r402-http 0.13.0

HTTP transport layer for the x402 payment protocol.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381

//! Client-side x402 payment handling for reqwest.
//!
//! This module provides the [`X402Client`] which orchestrates scheme clients
//! and payment selection for automatic payment handling.

use std::sync::Arc;

use http::{Extensions, HeaderMap, StatusCode};
use r402::hooks::{FailureRecovery, HookDecision};
use r402::proto;
use r402::proto::Base64Bytes;
use r402::proto::v2;
use r402::scheme::{
    ClientError, FirstMatch, PaymentCandidate, PaymentPolicy, PaymentSelector, SchemeClient,
};
use reqwest::{Request, Response};
use reqwest_middleware as rqm;
#[cfg(feature = "telemetry")]
use tracing::{debug, info, instrument, trace};

use super::hooks::{ClientHooks, PaymentCreationContext};

/// The main x402 client that orchestrates scheme clients and selection.
///
/// The [`X402Client`] acts as middleware for reqwest, automatically handling
/// 402 Payment Required responses by extracting payment requirements, signing
/// payments, and retrying requests.
#[allow(
    missing_debug_implementations,
    reason = "ClientSchemes contains dyn trait objects"
)]
pub struct X402Client<TSelector> {
    schemes: ClientSchemes,
    selector: TSelector,
    policies: Vec<Arc<dyn PaymentPolicy>>,
    hooks: Arc<[Arc<dyn ClientHooks>]>,
}

impl X402Client<FirstMatch> {
    /// Creates a new [`X402Client`] with default settings.
    ///
    /// The default client uses [`FirstMatch`] payment selection, which selects
    /// the first matching payment scheme.
    #[must_use]
    pub fn new() -> Self {
        Self::default()
    }
}

impl Default for X402Client<FirstMatch> {
    fn default() -> Self {
        Self {
            schemes: ClientSchemes::default(),
            selector: FirstMatch,
            policies: Vec::new(),
            hooks: Arc::from([]),
        }
    }
}

impl<TSelector> X402Client<TSelector> {
    /// Registers a scheme client for specific chains or networks.
    ///
    /// Scheme clients handle the actual payment signing for specific protocols.
    /// You can register multiple clients for different chains or schemes.
    ///
    /// # Arguments
    ///
    /// * `scheme` - The scheme client implementation to register
    ///
    /// # Returns
    ///
    /// A new [`X402Client`] with the additional scheme registered.
    #[must_use]
    pub fn register<S>(mut self, scheme: S) -> Self
    where
        S: SchemeClient + 'static,
    {
        self.schemes.push(scheme);
        self
    }

    /// Sets a custom payment selector.
    ///
    /// By default, [`FirstMatch`] is used which selects the first matching scheme.
    /// You can implement custom selection logic by providing your own [`PaymentSelector`].
    pub fn with_selector<P: PaymentSelector + 'static>(self, selector: P) -> X402Client<P> {
        X402Client {
            selector,
            schemes: self.schemes,
            policies: self.policies,
            hooks: self.hooks,
        }
    }

    /// Adds a payment policy to the filtering pipeline.
    ///
    /// Policies are applied in registration order before the selector picks
    /// the final candidate. Use policies to restrict which networks, schemes,
    /// or amounts are acceptable.
    #[must_use]
    pub fn with_policy<P: PaymentPolicy + 'static>(mut self, policy: P) -> Self {
        self.policies.push(Arc::new(policy));
        self
    }

    /// Adds a lifecycle hook for payment creation.
    ///
    /// Hooks allow intercepting the payment creation pipeline for logging,
    /// custom validation, or error recovery. Multiple hooks are executed
    /// in registration order.
    #[must_use]
    pub fn with_hook(mut self, hook: impl ClientHooks + 'static) -> Self {
        let mut hooks = (*self.hooks).to_vec();
        hooks.push(Arc::new(hook));
        self.hooks = Arc::from(hooks);
        self
    }
}

impl<TSelector> X402Client<TSelector>
where
    TSelector: PaymentSelector,
{
    /// Creates payment headers from a 402 response.
    ///
    /// This method extracts the payment requirements from the response,
    /// selects the best payment option, signs the payment, and returns
    /// the appropriate headers to include in the retry request.
    ///
    /// # Arguments
    ///
    /// * `res` - The 402 Payment Required response
    ///
    /// # Returns
    ///
    /// A [`HeaderMap`] containing the payment signature header, or an error.
    ///
    /// # Errors
    ///
    /// Returns [`ClientError::ParseError`] if the response cannot be parsed.
    /// Returns [`ClientError::NoMatchingPaymentOption`] if no registered scheme
    /// can handle the payment requirements.
    ///
    /// # Panics
    ///
    /// Panics if the signed payload is not a valid HTTP header value.
    #[cfg_attr(
        feature = "telemetry",
        instrument(name = "x402.reqwest.make_payment_headers", skip_all, err)
    )]
    pub async fn make_payment_headers(&self, res: Response) -> Result<HeaderMap, ClientError> {
        let payment_required = parse_payment_required(res)
            .await
            .ok_or_else(|| ClientError::ParseError("Invalid 402 response".to_owned()))?;

        let hook_ctx = PaymentCreationContext {
            payment_required: payment_required.clone(),
        };

        // Phase 1: Before hooks — first abort wins
        for hook in self.hooks.iter() {
            if let HookDecision::Abort { reason, .. } =
                hook.before_payment_creation(&hook_ctx).await
            {
                return Err(ClientError::ParseError(reason));
            }
        }

        let creation_result = self.create_payment_headers_inner(&payment_required).await;

        match creation_result {
            Ok(headers) => {
                // Phase 3a: After hooks (fire-and-forget)
                for hook in self.hooks.iter() {
                    hook.after_payment_creation(&hook_ctx, &headers).await;
                }
                Ok(headers)
            }
            Err(err) => {
                // Phase 3b: Failure hooks — first recovery wins
                let err_msg = err.to_string();
                for hook in self.hooks.iter() {
                    if let FailureRecovery::Recovered(headers) =
                        hook.on_payment_creation_failure(&hook_ctx, &err_msg).await
                    {
                        return Ok(headers);
                    }
                }
                Err(err)
            }
        }
    }

    /// Internal helper that performs the actual payment header creation.
    async fn create_payment_headers_inner(
        &self,
        payment_required: &proto::PaymentRequired,
    ) -> Result<HeaderMap, ClientError> {
        let candidates = self.schemes.candidates(payment_required);

        // Apply policies to filter candidates
        let mut filtered: Vec<&PaymentCandidate> = candidates.iter().collect();
        for policy in &self.policies {
            filtered = policy.apply(filtered);
            if filtered.is_empty() {
                return Err(ClientError::NoMatchingPaymentOption);
            }
        }

        // Select the best candidate from filtered list
        let selected = self
            .selector
            .select(&filtered)
            .ok_or(ClientError::NoMatchingPaymentOption)?;

        #[cfg(feature = "telemetry")]
        debug!(
            scheme = %selected.scheme,
            chain_id = %selected.chain_id,
            "Selected payment scheme"
        );

        let signed_payload = selected.sign().await?;
        let headers = {
            let mut headers = HeaderMap::new();
            #[allow(
                clippy::expect_used,
                reason = "base64-encoded payload is always valid ASCII header"
            )]
            headers.insert(
                "Payment-Signature",
                signed_payload
                    .parse()
                    .expect("signed payload is valid header value"),
            );
            headers
        };

        Ok(headers)
    }
}

/// Internal collection of registered scheme clients.
#[derive(Default)]
#[allow(
    missing_debug_implementations,
    reason = "dyn trait objects do not impl Debug"
)]
pub(super) struct ClientSchemes(Vec<Arc<dyn SchemeClient>>);

impl ClientSchemes {
    /// Adds a scheme client to the collection.
    pub(super) fn push<T: SchemeClient + 'static>(&mut self, client: T) {
        self.0.push(Arc::new(client));
    }

    /// Finds all payment candidates that can handle the given payment requirements.
    #[must_use]
    pub(super) fn candidates(
        &self,
        payment_required: &proto::PaymentRequired,
    ) -> Vec<PaymentCandidate> {
        let mut candidates = vec![];
        for client in &self.0 {
            let accepted = client.accept(payment_required);
            candidates.extend(accepted);
        }
        candidates
    }
}

/// Runs the next middleware or HTTP client with optional telemetry instrumentation.
#[cfg_attr(
    feature = "telemetry",
    instrument(name = "x402.reqwest.next", skip_all)
)]
async fn run_next(
    next: rqm::Next<'_>,
    req: Request,
    extensions: &mut Extensions,
) -> rqm::Result<Response> {
    next.run(req, extensions).await
}

#[async_trait::async_trait]
impl<TSelector> rqm::Middleware for X402Client<TSelector>
where
    TSelector: PaymentSelector + Send + Sync + 'static,
{
    /// Handles a request, automatically handling 402 responses.
    ///
    /// When a 402 response is received, this middleware:
    /// 1. Extracts payment requirements from the response
    /// 2. Signs a payment using registered scheme clients
    /// 3. Retries the request with the payment header
    ///
    /// If the request body is not cloneable (e.g. streaming), the middleware
    /// cannot auto-retry after a 402. In that case the original 402 response
    /// is returned as-is so the caller can handle it manually.
    #[cfg_attr(
        feature = "telemetry",
        instrument(name = "x402.reqwest.handle", skip_all, err)
    )]
    async fn handle(
        &self,
        req: Request,
        extensions: &mut Extensions,
        next: rqm::Next<'_>,
    ) -> rqm::Result<Response> {
        let retry_req = req.try_clone();
        let res = run_next(next.clone(), req, extensions).await?;

        if res.status() != StatusCode::PAYMENT_REQUIRED {
            #[cfg(feature = "telemetry")]
            trace!(status = ?res.status(), "No payment required, returning response");
            return Ok(res);
        }

        #[cfg(feature = "telemetry")]
        info!(url = ?res.url(), "Received 402 Payment Required, processing payment");

        // If the original request is not cloneable (streaming body), we cannot
        // auto-retry. Return the 402 response for manual handling by the caller.
        let Some(mut retry) = retry_req else {
            #[cfg(feature = "telemetry")]
            tracing::warn!("Cannot auto-retry 402: request body not cloneable, returning raw 402");
            return Ok(res);
        };

        let headers = self
            .make_payment_headers(res)
            .await
            .map_err(|e| rqm::Error::Middleware(e.into()))?;

        retry.headers_mut().extend(headers);

        #[cfg(feature = "telemetry")]
        trace!(url = ?retry.url(), "Retrying request with payment headers");

        run_next(next, retry, extensions).await
    }
}

/// Parses a 402 Payment Required response into a [`proto::PaymentRequired`].
///
/// Tries to extract V2 payment requirements from the `Payment-Required` header
/// (base64-encoded JSON) first, then falls back to parsing the response body as
/// plain JSON. This matches the Go SDK's `handleV2Payment` which also tries
/// header first then body.
#[cfg_attr(
    feature = "telemetry",
    instrument(name = "x402.reqwest.parse_payment_required", skip(response))
)]
pub async fn parse_payment_required(response: Response) -> Option<proto::PaymentRequired> {
    let v2_from_header = response
        .headers()
        .get("Payment-Required")
        .and_then(|h| Base64Bytes::from(h.as_bytes()).decode().ok())
        .and_then(|b| serde_json::from_slice::<v2::PaymentRequired>(&b).ok());

    if let Some(v2_payment_required) = v2_from_header {
        #[cfg(feature = "telemetry")]
        debug!("Parsed V2 payment required from header");
        return Some(v2_payment_required);
    }

    // Fall back to body (some servers send PaymentRequired as JSON body)
    if let Ok(body_bytes) = response.bytes().await
        && let Ok(v2_from_body) = serde_json::from_slice::<v2::PaymentRequired>(&body_bytes)
    {
        #[cfg(feature = "telemetry")]
        debug!("Parsed V2 payment required from response body");
        return Some(v2_from_body);
    }

    #[cfg(feature = "telemetry")]
    debug!("Could not parse payment required from response");

    None
}