Marketplace SPA — Phase 4: Signed Wallet Transactions #22

New issue

Closed

opened 2026-03-25 01:01:49 +00:00 by mik-tf · 1 comment

mik-tf commented

2026-03-25 01:01:49 +00:00

Member

Context

Phase 3 (#21) delivered payment gateways (Stripe, Clickpesa, Bank). Phase 4 adds signed wallet transactions — users sign spend intents with their ed25519 key, backend verifies and executes, returns a signed receipt.

Architecture

User clicks "Buy Now" on product
  → SPA prompts for passphrase (re-confirms identity)
  → Client signs: { action: "spend", amount, product_id, timestamp }
  → POST /api/wallet/transact { intent, public_key, signature }
  → Backend verifies signature against registered pubkey
  → Backend checks balance >= amount
  → Backend deducts credits, creates order
  → Backend returns { receipt, new_balance, order_id }
  → Client stores receipt in localStorage

Backend Changes

1. Wallet transaction endpoint

POST /api/wallet/transact — verify signed spend intent, deduct, return receipt
GET /api/wallet/balance — return current MC balance (already exists)
GET /api/wallet/transactions — return transaction history (already exists)

2. Credit operations on WalletManager

add_credits(user_email, amount, reference) — top-up from payment webhook
deduct_credits(user_email, amount, reference) — spend on purchase
get_balance(user_email) — current balance

3. Wire payment webhook → credit allocation

On confirmed webhook: look up user by payment reference → add_credits()

Frontend Changes

1. Signed purchase flow

Product detail / checkout → "Confirm Purchase" → passphrase prompt
Sign spend intent with vault key
POST to /api/wallet/transact
Store receipt in localStorage
Show order confirmation

2. Balance polling

Poll /api/wallet/balance every 30s when authenticated
Update wallet display in real-time

Testing

Demo mode: wallet starts with 1000 MC
Register → Buy Credits (demo, instant) → Buy product → balance deducted
Transaction history shows top-up + purchase
Curl test: signed transact endpoint

Signed-off-by: mik-tf

## Context Phase 3 (#21) delivered payment gateways (Stripe, Clickpesa, Bank). Phase 4 adds signed wallet transactions — users sign spend intents with their ed25519 key, backend verifies and executes, returns a signed receipt. ## Architecture ``` User clicks "Buy Now" on product → SPA prompts for passphrase (re-confirms identity) → Client signs: { action: "spend", amount, product_id, timestamp } → POST /api/wallet/transact { intent, public_key, signature } → Backend verifies signature against registered pubkey → Backend checks balance >= amount → Backend deducts credits, creates order → Backend returns { receipt, new_balance, order_id } → Client stores receipt in localStorage ``` ## Backend Changes ### 1. Wallet transaction endpoint - `POST /api/wallet/transact` — verify signed spend intent, deduct, return receipt - `GET /api/wallet/balance` — return current MC balance (already exists) - `GET /api/wallet/transactions` — return transaction history (already exists) ### 2. Credit operations on WalletManager - `add_credits(user_email, amount, reference)` — top-up from payment webhook - `deduct_credits(user_email, amount, reference)` — spend on purchase - `get_balance(user_email)` — current balance ### 3. Wire payment webhook → credit allocation - On confirmed webhook: look up user by payment reference → `add_credits()` ## Frontend Changes ### 1. Signed purchase flow - Product detail / checkout → "Confirm Purchase" → passphrase prompt - Sign spend intent with vault key - POST to `/api/wallet/transact` - Store receipt in localStorage - Show order confirmation ### 2. Balance polling - Poll `/api/wallet/balance` every 30s when authenticated - Update wallet display in real-time ## Testing - Demo mode: wallet starts with 1000 MC - Register → Buy Credits (demo, instant) → Buy product → balance deducted - Transaction history shows top-up + purchase - Curl test: signed transact endpoint Signed-off-by: mik-tf

mik-tf commented

2026-03-25 01:15:01 +00:00

Author

Member

Phase 4 Complete — v0.7.0 Released

Commits

Repo	Commit	What
`marketplace_backend`	`9414174`	POST /api/wallet/transact — signed spend intent, balance check, deduct, receipt
`marketplace_frontend`	`7ca431f`	Checkout signs spend intent with vault key, deducts before order creation

Releases

Tests: 26/26 smoke tests PASS. Deployed to dev.

Release summary (Phases 1-4)

Version	Phase	What
v0.4.0	1	Basic WASM SPA — 45 routes, charts, UI parity
v0.5.0	2	Ed25519 keypair identity + signature auth + session persistence
v0.6.0	3	Payment integration — Stripe, Clickpesa, Bank Transfer
v0.7.0	4	Signed wallet transactions — spend intents, receipts, balance tracking

Next: Phase 5 — Data Parity & Polish (v0.8.0)

Signed-off-by: mik-tf

## Phase 4 Complete — v0.7.0 Released ### Commits | Repo | Commit | What | |------|--------|------| | `marketplace_backend` | `9414174` | POST /api/wallet/transact — signed spend intent, balance check, deduct, receipt | | `marketplace_frontend` | `7ca431f` | Checkout signs spend intent with vault key, deducts before order creation | ### Releases - [frontend v0.7.0](https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_frontend/releases/tag/v0.7.0) - [backend v0.7.0](https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_backend/releases/tag/v0.7.0) - [deploy v0.7.0](https://forge.ourworld.tf/mycelium_code/projectmycelium_marketplace_deploy/releases/tag/v0.7.0) ### Tests: 26/26 smoke tests PASS. Deployed to dev. ### Release summary (Phases 1-4) | Version | Phase | What | |---------|-------|------| | v0.4.0 | 1 | Basic WASM SPA — 45 routes, charts, UI parity | | v0.5.0 | 2 | Ed25519 keypair identity + signature auth + session persistence | | v0.6.0 | 3 | Payment integration — Stripe, Clickpesa, Bank Transfer | | **v0.7.0** | **4** | **Signed wallet transactions — spend intents, receipts, balance tracking** | ### Next: Phase 5 — Data Parity & Polish (v0.8.0) Signed-off-by: mik-tf