@mixrpay/merchant-sdk 0.1.0 → 0.2.0

package/dist/index.mjs

@@ -214,7 +214,7 @@ async function parseX402Payment(paymentHeader, chainId = 8453) {
 
 // src/receipt.ts
 import * as jose from "jose";
-var DEFAULT_JWKS_URL = process.env.MIXRPAY_JWKS_URL || "http://localhost:3000/.well-known/jwks";
+var DEFAULT_JWKS_URL = process.env.MIXRPAY_JWKS_URL || "https://mixrpay.com/.well-known/jwks";
 var JWKS_CACHE_TTL_MS = 60 * 60 * 1e3;
 var jwksCache = /* @__PURE__ */ new Map();
 async function getJWKS(jwksUrl) {
@@ -314,7 +314,7 @@ import crypto2 from "crypto";
 var ChargesClient = class {
   constructor(options) {
     this.apiKey = options.apiKey;
-    this.baseUrl = options.baseUrl || process.env.MIXRPAY_BASE_URL || "http://localhost:3000";
+    this.baseUrl = options.baseUrl || process.env.MIXRPAY_BASE_URL || "https://mixrpay.com";
   }
   /**
    * Create a new charge.
@@ -470,7 +470,7 @@ function parseSessionGrant(payload) {
 }
 
 // src/receipt-fetcher.ts
-var DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || "http://localhost:3000";
+var DEFAULT_MIXRPAY_API_URL = process.env.MIXRPAY_BASE_URL || "https://mixrpay.com";
 async function fetchPaymentReceipt(params) {
   const apiUrl = params.apiUrl || DEFAULT_MIXRPAY_API_URL;
   const endpoint = `${apiUrl}/api/v1/receipts`;
@@ -598,6 +598,262 @@ function x402(options) {
     }
   };
 }
+function mixrpay(options) {
+  return async (req, res, next) => {
+    try {
+      const context = {
+        path: req.path,
+        method: req.method,
+        headers: req.headers,
+        body: req.body
+      };
+      if (options.skip) {
+        const shouldSkip = await options.skip(context);
+        if (shouldSkip) {
+          return next();
+        }
+      }
+      const priceUsd = options.getPrice ? await options.getPrice(context) : options.priceUsd;
+      const sessionHeader = req.headers["x-mixr-session"];
+      const widgetHeader = req.headers["x-mixr-payment"];
+      const x402Header = req.headers["x-payment"];
+      let result;
+      if (sessionHeader) {
+        result = await verifySessionPayment(sessionHeader, priceUsd, options, req);
+      } else if (widgetHeader) {
+        result = await verifyWidgetPayment(widgetHeader, priceUsd, options, req);
+      } else if (x402Header) {
+        result = await verifyX402PaymentUnified(x402Header, priceUsd, options, res);
+      } else {
+        return returnPaymentRequired(priceUsd, options, res);
+      }
+      if (!result.valid) {
+        return res.status(402).json({
+          error: "Invalid payment",
+          reason: result.error,
+          method: result.method
+        });
+      }
+      req.mixrPayment = result;
+      if (result.method === "x402" && result.x402Result) {
+        req.x402Payment = result.x402Result;
+      }
+      if (result.txHash) {
+        res.setHeader("X-Payment-TxHash", result.txHash);
+      }
+      if (result.chargeId) {
+        res.setHeader("X-Mixr-Charge-Id", result.chargeId);
+      }
+      if (result.amountUsd !== void 0) {
+        res.setHeader("X-Mixr-Charged", result.amountUsd.toString());
+      }
+      if (options.onPayment) {
+        await options.onPayment(result);
+      }
+      next();
+    } catch (error) {
+      console.error("[mixrpay] Middleware error:", error);
+      return res.status(500).json({
+        error: "Payment processing error",
+        message: error.message
+      });
+    }
+  };
+}
+async function verifySessionPayment(sessionId, priceUsd, options, req) {
+  const baseUrl = options.mixrpayApiUrl || process.env.MIXRPAY_API_URL || "https://mixrpay.com";
+  const secretKey = process.env.MIXRPAY_SECRET_KEY;
+  if (!secretKey) {
+    return {
+      valid: false,
+      method: "session",
+      error: "MIXRPAY_SECRET_KEY not configured"
+    };
+  }
+  try {
+    const response = await fetch(`${baseUrl}/api/v2/charge`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${secretKey}`
+      },
+      body: JSON.stringify({
+        sessionId,
+        amountUsd: priceUsd,
+        feature: options.feature || req.headers["x-mixr-feature"],
+        idempotencyKey: req.headers["x-idempotency-key"]
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        valid: false,
+        method: "session",
+        error: errorData.message || errorData.error || `Charge failed: ${response.status}`,
+        sessionId
+      };
+    }
+    const data = await response.json();
+    return {
+      valid: true,
+      method: "session",
+      payer: data.payer || data.walletAddress,
+      amountUsd: data.amountUsd || priceUsd,
+      txHash: data.txHash,
+      chargeId: data.chargeId,
+      sessionId,
+      feature: options.feature,
+      settledAt: data.settledAt ? new Date(data.settledAt) : /* @__PURE__ */ new Date()
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      method: "session",
+      error: `Session verification failed: ${error.message}`,
+      sessionId
+    };
+  }
+}
+async function verifyWidgetPayment(paymentJwt, priceUsd, options, req) {
+  const baseUrl = options.mixrpayApiUrl || process.env.MIXRPAY_API_URL || "https://mixrpay.com";
+  const secretKey = process.env.MIXRPAY_SECRET_KEY;
+  if (!secretKey) {
+    return {
+      valid: false,
+      method: "widget",
+      error: "MIXRPAY_SECRET_KEY not configured"
+    };
+  }
+  try {
+    const response = await fetch(`${baseUrl}/api/widget/verify`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${secretKey}`
+      },
+      body: JSON.stringify({
+        paymentJwt,
+        expectedAmountUsd: priceUsd,
+        feature: options.feature || req.headers["x-mixr-feature"]
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        valid: false,
+        method: "widget",
+        error: errorData.message || errorData.error || `Widget verification failed: ${response.status}`
+      };
+    }
+    const data = await response.json();
+    return {
+      valid: true,
+      method: "widget",
+      payer: data.payer || data.walletAddress,
+      amountUsd: data.amountUsd || priceUsd,
+      txHash: data.txHash,
+      chargeId: data.chargeId,
+      feature: options.feature,
+      settledAt: data.settledAt ? new Date(data.settledAt) : /* @__PURE__ */ new Date()
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      method: "widget",
+      error: `Widget verification failed: ${error.message}`
+    };
+  }
+}
+async function verifyX402PaymentUnified(paymentHeader, priceUsd, options, res) {
+  const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+  if (!recipient) {
+    return {
+      valid: false,
+      method: "x402",
+      error: "MIXRPAY_MERCHANT_ADDRESS not configured for x402 payments"
+    };
+  }
+  const priceMinor = usdToMinor(priceUsd);
+  const chainId = options.chainId || 8453;
+  const facilitator = options.facilitator || DEFAULT_FACILITATOR;
+  const x402Result = await verifyX402Payment(paymentHeader, {
+    expectedAmount: priceMinor,
+    expectedRecipient: recipient,
+    chainId,
+    facilitator,
+    skipSettlement: options.testMode
+  });
+  if (!x402Result.valid) {
+    return {
+      valid: false,
+      method: "x402",
+      error: x402Result.error,
+      x402Result
+    };
+  }
+  const receiptMode = options.receiptMode || "webhook";
+  if ((receiptMode === "jwt" || receiptMode === "both") && x402Result.txHash && x402Result.payer) {
+    try {
+      const receipt = await fetchPaymentReceipt({
+        txHash: x402Result.txHash,
+        payer: x402Result.payer,
+        recipient,
+        amount: priceMinor,
+        chainId,
+        apiUrl: options.mixrpayApiUrl
+      });
+      if (receipt) {
+        x402Result.receipt = receipt;
+        res.setHeader("X-Payment-Receipt", receipt);
+      }
+    } catch (receiptError) {
+      console.warn("[mixrpay] Failed to fetch JWT receipt:", receiptError);
+    }
+  }
+  return {
+    valid: true,
+    method: "x402",
+    payer: x402Result.payer,
+    amountUsd: x402Result.amount,
+    txHash: x402Result.txHash,
+    receipt: x402Result.receipt,
+    settledAt: x402Result.settledAt,
+    x402Result
+  };
+}
+function returnPaymentRequired(priceUsd, options, res) {
+  const priceMinor = usdToMinor(priceUsd);
+  const recipient = options.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+  const chainId = options.chainId || 8453;
+  const facilitator = options.facilitator || DEFAULT_FACILITATOR;
+  const nonce = generateNonce();
+  const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+  const x402PaymentRequired = recipient ? {
+    recipient,
+    amount: priceMinor.toString(),
+    currency: "USDC",
+    chainId,
+    facilitator,
+    nonce,
+    expiresAt,
+    description: options.description
+  } : null;
+  if (x402PaymentRequired) {
+    res.setHeader("X-Payment-Required", JSON.stringify(x402PaymentRequired));
+    res.setHeader("WWW-Authenticate", `X-402 ${Buffer.from(JSON.stringify(x402PaymentRequired)).toString("base64")}`);
+  }
+  return res.status(402).json({
+    error: "Payment required",
+    priceUsd,
+    acceptedMethods: [
+      { method: "session", header: "X-Mixr-Session", description: "Session authorization ID" },
+      { method: "widget", header: "X-Mixr-Payment", description: "Widget payment JWT" },
+      ...recipient ? [{ method: "x402", header: "X-PAYMENT", description: "x402 protocol payment" }] : []
+    ],
+    x402: x402PaymentRequired,
+    description: options.description
+  });
+}
 
 // src/middleware/nextjs.ts
 import { NextResponse } from "next/server";
@@ -716,6 +972,241 @@ function createPaymentRequired(options) {
     }
   );
 }
+function withMixrPay(config, handler) {
+  return async (req) => {
+    try {
+      const priceUsd = config.getPrice ? await config.getPrice(req) : config.priceUsd;
+      const sessionHeader = req.headers.get("x-mixr-session");
+      const widgetHeader = req.headers.get("x-mixr-payment");
+      const x402Header = req.headers.get("x-payment");
+      let result;
+      if (sessionHeader) {
+        result = await verifySessionPaymentNext(sessionHeader, priceUsd, config, req);
+      } else if (widgetHeader) {
+        result = await verifyWidgetPaymentNext(widgetHeader, priceUsd, config, req);
+      } else if (x402Header) {
+        result = await verifyX402PaymentNext(x402Header, priceUsd, config);
+      } else {
+        return returnPaymentRequiredNext(priceUsd, config);
+      }
+      if (!result.valid) {
+        return NextResponse.json(
+          { error: "Invalid payment", reason: result.error, method: result.method },
+          { status: 402 }
+        );
+      }
+      if (config.onPayment) {
+        await config.onPayment(result, req);
+      }
+      const response = await handler(req, result);
+      if (result.txHash) {
+        response.headers.set("X-Payment-TxHash", result.txHash);
+      }
+      if (result.chargeId) {
+        response.headers.set("X-Mixr-Charge-Id", result.chargeId);
+      }
+      if (result.amountUsd !== void 0) {
+        response.headers.set("X-Mixr-Charged", result.amountUsd.toString());
+      }
+      return response;
+    } catch (error) {
+      console.error("[withMixrPay] Handler error:", error);
+      return NextResponse.json(
+        { error: "Payment processing error" },
+        { status: 500 }
+      );
+    }
+  };
+}
+async function verifySessionPaymentNext(sessionId, priceUsd, config, req) {
+  const baseUrl = config.mixrpayApiUrl || process.env.MIXRPAY_API_URL || "https://mixrpay.com";
+  const secretKey = process.env.MIXRPAY_SECRET_KEY;
+  if (!secretKey) {
+    return { valid: false, method: "session", error: "MIXRPAY_SECRET_KEY not configured" };
+  }
+  try {
+    const response = await fetch(`${baseUrl}/api/v2/charge`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${secretKey}`
+      },
+      body: JSON.stringify({
+        sessionId,
+        amountUsd: priceUsd,
+        feature: config.feature || req.headers.get("x-mixr-feature"),
+        idempotencyKey: req.headers.get("x-idempotency-key")
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        valid: false,
+        method: "session",
+        error: errorData.message || errorData.error || `Charge failed: ${response.status}`,
+        sessionId
+      };
+    }
+    const data = await response.json();
+    return {
+      valid: true,
+      method: "session",
+      payer: data.payer || data.walletAddress,
+      amountUsd: data.amountUsd || priceUsd,
+      txHash: data.txHash,
+      chargeId: data.chargeId,
+      sessionId,
+      feature: config.feature,
+      settledAt: data.settledAt ? new Date(data.settledAt) : /* @__PURE__ */ new Date()
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      method: "session",
+      error: `Session verification failed: ${error.message}`,
+      sessionId
+    };
+  }
+}
+async function verifyWidgetPaymentNext(paymentJwt, priceUsd, config, req) {
+  const baseUrl = config.mixrpayApiUrl || process.env.MIXRPAY_API_URL || "https://mixrpay.com";
+  const secretKey = process.env.MIXRPAY_SECRET_KEY;
+  if (!secretKey) {
+    return { valid: false, method: "widget", error: "MIXRPAY_SECRET_KEY not configured" };
+  }
+  try {
+    const response = await fetch(`${baseUrl}/api/widget/verify`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "Authorization": `Bearer ${secretKey}`
+      },
+      body: JSON.stringify({
+        paymentJwt,
+        expectedAmountUsd: priceUsd,
+        feature: config.feature || req.headers.get("x-mixr-feature")
+      })
+    });
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({}));
+      return {
+        valid: false,
+        method: "widget",
+        error: errorData.message || errorData.error || `Widget verification failed: ${response.status}`
+      };
+    }
+    const data = await response.json();
+    return {
+      valid: true,
+      method: "widget",
+      payer: data.payer || data.walletAddress,
+      amountUsd: data.amountUsd || priceUsd,
+      txHash: data.txHash,
+      chargeId: data.chargeId,
+      feature: config.feature,
+      settledAt: data.settledAt ? new Date(data.settledAt) : /* @__PURE__ */ new Date()
+    };
+  } catch (error) {
+    return {
+      valid: false,
+      method: "widget",
+      error: `Widget verification failed: ${error.message}`
+    };
+  }
+}
+async function verifyX402PaymentNext(paymentHeader, priceUsd, config) {
+  const recipient = config.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+  if (!recipient) {
+    return {
+      valid: false,
+      method: "x402",
+      error: "MIXRPAY_MERCHANT_ADDRESS not configured for x402 payments"
+    };
+  }
+  const priceMinor = usdToMinor(priceUsd);
+  const chainId = config.chainId || 8453;
+  const facilitator = config.facilitator || DEFAULT_FACILITATOR;
+  const x402Result = await verifyX402Payment(paymentHeader, {
+    expectedAmount: priceMinor,
+    expectedRecipient: recipient,
+    chainId,
+    facilitator,
+    skipSettlement: config.testMode
+  });
+  if (!x402Result.valid) {
+    return {
+      valid: false,
+      method: "x402",
+      error: x402Result.error,
+      x402Result
+    };
+  }
+  const receiptMode = config.receiptMode || "webhook";
+  if ((receiptMode === "jwt" || receiptMode === "both") && x402Result.txHash && x402Result.payer) {
+    try {
+      const receipt = await fetchPaymentReceipt({
+        txHash: x402Result.txHash,
+        payer: x402Result.payer,
+        recipient,
+        amount: priceMinor,
+        chainId,
+        apiUrl: config.mixrpayApiUrl
+      });
+      if (receipt) {
+        x402Result.receipt = receipt;
+      }
+    } catch (receiptError) {
+      console.warn("[withMixrPay] Failed to fetch JWT receipt:", receiptError);
+    }
+  }
+  return {
+    valid: true,
+    method: "x402",
+    payer: x402Result.payer,
+    amountUsd: x402Result.amount,
+    txHash: x402Result.txHash,
+    receipt: x402Result.receipt,
+    settledAt: x402Result.settledAt,
+    x402Result
+  };
+}
+function returnPaymentRequiredNext(priceUsd, config) {
+  const priceMinor = usdToMinor(priceUsd);
+  const recipient = config.recipient || process.env.MIXRPAY_MERCHANT_ADDRESS;
+  const chainId = config.chainId || 8453;
+  const facilitator = config.facilitator || DEFAULT_FACILITATOR;
+  const nonce = generateNonce();
+  const expiresAt = Math.floor(Date.now() / 1e3) + 300;
+  const x402PaymentRequired = recipient ? {
+    recipient,
+    amount: priceMinor.toString(),
+    currency: "USDC",
+    chainId,
+    facilitator,
+    nonce,
+    expiresAt,
+    description: config.description
+  } : null;
+  const headers = {};
+  if (x402PaymentRequired) {
+    headers["X-Payment-Required"] = JSON.stringify(x402PaymentRequired);
+    headers["WWW-Authenticate"] = `X-402 ${Buffer.from(JSON.stringify(x402PaymentRequired)).toString("base64")}`;
+  }
+  return NextResponse.json(
+    {
+      error: "Payment required",
+      priceUsd,
+      acceptedMethods: [
+        { method: "session", header: "X-Mixr-Session", description: "Session authorization ID" },
+        { method: "widget", header: "X-Mixr-Payment", description: "Widget payment JWT" },
+        ...recipient ? [{ method: "x402", header: "X-PAYMENT", description: "x402 protocol payment" }] : []
+      ],
+      x402: x402PaymentRequired,
+      description: config.description
+    },
+    { status: 402, headers }
+  );
+}
 
 // src/middleware/fastify.ts
 var x402Plugin = (fastify, options, done) => {
@@ -822,6 +1313,7 @@ export {
   USDC_CONTRACTS,
   clearJWKSCache,
   createPaymentRequired,
+  mixrpay as expressMixrPay,
   x402 as expressX402,
   x4022 as fastifyX402,
   generateNonce,
@@ -837,6 +1329,7 @@ export {
   verifyPaymentReceipt,
   verifySessionWebhook,
   verifyX402Payment,
+  withMixrPay,
   withX402,
   x402Plugin
 };