moltspay 1.5.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +143 -0
- package/dist/cdp/index.js.map +1 -1
- package/dist/cdp/index.mjs.map +1 -1
- package/dist/{cdp-DeohBe1o.d.ts → cdp-B5PhDUTC.d.ts} +1 -1
- package/dist/{cdp-p_eHuQpb.d.mts → cdp-D-5Hg3y_.d.mts} +1 -1
- package/dist/chains/index.d.mts +37 -1
- package/dist/chains/index.d.ts +37 -1
- package/dist/chains/index.js +22 -0
- package/dist/chains/index.js.map +1 -1
- package/dist/chains/index.mjs +19 -0
- package/dist/chains/index.mjs.map +1 -1
- package/dist/cli/index.js +1941 -204
- package/dist/cli/index.js.map +1 -1
- package/dist/cli/index.mjs +1938 -201
- package/dist/cli/index.mjs.map +1 -1
- package/dist/client/index.d.mts +46 -0
- package/dist/client/index.d.ts +46 -0
- package/dist/client/index.js +1059 -118
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +1055 -116
- package/dist/client/index.mjs.map +1 -1
- package/dist/client/web/index.d.mts +434 -0
- package/dist/client/web/index.mjs +1300 -0
- package/dist/client/web/index.mjs.map +1 -0
- package/dist/facilitators/index.d.mts +185 -6
- package/dist/facilitators/index.d.ts +185 -6
- package/dist/facilitators/index.js +497 -13
- package/dist/facilitators/index.js.map +1 -1
- package/dist/facilitators/index.mjs +492 -13
- package/dist/facilitators/index.mjs.map +1 -1
- package/dist/index.d.mts +77 -2
- package/dist/index.d.ts +77 -2
- package/dist/index.js +1865 -172
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +1854 -167
- package/dist/index.mjs.map +1 -1
- package/dist/mcp/index.js +1062 -123
- package/dist/mcp/index.js.map +1 -1
- package/dist/mcp/index.mjs +1059 -120
- package/dist/mcp/index.mjs.map +1 -1
- package/dist/{registry-OsEO2dOu.d.mts → registry-DIo0WNoO.d.mts} +8 -1
- package/dist/{registry-OsEO2dOu.d.ts → registry-DIo0WNoO.d.ts} +8 -1
- package/dist/server/index.d.mts +137 -2
- package/dist/server/index.d.ts +137 -2
- package/dist/server/index.js +757 -30
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +757 -30
- package/dist/server/index.mjs.map +1 -1
- package/dist/verify/index.js.map +1 -1
- package/dist/verify/index.mjs.map +1 -1
- package/dist/wallet/index.js.map +1 -1
- package/dist/wallet/index.mjs.map +1 -1
- package/package.json +15 -2
- package/schemas/moltspay.services.schema.json +100 -6
- package/scripts/postinstall.js +91 -0
|
@@ -26,6 +26,13 @@ interface X402PaymentPayload {
|
|
|
26
26
|
}
|
|
27
27
|
/**
|
|
28
28
|
* x402 Payment Requirements (server specifies what it accepts)
|
|
29
|
+
*
|
|
30
|
+
* **Per-scheme `extra` conventions:**
|
|
31
|
+
* - `alipay-aipay` (2.0.0+): `extra` carries the parallel `Payment-Needed`
|
|
32
|
+
* contents so x402-aware clients don't need to read the separate HTTP
|
|
33
|
+
* header. Server side, `AlipayFacilitator.createPaymentRequirements`
|
|
34
|
+
* populates: `payment_needed_header` (Base64URL of nested
|
|
35
|
+
* `{protocol, method}` JSON), `out_trade_no`, `pay_before`, `service_id`.
|
|
29
36
|
*/
|
|
30
37
|
interface X402PaymentRequirements {
|
|
31
38
|
scheme: string;
|
|
@@ -230,4 +237,4 @@ declare function getDefaultRegistry(): FacilitatorRegistry;
|
|
|
230
237
|
*/
|
|
231
238
|
declare function createRegistry(selection?: FacilitatorSelection): FacilitatorRegistry;
|
|
232
239
|
|
|
233
|
-
export { BaseFacilitator as B, type
|
|
240
|
+
export { BaseFacilitator as B, type FacilitatorConfig as F, type HealthCheckResult as H, type SettleResult as S, type VerifyResult as V, type X402PaymentPayload as X, type X402PaymentRequirements as a, type FacilitatorFee as b, type Facilitator as c, FacilitatorRegistry as d, type FacilitatorSelection as e, type SelectionStrategy as f, createRegistry as g, getDefaultRegistry as h };
|
|
@@ -26,6 +26,13 @@ interface X402PaymentPayload {
|
|
|
26
26
|
}
|
|
27
27
|
/**
|
|
28
28
|
* x402 Payment Requirements (server specifies what it accepts)
|
|
29
|
+
*
|
|
30
|
+
* **Per-scheme `extra` conventions:**
|
|
31
|
+
* - `alipay-aipay` (2.0.0+): `extra` carries the parallel `Payment-Needed`
|
|
32
|
+
* contents so x402-aware clients don't need to read the separate HTTP
|
|
33
|
+
* header. Server side, `AlipayFacilitator.createPaymentRequirements`
|
|
34
|
+
* populates: `payment_needed_header` (Base64URL of nested
|
|
35
|
+
* `{protocol, method}` JSON), `out_trade_no`, `pay_before`, `service_id`.
|
|
29
36
|
*/
|
|
30
37
|
interface X402PaymentRequirements {
|
|
31
38
|
scheme: string;
|
|
@@ -230,4 +237,4 @@ declare function getDefaultRegistry(): FacilitatorRegistry;
|
|
|
230
237
|
*/
|
|
231
238
|
declare function createRegistry(selection?: FacilitatorSelection): FacilitatorRegistry;
|
|
232
239
|
|
|
233
|
-
export { BaseFacilitator as B, type
|
|
240
|
+
export { BaseFacilitator as B, type FacilitatorConfig as F, type HealthCheckResult as H, type SettleResult as S, type VerifyResult as V, type X402PaymentPayload as X, type X402PaymentRequirements as a, type FacilitatorFee as b, type Facilitator as c, FacilitatorRegistry as d, type FacilitatorSelection as e, type SelectionStrategy as f, createRegistry as g, getDefaultRegistry as h };
|
package/dist/server/index.d.mts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { e as FacilitatorSelection } from '../registry-DIo0WNoO.mjs';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* MoltsPay Server Types
|
|
@@ -22,6 +22,37 @@ interface ServiceConfig {
|
|
|
22
22
|
command?: string;
|
|
23
23
|
/** Function name to import from skill's index.js (new skill-based approach) */
|
|
24
24
|
function?: string;
|
|
25
|
+
/**
|
|
26
|
+
* Alipay AI 收 per-service config (2.0.0+).
|
|
27
|
+
* Set when this service accepts CNY payments via the alipay rail.
|
|
28
|
+
* The `price`/`currency` fields above still describe USDC pricing
|
|
29
|
+
* for the x402 rails; `alipay.price_cny` is a separate CNY price.
|
|
30
|
+
*/
|
|
31
|
+
alipay?: ServiceAlipayConfig;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Per-service Alipay AI 收 configuration (2.0.0+).
|
|
35
|
+
*
|
|
36
|
+
* Sample:
|
|
37
|
+
* ```json
|
|
38
|
+
* "alipay": {
|
|
39
|
+
* "service_id": "API_0EA6DC4FC99A4DF7",
|
|
40
|
+
* "price_cny": "7.00",
|
|
41
|
+
* "goods_name": "产品演示视频 - 系列一"
|
|
42
|
+
* }
|
|
43
|
+
* ```
|
|
44
|
+
*/
|
|
45
|
+
interface ServiceAlipayConfig {
|
|
46
|
+
/** Per-service service_id (defaults to provider.alipay.service_id_default). */
|
|
47
|
+
service_id?: string;
|
|
48
|
+
/**
|
|
49
|
+
* CNY price as decimal string in **元** (e.g. `"7.00"` = 7 CNY).
|
|
50
|
+
* NOT cents: `"100"` means 100 元, not 100 分.
|
|
51
|
+
* Must match `/^\d+(\.\d{1,2})?$/`.
|
|
52
|
+
*/
|
|
53
|
+
price_cny: string;
|
|
54
|
+
/** Goods name shown to the user in the Alipay app. */
|
|
55
|
+
goods_name: string;
|
|
25
56
|
}
|
|
26
57
|
interface InputField {
|
|
27
58
|
type: 'string' | 'number' | 'boolean' | 'object';
|
|
@@ -45,6 +76,49 @@ interface ProviderConfig {
|
|
|
45
76
|
solana_wallet?: string;
|
|
46
77
|
chain?: string;
|
|
47
78
|
chains?: ChainConfig[];
|
|
79
|
+
/**
|
|
80
|
+
* Alipay AI 收 provider-level config (2.0.0+).
|
|
81
|
+
* Required when `chains` includes `"alipay"`.
|
|
82
|
+
* Server validates `private_key_path` / `alipay_public_key_path` are
|
|
83
|
+
* readable + parse as RSA PEM at startup; rejects start otherwise.
|
|
84
|
+
*/
|
|
85
|
+
alipay?: ProviderAlipayConfig;
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Provider-level Alipay AI 收 configuration (2.0.0+).
|
|
89
|
+
*
|
|
90
|
+
* The user-facing form uses FILE PATHS for both PEM keys; the server
|
|
91
|
+
* resolves them to PEM strings before constructing AlipayFacilitator.
|
|
92
|
+
*
|
|
93
|
+
* Sample:
|
|
94
|
+
* ```json
|
|
95
|
+
* "alipay": {
|
|
96
|
+
* "seller_id": "2088641494699428",
|
|
97
|
+
* "app_id": "2021006150642142",
|
|
98
|
+
* "seller_name": "上海超响应数字科技有限公司",
|
|
99
|
+
* "service_id_default": "API_0EA6DC4FC99A4DF7",
|
|
100
|
+
* "private_key_path": "./cert/ALIPAY_PRIVATE_KEY.txt",
|
|
101
|
+
* "alipay_public_key_path": "./cert/ALIPAY_PUBLIC_KEY.txt"
|
|
102
|
+
* }
|
|
103
|
+
* ```
|
|
104
|
+
*/
|
|
105
|
+
interface ProviderAlipayConfig {
|
|
106
|
+
/** Merchant Alipay ID (16 digits, e.g. `"2088641494699428"`). */
|
|
107
|
+
seller_id: string;
|
|
108
|
+
/** Application ID from Alipay Open Platform. */
|
|
109
|
+
app_id: string;
|
|
110
|
+
/** Merchant legal name; appears in `method.seller_name` of the 402 challenge. */
|
|
111
|
+
seller_name: string;
|
|
112
|
+
/** Default `service_id` when a `services[].alipay` entry doesn't override it. */
|
|
113
|
+
service_id_default: string;
|
|
114
|
+
/** Path to the RSA2 merchant private key PEM file (relative to moltspay.services.json). */
|
|
115
|
+
private_key_path: string;
|
|
116
|
+
/** Path to the Alipay platform public key PEM file (relative to moltspay.services.json). */
|
|
117
|
+
alipay_public_key_path: string;
|
|
118
|
+
/** Open API gateway URL. Defaults to `"https://openapi.alipay.com/gateway.do"`. */
|
|
119
|
+
gateway_url?: string;
|
|
120
|
+
/** Signature algorithm. Only `"RSA2"` is supported in 2.0.0. */
|
|
121
|
+
sign_type?: 'RSA2';
|
|
48
122
|
}
|
|
49
123
|
interface ServicesManifest {
|
|
50
124
|
provider: ProviderConfig;
|
|
@@ -84,12 +158,39 @@ interface Charge {
|
|
|
84
158
|
paidAt?: number;
|
|
85
159
|
completedAt?: number;
|
|
86
160
|
}
|
|
161
|
+
/**
|
|
162
|
+
* CORS configuration. See MoltsPayServerOptions.cors.
|
|
163
|
+
* Fine-grained shape for providers that need allowlist origins or custom control.
|
|
164
|
+
*/
|
|
165
|
+
interface CorsOptions {
|
|
166
|
+
/** Explicit origin allowlist. Either an array of origins, or a predicate function. */
|
|
167
|
+
origins: string[] | ((origin: string) => boolean);
|
|
168
|
+
/** Emit `Access-Control-Allow-Credentials: true`. Default false. */
|
|
169
|
+
credentials?: boolean;
|
|
170
|
+
/** Preflight cache seconds (`Access-Control-Max-Age`). Default 600. */
|
|
171
|
+
maxAge?: number;
|
|
172
|
+
}
|
|
87
173
|
interface MoltsPayServerOptions {
|
|
88
174
|
port?: number;
|
|
89
175
|
host?: string;
|
|
90
176
|
chargeExpirySecs?: number;
|
|
91
177
|
/** x402 Facilitator URL (default: https://x402.org/facilitator) */
|
|
92
178
|
facilitatorUrl?: string;
|
|
179
|
+
/**
|
|
180
|
+
* CORS configuration.
|
|
181
|
+
*
|
|
182
|
+
* - `undefined` or `true` (default): allow any origin (`Access-Control-Allow-Origin: *`).
|
|
183
|
+
* This matches the 1.5.x behavior — browser clients from any origin can call this server.
|
|
184
|
+
* - `false`: emit no CORS headers (same-origin only).
|
|
185
|
+
* - `string[]`: explicit origin allowlist. Request's Origin must match an entry.
|
|
186
|
+
* - `CorsOptions` object: fine-grained control (origins + credentials + maxAge).
|
|
187
|
+
*
|
|
188
|
+
* When CORS is active, the server always exposes the following response headers via
|
|
189
|
+
* `Access-Control-Expose-Headers`: `X-Payment-Required`, `X-Payment-Response`,
|
|
190
|
+
* `WWW-Authenticate`, `Payment-Receipt`. These are required for browser clients to
|
|
191
|
+
* read the 402 challenge and the payment receipt on successful responses.
|
|
192
|
+
*/
|
|
193
|
+
cors?: boolean | string[] | CorsOptions;
|
|
93
194
|
}
|
|
94
195
|
|
|
95
196
|
/**
|
|
@@ -122,6 +223,8 @@ declare class MoltsPayServer {
|
|
|
122
223
|
private registry;
|
|
123
224
|
private networkId;
|
|
124
225
|
private useMainnet;
|
|
226
|
+
/** Alipay AI 收 facilitator instance, set when `provider.alipay` is configured (2.0.0). */
|
|
227
|
+
private alipayFacilitator;
|
|
125
228
|
constructor(servicesPath: string, options?: MoltsPayServerOptionsExtended);
|
|
126
229
|
/**
|
|
127
230
|
* Register a skill handler for a service
|
|
@@ -144,6 +247,21 @@ declare class MoltsPayServer {
|
|
|
144
247
|
* Start HTTP server
|
|
145
248
|
*/
|
|
146
249
|
listen(port?: number): void;
|
|
250
|
+
/**
|
|
251
|
+
* Apply CORS response headers according to the `cors` option.
|
|
252
|
+
*
|
|
253
|
+
* Default (`cors` unset or `true`): `Access-Control-Allow-Origin: *`. Matches 1.5.x behavior
|
|
254
|
+
* and works for every browser client whose origin does not need to send cookies.
|
|
255
|
+
*
|
|
256
|
+
* `cors: false`: emit no CORS headers. Same-origin only.
|
|
257
|
+
* `cors: string[]`: origin allowlist — echo the origin back iff it matches.
|
|
258
|
+
* `cors: CorsOptions`: full control (allowlist + credentials + maxAge).
|
|
259
|
+
*
|
|
260
|
+
* The required-for-Web response headers are always exposed when CORS is active:
|
|
261
|
+
* `X-Payment-Required, X-Payment-Response, WWW-Authenticate, Payment-Receipt`.
|
|
262
|
+
*/
|
|
263
|
+
private applyCorsHeaders;
|
|
264
|
+
private writeCorsHeaders;
|
|
147
265
|
/**
|
|
148
266
|
* Handle incoming request
|
|
149
267
|
*/
|
|
@@ -164,6 +282,23 @@ declare class MoltsPayServer {
|
|
|
164
282
|
* POST /execute - Execute service with x402 payment
|
|
165
283
|
*/
|
|
166
284
|
private handleExecute;
|
|
285
|
+
/**
|
|
286
|
+
* Execute a service paid via the Alipay AI 收 fiat rail (2.0.0).
|
|
287
|
+
*
|
|
288
|
+
* Differs from the EVM/SVM path: no token detection, no EIP-3009/permit
|
|
289
|
+
* validation. Verify hits the Alipay Open API (`payment.verify`). Settlement
|
|
290
|
+
* (`fulfillment.confirm`) is FIRE-AND-FORGET per ALIPAY-INTEGRATION-DESIGN
|
|
291
|
+
* §5.1: a confirm failure is logged but does NOT fail the already-delivered
|
|
292
|
+
* response (the buyer's payment proof was already verified).
|
|
293
|
+
*/
|
|
294
|
+
private handleAlipayExecute;
|
|
295
|
+
/**
|
|
296
|
+
* Build the Alipay 402 challenge for a service, or null when the alipay rail
|
|
297
|
+
* isn't configured for this server or this service. Returns the x402
|
|
298
|
+
* `accepts[]` entry plus the Base64URL `Payment-Needed` header value so the
|
|
299
|
+
* 402 responders can dual-emit both the x402 and legacy alipay-bot formats.
|
|
300
|
+
*/
|
|
301
|
+
private buildAlipayChallenge;
|
|
167
302
|
/**
|
|
168
303
|
* Handle MPP (Machine Payments Protocol) request
|
|
169
304
|
* Supports both x402 and MPP protocols on service endpoints
|
|
@@ -242,4 +377,4 @@ declare class MoltsPayServer {
|
|
|
242
377
|
private sendProxyPaymentRequired;
|
|
243
378
|
}
|
|
244
379
|
|
|
245
|
-
export { type ChainConfig, type Charge, type ChargeStatus, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderConfig, type RegisteredSkill, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
|
|
380
|
+
export { type ChainConfig, type Charge, type ChargeStatus, type CorsOptions, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderAlipayConfig, type ProviderConfig, type RegisteredSkill, type ServiceAlipayConfig, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
|
package/dist/server/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { e as FacilitatorSelection } from '../registry-DIo0WNoO.js';
|
|
2
2
|
|
|
3
3
|
/**
|
|
4
4
|
* MoltsPay Server Types
|
|
@@ -22,6 +22,37 @@ interface ServiceConfig {
|
|
|
22
22
|
command?: string;
|
|
23
23
|
/** Function name to import from skill's index.js (new skill-based approach) */
|
|
24
24
|
function?: string;
|
|
25
|
+
/**
|
|
26
|
+
* Alipay AI 收 per-service config (2.0.0+).
|
|
27
|
+
* Set when this service accepts CNY payments via the alipay rail.
|
|
28
|
+
* The `price`/`currency` fields above still describe USDC pricing
|
|
29
|
+
* for the x402 rails; `alipay.price_cny` is a separate CNY price.
|
|
30
|
+
*/
|
|
31
|
+
alipay?: ServiceAlipayConfig;
|
|
32
|
+
}
|
|
33
|
+
/**
|
|
34
|
+
* Per-service Alipay AI 收 configuration (2.0.0+).
|
|
35
|
+
*
|
|
36
|
+
* Sample:
|
|
37
|
+
* ```json
|
|
38
|
+
* "alipay": {
|
|
39
|
+
* "service_id": "API_0EA6DC4FC99A4DF7",
|
|
40
|
+
* "price_cny": "7.00",
|
|
41
|
+
* "goods_name": "产品演示视频 - 系列一"
|
|
42
|
+
* }
|
|
43
|
+
* ```
|
|
44
|
+
*/
|
|
45
|
+
interface ServiceAlipayConfig {
|
|
46
|
+
/** Per-service service_id (defaults to provider.alipay.service_id_default). */
|
|
47
|
+
service_id?: string;
|
|
48
|
+
/**
|
|
49
|
+
* CNY price as decimal string in **元** (e.g. `"7.00"` = 7 CNY).
|
|
50
|
+
* NOT cents: `"100"` means 100 元, not 100 分.
|
|
51
|
+
* Must match `/^\d+(\.\d{1,2})?$/`.
|
|
52
|
+
*/
|
|
53
|
+
price_cny: string;
|
|
54
|
+
/** Goods name shown to the user in the Alipay app. */
|
|
55
|
+
goods_name: string;
|
|
25
56
|
}
|
|
26
57
|
interface InputField {
|
|
27
58
|
type: 'string' | 'number' | 'boolean' | 'object';
|
|
@@ -45,6 +76,49 @@ interface ProviderConfig {
|
|
|
45
76
|
solana_wallet?: string;
|
|
46
77
|
chain?: string;
|
|
47
78
|
chains?: ChainConfig[];
|
|
79
|
+
/**
|
|
80
|
+
* Alipay AI 收 provider-level config (2.0.0+).
|
|
81
|
+
* Required when `chains` includes `"alipay"`.
|
|
82
|
+
* Server validates `private_key_path` / `alipay_public_key_path` are
|
|
83
|
+
* readable + parse as RSA PEM at startup; rejects start otherwise.
|
|
84
|
+
*/
|
|
85
|
+
alipay?: ProviderAlipayConfig;
|
|
86
|
+
}
|
|
87
|
+
/**
|
|
88
|
+
* Provider-level Alipay AI 收 configuration (2.0.0+).
|
|
89
|
+
*
|
|
90
|
+
* The user-facing form uses FILE PATHS for both PEM keys; the server
|
|
91
|
+
* resolves them to PEM strings before constructing AlipayFacilitator.
|
|
92
|
+
*
|
|
93
|
+
* Sample:
|
|
94
|
+
* ```json
|
|
95
|
+
* "alipay": {
|
|
96
|
+
* "seller_id": "2088641494699428",
|
|
97
|
+
* "app_id": "2021006150642142",
|
|
98
|
+
* "seller_name": "上海超响应数字科技有限公司",
|
|
99
|
+
* "service_id_default": "API_0EA6DC4FC99A4DF7",
|
|
100
|
+
* "private_key_path": "./cert/ALIPAY_PRIVATE_KEY.txt",
|
|
101
|
+
* "alipay_public_key_path": "./cert/ALIPAY_PUBLIC_KEY.txt"
|
|
102
|
+
* }
|
|
103
|
+
* ```
|
|
104
|
+
*/
|
|
105
|
+
interface ProviderAlipayConfig {
|
|
106
|
+
/** Merchant Alipay ID (16 digits, e.g. `"2088641494699428"`). */
|
|
107
|
+
seller_id: string;
|
|
108
|
+
/** Application ID from Alipay Open Platform. */
|
|
109
|
+
app_id: string;
|
|
110
|
+
/** Merchant legal name; appears in `method.seller_name` of the 402 challenge. */
|
|
111
|
+
seller_name: string;
|
|
112
|
+
/** Default `service_id` when a `services[].alipay` entry doesn't override it. */
|
|
113
|
+
service_id_default: string;
|
|
114
|
+
/** Path to the RSA2 merchant private key PEM file (relative to moltspay.services.json). */
|
|
115
|
+
private_key_path: string;
|
|
116
|
+
/** Path to the Alipay platform public key PEM file (relative to moltspay.services.json). */
|
|
117
|
+
alipay_public_key_path: string;
|
|
118
|
+
/** Open API gateway URL. Defaults to `"https://openapi.alipay.com/gateway.do"`. */
|
|
119
|
+
gateway_url?: string;
|
|
120
|
+
/** Signature algorithm. Only `"RSA2"` is supported in 2.0.0. */
|
|
121
|
+
sign_type?: 'RSA2';
|
|
48
122
|
}
|
|
49
123
|
interface ServicesManifest {
|
|
50
124
|
provider: ProviderConfig;
|
|
@@ -84,12 +158,39 @@ interface Charge {
|
|
|
84
158
|
paidAt?: number;
|
|
85
159
|
completedAt?: number;
|
|
86
160
|
}
|
|
161
|
+
/**
|
|
162
|
+
* CORS configuration. See MoltsPayServerOptions.cors.
|
|
163
|
+
* Fine-grained shape for providers that need allowlist origins or custom control.
|
|
164
|
+
*/
|
|
165
|
+
interface CorsOptions {
|
|
166
|
+
/** Explicit origin allowlist. Either an array of origins, or a predicate function. */
|
|
167
|
+
origins: string[] | ((origin: string) => boolean);
|
|
168
|
+
/** Emit `Access-Control-Allow-Credentials: true`. Default false. */
|
|
169
|
+
credentials?: boolean;
|
|
170
|
+
/** Preflight cache seconds (`Access-Control-Max-Age`). Default 600. */
|
|
171
|
+
maxAge?: number;
|
|
172
|
+
}
|
|
87
173
|
interface MoltsPayServerOptions {
|
|
88
174
|
port?: number;
|
|
89
175
|
host?: string;
|
|
90
176
|
chargeExpirySecs?: number;
|
|
91
177
|
/** x402 Facilitator URL (default: https://x402.org/facilitator) */
|
|
92
178
|
facilitatorUrl?: string;
|
|
179
|
+
/**
|
|
180
|
+
* CORS configuration.
|
|
181
|
+
*
|
|
182
|
+
* - `undefined` or `true` (default): allow any origin (`Access-Control-Allow-Origin: *`).
|
|
183
|
+
* This matches the 1.5.x behavior — browser clients from any origin can call this server.
|
|
184
|
+
* - `false`: emit no CORS headers (same-origin only).
|
|
185
|
+
* - `string[]`: explicit origin allowlist. Request's Origin must match an entry.
|
|
186
|
+
* - `CorsOptions` object: fine-grained control (origins + credentials + maxAge).
|
|
187
|
+
*
|
|
188
|
+
* When CORS is active, the server always exposes the following response headers via
|
|
189
|
+
* `Access-Control-Expose-Headers`: `X-Payment-Required`, `X-Payment-Response`,
|
|
190
|
+
* `WWW-Authenticate`, `Payment-Receipt`. These are required for browser clients to
|
|
191
|
+
* read the 402 challenge and the payment receipt on successful responses.
|
|
192
|
+
*/
|
|
193
|
+
cors?: boolean | string[] | CorsOptions;
|
|
93
194
|
}
|
|
94
195
|
|
|
95
196
|
/**
|
|
@@ -122,6 +223,8 @@ declare class MoltsPayServer {
|
|
|
122
223
|
private registry;
|
|
123
224
|
private networkId;
|
|
124
225
|
private useMainnet;
|
|
226
|
+
/** Alipay AI 收 facilitator instance, set when `provider.alipay` is configured (2.0.0). */
|
|
227
|
+
private alipayFacilitator;
|
|
125
228
|
constructor(servicesPath: string, options?: MoltsPayServerOptionsExtended);
|
|
126
229
|
/**
|
|
127
230
|
* Register a skill handler for a service
|
|
@@ -144,6 +247,21 @@ declare class MoltsPayServer {
|
|
|
144
247
|
* Start HTTP server
|
|
145
248
|
*/
|
|
146
249
|
listen(port?: number): void;
|
|
250
|
+
/**
|
|
251
|
+
* Apply CORS response headers according to the `cors` option.
|
|
252
|
+
*
|
|
253
|
+
* Default (`cors` unset or `true`): `Access-Control-Allow-Origin: *`. Matches 1.5.x behavior
|
|
254
|
+
* and works for every browser client whose origin does not need to send cookies.
|
|
255
|
+
*
|
|
256
|
+
* `cors: false`: emit no CORS headers. Same-origin only.
|
|
257
|
+
* `cors: string[]`: origin allowlist — echo the origin back iff it matches.
|
|
258
|
+
* `cors: CorsOptions`: full control (allowlist + credentials + maxAge).
|
|
259
|
+
*
|
|
260
|
+
* The required-for-Web response headers are always exposed when CORS is active:
|
|
261
|
+
* `X-Payment-Required, X-Payment-Response, WWW-Authenticate, Payment-Receipt`.
|
|
262
|
+
*/
|
|
263
|
+
private applyCorsHeaders;
|
|
264
|
+
private writeCorsHeaders;
|
|
147
265
|
/**
|
|
148
266
|
* Handle incoming request
|
|
149
267
|
*/
|
|
@@ -164,6 +282,23 @@ declare class MoltsPayServer {
|
|
|
164
282
|
* POST /execute - Execute service with x402 payment
|
|
165
283
|
*/
|
|
166
284
|
private handleExecute;
|
|
285
|
+
/**
|
|
286
|
+
* Execute a service paid via the Alipay AI 收 fiat rail (2.0.0).
|
|
287
|
+
*
|
|
288
|
+
* Differs from the EVM/SVM path: no token detection, no EIP-3009/permit
|
|
289
|
+
* validation. Verify hits the Alipay Open API (`payment.verify`). Settlement
|
|
290
|
+
* (`fulfillment.confirm`) is FIRE-AND-FORGET per ALIPAY-INTEGRATION-DESIGN
|
|
291
|
+
* §5.1: a confirm failure is logged but does NOT fail the already-delivered
|
|
292
|
+
* response (the buyer's payment proof was already verified).
|
|
293
|
+
*/
|
|
294
|
+
private handleAlipayExecute;
|
|
295
|
+
/**
|
|
296
|
+
* Build the Alipay 402 challenge for a service, or null when the alipay rail
|
|
297
|
+
* isn't configured for this server or this service. Returns the x402
|
|
298
|
+
* `accepts[]` entry plus the Base64URL `Payment-Needed` header value so the
|
|
299
|
+
* 402 responders can dual-emit both the x402 and legacy alipay-bot formats.
|
|
300
|
+
*/
|
|
301
|
+
private buildAlipayChallenge;
|
|
167
302
|
/**
|
|
168
303
|
* Handle MPP (Machine Payments Protocol) request
|
|
169
304
|
* Supports both x402 and MPP protocols on service endpoints
|
|
@@ -242,4 +377,4 @@ declare class MoltsPayServer {
|
|
|
242
377
|
private sendProxyPaymentRequired;
|
|
243
378
|
}
|
|
244
379
|
|
|
245
|
-
export { type ChainConfig, type Charge, type ChargeStatus, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderConfig, type RegisteredSkill, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
|
|
380
|
+
export { type ChainConfig, type Charge, type ChargeStatus, type CorsOptions, type InputField, MoltsPayServer, type MoltsPayServerOptions, type MoltsPayServerOptionsExtended, type OutputField, type PaymentRequest, type ProviderAlipayConfig, type ProviderConfig, type RegisteredSkill, type ServiceAlipayConfig, type ServiceConfig, type ServicesManifest, type SkillFunction, type TokenSymbol, type VerifyRequest };
|