x402z-server 0.0.7 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/index.d.mts +7 -0
  2. package/dist/index.d.ts +7 -0
  3. package/dist/index.js +25 -7
  4. package/dist/index.mjs +25 -7
  5. package/package.json +2 -2
package/dist/index.d.mts CHANGED
@@ -64,6 +64,13 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
64
64
  signer: RelayerSigner;
65
65
  relayer: RelayerInstance;
66
66
  debug?: boolean;
67
+ cors?: {
68
+ allowOrigin: string;
69
+ allowMethods?: string;
70
+ allowHeaders?: string;
71
+ allowCredentials?: boolean;
72
+ maxAgeSeconds?: number;
73
+ };
67
74
  };
68
75
  declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
69
76
 
package/dist/index.d.ts CHANGED
@@ -64,6 +64,13 @@ type X402zServerConfig = ConfidentialServerRegisterConfig & {
64
64
  signer: RelayerSigner;
65
65
  relayer: RelayerInstance;
66
66
  debug?: boolean;
67
+ cors?: {
68
+ allowOrigin: string;
69
+ allowMethods?: string;
70
+ allowHeaders?: string;
71
+ allowCredentials?: boolean;
72
+ maxAgeSeconds?: number;
73
+ };
67
74
  };
68
75
  declare function createX402zServer(config: X402zServerConfig): Promise<http.Server<typeof http.IncomingMessage, typeof http.ServerResponse>>;
69
76
 
package/dist/index.js CHANGED
@@ -178,6 +178,18 @@ async function createX402zServer(config) {
178
178
  const path = adapter.getPath();
179
179
  const paymentHeader = adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
180
180
  console.log(`[server] ${method} ${path}`);
181
+ const corsHeaders = config.cors ? {
182
+ "Access-Control-Allow-Origin": config.cors.allowOrigin,
183
+ "Access-Control-Allow-Methods": config.cors.allowMethods ?? "GET,POST,OPTIONS",
184
+ "Access-Control-Allow-Headers": config.cors.allowHeaders ?? "content-type,x402-payment,x-payment",
185
+ "Access-Control-Max-Age": String(config.cors.maxAgeSeconds ?? 600),
186
+ ...config.cors.allowCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}
187
+ } : {};
188
+ if (method === "OPTIONS") {
189
+ res.writeHead(204, corsHeaders);
190
+ res.end();
191
+ return;
192
+ }
181
193
  if (debugEnabled && paymentHeader) {
182
194
  console.debug("[x402z-server] payment header", paymentHeader);
183
195
  }
@@ -187,7 +199,7 @@ async function createX402zServer(config) {
187
199
  method: adapter.getMethod()
188
200
  });
189
201
  if (result.type === "payment-error") {
190
- res.writeHead(result.response.status, result.response.headers);
202
+ res.writeHead(result.response.status, { ...corsHeaders, ...result.response.headers });
191
203
  res.end(result.response.isHtml ? result.response.body : JSON.stringify(result.response.body ?? {}));
192
204
  console.log(`[server] ${method} ${path} -> ${result.response.status}`);
193
205
  return;
@@ -195,7 +207,7 @@ async function createX402zServer(config) {
195
207
  if (result.type === "payment-verified") {
196
208
  const settle = await httpServer.processSettlement(result.paymentPayload, result.paymentRequirements);
197
209
  if (!settle.success) {
198
- res.writeHead(500, { "Content-Type": "application/json" });
210
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
199
211
  res.end(JSON.stringify({ error: settle.errorReason }));
200
212
  console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
201
213
  return;
@@ -213,7 +225,7 @@ async function createX402zServer(config) {
213
225
  });
214
226
  const signerAddress = (0, import_viem.getAddress)(config.signer.address);
215
227
  if (!observer || !(0, import_viem.isAddressEqual)(observer, signerAddress)) {
216
- res.writeHead(500, { "Content-Type": "application/json" });
228
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
217
229
  res.end(JSON.stringify({ error: "observer_required" }));
218
230
  console.log(`[server] ${method} ${path} -> 500 observer_required`);
219
231
  return;
@@ -221,7 +233,7 @@ async function createX402zServer(config) {
221
233
  const batch = settle;
222
234
  const transferredHandle = batch.batch?.transferredHandle;
223
235
  if (!transferredHandle) {
224
- res.writeHead(500, { "Content-Type": "application/json" });
236
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
225
237
  res.end(JSON.stringify({ error: "missing_transferred_handle" }));
226
238
  console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
227
239
  return;
@@ -234,13 +246,13 @@ async function createX402zServer(config) {
234
246
  );
235
247
  const expected = BigInt(result.paymentRequirements.amount);
236
248
  if (decryptedAmount !== expected) {
237
- res.writeHead(500, { "Content-Type": "application/json" });
249
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
238
250
  res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
239
251
  console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
240
252
  return;
241
253
  }
242
254
  } catch (error) {
243
- res.writeHead(500, { "Content-Type": "application/json" });
255
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
244
256
  res.end(JSON.stringify({ error: "settlement_verification_failed" }));
245
257
  console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
246
258
  if (debugEnabled) {
@@ -254,6 +266,7 @@ async function createX402zServer(config) {
254
266
  });
255
267
  const status = payload.status ?? 200;
256
268
  const responseHeaders = {
269
+ ...corsHeaders,
257
270
  "Content-Type": "text/plain",
258
271
  ...settle.headers,
259
272
  ...payload.headers ?? {}
@@ -269,7 +282,12 @@ async function createX402zServer(config) {
269
282
  console.log(`[server] ${method} ${path} -> ${status}`);
270
283
  return;
271
284
  }
272
- sendText(res, 200, { "Content-Type": "text/plain" }, "no payment required");
285
+ sendText(
286
+ res,
287
+ 200,
288
+ { ...corsHeaders, "Content-Type": "text/plain" },
289
+ "no payment required"
290
+ );
273
291
  console.log(`[server] ${method} ${path} -> 200`);
274
292
  });
275
293
  return server;
package/dist/index.mjs CHANGED
@@ -147,6 +147,18 @@ async function createX402zServer(config) {
147
147
  const path = adapter.getPath();
148
148
  const paymentHeader = adapter.getHeader("x402-payment") ?? adapter.getHeader("x-payment");
149
149
  console.log(`[server] ${method} ${path}`);
150
+ const corsHeaders = config.cors ? {
151
+ "Access-Control-Allow-Origin": config.cors.allowOrigin,
152
+ "Access-Control-Allow-Methods": config.cors.allowMethods ?? "GET,POST,OPTIONS",
153
+ "Access-Control-Allow-Headers": config.cors.allowHeaders ?? "content-type,x402-payment,x-payment",
154
+ "Access-Control-Max-Age": String(config.cors.maxAgeSeconds ?? 600),
155
+ ...config.cors.allowCredentials ? { "Access-Control-Allow-Credentials": "true" } : {}
156
+ } : {};
157
+ if (method === "OPTIONS") {
158
+ res.writeHead(204, corsHeaders);
159
+ res.end();
160
+ return;
161
+ }
150
162
  if (debugEnabled && paymentHeader) {
151
163
  console.debug("[x402z-server] payment header", paymentHeader);
152
164
  }
@@ -156,7 +168,7 @@ async function createX402zServer(config) {
156
168
  method: adapter.getMethod()
157
169
  });
158
170
  if (result.type === "payment-error") {
159
- res.writeHead(result.response.status, result.response.headers);
171
+ res.writeHead(result.response.status, { ...corsHeaders, ...result.response.headers });
160
172
  res.end(result.response.isHtml ? result.response.body : JSON.stringify(result.response.body ?? {}));
161
173
  console.log(`[server] ${method} ${path} -> ${result.response.status}`);
162
174
  return;
@@ -164,7 +176,7 @@ async function createX402zServer(config) {
164
176
  if (result.type === "payment-verified") {
165
177
  const settle = await httpServer.processSettlement(result.paymentPayload, result.paymentRequirements);
166
178
  if (!settle.success) {
167
- res.writeHead(500, { "Content-Type": "application/json" });
179
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
168
180
  res.end(JSON.stringify({ error: settle.errorReason }));
169
181
  console.log(`[server] ${method} ${path} -> 500 settlement_failed`);
170
182
  return;
@@ -182,7 +194,7 @@ async function createX402zServer(config) {
182
194
  });
183
195
  const signerAddress = getAddress(config.signer.address);
184
196
  if (!observer || !isAddressEqual(observer, signerAddress)) {
185
- res.writeHead(500, { "Content-Type": "application/json" });
197
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
186
198
  res.end(JSON.stringify({ error: "observer_required" }));
187
199
  console.log(`[server] ${method} ${path} -> 500 observer_required`);
188
200
  return;
@@ -190,7 +202,7 @@ async function createX402zServer(config) {
190
202
  const batch = settle;
191
203
  const transferredHandle = batch.batch?.transferredHandle;
192
204
  if (!transferredHandle) {
193
- res.writeHead(500, { "Content-Type": "application/json" });
205
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
194
206
  res.end(JSON.stringify({ error: "missing_transferred_handle" }));
195
207
  console.log(`[server] ${method} ${path} -> 500 missing_transferred_handle`);
196
208
  return;
@@ -203,13 +215,13 @@ async function createX402zServer(config) {
203
215
  );
204
216
  const expected = BigInt(result.paymentRequirements.amount);
205
217
  if (decryptedAmount !== expected) {
206
- res.writeHead(500, { "Content-Type": "application/json" });
218
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
207
219
  res.end(JSON.stringify({ error: "settlement_amount_mismatch" }));
208
220
  console.log(`[server] ${method} ${path} -> 500 settlement_amount_mismatch`);
209
221
  return;
210
222
  }
211
223
  } catch (error) {
212
- res.writeHead(500, { "Content-Type": "application/json" });
224
+ res.writeHead(500, { ...corsHeaders, "Content-Type": "application/json" });
213
225
  res.end(JSON.stringify({ error: "settlement_verification_failed" }));
214
226
  console.log(`[server] ${method} ${path} -> 500 settlement_verification_failed`);
215
227
  if (debugEnabled) {
@@ -223,6 +235,7 @@ async function createX402zServer(config) {
223
235
  });
224
236
  const status = payload.status ?? 200;
225
237
  const responseHeaders = {
238
+ ...corsHeaders,
226
239
  "Content-Type": "text/plain",
227
240
  ...settle.headers,
228
241
  ...payload.headers ?? {}
@@ -238,7 +251,12 @@ async function createX402zServer(config) {
238
251
  console.log(`[server] ${method} ${path} -> ${status}`);
239
252
  return;
240
253
  }
241
- sendText(res, 200, { "Content-Type": "text/plain" }, "no payment required");
254
+ sendText(
255
+ res,
256
+ 200,
257
+ { ...corsHeaders, "Content-Type": "text/plain" },
258
+ "no payment required"
259
+ );
242
260
  console.log(`[server] ${method} ${path} -> 200`);
243
261
  });
244
262
  return server;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "x402z-server",
3
- "version": "0.0.7",
3
+ "version": "0.0.8",
4
4
  "main": "./dist/index.js",
5
5
  "module": "./dist/index.mjs",
6
6
  "types": "./dist/index.d.ts",
@@ -10,7 +10,7 @@
10
10
  "dependencies": {
11
11
  "@x402/core": "^2.0.0",
12
12
  "viem": "^2.43.3",
13
- "x402z-shared": "0.0.7"
13
+ "x402z-shared": "0.0.8"
14
14
  },
15
15
  "devDependencies": {
16
16
  "jest": "^29.7.0",