elizaOS
diff --git a/‎packages/cloud-api/__tests__/users-me-wallet-attach.test.ts‎
Lines changed: 230 additions & 0 deletions b/‎packages/cloud-api/__tests__/users-me-wallet-attach.test.ts‎
Lines changed: 230 additions & 0 deletions
diff --git a/‎packages/cloud-api/src/_router.generated.ts‎
Lines changed: 3 additions & 1 deletion b/‎packages/cloud-api/src/_router.generated.ts‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎packages/cloud-api/users/me/wallet/attach/route.ts‎
Lines changed: 130 additions & 0 deletions b/‎packages/cloud-api/users/me/wallet/attach/route.ts‎
Lines changed: 130 additions & 0 deletions
@@ -0,0 +1,230 @@
+/**
+ * Tests for POST /api/users/me/wallet/attach.
+ *
+ * Mocks every external dep (auth, Redis, SIWE validator, users service) so
+ * the assertions live entirely in the route module's branching logic:
+ *   - already_attached when the authed user has a wallet
+ *   - 400 on a malformed body
+ *   - 401 when SIWE verification throws
+ *   - 409 wallet_taken when the address belongs to a different user
+ *   - 200 + usersService.update call with normalized fields on the happy path
+ *
+ * `bun:test`'s `mock.module` is hoisted-import-aware: register mocks BEFORE
+ * importing the route module. The route is a Hono app, so we exercise it via
+ * `app.fetch(new Request(...))`.
+ */
+
+import { afterEach, beforeAll, describe, expect, mock, test } from "bun:test";
+
+const validateAndConsumeSIWE = mock<
+  (
+    redis: unknown,
+    message: string,
+    signature: string,
+    host: string,
+  ) => Promise<{ address: string }>
+>();
+
+const getByWalletAddress = mock<
+  (address: string) => Promise<{ id: string } | undefined>
+>();
+
+const usersServiceUpdate = mock<
+  (
+    id: string,
+    data: Record<string, unknown>,
+  ) => Promise<
+    | {
+        id: string;
+        wallet_address: string;
+        wallet_chain_type: string;
+        wallet_verified: boolean;
+      }
+    | undefined
+  >
+>();
+
+const requireUser = mock<
+  (c: unknown) => Promise<{ id: string; wallet_address: string | null }>
+>();
+
+const buildRedisClient = mock<(env: unknown) => unknown>();
+
+mock.module("@/lib/auth/workers-hono-auth", () => ({
+  requireUser,
+}));
+
+mock.module("@/lib/cache/redis-factory", () => ({
+  buildRedisClient,
+}));
+
+mock.module("@/lib/utils/siwe-helpers", () => ({
+  validateAndConsumeSIWE,
+}));
+
+mock.module("@/lib/services/users", () => ({
+  usersService: {
+    getByWalletAddress,
+    update: usersServiceUpdate,
+  },
+}));
+
+mock.module("@/lib/utils/app-url", () => ({
+  getAppHost: () => "elizacloud.ai",
+}));
+
+mock.module("@/lib/middleware/rate-limit-hono-cloudflare", () => ({
+  RateLimitPresets: { STRICT: {} },
+  rateLimit: () => async (_c: unknown, next: () => Promise<void>) => {
+    await next();
+  },
+}));
+
+mock.module("@/lib/utils/logger", () => ({
+  logger: {
+    info: () => undefined,
+    warn: () => undefined,
+    error: () => undefined,
+    debug: () => undefined,
+  },
+}));
+
+// EIP-55 checksummed mainnet address (any valid checksum works for these tests).
+const VALID_ADDRESS = "0x52908400098527886E0F7030069857D2E4169EE7";
+const VALID_ADDRESS_LOWER = VALID_ADDRESS.toLowerCase();
+const VALID_SIGNATURE = `0x${"a".repeat(130)}` as const;
+
+let attachRoute: { default: { fetch: (req: Request) => Promise<Response> } };
+
+beforeAll(async () => {
+  attachRoute = (await import(
+    "../users/me/wallet/attach/route"
+  )) as typeof attachRoute;
+});
+
+function makeRequest(body: unknown) {
+  return new Request("http://test.local/", {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body),
+  });
+}
+
+afterEach(() => {
+  validateAndConsumeSIWE.mockReset();
+  getByWalletAddress.mockReset();
+  usersServiceUpdate.mockReset();
+  requireUser.mockReset();
+  buildRedisClient.mockReset();
+});
+
+describe("POST /api/users/me/wallet/attach", () => {
+  test("returns 409 already_attached when the user already has a wallet", async () => {
+    requireUser.mockResolvedValue({
+      id: "user-1",
+      wallet_address: "0xdeadbeef",
+    });
+
+    const res = await attachRoute.default.fetch(
+      makeRequest({ message: "msg", signature: VALID_SIGNATURE }),
+    );
+
+    expect(res.status).toBe(409);
+    const body = (await res.json()) as { code?: string };
+    expect(body.code).toBe("already_attached");
+    expect(validateAndConsumeSIWE).not.toHaveBeenCalled();
+  });
+
+  test("returns 400 when body is missing message or signature", async () => {
+    requireUser.mockResolvedValue({ id: "user-1", wallet_address: null });
+    buildRedisClient.mockReturnValue({});
+
+    const res = await attachRoute.default.fetch(makeRequest({ message: "x" }));
+
+    expect(res.status).toBe(400);
+    expect(validateAndConsumeSIWE).not.toHaveBeenCalled();
+  });
+
+  test("returns 401 when SIWE validation throws", async () => {
+    requireUser.mockResolvedValue({ id: "user-1", wallet_address: null });
+    buildRedisClient.mockReturnValue({});
+    validateAndConsumeSIWE.mockRejectedValue(new Error("nonce invalid"));
+
+    const res = await attachRoute.default.fetch(
+      makeRequest({ message: "msg", signature: VALID_SIGNATURE }),
+    );
+
+    expect(res.status).toBe(401);
+    expect(usersServiceUpdate).not.toHaveBeenCalled();
+  });
+
+  test("returns 409 wallet_taken when address belongs to a different user", async () => {
+    requireUser.mockResolvedValue({ id: "user-1", wallet_address: null });
+    buildRedisClient.mockReturnValue({});
+    validateAndConsumeSIWE.mockResolvedValue({ address: VALID_ADDRESS });
+    getByWalletAddress.mockResolvedValue({ id: "user-2" });
+
+    const res = await attachRoute.default.fetch(
+      makeRequest({ message: "msg", signature: VALID_SIGNATURE }),
+    );
+
+    expect(res.status).toBe(409);
+    const body = (await res.json()) as { code?: string };
+    expect(body.code).toBe("wallet_taken");
+    expect(usersServiceUpdate).not.toHaveBeenCalled();
+  });
+
+  test("returns 200 and updates the user on the happy path", async () => {
+    requireUser.mockResolvedValue({ id: "user-1", wallet_address: null });
+    buildRedisClient.mockReturnValue({});
+    validateAndConsumeSIWE.mockResolvedValue({ address: VALID_ADDRESS });
+    getByWalletAddress.mockResolvedValue(undefined);
+    usersServiceUpdate.mockResolvedValue({
+      id: "user-1",
+      wallet_address: VALID_ADDRESS_LOWER,
+      wallet_chain_type: "evm",
+      wallet_verified: true,
+    });
+
+    const res = await attachRoute.default.fetch(
+      makeRequest({ message: "msg", signature: VALID_SIGNATURE }),
+    );
+
+    expect(res.status).toBe(200);
+    const body = (await res.json()) as {
+      address: string;
+      user: { wallet_address: string };
+    };
+    expect(body.address).toBe(VALID_ADDRESS);
+    expect(body.user.wallet_address).toBe(VALID_ADDRESS_LOWER);
+    expect(usersServiceUpdate).toHaveBeenCalledWith("user-1", {
+      wallet_address: VALID_ADDRESS_LOWER,
+      wallet_chain_type: "evm",
+      wallet_verified: true,
+    });
+  });
+
+  test("returns 409 wallet_taken when the address is bound to the SAME user (race-safe)", async () => {
+    // If the conflict-check finds the same user, the prior wallet_address gate
+    // would have caught it. But cover the edge case where user record state is
+    // stale between requireUser and getByWalletAddress.
+    requireUser.mockResolvedValue({ id: "user-1", wallet_address: null });
+    buildRedisClient.mockReturnValue({});
+    validateAndConsumeSIWE.mockResolvedValue({ address: VALID_ADDRESS });
+    getByWalletAddress.mockResolvedValue({ id: "user-1" });
+    usersServiceUpdate.mockResolvedValue({
+      id: "user-1",
+      wallet_address: VALID_ADDRESS_LOWER,
+      wallet_chain_type: "evm",
+      wallet_verified: true,
+    });
+
+    const res = await attachRoute.default.fetch(
+      makeRequest({ message: "msg", signature: VALID_SIGNATURE }),
+    );
+
+    // Same user found: not a conflict, route should proceed to update.
+    expect(res.status).toBe(200);
+    expect(usersServiceUpdate).toHaveBeenCalled();
+  });
+});
@@ -2,7 +2,7 @@
  * AUTO-GENERATED by src/_generate-router.mjs - do not edit by hand.
  * Re-run `bun run codegen` after adding or removing a route.ts file.
  *
- * 561 routes mounted, 0 skipped (still Next-shaped).
+ * 562 routes mounted, 0 skipped (still Next-shaped).
  */
 
 /* eslint-disable */
@@ -189,6 +189,7 @@ import _route_training_vertex_assignments_route from "../training/vertex/assignm
 import _route_training_vertex_jobs_route from "../training/vertex/jobs/route";
 import _route_training_vertex_models_route from "../training/vertex/models/route";
 import _route_training_vertex_tune_route from "../training/vertex/tune/route";
+import _route_users_me_wallet_attach_route from "../users/me/wallet/attach/route";
 import _route_users_me_route from "../users/me/route";
 import _route_v1_admin_ai_pricing_route from "../v1/admin/ai-pricing/route";
 import _route_v1_admin_cloud_observability_route from "../v1/admin/cloud-observability/route";
@@ -1007,6 +1008,7 @@ export function mountRoutes(app: Hono<AppEnv>): void {
   app.route("/api/training/vertex/jobs", _route_training_vertex_jobs_route);
   app.route("/api/training/vertex/models", _route_training_vertex_models_route);
   app.route("/api/training/vertex/tune", _route_training_vertex_tune_route);
+  app.route("/api/users/me/wallet/attach", _route_users_me_wallet_attach_route);
   app.route("/api/users/me", _route_users_me_route);
   app.route("/api/v1/admin/ai-pricing", _route_v1_admin_ai_pricing_route);
   app.route(
 
@@ -0,0 +1,130 @@
+/**
+ * POST /api/users/me/wallet/attach
+ *
+ * Attaches an EVM wallet to the currently-authenticated user by validating a
+ * SIWE message + signature against the same nonce store used by /api/auth/siwe.
+ *
+ * WHY: OAuth signups (Google / Discord / GitHub / Magic Link / Passkey) never
+ * receive a `wallet_address`, and the direct-crypto-payments endpoint requires
+ * one. Without this route there is no way for an OAuth user to use the BSC
+ * promo (or any other wallet-native crypto payment surface).
+ *
+ * Conflict policy: if the address is already bound to a different user, we
+ * return 409 (`wallet_taken`). The pre-existing wallet-keyed account wins;
+ * the OAuth user must use that account instead. This matches the unique
+ * index on `users.wallet_address` and avoids any account-merge logic.
+ */
+
+import { Hono } from "hono";
+import { getAddress } from "viem";
+import { requireUser } from "@/lib/auth/workers-hono-auth";
+import { buildRedisClient } from "@/lib/cache/redis-factory";
+import {
+  RateLimitPresets,
+  rateLimit,
+} from "@/lib/middleware/rate-limit-hono-cloudflare";
+import { usersService } from "@/lib/services/users";
+import { getAppHost } from "@/lib/utils/app-url";
+import { logger } from "@/lib/utils/logger";
+import { validateAndConsumeSIWE } from "@/lib/utils/siwe-helpers";
+import type { AppEnv } from "@/types/cloud-worker-env";
+
+interface AttachBody {
+  message: string;
+  signature: `0x${string}`;
+}
+
+const app = new Hono<AppEnv>();
+
+app.use("*", rateLimit(RateLimitPresets.STRICT));
+
+app.post("/", async (c) => {
+  const user = await requireUser(c);
+
+  if (user.wallet_address) {
+    return c.json(
+      {
+        error: "A wallet is already attached to this account.",
+        code: "already_attached",
+        wallet_address: user.wallet_address,
+      },
+      409,
+    );
+  }
+
+  const redis = buildRedisClient(c.env);
+  if (!redis) {
+    return c.json({ error: "Service temporarily unavailable" }, 503);
+  }
+
+  const body = (await c.req.json().catch(() => null)) as AttachBody | null;
+  if (!body?.message || !body?.signature) {
+    return c.json({ error: "message and signature are required" }, 400);
+  }
+
+  let address: string;
+  try {
+    const result = await validateAndConsumeSIWE(
+      redis,
+      body.message,
+      body.signature,
+      getAppHost(c.env),
+    );
+    address = result.address;
+  } catch (err) {
+    logger.warn("[Wallet Attach] SIWE validation failed", {
+      userId: user.id,
+      error: err instanceof Error ? err.message : String(err),
+    });
+    return c.json({ error: "Wallet signature verification failed" }, 401);
+  }
+
+  const checksummed = getAddress(address);
+  const normalized = checksummed.toLowerCase();
+
+  const conflict = await usersService.getByWalletAddress(checksummed);
+  if (conflict && conflict.id !== user.id) {
+    logger.warn("[Wallet Attach] Wallet bound to another user", {
+      userId: user.id,
+      walletAddress: normalized,
+      existingUserId: conflict.id,
+    });
+    return c.json(
+      {
+        error:
+          "This wallet is already linked to another Eliza Cloud account. Sign in with the wallet-based account instead.",
+        code: "wallet_taken",
+      },
+      409,
+    );
+  }
+
+  const updated = await usersService.update(user.id, {
+    wallet_address: normalized,
+    wallet_chain_type: "evm",
+    wallet_verified: true,
+  });
+  if (!updated) {
+    logger.error("[Wallet Attach] Update returned no user", {
+      userId: user.id,
+    });
+    return c.json({ error: "Failed to attach wallet" }, 500);
+  }
+
+  logger.info("[Wallet Attach] Wallet attached to user", {
+    userId: user.id,
+    walletAddress: normalized,
+  });
+
+  return c.json({
+    address: checksummed,
+    user: {
+      id: updated.id,
+      wallet_address: updated.wallet_address,
+      wallet_chain_type: updated.wallet_chain_type,
+      wallet_verified: updated.wallet_verified,
+    },
+  });
+});
+
+export default app;