@alleyboss/micropay-solana-x402-paywall 2.2.0 → 2.3.0

package/dist/index.cjs

@@ -148,7 +148,8 @@ async function verifyPayment(params) {
     expectedRecipient,
     expectedAmount,
     maxAgeSeconds = 300,
-    clientConfig
+    clientConfig,
+    signatureStore
   } = params;
   if (!isValidSignature(signature)) {
     return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
@@ -159,6 +160,12 @@ async function verifyPayment(params) {
   if (expectedAmount <= 0n) {
     return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
   }
+  if (signatureStore) {
+    const isUsed = await signatureStore.hasBeenUsed(signature);
+    if (isUsed) {
+      return { valid: false, confirmed: true, signature, error: "Signature already used" };
+    }
+  }
   const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
   const connection = getConnection(clientConfig);
   try {
@@ -267,8 +274,6 @@ function solToLamports(sol) {
   }
   return BigInt(Math.floor(sol * web3_js.LAMPORTS_PER_SOL));
 }
-
-// src/solana/spl.ts
 var SIGNATURE_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
 var WALLET_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
 function resolveMintAddress(asset, network) {
@@ -362,8 +367,15 @@ async function verifySPLPayment(params) {
     expectedAmount,
     asset,
     clientConfig,
-    maxAgeSeconds = 300
+    maxAgeSeconds = 300,
+    signatureStore
   } = params;
+  if (signatureStore) {
+    const isUsed = await signatureStore.hasBeenUsed(signature);
+    if (isUsed) {
+      return { valid: false, confirmed: true, signature, error: "Signature already used" };
+    }
+  }
   if (!SIGNATURE_REGEX2.test(signature)) {
     return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
   }
@@ -408,6 +420,27 @@ async function verifySPLPayment(params) {
         error: "No valid token transfer to recipient found"
       };
     }
+    if (transfer.to) {
+      try {
+        const destinationInfo = await connection.getParsedAccountInfo(new web3_js.PublicKey(transfer.to));
+        const owner = destinationInfo.value?.data?.parsed?.info?.owner;
+        if (owner && owner !== expectedRecipient) {
+          return {
+            valid: false,
+            confirmed: true,
+            signature,
+            error: "Recipient mismatch: Token account not owned by merchant"
+          };
+        }
+      } catch (e) {
+        return {
+          valid: false,
+          confirmed: true,
+          signature,
+          error: "Could not verify token account owner"
+        };
+      }
+    }
     if (transfer.mint !== mintAddress) {
       return {
         valid: false,
@@ -1286,14 +1319,14 @@ async function getSolPrice() {
     }
   }
   if (cachedPrice) {
-    return cachedPrice;
+    return {
+      ...cachedPrice,
+      source: `${cachedPrice.source} (stale)`
+    };
   }
-  return {
-    solPrice: 150,
-    // Reasonable fallback
-    fetchedAt: /* @__PURE__ */ new Date(),
-    source: "fallback"
-  };
+  throw new Error(
+    "Failed to fetch SOL price from all providers. Configure a custom provider or ensure network connectivity."
+  );
 }
 async function lamportsToUsd(lamports) {
   const { solPrice } = await getSolPrice();