From 9a47048594b2d30091b0cac4aa886a65fb46ccfd Mon Sep 17 00:00:00 2001 From: "Tommy D. Rossi" Date: Sat, 9 May 2026 10:48:13 +0200 Subject: [PATCH] Revert "remove example-x402 (preserved in example-x402-preserve branch / PR)" This reverts commit 4c2285437f45d64eb1f68507c4e3a1f60e04c544. --- example-x402/.env.example | 5 + example-x402/.gitignore | 4 + example-x402/README.md | 76 ++++ example-x402/package.json | 32 ++ example-x402/public/favicon.ico | Bin 0 -> 25931 bytes example-x402/src/globals.css | 19 + example-x402/src/main.tsx | 87 +++++ example-x402/src/paid-data.tsx | 90 +++++ example-x402/src/x402-middleware.test.ts | 259 +++++++++++++ example-x402/src/x402-middleware.ts | 460 +++++++++++++++++++++++ example-x402/tsconfig.json | 21 ++ example-x402/vite.config.ts | 15 + example-x402/vitest.config.ts | 7 + 13 files changed, 1075 insertions(+) create mode 100644 example-x402/.env.example create mode 100644 example-x402/.gitignore create mode 100644 example-x402/README.md create mode 100644 example-x402/package.json create mode 100644 example-x402/public/favicon.ico create mode 100644 example-x402/src/globals.css create mode 100644 example-x402/src/main.tsx create mode 100644 example-x402/src/paid-data.tsx create mode 100644 example-x402/src/x402-middleware.test.ts create mode 100644 example-x402/src/x402-middleware.ts create mode 100644 example-x402/tsconfig.json create mode 100644 example-x402/vite.config.ts create mode 100644 example-x402/vitest.config.ts diff --git a/example-x402/.env.example b/example-x402/.env.example new file mode 100644 index 00000000..ff777562 --- /dev/null +++ b/example-x402/.env.example @@ -0,0 +1,5 @@ +# Stripe — fresh crypto deposit addresses are minted via Stripe PaymentIntents +STRIPE_SECRET_KEY=sk_test_... + +# Optional — defaults to https://www.x402.org/facilitator +FACILITATOR_URL=https://www.x402.org/facilitator diff --git a/example-x402/.gitignore b/example-x402/.gitignore new file mode 100644 index 00000000..b1640b50 --- /dev/null +++ b/example-x402/.gitignore @@ -0,0 +1,4 @@ +node_modules +dist +.env +.env.local diff --git a/example-x402/README.md b/example-x402/README.md new file mode 100644 index 00000000..dc2629b6 --- /dev/null +++ b/example-x402/README.md @@ -0,0 +1,76 @@ +# example-x402 + +A spiceflow app that protects a single API route (`GET /paid`) with the +[x402](https://www.x402.org) payment protocol. Each request costs **$0.01**, +settled on **Base Sepolia** in USDC. Fresh deposit addresses are minted via +Stripe PaymentIntents, mirroring [stripe-samples/machine-payments](https://github.com/stripe-samples/machine-payments). + +## Shape + +``` +app (root Spiceflow) +├── serveStatic('/public') +├── layout '/*' +├── page '/' ← RSC page with a client comp +└── use(paidApp) + paidApp (Spiceflow sub-app) + ├── use(x402({ price, network, payTo })) ← only runs for paidApp routes + └── get '/paid' → () => ({ foo: 'bar' }) +``` + +Spiceflow scopes middleware by **sub-app ownership**, not by path. Mounting +`paidApp` via `app.use(paidApp)` means the x402 handshake only runs for routes +defined on `paidApp`. Anything on the parent app (`/`, static files, RSC +pages) is untouched. + +## Why a custom middleware instead of `@x402/hono` + +`@x402/hono`'s `paymentMiddleware` is ~380 lines and wraps a ~1000-line +`x402HTTPResourceServer`. It carries its own route matcher, HTML paywall +generator, Hono context adapter, bazaar extension loader, and settlement +overrides header. Spiceflow already has a trie router, so a bespoke ~180-line +middleware at [`src/x402-middleware.ts`](./src/x402-middleware.ts) is enough. +It only imports from `@x402/core/server`, `@x402/core/http`, `@x402/core/types`, +and `@x402/evm/exact/server`. + +## Setup + +```bash +cp .env.example .env +# fill in STRIPE_SECRET_KEY +pnpm install +pnpm dev +``` + +Open and click **Call /paid** to see the 402 challenge, +or hit the route directly with curl: + +```bash +curl -i http://localhost:3000/paid +# HTTP/1.1 402 Payment Required +# www-authenticate: x402 scheme="exact" +# content-type: application/json +# +# {"x402Version":2,"error":"Payment required","accepts":[...]} +``` + +A real x402 client would sign an on-chain payment to the `payTo` address in +the challenge and retry with an `x-payment` header. See +[x402.org](https://www.x402.org) for client libraries. + +## Environment + +| Variable | Required | Default | +|---------------------|----------|-------------------------------------------| +| `STRIPE_SECRET_KEY` | yes | — | +| `FACILITATOR_URL` | no | `https://www.x402.org/facilitator` | +| `PORT` | no | `3000` | + +## Tests + +```bash +pnpm test +``` + +The middleware unit tests inject a fake `x402ResourceServer` via the +undocumented `server` option on `x402()`. No network, no mocks. diff --git a/example-x402/package.json b/example-x402/package.json new file mode 100644 index 00000000..75b14950 --- /dev/null +++ b/example-x402/package.json @@ -0,0 +1,32 @@ +{ + "name": "example-x402", + "private": true, + "type": "module", + "scripts": { + "dev": "vite dev", + "build": "vite build", + "start": "node dist/rsc/index.js", + "test": "vitest --run" + }, + "dependencies": { + "@tailwindcss/vite": "^4.2.2", + "@types/react": "19.2.14", + "@types/react-dom": "19.2.3", + "@x402/core": "^2.9.0", + "@x402/evm": "^2.9.0", + "dotenv": "^17.4.0", + "errore": "^0.14.0", + "node-cache": "^5.1.2", + "react": "19.2.4", + "react-dom": "19.2.4", + "spiceflow": "workspace:^", + "stripe": "^21.0.1", + "tailwindcss": "4.0.6", + "typescript": "5.7.3", + "vite": "^8.0.8" + }, + "devDependencies": { + "@vitejs/plugin-react": "^6.0.1", + "vitest": "^4.1.4" + } +} diff --git a/example-x402/public/favicon.ico b/example-x402/public/favicon.ico new file mode 100644 index 0000000000000000000000000000000000000000..718d6fea4835ec2d246af9800eddb7ffb276240c GIT binary patch literal 25931 zcmeHv30#a{`}aL_*G&7qml|y<+KVaDM2m#dVr!KsA!#An?kSQM(q<_dDNCpjEux83 zLb9Z^XxbDl(w>%i@8hT6>)&Gu{h#Oeyszu?xtw#Zb1mO{pgX9699l+Qppw7jXaYf~-84xW z)w4x8?=youko|}Vr~(D$UXIbiXABHh`p1?nn8Po~fxRJv}|0e(BPs|G`(TT%kKVJAdg5*Z|x0leQq0 zkdUBvb#>9F()jo|T~kx@OM8$9wzs~t2l;K=woNssA3l6|sx2r3+kdfVW@e^8e*E}v zA1y5{bRi+3Z`uD3{F7LgFJDdvm;nJilkzDku>BwXH(8ItVCXk*-lSJnR?-2UN%hJ){&rlvg`CDTj z)Bzo!3v7Ou#83zEDEFcKt(f1E0~=rqeEbTnMvWR#{+9pg%7G8y>u1OVRUSoox-ovF z2Ydma(;=YuBY(eI|04{hXzZD6_f(v~H;C~y5=DhAC{MMS>2fm~1H_t2$56pc$NH8( z5bH|<)71dV-_oCHIrzrT`2s-5w_+2CM0$95I6X8p^r!gHp+j_gd;9O<1~CEQQGS8) zS9Qh3#p&JM-G8rHekNmKVewU;pJRcTAog68KYo^dRo}(M>36U4Us zfgYWSiHZL3;lpWT=zNAW>Dh#mB!_@Lg%$ms8N-;aPqMn+C2HqZgz&9~Eu z4|Kp<`$q)Uw1R?y(~S>ePdonHxpV1#eSP1B;Ogo+-Pk}6#0GsZZ5!||ev2MGdh}_m z{DeR7?0-1^zVs&`AV6Vt;r3`I`OI_wgs*w=eO%_#7Kepl{B@xiyCANc(l zzIyd4y|c6PXWq9-|KM8(zIk8LPk(>a)zyFWjhT!$HJ$qX1vo@d25W<fvZQ2zUz5WRc(UnFMKHwe1| zWmlB1qdbiA(C0jmnV<}GfbKtmcu^2*P^O?MBLZKt|As~ge8&AAO~2K@zbXelK|4T<{|y4`raF{=72kC2Kn(L4YyenWgrPiv z@^mr$t{#X5VuIMeL!7Ab6_kG$&#&5p*Z{+?5U|TZ`B!7llpVmp@skYz&n^8QfPJzL z0G6K_OJM9x+Wu2gfN45phANGt{7=C>i34CV{Xqlx(fWpeAoj^N0Biu`w+MVcCUyU* zDZuzO0>4Z6fbu^T_arWW5n!E45vX8N=bxTVeFoep_G#VmNlQzAI_KTIc{6>c+04vr zx@W}zE5JNSU>!THJ{J=cqjz+4{L4A{Ob9$ZJ*S1?Ggg3klFp!+Y1@K+pK1DqI|_gq z5ZDXVpge8-cs!o|;K73#YXZ3AShj50wBvuq3NTOZ`M&qtjj#GOFfgExjg8Gn8>Vq5 z`85n+9|!iLCZF5$HJ$Iu($dm?8~-ofu}tEc+-pyke=3!im#6pk_Wo8IA|fJwD&~~F zc16osQ)EBo58U7XDuMexaPRjU@h8tXe%S{fA0NH3vGJFhuyyO!Uyl2^&EOpX{9As0 zWj+P>{@}jxH)8|r;2HdupP!vie{sJ28b&bo!8`D^x}TE$%zXNb^X1p@0PJ86`dZyj z%ce7*{^oo+6%&~I!8hQy-vQ7E)0t0ybH4l%KltWOo~8cO`T=157JqL(oq_rC%ea&4 z2NcTJe-HgFjNg-gZ$6!Y`SMHrlj}Etf7?r!zQTPPSv}{so2e>Fjs1{gzk~LGeesX%r(Lh6rbhSo_n)@@G-FTQy93;l#E)hgP@d_SGvyCp0~o(Y;Ee8{ zdVUDbHm5`2taPUOY^MAGOw*>=s7=Gst=D+p+2yON!0%Hk` zz5mAhyT4lS*T3LS^WSxUy86q&GnoHxzQ6vm8)VS}_zuqG?+3td68_x;etQAdu@sc6 zQJ&5|4(I?~3d-QOAODHpZ=hlSg(lBZ!JZWCtHHSj`0Wh93-Uk)_S%zsJ~aD>{`A0~ z9{AG(e|q3g5B%wYKRxiL2Y$8(4w6bzchKuloQW#e&S3n+P- z8!ds-%f;TJ1>)v)##>gd{PdS2Oc3VaR`fr=`O8QIO(6(N!A?pr5C#6fc~Ge@N%Vvu zaoAX2&(a6eWy_q&UwOhU)|P3J0Qc%OdhzW=F4D|pt0E4osw;%<%Dn58hAWD^XnZD= z>9~H(3bmLtxpF?a7su6J7M*x1By7YSUbxGi)Ot0P77`}P3{)&5Un{KD?`-e?r21!4vTTnN(4Y6Lin?UkSM z`MXCTC1@4A4~mvz%Rh2&EwY))LeoT=*`tMoqcEXI>TZU9WTP#l?uFv+@Dn~b(>xh2 z;>B?;Tz2SR&KVb>vGiBSB`@U7VIWFSo=LDSb9F{GF^DbmWAfpms8Sx9OX4CnBJca3 zlj9(x!dIjN?OG1X4l*imJNvRCk}F%!?SOfiOq5y^mZW)jFL@a|r-@d#f7 z2gmU8L3IZq0ynIws=}~m^#@&C%J6QFo~Mo4V`>v7MI-_!EBMMtb%_M&kvAaN)@ZVw z+`toz&WG#HkWDjnZE!6nk{e-oFdL^$YnbOCN}JC&{$#$O27@|Tn-skXr)2ml2~O!5 zX+gYoxhoc7qoU?C^3~&!U?kRFtnSEecWuH0B0OvLodgUAi}8p1 zrO6RSXHH}DMc$&|?D004DiOVMHV8kXCP@7NKB zgaZq^^O<7PoKEp72kby@W0Z!Y*Ay{&vfg#C&gG@YVR9g?FEocMUi1gSN$+V+ayF45{a zuDZDTN}mS|;BO%gEf}pjBfN2-gIrU#G5~cucA;dokXW89%>AyXJJI z9X4UlIWA|ZYHgbI z5?oFk@A=Ik7lrEQPDH!H+b`7_Y~aDb_qa=B2^Y&Ow41cU=4WDd40dp5(QS-WMN-=Y z9g;6_-JdNU;|6cPwf$ak*aJIcwL@1n$#l~zi{c{EW?T;DaW*E8DYq?Umtz{nJ&w-M zEMyTDrC&9K$d|kZe2#ws6)L=7K+{ zQw{XnV6UC$6-rW0emqm8wJoeZK)wJIcV?dST}Z;G0Arq{dVDu0&4kd%N!3F1*;*pW zR&qUiFzK=@44#QGw7k1`3t_d8&*kBV->O##t|tonFc2YWrL7_eqg+=+k;!F-`^b8> z#KWCE8%u4k@EprxqiV$VmmtiWxDLgnGu$Vs<8rppV5EajBXL4nyyZM$SWVm!wnCj-B!Wjqj5-5dNXukI2$$|Bu3Lrw}z65Lc=1G z^-#WuQOj$hwNGG?*CM_TO8Bg-1+qc>J7k5c51U8g?ZU5n?HYor;~JIjoWH-G>AoUP ztrWWLbRNqIjW#RT*WqZgPJXU7C)VaW5}MiijYbABmzoru6EmQ*N8cVK7a3|aOB#O& zBl8JY2WKfmj;h#Q!pN%9o@VNLv{OUL?rixHwOZuvX7{IJ{(EdPpuVFoQqIOa7giLVkBOKL@^smUA!tZ1CKRK}#SSM)iQHk)*R~?M!qkCruaS!#oIL1c z?J;U~&FfH#*98^G?i}pA{ z9Jg36t4=%6mhY(quYq*vSxptes9qy|7xSlH?G=S@>u>Ebe;|LVhs~@+06N<4CViBk zUiY$thvX;>Tby6z9Y1edAMQaiH zm^r3v#$Q#2T=X>bsY#D%s!bhs^M9PMAcHbCc0FMHV{u-dwlL;a1eJ63v5U*?Q_8JO zT#50!RD619#j_Uf))0ooADz~*9&lN!bBDRUgE>Vud-i5ck%vT=r^yD*^?Mp@Q^v+V zG#-?gKlr}Eeqifb{|So?HM&g91P8|av8hQoCmQXkd?7wIJwb z_^v8bbg`SAn{I*4bH$u(RZ6*xUhuA~hc=8czK8SHEKTzSxgbwi~9(OqJB&gwb^l4+m`k*Q;_?>Y-APi1{k zAHQ)P)G)f|AyjSgcCFps)Fh6Bca*Xznq36!pV6Az&m{O8$wGFD? zY&O*3*J0;_EqM#jh6^gMQKpXV?#1?>$ml1xvh8nSN>-?H=V;nJIwB07YX$e6vLxH( zqYwQ>qxwR(i4f)DLd)-$P>T-no_c!LsN@)8`e;W@)-Hj0>nJ-}Kla4-ZdPJzI&Mce zv)V_j;(3ERN3_@I$N<^|4Lf`B;8n+bX@bHbcZTopEmDI*Jfl)-pFDvo6svPRoo@(x z);_{lY<;);XzT`dBFpRmGrr}z5u1=pC^S-{ce6iXQlLGcItwJ^mZx{m$&DA_oEZ)B{_bYPq-HA zcH8WGoBG(aBU_j)vEy+_71T34@4dmSg!|M8Vf92Zj6WH7Q7t#OHQqWgFE3ARt+%!T z?oLovLVlnf?2c7pTc)~cc^($_8nyKwsN`RA-23ed3sdj(ys%pjjM+9JrctL;dy8a( z@en&CQmnV(()bu|Y%G1-4a(6x{aLytn$T-;(&{QIJB9vMox11U-1HpD@d(QkaJdEb zG{)+6Dos_L+O3NpWo^=gR?evp|CqEG?L&Ut#D*KLaRFOgOEK(Kq1@!EGcTfo+%A&I z=dLbB+d$u{sh?u)xP{PF8L%;YPPW53+@{>5W=Jt#wQpN;0_HYdw1{ksf_XhO4#2F= zyPx6Lx2<92L-;L5PD`zn6zwIH`Jk($?Qw({erA$^bC;q33hv!d!>%wRhj# zal^hk+WGNg;rJtb-EB(?czvOM=H7dl=vblBwAv>}%1@{}mnpUznfq1cE^sgsL0*4I zJ##!*B?=vI_OEVis5o+_IwMIRrpQyT_Sq~ZU%oY7c5JMIADzpD!Upz9h@iWg_>>~j zOLS;wp^i$-E?4<_cp?RiS%Rd?i;f*mOz=~(&3lo<=@(nR!_Rqiprh@weZlL!t#NCc zO!QTcInq|%#>OVgobj{~ixEUec`E25zJ~*DofsQdzIa@5^nOXj2T;8O`l--(QyU^$t?TGY^7#&FQ+2SS3B#qK*k3`ye?8jUYSajE5iBbJls75CCc(m3dk{t?- zopcER9{Z?TC)mk~gpi^kbbu>b-+a{m#8-y2^p$ka4n60w;Sc2}HMf<8JUvhCL0B&Btk)T`ctE$*qNW8L$`7!r^9T+>=<=2qaq-;ll2{`{Rg zc5a0ZUI$oG&j-qVOuKa=*v4aY#IsoM+1|c4Z)<}lEDvy;5huB@1RJPquU2U*U-;gu z=En2m+qjBzR#DEJDO`WU)hdd{Vj%^0V*KoyZ|5lzV87&g_j~NCjwv0uQVqXOb*QrQ zy|Qn`hxx(58c70$E;L(X0uZZ72M1!6oeg)(cdKO ze0gDaTz+ohR-#d)NbAH4x{I(21yjwvBQfmpLu$)|m{XolbgF!pmsqJ#D}(ylp6uC> z{bqtcI#hT#HW=wl7>p!38sKsJ`r8}lt-q%Keqy%u(xk=yiIJiUw6|5IvkS+#?JTBl z8H5(Q?l#wzazujH!8o>1xtn8#_w+397*_cy8!pQGP%K(Ga3pAjsaTbbXJlQF_+m+-UpUUent@xM zg%jqLUExj~o^vQ3Gl*>wh=_gOr2*|U64_iXb+-111aH}$TjeajM+I20xw(((>fej-@CIz4S1pi$(#}P7`4({6QS2CaQS4NPENDp>sAqD z$bH4KGzXGffkJ7R>V>)>tC)uax{UsN*dbeNC*v}#8Y#OWYwL4t$ePR?VTyIs!wea+ z5Urmc)X|^`MG~*dS6pGSbU+gPJoq*^a=_>$n4|P^w$sMBBy@f*Z^Jg6?n5?oId6f{ z$LW4M|4m502z0t7g<#Bx%X;9<=)smFolV&(V^(7Cv2-sxbxopQ!)*#ZRhTBpx1)Fc zNm1T%bONzv6@#|dz(w02AH8OXe>kQ#1FMCzO}2J_mST)+ExmBr9cva-@?;wnmWMOk z{3_~EX_xadgJGv&H@zK_8{(x84`}+c?oSBX*Ge3VdfTt&F}yCpFP?CpW+BE^cWY0^ zb&uBN!Ja3UzYHK-CTyA5=L zEMW{l3Usky#ly=7px648W31UNV@K)&Ub&zP1c7%)`{);I4b0Q<)B}3;NMG2JH=X$U zfIW4)4n9ZM`-yRj67I)YSLDK)qfUJ_ij}a#aZN~9EXrh8eZY2&=uY%2N0UFF7<~%M zsB8=erOWZ>Ct_#^tHZ|*q`H;A)5;ycw*IcmVxi8_0Xk}aJA^ath+E;xg!x+As(M#0=)3!NJR6H&9+zd#iP(m0PIW8$ z1Y^VX`>jm`W!=WpF*{ioM?C9`yOR>@0q=u7o>BP-eSHqCgMDj!2anwH?s%i2p+Q7D zzszIf5XJpE)IG4;d_(La-xenmF(tgAxK`Y4sQ}BSJEPs6N_U2vI{8=0C_F?@7<(G; zo$~G=8p+076G;`}>{MQ>t>7cm=zGtfbdDXm6||jUU|?X?CaE?(<6bKDYKeHlz}DA8 zXT={X=yp_R;HfJ9h%?eWvQ!dRgz&Su*JfNt!Wu>|XfU&68iRikRrHRW|ZxzRR^`eIGt zIeiDgVS>IeExKVRWW8-=A=yA`}`)ZkWBrZD`hpWIxBGkh&f#ijr449~m`j6{4jiJ*C!oVA8ZC?$1RM#K(_b zL9TW)kN*Y4%^-qPpMP7d4)o?Nk#>aoYHT(*g)qmRUb?**F@pnNiy6Fv9rEiUqD(^O zzyS?nBrX63BTRYduaG(0VVG2yJRe%o&rVrLjbxTaAFTd8s;<<@Qs>u(<193R8>}2_ zuwp{7;H2a*X7_jryzriZXMg?bTuegABb^87@SsKkr2)0Gyiax8KQWstw^v#ix45EVrcEhr>!NMhprl$InQMzjSFH54x5k9qHc`@9uKQzvL4ihcq{^B zPrVR=o_ic%Y>6&rMN)hTZsI7I<3&`#(nl+3y3ys9A~&^=4?PL&nd8)`OfG#n zwAMN$1&>K++c{^|7<4P=2y(B{jJsQ0a#U;HTo4ZmWZYvI{+s;Td{Yzem%0*k#)vjpB zia;J&>}ICate44SFYY3vEelqStQWFihx%^vQ@Do(sOy7yR2@WNv7Y9I^yL=nZr3mb zXKV5t@=?-Sk|b{XMhA7ZGB@2hqsx}4xwCW!in#C zI@}scZlr3-NFJ@NFaJlhyfcw{k^vvtGl`N9xSo**rDW4S}i zM9{fMPWo%4wYDG~BZ18BD+}h|GQKc-g^{++3MY>}W_uq7jGHx{mwE9fZiPCoxN$+7 zrODGGJrOkcPQUB(FD5aoS4g~7#6NR^ma7-!>mHuJfY5kTe6PpNNKC9GGRiu^L31uG z$7v`*JknQHsYB!Tm_W{a32TM099djW%5e+j0Ve_ct}IM>XLF1Ap+YvcrLV=|CKo6S zb+9Nl3_YdKP6%Cxy@6TxZ>;4&nTneadr z_ES90ydCev)LV!dN=#(*f}|ZORFdvkYBni^aLbUk>BajeWIOcmHP#8S)*2U~QKI%S zyrLmtPqb&TphJ;>yAxri#;{uyk`JJqODDw%(Z=2`1uc}br^V%>j!gS)D*q*f_-qf8&D;W1dJgQMlaH5er zN2U<%Smb7==vE}dDI8K7cKz!vs^73o9f>2sgiTzWcwY|BMYHH5%Vn7#kiw&eItCqa zIkR2~Q}>X=Ar8W|^Ms41Fm8o6IB2_j60eOeBB1Br!boW7JnoeX6Gs)?7rW0^5psc- zjS16yb>dFn>KPOF;imD}e!enuIniFzv}n$m2#gCCv4jM#ArwlzZ$7@9&XkFxZ4n!V zj3dyiwW4Ki2QG{@i>yuZXQizw_OkZI^-3otXC{!(lUpJF33gI60ak;Uqitp74|B6I zgg{b=Iz}WkhCGj1M=hu4#Aw173YxIVbISaoc z-nLZC*6Tgivd5V`K%GxhBsp@SUU60-rfc$=wb>zdJzXS&-5(NRRodFk;Kxk!S(O(a0e7oY=E( zAyS;Ow?6Q&XA+cnkCb{28_1N8H#?J!*$MmIwLq^*T_9-z^&UE@A(z9oGYtFy6EZef LrJugUA?W`A8`#=m literal 0 HcmV?d00001 diff --git a/example-x402/src/globals.css b/example-x402/src/globals.css new file mode 100644 index 00000000..0f4e93b6 --- /dev/null +++ b/example-x402/src/globals.css @@ -0,0 +1,19 @@ +@import 'tailwindcss'; + +:root { + --foreground-rgb: 0, 0, 0; + --background-rgb: 255, 255, 255; +} + +@media (prefers-color-scheme: dark) { + :root { + --foreground-rgb: 255, 255, 255; + --background-rgb: 10, 10, 10; + } +} + +body { + color: rgb(var(--foreground-rgb)); + background: rgb(var(--background-rgb)); + font-family: system-ui, -apple-system, sans-serif; +} diff --git a/example-x402/src/main.tsx b/example-x402/src/main.tsx new file mode 100644 index 00000000..d9869470 --- /dev/null +++ b/example-x402/src/main.tsx @@ -0,0 +1,87 @@ +// Spiceflow + x402 example. +// +// Shape: +// app (root) +// ├── serveStatic('/public') +// ├── layout '/*' — RSC layout +// ├── page '/' — RSC page with a client component +// └── use(paidApp) +// paidApp (sub-app) +// ├── use(x402({...})) ← only applies to routes on paidApp +// └── get '/paid' → () => ({ foo: 'bar' }) +// +// Request flow: +// GET / → rootApp.page('/'), no x402 middleware in chain, renders HTML +// GET /paid → paidApp.get('/paid'), x402 middleware enforces payment +import './globals.css' +import { Spiceflow, serveStatic } from 'spiceflow' +import { Head, Link } from 'spiceflow/react' +import Stripe from 'stripe' +import { x402, stripeDepositAddress } from './x402-middleware.js' +import { PaidData } from './paid-data.js' + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY ?? 'sk_test_placeholder') + +// Sub-app that owns every x402-protected route. Middleware registered on +// paidApp only runs for routes defined on paidApp (see +// getAppsInScope in spiceflow.tsx), so `/` below is untouched. +export const paidApp = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', // Base Sepolia + facilitatorUrl: + process.env.FACILITATOR_URL ?? 'https://www.x402.org/facilitator', + payTo: stripeDepositAddress({ stripe, network: 'base' }), + }), + ) + .get('/paid', () => ({ foo: 'bar' })) + +export const app = new Spiceflow() + .use(serveStatic({ root: './public' })) + .use(paidApp) + .layout('/*', ({ children }) => ( + {children} + )) + .page('/', function Home() { + return ( +
+

x402 + spiceflow

+

+ /paid is protected by the x402 + payment protocol. Each call costs $0.01, settled on + Base Sepolia, with a fresh deposit address minted via Stripe. +

+ +
+

+ Hit it directly to see the 402 challenge:{' '} + + /paid + +

+

+ Or from a shell:{' '} + curl -i http://localhost:3000/paid +

+
+
+ ) + }) + +function RootLayout({ children }: { children: React.ReactNode }) { + return ( + + + x402 + spiceflow + + {children} + + ) +} + +void app.listen(Number(process.env.PORT || 3000)) + +declare module 'spiceflow/react' { + interface SpiceflowRegister { app: typeof app } +} diff --git a/example-x402/src/paid-data.tsx b/example-x402/src/paid-data.tsx new file mode 100644 index 00000000..3a11a2eb --- /dev/null +++ b/example-x402/src/paid-data.tsx @@ -0,0 +1,90 @@ +'use client' + +// Client component that demonstrates the x402 handshake from the browser. +// The first fetch gets a 402 with the payment challenge; the real "agent" +// flow would then sign an on-chain payment and retry with an x-payment +// header. We just show the challenge body so you can see it. +import { useState } from 'react' + +interface Challenge { + x402Version: number + error: string + accepts: Array<{ + scheme: string + network: string + payTo: string + amount: string + asset?: string + }> +} + +export function PaidData() { + const [state, setState] = useState< + | { kind: 'idle' } + | { kind: 'loading' } + | { kind: 'challenge'; status: number; body: Challenge } + | { kind: 'paid'; body: unknown } + | { kind: 'error'; message: string } + >({ kind: 'idle' }) + + return ( +
+
+ + status: {state.kind} +
+ + {state.kind === 'challenge' && ( +
+ + {state.status} Payment Required — {state.body.error} + + 
+            {JSON.stringify(state.body.accepts, null, 2)}
+
+

+ An x402 client would sign an on-chain payment to{' '} + payTo and retry with an x-payment header. +

+
+ )} + + {state.kind === 'paid' && ( + 
+          {JSON.stringify(state.body, null, 2)}
+
+ )} + + {state.kind === 'error' && ( + {state.message} + )} +
+ ) +} diff --git a/example-x402/src/x402-middleware.test.ts b/example-x402/src/x402-middleware.test.ts new file mode 100644 index 00000000..e9116b6b --- /dev/null +++ b/example-x402/src/x402-middleware.test.ts @@ -0,0 +1,259 @@ +// Tests for the x402() spiceflow middleware. +// +// We inject a plain object that matches the narrow X402Server interface via +// the `server` option on x402(). No type assertions, no vi.mock, no +// facilitator network calls. +import { describe, expect, test } from 'vitest' +import { Spiceflow } from 'spiceflow' +import type { + PaymentPayload, + PaymentRequirements, + VerifyResponse, + SettleResponse, +} from '@x402/core/types' +import { x402, type X402Server } from './x402-middleware.js' + +const reqs: PaymentRequirements[] = [ + { + scheme: 'exact', + network: 'eip155:84532', + amount: '10000', + asset: '0xUSDCSepoliaAsset', + payTo: '0xFakeRecipient', + maxTimeoutSeconds: 300, + extra: {}, + }, +] + +interface FakeConfig { + verify?: VerifyResponse + settle?: SettleResponse + match?: boolean +} + +function fakeServer(cfg: FakeConfig = {}): X402Server & { + calls: { build: number; verify: number; settle: number } +} { + const calls = { build: 0, verify: 0, settle: 0 } + return { + calls, + buildPaymentRequirements: async () => { + calls.build++ + return reqs + }, + findMatchingRequirements: (available) => + cfg.match === false ? undefined : available[0], + verifyPayment: async () => { + calls.verify++ + return cfg.verify ?? { isValid: true } + }, + settlePayment: async () => { + calls.settle++ + return ( + cfg.settle ?? { + success: true, + transaction: '0xabc', + network: 'eip155:84532', + } + ) + }, + } +} + +function makeApp(cfg: FakeConfig = {}) { + return new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: '0xFakeRecipient', + server: fakeServer(cfg), + }), + ) + .get('/paid', () => ({ foo: 'bar' })) +} + +function validPaymentHeader(): string { + // Minimal base64-encoded payload that findMatchingRequirements will + // accept when the fake returns reqs[0]. Shape is not validated by the + // fake server — we only need decode to succeed. + const payload: PaymentPayload = { + x402Version: 2, + accepted: reqs[0]!, + payload: { + signature: '0xdeadbeef', + authorization: { + from: '0xpayer', + to: '0xFakeRecipient', + value: '10000', + validAfter: '0', + validBefore: '9999999999', + nonce: '0x00', + }, + }, + } + return Buffer.from(JSON.stringify(payload)).toString('base64') +} + +describe('x402 middleware', () => { + test('no payment header → 402 with challenge body', async () => { + const app = makeApp() + const res = await app.handle(new Request('http://localhost/paid')) + expect(res.status).toBe(402) + expect(res.headers.get('www-authenticate')).toBe('x402 scheme="exact"') + const body = await res.json() + expect(body.error).toBe('Payment required') + expect(body.x402Version).toBe(2) + expect(body.resource.url).toBe('/paid') + expect(body.accepts).toHaveLength(1) + expect(body.accepts[0]!.scheme).toBe('exact') + }) + + test('unparseable payment header → 402 with decode error', async () => { + const app = makeApp() + const res = await app.handle( + new Request('http://localhost/paid', { + headers: { 'x-payment': '!!!not-base64!!!' }, + }), + ) + expect(res.status).toBe(402) + const body = await res.json() + expect(body.error).toContain('decode payment header') + }) + + test('valid payment, verify succeeds, settle succeeds → 200 with receipt', async () => { + const app = makeApp() + const res = await app.handle( + new Request('http://localhost/paid', { + headers: { 'x-payment': validPaymentHeader() }, + }), + ) + expect(res.status).toBe(200) + expect(await res.json()).toEqual({ foo: 'bar' }) + const receipt = res.headers.get('x-payment-response') + expect(typeof receipt).toBe('string') + expect(receipt!.length).toBeGreaterThan(0) + }) + + test('verify fails → 402 with reason, handler never runs', async () => { + let handlerCalls = 0 + const app = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: '0xFakeRecipient', + server: fakeServer({ + verify: { isValid: false, invalidReason: 'insufficient_funds' }, + }), + }), + ) + .get('/paid', () => { + handlerCalls++ + return { foo: 'bar' } + }) + const res = await app.handle( + new Request('http://localhost/paid', { + headers: { 'x-payment': validPaymentHeader() }, + }), + ) + expect(res.status).toBe(402) + const body = await res.json() + expect(body.error).toBe('insufficient_funds') + expect(handlerCalls).toBe(0) + }) + + test('no matching requirements → 402', async () => { + const app = makeApp({ match: false }) + const res = await app.handle( + new Request('http://localhost/paid', { + headers: { 'x-payment': validPaymentHeader() }, + }), + ) + expect(res.status).toBe(402) + const body = await res.json() + expect(body.error).toBe('No matching payment requirements') + }) + + test('handler errors after verify → settle is skipped, error passes through', async () => { + const server = fakeServer() + const app = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: '0xFakeRecipient', + server, + }), + ) + .get('/paid', () => { + return new Response('boom', { status: 500 }) + }) + const res = await app.handle( + new Request('http://localhost/paid', { + headers: { 'x-payment': validPaymentHeader() }, + }), + ) + expect(res.status).toBe(500) + expect(server.calls.settle).toBe(0) + }) + + test('dynamic payTo resolver is called with the middleware context', async () => { + let receivedPath: string | undefined + const app = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: (ctx) => { + receivedPath = new URL(ctx.request.url).pathname + return '0xDynamicRecipient' + }, + server: fakeServer(), + }), + ) + .get('/paid', () => ({ foo: 'bar' })) + const res = await app.handle(new Request('http://localhost/paid')) + expect(res.status).toBe(402) + expect(receivedPath).toBe('/paid') + }) + + test('routes outside the paidApp sub-app are not gated', async () => { + const paid = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: '0xFakeRecipient', + server: fakeServer(), + }), + ) + .get('/paid', () => ({ foo: 'bar' })) + + const root = new Spiceflow().get('/free', () => ({ ok: true })).use(paid) + + const free = await root.handle(new Request('http://localhost/free')) + expect(free.status).toBe(200) + expect(await free.json()).toEqual({ ok: true }) + + const paidRes = await root.handle(new Request('http://localhost/paid')) + expect(paidRes.status).toBe(402) + }) + + test('payTo resolver returning an Error → 500 with error message', async () => { + const app = new Spiceflow() + .use( + x402({ + price: '$0.01', + network: 'eip155:84532', + payTo: () => new Error('wallet is offline'), + server: fakeServer(), + }), + ) + .get('/paid', () => ({ foo: 'bar' })) + const res = await app.handle(new Request('http://localhost/paid')) + expect(res.status).toBe(500) + const body = await res.json() + expect(body.error).toContain('wallet is offline') + }) +}) diff --git a/example-x402/src/x402-middleware.ts b/example-x402/src/x402-middleware.ts new file mode 100644 index 00000000..f5ba5d58 --- /dev/null +++ b/example-x402/src/x402-middleware.ts @@ -0,0 +1,460 @@ +// Small spiceflow middleware that protects a sub-app with the x402 payment +// protocol. Lives inside the example (not spiceflow core) on purpose: it is +// ~250 lines and only depends on @x402/core, which makes it easy to read +// top-to-bottom as a reference implementation. +// +// Compared to @x402/hono's paymentMiddleware (~380 lines + a 1000-line +// x402HTTPResourceServer wrapper), this skips: +// - its own route matcher (spiceflow's trie router already matched) +// - HTML paywall generation (@x402/paywall) +// - dynamic bazaar extension loading +// - the Hono context adapter (we use web-standard Request directly) +// - settlement-overrides header magic +// +// Scoping is done by mounting a sub-app via `app.use(paidSubApp)`. Any route +// defined on the sub-app runs through this middleware; routes on the parent +// app do not. +// +// Error handling follows the `errore` pattern (errors as values via +// `Error | T` unions and `instanceof Error` narrowing). The middleware +// returns a Response directly for every failure mode so callers never need +// to handle thrown errors. + +import { + x402ResourceServer, + HTTPFacilitatorClient, + type FacilitatorClient, +} from '@x402/core/server' +import { + decodePaymentSignatureHeader, + encodePaymentResponseHeader, +} from '@x402/core/http' +import type { + PaymentPayload, + PaymentRequirements, + Network, + Price, +} from '@x402/core/types' +import type { VerifyResponse, SettleResponse } from '@x402/core/types' +import type { ResourceConfig } from '@x402/core/server' +import { ExactEvmScheme } from '@x402/evm/exact/server' +import type { MiddlewareHandler } from 'spiceflow' +import NodeCache from 'node-cache' +import type Stripe from 'stripe' +import * as errore from 'errore' + +type Ctx = Parameters[0] + +// ----------------------------------------------------------------------------- +// Domain errors +// ----------------------------------------------------------------------------- + +export class X402ConfigError extends errore.createTaggedError({ + name: 'X402ConfigError', + message: 'x402 configuration error: $reason', +}) {} + +export class X402VerifyError extends errore.createTaggedError({ + name: 'X402VerifyError', + message: 'x402 verify failed: $reason', +}) {} + +export class X402SettleError extends errore.createTaggedError({ + name: 'X402SettleError', + message: 'x402 settle failed: $reason', +}) {} + +export class X402PayToError extends errore.createTaggedError({ + name: 'X402PayToError', + message: 'Could not resolve payTo address: $reason', +}) {} + +export class StripeDepositError extends errore.createTaggedError({ + name: 'StripeDepositError', + message: 'Stripe deposit address error: $reason', +}) {} + +// ----------------------------------------------------------------------------- +// Narrow interface for the resource server +// ----------------------------------------------------------------------------- +// +// Declaring only the methods the middleware uses means: +// 1. Tests pass a plain object literal with these methods — no type +// assertions, no vi.mock, no fancy test doubles. +// 2. The middleware is explicit about which parts of @x402/core it depends +// on, so upstream API changes show up as type errors in one place. +// 3. `x402ResourceServer` satisfies this interface structurally, so +// production usage needs no adapter. +export interface X402Server { + buildPaymentRequirements( + config: ResourceConfig, + ): Promise + findMatchingRequirements( + availableRequirements: PaymentRequirements[], + paymentPayload: PaymentPayload, + ): PaymentRequirements | undefined + verifyPayment( + paymentPayload: PaymentPayload, + requirements: PaymentRequirements, + ): Promise + settlePayment( + paymentPayload: PaymentPayload, + requirements: PaymentRequirements, + ): Promise +} + +// ----------------------------------------------------------------------------- +// Middleware +// ----------------------------------------------------------------------------- + +/** Resolver that returns a payTo address, or an Error if it can't. */ +export type PayToResolver = ( + ctx: Ctx, +) => Promise | string | Error + +export interface X402Options { + /** USD price per request, e.g. `"$0.01"`. */ + price: Price + /** CAIP-2 network id, e.g. `"eip155:84532"` for Base Sepolia. */ + network: Network + /** + * Recipient address. Either a literal string, or a resolver that returns + * the address (or an Error). Use `stripeDepositAddress()` to mint a fresh + * Stripe-custody address per request. + */ + payTo: string | PayToResolver + /** Defaults to `https://www.x402.org/facilitator`. */ + facilitatorUrl?: string + /** Defaults to `"exact"`. */ + scheme?: string + /** + * Escape hatch for tests: inject a fake (or custom) resource server + * instead of lazily building one. + */ + server?: X402Server +} + +/** + * Create a spiceflow middleware that enforces an x402 payment on every + * request that reaches it. Mount it on a sub-app to scope which routes + * it protects. + * + * ```ts + * const paidApp = new Spiceflow() + * .use(x402({ price: '$0.01', network: 'eip155:84532', payTo: '0x...' })) + * .get('/paid', () => ({ foo: 'bar' })) + * + * const app = new Spiceflow().use(paidApp) + * ``` + */ +export function x402(options: X402Options): MiddlewareHandler { + const scheme = options.scheme ?? 'exact' + const facilitatorUrl = + options.facilitatorUrl ?? 'https://www.x402.org/facilitator' + + // Lazy singleton: the first request to this middleware constructs and + // initializes the resource server. initialize() fetches the facilitator's + // supported schemes/networks over HTTP, which we can't do at module load. + let server: X402Server | null = options.server ?? null + let initPromise: Promise | null = null + + const getServer = async (): Promise => { + if (server) return server + if (!initPromise) { + initPromise = (async () => { + const client: FacilitatorClient = new HTTPFacilitatorClient({ + url: facilitatorUrl, + }) + const fresh = new x402ResourceServer(client).register( + options.network, + new ExactEvmScheme(), + ) + const init = await fresh.initialize().then( + () => fresh, + (e) => new X402ConfigError({ reason: 'initialize', cause: e }), + ) + if (init instanceof Error) return init + server = init + return init + })() + } + return initPromise + } + + return async (ctx, next) => { + const { request } = ctx + const resource = new URL(request.url).pathname + + const resourceServer = await getServer() + if (resourceServer instanceof Error) { + return serverError(resourceServer) + } + + const payTo = await resolvePayTo(options.payTo, ctx) + if (payTo instanceof Error) return serverError(payTo) + + const requirements = await resourceServer + .buildPaymentRequirements({ + scheme, + network: options.network, + payTo, + price: options.price, + }) + .catch( + (e) => + new X402ConfigError({ reason: 'buildPaymentRequirements', cause: e }), + ) + if (requirements instanceof Error) return serverError(requirements) + + const header = + request.headers.get('x-payment') ?? + request.headers.get('payment-signature') + + if (!header) { + return paymentRequired({ + error: 'Payment required', + requirements, + resource, + }) + } + + const payload = errore.try({ + try: () => decodePaymentSignatureHeader(header), + catch: (e) => + new X402VerifyError({ reason: 'decode payment header', cause: e }), + }) + if (payload instanceof Error) { + return paymentRequired({ + error: payload.message, + requirements, + resource, + }) + } + + const match = resourceServer.findMatchingRequirements(requirements, payload) + if (!match) { + return paymentRequired({ + error: 'No matching payment requirements', + requirements, + resource, + }) + } + + const verify = await resourceServer + .verifyPayment(payload, match) + .catch( + (e) => new X402VerifyError({ reason: 'verifyPayment', cause: e }), + ) + if (verify instanceof Error) { + return paymentRequired({ + error: verify.message, + requirements, + resource, + }) + } + if (!verify.isValid) { + return paymentRequired({ + error: verify.invalidReason ?? 'Invalid payment', + requirements, + resource, + }) + } + + // Payment is verified, run the real handler. + const res = await next() + // If the handler errored, skip settlement — the client should not be + // charged for a failed response. + if (!res || res.status >= 400) return res + + const settle = await resourceServer + .settlePayment(payload, match) + .catch( + (e) => new X402SettleError({ reason: 'settlePayment', cause: e }), + ) + if (settle instanceof Error) { + return new Response( + JSON.stringify({ error: 'settlement failed', reason: settle.message }), + { status: 402, headers: { 'content-type': 'application/json' } }, + ) + } + if (!settle.success) { + return new Response( + JSON.stringify({ + error: 'settlement failed', + reason: settle.errorReason, + }), + { status: 402, headers: { 'content-type': 'application/json' } }, + ) + } + + // Attach the signed settlement receipt so the client can verify on-chain. + res.headers.set('x-payment-response', encodePaymentResponseHeader(settle)) + return res + } +} + +async function resolvePayTo( + payTo: string | PayToResolver, + ctx: Ctx, +): Promise { + if (typeof payTo === 'string') return payTo + const result = await payTo(ctx) + if (result instanceof Error) { + return new X402PayToError({ reason: result.message, cause: result }) + } + return result +} + +function paymentRequired({ + error, + requirements, + resource, +}: { + error: string + requirements: PaymentRequirements[] + resource: string +}): Response { + const body = { + x402Version: 2, + error, + resource: { url: resource, description: '', mimeType: 'application/json' }, + accepts: requirements, + } + return new Response(JSON.stringify(body), { + status: 402, + headers: { + 'content-type': 'application/json', + 'www-authenticate': `x402 scheme="${requirements[0]?.scheme ?? 'exact'}"`, + }, + }) +} + +function serverError(err: Error): Response { + console.error('[x402 middleware]', err) + return new Response(JSON.stringify({ error: err.message }), { + status: 500, + headers: { 'content-type': 'application/json' }, + }) +} + +// ----------------------------------------------------------------------------- +// Stripe-backed payTo resolver +// ----------------------------------------------------------------------------- + +export interface StripeDepositAddressOptions { + stripe: Stripe + /** `"base"` for Base (Sepolia) or `"tempo"` for Stripe's Tempo network. */ + network: 'base' | 'tempo' + /** + * Nominal deposit amount quoted to Stripe when minting the address. + * The underlying crypto deposit address is pre-funded; the actual per-call + * price is enforced by x402. Defaults to $100. + */ + amountUsd?: number + /** Address cache TTL in seconds. Defaults to 5 minutes. */ + ttlSeconds?: number +} + +// readField pulls a field off an unknown value without type assertions or +// `in` operator checks. Returns undefined if the value isn't an object or +// the field doesn't exist. This is the narrowing primitive used to walk +// loosely-typed objects from Stripe and x402 payment payloads. +function readField(value: unknown, key: string): unknown { + if (typeof value !== 'object' || value === null) return undefined + return Reflect.get(value, key) +} + +// The Stripe SDK types don't yet include the preview crypto deposit fields, +// so we walk pi.next_action via readField and pull the address out by name. +function toCryptoDepositAddress( + nextAction: unknown, + network: string, +): string | null { + const details = readField(nextAction, 'crypto_display_details') + const addresses = readField(details, 'deposit_addresses') + const entry = readField(addresses, network) + const address = readField(entry, 'address') + return typeof address === 'string' ? address : null +} + +function extractRecipient(payload: PaymentPayload): string | null { + // EVM "exact" scheme: recipient lives at payload.payload.authorization.to. + const to = readField(readField(payload.payload, 'authorization'), 'to') + return typeof to === 'string' ? to : null +} + +/** + * Returns a payTo resolver that asks Stripe for a fresh crypto deposit + * address on first hit, then re-uses it while the client retries with its + * signed payment. Mirrors the `createPayToAddress` helper from + * `stripe-samples/machine-payments` but scoped to a closure so the cache + * and Stripe client are encapsulated. + */ +export function stripeDepositAddress( + options: StripeDepositAddressOptions, +): PayToResolver { + const cache = new NodeCache({ stdTTL: options.ttlSeconds ?? 300 }) + const amountUsd = options.amountUsd ?? 100 + + return async ({ request }) => { + // Retry branch: the client attached an authorization header. Verify + // the recipient address came from us (i.e. is in cache) to prevent a + // forged credential from redirecting settlement elsewhere. + const paymentHeader = request.headers.get('x-payment') + if (paymentHeader) { + const payload = errore.try({ + try: () => decodePaymentSignatureHeader(paymentHeader), + catch: (e) => + new StripeDepositError({ + reason: 'decode payment header', + cause: e, + }), + }) + if (payload instanceof Error) return payload + + const to = extractRecipient(payload)?.toLowerCase() ?? null + if (to === null || !cache.has(to)) { + return new StripeDepositError({ + reason: 'payTo address not present in server cache', + }) + } + return to + } + + // Fresh-address branch: mint a new deposit address via Stripe. + // The `mode: 'deposit'` and `deposit_options` fields on payment_method_ + // options.crypto are part of a preview API that isn't in the Stripe SDK's + // types yet, so we use @ts-expect-error for the one offending call + // instead of leaking `as any` assertions through the codebase. + const pi = await options.stripe.paymentIntents + .create({ + amount: amountUsd * 100 * 10_000, + currency: 'usd', + payment_method_types: ['crypto'], + payment_method_data: { type: 'crypto' }, + payment_method_options: { + crypto: { + // @ts-expect-error Stripe crypto deposit preview API not in SDK types + mode: 'deposit', + deposit_options: { networks: [options.network] }, + }, + }, + confirm: true, + }) + .catch( + (e) => + new StripeDepositError({ reason: 'paymentIntents.create', cause: e }), + ) + if (pi instanceof Error) return pi + + const address = toCryptoDepositAddress(pi.next_action, options.network) + if (address === null) { + return new StripeDepositError({ + reason: `no deposit address for network "${options.network}"`, + }) + } + const lower = address.toLowerCase() + cache.set(lower, true) + return lower + } +} diff --git a/example-x402/tsconfig.json b/example-x402/tsconfig.json new file mode 100644 index 00000000..4620fa4a --- /dev/null +++ b/example-x402/tsconfig.json @@ -0,0 +1,21 @@ +{ + "compilerOptions": { + "rootDir": "src", + "outDir": "dist", + "target": "ESNext", + "lib": ["ESNext", "DOM", "DOM.Iterable"], + "module": "ESNext", + "moduleResolution": "Bundler", + "allowImportingTsExtensions": true, + "rewriteRelativeImportExtensions": true, + "declaration": true, + "declarationMap": true, + "strict": true, + "noImplicitAny": false, + "skipLibCheck": true, + "isolatedModules": true, + "jsx": "react-jsx", + "types": ["vite/client", "node"] + }, + "include": ["src"] +} diff --git a/example-x402/vite.config.ts b/example-x402/vite.config.ts new file mode 100644 index 00000000..5273d3e6 --- /dev/null +++ b/example-x402/vite.config.ts @@ -0,0 +1,15 @@ +import { defineConfig } from 'vite' +import react from '@vitejs/plugin-react' +import spiceflow from 'spiceflow/vite' +import tailwindcss from '@tailwindcss/vite' + +export default defineConfig({ + clearScreen: false, + plugins: [ + spiceflow({ + entry: './src/main.tsx', + }), + react(), + tailwindcss(), + ], +}) diff --git a/example-x402/vitest.config.ts b/example-x402/vitest.config.ts new file mode 100644 index 00000000..2b1c323f --- /dev/null +++ b/example-x402/vitest.config.ts @@ -0,0 +1,7 @@ +import { defineConfig } from 'vitest/config' + +export default defineConfig({ + test: { + environment: 'node', + }, +})