@tanakayuto/intmax402-express 0.3.2 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/middleware.js +24 -3
- package/dist/verify-payment.js +5 -7
- package/package.json +2 -2
package/dist/middleware.js
CHANGED
|
@@ -27,7 +27,7 @@ function intmax402(config) {
|
|
|
27
27
|
catch (e) {
|
|
28
28
|
res.status(503).json({
|
|
29
29
|
error: 'Payment verifier temporarily unavailable',
|
|
30
|
-
|
|
30
|
+
error_code: intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE,
|
|
31
31
|
protocol: 'INTMAX402',
|
|
32
32
|
});
|
|
33
33
|
return;
|
|
@@ -40,6 +40,7 @@ function intmax402(config) {
|
|
|
40
40
|
res.setHeader("WWW-Authenticate", (0, intmax402_core_1.buildWWWAuthenticate)(nonce, config));
|
|
41
41
|
res.status(statusCode).json({
|
|
42
42
|
error: config.mode === "payment" ? "Payment Required" : "Unauthorized",
|
|
43
|
+
error_code: intmax402_core_1.INTMAX402_ERROR_CODES.MISSING_AUTH_HEADER,
|
|
43
44
|
protocol: "INTMAX402",
|
|
44
45
|
mode: config.mode,
|
|
45
46
|
});
|
|
@@ -76,9 +77,29 @@ function intmax402(config) {
|
|
|
76
77
|
res.status(500).json({ error: "Server misconfigured: serverAddress and amount required for payment mode" });
|
|
77
78
|
return;
|
|
78
79
|
}
|
|
79
|
-
|
|
80
|
+
let paymentResult;
|
|
81
|
+
try {
|
|
82
|
+
paymentResult = await (0, verify_payment_1.verifyPayment)(credential.txHash, config.amount, config.serverAddress);
|
|
83
|
+
}
|
|
84
|
+
catch (err) {
|
|
85
|
+
if (err instanceof intmax402_core_1.INTMAX402Error) {
|
|
86
|
+
const status = err.code === intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE ? 503 : 402;
|
|
87
|
+
res.status(status).json({
|
|
88
|
+
error: err.message,
|
|
89
|
+
error_code: err.code,
|
|
90
|
+
protocol: 'INTMAX402',
|
|
91
|
+
});
|
|
92
|
+
}
|
|
93
|
+
else {
|
|
94
|
+
res.status(402).json({
|
|
95
|
+
error: 'Payment verification failed',
|
|
96
|
+
protocol: 'INTMAX402',
|
|
97
|
+
});
|
|
98
|
+
}
|
|
99
|
+
return;
|
|
100
|
+
}
|
|
80
101
|
if (!paymentResult.valid) {
|
|
81
|
-
res.status(402).json({ error: paymentResult.error || "Payment verification failed" });
|
|
102
|
+
res.status(402).json({ error: paymentResult.error || "Payment verification failed", protocol: "INTMAX402" });
|
|
82
103
|
return;
|
|
83
104
|
}
|
|
84
105
|
}
|
package/dist/verify-payment.js
CHANGED
|
@@ -5,6 +5,7 @@ exports.getPaymentVerifierAddress = getPaymentVerifierAddress;
|
|
|
5
5
|
exports.verifyPayment = verifyPayment;
|
|
6
6
|
exports._resetPaymentVerifier = _resetPaymentVerifier;
|
|
7
7
|
const intmax2_server_sdk_1 = require("intmax2-server-sdk");
|
|
8
|
+
const intmax402_core_1 = require("@tanakayuto/intmax402-core");
|
|
8
9
|
// Singleton IntMaxNodeClient
|
|
9
10
|
let client = null;
|
|
10
11
|
let loginPromise = null;
|
|
@@ -60,10 +61,7 @@ function getPaymentVerifierAddress() {
|
|
|
60
61
|
}
|
|
61
62
|
async function verifyPayment(txHash, expectedAmount, serverAddress, tokenIndex) {
|
|
62
63
|
if (!client || !client.isLoggedIn) {
|
|
63
|
-
|
|
64
|
-
valid: false,
|
|
65
|
-
error: "Payment verifier temporarily unavailable. INTMAX network may be down.",
|
|
66
|
-
};
|
|
64
|
+
throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE, "Payment verifier temporarily unavailable. INTMAX network may be down.");
|
|
67
65
|
}
|
|
68
66
|
// Replay prevention: check if txHash was already used (or pending)
|
|
69
67
|
cleanupExpiredHashes();
|
|
@@ -104,19 +102,19 @@ async function verifyPayment(txHash, expectedAmount, serverAddress, tokenIndex)
|
|
|
104
102
|
if (!match) {
|
|
105
103
|
// Fix 1: Rollback on validation failure
|
|
106
104
|
usedTxHashes.delete(txHash);
|
|
107
|
-
|
|
105
|
+
throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_NOT_FOUND, "Transaction not found in recent transfers", { txHash });
|
|
108
106
|
}
|
|
109
107
|
// Verify recipient matches server address
|
|
110
108
|
if (match.to?.toLowerCase() !== serverAddress.toLowerCase()) {
|
|
111
109
|
// Fix 1: Rollback on validation failure
|
|
112
110
|
usedTxHashes.delete(txHash);
|
|
113
|
-
|
|
111
|
+
throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_RECIPIENT_MISMATCH, "Recipient does not match server address", { expected: serverAddress, got: match.to });
|
|
114
112
|
}
|
|
115
113
|
// Fix 2: Verify amount using BigInt comparison (allows >= expectedAmount)
|
|
116
114
|
if (BigInt(match.amount) < BigInt(expectedAmount)) {
|
|
117
115
|
// Fix 1: Rollback on validation failure
|
|
118
116
|
usedTxHashes.delete(txHash);
|
|
119
|
-
|
|
117
|
+
throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_AMOUNT_MISMATCH, `Amount mismatch: expected ${expectedAmount}, got ${match.amount}`, { expected: expectedAmount, got: match.amount });
|
|
120
118
|
}
|
|
121
119
|
// Verify token if specified
|
|
122
120
|
if (tokenIndex !== undefined && match.tokenIndex !== tokenIndex) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tanakayuto/intmax402-express",
|
|
3
|
-
"version": "0.3.
|
|
3
|
+
"version": "0.3.3",
|
|
4
4
|
"main": "dist/index.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"exports": {
|
|
@@ -26,7 +26,7 @@
|
|
|
26
26
|
"typecheck": "tsc --noEmit"
|
|
27
27
|
},
|
|
28
28
|
"dependencies": {
|
|
29
|
-
"@tanakayuto/intmax402-core": "0.3.
|
|
29
|
+
"@tanakayuto/intmax402-core": "0.3.2",
|
|
30
30
|
"ethers": "^6.16.0",
|
|
31
31
|
"intmax2-server-sdk": "^1.5.2"
|
|
32
32
|
},
|