feat(payment): add Solana x402 payment integration#36
Open
anggla01301 wants to merge 69 commits into
Open
Conversation
anggla01301
commented
Apr 30, 2026
anggla01301
commented
Member
- Add solana/solana-devnet chains to payment-config with USDC addresses
- Add isSolanaChain() helper for chain type detection
- New solana-x402-verifier.ts: server-side 402 response builder and on-chain USDC transfer verification via @solana/web3.js
- New useSolanaX402Payment hook: client-side x402 flow with Phantom/ Solflare wallet support via @solana/wallet-adapter-react
- Add SolanaWalletProvider wrapping app with Phantom + Solflare adapters
- Update generate-image API route with Solana payment branch
- Update prompts/[id]/content API route with Solana payment branch
- Add payment mode toggle (EVM / Solana) to generate page and PromptEditor
- Hardcode SYMPHORA_PLATFORM_WALLET (9yygrkxBH9mm2WgFgua3LvCDWV4Y5fXdCru9SUsdWdKx) with env var override support
- Add serverExternalPackages for Solana packages in next.config.ts
- Replace window.location.reload() with direct API retry to preserve wallet state - Fix API response format mismatch (totalPurchases, totalSpentCents) - Add graceful error handling for missing prompt_purchases table - Improve error messages with specific Supabase error codes - Add type safety to totalSpent calculation
- Replace window.location.reload() with direct API retry to preserve wallet state - Add loading state management during API calls - Improve error handling and user feedback
- Load settings from API when wallet is connected - Save settings to both localStorage (backup) and API (persistent) - Add loading states and error handling for API calls - Fallback to localStorage if API fails - Add saving indicator during API operations - Support syncing settings across devices via database
- Replace ethers.isAddress with viem isAddress - Replace ethers.verifyMessage with viem verifyMessage - Resolve module resolution issues with Turbopack - Improve compatibility with Next.js build system - Remove ethers dependency to prevent conflicts
- Add preferences JSONB column to users table for storing settings - Add wallet_address TEXT column to link wallets to user records - Create unique index on wallet_address for one-to-one mapping - Add GIN index on preferences for efficient JSONB queries - Add documentation comments for schema clarity
- Consolidate all database migrations into single script - Include Phase 1-5 migrations: purchases, earnings, analytics, security, additional tables - Add all required tables: prompt_purchases, user_earnings, prompt_analytics_events, marketplace_prompts, auth_nonces, user_sessions, payment_verifications, reconciliation_queue, system_alerts, content_access_logs, withdrawal_requests - Add all database functions for atomic operations and analytics - Add indexes for optimal query performance - Add constraints for data integrity - Idempotent design (safe to run multiple times) - Complete documentation and comments
- Fix API response keys to match frontend expectations (totalPurchases, totalSpentCents) - Add graceful handling for missing prompt_purchases table (PGRST205 error) - Return empty purchase list instead of 500 error when table doesn't exist - Improve error messages with specific Supabase error codes - Add type safety to amount calculations
…ngs API - Handle missing user_earnings table gracefully (returns default values) - Handle missing prompt_purchases table gracefully (returns empty arrays) - Handle missing marketplace_prompts table gracefully (returns empty arrays) - Improve error logging with specific error codes - Prevent 500 errors when database migrations haven't been run
- Create GET /api/users/[id]/settings endpoint to fetch user preferences - Create PUT /api/users/[id]/settings endpoint to save user preferences - Support both UUID and wallet address lookups - Auto-create user records if they don't exist - Store preferences as JSONB in users table - Merge display_name from users table with preferences - Return default settings if user not found
- Handle missing prompt_purchases table in time series queries - Handle missing prompt_purchases table in top prompts queries - Handle missing prompt_purchases table in recent sales queries - Return empty arrays instead of 500 errors when tables don't exist - Improve error logging for debugging
…e API - Handle missing user_earnings table gracefully - Handle missing prompt_purchases table gracefully - Return empty arrays/default values instead of 500 errors - Improve error logging with specific error codes
- Handle missing prompt_purchases table when checking verified purchases - Skip verified purchase check gracefully if table doesn't exist - Prevent 500 errors during review submission
- Add /api/marketplace/prompts endpoint for listing prompts - Add /api/marketplace/search endpoint for search functionality - Add /api/marketplace/categories endpoint for category management - Support filtering, sorting, and pagination
- Add /api/analytics/events endpoint for tracking user interactions - Add /api/analytics/creators/[id] endpoint for creator analytics - Add /api/analytics/prompts/[id] endpoint for prompt analytics - Support event tracking, time series data, and performance metrics
- Add /api/auth/nonce endpoint for EIP-712 wallet authentication - Support nonce generation and validation - Enable secure wallet-based authentication flow
- Add /api/prompts/[id]/list endpoint for prompt listing management - Support listing status updates and metadata management
- Add /api/prompts/[id]/purchase endpoint for handling purchases - Support payment verification and purchase recording - Integrate with blockchain payment verification
- Add /api/prompts/[id]/content/secure endpoint for authenticated access - Support access token validation - Enable secure content delivery for purchased prompts
- Add /api/reviews/[id]/vote endpoint for review voting - Support helpful/unhelpful voting on reviews - Enable community-driven review quality
- Add /creators/[id] page for displaying creator profiles - Show creator stats, portfolio, and listed prompts - Support public creator discovery
- Add /dashboard page for user overview - Display earnings, purchases, and listings summary - Provide quick access to key features
- Add AnalyticsChart component for data visualization - Add CreatorAnalyticsDashboard for creator analytics display - Add PromptAnalyticsView for prompt performance metrics - Support charts, graphs, and analytics visualization
- Add MarketplaceFilters component for filtering prompts - Add SearchInterface component for search functionality - Support category, price, license type filtering - Enable advanced search capabilities
- Add PromptListModal for listing prompts on marketplace - Add PromptUnlockModal for purchasing/unlocking prompts - Support payment flow and purchase confirmation
- Add ReviewForm component for submitting reviews - Add ReviewsSection component for displaying reviews - Support rating, comments, and review voting
- Add AuthProvider for managing authentication state - Support wallet connection and session management - Enable authenticated API requests
- Add useAnalytics hook for analytics data fetching - Add useAuth hook for authentication state management - Add usePurchasePrompt hook for purchase flow - Add useWalletAuth hook for wallet authentication
- Add alerting.ts for system alert management - Add content-access-tokens.ts for secure content access - Add payment-verification.ts for blockchain payment verification - Add prompt-consistency.ts for data consistency checks - Add prompt-enrichment.ts for prompt data enrichment - Add reconciliation-queue.ts for failed operation retry
- Add comprehensive type definitions for API responses - Add types for analytics, purchases, earnings, and reviews - Support type safety across frontend and backend
- Add payment-verification.ts for on-chain payment verification - Add price-oracle-complex.ts for dynamic pricing - Support multi-chain payment verification - Enable price calculation based on market conditions
… auth + ownership check to prompts/[id] PATCH (was completely unprotected) - Make X-Timestamp required in authenticateUser; validate message contains wallet address - Consume auth nonce atomically via consume_auth_nonce() on authentication - Throw if CONTENT_ACCESS_TOKEN_SECRET not set (remove hardcoded default fallback) - Remove raw error messages from GET/PATCH responses in prompts/[id]/route.ts - Add phase6-security-hardening.sql migration (replay protection + nonce unique constraints) - Add CONTENT_ACCESS_TOKEN_SECRET to .env.example
…ning Turnkey embedded wallet: - Email OTP auth flow (init/verify/delete-token routes) - Server-side otp_sessions to prevent email substitution attacks - Sub-org + Solana wallet creation for new users - TurnkeyProvider, useTurnkeyWallet hook, TurnkeyLoginModal component - DELETE /api/prompts/[id] with wallet auth + X-Delete-Token 2FA - Fixed pre-existing bugs in init-user route and useTurnkeyAuth hook - turnkey-migration.sql (turnkey_users, otp_sessions, delete_confirm_tokens) Marketplace security: - lib/auth.ts: EIP-712 typed data signing, single-use nonce with atomic consume - api/generations: requireAuth on GET+POST, paid prompt purchase check before generation - lib/content-access-tokens: no fallback secret, Bearer-only (query param removed) - api/gallery/upload, api/profile/upload, api/profile: requireAuth + userId ownership check - security-patch.sql: unique index on transaction_hash (replay protection)
…eaders middleware. - Added temporary API rate limiting for auth/Turnkey routes. - Sanitized several API error responses. - Imported Sarthak Recovery & 2FA UI, but gated prototype recovery flows by env. - Added Turnkey passkey setup path in Settings. - Hardened Solana x402 client validation for network, USDC mint, amount, and platform wallet. - Locked platform fee to 5% to match on-chain logic. - Added NEXT_PUBLIC_SOLANA_PLATFORM_WALLET to env example. Known follow-up: - Bind delete confirmation tokens to wallet address. - Replace memory rate limit with Supabase RPC. - Clean up duplicate/inactive middleware.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.