@tanakayuto/intmax402-express 0.3.2 → 0.3.4

package/README.md

@@ -1,23 +1,149 @@
 # @tanakayuto/intmax402-express
 
-Part of [intmax402](https://github.com/zaq2989/intmax402) — HTTP 402, reimagined for AI agents.
+Express middleware for [intmax402](https://github.com/zaq2989/intmax402) — wallet-based authentication and INTMAX L2 micropayments for Express apps.
 
-See [main README](https://github.com/zaq2989/intmax402) for full documentation.
+## Install
 
-## Network
+```bash
+npm install @tanakayuto/intmax402-express
+```
+
+## Usage
+
+### Identity Mode
 
-intmax402 operates on **Ethereum mainnet** by default (via INTMAX ZK L2 on Scroll). Use `environment: "testnet"` for development against Sepolia.
+Require wallet ownership proof — no payment, no blockchain node needed.
 
 ```typescript
-// Payment verification — mainnet (default)
-await initPaymentVerifier({
-  eth_private_key: process.env.ETH_PRIVATE_KEY as `0x${string}`,
+import express from 'express'
+import { intmax402 } from '@tanakayuto/intmax402-express'
+
+const app = express()
+
+app.use('/protected', intmax402({
+  mode: 'identity',
+  secret: process.env.INTMAX402_SECRET!,
+}))
+
+app.get('/protected', (req, res) => {
+  res.json({ message: 'Access granted', address: req.intmax402?.address })
+})
+
+app.listen(3000)
+```
+
+### Payment Mode
+
+Require an INTMAX L2 transfer before granting access.
+
+```typescript
+import express from 'express'
+import { intmax402 } from '@tanakayuto/intmax402-express'
+
+const app = express()
+
+app.use('/api/premium', intmax402({
+  mode: 'payment',
+  secret: process.env.INTMAX402_SECRET!,
+  serverAddress: process.env.INTMAX_ADDRESS!,
+  amount: '1000000000000000',  // 0.001 ETH in wei
   environment: 'mainnet',
+  ethPrivateKey: process.env.ETH_PRIVATE_KEY!,
+}))
+
+app.get('/api/premium', (req, res) => {
+  res.json({
+    message: 'Payment verified!',
+    paidBy: req.intmax402?.address,
+    txHash: req.intmax402?.txHash,
+  })
 })
 
-// Payment verification — testnet (development)
+app.listen(3000)
+```
+
+## API Reference
+
+### `intmax402(config)`
+
+Returns an Express `RequestHandler` middleware.
+
+On success, populates `req.intmax402`:
+
+```typescript
+req.intmax402 = {
+  address: string,   // verified Ethereum address
+  verified: boolean, // always true
+  txHash?: string,   // payment mode only — INTMAX transfer digest
+}
+```
+
+#### Config Options
+
+| Option | Type | Required | Description |
+|---|---|---|---|
+| `mode` | `'identity' \| 'payment'` | ✅ | Authentication mode |
+| `secret` | `string` | ✅ | HMAC secret for nonce generation (keep private) |
+| `serverAddress` | `string` | payment | Your INTMAX L2 address to receive payments |
+| `amount` | `string` | payment | Required payment in token smallest unit (wei for ETH) |
+| `ethPrivateKey` | `string` | payment† | Ethereum private key — auto-initializes the INTMAX payment verifier (v0.3.1+) |
+| `environment` | `'mainnet' \| 'testnet'` | — | Network environment. Default: `'mainnet'` |
+| `l1RpcUrl` | `string` | — | Custom L1 RPC URL override |
+| `allowList` | `string[]` | — | Identity mode: restrict to specific addresses |
+| `bindIp` | `boolean` | — | Bind nonce to client IP. Default `false` (recommended for AI agents) |
+| `tokenAddress` | `string` | — | ERC-20 token for payment. Default: native ETH |
+
+†`ethPrivateKey` auto-initializes the payment verifier on first use. If not provided, call `initPaymentVerifier()` manually before handling requests.
+
+#### HTTP Responses
+
+| Scenario | Status | Description |
+|---|---|---|
+| No `Authorization` header | `401` (identity) / `402` (payment) | Returns `WWW-Authenticate` header with nonce |
+| Invalid signature | `401` | Signature verification failed |
+| Address not in `allowList` | `403` | Access denied by allowlist |
+| Payment not verified | `402` | Transfer not found or amount/recipient mismatch |
+| INTMAX network down | `503` | Payment verifier temporarily unavailable |
+| Auth verified | calls `next()` | `req.intmax402` is populated |
+
+### Additional Exports
+
+```typescript
+import {
+  intmax402,
+  verifySignature,
+  initPaymentVerifier,
+  verifyPayment,
+  getPaymentVerifierAddress,
+} from '@tanakayuto/intmax402-express'
+```
+
+#### `initPaymentVerifier(config)`
+
+Manually initialize the INTMAX payment verifier (call once at server startup).
+
+```typescript
+import { initPaymentVerifier } from '@tanakayuto/intmax402-express'
+
 await initPaymentVerifier({
   eth_private_key: process.env.ETH_PRIVATE_KEY as `0x${string}`,
-  environment: 'testnet',
+  environment: 'mainnet', // or 'testnet'
 })
 ```
+
+#### `verifySignature(signature, nonce, address)`
+
+Low-level utility to verify an Ethereum signature against a nonce.
+
+Returns: `boolean`
+
+## Network
+
+| Environment | Network | Notes |
+|---|---|---|
+| `mainnet` (default) | Ethereum mainnet + Scroll | Production use |
+| `testnet` | Sepolia + Scroll Sepolia | Fund wallet at testnet.intmax.io |
+
+## License
+
+MIT

package/dist/middleware.js

@@ -27,7 +27,7 @@ function intmax402(config) {
             catch (e) {
                 res.status(503).json({
                     error: 'Payment verifier temporarily unavailable',
-                    hint: 'INTMAX network may be experiencing issues. Please try again later.',
+                    error_code: intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE,
                     protocol: 'INTMAX402',
                 });
                 return;
@@ -40,6 +40,7 @@ function intmax402(config) {
                 res.setHeader("WWW-Authenticate", (0, intmax402_core_1.buildWWWAuthenticate)(nonce, config));
                 res.status(statusCode).json({
                     error: config.mode === "payment" ? "Payment Required" : "Unauthorized",
+                    error_code: intmax402_core_1.INTMAX402_ERROR_CODES.MISSING_AUTH_HEADER,
                     protocol: "INTMAX402",
                     mode: config.mode,
                 });
@@ -76,9 +77,29 @@ function intmax402(config) {
                     res.status(500).json({ error: "Server misconfigured: serverAddress and amount required for payment mode" });
                     return;
                 }
-                const paymentResult = await (0, verify_payment_1.verifyPayment)(credential.txHash, config.amount, config.serverAddress);
+                let paymentResult;
+                try {
+                    paymentResult = await (0, verify_payment_1.verifyPayment)(credential.txHash, config.amount, config.serverAddress);
+                }
+                catch (err) {
+                    if (err instanceof intmax402_core_1.INTMAX402Error) {
+                        const status = err.code === intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE ? 503 : 402;
+                        res.status(status).json({
+                            error: err.message,
+                            error_code: err.code,
+                            protocol: 'INTMAX402',
+                        });
+                    }
+                    else {
+                        res.status(402).json({
+                            error: 'Payment verification failed',
+                            protocol: 'INTMAX402',
+                        });
+                    }
+                    return;
+                }
                 if (!paymentResult.valid) {
-                    res.status(402).json({ error: paymentResult.error || "Payment verification failed" });
+                    res.status(402).json({ error: paymentResult.error || "Payment verification failed", protocol: "INTMAX402" });
                     return;
                 }
             }

package/dist/verify-payment.js

@@ -5,6 +5,7 @@ exports.getPaymentVerifierAddress = getPaymentVerifierAddress;
 exports.verifyPayment = verifyPayment;
 exports._resetPaymentVerifier = _resetPaymentVerifier;
 const intmax2_server_sdk_1 = require("intmax2-server-sdk");
+const intmax402_core_1 = require("@tanakayuto/intmax402-core");
 // Singleton IntMaxNodeClient
 let client = null;
 let loginPromise = null;
@@ -55,15 +56,12 @@ async function initPaymentVerifier(config) {
 }
 function getPaymentVerifierAddress() {
     if (!client)
-        throw new Error("Payment verifier not initialized. Call initPaymentVerifier() first.");
+        throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE, "Payment verifier not initialized. Call initPaymentVerifier() first.");
     return client.address;
 }
 async function verifyPayment(txHash, expectedAmount, serverAddress, tokenIndex) {
     if (!client || !client.isLoggedIn) {
-        return {
-            valid: false,
-            error: "Payment verifier temporarily unavailable. INTMAX network may be down.",
-        };
+        throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.INTMAX_NETWORK_UNAVAILABLE, "Payment verifier temporarily unavailable. INTMAX network may be down.");
     }
     // Replay prevention: check if txHash was already used (or pending)
     cleanupExpiredHashes();
@@ -104,19 +102,19 @@ async function verifyPayment(txHash, expectedAmount, serverAddress, tokenIndex)
         if (!match) {
             // Fix 1: Rollback on validation failure
             usedTxHashes.delete(txHash);
-            return { valid: false, error: "Transaction not found in recent transfers" };
+            throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_NOT_FOUND, "Transaction not found in recent transfers", { txHash });
         }
         // Verify recipient matches server address
         if (match.to?.toLowerCase() !== serverAddress.toLowerCase()) {
             // Fix 1: Rollback on validation failure
             usedTxHashes.delete(txHash);
-            return { valid: false, error: "Recipient does not match server address" };
+            throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_RECIPIENT_MISMATCH, "Recipient does not match server address", { expected: serverAddress, got: match.to });
         }
         // Fix 2: Verify amount using BigInt comparison (allows >= expectedAmount)
         if (BigInt(match.amount) < BigInt(expectedAmount)) {
             // Fix 1: Rollback on validation failure
             usedTxHashes.delete(txHash);
-            return { valid: false, error: `Amount mismatch: expected ${expectedAmount}, got ${match.amount}` };
+            throw new intmax402_core_1.INTMAX402Error(intmax402_core_1.INTMAX402_ERROR_CODES.PAYMENT_AMOUNT_MISMATCH, `Amount mismatch: expected ${expectedAmount}, got ${match.amount}`, { expected: expectedAmount, got: match.amount });
         }
         // Verify token if specified
         if (tokenIndex !== undefined && match.tokenIndex !== tokenIndex) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanakayuto/intmax402-express",
-  "version": "0.3.2",
+  "version": "0.3.4",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "exports": {
@@ -26,7 +26,7 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
-    "@tanakayuto/intmax402-core": "0.3.1",
+    "@tanakayuto/intmax402-core": "0.3.2",
     "ethers": "^6.16.0",
     "intmax2-server-sdk": "^1.5.2"
   },