@getalby/lightning-tools 8.0.0 → 8.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,5 +1,312 @@
1
1
  'use strict';
2
2
 
3
+ function bytes(b, ...lengths) {
4
+ if (!(b instanceof Uint8Array))
5
+ throw new Error('Expected Uint8Array');
6
+ if (lengths.length > 0 && !lengths.includes(b.length))
7
+ throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
8
+ }
9
+ function exists(instance, checkFinished = true) {
10
+ if (instance.destroyed)
11
+ throw new Error('Hash instance has been destroyed');
12
+ if (checkFinished && instance.finished)
13
+ throw new Error('Hash#digest() has already been called');
14
+ }
15
+ function output(out, instance) {
16
+ bytes(out);
17
+ const min = instance.outputLen;
18
+ if (out.length < min) {
19
+ throw new Error(`digestInto() expects output buffer of length at least ${min}`);
20
+ }
21
+ }
22
+
23
+ /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
24
+ // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
25
+ // node.js versions earlier than v19 don't declare it in global scope.
26
+ // For node.js, package.json#exports field mapping rewrites import
27
+ // from `crypto` to `cryptoNode`, which imports native module.
28
+ // Makes the utils un-importable in browsers without a bundler.
29
+ // Once node.js 18 is deprecated, we can just drop the import.
30
+ const u8a = (a) => a instanceof Uint8Array;
31
+ // Cast array to view
32
+ const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
33
+ // The rotate right (circular right shift) operation for uint32
34
+ const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
35
+ // big-endian hardware is rare. Just in case someone still decides to run hashes:
36
+ // early-throw an error because we don't support BE yet.
37
+ const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
38
+ if (!isLE)
39
+ throw new Error('Non little-endian hardware is not supported');
40
+ const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
41
+ /**
42
+ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
43
+ */
44
+ function bytesToHex(bytes) {
45
+ if (!u8a(bytes))
46
+ throw new Error('Uint8Array expected');
47
+ // pre-caching improves the speed 6x
48
+ let hex = '';
49
+ for (let i = 0; i < bytes.length; i++) {
50
+ hex += hexes[bytes[i]];
51
+ }
52
+ return hex;
53
+ }
54
+ /**
55
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
56
+ */
57
+ function utf8ToBytes(str) {
58
+ if (typeof str !== 'string')
59
+ throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
60
+ return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
61
+ }
62
+ /**
63
+ * Normalizes (non-hex) string or Uint8Array to Uint8Array.
64
+ * Warning: when Uint8Array is passed, it would NOT get copied.
65
+ * Keep in mind for future mutable operations.
66
+ */
67
+ function toBytes(data) {
68
+ if (typeof data === 'string')
69
+ data = utf8ToBytes(data);
70
+ if (!u8a(data))
71
+ throw new Error(`expected Uint8Array, got ${typeof data}`);
72
+ return data;
73
+ }
74
+ // For runtime check if class implements interface
75
+ class Hash {
76
+ // Safe version that clones internal state
77
+ clone() {
78
+ return this._cloneInto();
79
+ }
80
+ }
81
+ function wrapConstructor(hashCons) {
82
+ const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
83
+ const tmp = hashCons();
84
+ hashC.outputLen = tmp.outputLen;
85
+ hashC.blockLen = tmp.blockLen;
86
+ hashC.create = () => hashCons();
87
+ return hashC;
88
+ }
89
+
90
+ // Polyfill for Safari 14
91
+ function setBigUint64(view, byteOffset, value, isLE) {
92
+ if (typeof view.setBigUint64 === 'function')
93
+ return view.setBigUint64(byteOffset, value, isLE);
94
+ const _32n = BigInt(32);
95
+ const _u32_max = BigInt(0xffffffff);
96
+ const wh = Number((value >> _32n) & _u32_max);
97
+ const wl = Number(value & _u32_max);
98
+ const h = isLE ? 4 : 0;
99
+ const l = isLE ? 0 : 4;
100
+ view.setUint32(byteOffset + h, wh, isLE);
101
+ view.setUint32(byteOffset + l, wl, isLE);
102
+ }
103
+ // Base SHA2 class (RFC 6234)
104
+ class SHA2 extends Hash {
105
+ constructor(blockLen, outputLen, padOffset, isLE) {
106
+ super();
107
+ this.blockLen = blockLen;
108
+ this.outputLen = outputLen;
109
+ this.padOffset = padOffset;
110
+ this.isLE = isLE;
111
+ this.finished = false;
112
+ this.length = 0;
113
+ this.pos = 0;
114
+ this.destroyed = false;
115
+ this.buffer = new Uint8Array(blockLen);
116
+ this.view = createView(this.buffer);
117
+ }
118
+ update(data) {
119
+ exists(this);
120
+ const { view, buffer, blockLen } = this;
121
+ data = toBytes(data);
122
+ const len = data.length;
123
+ for (let pos = 0; pos < len;) {
124
+ const take = Math.min(blockLen - this.pos, len - pos);
125
+ // Fast path: we have at least one block in input, cast it to view and process
126
+ if (take === blockLen) {
127
+ const dataView = createView(data);
128
+ for (; blockLen <= len - pos; pos += blockLen)
129
+ this.process(dataView, pos);
130
+ continue;
131
+ }
132
+ buffer.set(data.subarray(pos, pos + take), this.pos);
133
+ this.pos += take;
134
+ pos += take;
135
+ if (this.pos === blockLen) {
136
+ this.process(view, 0);
137
+ this.pos = 0;
138
+ }
139
+ }
140
+ this.length += data.length;
141
+ this.roundClean();
142
+ return this;
143
+ }
144
+ digestInto(out) {
145
+ exists(this);
146
+ output(out, this);
147
+ this.finished = true;
148
+ // Padding
149
+ // We can avoid allocation of buffer for padding completely if it
150
+ // was previously not allocated here. But it won't change performance.
151
+ const { buffer, view, blockLen, isLE } = this;
152
+ let { pos } = this;
153
+ // append the bit '1' to the message
154
+ buffer[pos++] = 0b10000000;
155
+ this.buffer.subarray(pos).fill(0);
156
+ // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
157
+ if (this.padOffset > blockLen - pos) {
158
+ this.process(view, 0);
159
+ pos = 0;
160
+ }
161
+ // Pad until full block byte with zeros
162
+ for (let i = pos; i < blockLen; i++)
163
+ buffer[i] = 0;
164
+ // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
165
+ // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
166
+ // So we just write lowest 64 bits of that value.
167
+ setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
168
+ this.process(view, 0);
169
+ const oview = createView(out);
170
+ const len = this.outputLen;
171
+ // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
172
+ if (len % 4)
173
+ throw new Error('_sha2: outputLen should be aligned to 32bit');
174
+ const outLen = len / 4;
175
+ const state = this.get();
176
+ if (outLen > state.length)
177
+ throw new Error('_sha2: outputLen bigger than state');
178
+ for (let i = 0; i < outLen; i++)
179
+ oview.setUint32(4 * i, state[i], isLE);
180
+ }
181
+ digest() {
182
+ const { buffer, outputLen } = this;
183
+ this.digestInto(buffer);
184
+ const res = buffer.slice(0, outputLen);
185
+ this.destroy();
186
+ return res;
187
+ }
188
+ _cloneInto(to) {
189
+ to || (to = new this.constructor());
190
+ to.set(...this.get());
191
+ const { blockLen, buffer, length, finished, destroyed, pos } = this;
192
+ to.length = length;
193
+ to.pos = pos;
194
+ to.finished = finished;
195
+ to.destroyed = destroyed;
196
+ if (length % blockLen)
197
+ to.buffer.set(buffer);
198
+ return to;
199
+ }
200
+ }
201
+
202
+ // SHA2-256 need to try 2^128 hashes to execute birthday attack.
203
+ // BTC network is doing 2^67 hashes/sec as per early 2023.
204
+ // Choice: a ? b : c
205
+ const Chi = (a, b, c) => (a & b) ^ (~a & c);
206
+ // Majority function, true if any two inpust is true
207
+ const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
208
+ // Round constants:
209
+ // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
210
+ // prettier-ignore
211
+ const SHA256_K = /* @__PURE__ */ new Uint32Array([
212
+ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
213
+ 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
214
+ 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
215
+ 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
216
+ 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
217
+ 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
218
+ 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
219
+ 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
220
+ ]);
221
+ // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
222
+ // prettier-ignore
223
+ const IV = /* @__PURE__ */ new Uint32Array([
224
+ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
225
+ ]);
226
+ // Temporary buffer, not used to store anything between runs
227
+ // Named this way because it matches specification.
228
+ const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
229
+ class SHA256 extends SHA2 {
230
+ constructor() {
231
+ super(64, 32, 8, false);
232
+ // We cannot use array here since array allows indexing by variable
233
+ // which means optimizer/compiler cannot use registers.
234
+ this.A = IV[0] | 0;
235
+ this.B = IV[1] | 0;
236
+ this.C = IV[2] | 0;
237
+ this.D = IV[3] | 0;
238
+ this.E = IV[4] | 0;
239
+ this.F = IV[5] | 0;
240
+ this.G = IV[6] | 0;
241
+ this.H = IV[7] | 0;
242
+ }
243
+ get() {
244
+ const { A, B, C, D, E, F, G, H } = this;
245
+ return [A, B, C, D, E, F, G, H];
246
+ }
247
+ // prettier-ignore
248
+ set(A, B, C, D, E, F, G, H) {
249
+ this.A = A | 0;
250
+ this.B = B | 0;
251
+ this.C = C | 0;
252
+ this.D = D | 0;
253
+ this.E = E | 0;
254
+ this.F = F | 0;
255
+ this.G = G | 0;
256
+ this.H = H | 0;
257
+ }
258
+ process(view, offset) {
259
+ // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
260
+ for (let i = 0; i < 16; i++, offset += 4)
261
+ SHA256_W[i] = view.getUint32(offset, false);
262
+ for (let i = 16; i < 64; i++) {
263
+ const W15 = SHA256_W[i - 15];
264
+ const W2 = SHA256_W[i - 2];
265
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
266
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
267
+ SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
268
+ }
269
+ // Compression function main loop, 64 rounds
270
+ let { A, B, C, D, E, F, G, H } = this;
271
+ for (let i = 0; i < 64; i++) {
272
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
273
+ const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
274
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
275
+ const T2 = (sigma0 + Maj(A, B, C)) | 0;
276
+ H = G;
277
+ G = F;
278
+ F = E;
279
+ E = (D + T1) | 0;
280
+ D = C;
281
+ C = B;
282
+ B = A;
283
+ A = (T1 + T2) | 0;
284
+ }
285
+ // Add the compressed chunk to the current hash value
286
+ A = (A + this.A) | 0;
287
+ B = (B + this.B) | 0;
288
+ C = (C + this.C) | 0;
289
+ D = (D + this.D) | 0;
290
+ E = (E + this.E) | 0;
291
+ F = (F + this.F) | 0;
292
+ G = (G + this.G) | 0;
293
+ H = (H + this.H) | 0;
294
+ this.set(A, B, C, D, E, F, G, H);
295
+ }
296
+ roundClean() {
297
+ SHA256_W.fill(0);
298
+ }
299
+ destroy() {
300
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
301
+ this.buffer.fill(0);
302
+ }
303
+ }
304
+ /**
305
+ * SHA2-256 hash function
306
+ * @param message - data that would be hashed
307
+ */
308
+ const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
309
+
3
310
  var lib = {};
4
311
 
5
312
  var hasRequiredLib;
@@ -699,483 +1006,189 @@ function requireBolt11 () {
699
1006
  coinNetwork = network;
700
1007
  }
701
1008
  if (!coinNetwork || coinNetwork.bech32 !== bech32Prefix) {
702
- throw new Error('Unknown coin bech32 prefix')
703
- }
704
- sections.push({
705
- name: 'coin_network',
706
- letters: bech32Prefix,
707
- value: coinNetwork
708
- });
709
-
710
- // amount section
711
- const value = prefixMatches[2];
712
- let millisatoshis;
713
- if (value) {
714
- const divisor = prefixMatches[3];
715
- millisatoshis = hrpToMillisat(value + divisor, true);
716
- sections.push({
717
- name: 'amount',
718
- letters: prefixMatches[2] + prefixMatches[3],
719
- value: millisatoshis
720
- });
721
- } else {
722
- millisatoshis = null;
723
- }
724
-
725
- // "1" separator
726
- sections.push({
727
- name: 'separator',
728
- letters: '1'
729
- });
730
-
731
- // timestamp
732
- const timestamp = wordsToIntBE(words.slice(0, 7));
733
- words = words.slice(7); // trim off the left 7 words
734
- sections.push({
735
- name: 'timestamp',
736
- letters: letters.slice(0, 7),
737
- value: timestamp
738
- });
739
- letters = letters.slice(7);
740
-
741
- let tagName, parser, tagLength, tagWords;
742
- // we have no tag count to go on, so just keep hacking off words
743
- // until we have none.
744
- while (words.length > 0) {
745
- const tagCode = words[0].toString();
746
- tagName = TAGNAMES[tagCode] || 'unknown_tag';
747
- parser = TAGPARSERS[tagCode] || getUnknownParser(tagCode);
748
- words = words.slice(1);
749
-
750
- tagLength = wordsToIntBE(words.slice(0, 2));
751
- words = words.slice(2);
752
-
753
- tagWords = words.slice(0, tagLength);
754
- words = words.slice(tagLength);
755
-
756
- sections.push({
757
- name: tagName,
758
- tag: letters[0],
759
- letters: letters.slice(0, 1 + 2 + tagLength),
760
- value: parser(tagWords) // see: parsers for more comments
761
- });
762
- letters = letters.slice(1 + 2 + tagLength);
763
- }
764
-
765
- // signature
766
- sections.push({
767
- name: 'signature',
768
- letters: letters.slice(0, 104),
769
- value: hex.encode(bech32.fromWordsUnsafe(sigWords))
770
- });
771
- letters = letters.slice(104);
772
-
773
- // checksum
774
- sections.push({
775
- name: 'checksum',
776
- letters: letters
777
- });
778
-
779
- let result = {
780
- paymentRequest,
781
- sections,
782
-
783
- get expiry() {
784
- let exp = sections.find(s => s.name === 'expiry');
785
- if (exp) return getValue('timestamp') + exp.value
786
- },
787
-
788
- get route_hints() {
789
- return sections.filter(s => s.name === 'route_hint').map(s => s.value)
790
- }
791
- };
792
-
793
- for (let name in TAGCODES) {
794
- if (name === 'route_hint') {
795
- // route hints can be multiple, so this won't work for them
796
- continue
797
- }
798
-
799
- Object.defineProperty(result, name, {
800
- get() {
801
- return getValue(name)
802
- }
803
- });
804
- }
805
-
806
- return result
807
-
808
- function getValue(name) {
809
- let section = sections.find(s => s.name === name);
810
- return section ? section.value : undefined
811
- }
812
- }
813
-
814
- bolt11 = {
815
- decode,
816
- hrpToMillisat
817
- };
818
- return bolt11;
819
- }
820
-
821
- var bolt11Exports = requireBolt11();
822
-
823
- // from https://stackoverflow.com/a/50868276
824
- const fromHexString = (hexString) => Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
825
- const decodeInvoice = (paymentRequest) => {
826
- if (!paymentRequest)
827
- return null;
828
- try {
829
- const decoded = bolt11Exports.decode(paymentRequest);
830
- if (!decoded || !decoded.sections)
831
- return null;
832
- const hashTag = decoded.sections.find((value) => value.name === "payment_hash");
833
- if (hashTag?.name !== "payment_hash" || !hashTag.value)
834
- return null;
835
- const paymentHash = hashTag.value;
836
- let satoshi = 0;
837
- let millisatoshi = 0;
838
- let amountRaw = "0";
839
- const amountTag = decoded.sections.find((value) => value.name === "amount");
840
- if (amountTag?.name === "amount" && amountTag.value) {
841
- amountRaw = amountTag.value;
842
- millisatoshi = parseInt(amountTag.value);
843
- satoshi = parseInt(amountTag.value) / 1000; // millisats
844
- }
845
- const timestampTag = decoded.sections.find((value) => value.name === "timestamp");
846
- if (timestampTag?.name !== "timestamp" || !timestampTag.value)
847
- return null;
848
- const timestamp = timestampTag.value;
849
- let expiry;
850
- const expiryTag = decoded.sections.find((value) => value.name === "expiry");
851
- if (expiryTag?.name === "expiry") {
852
- expiry = expiryTag.value;
853
- }
854
- const descriptionTag = decoded.sections.find((value) => value.name === "description");
855
- const description = descriptionTag?.name === "description"
856
- ? descriptionTag?.value
857
- : undefined;
858
- return {
859
- paymentHash,
860
- satoshi,
861
- millisatoshi,
862
- amountRaw,
863
- timestamp,
864
- expiry,
865
- description,
866
- };
867
- }
868
- catch {
869
- return null;
870
- }
871
- };
1009
+ throw new Error('Unknown coin bech32 prefix')
1010
+ }
1011
+ sections.push({
1012
+ name: 'coin_network',
1013
+ letters: bech32Prefix,
1014
+ value: coinNetwork
1015
+ });
872
1016
 
873
- function bytes(b, ...lengths) {
874
- if (!(b instanceof Uint8Array))
875
- throw new Error('Expected Uint8Array');
876
- if (lengths.length > 0 && !lengths.includes(b.length))
877
- throw new Error(`Expected Uint8Array of length ${lengths}, not of length=${b.length}`);
878
- }
879
- function exists(instance, checkFinished = true) {
880
- if (instance.destroyed)
881
- throw new Error('Hash instance has been destroyed');
882
- if (checkFinished && instance.finished)
883
- throw new Error('Hash#digest() has already been called');
884
- }
885
- function output(out, instance) {
886
- bytes(out);
887
- const min = instance.outputLen;
888
- if (out.length < min) {
889
- throw new Error(`digestInto() expects output buffer of length at least ${min}`);
890
- }
891
- }
1017
+ // amount section
1018
+ const value = prefixMatches[2];
1019
+ let millisatoshis;
1020
+ if (value) {
1021
+ const divisor = prefixMatches[3];
1022
+ millisatoshis = hrpToMillisat(value + divisor, true);
1023
+ sections.push({
1024
+ name: 'amount',
1025
+ letters: prefixMatches[2] + prefixMatches[3],
1026
+ value: millisatoshis
1027
+ });
1028
+ } else {
1029
+ millisatoshis = null;
1030
+ }
892
1031
 
893
- /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
894
- // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
895
- // node.js versions earlier than v19 don't declare it in global scope.
896
- // For node.js, package.json#exports field mapping rewrites import
897
- // from `crypto` to `cryptoNode`, which imports native module.
898
- // Makes the utils un-importable in browsers without a bundler.
899
- // Once node.js 18 is deprecated, we can just drop the import.
900
- const u8a = (a) => a instanceof Uint8Array;
901
- // Cast array to view
902
- const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
903
- // The rotate right (circular right shift) operation for uint32
904
- const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
905
- // big-endian hardware is rare. Just in case someone still decides to run hashes:
906
- // early-throw an error because we don't support BE yet.
907
- const isLE = new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
908
- if (!isLE)
909
- throw new Error('Non little-endian hardware is not supported');
910
- const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
911
- /**
912
- * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
913
- */
914
- function bytesToHex(bytes) {
915
- if (!u8a(bytes))
916
- throw new Error('Uint8Array expected');
917
- // pre-caching improves the speed 6x
918
- let hex = '';
919
- for (let i = 0; i < bytes.length; i++) {
920
- hex += hexes[bytes[i]];
921
- }
922
- return hex;
923
- }
924
- /**
925
- * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
926
- */
927
- function utf8ToBytes(str) {
928
- if (typeof str !== 'string')
929
- throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
930
- return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
931
- }
932
- /**
933
- * Normalizes (non-hex) string or Uint8Array to Uint8Array.
934
- * Warning: when Uint8Array is passed, it would NOT get copied.
935
- * Keep in mind for future mutable operations.
936
- */
937
- function toBytes(data) {
938
- if (typeof data === 'string')
939
- data = utf8ToBytes(data);
940
- if (!u8a(data))
941
- throw new Error(`expected Uint8Array, got ${typeof data}`);
942
- return data;
943
- }
944
- // For runtime check if class implements interface
945
- class Hash {
946
- // Safe version that clones internal state
947
- clone() {
948
- return this._cloneInto();
949
- }
950
- }
951
- function wrapConstructor(hashCons) {
952
- const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
953
- const tmp = hashCons();
954
- hashC.outputLen = tmp.outputLen;
955
- hashC.blockLen = tmp.blockLen;
956
- hashC.create = () => hashCons();
957
- return hashC;
958
- }
1032
+ // "1" separator
1033
+ sections.push({
1034
+ name: 'separator',
1035
+ letters: '1'
1036
+ });
959
1037
 
960
- // Polyfill for Safari 14
961
- function setBigUint64(view, byteOffset, value, isLE) {
962
- if (typeof view.setBigUint64 === 'function')
963
- return view.setBigUint64(byteOffset, value, isLE);
964
- const _32n = BigInt(32);
965
- const _u32_max = BigInt(0xffffffff);
966
- const wh = Number((value >> _32n) & _u32_max);
967
- const wl = Number(value & _u32_max);
968
- const h = isLE ? 4 : 0;
969
- const l = isLE ? 0 : 4;
970
- view.setUint32(byteOffset + h, wh, isLE);
971
- view.setUint32(byteOffset + l, wl, isLE);
972
- }
973
- // Base SHA2 class (RFC 6234)
974
- class SHA2 extends Hash {
975
- constructor(blockLen, outputLen, padOffset, isLE) {
976
- super();
977
- this.blockLen = blockLen;
978
- this.outputLen = outputLen;
979
- this.padOffset = padOffset;
980
- this.isLE = isLE;
981
- this.finished = false;
982
- this.length = 0;
983
- this.pos = 0;
984
- this.destroyed = false;
985
- this.buffer = new Uint8Array(blockLen);
986
- this.view = createView(this.buffer);
987
- }
988
- update(data) {
989
- exists(this);
990
- const { view, buffer, blockLen } = this;
991
- data = toBytes(data);
992
- const len = data.length;
993
- for (let pos = 0; pos < len;) {
994
- const take = Math.min(blockLen - this.pos, len - pos);
995
- // Fast path: we have at least one block in input, cast it to view and process
996
- if (take === blockLen) {
997
- const dataView = createView(data);
998
- for (; blockLen <= len - pos; pos += blockLen)
999
- this.process(dataView, pos);
1000
- continue;
1001
- }
1002
- buffer.set(data.subarray(pos, pos + take), this.pos);
1003
- this.pos += take;
1004
- pos += take;
1005
- if (this.pos === blockLen) {
1006
- this.process(view, 0);
1007
- this.pos = 0;
1008
- }
1009
- }
1010
- this.length += data.length;
1011
- this.roundClean();
1012
- return this;
1013
- }
1014
- digestInto(out) {
1015
- exists(this);
1016
- output(out, this);
1017
- this.finished = true;
1018
- // Padding
1019
- // We can avoid allocation of buffer for padding completely if it
1020
- // was previously not allocated here. But it won't change performance.
1021
- const { buffer, view, blockLen, isLE } = this;
1022
- let { pos } = this;
1023
- // append the bit '1' to the message
1024
- buffer[pos++] = 0b10000000;
1025
- this.buffer.subarray(pos).fill(0);
1026
- // we have less than padOffset left in buffer, so we cannot put length in current block, need process it and pad again
1027
- if (this.padOffset > blockLen - pos) {
1028
- this.process(view, 0);
1029
- pos = 0;
1030
- }
1031
- // Pad until full block byte with zeros
1032
- for (let i = pos; i < blockLen; i++)
1033
- buffer[i] = 0;
1034
- // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
1035
- // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
1036
- // So we just write lowest 64 bits of that value.
1037
- setBigUint64(view, blockLen - 8, BigInt(this.length * 8), isLE);
1038
- this.process(view, 0);
1039
- const oview = createView(out);
1040
- const len = this.outputLen;
1041
- // NOTE: we do division by 4 later, which should be fused in single op with modulo by JIT
1042
- if (len % 4)
1043
- throw new Error('_sha2: outputLen should be aligned to 32bit');
1044
- const outLen = len / 4;
1045
- const state = this.get();
1046
- if (outLen > state.length)
1047
- throw new Error('_sha2: outputLen bigger than state');
1048
- for (let i = 0; i < outLen; i++)
1049
- oview.setUint32(4 * i, state[i], isLE);
1050
- }
1051
- digest() {
1052
- const { buffer, outputLen } = this;
1053
- this.digestInto(buffer);
1054
- const res = buffer.slice(0, outputLen);
1055
- this.destroy();
1056
- return res;
1057
- }
1058
- _cloneInto(to) {
1059
- to || (to = new this.constructor());
1060
- to.set(...this.get());
1061
- const { blockLen, buffer, length, finished, destroyed, pos } = this;
1062
- to.length = length;
1063
- to.pos = pos;
1064
- to.finished = finished;
1065
- to.destroyed = destroyed;
1066
- if (length % blockLen)
1067
- to.buffer.set(buffer);
1068
- return to;
1069
- }
1038
+ // timestamp
1039
+ const timestamp = wordsToIntBE(words.slice(0, 7));
1040
+ words = words.slice(7); // trim off the left 7 words
1041
+ sections.push({
1042
+ name: 'timestamp',
1043
+ letters: letters.slice(0, 7),
1044
+ value: timestamp
1045
+ });
1046
+ letters = letters.slice(7);
1047
+
1048
+ let tagName, parser, tagLength, tagWords;
1049
+ // we have no tag count to go on, so just keep hacking off words
1050
+ // until we have none.
1051
+ while (words.length > 0) {
1052
+ const tagCode = words[0].toString();
1053
+ tagName = TAGNAMES[tagCode] || 'unknown_tag';
1054
+ parser = TAGPARSERS[tagCode] || getUnknownParser(tagCode);
1055
+ words = words.slice(1);
1056
+
1057
+ tagLength = wordsToIntBE(words.slice(0, 2));
1058
+ words = words.slice(2);
1059
+
1060
+ tagWords = words.slice(0, tagLength);
1061
+ words = words.slice(tagLength);
1062
+
1063
+ sections.push({
1064
+ name: tagName,
1065
+ tag: letters[0],
1066
+ letters: letters.slice(0, 1 + 2 + tagLength),
1067
+ value: parser(tagWords) // see: parsers for more comments
1068
+ });
1069
+ letters = letters.slice(1 + 2 + tagLength);
1070
+ }
1071
+
1072
+ // signature
1073
+ sections.push({
1074
+ name: 'signature',
1075
+ letters: letters.slice(0, 104),
1076
+ value: hex.encode(bech32.fromWordsUnsafe(sigWords))
1077
+ });
1078
+ letters = letters.slice(104);
1079
+
1080
+ // checksum
1081
+ sections.push({
1082
+ name: 'checksum',
1083
+ letters: letters
1084
+ });
1085
+
1086
+ let result = {
1087
+ paymentRequest,
1088
+ sections,
1089
+
1090
+ get expiry() {
1091
+ let exp = sections.find(s => s.name === 'expiry');
1092
+ if (exp) return getValue('timestamp') + exp.value
1093
+ },
1094
+
1095
+ get route_hints() {
1096
+ return sections.filter(s => s.name === 'route_hint').map(s => s.value)
1097
+ }
1098
+ };
1099
+
1100
+ for (let name in TAGCODES) {
1101
+ if (name === 'route_hint') {
1102
+ // route hints can be multiple, so this won't work for them
1103
+ continue
1104
+ }
1105
+
1106
+ Object.defineProperty(result, name, {
1107
+ get() {
1108
+ return getValue(name)
1109
+ }
1110
+ });
1111
+ }
1112
+
1113
+ return result
1114
+
1115
+ function getValue(name) {
1116
+ let section = sections.find(s => s.name === name);
1117
+ return section ? section.value : undefined
1118
+ }
1119
+ }
1120
+
1121
+ bolt11 = {
1122
+ decode,
1123
+ hrpToMillisat
1124
+ };
1125
+ return bolt11;
1070
1126
  }
1071
1127
 
1072
- // SHA2-256 need to try 2^128 hashes to execute birthday attack.
1073
- // BTC network is doing 2^67 hashes/sec as per early 2023.
1074
- // Choice: a ? b : c
1075
- const Chi = (a, b, c) => (a & b) ^ (~a & c);
1076
- // Majority function, true if any two inpust is true
1077
- const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
1078
- // Round constants:
1079
- // first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
1080
- // prettier-ignore
1081
- const SHA256_K = /* @__PURE__ */ new Uint32Array([
1082
- 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
1083
- 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,
1084
- 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,
1085
- 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,
1086
- 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,
1087
- 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,
1088
- 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
1089
- 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
1090
- ]);
1091
- // Initial state (first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19):
1092
- // prettier-ignore
1093
- const IV = /* @__PURE__ */ new Uint32Array([
1094
- 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
1095
- ]);
1096
- // Temporary buffer, not used to store anything between runs
1097
- // Named this way because it matches specification.
1098
- const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
1099
- class SHA256 extends SHA2 {
1100
- constructor() {
1101
- super(64, 32, 8, false);
1102
- // We cannot use array here since array allows indexing by variable
1103
- // which means optimizer/compiler cannot use registers.
1104
- this.A = IV[0] | 0;
1105
- this.B = IV[1] | 0;
1106
- this.C = IV[2] | 0;
1107
- this.D = IV[3] | 0;
1108
- this.E = IV[4] | 0;
1109
- this.F = IV[5] | 0;
1110
- this.G = IV[6] | 0;
1111
- this.H = IV[7] | 0;
1112
- }
1113
- get() {
1114
- const { A, B, C, D, E, F, G, H } = this;
1115
- return [A, B, C, D, E, F, G, H];
1116
- }
1117
- // prettier-ignore
1118
- set(A, B, C, D, E, F, G, H) {
1119
- this.A = A | 0;
1120
- this.B = B | 0;
1121
- this.C = C | 0;
1122
- this.D = D | 0;
1123
- this.E = E | 0;
1124
- this.F = F | 0;
1125
- this.G = G | 0;
1126
- this.H = H | 0;
1127
- }
1128
- process(view, offset) {
1129
- // Extend the first 16 words into the remaining 48 words w[16..63] of the message schedule array
1130
- for (let i = 0; i < 16; i++, offset += 4)
1131
- SHA256_W[i] = view.getUint32(offset, false);
1132
- for (let i = 16; i < 64; i++) {
1133
- const W15 = SHA256_W[i - 15];
1134
- const W2 = SHA256_W[i - 2];
1135
- const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ (W15 >>> 3);
1136
- const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ (W2 >>> 10);
1137
- SHA256_W[i] = (s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16]) | 0;
1128
+ var bolt11Exports = requireBolt11();
1129
+
1130
+ // from https://stackoverflow.com/a/50868276
1131
+ const fromHexString = (hexString) => Uint8Array.from(hexString.match(/.{1,2}/g).map((byte) => parseInt(byte, 16)));
1132
+ const decodeInvoice = (paymentRequest) => {
1133
+ if (!paymentRequest)
1134
+ return null;
1135
+ try {
1136
+ const decoded = bolt11Exports.decode(paymentRequest);
1137
+ if (!decoded || !decoded.sections)
1138
+ return null;
1139
+ const hashTag = decoded.sections.find((value) => value.name === "payment_hash");
1140
+ if (hashTag?.name !== "payment_hash" || !hashTag.value)
1141
+ return null;
1142
+ const paymentHash = hashTag.value;
1143
+ let satoshi = 0;
1144
+ let millisatoshi = 0;
1145
+ let amountRaw = "0";
1146
+ const amountTag = decoded.sections.find((value) => value.name === "amount");
1147
+ if (amountTag?.name === "amount" && amountTag.value) {
1148
+ amountRaw = amountTag.value;
1149
+ millisatoshi = parseInt(amountTag.value);
1150
+ satoshi = parseInt(amountTag.value) / 1000; // millisats
1138
1151
  }
1139
- // Compression function main loop, 64 rounds
1140
- let { A, B, C, D, E, F, G, H } = this;
1141
- for (let i = 0; i < 64; i++) {
1142
- const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
1143
- const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
1144
- const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
1145
- const T2 = (sigma0 + Maj(A, B, C)) | 0;
1146
- H = G;
1147
- G = F;
1148
- F = E;
1149
- E = (D + T1) | 0;
1150
- D = C;
1151
- C = B;
1152
- B = A;
1153
- A = (T1 + T2) | 0;
1152
+ const timestampTag = decoded.sections.find((value) => value.name === "timestamp");
1153
+ if (timestampTag?.name !== "timestamp" || !timestampTag.value)
1154
+ return null;
1155
+ const timestamp = timestampTag.value;
1156
+ let expiry;
1157
+ const expiryTag = decoded.sections.find((value) => value.name === "expiry");
1158
+ if (expiryTag?.name === "expiry") {
1159
+ expiry = expiryTag.value;
1154
1160
  }
1155
- // Add the compressed chunk to the current hash value
1156
- A = (A + this.A) | 0;
1157
- B = (B + this.B) | 0;
1158
- C = (C + this.C) | 0;
1159
- D = (D + this.D) | 0;
1160
- E = (E + this.E) | 0;
1161
- F = (F + this.F) | 0;
1162
- G = (G + this.G) | 0;
1163
- H = (H + this.H) | 0;
1164
- this.set(A, B, C, D, E, F, G, H);
1161
+ const descriptionTag = decoded.sections.find((value) => value.name === "description");
1162
+ const description = descriptionTag?.name === "description"
1163
+ ? descriptionTag?.value
1164
+ : undefined;
1165
+ return {
1166
+ paymentHash,
1167
+ satoshi,
1168
+ millisatoshi,
1169
+ amountRaw,
1170
+ timestamp,
1171
+ expiry,
1172
+ description,
1173
+ };
1165
1174
  }
1166
- roundClean() {
1167
- SHA256_W.fill(0);
1175
+ catch {
1176
+ return null;
1168
1177
  }
1169
- destroy() {
1170
- this.set(0, 0, 0, 0, 0, 0, 0, 0);
1171
- this.buffer.fill(0);
1178
+ };
1179
+ function validatePreimage(preimage, paymentHash) {
1180
+ try {
1181
+ if (!/^[0-9a-fA-F]{64}$/.test(preimage))
1182
+ return false;
1183
+ if (!/^[0-9a-fA-F]{64}$/.test(paymentHash))
1184
+ return false;
1185
+ const preimageHash = bytesToHex(sha256(fromHexString(preimage)));
1186
+ return paymentHash === preimageHash;
1187
+ }
1188
+ catch {
1189
+ return false;
1172
1190
  }
1173
1191
  }
1174
- /**
1175
- * SHA2-256 hash function
1176
- * @param message - data that would be hashed
1177
- */
1178
- const sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
1179
1192
 
1180
1193
  class Invoice {
1181
1194
  constructor(args) {
@@ -1215,13 +1228,7 @@ class Invoice {
1215
1228
  validatePreimage(preimage) {
1216
1229
  if (!preimage || !this.paymentHash)
1217
1230
  return false;
1218
- try {
1219
- const preimageHash = bytesToHex(sha256(fromHexString(preimage)));
1220
- return this.paymentHash === preimageHash;
1221
- }
1222
- catch {
1223
- return false;
1224
- }
1231
+ return validatePreimage(preimage, this.paymentHash);
1225
1232
  }
1226
1233
  async verifyPayment() {
1227
1234
  try {
@@ -1679,6 +1686,11 @@ function createGuardedWallet(wallet, maxAmountSats) {
1679
1686
  };
1680
1687
  }
1681
1688
 
1689
+ /**
1690
+ * Client: parse "www-authenticate" header from server response
1691
+ * @param input
1692
+ * @returns details from the header value (token or macaroon, invoice)
1693
+ */
1682
1694
  const parseL402 = (input) => {
1683
1695
  // Remove the L402 and LSAT identifiers
1684
1696
  const string = input.replace("L402", "").replace("LSAT", "").trim();
@@ -1693,6 +1705,19 @@ const parseL402 = (input) => {
1693
1705
  // Value is either match[3] (double-quoted), match[4] (single-quoted), or match[5] (unquoted)
1694
1706
  keyValuePairs[match[1]] = match[3] || match[4] || match[5];
1695
1707
  }
1708
+ if (!keyValuePairs["token"] && keyValuePairs["macaroon"]) {
1709
+ // fallback to old naming
1710
+ keyValuePairs["token"] = keyValuePairs["macaroon"];
1711
+ delete keyValuePairs["macaroon"];
1712
+ }
1713
+ if (!("token" in keyValuePairs) ||
1714
+ typeof keyValuePairs["token"] !== "string") {
1715
+ throw new Error("No macaroon or token found in www-authenticate header");
1716
+ }
1717
+ if (!("invoice" in keyValuePairs) ||
1718
+ typeof keyValuePairs["invoice"] !== "string") {
1719
+ throw new Error("No invoice found in www-authenticate header");
1720
+ }
1696
1721
  return keyValuePairs;
1697
1722
  };
1698
1723
 
@@ -1742,7 +1767,7 @@ const buildX402PaymentSignature = (scheme, network, invoice, requirements) => {
1742
1767
  return btoa(unescape(encodeURIComponent(json)));
1743
1768
  };
1744
1769
 
1745
- const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1770
+ const decodeX402Header = (x402Header) => {
1746
1771
  let parsed;
1747
1772
  try {
1748
1773
  parsed = JSON.parse(decodeURIComponent(escape(atob(x402Header))));
@@ -1753,9 +1778,31 @@ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) =>
1753
1778
  if (!Array.isArray(parsed.accepts) || parsed.accepts.length === 0) {
1754
1779
  throw new Error("x402: PAYMENT-REQUIRED header contains no payment options");
1755
1780
  }
1756
- const requirements = parsed.accepts.find((e) => {
1757
- return e.extra?.paymentMethod === "lightning";
1758
- });
1781
+ return { accepts: parsed.accepts };
1782
+ };
1783
+ /**
1784
+ * Probe a PAYMENT-REQUIRED header for a lightning-payable offer without
1785
+ * throwing. Returns the matching requirements, or null if the header has no
1786
+ * lightning entry (e.g. USDC-only endpoints) or is malformed. Used by the
1787
+ * top-level fetch402 dispatcher to decide whether to attempt payment or hand
1788
+ * the 402 back to the caller.
1789
+ */
1790
+ const findX402LightningRequirements = (x402Header) => {
1791
+ let accepts;
1792
+ try {
1793
+ ({ accepts } = decodeX402Header(x402Header));
1794
+ }
1795
+ catch (_) {
1796
+ return null;
1797
+ }
1798
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1799
+ if (!requirements?.extra?.invoice)
1800
+ return null;
1801
+ return requirements;
1802
+ };
1803
+ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1804
+ const { accepts } = decodeX402Header(x402Header);
1805
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1759
1806
  if (!requirements) {
1760
1807
  throw new Error("x402: unsupported x402 network, only Bitcoin lightning network is supported.");
1761
1808
  }
@@ -1974,24 +2021,112 @@ const fetch402 = async (url, fetchArgs, options) => {
1974
2021
  const headers = new Headers(fetchArgs.headers ?? undefined);
1975
2022
  fetchArgs.headers = headers;
1976
2023
  const initResp = await fetch(url, fetchArgs);
2024
+ // L402 / LSAT: dedicated scheme, dispatch directly.
1977
2025
  const wwwAuthHeader = initResp.headers.get("www-authenticate");
1978
2026
  if (wwwAuthHeader) {
1979
2027
  const trimmed = wwwAuthHeader.trimStart().toLowerCase();
1980
- if (trimmed.startsWith("payment")) {
1981
- return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
1982
- }
1983
2028
  if (trimmed.startsWith("l402") || trimmed.startsWith("lsat")) {
1984
2029
  return handleL402Payment(wwwAuthHeader, url, fetchArgs, headers, wallet);
1985
2030
  }
1986
- throw new Error(`fetch402: unsupported WWW-Authenticate scheme: ${wwwAuthHeader}`);
1987
2031
  }
2032
+ // A server may advertise multiple payment options at once (e.g. an MPP
2033
+ // USDC challenge in WWW-Authenticate alongside an x402 PAYMENT-REQUIRED
2034
+ // header that lists both USDC and lightning). Try each lightning-payable
2035
+ // handler in turn; only if none matches do we hand the original 402 back
2036
+ // to the caller so they can decide what to do with non-lightning offers.
2037
+ // 1. MPP-lightning challenge (Payment method="lightning" intent="charge").
2038
+ // parseMppChallenge returns null for any other method, which lets us
2039
+ // fall through to x402 instead of throwing.
2040
+ if (wwwAuthHeader && parseMppChallenge(wwwAuthHeader)) {
2041
+ return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
2042
+ }
2043
+ // 2. x402 PAYMENT-REQUIRED with a lightning entry in `accepts`.
1988
2044
  const x402Header = initResp.headers.get("PAYMENT-REQUIRED");
1989
- if (x402Header) {
2045
+ if (x402Header && findX402LightningRequirements(x402Header)) {
1990
2046
  return handleX402Payment(x402Header, url, fetchArgs, headers, wallet);
1991
2047
  }
1992
2048
  return initResp;
1993
2049
  };
1994
2050
 
2051
+ async function issueL402Macaroon(secret, paymentHash, params) {
2052
+ if (params !== undefined &&
2053
+ Object.prototype.hasOwnProperty.call(params, "paymentHash")) {
2054
+ throw new Error("paymentHash is reserved");
2055
+ }
2056
+ const payload = { ...params, paymentHash };
2057
+ const encoded = Buffer.from(JSON.stringify(payload)).toString("base64url");
2058
+ const mac = await sign(secret, encoded);
2059
+ return `${encoded}.${mac}`;
2060
+ }
2061
+ async function verifyL402Macaroon(secret, token) {
2062
+ const { timingSafeEqual } = await import('crypto');
2063
+ const dotIndex = token.lastIndexOf(".");
2064
+ if (dotIndex === -1)
2065
+ throw new Error("Invalid macaroon token");
2066
+ const encoded = token.slice(0, dotIndex);
2067
+ const mac = token.slice(dotIndex + 1);
2068
+ // Constant-time comparison to prevent timing attacks
2069
+ const expectedMac = await sign(secret, encoded);
2070
+ try {
2071
+ if (!timingSafeEqual(Buffer.from(mac, "hex"), Buffer.from(expectedMac, "hex"))) {
2072
+ throw new Error("Invalid macaroon token");
2073
+ }
2074
+ }
2075
+ catch (e) {
2076
+ throw new Error("Invalid macaroon token");
2077
+ }
2078
+ try {
2079
+ const parsed = JSON.parse(Buffer.from(encoded, "base64url").toString("utf8"));
2080
+ if (parsed === null ||
2081
+ typeof parsed !== "object" ||
2082
+ Array.isArray(parsed) ||
2083
+ typeof parsed.paymentHash !== "string") {
2084
+ throw new Error("Invalid macaroon payload");
2085
+ }
2086
+ return parsed;
2087
+ }
2088
+ catch {
2089
+ throw new Error("Invalid macaroon token");
2090
+ }
2091
+ }
2092
+ async function sign(secret, payload) {
2093
+ const { createHmac } = await import('crypto');
2094
+ return createHmac("sha256", secret).update(payload).digest("hex");
2095
+ }
2096
+
2097
+ /**
2098
+ * Server: create a WWW-Authenticate header for a given macaroon and invoice
2099
+ * @param args the macaroon/token and invoice generated for the client's request
2100
+ * @returns the header value
2101
+ */
2102
+ const makeL402AuthenticateHeader = (args) => {
2103
+ if (!args.token) {
2104
+ throw new Error("token must be provided");
2105
+ }
2106
+ return `L402 version="0" token="${args.token}", invoice="${args.invoice}"`;
2107
+ };
2108
+ /**
2109
+ * Server: parse "authorization" header sent from client
2110
+ * @param input value from authorization header
2111
+ * @returns the macaroon and preimage
2112
+ */
2113
+ function parseL402Authorization(input) {
2114
+ // Backwards compat: LSAT was the former name of L402
2115
+ const normalized = input.replace(/^LSAT /, "L402 ");
2116
+ const prefix = "L402 ";
2117
+ if (!normalized.startsWith(prefix))
2118
+ return null;
2119
+ const credentials = normalized.slice(prefix.length);
2120
+ const colonIndex = credentials.indexOf(":");
2121
+ if (colonIndex === -1) {
2122
+ throw new Error("Invalid authorization header value");
2123
+ }
2124
+ return {
2125
+ token: credentials.slice(0, colonIndex),
2126
+ preimage: credentials.slice(colonIndex + 1),
2127
+ };
2128
+ }
2129
+
1995
2130
  const numSatsInBtc = 100000000;
1996
2131
  const getFiatCurrencies = async () => {
1997
2132
  const url = "https://getalby.com/api/rates";
@@ -2051,6 +2186,7 @@ exports.fetch402 = fetch402;
2051
2186
  exports.fetchWithL402 = fetchWithL402;
2052
2187
  exports.fetchWithMpp = fetchWithMpp;
2053
2188
  exports.fetchWithX402 = fetchWithX402;
2189
+ exports.findX402LightningRequirements = findX402LightningRequirements;
2054
2190
  exports.fromHexString = fromHexString;
2055
2191
  exports.generateZapEvent = generateZapEvent;
2056
2192
  exports.getEventHash = getEventHash;
@@ -2061,10 +2197,16 @@ exports.getFormattedFiatValue = getFormattedFiatValue;
2061
2197
  exports.getSatoshiValue = getSatoshiValue;
2062
2198
  exports.isUrl = isUrl;
2063
2199
  exports.isValidAmount = isValidAmount;
2200
+ exports.issueL402Macaroon = issueL402Macaroon;
2201
+ exports.makeL402AuthenticateHeader = makeL402AuthenticateHeader;
2064
2202
  exports.parseKeysendResponse = parseKeysendResponse;
2203
+ exports.parseL402 = parseL402;
2204
+ exports.parseL402Authorization = parseL402Authorization;
2065
2205
  exports.parseLnUrlPayResponse = parseLnUrlPayResponse;
2066
2206
  exports.parseNostrResponse = parseNostrResponse;
2067
2207
  exports.sendBoostagram = sendBoostagram;
2068
2208
  exports.serializeEvent = serializeEvent;
2069
2209
  exports.validateEvent = validateEvent;
2210
+ exports.validatePreimage = validatePreimage;
2211
+ exports.verifyL402Macaroon = verifyL402Macaroon;
2070
2212
  //# sourceMappingURL=index.cjs.map