npm - @arcblock/payment-service - Versions diffs - 1.29.7 → 1.29.9 - Mend

@arcblock/payment-service 1.29.7 → 1.29.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (180) hide show

package/dist/index.js CHANGED Viewed

@@ -360,7 +360,6 @@ __export(env_exports, {
   creditConsumptionCronTime: () => creditConsumptionCronTime,
   creditLowBalanceThresholdPercentage: () => creditLowBalanceThresholdPercentage,
   creditQueueConcurrency: () => creditQueueConcurrency,
-  daysUntilCancel: () => daysUntilCancel,
   default: () => env_default,
   depositVaultCronTime: () => depositVaultCronTime,
   enableDevFakeAuth: () => enableDevFakeAuth,
@@ -411,6 +410,7 @@ __export(env_exports, {
   stripePaymentCronTime: () => stripePaymentCronTime,
   stripeSubscriptionCronTime: () => stripeSubscriptionCronTime,
   stripeWebhookSecret: () => stripeWebhookSecret,
+  stripeWebhookUrl: () => stripeWebhookUrl,
   subscriptionCronTime: () => subscriptionCronTime,
   systemMaxPendingAmount: () => systemMaxPendingAmount,
   tenantModeRaw: () => tenantModeRaw,
@@ -437,7 +437,7 @@ function hasConfig(key) {
   const v = readConfig(key);
   return v !== void 0 && v !== "";
 }
-var import_env, activeConfig, numConfig, paymentStatCronTime, subscriptionCronTime, notificationCronTime, expiredSessionCleanupCronTime, notificationCronConcurrency, stripeInvoiceCronTime, stripePaymentCronTime, stripeSubscriptionCronTime, revokeStakeCronTime, daysUntilCancel, meteringSubscriptionDetectionCronTime, overdueDetectionCronTime, overdueThreshold, depositVaultCronTime, creditConsumptionCronTime, vendorStatusCheckCronTime, vendorReturnScanCronTime, iapReconcileCronTime, eventRetryCronTime, quoteCleanupCronTime, vendorTimeoutMinutes, webhookAlertWindowMinutes, webhookAlertMinFailures, shortUrlApiKey, shortUrlDomain, sequelizeOptionsPoolMin, sequelizeOptionsPoolMax, sequelizeOptionsPoolIdle, updateDataConcurrency, stopAcceptingOrders, exchangeRateCacheTTLSeconds, systemMaxPendingAmount, allowChangeLockedPrice, blockletMode, isProduction, nodeEnv, isTestEnv, isDevelopmentEnv, enableDevFakeAuth, tenantModeRaw, blockletAppPid, blockletAppId, blockletAppName, blockletAppUrl, blockletAppHost, blockletAppDir, blockletPort, blockletMountPoints, appStoreWriteEnabled, appStoreSkipSignatureVerify, googlePubsubSkipSignatureVerify, googlePubsubPushServiceAccount, googlePubsubAllowUnverifiedSender, googlePlayWebhookUrl, stripeWebhookSecret, iapReconcileBatchSize, paymentBillingThreshold, paymentMinStakeAmount, paymentDaysUntilDue, paymentDaysUntilCancel, paymentReloadSubscriptionJobs, paymentRateVolatilityThreshold, paymentLivemode, creditLowBalanceThresholdPercentage, creditBatchSize, creditBatchWindowMs, creditQueueConcurrency, exchangeRateCacheTTLFromEnv, sqlLog, sqlBenchmark, cfEnv, isCfWorker, isBlockletServer, env_default;
+var import_env, activeConfig, numConfig, TRUTHY, FALSY, parseBool, readConfigAny, paymentStatCronTime, subscriptionCronTime, notificationCronTime, expiredSessionCleanupCronTime, notificationCronConcurrency, stripeInvoiceCronTime, stripePaymentCronTime, stripeSubscriptionCronTime, revokeStakeCronTime, meteringSubscriptionDetectionCronTime, overdueDetectionCronTime, overdueThreshold, depositVaultCronTime, creditConsumptionCronTime, vendorStatusCheckCronTime, vendorReturnScanCronTime, iapReconcileCronTime, eventRetryCronTime, quoteCleanupCronTime, vendorTimeoutMinutes, webhookAlertWindowMinutes, webhookAlertMinFailures, shortUrlApiKey, shortUrlDomain, sequelizeOptionsPoolMin, sequelizeOptionsPoolMax, sequelizeOptionsPoolIdle, updateDataConcurrency, stopAcceptingOrders, exchangeRateCacheTTLSeconds, systemMaxPendingAmount, allowChangeLockedPrice, blockletMode, isProduction, nodeEnv, isTestEnv, isDevelopmentEnv, enableDevFakeAuth, tenantModeRaw, blockletAppPid, blockletAppId, blockletAppName, blockletAppUrl, blockletAppHost, blockletAppDir, blockletPort, blockletMountPoints, appStoreWriteEnabled, appStoreSkipSignatureVerify, googlePubsubSkipSignatureVerify, googlePubsubPushServiceAccount, googlePubsubAllowUnverifiedSender, googlePlayWebhookUrl, stripeWebhookSecret, stripeWebhookUrl, iapReconcileBatchSize, paymentBillingThreshold, paymentMinStakeAmount, paymentDaysUntilDue, paymentDaysUntilCancel, paymentReloadSubscriptionJobs, paymentRateVolatilityThreshold, paymentLivemode, creditLowBalanceThresholdPercentage, creditBatchSize, creditBatchWindowMs, creditQueueConcurrency, exchangeRateCacheTTLFromEnv, sqlLog, sqlBenchmark, cfEnv, isCfWorker, isBlockletServer, env_default;
 var init_env = __esm({
   "../../blocklets/core/api/src/libs/env.ts"() {
     "use strict";
@@ -446,6 +446,22 @@ var init_env = __esm({
       const v = readConfig(key);
       return v ? +v : fallback;
     };
+    TRUTHY = /* @__PURE__ */ new Set(["1", "true", "yes", "on"]);
+    FALSY = /* @__PURE__ */ new Set(["0", "false", "no", "off"]);
+    parseBool = (value, fallback = false) => {
+      if (value === void 0 || value === "") return fallback;
+      const v = value.trim().toLowerCase();
+      if (TRUTHY.has(v)) return true;
+      if (FALSY.has(v)) return false;
+      return fallback;
+    };
+    readConfigAny = (...keys) => {
+      for (const key of keys) {
+        const v = readConfig(key);
+        if (v !== void 0 && v !== "") return v;
+      }
+      return void 0;
+    };
     paymentStatCronTime = () => "0 1 0 * * *";
     subscriptionCronTime = () => readConfig("SUBSCRIPTION_CRON_TIME") || "0 */30 * * * *";
     notificationCronTime = () => readConfig("NOTIFICATION_CRON_TIME") || "0 5 */6 * * *";
@@ -455,7 +471,6 @@ var init_env = __esm({
     stripePaymentCronTime = () => readConfig("STRIPE_PAYMENT_CRON_TIME") || "0 */20 * * * *";
     stripeSubscriptionCronTime = () => readConfig("STRIPE_SUBSCRIPTION_CRON_TIME") || "0 10 */8 * * *";
     revokeStakeCronTime = () => readConfig("REVOKE_STAKE_CRON_TIME") || "0 */5 * * * *";
-    daysUntilCancel = () => readConfig("DAYS_UNTIL_CANCEL");
     meteringSubscriptionDetectionCronTime = () => readConfig("METERING_SUBSCRIPTION_DETECTION_CRON_TIME") || "0 0 10 * * *";
     overdueDetectionCronTime = () => readConfig("OVERDUE_DETECTION_CRON_TIME") || "0 0 10 * * *";
     overdueThreshold = () => numConfig("OVERDUE_THRESHOLD", 5);
@@ -475,16 +490,19 @@ var init_env = __esm({
     sequelizeOptionsPoolMax = () => numConfig("SEQUELIZE_OPTIONS_POOL_MAX", 5);
     sequelizeOptionsPoolIdle = () => numConfig("SEQUELIZE_OPTIONS_POOL_IDLE", 10 * 1e3);
     updateDataConcurrency = () => numConfig("UPDATE_DATA_CONCURRENCY", 5);
-    stopAcceptingOrders = () => readConfig("PAYMENT_KIT_STOP_ACCEPTING_ORDERS") === "true" || readConfig("PAYMENT_KIT_STOP_ACCEPTING_ORDERS") === "1";
+    stopAcceptingOrders = () => parseBool(readConfigAny("PAYMENT_STOP_ACCEPTING_ORDERS", "PAYMENT_KIT_STOP_ACCEPTING_ORDERS"));
     exchangeRateCacheTTLSeconds = () => numConfig("EXCHANGE_RATE_CACHE_TTL_SECONDS", 10 * 60);
-    systemMaxPendingAmount = () => numConfig("PAYMENT_KIT_MAX_PENDING_AMOUNT", 5);
-    allowChangeLockedPrice = () => readConfig("PAYMENT_CHANGE_LOCKED_PRICE") === "1";
+    systemMaxPendingAmount = () => {
+      const v = readConfigAny("PAYMENT_MAX_PENDING_AMOUNT", "PAYMENT_KIT_MAX_PENDING_AMOUNT");
+      return v ? +v : 5;
+    };
+    allowChangeLockedPrice = () => parseBool(readConfig("PAYMENT_CHANGE_LOCKED_PRICE"));
     blockletMode = () => readConfig("BLOCKLET_MODE");
     isProduction = () => blockletMode() === "production";
     nodeEnv = () => readConfig("NODE_ENV");
     isTestEnv = () => nodeEnv() === "test";
     isDevelopmentEnv = () => nodeEnv() === "development";
-    enableDevFakeAuth = () => readConfig("ENABLE_DEV_FAKE_AUTH") === "1";
+    enableDevFakeAuth = () => parseBool(readConfig("ENABLE_DEV_FAKE_AUTH"));
     tenantModeRaw = () => readConfig("PAYMENT_TENANT_MODE");
     blockletAppPid = () => readConfig("BLOCKLET_APP_PID");
     blockletAppId = () => readConfig("BLOCKLET_APP_ID");
@@ -494,31 +512,32 @@ var init_env = __esm({
     blockletAppDir = () => readConfig("BLOCKLET_APP_DIR");
     blockletPort = () => readConfig("BLOCKLET_PORT");
     blockletMountPoints = () => readConfig("BLOCKLET_MOUNT_POINTS");
-    appStoreWriteEnabled = () => readConfig("APP_STORE_WRITE_ENABLED") === "true";
-    appStoreSkipSignatureVerify = () => readConfig("APP_STORE_SKIP_SIGNATURE_VERIFY") === "true";
-    googlePubsubSkipSignatureVerify = () => readConfig("GOOGLE_PUBSUB_SKIP_SIGNATURE_VERIFY") === "true";
+    appStoreWriteEnabled = () => parseBool(readConfig("APP_STORE_WRITE_ENABLED"));
+    appStoreSkipSignatureVerify = () => parseBool(readConfig("APP_STORE_SKIP_SIGNATURE_VERIFY"));
+    googlePubsubSkipSignatureVerify = () => parseBool(readConfig("GOOGLE_PUBSUB_SKIP_SIGNATURE_VERIFY"));
     googlePubsubPushServiceAccount = () => readConfig("GOOGLE_PUBSUB_PUSH_SERVICE_ACCOUNT");
-    googlePubsubAllowUnverifiedSender = () => readConfig("GOOGLE_PUBSUB_ALLOW_UNVERIFIED_SENDER") === "true";
+    googlePubsubAllowUnverifiedSender = () => parseBool(readConfig("GOOGLE_PUBSUB_ALLOW_UNVERIFIED_SENDER"));
     googlePlayWebhookUrl = () => readConfig("GOOGLE_PLAY_WEBHOOK_URL");
     stripeWebhookSecret = () => readConfig("STRIPE_WEBHOOK_SECRET");
+    stripeWebhookUrl = () => readConfig("STRIPE_WEBHOOK_URL");
     iapReconcileBatchSize = () => Number(readConfig("IAP_RECONCILE_BATCH_SIZE") ?? "100");
     paymentBillingThreshold = () => +readConfig("PAYMENT_BILLING_THRESHOLD");
     paymentMinStakeAmount = () => +readConfig("PAYMENT_MIN_STAKE_AMOUNT");
     paymentDaysUntilDue = () => readConfig("PAYMENT_DAYS_UNTIL_DUE");
     paymentDaysUntilCancel = () => readConfig("PAYMENT_DAYS_UNTIL_CANCEL");
-    paymentReloadSubscriptionJobs = () => readConfig("PAYMENT_RELOAD_SUBSCRIPTION_JOBS") === "1";
+    paymentReloadSubscriptionJobs = () => parseBool(readConfig("PAYMENT_RELOAD_SUBSCRIPTION_JOBS"));
     paymentRateVolatilityThreshold = () => readConfig("PAYMENT_RATE_VOLATILITY_THRESHOLD");
-    paymentLivemode = () => readConfig("PAYMENT_LIVEMODE") !== "false";
+    paymentLivemode = () => parseBool(readConfig("PAYMENT_LIVEMODE"), true);
     creditLowBalanceThresholdPercentage = () => parseInt(readConfig("CREDIT_LOW_BALANCE_THRESHOLD_PERCENTAGE") || "10", 10);
     creditBatchSize = () => Math.max(1, parseInt(readConfig("CREDIT_BATCH_SIZE") || "50", 10));
     creditBatchWindowMs = () => Math.max(10, parseInt(readConfig("CREDIT_BATCH_WINDOW_MS") || "3000", 10));
     creditQueueConcurrency = () => Math.max(1, Math.min(20, parseInt(readConfig("CREDIT_QUEUE_CONCURRENCY") || "5", 10) || 5));
     exchangeRateCacheTTLFromEnv = () => hasConfig("EXCHANGE_RATE_CACHE_TTL_SECONDS");
-    sqlLog = () => readConfig("SQL_LOG") === "1";
-    sqlBenchmark = () => readConfig("SQL_BENCHMARK") === "1";
+    sqlLog = () => parseBool(readConfig("SQL_LOG"));
+    sqlBenchmark = () => parseBool(readConfig("SQL_BENCHMARK"));
     cfEnv = () => globalThis.__CF_ENV__;
     isCfWorker = () => !!cfEnv();
-    isBlockletServer = () => hasConfig("BLOCKLET_APP_ID");
+    isBlockletServer = () => hasConfig("BLOCKLET_DID");
     env_default = {
       ...import_env.env
     };
@@ -1115,6 +1134,10 @@ var init_context = __esm({
       peekInstanceDid() {
         return this.storage.getStore()?.instanceDid;
       }
+      /** Request-scoped externally reachable payment base URL, when supplied by an embedded host. */
+      peekPublicBaseUrl() {
+        return this.storage.getStore()?.publicBaseUrl;
+      }
       /**
        * Run fn as a system operation: TenantModel scoping is bypassed for the span
        * of fn so legitimate cross-tenant reads can load rows regardless of tenant.
@@ -1132,13 +1155,15 @@ var init_context = __esm({
       run(context2, fn3) {
         const requestId = context2.requestId || `req_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
         const instanceDid = context2.instanceDid ?? this.storage.getStore()?.instanceDid;
+        const publicBaseUrl = context2.publicBaseUrl ?? this.storage.getStore()?.publicBaseUrl;
         this.contexts.set(requestId, {
           ...context2,
           instanceDid,
+          publicBaseUrl,
           requestId
         });
         return new Promise((resolve, reject) => {
-          this.storage.run({ ...context2, instanceDid, requestId }, async () => {
+          this.storage.run({ ...context2, instanceDid, publicBaseUrl, requestId }, async () => {
             const resource = new import_async_hooks.AsyncResource("RequestContext");
             try {
               const result = await resource.runInAsyncScope(fn3);
@@ -1186,6 +1211,24 @@ var init_logger = __esm({
   }
 });
+// ../../blocklets/core/api/src/libs/secrets.ts
+function encryptSecret(value) {
+  return getSecretsDriver().encryptSync(getInstanceDid(), value);
+}
+function decryptSecret(value) {
+  return getSecretsDriver().decryptSync(getInstanceDid(), value);
+}
+function warmupSecrets(instanceDid) {
+  return getSecretsDriver().warmup(instanceDid ?? getInstanceDid());
+}
+var init_secrets2 = __esm({
+  "../../blocklets/core/api/src/libs/secrets.ts"() {
+    "use strict";
+    init_context();
+    init_secrets();
+  }
+});
 // ../../blocklets/core/api/src/libs/did-connect/tenant-identity.ts
 var tenant_identity_exports = {};
 __export(tenant_identity_exports, {
@@ -1257,7 +1300,14 @@ async function warmTenantIdentity(instanceDidArg) {
   try {
     await resolveTenantIdentity(instanceDidArg);
   } catch (err) {
-    logger_default.warn("[tenant-identity] warm failed \u2014 wallet access will fail-closed", {
+    logger_default.warn("[tenant-identity] wallet identity warm failed \u2014 wallet access will fail-closed", {
+      error: err instanceof Error ? err.message : String(err)
+    });
+  }
+  try {
+    await warmupSecrets(instanceDidArg);
+  } catch (err) {
+    logger_default.warn("[tenant-identity] secrets warm failed \u2014 settings/Stripe decrypt will fail-closed", {
       error: err instanceof Error ? err.message : String(err)
     });
   }
@@ -1282,6 +1332,7 @@ var init_tenant_identity = __esm({
     init_context();
     init_drivers();
     init_logger();
+    init_secrets2();
     walletType = {
       role: Mcrypto.types.RoleType.ROLE_APPLICATION,
       pk: Mcrypto.types.KeyType.ED25519,
@@ -1756,6 +1807,13 @@ var init_auth = __esm({
 });
 // ../../blocklets/core/api/src/libs/util.ts
+function getPublicAssetUrl(assetUrl) {
+  if (!assetUrl || !assetUrl.startsWith("/") || assetUrl.startsWith("//")) return assetUrl;
+  const basePath = readConfig("PAYMENT_PUBLIC_BASE_PATH");
+  if (!basePath) return (0, import_component.getUrl)(assetUrl);
+  if (assetUrl === basePath || assetUrl.startsWith(`${basePath}/`)) return assetUrl;
+  return (0, import_ufo.joinURL)(basePath, assetUrl);
+}
 function md5(input) {
   return import_crypto2.default.createHash("md5").update(input).digest("hex");
 }
@@ -2180,7 +2238,7 @@ function formatLinkWithLocale(url, locale) {
     return `${url}${separator}locale=${locale}`;
   }
 }
-var import_crypto2, import_stream, import_consumers, import_component, import_env4, import_did, import_cbor, import_nanoid, import_ufo, import_axios, import_util, import_get, import_trimEnd, OCAP_PAYMENT_TX_TYPE, MAX_SUBSCRIPTION_ITEM_COUNT, MAX_RETRY_COUNT, MIN_RETRY_MAIL, CHECKOUT_SESSION_TTL, STRIPE_API_VERSION, STRIPE_ENDPOINT, googlePlayEndpoint, GOOGLE_PLAY_ENDPOINT, APP_STORE_ENDPOINT, STRIPE_EVENTS, api, getNextRetry, getWebhookJobId, cachedBlockletJsonResult, CACHE_TTL, CURRENCY_SYMBOLS;
+var import_crypto2, import_stream, import_consumers, import_component, import_env4, import_did, import_cbor, import_nanoid, import_ufo, import_axios, import_util, import_get, import_trimEnd, OCAP_PAYMENT_TX_TYPE, MAX_SUBSCRIPTION_ITEM_COUNT, MAX_RETRY_COUNT, MIN_RETRY_MAIL, CHECKOUT_SESSION_TTL, STRIPE_API_VERSION, stripeEndpoint, googlePlayEndpoint, GOOGLE_PLAY_ENDPOINT, APP_STORE_ENDPOINT, STRIPE_EVENTS, api, getNextRetry, getWebhookJobId, cachedBlockletJsonResult, CACHE_TTL, CURRENCY_SYMBOLS;
 var init_util = __esm({
   "../../blocklets/core/api/src/libs/util.ts"() {
     "use strict";
@@ -2198,6 +2256,7 @@ var init_util = __esm({
     import_get = __toESM(require("lodash/get"));
     import_trimEnd = __toESM(require("lodash/trimEnd"));
     init_env();
+    init_context();
     init_dayjs();
     init_auth();
     init_logger();
@@ -2207,7 +2266,13 @@ var init_util = __esm({
     MIN_RETRY_MAIL = 13;
     CHECKOUT_SESSION_TTL = 6 * 60 * 60;
     STRIPE_API_VERSION = "2023-08-16";
-    STRIPE_ENDPOINT = (0, import_component.getUrl)("/api/integrations/stripe/webhook");
+    stripeEndpoint = () => {
+      const override = stripeWebhookUrl();
+      if (override) return override;
+      const publicBaseUrl = context.peekPublicBaseUrl();
+      if (publicBaseUrl) return (0, import_ufo.joinURL)(publicBaseUrl, "/api/integrations/stripe/webhook");
+      return (0, import_component.getUrl)("/api/integrations/stripe/webhook");
+    };
     googlePlayEndpoint = () => googlePlayWebhookUrl() || (0, import_component.getUrl)("/api/integrations/google-play/webhook");
     GOOGLE_PLAY_ENDPOINT = googlePlayEndpoint();
     APP_STORE_ENDPOINT = (0, import_component.getUrl)("/api/integrations/app-store/webhook");
@@ -2297,6 +2362,11 @@ var init_payment_currency = __esm({
     init_util();
     nextId = createIdGenerator("pc", 12);
     PaymentCurrency = class _PaymentCurrency extends TenantModel {
+      toJSON() {
+        const data = super.toJSON();
+        if (data.logo) data.logo = getPublicAssetUrl(data.logo);
+        return data;
+      }
       static {
         this.GENESIS_ATTRIBUTES = {
           id: {
@@ -9109,21 +9179,6 @@ var init_payment_link = __esm({
   }
 });
-// ../../blocklets/core/api/src/libs/secrets.ts
-function encryptSecret(value) {
-  return getSecretsDriver().encryptSync(getInstanceDid(), value);
-}
-function decryptSecret(value) {
-  return getSecretsDriver().decryptSync(getInstanceDid(), value);
-}
-var init_secrets2 = __esm({
-  "../../blocklets/core/api/src/libs/secrets.ts"() {
-    "use strict";
-    init_context();
-    init_secrets();
-  }
-});
 // ../../blocklets/core/api/src/integrations/app-store/apple-root-certs.ts
 var APPLE_INC_ROOT_B64, APPLE_ROOT_CA_G2_B64, APPLE_ROOT_CA_G3_B64, APPLE_ROOT_CERTS;
 var init_apple_root_certs = __esm({
@@ -9399,7 +9454,7 @@ function decodeUnsafe(jws) {
     throw new Error(`AppStore JWS payload not valid JSON: ${err.message}`);
   }
 }
-async function getAllSubscriptionStatuses(originalTransactionId, creds) {
+function getAllSubscriptionStatuses(originalTransactionId, creds) {
   return nativeGetAllSubscriptionStatuses(originalTransactionId, creds);
 }
 var init_signed_data_verifier = __esm({
@@ -9966,6 +10021,11 @@ var init_payment_method = __esm({
     googlePlayClients = /* @__PURE__ */ new Map();
     appStoreClients = /* @__PURE__ */ new Map();
     PaymentMethod = class _PaymentMethod extends TenantModel {
+      toJSON() {
+        const data = super.toJSON();
+        if (data.logo) data.logo = getPublicAssetUrl(data.logo);
+        return data;
+      }
       static {
         this.GENESIS_ATTRIBUTES = {
           id: {
@@ -10061,11 +10121,13 @@ var init_payment_method = __esm({
       }
       static encryptSettings(settings) {
         const tmp = (0, import_cloneDeep3.default)(settings);
-        if (tmp.stripe) {
+        if (tmp.stripe?.secret_key) {
           tmp.stripe.secret_key = encryptSecret(tmp.stripe.secret_key);
+        }
+        if (tmp.stripe?.webhook_signing_secret) {
           tmp.stripe.webhook_signing_secret = encryptSecret(tmp.stripe.webhook_signing_secret);
         }
-        if (tmp.google_play) {
+        if (tmp.google_play?.service_account_json) {
           tmp.google_play.service_account_json = encryptSecret(tmp.google_play.service_account_json);
         }
         if (tmp.app_store?.private_key_pem) {
@@ -10078,11 +10140,13 @@ var init_payment_method = __esm({
       }
       static decryptSettings(settings) {
         const tmp = (0, import_cloneDeep3.default)(settings);
-        if (tmp.stripe) {
+        if (tmp.stripe?.secret_key) {
           tmp.stripe.secret_key = decryptSecret(tmp.stripe.secret_key);
+        }
+        if (tmp.stripe?.webhook_signing_secret) {
           tmp.stripe.webhook_signing_secret = decryptSecret(tmp.stripe.webhook_signing_secret);
         }
-        if (tmp.google_play) {
+        if (tmp.google_play?.service_account_json) {
           tmp.google_play.service_account_json = decryptSecret(tmp.google_play.service_account_json);
         }
         if (tmp.app_store?.private_key_pem) {
@@ -10128,7 +10192,7 @@ var init_payment_method = __esm({
         const host = this.settings.arcblock?.api_host;
         const cached = ocapClients.has(host);
         if (!cached) {
-          const created = new import_client.default(host);
+          const created = new import_client.default(host, false);
           ocapClients.set(host, created);
           return created;
         }
@@ -15907,6 +15971,18 @@ function sessionMiddleware(options = {}) {
     } catch (err) {
       return c.json({ error: err.message }, 401);
     }
+    if (!result) {
+      const injectedDid = c.req.header("x-user-did");
+      if (injectedDid) {
+        result = {
+          did: injectedDid,
+          role: c.req.header("x-user-role"),
+          provider: c.req.header("x-user-provider"),
+          fullName: decodeURIComponent(c.req.header("x-user-fullname") || ""),
+          walletOS: c.req.header("x-user-wallet-os") || ""
+        };
+      }
+    }
     if (result) {
       c.set("user", result);
     }
@@ -22764,10 +22840,11 @@ __export(notification_exports, {
   ensureBlockletSdkTransportGuard: () => ensureBlockletSdkTransportGuard
 });
 function noopSdkTransport(mod, fns) {
-  const noop = async () => void 0;
+  const noop = () => Promise.resolve(void 0);
   for (const target of [mod, mod?.default]) {
-    if (!target) continue;
-    for (const fn3 of fns) target[fn3] = noop;
+    if (target) {
+      for (const fn3 of fns) target[fn3] = noop;
+    }
   }
 }
 function ensureBlockletSdkTransportGuard() {
@@ -33814,10 +33891,10 @@ async function handleSubscriptionOnPaymentFailure(subscription, eventType, clien
   const { interval } = subscription.pending_invoice_item_interval;
   const dueUnit = getDueUnit(interval);
   const cancelUpdates = {};
-  const daysUntilCancel2 = getDaysUntilCancel(subscription);
+  const daysUntilCancel = getDaysUntilCancel(subscription);
   const cancelSubscription = shouldCancelSubscription(subscription);
-  if (daysUntilCancel2 > 0) {
-    cancelUpdates.cancel_at = subscription.current_period_start + daysUntilCancel2 * dueUnit;
+  if (daysUntilCancel > 0) {
+    cancelUpdates.cancel_at = subscription.current_period_start + daysUntilCancel * dueUnit;
   } else {
     cancelUpdates.cancel_at_period_end = true;
   }
@@ -40756,10 +40833,10 @@ var init_payment2 = __esm({
         return updates.terminate;
       }
       const dueUnit = getDueUnit(interval);
-      const daysUntilCancel2 = getDaysUntilCancel(subscription);
+      const daysUntilCancel = getDaysUntilCancel(subscription);
       const cancelUpdates = {};
-      if (daysUntilCancel2 > 0) {
-        cancelUpdates.cancel_at = subscription.current_period_start + daysUntilCancel2 * dueUnit;
+      if (daysUntilCancel > 0) {
+        cancelUpdates.cancel_at = subscription.current_period_start + daysUntilCancel * dueUnit;
       } else {
         cancelUpdates.cancel_at_period_end = true;
       }
@@ -47438,7 +47515,7 @@ async function ensureWebhookRegistered() {
     const exist = data.find((webhook) => webhook.metadata?.appPid === import_env29.env.appPid);
     if (exist) {
       await stripe.webhookEndpoints.update(exist.id, {
-        url: STRIPE_ENDPOINT,
+        url: stripeEndpoint(),
         description: import_env29.env.appName,
         enabled_events: STRIPE_EVENTS,
         disabled: false
@@ -47446,7 +47523,7 @@ async function ensureWebhookRegistered() {
       logger_default.info("stripe webhook updated");
     } else {
       const result = await stripe.webhookEndpoints.create({
-        url: STRIPE_ENDPOINT,
+        url: stripeEndpoint(),
         description: import_env29.env.appName,
         enabled_events: STRIPE_EVENTS,
         api_version: STRIPE_API_VERSION,
@@ -47592,7 +47669,9 @@ var init_payment_methods = __esm({
           metadata: {}
         });
         await method.update({ default_currency_id: currency.id });
-        ensureWebhookRegistered().catch(console.error);
+        ensureWebhookRegistered().catch(
+          (err) => logger_default.error("ensureWebhookRegistered failed (payments may not reconcile in real-time)", err)
+        );
         return c.json({ ...method.toJSON(), payment_currencies: [currency.toJSON()] });
       }
       if (EVM_CHAIN_TYPES.includes(raw.type)) {
@@ -47955,7 +48034,9 @@ var init_payment_methods = __esm({
         }
         const updatedMethod = await method.update(updateData);
         if (method.type === "stripe") {
-          ensureWebhookRegistered().catch(console.error);
+          ensureWebhookRegistered().catch(
+            (err) => logger_default.error("ensureWebhookRegistered failed (payments may not reconcile in real-time)", err)
+          );
         }
         return c.json(updatedMethod);
       } catch (err) {
@@ -49152,7 +49233,7 @@ var init_subscriptions = __esm({
           description,
           metadata = {},
           days_until_due: daysUntilDue,
-          days_until_cancel: daysUntilCancel2,
+          days_until_cancel: daysUntilCancel,
           billing_cycle_anchor: billingCycleAnchor,
           collection_method: collectionMethod,
           proration_behavior: prorationBehavior,
@@ -49244,7 +49325,7 @@ var init_subscriptions = __esm({
           proration_behavior: prorationBehavior,
           payment_behavior: "default_incomplete",
           days_until_due: daysUntilDue,
-          days_until_cancel: daysUntilCancel2,
+          days_until_cancel: daysUntilCancel,
           metadata: formatMetadata(metadata),
           service_actions: serviceActions || []
         });
@@ -51706,10 +51787,10 @@ var init_subscriptions = __esm({
         updates.default_payment_method_id = arcblockMethod.id;
         if (body.recalculate_cancel_at !== false) {
           if (subscription.cancelation_details && !subscription.cancel_at) {
-            const daysUntilCancel2 = subscription.days_until_cancel || 0;
-            if (daysUntilCancel2 > 0) {
+            const daysUntilCancel = subscription.days_until_cancel || 0;
+            if (daysUntilCancel > 0) {
               const dueUnit = 24 * 60 * 60;
-              updates.cancel_at = subscription.current_period_start + daysUntilCancel2 * dueUnit;
+              updates.cancel_at = subscription.current_period_start + daysUntilCancel * dueUnit;
             } else {
               updates.cancel_at_period_end = true;
               updates.cancel_at = subscription.current_period_end;
@@ -60829,7 +60910,7 @@ var init_entitlements = __esm({
     init_logger();
     init_security();
     app26 = new import_hono26.Hono();
-    auth18 = authenticate({ component: true, roles: ["owner", "admin"], ensureLogin: true });
+    auth18 = authenticate({ component: true, ensureLogin: true });
     checkQuerySchema = import_joi25.default.object({
       customer_did: import_joi25.default.string().required(),
       product_id: import_joi25.default.string().required(),
@@ -67601,6 +67682,29 @@ var init_collect_batch = __esm({
   }
 });
+// ../../blocklets/core/api/src/libs/arcblock-transfer.ts
+async function encodeArcblockTransfer({
+  chainHost,
+  tx,
+  wallet: wallet2
+}) {
+  const context2 = await (0, import_encode.fetchContext)(chainHost);
+  return (0, import_encode.encodeTx)({
+    type: "TransferV3Tx",
+    tx,
+    wallet: wallet2,
+    chainId: context2.chainId,
+    feeConfig: context2.txFee
+  });
+}
+var import_encode;
+var init_arcblock_transfer = __esm({
+  "../../blocklets/core/api/src/libs/arcblock-transfer.ts"() {
+    "use strict";
+    import_encode = require("@ocap/client/encode");
+  }
+});
 // ../../blocklets/core/api/src/libs/chain-error.ts
 function parseChainError(err) {
   const msg = err?.message ?? String(err);
@@ -67645,6 +67749,7 @@ var init_pay = __esm({
     init_token();
     init_tx();
     init_auth();
+    init_arcblock_transfer();
     init_logger();
     init_chain_error();
     init_payment();
@@ -67752,20 +67857,30 @@ var init_pay = __esm({
         }
         if (paymentMethod.type === "arcblock") {
           try {
-            await paymentIntent.update({ status: "processing" });
             const client = paymentMethod.getOcapClient();
             const claim = claims.find((x) => x.type === "prepareTx");
-            await client.getContext();
             const tx = client.decodeTx(claim.finalTx);
             if (claim.delegator && claim.from) {
               tx.delegator = claim.delegator;
               tx.from = claim.from;
             }
-            const { buffer: buffer2 } = await client.encodeTransferV3Tx({ tx });
+            const chainHost = paymentMethod.settings.arcblock?.api_host;
+            if (!chainHost) {
+              throw new Error("ArcBlock payment method API host is missing");
+            }
+            const signingWallet = (0, import_wallet5.fromAddress)(userDid);
+            const { object: encodedTx, buffer: buffer2 } = await encodeArcblockTransfer({
+              chainHost,
+              tx,
+              wallet: signingWallet
+            });
+            const gasPayerExtra = await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request), client);
+            await paymentIntent.update({ status: "processing" });
             const txHash = await client.sendTransferV3Tx(
-              // @ts-ignore
-              { tx, wallet: (0, import_wallet5.fromAddress)(userDid) },
-              await getGasPayerExtra(buffer2, client.pickGasPayerHeaders(request), client)
+              // Passing the already-encoded signature skips the client's timer-backed
+              // encodeTransferV3Tx/getContext path in Cloudflare Workers.
+              { tx: encodedTx, wallet: signingWallet, signature: encodedTx.signature },
+              gasPayerExtra
             );
             const quoteValidation = await validateQuoteForPayment({
               checkoutSessionId: checkoutSession?.id,
@@ -71702,9 +71817,9 @@ async function handlePostConsumptionEvents(context2, params) {
       const cancelUpdates = {};
       const { interval } = context2.subscription.pending_invoice_item_interval;
       const dueUnit = getDueUnit(interval);
-      const daysUntilCancel2 = getDaysUntilCancel(context2.subscription);
-      if (daysUntilCancel2 > 0) {
-        cancelUpdates.cancel_at = context2.subscription.current_period_start + daysUntilCancel2 * dueUnit;
+      const daysUntilCancel = getDaysUntilCancel(context2.subscription);
+      if (daysUntilCancel > 0) {
+        cancelUpdates.cancel_at = context2.subscription.current_period_start + daysUntilCancel * dueUnit;
       } else {
         cancelUpdates.cancel_at_period_end = true;
       }
@@ -77287,6 +77402,7 @@ function csrfSecret() {
 }
 function csrf() {
   return async (c, next) => {
+    if (readConfig("PAYMENT_DISABLE_CSRF") === "true") return next();
     const method = c.req.method.toUpperCase();
     const loginToken = (0, import_cookie.getCookie)(c, "login_token");
     const existingCsrf = (0, import_cookie.getCookie)(c, "x-csrf-token");
@@ -77549,10 +77665,18 @@ function buildConnectRoutesHono() {
   const connectApp = new import_hono43.Hono();
   connectApp.use("*", async (c, next) => {
     const { context: requestCtx } = (init_context(), __toCommonJS(context_exports));
-    if (requestCtx.peekInstanceDid()) return next();
+    const { warmTenantIdentity: warmTenantIdentity2 } = (init_tenant_identity(), __toCommonJS(tenant_identity_exports));
+    const preResolved = requestCtx.peekInstanceDid();
+    if (preResolved) {
+      await warmTenantIdentity2(preResolved);
+      return next();
+    }
     const { resolveTenantForHost: resolveTenantForHost2 } = (init_identity(), __toCommonJS(identity_exports));
     const instanceDid = await resolveTenantForHost2(c.req.header("host"));
-    return requestCtx.withTenant(instanceDid, () => next());
+    return requestCtx.withTenant(instanceDid, async () => {
+      await warmTenantIdentity2(instanceDid);
+      return next();
+    });
   });
   for (const h of connectHandlerModules()) handlers2.attach(Object.assign({ app: connectApp }, h));
   return connectApp;
@@ -77644,8 +77768,20 @@ async function provisionTenant(instanceDid) {
   const { fromTokenToUnit: fromTokenToUnit31 } = require("@ocap/util");
   const { PaymentMethod: PaymentMethod3, PaymentCurrency: PaymentCurrency3 } = (init_models(), __toCommonJS(models_exports));
   const CHAINS = [
-    { chainId: "main", livemode: true, symbol: "ABT", label: "ArcBlock Main", contract: "z35nNRvYxBoHitx9yZ5ATS88psfShzPPBLxYD" },
-    { chainId: "beta", livemode: false, symbol: "TBA", label: "ArcBlock Beta", contract: "z35n6UoHSi9MED4uaQy6ozFgKPaZj2UKrurBG" }
+    {
+      chainId: "main",
+      livemode: true,
+      symbol: "ABT",
+      label: "ArcBlock Main",
+      contract: "z35nNRvYxBoHitx9yZ5ATS88psfShzPPBLxYD"
+    },
+    {
+      chainId: "beta",
+      livemode: false,
+      symbol: "TBA",
+      label: "ArcBlock Beta",
+      contract: "z35n6UoHSi9MED4uaQy6ozFgKPaZj2UKrurBG"
+    }
   ];
   await context.withTenant(instanceDid, async () => {
     const existing = await PaymentMethod3.findOne({ where: { type: "arcblock" } });
@@ -77921,9 +78057,52 @@ var init_service2 = __esm({
   }
 });
+// ../../blocklets/core/api/src/host-glue.ts
+var host_glue_exports = {};
+__export(host_glue_exports, {
+  PAYMENT_PREFIX: () => PAYMENT_PREFIX,
+  USER_HEADERS: () => USER_HEADERS,
+  createTenantProvisioner: () => createTenantProvisioner,
+  injectCaller: () => injectCaller
+});
+function injectCaller(headers, caller) {
+  for (const h of USER_HEADERS) headers.delete(h);
+  if (!caller) return;
+  const canonicalDid2 = caller.did?.startsWith("did:abt:") ? caller.did : `did:abt:${caller.did}`;
+  headers.set("x-user-did", canonicalDid2);
+  headers.set("x-user-role", caller.role || "guest");
+  headers.set("x-user-provider", caller.authMethod === "access-key" ? "access-key" : caller.authMethod || "wallet");
+  headers.set("x-user-fullname", encodeURIComponent(caller.displayName || ""));
+  headers.set("x-user-wallet-os", "");
+}
+function createTenantProvisioner(provision) {
+  const inflight = /* @__PURE__ */ new Map();
+  return (instanceDid) => {
+    if (!instanceDid) return Promise.resolve();
+    let p = inflight.get(instanceDid);
+    if (!p) {
+      p = provision(instanceDid).catch((err) => {
+        inflight.delete(instanceDid);
+        throw err;
+      });
+      inflight.set(instanceDid, p);
+    }
+    return p;
+  };
+}
+var PAYMENT_PREFIX, USER_HEADERS;
+var init_host_glue = __esm({
+  "../../blocklets/core/api/src/host-glue.ts"() {
+    "use strict";
+    PAYMENT_PREFIX = "/.well-known/payment";
+    USER_HEADERS = ["x-user-did", "x-user-role", "x-user-provider", "x-user-fullname", "x-user-wallet-os"];
+  }
+});
 // src/index.ts
 var src_exports = {};
 __export(src_exports, {
+  PAYMENT_PREFIX: () => PAYMENT_PREFIX2,
   applyPaymentCoreMigrations: () => applyPaymentCoreMigrations2,
   applySqlMigrations: () => applySqlMigrations2,
   createAuthStorage: () => createAuthStorage2,
@@ -77939,11 +78118,13 @@ __export(src_exports, {
   createNodeDbDriver: () => createNodeDbDriver2,
   createNodeDidConnectRuntime: () => createNodeDidConnectRuntime2,
   createNodeStaticHandler: () => createNodeStaticHandler2,
+  createTenantProvisioner: () => createTenantProvisioner2,
   getCronDriver: () => getCronDriver2,
   getIdentityDriver: () => getIdentityDriver2,
   getPaymentCoreSqlMigrations: () => getPaymentCoreSqlMigrations,
   getQueueHostHooks: () => getQueueHostHooks2,
   getSecretsDriver: () => getSecretsDriver2,
+  injectCaller: () => injectCaller2,
   matchesCron: () => matchesCron2,
   nodeQueueHostHooks: () => nodeQueueHostHooks2,
   scopedLockName: () => scopedLockName2,
@@ -78050,8 +78231,16 @@ function createEmbeddedPaymentService2(slots) {
   const core = (init_service2(), __toCommonJS(service_exports));
   return core.createEmbeddedPaymentService(slots);
 }
+var PAYMENT_PREFIX2 = "/.well-known/payment";
+function injectCaller2(headers, caller) {
+  return (init_host_glue(), __toCommonJS(host_glue_exports)).injectCaller(headers, caller);
+}
+function createTenantProvisioner2(provision) {
+  return (init_host_glue(), __toCommonJS(host_glue_exports)).createTenantProvisioner(provision);
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
+  PAYMENT_PREFIX,
   applyPaymentCoreMigrations,
   applySqlMigrations,
   createAuthStorage,
@@ -78067,11 +78256,13 @@ function createEmbeddedPaymentService2(slots) {
   createNodeDbDriver,
   createNodeDidConnectRuntime,
   createNodeStaticHandler,
+  createTenantProvisioner,
   getCronDriver,
   getIdentityDriver,
   getPaymentCoreSqlMigrations,
   getQueueHostHooks,
   getSecretsDriver,
+  injectCaller,
   matchesCron,
   nodeQueueHostHooks,
   scopedLockName,