@kwespay/widget 1.0.7 → 1.0.9

package/dist/esm/{index-338l55OY.js → index-C5OB57Yl.js}

@@ -7,15 +7,16 @@ class KwesPayError extends Error {
     }
 }
 
-const ENDPOINT = "https://d502-154-161-98-26.ngrok-free.app/graphql";
+const ENDPOINT = "https://839e-154-161-230-28.ngrok-free.app/graphql";
 const TESTNET_CONTRACTS = {
-    sepolia: "0x39bE436D6A34d0990cb71c9cBD24a5361d85e00B",
-    baseSepolia: "0x7515b1b1BcA33E7a9ccBd5E2b93771884654De77",
-    polygonAmoy: "0xD31dF3eBd220Fd3e190A346F8927819295d28980",
-    liskTestnet: "0xd04A78a998146EBAD04c2b68E020C06Dc3b3717f",
+    sepolia: "0xFC0A3A00008B79f080648A12FFb07dDE3C34F789",
+    baseSepolia: "0x8662EEA4eACCAef3e5c33c50Ac3a2b9B1B0033c7",
+    polygonAmoy: "0xc46E4D2005014990F600741A2Ce189f8118CB58e",
+    liskTestnet: "0xe0daD0d9e7413AA06859d26A552fD6a07855B070",
+    mezoTestnet: "0xa430B2e0D1273464809f8541286058e90781DA9C",
 };
 const MAINNET_CONTRACTS = {
-// lisk:     "0x...",
+// lisk: "0x...",
 };
 const CONTRACT_ADDRESSES = {
     ...TESTNET_CONTRACTS,
@@ -105,6 +106,7 @@ const GQL_CREATE_TRANSACTION = `
       tokenAddress
       amountBaseUnits
       chainId
+      deadline
       expiresAt
       transaction {
         transactionReference
@@ -2624,7 +2626,7 @@ function encodeFunctionData(parameters) {
 
 const ZERO_ADDRESS$1 = "0x0000000000000000000000000000000000000000";
 const PAYMENT_ABI = parseAbi([
-    "function createPayment(bytes32 paymentId, string vendorId, address token, uint256 amount, bytes backendSignature) external payable",
+    "function createPayment(bytes32 paymentId, string vendorId, address token, uint256 amount, uint256 deadline, bytes backendSignature) external payable",
 ]);
 const ERC20_ABI = parseAbi([
     "function allowance(address owner, address spender) view returns (uint256)",
@@ -2724,6 +2726,7 @@ class ContractService {
                 params.vendorIdentifier,
                 ensure0x(params.tokenAddress),
                 amount,
+                BigInt(params.deadline),
                 ensure0x(params.backendSignature),
             ],
         });
@@ -2734,7 +2737,7 @@ class ContractService {
             data,
         };
         if (isNative)
-            txParams["value"] = `0x${amount.toString(16)}`;
+            txParams["value"] = `0x${(amount + (amount * 50n) / 10000n).toString(16)}`;
         let txHash;
         try {
             txHash = (await this.provider.request({
@@ -2803,8 +2806,8 @@ class PaymentService {
             throw new KwesPayError(`Wallet is on chain ${confirmed} but payment requires chain ${expectedChainId} (${expectedNetwork}). Please switch your network and retry.`, "WRONG_NETWORK");
         }
     }
-    async ensureSufficientBalance(walletAddress, tokenAddress, amountBaseUnits, onStatus) {
-        const amount = BigInt(amountBaseUnits);
+    async ensureSufficientBalance(walletAddress, tokenAddress, totalBaseUnits, onStatus) {
+        const total = BigInt(totalBaseUnits);
         const isNative = tokenAddress === ZERO_ADDRESS;
         onStatus?.("Checking balance", "Verifying wallet balance…");
         const nativeRaw = (await this.provider.request({
@@ -2813,14 +2816,14 @@ class PaymentService {
         }));
         const nativeBalance = nativeRaw && nativeRaw !== "0x" ? BigInt(nativeRaw) : 0n;
         if (isNative) {
-            const required = amount + GAS_BUFFER;
+            const required = total + GAS_BUFFER;
             if (nativeBalance < required) {
-                throw new KwesPayError(`Insufficient native balance. Required ~${(Number(required) / 1e18).toFixed(8)} ETH (payment + gas), available: ${(Number(nativeBalance) / 1e18).toFixed(8)} ETH.`, "INSUFFICIENT_BALANCE");
+                throw new KwesPayError(`Insufficient native balance. Required ~${(Number(required) / 1e18).toFixed(8)} (payment + fee + gas), available: ${(Number(nativeBalance) / 1e18).toFixed(8)}.`, "INSUFFICIENT_BALANCE");
             }
             return;
         }
         if (nativeBalance < GAS_BUFFER) {
-            throw new KwesPayError(`Insufficient gas balance. Need at least ${(Number(GAS_BUFFER) / 1e18).toFixed(8)} ETH for gas, available: ${(Number(nativeBalance) / 1e18).toFixed(8)} ETH.`, "INSUFFICIENT_BALANCE");
+            throw new KwesPayError(`Insufficient gas balance. Need at least ${(Number(GAS_BUFFER) / 1e18).toFixed(8)} for gas, available: ${(Number(nativeBalance) / 1e18).toFixed(8)}.`, "INSUFFICIENT_BALANCE");
         }
         const balanceData = "0x70a08231" + walletAddress.slice(2).toLowerCase().padStart(64, "0");
         const raw = (await this.provider.request({
@@ -2828,33 +2831,44 @@ class PaymentService {
             params: [{ to: tokenAddress, data: balanceData }, "latest"],
         }));
         const tokenBalance = raw && raw !== "0x" ? BigInt(raw) : 0n;
-        if (tokenBalance < amount) {
-            throw new KwesPayError(`Insufficient token balance. Required: ${amount.toString()}, available: ${tokenBalance.toString()} (base units).`, "INSUFFICIENT_BALANCE");
+        if (tokenBalance < total) {
+            throw new KwesPayError(`Insufficient token balance. Required: ${total.toString()} (amount + fee), available: ${tokenBalance.toString()} (base units).`, "INSUFFICIENT_BALANCE");
         }
     }
     async pay(params) {
-        const { provider, payload, onStatus } = params;
+        const { payload, onStatus } = params;
         if (!payload.paymentIdBytes32 || !payload.backendSignature) {
             throw new KwesPayError("Invalid transaction payload — missing paymentIdBytes32 or backendSignature", "TRANSACTION_FAILED");
         }
         if (!payload.vendorIdentifier) {
             throw new KwesPayError("Invalid transaction payload — missing vendorIdentifier", "TRANSACTION_FAILED");
         }
+        if (!payload.totalBaseUnits) {
+            throw new KwesPayError("Invalid transaction payload — missing totalBaseUnits", "TRANSACTION_FAILED");
+        }
+        if (!payload.deadline) {
+            throw new KwesPayError("Invalid transaction payload — missing deadline", "TRANSACTION_FAILED");
+        }
+        if (BigInt(payload.totalBaseUnits) < BigInt(payload.amountBaseUnits)) {
+            throw new KwesPayError("Invalid transaction payload — totalBaseUnits cannot be less than amountBaseUnits", "TRANSACTION_FAILED");
+        }
         await this.ensureCorrectNetwork(payload.chainId, payload.network, onStatus);
         const accounts = (await this.provider.request({
             method: "eth_requestAccounts",
         }));
         const walletAddress = accounts[0];
-        await this.ensureSufficientBalance(walletAddress, payload.tokenAddress, payload.amountBaseUnits, onStatus);
+        await this.ensureSufficientBalance(walletAddress, payload.tokenAddress, payload.totalBaseUnits, onStatus);
         const contractAddress = resolveContractAddress(payload.network);
-        await this.contractService.ensureApproval(payload.tokenAddress, payload.amountBaseUnits, contractAddress, payload.chainId, onStatus);
+        await this.contractService.ensureApproval(payload.tokenAddress, payload.totalBaseUnits, contractAddress, payload.chainId, onStatus);
         const { txHash, blockNumber } = await this.contractService.createPayment({
             paymentIdBytes32: payload.paymentIdBytes32,
             vendorIdentifier: payload.vendorIdentifier,
             tokenAddress: payload.tokenAddress,
             amountBaseUnits: payload.amountBaseUnits,
+            totalBaseUnits: payload.totalBaseUnits,
             backendSignature: payload.backendSignature,
             contractAddress,
+            deadline: payload.deadline,
             chainId: payload.chainId,
         }, onStatus);
         return {
@@ -2866,6 +2880,14 @@ class PaymentService {
     }
 }
 
+const PLATFORM_FEE_BPS = 50n; // 0.5%
+const BASIS_POINTS = 10000n;
+function computeFee(amountBaseUnits) {
+    return (BigInt(amountBaseUnits) * PLATFORM_FEE_BPS) / BASIS_POINTS;
+}
+function computeTotal(amountBaseUnits) {
+    return (BigInt(amountBaseUnits) + computeFee(amountBaseUnits)).toString();
+}
 class KwesPayClient {
     constructor(config) {
         if (!config.apiKey)
@@ -2897,6 +2919,7 @@ class KwesPayClient {
             },
         };
     }
+    // getQuote (price preview only — no transaction created)
     async getQuote(params) {
         const data = await gqlRequest(GQL_CREATE_QUOTE, {
             input: {
@@ -2910,25 +2933,24 @@ class KwesPayClient {
         const q = data.createQuote;
         if (!q.success) {
             const msg = q.message ?? "Quote creation failed";
-            const code = msg.toLowerCase().includes("expired")
-                ? "QUOTE_EXPIRED"
-                : msg.toLowerCase().includes("key")
-                    ? "INVALID_KEY"
-                    : "UNKNOWN";
-            throw new KwesPayError(msg, code);
+            throw new KwesPayError(msg, _quoteErrCode(msg));
         }
         return {
             quoteId: q.quoteId,
             cryptoCurrency: q.cryptoCurrency,
             tokenAddress: q.tokenAddress,
             amountBaseUnits: q.amountBaseUnits,
+            // totalBaseUnits = amountBaseUnits + fee — safe to compute here for UI
+            totalBaseUnits: computeTotal(q.amountBaseUnits),
             displayAmount: q.displayAmount,
             network: q.network,
             chainId: q.chainId,
             expiresAt: q.expiresAt,
         };
     }
+    //  quote() — full flow: price + transaction, returns wallet-ready payload 
     async quote(params) {
+        // Step 1 — get price & lock quote
         const quoteData = await gqlRequest(GQL_CREATE_QUOTE, {
             input: {
                 vendorIdentifier: params.vendorIdentifier,
@@ -2941,13 +2963,9 @@ class KwesPayClient {
         const q = quoteData.createQuote;
         if (!q.success) {
             const msg = q.message ?? "Quote creation failed";
-            const code = msg.toLowerCase().includes("expired")
-                ? "QUOTE_EXPIRED"
-                : msg.toLowerCase().includes("key")
-                    ? "INVALID_KEY"
-                    : "UNKNOWN";
-            throw new KwesPayError(msg, code);
+            throw new KwesPayError(msg, _quoteErrCode(msg));
         }
+        // Step 2 — create transaction (backend signs payment params incl. deadline)
         const txData = await gqlRequest(GQL_CREATE_TRANSACTION, {
             input: {
                 quoteId: q.quoteId,
@@ -2957,23 +2975,27 @@ class KwesPayClient {
         const t = txData.createTransaction;
         if (!t.success) {
             const msg = t.message ?? "Transaction creation failed";
-            const code = msg.toLowerCase().includes("expired")
-                ? "QUOTE_EXPIRED"
-                : msg.toLowerCase().includes("already been used")
-                    ? "QUOTE_USED"
-                    : msg.toLowerCase().includes("not found")
-                        ? "QUOTE_NOT_FOUND"
-                        : msg.toLowerCase().includes("key")
-                            ? "INVALID_KEY"
-                            : "UNKNOWN";
-            throw new KwesPayError(msg, code);
+            throw new KwesPayError(msg, _txErrCode(msg));
+        }
+        // deadline must be present — it's part of the on-chain signature
+        if (!t.deadline) {
+            throw new KwesPayError("Backend did not return a deadline. Cannot construct a valid payment.", "TRANSACTION_FAILED");
         }
+        // totalBaseUnits: what the customer must actually send (amount + fee).
+        // We compute this from the signed amountBaseUnits using the same formula
+        // the contract uses: (amount * 50) / 10000.  We do NOT trust a
+        // client-side totalBaseUnits for security — but computing it here is safe
+        // because amountBaseUnits came from the backend-signed response.
+        const amountBaseUnits = t.amountBaseUnits;
+        const totalBaseUnits = computeTotal(amountBaseUnits);
         return {
             paymentIdBytes32: t.paymentIdBytes32,
             backendSignature: t.backendSignature,
             tokenAddress: t.tokenAddress,
-            amountBaseUnits: t.amountBaseUnits,
+            amountBaseUnits,
+            totalBaseUnits,
             chainId: t.chainId,
+            deadline: t.deadline, // ← from backend, part of signed hash
             expiresAt: t.expiresAt,
             transactionReference: t.transaction.transactionReference,
             transactionStatus: t.transaction.transactionStatus,
@@ -2981,13 +3003,13 @@ class KwesPayClient {
             vendorIdentifier: params.vendorIdentifier,
         };
     }
+    // pay()
     async pay(params) {
         return new PaymentService(params.provider).pay(params);
     }
+    //  status polling
     async getTransactionStatus(transactionReference) {
-        const data = await gqlRequest(GQL_TRANSACTION_STATUS, {
-            transactionReference,
-        });
+        const data = await gqlRequest(GQL_TRANSACTION_STATUS, { transactionReference });
         const r = data.getTransactionStatus;
         return {
             transactionReference: r.transactionReference,
@@ -3036,5 +3058,26 @@ class KwesPayClient {
         });
     }
 }
+//  Error code helpers 
+function _quoteErrCode(msg) {
+    const m = msg.toLowerCase();
+    if (m.includes("expired"))
+        return "QUOTE_EXPIRED";
+    if (m.includes("key"))
+        return "INVALID_KEY";
+    return "UNKNOWN";
+}
+function _txErrCode(msg) {
+    const m = msg.toLowerCase();
+    if (m.includes("expired"))
+        return "QUOTE_EXPIRED";
+    if (m.includes("already been used"))
+        return "QUOTE_USED";
+    if (m.includes("not found"))
+        return "QUOTE_NOT_FOUND";
+    if (m.includes("key"))
+        return "INVALID_KEY";
+    return "UNKNOWN";
+}
 
 export { KwesPayClient, KwesPayError };