[TypeScript] SIWX settle hook crashes if PaymentPayload.resource is undefined #1156
Description
createSIWxSettleHook accesses paymentPayload.resource.url without a null check:
typescript/packages/extensions/src/sign-in-with-x/hooks.ts L57
The hook defines its own inline type with resource: { url: string } (required), but PaymentPayload.resource is optional per the v2 spec (section 5.2.2). If a payment payload without a resource field flows through this hook, line 67 throws TypeError: Cannot read properties of undefined (reading 'url'):
typescript/packages/extensions/src/sign-in-with-x/hooks.ts L67
Current behavior
const resource = new URL(ctx.paymentPayload.resource.url).pathname; // throws if resource is undefinedExpected behavior
Guard against undefined resource:
const url = ctx.paymentPayload.resource?.url;
if (!url) return;
const resource = new URL(url).pathname;Impact
Latent runtime crash. Currently masked because the TS type in payments.ts has resource as required, so no code path produces a payload without it. Once the types are aligned with the spec (#1154), this becomes reachable.
Related
- [TypeScript] TS type fields required where v2 spec marks them optional #1154 -- Type optionality fix that exposes this bug