npm - @aquarian-metals/coin-moebius-dodopayments - Versions diffs - 3.0.0 - Mend

@aquarian-metals/coin-moebius-dodopayments 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 aquarian-metals
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,83 @@
+# @aquarian-metals/coin-moebius-dodopayments
+[Dodo Payments](https://dodopayments.com) provider for [Coin Moebius](https://github.com/aquarian-metals/coin-moebius).
+Dodo Payments is a Merchant of Record: it hosts the checkout page, handles
+sales tax, and remits to you. A single Dodo checkout can mix one-time and
+subscription products, so this one package covers both — one-time charges land
+as `kind: 'payment'` events, recurring billing lands as `kind: 'subscription'`.
+## Client (browser)
+```ts
+import { createDodoPaymentsProvider } from '@aquarian-metals/coin-moebius-dodopayments';
+import { createPaymentManager } from '@aquarian-metals/coin-moebius';
+const dodo = createDodoPaymentsProvider({
+  // Your own serverless endpoint that creates a Dodo checkout session with
+  // your API key and returns `{ url: checkout_url }`.
+  checkoutEndpoint: '/api/checkout/dodopayments',
+});
+const manager = createPaymentManager({ providers: [dodo] });
+await manager.initiate({ productId: 'pro', amount: 9.99, currency: 'USD' });
+```
+`initiate` fires `onPending` and then redirects the buyer to Dodo's hosted
+checkout. The terminal `success` signal arrives via the webhook on the server
+side; subscribe to it buyer-side with `manager.subscribeToStatus(...)` if you
+want in-page completion notice.
+## Server (Node / serverless / Workers)
+```ts
+import { createDodoPaymentsVerifier } from '@aquarian-metals/coin-moebius-dodopayments/server';
+const verify = createDodoPaymentsVerifier({
+  webhookSecret: process.env.DODO_WEBHOOK_SECRET, // the whsec_… value
+});
+// `rawBody` MUST be the unparsed request body string (or bytes). Standard
+// Webhooks signs the exact payload, so a pre-parsed object cannot be verified.
+const event = await verify(rawBody, request.headers);
+if (event?.kind === 'payment' && event.status === 'success') {
+  // fulfill
+}
+```
+> **Never import `/server` into a browser bundle.** It performs signature
+> verification and belongs only in your serverless functions or Worker.
+### Signature scheme
+Dodo signs webhooks with the [Standard Webhooks](https://www.standardwebhooks.com/)
+specification: base64 HMAC-SHA256 over `${webhook-id}.${webhook-timestamp}.${body}`,
+keyed by the base64-decoded `whsec_…` secret, compared against each `v1,<sig>`
+token in the `webhook-signature` header. The verifier also rejects deliveries
+whose signed `webhook-timestamp` is outside a 5-minute tolerance window
+(configurable via `toleranceSeconds`) for replay protection.
+### Event mapping
+| Dodo event                                             | SDK event                                    |
+| ------------------------------------------------------ | -------------------------------------------- |
+| `payment.succeeded`                                    | payment → `success`                          |
+| `payment.processing`                                   | payment → `pending`                          |
+| `payment.failed`, `payment.cancelled`                  | payment → `failed`                           |
+| `refund.succeeded`                                     | payment → `refunded`                         |
+| `dispute.opened`                                       | payment → `disputed`                         |
+| `subscription.active`                                  | subscription → `subscription.created`        |
+| `subscription.renewed`                                 | subscription → `subscription.renewed`        |
+| `subscription.failed`                                  | subscription → `subscription.payment_failed` |
+| `subscription.cancelled`, `subscription.expired`       | subscription → `subscription.canceled`       |
+| `subscription.on_hold`, `subscription.plan_changed`, … | subscription → `subscription.updated`        |
+Refund and dispute events key on the original `payment_id`, so you can link
+them back to the original transaction. Amounts are converted from Dodo's minor
+units (cents) to major units. Event types the SDK doesn't model (payouts,
+license keys, `refund.failed`, dispute resolution follow-ups) resolve to
+`null`; read `event.raw` if you need them.
+## License
+MIT — see [LICENSE](./LICENSE).

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,42 @@
+/**
+ * Dodo Payments client-side provider for Coin Moebius.
+ *
+ * Hosted-checkout flow only. Calls the configured checkout endpoint on your
+ * own backend, receives a `checkout_url`, and redirects the buyer there.
+ * Dodo Payments is a Merchant of Record: it hosts the payment page, collects
+ * tax, and remits to you, so the buyer never touches your origin for the
+ * payment itself. One Dodo checkout session can mix one-time and subscription
+ * products, so this single provider covers both flows — the recurring side is
+ * surfaced server-side as `kind: 'subscription'` events.
+ *
+ * The server-side webhook verifier lives at `./server` so this client-only
+ * entry doesn't pull any Node/Web crypto into browser bundles.
+ *
+ *     import { createDodoPaymentsProvider } from '@aquarian-metals/coin-moebius-dodopayments';
+ *     const dodo = createDodoPaymentsProvider({
+ *       checkoutEndpoint: '/api/checkout/dodopayments',
+ *     });
+ *
+ *     const manager = createPaymentManager({ providers: [dodo] });
+ *     await manager.initiate({ productId: 'pro', amount: 9.99, currency: 'USD' });
+ */
+import type { PaymentProvider } from '@aquarian-metals/coin-moebius-core';
+/** Client-side config. The Dodo API key + webhook secret stay server-side. */
+export interface DodoPaymentsProviderConfig {
+    /** Full URL of the checkout endpoint that returns `{ url: checkout_url }`. */
+    checkoutEndpoint: string;
+    /** Optional fetch override — used by tests. Defaults to global `fetch`. */
+    fetcher?: typeof fetch;
+    /** Optional navigation override — used by tests. Defaults to `location.assign`. */
+    navigate?: (url: string) => void;
+}
+/**
+ * Build a `PaymentProvider` registered as `id: 'dodopayments'`. Returns a
+ * `PaymentResult` with status `'pending'` immediately after redirect, since
+ * settlement happens on Dodo's hosted page and the terminal signal lands via
+ * the webhook on the server side. Consumers wanting buyer-side completion
+ * notice should also call `manager.subscribeToStatus(paymentId, …)` after
+ * `initiate` resolves.
+ */
+export declare function createDodoPaymentsProvider(config: DodoPaymentsProviderConfig): PaymentProvider;
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,OAAO,KAAK,EACX,eAAe,EAGf,MAAM,oCAAoC,CAAC;AAE5C,8EAA8E;AAC9E,MAAM,WAAW,0BAA0B;IAC1C,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,CAAC;IACzB,2EAA2E;IAC3E,OAAO,CAAC,EAAE,OAAO,KAAK,CAAC;IACvB,mFAAmF;IACnF,QAAQ,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;CACjC;AAQD;;;;;;;GAOG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,0BAA0B,GAAG,eAAe,CAuD9F"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,67 @@
+/**
+ * Build a `PaymentProvider` registered as `id: 'dodopayments'`. Returns a
+ * `PaymentResult` with status `'pending'` immediately after redirect, since
+ * settlement happens on Dodo's hosted page and the terminal signal lands via
+ * the webhook on the server side. Consumers wanting buyer-side completion
+ * notice should also call `manager.subscribeToStatus(paymentId, …)` after
+ * `initiate` resolves.
+ */
+export function createDodoPaymentsProvider(config) {
+    const fetcher = config.fetcher ?? globalThis.fetch.bind(globalThis);
+    const navigate = config.navigate ??
+        ((url) => {
+            window.location.assign(url);
+        });
+    return {
+        id: 'dodopayments',
+        name: 'Dodo Payments',
+        async initiate(options, callbacks) {
+            try {
+                const body = {
+                    productId: options.productId,
+                    amount: options.amount,
+                    currency: options.currency,
+                };
+                if (options.metadata)
+                    body.metadata = options.metadata;
+                const response = await fetcher(config.checkoutEndpoint, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify(body),
+                });
+                if (!response.ok) {
+                    throw new Error(`coin-moebius/dodopayments: checkout endpoint responded ${response.status}`);
+                }
+                const payload = (await response.json());
+                if (!payload.url) {
+                    throw new Error('coin-moebius/dodopayments: checkout response missing `url`');
+                }
+                // Fire a pending event so the SDK's listeners can update UI before
+                // we navigate away. The buyer's onSuccess lands via the
+                // status-polling channel after the webhook clears server-side.
+                const result = {
+                    status: 'pending',
+                    paymentId: payload.paymentId ?? '',
+                    provider: 'dodopayments',
+                    amount: options.amount,
+                    currency: options.currency,
+                    metadata: options.metadata ?? {},
+                    timestamp: Date.now(),
+                };
+                callbacks.onPending?.(result);
+                assertSafeRedirectUrl(payload.url);
+                navigate(payload.url);
+            }
+            catch (err) {
+                callbacks.onError(err instanceof Error ? err : new Error(String(err)));
+            }
+        },
+    };
+}
+function assertSafeRedirectUrl(url) {
+    const parsed = new URL(url);
+    if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
+        throw new Error(`coin-moebius/dodopayments: redirect URL scheme "${parsed.protocol}" is not allowed`);
+    }
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA4CA;;;;;;;GAOG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAAkC;IAC5E,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,IAAI,UAAU,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACpE,MAAM,QAAQ,GACb,MAAM,CAAC,QAAQ;QACf,CAAC,CAAC,GAAW,EAAE,EAAE;YAChB,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,CAAC,CAAC,CAAC;IAEJ,OAAO;QACN,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,eAAe;QACrB,KAAK,CAAC,QAAQ,CAAC,OAAwB,EAAE,SAAS;YACjD,IAAI,CAAC;gBACJ,MAAM,IAAI,GAA4B;oBACrC,SAAS,EAAE,OAAO,CAAC,SAAS;oBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;iBAC1B,CAAC;gBACF,IAAI,OAAO,CAAC,QAAQ;oBAAE,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;gBAEvD,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,gBAAgB,EAAE;oBACvD,MAAM,EAAE,MAAM;oBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;oBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;iBAC1B,CAAC,CAAC;gBACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CACd,0DAA0D,QAAQ,CAAC,MAAM,EAAE,CAC3E,CAAC;gBACH,CAAC;gBACD,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqB,CAAC;gBAC5D,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;oBAClB,MAAM,IAAI,KAAK,CAAC,4DAA4D,CAAC,CAAC;gBAC/E,CAAC;gBAED,mEAAmE;gBACnE,wDAAwD;gBACxD,+DAA+D;gBAC/D,MAAM,MAAM,GAAkB;oBAC7B,MAAM,EAAE,SAAS;oBACjB,SAAS,EAAE,OAAO,CAAC,SAAS,IAAI,EAAE;oBAClC,QAAQ,EAAE,cAAc;oBACxB,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,QAAQ,EAAE,OAAO,CAAC,QAAQ;oBAC1B,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;oBAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;iBACrB,CAAC;gBACF,SAAS,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,CAAC;gBAC9B,qBAAqB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACnC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,SAAS,CAAC,OAAO,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACxE,CAAC;QACF,CAAC;KACD,CAAC;AACH,CAAC;AAED,SAAS,qBAAqB,CAAC,GAAW;IACzC,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,MAAM,CAAC,QAAQ,KAAK,QAAQ,IAAI,MAAM,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjE,MAAM,IAAI,KAAK,CACd,mDAAmD,MAAM,CAAC,QAAQ,kBAAkB,CACpF,CAAC;IACH,CAAC;AACF,CAAC"}

package/dist/server.d.ts ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * Dodo Payments server-side webhook verifier. Dodo signs webhooks with the
+ * [Standard Webhooks](https://www.standardwebhooks.com/) scheme (the same
+ * scheme Svix popularized), so verification is:
+ *
+ *   1. Read the `webhook-id`, `webhook-timestamp`, and `webhook-signature`
+ *      headers.
+ *   2. Reject the delivery if `webhook-timestamp` is outside the tolerance
+ *      window (replay protection — Standard Webhooks bakes a signed timestamp
+ *      into every delivery, so unlike NOWPayments we don't need the caller to
+ *      dedupe by id to be replay-safe; we still recommend it for idempotency).
+ *   3. Build the signed content as `${webhook-id}.${webhook-timestamp}.${rawBody}`.
+ *   4. HMAC-SHA256 it with the webhook secret. The `whsec_`-prefixed secret is
+ *      base64 AFTER the prefix; decode it to raw key bytes first.
+ *   5. base64-encode the digest and compare (constant time) against each
+ *      space-delimited `v1,<sig>` token in the `webhook-signature` header. The
+ *      header carries multiple signatures during key rotation; a match on any
+ *      one passes.
+ *
+ * **Raw body is required.** Standard Webhooks signs the exact bytes Dodo sent.
+ * Re-serializing a parsed object would change key order / whitespace and break
+ * the signature, so this verifier only accepts the raw request body as a
+ * string or byte buffer and throws (fails closed) on a pre-parsed object — the
+ * same contract the Stripe verifier enforces.
+ *
+ * The verifier maps Dodo's event stream onto the SDK's canonical
+ * `WebhookEvent` union. One-time payments, refunds, and disputes become
+ * `kind: 'payment'`; subscription lifecycle events become `kind: 'subscription'`.
+ * Event types the SDK doesn't model (payouts, license keys, informational
+ * dispute follow-ups) resolve to `null` so consumers can skip them without
+ * polluting their transaction store.
+ */
+import type { WebhookEvent } from '@aquarian-metals/coin-moebius-core';
+/** Default replay-tolerance window: reject deliveries whose signed timestamp is more than this many seconds from now. */
+export declare const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;
+/** Server-side config. `webhookSecret` is the `whsec_…` value from Dodo's dashboard webhook settings. */
+export interface DodoPaymentsVerifierConfig {
+    webhookSecret: string;
+    /**
+     * Replay-tolerance window in seconds. Deliveries whose `webhook-timestamp`
+     * is further than this from the current time are rejected. Defaults to
+     * {@link DEFAULT_WEBHOOK_TOLERANCE_SECONDS} (5 minutes), matching the
+     * Standard Webhooks reference implementations.
+     */
+    toleranceSeconds?: number;
+}
+/**
+ * The shape of a Dodo Payments webhook envelope. Mirrors the documented
+ * payload. Fields we don't read are still allowed via the index signature so
+ * future additions don't break verification.
+ */
+export interface DodoWebhookPayload {
+    business_id: string;
+    /** Event identifier, e.g. `payment.succeeded`, `subscription.active`. */
+    type: string;
+    /** ISO 8601 dispatch time. */
+    timestamp: string;
+    data: DodoEventData;
+    [key: string]: unknown;
+}
+/** The inner `data` object. `payload_type` discriminates the resource. */
+export interface DodoEventData {
+    payload_type: string;
+    payment_id?: string;
+    subscription_id?: string;
+    /** Smallest currency unit (e.g. cents) for payment payloads. */
+    total_amount?: number;
+    /** Smallest currency unit for refund payloads. */
+    amount?: number;
+    /** Smallest currency unit per cycle for subscription payloads. */
+    recurring_pre_tax_amount?: number;
+    currency?: string;
+    status?: string;
+    product_id?: string;
+    customer?: {
+        customer_id?: string;
+        email?: string;
+        name?: string;
+    };
+    next_billing_date?: string;
+    metadata?: Record<string, unknown>;
+    [key: string]: unknown;
+}
+/** Options for {@link getDodoPortalUrl}. */
+export interface DodoPortalOptions {
+    /** Dodo API key (Bearer). */
+    apiKey: string;
+    /** API host, e.g. `https://test.dodopayments.com` or `https://live.dodopayments.com`. */
+    apiBase: string;
+    /** The Dodo customer handle (`cus_…`). */
+    customerId: string;
+    /** Where the portal's back button returns the buyer to. */
+    returnUrl?: string;
+}
+/**
+ * Create a Dodo-hosted Customer Portal session and return its URL. The buyer
+ * manages their subscription (cancel, update card, view invoices) inside
+ * Dodo's branded UI; the merchant never sees card details.
+ *
+ * Mirrors `getStripePortalUrl` from the Stripe provider so a consumer dogfooding
+ * both rails calls the same shape. Hits
+ * `POST /customers/{id}/customer-portal/session` and reads the `link` field.
+ */
+export declare function getDodoPortalUrl(opts: DodoPortalOptions): Promise<string>;
+/**
+ * Build a Standard Webhooks verifier for Dodo Payments. The returned function
+ * matches the `Verifier` contract from `@aquarian-metals/coin-moebius-server`:
+ * `(rawBody, headers) => Promise<WebhookEvent | null>`. Register it with a
+ * verifier registry, or call it directly inside your webhook handler.
+ */
+export declare function createDodoPaymentsVerifier(config: DodoPaymentsVerifierConfig): (rawBody: unknown, headers?: unknown) => Promise<WebhookEvent | null>;
+/**
+ * Compute the Standard Webhooks signature for a delivery: base64 HMAC-SHA256
+ * of `${id}.${timestamp}.${body}` keyed by the base64-decoded webhook secret.
+ * Exported so callers with non-standard rawBody pipelines can verify with the
+ * same routine without re-importing internals. Returns the bare base64 digest
+ * (no `v1,` prefix).
+ */
+export declare function computeDodoSignature(id: string, timestamp: string, body: string, webhookSecret: string): Promise<string>;
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AAEH,OAAO,KAAK,EAIX,YAAY,EACZ,MAAM,oCAAoC,CAAC;AAE5C,yHAAyH;AACzH,eAAO,MAAM,iCAAiC,MAAM,CAAC;AAErD,yGAAyG;AACzG,MAAM,WAAW,0BAA0B;IAC1C,aAAa,EAAE,MAAM,CAAC;IACtB;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IAClC,WAAW,EAAE,MAAM,CAAC;IACpB,yEAAyE;IACzE,IAAI,EAAE,MAAM,CAAC;IACb,8BAA8B;IAC9B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,aAAa,CAAC;IACpB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED,0EAA0E;AAC1E,MAAM,WAAW,aAAa;IAC7B,YAAY,EAAE,MAAM,CAAC;IACrB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gEAAgE;IAChE,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,kDAAkD;IAClD,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,kEAAkE;IAClE,wBAAwB,CAAC,EAAE,MAAM,CAAC;IAClC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,KAAK,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACnE,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACvB;AAED,4CAA4C;AAC5C,MAAM,WAAW,iBAAiB;IACjC,6BAA6B;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,yFAAyF;IACzF,OAAO,EAAE,MAAM,CAAC;IAChB,0CAA0C;IAC1C,UAAU,EAAE,MAAM,CAAC;IACnB,2DAA2D;IAC3D,SAAS,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;GAQG;AACH,wBAAsB,gBAAgB,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CAkB/E;AAED;;;;;GAKG;AACH,wBAAgB,0BAA0B,CAAC,MAAM,EAAE,0BAA0B,IAI3E,SAAS,OAAO,EAChB,UAAU,OAAO,KACf,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAuC/B;AAED;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CACzC,EAAE,EAAE,MAAM,EACV,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,MAAM,GACnB,OAAO,CAAC,MAAM,CAAC,CAYjB"}

package/dist/server.js ADDED Viewed

@@ -0,0 +1,357 @@
+/**
+ * Dodo Payments server-side webhook verifier. Dodo signs webhooks with the
+ * [Standard Webhooks](https://www.standardwebhooks.com/) scheme (the same
+ * scheme Svix popularized), so verification is:
+ *
+ *   1. Read the `webhook-id`, `webhook-timestamp`, and `webhook-signature`
+ *      headers.
+ *   2. Reject the delivery if `webhook-timestamp` is outside the tolerance
+ *      window (replay protection — Standard Webhooks bakes a signed timestamp
+ *      into every delivery, so unlike NOWPayments we don't need the caller to
+ *      dedupe by id to be replay-safe; we still recommend it for idempotency).
+ *   3. Build the signed content as `${webhook-id}.${webhook-timestamp}.${rawBody}`.
+ *   4. HMAC-SHA256 it with the webhook secret. The `whsec_`-prefixed secret is
+ *      base64 AFTER the prefix; decode it to raw key bytes first.
+ *   5. base64-encode the digest and compare (constant time) against each
+ *      space-delimited `v1,<sig>` token in the `webhook-signature` header. The
+ *      header carries multiple signatures during key rotation; a match on any
+ *      one passes.
+ *
+ * **Raw body is required.** Standard Webhooks signs the exact bytes Dodo sent.
+ * Re-serializing a parsed object would change key order / whitespace and break
+ * the signature, so this verifier only accepts the raw request body as a
+ * string or byte buffer and throws (fails closed) on a pre-parsed object — the
+ * same contract the Stripe verifier enforces.
+ *
+ * The verifier maps Dodo's event stream onto the SDK's canonical
+ * `WebhookEvent` union. One-time payments, refunds, and disputes become
+ * `kind: 'payment'`; subscription lifecycle events become `kind: 'subscription'`.
+ * Event types the SDK doesn't model (payouts, license keys, informational
+ * dispute follow-ups) resolve to `null` so consumers can skip them without
+ * polluting their transaction store.
+ */
+/** Default replay-tolerance window: reject deliveries whose signed timestamp is more than this many seconds from now. */
+export const DEFAULT_WEBHOOK_TOLERANCE_SECONDS = 300;
+/**
+ * Create a Dodo-hosted Customer Portal session and return its URL. The buyer
+ * manages their subscription (cancel, update card, view invoices) inside
+ * Dodo's branded UI; the merchant never sees card details.
+ *
+ * Mirrors `getStripePortalUrl` from the Stripe provider so a consumer dogfooding
+ * both rails calls the same shape. Hits
+ * `POST /customers/{id}/customer-portal/session` and reads the `link` field.
+ */
+export async function getDodoPortalUrl(opts) {
+    const base = opts.apiBase.replace(/\/$/, '');
+    const url = new URL(`${base}/customers/${opts.customerId}/customer-portal/session`);
+    if (opts.returnUrl)
+        url.searchParams.set('return_url', opts.returnUrl);
+    const response = await fetch(url, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${opts.apiKey}`, 'Content-Type': 'application/json' },
+    });
+    if (!response.ok) {
+        throw new Error(`coin-moebius/dodopayments: customer-portal session failed (${response.status})`);
+    }
+    const payload = (await response.json());
+    if (!payload.link) {
+        throw new Error('coin-moebius/dodopayments: customer-portal response missing `link`');
+    }
+    return payload.link;
+}
+/**
+ * Build a Standard Webhooks verifier for Dodo Payments. The returned function
+ * matches the `Verifier` contract from `@aquarian-metals/coin-moebius-server`:
+ * `(rawBody, headers) => Promise<WebhookEvent | null>`. Register it with a
+ * verifier registry, or call it directly inside your webhook handler.
+ */
+export function createDodoPaymentsVerifier(config) {
+    const tolerance = config.toleranceSeconds ?? DEFAULT_WEBHOOK_TOLERANCE_SECONDS;
+    return async function verifyDodoWebhook(rawBody, headers) {
+        if (!config.webhookSecret) {
+            throw new Error('coin-moebius/dodopayments: webhookSecret missing on verifier config');
+        }
+        const headerRecord = (headers ?? {});
+        const id = headerValue(headerRecord, 'webhook-id') ?? headerValue(headerRecord, 'svix-id');
+        const timestamp = headerValue(headerRecord, 'webhook-timestamp') ?? headerValue(headerRecord, 'svix-timestamp');
+        const signatureHeader = headerValue(headerRecord, 'webhook-signature') ?? headerValue(headerRecord, 'svix-signature');
+        if (!id || !timestamp || !signatureHeader) {
+            throw new Error('coin-moebius/dodopayments: missing webhook-id / webhook-timestamp / webhook-signature header');
+        }
+        assertTimestampFresh(timestamp, tolerance);
+        // Standard Webhooks signs the exact bytes Dodo sent. We need the raw
+        // body string verbatim — re-serializing a parsed object would change
+        // the bytes and break the signature, so reject objects (fail closed).
+        const rawString = toRawString(rawBody);
+        const expected = await computeDodoSignature(id, timestamp, rawString, config.webhookSecret);
+        if (!signatureHeaderMatches(signatureHeader, expected)) {
+            throw new Error('coin-moebius/dodopayments: invalid signature');
+        }
+        let payload;
+        try {
+            payload = JSON.parse(rawString);
+        }
+        catch {
+            throw new Error('coin-moebius/dodopayments: body is not valid JSON');
+        }
+        return toWebhookEvent(payload);
+    };
+}
+/**
+ * Compute the Standard Webhooks signature for a delivery: base64 HMAC-SHA256
+ * of `${id}.${timestamp}.${body}` keyed by the base64-decoded webhook secret.
+ * Exported so callers with non-standard rawBody pipelines can verify with the
+ * same routine without re-importing internals. Returns the bare base64 digest
+ * (no `v1,` prefix).
+ */
+export async function computeDodoSignature(id, timestamp, body, webhookSecret) {
+    const secretBytes = decodeSecret(webhookSecret);
+    const message = new TextEncoder().encode(`${id}.${timestamp}.${body}`);
+    const key = await crypto.subtle.importKey('raw', secretBytes, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']);
+    const sigBuf = await crypto.subtle.sign('HMAC', key, message);
+    return bytesToBase64(new Uint8Array(sigBuf));
+}
+/**
+ * The Standard Webhooks secret is `whsec_<base64>`. The `whsec_` prefix is a
+ * human-readable label, not part of the key — strip it, then base64-decode the
+ * remainder to the raw HMAC key bytes. Secrets without the prefix are decoded
+ * as-is for tolerance.
+ */
+function decodeSecret(secret) {
+    const b64 = secret.startsWith('whsec_') ? secret.slice('whsec_'.length) : secret;
+    return base64ToBytes(b64);
+}
+/**
+ * The `webhook-signature` header is a space-delimited list of `<version>,<sig>`
+ * tokens (e.g. `v1,abc= v1,def=`) to support zero-downtime key rotation. We
+ * compare our expected base64 digest against each `v1` token in constant time;
+ * a match on any one passes.
+ */
+function signatureHeaderMatches(header, expected) {
+    for (const token of header.split(' ')) {
+        const comma = token.indexOf(',');
+        if (comma === -1)
+            continue;
+        const version = token.slice(0, comma);
+        const sig = token.slice(comma + 1);
+        if (version === 'v1' && timingSafeStringEqual(sig, expected))
+            return true;
+    }
+    return false;
+}
+function assertTimestampFresh(timestamp, toleranceSeconds) {
+    const ts = Number(timestamp);
+    if (!Number.isFinite(ts)) {
+        throw new Error('coin-moebius/dodopayments: webhook-timestamp is not a number');
+    }
+    const nowSeconds = Date.now() / 1000;
+    if (Math.abs(nowSeconds - ts) > toleranceSeconds) {
+        throw new Error('coin-moebius/dodopayments: webhook-timestamp outside tolerance (replay?)');
+    }
+}
+function toRawString(rawBody) {
+    if (typeof rawBody === 'string')
+        return rawBody;
+    if (rawBody instanceof Uint8Array)
+        return new TextDecoder().decode(rawBody);
+    if (rawBody instanceof ArrayBuffer)
+        return new TextDecoder().decode(new Uint8Array(rawBody));
+    throw new Error('coin-moebius/dodopayments: raw body must be the unparsed request string or bytes — ' +
+        'Standard Webhooks signs the exact payload, so a pre-parsed object cannot be verified');
+}
+/**
+ * Map a Dodo webhook envelope onto the SDK's `WebhookEvent` union. Returns
+ * `null` for event types the SDK doesn't model (payouts, license keys,
+ * informational dispute follow-ups, failed refunds).
+ */
+function toWebhookEvent(payload) {
+    const type = payload.type;
+    if (type.startsWith('subscription.')) {
+        return toSubscriptionEvent(payload);
+    }
+    const paymentStatus = mapPaymentEvent(type);
+    if (!paymentStatus)
+        return null;
+    return toPaymentEvent(payload, paymentStatus);
+}
+/**
+ * Map a Dodo payment/refund/dispute event type onto `PaymentResult.status`.
+ * Returns `null` for events that don't represent a payment state change the
+ * SDK surfaces (e.g. `refund.failed`, dispute lifecycle follow-ups, payouts).
+ *
+ *   - `payment.succeeded`            → success
+ *   - `payment.processing`          → pending
+ *   - `payment.failed` / `.cancelled` → failed
+ *   - `refund.succeeded`            → refunded
+ *   - `dispute.opened`              → disputed
+ *
+ * Dispute resolution events (`dispute.won`, `dispute.lost`, `dispute.accepted`,
+ * etc.) are intentionally not mapped: the SDK's status enum can't represent
+ * "won/lost", and re-emitting `disputed` would double-count. Consumers needing
+ * the full dispute lifecycle can read `event.raw`.
+ */
+function mapPaymentEvent(type) {
+    switch (type) {
+        case 'payment.succeeded':
+            return 'success';
+        case 'payment.processing':
+            return 'pending';
+        case 'payment.failed':
+        case 'payment.cancelled':
+            return 'failed';
+        case 'refund.succeeded':
+            return 'refunded';
+        case 'dispute.opened':
+            return 'disputed';
+        default:
+            return null;
+    }
+}
+function toPaymentEvent(payload, status) {
+    const data = payload.data;
+    // Refunds and disputes reference the original `payment_id`, so we key every
+    // payment-family event on it for cross-event linking (refund/dispute back to
+    // the original payment), mirroring the Stripe verifier's PaymentIntent link.
+    const paymentId = data.payment_id ?? data.subscription_id ?? '';
+    // Refund payloads carry the refunded `amount`; payment/dispute payloads carry
+    // `total_amount`. Both are minor units.
+    const minor = status === 'refunded' ? (data.amount ?? data.total_amount) : data.total_amount;
+    return {
+        kind: 'payment',
+        status,
+        paymentId,
+        provider: 'dodopayments',
+        amount: minorToMajor(minor),
+        currency: (data.currency ?? 'USD').toUpperCase(),
+        metadata: {
+            ...(data.metadata ?? {}),
+            email: data.customer?.email,
+            dodoEventType: payload.type,
+            dodoStatus: data.status,
+        },
+        timestamp: Date.now(),
+        raw: payload,
+    };
+}
+/**
+ * Map a Dodo `subscription.*` event onto the cross-provider `SubscriptionEvent`
+ * shape.
+ *
+ *   - `subscription.active`       → subscription.created (initial activation)
+ *   - `subscription.renewed`      → subscription.renewed
+ *   - `subscription.failed`       → subscription.payment_failed (mandate/first charge failed)
+ *   - `subscription.on_hold`      → subscription.updated (paused after dunning)
+ *   - `subscription.cancelled`    → subscription.canceled
+ *   - `subscription.expired`      → subscription.canceled (reached end of term)
+ *   - `subscription.plan_changed` → subscription.updated
+ *   - everything else (`subscription.updated`, future types) → subscription.updated
+ */
+function toSubscriptionEvent(payload) {
+    const data = payload.data;
+    const type = mapSubscriptionEventType(payload.type);
+    const customerRef = data.customer?.customer_id ?? data.customer?.email ?? null;
+    return {
+        kind: 'subscription',
+        type,
+        subscriptionId: data.subscription_id ?? '',
+        provider: 'dodopayments',
+        productId: data.product_id ?? null,
+        customerRef,
+        status: mapSubscriptionStatus(data.status),
+        currentPeriodEnd: parseIsoToUnixSeconds(data.next_billing_date),
+        amount: minorToMajor(data.recurring_pre_tax_amount),
+        currency: (data.currency ?? 'USD').toUpperCase(),
+        metadata: {
+            ...(data.metadata ?? {}),
+            email: data.customer?.email,
+            dodoEventType: payload.type,
+            dodoStatus: data.status,
+        },
+        timestamp: Date.now(),
+        raw: payload,
+    };
+}
+function mapSubscriptionEventType(type) {
+    switch (type) {
+        case 'subscription.active':
+            return 'subscription.created';
+        case 'subscription.renewed':
+            return 'subscription.renewed';
+        case 'subscription.failed':
+            return 'subscription.payment_failed';
+        case 'subscription.cancelled':
+        case 'subscription.expired':
+            return 'subscription.canceled';
+        default:
+            // subscription.on_hold, subscription.plan_changed, subscription.updated, …
+            return 'subscription.updated';
+    }
+}
+/**
+ * Map Dodo's subscription `status` onto our neutral `SubscriptionStatus`.
+ * Provider-specific reasons stay in `metadata.dodoStatus` untouched.
+ */
+function mapSubscriptionStatus(status) {
+    switch (status) {
+        case 'active':
+            return 'active';
+        case 'on_hold':
+        case 'failed':
+            return 'past_due';
+        case 'paused':
+            return 'paused';
+        case 'cancelled':
+        case 'expired':
+            return 'canceled';
+        default:
+            return 'unknown';
+    }
+}
+/**
+ * Convert a minor-unit integer (cents) to a major-unit decimal. Mirrors the
+ * Stripe verifier's unconditional `/100`: the SDK's other fiat provider takes
+ * the same shortcut rather than carrying a per-currency exponent table, so we
+ * stay consistent. Zero-decimal currencies (JPY, etc.) would need a divisor of
+ * 1; revisit here and in the Stripe verifier together if that case ships.
+ */
+function minorToMajor(minor) {
+    return (minor ?? 0) / 100;
+}
+/** Parse an ISO 8601 timestamp to Unix seconds. Returns `null` when absent or unparseable. */
+function parseIsoToUnixSeconds(iso) {
+    if (!iso)
+        return null;
+    const ms = Date.parse(iso);
+    return Number.isNaN(ms) ? null : Math.floor(ms / 1000);
+}
+function headerValue(headers, name) {
+    const lower = name.toLowerCase();
+    for (const [key, value] of Object.entries(headers)) {
+        if (key.toLowerCase() === lower)
+            return value;
+    }
+    return undefined;
+}
+function timingSafeStringEqual(a, b) {
+    if (a.length !== b.length)
+        return false;
+    let mismatch = 0;
+    for (let i = 0; i < a.length; i++) {
+        mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+    }
+    return mismatch === 0;
+}
+function base64ToBytes(b64) {
+    const binary = atob(b64);
+    const bytes = new Uint8Array(binary.length);
+    for (let i = 0; i < binary.length; i++)
+        bytes[i] = binary.charCodeAt(i);
+    return bytes;
+}
+function bytesToBase64(bytes) {
+    let binary = '';
+    for (const b of bytes)
+        binary += String.fromCharCode(b);
+    return btoa(binary);
+}
+//# sourceMappingURL=server.js.map

package/dist/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AASH,yHAAyH;AACzH,MAAM,CAAC,MAAM,iCAAiC,GAAG,GAAG,CAAC;AA6DrD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,IAAuB;IAC7D,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,cAAc,IAAI,CAAC,UAAU,0BAA0B,CAAC,CAAC;IACpF,IAAI,IAAI,CAAC,SAAS;QAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QACjC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,IAAI,CAAC,MAAM,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;KACvF,CAAC,CAAC;IACH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACd,8DAA8D,QAAQ,CAAC,MAAM,GAAG,CAChF,CAAC;IACH,CAAC;IACD,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAsB,CAAC;IAC7D,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QACnB,MAAM,IAAI,KAAK,CAAC,oEAAoE,CAAC,CAAC;IACvF,CAAC;IACD,OAAO,OAAO,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,MAAkC;IAC5E,MAAM,SAAS,GAAG,MAAM,CAAC,gBAAgB,IAAI,iCAAiC,CAAC;IAE/E,OAAO,KAAK,UAAU,iBAAiB,CACtC,OAAgB,EAChB,OAAiB;QAEjB,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CAAC,qEAAqE,CAAC,CAAC;QACxF,CAAC;QAED,MAAM,YAAY,GAAG,CAAC,OAAO,IAAI,EAAE,CAAuC,CAAC;QAC3E,MAAM,EAAE,GAAG,WAAW,CAAC,YAAY,EAAE,YAAY,CAAC,IAAI,WAAW,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAC3F,MAAM,SAAS,GACd,WAAW,CAAC,YAAY,EAAE,mBAAmB,CAAC,IAAI,WAAW,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QAC/F,MAAM,eAAe,GACpB,WAAW,CAAC,YAAY,EAAE,mBAAmB,CAAC,IAAI,WAAW,CAAC,YAAY,EAAE,gBAAgB,CAAC,CAAC;QAE/F,IAAI,CAAC,EAAE,IAAI,CAAC,SAAS,IAAI,CAAC,eAAe,EAAE,CAAC;YAC3C,MAAM,IAAI,KAAK,CACd,8FAA8F,CAC9F,CAAC;QACH,CAAC;QAED,oBAAoB,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAE3C,qEAAqE;QACrE,qEAAqE;QACrE,sEAAsE;QACtE,MAAM,SAAS,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;QAEvC,MAAM,QAAQ,GAAG,MAAM,oBAAoB,CAAC,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;QAC5F,IAAI,CAAC,sBAAsB,CAAC,eAAe,EAAE,QAAQ,CAAC,EAAE,CAAC;YACxD,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;QACjE,CAAC;QAED,IAAI,OAA2B,CAAC;QAChC,IAAI,CAAC;YACJ,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAuB,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACR,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;QACtE,CAAC;QAED,OAAO,cAAc,CAAC,OAAO,CAAC,CAAC;IAChC,CAAC,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACzC,EAAU,EACV,SAAiB,EACjB,IAAY,EACZ,aAAqB;IAErB,MAAM,WAAW,GAAG,YAAY,CAAC,aAAa,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,SAAS,IAAI,IAAI,EAAE,CAAC,CAAC;IACvE,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,SAAS,CACxC,KAAK,EACL,WAA2B,EAC3B,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACR,CAAC;IACF,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC;IAC9D,OAAO,aAAa,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,SAAS,YAAY,CAAC,MAAc;IACnC,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjF,OAAO,aAAa,CAAC,GAAG,CAAC,CAAC;AAC3B,CAAC;AAED;;;;;GAKG;AACH,SAAS,sBAAsB,CAAC,MAAc,EAAE,QAAgB;IAC/D,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACvC,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,KAAK,CAAC,CAAC;YAAE,SAAS;QAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;QACtC,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC;QACnC,IAAI,OAAO,KAAK,IAAI,IAAI,qBAAqB,CAAC,GAAG,EAAE,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;IAC3E,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAS,oBAAoB,CAAC,SAAiB,EAAE,gBAAwB;IACxE,MAAM,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAC7B,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;IACjF,CAAC;IACD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IACrC,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC,GAAG,gBAAgB,EAAE,CAAC;QAClD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC7F,CAAC;AACF,CAAC;AAED,SAAS,WAAW,CAAC,OAAgB;IACpC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IAChD,IAAI,OAAO,YAAY,UAAU;QAAE,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5E,IAAI,OAAO,YAAY,WAAW;QAAE,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC;IAC7F,MAAM,IAAI,KAAK,CACd,qFAAqF;QACpF,sFAAsF,CACvF,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,SAAS,cAAc,CAAC,OAA2B;IAClD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAE1B,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACtC,OAAO,mBAAmB,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,MAAM,aAAa,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,aAAa;QAAE,OAAO,IAAI,CAAC;IAChC,OAAO,cAAc,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;AAC/C,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,SAAS,eAAe,CAAC,IAAY;IACpC,QAAQ,IAAI,EAAE,CAAC;QACd,KAAK,mBAAmB;YACvB,OAAO,SAAS,CAAC;QAClB,KAAK,oBAAoB;YACxB,OAAO,SAAS,CAAC;QAClB,KAAK,gBAAgB,CAAC;QACtB,KAAK,mBAAmB;YACvB,OAAO,QAAQ,CAAC;QACjB,KAAK,kBAAkB;YACtB,OAAO,UAAU,CAAC;QACnB,KAAK,gBAAgB;YACpB,OAAO,UAAU,CAAC;QACnB;YACC,OAAO,IAAI,CAAC;IACd,CAAC;AACF,CAAC;AAED,SAAS,cAAc,CACtB,OAA2B,EAC3B,MAA+B;IAE/B,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,4EAA4E;IAC5E,6EAA6E;IAC7E,6EAA6E;IAC7E,MAAM,SAAS,GAAG,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,eAAe,IAAI,EAAE,CAAC;IAChE,8EAA8E;IAC9E,wCAAwC;IACxC,MAAM,KAAK,GAAG,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC;IAC7F,OAAO;QACN,IAAI,EAAE,SAAS;QACf,MAAM;QACN,SAAS;QACT,QAAQ,EAAE,cAAc;QACxB,MAAM,EAAE,YAAY,CAAC,KAAK,CAAC;QAC3B,QAAQ,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE;QAChD,QAAQ,EAAE;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;YACxB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK;YAC3B,aAAa,EAAE,OAAO,CAAC,IAAI;YAC3B,UAAU,EAAE,IAAI,CAAC,MAAM;SACvB;QACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,GAAG,EAAE,OAAO;KACZ,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,SAAS,mBAAmB,CAAC,OAA2B;IACvD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAC1B,MAAM,IAAI,GAAG,wBAAwB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACpD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,WAAW,IAAI,IAAI,CAAC,QAAQ,EAAE,KAAK,IAAI,IAAI,CAAC;IAC/E,OAAO;QACN,IAAI,EAAE,cAAc;QACpB,IAAI;QACJ,cAAc,EAAE,IAAI,CAAC,eAAe,IAAI,EAAE;QAC1C,QAAQ,EAAE,cAAc;QACxB,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;QAClC,WAAW;QACX,MAAM,EAAE,qBAAqB,CAAC,IAAI,CAAC,MAAM,CAAC;QAC1C,gBAAgB,EAAE,qBAAqB,CAAC,IAAI,CAAC,iBAAiB,CAAC;QAC/D,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,wBAAwB,CAAC;QACnD,QAAQ,EAAE,CAAC,IAAI,CAAC,QAAQ,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE;QAChD,QAAQ,EAAE;YACT,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAAC;YACxB,KAAK,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK;YAC3B,aAAa,EAAE,OAAO,CAAC,IAAI;YAC3B,UAAU,EAAE,IAAI,CAAC,MAAM;SACvB;QACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;QACrB,GAAG,EAAE,OAAO;KACZ,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB,CAAC,IAAY;IAC7C,QAAQ,IAAI,EAAE,CAAC;QACd,KAAK,qBAAqB;YACzB,OAAO,sBAAsB,CAAC;QAC/B,KAAK,sBAAsB;YAC1B,OAAO,sBAAsB,CAAC;QAC/B,KAAK,qBAAqB;YACzB,OAAO,6BAA6B,CAAC;QACtC,KAAK,wBAAwB,CAAC;QAC9B,KAAK,sBAAsB;YAC1B,OAAO,uBAAuB,CAAC;QAChC;YACC,2EAA2E;YAC3E,OAAO,sBAAsB,CAAC;IAChC,CAAC;AACF,CAAC;AAED;;;GAGG;AACH,SAAS,qBAAqB,CAAC,MAA0B;IACxD,QAAQ,MAAM,EAAE,CAAC;QAChB,KAAK,QAAQ;YACZ,OAAO,QAAQ,CAAC;QACjB,KAAK,SAAS,CAAC;QACf,KAAK,QAAQ;YACZ,OAAO,UAAU,CAAC;QACnB,KAAK,QAAQ;YACZ,OAAO,QAAQ,CAAC;QACjB,KAAK,WAAW,CAAC;QACjB,KAAK,SAAS;YACb,OAAO,UAAU,CAAC;QACnB;YACC,OAAO,SAAS,CAAC;IACnB,CAAC;AACF,CAAC;AAED;;;;;;GAMG;AACH,SAAS,YAAY,CAAC,KAAyB;IAC9C,OAAO,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;AAC3B,CAAC;AAED,8FAA8F;AAC9F,SAAS,qBAAqB,CAAC,GAAuB;IACrD,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3B,OAAO,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,GAAG,IAAI,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,WAAW,CACnB,OAA2C,EAC3C,IAAY;IAEZ,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,IAAI,GAAG,CAAC,WAAW,EAAE,KAAK,KAAK;YAAE,OAAO,KAAK,CAAC;IAC/C,CAAC;IACD,OAAO,SAAS,CAAC;AAClB,CAAC;AAED,SAAS,qBAAqB,CAAC,CAAS,EAAE,CAAS;IAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,QAAQ,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IACD,OAAO,QAAQ,KAAK,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IACjC,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,KAAK,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;IACxE,OAAO,KAAK,CAAC;AACd,CAAC;AAED,SAAS,aAAa,CAAC,KAAiB;IACvC,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,KAAK;QAAE,MAAM,IAAI,MAAM,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IACxD,OAAO,IAAI,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,61 @@
+{
+	"name": "@aquarian-metals/coin-moebius-dodopayments",
+	"version": "3.0.0",
+	"description": "Dodo Payments provider for Coin Moebius — Merchant-of-Record hosted checkout for one-time and subscription payments, plus a server-only Standard Webhooks verifier under the ./server subpath.",
+	"keywords": [
+		"payments",
+		"dodopayments",
+		"merchant-of-record",
+		"checkout",
+		"subscriptions",
+		"webhook",
+		"standard-webhooks",
+		"coin-moebius"
+	],
+	"author": "aquarian-metals",
+	"license": "MIT",
+	"homepage": "https://github.com/aquarian-metals/coin-moebius#readme",
+	"bugs": {
+		"url": "https://github.com/aquarian-metals/coin-moebius/issues"
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/aquarian-metals/coin-moebius.git",
+		"directory": "packages/providers/dodopayments"
+	},
+	"type": "module",
+	"main": "./dist/index.js",
+	"types": "./dist/index.d.ts",
+	"sideEffects": false,
+	"files": [
+		"dist"
+	],
+	"exports": {
+		".": {
+			"types": "./dist/index.d.ts",
+			"import": "./dist/index.js"
+		},
+		"./server": {
+			"types": "./dist/server.d.ts",
+			"import": "./dist/server.js"
+		},
+		"./package.json": "./package.json"
+	},
+	"scripts": {
+		"clean": "node -e \"require('fs').rmSync('dist',{recursive:true,force:true})\"",
+		"build": "tsc",
+		"prepublishOnly": "npm run clean && npm run build"
+	},
+	"engines": {
+		"node": ">=18"
+	},
+	"dependencies": {
+		"@aquarian-metals/coin-moebius-core": "^3.0.0"
+	},
+	"devDependencies": {
+		"typescript": "~5.8.0"
+	},
+	"publishConfig": {
+		"access": "public"
+	}
+}