psf-bch-api 7.2.1 → 7.2.2

package/{.env-local → .env-example}

@@ -25,6 +25,7 @@ PORT=5942
 X402_ENABLED=true
 SERVER_BCH_ADDRESS=bitcoincash:qqlrzp23w08434twmvr4fxw672whkjy0py26r63g3d
 FACILITATOR_URL=http://localhost:4345/facilitator
+X402_PRICE_SAT=200
 
 # Basic Authentication required to access this API?
 USE_BASIC_AUTH=true

package/README.md

@@ -8,7 +8,7 @@ This is a REST API for communicating with Bitcoin Cash infrastructure. It replac
 
 ## x402-bch Payments
 
-All REST endpoints exposed under the `/v6` prefix are protected by the [`x402-bch-express`](https://www.npmjs.com/package/x402-bch-express) middleware. Each API call requires a BCH payment authorization for **2000 satoshis**. The middleware advertises payment requirements via HTTP 402 responses and validates incoming `X-PAYMENT` headers with a configured Facilitator.
+All REST endpoints exposed under the `/v6` prefix are protected by the [`x402-bch-express`](https://www.npmjs.com/package/x402-bch-express) middleware. Each API call requires a BCH payment authorization for **200 satoshis**. The middleware advertises payment requirements via HTTP 402 responses and validates incoming `X-PAYMENT` headers with a configured Facilitator.
 
 ### Configuration
 
@@ -17,7 +17,7 @@ Environment variables control the payment flow:
 - `X402_ENABLED` — set to `false` (case-insensitive) to disable the middleware. Defaults to enabled.
 - `SERVER_BCH_ADDRESS` — BCH cash address that receives funding transactions. Defaults to `bitcoincash:qqlrzp23w08434twmvr4fxw672whkjy0py26r63g3d`.
 - `FACILITATOR_URL` — Root URL of the facilitator service (e.g., `http://localhost:4345/facilitator`).
-- `X402_PRICE_SAT` — Optional; override the satoshi price per call (defaults to `2000`).
+- `X402_PRICE_SAT` — Optional; override the satoshi price per call (defaults to `200`).
 
 When `X402_ENABLED=false`, the server continues to operate without payment headers for local development or trusted deployments.
 

package/bin/server.js

@@ -83,8 +83,10 @@ class Server {
 
       // Apply x402 middleware based on configuration
       // Logic:
-      // - If X402_ENABLED=false OR USE_BASIC_AUTH=false: Don't apply x402 (no rate limits)
       // - If X402_ENABLED=true AND USE_BASIC_AUTH=true: Apply x402 conditionally (bypass if basic auth valid)
+      // - If X402_ENABLED=true AND USE_BASIC_AUTH=false: Apply x402 unconditionally (no basic auth bypass)
+      // - If X402_ENABLED=false AND USE_BASIC_AUTH=true: Require basic auth only
+      // - If X402_ENABLED=false AND USE_BASIC_AUTH=false: No access control
 
       // Apply access control middleware based on configuration
       if (x402Settings.enabled && basicAuthSettings.enabled) {
@@ -112,6 +114,21 @@ class Server {
         }
 
         app.use(conditionalX402Middleware)
+      } else if (x402Settings.enabled && !basicAuthSettings.enabled) {
+        // X402_ENABLED=true AND USE_BASIC_AUTH=false: Apply x402 unconditionally (no basic auth bypass)
+        const routes = buildX402Routes(this.config.apiPrefix)
+        const facilitatorOptions = x402Settings.facilitatorUrl
+          ? { url: x402Settings.facilitatorUrl }
+          : undefined
+
+        wlogger.info(`x402 middleware enabled (basic auth disabled); enforcing ${x402Settings.priceSat} satoshis per request`)
+
+        // Apply x402 middleware unconditionally - no basic auth bypass
+        app.use(x402PaymentMiddleware(
+          x402Settings.serverAddress,
+          routes,
+          facilitatorOptions
+        ))
       } else if (basicAuthSettings.enabled && !x402Settings.enabled) {
         // USE_BASIC_AUTH=true AND X402_ENABLED=false: Require basic auth, reject unauthenticated requests
         wlogger.info('Basic auth enforcement enabled (x402 disabled)')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "psf-bch-api",
-  "version": "7.2.1",
+  "version": "7.2.2",
   "main": "psf-bch-api.js",
   "type": "module",
   "scripts": {
@@ -15,12 +15,12 @@
   "license": "MIT",
   "description": "REST API proxy to Bitcoin Cash infrastructure",
   "dependencies": {
-    "@psf/bch-js": "7.1.0",
+    "@psf/bch-js": "7.1.2",
     "axios": "1.7.7",
     "cors": "2.8.5",
     "dotenv": "16.3.1",
     "express": "5.1.0",
-    "minimal-slp-wallet": "7.0.1",
+    "minimal-slp-wallet": "7.0.2",
     "psffpp": "1.2.1",
     "slp-token-media": "1.2.10",
     "winston": "3.11.0",

package/production/docker/{.env-local → .env-example}

@@ -9,10 +9,10 @@ RPC_PASSWORD=password
 FULCRUM_API=http://172.17.0.1:3001/v1
 
 # SLP Indexer
-SLP_INDEXER_API=http://localhost:5010
+SLP_INDEXER_API=http://172.17.0.1:5010
 
 # REST API URL for wallet operations
-LOCAL_RESTURL=http://localhost:5942/v6
+LOCAL_RESTURL=http://172.17.0.1:5942/v6
 
 # END INFRASTRUCTURE SETUP
 
@@ -25,6 +25,7 @@ PORT=5942
 X402_ENABLED=true
 SERVER_BCH_ADDRESS=bitcoincash:qqlrzp23w08434twmvr4fxw672whkjy0py26r63g3d
 FACILITATOR_URL=http://localhost:4345/facilitator
+X402_PRICE_SAT=200
 
 # Basic Authentication required to access this API?
 USE_BASIC_AUTH=true

package/src/config/env/common.js

@@ -26,10 +26,10 @@ const normalizeBoolean = (value, defaultValue) => {
   return defaultValue
 }
 
-// By default, the price per API call is 2000 satoshis.
+// By default, the price per API call is 200 satoshis.
 // But the user can override this value by setting the X402_PRICE_SAT environment variable.
 const parsedPriceSat = Number(process.env.X402_PRICE_SAT)
-const priceSat = Number.isFinite(parsedPriceSat) && parsedPriceSat > 0 ? parsedPriceSat : 2000
+const priceSat = Number.isFinite(parsedPriceSat) && parsedPriceSat > 0 ? parsedPriceSat : 200
 
 const x402Defaults = {
   enabled: normalizeBoolean(process.env.X402_ENABLED, true),

package/src/config/x402.js

@@ -26,7 +26,7 @@ export function buildX402Routes (apiPrefix = '/v6') {
       price: config.x402.priceSat,
       network: NETWORK,
       config: {
-        description: `${DEFAULT_DESCRIPTION} (2000 satoshis)`,
+        description: `${DEFAULT_DESCRIPTION} (${config.x402.priceSat} satoshis)`,
         maxTimeoutSeconds: DEFAULT_TIMEOUT_SECONDS
       }
     }

package/src/use-cases/fulcrum-use-cases.js

@@ -6,7 +6,10 @@ import wlogger from '../adapters/wlogger.js'
 import BCHJS from '@psf/bch-js'
 import config from '../config/index.js'
 
-const bchjs = new BCHJS({ restURL: config.restURL })
+const bchjs = new BCHJS({
+  restURL: config.restURL,
+  bearerToken: config.basicAuth.token
+})
 
 class FulcrumUseCases {
   constructor (localConfig = {}) {
@@ -56,7 +59,7 @@ class FulcrumUseCases {
   async getTransactionDetails ({ txid }) {
     try {
       const response = await this.fulcrum.get(`electrumx/tx/data/${txid}`)
-      console.log(`getTransactionDetails() TXID ${txid}: ${JSON.stringify(response, null, 2)}`)
+      // console.log(`getTransactionDetails() TXID ${txid}: ${JSON.stringify(response, null, 2)}`)
       return response
     } catch (err) {
       wlogger.error('Error in FulcrumUseCases.getTransactionDetails()', err)

package/src/use-cases/slp-use-cases.js

@@ -274,7 +274,7 @@ class SlpUseCases {
       // Get transaction data
       console.log('Decoding OP_RETURN for TXID: ', txid)
       const txData = await this.bchjs.Electrumx.txData(txid)
-      console.log(`TXID ${txid}: ${JSON.stringify(txData, null, 2)}`)
+      // console.log(`TXID ${txid}: ${JSON.stringify(txData, null, 2)}`)
       let data = false
 
       // Map the vout of the transaction in search of an OP_RETURN