npm - @tanakayuto/intmax402-express - Versions diffs - 0.1.1 → 0.2.0 - Mend

@tanakayuto/intmax402-express 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.ts CHANGED Viewed

@@ -1,2 +1,4 @@
 export { intmax402 } from "./middleware";
 export { verifySignature } from "./crypto";
+export { initPaymentVerifier, verifyPayment, getPaymentVerifierAddress } from "./verify-payment";
+export type { PaymentVerificationConfig, VerifyPaymentResult } from "./verify-payment";

package/dist/index.js CHANGED Viewed

@@ -1,7 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verifySignature = exports.intmax402 = void 0;
+exports.getPaymentVerifierAddress = exports.verifyPayment = exports.initPaymentVerifier = exports.verifySignature = exports.intmax402 = void 0;
 var middleware_1 = require("./middleware");
 Object.defineProperty(exports, "intmax402", { enumerable: true, get: function () { return middleware_1.intmax402; } });
 var crypto_1 = require("./crypto");
 Object.defineProperty(exports, "verifySignature", { enumerable: true, get: function () { return crypto_1.verifySignature; } });
+var verify_payment_1 = require("./verify-payment");
+Object.defineProperty(exports, "initPaymentVerifier", { enumerable: true, get: function () { return verify_payment_1.initPaymentVerifier; } });
+Object.defineProperty(exports, "verifyPayment", { enumerable: true, get: function () { return verify_payment_1.verifyPayment; } });
+Object.defineProperty(exports, "getPaymentVerifierAddress", { enumerable: true, get: function () { return verify_payment_1.getPaymentVerifierAddress; } });

package/dist/middleware.d.ts CHANGED Viewed

@@ -6,6 +6,7 @@ declare global {
             intmax402?: {
                 address: string;
                 verified: boolean;
+                txHash?: string;
             };
         }
     }

package/dist/middleware.js CHANGED Viewed

@@ -1,8 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.intmax402 = intmax402;
-const core_1 = require("@tanakayuto/intmax402-core");
+const intmax402_core_1 = require("@tanakayuto/intmax402-core");
 const crypto_1 = require("./crypto");
+const verify_payment_1 = require("./verify-payment");
 function buildWWWAuthenticate(nonce, config) {
     let header = `INTMAX402 realm="intmax402", nonce="${nonce}", mode="${config.mode}"`;
     if (config.serverAddress) {
@@ -24,7 +25,7 @@ function intmax402(config) {
         const authHeader = req.headers.authorization;
         if (!authHeader) {
             const ip = req.ip || req.socket.remoteAddress || "unknown";
-            const nonce = (0, core_1.generateNonce)(config.secret, ip, req.path, config.bindIp ?? false);
+            const nonce = (0, intmax402_core_1.generateNonce)(config.secret, ip, req.path, config.bindIp ?? false);
             const statusCode = config.mode === "payment" ? 402 : 401;
             res.setHeader("WWW-Authenticate", buildWWWAuthenticate(nonce, config));
             res.status(statusCode).json({
@@ -34,13 +35,13 @@ function intmax402(config) {
             });
             return;
         }
-        const credential = (0, core_1.parseAuthorization)(authHeader);
+        const credential = (0, intmax402_core_1.parseAuthorization)(authHeader);
         if (!credential) {
             res.status(401).json({ error: "Invalid authorization header" });
             return;
         }
         const ip = req.ip || req.socket.remoteAddress || "unknown";
-        if (!(0, core_1.verifyNonce)(credential.nonce, config.secret, ip, req.path, config.bindIp ?? false)) {
+        if (!(0, intmax402_core_1.verifyNonce)(credential.nonce, config.secret, ip, req.path, config.bindIp ?? false)) {
             res.status(401).json({ error: "Invalid or expired nonce" });
             return;
         }
@@ -60,12 +61,20 @@ function intmax402(config) {
                 res.status(402).json({ error: "Payment transaction hash required" });
                 return;
             }
-            // In production, verify payment via intmax2-server-sdk fetchTransfers()
-            // For now, trust the txHash presence as proof-of-payment placeholder
+            if (!config.serverAddress || !config.amount) {
+                res.status(500).json({ error: "Server misconfigured: serverAddress and amount required for payment mode" });
+                return;
+            }
+            const paymentResult = await (0, verify_payment_1.verifyPayment)(credential.txHash, config.amount, config.serverAddress);
+            if (!paymentResult.valid) {
+                res.status(402).json({ error: paymentResult.error || "Payment verification failed" });
+                return;
+            }
         }
         req.intmax402 = {
             address: credential.address,
             verified: true,
+            txHash: credential.txHash,
         };
         next();
     };

package/dist/verify-payment.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+export interface PaymentVerificationConfig {
+    eth_private_key: `0x${string}`;
+    environment: "testnet" | "mainnet";
+    l1_rpc_url?: string;
+}
+export interface VerifyPaymentResult {
+    valid: boolean;
+    error?: string;
+}
+export declare function initPaymentVerifier(config: PaymentVerificationConfig): Promise<void>;
+export declare function getPaymentVerifierAddress(): string;
+export declare function verifyPayment(txHash: string, expectedAmount: string, serverAddress: string, tokenIndex?: number): Promise<VerifyPaymentResult>;
+export declare function _resetPaymentVerifier(): void;

package/dist/verify-payment.js ADDED Viewed

@@ -0,0 +1,89 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.initPaymentVerifier = initPaymentVerifier;
+exports.getPaymentVerifierAddress = getPaymentVerifierAddress;
+exports.verifyPayment = verifyPayment;
+exports._resetPaymentVerifier = _resetPaymentVerifier;
+const intmax2_server_sdk_1 = require("intmax2-server-sdk");
+// Singleton IntMaxNodeClient
+let client = null;
+let loginPromise = null;
+// Used txHash tracking with TTL for replay prevention
+const usedTxHashes = new Map();
+const TX_HASH_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+function cleanupExpiredHashes() {
+    const now = Date.now();
+    for (const [hash, expiry] of usedTxHashes) {
+        if (now > expiry) {
+            usedTxHashes.delete(hash);
+        }
+    }
+}
+async function initPaymentVerifier(config) {
+    if (client && client.isLoggedIn)
+        return;
+    if (loginPromise) {
+        await loginPromise;
+        return;
+    }
+    client = new intmax2_server_sdk_1.IntMaxNodeClient({
+        environment: config.environment,
+        eth_private_key: config.eth_private_key,
+        l1_rpc_url: config.l1_rpc_url,
+        loggerLevel: "warn",
+    });
+    loginPromise = client.login().then(() => {
+        loginPromise = null;
+    });
+    await loginPromise;
+}
+function getPaymentVerifierAddress() {
+    if (!client)
+        throw new Error("Payment verifier not initialized. Call initPaymentVerifier() first.");
+    return client.address;
+}
+async function verifyPayment(txHash, expectedAmount, serverAddress, tokenIndex) {
+    if (!client || !client.isLoggedIn) {
+        return { valid: false, error: "Payment verifier not initialized" };
+    }
+    // Replay prevention: check if txHash was already used
+    cleanupExpiredHashes();
+    if (usedTxHashes.has(txHash)) {
+        return { valid: false, error: "Transaction already used" };
+    }
+    try {
+        // Fetch recent transfers (incoming)
+        const response = await client.fetchTransfers({ cursor: null, limit: 50 });
+        const transfers = response.items;
+        // Find matching transaction by digest
+        const match = transfers.find((tx) => tx.digest === txHash);
+        if (!match) {
+            return { valid: false, error: "Transaction not found in recent transfers" };
+        }
+        // Verify recipient matches server address
+        if (match.to?.toLowerCase() !== serverAddress.toLowerCase()) {
+            return { valid: false, error: "Recipient does not match server address" };
+        }
+        // Verify amount (compare as BigInt-safe string)
+        if (match.amount !== expectedAmount) {
+            return { valid: false, error: `Amount mismatch: expected ${expectedAmount}, got ${match.amount}` };
+        }
+        // Verify token if specified
+        if (tokenIndex !== undefined && match.tokenIndex !== tokenIndex) {
+            return { valid: false, error: `Token mismatch: expected index ${tokenIndex}, got ${match.tokenIndex}` };
+        }
+        // Mark as used (replay prevention)
+        usedTxHashes.set(txHash, Date.now() + TX_HASH_TTL_MS);
+        return { valid: true };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        return { valid: false, error: `Payment verification failed: ${message}` };
+    }
+}
+// For testing: reset state
+function _resetPaymentVerifier() {
+    client = null;
+    loginPromise = null;
+    usedTxHashes.clear();
+}

package/package.json CHANGED Viewed

@@ -1,11 +1,12 @@
 {
   "name": "@tanakayuto/intmax402-express",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "dependencies": {
-    "@tanakayuto/intmax402-core": "0.1.0",
-    "ethers": "^6.16.0"
+    "@tanakayuto/intmax402-core": "0.2.0",
+    "ethers": "^6.16.0",
+    "intmax2-server-sdk": "^1.5.2"
   },
   "peerDependencies": {
     "express": "^4.18.0"