payment-kit 1.27.2 → 1.29.0

package/api/src/store/models/payment-method.ts

@@ -7,6 +7,8 @@ import { CreationOptional, DataTypes, InferAttributes, InferCreationAttributes,
 import Stripe from 'stripe';
 import type { LiteralUnion } from 'type-fest';
 
+import { AppStoreClient } from '../../integrations/app-store/client';
+import { GooglePlayClient } from '../../integrations/google-play/client';
 import { STRIPE_API_VERSION, createIdGenerator } from '../../libs/util';
 import { sequelize } from '../sequelize';
 import type { PaymentMethodSettings } from './types';
@@ -17,6 +19,8 @@ const nextId = createIdGenerator('pm', 24);
 const stripeClients = new Map<string, Stripe>();
 const evmClients = new Map<string, JsonRpcProvider>();
 const ocapClients = new Map<string, OcapClient>();
+const googlePlayClients = new Map<string, GooglePlayClient>();
+const appStoreClients = new Map<string, AppStoreClient>();
 
 // eslint-disable-next-line prettier/prettier
 export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCreationAttributes<PaymentMethod>> {
@@ -27,7 +31,10 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
   declare livemode: boolean;
   declare locked: boolean;
 
-  declare type: LiteralUnion<'stripe' | 'arcblock' | 'ethereum' | 'bitcoin' | 'base', string>;
+  declare type: LiteralUnion<
+    'stripe' | 'arcblock' | 'ethereum' | 'bitcoin' | 'base' | 'app_store' | 'google_play',
+    string
+  >;
 
   declare name: string;
 
@@ -153,6 +160,15 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
       tmp.stripe.secret_key = security.encrypt(tmp.stripe.secret_key);
       tmp.stripe.webhook_signing_secret = security.encrypt(tmp.stripe.webhook_signing_secret);
     }
+    if (tmp.google_play) {
+      tmp.google_play.service_account_json = security.encrypt(tmp.google_play.service_account_json);
+    }
+    if (tmp.app_store?.private_key_pem) {
+      tmp.app_store.private_key_pem = security.encrypt(tmp.app_store.private_key_pem);
+    }
+    if (tmp.app_store?.shared_secret) {
+      tmp.app_store.shared_secret = security.encrypt(tmp.app_store.shared_secret);
+    }
 
     return tmp;
   }
@@ -163,6 +179,15 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
       tmp.stripe.secret_key = security.decrypt(tmp.stripe.secret_key);
       tmp.stripe.webhook_signing_secret = security.decrypt(tmp.stripe.webhook_signing_secret);
     }
+    if (tmp.google_play) {
+      tmp.google_play.service_account_json = security.decrypt(tmp.google_play.service_account_json);
+    }
+    if (tmp.app_store?.private_key_pem) {
+      tmp.app_store.private_key_pem = security.decrypt(tmp.app_store.private_key_pem);
+    }
+    if (tmp.app_store?.shared_secret) {
+      tmp.app_store.shared_secret = security.decrypt(tmp.app_store.shared_secret);
+    }
 
     return tmp;
   }
@@ -207,6 +232,10 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
     const host = this.settings.arcblock?.api_host;
     const cached = ocapClients.has(host);
     if (!cached) {
+      // 1.30.9: the default `@ocap/client` entry went CBOR-only, but current ABT
+      // wallets only decode protobuf-encoded tx bytes. Use `@ocap/client/legacy`
+      // (protobuf client) so encode / decode / broadcast all stay protobuf,
+      // matching the wallet signatures and what the chain node expects to hash.
       const created = new OcapClient(host);
       ocapClients.set(host, created);
       return created;
@@ -236,6 +265,42 @@ export class PaymentMethod extends Model<InferAttributes<PaymentMethod>, InferCr
     return client as JsonRpcProvider;
   }
 
+  getGooglePlayClient() {
+    if (this.type !== 'google_play') {
+      throw new Error('payment method is not google_play');
+    }
+    if (!this.settings.google_play) {
+      throw new Error('payment method config insufficient for google_play');
+    }
+
+    if (googlePlayClients.has(this.id)) {
+      return googlePlayClients.get(this.id) as GooglePlayClient;
+    }
+
+    const settings = PaymentMethod.decryptSettings(this.settings);
+    const client = GooglePlayClient.fromSettings(settings.google_play!);
+    googlePlayClients.set(this.id, client);
+    return client;
+  }
+
+  getAppStoreClient() {
+    if (this.type !== 'app_store') {
+      throw new Error('payment method is not app_store');
+    }
+    if (!this.settings.app_store) {
+      throw new Error('payment method config insufficient for app_store');
+    }
+
+    if (appStoreClients.has(this.id)) {
+      return appStoreClients.get(this.id) as AppStoreClient;
+    }
+
+    const settings = PaymentMethod.decryptSettings(this.settings);
+    const client = AppStoreClient.fromSettings(settings.app_store!);
+    appStoreClients.set(this.id, client);
+    return client;
+  }
+
   public static async supportAutoCharge(id: string) {
     const method = await PaymentMethod.findByPk(id);
     return method && CHARGE_SUPPORTED_CHAIN_TYPES.includes(method.type);

package/api/src/store/models/price.ts

@@ -438,23 +438,32 @@ export class Price extends Model<InferAttributes<Price>, InferCreationAttributes
       }
     });
 
-    // expand upsell
+    // expand upsell — batch load to avoid N+1 queries
     if (upsell) {
-      await Promise.all(
-        prices.map(async (x) => {
-          if (x.upsell?.upsells_to_id) {
-            const to = await Price.findByPk(x.upsell?.upsells_to_id);
-            if (to) {
-              // @ts-ignore
-              x.upsell.upsells_to = to;
-            }
-          }
-          if (x.recurring?.meter_id) {
+      const upsellToIds = [...new Set(prices.map((x) => x.upsell?.upsells_to_id).filter(Boolean))] as string[];
+      const meterIds = [...new Set(prices.map((x) => x.recurring?.meter_id).filter(Boolean))] as string[];
+
+      const [upsellPrices, meters] = await Promise.all([
+        upsellToIds.length > 0 ? Price.findAll({ where: { id: upsellToIds } }) : [],
+        meterIds.length > 0 ? Meter.findAll({ where: { id: meterIds } }) : [],
+      ]);
+
+      const upsellPriceMap = new Map(upsellPrices.map((p) => [p.id, p]));
+      const meterMap = new Map(meters.map((m) => [m.id, m]));
+
+      prices.forEach((x) => {
+        if (x.upsell?.upsells_to_id) {
+          const to = upsellPriceMap.get(x.upsell.upsells_to_id);
+          if (to) {
             // @ts-ignore
-            x.meter = await Meter.findByPk(x.recurring?.meter_id);
+            x.upsell.upsells_to = to;
           }
-        })
-      );
+        }
+        if (x.recurring?.meter_id) {
+          // @ts-ignore
+          x.meter = meterMap.get(x.recurring.meter_id) ?? null;
+        }
+      });
     }
 
     // @ts-ignore

package/api/src/store/models/refund.ts

@@ -68,6 +68,11 @@ export class Refund extends Model<InferAttributes<Refund>, InferCreationAttribut
   declare updated_at: CreationOptional<Date>;
   declare type: LiteralUnion<'refund' | 'stake_return', string>;
 
+  // Refund origin (added for IAP support).
+  //   merchant_initiated —商户主动调 API 退款 (Stripe / 链上)
+  //   platform_initiated — Apple/Google webhook 推过来的退款，我们被动接收
+  declare source?: LiteralUnion<'merchant_initiated' | 'platform_initiated', string>;
+
   public static readonly GENESIS_ATTRIBUTES = {
     id: {
       type: DataTypes.STRING(30),
@@ -192,6 +197,11 @@ export class Refund extends Model<InferAttributes<Refund>, InferCreationAttribut
           allowNull: true,
           defaultValue: 'refund',
         },
+        source: {
+          type: DataTypes.STRING(30),
+          allowNull: true,
+          defaultValue: 'merchant_initiated',
+        },
       },
       {
         sequelize,

package/api/src/store/models/subscription.ts

@@ -129,6 +129,11 @@ export class Subscription extends Model<InferAttributes<Subscription>, InferCrea
 
   declare recovered_from?: string;
 
+  // Payment channel (D-005). Stripe / arcblock / ethereum / base / app_store / google_play
+  declare channel?: LiteralUnion<'stripe' | 'arcblock' | 'ethereum' | 'base' | 'app_store' | 'google_play', string>;
+  // IAP platform environment (D-005). Orthogonal to livemode.
+  declare environment?: LiteralUnion<'production' | 'sandbox', string>;
+
   // TODO: following fields not supported
   // application
   // application_fee_percent
@@ -346,6 +351,15 @@ export class Subscription extends Model<InferAttributes<Subscription>, InferCrea
           allowNull: true,
           defaultValue: null,
         },
+        channel: {
+          type: DataTypes.STRING(20),
+          allowNull: true,
+        },
+        environment: {
+          type: DataTypes.STRING(20),
+          allowNull: true,
+          defaultValue: 'production',
+        },
       },
       {
         sequelize,

package/api/src/store/models/types.ts

@@ -310,6 +310,22 @@ export type PaymentMethodSettings = {
     native_symbol: string;
     confirmation: number;
   };
+  google_play?: {
+    package_name: string;
+    service_account_json: string; // encrypted JSON string of GCP service account credentials
+    pubsub_topic_name: string; // projects/<project>/topics/<topic>
+  };
+  app_store?: {
+    bundle_id: string;
+    environment: LiteralUnion<'production' | 'sandbox', string>;
+    /** App-Specific Shared Secret — only needed when verifying StoreKit 1 (legacy) receipts via Apple's verifyReceipt endpoint. StoreKit 2 JWS path does not use this. */
+    shared_secret?: string; // encrypted
+    // App Store Server API credentials — only needed when calling Apple back for state refresh.
+    // StoreKit 2 JWS verification (the happy path) does NOT need any of these.
+    issuer_id?: string;
+    key_id?: string;
+    private_key_pem?: string; // encrypted .p8 file contents
+  };
 };
 
 export type VaultConfig = {
@@ -366,6 +382,22 @@ export type PaymentDetails = {
     block_height: number;
     confirmations: number;
   };
+  google_play?: {
+    purchase_token: string;
+    order_id?: string;
+    product_id: string;
+    subscription_id?: string;
+    expiry_time_millis?: string;
+    environment?: LiteralUnion<'production' | 'sandbox', string>;
+  };
+  app_store?: {
+    original_transaction_id: string;
+    transaction_id?: string;
+    product_id: string;
+    web_order_line_item_id?: string;
+    environment?: LiteralUnion<'Production' | 'Sandbox', string>;
+    expires_at?: number; // unix seconds
+  };
 };
 
 export type PaymentBeneficiary = {

package/api/tests/integrations/app-store/client.spec.ts

@@ -0,0 +1,335 @@
+// Unit tests for AppStoreClient.
+// All synthetic JWS fixtures here can't pass real Apple signature verification,
+// so we set APP_STORE_SKIP_SIGNATURE_VERIFY=true to exercise the decode/validate
+// surface. A dedicated test below confirms real-mode rejects synthetic JWSes.
+
+/* eslint-disable import/first */
+process.env.APP_STORE_SKIP_SIGNATURE_VERIFY = 'true';
+
+import { AppStoreClient, AppStoreSettings } from '../../../src/integrations/app-store/client';
+
+const mockConfigApple = jest.fn();
+const mockValidateAppleReceipt = jest.fn();
+jest.mock('node-apple-receipt-verify', () => ({
+  config: (...args: any[]) => mockConfigApple(...args),
+  validate: (...args: any[]) => mockValidateAppleReceipt(...args),
+}));
+
+beforeEach(() => {
+  mockConfigApple.mockReset();
+  mockValidateAppleReceipt.mockReset();
+});
+
+const baseSettings: AppStoreSettings = {
+  bundle_id: 'com.example.app',
+  environment: 'sandbox',
+};
+
+const makeJws = (payload: object, header: object = { alg: 'ES256' }): string => {
+  const h = Buffer.from(JSON.stringify(header)).toString('base64url');
+  const p = Buffer.from(JSON.stringify(payload)).toString('base64url');
+  return `${h}.${p}.signature-placeholder`;
+};
+
+describe('AppStoreClient.fromSettings', () => {
+  it('rejects missing bundle_id', () => {
+    expect(() => AppStoreClient.fromSettings({ ...baseSettings, bundle_id: '' })).toThrow(/bundle_id/);
+  });
+
+  it('rejects bad environment', () => {
+    expect(() => AppStoreClient.fromSettings({ ...baseSettings, environment: 'staging' as any })).toThrow(
+      /environment/
+    );
+  });
+
+  it('accepts minimal valid settings (no Server API creds)', () => {
+    const c = AppStoreClient.fromSettings(baseSettings);
+    expect(c.bundleId).toBe('com.example.app');
+    expect(c.environment).toBe('sandbox');
+  });
+});
+
+describe('AppStoreClient.verifyJwsTransaction (mock-phase decode)', () => {
+  let client: AppStoreClient;
+  beforeEach(() => {
+    client = AppStoreClient.fromSettings(baseSettings);
+  });
+
+  it('decodes a well-formed JWS payload', async () => {
+    const jws = makeJws({
+      transactionId: 'txn_1',
+      originalTransactionId: 'orig_1',
+      productId: 'pro_monthly',
+      expiresDate: 1800000000000,
+      appAccountToken: 'uuid-from-client',
+      environment: 'Sandbox',
+      bundleId: 'com.example.app',
+    });
+    const decoded = await client.verifyJwsTransaction(jws);
+    expect(decoded.transactionId).toBe('txn_1');
+    expect(decoded.originalTransactionId).toBe('orig_1');
+    expect(decoded.productId).toBe('pro_monthly');
+    expect(decoded.appAccountToken).toBe('uuid-from-client');
+    expect(decoded.environment).toBe('Sandbox');
+  });
+
+  it('rejects malformed JWS (not 3 segments)', async () => {
+    await expect(client.verifyJwsTransaction('not-a-jws')).rejects.toThrow(/format invalid/);
+    await expect(client.verifyJwsTransaction('a.b')).rejects.toThrow(/format invalid/);
+  });
+
+  it('rejects JWS whose payload is not valid JSON', async () => {
+    const h = Buffer.from(JSON.stringify({ alg: 'ES256' })).toString('base64url');
+    const broken = Buffer.from('this is not json').toString('base64url');
+    await expect(client.verifyJwsTransaction(`${h}.${broken}.sig`)).rejects.toThrow(/not valid JSON/);
+  });
+
+  it('rejects JWS whose bundleId disagrees with configured bundle_id', async () => {
+    const jws = makeJws({
+      transactionId: 'txn_1',
+      originalTransactionId: 'orig_1',
+      productId: 'pro_monthly',
+      environment: 'Sandbox',
+      bundleId: 'com.evil.app',
+    });
+    await expect(client.verifyJwsTransaction(jws)).rejects.toThrow(/bundleId mismatch/);
+  });
+
+  it('passes when JWS payload omits bundleId (older StoreKit 2 payloads)', async () => {
+    const jws = makeJws({
+      transactionId: 'txn_1',
+      originalTransactionId: 'orig_1',
+      productId: 'pro_monthly',
+      environment: 'Sandbox',
+    });
+    const decoded = await client.verifyJwsTransaction(jws);
+    expect(decoded.transactionId).toBe('txn_1');
+  });
+});
+
+describe('AppStoreClient write methods', () => {
+  it('refundSubscription is gated unless APP_STORE_WRITE_ENABLED', async () => {
+    const c = AppStoreClient.fromSettings(baseSettings);
+    await expect(c.refundSubscription('orig_1')).rejects.toThrow(/APP_STORE_WRITE_ENABLED/);
+  });
+
+  it('cancelSubscription is gated unless APP_STORE_WRITE_ENABLED', async () => {
+    const c = AppStoreClient.fromSettings(baseSettings);
+    await expect(c.cancelSubscription('orig_1')).rejects.toThrow(/APP_STORE_WRITE_ENABLED/);
+  });
+
+  it('getSubscriptionStatus errors clearly when Server API creds are not configured', async () => {
+    const c = AppStoreClient.fromSettings(baseSettings);
+    await expect(c.getSubscriptionStatus('orig_1')).rejects.toThrow(/issuer_id\/key_id\/private_key_pem/);
+  });
+});
+
+// `getSubscriptionStatus` against a mocked Apple SDK — we don't hit the real API.
+const mockGetAllSubscriptionStatuses = jest.fn();
+jest.mock('../../../src/integrations/app-store/signed-data-verifier', () => {
+  const actual = jest.requireActual('../../../src/integrations/app-store/signed-data-verifier');
+  return {
+    ...actual,
+    getAllSubscriptionStatuses: (...args: any[]) => mockGetAllSubscriptionStatuses(...args),
+  };
+});
+
+describe('AppStoreClient.getSubscriptionStatus (Server API)', () => {
+  beforeEach(() => {
+    mockGetAllSubscriptionStatuses.mockReset();
+  });
+
+  const credSettings: AppStoreSettings = {
+    bundle_id: 'com.example.app',
+    environment: 'sandbox',
+    issuer_id: 'iss_1',
+    key_id: 'KEY_ID_1',
+    private_key_pem: '-----BEGIN PRIVATE KEY-----\nfake\n-----END PRIVATE KEY-----',
+  };
+
+  it('returns decoded transaction payload when Apple returns matching txn', async () => {
+    const inner = (() => {
+      const h = Buffer.from(JSON.stringify({ alg: 'ES256' })).toString('base64url');
+      const p = Buffer.from(
+        JSON.stringify({
+          transactionId: 'txn_latest',
+          originalTransactionId: 'orig_X',
+          productId: 'sub_06',
+          bundleId: 'com.example.app',
+          environment: 'Sandbox',
+          expiresDate: 1900000000000,
+        })
+      ).toString('base64url');
+      return `${h}.${p}.sig`;
+    })();
+    mockGetAllSubscriptionStatuses.mockResolvedValue({
+      data: [{ lastTransactions: [{ originalTransactionId: 'orig_X', signedTransactionInfo: inner }] }],
+    });
+    const c = AppStoreClient.fromSettings(credSettings);
+    const result = await c.getSubscriptionStatus('orig_X');
+    expect(result?.transactionId).toBe('txn_latest');
+    expect(mockGetAllSubscriptionStatuses).toHaveBeenCalledWith(
+      'orig_X',
+      expect.objectContaining({ bundleId: 'com.example.app' })
+    );
+  });
+
+  it('returns null when Apple returns no matching transaction', async () => {
+    mockGetAllSubscriptionStatuses.mockResolvedValue({ data: [] });
+    const c = AppStoreClient.fromSettings(credSettings);
+    expect(await c.getSubscriptionStatus('orig_unknown')).toBeNull();
+  });
+});
+
+describe('AppStoreClient.verifyNotificationPayload (mock-phase decode)', () => {
+  let client: AppStoreClient;
+  beforeEach(() => {
+    client = AppStoreClient.fromSettings(baseSettings);
+  });
+
+  it('decodes a well-formed signedPayload', async () => {
+    const jws = makeJws({
+      notificationType: 'DID_RENEW',
+      subtype: 'BILLING_RECOVERY',
+      notificationUUID: 'uuid-notif-1',
+      version: '2.0',
+      signedDate: 1700000000000,
+      data: {
+        bundleId: 'com.example.app',
+        environment: 'Sandbox',
+        signedTransactionInfo: 'inner-jws',
+        status: 1,
+      },
+    });
+    const decoded = await client.verifyNotificationPayload(jws);
+    expect(decoded.notificationType).toBe('DID_RENEW');
+    expect(decoded.subtype).toBe('BILLING_RECOVERY');
+    expect(decoded.data.environment).toBe('Sandbox');
+    expect(decoded.data.signedTransactionInfo).toBe('inner-jws');
+  });
+
+  it('rejects malformed JWS (not 3 segments)', async () => {
+    await expect(client.verifyNotificationPayload('a.b')).rejects.toThrow(/JWS format invalid/);
+  });
+
+  it('rejects when notification bundleId disagrees with configured one', async () => {
+    const jws = makeJws({
+      notificationType: 'DID_RENEW',
+      notificationUUID: 'uuid-1',
+      version: '2.0',
+      signedDate: 1700000000000,
+      data: { bundleId: 'com.evil.app', environment: 'Sandbox' },
+    });
+    await expect(client.verifyNotificationPayload(jws)).rejects.toThrow(/bundleId mismatch/);
+  });
+});
+
+describe('AppStoreClient.verifyLegacyReceipt', () => {
+  const withSecret: AppStoreSettings = { ...baseSettings, shared_secret: 'sk_test_secret' };
+
+  it('refuses when shared_secret is not configured', async () => {
+    const c = AppStoreClient.fromSettings(baseSettings);
+    await expect(c.verifyLegacyReceipt('base64-receipt')).rejects.toThrow(/shared_secret is required/);
+  });
+
+  it('configures node-apple-receipt-verify with provided secret + both envs', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      {
+        bundleId: 'com.example.app',
+        productId: 'sub_06',
+        transactionId: 'txn_1',
+        originalTransactionId: 'orig_1',
+        purchaseDate: 1700000000000,
+        expirationDate: 1800000000000,
+      },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    await c.verifyLegacyReceipt('base64-receipt');
+    expect(mockConfigApple).toHaveBeenCalledWith(
+      expect.objectContaining({
+        secret: 'sk_test_secret',
+        environment: ['production', 'sandbox'],
+      })
+    );
+  });
+
+  it('normalizes one-item receipt to AppStoreTransactionPayload', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      {
+        bundleId: 'com.example.app',
+        productId: 'sub_06',
+        transactionId: 'txn_1',
+        originalTransactionId: 'orig_1',
+        purchaseDate: 1700000000000,
+        expirationDate: 1800000000000,
+      },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    const result = await c.verifyLegacyReceipt('base64-receipt');
+    expect(result).toEqual({
+      transactionId: 'txn_1',
+      originalTransactionId: 'orig_1',
+      productId: 'sub_06',
+      purchaseDate: 1700000000000,
+      expiresDate: 1800000000000,
+      appAccountToken: undefined,
+      environment: 'Sandbox',
+      bundleId: 'com.example.app',
+      webOrderLineItemId: undefined,
+    });
+  });
+
+  it('picks the item with the latest expirationDate when receipt contains multiple', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      { productId: 'sub_06', transactionId: 'old', expirationDate: 1500000000000 },
+      { productId: 'sub_06', transactionId: 'new', expirationDate: 1800000000000 },
+      { productId: 'sub_06', transactionId: 'mid', expirationDate: 1600000000000 },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    const result = await c.verifyLegacyReceipt('base64-receipt');
+    expect(result.transactionId).toBe('new');
+  });
+
+  it('filters by expectedProductIds when provided', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      { productId: 'other_sku', transactionId: 'wrong', expirationDate: 1900000000000 },
+      { productId: 'sub_06', transactionId: 'right', expirationDate: 1800000000000 },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    const result = await c.verifyLegacyReceipt('base64-receipt', { expectedProductIds: ['sub_06'] });
+    expect(result.transactionId).toBe('right');
+  });
+
+  it('throws when no item matches expectedProductIds', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      { productId: 'unknown_sku', transactionId: 'x', expirationDate: 1800000000000 },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    await expect(c.verifyLegacyReceipt('base64-receipt', { expectedProductIds: ['sub_06'] })).rejects.toThrow(
+      /no matching purchases/
+    );
+  });
+
+  it('rejects when receipt bundleId disagrees with configured bundle_id', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      {
+        bundleId: 'com.evil.app',
+        productId: 'sub_06',
+        transactionId: 'txn_1',
+        originalTransactionId: 'orig_1',
+        expirationDate: 1800000000000,
+      },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    await expect(c.verifyLegacyReceipt('base64-receipt')).rejects.toThrow(/bundleId mismatch/);
+  });
+
+  it('falls back to transactionId when originalTransactionId is absent', async () => {
+    mockValidateAppleReceipt.mockResolvedValue([
+      { productId: 'sub_06', transactionId: 'txn_only', expirationDate: 1800000000000 },
+    ]);
+    const c = AppStoreClient.fromSettings(withSecret);
+    const result = await c.verifyLegacyReceipt('base64-receipt');
+    expect(result.originalTransactionId).toBe('txn_only');
+  });
+});