@armory-sh/middleware-express 0.3.11 → 0.4.2

package/package.json

@@ -1,20 +1,19 @@
 {
   "name": "@armory-sh/middleware-express",
-  "version": "0.3.11",
+  "version": "0.4.2",
   "license": "MIT",
   "author": "Sawyer Cutler <sawyer@dirtroad.dev>",
   "type": "module",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
+  "main": "./src/index.ts",
+  "types": "./src/index.ts",
   "exports": {
     ".": {
-      "types": "./dist/index.d.ts",
-      "bun": "./src/index.ts",
-      "default": "./dist/index.js"
+      "types": "./src/index.ts",
+      "default": "./src/index.ts"
     }
   },
   "files": [
-    "dist"
+    "src"
   ],
   "publishConfig": {
     "access": "public"
@@ -25,20 +24,19 @@
     "directory": "packages/middleware-express"
   },
   "peerDependencies": {
-    "express": "^4"
+    "express": "^5"
   },
   "dependencies": {
-    "@armory-sh/base": "0.2.12",
-    "@armory-sh/facilitator": "0.2.12"
+    "@armory-sh/base": "workspace:*"
   },
   "devDependencies": {
     "bun-types": "latest",
     "typescript": "5.9.3",
-    "express": "^4",
-    "@types/express": "^4"
+    "express": "^5",
+    "@types/express": "^5"
   },
   "scripts": {
-    "build": "tsup",
+    "build": "rm -rf dist && tsup",
     "test": "bun test"
   }
 }

package/src/index.ts

@@ -0,0 +1,89 @@
+import type { Request, Response, NextFunction } from "express";
+import type {
+  PaymentPayloadV2,
+  PaymentRequirements,
+} from "@armory-sh/base";
+import {
+  decodePaymentV2,
+  createPaymentRequiredHeaders,
+  createSettlementHeaders,
+  PAYMENT_SIGNATURE_HEADER,
+} from "@armory-sh/base";
+
+export interface PaymentMiddlewareConfig {
+  requirements: PaymentRequirements;
+  facilitatorUrl?: string;
+  skipVerification?: boolean;
+  network?: string;
+}
+
+export interface AugmentedRequest extends Request {
+  payment?: {
+    payload: PaymentPayloadV2;
+    payerAddress: string;
+    verified: boolean;
+  };
+}
+
+export const paymentMiddleware = (config: PaymentMiddlewareConfig) => {
+  const { requirements, facilitatorUrl, skipVerification = false, network = "base" } = config;
+
+  return async (req: AugmentedRequest, res: Response, next: NextFunction): Promise<void> => {
+    try {
+      const paymentHeader = req.headers[PAYMENT_SIGNATURE_HEADER.toLowerCase()] as string | undefined;
+
+      if (!paymentHeader) {
+        const requiredHeaders = createPaymentRequiredHeaders(requirements);
+        res.statusCode = 402;
+        for (const [key, value] of Object.entries(requiredHeaders)) {
+          res.setHeader(key, value);
+        }
+        res.json({
+          error: "Payment required",
+          accepts: [requirements],
+        });
+        return;
+      }
+
+      let paymentPayload: PaymentPayloadV2;
+      try {
+        paymentPayload = decodePaymentV2(paymentHeader);
+      } catch (error) {
+        res.statusCode = 400;
+        res.json({
+          error: "Invalid payment payload",
+          message: error instanceof Error ? error.message : "Unknown error",
+        });
+        return;
+      }
+
+      const payerAddress = paymentPayload.payload.authorization.from;
+
+      // TODO: Add verification with facilitator if not skipVerification
+      // if (!skipVerification && facilitatorUrl) {
+      //   const result = await verifyWithFacilitator(...);
+      //   if (!result.success) { ... }
+      // }
+
+      const settlement = {
+        success: true,
+        transaction: "",
+        network,
+      };
+
+      const settlementHeaders = createSettlementHeaders(settlement);
+      for (const [key, value] of Object.entries(settlementHeaders)) {
+        res.setHeader(key, value);
+      }
+
+      req.payment = { payload: paymentPayload, payerAddress, verified: !skipVerification };
+      next();
+    } catch (error) {
+      res.statusCode = 500;
+      res.json({
+        error: "Payment middleware error",
+        message: error instanceof Error ? error.message : "Unknown error",
+      });
+    }
+  };
+};

package/src/payment-utils.ts

@@ -0,0 +1,168 @@
+import type {
+  X402PaymentPayload,
+  X402PaymentRequirements,
+} from "@armory-sh/base";
+import { decodePayment, isPaymentPayload, isExactEvmPayload } from "@armory-sh/base";
+
+// Legacy V2 payload type for backward compatibility
+export interface LegacyPaymentPayloadV2 {
+  to: string;
+  from: string;
+  amount: string;
+  chainId: string;
+  assetId: string;
+  nonce: string;
+  expiry: number;
+  signature: string;
+}
+
+// Union type for V2 payload formats
+export type AnyPaymentPayload = X402PaymentPayload | LegacyPaymentPayloadV2;
+
+// Re-export types for use in index.ts
+export type { X402PaymentRequirements as PaymentRequirements } from "@armory-sh/base";
+
+export interface PaymentVerificationResult {
+  success: boolean;
+  payload?: AnyPaymentPayload;
+  payerAddress?: string;
+  error?: string;
+}
+
+// V2 hardcoded headers
+export const PAYMENT_HEADERS = {
+  PAYMENT: "PAYMENT-SIGNATURE",
+  REQUIRED: "PAYMENT-REQUIRED",
+  RESPONSE: "PAYMENT-RESPONSE",
+  payment: "PAYMENT-SIGNATURE",
+  required: "PAYMENT-REQUIRED",
+  response: "PAYMENT-RESPONSE",
+} as const;
+
+export const encodeRequirements = (requirements: X402PaymentRequirements): string =>
+  JSON.stringify(requirements);
+
+function isLegacyV2(payload: unknown): payload is LegacyPaymentPayloadV2 {
+  return (
+    typeof payload === "object" &&
+    payload !== null &&
+    "chainId" in payload &&
+    "assetId" in payload &&
+    "signature" in payload &&
+    typeof (payload as LegacyPaymentPayloadV2).signature === "string"
+  );
+}
+
+export const decodePayload = (
+  headerValue: string
+): { payload: AnyPaymentPayload } => {
+  let payload: unknown;
+
+  // Try JSON first (for test compatibility)
+  if (headerValue.startsWith("{")) {
+    try {
+      payload = JSON.parse(headerValue);
+    } catch {
+      throw new Error("Invalid payment payload: not valid JSON");
+    }
+  } else {
+    // Use core's decodePayment for proper Base64URL handling
+    try {
+      payload = decodePayment(headerValue);
+    } catch {
+      throw new Error("Invalid payment payload: not valid Base64");
+    }
+  }
+
+  // Check for x402 V2 format
+  if (isPaymentPayload(payload)) {
+    return { payload };
+  }
+
+  if (isLegacyV2(payload)) {
+    return { payload };
+  }
+
+  throw new Error("Unrecognized payment payload format");
+};
+
+export const extractPayerAddress = (payload: AnyPaymentPayload): string => {
+  // Check for x402 format with nested payload
+  if (isPaymentPayload(payload)) {
+    const p = payload.payload;
+    if (isExactEvmPayload(p) && p.authorization?.from) {
+      return p.authorization.from;
+    }
+  }
+
+  // Check for direct `from` field (legacy format)
+  if ("from" in payload && typeof payload.from === "string") {
+    return payload.from;
+  }
+
+  throw new Error("Unable to extract payer address from payload");
+};
+
+export const verifyWithFacilitator = async (
+  facilitatorUrl: string,
+  payload: AnyPaymentPayload,
+  requirements: X402PaymentRequirements
+): Promise<PaymentVerificationResult> => {
+  try {
+    const response = await fetch(`${facilitatorUrl}/verify`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ payload, requirements }),
+    });
+
+    if (!response.ok) {
+      const error = await response.json();
+      return { success: false, error: JSON.stringify(error) };
+    }
+
+    const result = await response.json() as { success: boolean; error?: string; payerAddress?: string };
+    if (!result.success) {
+      return { success: false, error: result.error ?? "Verification failed" };
+    }
+
+    return { success: true, payerAddress: result.payerAddress ?? "" };
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "Unknown facilitator error",
+    };
+  }
+};
+
+export const verifyLocally = async (
+  payload: AnyPaymentPayload,
+  requirements: X402PaymentRequirements
+): Promise<PaymentVerificationResult> => {
+  if (isLegacyV2(payload)) {
+    return {
+      success: false,
+      error: "Local verification not supported for legacy payload format. Use a facilitator.",
+    };
+  }
+
+  if (!isPaymentPayload(payload) || !isExactEvmPayload(payload.payload)) {
+    return {
+      success: false,
+      error: "Invalid payment payload format",
+    };
+  }
+
+  return {
+    success: true,
+    payerAddress: payload.payload.authorization.from,
+  };
+};
+
+export const verifyPaymentWithRetry = async (
+  payload: AnyPaymentPayload,
+  requirements: X402PaymentRequirements,
+  facilitatorUrl?: string
+): Promise<PaymentVerificationResult> =>
+  facilitatorUrl
+    ? verifyWithFacilitator(facilitatorUrl, payload, requirements)
+    : verifyLocally(payload, requirements);

package/src/types.ts

@@ -0,0 +1,44 @@
+import type { Address, CAIP2ChainId, CAIPAssetId } from "@armory-sh/base";
+
+export interface FacilitatorConfig {
+  url: string;
+  createHeaders?: () => Record<string, string>;
+}
+
+export type SettlementMode = "verify" | "settle" | "async";
+export type PayToAddress = Address | CAIP2ChainId | CAIPAssetId;
+
+export interface MiddlewareConfig {
+  payTo: PayToAddress;
+  network: string | number;
+  amount: string;
+  facilitator?: FacilitatorConfig;
+  settlementMode?: SettlementMode;
+}
+
+export interface HttpRequest {
+  headers: Record<string, string | string[] | undefined>;
+  body?: unknown;
+  method?: string;
+  url?: string;
+}
+
+export interface HttpResponse {
+  status: number;
+  headers: Record<string, string>;
+  body?: unknown;
+}
+
+export interface FacilitatorVerifyResult {
+  success: boolean;
+  payerAddress?: string;
+  balance?: string;
+  requiredAmount?: string;
+  error?: string;
+}
+
+export interface FacilitatorSettleResult {
+  success: boolean;
+  txHash?: string;
+  error?: string;
+}

package/dist/index.d.ts

@@ -1,43 +0,0 @@
-import { Request, Response, NextFunction } from 'express';
-import { X402PaymentPayload, X402PaymentRequirements } from '@armory-sh/base';
-import { VerifyPaymentOptions } from '@armory-sh/facilitator';
-
-interface LegacyPaymentPayloadV1 {
-    amount: string;
-    network: string;
-    contractAddress: string;
-    payTo: string;
-    from: string;
-    expiry: number;
-    signature: string;
-}
-interface LegacyPaymentPayloadV2 {
-    to: string;
-    from: string;
-    amount: string;
-    chainId: string;
-    assetId: string;
-    nonce: string;
-    expiry: number;
-    signature: string;
-}
-type AnyPaymentPayload = X402PaymentPayload | LegacyPaymentPayloadV1 | LegacyPaymentPayloadV2;
-type PaymentPayload = AnyPaymentPayload;
-
-interface PaymentMiddlewareConfig {
-    requirements: X402PaymentRequirements;
-    facilitatorUrl?: string;
-    verifyOptions?: VerifyPaymentOptions;
-    skipVerification?: boolean;
-}
-interface AugmentedRequest extends Request {
-    payment?: {
-        payload: PaymentPayload;
-        payerAddress: string;
-        version: 1 | 2;
-        verified: boolean;
-    };
-}
-declare const paymentMiddleware: (config: PaymentMiddlewareConfig) => (req: AugmentedRequest, res: Response, next: NextFunction) => Promise<void>;
-
-export { type AugmentedRequest, type PaymentMiddlewareConfig, paymentMiddleware };

package/dist/index.js

@@ -1,142 +0,0 @@
-// src/payment-utils.ts
-import { extractPaymentFromHeaders, X402_HEADERS } from "@armory-sh/base";
-import { verifyX402Payment as verifyPayment } from "@armory-sh/facilitator";
-var getHeadersForVersion = (version) => version === 1 ? { payment: "X-PAYMENT", required: "X-PAYMENT-REQUIRED", response: "X-PAYMENT-RESPONSE" } : { payment: "PAYMENT-SIGNATURE", required: "PAYMENT-REQUIRED", response: "PAYMENT-RESPONSE" };
-var getRequirementsVersion = (requirements) => "contractAddress" in requirements && "network" in requirements ? 1 : 2;
-var encodeRequirements = (requirements) => JSON.stringify(requirements);
-function isLegacyV1(payload) {
-  return typeof payload === "object" && payload !== null && "contractAddress" in payload && "network" in payload && "signature" in payload && typeof payload.signature === "string";
-}
-function isLegacyV2(payload) {
-  return typeof payload === "object" && payload !== null && "chainId" in payload && "assetId" in payload && "signature" in payload && typeof payload.signature === "string";
-}
-var decodePayload = (headerValue) => {
-  let parsed;
-  try {
-    if (headerValue.startsWith("{")) {
-      parsed = JSON.parse(headerValue);
-    } else {
-      parsed = JSON.parse(atob(headerValue));
-    }
-  } catch {
-    throw new Error("Invalid payment payload");
-  }
-  const headers = new Headers();
-  headers.set(X402_HEADERS.PAYMENT, headerValue);
-  const x402Payload = extractPaymentFromHeaders(headers);
-  if (x402Payload) {
-    return { payload: x402Payload, version: 2 };
-  }
-  if (isLegacyV1(parsed)) {
-    return { payload: parsed, version: 1 };
-  }
-  if (isLegacyV2(parsed)) {
-    return { payload: parsed, version: 2 };
-  }
-  throw new Error("Unrecognized payment payload format");
-};
-var verifyWithFacilitator = async (facilitatorUrl, payload, requirements, verifyOptions) => {
-  try {
-    const response = await fetch(`${facilitatorUrl}/verify`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ payload, requirements, options: verifyOptions })
-    });
-    if (!response.ok) {
-      const error = await response.json();
-      return { success: false, error: JSON.stringify(error) };
-    }
-    const result = await response.json();
-    if (!result.success) {
-      return { success: false, error: result.error ?? "Verification failed" };
-    }
-    return { success: true, payerAddress: result.payerAddress ?? "" };
-  } catch (error) {
-    return {
-      success: false,
-      error: error instanceof Error ? error.message : "Unknown facilitator error"
-    };
-  }
-};
-var verifyLocally = async (payload, requirements, verifyOptions) => {
-  if (isLegacyV1(payload) || isLegacyV2(payload)) {
-    return {
-      success: false,
-      error: "Local verification not supported for legacy payload formats. Use a facilitator."
-    };
-  }
-  const result = await verifyPayment(payload, requirements, verifyOptions);
-  if (!result.success) {
-    return {
-      success: false,
-      error: JSON.stringify({
-        error: "Payment verification failed",
-        reason: result.error.name,
-        message: result.error.message
-      })
-    };
-  }
-  return { success: true, payerAddress: result.payerAddress };
-};
-var verifyPaymentWithRetry = async (payload, requirements, facilitatorUrl, verifyOptions) => facilitatorUrl ? verifyWithFacilitator(facilitatorUrl, payload, requirements, verifyOptions) : verifyLocally(payload, requirements, verifyOptions);
-var extractPayerAddress = (payload) => {
-  if ("payload" in payload) {
-    const x402Payload = payload;
-    if ("authorization" in x402Payload.payload) {
-      return x402Payload.payload.authorization.from;
-    }
-  }
-  if ("from" in payload && typeof payload.from === "string") {
-    return payload.from;
-  }
-  throw new Error("Unable to extract payer address from payload");
-};
-
-// src/index.ts
-var sendError = (res, status, headers, body) => {
-  res.status(status);
-  Object.entries(headers).forEach(([k, v]) => res.setHeader(k, v));
-  res.json(body);
-};
-var paymentMiddleware = (config) => {
-  const { requirements, facilitatorUrl, verifyOptions, skipVerification = false } = config;
-  const version = getRequirementsVersion(requirements);
-  const headers = getHeadersForVersion(version);
-  return async (req, res, next) => {
-    try {
-      const paymentHeader = req.headers[headers.payment.toLowerCase()];
-      if (!paymentHeader) {
-        sendError(res, 402, { [headers.required]: encodeRequirements(requirements), "Content-Type": "application/json" }, { error: "Payment required", requirements });
-        return;
-      }
-      let payload;
-      let payloadVersion;
-      try {
-        ({ payload, version: payloadVersion } = decodePayload(paymentHeader));
-      } catch (error) {
-        sendError(res, 400, {}, { error: "Invalid payment payload", message: error instanceof Error ? error.message : "Unknown error" });
-        return;
-      }
-      if (payloadVersion !== version) {
-        sendError(res, 400, {}, { error: "Payment version mismatch", expected: version, received: payloadVersion });
-        return;
-      }
-      const payerAddress = skipVerification ? extractPayerAddress(payload) : await (async () => {
-        const result = await verifyPaymentWithRetry(payload, requirements, facilitatorUrl, verifyOptions);
-        if (!result.success) {
-          sendError(res, 402, { [headers.required]: encodeRequirements(requirements) }, { error: result.error });
-          throw new Error("Verification failed");
-        }
-        return result.payerAddress;
-      })();
-      req.payment = { payload, payerAddress, version, verified: !skipVerification };
-      res.setHeader(headers.response, JSON.stringify({ status: "verified", payerAddress, version }));
-      next();
-    } catch (error) {
-      sendError(res, 500, {}, { error: "Payment middleware error", message: error instanceof Error ? error.message : "Unknown error" });
-    }
-  };
-};
-export {
-  paymentMiddleware
-};