npm - @devizovaburza/payments-api-sdk - Versions diffs - 1.1.0 - Mend

@devizovaburza/payments-api-sdk 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,88 @@
+# Payments API SDK
+Type-safe SDK for integrating with the Payments API. Provides a pre-configured [Hono RPC client](https://hono.dev/docs/guides/rpc) and cryptographic helpers for request signing.
+## Installation
+```bash
+npm install @devizovaburza/payments-api-sdk
+# or
+yarn add @devizovaburza/payments-api-sdk
+```
+## Usage
+### API Client
+The SDK exports a type-safe client generated from the Payments API schema:
+```typescript
+import { createPartnerApiClient } from '@devizovaburza/payments-api-sdk/v1';
+const client = createPartnerApiClient('https://api.payments.devizovka.cz');
+// Authenticate
+const { accessToken } = await client.v1.auth.token.$post({
+  json: { email: '...', password: '...' },
+}).then(res => res.json());
+// Send a payment
+const payment = await client.v1.organizations[':id'].payments.$post({
+  param: { id: orgId },
+  json: { ... },
+  header: { 'x-idempotency-key': '...' },
+}).then(res => res.json());
+```
+### Type Inference
+You can infer request and response types from any endpoint using Hono's built-in helpers:
+```typescript
+import type { InferRequestType, InferResponseType } from 'hono/client';
+import { createPartnerApiClient } from '@devizovaburza/payments-api-sdk/v1';
+const client = createPartnerApiClient('https://api.payments.devizovka.cz');
+// Infer types from a specific endpoint
+type SendPaymentRequest = InferRequestType<typeof client.v1.organizations[':id'].payments.$post>;
+type SendPaymentResponse = InferResponseType<typeof client.v1.organizations[':id'].payments.$post>;
+// Use in your code
+async function sendPayment(orgId: string, body: SendPaymentRequest['json']) {
+  const res = await client.v1.organizations[':id'].payments.$post({
+    param: { id: orgId },
+    json: body,
+    header: { 'x-idempotency-key': crypto.randomUUID() },
+  });
+  const data: SendPaymentResponse = await res.json();
+  return data;
+}
+```
+### Sign Payload
+Signs a JSON payload using a base64-encoded RSA private key. Use this to generate the `X-Signature` header.
+```typescript
+import { signPayload } from '@devizovaburza/payments-api-sdk/v1';
+const signature = await signPayload({
+  payload: JSON.stringify({ amount: 1000 }),
+  privateKey: 'BASE64_ENCODED_PRIVATE_KEY',
+});
+```
+### Verify Payload Signature
+Verifies a signature using a base64-encoded RSA public key.
+```typescript
+import { verifyPayloadSignature } from '@devizovaburza/payments-api-sdk/v1';
+const isValid = await verifyPayloadSignature({
+  payload: JSON.stringify({ amount: 1000 }),
+  signature: 'GENERATED_SIGNATURE',
+  publicKey: 'BASE64_ENCODED_PUBLIC_KEY',
+});
+```

package/dist/v1/index.cjs ADDED Viewed

@@ -0,0 +1,376 @@
+'use strict';
+// src/utils/cookie.ts
+var _serialize = (name, value, opt = {}) => {
+  let cookie = `${name}=${value}`;
+  if (name.startsWith("__Secure-") && !opt.secure) {
+    throw new Error("__Secure- Cookie must have Secure attributes");
+  }
+  if (name.startsWith("__Host-")) {
+    if (!opt.secure) {
+      throw new Error("__Host- Cookie must have Secure attributes");
+    }
+    if (opt.path !== "/") {
+      throw new Error('__Host- Cookie must have Path attributes with "/"');
+    }
+    if (opt.domain) {
+      throw new Error("__Host- Cookie must not have Domain attributes");
+    }
+  }
+  if (opt && typeof opt.maxAge === "number" && opt.maxAge >= 0) {
+    if (opt.maxAge > 3456e4) {
+      throw new Error(
+        "Cookies Max-Age SHOULD NOT be greater than 400 days (34560000 seconds) in duration."
+      );
+    }
+    cookie += `; Max-Age=${opt.maxAge | 0}`;
+  }
+  if (opt.domain && opt.prefix !== "host") {
+    cookie += `; Domain=${opt.domain}`;
+  }
+  if (opt.path) {
+    cookie += `; Path=${opt.path}`;
+  }
+  if (opt.expires) {
+    if (opt.expires.getTime() - Date.now() > 3456e7) {
+      throw new Error(
+        "Cookies Expires SHOULD NOT be greater than 400 days (34560000 seconds) in the future."
+      );
+    }
+    cookie += `; Expires=${opt.expires.toUTCString()}`;
+  }
+  if (opt.httpOnly) {
+    cookie += "; HttpOnly";
+  }
+  if (opt.secure) {
+    cookie += "; Secure";
+  }
+  if (opt.sameSite) {
+    cookie += `; SameSite=${opt.sameSite.charAt(0).toUpperCase() + opt.sameSite.slice(1)}`;
+  }
+  if (opt.priority) {
+    cookie += `; Priority=${opt.priority.charAt(0).toUpperCase() + opt.priority.slice(1)}`;
+  }
+  if (opt.partitioned) {
+    if (!opt.secure) {
+      throw new Error("Partitioned Cookie must have Secure attributes");
+    }
+    cookie += "; Partitioned";
+  }
+  return cookie;
+};
+var serialize = (name, value, opt) => {
+  value = encodeURIComponent(value);
+  return _serialize(name, value, opt);
+};
+// src/client/utils.ts
+var mergePath = (base, path) => {
+  base = base.replace(/\/+$/, "");
+  base = base + "/";
+  path = path.replace(/^\/+/, "");
+  return base + path;
+};
+var replaceUrlParam = (urlString, params) => {
+  for (const [k, v] of Object.entries(params)) {
+    const reg = new RegExp("/:" + k + "(?:{[^/]+})?\\??");
+    urlString = urlString.replace(reg, v ? `/${v}` : "");
+  }
+  return urlString;
+};
+var buildSearchParams = (query) => {
+  const searchParams = new URLSearchParams();
+  for (const [k, v] of Object.entries(query)) {
+    if (v === void 0) {
+      continue;
+    }
+    if (Array.isArray(v)) {
+      for (const v2 of v) {
+        searchParams.append(k, v2);
+      }
+    } else {
+      searchParams.set(k, v);
+    }
+  }
+  return searchParams;
+};
+var replaceUrlProtocol = (urlString, protocol) => {
+  switch (protocol) {
+    case "ws":
+      return urlString.replace(/^http/, "ws");
+    case "http":
+      return urlString.replace(/^ws/, "http");
+  }
+};
+var removeIndexString = (urlString) => {
+  if (/^https?:\/\/[^\/]+?\/index(?=\?|$)/.test(urlString)) {
+    return urlString.replace(/\/index(?=\?|$)/, "/");
+  }
+  return urlString.replace(/\/index(?=\?|$)/, "");
+};
+function isObject(item) {
+  return typeof item === "object" && item !== null && !Array.isArray(item);
+}
+function deepMerge(target, source) {
+  if (!isObject(target) && !isObject(source)) {
+    return source;
+  }
+  const merged = { ...target };
+  for (const key in source) {
+    const value = source[key];
+    if (isObject(merged[key]) && isObject(value)) {
+      merged[key] = deepMerge(merged[key], value);
+    } else {
+      merged[key] = value;
+    }
+  }
+  return merged;
+}
+// src/client/client.ts
+var createProxy = (callback, path) => {
+  const proxy = new Proxy(() => {
+  }, {
+    get(_obj, key) {
+      if (typeof key !== "string" || key === "then") {
+        return void 0;
+      }
+      return createProxy(callback, [...path, key]);
+    },
+    apply(_1, _2, args) {
+      return callback({
+        path,
+        args
+      });
+    }
+  });
+  return proxy;
+};
+var ClientRequestImpl = class {
+  url;
+  method;
+  buildSearchParams;
+  queryParams = void 0;
+  pathParams = {};
+  rBody;
+  cType = void 0;
+  constructor(url, method, options) {
+    this.url = url;
+    this.method = method;
+    this.buildSearchParams = options.buildSearchParams;
+  }
+  fetch = async (args, opt) => {
+    if (args) {
+      if (args.query) {
+        this.queryParams = this.buildSearchParams(args.query);
+      }
+      if (args.form) {
+        const form = new FormData();
+        for (const [k, v] of Object.entries(args.form)) {
+          if (Array.isArray(v)) {
+            for (const v2 of v) {
+              form.append(k, v2);
+            }
+          } else {
+            form.append(k, v);
+          }
+        }
+        this.rBody = form;
+      }
+      if (args.json) {
+        this.rBody = JSON.stringify(args.json);
+        this.cType = "application/json";
+      }
+      if (args.param) {
+        this.pathParams = args.param;
+      }
+    }
+    let methodUpperCase = this.method.toUpperCase();
+    const headerValues = {
+      ...args?.header,
+      ...typeof opt?.headers === "function" ? await opt.headers() : opt?.headers
+    };
+    if (args?.cookie) {
+      const cookies = [];
+      for (const [key, value] of Object.entries(args.cookie)) {
+        cookies.push(serialize(key, value, { path: "/" }));
+      }
+      headerValues["Cookie"] = cookies.join(",");
+    }
+    if (this.cType) {
+      headerValues["Content-Type"] = this.cType;
+    }
+    const headers = new Headers(headerValues ?? void 0);
+    let url = this.url;
+    url = removeIndexString(url);
+    url = replaceUrlParam(url, this.pathParams);
+    if (this.queryParams) {
+      url = url + "?" + this.queryParams.toString();
+    }
+    methodUpperCase = this.method.toUpperCase();
+    const setBody = !(methodUpperCase === "GET" || methodUpperCase === "HEAD");
+    return (opt?.fetch || fetch)(url, {
+      body: setBody ? this.rBody : void 0,
+      method: methodUpperCase,
+      headers,
+      ...opt?.init
+    });
+  };
+};
+var hc = (baseUrl, options) => createProxy(function proxyCallback(opts) {
+  const buildSearchParamsOption = options?.buildSearchParams ?? buildSearchParams;
+  const parts = [...opts.path];
+  const lastParts = parts.slice(-3).reverse();
+  if (lastParts[0] === "toString") {
+    if (lastParts[1] === "name") {
+      return lastParts[2] || "";
+    }
+    return proxyCallback.toString();
+  }
+  if (lastParts[0] === "valueOf") {
+    if (lastParts[1] === "name") {
+      return lastParts[2] || "";
+    }
+    return proxyCallback;
+  }
+  let method = "";
+  if (/^\$/.test(lastParts[0])) {
+    const last = parts.pop();
+    if (last) {
+      method = last.replace(/^\$/, "");
+    }
+  }
+  const path = parts.join("/");
+  const url = mergePath(baseUrl, path);
+  if (method === "url") {
+    let result = url;
+    if (opts.args[0]) {
+      if (opts.args[0].param) {
+        result = replaceUrlParam(url, opts.args[0].param);
+      }
+      if (opts.args[0].query) {
+        result = result + "?" + buildSearchParamsOption(opts.args[0].query).toString();
+      }
+    }
+    result = removeIndexString(result);
+    return new URL(result);
+  }
+  if (method === "ws") {
+    const webSocketUrl = replaceUrlProtocol(
+      opts.args[0] && opts.args[0].param ? replaceUrlParam(url, opts.args[0].param) : url,
+      "ws"
+    );
+    const targetUrl = new URL(webSocketUrl);
+    const queryParams = opts.args[0]?.query;
+    if (queryParams) {
+      Object.entries(queryParams).forEach(([key, value]) => {
+        if (Array.isArray(value)) {
+          value.forEach((item) => targetUrl.searchParams.append(key, item));
+        } else {
+          targetUrl.searchParams.set(key, value);
+        }
+      });
+    }
+    const establishWebSocket = (...args) => {
+      if (options?.webSocket !== void 0 && typeof options.webSocket === "function") {
+        return options.webSocket(...args);
+      }
+      return new WebSocket(...args);
+    };
+    return establishWebSocket(targetUrl.toString());
+  }
+  const req = new ClientRequestImpl(url, method, {
+    buildSearchParams: buildSearchParamsOption
+  });
+  if (method) {
+    options ??= {};
+    const args = deepMerge(options, { ...opts.args[1] });
+    return req.fetch(opts.args[0], args);
+  }
+  return req;
+}, []);
+const createPartnerApiClient = (...args) => {
+  return hc(...args);
+};
+const signPayload = async ({
+  payload,
+  privateKey
+}) => {
+  const binaryPrivateKey = Uint8Array.from(
+    atob(privateKey),
+    (c) => c.charCodeAt(0)
+  );
+  const importedPrivateKey = await crypto.subtle.importKey(
+    "pkcs8",
+    binaryPrivateKey,
+    {
+      name: "RSASSA-PKCS1-v1_5",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const encodedPayload = new TextEncoder().encode(payload);
+  const signature = await crypto.subtle.sign(
+    {
+      name: "RSASSA-PKCS1-v1_5"
+    },
+    importedPrivateKey,
+    encodedPayload
+  );
+  const base64Signature = btoa(
+    String.fromCharCode(...new Uint8Array(signature))
+  );
+  return base64Signature;
+};
+const algParams = {
+  RSA: {
+    name: "RSASSA-PKCS1-v1_5",
+    hash: { name: "SHA-256" }
+  },
+  EC: {
+    name: "ECDSA",
+    namedCurve: "P-256"
+  },
+  HMAC: {
+    name: "HMAC",
+    hash: { name: "SHA-256" }
+  }
+};
+const verifyPayloadSignature = async ({
+  signature,
+  data,
+  publicKey,
+  algorithm = "RSA"
+}) => {
+  const binaryPublicKey = Uint8Array.from(
+    atob(publicKey),
+    (c) => c.charCodeAt(0)
+  );
+  const format = algorithm === "HMAC" ? "raw" : "spki";
+  const importedPublicKey = await crypto.subtle.importKey(
+    format,
+    binaryPublicKey,
+    algParams[algorithm],
+    false,
+    ["verify"]
+  );
+  const encodedPayload = new TextEncoder().encode(data);
+  const decodedSignature = Uint8Array.from(
+    atob(signature),
+    (c) => c.charCodeAt(0)
+  );
+  const isValid = await crypto.subtle.verify(
+    algParams[algorithm],
+    importedPublicKey,
+    decodedSignature,
+    encodedPayload
+  );
+  return isValid;
+};
+exports.createPartnerApiClient = createPartnerApiClient;
+exports.signPayload = signPayload;
+exports.verifyPayloadSignature = verifyPayloadSignature;