moltspay 1.4.1 → 1.6.0

package/dist/facilitators/index.mjs

@@ -224,6 +224,9 @@ var CDPFacilitator = class extends BaseFacilitator {
   }
 };
 
+// src/facilitators/tempo.ts
+import { ethers } from "ethers";
+
 // src/chains/index.ts
 var CHAINS = {
   // ============ Mainnet ============
@@ -393,15 +396,38 @@ var CHAINS = {
 
 // src/facilitators/tempo.ts
 var TRANSFER_EVENT_TOPIC = "0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef";
+var TIP20_PERMIT_ABI = [
+  "function permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)",
+  "function transferFrom(address from, address to, uint256 value) returns (bool)"
+];
 var TempoFacilitator = class extends BaseFacilitator {
   name = "tempo";
   displayName = "Tempo Testnet";
   supportedNetworks = ["eip155:42431"];
   // Tempo Moderato
   rpcUrl;
+  settlerWallet = null;
   constructor() {
     super();
     this.rpcUrl = CHAINS.tempo_moderato.rpc;
+    const settlerKey = process.env.TEMPO_SETTLER_KEY;
+    if (settlerKey) {
+      try {
+        const provider = new ethers.JsonRpcProvider(this.rpcUrl);
+        this.settlerWallet = new ethers.Wallet(settlerKey, provider);
+      } catch (err) {
+        console.warn("[TempoFacilitator] Invalid TEMPO_SETTLER_KEY, permit settlement disabled:", err);
+        this.settlerWallet = null;
+      }
+    }
+  }
+  /**
+   * Settler EOA address advertised to clients via `X-Payment-Required.extra.tempoSpender`.
+   * Web Client uses this as the `spender` field in the signed EIP-2612 Permit.
+   * Returns null if no TEMPO_SETTLER_KEY is configured — permit settlement unavailable.
+   */
+  getSpenderAddress() {
+    return this.settlerWallet?.address ?? null;
   }
   async healthCheck() {
     const start = Date.now();
@@ -427,6 +453,44 @@ var TempoFacilitator = class extends BaseFacilitator {
     }
   }
   async verify(paymentPayload, requirements) {
+    const inner = paymentPayload.payload;
+    if (inner && "permit" in inner && inner.permit) {
+      return this.verifyPermit(inner, requirements);
+    }
+    return this.verifyTxHash(paymentPayload, requirements);
+  }
+  /**
+   * Structural validation of an EIP-2612 permit payload. Does NOT submit
+   * anything on-chain — actual submission happens in settlePermit().
+   */
+  async verifyPermit(payload, requirements) {
+    if (!this.settlerWallet) {
+      return { valid: false, error: "Permit settlement not configured (TEMPO_SETTLER_KEY missing)" };
+    }
+    const p = payload.permit;
+    if (!p || !p.owner || !p.spender || !p.value || !p.deadline) {
+      return { valid: false, error: "Invalid permit payload: missing fields" };
+    }
+    if (p.spender.toLowerCase() !== this.settlerWallet.address.toLowerCase()) {
+      return {
+        valid: false,
+        error: `Permit spender ${p.spender} does not match configured settler ${this.settlerWallet.address}`
+      };
+    }
+    const deadline = BigInt(p.deadline);
+    const now = BigInt(Math.floor(Date.now() / 1e3));
+    if (deadline <= now) {
+      return { valid: false, error: "Permit deadline has expired" };
+    }
+    if (BigInt(p.value) < BigInt(requirements.amount || "0")) {
+      return {
+        valid: false,
+        error: `Permit value ${p.value} is less than required ${requirements.amount}`
+      };
+    }
+    return { valid: true, details: { scheme: "permit", owner: p.owner } };
+  }
+  async verifyTxHash(paymentPayload, requirements) {
     try {
       const tempoPayload = paymentPayload.payload;
       if (!tempoPayload?.txHash) {
@@ -484,7 +548,11 @@ var TempoFacilitator = class extends BaseFacilitator {
     }
   }
   async settle(paymentPayload, requirements) {
-    const verifyResult = await this.verify(paymentPayload, requirements);
+    const inner = paymentPayload.payload;
+    if (inner && "permit" in inner && inner.permit) {
+      return this.settlePermit(inner, requirements);
+    }
+    const verifyResult = await this.verifyTxHash(paymentPayload, requirements);
     if (!verifyResult.valid) {
       return { success: false, error: verifyResult.error };
     }
@@ -495,6 +563,52 @@ var TempoFacilitator = class extends BaseFacilitator {
       status: "settled"
     };
   }
+  /**
+   * EIP-2612 permit settlement path. Submits two transactions on Tempo:
+   *   1. pathUSD.permit(owner, spender=settler, value, deadline, v, r, s)
+   *   2. pathUSD.transferFrom(owner, payTo, value)
+   *
+   * The settler EOA pays Tempo gas (via the TIP-20 `feeToken` mechanism — no
+   * native tTEMPO required; any held TIP-20 token balance covers fees).
+   */
+  async settlePermit(payload, requirements) {
+    if (!this.settlerWallet) {
+      return { success: false, error: "Permit settlement not configured (TEMPO_SETTLER_KEY missing)" };
+    }
+    if (!requirements.asset || !requirements.payTo) {
+      return { success: false, error: "Missing asset or payTo in requirements" };
+    }
+    const verifyResult = await this.verifyPermit(payload, requirements);
+    if (!verifyResult.valid) {
+      return { success: false, error: verifyResult.error };
+    }
+    const token = new ethers.Contract(requirements.asset, TIP20_PERMIT_ABI, this.settlerWallet);
+    const p = payload.permit;
+    try {
+      const permitTx = await token.permit(
+        p.owner,
+        p.spender,
+        p.value,
+        p.deadline,
+        p.v,
+        p.r,
+        p.s
+      );
+      await permitTx.wait();
+      const transferTx = await token.transferFrom(p.owner, requirements.payTo, p.value);
+      await transferTx.wait();
+      return {
+        success: true,
+        transaction: transferTx.hash,
+        status: "settled"
+      };
+    } catch (err) {
+      return {
+        success: false,
+        error: `Tempo permit settlement failed: ${err.message}`
+      };
+    }
+  }
   async getTransactionReceipt(txHash) {
     const response = await fetch(this.rpcUrl, {
       method: "POST",
@@ -737,12 +851,12 @@ var BNBFacilitator = class extends BaseFacilitator {
     return this.spenderAddress;
   }
   async getServerAddress() {
-    const { ethers } = await import("ethers");
-    const wallet = new ethers.Wallet(this.serverPrivateKey);
+    const { ethers: ethers2 } = await import("ethers");
+    const wallet = new ethers2.Wallet(this.serverPrivateKey);
     return wallet.address;
   }
   async recoverIntentSigner(intent, chainId) {
-    const { ethers } = await import("ethers");
+    const { ethers: ethers2 } = await import("ethers");
     const domain = {
       ...EIP712_DOMAIN,
       chainId
@@ -756,7 +870,7 @@ var BNBFacilitator = class extends BaseFacilitator {
       nonce: intent.nonce,
       deadline: intent.deadline
     };
-    const recoveredAddress = ethers.verifyTypedData(
+    const recoveredAddress = ethers2.verifyTypedData(
       domain,
       INTENT_TYPES,
       message,
@@ -800,10 +914,10 @@ var BNBFacilitator = class extends BaseFacilitator {
     return result.result || "0x0";
   }
   async executeTransferFrom(from, to, amount, token, rpcUrl) {
-    const { ethers } = await import("ethers");
-    const provider = new ethers.JsonRpcProvider(rpcUrl);
-    const wallet = new ethers.Wallet(this.serverPrivateKey, provider);
-    const tokenContract = new ethers.Contract(token, [
+    const { ethers: ethers2 } = await import("ethers");
+    const provider = new ethers2.JsonRpcProvider(rpcUrl);
+    const wallet = new ethers2.Wallet(this.serverPrivateKey, provider);
+    const tokenContract = new ethers2.Contract(token, [
       "function transferFrom(address from, address to, uint256 amount) returns (bool)"
     ], wallet);
     const tx = await tokenContract.transferFrom(from, to, amount);
@@ -1058,16 +1172,16 @@ var SolanaFacilitator = class extends BaseFacilitator {
     return this.supportedNetworks.includes(network);
   }
 };
-async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amount, chain, feePayerPubkey) {
+async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amount, chain, feePayerPubkey, connection) {
   const chainConfig = SOLANA_CHAINS[chain];
-  const connection = new Connection2(chainConfig.rpc, "confirmed");
+  const conn = connection ?? new Connection2(chainConfig.rpc, "confirmed");
   const mint = new PublicKey2(chainConfig.tokens.USDC.mint);
   const actualFeePayer = feePayerPubkey || senderPubkey;
   const senderATA = await getAssociatedTokenAddress(mint, senderPubkey);
   const recipientATA = await getAssociatedTokenAddress(mint, recipientPubkey);
   const transaction = new Transaction();
   try {
-    await getAccount(connection, recipientATA);
+    await getAccount(conn, recipientATA);
   } catch {
     transaction.add(
       createAssociatedTokenAccountInstruction(
@@ -1098,7 +1212,7 @@ async function createSolanaPaymentTransaction(senderPubkey, recipientPubkey, amo
       // decimals
     )
   );
-  const { blockhash, lastValidBlockHeight } = await connection.getLatestBlockhash();
+  const { blockhash, lastValidBlockHeight } = await conn.getLatestBlockhash();
   transaction.recentBlockhash = blockhash;
   transaction.feePayer = actualFeePayer;
   return transaction;