@01.software/init 0.9.1 → 0.10.0

package/dist/create-app-templates/ecommerce/lib/payment/adapters/portone.ts

@@ -0,0 +1,254 @@
+import '../../server-only-guard.ts'
+import { PaymentClient, Webhook } from '@portone/server-sdk'
+import {
+  isUnrecognizedPayment,
+  type Payment as PortOnePayment,
+} from '@portone/server-sdk/payment'
+
+import type { PaymentProvider } from '../provider.ts'
+import type { ProviderPayment } from '../types.ts'
+
+export function createPortOnePaymentProvider(): PaymentProvider {
+  const config = getPortOneConfig(process.env)
+  return createPortOnePaymentProviderForConfig(config)
+}
+
+export function createPortOnePaymentProviderForConfig(
+  config: ReturnType<typeof getPortOneConfig>,
+  paymentClient: Pick<
+    ReturnType<typeof PaymentClient>,
+    'getPayment'
+  > = PaymentClient({
+    secret: config.apiSecret,
+  }),
+): PaymentProvider {
+  return {
+    provider: 'portone',
+
+    async requestPayment(input) {
+      // Official browser SDK docs:
+      // https://developers.portone.io/opi/ko/integration/pg/v2/kcp-v2
+      return {
+        ok: true,
+        paymentId: input.paymentId,
+        clientPayment: {
+          provider: 'portone',
+          storeId: config.storeId,
+          channelKey: config.channelKey,
+          payMethod: config.payMethod,
+          paymentId: input.paymentId,
+          orderNumber: input.orderNumber,
+          orderName: input.orderName,
+          amount: input.amount,
+          currency: input.currency,
+          customer: input.customer,
+        },
+      }
+    },
+
+    async getPayment(paymentId) {
+      const payment = await fetchPortOnePayment(
+        paymentClient,
+        config,
+        paymentId,
+      )
+      return mapPortOnePayment(payment, paymentId)
+    },
+
+    async confirmPayment(input) {
+      const payment = await this.getPayment(input.paymentId)
+      if (!payment) throw new Error('PortOne payment not found')
+      return payment
+    },
+
+    async verifyWebhook(request) {
+      const rawBody = await request.text()
+      const body = config.webhookSecret
+        ? await verifyPortOneWebhook(config.webhookSecret, rawBody, request)
+        : config.allowUnsignedWebhooks
+          ? parsePortOneWebhookBody(rawBody)
+          : rejectUnsignedPortOneWebhook()
+      const paymentId = body.data?.paymentId ?? body.paymentId
+      const eventId =
+        request.headers.get('webhook-id') ??
+        body.eventId ??
+        body.id ??
+        paymentId
+
+      if (!paymentId || !eventId) {
+        throw new Error('Invalid PortOne webhook')
+      }
+
+      await fetchPortOnePayment(paymentClient, config, paymentId)
+
+      return {
+        type: 'payment.updated',
+        paymentId,
+        eventId,
+      }
+    },
+  }
+}
+
+type PaymentEnv = Record<string, string | undefined>
+
+export function hasPortOneCredentials(env: PaymentEnv): boolean {
+  return Boolean(
+    env.PORTONE_API_SECRET?.trim() &&
+      env.NEXT_PUBLIC_PORTONE_STORE_ID?.trim() &&
+      env.NEXT_PUBLIC_PORTONE_CHANNEL_KEY?.trim(),
+  )
+}
+
+export function getPortOneConfig(env: PaymentEnv): {
+  apiSecret: string
+  storeId: string
+  channelKey: string
+  payMethod: string
+  webhookSecret?: string
+  allowUnsignedWebhooks: boolean
+} {
+  const apiSecret = env.PORTONE_API_SECRET?.trim()
+  const storeId = env.NEXT_PUBLIC_PORTONE_STORE_ID?.trim()
+  const channelKey = env.NEXT_PUBLIC_PORTONE_CHANNEL_KEY?.trim()
+  const webhookSecret = env.PORTONE_WEBHOOK_SECRET?.trim()
+  const allowUnsignedWebhooks =
+    env.PORTONE_ALLOW_UNSIGNED_WEBHOOKS === 'true' ||
+    env.NODE_ENV !== 'production'
+  if (!apiSecret) {
+    throw new Error('PortOne payments require PORTONE_API_SECRET.')
+  }
+  if (!storeId) {
+    throw new Error(
+      'PortOne payments require NEXT_PUBLIC_PORTONE_STORE_ID.',
+    )
+  }
+  if (!channelKey) {
+    throw new Error(
+      'PortOne payments require NEXT_PUBLIC_PORTONE_CHANNEL_KEY.',
+    )
+  }
+  if (!webhookSecret && !allowUnsignedWebhooks) {
+    throw new Error(
+      'PortOne payments require PORTONE_WEBHOOK_SECRET in production. Set PORTONE_ALLOW_UNSIGNED_WEBHOOKS=true only for local development.',
+    )
+  }
+
+  return {
+    apiSecret,
+    storeId,
+    channelKey,
+    payMethod: env.NEXT_PUBLIC_PORTONE_PAY_METHOD?.trim() || 'CARD',
+    webhookSecret: webhookSecret || undefined,
+    allowUnsignedWebhooks,
+  }
+}
+
+async function fetchPortOnePayment(
+  paymentClient: Pick<ReturnType<typeof PaymentClient>, 'getPayment'>,
+  config: ReturnType<typeof getPortOneConfig>,
+  paymentId: string,
+): Promise<PortOnePayment> {
+  // Official docs:
+  // - Server SDK JS reference: https://portone-io.github.io/server-sdk/js/
+  // - Checkout/payment lookup guide: https://developers.portone.io/opi/ko/integration/start/v2/checkout
+  const payment = await paymentClient.getPayment({
+    paymentId,
+    storeId: config.storeId,
+  })
+  if (isUnrecognizedPayment(payment)) {
+    throw new Error(
+      `Unrecognized PortOne payment status: ${String(payment.status)}`,
+    )
+  }
+
+  return payment
+}
+
+function mapPortOnePayment(
+  payment: PortOnePayment,
+  fallbackPaymentId: string,
+): ProviderPayment {
+  const orderNumber = readPortOneOrderNumber(payment)
+  return {
+    paymentId: 'id' in payment ? payment.id : fallbackPaymentId,
+    status: mapPortOneStatus(String(payment.status)),
+    amount: readPortOneAmount(payment),
+    provider: 'portone',
+    // Omit when absent so the wire shape stays minimal and stable.
+    ...(orderNumber ? { orderNumber } : {}),
+  }
+}
+
+/**
+ * Recover the merchant order number from the PG payment's `customData` — the
+ * durable `orderNumber↔pgPaymentId` mapping threaded in at `requestPayment`
+ * time (#1544 / I6). PortOne serializes `customData` to a JSON string; parse it
+ * best-effort and ignore anything that is not our `{ orderNumber }` shape.
+ */
+function readPortOneOrderNumber(payment: PortOnePayment): string | undefined {
+  if (!('customData' in payment) || typeof payment.customData !== 'string') {
+    return undefined
+  }
+  try {
+    const parsed = JSON.parse(payment.customData) as { orderNumber?: unknown }
+    return typeof parsed.orderNumber === 'string' && parsed.orderNumber.length > 0
+      ? parsed.orderNumber
+      : undefined
+  } catch {
+    return undefined
+  }
+}
+
+function mapPortOneStatus(
+  status: string | undefined,
+): ProviderPayment['status'] {
+  if (status === 'PAID') return 'paid'
+  if (status === 'FAILED') return 'failed'
+  if (status === 'CANCELLED' || status === 'CANCELED') return 'canceled'
+  return 'pending'
+}
+
+function readPortOneAmount(payment: PortOnePayment): number {
+  if (!('amount' in payment)) return 0
+  if (typeof payment.amount.paid === 'number') return payment.amount.paid
+  if (typeof payment.amount.total === 'number') return payment.amount.total
+  return 0
+}
+
+type PortOneWebhookBody = {
+  id?: string
+  eventId?: string
+  paymentId?: string
+  data?: {
+    paymentId?: string
+  }
+}
+
+async function verifyPortOneWebhook(
+  webhookSecret: string,
+  rawBody: string,
+  request: Request,
+): Promise<PortOneWebhookBody> {
+  // Official webhook verification docs:
+  // https://portone-io.github.io/server-sdk/js/modules/Webhook.html
+  const webhook = await Webhook.verify(webhookSecret, rawBody, {
+    'webhook-id': request.headers.get('webhook-id') ?? undefined,
+    'webhook-timestamp': request.headers.get('webhook-timestamp') ?? undefined,
+    'webhook-signature': request.headers.get('webhook-signature') ?? undefined,
+  })
+  if (Webhook.isUnrecognizedWebhook(webhook)) {
+    throw new Error(
+      `Unrecognized PortOne webhook type: ${String(webhook.type)}`,
+    )
+  }
+  return webhook as PortOneWebhookBody
+}
+
+function parsePortOneWebhookBody(rawBody: string): PortOneWebhookBody {
+  return JSON.parse(rawBody) as PortOneWebhookBody
+}
+
+function rejectUnsignedPortOneWebhook(): never {
+  throw new Error('Unsigned PortOne webhook is not allowed.')
+}

package/dist/create-app-templates/ecommerce/lib/payment/adapters/tosspayments.ts

@@ -0,0 +1,287 @@
+import "../../server-only-guard.ts";
+import { createHmac, timingSafeEqual } from "node:crypto";
+import type { PaymentProvider } from "../provider.ts";
+import type { ProviderPayment } from "../types.ts";
+
+type TossPayment = {
+  paymentKey?: string;
+  orderId?: string;
+  status?: string;
+  totalAmount?: number;
+  balanceAmount?: number;
+  metadata?: Record<string, unknown> | null;
+};
+
+export function createTossPaymentsProvider(): PaymentProvider {
+  const config = getTossPaymentsConfig(process.env);
+
+  return {
+    provider: "tosspayments",
+
+    async requestPayment(input) {
+      return {
+        ok: true,
+        paymentId: input.paymentId,
+        clientPayment: {
+          provider: "tosspayments",
+          clientKey: config.clientKey,
+          customerKey: config.customerKey,
+          paymentId: input.paymentId,
+          orderNumber: input.orderNumber,
+          orderName: input.orderName,
+          amount: input.amount,
+          currency: input.currency,
+          customer: input.customer,
+        },
+      };
+    },
+
+    async getPayment(paymentId) {
+      const payment = await fetchTossPaymentByOrderId(config, paymentId);
+      return mapTossPayment(payment, paymentId);
+    },
+
+    async confirmPayment(input) {
+      if (!input.providerPaymentId || input.amount == null) {
+        const payment = await this.getPayment(input.paymentId);
+        if (!payment) throw new Error("TossPayments payment not found");
+        return payment;
+      }
+
+      const payment = await confirmTossPayment(config, {
+        paymentKey: input.providerPaymentId,
+        orderId: input.paymentId,
+        amount: input.amount,
+      });
+      return mapTossPayment(payment, input.paymentId);
+    },
+
+    async verifyWebhook(request) {
+      // Verify-then-server-refetch parity with PortOne (#1544 / I6). Toss
+      // webhooks are not delivered through the browser SDK, so trust is
+      // established two ways: (1) an HMAC-SHA256 signature when a secret is
+      // configured, mirroring the Console billing webhook scheme
+      // (`${timestamp}.${rawBody}`, base64, `Toss-Signature`/`Toss-Timestamp`);
+      // (2) an authoritative server re-fetch of the payment from the Toss API
+      // (secret-key authenticated), never the unauthenticated request body.
+      // Outside local development an unsigned webhook is rejected — no
+      // default-trust of the body.
+      const rawBody = await request.text();
+
+      if (config.webhookSecret) {
+        verifyTossWebhookSignature(config.webhookSecret, rawBody, request);
+      } else if (!config.allowUnsignedWebhooks) {
+        throw new Error(
+          "TossPayments webhook signature required outside development.",
+        );
+      }
+
+      const body = parseTossWebhookBody(rawBody);
+      const paymentId = body.data?.orderId ?? body.data?.paymentKey;
+      const eventId =
+        body.eventId ??
+        body.data?.paymentKey ??
+        (body.eventType && paymentId
+          ? `${body.eventType}:${paymentId}`
+          : paymentId);
+      if (!paymentId || !eventId) {
+        throw new Error("Invalid TossPayments webhook");
+      }
+
+      // Server re-fetch: confirm the event corresponds to a real payment before
+      // trusting it. A lookup failure throws and the webhook route 400s.
+      await fetchTossPaymentByOrderId(config, paymentId);
+
+      return {
+        type: "payment.updated",
+        paymentId,
+        eventId,
+      };
+    },
+  };
+}
+
+type PaymentEnv = Record<string, string | undefined>;
+
+export function hasTossPaymentsCredentials(env: PaymentEnv): boolean {
+  return Boolean(
+    env.TOSSPAYMENTS_SECRET_KEY?.trim() &&
+      env.NEXT_PUBLIC_TOSSPAYMENTS_CLIENT_KEY?.trim(),
+  );
+}
+
+export function getTossPaymentsConfig(env: PaymentEnv): {
+  secretKey: string;
+  clientKey: string;
+  customerKey?: string;
+  apiBaseUrl: string;
+  webhookSecret?: string;
+  allowUnsignedWebhooks: boolean;
+} {
+  const secretKey = env.TOSSPAYMENTS_SECRET_KEY?.trim();
+  const clientKey = env.NEXT_PUBLIC_TOSSPAYMENTS_CLIENT_KEY?.trim();
+  const webhookSecret = env.TOSSPAYMENTS_WEBHOOK_SECRET?.trim();
+  const allowUnsignedWebhooks =
+    env.TOSSPAYMENTS_ALLOW_UNSIGNED_WEBHOOKS === "true" ||
+    env.NODE_ENV !== "production";
+  if (!secretKey) {
+    throw new Error("TossPayments requires TOSSPAYMENTS_SECRET_KEY.");
+  }
+  if (!clientKey) {
+    throw new Error(
+      "TossPayments requires NEXT_PUBLIC_TOSSPAYMENTS_CLIENT_KEY.",
+    );
+  }
+  if (!webhookSecret && !allowUnsignedWebhooks) {
+    throw new Error(
+      "TossPayments requires TOSSPAYMENTS_WEBHOOK_SECRET in production. Set TOSSPAYMENTS_ALLOW_UNSIGNED_WEBHOOKS=true only for local development.",
+    );
+  }
+
+  return {
+    secretKey,
+    clientKey,
+    customerKey: env.NEXT_PUBLIC_TOSSPAYMENTS_CUSTOMER_KEY?.trim() || undefined,
+    apiBaseUrl: (
+      env.TOSSPAYMENTS_API_BASE_URL ?? "https://api.tosspayments.com/v1"
+    ).replace(/\/$/, ""),
+    webhookSecret: webhookSecret || undefined,
+    allowUnsignedWebhooks,
+  };
+}
+
+async function confirmTossPayment(
+  config: ReturnType<typeof getTossPaymentsConfig>,
+  input: { paymentKey: string; orderId: string; amount: number },
+): Promise<TossPayment> {
+  // Official docs:
+  // - Browser SDK requestPayment: https://docs.tosspayments.com/en/integration
+  // - Confirm API: https://docs.tosspayments.com/en/api-guide
+  // - Widget success redirect params: https://docs.tosspayments.com/en/integration-widget
+  const response = await fetch(`${config.apiBaseUrl}/payments/confirm`, {
+    method: "POST",
+    headers: {
+      Authorization: tossAuthorization(config.secretKey),
+      "Content-Type": "application/json",
+    },
+    body: JSON.stringify(input),
+    cache: "no-store",
+  });
+
+  if (!response.ok) {
+    throw new Error(`TossPayments confirmation failed: ${response.status}`);
+  }
+
+  return (await response.json()) as TossPayment;
+}
+
+async function fetchTossPaymentByOrderId(
+  config: ReturnType<typeof getTossPaymentsConfig>,
+  orderId: string,
+): Promise<TossPayment> {
+  // Official docs:
+  // - Payment lookup reference: https://docs.tosspayments.com/reference
+  // - API guide: https://docs.tosspayments.com/en/api-guide
+  const response = await fetch(
+    `${config.apiBaseUrl}/payments/orders/${encodeURIComponent(orderId)}`,
+    {
+      headers: {
+        Authorization: tossAuthorization(config.secretKey),
+      },
+      cache: "no-store",
+    },
+  );
+
+  if (!response.ok) {
+    throw new Error(`TossPayments payment lookup failed: ${response.status}`);
+  }
+
+  return (await response.json()) as TossPayment;
+}
+
+function mapTossPayment(
+  payment: TossPayment,
+  fallbackPaymentId: string,
+): ProviderPayment {
+  const orderNumber = readMetadataOrderNumber(payment.metadata);
+  return {
+    paymentId: payment.orderId ?? fallbackPaymentId,
+    status: mapTossStatus(payment.status),
+    amount: payment.totalAmount ?? payment.balanceAmount ?? 0,
+    provider: "tosspayments",
+    // Omit when absent so the wire shape stays minimal and stable.
+    ...(orderNumber ? { orderNumber } : {}),
+  };
+}
+
+function mapTossStatus(status: string | undefined): ProviderPayment["status"] {
+  if (status === "DONE") return "paid";
+  if (status === "ABORTED" || status === "EXPIRED") return "failed";
+  if (status === "CANCELED" || status === "PARTIAL_CANCELED") return "canceled";
+  return "pending";
+}
+
+function readMetadataOrderNumber(
+  metadata: Record<string, unknown> | null | undefined,
+): string | undefined {
+  const value = metadata?.orderNumber;
+  return typeof value === "string" && value.length > 0 ? value : undefined;
+}
+
+type TossWebhookBody = {
+  eventId?: string;
+  eventType?: string;
+  data?: {
+    orderId?: string;
+    paymentKey?: string;
+  };
+};
+
+function parseTossWebhookBody(rawBody: string): TossWebhookBody {
+  return JSON.parse(rawBody) as TossWebhookBody;
+}
+
+/**
+ * HMAC-SHA256 over `${timestamp}.${rawBody}`, base64-encoded, timing-safe
+ * compared against the `Toss-Signature` header. A one-sided timestamp window
+ * (`0 <= now - ts <= 300s`) rejects stale and future deliveries. Mirrors the
+ * Console billing webhook verification scheme.
+ */
+function verifyTossWebhookSignature(
+  webhookSecret: string,
+  rawBody: string,
+  request: Request,
+): void {
+  const signature = request.headers.get("Toss-Signature");
+  const timestamp = request.headers.get("Toss-Timestamp");
+  if (!signature) {
+    throw new Error("Missing TossPayments webhook signature.");
+  }
+  if (!timestamp || !/^\d+$/.test(timestamp)) {
+    throw new Error("Missing or invalid TossPayments webhook timestamp.");
+  }
+  const ts = Number(timestamp);
+  if (!Number.isSafeInteger(ts)) {
+    throw new Error("Invalid TossPayments webhook timestamp.");
+  }
+  const age = Date.now() / 1000 - ts;
+  if (age < 0 || age > 300) {
+    throw new Error("TossPayments webhook timestamp is out of window.");
+  }
+
+  const expected = createHmac("sha256", webhookSecret)
+    .update(`${timestamp}.${rawBody}`)
+    .digest("base64");
+  const sigBuf = Buffer.from(signature);
+  const expBuf = Buffer.from(expected);
+  const lengthMatch = sigBuf.length === expBuf.length;
+  const match =
+    lengthMatch && timingSafeEqual(sigBuf, expBuf);
+  if (!match) {
+    throw new Error("Invalid TossPayments webhook signature.");
+  }
+}
+
+function tossAuthorization(secretKey: string): string {
+  return `Basic ${Buffer.from(`${secretKey}:`).toString("base64")}`;
+}

package/dist/create-app-templates/ecommerce/lib/payment/amount-gate.ts

@@ -0,0 +1,86 @@
+/**
+ * Shared, unconditional amount-equality gate (#1544 / I6).
+ *
+ * Every order-advancing path — the PG redirect return, the success-page
+ * reconciliation, and the webhook — runs this before a payment is confirmed, so
+ * a client-tamperable amount can never advance an order at a price other than
+ * the server-known one.
+ *
+ * Layering: the Console `confirmPayment` endpoint is the *authoritative* quote
+ * check — it rejects `amount !== checkout.totalAmount` (and `!== order.totalAmount`
+ * on retries) server-side, tenant-scoped, inside the trusted backend. This
+ * template-side gate is the complementary layer that (a) refuses to forward a
+ * client-supplied amount to a PG confirm or to the Console — only PG-re-fetched
+ * amounts cross that boundary — and (b) asserts that any two independently known
+ * amount sources agree before confirm. Where only one source exists (a
+ * webhook-first placement has no client amount and no placed order yet), the
+ * gate is still invoked but necessarily delegates the quote check to the Console;
+ * the cross-PG parity test documents this explicitly.
+ */
+export class AmountMismatchError extends Error {
+  readonly code = "amount_mismatch";
+  readonly context: string;
+  readonly expected: number;
+  readonly actual: number;
+  readonly currency?: { expected?: string; actual?: string };
+
+  constructor(input: {
+    context: string;
+    expected: number;
+    actual: number;
+    currency?: { expected?: string; actual?: string };
+  }) {
+    super(
+      `Amount mismatch on ${input.context}: expected ${input.expected}, got ${input.actual}`,
+    );
+    this.name = "AmountMismatchError";
+    this.context = input.context;
+    this.expected = input.expected;
+    this.actual = input.actual;
+    this.currency = input.currency;
+  }
+}
+
+/**
+ * Assert two independently sourced payment amounts (and, when both are known,
+ * currencies) are equal. Amounts are integer minor units (e.g. KRW), so a strict
+ * `!==` comparison is correct. A non-finite amount on either side is treated as
+ * a mismatch (fail closed). Throws {@link AmountMismatchError} on any mismatch.
+ */
+export function assertAmountEquals(input: {
+  context: string;
+  expected: number;
+  actual: number;
+  expectedCurrency?: string;
+  actualCurrency?: string;
+}): void {
+  if (!Number.isFinite(input.expected) || !Number.isFinite(input.actual)) {
+    throw new AmountMismatchError({
+      context: input.context,
+      expected: input.expected,
+      actual: input.actual,
+    });
+  }
+  if (input.expected !== input.actual) {
+    throw new AmountMismatchError({
+      context: input.context,
+      expected: input.expected,
+      actual: input.actual,
+    });
+  }
+  if (
+    input.expectedCurrency != null &&
+    input.actualCurrency != null &&
+    input.expectedCurrency !== input.actualCurrency
+  ) {
+    throw new AmountMismatchError({
+      context: input.context,
+      expected: input.expected,
+      actual: input.actual,
+      currency: {
+        expected: input.expectedCurrency,
+        actual: input.actualCurrency,
+      },
+    });
+  }
+}

package/dist/create-app-templates/ecommerce/lib/payment/provider.server.ts

@@ -0,0 +1,51 @@
+import "../server-only-guard.ts";
+import { createMockPaymentProvider } from "./adapters/mock.ts";
+// scaffold:provider:portone:start
+import {
+  createPortOnePaymentProvider,
+  hasPortOneCredentials,
+} from "./adapters/portone.ts";
+// scaffold:provider:portone:end
+// scaffold:provider:tosspayments:start
+import {
+  createTossPaymentsProvider,
+  hasTossPaymentsCredentials,
+} from "./adapters/tosspayments.ts";
+// scaffold:provider:tosspayments:end
+import type { PaymentProvider } from "./provider.ts";
+
+type PaymentAdapterRegistration = {
+  hasCredentials: (env: NodeJS.ProcessEnv) => boolean;
+  create: () => PaymentProvider;
+};
+
+// Payment adapter registry. To add a payment provider: implement the
+// PaymentProvider port in `./adapters/<pg>.ts` (exporting `create<Pg>Provider`
+// and `has<Pg>Credentials`), then register it here inside a matching pair of
+// `scaffold:provider:<id>` markers. `create-01-software-app` prunes the
+// markers (and the dependency) for every provider the scaffolded app did not
+// select, so a generated app ships with exactly one PG adapter.
+const PAYMENT_ADAPTERS: PaymentAdapterRegistration[] = [
+  // scaffold:provider:portone:start
+  {
+    hasCredentials: hasPortOneCredentials,
+    create: createPortOnePaymentProvider,
+  },
+  // scaffold:provider:portone:end
+  // scaffold:provider:tosspayments:start
+  {
+    hasCredentials: hasTossPaymentsCredentials,
+    create: createTossPaymentsProvider,
+  },
+  // scaffold:provider:tosspayments:end
+];
+
+export function getPaymentProvider(): PaymentProvider {
+  for (const adapter of PAYMENT_ADAPTERS) {
+    if (adapter.hasCredentials(process.env)) {
+      return adapter.create();
+    }
+  }
+
+  return createMockPaymentProvider();
+}

package/dist/create-app-templates/ecommerce/lib/payment/provider.ts

@@ -0,0 +1,18 @@
+import type {
+  PaymentRequestInput,
+  PaymentRequestResult,
+  PaymentWebhookEvent,
+  ProviderPayment,
+} from './types.ts'
+
+export type PaymentProvider = {
+  provider: string
+  requestPayment(input: PaymentRequestInput): Promise<PaymentRequestResult>
+  getPayment(paymentId: string): Promise<ProviderPayment | null>
+  confirmPayment(input: {
+    paymentId: string
+    providerPaymentId?: string
+    amount?: number
+  }): Promise<ProviderPayment>
+  verifyWebhook(request: Request): Promise<PaymentWebhookEvent>
+}