mpay 0.2.0

Machine Payment Protocol - Rust library for Web Payment Auth
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245

//! Payment handler that binds method, realm, and secret_key.
//!
//! This module provides the [`Mpay`] struct which wraps a payment method
//! with server configuration for stateless challenge verification.
//!
//! # Example
//!
//! ```ignore
//! use mpay::server::{Mpay, tempo_provider, TempoChargeMethod};
//!
//! let provider = tempo_provider("https://rpc.moderato.tempo.xyz")?;
//! let method = TempoChargeMethod::new(provider);
//!
//! let payment = Mpay::new(method, "api.example.com", "my-server-secret");
//!
//! // Generate a challenge (no credential provided)
//! let challenge = payment.charge_challenge("1000000", "0x...", "0x...")?;
//!
//! // Verify a credential
//! let receipt = payment.verify(&credential, &request).await?;
//! ```

use crate::error::Result;
use crate::protocol::core::{PaymentChallenge, PaymentCredential, Receipt};
use crate::protocol::intents::ChargeRequest;
use crate::protocol::traits::{ChargeMethod, VerificationError};

/// Server-side payment handler.
///
/// Binds a payment method with realm and secret_key for stateless
/// challenge verification.
///
/// # Type Parameters
///
/// * `M` - The payment method type (must implement [`ChargeMethod`])
///
/// # Example
///
/// ```ignore
/// use mpay::server::{Mpay, tempo_provider, TempoChargeMethod};
///
/// let provider = tempo_provider("https://rpc.moderato.tempo.xyz")?;
/// let method = TempoChargeMethod::new(provider);
///
/// let payment = Mpay::new(method, "api.example.com", "my-server-secret");
///
/// // In your request handler:
/// let challenge = payment.charge_challenge("1000000", "0x...", "0x...")?;
///
/// // Return 402 with WWW-Authenticate header
/// let header = challenge.to_www_authenticate()?;
/// ```
#[derive(Clone)]
pub struct Mpay<M> {
    method: M,
    realm: String,
    secret_key: String,
}

impl<M> Mpay<M>
where
    M: ChargeMethod,
{
    /// Create a new payment handler.
    ///
    /// # Arguments
    ///
    /// * `method` - Payment method (e.g., `TempoChargeMethod`)
    /// * `realm` - Server realm for WWW-Authenticate header
    /// * `secret_key` - Server secret for HMAC-bound challenge IDs.
    ///   Enables stateless challenge verification.
    pub fn new(method: M, realm: impl Into<String>, secret_key: impl Into<String>) -> Self {
        Self {
            method,
            realm: realm.into(),
            secret_key: secret_key.into(),
        }
    }

    /// Get the realm.
    pub fn realm(&self) -> &str {
        &self.realm
    }

    /// Get the method name.
    pub fn method_name(&self) -> &str {
        self.method.method()
    }

    /// Generate a charge challenge with minimal parameters.
    ///
    /// Creates a payment challenge with an HMAC-bound ID for stateless
    /// verification. The client will echo this challenge back with their
    /// credential, and the server can verify it without storing state.
    ///
    /// # Arguments
    ///
    /// * `amount` - Amount in atomic units (e.g., "1000000" for 1 USDC)
    /// * `currency` - Token address
    /// * `recipient` - Recipient address
    ///
    /// # Example
    ///
    /// ```ignore
    /// let challenge = payment.charge_challenge(
    ///     "1000000",
    ///     "0x20c0000000000000000000000000000000000001",
    ///     "0x742d35Cc6634C0532925a3b844Bc9e7595f1B0F2",
    /// )?;
    /// ```
    #[cfg(feature = "tempo")]
    pub fn charge_challenge(
        &self,
        amount: &str,
        currency: &str,
        recipient: &str,
    ) -> Result<PaymentChallenge> {
        crate::protocol::methods::tempo::charge_challenge(
            &self.secret_key,
            &self.realm,
            amount,
            currency,
            recipient,
        )
    }

    /// Generate a charge challenge with full options.
    ///
    /// Use this when you need more control over the challenge, such as:
    /// - Fee sponsorship (`feePayer: true` in method_details)
    /// - Custom expiration times
    /// - Descriptions or external IDs
    ///
    /// # Arguments
    ///
    /// * `request` - A fully configured [`ChargeRequest`]
    /// * `expires` - Optional challenge expiration (ISO 8601)
    /// * `description` - Optional human-readable description
    #[cfg(feature = "tempo")]
    pub fn charge_challenge_with_options(
        &self,
        request: &ChargeRequest,
        expires: Option<&str>,
        description: Option<&str>,
    ) -> Result<PaymentChallenge> {
        crate::protocol::methods::tempo::charge_challenge_with_options(
            &self.secret_key,
            &self.realm,
            request,
            expires,
            description,
        )
    }

    /// Verify a charge credential.
    ///
    /// Validates the credential against the request and returns a receipt
    /// on success.
    ///
    /// # Arguments
    ///
    /// * `credential` - The payment credential from the client
    /// * `request` - The charge request parameters
    ///
    /// # Returns
    ///
    /// * `Ok(Receipt)` - Payment was verified successfully
    /// * `Err(VerificationError)` - Verification failed
    pub async fn verify(
        &self,
        credential: &PaymentCredential,
        request: &ChargeRequest,
    ) -> std::result::Result<Receipt, VerificationError> {
        // Verify the challenge ID matches our HMAC
        #[cfg(feature = "tempo")]
        {
            let expected_id = crate::protocol::methods::tempo::generate_challenge_id(
                &self.secret_key,
                &self.realm,
                credential.challenge.method.as_str(),
                credential.challenge.intent.as_str(),
                &credential.challenge.request,
                credential.challenge.expires.as_deref(),
                credential.challenge.digest.as_deref(),
            );

            if credential.challenge.id != expected_id {
                return Err(VerificationError::new(
                    "Challenge ID mismatch - not issued by this server",
                ));
            }
        }

        self.method.verify(credential, request).await
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::future::Future;

    #[derive(Clone)]
    struct MockMethod;

    impl ChargeMethod for MockMethod {
        fn method(&self) -> &str {
            "mock"
        }

        fn verify(
            &self,
            _credential: &PaymentCredential,
            _request: &ChargeRequest,
        ) -> impl Future<Output = std::result::Result<Receipt, VerificationError>> + Send {
            async { Ok(Receipt::success("mock", "mock_ref")) }
        }
    }

    #[test]
    fn test_mpay_creation() {
        let payment = Mpay::new(MockMethod, "api.example.com", "secret");
        assert_eq!(payment.realm(), "api.example.com");
        assert_eq!(payment.method_name(), "mock");
    }

    #[cfg(feature = "tempo")]
    #[test]
    fn test_charge_challenge_generation() {
        let payment = Mpay::new(MockMethod, "api.example.com", "test-secret");
        let challenge = payment
            .charge_challenge(
                "1000000",
                "0x20c0000000000000000000000000000000000001",
                "0x742d35Cc6634C0532925a3b844Bc9e7595f1B0F2",
            )
            .unwrap();

        assert_eq!(challenge.realm, "api.example.com");
        assert_eq!(challenge.method.as_str(), "tempo");
        assert_eq!(challenge.intent.as_str(), "charge");
        // ID should be 43 chars (base64url SHA256)
        assert_eq!(challenge.id.len(), 43);
    }
}