@wopr-network/platform-core 1.42.3 → 1.44.0

package/src/billing/crypto/client.ts

@@ -1,86 +1,145 @@
-import type { CryptoBillingConfig } from "./types.js";
+/**
+ * Crypto Key Server client — for products to call the shared service.
+ *
+ * Replaces BTCPayClient. Products set CRYPTO_SERVICE_URL instead of
+ * BTCPAY_API_KEY + BTCPAY_BASE_URL + BTCPAY_STORE_ID.
+ */
 
-export type { CryptoBillingConfig as CryptoConfig };
+export interface CryptoServiceConfig {
+  /** Base URL of the crypto key server (e.g. http://10.120.0.5:3100) */
+  baseUrl: string;
+  /** Service key for auth (reuses gateway service key) */
+  serviceKey?: string;
+  /** Tenant ID header */
+  tenantId?: string;
+}
+
+export interface DeriveAddressResult {
+  address: string;
+  index: number;
+  chain: string;
+  token: string;
+}
+
+export interface CreateChargeResult {
+  chargeId: string;
+  address: string;
+  chain: string;
+  token: string;
+  amountUsd: number;
+  derivationIndex: number;
+  expiresAt: string;
+}
+
+export interface ChargeStatus {
+  chargeId: string;
+  status: string;
+  address: string | null;
+  chain: string | null;
+  token: string | null;
+  amountUsdCents: number;
+  creditedAt: string | null;
+}
+
+export interface ChainInfo {
+  id: string;
+  token: string;
+  chain: string;
+  decimals: number;
+  displayName: string;
+  contractAddress: string | null;
+  confirmations: number;
+}
 
 /**
- * Lightweight BTCPay Server Greenfield API client.
- *
- * Uses plain fetch — zero vendor dependencies.
- * Auth header format: "token <apiKey>" (NOT "Bearer").
+ * Client for the shared crypto key server.
+ * Products use this instead of running local watchers + holding xpubs.
  */
-export class BTCPayClient {
-  constructor(private readonly config: CryptoBillingConfig) {}
+export class CryptoServiceClient {
+  constructor(private readonly config: CryptoServiceConfig) {}
 
   private headers(): Record<string, string> {
-    return {
-      "Content-Type": "application/json",
-      Authorization: `token ${this.config.apiKey}`,
-    };
+    const h: Record<string, string> = { "Content-Type": "application/json" };
+    if (this.config.serviceKey) h.Authorization = `Bearer ${this.config.serviceKey}`;
+    if (this.config.tenantId) h["X-Tenant-Id"] = this.config.tenantId;
+    return h;
   }
 
-  /**
-   * Create an invoice on the BTCPay store.
-   *
-   * Returns the invoice ID and checkout link (URL to redirect the user).
-   */
-  async createInvoice(opts: {
-    amountUsd: number;
-    orderId: string;
-    buyerEmail?: string;
-    redirectURL?: string;
-  }): Promise<{ id: string; checkoutLink: string }> {
-    const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices`;
-    const body = {
-      amount: String(opts.amountUsd),
-      currency: "USD",
-      metadata: {
-        orderId: opts.orderId,
-        buyerEmail: opts.buyerEmail,
-      },
-      checkout: {
-        speedPolicy: "MediumSpeed",
-        expirationMinutes: 30,
-        ...(opts.redirectURL ? { redirectURL: opts.redirectURL } : {}),
-      },
-    };
-
-    const res = await fetch(url, {
+  /** Derive the next unused address for a chain. */
+  async deriveAddress(chain: string): Promise<DeriveAddressResult> {
+    const res = await fetch(`${this.config.baseUrl}/address`, {
       method: "POST",
       headers: this.headers(),
-      body: JSON.stringify(body),
+      body: JSON.stringify({ chain }),
     });
-
     if (!res.ok) {
       const text = await res.text().catch(() => "");
-      throw new Error(`BTCPay createInvoice failed (${res.status}): ${text}`);
+      throw new Error(`CryptoService deriveAddress failed (${res.status}): ${text}`);
     }
-
-    const data = (await res.json()) as { id: string; checkoutLink: string };
-    return { id: data.id, checkoutLink: data.checkoutLink };
+    return (await res.json()) as DeriveAddressResult;
   }
 
-  /** Get invoice status by ID. */
-  async getInvoice(invoiceId: string): Promise<{ id: string; status: string; amount: string; currency: string }> {
-    const url = `${this.config.baseUrl}/api/v1/stores/${this.config.storeId}/invoices/${invoiceId}`;
-    const res = await fetch(url, { headers: this.headers() });
+  /** Create a payment charge — derives address, sets expiry, starts watching. */
+  async createCharge(opts: {
+    chain: string;
+    amountUsd: number;
+    callbackUrl?: string;
+    metadata?: Record<string, unknown>;
+  }): Promise<CreateChargeResult> {
+    const res = await fetch(`${this.config.baseUrl}/charges`, {
+      method: "POST",
+      headers: this.headers(),
+      body: JSON.stringify(opts),
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new Error(`CryptoService createCharge failed (${res.status}): ${text}`);
+    }
+    return (await res.json()) as CreateChargeResult;
+  }
 
+  /** Check charge status. */
+  async getCharge(chargeId: string): Promise<ChargeStatus> {
+    const res = await fetch(`${this.config.baseUrl}/charges/${encodeURIComponent(chargeId)}`, {
+      headers: this.headers(),
+    });
     if (!res.ok) {
       const text = await res.text().catch(() => "");
-      throw new Error(`BTCPay getInvoice failed (${res.status}): ${text}`);
+      throw new Error(`CryptoService getCharge failed (${res.status}): ${text}`);
     }
+    return (await res.json()) as ChargeStatus;
+  }
 
-    return (await res.json()) as { id: string; status: string; amount: string; currency: string };
+  /** List all enabled payment methods (for checkout UI). */
+  async listChains(): Promise<ChainInfo[]> {
+    const res = await fetch(`${this.config.baseUrl}/chains`, {
+      headers: this.headers(),
+    });
+    if (!res.ok) {
+      const text = await res.text().catch(() => "");
+      throw new Error(`CryptoService listChains failed (${res.status}): ${text}`);
+    }
+    return (await res.json()) as ChainInfo[];
   }
 }
 
 /**
- * Load BTCPay config from environment variables.
- * Returns null if any required var is missing.
+ * Load crypto service config from environment.
+ * Returns null if CRYPTO_SERVICE_URL is not set.
+ *
+ * Also supports legacy BTCPay env vars for backwards compat during migration.
  */
-export function loadCryptoConfig(): CryptoBillingConfig | null {
-  const apiKey = process.env.BTCPAY_API_KEY;
-  const baseUrl = process.env.BTCPAY_BASE_URL;
-  const storeId = process.env.BTCPAY_STORE_ID;
-  if (!apiKey || !baseUrl || !storeId) return null;
-  return { apiKey, baseUrl, storeId };
+export function loadCryptoConfig(): CryptoServiceConfig | null {
+  const baseUrl = process.env.CRYPTO_SERVICE_URL;
+  if (baseUrl) {
+    return {
+      baseUrl,
+      serviceKey: process.env.CRYPTO_SERVICE_KEY,
+      tenantId: process.env.TENANT_ID,
+    };
+  }
+  return null;
 }
+
+// Legacy type alias for backwards compat
+export type CryptoConfig = CryptoServiceConfig;

package/src/billing/crypto/index.ts

@@ -1,24 +1,29 @@
 export * from "./btc/index.js";
 export type { CryptoChargeRecord, CryptoDepositChargeInput, ICryptoChargeRepository } from "./charge-store.js";
 export { CryptoChargeRepository, DrizzleCryptoChargeRepository } from "./charge-store.js";
-export { createCryptoCheckout, MIN_PAYMENT_USD } from "./checkout.js";
-export type { CryptoConfig } from "./client.js";
-export { BTCPayClient, loadCryptoConfig } from "./client.js";
+export type {
+  ChainInfo,
+  ChargeStatus,
+  CreateChargeResult,
+  CryptoConfig,
+  CryptoServiceConfig,
+  DeriveAddressResult,
+} from "./client.js";
+export { CryptoServiceClient, loadCryptoConfig } from "./client.js";
 export type { IWatcherCursorStore } from "./cursor-store.js";
 export { DrizzleWatcherCursorStore } from "./cursor-store.js";
 export * from "./evm/index.js";
+export type { KeyServerDeps } from "./key-server.js";
+export { createKeyServerApp } from "./key-server.js";
+export type {
+  KeyServerWebhookDeps as CryptoWebhookDeps,
+  KeyServerWebhookPayload as CryptoWebhookPayload,
+  KeyServerWebhookResult as CryptoWebhookResult,
+} from "./key-server-webhook.js";
+export { handleKeyServerWebhook, handleKeyServerWebhook as handleCryptoWebhook } from "./key-server-webhook.js";
 export * from "./oracle/index.js";
 export type { IPaymentMethodStore, PaymentMethodRecord } from "./payment-method-store.js";
 export { DrizzlePaymentMethodStore } from "./payment-method-store.js";
-export type {
-  CryptoBillingConfig,
-  CryptoCheckoutOpts,
-  CryptoPaymentState,
-  CryptoWebhookPayload,
-  CryptoWebhookResult,
-} from "./types.js";
-export { mapBtcPayEventToStatus } from "./types.js";
+export type { CryptoPaymentState } from "./types.js";
 export type { UnifiedCheckoutDeps, UnifiedCheckoutResult } from "./unified-checkout.js";
-export { createUnifiedCheckout, MIN_CHECKOUT_USD } from "./unified-checkout.js";
-export type { CryptoWebhookDeps } from "./webhook.js";
-export { handleCryptoWebhook, verifyCryptoWebhookSignature } from "./webhook.js";
+export { createUnifiedCheckout, MIN_CHECKOUT_USD as MIN_PAYMENT_USD, MIN_CHECKOUT_USD } from "./unified-checkout.js";

package/src/billing/crypto/key-server-entry.ts

@@ -0,0 +1,96 @@
+/**
+ * Standalone entry point for the crypto key server.
+ *
+ * Deploys on the chain server (pay.wopr.bot:3100).
+ * Boots: postgres → migrations → key server routes → watchers → serve.
+ *
+ * Usage: node dist/billing/crypto/key-server-entry.js
+ */
+/* biome-ignore-all lint/suspicious/noConsole: standalone entry point */
+import { serve } from "@hono/node-server";
+import { drizzle } from "drizzle-orm/node-postgres";
+import { migrate } from "drizzle-orm/node-postgres/migrator";
+import pg from "pg";
+import * as schema from "../../db/schema/index.js";
+import { DrizzleCryptoChargeRepository } from "./charge-store.js";
+import { DrizzleWatcherCursorStore } from "./cursor-store.js";
+import { createRpcCaller } from "./evm/watcher.js";
+import { createKeyServerApp } from "./key-server.js";
+import { ChainlinkOracle } from "./oracle/chainlink.js";
+import { FixedPriceOracle } from "./oracle/fixed.js";
+import { DrizzlePaymentMethodStore } from "./payment-method-store.js";
+import { startWatchers } from "./watcher-service.js";
+
+const PORT = Number(process.env.PORT ?? "3100");
+const DATABASE_URL = process.env.DATABASE_URL;
+const SERVICE_KEY = process.env.SERVICE_KEY;
+const ADMIN_TOKEN = process.env.ADMIN_TOKEN;
+const BITCOIND_USER = process.env.BITCOIND_USER ?? "btcpay";
+const BITCOIND_PASSWORD = process.env.BITCOIND_PASSWORD ?? "";
+const BASE_RPC_URL = process.env.BASE_RPC_URL ?? "https://mainnet.base.org";
+
+if (!DATABASE_URL) {
+  console.error("DATABASE_URL is required");
+  process.exit(1);
+}
+
+async function main(): Promise<void> {
+  const pool = new pg.Pool({ connectionString: DATABASE_URL });
+
+  // Run migrations FIRST, before creating schema-typed db
+  console.log("[crypto-key-server] Running migrations...");
+  await migrate(drizzle(pool), { migrationsFolder: "./drizzle/migrations" });
+
+  // Now create the schema-typed db (columns guaranteed to exist)
+  console.log("[crypto-key-server] Connecting...");
+  const db = drizzle(pool, { schema }) as unknown as import("../../db/index.js").DrizzleDb;
+
+  const chargeStore = new DrizzleCryptoChargeRepository(db);
+  const methodStore = new DrizzlePaymentMethodStore(db);
+
+  // Chainlink on-chain oracle for volatile assets (BTC, ETH).
+  const oracle = BASE_RPC_URL
+    ? new ChainlinkOracle({ rpcCall: createRpcCaller(BASE_RPC_URL) })
+    : new FixedPriceOracle();
+
+  const app = createKeyServerApp({
+    db,
+    chargeStore,
+    methodStore,
+    oracle,
+    serviceKey: SERVICE_KEY,
+    adminToken: ADMIN_TOKEN,
+  });
+
+  // Boot watchers (BTC + EVM) — polls for payments, sends webhooks
+  const cursorStore = new DrizzleWatcherCursorStore(db);
+  const stopWatchers = await startWatchers({
+    db,
+    chargeStore,
+    methodStore,
+    cursorStore,
+    oracle,
+    bitcoindUser: BITCOIND_USER,
+    bitcoindPassword: BITCOIND_PASSWORD,
+    log: (msg, meta) => console.log(`[watcher] ${msg}`, meta ?? ""),
+  });
+
+  const server = serve({ fetch: app.fetch, port: PORT });
+  console.log(`[crypto-key-server] Listening on :${PORT}`);
+
+  // Graceful shutdown — stop accepting requests, drain watchers, close pool
+  const shutdown = async () => {
+    console.log("[crypto-key-server] Shutting down...");
+    stopWatchers();
+    server.close();
+    await pool.end();
+    process.exit(0);
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+}
+
+main().catch((err) => {
+  console.error("[crypto-key-server] Fatal:", err);
+  process.exit(1);
+});

package/src/billing/crypto/key-server-webhook.ts

@@ -0,0 +1,119 @@
+/**
+ * Key Server webhook handler — processes payment confirmations from the
+ * centralized crypto key server.
+ *
+ * Payload shape (from watcher-service.ts):
+ * {
+ *   chargeId: "btc:bc1q...",
+ *   chain: "bitcoin",
+ *   address: "bc1q...",
+ *   amountUsdCents: 5000,
+ *   status: "confirmed",
+ *   txHash: "abc123...",
+ *   amountReceived: "50000 sats",
+ *   confirmations: 6
+ * }
+ *
+ * Replaces handleCryptoWebhook() for products using the key server.
+ */
+import { Credit } from "../../credits/credit.js";
+import type { ILedger } from "../../credits/ledger.js";
+import type { IWebhookSeenRepository } from "../webhook-seen-repository.js";
+import type { ICryptoChargeRepository } from "./charge-store.js";
+
+export interface KeyServerWebhookPayload {
+  chargeId: string;
+  chain: string;
+  address: string;
+  amountUsdCents: number;
+  status: string;
+  txHash?: string;
+  amountReceived?: string;
+  confirmations?: number;
+}
+
+export interface KeyServerWebhookDeps {
+  chargeStore: ICryptoChargeRepository;
+  creditLedger: ILedger;
+  replayGuard: IWebhookSeenRepository;
+  onCreditsPurchased?: (tenantId: string, ledger: ILedger) => Promise<string[]>;
+}
+
+export interface KeyServerWebhookResult {
+  handled: boolean;
+  duplicate?: boolean;
+  tenant?: string;
+  creditedCents?: number;
+  reactivatedBots?: string[];
+}
+
+/**
+ * Process a payment confirmation from the crypto key server.
+ *
+ * Credits the ledger when status is "confirmed".
+ * Idempotency: ledger referenceId + replay guard (same pattern as Stripe handler).
+ */
+export async function handleKeyServerWebhook(
+  deps: KeyServerWebhookDeps,
+  payload: KeyServerWebhookPayload,
+): Promise<KeyServerWebhookResult> {
+  const { chargeStore, creditLedger } = deps;
+
+  // Replay guard: deduplicate by chargeId
+  const dedupeKey = `ks:${payload.chargeId}`;
+  if (await deps.replayGuard.isDuplicate(dedupeKey, "crypto")) {
+    return { handled: true, duplicate: true };
+  }
+
+  // Look up the charge to find the tenant + amount
+  const charge = await chargeStore.getByReferenceId(payload.chargeId);
+  if (!charge) {
+    return { handled: false };
+  }
+
+  if (payload.status === "confirmed") {
+    // Only settle when payment is confirmed
+    await chargeStore.updateStatus(payload.chargeId, "Settled", charge.token ?? undefined, payload.amountReceived);
+
+    // Idempotency: check ledger referenceId (atomic, same as BTCPay handler)
+    const creditRef = `crypto:${payload.chargeId}`;
+    if (await creditLedger.hasReferenceId(creditRef)) {
+      await deps.replayGuard.markSeen(dedupeKey, "crypto");
+      return { handled: true, duplicate: true, tenant: charge.tenantId };
+    }
+
+    // Credit the original USD amount requested.
+    // charge.amountUsdCents is integer cents. Credit.fromCents() → nanodollars.
+    await creditLedger.credit(charge.tenantId, Credit.fromCents(charge.amountUsdCents), "purchase", {
+      description: `Crypto payment confirmed (${payload.chain}, tx: ${payload.txHash ?? "unknown"})`,
+      referenceId: creditRef,
+      fundingSource: "crypto",
+    });
+
+    await chargeStore.markCredited(payload.chargeId);
+
+    let reactivatedBots: string[] | undefined;
+    if (deps.onCreditsPurchased) {
+      reactivatedBots = await deps.onCreditsPurchased(charge.tenantId, creditLedger);
+      if (reactivatedBots.length === 0) reactivatedBots = undefined;
+    }
+
+    await deps.replayGuard.markSeen(dedupeKey, "crypto");
+    return {
+      handled: true,
+      tenant: charge.tenantId,
+      creditedCents: charge.amountUsdCents,
+      reactivatedBots,
+    };
+  }
+
+  // Non-confirmed status — update status but don't settle or credit
+  await chargeStore.updateStatus(
+    payload.chargeId,
+    payload.status as "Processing",
+    charge.token ?? undefined,
+    payload.amountReceived,
+  );
+  await deps.replayGuard.markSeen(dedupeKey, "crypto");
+  return { handled: true, tenant: charge.tenantId };
+}