mppx 0.6.24 → 0.6.26

package/src/tempo/server/Charge.test.ts

@@ -3881,6 +3881,195 @@ describe('tempo', () => {
       httpServer.close()
     })
 
+    test('server accepts hash transfers from a different source when validateSender allows it', async () => {
+      let validateSenderCalled = false
+      const validatingServer = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return client
+            },
+            currency: asset,
+            account: accounts[0],
+            validateSender({ expectedSender, sender, source }) {
+              validateSenderCalled = true
+              expect(sender.toLowerCase()).toBe(accounts[1].address.toLowerCase())
+              expect(expectedSender.toLowerCase()).toBe(accounts[2].address.toLowerCase())
+              expect(source).toEqual({
+                address: accounts[2].address,
+                chainId: chain.id,
+              })
+              return true
+            },
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          validatingServer.charge({ amount: '1', decimals: 6 }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const challenge = Challenge.fromResponse(response, {
+        methods: [tempo_client.charge()],
+      })
+      const memo = Attribution.encode({ challengeId: challenge.id, serverId: challenge.realm })
+
+      const { receipt } = await Actions.token.transferSync(client, {
+        account: accounts[1],
+        amount: BigInt(challenge.request.amount),
+        memo: memo as Hex.Hex,
+        to: challenge.request.recipient as Hex.Hex,
+        token: challenge.request.currency as Hex.Hex,
+      })
+
+      const credential = Credential.from({
+        challenge,
+        payload: { hash: receipt.transactionHash, type: 'hash' as const },
+        source: `did:pkh:eip155:${chain.id}:${accounts[2].address}`,
+      })
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: Credential.serialize(credential) },
+        })
+        expect(response.status).toBe(200)
+        expect(validateSenderCalled).toBe(true)
+      }
+
+      httpServer.close()
+    })
+
+    test('server rejects hash transfers that reuse one transferWithMemo for duplicate expected transfers', async () => {
+      const validatingServer = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return client
+            },
+            currency: asset,
+            account: accounts[0],
+            validateSender() {
+              return true
+            },
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          validatingServer.charge({
+            amount: '2',
+            currency: asset,
+            recipient: accounts[0].address,
+            splits: [{ amount: '1', recipient: accounts[0].address }],
+          }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const challenge = Challenge.fromResponse(response, {
+        methods: [tempo_client.charge()],
+      })
+      const memo = Attribution.encode({ challengeId: challenge.id, serverId: challenge.realm })
+      const splits = challenge.request.methodDetails?.splits ?? []
+      const primaryAmount = BigInt(challenge.request.amount) - BigInt(splits[0]!.amount)
+
+      const { receipt } = await Actions.token.transferSync(client, {
+        account: accounts[1],
+        amount: primaryAmount,
+        memo: memo as Hex.Hex,
+        to: challenge.request.recipient as Hex.Hex,
+        token: challenge.request.currency as Hex.Hex,
+      })
+
+      const credential = Credential.from({
+        challenge,
+        payload: { hash: receipt.transactionHash, type: 'hash' as const },
+        source: `did:pkh:eip155:${chain.id}:${accounts[2].address}`,
+      })
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: Credential.serialize(credential) },
+        })
+        expect(response.status).toBe(402)
+        const body = (await response.json()) as { detail: string }
+        expect(body.detail).toContain('no matching transfer found')
+      }
+
+      httpServer.close()
+    })
+
+    test('server skips validateSender when hash transfer source already matches', async () => {
+      const validatingServer = Mppx_server.create({
+        methods: [
+          tempo_server.charge({
+            getClient() {
+              return client
+            },
+            currency: asset,
+            account: accounts[0],
+            validateSender() {
+              throw new Error('validateSender should not run for matching senders')
+            },
+          }),
+        ],
+        realm,
+        secretKey,
+      })
+      const httpServer = await Http.createServer(async (req, res) => {
+        const result = await Mppx_server.toNodeListener(
+          validatingServer.charge({ amount: '1', decimals: 6 }),
+        )(req, res)
+        if (result.status === 402) return
+        res.end('OK')
+      })
+
+      const response = await fetch(httpServer.url)
+      expect(response.status).toBe(402)
+
+      const challenge = Challenge.fromResponse(response, {
+        methods: [tempo_client.charge()],
+      })
+      const memo = Attribution.encode({ challengeId: challenge.id, serverId: challenge.realm })
+
+      const { receipt } = await Actions.token.transferSync(client, {
+        account: accounts[1],
+        amount: BigInt(challenge.request.amount),
+        memo: memo as Hex.Hex,
+        to: challenge.request.recipient as Hex.Hex,
+        token: challenge.request.currency as Hex.Hex,
+      })
+
+      const credential = Credential.from({
+        challenge,
+        payload: { hash: receipt.transactionHash, type: 'hash' as const },
+        source: `did:pkh:eip155:${chain.id}:${accounts[1].address}`,
+      })
+
+      {
+        const response = await fetch(httpServer.url, {
+          headers: { Authorization: Credential.serialize(credential) },
+        })
+        expect(response.status).toBe(200)
+      }
+
+      httpServer.close()
+    })
+
     test('server rejects hash credentials with malformed source', async () => {
       const httpServer = await Http.createServer(async (req, res) => {
         const result = await Mppx_server.toNodeListener(

package/src/tempo/server/Charge.ts

@@ -63,6 +63,7 @@ export function charge<const parameters extends charge.Parameters>(
     feePayerPolicy,
     html,
     memo,
+    validateSender,
     waitForConfirmation = true,
   } = parameters
   const store = (parameters.store ?? Store.memory()) as Store.AtomicStore<charge.StoreItemMap>
@@ -230,10 +231,12 @@ export function charge<const parameters extends charge.Parameters>(
             })
             const receipt = await getTransactionReceipt(client, { hash })
             const sender = source?.address ?? receipt.from
-            const matchedLogs = assertTransferLogs(receipt, {
+            const matchedLogs = await assertTransferLogs(receipt, {
               currency,
               sender,
+              source,
               transfers: expectedTransfers,
+              validateSender,
             })
             // Only verify challenge binding when using auto-generated attribution memos.
             // Explicit memos (set by the server) are strictly matched by assertTransferLogs
@@ -415,7 +418,7 @@ export function charge<const parameters extends charge.Parameters>(
               const receipt = await sendRawTransactionSync(client, {
                 serializedTransaction: serializedTransaction_final,
               })
-              const matchedLogs = assertTransferLogs(receipt, {
+              const matchedLogs = await assertTransferLogs(receipt, {
                 currency,
                 sender: transaction.from! as `0x${string}`,
                 transfers,
@@ -490,6 +493,17 @@ export declare namespace charge {
 
   type Defaults = LooseOmit<Method.RequestDefaults<typeof Methods.charge>, 'feePayer' | 'recipient'>
 
+  type ValidateSender = (parameters: ValidateSenderParameters) => boolean | Promise<boolean>
+
+  type ValidateSenderParameters = {
+    /** Actual TIP-20 `Transfer.from` address. */
+    sender: `0x${string}`
+    /** Address that mppx would normally require as the sender. */
+    expectedSender: `0x${string}`
+    /** Parsed hash credential source when the credential includes one. */
+    source?: { address: `0x${string}`; chainId: number } | undefined
+  }
+
   type Parameters = {
     /** Render payment page when Accept header is text/html (e.g. in browsers) */
     html?: boolean | Html.Config | undefined
@@ -519,6 +533,12 @@ export declare namespace charge {
      * proofs are visible across all server instances.
      */
     store?: Store.AtomicStore | undefined
+    /**
+     * Validates a TIP-20 transfer sender when it differs from the credential
+     * source. Core verification still validates amount, currency, recipient,
+     * memo binding, transaction success, and replay protection.
+     */
+    validateSender?: ValidateSender | undefined
     /**
      * Whether to wait for the charge transaction to confirm on-chain before
      * responding. @default true
@@ -687,29 +707,17 @@ type TransferLog =
       address: `0x${string}`
     }
 
-function assertTransferLogs(
+async function assertTransferLogs(
   receipt: TransactionReceipt,
   parameters: {
     currency: `0x${string}`
     sender: `0x${string}`
+    source?: { address: `0x${string}`; chainId: number } | undefined
     transfers: readonly ExpectedTransfer[]
+    validateSender?: charge.ValidateSender | undefined
   },
-): TransferLog[] {
-  const transferLogs = parseEventLogs({
-    abi: Abis.tip20,
-    eventName: 'Transfer',
-    logs: receipt.logs,
-  }).map((log) => ({ ...log, kind: 'transfer' as const }))
-
-  const memoLogs = parseEventLogs({
-    abi: Abis.tip20,
-    eventName: 'TransferWithMemo',
-    logs: receipt.logs,
-  }).map((log) => ({ ...log, kind: 'memo' as const }))
-
-  // Prefer memo logs so allowAnyMemo matches TransferWithMemo before Transfer,
-  // preserving the memo for challenge binding verification.
-  const logs = [...memoLogs, ...transferLogs]
+): Promise<TransferLog[]> {
+  const logs = getTransferLogEffects(receipt)
   const used = new Set<number>()
   const matched: TransferLog[] = []
 
@@ -722,18 +730,31 @@ function assertTransferLogs(
   })
 
   for (const transfer of sorted) {
-    const matchIndex = logs.findIndex((log, index) => {
-      if (used.has(index)) return false
-      if (!TempoAddress.isEqual(log.address, parameters.currency)) return false
-      if (!TempoAddress.isEqual(log.args.from, parameters.sender)) return false
-      if (!TempoAddress.isEqual(log.args.to, transfer.recipient)) return false
-      if (log.args.amount.toString() !== transfer.amount) return false
-      if (transfer.memo) {
-        return log.kind === 'memo' && log.args.memo.toLowerCase() === transfer.memo.toLowerCase()
-      }
-      if (transfer.allowAnyMemo) return log.kind === 'transfer' || log.kind === 'memo'
-      return log.kind === 'transfer'
-    })
+    let matchIndex = -1
+    for (const [index, log] of logs.entries()) {
+      if (used.has(index)) continue
+      if (!TempoAddress.isEqual(log.address, parameters.currency)) continue
+      if (!TempoAddress.isEqual(log.args.to, transfer.recipient)) continue
+      if (log.args.amount.toString() !== transfer.amount) continue
+      const memoMatches = (() => {
+        if (transfer.memo)
+          return log.kind === 'memo' && log.args.memo.toLowerCase() === transfer.memo.toLowerCase()
+        if (transfer.allowAnyMemo) return log.kind === 'transfer' || log.kind === 'memo'
+        return log.kind === 'transfer'
+      })()
+      if (!memoMatches) continue
+      if (
+        !(await isValidTransferSender({
+          expectedSender: parameters.sender,
+          sender: log.args.from,
+          source: parameters.source,
+          validateSender: parameters.validateSender,
+        }))
+      )
+        continue
+      matchIndex = index
+      break
+    }
 
     if (matchIndex === -1) {
       throw new MismatchError('Payment verification failed: no matching transfer found.', {
@@ -750,6 +771,102 @@ function assertTransferLogs(
   return matched
 }
 
+type ParsedTransferLog =
+  | {
+      kind: 'transfer'
+      args: { from: `0x${string}`; to: `0x${string}`; amount: bigint }
+      address: `0x${string}`
+      logIndex: number
+    }
+  | {
+      kind: 'memo'
+      args: { from: `0x${string}`; to: `0x${string}`; amount: bigint; memo: `0x${string}` }
+      address: `0x${string}`
+      logIndex: number
+    }
+
+function getTransferLogEffects(receipt: TransactionReceipt): TransferLog[] {
+  const transferLogs = parseEventLogs({
+    abi: Abis.tip20,
+    eventName: 'Transfer',
+    logs: receipt.logs,
+  }).map(
+    (log) =>
+      ({
+        address: log.address,
+        args: log.args,
+        kind: 'transfer',
+        logIndex: log.logIndex,
+      }) as ParsedTransferLog,
+  )
+
+  const memoLogs = parseEventLogs({
+    abi: Abis.tip20,
+    eventName: 'TransferWithMemo',
+    logs: receipt.logs,
+  }).map(
+    (log) =>
+      ({
+        address: log.address,
+        args: log.args,
+        kind: 'memo',
+        logIndex: log.logIndex,
+      }) as ParsedTransferLog,
+  )
+
+  const logs = [...transferLogs, ...memoLogs].sort((a, b) => a.logIndex - b.logIndex)
+  const effects: TransferLog[] = []
+
+  for (let index = 0; index < logs.length; index++) {
+    const log = logs[index]!
+    const next = logs[index + 1]
+    if (next && log.kind !== next.kind && isSameTransferLog(log, next)) {
+      const memoLog = log.kind === 'memo' ? log : next.kind === 'memo' ? next : undefined
+      if (!memoLog) continue
+      effects.push({
+        address: memoLog.address,
+        args: memoLog.args,
+        kind: 'memo',
+      })
+      index++
+      continue
+    }
+
+    effects.push({
+      address: log.address,
+      args: log.args,
+      kind: log.kind,
+    } as TransferLog)
+  }
+
+  return effects
+}
+
+function isSameTransferLog(a: ParsedTransferLog, b: ParsedTransferLog): boolean {
+  return (
+    TempoAddress.isEqual(a.address, b.address) &&
+    TempoAddress.isEqual(a.args.from, b.args.from) &&
+    TempoAddress.isEqual(a.args.to, b.args.to) &&
+    a.args.amount === b.args.amount &&
+    Math.abs(a.logIndex - b.logIndex) === 1
+  )
+}
+
+async function isValidTransferSender(parameters: {
+  expectedSender: `0x${string}`
+  sender: `0x${string}`
+  source?: { address: `0x${string}`; chainId: number } | undefined
+  validateSender?: charge.ValidateSender | undefined
+}): Promise<boolean> {
+  if (TempoAddress.isEqual(parameters.sender, parameters.expectedSender)) return true
+  if (!parameters.validateSender) return false
+  return parameters.validateSender({
+    expectedSender: parameters.expectedSender,
+    sender: parameters.sender,
+    source: parameters.source,
+  })
+}
+
 /** @internal */
 function getHashStoreKey(hash: `0x${string}`): `mppx:charge:${string}` {
   return `mppx:charge:${hash.toLowerCase()}`

package/src/tempo/server/Subscription.test.ts

@@ -1395,11 +1395,8 @@ describe('tempo.subscription', () => {
       reference: hashStale,
     })
 
-    const result = await renew({
-      getClient: async () => client,
-      store,
+    const result = await mppx.tempo.subscription.renew({
       subscriptionId: record.subscriptionId,
-      waitForConfirmation: false,
     })
 
     expect(result?.receipt.reference).toBe(hashBackground)