@solvapay/server 1.0.8-preview.8 → 1.0.8-preview.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (141) hide show
  1. package/dist/edge.d.ts +24 -1
  2. package/dist/edge.js +72 -0
  3. package/dist/index.cjs +12 -307
  4. package/dist/index.d.cts +3 -35
  5. package/dist/index.d.ts +3 -35
  6. package/dist/index.js +12 -303
  7. package/package.json +7 -7
  8. package/dist/chunk-R5U7XKVJ.js +0 -16
  9. package/dist/dist-EPVKJAIP.js +0 -94
  10. package/dist/dist-JBJ4HMP7.js +0 -94
  11. package/dist/esm-5GYCIXIY.js +0 -3475
  12. package/dist/esm-UW7WCMEK.js +0 -3475
  13. package/dist/src/adapters/base.d.ts +0 -57
  14. package/dist/src/adapters/base.d.ts.map +0 -1
  15. package/dist/src/adapters/base.js +0 -73
  16. package/dist/src/adapters/base.js.map +0 -1
  17. package/dist/src/adapters/http.d.ts +0 -25
  18. package/dist/src/adapters/http.d.ts.map +0 -1
  19. package/dist/src/adapters/http.js +0 -99
  20. package/dist/src/adapters/http.js.map +0 -1
  21. package/dist/src/adapters/index.d.ts +0 -11
  22. package/dist/src/adapters/index.d.ts.map +0 -1
  23. package/dist/src/adapters/index.js +0 -10
  24. package/dist/src/adapters/index.js.map +0 -1
  25. package/dist/src/adapters/mcp.d.ts +0 -24
  26. package/dist/src/adapters/mcp.d.ts.map +0 -1
  27. package/dist/src/adapters/mcp.js +0 -75
  28. package/dist/src/adapters/mcp.js.map +0 -1
  29. package/dist/src/adapters/next.d.ts +0 -24
  30. package/dist/src/adapters/next.d.ts.map +0 -1
  31. package/dist/src/adapters/next.js +0 -109
  32. package/dist/src/adapters/next.js.map +0 -1
  33. package/dist/src/client.d.ts +0 -58
  34. package/dist/src/client.d.ts.map +0 -1
  35. package/dist/src/client.js +0 -495
  36. package/dist/src/client.js.map +0 -1
  37. package/dist/src/edge.d.ts +0 -22
  38. package/dist/src/edge.d.ts.map +0 -1
  39. package/dist/src/edge.js +0 -91
  40. package/dist/src/edge.js.map +0 -1
  41. package/dist/src/factory.d.ts +0 -605
  42. package/dist/src/factory.d.ts.map +0 -1
  43. package/dist/src/factory.js +0 -215
  44. package/dist/src/factory.js.map +0 -1
  45. package/dist/src/helpers/auth.d.ts +0 -47
  46. package/dist/src/helpers/auth.d.ts.map +0 -1
  47. package/dist/src/helpers/auth.js +0 -73
  48. package/dist/src/helpers/auth.js.map +0 -1
  49. package/dist/src/helpers/checkout.d.ts +0 -45
  50. package/dist/src/helpers/checkout.d.ts.map +0 -1
  51. package/dist/src/helpers/checkout.js +0 -89
  52. package/dist/src/helpers/checkout.js.map +0 -1
  53. package/dist/src/helpers/customer.d.ts +0 -51
  54. package/dist/src/helpers/customer.d.ts.map +0 -1
  55. package/dist/src/helpers/customer.js +0 -77
  56. package/dist/src/helpers/customer.js.map +0 -1
  57. package/dist/src/helpers/error.d.ts +0 -15
  58. package/dist/src/helpers/error.d.ts.map +0 -1
  59. package/dist/src/helpers/error.js +0 -35
  60. package/dist/src/helpers/error.js.map +0 -1
  61. package/dist/src/helpers/index.d.ts +0 -17
  62. package/dist/src/helpers/index.d.ts.map +0 -1
  63. package/dist/src/helpers/index.js +0 -23
  64. package/dist/src/helpers/index.js.map +0 -1
  65. package/dist/src/helpers/payment.d.ts +0 -107
  66. package/dist/src/helpers/payment.d.ts.map +0 -1
  67. package/dist/src/helpers/payment.js +0 -150
  68. package/dist/src/helpers/payment.js.map +0 -1
  69. package/dist/src/helpers/plans.d.ts +0 -19
  70. package/dist/src/helpers/plans.d.ts.map +0 -1
  71. package/dist/src/helpers/plans.js +0 -53
  72. package/dist/src/helpers/plans.js.map +0 -1
  73. package/dist/src/helpers/renewal.d.ts +0 -23
  74. package/dist/src/helpers/renewal.d.ts.map +0 -1
  75. package/dist/src/helpers/renewal.js +0 -90
  76. package/dist/src/helpers/renewal.js.map +0 -1
  77. package/dist/src/helpers/subscription.d.ts +0 -23
  78. package/dist/src/helpers/subscription.d.ts.map +0 -1
  79. package/dist/src/helpers/subscription.js +0 -101
  80. package/dist/src/helpers/subscription.js.map +0 -1
  81. package/dist/src/helpers/types.d.ts +0 -22
  82. package/dist/src/helpers/types.d.ts.map +0 -1
  83. package/dist/src/helpers/types.js +0 -7
  84. package/dist/src/helpers/types.js.map +0 -1
  85. package/dist/src/index.d.ts +0 -73
  86. package/dist/src/index.d.ts.map +0 -1
  87. package/dist/src/index.js +0 -106
  88. package/dist/src/index.js.map +0 -1
  89. package/dist/src/mcp/auth-bridge.d.ts +0 -9
  90. package/dist/src/mcp/auth-bridge.d.ts.map +0 -1
  91. package/dist/src/mcp/auth-bridge.js +0 -46
  92. package/dist/src/mcp/auth-bridge.js.map +0 -1
  93. package/dist/src/mcp/oauth-bridge.d.ts +0 -48
  94. package/dist/src/mcp/oauth-bridge.d.ts.map +0 -1
  95. package/dist/src/mcp/oauth-bridge.js +0 -110
  96. package/dist/src/mcp/oauth-bridge.js.map +0 -1
  97. package/dist/src/mcp-auth.d.ts +0 -17
  98. package/dist/src/mcp-auth.d.ts.map +0 -1
  99. package/dist/src/mcp-auth.js +0 -57
  100. package/dist/src/mcp-auth.js.map +0 -1
  101. package/dist/src/paywall.d.ts +0 -119
  102. package/dist/src/paywall.d.ts.map +0 -1
  103. package/dist/src/paywall.js +0 -700
  104. package/dist/src/paywall.js.map +0 -1
  105. package/dist/src/register-virtual-tools-mcp.d.ts +0 -23
  106. package/dist/src/register-virtual-tools-mcp.d.ts.map +0 -1
  107. package/dist/src/register-virtual-tools-mcp.js +0 -86
  108. package/dist/src/register-virtual-tools-mcp.js.map +0 -1
  109. package/dist/src/types/client.d.ts +0 -216
  110. package/dist/src/types/client.d.ts.map +0 -1
  111. package/dist/src/types/client.js +0 -7
  112. package/dist/src/types/client.js.map +0 -1
  113. package/dist/src/types/generated.d.ts +0 -2834
  114. package/dist/src/types/generated.d.ts.map +0 -1
  115. package/dist/src/types/generated.js +0 -6
  116. package/dist/src/types/generated.js.map +0 -1
  117. package/dist/src/types/index.d.ts +0 -13
  118. package/dist/src/types/index.d.ts.map +0 -1
  119. package/dist/src/types/index.js +0 -8
  120. package/dist/src/types/index.js.map +0 -1
  121. package/dist/src/types/options.d.ts +0 -126
  122. package/dist/src/types/options.d.ts.map +0 -1
  123. package/dist/src/types/options.js +0 -8
  124. package/dist/src/types/options.js.map +0 -1
  125. package/dist/src/types/paywall.d.ts +0 -64
  126. package/dist/src/types/paywall.d.ts.map +0 -1
  127. package/dist/src/types/paywall.js +0 -7
  128. package/dist/src/types/paywall.js.map +0 -1
  129. package/dist/src/types/webhook.d.ts +0 -50
  130. package/dist/src/types/webhook.d.ts.map +0 -1
  131. package/dist/src/types/webhook.js +0 -2
  132. package/dist/src/types/webhook.js.map +0 -1
  133. package/dist/src/utils.d.ts +0 -110
  134. package/dist/src/utils.d.ts.map +0 -1
  135. package/dist/src/utils.js +0 -217
  136. package/dist/src/utils.js.map +0 -1
  137. package/dist/src/virtual-tools.d.ts +0 -44
  138. package/dist/src/virtual-tools.d.ts.map +0 -1
  139. package/dist/src/virtual-tools.js +0 -140
  140. package/dist/src/virtual-tools.js.map +0 -1
  141. package/dist/tsconfig.tsbuildinfo +0 -1
package/dist/index.d.ts CHANGED
@@ -3675,7 +3675,6 @@ declare function buildAuthInfoFromBearer(authorization?: string | null, options?
3675
3675
  type RequestLike = {
3676
3676
  method?: string;
3677
3677
  path?: string;
3678
- url?: string;
3679
3678
  headers?: Record<string, string | string[] | undefined>;
3680
3679
  body?: unknown;
3681
3680
  auth?: unknown;
@@ -3684,37 +3683,12 @@ type ResponseLike = {
3684
3683
  status: (code: number) => ResponseLike;
3685
3684
  json: (payload: unknown) => void;
3686
3685
  setHeader: (name: string, value: string) => void;
3687
- end?: (body?: string) => void;
3688
- send?: (body?: string | Buffer) => void;
3689
3686
  };
3690
3687
  type NextLike = () => void;
3691
- type Middleware = (req: RequestLike, res: ResponseLike, next: NextLike) => void | Promise<void>;
3692
- interface OAuthBridgePaths {
3693
- register?: string;
3694
- authorize?: string;
3695
- token?: string;
3696
- revoke?: string;
3697
- }
3688
+ type Middleware = (req: RequestLike, res: ResponseLike, next: NextLike) => void;
3698
3689
  interface OAuthAuthorizationServerOptions {
3699
- publicBaseUrl: string;
3700
- paths?: OAuthBridgePaths;
3701
- }
3702
- interface OAuthRegisterHandlerOptions {
3703
3690
  apiBaseUrl: string;
3704
3691
  productRef: string;
3705
- path?: string;
3706
- }
3707
- interface OAuthAuthorizeHandlerOptions {
3708
- apiBaseUrl: string;
3709
- path?: string;
3710
- }
3711
- interface OAuthTokenHandlerOptions {
3712
- apiBaseUrl: string;
3713
- path?: string;
3714
- }
3715
- interface OAuthRevokeHandlerOptions {
3716
- apiBaseUrl: string;
3717
- path?: string;
3718
3692
  }
3719
3693
  interface McpOAuthBridgeOptions {
3720
3694
  publicBaseUrl: string;
@@ -3725,29 +3699,23 @@ interface McpOAuthBridgeOptions {
3725
3699
  authInfo?: BuildAuthInfoFromBearerOptions;
3726
3700
  protectedResourcePath?: string;
3727
3701
  authorizationServerPath?: string;
3728
- oauthPaths?: OAuthBridgePaths;
3729
3702
  }
3730
3703
  declare function getOAuthProtectedResourceResponse(publicBaseUrl: string): {
3731
3704
  resource: string;
3732
3705
  authorization_servers: string[];
3733
3706
  scopes_supported: string[];
3734
3707
  };
3735
- declare function getOAuthAuthorizationServerResponse({ publicBaseUrl, paths, }: OAuthAuthorizationServerOptions): {
3708
+ declare function getOAuthAuthorizationServerResponse({ apiBaseUrl, productRef, }: OAuthAuthorizationServerOptions): {
3736
3709
  issuer: string;
3737
3710
  authorization_endpoint: string;
3738
3711
  token_endpoint: string;
3739
3712
  registration_endpoint: string;
3740
- revocation_endpoint: string;
3741
3713
  token_endpoint_auth_methods_supported: string[];
3742
3714
  response_types_supported: string[];
3743
3715
  grant_types_supported: string[];
3744
3716
  scopes_supported: string[];
3745
3717
  code_challenge_methods_supported: string[];
3746
3718
  };
3747
- declare function createOAuthRegisterHandler(options: OAuthRegisterHandlerOptions): Middleware;
3748
- declare function createOAuthAuthorizeHandler(options: OAuthAuthorizeHandlerOptions): Middleware;
3749
- declare function createOAuthTokenHandler(options: OAuthTokenHandlerOptions): Middleware;
3750
- declare function createOAuthRevokeHandler(options: OAuthRevokeHandlerOptions): Middleware;
3751
3719
  declare function createMcpOAuthBridge(options: McpOAuthBridgeOptions): Middleware[];
3752
3720
 
3753
3721
  /**
@@ -4309,4 +4277,4 @@ declare function verifyWebhook({ body, signature, secret, }: {
4309
4277
  secret: string;
4310
4278
  }): WebhookEvent;
4311
4279
 
4312
- export { type ActivatePlanResult, type AuthenticatedUser, type ConfigureMcpPlansRequest, type ConfigureMcpPlansResponse, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerResponseMapped, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, McpBearerAuthError, type McpBootstrapPlanInput, type McpBootstrapRequest, type McpBootstrapResponse, type McpServerLike, type McpToolExtra, type McpToolPlanMappingInput, type NextAdapterOptions, type OneTimePurchaseInfo, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type ProcessPaymentResult, type PurchaseCheckResult, type RegisterVirtualToolsMcpOptions, type RetryOptions, type SdkMerchantResponse, type SdkProductResponse, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type ToolPlanMappingInput, VIRTUAL_TOOL_DEFINITIONS, type VirtualToolDefinition, type VirtualToolsOptions, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, buildAuthInfoFromBearer, cancelPurchaseCore, checkPurchaseCore, type components, createCheckoutSessionCore, createCustomerSessionCore, createMcpOAuthBridge, createOAuthAuthorizeHandler, createOAuthRegisterHandler, createOAuthRevokeHandler, createOAuthTokenHandler, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, createVirtualTools, decodeJwtPayload, extractBearerToken, getAuthenticatedUserCore, getCustomerBalanceCore, getCustomerRefFromBearerAuthHeader, getCustomerRefFromJwtPayload, getMerchantCore, getOAuthAuthorizationServerResponse, getOAuthProtectedResourceResponse, getProductCore, handleRouteError, isErrorResult, jsonSchemaToZodRawShape, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, registerVirtualToolsMcpImpl, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };
4280
+ export { type ActivatePlanResult, type AuthenticatedUser, type ConfigureMcpPlansRequest, type ConfigureMcpPlansResponse, type CreateSolvaPayConfig, type CustomerBalanceResult, type CustomerResponseMapped, type CustomerWebhookObject, type ErrorResult, type HttpAdapterOptions, type LimitActivationBalance, type LimitActivationProduct, type LimitPlanSummary, type McpAdapterOptions, McpBearerAuthError, type McpBootstrapPlanInput, type McpBootstrapRequest, type McpBootstrapResponse, type McpServerLike, type McpToolExtra, type McpToolPlanMappingInput, type NextAdapterOptions, type OneTimePurchaseInfo, type PayableFunction, type PayableOptions, type PaywallArgs, PaywallError, type PaywallMetadata, type PaywallStructuredContent, type PaywallToolResult, type ProcessPaymentResult, type PurchaseCheckResult, type RegisterVirtualToolsMcpOptions, type RetryOptions, type SdkMerchantResponse, type SdkProductResponse, type ServerClientOptions, type SolvaPay, type SolvaPayClient, type ToolPlanMappingInput, VIRTUAL_TOOL_DEFINITIONS, type VirtualToolDefinition, type VirtualToolsOptions, type WebhookEvent, type WebhookEventForType, type WebhookEventObjectMap, type WebhookEventType, type WebhookProduct, activatePlanCore, buildAuthInfoFromBearer, cancelPurchaseCore, checkPurchaseCore, type components, createCheckoutSessionCore, createCustomerSessionCore, createMcpOAuthBridge, createPaymentIntentCore, createSolvaPay, createSolvaPayClient, createTopupPaymentIntentCore, createVirtualTools, decodeJwtPayload, extractBearerToken, getAuthenticatedUserCore, getCustomerBalanceCore, getCustomerRefFromBearerAuthHeader, getCustomerRefFromJwtPayload, getMerchantCore, getOAuthAuthorizationServerResponse, getOAuthProtectedResourceResponse, getProductCore, handleRouteError, isErrorResult, jsonSchemaToZodRawShape, listPlansCore, paywallErrorToClientPayload, processPaymentIntentCore, reactivatePurchaseCore, registerVirtualToolsMcpImpl, syncCustomerCore, trackUsageCore, verifyWebhook, withRetry };
package/dist/index.js CHANGED
@@ -1826,31 +1826,15 @@ function buildAuthInfoFromBearer(authorization, options = {}) {
1826
1826
  }
1827
1827
 
1828
1828
  // src/mcp/oauth-bridge.ts
1829
- var DEFAULT_OAUTH_PATHS = {
1830
- register: "/oauth/register",
1831
- authorize: "/oauth/authorize",
1832
- token: "/oauth/token",
1833
- revoke: "/oauth/revoke"
1834
- };
1835
- var NATIVE_CLIENT_ORIGIN_SCHEMES = ["cursor:", "vscode:", "vscode-webview:", "claude:"];
1836
1829
  function withoutTrailingSlash(value) {
1837
1830
  return value.replace(/\/$/, "");
1838
1831
  }
1839
- function resolvePaths(paths = {}) {
1840
- return { ...DEFAULT_OAUTH_PATHS, ...paths };
1841
- }
1842
1832
  function getRequestAuthHeader(req) {
1843
1833
  const header = req.headers?.authorization;
1844
1834
  if (typeof header === "string") return header;
1845
1835
  if (Array.isArray(header)) return header[0] || null;
1846
1836
  return null;
1847
1837
  }
1848
- function getHeader(req, name) {
1849
- const header = req.headers?.[name.toLowerCase()];
1850
- if (typeof header === "string") return header;
1851
- if (Array.isArray(header)) return header[0] || null;
1852
- return null;
1853
- }
1854
1838
  function getRequestJsonRpcId(body) {
1855
1839
  if (body && typeof body === "object" && "id" in body) {
1856
1840
  const id = body.id;
@@ -1874,100 +1858,6 @@ function setMcpChallengeHeader(res, publicBaseUrl, protectedResourcePath) {
1874
1858
  `Bearer resource_metadata="${withoutTrailingSlash(publicBaseUrl)}${protectedResourcePath}"`
1875
1859
  );
1876
1860
  }
1877
- function getRequestQuery(req) {
1878
- const raw = req.url ?? req.path ?? "";
1879
- const qIndex = raw.indexOf("?");
1880
- return qIndex === -1 ? "" : raw.slice(qIndex);
1881
- }
1882
- function isNativeClientOrigin(origin) {
1883
- try {
1884
- const url = new URL(origin);
1885
- return NATIVE_CLIENT_ORIGIN_SCHEMES.includes(
1886
- url.protocol
1887
- );
1888
- } catch {
1889
- return false;
1890
- }
1891
- }
1892
- function applyCorsHeaders(req, res) {
1893
- const origin = getHeader(req, "origin");
1894
- if (!origin) return;
1895
- if (isNativeClientOrigin(origin)) {
1896
- res.setHeader("Access-Control-Allow-Origin", origin);
1897
- res.setHeader("Vary", "Origin");
1898
- }
1899
- }
1900
- function handlePreflight(req, res) {
1901
- applyCorsHeaders(req, res);
1902
- const requestedMethod = getHeader(req, "access-control-request-method") ?? "POST";
1903
- const requestedHeaders = getHeader(req, "access-control-request-headers") ?? "authorization, content-type";
1904
- res.setHeader("Access-Control-Allow-Methods", `${requestedMethod}, OPTIONS`);
1905
- res.setHeader("Access-Control-Allow-Headers", requestedHeaders);
1906
- res.setHeader("Access-Control-Max-Age", "600");
1907
- res.status(204);
1908
- if (typeof res.end === "function") {
1909
- res.end();
1910
- } else {
1911
- res.json({});
1912
- }
1913
- }
1914
- async function readJsonFromResponse(upstream) {
1915
- const text = await upstream.text();
1916
- if (!text) return { body: {}, text: "" };
1917
- try {
1918
- return { body: JSON.parse(text), text };
1919
- } catch {
1920
- return { body: text, text };
1921
- }
1922
- }
1923
- async function relayJsonResponse(upstream, res) {
1924
- const { body, text } = await readJsonFromResponse(upstream);
1925
- res.status(upstream.status);
1926
- const contentType = upstream.headers.get("content-type");
1927
- if (contentType) res.setHeader("Content-Type", contentType);
1928
- if (text === "" && upstream.status === 204) {
1929
- if (typeof res.end === "function") {
1930
- res.end();
1931
- return;
1932
- }
1933
- }
1934
- res.json(body);
1935
- }
1936
- function sendUpstreamError(res, _error) {
1937
- res.status(502);
1938
- res.setHeader("Content-Type", "application/json");
1939
- res.json({ error: "upstream_unreachable" });
1940
- }
1941
- function serializeRegisterBody(body) {
1942
- if (typeof body === "string") return body;
1943
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
1944
- return JSON.stringify(body ?? {});
1945
- }
1946
- function serializeFormBody(body) {
1947
- if (typeof body === "string") return body;
1948
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
1949
- if (body && typeof body === "object") {
1950
- const params = new URLSearchParams();
1951
- for (const [key, value] of Object.entries(body)) {
1952
- if (value === void 0 || value === null) continue;
1953
- if (Array.isArray(value)) {
1954
- for (const entry of value) params.append(key, String(entry));
1955
- } else {
1956
- params.append(key, String(value));
1957
- }
1958
- }
1959
- return params.toString();
1960
- }
1961
- return "";
1962
- }
1963
- function serializeRequestBody(contentType, body) {
1964
- if (contentType && contentType.includes("application/x-www-form-urlencoded")) {
1965
- return serializeFormBody(body);
1966
- }
1967
- if (typeof body === "string") return body;
1968
- if (body instanceof Uint8Array) return Buffer.from(body).toString("utf8");
1969
- return JSON.stringify(body ?? {});
1970
- }
1971
1861
  function getOAuthProtectedResourceResponse(publicBaseUrl) {
1972
1862
  const resource = withoutTrailingSlash(publicBaseUrl);
1973
1863
  return {
@@ -1977,17 +1867,16 @@ function getOAuthProtectedResourceResponse(publicBaseUrl) {
1977
1867
  };
1978
1868
  }
1979
1869
  function getOAuthAuthorizationServerResponse({
1980
- publicBaseUrl,
1981
- paths
1870
+ apiBaseUrl,
1871
+ productRef
1982
1872
  }) {
1983
- const base = withoutTrailingSlash(publicBaseUrl);
1984
- const p = resolvePaths(paths);
1873
+ const normalizedApiBaseUrl = withoutTrailingSlash(apiBaseUrl);
1874
+ const registrationEndpoint = `${normalizedApiBaseUrl}/v1/customer/auth/register?product_ref=${encodeURIComponent(productRef)}`;
1985
1875
  return {
1986
- issuer: base,
1987
- authorization_endpoint: `${base}${p.authorize}`,
1988
- token_endpoint: `${base}${p.token}`,
1989
- registration_endpoint: `${base}${p.register}`,
1990
- revocation_endpoint: `${base}${p.revoke}`,
1876
+ issuer: normalizedApiBaseUrl,
1877
+ authorization_endpoint: `${normalizedApiBaseUrl}/v1/customer/auth/authorize`,
1878
+ token_endpoint: `${normalizedApiBaseUrl}/v1/customer/auth/token`,
1879
+ registration_endpoint: registrationEndpoint,
1991
1880
  token_endpoint_auth_methods_supported: ["client_secret_basic", "client_secret_post"],
1992
1881
  response_types_supported: ["code"],
1993
1882
  grant_types_supported: ["authorization_code", "refresh_token"],
@@ -1995,134 +1884,6 @@ function getOAuthAuthorizationServerResponse({
1995
1884
  code_challenge_methods_supported: ["S256"]
1996
1885
  };
1997
1886
  }
1998
- function createOAuthRegisterHandler(options) {
1999
- const path = options.path ?? DEFAULT_OAUTH_PATHS.register;
2000
- const api = withoutTrailingSlash(options.apiBaseUrl);
2001
- const upstream = `${api}/v1/customer/auth/register?product_ref=${encodeURIComponent(options.productRef)}`;
2002
- return async (req, res, next) => {
2003
- if (req.path !== path) {
2004
- next();
2005
- return;
2006
- }
2007
- if (req.method === "OPTIONS") {
2008
- handlePreflight(req, res);
2009
- return;
2010
- }
2011
- if (req.method !== "POST") {
2012
- next();
2013
- return;
2014
- }
2015
- try {
2016
- const response = await fetch(upstream, {
2017
- method: "POST",
2018
- headers: { "content-type": "application/json" },
2019
- body: serializeRegisterBody(req.body)
2020
- });
2021
- applyCorsHeaders(req, res);
2022
- await relayJsonResponse(response, res);
2023
- } catch (error) {
2024
- applyCorsHeaders(req, res);
2025
- sendUpstreamError(res, error);
2026
- }
2027
- };
2028
- }
2029
- function createOAuthAuthorizeHandler(options) {
2030
- const path = options.path ?? DEFAULT_OAUTH_PATHS.authorize;
2031
- const api = withoutTrailingSlash(options.apiBaseUrl);
2032
- return (req, res, next) => {
2033
- if (req.path !== path) {
2034
- next();
2035
- return;
2036
- }
2037
- if (req.method === "OPTIONS") {
2038
- handlePreflight(req, res);
2039
- return;
2040
- }
2041
- if (req.method !== "GET") {
2042
- next();
2043
- return;
2044
- }
2045
- const query = getRequestQuery(req);
2046
- const location = `${api}/v1/customer/auth/authorize${query}`;
2047
- res.setHeader("Location", location);
2048
- res.status(302);
2049
- if (typeof res.end === "function") {
2050
- res.end();
2051
- return;
2052
- }
2053
- res.json({});
2054
- };
2055
- }
2056
- function createOAuthTokenHandler(options) {
2057
- const path = options.path ?? DEFAULT_OAUTH_PATHS.token;
2058
- const api = withoutTrailingSlash(options.apiBaseUrl);
2059
- const upstream = `${api}/v1/customer/auth/token`;
2060
- return async (req, res, next) => {
2061
- if (req.path !== path) {
2062
- next();
2063
- return;
2064
- }
2065
- if (req.method === "OPTIONS") {
2066
- handlePreflight(req, res);
2067
- return;
2068
- }
2069
- if (req.method !== "POST") {
2070
- next();
2071
- return;
2072
- }
2073
- const contentType = getHeader(req, "content-type") ?? "application/x-www-form-urlencoded";
2074
- const authorization = getHeader(req, "authorization");
2075
- const headers = { "content-type": contentType };
2076
- if (authorization) headers["authorization"] = authorization;
2077
- try {
2078
- const response = await fetch(upstream, {
2079
- method: "POST",
2080
- headers,
2081
- body: serializeRequestBody(contentType, req.body)
2082
- });
2083
- applyCorsHeaders(req, res);
2084
- await relayJsonResponse(response, res);
2085
- } catch (error) {
2086
- applyCorsHeaders(req, res);
2087
- sendUpstreamError(res, error);
2088
- }
2089
- };
2090
- }
2091
- function createOAuthRevokeHandler(options) {
2092
- const path = options.path ?? DEFAULT_OAUTH_PATHS.revoke;
2093
- const api = withoutTrailingSlash(options.apiBaseUrl);
2094
- const upstream = `${api}/v1/customer/auth/revoke`;
2095
- return async (req, res, next) => {
2096
- if (req.path !== path) {
2097
- next();
2098
- return;
2099
- }
2100
- if (req.method === "OPTIONS") {
2101
- handlePreflight(req, res);
2102
- return;
2103
- }
2104
- if (req.method !== "POST") {
2105
- next();
2106
- return;
2107
- }
2108
- const contentType = getHeader(req, "content-type") ?? "application/x-www-form-urlencoded";
2109
- const authorization = getHeader(req, "authorization");
2110
- const headers = { "content-type": contentType };
2111
- if (authorization) headers["authorization"] = authorization;
2112
- try {
2113
- const response = await fetch(upstream, {
2114
- method: "POST",
2115
- headers,
2116
- body: serializeRequestBody(contentType, req.body)
2117
- });
2118
- applyCorsHeaders(req, res);
2119
- await relayJsonResponse(response, res);
2120
- } catch (error) {
2121
- applyCorsHeaders(req, res);
2122
- sendUpstreamError(res, error);
2123
- }
2124
- };
2125
- }
2126
1887
  function createMcpOAuthBridge(options) {
2127
1888
  const {
2128
1889
  publicBaseUrl,
@@ -2132,23 +1893,8 @@ function createMcpOAuthBridge(options) {
2132
1893
  requireAuth = true,
2133
1894
  authInfo,
2134
1895
  protectedResourcePath = "/.well-known/oauth-protected-resource",
2135
- authorizationServerPath = "/.well-known/oauth-authorization-server",
2136
- oauthPaths
1896
+ authorizationServerPath = "/.well-known/oauth-authorization-server"
2137
1897
  } = options;
2138
- const paths = resolvePaths(oauthPaths);
2139
- const openidDiscoveryMiddleware = (req, res, next) => {
2140
- if (req.method !== "GET" || req.path !== "/.well-known/openid-configuration") {
2141
- next();
2142
- return;
2143
- }
2144
- applyCorsHeaders(req, res);
2145
- res.status(404);
2146
- if (typeof res.end === "function") {
2147
- res.end();
2148
- } else {
2149
- res.json({ error: "not_found" });
2150
- }
2151
- };
2152
1898
  const protectedResourceMiddleware = (req, res, next) => {
2153
1899
  if (req.method !== "GET" || req.path !== protectedResourcePath) {
2154
1900
  next();
@@ -2167,38 +1913,16 @@ function createMcpOAuthBridge(options) {
2167
1913
  }
2168
1914
  res.json(
2169
1915
  getOAuthAuthorizationServerResponse({
2170
- publicBaseUrl,
2171
- paths
1916
+ apiBaseUrl,
1917
+ productRef
2172
1918
  })
2173
1919
  );
2174
1920
  };
2175
- const registerMiddleware = createOAuthRegisterHandler({
2176
- apiBaseUrl,
2177
- productRef,
2178
- path: paths.register
2179
- });
2180
- const authorizeMiddleware = createOAuthAuthorizeHandler({
2181
- apiBaseUrl,
2182
- path: paths.authorize
2183
- });
2184
- const tokenMiddleware = createOAuthTokenHandler({ apiBaseUrl, path: paths.token });
2185
- const revokeMiddleware = createOAuthRevokeHandler({ apiBaseUrl, path: paths.revoke });
2186
1921
  const mcpAuthMiddleware = (req, res, next) => {
2187
1922
  if (req.path !== mcpPath) {
2188
1923
  next();
2189
1924
  return;
2190
1925
  }
2191
- if (req.method && req.method !== "POST" && req.method !== "OPTIONS") {
2192
- applyCorsHeaders(req, res);
2193
- res.setHeader("Allow", "POST, OPTIONS");
2194
- res.status(405);
2195
- if (typeof res.end === "function") {
2196
- res.end();
2197
- } else {
2198
- res.json({ error: "method_not_allowed" });
2199
- }
2200
- return;
2201
- }
2202
1926
  const authHeader = getRequestAuthHeader(req);
2203
1927
  const id = getRequestJsonRpcId(req.body);
2204
1928
  if (!authHeader && !requireAuth) {
@@ -2213,8 +1937,6 @@ function createMcpOAuthBridge(options) {
2213
1937
  req.auth = auth;
2214
1938
  next();
2215
1939
  } catch {
2216
- applyCorsHeaders(req, res);
2217
- res.setHeader("Access-Control-Expose-Headers", "WWW-Authenticate");
2218
1940
  setMcpChallengeHeader(res, publicBaseUrl, protectedResourcePath);
2219
1941
  if (req.method === "POST") {
2220
1942
  res.status(401).json(makeUnauthorizedJsonRpc(id));
@@ -2223,16 +1945,7 @@ function createMcpOAuthBridge(options) {
2223
1945
  res.status(401).json({ error: "Unauthorized" });
2224
1946
  }
2225
1947
  };
2226
- return [
2227
- openidDiscoveryMiddleware,
2228
- protectedResourceMiddleware,
2229
- authorizationServerMiddleware,
2230
- registerMiddleware,
2231
- authorizeMiddleware,
2232
- tokenMiddleware,
2233
- revokeMiddleware,
2234
- mcpAuthMiddleware
2235
- ];
1948
+ return [protectedResourceMiddleware, authorizationServerMiddleware, mcpAuthMiddleware];
2236
1949
  }
2237
1950
 
2238
1951
  // src/helpers/error.ts
@@ -2915,10 +2628,6 @@ export {
2915
2628
  createCheckoutSessionCore,
2916
2629
  createCustomerSessionCore,
2917
2630
  createMcpOAuthBridge,
2918
- createOAuthAuthorizeHandler,
2919
- createOAuthRegisterHandler,
2920
- createOAuthRevokeHandler,
2921
- createOAuthTokenHandler,
2922
2631
  createPaymentIntentCore,
2923
2632
  createSolvaPay,
2924
2633
  createSolvaPayClient,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@solvapay/server",
3
- "version": "1.0.8-preview.8",
3
+ "version": "1.0.8-preview.9",
4
4
  "type": "module",
5
5
  "main": "./dist/index.cjs",
6
6
  "module": "./dist/index.js",
@@ -37,12 +37,12 @@
37
37
  },
38
38
  "sideEffects": false,
39
39
  "dependencies": {
40
- "@solvapay/core": "1.0.8-preview.8"
40
+ "@solvapay/core": "1.0.8-preview.9"
41
41
  },
42
42
  "peerDependencies": {
43
43
  "@modelcontextprotocol/sdk": "^1.28.0",
44
44
  "zod": "^3.25.0 || ^4.0.0",
45
- "@solvapay/auth": "1.0.8-preview.8"
45
+ "@solvapay/auth": "1.0.8-preview.9"
46
46
  },
47
47
  "peerDependenciesMeta": {
48
48
  "@modelcontextprotocol/sdk": {
@@ -60,15 +60,15 @@
60
60
  "tsx": "^4.21.0",
61
61
  "typescript": "^5.9.3",
62
62
  "vitest": "^4.1.2",
63
- "@solvapay/demo-services": "0.0.0",
63
+ "@solvapay/auth": "1.0.8-preview.9",
64
64
  "@solvapay/test-utils": "^0.0.0",
65
- "@solvapay/auth": "1.0.8-preview.8"
65
+ "@solvapay/demo-services": "0.0.0"
66
66
  },
67
67
  "scripts": {
68
68
  "build": "tsup src/index.ts --format esm,cjs --dts --tsconfig tsconfig.build.json && tsup src/edge.ts --format esm --dts --tsconfig tsconfig.build.json",
69
69
  "generate:types": "tsx scripts/generate-types.ts",
70
- "test": "vitest run __tests__/paywall.unit.test.ts __tests__/mcp-auth.unit.test.ts __tests__/bootstrap-mcp.unit.test.ts __tests__/verify-webhook.unit.test.ts src/mcp/oauth-bridge.spec.ts",
71
- "test:unit": "vitest run __tests__/paywall.unit.test.ts __tests__/mcp-auth.unit.test.ts __tests__/bootstrap-mcp.unit.test.ts __tests__/verify-webhook.unit.test.ts src/mcp/oauth-bridge.spec.ts",
70
+ "test": "vitest run __tests__/paywall.unit.test.ts __tests__/mcp-auth.unit.test.ts __tests__/bootstrap-mcp.unit.test.ts __tests__/verify-webhook.unit.test.ts __tests__/edge-exports.unit.test.ts",
71
+ "test:unit": "vitest run __tests__/paywall.unit.test.ts __tests__/mcp-auth.unit.test.ts __tests__/bootstrap-mcp.unit.test.ts __tests__/verify-webhook.unit.test.ts __tests__/edge-exports.unit.test.ts",
72
72
  "test:integration": "vitest run __tests__/backend.integration.test.ts",
73
73
  "test:integration:payment": "vitest run __tests__/payment-stripe.integration.test.ts",
74
74
  "test:all": "vitest run",
@@ -1,16 +0,0 @@
1
- var __defProp = Object.defineProperty;
2
- var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
3
- get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
4
- }) : x)(function(x) {
5
- if (typeof require !== "undefined") return require.apply(this, arguments);
6
- throw Error('Dynamic require of "' + x + '" is not supported');
7
- });
8
- var __export = (target, all) => {
9
- for (var name in all)
10
- __defProp(target, name, { get: all[name], enumerable: true });
11
- };
12
-
13
- export {
14
- __require,
15
- __export
16
- };
@@ -1,94 +0,0 @@
1
- import "./chunk-R5U7XKVJ.js";
2
-
3
- // ../auth/dist/chunk-OETEFHW6.js
4
- var MockAuthAdapter = class {
5
- async getUserIdFromRequest(req) {
6
- const headers = "headers" in req ? req.headers : req;
7
- const headerUserId = headers.get("x-mock-user-id");
8
- if (headerUserId) {
9
- return headerUserId;
10
- }
11
- if (typeof process !== "undefined" && process.env.MOCK_USER_ID) {
12
- return process.env.MOCK_USER_ID;
13
- }
14
- return null;
15
- }
16
- };
17
-
18
- // ../auth/dist/chunk-2P77RLPB.js
19
- function getUserIdFromRequest(request, options) {
20
- const headerName = options?.headerName || "x-user-id";
21
- return request.headers.get(headerName);
22
- }
23
- async function getUserEmailFromRequest(request, options) {
24
- const authHeader = request.headers.get("authorization");
25
- if (!authHeader || !authHeader.startsWith("Bearer ")) {
26
- return null;
27
- }
28
- const token = authHeader.slice(7);
29
- if (!token) {
30
- return null;
31
- }
32
- try {
33
- const { jwtVerify } = await import("./esm-5GYCIXIY.js");
34
- const jwtSecret = options?.jwtSecret || process.env.SUPABASE_JWT_SECRET;
35
- if (!jwtSecret) {
36
- return null;
37
- }
38
- const secret = new TextEncoder().encode(jwtSecret);
39
- const { payload } = await jwtVerify(token, secret, {
40
- algorithms: ["HS256"]
41
- });
42
- return payload.email ? String(payload.email) : null;
43
- } catch {
44
- return null;
45
- }
46
- }
47
- async function getUserNameFromRequest(request, options) {
48
- const authHeader = request.headers.get("authorization");
49
- if (!authHeader || !authHeader.startsWith("Bearer ")) {
50
- return null;
51
- }
52
- const token = authHeader.slice(7);
53
- if (!token) {
54
- return null;
55
- }
56
- try {
57
- const { jwtVerify } = await import("./esm-5GYCIXIY.js");
58
- const jwtSecret = options?.jwtSecret || process.env.SUPABASE_JWT_SECRET;
59
- if (!jwtSecret) {
60
- return null;
61
- }
62
- const secret = new TextEncoder().encode(jwtSecret);
63
- const { payload } = await jwtVerify(token, secret, {
64
- algorithms: ["HS256"]
65
- });
66
- const name = payload.user_metadata?.full_name || payload.user_metadata?.name || payload.name || null;
67
- return name ? String(name) : null;
68
- } catch {
69
- return null;
70
- }
71
- }
72
- function requireUserId(request, options) {
73
- const headerName = options?.headerName || "x-user-id";
74
- const errorMessage = options?.errorMessage || "Unauthorized";
75
- const errorDetails = options?.errorDetails || "User ID not found. Ensure middleware is configured.";
76
- const userId = request.headers.get(headerName);
77
- if (!userId) {
78
- return new Response(
79
- JSON.stringify({ error: errorMessage, details: errorDetails }),
80
- {
81
- status: 401,
82
- headers: { "Content-Type": "application/json" }
83
- }
84
- );
85
- }
86
- return userId;
87
- }
88
- export {
89
- MockAuthAdapter,
90
- getUserEmailFromRequest,
91
- getUserIdFromRequest,
92
- getUserNameFromRequest,
93
- requireUserId
94
- };