npm - @wtflabs/x402-server - Versions diffs - 0.0.1-beta.10 → 0.0.1-beta.11 - Mend

@wtflabs/x402-server 0.0.1-beta.10 → 0.0.1-beta.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,602 @@
+// src/token-detection.ts
+var EIP3009_SIGNATURES = ["0xe3ee160e", "0xcf092995"];
+var EIP2612_PERMIT = "0xd505accf";
+var PERMIT2_ADDRESS = "0x000000000022D473030F116dDEE9F6B43aC78BA3";
+var EIP1967_IMPLEMENTATION_SLOT = "0x360894a13ba1a3210667c828492db98dca3e2076cc3735a920a3ca505d382bbc";
+var EIP1822_IMPLEMENTATION_SLOT = "0x7050c9e0f4ca769c69bd3a8ef740bc37934f8e2c036e5a723fd8ee048ed3f8c3";
+async function getImplementationAddress(client, proxyAddress) {
+  try {
+    try {
+      const implSlotData = await client.getStorageAt({
+        address: proxyAddress,
+        slot: EIP1967_IMPLEMENTATION_SLOT
+      });
+      if (implSlotData && implSlotData !== "0x0000000000000000000000000000000000000000000000000000000000000000") {
+        const implAddress = `0x${implSlotData.slice(-40)}`;
+        if (implAddress !== "0x0000000000000000000000000000000000000000") {
+          console.log(`  \u{1F4E6} Detected EIP-1967 proxy, implementation: ${implAddress}`);
+          return implAddress;
+        }
+      }
+    } catch {
+    }
+    try {
+      const uupsSlotData = await client.getStorageAt({
+        address: proxyAddress,
+        slot: EIP1822_IMPLEMENTATION_SLOT
+      });
+      if (uupsSlotData && uupsSlotData !== "0x0000000000000000000000000000000000000000000000000000000000000000") {
+        const implAddress = `0x${uupsSlotData.slice(-40)}`;
+        if (implAddress !== "0x0000000000000000000000000000000000000000") {
+          console.log(`  \u{1F4E6} Detected EIP-1822 UUPS proxy, implementation: ${implAddress}`);
+          return implAddress;
+        }
+      }
+    } catch {
+    }
+    try {
+      const implABI = [
+        {
+          inputs: [],
+          name: "implementation",
+          outputs: [{ name: "", type: "address" }],
+          stateMutability: "view",
+          type: "function"
+        }
+      ];
+      const implAddress = await client.readContract({
+        address: proxyAddress,
+        abi: implABI,
+        functionName: "implementation"
+      });
+      if (implAddress && implAddress !== "0x0000000000000000000000000000000000000000") {
+        console.log(`  \u{1F4E6} Detected proxy via implementation(), implementation: ${implAddress}`);
+        return implAddress;
+      }
+    } catch {
+    }
+    return null;
+  } catch (error) {
+    console.error("Error detecting proxy implementation:", error);
+    return null;
+  }
+}
+async function hasMethod(client, tokenAddress, methodSelector) {
+  try {
+    const code = await client.getBytecode({ address: tokenAddress });
+    if (!code) return false;
+    const hasMethodInProxy = code.toLowerCase().includes(methodSelector.slice(2).toLowerCase());
+    if (hasMethodInProxy) {
+      return true;
+    }
+    const implAddress = await getImplementationAddress(client, tokenAddress);
+    if (implAddress) {
+      const implCode = await client.getBytecode({ address: implAddress });
+      if (implCode) {
+        const hasMethodInImpl = implCode.toLowerCase().includes(methodSelector.slice(2).toLowerCase());
+        if (hasMethodInImpl) {
+          console.log(`  \u2705 Method ${methodSelector} found in implementation contract`);
+        }
+        return hasMethodInImpl;
+      }
+    }
+    return false;
+  } catch (error) {
+    console.error(`Error checking method ${methodSelector}:`, error);
+    return false;
+  }
+}
+async function hasAnyMethod(client, tokenAddress, methodSelectors) {
+  try {
+    const code = await client.getBytecode({ address: tokenAddress });
+    if (!code) return false;
+    const codeLower = code.toLowerCase();
+    const hasMethodInProxy = methodSelectors.some(
+      (selector) => codeLower.includes(selector.slice(2).toLowerCase())
+    );
+    if (hasMethodInProxy) {
+      return true;
+    }
+    const implAddress = await getImplementationAddress(client, tokenAddress);
+    if (implAddress) {
+      const implCode = await client.getBytecode({ address: implAddress });
+      if (implCode) {
+        const implCodeLower = implCode.toLowerCase();
+        const hasMethodInImpl = methodSelectors.some(
+          (selector) => implCodeLower.includes(selector.slice(2).toLowerCase())
+        );
+        if (hasMethodInImpl) {
+          console.log(`  \u2705 Method(s) found in implementation contract`);
+        }
+        return hasMethodInImpl;
+      }
+    }
+    return false;
+  } catch (error) {
+    console.error(`Error checking methods ${methodSelectors.join(", ")}:`, error);
+    return false;
+  }
+}
+async function checkPermit2Support(client) {
+  try {
+    const permit2Code = await client.getBytecode({ address: PERMIT2_ADDRESS });
+    if (!permit2Code) return false;
+    return true;
+  } catch (error) {
+    console.error("Error checking Permit2 support:", error);
+    return false;
+  }
+}
+async function detectTokenPaymentMethods(tokenAddress, client) {
+  const address = tokenAddress.toLowerCase();
+  console.log(`\u{1F50D} Detecting payment methods for token ${address}...`);
+  const [hasEIP3009, hasPermit, hasPermit2Approval] = await Promise.all([
+    hasAnyMethod(client, address, EIP3009_SIGNATURES),
+    hasMethod(client, address, EIP2612_PERMIT),
+    checkPermit2Support(client)
+  ]);
+  const supportedMethods = [];
+  if (hasEIP3009) {
+    supportedMethods.push("eip3009");
+    console.log("  \u2705 EIP-3009 (transferWithAuthorization) detected");
+  }
+  if (hasPermit) {
+    supportedMethods.push("permit");
+    console.log("  \u2705 EIP-2612 (permit) detected");
+  }
+  if (hasPermit2Approval) {
+    supportedMethods.push("permit2");
+    supportedMethods.push("permit2-witness");
+    console.log("  \u2705 Permit2 support available (universal)");
+  }
+  if (supportedMethods.length === 0) {
+    console.log("  \u26A0\uFE0F  No advanced payment methods detected (standard ERC-20 only)");
+  }
+  return {
+    address,
+    supportedMethods,
+    details: {
+      hasEIP3009,
+      hasPermit,
+      hasPermit2Approval
+    }
+  };
+}
+function getRecommendedPaymentMethod(capabilities) {
+  const { supportedMethods } = capabilities;
+  if (supportedMethods.includes("eip3009")) return "eip3009";
+  if (supportedMethods.includes("permit")) return "permit";
+  if (supportedMethods.includes("permit2") || supportedMethods.includes("permit2-witness")) {
+    return "permit2";
+  }
+  return null;
+}
+async function getTokenInfo(tokenAddress, client) {
+  const address = tokenAddress.toLowerCase();
+  const erc20ABI = [
+    {
+      inputs: [],
+      name: "name",
+      outputs: [{ name: "", type: "string" }],
+      stateMutability: "view",
+      type: "function"
+    }
+  ];
+  const eip712DomainABI = [
+    {
+      inputs: [],
+      name: "eip712Domain",
+      outputs: [
+        { name: "fields", type: "bytes1" },
+        { name: "name", type: "string" },
+        { name: "version", type: "string" },
+        { name: "chainId", type: "uint256" },
+        { name: "verifyingContract", type: "address" },
+        { name: "salt", type: "bytes32" },
+        { name: "extensions", type: "uint256[]" }
+      ],
+      stateMutability: "view",
+      type: "function"
+    }
+  ];
+  const versionABI = [
+    {
+      inputs: [],
+      name: "version",
+      outputs: [{ name: "", type: "string" }],
+      stateMutability: "view",
+      type: "function"
+    }
+  ];
+  try {
+    const implAddress = await getImplementationAddress(client, address);
+    if (implAddress) {
+      console.log(`  \u{1F4E6} Reading token info from proxy, actual calls will be delegated to implementation`);
+    }
+    const name = await client.readContract({
+      address,
+      abi: erc20ABI,
+      functionName: "name"
+    });
+    let version = "1";
+    try {
+      const result = await client.readContract({
+        address,
+        abi: eip712DomainABI,
+        functionName: "eip712Domain"
+      });
+      version = result[2];
+    } catch {
+      try {
+        version = await client.readContract({
+          address,
+          abi: versionABI,
+          functionName: "version"
+        });
+      } catch {
+        console.log(`  \u2139\uFE0F  Using default version "1" for token ${address}`);
+      }
+    }
+    return {
+      name,
+      version
+    };
+  } catch (error) {
+    console.error(`Error getting token info for ${address}:`, error);
+    throw new Error(`Failed to get token info: ${error}`);
+  }
+}
+// src/server.ts
+var X402Server = class {
+  constructor(config) {
+    this.initialized = false;
+    this.facilitator = config.facilitator;
+    this.schema = config.schema;
+    this.client = config.client;
+    this._initialize();
+  }
+  async _initialize() {
+    try {
+      this.schema.verify();
+      const schemaAsset = this.schema.get("asset");
+      if (schemaAsset) {
+        try {
+          const tokenInfo = await getTokenInfo(schemaAsset, this.client);
+          this.schema.setExtra({
+            name: tokenInfo.name,
+            version: tokenInfo.version
+          });
+          console.log(`\u2705 Token info retrieved: ${tokenInfo.name} v${tokenInfo.version}`);
+        } catch (error) {
+          console.warn(`\u26A0\uFE0F  Failed to get token info, signatures may fail:`, error);
+        }
+      }
+      const verifyResult = await this._verify();
+      if (!verifyResult.success) {
+        return {
+          success: false,
+          error: verifyResult.errors?.[0] || "Verification failed"
+        };
+      }
+      this.initialized = true;
+      return { success: true };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Initialization failed"
+      };
+    }
+  }
+  /**
+   * 验证配置
+   * 1. 验证 client network 是否和 schema 的 network 匹配
+   * 2. 验证 facilitator recipientAddress 和 schema payTo 是否一致
+   */
+  async _verify() {
+    const errors = [];
+    try {
+      const schemaAsset = this.schema.get("asset");
+      if (schemaAsset) {
+        const tokenCapabilities = await detectTokenPaymentMethods(
+          schemaAsset,
+          this.client
+        );
+        const currentPaymentType = this.schema.get("paymentType");
+        if (!currentPaymentType) {
+          const recommendedMethod = getRecommendedPaymentMethod(tokenCapabilities);
+          if (recommendedMethod) {
+            this.schema.set("paymentType", recommendedMethod);
+          } else {
+            errors.push(
+              `Token ${schemaAsset} does not support any advanced payment methods (permit, eip3009, permit2). Please specify paymentType manually.`
+            );
+          }
+        } else {
+          if (!tokenCapabilities.supportedMethods.includes(currentPaymentType)) {
+            errors.push(
+              `Token ${schemaAsset} does not support the specified payment method "${currentPaymentType}". Supported methods: ${tokenCapabilities.supportedMethods.join(", ")}`
+            );
+          }
+        }
+        if (tokenCapabilities.supportedMethods.length === 0) {
+          errors.push(
+            `Token ${schemaAsset} does not support any advanced payment methods (permit, eip3009, permit2)`
+          );
+        }
+      }
+      const clientChainId = this.client.chain?.id;
+      const schemaNetwork = this.schema.get("network");
+      if (clientChainId && schemaAsset) {
+        const facilitatorSupported = await this.facilitator.supported({
+          chainId: clientChainId,
+          tokenAddress: schemaAsset
+        });
+        const isSupportedByFacilitator = facilitatorSupported.kinds.some(
+          (kind) => {
+            const networkMatches = kind.network === schemaNetwork;
+            const assetsInKind = kind.extra?.assets || [];
+            const assetMatches = assetsInKind.some(
+              (asset) => asset.address.toLowerCase() === schemaAsset.toLowerCase()
+            );
+            return networkMatches && assetMatches;
+          }
+        );
+        if (!isSupportedByFacilitator) {
+          errors.push(
+            `Facilitator does not support token ${schemaAsset} on network ${schemaNetwork} (chainId: ${clientChainId})`
+          );
+        } else {
+        }
+        const chainSupported = facilitatorSupported.kinds.some(
+          (kind) => kind.network === schemaNetwork
+        );
+        if (!chainSupported) {
+          errors.push(
+            `Facilitator does not support network ${schemaNetwork} (chainId: ${clientChainId})`
+          );
+        }
+      }
+      if (clientChainId) {
+        const networkValid = this.validateNetwork(
+          schemaNetwork,
+          clientChainId
+        );
+        if (!networkValid) {
+          errors.push(
+            `Network mismatch: client chainId ${clientChainId} does not match schema network ${schemaNetwork}`
+          );
+        }
+      }
+      const schemaPayTo = this.schema.get("payTo");
+      const facilitatorRecipientAddress = this.facilitator.recipientAddress;
+      if (schemaPayTo.toLowerCase() !== facilitatorRecipientAddress.toLowerCase()) {
+        errors.push(
+          `Address mismatch: schema payTo ${schemaPayTo} does not match facilitator recipientAddress ${facilitatorRecipientAddress}`
+        );
+      }
+      return {
+        success: errors.length === 0,
+        errors: errors.length > 0 ? errors : void 0
+      };
+    } catch (error) {
+      errors.push(
+        error instanceof Error ? error.message : "Unknown verification error"
+      );
+      return {
+        success: false,
+        errors
+      };
+    }
+  }
+  /**
+   * 结算支付
+   * @param paymentPayload 支付负载
+   * @param paymentRequirements 支付要求
+   */
+  async settle(paymentPayload, paymentRequirements) {
+    if (!this.initialized) {
+      return {
+        success: false,
+        error: "Server not initialized. Please call initialize() first."
+      };
+    }
+    try {
+      const result = await this.facilitator.settle(
+        paymentPayload,
+        paymentRequirements
+      );
+      if (!result.success) {
+        return {
+          success: false,
+          error: result.error || result.errorMessage
+        };
+      }
+      return {
+        success: true,
+        transaction: result.transaction
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Settlement failed"
+      };
+    }
+  }
+  /**
+   * 验证支付负载
+   * @param paymentPayload 支付负载
+   * @param paymentRequirements 支付要求
+   */
+  async verify(paymentPayload, paymentRequirements) {
+    if (!this.initialized) {
+      return {
+        success: false,
+        error: "Server not initialized. Please call initialize() first."
+      };
+    }
+    try {
+      const result = await this.facilitator.verify(
+        paymentPayload,
+        paymentRequirements
+      );
+      return {
+        success: result.success,
+        data: result.payer,
+        error: result.error || result.errorMessage
+      };
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : "Payment verification failed"
+      };
+    }
+  }
+  /**
+   * 获取 facilitator
+   */
+  getFacilitator() {
+    return this.facilitator;
+  }
+  /**
+   * 获取 schema
+   */
+  getSchema() {
+    return this.schema;
+  }
+  /**
+   * 获取 client
+   */
+  getClient() {
+    return this.client;
+  }
+  /**
+   * 检查是否已初始化
+   */
+  isInitialized() {
+    return this.initialized;
+  }
+  /**
+   * 验证网络是否匹配
+   * @param schemaNetwork schema 中的 network
+   * @param clientChainId client 的 chainId
+   * @returns 是否匹配
+   */
+  validateNetwork(schemaNetwork, clientChainId) {
+    if (schemaNetwork.startsWith("eip155:")) {
+      const chainId = parseInt(schemaNetwork.split(":")[1] || "0");
+      return chainId === clientChainId;
+    }
+    const networkMap = {
+      "ethereum": 1,
+      "goerli": 5,
+      "sepolia": 11155111,
+      "base": 8453,
+      "base-sepolia": 84532,
+      "bsc": 56,
+      "bsc-testnet": 97,
+      "polygon": 137,
+      "polygon-mumbai": 80001,
+      "arbitrum": 42161,
+      "arbitrum-goerli": 421613,
+      "optimism": 10,
+      "optimism-goerli": 420,
+      "avalanche": 43114,
+      "avalanche-fuji": 43113
+    };
+    const expectedChainId = networkMap[schemaNetwork];
+    if (expectedChainId !== void 0) {
+      return expectedChainId === clientChainId;
+    }
+    return true;
+  }
+  /**
+   * 解析支付 header
+   * @param paymentHeaderBase64 Base64 编码的支付 header
+   * @returns 解析结果，成功时返回 paymentPayload 和 paymentRequirements，失败时返回服务端的支付要求
+   */
+  parsePaymentHeader(paymentHeaderBase64) {
+    const paymentRequirements = this.schema.toJSON();
+    if (!paymentHeaderBase64) {
+      return {
+        success: false,
+        data: paymentRequirements,
+        error: "No X-PAYMENT header"
+      };
+    }
+    let paymentPayload;
+    try {
+      const paymentHeaderJson = Buffer.from(
+        paymentHeaderBase64,
+        "base64"
+      ).toString("utf-8");
+      paymentPayload = JSON.parse(paymentHeaderJson);
+    } catch (err) {
+      return {
+        success: false,
+        data: paymentRequirements,
+        error: "Invalid payment header format"
+      };
+    }
+    const validationError = this.validatePaymentPayload(
+      paymentPayload,
+      paymentRequirements
+    );
+    if (validationError) {
+      return {
+        success: false,
+        data: paymentRequirements,
+        error: validationError
+      };
+    }
+    return {
+      success: true,
+      data: {
+        paymentPayload,
+        paymentRequirements
+      }
+    };
+  }
+  /**
+   * 验证客户端的支付数据是否与服务端要求一致
+   * @param paymentPayload 客户端的支付负载
+   * @param paymentRequirements 服务端的支付要求
+   * @returns 错误信息，如果验证通过则返回 null
+   */
+  validatePaymentPayload(paymentPayload, paymentRequirements) {
+    if (paymentPayload.scheme !== paymentRequirements.scheme) {
+      return `Scheme mismatch: expected '${paymentRequirements.scheme}', got '${paymentPayload.scheme}'`;
+    }
+    if (paymentPayload.network !== paymentRequirements.network) {
+      return `Network mismatch: expected '${paymentRequirements.network}', got '${paymentPayload.network}'`;
+    }
+    if (paymentPayload.payload) {
+      const authorization = paymentPayload.payload.authorization;
+      if (authorization?.value) {
+        const paymentAmount = BigInt(authorization.value);
+        const maxAmount = BigInt(paymentRequirements.maxAmountRequired);
+        if (paymentAmount !== maxAmount) {
+          return `Payment amount error ${paymentAmount} !== ${maxAmount}`;
+        }
+      }
+      if (authorization?.to) {
+        const expectedPayTo = paymentRequirements.payTo.toLowerCase();
+        const actualPayTo = authorization.to.toLowerCase();
+        if (actualPayTo !== expectedPayTo) {
+          return `PayTo address mismatch: expected '${expectedPayTo}', got '${actualPayTo}'`;
+        }
+      }
+      const authorizationType = paymentPayload.payload.authorizationType;
+      if (authorizationType === "permit" || authorizationType === "permit2" || authorizationType === "eip3009") {
+      }
+    }
+    return null;
+  }
+};
+export {
+  X402Server,
+  detectTokenPaymentMethods,
+  getRecommendedPaymentMethod,
+  getTokenInfo
+};
+//# sourceMappingURL=index.mjs.map