mpp-rb 0.1.1 → 0.1.3

data/lib/mpp/methods/stripe/stripe_method.rb

@@ -14,12 +14,19 @@ module Mpp
 
         def initialize(secret_key:, network_id:, payment_methods: nil,
           metadata: nil, currency: Defaults::DEFAULT_CURRENCY,
-          decimals: Defaults::DEFAULT_DECIMALS)
+          decimals: Defaults::DEFAULT_DECIMALS, external_id: nil)
+          unless payment_methods.is_a?(Array) &&
+              payment_methods.any? &&
+              payment_methods.all? { |type| type.is_a?(String) && !type.strip.empty? }
+            raise ArgumentError, "payment_methods must be a non-empty array of Stripe payment method type strings"
+          end
+
           @name = "stripe"
           @secret_key = secret_key
           @network_id = network_id
           @payment_methods = payment_methods
           @metadata = metadata
+          @external_id = external_id
           @currency = currency
           @recipient = network_id
           @decimals = decimals
@@ -32,10 +39,12 @@ module Mpp
           method_details = {} unless method_details.is_a?(Hash)
 
           method_details["networkId"] = @network_id
-          method_details["paymentMethods"] = @payment_methods if @payment_methods
+          method_details["paymentMethodTypes"] = @payment_methods
           method_details["metadata"] = @metadata if @metadata
 
-          request.merge("methodDetails" => method_details)
+          transformed = request.merge("methodDetails" => method_details)
+          transformed["externalId"] = @external_id if !@external_id.nil? && !transformed.key?("externalId")
+          transformed
         end
       end
 
@@ -43,6 +52,7 @@ module Mpp
       def self.stripe(secret_key:, network_id:, payment_methods: nil,
         metadata: nil, currency: Defaults::DEFAULT_CURRENCY,
         decimals: Defaults::DEFAULT_DECIMALS,
+        external_id: nil,
         api_base: Defaults::STRIPE_API_BASE)
         charge_intent = ChargeIntent.new(secret_key: secret_key, api_base: api_base)
 
@@ -52,7 +62,8 @@ module Mpp
           payment_methods: payment_methods,
           metadata: metadata,
           currency: currency,
-          decimals: decimals
+          decimals: decimals,
+          external_id: external_id
         )
 
         method.intents = {"charge" => charge_intent}

data/lib/mpp/methods/tempo/attribution.rb

@@ -80,6 +80,19 @@ module Mpp
           memo_server == fingerprint(server_id)
         end
 
+        # Verify challenge-bound nonce in memo.
+        def verify_challenge_binding(memo, challenge_id)
+          return false unless challenge_id
+          return false unless mpp_memo?(memo)
+
+          begin
+            memo_nonce = [memo[52, 14]].pack("H*")
+          rescue ArgumentError
+            return false
+          end
+          memo_nonce == keccak256(challenge_id.encode(Encoding::UTF_8))[0, 7]
+        end
+
         # Decoded memo structure.
         DecodedMemo = Data.define(:version, :server_fingerprint, :client_fingerprint, :nonce)
 

data/lib/mpp/methods/tempo/client_method.rb

@@ -2,6 +2,7 @@
 # frozen_string_literal: true
 
 require_relative "defaults"
+require_relative "fee_payer_policy"
 require_relative "transaction"
 
 module Mpp
@@ -16,18 +17,20 @@ module Mpp
       # Tempo payment method implementation.
       # Handles client-side credential creation for Tempo payments.
       class TempoMethod
-        attr_reader :name, :account, :fee_payer, :root_account, :rpc_url,
-          :chain_id, :currency, :recipient, :decimals, :client_id,
+        attr_reader :name, :account, :fee_payer, :fee_payer_allowed_fee_tokens,
+          :root_account, :rpc_url, :chain_id, :currency, :recipient, :decimals, :client_id,
           :expected_recipients
         attr_accessor :intents
 
         def initialize(account: nil, fee_payer: nil, root_account: nil,
           rpc_url: Defaults::RPC_URL, chain_id: nil, currency: nil,
           recipient: nil, decimals: 6, client_id: nil,
-          expected_recipients: nil)
+          expected_recipients: nil, fee_payer_allowed_fee_tokens: nil)
           @name = "tempo"
           @account = account
           @fee_payer = fee_payer
+          @fee_payer_allowed_fee_tokens =
+            fee_payer_allowed_fee_tokens&.map { |token| token.to_s.downcase }
           @root_account = root_account
           @rpc_url = rpc_url
           @chain_id = chain_id
@@ -65,13 +68,21 @@ module Mpp
           memo = method_details["memo"]
           memo ||= Attribution.encode(server_id: challenge.realm, client_id: @client_id, challenge_id: challenge.id)
 
-          # Resolve RPC URL from challenge's chainId
+          # Resolve RPC URL from challenge's chainId. Normalize the configured pin
+          # once (it may be a String from ENV/config) so it compares equal to
+          # integer chain ids everywhere, including the downstream RPC check.
           resolved_rpc_url = @rpc_url
           expected_chain_id = nil
+          configured_chain_id = @chain_id.nil? ? nil : Integer(@chain_id)
           challenge_chain_id = method_details["chainId"]
           if challenge_chain_id
             begin
               parsed_chain_id = Integer(challenge_chain_id)
+              # Chain pinning: reject a challenge whose chainId conflicts with the
+              # configured chain, before any RPC call or signing.
+              if configured_chain_id && parsed_chain_id != configured_chain_id
+                raise TransactionError, "Chain ID mismatch: expected #{configured_chain_id}, got #{parsed_chain_id}"
+              end
               resolved = Defaults::CHAIN_RPC_URLS[parsed_chain_id]
               if resolved
                 resolved_rpc_url = resolved
@@ -82,7 +93,7 @@ module Mpp
             end
           end
 
-          expected_chain_id ||= @chain_id
+          expected_chain_id ||= configured_chain_id
 
           # Proof mode: sign EIP-712 typed data (no transaction needed)
           if mode == :proof
@@ -92,7 +103,8 @@ module Mpp
             signature = Proof.sign(
               account: @account,
               chain_id: chain_id,
-              challenge_id: challenge.id
+              challenge_id: challenge.id,
+              realm: challenge.realm
             )
 
             return Mpp::Credential.new(
@@ -172,6 +184,11 @@ module Mpp
             raise TransactionError,
               "Chain ID mismatch: RPC returned #{chain_id}, expected #{expected_chain_id} from challenge"
           end
+          if awaiting_fee_payer
+            policy = FeePayerPolicy.for_chain_id(chain_id)
+            max_fee_per_gas = [gas_price, policy.max_fee_per_gas].min
+            max_priority_fee_per_gas = [gas_price, policy.max_priority_fee_per_gas].min
+          end
 
           if awaiting_fee_payer
             resolved_nonce_key = EXPIRING_NONCE_KEY
@@ -195,6 +212,8 @@ module Mpp
             chain_id: chain_id,
             gas_limit: gas_limit,
             gas_price: gas_price,
+            max_priority_fee_per_gas: max_priority_fee_per_gas,
+            max_fee_per_gas: max_fee_per_gas,
             nonce: resolved_nonce,
             nonce_key: resolved_nonce_key,
             currency: currency,
@@ -230,7 +249,7 @@ module Mpp
       # Factory function to create a configured TempoMethod.
       def self.tempo(intents:, account: nil, fee_payer: nil, chain_id: nil, rpc_url: nil,
         root_account: nil, currency: nil, recipient: nil, decimals: 6, client_id: nil,
-        expected_recipients: nil)
+        expected_recipients: nil, fee_payer_allowed_fee_tokens: nil)
         rpc_url ||= chain_id ? Defaults.rpc_url_for_chain(chain_id) : Defaults::RPC_URL
         currency ||= Defaults.default_currency_for_chain(chain_id)
 
@@ -244,7 +263,8 @@ module Mpp
           recipient: recipient,
           decimals: decimals,
           client_id: client_id,
-          expected_recipients: expected_recipients
+          expected_recipients: expected_recipients,
+          fee_payer_allowed_fee_tokens: fee_payer_allowed_fee_tokens
         )
 
         intents.each_value do |intent|

data/lib/mpp/methods/tempo/fee_payer_envelope.rb

@@ -17,8 +17,8 @@ module Mpp
           Kernel.require "rlp"
 
           sender_sig = signed_tx.sender_signature
-          sig_bytes = sender_sig.respond_to?(:to_bytes) ? sender_sig.to_bytes : sender_sig.to_s.b
-          sender_addr = signed_tx.sender_address.to_s.b
+          sig_bytes = normalize_signature(sender_sig.respond_to?(:to_bytes) ? sender_sig.to_bytes : sender_sig.to_s.b)
+          sender_addr = pack_hex(signed_tx.sender_address)
 
           fields = [
             signed_tx.chain_id,
@@ -26,12 +26,12 @@ module Mpp
             signed_tx.max_fee_per_gas,
             signed_tx.gas_limit,
             signed_tx.calls.map(&:as_rlp_list),
-            signed_tx.access_list.map(&:as_rlp_list),
+            signed_tx.access_list.map { |entry| entry.respond_to?(:as_rlp_list) ? entry.as_rlp_list : entry },
             signed_tx.nonce_key,
             signed_tx.nonce,
             encode_optional_uint(signed_tx.valid_before),
             encode_optional_uint(signed_tx.valid_after),
-            signed_tx.fee_token ? signed_tx.fee_token.to_s.b : "".b,
+            signed_tx.fee_token ? pack_hex(signed_tx.fee_token) : "".b,
             sender_addr,
             signed_tx.tempo_authorization_list.to_a
           ]
@@ -39,7 +39,7 @@ module Mpp
           fields << RLP.decode(signed_tx.key_authorization) if signed_tx.key_authorization
           fields << sig_bytes
 
-          [TYPE_ID].pack("C") + RLP.include(fields)
+          [TYPE_ID].pack("C") + RLP.encode(fields)
         end
 
         # Decode a 0x78 fee payer envelope.
@@ -58,7 +58,7 @@ module Mpp
 
           # 15 fields = key_authorization present (index 13), signature at 14
           # 14 fields = no key_authorization, signature at 13
-          key_authorization = (RLP.include(decoded[13]) if decoded.length == 15)
+          key_authorization = (RLP.encode(decoded[13]) if decoded.length == 15)
 
           [decoded, sender_address.to_s.b, sender_signature.to_s.b, key_authorization]
         end
@@ -68,6 +68,21 @@ module Mpp
 
           value.is_a?(Integer) ? value : value.to_i
         end
+
+        def pack_hex(value)
+          [value.to_s.delete_prefix("0x")].pack("H*")
+        end
+
+        def normalize_signature(signature)
+          bytes = signature.b
+          Kernel.raise ArgumentError, "signature must be 65 bytes, got #{bytes.bytesize}" unless bytes.bytesize == 65
+
+          v = bytes.getbyte(64)
+          parity = (v >= 27) ? v - 27 : v
+          Kernel.raise ArgumentError, "signature parity must be 0 or 1, got #{v}" unless [0, 1].include?(parity)
+
+          bytes[0, 64] + [parity].pack("C")
+        end
       end
     end
   end

data/lib/mpp/methods/tempo/fee_payer_policy.rb

@@ -0,0 +1,45 @@
+# typed: false
+# frozen_string_literal: true
+
+module Mpp
+  module Methods
+    module Tempo
+      module FeePayerPolicy
+        Policy = Data.define(
+          :max_gas,
+          :max_fee_per_gas,
+          :max_priority_fee_per_gas,
+          :max_total_fee,
+          :max_validity_window_seconds
+        )
+
+        DEFAULT = Policy.new(
+          max_gas: 2_000_000,
+          max_fee_per_gas: 100_000_000_000,
+          max_priority_fee_per_gas: 10_000_000_000,
+          max_total_fee: 50_000_000_000_000_000,
+          max_validity_window_seconds: 15 * 60
+        )
+
+        TESTNET = Policy.new(
+          max_gas: DEFAULT.max_gas,
+          max_fee_per_gas: DEFAULT.max_fee_per_gas,
+          max_priority_fee_per_gas: 50_000_000_000,
+          max_total_fee: DEFAULT.max_total_fee,
+          max_validity_window_seconds: DEFAULT.max_validity_window_seconds
+        )
+
+        module_function
+
+        def for_chain_id(chain_id)
+          case chain_id
+          when Defaults::CHAIN_ID, Defaults::TESTNET_CHAIN_ID
+            TESTNET
+          else
+            DEFAULT
+          end
+        end
+      end
+    end
+  end
+end