@getalby/lightning-tools 8.1.0 → 8.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/esm/index.js CHANGED
@@ -1765,7 +1765,7 @@ const buildX402PaymentSignature = (scheme, network, invoice, requirements) => {
1765
1765
  return btoa(unescape(encodeURIComponent(json)));
1766
1766
  };
1767
1767
 
1768
- const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1768
+ const decodeX402Header = (x402Header) => {
1769
1769
  let parsed;
1770
1770
  try {
1771
1771
  parsed = JSON.parse(decodeURIComponent(escape(atob(x402Header))));
@@ -1776,9 +1776,31 @@ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) =>
1776
1776
  if (!Array.isArray(parsed.accepts) || parsed.accepts.length === 0) {
1777
1777
  throw new Error("x402: PAYMENT-REQUIRED header contains no payment options");
1778
1778
  }
1779
- const requirements = parsed.accepts.find((e) => {
1780
- return e.extra?.paymentMethod === "lightning";
1781
- });
1779
+ return { accepts: parsed.accepts };
1780
+ };
1781
+ /**
1782
+ * Probe a PAYMENT-REQUIRED header for a lightning-payable offer without
1783
+ * throwing. Returns the matching requirements, or null if the header has no
1784
+ * lightning entry (e.g. USDC-only endpoints) or is malformed. Used by the
1785
+ * top-level fetch402 dispatcher to decide whether to attempt payment or hand
1786
+ * the 402 back to the caller.
1787
+ */
1788
+ const findX402LightningRequirements = (x402Header) => {
1789
+ let accepts;
1790
+ try {
1791
+ ({ accepts } = decodeX402Header(x402Header));
1792
+ }
1793
+ catch (_) {
1794
+ return null;
1795
+ }
1796
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1797
+ if (!requirements?.extra?.invoice)
1798
+ return null;
1799
+ return requirements;
1800
+ };
1801
+ const handleX402Payment = async (x402Header, url, fetchArgs, headers, wallet) => {
1802
+ const { accepts } = decodeX402Header(x402Header);
1803
+ const requirements = accepts.find((e) => e?.extra?.paymentMethod === "lightning");
1782
1804
  if (!requirements) {
1783
1805
  throw new Error("x402: unsupported x402 network, only Bitcoin lightning network is supported.");
1784
1806
  }
@@ -1997,19 +2019,28 @@ const fetch402 = async (url, fetchArgs, options) => {
1997
2019
  const headers = new Headers(fetchArgs.headers ?? undefined);
1998
2020
  fetchArgs.headers = headers;
1999
2021
  const initResp = await fetch(url, fetchArgs);
2022
+ // L402 / LSAT: dedicated scheme, dispatch directly.
2000
2023
  const wwwAuthHeader = initResp.headers.get("www-authenticate");
2001
2024
  if (wwwAuthHeader) {
2002
2025
  const trimmed = wwwAuthHeader.trimStart().toLowerCase();
2003
- if (trimmed.startsWith("payment")) {
2004
- return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
2005
- }
2006
2026
  if (trimmed.startsWith("l402") || trimmed.startsWith("lsat")) {
2007
2027
  return handleL402Payment(wwwAuthHeader, url, fetchArgs, headers, wallet);
2008
2028
  }
2009
- throw new Error(`fetch402: unsupported WWW-Authenticate scheme: ${wwwAuthHeader}`);
2010
2029
  }
2030
+ // A server may advertise multiple payment options at once (e.g. an MPP
2031
+ // USDC challenge in WWW-Authenticate alongside an x402 PAYMENT-REQUIRED
2032
+ // header that lists both USDC and lightning). Try each lightning-payable
2033
+ // handler in turn; only if none matches do we hand the original 402 back
2034
+ // to the caller so they can decide what to do with non-lightning offers.
2035
+ // 1. MPP-lightning challenge (Payment method="lightning" intent="charge").
2036
+ // parseMppChallenge returns null for any other method, which lets us
2037
+ // fall through to x402 instead of throwing.
2038
+ if (wwwAuthHeader && parseMppChallenge(wwwAuthHeader)) {
2039
+ return handleMppChargePayment(wwwAuthHeader, url, fetchArgs, headers, wallet);
2040
+ }
2041
+ // 2. x402 PAYMENT-REQUIRED with a lightning entry in `accepts`.
2011
2042
  const x402Header = initResp.headers.get("PAYMENT-REQUIRED");
2012
- if (x402Header) {
2043
+ if (x402Header && findX402LightningRequirements(x402Header)) {
2013
2044
  return handleX402Payment(x402Header, url, fetchArgs, headers, wallet);
2014
2045
  }
2015
2046
  return initResp;
@@ -2143,5 +2174,5 @@ const getFormattedFiatValue = async ({ satoshi, currency, locale, }) => {
2143
2174
  });
2144
2175
  };
2145
2176
 
2146
- export { DEFAULT_PROXY, Invoice, LN_ADDRESS_REGEX, LightningAddress, createGuardedWallet, decodeInvoice, fetch402, fetchWithL402, fetchWithMpp, fetchWithX402, fromHexString, generateZapEvent, getEventHash, getFiatBtcRate, getFiatCurrencies, getFiatValue, getFormattedFiatValue, getSatoshiValue, isUrl, isValidAmount, issueL402Macaroon, makeL402AuthenticateHeader, parseKeysendResponse, parseL402, parseL402Authorization, parseLnUrlPayResponse, parseNostrResponse, sendBoostagram, serializeEvent, validateEvent, validatePreimage, verifyL402Macaroon };
2177
+ export { DEFAULT_PROXY, Invoice, LN_ADDRESS_REGEX, LightningAddress, createGuardedWallet, decodeInvoice, fetch402, fetchWithL402, fetchWithMpp, fetchWithX402, findX402LightningRequirements, fromHexString, generateZapEvent, getEventHash, getFiatBtcRate, getFiatCurrencies, getFiatValue, getFormattedFiatValue, getSatoshiValue, isUrl, isValidAmount, issueL402Macaroon, makeL402AuthenticateHeader, parseKeysendResponse, parseL402, parseL402Authorization, parseLnUrlPayResponse, parseNostrResponse, sendBoostagram, serializeEvent, validateEvent, validatePreimage, verifyL402Macaroon };
2147
2178
  //# sourceMappingURL=index.js.map