thirdweb 5.108.2 → 5.108.4-nightly-a94e9c2396956887d30da0b220675ed315b283ee-20250927000336

package/src/x402/common.ts

@@ -1,15 +1,25 @@
-import { type ERC20TokenAmount, type Money, moneySchema } from "x402/types";
+import type { Abi } from "abitype";
+import { toFunctionSelector } from "viem/utils";
+import { type Money, moneySchema } from "x402/types";
+import { getCachedChain } from "../chains/utils.js";
+import type { ThirdwebClient } from "../client/client.js";
+import { resolveContractAbi } from "../contract/actions/resolve-abi.js";
+import { getContract } from "../contract/contract.js";
+import { isPermitSupported } from "../extensions/erc20/__generated__/IERC20Permit/write/permit.js";
+import { isTransferWithAuthorizationSupported } from "../extensions/erc20/__generated__/USDC/write/transferWithAuthorization.js";
 import { getAddress } from "../utils/address.js";
 import { decodePayment } from "./encode.js";
-import type { facilitator as facilitatorType } from "./facilitator.js";
+import type { ThirdwebX402Facilitator } from "./facilitator.js";
 import {
   networkToChainId,
   type RequestedPaymentPayload,
   type RequestedPaymentRequirements,
 } from "./schemas.js";
 import {
+  type ERC20TokenAmount,
   type PaymentArgs,
   type PaymentRequiredResult,
+  type SupportedSignatureType,
   x402Version,
 } from "./types.js";
 
@@ -106,7 +116,10 @@ export async function decodePaymentRequest(
       },
       output: outputSchema,
     },
-    extra: (asset as ERC20TokenAmount["asset"]).eip712,
+    extra: {
+      facilitatorAddress: facilitator.address,
+      ...((asset as ERC20TokenAmount["asset"]).eip712 ?? {}),
+    },
   });
 
   // Check for payment header
@@ -184,7 +197,7 @@ export async function decodePaymentRequest(
 async function processPriceToAtomicAmount(
   price: Money | ERC20TokenAmount,
   chainId: number,
-  facilitator: ReturnType<typeof facilitatorType>,
+  facilitator: ThirdwebX402Facilitator,
 ): Promise<
   | { maxAmountRequired: string; asset: ERC20TokenAmount["asset"] }
   | { error: string }
@@ -224,7 +237,7 @@ async function processPriceToAtomicAmount(
 
 async function getDefaultAsset(
   chainId: number,
-  facilitator: ReturnType<typeof facilitatorType>,
+  facilitator: ThirdwebX402Facilitator,
 ): Promise<ERC20TokenAmount["asset"] | undefined> {
   const supportedAssets = await facilitator.supported();
   const matchingAsset = supportedAssets.kinds.find(
@@ -234,3 +247,43 @@ async function getDefaultAsset(
     ?.defaultAsset as ERC20TokenAmount["asset"];
   return assetConfig;
 }
+
+export async function getSupportedSignatureType(args: {
+  client: ThirdwebClient;
+  asset: string;
+  chainId: number;
+  eip712Extras: ERC20TokenAmount["asset"]["eip712"] | undefined;
+}): Promise<SupportedSignatureType | undefined> {
+  const primaryType = args.eip712Extras?.primaryType;
+
+  if (primaryType === "Permit" || primaryType === "TransferWithAuthorization") {
+    return primaryType;
+  }
+
+  // not specified, so we need to detect it
+  const abi = await resolveContractAbi<Abi>(
+    getContract({
+      client: args.client,
+      address: args.asset,
+      chain: getCachedChain(args.chainId),
+    }),
+  ).catch((error) => {
+    console.error("Error resolving contract ABI", error);
+    return [] as Abi;
+  });
+  const selectors = abi
+    .filter((f) => f.type === "function")
+    .map((f) => toFunctionSelector(f));
+  const hasPermit = isPermitSupported(selectors);
+  const hasTransferWithAuthorization =
+    isTransferWithAuthorizationSupported(selectors);
+
+  // prefer transferWithAuthorization over permit
+  if (hasTransferWithAuthorization) {
+    return "TransferWithAuthorization";
+  }
+  if (hasPermit) {
+    return "Permit";
+  }
+  return undefined;
+}

package/src/x402/facilitator.ts

@@ -15,6 +15,30 @@ export type ThirdwebX402FacilitatorConfig = {
   baseUrl?: string;
 };
 
+/**
+ * facilitator for the x402 payment protocol.
+ * @public
+ */
+export type ThirdwebX402Facilitator = {
+  url: `${string}://${string}`;
+  address: string;
+  createAuthHeaders: () => Promise<{
+    verify: Record<string, string>;
+    settle: Record<string, string>;
+    supported: Record<string, string>;
+    list: Record<string, string>;
+  }>;
+  verify: (
+    payload: RequestedPaymentPayload,
+    paymentRequirements: RequestedPaymentRequirements,
+  ) => Promise<VerifyResponse>;
+  settle: (
+    payload: RequestedPaymentPayload,
+    paymentRequirements: RequestedPaymentRequirements,
+  ) => Promise<FacilitatorSettleResponse>;
+  supported: () => Promise<SupportedPaymentKindsResponse>;
+};
+
 const DEFAULT_BASE_URL = "https://api.thirdweb.com/v1/payments/x402";
 
 /**
@@ -56,7 +80,9 @@ const DEFAULT_BASE_URL = "https://api.thirdweb.com/v1/payments/x402";
  *
  * @bridge x402
  */
-export function facilitator(config: ThirdwebX402FacilitatorConfig) {
+export function facilitator(
+  config: ThirdwebX402FacilitatorConfig,
+): ThirdwebX402Facilitator {
   const secretKey = config.client.secretKey;
   if (!secretKey) {
     throw new Error("Client secret key is required for the x402 facilitator");
@@ -69,6 +95,7 @@ export function facilitator(config: ThirdwebX402FacilitatorConfig) {
   }
   const facilitator = {
     url: (config.baseUrl ?? DEFAULT_BASE_URL) as `${string}://${string}`,
+    address: serverWalletAddress,
     createAuthHeaders: async () => {
       return {
         verify: {

package/src/x402/fetchWithPayment.ts

@@ -50,7 +50,7 @@ import { createPaymentHeader } from "./sign.js";
  */
 export function wrapFetchWithPayment(
   fetch: typeof globalThis.fetch,
-  _client: ThirdwebClient,
+  client: ThirdwebClient,
   wallet: Wallet,
   maxValue: bigint = BigInt(1 * 10 ** 6), // Default to 1 USDC
 ) {
@@ -103,9 +103,10 @@ export function wrapFetchWithPayment(
     }
 
     const paymentHeader = await createPaymentHeader(
+      client,
       account,
-      x402Version,
       selectedPaymentRequirements,
+      x402Version,
     );
 
     const initParams = init || {};

package/src/x402/sign.ts

@@ -1,7 +1,13 @@
+import { hexToBigInt } from "viem";
 import type { ExactEvmPayloadAuthorization } from "x402/types";
+import { getCachedChain } from "../chains/utils.js";
+import type { ThirdwebClient } from "../client/client.js";
+import { getContract } from "../contract/contract.js";
+import { nonces } from "../extensions/erc20/__generated__/IERC20Permit/read/nonces.js";
 import { type Address, getAddress } from "../utils/address.js";
 import { type Hex, toHex } from "../utils/encoding/hex.js";
 import type { Account } from "../wallets/interfaces/wallet.js";
+import { getSupportedSignatureType } from "./common.js";
 import { encodePayment } from "./encode.js";
 import {
   networkToChainId,
@@ -9,6 +15,7 @@ import {
   type RequestedPaymentRequirements,
   type UnsignedPaymentPayload,
 } from "./schemas.js";
+import type { ERC20TokenAmount } from "./types.js";
 
 /**
  * Prepares an unsigned payment header with the given sender address and payment requirements.
@@ -22,9 +29,8 @@ function preparePaymentHeader(
   from: Address,
   x402Version: number,
   paymentRequirements: RequestedPaymentRequirements,
+  nonce: Hex,
 ): UnsignedPaymentPayload {
-  const nonce = createNonce();
-
   const validAfter = BigInt(
     Math.floor(Date.now() / 1000) - 600, // 10 minutes before
   ).toString();
@@ -44,7 +50,7 @@ function preparePaymentHeader(
         value: paymentRequirements.maxAmountRequired,
         validAfter: validAfter.toString(),
         validBefore: validBefore.toString(),
-        nonce,
+        nonce: nonce,
       },
     },
   };
@@ -59,45 +65,78 @@ function preparePaymentHeader(
  * @returns A promise that resolves to the signed payment payload
  */
 async function signPaymentHeader(
+  client: ThirdwebClient,
   account: Account,
   paymentRequirements: RequestedPaymentRequirements,
-  unsignedPaymentHeader: UnsignedPaymentPayload,
-): Promise<RequestedPaymentPayload> {
-  const { signature } = await signAuthorization(
-    account,
-    unsignedPaymentHeader.payload.authorization,
-    paymentRequirements,
-  );
-
-  return {
-    ...unsignedPaymentHeader,
-    payload: {
-      ...unsignedPaymentHeader.payload,
-      signature,
-    },
-  };
-}
-
-/**
- * Creates a complete payment payload by preparing and signing a payment header.
- *
- * @param client - The signer wallet instance used to create and sign the payment
- * @param x402Version - The version of the X402 protocol to use
- * @param paymentRequirements - The payment requirements containing scheme and network information
- * @returns A promise that resolves to the complete signed payment payload
- */
-async function createPayment(
-  account: Account,
   x402Version: number,
-  paymentRequirements: RequestedPaymentRequirements,
 ): Promise<RequestedPaymentPayload> {
   const from = getAddress(account.address);
-  const unsignedPaymentHeader = preparePaymentHeader(
-    from,
-    x402Version,
-    paymentRequirements,
-  );
-  return signPaymentHeader(account, paymentRequirements, unsignedPaymentHeader);
+  const chainId = networkToChainId(paymentRequirements.network);
+  const supportedSignatureType = await getSupportedSignatureType({
+    client,
+    asset: paymentRequirements.asset,
+    chainId: chainId,
+    eip712Extras: paymentRequirements.extra as
+      | ERC20TokenAmount["asset"]["eip712"]
+      | undefined,
+  });
+
+  switch (supportedSignatureType) {
+    case "Permit": {
+      const nonce = await nonces({
+        contract: getContract({
+          address: paymentRequirements.asset,
+          chain: getCachedChain(chainId),
+          client: client,
+        }),
+        owner: from,
+      });
+      const unsignedPaymentHeader = preparePaymentHeader(
+        from,
+        x402Version,
+        paymentRequirements,
+        toHex(nonce, { size: 32 }), // permit nonce
+      );
+      const { signature } = await signERC2612Permit(
+        account,
+        unsignedPaymentHeader.payload.authorization,
+        paymentRequirements,
+      );
+      return {
+        ...unsignedPaymentHeader,
+        payload: {
+          ...unsignedPaymentHeader.payload,
+          signature,
+        },
+      };
+    }
+    case "TransferWithAuthorization": {
+      // default to transfer with authorization
+      const nonce = await createNonce();
+      const unsignedPaymentHeader = preparePaymentHeader(
+        from,
+        x402Version,
+        paymentRequirements,
+        nonce, // random nonce
+      );
+      const { signature } = await signERC3009Authorization(
+        account,
+        unsignedPaymentHeader.payload.authorization,
+        paymentRequirements,
+      );
+      return {
+        ...unsignedPaymentHeader,
+        payload: {
+          ...unsignedPaymentHeader.payload,
+          signature,
+        },
+      };
+    }
+    default:
+      throw new Error(
+        `No supported payment authorization methods found on ${paymentRequirements.asset} on chain ${paymentRequirements.network}`,
+      );
+  }
 }
 
 /**
@@ -109,14 +148,16 @@ async function createPayment(
  * @returns A promise that resolves to the encoded payment header string
  */
 export async function createPaymentHeader(
+  client: ThirdwebClient,
   account: Account,
-  x402Version: number,
   paymentRequirements: RequestedPaymentRequirements,
+  x402Version: number,
 ): Promise<string> {
-  const payment = await createPayment(
+  const payment = await signPaymentHeader(
+    client,
     account,
-    x402Version,
     paymentRequirements,
+    x402Version,
   );
   return encodePayment(payment);
 }
@@ -138,7 +179,7 @@ export async function createPaymentHeader(
  * @param paymentRequirements.extra - The extra information containing the name and version of the ERC20 contract
  * @returns The signature for the authorization
  */
-async function signAuthorization(
+async function signERC3009Authorization(
   account: Account,
   {
     from,
@@ -154,8 +195,7 @@ async function signAuthorization(
   const name = extra?.name;
   const version = extra?.version;
 
-  // TODO (402): detect permit vs transfer on asset contract
-  const data = {
+  const signature = await account.signTypedData({
     types: {
       TransferWithAuthorization: [
         { name: "from", type: "address" },
@@ -176,14 +216,65 @@ async function signAuthorization(
     message: {
       from: getAddress(from),
       to: getAddress(to),
-      value,
-      validAfter,
-      validBefore,
-      nonce: nonce,
+      value: BigInt(value),
+      validAfter: BigInt(validAfter),
+      validBefore: BigInt(validBefore),
+      nonce: nonce as Hex,
     },
+  });
+
+  return {
+    signature,
   };
+}
+
+async function signERC2612Permit(
+  account: Account,
+  { from, value, validBefore, nonce }: ExactEvmPayloadAuthorization,
+  { asset, network, extra }: RequestedPaymentRequirements,
+): Promise<{ signature: Hex }> {
+  const chainId = networkToChainId(network);
+  const name = extra?.name;
+  const version = extra?.version;
+  const facilitatorAddress = extra?.facilitatorAddress;
+  if (!facilitatorAddress) {
+    throw new Error(
+      "facilitatorAddress is required in PaymentRequirements extra to pay with permit-based assets",
+    );
+  }
+  if (!name || !version) {
+    throw new Error(
+      "name and version are required in PaymentRequirements extra to pay with permit-based assets",
+    );
+  }
+
+  //Permit(address owner,address spender,uint256 value,uint256 nonce,uint256 deadline
+  const signature = await account.signTypedData({
+    types: {
+      Permit: [
+        { name: "owner", type: "address" },
+        { name: "spender", type: "address" },
+        { name: "value", type: "uint256" },
+        { name: "nonce", type: "uint256" },
+        { name: "deadline", type: "uint256" },
+      ],
+    },
+    domain: {
+      name,
+      version,
+      chainId,
+      verifyingContract: getAddress(asset),
+    },
+    primaryType: "Permit" as const,
+    message: {
+      owner: getAddress(from),
+      spender: getAddress(facilitatorAddress), // approve the facilitator
+      value: BigInt(value),
+      nonce: hexToBigInt(nonce as Hex),
+      deadline: BigInt(validBefore),
+    },
+  });
 
-  const signature = await account.signTypedData(data);
   return {
     signature,
   };
@@ -194,7 +285,7 @@ async function signAuthorization(
  *
  * @returns A random 32-byte nonce as a hex string
  */
-function createNonce(): Hex {
+async function createNonce(): Promise<Hex> {
   const cryptoObj =
     typeof globalThis.crypto !== "undefined" &&
     typeof globalThis.crypto.getRandomValues === "function"

package/src/x402/types.ts

@@ -1,12 +1,8 @@
-import type {
-  ERC20TokenAmount,
-  Money,
-  PaymentMiddlewareConfig,
-} from "x402/types";
+import type { Money, PaymentMiddlewareConfig } from "x402/types";
 import type { Chain } from "../chains/types.js";
 import type { Address } from "../utils/address.js";
 import type { Prettify } from "../utils/type-utils.js";
-import type { facilitator as facilitatorType } from "./facilitator.js";
+import type { ThirdwebX402Facilitator } from "./facilitator.js";
 import type {
   FacilitatorNetwork,
   FacilitatorSettleResponse,
@@ -35,7 +31,7 @@ export type PaymentArgs = {
   /** The price for accessing the resource - either a USD amount (e.g., "$0.10") or a specific token amount */
   price: Money | ERC20TokenAmount;
   /** The payment facilitator instance used to verify and settle payments */
-  facilitator: ReturnType<typeof facilitatorType>;
+  facilitator: ThirdwebX402Facilitator;
   /** Optional configuration for the payment middleware route */
   routeConfig?: PaymentMiddlewareConfig;
 };
@@ -89,3 +85,18 @@ export type VerifyPaymentResult = Prettify<
     }
   | PaymentRequiredResult
 >;
+
+export type SupportedSignatureType = "TransferWithAuthorization" | "Permit";
+
+export type ERC20TokenAmount = {
+  amount: string;
+  asset: {
+    address: `0x${string}`;
+    decimals: number;
+    eip712: {
+      name: string;
+      version: string;
+      primaryType: SupportedSignatureType;
+    };
+  };
+};