@puga-labs/x402-mantle-sdk 0.3.2 → 0.3.3

package/dist/{chunk-GHUWTX7J.js → chunk-CXRILT3C.js}

@@ -1,7 +1,8 @@
 import {
   buildRouteKey,
-  checkPayment
-} from "./chunk-BRGW36P7.js";
+  checkPayment,
+  validateAddress
+} from "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS,
   __export,
@@ -17,6 +18,7 @@ __export(nextjs_exports, {
 import { NextResponse } from "next/server";
 function mantlePaywall(opts) {
   const { priceUsd, payTo, facilitatorUrl, telemetry, onPaymentSettled } = opts;
+  validateAddress(payTo, "payTo");
   const priceUsdCents = Math.round(priceUsd * 100);
   return function(handler) {
     return async (req) => {

package/dist/{chunk-6GLR5EBK.js → chunk-QWQUSRLY.js}

@@ -1,7 +1,8 @@
 import {
   buildRouteKey,
-  checkPayment
-} from "./chunk-BRGW36P7.js";
+  checkPayment,
+  validateAddress
+} from "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS,
   __export,
@@ -23,6 +24,7 @@ function createPaymentMiddleware(config) {
   if (!receiverAddress) {
     throw new Error("receiverAddress is required");
   }
+  validateAddress(receiverAddress, "receiverAddress");
   if (!routes || Object.keys(routes).length === 0) {
     throw new Error("routes config must not be empty");
   }
@@ -68,6 +70,7 @@ function createPaymentMiddleware(config) {
 }
 function mantlePaywall(opts) {
   const { priceUsd, payTo, facilitatorUrl, telemetry, onPaymentSettled } = opts;
+  validateAddress(payTo, "payTo");
   const priceUsdCents = Math.round(priceUsd * 100);
   return async (req, res, next) => {
     const method = (req.method || "GET").toUpperCase();

package/dist/{chunk-BRGW36P7.js → chunk-ZLCKBFVJ.js}

@@ -3,6 +3,31 @@ import {
 } from "./chunk-HEZZ74SI.js";
 
 // src/server/core/utils.ts
+function validateAddress(address, paramName = "address") {
+  if (!address) {
+    throw new Error(`${paramName} is required`);
+  }
+  if (typeof address !== "string") {
+    throw new Error(`${paramName} must be a string, got ${typeof address}`);
+  }
+  if (!address.startsWith("0x")) {
+    const preview = address.length > 10 ? `${address.substring(0, 10)}...` : address;
+    throw new Error(
+      `${paramName} must start with "0x", got: ${preview}`
+    );
+  }
+  if (address.length !== 42) {
+    throw new Error(
+      `${paramName} must be 42 characters (0x + 40 hex), got ${address.length} characters`
+    );
+  }
+  const hexPart = address.slice(2);
+  if (!/^[0-9a-fA-F]{40}$/.test(hexPart)) {
+    throw new Error(
+      `${paramName} must contain only hexadecimal characters (0-9, a-f, A-F) after "0x"`
+    );
+  }
+}
 function decodePaymentHeader(paymentHeaderBase64) {
   try {
     if (typeof Buffer !== "undefined") {
@@ -90,7 +115,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,
@@ -202,6 +227,7 @@ async function checkPayment(input) {
 }
 
 export {
+  validateAddress,
   decodePaymentHeader,
   buildRouteKey,
   DEFAULT_TELEMETRY_ENDPOINT,

package/dist/{chunk-WFUDGBKK.js → chunk-ZROK2XOB.js}

@@ -1,7 +1,8 @@
 import {
   buildRouteKey,
-  checkPayment
-} from "./chunk-BRGW36P7.js";
+  checkPayment,
+  validateAddress
+} from "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS,
   __export,
@@ -16,6 +17,7 @@ __export(web_standards_exports, {
 });
 function mantlePaywall(opts) {
   const { priceUsd, payTo, facilitatorUrl, telemetry, onPaymentSettled } = opts;
+  validateAddress(payTo, "payTo");
   const priceUsdCents = Math.round(priceUsd * 100);
   return function(handler) {
     return async (request) => {

package/dist/index.cjs

@@ -195,7 +195,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,

package/dist/index.js

@@ -10,8 +10,8 @@ import "./chunk-WO2MYZXT.js";
 import {
   createPaymentMiddleware,
   mantlePaywall
-} from "./chunk-PPVS3X5Z.js";
-import "./chunk-U73CZU3X.js";
+} from "./chunk-QWQUSRLY.js";
+import "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS
 } from "./chunk-HEZZ74SI.js";

package/dist/server-express.cjs

@@ -173,7 +173,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,

package/dist/server-express.js

@@ -1,8 +1,8 @@
 import {
   createPaymentMiddleware,
   mantlePaywall
-} from "./chunk-PPVS3X5Z.js";
-import "./chunk-U73CZU3X.js";
+} from "./chunk-QWQUSRLY.js";
+import "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS
 } from "./chunk-HEZZ74SI.js";

package/dist/server-nextjs.cjs

@@ -175,7 +175,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,

package/dist/server-nextjs.js

@@ -1,7 +1,7 @@
 import {
   mantlePaywall
-} from "./chunk-PCJEJYP6.js";
-import "./chunk-U73CZU3X.js";
+} from "./chunk-CXRILT3C.js";
+import "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS
 } from "./chunk-HEZZ74SI.js";

package/dist/server-web.cjs

@@ -172,7 +172,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,

package/dist/server-web.js

@@ -1,7 +1,7 @@
 import {
   mantlePaywall
-} from "./chunk-NQWSCY44.js";
-import "./chunk-U73CZU3X.js";
+} from "./chunk-ZROK2XOB.js";
+import "./chunk-ZLCKBFVJ.js";
 import {
   MANTLE_DEFAULTS
 } from "./chunk-HEZZ74SI.js";

package/dist/server.cjs

@@ -182,7 +182,7 @@ async function checkPayment(input) {
     telemetry,
     onPaymentSettled
   } = input;
-  if (!paymentHeader) {
+  if (!paymentHeader || paymentHeader.trim() === "") {
     return {
       status: "require_payment",
       statusCode: 402,

package/dist/server.js

@@ -3,13 +3,13 @@ import {
   createPaymentMiddleware,
   express_exports,
   mantlePaywall
-} from "./chunk-PPVS3X5Z.js";
+} from "./chunk-QWQUSRLY.js";
 import {
   nextjs_exports
-} from "./chunk-PCJEJYP6.js";
+} from "./chunk-CXRILT3C.js";
 import {
   web_standards_exports
-} from "./chunk-NQWSCY44.js";
+} from "./chunk-ZROK2XOB.js";
 import {
   DEFAULT_TELEMETRY_ENDPOINT,
   buildRouteKey,
@@ -18,7 +18,7 @@ import {
   decodePaymentHeader,
   sendTelemetry,
   validateAddress
-} from "./chunk-U73CZU3X.js";
+} from "./chunk-ZLCKBFVJ.js";
 import "./chunk-HEZZ74SI.js";
 export {
   DEFAULT_TELEMETRY_ENDPOINT,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@puga-labs/x402-mantle-sdk",
-  "version": "0.3.2",
+  "version": "0.3.3",
   "description": "x402 payments SDK for Mantle (USDC, gasless, facilitator-based)",
   "license": "MIT",
   "author": "Evgenii Pugachev <cyprus.pugamuga@gmail.com>",
@@ -108,7 +108,7 @@
   "peerDependencies": {
     "ethers": "^6.0.0",
     "express": "^4.0.0 || ^5.0.0",
-    "next": "^14.0.0 || ^15.0.0",
+    "next": "^14.0.0 || ^15.0.0 || ^16.0.0",
     "react": "^18.0.0 || ^19.0.0"
   },
   "peerDependenciesMeta": {

package/dist/chunk-CTI5CRDY.js

@@ -1,274 +0,0 @@
-import {
-  __require,
-  getChainIdForNetwork
-} from "./chunk-XAQGMFSR.js";
-
-// src/shared/utils.ts
-function encodeJsonToBase64(value) {
-  const json = JSON.stringify(value);
-  if (typeof btoa === "function") {
-    const bytes = new TextEncoder().encode(json);
-    const binString = Array.from(
-      bytes,
-      (byte) => String.fromCodePoint(byte)
-    ).join("");
-    return btoa(binString);
-  }
-  if (typeof globalThis.Buffer !== "undefined") {
-    return globalThis.Buffer.from(json, "utf8").toString("base64");
-  }
-  throw new Error("No base64 implementation found in this environment");
-}
-function randomBytes32Hex() {
-  if (typeof crypto !== "undefined" && "getRandomValues" in crypto) {
-    const arr = new Uint8Array(32);
-    crypto.getRandomValues(arr);
-    return "0x" + Array.from(arr).map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-  try {
-    const nodeCrypto = __require("crypto");
-    const buf = nodeCrypto.randomBytes(32);
-    return "0x" + buf.toString("hex");
-  } catch {
-    throw new Error(
-      "No cryptographically secure random number generator found. This environment does not support crypto.getRandomValues or Node.js crypto module."
-    );
-  }
-}
-
-// src/client/paymentClient.ts
-function joinUrl(base, path) {
-  const normalizedBase = base.replace(/\/+$/, "");
-  const normalizedPath = path.startsWith("/") ? path : `/${path}`;
-  return `${normalizedBase}${normalizedPath}`;
-}
-function buildTypedDataForAuthorization(authorization, paymentRequirements) {
-  const chainId = getChainIdForNetwork(paymentRequirements.network);
-  const verifyingContract = paymentRequirements.asset;
-  const domain = {
-    name: "USD Coin",
-    version: "2",
-    chainId,
-    verifyingContract
-  };
-  const types = {
-    TransferWithAuthorization: [
-      { name: "from", type: "address" },
-      { name: "to", type: "address" },
-      { name: "value", type: "uint256" },
-      { name: "validAfter", type: "uint256" },
-      { name: "validBefore", type: "uint256" },
-      { name: "nonce", type: "bytes32" }
-    ]
-  };
-  return {
-    domain,
-    types,
-    primaryType: "TransferWithAuthorization",
-    message: authorization
-  };
-}
-async function signAuthorizationWithProvider(provider, authorization, paymentRequirements) {
-  const { BrowserProvider } = await import("ethers");
-  const chainId = getChainIdForNetwork(paymentRequirements.network);
-  const browserProvider = new BrowserProvider(provider, chainId);
-  const signer = await browserProvider.getSigner();
-  const from = await signer.getAddress();
-  const authWithFrom = {
-    ...authorization,
-    from
-  };
-  const typedData = buildTypedDataForAuthorization(
-    authWithFrom,
-    paymentRequirements
-  );
-  const signature = await signer.signTypedData(
-    typedData.domain,
-    typedData.types,
-    typedData.message
-  );
-  return { signature, from };
-}
-function createPaymentClient(config) {
-  const {
-    resourceUrl,
-    facilitatorUrl,
-    provider,
-    userAddress: userAddressOverride,
-    projectKey
-  } = config;
-  if (!resourceUrl) {
-    throw new Error("resourceUrl is required");
-  }
-  if (!facilitatorUrl) {
-    throw new Error("facilitatorUrl is required");
-  }
-  if (!provider) {
-    throw new Error("provider is required (e.g. window.ethereum)");
-  }
-  return {
-    async callWithPayment(path, options) {
-      const method = options?.method ?? "GET";
-      const headers = {
-        ...options?.headers ?? {}
-      };
-      let body;
-      if (options?.body !== void 0) {
-        headers["Content-Type"] = headers["Content-Type"] ?? "application/json";
-        body = JSON.stringify(options.body);
-      }
-      const initialUrl = joinUrl(resourceUrl, path);
-      const initialRes = await fetch(initialUrl, {
-        method,
-        headers,
-        body
-      });
-      if (initialRes.status !== 402) {
-        const json = await initialRes.json().catch((err) => {
-          console.error("[x402] Failed to parse initial response JSON:", err);
-          return null;
-        });
-        return {
-          response: json,
-          txHash: void 0
-        };
-      }
-      const bodyJson = await initialRes.json();
-      const paymentRequirements = bodyJson.paymentRequirements;
-      if (!paymentRequirements) {
-        throw new Error(
-          "402 response did not include paymentRequirements field"
-        );
-      }
-      const nowSec = Math.floor(Date.now() / 1e3);
-      const validAfter = "0";
-      const validBefore = String(nowSec + 10 * 60);
-      const nonce = randomBytes32Hex();
-      const valueAtomic = options?.valueOverrideAtomic ?? paymentRequirements.maxAmountRequired;
-      let authorization = {
-        from: "0x0000000000000000000000000000000000000000",
-        to: paymentRequirements.payTo,
-        value: valueAtomic,
-        validAfter,
-        validBefore,
-        nonce
-      };
-      const { signature, from } = await signAuthorizationWithProvider(
-        provider,
-        authorization,
-        paymentRequirements
-      );
-      authorization = {
-        ...authorization,
-        from
-      };
-      if (userAddressOverride && userAddressOverride.toLowerCase() !== from.toLowerCase()) {
-        console.warn(
-          "[SDK WARNING] userAddress override differs from signer address",
-          { override: userAddressOverride, signer: from }
-        );
-      }
-      const paymentHeaderObject = {
-        x402Version: 1,
-        scheme: paymentRequirements.scheme,
-        network: paymentRequirements.network,
-        payload: {
-          signature,
-          authorization
-        }
-      };
-      const paymentHeader = encodeJsonToBase64(paymentHeaderObject);
-      const settleUrl = joinUrl(facilitatorUrl, "/settle");
-      const settleRes = await fetch(settleUrl, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          ...projectKey ? { "X-Project-Key": projectKey } : {}
-        },
-        body: JSON.stringify({
-          x402Version: 1,
-          paymentHeader,
-          paymentRequirements
-        })
-      });
-      if (!settleRes.ok) {
-        const text = await settleRes.text().catch((err) => {
-          console.error("[x402] Failed to read settle response text:", err);
-          return "";
-        });
-        throw new Error(
-          `Facilitator /settle failed with HTTP ${settleRes.status}: ${text}`
-        );
-      }
-      const settleJson = await settleRes.json();
-      if (!settleJson.success) {
-        throw new Error(
-          `Facilitator /settle returned error: ${settleJson.error ?? "unknown error"}`
-        );
-      }
-      const txHash = settleJson.txHash ?? void 0;
-      const retryHeaders = {
-        ...headers,
-        "X-PAYMENT": paymentHeader
-      };
-      const retryRes = await fetch(initialUrl, {
-        method,
-        headers: retryHeaders,
-        body
-      });
-      if (!retryRes.ok) {
-        const text = await retryRes.text().catch((err) => {
-          console.error("[x402] Failed to read retry response text:", err);
-          return "";
-        });
-        throw new Error(
-          `Protected request with X-PAYMENT failed: HTTP ${retryRes.status} ${text}`
-        );
-      }
-      const finalJson = await retryRes.json();
-      return {
-        response: finalJson,
-        txHash,
-        paymentHeader,
-        paymentRequirements
-      };
-    }
-  };
-}
-
-// src/client/createMantleClient.ts
-function createMantleClient(config) {
-  const resourceUrl = config?.resourceUrl ?? (typeof window !== "undefined" ? window.location.origin : "");
-  const facilitatorUrl = config?.facilitatorUrl ?? (typeof process !== "undefined" ? process.env?.NEXT_PUBLIC_FACILITATOR_URL : void 0) ?? "http://localhost:8080";
-  return {
-    async postWithPayment(url, body) {
-      const account = await config?.getAccount?.();
-      if (!account) {
-        throw new Error(
-          "Wallet not connected. Please connect your wallet first."
-        );
-      }
-      const provider = config?.getProvider?.();
-      if (!provider) {
-        throw new Error("Wallet provider not available");
-      }
-      const client = createPaymentClient({
-        resourceUrl,
-        facilitatorUrl,
-        provider,
-        userAddress: account,
-        projectKey: config?.projectKey
-      });
-      const result = await client.callWithPayment(url, {
-        method: "POST",
-        body
-      });
-      return result;
-    }
-  };
-}
-
-export {
-  createPaymentClient,
-  createMantleClient
-};