@alleyboss/micropay-solana-x402-paywall 2.2.0 → 2.3.1

package/dist/index.cjs

@@ -148,7 +148,8 @@ async function verifyPayment(params) {
     expectedRecipient,
     expectedAmount,
     maxAgeSeconds = 300,
-    clientConfig
+    clientConfig,
+    signatureStore
   } = params;
   if (!isValidSignature(signature)) {
     return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
@@ -159,6 +160,12 @@ async function verifyPayment(params) {
   if (expectedAmount <= 0n) {
     return { valid: false, confirmed: false, signature, error: "Invalid expected amount" };
   }
+  if (signatureStore) {
+    const isUsed = await signatureStore.hasBeenUsed(signature);
+    if (isUsed) {
+      return { valid: false, confirmed: true, signature, error: "Signature already used" };
+    }
+  }
   const effectiveMaxAge = Math.min(Math.max(maxAgeSeconds, 60), 3600);
   const connection = getConnection(clientConfig);
   try {
@@ -267,8 +274,6 @@ function solToLamports(sol) {
   }
   return BigInt(Math.floor(sol * web3_js.LAMPORTS_PER_SOL));
 }
-
-// src/solana/spl.ts
 var SIGNATURE_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{87,88}$/;
 var WALLET_REGEX2 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
 function resolveMintAddress(asset, network) {
@@ -362,8 +367,15 @@ async function verifySPLPayment(params) {
     expectedAmount,
     asset,
     clientConfig,
-    maxAgeSeconds = 300
+    maxAgeSeconds = 300,
+    signatureStore
   } = params;
+  if (signatureStore) {
+    const isUsed = await signatureStore.hasBeenUsed(signature);
+    if (isUsed) {
+      return { valid: false, confirmed: true, signature, error: "Signature already used" };
+    }
+  }
   if (!SIGNATURE_REGEX2.test(signature)) {
     return { valid: false, confirmed: false, signature, error: "Invalid signature format" };
   }
@@ -408,6 +420,27 @@ async function verifySPLPayment(params) {
         error: "No valid token transfer to recipient found"
       };
     }
+    if (transfer.to) {
+      try {
+        const destinationInfo = await connection.getParsedAccountInfo(new web3_js.PublicKey(transfer.to));
+        const owner = destinationInfo.value?.data?.parsed?.info?.owner;
+        if (owner && owner !== expectedRecipient) {
+          return {
+            valid: false,
+            confirmed: true,
+            signature,
+            error: "Recipient mismatch: Token account not owned by merchant"
+          };
+        }
+      } catch (e) {
+        return {
+          valid: false,
+          confirmed: true,
+          signature,
+          error: "Could not verify token account owner"
+        };
+      }
+    }
     if (transfer.mint !== mintAddress) {
       return {
         valid: false,
@@ -1286,14 +1319,14 @@ async function getSolPrice() {
     }
   }
   if (cachedPrice) {
-    return cachedPrice;
+    return {
+      ...cachedPrice,
+      source: `${cachedPrice.source} (stale)`
+    };
   }
-  return {
-    solPrice: 150,
-    // Reasonable fallback
-    fetchedAt: /* @__PURE__ */ new Date(),
-    source: "fallback"
-  };
+  throw new Error(
+    "Failed to fetch SOL price from all providers. Configure a custom provider or ensure network connectivity."
+  );
 }
 async function lamportsToUsd(lamports) {
   const { solPrice } = await getSolPrice();
@@ -1327,10 +1360,300 @@ function clearPriceCache() {
 function getProviders() {
   return PROVIDERS.map((p) => ({ name: p.name, url: p.url }));
 }
+var WALLET_REGEX4 = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+function isValidWalletAddress2(address) {
+  if (!address || typeof address !== "string") return false;
+  return WALLET_REGEX4.test(address);
+}
+async function executeAgentPayment(params) {
+  const {
+    connection,
+    agentKeypair,
+    recipientAddress,
+    amountLamports,
+    priorityFee,
+    confirmationTimeout = 6e4
+  } = params;
+  if (!isValidWalletAddress2(recipientAddress)) {
+    return {
+      success: false,
+      error: "Invalid recipient address format"
+    };
+  }
+  if (amountLamports <= 0n) {
+    return {
+      success: false,
+      error: "Amount must be greater than 0"
+    };
+  }
+  try {
+    const recipientPubkey = new web3_js.PublicKey(recipientAddress);
+    const transferInstruction = web3_js.SystemProgram.transfer({
+      fromPubkey: agentKeypair.publicKey,
+      toPubkey: recipientPubkey,
+      lamports: amountLamports
+    });
+    const { transaction, lastValidBlockHeight } = await buildVersionedTransaction({
+      connection,
+      payer: agentKeypair.publicKey,
+      instructions: [transferInstruction],
+      priorityFee
+    });
+    transaction.sign([agentKeypair]);
+    const signature = await connection.sendTransaction(transaction, {
+      maxRetries: 3,
+      skipPreflight: false
+    });
+    const confirmationPromise = connection.confirmTransaction(
+      {
+        signature,
+        lastValidBlockHeight,
+        blockhash: transaction.message.recentBlockhash
+      },
+      "confirmed"
+    );
+    const timeoutPromise = new Promise((_, reject) => {
+      setTimeout(() => reject(new Error("Confirmation timeout")), confirmationTimeout);
+    });
+    const confirmation = await Promise.race([confirmationPromise, timeoutPromise]);
+    if (confirmation.value.err) {
+      return {
+        success: false,
+        signature,
+        error: "Transaction failed on-chain"
+      };
+    }
+    const txDetails = await connection.getTransaction(signature, {
+      commitment: "confirmed",
+      maxSupportedTransactionVersion: 0
+    });
+    return {
+      success: true,
+      signature,
+      confirmedAt: txDetails?.blockTime ?? Math.floor(Date.now() / 1e3),
+      slot: txDetails?.slot ?? confirmation.context.slot,
+      amountLamports,
+      amountSol: Number(amountLamports) / web3_js.LAMPORTS_PER_SOL
+    };
+  } catch (error) {
+    const errorMessage = error instanceof Error ? error.message : "Unknown error";
+    return {
+      success: false,
+      error: errorMessage
+    };
+  }
+}
+async function getAgentBalance(connection, agentKeypair) {
+  const balance = await connection.getBalance(agentKeypair.publicKey);
+  return {
+    balance: BigInt(balance),
+    balanceSol: balance / web3_js.LAMPORTS_PER_SOL
+  };
+}
+async function hasAgentSufficientBalance(connection, agentKeypair, requiredLamports) {
+  const { balance } = await getAgentBalance(connection, agentKeypair);
+  const totalRequired = requiredLamports + 10000n;
+  return {
+    sufficient: balance >= totalRequired,
+    balance,
+    required: totalRequired
+  };
+}
+function keypairFromBase58(base58Secret) {
+  const bytes = Buffer.from(base58Secret, "base64");
+  if (bytes.length !== 64) {
+    const parts = base58Secret.split(",").map((n) => parseInt(n.trim(), 10));
+    if (parts.length === 64) {
+      return web3_js.Keypair.fromSecretKey(Uint8Array.from(parts));
+    }
+    throw new Error("Invalid secret key format. Expected base58 string or comma-separated bytes.");
+  }
+  return web3_js.Keypair.fromSecretKey(bytes);
+}
+function generateAgentKeypair() {
+  const keypair = web3_js.Keypair.generate();
+  const secretBytes = Array.from(keypair.secretKey);
+  return {
+    keypair,
+    secretBase58: secretBytes.join(","),
+    // Comma-separated for easy storage
+    publicKey: keypair.publicKey.toBase58()
+  };
+}
+var MAX_CREDITS = 1e3;
+var MIN_SECRET_LENGTH2 = 32;
+function getSecretKey2(secret) {
+  if (!secret || typeof secret !== "string") {
+    throw new Error("Session secret is required");
+  }
+  if (secret.length < MIN_SECRET_LENGTH2) {
+    throw new Error(`Session secret must be at least ${MIN_SECRET_LENGTH2} characters`);
+  }
+  return new TextEncoder().encode(secret);
+}
+function validateWalletAddress2(address) {
+  if (!address || typeof address !== "string") return false;
+  const base58Regex = /^[1-9A-HJ-NP-Za-km-z]{32,44}$/;
+  return base58Regex.test(address);
+}
+async function createCreditSession(walletAddress, purchaseId, config2) {
+  if (!validateWalletAddress2(walletAddress)) {
+    throw new Error("Invalid wallet address format");
+  }
+  if (config2.initialCredits <= 0 || config2.initialCredits > MAX_CREDITS) {
+    throw new Error(`Credits must be between 1 and ${MAX_CREDITS}`);
+  }
+  if (!config2.durationHours || config2.durationHours <= 0 || config2.durationHours > 8760) {
+    throw new Error("Session duration must be between 1 and 8760 hours (1 year)");
+  }
+  const sessionId = uuid.v4();
+  const now = Math.floor(Date.now() / 1e3);
+  const expiresAt = now + config2.durationHours * 3600;
+  const bundleExpiry = config2.bundleExpiryHours ? now + config2.bundleExpiryHours * 3600 : expiresAt;
+  const session = {
+    id: sessionId,
+    walletAddress,
+    unlockedArticles: [purchaseId],
+    siteWideUnlock: false,
+    createdAt: now,
+    expiresAt,
+    credits: config2.initialCredits,
+    bundleExpiry,
+    bundleType: config2.bundleType
+  };
+  const payload = {
+    sub: walletAddress,
+    sid: sessionId,
+    articles: session.unlockedArticles,
+    siteWide: false,
+    credits: config2.initialCredits,
+    bundleExpiry,
+    bundleType: config2.bundleType,
+    iat: now,
+    exp: expiresAt
+  };
+  const token = await new jose.SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(`${config2.durationHours}h`).sign(getSecretKey2(config2.secret));
+  return { token, session };
+}
+async function validateCreditSession(token, secret) {
+  if (!token || typeof token !== "string") {
+    return { valid: false, reason: "Invalid token format" };
+  }
+  try {
+    const { payload } = await jose.jwtVerify(token, getSecretKey2(secret));
+    const creditPayload = payload;
+    if (!creditPayload.sub || !creditPayload.sid || !creditPayload.exp) {
+      return { valid: false, reason: "Malformed session payload" };
+    }
+    const now = Math.floor(Date.now() / 1e3);
+    if (creditPayload.exp < now) {
+      return { valid: false, reason: "Session expired" };
+    }
+    if (creditPayload.bundleExpiry && creditPayload.bundleExpiry < now) {
+      return { valid: false, reason: "Bundle expired" };
+    }
+    if (!validateWalletAddress2(creditPayload.sub)) {
+      return { valid: false, reason: "Invalid session data" };
+    }
+    const session = {
+      id: creditPayload.sid,
+      walletAddress: creditPayload.sub,
+      unlockedArticles: Array.isArray(creditPayload.articles) ? creditPayload.articles : [],
+      siteWideUnlock: Boolean(creditPayload.siteWide),
+      createdAt: creditPayload.iat ?? 0,
+      expiresAt: creditPayload.exp,
+      credits: creditPayload.credits ?? 0,
+      bundleExpiry: creditPayload.bundleExpiry,
+      bundleType: creditPayload.bundleType
+    };
+    return { valid: true, session };
+  } catch {
+    return { valid: false, reason: "Invalid session" };
+  }
+}
+async function useCredit(token, secret, creditsToUse = 1) {
+  if (creditsToUse <= 0) {
+    return { success: false, remainingCredits: 0, error: "Invalid credit amount" };
+  }
+  const validation = await validateCreditSession(token, secret);
+  if (!validation.valid || !validation.session) {
+    return {
+      success: false,
+      remainingCredits: 0,
+      error: validation.reason || "Invalid session"
+    };
+  }
+  const session = validation.session;
+  if (session.credits < creditsToUse) {
+    return {
+      success: false,
+      remainingCredits: session.credits,
+      error: "Insufficient credits"
+    };
+  }
+  const newCredits = session.credits - creditsToUse;
+  const payload = {
+    sub: session.walletAddress,
+    sid: session.id,
+    articles: session.unlockedArticles,
+    siteWide: session.siteWideUnlock,
+    credits: newCredits,
+    bundleExpiry: session.bundleExpiry,
+    bundleType: session.bundleType,
+    iat: session.createdAt,
+    exp: session.expiresAt
+  };
+  const newToken = await new jose.SignJWT(payload).setProtectedHeader({ alg: "HS256" }).sign(getSecretKey2(secret));
+  return {
+    success: true,
+    remainingCredits: newCredits,
+    newToken
+  };
+}
+async function addCredits(token, secret, creditsToAdd) {
+  if (creditsToAdd <= 0 || creditsToAdd > MAX_CREDITS) {
+    return { success: false, error: "Invalid credit amount" };
+  }
+  const validation = await validateCreditSession(token, secret);
+  if (!validation.valid || !validation.session) {
+    return { success: false, error: validation.reason || "Invalid session" };
+  }
+  const session = validation.session;
+  const newCredits = Math.min(session.credits + creditsToAdd, MAX_CREDITS);
+  const payload = {
+    sub: session.walletAddress,
+    sid: session.id,
+    articles: session.unlockedArticles,
+    siteWide: session.siteWideUnlock,
+    credits: newCredits,
+    bundleExpiry: session.bundleExpiry,
+    bundleType: session.bundleType,
+    iat: session.createdAt,
+    exp: session.expiresAt
+  };
+  const newToken = await new jose.SignJWT(payload).setProtectedHeader({ alg: "HS256" }).sign(getSecretKey2(secret));
+  return {
+    success: true,
+    newToken,
+    totalCredits: newCredits
+  };
+}
+async function getRemainingCredits(token, secret) {
+  const validation = await validateCreditSession(token, secret);
+  if (!validation.valid || !validation.session) {
+    return { credits: 0, valid: false };
+  }
+  return {
+    credits: validation.session.credits,
+    valid: true,
+    bundleExpiry: validation.session.bundleExpiry
+  };
+}
 
 exports.TOKEN_MINTS = TOKEN_MINTS;
 exports.X402_HEADERS = X402_HEADERS;
 exports.addArticleToSession = addArticleToSession;
+exports.addCredits = addCredits;
 exports.buildPaymentRequirement = buildPaymentRequirement;
 exports.buildSolanaPayUrl = buildSolanaPayUrl;
 exports.buildVersionedTransaction = buildVersionedTransaction;
@@ -1341,6 +1664,7 @@ exports.configurePricing = configurePricing;
 exports.create402Headers = create402Headers;
 exports.create402Response = create402Response;
 exports.create402ResponseBody = create402ResponseBody;
+exports.createCreditSession = createCreditSession;
 exports.createMemoryStore = createMemoryStore;
 exports.createPaymentFlow = createPaymentFlow;
 exports.createPaymentReference = createPaymentReference;
@@ -1353,20 +1677,26 @@ exports.encodePaymentRequired = encodePaymentRequired;
 exports.encodePaymentRequirement = encodePaymentRequirement;
 exports.encodePaymentResponse = encodePaymentResponse;
 exports.estimatePriorityFee = estimatePriorityFee;
+exports.executeAgentPayment = executeAgentPayment;
 exports.fetchLookupTables = fetchLookupTables;
 exports.formatPriceDisplay = formatPriceDisplay;
 exports.formatPriceSync = formatPriceSync;
+exports.generateAgentKeypair = generateAgentKeypair;
+exports.getAgentBalance = getAgentBalance;
 exports.getConnection = getConnection;
 exports.getConnectionWithFallback = getConnectionWithFallback;
 exports.getProviders = getProviders;
+exports.getRemainingCredits = getRemainingCredits;
 exports.getSolPrice = getSolPrice;
 exports.getTokenDecimals = getTokenDecimals;
 exports.getWalletTransactions = getWalletTransactions;
+exports.hasAgentSufficientBalance = hasAgentSufficientBalance;
 exports.isArticleUnlocked = isArticleUnlocked;
 exports.isMainnet = isMainnet;
 exports.isNativeAsset = isNativeAsset;
 exports.isRetryableRPCError = isRetryableRPCError;
 exports.isVersionedTransaction = isVersionedTransaction;
+exports.keypairFromBase58 = keypairFromBase58;
 exports.lamportsToSol = lamportsToSol;
 exports.lamportsToUsd = lamportsToUsd;
 exports.parsePaymentHeader = parsePaymentHeader;
@@ -1375,6 +1705,8 @@ exports.resolveMintAddress = resolveMintAddress;
 exports.solToLamports = solToLamports;
 exports.toX402Network = toX402Network;
 exports.usdToLamports = usdToLamports;
+exports.useCredit = useCredit;
+exports.validateCreditSession = validateCreditSession;
 exports.validateSession = validateSession;
 exports.verifyPayment = verifyPayment;
 exports.verifySPLPayment = verifySPLPayment;