Skip to content

Added TonCenter API key support #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
SergeyG-Solicy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Added TonCenter API key support #81

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions src/multichain/core/ton.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,25 @@ export class TON extends DefaultChain {
this.name = "ton"
}

private _apiKey?: string

override setRpc(rpc_url: string): void {
this.rpc_url = rpc_url

this.provider = new TonClient({
endpoint: this.rpc_url,
...(this._apiKey && { apiKey: this._apiKey }),
})
Comment on lines 34 to 37
Copy link
Copy Markdown
Contributor

@qodo-code-review qodo-code-review bot Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Bad apikey spread operand 🐞 Bug ✓ Correctness

TON.setRpc conditionally spreads this._apiKey && { apiKey: this._apiKey }, but if setApiKey("")
is used (allowed by the current signature), the && expression evaluates to a string and is spread
into the options object, producing an invalid configuration and omitting apiKey. This makes
API-key configuration fail in a hard-to-debug way when the key is empty/missing (e.g., env var
defaulting to "").
Agent Prompt 
### Issue description
`TON.setRpc()` uses `...(this._apiKey && { apiKey: this._apiKey })` inside an object literal. Because `setApiKey()` accepts any string (including `""`), the `&&` expression can evaluate to a non-object value and be spread into the TonClient options.

### Issue Context
- `setApiKey(apiKey: string)` stores the raw string.
- `setRpc()` reconstructs `TonClient` with an object spread based on `_apiKey`.

### Fix Focus Areas
- src/multichain/core/ton.ts[31-46]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

}

setApiKey(apiKey: string): void {
this._apiKey = apiKey
// Recreate provider with the API key
if (this.rpc_url) {
this.setRpc(this.rpc_url)
}
}
Comment on lines +40 to +46
Copy link
Copy Markdown
Contributor

@qodo-code-review qodo-code-review bot Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. Setapikey doesn’t reconnect 🐞 Bug ⛯ Reliability

TON.setApiKey rebuilds the TonClient provider but never re-runs connect() or resets connected, so
the instance can report an outdated connection state after changing auth configuration. This is
especially problematic with DefaultChain.create() which immediately calls connect() after setRpc(),
giving no opportunity to set the API key before the initial connection attempt.
Agent Prompt 
### Issue description
`TON.setApiKey()` recreates the provider but does not reconnect or reset `connected`, leaving stale connection state after auth config changes. This also conflicts with `DefaultChain.create()` which immediately calls `connect()` after `setRpc()`.

### Issue Context
- `DefaultChain.create()` eagerly connects when `rpc_url` is passed.
- `TON.setApiKey()` currently only calls `setRpc()`.

### Fix Focus Areas
- src/multichain/core/ton.ts[40-57]
- src/multichain/core/types/defaultChain.ts[43-54]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Comment on lines +40 to +46
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Add JSDoc for the new public setApiKey method.

The method introduced at Line 40 is public API and should include JSDoc in this repository.

Proposed fix 
+    /**
+     * Set TonCenter API key and recreate the RPC provider when an endpoint is already configured.
+     * `@param` apiKey TonCenter API key.
+     */
     setApiKey(apiKey: string): void {

As per coding guidelines, "Use JSDoc format for all new methods and functions".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
setApiKey(apiKey: string): void {
this._apiKey = apiKey
// Recreate provider with the API key
if (this.rpc_url) {
this.setRpc(this.rpc_url)
}
}
/**
* Set TonCenter API key and recreate the RPC provider when an endpoint is already configured.
* `@param` apiKey TonCenter API key.
*/
setApiKey(apiKey: string): void {
this._apiKey = apiKey
// Recreate provider with the API key
if (this.rpc_url) {
this.setRpc(this.rpc_url)
}
}
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/multichain/core/ton.ts` around lines 40 - 46, Add a JSDoc block for the
new public method setApiKey describing its purpose, parameters, and side
effects: document that setApiKey(apiKey: string): void sets the internal
_apiKey, and that if rpc_url is present it will recreate the provider by calling
setRpc(this.rpc_url); include `@param` {string} apiKey and `@returns` {void} (or
omit returns if style prefers), and mention any thrown errors or behaviors if
applicable; attach the JSDoc immediately above the setApiKey method.

⚠️ Potential issue | 🟠 Major

setApiKey should invalidate stale connection state and reject empty keys.

On Line 40-45, recreating the provider can leave this.connected stale (true from old client). Also, empty/whitespace API keys are silently accepted and degrade into unauthenticated calls.

Proposed fix 
-    setApiKey(apiKey: string): void {
-        this._apiKey = apiKey
-        // Recreate provider with the API key
-        if (this.rpc_url) {
-            this.setRpc(this.rpc_url)
-        }
-    }
+    setApiKey(apiKey: string): void {
+        const normalizedApiKey = apiKey.trim()
+        if (!normalizedApiKey) {
+            throw new Error("TON API key must be a non-empty string")
+        }
+
+        this._apiKey = normalizedApiKey
+
+        if (this.rpc_url) {
+            this.setRpc(this.rpc_url)
+            this.connected = false
+        }
+    }

As per coding guidelines, "Provide clear, actionable error messages".

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@src/multichain/core/ton.ts` around lines 40 - 46, In setApiKey, validate the
incoming apiKey (reject null/empty/whitespace by throwing a descriptive error)
and then update this._apiKey; before calling setRpc(this.rpc_url) ensure you
invalidate any existing connection state (set this.connected = false and clear
any cached client/socket state) so the old connected flag can't remain true
after recreating the provider; call setRpc only if rpc_url is present to
recreate provider with the new key.


async connect() {
try {
const info = await this.provider.getMasterchainInfo()
Expand Down
Loading