@lnbot/l402 0.1.0

package/dist/index.d.cts

@@ -0,0 +1,27 @@
+import { p as paywall, a as parseAuthorization, b as parseChallenge, f as formatAuthorization, c as formatChallenge } from './headers-ByStTJM9.cjs';
+import { c as client } from './fetch-B0tuycqO.cjs';
+export { L as L402Client } from './fetch-B0tuycqO.cjs';
+export { L as L402ClientOptions, a as L402PaywallOptions, b as L402RequestData, c as L402Token, T as TokenStore } from './types-FRMMn5ej.cjs';
+export { LnBot } from '@lnbot/sdk';
+import 'express';
+
+declare class L402Error extends Error {
+    constructor(message: string);
+}
+declare class L402BudgetExceededError extends L402Error {
+    constructor(message: string);
+}
+declare class L402PaymentFailedError extends L402Error {
+    constructor(message: string);
+}
+
+declare const l402: {
+    paywall: typeof paywall;
+    client: typeof client;
+    parseAuthorization: typeof parseAuthorization;
+    parseChallenge: typeof parseChallenge;
+    formatAuthorization: typeof formatAuthorization;
+    formatChallenge: typeof formatChallenge;
+};
+
+export { L402BudgetExceededError, L402Error, L402PaymentFailedError, l402 };

package/dist/index.d.ts

@@ -0,0 +1,27 @@
+import { p as paywall, a as parseAuthorization, b as parseChallenge, f as formatAuthorization, c as formatChallenge } from './headers-BjcT_Am-.js';
+import { c as client } from './fetch-BPQpEg8M.js';
+export { L as L402Client } from './fetch-BPQpEg8M.js';
+export { L as L402ClientOptions, a as L402PaywallOptions, b as L402RequestData, c as L402Token, T as TokenStore } from './types-FRMMn5ej.js';
+export { LnBot } from '@lnbot/sdk';
+import 'express';
+
+declare class L402Error extends Error {
+    constructor(message: string);
+}
+declare class L402BudgetExceededError extends L402Error {
+    constructor(message: string);
+}
+declare class L402PaymentFailedError extends L402Error {
+    constructor(message: string);
+}
+
+declare const l402: {
+    paywall: typeof paywall;
+    client: typeof client;
+    parseAuthorization: typeof parseAuthorization;
+    parseChallenge: typeof parseChallenge;
+    formatAuthorization: typeof formatAuthorization;
+    formatChallenge: typeof formatChallenge;
+};
+
+export { L402BudgetExceededError, L402Error, L402PaymentFailedError, l402 };

package/dist/index.js

@@ -0,0 +1,260 @@
+// src/server/pricing.ts
+async function resolvePrice(price, req) {
+  return typeof price === "function" ? price(req) : price;
+}
+
+// src/server/middleware.ts
+function paywall(ln, options) {
+  return async (req, res, next) => {
+    const authHeader = req.headers["authorization"];
+    if (authHeader && authHeader.startsWith("L402 ")) {
+      try {
+        const result = await ln.l402.verify({ authorization: authHeader });
+        if (result.valid) {
+          req.l402 = {
+            paymentHash: result.paymentHash,
+            caveats: result.caveats
+          };
+          return next();
+        }
+      } catch {
+      }
+    }
+    const price = await resolvePrice(options.price, req);
+    try {
+      const challenge = await ln.l402.createChallenge({
+        amount: price,
+        description: options.description,
+        expirySeconds: options.expirySeconds,
+        caveats: options.caveats
+      });
+      res.status(402).header("WWW-Authenticate", challenge.wwwAuthenticate).json({
+        type: "payment_required",
+        title: "Payment Required",
+        detail: "Pay the included Lightning invoice to access this resource.",
+        invoice: challenge.invoice,
+        macaroon: challenge.macaroon,
+        price,
+        unit: "satoshis",
+        description: options.description
+      });
+    } catch (err) {
+      next(err);
+    }
+  };
+}
+
+// src/server/headers.ts
+function parseAuthorization(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const token = header.slice(5);
+  const colonIndex = token.lastIndexOf(":");
+  if (colonIndex === -1) return null;
+  return {
+    macaroon: token.slice(0, colonIndex),
+    preimage: token.slice(colonIndex + 1)
+  };
+}
+function parseChallenge(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const macaroonMatch = header.match(/macaroon="([^"]+)"/);
+  const invoiceMatch = header.match(/invoice="([^"]+)"/);
+  if (!macaroonMatch || !invoiceMatch) return null;
+  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };
+}
+function formatAuthorization(macaroon, preimage) {
+  return `L402 ${macaroon}:${preimage}`;
+}
+function formatChallenge(macaroon, invoice) {
+  return `L402 macaroon="${macaroon}", invoice="${invoice}"`;
+}
+
+// src/errors.ts
+var L402Error = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "L402Error";
+  }
+};
+var L402BudgetExceededError = class extends L402Error {
+  constructor(message) {
+    super(message);
+    this.name = "L402BudgetExceededError";
+  }
+};
+var L402PaymentFailedError = class extends L402Error {
+  constructor(message) {
+    super(message);
+    this.name = "L402PaymentFailedError";
+  }
+};
+
+// src/client/budget.ts
+var PERIOD_MS = {
+  hour: 60 * 60 * 1e3,
+  day: 24 * 60 * 60 * 1e3,
+  week: 7 * 24 * 60 * 60 * 1e3,
+  month: 30 * 24 * 60 * 60 * 1e3
+};
+var Budget = class {
+  spent = 0;
+  periodStart = Date.now();
+  totalSats;
+  periodMs;
+  constructor(options) {
+    this.totalSats = options.budgetSats;
+    if (options.budgetPeriod) {
+      this.periodMs = PERIOD_MS[options.budgetPeriod];
+    }
+  }
+  maybeReset() {
+    if (this.periodMs && Date.now() - this.periodStart >= this.periodMs) {
+      this.spent = 0;
+      this.periodStart = Date.now();
+    }
+  }
+  /** Throws L402BudgetExceededError if spending `price` would exceed the budget. */
+  check(price) {
+    if (this.totalSats === void 0) return;
+    this.maybeReset();
+    if (this.spent + price > this.totalSats) {
+      throw new L402BudgetExceededError(
+        `Payment of ${price} sats would exceed budget (${this.spent}/${this.totalSats} sats spent)`
+      );
+    }
+  }
+  /** Record a successful payment. */
+  record(price) {
+    this.maybeReset();
+    this.spent += price;
+  }
+};
+
+// src/client/store.ts
+function normalizeUrl(url) {
+  try {
+    const u = new URL(url);
+    u.search = "";
+    u.hash = "";
+    return u.toString().replace(/\/+$/, "");
+  } catch {
+    return url;
+  }
+}
+var MemoryStore = class {
+  tokens = /* @__PURE__ */ new Map();
+  async get(url) {
+    return this.tokens.get(normalizeUrl(url)) ?? null;
+  }
+  async set(url, token) {
+    this.tokens.set(normalizeUrl(url), token);
+  }
+  async delete(url) {
+    this.tokens.delete(normalizeUrl(url));
+  }
+};
+var NoStore = class {
+  async get() {
+    return null;
+  }
+  async set() {
+  }
+  async delete() {
+  }
+};
+function resolveStore(store) {
+  if (!store || store === "memory") return new MemoryStore();
+  if (store === "none") return new NoStore();
+  return store;
+}
+
+// src/client/fetch.ts
+function client(ln, options = {}) {
+  const store = resolveStore(options.store);
+  const budget = new Budget(options);
+  const maxPrice = options.maxPrice ?? 1e3;
+  async function l402Fetch(url, init) {
+    const cached = await store.get(url);
+    if (cached) {
+      const isExpired = cached.expiresAt && cached.expiresAt.getTime() <= Date.now();
+      if (!isExpired) {
+        const headers = new Headers(init?.headers);
+        headers.set("Authorization", cached.authorization);
+        const res2 = await globalThis.fetch(url, { ...init, headers });
+        if (res2.status !== 402) return res2;
+        await store.delete(url);
+      } else {
+        await store.delete(url);
+      }
+    }
+    const res = await globalThis.fetch(url, init);
+    if (res.status !== 402) return res;
+    const wwwAuth = res.headers.get("www-authenticate");
+    if (!wwwAuth)
+      throw new L402Error("402 response missing WWW-Authenticate header");
+    const challenge = parseChallenge(wwwAuth);
+    if (!challenge) throw new L402Error("Could not parse L402 challenge");
+    const body = await res.json().catch(() => null);
+    const price = body?.price ?? 0;
+    if (price > maxPrice) {
+      throw new L402Error(
+        `Price ${price} sats exceeds maxPrice ${maxPrice}`
+      );
+    }
+    budget.check(price);
+    const payment = await ln.l402.pay({ wwwAuthenticate: wwwAuth });
+    if (payment.status === "failed") {
+      throw new L402PaymentFailedError("L402 payment failed");
+    }
+    if (!payment.authorization) {
+      throw new L402PaymentFailedError(
+        "Payment did not return authorization token"
+      );
+    }
+    const parsed = parseAuthorization(payment.authorization);
+    await store.set(url, {
+      macaroon: parsed?.macaroon ?? challenge.macaroon,
+      preimage: payment.preimage ?? parsed?.preimage ?? "",
+      authorization: payment.authorization,
+      paidAt: /* @__PURE__ */ new Date(),
+      expiresAt: body?.expiresAt ? new Date(body.expiresAt) : void 0
+    });
+    budget.record(price);
+    const retryHeaders = new Headers(init?.headers);
+    retryHeaders.set("Authorization", payment.authorization);
+    return globalThis.fetch(url, { ...init, headers: retryHeaders });
+  }
+  return {
+    fetch: l402Fetch,
+    async get(url, init) {
+      const res = await l402Fetch(url, { ...init, method: "GET" });
+      return res.json();
+    },
+    async post(url, init) {
+      const res = await l402Fetch(url, { ...init, method: "POST" });
+      return res.json();
+    }
+  };
+}
+
+// src/index.ts
+import { LnBot } from "@lnbot/sdk";
+var l402 = {
+  // Server
+  paywall,
+  // Client
+  client,
+  // Header utilities (for custom integrations)
+  parseAuthorization,
+  parseChallenge,
+  formatAuthorization,
+  formatChallenge
+};
+export {
+  L402BudgetExceededError,
+  L402Error,
+  L402PaymentFailedError,
+  LnBot,
+  l402
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../src/server/pricing.ts","../src/server/middleware.ts","../src/server/headers.ts","../src/errors.ts","../src/client/budget.ts","../src/client/store.ts","../src/client/fetch.ts","../src/index.ts"],"sourcesContent":["import type { Request } from \"express\";\n\nexport type PricingFn = (req: Request) => number | Promise<number>;\n\n/** Resolve price from a fixed number or a per-request pricing function. */\nexport async function resolvePrice(\n  price: number | PricingFn,\n  req: Request,\n): Promise<number> {\n  return typeof price === \"function\" ? price(req) : price;\n}\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { LnBot } from \"@lnbot/sdk\";\nimport type { L402PaywallOptions } from \"../types.js\";\nimport { resolvePrice } from \"./pricing.js\";\n\n/**\n * Express middleware factory that protects routes behind an L402 paywall.\n *\n * Two SDK calls:\n *  - `ln.l402.verify()` — check an incoming Authorization header\n *  - `ln.l402.createChallenge()` — mint a new invoice + macaroon challenge\n */\nexport function paywall(ln: LnBot, options: L402PaywallOptions) {\n  return async (req: Request, res: Response, next: NextFunction) => {\n    // Step 1: Check for existing L402 Authorization header\n    const authHeader = req.headers[\"authorization\"];\n\n    if (authHeader && authHeader.startsWith(\"L402 \")) {\n      // Step 2: Verify via SDK (stateless — checks signature, preimage, caveats)\n      try {\n        const result = await ln.l402.verify({ authorization: authHeader });\n\n        if (result.valid) {\n          req.l402 = {\n            paymentHash: result.paymentHash!,\n            caveats: result.caveats,\n          };\n          return next();\n        }\n      } catch {\n        // Verification failed or errored — fall through to issue new challenge\n      }\n    }\n\n    // Step 3: No valid token — create a challenge via SDK\n    const price = await resolvePrice(options.price, req);\n\n    try {\n      const challenge = await ln.l402.createChallenge({\n        amount: price,\n        description: options.description,\n        expirySeconds: options.expirySeconds,\n        caveats: options.caveats,\n      });\n\n      // Step 4: Return 402 with challenge\n      res\n        .status(402)\n        .header(\"WWW-Authenticate\", challenge.wwwAuthenticate)\n        .json({\n          type: \"payment_required\",\n          title: \"Payment Required\",\n          detail:\n            \"Pay the included Lightning invoice to access this resource.\",\n          invoice: challenge.invoice,\n          macaroon: challenge.macaroon,\n          price,\n          unit: \"satoshis\",\n          description: options.description,\n        });\n    } catch (err) {\n      next(err);\n    }\n  };\n}\n","/** Parse an L402 Authorization header into { macaroon, preimage }. */\nexport function parseAuthorization(\n  header: string,\n): { macaroon: string; preimage: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const token = header.slice(5);\n  const colonIndex = token.lastIndexOf(\":\");\n  if (colonIndex === -1) return null;\n  return {\n    macaroon: token.slice(0, colonIndex),\n    preimage: token.slice(colonIndex + 1),\n  };\n}\n\n/** Parse a WWW-Authenticate: L402 header into { macaroon, invoice }. */\nexport function parseChallenge(\n  header: string,\n): { macaroon: string; invoice: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const macaroonMatch = header.match(/macaroon=\"([^\"]+)\"/);\n  const invoiceMatch = header.match(/invoice=\"([^\"]+)\"/);\n  if (!macaroonMatch || !invoiceMatch) return null;\n  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };\n}\n\n/** Format an Authorization header value. */\nexport function formatAuthorization(\n  macaroon: string,\n  preimage: string,\n): string {\n  return `L402 ${macaroon}:${preimage}`;\n}\n\n/** Format a WWW-Authenticate header value. */\nexport function formatChallenge(\n  macaroon: string,\n  invoice: string,\n): string {\n  return `L402 macaroon=\"${macaroon}\", invoice=\"${invoice}\"`;\n}\n","export class L402Error extends Error {\n  constructor(message: string) {\n    super(message);\n    this.name = \"L402Error\";\n  }\n}\n\nexport class L402BudgetExceededError extends L402Error {\n  constructor(message: string) {\n    super(message);\n    this.name = \"L402BudgetExceededError\";\n  }\n}\n\nexport class L402PaymentFailedError extends L402Error {\n  constructor(message: string) {\n    super(message);\n    this.name = \"L402PaymentFailedError\";\n  }\n}\n","import type { L402ClientOptions } from \"../types.js\";\nimport { L402BudgetExceededError } from \"../errors.js\";\n\nconst PERIOD_MS: Record<string, number> = {\n  hour: 60 * 60 * 1000,\n  day: 24 * 60 * 60 * 1000,\n  week: 7 * 24 * 60 * 60 * 1000,\n  month: 30 * 24 * 60 * 60 * 1000,\n};\n\n/** In-memory budget tracker with periodic resets. */\nexport class Budget {\n  private spent = 0;\n  private periodStart = Date.now();\n  private readonly totalSats: number | undefined;\n  private readonly periodMs: number | undefined;\n\n  constructor(options: L402ClientOptions) {\n    this.totalSats = options.budgetSats;\n    if (options.budgetPeriod) {\n      this.periodMs = PERIOD_MS[options.budgetPeriod];\n    }\n  }\n\n  private maybeReset(): void {\n    if (this.periodMs && Date.now() - this.periodStart >= this.periodMs) {\n      this.spent = 0;\n      this.periodStart = Date.now();\n    }\n  }\n\n  /** Throws L402BudgetExceededError if spending `price` would exceed the budget. */\n  check(price: number): void {\n    if (this.totalSats === undefined) return;\n    this.maybeReset();\n    if (this.spent + price > this.totalSats) {\n      throw new L402BudgetExceededError(\n        `Payment of ${price} sats would exceed budget (${this.spent}/${this.totalSats} sats spent)`,\n      );\n    }\n  }\n\n  /** Record a successful payment. */\n  record(price: number): void {\n    this.maybeReset();\n    this.spent += price;\n  }\n}\n","import type { TokenStore, L402Token } from \"../types.js\";\n\n/** Strip query params, hash, and trailing slashes for consistent cache keys. */\nfunction normalizeUrl(url: string): string {\n  try {\n    const u = new URL(url);\n    u.search = \"\";\n    u.hash = \"\";\n    return u.toString().replace(/\\/+$/, \"\");\n  } catch {\n    return url;\n  }\n}\n\n/** Default in-memory token cache backed by a Map. */\nexport class MemoryStore implements TokenStore {\n  private tokens = new Map<string, L402Token>();\n\n  async get(url: string): Promise<L402Token | null> {\n    return this.tokens.get(normalizeUrl(url)) ?? null;\n  }\n\n  async set(url: string, token: L402Token): Promise<void> {\n    this.tokens.set(normalizeUrl(url), token);\n  }\n\n  async delete(url: string): Promise<void> {\n    this.tokens.delete(normalizeUrl(url));\n  }\n}\n\n/** No-op store — never caches, every request pays fresh. */\nexport class NoStore implements TokenStore {\n  async get(): Promise<null> {\n    return null;\n  }\n  async set(): Promise<void> {}\n  async delete(): Promise<void> {}\n}\n\n/** Resolve the `store` option into a concrete TokenStore. */\nexport function resolveStore(\n  store?: \"memory\" | \"none\" | TokenStore,\n): TokenStore {\n  if (!store || store === \"memory\") return new MemoryStore();\n  if (store === \"none\") return new NoStore();\n  return store;\n}\n","import type { LnBot } from \"@lnbot/sdk\";\nimport type { L402ClientOptions } from \"../types.js\";\nimport {\n  L402Error,\n  L402PaymentFailedError,\n} from \"../errors.js\";\nimport { parseChallenge, parseAuthorization } from \"../server/headers.js\";\nimport { Budget } from \"./budget.js\";\nimport { resolveStore } from \"./store.js\";\n\n/** An L402-aware HTTP client that transparently pays Lightning invoices on 402 responses. */\nexport interface L402Client {\n  /** L402-aware fetch — pays 402 challenges automatically. */\n  fetch(url: string, init?: RequestInit): Promise<Response>;\n  /** GET + JSON parse with automatic L402 payment. */\n  get(url: string, init?: RequestInit): Promise<unknown>;\n  /** POST + JSON parse with automatic L402 payment. */\n  post(url: string, init?: RequestInit): Promise<unknown>;\n}\n\n/**\n * Create an L402-aware HTTP client.\n *\n * One SDK call: `ln.l402.pay()` — pays the invoice and returns the Authorization token.\n */\nexport function client(ln: LnBot, options: L402ClientOptions = {}): L402Client {\n  const store = resolveStore(options.store);\n  const budget = new Budget(options);\n  const maxPrice = options.maxPrice ?? 1000;\n\n  async function l402Fetch(\n    url: string,\n    init?: RequestInit,\n  ): Promise<Response> {\n    // Step 1: Check token cache\n    const cached = await store.get(url);\n    if (cached) {\n      const isExpired =\n        cached.expiresAt && cached.expiresAt.getTime() <= Date.now();\n      if (!isExpired) {\n        const headers = new Headers(init?.headers);\n        headers.set(\"Authorization\", cached.authorization);\n        const res = await globalThis.fetch(url, { ...init, headers });\n        // If the cached token was rejected (expired server-side), fall through\n        if (res.status !== 402) return res;\n        await store.delete(url);\n      } else {\n        await store.delete(url);\n      }\n    }\n\n    // Step 2: Make request without auth\n    const res = await globalThis.fetch(url, init);\n    if (res.status !== 402) return res;\n\n    // Step 3: Parse the 402 challenge\n    const wwwAuth = res.headers.get(\"www-authenticate\");\n    if (!wwwAuth)\n      throw new L402Error(\"402 response missing WWW-Authenticate header\");\n\n    const challenge = parseChallenge(wwwAuth);\n    if (!challenge) throw new L402Error(\"Could not parse L402 challenge\");\n\n    // Parse body for price info\n    const body = await res.json().catch(() => null);\n    const price: number = body?.price ?? 0;\n\n    // Step 4: Budget checks\n    if (price > maxPrice) {\n      throw new L402Error(\n        `Price ${price} sats exceeds maxPrice ${maxPrice}`,\n      );\n    }\n    budget.check(price);\n\n    // Step 5: Pay via SDK\n    const payment = await ln.l402.pay({ wwwAuthenticate: wwwAuth });\n\n    if (payment.status === \"failed\") {\n      throw new L402PaymentFailedError(\"L402 payment failed\");\n    }\n    if (!payment.authorization) {\n      throw new L402PaymentFailedError(\n        \"Payment did not return authorization token\",\n      );\n    }\n\n    // Step 6: Cache the token\n    const parsed = parseAuthorization(payment.authorization);\n    await store.set(url, {\n      macaroon: parsed?.macaroon ?? challenge.macaroon,\n      preimage: payment.preimage ?? parsed?.preimage ?? \"\",\n      authorization: payment.authorization,\n      paidAt: new Date(),\n      expiresAt: body?.expiresAt\n        ? new Date(body.expiresAt)\n        : undefined,\n    });\n\n    budget.record(price);\n\n    // Step 7: Retry with L402 Authorization\n    const retryHeaders = new Headers(init?.headers);\n    retryHeaders.set(\"Authorization\", payment.authorization);\n    return globalThis.fetch(url, { ...init, headers: retryHeaders });\n  }\n\n  return {\n    fetch: l402Fetch,\n    async get(url: string, init?: RequestInit) {\n      const res = await l402Fetch(url, { ...init, method: \"GET\" });\n      return res.json();\n    },\n    async post(url: string, init?: RequestInit) {\n      const res = await l402Fetch(url, { ...init, method: \"POST\" });\n      return res.json();\n    },\n  };\n}\n","import { paywall } from \"./server/middleware.js\";\nimport {\n  parseAuthorization,\n  parseChallenge,\n  formatAuthorization,\n  formatChallenge,\n} from \"./server/headers.js\";\nimport { client } from \"./client/fetch.js\";\n\nexport const l402 = {\n  // Server\n  paywall,\n\n  // Client\n  client,\n\n  // Header utilities (for custom integrations)\n  parseAuthorization,\n  parseChallenge,\n  formatAuthorization,\n  formatChallenge,\n};\n\nexport type {\n  L402PaywallOptions,\n  L402ClientOptions,\n  L402Token,\n  TokenStore,\n  L402RequestData,\n} from \"./types.js\";\n\nexport type { L402Client } from \"./client/fetch.js\";\n\nexport { L402Error, L402BudgetExceededError, L402PaymentFailedError } from \"./errors.js\";\n\nexport { LnBot } from \"@lnbot/sdk\";\n"],"mappings":";AAKA,eAAsB,aACpB,OACA,KACiB;AACjB,SAAO,OAAO,UAAU,aAAa,MAAM,GAAG,IAAI;AACpD;;;ACEO,SAAS,QAAQ,IAAW,SAA6B;AAC9D,SAAO,OAAO,KAAc,KAAe,SAAuB;AAEhE,UAAM,aAAa,IAAI,QAAQ,eAAe;AAE9C,QAAI,cAAc,WAAW,WAAW,OAAO,GAAG;AAEhD,UAAI;AACF,cAAM,SAAS,MAAM,GAAG,KAAK,OAAO,EAAE,eAAe,WAAW,CAAC;AAEjE,YAAI,OAAO,OAAO;AAChB,cAAI,OAAO;AAAA,YACT,aAAa,OAAO;AAAA,YACpB,SAAS,OAAO;AAAA,UAClB;AACA,iBAAO,KAAK;AAAA,QACd;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAGA,UAAM,QAAQ,MAAM,aAAa,QAAQ,OAAO,GAAG;AAEnD,QAAI;AACF,YAAM,YAAY,MAAM,GAAG,KAAK,gBAAgB;AAAA,QAC9C,QAAQ;AAAA,QACR,aAAa,QAAQ;AAAA,QACrB,eAAe,QAAQ;AAAA,QACvB,SAAS,QAAQ;AAAA,MACnB,CAAC;AAGD,UACG,OAAO,GAAG,EACV,OAAO,oBAAoB,UAAU,eAAe,EACpD,KAAK;AAAA,QACJ,MAAM;AAAA,QACN,OAAO;AAAA,QACP,QACE;AAAA,QACF,SAAS,UAAU;AAAA,QACnB,UAAU,UAAU;AAAA,QACpB;AAAA,QACA,MAAM;AAAA,QACN,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACL,SAAS,KAAK;AACZ,WAAK,GAAG;AAAA,IACV;AAAA,EACF;AACF;;;AC/DO,SAAS,mBACd,QAC+C;AAC/C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,QAAQ,OAAO,MAAM,CAAC;AAC5B,QAAM,aAAa,MAAM,YAAY,GAAG;AACxC,MAAI,eAAe,GAAI,QAAO;AAC9B,SAAO;AAAA,IACL,UAAU,MAAM,MAAM,GAAG,UAAU;AAAA,IACnC,UAAU,MAAM,MAAM,aAAa,CAAC;AAAA,EACtC;AACF;AAGO,SAAS,eACd,QAC8C;AAC9C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,gBAAgB,OAAO,MAAM,oBAAoB;AACvD,QAAM,eAAe,OAAO,MAAM,mBAAmB;AACrD,MAAI,CAAC,iBAAiB,CAAC,aAAc,QAAO;AAC5C,SAAO,EAAE,UAAU,cAAc,CAAC,GAAG,SAAS,aAAa,CAAC,EAAE;AAChE;AAGO,SAAS,oBACd,UACA,UACQ;AACR,SAAO,QAAQ,QAAQ,IAAI,QAAQ;AACrC;AAGO,SAAS,gBACd,UACA,SACQ;AACR,SAAO,kBAAkB,QAAQ,eAAe,OAAO;AACzD;;;ACvCO,IAAM,YAAN,cAAwB,MAAM;AAAA,EACnC,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,UAAU;AAAA,EACrD,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,yBAAN,cAAqC,UAAU;AAAA,EACpD,YAAY,SAAiB;AAC3B,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;;;AChBA,IAAM,YAAoC;AAAA,EACxC,MAAM,KAAK,KAAK;AAAA,EAChB,KAAK,KAAK,KAAK,KAAK;AAAA,EACpB,MAAM,IAAI,KAAK,KAAK,KAAK;AAAA,EACzB,OAAO,KAAK,KAAK,KAAK,KAAK;AAC7B;AAGO,IAAM,SAAN,MAAa;AAAA,EACV,QAAQ;AAAA,EACR,cAAc,KAAK,IAAI;AAAA,EACd;AAAA,EACA;AAAA,EAEjB,YAAY,SAA4B;AACtC,SAAK,YAAY,QAAQ;AACzB,QAAI,QAAQ,cAAc;AACxB,WAAK,WAAW,UAAU,QAAQ,YAAY;AAAA,IAChD;AAAA,EACF;AAAA,EAEQ,aAAmB;AACzB,QAAI,KAAK,YAAY,KAAK,IAAI,IAAI,KAAK,eAAe,KAAK,UAAU;AACnE,WAAK,QAAQ;AACb,WAAK,cAAc,KAAK,IAAI;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA,EAGA,MAAM,OAAqB;AACzB,QAAI,KAAK,cAAc,OAAW;AAClC,SAAK,WAAW;AAChB,QAAI,KAAK,QAAQ,QAAQ,KAAK,WAAW;AACvC,YAAM,IAAI;AAAA,QACR,cAAc,KAAK,8BAA8B,KAAK,KAAK,IAAI,KAAK,SAAS;AAAA,MAC/E;AAAA,IACF;AAAA,EACF;AAAA;AAAA,EAGA,OAAO,OAAqB;AAC1B,SAAK,WAAW;AAChB,SAAK,SAAS;AAAA,EAChB;AACF;;;AC5CA,SAAS,aAAa,KAAqB;AACzC,MAAI;AACF,UAAM,IAAI,IAAI,IAAI,GAAG;AACrB,MAAE,SAAS;AACX,MAAE,OAAO;AACT,WAAO,EAAE,SAAS,EAAE,QAAQ,QAAQ,EAAE;AAAA,EACxC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAGO,IAAM,cAAN,MAAwC;AAAA,EACrC,SAAS,oBAAI,IAAuB;AAAA,EAE5C,MAAM,IAAI,KAAwC;AAChD,WAAO,KAAK,OAAO,IAAI,aAAa,GAAG,CAAC,KAAK;AAAA,EAC/C;AAAA,EAEA,MAAM,IAAI,KAAa,OAAiC;AACtD,SAAK,OAAO,IAAI,aAAa,GAAG,GAAG,KAAK;AAAA,EAC1C;AAAA,EAEA,MAAM,OAAO,KAA4B;AACvC,SAAK,OAAO,OAAO,aAAa,GAAG,CAAC;AAAA,EACtC;AACF;AAGO,IAAM,UAAN,MAAoC;AAAA,EACzC,MAAM,MAAqB;AACzB,WAAO;AAAA,EACT;AAAA,EACA,MAAM,MAAqB;AAAA,EAAC;AAAA,EAC5B,MAAM,SAAwB;AAAA,EAAC;AACjC;AAGO,SAAS,aACd,OACY;AACZ,MAAI,CAAC,SAAS,UAAU,SAAU,QAAO,IAAI,YAAY;AACzD,MAAI,UAAU,OAAQ,QAAO,IAAI,QAAQ;AACzC,SAAO;AACT;;;ACtBO,SAAS,OAAO,IAAW,UAA6B,CAAC,GAAe;AAC7E,QAAM,QAAQ,aAAa,QAAQ,KAAK;AACxC,QAAM,SAAS,IAAI,OAAO,OAAO;AACjC,QAAM,WAAW,QAAQ,YAAY;AAErC,iBAAe,UACb,KACA,MACmB;AAEnB,UAAM,SAAS,MAAM,MAAM,IAAI,GAAG;AAClC,QAAI,QAAQ;AACV,YAAM,YACJ,OAAO,aAAa,OAAO,UAAU,QAAQ,KAAK,KAAK,IAAI;AAC7D,UAAI,CAAC,WAAW;AACd,cAAM,UAAU,IAAI,QAAQ,MAAM,OAAO;AACzC,gBAAQ,IAAI,iBAAiB,OAAO,aAAa;AACjD,cAAMA,OAAM,MAAM,WAAW,MAAM,KAAK,EAAE,GAAG,MAAM,QAAQ,CAAC;AAE5D,YAAIA,KAAI,WAAW,IAAK,QAAOA;AAC/B,cAAM,MAAM,OAAO,GAAG;AAAA,MACxB,OAAO;AACL,cAAM,MAAM,OAAO,GAAG;AAAA,MACxB;AAAA,IACF;AAGA,UAAM,MAAM,MAAM,WAAW,MAAM,KAAK,IAAI;AAC5C,QAAI,IAAI,WAAW,IAAK,QAAO;AAG/B,UAAM,UAAU,IAAI,QAAQ,IAAI,kBAAkB;AAClD,QAAI,CAAC;AACH,YAAM,IAAI,UAAU,8CAA8C;AAEpE,UAAM,YAAY,eAAe,OAAO;AACxC,QAAI,CAAC,UAAW,OAAM,IAAI,UAAU,gCAAgC;AAGpE,UAAM,OAAO,MAAM,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI;AAC9C,UAAM,QAAgB,MAAM,SAAS;AAGrC,QAAI,QAAQ,UAAU;AACpB,YAAM,IAAI;AAAA,QACR,SAAS,KAAK,0BAA0B,QAAQ;AAAA,MAClD;AAAA,IACF;AACA,WAAO,MAAM,KAAK;AAGlB,UAAM,UAAU,MAAM,GAAG,KAAK,IAAI,EAAE,iBAAiB,QAAQ,CAAC;AAE9D,QAAI,QAAQ,WAAW,UAAU;AAC/B,YAAM,IAAI,uBAAuB,qBAAqB;AAAA,IACxD;AACA,QAAI,CAAC,QAAQ,eAAe;AAC1B,YAAM,IAAI;AAAA,QACR;AAAA,MACF;AAAA,IACF;AAGA,UAAM,SAAS,mBAAmB,QAAQ,aAAa;AACvD,UAAM,MAAM,IAAI,KAAK;AAAA,MACnB,UAAU,QAAQ,YAAY,UAAU;AAAA,MACxC,UAAU,QAAQ,YAAY,QAAQ,YAAY;AAAA,MAClD,eAAe,QAAQ;AAAA,MACvB,QAAQ,oBAAI,KAAK;AAAA,MACjB,WAAW,MAAM,YACb,IAAI,KAAK,KAAK,SAAS,IACvB;AAAA,IACN,CAAC;AAED,WAAO,OAAO,KAAK;AAGnB,UAAM,eAAe,IAAI,QAAQ,MAAM,OAAO;AAC9C,iBAAa,IAAI,iBAAiB,QAAQ,aAAa;AACvD,WAAO,WAAW,MAAM,KAAK,EAAE,GAAG,MAAM,SAAS,aAAa,CAAC;AAAA,EACjE;AAEA,SAAO;AAAA,IACL,OAAO;AAAA,IACP,MAAM,IAAI,KAAa,MAAoB;AACzC,YAAM,MAAM,MAAM,UAAU,KAAK,EAAE,GAAG,MAAM,QAAQ,MAAM,CAAC;AAC3D,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,IACA,MAAM,KAAK,KAAa,MAAoB;AAC1C,YAAM,MAAM,MAAM,UAAU,KAAK,EAAE,GAAG,MAAM,QAAQ,OAAO,CAAC;AAC5D,aAAO,IAAI,KAAK;AAAA,IAClB;AAAA,EACF;AACF;;;ACnFA,SAAS,aAAa;AA1Bf,IAAM,OAAO;AAAA;AAAA,EAElB;AAAA;AAAA,EAGA;AAAA;AAAA,EAGA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;","names":["res"]}

package/dist/server/index.cjs

@@ -0,0 +1,111 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/server/index.ts
+var server_exports = {};
+__export(server_exports, {
+  formatAuthorization: () => formatAuthorization,
+  formatChallenge: () => formatChallenge,
+  parseAuthorization: () => parseAuthorization,
+  parseChallenge: () => parseChallenge,
+  paywall: () => paywall,
+  resolvePrice: () => resolvePrice
+});
+module.exports = __toCommonJS(server_exports);
+
+// src/server/pricing.ts
+async function resolvePrice(price, req) {
+  return typeof price === "function" ? price(req) : price;
+}
+
+// src/server/middleware.ts
+function paywall(ln, options) {
+  return async (req, res, next) => {
+    const authHeader = req.headers["authorization"];
+    if (authHeader && authHeader.startsWith("L402 ")) {
+      try {
+        const result = await ln.l402.verify({ authorization: authHeader });
+        if (result.valid) {
+          req.l402 = {
+            paymentHash: result.paymentHash,
+            caveats: result.caveats
+          };
+          return next();
+        }
+      } catch {
+      }
+    }
+    const price = await resolvePrice(options.price, req);
+    try {
+      const challenge = await ln.l402.createChallenge({
+        amount: price,
+        description: options.description,
+        expirySeconds: options.expirySeconds,
+        caveats: options.caveats
+      });
+      res.status(402).header("WWW-Authenticate", challenge.wwwAuthenticate).json({
+        type: "payment_required",
+        title: "Payment Required",
+        detail: "Pay the included Lightning invoice to access this resource.",
+        invoice: challenge.invoice,
+        macaroon: challenge.macaroon,
+        price,
+        unit: "satoshis",
+        description: options.description
+      });
+    } catch (err) {
+      next(err);
+    }
+  };
+}
+
+// src/server/headers.ts
+function parseAuthorization(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const token = header.slice(5);
+  const colonIndex = token.lastIndexOf(":");
+  if (colonIndex === -1) return null;
+  return {
+    macaroon: token.slice(0, colonIndex),
+    preimage: token.slice(colonIndex + 1)
+  };
+}
+function parseChallenge(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const macaroonMatch = header.match(/macaroon="([^"]+)"/);
+  const invoiceMatch = header.match(/invoice="([^"]+)"/);
+  if (!macaroonMatch || !invoiceMatch) return null;
+  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };
+}
+function formatAuthorization(macaroon, preimage) {
+  return `L402 ${macaroon}:${preimage}`;
+}
+function formatChallenge(macaroon, invoice) {
+  return `L402 macaroon="${macaroon}", invoice="${invoice}"`;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  formatAuthorization,
+  formatChallenge,
+  parseAuthorization,
+  parseChallenge,
+  paywall,
+  resolvePrice
+});
+//# sourceMappingURL=index.cjs.map

package/dist/server/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/server/index.ts","../../src/server/pricing.ts","../../src/server/middleware.ts","../../src/server/headers.ts"],"sourcesContent":["export { paywall } from \"./middleware.js\";\nexport {\n  parseAuthorization,\n  parseChallenge,\n  formatAuthorization,\n  formatChallenge,\n} from \"./headers.js\";\nexport { resolvePrice, type PricingFn } from \"./pricing.js\";\n","import type { Request } from \"express\";\n\nexport type PricingFn = (req: Request) => number | Promise<number>;\n\n/** Resolve price from a fixed number or a per-request pricing function. */\nexport async function resolvePrice(\n  price: number | PricingFn,\n  req: Request,\n): Promise<number> {\n  return typeof price === \"function\" ? price(req) : price;\n}\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { LnBot } from \"@lnbot/sdk\";\nimport type { L402PaywallOptions } from \"../types.js\";\nimport { resolvePrice } from \"./pricing.js\";\n\n/**\n * Express middleware factory that protects routes behind an L402 paywall.\n *\n * Two SDK calls:\n *  - `ln.l402.verify()` — check an incoming Authorization header\n *  - `ln.l402.createChallenge()` — mint a new invoice + macaroon challenge\n */\nexport function paywall(ln: LnBot, options: L402PaywallOptions) {\n  return async (req: Request, res: Response, next: NextFunction) => {\n    // Step 1: Check for existing L402 Authorization header\n    const authHeader = req.headers[\"authorization\"];\n\n    if (authHeader && authHeader.startsWith(\"L402 \")) {\n      // Step 2: Verify via SDK (stateless — checks signature, preimage, caveats)\n      try {\n        const result = await ln.l402.verify({ authorization: authHeader });\n\n        if (result.valid) {\n          req.l402 = {\n            paymentHash: result.paymentHash!,\n            caveats: result.caveats,\n          };\n          return next();\n        }\n      } catch {\n        // Verification failed or errored — fall through to issue new challenge\n      }\n    }\n\n    // Step 3: No valid token — create a challenge via SDK\n    const price = await resolvePrice(options.price, req);\n\n    try {\n      const challenge = await ln.l402.createChallenge({\n        amount: price,\n        description: options.description,\n        expirySeconds: options.expirySeconds,\n        caveats: options.caveats,\n      });\n\n      // Step 4: Return 402 with challenge\n      res\n        .status(402)\n        .header(\"WWW-Authenticate\", challenge.wwwAuthenticate)\n        .json({\n          type: \"payment_required\",\n          title: \"Payment Required\",\n          detail:\n            \"Pay the included Lightning invoice to access this resource.\",\n          invoice: challenge.invoice,\n          macaroon: challenge.macaroon,\n          price,\n          unit: \"satoshis\",\n          description: options.description,\n        });\n    } catch (err) {\n      next(err);\n    }\n  };\n}\n","/** Parse an L402 Authorization header into { macaroon, preimage }. */\nexport function parseAuthorization(\n  header: string,\n): { macaroon: string; preimage: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const token = header.slice(5);\n  const colonIndex = token.lastIndexOf(\":\");\n  if (colonIndex === -1) return null;\n  return {\n    macaroon: token.slice(0, colonIndex),\n    preimage: token.slice(colonIndex + 1),\n  };\n}\n\n/** Parse a WWW-Authenticate: L402 header into { macaroon, invoice }. */\nexport function parseChallenge(\n  header: string,\n): { macaroon: string; invoice: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const macaroonMatch = header.match(/macaroon=\"([^\"]+)\"/);\n  const invoiceMatch = header.match(/invoice=\"([^\"]+)\"/);\n  if (!macaroonMatch || !invoiceMatch) return null;\n  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };\n}\n\n/** Format an Authorization header value. */\nexport function formatAuthorization(\n  macaroon: string,\n  preimage: string,\n): string {\n  return `L402 ${macaroon}:${preimage}`;\n}\n\n/** Format a WWW-Authenticate header value. */\nexport function formatChallenge(\n  macaroon: string,\n  invoice: string,\n): string {\n  return `L402 macaroon=\"${macaroon}\", invoice=\"${invoice}\"`;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACKA,eAAsB,aACpB,OACA,KACiB;AACjB,SAAO,OAAO,UAAU,aAAa,MAAM,GAAG,IAAI;AACpD;;;ACEO,SAAS,QAAQ,IAAW,SAA6B;AAC9D,SAAO,OAAO,KAAc,KAAe,SAAuB;AAEhE,UAAM,aAAa,IAAI,QAAQ,eAAe;AAE9C,QAAI,cAAc,WAAW,WAAW,OAAO,GAAG;AAEhD,UAAI;AACF,cAAM,SAAS,MAAM,GAAG,KAAK,OAAO,EAAE,eAAe,WAAW,CAAC;AAEjE,YAAI,OAAO,OAAO;AAChB,cAAI,OAAO;AAAA,YACT,aAAa,OAAO;AAAA,YACpB,SAAS,OAAO;AAAA,UAClB;AACA,iBAAO,KAAK;AAAA,QACd;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAGA,UAAM,QAAQ,MAAM,aAAa,QAAQ,OAAO,GAAG;AAEnD,QAAI;AACF,YAAM,YAAY,MAAM,GAAG,KAAK,gBAAgB;AAAA,QAC9C,QAAQ;AAAA,QACR,aAAa,QAAQ;AAAA,QACrB,eAAe,QAAQ;AAAA,QACvB,SAAS,QAAQ;AAAA,MACnB,CAAC;AAGD,UACG,OAAO,GAAG,EACV,OAAO,oBAAoB,UAAU,eAAe,EACpD,KAAK;AAAA,QACJ,MAAM;AAAA,QACN,OAAO;AAAA,QACP,QACE;AAAA,QACF,SAAS,UAAU;AAAA,QACnB,UAAU,UAAU;AAAA,QACpB;AAAA,QACA,MAAM;AAAA,QACN,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACL,SAAS,KAAK;AACZ,WAAK,GAAG;AAAA,IACV;AAAA,EACF;AACF;;;AC/DO,SAAS,mBACd,QAC+C;AAC/C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,QAAQ,OAAO,MAAM,CAAC;AAC5B,QAAM,aAAa,MAAM,YAAY,GAAG;AACxC,MAAI,eAAe,GAAI,QAAO;AAC9B,SAAO;AAAA,IACL,UAAU,MAAM,MAAM,GAAG,UAAU;AAAA,IACnC,UAAU,MAAM,MAAM,aAAa,CAAC;AAAA,EACtC;AACF;AAGO,SAAS,eACd,QAC8C;AAC9C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,gBAAgB,OAAO,MAAM,oBAAoB;AACvD,QAAM,eAAe,OAAO,MAAM,mBAAmB;AACrD,MAAI,CAAC,iBAAiB,CAAC,aAAc,QAAO;AAC5C,SAAO,EAAE,UAAU,cAAc,CAAC,GAAG,SAAS,aAAa,CAAC,EAAE;AAChE;AAGO,SAAS,oBACd,UACA,UACQ;AACR,SAAO,QAAQ,QAAQ,IAAI,QAAQ;AACrC;AAGO,SAAS,gBACd,UACA,SACQ;AACR,SAAO,kBAAkB,QAAQ,eAAe,OAAO;AACzD;","names":[]}

package/dist/server/index.d.cts

@@ -0,0 +1,10 @@
+export { f as formatAuthorization, c as formatChallenge, a as parseAuthorization, b as parseChallenge, p as paywall } from '../headers-ByStTJM9.cjs';
+import { Request } from 'express';
+import '@lnbot/sdk';
+import '../types-FRMMn5ej.cjs';
+
+type PricingFn = (req: Request) => number | Promise<number>;
+/** Resolve price from a fixed number or a per-request pricing function. */
+declare function resolvePrice(price: number | PricingFn, req: Request): Promise<number>;
+
+export { type PricingFn, resolvePrice };

package/dist/server/index.d.ts

@@ -0,0 +1,10 @@
+export { f as formatAuthorization, c as formatChallenge, a as parseAuthorization, b as parseChallenge, p as paywall } from '../headers-BjcT_Am-.js';
+import { Request } from 'express';
+import '@lnbot/sdk';
+import '../types-FRMMn5ej.js';
+
+type PricingFn = (req: Request) => number | Promise<number>;
+/** Resolve price from a fixed number or a per-request pricing function. */
+declare function resolvePrice(price: number | PricingFn, req: Request): Promise<number>;
+
+export { type PricingFn, resolvePrice };

package/dist/server/index.js

@@ -0,0 +1,79 @@
+// src/server/pricing.ts
+async function resolvePrice(price, req) {
+  return typeof price === "function" ? price(req) : price;
+}
+
+// src/server/middleware.ts
+function paywall(ln, options) {
+  return async (req, res, next) => {
+    const authHeader = req.headers["authorization"];
+    if (authHeader && authHeader.startsWith("L402 ")) {
+      try {
+        const result = await ln.l402.verify({ authorization: authHeader });
+        if (result.valid) {
+          req.l402 = {
+            paymentHash: result.paymentHash,
+            caveats: result.caveats
+          };
+          return next();
+        }
+      } catch {
+      }
+    }
+    const price = await resolvePrice(options.price, req);
+    try {
+      const challenge = await ln.l402.createChallenge({
+        amount: price,
+        description: options.description,
+        expirySeconds: options.expirySeconds,
+        caveats: options.caveats
+      });
+      res.status(402).header("WWW-Authenticate", challenge.wwwAuthenticate).json({
+        type: "payment_required",
+        title: "Payment Required",
+        detail: "Pay the included Lightning invoice to access this resource.",
+        invoice: challenge.invoice,
+        macaroon: challenge.macaroon,
+        price,
+        unit: "satoshis",
+        description: options.description
+      });
+    } catch (err) {
+      next(err);
+    }
+  };
+}
+
+// src/server/headers.ts
+function parseAuthorization(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const token = header.slice(5);
+  const colonIndex = token.lastIndexOf(":");
+  if (colonIndex === -1) return null;
+  return {
+    macaroon: token.slice(0, colonIndex),
+    preimage: token.slice(colonIndex + 1)
+  };
+}
+function parseChallenge(header) {
+  if (!header.startsWith("L402 ")) return null;
+  const macaroonMatch = header.match(/macaroon="([^"]+)"/);
+  const invoiceMatch = header.match(/invoice="([^"]+)"/);
+  if (!macaroonMatch || !invoiceMatch) return null;
+  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };
+}
+function formatAuthorization(macaroon, preimage) {
+  return `L402 ${macaroon}:${preimage}`;
+}
+function formatChallenge(macaroon, invoice) {
+  return `L402 macaroon="${macaroon}", invoice="${invoice}"`;
+}
+export {
+  formatAuthorization,
+  formatChallenge,
+  parseAuthorization,
+  parseChallenge,
+  paywall,
+  resolvePrice
+};
+//# sourceMappingURL=index.js.map

package/dist/server/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/server/pricing.ts","../../src/server/middleware.ts","../../src/server/headers.ts"],"sourcesContent":["import type { Request } from \"express\";\n\nexport type PricingFn = (req: Request) => number | Promise<number>;\n\n/** Resolve price from a fixed number or a per-request pricing function. */\nexport async function resolvePrice(\n  price: number | PricingFn,\n  req: Request,\n): Promise<number> {\n  return typeof price === \"function\" ? price(req) : price;\n}\n","import type { Request, Response, NextFunction } from \"express\";\nimport type { LnBot } from \"@lnbot/sdk\";\nimport type { L402PaywallOptions } from \"../types.js\";\nimport { resolvePrice } from \"./pricing.js\";\n\n/**\n * Express middleware factory that protects routes behind an L402 paywall.\n *\n * Two SDK calls:\n *  - `ln.l402.verify()` — check an incoming Authorization header\n *  - `ln.l402.createChallenge()` — mint a new invoice + macaroon challenge\n */\nexport function paywall(ln: LnBot, options: L402PaywallOptions) {\n  return async (req: Request, res: Response, next: NextFunction) => {\n    // Step 1: Check for existing L402 Authorization header\n    const authHeader = req.headers[\"authorization\"];\n\n    if (authHeader && authHeader.startsWith(\"L402 \")) {\n      // Step 2: Verify via SDK (stateless — checks signature, preimage, caveats)\n      try {\n        const result = await ln.l402.verify({ authorization: authHeader });\n\n        if (result.valid) {\n          req.l402 = {\n            paymentHash: result.paymentHash!,\n            caveats: result.caveats,\n          };\n          return next();\n        }\n      } catch {\n        // Verification failed or errored — fall through to issue new challenge\n      }\n    }\n\n    // Step 3: No valid token — create a challenge via SDK\n    const price = await resolvePrice(options.price, req);\n\n    try {\n      const challenge = await ln.l402.createChallenge({\n        amount: price,\n        description: options.description,\n        expirySeconds: options.expirySeconds,\n        caveats: options.caveats,\n      });\n\n      // Step 4: Return 402 with challenge\n      res\n        .status(402)\n        .header(\"WWW-Authenticate\", challenge.wwwAuthenticate)\n        .json({\n          type: \"payment_required\",\n          title: \"Payment Required\",\n          detail:\n            \"Pay the included Lightning invoice to access this resource.\",\n          invoice: challenge.invoice,\n          macaroon: challenge.macaroon,\n          price,\n          unit: \"satoshis\",\n          description: options.description,\n        });\n    } catch (err) {\n      next(err);\n    }\n  };\n}\n","/** Parse an L402 Authorization header into { macaroon, preimage }. */\nexport function parseAuthorization(\n  header: string,\n): { macaroon: string; preimage: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const token = header.slice(5);\n  const colonIndex = token.lastIndexOf(\":\");\n  if (colonIndex === -1) return null;\n  return {\n    macaroon: token.slice(0, colonIndex),\n    preimage: token.slice(colonIndex + 1),\n  };\n}\n\n/** Parse a WWW-Authenticate: L402 header into { macaroon, invoice }. */\nexport function parseChallenge(\n  header: string,\n): { macaroon: string; invoice: string } | null {\n  if (!header.startsWith(\"L402 \")) return null;\n  const macaroonMatch = header.match(/macaroon=\"([^\"]+)\"/);\n  const invoiceMatch = header.match(/invoice=\"([^\"]+)\"/);\n  if (!macaroonMatch || !invoiceMatch) return null;\n  return { macaroon: macaroonMatch[1], invoice: invoiceMatch[1] };\n}\n\n/** Format an Authorization header value. */\nexport function formatAuthorization(\n  macaroon: string,\n  preimage: string,\n): string {\n  return `L402 ${macaroon}:${preimage}`;\n}\n\n/** Format a WWW-Authenticate header value. */\nexport function formatChallenge(\n  macaroon: string,\n  invoice: string,\n): string {\n  return `L402 macaroon=\"${macaroon}\", invoice=\"${invoice}\"`;\n}\n"],"mappings":";AAKA,eAAsB,aACpB,OACA,KACiB;AACjB,SAAO,OAAO,UAAU,aAAa,MAAM,GAAG,IAAI;AACpD;;;ACEO,SAAS,QAAQ,IAAW,SAA6B;AAC9D,SAAO,OAAO,KAAc,KAAe,SAAuB;AAEhE,UAAM,aAAa,IAAI,QAAQ,eAAe;AAE9C,QAAI,cAAc,WAAW,WAAW,OAAO,GAAG;AAEhD,UAAI;AACF,cAAM,SAAS,MAAM,GAAG,KAAK,OAAO,EAAE,eAAe,WAAW,CAAC;AAEjE,YAAI,OAAO,OAAO;AAChB,cAAI,OAAO;AAAA,YACT,aAAa,OAAO;AAAA,YACpB,SAAS,OAAO;AAAA,UAClB;AACA,iBAAO,KAAK;AAAA,QACd;AAAA,MACF,QAAQ;AAAA,MAER;AAAA,IACF;AAGA,UAAM,QAAQ,MAAM,aAAa,QAAQ,OAAO,GAAG;AAEnD,QAAI;AACF,YAAM,YAAY,MAAM,GAAG,KAAK,gBAAgB;AAAA,QAC9C,QAAQ;AAAA,QACR,aAAa,QAAQ;AAAA,QACrB,eAAe,QAAQ;AAAA,QACvB,SAAS,QAAQ;AAAA,MACnB,CAAC;AAGD,UACG,OAAO,GAAG,EACV,OAAO,oBAAoB,UAAU,eAAe,EACpD,KAAK;AAAA,QACJ,MAAM;AAAA,QACN,OAAO;AAAA,QACP,QACE;AAAA,QACF,SAAS,UAAU;AAAA,QACnB,UAAU,UAAU;AAAA,QACpB;AAAA,QACA,MAAM;AAAA,QACN,aAAa,QAAQ;AAAA,MACvB,CAAC;AAAA,IACL,SAAS,KAAK;AACZ,WAAK,GAAG;AAAA,IACV;AAAA,EACF;AACF;;;AC/DO,SAAS,mBACd,QAC+C;AAC/C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,QAAQ,OAAO,MAAM,CAAC;AAC5B,QAAM,aAAa,MAAM,YAAY,GAAG;AACxC,MAAI,eAAe,GAAI,QAAO;AAC9B,SAAO;AAAA,IACL,UAAU,MAAM,MAAM,GAAG,UAAU;AAAA,IACnC,UAAU,MAAM,MAAM,aAAa,CAAC;AAAA,EACtC;AACF;AAGO,SAAS,eACd,QAC8C;AAC9C,MAAI,CAAC,OAAO,WAAW,OAAO,EAAG,QAAO;AACxC,QAAM,gBAAgB,OAAO,MAAM,oBAAoB;AACvD,QAAM,eAAe,OAAO,MAAM,mBAAmB;AACrD,MAAI,CAAC,iBAAiB,CAAC,aAAc,QAAO;AAC5C,SAAO,EAAE,UAAU,cAAc,CAAC,GAAG,SAAS,aAAa,CAAC,EAAE;AAChE;AAGO,SAAS,oBACd,UACA,UACQ;AACR,SAAO,QAAQ,QAAQ,IAAI,QAAQ;AACrC;AAGO,SAAS,gBACd,UACA,SACQ;AACR,SAAO,kBAAkB,QAAQ,eAAe,OAAO;AACzD;","names":[]}

package/dist/types-FRMMn5ej.d.cts

@@ -0,0 +1,52 @@
+import { Request } from 'express';
+
+/** Data attached to `req.l402` after successful L402 verification. */
+interface L402RequestData {
+    paymentHash: string;
+    caveats: string[] | null;
+}
+declare global {
+    namespace Express {
+        interface Request {
+            l402?: L402RequestData;
+        }
+    }
+}
+/** Options for the `l402.paywall()` middleware. */
+interface L402PaywallOptions {
+    /** Price in satoshis — fixed number or async function receiving the request. */
+    price: number | ((req: Request) => number | Promise<number>);
+    /** Invoice memo / description. */
+    description?: string;
+    /** Challenge expiry in seconds. */
+    expirySeconds?: number;
+    /** Macaroon caveats to attach. */
+    caveats?: string[];
+}
+/** Options for the `l402.client()` factory. */
+interface L402ClientOptions {
+    /** Max sats to pay for a single request (default: 1000). */
+    maxPrice?: number;
+    /** Total budget in sats for the period. */
+    budgetSats?: number;
+    /** Budget reset period. */
+    budgetPeriod?: "hour" | "day" | "week" | "month";
+    /** Token cache strategy (default: "memory"). */
+    store?: "memory" | "none" | TokenStore;
+}
+/** Pluggable token cache. */
+interface TokenStore {
+    get(url: string): Promise<L402Token | null>;
+    set(url: string, token: L402Token): Promise<void>;
+    delete(url: string): Promise<void>;
+}
+/** A cached L402 credential. */
+interface L402Token {
+    macaroon: string;
+    preimage: string;
+    authorization: string;
+    paidAt: Date;
+    expiresAt?: Date;
+}
+
+export type { L402ClientOptions as L, TokenStore as T, L402PaywallOptions as a, L402RequestData as b, L402Token as c };