.yml

@@ -61,7 +61,8 @@ jobs:
 
       - name: Build Auth Server
         env:
-          NUXT_PUBLIC_DEFAULT_CHAIN_ID: 300
+          NUXT_PUBLIC_DEFAULT_CHAIN_ID: 8022833
+          NUXT_PUBLIC_AUTH_SERVER_API_URL: https://auth-server-api.stage-sso.zksync.dev
           NUXT_PUBLIC_SALT_SERVICE_URL: "https://sso-oidc.zksync.dev/salt"
         run: pnpm nx build auth-server
 

packages/auth-server-api/.env.example

@@ -9,7 +9,6 @@ CORS_ORIGINS=http://localhost:3003,http://localhost:3002,http://localhost:3000
 DEPLOYER_PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
 
 # Blockchain Configuration
-CHAIN_ID=1337
 RPC_URL=http://127.0.0.1:8545
 BUNDLER_URL=http://127.0.0.1:4337
 

packages/auth-server-api/Dockerfile

@@ -59,24 +59,52 @@ WORKDIR /usr/src/app/packages/erc4337-contracts
 RUN forge soldeer install
 RUN forge build
 
-# Build ERC-4337 related packages
+# Build ERC-4337 related packages (following CI build order)
 WORKDIR /usr/src/app
 
-# Build auth-server-api
-RUN pnpm nx build auth-server-api
+# Build in correct dependency order: web-sdk -> sdk-4337 -> auth-server-api
+RUN pnpm nx build web-sdk
+RUN pnpm nx build sdk-4337 || (echo "===SDK-4337 Build Failed, trying direct build===" && cd packages/sdk-4337 && pnpm build)
+RUN pnpm nx build auth-server-api || (echo "===Auth-Server-API Build Failed, trying direct build===" && cd packages/auth-server-api && pnpm build)
 
 # Deploy only production dependencies for auth-server-api
 RUN pnpm deploy --filter=auth-server-api --prod /prod/auth-server-api
 
 # Stage 3: Production runtime
-# Using distroless for minimal attack surface
-FROM gcr.io/distroless/nodejs22-debian12:nonroot AS production
+FROM node:22-slim AS production
+
+# Install curl for healthcheck
+RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
 
 # Copy the deployed auth-server-api with its dependencies
-COPY --from=builder --chown=nonroot:nonroot /prod/auth-server-api /prod/auth-server-api
+COPY --from=builder /prod/auth-server-api /prod/auth-server-api
 
 # Copy the built dist folder
-COPY --from=builder --chown=nonroot:nonroot /usr/src/app/packages/auth-server-api/dist /prod/auth-server-api/dist
+COPY --from=builder /usr/src/app/packages/auth-server-api/dist /prod/auth-server-api/dist
+
+# Copy sdk-4337 built files to node_modules
+COPY --from=builder /usr/src/app/packages/sdk-4337/dist /prod/auth-server-api/node_modules/zksync-sso-4337/dist
+
+# Copy web-sdk built files and WASM packages to .pnpm directory structure
+RUN mkdir -p $(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-web-sdk" 2>/dev/null | head -1)
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/pkg-bundler /tmp/pkg-bundler
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/pkg-node /tmp/pkg-node
+COPY --from=builder /usr/src/app/packages/sdk-platforms/web/dist /tmp/web-dist
+RUN PNPM_WEB_SDK=$(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-web-sdk" 2>/dev/null | head -1) && \
+    if [ -n "$PNPM_WEB_SDK" ]; then \
+      cp -r /tmp/pkg-bundler "$PNPM_WEB_SDK/" && \
+      cp -r /tmp/pkg-node "$PNPM_WEB_SDK/" && \
+      cp -r /tmp/web-dist "$PNPM_WEB_SDK/dist"; \
+    fi && \
+    rm -rf /tmp/pkg-bundler /tmp/pkg-node /tmp/web-dist
+
+# Copy sdk-4337 built files to .pnpm directory structure
+COPY --from=builder /usr/src/app/packages/sdk-4337/dist /tmp/sdk-4337-dist
+RUN PNPM_SDK_4337=$(find /prod/auth-server-api/node_modules/.pnpm -type d -name "zksync-sso-4337" 2>/dev/null | head -1) && \
+    if [ -n "$PNPM_SDK_4337" ]; then \
+      cp -r /tmp/sdk-4337-dist "$PNPM_SDK_4337/dist"; \
+    fi && \
+    rm -rf /tmp/sdk-4337-dist
 
 WORKDIR /prod/auth-server-api
 
@@ -86,7 +114,7 @@ ENV NODE_ENV=production
 
 # Healthcheck
 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
-  CMD ["node", "-e", "require('http').get('http://localhost:3004/api/health', (r) => process.exit(r.statusCode === 200 ? 0 : 1))"]
+  CMD ["curl", "-f", "http://localhost:3004/api/health"]
 
 # Expose port
 EXPOSE 3004

packages/auth-server-api/package.json

@@ -8,6 +8,8 @@
     "start": "node --experimental-wasm-modules dist/index.js"
   },
   "dependencies": {
+    "@simplewebauthn/browser": "13.x",
+    "@simplewebauthn/server": "13.x",
     "@t3-oss/env-core": "^0.12.0",
     "cors": "^2.8.5",
     "dotenv": "^16.4.7",

packages/auth-server-api/src/config.ts

@@ -2,6 +2,8 @@ import dotenv from "dotenv";
 import { readFileSync } from "fs";
 import { dirname, join } from "path";
 import { fileURLToPath } from "url";
+import { type Chain, defineChain } from "viem";
+import { localhost } from "viem/chains";
 import { z } from "zod";
 
 // Load environment variables
@@ -31,7 +33,6 @@ const envSchema = z.object({
   PORT: z.string().default("3004"),
   CORS_ORIGINS: z.string().default("http://localhost:3003,http://localhost:3002,http://localhost:3000"),
   DEPLOYER_PRIVATE_KEY: z.string().default("0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80"),
-  CHAIN_ID: z.string().default("1337"),
   RPC_URL: z.string().default("http://127.0.0.1:8545"),
   BUNDLER_URL: z.string().default("http://127.0.0.1:4337"),
   FACTORY_ADDRESS: z.string().optional(),
@@ -67,4 +68,35 @@ if (!FACTORY_ADDRESS || !EOA_VALIDATOR_ADDRESS || !WEBAUTHN_VALIDATOR_ADDRESS ||
   process.exit(1);
 }
 
-export { env, EOA_VALIDATOR_ADDRESS, FACTORY_ADDRESS, SESSION_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS };
+// Supported chains configuration
+const zksyncOsTestnet = defineChain({
+  id: 8022833,
+  name: "ZKsyncOS Testnet",
+  nativeCurrency: {
+    name: "Ether",
+    symbol: "ETH",
+    decimals: 18,
+  },
+  rpcUrls: {
+    default: {
+      http: ["https://zksync-os-testnet-alpha.zksync.dev"],
+    },
+  },
+  blockExplorers: {
+    default: {
+      name: "ZKsyncOS Testnet Explorer",
+      url: "https://zksync-os-testnet-alpha.staging-scan-v2.zksync.dev",
+    },
+  },
+});
+const SUPPORTED_CHAINS: Chain[] = [localhost, zksyncOsTestnet];
+
+function getChain(chainId: number): Chain {
+  const chain = SUPPORTED_CHAINS.find((c) => c.id === chainId);
+  if (!chain) {
+    throw new Error(`Unsupported chainId: ${chainId}. Supported: ${SUPPORTED_CHAINS.map((c) => c.id).join(", ")}`);
+  }
+  return chain;
+}
+
+export { env, EOA_VALIDATOR_ADDRESS, FACTORY_ADDRESS, getChain, SESSION_VALIDATOR_ADDRESS, SUPPORTED_CHAINS, WEBAUTHN_VALIDATOR_ADDRESS };

packages/auth-server-api/src/handlers/deploy-account.ts

@@ -2,19 +2,16 @@ import type { Request, Response } from "express";
 import { type Address, createPublicClient, createWalletClient, type Hex, http } from "viem";
 import { privateKeyToAccount } from "viem/accounts";
 import { waitForTransactionReceipt } from "viem/actions";
-import { localhost } from "viem/chains";
-import { getAccountAddressFromLogs, prepareDeploySmartAccount, type SessionSpecJSON } from "zksync-sso-4337/client";
-import { parseSessionConfigJSON } from "zksync-sso-4337/client-auth-server";
+import { getAccountAddressFromLogs, prepareDeploySmartAccount } from "zksync-sso-4337/client";
 
-import { env, EOA_VALIDATOR_ADDRESS, FACTORY_ADDRESS, SESSION_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS } from "../config.js";
+import { env, EOA_VALIDATOR_ADDRESS, FACTORY_ADDRESS, getChain, SESSION_VALIDATOR_ADDRESS, WEBAUTHN_VALIDATOR_ADDRESS } from "../config.js";
 import { deployAccountSchema } from "../schemas.js";
 
 type DeployAccountRequest = {
   chainId: number;
   credentialId: Hex;
   credentialPublicKey: { x: Hex; y: Hex };
   originDomain: string;
-  session?: SessionSpecJSON;
   userId?: string;
   eoaSigners?: Address[];
 };
@@ -33,21 +30,19 @@ export const deployAccountHandler = async (req: Request, res: Response): Promise
 
     const body = req.body as DeployAccountRequest;
 
-    // Convert session from JSON (with string bigints) to SessionSpec (with actual bigints)
-    // eslint-disable-next-line @typescript-eslint/no-unused-vars
-    const initialSession = body.session ? parseSessionConfigJSON(body.session) : undefined;
-    // TODO: Use initialSession during deployment
+    // Get chain from request
+    const chain = getChain(body.chainId);
 
     // Create clients
     const publicClient = createPublicClient({
-      chain: localhost,
+      chain,
       transport: http(env.RPC_URL),
     });
 
     const deployerAccount = privateKeyToAccount(env.DEPLOYER_PRIVATE_KEY as Hex);
     const walletClient = createWalletClient({
       account: deployerAccount,
-      chain: localhost,
+      chain,
       transport: http(env.RPC_URL),
     });
 

packages/auth-server/app.vue

@@ -5,21 +5,21 @@
 </template>
 
 <script lang="ts" setup>
-import { createAppKit } from "@reown/appkit/vue";
+/* import { createAppKit } from "@reown/appkit/vue";
 
 const { defaultChain } = useClientStore();
 const { metadata, projectId, wagmiAdapter } = useAppKit();
 
-// BigInt polyfill
-// eslint-disable-next-line @typescript-eslint/no-explicit-any
-(BigInt.prototype as any).toJSON = function () {
-  return this.toString();
-};
-
 createAppKit({
   adapters: [wagmiAdapter],
   networks: [defaultChain],
   projectId,
   metadata,
-});
+}); */
+
+// BigInt polyfill
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+(BigInt.prototype as any).toJSON = function () {
+  return this.toString();
+};
 </script>

packages/auth-server/components/account-recovery.disabled/guardian-flow/Step4ConfirmNow.vue

@@ -63,12 +63,12 @@
       Confirm Guardian
     </ZkButton>
 
-    <CommonConnectButton
+    <!-- <CommonConnectButton
       v-if="!isSsoAccount"
       type="primary"
       class="w-full md:max-w-48 mt-4"
       :disabled="confirmGuardianInProgress || getConfigurableAccountInProgress"
-    />
+    /> -->
 
     <ZkButton
       type="secondary"

packages/auth-server/components/account-recovery.disabled/passkey-generation-flow/Step3ConfirmNow.vue

@@ -56,12 +56,12 @@
       >
         Confirm Recovery
       </ZkButton>
-      <CommonConnectButton
+      <!-- <CommonConnectButton
         v-if="!selectedGuardianInfo?.isSsoAccount"
         type="primary"
         class="w-full mt-4"
         :disabled="initRecoveryInProgress || getConfigurableAccountInProgress"
-      />
+      /> -->
     </template>
 
     <ZkButton