@wopr-network/platform-core 1.42.3 → 1.43.0

package/dist/billing/crypto/__tests__/key-server.test.js

@@ -0,0 +1,225 @@
+import { describe, expect, it, vi } from "vitest";
+import { createKeyServerApp } from "../key-server.js";
+/** Create a mock db that supports transaction() by passing itself to the callback. */
+function createMockDb() {
+    const mockMethod = {
+        id: "btc",
+        type: "native",
+        token: "BTC",
+        chain: "bitcoin",
+        xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+        nextIndex: 1,
+        decimals: 8,
+        confirmations: 6,
+    };
+    const db = {
+        update: vi.fn().mockReturnValue({
+            set: vi.fn().mockReturnValue({
+                where: vi.fn().mockReturnValue({
+                    returning: vi.fn().mockResolvedValue([mockMethod]),
+                }),
+            }),
+        }),
+        insert: vi.fn().mockReturnValue({
+            values: vi.fn().mockReturnValue({
+                onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }),
+            }),
+        }),
+        select: vi.fn().mockReturnValue({
+            from: vi.fn().mockReturnValue({
+                where: vi.fn().mockResolvedValue([]),
+            }),
+        }),
+        // transaction() passes itself as tx — mocks work the same way
+        transaction: vi.fn().mockImplementation(async (fn) => fn(db)),
+    };
+    return db;
+}
+/** Minimal mock deps for key server tests. */
+function mockDeps() {
+    const chargeStore = {
+        getByReferenceId: vi.fn().mockResolvedValue({
+            referenceId: "btc:bc1q...",
+            status: "New",
+            depositAddress: "bc1q...",
+            chain: "bitcoin",
+            token: "BTC",
+            amountUsdCents: 5000,
+            creditedAt: null,
+        }),
+        createStablecoinCharge: vi.fn().mockResolvedValue(undefined),
+        create: vi.fn(),
+        updateStatus: vi.fn(),
+        markCredited: vi.fn(),
+        isCredited: vi.fn(),
+        getByDepositAddress: vi.fn(),
+        getNextDerivationIndex: vi.fn(),
+        listActiveDepositAddresses: vi.fn(),
+    };
+    const methodStore = {
+        listEnabled: vi.fn().mockResolvedValue([
+            {
+                id: "btc",
+                token: "BTC",
+                chain: "bitcoin",
+                decimals: 8,
+                displayName: "Bitcoin",
+                contractAddress: null,
+                confirmations: 6,
+            },
+            {
+                id: "base-usdc",
+                token: "USDC",
+                chain: "base",
+                decimals: 6,
+                displayName: "USDC on Base",
+                contractAddress: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+                confirmations: 12,
+            },
+        ]),
+        listAll: vi.fn(),
+        getById: vi.fn(),
+        listByType: vi.fn(),
+        upsert: vi.fn().mockResolvedValue(undefined),
+        setEnabled: vi.fn().mockResolvedValue(undefined),
+    };
+    return {
+        db: createMockDb(),
+        chargeStore: chargeStore,
+        methodStore: methodStore,
+    };
+}
+describe("key-server routes", () => {
+    it("GET /chains returns enabled payment methods", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/chains");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body).toHaveLength(2);
+        expect(body[0].token).toBe("BTC");
+        expect(body[1].token).toBe("USDC");
+    });
+    it("POST /address requires chain", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(400);
+    });
+    it("POST /address derives BTC address", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^bc1q/);
+        expect(body.index).toBe(0);
+        expect(body.chain).toBe("bitcoin");
+        expect(body.token).toBe("BTC");
+    });
+    it("GET /charges/:id returns charge status", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges/btc:bc1q...");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.chargeId).toBe("btc:bc1q...");
+        expect(body.status).toBe("New");
+    });
+    it("GET /charges/:id returns 404 for missing charge", async () => {
+        const deps = mockDeps();
+        deps.chargeStore.getByReferenceId.mockResolvedValue(null);
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/charges/nonexistent");
+        expect(res.status).toBe(404);
+    });
+    it("POST /charges validates amountUsd", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc", amountUsd: -10 }),
+        });
+        expect(res.status).toBe(400);
+    });
+    it("POST /charges creates a charge", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc", amountUsd: 50 }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^bc1q/);
+        expect(body.amountUsd).toBe(50);
+        expect(body.expiresAt).toBeTruthy();
+    });
+    it("GET /admin/next-path returns available path", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "test-admin";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0", {
+            headers: { Authorization: "Bearer test-admin" },
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.path).toBe("m/44'/0'/0'");
+        expect(body.status).toBe("available");
+    });
+    it("DELETE /admin/chains/:id disables chain", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "test-admin";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/chains/doge", {
+            method: "DELETE",
+            headers: { Authorization: "Bearer test-admin" },
+        });
+        expect(res.status).toBe(204);
+        expect(deps.methodStore.setEnabled).toHaveBeenCalledWith("doge", false);
+    });
+});
+describe("key-server auth", () => {
+    it("rejects unauthenticated request when serviceKey is set", async () => {
+        const deps = mockDeps();
+        deps.serviceKey = "sk-test-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(401);
+    });
+    it("allows authenticated request with correct serviceKey", async () => {
+        const deps = mockDeps();
+        deps.serviceKey = "sk-test-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json", Authorization: "Bearer sk-test-secret" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(201);
+    });
+    it("rejects admin route without adminToken", async () => {
+        const deps = mockDeps();
+        // no adminToken set — admin routes disabled
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0");
+        expect(res.status).toBe(403);
+    });
+    it("allows admin route with correct adminToken", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "admin-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0", {
+            headers: { Authorization: "Bearer admin-secret" },
+        });
+        expect(res.status).toBe(200);
+    });
+});

package/dist/billing/crypto/client.d.ts

@@ -1,21 +1,91 @@
-import type { CryptoBillingConfig } from "./types.js";
-export type { CryptoBillingConfig as CryptoConfig };
 /**
- * Lightweight BTCPay Server Greenfield API client.
+ * Crypto Key Server client — for products to call the shared service.
  *
- * Uses plain fetch — zero vendor dependencies.
- * Auth header format: "token <apiKey>" (NOT "Bearer").
+ * Replaces BTCPayClient. Products set CRYPTO_SERVICE_URL instead of
+ * BTCPAY_API_KEY + BTCPAY_BASE_URL + BTCPAY_STORE_ID.
  */
-export declare class BTCPayClient {
+export interface CryptoServiceConfig {
+    /** Base URL of the crypto key server (e.g. http://10.120.0.5:3100) */
+    baseUrl: string;
+    /** Service key for auth (reuses gateway service key) */
+    serviceKey?: string;
+    /** Tenant ID header */
+    tenantId?: string;
+}
+export interface DeriveAddressResult {
+    address: string;
+    index: number;
+    chain: string;
+    token: string;
+}
+export interface CreateChargeResult {
+    chargeId: string;
+    address: string;
+    chain: string;
+    token: string;
+    amountUsd: number;
+    derivationIndex: number;
+    expiresAt: string;
+}
+export interface ChargeStatus {
+    chargeId: string;
+    status: string;
+    address: string | null;
+    chain: string | null;
+    token: string | null;
+    amountUsdCents: number;
+    creditedAt: string | null;
+}
+export interface ChainInfo {
+    id: string;
+    token: string;
+    chain: string;
+    decimals: number;
+    displayName: string;
+    contractAddress: string | null;
+    confirmations: number;
+}
+/**
+ * Client for the shared crypto key server.
+ * Products use this instead of running local watchers + holding xpubs.
+ */
+export declare class CryptoServiceClient {
     private readonly config;
-    constructor(config: CryptoBillingConfig);
+    constructor(config: CryptoServiceConfig);
     private headers;
-    /**
-     * Create an invoice on the BTCPay store.
-     *
-     * Returns the invoice ID and checkout link (URL to redirect the user).
-     */
-    createInvoice(opts: {
+    /** Derive the next unused address for a chain. */
+    deriveAddress(chain: string): Promise<DeriveAddressResult>;
+    /** Create a payment charge — derives address, sets expiry, starts watching. */
+    createCharge(opts: {
+        chain: string;
+        amountUsd: number;
+        callbackUrl?: string;
+        metadata?: Record<string, unknown>;
+    }): Promise<CreateChargeResult>;
+    /** Check charge status. */
+    getCharge(chargeId: string): Promise<ChargeStatus>;
+    /** List all enabled payment methods (for checkout UI). */
+    listChains(): Promise<ChainInfo[]>;
+}
+/**
+ * Load crypto service config from environment.
+ * Returns null if CRYPTO_SERVICE_URL is not set.
+ *
+ * Also supports legacy BTCPay env vars for backwards compat during migration.
+ */
+export declare function loadCryptoConfig(): CryptoServiceConfig | null;
+export type CryptoConfig = CryptoServiceConfig;
+/**
+ * @deprecated Use CryptoServiceClient instead. BTCPay is replaced by the crypto key server.
+ * Kept for backwards compat — products still import BTCPayClient during migration.
+ */
+export declare class BTCPayClient {
+    constructor(_config: {
+        apiKey: string;
+        baseUrl: string;
+        storeId: string;
+    });
+    createInvoice(_opts: {
         amountUsd: number;
         orderId: string;
         buyerEmail?: string;
@@ -24,16 +94,10 @@ export declare class BTCPayClient {
         id: string;
         checkoutLink: string;
     }>;
-    /** Get invoice status by ID. */
-    getInvoice(invoiceId: string): Promise<{
+    getInvoice(_invoiceId: string): Promise<{
         id: string;
         status: string;
         amount: string;
         currency: string;
     }>;
 }
-/**
- * Load BTCPay config from environment variables.
- * Returns null if any required var is missing.
- */
-export declare function loadCryptoConfig(): CryptoBillingConfig | null;

package/dist/billing/crypto/client.js

@@ -1,72 +1,102 @@
 /**
- * Lightweight BTCPay Server Greenfield API client.
+ * Crypto Key Server client — for products to call the shared service.
  *
- * Uses plain fetch — zero vendor dependencies.
- * Auth header format: "token <apiKey>" (NOT "Bearer").
+ * Replaces BTCPayClient. Products set CRYPTO_SERVICE_URL instead of
+ * BTCPAY_API_KEY + BTCPAY_BASE_URL + BTCPAY_STORE_ID.
  */
-export class BTCPayClient {
+/**
+ * Client for the shared crypto key server.
+ * Products use this instead of running local watchers + holding xpubs.
+ */
+export class CryptoServiceClient {
     config;
     constructor(config) {
         this.config = config;
     }
     headers() {
-        return {
-            "Content-Type": "application/json",
-            Authorization: `token ${this.config.apiKey}`,
-        };
+        const h = { "Content-Type": "application/json" };
+        if (this.config.serviceKey)
+            h.Authorization = `Bearer ${this.config.serviceKey}`;
+        if (this.config.tenantId)
+            h["X-Tenant-Id"] = this.config.tenantId;
+        return h;
     }
-    /**
-     * Create an invoice on the BTCPay store.
-     *
-     * Returns the invoice ID and checkout link (URL to redirect the user).
-     */
-    async createInvoice(opts) {
-        const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices`;
-        const body = {
-            amount: String(opts.amountUsd),
-            currency: "USD",
-            metadata: {
-                orderId: opts.orderId,
-                buyerEmail: opts.buyerEmail,
-            },
-            checkout: {
-                speedPolicy: "MediumSpeed",
-                expirationMinutes: 30,
-                ...(opts.redirectURL ? { redirectURL: opts.redirectURL } : {}),
-            },
-        };
-        const res = await fetch(url, {
+    /** Derive the next unused address for a chain. */
+    async deriveAddress(chain) {
+        const res = await fetch(`${this.config.baseUrl}/address`, {
             method: "POST",
             headers: this.headers(),
-            body: JSON.stringify(body),
+            body: JSON.stringify({ chain }),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            throw new Error(`CryptoService deriveAddress failed (${res.status}): ${text}`);
+        }
+        return (await res.json());
+    }
+    /** Create a payment charge — derives address, sets expiry, starts watching. */
+    async createCharge(opts) {
+        const res = await fetch(`${this.config.baseUrl}/charges`, {
+            method: "POST",
+            headers: this.headers(),
+            body: JSON.stringify(opts),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            throw new Error(`CryptoService createCharge failed (${res.status}): ${text}`);
+        }
+        return (await res.json());
+    }
+    /** Check charge status. */
+    async getCharge(chargeId) {
+        const res = await fetch(`${this.config.baseUrl}/charges/${encodeURIComponent(chargeId)}`, {
+            headers: this.headers(),
         });
         if (!res.ok) {
             const text = await res.text().catch(() => "");
-            throw new Error(`BTCPay createInvoice failed (${res.status}): ${text}`);
+            throw new Error(`CryptoService getCharge failed (${res.status}): ${text}`);
         }
-        const data = (await res.json());
-        return { id: data.id, checkoutLink: data.checkoutLink };
+        return (await res.json());
     }
-    /** Get invoice status by ID. */
-    async getInvoice(invoiceId) {
-        const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices/${invoiceId}`;
-        const res = await fetch(url, { headers: this.headers() });
+    /** List all enabled payment methods (for checkout UI). */
+    async listChains() {
+        const res = await fetch(`${this.config.baseUrl}/chains`, {
+            headers: this.headers(),
+        });
         if (!res.ok) {
             const text = await res.text().catch(() => "");
-            throw new Error(`BTCPay getInvoice failed (${res.status}): ${text}`);
+            throw new Error(`CryptoService listChains failed (${res.status}): ${text}`);
         }
         return (await res.json());
     }
 }
 /**
- * Load BTCPay config from environment variables.
- * Returns null if any required var is missing.
+ * Load crypto service config from environment.
+ * Returns null if CRYPTO_SERVICE_URL is not set.
+ *
+ * Also supports legacy BTCPay env vars for backwards compat during migration.
  */
 export function loadCryptoConfig() {
-    const apiKey = process.env.BTCPAY_API_KEY;
-    const baseUrl = process.env.BTCPAY_BASE_URL;
-    const storeId = process.env.BTCPAY_STORE_ID;
-    if (!apiKey || !baseUrl || !storeId)
-        return null;
-    return { apiKey, baseUrl, storeId };
+    const baseUrl = process.env.CRYPTO_SERVICE_URL;
+    if (baseUrl) {
+        return {
+            baseUrl,
+            serviceKey: process.env.CRYPTO_SERVICE_KEY,
+            tenantId: process.env.TENANT_ID,
+        };
+    }
+    return null;
+}
+/**
+ * @deprecated Use CryptoServiceClient instead. BTCPay is replaced by the crypto key server.
+ * Kept for backwards compat — products still import BTCPayClient during migration.
+ */
+export class BTCPayClient {
+    constructor(_config) { }
+    async createInvoice(_opts) {
+        throw new Error("BTCPayClient is deprecated — migrate to CryptoServiceClient");
+    }
+    async getInvoice(_invoiceId) {
+        throw new Error("BTCPayClient is deprecated — migrate to CryptoServiceClient");
+    }
 }