payment-kit 1.18.10 → 1.18.11

package/api/src/libs/util.ts

@@ -11,7 +11,7 @@ import { joinURL, withQuery, withTrailingSlash } from 'ufo';
 import axios from 'axios';
 import dayjs from './dayjs';
 import { blocklet, wallet } from './auth';
-import type { Subscription } from '../store/models';
+import type { PaymentMethod, Subscription } from '../store/models';
 import logger from './logger';
 
 export const OCAP_PAYMENT_TX_TYPE = 'fg:t:transfer_v2';
@@ -73,7 +73,7 @@ export const STRIPE_EVENTS: any[] = [
   'refund.updated',
 ];
 
-const api = axios.create({
+export const api = axios.create({
   timeout: 10 * 1000,
 });
 
@@ -458,3 +458,53 @@ export function getAdminBillingSubscriptionUrl({
 export function getCustomerIndexUrl({ locale, userDid }: { locale: string; userDid: string }) {
   return getUrl(withQuery('customer', { locale, ...getConnectQueryParam({ userDid }) }));
 }
+
+// Check if user is in blocklist
+export async function isUserInBlocklist(did: string, paymentMethod: PaymentMethod): Promise<boolean> {
+  try {
+    // Get API host from payment method settings
+    // @ts-ignore
+    const apiHost = paymentMethod?.settings?.[paymentMethod.type]?.api_host;
+    if (!apiHost) {
+      logger.warn('No API host found in payment method settings', { paymentMethodId: paymentMethod.id });
+      return false;
+    }
+
+    // Get user information
+    const { user }: { user: any } = await blocklet.getUser(did);
+    if (!user) {
+      logger.error('User not found', { did });
+      return false;
+    }
+    // Get all wallet DIDs associated with the user
+    const connectedAccounts = user.connectedAccounts || user.extraConfigs?.connectedAccounts || [];
+    const walletDids = connectedAccounts
+      .filter((account: any) => account.provider === 'wallet')
+      .map((account: any) => account.did);
+
+    if (!walletDids.length) {
+      logger.info('No wallet DIDs found for user', { did });
+      return false;
+    }
+
+    const blockedUrl = joinURL(apiHost, '/blocked');
+    const blockedResponse = await api.get(blockedUrl);
+    const blockedDids = blockedResponse.data || [];
+
+    if (!Array.isArray(blockedDids) || blockedDids.length === 0) {
+      return false;
+    }
+
+    // Check if any of the user's DIDs are in the blocklist
+    const isBlocked = walletDids.some((walletDid: string) => blockedDids.includes(walletDid));
+
+    if (isBlocked) {
+      logger.info('User is in blocklist', { did, walletDids, blockedDids });
+    }
+
+    return isBlocked;
+  } catch (error) {
+    logger.error('Error checking blocklist', { error: error.message, did });
+    return false; // Default to allowing payment on error
+  }
+}

package/api/src/routes/checkout-sessions.ts

@@ -48,7 +48,13 @@ import {
   getSubscriptionCreateSetup,
   getSubscriptionTrialSetup,
 } from '../libs/subscription';
-import { CHECKOUT_SESSION_TTL, formatAmountPrecisionLimit, formatMetadata, getDataObjectFromQuery } from '../libs/util';
+import {
+  CHECKOUT_SESSION_TTL,
+  formatAmountPrecisionLimit,
+  formatMetadata,
+  getDataObjectFromQuery,
+  isUserInBlocklist,
+} from '../libs/util';
 import { invoiceQueue } from '../queues/invoice';
 import { paymentQueue } from '../queues/payment';
 import {
@@ -70,6 +76,7 @@ import { SetupIntent } from '../store/models/setup-intent';
 import { Subscription } from '../store/models/subscription';
 import { SubscriptionItem } from '../store/models/subscription-item';
 import { ensureInvoiceForCheckout } from './connect/shared';
+import { CHARGE_SUPPORTED_CHAIN_TYPES } from '../libs/constants';
 
 const router = Router();
 
@@ -692,6 +699,16 @@ router.put('/:id/submit', user, ensureCheckoutSessionOpen, async (req, res) => {
       });
     }
 
+    // check if user in block list
+    if (CHARGE_SUPPORTED_CHAIN_TYPES.includes(paymentMethod.type)) {
+      const inBlock = await isUserInBlocklist(req.user.did, paymentMethod);
+      if (inBlock) {
+        return res
+          .status(403)
+          .json({ code: 'PAYMENT_RESTRICTED', error: 'Unable to process your purchase at this time' });
+      }
+    }
+
     await checkoutSession.update({ customer_id: customer.id, customer_did: req.user.did });
 
     // payment intent is only created when checkout session is in payment mode

package/api/tests/libs/util.spec.ts

@@ -11,8 +11,13 @@ import {
   getNextRetry,
   tryWithTimeout,
   getSubscriptionNotificationCustomActions,
+  isUserInBlocklist,
+  api,
 } from '../../src/libs/util';
-import type { Subscription } from '../../src/store/models';
+import type { Subscription, PaymentMethod } from '../../src/store/models';
+
+import { blocklet } from '../../src/libs/auth';
+import logger from '../../src/libs/logger';
 
 describe('createIdGenerator', () => {
   it('should return a function that generates an ID with the specified prefix and size', () => {
@@ -375,3 +380,276 @@ describe('getSubscriptionNotificationCustomActions', () => {
     });
   });
 });
+
+describe('isUserInBlocklist', () => {
+  let mockAxios: any;
+  let mockBlocklet: any;
+  let mockLogger: any;
+
+  beforeEach(() => {
+    mockAxios = jest.spyOn(api, 'get').mockImplementation();
+
+    mockBlocklet = jest.spyOn(blocklet, 'getUser').mockImplementation();
+
+    mockLogger = {
+      warn: jest.spyOn(logger, 'warn').mockImplementation(),
+      info: jest.spyOn(logger, 'info').mockImplementation(),
+      error: jest.spyOn(logger, 'error').mockImplementation(),
+    };
+  });
+
+  afterEach(() => {
+    jest.clearAllMocks();
+    jest.resetAllMocks();
+    jest.restoreAllMocks();
+  });
+
+  it('should return true when user DID is in blocklist', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:user:123', 'did:user:456'] });
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        connectedAccounts: [{ provider: 'wallet', did: userDid }],
+      },
+    });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(true);
+    expect(mockAxios).toHaveBeenCalledWith('https://api.example.com/blocked');
+    expect(mockBlocklet).toHaveBeenCalledWith(userDid);
+    expect(mockLogger.info).toHaveBeenCalled();
+  });
+
+  it('should return true when user wallet DID is in blocklist', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const walletDid = 'did:wallet:456';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:wallet:456', 'did:user:789'] });
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        connectedAccounts: [{ provider: 'wallet', did: walletDid }],
+      },
+    });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(true);
+    expect(mockAxios).toHaveBeenCalledWith('https://api.example.com/blocked');
+    expect(mockBlocklet).toHaveBeenCalledWith(userDid);
+  });
+
+  it('should return false when user is not in blocklist', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const walletDid = 'did:wallet:456';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:user:789', 'did:wallet:789'] });
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        connectedAccounts: [{ provider: 'wallet', did: walletDid }],
+      },
+    });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(false);
+    expect(mockAxios).toHaveBeenCalledWith('https://api.example.com/blocked');
+    expect(mockBlocklet).toHaveBeenCalledWith(userDid);
+  });
+
+  it('should handle API host with trailing slash', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com/',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:user:789'] });
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        connectedAccounts: [{ provider: 'wallet', did: userDid }],
+      },
+    });
+
+    // Execute
+    await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify - 确保调用了正确的 URL
+    expect(mockAxios).toHaveBeenCalledWith('https://api.example.com/blocked');
+  });
+
+  it('should return false when API host is not found', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {},
+    } as PaymentMethod;
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(false);
+    expect(mockLogger.warn).toHaveBeenCalled();
+    expect(mockAxios).not.toHaveBeenCalled();
+  });
+
+  it('should return false when blocklist is empty', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    // 先模拟用户信息获取
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        connectedAccounts: [{ provider: 'wallet', did: userDid }],
+      },
+    });
+
+    // 再模拟空黑名单
+    mockAxios.mockResolvedValueOnce({ data: [] });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(false);
+    expect(mockBlocklet).toHaveBeenCalled(); // 现在应该调用了用户信息获取
+  });
+
+  it('should return false when user is not found', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:user:123'] });
+    mockBlocklet.mockResolvedValueOnce({ user: null });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(false);
+    expect(mockLogger.error).toHaveBeenCalled();
+  });
+
+  it('should return false when API request fails', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockRejectedValueOnce(new Error('Network error'));
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(false);
+    expect(mockLogger.error).toHaveBeenCalled();
+  });
+
+  it('should handle extraConfigs for connected accounts', async () => {
+    // Setup mocks
+    const userDid = 'did:user:123';
+    const walletDid = 'did:wallet:456';
+    const paymentMethod = {
+      id: 'pm_123',
+      type: 'arcblock',
+      settings: {
+        arcblock: {
+          api_host: 'https://api.example.com',
+        },
+      },
+    } as PaymentMethod;
+
+    mockAxios.mockResolvedValueOnce({ data: ['did:wallet:456'] });
+    mockBlocklet.mockResolvedValueOnce({
+      user: {
+        did: userDid,
+        extraConfigs: {
+          connectedAccounts: [{ provider: 'wallet', did: walletDid }],
+        },
+      },
+    });
+
+    // Execute
+    const result = await isUserInBlocklist(userDid, paymentMethod);
+
+    // Verify
+    expect(result).toBe(true);
+  });
+});

package/blocklet.yml

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.18.10
+version: 1.18.11
 logo: logo.png
 files:
   - dist
@@ -165,4 +165,4 @@ events:
   - type: invoice.paid
     description: Invoice has been fully paid and settled
   - type: refund.succeeded
-    description: Refund has been successfully processed and completed
+    description: Refund has been successfully processed and completed

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.18.10",
+  "version": "1.18.11",
   "scripts": {
     "dev": "blocklet dev --open",
     "eject": "vite eject",
@@ -53,7 +53,7 @@
     "@arcblock/validator": "^1.19.10",
     "@blocklet/js-sdk": "^1.16.39",
     "@blocklet/logger": "^1.16.39",
-    "@blocklet/payment-react": "1.18.10",
+    "@blocklet/payment-react": "1.18.11",
     "@blocklet/sdk": "^1.16.39",
     "@blocklet/ui-react": "^2.11.48",
     "@blocklet/uploader": "^0.1.70",
@@ -121,7 +121,7 @@
   "devDependencies": {
     "@abtnode/types": "^1.16.39",
     "@arcblock/eslint-config-ts": "^0.3.3",
-    "@blocklet/payment-types": "1.18.10",
+    "@blocklet/payment-types": "1.18.11",
     "@types/cookie-parser": "^1.4.7",
     "@types/cors": "^2.8.17",
     "@types/debug": "^4.1.12",
@@ -167,5 +167,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "942a9f4057f0cb1e7b3409d469b20c54ab7924a0"
+  "gitHead": "370cb327400359ab5972ef60316ccd7fc86c174e"
 }