mppx 0.6.28 → 0.6.29

package/src/evm/client/Charge.ts

@@ -0,0 +1,198 @@
+import type { Account } from 'viem'
+import { getAddress, parseUnits } from 'viem'
+
+import * as Credential from '../../Credential.js'
+import * as Method from '../../Method.js'
+import * as x402_Exact from '../../x402/client/Exact.js'
+import * as x402_ChallengeBrand from '../../x402/internal/ChallengeBrand.js'
+import * as z from '../../zod.js'
+import * as Assets from '../Assets.js'
+import * as Methods from '../Methods.js'
+import * as Types from '../Types.js'
+
+/**
+ * Creates an EVM charge client method.
+ *
+ * Signs native Payment-auth `authorization` credentials for EVM charges. It
+ * also keeps x402 exact signing for x402 compatibility challenges.
+ */
+export function charge(parameters: charge.Parameters) {
+  return Method.toClient(Methods.charge, {
+    context: z.object({
+      account: z.optional(z.custom<Account>()),
+    }),
+    async createCredential({ challenge, context }) {
+      if (isX402Challenge(challenge))
+        return x402_Exact.createCredential({
+          challenge: challenge as never,
+          config: parameters as x402_Exact.Config,
+          context,
+        })
+
+      const account = (context?.account ?? parameters.account) as charge.Signer
+      if (!account.signTypedData) throw new Error('EVM authorization requires a typed-data signer.')
+
+      const request = challenge.request as Types.ChargeRequest
+      assertPolicy(parameters, request)
+      if (!request.methodDetails.credentialTypes?.includes('authorization')) {
+        throw new Error('EVM authorization is not accepted by this challenge.')
+      }
+      if (request.methodDetails.splits?.length) {
+        throw new Error('EVM authorization does not support payment splits.')
+      }
+
+      const authorization = resolveAuthorization(parameters, request)
+      const validBefore = challenge.expires
+        ? Math.floor(new Date(challenge.expires).getTime() / 1000).toString()
+        : (Math.floor(Date.now() / 1000) + 300).toString()
+
+      const payload: Types.AuthorizationPayload = {
+        from: getAddress(account.address),
+        nonce: Types.challengeHash(challenge),
+        signature: await account.signTypedData({
+          domain: Types.authorizationDomain({
+            authorization,
+            chainId: request.methodDetails.chainId,
+            currency: request.currency as `0x${string}`,
+          }),
+          message: {
+            from: getAddress(account.address),
+            nonce: Types.challengeHash(challenge),
+            to: getAddress(request.recipient),
+            validAfter: 0n,
+            validBefore: BigInt(validBefore),
+            value: BigInt(request.amount),
+          },
+          primaryType: 'TransferWithAuthorization',
+          types: Types.authorizationTypes,
+        }),
+        to: getAddress(request.recipient),
+        type: 'authorization',
+        validAfter: '0',
+        validBefore,
+        value: request.amount,
+      }
+
+      return Credential.serialize(
+        Credential.from({
+          challenge,
+          payload,
+          source: Types.toSource({
+            address: getAddress(account.address),
+            chainId: request.methodDetails.chainId,
+          }),
+        }),
+      )
+    },
+  })
+}
+
+export declare namespace charge {
+  type Signer = Account & {
+    signTypedData?: (parameters: any) => Promise<`0x${string}`>
+  }
+
+  type Parameters = {
+    /** Account used to sign EVM charge credentials. */
+    account: Account
+    /** EIP-3009 token domain metadata for custom currencies. */
+    authorization?: Types.AuthorizationConfig | undefined
+    /** Optional token decimals used to parse `maxAmount` when currency metadata is not provided. */
+    decimals?: number | undefined
+    /** Optional maximum display-unit amount the client is willing to pay. */
+    maxAmount?: string | undefined
+    /** Optional maximum atomic amount the client is willing to pay. */
+    maxAtomicAmount?: string | undefined
+    /** Optional allowlist of supported EVM chain IDs. */
+    networks?: readonly number[] | undefined
+    /** Optional allowlist of supported currencies. */
+    currencies?: readonly (`0x${string}` | Assets.KnownAsset)[] | undefined
+    /** Legacy alias for `currencies`. */
+    assets?: readonly (`0x${string}` | Assets.KnownAsset)[] | undefined
+  }
+}
+
+function isX402Challenge(challenge: { request: Record<string, unknown> }) {
+  return (
+    x402_ChallengeBrand.is(challenge) &&
+    challenge.request.scheme === 'exact' &&
+    typeof challenge.request.network === 'string'
+  )
+}
+
+function assertPolicy(parameters: charge.Parameters, request: Types.ChargeRequest) {
+  const chainId = request.methodDetails.chainId
+  const network = Types.networkOf(chainId)
+  if (parameters.networks && !parameters.networks.includes(chainId))
+    throw new Error(`EVM chain ID is not allowed: ${chainId}.`)
+
+  const currencies = parameters.currencies ?? parameters.assets
+  if (currencies?.some((currency) => !Assets.isAsset(currency)) && !parameters.networks?.length)
+    throw new Error('EVM raw currency allowlists require networks.')
+  if (currencies) {
+    const acceptedCurrency = getAddress(request.currency as `0x${string}`)
+    const allowed = currencies.some((currency) =>
+      currencyMatches(currency, acceptedCurrency, network),
+    )
+    if (!allowed) throw new Error(`EVM currency is not allowed: ${acceptedCurrency}.`)
+  }
+
+  if (
+    parameters.maxAtomicAmount !== undefined &&
+    BigInt(request.amount) > BigInt(parameters.maxAtomicAmount)
+  )
+    throw new Error('EVM charge amount exceeds maxAtomicAmount.')
+
+  if (parameters.maxAmount !== undefined) {
+    const decimals = decimalsOfAcceptedCurrency(parameters, request)
+    if (decimals === undefined) throw new Error('EVM charge maxAmount requires currency decimals.')
+    if (BigInt(request.amount) > parseUnits(parameters.maxAmount, decimals))
+      throw new Error('EVM charge amount exceeds maxAmount.')
+  }
+}
+
+function resolveAuthorization(
+  parameters: charge.Parameters,
+  request: Types.ChargeRequest,
+): Types.AuthorizationConfig {
+  const currencies = parameters.currencies ?? parameters.assets
+  const acceptedCurrency = getAddress(request.currency as `0x${string}`)
+  const network = Types.networkOf(request.methodDetails.chainId)
+  const currency = currencies?.find((currency) =>
+    currencyMatches(currency, acceptedCurrency, network),
+  )
+  if (currency && Assets.isAsset(currency) && currency.transfer.type === Types.eip3009)
+    return {
+      name: currency.transfer.name,
+      version: currency.transfer.version,
+    }
+  if (parameters.authorization) return parameters.authorization
+  throw new Error('EVM authorization requires token name and version.')
+}
+
+function addressOf(currency: `0x${string}` | Assets.KnownAsset): `0x${string}` {
+  return Assets.isAsset(currency) ? currency.address : currency
+}
+
+function currencyMatches(
+  currency: `0x${string}` | Assets.KnownAsset,
+  acceptedCurrency: `0x${string}`,
+  network: Types.EvmNetwork,
+): boolean {
+  if (getAddress(addressOf(currency)) !== acceptedCurrency) return false
+  return !Assets.isAsset(currency) || currency.network === network
+}
+
+function decimalsOfAcceptedCurrency(
+  parameters: charge.Parameters,
+  request: Types.ChargeRequest,
+): number | undefined {
+  const currencies = parameters.currencies ?? parameters.assets
+  const acceptedCurrency = getAddress(request.currency as `0x${string}`)
+  const network = Types.networkOf(request.methodDetails.chainId)
+  const currency = currencies?.find((currency) =>
+    currencyMatches(currency, acceptedCurrency, network),
+  )
+  if (currency && Assets.isAsset(currency)) return currency.decimals
+  return parameters.decimals
+}

package/src/evm/client/Methods.ts

@@ -0,0 +1,19 @@
+import * as Assets from '../Assets.js'
+import * as Chains from '../Chains.js'
+import { charge as charge_ } from './Charge.js'
+
+/** Creates EVM client methods from shared charge parameters. */
+export function evm(parameters: evm.Parameters) {
+  return [evm.charge(parameters)] as const
+}
+
+export namespace evm {
+  export type Parameters = charge_.Parameters
+
+  /** Creates an EVM `charge` client method. */
+  export const charge = charge_
+  /** Known EVM asset metadata for public config. */
+  export const assets = Assets
+  /** Common EVM chain IDs for public config. */
+  export const chains = Chains
+}

package/src/evm/client/index.ts

@@ -0,0 +1,5 @@
+export * as assets from '../Assets.js'
+export * as Chains from '../Chains.js'
+export * as chains from '../Chains.js'
+export { charge } from './Charge.js'
+export { evm } from './Methods.js'

package/src/evm/index.ts

@@ -0,0 +1,13 @@
+export * as Assets from './Assets.js'
+export * as Chains from './Chains.js'
+export * as Methods from './Methods.js'
+export * as Types from './Types.js'
+export * as assets from './Assets.js'
+export * as chains from './Chains.js'
+export * from './Types.js'
+export type {
+  ExactEip3009Transfer,
+  ExactPermit2Transfer,
+  ExactTransfer,
+  ResourceInfo,
+} from '../x402/Types.js'

package/src/evm/server/Charge.test.ts

@@ -0,0 +1,199 @@
+import { Challenge, Credential, Receipt } from 'mppx'
+import { evm as evm_client, Mppx as ClientMppx } from 'mppx/client'
+import { Types as evm_Types } from 'mppx/evm'
+import { evm, Mppx } from 'mppx/server'
+import { Header as x402_Header, Types as x402_Types, type PaymentPayload } from 'mppx/x402'
+import { privateKeyToAccount } from 'viem/accounts'
+import { describe, expect, test } from 'vp/test'
+
+const currency = '0x036CbD53842c5426634e7929541eC2318f3dCF7e'
+const recipient = '0x209693Bc6afc0C5328bA36FaF03C514EF312287C'
+const transaction = `0x${'1'.repeat(64)}`
+const account = privateKeyToAccount(
+  '0x0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef',
+)
+
+describe('evm charge server', () => {
+  test('settles native Payment-auth authorization credentials', async () => {
+    let facilitated:
+      | {
+          paymentPayload: PaymentPayload
+          paymentRequirements: x402_Types.PaymentRequirements
+        }
+      | undefined
+
+    const mppx = Mppx.create({
+      methods: [
+        evm({
+          currency: evm.assets.baseSepolia.USDC,
+          recipient,
+          x402: {
+            facilitator: {
+              async verify(paymentPayload, paymentRequirements) {
+                facilitated = { paymentPayload, paymentRequirements }
+                return { isValid: true }
+              },
+              async settle(paymentPayload, paymentRequirements) {
+                facilitated = { paymentPayload, paymentRequirements }
+                return {
+                  network: paymentRequirements.network,
+                  success: true,
+                  transaction,
+                }
+              },
+            },
+          },
+        }),
+      ],
+      secretKey: 'test-secret',
+    })
+    const client = ClientMppx.create({
+      methods: [
+        evm_client({
+          account,
+          currencies: [evm_client.assets.baseSepolia.USDC],
+          maxAmount: '0.25',
+        }),
+      ],
+      polyfill: false,
+    })
+    const route = mppx.evm.charge({ amount: '0.25' })
+
+    const first = await route(new Request('https://example.com/paid'))
+    expect(first.status).toBe(402)
+    if (first.status !== 402) throw new Error()
+
+    const challenge = Challenge.fromResponse(first.challenge)
+    expect(challenge.method).toBe('evm')
+    expect(challenge.intent).toBe('charge')
+    expect(challenge.request).toEqual({
+      amount: '250000',
+      currency,
+      methodDetails: {
+        chainId: 84532,
+        credentialTypes: ['authorization'],
+        decimals: 6,
+      },
+      recipient,
+    })
+
+    const authorization = await client.createCredential(first.challenge)
+    const credential = Credential.deserialize<evm_Types.AuthorizationPayload>(authorization)
+    expect(credential.payload.type).toBe('authorization')
+    expect(credential.payload.nonce).toBe(evm_Types.challengeHash(challenge))
+    expect(credential.payload.to).toBe(recipient)
+    expect(credential.payload.value).toBe('250000')
+
+    const result = await route(
+      new Request('https://example.com/paid', {
+        headers: { Authorization: authorization },
+      }),
+    )
+
+    expect(result.status).toBe(200)
+    if (result.status !== 200) throw new Error()
+    const response = result.withReceipt(Response.json({ ok: true }))
+    const receipt = Receipt.fromResponse(response)
+    expect(receipt).toMatchObject({
+      method: 'evm',
+      reference: transaction,
+      status: 'success',
+    })
+    expect(facilitated?.paymentRequirements).toEqual({
+      amount: '250000',
+      asset: currency,
+      extra: {
+        assetTransferMethod: evm_Types.eip3009,
+        name: 'USDC',
+        version: '2',
+      },
+      maxTimeoutSeconds: 300,
+      network: evm_Types.networkOf(84532),
+      payTo: recipient,
+      scheme: 'exact',
+    })
+    expect(facilitated?.paymentPayload.payload).toEqual({
+      authorization: {
+        from: credential.payload.from,
+        nonce: credential.payload.nonce,
+        to: credential.payload.to,
+        validAfter: credential.payload.validAfter,
+        validBefore: credential.payload.validBefore,
+        value: credential.payload.value,
+      },
+      signature: credential.payload.signature,
+    })
+
+    const forgedPayload: evm_Types.AuthorizationPayload = {
+      ...credential.payload,
+      nonce: `0x${'2'.repeat(64)}`,
+      signature: await account.signTypedData({
+        domain: evm_Types.authorizationDomain({
+          authorization: { name: 'USDC', version: '2' },
+          chainId: 84532,
+          currency,
+        }),
+        message: {
+          from: credential.payload.from as `0x${string}`,
+          nonce: `0x${'2'.repeat(64)}` as `0x${string}`,
+          to: credential.payload.to as `0x${string}`,
+          validAfter: BigInt(credential.payload.validAfter),
+          validBefore: BigInt(credential.payload.validBefore),
+          value: BigInt(credential.payload.value),
+        },
+        primaryType: 'TransferWithAuthorization',
+        types: evm_Types.authorizationTypes,
+      }),
+    }
+    const forgedAuthorization = Credential.serialize(
+      Credential.from({
+        challenge,
+        payload: forgedPayload,
+        ...(credential.source ? { source: credential.source } : {}),
+      }),
+    )
+
+    const forgedResult = await route(
+      new Request('https://example.com/paid', {
+        headers: {
+          Authorization: forgedAuthorization,
+          [x402_Types.paymentSignatureHeader]: 'ignored-for-native-authorization',
+        },
+      }),
+    )
+    expect(forgedResult.status).toBe(402)
+
+    const paymentRequired = x402_Header.decodePaymentRequired(
+      first.challenge.headers.get(x402_Types.paymentRequiredHeader)!,
+    )
+    const x402Authorization = Credential.serialize(
+      Credential.from({
+        challenge,
+        payload: {
+          accepted: paymentRequired.accepts[0]!,
+          extensions: paymentRequired.extensions,
+          payload: {
+            authorization: {
+              from: account.address,
+              nonce: `0x${'3'.repeat(64)}`,
+              to: recipient,
+              validAfter: '0',
+              validBefore: '9999999999',
+              value: paymentRequired.accepts[0]!.amount,
+            },
+            signature: `0x${'4'.repeat(130)}`,
+          },
+          resource: paymentRequired.resource,
+          x402Version: 2,
+        } satisfies PaymentPayload,
+      }),
+    )
+
+    const x402InAuthorizationResult = await route(
+      new Request('https://example.com/paid', {
+        headers: { Authorization: x402Authorization },
+      }),
+    )
+    expect(x402InAuthorizationResult.status).toBe(402)
+  })
+})