moltspay 1.4.0 → 1.5.0

package/dist/index.js

@@ -2253,8 +2253,10 @@ var MoltsPayServer = class {
   isProxyAllowed(clientIP) {
     const allowedIPs = process.env.PROXY_ALLOWED_IPS?.split(",").map((ip) => ip.trim()) || [];
     if (allowedIPs.length === 0) {
-      console.log(`[MoltsPay] /proxy denied: no PROXY_ALLOWED_IPS configured`);
-      return false;
+      return true;
+    }
+    if (allowedIPs.includes("*")) {
+      return true;
     }
     const normalizedIP = clientIP === "::1" ? "127.0.0.1" : clientIP.replace("::ffff:", "");
     const allowed = allowedIPs.includes(normalizedIP) || allowedIPs.includes(clientIP);
@@ -2784,11 +2786,26 @@ var MoltsPayClient = class {
       throw new Error("Client not initialized. Run: npx moltspay init");
     }
     console.log(`[MoltsPay] Requesting service: ${service}`);
-    const requestBody = { service, params };
+    let executeUrl = `${serverUrl}/execute`;
+    try {
+      const services = await this.getServices(serverUrl);
+      const svc = services.services?.find((s) => s.id === service);
+      if (svc?.endpoint) {
+        executeUrl = `${serverUrl}${svc.endpoint}`;
+        console.log(`[MoltsPay] Using service endpoint: ${svc.endpoint}`);
+      }
+    } catch {
+    }
+    let requestBody;
+    if (options.rawData) {
+      requestBody = { service, ...params };
+    } else {
+      requestBody = { service, params };
+    }
     if (options.chain) {
       requestBody.chain = options.chain;
     }
-    const initialRes = await fetch(`${serverUrl}/execute`, {
+    const initialRes = await fetch(executeUrl, {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(requestBody)
@@ -2804,7 +2821,7 @@ var MoltsPayClient = class {
     const paymentRequiredHeader = initialRes.headers.get(PAYMENT_REQUIRED_HEADER2);
     if (wwwAuthHeader && wwwAuthHeader.toLowerCase().includes("payment")) {
       console.log("[MoltsPay] Detected MPP protocol, using Tempo flow...");
-      return await this.handleMPPPayment(serverUrl, service, params, wwwAuthHeader);
+      return await this.handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options);
     }
     if (!paymentRequiredHeader) {
       throw new Error("Missing payment header (x-payment-required or www-authenticate)");
@@ -2865,7 +2882,7 @@ Please specify: --chain <chain_name>`
       if (!req2) {
         throw new Error(`Failed to find payment requirement for ${selectedChain}`);
       }
-      return await this.handleSolanaPayment(serverUrl, service, params, req2, solanaChain);
+      return await this.handleSolanaPayment(executeUrl, service, params, req2, solanaChain, options);
     }
     const chainName = selectedChain;
     const chain = getChain(chainName);
@@ -2912,14 +2929,14 @@ Please specify: --chain <chain_name>`
       if (!bnbSpender) {
         throw new Error("Server did not provide bnbSpender address. Server may not support BNB payments.");
       }
-      return await this.handleBNBPayment(serverUrl, service, params, {
+      return await this.handleBNBPayment(executeUrl, service, params, {
         to: payTo2,
         amount,
         token,
         chainName,
         chain,
         spender: bnbSpender
-      });
+      }, options);
     }
     const payTo = req.payTo || req.resource;
     if (!payTo) {
@@ -2950,11 +2967,11 @@ Please specify: --chain <chain_name>`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending request with payment...`);
-    const paidRequestBody = { service, params };
+    const paidRequestBody = options.rawData ? { service, ...params } : { service, params };
     if (options.chain) {
       paidRequestBody.chain = options.chain;
     }
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -2968,13 +2985,13 @@ Please specify: --chain <chain_name>`
     }
     this.recordSpending(amount);
     console.log(`[MoltsPay] Success! Payment: ${result.payment?.status || "claimed"}`);
-    return result.result;
+    return result.result || result;
   }
   /**
    * Handle MPP (Machine Payments Protocol) payment flow
    * Called when pay() detects WWW-Authenticate header in 402 response
    */
-  async handleMPPPayment(serverUrl, service, params, wwwAuthHeader) {
+  async handleMPPPayment(executeUrl, service, params, wwwAuthHeader, options = {}) {
     const { privateKeyToAccount: privateKeyToAccount2 } = await import("viem/accounts");
     const { createWalletClient, createPublicClient, http } = await import("viem");
     const { tempoModerato } = await import("viem/chains");
@@ -3035,13 +3052,14 @@ Please specify: --chain <chain_name>`
       source: `did:pkh:eip155:${chainId}:${account.address}`
     };
     const credentialB64 = Buffer.from(JSON.stringify(credential)).toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const retryBody = options.rawData ? { service, ...params, chain: "tempo_moderato" } : { service, params, chain: "tempo_moderato" };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "Authorization": `Payment ${credentialB64}`
       },
-      body: JSON.stringify({ service, params, chain: "tempo_moderato" })
+      body: JSON.stringify(retryBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3061,7 +3079,7 @@ Please specify: --chain <chain_name>`
    * 4. Server executes service
    * 5. Server calls transferFrom if successful (pay-for-success)
    */
-  async handleBNBPayment(serverUrl, service, params, paymentDetails) {
+  async handleBNBPayment(executeUrl, service, params, paymentDetails, options = {}) {
     const { to, amount, token, chainName, chain, spender } = paymentDetails;
     const tokenConfig = chain.tokens[token];
     const provider = new import_ethers.ethers.JsonRpcProvider(chain.rpc);
@@ -3157,13 +3175,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
     console.log(`[MoltsPay] Sending BNB payment request...`);
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const bnbRequestBody = options.rawData ? { service, ...params, chain: chainName } : { service, params, chain: chainName };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain: chainName })
+      body: JSON.stringify(bnbRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3180,7 +3199,7 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
    * 1. Client creates and signs a transfer transaction
    * 2. Server submits the transaction after service completes
    */
-  async handleSolanaPayment(serverUrl, service, params, requirements, chain) {
+  async handleSolanaPayment(executeUrl, service, params, requirements, chain, options = {}) {
     const solanaWallet = loadSolanaWallet(this.configDir);
     if (!solanaWallet) {
       throw new Error("No Solana wallet found. Run: npx moltspay init --chain solana_devnet");
@@ -3233,13 +3252,14 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
       }
     };
     const paymentHeader = Buffer.from(JSON.stringify(payload)).toString("base64");
-    const paidRes = await fetch(`${serverUrl}/execute`, {
+    const solanaRequestBody = options.rawData ? { service, ...params, chain } : { service, params, chain };
+    const paidRes = await fetch(executeUrl, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
         "X-Payment": paymentHeader
       },
-      body: JSON.stringify({ service, params, chain })
+      body: JSON.stringify(solanaRequestBody)
     });
     const result = await paidRes.json();
     if (!paidRes.ok) {
@@ -3384,15 +3404,17 @@ Run: npx moltspay approve --chain ${chainName} --spender ${spender}`
   loadWallet() {
     const walletPath = (0, import_path2.join)(this.configDir, "wallet.json");
     if ((0, import_fs4.existsSync)(walletPath)) {
-      try {
-        const stats = (0, import_fs4.statSync)(walletPath);
-        const mode = stats.mode & 511;
-        if (mode !== 384) {
-          console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
-          console.warn(`[MoltsPay] Fixing permissions to 0600...`);
-          (0, import_fs4.chmodSync)(walletPath, 384);
+      if (process.platform !== "win32") {
+        try {
+          const stats = (0, import_fs4.statSync)(walletPath);
+          const mode = stats.mode & 511;
+          if (mode !== 384) {
+            console.warn(`[MoltsPay] WARNING: wallet.json has insecure permissions (${mode.toString(8)})`);
+            console.warn(`[MoltsPay] Fixing permissions to 0600...`);
+            (0, import_fs4.chmodSync)(walletPath, 384);
+          }
+        } catch {
         }
-      } catch (err) {
       }
       const content = (0, import_fs4.readFileSync)(walletPath, "utf-8");
       return JSON.parse(content);