Implementation excerpt

Cashu paid-download source shape.

The hosted zine demo is deliberately small: buyer page → receive API → seller test wallet → short-lived grant → grant-gated file.

test mint proofcashu-tsnot production checkout
Try the hosted demoBack to starter kit

Public claim this supports

A Cashu token can unlock a hosted digital file with a tiny app shape.

  1. Buyer page renders the priced asset and accepts a Cashu token.
  2. Payment API receives the token into a seller test wallet and creates a short-lived unlock grant.
  3. File API validates the grant before returning the protected file.

This remains a test-mint proof. It is not production checkout, custody, refund, accounting, or buyer-support infrastructure.

Buyer page

Buyer page

pages/demo/downloads/[slug].tsx
  • Loads the active asset by slug.
  • Shows price, accepted mint, and proof-boundary copy.
  • Posts the pasted Cashu token to the payment API.
  • Renders the returned short-lived grant link or normalized failure.

Receive + grant API

Receive + grant API

pages/api/downloads/[assetId]/pay/cashu.ts
  • Accepts POST only and resolves the asset by id.
  • Checks the token against expected mint, unit, and exact sat amount.
  • Receives the token into the seller test wallet.
  • Records payment metadata and creates the unlock grant.

Cashu receive boundary

Cashu receive boundary

lib/downloads/cashuReceive.ts
  • Requires a token string starting with cashu.
  • Loads the expected test mint with cashu-ts.
  • Normalizes wrong mint, wrong unit, wrong amount, invalid, and spent-token errors.
  • Confirms the seller wallet received exactly the asset price.

State + grant store

State + grant store

lib/downloads/store.ts
  • Defines demo asset, payment attempt, unlock grant, and wallet state records.
  • Persists received proofs in the seller test wallet state.
  • Creates grants that expire after 10 minutes.
  • Validates asset/grant/expiry before file delivery.

Grant-gated file API

Grant-gated file API

pages/api/downloads/[assetId]/file/[grantId].ts
  • Accepts GET only.
  • Rejects missing, unknown, expired, or asset-mismatched grants.
  • Reads the protected sample file after grant validation.
  • Marks the grant delivered and returns private/no-store file response headers.

Intentionally excluded

The excerpt avoids claims the demo does not prove.

Excluded from the public excerpt
  • Secrets, env vars, deployment paths, service names, and private ops notes.
  • Production wallet custody and recovery policy.
  • Refunds, support, abuse handling, webhooks, accounting, and reconciliation.
Still fair to copy
  • The payment-to-grant handoff.
  • Exact-price test-mint Cashu receive flow.
  • Grant-gated delivery for a single hosted file.