npm - @thecryptodonkey/toll-booth - Versions diffs - 3.2.4 → 3.2.5 - Mend

@thecryptodonkey/toll-booth 3.2.4 → 3.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/adapters/express.js +2 -1
package/dist/adapters/web-standard.js +2 -1
package/dist/booth.d.ts +1 -0
package/dist/booth.js +10 -2
package/package.json +1 -1

package/dist/adapters/express.js CHANGED Viewed

@@ -136,7 +136,8 @@ export function createExpressMiddleware(engineOrConfig, upstreamArg) {
                     const tollCostHeader = upstream_res.headers.get('x-toll-cost');
                     if (tollCostHeader !== null && /^\d+$/.test(tollCostHeader)) {
                         const actualCost = parseInt(tollCostHeader, 10);
-                        if (Number.isSafeInteger(actualCost) && actualCost >= 0) {
+                        const maxAllowed = (result.estimatedCost ?? actualCost) * 10;
+                        if (Number.isSafeInteger(actualCost) && actualCost >= 0 && actualCost <= maxAllowed) {
                             const reconciled = engine.reconcile(result.paymentHash, actualCost);
                             if (reconciled.adjusted) {
                                 res.setHeader('X-Credit-Balance', String(reconciled.newBalance));

package/dist/adapters/web-standard.js CHANGED Viewed

@@ -123,7 +123,8 @@ export function createWebStandardMiddleware(engineOrConfig, upstreamArg) {
                     const tollCostHeader = res.headers.get('x-toll-cost');
                     if (tollCostHeader !== null && /^\d+$/.test(tollCostHeader)) {
                         const actualCost = parseInt(tollCostHeader, 10);
-                        if (Number.isSafeInteger(actualCost) && actualCost >= 0) {
+                        const maxAllowed = (result.estimatedCost ?? actualCost) * 10;
+                        if (Number.isSafeInteger(actualCost) && actualCost >= 0 && actualCost <= maxAllowed) {
                             const reconciled = engine.reconcile(result.paymentHash, actualCost);
                             if (reconciled.adjusted) {
                                 responseHeaders.set('X-Credit-Balance', String(reconciled.newBalance));

package/dist/booth.d.ts CHANGED Viewed

@@ -34,6 +34,7 @@ export declare class Booth {
     private readonly rootKey;
     private readonly redeemCashu?;
     private readonly pruneTimer?;
+    private closed;
     constructor(config: BoothOptions & EventHandler);
     /** Reset free-tier counters for all IPs. */
     resetFreeTier(): void;

package/dist/booth.js CHANGED Viewed

@@ -54,6 +54,7 @@ export class Booth {
     rootKey;
     redeemCashu;
     pruneTimer;
+    closed = false;
     constructor(config) {
         if (!config.backend && !config.redeemCashu && !config.x402) {
             throw new Error('At least one payment method required: provide a Lightning backend, redeemCashu callback, or x402 config');
@@ -197,8 +198,8 @@ export class Booth {
         // Auto-recover any pending Cashu claims from a previous crash
         if (this.redeemCashu) {
             const fn = this.redeemCashu;
-            this.recoverPendingClaims(fn).catch(() => {
-                // Recovery failures are non-fatal; claims stay pending for next restart
+            this.recoverPendingClaims(fn).catch((err) => {
+                console.warn('[toll-booth] Cashu recovery failed:', err instanceof Error ? err.message : err);
             });
         }
     }
@@ -222,12 +223,18 @@ export class Booth {
         let recovered = 0;
         const renewIntervalMs = Math.max(1_000, Math.floor(REDEEM_LEASE_MS / 2));
         for (const claim of claims) {
+            if (this.closed)
+                break;
             // Respect active leases so startup recovery does not race in-flight requests
             // (or another process already handling this claim).
             const leasedClaim = this.storage.tryAcquireRecoveryLease(claim.paymentHash, REDEEM_LEASE_MS);
             if (!leasedClaim)
                 continue;
             const timer = setInterval(() => {
+                if (this.closed) {
+                    clearInterval(timer);
+                    return;
+                }
                 this.storage.extendRecoveryLease(leasedClaim.paymentHash, REDEEM_LEASE_MS);
             }, renewIntervalMs);
             try {
@@ -254,6 +261,7 @@ export class Booth {
         return recovered;
     }
     close() {
+        this.closed = true;
         if (this.pruneTimer)
             clearInterval(this.pruneTimer);
         this.storage.close();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@thecryptodonkey/toll-booth",
-  "version": "3.2.4",
+  "version": "3.2.5",
   "type": "module",
   "description": "Monetise any API with HTTP 402 payments. Payment-rail agnostic middleware for Express, Hono, Deno, Bun, and Workers.",
   "license": "MIT",