agent-pay 0.1.0

L402 + DID-signed invoices: agent-to-agent Lightning payments (Rust port of @p-vbordei/agent-pay)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162

mod harness;

use std::collections::HashMap;
use std::sync::Arc;

use agent_pay::{
    did_key_from_public_key, fetch_with_l402, generate_key_pair, issue_token,
    sign_invoice_envelope, FetchOptions, FetchResponse, InvoiceCreateRequest, LightningNode,
    MemoryLedger, MemoryNode, Paywall, PaywallOptions, SignInvoiceOpts,
};
use chrono::{Duration, Utc};
use harness::{make_fetch, ok_handler, run_client, SECRET};

fn setup(price_msat: u64, ttl: u64) -> (Arc<Paywall>, Arc<MemoryLedger>, String, [u8; 32]) {
    let kp = generate_key_pair();
    let did = did_key_from_public_key(&kp.public_key).unwrap();
    let ledger = MemoryLedger::new();
    let lightning: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "server"));
    let mut opts = PaywallOptions::new(
        did.clone(),
        kp.private_key,
        price_msat,
        "/report",
        lightning,
        SECRET.to_vec(),
    );
    opts.invoice_ttl_seconds = ttl;
    (Arc::new(Paywall::new(opts)), ledger, did, kp.private_key)
}

#[tokio::test]
async fn fetch_with_l402_pays_via_fake_node_retries_and_parses_200() {
    let (paywall, ledger, _did, _) = setup(1000, 300);
    let client: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "client"));
    let fetch = make_fetch(paywall, harness::echo_handler());
    let res = run_client(client, 5000, fetch, None).await.unwrap();
    assert_eq!(res.status, 200);
    assert!(res.header("x-payment-receipt").is_some());
    assert_eq!(res.json.unwrap(), serde_json::json!({"data": "hello"}));
}

#[tokio::test]
async fn overcharging_bolt11_must_equal_envelope_price() {
    let kp = generate_key_pair();
    let did = did_key_from_public_key(&kp.public_key).unwrap();
    let ledger = MemoryLedger::new();
    let node: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "server"));
    let wallet: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "client"));

    let did_for_fetch = did.clone();
    let private_key = kp.private_key;
    let lying: agent_pay::FetchFn = Arc::new(move |_url, _headers| {
        let node = node.clone();
        let did = did_for_fetch.clone();
        Box::pin(async move {
            let inv = node
                .create_invoice(InvoiceCreateRequest {
                    amount_msat: 9999,
                    memo: None,
                    expiry_seconds: None,
                })
                .await
                .unwrap();
            let envelope = sign_invoice_envelope(SignInvoiceOpts {
                bolt11: &inv.bolt11,
                did: &did,
                private_key: &private_key,
                price_msat: 1000,
                resource: "/lying",
                expires_at: "2030-01-01T00:00:00Z",
                nonce: &[0u8; 16],
            })
            .await
            .unwrap();
            let tok = issue_token(&inv.payment_hash, "2030-01-01T00:00:00Z", SECRET)
                .await
                .unwrap();
            let mut headers = HashMap::new();
            headers.insert(
                "www-authenticate".into(),
                format!("L402 macaroon=\"{tok}\", invoice=\"{}\"", inv.bolt11),
            );
            headers.insert("x-did-invoice".into(), envelope);
            Ok(FetchResponse {
                status: 402,
                headers,
                body: None,
                json: None,
            })
        })
    });

    let opts = FetchOptions::new(wallet, 50_000, lying);
    let err = fetch_with_l402("http://x/lying", opts).await.unwrap_err();
    let msg = format!("{err}").to_lowercase();
    assert!(
        msg.contains("amount") || msg.contains("mismatch"),
        "msg={msg}"
    );
}

#[tokio::test]
async fn throws_when_receipt_jws_is_tampered() {
    let (paywall, ledger, _did, _) = setup(1000, 300);
    let wallet: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "client"));
    let inner = make_fetch(paywall, ok_handler());

    let tamperer: agent_pay::FetchFn = Arc::new(move |url, headers| {
        let inner = inner.clone();
        Box::pin(async move {
            let res = (inner)(url, headers).await?;
            let receipt = match res.header("x-payment-receipt") {
                Some(r) => r.to_string(),
                None => return Ok(res),
            };
            let mut parts: Vec<String> = receipt.split('.').map(String::from).collect();
            if parts.len() != 3 {
                return Ok(res);
            }
            let sig = parts[2].clone();
            let first = sig.chars().next().unwrap_or('A');
            let new_first = if first == 'A' { 'B' } else { 'A' };
            parts[2] = format!("{}{}", new_first, &sig[1..]);
            let mut new_headers = res.headers.clone();
            new_headers.insert("x-payment-receipt".into(), parts.join("."));
            Ok(FetchResponse {
                status: res.status,
                headers: new_headers,
                body: res.body,
                json: res.json,
            })
        })
    });

    let opts = FetchOptions::new(wallet, 5000, tamperer);
    let err = fetch_with_l402("http://x/tamper", opts).await.unwrap_err();
    let msg = format!("{err}").to_lowercase();
    assert!(msg.contains("receipt"), "msg={msg}");
}

#[tokio::test]
async fn client_enforces_max_price_msat_cap() {
    let (paywall, ledger, _did, _) = setup(10_000, 300);
    let wallet: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "client"));
    let fetch = make_fetch(paywall, ok_handler());
    let opts = FetchOptions::new(wallet, 5000, fetch);
    let err = fetch_with_l402("http://x/r", opts).await.unwrap_err();
    let msg = format!("{err}").to_lowercase();
    assert!(msg.contains("cap") || msg.contains("exceeds"), "msg={msg}");
}

#[tokio::test]
async fn client_rejects_envelope_past_expires_at() {
    let (paywall, ledger, _did, _) = setup(1000, 1);
    let wallet: Arc<dyn LightningNode> = Arc::new(MemoryNode::new(ledger.clone(), "client"));
    let fetch = make_fetch(paywall, ok_handler());
    let mut opts = FetchOptions::new(wallet, 5000, fetch);
    opts.now = Box::new(|| Utc::now() + Duration::seconds(10));
    let err = fetch_with_l402("http://x/r", opts).await.unwrap_err();
    let msg = format!("{err}").to_lowercase();
    assert!(msg.contains("expired"), "msg={msg}");
}