payment-kit 1.29.2 → 1.29.3

package/vite.arc.config.ts

@@ -0,0 +1,159 @@
+/* eslint-disable import/no-extraneous-dependencies */
+// P1 (README D1 / F1) — arc-targeted SPA build.
+//
+// The standalone `vite.config.ts` injects its base via createBlockletPlugin
+// (vite.config.ts:56), whose base is CLI-immutable — so a `--base` override
+// cannot retarget it. arc needs a DETERMINISTIC base of '/.well-known/payment/',
+// so this config (like cloudflare/vite.config.ts) drops createBlockletPlugin and
+// sets `base` + `outDir` explicitly. Output lands directly in
+// packages/payment-core/web/ so the @arcblock/payment-service tarball ships the
+// frontend (T1.3 appends web/** to files). There is no blocklet-server doing
+// runtime window.blocklet injection here, so the P2 bootstrap helper injects it
+// at build time (single source — same helper the CF build uses).
+import path from 'path';
+
+import react from '@vitejs/plugin-react';
+import { defineConfig } from 'vite';
+import svgr from 'vite-plugin-svgr';
+import tsconfigPaths from 'vite-tsconfig-paths';
+
+import { PAYMENT_KIT_DID, buildBootstrapScript } from './scripts/bootstrap-inject';
+
+const coreDir = __dirname; // blocklets/core — where index.html and src/ live
+const UI_PREFIX = '/.well-known/payment';
+// Physical isolation (README D1 / data-leak): arc artifacts live in payment-core's
+// web/, never mixed with the standalone did-pay worker output (cloudflare/public).
+const webOutDir = path.resolve(coreDir, '../../packages/payment-core/web');
+
+export default defineConfig({
+  root: coreDir,
+  base: `${UI_PREFIX}/`,
+  plugins: [
+    tsconfigPaths({ root: coreDir }),
+    react(),
+    // Build-time window.blocklet bootstrap (P2 helper, single source). The
+    // remoteBlockletUrl is root-exact (the helper throws otherwise, T2.3), prefix
+    // is local-only (G3), componentId = PAYMENT_KIT_DID so getPrefix resolves to
+    // the arc UI prefix (packages/react/src/libs/util.ts:87).
+    {
+      name: 'arc-inject-blocklet',
+      transformIndexHtml(html: string) {
+        const injection = buildBootstrapScript({
+          uiPrefix: UI_PREFIX,
+          componentId: PAYMENT_KIT_DID,
+          remoteBlockletUrl: '/__blocklet__.js?type=json',
+          // serviceHost = ORIGIN ROOT, not '/.well-known/service'. The DID-Connect
+          // SessionProvider treats serviceHost as the API base and appends its OWN
+          // auth-service prefix (groupPrefix + servicePrefix + '/api/did' =
+          // '/.well-known/service/api/did') — so the session/csrf URLs resolve to
+          // <origin>/.well-known/service/api/did/*. Passing '/.well-known/service'
+          // double-counts it (=> /.well-known/service/.well-known/service/api/did/session).
+          // Root '/' lets the lib's appended prefix land at origin root, where arc
+          // serves the auth service (a sibling of /.well-known/payment, not under it).
+          serviceHost: '/',
+          // protect serviceHost too: the remote __blocklet__.js carries arc's own
+          // serviceHost/servicePrefix — must not clobber this build-time root base.
+          localOnly: ['prefix', 'serviceHost', 'navigation', 'componentMountPoints'],
+          // the payment blocklet's own nav + mount point — AUTH_SERVICE's
+          // __blocklet__.js doesn't carry them, so @blocklet/ui-react's dashboard
+          // would crash on `navigation.forEach` without these (localOnly-protected).
+          extra: {
+            componentMountPoints: [
+              {
+                did: PAYMENT_KIT_DID,
+                name: 'Payment Kit',
+                mountPoint: UI_PREFIX,
+                appId: PAYMENT_KIT_DID,
+                status: 'running',
+                capabilities: { component: true },
+              },
+            ],
+            navigation: [
+              {
+                id: 'payments',
+                title: { en: 'Payments', zh: '支付管理' },
+                icon: 'ion:card-outline',
+                link: '/admin',
+                section: ['dashboard', 'sessionManager'],
+                role: ['admin', 'owner'],
+              },
+              {
+                id: 'integrations',
+                title: { en: 'Integrations', zh: '快速集成' },
+                icon: 'ion:flash-outline',
+                link: '/integrations',
+                section: ['dashboard', 'sessionManager'],
+                role: ['admin', 'owner'],
+              },
+              {
+                id: 'billing',
+                title: { en: 'Billing', zh: '我的账单' },
+                icon: 'ion:receipt-outline',
+                link: '/customer',
+                private: true,
+                section: ['userCenter', 'sessionManager'],
+                role: ['owner', 'admin', 'member', 'guest'],
+              },
+            ],
+          },
+        });
+        return html.replace('<head>', `<head>${injection}`);
+      },
+    },
+    svgr(),
+  ],
+  resolve: {
+    alias: {
+      // Point workspace packages at source (same as the standalone dev/CF builds).
+      '@blocklet/payment-react': path.resolve(coreDir, '../../packages/react/src'),
+      '@blocklet/payment-react-headless': path.resolve(coreDir, '../../packages/payment-react-headless/src'),
+      '@blocklet/payment-js': path.resolve(coreDir, '../../packages/client/src'),
+      'lodash.assign': 'lodash/assign',
+      'lodash.clonedeep': 'lodash/cloneDeep',
+      'lodash.isequal': 'lodash/isEqual',
+      'lodash.merge': 'lodash/merge',
+      'lodash.find': 'lodash/find',
+    },
+    dedupe: [
+      '@blocklet/ui-react',
+      '@arcblock/ux',
+      '@arcblock/did-connect-react',
+      '@mui/material',
+      '@mui/icons-material',
+      'react',
+      'react-dom',
+      'lodash',
+      'bn.js',
+    ],
+  },
+  build: {
+    outDir: webOutDir,
+    emptyOutDir: true,
+    cssCodeSplit: false,
+    modulePreload: false,
+    // Align with build.mjs sourcemap:false — the shipped web/ carries no source
+    // maps (no source-layout leak, Security spec).
+    sourcemap: false,
+    reportCompressedSize: false,
+    chunkSizeWarningLimit: 2000,
+    commonjsOptions: { include: [/node_modules/], transformMixedEsModules: true },
+    rollupOptions: {
+      output: {
+        manualChunks: {
+          'vendor-react': ['react', 'react-dom', 'react-router-dom'],
+          'vendor-mui': ['@mui/material', '@mui/icons-material', '@mui/system'],
+          'vendor-arcblock': ['@arcblock/did-connect-react', '@arcblock/ux'],
+          'vendor-blocklet': ['@blocklet/ui-react'],
+        },
+      },
+    },
+  },
+  define: {
+    global: 'globalThis',
+    'process.env': {},
+  },
+  optimizeDeps: {
+    include: ['react', 'react-dom', 'react/jsx-runtime'],
+    esbuildOptions: { mainFields: ['module', 'main'], resolveExtensions: ['.ts', '.tsx', '.js', '.jsx'] },
+  },
+});

package/cloudflare/did-connect-auth.ts

@@ -1,310 +0,0 @@
-/**
- * DID Connect authentication for Cloudflare Workers.
- *
- * Since the published @arcblock/did-connect-js@1.28.0 does not include the Hono adapter,
- * we port the adapter logic here. When a newer version with native Hono support ships,
- * this file can be replaced by a direct import.
- *
- * Reference: blockchain/did/did-connect/src/adapters/hono.ts
- */
-import { WalletAuthenticator, WalletHandlers } from '@arcblock/did-connect-js';
-// abt-wallet 4.20+ is dual-decode (both CBOR + protobuf), so we can go back
-// to @ocap/client/encode's CBOR-only txEncoder. Drops ~300KB google-protobuf
-// runtime from the worker bundle. Requires abt-wallet >= 4.20.
-// fetchContext is also exported so we can pre-warm the module-level cache
-// at isolate init time — avoids the first-request 8s merchant timeout that
-// comes from fetchContext hitting beta chain (2 GraphQL queries in parallel).
-import { createTxEncoder, fetchContext } from '@ocap/client/encode';
-import * as Mcrypto from '@ocap/mcrypto';
-import { fromSecretKey } from '@ocap/wallet';
-import { EventEmitter } from 'events';
-
-// Import original connect handlers — esbuild aliases handle all dependency replacements
-import collectHandlers from '../api/src/routes/connect/collect';
-import collectBatchHandlers from '../api/src/routes/connect/collect-batch';
-import payHandlers from '../api/src/routes/connect/pay';
-import setupHandlers from '../api/src/routes/connect/setup';
-import subscribeHandlers from '../api/src/routes/connect/subscribe';
-import changePaymentHandlers from '../api/src/routes/connect/change-payment';
-import changePlanHandlers from '../api/src/routes/connect/change-plan';
-import changePayerHandlers from '../api/src/routes/connect/change-payer';
-import rechargeHandlers from '../api/src/routes/connect/recharge';
-import rechargeAccountHandlers from '../api/src/routes/connect/recharge-account';
-import delegationHandlers from '../api/src/routes/connect/delegation';
-import overdraftProtectionHandlers from '../api/src/routes/connect/overdraft-protection';
-import reStakeHandlers from '../api/src/routes/connect/re-stake';
-import autoRechargeAuthHandlers from '../api/src/routes/connect/auto-recharge-auth';
-
-const walletType = {
-  role: Mcrypto.types.RoleType.ROLE_APPLICATION,
-  pk: Mcrypto.types.KeyType.ED25519,
-  hash: Mcrypto.types.HashType.SHA3,
-};
-
-// ---------------------------------------------------------------------------
-// CloudflareKVStorage – ported from blockchain/did/did-connect/src/storage/kv.ts
-// Not yet published in @arcblock/did-connect-js@1.28.0
-// ---------------------------------------------------------------------------
-
-// D1-based storage for DID Connect tokens.
-// Replaces KV which is eventually consistent across datacenters (up to 60s delay).
-// D1 is strongly consistent — writes are immediately visible to all readers.
-// This fixes mobile wallet scanning: wallet POST auth writes to datacenter A,
-// browser status polling reads from datacenter B, and sees the update immediately.
-class CloudflareD1Storage extends EventEmitter {
-  private ttl: number;
-
-  constructor(options: { ttl?: number } = {}) {
-    super();
-    this.ttl = options.ttl ?? 300;
-  }
-
-  private _getDB() {
-    const env = (globalThis as any).__CF_ENV__;
-    const db = env?.DB;
-    if (!db) {
-      console.error('[D1Storage] DB not available - __CF_ENV__ missing or no DB binding');
-      return db;
-    }
-    return db.withSession('first-primary');
-  }
-
-  async create(token: string, status = 'created') {
-    try {
-      const db = this._getDB();
-      if (!db) throw new Error('DB not available');
-      const record = { token, status };
-      const expiresAt = Math.floor(Date.now() / 1000) + this.ttl;
-      await db
-        .prepare('INSERT OR REPLACE INTO _did_connect_tokens (token, data, expires_at) VALUES (?, ?, ?)')
-        .bind(token, JSON.stringify(record), expiresAt)
-        .run();
-      this.emit('create', record);
-      return record;
-    } catch (err: any) {
-      console.error('[D1Storage] create failed:', token, err?.message || err);
-      throw err;
-    }
-  }
-
-  async read(token: string) {
-    try {
-      const db = this._getDB();
-      if (!db) return null;
-      const now = Math.floor(Date.now() / 1000);
-      const row = await db
-        .prepare('SELECT data FROM _did_connect_tokens WHERE token = ? AND expires_at > ?')
-        .bind(token, now)
-        .first();
-      if (!row) return null;
-      return JSON.parse(row.data as string);
-    } catch (err: any) {
-      console.error('[D1Storage] read failed:', token, err?.message || err);
-      return null;
-    }
-  }
-
-  update(token: string, updates: Record<string, any>) {
-    // did-connect-js's handlers/util.ts onProcessError calls tokenStorage.update
-    // without awaiting it (fire-and-forget). On CF Workers a non-awaited Promise
-    // is terminated when the request handler returns, so the UPDATE never hits
-    // D1 and the token stays at "scanned" forever — the wallet UI then loops on
-    // `status: scanned` and shows "validating..." indefinitely.
-    //
-    // We wrap the real write in a promise, and register it via the global
-    // ctx.waitUntil (exposed as __cfWaitUntil__ in worker.ts) so the runtime
-    // keeps the isolate alive until the D1 write finishes, regardless of
-    // whether the caller awaits us.
-    const promise = (async () => {
-      try {
-        const existing = await this.read(token);
-        if (!existing) return null;
-
-        delete updates.token;
-        const merged = { ...existing, ...updates };
-        const expiresAt = Math.floor(Date.now() / 1000) + this.ttl;
-        const db = this._getDB();
-        if (!db) throw new Error('DB not available');
-        await db
-          .prepare('UPDATE _did_connect_tokens SET data = ?, expires_at = ? WHERE token = ?')
-          .bind(JSON.stringify(merged), expiresAt, token)
-          .run();
-        this.emit('update', merged);
-        return merged;
-      } catch (err: any) {
-        console.error('[D1Storage] update failed:', token, err?.message || err);
-        throw err;
-      }
-    })();
-
-    const waitUntil = (globalThis as any).__cfWaitUntil__ as ((p: Promise<any>) => void) | undefined;
-    if (typeof waitUntil === 'function') {
-      // Swallow rejection in waitUntil — the inner promise will still reject
-      // for any caller that does await us.
-      waitUntil(promise.catch(() => {}));
-    }
-    return promise;
-  }
-
-  async delete(token: string) {
-    try {
-      const existing = await this.read(token);
-      if (existing) {
-        this.emit('destroy', existing);
-      }
-      const db = this._getDB();
-      if (!db) return;
-      await db.prepare('DELETE FROM _did_connect_tokens WHERE token = ?').bind(token).run();
-    } catch (err: any) {
-      console.error('[D1Storage] delete failed:', token, err?.message || err);
-    }
-  }
-
-  async exist(token: string, did?: string) {
-    const record = await this.read(token);
-    if (!record) return false;
-    if (did) return record.did === did;
-    return true;
-  }
-}
-
-
-// ---------------------------------------------------------------------------
-// Public API
-// ---------------------------------------------------------------------------
-
-export function initAuth(kv: KVNamespace, appSK: string) {
-  const wallet = fromSecretKey(appSK, walletType);
-  const tokenStorage = new CloudflareD1Storage({ ttl: 300 });
-  // Trailing slash is REQUIRED — without it the host 50% times out (verified 2026-04-20).
-  // Matches the format used by D1 payment_methods.settings.arcblock.api_host.
-  const chainHost = 'https://beta.abtnetwork.io/api/';
-
-  // Pre-warm @ocap/client/encode's module-level context cache. The first
-  // createTxEncoder()(...) call internally awaits fetchContext, which POSTs
-  // getChainInfo + getForgeState to beta — ~1-3s on warm isolates, more on
-  // cold. When `genRequestedClaims` is called by the merchant and triggers
-  // the encoder, merchant's did-connect-js aborts after 8s. Firing the fetch
-  // here at init (module load) lets the cache populate while the worker sets
-  // up the rest of the request pipeline.
-  fetchContext(chainHost).catch((err) => {
-    // Non-fatal: on failure the first real request will retry via the
-    // encoder's own fetchContext call.
-    console.warn('[initAuth] pre-warm chainInfo failed:', err?.message);
-  });
-
-  const authenticator = new WalletAuthenticator({
-    wallet: wallet.toJSON(),
-    appInfo: ({ baseUrl }: { baseUrl: string }) => ({
-      name: 'Payment Kit',
-      description: 'Payment Kit on Cloudflare Workers',
-      icon: 'https://www.arcblock.io/favicon.ico',
-      link: baseUrl,
-    }),
-    chainInfo: {
-      type: 'arcblock',
-      host: chainHost,
-      id: 'beta',
-    },
-    txEncoder: createTxEncoder(),
-    // CF Workers: chain RPC to beta.abtnetwork.io + getContext warm-up can exceed
-    // the default 8s. Extend to 30s to match Node.js payment-kit behavior.
-    timeout: 30000,
-  });
-
-  // did-connect-js 4.0.0 natively detects Hono apps via isHonoApp()
-  const handlers = new WalletHandlers({ tokenStorage, authenticator });
-
-  return { wallet, authenticator, handlers, tokenStorage };
-}
-
-/**
- * Attach DID Connect routes to a Hono app.
- *
- * Registers the login action with full profile handling, and all payment-related
- * DID Connect actions using the original handler implementations from
- * api/src/routes/connect/*.ts. The handlers execute real on-chain operations
- * (transfers, delegations, staking) via @ocap/client HTTP RPC calls, which
- * work in CF Workers. If a handler fails to attach, it falls back to a stub.
- *
- * Payment actions registered:
- *   collect, collect-batch, payment, subscription, setup,
- *   change-payment, change-plan, change-payer,
- *   recharge, recharge-account,
- *   delegation, overdraft-protection, re-stake,
- *   auto-recharge-auth
- */
-export function attachDIDConnectRoutes(app: any, kv: KVNamespace, appSK: string) {
-  const { handlers, tokenStorage } = initAuth(kv, appSK);
-
-  // ---- Login action (full implementation) ----
-  handlers.attach({
-    app,
-    action: 'login',
-    claims: {
-      profile: () => ({
-        description: 'Please provide your profile to login',
-        fields: ['fullName', 'email', 'avatar'],
-      }),
-    },
-    onAuth: async ({ userDid, userPk, claims, updateSession }: any) => {
-      const claim = claims.find((x: any) => x.type === 'profile');
-      const { type: _type, signature: _sig, ...rest } = claim || {};
-      await updateSession({
-        result: {
-          ...rest,
-          did: userDid,
-          pk: userPk,
-        },
-      });
-    },
-  });
-
-  // ---- Payment DID Connect actions (real implementations) ----
-  // These use the original handlers from api/src/routes/connect/*.ts.
-  // esbuild aliases handle all dependency replacements (@blocklet/sdk, sequelize, etc.)
-  // so that @ocap/client HTTP-based RPC calls work in CF Workers.
-  const paymentHandlerList = [
-    collectHandlers,
-    collectBatchHandlers,
-    payHandlers,
-    setupHandlers,
-    subscribeHandlers,
-    changePaymentHandlers,
-    changePlanHandlers,
-    changePayerHandlers,
-    rechargeHandlers,
-    rechargeAccountHandlers,
-    delegationHandlers,
-    overdraftProtectionHandlers,
-    reStakeHandlers,
-    autoRechargeAuthHandlers,
-  ];
-
-  for (const handler of paymentHandlerList) {
-    try {
-      handlers.attach({ app, ...handler });
-      console.log(`[CF DID Connect] Attached real handler: ${handler.action}`);
-    } catch (err: any) {
-      console.error(`[CF DID Connect] Failed to attach handler ${handler.action}, using stub:`, err?.message);
-      // Fallback to stub if real handler fails to attach
-      handlers.attach({
-        app,
-        action: handler.action,
-        claims: {
-          profile: () => ({
-            description: `Please connect your wallet to proceed with ${handler.action}`,
-            fields: ['fullName', 'email'],
-          }),
-        },
-        onAuth: async ({ userDid, userPk, updateSession }: any) => {
-          await updateSession({
-            result: { did: userDid, pk: userPk },
-          });
-        },
-      });
-    }
-  }
-
-  return { handlers, tokenStorage };
-}

package/cloudflare/shims/blocklet-sdk/util-csrf.ts

@@ -1,13 +0,0 @@
-// CF shim for @blocklet/sdk/lib/util/csrf.
-//
-// DEAD on the CF path: the csrf middleware (middlewares/hono/csrf) lives only on
-// the NODE app-shell pipeline (service.ts buildHonoApp / configureNativePipeline,
-// reached via getHonoApp). The CF worker mounts a LITE app-shell (xss only) and
-// owns its own cors, so csrf never executes on the worker. These stubs exist only
-// so esbuild can resolve the import in the bundled-but-unreachable node code.
-export const getCsrfSecret = (): string => '';
-export const sign = (_secret: string, _value: string): string => '';
-export const verify = (_secret: string, _value: string, _token: string): boolean => false;
-export const hmac = (_secret: string, _value: string): string => '';
-
-export default { getCsrfSecret, sign, verify, hmac };

package/cloudflare/shims/blocklet-sdk/util-wallet.ts

@@ -1,8 +0,0 @@
-// CF shim for @blocklet/sdk/lib/util/wallet.
-//
-// DEAD on the CF path: the only importer is the csrf middleware (node-shell only;
-// see util-csrf.ts), which reads isDidWalletConnect to skip csrf for DID-wallet
-// requests. Never executes on the worker — a resolving stub is enough.
-export const isDidWalletConnect = (_userAgent?: string): boolean => false;
-
-export default { isDidWalletConnect };