npm - moltspay - Versions diffs - 1.4.0 → 1.5.0 - Mend

moltspay 1.4.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/dist/index.mjs CHANGED Viewed

@@ -2211,8 +2211,10 @@ var MoltsPayServer = class {
   isProxyAllowed(clientIP) {
     const allowedIPs = process.env.PROXY_ALLOWED_IPS?.split(",").map((ip) => ip.trim()) || [];
     if (allowedIPs.length === 0) {
-      console.log(`[MoltsPay] /proxy denied: no PROXY_ALLOWED_IPS configured`);
-      return false;
+      return true;
+    }
+    if (allowedIPs.includes("*")) {
+      return true;
     }
     const normalizedIP = clientIP === "::1" ? "127.0.0.1" : clientIP.replace("::ffff:", "");
     const allowed = allowedIPs.includes(normalizedIP) || allowedIPs.includes(clientIP);
@@ -2742,11 +2744,26 @@ var MoltsPayClient = class {
       throw new Error("Client not initialized. Run: npx moltspay init");
     }
     console.log(`[MoltsPay] Requesting service: ${service}`);
-    const requestBody = { service, params };
+    let executeUrl = `${serverUrl}/execute`;
+    try {
+      const services = await this.getServices(serverUrl);
+      const svc = services.services?.find((s) => s.id === service);
+      if (svc?.endpoint) {
+        executeUrl = `${serverUrl}${svc.endpoint}`;
+        console.log(`[MoltsPay] Using service endpoint: ${svc.endpoint}`);
+      }
+    } catch {
+    }
+    let requestBody;
+    if (options.rawData) {
+      requestBody = { service, ...params };
+    } else {
+      requestBody = { service, params };
+    }
     if (options.chain) {
       requestBody.chain = options.chain;
     }
-    const initialRes = await fetch(`${serverUrl}/execute`, {
+    const initialRes = await fetch(executeUrl, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(requestBody)
@@ -2762,7 +2779,7 @@ var MoltsPayClient = class {
     const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER2);
     if (wwwAuthHeader && wwwAuthHeader.toLowerCase().includes("payment")) {
       console.log("[MoltsPay] Detected MPP protocol, using Tempo flow...");
-      return await this.handleMPPPayment(serverUrl, service, params, wwwAuthHeader);
+      return await this.handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options);
     }
     if (!paymentRequiredHeader) {
       throw new Error("Missing payment header (x-payment-required or www-authenticate)");
@@ -2823,7 +2840,7 @@ Please specify: --chain <chain_name>`
       if (!req2) {
         throw new Error(`Failed to find payment requirement for ${selectedChain}`);
       }
-      return await this.handleSolanaPayment(serverUrl, service, params, req2, solanaChain);
+      return await this.handleSolanaPayment(executeUrl, service, params, req2, solanaChain, options);
     }
     const chainName = selectedChain;
     const chain = getChain(chainName);
@@ -2870,14 +2887,14 @@ Please specify: --chain <chain_name>`
       if (!bnbSpender) {
         throw new Error("Server did not provide bnbSpender address. Server may not support BNB payments.");
       }
-      return await this.handleBNBPayment(serverUrl, service, params, {
+      return await this.handleBNBPayment(executeUrl, service, params, {
         to: payTo2,
         amount,
         token,
         chainName,
         chain,
         spender: bnbSpender
-      });
+      }, options);
     }
     const payTo = req.payTo || req.resource;
     if (!payTo) {
@@ -2908,11 +2925,11 @@ Please specify: --chain <chain_name>`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending request with payment...`);
-    const paidRequestBody = { service, params };
+    const paidRequestBody = options.rawData ? { service, ...params } : { service, params };
     if (options.chain) {
       paidRequestBody.chain = options.chain;
     }
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -2926,13 +2943,13 @@ Please specify: --chain <chain_name>`
     }
     this.recordSpending(amount);
     console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
-    return result.result;
+    return result.result || result;
   }
   /**
    * Handle MPP (Machine Payments Protocol) payment flow
    * Called when pay() detects WWW-Authenticate header in 402 response
    */
-  async handleMPPPayment(serverUrl, service, params, wwwAuthHeader) {
+  async handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options = {}) {
     const { privateKeyToAccount: privateKeyToAccount2 } = await import("viem/accounts");
     const { createWalletClient, createPublicClient, http } = await import("viem");
     const { tempoModerato } = await import("viem/chains");
@@ -2993,13 +3010,14 @@ Please specify: --chain <chain_name>`
       source: `did:pkh:eip155:${chainId}:${account.address}`
     };
     const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const retryBody = options.rawData ? { service, ...params, chain: "tempo_moderato" } : { service, params, chain: "tempo_moderato" };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "Authorization": `Payment ${credentialB64}`
       },
-      body: JSON.stringify({ service, params, chain: "tempo_moderato" })
+      body: JSON.stringify(retryBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3019,7 +3037,7 @@ Please specify: --chain <chain_name>`
    * 4. Server executes service
    * 5. Server calls transferFrom if successful (pay-for-success)
    */
-  async handleBNBPayment(serverUrl, service, params, paymentDetails) {
+  async handleBNBPayment(executeUrl, service, params, paymentDetails, options = {}) {
     const { to, amount, token, chainName, chain, spender } = paymentDetails;
     const tokenConfig = chain.tokens[token];
     const provider = new ethers.JsonRpcProvider(chain.rpc);
@@ -3115,13 +3133,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending BNB payment request...`);
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const bnbRequestBody = options.rawData ? { service, ...params, chain: chainName } : { service, params, chain: chainName };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain: chainName })
+      body: JSON.stringify(bnbRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3138,7 +3157,7 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
    * 1. Client creates and signs a transfer transaction
    * 2. Server submits the transaction after service completes
    */
-  async handleSolanaPayment(serverUrl, service, params, requirements, chain) {
+  async handleSolanaPayment(executeUrl, service, params, requirements, chain, options = {}) {
     const solanaWallet = loadSolanaWallet(this.configDir);
     if (!solanaWallet) {
       throw new Error("No Solana wallet found. Run: npx moltspay init --chain solana_devnet");
@@ -3191,13 +3210,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
       }
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const solanaRequestBody = options.rawData ? { service, ...params, chain } : { service, params, chain };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain })
+      body: JSON.stringify(solanaRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3342,15 +3362,17 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
   loadWallet() {
     const walletPath = join4(this.configDir, "wallet.json");
     if (existsSync4(walletPath)) {
-      try {
-        const stats = statSync(walletPath);
-        const mode = stats.mode & 511;
-        if (mode !== 384) {
-          console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
-          console.warn(`[MoltsPay] Fixing permissions to 0600...`);
-          chmodSync(walletPath, 384);
+      if (process.platform !== "win32") {
+        try {
+          const stats = statSync(walletPath);
+          const mode = stats.mode & 511;
+          if (mode !== 384) {
+            console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
+            console.warn(`[MoltsPay] Fixing permissions to 0600...`);
+            chmodSync(walletPath, 384);
+          }
+        } catch {
         }
-      } catch (err) {
       }
       const content = readFileSync4(walletPath, "utf-8");
       return JSON.parse(content);