@thecryptodonkey/toll-booth 1.0.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025–2026 TheCryptoDonkey
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,205 @@
+# toll-booth
+
+[![MIT licence](https://img.shields.io/badge/licence-MIT-blue.svg)](./LICENSE)
+[![Nostr](https://img.shields.io/badge/Nostr-Zap%20me-purple)](https://primal.net/p/npub1mgvlrnf5hm9yf0n5mf9nqmvarhvxkc6remu5ec3vf8r0txqkuk7su0e7q2)
+
+L402 Lightning payment middleware for Node.js. Gate any HTTP API behind a paywall with a single function call.
+
+Supports **Express 5**, **Deno**, **Bun**, and **Cloudflare Workers** via the Web Standard adapter.
+
+**[Why L402?](docs/vision.md)** — the case for permissionless, machine-to-machine payments on the web.
+
+## Features
+
+- **L402 protocol** — industry-standard HTTP 402 payment flow with macaroon credentials
+- **Multiple Lightning backends** — Phoenixd, LND, CLN, LNbits, Alby
+- **Alternative payment methods** — Nostr Wallet Connect (NWC) and Cashu ecash tokens
+- **Cashu-only mode** — no Lightning node required
+- **Credit system** — pre-paid balance with volume discount tiers
+- **Free tier** — configurable daily allowance per IP
+- **Self-service payment page** — QR codes, tier selector, wallet adapter buttons
+- **SQLite persistence** — WAL mode, automatic invoice expiry pruning
+- **Framework-agnostic core** — use the \`Booth\` facade or wire handlers directly
+
+## Quick start
+
+\`\`\`bash
+npm install @thecryptodonkey/toll-booth
+\`\`\`
+
+### Express
+
+\`\`\`typescript
+import express from 'express'
+import { Booth } from '@thecryptodonkey/toll-booth'
+import { phoenixdBackend } from '@thecryptodonkey/toll-booth/backends/phoenixd'
+
+const app = express()
+app.use(express.json())
+
+const booth = new Booth({
+  adapter: 'express',
+  backend: phoenixdBackend({
+    url: 'http://localhost:9740',
+    password: process.env.PHOENIXD_PASSWORD!,
+  }),
+  pricing: { '/api': 10 },           // 10 sats per request
+  upstream: 'http://localhost:8080',  // your API
+  rootKey: process.env.ROOT_KEY,      // 64 hex chars, required for production
+})
+
+app.get('/invoice-status/:paymentHash', booth.invoiceStatusHandler as express.RequestHandler)
+app.post('/create-invoice', booth.createInvoiceHandler as express.RequestHandler)
+app.use('/', booth.middleware as express.RequestHandler)
+
+app.listen(3000)
+\`\`\`
+
+### Web Standard (Deno / Bun / Workers)
+
+\`\`\`typescript
+import { Booth } from '@thecryptodonkey/toll-booth'
+import { lndBackend } from '@thecryptodonkey/toll-booth/backends/lnd'
+
+const booth = new Booth({
+  adapter: 'web-standard',
+  backend: lndBackend({
+    url: 'https://localhost:8080',
+    macaroon: process.env.LND_MACAROON!,
+  }),
+  pricing: { '/api': 5 },
+  upstream: 'http://localhost:8080',
+})
+
+// Deno example
+Deno.serve({ port: 3000 }, async (req: Request) => {
+  const url = new URL(req.url)
+  if (url.pathname.startsWith('/invoice-status/'))
+    return booth.invoiceStatusHandler(req)
+  if (url.pathname === '/create-invoice' && req.method === 'POST')
+    return booth.createInvoiceHandler(req)
+  return booth.middleware(req)
+})
+\`\`\`
+
+### Cashu-only (no Lightning node)
+
+\`\`\`typescript
+import { Booth } from '@thecryptodonkey/toll-booth'
+
+const booth = new Booth({
+  adapter: 'web-standard',
+  redeemCashu: async (token, paymentHash) => {
+    // Verify and redeem the ecash token with your Cashu mint
+    // Return the amount redeemed in satoshis
+    return amountRedeemed
+  },
+  pricing: { '/api': 5 },
+  upstream: 'http://localhost:8080',
+})
+\`\`\`
+
+No Lightning node, no channels, no liquidity management. Ideal for serverless and edge deployments.
+
+## Configuration
+
+The \`Booth\` constructor accepts:
+
+| Option | Type | Description |
+|--------|------|-------------|
+| \`adapter\` | \`'express' \| 'web-standard'\` | Framework integration to use |
+| \`backend\` | \`LightningBackend\` | Lightning node (optional if using Cashu-only) |
+| \`pricing\` | \`Record<string, number>\` | Route pattern → cost in sats |
+| \`upstream\` | \`string\` | URL to proxy authorised requests to |
+| \`rootKey\` | \`string\` | Macaroon signing key (64 hex chars). Random if omitted |
+| \`dbPath\` | \`string\` | SQLite path. Default: \`./toll-booth.db\` |
+| \`storage\` | \`StorageBackend\` | Custom storage (alternative to \`dbPath\`) |
+| \`freeTier\` | \`{ requestsPerDay: number }\` | Daily free allowance per IP |
+| \`strictPricing\` | \`boolean\` | Challenge unpriced routes instead of passing through |
+| \`creditTiers\` | \`CreditTier[]\` | Volume discount tiers |
+| \`trustProxy\` | \`boolean\` | Trust \`X-Forwarded-For\` / \`X-Real-IP\` |
+| \`getClientIp\` | \`(req) => string\` | Custom IP resolver for non-standard runtimes |
+| \`responseHeaders\` | \`Record<string, string>\` | Extra headers on every response |
+| \`nwcPayInvoice\` | \`(uri, bolt11) => Promise<string>\` | NWC payment callback |
+| \`redeemCashu\` | \`(token, hash) => Promise<number>\` | Cashu redemption callback |
+| \`invoiceMaxAgeMs\` | \`number\` | Invoice pruning age. Default: 24h. \`0\` to disable |
+| \`upstreamTimeout\` | \`number\` | Proxy timeout in ms. Default: 30s |
+
+## Lightning backends
+
+\`\`\`typescript
+import { phoenixdBackend } from '@thecryptodonkey/toll-booth/backends/phoenixd'
+import { lndBackend } from '@thecryptodonkey/toll-booth/backends/lnd'
+import { clnBackend } from '@thecryptodonkey/toll-booth/backends/cln'
+import { lnbitsBackend } from '@thecryptodonkey/toll-booth/backends/lnbits'
+import { albyBackend } from '@thecryptodonkey/toll-booth/backends/alby'
+\`\`\`
+
+Each backend implements the `LightningBackend` interface (`createInvoice` + `checkInvoice`).
+
+| Backend | Status | Notes |
+|---------|--------|-------|
+| Phoenixd | Stable | Simplest self-hosted option |
+| LND | Stable | Industry standard |
+| CLN | Stable | Core Lightning REST API |
+| LNbits | Stable | Any LNbits instance — self-hosted or hosted |
+| Alby (NWC) | Experimental | JSON relay transport is unauthenticated; only enable with `allowInsecureRelay: true` for local testing or a fully trusted relay |
+
+## Subpath exports
+
+Tree-shakeable imports for bundlers:
+
+\`\`\`typescript
+import { Booth } from '@thecryptodonkey/toll-booth'
+import { phoenixdBackend } from '@thecryptodonkey/toll-booth/backends/phoenixd'
+import { sqliteStorage } from '@thecryptodonkey/toll-booth/storage/sqlite'
+import { memoryStorage } from '@thecryptodonkey/toll-booth/storage/memory'
+import { createExpressMiddleware } from '@thecryptodonkey/toll-booth/adapters/express'
+import { createWebStandardMiddleware } from '@thecryptodonkey/toll-booth/adapters/web-standard'
+\`\`\`
+
+## Payment flow
+
+1. Client requests a priced endpoint without credentials
+2. Free tier checked — if allowance remains, request passes through
+3. If exhausted → **402** response with BOLT-11 invoice + macaroon
+4. Client pays via Lightning, NWC, or Cashu
+5. Client sends \`Authorization: L402 <macaroon>:<preimage>\`
+6. Macaroon verified, credit deducted, request proxied upstream
+
+## Why not Aperture?
+
+[Aperture](https://github.com/lightninglabs/aperture) is Lightning Labs' production L402 reverse proxy. It's battle-tested and feature-rich. Use it if you can.
+
+| | Aperture | toll-booth |
+|---|---|---|
+| **Language** | Go binary | TypeScript middleware |
+| **Deployment** | Standalone reverse proxy | Embeds in your existing app |
+| **Lightning node** | Requires LND | Phoenixd, LND, CLN, LNbits, or none (Cashu-only) |
+| **Serverless** | No — long-running process | Yes — Web Standard adapter runs on Cloudflare Workers, Deno, Bun |
+| **Configuration** | YAML file | Programmatic (code) |
+
+## Production checklist
+
+- Set a persistent `rootKey` (64 hex chars / 32 bytes), otherwise tokens are invalidated on restart.
+- Use a persistent `dbPath` (default: `./toll-booth.db`).
+- Enable `strictPricing: true` to prevent unpriced routes from bypassing billing.
+- Ensure your `pricing` keys match the paths the middleware actually sees (after mounting).
+- Set `trustProxy: true` when behind a reverse proxy, or provide a `getClientIp` callback for per-client free-tier isolation.
+- If you implement `redeemCashu`, make it idempotent for the same `paymentHash` — crash recovery depends on it.
+- Rate-limit `/create-invoice` at your reverse proxy — each call creates a real Lightning invoice.
+
+## Example deployment
+
+See [`examples/valhalla-proxy/`](examples/valhalla-proxy/) for a complete Docker Compose setup gating a [Valhalla](https://github.com/valhalla/valhalla) routing engine behind Lightning payments.
+
+## Support
+
+If you find toll-booth useful, consider sending a tip:
+
+- **Lightning:** `thedonkey@strike.me`
+- **Nostr zaps:** `npub1mgvlrnf5hm9yf0n5mf9nqmvarhvxkc6remu5ec3vf8r0txqkuk7su0e7q2`
+
+## Licence
+
+[MIT](LICENSE)

package/dist/adapters/express.d.ts

@@ -0,0 +1,51 @@
+import type { RequestHandler } from 'express';
+import type { TollBoothEngine } from '../core/toll-booth.js';
+import type { CreateInvoiceDeps } from '../core/create-invoice.js';
+import type { InvoiceStatusDeps } from '../core/invoice-status.js';
+import type { NwcPayDeps } from '../core/nwc-pay.js';
+import type { CashuRedeemDeps } from '../core/cashu-redeem.js';
+/**
+ * Returns an Express `RequestHandler` that enforces L402 payment gating.
+ *
+ * On `pass` or `proxy` results the request is forwarded to the upstream.
+ * On `challenge` a 402 response is returned with invoice details.
+ */
+export interface ExpressMiddlewareConfig {
+    engine: TollBoothEngine;
+    upstream: string;
+    trustProxy?: boolean;
+    responseHeaders?: Record<string, string>;
+    /** Timeout in milliseconds for upstream proxy requests (default: 30000). */
+    upstreamTimeout?: number;
+}
+export declare function createExpressMiddleware(engineOrConfig: TollBoothEngine | ExpressMiddlewareConfig, upstreamArg?: string): RequestHandler;
+/**
+ * Returns an Express `RequestHandler` that serves invoice status as JSON or HTML.
+ *
+ * Expects `:paymentHash` route param plus a `?token=...` status lookup secret.
+ * When `Accept: text/html` is requested, renders the self-service payment page;
+ * otherwise returns JSON with `{ paid, preimage }`.
+ */
+export declare function createExpressInvoiceStatusHandler(deps: InvoiceStatusDeps): RequestHandler;
+/**
+ * Returns an Express `RequestHandler` that creates a new Lightning invoice.
+ *
+ * Assumes `express.json()` middleware is already mounted. Delegates to the
+ * core `handleCreateInvoice` and returns the result.
+ */
+export declare function createExpressCreateInvoiceHandler(deps: CreateInvoiceDeps): RequestHandler;
+/**
+ * Returns an Express `RequestHandler` that pays a Lightning invoice via NWC.
+ *
+ * Expects JSON body with `{ nwcUri, bolt11, paymentHash, statusToken }`.
+ * Returns the payment preimage on success.
+ */
+export declare function createExpressNwcHandler(deps: NwcPayDeps): RequestHandler;
+/**
+ * Returns an Express `RequestHandler` that redeems a Cashu token as payment.
+ *
+ * Expects JSON body with `{ token, paymentHash, statusToken }`.
+ * Uses durable claims and leases to avoid concurrent duplicate redemption.
+ */
+export declare function createExpressCashuHandler(deps: CashuRedeemDeps): RequestHandler;
+//# sourceMappingURL=express.d.ts.map

package/dist/adapters/express.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.d.ts","sourceRoot":"","sources":["../../src/adapters/express.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAA;AAC9E,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AAC5D,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAIlE,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAEpD,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,yBAAyB,CAAA;AAW9D;;;;;GAKG;AACH,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,eAAe,CAAA;IACvB,QAAQ,EAAE,MAAM,CAAA;IAChB,UAAU,CAAC,EAAE,OAAO,CAAA;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACxC,4EAA4E;IAC5E,eAAe,CAAC,EAAE,MAAM,CAAA;CACzB;AA6CD,wBAAgB,uBAAuB,CACrC,cAAc,EAAE,eAAe,GAAG,uBAAuB,EACzD,WAAW,CAAC,EAAE,MAAM,GACnB,cAAc,CA0GhB;AAID;;;;;;GAMG;AACH,wBAAgB,iCAAiC,CAC/C,IAAI,EAAE,iBAAiB,GACtB,cAAc,CA4ChB;AAID;;;;;GAKG;AACH,wBAAgB,iCAAiC,CAC/C,IAAI,EAAE,iBAAiB,GACtB,cAAc,CAqBhB;AAID;;;;;GAKG;AACH,wBAAgB,uBAAuB,CAAC,IAAI,EAAE,UAAU,GAAG,cAAc,CAUxE;AAID;;;;;GAKG;AACH,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,eAAe,GAAG,cAAc,CAY/E"}

package/dist/adapters/express.js

@@ -0,0 +1,237 @@
+import { handleCreateInvoice } from '../core/create-invoice.js';
+import { handleInvoiceStatus, renderInvoiceStatusHtml } from '../core/invoice-status.js';
+import { handleNwcPay } from '../core/nwc-pay.js';
+import { handleCashuRedeem } from '../core/cashu-redeem.js';
+import { PAYMENT_HASH_RE } from '../core/types.js';
+import { appendVary, applyNoStoreHeaders, stripProxyRequestHeaders, stripProxyResponseHeaders, } from './proxy-headers.js';
+function setSensitiveHeaders(res, headers) {
+    const merged = headers ? new Headers(headers) : new Headers();
+    applyNoStoreHeaders(merged);
+    merged.forEach((value, key) => {
+        res.setHeader(key, value);
+    });
+}
+function jsonWithSensitiveHeaders(res, body, status = 200, headers) {
+    setSensitiveHeaders(res, headers);
+    res.status(status).json(body);
+}
+function htmlWithSensitiveHeaders(res, html, status = 200, headers) {
+    setSensitiveHeaders(res, headers);
+    res.status(status).type('html').send(html);
+}
+function buildUpstreamTarget(upstreamBase, originalUrl) {
+    const incoming = new URL(originalUrl, 'http://localhost');
+    const upstream = new URL(upstreamBase);
+    const upstreamPath = upstream.pathname.endsWith('/')
+        ? upstream.pathname.slice(0, -1)
+        : upstream.pathname;
+    const incomingPath = incoming.pathname.startsWith('/')
+        ? incoming.pathname
+        : `/${incoming.pathname}`;
+    upstream.pathname = `${upstreamPath}${incomingPath}` || '/';
+    upstream.search = incoming.search;
+    return upstream.href;
+}
+export function createExpressMiddleware(engineOrConfig, upstreamArg) {
+    // Support both old (engine, upstream) and new (config) signatures
+    const config = typeof upstreamArg === 'string'
+        ? { engine: engineOrConfig, upstream: upstreamArg }
+        : engineOrConfig;
+    const engine = config.engine;
+    // Warn when free-tier is enabled without trustProxy (P3) — all requests
+    // will share a single socket.remoteAddress behind a reverse proxy.
+    if (engine.freeTier && !config.trustProxy) {
+        console.error('[toll-booth] WARNING: freeTier enabled without trustProxy in Express adapter. ' +
+            'Behind a reverse proxy all clients will share one IP bucket. ' +
+            'Set trustProxy: true or provide a getClientIp callback.');
+    }
+    const upstreamBase = config.upstream.replace(/\/$/, '');
+    const extraHeaders = config.responseHeaders ?? {};
+    const upstreamTimeout = config.upstreamTimeout ?? 30_000;
+    return async (req, res, _next) => {
+        const ip = config.trustProxy
+            ? (typeof req.headers['x-forwarded-for'] === 'string'
+                ? req.headers['x-forwarded-for'].split(',')[0]?.trim()
+                : undefined) ??
+                (typeof req.headers['x-real-ip'] === 'string'
+                    ? req.headers['x-real-ip'].trim()
+                    : undefined) ??
+                req.socket.remoteAddress ??
+                '127.0.0.1'
+            : req.socket.remoteAddress ?? '127.0.0.1';
+        const headers = {};
+        for (const [key, value] of Object.entries(req.headers)) {
+            headers[key] = Array.isArray(value) ? value.join(', ') : value;
+        }
+        try {
+            const fullPath = (req.baseUrl + req.path).replace(/\/$/, '') || '/';
+            const result = await engine.handle({
+                method: req.method,
+                path: fullPath,
+                headers,
+                ip,
+            });
+            if (result.action === 'pass' || result.action === 'proxy') {
+                // Proxy to upstream
+                const target = buildUpstreamTarget(upstreamBase, req.originalUrl);
+                const incomingHeaders = new Headers();
+                for (const [key, value] of Object.entries(req.headers)) {
+                    const v = Array.isArray(value) ? value.join(', ') : value;
+                    if (v)
+                        incomingHeaders.set(key, v);
+                }
+                const fwdHeaders = stripProxyRequestHeaders(incomingHeaders);
+                const init = {
+                    method: req.method,
+                    headers: fwdHeaders,
+                    signal: AbortSignal.timeout(upstreamTimeout),
+                    duplex: 'half',
+                };
+                if (req.method !== 'GET' && req.method !== 'HEAD') {
+                    // If body-parsing middleware already consumed the stream, re-serialise
+                    if (req.body !== undefined && req.body !== null && typeof req.body === 'object' && Object.keys(req.body).length > 0) {
+                        const json = JSON.stringify(req.body);
+                        init.body = json;
+                        fwdHeaders.set('content-length', Buffer.byteLength(json).toString());
+                    }
+                    else {
+                        init.body = req;
+                    }
+                }
+                const upstream_res = await fetch(target, init);
+                const responseHeaders = stripProxyResponseHeaders(upstream_res.headers);
+                responseHeaders.forEach((value, key) => {
+                    res.setHeader(key, value);
+                });
+                // Set extra headers from engine result
+                for (const [key, value] of Object.entries(result.headers)) {
+                    res.setHeader(key, value);
+                }
+                for (const [key, value] of Object.entries(extraHeaders)) {
+                    res.setHeader(key, value);
+                }
+                const buf = Buffer.from(await upstream_res.arrayBuffer());
+                res.status(upstream_res.status).send(buf);
+                return;
+            }
+            // challenge -- 402
+            const challengeHeaders = new Headers();
+            for (const [key, value] of Object.entries(result.headers)) {
+                challengeHeaders.set(key, value);
+            }
+            for (const [key, value] of Object.entries(extraHeaders)) {
+                challengeHeaders.set(key, value);
+            }
+            jsonWithSensitiveHeaders(res, result.body, 402, challengeHeaders);
+        }
+        catch {
+            res.status(502).json({ error: 'Upstream routing engine unavailable' });
+        }
+    };
+}
+// -- Invoice status handler ---------------------------------------------------
+/**
+ * Returns an Express `RequestHandler` that serves invoice status as JSON or HTML.
+ *
+ * Expects `:paymentHash` route param plus a `?token=...` status lookup secret.
+ * When `Accept: text/html` is requested, renders the self-service payment page;
+ * otherwise returns JSON with `{ paid, preimage }`.
+ */
+export function createExpressInvoiceStatusHandler(deps) {
+    return async (req, res, _next) => {
+        const paymentHash = Array.isArray(req.params.paymentHash)
+            ? req.params.paymentHash[0]
+            : req.params.paymentHash;
+        if (!PAYMENT_HASH_RE.test(paymentHash)) {
+            res.status(400).json({ error: 'Invalid payment hash' });
+            return;
+        }
+        const statusToken = typeof req.query.token === 'string' ? req.query.token : undefined;
+        const accept = req.headers.accept ?? '';
+        try {
+            if (accept.includes('text/html')) {
+                const { html, status } = await renderInvoiceStatusHtml(deps, paymentHash, statusToken);
+                htmlWithSensitiveHeaders(res, html, status, appendVary(new Headers(), 'Accept'));
+                return;
+            }
+            const result = await handleInvoiceStatus(deps, paymentHash, statusToken);
+            if (!result.found) {
+                jsonWithSensitiveHeaders(res, { error: 'Invoice not found' }, 404, appendVary(new Headers(), 'Accept'));
+                return;
+            }
+            jsonWithSensitiveHeaders(res, { paid: result.paid, preimage: result.preimage, token_suffix: result.tokenSuffix }, 200, appendVary(new Headers(), 'Accept'));
+        }
+        catch {
+            jsonWithSensitiveHeaders(res, { error: 'Failed to check invoice status' }, 502, appendVary(new Headers(), 'Accept'));
+        }
+    };
+}
+// -- Create invoice handler ---------------------------------------------------
+/**
+ * Returns an Express `RequestHandler` that creates a new Lightning invoice.
+ *
+ * Assumes `express.json()` middleware is already mounted. Delegates to the
+ * core `handleCreateInvoice` and returns the result.
+ */
+export function createExpressCreateInvoiceHandler(deps) {
+    return async (req, res, _next) => {
+        const body = req.body ?? {};
+        const result = await handleCreateInvoice(deps, body);
+        if (!result.success) {
+            jsonWithSensitiveHeaders(res, { error: result.error, tiers: result.tiers }, 400);
+            return;
+        }
+        const d = result.data;
+        jsonWithSensitiveHeaders(res, {
+            bolt11: d.bolt11,
+            payment_hash: d.paymentHash,
+            payment_url: d.paymentUrl,
+            amount_sats: d.amountSats,
+            credit_sats: d.creditSats,
+            macaroon: d.macaroon,
+            qr_svg: d.qrSvg,
+        });
+    };
+}
+// -- NWC handler --------------------------------------------------------------
+/**
+ * Returns an Express `RequestHandler` that pays a Lightning invoice via NWC.
+ *
+ * Expects JSON body with `{ nwcUri, bolt11, paymentHash, statusToken }`.
+ * Returns the payment preimage on success.
+ */
+export function createExpressNwcHandler(deps) {
+    return async (req, res, _next) => {
+        const body = req.body ?? {};
+        const result = await handleNwcPay(deps, body);
+        if (result.success) {
+            jsonWithSensitiveHeaders(res, { preimage: result.preimage });
+        }
+        else {
+            jsonWithSensitiveHeaders(res, { error: result.error }, result.status);
+        }
+    };
+}
+// -- Cashu handler ------------------------------------------------------------
+/**
+ * Returns an Express `RequestHandler` that redeems a Cashu token as payment.
+ *
+ * Expects JSON body with `{ token, paymentHash, statusToken }`.
+ * Uses durable claims and leases to avoid concurrent duplicate redemption.
+ */
+export function createExpressCashuHandler(deps) {
+    return async (req, res, _next) => {
+        const body = req.body ?? {};
+        const result = await handleCashuRedeem(deps, body);
+        if (result.success) {
+            jsonWithSensitiveHeaders(res, { credited: result.credited, token_suffix: result.tokenSuffix });
+        }
+        else if ('state' in result) {
+            jsonWithSensitiveHeaders(res, { state: result.state, retryAfterMs: result.retryAfterMs }, 202);
+        }
+        else {
+            jsonWithSensitiveHeaders(res, { error: result.error }, result.status);
+        }
+    };
+}
+//# sourceMappingURL=express.js.map

package/dist/adapters/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/adapters/express.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAA;AAC/D,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAA;AACxF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAA;AAEjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAA;AAE3D,OAAO,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAA;AAClD,OAAO,EACL,UAAU,EACV,mBAAmB,EACnB,wBAAwB,EACxB,yBAAyB,GAC1B,MAAM,oBAAoB,CAAA;AAmB3B,SAAS,mBAAmB,CAAC,GAAa,EAAE,OAAiB;IAC3D,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,EAAE,CAAA;IAC7D,mBAAmB,CAAC,MAAM,CAAC,CAAA;IAC3B,MAAM,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;QAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;IAC3B,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAa,EACb,IAAa,EACb,MAAM,GAAG,GAAG,EACZ,OAAiB;IAEjB,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACjC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC/B,CAAC;AAED,SAAS,wBAAwB,CAC/B,GAAa,EACb,IAAY,EACZ,MAAM,GAAG,GAAG,EACZ,OAAiB;IAEjB,mBAAmB,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;IACjC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAA;AAC5C,CAAC;AAED,SAAS,mBAAmB,CAAC,YAAoB,EAAE,WAAmB;IACpE,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAA;IACzD,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAA;IACtC,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC;QAClD,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAA;IACrB,MAAM,YAAY,GAAG,QAAQ,CAAC,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC;QACpD,CAAC,CAAC,QAAQ,CAAC,QAAQ;QACnB,CAAC,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAA;IAE3B,QAAQ,CAAC,QAAQ,GAAG,GAAG,YAAY,GAAG,YAAY,EAAE,IAAI,GAAG,CAAA;IAC3D,QAAQ,CAAC,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAA;IACjC,OAAO,QAAQ,CAAC,IAAI,CAAA;AACtB,CAAC;AAED,MAAM,UAAU,uBAAuB,CACrC,cAAyD,EACzD,WAAoB;IAEpB,kEAAkE;IAClE,MAAM,MAAM,GAA4B,OAAO,WAAW,KAAK,QAAQ;QACrE,CAAC,CAAC,EAAE,MAAM,EAAE,cAAiC,EAAE,QAAQ,EAAE,WAAW,EAAE;QACtE,CAAC,CAAC,cAAyC,CAAA;IAC7C,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAA;IAE5B,wEAAwE;IACxE,mEAAmE;IACnE,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QAC1C,OAAO,CAAC,KAAK,CACX,gFAAgF;YAChF,+DAA+D;YAC/D,yDAAyD,CAC1D,CAAA;IACH,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAA;IACvD,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,IAAI,EAAE,CAAA;IACjD,MAAM,eAAe,GAAG,MAAM,CAAC,eAAe,IAAI,MAAM,CAAA;IAExD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,KAAmB,EAAE,EAAE;QAChE,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU;YAC1B,CAAC,CAAC,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,KAAK,QAAQ;gBACjD,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE;gBACtD,CAAC,CAAC,SAAS,CAAC;gBACd,CAAC,OAAO,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,QAAQ;oBAC3C,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,EAAE;oBACjC,CAAC,CAAC,SAAS,CAAC;gBACd,GAAG,CAAC,MAAM,CAAC,aAAa;gBACxB,WAAW;YACb,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,WAAW,CAAA;QAE3C,MAAM,OAAO,GAAuC,EAAE,CAAA;QACtD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;QAChE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,IAAI,GAAG,CAAA;YAEnE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC;gBACjC,MAAM,EAAE,GAAG,CAAC,MAAM;gBAClB,IAAI,EAAE,QAAQ;gBACd,OAAO;gBACP,EAAE;aACH,CAAC,CAAA;YAEF,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;gBAC1D,oBAAoB;gBACpB,MAAM,MAAM,GAAG,mBAAmB,CAAC,YAAY,EAAE,GAAG,CAAC,WAAW,CAAC,CAAA;gBACjE,MAAM,eAAe,GAAG,IAAI,OAAO,EAAE,CAAA;gBACrC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvD,MAAM,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAA;oBACzD,IAAI,CAAC;wBAAE,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAA;gBACpC,CAAC;gBACD,MAAM,UAAU,GAAG,wBAAwB,CAAC,eAAe,CAAC,CAAA;gBAE5D,MAAM,IAAI,GAAsC;oBAC9C,MAAM,EAAE,GAAG,CAAC,MAAM;oBAClB,OAAO,EAAE,UAAU;oBACnB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,eAAe,CAAC;oBAC5C,MAAM,EAAE,MAAM;iBACf,CAAA;gBAED,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAClD,uEAAuE;oBACvE,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,IAAI,GAAG,CAAC,IAAI,KAAK,IAAI,IAAI,OAAO,GAAG,CAAC,IAAI,KAAK,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACpH,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;wBACrC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAA;wBAChB,UAAU,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAA;oBACtE,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,IAAI,GAAG,GAAgC,CAAA;oBAC9C,CAAC;gBACH,CAAC;gBAED,MAAM,YAAY,GAAG,MAAM,KAAK,CAAC,MAAM,EAAE,IAAmB,CAAC,CAAA;gBAC7D,MAAM,eAAe,GAAG,yBAAyB,CAAC,YAAY,CAAC,OAAO,CAAC,CAAA;gBACvE,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;oBACrC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC3B,CAAC,CAAC,CAAA;gBACF,uCAAuC;gBACvC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;oBAC1D,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC3B,CAAC;gBACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;oBACxD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;gBAC3B,CAAC;gBACD,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,YAAY,CAAC,WAAW,EAAE,CAAC,CAAA;gBACzD,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;gBACzC,OAAM;YACR,CAAC;YAED,mBAAmB;YACnB,MAAM,gBAAgB,GAAG,IAAI,OAAO,EAAE,CAAA;YACtC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC1D,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAClC,CAAC;YACD,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;gBACxD,gBAAgB,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;YAClC,CAAC;YACD,wBAAwB,CAAC,GAAG,EAAE,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,gBAAgB,CAAC,CAAA;QACnE,CAAC;QAAC,MAAM,CAAC;YACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAA;QACxE,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;;GAMG;AACH,MAAM,UAAU,iCAAiC,CAC/C,IAAuB;IAEvB,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,KAAmB,EAAE,EAAE;QAChE,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC;YACvD,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;YAC3B,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAA;QAC1B,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAA;YACvD,OAAM;QACR,CAAC;QACD,MAAM,WAAW,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;QACrF,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAA;QAEvC,IAAI,CAAC;YACH,IAAI,MAAM,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACjC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,MAAM,uBAAuB,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA;gBACtF,wBAAwB,CAAC,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,CAAC,IAAI,OAAO,EAAE,EAAE,QAAQ,CAAC,CAAC,CAAA;gBAChF,OAAM;YACR,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,WAAW,EAAE,WAAW,CAAC,CAAA;YACxE,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;gBAClB,wBAAwB,CACtB,GAAG,EACH,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAC9B,GAAG,EACH,UAAU,CAAC,IAAI,OAAO,EAAE,EAAE,QAAQ,CAAC,CACpC,CAAA;gBACD,OAAM;YACR,CAAC;YACD,wBAAwB,CACtB,GAAG,EACH,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,WAAW,EAAE,EAClF,GAAG,EACH,UAAU,CAAC,IAAI,OAAO,EAAE,EAAE,QAAQ,CAAC,CACpC,CAAA;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB,CACtB,GAAG,EACH,EAAE,KAAK,EAAE,gCAAgC,EAAE,EAC3C,GAAG,EACH,UAAU,CAAC,IAAI,OAAO,EAAE,EAAE,QAAQ,CAAC,CACpC,CAAA;QACH,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,UAAU,iCAAiC,CAC/C,IAAuB;IAEvB,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,KAAmB,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAEpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,wBAAwB,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,CAAA;YAChF,OAAM;QACR,CAAC;QAED,MAAM,CAAC,GAAG,MAAM,CAAC,IAAK,CAAA;QACtB,wBAAwB,CAAC,GAAG,EAAE;YAC5B,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,YAAY,EAAE,CAAC,CAAC,WAAW;YAC3B,WAAW,EAAE,CAAC,CAAC,UAAU;YACzB,WAAW,EAAE,CAAC,CAAC,UAAU;YACzB,WAAW,EAAE,CAAC,CAAC,UAAU;YACzB,QAAQ,EAAE,CAAC,CAAC,QAAQ;YACpB,MAAM,EAAE,CAAC,CAAC,KAAK;SAChB,CAAC,CAAA;IACJ,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,UAAU,uBAAuB,CAAC,IAAgB;IACtD,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,KAAmB,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAC7C,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,wBAAwB,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAA;QAC9D,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;QACvE,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,gFAAgF;AAEhF;;;;;GAKG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAqB;IAC7D,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,KAAmB,EAAE,EAAE;QAChE,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAA;QAC3B,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,IAAI,EAAE,IAAI,CAAC,CAAA;QAClD,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,wBAAwB,CAAC,GAAG,EAAE,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,YAAY,EAAE,MAAM,CAAC,WAAW,EAAE,CAAC,CAAA;QAChG,CAAC;aAAM,IAAI,OAAO,IAAI,MAAM,EAAE,CAAC;YAC7B,wBAAwB,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,YAAY,EAAE,MAAM,CAAC,YAAY,EAAE,EAAE,GAAG,CAAC,CAAA;QAChG,CAAC;aAAM,CAAC;YACN,wBAAwB,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAA;QACvE,CAAC;IACH,CAAC,CAAA;AACH,CAAC"}

package/dist/adapters/proxy-headers.d.ts

@@ -0,0 +1,7 @@
+type HeaderSource = Headers | Record<string, string> | Array<[string, string]>;
+export declare function stripProxyRequestHeaders(source: HeaderSource): Headers;
+export declare function stripProxyResponseHeaders(source: HeaderSource): Headers;
+export declare function applyNoStoreHeaders(headers: Headers): Headers;
+export declare function appendVary(headers: Headers, value: string): Headers;
+export {};
+//# sourceMappingURL=proxy-headers.d.ts.map

package/dist/adapters/proxy-headers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-headers.d.ts","sourceRoot":"","sources":["../../src/adapters/proxy-headers.ts"],"names":[],"mappings":"AAYA,KAAK,YAAY,GAAG,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAA;AAE9E,wBAAgB,wBAAwB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAWtE;AAED,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CASvE;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAI7D;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAWnE"}

package/dist/adapters/proxy-headers.js

@@ -0,0 +1,58 @@
+const BASE_HOP_BY_HOP_HEADERS = new Set([
+    'connection',
+    'content-length',
+    'keep-alive',
+    'proxy-authenticate',
+    'proxy-authorization',
+    'te',
+    'trailer',
+    'transfer-encoding',
+    'upgrade',
+]);
+export function stripProxyRequestHeaders(source) {
+    const headers = new Headers(source);
+    const disallowed = collectDisallowedHeaders(headers);
+    disallowed.add('authorization');
+    disallowed.add('host');
+    for (const name of disallowed) {
+        headers.delete(name);
+    }
+    return headers;
+}
+export function stripProxyResponseHeaders(source) {
+    const headers = new Headers(source);
+    const disallowed = collectDisallowedHeaders(headers);
+    for (const name of disallowed) {
+        headers.delete(name);
+    }
+    return headers;
+}
+export function applyNoStoreHeaders(headers) {
+    headers.set('Cache-Control', 'no-store');
+    headers.set('Pragma', 'no-cache');
+    return headers;
+}
+export function appendVary(headers, value) {
+    const current = headers.get('Vary');
+    if (!current) {
+        headers.set('Vary', value);
+        return headers;
+    }
+    const values = new Set(current.split(',').map(v => v.trim()).filter(Boolean));
+    values.add(value);
+    headers.set('Vary', Array.from(values).join(', '));
+    return headers;
+}
+function collectDisallowedHeaders(headers) {
+    const disallowed = new Set(BASE_HOP_BY_HOP_HEADERS);
+    const connection = headers.get('connection');
+    if (connection) {
+        for (const token of connection.split(',')) {
+            const name = token.trim().toLowerCase();
+            if (name)
+                disallowed.add(name);
+        }
+    }
+    return disallowed;
+}
+//# sourceMappingURL=proxy-headers.js.map

package/dist/adapters/proxy-headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"proxy-headers.js","sourceRoot":"","sources":["../../src/adapters/proxy-headers.ts"],"names":[],"mappings":"AAAA,MAAM,uBAAuB,GAAG,IAAI,GAAG,CAAC;IACtC,YAAY;IACZ,gBAAgB;IAChB,YAAY;IACZ,oBAAoB;IACpB,qBAAqB;IACrB,IAAI;IACJ,SAAS;IACT,mBAAmB;IACnB,SAAS;CACV,CAAC,CAAA;AAIF,MAAM,UAAU,wBAAwB,CAAC,MAAoB;IAC3D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IACnC,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;IACpD,UAAU,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IAC/B,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAEtB,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,yBAAyB,CAAC,MAAoB;IAC5D,MAAM,OAAO,GAAG,IAAI,OAAO,CAAC,MAAM,CAAC,CAAA;IACnC,MAAM,UAAU,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAA;IAEpD,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;QAC9B,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAA;IACtB,CAAC;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,OAAgB;IAClD,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,UAAU,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;IACjC,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,MAAM,UAAU,UAAU,CAAC,OAAgB,EAAE,KAAa;IACxD,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IACnC,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;QAC1B,OAAO,OAAO,CAAA;IAChB,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IAC7E,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;IACjB,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAA;IAClD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAgB;IAChD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,uBAAuB,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAA;IAE5C,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,MAAM,KAAK,IAAI,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;YACvC,IAAI,IAAI;gBAAE,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,CAAA;QAChC,CAAC;IACH,CAAC;IAED,OAAO,UAAU,CAAA;AACnB,CAAC"}