@zauthx402/sdk 0.1.6 → 0.1.7

package/dist/middleware/index.mjs

@@ -58,9 +58,9 @@ var require_constants = __commonJS({
   }
 });
 
-// ../../node_modules/node-gyp-build/node-gyp-build.js
+// node_modules/node-gyp-build/node-gyp-build.js
 var require_node_gyp_build = __commonJS({
-  "../../node_modules/node-gyp-build/node-gyp-build.js"(exports$1, module) {
+  "node_modules/node-gyp-build/node-gyp-build.js"(exports$1, module) {
     var fs = __require("fs");
     var path = __require("path");
     var os = __require("os");
@@ -227,9 +227,9 @@ var require_node_gyp_build = __commonJS({
   }
 });
 
-// ../../node_modules/node-gyp-build/index.js
+// node_modules/node-gyp-build/index.js
 var require_node_gyp_build2 = __commonJS({
-  "../../node_modules/node-gyp-build/index.js"(exports$1, module) {
+  "node_modules/node-gyp-build/index.js"(exports$1, module) {
     var runtimeRequire = typeof __webpack_require__ === "function" ? __non_webpack_require__ : __require;
     if (typeof runtimeRequire.addon === "function") {
       module.exports = runtimeRequire.addon.bind(runtimeRequire);
@@ -239,9 +239,9 @@ var require_node_gyp_build2 = __commonJS({
   }
 });
 
-// ../../node_modules/bufferutil/fallback.js
+// node_modules/bufferutil/fallback.js
 var require_fallback = __commonJS({
-  "../../node_modules/bufferutil/fallback.js"(exports$1, module) {
+  "node_modules/bufferutil/fallback.js"(exports$1, module) {
     var mask = (source, mask2, output, offset, length) => {
       for (var i = 0; i < length; i++) {
         output[offset + i] = source[i] ^ mask2[i & 3];
@@ -257,9 +257,9 @@ var require_fallback = __commonJS({
   }
 });
 
-// ../../node_modules/bufferutil/index.js
+// node_modules/bufferutil/index.js
 var require_bufferutil = __commonJS({
-  "../../node_modules/bufferutil/index.js"(exports$1, module) {
+  "node_modules/bufferutil/index.js"(exports$1, module) {
     try {
       module.exports = require_node_gyp_build2()(__dirname);
     } catch (e) {
@@ -773,9 +773,9 @@ var require_permessage_deflate = __commonJS({
   }
 });
 
-// ../../node_modules/utf-8-validate/fallback.js
+// node_modules/utf-8-validate/fallback.js
 var require_fallback2 = __commonJS({
-  "../../node_modules/utf-8-validate/fallback.js"(exports$1, module) {
+  "node_modules/utf-8-validate/fallback.js"(exports$1, module) {
     function isValidUTF8(buf) {
       const len = buf.length;
       let i = 0;
@@ -809,9 +809,9 @@ var require_fallback2 = __commonJS({
   }
 });
 
-// ../../node_modules/utf-8-validate/index.js
+// node_modules/utf-8-validate/index.js
 var require_utf_8_validate = __commonJS({
-  "../../node_modules/utf-8-validate/index.js"(exports$1, module) {
+  "node_modules/utf-8-validate/index.js"(exports$1, module) {
     try {
       module.exports = require_node_gyp_build2()(__dirname);
     } catch (e) {
@@ -3931,6 +3931,7 @@ var DEFAULT_CONFIG = {
   refund: {
     enabled: false,
     privateKey: process.env.ZAUTH_REFUND_PRIVATE_KEY,
+    solanaPrivateKey: process.env.ZAUTH_SOLANA_PRIVATE_KEY,
     network: "base",
     triggers: {
       serverError: true,
@@ -3961,6 +3962,7 @@ function resolveConfig(config) {
     enabled: config.refund?.enabled ?? DEFAULT_CONFIG.refund.enabled,
     signer: config.refund?.signer,
     privateKey: config.refund?.privateKey ?? DEFAULT_CONFIG.refund.privateKey,
+    solanaPrivateKey: config.refund?.solanaPrivateKey ?? DEFAULT_CONFIG.refund.solanaPrivateKey,
     network: config.refund?.network ?? DEFAULT_CONFIG.refund.network,
     triggers: {
       ...DEFAULT_CONFIG.refund.triggers,
@@ -4533,17 +4535,68 @@ function decodePaymentHeader(paymentHeader) {
       decoded = paymentHeader;
     }
     const parsed = JSON.parse(decoded);
-    const payer = parsed.payload?.authorization?.from || // x402 V2
+    let payer = parsed.payload?.authorization?.from || // x402 V2 EVM
     parsed.payer || parsed.from || parsed.payload?.from || parsed.x?.signature?.address || null;
+    if (!payer && parsed.payload?.transaction) {
+      payer = extractSolanaFeePayer(parsed.payload.transaction);
+    }
     const amount = parsed.payload?.authorization?.value || // x402 V2
     parsed.amount || parsed.payload?.amount || null;
-    const network = parsed.payload?.authorization?.network || // x402 V2
+    let network = parsed.payload?.authorization?.network || // x402 V2 EVM
     parsed.network || parsed.payload?.network || null;
+    if (!network && parsed.payload?.transaction && payer) {
+      network = "solana:5eykt4UsFv8P8NJdTREpY1vzqKqZKvdp";
+    }
     return { payer, amount, network };
   } catch {
     return null;
   }
 }
+function extractSolanaFeePayer(base64Transaction) {
+  try {
+    const txBytes = typeof Buffer !== "undefined" ? Buffer.from(base64Transaction, "base64") : Uint8Array.from(atob(base64Transaction), (c) => c.charCodeAt(0));
+    let offset = 0;
+    const numSignatures = txBytes[offset];
+    offset += 1;
+    offset += numSignatures * 64;
+    const firstByte = txBytes[offset];
+    if ((firstByte & 128) !== 0) {
+      offset += 1;
+    }
+    offset += 3;
+    const numAccounts = txBytes[offset];
+    offset += 1;
+    if (numAccounts > 0 && offset + 32 <= txBytes.length) {
+      const feePayerBytes = txBytes.slice(offset, offset + 32);
+      return base58Encode(feePayerBytes);
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+function base58Encode(bytes) {
+  const ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+  const BASE = 58;
+  let num = BigInt(0);
+  for (const byte of bytes) {
+    num = num * BigInt(256) + BigInt(byte);
+  }
+  let result = "";
+  while (num > 0) {
+    const remainder = Number(num % BigInt(BASE));
+    num = num / BigInt(BASE);
+    result = ALPHABET[remainder] + result;
+  }
+  for (const byte of bytes) {
+    if (byte === 0) {
+      result = "1" + result;
+    } else {
+      break;
+    }
+  }
+  return result || "1";
+}
 
 // src/validator.ts
 function validateResponse(body, statusCode, config) {
@@ -5073,14 +5126,98 @@ var RefundExecutor = class {
     }
   }
   /**
-   * Execute Solana refund
+   * Execute Solana refund using @solana/kit v2 libraries
    */
-  async executeSolanaRefund(_refund, _amountRaw) {
-    return {
-      success: false,
-      error: "Solana refunds not yet implemented",
-      retryable: false
-    };
+  async executeSolanaRefund(refund, amountRaw) {
+    try {
+      const solanaPrivateKey = this.config.solanaPrivateKey;
+      if (!solanaPrivateKey) {
+        return {
+          success: false,
+          error: "No Solana private key configured (set ZAUTH_SOLANA_PRIVATE_KEY)",
+          retryable: false
+        };
+      }
+      const { createKeyPairSignerFromPrivateKeyBytes } = await import('@solana/signers');
+      const {
+        createSolanaRpc,
+        address,
+        pipe,
+        createTransactionMessage,
+        setTransactionMessageFeePayer,
+        setTransactionMessageLifetimeUsingBlockhash,
+        appendTransactionMessageInstructions,
+        signTransactionMessageWithSigners,
+        getBase64EncodedWireTransaction
+      } = await import('@solana/kit');
+      const {
+        findAssociatedTokenPda,
+        getTransferInstruction,
+        TOKEN_PROGRAM_ADDRESS
+      } = await import('@solana-program/token');
+      const bs58 = await import('bs58');
+      const USDC_MINT = address("EPjFWdd5AufqSSqeM2qN1xzybapC8G4wEGGkZwyTDt1v");
+      const rpcUrl = process.env.SOLANA_RPC_URL || "https://api.mainnet-beta.solana.com";
+      const rpc = createSolanaRpc(rpcUrl);
+      let signer;
+      try {
+        const secretKey = bs58.default.decode(solanaPrivateKey);
+        const privateKeyBytes = secretKey.slice(0, 32);
+        signer = await createKeyPairSignerFromPrivateKeyBytes(privateKeyBytes);
+      } catch {
+        return {
+          success: false,
+          error: "Invalid Solana private key format (expected base58)",
+          retryable: false
+        };
+      }
+      const recipientAddress = address(refund.recipientAddress);
+      const [senderAta] = await findAssociatedTokenPda({
+        mint: USDC_MINT,
+        owner: signer.address,
+        tokenProgram: TOKEN_PROGRAM_ADDRESS
+      });
+      const [recipientAta] = await findAssociatedTokenPda({
+        mint: USDC_MINT,
+        owner: recipientAddress,
+        tokenProgram: TOKEN_PROGRAM_ADDRESS
+      });
+      const transferIx = getTransferInstruction({
+        source: senderAta,
+        destination: recipientAta,
+        authority: signer,
+        amount: BigInt(amountRaw)
+      });
+      const { value: latestBlockhash } = await rpc.getLatestBlockhash().send();
+      const tx = pipe(
+        createTransactionMessage({ version: 0 }),
+        (tx2) => setTransactionMessageFeePayer(signer.address, tx2),
+        (tx2) => setTransactionMessageLifetimeUsingBlockhash(latestBlockhash, tx2),
+        (tx2) => appendTransactionMessageInstructions([transferIx], tx2)
+      );
+      const signedTx = await signTransactionMessageWithSigners(tx);
+      const base64Tx = getBase64EncodedWireTransaction(signedTx);
+      const txSignature = await rpc.sendTransaction(base64Tx, { encoding: "base64" }).send();
+      this.log("Solana refund sent", {
+        txHash: txSignature,
+        to: refund.recipientAddress,
+        amount: amountRaw
+      });
+      return {
+        success: true,
+        txHash: txSignature,
+        amountRaw,
+        gasCostCents: 0
+        // Solana fees are negligible
+      };
+    } catch (error) {
+      this.log("Solana refund failed", { error: error.message });
+      return {
+        success: false,
+        error: error.message,
+        retryable: true
+      };
+    }
   }
   /**
    * Get endpoint-specific config by matching URL patterns