moltspay 1.4.0 → 1.5.0

package/dist/cli/index.mjs

@@ -676,11 +676,26 @@ var MoltsPayClient = class {
       throw new Error("Client not initialized. Run: npx moltspay init");
     }
     console.log(`[MoltsPay] Requesting service: ${service}`);
-    const requestBody = { service, params };
+    let executeUrl = `${serverUrl}/execute`;
+    try {
+      const services = await this.getServices(serverUrl);
+      const svc = services.services?.find((s) => s.id === service);
+      if (svc?.endpoint) {
+        executeUrl = `${serverUrl}${svc.endpoint}`;
+        console.log(`[MoltsPay] Using service endpoint: ${svc.endpoint}`);
+      }
+    } catch {
+    }
+    let requestBody;
+    if (options.rawData) {
+      requestBody = { service, ...params };
+    } else {
+      requestBody = { service, params };
+    }
     if (options.chain) {
       requestBody.chain = options.chain;
     }
-    const initialRes = await fetch(`${serverUrl}/execute`, {
+    const initialRes = await fetch(executeUrl, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(requestBody)
@@ -696,7 +711,7 @@ var MoltsPayClient = class {
     const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER);
     if (wwwAuthHeader && wwwAuthHeader.toLowerCase().includes("payment")) {
       console.log("[MoltsPay] Detected MPP protocol, using Tempo flow...");
-      return await this.handleMPPPayment(serverUrl, service, params, wwwAuthHeader);
+      return await this.handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options);
     }
     if (!paymentRequiredHeader) {
       throw new Error("Missing payment header (x-payment-required or www-authenticate)");
@@ -757,7 +772,7 @@ Please specify: --chain <chain_name>`
       if (!req2) {
         throw new Error(`Failed to find payment requirement for ${selectedChain}`);
       }
-      return await this.handleSolanaPayment(serverUrl, service, params, req2, solanaChain);
+      return await this.handleSolanaPayment(executeUrl, service, params, req2, solanaChain, options);
     }
     const chainName = selectedChain;
     const chain = getChain(chainName);
@@ -804,14 +819,14 @@ Please specify: --chain <chain_name>`
       if (!bnbSpender) {
         throw new Error("Server did not provide bnbSpender address. Server may not support BNB payments.");
       }
-      return await this.handleBNBPayment(serverUrl, service, params, {
+      return await this.handleBNBPayment(executeUrl, service, params, {
         to: payTo2,
         amount,
         token,
         chainName,
         chain,
         spender: bnbSpender
-      });
+      }, options);
     }
     const payTo = req.payTo || req.resource;
     if (!payTo) {
@@ -842,11 +857,11 @@ Please specify: --chain <chain_name>`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending request with payment...`);
-    const paidRequestBody = { service, params };
+    const paidRequestBody = options.rawData ? { service, ...params } : { service, params };
     if (options.chain) {
       paidRequestBody.chain = options.chain;
     }
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -860,13 +875,13 @@ Please specify: --chain <chain_name>`
     }
     this.recordSpending(amount);
     console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
-    return result.result;
+    return result.result || result;
   }
   /**
    * Handle MPP (Machine Payments Protocol) payment flow
    * Called when pay() detects WWW-Authenticate header in 402 response
    */
-  async handleMPPPayment(serverUrl, service, params, wwwAuthHeader) {
+  async handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options = {}) {
     const { privateKeyToAccount: privateKeyToAccount2 } = await import("viem/accounts");
     const { createWalletClient, createPublicClient, http } = await import("viem");
     const { tempoModerato } = await import("viem/chains");
@@ -927,13 +942,14 @@ Please specify: --chain <chain_name>`
       source: `did:pkh:eip155:${chainId}:${account.address}`
     };
     const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const retryBody = options.rawData ? { service, ...params, chain: "tempo_moderato" } : { service, params, chain: "tempo_moderato" };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "Authorization": `Payment ${credentialB64}`
       },
-      body: JSON.stringify({ service, params, chain: "tempo_moderato" })
+      body: JSON.stringify(retryBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -953,7 +969,7 @@ Please specify: --chain <chain_name>`
    * 4. Server executes service
    * 5. Server calls transferFrom if successful (pay-for-success)
    */
-  async handleBNBPayment(serverUrl, service, params, paymentDetails) {
+  async handleBNBPayment(executeUrl, service, params, paymentDetails, options = {}) {
     const { to, amount, token, chainName, chain, spender } = paymentDetails;
     const tokenConfig = chain.tokens[token];
     const provider = new ethers.JsonRpcProvider(chain.rpc);
@@ -1049,13 +1065,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending BNB payment request...`);
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const bnbRequestBody = options.rawData ? { service, ...params, chain: chainName } : { service, params, chain: chainName };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain: chainName })
+      body: JSON.stringify(bnbRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -1072,7 +1089,7 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
    * 1. Client creates and signs a transfer transaction
    * 2. Server submits the transaction after service completes
    */
-  async handleSolanaPayment(serverUrl, service, params, requirements, chain) {
+  async handleSolanaPayment(executeUrl, service, params, requirements, chain, options = {}) {
     const solanaWallet = loadSolanaWallet(this.configDir);
     if (!solanaWallet) {
       throw new Error("No Solana wallet found. Run: npx moltspay init --chain solana_devnet");
@@ -1125,13 +1142,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
       }
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const solanaRequestBody = options.rawData ? { service, ...params, chain } : { service, params, chain };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain })
+      body: JSON.stringify(solanaRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -1276,15 +1294,17 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
   loadWallet() {
     const walletPath = join2(this.configDir, "wallet.json");
     if (existsSync2(walletPath)) {
-      try {
-        const stats = statSync(walletPath);
-        const mode = stats.mode & 511;
-        if (mode !== 384) {
-          console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
-          console.warn(`[MoltsPay] Fixing permissions to 0600...`);
-          chmodSync(walletPath, 384);
+      if (process.platform !== "win32") {
+        try {
+          const stats = statSync(walletPath);
+          const mode = stats.mode & 511;
+          if (mode !== 384) {
+            console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
+            console.warn(`[MoltsPay] Fixing permissions to 0600...`);
+            chmodSync(walletPath, 384);
+          }
+        } catch {
         }
-      } catch (err) {
       }
       const content = readFileSync2(walletPath, "utf-8");
       return JSON.parse(content);
@@ -3267,8 +3287,10 @@ var MoltsPayServer = class {
   isProxyAllowed(clientIP) {
     const allowedIPs = process.env.PROXY_ALLOWED_IPS?.split(",").map((ip) => ip.trim()) || [];
     if (allowedIPs.length === 0) {
-      console.log(`[MoltsPay] /proxy denied: no PROXY_ALLOWED_IPS configured`);
-      return false;
+      return true;
+    }
+    if (allowedIPs.includes("*")) {
+      return true;
     }
     const normalizedIP = clientIP === "::1" ? "127.0.0.1" : clientIP.replace("::ffff:", "");
     const allowed = allowedIPs.includes(normalizedIP) || allowedIPs.includes(clientIP);
@@ -4864,14 +4886,23 @@ program.command("stop").description("Stop the running MoltsPay server").action(a
     process.exit(1);
   }
 });
-program.command("pay <server> <service> [params]").description("Pay for a service and get the result").option("--prompt <text>", "Prompt for the service").option("--image <path>", "Image URL or local file path").option("--token <token>", "Token to pay with (USDC or USDT)", "USDC").option("--chain <chain>", "Chain to pay on (base, polygon, base_sepolia, tempo_moderato, solana, or solana_devnet).").option("--config-dir <dir>", "Config directory with wallet.json", DEFAULT_CONFIG_DIR2).option("--json", "Output raw JSON only").action(async (server, service, paramsJson, options) => {
+program.command("pay <server> <service> [params]").description("Pay for a service and get the result").option("--prompt <text>", "Prompt for the service").option("--image <path>", "Image URL or local file path").option("--data <json>", "Raw JSON data to send (for custom input formats)").option("--token <token>", "Token to pay with (USDC or USDT)", "USDC").option("--chain <chain>", "Chain to pay on (base, polygon, base_sepolia, tempo_moderato, solana, or solana_devnet).").option("--config-dir <dir>", "Config directory with wallet.json", DEFAULT_CONFIG_DIR2).option("--json", "Output raw JSON only").action(async (server, service, paramsJson, options) => {
   const client = new MoltsPayClient({ configDir: options.configDir });
   if (!client.isInitialized) {
     console.error("\u274C Wallet not initialized. Run: npx moltspay init");
     process.exit(1);
   }
   let params = {};
-  if (paramsJson) {
+  let useRawData = false;
+  if (options.data) {
+    try {
+      params = JSON.parse(options.data);
+      useRawData = true;
+    } catch {
+      console.error("\u274C Invalid JSON in --data flag");
+      process.exit(1);
+    }
+  } else if (paramsJson) {
     try {
       params = JSON.parse(paramsJson);
     } catch {
@@ -4879,7 +4910,7 @@ program.command("pay <server> <service> [params]").description("Pay for a servic
       process.exit(1);
     }
   }
-  if (options.prompt) params.prompt = options.prompt;
+  if (!useRawData && options.prompt) params.prompt = options.prompt;
   if (options.image) {
     const imagePath = options.image;
     if (imagePath.startsWith("http://") || imagePath.startsWith("https://")) {
@@ -4920,7 +4951,11 @@ program.command("pay <server> <service> [params]").description("Pay for a servic
 `);
     console.log(`   Server: ${server}`);
     console.log(`   Service: ${service}`);
-    console.log(`   Prompt: ${params.prompt}`);
+    if (useRawData) {
+      console.log(`   Data: ${JSON.stringify(params).slice(0, 50)}${JSON.stringify(params).length > 50 ? "..." : ""}`);
+    } else {
+      console.log(`   Prompt: ${params.prompt}`);
+    }
     if (imageDisplay) console.log(`   Image: ${imageDisplay}`);
     console.log(`   Chain: ${chain || "(auto)"}`);
     console.log(`   Token: ${token}`);
@@ -4930,7 +4965,8 @@ program.command("pay <server> <service> [params]").description("Pay for a servic
   try {
     const result = await client.pay(server, service, params, {
       token,
-      chain
+      chain,
+      rawData: useRawData
     });
     if (options.json) {
       console.log(JSON.stringify(result));