@wopr-network/platform-core 1.42.3 → 1.44.0

package/dist/billing/crypto/__tests__/key-server.test.js

@@ -0,0 +1,240 @@
+import { describe, expect, it, vi } from "vitest";
+import { createKeyServerApp } from "../key-server.js";
+/** Create a mock db that supports transaction() by passing itself to the callback. */
+function createMockDb() {
+    const mockMethod = {
+        id: "btc",
+        type: "native",
+        token: "BTC",
+        chain: "bitcoin",
+        xpub: "xpub6CUGRUonZSQ4TWtTMmzXdrXDtypWKiKrhko4egpiMZbpiaQL2jkwSB1icqYh2cfDfVxdx4df189oLKnC5fSwqPfgyP3hooxujYzAu3fDVmz",
+        nextIndex: 1,
+        decimals: 8,
+        confirmations: 6,
+    };
+    const db = {
+        update: vi.fn().mockReturnValue({
+            set: vi.fn().mockReturnValue({
+                where: vi.fn().mockReturnValue({
+                    returning: vi.fn().mockResolvedValue([mockMethod]),
+                }),
+            }),
+        }),
+        insert: vi.fn().mockReturnValue({
+            values: vi.fn().mockReturnValue({
+                onConflictDoNothing: vi.fn().mockResolvedValue({ rowCount: 1 }),
+            }),
+        }),
+        select: vi.fn().mockReturnValue({
+            from: vi.fn().mockReturnValue({
+                where: vi.fn().mockResolvedValue([]),
+            }),
+        }),
+        // transaction() passes itself as tx — mocks work the same way
+        transaction: vi.fn().mockImplementation(async (fn) => fn(db)),
+    };
+    return db;
+}
+/** Minimal mock deps for key server tests. */
+function mockDeps() {
+    const chargeStore = {
+        getByReferenceId: vi.fn().mockResolvedValue({
+            referenceId: "btc:bc1q...",
+            status: "New",
+            depositAddress: "bc1q...",
+            chain: "bitcoin",
+            token: "BTC",
+            amountUsdCents: 5000,
+            creditedAt: null,
+        }),
+        createStablecoinCharge: vi.fn().mockResolvedValue(undefined),
+        create: vi.fn(),
+        updateStatus: vi.fn(),
+        markCredited: vi.fn(),
+        isCredited: vi.fn(),
+        getByDepositAddress: vi.fn(),
+        getNextDerivationIndex: vi.fn(),
+        listActiveDepositAddresses: vi.fn(),
+    };
+    const methodStore = {
+        listEnabled: vi.fn().mockResolvedValue([
+            {
+                id: "btc",
+                token: "BTC",
+                chain: "bitcoin",
+                decimals: 8,
+                displayName: "Bitcoin",
+                contractAddress: null,
+                confirmations: 6,
+            },
+            {
+                id: "base-usdc",
+                token: "USDC",
+                chain: "base",
+                decimals: 6,
+                displayName: "USDC on Base",
+                contractAddress: "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
+                confirmations: 12,
+            },
+        ]),
+        listAll: vi.fn(),
+        getById: vi.fn().mockResolvedValue({
+            id: "btc",
+            type: "native",
+            token: "BTC",
+            chain: "bitcoin",
+            decimals: 8,
+            displayName: "Bitcoin",
+            contractAddress: null,
+            confirmations: 6,
+            oracleAddress: "0x64c911996D3c6aC71f9b455B1E8E7266BcbD848F",
+            xpub: null,
+            displayOrder: 0,
+            enabled: true,
+            rpcUrl: null,
+        }),
+        listByType: vi.fn(),
+        upsert: vi.fn().mockResolvedValue(undefined),
+        setEnabled: vi.fn().mockResolvedValue(undefined),
+    };
+    return {
+        db: createMockDb(),
+        chargeStore: chargeStore,
+        methodStore: methodStore,
+        oracle: { getPrice: vi.fn().mockResolvedValue({ priceCents: 6_500_000, updatedAt: new Date() }) },
+    };
+}
+describe("key-server routes", () => {
+    it("GET /chains returns enabled payment methods", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/chains");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body).toHaveLength(2);
+        expect(body[0].token).toBe("BTC");
+        expect(body[1].token).toBe("USDC");
+    });
+    it("POST /address requires chain", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({}),
+        });
+        expect(res.status).toBe(400);
+    });
+    it("POST /address derives BTC address", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^bc1q/);
+        expect(body.index).toBe(0);
+        expect(body.chain).toBe("bitcoin");
+        expect(body.token).toBe("BTC");
+    });
+    it("GET /charges/:id returns charge status", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges/btc:bc1q...");
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.chargeId).toBe("btc:bc1q...");
+        expect(body.status).toBe("New");
+    });
+    it("GET /charges/:id returns 404 for missing charge", async () => {
+        const deps = mockDeps();
+        deps.chargeStore.getByReferenceId.mockResolvedValue(null);
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/charges/nonexistent");
+        expect(res.status).toBe(404);
+    });
+    it("POST /charges validates amountUsd", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc", amountUsd: -10 }),
+        });
+        expect(res.status).toBe(400);
+    });
+    it("POST /charges creates a charge", async () => {
+        const app = createKeyServerApp(mockDeps());
+        const res = await app.request("/charges", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc", amountUsd: 50 }),
+        });
+        expect(res.status).toBe(201);
+        const body = await res.json();
+        expect(body.address).toMatch(/^bc1q/);
+        expect(body.amountUsd).toBe(50);
+        expect(body.expiresAt).toBeTruthy();
+    });
+    it("GET /admin/next-path returns available path", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "test-admin";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0", {
+            headers: { Authorization: "Bearer test-admin" },
+        });
+        expect(res.status).toBe(200);
+        const body = await res.json();
+        expect(body.path).toBe("m/44'/0'/0'");
+        expect(body.status).toBe("available");
+    });
+    it("DELETE /admin/chains/:id disables chain", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "test-admin";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/chains/doge", {
+            method: "DELETE",
+            headers: { Authorization: "Bearer test-admin" },
+        });
+        expect(res.status).toBe(204);
+        expect(deps.methodStore.setEnabled).toHaveBeenCalledWith("doge", false);
+    });
+});
+describe("key-server auth", () => {
+    it("rejects unauthenticated request when serviceKey is set", async () => {
+        const deps = mockDeps();
+        deps.serviceKey = "sk-test-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(401);
+    });
+    it("allows authenticated request with correct serviceKey", async () => {
+        const deps = mockDeps();
+        deps.serviceKey = "sk-test-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/address", {
+            method: "POST",
+            headers: { "Content-Type": "application/json", Authorization: "Bearer sk-test-secret" },
+            body: JSON.stringify({ chain: "btc" }),
+        });
+        expect(res.status).toBe(201);
+    });
+    it("rejects admin route without adminToken", async () => {
+        const deps = mockDeps();
+        // no adminToken set — admin routes disabled
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0");
+        expect(res.status).toBe(403);
+    });
+    it("allows admin route with correct adminToken", async () => {
+        const deps = mockDeps();
+        deps.adminToken = "admin-secret";
+        const app = createKeyServerApp(deps);
+        const res = await app.request("/admin/next-path?coin_type=0", {
+            headers: { Authorization: "Bearer admin-secret" },
+        });
+        expect(res.status).toBe(200);
+    });
+});

package/dist/billing/crypto/btc/watcher.d.ts

@@ -12,6 +12,8 @@ export interface BtcWatcherOpts {
     oracle: IPriceOracle;
     /** Required — BTC has no block cursor, so txid dedup must be persisted. */
     cursorStore: IWatcherCursorStore;
+    /** Override chain identity for cursor namespace (default: config.network). Prevents txid collisions across BTC/LTC/DOGE. */
+    chainId?: string;
 }
 export declare class BtcWatcher {
     private readonly rpc;

package/dist/billing/crypto/btc/watcher.js

@@ -13,7 +13,7 @@ export class BtcWatcher {
         this.minConfirmations = opts.config.confirmations;
         this.oracle = opts.oracle;
         this.cursorStore = opts.cursorStore;
-        this.watcherId = `btc:${opts.config.network}`;
+        this.watcherId = `btc:${opts.chainId ?? opts.config.network}`;
     }
     /** Update the set of watched addresses. */
     setWatchedAddresses(addresses) {

package/dist/billing/crypto/charge-store.d.ts

@@ -14,6 +14,9 @@ export interface CryptoChargeRecord {
     token: string | null;
     depositAddress: string | null;
     derivationIndex: number | null;
+    callbackUrl: string | null;
+    expectedAmount: string | null;
+    receivedAmount: string | null;
 }
 export interface CryptoDepositChargeInput {
     referenceId: string;
@@ -23,6 +26,9 @@ export interface CryptoDepositChargeInput {
     token: string;
     depositAddress: string;
     derivationIndex: number;
+    callbackUrl?: string;
+    /** Expected crypto amount in native base units (sats for BTC, base units for ERC20). */
+    expectedAmount?: string;
 }
 export interface ICryptoChargeRepository {
     create(referenceId: string, tenantId: string, amountUsdCents: number): Promise<void>;
@@ -42,7 +48,7 @@ export interface ICryptoChargeRepository {
 /**
  * Manages crypto charge records in PostgreSQL.
  *
- * Each charge maps a BTCPay invoice ID to a tenant and tracks
+ * Each charge maps a deposit address to a tenant and tracks
  * the payment lifecycle (New → Processing → Settled/Expired/Invalid).
  *
  * amountUsdCents stores the requested amount in USD cents (integer).

package/dist/billing/crypto/charge-store.js

@@ -3,7 +3,7 @@ import { cryptoCharges } from "../../db/schema/crypto.js";
 /**
  * Manages crypto charge records in PostgreSQL.
  *
- * Each charge maps a BTCPay invoice ID to a tenant and tracks
+ * Each charge maps a deposit address to a tenant and tracks
  * the payment lifecycle (New → Processing → Settled/Expired/Invalid).
  *
  * amountUsdCents stores the requested amount in USD cents (integer).
@@ -46,6 +46,9 @@ export class DrizzleCryptoChargeRepository {
             token: row.token ?? null,
             depositAddress: row.depositAddress ?? null,
             derivationIndex: row.derivationIndex ?? null,
+            callbackUrl: row.callbackUrl ?? null,
+            expectedAmount: row.expectedAmount ?? null,
+            receivedAmount: row.receivedAmount ?? null,
         };
     }
     /** Update charge status and payment details from webhook. */
@@ -89,6 +92,9 @@ export class DrizzleCryptoChargeRepository {
             token: input.token,
             depositAddress: input.depositAddress.toLowerCase(),
             derivationIndex: input.derivationIndex,
+            callbackUrl: input.callbackUrl,
+            expectedAmount: input.expectedAmount,
+            receivedAmount: "0",
         });
     }
     /** Look up a charge by its deposit address. */

package/dist/billing/crypto/client.d.ts

@@ -1,39 +1,77 @@
-import type { CryptoBillingConfig } from "./types.js";
-export type { CryptoBillingConfig as CryptoConfig };
 /**
- * Lightweight BTCPay Server Greenfield API client.
+ * Crypto Key Server client — for products to call the shared service.
  *
- * Uses plain fetch — zero vendor dependencies.
- * Auth header format: "token <apiKey>" (NOT "Bearer").
+ * Replaces BTCPayClient. Products set CRYPTO_SERVICE_URL instead of
+ * BTCPAY_API_KEY + BTCPAY_BASE_URL + BTCPAY_STORE_ID.
  */
-export declare class BTCPayClient {
+export interface CryptoServiceConfig {
+    /** Base URL of the crypto key server (e.g. http://10.120.0.5:3100) */
+    baseUrl: string;
+    /** Service key for auth (reuses gateway service key) */
+    serviceKey?: string;
+    /** Tenant ID header */
+    tenantId?: string;
+}
+export interface DeriveAddressResult {
+    address: string;
+    index: number;
+    chain: string;
+    token: string;
+}
+export interface CreateChargeResult {
+    chargeId: string;
+    address: string;
+    chain: string;
+    token: string;
+    amountUsd: number;
+    derivationIndex: number;
+    expiresAt: string;
+}
+export interface ChargeStatus {
+    chargeId: string;
+    status: string;
+    address: string | null;
+    chain: string | null;
+    token: string | null;
+    amountUsdCents: number;
+    creditedAt: string | null;
+}
+export interface ChainInfo {
+    id: string;
+    token: string;
+    chain: string;
+    decimals: number;
+    displayName: string;
+    contractAddress: string | null;
+    confirmations: number;
+}
+/**
+ * Client for the shared crypto key server.
+ * Products use this instead of running local watchers + holding xpubs.
+ */
+export declare class CryptoServiceClient {
     private readonly config;
-    constructor(config: CryptoBillingConfig);
+    constructor(config: CryptoServiceConfig);
     private headers;
-    /**
-     * Create an invoice on the BTCPay store.
-     *
-     * Returns the invoice ID and checkout link (URL to redirect the user).
-     */
-    createInvoice(opts: {
+    /** Derive the next unused address for a chain. */
+    deriveAddress(chain: string): Promise<DeriveAddressResult>;
+    /** Create a payment charge — derives address, sets expiry, starts watching. */
+    createCharge(opts: {
+        chain: string;
         amountUsd: number;
-        orderId: string;
-        buyerEmail?: string;
-        redirectURL?: string;
-    }): Promise<{
-        id: string;
-        checkoutLink: string;
-    }>;
-    /** Get invoice status by ID. */
-    getInvoice(invoiceId: string): Promise<{
-        id: string;
-        status: string;
-        amount: string;
-        currency: string;
-    }>;
+        callbackUrl?: string;
+        metadata?: Record<string, unknown>;
+    }): Promise<CreateChargeResult>;
+    /** Check charge status. */
+    getCharge(chargeId: string): Promise<ChargeStatus>;
+    /** List all enabled payment methods (for checkout UI). */
+    listChains(): Promise<ChainInfo[]>;
 }
 /**
- * Load BTCPay config from environment variables.
- * Returns null if any required var is missing.
+ * Load crypto service config from environment.
+ * Returns null if CRYPTO_SERVICE_URL is not set.
+ *
+ * Also supports legacy BTCPay env vars for backwards compat during migration.
  */
-export declare function loadCryptoConfig(): CryptoBillingConfig | null;
+export declare function loadCryptoConfig(): CryptoServiceConfig | null;
+export type CryptoConfig = CryptoServiceConfig;

package/dist/billing/crypto/client.js

@@ -1,72 +1,89 @@
 /**
- * Lightweight BTCPay Server Greenfield API client.
+ * Crypto Key Server client — for products to call the shared service.
  *
- * Uses plain fetch — zero vendor dependencies.
- * Auth header format: "token <apiKey>" (NOT "Bearer").
+ * Replaces BTCPayClient. Products set CRYPTO_SERVICE_URL instead of
+ * BTCPAY_API_KEY + BTCPAY_BASE_URL + BTCPAY_STORE_ID.
  */
-export class BTCPayClient {
+/**
+ * Client for the shared crypto key server.
+ * Products use this instead of running local watchers + holding xpubs.
+ */
+export class CryptoServiceClient {
     config;
     constructor(config) {
         this.config = config;
     }
     headers() {
-        return {
-            "Content-Type": "application/json",
-            Authorization: `token ${this.config.apiKey}`,
-        };
+        const h = { "Content-Type": "application/json" };
+        if (this.config.serviceKey)
+            h.Authorization = `Bearer ${this.config.serviceKey}`;
+        if (this.config.tenantId)
+            h["X-Tenant-Id"] = this.config.tenantId;
+        return h;
     }
-    /**
-     * Create an invoice on the BTCPay store.
-     *
-     * Returns the invoice ID and checkout link (URL to redirect the user).
-     */
-    async createInvoice(opts) {
-        const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices`;
-        const body = {
-            amount: String(opts.amountUsd),
-            currency: "USD",
-            metadata: {
-                orderId: opts.orderId,
-                buyerEmail: opts.buyerEmail,
-            },
-            checkout: {
-                speedPolicy: "MediumSpeed",
-                expirationMinutes: 30,
-                ...(opts.redirectURL ? { redirectURL: opts.redirectURL } : {}),
-            },
-        };
-        const res = await fetch(url, {
+    /** Derive the next unused address for a chain. */
+    async deriveAddress(chain) {
+        const res = await fetch(`${this.config.baseUrl}/address`, {
             method: "POST",
             headers: this.headers(),
-            body: JSON.stringify(body),
+            body: JSON.stringify({ chain }),
         });
         if (!res.ok) {
             const text = await res.text().catch(() => "");
-            throw new Error(`BTCPay createInvoice failed (${res.status}): ${text}`);
+            throw new Error(`CryptoService deriveAddress failed (${res.status}): ${text}`);
         }
-        const data = (await res.json());
-        return { id: data.id, checkoutLink: data.checkoutLink };
+        return (await res.json());
     }
-    /** Get invoice status by ID. */
-    async getInvoice(invoiceId) {
-        const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices/${invoiceId}`;
-        const res = await fetch(url, { headers: this.headers() });
+    /** Create a payment charge — derives address, sets expiry, starts watching. */
+    async createCharge(opts) {
+        const res = await fetch(`${this.config.baseUrl}/charges`, {
+            method: "POST",
+            headers: this.headers(),
+            body: JSON.stringify(opts),
+        });
         if (!res.ok) {
             const text = await res.text().catch(() => "");
-            throw new Error(`BTCPay getInvoice failed (${res.status}): ${text}`);
+            throw new Error(`CryptoService createCharge failed (${res.status}): ${text}`);
+        }
+        return (await res.json());
+    }
+    /** Check charge status. */
+    async getCharge(chargeId) {
+        const res = await fetch(`${this.config.baseUrl}/charges/${encodeURIComponent(chargeId)}`, {
+            headers: this.headers(),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            throw new Error(`CryptoService getCharge failed (${res.status}): ${text}`);
+        }
+        return (await res.json());
+    }
+    /** List all enabled payment methods (for checkout UI). */
+    async listChains() {
+        const res = await fetch(`${this.config.baseUrl}/chains`, {
+            headers: this.headers(),
+        });
+        if (!res.ok) {
+            const text = await res.text().catch(() => "");
+            throw new Error(`CryptoService listChains failed (${res.status}): ${text}`);
         }
         return (await res.json());
     }
 }
 /**
- * Load BTCPay config from environment variables.
- * Returns null if any required var is missing.
+ * Load crypto service config from environment.
+ * Returns null if CRYPTO_SERVICE_URL is not set.
+ *
+ * Also supports legacy BTCPay env vars for backwards compat during migration.
  */
 export function loadCryptoConfig() {
-    const apiKey = process.env.BTCPAY_API_KEY;
-    const baseUrl = process.env.BTCPAY_BASE_URL;
-    const storeId = process.env.BTCPAY_STORE_ID;
-    if (!apiKey || !baseUrl || !storeId)
-        return null;
-    return { apiKey, baseUrl, storeId };
+    const baseUrl = process.env.CRYPTO_SERVICE_URL;
+    if (baseUrl) {
+        return {
+            baseUrl,
+            serviceKey: process.env.CRYPTO_SERVICE_KEY,
+            tenantId: process.env.TENANT_ID,
+        };
+    }
+    return null;
 }