mppx 0.5.7 → 0.5.9

package/src/tempo/server/Charge.ts

@@ -62,8 +62,8 @@ export function charge<const parameters extends charge.Parameters>(
     memo,
     waitForConfirmation = true,
   } = parameters
-  const store = (parameters.store ?? Store.memory()) as Store.Store<charge.StoreItemMap>
-  const proofStore = parameters.store as Store.Store<charge.StoreItemMap> | undefined
+  const store = (parameters.store ?? Store.memory()) as Store.AtomicStore<charge.StoreItemMap>
+  const proofStore = parameters.store as Store.AtomicStore<charge.StoreItemMap> | undefined
 
   const { recipient, feePayer, feePayerUrl } = Account.resolve(parameters)
 
@@ -154,7 +154,7 @@ export function charge<const parameters extends charge.Parameters>(
       const { challenge } = credential
       const resolvedRequest = Methods.charge.schema.request.parse(request)
       const chainId = resolvedRequest.methodDetails?.chainId ?? request.chainId
-      const feePayer = request.feePayer
+      const feePayer = typeof request.feePayer === 'object' ? request.feePayer : undefined
 
       const client = await getClient({ chainId })
 
@@ -177,7 +177,9 @@ export function charge<const parameters extends charge.Parameters>(
       switch (payload.type) {
         case 'hash': {
           const hash = payload.hash as `0x${string}`
-          await assertHashUnused(store, hash)
+          if (!(await markHashUsed(store, hash))) {
+            throw new VerificationFailedError({ reason: 'Transaction hash has already been used' })
+          }
 
           const expectedTransfers = getExpectedTransfers({ amount, memo, methodDetails, recipient })
           const receipt = await getTransactionReceipt(client, { hash })
@@ -186,7 +188,6 @@ export function charge<const parameters extends charge.Parameters>(
             sender: receipt.from,
             transfers: expectedTransfers,
           })
-
           // Only verify challenge binding when using auto-generated attribution memos.
           // Explicit memos (set by the server) are strictly matched by assertTransferLogs
           // but are NOT challenge-bound — callers that set explicit memos are responsible
@@ -197,8 +198,6 @@ export function charge<const parameters extends charge.Parameters>(
               realm: challenge.realm,
             })
 
-          await markHashUsed(store, hash)
-
           return toReceipt(receipt)
         }
 
@@ -230,9 +229,8 @@ export function charge<const parameters extends charge.Parameters>(
           })
           if (!valid) throw new MismatchError('Proof signature does not match source.', {})
 
-          if (proofStore) {
-            await assertProofUnused(proofStore, challenge.id)
-            await markProofUsed(proofStore, challenge.id)
+          if (proofStore && !(await markProofUsed(proofStore, challenge.id))) {
+            throw new VerificationFailedError({ reason: 'Proof credential has already been used' })
           }
 
           return {
@@ -248,64 +246,80 @@ export function charge<const parameters extends charge.Parameters>(
 
           // Pre-broadcast dedup: catch exact byte-for-byte replays early.
           const hash = keccak256(serializedTransaction)
-          await assertHashUnused(store, hash)
-          await markHashUsed(store, hash)
-
-          if (!FeePayer.isTempoTransaction(serializedTransaction))
-            throw new MismatchError('Only Tempo (0x76/0x78) transactions are supported.', {})
-
-          const transaction = Transaction.deserialize(serializedTransaction)
-          if (!transaction.signature || !transaction.from)
-            throw new MismatchError(
-              'Transaction must be signed by the sender before fee payer co-signing.',
-              {},
-            )
+          if (!(await markHashUsed(store, hash))) {
+            throw new VerificationFailedError({ reason: 'Transaction hash has already been used' })
+          }
 
-          const calls = (transaction.calls ?? []) as readonly {
-            data?: `0x${string}` | undefined
-            to?: `0x${string}` | undefined
-          }[]
-          const transfers = getExpectedTransfers({ amount, memo, methodDetails, recipient })
-          const isFeePayerTx = !!(feePayer || feePayerUrl) && methodDetails?.feePayer !== false
-          assertTransferCalls(calls, { currency, exactCount: isFeePayerTx, transfers })
-
-          if (isFeePayerTx)
-            FeePayer.validateCalls(transaction.calls, { amount, currency, recipient })
-
-          const resolvedFeeToken =
-            transaction.feeToken ?? defaults.currency[chainId as keyof typeof defaults.currency]
-
-          const serializedTransaction_final = await (async () => {
-            if (feePayer && methodDetails?.feePayer !== false) {
-              return signTransaction(client, {
-                ...transaction,
-                account: feePayer,
-                feePayer,
-                feeToken: resolvedFeeToken,
-              } as never)
+          let releaseReservation = true
+
+          try {
+            if (!FeePayer.isTempoTransaction(serializedTransaction))
+              throw new MismatchError('Only Tempo (0x76/0x78) transactions are supported.', {})
+
+            const transaction = Transaction.deserialize(serializedTransaction)
+            if (!transaction.signature || !transaction.from)
+              throw new MismatchError(
+                'Transaction must be signed by the sender before fee payer co-signing.',
+                {},
+              )
+
+            const calls = (transaction.calls ?? []) as readonly {
+              data?: `0x${string}` | undefined
+              to?: `0x${string}` | undefined
+            }[]
+            const transfers = getExpectedTransfers({ amount, memo, methodDetails, recipient })
+            const isFeePayerTx = !!(feePayer || feePayerUrl) && methodDetails?.feePayer !== false
+            assertTransferCalls(calls, { currency, exactCount: isFeePayerTx, transfers })
+
+            if (isFeePayerTx)
+              FeePayer.validateCalls(transaction.calls, { amount, currency, recipient })
+
+            const expectedFeeToken = defaults.currency[chainId as keyof typeof defaults.currency]
+            const resolvedFeeToken = transaction.feeToken ?? expectedFeeToken
+
+            const serializedTransaction_final = await (async () => {
+              if (feePayer && methodDetails?.feePayer !== false) {
+                const sponsored = FeePayer.prepareSponsoredTransaction({
+                  account: feePayer,
+                  challengeExpires: expires,
+                  chainId: chainId ?? client.chain!.id,
+                  details: { amount, currency, recipient },
+                  expectedFeeToken,
+                  transaction: {
+                    ...transaction,
+                    ...(resolvedFeeToken ? { feeToken: resolvedFeeToken } : {}),
+                  },
+                })
+                return signTransaction(client, sponsored as never)
+              }
+              return serializedTransaction
+            })()
+
+            if (waitForConfirmation) {
+              const receipt = await sendRawTransactionSync(client, {
+                serializedTransaction: serializedTransaction_final,
+              })
+              assertTransferLogs(receipt, {
+                currency,
+                sender: transaction.from! as `0x${string}`,
+                transfers,
+              })
+              // Post-broadcast dedup: catch malleable input variants
+              // (different serialized bytes, same underlying tx) that
+              // bypass the pre-broadcast check. Skip if the broadcast
+              // hash matches the input hash (already stored above).
+              if (
+                receipt.transactionHash.toLowerCase() !== hash.toLowerCase() &&
+                !(await markHashUsed(store, receipt.transactionHash))
+              ) {
+                throw new VerificationFailedError({
+                  reason: 'Transaction hash has already been used',
+                })
+              }
+              releaseReservation = false
+              return toReceipt(receipt)
             }
-            return serializedTransaction
-          })()
 
-          if (waitForConfirmation) {
-            const receipt = await sendRawTransactionSync(client, {
-              serializedTransaction: serializedTransaction_final,
-            })
-            assertTransferLogs(receipt, {
-              currency,
-              sender: transaction.from! as `0x${string}`,
-              transfers,
-            })
-            // Post-broadcast dedup: catch malleable input variants
-            // (different serialized bytes, same underlying tx) that
-            // bypass the pre-broadcast check. Skip if the broadcast
-            // hash matches the input hash (already stored above).
-            if (receipt.transactionHash.toLowerCase() !== hash.toLowerCase()) {
-              await assertHashUnused(store, receipt.transactionHash)
-              await markHashUsed(store, receipt.transactionHash)
-            }
-            return toReceipt(receipt)
-          } else {
             // Optimistic path: simulate to catch obvious reverts, then broadcast
             // without waiting for on-chain confirmation. The returned receipt
             // assumes success — callers opt into this risk via waitForConfirmation: false.
@@ -319,16 +333,24 @@ export function charge<const parameters extends charge.Parameters>(
               serializedTransaction: serializedTransaction_final,
             })
             // Post-broadcast dedup: same
-            if (reference.toLowerCase() !== hash.toLowerCase()) {
-              await assertHashUnused(store, reference)
-              await markHashUsed(store, reference)
+            if (
+              reference.toLowerCase() !== hash.toLowerCase() &&
+              !(await markHashUsed(store, reference))
+            ) {
+              throw new VerificationFailedError({
+                reason: 'Transaction hash has already been used',
+              })
             }
+            releaseReservation = false
             return {
               method: 'tempo',
               status: 'success',
               timestamp: new Date().toISOString(),
               reference,
             } as const
+          } catch (error) {
+            if (releaseReservation) await releaseHashUse(store, hash)
+            throw error
           }
         }
 
@@ -357,10 +379,13 @@ export declare namespace charge {
      * is explicitly provided; otherwise proofs remain reusable until the
      * challenge expires.
      *
+     * Replay protection requires a {@link Store.AtomicStore} so replay markers
+     * can be written atomically.
+     *
      * Use a shared store in multi-instance deployments so consumed hashes and
      * proofs are visible across all server instances.
      */
-    store?: Store.Store | undefined
+    store?: Store.AtomicStore | undefined
     /**
      * Whether to wait for the charge transaction to confirm on-chain before
      * responding. @default true
@@ -597,40 +622,33 @@ function getProofStoreKey(challengeId: string): `mppx:charge:${string}` {
   return `mppx:charge:proof:${challengeId}`
 }
 
-/** @internal */
-async function assertHashUnused(
-  store: Store.Store<charge.StoreItemMap>,
-  hash: `0x${string}`,
-): Promise<void> {
-  const seen = await store.get(getHashStoreKey(hash))
-  if (seen !== null)
-    throw new VerificationFailedError({ reason: 'Transaction hash has already been used' })
-}
-
-/** @internal */
 async function markHashUsed(
-  store: Store.Store<charge.StoreItemMap>,
+  store: Store.AtomicStore<charge.StoreItemMap>,
   hash: `0x${string}`,
-): Promise<void> {
-  await store.put(getHashStoreKey(hash), Date.now())
+): Promise<boolean> {
+  return store.update(getHashStoreKey(hash), (current) => {
+    if (current !== null) return { op: 'noop', result: false }
+    return { op: 'set', value: Date.now(), result: true }
+  })
 }
 
 /** @internal */
-async function assertProofUnused(
-  store: Store.Store<charge.StoreItemMap>,
-  challengeId: string,
+async function releaseHashUse(
+  store: Store.AtomicStore<charge.StoreItemMap>,
+  hash: `0x${string}`,
 ): Promise<void> {
-  const seen = await store.get(getProofStoreKey(challengeId))
-  if (seen !== null)
-    throw new VerificationFailedError({ reason: 'Proof credential has already been used' })
+  await store.delete(getHashStoreKey(hash))
 }
 
 /** @internal */
 async function markProofUsed(
-  store: Store.Store<charge.StoreItemMap>,
+  store: Store.AtomicStore<charge.StoreItemMap>,
   challengeId: string,
-): Promise<void> {
-  await store.put(getProofStoreKey(challengeId), Date.now())
+): Promise<boolean> {
+  return store.update(getProofStoreKey(challengeId), (current) => {
+    if (current !== null) return { op: 'noop', result: false }
+    return { op: 'set', value: Date.now(), result: true }
+  })
 }
 
 /** @internal */
@@ -676,6 +694,13 @@ class MismatchError extends PaymentError {
   readonly type = 'https://paymentauth.org/problems/verification-failed'
 
   constructor(reason: string, details: Record<string, string>) {
-    super([reason, ...Object.entries(details).map(([k, v]) => `  - ${k}: ${v}`)].join('\n'))
+    super(
+      [
+        reason.startsWith('Payment verification failed')
+          ? reason
+          : `Payment verification failed: ${reason}`,
+        ...Object.entries(details).map(([k, v]) => `  - ${k}: ${v}`),
+      ].join('\n'),
+    )
   }
 }

package/src/tempo/server/Methods.ts

@@ -1,3 +1,4 @@
+import * as Ws_ from '../session/Ws.js'
 import { charge as charge_ } from './Charge.js'
 import { session as session_, settle as settle_ } from './Session.js'
 
@@ -29,4 +30,6 @@ export namespace tempo {
   export const session = session_
   /** One-shot settle: reads highest voucher from storage and submits on-chain. */
   export const settle = settle_
+  /** Experimental websocket helpers for Tempo sessions. */
+  export const Ws = Ws_
 }