@agg-build/sdk 1.2.0 → 1.2.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/dist/index.d.mts +482 -17
- package/dist/index.d.ts +482 -17
- package/dist/index.js +159 -3
- package/dist/index.mjs +157 -3
- package/dist/server.d.mts +62 -6
- package/dist/server.d.ts +62 -6
- package/dist/server.js +61 -2
- package/dist/server.mjs +58 -1
- package/package.json +1 -1
package/dist/server.d.ts
CHANGED
|
@@ -12,6 +12,16 @@ interface VerifyWebhookOptions {
|
|
|
12
12
|
}
|
|
13
13
|
declare function verifyWebhook(payload: string, headers: Record<string, string | string[] | undefined>, secret: string, options?: VerifyWebhookOptions): void;
|
|
14
14
|
declare function parseWebhookEvent(payload: string, headers: Record<string, string | string[] | undefined>, secret: string, options?: VerifyWebhookOptions): WebhookEvent;
|
|
15
|
+
/**
|
|
16
|
+
* Async, edge-runtime-friendly variant of {@link verifyWebhook}. Same
|
|
17
|
+
* Svix v1 signing scheme. Use this in Cloudflare Workers / Vercel Edge /
|
|
18
|
+
* Deno / Bun. The sync variant remains available for Node.js consumers.
|
|
19
|
+
*/
|
|
20
|
+
declare function verifyWebhookAsync(payload: string, headers: Record<string, string | string[] | undefined>, secret: string, options?: VerifyWebhookOptions): Promise<void>;
|
|
21
|
+
/**
|
|
22
|
+
* Async, edge-runtime-friendly variant of {@link parseWebhookEvent}.
|
|
23
|
+
*/
|
|
24
|
+
declare function parseWebhookEventAsync(payload: string, headers: Record<string, string | string[] | undefined>, secret: string, options?: VerifyWebhookOptions): Promise<WebhookEvent>;
|
|
15
25
|
interface WebhookEventBase {
|
|
16
26
|
id: string;
|
|
17
27
|
createdAt: string;
|
|
@@ -21,6 +31,8 @@ interface AccountsCreatedEvent extends WebhookEventBase {
|
|
|
21
31
|
data: {
|
|
22
32
|
userId: string;
|
|
23
33
|
appId: string;
|
|
34
|
+
createdAt: string;
|
|
35
|
+
email: string | null;
|
|
24
36
|
};
|
|
25
37
|
}
|
|
26
38
|
interface AccountsLinkedEvent extends WebhookEventBase {
|
|
@@ -37,6 +49,7 @@ interface WalletsReadyEvent extends WebhookEventBase {
|
|
|
37
49
|
userId: string;
|
|
38
50
|
evmAddress: string;
|
|
39
51
|
svmAddress: string;
|
|
52
|
+
createdAt: string;
|
|
40
53
|
};
|
|
41
54
|
}
|
|
42
55
|
interface TradesPlacedEvent extends WebhookEventBase {
|
|
@@ -45,8 +58,16 @@ interface TradesPlacedEvent extends WebhookEventBase {
|
|
|
45
58
|
orderId: string;
|
|
46
59
|
userId: string;
|
|
47
60
|
side: string;
|
|
48
|
-
|
|
49
|
-
|
|
61
|
+
timestamp: string;
|
|
62
|
+
/**
|
|
63
|
+
* @deprecated Never emitted by the server in 1.x — the SDK type lied
|
|
64
|
+
* here for several releases. Reads always return `undefined`. The field
|
|
65
|
+
* is retained as `undefined`-typed for one minor release so existing
|
|
66
|
+
* partner code that destructures it keeps compiling; remove in 2.0.
|
|
67
|
+
*/
|
|
68
|
+
venue?: undefined;
|
|
69
|
+
/** @deprecated See `venue`. */
|
|
70
|
+
venueMarketId?: undefined;
|
|
50
71
|
};
|
|
51
72
|
}
|
|
52
73
|
interface TradesFilledEvent extends WebhookEventBase {
|
|
@@ -55,16 +76,49 @@ interface TradesFilledEvent extends WebhookEventBase {
|
|
|
55
76
|
orderId: string;
|
|
56
77
|
userId: string;
|
|
57
78
|
status: string;
|
|
58
|
-
|
|
59
|
-
|
|
79
|
+
timestamp: string;
|
|
80
|
+
/**
|
|
81
|
+
* Post-execution accuracy data. All `*Raw` values are decimal strings in
|
|
82
|
+
* 6-decimal atomic units. `*PriceRaw` are decimal strings (e.g. "0.5").
|
|
83
|
+
* `partialFillReason` is set only on `status === "partial_fill"`.
|
|
84
|
+
*/
|
|
85
|
+
filledAmountRaw?: string;
|
|
86
|
+
quotedSharesRaw?: string;
|
|
87
|
+
actualSharesRaw?: string;
|
|
88
|
+
quotedToWinRaw?: string;
|
|
89
|
+
actualToWinRaw?: string;
|
|
90
|
+
quotedPriceRaw?: string;
|
|
91
|
+
executionPriceRaw?: string;
|
|
92
|
+
partialFillReason?: string;
|
|
93
|
+
/** @deprecated See `executionPriceRaw` — never emitted; remove in 2.0. */
|
|
94
|
+
fillPrice?: undefined;
|
|
95
|
+
/** @deprecated See `actualSharesRaw` / `filledAmountRaw` — never emitted; remove in 2.0. */
|
|
96
|
+
fillSize?: undefined;
|
|
60
97
|
};
|
|
61
98
|
}
|
|
62
99
|
interface MarketsResolvedEvent extends WebhookEventBase {
|
|
63
100
|
type: "markets.resolved";
|
|
64
101
|
data: {
|
|
65
102
|
venueMarketId: string;
|
|
66
|
-
|
|
103
|
+
externalIdentifier: string;
|
|
104
|
+
status: string;
|
|
105
|
+
outcomes: Array<{
|
|
106
|
+
label: string;
|
|
107
|
+
winner?: boolean;
|
|
108
|
+
externalIdentifier?: string;
|
|
109
|
+
}>;
|
|
67
110
|
affectedUsersCount: number;
|
|
111
|
+
/**
|
|
112
|
+
* Path on the AGG API where this resolution's affected users can be
|
|
113
|
+
* paginated. Combine with the configured base URL — e.g.
|
|
114
|
+
* `https://api.agg.market${detailsPath}`.
|
|
115
|
+
*/
|
|
116
|
+
detailsPath: string;
|
|
117
|
+
/**
|
|
118
|
+
* @deprecated Singular `outcome` was never emitted; use `outcomes` array.
|
|
119
|
+
* Remove in 2.0.
|
|
120
|
+
*/
|
|
121
|
+
outcome?: undefined;
|
|
68
122
|
};
|
|
69
123
|
}
|
|
70
124
|
interface UnknownWebhookEvent extends WebhookEventBase {
|
|
@@ -118,7 +172,9 @@ declare class AggAdminClient {
|
|
|
118
172
|
ordersByStatus: Record<string, number>;
|
|
119
173
|
ordersByVenue: Record<string, number>;
|
|
120
174
|
usersLast30Days: number;
|
|
175
|
+
usersLast7Days: number;
|
|
121
176
|
ordersLast30Days: number;
|
|
177
|
+
ordersLast7Days: number;
|
|
122
178
|
}>;
|
|
123
179
|
listOrders(appId: string, query?: {
|
|
124
180
|
limit?: number;
|
|
@@ -152,4 +208,4 @@ declare class AggAdminClient {
|
|
|
152
208
|
}>;
|
|
153
209
|
}
|
|
154
210
|
|
|
155
|
-
export { type AccountsCreatedEvent, type AccountsLinkedEvent, AggAdminClient, type AggAdminClientOptions, type ExternalIdAssertion, type KnownWebhookEvent, type MarketsResolvedEvent, type TradesFilledEvent, type TradesPlacedEvent, type UnknownWebhookEvent, type VerifyWebhookOptions, type WalletsReadyEvent, type WebhookEvent, WebhookVerificationError, parseWebhookEvent, signExternalId, verifyWebhook };
|
|
211
|
+
export { type AccountsCreatedEvent, type AccountsLinkedEvent, AggAdminClient, type AggAdminClientOptions, type ExternalIdAssertion, type KnownWebhookEvent, type MarketsResolvedEvent, type TradesFilledEvent, type TradesPlacedEvent, type UnknownWebhookEvent, type VerifyWebhookOptions, type WalletsReadyEvent, type WebhookEvent, WebhookVerificationError, parseWebhookEvent, parseWebhookEventAsync, signExternalId, verifyWebhook, verifyWebhookAsync };
|
package/dist/server.js
CHANGED
|
@@ -60,8 +60,10 @@ __export(server_exports, {
|
|
|
60
60
|
AggAdminClient: () => AggAdminClient,
|
|
61
61
|
WebhookVerificationError: () => WebhookVerificationError,
|
|
62
62
|
parseWebhookEvent: () => parseWebhookEvent,
|
|
63
|
+
parseWebhookEventAsync: () => parseWebhookEventAsync,
|
|
63
64
|
signExternalId: () => signExternalId,
|
|
64
|
-
verifyWebhook: () => verifyWebhook
|
|
65
|
+
verifyWebhook: () => verifyWebhook,
|
|
66
|
+
verifyWebhookAsync: () => verifyWebhookAsync
|
|
65
67
|
});
|
|
66
68
|
module.exports = __toCommonJS(server_exports);
|
|
67
69
|
var import_node_crypto = require("crypto");
|
|
@@ -74,6 +76,22 @@ function signExternalId(appSecret, externalId) {
|
|
|
74
76
|
hmac
|
|
75
77
|
};
|
|
76
78
|
}
|
|
79
|
+
var textEncoder = new TextEncoder();
|
|
80
|
+
function base64Decode(s) {
|
|
81
|
+
const bin = atob(s);
|
|
82
|
+
const out = new Uint8Array(bin.length);
|
|
83
|
+
for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
|
|
84
|
+
return out;
|
|
85
|
+
}
|
|
86
|
+
function importHmacKey(secret) {
|
|
87
|
+
return __async(this, null, function* () {
|
|
88
|
+
const keyBytes = base64Decode(secret.replace(/^whsec_/, ""));
|
|
89
|
+
return crypto.subtle.importKey("raw", keyBytes, { name: "HMAC", hash: "SHA-256" }, false, [
|
|
90
|
+
"sign",
|
|
91
|
+
"verify"
|
|
92
|
+
]);
|
|
93
|
+
});
|
|
94
|
+
}
|
|
77
95
|
var WebhookVerificationError = class extends Error {
|
|
78
96
|
constructor(message) {
|
|
79
97
|
super(message);
|
|
@@ -113,6 +131,45 @@ function parseWebhookEvent(payload, headers, secret, options) {
|
|
|
113
131
|
const parsed = JSON.parse(payload);
|
|
114
132
|
return parsed;
|
|
115
133
|
}
|
|
134
|
+
function verifyWebhookAsync(payload, headers, secret, options) {
|
|
135
|
+
return __async(this, null, function* () {
|
|
136
|
+
var _a;
|
|
137
|
+
const tolerance = (_a = options == null ? void 0 : options.toleranceSeconds) != null ? _a : 300;
|
|
138
|
+
const msgId = getHeader(headers, "webhook-id");
|
|
139
|
+
const timestamp = getHeader(headers, "webhook-timestamp");
|
|
140
|
+
const signatures = getHeader(headers, "webhook-signature");
|
|
141
|
+
if (!msgId) throw new WebhookVerificationError("Missing Webhook-Id header");
|
|
142
|
+
if (!timestamp) throw new WebhookVerificationError("Missing Webhook-Timestamp header");
|
|
143
|
+
if (!signatures) throw new WebhookVerificationError("Missing Webhook-Signature header");
|
|
144
|
+
const ts = parseInt(timestamp, 10);
|
|
145
|
+
if (isNaN(ts)) throw new WebhookVerificationError("Invalid Webhook-Timestamp");
|
|
146
|
+
const now = Math.floor(Date.now() / 1e3);
|
|
147
|
+
if (Math.abs(now - ts) > tolerance) {
|
|
148
|
+
throw new WebhookVerificationError("Webhook timestamp outside tolerance window");
|
|
149
|
+
}
|
|
150
|
+
const key = yield importHmacKey(secret);
|
|
151
|
+
const signed = textEncoder.encode(`${msgId}.${timestamp}.${payload}`);
|
|
152
|
+
for (const sig of signatures.split(" ")) {
|
|
153
|
+
if (!sig.startsWith("v1,")) continue;
|
|
154
|
+
let sigBytes;
|
|
155
|
+
try {
|
|
156
|
+
sigBytes = base64Decode(sig.slice(3));
|
|
157
|
+
} catch (e) {
|
|
158
|
+
continue;
|
|
159
|
+
}
|
|
160
|
+
const ok = yield crypto.subtle.verify("HMAC", key, sigBytes, signed);
|
|
161
|
+
if (ok) return;
|
|
162
|
+
}
|
|
163
|
+
throw new WebhookVerificationError("Invalid webhook signature");
|
|
164
|
+
});
|
|
165
|
+
}
|
|
166
|
+
function parseWebhookEventAsync(payload, headers, secret, options) {
|
|
167
|
+
return __async(this, null, function* () {
|
|
168
|
+
yield verifyWebhookAsync(payload, headers, secret, options);
|
|
169
|
+
const parsed = JSON.parse(payload);
|
|
170
|
+
return parsed;
|
|
171
|
+
});
|
|
172
|
+
}
|
|
116
173
|
var AggAdminClient = class {
|
|
117
174
|
constructor(options) {
|
|
118
175
|
this.baseUrl = options.baseUrl.replace(/\/$/, "");
|
|
@@ -249,6 +306,8 @@ function getHeader(headers, name) {
|
|
|
249
306
|
AggAdminClient,
|
|
250
307
|
WebhookVerificationError,
|
|
251
308
|
parseWebhookEvent,
|
|
309
|
+
parseWebhookEventAsync,
|
|
252
310
|
signExternalId,
|
|
253
|
-
verifyWebhook
|
|
311
|
+
verifyWebhook,
|
|
312
|
+
verifyWebhookAsync
|
|
254
313
|
});
|
package/dist/server.mjs
CHANGED
|
@@ -15,6 +15,22 @@ function signExternalId(appSecret, externalId) {
|
|
|
15
15
|
hmac
|
|
16
16
|
};
|
|
17
17
|
}
|
|
18
|
+
var textEncoder = new TextEncoder();
|
|
19
|
+
function base64Decode(s) {
|
|
20
|
+
const bin = atob(s);
|
|
21
|
+
const out = new Uint8Array(bin.length);
|
|
22
|
+
for (let i = 0; i < bin.length; i++) out[i] = bin.charCodeAt(i);
|
|
23
|
+
return out;
|
|
24
|
+
}
|
|
25
|
+
function importHmacKey(secret) {
|
|
26
|
+
return __async(this, null, function* () {
|
|
27
|
+
const keyBytes = base64Decode(secret.replace(/^whsec_/, ""));
|
|
28
|
+
return crypto.subtle.importKey("raw", keyBytes, { name: "HMAC", hash: "SHA-256" }, false, [
|
|
29
|
+
"sign",
|
|
30
|
+
"verify"
|
|
31
|
+
]);
|
|
32
|
+
});
|
|
33
|
+
}
|
|
18
34
|
var WebhookVerificationError = class extends Error {
|
|
19
35
|
constructor(message) {
|
|
20
36
|
super(message);
|
|
@@ -54,6 +70,45 @@ function parseWebhookEvent(payload, headers, secret, options) {
|
|
|
54
70
|
const parsed = JSON.parse(payload);
|
|
55
71
|
return parsed;
|
|
56
72
|
}
|
|
73
|
+
function verifyWebhookAsync(payload, headers, secret, options) {
|
|
74
|
+
return __async(this, null, function* () {
|
|
75
|
+
var _a;
|
|
76
|
+
const tolerance = (_a = options == null ? void 0 : options.toleranceSeconds) != null ? _a : 300;
|
|
77
|
+
const msgId = getHeader(headers, "webhook-id");
|
|
78
|
+
const timestamp = getHeader(headers, "webhook-timestamp");
|
|
79
|
+
const signatures = getHeader(headers, "webhook-signature");
|
|
80
|
+
if (!msgId) throw new WebhookVerificationError("Missing Webhook-Id header");
|
|
81
|
+
if (!timestamp) throw new WebhookVerificationError("Missing Webhook-Timestamp header");
|
|
82
|
+
if (!signatures) throw new WebhookVerificationError("Missing Webhook-Signature header");
|
|
83
|
+
const ts = parseInt(timestamp, 10);
|
|
84
|
+
if (isNaN(ts)) throw new WebhookVerificationError("Invalid Webhook-Timestamp");
|
|
85
|
+
const now = Math.floor(Date.now() / 1e3);
|
|
86
|
+
if (Math.abs(now - ts) > tolerance) {
|
|
87
|
+
throw new WebhookVerificationError("Webhook timestamp outside tolerance window");
|
|
88
|
+
}
|
|
89
|
+
const key = yield importHmacKey(secret);
|
|
90
|
+
const signed = textEncoder.encode(`${msgId}.${timestamp}.${payload}`);
|
|
91
|
+
for (const sig of signatures.split(" ")) {
|
|
92
|
+
if (!sig.startsWith("v1,")) continue;
|
|
93
|
+
let sigBytes;
|
|
94
|
+
try {
|
|
95
|
+
sigBytes = base64Decode(sig.slice(3));
|
|
96
|
+
} catch (e) {
|
|
97
|
+
continue;
|
|
98
|
+
}
|
|
99
|
+
const ok = yield crypto.subtle.verify("HMAC", key, sigBytes, signed);
|
|
100
|
+
if (ok) return;
|
|
101
|
+
}
|
|
102
|
+
throw new WebhookVerificationError("Invalid webhook signature");
|
|
103
|
+
});
|
|
104
|
+
}
|
|
105
|
+
function parseWebhookEventAsync(payload, headers, secret, options) {
|
|
106
|
+
return __async(this, null, function* () {
|
|
107
|
+
yield verifyWebhookAsync(payload, headers, secret, options);
|
|
108
|
+
const parsed = JSON.parse(payload);
|
|
109
|
+
return parsed;
|
|
110
|
+
});
|
|
111
|
+
}
|
|
57
112
|
var AggAdminClient = class {
|
|
58
113
|
constructor(options) {
|
|
59
114
|
this.baseUrl = options.baseUrl.replace(/\/$/, "");
|
|
@@ -189,6 +244,8 @@ export {
|
|
|
189
244
|
AggAdminClient,
|
|
190
245
|
WebhookVerificationError,
|
|
191
246
|
parseWebhookEvent,
|
|
247
|
+
parseWebhookEventAsync,
|
|
192
248
|
signExternalId,
|
|
193
|
-
verifyWebhook
|
|
249
|
+
verifyWebhook,
|
|
250
|
+
verifyWebhookAsync
|
|
194
251
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@agg-build/sdk",
|
|
3
|
-
"version": "1.2.
|
|
3
|
+
"version": "1.2.13",
|
|
4
4
|
"description": "Vanilla TypeScript client for the AGG prediction market aggregator (auth, markets, orderbooks, charts, trading, managed execution, WebSockets). Works in browsers, Node.js, and React Native.",
|
|
5
5
|
"sideEffects": false,
|
|
6
6
|
"license": "MIT",
|