Express.js middleware
Express.js middleware for agent authorization (wallet or JWS/JWT)
import express from 'express';
import { IsDelegateAttestationVerifier } from '@zipwire/proofpack-ethereum';
import { AttestedMerkleExchangeReader } from '@zipwire/proofpack';
const app = express();
// Verifier: use full config (delegationSchemaUid, acceptedRoots, etc.) — see Path 1 and ProofPack repo
const verifier = new IsDelegateAttestationVerifier({ chains: ['base-sepolia', 'base'] }, config);
const reader = new AttestedMerkleExchangeReader();
// Middleware: Verify agent authorization
app.use(async (req, res, next) => {
const agentWallet = req.headers['x-agent-wallet'];
const authHeader = req.headers['authorization'];
if (!agentWallet && !authHeader) {
return res.status(400).json({ error: 'Agent wallet or JWS/JWT required' });
}
try {
if (authHeader?.startsWith('Bearer ')) {
// Full proof path
const token = authHeader.slice(7);
const result = await reader.readAsync(token, verificationContext);
if (!result.isValid) {
return res.status(403).json({ error: 'Invalid authorization proof' });
}
req.agent = {
wallet: result.agentWallet,
claims: result.document.merkleTree.leaves,
verified: true
};
} else if (agentWallet) {
// Wallet-only check (returns AttestationResult with .isValid)
const result = await verifier.verifyByWallet(agentWallet);
if (!result.isValid) {
return res.status(403).json({ error: 'Agent not authorized by human' });
}
req.agent = {
wallet: agentWallet,
verified: true
};
}
next();
} catch (err) {
res.status(500).json({ error: 'Verification failed', details: err.message });
}
});
// Your API endpoints now have req.agent with verified authorization
app.post('/api/time-tracking/log', (req, res) => {
console.log(`Agent ${req.agent.wallet} logging time`);
// Process request
});
app.get('/api/payments/status', (req, res) => {
if (!req.agent.claims?.verifiedHuman) {
return res.status(403).json({ error: 'Payment queries require human verification' });
}
// Return payment status
});Last updated