npm - @thecryptodonkey/toll-booth - Versions diffs - 1.0.0 - Mend

@thecryptodonkey/toll-booth 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (100) hide show

package/LICENSE +21 -0
package/README.md +205 -0
package/dist/adapters/express.d.ts +51 -0
package/dist/adapters/express.d.ts.map +1 -0
package/dist/adapters/express.js +237 -0
package/dist/adapters/express.js.map +1 -0
package/dist/adapters/proxy-headers.d.ts +7 -0
package/dist/adapters/proxy-headers.d.ts.map +1 -0
package/dist/adapters/proxy-headers.js +58 -0
package/dist/adapters/proxy-headers.js.map +1 -0
package/dist/adapters/web-standard.d.ts +60 -0
package/dist/adapters/web-standard.d.ts.map +1 -0
package/dist/adapters/web-standard.js +252 -0
package/dist/adapters/web-standard.js.map +1 -0
package/dist/backends/alby.d.ts +25 -0
package/dist/backends/alby.d.ts.map +1 -0
package/dist/backends/alby.js +137 -0
package/dist/backends/alby.js.map +1 -0
package/dist/backends/cln.d.ts +22 -0
package/dist/backends/cln.d.ts.map +1 -0
package/dist/backends/cln.js +55 -0
package/dist/backends/cln.js.map +1 -0
package/dist/backends/lnbits.d.ts +23 -0
package/dist/backends/lnbits.d.ts.map +1 -0
package/dist/backends/lnbits.js +58 -0
package/dist/backends/lnbits.js.map +1 -0
package/dist/backends/lnd.d.ts +21 -0
package/dist/backends/lnd.d.ts.map +1 -0
package/dist/backends/lnd.js +59 -0
package/dist/backends/lnd.js.map +1 -0
package/dist/backends/phoenixd.d.ts +19 -0
package/dist/backends/phoenixd.d.ts.map +1 -0
package/dist/backends/phoenixd.js +59 -0
package/dist/backends/phoenixd.js.map +1 -0
package/dist/booth.d.ts +54 -0
package/dist/booth.d.ts.map +1 -0
package/dist/booth.js +200 -0
package/dist/booth.js.map +1 -0
package/dist/core/cashu-redeem.d.ts +9 -0
package/dist/core/cashu-redeem.d.ts.map +1 -0
package/dist/core/cashu-redeem.js +85 -0
package/dist/core/cashu-redeem.js.map +1 -0
package/dist/core/create-invoice.d.ts +19 -0
package/dist/core/create-invoice.d.ts.map +1 -0
package/dist/core/create-invoice.js +66 -0
package/dist/core/create-invoice.js.map +1 -0
package/dist/core/invoice-status.d.ts +24 -0
package/dist/core/invoice-status.d.ts.map +1 -0
package/dist/core/invoice-status.js +74 -0
package/dist/core/invoice-status.js.map +1 -0
package/dist/core/nwc-pay.d.ts +8 -0
package/dist/core/nwc-pay.d.ts.map +1 -0
package/dist/core/nwc-pay.js +23 -0
package/dist/core/nwc-pay.js.map +1 -0
package/dist/core/toll-booth.d.ts +9 -0
package/dist/core/toll-booth.d.ts.map +1 -0
package/dist/core/toll-booth.js +172 -0
package/dist/core/toll-booth.js.map +1 -0
package/dist/core/types.d.ts +101 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/core/types.js +3 -0
package/dist/core/types.js.map +1 -0
package/dist/free-tier.d.ts +14 -0
package/dist/free-tier.d.ts.map +1 -0
package/dist/free-tier.js +41 -0
package/dist/free-tier.js.map +1 -0
package/dist/index.d.ts +38 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +27 -0
package/dist/index.js.map +1 -0
package/dist/macaroon.d.ts +39 -0
package/dist/macaroon.d.ts.map +1 -0
package/dist/macaroon.js +111 -0
package/dist/macaroon.js.map +1 -0
package/dist/payment-page.d.ts +18 -0
package/dist/payment-page.d.ts.map +1 -0
package/dist/payment-page.js +391 -0
package/dist/payment-page.js.map +1 -0
package/dist/stats.d.ts +63 -0
package/dist/stats.d.ts.map +1 -0
package/dist/stats.js +75 -0
package/dist/stats.js.map +1 -0
package/dist/storage/interface.d.ts +58 -0
package/dist/storage/interface.d.ts.map +1 -0
package/dist/storage/interface.js +3 -0
package/dist/storage/interface.js.map +1 -0
package/dist/storage/memory.d.ts +3 -0
package/dist/storage/memory.d.ts.map +1 -0
package/dist/storage/memory.js +139 -0
package/dist/storage/memory.js.map +1 -0
package/dist/storage/sqlite.d.ts +6 -0
package/dist/storage/sqlite.d.ts.map +1 -0
package/dist/storage/sqlite.js +264 -0
package/dist/storage/sqlite.js.map +1 -0
package/dist/types.d.ts +198 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/llms.txt +91 -0
package/package.json +100 -0

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,38 @@
+export { Booth } from './booth.js';
+export type { AdapterType, BoothOptions } from './booth.js';
+export { createTollBooth } from './core/toll-booth.js';
+export type { TollBoothEngine } from './core/toll-booth.js';
+export type { TollBoothRequest, TollBoothResult, TollBoothCoreConfig } from './core/types.js';
+export { handleCreateInvoice } from './core/create-invoice.js';
+export type { CreateInvoiceDeps } from './core/create-invoice.js';
+export { handleInvoiceStatus, renderInvoiceStatusHtml } from './core/invoice-status.js';
+export type { InvoiceStatusDeps } from './core/invoice-status.js';
+export { handleNwcPay } from './core/nwc-pay.js';
+export type { NwcPayDeps } from './core/nwc-pay.js';
+export { handleCashuRedeem, REDEEM_LEASE_MS } from './core/cashu-redeem.js';
+export type { CashuRedeemDeps } from './core/cashu-redeem.js';
+export type { StorageBackend, StoredInvoice, DebitResult } from './storage/interface.js';
+export { sqliteStorage } from './storage/sqlite.js';
+export type { SqliteStorageConfig } from './storage/sqlite.js';
+export { memoryStorage } from './storage/memory.js';
+export { createExpressMiddleware, createExpressInvoiceStatusHandler, createExpressCreateInvoiceHandler, createExpressNwcHandler, createExpressCashuHandler } from './adapters/express.js';
+export type { ExpressMiddlewareConfig } from './adapters/express.js';
+export { createWebStandardMiddleware, createWebStandardInvoiceStatusHandler, createWebStandardCreateInvoiceHandler, createWebStandardNwcHandler, createWebStandardCashuHandler } from './adapters/web-standard.js';
+export type { WebStandardHandler, WebStandardMiddlewareConfig } from './adapters/web-standard.js';
+export { mintMacaroon, verifyMacaroon, parseCaveats } from './macaroon.js';
+export { FreeTier } from './free-tier.js';
+export { StatsCollector } from './stats.js';
+export { renderPaymentPage, renderErrorPage } from './payment-page.js';
+export { phoenixdBackend } from './backends/phoenixd.js';
+export type { PhoenixdConfig } from './backends/phoenixd.js';
+export { lndBackend } from './backends/lnd.js';
+export type { LndConfig } from './backends/lnd.js';
+export { clnBackend } from './backends/cln.js';
+export type { ClnConfig } from './backends/cln.js';
+export { lnbitsBackend } from './backends/lnbits.js';
+export type { LNbitsConfig } from './backends/lnbits.js';
+export { albyBackend } from './backends/alby.js';
+export type { AlbyConfig } from './backends/alby.js';
+export type { LightningBackend, Invoice, InvoiceStatus, PricingTable, BoothConfig, CreditTier, PaymentEvent, RequestEvent, ChallengeEvent, EventHandler, } from './types.js';
+export type { BoothStats } from './stats.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAClC,YAAY,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,YAAY,CAAA;AAG3D,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AACtD,YAAY,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAC3D,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAA;AAG7F,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAC9D,YAAY,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AACjE,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AACvF,YAAY,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAA;AACjE,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAChD,YAAY,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AACnD,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAC3E,YAAY,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAG7D,YAAY,EAAE,cAAc,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,wBAAwB,CAAA;AACxF,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AACnD,YAAY,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAA;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAGnD,OAAO,EAAE,uBAAuB,EAAE,iCAAiC,EAAE,iCAAiC,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAA;AACzL,YAAY,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAA;AACpE,OAAO,EAAE,2BAA2B,EAAE,qCAAqC,EAAE,qCAAqC,EAAE,2BAA2B,EAAE,6BAA6B,EAAE,MAAM,4BAA4B,CAAA;AAClN,YAAY,EAAE,kBAAkB,EAAE,2BAA2B,EAAE,MAAM,4BAA4B,CAAA;AAGjG,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAGtE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AACxD,YAAY,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAA;AAC5D,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAC9C,YAAY,EAAE,SAAS,EAAE,MAAM,mBAAmB,CAAA;AAClD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AACpD,YAAY,EAAE,YAAY,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA;AAChD,YAAY,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAA;AAGpD,YAAY,EACV,gBAAgB,EAAE,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,WAAW,EACnE,UAAU,EAAE,YAAY,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,GACrE,MAAM,YAAY,CAAA;AACnB,YAAY,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,27 @@
+// src/index.ts
+// Booth class (main API)
+export { Booth } from './booth.js';
+// Core engine (power users)
+export { createTollBooth } from './core/toll-booth.js';
+// Core handlers
+export { handleCreateInvoice } from './core/create-invoice.js';
+export { handleInvoiceStatus, renderInvoiceStatusHtml } from './core/invoice-status.js';
+export { handleNwcPay } from './core/nwc-pay.js';
+export { handleCashuRedeem, REDEEM_LEASE_MS } from './core/cashu-redeem.js';
+export { sqliteStorage } from './storage/sqlite.js';
+export { memoryStorage } from './storage/memory.js';
+// Adapters
+export { createExpressMiddleware, createExpressInvoiceStatusHandler, createExpressCreateInvoiceHandler, createExpressNwcHandler, createExpressCashuHandler } from './adapters/express.js';
+export { createWebStandardMiddleware, createWebStandardInvoiceStatusHandler, createWebStandardCreateInvoiceHandler, createWebStandardNwcHandler, createWebStandardCashuHandler } from './adapters/web-standard.js';
+// Utilities
+export { mintMacaroon, verifyMacaroon, parseCaveats } from './macaroon.js';
+export { FreeTier } from './free-tier.js';
+export { StatsCollector } from './stats.js';
+export { renderPaymentPage, renderErrorPage } from './payment-page.js';
+// Backends (re-exported for convenience — prefer subpath imports for tree-shaking)
+export { phoenixdBackend } from './backends/phoenixd.js';
+export { lndBackend } from './backends/lnd.js';
+export { clnBackend } from './backends/cln.js';
+export { lnbitsBackend } from './backends/lnbits.js';
+export { albyBackend } from './backends/alby.js';
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,eAAe;AAEf,yBAAyB;AACzB,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAA;AAGlC,4BAA4B;AAC5B,OAAO,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAA;AAItD,gBAAgB;AAChB,OAAO,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAA;AAE9D,OAAO,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAA;AAEvF,OAAO,EAAE,YAAY,EAAE,MAAM,mBAAmB,CAAA;AAEhD,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAK3E,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAA;AAEnD,WAAW;AACX,OAAO,EAAE,uBAAuB,EAAE,iCAAiC,EAAE,iCAAiC,EAAE,uBAAuB,EAAE,yBAAyB,EAAE,MAAM,uBAAuB,CAAA;AAEzL,OAAO,EAAE,2BAA2B,EAAE,qCAAqC,EAAE,qCAAqC,EAAE,2BAA2B,EAAE,6BAA6B,EAAE,MAAM,4BAA4B,CAAA;AAGlN,YAAY;AACZ,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,eAAe,CAAA;AAC1E,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAA;AACzC,OAAO,EAAE,cAAc,EAAE,MAAM,YAAY,CAAA;AAC3C,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAA;AAEtE,mFAAmF;AACnF,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAA;AAExD,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE9C,OAAO,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAE9C,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAA;AAEpD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAA"}

package/dist/macaroon.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * Mints a new macaroon encoding a payment hash and credit balance.
+ *
+ * @param rootKey - Hex-encoded 32-byte root key.
+ * @param paymentHash - The Lightning payment hash (hex string).
+ * @param creditBalanceSats - The credit balance in satoshis.
+ * @returns Base64-encoded binary macaroon.
+ */
+export declare function mintMacaroon(rootKey: string, paymentHash: string, creditBalanceSats: number): string;
+/**
+ * Result of macaroon verification.
+ */
+export interface VerifyResult {
+    /** Whether the macaroon signature and caveats are valid. */
+    valid: boolean;
+    /** The payment hash extracted from the macaroon, if valid. */
+    paymentHash?: string;
+    /** The credit balance in satoshis extracted from the macaroon, if valid. */
+    creditBalance?: number;
+}
+/**
+ * Verifies a macaroon's cryptographic signature and extracts its caveats.
+ *
+ * @param rootKey - Hex-encoded 32-byte root key used to mint the macaroon.
+ * @param macaroonBase64 - Base64-encoded binary macaroon.
+ * @returns A VerifyResult indicating validity and parsed caveat values.
+ */
+export declare function verifyMacaroon(rootKey: string, macaroonBase64: string): VerifyResult;
+/**
+ * Parses first-party caveats from a macaroon into a key/value map.
+ *
+ * Caveats must follow the `key = value` format. Caveats that do not
+ * match this pattern are silently ignored.
+ *
+ * @param macaroonBase64 - Base64-encoded binary macaroon.
+ * @returns A record of caveat keys to their string values.
+ */
+export declare function parseCaveats(macaroonBase64: string): Record<string, string>;
+//# sourceMappingURL=macaroon.d.ts.map

package/dist/macaroon.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"macaroon.d.ts","sourceRoot":"","sources":["../src/macaroon.ts"],"names":[],"mappings":"AAKA;;;;;;;GAOG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,GAAG,MAAM,CAWpG;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,4DAA4D;IAC5D,KAAK,EAAE,OAAO,CAAA;IACd,8DAA8D;IAC9D,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAA;CACvB;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,cAAc,EAAE,MAAM,GAAG,YAAY,CAuCpF;AAED;;;;;;;;GAQG;AACH,wBAAgB,YAAY,CAAC,cAAc,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAkB3E"}

package/dist/macaroon.js ADDED Viewed

@@ -0,0 +1,111 @@
+import { newMacaroon, importMacaroon } from 'macaroon';
+const LOCATION = 'toll-booth';
+const KNOWN_CAVEATS = new Set(['payment_hash', 'credit_balance']);
+/**
+ * Mints a new macaroon encoding a payment hash and credit balance.
+ *
+ * @param rootKey - Hex-encoded 32-byte root key.
+ * @param paymentHash - The Lightning payment hash (hex string).
+ * @param creditBalanceSats - The credit balance in satoshis.
+ * @returns Base64-encoded binary macaroon.
+ */
+export function mintMacaroon(rootKey, paymentHash, creditBalanceSats) {
+    const keyBytes = hexToBytes(rootKey);
+    const m = newMacaroon({
+        identifier: paymentHash,
+        location: LOCATION,
+        rootKey: keyBytes,
+        version: 2,
+    });
+    m.addFirstPartyCaveat(`payment_hash = ${paymentHash}`);
+    m.addFirstPartyCaveat(`credit_balance = ${creditBalanceSats}`);
+    return uint8ToBase64(m.exportBinary());
+}
+/**
+ * Verifies a macaroon's cryptographic signature and extracts its caveats.
+ *
+ * @param rootKey - Hex-encoded 32-byte root key used to mint the macaroon.
+ * @param macaroonBase64 - Base64-encoded binary macaroon.
+ * @returns A VerifyResult indicating validity and parsed caveat values.
+ */
+export function verifyMacaroon(rootKey, macaroonBase64) {
+    try {
+        const keyBytes = hexToBytes(rootKey);
+        const m = importMacaroon(base64ToUint8(macaroonBase64));
+        // Track caveat counts to reject duplicates (prevents attacker-appended overrides)
+        const seen = new Map();
+        m.verify(keyBytes, (condition) => {
+            const eqIdx = condition.indexOf(' = ');
+            if (eqIdx === -1)
+                return 'malformed caveat';
+            const key = condition.slice(0, eqIdx);
+            if (!KNOWN_CAVEATS.has(key))
+                return 'unknown caveat';
+            seen.set(key, (seen.get(key) ?? 0) + 1);
+            if (seen.get(key) > 1)
+                return 'duplicate caveat';
+            return null;
+        }, []);
+        // Use the immutable identifier as the authoritative payment hash —
+        // it is set at mint time and covered by the root signature.
+        const json = m.exportJSON();
+        const identifier = json.i;
+        const caveats = parseCaveats(macaroonBase64);
+        // Cross-check: the payment_hash caveat must match the identifier
+        if (caveats.payment_hash && caveats.payment_hash !== identifier) {
+            return { valid: false };
+        }
+        return {
+            valid: true,
+            paymentHash: identifier,
+            creditBalance: caveats.credit_balance !== undefined
+                ? parseInt(caveats.credit_balance, 10)
+                : undefined,
+        };
+    }
+    catch {
+        return { valid: false };
+    }
+}
+/**
+ * Parses first-party caveats from a macaroon into a key/value map.
+ *
+ * Caveats must follow the `key = value` format. Caveats that do not
+ * match this pattern are silently ignored.
+ *
+ * @param macaroonBase64 - Base64-encoded binary macaroon.
+ * @returns A record of caveat keys to their string values.
+ */
+export function parseCaveats(macaroonBase64) {
+    const m = importMacaroon(base64ToUint8(macaroonBase64));
+    const result = {};
+    // caveats is an array of objects with an identifier field (Uint8Array)
+    const caveats = m.caveats;
+    for (const c of caveats) {
+        const raw = new TextDecoder().decode(c.identifier);
+        const eqIdx = raw.indexOf(' = ');
+        if (eqIdx !== -1) {
+            const key = raw.slice(0, eqIdx).trim();
+            // First-occurrence-wins: server-set caveats come first in the chain,
+            // so any attacker-appended duplicates are ignored.
+            if (!Object.hasOwn(result, key)) {
+                result[key] = raw.slice(eqIdx + 3).trim();
+            }
+        }
+    }
+    return result;
+}
+function hexToBytes(hex) {
+    const bytes = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < hex.length; i += 2) {
+        bytes[i / 2] = parseInt(hex.slice(i, i + 2), 16);
+    }
+    return bytes;
+}
+function uint8ToBase64(bytes) {
+    return Buffer.from(bytes).toString('base64');
+}
+function base64ToUint8(b64) {
+    return new Uint8Array(Buffer.from(b64, 'base64'));
+}
+//# sourceMappingURL=macaroon.js.map

package/dist/macaroon.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"macaroon.js","sourceRoot":"","sources":["../src/macaroon.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,UAAU,CAAA;AAEtD,MAAM,QAAQ,GAAG,YAAY,CAAA;AAC7B,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,CAAC,cAAc,EAAE,gBAAgB,CAAC,CAAC,CAAA;AAEjE;;;;;;;GAOG;AACH,MAAM,UAAU,YAAY,CAAC,OAAe,EAAE,WAAmB,EAAE,iBAAyB;IAC1F,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAA;IACpC,MAAM,CAAC,GAAG,WAAW,CAAC;QACpB,UAAU,EAAE,WAAW;QACvB,QAAQ,EAAE,QAAQ;QAClB,OAAO,EAAE,QAAQ;QACjB,OAAO,EAAE,CAAC;KACX,CAAC,CAAA;IACF,CAAC,CAAC,mBAAmB,CAAC,kBAAkB,WAAW,EAAE,CAAC,CAAA;IACtD,CAAC,CAAC,mBAAmB,CAAC,oBAAoB,iBAAiB,EAAE,CAAC,CAAA;IAC9D,OAAO,aAAa,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,CAAA;AACxC,CAAC;AAcD;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe,EAAE,cAAsB;IACpE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,CAAC,CAAA;QACpC,MAAM,CAAC,GAAG,cAAc,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAA;QAEvD,kFAAkF;QAClF,MAAM,IAAI,GAAG,IAAI,GAAG,EAAkB,CAAA;QACtC,CAAC,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,SAAiB,EAAE,EAAE;YACvC,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;YACtC,IAAI,KAAK,KAAK,CAAC,CAAC;gBAAE,OAAO,kBAAkB,CAAA;YAC3C,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAA;YACrC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,GAAG,CAAC;gBAAE,OAAO,gBAAgB,CAAA;YACpD,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAA;YACvC,IAAI,IAAI,CAAC,GAAG,CAAC,GAAG,CAAE,GAAG,CAAC;gBAAE,OAAO,kBAAkB,CAAA;YACjD,OAAO,IAAI,CAAA;QACb,CAAC,EAAE,EAAE,CAAC,CAAA;QAEN,mEAAmE;QACnE,4DAA4D;QAC5D,MAAM,IAAI,GAAG,CAAC,CAAC,UAAU,EAA6B,CAAA;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,CAAW,CAAA;QAEnC,MAAM,OAAO,GAAG,YAAY,CAAC,cAAc,CAAC,CAAA;QAE5C,iEAAiE;QACjE,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,YAAY,KAAK,UAAU,EAAE,CAAC;YAChE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;QACzB,CAAC;QAED,OAAO;YACL,KAAK,EAAE,IAAI;YACX,WAAW,EAAE,UAAU;YACvB,aAAa,EAAE,OAAO,CAAC,cAAc,KAAK,SAAS;gBACjD,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC;gBACtC,CAAC,CAAC,SAAS;SACd,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAA;IACzB,CAAC;AACH,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,YAAY,CAAC,cAAsB;IACjD,MAAM,CAAC,GAAG,cAAc,CAAC,aAAa,CAAC,cAAc,CAAC,CAAC,CAAA;IACvD,MAAM,MAAM,GAA2B,EAAE,CAAA;IACzC,uEAAuE;IACvE,MAAM,OAAO,GAAG,CAAC,CAAC,OAA4C,CAAA;IAC9D,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,GAAG,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAA;QAClD,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;QAChC,IAAI,KAAK,KAAK,CAAC,CAAC,EAAE,CAAC;YACjB,MAAM,GAAG,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,IAAI,EAAE,CAAA;YACtC,qEAAqE;YACrE,mDAAmD;YACnD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;YAC3C,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAA;AACf,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QACvC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;IAClD,CAAC;IACD,OAAO,KAAK,CAAA;AACd,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACtC,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAA;AACnD,CAAC"}

package/dist/payment-page.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import type { CreditTier } from './types.js';
+import type { StoredInvoice } from './storage/interface.js';
+export interface PaymentPageData {
+    invoice: StoredInvoice;
+    paid: boolean;
+    preimage?: string;
+    tokenSuffix?: string;
+    tiers: CreditTier[];
+    nwcEnabled: boolean;
+    cashuEnabled: boolean;
+}
+export interface PaymentPageErrorData {
+    paymentHash: string;
+    message: string;
+}
+export declare function renderPaymentPage(data: PaymentPageData): Promise<string>;
+export declare function renderErrorPage(data: PaymentPageErrorData): string;
+//# sourceMappingURL=payment-page.d.ts.map

package/dist/payment-page.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"payment-page.d.ts","sourceRoot":"","sources":["../src/payment-page.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,YAAY,CAAA;AAC5C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAA;AAE3D,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,aAAa,CAAA;IACtB,IAAI,EAAE,OAAO,CAAA;IACb,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,KAAK,EAAE,UAAU,EAAE,CAAA;IACnB,UAAU,EAAE,OAAO,CAAA;IACnB,YAAY,EAAE,OAAO,CAAA;CACtB;AAED,MAAM,WAAW,oBAAoB;IACnC,WAAW,EAAE,MAAM,CAAA;IACnB,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,wBAAsB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,OAAO,CAAC,MAAM,CAAC,CAsE9E;AAwSD,wBAAgB,eAAe,CAAC,IAAI,EAAE,oBAAoB,GAAG,MAAM,CAwBlE"}

package/dist/payment-page.js ADDED Viewed

@@ -0,0 +1,391 @@
+// src/payment-page.ts
+import QRCode from 'qrcode';
+export async function renderPaymentPage(data) {
+    const { invoice, paid, preimage, tokenSuffix, tiers, nwcEnabled, cashuEnabled } = data;
+    const qrSvg = await QRCode.toString(`lightning:${invoice.bolt11}`.toUpperCase(), { type: 'svg', margin: 2 });
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Payment${paid ? ' Complete' : ' Required'} — toll-booth</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,sans-serif;background:#0a0a0f;color:#e0e0e0;min-height:100vh;display:flex;align-items:center;justify-content:center;padding:1rem}
+.card{background:#161622;border:1px solid #2a2a3a;border-radius:16px;padding:2rem;max-width:480px;width:100%;box-shadow:0 8px 32px rgba(0,0,0,.4)}
+h1{font-size:1.4rem;text-align:center;margin-bottom:1.5rem;color:#fff}
+.qr-wrap{background:#fff;border-radius:12px;padding:1rem;display:flex;align-items:center;justify-content:center;margin:0 auto 1.5rem;max-width:280px}
+.qr-wrap svg{width:100%;height:auto}
+.invoice-str{font-family:monospace;font-size:.7rem;word-break:break-all;background:#0d0d15;border:1px solid #2a2a3a;border-radius:8px;padding:.75rem;margin-bottom:1rem;max-height:80px;overflow-y:auto;color:#a0a0b0}
+.btn{display:block;width:100%;padding:.75rem;border:none;border-radius:8px;font-size:.95rem;font-weight:600;cursor:pointer;margin-bottom:.75rem;transition:all .15s ease}
+.btn-primary{background:linear-gradient(135deg,#6366f1,#8b5cf6);color:#fff}
+.btn-primary:hover{opacity:.9}
+.btn-secondary{background:#1e1e30;border:1px solid #3a3a50;color:#c0c0d0}
+.btn-secondary:hover{background:#252540}
+.btn-success{background:linear-gradient(135deg,#22c55e,#16a34a);color:#fff}
+.status{text-align:center;padding:.5rem;border-radius:8px;margin-bottom:1rem;font-size:.85rem}
+.status-polling{background:#1e1e30;color:#a0a0b0}
+.status-paid{background:#052e16;color:#4ade80;border:1px solid #16a34a}
+.tiers{display:grid;gap:.5rem;margin-bottom:1rem}
+.tier{background:#1e1e30;border:2px solid #2a2a3a;border-radius:8px;padding:.75rem;cursor:pointer;transition:all .15s ease;text-align:center}
+.tier:hover,.tier.selected{border-color:#6366f1;background:#1e1e35}
+.tier-label{font-weight:600;color:#fff;font-size:.95rem}
+.tier-price{color:#a0a0b0;font-size:.8rem;margin-top:.25rem}
+.tier-bonus{color:#6366f1;font-size:.75rem;font-weight:500}
+.wallets{margin-bottom:1rem}
+.wallet-label{font-size:.8rem;color:#808090;margin-bottom:.5rem}
+.success-icon{font-size:3rem;text-align:center;margin:1rem 0}
+.token-box{font-family:monospace;font-size:.65rem;word-break:break-all;background:#0d0d15;border:1px solid #2a2a3a;border-radius:8px;padding:.75rem;margin:.75rem 0}
+.token-label{font-size:.75rem;color:#808090;margin-bottom:.25rem}
+.info{font-size:.8rem;color:#808090;text-align:center;margin-top:.75rem}
+.info a{color:#6366f1}
+.noscript-refresh{display:inline-block;margin-top:.5rem;color:#6366f1;text-decoration:underline}
+.hidden{display:none}
+.spinner{display:inline-block;width:14px;height:14px;border:2px solid #404060;border-top-color:#6366f1;border-radius:50%;animation:spin .8s linear infinite;vertical-align:middle;margin-right:.5rem}
+@keyframes spin{to{transform:rotate(360deg)}}
+.credit-bal{font-size:1.1rem;text-align:center;color:#fff;margin:.5rem 0}
+</style>
+</head>
+<body>
+<div class="card" id="card"
+  data-payment-hash="${esc(invoice.paymentHash)}"
+  data-macaroon="${esc(invoice.macaroon)}"
+  data-paid="${paid}"
+  data-nwc="${nwcEnabled}"
+  data-cashu="${cashuEnabled}"
+>
+${paid ? renderPaidState(invoice, preimage, tokenSuffix) : renderAwaitingState(invoice, qrSvg, tiers, nwcEnabled, cashuEnabled)}
+<div class="info">Powered by <strong>toll-booth</strong> &middot; L402</div>
+</div>
+<script>
+${paid ? '' : clientScript()}
+</script>
+<noscript>
+${paid ? '' : `<div style="text-align:center;margin-top:1rem;color:#a0a0b0;font-size:.85rem">JavaScript is disabled. <a class="noscript-refresh" href="">Refresh to check payment status</a>.</div>`}
+</noscript>
+</body>
+</html>`;
+}
+function renderAwaitingState(invoice, qrSvg, tiers, nwcEnabled, cashuEnabled) {
+    const tiersHtml = tiers.length > 0 ? `
+<div class="tiers" id="tiers">
+  ${tiers.map((t, i) => {
+        const bonus = t.creditSats > t.amountSats
+            ? `<div class="tier-bonus">+${Math.round(((t.creditSats - t.amountSats) / t.amountSats) * 100)}% bonus</div>`
+            : '';
+        return `<div class="tier${i === 0 ? ' selected' : ''}" data-amount="${t.amountSats}" data-credit="${t.creditSats}" onclick="selectTier(this)">
+      <div class="tier-label">${esc(t.label)}</div>
+      <div class="tier-price">${formatSats(t.amountSats)} sats &rarr; ${formatSats(t.creditSats)} credits</div>
+      ${bonus}
+    </div>`;
+    }).join('\n  ')}
+</div>` : '';
+    const walletButtons = [];
+    walletButtons.push(`<button class="btn btn-primary" id="btn-copy" onclick="copyInvoice()">Copy Invoice</button>`);
+    walletButtons.push(`<button class="btn btn-secondary hidden" id="btn-webln" onclick="payWebLN()">Pay with WebLN</button>`);
+    if (nwcEnabled) {
+        walletButtons.push(`<button class="btn btn-secondary" id="btn-nwc" onclick="showNwc()">Pay with Nostr Wallet Connect</button>`);
+    }
+    if (cashuEnabled) {
+        walletButtons.push(`<button class="btn btn-secondary" id="btn-cashu" onclick="showCashu()">Redeem Cashu Token</button>`);
+    }
+    return `
+<h1>Payment Required</h1>
+<div class="status status-polling" id="status">
+  <span class="spinner"></span> Waiting for payment&hellip;
+</div>
+<div class="qr-wrap" id="qr-wrap">${qrSvg}</div>
+<div class="invoice-str" id="invoice-str">${esc(invoice.bolt11)}</div>
+${tiersHtml}
+<div class="wallets">
+  ${walletButtons.join('\n  ')}
+</div>
+<div class="hidden" id="nwc-form">
+  <input type="text" placeholder="nostr+walletconnect://..." id="nwc-uri"
+    style="width:100%;padding:.5rem;border-radius:8px;border:1px solid #3a3a50;background:#0d0d15;color:#e0e0e0;font-size:.85rem;margin-bottom:.5rem">
+  <button class="btn btn-primary" onclick="payNwc()">Pay via NWC</button>
+</div>
+<div class="hidden" id="cashu-form">
+  <textarea placeholder="cashuA..." id="cashu-token"
+    style="width:100%;padding:.5rem;border-radius:8px;border:1px solid #3a3a50;background:#0d0d15;color:#e0e0e0;font-size:.85rem;height:80px;resize:vertical;margin-bottom:.5rem"></textarea>
+  <button class="btn btn-primary" onclick="redeemCashu()">Redeem Token</button>
+</div>`;
+}
+function renderPaidState(invoice, preimage, tokenSuffix) {
+    const effectiveSuffix = preimage ?? tokenSuffix;
+    const tokenLabel = preimage
+        ? 'L402 Token (macaroon:preimage)'
+        : 'L402 Token';
+    const tokenValue = effectiveSuffix
+        ? `${esc(invoice.macaroon)}:${esc(effectiveSuffix)}`
+        : undefined;
+    const preimageHtml = preimage
+        ? `
+<div>
+  <div class="token-label">Payment preimage</div>
+  <div class="token-box" id="preimage">${esc(preimage)}</div>
+</div>
+`
+        : '';
+    return `
+<h1>Payment Complete</h1>
+<div class="status status-paid" id="status">Invoice paid successfully</div>
+<div class="success-icon">&#9889;</div>
+<div class="credit-bal" id="credit-bal">${formatSats(invoice.amountSats)} sats credited</div>
+${preimageHtml}
+<div>
+  <div class="token-label">${tokenLabel}</div>
+  <div class="token-box" id="l402-token">${tokenValue ?? 'Unavailable'}</div>
+</div>
+${tokenValue ? '<button class="btn btn-success" onclick="copyToken()">Copy L402 Token</button>' : ''}`;
+}
+function clientScript() {
+    return `
+(function(){
+  var card = document.getElementById('card');
+  var hash = card.dataset.paymentHash;
+  var statusUrl = window.location.pathname + window.location.search;
+  var statusToken = new URLSearchParams(window.location.search).get('token') || '';
+  // Derive the mount base path so API calls work when toll-booth is mounted on a subpath.
+  // The payment page is always served at <basePath>/invoice-status/<hash>, so strip from
+  // '/invoice-status/' onwards to recover the base path (e.g. '' or '/pay').
+  var _pathParts = window.location.pathname.split('/invoice-status/');
+  var basePath = _pathParts.length > 1 ? _pathParts[0] : '';
+  if (card.dataset.paid === 'true') return;
+  // Detect WebLN
+  if (typeof window.webln !== 'undefined') {
+    document.getElementById('btn-webln').classList.remove('hidden');
+  }
+  // Poll for payment
+  var pollInterval = setInterval(function(){
+    fetch(statusUrl, {headers:{'Accept':'application/json'}})
+      .then(function(r){return r.json()})
+      .then(function(d){
+        if(d.paid){
+          clearInterval(pollInterval);
+          showPaid(d.preimage, 0, null, d.token_suffix);
+        }
+      })
+      .catch(function(){});
+  }, 3000);
+  window.copyInvoice = function(){
+    var str = document.getElementById('invoice-str').textContent;
+    navigator.clipboard.writeText(str).then(function(){
+      var btn = document.getElementById('btn-copy');
+      btn.textContent = 'Copied!';
+      setTimeout(function(){btn.textContent='Copy Invoice'},2000);
+    });
+  };
+  window.copyToken = function(){
+    var str = document.getElementById('l402-token').textContent;
+    navigator.clipboard.writeText(str).then(function(){
+      var btn = document.querySelector('.btn-success');
+      btn.textContent = 'Copied!';
+      setTimeout(function(){btn.textContent='Copy L402 Token'},2000);
+    });
+  };
+  window.payWebLN = async function(){
+    try {
+      await window.webln.enable();
+      var invoice = document.getElementById('invoice-str').textContent;
+      await window.webln.sendPayment(invoice);
+    } catch(e) {
+      console.error('WebLN payment failed:', e);
+    }
+  };
+  window.selectTier = function(el){
+    document.querySelectorAll('.tier').forEach(function(t){t.classList.remove('selected')});
+    el.classList.add('selected');
+    // Create a new invoice for this tier, then update the page in-place
+    fetch(basePath + '/create-invoice', {
+      method: 'POST',
+      headers: {'Content-Type': 'application/json'},
+      body: JSON.stringify({amountSats: parseInt(el.dataset.amount)})
+    })
+    .then(function(r){return r.json()})
+    .then(function(d){
+      if (!d.bolt11) return;
+      // Update QR code in-place
+      var qrWrap = document.getElementById('qr-wrap');
+      if (qrWrap && d.qr_svg) qrWrap.innerHTML = d.qr_svg;
+      // Update invoice string
+      var invStr = document.getElementById('invoice-str');
+      if (invStr) invStr.textContent = d.bolt11;
+      // Update payment hash for polling
+      hash = d.payment_hash;
+      card.dataset.paymentHash = d.payment_hash;
+      if (d.macaroon) card.dataset.macaroon = d.macaroon;
+      // Update browser URL without reload
+      if (d.payment_url) {
+        statusUrl = d.payment_url;
+        var parsedUrl = new URL(d.payment_url, window.location.origin);
+        statusToken = parsedUrl.searchParams.get('token') || '';
+        history.replaceState(null, '', d.payment_url);
+      }
+      // Restart polling with new hash
+      clearInterval(pollInterval);
+      pollInterval = setInterval(function(){
+        fetch(statusUrl, {headers:{'Accept':'application/json'}})
+          .then(function(r){return r.json()})
+          .then(function(d){
+            if(d.paid){
+              clearInterval(pollInterval);
+              showPaid(d.preimage, 0, null, d.token_suffix);
+            }
+          })
+          .catch(function(){});
+      }, 3000);
+    })
+    .catch(function(e){ console.error('Tier selection failed:', e) });
+  };
+  window.showNwc = function(){
+    document.getElementById('nwc-form').classList.toggle('hidden');
+  };
+  window.showCashu = function(){
+    document.getElementById('cashu-form').classList.toggle('hidden');
+  };
+  window.payNwc = function(){
+    var uri = document.getElementById('nwc-uri').value.trim();
+    if (!uri) return;
+    var invoice = document.getElementById('invoice-str').textContent;
+    fetch(basePath + '/nwc-pay', {
+      method: 'POST',
+      headers: {'Content-Type': 'application/json'},
+      body: JSON.stringify({nwcUri: uri, bolt11: invoice, paymentHash: hash, statusToken: statusToken})
+    })
+    .then(function(r){return r.json()})
+    .then(function(d){
+      if (d.preimage) showPaid(d.preimage, 0, null, d.token_suffix);
+      else if (d.error) alert(d.error);
+    })
+    .catch(function(e){ alert('NWC payment failed: ' + e.message) });
+  };
+  window.redeemCashu = function(){
+    var token = document.getElementById('cashu-token').value.trim();
+    if (!token) return;
+    fetch(basePath + '/cashu-redeem', {
+      method: 'POST',
+      headers: {'Content-Type': 'application/json'},
+      body: JSON.stringify({token: token, paymentHash: hash, statusToken: statusToken})
+    })
+    .then(function(r){return r.json()})
+    .then(function(d){
+      if (d.error) { alert(d.error); return; }
+      var mac = d.macaroon || card.dataset.macaroon;
+      showPaid(null, d.credited, mac, d.token_suffix);
+    })
+    .catch(function(e){ alert('Cashu redemption failed: ' + e.message) });
+  };
+  function escHtml(s){return String(s).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;').replace(/"/g,'&quot;')}
+  function fmtSats(n){return Number(n).toLocaleString('en-GB')}
+  function showPaid(preimage, creditedAmount, cashuMacaroon, tokenSuffix){
+    clearInterval(pollInterval);
+    var status = document.getElementById('status');
+    status.className = 'status status-paid';
+    status.textContent = 'Invoice paid successfully';
+    // Replace card content with success state
+    var h1 = document.querySelector('h1');
+    h1.textContent = 'Payment Complete';
+    document.title = 'Payment Complete \\u2014 toll-booth';
+    // Hide payment UI, show success
+    var qr = document.getElementById('qr-wrap');
+    if(qr) qr.style.display = 'none';
+    var inv = document.getElementById('invoice-str');
+    if(inv) inv.style.display = 'none';
+    var tiers = document.getElementById('tiers');
+    if(tiers) tiers.style.display = 'none';
+    var wallets = document.querySelector('.wallets');
+    if(wallets) wallets.style.display = 'none';
+    var nwcForm = document.getElementById('nwc-form');
+    if(nwcForm) nwcForm.style.display = 'none';
+    var cashuForm = document.getElementById('cashu-form');
+    if(cashuForm) cashuForm.style.display = 'none';
+    // Add success content after status
+    var successHtml = '<div class="success-icon">&#9889;</div>';
+    if (creditedAmount) {
+      successHtml += '<div class="credit-bal">' + fmtSats(creditedAmount) + ' sats credited</div>';
+    }
+    // Determine the macaroon and auth token format
+    var macStr = cashuMacaroon ? escHtml(cashuMacaroon) : (card.dataset.macaroon ? escHtml(card.dataset.macaroon) : '');
+    if (preimage) {
+      var safePreimage = escHtml(preimage);
+      successHtml += '<div><div class="token-label">Payment preimage</div><div class="token-box" id="preimage">' + safePreimage + '</div></div>';
+      if (macStr) {
+        successHtml += '<div><div class="token-label">L402 Token (macaroon:preimage)</div><div class="token-box" id="l402-token">' + macStr + ':' + safePreimage + '</div></div>';
+        successHtml += '<button class="btn btn-success" onclick="copyToken()">Copy L402 Token</button>';
+      }
+    } else if (macStr && tokenSuffix) {
+      successHtml += '<div><div class="token-label">L402 Token</div><div class="token-box" id="l402-token">' + macStr + ':' + escHtml(tokenSuffix) + '</div></div>';
+      successHtml += '<button class="btn btn-success" onclick="copyToken()">Copy L402 Token</button>';
+    }
+    status.insertAdjacentHTML('afterend', successHtml);
+  }
+})();`;
+}
+export function renderErrorPage(data) {
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>Invoice Not Found — toll-booth</title>
+<style>
+*{margin:0;padding:0;box-sizing:border-box}
+body{font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,sans-serif;background:#0a0a0f;color:#e0e0e0;min-height:100vh;display:flex;align-items:center;justify-content:center;padding:1rem}
+.card{background:#161622;border:1px solid #2a2a3a;border-radius:16px;padding:2rem;max-width:480px;width:100%;text-align:center}
+h1{font-size:1.4rem;margin-bottom:1rem;color:#fff}
+p{color:#a0a0b0;font-size:.9rem;line-height:1.5}
+.hash{font-family:monospace;font-size:.7rem;color:#606070;word-break:break-all;margin-top:1rem}
+</style>
+</head>
+<body>
+<div class="card">
+  <h1>Invoice Not Found</h1>
+  <p>${esc(data.message)}</p>
+  <div class="hash">${esc(data.paymentHash)}</div>
+</div>
+</body>
+</html>`;
+}
+function esc(s) {
+    return s
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&#39;');
+}
+function formatSats(sats) {
+    return sats.toLocaleString('en-GB');
+}
+//# sourceMappingURL=payment-page.js.map