[Paywall] Support string price format when tokenAddress is not provided

[joaquim-verges]

---

PR-Codex overview

This PR focuses on modifying the handling of the tokenAddress in the GET function of the paywall route. It adjusts how the price object is constructed based on the presence of tokenAddress.

Detailed summary

• Changed const tokenAddress to directly assign the value from queryParams without a fallback.
• Updated the construction of the price object to conditionally include amount only if tokenAddress is present.
• Adjusted the structure of the price object to reflect the new conditional logic.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

Summary by CodeRabbit

• Bug Fixes
  • Paywall pricing response now conditionally includes asset details when a token address is supplied; price will include amount plus asset (address and decimals).
  • When no token address is provided, the response preserves the original behavior and returns the plain amount string.
  • This ensures compatible responses for both token-based and native-amount requests.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 8d53618

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
thirdweb_playground	Ready	Preview	Comment	Oct 28, 2025 7:11pm

4 Skipped Deployments

Project	Deployment	Preview	Comments	Updated (UTC)
docs-v2	Skipped			Oct 28, 2025 7:11pm
nebula	Skipped			Oct 28, 2025 7:11pm
thirdweb-www	Skipped			Oct 28, 2025 7:11pm
wallet-ui	Skipped			Oct 28, 2025 7:11pm

[joaquim-verges]

• [Paywall] Support string price format when tokenAddress is not provided #8330 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• merge-queue - adds this PR to the back of the merge queue
• hotfix - for urgent hot fixes, skip the queue and merge this PR next

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

The GET paywall route now treats tokenAddress as optional: when provided the response price is an object with amount and asset (address, decimals); when omitted price is returned as a plain amount string.

Changes

Cohort / File(s)	Change Summary
Paywall API Response Structure apps/playground-web/src/app/api/paywall/route.ts	Made tokenAddress optional and changed price formation: if tokenAddress present, price is { amount, asset: { address, decimals } }; otherwise price is the plain amount string.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant PaywallRoute as /api/paywall (GET)

    Client->>PaywallRoute: GET /api/paywall?amount=...&tokenAddress=... (tokenAddress optional)
    alt tokenAddress provided
        PaywallRoute->>PaywallRoute: build price object\n{ amount, asset: { address, decimals } }
        PaywallRoute-->>Client: 200 { price: { amount, asset } }
    else tokenAddress missing
        PaywallRoute->>PaywallRoute: use plain amount string
        PaywallRoute-->>Client: 200 { price: "amount" }
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Verify both branches produce correct JSON shapes and types.
• Check API contract implications for existing consumers and update docs/tests if needed.
• Ensure downstream handlers/UI accept both object and primitive price formats.

Pre-merge checks and finishing touches

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description Check	⚠️ Warning	The pull request description fails to meet the template requirements specified in the repository. While the author included an auto-generated PR-Codex overview that provides technical details about the changes, the description is largely composed of commented-out template instructions with no substantive content in the required sections. The "Notes for the reviewer" and "How to test" sections are empty except for the template placeholder comments, and the PR title is not included in the description itself (though it exists in the PR metadata). This represents a largely incomplete description that does not follow the required template structure.	The author should complete the PR description by filling in the required sections: provide a properly formatted title following the "[SDK/Dashboard/Portal] Feature/Fix: Concise title" format, add specific notes for the reviewer highlighting any important implementation details or considerations, and include testing instructions explaining how the changes can be validated (unit tests, playground testing, etc.). The auto-generated PR-Codex section provides useful context but does not substitute for the required template sections.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The PR title "[Paywall] Support string price format when tokenAddress is not provided" directly aligns with the main change in the pull request. The summary indicates that the code now conditionally sets price as a plain amount (string format) when tokenAddress is undefined, versus an object structure when it is defined. The title is concise, clear, and specific enough for a teammate reviewing history to understand the primary change without ambiguity.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 1d2d827 and 8d53618.

📒 Files selected for processing (1)

• apps/playground-web/src/app/api/paywall/route.ts (2 hunks)

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• TEAM-0000: Entity not found: Issue - Could not find referenced Issue.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 54.89%. Comparing base (3d235e2) to head (1d2d827).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #8330   +/-   ##
=======================================
  Coverage   54.89%   54.89%           
=======================================
  Files         919      919           
  Lines       60702    60702           
  Branches     4130     4130           
=======================================
  Hits        33321    33321           
  Misses      27279    27279           
  Partials      102      102           

Flag	Coverage Δ
packages	54.89% <ø> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

apps/playground-web/src/app/api/paywall/route.ts (1)

77-79: Consider omitting tokenAddress from response when undefined.

When tokenAddress is not provided, it will appear as null or undefined in the response. For cleaner API design, consider conditionally including it only when present.

        payment: {
          amount,
-         tokenAddress,
+         ...(tokenAddress && { tokenAddress }),
        },

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a82a31e and 1d2d827.

📒 Files selected for processing (1)

• apps/playground-web/src/app/api/paywall/route.ts (2 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

**/*.{ts,tsx}: Write idiomatic TypeScript with explicit function declarations and return types
Limit each file to one stateless, single-responsibility function for clarity
Re-use shared types from @/types or local types.ts barrels
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Choose composition over inheritance; leverage utility types (Partial, Pick, etc.)
Comment only ambiguous logic; avoid restating TypeScript in prose

**/*.{ts,tsx}: Use explicit function declarations and explicit return types in TypeScript
Limit each file to one stateless, single‑responsibility function
Re‑use shared types from @/types where applicable
Prefer type aliases over interface except for nominal shapes
Avoid any and unknown unless unavoidable; narrow generics when possible
Prefer composition over inheritance; use utility types (Partial, Pick, etc.)
Lazy‑import optional features and avoid top‑level side‑effects to reduce bundle size

Files:

• apps/playground-web/src/app/api/paywall/route.ts

**/*.{ts,tsx,js,jsx}

📄 CodeRabbit inference engine (CLAUDE.md)

Load heavy dependencies inside async paths to keep initial bundle lean (lazy loading)

Files:

• apps/playground-web/src/app/api/paywall/route.ts

apps/{dashboard,playground-web}/**/*.{ts,tsx}

📄 CodeRabbit inference engine (CLAUDE.md)

apps/{dashboard,playground-web}/**/*.{ts,tsx}: Import UI primitives from @/components/ui/* (Button, Input, Select, Tabs, Card, Sidebar, Badge, Separator) in dashboard and playground apps
Use NavLink for internal navigation with automatic active states in dashboard and playground apps
Use Tailwind CSS only – no inline styles or CSS modules
Use cn() from @/lib/utils for conditional class logic
Use design system tokens (e.g., bg-card, border-border, text-muted-foreground)
Server Components (Node edge): Start files with import "server-only";
Client Components (browser): Begin files with 'use client';
Always call getAuthToken() to retrieve JWT from cookies on server side
Use Authorization: Bearer header – never embed tokens in URLs
Return typed results (e.g., Project[], User[]) – avoid any
Wrap client-side data fetching calls in React Query (@tanstack/react-query)
Use descriptive, stable queryKeys for React Query cache hits
Configure staleTime/cacheTime in React Query based on freshness (default ≥ 60s)
Keep tokens secret via internal API routes or server actions
Never import posthog-js in server components

Files:

• apps/playground-web/src/app/api/paywall/route.ts

🧬 Code graph analysis (1)

apps/playground-web/src/app/api/paywall/route.ts (1)

apps/playground-web/src/app/payments/x402/components/constants.ts (1)

• token (4-9)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (8)

• GitHub Check: E2E Tests (pnpm, esbuild)
• GitHub Check: E2E Tests (pnpm, webpack)
• GitHub Check: E2E Tests (pnpm, vite)
• GitHub Check: Size
• GitHub Check: Lint Packages
• GitHub Check: Unit Tests
• GitHub Check: Build Packages
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

apps/playground-web/src/app/api/paywall/route.ts (2)

44-44: LGTM: tokenAddress is now optional.

The removal of the default fallback to token.address correctly makes tokenAddress optional, aligning with the PR objective to support string price format when tokenAddress is not provided.

---

56-62: Add "$" prefix to amount when tokenAddress is absent to match thirdweb's expected USD string format.

The code correctly passes a converted object when tokenAddress is provided, but when tokenAddress is absent (line 62), thirdweb's settlePayment API expects a USD-formatted string (e.g., "$0.01"). Currently, amount is passed as a raw numeric string (e.g., "0.01") from the query parameter. Update line 62 to prepend "$" to the amount: price: tokenAddress ? {...} : \${amount}``

⛔ Skipped due to learnings

Learnt from: MananTank
PR: thirdweb-dev/js#7298
File: apps/dashboard/src/app/nebula-app/move-funds/move-funds.tsx:255-277
Timestamp: 2025-06-06T23:47:55.122Z
Learning: The `transfer` function from `thirdweb/extensions/erc20` accepts human-readable amounts via the `amount` property and automatically handles conversion to base units (wei) by fetching the token decimals internally. Manual conversion using `toWei()` is not required when using the `amount` property.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Inconsistent decimals fallback creates risk of incorrect unit conversion.

Line 60 falls back to token.decimals when the decimals query parameter is not provided, but this is only safe when tokenAddress matches the imported token.address. If a different token address is provided without specifying decimals, the conversion at line 57 will use the wrong decimal places, leading to incorrect payment amounts.

Consider one of these solutions:

Option 1 (recommended): Require decimals when tokenAddress is provided:

  const amount = queryParams.get("amount") || "0.01";
  const payTo = queryParams.get("payTo") ?? undefined;
  const tokenAddress = queryParams.get("tokenAddress");
- const decimals = queryParams.get("decimals") || token.decimals.toString();
+ const decimals = queryParams.get("decimals");
  
  // ... later in validation
  if (!chainId) {
    return NextResponse.json(
      { error: "Missing required parameters" },
      { status: 400 },
    );
  }
+ 
+ if (tokenAddress && !decimals) {
+   return NextResponse.json(
+     { error: "decimals parameter is required when tokenAddress is provided" },
+     { status: 400 },
+   );
+ }

Option 2: Only use the fallback when tokenAddress matches the known token:

  price: tokenAddress ? {
    amount: toUnits(amount, parseInt(decimals)).toString(),
    asset: {
      address: tokenAddress as `0x${string}`,
-     decimals: decimals ? parseInt(decimals) : token.decimals,
+     decimals: parseInt(decimals || (tokenAddress === token.address ? token.decimals.toString() : "18")),
    },
  } : amount,

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	price: tokenAddress ? {
	amount: toUnits(amount, parseInt(decimals)).toString(),
	asset: {
	address: tokenAddress as `0x${string}`,
	decimals: decimals ? parseInt(decimals) : token.decimals,
	},
	},
	} : amount,
	price: tokenAddress ? {
	amount: toUnits(amount, parseInt(decimals)).toString(),
	asset: {
	address: tokenAddress as `0x${string}`,
	decimals: parseInt(decimals || (tokenAddress === token.address ? token.decimals.toString() : "18")),
	},
	} : amount,

🤖 Prompt for AI Agents

In apps/playground-web/src/app/api/paywall/route.ts around lines 56 to 62, the
code falls back to token.decimals when the decimals query param is missing even
if a different tokenAddress is provided, which can produce incorrect unit
conversion; change the logic so that when tokenAddress is provided decimals is
required: validate that decimals is present (return a 4xx/error response if
missing), parse it with parseInt once and use that parsed value for toUnits and
the asset.decimals field; alternatively (if you prefer the other option) only
use token.decimals as a fallback when tokenAddress === token.address, but the
preferred fix is to enforce and validate the decimals parameter when a custom
tokenAddress is used.

[github-actions]

size-limit report 📦

Path	Size	Loading time (3g)	Running time (snapdragon)	Total time
thirdweb (esm)	64.55 KB (0%)	1.3 s (0%)	304 ms (+73.63% 🔺)	1.6 s
thirdweb (cjs)	366.18 KB (0%)	7.4 s (0%)	1.9 s (+0.99% 🔺)	9.3 s
thirdweb (minimal + tree-shaking)	5.73 KB (0%)	115 ms (0%)	20 ms (+16.86% 🔺)	134 ms
thirdweb/chains (tree-shaking)	526 B (0%)	11 ms (0%)	93 ms (+2035.68% 🔺)	103 ms
thirdweb/react (minimal + tree-shaking)	19.09 KB (0%)	382 ms (0%)	68 ms (+480.85% 🔺)	450 ms