accounts 0.7.2 → 0.8.1

package/src/server/internal/handlers/relay.ts

@@ -130,107 +130,156 @@ export function relay(options: relay.Options = {}): Handler {
             typeof parameters.from === 'string' ? (parameters.from as Address) : undefined
           const requestFeeToken =
             typeof parameters.feeToken === 'string' ? (parameters.feeToken as Address) : undefined
-          const requestsSponsorship = !!feePayerOptions && parameters.feePayer !== false
-
-          // 1. Resolve fee token.
-          const feeToken = features.feeTokenResolution
-            ? await resolveFeeToken(client, {
-                account: from,
-                feeToken: requestFeeToken,
-                tokens: resolveTokens(chainId),
-              })
-            : requestFeeToken
-
-          // 2. Fill transaction via RPC node (with AMM resolution on InsufficientBalance).
-          const normalized = Utils.normalizeFillTransactionRequest(parameters)
-          const transaction = {
+          const externalFeePayerUrl =
+            typeof parameters.feePayer === 'string' ? parameters.feePayer : undefined
+          const requestsSponsorship =
+            (!!feePayerOptions || !!externalFeePayerUrl) && parameters.feePayer !== false
+
+          const { feePayer: _feePayer, ...normalized } =
+            Utils.normalizeFillTransactionRequest(parameters)
+          const baseTx = {
             ...normalized,
             ...(typeof chainId !== 'undefined' ? { chainId } : {}),
-            ...(requestsSponsorship ? { feePayer: true } : {}),
-            ...(feeToken ? { feeToken } : {}),
+            ...(requestFeeToken ? { feeToken: requestFeeToken } : {}),
           }
-          let filled = await (async () => {
-            if (requestsSponsorship && Sponsorship.isPreparedTransaction(transaction))
-              return { transaction: Utils.normalizeTempoTransaction(transaction) }
-            return await fill(client, { autoSwap, feeToken, transaction })
-          })()
 
-          // 3. Check if the fee payer approves this transaction.
-          const sponsored =
-            requestsSponsorship && feePayerOptions
-              ? await Sponsorship.shouldSponsor({
-                  sender: from,
-                  transaction: filled.transaction,
-                  validate: feePayerOptions.validate,
+          let filled: Awaited<ReturnType<typeof fill>>
+          let sponsored = false
+          let feeToken = requestFeeToken
+
+          // Lazily resolve a swap source token when autoSwap needs one.
+          const resolveFeeTokenForSwap = from
+            ? (insufficientToken: Address) =>
+                resolveFeeToken(client, {
+                  account: from,
+                  feeToken: undefined,
+                  tokens: (resolveTokens(chainId) ?? []).filter(
+                    (t) => t.toLowerCase() !== insufficientToken.toLowerCase(),
+                  ),
                 })
-              : false
-
-          // Re-fill without feePayer when sponsorship is rejected so the
-          // gas estimate and nonce are correct for a self-paid transaction.
-          if (requestsSponsorship && !sponsored) {
-            const { feePayer: _, ...tx } = transaction
-            filled = await fill(client, { autoSwap, feeToken, transaction: tx })
+            : undefined
+
+          // When the app provides its own fee payer URL, route the fill
+          // through that service so it can sign the transaction.
+          const fillClient = externalFeePayerUrl
+            ? createClient({
+                chain: client.chain,
+                batch: { multicall: { deployless: true } },
+                transport: http(externalFeePayerUrl),
+              })
+            : client
+
+          if (requestsSponsorship && !feePayerOptions?.validate) {
+            // Path A: sponsorship guaranteed (no validate) — skip fee token
+            // resolution, fill once with feePayer, then parallelize the rest.
+            const transaction = { ...baseTx, feePayer: true }
+            if (Sponsorship.isPreparedTransaction(transaction)) {
+              filled = {
+                transaction: Utils.normalizeTempoTransaction(transaction),
+                sponsor: undefined,
+              }
+            } else {
+              filled = await fill(fillClient, {
+                autoSwap,
+                feeToken,
+                resolveFeeToken: resolveFeeTokenForSwap,
+                transaction,
+              })
+            }
+            sponsored = true
+          } else if (requestsSponsorship && feePayerOptions?.validate) {
+            // Path B: sponsorship possible but may be rejected — fill both
+            // variants in parallel, then pick the right one.
+            const sponsoredTx = { ...baseTx, feePayer: true }
+
+            if (Sponsorship.isPreparedTransaction(sponsoredTx)) {
+              // Already prepared — skip fills, just validate sponsorship.
+              const prepared = {
+                transaction: Utils.normalizeTempoTransaction(sponsoredTx),
+                sponsor: undefined,
+              }
+              sponsored = await Sponsorship.shouldSponsor({
+                sender: from,
+                transaction: prepared.transaction,
+                validate: feePayerOptions!.validate,
+              })
+              filled = prepared
+            } else {
+              const fillOptions = {
+                autoSwap,
+                feeToken,
+                resolveFeeToken: resolveFeeTokenForSwap,
+              }
+              const [sponsoredFill, unsponsoredFill] = await Promise.all([
+                fill(fillClient, { ...fillOptions, transaction: sponsoredTx }),
+                fill(client, { ...fillOptions, transaction: baseTx }),
+              ])
+              sponsored = await Sponsorship.shouldSponsor({
+                sender: from,
+                transaction: sponsoredFill.transaction,
+                validate: feePayerOptions!.validate,
+              })
+              filled = sponsored ? sponsoredFill : unsponsoredFill
+            }
+          } else {
+            // Path C: no sponsorship configured — resolve fee token, fill once.
+            feeToken = features.feeTokenResolution
+              ? await resolveFeeToken(client, {
+                  account: from,
+                  feeToken: requestFeeToken,
+                  tokens: resolveTokens(chainId),
+                })
+              : requestFeeToken
+            const transaction = { ...baseTx, ...(feeToken ? { feeToken } : {}) }
+            filled = await fill(client, {
+              autoSwap,
+              feeToken,
+              resolveFeeToken: resolveFeeTokenForSwap,
+              transaction,
+            })
           }
 
           const transaction_filled = filled.transaction
           const swap = 'swap' in filled ? filled.swap : undefined
+          if (!feeToken)
+            feeToken =
+              (transaction_filled.feeToken as Address | undefined) ?? resolveTokens(chainId)?.[0]
 
-          // 4. Simulate and compute balance diffs + fee.
-          const { balanceDiffs, fee } = features.simulate
-            ? await simulateAndParseDiffs(client, {
-                account: from,
-                calls: extractCalls(transaction_filled),
-                swap,
-                feeToken: transaction_filled.feeToken,
-                gas: transaction_filled.gas,
-                maxFeePerGas: transaction_filled.maxFeePerGas,
-              })
-            : { balanceDiffs: undefined, fee: undefined }
-
-          // 5. Sign as fee payer (if sponsored and not already signed).
+          // Parallelize: simulate, fee payer signing, and autoSwap metadata.
           const alreadySigned =
             'feePayerSignature' in transaction_filled &&
             transaction_filled.feePayerSignature != null
-          const transaction_final = await (async () => {
-            if (!sponsored || !feePayerOptions || alreadySigned) return transaction_filled
-            return await Sponsorship.sign({
-              account: feePayerOptions.account,
-              sender: from,
-              transaction: transaction_filled,
-            })
-          })()
 
-          const sponsor =
-            sponsored && feePayerOptions ? Sponsorship.getSponsor(feePayerOptions) : undefined
-
-          // 6. Resolve autoSwap metadata (when AMM path was taken).
-          const autoSwap_ = await (async () => {
-            if (!autoSwap || !swap) return undefined
-            const [inMeta, outMeta] = await Promise.all([
-              resolveTokenMetadata(client, swap.tokenIn).catch(() => undefined),
-              resolveTokenMetadata(client, swap.tokenOut).catch(() => undefined),
-            ])
-            if (!inMeta || !outMeta) return undefined
-            return {
-              calls: swap.calls.map((c) => ({ to: c.to, data: c.data })),
-              slippage: autoSwap!.slippage,
-              maxIn: {
-                token: swap.tokenIn,
-                value: Hex.fromNumber(swap.maxAmountIn) as `0x${string}`,
-                formatted: formatUnits(swap.maxAmountIn, inMeta.decimals),
-                decimals: inMeta.decimals,
-                symbol: inMeta.symbol,
-                name: inMeta.name,
-              },
-              minOut: {
-                token: swap.tokenOut,
-                value: Hex.fromNumber(swap.amountOut) as `0x${string}`,
-                formatted: formatUnits(swap.amountOut, outMeta.decimals),
-                decimals: outMeta.decimals,
-                symbol: outMeta.symbol,
-                name: outMeta.name,
-              },
-            }
+          const [{ balanceDiffs, fee }, transaction_final, autoSwap_] = await Promise.all([
+            // Simulate and compute balance diffs + fee.
+            features.simulate
+              ? simulateAndParseDiffs(client, {
+                  account: from,
+                  calls: extractCalls(transaction_filled),
+                  swap,
+                  feeToken,
+                  gas: transaction_filled.gas,
+                  maxFeePerGas: transaction_filled.maxFeePerGas,
+                })
+              : { balanceDiffs: undefined, fee: undefined },
+            // Sign as fee payer (if sponsored and not already signed).
+            sponsored && feePayerOptions && !alreadySigned
+              ? Sponsorship.sign({
+                  account: feePayerOptions.account,
+                  sender: from,
+                  transaction: transaction_filled,
+                })
+              : Promise.resolve(transaction_filled),
+            // Resolve autoSwap metadata (when AMM path was taken).
+            resolveAutoSwapMetadata(client, { autoSwap, swap }),
+          ])
+
+          const sponsor = (() => {
+            if (!sponsored) return undefined
+            // App-provided fee payer: relay back the sponsor from the upstream response.
+            if (externalFeePayerUrl) return filled.sponsor
+            if (feePayerOptions) return Sponsorship.getSponsor(feePayerOptions)
+            return filled.sponsor
           })()
 
           return RpcResponse.from(
@@ -501,6 +550,7 @@ async function fill(
   options: {
     autoSwap?: { slippage: number } | undefined
     feeToken?: Address | undefined
+    resolveFeeToken?: ((insufficientToken: Address) => Promise<Address | undefined>) | undefined
     transaction: Record<string, unknown>
   },
 ) {
@@ -511,14 +561,25 @@ async function fill(
     value.type === '0x76' ? value : Utils.formatFillTransactionRequest(client, value)
 
   try {
+    const formatted = format(request)
     const result = await client.request({
       method: 'eth_fillTransaction',
-      params: [format(request) as never],
+      params: [formatted as never],
     })
-    return { transaction: Utils.normalizeTempoTransaction(result.tx) }
+    // FIXME: node estimates gas with secp256k1 dummy sig + null feePayerSignature.
+    // Actual tx has larger keychain/webAuthn sigs + real fee payer sig, costing
+    // more intrinsic gas. Mirror the bump from viem's tempo chainConfig.
+    // Skip if another relay already bumped (indicated by feePayerSignature).
+    // @ts-expect-error
+    if (result.tx.gas && request.feePayer && !result.tx.feePayerSignature)
+      result.tx.gas = Hex.fromNumber(BigInt(result.tx.gas) + 20_000n)
+    const sponsor = (result as Record<string, any>).capabilities?.sponsor as
+      | { address: Address; name?: string; url?: string }
+      | undefined
+    return { transaction: Utils.normalizeTempoTransaction(result.tx), sponsor }
   } catch (error) {
     if (!(error instanceof Error)) throw error
-    if (!feeToken || !autoSwap) throw error
+    if (!autoSwap) throw error
 
     const revert = ExecutionError.parse(error)
     if (revert?.errorName !== 'InsufficientBalance') throw error
@@ -526,13 +587,19 @@ async function fill(
     const [available, required, token] = revert.args
     if (typeof available === 'undefined' || typeof required === 'undefined' || !token) throw error
 
-    if (token.toLowerCase() === feeToken.toLowerCase()) throw error
+    // Resolve a source token for the swap: use the provided feeToken,
+    // or fall back to resolveFeeToken() to find one the sender holds.
+    const sourceToken =
+      feeToken && feeToken.toLowerCase() !== token.toLowerCase()
+        ? feeToken
+        : await options.resolveFeeToken?.(token as Address)
+    if (!sourceToken || sourceToken.toLowerCase() === token.toLowerCase()) throw error
 
     const deficit = required - available
     const maxAmountIn = deficit + (deficit * BigInt(Math.round(autoSwap.slippage * 1000))) / 1000n
 
     const originalCalls = (request.calls as Call[] | undefined) ?? []
-    const swapCalls = buildSwapCalls(feeToken, token, deficit, maxAmountIn)
+    const swapCalls = buildSwapCalls(sourceToken, token, deficit, maxAmountIn)
 
     const result = await client.request({
       method: 'eth_fillTransaction',
@@ -543,11 +610,15 @@ async function fill(
         }) as never,
       ],
     })
+    const sponsor = (result as Record<string, any>).capabilities?.sponsor as
+      | { address: Address; name?: string; url?: string }
+      | undefined
     return {
       transaction: Utils.normalizeTempoTransaction(result.tx),
+      sponsor,
       swap: {
         calls: swapCalls,
-        tokenIn: feeToken,
+        tokenIn: sourceToken,
         tokenOut: token,
         amountOut: deficit,
         maxAmountIn,
@@ -851,6 +922,50 @@ async function resolveTokenMetadata(
   }
 }
 
+async function resolveAutoSwapMetadata(
+  client: Client,
+  options: {
+    autoSwap?: { slippage: number } | undefined
+    swap?:
+      | {
+          calls: readonly { to: Address; data: `0x${string}` }[]
+          tokenIn: Address
+          tokenOut: Address
+          amountOut: bigint
+          maxAmountIn: bigint
+        }
+      | undefined
+  },
+) {
+  const { autoSwap, swap } = options
+  if (!autoSwap || !swap) return undefined
+  const [inMeta, outMeta] = await Promise.all([
+    resolveTokenMetadata(client, swap.tokenIn).catch(() => undefined),
+    resolveTokenMetadata(client, swap.tokenOut).catch(() => undefined),
+  ])
+  if (!inMeta || !outMeta) return undefined
+  return {
+    calls: swap.calls.map((c) => ({ to: c.to, data: c.data })),
+    slippage: autoSwap.slippage,
+    maxIn: {
+      token: swap.tokenIn,
+      value: Hex.fromNumber(swap.maxAmountIn) as `0x${string}`,
+      formatted: formatUnits(swap.maxAmountIn, inMeta.decimals),
+      decimals: inMeta.decimals,
+      symbol: inMeta.symbol,
+      name: inMeta.name,
+    },
+    minOut: {
+      token: swap.tokenOut,
+      value: Hex.fromNumber(swap.amountOut) as `0x${string}`,
+      formatted: formatUnits(swap.amountOut, outMeta.decimals),
+      decimals: outMeta.decimals,
+      symbol: outMeta.symbol,
+      name: outMeta.name,
+    },
+  }
+}
+
 async function computeFee(
   client: Client,
   options: {

package/src/server/internal/handlers/utils.ts

@@ -6,7 +6,11 @@ import * as z from 'zod/mini'
 export function resolveChainId(value: unknown) {
   if (typeof value === 'number') return value
   if (typeof value === 'bigint') return Number(value)
-  if (typeof value === 'string' && Hex.validate(value)) return Hex.toNumber(value)
+  if (typeof value === 'string') {
+    if (Hex.validate(value)) return Hex.toNumber(value)
+    const n = Number(value)
+    if (Number.isFinite(n)) return n
+  }
   return undefined
 }
 
@@ -16,7 +20,9 @@ export function formatFillTransactionRequest(client: Client, value: Record<strin
   return format({ ...value } as never, 'fillTransaction') as Record<string, unknown>
 }
 
-export function normalizeFillTransactionRequest(tx: Record<string, unknown>) {
+export function normalizeFillTransactionRequest(
+  tx: Record<string, unknown>,
+): Record<string, unknown> & { calls: unknown[] } {
   const { to, data, value, ...rest } = tx
   if (Array.isArray(tx.calls) && tx.calls.length > 0)
     return {

package/src/server/internal/handlers/webAuthn.ts

@@ -57,7 +57,7 @@ export function webAuthn(options: webAuthn.Options): Handler {
         ...(userId ? { user: { id: new TextEncoder().encode(userId), name } } : undefined),
       })
 
-      await kv.set(`challenge:${challenge}`, Date.now())
+      await kv.set(`challenge:${challenge}`, { created: Date.now(), name })
 
       return Response.json({ options })
     } catch (error) {
@@ -74,10 +74,9 @@ export function webAuthn(options: webAuthn.Options): Handler {
         Bytes.toString(new Uint8Array(deserialized.clientDataJSON)),
       ) as { challenge: string }
       const challenge = Hex.fromBytes(Base64.toBytes(clientData.challenge))
-      const stored = await kv.get<number>(`challenge:${challenge}`)
-      if (!stored || Date.now() - stored > challengeTtl * 1_000)
+      const stored = await kv.get<{ created: number; name: string }>(`challenge:${challenge}`)
+      if (!stored || Date.now() - stored.created > challengeTtl * 1_000)
         throw new Error('Missing or expired challenge')
-      await kv.delete(`challenge:${challenge}`)
 
       const result = Registration.verify(credential, {
         challenge,
@@ -88,10 +87,17 @@ export function webAuthn(options: webAuthn.Options): Handler {
       const { publicKey } = result.credential
       const credentialId = credential.id
 
-      await kv.set(`credential:${credentialId}`, { publicKey })
-
       const json = { credentialId, publicKey }
-      const hook = await onRegister?.({ credentialId, publicKey, request: c.req.raw })
+      const [, hook] = await Promise.all([
+        kv.set(`credential:${credentialId}`, { publicKey }),
+        onRegister?.({
+          credentialId,
+          name: stored.name,
+          publicKey,
+          request: c.req.raw,
+        }),
+        kv.delete(`challenge:${challenge}`),
+      ])
       return mergeResponse(json, hook)
     } catch (error) {
       return Response.json({ error: (error as Error).message }, { status: 400 })
@@ -136,12 +142,13 @@ export function webAuthn(options: webAuthn.Options): Handler {
         challenge: string
       }
       const challenge = Hex.fromBytes(Base64.toBytes(clientData.challenge))
-      const stored = await kv.get<number>(`challenge:${challenge}`)
+
+      const [stored, credentialData] = await Promise.all([
+        kv.get<number>(`challenge:${challenge}`),
+        kv.get<{ publicKey: string }>(`credential:${response.id}`),
+      ])
       if (!stored || Date.now() - stored > challengeTtl * 1_000)
         throw new Error('Missing or expired challenge')
-      await kv.delete(`challenge:${challenge}`)
-
-      const credentialData = await kv.get<{ publicKey: string }>(`credential:${response.id}`)
       if (!credentialData) throw new Error('Unknown credential')
 
       const valid = Authentication.verify(response, {
@@ -160,7 +167,10 @@ export function webAuthn(options: webAuthn.Options): Handler {
         publicKey: credentialData.publicKey,
         ...(userHandle && userHandle.length > 0 ? { userId: userHandle } : undefined),
       }
-      const hook = await onAuthenticate?.({ ...json, request: c.req.raw })
+      const [hook] = await Promise.all([
+        onAuthenticate?.({ ...json, request: c.req.raw }),
+        kv.delete(`challenge:${challenge}`),
+      ])
       return mergeResponse(json, hook)
     } catch (error) {
       return Response.json({ error: (error as Error).message }, { status: 400 })
@@ -179,6 +189,8 @@ export declare namespace webAuthn {
     /** Called after a successful registration. The returned response is merged onto the default JSON response. */
     onRegister?: (parameters: {
       credentialId: string
+      /** The name provided during `/register/options` (e.g. user email). */
+      name: string
       publicKey: string
       request: Request
     }) => Response | Promise<Response> | void | Promise<void>