@atxp/server 0.2.22 → 0.4.0

package/dist/index.cjs

@@ -0,0 +1,654 @@
+'use strict';
+
+var async_hooks = require('async_hooks');
+var contentType = require('content-type');
+var types_js = require('@modelcontextprotocol/sdk/types.js');
+var common = require('@atxp/common');
+
+function _interopNamespaceDefault(e) {
+    var n = Object.create(null);
+    if (e) {
+        Object.keys(e).forEach(function (k) {
+            if (k !== 'default') {
+                var d = Object.getOwnPropertyDescriptor(e, k);
+                Object.defineProperty(n, k, d.get ? d : {
+                    enumerable: true,
+                    get: function () { return e[k]; }
+                });
+            }
+        });
+    }
+    n.default = e;
+    return Object.freeze(n);
+}
+
+var contentType__namespace = /*#__PURE__*/_interopNamespaceDefault(contentType);
+
+exports.TokenProblem = void 0;
+(function (TokenProblem) {
+    TokenProblem["NO_TOKEN"] = "NO-TOKEN";
+    TokenProblem["NON_BEARER_AUTH_HEADER"] = "NON-BEARER-AUTH-HEADER";
+    TokenProblem["INVALID_TOKEN"] = "INVALID-TOKEN";
+    TokenProblem["INVALID_AUDIENCE"] = "INVALID-AUDIENCE";
+    TokenProblem["NON_SUFFICIENT_FUNDS"] = "NON-SUFFICIENT-FUNDS";
+    TokenProblem["INTROSPECT_ERROR"] = "INTROSPECT-ERROR";
+})(exports.TokenProblem || (exports.TokenProblem = {}));
+
+const contextStorage = new async_hooks.AsyncLocalStorage();
+function getATXPConfig() {
+    const context = contextStorage.getStore();
+    return context?.config ?? null;
+}
+function getATXPResource() {
+    const context = contextStorage.getStore();
+    return context?.resource ?? null;
+}
+// Helper function to get the current request's user
+function atxpAccountId() {
+    const context = contextStorage.getStore();
+    return context?.tokenData?.sub ?? null;
+}
+// Helper function to run code within a user context
+async function withATXPContext(config, resource, tokenInfo, next) {
+    config.logger.debug(`Setting user context to ${tokenInfo?.data?.sub ?? 'null'}`);
+    if (tokenInfo && tokenInfo.data?.sub) {
+        if (tokenInfo.token) {
+            const dbData = {
+                accessToken: tokenInfo.token,
+                resourceUrl: ''
+            };
+            // Save the token to the oAuthDB so that other users of the DB can access it
+            // if needed (ie, for token-exchange for downstream services)
+            await config.oAuthDb.saveAccessToken(tokenInfo.data.sub, '', dbData);
+        }
+        else {
+            config.logger.warn(`Setting user context with token data, but there was no token provided. This probably indicates a bug, since the data should be derived from the token`);
+            config.logger.debug(`Token data: ${JSON.stringify(tokenInfo.data)}`);
+        }
+    }
+    const ctx = {
+        tokenData: tokenInfo?.data || null,
+        config,
+        resource
+    };
+    return contextStorage.run(ctx, next);
+}
+
+/**
+ * Core platform-agnostic token checking logic
+ * Takes an authorization header string instead of platform-specific request objects
+ */
+async function checkTokenCore(config, resourceURL, authorizationHeader) {
+    const protocol = resourceURL.protocol;
+    const host = resourceURL.host;
+    const pathname = resourceURL.pathname;
+    const protectedResourceMetadataUrl = `${protocol}//${host}/.well-known/oauth-protected-resource${pathname}`;
+    const failure = {
+        passes: false,
+        resourceMetadataUrl: protectedResourceMetadataUrl,
+    };
+    // Extract the Bearer token from the Authorization header
+    if (!authorizationHeader) {
+        return { ...failure, problem: exports.TokenProblem.NO_TOKEN, data: null, token: null };
+    }
+    if (!authorizationHeader.startsWith('Bearer ')) {
+        return { ...failure, problem: exports.TokenProblem.NON_BEARER_AUTH_HEADER, data: null, token: null };
+    }
+    const token = authorizationHeader.substring(7);
+    try {
+        const introspectionResult = await config.oAuthClient.introspectToken(config.server, token);
+        if (!introspectionResult.active) {
+            return { ...failure, problem: exports.TokenProblem.INVALID_TOKEN, data: null, token };
+        }
+        return {
+            passes: true,
+            data: introspectionResult,
+            token,
+        };
+    }
+    catch (error) {
+        config.logger.error(`Error during token introspection: ${error}`);
+        return { ...failure, problem: exports.TokenProblem.INTROSPECT_ERROR, data: null, token };
+    }
+}
+
+/**
+ * Core platform-agnostic OAuth challenge response creation
+ * Returns the response data instead of writing to platform-specific response objects
+ */
+function createOAuthChallengeResponseCore(tokenCheck) {
+    if (tokenCheck.passes) {
+        return null;
+    }
+    let status = 401;
+    let body = {};
+    // https://datatracker.ietf.org/doc/html/rfc6750#section-3.1
+    switch (tokenCheck.problem) {
+        case exports.TokenProblem.NO_TOKEN:
+            break;
+        case exports.TokenProblem.NON_BEARER_AUTH_HEADER:
+            status = 400;
+            body = { error: 'invalid_request', error_description: 'Authorization header did not include a Bearer token' };
+            break;
+        case exports.TokenProblem.INVALID_TOKEN:
+            body = { error: 'invalid_token', error_description: 'Token is not active' };
+            break;
+        case exports.TokenProblem.INVALID_AUDIENCE:
+            body = { error: 'invalid_token', error_description: 'Token does not match the expected audience' };
+            break;
+        case exports.TokenProblem.NON_SUFFICIENT_FUNDS:
+            status = 403;
+            body = { error: 'insufficient_scope', error_description: 'Non sufficient funds' };
+            break;
+        case exports.TokenProblem.INTROSPECT_ERROR:
+            status = 502;
+            body = { error: 'server_error', error_description: 'An internal server error occurred' };
+            break;
+    }
+    const wwwAuthenticate = `Bearer resource_metadata="${tokenCheck.resourceMetadataUrl}"`;
+    return {
+        status,
+        headers: {
+            'Content-Type': 'application/json',
+            'WWW-Authenticate': wwwAuthenticate
+        },
+        body: JSON.stringify(body)
+    };
+}
+
+/**
+ * Core platform-agnostic MCP request parsing logic
+ * Takes parsed JSON and request metadata instead of platform-specific request objects
+ */
+function parseMcpRequestsCore(config, requestUrl, method, parsedBody) {
+    if (!method || method.toLowerCase() !== 'post') {
+        return [];
+    }
+    // The middleware has to be mounted at the root to serve the protected resource metadata,
+    // but the actual MCP server it's controlling is specified by the mountPath.
+    const path = requestUrl.pathname.replace(/\/$/, '');
+    const mountPath = config.mountPath.replace(/\/$/, '');
+    if (path !== mountPath && path !== `${mountPath}/message`) {
+        config.logger.debug(`Request path (${path}) does not match the mountPath (${mountPath}), skipping MCP middleware`);
+        return [];
+    }
+    if (!parsedBody || typeof parsedBody !== 'object') {
+        return [];
+    }
+    // Check if it's a JSON-RPC request
+    if (Array.isArray(parsedBody)) {
+        // Batch request
+        return parsedBody.filter(msg => msg && typeof msg === 'object' &&
+            msg.jsonrpc === '2.0' &&
+            msg.method &&
+            msg.id !== undefined);
+    }
+    else {
+        // Single request
+        const body = parsedBody;
+        if (body.jsonrpc === '2.0' && body.method && body.id !== undefined) {
+            return [body];
+        }
+    }
+    return [];
+}
+
+/**
+ * Node.js HTTP implementation of token checking
+ * Extracts data from Node.js IncomingMessage and delegates to core logic
+ */
+async function checkToken(config, resourceURL, req) {
+    // Extract the authorization header from Node.js request
+    const authorizationHeader = req.headers.authorization || null;
+    // Use the shared core logic
+    return checkTokenCore(config, resourceURL, authorizationHeader);
+}
+
+/**
+ * Node.js HTTP implementation of OAuth challenge sending
+ * Uses Node.js ServerResponse and delegates to core logic
+ */
+function sendOAuthChallenge(res, tokenCheck) {
+    // Use the shared core logic to get response data
+    const responseData = createOAuthChallengeResponseCore(tokenCheck);
+    if (!responseData) {
+        return false;
+    }
+    // Apply the response data to Node.js ServerResponse
+    Object.entries(responseData.headers).forEach(([key, value]) => {
+        res.setHeader(key, value);
+    });
+    res.writeHead(responseData.status);
+    res.end(responseData.body);
+    return true;
+}
+function sendProtectedResourceMetadata$1(res, metadata) {
+    if (!metadata) {
+        return false;
+    }
+    res.setHeader('Content-Type', 'application/json');
+    res.writeHead(200);
+    res.end(JSON.stringify(metadata));
+    return true;
+}
+function sendOAuthMetadata$1(res, metadata) {
+    if (!metadata) {
+        return false;
+    }
+    res.setHeader('Content-Type', 'application/json');
+    res.writeHead(200);
+    res.end(JSON.stringify(metadata));
+    return true;
+}
+
+// Helper function to parse size strings like "4mb" to bytes
+function parseSize(size) {
+    const match = size.match(/^(\d+(?:\.\d+)?)\s*([kmgt]?b?)$/i);
+    if (!match) {
+        throw new Error(`Invalid size format: ${size}`);
+    }
+    const value = parseFloat(match[1]);
+    const unit = (match[2] || 'b').toLowerCase();
+    const multipliers = {
+        'b': 1,
+        'kb': 1024,
+        'mb': 1024 * 1024,
+        'gb': 1024 * 1024 * 1024,
+        'tb': 1024 * 1024 * 1024 * 1024,
+    };
+    return Math.floor(value * (multipliers[unit] || 1));
+}
+async function getRawBody(req, encoding, maxSize) {
+    // Use native Node.js approach to read request body
+    const chunks = [];
+    let totalSize = 0;
+    const maxSizeBytes = parseSize(maxSize);
+    for await (const chunk of req) {
+        totalSize += chunk.length;
+        if (totalSize > maxSizeBytes) {
+            throw new Error(`Request body too large. Maximum size is ${maxSize}`);
+        }
+        chunks.push(chunk);
+    }
+    const body = Buffer.concat(chunks);
+    return body.toString(encoding);
+}
+
+// Useful reference for dealing with low-level http requests:
+// https://github.com/modelcontextprotocol/typescript-sdk/blob/c6ac083b1b37b222b5bfba5563822daa5d03372e/src/server/streamableHttp.ts#L375
+// Using the same value as MCP SDK
+const MAXIMUM_MESSAGE_SIZE = "4mb";
+/**
+ * Node.js HTTP implementation of MCP request parsing
+ * Handles Node.js IncomingMessage parsing and delegates to core logic
+ */
+async function parseMcpRequests(config, requestUrl, req, parsedBody) {
+    parsedBody = parsedBody ?? await parseBody(req, config.logger);
+    // Use the shared core logic for basic validation and filtering
+    const basicMessages = parseMcpRequestsCore(config, requestUrl, req.method || '', parsedBody);
+    // Only proceed with MCP processing if the basic validation passed
+    if (basicMessages.length === 0) {
+        return [];
+    }
+    // Apply additional MCP-specific processing (parseMcpMessages handles SSE and other formats)
+    const messages = await common.parseMcpMessages(parsedBody, config.logger);
+    const requests = messages.filter(msg => types_js.isJSONRPCRequest(msg));
+    if (requests.length !== messages.length) {
+        config.logger.debug(`Dropped ${messages.length - requests.length} MCP messages that were not MCP requests`);
+    }
+    return requests;
+}
+async function parseBody(req, logger) {
+    try {
+        const ct = req.headers["content-type"];
+        let encoding = "utf-8";
+        if (ct) {
+            const parsedCt = contentType__namespace.parse(ct);
+            encoding = parsedCt.parameters.charset ?? "utf-8";
+        }
+        const body = await getRawBody(req, encoding, MAXIMUM_MESSAGE_SIZE);
+        return JSON.parse(body);
+    }
+    catch (error) {
+        logger.error(error.message);
+        return undefined;
+    }
+}
+
+/**
+ * Web API implementation of token checking for Cloudflare Workers, Deno, etc.
+ * Extracts data from Web API Request and delegates to core logic
+ */
+async function checkTokenWebApi(config, resourceURL, request) {
+    // Extract authorization header from Web API request
+    const authorizationHeader = request.headers.get('authorization');
+    // Use the shared core logic
+    return checkTokenCore(config, resourceURL, authorizationHeader);
+}
+
+/**
+ * Web API implementation of OAuth challenge sending for Cloudflare Workers, Deno, etc.
+ * Uses Web API Response and delegates to core logic
+ */
+function sendOAuthChallengeWebApi(tokenCheck) {
+    // Use the shared core logic to get response data
+    const responseData = createOAuthChallengeResponseCore(tokenCheck);
+    if (!responseData) {
+        return null;
+    }
+    // Convert to Web API Response
+    return new Response(responseData.body, {
+        status: responseData.status,
+        headers: responseData.headers
+    });
+}
+function sendProtectedResourceMetadata(metadata) {
+    if (!metadata) {
+        return null;
+    }
+    return new Response(JSON.stringify(metadata), {
+        status: 200,
+        headers: {
+            'Content-Type': 'application/json'
+        }
+    });
+}
+function sendOAuthMetadata(metadata) {
+    if (!metadata) {
+        return null;
+    }
+    return new Response(JSON.stringify(metadata), {
+        status: 200,
+        headers: {
+            'Content-Type': 'application/json'
+        }
+    });
+}
+
+/**
+ * Web API implementation of MCP request parsing for Cloudflare Workers, Deno, etc.
+ * Handles Web API Request parsing and delegates to core logic
+ */
+async function parseMcpRequestsWebApi(config, request) {
+    const requestUrl = new URL(request.url);
+    try {
+        const text = await request.text();
+        if (!text) {
+            return [];
+        }
+        const parsedBody = JSON.parse(text);
+        // Use the shared core logic
+        return parseMcpRequestsCore(config, requestUrl, request.method, parsedBody);
+    }
+    catch (error) {
+        config.logger.debug(`Error parsing MCP request: ${error instanceof Error ? error.message : String(error)}`);
+        return [];
+    }
+}
+
+async function requirePayment(paymentConfig) {
+    const config = getATXPConfig();
+    if (!config) {
+        throw new Error('No config found');
+    }
+    const user = atxpAccountId();
+    if (!user) {
+        config.logger.error('No user found');
+        throw new Error('No user found');
+    }
+    const charge = {
+        amount: paymentConfig.price,
+        currency: config.currency,
+        network: config.network,
+        destination: config.destination,
+        source: user,
+        payeeName: config.payeeName,
+    };
+    config.logger.debug(`Charging amount ${charge.amount}, destination ${charge.destination}, source ${charge.source}`);
+    const chargeResponse = await config.paymentServer.charge(charge);
+    if (chargeResponse.success) {
+        config.logger.info(`Charged ${charge.amount} for source ${charge.source}`);
+        return;
+    }
+    const existingPaymentId = await paymentConfig.getExistingPaymentId?.();
+    if (existingPaymentId) {
+        config.logger.info(`Found existing payment ID ${existingPaymentId}`);
+        throw common.paymentRequiredError(config.server, existingPaymentId, charge.amount);
+    }
+    const paymentId = await config.paymentServer.createPaymentRequest(charge);
+    config.logger.info(`Created payment request ${paymentId}`);
+    throw common.paymentRequiredError(config.server, paymentId, charge.amount);
+}
+
+/**
+ * ATXP Payment Server implementation
+ *
+ * This class handles payment operations with the ATXP authorization server.
+ *
+ * @example
+ * ```typescript
+ * const paymentServer = new ATXPPaymentServer(
+ *   'https://auth.atxp.ai',
+ *   logger
+ * );
+ * ```
+ */
+class ATXPPaymentServer {
+    constructor(server, logger, fetchFn = fetch) {
+        this.server = server;
+        this.logger = logger;
+        this.fetchFn = fetchFn;
+        this.charge = async ({ source, destination, network, currency, amount }) => {
+            const body = { source, destination, network, currency, amount };
+            const chargeResponse = await this.makeRequest('POST', '/charge', body);
+            const json = await chargeResponse.json();
+            if (chargeResponse.status === 200) {
+                return { success: true, requiredPayment: null };
+            }
+            else if (chargeResponse.status === 402) {
+                return { success: false, requiredPayment: json };
+            }
+            else {
+                const msg = `Unexpected status code ${chargeResponse.status} from payment server POST /charge endpoint`;
+                this.logger.warn(msg);
+                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
+                throw new Error(msg);
+            }
+        };
+        this.createPaymentRequest = async (charge) => {
+            const response = await this.makeRequest('POST', '/payment-request', charge);
+            const json = await response.json();
+            if (response.status !== 200) {
+                this.logger.warn(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
+                this.logger.debug(`Response body: ${JSON.stringify(json)}`);
+                throw new Error(`POST /payment-request responded with unexpected HTTP status ${response.status}`);
+            }
+            if (!json.id) {
+                throw new Error(`POST /payment-request response did not contain an id`);
+            }
+            return json.id;
+        };
+        /**
+         * Makes authenticated requests to the ATXP authorization server
+         *
+         * @param method - HTTP method ('GET' or 'POST')
+         * @param path - API endpoint path
+         * @param body - Request body (for POST requests)
+         * @returns Promise<Response> - The HTTP response from the server
+         *
+         * @example
+         * ```typescript
+         * const response = await paymentServer.makeRequest('POST', '/charge', {
+         *   source: 'user123',
+         *   destination: 'merchant456',
+         *   amount: new BigNumber('0.01')
+         * });
+         * ```
+         */
+        this.makeRequest = async (method, path, body) => {
+            const url = new URL(path, this.server);
+            const response = await this.fetchFn(url, {
+                method,
+                headers: {
+                    'Content-Type': 'application/json'
+                },
+                body: JSON.stringify(body)
+            });
+            return response;
+        };
+    }
+}
+
+const DEFAULT_CONFIG = {
+    mountPath: '/',
+    currency: 'USDC',
+    network: 'base',
+    server: common.DEFAULT_AUTHORIZATION_SERVER,
+    payeeName: 'An ATXP Server',
+    allowHttp: false, // May be overridden in buildServerConfig by process.env.NODE_ENV
+    resource: null, // Set dynamically from the request URL
+};
+function buildServerConfig(args) {
+    if (!args.destination) {
+        throw new Error('destination is required');
+    }
+    // Read environment variables at runtime, not module load time
+    const envDefaults = {
+        ...DEFAULT_CONFIG,
+        atxpAuthClientToken: process.env.ATXP_AUTH_CLIENT_TOKEN,
+        allowHttp: process.env.NODE_ENV === 'development',
+    };
+    const withDefaults = { ...envDefaults, ...args };
+    const oAuthDb = withDefaults.oAuthDb ?? new common.MemoryOAuthDb();
+    const oAuthClient = withDefaults.oAuthClient ?? new common.OAuthResourceClient({
+        db: oAuthDb,
+        allowInsecureRequests: withDefaults.allowHttp,
+        clientName: withDefaults.payeeName,
+    });
+    const logger = withDefaults.logger ?? new common.ConsoleLogger();
+    const paymentServer = withDefaults.paymentServer ?? new ATXPPaymentServer(withDefaults.server, logger);
+    const built = { oAuthDb, oAuthClient, paymentServer, logger };
+    return Object.freeze({ ...withDefaults, ...built });
+}
+
+function getPath(url) {
+    const fullPath = url.pathname.replace(/^\/$/, '');
+    return fullPath;
+}
+function getProtocolFromHeaders(headers, requestProtocol) {
+    // Check for X-Forwarded-Proto header (common proxy header)
+    const forwardedProto = headers['x-forwarded-proto'] || headers['X-Forwarded-Proto'];
+    if (forwardedProto) {
+        const proto = Array.isArray(forwardedProto) ? forwardedProto[0] : forwardedProto;
+        return proto === 'https' ? 'https:' : 'http:';
+    }
+    // Check for X-Forwarded-Protocol header (alternative)
+    const forwardedProtocol = headers['x-forwarded-protocol'] || headers['X-Forwarded-Protocol'];
+    if (forwardedProtocol) {
+        const proto = Array.isArray(forwardedProtocol) ? forwardedProtocol[0] : forwardedProtocol;
+        return proto === 'https' ? 'https:' : 'http:';
+    }
+    // Fall back to request protocol
+    return requestProtocol;
+}
+function getResource(config, requestUrl, headers) {
+    if (config.resource) {
+        return new URL(config.resource);
+    }
+    const originalProtocol = headers ? getProtocolFromHeaders(headers, requestUrl.protocol) : requestUrl.protocol;
+    const protocol = config.allowHttp ? originalProtocol : 'https:';
+    const url = new URL(`${protocol}//${requestUrl.host}${requestUrl.pathname}`);
+    const fullPath = getPath(url);
+    // If this is a PRM path, convert it into the path for the resource this is the metadata for
+    const resourcePath = fullPath.replace('/.well-known/oauth-protected-resource', '').replace(/\/$/, '');
+    const resource = new URL(`${protocol}//${requestUrl.host}${resourcePath}`);
+    return resource;
+}
+
+async function getOAuthMetadata(config, requestUrl) {
+    if (isOAuthMetadataRequest(config, requestUrl)) {
+        try {
+            const authServer = await config.oAuthClient.authorizationServerFromUrl(new URL(config.server));
+            return {
+                issuer: config.server,
+                authorization_endpoint: authServer.authorization_endpoint,
+                response_types_supported: authServer.response_types_supported,
+                grant_types_supported: authServer.grant_types_supported,
+                token_endpoint: authServer.token_endpoint,
+                token_endpoint_auth_methods_supported: authServer.token_endpoint_auth_methods_supported,
+                registration_endpoint: authServer.registration_endpoint,
+                revocation_endpoint: authServer.revocation_endpoint,
+                introspection_endpoint: authServer.introspection_endpoint,
+                introspection_endpoint_auth_methods_supported: authServer.introspection_endpoint_auth_methods_supported,
+                code_challenge_methods_supported: authServer.code_challenge_methods_supported,
+                scopes_supported: authServer.scopes_supported
+            };
+        }
+        catch (error) {
+            config.logger.error(`Error fetching authorization server configuration from ${config.server}: ${error}`);
+            throw error;
+        }
+    }
+    return null;
+}
+function isOAuthMetadataRequest(config, requestUrl) {
+    const path = getPath(requestUrl).replace(/\/$/, '');
+    return path === '/.well-known/oauth-authorization-server';
+}
+
+function getProtectedResourceMetadata(config, requestUrl, headers) {
+    if (isProtectedResourceMetadataRequest(config, requestUrl, headers)) {
+        const resource = getResource(config, requestUrl, headers);
+        return {
+            resource,
+            resource_name: config.payeeName || resource.toString(),
+            authorization_servers: [config.server],
+            bearer_methods_supported: ['header'],
+            scopes_supported: ['read', 'write'],
+        };
+    }
+    return null;
+}
+function isProtectedResourceMetadataRequest(config, requestUrl, headers) {
+    const path = getPath(requestUrl);
+    if (!path.startsWith('/.well-known/oauth-protected-resource')) {
+        return false;
+    }
+    const resource = getResource(config, requestUrl, headers);
+    const resourcePath = getPath(resource);
+    const mountPath = config.mountPath.replace(/\/$/, '');
+    if (resourcePath === mountPath) {
+        return true;
+    }
+    if (resourcePath === `${mountPath}/message`) {
+        return true;
+    }
+    return false;
+}
+
+exports.ATXPPaymentServer = ATXPPaymentServer;
+exports.DEFAULT_CONFIG = DEFAULT_CONFIG;
+exports.atxpAccountId = atxpAccountId;
+exports.buildServerConfig = buildServerConfig;
+exports.checkTokenCore = checkTokenCore;
+exports.checkTokenNode = checkToken;
+exports.checkTokenWebApi = checkTokenWebApi;
+exports.createOAuthChallengeResponseCore = createOAuthChallengeResponseCore;
+exports.getATXPConfig = getATXPConfig;
+exports.getATXPResource = getATXPResource;
+exports.getOAuthMetadata = getOAuthMetadata;
+exports.getProtectedResourceMetadata = getProtectedResourceMetadata;
+exports.getResource = getResource;
+exports.parseBodyNode = parseBody;
+exports.parseMcpRequestsCore = parseMcpRequestsCore;
+exports.parseMcpRequestsNode = parseMcpRequests;
+exports.parseMcpRequestsWebApi = parseMcpRequestsWebApi;
+exports.requirePayment = requirePayment;
+exports.sendOAuthChallenge = sendOAuthChallenge;
+exports.sendOAuthChallengeWebApi = sendOAuthChallengeWebApi;
+exports.sendOAuthMetadataNode = sendOAuthMetadata$1;
+exports.sendOAuthMetadataWebApi = sendOAuthMetadata;
+exports.sendProtectedResourceMetadataNode = sendProtectedResourceMetadata$1;
+exports.sendProtectedResourceMetadataWebApi = sendProtectedResourceMetadata;
+exports.withATXPContext = withATXPContext;
+//# sourceMappingURL=index.cjs.map