payment-kit 1.21.17 → 1.22.1

package/api/src/index.ts

@@ -2,7 +2,7 @@ import 'express-async-errors';
 
 import path from 'path';
 
-import fallback from '@blocklet/sdk/lib/middlewares/fallback';
+import { fallback } from '@blocklet/sdk/lib/middlewares/fallback';
 import cookieParser from 'cookie-parser';
 import cors from 'cors';
 import dotenv from 'dotenv-flow';

package/api/src/integrations/blocklet/user.ts

@@ -32,6 +32,6 @@ const handleUserUpdate = async ({ user }: { user: any }) => {
   }
 };
 
-export function initUserHandler() {
-  notification.on('user.updated', handleUserUpdate);
+export async function initUserHandler() {
+  await notification.on('user.updated', handleUserUpdate);
 }

package/api/src/integrations/ethereum/token.ts

@@ -1,6 +1,7 @@
 import { JsonRpcProvider, TransactionReceipt, ethers } from 'ethers';
 
 import { ethWallet } from '../../libs/auth';
+import { RemoteSigner } from '../../libs/remote-signer';
 import { getApproveFunction } from './contract';
 import erc20Abi from './erc20-abi.json';
 
@@ -92,12 +93,11 @@ export async function transferErc20FromUser(
   user: string,
   amount: string
 ): Promise<TransactionReceipt> {
-  const wallet = new ethers.Wallet(ethWallet.secretKey);
-  const signer = wallet.connect(provider);
+  const signer = new RemoteSigner(ethWallet, provider);
   const contract = new ethers.Contract(contractAddress, erc20Abi, signer);
 
   // @ts-ignore
-  const res = await contract.transferFrom(user, wallet.address, amount);
+  const res = await contract.transferFrom(user, ethWallet.address, amount);
 
   // Wait for the transaction to be mined
   const receipt = await res.wait();
@@ -111,8 +111,7 @@ export async function sendErc20ToUser(
   user: string,
   amount: string
 ): Promise<TransactionReceipt> {
-  const wallet = new ethers.Wallet(ethWallet.secretKey);
-  const signer = wallet.connect(provider);
+  const signer = new RemoteSigner(ethWallet, provider);
   const contract = new ethers.Contract(contractAddress, erc20Abi, signer);
 
   // @ts-ignore

package/api/src/integrations/stripe/handlers/invoice.ts

@@ -1,4 +1,4 @@
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 import merge from 'lodash/merge';
 import pick from 'lodash/pick';
 import pWaitFor from 'p-wait-for';

package/api/src/integrations/stripe/handlers/payment-intent.ts

@@ -1,4 +1,4 @@
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 import merge from 'lodash/merge';
 import pick from 'lodash/pick';
 import pWaitFor from 'p-wait-for';

package/api/src/integrations/stripe/resource.ts

@@ -1,6 +1,6 @@
 /* eslint-disable no-continue */
 /* eslint-disable no-await-in-loop */
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 import merge from 'lodash/merge';
 import omit from 'lodash/omit';
 import pick from 'lodash/pick';

package/api/src/integrations/stripe/setup.ts

@@ -1,6 +1,6 @@
 /* eslint-disable no-await-in-loop */
 
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 
 import Stripe from 'stripe';
 import logger from '../../libs/logger';

package/api/src/libs/auth.ts

@@ -1,10 +1,11 @@
 import path from 'path';
 
 import AuthStorage from '@arcblock/did-connect-storage-nedb';
-import AuthService from '@blocklet/sdk/service/auth';
-import getWallet from '@blocklet/sdk/lib/wallet';
-import WalletAuthenticator from '@blocklet/sdk/lib/wallet-authenticator';
-import WalletHandler from '@blocklet/sdk/lib/wallet-handler';
+// @ts-ignore
+import { BlockletService } from '@blocklet/sdk/service/auth';
+import { getWallet } from '@blocklet/sdk/lib/wallet';
+import { WalletAuthenticator } from '@blocklet/sdk/lib/wallet-authenticator';
+import { WalletHandlers } from '@blocklet/sdk/lib/wallet-handler';
 import type { Request } from 'express';
 import type { LiteralUnion } from 'type-fest';
 import type { WalletObject } from '@ocap/wallet';
@@ -15,7 +16,7 @@ import logger from './logger';
 export const wallet: WalletObject = getWallet();
 export const ethWallet: WalletObject = getWallet('ethereum');
 export const authenticator = new WalletAuthenticator();
-export const handlers = new WalletHandler({
+export const handlers = new WalletHandlers({
   authenticator,
   tokenStorage: new AuthStorage({
     dbPath: path.join(env.dataDir, 'auth.db'),
@@ -24,7 +25,7 @@ export const handlers = new WalletHandler({
   }),
 });
 
-export const blocklet = new AuthService();
+export const blocklet = new BlockletService();
 
 export async function getVaultAddress() {
   try {

package/api/src/libs/env.ts

@@ -1,4 +1,4 @@
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 
 export const paymentStatCronTime: string = '0 1 0 * * *'; // 默认每天一次，计算前一天的
 export const subscriptionCronTime: string = process.env.SUBSCRIPTION_CRON_TIME || '0 */30 * * * *'; // 默认每 30 min 行一次

package/api/src/libs/notification/template/subscription-trial-will-end.ts

@@ -92,6 +92,7 @@ export class SubscriptionTrialWillEndEmailTemplate extends BaseSubscriptionEmail
       const paymentAddress = subscription.payment_details?.[paymentMethod.type]?.payer ?? undefined;
       const balance = await getTokenByAddress(paymentAddress, paymentMethod, paymentCurrency);
 
+      // @ts-ignore
       paymentDetail.balance = +fromUnitToToken(balance, paymentCurrency.decimal);
     }
 

package/api/src/libs/notification/template/subscription-will-renew.ts

@@ -100,7 +100,7 @@ export class SubscriptionWillRenewEmailTemplate extends BaseSubscriptionEmailTem
       const paymentAddress = getSubscriptionPaymentAddress(subscription, paymentInfoResult.paymentMethod!.type);
       const balance = await getTokenByAddress(paymentAddress, paymentInfoResult.paymentMethod!, paymentCurrency);
 
-      paymentDetail.balanceFormatted = fromUnitToToken(balance, paymentCurrency.decimal);
+      paymentDetail.balanceFormatted = fromUnitToToken(balance || '0', paymentCurrency.decimal);
       paymentDetail.balance = +paymentDetail.balanceFormatted;
     }
 

package/api/src/libs/payment.ts

@@ -1,7 +1,6 @@
 /* eslint-disable @typescript-eslint/indent */
 import { isEthereumDid } from '@arcblock/did';
 import { toDelegateAddress } from '@arcblock/did-util';
-import { sign } from '@arcblock/jwt';
 import { getWalletDid } from '@blocklet/sdk/lib/did';
 import type { DelegateState, TokenLimit } from '@ocap/client';
 import { toTxHash } from '@ocap/mcrypto';
@@ -384,7 +383,7 @@ export function isCreditSufficientForPayment(args: {
   return { sufficient: true, balance };
 }
 
-export function getGasPayerExtra(txBuffer: Buffer, headers?: { [key: string]: string }) {
+export async function getGasPayerExtra(txBuffer: Buffer, headers?: { [key: string]: string }) {
   if (headers && headers['x-gas-payer-sig'] && headers['x-gas-payer-pk']) {
     return { headers };
   }
@@ -392,7 +391,7 @@ export function getGasPayerExtra(txBuffer: Buffer, headers?: { [key: string]: st
   const txHash = toTxHash(txBuffer);
   return {
     headers: {
-      'x-gas-payer-sig': sign(wallet.address, wallet.secretKey, { txHash }),
+      'x-gas-payer-sig': await wallet.signJWT({ txHash }),
       'x-gas-payer-pk': wallet.publicKey,
     },
   };

package/api/src/libs/refund.ts

@@ -50,7 +50,7 @@ export async function getRefundAmountSetup({
       paymentIntentId,
     });
     return {
-      amount: paymentIntent.amount_received,
+      amount: paymentIntent.amount_received || '0',
       totalAmount: paymentIntent.amount_received,
     };
   }

package/api/src/libs/remote-signer.ts

@@ -0,0 +1,93 @@
+import { ethers, JsonRpcProvider, TransactionRequest } from 'ethers';
+import type { WalletObject } from '@ocap/wallet';
+
+/**
+ * Remote Signer that uses remote signing service for Ethereum transactions
+ * Implements required methods from AbstractSigner
+ */
+export class RemoteSigner extends ethers.AbstractSigner {
+  private wallet: WalletObject;
+
+  constructor(wallet: WalletObject, provider?: JsonRpcProvider) {
+    super(provider);
+    this.wallet = wallet;
+  }
+
+  /**
+   * Returns the address of the signer
+   * Required by AbstractSigner
+   */
+  getAddress(): Promise<string> {
+    return Promise.resolve(this.wallet.address);
+  }
+
+  /**
+   * Signs a transaction and returns the signed serialized transaction
+   * Required by AbstractSigner
+   */
+  async signTransaction(transaction: TransactionRequest): Promise<string> {
+    // Populate transaction fields (nonce, gasLimit, chainId, etc.)
+    const populatedTx = await this.populateTransaction(transaction);
+
+    // Remove 'from' field as it's not allowed in unsigned transactions
+    // The 'from' address is derived from the signature
+    const { from, ...txWithoutFrom } = populatedTx;
+
+    // Serialize unsigned transaction
+    const unsignedTx = ethers.Transaction.from(txWithoutFrom);
+    const serialized = unsignedTx.unsignedSerialized;
+
+    // Hash and sign via remote service using signETH (Ethereum-specific signing)
+    const hash = ethers.keccak256(serialized);
+    const signature = await this.wallet.signETH(hash, false); // hashBeforeSign=false because we already hashed
+
+    // Attach signature and return signed transaction
+    unsignedTx.signature = ethers.Signature.from(signature);
+    return unsignedTx.serialized;
+  }
+
+  /**
+   * Signs a message and returns the signature
+   * Required for message signing operations
+   */
+  async signMessage(message: string | Uint8Array): Promise<string> {
+    // Convert message to bytes if it's a string
+    const messageBytes = typeof message === 'string' ? ethers.toUtf8Bytes(message) : message;
+
+    // Calculate the Ethereum signed message hash
+    const messageHash = ethers.hashMessage(messageBytes);
+
+    // Sign via remote service using signETH (Ethereum-specific signing)
+    const signature = await this.wallet.signETH(messageHash, false); // hashBeforeSign=false because hashMessage already hashed
+
+    // Return signature as hex string
+    return ethers.hexlify(signature);
+  }
+
+  /**
+   * Signs typed data (EIP-712)
+   * Optional but useful for signing structured data
+   */
+  async signTypedData(
+    domain: ethers.TypedDataDomain,
+    types: Record<string, ethers.TypedDataField[]>,
+    value: Record<string, any>
+  ): Promise<string> {
+    // Calculate the EIP-712 hash
+    const hash = ethers.TypedDataEncoder.hash(domain, types, value);
+
+    // Sign via remote service using signETH (Ethereum-specific signing)
+    const signature = await this.wallet.signETH(hash, false); // hashBeforeSign=false because hash is already computed
+
+    // Return signature as hex string
+    return ethers.hexlify(signature);
+  }
+
+  /**
+   * Connects the signer to a new provider
+   * Required by AbstractSigner
+   */
+  connect(provider: JsonRpcProvider): RemoteSigner {
+    return new RemoteSigner(this.wallet, provider);
+  }
+}

package/api/src/libs/security.ts

@@ -1,6 +1,6 @@
 import { auth } from '@blocklet/sdk/lib/middlewares';
 import { getVerifyData, verify } from '@blocklet/sdk/lib/util/verify-sign';
-import getWallet from '@blocklet/sdk/lib/wallet';
+import { getWallet } from '@blocklet/sdk/lib/wallet';
 import type { NextFunction, Request, Response } from 'express';
 import type { Model } from 'sequelize';
 

package/api/src/libs/subscription.ts

@@ -1043,22 +1043,19 @@ export async function getSubscriptionStakeAmountSetup(
     logger.info('getSubscriptionStakeAmountSetup failed, no inputs', { txHash, info });
     return null;
   }
-  const amountRes: { [key: string]: BN } = {};
+  const amountRes: { [key: string]: string } = {};
   // calculate stake amount for each address
   inputs.forEach((input: any) => {
     const { tokens } = input;
     tokens.forEach((token: any) => {
       const { address, value } = token;
       if (amountRes[address]) {
-        amountRes[address] = amountRes[address].add(new BN(value));
+        amountRes[address] = new BN(amountRes[address]).add(new BN(value)).toString();
       } else {
-        amountRes[address] = new BN(value);
+        amountRes[address] = new BN(value).toString();
       }
     });
   });
-  Object.keys(amountRes).forEach((address) => {
-    amountRes[address] = amountRes[address].toString();
-  });
   logger.info('get subscription stake amount setup success', { txHash, amountRes });
   return amountRes;
 }
@@ -1489,7 +1486,7 @@ export async function slashOverdraftProtectionStake(subscription: Subscription,
         // @ts-ignore
         const { buffer } = await client.encodeSlashStakeTx({ tx: signed });
         // @ts-ignore
-        const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+        const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
 
         await paymentIntent.update({
           status: 'succeeded',

package/api/src/libs/util.ts

@@ -2,7 +2,7 @@ import crypto from 'crypto';
 import { Readable } from 'stream';
 import { buffer } from 'node:stream/consumers';
 import { getUrl } from '@blocklet/sdk/lib/component';
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 import { getWalletDid } from '@blocklet/sdk/lib/did';
 import { toStakeAddress } from '@arcblock/did-util';
 import { customAlphabet } from 'nanoid';

package/api/src/libs/vendor-util/adapters/didnames-adapter.ts

@@ -94,7 +94,8 @@ export class DidnamesAdapter implements VendorAdapter {
       });
 
       // Generate bindDomainCap for this domain
-      const bindDomainCap = this.generateBindCap({
+      // eslint-disable-next-line no-await-in-loop
+      const bindDomainCap = await this.generateBindCap({
         domain,
         checkoutSessionId: orderData.checkoutSessionId,
       });
@@ -115,7 +116,8 @@ export class DidnamesAdapter implements VendorAdapter {
       };
 
       try {
-        const { headers, body } = VendorAuth.signRequestWithHeaders(updatedOrderData);
+        // eslint-disable-next-line no-await-in-loop
+        const { headers, body } = await VendorAuth.signRequestWithHeaders(updatedOrderData);
 
         // eslint-disable-next-line no-await-in-loop
         const response = await fetch(url, {
@@ -198,7 +200,13 @@ export class DidnamesAdapter implements VendorAdapter {
   /**
    * Generate bindDomainCap (binding capability) for domain authorization
    */
-  private generateBindCap({ domain, checkoutSessionId }: { domain: string; checkoutSessionId: string }): any {
+  private async generateBindCap({
+    domain,
+    checkoutSessionId,
+  }: {
+    domain: string;
+    checkoutSessionId: string;
+  }): Promise<any> {
     const now = Math.floor(Date.now() / 1000);
     const expireInMinutes = 30;
 
@@ -210,7 +218,7 @@ export class DidnamesAdapter implements VendorAdapter {
       nonce: uuidV4(),
     };
 
-    const signature = toBase58(wallet.sign(stableStringify(cap) || ''));
+    const signature = toBase58(await wallet.sign(stableStringify(cap) || ''));
 
     return {
       cap,
@@ -345,7 +353,7 @@ export class DidnamesAdapter implements VendorAdapter {
         customParams: params.customParams,
       };
 
-      const { headers, body } = VendorAuth.signRequestWithHeaders(returnRequest);
+      const { headers, body } = await VendorAuth.signRequestWithHeaders(returnRequest);
       const url = formatVendorUrl(vendorConfig, '/api/vendor/return');
       logger.info('submitting domain return to DID Names', {
         url,
@@ -449,7 +457,7 @@ export class DidnamesAdapter implements VendorAdapter {
   async getOrder(vendor: ProductVendor, orderId: string): Promise<any> {
     const url = formatVendorUrl(vendor, `/api/vendor/orders/${orderId}`);
 
-    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const { headers } = await VendorAuth.signRequestWithHeaders({});
     const response = await fetch(url, { method: 'GET', headers });
 
     if (!response.ok) {
@@ -474,7 +482,7 @@ export class DidnamesAdapter implements VendorAdapter {
       orderId,
     });
 
-    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const { headers } = await VendorAuth.signRequestWithHeaders({});
     const response = await fetch(url, { method: 'GET', headers });
 
     logger.info('didnames order status response', {
@@ -499,9 +507,9 @@ export class DidnamesAdapter implements VendorAdapter {
     return data;
   }
 
-  connectTest(): Promise<any> {
+  async connectTest(): Promise<any> {
     const url = formatVendorUrl(this.vendorConfig!, '/api/vendor/health');
-    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const { headers } = await VendorAuth.signRequestWithHeaders({});
     return fetch(url, { headers }).then((res) => res.json());
   }
 }

package/api/src/libs/vendor-util/adapters/launcher-adapter.ts

@@ -17,8 +17,13 @@ import {
 } from './types';
 import { formatVendorUrl } from './util';
 
-const doRequestVendorData = (vendor: ProductVendor, orderId: string, url: string, options: { shortUrl: boolean }) => {
-  const { headers } = VendorAuth.signRequestWithHeaders({});
+const doRequestVendorData = async (
+  vendor: ProductVendor,
+  orderId: string,
+  url: string,
+  options: { shortUrl: boolean }
+) => {
+  const { headers } = await VendorAuth.signRequestWithHeaders({});
   const name = vendor?.name;
   const key = vendor?.vendor_key;
   const { shortUrl } = options;
@@ -124,7 +129,7 @@ export class LauncherAdapter implements VendorAdapter {
         };
       }
 
-      const { headers, body } = VendorAuth.signRequestWithHeaders(orderData);
+      const { headers, body } = await VendorAuth.signRequestWithHeaders(orderData);
       const url = formatVendorUrl(vendorConfig, '/api/vendor/deliveries');
       const response = await fetch(url, {
         method: 'POST',
@@ -207,7 +212,7 @@ export class LauncherAdapter implements VendorAdapter {
     });
 
     const vendorConfig = await this.getVendorConfig();
-    const { headers, body } = VendorAuth.signRequestWithHeaders(params);
+    const { headers, body } = await VendorAuth.signRequestWithHeaders(params);
 
     const response = await fetch(formatVendorUrl(vendorConfig, '/api/vendor/return'), {
       method: 'POST',
@@ -268,9 +273,9 @@ export class LauncherAdapter implements VendorAdapter {
     return doRequestVendorData(vendor, orderId, url, options);
   }
 
-  connectTest(): Promise<any> {
+  async connectTest(): Promise<any> {
     const url = formatVendorUrl(this.vendorConfig!, '/api/vendor/health');
-    const { headers } = VendorAuth.signRequestWithHeaders({});
+    const { headers } = await VendorAuth.signRequestWithHeaders({});
     return fetch(url, { headers }).then((res) => res.json());
   }
 }

package/api/src/queues/payment.ts

@@ -754,7 +754,7 @@ const handleStakeSlash = async (
   // @ts-ignore
   const { buffer } = await client.encodeSlashStakeTx({ tx: signed });
   // @ts-ignore
-  const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+  const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
   logger.info('Stake slashing done', {
     subscription: subscription.id,
     amount: slashAmount,
@@ -973,7 +973,7 @@ export const handlePayment = async (job: PaymentJob) => {
       const txHash = await client.sendTransferV2Tx(
         // @ts-ignore
         { tx: signed, wallet, delegator: result.delegator },
-        getGasPayerExtra(buffer)
+        await getGasPayerExtra(buffer)
       );
       logger.info('PaymentIntent txHash', { txHash });
       logger.info('PaymentIntent capture done', { id: paymentIntent.id, txHash });

package/api/src/queues/payout.ts

@@ -82,7 +82,7 @@ async function processArcblockPayout(payout: Payout, paymentMethod: PaymentMetho
   // @ts-ignore
   const { buffer } = await client.encodeTransferV2Tx({ tx: signed });
   // @ts-ignore
-  const txHash = await client.sendTransferV2Tx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+  const txHash = await client.sendTransferV2Tx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
 
   logger.info('Payout completed', { id: payout.id, txHash });
 

package/api/src/queues/refund.ts

@@ -167,7 +167,7 @@ const handleRefundJob = async (
       // @ts-ignore
       const { buffer } = await client.encodeTransferV2Tx({ tx: signed });
       // @ts-ignore
-      const txHash = await client.sendTransferV2Tx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+      const txHash = await client.sendTransferV2Tx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
 
       logger.info('refund transfer done', { id: refund.id, txHash });
       await refund.update({
@@ -366,7 +366,7 @@ const handleStakeReturnJob = async (
       // @ts-ignore
       const { buffer } = await client.encodeReturnStakeTx({ tx: signed });
       // @ts-ignore
-      const txHash = await client.sendReturnStakeTx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+      const txHash = await client.sendReturnStakeTx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
       logger.info('stake return done', { id: refund.id, txHash });
       await refund.update({
         status: 'succeeded',

package/api/src/queues/subscription.ts

@@ -743,7 +743,7 @@ export const handleStakeSlashAfterCancel = async (subscription: Subscription, fo
     // @ts-ignore
     const { buffer } = await client.encodeSlashStakeTx({ tx: signed });
     // @ts-ignore
-    const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, getGasPayerExtra(buffer));
+    const txHash = await client.sendSlashStakeTx({ tx: signed, wallet }, await getGasPayerExtra(buffer));
     logger.info('Stake slashing done', {
       subscription: subscription.id,
       amount: invoice.amount_remaining,

package/api/src/queues/usage-record.ts

@@ -108,7 +108,7 @@ export const doHandleUsageRecord = async (job: UsageRecordJob) => {
     rawQuantity,
     quantity,
 
-    unitAmount: fromUnitToToken(unitAmount, currency.decimal),
+    unitAmount: fromUnitToToken(unitAmount || '0', currency.decimal),
     totalAmount: fromUnitToToken(totalAmount.toString(), currency.decimal),
     threshold: fromUnitToToken(threshold.toString(), currency.decimal),
   });

package/api/src/queues/vendors/status-check.ts

@@ -103,7 +103,7 @@ export const handleVendorStatusCheck = async (job: VendorStatusCheckJob) => {
           '/api/vendor/status',
           vendor.order_id
         );
-        const { headers } = VendorAuth.signRequestWithHeaders({});
+        const { headers } = await VendorAuth.signRequestWithHeaders({});
 
         const result = await fetch(serverStatusUrl, { headers });
         const data = await result.json();

package/api/src/queues/webhook.ts

@@ -63,7 +63,7 @@ export const handleWebhook = async (job: WebhookJob) => {
       headers: {
         'x-app-id': wallet.address,
         'x-app-pk': wallet.publicKey,
-        'x-component-sig': sign(json),
+        'x-component-sig': await sign(json),
         'x-component-did': process.env.BLOCKLET_COMPONENT_DID as string,
       },
     });

package/api/src/routes/auto-recharge-configs.ts

@@ -3,7 +3,7 @@ import Joi from 'joi';
 
 import { CustomError } from '@blocklet/error';
 import { Op } from 'sequelize';
-import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
+import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import { BN, fromTokenToUnit, fromUnitToToken } from '@ocap/util';
 import { trimDecimals } from '../libs/math-utils';
 import {

package/api/src/routes/checkout-sessions.ts

@@ -1,7 +1,7 @@
 /* eslint-disable consistent-return */
 import { isValid } from '@arcblock/did';
 import { getUrl } from '@blocklet/sdk/lib/component';
-import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
+import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import { BN, fromUnitToToken } from '@ocap/util';
 import { NextFunction, Request, Response, Router } from 'express';
 import Joi from 'joi';
@@ -390,7 +390,7 @@ export async function calculateAndUpdateAmount(
     amount,
   });
 
-  if (checkoutSession.mode === 'payment' && amount.total < 0) {
+  if (checkoutSession.mode === 'payment' && new BN(amount.total || '0').lt(new BN('0'))) {
     throw new Error('Payment amount should be greater or equal to 0');
   }
 
@@ -2149,10 +2149,6 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
       return res.status(400).json({ error: 'Payment method not found' });
     }
 
-    if (paymentMethod.type !== 'arcblock') {
-      return res.status(400).json({ error: 'Payment method not supported for fast checkout' });
-    }
-
     // Validate checkout session ownership if it was created for a specific customer
     if (checkoutSession.customer_id && checkoutSession.metadata?.createdBy) {
       const createdByDid = checkoutSession.metadata.createdBy;
@@ -2355,6 +2351,8 @@ router.post('/:id/fast-checkout-confirm', user, ensureCheckoutSessionOpen, async
         };
         canFastPay = true;
       }
+    } else if (paymentMethod.type !== 'arcblock') {
+      return res.status(400).json({ error: 'Payment method not supported for fast checkout' });
     }
 
     logger.info('Checkout session submitted successfully', {

package/api/src/routes/connect/collect-batch.ts

@@ -136,7 +136,7 @@ export default {
       const txHash = await client.sendTransferV3Tx(
         // @ts-ignore
         { tx, wallet: fromAddress(userDid) },
-        getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
+        await getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
       );
       await afterTxExecution({ tx_hash: txHash, payer: userDid, type: 'transfer' });
 

package/api/src/routes/connect/collect.ts

@@ -155,7 +155,7 @@ export default {
         const txHash = await client.sendTransferV3Tx(
           // @ts-ignore
           { tx, wallet: fromAddress(userDid) },
-          getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
+          await getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
         );
 
         await afterTxExecution({

package/api/src/routes/connect/pay.ts

@@ -115,7 +115,7 @@ export default {
         const txHash = await client.sendTransferV3Tx(
           // @ts-ignore
           { tx, wallet: fromAddress(userDid) },
-          getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
+          await getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
         );
 
         await paymentIntent.update({

package/api/src/routes/connect/recharge-account.ts

@@ -149,7 +149,7 @@ export default {
         const txHash = await client.sendTransferV3Tx(
           // @ts-ignore
           { tx, wallet: fromAddress(userDid) },
-          getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
+          await getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
         );
 
         await afterTxExecution({

package/api/src/routes/connect/recharge.ts

@@ -128,7 +128,7 @@ export default {
         const txHash = await client.sendTransferV3Tx(
           // @ts-ignore
           { tx, wallet: fromAddress(userDid) },
-          getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
+          await getGasPayerExtra(buffer, client.pickGasPayerHeaders(request))
         );
 
         logger.info('Recharge successful', {

package/api/src/routes/connect/shared.ts

@@ -270,11 +270,12 @@ export async function ensureSetupIntent(checkoutSessionId: string, skipInvoice?:
       invoice = await Invoice.findByPk(checkoutSession.invoice_id);
     } else {
       // Get discount information for this checkout session
-      let discountInfo: { appliedDiscounts: string[]; discountBreakdown: Array<{ amount: string; discount: string }> } = { 
-        appliedDiscounts: [], 
-        discountBreakdown: [] 
-      };
-      
+      let discountInfo: { appliedDiscounts: string[]; discountBreakdown: Array<{ amount: string; discount: string }> } =
+        {
+          appliedDiscounts: [],
+          discountBreakdown: [],
+        };
+
       try {
         discountInfo = await getDiscountRecordsForCheckout({
           checkoutSessionId: checkoutSession.id,
@@ -462,13 +463,13 @@ export async function ensureInvoiceForCheckout({
   const trialEnd = Number(checkoutSession.subscription_data?.trial_end || 0);
   const now = dayjs().unix();
   const invoiceItems = lineItems || (await Price.expand(checkoutSession.line_items, { product: true }));
-  
+
   // Get discount records for this checkout session
-  let discountInfo: { appliedDiscounts: string[]; discountBreakdown: Array<{ amount: string; discount: string }> } = { 
-    appliedDiscounts: [], 
-    discountBreakdown: [] 
+  let discountInfo: { appliedDiscounts: string[]; discountBreakdown: Array<{ amount: string; discount: string }> } = {
+    appliedDiscounts: [],
+    discountBreakdown: [],
   };
-  
+
   // Prepare discount configuration for getCheckoutAmount
   let discountConfig;
   try {
@@ -476,7 +477,7 @@ export async function ensureInvoiceForCheckout({
       checkoutSessionId: checkoutSession.id,
       customerId: customer.id,
     });
-    
+
     // Apply discount if we have discount records
     if (discountInfo.appliedDiscounts.length > 0 && checkoutSession.discounts?.length) {
       const firstDiscount = checkoutSession.discounts[0];
@@ -495,8 +496,13 @@ export async function ensureInvoiceForCheckout({
       error: error.message,
     });
   }
-  
-  const totalAmount = await getCheckoutAmount(invoiceItems, checkoutSession.currency_id, trialInDays > 0 || trialEnd > now, discountConfig);
+
+  const totalAmount = await getCheckoutAmount(
+    invoiceItems,
+    checkoutSession.currency_id,
+    trialInDays > 0 || trialEnd > now,
+    discountConfig
+  );
   const { invoice, items } = await ensureInvoiceAndItems({
     customer,
     currency: currency as PaymentCurrency,
@@ -530,16 +536,16 @@ export async function ensureInvoiceForCheckout({
       custom_fields: checkoutSession.invoice_creation?.invoice_data?.custom_fields || [],
       footer: checkoutSession.invoice_creation?.invoice_data?.footer || '',
       metadata,
-      
+
       discounts: discountInfo.appliedDiscounts,
       total_discount_amounts: discountInfo.discountBreakdown,
-      
+
       ...(props || {}),
     } as unknown as Invoice,
   });
-  
-  logger.info('Invoice created for checkoutSession', { 
-    checkoutSessionId: checkoutSession.id, 
+
+  logger.info('Invoice created for checkoutSession', {
+    checkoutSessionId: checkoutSession.id,
     invoiceId: invoice.id,
     hasDiscounts: discountInfo.appliedDiscounts.length > 0,
     discountCount: discountInfo.appliedDiscounts.length,
@@ -696,7 +702,7 @@ export async function ensureAccountRecharge(customerId: string, currencyId: stri
   }
 
   const receiverAddress = rechargeAddress || customer.did;
-  
+
   return {
     paymentCurrency: paymentCurrency as PaymentCurrency,
     paymentMethod: paymentMethod as PaymentMethod,
@@ -1084,7 +1090,8 @@ export async function getTokenRequirements({
   const tokenRequirements: { address: string; value: string }[] = [];
   let amount = await getFastCheckoutAmount({ items, mode, currencyId: paymentCurrency.id, trialing: !!trialing });
 
-  const addStakeRequired = requiredStake && ((paymentMethod.type === 'arcblock' && mode !== 'delegation') || mode === 'setup');
+  const addStakeRequired =
+    requiredStake && ((paymentMethod.type === 'arcblock' && mode !== 'delegation') || mode === 'setup');
 
   if (!addStakeRequired && amount === '0') {
     return tokenRequirements;
@@ -1123,7 +1130,10 @@ export async function getTokenRequirements({
     if (exist) {
       exist.value = new BN(exist.value).add(staking.licensed).add(staking.metered).toString();
     } else {
-      tokenRequirements.push({ address: paymentCurrency.contract as string, value: staking.licensed.add(staking.metered).toString() });
+      tokenRequirements.push({
+        address: paymentCurrency.contract as string,
+        value: staking.licensed.add(staking.metered).toString(),
+      });
     }
   }
 
@@ -1408,7 +1418,7 @@ async function executeSingleTransaction(
   const { buffer } = await client[`encode${type}Tx`]({ tx });
   return client[`send${type}Tx`](
     { tx, wallet: fromPublicKey(userPk, toTypeInfo(userDid)) },
-    getGasPayerExtra(buffer, gasPayerHeaders)
+    await getGasPayerExtra(buffer, gasPayerHeaders)
   );
 }
 
@@ -1531,7 +1541,6 @@ export async function updateStripeSubscriptionAfterChangePayment(setupIntent: Se
   }
 }
 
-
 export async function ensureAutoRechargeAuthorization(
   autoRechargeConfigId: string
 ): Promise<{ autoRechargeConfig: AutoRechargeConfig; paymentMethod: PaymentMethod; paymentCurrency: PaymentCurrency }> {

package/api/src/routes/customers.ts

@@ -1,4 +1,4 @@
-import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
+import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import { Router } from 'express';
 import Joi from 'joi';
 import pick from 'lodash/pick';

package/api/src/routes/integrations/stripe.ts

@@ -1,4 +1,4 @@
-import env from '@blocklet/sdk/lib/env';
+import { env } from '@blocklet/sdk/lib/env';
 import express, { NextFunction, Request, Response, Router } from 'express';
 import get from 'lodash/get';
 

package/api/src/routes/meter-events.ts

@@ -278,7 +278,7 @@ router.post('/', auth, async (req, res) => {
         value: fromTokenToUnit(value, paymentCurrency.decimal).toString(),
       },
       identifier: req.body.identifier,
-      livemode: !!req.livemode,
+      livemode: meter.livemode,
       processed: false,
       status: 'pending' as MeterEventStatus,
       attempt_count: 0,
@@ -312,12 +312,15 @@ router.post('/', auth, async (req, res) => {
 
 router.get('/pending-amount', authMine, async (req, res) => {
   try {
-    const where: any = {
-      status: 'requires_action',
+    const params: any = {
+      status: ['requires_action', 'requires_capture'],
       livemode: !!req.livemode,
     };
     if (req.query.subscription_id) {
-      where['payload.subscription_id'] = req.query.subscription_id;
+      params.subscriptionId = req.query.subscription_id;
+    }
+    if (req.query.currency_id) {
+      params.currencyId = req.query.currency_id;
     }
     if (req.query.customer_id) {
       if (typeof req.query.customer_id !== 'string') {
@@ -327,15 +330,9 @@ router.get('/pending-amount', authMine, async (req, res) => {
       if (!customer) {
         return res.status(404).json({ error: 'Customer not found' });
       }
-      where['payload.customer_id'] = customer.id;
+      params.customerId = customer.id;
     }
-    const [summary] = await MeterEvent.getPendingAmounts({
-      subscriptionId: req.query.subscription_id as string,
-      livemode: !!req.livemode,
-      currencyId: req.query.currency_id as string,
-      status: ['requires_action', 'requires_capture'],
-      customerId: req.query.customer_id as string,
-    });
+    const [summary] = await MeterEvent.getPendingAmounts(params);
     return res.json(summary);
   } catch (err) {
     logger.error('Error getting meter event pending amount', err);

package/api/src/routes/payment-currencies.ts

@@ -5,7 +5,7 @@ import { InferAttributes, Op, WhereOptions } from 'sequelize';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 import { getUrl } from '@blocklet/sdk';
-import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
+import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import { fetchErc20Meta } from '../integrations/ethereum/token';
 import logger from '../libs/logger';
 import { authenticate } from '../libs/security';

package/api/src/routes/payment-intents.ts

@@ -362,10 +362,10 @@ router.get('/:id/refundable-amount', authPortal, async (req, res) => {
       if (payouts.length > 0) {
         let totalPayoutAmount = new BN('0');
         payouts.forEach((payout) => {
-          totalPayoutAmount = totalPayoutAmount.add(new BN(payout.amount));
+          totalPayoutAmount = totalPayoutAmount.add(new BN(payout.amount || '0'));
         });
 
-        result.amount = result.amount.sub(totalPayoutAmount);
+        result.amount = new BN(result.amount || '0').sub(totalPayoutAmount).toString();
       }
       res.json(result);
     } else {

package/api/src/routes/payouts.ts

@@ -3,7 +3,7 @@ import { Router } from 'express';
 import Joi from 'joi';
 import pick from 'lodash/pick';
 
-import sessionMiddleware from '@blocklet/sdk/lib/middlewares/session';
+import { sessionMiddleware } from '@blocklet/sdk/lib/middlewares/session';
 import type { WhereOptions } from 'sequelize';
 import { createListParamSchema, getOrder, getWhereFromKvQuery, MetadataSchema } from '../libs/api';
 import { authenticate } from '../libs/security';

package/api/src/routes/products.ts

@@ -166,6 +166,7 @@ export async function createProductAndPrices(payload: any) {
         // @ts-ignore
         ['preset', 'maximum', 'minimum'].forEach((key: keyof CustomUnitAmount) => {
           if (newPrice.custom_unit_amount?.[key]) {
+            // @ts-ignore
             newPrice.custom_unit_amount[key] = fromTokenToUnit(
               newPrice.custom_unit_amount[key] as string,
               currency.decimal

package/api/src/store/models/types.ts

@@ -137,7 +137,7 @@ export type SimpleCustomField = {
 };
 
 export type DiscountAmount = {
-  amount: number;
+  amount: string;
   discount?: string;
   promotion_code?: string;
   coupon?: string;

package/api/tests/setup.ts

@@ -0,0 +1,11 @@
+import { fromRandom } from '@ocap/wallet';
+import { types } from '@ocap/mcrypto';
+
+// Create a test wallet
+const wallet = fromRandom({
+  role: types.RoleType.ROLE_APPLICATION,
+});
+
+// Set missing environment variables that @blocklet/sdk jest-setup.js doesn't provide
+process.env.BLOCKLET_APP_PK = wallet.publicKey;
+process.env.BLOCKLET_APP_EK = wallet.secretKey; // EK (Encryption Key) uses secretKey

package/api/third.d.ts

@@ -2,8 +2,6 @@ declare module 'vite-plugin-blocklet';
 
 declare module '@blocklet/sdk/service/notification';
 
-declare module '@blocklet/sdk/service/auth';
-
 declare module 'express-history-api-fallback';
 
 declare module 'express-async-errors';

package/blocklet.yml

@@ -14,7 +14,7 @@ repository:
   type: git
   url: git+https://github.com/blocklet/payment-kit.git
 specVersion: 1.2.8
-version: 1.21.17
+version: 1.22.1
 logo: logo.png
 files:
   - dist

package/jest.config.js

@@ -6,8 +6,8 @@ module.exports = {
   coverageDirectory: 'coverage',
   restoreMocks: true,
   clearMocks: true,
-  globalSetup: '@blocklet/sdk/lib/util/jest-setup.js',
-  globalTeardown: '@blocklet/sdk/lib/util/jest-teardown.js',
+  globalSetup: '../../tools/jest-setup.js',
+  globalTeardown: '../../tools/jest-teardown.js',
   transform: {
     '^.+\\.ts?$': 'ts-jest',
   },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "payment-kit",
-  "version": "1.21.17",
+  "version": "1.22.1",
   "scripts": {
     "dev": "blocklet dev --open",
     "lint": "tsc --noEmit && eslint src api/src --ext .mjs,.js,.jsx,.ts,.tsx",
@@ -44,34 +44,34 @@
     ]
   },
   "dependencies": {
-    "@abtnode/cron": "^1.16.53-beta-20251011-054719-4ed2f6b7",
-    "@arcblock/did": "^1.25.6",
-    "@arcblock/did-connect-react": "^3.1.46",
+    "@abtnode/cron": "^1.16.54-beta-20251029-055649-a9143beb",
+    "@arcblock/did": "^1.26.3",
+    "@arcblock/did-connect-react": "^3.1.53",
     "@arcblock/did-connect-storage-nedb": "^1.8.0",
-    "@arcblock/did-util": "^1.25.6",
-    "@arcblock/jwt": "^1.25.6",
-    "@arcblock/ux": "^3.1.46",
-    "@arcblock/validator": "^1.25.6",
-    "@blocklet/did-space-js": "^1.1.32",
+    "@arcblock/did-util": "^1.26.3",
+    "@arcblock/jwt": "^1.26.3",
+    "@arcblock/ux": "^3.1.53",
+    "@arcblock/validator": "^1.26.3",
+    "@blocklet/did-space-js": "^1.1.35",
     "@blocklet/error": "^0.2.5",
-    "@blocklet/js-sdk": "^1.16.53-beta-20251011-054719-4ed2f6b7",
-    "@blocklet/logger": "^1.16.53-beta-20251011-054719-4ed2f6b7",
-    "@blocklet/payment-broker-client": "1.21.17",
-    "@blocklet/payment-react": "1.21.17",
-    "@blocklet/payment-vendor": "1.21.17",
-    "@blocklet/sdk": "^1.16.53-beta-20251011-054719-4ed2f6b7",
-    "@blocklet/ui-react": "^3.1.46",
-    "@blocklet/uploader": "^0.2.15",
-    "@blocklet/xss": "^0.2.12",
+    "@blocklet/js-sdk": "^1.16.54-beta-20251029-055649-a9143beb",
+    "@blocklet/logger": "^1.16.54-beta-20251029-055649-a9143beb",
+    "@blocklet/payment-broker-client": "1.22.1",
+    "@blocklet/payment-react": "1.22.1",
+    "@blocklet/payment-vendor": "1.22.1",
+    "@blocklet/sdk": "^1.16.54-beta-20251029-055649-a9143beb",
+    "@blocklet/ui-react": "^3.1.53",
+    "@blocklet/uploader": "^0.3.1",
+    "@blocklet/xss": "^0.3.1",
     "@mui/icons-material": "^7.1.2",
     "@mui/lab": "7.0.0-beta.14",
     "@mui/material": "^7.1.2",
     "@mui/system": "^7.1.1",
-    "@ocap/asset": "^1.25.6",
-    "@ocap/client": "^1.25.6",
-    "@ocap/mcrypto": "^1.25.6",
-    "@ocap/util": "^1.25.6",
-    "@ocap/wallet": "^1.25.6",
+    "@ocap/asset": "^1.26.3",
+    "@ocap/client": "^1.26.3",
+    "@ocap/mcrypto": "^1.26.3",
+    "@ocap/util": "^1.26.3",
+    "@ocap/wallet": "^1.26.3",
     "@stripe/react-stripe-js": "^2.9.0",
     "@stripe/stripe-js": "^2.4.0",
     "ahooks": "^3.8.5",
@@ -126,9 +126,9 @@
     "web3": "^4.16.0"
   },
   "devDependencies": {
-    "@abtnode/types": "^1.16.53-beta-20251011-054719-4ed2f6b7",
+    "@abtnode/types": "^1.16.54-beta-20251029-055649-a9143beb",
     "@arcblock/eslint-config-ts": "^0.3.3",
-    "@blocklet/payment-types": "1.21.17",
+    "@blocklet/payment-types": "1.22.1",
     "@types/cookie-parser": "^1.4.9",
     "@types/cors": "^2.8.19",
     "@types/debug": "^4.1.12",
@@ -175,5 +175,5 @@
       "parser": "typescript"
     }
   },
-  "gitHead": "a823bc05e706681ee70451437b0460aba909c253"
+  "gitHead": "8db720c3902e307a6d869ff706ae4857f88cf867"
 }

package/src/components/invoice/table.tsx

@@ -56,9 +56,9 @@ export function getAppliedBalance(invoice: TInvoiceExpanded) {
     invoice.ending_token_balance &&
     invoice.ending_token_balance[invoice.paymentCurrency.id]
   ) {
-    const starting = toBN(invoice.starting_token_balance[invoice.paymentCurrency.id]);
+    const starting = toBN(invoice.starting_token_balance[invoice.paymentCurrency.id] || '0');
 
-    const ending = toBN(invoice.ending_token_balance[invoice.paymentCurrency.id]);
+    const ending = toBN(invoice.ending_token_balance[invoice.paymentCurrency.id] || '0');
     return ending.sub(starting).toString();
   }
 

package/src/components/subscription/payment-method-info.tsx

@@ -197,7 +197,7 @@ export default function PaymentMethodInfo({
 
     return (
       <Typography variant="body2" sx={{ color: 'text.secondary' }}>
-        -
+        {type || '-'}
       </Typography>
     );
   };

package/src/libs/util.ts

@@ -252,7 +252,7 @@ export function stringToColor(str: string) {
 
   // @ts-ignore
   const hash = Hasher.SHA3.hash256(str).slice(-12);
-
+  // @ts-ignore
   const index = Math.abs(hexToNumber(hash)) % colors.length;
   return colors[index];
 }

package/src/pages/customer/subscription/detail.tsx

@@ -145,7 +145,7 @@ export default function CustomerSubscriptionDetail() {
       );
     const estimateAmount = +fromUnitToToken(cycleAmount.amount, data.paymentCurrency?.decimal);
 
-    const remainingStake = +fromUnitToToken(overdraftProtection?.unused, data.paymentCurrency?.decimal);
+    const remainingStake = +fromUnitToToken(overdraftProtection?.unused || '0', data.paymentCurrency?.decimal);
     const formatEstimatedDuration = (cycles: number) => {
       if (!data?.pending_invoice_item_interval) return '';
       const { interval, interval_count: intervalCount } = data.pending_invoice_item_interval;