npm - @alleyboss/micropay-solana-x402-paywall - Versions diffs - 1.0.0 → 2.0.0 - Mend

@alleyboss/micropay-solana-x402-paywall 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/README.md +100 -167
package/dist/client/index.cjs +99 -0
package/dist/client/index.cjs.map +1 -0
package/dist/client/index.d.cts +112 -0
package/dist/client/index.d.ts +112 -0
package/dist/client/index.js +95 -0
package/dist/client/index.js.map +1 -0
package/dist/client-CSZHI8o8.d.ts +32 -0
package/dist/client-vRr48m2x.d.cts +32 -0
package/dist/index.cjs +803 -41
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +11 -3
package/dist/index.d.ts +11 -3
package/dist/index.js +783 -42
package/dist/index.js.map +1 -1
package/dist/memory-Daxkczti.d.cts +29 -0
package/dist/memory-Daxkczti.d.ts +29 -0
package/dist/middleware/index.cjs +261 -0
package/dist/middleware/index.cjs.map +1 -0
package/dist/middleware/index.d.cts +90 -0
package/dist/middleware/index.d.ts +90 -0
package/dist/middleware/index.js +255 -0
package/dist/middleware/index.js.map +1 -0
package/dist/nextjs-BK0pVb9Y.d.ts +78 -0
package/dist/nextjs-Bm272Jkj.d.cts +78 -0
package/dist/{client-kfCr7G-P.d.cts → payment-CTxdtqmc.d.cts} +23 -34
package/dist/{client-kfCr7G-P.d.ts → payment-CTxdtqmc.d.ts} +23 -34
package/dist/pricing/index.cjs +79 -0
package/dist/pricing/index.cjs.map +1 -0
package/dist/pricing/index.d.cts +67 -0
package/dist/pricing/index.d.ts +67 -0
package/dist/pricing/index.js +72 -0
package/dist/pricing/index.js.map +1 -0
package/dist/session/index.cjs +51 -11
package/dist/session/index.cjs.map +1 -1
package/dist/session/index.d.cts +29 -1
package/dist/session/index.d.ts +29 -1
package/dist/session/index.js +51 -11
package/dist/session/index.js.map +1 -1
package/dist/{index-DptevtnU.d.cts → session-D2IoWAWV.d.cts} +1 -24
package/dist/{index-DptevtnU.d.ts → session-D2IoWAWV.d.ts} +1 -24
package/dist/solana/index.cjs +235 -15
package/dist/solana/index.cjs.map +1 -1
package/dist/solana/index.d.cts +61 -3
package/dist/solana/index.d.ts +61 -3
package/dist/solana/index.js +232 -16
package/dist/solana/index.js.map +1 -1
package/dist/store/index.cjs +99 -0
package/dist/store/index.cjs.map +1 -0
package/dist/store/index.d.cts +38 -0
package/dist/store/index.d.ts +38 -0
package/dist/store/index.js +96 -0
package/dist/store/index.js.map +1 -0
package/dist/utils/index.cjs +68 -0
package/dist/utils/index.cjs.map +1 -0
package/dist/utils/index.d.cts +30 -0
package/dist/utils/index.d.ts +30 -0
package/dist/utils/index.js +65 -0
package/dist/utils/index.js.map +1 -0
package/dist/x402/index.cjs +119 -18
package/dist/x402/index.cjs.map +1 -1
package/dist/x402/index.d.cts +6 -1
package/dist/x402/index.d.ts +6 -1
package/dist/x402/index.js +119 -18
package/dist/x402/index.js.map +1 -1
package/package.json +56 -3

package/dist/session/index.js CHANGED Viewed

@@ -2,13 +2,38 @@ import { SignJWT, jwtVerify } from 'jose';
 import { v4 } from 'uuid';
 // src/session/core.ts
+var MAX_ARTICLES_PER_SESSION = 100;
+var MIN_SECRET_LENGTH = 32;
 function getSecretKey(secret) {
-  if (secret.length < 32) {
-    throw new Error("Session secret must be at least 32 characters");
+  if (!secret || typeof secret !== "string") {
+    throw new Error("Session secret is required");
+  }
+  if (secret.length < MIN_SECRET_LENGTH) {
+    throw new Error(`Session secret must be at least ${MIN_SECRET_LENGTH} characters`);
   }
   return new TextEncoder().encode(secret);
 }
+function validateWalletAddress(address) {
+  if (!address || typeof address !== "string") return false;
+  const base58Regex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+  return base58Regex.test(address);
+}
+function validateArticleId(articleId) {
+  if (!articleId || typeof articleId !== "string") return false;
+  if (articleId.length > 128) return false;
+  const safeIdRegex = /^[a-zA-Z0-9_-]+$/;
+  return safeIdRegex.test(articleId);
+}
 async function createSession(walletAddress, articleId, config, siteWide = false) {
+  if (!validateWalletAddress(walletAddress)) {
+    throw new Error("Invalid wallet address format");
+  }
+  if (!validateArticleId(articleId)) {
+    throw new Error("Invalid article ID format");
+  }
+  if (!config.durationHours || config.durationHours <= 0 || config.durationHours > 720) {
+    throw new Error("Session duration must be between 1 and 720 hours");
+  }
   const sessionId = v4();
   const now = Math.floor(Date.now() / 1e3);
   const expiresAt = now + config.durationHours * 3600;
@@ -16,7 +41,7 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
     id: sessionId,
     walletAddress,
     unlockedArticles: [articleId],
-    siteWideUnlock: siteWide,
+    siteWideUnlock: Boolean(siteWide),
     createdAt: now,
     expiresAt
   };
@@ -24,7 +49,7 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
     sub: walletAddress,
     sid: sessionId,
     articles: session.unlockedArticles,
-    siteWide,
+    siteWide: session.siteWideUnlock,
     iat: now,
     exp: expiresAt
   };
@@ -32,30 +57,39 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
   return { token, session };
 }
 async function validateSession(token, secret) {
+  if (!token || typeof token !== "string") {
+    return { valid: false, reason: "Invalid token format" };
+  }
   try {
     const { payload } = await jwtVerify(token, getSecretKey(secret));
     const sessionPayload = payload;
+    if (!sessionPayload.sub || !sessionPayload.sid || !sessionPayload.exp) {
+      return { valid: false, reason: "Malformed session payload" };
+    }
     const now = Math.floor(Date.now() / 1e3);
     if (sessionPayload.exp < now) {
       return { valid: false, reason: "Session expired" };
     }
+    if (!validateWalletAddress(sessionPayload.sub)) {
+      return { valid: false, reason: "Invalid session data" };
+    }
     const session = {
       id: sessionPayload.sid,
       walletAddress: sessionPayload.sub,
-      unlockedArticles: sessionPayload.articles,
-      siteWideUnlock: sessionPayload.siteWide,
-      createdAt: sessionPayload.iat,
+      unlockedArticles: Array.isArray(sessionPayload.articles) ? sessionPayload.articles : [],
+      siteWideUnlock: Boolean(sessionPayload.siteWide),
+      createdAt: sessionPayload.iat ?? 0,
       expiresAt: sessionPayload.exp
     };
     return { valid: true, session };
   } catch (error) {
-    return {
-      valid: false,
-      reason: error instanceof Error ? error.message : "Invalid session"
-    };
+    return { valid: false, reason: "Invalid session" };
   }
 }
 async function addArticleToSession(token, articleId, secret) {
+  if (!validateArticleId(articleId)) {
+    return null;
+  }
   const validation = await validateSession(token, secret);
   if (!validation.valid || !validation.session) {
     return null;
@@ -64,6 +98,9 @@ async function addArticleToSession(token, articleId, secret) {
   if (session.unlockedArticles.includes(articleId)) {
     return { token, session };
   }
+  if (session.unlockedArticles.length >= MAX_ARTICLES_PER_SESSION) {
+    return null;
+  }
   const updatedArticles = [...session.unlockedArticles, articleId];
   const payload = {
     sub: session.walletAddress,
@@ -80,6 +117,9 @@ async function addArticleToSession(token, articleId, secret) {
   };
 }
 async function isArticleUnlocked(token, articleId, secret) {
+  if (!validateArticleId(articleId)) {
+    return false;
+  }
   const validation = await validateSession(token, secret);
   if (!validation.valid || !validation.session) {
     return false;

package/dist/session/index.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/session/core.ts"],"names":["uuidv4"],"mappings":";;;;AAQA,SAAS,aAAa,MAAA,EAA4B;AAC9C,EAAA,IAAI,MAAA,CAAO,SAAS,EAAA,EAAI;AACpB,IAAA,MAAM,IAAI,MAAM,+CAA+C,CAAA;AAAA,EACnE;AACA,EAAA,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,MAAM,CAAA;AAC1C;AAKA,eAAsB,aAAA,CAClB,aAAA,EACA,SAAA,EACA,MAAA,EACA,WAAoB,KAAA,EAC4B;AAChD,EAAA,MAAM,YAAYA,EAAA,EAAO;AACzB,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,MAAA,CAAO,aAAA,GAAgB,IAAA;AAEhD,EAAA,MAAM,OAAA,GAAuB;AAAA,IACzB,EAAA,EAAI,SAAA;AAAA,IACJ,aAAA;AAAA,IACA,gBAAA,EAAkB,CAAC,SAAS,CAAA;AAAA,IAC5B,cAAA,EAAgB,QAAA;AAAA,IAChB,SAAA,EAAW,GAAA;AAAA,IACX;AAAA,GACJ;AAEA,EAAA,MAAM,OAAA,GAA6B;AAAA,IAC/B,GAAA,EAAK,aAAA;AAAA,IACL,GAAA,EAAK,SAAA;AAAA,IACL,UAAU,OAAA,CAAQ,gBAAA;AAAA,IAClB,QAAA;AAAA,IACA,GAAA,EAAK,GAAA;AAAA,IACL,GAAA,EAAK;AAAA,GACT;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAM,IAAI,OAAA,CAAQ,OAA6C,EACxE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,CAAA,CACnC,aAAY,CACZ,iBAAA,CAAkB,CAAA,EAAG,MAAA,CAAO,aAAa,CAAA,CAAA,CAAG,EAC5C,IAAA,CAAK,YAAA,CAAa,MAAA,CAAO,MAAM,CAAC,CAAA;AAErC,EAAA,OAAO,EAAE,OAAO,OAAA,EAAQ;AAC5B;AAKA,eAAsB,eAAA,CAClB,OACA,MAAA,EAC0B;AAC1B,EAAA,IAAI;AACA,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,UAAU,KAAA,EAAO,YAAA,CAAa,MAAM,CAAC,CAAA;AAC/D,IAAA,MAAM,cAAA,GAAiB,OAAA;AAEvB,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,IAAI,cAAA,CAAe,MAAM,GAAA,EAAK;AAC1B,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,iBAAA,EAAkB;AAAA,IACrD;AAEA,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,IAAI,cAAA,CAAe,GAAA;AAAA,MACnB,eAAe,cAAA,CAAe,GAAA;AAAA,MAC9B,kBAAkB,cAAA,CAAe,QAAA;AAAA,MACjC,gBAAgB,cAAA,CAAe,QAAA;AAAA,MAC/B,WAAW,cAAA,CAAe,GAAA;AAAA,MAC1B,WAAW,cAAA,CAAe;AAAA,KAC9B;AAEA,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,OAAA,EAAQ;AAAA,EAClC,SAAS,KAAA,EAAO;AACZ,IAAA,OAAO;AAAA,MACH,KAAA,EAAO,KAAA;AAAA,MACP,MAAA,EAAQ,KAAA,YAAiB,KAAA,GAAQ,KAAA,CAAM,OAAA,GAAU;AAAA,KACrD;AAAA,EACJ;AACJ;AAKA,eAAsB,mBAAA,CAClB,KAAA,EACA,SAAA,EACA,MAAA,EACuD;AACvD,EAAA,MAAM,UAAA,GAAa,MAAM,eAAA,CAAgB,KAAA,EAAO,MAAM,CAAA;AACtD,EAAA,IAAI,CAAC,UAAA,CAAW,KAAA,IAAS,CAAC,WAAW,OAAA,EAAS;AAC1C,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,MAAM,UAAU,UAAA,CAAW,OAAA;AAG3B,EAAA,IAAI,OAAA,CAAQ,gBAAA,CAAiB,QAAA,CAAS,SAAS,CAAA,EAAG;AAC9C,IAAA,OAAO,EAAE,OAAO,OAAA,EAAQ;AAAA,EAC5B;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,OAAA,CAAQ,kBAAkB,SAAS,CAAA;AAE/D,EAAA,MAAM,OAAA,GAA6B;AAAA,IAC/B,KAAK,OAAA,CAAQ,aAAA;AAAA,IACb,KAAK,OAAA,CAAQ,EAAA;AAAA,IACb,QAAA,EAAU,eAAA;AAAA,IACV,UAAU,OAAA,CAAQ,cAAA;AAAA,IAClB,KAAK,OAAA,CAAQ,SAAA;AAAA,IACb,KAAK,OAAA,CAAQ;AAAA,GACjB;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,IAAI,OAAA,CAAQ,OAA6C,CAAA,CAC3E,kBAAA,CAAmB,EAAE,GAAA,EAAK,SAAS,CAAA,CACnC,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAE9B,EAAA,OAAO;AAAA,IACH,KAAA,EAAO,QAAA;AAAA,IACP,OAAA,EAAS,EAAE,GAAG,OAAA,EAAS,kBAAkB,eAAA;AAAgB,GAC7D;AACJ;AAKA,eAAsB,iBAAA,CAClB,KAAA,EACA,SAAA,EACA,MAAA,EACgB;AAChB,EAAA,MAAM,UAAA,GAAa,MAAM,eAAA,CAAgB,KAAA,EAAO,MAAM,CAAA;AACtD,EAAA,IAAI,CAAC,UAAA,CAAW,KAAA,IAAS,CAAC,WAAW,OAAA,EAAS;AAC1C,IAAA,OAAO,KAAA;AAAA,EACX;AAEA,EAAA,IAAI,UAAA,CAAW,QAAQ,cAAA,EAAgB;AACnC,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,OAAO,UAAA,CAAW,OAAA,CAAQ,gBAAA,CAAiB,QAAA,CAAS,SAAS,CAAA;AACjE","file":"index.js","sourcesContent":["// Session management with JWT (framework-agnostic core)\nimport { SignJWT, jwtVerify } from 'jose';\nimport { v4 as uuidv4 } from 'uuid';\nimport type { SessionData, SessionConfig, SessionValidation, SessionJWTPayload } from '../types';\n\n/*\n Get the secret key for JWT signing\n /\nfunction getSecretKey(secret: string): Uint8Array {\n if (secret.length < 32) {\n throw new Error('Session secret must be at least 32 characters');\n }\n return new TextEncoder().encode(secret);\n}\n\n/\n Create a new session after successful payment\n /\nexport async function createSession(\n walletAddress: string,\n articleId: string,\n config: SessionConfig,\n siteWide: boolean = false\n): Promise<{ token: string; session: SessionData }> {\n const sessionId = uuidv4();\n const now = Math.floor(Date.now() / 1000);\n const expiresAt = now + (config.durationHours 3600);\n\n const session: SessionData = {\n id: sessionId,\n walletAddress,\n unlockedArticles: [articleId],\n siteWideUnlock: siteWide,\n createdAt: now,\n expiresAt,\n };\n\n const payload: SessionJWTPayload = {\n sub: walletAddress,\n sid: sessionId,\n articles: session.unlockedArticles,\n siteWide,\n iat: now,\n exp: expiresAt,\n };\n\n const token = await new SignJWT(payload as unknown as Record<string, unknown>)\n .setProtectedHeader({ alg: 'HS256' })\n .setIssuedAt()\n .setExpirationTime(`${config.durationHours}h`)\n .sign(getSecretKey(config.secret));\n\n return { token, session };\n}\n\n/*\n Validate an existing session token\n /\nexport async function validateSession(\n token: string,\n secret: string\n): Promise<SessionValidation> {\n try {\n const { payload } = await jwtVerify(token, getSecretKey(secret));\n const sessionPayload = payload as unknown as SessionJWTPayload;\n\n const now = Math.floor(Date.now() / 1000);\n if (sessionPayload.exp < now) {\n return { valid: false, reason: 'Session expired' };\n }\n\n const session: SessionData = {\n id: sessionPayload.sid,\n walletAddress: sessionPayload.sub,\n unlockedArticles: sessionPayload.articles,\n siteWideUnlock: sessionPayload.siteWide,\n createdAt: sessionPayload.iat,\n expiresAt: sessionPayload.exp,\n };\n\n return { valid: true, session };\n } catch (error) {\n return {\n valid: false,\n reason: error instanceof Error ? error.message : 'Invalid session',\n };\n }\n}\n\n/\n Add an article to an existing session\n /\nexport async function addArticleToSession(\n token: string,\n articleId: string,\n secret: string\n): Promise<{ token: string; session: SessionData } \| null> {\n const validation = await validateSession(token, secret);\n if (!validation.valid \|\| !validation.session) {\n return null;\n }\n\n const session = validation.session;\n\n // Already unlocked\n if (session.unlockedArticles.includes(articleId)) {\n return { token, session };\n }\n\n const updatedArticles = [...session.unlockedArticles, articleId];\n\n const payload: SessionJWTPayload = {\n sub: session.walletAddress,\n sid: session.id,\n articles: updatedArticles,\n siteWide: session.siteWideUnlock,\n iat: session.createdAt,\n exp: session.expiresAt,\n };\n\n const newToken = await new SignJWT(payload as unknown as Record<string, unknown>)\n .setProtectedHeader({ alg: 'HS256' })\n .sign(getSecretKey(secret));\n\n return {\n token: newToken,\n session: { ...session, unlockedArticles: updatedArticles },\n };\n}\n\n/\n Check if an article is unlocked for a session\n */\nexport async function isArticleUnlocked(\n token: string,\n articleId: string,\n secret: string\n): Promise<boolean> {\n const validation = await validateSession(token, secret);\n if (!validation.valid \|\| !validation.session) {\n return false;\n }\n\n if (validation.session.siteWideUnlock) {\n return true;\n }\n\n return validation.session.unlockedArticles.includes(articleId);\n}\n"]}
1	+ {"version":3,"sources":["../../src/session/core.ts"],"names":["uuidv4"],"mappings":";;;;AAOA,IAAM,wBAAA,GAA2B,GAAA;AAGjC,IAAM,iBAAA,GAAoB,EAAA;AAM1B,SAAS,aAAa,MAAA,EAA4B;AAC9C,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACvC,IAAA,MAAM,IAAI,MAAM,4BAA4B,CAAA;AAAA,EAChD;AACA,EAAA,IAAI,MAAA,CAAO,SAAS,iBAAA,EAAmB;AACnC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,gCAAA,EAAmC,iBAAiB,CAAA,WAAA,CAAa,CAAA;AAAA,EACrF;AACA,EAAA,OAAO,IAAI,WAAA,EAAY,CAAE,MAAA,CAAO,MAAM,CAAA;AAC1C;AAMA,SAAS,sBAAsB,OAAA,EAA0B;AACrD,EAAA,IAAI,CAAC,OAAA,IAAW,OAAO,OAAA,KAAY,UAAU,OAAO,KAAA;AAEpD,EAAA,MAAM,WAAA,GAAc,+BAAA;AACpB,EAAA,OAAO,WAAA,CAAY,KAAK,OAAO,CAAA;AACnC;AAMA,SAAS,kBAAkB,SAAA,EAA4B;AACnD,EAAA,IAAI,CAAC,SAAA,IAAa,OAAO,SAAA,KAAc,UAAU,OAAO,KAAA;AAExD,EAAA,IAAI,SAAA,CAAU,MAAA,GAAS,GAAA,EAAK,OAAO,KAAA;AACnC,EAAA,MAAM,WAAA,GAAc,kBAAA;AACpB,EAAA,OAAO,WAAA,CAAY,KAAK,SAAS,CAAA;AACrC;AAMA,eAAsB,aAAA,CAClB,aAAA,EACA,SAAA,EACA,MAAA,EACA,WAAoB,KAAA,EAC4B;AAEhD,EAAA,IAAI,CAAC,qBAAA,CAAsB,aAAa,CAAA,EAAG;AACvC,IAAA,MAAM,IAAI,MAAM,+BAA+B,CAAA;AAAA,EACnD;AACA,EAAA,IAAI,CAAC,iBAAA,CAAkB,SAAS,CAAA,EAAG;AAC/B,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC/C;AACA,EAAA,IAAI,CAAC,OAAO,aAAA,IAAiB,MAAA,CAAO,iBAAiB,CAAA,IAAK,MAAA,CAAO,gBAAgB,GAAA,EAAK;AAClF,IAAA,MAAM,IAAI,MAAM,kDAAkD,CAAA;AAAA,EACtE;AAEA,EAAA,MAAM,YAAYA,EAAA,EAAO;AACzB,EAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,EAAA,MAAM,SAAA,GAAY,GAAA,GAAO,MAAA,CAAO,aAAA,GAAgB,IAAA;AAEhD,EAAA,MAAM,OAAA,GAAuB;AAAA,IACzB,EAAA,EAAI,SAAA;AAAA,IACJ,aAAA;AAAA,IACA,gBAAA,EAAkB,CAAC,SAAS,CAAA;AAAA,IAC5B,cAAA,EAAgB,QAAQ,QAAQ,CAAA;AAAA,IAChC,SAAA,EAAW,GAAA;AAAA,IACX;AAAA,GACJ;AAEA,EAAA,MAAM,OAAA,GAA6B;AAAA,IAC/B,GAAA,EAAK,aAAA;AAAA,IACL,GAAA,EAAK,SAAA;AAAA,IACL,UAAU,OAAA,CAAQ,gBAAA;AAAA,IAClB,UAAU,OAAA,CAAQ,cAAA;AAAA,IAClB,GAAA,EAAK,GAAA;AAAA,IACL,GAAA,EAAK;AAAA,GACT;AAEA,EAAA,MAAM,KAAA,GAAQ,MAAM,IAAI,OAAA,CAAQ,OAA6C,EACxE,kBAAA,CAAmB,EAAE,GAAA,EAAK,OAAA,EAAS,CAAA,CACnC,aAAY,CACZ,iBAAA,CAAkB,CAAA,EAAG,MAAA,CAAO,aAAa,CAAA,CAAA,CAAG,EAC5C,IAAA,CAAK,YAAA,CAAa,MAAA,CAAO,MAAM,CAAC,CAAA;AAErC,EAAA,OAAO,EAAE,OAAO,OAAA,EAAQ;AAC5B;AAMA,eAAsB,eAAA,CAClB,OACA,MAAA,EAC0B;AAE1B,EAAA,IAAI,CAAC,KAAA,IAAS,OAAO,KAAA,KAAU,QAAA,EAAU;AACrC,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sBAAA,EAAuB;AAAA,EAC1D;AAEA,EAAA,IAAI;AACA,IAAA,MAAM,EAAE,SAAQ,GAAI,MAAM,UAAU,KAAA,EAAO,YAAA,CAAa,MAAM,CAAC,CAAA;AAC/D,IAAA,MAAM,cAAA,GAAiB,OAAA;AAGvB,IAAA,IAAI,CAAC,eAAe,GAAA,IAAO,CAAC,eAAe,GAAA,IAAO,CAAC,eAAe,GAAA,EAAK;AACnE,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,2BAAA,EAA4B;AAAA,IAC/D;AAGA,IAAA,MAAM,MAAM,IAAA,CAAK,KAAA,CAAM,IAAA,CAAK,GAAA,KAAQ,GAAI,CAAA;AACxC,IAAA,IAAI,cAAA,CAAe,MAAM,GAAA,EAAK;AAC1B,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,iBAAA,EAAkB;AAAA,IACrD;AAGA,IAAA,IAAI,CAAC,qBAAA,CAAsB,cAAA,CAAe,GAAG,CAAA,EAAG;AAC5C,MAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,sBAAA,EAAuB;AAAA,IAC1D;AAEA,IAAA,MAAM,OAAA,GAAuB;AAAA,MACzB,IAAI,cAAA,CAAe,GAAA;AAAA,MACnB,eAAe,cAAA,CAAe,GAAA;AAAA,MAC9B,gBAAA,EAAkB,MAAM,OAAA,CAAQ,cAAA,CAAe,QAAQ,CAAA,GAAI,cAAA,CAAe,WAAW,EAAC;AAAA,MACtF,cAAA,EAAgB,OAAA,CAAQ,cAAA,CAAe,QAAQ,CAAA;AAAA,MAC/C,SAAA,EAAW,eAAe,GAAA,IAAO,CAAA;AAAA,MACjC,WAAW,cAAA,CAAe;AAAA,KAC9B;AAEA,IAAA,OAAO,EAAE,KAAA,EAAO,IAAA,EAAM,OAAA,EAAQ;AAAA,EAClC,SAAS,KAAA,EAAO;AAEZ,IAAA,OAAO,EAAE,KAAA,EAAO,KAAA,EAAO,MAAA,EAAQ,iBAAA,EAAkB;AAAA,EACrD;AACJ;AAMA,eAAsB,mBAAA,CAClB,KAAA,EACA,SAAA,EACA,MAAA,EACuD;AAEvD,EAAA,IAAI,CAAC,iBAAA,CAAkB,SAAS,CAAA,EAAG;AAC/B,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,eAAA,CAAgB,KAAA,EAAO,MAAM,CAAA;AACtD,EAAA,IAAI,CAAC,UAAA,CAAW,KAAA,IAAS,CAAC,WAAW,OAAA,EAAS;AAC1C,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,MAAM,UAAU,UAAA,CAAW,OAAA;AAG3B,EAAA,IAAI,OAAA,CAAQ,gBAAA,CAAiB,QAAA,CAAS,SAAS,CAAA,EAAG;AAC9C,IAAA,OAAO,EAAE,OAAO,OAAA,EAAQ;AAAA,EAC5B;AAGA,EAAA,IAAI,OAAA,CAAQ,gBAAA,CAAiB,MAAA,IAAU,wBAAA,EAA0B;AAC7D,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,MAAM,eAAA,GAAkB,CAAC,GAAG,OAAA,CAAQ,kBAAkB,SAAS,CAAA;AAE/D,EAAA,MAAM,OAAA,GAA6B;AAAA,IAC/B,KAAK,OAAA,CAAQ,aAAA;AAAA,IACb,KAAK,OAAA,CAAQ,EAAA;AAAA,IACb,QAAA,EAAU,eAAA;AAAA,IACV,UAAU,OAAA,CAAQ,cAAA;AAAA,IAClB,KAAK,OAAA,CAAQ,SAAA;AAAA,IACb,KAAK,OAAA,CAAQ;AAAA,GACjB;AAEA,EAAA,MAAM,QAAA,GAAW,MAAM,IAAI,OAAA,CAAQ,OAA6C,CAAA,CAC3E,kBAAA,CAAmB,EAAE,GAAA,EAAK,SAAS,CAAA,CACnC,IAAA,CAAK,YAAA,CAAa,MAAM,CAAC,CAAA;AAE9B,EAAA,OAAO;AAAA,IACH,KAAA,EAAO,QAAA;AAAA,IACP,OAAA,EAAS,EAAE,GAAG,OAAA,EAAS,kBAAkB,eAAA;AAAgB,GAC7D;AACJ;AAKA,eAAsB,iBAAA,CAClB,KAAA,EACA,SAAA,EACA,MAAA,EACgB;AAChB,EAAA,IAAI,CAAC,iBAAA,CAAkB,SAAS,CAAA,EAAG;AAC/B,IAAA,OAAO,KAAA;AAAA,EACX;AAEA,EAAA,MAAM,UAAA,GAAa,MAAM,eAAA,CAAgB,KAAA,EAAO,MAAM,CAAA;AACtD,EAAA,IAAI,CAAC,UAAA,CAAW,KAAA,IAAS,CAAC,WAAW,OAAA,EAAS;AAC1C,IAAA,OAAO,KAAA;AAAA,EACX;AAEA,EAAA,IAAI,UAAA,CAAW,QAAQ,cAAA,EAAgB;AACnC,IAAA,OAAO,IAAA;AAAA,EACX;AAEA,EAAA,OAAO,UAAA,CAAW,OAAA,CAAQ,gBAAA,CAAiB,QAAA,CAAS,SAAS,CAAA;AACjE","file":"index.js","sourcesContent":["// Session management with JWT (framework-agnostic core)\n// SECURITY: Uses jose library with HS256, constant-time validation, input sanitization\nimport { SignJWT, jwtVerify } from 'jose';\nimport { v4 as uuidv4 } from 'uuid';\nimport type { SessionData, SessionConfig, SessionValidation, SessionJWTPayload } from '../types';\n\n// Maximum articles per session to prevent unbounded growth\nconst MAX_ARTICLES_PER_SESSION = 100;\n\n// Minimum secret length for security\nconst MIN_SECRET_LENGTH = 32;\n\n/*\n Get the secret key for JWT signing\n * SECURITY: Enforces minimum secret length\n /\nfunction getSecretKey(secret: string): Uint8Array {\n if (!secret \|\| typeof secret !== 'string') {\n throw new Error('Session secret is required');\n }\n if (secret.length < MIN_SECRET_LENGTH) {\n throw new Error(`Session secret must be at least ${MIN_SECRET_LENGTH} characters`);\n }\n return new TextEncoder().encode(secret);\n}\n\n/\n Validate wallet address format (base58, 32-44 chars)\n * SECURITY: Prevents injection via wallet address field\n /\nfunction validateWalletAddress(address: string): boolean {\n if (!address \|\| typeof address !== 'string') return false;\n // Solana addresses are base58, typically 32-44 characters\n const base58Regex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;\n return base58Regex.test(address);\n}\n\n/\n Validate article ID format\n * SECURITY: Prevents injection via articleId field\n /\nfunction validateArticleId(articleId: string): boolean {\n if (!articleId \|\| typeof articleId !== 'string') return false;\n // Allow alphanumeric, hyphens, underscores, max 128 chars\n if (articleId.length > 128) return false;\n const safeIdRegex = /^[a-zA-Z0-9_-]+$/;\n return safeIdRegex.test(articleId);\n}\n\n/\n Create a new session after successful payment\n * SECURITY: Validates inputs, enforces limits\n /\nexport async function createSession(\n walletAddress: string,\n articleId: string,\n config: SessionConfig,\n siteWide: boolean = false\n): Promise<{ token: string; session: SessionData }> {\n // Input validation\n if (!validateWalletAddress(walletAddress)) {\n throw new Error('Invalid wallet address format');\n }\n if (!validateArticleId(articleId)) {\n throw new Error('Invalid article ID format');\n }\n if (!config.durationHours \|\| config.durationHours <= 0 \|\| config.durationHours > 720) {\n throw new Error('Session duration must be between 1 and 720 hours');\n }\n\n const sessionId = uuidv4();\n const now = Math.floor(Date.now() / 1000);\n const expiresAt = now + (config.durationHours 3600);\n\n const session: SessionData = {\n id: sessionId,\n walletAddress,\n unlockedArticles: [articleId],\n siteWideUnlock: Boolean(siteWide),\n createdAt: now,\n expiresAt,\n };\n\n const payload: SessionJWTPayload = {\n sub: walletAddress,\n sid: sessionId,\n articles: session.unlockedArticles,\n siteWide: session.siteWideUnlock,\n iat: now,\n exp: expiresAt,\n };\n\n const token = await new SignJWT(payload as unknown as Record<string, unknown>)\n .setProtectedHeader({ alg: 'HS256' })\n .setIssuedAt()\n .setExpirationTime(`${config.durationHours}h`)\n .sign(getSecretKey(config.secret));\n\n return { token, session };\n}\n\n/*\n Validate an existing session token\n * SECURITY: jose library handles timing-safe comparison internally\n /\nexport async function validateSession(\n token: string,\n secret: string\n): Promise<SessionValidation> {\n // Input validation\n if (!token \|\| typeof token !== 'string') {\n return { valid: false, reason: 'Invalid token format' };\n }\n\n try {\n const { payload } = await jwtVerify(token, getSecretKey(secret));\n const sessionPayload = payload as unknown as SessionJWTPayload;\n\n // Validate required fields exist\n if (!sessionPayload.sub \|\| !sessionPayload.sid \|\| !sessionPayload.exp) {\n return { valid: false, reason: 'Malformed session payload' };\n }\n\n // Check expiration (jose already checks, but double-check)\n const now = Math.floor(Date.now() / 1000);\n if (sessionPayload.exp < now) {\n return { valid: false, reason: 'Session expired' };\n }\n\n // Validate wallet address format from token\n if (!validateWalletAddress(sessionPayload.sub)) {\n return { valid: false, reason: 'Invalid session data' };\n }\n\n const session: SessionData = {\n id: sessionPayload.sid,\n walletAddress: sessionPayload.sub,\n unlockedArticles: Array.isArray(sessionPayload.articles) ? sessionPayload.articles : [],\n siteWideUnlock: Boolean(sessionPayload.siteWide),\n createdAt: sessionPayload.iat ?? 0,\n expiresAt: sessionPayload.exp,\n };\n\n return { valid: true, session };\n } catch (error) {\n // SECURITY: Don't expose internal error details\n return { valid: false, reason: 'Invalid session' };\n }\n}\n\n/\n Add an article to an existing session\n * SECURITY: Enforces article limit to prevent token bloat\n /\nexport async function addArticleToSession(\n token: string,\n articleId: string,\n secret: string\n): Promise<{ token: string; session: SessionData } \| null> {\n // Validate article ID\n if (!validateArticleId(articleId)) {\n return null;\n }\n\n const validation = await validateSession(token, secret);\n if (!validation.valid \|\| !validation.session) {\n return null;\n }\n\n const session = validation.session;\n\n // Already unlocked\n if (session.unlockedArticles.includes(articleId)) {\n return { token, session };\n }\n\n // SECURITY: Enforce maximum articles per session\n if (session.unlockedArticles.length >= MAX_ARTICLES_PER_SESSION) {\n return null;\n }\n\n const updatedArticles = [...session.unlockedArticles, articleId];\n\n const payload: SessionJWTPayload = {\n sub: session.walletAddress,\n sid: session.id,\n articles: updatedArticles,\n siteWide: session.siteWideUnlock,\n iat: session.createdAt,\n exp: session.expiresAt,\n };\n\n const newToken = await new SignJWT(payload as unknown as Record<string, unknown>)\n .setProtectedHeader({ alg: 'HS256' })\n .sign(getSecretKey(secret));\n\n return {\n token: newToken,\n session: { ...session, unlockedArticles: updatedArticles },\n };\n}\n\n/\n Check if an article is unlocked for a session\n */\nexport async function isArticleUnlocked(\n token: string,\n articleId: string,\n secret: string\n): Promise<boolean> {\n if (!validateArticleId(articleId)) {\n return false;\n }\n\n const validation = await validateSession(token, secret);\n if (!validation.valid \|\| !validation.session) {\n return false;\n }\n\n if (validation.session.siteWideUnlock) {\n return true;\n }\n\n return validation.session.unlockedArticles.includes(articleId);\n}\n"]}

package/dist/{index-DptevtnU.d.cts → session-D2IoWAWV.d.cts} RENAMED Viewed

@@ -45,27 +45,4 @@ interface SessionJWTPayload {
     exp: number;
 }
-/**
- * Create a new session after successful payment
- */
-declare function createSession(walletAddress: string, articleId: string, config: SessionConfig, siteWide?: boolean): Promise<{
-    token: string;
-    session: SessionData;
-}>;
-/**
- * Validate an existing session token
- */
-declare function validateSession(token: string, secret: string): Promise<SessionValidation>;
-/**
- * Add an article to an existing session
- */
-declare function addArticleToSession(token: string, articleId: string, secret: string): Promise<{
-    token: string;
-    session: SessionData;
-} | null>;
-/**
- * Check if an article is unlocked for a session
- */
-declare function isArticleUnlocked(token: string, articleId: string, secret: string): Promise<boolean>;
-export { type SessionData as S, type SessionConfig as a, type SessionValidation as b, type SessionJWTPayload as c, createSession as d, addArticleToSession as e, isArticleUnlocked as i, validateSession as v };
+export type { SessionData as S, SessionConfig as a, SessionValidation as b, SessionJWTPayload as c };

package/dist/{index-DptevtnU.d.ts → session-D2IoWAWV.d.ts} RENAMED Viewed

@@ -45,27 +45,4 @@ interface SessionJWTPayload {
     exp: number;
 }
-/**
- * Create a new session after successful payment
- */
-declare function createSession(walletAddress: string, articleId: string, config: SessionConfig, siteWide?: boolean): Promise<{
-    token: string;
-    session: SessionData;
-}>;
-/**
- * Validate an existing session token
- */
-declare function validateSession(token: string, secret: string): Promise<SessionValidation>;
-/**
- * Add an article to an existing session
- */
-declare function addArticleToSession(token: string, articleId: string, secret: string): Promise<{
-    token: string;
-    session: SessionData;
-} | null>;
-/**
- * Check if an article is unlocked for a session
- */
-declare function isArticleUnlocked(token: string, articleId: string, secret: string): Promise<boolean>;
-export { type SessionData as S, type SessionConfig as a, type SessionValidation as b, type SessionJWTPayload as c, createSession as d, addArticleToSession as e, isArticleUnlocked as i, validateSession as v };
+export type { SessionData as S, SessionConfig as a, SessionValidation as b, SessionJWTPayload as c };

package/dist/solana/index.cjs CHANGED Viewed

@@ -42,6 +42,16 @@ function isMainnet(network) {
 function toX402Network(network) {
   return network === "mainnet-beta" ? "solana-mainnet" : "solana-devnet";
 }
+var SIGNATURE_REGEX = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
+var WALLET_REGEX = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function isValidSignature(signature) {
+  if (!signature || typeof signature !== "string") return false;
+  return SIGNATURE_REGEX.test(signature);
+}
+function isValidWalletAddress(address) {
+  if (!address || typeof address !== "string") return false;
+  return WALLET_REGEX.test(address);
+}
 function parseSOLTransfer(transaction, expectedRecipient) {
   const instructions = transaction.transaction.message.instructions;
   for (const ix of instructions) {
@@ -82,6 +92,16 @@ async function verifyPayment(params) {
     maxAgeSeconds = 300,
     clientConfig
   } = params;
+  if (!isValidSignature(signature)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
+  }
+  if (!isValidWalletAddress(expectedRecipient)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid recipient address" };
+  }
+  if (expectedAmount <= 0n) {
+    return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
+  }
+  const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
   const connection = getConnection(clientConfig);
   try {
     const transaction = await connection.getParsedTransaction(signature, {
@@ -96,14 +116,17 @@ async function verifyPayment(params) {
         valid: false,
         confirmed: true,
         signature,
-        error: `Transaction failed: ${JSON.stringify(transaction.meta.err)}`
+        error: "Transaction failed on-chain"
       };
     }
     if (transaction.blockTime) {
       const now = Math.floor(Date.now() / 1e3);
-      if (now - transaction.blockTime > maxAgeSeconds) {
+      if (now - transaction.blockTime > effectiveMaxAge) {
         return { valid: false, confirmed: true, signature, error: "Transaction too old" };
       }
+      if (transaction.blockTime > now + 60) {
+        return { valid: false, confirmed: true, signature, error: "Invalid transaction time" };
+      }
     }
     const transferDetails = parseSOLTransfer(transaction, expectedRecipient);
     if (!transferDetails) {
@@ -122,7 +145,7 @@ async function verifyPayment(params) {
         from: transferDetails.from,
         to: transferDetails.to,
         amount: transferDetails.amount,
-        error: `Insufficient amount: expected ${expectedAmount}, got ${transferDetails.amount}`
+        error: "Insufficient payment amount"
       };
     }
     return {
@@ -140,33 +163,34 @@ async function verifyPayment(params) {
       valid: false,
       confirmed: false,
       signature,
-      error: error instanceof Error ? error.message : "Unknown verification error"
+      error: "Verification failed"
     };
   }
 }
 async function waitForConfirmation(signature, clientConfig) {
+  if (!isValidSignature(signature)) {
+    return { confirmed: false, error: "Invalid signature format" };
+  }
   const connection = getConnection(clientConfig);
   try {
     const confirmation = await connection.confirmTransaction(signature, "confirmed");
     if (confirmation.value.err) {
-      return {
-        confirmed: false,
-        error: `Transaction failed: ${JSON.stringify(confirmation.value.err)}`
-      };
+      return { confirmed: false, error: "Transaction failed" };
     }
     return { confirmed: true, slot: confirmation.context?.slot };
-  } catch (error) {
-    return {
-      confirmed: false,
-      error: error instanceof Error ? error.message : "Confirmation timeout"
-    };
+  } catch {
+    return { confirmed: false, error: "Confirmation timeout" };
   }
 }
 async function getWalletTransactions(walletAddress, clientConfig, limit = 20) {
+  if (!isValidWalletAddress(walletAddress)) {
+    return [];
+  }
+  const safeLimit = Math.min(Math.max(limit, 1), 100);
   const connection = getConnection(clientConfig);
-  const pubkey = new web3_js.PublicKey(walletAddress);
   try {
-    const signatures = await connection.getSignaturesForAddress(pubkey, { limit });
+    const pubkey = new web3_js.PublicKey(walletAddress);
+    const signatures = await connection.getSignaturesForAddress(pubkey, { limit: safeLimit });
     return signatures.map((sig) => ({
       signature: sig.signature,
       blockTime: sig.blockTime ?? void 0,
@@ -180,17 +204,213 @@ function lamportsToSol(lamports) {
   return Number(lamports) / web3_js.LAMPORTS_PER_SOL;
 }
 function solToLamports(sol) {
+  if (!Number.isFinite(sol) || sol < 0) {
+    throw new Error("Invalid SOL amount");
+  }
   return BigInt(Math.floor(sol * web3_js.LAMPORTS_PER_SOL));
 }
+// src/types/payment.ts
+var TOKEN_MINTS = {
+  /** USDC on mainnet */
+  USDC_MAINNET: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+  /** USDC on devnet */
+  USDC_DEVNET: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
+  /** USDT on mainnet */
+  USDT_MAINNET: "Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB"
+};
+// src/solana/spl.ts
+var SIGNATURE_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
+var WALLET_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function resolveMintAddress(asset, network) {
+  if (asset === "native") return null;
+  if (asset === "usdc") {
+    return network === "mainnet-beta" ? TOKEN_MINTS.USDC_MAINNET : TOKEN_MINTS.USDC_DEVNET;
+  }
+  if (asset === "usdt") {
+    return TOKEN_MINTS.USDT_MAINNET;
+  }
+  if (typeof asset === "object" && "mint" in asset) {
+    return asset.mint;
+  }
+  return null;
+}
+function getTokenDecimals(asset) {
+  if (asset === "native") return 9;
+  if (asset === "usdc" || asset === "usdt") return 6;
+  if (typeof asset === "object" && "decimals" in asset) {
+    return asset.decimals ?? 6;
+  }
+  return 6;
+}
+function parseSPLTransfer(transaction, expectedRecipient, expectedMint) {
+  const instructions = transaction.transaction.message.instructions;
+  for (const ix of instructions) {
+    if ("parsed" in ix && (ix.program === "spl-token" || ix.program === "spl-token-2022")) {
+      const parsed = ix.parsed;
+      if (parsed.type === "transfer" || parsed.type === "transferChecked") {
+        const amount = parsed.info.amount || parsed.info.tokenAmount?.amount;
+        if (amount && parsed.info.destination) {
+          return {
+            from: parsed.info.authority || parsed.info.source || "",
+            to: parsed.info.destination,
+            amount: BigInt(amount),
+            mint: parsed.info.mint || expectedMint
+          };
+        }
+      }
+    }
+  }
+  if (transaction.meta?.innerInstructions) {
+    for (const inner of transaction.meta.innerInstructions) {
+      for (const ix of inner.instructions) {
+        if ("parsed" in ix && (ix.program === "spl-token" || ix.program === "spl-token-2022")) {
+          const parsed = ix.parsed;
+          if (parsed.type === "transfer" || parsed.type === "transferChecked") {
+            const amount = parsed.info.amount || parsed.info.tokenAmount?.amount;
+            if (amount) {
+              return {
+                from: parsed.info.authority || parsed.info.source || "",
+                to: parsed.info.destination || "",
+                amount: BigInt(amount),
+                mint: parsed.info.mint || expectedMint
+              };
+            }
+          }
+        }
+      }
+    }
+  }
+  if (transaction.meta?.postTokenBalances && transaction.meta?.preTokenBalances) {
+    const preBalances = transaction.meta.preTokenBalances;
+    const postBalances = transaction.meta.postTokenBalances;
+    for (const post of postBalances) {
+      if (post.mint === expectedMint && post.owner === expectedRecipient) {
+        const pre = preBalances.find(
+          (p) => p.accountIndex === post.accountIndex
+        );
+        const preAmount = BigInt(pre?.uiTokenAmount?.amount || "0");
+        const postAmount = BigInt(post.uiTokenAmount?.amount || "0");
+        const transferred = postAmount - preAmount;
+        if (transferred > 0n) {
+          return {
+            from: "",
+            // Can't determine from balance changes
+            to: expectedRecipient,
+            amount: transferred,
+            mint: expectedMint
+          };
+        }
+      }
+    }
+  }
+  return null;
+}
+async function verifySPLPayment(params) {
+  const {
+    signature,
+    expectedRecipient,
+    expectedAmount,
+    asset,
+    clientConfig,
+    maxAgeSeconds = 300
+  } = params;
+  if (!SIGNATURE_REGEX2.test(signature)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
+  }
+  if (!WALLET_REGEX2.test(expectedRecipient)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid recipient address" };
+  }
+  const mintAddress = resolveMintAddress(asset, clientConfig.network);
+  if (!mintAddress) {
+    return { valid: false, confirmed: false, signature, error: "Invalid asset configuration" };
+  }
+  if (expectedAmount <= 0n) {
+    return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
+  }
+  const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
+  const connection = getConnection(clientConfig);
+  try {
+    const transaction = await connection.getParsedTransaction(signature, {
+      commitment: "confirmed",
+      maxSupportedTransactionVersion: 0
+    });
+    if (!transaction) {
+      return { valid: false, confirmed: false, signature, error: "Transaction not found" };
+    }
+    if (transaction.meta?.err) {
+      return { valid: false, confirmed: true, signature, error: "Transaction failed on-chain" };
+    }
+    if (transaction.blockTime) {
+      const now = Math.floor(Date.now() / 1e3);
+      if (now - transaction.blockTime > effectiveMaxAge) {
+        return { valid: false, confirmed: true, signature, error: "Transaction too old" };
+      }
+      if (transaction.blockTime > now + 60) {
+        return { valid: false, confirmed: true, signature, error: "Invalid transaction time" };
+      }
+    }
+    const transfer = parseSPLTransfer(transaction, expectedRecipient, mintAddress);
+    if (!transfer) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        error: "No valid token transfer to recipient found"
+      };
+    }
+    if (transfer.mint !== mintAddress) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        error: "Token mint mismatch"
+      };
+    }
+    if (transfer.amount < expectedAmount) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        from: transfer.from,
+        to: transfer.to,
+        mint: transfer.mint,
+        amount: transfer.amount,
+        error: "Insufficient payment amount"
+      };
+    }
+    return {
+      valid: true,
+      confirmed: true,
+      signature,
+      from: transfer.from,
+      to: transfer.to,
+      mint: transfer.mint,
+      amount: transfer.amount,
+      blockTime: transaction.blockTime ?? void 0,
+      slot: transaction.slot
+    };
+  } catch {
+    return { valid: false, confirmed: false, signature, error: "Verification failed" };
+  }
+}
+function isNativeAsset(asset) {
+  return asset === "native";
+}
 exports.getConnection = getConnection;
+exports.getTokenDecimals = getTokenDecimals;
 exports.getWalletTransactions = getWalletTransactions;
 exports.isMainnet = isMainnet;
+exports.isNativeAsset = isNativeAsset;
 exports.lamportsToSol = lamportsToSol;
 exports.resetConnection = resetConnection;
+exports.resolveMintAddress = resolveMintAddress;
 exports.solToLamports = solToLamports;
 exports.toX402Network = toX402Network;
 exports.verifyPayment = verifyPayment;
+exports.verifySPLPayment = verifySPLPayment;
 exports.waitForConfirmation = waitForConfirmation;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map