@solvapay/server 1.0.8-preview.7 → 1.0.8-preview.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. package/dist/edge.d.ts +24 -1
  2. package/dist/edge.js +72 -0
  3. package/dist/index.cjs +12 -293
  4. package/dist/index.d.cts +3 -35
  5. package/dist/index.d.ts +3 -35
  6. package/dist/index.js +12 -289
  7. package/package.json +8 -8
  8. package/dist/chunk-R5U7XKVJ.js +0 -16
  9. package/dist/dist-EPVKJAIP.js +0 -94
  10. package/dist/dist-JBJ4HMP7.js +0 -94
  11. package/dist/esm-5GYCIXIY.js +0 -3475
  12. package/dist/esm-UW7WCMEK.js +0 -3475
  13. package/dist/src/adapters/base.d.ts +0 -57
  14. package/dist/src/adapters/base.d.ts.map +0 -1
  15. package/dist/src/adapters/base.js +0 -73
  16. package/dist/src/adapters/base.js.map +0 -1
  17. package/dist/src/adapters/http.d.ts +0 -25
  18. package/dist/src/adapters/http.d.ts.map +0 -1
  19. package/dist/src/adapters/http.js +0 -99
  20. package/dist/src/adapters/http.js.map +0 -1
  21. package/dist/src/adapters/index.d.ts +0 -11
  22. package/dist/src/adapters/index.d.ts.map +0 -1
  23. package/dist/src/adapters/index.js +0 -10
  24. package/dist/src/adapters/index.js.map +0 -1
  25. package/dist/src/adapters/mcp.d.ts +0 -24
  26. package/dist/src/adapters/mcp.d.ts.map +0 -1
  27. package/dist/src/adapters/mcp.js +0 -75
  28. package/dist/src/adapters/mcp.js.map +0 -1
  29. package/dist/src/adapters/next.d.ts +0 -24
  30. package/dist/src/adapters/next.d.ts.map +0 -1
  31. package/dist/src/adapters/next.js +0 -109
  32. package/dist/src/adapters/next.js.map +0 -1
  33. package/dist/src/client.d.ts +0 -58
  34. package/dist/src/client.d.ts.map +0 -1
  35. package/dist/src/client.js +0 -495
  36. package/dist/src/client.js.map +0 -1
  37. package/dist/src/edge.d.ts +0 -22
  38. package/dist/src/edge.d.ts.map +0 -1
  39. package/dist/src/edge.js +0 -91
  40. package/dist/src/edge.js.map +0 -1
  41. package/dist/src/factory.d.ts +0 -605
  42. package/dist/src/factory.d.ts.map +0 -1
  43. package/dist/src/factory.js +0 -215
  44. package/dist/src/factory.js.map +0 -1
  45. package/dist/src/helpers/auth.d.ts +0 -47
  46. package/dist/src/helpers/auth.d.ts.map +0 -1
  47. package/dist/src/helpers/auth.js +0 -73
  48. package/dist/src/helpers/auth.js.map +0 -1
  49. package/dist/src/helpers/checkout.d.ts +0 -45
  50. package/dist/src/helpers/checkout.d.ts.map +0 -1
  51. package/dist/src/helpers/checkout.js +0 -89
  52. package/dist/src/helpers/checkout.js.map +0 -1
  53. package/dist/src/helpers/customer.d.ts +0 -51
  54. package/dist/src/helpers/customer.d.ts.map +0 -1
  55. package/dist/src/helpers/customer.js +0 -77
  56. package/dist/src/helpers/customer.js.map +0 -1
  57. package/dist/src/helpers/error.d.ts +0 -15
  58. package/dist/src/helpers/error.d.ts.map +0 -1
  59. package/dist/src/helpers/error.js +0 -35
  60. package/dist/src/helpers/error.js.map +0 -1
  61. package/dist/src/helpers/index.d.ts +0 -17
  62. package/dist/src/helpers/index.d.ts.map +0 -1
  63. package/dist/src/helpers/index.js +0 -23
  64. package/dist/src/helpers/index.js.map +0 -1
  65. package/dist/src/helpers/payment.d.ts +0 -107
  66. package/dist/src/helpers/payment.d.ts.map +0 -1
  67. package/dist/src/helpers/payment.js +0 -150
  68. package/dist/src/helpers/payment.js.map +0 -1
  69. package/dist/src/helpers/plans.d.ts +0 -19
  70. package/dist/src/helpers/plans.d.ts.map +0 -1
  71. package/dist/src/helpers/plans.js +0 -53
  72. package/dist/src/helpers/plans.js.map +0 -1
  73. package/dist/src/helpers/renewal.d.ts +0 -23
  74. package/dist/src/helpers/renewal.d.ts.map +0 -1
  75. package/dist/src/helpers/renewal.js +0 -90
  76. package/dist/src/helpers/renewal.js.map +0 -1
  77. package/dist/src/helpers/subscription.d.ts +0 -23
  78. package/dist/src/helpers/subscription.d.ts.map +0 -1
  79. package/dist/src/helpers/subscription.js +0 -101
  80. package/dist/src/helpers/subscription.js.map +0 -1
  81. package/dist/src/helpers/types.d.ts +0 -22
  82. package/dist/src/helpers/types.d.ts.map +0 -1
  83. package/dist/src/helpers/types.js +0 -7
  84. package/dist/src/helpers/types.js.map +0 -1
  85. package/dist/src/index.d.ts +0 -73
  86. package/dist/src/index.d.ts.map +0 -1
  87. package/dist/src/index.js +0 -106
  88. package/dist/src/index.js.map +0 -1
  89. package/dist/src/mcp/auth-bridge.d.ts +0 -9
  90. package/dist/src/mcp/auth-bridge.d.ts.map +0 -1
  91. package/dist/src/mcp/auth-bridge.js +0 -46
  92. package/dist/src/mcp/auth-bridge.js.map +0 -1
  93. package/dist/src/mcp/oauth-bridge.d.ts +0 -48
  94. package/dist/src/mcp/oauth-bridge.d.ts.map +0 -1
  95. package/dist/src/mcp/oauth-bridge.js +0 -110
  96. package/dist/src/mcp/oauth-bridge.js.map +0 -1
  97. package/dist/src/mcp-auth.d.ts +0 -17
  98. package/dist/src/mcp-auth.d.ts.map +0 -1
  99. package/dist/src/mcp-auth.js +0 -57
  100. package/dist/src/mcp-auth.js.map +0 -1
  101. package/dist/src/paywall.d.ts +0 -119
  102. package/dist/src/paywall.d.ts.map +0 -1
  103. package/dist/src/paywall.js +0 -700
  104. package/dist/src/paywall.js.map +0 -1
  105. package/dist/src/register-virtual-tools-mcp.d.ts +0 -23
  106. package/dist/src/register-virtual-tools-mcp.d.ts.map +0 -1
  107. package/dist/src/register-virtual-tools-mcp.js +0 -86
  108. package/dist/src/register-virtual-tools-mcp.js.map +0 -1
  109. package/dist/src/types/client.d.ts +0 -216
  110. package/dist/src/types/client.d.ts.map +0 -1
  111. package/dist/src/types/client.js +0 -7
  112. package/dist/src/types/client.js.map +0 -1
  113. package/dist/src/types/generated.d.ts +0 -2834
  114. package/dist/src/types/generated.d.ts.map +0 -1
  115. package/dist/src/types/generated.js +0 -6
  116. package/dist/src/types/generated.js.map +0 -1
  117. package/dist/src/types/index.d.ts +0 -13
  118. package/dist/src/types/index.d.ts.map +0 -1
  119. package/dist/src/types/index.js +0 -8
  120. package/dist/src/types/index.js.map +0 -1
  121. package/dist/src/types/options.d.ts +0 -126
  122. package/dist/src/types/options.d.ts.map +0 -1
  123. package/dist/src/types/options.js +0 -8
  124. package/dist/src/types/options.js.map +0 -1
  125. package/dist/src/types/paywall.d.ts +0 -64
  126. package/dist/src/types/paywall.d.ts.map +0 -1
  127. package/dist/src/types/paywall.js +0 -7
  128. package/dist/src/types/paywall.js.map +0 -1
  129. package/dist/src/types/webhook.d.ts +0 -50
  130. package/dist/src/types/webhook.d.ts.map +0 -1
  131. package/dist/src/types/webhook.js +0 -2
  132. package/dist/src/types/webhook.js.map +0 -1
  133. package/dist/src/utils.d.ts +0 -110
  134. package/dist/src/utils.d.ts.map +0 -1
  135. package/dist/src/utils.js +0 -217
  136. package/dist/src/utils.js.map +0 -1
  137. package/dist/src/virtual-tools.d.ts +0 -44
  138. package/dist/src/virtual-tools.d.ts.map +0 -1
  139. package/dist/src/virtual-tools.js +0 -140
  140. package/dist/src/virtual-tools.js.map +0 -1
  141. package/dist/tsconfig.tsbuildinfo +0 -1
package/dist/edge.d.ts CHANGED
@@ -4064,6 +4064,29 @@ declare function listPlansCore(request: Request, options?: {
4064
4064
  productRef: string;
4065
4065
  } | ErrorResult>;
4066
4066
 
4067
+ /**
4068
+ * Merchant Helper (Core)
4069
+ *
4070
+ * Generic helper for GET /api/merchant — returns the SDK-facing merchant
4071
+ * identity used by `<MandateText>`, `<CheckoutSummary>`, and trust signals.
4072
+ * Works with standard Web API Request (Express, Fastify, Next.js, Edge).
4073
+ */
4074
+
4075
+ declare function getMerchantCore(_request: Request, options?: {
4076
+ solvaPay?: SolvaPay;
4077
+ }): Promise<SdkMerchantResponse | ErrorResult>;
4078
+
4079
+ /**
4080
+ * Product Helper (Core)
4081
+ *
4082
+ * Generic helper for GET /api/get-product?productRef=...
4083
+ * Returns a single product by reference, used by the `useProduct` React hook.
4084
+ */
4085
+
4086
+ declare function getProductCore(request: Request, options?: {
4087
+ solvaPay?: SolvaPay;
4088
+ }): Promise<SdkProductResponse | ErrorResult>;
4089
+
4067
4090
  interface PurchaseCheckResult {
4068
4091
  customerRef: string;
4069
4092
  email?: string;
@@ -4120,4 +4143,4 @@ declare function verifyWebhook({ body, signature, secret, }: {
4120
4143
  secret: string;
4121
4144
  }): Promise<WebhookEvent>;
4122
4145
 
4123
- export { type AuthenticatedUser, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, type NextAdapterOptions, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type PurchaseCheckResult, type RetryOptions, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, cancelPurchaseCore, checkPurchaseCore, createCheckoutSessionCore, createCustomerSessionCore, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, getAuthenticatedUserCore, getCustomerBalanceCore, handleRouteError, isErrorResult, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };
4146
+ export { type AuthenticatedUser, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, type NextAdapterOptions, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type PurchaseCheckResult, type RetryOptions, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, cancelPurchaseCore, checkPurchaseCore, createCheckoutSessionCore, createCustomerSessionCore, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, getAuthenticatedUserCore, getCustomerBalanceCore, getMerchantCore, getProductCore, handleRouteError, isErrorResult, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };
package/dist/edge.js CHANGED
@@ -2212,6 +2212,76 @@ async function listPlansCore(request, options = {}) {
2212
2212
  }
2213
2213
  }
2214
2214
 
2215
+ // src/helpers/merchant.ts
2216
+ import { getSolvaPayConfig as getSolvaPayConfig3 } from "@solvapay/core";
2217
+ async function getMerchantCore(_request, options = {}) {
2218
+ try {
2219
+ const apiClient = options.solvaPay?.apiClient ?? (() => {
2220
+ const config = getSolvaPayConfig3();
2221
+ if (!config.apiKey) return null;
2222
+ return createSolvaPayClient({
2223
+ apiKey: config.apiKey,
2224
+ apiBaseUrl: config.apiBaseUrl
2225
+ });
2226
+ })();
2227
+ if (!apiClient) {
2228
+ return {
2229
+ error: "Server configuration error: SolvaPay secret key not configured",
2230
+ status: 500
2231
+ };
2232
+ }
2233
+ if (!apiClient.getMerchant) {
2234
+ return {
2235
+ error: "Get merchant method not available",
2236
+ status: 500
2237
+ };
2238
+ }
2239
+ const merchant = await apiClient.getMerchant();
2240
+ return merchant;
2241
+ } catch (error) {
2242
+ return handleRouteError(error, "Get merchant", "Failed to fetch merchant");
2243
+ }
2244
+ }
2245
+
2246
+ // src/helpers/product.ts
2247
+ import { getSolvaPayConfig as getSolvaPayConfig4 } from "@solvapay/core";
2248
+ async function getProductCore(request, options = {}) {
2249
+ try {
2250
+ const url = new URL(request.url);
2251
+ const productRef = url.searchParams.get("productRef");
2252
+ if (!productRef) {
2253
+ return {
2254
+ error: "Missing required parameter: productRef",
2255
+ status: 400
2256
+ };
2257
+ }
2258
+ const apiClient = options.solvaPay?.apiClient ?? (() => {
2259
+ const config = getSolvaPayConfig4();
2260
+ if (!config.apiKey) return null;
2261
+ return createSolvaPayClient({
2262
+ apiKey: config.apiKey,
2263
+ apiBaseUrl: config.apiBaseUrl
2264
+ });
2265
+ })();
2266
+ if (!apiClient) {
2267
+ return {
2268
+ error: "Server configuration error: SolvaPay secret key not configured",
2269
+ status: 500
2270
+ };
2271
+ }
2272
+ if (!apiClient.getProduct) {
2273
+ return {
2274
+ error: "Get product method not available",
2275
+ status: 500
2276
+ };
2277
+ }
2278
+ const product = await apiClient.getProduct(productRef);
2279
+ return product;
2280
+ } catch (error) {
2281
+ return handleRouteError(error, "Get product", "Failed to fetch product");
2282
+ }
2283
+ }
2284
+
2215
2285
  // src/helpers/purchase.ts
2216
2286
  async function checkPurchaseCore(request, options = {}) {
2217
2287
  try {
@@ -2360,6 +2430,8 @@ export {
2360
2430
  createTopupPaymentIntentCore,
2361
2431
  getAuthenticatedUserCore,
2362
2432
  getCustomerBalanceCore,
2433
+ getMerchantCore,
2434
+ getProductCore,
2363
2435
  handleRouteError,
2364
2436
  isErrorResult,
2365
2437
  listPlansCore,
package/dist/index.cjs CHANGED
@@ -4321,10 +4321,6 @@ __export(index_exports, {
4321
4321
  createCheckoutSessionCore: () => createCheckoutSessionCore,
4322
4322
  createCustomerSessionCore: () => createCustomerSessionCore,
4323
4323
  createMcpOAuthBridge: () => createMcpOAuthBridge,
4324
- createOAuthAuthorizeHandler: () => createOAuthAuthorizeHandler,
4325
- createOAuthRegisterHandler: () => createOAuthRegisterHandler,
4326
- createOAuthRevokeHandler: () => createOAuthRevokeHandler,
4327
- createOAuthTokenHandler: () => createOAuthTokenHandler,
4328
4324
  createPaymentIntentCore: () => createPaymentIntentCore,
4329
4325
  createSolvaPay: () => createSolvaPay,
4330
4326
  createSolvaPayClient: () => createSolvaPayClient,
@@ -6179,31 +6175,15 @@ function buildAuthInfoFromBearer(authorization, options = {}) {
6179
6175
  }
6180
6176
 
6181
6177
  // src/mcp/oauth-bridge.ts
6182
- var DEFAULT_OAUTH_PATHS = {
6183
- register: "/oauth/register",
6184
- authorize: "/oauth/authorize",
6185
- token: "/oauth/token",
6186
- revoke: "/oauth/revoke"
6187
- };
6188
- var NATIVE_CLIENT_ORIGIN_SCHEMES = ["cursor:", "vscode:", "vscode-webview:", "claude:"];
6189
6178
  function withoutTrailingSlash(value) {
6190
6179
  return value.replace(/\/$/, "");
6191
6180
  }
6192
- function resolvePaths(paths = {}) {
6193
- return { ...DEFAULT_OAUTH_PATHS, ...paths };
6194
- }
6195
6181
  function getRequestAuthHeader(req) {
6196
6182
  const header = req.headers?.authorization;
6197
6183
  if (typeof header === "string") return header;
6198
6184
  if (Array.isArray(header)) return header[0] || null;
6199
6185
  return null;
6200
6186
  }
6201
- function getHeader(req, name) {
6202
- const header = req.headers?.[name.toLowerCase()];
6203
- if (typeof header === "string") return header;
6204
- if (Array.isArray(header)) return header[0] || null;
6205
- return null;
6206
- }
6207
6187
  function getRequestJsonRpcId(body) {
6208
6188
  if (body && typeof body === "object" && "id" in body) {
6209
6189
  const id = body.id;
@@ -6227,100 +6207,6 @@ function setMcpChallengeHeader(res, publicBaseUrl, protectedResourcePath) {
6227
6207
  `Bearer resource_metadata="${withoutTrailingSlash(publicBaseUrl)}${protectedResourcePath}"`
6228
6208
  );
6229
6209
  }
6230
- function getRequestQuery(req) {
6231
- const raw = req.url ?? req.path ?? "";
6232
- const qIndex = raw.indexOf("?");
6233
- return qIndex === -1 ? "" : raw.slice(qIndex);
6234
- }
6235
- function isNativeClientOrigin(origin) {
6236
- try {
6237
- const url = new URL(origin);
6238
- return NATIVE_CLIENT_ORIGIN_SCHEMES.includes(
6239
- url.protocol
6240
- );
6241
- } catch {
6242
- return false;
6243
- }
6244
- }
6245
- function applyCorsHeaders(req, res) {
6246
- const origin = getHeader(req, "origin");
6247
- if (!origin) return;
6248
- if (isNativeClientOrigin(origin)) {
6249
- res.setHeader("Access-Control-Allow-Origin", origin);
6250
- res.setHeader("Vary", "Origin");
6251
- }
6252
- }
6253
- function handlePreflight(req, res) {
6254
- applyCorsHeaders(req, res);
6255
- const requestedMethod = getHeader(req, "access-control-request-method") ?? "POST";
6256
- const requestedHeaders = getHeader(req, "access-control-request-headers") ?? "authorization, content-type";
6257
- res.setHeader("Access-Control-Allow-Methods", `${requestedMethod}, OPTIONS`);
6258
- res.setHeader("Access-Control-Allow-Headers", requestedHeaders);
6259
- res.setHeader("Access-Control-Max-Age", "600");
6260
- res.status(204);
6261
- if (typeof res.end === "function") {
6262
- res.end();
6263
- } else {
6264
- res.json({});
6265
- }
6266
- }
6267
- async function readJsonFromResponse(upstream) {
6268
- const text = await upstream.text();
6269
- if (!text) return { body: {}, text: "" };
6270
- try {
6271
- return { body: JSON.parse(text), text };
6272
- } catch {
6273
- return { body: text, text };
6274
- }
6275
- }
6276
- async function relayJsonResponse(upstream, res) {
6277
- const { body, text } = await readJsonFromResponse(upstream);
6278
- res.status(upstream.status);
6279
- const contentType = upstream.headers.get("content-type");
6280
- if (contentType) res.setHeader("Content-Type", contentType);
6281
- if (text === "" && upstream.status === 204) {
6282
- if (typeof res.end === "function") {
6283
- res.end();
6284
- return;
6285
- }
6286
- }
6287
- res.json(body);
6288
- }
6289
- function sendUpstreamError(res, _error) {
6290
- res.status(502);
6291
- res.setHeader("Content-Type", "application/json");
6292
- res.json({ error: "upstream_unreachable" });
6293
- }
6294
- function serializeRegisterBody(body) {
6295
- if (typeof body === "string") return body;
6296
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
6297
- return JSON.stringify(body ?? {});
6298
- }
6299
- function serializeFormBody(body) {
6300
- if (typeof body === "string") return body;
6301
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
6302
- if (body && typeof body === "object") {
6303
- const params = new URLSearchParams();
6304
- for (const [key, value] of Object.entries(body)) {
6305
- if (value === void 0 || value === null) continue;
6306
- if (Array.isArray(value)) {
6307
- for (const entry of value) params.append(key, String(entry));
6308
- } else {
6309
- params.append(key, String(value));
6310
- }
6311
- }
6312
- return params.toString();
6313
- }
6314
- return "";
6315
- }
6316
- function serializeRequestBody(contentType, body) {
6317
- if (contentType && contentType.includes("application/x-www-form-urlencoded")) {
6318
- return serializeFormBody(body);
6319
- }
6320
- if (typeof body === "string") return body;
6321
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
6322
- return JSON.stringify(body ?? {});
6323
- }
6324
6210
  function getOAuthProtectedResourceResponse(publicBaseUrl) {
6325
6211
  const resource = withoutTrailingSlash(publicBaseUrl);
6326
6212
  return {
@@ -6330,17 +6216,16 @@ function getOAuthProtectedResourceResponse(publicBaseUrl) {
6330
6216
  };
6331
6217
  }
6332
6218
  function getOAuthAuthorizationServerResponse({
6333
- publicBaseUrl,
6334
- paths
6219
+ apiBaseUrl,
6220
+ productRef
6335
6221
  }) {
6336
- const base = withoutTrailingSlash(publicBaseUrl);
6337
- const p = resolvePaths(paths);
6222
+ const normalizedApiBaseUrl = withoutTrailingSlash(apiBaseUrl);
6223
+ const registrationEndpoint = `${normalizedApiBaseUrl}/v1/customer/auth/register?product_ref=${encodeURIComponent(productRef)}`;
6338
6224
  return {
6339
- issuer: base,
6340
- authorization_endpoint: `${base}${p.authorize}`,
6341
- token_endpoint: `${base}${p.token}`,
6342
- registration_endpoint: `${base}${p.register}`,
6343
- revocation_endpoint: `${base}${p.revoke}`,
6225
+ issuer: normalizedApiBaseUrl,
6226
+ authorization_endpoint: `${normalizedApiBaseUrl}/v1/customer/auth/authorize`,
6227
+ token_endpoint: `${normalizedApiBaseUrl}/v1/customer/auth/token`,
6228
+ registration_endpoint: registrationEndpoint,
6344
6229
  token_endpoint_auth_methods_supported: ["client_secret_basic", "client_secret_post"],
6345
6230
  response_types_supported: ["code"],
6346
6231
  grant_types_supported: ["authorization_code", "refresh_token"],
@@ -6348,134 +6233,6 @@ function getOAuthAuthorizationServerResponse({
6348
6233
  code_challenge_methods_supported: ["S256"]
6349
6234
  };
6350
6235
  }
6351
- function createOAuthRegisterHandler(options) {
6352
- const path = options.path ?? DEFAULT_OAUTH_PATHS.register;
6353
- const api = withoutTrailingSlash(options.apiBaseUrl);
6354
- const upstream = `${api}/v1/customer/auth/register?product_ref=${encodeURIComponent(options.productRef)}`;
6355
- return async (req, res, next) => {
6356
- if (req.path !== path) {
6357
- next();
6358
- return;
6359
- }
6360
- if (req.method === "OPTIONS") {
6361
- handlePreflight(req, res);
6362
- return;
6363
- }
6364
- if (req.method !== "POST") {
6365
- next();
6366
- return;
6367
- }
6368
- try {
6369
- const response = await fetch(upstream, {
6370
- method: "POST",
6371
- headers: { "content-type": "application/json" },
6372
- body: serializeRegisterBody(req.body)
6373
- });
6374
- applyCorsHeaders(req, res);
6375
- await relayJsonResponse(response, res);
6376
- } catch (error) {
6377
- applyCorsHeaders(req, res);
6378
- sendUpstreamError(res, error);
6379
- }
6380
- };
6381
- }
6382
- function createOAuthAuthorizeHandler(options) {
6383
- const path = options.path ?? DEFAULT_OAUTH_PATHS.authorize;
6384
- const api = withoutTrailingSlash(options.apiBaseUrl);
6385
- return (req, res, next) => {
6386
- if (req.path !== path) {
6387
- next();
6388
- return;
6389
- }
6390
- if (req.method === "OPTIONS") {
6391
- handlePreflight(req, res);
6392
- return;
6393
- }
6394
- if (req.method !== "GET") {
6395
- next();
6396
- return;
6397
- }
6398
- const query = getRequestQuery(req);
6399
- const location = `${api}/v1/customer/auth/authorize${query}`;
6400
- res.setHeader("Location", location);
6401
- res.status(302);
6402
- if (typeof res.end === "function") {
6403
- res.end();
6404
- return;
6405
- }
6406
- res.json({});
6407
- };
6408
- }
6409
- function createOAuthTokenHandler(options) {
6410
- const path = options.path ?? DEFAULT_OAUTH_PATHS.token;
6411
- const api = withoutTrailingSlash(options.apiBaseUrl);
6412
- const upstream = `${api}/v1/customer/auth/token`;
6413
- return async (req, res, next) => {
6414
- if (req.path !== path) {
6415
- next();
6416
- return;
6417
- }
6418
- if (req.method === "OPTIONS") {
6419
- handlePreflight(req, res);
6420
- return;
6421
- }
6422
- if (req.method !== "POST") {
6423
- next();
6424
- return;
6425
- }
6426
- const contentType = getHeader(req, "content-type") ?? "application/x-www-form-urlencoded";
6427
- const authorization = getHeader(req, "authorization");
6428
- const headers = { "content-type": contentType };
6429
- if (authorization) headers["authorization"] = authorization;
6430
- try {
6431
- const response = await fetch(upstream, {
6432
- method: "POST",
6433
- headers,
6434
- body: serializeRequestBody(contentType, req.body)
6435
- });
6436
- applyCorsHeaders(req, res);
6437
- await relayJsonResponse(response, res);
6438
- } catch (error) {
6439
- applyCorsHeaders(req, res);
6440
- sendUpstreamError(res, error);
6441
- }
6442
- };
6443
- }
6444
- function createOAuthRevokeHandler(options) {
6445
- const path = options.path ?? DEFAULT_OAUTH_PATHS.revoke;
6446
- const api = withoutTrailingSlash(options.apiBaseUrl);
6447
- const upstream = `${api}/v1/customer/auth/revoke`;
6448
- return async (req, res, next) => {
6449
- if (req.path !== path) {
6450
- next();
6451
- return;
6452
- }
6453
- if (req.method === "OPTIONS") {
6454
- handlePreflight(req, res);
6455
- return;
6456
- }
6457
- if (req.method !== "POST") {
6458
- next();
6459
- return;
6460
- }
6461
- const contentType = getHeader(req, "content-type") ?? "application/x-www-form-urlencoded";
6462
- const authorization = getHeader(req, "authorization");
6463
- const headers = { "content-type": contentType };
6464
- if (authorization) headers["authorization"] = authorization;
6465
- try {
6466
- const response = await fetch(upstream, {
6467
- method: "POST",
6468
- headers,
6469
- body: serializeRequestBody(contentType, req.body)
6470
- });
6471
- applyCorsHeaders(req, res);
6472
- await relayJsonResponse(response, res);
6473
- } catch (error) {
6474
- applyCorsHeaders(req, res);
6475
- sendUpstreamError(res, error);
6476
- }
6477
- };
6478
- }
6479
6236
  function createMcpOAuthBridge(options) {
6480
6237
  const {
6481
6238
  publicBaseUrl,
@@ -6485,10 +6242,8 @@ function createMcpOAuthBridge(options) {
6485
6242
  requireAuth = true,
6486
6243
  authInfo,
6487
6244
  protectedResourcePath = "/.well-known/oauth-protected-resource",
6488
- authorizationServerPath = "/.well-known/oauth-authorization-server",
6489
- oauthPaths
6245
+ authorizationServerPath = "/.well-known/oauth-authorization-server"
6490
6246
  } = options;
6491
- const paths = resolvePaths(oauthPaths);
6492
6247
  const protectedResourceMiddleware = (req, res, next) => {
6493
6248
  if (req.method !== "GET" || req.path !== protectedResourcePath) {
6494
6249
  next();
@@ -6507,38 +6262,16 @@ function createMcpOAuthBridge(options) {
6507
6262
  }
6508
6263
  res.json(
6509
6264
  getOAuthAuthorizationServerResponse({
6510
- publicBaseUrl,
6511
- paths
6265
+ apiBaseUrl,
6266
+ productRef
6512
6267
  })
6513
6268
  );
6514
6269
  };
6515
- const registerMiddleware = createOAuthRegisterHandler({
6516
- apiBaseUrl,
6517
- productRef,
6518
- path: paths.register
6519
- });
6520
- const authorizeMiddleware = createOAuthAuthorizeHandler({
6521
- apiBaseUrl,
6522
- path: paths.authorize
6523
- });
6524
- const tokenMiddleware = createOAuthTokenHandler({ apiBaseUrl, path: paths.token });
6525
- const revokeMiddleware = createOAuthRevokeHandler({ apiBaseUrl, path: paths.revoke });
6526
6270
  const mcpAuthMiddleware = (req, res, next) => {
6527
6271
  if (req.path !== mcpPath) {
6528
6272
  next();
6529
6273
  return;
6530
6274
  }
6531
- if (req.method && req.method !== "POST" && req.method !== "OPTIONS") {
6532
- applyCorsHeaders(req, res);
6533
- res.setHeader("Allow", "POST, OPTIONS");
6534
- res.status(405);
6535
- if (typeof res.end === "function") {
6536
- res.end();
6537
- } else {
6538
- res.json({ error: "method_not_allowed" });
6539
- }
6540
- return;
6541
- }
6542
6275
  const authHeader = getRequestAuthHeader(req);
6543
6276
  const id = getRequestJsonRpcId(req.body);
6544
6277
  if (!authHeader && !requireAuth) {
@@ -6553,8 +6286,6 @@ function createMcpOAuthBridge(options) {
6553
6286
  req.auth = auth;
6554
6287
  next();
6555
6288
  } catch {
6556
- applyCorsHeaders(req, res);
6557
- res.setHeader("Access-Control-Expose-Headers", "WWW-Authenticate, Mcp-Session-Id");
6558
6289
  setMcpChallengeHeader(res, publicBaseUrl, protectedResourcePath);
6559
6290
  if (req.method === "POST") {
6560
6291
  res.status(401).json(makeUnauthorizedJsonRpc(id));
@@ -6563,15 +6294,7 @@ function createMcpOAuthBridge(options) {
6563
6294
  res.status(401).json({ error: "Unauthorized" });
6564
6295
  }
6565
6296
  };
6566
- return [
6567
- protectedResourceMiddleware,
6568
- authorizationServerMiddleware,
6569
- registerMiddleware,
6570
- authorizeMiddleware,
6571
- tokenMiddleware,
6572
- revokeMiddleware,
6573
- mcpAuthMiddleware
6574
- ];
6297
+ return [protectedResourceMiddleware, authorizationServerMiddleware, mcpAuthMiddleware];
6575
6298
  }
6576
6299
 
6577
6300
  // src/helpers/error.ts
@@ -7255,10 +6978,6 @@ function verifyWebhook({
7255
6978
  createCheckoutSessionCore,
7256
6979
  createCustomerSessionCore,
7257
6980
  createMcpOAuthBridge,
7258
- createOAuthAuthorizeHandler,
7259
- createOAuthRegisterHandler,
7260
- createOAuthRevokeHandler,
7261
- createOAuthTokenHandler,
7262
6981
  createPaymentIntentCore,
7263
6982
  createSolvaPay,
7264
6983
  createSolvaPayClient,
package/dist/index.d.cts CHANGED
@@ -3675,7 +3675,6 @@ declare function buildAuthInfoFromBearer(authorization?: string | null, options?
3675
3675
  type RequestLike = {
3676
3676
  method?: string;
3677
3677
  path?: string;
3678
- url?: string;
3679
3678
  headers?: Record<string, string | string[] | undefined>;
3680
3679
  body?: unknown;
3681
3680
  auth?: unknown;
@@ -3684,37 +3683,12 @@ type ResponseLike = {
3684
3683
  status: (code: number) => ResponseLike;
3685
3684
  json: (payload: unknown) => void;
3686
3685
  setHeader: (name: string, value: string) => void;
3687
- end?: (body?: string) => void;
3688
- send?: (body?: string | Buffer) => void;
3689
3686
  };
3690
3687
  type NextLike = () => void;
3691
- type Middleware = (req: RequestLike, res: ResponseLike, next: NextLike) => void | Promise<void>;
3692
- interface OAuthBridgePaths {
3693
- register?: string;
3694
- authorize?: string;
3695
- token?: string;
3696
- revoke?: string;
3697
- }
3688
+ type Middleware = (req: RequestLike, res: ResponseLike, next: NextLike) => void;
3698
3689
  interface OAuthAuthorizationServerOptions {
3699
- publicBaseUrl: string;
3700
- paths?: OAuthBridgePaths;
3701
- }
3702
- interface OAuthRegisterHandlerOptions {
3703
3690
  apiBaseUrl: string;
3704
3691
  productRef: string;
3705
- path?: string;
3706
- }
3707
- interface OAuthAuthorizeHandlerOptions {
3708
- apiBaseUrl: string;
3709
- path?: string;
3710
- }
3711
- interface OAuthTokenHandlerOptions {
3712
- apiBaseUrl: string;
3713
- path?: string;
3714
- }
3715
- interface OAuthRevokeHandlerOptions {
3716
- apiBaseUrl: string;
3717
- path?: string;
3718
3692
  }
3719
3693
  interface McpOAuthBridgeOptions {
3720
3694
  publicBaseUrl: string;
@@ -3725,29 +3699,23 @@ interface McpOAuthBridgeOptions {
3725
3699
  authInfo?: BuildAuthInfoFromBearerOptions;
3726
3700
  protectedResourcePath?: string;
3727
3701
  authorizationServerPath?: string;
3728
- oauthPaths?: OAuthBridgePaths;
3729
3702
  }
3730
3703
  declare function getOAuthProtectedResourceResponse(publicBaseUrl: string): {
3731
3704
  resource: string;
3732
3705
  authorization_servers: string[];
3733
3706
  scopes_supported: string[];
3734
3707
  };
3735
- declare function getOAuthAuthorizationServerResponse({ publicBaseUrl, paths, }: OAuthAuthorizationServerOptions): {
3708
+ declare function getOAuthAuthorizationServerResponse({ apiBaseUrl, productRef, }: OAuthAuthorizationServerOptions): {
3736
3709
  issuer: string;
3737
3710
  authorization_endpoint: string;
3738
3711
  token_endpoint: string;
3739
3712
  registration_endpoint: string;
3740
- revocation_endpoint: string;
3741
3713
  token_endpoint_auth_methods_supported: string[];
3742
3714
  response_types_supported: string[];
3743
3715
  grant_types_supported: string[];
3744
3716
  scopes_supported: string[];
3745
3717
  code_challenge_methods_supported: string[];
3746
3718
  };
3747
- declare function createOAuthRegisterHandler(options: OAuthRegisterHandlerOptions): Middleware;
3748
- declare function createOAuthAuthorizeHandler(options: OAuthAuthorizeHandlerOptions): Middleware;
3749
- declare function createOAuthTokenHandler(options: OAuthTokenHandlerOptions): Middleware;
3750
- declare function createOAuthRevokeHandler(options: OAuthRevokeHandlerOptions): Middleware;
3751
3719
  declare function createMcpOAuthBridge(options: McpOAuthBridgeOptions): Middleware[];
3752
3720
 
3753
3721
  /**
@@ -4309,4 +4277,4 @@ declare function verifyWebhook({ body, signature, secret, }: {
4309
4277
  secret: string;
4310
4278
  }): WebhookEvent;
4311
4279
 
4312
- export { type ActivatePlanResult, type AuthenticatedUser, type ConfigureMcpPlansRequest, type ConfigureMcpPlansResponse, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerResponseMapped, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, McpBearerAuthError, type McpBootstrapPlanInput, type McpBootstrapRequest, type McpBootstrapResponse, type McpServerLike, type McpToolExtra, type McpToolPlanMappingInput, type NextAdapterOptions, type OneTimePurchaseInfo, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type ProcessPaymentResult, type PurchaseCheckResult, type RegisterVirtualToolsMcpOptions, type RetryOptions, type SdkMerchantResponse, type SdkProductResponse, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type ToolPlanMappingInput, VIRTUAL_TOOL_DEFINITIONS, type VirtualToolDefinition, type VirtualToolsOptions, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, buildAuthInfoFromBearer, cancelPurchaseCore, checkPurchaseCore, type components, createCheckoutSessionCore, createCustomerSessionCore, createMcpOAuthBridge, createOAuthAuthorizeHandler, createOAuthRegisterHandler, createOAuthRevokeHandler, createOAuthTokenHandler, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, createVirtualTools, decodeJwtPayload, extractBearerToken, getAuthenticatedUserCore, getCustomerBalanceCore, getCustomerRefFromBearerAuthHeader, getCustomerRefFromJwtPayload, getMerchantCore, getOAuthAuthorizationServerResponse, getOAuthProtectedResourceResponse, getProductCore, handleRouteError, isErrorResult, jsonSchemaToZodRawShape, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, registerVirtualToolsMcpImpl, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };
4280
+ export { type ActivatePlanResult, type AuthenticatedUser, type ConfigureMcpPlansRequest, type ConfigureMcpPlansResponse, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerResponseMapped, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, McpBearerAuthError, type McpBootstrapPlanInput, type McpBootstrapRequest, type McpBootstrapResponse, type McpServerLike, type McpToolExtra, type McpToolPlanMappingInput, type NextAdapterOptions, type OneTimePurchaseInfo, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type ProcessPaymentResult, type PurchaseCheckResult, type RegisterVirtualToolsMcpOptions, type RetryOptions, type SdkMerchantResponse, type SdkProductResponse, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type ToolPlanMappingInput, VIRTUAL_TOOL_DEFINITIONS, type VirtualToolDefinition, type VirtualToolsOptions, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, buildAuthInfoFromBearer, cancelPurchaseCore, checkPurchaseCore, type components, createCheckoutSessionCore, createCustomerSessionCore, createMcpOAuthBridge, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, createVirtualTools, decodeJwtPayload, extractBearerToken, getAuthenticatedUserCore, getCustomerBalanceCore, getCustomerRefFromBearerAuthHeader, getCustomerRefFromJwtPayload, getMerchantCore, getOAuthAuthorizationServerResponse, getOAuthProtectedResourceResponse, getProductCore, handleRouteError, isErrorResult, jsonSchemaToZodRawShape, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, registerVirtualToolsMcpImpl, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };