@01.software/sdk 0.17.0 → 0.18.0

package/dist/realtime.d.cts

@@ -1,7 +1,7 @@
 import { R as RealtimeEvent } from './realtime-D7HtUpqt.cjs';
 export { a as RealtimeConnection, b as RealtimeListener } from './realtime-D7HtUpqt.cjs';
-import { P as PublicCollection } from './const-D2K5HxpP.cjs';
-import './payload-types-CMoyAOjJ.cjs';
+import { P as PublicCollection } from './const-zEoxAfGX.cjs';
+import './payload-types-Cwnj_qN4.cjs';
 
 interface UseRealtimeQueryOptions {
     /** Filter events to specific collections. Empty/undefined = all collections. */

package/dist/realtime.d.ts

@@ -1,7 +1,7 @@
 import { R as RealtimeEvent } from './realtime-D7HtUpqt.js';
 export { a as RealtimeConnection, b as RealtimeListener } from './realtime-D7HtUpqt.js';
-import { P as PublicCollection } from './const-DG8TrouX.js';
-import './payload-types-CMoyAOjJ.js';
+import { P as PublicCollection } from './const-_gW__LA1.js';
+import './payload-types-Cwnj_qN4.js';
 
 interface UseRealtimeQueryOptions {
     /** Filter events to specific collections. Empty/undefined = all collections. */

package/dist/ui/form.d.cts

@@ -1,5 +1,5 @@
 import React from 'react';
-import { F as Form } from '../payload-types-CMoyAOjJ.cjs';
+import { F as Form } from '../payload-types-Cwnj_qN4.cjs';
 import { RichTextData } from './rich-text.cjs';
 import '@payloadcms/richtext-lexical';
 import '@payloadcms/richtext-lexical/lexical';

package/dist/ui/form.d.ts

@@ -1,5 +1,5 @@
 import React from 'react';
-import { F as Form } from '../payload-types-CMoyAOjJ.js';
+import { F as Form } from '../payload-types-Cwnj_qN4.js';
 import { RichTextData } from './rich-text.js';
 import '@payloadcms/richtext-lexical';
 import '@payloadcms/richtext-lexical/lexical';

package/dist/ui/video.d.cts

@@ -1,7 +1,7 @@
 import React, { CSSProperties } from 'react';
 import { MuxPlayerProps, MuxPlayerRefAttributes } from '@mux/mux-player-react';
 export { MuxPlayerRefAttributes as VideoPlayerRef } from '@mux/mux-player-react';
-import { V as Video } from '../payload-types-CMoyAOjJ.cjs';
+import { V as Video } from '../payload-types-Cwnj_qN4.cjs';
 export { e as VideoGifOptions, V as VideoThumbnailOptions, a as getVideoGif, c as getVideoMp4Url, d as getVideoStoryboard, b as getVideoStreamUrl, g as getVideoThumbnail } from '../video-DbLL8yuc.cjs';
 
 interface VideoPlayerCSSProperties extends CSSProperties {

package/dist/ui/video.d.ts

@@ -1,7 +1,7 @@
 import React, { CSSProperties } from 'react';
 import { MuxPlayerProps, MuxPlayerRefAttributes } from '@mux/mux-player-react';
 export { MuxPlayerRefAttributes as VideoPlayerRef } from '@mux/mux-player-react';
-import { V as Video } from '../payload-types-CMoyAOjJ.js';
+import { V as Video } from '../payload-types-Cwnj_qN4.js';
 export { e as VideoGifOptions, V as VideoThumbnailOptions, a as getVideoGif, c as getVideoMp4Url, d as getVideoStoryboard, b as getVideoStreamUrl, g as getVideoThumbnail } from '../video-DbLL8yuc.js';
 
 interface VideoPlayerCSSProperties extends CSSProperties {

package/dist/webhook-Ce9uNv5c.d.cts

@@ -0,0 +1,58 @@
+import { C as Collection } from './const-zEoxAfGX.cjs';
+import { j as CustomerProfile, k as Thread, l as Comment, m as Reaction, C as Config } from './payload-types-Cwnj_qN4.cjs';
+
+type PublicCustomerProfile = Omit<CustomerProfile, 'tenant' | 'customer' | 'isPublic' | 'anonymizedAt' | 'metadata'>;
+type PublicProfileRelation = string | PublicCustomerProfile;
+type PublicThread = Omit<Thread, 'authorProfile' | 'lastCommentByProfile'> & {
+    authorProfile: PublicProfileRelation;
+    lastCommentByProfile?: PublicProfileRelation | null;
+};
+type PublicComment = Omit<Comment, 'authorProfile'> & {
+    authorProfile: PublicProfileRelation;
+};
+type PublicReaction = Omit<Reaction, 'actorProfile'> & {
+    actorProfile: PublicProfileRelation;
+};
+type PublicCollectionOverrides = {
+    'customer-profiles': PublicCustomerProfile;
+    threads: PublicThread;
+    comments: PublicComment;
+    reactions: PublicReaction;
+};
+type CollectionType<T extends string> = T extends keyof PublicCollectionOverrides ? PublicCollectionOverrides[T] : T extends keyof Config['collections'] ? Config['collections'][T] : never;
+
+type WebhookOperation = string;
+interface WebhookEvent<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> {
+    collection: T;
+    operation: WebhookOperation;
+    data: TData;
+    timestamp?: string;
+}
+type WebhookHandler<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> = (event: WebhookEvent<T, TData>) => Promise<void> | void;
+interface WebhookOptions {
+    secret?: string;
+}
+declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
+declare const CUSTOMER_PASSWORD_RESET_OPERATION: "password-reset";
+interface CustomerPasswordResetWebhookData {
+    customerId: string | number;
+    email: string;
+    name: string;
+    resetPasswordToken: string;
+    resetPasswordExpiresAt: string;
+}
+type CustomerPasswordResetWebhookEvent = WebhookEvent<'customers', CustomerPasswordResetWebhookData> & {
+    operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION;
+};
+type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent;
+type MaybePromise<T> = T | Promise<T>;
+interface CustomerAuthWebhookHandlers {
+    passwordReset?: (data: CustomerPasswordResetWebhookData, event: CustomerPasswordResetWebhookEvent) => MaybePromise<void>;
+    unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>;
+}
+declare function isCustomerPasswordResetWebhookEvent(event: WebhookEvent<string, unknown>): event is CustomerPasswordResetWebhookEvent;
+declare function createCustomerAuthWebhookHandler(handlers: CustomerAuthWebhookHandlers): WebhookHandler<string, unknown>;
+declare function handleWebhook<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>>(request: Request, handler: WebhookHandler<T, TData>, options?: WebhookOptions): Promise<Response>;
+declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
+
+export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, CUSTOMER_PASSWORD_RESET_OPERATION as d, type CustomerPasswordResetWebhookData as e, type CustomerPasswordResetWebhookEvent as f, type CustomerAuthWebhookEvent as g, type CustomerAuthWebhookHandlers as h, isValidWebhookEvent as i, isCustomerPasswordResetWebhookEvent as j, createCustomerAuthWebhookHandler as k, handleWebhook as l, createTypedWebhookHandler as m };

package/dist/webhook-ger4JSeS.d.ts

@@ -0,0 +1,58 @@
+import { C as Collection } from './const-_gW__LA1.js';
+import { j as CustomerProfile, k as Thread, l as Comment, m as Reaction, C as Config } from './payload-types-Cwnj_qN4.js';
+
+type PublicCustomerProfile = Omit<CustomerProfile, 'tenant' | 'customer' | 'isPublic' | 'anonymizedAt' | 'metadata'>;
+type PublicProfileRelation = string | PublicCustomerProfile;
+type PublicThread = Omit<Thread, 'authorProfile' | 'lastCommentByProfile'> & {
+    authorProfile: PublicProfileRelation;
+    lastCommentByProfile?: PublicProfileRelation | null;
+};
+type PublicComment = Omit<Comment, 'authorProfile'> & {
+    authorProfile: PublicProfileRelation;
+};
+type PublicReaction = Omit<Reaction, 'actorProfile'> & {
+    actorProfile: PublicProfileRelation;
+};
+type PublicCollectionOverrides = {
+    'customer-profiles': PublicCustomerProfile;
+    threads: PublicThread;
+    comments: PublicComment;
+    reactions: PublicReaction;
+};
+type CollectionType<T extends string> = T extends keyof PublicCollectionOverrides ? PublicCollectionOverrides[T] : T extends keyof Config['collections'] ? Config['collections'][T] : never;
+
+type WebhookOperation = string;
+interface WebhookEvent<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> {
+    collection: T;
+    operation: WebhookOperation;
+    data: TData;
+    timestamp?: string;
+}
+type WebhookHandler<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>> = (event: WebhookEvent<T, TData>) => Promise<void> | void;
+interface WebhookOptions {
+    secret?: string;
+}
+declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
+declare const CUSTOMER_PASSWORD_RESET_OPERATION: "password-reset";
+interface CustomerPasswordResetWebhookData {
+    customerId: string | number;
+    email: string;
+    name: string;
+    resetPasswordToken: string;
+    resetPasswordExpiresAt: string;
+}
+type CustomerPasswordResetWebhookEvent = WebhookEvent<'customers', CustomerPasswordResetWebhookData> & {
+    operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION;
+};
+type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent;
+type MaybePromise<T> = T | Promise<T>;
+interface CustomerAuthWebhookHandlers {
+    passwordReset?: (data: CustomerPasswordResetWebhookData, event: CustomerPasswordResetWebhookEvent) => MaybePromise<void>;
+    unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>;
+}
+declare function isCustomerPasswordResetWebhookEvent(event: WebhookEvent<string, unknown>): event is CustomerPasswordResetWebhookEvent;
+declare function createCustomerAuthWebhookHandler(handlers: CustomerAuthWebhookHandlers): WebhookHandler<string, unknown>;
+declare function handleWebhook<T extends Collection | string = Collection, TData = T extends Collection ? CollectionType<T> : Record<string, unknown>>(request: Request, handler: WebhookHandler<T, TData>, options?: WebhookOptions): Promise<Response>;
+declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
+
+export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, CUSTOMER_PASSWORD_RESET_OPERATION as d, type CustomerPasswordResetWebhookData as e, type CustomerPasswordResetWebhookEvent as f, type CustomerAuthWebhookEvent as g, type CustomerAuthWebhookHandlers as h, isValidWebhookEvent as i, isCustomerPasswordResetWebhookEvent as j, createCustomerAuthWebhookHandler as k, handleWebhook as l, createTypedWebhookHandler as m };

package/dist/webhook.cjs

@@ -20,8 +20,11 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 // src/webhook.ts
 var webhook_exports = {};
 __export(webhook_exports, {
+  CUSTOMER_PASSWORD_RESET_OPERATION: () => CUSTOMER_PASSWORD_RESET_OPERATION,
+  createCustomerAuthWebhookHandler: () => createCustomerAuthWebhookHandler,
   createTypedWebhookHandler: () => createTypedWebhookHandler,
   handleWebhook: () => handleWebhook,
+  isCustomerPasswordResetWebhookEvent: () => isCustomerPasswordResetWebhookEvent,
   isValidWebhookEvent: () => isValidWebhookEvent
 });
 module.exports = __toCommonJS(webhook_exports);
@@ -30,7 +33,32 @@ module.exports = __toCommonJS(webhook_exports);
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
-  return typeof obj.collection === "string" && (obj.operation === "create" || obj.operation === "update") && typeof obj.data === "object" && obj.data !== null;
+  return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
+}
+var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function hasString(value, key) {
+  return typeof value[key] === "string";
+}
+function hasStringOrNumber(value, key) {
+  return typeof value[key] === "string" || typeof value[key] === "number";
+}
+function isCustomerPasswordResetWebhookEvent(event) {
+  if (event.collection !== "customers" || event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION || !isRecord(event.data)) {
+    return false;
+  }
+  return hasStringOrNumber(event.data, "customerId") && hasString(event.data, "email") && hasString(event.data, "name") && hasString(event.data, "resetPasswordToken") && hasString(event.data, "resetPasswordExpiresAt");
+}
+function createCustomerAuthWebhookHandler(handlers) {
+  return async (event) => {
+    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {
+      await handlers.passwordReset(event.data, event);
+      return;
+    }
+    await handlers.unhandled?.(event);
+  };
 }
 async function verifySignature(payload, secret, signature) {
   const encoder = new TextEncoder();

package/dist/webhook.cjs.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/webhook.ts","../src/core/webhook/index.ts"],"sourcesContent":["export {\n  handleWebhook,\n  createTypedWebhookHandler,\n  isValidWebhookEvent,\n} from './core/webhook'\nexport type {\n  WebhookEvent,\n  WebhookHandler,\n  WebhookOperation,\n  WebhookOptions,\n} from './core/webhook'\n","import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = 'create' | 'update'\n\nexport interface WebhookEvent<T extends Collection = Collection> {\n  collection: T\n  operation: WebhookOperation\n  data: CollectionType<T>\n}\n\nexport type WebhookHandler<T extends Collection = Collection> = (\n  event: WebhookEvent<T>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    (obj.operation === 'create' || obj.operation === 'update') &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify('HMAC', key, sigBytes, encoder.encode(payload))\n}\n\nexport async function handleWebhook<T extends Collection = Collection>(\n  request: Request,\n  handler: WebhookHandler<T>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const valid = await verifySignature(rawBody, options.secret, signature)\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACmBO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,aACzB,IAAI,cAAc,YAAY,IAAI,cAAc,aACjD,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEA,eAAe,gBACb,SACA,QACA,WACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,UAAU,QAAQ,OAAO,OAAO,CAAC;AAC5E;AAEA,eAAsB,cACpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,QAAQ,MAAM,gBAAgB,SAAS,QAAQ,QAAQ,SAAS;AACtE,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAAuB;AAErC,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}
+{"version":3,"sources":["../src/webhook.ts","../src/core/webhook/index.ts"],"sourcesContent":["export {\n  handleWebhook,\n  createTypedWebhookHandler,\n  createCustomerAuthWebhookHandler,\n  isValidWebhookEvent,\n  isCustomerPasswordResetWebhookEvent,\n  CUSTOMER_PASSWORD_RESET_OPERATION,\n} from './core/webhook'\nexport type {\n  CustomerAuthWebhookEvent,\n  CustomerAuthWebhookHandlers,\n  CustomerPasswordResetWebhookData,\n  CustomerPasswordResetWebhookEvent,\n  WebhookEvent,\n  WebhookHandler,\n  WebhookOperation,\n  WebhookOptions,\n} from './core/webhook'\n","import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = string\n\nexport interface WebhookEvent<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> {\n  collection: T\n  operation: WebhookOperation\n  data: TData\n  timestamp?: string\n}\n\nexport type WebhookHandler<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> = (\n  event: WebhookEvent<T, TData>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    typeof obj.operation === 'string' &&\n    obj.operation.length > 0 &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nexport const CUSTOMER_PASSWORD_RESET_OPERATION = 'password-reset' as const\n\nexport interface CustomerPasswordResetWebhookData {\n  customerId: string | number\n  email: string\n  name: string\n  resetPasswordToken: string\n  resetPasswordExpiresAt: string\n}\n\nexport type CustomerPasswordResetWebhookEvent = WebhookEvent<\n  'customers',\n  CustomerPasswordResetWebhookData\n> & {\n  operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION\n}\n\nexport type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent\n\ntype MaybePromise<T> = T | Promise<T>\n\nexport interface CustomerAuthWebhookHandlers {\n  passwordReset?: (\n    data: CustomerPasswordResetWebhookData,\n    event: CustomerPasswordResetWebhookEvent,\n  ) => MaybePromise<void>\n  unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null\n}\n\nfunction hasString(value: Record<string, unknown>, key: string): boolean {\n  return typeof value[key] === 'string'\n}\n\nfunction hasStringOrNumber(\n  value: Record<string, unknown>,\n  key: string,\n): boolean {\n  return typeof value[key] === 'string' || typeof value[key] === 'number'\n}\n\nexport function isCustomerPasswordResetWebhookEvent(\n  event: WebhookEvent<string, unknown>,\n): event is CustomerPasswordResetWebhookEvent {\n  if (\n    event.collection !== 'customers' ||\n    event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION ||\n    !isRecord(event.data)\n  ) {\n    return false\n  }\n\n  return (\n    hasStringOrNumber(event.data, 'customerId') &&\n    hasString(event.data, 'email') &&\n    hasString(event.data, 'name') &&\n    hasString(event.data, 'resetPasswordToken') &&\n    hasString(event.data, 'resetPasswordExpiresAt')\n  )\n}\n\nexport function createCustomerAuthWebhookHandler(\n  handlers: CustomerAuthWebhookHandlers,\n): WebhookHandler<string, unknown> {\n  return async (event) => {\n    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {\n      await handlers.passwordReset(event.data, event)\n      return\n    }\n\n    await handlers.unhandled?.(event)\n  }\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify('HMAC', key, sigBytes, encoder.encode(payload))\n}\n\nexport async function handleWebhook<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n>(\n  request: Request,\n  handler: WebhookHandler<T, TData>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const valid = await verifySignature(rawBody, options.secret, signature)\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T, TData>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;AC0BO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,YAC1B,OAAO,IAAI,cAAc,YACzB,IAAI,UAAU,SAAS,KACvB,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEO,IAAM,oCAAoC;AA6BjD,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;AAEA,SAAS,UAAU,OAAgC,KAAsB;AACvE,SAAO,OAAO,MAAM,GAAG,MAAM;AAC/B;AAEA,SAAS,kBACP,OACA,KACS;AACT,SAAO,OAAO,MAAM,GAAG,MAAM,YAAY,OAAO,MAAM,GAAG,MAAM;AACjE;AAEO,SAAS,oCACd,OAC4C;AAC5C,MACE,MAAM,eAAe,eACrB,MAAM,cAAc,qCACpB,CAAC,SAAS,MAAM,IAAI,GACpB;AACA,WAAO;AAAA,EACT;AAEA,SACE,kBAAkB,MAAM,MAAM,YAAY,KAC1C,UAAU,MAAM,MAAM,OAAO,KAC7B,UAAU,MAAM,MAAM,MAAM,KAC5B,UAAU,MAAM,MAAM,oBAAoB,KAC1C,UAAU,MAAM,MAAM,wBAAwB;AAElD;AAEO,SAAS,iCACd,UACiC;AACjC,SAAO,OAAO,UAAU;AACtB,QAAI,oCAAoC,KAAK,KAAK,SAAS,eAAe;AACxE,YAAM,SAAS,cAAc,MAAM,MAAM,KAAK;AAC9C;AAAA,IACF;AAEA,UAAM,SAAS,YAAY,KAAK;AAAA,EAClC;AACF;AAEA,eAAe,gBACb,SACA,QACA,WACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,UAAU,QAAQ,OAAO,OAAO,CAAC;AAC5E;AAEA,eAAsB,cAIpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,QAAQ,MAAM,gBAAgB,SAAS,QAAQ,QAAQ,SAAS;AACtE,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAA8B;AAE5C,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}

package/dist/webhook.d.cts

@@ -1,3 +1,3 @@
-export { a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, d as createTypedWebhookHandler, h as handleWebhook, i as isValidWebhookEvent } from './webhook-Dm2zz7FQ.cjs';
-import './const-D2K5HxpP.cjs';
-import './payload-types-CMoyAOjJ.cjs';
+export { d as CUSTOMER_PASSWORD_RESET_OPERATION, g as CustomerAuthWebhookEvent, h as CustomerAuthWebhookHandlers, e as CustomerPasswordResetWebhookData, f as CustomerPasswordResetWebhookEvent, a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, k as createCustomerAuthWebhookHandler, m as createTypedWebhookHandler, l as handleWebhook, j as isCustomerPasswordResetWebhookEvent, i as isValidWebhookEvent } from './webhook-Ce9uNv5c.cjs';
+import './const-zEoxAfGX.cjs';
+import './payload-types-Cwnj_qN4.cjs';

package/dist/webhook.d.ts

@@ -1,3 +1,3 @@
-export { a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, d as createTypedWebhookHandler, h as handleWebhook, i as isValidWebhookEvent } from './webhook-IhuUWnt5.js';
-import './const-DG8TrouX.js';
-import './payload-types-CMoyAOjJ.js';
+export { d as CUSTOMER_PASSWORD_RESET_OPERATION, g as CustomerAuthWebhookEvent, h as CustomerAuthWebhookHandlers, e as CustomerPasswordResetWebhookData, f as CustomerPasswordResetWebhookEvent, a as WebhookEvent, b as WebhookHandler, W as WebhookOperation, c as WebhookOptions, k as createCustomerAuthWebhookHandler, m as createTypedWebhookHandler, l as handleWebhook, j as isCustomerPasswordResetWebhookEvent, i as isValidWebhookEvent } from './webhook-ger4JSeS.js';
+import './const-_gW__LA1.js';
+import './payload-types-Cwnj_qN4.js';

package/dist/webhook.js

@@ -2,7 +2,32 @@
 function isValidWebhookEvent(data) {
   if (typeof data !== "object" || data === null) return false;
   const obj = data;
-  return typeof obj.collection === "string" && (obj.operation === "create" || obj.operation === "update") && typeof obj.data === "object" && obj.data !== null;
+  return typeof obj.collection === "string" && typeof obj.operation === "string" && obj.operation.length > 0 && typeof obj.data === "object" && obj.data !== null;
+}
+var CUSTOMER_PASSWORD_RESET_OPERATION = "password-reset";
+function isRecord(value) {
+  return typeof value === "object" && value !== null;
+}
+function hasString(value, key) {
+  return typeof value[key] === "string";
+}
+function hasStringOrNumber(value, key) {
+  return typeof value[key] === "string" || typeof value[key] === "number";
+}
+function isCustomerPasswordResetWebhookEvent(event) {
+  if (event.collection !== "customers" || event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION || !isRecord(event.data)) {
+    return false;
+  }
+  return hasStringOrNumber(event.data, "customerId") && hasString(event.data, "email") && hasString(event.data, "name") && hasString(event.data, "resetPasswordToken") && hasString(event.data, "resetPasswordExpiresAt");
+}
+function createCustomerAuthWebhookHandler(handlers) {
+  return async (event) => {
+    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {
+      await handlers.passwordReset(event.data, event);
+      return;
+    }
+    await handlers.unhandled?.(event);
+  };
 }
 async function verifySignature(payload, secret, signature) {
   const encoder = new TextEncoder();
@@ -69,8 +94,11 @@ function createTypedWebhookHandler(collection, handler) {
   };
 }
 export {
+  CUSTOMER_PASSWORD_RESET_OPERATION,
+  createCustomerAuthWebhookHandler,
   createTypedWebhookHandler,
   handleWebhook,
+  isCustomerPasswordResetWebhookEvent,
   isValidWebhookEvent
 };
 //# sourceMappingURL=webhook.js.map

package/dist/webhook.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../src/core/webhook/index.ts"],"sourcesContent":["import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = 'create' | 'update'\n\nexport interface WebhookEvent<T extends Collection = Collection> {\n  collection: T\n  operation: WebhookOperation\n  data: CollectionType<T>\n}\n\nexport type WebhookHandler<T extends Collection = Collection> = (\n  event: WebhookEvent<T>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    (obj.operation === 'create' || obj.operation === 'update') &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify('HMAC', key, sigBytes, encoder.encode(payload))\n}\n\nexport async function handleWebhook<T extends Collection = Collection>(\n  request: Request,\n  handler: WebhookHandler<T>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const valid = await verifySignature(rawBody, options.secret, signature)\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";AAmBO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,aACzB,IAAI,cAAc,YAAY,IAAI,cAAc,aACjD,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEA,eAAe,gBACb,SACA,QACA,WACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,UAAU,QAAQ,OAAO,OAAO,CAAC;AAC5E;AAEA,eAAsB,cACpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,QAAQ,MAAM,gBAAgB,SAAS,QAAQ,QAAQ,SAAS;AACtE,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAAuB;AAErC,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}
+{"version":3,"sources":["../src/core/webhook/index.ts"],"sourcesContent":["import type { Collection } from '../client/types'\nimport type { CollectionType } from '../collection/types'\n\nexport type WebhookOperation = string\n\nexport interface WebhookEvent<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> {\n  collection: T\n  operation: WebhookOperation\n  data: TData\n  timestamp?: string\n}\n\nexport type WebhookHandler<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n> = (\n  event: WebhookEvent<T, TData>,\n) => Promise<void> | void\n\nexport interface WebhookOptions {\n  secret?: string\n}\n\nexport function isValidWebhookEvent(data: unknown): data is WebhookEvent {\n  if (typeof data !== 'object' || data === null) return false\n  const obj = data as Record<string, unknown>\n  return (\n    typeof obj.collection === 'string' &&\n    typeof obj.operation === 'string' &&\n    obj.operation.length > 0 &&\n    typeof obj.data === 'object' &&\n    obj.data !== null\n  )\n}\n\nexport const CUSTOMER_PASSWORD_RESET_OPERATION = 'password-reset' as const\n\nexport interface CustomerPasswordResetWebhookData {\n  customerId: string | number\n  email: string\n  name: string\n  resetPasswordToken: string\n  resetPasswordExpiresAt: string\n}\n\nexport type CustomerPasswordResetWebhookEvent = WebhookEvent<\n  'customers',\n  CustomerPasswordResetWebhookData\n> & {\n  operation: typeof CUSTOMER_PASSWORD_RESET_OPERATION\n}\n\nexport type CustomerAuthWebhookEvent = CustomerPasswordResetWebhookEvent\n\ntype MaybePromise<T> = T | Promise<T>\n\nexport interface CustomerAuthWebhookHandlers {\n  passwordReset?: (\n    data: CustomerPasswordResetWebhookData,\n    event: CustomerPasswordResetWebhookEvent,\n  ) => MaybePromise<void>\n  unhandled?: (event: WebhookEvent<string, unknown>) => MaybePromise<void>\n}\n\nfunction isRecord(value: unknown): value is Record<string, unknown> {\n  return typeof value === 'object' && value !== null\n}\n\nfunction hasString(value: Record<string, unknown>, key: string): boolean {\n  return typeof value[key] === 'string'\n}\n\nfunction hasStringOrNumber(\n  value: Record<string, unknown>,\n  key: string,\n): boolean {\n  return typeof value[key] === 'string' || typeof value[key] === 'number'\n}\n\nexport function isCustomerPasswordResetWebhookEvent(\n  event: WebhookEvent<string, unknown>,\n): event is CustomerPasswordResetWebhookEvent {\n  if (\n    event.collection !== 'customers' ||\n    event.operation !== CUSTOMER_PASSWORD_RESET_OPERATION ||\n    !isRecord(event.data)\n  ) {\n    return false\n  }\n\n  return (\n    hasStringOrNumber(event.data, 'customerId') &&\n    hasString(event.data, 'email') &&\n    hasString(event.data, 'name') &&\n    hasString(event.data, 'resetPasswordToken') &&\n    hasString(event.data, 'resetPasswordExpiresAt')\n  )\n}\n\nexport function createCustomerAuthWebhookHandler(\n  handlers: CustomerAuthWebhookHandlers,\n): WebhookHandler<string, unknown> {\n  return async (event) => {\n    if (isCustomerPasswordResetWebhookEvent(event) && handlers.passwordReset) {\n      await handlers.passwordReset(event.data, event)\n      return\n    }\n\n    await handlers.unhandled?.(event)\n  }\n}\n\nasync function verifySignature(\n  payload: string,\n  secret: string,\n  signature: string,\n): Promise<boolean> {\n  const encoder = new TextEncoder()\n  const key = await crypto.subtle.importKey(\n    'raw',\n    encoder.encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['verify'],\n  )\n  // Validate and convert hex signature to Uint8Array\n  if (signature.length % 2 !== 0 || !/^[0-9a-fA-F]*$/.test(signature)) {\n    return false\n  }\n  const sigBytes = new Uint8Array(\n    (signature.match(/.{2}/g) ?? []).map((byte) => parseInt(byte, 16)),\n  )\n  // crypto.subtle.verify performs constant-time comparison internally\n  return crypto.subtle.verify('HMAC', key, sigBytes, encoder.encode(payload))\n}\n\nexport async function handleWebhook<\n  T extends Collection | string = Collection,\n  TData = T extends Collection ? CollectionType<T> : Record<string, unknown>,\n>(\n  request: Request,\n  handler: WebhookHandler<T, TData>,\n  options?: WebhookOptions,\n): Promise<Response> {\n  try {\n    const rawBody = await request.text()\n\n    if (options?.secret) {\n      const signature = request.headers.get('x-webhook-signature') || ''\n      const valid = await verifySignature(rawBody, options.secret, signature)\n      if (!valid) {\n        return new Response(\n          JSON.stringify({ error: 'Invalid webhook signature' }),\n          { status: 401, headers: { 'Content-Type': 'application/json' } },\n        )\n      }\n    } else {\n      console.warn(\n        '[@01.software/sdk] Webhook signature verification is disabled. ' +\n          'Set { secret } in handleWebhook() options to enable HMAC-SHA256 verification.',\n      )\n    }\n\n    const body = JSON.parse(rawBody)\n\n    if (!isValidWebhookEvent(body)) {\n      return new Response(\n        JSON.stringify({ error: 'Invalid webhook event format' }),\n        { status: 400, headers: { 'Content-Type': 'application/json' } },\n      )\n    }\n\n    await handler(body as WebhookEvent<T, TData>)\n\n    return new Response(\n      JSON.stringify({ success: true, message: 'Webhook processed' }),\n      { status: 200, headers: { 'Content-Type': 'application/json' } },\n    )\n  } catch (error) {\n    console.error('Webhook processing error:', error)\n\n    return new Response(JSON.stringify({ error: 'Internal server error' }), {\n      status: 500,\n      headers: { 'Content-Type': 'application/json' },\n    })\n  }\n}\n\nexport function createTypedWebhookHandler<T extends Collection>(\n  collection: T,\n  handler: (event: WebhookEvent<T>) => Promise<void> | void,\n): WebhookHandler<T> {\n  return async (event: WebhookEvent<T>) => {\n    if (event.collection !== collection) {\n      throw new Error(\n        `Expected collection \"${collection}\", got \"${event.collection}\"`,\n      )\n    }\n    return handler(event)\n  }\n}\n"],"mappings":";AA0BO,SAAS,oBAAoB,MAAqC;AACvE,MAAI,OAAO,SAAS,YAAY,SAAS,KAAM,QAAO;AACtD,QAAM,MAAM;AACZ,SACE,OAAO,IAAI,eAAe,YAC1B,OAAO,IAAI,cAAc,YACzB,IAAI,UAAU,SAAS,KACvB,OAAO,IAAI,SAAS,YACpB,IAAI,SAAS;AAEjB;AAEO,IAAM,oCAAoC;AA6BjD,SAAS,SAAS,OAAkD;AAClE,SAAO,OAAO,UAAU,YAAY,UAAU;AAChD;AAEA,SAAS,UAAU,OAAgC,KAAsB;AACvE,SAAO,OAAO,MAAM,GAAG,MAAM;AAC/B;AAEA,SAAS,kBACP,OACA,KACS;AACT,SAAO,OAAO,MAAM,GAAG,MAAM,YAAY,OAAO,MAAM,GAAG,MAAM;AACjE;AAEO,SAAS,oCACd,OAC4C;AAC5C,MACE,MAAM,eAAe,eACrB,MAAM,cAAc,qCACpB,CAAC,SAAS,MAAM,IAAI,GACpB;AACA,WAAO;AAAA,EACT;AAEA,SACE,kBAAkB,MAAM,MAAM,YAAY,KAC1C,UAAU,MAAM,MAAM,OAAO,KAC7B,UAAU,MAAM,MAAM,MAAM,KAC5B,UAAU,MAAM,MAAM,oBAAoB,KAC1C,UAAU,MAAM,MAAM,wBAAwB;AAElD;AAEO,SAAS,iCACd,UACiC;AACjC,SAAO,OAAO,UAAU;AACtB,QAAI,oCAAoC,KAAK,KAAK,SAAS,eAAe;AACxE,YAAM,SAAS,cAAc,MAAM,MAAM,KAAK;AAC9C;AAAA,IACF;AAEA,UAAM,SAAS,YAAY,KAAK;AAAA,EAClC;AACF;AAEA,eAAe,gBACb,SACA,QACA,WACkB;AAClB,QAAM,UAAU,IAAI,YAAY;AAChC,QAAM,MAAM,MAAM,OAAO,OAAO;AAAA,IAC9B;AAAA,IACA,QAAQ,OAAO,MAAM;AAAA,IACrB,EAAE,MAAM,QAAQ,MAAM,UAAU;AAAA,IAChC;AAAA,IACA,CAAC,QAAQ;AAAA,EACX;AAEA,MAAI,UAAU,SAAS,MAAM,KAAK,CAAC,iBAAiB,KAAK,SAAS,GAAG;AACnE,WAAO;AAAA,EACT;AACA,QAAM,WAAW,IAAI;AAAA,KAClB,UAAU,MAAM,OAAO,KAAK,CAAC,GAAG,IAAI,CAAC,SAAS,SAAS,MAAM,EAAE,CAAC;AAAA,EACnE;AAEA,SAAO,OAAO,OAAO,OAAO,QAAQ,KAAK,UAAU,QAAQ,OAAO,OAAO,CAAC;AAC5E;AAEA,eAAsB,cAIpB,SACA,SACA,SACmB;AACnB,MAAI;AACF,UAAM,UAAU,MAAM,QAAQ,KAAK;AAEnC,QAAI,SAAS,QAAQ;AACnB,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAChE,YAAM,QAAQ,MAAM,gBAAgB,SAAS,QAAQ,QAAQ,SAAS;AACtE,UAAI,CAAC,OAAO;AACV,eAAO,IAAI;AAAA,UACT,KAAK,UAAU,EAAE,OAAO,4BAA4B,CAAC;AAAA,UACrD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,QACjE;AAAA,MACF;AAAA,IACF,OAAO;AACL,cAAQ;AAAA,QACN;AAAA,MAEF;AAAA,IACF;AAEA,UAAM,OAAO,KAAK,MAAM,OAAO;AAE/B,QAAI,CAAC,oBAAoB,IAAI,GAAG;AAC9B,aAAO,IAAI;AAAA,QACT,KAAK,UAAU,EAAE,OAAO,+BAA+B,CAAC;AAAA,QACxD,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,MACjE;AAAA,IACF;AAEA,UAAM,QAAQ,IAA8B;AAE5C,WAAO,IAAI;AAAA,MACT,KAAK,UAAU,EAAE,SAAS,MAAM,SAAS,oBAAoB,CAAC;AAAA,MAC9D,EAAE,QAAQ,KAAK,SAAS,EAAE,gBAAgB,mBAAmB,EAAE;AAAA,IACjE;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,MAAM,6BAA6B,KAAK;AAEhD,WAAO,IAAI,SAAS,KAAK,UAAU,EAAE,OAAO,wBAAwB,CAAC,GAAG;AAAA,MACtE,QAAQ;AAAA,MACR,SAAS,EAAE,gBAAgB,mBAAmB;AAAA,IAChD,CAAC;AAAA,EACH;AACF;AAEO,SAAS,0BACd,YACA,SACmB;AACnB,SAAO,OAAO,UAA2B;AACvC,QAAI,MAAM,eAAe,YAAY;AACnC,YAAM,IAAI;AAAA,QACR,wBAAwB,UAAU,WAAW,MAAM,UAAU;AAAA,MAC/D;AAAA,IACF;AACA,WAAO,QAAQ,KAAK;AAAA,EACtB;AACF;","names":[]}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@01.software/sdk",
-  "version": "0.17.0",
+  "version": "0.18.0",
   "description": "01.software SDK",
   "author": "<office@01.works>",
   "keywords": [],

package/dist/webhook-Dm2zz7FQ.d.cts

@@ -1,20 +0,0 @@
-import { C as Collection } from './const-D2K5HxpP.cjs';
-import { C as Config } from './payload-types-CMoyAOjJ.cjs';
-
-type CollectionType<T extends string> = T extends keyof Config['collections'] ? Config['collections'][T] : never;
-
-type WebhookOperation = 'create' | 'update';
-interface WebhookEvent<T extends Collection = Collection> {
-    collection: T;
-    operation: WebhookOperation;
-    data: CollectionType<T>;
-}
-type WebhookHandler<T extends Collection = Collection> = (event: WebhookEvent<T>) => Promise<void> | void;
-interface WebhookOptions {
-    secret?: string;
-}
-declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
-declare function handleWebhook<T extends Collection = Collection>(request: Request, handler: WebhookHandler<T>, options?: WebhookOptions): Promise<Response>;
-declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
-
-export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, createTypedWebhookHandler as d, handleWebhook as h, isValidWebhookEvent as i };

package/dist/webhook-IhuUWnt5.d.ts

@@ -1,20 +0,0 @@
-import { C as Collection } from './const-DG8TrouX.js';
-import { C as Config } from './payload-types-CMoyAOjJ.js';
-
-type CollectionType<T extends string> = T extends keyof Config['collections'] ? Config['collections'][T] : never;
-
-type WebhookOperation = 'create' | 'update';
-interface WebhookEvent<T extends Collection = Collection> {
-    collection: T;
-    operation: WebhookOperation;
-    data: CollectionType<T>;
-}
-type WebhookHandler<T extends Collection = Collection> = (event: WebhookEvent<T>) => Promise<void> | void;
-interface WebhookOptions {
-    secret?: string;
-}
-declare function isValidWebhookEvent(data: unknown): data is WebhookEvent;
-declare function handleWebhook<T extends Collection = Collection>(request: Request, handler: WebhookHandler<T>, options?: WebhookOptions): Promise<Response>;
-declare function createTypedWebhookHandler<T extends Collection>(collection: T, handler: (event: WebhookEvent<T>) => Promise<void> | void): WebhookHandler<T>;
-
-export { type CollectionType as C, type WebhookOperation as W, type WebhookEvent as a, type WebhookHandler as b, type WebhookOptions as c, createTypedWebhookHandler as d, handleWebhook as h, isValidWebhookEvent as i };