@getalby/lightning-tools 7.0.2 → 8.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +108 -28
- package/dist/cjs/402/l402.cjs +55 -0
- package/dist/cjs/402/l402.cjs.map +1 -0
- package/dist/cjs/402/mpp.cjs +179 -0
- package/dist/cjs/402/mpp.cjs.map +1 -0
- package/dist/cjs/402/x402.cjs +1313 -0
- package/dist/cjs/402/x402.cjs.map +1 -0
- package/dist/cjs/402.cjs +1585 -0
- package/dist/cjs/402.cjs.map +1 -0
- package/dist/cjs/bolt11.cjs +8 -0
- package/dist/cjs/bolt11.cjs.map +1 -1
- package/dist/cjs/index.cjs +301 -53
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/cjs/lnurl.cjs +8 -0
- package/dist/cjs/lnurl.cjs.map +1 -1
- package/dist/esm/402/l402.js +53 -0
- package/dist/esm/402/l402.js.map +1 -0
- package/dist/esm/402/mpp.js +177 -0
- package/dist/esm/402/mpp.js.map +1 -0
- package/dist/esm/402/x402.js +1311 -0
- package/dist/esm/402/x402.js.map +1 -0
- package/dist/esm/402.js +1579 -0
- package/dist/esm/402.js.map +1 -0
- package/dist/esm/bolt11.js +8 -0
- package/dist/esm/bolt11.js.map +1 -1
- package/dist/esm/index.js +298 -50
- package/dist/esm/index.js.map +1 -1
- package/dist/esm/lnurl.js +8 -0
- package/dist/esm/lnurl.js.map +1 -1
- package/dist/lightning-tools.umd.js +2 -2
- package/dist/lightning-tools.umd.js.map +1 -1
- package/dist/types/402/l402.d.ts +13 -0
- package/dist/types/402/mpp.d.ts +26 -0
- package/dist/types/402/x402.d.ts +13 -0
- package/dist/types/402.d.ts +41 -0
- package/dist/types/bolt11.d.ts +4 -0
- package/dist/types/index.d.ts +38 -28
- package/dist/types/lnurl.d.ts +2 -0
- package/package.json +20 -5
- package/dist/cjs/l402.cjs +0 -93
- package/dist/cjs/l402.cjs.map +0 -1
- package/dist/esm/l402.js +0 -87
- package/dist/esm/l402.js.map +0 -1
- package/dist/types/l402.d.ts +0 -35
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
const parseL402 = (input) => {
|
|
2
|
+
// Remove the L402 and LSAT identifiers
|
|
3
|
+
const string = input.replace("L402", "").replace("LSAT", "").trim();
|
|
4
|
+
// Initialize an object to store the key-value pairs
|
|
5
|
+
const keyValuePairs = {};
|
|
6
|
+
// Regular expression to match key and (quoted or unquoted) value
|
|
7
|
+
const regex = /(\w+)=("([^"]*)"|'([^']*)'|([^,]*))/g;
|
|
8
|
+
let match;
|
|
9
|
+
// Use regex to find all key-value pairs
|
|
10
|
+
while ((match = regex.exec(string)) !== null) {
|
|
11
|
+
// Key is always match[1]
|
|
12
|
+
// Value is either match[3] (double-quoted), match[4] (single-quoted), or match[5] (unquoted)
|
|
13
|
+
keyValuePairs[match[1]] = match[3] || match[4] || match[5];
|
|
14
|
+
}
|
|
15
|
+
return keyValuePairs;
|
|
16
|
+
};
|
|
17
|
+
|
|
18
|
+
const handleL402Payment = async (l402Header, url, fetchArgs, headers, wallet) => {
|
|
19
|
+
const details = parseL402(l402Header);
|
|
20
|
+
const token = details.token || details.macaroon;
|
|
21
|
+
const invoice = details.invoice;
|
|
22
|
+
if (!token) {
|
|
23
|
+
throw new Error("L402: missing token/macaroon in WWW-Authenticate header");
|
|
24
|
+
}
|
|
25
|
+
if (!invoice) {
|
|
26
|
+
throw new Error("L402: missing invoice in WWW-Authenticate header");
|
|
27
|
+
}
|
|
28
|
+
const invResp = await wallet.payInvoice({ invoice });
|
|
29
|
+
headers.set("Authorization", `L402 ${token}:${invResp.preimage}`);
|
|
30
|
+
return fetch(url, fetchArgs);
|
|
31
|
+
};
|
|
32
|
+
const fetchWithL402 = async (url, fetchArgs, options) => {
|
|
33
|
+
const wallet = options.wallet;
|
|
34
|
+
if (!wallet) {
|
|
35
|
+
throw new Error("wallet is missing");
|
|
36
|
+
}
|
|
37
|
+
if (!fetchArgs) {
|
|
38
|
+
fetchArgs = {};
|
|
39
|
+
}
|
|
40
|
+
fetchArgs.cache = "no-store";
|
|
41
|
+
fetchArgs.mode = "cors";
|
|
42
|
+
const headers = new Headers(fetchArgs.headers ?? undefined);
|
|
43
|
+
fetchArgs.headers = headers;
|
|
44
|
+
const initResp = await fetch(url, fetchArgs);
|
|
45
|
+
const header = initResp.headers.get("www-authenticate");
|
|
46
|
+
if (!header) {
|
|
47
|
+
return initResp;
|
|
48
|
+
}
|
|
49
|
+
return handleL402Payment(header, url, fetchArgs, headers, wallet);
|
|
50
|
+
};
|
|
51
|
+
|
|
52
|
+
export { fetchWithL402 };
|
|
53
|
+
//# sourceMappingURL=l402.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"l402.js","sources":["../../../src/402/l402/utils.ts","../../../src/402/l402/l402.ts"],"sourcesContent":["export const parseL402 = (input: string): Record<string, string> => {\n // Remove the L402 and LSAT identifiers\n const string = input.replace(\"L402\", \"\").replace(\"LSAT\", \"\").trim();\n\n // Initialize an object to store the key-value pairs\n const keyValuePairs = {};\n\n // Regular expression to match key and (quoted or unquoted) value\n const regex = /(\\w+)=(\"([^\"]*)\"|'([^']*)'|([^,]*))/g;\n let match;\n\n // Use regex to find all key-value pairs\n while ((match = regex.exec(string)) !== null) {\n // Key is always match[1]\n // Value is either match[3] (double-quoted), match[4] (single-quoted), or match[5] (unquoted)\n keyValuePairs[match[1]] = match[3] || match[4] || match[5];\n }\n\n return keyValuePairs;\n};\n\nexport const makeL402AuthenticateHeader = (args: {\n macaroon?: string;\n token?: string;\n invoice: string;\n}) => {\n if (args.macaroon) {\n return `L402 version=\"0\" macaroon=\"${args.macaroon}\", invoice=\"${args.invoice}\"`;\n } else {\n return `L402 version=\"0\" token=\"${args.token}\", invoice=\"${args.invoice}\"`;\n }\n};\n","import { Wallet } from \"../utils\";\nimport { parseL402 } from \"./utils\";\n\nexport const handleL402Payment = async (\n l402Header: string,\n url: string,\n fetchArgs: RequestInit,\n headers: Headers,\n wallet: Wallet,\n): Promise<Response> => {\n const details = parseL402(l402Header);\n const token = details.token || details.macaroon;\n const invoice = details.invoice;\n\n if (!token) {\n throw new Error(\"L402: missing token/macaroon in WWW-Authenticate header\");\n }\n if (!invoice) {\n throw new Error(\"L402: missing invoice in WWW-Authenticate header\");\n }\n\n const invResp = await wallet.payInvoice({ invoice });\n headers.set(\"Authorization\", `L402 ${token}:${invResp.preimage}`);\n return fetch(url, fetchArgs);\n};\n\nexport const fetchWithL402 = async (\n url: string,\n fetchArgs: RequestInit,\n options: {\n wallet: Wallet;\n },\n) => {\n const wallet = options.wallet;\n if (!wallet) {\n throw new Error(\"wallet is missing\");\n }\n if (!fetchArgs) {\n fetchArgs = {};\n }\n fetchArgs.cache = \"no-store\";\n fetchArgs.mode = \"cors\";\n const headers = new Headers(fetchArgs.headers ?? undefined);\n fetchArgs.headers = headers;\n\n const initResp = await fetch(url, fetchArgs);\n const header = initResp.headers.get(\"www-authenticate\");\n if (!header) {\n return initResp;\n }\n\n return handleL402Payment(header, url, fetchArgs, headers, wallet);\n};\n"],"names":[],"mappings":"AAAO,MAAM,SAAS,GAAG,CAAC,KAAa,KAA4B;;IAEjE,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE;;IAGnE,MAAM,aAAa,GAAG,EAAE;;IAGxB,MAAM,KAAK,GAAG,sCAAsC;AACpD,IAAA,IAAI,KAAK;;AAGT,IAAA,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE;;;QAG5C,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC;IAC5D;AAEA,IAAA,OAAO,aAAa;AACtB,CAAC;;AChBM,MAAM,iBAAiB,GAAG,OAC/B,UAAkB,EAClB,GAAW,EACX,SAAsB,EACtB,OAAgB,EAChB,MAAc,KACO;AACrB,IAAA,MAAM,OAAO,GAAG,SAAS,CAAC,UAAU,CAAC;IACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,QAAQ;AAC/C,IAAA,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO;IAE/B,IAAI,CAAC,KAAK,EAAE;AACV,QAAA,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC;IAC5E;IACA,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC;IACrE;IAEA,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;AACpD,IAAA,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,KAAA,EAAQ,KAAK,CAAA,CAAA,EAAI,OAAO,CAAC,QAAQ,CAAA,CAAE,CAAC;AACjE,IAAA,OAAO,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;AAC9B,CAAC;AAEM,MAAM,aAAa,GAAG,OAC3B,GAAW,EACX,SAAsB,EACtB,OAEC,KACC;AACF,IAAA,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM;IAC7B,IAAI,CAAC,MAAM,EAAE;AACX,QAAA,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC;IACtC;IACA,IAAI,CAAC,SAAS,EAAE;QACd,SAAS,GAAG,EAAE;IAChB;AACA,IAAA,SAAS,CAAC,KAAK,GAAG,UAAU;AAC5B,IAAA,SAAS,CAAC,IAAI,GAAG,MAAM;IACvB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC;AAC3D,IAAA,SAAS,CAAC,OAAO,GAAG,OAAO;IAE3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;IAC5C,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACvD,IAAI,CAAC,MAAM,EAAE;AACX,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,OAAO,iBAAiB,CAAC,MAAM,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC;AACnE;;;;"}
|
|
@@ -0,0 +1,177 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Parse a `WWW-Authenticate: Payment …` header produced by a
|
|
3
|
+
* draft-lightning-charge-00 server. Expected format:
|
|
4
|
+
*
|
|
5
|
+
* Payment id="<id>", realm="<realm>", method="lightning",
|
|
6
|
+
* intent="charge", request="<base64url>" [, expires="<rfc3339>"]
|
|
7
|
+
*
|
|
8
|
+
* Returns null when the header is not a Payment lightning/charge challenge.
|
|
9
|
+
*/
|
|
10
|
+
const parseMppChallenge = (header) => {
|
|
11
|
+
if (!header.trimStart().toLowerCase().startsWith("payment")) {
|
|
12
|
+
return null;
|
|
13
|
+
}
|
|
14
|
+
const rest = header
|
|
15
|
+
.slice(header.toLowerCase().indexOf("payment") + "payment".length)
|
|
16
|
+
.trim();
|
|
17
|
+
const result = {};
|
|
18
|
+
const regex = /(\w+)=("([^"]*)"|'([^']*)'|([^,\s]*))/g;
|
|
19
|
+
let match;
|
|
20
|
+
while ((match = regex.exec(rest)) !== null) {
|
|
21
|
+
result[match[1]] = match[3] ?? match[4] ?? match[5] ?? "";
|
|
22
|
+
}
|
|
23
|
+
if (result.method !== "lightning" ||
|
|
24
|
+
result.intent !== "charge" ||
|
|
25
|
+
!result.id ||
|
|
26
|
+
!result.realm ||
|
|
27
|
+
!result.request) {
|
|
28
|
+
return null;
|
|
29
|
+
}
|
|
30
|
+
return {
|
|
31
|
+
id: result.id,
|
|
32
|
+
realm: result.realm,
|
|
33
|
+
method: result.method,
|
|
34
|
+
intent: result.intent,
|
|
35
|
+
request: result.request,
|
|
36
|
+
...(result.expires ? { expires: result.expires } : {}),
|
|
37
|
+
};
|
|
38
|
+
};
|
|
39
|
+
/** Decode a base64url string (no padding required) to a UTF-8 string. */
|
|
40
|
+
const decodeBase64url = (input) => {
|
|
41
|
+
const base64 = input.replace(/-/g, "+").replace(/_/g, "/");
|
|
42
|
+
const binary = atob(base64);
|
|
43
|
+
const bytes = new Uint8Array(binary.length);
|
|
44
|
+
for (let i = 0; i < binary.length; i++) {
|
|
45
|
+
bytes[i] = binary.charCodeAt(i);
|
|
46
|
+
}
|
|
47
|
+
return new TextDecoder("utf-8").decode(bytes);
|
|
48
|
+
};
|
|
49
|
+
/** Encode a UTF-8 string to base64url without padding. */
|
|
50
|
+
const encodeBase64url = (input) => {
|
|
51
|
+
const bytes = new TextEncoder().encode(input);
|
|
52
|
+
let binary = "";
|
|
53
|
+
for (let i = 0; i < bytes.length; i++) {
|
|
54
|
+
binary += String.fromCharCode(bytes[i]);
|
|
55
|
+
}
|
|
56
|
+
return btoa(binary).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
|
|
57
|
+
};
|
|
58
|
+
/**
|
|
59
|
+
* JSON Canonicalization Scheme (RFC 8785).
|
|
60
|
+
* Produces compact JSON with object keys sorted lexicographically.
|
|
61
|
+
*/
|
|
62
|
+
const jcs = (value) => {
|
|
63
|
+
if (value === null || typeof value !== "object") {
|
|
64
|
+
return JSON.stringify(value);
|
|
65
|
+
}
|
|
66
|
+
if (Array.isArray(value)) {
|
|
67
|
+
return "[" + value.map(jcs).join(",") + "]";
|
|
68
|
+
}
|
|
69
|
+
const keys = Object.keys(value).sort();
|
|
70
|
+
return ("{" +
|
|
71
|
+
keys
|
|
72
|
+
.map((k) => JSON.stringify(k) + ":" + jcs(value[k]))
|
|
73
|
+
.join(",") +
|
|
74
|
+
"}");
|
|
75
|
+
};
|
|
76
|
+
/**
|
|
77
|
+
* Build the base64url-encoded credential token for the `Authorization` header.
|
|
78
|
+
*
|
|
79
|
+
* Per the spec the credential is a JCS-serialised JSON object that echoes all
|
|
80
|
+
* challenge auth-params (id, realm, method, intent, request, expires) and
|
|
81
|
+
* carries the HTLC preimage that proves payment:
|
|
82
|
+
*
|
|
83
|
+
* {
|
|
84
|
+
* "challenge": { "id": "…", "intent": "charge",
|
|
85
|
+
* "method": "lightning", "realm": "…", "request": "…" },
|
|
86
|
+
* "payload": { "preimage": "<64-char lowercase hex>" }
|
|
87
|
+
* }
|
|
88
|
+
*
|
|
89
|
+
* Keys are sorted lexicographically at every level per JCS.
|
|
90
|
+
*/
|
|
91
|
+
const buildMppCredential = (challenge, preimage, source) => {
|
|
92
|
+
const challengeEcho = {
|
|
93
|
+
id: challenge.id,
|
|
94
|
+
intent: challenge.intent,
|
|
95
|
+
method: challenge.method,
|
|
96
|
+
realm: challenge.realm,
|
|
97
|
+
request: challenge.request,
|
|
98
|
+
};
|
|
99
|
+
if (challenge.expires) {
|
|
100
|
+
challengeEcho.expires = challenge.expires;
|
|
101
|
+
}
|
|
102
|
+
const credential = {
|
|
103
|
+
challenge: challengeEcho,
|
|
104
|
+
payload: { preimage },
|
|
105
|
+
};
|
|
106
|
+
return encodeBase64url(jcs(credential));
|
|
107
|
+
};
|
|
108
|
+
|
|
109
|
+
/**
|
|
110
|
+
* Handle a `WWW-Authenticate: Payment …` challenge produced by a
|
|
111
|
+
* draft-lightning-charge-00 server.
|
|
112
|
+
*
|
|
113
|
+
* Flow:
|
|
114
|
+
* 1. Parse the challenge from the header.
|
|
115
|
+
* 2. Decode the `request` auth-param to find the BOLT11 invoice.
|
|
116
|
+
* 3. Pay the invoice via the wallet; receive the HTLC preimage.
|
|
117
|
+
* 4. Build the `Authorization: Payment <credential>` header.
|
|
118
|
+
* 5. Retry the original request with the credential.
|
|
119
|
+
*/
|
|
120
|
+
const handleMppChargePayment = async (wwwAuthHeader, url, fetchArgs, headers, wallet) => {
|
|
121
|
+
const challenge = parseMppChallenge(wwwAuthHeader);
|
|
122
|
+
if (!challenge) {
|
|
123
|
+
throw new Error("mpp: invalid or unsupported WWW-Authenticate challenge (expected Payment method=lightning intent=charge)");
|
|
124
|
+
}
|
|
125
|
+
let request;
|
|
126
|
+
try {
|
|
127
|
+
request = JSON.parse(decodeBase64url(challenge.request));
|
|
128
|
+
}
|
|
129
|
+
catch (_) {
|
|
130
|
+
throw new Error("mpp: invalid request auth-param (not valid base64url-encoded JSON)");
|
|
131
|
+
}
|
|
132
|
+
const invoice = request.methodDetails?.invoice;
|
|
133
|
+
if (!invoice) {
|
|
134
|
+
throw new Error("mpp: missing invoice in charge request");
|
|
135
|
+
}
|
|
136
|
+
const invResp = await wallet.payInvoice({ invoice });
|
|
137
|
+
// Per spec: Authorization: Payment <base64url-token> (single token, no wrapper)
|
|
138
|
+
const credential = buildMppCredential(challenge, invResp.preimage);
|
|
139
|
+
headers.set("Authorization", `Payment ${credential}`);
|
|
140
|
+
return fetch(url, fetchArgs);
|
|
141
|
+
};
|
|
142
|
+
/**
|
|
143
|
+
* Fetch a resource protected by the draft-lightning-charge-00 payment
|
|
144
|
+
* authentication protocol.
|
|
145
|
+
*
|
|
146
|
+
* On a `402 Payment Required` response that carries a
|
|
147
|
+
* `WWW-Authenticate: Payment method="lightning" intent="charge" …` header
|
|
148
|
+
* the function pays the embedded BOLT11 invoice and retries with the
|
|
149
|
+
* resulting preimage as the credential.
|
|
150
|
+
*
|
|
151
|
+
* Note: lightning-charge uses consume-once challenge semantics – each
|
|
152
|
+
* challenge embeds a fresh invoice, so paid credentials cannot be reused.
|
|
153
|
+
* The `store` option is accepted for API consistency but is not used.
|
|
154
|
+
*/
|
|
155
|
+
const fetchWithMpp = async (url, fetchArgs, options) => {
|
|
156
|
+
const wallet = options.wallet;
|
|
157
|
+
if (!wallet) {
|
|
158
|
+
throw new Error("wallet is missing");
|
|
159
|
+
}
|
|
160
|
+
if (!fetchArgs) {
|
|
161
|
+
fetchArgs = {};
|
|
162
|
+
}
|
|
163
|
+
fetchArgs.cache = "no-store";
|
|
164
|
+
fetchArgs.mode = "cors";
|
|
165
|
+
const headers = new Headers(fetchArgs.headers ?? undefined);
|
|
166
|
+
fetchArgs.headers = headers;
|
|
167
|
+
const initResp = await fetch(url, fetchArgs);
|
|
168
|
+
const wwwAuthHeader = initResp.headers.get("www-authenticate");
|
|
169
|
+
if (!wwwAuthHeader ||
|
|
170
|
+
!wwwAuthHeader.trimStart().toLowerCase().startsWith("payment")) {
|
|
171
|
+
return initResp;
|
|
172
|
+
}
|
|
173
|
+
return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
|
|
174
|
+
};
|
|
175
|
+
|
|
176
|
+
export { fetchWithMpp };
|
|
177
|
+
//# sourceMappingURL=mpp.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"mpp.js","sources":["../../../src/402/mpp/utils.ts","../../../src/402/mpp/mpp.ts"],"sourcesContent":["export interface MppChallenge {\n id: string;\n realm: string;\n method: string;\n intent: string;\n request: string;\n expires?: string;\n}\n\nexport interface MppChargeRequest {\n amount: string;\n currency: string;\n description?: string;\n recipient?: string;\n externalId?: string;\n methodDetails: {\n invoice: string;\n paymentHash?: string;\n network?: string;\n };\n}\n\n/**\n * Parse a `WWW-Authenticate: Payment …` header produced by a\n * draft-lightning-charge-00 server. Expected format:\n *\n * Payment id=\"<id>\", realm=\"<realm>\", method=\"lightning\",\n * intent=\"charge\", request=\"<base64url>\" [, expires=\"<rfc3339>\"]\n *\n * Returns null when the header is not a Payment lightning/charge challenge.\n */\nexport const parseMppChallenge = (header: string): MppChallenge | null => {\n if (!header.trimStart().toLowerCase().startsWith(\"payment\")) {\n return null;\n }\n const rest = header\n .slice(header.toLowerCase().indexOf(\"payment\") + \"payment\".length)\n .trim();\n const result: Record<string, string> = {};\n const regex = /(\\w+)=(\"([^\"]*)\"|'([^']*)'|([^,\\s]*))/g;\n let match;\n while ((match = regex.exec(rest)) !== null) {\n result[match[1]] = match[3] ?? match[4] ?? match[5] ?? \"\";\n }\n\n if (\n result.method !== \"lightning\" ||\n result.intent !== \"charge\" ||\n !result.id ||\n !result.realm ||\n !result.request\n ) {\n return null;\n }\n\n return {\n id: result.id,\n realm: result.realm,\n method: result.method,\n intent: result.intent,\n request: result.request,\n ...(result.expires ? { expires: result.expires } : {}),\n };\n};\n\n/** Decode a base64url string (no padding required) to a UTF-8 string. */\nexport const decodeBase64url = (input: string): string => {\n const base64 = input.replace(/-/g, \"+\").replace(/_/g, \"/\");\n const binary = atob(base64);\n const bytes = new Uint8Array(binary.length);\n for (let i = 0; i < binary.length; i++) {\n bytes[i] = binary.charCodeAt(i);\n }\n return new TextDecoder(\"utf-8\").decode(bytes);\n};\n\n/** Encode a UTF-8 string to base64url without padding. */\nconst encodeBase64url = (input: string): string => {\n const bytes = new TextEncoder().encode(input);\n let binary = \"\";\n for (let i = 0; i < bytes.length; i++) {\n binary += String.fromCharCode(bytes[i]);\n }\n return btoa(binary).replace(/\\+/g, \"-\").replace(/\\//g, \"_\").replace(/=/g, \"\");\n};\n\n/**\n * JSON Canonicalization Scheme (RFC 8785).\n * Produces compact JSON with object keys sorted lexicographically.\n */\nconst jcs = (value: unknown): string => {\n if (value === null || typeof value !== \"object\") {\n return JSON.stringify(value);\n }\n if (Array.isArray(value)) {\n return \"[\" + (value as unknown[]).map(jcs).join(\",\") + \"]\";\n }\n const keys = Object.keys(value as object).sort();\n return (\n \"{\" +\n keys\n .map(\n (k) =>\n JSON.stringify(k) + \":\" + jcs((value as Record<string, unknown>)[k]),\n )\n .join(\",\") +\n \"}\"\n );\n};\n\n/**\n * Build the base64url-encoded credential token for the `Authorization` header.\n *\n * Per the spec the credential is a JCS-serialised JSON object that echoes all\n * challenge auth-params (id, realm, method, intent, request, expires) and\n * carries the HTLC preimage that proves payment:\n *\n * {\n * \"challenge\": { \"id\": \"…\", \"intent\": \"charge\",\n * \"method\": \"lightning\", \"realm\": \"…\", \"request\": \"…\" },\n * \"payload\": { \"preimage\": \"<64-char lowercase hex>\" }\n * }\n *\n * Keys are sorted lexicographically at every level per JCS.\n */\nexport const buildMppCredential = (\n challenge: MppChallenge,\n preimage: string,\n source?: string,\n): string => {\n const challengeEcho: Record<string, string> = {\n id: challenge.id,\n intent: challenge.intent,\n method: challenge.method,\n realm: challenge.realm,\n request: challenge.request,\n };\n if (challenge.expires) {\n challengeEcho.expires = challenge.expires;\n }\n\n const credential: Record<string, unknown> = {\n challenge: challengeEcho,\n payload: { preimage },\n };\n if (source) {\n credential.source = source;\n }\n\n return encodeBase64url(jcs(credential));\n};\n\n/**\n * Construct a `WWW-Authenticate` header for testing / server implementations.\n *\n * The auth scheme is `Payment` per [I-D.httpauth-payment].\n */\nexport const makeMppWwwAuthenticateHeader = (args: {\n id: string;\n realm: string;\n request: string;\n expires?: string;\n}): string => {\n let header =\n `Payment id=\"${args.id}\", realm=\"${args.realm}\", method=\"lightning\",` +\n ` intent=\"charge\", request=\"${args.request}\"`;\n if (args.expires) {\n header += `, expires=\"${args.expires}\"`;\n }\n return header;\n};\n\n/** Encode an MppChargeRequest as a base64url string suitable for the `request` auth-param. */\nexport const encodeMppChargeRequest = (request: MppChargeRequest): string =>\n encodeBase64url(jcs(request));\n","import { Wallet } from \"../utils\";\nimport {\n buildMppCredential,\n decodeBase64url,\n MppChargeRequest,\n parseMppChallenge,\n} from \"./utils\";\n\n/**\n * Handle a `WWW-Authenticate: Payment …` challenge produced by a\n * draft-lightning-charge-00 server.\n *\n * Flow:\n * 1. Parse the challenge from the header.\n * 2. Decode the `request` auth-param to find the BOLT11 invoice.\n * 3. Pay the invoice via the wallet; receive the HTLC preimage.\n * 4. Build the `Authorization: Payment <credential>` header.\n * 5. Retry the original request with the credential.\n */\nexport const handleMppChargePayment = async (\n wwwAuthHeader: string,\n url: string,\n fetchArgs: RequestInit,\n headers: Headers,\n wallet: Wallet,\n): Promise<Response> => {\n const challenge = parseMppChallenge(wwwAuthHeader);\n if (!challenge) {\n throw new Error(\n \"mpp: invalid or unsupported WWW-Authenticate challenge (expected Payment method=lightning intent=charge)\",\n );\n }\n\n let request: MppChargeRequest;\n try {\n request = JSON.parse(decodeBase64url(challenge.request));\n } catch (_) {\n throw new Error(\n \"mpp: invalid request auth-param (not valid base64url-encoded JSON)\",\n );\n }\n\n const invoice = request.methodDetails?.invoice;\n if (!invoice) {\n throw new Error(\"mpp: missing invoice in charge request\");\n }\n\n const invResp = await wallet.payInvoice({ invoice });\n\n // Per spec: Authorization: Payment <base64url-token> (single token, no wrapper)\n const credential = buildMppCredential(challenge, invResp.preimage);\n headers.set(\"Authorization\", `Payment ${credential}`);\n\n return fetch(url, fetchArgs);\n};\n\n/**\n * Fetch a resource protected by the draft-lightning-charge-00 payment\n * authentication protocol.\n *\n * On a `402 Payment Required` response that carries a\n * `WWW-Authenticate: Payment method=\"lightning\" intent=\"charge\" …` header\n * the function pays the embedded BOLT11 invoice and retries with the\n * resulting preimage as the credential.\n *\n * Note: lightning-charge uses consume-once challenge semantics – each\n * challenge embeds a fresh invoice, so paid credentials cannot be reused.\n * The `store` option is accepted for API consistency but is not used.\n */\nexport const fetchWithMpp = async (\n url: string,\n fetchArgs: RequestInit,\n options: { wallet: Wallet },\n): Promise<Response> => {\n const wallet = options.wallet;\n if (!wallet) {\n throw new Error(\"wallet is missing\");\n }\n if (!fetchArgs) {\n fetchArgs = {};\n }\n fetchArgs.cache = \"no-store\";\n fetchArgs.mode = \"cors\";\n const headers = new Headers(fetchArgs.headers ?? undefined);\n fetchArgs.headers = headers;\n\n const initResp = await fetch(url, fetchArgs);\n const wwwAuthHeader = initResp.headers.get(\"www-authenticate\");\n if (\n !wwwAuthHeader ||\n !wwwAuthHeader.trimStart().toLowerCase().startsWith(\"payment\")\n ) {\n return initResp;\n }\n\n return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);\n};\n"],"names":[],"mappings":"AAsBA;;;;;;;;AAQG;AACI,MAAM,iBAAiB,GAAG,CAAC,MAAc,KAAyB;AACvE,IAAA,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;AAC3D,QAAA,OAAO,IAAI;IACb;IACA,MAAM,IAAI,GAAG;AACV,SAAA,KAAK,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC,GAAG,SAAS,CAAC,MAAM;AAChE,SAAA,IAAI,EAAE;IACT,MAAM,MAAM,GAA2B,EAAE;IACzC,MAAM,KAAK,GAAG,wCAAwC;AACtD,IAAA,IAAI,KAAK;AACT,IAAA,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE;QAC1C,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,EAAE;IAC3D;AAEA,IAAA,IACE,MAAM,CAAC,MAAM,KAAK,WAAW;QAC7B,MAAM,CAAC,MAAM,KAAK,QAAQ;QAC1B,CAAC,MAAM,CAAC,EAAE;QACV,CAAC,MAAM,CAAC,KAAK;AACb,QAAA,CAAC,MAAM,CAAC,OAAO,EACf;AACA,QAAA,OAAO,IAAI;IACb;IAEA,OAAO;QACL,EAAE,EAAE,MAAM,CAAC,EAAE;QACb,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,OAAO,EAAE,MAAM,CAAC,OAAO;AACvB,QAAA,IAAI,MAAM,CAAC,OAAO,GAAG,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC;KACvD;AACH,CAAC;AAED;AACO,MAAM,eAAe,GAAG,CAAC,KAAa,KAAY;AACvD,IAAA,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC;AAC1D,IAAA,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC;AAC3C,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACtC,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACjC;IACA,OAAO,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;AAC/C,CAAC;AAED;AACA,MAAM,eAAe,GAAG,CAAC,KAAa,KAAY;IAChD,MAAM,KAAK,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,KAAK,CAAC;IAC7C,IAAI,MAAM,GAAG,EAAE;AACf,IAAA,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACrC,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACzC;IACA,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC;AAC/E,CAAC;AAED;;;AAGG;AACH,MAAM,GAAG,GAAG,CAAC,KAAc,KAAY;IACrC,IAAI,KAAK,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;AAC/C,QAAA,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;IAC9B;AACA,IAAA,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;AACxB,QAAA,OAAO,GAAG,GAAI,KAAmB,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG;IAC5D;IACA,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAe,CAAC,CAAC,IAAI,EAAE;AAChD,IAAA,QACE,GAAG;QACH;aACG,GAAG,CACF,CAAC,CAAC,KACA,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,GAAG,CAAE,KAAiC,CAAC,CAAC,CAAC,CAAC;aAEvE,IAAI,CAAC,GAAG,CAAC;AACZ,QAAA,GAAG;AAEP,CAAC;AAED;;;;;;;;;;;;;;AAcG;AACI,MAAM,kBAAkB,GAAG,CAChC,SAAuB,EACvB,QAAgB,EAChB,MAAe,KACL;AACV,IAAA,MAAM,aAAa,GAA2B;QAC5C,EAAE,EAAE,SAAS,CAAC,EAAE;QAChB,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,MAAM,EAAE,SAAS,CAAC,MAAM;QACxB,KAAK,EAAE,SAAS,CAAC,KAAK;QACtB,OAAO,EAAE,SAAS,CAAC,OAAO;KAC3B;AACD,IAAA,IAAI,SAAS,CAAC,OAAO,EAAE;AACrB,QAAA,aAAa,CAAC,OAAO,GAAG,SAAS,CAAC,OAAO;IAC3C;AAEA,IAAA,MAAM,UAAU,GAA4B;AAC1C,QAAA,SAAS,EAAE,aAAa;QACxB,OAAO,EAAE,EAAE,QAAQ,EAAE;KACtB;AAKD,IAAA,OAAO,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;AACzC,CAAC;;AC9ID;;;;;;;;;;AAUG;AACI,MAAM,sBAAsB,GAAG,OACpC,aAAqB,EACrB,GAAW,EACX,SAAsB,EACtB,OAAgB,EAChB,MAAc,KACO;AACrB,IAAA,MAAM,SAAS,GAAG,iBAAiB,CAAC,aAAa,CAAC;IAClD,IAAI,CAAC,SAAS,EAAE;AACd,QAAA,MAAM,IAAI,KAAK,CACb,0GAA0G,CAC3G;IACH;AAEA,IAAA,IAAI,OAAyB;AAC7B,IAAA,IAAI;AACF,QAAA,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC1D;IAAE,OAAO,CAAC,EAAE;AACV,QAAA,MAAM,IAAI,KAAK,CACb,oEAAoE,CACrE;IACH;AAEA,IAAA,MAAM,OAAO,GAAG,OAAO,CAAC,aAAa,EAAE,OAAO;IAC9C,IAAI,CAAC,OAAO,EAAE;AACZ,QAAA,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC;IAC3D;IAEA,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,EAAE,OAAO,EAAE,CAAC;;IAGpD,MAAM,UAAU,GAAG,kBAAkB,CAAC,SAAS,EAAE,OAAO,CAAC,QAAQ,CAAC;IAClE,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,CAAA,QAAA,EAAW,UAAU,CAAA,CAAE,CAAC;AAErD,IAAA,OAAO,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;AAC9B,CAAC;AAED;;;;;;;;;;;;AAYG;AACI,MAAM,YAAY,GAAG,OAC1B,GAAW,EACX,SAAsB,EACtB,OAA2B,KACN;AACrB,IAAA,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM;IAC7B,IAAI,CAAC,MAAM,EAAE;AACX,QAAA,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC;IACtC;IACA,IAAI,CAAC,SAAS,EAAE;QACd,SAAS,GAAG,EAAE;IAChB;AACA,IAAA,SAAS,CAAC,KAAK,GAAG,UAAU;AAC5B,IAAA,SAAS,CAAC,IAAI,GAAG,MAAM;IACvB,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,SAAS,CAAC,OAAO,IAAI,SAAS,CAAC;AAC3D,IAAA,SAAS,CAAC,OAAO,GAAG,OAAO;IAE3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE,SAAS,CAAC;IAC5C,MAAM,aAAa,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;AAC9D,IAAA,IACE,CAAC,aAAa;AACd,QAAA,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,WAAW,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAC9D;AACA,QAAA,OAAO,QAAQ;IACjB;AAEA,IAAA,OAAO,sBAAsB,CAAC,aAAa,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC;AAC/E;;;;"}
|