@getalby/lightning-tools 8.0.0 → 8.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/esm/index.js CHANGED
@@ -1,3 +1,310 @@
1
+ function bytes(b, ...lengths) {
2
+ if (!(b instanceof Uint8Array))
3
+ throw new Error('Expected Uint8Array');
4
+ if (lengths.length > 0 && !lengths.includes(b.length))
5
+ throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
6
+ }
7
+ function exists(instance, checkFinished = true) {
8
+ if (instance.destroyed)
9
+ throw new Error('Hash instance has been destroyed');
10
+ if (checkFinished && instance.finished)
11
+ throw new Error('Hash#digest() has already been called');
12
+ }
13
+ function output(out, instance) {
14
+ bytes(out);
15
+ const min = instance.outputLen;
16
+ if (out.length < min) {
17
+ throw new Error(`digestInto() expects output buffer of length at least ${min}`);
18
+ }
19
+ }
20
+
21
+ /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
22
+ // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
23
+ // node.js versions earlier than v19 don't declare it in global scope.
24
+ // For node.js, package.json#exports field mapping rewrites import
25
+ // from `crypto` to `cryptoNode`, which imports native module.
26
+ // Makes the utils un-importable in browsers without a bundler.
27
+ // Once node.js 18 is deprecated, we can just drop the import.
28
+ const u8a = (a) => a instanceof Uint8Array;
29
+ // Cast array to view
30
+ const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
31
+ // The rotate right (circular right shift) operation for uint32
32
+ const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
33
+ // big-endian hardware is rare. Just in case someone still decides to run hashes:
34
+ // early-throw an error because we don't support BE yet.
35
+ const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
36
+ if (!isLE)
37
+ throw new Error('Non little-endian hardware is not supported');
38
+ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
39
+ /**
40
+ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
41
+ */
42
+ function bytesToHex(bytes) {
43
+ if (!u8a(bytes))
44
+ throw new Error('Uint8Array expected');
45
+ // pre-caching improves the speed 6x
46
+ let hex = '';
47
+ for (let i = 0; i < bytes.length; i++) {
48
+ hex += hexes[bytes[i]];
49
+ }
50
+ return hex;
51
+ }
52
+ /**
53
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
54
+ */
55
+ function utf8ToBytes(str) {
56
+ if (typeof str !== 'string')
57
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
58
+ return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
59
+ }
60
+ /**
61
+ * Normalizes (non-hex) string or Uint8Array to Uint8Array.
62
+ * Warning: when Uint8Array is passed, it would NOT get copied.
63
+ * Keep in mind for future mutable operations.
64
+ */
65
+ function toBytes(data) {
66
+ if (typeof data === 'string')
67
+ data = utf8ToBytes(data);
68
+ if (!u8a(data))
69
+ throw new Error(`expected Uint8Array, got ${typeof data}`);
70
+ return data;
71
+ }
72
+ // For runtime check if class implements interface
73
+ class Hash {
74
+ // Safe version that clones internal state
75
+ clone() {
76
+ return this._cloneInto();
77
+ }
78
+ }
79
+ function wrapConstructor(hashCons) {
80
+ const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
81
+ const tmp = hashCons();
82
+ hashC.outputLen = tmp.outputLen;
83
+ hashC.blockLen = tmp.blockLen;
84
+ hashC.create = () => hashCons();
85
+ return hashC;
86
+ }
87
+
88
+ // Polyfill for Safari 14
89
+ function setBigUint64(view, byteOffset, value, isLE) {
90
+ if (typeof view.setBigUint64 === 'function')
91
+ return view.setBigUint64(byteOffset, value, isLE);
92
+ const _32n = BigInt(32);
93
+ const _u32_max = BigInt(0xffffffff);
94
+ const wh = Number((value >> _32n) & _u32_max);
95
+ const wl = Number(value & _u32_max);
96
+ const h = isLE ? 4 : 0;
97
+ const l = isLE ? 0 : 4;
98
+ view.setUint32(byteOffset + h, wh, isLE);
99
+ view.setUint32(byteOffset + l, wl, isLE);
100
+ }
101
+ // Base SHA2 class (RFC 6234)
102
+ class SHA2 extends Hash {
103
+ constructor(blockLen, outputLen, padOffset, isLE) {
104
+ super();
105
+ this.blockLen = blockLen;
106
+ this.outputLen = outputLen;
107
+ this.padOffset = padOffset;
108
+ this.isLE = isLE;
109
+ this.finished = false;
110
+ this.length = 0;
111
+ this.pos = 0;
112
+ this.destroyed = false;
113
+ this.buffer = new Uint8Array(blockLen);
114
+ this.view = createView(this.buffer);
115
+ }
116
+ update(data) {
117
+ exists(this);
118
+ const { view, buffer, blockLen } = this;
119
+ data = toBytes(data);
120
+ const len = data.length;
121
+ for (let pos = 0; pos < len;) {
122
+ const take = Math.min(blockLen - this.pos, len - pos);
123
+ // Fast path: we have at least one block in input, cast it to view and process
124
+ if (take === blockLen) {
125
+ const dataView = createView(data);
126
+ for (; blockLen <= len - pos; pos += blockLen)
127
+ this.process(dataView, pos);
128
+ continue;
129
+ }
130
+ buffer.set(data.subarray(pos, pos + take), this.pos);
131
+ this.pos += take;
132
+ pos += take;
133
+ if (this.pos === blockLen) {
134
+ this.process(view, 0);
135
+ this.pos = 0;
136
+ }
137
+ }
138
+ this.length += data.length;
139
+ this.roundClean();
140
+ return this;
141
+ }
142
+ digestInto(out) {
143
+ exists(this);
144
+ output(out, this);
145
+ this.finished = true;
146
+ // Padding
147
+ // We can avoid allocation of buffer for padding completely if it
148
+ // was previously not allocated here. But it won't change performance.
149
+ const { buffer, view, blockLen, isLE } = this;
150
+ let { pos } = this;
151
+ // append the bit '1' to the message
152
+ buffer[pos++] = 0b10000000;
153
+ this.buffer.subarray(pos).fill(0);
154
+ // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
155
+ if (this.padOffset > blockLen - pos) {
156
+ this.process(view, 0);
157
+ pos = 0;
158
+ }
159
+ // Pad until full block byte with zeros
160
+ for (let i = pos; i < blockLen; i++)
161
+ buffer[i] = 0;
162
+ // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
163
+ // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
164
+ // So we just write lowest 64 bits of that value.
165
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
166
+ this.process(view, 0);
167
+ const oview = createView(out);
168
+ const len = this.outputLen;
169
+ // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
170
+ if (len % 4)
171
+ throw new Error('_sha2: outputLen should be aligned to 32bit');
172
+ const outLen = len / 4;
173
+ const state = this.get();
174
+ if (outLen > state.length)
175
+ throw new Error('_sha2: outputLen bigger than state');
176
+ for (let i = 0; i < outLen; i++)
177
+ oview.setUint32(4 * i, state[i], isLE);
178
+ }
179
+ digest() {
180
+ const { buffer, outputLen } = this;
181
+ this.digestInto(buffer);
182
+ const res = buffer.slice(0, outputLen);
183
+ this.destroy();
184
+ return res;
185
+ }
186
+ _cloneInto(to) {
187
+ to || (to = new this.constructor());
188
+ to.set(...this.get());
189
+ const { blockLen, buffer, length, finished, destroyed, pos } = this;
190
+ to.length = length;
191
+ to.pos = pos;
192
+ to.finished = finished;
193
+ to.destroyed = destroyed;
194
+ if (length % blockLen)
195
+ to.buffer.set(buffer);
196
+ return to;
197
+ }
198
+ }
199
+
200
+ // SHA2-256 need to try 2^128 hashes to execute birthday attack.
201
+ // BTC network is doing 2^67 hashes/sec as per early 2023.
202
+ // Choice: a ? b : c
203
+ const Chi = (a, b, c) => (a & b) ^ (~a & c);
204
+ // Majority function, true if any two inpust is true
205
+ const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
206
+ // Round constants:
207
+ // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
208
+ // prettier-ignore
209
+ const SHA256_K = /* @__PURE__ */ new Uint32Array([
210
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
211
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
212
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
213
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
214
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
215
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
216
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
217
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
218
+ ]);
219
+ // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
220
+ // prettier-ignore
221
+ const IV = /* @__PURE__ */ new Uint32Array([
222
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
223
+ ]);
224
+ // Temporary buffer, not used to store anything between runs
225
+ // Named this way because it matches specification.
226
+ const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
227
+ class SHA256 extends SHA2 {
228
+ constructor() {
229
+ super(64, 32, 8, false);
230
+ // We cannot use array here since array allows indexing by variable
231
+ // which means optimizer/compiler cannot use registers.
232
+ this.A = IV[0] | 0;
233
+ this.B = IV[1] | 0;
234
+ this.C = IV[2] | 0;
235
+ this.D = IV[3] | 0;
236
+ this.E = IV[4] | 0;
237
+ this.F = IV[5] | 0;
238
+ this.G = IV[6] | 0;
239
+ this.H = IV[7] | 0;
240
+ }
241
+ get() {
242
+ const { A, B, C, D, E, F, G, H } = this;
243
+ return [A, B, C, D, E, F, G, H];
244
+ }
245
+ // prettier-ignore
246
+ set(A, B, C, D, E, F, G, H) {
247
+ this.A = A | 0;
248
+ this.B = B | 0;
249
+ this.C = C | 0;
250
+ this.D = D | 0;
251
+ this.E = E | 0;
252
+ this.F = F | 0;
253
+ this.G = G | 0;
254
+ this.H = H | 0;
255
+ }
256
+ process(view, offset) {
257
+ // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
258
+ for (let i = 0; i < 16; i++, offset += 4)
259
+ SHA256_W[i] = view.getUint32(offset, false);
260
+ for (let i = 16; i < 64; i++) {
261
+ const W15 = SHA256_W[i - 15];
262
+ const W2 = SHA256_W[i - 2];
263
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
264
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
265
+ SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
266
+ }
267
+ // Compression function main loop, 64 rounds
268
+ let { A, B, C, D, E, F, G, H } = this;
269
+ for (let i = 0; i < 64; i++) {
270
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
271
+ const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
272
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
273
+ const T2 = (sigma0 + Maj(A, B, C)) | 0;
274
+ H = G;
275
+ G = F;
276
+ F = E;
277
+ E = (D + T1) | 0;
278
+ D = C;
279
+ C = B;
280
+ B = A;
281
+ A = (T1 + T2) | 0;
282
+ }
283
+ // Add the compressed chunk to the current hash value
284
+ A = (A + this.A) | 0;
285
+ B = (B + this.B) | 0;
286
+ C = (C + this.C) | 0;
287
+ D = (D + this.D) | 0;
288
+ E = (E + this.E) | 0;
289
+ F = (F + this.F) | 0;
290
+ G = (G + this.G) | 0;
291
+ H = (H + this.H) | 0;
292
+ this.set(A, B, C, D, E, F, G, H);
293
+ }
294
+ roundClean() {
295
+ SHA256_W.fill(0);
296
+ }
297
+ destroy() {
298
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
299
+ this.buffer.fill(0);
300
+ }
301
+ }
302
+ /**
303
+ * SHA2-256 hash function
304
+ * @param message - data that would be hashed
305
+ */
306
+ const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
307
+
1
308
  var lib = {};
2
309
 
3
310
  var hasRequiredLib;
@@ -697,483 +1004,189 @@ function requireBolt11 () {
697
1004
  coinNetwork = network;
698
1005
  }
699
1006
  if (!coinNetwork || coinNetwork.bech32 !== bech32Prefix) {
700
- throw new Error('Unknown coin bech32 prefix')
701
- }
702
- sections.push({
703
- name: 'coin_network',
704
- letters: bech32Prefix,
705
- value: coinNetwork
706
- });
707
-
708
- // amount section
709
- const value = prefixMatches[2];
710
- let millisatoshis;
711
- if (value) {
712
- const divisor = prefixMatches[3];
713
- millisatoshis = hrpToMillisat(value + divisor, true);
714
- sections.push({
715
- name: 'amount',
716
- letters: prefixMatches[2] + prefixMatches[3],
717
- value: millisatoshis
718
- });
719
- } else {
720
- millisatoshis = null;
721
- }
722
-
723
- // "1" separator
724
- sections.push({
725
- name: 'separator',
726
- letters: '1'
727
- });
728
-
729
- // timestamp
730
- const timestamp = wordsToIntBE(words.slice(0, 7));
731
- words = words.slice(7); // trim off the left 7 words
732
- sections.push({
733
- name: 'timestamp',
734
- letters: letters.slice(0, 7),
735
- value: timestamp
736
- });
737
- letters = letters.slice(7);
738
-
739
- let tagName, parser, tagLength, tagWords;
740
- // we have no tag count to go on, so just keep hacking off words
741
- // until we have none.
742
- while (words.length > 0) {
743
- const tagCode = words[0].toString();
744
- tagName = TAGNAMES[tagCode] || 'unknown_tag';
745
- parser = TAGPARSERS[tagCode] || getUnknownParser(tagCode);
746
- words = words.slice(1);
747
-
748
- tagLength = wordsToIntBE(words.slice(0, 2));
749
- words = words.slice(2);
750
-
751
- tagWords = words.slice(0, tagLength);
752
- words = words.slice(tagLength);
753
-
754
- sections.push({
755
- name: tagName,
756
- tag: letters[0],
757
- letters: letters.slice(0, 1 + 2 + tagLength),
758
- value: parser(tagWords) // see: parsers for more comments
759
- });
760
- letters = letters.slice(1 + 2 + tagLength);
761
- }
762
-
763
- // signature
764
- sections.push({
765
- name: 'signature',
766
- letters: letters.slice(0, 104),
767
- value: hex.encode(bech32.fromWordsUnsafe(sigWords))
768
- });
769
- letters = letters.slice(104);
770
-
771
- // checksum
772
- sections.push({
773
- name: 'checksum',
774
- letters: letters
775
- });
776
-
777
- let result = {
778
- paymentRequest,
779
- sections,
780
-
781
- get expiry() {
782
- let exp = sections.find(s => s.name === 'expiry');
783
- if (exp) return getValue('timestamp') + exp.value
784
- },
785
-
786
- get route_hints() {
787
- return sections.filter(s => s.name === 'route_hint').map(s => s.value)
788
- }
789
- };
790
-
791
- for (let name in TAGCODES) {
792
- if (name === 'route_hint') {
793
- // route hints can be multiple, so this won't work for them
794
- continue
795
- }
796
-
797
- Object.defineProperty(result, name, {
798
- get() {
799
- return getValue(name)
800
- }
801
- });
802
- }
803
-
804
- return result
805
-
806
- function getValue(name) {
807
- let section = sections.find(s => s.name === name);
808
- return section ? section.value : undefined
809
- }
810
- }
811
-
812
- bolt11 = {
813
- decode,
814
- hrpToMillisat
815
- };
816
- return bolt11;
817
- }
818
-
819
- var bolt11Exports = requireBolt11();
820
-
821
- // from https://stackoverflow.com/a/50868276
822
- const fromHexString = (hexString) => Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
823
- const decodeInvoice = (paymentRequest) => {
824
- if (!paymentRequest)
825
- return null;
826
- try {
827
- const decoded = bolt11Exports.decode(paymentRequest);
828
- if (!decoded || !decoded.sections)
829
- return null;
830
- const hashTag = decoded.sections.find((value) => value.name === "payment_hash");
831
- if (hashTag?.name !== "payment_hash" || !hashTag.value)
832
- return null;
833
- const paymentHash = hashTag.value;
834
- let satoshi = 0;
835
- let millisatoshi = 0;
836
- let amountRaw = "0";
837
- const amountTag = decoded.sections.find((value) => value.name === "amount");
838
- if (amountTag?.name === "amount" && amountTag.value) {
839
- amountRaw = amountTag.value;
840
- millisatoshi = parseInt(amountTag.value);
841
- satoshi = parseInt(amountTag.value) / 1000; // millisats
842
- }
843
- const timestampTag = decoded.sections.find((value) => value.name === "timestamp");
844
- if (timestampTag?.name !== "timestamp" || !timestampTag.value)
845
- return null;
846
- const timestamp = timestampTag.value;
847
- let expiry;
848
- const expiryTag = decoded.sections.find((value) => value.name === "expiry");
849
- if (expiryTag?.name === "expiry") {
850
- expiry = expiryTag.value;
851
- }
852
- const descriptionTag = decoded.sections.find((value) => value.name === "description");
853
- const description = descriptionTag?.name === "description"
854
- ? descriptionTag?.value
855
- : undefined;
856
- return {
857
- paymentHash,
858
- satoshi,
859
- millisatoshi,
860
- amountRaw,
861
- timestamp,
862
- expiry,
863
- description,
864
- };
865
- }
866
- catch {
867
- return null;
868
- }
869
- };
1007
+ throw new Error('Unknown coin bech32 prefix')
1008
+ }
1009
+ sections.push({
1010
+ name: 'coin_network',
1011
+ letters: bech32Prefix,
1012
+ value: coinNetwork
1013
+ });
870
1014
 
871
- function bytes(b, ...lengths) {
872
- if (!(b instanceof Uint8Array))
873
- throw new Error('Expected Uint8Array');
874
- if (lengths.length > 0 && !lengths.includes(b.length))
875
- throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
876
- }
877
- function exists(instance, checkFinished = true) {
878
- if (instance.destroyed)
879
- throw new Error('Hash instance has been destroyed');
880
- if (checkFinished && instance.finished)
881
- throw new Error('Hash#digest() has already been called');
882
- }
883
- function output(out, instance) {
884
- bytes(out);
885
- const min = instance.outputLen;
886
- if (out.length < min) {
887
- throw new Error(`digestInto() expects output buffer of length at least ${min}`);
888
- }
889
- }
1015
+ // amount section
1016
+ const value = prefixMatches[2];
1017
+ let millisatoshis;
1018
+ if (value) {
1019
+ const divisor = prefixMatches[3];
1020
+ millisatoshis = hrpToMillisat(value + divisor, true);
1021
+ sections.push({
1022
+ name: 'amount',
1023
+ letters: prefixMatches[2] + prefixMatches[3],
1024
+ value: millisatoshis
1025
+ });
1026
+ } else {
1027
+ millisatoshis = null;
1028
+ }
890
1029
 
891
- /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
892
- // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
893
- // node.js versions earlier than v19 don't declare it in global scope.
894
- // For node.js, package.json#exports field mapping rewrites import
895
- // from `crypto` to `cryptoNode`, which imports native module.
896
- // Makes the utils un-importable in browsers without a bundler.
897
- // Once node.js 18 is deprecated, we can just drop the import.
898
- const u8a = (a) => a instanceof Uint8Array;
899
- // Cast array to view
900
- const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
901
- // The rotate right (circular right shift) operation for uint32
902
- const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
903
- // big-endian hardware is rare. Just in case someone still decides to run hashes:
904
- // early-throw an error because we don't support BE yet.
905
- const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
906
- if (!isLE)
907
- throw new Error('Non little-endian hardware is not supported');
908
- const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
909
- /**
910
- * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
911
- */
912
- function bytesToHex(bytes) {
913
- if (!u8a(bytes))
914
- throw new Error('Uint8Array expected');
915
- // pre-caching improves the speed 6x
916
- let hex = '';
917
- for (let i = 0; i < bytes.length; i++) {
918
- hex += hexes[bytes[i]];
919
- }
920
- return hex;
921
- }
922
- /**
923
- * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
924
- */
925
- function utf8ToBytes(str) {
926
- if (typeof str !== 'string')
927
- throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
928
- return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
929
- }
930
- /**
931
- * Normalizes (non-hex) string or Uint8Array to Uint8Array.
932
- * Warning: when Uint8Array is passed, it would NOT get copied.
933
- * Keep in mind for future mutable operations.
934
- */
935
- function toBytes(data) {
936
- if (typeof data === 'string')
937
- data = utf8ToBytes(data);
938
- if (!u8a(data))
939
- throw new Error(`expected Uint8Array, got ${typeof data}`);
940
- return data;
941
- }
942
- // For runtime check if class implements interface
943
- class Hash {
944
- // Safe version that clones internal state
945
- clone() {
946
- return this._cloneInto();
947
- }
948
- }
949
- function wrapConstructor(hashCons) {
950
- const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
951
- const tmp = hashCons();
952
- hashC.outputLen = tmp.outputLen;
953
- hashC.blockLen = tmp.blockLen;
954
- hashC.create = () => hashCons();
955
- return hashC;
956
- }
1030
+ // "1" separator
1031
+ sections.push({
1032
+ name: 'separator',
1033
+ letters: '1'
1034
+ });
957
1035
 
958
- // Polyfill for Safari 14
959
- function setBigUint64(view, byteOffset, value, isLE) {
960
- if (typeof view.setBigUint64 === 'function')
961
- return view.setBigUint64(byteOffset, value, isLE);
962
- const _32n = BigInt(32);
963
- const _u32_max = BigInt(0xffffffff);
964
- const wh = Number((value >> _32n) & _u32_max);
965
- const wl = Number(value & _u32_max);
966
- const h = isLE ? 4 : 0;
967
- const l = isLE ? 0 : 4;
968
- view.setUint32(byteOffset + h, wh, isLE);
969
- view.setUint32(byteOffset + l, wl, isLE);
970
- }
971
- // Base SHA2 class (RFC 6234)
972
- class SHA2 extends Hash {
973
- constructor(blockLen, outputLen, padOffset, isLE) {
974
- super();
975
- this.blockLen = blockLen;
976
- this.outputLen = outputLen;
977
- this.padOffset = padOffset;
978
- this.isLE = isLE;
979
- this.finished = false;
980
- this.length = 0;
981
- this.pos = 0;
982
- this.destroyed = false;
983
- this.buffer = new Uint8Array(blockLen);
984
- this.view = createView(this.buffer);
985
- }
986
- update(data) {
987
- exists(this);
988
- const { view, buffer, blockLen } = this;
989
- data = toBytes(data);
990
- const len = data.length;
991
- for (let pos = 0; pos < len;) {
992
- const take = Math.min(blockLen - this.pos, len - pos);
993
- // Fast path: we have at least one block in input, cast it to view and process
994
- if (take === blockLen) {
995
- const dataView = createView(data);
996
- for (; blockLen <= len - pos; pos += blockLen)
997
- this.process(dataView, pos);
998
- continue;
999
- }
1000
- buffer.set(data.subarray(pos, pos + take), this.pos);
1001
- this.pos += take;
1002
- pos += take;
1003
- if (this.pos === blockLen) {
1004
- this.process(view, 0);
1005
- this.pos = 0;
1006
- }
1007
- }
1008
- this.length += data.length;
1009
- this.roundClean();
1010
- return this;
1011
- }
1012
- digestInto(out) {
1013
- exists(this);
1014
- output(out, this);
1015
- this.finished = true;
1016
- // Padding
1017
- // We can avoid allocation of buffer for padding completely if it
1018
- // was previously not allocated here. But it won't change performance.
1019
- const { buffer, view, blockLen, isLE } = this;
1020
- let { pos } = this;
1021
- // append the bit '1' to the message
1022
- buffer[pos++] = 0b10000000;
1023
- this.buffer.subarray(pos).fill(0);
1024
- // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
1025
- if (this.padOffset > blockLen - pos) {
1026
- this.process(view, 0);
1027
- pos = 0;
1028
- }
1029
- // Pad until full block byte with zeros
1030
- for (let i = pos; i < blockLen; i++)
1031
- buffer[i] = 0;
1032
- // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
1033
- // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
1034
- // So we just write lowest 64 bits of that value.
1035
- setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
1036
- this.process(view, 0);
1037
- const oview = createView(out);
1038
- const len = this.outputLen;
1039
- // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
1040
- if (len % 4)
1041
- throw new Error('_sha2: outputLen should be aligned to 32bit');
1042
- const outLen = len / 4;
1043
- const state = this.get();
1044
- if (outLen > state.length)
1045
- throw new Error('_sha2: outputLen bigger than state');
1046
- for (let i = 0; i < outLen; i++)
1047
- oview.setUint32(4 * i, state[i], isLE);
1048
- }
1049
- digest() {
1050
- const { buffer, outputLen } = this;
1051
- this.digestInto(buffer);
1052
- const res = buffer.slice(0, outputLen);
1053
- this.destroy();
1054
- return res;
1055
- }
1056
- _cloneInto(to) {
1057
- to || (to = new this.constructor());
1058
- to.set(...this.get());
1059
- const { blockLen, buffer, length, finished, destroyed, pos } = this;
1060
- to.length = length;
1061
- to.pos = pos;
1062
- to.finished = finished;
1063
- to.destroyed = destroyed;
1064
- if (length % blockLen)
1065
- to.buffer.set(buffer);
1066
- return to;
1067
- }
1036
+ // timestamp
1037
+ const timestamp = wordsToIntBE(words.slice(0, 7));
1038
+ words = words.slice(7); // trim off the left 7 words
1039
+ sections.push({
1040
+ name: 'timestamp',
1041
+ letters: letters.slice(0, 7),
1042
+ value: timestamp
1043
+ });
1044
+ letters = letters.slice(7);
1045
+
1046
+ let tagName, parser, tagLength, tagWords;
1047
+ // we have no tag count to go on, so just keep hacking off words
1048
+ // until we have none.
1049
+ while (words.length > 0) {
1050
+ const tagCode = words[0].toString();
1051
+ tagName = TAGNAMES[tagCode] || 'unknown_tag';
1052
+ parser = TAGPARSERS[tagCode] || getUnknownParser(tagCode);
1053
+ words = words.slice(1);
1054
+
1055
+ tagLength = wordsToIntBE(words.slice(0, 2));
1056
+ words = words.slice(2);
1057
+
1058
+ tagWords = words.slice(0, tagLength);
1059
+ words = words.slice(tagLength);
1060
+
1061
+ sections.push({
1062
+ name: tagName,
1063
+ tag: letters[0],
1064
+ letters: letters.slice(0, 1 + 2 + tagLength),
1065
+ value: parser(tagWords) // see: parsers for more comments
1066
+ });
1067
+ letters = letters.slice(1 + 2 + tagLength);
1068
+ }
1069
+
1070
+ // signature
1071
+ sections.push({
1072
+ name: 'signature',
1073
+ letters: letters.slice(0, 104),
1074
+ value: hex.encode(bech32.fromWordsUnsafe(sigWords))
1075
+ });
1076
+ letters = letters.slice(104);
1077
+
1078
+ // checksum
1079
+ sections.push({
1080
+ name: 'checksum',
1081
+ letters: letters
1082
+ });
1083
+
1084
+ let result = {
1085
+ paymentRequest,
1086
+ sections,
1087
+
1088
+ get expiry() {
1089
+ let exp = sections.find(s => s.name === 'expiry');
1090
+ if (exp) return getValue('timestamp') + exp.value
1091
+ },
1092
+
1093
+ get route_hints() {
1094
+ return sections.filter(s => s.name === 'route_hint').map(s => s.value)
1095
+ }
1096
+ };
1097
+
1098
+ for (let name in TAGCODES) {
1099
+ if (name === 'route_hint') {
1100
+ // route hints can be multiple, so this won't work for them
1101
+ continue
1102
+ }
1103
+
1104
+ Object.defineProperty(result, name, {
1105
+ get() {
1106
+ return getValue(name)
1107
+ }
1108
+ });
1109
+ }
1110
+
1111
+ return result
1112
+
1113
+ function getValue(name) {
1114
+ let section = sections.find(s => s.name === name);
1115
+ return section ? section.value : undefined
1116
+ }
1117
+ }
1118
+
1119
+ bolt11 = {
1120
+ decode,
1121
+ hrpToMillisat
1122
+ };
1123
+ return bolt11;
1068
1124
  }
1069
1125
 
1070
- // SHA2-256 need to try 2^128 hashes to execute birthday attack.
1071
- // BTC network is doing 2^67 hashes/sec as per early 2023.
1072
- // Choice: a ? b : c
1073
- const Chi = (a, b, c) => (a & b) ^ (~a & c);
1074
- // Majority function, true if any two inpust is true
1075
- const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
1076
- // Round constants:
1077
- // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
1078
- // prettier-ignore
1079
- const SHA256_K = /* @__PURE__ */ new Uint32Array([
1080
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
1081
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
1082
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
1083
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
1084
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
1085
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
1086
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
1087
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
1088
- ]);
1089
- // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
1090
- // prettier-ignore
1091
- const IV = /* @__PURE__ */ new Uint32Array([
1092
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
1093
- ]);
1094
- // Temporary buffer, not used to store anything between runs
1095
- // Named this way because it matches specification.
1096
- const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
1097
- class SHA256 extends SHA2 {
1098
- constructor() {
1099
- super(64, 32, 8, false);
1100
- // We cannot use array here since array allows indexing by variable
1101
- // which means optimizer/compiler cannot use registers.
1102
- this.A = IV[0] | 0;
1103
- this.B = IV[1] | 0;
1104
- this.C = IV[2] | 0;
1105
- this.D = IV[3] | 0;
1106
- this.E = IV[4] | 0;
1107
- this.F = IV[5] | 0;
1108
- this.G = IV[6] | 0;
1109
- this.H = IV[7] | 0;
1110
- }
1111
- get() {
1112
- const { A, B, C, D, E, F, G, H } = this;
1113
- return [A, B, C, D, E, F, G, H];
1114
- }
1115
- // prettier-ignore
1116
- set(A, B, C, D, E, F, G, H) {
1117
- this.A = A | 0;
1118
- this.B = B | 0;
1119
- this.C = C | 0;
1120
- this.D = D | 0;
1121
- this.E = E | 0;
1122
- this.F = F | 0;
1123
- this.G = G | 0;
1124
- this.H = H | 0;
1125
- }
1126
- process(view, offset) {
1127
- // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
1128
- for (let i = 0; i < 16; i++, offset += 4)
1129
- SHA256_W[i] = view.getUint32(offset, false);
1130
- for (let i = 16; i < 64; i++) {
1131
- const W15 = SHA256_W[i - 15];
1132
- const W2 = SHA256_W[i - 2];
1133
- const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
1134
- const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
1135
- SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
1126
+ var bolt11Exports = requireBolt11();
1127
+
1128
+ // from https://stackoverflow.com/a/50868276
1129
+ const fromHexString = (hexString) => Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
1130
+ const decodeInvoice = (paymentRequest) => {
1131
+ if (!paymentRequest)
1132
+ return null;
1133
+ try {
1134
+ const decoded = bolt11Exports.decode(paymentRequest);
1135
+ if (!decoded || !decoded.sections)
1136
+ return null;
1137
+ const hashTag = decoded.sections.find((value) => value.name === "payment_hash");
1138
+ if (hashTag?.name !== "payment_hash" || !hashTag.value)
1139
+ return null;
1140
+ const paymentHash = hashTag.value;
1141
+ let satoshi = 0;
1142
+ let millisatoshi = 0;
1143
+ let amountRaw = "0";
1144
+ const amountTag = decoded.sections.find((value) => value.name === "amount");
1145
+ if (amountTag?.name === "amount" && amountTag.value) {
1146
+ amountRaw = amountTag.value;
1147
+ millisatoshi = parseInt(amountTag.value);
1148
+ satoshi = parseInt(amountTag.value) / 1000; // millisats
1136
1149
  }
1137
- // Compression function main loop, 64 rounds
1138
- let { A, B, C, D, E, F, G, H } = this;
1139
- for (let i = 0; i < 64; i++) {
1140
- const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
1141
- const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
1142
- const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
1143
- const T2 = (sigma0 + Maj(A, B, C)) | 0;
1144
- H = G;
1145
- G = F;
1146
- F = E;
1147
- E = (D + T1) | 0;
1148
- D = C;
1149
- C = B;
1150
- B = A;
1151
- A = (T1 + T2) | 0;
1150
+ const timestampTag = decoded.sections.find((value) => value.name === "timestamp");
1151
+ if (timestampTag?.name !== "timestamp" || !timestampTag.value)
1152
+ return null;
1153
+ const timestamp = timestampTag.value;
1154
+ let expiry;
1155
+ const expiryTag = decoded.sections.find((value) => value.name === "expiry");
1156
+ if (expiryTag?.name === "expiry") {
1157
+ expiry = expiryTag.value;
1152
1158
  }
1153
- // Add the compressed chunk to the current hash value
1154
- A = (A + this.A) | 0;
1155
- B = (B + this.B) | 0;
1156
- C = (C + this.C) | 0;
1157
- D = (D + this.D) | 0;
1158
- E = (E + this.E) | 0;
1159
- F = (F + this.F) | 0;
1160
- G = (G + this.G) | 0;
1161
- H = (H + this.H) | 0;
1162
- this.set(A, B, C, D, E, F, G, H);
1159
+ const descriptionTag = decoded.sections.find((value) => value.name === "description");
1160
+ const description = descriptionTag?.name === "description"
1161
+ ? descriptionTag?.value
1162
+ : undefined;
1163
+ return {
1164
+ paymentHash,
1165
+ satoshi,
1166
+ millisatoshi,
1167
+ amountRaw,
1168
+ timestamp,
1169
+ expiry,
1170
+ description,
1171
+ };
1163
1172
  }
1164
- roundClean() {
1165
- SHA256_W.fill(0);
1173
+ catch {
1174
+ return null;
1166
1175
  }
1167
- destroy() {
1168
- this.set(0, 0, 0, 0, 0, 0, 0, 0);
1169
- this.buffer.fill(0);
1176
+ };
1177
+ function validatePreimage(preimage, paymentHash) {
1178
+ try {
1179
+ if (!/^[0-9a-fA-F]{64}$/.test(preimage))
1180
+ return false;
1181
+ if (!/^[0-9a-fA-F]{64}$/.test(paymentHash))
1182
+ return false;
1183
+ const preimageHash = bytesToHex(sha256(fromHexString(preimage)));
1184
+ return paymentHash === preimageHash;
1185
+ }
1186
+ catch {
1187
+ return false;
1170
1188
  }
1171
1189
  }
1172
- /**
1173
- * SHA2-256 hash function
1174
- * @param message - data that would be hashed
1175
- */
1176
- const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
1177
1190
 
1178
1191
  class Invoice {
1179
1192
  constructor(args) {
@@ -1213,13 +1226,7 @@ class Invoice {
1213
1226
  validatePreimage(preimage) {
1214
1227
  if (!preimage || !this.paymentHash)
1215
1228
  return false;
1216
- try {
1217
- const preimageHash = bytesToHex(sha256(fromHexString(preimage)));
1218
- return this.paymentHash === preimageHash;
1219
- }
1220
- catch {
1221
- return false;
1222
- }
1229
+ return validatePreimage(preimage, this.paymentHash);
1223
1230
  }
1224
1231
  async verifyPayment() {
1225
1232
  try {
@@ -1677,6 +1684,11 @@ function createGuardedWallet(wallet, maxAmountSats) {
1677
1684
  };
1678
1685
  }
1679
1686
 
1687
+ /**
1688
+ * Client: parse "www-authenticate" header from server response
1689
+ * @param input
1690
+ * @returns details from the header value (token or macaroon, invoice)
1691
+ */
1680
1692
  const parseL402 = (input) => {
1681
1693
  // Remove the L402 and LSAT identifiers
1682
1694
  const string = input.replace("L402", "").replace("LSAT", "").trim();
@@ -1691,6 +1703,19 @@ const parseL402 = (input) => {
1691
1703
  // Value is either match[3] (double-quoted), match[4] (single-quoted), or match[5] (unquoted)
1692
1704
  keyValuePairs[match[1]] = match[3] || match[4] || match[5];
1693
1705
  }
1706
+ if (!keyValuePairs["token"] && keyValuePairs["macaroon"]) {
1707
+ // fallback to old naming
1708
+ keyValuePairs["token"] = keyValuePairs["macaroon"];
1709
+ delete keyValuePairs["macaroon"];
1710
+ }
1711
+ if (!("token" in keyValuePairs) ||
1712
+ typeof keyValuePairs["token"] !== "string") {
1713
+ throw new Error("No macaroon or token found in www-authenticate header");
1714
+ }
1715
+ if (!("invoice" in keyValuePairs) ||
1716
+ typeof keyValuePairs["invoice"] !== "string") {
1717
+ throw new Error("No invoice found in www-authenticate header");
1718
+ }
1694
1719
  return keyValuePairs;
1695
1720
  };
1696
1721
 
@@ -1740,7 +1765,7 @@ const buildX402PaymentSignature = (scheme, network, invoice, requirements) => {
1740
1765
  return btoa(unescape(encodeURIComponent(json)));
1741
1766
  };
1742
1767
 
1743
- const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1768
+ const decodeX402Header = (x402Header) => {
1744
1769
  let parsed;
1745
1770
  try {
1746
1771
  parsed = JSON.parse(decodeURIComponent(escape(atob(x402Header))));
@@ -1751,9 +1776,31 @@ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) =>
1751
1776
  if (!Array.isArray(parsed.accepts) || parsed.accepts.length === 0) {
1752
1777
  throw new Error("x402: PAYMENT-REQUIRED header contains no payment options");
1753
1778
  }
1754
- const requirements = parsed.accepts.find((e) => {
1755
- return e.extra?.paymentMethod === "lightning";
1756
- });
1779
+ return { accepts: parsed.accepts };
1780
+ };
1781
+ /**
1782
+ * Probe a PAYMENT-REQUIRED header for a lightning-payable offer without
1783
+ * throwing. Returns the matching requirements, or null if the header has no
1784
+ * lightning entry (e.g. USDC-only endpoints) or is malformed. Used by the
1785
+ * top-level fetch402 dispatcher to decide whether to attempt payment or hand
1786
+ * the 402 back to the caller.
1787
+ */
1788
+ const findX402LightningRequirements = (x402Header) => {
1789
+ let accepts;
1790
+ try {
1791
+ ({ accepts } = decodeX402Header(x402Header));
1792
+ }
1793
+ catch (_) {
1794
+ return null;
1795
+ }
1796
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1797
+ if (!requirements?.extra?.invoice)
1798
+ return null;
1799
+ return requirements;
1800
+ };
1801
+ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1802
+ const { accepts } = decodeX402Header(x402Header);
1803
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1757
1804
  if (!requirements) {
1758
1805
  throw new Error("x402: unsupported x402 network, only Bitcoin lightning network is supported.");
1759
1806
  }
@@ -1972,24 +2019,112 @@ const fetch402 = async (url, fetchArgs, options) => {
1972
2019
  const headers = new Headers(fetchArgs.headers ?? undefined);
1973
2020
  fetchArgs.headers = headers;
1974
2021
  const initResp = await fetch(url, fetchArgs);
2022
+ // L402 / LSAT: dedicated scheme, dispatch directly.
1975
2023
  const wwwAuthHeader = initResp.headers.get("www-authenticate");
1976
2024
  if (wwwAuthHeader) {
1977
2025
  const trimmed = wwwAuthHeader.trimStart().toLowerCase();
1978
- if (trimmed.startsWith("payment")) {
1979
- return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
1980
- }
1981
2026
  if (trimmed.startsWith("l402") || trimmed.startsWith("lsat")) {
1982
2027
  return handleL402Payment(wwwAuthHeader, url, fetchArgs, headers, wallet);
1983
2028
  }
1984
- throw new Error(`fetch402: unsupported WWW-Authenticate scheme: ${wwwAuthHeader}`);
1985
2029
  }
2030
+ // A server may advertise multiple payment options at once (e.g. an MPP
2031
+ // USDC challenge in WWW-Authenticate alongside an x402 PAYMENT-REQUIRED
2032
+ // header that lists both USDC and lightning). Try each lightning-payable
2033
+ // handler in turn; only if none matches do we hand the original 402 back
2034
+ // to the caller so they can decide what to do with non-lightning offers.
2035
+ // 1. MPP-lightning challenge (Payment method="lightning" intent="charge").
2036
+ // parseMppChallenge returns null for any other method, which lets us
2037
+ // fall through to x402 instead of throwing.
2038
+ if (wwwAuthHeader && parseMppChallenge(wwwAuthHeader)) {
2039
+ return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
2040
+ }
2041
+ // 2. x402 PAYMENT-REQUIRED with a lightning entry in `accepts`.
1986
2042
  const x402Header = initResp.headers.get("PAYMENT-REQUIRED");
1987
- if (x402Header) {
2043
+ if (x402Header && findX402LightningRequirements(x402Header)) {
1988
2044
  return handleX402Payment(x402Header, url, fetchArgs, headers, wallet);
1989
2045
  }
1990
2046
  return initResp;
1991
2047
  };
1992
2048
 
2049
+ async function issueL402Macaroon(secret, paymentHash, params) {
2050
+ if (params !== undefined &&
2051
+ Object.prototype.hasOwnProperty.call(params, "paymentHash")) {
2052
+ throw new Error("paymentHash is reserved");
2053
+ }
2054
+ const payload = { ...params, paymentHash };
2055
+ const encoded = Buffer.from(JSON.stringify(payload)).toString("base64url");
2056
+ const mac = await sign(secret, encoded);
2057
+ return `${encoded}.${mac}`;
2058
+ }
2059
+ async function verifyL402Macaroon(secret, token) {
2060
+ const { timingSafeEqual } = await import('crypto');
2061
+ const dotIndex = token.lastIndexOf(".");
2062
+ if (dotIndex === -1)
2063
+ throw new Error("Invalid macaroon token");
2064
+ const encoded = token.slice(0, dotIndex);
2065
+ const mac = token.slice(dotIndex + 1);
2066
+ // Constant-time comparison to prevent timing attacks
2067
+ const expectedMac = await sign(secret, encoded);
2068
+ try {
2069
+ if (!timingSafeEqual(Buffer.from(mac, "hex"), Buffer.from(expectedMac, "hex"))) {
2070
+ throw new Error("Invalid macaroon token");
2071
+ }
2072
+ }
2073
+ catch (e) {
2074
+ throw new Error("Invalid macaroon token");
2075
+ }
2076
+ try {
2077
+ const parsed = JSON.parse(Buffer.from(encoded, "base64url").toString("utf8"));
2078
+ if (parsed === null ||
2079
+ typeof parsed !== "object" ||
2080
+ Array.isArray(parsed) ||
2081
+ typeof parsed.paymentHash !== "string") {
2082
+ throw new Error("Invalid macaroon payload");
2083
+ }
2084
+ return parsed;
2085
+ }
2086
+ catch {
2087
+ throw new Error("Invalid macaroon token");
2088
+ }
2089
+ }
2090
+ async function sign(secret, payload) {
2091
+ const { createHmac } = await import('crypto');
2092
+ return createHmac("sha256", secret).update(payload).digest("hex");
2093
+ }
2094
+
2095
+ /**
2096
+ * Server: create a WWW-Authenticate header for a given macaroon and invoice
2097
+ * @param args the macaroon/token and invoice generated for the client's request
2098
+ * @returns the header value
2099
+ */
2100
+ const makeL402AuthenticateHeader = (args) => {
2101
+ if (!args.token) {
2102
+ throw new Error("token must be provided");
2103
+ }
2104
+ return `L402 version="0" token="${args.token}", invoice="${args.invoice}"`;
2105
+ };
2106
+ /**
2107
+ * Server: parse "authorization" header sent from client
2108
+ * @param input value from authorization header
2109
+ * @returns the macaroon and preimage
2110
+ */
2111
+ function parseL402Authorization(input) {
2112
+ // Backwards compat: LSAT was the former name of L402
2113
+ const normalized = input.replace(/^LSAT /, "L402 ");
2114
+ const prefix = "L402 ";
2115
+ if (!normalized.startsWith(prefix))
2116
+ return null;
2117
+ const credentials = normalized.slice(prefix.length);
2118
+ const colonIndex = credentials.indexOf(":");
2119
+ if (colonIndex === -1) {
2120
+ throw new Error("Invalid authorization header value");
2121
+ }
2122
+ return {
2123
+ token: credentials.slice(0, colonIndex),
2124
+ preimage: credentials.slice(colonIndex + 1),
2125
+ };
2126
+ }
2127
+
1993
2128
  const numSatsInBtc = 100000000;
1994
2129
  const getFiatCurrencies = async () => {
1995
2130
  const url = "https://getalby.com/api/rates";
@@ -2039,5 +2174,5 @@ const getFormattedFiatValue = async ({ satoshi, currency, locale, }) => {
2039
2174
  });
2040
2175
  };
2041
2176
 
2042
- export { DEFAULT_PROXY, Invoice, LN_ADDRESS_REGEX, LightningAddress, createGuardedWallet, decodeInvoice, fetch402, fetchWithL402, fetchWithMpp, fetchWithX402, fromHexString, generateZapEvent, getEventHash, getFiatBtcRate, getFiatCurrencies, getFiatValue, getFormattedFiatValue, getSatoshiValue, isUrl, isValidAmount, parseKeysendResponse, parseLnUrlPayResponse, parseNostrResponse, sendBoostagram, serializeEvent, validateEvent };
2177
+ export { DEFAULT_PROXY, Invoice, LN_ADDRESS_REGEX, LightningAddress, createGuardedWallet, decodeInvoice, fetch402, fetchWithL402, fetchWithMpp, fetchWithX402, findX402LightningRequirements, fromHexString, generateZapEvent, getEventHash, getFiatBtcRate, getFiatCurrencies, getFiatValue, getFormattedFiatValue, getSatoshiValue, isUrl, isValidAmount, issueL402Macaroon, makeL402AuthenticateHeader, parseKeysendResponse, parseL402, parseL402Authorization, parseLnUrlPayResponse, parseNostrResponse, sendBoostagram, serializeEvent, validateEvent, validatePreimage, verifyL402Macaroon };
2043
2178
  //# sourceMappingURL=index.js.map