mppx 0.4.12 → 0.5.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "mppx",
   "type": "module",
-  "version": "0.4.12",
+  "version": "0.5.0",
   "main": "./dist/index.js",
   "license": "MIT",
   "files": [

package/src/Expires.ts

@@ -1,3 +1,28 @@
+import { InvalidChallengeError, PaymentExpiredError } from './Errors.js'
+
+/**
+ * Asserts that `expires` is present, well-formed, and not in the past.
+ *
+ * Throws `InvalidChallengeError` when missing or malformed,
+ * and `PaymentExpiredError` when the timestamp is in the past.
+ */
+export function assert(
+  expires: string | undefined,
+  challengeId?: string,
+): asserts expires is string {
+  if (!expires)
+    throw new InvalidChallengeError({
+      ...(challengeId && { id: challengeId }),
+      reason: 'missing required expires field',
+    })
+  if (Number.isNaN(new Date(expires).getTime()))
+    throw new InvalidChallengeError({
+      ...(challengeId && { id: challengeId }),
+      reason: 'malformed expires timestamp',
+    })
+  if (new Date(expires) < new Date()) throw new PaymentExpiredError({ expires })
+}
+
 /** Returns an ISO 8601 datetime string `n` days from now. */
 export function days(n: number) {
   return new Date(Date.now() + n * 24 * 60 * 60 * 1000).toISOString()

package/src/cli/cli.test.ts

@@ -10,9 +10,11 @@ import { afterAll, describe, expect, test } from 'vp/test'
 import * as Http from '~test/Http.js'
 import { rpcUrl } from '~test/tempo/prool.js'
 import { deployEscrow } from '~test/tempo/session.js'
-import { accounts, asset, client, fundAccount } from '~test/tempo/viem.js'
+import { accounts, asset, chain, client, fundAccount } from '~test/tempo/viem.js'
 
+import * as Challenge from '../Challenge.js'
 import * as Credential from '../Credential.js'
+import * as Receipt from '../Receipt.js'
 import * as Mppx_server from '../server/Mppx.js'
 import { toNodeListener } from '../server/Mppx.js'
 import * as Store from '../Store.js'
@@ -327,6 +329,107 @@ describe('basic charge (examples/basic)', () => {
     }
   })
 
+  test(
+    'zero-amount charge uses a proof credential and receives response',
+    { timeout: 120_000 },
+    async () => {
+      const server = Mppx_server.create({
+        methods: [tempo.charge({ getClient: () => client })],
+        realm: 'localhost',
+        secretKey: 'cli-test-secret',
+      })
+      let authorization: string | undefined
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        authorization = req.headers.authorization
+        const result = await toNodeListener(
+          server.charge({
+            amount: '0',
+            currency: asset,
+            expires: new Date(Date.now() + 60_000).toISOString(),
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('zero-dollar-paid')
+      })
+
+      try {
+        const { output, exitCode } = await serve([httpServer.url, '--rpc-url', rpcUrl, '-s'], {
+          env: { MPPX_PRIVATE_KEY: testPrivateKey },
+        })
+        expect(exitCode).toBeUndefined()
+        expect(output).toContain('zero-dollar-paid')
+
+        const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(
+          authorization!,
+        )
+        expect(credential.challenge.request.amount).toBe('0')
+        expect(credential.payload.type).toBe('proof')
+        expect(credential.payload.signature).toMatch(/^0x/)
+        expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${testAccount.address}`)
+      } finally {
+        httpServer.close()
+      }
+    },
+  )
+
+  test(
+    'zero-amount charge with testnet currency omission uses a proof credential',
+    { timeout: 120_000 },
+    async () => {
+      const isTestnet = true
+      const mainnetCurrency = '0x20C00000000000000000000b9537d11c60E8b50' as `0x${string}`
+
+      const server = Mppx_server.create({
+        methods: [
+          tempo.charge({
+            getClient: () => client,
+            ...(isTestnet ? {} : { currency: mainnetCurrency }),
+            testnet: isTestnet,
+          }),
+        ],
+        realm: 'localhost',
+        secretKey: 'cli-test-secret',
+      })
+      let authorization: string | undefined
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        authorization = req.headers.authorization
+        const result = await toNodeListener(
+          server.charge({
+            amount: '0',
+            chainId: chain.id,
+            expires: new Date(Date.now() + 60_000).toISOString(),
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('zero-dollar-testnet-paid')
+      })
+
+      try {
+        const { output, exitCode } = await serve([httpServer.url, '--rpc-url', rpcUrl, '-s'], {
+          env: { MPPX_PRIVATE_KEY: testPrivateKey },
+        })
+        expect(exitCode).toBeUndefined()
+        expect(output).toContain('zero-dollar-testnet-paid')
+
+        const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(
+          authorization!,
+        )
+        expect(credential.challenge.request.amount).toBe('0')
+        expect(credential.challenge.request.currency).toBe(
+          '0x20c0000000000000000000000000000000000000',
+        )
+        expect(credential.payload.type).toBe('proof')
+        expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${testAccount.address}`)
+      } finally {
+        httpServer.close()
+      }
+    },
+  )
+
   test('error: no account found', { timeout: 60_000 }, async () => {
     const server = Mppx_server.create({
       methods: [tempo.charge({ getClient: () => client })],
@@ -1046,4 +1149,130 @@ describe('sign', () => {
     const parsed = JSON.parse(output.trim())
     expect(parsed.authorization).toMatch(/^Payment\s+\S+/)
   })
+
+  test(
+    'happy path: zero-amount challenge returns proof authorization accepted by live server',
+    { timeout: 120_000 },
+    async () => {
+      const server = Mppx_server.create({
+        methods: [tempo.charge({ getClient: () => client })],
+        realm: 'cli-sign-zero',
+        secretKey: 'cli-test-secret',
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await toNodeListener(
+          server.charge({
+            amount: '0',
+            currency: asset,
+            expires: new Date(Date.now() + 60_000).toISOString(),
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('zero-dollar-live-sign')
+      })
+
+      try {
+        const challengeResponse = await fetch(httpServer.url)
+        expect(challengeResponse.status).toBe(402)
+        const challenge = Challenge.fromResponse(challengeResponse)
+
+        const { output, exitCode } = await serve(
+          ['sign', '--challenge', Challenge.serialize(challenge), '--rpc-url', rpcUrl],
+          { env: { MPPX_PRIVATE_KEY: testPrivateKey } },
+        )
+
+        expect(exitCode).toBeUndefined()
+
+        const authorization = output.trim()
+        const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(
+          authorization,
+        )
+        expect(credential.challenge.request.amount).toBe('0')
+        expect(credential.payload.type).toBe('proof')
+        expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${testAccount.address}`)
+
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: authorization },
+        })
+        expect(response.status).toBe(200)
+        expect(await response.text()).toBe('zero-dollar-live-sign')
+
+        const receipt = Receipt.fromResponse(response)
+        expect(receipt.reference).toBe(credential.challenge.id)
+      } finally {
+        httpServer.close()
+      }
+    },
+  )
+
+  test(
+    'happy path: zero-amount testnet challenge without explicit currency is accepted by live server',
+    { timeout: 120_000 },
+    async () => {
+      const isTestnet = true
+      const mainnetCurrency = '0x20C00000000000000000000b9537d11c60E8b50' as `0x${string}`
+
+      const server = Mppx_server.create({
+        methods: [
+          tempo.charge({
+            getClient: () => client,
+            ...(isTestnet ? {} : { currency: mainnetCurrency }),
+            testnet: isTestnet,
+          }),
+        ],
+        realm: 'cli-sign-zero-testnet',
+        secretKey: 'cli-test-secret',
+      })
+
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await toNodeListener(
+          server.charge({
+            amount: '0',
+            chainId: chain.id,
+            expires: new Date(Date.now() + 60_000).toISOString(),
+            recipient: accounts[0].address,
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('zero-dollar-live-sign-testnet')
+      })
+
+      try {
+        const challengeResponse = await fetch(httpServer.url)
+        expect(challengeResponse.status).toBe(402)
+        const challenge = Challenge.fromResponse(challengeResponse)
+
+        const { output, exitCode } = await serve(
+          ['sign', '--challenge', Challenge.serialize(challenge), '--rpc-url', rpcUrl],
+          { env: { MPPX_PRIVATE_KEY: testPrivateKey } },
+        )
+
+        expect(exitCode).toBeUndefined()
+
+        const authorization = output.trim()
+        const credential = Credential.deserialize<{ signature: string; type: 'proof' }>(
+          authorization,
+        )
+        expect(credential.challenge.request.amount).toBe('0')
+        expect(credential.challenge.request.currency).toBe(
+          '0x20c0000000000000000000000000000000000000',
+        )
+        expect(credential.payload.type).toBe('proof')
+        expect(credential.source).toBe(`did:pkh:eip155:${chain.id}:${testAccount.address}`)
+
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: authorization },
+        })
+        expect(response.status).toBe(200)
+        expect(await response.text()).toBe('zero-dollar-live-sign-testnet')
+
+        const receipt = Receipt.fromResponse(response)
+        expect(receipt.reference).toBe(credential.challenge.id)
+      } finally {
+        httpServer.close()
+      }
+    },
+  )
 })

package/src/middlewares/elysia.test.ts

@@ -2,11 +2,14 @@ import * as http from 'node:http'
 
 import { Elysia } from 'elysia'
 import { Receipt } from 'mppx'
-import { Mppx as Mppx_client, tempo as tempo_client } from 'mppx/client'
+import { Mppx as Mppx_client, session as sessionIntent, tempo as tempo_client } from 'mppx/client'
 import { Mppx, discovery } from 'mppx/elysia'
 import { tempo as tempo_server } from 'mppx/server'
-import { describe, expect, test } from 'vp/test'
-import { accounts, asset, client } from '~test/tempo/viem.js'
+import type { Address } from 'viem'
+import { Addresses } from 'viem/tempo'
+import { beforeAll, describe, expect, test } from 'vp/test'
+import { deployEscrow } from '~test/tempo/session.js'
+import { accounts, asset, client, fundAccount } from '~test/tempo/viem.js'
 
 function createServer(app: Elysia<any, any, any, any, any, any, any>) {
   return new Promise<{ url: string; close: () => void }>((resolve) => {
@@ -34,13 +37,14 @@ function createServer(app: Elysia<any, any, any, any, any, any, any>) {
 
 const secretKey = 'test-secret-key'
 
-describe('charge', () => {
+function createChargeHarness(feePayer: boolean) {
   const mppx = Mppx.create({
     methods: [
       tempo_server.charge({
         getClient: () => client,
         currency: asset,
         recipient: accounts[0].address,
+        ...(feePayer ? { feePayer: true } : {}),
       }),
     ],
     secretKey,
@@ -56,7 +60,13 @@ describe('charge', () => {
     ],
   })
 
+  return { fetch, mppx }
+}
+
+describe('charge', () => {
   test('returns 402 when no credential', async () => {
+    const { mppx } = createChargeHarness(false)
+
     const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
       app.get('/', () => ({ fortune: 'You will be rich' })),
     )
@@ -70,6 +80,8 @@ describe('charge', () => {
   })
 
   test('returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createChargeHarness(false)
+
     const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
       app.get('/', () => ({ fortune: 'You will be rich' })),
     )
@@ -88,7 +100,24 @@ describe('charge', () => {
     server.close()
   })
 
+  test('fee payer: returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createChargeHarness(true)
+
+    const app = new Elysia().guard({ beforeHandle: mppx.charge({ amount: '1' }) }, (app) =>
+      app.get('/', () => ({ fortune: 'You will be rich' })),
+    )
+
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(Receipt.fromResponse(response).status).toBe('success')
+
+    server.close()
+  })
+
   test('serves /openapi.json from discovery plugin', async () => {
+    const { mppx } = createChargeHarness(false)
+
     const app = new Elysia().use(
       discovery(mppx, {
         info: { title: 'Elysia API', version: '1.0.0' },
@@ -113,3 +142,97 @@ describe('charge', () => {
     server.close()
   })
 })
+
+describe('session', () => {
+  let escrowContract: Address
+
+  function createSessionHarness(feePayer: boolean) {
+    const mppx = Mppx.create({
+      methods: [
+        tempo_server.session({
+          getClient: () => client,
+          account: accounts[0],
+          currency: asset,
+          escrowContract,
+          ...(feePayer ? { feePayer: accounts[1] } : {}),
+        } as any),
+      ],
+      secretKey,
+    })
+
+    const { fetch } = Mppx_client.create({
+      polyfill: false,
+      methods: [
+        sessionIntent({
+          account: accounts[2],
+          deposit: '10',
+          getClient: () => client,
+        }),
+      ],
+    })
+
+    return { fetch, mppx }
+  }
+
+  beforeAll(async () => {
+    escrowContract = await deployEscrow()
+    await fundAccount({ address: accounts[1].address, token: Addresses.pathUsd })
+    await fundAccount({ address: accounts[1].address, token: asset })
+    await fundAccount({ address: accounts[2].address, token: Addresses.pathUsd })
+    await fundAccount({ address: accounts[2].address, token: asset })
+  })
+
+  test('returns 402 when no credential', async () => {
+    const { mppx } = createSessionHarness(false)
+
+    const app = new Elysia().guard(
+      { beforeHandle: mppx.session({ amount: '1', currency: asset, unitType: 'token' }) },
+      (app) => app.get('/', () => ({ data: 'streamed' })),
+    )
+
+    const server = await createServer(app)
+    const response = await globalThis.fetch(server.url)
+    expect(response.status).toBe(402)
+    expect(response.headers.get('WWW-Authenticate')).toContain('Payment')
+
+    server.close()
+  })
+
+  test('returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createSessionHarness(false)
+
+    const app = new Elysia().guard(
+      { beforeHandle: mppx.session({ amount: '1', currency: asset, unitType: 'token' }) },
+      (app) => app.get('/', () => ({ data: 'streamed' })),
+    )
+
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+
+    const body = await response.json()
+    expect(body).toEqual({ data: 'streamed' })
+
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt.status).toBe('success')
+    expect(receipt.method).toBe('tempo')
+
+    server.close()
+  })
+
+  test('fee payer: returns 200 with receipt on valid payment', async () => {
+    const { fetch, mppx } = createSessionHarness(true)
+
+    const app = new Elysia().guard(
+      { beforeHandle: mppx.session({ amount: '1', currency: asset, unitType: 'token' }) },
+      (app) => app.get('/', () => ({ data: 'streamed' })),
+    )
+
+    const server = await createServer(app)
+    const response = await fetch(server.url)
+    expect(response.status).toBe(200)
+    expect(Receipt.fromResponse(response).status).toBe('success')
+
+    server.close()
+  })
+})