@alleyboss/micropay-solana-x402-paywall 1.0.0 → 2.0.0

package/dist/index.cjs

@@ -4,7 +4,15 @@ var web3_js = require('@solana/web3.js');
 var jose = require('jose');
 var uuid = require('uuid');
 
-// src/solana/client.ts
+// src/types/payment.ts
+var TOKEN_MINTS = {
+  /** USDC on mainnet */
+  USDC_MAINNET: "EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v",
+  /** USDC on devnet */
+  USDC_DEVNET: "4zMMC9srt5Ri5X14GAgXhaHii3GnPAEERYPJgZJDncDU",
+  /** USDT on mainnet */
+  USDT_MAINNET: "Es9vMFrzaCERmJfrF4H2FYD4KCoNkY11McCe8BenwNYB"
+};
 var cachedConnection = null;
 var cachedNetwork = null;
 function buildRpcUrl(config) {
@@ -44,6 +52,16 @@ function isMainnet(network) {
 function toX402Network(network) {
   return network === "mainnet-beta" ? "solana-mainnet" : "solana-devnet";
 }
+var SIGNATURE_REGEX = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
+var WALLET_REGEX = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function isValidSignature(signature) {
+  if (!signature || typeof signature !== "string") return false;
+  return SIGNATURE_REGEX.test(signature);
+}
+function isValidWalletAddress(address) {
+  if (!address || typeof address !== "string") return false;
+  return WALLET_REGEX.test(address);
+}
 function parseSOLTransfer(transaction, expectedRecipient) {
   const instructions = transaction.transaction.message.instructions;
   for (const ix of instructions) {
@@ -84,6 +102,16 @@ async function verifyPayment(params) {
     maxAgeSeconds = 300,
     clientConfig
   } = params;
+  if (!isValidSignature(signature)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
+  }
+  if (!isValidWalletAddress(expectedRecipient)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid recipient address" };
+  }
+  if (expectedAmount <= 0n) {
+    return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
+  }
+  const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
   const connection = getConnection(clientConfig);
   try {
     const transaction = await connection.getParsedTransaction(signature, {
@@ -98,14 +126,17 @@ async function verifyPayment(params) {
         valid: false,
         confirmed: true,
         signature,
-        error: `Transaction failed: ${JSON.stringify(transaction.meta.err)}`
+        error: "Transaction failed on-chain"
       };
     }
     if (transaction.blockTime) {
       const now = Math.floor(Date.now() / 1e3);
-      if (now - transaction.blockTime > maxAgeSeconds) {
+      if (now - transaction.blockTime > effectiveMaxAge) {
         return { valid: false, confirmed: true, signature, error: "Transaction too old" };
       }
+      if (transaction.blockTime > now + 60) {
+        return { valid: false, confirmed: true, signature, error: "Invalid transaction time" };
+      }
     }
     const transferDetails = parseSOLTransfer(transaction, expectedRecipient);
     if (!transferDetails) {
@@ -124,7 +155,7 @@ async function verifyPayment(params) {
         from: transferDetails.from,
         to: transferDetails.to,
         amount: transferDetails.amount,
-        error: `Insufficient amount: expected ${expectedAmount}, got ${transferDetails.amount}`
+        error: "Insufficient payment amount"
       };
     }
     return {
@@ -142,33 +173,34 @@ async function verifyPayment(params) {
       valid: false,
       confirmed: false,
       signature,
-      error: error instanceof Error ? error.message : "Unknown verification error"
+      error: "Verification failed"
     };
   }
 }
 async function waitForConfirmation(signature, clientConfig) {
+  if (!isValidSignature(signature)) {
+    return { confirmed: false, error: "Invalid signature format" };
+  }
   const connection = getConnection(clientConfig);
   try {
     const confirmation = await connection.confirmTransaction(signature, "confirmed");
     if (confirmation.value.err) {
-      return {
-        confirmed: false,
-        error: `Transaction failed: ${JSON.stringify(confirmation.value.err)}`
-      };
+      return { confirmed: false, error: "Transaction failed" };
     }
     return { confirmed: true, slot: confirmation.context?.slot };
-  } catch (error) {
-    return {
-      confirmed: false,
-      error: error instanceof Error ? error.message : "Confirmation timeout"
-    };
+  } catch {
+    return { confirmed: false, error: "Confirmation timeout" };
   }
 }
 async function getWalletTransactions(walletAddress, clientConfig, limit = 20) {
+  if (!isValidWalletAddress(walletAddress)) {
+    return [];
+  }
+  const safeLimit = Math.min(Math.max(limit, 1), 100);
   const connection = getConnection(clientConfig);
-  const pubkey = new web3_js.PublicKey(walletAddress);
   try {
-    const signatures = await connection.getSignaturesForAddress(pubkey, { limit });
+    const pubkey = new web3_js.PublicKey(walletAddress);
+    const signatures = await connection.getSignaturesForAddress(pubkey, { limit: safeLimit });
     return signatures.map((sig) => ({
       signature: sig.signature,
       blockTime: sig.blockTime ?? void 0,
@@ -182,15 +214,222 @@ function lamportsToSol(lamports) {
   return Number(lamports) / web3_js.LAMPORTS_PER_SOL;
 }
 function solToLamports(sol) {
+  if (!Number.isFinite(sol) || sol < 0) {
+    throw new Error("Invalid SOL amount");
+  }
   return BigInt(Math.floor(sol * web3_js.LAMPORTS_PER_SOL));
 }
+
+// src/solana/spl.ts
+var SIGNATURE_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
+var WALLET_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function resolveMintAddress(asset, network) {
+  if (asset === "native") return null;
+  if (asset === "usdc") {
+    return network === "mainnet-beta" ? TOKEN_MINTS.USDC_MAINNET : TOKEN_MINTS.USDC_DEVNET;
+  }
+  if (asset === "usdt") {
+    return TOKEN_MINTS.USDT_MAINNET;
+  }
+  if (typeof asset === "object" && "mint" in asset) {
+    return asset.mint;
+  }
+  return null;
+}
+function getTokenDecimals(asset) {
+  if (asset === "native") return 9;
+  if (asset === "usdc" || asset === "usdt") return 6;
+  if (typeof asset === "object" && "decimals" in asset) {
+    return asset.decimals ?? 6;
+  }
+  return 6;
+}
+function parseSPLTransfer(transaction, expectedRecipient, expectedMint) {
+  const instructions = transaction.transaction.message.instructions;
+  for (const ix of instructions) {
+    if ("parsed" in ix && (ix.program === "spl-token" || ix.program === "spl-token-2022")) {
+      const parsed = ix.parsed;
+      if (parsed.type === "transfer" || parsed.type === "transferChecked") {
+        const amount = parsed.info.amount || parsed.info.tokenAmount?.amount;
+        if (amount && parsed.info.destination) {
+          return {
+            from: parsed.info.authority || parsed.info.source || "",
+            to: parsed.info.destination,
+            amount: BigInt(amount),
+            mint: parsed.info.mint || expectedMint
+          };
+        }
+      }
+    }
+  }
+  if (transaction.meta?.innerInstructions) {
+    for (const inner of transaction.meta.innerInstructions) {
+      for (const ix of inner.instructions) {
+        if ("parsed" in ix && (ix.program === "spl-token" || ix.program === "spl-token-2022")) {
+          const parsed = ix.parsed;
+          if (parsed.type === "transfer" || parsed.type === "transferChecked") {
+            const amount = parsed.info.amount || parsed.info.tokenAmount?.amount;
+            if (amount) {
+              return {
+                from: parsed.info.authority || parsed.info.source || "",
+                to: parsed.info.destination || "",
+                amount: BigInt(amount),
+                mint: parsed.info.mint || expectedMint
+              };
+            }
+          }
+        }
+      }
+    }
+  }
+  if (transaction.meta?.postTokenBalances && transaction.meta?.preTokenBalances) {
+    const preBalances = transaction.meta.preTokenBalances;
+    const postBalances = transaction.meta.postTokenBalances;
+    for (const post of postBalances) {
+      if (post.mint === expectedMint && post.owner === expectedRecipient) {
+        const pre = preBalances.find(
+          (p) => p.accountIndex === post.accountIndex
+        );
+        const preAmount = BigInt(pre?.uiTokenAmount?.amount || "0");
+        const postAmount = BigInt(post.uiTokenAmount?.amount || "0");
+        const transferred = postAmount - preAmount;
+        if (transferred > 0n) {
+          return {
+            from: "",
+            // Can't determine from balance changes
+            to: expectedRecipient,
+            amount: transferred,
+            mint: expectedMint
+          };
+        }
+      }
+    }
+  }
+  return null;
+}
+async function verifySPLPayment(params) {
+  const {
+    signature,
+    expectedRecipient,
+    expectedAmount,
+    asset,
+    clientConfig,
+    maxAgeSeconds = 300
+  } = params;
+  if (!SIGNATURE_REGEX2.test(signature)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
+  }
+  if (!WALLET_REGEX2.test(expectedRecipient)) {
+    return { valid: false, confirmed: false, signature, error: "Invalid recipient address" };
+  }
+  const mintAddress = resolveMintAddress(asset, clientConfig.network);
+  if (!mintAddress) {
+    return { valid: false, confirmed: false, signature, error: "Invalid asset configuration" };
+  }
+  if (expectedAmount <= 0n) {
+    return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
+  }
+  const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
+  const connection = getConnection(clientConfig);
+  try {
+    const transaction = await connection.getParsedTransaction(signature, {
+      commitment: "confirmed",
+      maxSupportedTransactionVersion: 0
+    });
+    if (!transaction) {
+      return { valid: false, confirmed: false, signature, error: "Transaction not found" };
+    }
+    if (transaction.meta?.err) {
+      return { valid: false, confirmed: true, signature, error: "Transaction failed on-chain" };
+    }
+    if (transaction.blockTime) {
+      const now = Math.floor(Date.now() / 1e3);
+      if (now - transaction.blockTime > effectiveMaxAge) {
+        return { valid: false, confirmed: true, signature, error: "Transaction too old" };
+      }
+      if (transaction.blockTime > now + 60) {
+        return { valid: false, confirmed: true, signature, error: "Invalid transaction time" };
+      }
+    }
+    const transfer = parseSPLTransfer(transaction, expectedRecipient, mintAddress);
+    if (!transfer) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        error: "No valid token transfer to recipient found"
+      };
+    }
+    if (transfer.mint !== mintAddress) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        error: "Token mint mismatch"
+      };
+    }
+    if (transfer.amount < expectedAmount) {
+      return {
+        valid: false,
+        confirmed: true,
+        signature,
+        from: transfer.from,
+        to: transfer.to,
+        mint: transfer.mint,
+        amount: transfer.amount,
+        error: "Insufficient payment amount"
+      };
+    }
+    return {
+      valid: true,
+      confirmed: true,
+      signature,
+      from: transfer.from,
+      to: transfer.to,
+      mint: transfer.mint,
+      amount: transfer.amount,
+      blockTime: transaction.blockTime ?? void 0,
+      slot: transaction.slot
+    };
+  } catch {
+    return { valid: false, confirmed: false, signature, error: "Verification failed" };
+  }
+}
+function isNativeAsset(asset) {
+  return asset === "native";
+}
+var MAX_ARTICLES_PER_SESSION = 100;
+var MIN_SECRET_LENGTH = 32;
 function getSecretKey(secret) {
-  if (secret.length < 32) {
-    throw new Error("Session secret must be at least 32 characters");
+  if (!secret || typeof secret !== "string") {
+    throw new Error("Session secret is required");
+  }
+  if (secret.length < MIN_SECRET_LENGTH) {
+    throw new Error(`Session secret must be at least ${MIN_SECRET_LENGTH} characters`);
   }
   return new TextEncoder().encode(secret);
 }
+function validateWalletAddress(address) {
+  if (!address || typeof address !== "string") return false;
+  const base58Regex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+  return base58Regex.test(address);
+}
+function validateArticleId(articleId) {
+  if (!articleId || typeof articleId !== "string") return false;
+  if (articleId.length > 128) return false;
+  const safeIdRegex = /^[a-zA-Z0-9_-]+$/;
+  return safeIdRegex.test(articleId);
+}
 async function createSession(walletAddress, articleId, config, siteWide = false) {
+  if (!validateWalletAddress(walletAddress)) {
+    throw new Error("Invalid wallet address format");
+  }
+  if (!validateArticleId(articleId)) {
+    throw new Error("Invalid article ID format");
+  }
+  if (!config.durationHours || config.durationHours <= 0 || config.durationHours > 720) {
+    throw new Error("Session duration must be between 1 and 720 hours");
+  }
   const sessionId = uuid.v4();
   const now = Math.floor(Date.now() / 1e3);
   const expiresAt = now + config.durationHours * 3600;
@@ -198,7 +437,7 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
     id: sessionId,
     walletAddress,
     unlockedArticles: [articleId],
-    siteWideUnlock: siteWide,
+    siteWideUnlock: Boolean(siteWide),
     createdAt: now,
     expiresAt
   };
@@ -206,7 +445,7 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
     sub: walletAddress,
     sid: sessionId,
     articles: session.unlockedArticles,
-    siteWide,
+    siteWide: session.siteWideUnlock,
     iat: now,
     exp: expiresAt
   };
@@ -214,30 +453,39 @@ async function createSession(walletAddress, articleId, config, siteWide = false)
   return { token, session };
 }
 async function validateSession(token, secret) {
+  if (!token || typeof token !== "string") {
+    return { valid: false, reason: "Invalid token format" };
+  }
   try {
     const { payload } = await jose.jwtVerify(token, getSecretKey(secret));
     const sessionPayload = payload;
+    if (!sessionPayload.sub || !sessionPayload.sid || !sessionPayload.exp) {
+      return { valid: false, reason: "Malformed session payload" };
+    }
     const now = Math.floor(Date.now() / 1e3);
     if (sessionPayload.exp < now) {
       return { valid: false, reason: "Session expired" };
     }
+    if (!validateWalletAddress(sessionPayload.sub)) {
+      return { valid: false, reason: "Invalid session data" };
+    }
     const session = {
       id: sessionPayload.sid,
       walletAddress: sessionPayload.sub,
-      unlockedArticles: sessionPayload.articles,
-      siteWideUnlock: sessionPayload.siteWide,
-      createdAt: sessionPayload.iat,
+      unlockedArticles: Array.isArray(sessionPayload.articles) ? sessionPayload.articles : [],
+      siteWideUnlock: Boolean(sessionPayload.siteWide),
+      createdAt: sessionPayload.iat ?? 0,
       expiresAt: sessionPayload.exp
     };
     return { valid: true, session };
   } catch (error) {
-    return {
-      valid: false,
-      reason: error instanceof Error ? error.message : "Invalid session"
-    };
+    return { valid: false, reason: "Invalid session" };
   }
 }
 async function addArticleToSession(token, articleId, secret) {
+  if (!validateArticleId(articleId)) {
+    return null;
+  }
   const validation = await validateSession(token, secret);
   if (!validation.valid || !validation.session) {
     return null;
@@ -246,6 +494,9 @@ async function addArticleToSession(token, articleId, secret) {
   if (session.unlockedArticles.includes(articleId)) {
     return { token, session };
   }
+  if (session.unlockedArticles.length >= MAX_ARTICLES_PER_SESSION) {
+    return null;
+  }
   const updatedArticles = [...session.unlockedArticles, articleId];
   const payload = {
     sub: session.walletAddress,
@@ -262,6 +513,9 @@ async function addArticleToSession(token, articleId, secret) {
   };
 }
 async function isArticleUnlocked(token, articleId, secret) {
+  if (!validateArticleId(articleId)) {
+    return false;
+  }
   const validation = await validateSession(token, secret);
   if (!validation.valid || !validation.session) {
     return false;
@@ -273,20 +527,52 @@ async function isArticleUnlocked(token, articleId, secret) {
 }
 
 // src/x402/config.ts
+var WALLET_REGEX3 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function sanitizeDisplayString(str, maxLength = 200) {
+  if (!str || typeof str !== "string") return "";
+  return str.slice(0, maxLength).replace(/[<>"'&]/g, "");
+}
+function isValidUrl(url) {
+  try {
+    const parsed = new URL(url);
+    return parsed.protocol === "http:" || parsed.protocol === "https:";
+  } catch {
+    return false;
+  }
+}
 function buildPaymentRequirement(params) {
+  if (!WALLET_REGEX3.test(params.creatorWallet)) {
+    throw new Error("Invalid creator wallet address");
+  }
+  if (params.priceInLamports <= 0n) {
+    throw new Error("Price must be positive");
+  }
+  if (!isValidUrl(params.resourceUrl)) {
+    throw new Error("Invalid resource URL");
+  }
+  if (params.network !== "devnet" && params.network !== "mainnet-beta") {
+    throw new Error("Invalid network");
+  }
+  const timeout = params.maxTimeoutSeconds ?? 300;
+  if (timeout < 60 || timeout > 3600) {
+    throw new Error("Timeout must be between 60 and 3600 seconds");
+  }
   const x402Network = toX402Network(params.network);
+  const safeTitle = sanitizeDisplayString(params.articleTitle, 200);
+  const safeArticleId = sanitizeDisplayString(params.articleId, 128);
   return {
     scheme: "exact",
     network: x402Network,
     maxAmountRequired: params.priceInLamports.toString(),
     resource: params.resourceUrl,
-    description: `Unlock: ${params.articleTitle}`,
+    description: `Unlock: ${safeTitle}`,
     mimeType: "text/html",
     payTo: params.creatorWallet,
-    maxTimeoutSeconds: params.maxTimeoutSeconds ?? 300,
+    maxTimeoutSeconds: timeout,
     asset: "native",
     extra: {
-      name: params.articleTitle
+      name: safeTitle,
+      articleId: safeArticleId
     }
   };
 }
@@ -294,7 +580,18 @@ function encodePaymentRequired(requirement) {
   return Buffer.from(JSON.stringify(requirement)).toString("base64");
 }
 function decodePaymentRequired(encoded) {
-  return JSON.parse(Buffer.from(encoded, "base64").toString("utf-8"));
+  if (!encoded || typeof encoded !== "string") {
+    throw new Error("Invalid encoded requirement");
+  }
+  if (encoded.length > 1e4) {
+    throw new Error("Encoded requirement too large");
+  }
+  try {
+    const decoded = Buffer.from(encoded, "base64").toString("utf-8");
+    return JSON.parse(decoded);
+  } catch {
+    throw new Error("Failed to decode payment requirement");
+  }
 }
 var X402_HEADERS = {
   PAYMENT_REQUIRED: "X-Payment-Required",
@@ -302,12 +599,13 @@ var X402_HEADERS = {
   PAYMENT_RESPONSE: "X-Payment-Response"
 };
 function create402ResponseBody(requirement) {
+  const assetStr = typeof requirement.asset === "string" ? requirement.asset : requirement.asset.mint;
   return {
     error: "Payment Required",
     message: requirement.description,
     price: {
       amount: requirement.maxAmountRequired,
-      asset: requirement.asset,
+      asset: assetStr,
       network: requirement.network
     }
   };
@@ -322,23 +620,47 @@ function create402Headers(requirement) {
 }
 
 // src/x402/verification.ts
+var SIGNATURE_REGEX3 = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
 async function verifyX402Payment(payload, requirement, clientConfig) {
-  if (!payload.payload?.signature) {
-    return {
-      valid: false,
-      invalidReason: "Missing transaction signature"
-    };
+  if (!payload || typeof payload !== "object") {
+    return { valid: false, invalidReason: "Invalid payload" };
+  }
+  const signature = payload.payload?.signature;
+  if (!signature || typeof signature !== "string") {
+    return { valid: false, invalidReason: "Missing transaction signature" };
+  }
+  if (!SIGNATURE_REGEX3.test(signature)) {
+    return { valid: false, invalidReason: "Invalid signature format" };
+  }
+  if (payload.x402Version !== 1) {
+    return { valid: false, invalidReason: "Unsupported x402 version" };
+  }
+  if (payload.scheme !== "exact") {
+    return { valid: false, invalidReason: "Unsupported payment scheme" };
   }
   if (payload.network !== requirement.network) {
     return {
       valid: false,
-      invalidReason: `Network mismatch: expected ${requirement.network}, got ${payload.network}`
+      invalidReason: `Network mismatch: expected ${requirement.network}`
     };
   }
+  const walletRegex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+  if (!walletRegex.test(requirement.payTo)) {
+    return { valid: false, invalidReason: "Invalid recipient configuration" };
+  }
+  let expectedAmount;
+  try {
+    expectedAmount = BigInt(requirement.maxAmountRequired);
+    if (expectedAmount <= 0n) {
+      return { valid: false, invalidReason: "Invalid payment amount" };
+    }
+  } catch {
+    return { valid: false, invalidReason: "Invalid payment amount format" };
+  }
   const verification = await verifyPayment({
-    signature: payload.payload.signature,
+    signature,
     expectedRecipient: requirement.payTo,
-    expectedAmount: BigInt(requirement.maxAmountRequired),
+    expectedAmount,
     maxAgeSeconds: requirement.maxTimeoutSeconds,
     clientConfig
   });
@@ -359,9 +681,19 @@ async function verifyX402Payment(payload, requirement, clientConfig) {
   };
 }
 function parsePaymentHeader(header) {
+  if (!header || typeof header !== "string") {
+    return null;
+  }
+  if (header.length > 1e4) {
+    return null;
+  }
   try {
     const decoded = Buffer.from(header, "base64").toString("utf-8");
-    return JSON.parse(decoded);
+    const parsed = JSON.parse(decoded);
+    if (!parsed || typeof parsed !== "object") {
+      return null;
+    }
+    return parsed;
   } catch {
     return null;
   }
@@ -370,27 +702,457 @@ function encodePaymentResponse(response) {
   return Buffer.from(JSON.stringify(response)).toString("base64");
 }
 
+// src/store/memory.ts
+function createMemoryStore(options = {}) {
+  const { cleanupInterval = 6e4 } = options;
+  const store = /* @__PURE__ */ new Map();
+  const cleanupTimer = setInterval(() => {
+    const now = Date.now();
+    for (const [key, record] of store.entries()) {
+      if (record.expiresAt < now) {
+        store.delete(key);
+      }
+    }
+  }, cleanupInterval);
+  return {
+    async hasBeenUsed(signature) {
+      const record = store.get(signature);
+      if (!record) return false;
+      if (record.expiresAt < Date.now()) {
+        store.delete(signature);
+        return false;
+      }
+      return true;
+    },
+    async markAsUsed(signature, resourceId, expiresAt) {
+      store.set(signature, {
+        resourceId,
+        usedAt: Date.now(),
+        expiresAt: expiresAt.getTime()
+      });
+    },
+    async getUsage(signature) {
+      const record = store.get(signature);
+      if (!record) return null;
+      if (record.expiresAt < Date.now()) {
+        store.delete(signature);
+        return null;
+      }
+      return {
+        signature,
+        resourceId: record.resourceId,
+        usedAt: new Date(record.usedAt),
+        expiresAt: new Date(record.expiresAt),
+        walletAddress: record.walletAddress
+      };
+    },
+    /** Stop cleanup timer (for graceful shutdown) */
+    close() {
+      clearInterval(cleanupTimer);
+      store.clear();
+    }
+  };
+}
+
+// src/store/redis.ts
+function createRedisStore(options) {
+  const { client, keyPrefix = "micropay:sig:" } = options;
+  const buildKey = (signature) => `${keyPrefix}${signature}`;
+  return {
+    async hasBeenUsed(signature) {
+      const exists = await client.exists(buildKey(signature));
+      return exists > 0;
+    },
+    async markAsUsed(signature, resourceId, expiresAt) {
+      const key = buildKey(signature);
+      const ttl = Math.max(1, Math.floor((expiresAt.getTime() - Date.now()) / 1e3));
+      const record = {
+        signature,
+        resourceId,
+        usedAt: /* @__PURE__ */ new Date(),
+        expiresAt
+      };
+      if (client.setex) {
+        await client.setex(key, ttl, JSON.stringify(record));
+      } else {
+        await client.set(key, JSON.stringify(record), { EX: ttl });
+      }
+    },
+    async getUsage(signature) {
+      const data = await client.get(buildKey(signature));
+      if (!data) return null;
+      try {
+        const record = JSON.parse(data);
+        return {
+          ...record,
+          usedAt: new Date(record.usedAt),
+          expiresAt: new Date(record.expiresAt)
+        };
+      } catch {
+        return null;
+      }
+    }
+  };
+}
+
+// src/middleware/nextjs.ts
+function matchesProtectedPath(path, patterns) {
+  for (const pattern of patterns) {
+    const regexPattern = pattern.replace(/\*\*/g, "{{DOUBLE_STAR}}").replace(/\*/g, "[^/]*").replace(/{{DOUBLE_STAR}}/g, ".*");
+    const regex = new RegExp(`^${regexPattern}$`);
+    if (regex.test(path)) {
+      return true;
+    }
+  }
+  return false;
+}
+async function checkPaywallAccess(path, sessionToken, config) {
+  if (!matchesProtectedPath(path, config.protectedPaths)) {
+    return { allowed: true };
+  }
+  if (!sessionToken) {
+    return {
+      allowed: false,
+      reason: "No session token",
+      requiresPayment: true
+    };
+  }
+  const validation = await validateSession(sessionToken, config.sessionSecret);
+  if (!validation.valid || !validation.session) {
+    return {
+      allowed: false,
+      reason: validation.reason || "Invalid session",
+      requiresPayment: true
+    };
+  }
+  return {
+    allowed: true,
+    session: validation.session
+  };
+}
+function createPaywallMiddleware(config) {
+  const { cookieName = "x402_session" } = config;
+  return async function middleware(request) {
+    const url = new URL(request.url);
+    const path = url.pathname;
+    const cookieHeader = request.headers.get("cookie") || "";
+    const cookies = Object.fromEntries(
+      cookieHeader.split(";").map((c) => {
+        const [key, ...vals] = c.trim().split("=");
+        return [key, vals.join("=")];
+      })
+    );
+    const sessionToken = cookies[cookieName];
+    const result = await checkPaywallAccess(path, sessionToken, config);
+    if (!result.allowed && result.requiresPayment) {
+      const body = config.custom402Response ? config.custom402Response(path) : {
+        error: "Payment Required",
+        message: "This resource requires payment to access",
+        path
+      };
+      return new Response(JSON.stringify(body), {
+        status: 402,
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+    }
+    return null;
+  };
+}
+function withPaywall(handler, options) {
+  const { sessionSecret, cookieName = "x402_session", articleId } = options;
+  return async function protectedHandler(request) {
+    const cookieHeader = request.headers.get("cookie") || "";
+    const cookies = Object.fromEntries(
+      cookieHeader.split(";").map((c) => {
+        const [key, ...vals] = c.trim().split("=");
+        return [key, vals.join("=")];
+      })
+    );
+    const sessionToken = cookies[cookieName];
+    if (!sessionToken) {
+      return new Response(
+        JSON.stringify({ error: "Payment Required", message: "No session token" }),
+        { status: 402, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    const validation = await validateSession(sessionToken, sessionSecret);
+    if (!validation.valid || !validation.session) {
+      return new Response(
+        JSON.stringify({ error: "Payment Required", message: validation.reason }),
+        { status: 402, headers: { "Content-Type": "application/json" } }
+      );
+    }
+    if (articleId) {
+      const { session } = validation;
+      const hasAccess = session.siteWideUnlock || session.unlockedArticles.includes(articleId);
+      if (!hasAccess) {
+        return new Response(
+          JSON.stringify({ error: "Payment Required", message: "Article not unlocked" }),
+          { status: 402, headers: { "Content-Type": "application/json" } }
+        );
+      }
+    }
+    return handler(request, validation.session);
+  };
+}
+
+// src/utils/retry.ts
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function calculateDelay(attempt, options) {
+  const { baseDelay, maxDelay, jitter } = options;
+  let delay = baseDelay * Math.pow(2, attempt);
+  delay = Math.min(delay, maxDelay);
+  if (jitter) {
+    const jitterAmount = delay * 0.25;
+    delay += Math.random() * jitterAmount * 2 - jitterAmount;
+  }
+  return Math.floor(delay);
+}
+async function withRetry(fn, options = {}) {
+  const {
+    maxAttempts = 3,
+    baseDelay = 500,
+    maxDelay = 1e4,
+    jitter = true,
+    retryOn = () => true
+  } = options;
+  let lastError;
+  for (let attempt = 0; attempt < maxAttempts; attempt++) {
+    try {
+      return await fn();
+    } catch (error) {
+      lastError = error;
+      if (!retryOn(error)) {
+        throw error;
+      }
+      if (attempt < maxAttempts - 1) {
+        const delay = calculateDelay(attempt, {
+          baseDelay,
+          maxDelay,
+          jitter
+        });
+        await sleep(delay);
+      }
+    }
+  }
+  throw lastError;
+}
+function isRetryableRPCError(error) {
+  if (error instanceof Error) {
+    const message = error.message.toLowerCase();
+    if (message.includes("429") || message.includes("rate limit")) {
+      return true;
+    }
+    if (message.includes("timeout") || message.includes("econnreset")) {
+      return true;
+    }
+    if (message.includes("503") || message.includes("502") || message.includes("500")) {
+      return true;
+    }
+    if (message.includes("blockhash not found") || message.includes("slot skipped")) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// src/client/payment.ts
+function buildSolanaPayUrl(params) {
+  const { recipient, amount, splToken, reference, label, message } = params;
+  const url = new URL(`solana:${recipient}`);
+  if (amount !== void 0) {
+    url.searchParams.set("amount", amount.toString());
+  }
+  if (splToken) {
+    url.searchParams.set("spl-token", splToken);
+  }
+  if (reference) {
+    url.searchParams.set("reference", reference);
+  }
+  if (label) {
+    url.searchParams.set("label", label);
+  }
+  if (message) {
+    url.searchParams.set("message", message);
+  }
+  return url.toString();
+}
+function createPaymentFlow(config) {
+  const { network, recipientWallet, amount, asset = "native", memo } = config;
+  let decimals = 9;
+  let mintAddress;
+  if (asset === "usdc") {
+    decimals = 6;
+    mintAddress = network === "mainnet-beta" ? TOKEN_MINTS.USDC_MAINNET : TOKEN_MINTS.USDC_DEVNET;
+  } else if (asset === "usdt") {
+    decimals = 6;
+    mintAddress = TOKEN_MINTS.USDT_MAINNET;
+  } else if (typeof asset === "object" && "mint" in asset) {
+    decimals = asset.decimals ?? 6;
+    mintAddress = asset.mint;
+  }
+  const naturalAmount = Number(amount) / Math.pow(10, decimals);
+  return {
+    /** Get the payment configuration */
+    getConfig: () => ({ ...config }),
+    /** Get amount in natural display units (e.g., 0.01 SOL) */
+    getDisplayAmount: () => naturalAmount,
+    /** Get amount formatted with symbol */
+    getFormattedAmount: () => {
+      const symbol = asset === "native" ? "SOL" : asset === "usdc" ? "USDC" : asset === "usdt" ? "USDT" : "tokens";
+      return `${naturalAmount.toFixed(decimals > 6 ? 4 : 2)} ${symbol}`;
+    },
+    /** Generate Solana Pay URL for QR codes */
+    getSolanaPayUrl: (options = {}) => {
+      return buildSolanaPayUrl({
+        recipient: recipientWallet,
+        amount: naturalAmount,
+        splToken: mintAddress,
+        label: options.label,
+        reference: options.reference,
+        message: memo
+      });
+    },
+    /** Get the token mint address (undefined for native SOL) */
+    getMintAddress: () => mintAddress,
+    /** Check if this is a native SOL payment */
+    isNativePayment: () => asset === "native",
+    /** Get network information */
+    getNetworkInfo: () => ({
+      network,
+      isMainnet: network === "mainnet-beta",
+      explorerUrl: network === "mainnet-beta" ? "https://explorer.solana.com" : "https://explorer.solana.com?cluster=devnet"
+    }),
+    /** Build explorer URL for a transaction */
+    getExplorerUrl: (signature) => {
+      const baseUrl = "https://explorer.solana.com/tx";
+      const cluster = network === "mainnet-beta" ? "" : "?cluster=devnet";
+      return `${baseUrl}/${signature}${cluster}`;
+    }
+  };
+}
+function createPaymentReference() {
+  if (typeof crypto !== "undefined" && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  return `${Date.now()}-${Math.random().toString(36).slice(2, 11)}`;
+}
+
+// src/pricing/index.ts
+var cachedPrice = null;
+var CACHE_TTL_MS = 6e4;
+async function getSolPrice() {
+  if (cachedPrice && Date.now() - cachedPrice.fetchedAt.getTime() < CACHE_TTL_MS) {
+    return cachedPrice;
+  }
+  try {
+    const response = await fetch(
+      "https://api.coingecko.com/api/v3/simple/price?ids=solana&vs_currencies=usd",
+      {
+        headers: { "Accept": "application/json" },
+        signal: AbortSignal.timeout(5e3)
+      }
+    );
+    if (!response.ok) {
+      throw new Error(`Price fetch failed: ${response.status}`);
+    }
+    const data = await response.json();
+    if (!data.solana?.usd) {
+      throw new Error("Invalid price response");
+    }
+    cachedPrice = {
+      solPrice: data.solana.usd,
+      fetchedAt: /* @__PURE__ */ new Date(),
+      source: "coingecko"
+    };
+    return cachedPrice;
+  } catch (error) {
+    if (cachedPrice) {
+      return cachedPrice;
+    }
+    return {
+      solPrice: 150,
+      // Fallback price
+      fetchedAt: /* @__PURE__ */ new Date(),
+      source: "fallback"
+    };
+  }
+}
+async function lamportsToUsd(lamports) {
+  const { solPrice } = await getSolPrice();
+  const sol = Number(lamports) / 1e9;
+  return sol * solPrice;
+}
+async function usdToLamports(usd) {
+  const { solPrice } = await getSolPrice();
+  const sol = usd / solPrice;
+  return BigInt(Math.floor(sol * 1e9));
+}
+async function formatPriceDisplay(lamports) {
+  const { solPrice } = await getSolPrice();
+  const sol = Number(lamports) / 1e9;
+  const usd = sol * solPrice;
+  return `${sol.toFixed(4)} SOL (~$${usd.toFixed(2)})`;
+}
+function formatPriceSync(lamports, solPrice) {
+  const sol = Number(lamports) / 1e9;
+  const usd = sol * solPrice;
+  return {
+    sol,
+    usd,
+    formatted: `${sol.toFixed(4)} SOL (~$${usd.toFixed(2)})`
+  };
+}
+function clearPriceCache() {
+  cachedPrice = null;
+}
+
+exports.TOKEN_MINTS = TOKEN_MINTS;
 exports.X402_HEADERS = X402_HEADERS;
 exports.addArticleToSession = addArticleToSession;
 exports.buildPaymentRequirement = buildPaymentRequirement;
+exports.buildSolanaPayUrl = buildSolanaPayUrl;
+exports.checkPaywallAccess = checkPaywallAccess;
+exports.clearPriceCache = clearPriceCache;
 exports.create402Headers = create402Headers;
 exports.create402ResponseBody = create402ResponseBody;
+exports.createMemoryStore = createMemoryStore;
+exports.createPaymentFlow = createPaymentFlow;
+exports.createPaymentReference = createPaymentReference;
+exports.createPaywallMiddleware = createPaywallMiddleware;
+exports.createRedisStore = createRedisStore;
 exports.createSession = createSession;
 exports.decodePaymentRequired = decodePaymentRequired;
 exports.encodePaymentRequired = encodePaymentRequired;
 exports.encodePaymentResponse = encodePaymentResponse;
+exports.formatPriceDisplay = formatPriceDisplay;
+exports.formatPriceSync = formatPriceSync;
 exports.getConnection = getConnection;
+exports.getSolPrice = getSolPrice;
+exports.getTokenDecimals = getTokenDecimals;
 exports.getWalletTransactions = getWalletTransactions;
 exports.isArticleUnlocked = isArticleUnlocked;
 exports.isMainnet = isMainnet;
+exports.isNativeAsset = isNativeAsset;
+exports.isRetryableRPCError = isRetryableRPCError;
 exports.lamportsToSol = lamportsToSol;
+exports.lamportsToUsd = lamportsToUsd;
 exports.parsePaymentHeader = parsePaymentHeader;
 exports.resetConnection = resetConnection;
+exports.resolveMintAddress = resolveMintAddress;
 exports.solToLamports = solToLamports;
 exports.toX402Network = toX402Network;
+exports.usdToLamports = usdToLamports;
 exports.validateSession = validateSession;
 exports.verifyPayment = verifyPayment;
+exports.verifySPLPayment = verifySPLPayment;
 exports.verifyX402Payment = verifyX402Payment;
 exports.waitForConfirmation = waitForConfirmation;
+exports.withPaywall = withPaywall;
+exports.withRetry = withRetry;
 //# sourceMappingURL=index.cjs.map
 //# sourceMappingURL=index.cjs.map