create-mantle-facilitator 0.2.1 → 0.3.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-mantle-facilitator",
-  "version": "0.2.1",
+  "version": "0.3.1",
   "private": false,
   "type": "module",
   "bin": {

package/template/dist/index.mjs

@@ -1,5 +1,6 @@
 // src/index.ts
 import express from "express";
+import cors from "cors";
 
 // src/config.ts
 import "dotenv/config";
@@ -97,6 +98,14 @@ function supportedRoute(_req, res) {
 
 // src/x402.ts
 import { ethers as ethers3 } from "ethers";
+function getChainIdFromNetwork(network) {
+  switch (network) {
+    case "mantle-mainnet":
+      return 5e3;
+    default:
+      throw new Error(`Unsupported network: ${network}`);
+  }
+}
 function decodePaymentHeader(paymentHeader) {
   try {
     const json = Buffer.from(paymentHeader, "base64").toString("utf8");
@@ -124,12 +133,13 @@ function validateHeaderShape(headerObj) {
   }
   return { ok: true };
 }
-function getUsdcTypedData(authorization) {
+function getUsdcTypedData(authorization, paymentRequirements) {
+  const chainId = getChainIdFromNetwork(paymentRequirements.network);
   const domain = {
     name: "USD Coin",
     version: "2",
-    chainId: CONFIG.chainId,
-    verifyingContract: CONFIG.usdcAddress
+    chainId,
+    verifyingContract: paymentRequirements.asset
   };
   const types = {
     TransferWithAuthorization: [
@@ -143,8 +153,8 @@ function getUsdcTypedData(authorization) {
   };
   return { domain, types, primaryType: "TransferWithAuthorization", message: authorization };
 }
-function verifyAuthorizationSignature(authorization, signature) {
-  const { domain, types, message } = getUsdcTypedData(authorization);
+function verifyAuthorizationSignature(authorization, signature, paymentRequirements) {
+  const { domain, types, message } = getUsdcTypedData(authorization, paymentRequirements);
   return ethers3.verifyTypedData(domain, types, message, signature);
 }
 function verifyPayment(headerObj, paymentRequirements) {
@@ -165,8 +175,22 @@ function verifyPayment(headerObj, paymentRequirements) {
   if (authValue !== maxValue) {
     return { isValid: false, invalidReason: "Authorization.value does not match maxAmountRequired" };
   }
+  const expectedChainId = CONFIG.chainId;
+  const requestChainId = getChainIdFromNetwork(paymentRequirements.network);
+  if (requestChainId !== expectedChainId) {
+    return {
+      isValid: false,
+      invalidReason: `Network mismatch: expected chainId ${expectedChainId}, got ${requestChainId}`
+    };
+  }
+  if (paymentRequirements.asset.toLowerCase() !== CONFIG.usdcAddress.toLowerCase()) {
+    return {
+      isValid: false,
+      invalidReason: `Asset mismatch: expected ${CONFIG.usdcAddress}, got ${paymentRequirements.asset}`
+    };
+  }
   try {
-    const recovered = verifyAuthorizationSignature(authorization, signature);
+    const recovered = verifyAuthorizationSignature(authorization, signature, paymentRequirements);
     if (recovered.toLowerCase() !== authorization.from.toLowerCase()) {
       return { isValid: false, invalidReason: "Signature does not match authorization.from" };
     }
@@ -313,6 +337,13 @@ async function settleRoute(req, res) {
 
 // src/index.ts
 var app = express();
+app.use(cors({
+  origin: "*",
+  // Allow all origins in development
+  methods: ["GET", "POST", "OPTIONS"],
+  allowedHeaders: ["Content-Type", "Authorization"],
+  credentials: true
+}));
 app.use(express.json({ limit: "1mb" }));
 app.get("/health", healthRoute);
 app.get("/supported", supportedRoute);