@puga-labs/x402-mantle-sdk 0.2.1 → 0.3.2

package/dist/index.cjs

@@ -1,7 +1,9 @@
 "use strict";
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -25,6 +35,7 @@ __export(index_exports, {
   createPaymentClient: () => createPaymentClient,
   createPaymentMiddleware: () => createPaymentMiddleware,
   mantlePaywall: () => mantlePaywall,
+  useEthersWallet: () => useEthersWallet,
   useMantleX402: () => useMantleX402
 });
 module.exports = __toCommonJS(index_exports);
@@ -71,6 +82,54 @@ function usdCentsToAtomic(cents, decimals) {
   return BigInt(cents) * base;
 }
 
+// src/server/core/utils.ts
+function validateAddress(address, paramName = "address") {
+  if (!address) {
+    throw new Error(`${paramName} is required`);
+  }
+  if (typeof address !== "string") {
+    throw new Error(`${paramName} must be a string, got ${typeof address}`);
+  }
+  if (!address.startsWith("0x")) {
+    const preview = address.length > 10 ? `${address.substring(0, 10)}...` : address;
+    throw new Error(
+      `${paramName} must start with "0x", got: ${preview}`
+    );
+  }
+  if (address.length !== 42) {
+    throw new Error(
+      `${paramName} must be 42 characters (0x + 40 hex), got ${address.length} characters`
+    );
+  }
+  const hexPart = address.slice(2);
+  if (!/^[0-9a-fA-F]{40}$/.test(hexPart)) {
+    throw new Error(
+      `${paramName} must contain only hexadecimal characters (0-9, a-f, A-F) after "0x"`
+    );
+  }
+}
+function decodePaymentHeader(paymentHeaderBase64) {
+  try {
+    if (typeof Buffer !== "undefined") {
+      const json = Buffer.from(paymentHeaderBase64, "base64").toString("utf8");
+      return JSON.parse(json);
+    }
+    if (typeof atob === "function") {
+      const json = atob(paymentHeaderBase64);
+      return JSON.parse(json);
+    }
+    throw new Error("No base64 decoding available in this environment");
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : "Unknown error";
+    throw new Error(`Failed to decode paymentHeader: ${msg}`);
+  }
+}
+function buildRouteKey(method, path) {
+  const normalizedMethod = (method || "GET").toUpperCase();
+  const normalizedPath = path || "/";
+  return `${normalizedMethod} ${normalizedPath}`;
+}
+
 // src/server/constants.ts
 var DEFAULT_TELEMETRY_ENDPOINT = void 0;
 
@@ -124,28 +183,130 @@ async function sendTelemetry(event, endpoint) {
   }
 }
 
-// src/server/paymentMiddleware.ts
-function getRouteKey(req) {
-  const method = (req.method || "GET").toUpperCase();
-  const path = req.path || "/";
-  return `${method} ${path}`;
-}
-function decodePaymentHeader(paymentHeaderBase64) {
+// src/server/core/verifyPayment.ts
+async function checkPayment(input) {
+  const {
+    paymentHeader,
+    paymentRequirements,
+    facilitatorUrl,
+    routeKey,
+    network,
+    asset,
+    telemetry,
+    onPaymentSettled
+  } = input;
+  if (!paymentHeader) {
+    return {
+      status: "require_payment",
+      statusCode: 402,
+      responseBody: {
+        error: "Payment Required",
+        paymentRequirements,
+        paymentHeader: null
+      },
+      isValid: false
+    };
+  }
   try {
-    if (typeof Buffer !== "undefined") {
-      const json = Buffer.from(paymentHeaderBase64, "base64").toString("utf8");
-      return JSON.parse(json);
+    const verifyUrl = `${facilitatorUrl.replace(/\/+$/, "")}/verify`;
+    const verifyRes = await fetch(verifyUrl, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        x402Version: 1,
+        paymentHeader,
+        paymentRequirements
+      })
+    });
+    if (!verifyRes.ok) {
+      const text = await verifyRes.text().catch(() => "");
+      console.error(
+        "[x402-mantle-sdk] Facilitator /verify returned non-OK:",
+        verifyRes.status,
+        text
+      );
+      return {
+        status: "verification_error",
+        statusCode: 500,
+        responseBody: {
+          error: "Payment verification error",
+          details: `Facilitator responded with HTTP ${verifyRes.status}`
+        },
+        isValid: false
+      };
     }
-    if (typeof atob === "function") {
-      const json = atob(paymentHeaderBase64);
-      return JSON.parse(json);
+    const verifyJson = await verifyRes.json();
+    if (!verifyJson.isValid) {
+      return {
+        status: "invalid_payment",
+        statusCode: 402,
+        responseBody: {
+          error: "Payment verification failed",
+          invalidReason: verifyJson.invalidReason ?? null,
+          paymentRequirements,
+          paymentHeader: null
+        },
+        isValid: false
+      };
     }
-    throw new Error("No base64 decoding available in this environment");
+    if (onPaymentSettled) {
+      try {
+        const headerObj = decodePaymentHeader(paymentHeader);
+        const { authorization } = headerObj.payload;
+        const assetConfig = getDefaultAssetForNetwork(network);
+        const logEntry = {
+          id: authorization.nonce,
+          from: authorization.from,
+          to: authorization.to,
+          valueAtomic: authorization.value,
+          network,
+          asset,
+          route: routeKey,
+          timestamp: Date.now(),
+          facilitatorUrl,
+          paymentRequirements
+        };
+        onPaymentSettled(logEntry);
+        if (telemetry) {
+          const event = createTelemetryEvent(logEntry, telemetry);
+          sendTelemetry(event, telemetry.endpoint).catch(
+            (err) => console.error("[x402-telemetry] Async send failed:", err)
+          );
+        }
+      } catch (err) {
+        console.error(
+          "[x402-mantle-sdk] Error calling onPaymentSettled hook:",
+          err
+        );
+      }
+    }
+    return {
+      status: "verified",
+      statusCode: 200,
+      responseBody: null,
+      isValid: true
+    };
   } catch (err) {
-    const msg = err instanceof Error ? err.message : "Unknown error";
-    throw new Error(`Failed to decode paymentHeader: ${msg}`);
+    console.error(
+      "[x402-mantle-sdk] Error while calling facilitator /verify:",
+      err
+    );
+    const message = err instanceof Error ? err.message : "Unknown verification error";
+    return {
+      status: "verification_error",
+      statusCode: 500,
+      responseBody: {
+        error: "Payment verification error",
+        details: message
+      },
+      isValid: false
+    };
   }
 }
+
+// src/server/adapters/express.ts
 function createPaymentMiddleware(config) {
   const { facilitatorUrl, receiverAddress, routes, onPaymentSettled, telemetry } = config;
   if (!facilitatorUrl) {
@@ -154,11 +315,12 @@ function createPaymentMiddleware(config) {
   if (!receiverAddress) {
     throw new Error("receiverAddress is required");
   }
+  validateAddress(receiverAddress, "receiverAddress");
   if (!routes || Object.keys(routes).length === 0) {
     throw new Error("routes config must not be empty");
   }
   return async function paymentMiddleware(req, res, next) {
-    const routeKey = getRouteKey(req);
+    const routeKey = buildRouteKey(req.method, req.path);
     const routeConfig = routes[routeKey];
     if (!routeConfig) {
       next();
@@ -179,104 +341,29 @@ function createPaymentMiddleware(config) {
       price: `$${(priceUsdCents / 100).toFixed(2)}`,
       currency: "USD"
     };
-    const paymentHeader = req.header("X-PAYMENT") ?? req.header("x-payment");
-    if (!paymentHeader) {
-      res.status(402).json({
-        error: "Payment Required",
-        paymentRequirements,
-        paymentHeader: null
-      });
-      return;
-    }
-    try {
-      const verifyUrl = `${facilitatorUrl.replace(/\/+$/, "")}/verify`;
-      const verifyRes = await fetch(verifyUrl, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json"
-        },
-        body: JSON.stringify({
-          x402Version: 1,
-          paymentHeader,
-          paymentRequirements
-        })
-      });
-      if (!verifyRes.ok) {
-        const text = await verifyRes.text().catch(() => "");
-        console.error(
-          "[x402-mantle-sdk] Facilitator /verify returned non-OK:",
-          verifyRes.status,
-          text
-        );
-        res.status(500).json({
-          error: "Payment verification error",
-          details: `Facilitator responded with HTTP ${verifyRes.status}`
-        });
-        return;
-      }
-      const verifyJson = await verifyRes.json();
-      if (!verifyJson.isValid) {
-        res.status(402).json({
-          error: "Payment verification failed",
-          invalidReason: verifyJson.invalidReason ?? null,
-          paymentRequirements,
-          paymentHeader: null
-        });
-        return;
-      }
-      if (onPaymentSettled) {
-        try {
-          const headerObj = decodePaymentHeader(paymentHeader);
-          const { authorization } = headerObj.payload;
-          const logEntry = {
-            id: authorization.nonce,
-            from: authorization.from,
-            to: authorization.to,
-            valueAtomic: authorization.value,
-            network,
-            asset: assetConfig.address,
-            route: routeKey,
-            timestamp: Date.now(),
-            facilitatorUrl,
-            // Pass from config closure
-            paymentRequirements
-          };
-          onPaymentSettled(logEntry);
-          if (telemetry) {
-            const event = createTelemetryEvent(logEntry, telemetry);
-            sendTelemetry(event, telemetry.endpoint).catch(
-              (err) => console.error("[x402-telemetry] Async send failed:", err)
-            );
-          }
-        } catch (err) {
-          console.error(
-            "[x402-mantle-sdk] Error calling onPaymentSettled hook:",
-            err
-          );
-        }
-      }
-      next();
-      return;
-    } catch (err) {
-      console.error(
-        "[x402-mantle-sdk] Error while calling facilitator /verify:",
-        err
-      );
-      const message = err instanceof Error ? err.message : "Unknown verification error";
-      res.status(500).json({
-        error: "Payment verification error",
-        details: message
-      });
+    const paymentHeader = req.header("X-PAYMENT") || req.header("x-payment") || null;
+    const result = await checkPayment({
+      paymentHeader,
+      paymentRequirements,
+      facilitatorUrl,
+      routeKey,
+      network,
+      asset: assetConfig.address,
+      telemetry,
+      onPaymentSettled
+    });
+    if (!result.isValid) {
+      res.status(result.statusCode).json(result.responseBody);
       return;
     }
+    next();
   };
 }
-
-// src/server/mantlePaywall.ts
 function mantlePaywall(opts) {
   const { priceUsd, payTo, facilitatorUrl, telemetry, onPaymentSettled } = opts;
+  validateAddress(payTo, "payTo");
   const priceUsdCents = Math.round(priceUsd * 100);
-  return (req, res, next) => {
+  return async (req, res, next) => {
     const method = (req.method || "GET").toUpperCase();
     const path = req.path || "/";
     const routeKey = `${method} ${path}`;
@@ -335,19 +422,6 @@ function joinUrl(base, path) {
   const normalizedPath = path.startsWith("/") ? path : `/${path}`;
   return `${normalizedBase}${normalizedPath}`;
 }
-async function getUserAddressFromProvider(provider) {
-  const p = provider;
-  if (!p || typeof p.request !== "function") {
-    throw new Error("provider must implement EIP-1193 request()");
-  }
-  const accounts = await p.request({
-    method: "eth_requestAccounts"
-  });
-  if (!accounts || accounts.length === 0) {
-    throw new Error("No accounts returned from provider");
-  }
-  return accounts[0];
-}
 function buildTypedDataForAuthorization(authorization, paymentRequirements) {
   const chainId = getChainIdForNetwork(paymentRequirements.network);
   const verifyingContract = paymentRequirements.asset;
@@ -374,24 +448,26 @@ function buildTypedDataForAuthorization(authorization, paymentRequirements) {
     message: authorization
   };
 }
-async function signAuthorizationWithProvider(provider, address, authorization, paymentRequirements) {
-  const p = provider;
-  if (!p || typeof p.request !== "function") {
-    throw new Error("provider must implement EIP-1193 request()");
-  }
+async function signAuthorizationWithProvider(provider, authorization, paymentRequirements) {
+  const { BrowserProvider } = await import("ethers");
+  const chainId = getChainIdForNetwork(paymentRequirements.network);
+  const browserProvider = new BrowserProvider(provider, chainId);
+  const signer = await browserProvider.getSigner();
+  const from = await signer.getAddress();
+  const authWithFrom = {
+    ...authorization,
+    from
+  };
   const typedData = buildTypedDataForAuthorization(
-    authorization,
+    authWithFrom,
     paymentRequirements
   );
-  const params = [address, JSON.stringify(typedData)];
-  const signature = await p.request({
-    method: "eth_signTypedData_v4",
-    params
-  });
-  if (typeof signature !== "string" || !signature.startsWith("0x")) {
-    throw new Error("Invalid signature returned from provider");
-  }
-  return signature;
+  const signature = await signer.signTypedData(
+    typedData.domain,
+    typedData.types,
+    typedData.message
+  );
+  return { signature, from };
 }
 function createPaymentClient(config) {
   const {
@@ -434,14 +510,6 @@ function createPaymentClient(config) {
         });
         return {
           response: json,
-          paymentHeader: "",
-          paymentRequirements: {
-            scheme: "exact",
-            network: "mantle-mainnet",
-            asset: "",
-            maxAmountRequired: "0",
-            payTo: ""
-          },
           txHash: void 0
         };
       }
@@ -452,26 +520,34 @@ function createPaymentClient(config) {
           "402 response did not include paymentRequirements field"
         );
       }
-      const fromAddress = userAddressOverride ?? await getUserAddressFromProvider(provider);
       const nowSec = Math.floor(Date.now() / 1e3);
       const validAfter = "0";
       const validBefore = String(nowSec + 10 * 60);
       const nonce = randomBytes32Hex();
       const valueAtomic = options?.valueOverrideAtomic ?? paymentRequirements.maxAmountRequired;
-      const authorization = {
-        from: fromAddress,
+      let authorization = {
+        from: "0x0000000000000000000000000000000000000000",
         to: paymentRequirements.payTo,
         value: valueAtomic,
         validAfter,
         validBefore,
         nonce
       };
-      const signature = await signAuthorizationWithProvider(
+      const { signature, from } = await signAuthorizationWithProvider(
         provider,
-        fromAddress,
         authorization,
         paymentRequirements
       );
+      authorization = {
+        ...authorization,
+        from
+      };
+      if (userAddressOverride && userAddressOverride.toLowerCase() !== from.toLowerCase()) {
+        console.warn(
+          "[SDK WARNING] userAddress override differs from signer address",
+          { override: userAddressOverride, signer: from }
+        );
+      }
       const paymentHeaderObject = {
         x402Version: 1,
         scheme: paymentRequirements.scheme,
@@ -545,7 +621,7 @@ function createMantleClient(config) {
   const resourceUrl = config?.resourceUrl ?? (typeof window !== "undefined" ? window.location.origin : "");
   const facilitatorUrl = config?.facilitatorUrl ?? (typeof process !== "undefined" ? process.env?.NEXT_PUBLIC_FACILITATOR_URL : void 0) ?? "http://localhost:8080";
   return {
-    async post(url, body) {
+    async postWithPayment(url, body) {
       const account = await config?.getAccount?.();
       if (!account) {
         throw new Error(
@@ -567,16 +643,121 @@ function createMantleClient(config) {
         method: "POST",
         body
       });
-      return result.response;
+      return result;
     }
   };
 }
 
+// src/client/react/useEthersWallet.ts
+var import_react = require("react");
+var import_ethers = require("ethers");
+function useEthersWallet(options) {
+  const [address, setAddress] = (0, import_react.useState)(void 0);
+  const [isConnected, setIsConnected] = (0, import_react.useState)(false);
+  const [provider, setProvider] = (0, import_react.useState)(
+    void 0
+  );
+  const [chainId, setChainId] = (0, import_react.useState)(void 0);
+  const [error, setError] = (0, import_react.useState)(void 0);
+  const connect = (0, import_react.useCallback)(async () => {
+    try {
+      setError(void 0);
+      if (typeof window === "undefined" || !window.ethereum) {
+        throw new Error(
+          "No Ethereum wallet detected. Please install MetaMask or another wallet."
+        );
+      }
+      const browserProvider = new import_ethers.ethers.BrowserProvider(
+        window.ethereum
+      );
+      setProvider(browserProvider);
+      const accounts = await window.ethereum.request({
+        method: "eth_requestAccounts"
+      });
+      if (!accounts || accounts.length === 0) {
+        throw new Error("No accounts returned from wallet");
+      }
+      const userAddress = accounts[0];
+      setAddress(userAddress);
+      setIsConnected(true);
+      const network = await browserProvider.getNetwork();
+      setChainId(Number(network.chainId));
+    } catch (err) {
+      const errorObj = err instanceof Error ? err : new Error(String(err));
+      setError(errorObj);
+      setIsConnected(false);
+      setAddress(void 0);
+      setChainId(void 0);
+      throw errorObj;
+    }
+  }, []);
+  const disconnect = (0, import_react.useCallback)(() => {
+    setAddress(void 0);
+    setIsConnected(false);
+    setChainId(void 0);
+    setError(void 0);
+  }, []);
+  (0, import_react.useEffect)(() => {
+    if (typeof window === "undefined" || !window.ethereum) return;
+    const ethereum = window.ethereum;
+    const handleAccountsChanged = (accounts) => {
+      const accountsArray = accounts;
+      if (!accountsArray || accountsArray.length === 0) {
+        disconnect();
+      } else {
+        setAddress(accountsArray[0]);
+        setIsConnected(true);
+      }
+    };
+    if (ethereum.on) {
+      ethereum.on("accountsChanged", handleAccountsChanged);
+    }
+    return () => {
+      if (ethereum.removeListener) {
+        ethereum.removeListener("accountsChanged", handleAccountsChanged);
+      }
+    };
+  }, [disconnect]);
+  (0, import_react.useEffect)(() => {
+    if (typeof window === "undefined" || !window.ethereum) return;
+    const ethereum = window.ethereum;
+    const handleChainChanged = (chainIdHex) => {
+      const newChainId = parseInt(chainIdHex, 16);
+      setChainId(newChainId);
+    };
+    if (ethereum.on) {
+      ethereum.on("chainChanged", handleChainChanged);
+    }
+    return () => {
+      if (ethereum.removeListener) {
+        ethereum.removeListener("chainChanged", handleChainChanged);
+      }
+    };
+  }, []);
+  const shouldAutoConnect = options?.autoConnect !== false;
+  (0, import_react.useEffect)(() => {
+    if (shouldAutoConnect) {
+      connect().catch((err) => {
+        console.warn("[useEthersWallet] Auto-connect failed:", err);
+      });
+    }
+  }, [shouldAutoConnect, connect]);
+  return {
+    address,
+    isConnected,
+    provider,
+    chainId,
+    connect,
+    disconnect,
+    error
+  };
+}
+
 // src/client/react/useMantleX402.ts
-var import_wagmi = require("wagmi");
 function useMantleX402(opts) {
-  const { address, isConnected } = (0, import_wagmi.useAccount)();
-  const { data: walletClient } = (0, import_wagmi.useWalletClient)();
+  const { address, isConnected } = useEthersWallet({
+    autoConnect: opts?.autoConnect ?? false
+  });
   const client = createMantleClient({
     facilitatorUrl: opts?.facilitatorUrl,
     resourceUrl: opts?.resourceUrl,
@@ -585,7 +766,12 @@ function useMantleX402(opts) {
       if (!isConnected || !address) return void 0;
       return address;
     },
-    getProvider: () => walletClient
+    getProvider: () => {
+      if (typeof window !== "undefined" && window.ethereum) {
+        return window.ethereum;
+      }
+      return void 0;
+    }
   });
   return client;
 }
@@ -596,5 +782,6 @@ function useMantleX402(opts) {
   createPaymentClient,
   createPaymentMiddleware,
   mantlePaywall,
+  useEthersWallet,
   useMantleX402
 });