mppx 0.3.4 → 0.3.6

package/src/tempo/server/Session.test.ts

@@ -1,4 +1,5 @@
-import type { Challenge, z } from 'mppx'
+import type { z } from 'mppx'
+import { Challenge } from 'mppx'
 import { Mppx as Mppx_server, tempo as tempo_server } from 'mppx/server'
 import { type Address, createClient, type Hex } from 'viem'
 import { Addresses } from 'viem/tempo'
@@ -1099,6 +1100,58 @@ describe('session', () => {
       } as any)
       expect(result).toBeUndefined()
     })
+
+    test('returns undefined for voucher POST with content-length > 0 (content request)', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'voucher' },
+        },
+        input: new Request('http://localhost', {
+          method: 'POST',
+          headers: { 'content-length': '42' },
+        }),
+      } as any)
+      expect(result).toBeUndefined()
+    })
+
+    test('returns undefined for voucher POST with transfer-encoding header (content request)', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'voucher' },
+        },
+        input: new Request('http://localhost', {
+          method: 'POST',
+          headers: { 'transfer-encoding': 'chunked' },
+        }),
+      } as any)
+      expect(result).toBeUndefined()
+    })
+
+    test('returns 204 for voucher POST with content-length: 0', () => {
+      const server = createServer()
+      const result = server.respond!({
+        credential: {
+          challenge: makeChallenge({
+            channelId: '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex,
+          }),
+          payload: { action: 'voucher' },
+        },
+        input: new Request('http://localhost', {
+          method: 'POST',
+          headers: { 'content-length': '0' },
+        }),
+      } as any)
+      expect(result).toBeInstanceOf(Response)
+      expect((result as Response).status).toBe(204)
+    })
   })
 
   describe('SSE', () => {
@@ -1282,6 +1335,193 @@ describe('monotonicity and TOCTOU (unit tests)', () => {
   })
 })
 
+describe('session default currency resolution', () => {
+  const mockClient = createClient({ transport: http('http://localhost:1') })
+  const mockMainnetClient = createClient({
+    chain: {
+      id: 4217,
+      name: 'Tempo',
+      nativeCurrency: { name: 'ETH', symbol: 'ETH', decimals: 18 },
+      rpcUrls: { default: { http: ['http://localhost:1'] } },
+    },
+    transport: http('http://localhost:1'),
+  })
+  const mockTestnetClient = createClient({
+    chain: {
+      id: 42431,
+      name: 'Tempo Testnet',
+      nativeCurrency: { name: 'ETH', symbol: 'ETH', decimals: 18 },
+      rpcUrls: { default: { http: ['http://localhost:1'] } },
+    },
+    transport: http('http://localhost:1'),
+  })
+
+  test('mainnet (default) resolves to USDC', () => {
+    const server = session({
+      store: Store.memory(),
+      getClient: () => mockClient,
+      account: '0x0000000000000000000000000000000000000001',
+      escrowContract: '0x0000000000000000000000000000000000000002',
+    } as session.Parameters)
+    expect(server.defaults?.currency).toBe('0x20C000000000000000000000b9537d11c60E8b50')
+  })
+
+  test('testnet: true defaults to pathUSD', () => {
+    const server = session({
+      store: Store.memory(),
+      getClient: () => mockClient,
+      account: '0x0000000000000000000000000000000000000001',
+      escrowContract: '0x0000000000000000000000000000000000000002',
+      testnet: true,
+    } as session.Parameters)
+    expect(server.defaults?.currency).toBe('0x20c0000000000000000000000000000000000000')
+  })
+
+  test('unknown chain defaults to pathUSD', () => {
+    const server = session({
+      store: Store.memory(),
+      getClient: () => mockClient,
+      account: '0x0000000000000000000000000000000000000001',
+      escrowContract: '0x0000000000000000000000000000000000000002',
+      chainId: 69420,
+    } as session.Parameters)
+    expect(server.defaults?.currency).toBe('0x20c0000000000000000000000000000000000000')
+  })
+
+  test('explicit currency overrides default', () => {
+    const server = session({
+      store: Store.memory(),
+      getClient: () => mockClient,
+      account: '0x0000000000000000000000000000000000000001',
+      currency: '0xcustom',
+      escrowContract: '0x0000000000000000000000000000000000000002',
+      chainId: 4217,
+      testnet: false,
+    } as session.Parameters)
+    expect(server.defaults?.currency).toBe('0xcustom')
+  })
+
+  test('decimals defaults to 6', () => {
+    const server = session({
+      store: Store.memory(),
+      getClient: () => mockClient,
+      account: '0x0000000000000000000000000000000000000001',
+      escrowContract: '0x0000000000000000000000000000000000000002',
+      chainId: 42431,
+    } as session.Parameters)
+    expect(server.defaults?.decimals).toBe(6)
+  })
+
+  test('challenge contains USDC currency (mainnet default)', async () => {
+    const handler = Mppx_server.create({
+      methods: [
+        tempo_server.session({
+          store: Store.memory(),
+          getClient: () => mockMainnetClient,
+          account: '0x0000000000000000000000000000000000000001',
+          escrowContract: '0x0000000000000000000000000000000000000002',
+          chainId: 4217,
+          testnet: false,
+        }),
+      ],
+      realm: 'api.example.com',
+      secretKey: 'secret',
+    })
+
+    const result = await (handler.session as Function)({
+      amount: '1',
+      decimals: 6,
+      unitType: 'token',
+    })(new Request('https://example.com'))
+    expect(result.status).toBe(402)
+
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.request.currency).toBe('0x20C000000000000000000000b9537d11c60E8b50')
+  })
+
+  test('challenge contains pathUSD currency when testnet: true', async () => {
+    const handler = Mppx_server.create({
+      methods: [
+        tempo_server.session({
+          store: Store.memory(),
+          getClient: () => mockTestnetClient,
+          account: '0x0000000000000000000000000000000000000001',
+          escrowContract: '0x0000000000000000000000000000000000000002',
+          testnet: true,
+        }),
+      ],
+      realm: 'api.example.com',
+      secretKey: 'secret',
+    })
+
+    const result = await (handler.session as Function)({
+      amount: '1',
+      decimals: 6,
+      unitType: 'token',
+      chainId: 42431,
+    })(new Request('https://example.com'))
+    expect(result.status).toBe(402)
+
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.request.currency).toBe('0x20c0000000000000000000000000000000000000')
+  })
+
+  test('challenge contains pathUSD currency (unknown chain)', async () => {
+    const handler = Mppx_server.create({
+      methods: [
+        tempo_server.session({
+          store: Store.memory(),
+          getClient: () => mockTestnetClient,
+          account: '0x0000000000000000000000000000000000000001',
+          escrowContract: '0x0000000000000000000000000000000000000002',
+          chainId: 69420,
+        }),
+      ],
+      realm: 'api.example.com',
+      secretKey: 'secret',
+    })
+
+    const result = await (handler.session as Function)({
+      amount: '1',
+      decimals: 6,
+      unitType: 'token',
+    })(new Request('https://example.com'))
+    expect(result.status).toBe(402)
+
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.request.currency).toBe('0x20c0000000000000000000000000000000000000')
+  })
+
+  test('explicit currency in challenge overrides testnet default', async () => {
+    const handler = Mppx_server.create({
+      methods: [
+        tempo_server.session({
+          store: Store.memory(),
+          getClient: () => mockClient,
+          account: '0x0000000000000000000000000000000000000001',
+          currency: '0xcustom',
+          escrowContract: '0x0000000000000000000000000000000000000002',
+          chainId: 4217,
+          testnet: false,
+        }),
+      ],
+      realm: 'api.example.com',
+      secretKey: 'secret',
+    })
+
+    const result = await handler.session({
+      amount: '1',
+      decimals: 6,
+      unitType: 'token',
+    })(new Request('https://example.com'))
+    expect(result.status).toBe(402)
+    if (result.status !== 402) throw new Error()
+
+    const challenge = Challenge.fromResponse(result.challenge)
+    expect(challenge.request.currency).toBe('0xcustom')
+  })
+})
+
 function nextSalt(): Hex {
   saltCounter++
   return `0x${saltCounter.toString(16).padStart(64, '0')}` as Hex

package/src/tempo/server/Session.ts

@@ -85,7 +85,7 @@ export function session<const parameters extends session.Parameters>(p?: paramet
   const parameters = p as parameters
   const {
     amount,
-    currency,
+    currency = defaults.resolveCurrency(parameters),
     decimals = defaults.decimals,
     store: rawStore = Store.memory(),
     suggestedDeposit,
@@ -127,7 +127,7 @@ export function session<const parameters extends session.Parameters>(p?: paramet
       // Extract chainId from request or default.
       const chainId = await (async () => {
         if (request.chainId) return request.chainId
-        if (parameters.testnet) return defaults.testnetChainId
+        if (parameters.testnet) return defaults.chainId.testnet
         return (await getClient({})).chain?.id
       })()
 
@@ -156,7 +156,12 @@ export function session<const parameters extends session.Parameters>(p?: paramet
         return undefined
       })()
 
-      return { ...request, chainId, escrowContract: resolvedEscrow, feePayer: resolvedFeePayer }
+      return {
+        ...request,
+        chainId,
+        escrowContract: resolvedEscrow,
+        feePayer: resolvedFeePayer,
+      }
     },
 
     async verify({ credential }) {

package/src/tempo/server/internal/transport.test.ts

@@ -0,0 +1,285 @@
+import { Challenge, Credential } from 'mppx'
+import type { Address, Hex } from 'viem'
+import { describe, expect, test } from 'vitest'
+import * as Store from '../../../Store.js'
+import * as ChannelStore from '../../session/ChannelStore.js'
+import { sse } from './transport.js'
+
+const channelId = '0x0000000000000000000000000000000000000000000000000000000000000001' as Hex
+const challengeId = 'challenge-1'
+
+function memoryStore() {
+  return ChannelStore.fromStore(Store.memory())
+}
+
+function seedChannel(
+  storage: ChannelStore.ChannelStore,
+  balance: bigint,
+): Promise<ChannelStore.State | null> {
+  return storage.updateChannel(channelId, () => ({
+    channelId,
+    payer: '0x0000000000000000000000000000000000000001' as Address,
+    payee: '0x0000000000000000000000000000000000000002' as Address,
+    token: '0x0000000000000000000000000000000000000003' as Address,
+    authorizedSigner: '0x0000000000000000000000000000000000000004' as Address,
+    chainId: 42431,
+    escrowContract: '0x542831e3E4Ace07559b7C8787395f4Fb99F70787' as Address,
+    deposit: balance,
+    settledOnChain: 0n,
+    highestVoucherAmount: balance,
+    highestVoucher: null,
+    spent: 0n,
+    units: 0,
+    finalized: false,
+    createdAt: new Date().toISOString(),
+  }))
+}
+
+function makeChallenge() {
+  return Challenge.from({
+    id: challengeId,
+    realm: 'test.example.com',
+    method: 'tempo',
+    intent: 'session',
+    request: {
+      amount: '1000000',
+      currency: '0x20c0000000000000000000000000000000000001',
+      recipient: '0x0000000000000000000000000000000000000002',
+    },
+  })
+}
+
+function makeCredential() {
+  const challenge = makeChallenge()
+  return Credential.from({
+    challenge,
+    payload: {
+      action: 'voucher',
+      channelId,
+      cumulativeAmount: '1000000',
+      signature: '0xdeadbeef',
+    },
+  })
+}
+
+function makeAuthorizedRequest(): Request {
+  const credential = makeCredential()
+  const header = Credential.serialize(credential)
+  return new Request('https://test.example.com/session', {
+    headers: { Authorization: header },
+  })
+}
+
+function makeReceipt() {
+  return {
+    method: 'tempo',
+    status: 'success' as const,
+    timestamp: new Date().toISOString(),
+    reference: channelId,
+  }
+}
+
+describe('sse transport', () => {
+  test('getCredential returns null when no Authorization header', () => {
+    const store = memoryStore()
+    const transport = sse({ store })
+    const request = new Request('https://test.example.com/session')
+    expect(transport.getCredential(request)).toBeNull()
+  })
+
+  test('getCredential returns credential from Authorization header', () => {
+    const store = memoryStore()
+    const transport = sse({ store })
+    const request = makeAuthorizedRequest()
+    const credential = transport.getCredential(request)
+    expect(credential).not.toBeNull()
+    expect(credential!.challenge.id).toBe(challengeId)
+    expect((credential!.payload as any).channelId).toBe(channelId)
+  })
+
+  test('getCredential captures SSE context in contextMap', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    const request = makeAuthorizedRequest()
+    transport.getCredential(request)
+
+    async function* gen() {
+      yield 'test'
+    }
+
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+    expect(response.headers.get('Content-Type')).toContain('text/event-stream')
+  })
+
+  test('respondChallenge delegates to base http transport', async () => {
+    const store = memoryStore()
+    const transport = sse({ store })
+    const challenge = makeChallenge()
+
+    const response = await transport.respondChallenge({
+      challenge,
+      input: new Request('https://test.example.com/session'),
+    })
+    expect(response).toBeInstanceOf(Response)
+    expect(response.status).toBe(402)
+    expect(response.headers.get('WWW-Authenticate')).toContain('Payment')
+  })
+
+  test('respondReceipt with AsyncIterable produces SSE response', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    async function* gen() {
+      yield 'hello'
+      yield 'world'
+    }
+
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+    expect(response.headers.get('Content-Type')).toContain('text/event-stream')
+  })
+
+  test('respondReceipt with AsyncGeneratorFunction passes stream controller', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: async function* (stream) {
+        await stream.charge()
+        yield 'hello'
+      },
+      challengeId,
+    })
+    expect(response.headers.get('Content-Type')).toContain('text/event-stream')
+  })
+
+  test('respondReceipt with upstream SSE Response auto-detects and iterates', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    const encoder = new TextEncoder()
+    const upstream = new Response(
+      new ReadableStream({
+        start(controller) {
+          controller.enqueue(encoder.encode('event: message\ndata: chunk1\n\n'))
+          controller.enqueue(encoder.encode('event: message\ndata: chunk2\n\n'))
+          controller.close()
+        },
+      }),
+      { headers: { 'Content-Type': 'text/event-stream; charset=utf-8' } },
+    )
+
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: upstream,
+      challengeId,
+    })
+    expect(response.headers.get('Content-Type')).toContain('text/event-stream')
+  })
+
+  test('respondReceipt with plain Response delegates to base http transport', () => {
+    const store = memoryStore()
+    const transport = sse({ store })
+    const receipt = makeReceipt()
+
+    const plainResponse = new Response('ok', {
+      headers: { 'Content-Type': 'application/json' },
+    })
+
+    const response = transport.respondReceipt({
+      receipt,
+      response: plainResponse,
+      challengeId,
+    })
+    expect(response).toBeInstanceOf(Response)
+    expect(response.headers.get('Payment-Receipt')).toBeTruthy()
+  })
+
+  test('respondReceipt cleans up contextMap after use', async () => {
+    const store = memoryStore()
+    await seedChannel(store, 10000000n)
+    const transport = sse({ store })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    async function* gen() {
+      yield 'first'
+    }
+
+    transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+
+    async function* gen2() {
+      yield 'second'
+    }
+
+    expect(() =>
+      transport.respondReceipt({
+        receipt: makeReceipt(),
+        response: gen2(),
+        challengeId,
+      }),
+    ).toThrow('No SSE context available')
+  })
+
+  test('respondReceipt throws when no SSE context available', () => {
+    const store = memoryStore()
+    const transport = sse({ store })
+
+    async function* gen() {
+      yield 'hello'
+    }
+
+    expect(() =>
+      transport.respondReceipt({
+        receipt: makeReceipt(),
+        response: gen(),
+        challengeId,
+      }),
+    ).toThrow('No SSE context available')
+  })
+
+  test('poll: true strips waitForUpdate from store', async () => {
+    const store = memoryStore()
+    ;(store as any).waitForUpdate = async () => {}
+    await seedChannel(store, 10000000n)
+
+    const transport = sse({ store, poll: true })
+
+    transport.getCredential(makeAuthorizedRequest())
+
+    async function* gen() {
+      yield 'test'
+    }
+
+    const response = transport.respondReceipt({
+      receipt: makeReceipt(),
+      response: gen(),
+      challengeId,
+    })
+    expect(response.headers.get('Content-Type')).toContain('text/event-stream')
+    expect(transport.name).toBe('sse')
+  })
+})

package/src/tempo/session/Voucher.test.ts

@@ -131,4 +131,50 @@ describe('Voucher', () => {
     expect(voucher.cumulativeAmount).toBe(5000000n)
     expect(voucher.signature).toBe(sig)
   })
+
+  test('parseVoucherFromPayload with zero amount', () => {
+    const sig =
+      '0xabcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890ab' as const
+    const voucher = parseVoucherFromPayload(channelId, '0', sig)
+    expect(voucher.cumulativeAmount).toBe(0n)
+  })
+
+  test('verifyVoucher rejects wrong escrow contract', async () => {
+    const signature = await signVoucher(
+      client,
+      account,
+      { channelId, cumulativeAmount },
+      escrowContract,
+      chainId,
+    )
+
+    const wrongEscrow = '0xabcdefabcdefabcdefabcdefabcdefabcdefabcd' as const
+    const isValid = await verifyVoucher(
+      wrongEscrow,
+      chainId,
+      { channelId, cumulativeAmount, signature },
+      account.address,
+    )
+    expect(isValid).toBe(false)
+  })
+
+  test('signVoucher and verifyVoucher round-trip with zero amount', async () => {
+    const zeroAmount = 0n
+    const signature = await signVoucher(
+      client,
+      account,
+      { channelId, cumulativeAmount: zeroAmount },
+      escrowContract,
+      chainId,
+    )
+    expect(signature).toMatch(/^0x/)
+
+    const isValid = await verifyVoucher(
+      escrowContract,
+      chainId,
+      { channelId, cumulativeAmount: zeroAmount, signature },
+      account.address,
+    )
+    expect(isValid).toBe(true)
+  })
 })