Working end-to-end flow

Author: ianthirdweb

.env.sample

@@ -1,2 +1,7 @@
-NEXT_PUBLIC_THIRDWEB_CLIENT_ID=6f4b9d28993ca599e4fc109a86ffae22
-NEXT_PUBLIC_WALLET_ADDRESS=0xE32Ac8F1eDB5DcF1F739D85278bA50501f5FAF47
+NEXT_PUBLIC_THIRDWEB_CLIENT_ID=
+NEXT_PUBLIC_WALLET_ADDRESS=
+NEXT_PUBLIC_NFT_CONTRACT_ADDRESS=
+PAY_WEBHOOK_SECRET=
+BACKEND_WALLET_ADDRESS=
+ENGINE_API_URL=
+ENGINE_ACCESS_TOKEN=

next.config.mjs

@@ -1,4 +1,6 @@
 /** @type {import('next').NextConfig} */
-const nextConfig = {};
+const nextConfig = {
+  trailingSlash: true,
+};
 
 export default nextConfig;

package.json

@@ -9,6 +9,8 @@
     "lint": "next lint"
   },
   "dependencies": {
+    "@thirdweb-dev/engine": "^0.0.15",
+    "lucide-react": "^0.439.0",
     "next": "14.2.8",
     "react": "^18",
     "react-dom": "^18",

src/app/api/route.ts

@@ -0,0 +1,161 @@
+import { NextResponse, NextRequest } from "next/server";
+import { Engine } from "@thirdweb-dev/engine";
+import crypto from "crypto";
+
+const generateSignature = (
+  body: string,
+  timestamp: string,
+  secret: string
+): string => {
+  const payload = `${timestamp}.${body}`;
+  return crypto.createHmac("sha256", secret).update(payload).digest("hex");
+};
+
+const isValidSignature = (
+  body: string,
+  timestamp: string,
+  signature: string,
+  secret: string
+): boolean => {
+  const expectedSignature = generateSignature(body, timestamp, secret);
+  return crypto.timingSafeEqual(
+    Buffer.from(expectedSignature),
+    Buffer.from(signature)
+  );
+};
+
+const isExpired = (timestamp: string, expirationInSeconds: number): boolean => {
+  const currentTime = Math.floor(Date.now() / 1000);
+  return currentTime - parseInt(timestamp) > expirationInSeconds;
+};
+
+export async function POST(req: NextRequest) {
+  try {
+    const signatureFromHeader = req.headers.get("X-Pay-Signature");
+    const timestampFromHeader = req.headers.get("X-Pay-Timestamp");
+    const body = await req.json();
+
+    if (!signatureFromHeader || !timestampFromHeader) {
+      console.error("Missing signature or timestamp header");
+      return NextResponse.json(
+        { error: "Missing signature or timestamp header" },
+        { status: 401 }
+      );
+    }
+
+    if (
+      !isValidSignature(
+        JSON.stringify(body),
+        timestampFromHeader,
+        signatureFromHeader,
+        process.env.PAY_WEBHOOK_SECRET as string
+      )
+    ) {
+      console.error("Invalid Signature");
+      return NextResponse.json({ error: "Invalid Signature" }, { status: 401 });
+    }
+
+    if (isExpired(timestampFromHeader, 300)) {
+      // Assuming expiration time is 5 minutes (300 seconds)
+      console.error("Request has expired");
+      return NextResponse.json(
+        { error: "Request has expired" },
+        { status: 401 }
+      );
+    }
+
+    const { data } = body;
+
+    if (
+      data.buyWithFiatStatus &&
+      data.buyWithFiatStatus.status === "ON_RAMP_TRANSFER_COMPLETED"
+    ) {
+      const {
+        fromAddress,
+        purchaseData: { nftContractAddress, chainId, amount },
+      } = body.data.buyWithFiatStatus;
+
+      // Validate the purchase and call the engine
+      const result = await sendContractCallToEngine(
+        fromAddress,
+        nftContractAddress,
+        chainId,
+        amount
+      );
+
+      return NextResponse.json({
+        message: "Purchase processed successfully",
+        result,
+      });
+    }
+
+    if (
+      data.buyWithCryptoStatus &&
+      data.buyWithCryptoStatus.status === "CRYPTO_SWAP_COMPLETED"
+    ) {
+      const {
+        fromAddress,
+        purchaseData: { nftContractAddress, chainId, metadata },
+      } = body.data.buyWithCryptoStatus;
+
+      // Validate the purchase and call the engine
+      const result = await sendContractCallToEngine(
+        fromAddress,
+        nftContractAddress,
+        chainId,
+        metadata
+      );
+
+      return NextResponse.json({
+        message: "Purchase processed successfully",
+        result,
+      });
+    }
+
+    return NextResponse.json({ message: "Status received" });
+  } catch (error) {
+    console.error("Error handling webhook:", error);
+    return NextResponse.json(
+      { error: "Error processing webhook" },
+      { status: 500 }
+    );
+  }
+}
+
+async function sendContractCallToEngine(
+  fromAddress: string,
+  nftContractAddress: string,
+  chainId: string,
+  metadata: Record<string, string> = {}
+) {
+  try {
+    const engine = new Engine({
+      url: process.env.ENGINE_API_URL as string,
+      accessToken: process.env.ENGINE_ACCESS_TOKEN as string,
+    });
+
+    const response = await engine.erc721.mintTo(
+      chainId,
+      nftContractAddress,
+      process.env.BACKEND_WALLET_ADDRESS as string,
+      {
+        receiver: fromAddress,
+        metadata: metadata,
+      }
+    );
+
+    console.log("Response", response.result);
+
+    if (!response) {
+      throw new Error("Error in Engine contract call");
+    }
+
+    return response;
+  } catch (error) {
+    console.error("Error processing Engine contract call", error);
+    return NextResponse.json(
+      { error: "Error processing Engine contract call" },
+      { status: 500 }
+    );
+  }
+}

src/app/components/DirectPayment.tsx

@@ -1,24 +1,46 @@
 "use client";
 
 import { createThirdwebClient } from "thirdweb";
-import { ConnectButton } from "thirdweb/react";
-import { useActiveAccount } from "thirdweb/react";
-import DirectPayment from "./components/DirectPayment";
+import { PayEmbed } from "thirdweb/react";
+import { baseSepolia } from "thirdweb/chains";
 
 // create a thirdweb client
 const client = createThirdwebClient({
   clientId: `${process.env.NEXT_PUBLIC_THIRDWEB_CLIENT_ID}`,
 });
 
 export default function Home() {
-  const account = useActiveAccount();
   return (
-    <div className="grid grid-rows-[20px_1fr_20px] items-center justify-items-center min-h-screen p-8 pb-20 gap-16 sm:p-20 font-[family-name:var(--font-geist-sans)]">
-      <main className="flex flex-col gap-8 row-start-2 items-center sm:items-start">
-        <ConnectButton client={client} />
-        {account && (
-          <DirectPayment client={client} fromAddress={account.address} />
-        )}
+    <div className="grid grid-rows-[20px_1fr_20px] items-center justify-items-center justify-center min-h-screen p-8 pb-20 gap-16 sm:p-20 font-[family-name:var(--font-geist-sans)]">
+      <main className="flex flex-col gap-8 row-start-2 items-center sm:items-start justify-center">
+        <PayEmbed
+          client={client}
+          theme={"dark"}
+          payOptions={{
+            mode: "direct_payment",
+            buyWithFiat: { testMode: true },
+            paymentInfo: {
+              amount: "0.01",
+              chain: baseSepolia,
+              sellerAddress: process.env.NEXT_PUBLIC_WALLET_ADDRESS as string,
+            },
+            purchaseData: {
+              nftContractAddress: process.env.NEXT_PUBLIC_NFT_CONTRACT_ADDRESS,
+              chainId: baseSepolia.id,
+              metadata: {
+                name: "Pay Sample NFT",
+                image:
+                  "ipfs://bafybeia3gb56ne2tuoujtwiorkruhaukzdou3u2o5fjpyf7mbbuuf6brtq/krabs.webp",
+                amount: "0.01",
+              },
+            },
+            metadata: {
+              name: "Pay Sample NFT",
+              image:
+                "ipfs://bafybeia3gb56ne2tuoujtwiorkruhaukzdou3u2o5fjpyf7mbbuuf6brtq/krabs.webp",
+            },
+          }}
+        />
       </main>
     </div>
   );