@develit-services/bank 0.2.2 → 0.2.4

package/dist/export/workflows.cjs

@@ -3,25 +3,34 @@
 const cloudflare_workers = require('cloudflare:workers');
 const cloudflare_workflows = require('cloudflare:workflows');
 const d1 = require('drizzle-orm/d1');
-const database_schema = require('../shared/bank.CWAToo_g.cjs');
+const database_schema = require('../shared/bank.NdqOkgpd.cjs');
 const backendSdk = require('@develit-io/backend-sdk');
-const bank = require('../shared/bank.CEraaQIT.cjs');
+const encryption = require('../shared/bank.CHS79KTx.cjs');
 const drizzleOrm = require('drizzle-orm');
 require('drizzle-orm/sqlite-core');
 require('date-fns');
-require('@develit-io/general-codes');
-require('zod');
 require('jose');
+require('@develit-io/general-codes');
 require('drizzle-zod');
 require('drizzle-orm/relations');
-require('../shared/bank.B8QzFnJl.cjs');
+require('../shared/bank.CyinOg3r.cjs');
 
-const getAccountByIdQuery = async (db, { accountId }) => {
-  return await db.select().from(database_schema.tables.account).where(drizzleOrm.eq(database_schema.tables.account.id, accountId)).get();
+const updateAccountLastSyncCommand = (db, {
+  lastSyncAt,
+  accountId,
+  lastSyncMetadata
+}) => {
+  const command = db.update(database_schema.tables.account).set({
+    lastSyncAt,
+    lastSyncMetadata
+  }).where(drizzleOrm.eq(database_schema.tables.account.id, accountId)).returning();
+  return {
+    command
+  };
 };
 
-const getPaymentsByBankRefIdsQuery = async (db, { ids }) => {
-  return await db.select().from(database_schema.tables.payment).where(drizzleOrm.inArray(database_schema.tables.payment.bankRefId, ids));
+const getAccountByIdQuery = async (db, { accountId }) => {
+  return await db.select().from(database_schema.tables.account).where(drizzleOrm.eq(database_schema.tables.account.id, accountId)).get();
 };
 
 function pushToQueue(queue, message) {
@@ -38,6 +47,7 @@ class SyncAccountPaymentsWorkflow extends cloudflare_workers.WorkflowEntrypoint
     const { accountId } = event.payload;
     const db = d1.drizzle(this.env.BANK_D1, { schema: database_schema.tables });
     while (true) {
+      const now = /* @__PURE__ */ new Date();
       const account = await step.do("load account", async () => {
         const account2 = await getAccountByIdQuery(db, { accountId });
         if (!account2) {
@@ -45,21 +55,10 @@ class SyncAccountPaymentsWorkflow extends cloudflare_workers.WorkflowEntrypoint
         }
         return account2;
       });
-      if (!account.lastSyncedAt) {
+      if (!account.lastSyncAt) {
         throw new Error(`lastSyncedAt is not set for account: ${accountId}`);
       }
-      const credentials = await step.do(
-        "load account credentials",
-        async () => {
-          const credentials2 = await bank.getCredentialsByAccountId(db, { accountId });
-          if (!credentials2) {
-            throw new cloudflare_workflows.NonRetryableError(
-              `No credentials found for account: ${accountId}`
-            );
-          }
-          return credentials2;
-        }
-      );
+      //! ### This step is currently inside the fetch payments step with retries due to cf workflows output logs (until they allow hiding sensitive data) <-----
       const payments = await step.do(
         "fetch bank payments",
         {
@@ -67,7 +66,23 @@ class SyncAccountPaymentsWorkflow extends cloudflare_workers.WorkflowEntrypoint
           timeout: "30 seconds"
         },
         async () => {
-          const connector = bank.initiateConnector({
+          const encryptionKey = await encryption.importAesKey(this.env.ENCRYPTION_KEY);
+          const credentials = await encryption.getCredentialsByAccountId(
+            db,
+            encryptionKey,
+            { accountId }
+          );
+          if (!credentials) {
+            throw new cloudflare_workflows.NonRetryableError(
+              `No credentials found for account: ${accountId}`
+            );
+          }
+          if (credentials.expiresAt < /* @__PURE__ */ new Date()) {
+            throw new cloudflare_workflows.NonRetryableError(
+              `Credentials have expired for account: ${accountId}`
+            );
+          }
+          const connector = encryption.initiateConnector({
             env: this.env,
             bank: account.connectorKey,
             connectedAccounts: [
@@ -82,84 +97,67 @@ class SyncAccountPaymentsWorkflow extends cloudflare_workers.WorkflowEntrypoint
             environment: this.env.ENVIRONMENT,
             db,
             account,
-            filter: { dateFrom: account.lastSyncedAt }
+            filter: { dateFrom: account.lastSyncAt }
           });
         }
       );
-      if (payments.length) {
-        const bankRefIds = payments.map((payment) => payment.parsed.bankRefId).filter(Boolean);
-        const existing = await step.do("load existing payments", async () => {
-          return await getPaymentsByBankRefIdsQuery(db, {
-            ids: bankRefIds
-          });
-        });
-        const paymentsToUpdate = payments.filter(
-          (p) => existing.some((e) => e.bankRefId === p.parsed.bankRefId)
-        );
-        const paymentsToCreate = payments.filter(
-          (p) => !existing.some((e) => e.bankRefId === p.parsed.bankRefId)
+      const paymentsToProcess = payments.filter(
+        (p) => p.parsed.status === "COMPLETED" || p.parsed.status === "FAILED"
+      );
+      if (paymentsToProcess.length) {
+        const lastSyncBankRefIds = account.lastSyncMetadata?.lastSyncBankRefIds || [];
+        const paymentsToInsert = paymentsToProcess.filter(
+          (p) => !lastSyncBankRefIds.includes(p.parsed.bankRefId)
         );
-        await step.do("process payments and update lastSyncAt", async () => {
-          const eventsToEmit = [];
-          const updateCommands = paymentsToUpdate.map(
-            (p) => bank.updatePaymentCommand(db, { payment: p.parsed }).command
-          );
-          eventsToEmit.push(
-            ...paymentsToUpdate.map((p) => ({
-              eventType: "BANK_PAYMENT",
-              eventSignal: "paymentUpdated",
-              bankPayment: p.parsed,
-              metadata: {
-                correlationId: p.parsed.correlationId,
-                entityId: p.parsed.id,
-                idempotencySuffix: p.parsed.status,
-                timestamp: (/* @__PURE__ */ new Date()).toDateString()
-              }
-            }))
-          );
-          const createCommands = paymentsToCreate.map(
-            (p) => bank.createPaymentCommand(db, { payment: p.parsed }).command
-          );
-          eventsToEmit.push(
-            ...paymentsToCreate.map((p) => ({
-              eventType: "BANK_PAYMENT",
-              eventSignal: "paymentCreated",
-              bankPayment: p.parsed,
-              metadata: {
-                correlationId: p.parsed.correlationId,
-                entityId: p.parsed.id,
-                timestamp: (/* @__PURE__ */ new Date()).toDateString()
-              }
-            }))
-          );
-          const latest = payments.reduce((current, p) => {
-            return new Date(p.parsed.processedAt).getTime() > new Date(current.parsed.processedAt).getTime() ? p : current;
-          }, payments[0]);
-          const updateLastSyncCommand = bank.updateAccountLastSyncCommand(db, {
-            accountId: account.id,
-            lastSyncedAt: latest.parsed.processedAt
-          }).command;
-          if (eventsToEmit.length) {
-            await db.batch(
-              backendSdk.asNonEmpty([
-                updateLastSyncCommand,
-                ...updateCommands,
-                ...createCommands
-              ])
+        await step.do(
+          "process new payments and update lastSyncAt",
+          async () => {
+            const eventsToEmit = [];
+            const createCommands = paymentsToInsert.map(
+              (p) => encryption.createPaymentCommand(db, { payment: p.parsed }).command
             );
-            await pushToQueue(
-              this.env.QUEUE_BUS_QUEUE,
-              eventsToEmit
+            eventsToEmit.push(
+              ...paymentsToInsert.map((p) => ({
+                eventType: "BANK_PAYMENT",
+                eventSignal: "paymentCreated",
+                bankPayment: p.parsed,
+                metadata: {
+                  correlationId: p.parsed.correlationId,
+                  entityId: p.parsed.id,
+                  timestamp: (/* @__PURE__ */ new Date()).toDateString()
+                }
+              }))
             );
+            const lastSyncMetadata = {
+              payments: payments.length,
+              paymentsToProcess: paymentsToProcess.length,
+              paymentsInserted: paymentsToInsert.length,
+              lastSyncBankRefIds: paymentsToProcess.map(
+                (p) => p.parsed.bankRefId
+              ),
+              lastSyncPayments: lastSyncBankRefIds.length,
+              eventsEmitted: eventsToEmit.length
+            };
+            const updateLastSyncCommand = updateAccountLastSyncCommand(db, {
+              accountId: account.id,
+              lastSyncAt: now,
+              lastSyncMetadata
+            }).command;
+            if (eventsToEmit.length) {
+              await db.batch(
+                backendSdk.asNonEmpty([updateLastSyncCommand, ...createCommands])
+              );
+              await pushToQueue(
+                this.env.QUEUE_BUS_QUEUE,
+                eventsToEmit
+              );
+            }
+            return {
+              ...lastSyncMetadata,
+              newLastSyncAt: now
+            };
           }
-          return {
-            payments: payments.length,
-            updated: paymentsToUpdate.length,
-            created: paymentsToCreate.length,
-            eventsEmitted: eventsToEmit.length,
-            lastSyncedAt: latest?.parsed?.createdAt
-          };
-        });
+        );
       }
       await step.sleep(
         "Sleep for next sync",

package/dist/export/workflows.mjs

@@ -1,25 +1,34 @@
 import { WorkflowEntrypoint } from 'cloudflare:workers';
 import { NonRetryableError } from 'cloudflare:workflows';
 import { drizzle } from 'drizzle-orm/d1';
-import { t as tables } from '../shared/bank.B0uSWeRe.mjs';
+import { t as tables } from '../shared/bank.DXn9jD0Q.mjs';
 import { asNonEmpty } from '@develit-io/backend-sdk';
-import { g as getCredentialsByAccountId, i as initiateConnector, u as updatePaymentCommand, c as createPaymentCommand, a as updateAccountLastSyncCommand } from '../shared/bank.CXUMEJH4.mjs';
-import { eq, inArray } from 'drizzle-orm';
+import { i as importAesKey, g as getCredentialsByAccountId, a as initiateConnector, c as createPaymentCommand } from '../shared/bank.BvUtf1S3.mjs';
+import { eq } from 'drizzle-orm';
 import 'drizzle-orm/sqlite-core';
 import 'date-fns';
-import '@develit-io/general-codes';
-import 'zod';
 import 'jose';
+import '@develit-io/general-codes';
 import 'drizzle-zod';
 import 'drizzle-orm/relations';
-import '../shared/bank.CjZRgRoJ.mjs';
+import '../shared/bank.DKtu6cfY.mjs';
 
-const getAccountByIdQuery = async (db, { accountId }) => {
-  return await db.select().from(tables.account).where(eq(tables.account.id, accountId)).get();
+const updateAccountLastSyncCommand = (db, {
+  lastSyncAt,
+  accountId,
+  lastSyncMetadata
+}) => {
+  const command = db.update(tables.account).set({
+    lastSyncAt,
+    lastSyncMetadata
+  }).where(eq(tables.account.id, accountId)).returning();
+  return {
+    command
+  };
 };
 
-const getPaymentsByBankRefIdsQuery = async (db, { ids }) => {
-  return await db.select().from(tables.payment).where(inArray(tables.payment.bankRefId, ids));
+const getAccountByIdQuery = async (db, { accountId }) => {
+  return await db.select().from(tables.account).where(eq(tables.account.id, accountId)).get();
 };
 
 function pushToQueue(queue, message) {
@@ -36,6 +45,7 @@ class SyncAccountPaymentsWorkflow extends WorkflowEntrypoint {
     const { accountId } = event.payload;
     const db = drizzle(this.env.BANK_D1, { schema: tables });
     while (true) {
+      const now = /* @__PURE__ */ new Date();
       const account = await step.do("load account", async () => {
         const account2 = await getAccountByIdQuery(db, { accountId });
         if (!account2) {
@@ -43,21 +53,10 @@ class SyncAccountPaymentsWorkflow extends WorkflowEntrypoint {
         }
         return account2;
       });
-      if (!account.lastSyncedAt) {
+      if (!account.lastSyncAt) {
         throw new Error(`lastSyncedAt is not set for account: ${accountId}`);
       }
-      const credentials = await step.do(
-        "load account credentials",
-        async () => {
-          const credentials2 = await getCredentialsByAccountId(db, { accountId });
-          if (!credentials2) {
-            throw new NonRetryableError(
-              `No credentials found for account: ${accountId}`
-            );
-          }
-          return credentials2;
-        }
-      );
+      //! ### This step is currently inside the fetch payments step with retries due to cf workflows output logs (until they allow hiding sensitive data) <-----
       const payments = await step.do(
         "fetch bank payments",
         {
@@ -65,6 +64,22 @@ class SyncAccountPaymentsWorkflow extends WorkflowEntrypoint {
           timeout: "30 seconds"
         },
         async () => {
+          const encryptionKey = await importAesKey(this.env.ENCRYPTION_KEY);
+          const credentials = await getCredentialsByAccountId(
+            db,
+            encryptionKey,
+            { accountId }
+          );
+          if (!credentials) {
+            throw new NonRetryableError(
+              `No credentials found for account: ${accountId}`
+            );
+          }
+          if (credentials.expiresAt < /* @__PURE__ */ new Date()) {
+            throw new NonRetryableError(
+              `Credentials have expired for account: ${accountId}`
+            );
+          }
           const connector = initiateConnector({
             env: this.env,
             bank: account.connectorKey,
@@ -80,84 +95,67 @@ class SyncAccountPaymentsWorkflow extends WorkflowEntrypoint {
             environment: this.env.ENVIRONMENT,
             db,
             account,
-            filter: { dateFrom: account.lastSyncedAt }
+            filter: { dateFrom: account.lastSyncAt }
           });
         }
       );
-      if (payments.length) {
-        const bankRefIds = payments.map((payment) => payment.parsed.bankRefId).filter(Boolean);
-        const existing = await step.do("load existing payments", async () => {
-          return await getPaymentsByBankRefIdsQuery(db, {
-            ids: bankRefIds
-          });
-        });
-        const paymentsToUpdate = payments.filter(
-          (p) => existing.some((e) => e.bankRefId === p.parsed.bankRefId)
-        );
-        const paymentsToCreate = payments.filter(
-          (p) => !existing.some((e) => e.bankRefId === p.parsed.bankRefId)
+      const paymentsToProcess = payments.filter(
+        (p) => p.parsed.status === "COMPLETED" || p.parsed.status === "FAILED"
+      );
+      if (paymentsToProcess.length) {
+        const lastSyncBankRefIds = account.lastSyncMetadata?.lastSyncBankRefIds || [];
+        const paymentsToInsert = paymentsToProcess.filter(
+          (p) => !lastSyncBankRefIds.includes(p.parsed.bankRefId)
         );
-        await step.do("process payments and update lastSyncAt", async () => {
-          const eventsToEmit = [];
-          const updateCommands = paymentsToUpdate.map(
-            (p) => updatePaymentCommand(db, { payment: p.parsed }).command
-          );
-          eventsToEmit.push(
-            ...paymentsToUpdate.map((p) => ({
-              eventType: "BANK_PAYMENT",
-              eventSignal: "paymentUpdated",
-              bankPayment: p.parsed,
-              metadata: {
-                correlationId: p.parsed.correlationId,
-                entityId: p.parsed.id,
-                idempotencySuffix: p.parsed.status,
-                timestamp: (/* @__PURE__ */ new Date()).toDateString()
-              }
-            }))
-          );
-          const createCommands = paymentsToCreate.map(
-            (p) => createPaymentCommand(db, { payment: p.parsed }).command
-          );
-          eventsToEmit.push(
-            ...paymentsToCreate.map((p) => ({
-              eventType: "BANK_PAYMENT",
-              eventSignal: "paymentCreated",
-              bankPayment: p.parsed,
-              metadata: {
-                correlationId: p.parsed.correlationId,
-                entityId: p.parsed.id,
-                timestamp: (/* @__PURE__ */ new Date()).toDateString()
-              }
-            }))
-          );
-          const latest = payments.reduce((current, p) => {
-            return new Date(p.parsed.processedAt).getTime() > new Date(current.parsed.processedAt).getTime() ? p : current;
-          }, payments[0]);
-          const updateLastSyncCommand = updateAccountLastSyncCommand(db, {
-            accountId: account.id,
-            lastSyncedAt: latest.parsed.processedAt
-          }).command;
-          if (eventsToEmit.length) {
-            await db.batch(
-              asNonEmpty([
-                updateLastSyncCommand,
-                ...updateCommands,
-                ...createCommands
-              ])
+        await step.do(
+          "process new payments and update lastSyncAt",
+          async () => {
+            const eventsToEmit = [];
+            const createCommands = paymentsToInsert.map(
+              (p) => createPaymentCommand(db, { payment: p.parsed }).command
             );
-            await pushToQueue(
-              this.env.QUEUE_BUS_QUEUE,
-              eventsToEmit
+            eventsToEmit.push(
+              ...paymentsToInsert.map((p) => ({
+                eventType: "BANK_PAYMENT",
+                eventSignal: "paymentCreated",
+                bankPayment: p.parsed,
+                metadata: {
+                  correlationId: p.parsed.correlationId,
+                  entityId: p.parsed.id,
+                  timestamp: (/* @__PURE__ */ new Date()).toDateString()
+                }
+              }))
             );
+            const lastSyncMetadata = {
+              payments: payments.length,
+              paymentsToProcess: paymentsToProcess.length,
+              paymentsInserted: paymentsToInsert.length,
+              lastSyncBankRefIds: paymentsToProcess.map(
+                (p) => p.parsed.bankRefId
+              ),
+              lastSyncPayments: lastSyncBankRefIds.length,
+              eventsEmitted: eventsToEmit.length
+            };
+            const updateLastSyncCommand = updateAccountLastSyncCommand(db, {
+              accountId: account.id,
+              lastSyncAt: now,
+              lastSyncMetadata
+            }).command;
+            if (eventsToEmit.length) {
+              await db.batch(
+                asNonEmpty([updateLastSyncCommand, ...createCommands])
+              );
+              await pushToQueue(
+                this.env.QUEUE_BUS_QUEUE,
+                eventsToEmit
+              );
+            }
+            return {
+              ...lastSyncMetadata,
+              newLastSyncAt: now
+            };
           }
-          return {
-            payments: payments.length,
-            updated: paymentsToUpdate.length,
-            created: paymentsToCreate.length,
-            eventsEmitted: eventsToEmit.length,
-            lastSyncedAt: latest?.parsed?.createdAt
-          };
-        });
+        );
       }
       await step.sleep(
         "Sleep for next sync",

package/dist/export/wrangler.cjs

@@ -11,6 +11,7 @@ function defineBankServiceWrangler(config) {
     }),
     vars: {
       // Secrets
+      ENCRYPTION_KEY: "[SECRET]",
       FINBRICKS_PRIVATE_KEY_PEM: "[SECRET]",
       ERSTE_API_KEY: "[SECRET]",
       ERSTE_CLIENT_SECRET: "[SECRET]",

package/dist/export/wrangler.d.cts

@@ -13,6 +13,7 @@ declare function defineBankServiceWrangler(config: BankServiceWranglerConfig): {
         CRON_PAYMENTS_PROCESSING: string;
         BANK_AUTH_RECIPIENT: string;
         REDIRECT_URI: string;
+        ENCRYPTION_KEY: string;
         FINBRICKS_PRIVATE_KEY_PEM: string;
         ERSTE_API_KEY: string;
         ERSTE_CLIENT_SECRET: string;

package/dist/export/wrangler.d.mts

@@ -13,6 +13,7 @@ declare function defineBankServiceWrangler(config: BankServiceWranglerConfig): {
         CRON_PAYMENTS_PROCESSING: string;
         BANK_AUTH_RECIPIENT: string;
         REDIRECT_URI: string;
+        ENCRYPTION_KEY: string;
         FINBRICKS_PRIVATE_KEY_PEM: string;
         ERSTE_API_KEY: string;
         ERSTE_CLIENT_SECRET: string;

package/dist/export/wrangler.d.ts

@@ -13,6 +13,7 @@ declare function defineBankServiceWrangler(config: BankServiceWranglerConfig): {
         CRON_PAYMENTS_PROCESSING: string;
         BANK_AUTH_RECIPIENT: string;
         REDIRECT_URI: string;
+        ENCRYPTION_KEY: string;
         FINBRICKS_PRIVATE_KEY_PEM: string;
         ERSTE_API_KEY: string;
         ERSTE_CLIENT_SECRET: string;

package/dist/export/wrangler.mjs

@@ -9,6 +9,7 @@ function defineBankServiceWrangler(config) {
     }),
     vars: {
       // Secrets
+      ENCRYPTION_KEY: "[SECRET]",
       FINBRICKS_PRIVATE_KEY_PEM: "[SECRET]",
       ERSTE_API_KEY: "[SECRET]",
       ERSTE_CLIENT_SECRET: "[SECRET]",

package/dist/shared/{bank.CXUMEJH4.mjs → bank.BvUtf1S3.mjs}

@@ -1,8 +1,9 @@
-import { t as tables, F as FinbricksConnector, M as MockConnector, E as ErsteConnector } from './bank.B0uSWeRe.mjs';
+import { t as tables, F as FinbricksConnector, M as MockConnector, E as ErsteConnector } from './bank.DXn9jD0Q.mjs';
+import '@develit-io/backend-sdk';
 import { eq } from 'drizzle-orm';
-import { M as MockCobsConnector } from './bank.CjZRgRoJ.mjs';
 import 'jose';
 import '@develit-io/general-codes';
+import { M as MockCobsConnector } from './bank.DKtu6cfY.mjs';
 
 const createPaymentCommand = (db, { payment }) => {
   return {
@@ -14,24 +15,12 @@ const createPaymentCommand = (db, { payment }) => {
   };
 };
 
-const updatePaymentCommand = (db, { payment }) => {
-  return {
-    command: db.update(tables.payment).set(payment).where(eq(tables.payment.id, payment.id)).returning()
-  };
-};
-
-const updateAccountLastSyncCommand = (db, { lastSyncedAt, accountId }) => {
-  const command = db.update(tables.account).set({
-    lastSyncedAt
-  }).where(eq(tables.account.id, accountId)).returning();
-  return {
-    command
-  };
-};
-
-const getCredentialsByAccountId = async (db, { accountId }) => {
+const getCredentialsByAccountId = async (db, encryptionKey, { accountId }) => {
   const cred = await db.select().from(tables.accountCredentials).where(eq(tables.accountCredentials.accountId, accountId)).get();
-  return cred;
+  return cred ? {
+    ...cred,
+    value: await decrypt(cred.value, encryptionKey)
+  } : void 0;
 };
 
 class CreditasConnector extends FinbricksConnector {
@@ -106,4 +95,36 @@ const initiateConnector = ({
   }
 };
 
-export { updateAccountLastSyncCommand as a, createPaymentCommand as c, getCredentialsByAccountId as g, initiateConnector as i, updatePaymentCommand as u };
+async function importAesKey(base64Key) {
+  const raw = Uint8Array.from(atob(base64Key), (c) => c.charCodeAt(0));
+  return await crypto.subtle.importKey("raw", raw, { name: "AES-GCM" }, false, [
+    "encrypt",
+    "decrypt"
+  ]);
+}
+async function encrypt(value, key) {
+  const encoder = new TextEncoder();
+  const iv = crypto.getRandomValues(new Uint8Array(12));
+  const ciphertext = await crypto.subtle.encrypt(
+    { name: "AES-GCM", iv },
+    key,
+    encoder.encode(value)
+  );
+  const combined = new Uint8Array(iv.length + ciphertext.byteLength);
+  combined.set(iv, 0);
+  combined.set(new Uint8Array(ciphertext), iv.length);
+  return btoa(String.fromCharCode(...combined));
+}
+async function decrypt(base64, key) {
+  const raw = Uint8Array.from(atob(base64), (c) => c.charCodeAt(0));
+  const iv = raw.slice(0, 12);
+  const ciphertext = raw.slice(12);
+  const decrypted = await crypto.subtle.decrypt(
+    { name: "AES-GCM", iv },
+    key,
+    ciphertext
+  );
+  return new TextDecoder().decode(decrypted);
+}
+
+export { initiateConnector as a, createPaymentCommand as c, encrypt as e, getCredentialsByAccountId as g, importAesKey as i };