@genvoris/node 1.0.0 → 1.0.1

package/LICENSE

@@ -1,21 +1,21 @@
-MIT License
-
-Copyright (c) 2025 Genvoris
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+MIT License
+
+Copyright (c) 2025 Genvoris
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,132 +1,132 @@
-# @genvoris/node
-
-Official Node.js SDK for the [Genvoris Virtual Try-On API](https://docs.genvoris.org).
-
-## Requirements
-
-Node.js **18** or higher (uses native `fetch`).
-
-## Installation
-
-```bash
-npm install @genvoris/node
-```
-
-## Quick start
-
-```ts
-import Genvoris from '@genvoris/node';
-
-const gv = new Genvoris({ apiKey: process.env.GENVORIS_API_KEY! });
-
-// Create a customer
-const customer = await gv.customers.create({
-  externalId: 'user_42',
-  email: 'shopper@example.com',
-  planId: 'pln_xxxxxxxx',
-});
-
-// Mint a session token for the widget
-const session = await gv.sessions.mint({ customerId: customer.id });
-// → pass session.token to your frontend
-```
-
-## Resources
-
-### Customers
-
-```ts
-await gv.customers.create({ externalId, email?, planId?, metadata? })
-await gv.customers.retrieve(id)
-await gv.customers.update(id, { email?, planId?, status?, resetPeriod? })
-await gv.customers.list({ status?, limit?, cursor? })
-await gv.customers.cancel(id)
-await gv.customers.usage(id)
-await gv.customers.sessions(id)
-```
-
-### Plans
-
-```ts
-await gv.plans.list({ include_inactive? })
-await gv.plans.create({ name, monthlyTryOns, externalPriceId?, active? })
-await gv.plans.retrieve(id)
-await gv.plans.update(id, { name?, monthlyTryOns?, active? })
-await gv.plans.archive(id)
-```
-
-### Sessions
-
-```ts
-await gv.sessions.mint({ customerId, ttlSeconds? })
-```
-
-### Webhooks
-
-```ts
-await gv.webhooks.list()
-await gv.webhooks.create({ url, secret, events })
-await gv.webhooks.test(id)
-await gv.webhooks.delete(id)
-```
-
-## Webhook verification
-
-```ts
-import { WebhooksResource } from '@genvoris/node';
-
-// In your Express / Next.js handler — pass the raw body, not parsed JSON
-const event = WebhooksResource.verify({
-  payload: req.body,
-  header: req.header('x-genvoris-signature') ?? '',
-  secret: process.env.GENVORIS_WEBHOOK_SECRET!,
-});
-
-console.log(event.type, event.data);
-```
-
-The signature format is `t=<unix>,v1=<hex>`. The signed string is `${timestamp}.${rawBody}` using HMAC-SHA256. Verification uses `crypto.timingSafeEqual`.
-
-## Error handling
-
-```ts
-import {
-  GenvorisAPIError,
-  GenvorisAuthError,
-  GenvorisRateLimitError,
-  GenvorisValidationError,
-} from '@genvoris/node';
-
-try {
-  await gv.customers.retrieve('cus_missing');
-} catch (err) {
-  if (err instanceof GenvorisAuthError) {
-    // 401 / 403 — bad or revoked key
-  } else if (err instanceof GenvorisRateLimitError) {
-    console.log(`retry after ${err.retryAfterSeconds}s`);
-  } else if (err instanceof GenvorisValidationError) {
-    console.error(err.fieldErrors);
-  } else if (err instanceof GenvorisAPIError) {
-    console.error(err.status, err.code, err.requestId);
-  }
-}
-```
-
-The client automatically retries `429`, `502`, `503`, and `504` responses using exponential backoff with jitter (`min(2^n × 250 ms, 8 000 ms)`), up to `maxRetries` (default: 3).
-
-## Configuration
-
-```ts
-const gv = new Genvoris({
-  apiKey: 'gvk_live_...',
-  baseUrl: 'https://genvoris.org/api/v1', // default
-  timeoutMs: 30_000,                       // default 30 s
-  maxRetries: 3,                           // default 3
-  defaultHeaders: { 'X-My-Header': 'val' },
-  fetch: customFetch,                      // bring-your-own fetch
-});
-```
-
-## License
-
-MIT — see [LICENSE](./LICENSE).
+# @genvoris/node
+
+Official Node.js SDK for the [Genvoris Virtual Try-On API](https://docs.genvoris.org).
+
+## Requirements
+
+Node.js **18** or higher (uses native `fetch`).
+
+## Installation
+
+```bash
+npm install @genvoris/node
+```
+
+## Quick start
+
+```ts
+import Genvoris from '@genvoris/node';
+
+const gv = new Genvoris({ apiKey: process.env.GENVORIS_API_KEY! });
+
+// Create a customer
+const customer = await gv.customers.create({
+  externalId: 'user_42',
+  email: 'shopper@example.com',
+  planId: 'pln_xxxxxxxx',
+});
+
+// Mint a session token for the widget
+const session = await gv.sessions.mint({ customerId: customer.id });
+// → pass session.token to your frontend
+```
+
+## Resources
+
+### Customers
+
+```ts
+await gv.customers.create({ externalId, email?, planId?, metadata? })
+await gv.customers.retrieve(id)
+await gv.customers.update(id, { email?, planId?, status?, resetPeriod? })
+await gv.customers.list({ status?, limit?, cursor? })
+await gv.customers.cancel(id)
+await gv.customers.usage(id)
+await gv.customers.sessions(id)
+```
+
+### Plans
+
+```ts
+await gv.plans.list({ include_inactive? })
+await gv.plans.create({ name, monthlyTryOns, externalPriceId?, active? })
+await gv.plans.retrieve(id)
+await gv.plans.update(id, { name?, monthlyTryOns?, active? })
+await gv.plans.archive(id)
+```
+
+### Sessions
+
+```ts
+await gv.sessions.mint({ customerId, ttlSeconds? })
+```
+
+### Webhooks
+
+```ts
+await gv.webhooks.list()
+await gv.webhooks.create({ url, secret, events })
+await gv.webhooks.test(id)
+await gv.webhooks.delete(id)
+```
+
+## Webhook verification
+
+```ts
+import { WebhooksResource } from '@genvoris/node';
+
+// In your Express / Next.js handler — pass the raw body, not parsed JSON
+const event = WebhooksResource.verify({
+  payload: req.body,
+  header: req.header('x-genvoris-signature') ?? '',
+  secret: process.env.GENVORIS_WEBHOOK_SECRET!,
+});
+
+console.log(event.type, event.data);
+```
+
+The signature format is `t=<unix>,v1=<hex>`. The signed string is `${timestamp}.${rawBody}` using HMAC-SHA256. Verification uses `crypto.timingSafeEqual`.
+
+## Error handling
+
+```ts
+import {
+  GenvorisAPIError,
+  GenvorisAuthError,
+  GenvorisRateLimitError,
+  GenvorisValidationError,
+} from '@genvoris/node';
+
+try {
+  await gv.customers.retrieve('cus_missing');
+} catch (err) {
+  if (err instanceof GenvorisAuthError) {
+    // 401 / 403 — bad or revoked key
+  } else if (err instanceof GenvorisRateLimitError) {
+    console.log(`retry after ${err.retryAfterSeconds}s`);
+  } else if (err instanceof GenvorisValidationError) {
+    console.error(err.fieldErrors);
+  } else if (err instanceof GenvorisAPIError) {
+    console.error(err.status, err.code, err.requestId);
+  }
+}
+```
+
+The client automatically retries `429`, `502`, `503`, and `504` responses using exponential backoff with jitter (`min(2^n × 250 ms, 8 000 ms)`), up to `maxRetries` (default: 3).
+
+## Configuration
+
+```ts
+const gv = new Genvoris({
+  apiKey: 'gvk_live_...',
+  baseUrl: 'https://genvoris.org/api/v1', // default
+  timeoutMs: 30_000,                       // default 30 s
+  maxRetries: 3,                           // default 3
+  defaultHeaders: { 'X-My-Header': 'val' },
+  fetch: customFetch,                      // bring-your-own fetch
+});
+```
+
+## License
+
+MIT — see [LICENSE](./LICENSE).

package/dist/index.d.mts

@@ -161,6 +161,12 @@ interface SessionMintParams {
     /** JWT lifetime in seconds. Default: 900 (15 min). */
     ttlSeconds?: number;
 }
+interface SessionRevokeParams {
+    /** Genvoris customer ID or your `externalId`. */
+    customerId: string;
+    /** The `jti` claim of the session token to revoke. */
+    jti: string;
+}
 interface MintedSession {
     token: string;
     token_type: 'Bearer';
@@ -176,6 +182,10 @@ interface MintedSession {
         period_end: string | null;
     };
 }
+interface RevokedSession {
+    jti: string;
+    revoked: true;
+}
 declare class SessionsResource {
     private readonly config;
     constructor(config: GenvorisConfig);
@@ -186,6 +196,14 @@ declare class SessionsResource {
      * Genvoris widget — never exposed in client-side code directly.
      */
     mint({ customerId, ttlSeconds }: SessionMintParams): Promise<MintedSession>;
+    /**
+     * Revoke a previously minted session token by its `jti` claim.
+     *
+     * Use this on end-customer logout or when a token is suspected
+     * compromised. The token is rejected immediately even though its
+     * signature and expiry are otherwise still valid. Idempotent.
+     */
+    revoke({ customerId, jti }: SessionRevokeParams): Promise<RevokedSession>;
 }
 
 interface WebhookCreateParams {

package/dist/index.d.ts

@@ -161,6 +161,12 @@ interface SessionMintParams {
     /** JWT lifetime in seconds. Default: 900 (15 min). */
     ttlSeconds?: number;
 }
+interface SessionRevokeParams {
+    /** Genvoris customer ID or your `externalId`. */
+    customerId: string;
+    /** The `jti` claim of the session token to revoke. */
+    jti: string;
+}
 interface MintedSession {
     token: string;
     token_type: 'Bearer';
@@ -176,6 +182,10 @@ interface MintedSession {
         period_end: string | null;
     };
 }
+interface RevokedSession {
+    jti: string;
+    revoked: true;
+}
 declare class SessionsResource {
     private readonly config;
     constructor(config: GenvorisConfig);
@@ -186,6 +196,14 @@ declare class SessionsResource {
      * Genvoris widget — never exposed in client-side code directly.
      */
     mint({ customerId, ttlSeconds }: SessionMintParams): Promise<MintedSession>;
+    /**
+     * Revoke a previously minted session token by its `jti` claim.
+     *
+     * Use this on end-customer logout or when a token is suspected
+     * compromised. The token is rejected immediately even though its
+     * signature and expiry are otherwise still valid. Idempotent.
+     */
+    revoke({ customerId, jti }: SessionRevokeParams): Promise<RevokedSession>;
 }
 
 interface WebhookCreateParams {

package/dist/index.js

@@ -69,7 +69,7 @@ function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 async function request(config, path, opts = {}, attempt = 0) {
-  const { method = "GET", body, query } = opts;
+  const { method = "GET", body, query, contentType } = opts;
   const fetchFn = config.fetch ?? globalThis.fetch;
   const baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
   let url = `${baseUrl}${path}`;
@@ -88,20 +88,33 @@ async function request(config, path, opts = {}, attempt = 0) {
   );
   let res;
   try {
+    const headers = {
+      Authorization: `Bearer ${config.apiKey}`,
+      "User-Agent": `genvoris-node/${SDK_VERSION}`,
+      Accept: "application/json",
+      ...config.defaultHeaders
+    };
+    if (body !== void 0 || contentType) {
+      headers["Content-Type"] = contentType ?? "application/json";
+    }
     res = await fetchFn(url, {
       method,
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "User-Agent": `genvoris-node/${SDK_VERSION}`,
-        ...config.defaultHeaders
-      },
+      headers,
       body: body !== void 0 ? JSON.stringify(body) : void 0,
       signal: controller.signal
     });
-  } finally {
+  } catch (err) {
     clearTimeout(timerId);
+    if (attempt < (config.maxRetries ?? 3)) {
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
+      await sleep(delay);
+      return request(config, path, opts, attempt + 1);
+    }
+    throw err;
   }
+  clearTimeout(timerId);
   if (res.ok) {
     if (res.status === 204) return void 0;
     return res.json();
@@ -112,13 +125,14 @@ async function request(config, path, opts = {}, attempt = 0) {
     errBody = await res.json();
   } catch {
   }
-  const code = errBody.error ?? "unknown_error";
-  const message = errBody.message ?? code;
+  const code = errBody.error || "unknown_error";
+  const message = errBody.message || code;
   if (RETRY_STATUSES.has(res.status)) {
     const maxRetries = config.maxRetries ?? 3;
     if (attempt < maxRetries) {
-      const base = Math.min(Math.pow(2, attempt) * 250, MAX_DELAY_MS);
-      const delay = Math.random() * base;
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
       await sleep(delay);
       return request(config, path, opts, attempt + 1);
     }
@@ -262,12 +276,29 @@ var SessionsResource = class {
       }
     );
   }
+  /**
+   * Revoke a previously minted session token by its `jti` claim.
+   *
+   * Use this on end-customer logout or when a token is suspected
+   * compromised. The token is rejected immediately even though its
+   * signature and expiry are otherwise still valid. Idempotent.
+   */
+  revoke({ customerId, jti }) {
+    return request(
+      this.config,
+      `/customers/${encodeURIComponent(customerId)}/sessions/${encodeURIComponent(jti)}`,
+      { method: "DELETE" }
+    );
+  }
 };
 
 // src/resources/webhooks.ts
 var import_node_crypto = require("crypto");
 function hexToBytes(hex) {
   if (hex.length % 2 !== 0) throw new Error("genvoris: invalid hex string");
+  if (!/^[a-f0-9]+$/i.test(hex)) {
+    throw new Error("genvoris: invalid hex string \u2014 non-hex characters");
+  }
   const bytes = new Uint8Array(hex.length / 2);
   for (let i = 0; i < bytes.length; i++) {
     bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);

package/dist/index.mjs

@@ -38,7 +38,7 @@ function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 async function request(config, path, opts = {}, attempt = 0) {
-  const { method = "GET", body, query } = opts;
+  const { method = "GET", body, query, contentType } = opts;
   const fetchFn = config.fetch ?? globalThis.fetch;
   const baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/$/, "");
   let url = `${baseUrl}${path}`;
@@ -57,20 +57,33 @@ async function request(config, path, opts = {}, attempt = 0) {
   );
   let res;
   try {
+    const headers = {
+      Authorization: `Bearer ${config.apiKey}`,
+      "User-Agent": `genvoris-node/${SDK_VERSION}`,
+      Accept: "application/json",
+      ...config.defaultHeaders
+    };
+    if (body !== void 0 || contentType) {
+      headers["Content-Type"] = contentType ?? "application/json";
+    }
     res = await fetchFn(url, {
       method,
-      headers: {
-        Authorization: `Bearer ${config.apiKey}`,
-        "Content-Type": "application/json",
-        "User-Agent": `genvoris-node/${SDK_VERSION}`,
-        ...config.defaultHeaders
-      },
+      headers,
       body: body !== void 0 ? JSON.stringify(body) : void 0,
       signal: controller.signal
     });
-  } finally {
+  } catch (err) {
     clearTimeout(timerId);
+    if (attempt < (config.maxRetries ?? 3)) {
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
+      await sleep(delay);
+      return request(config, path, opts, attempt + 1);
+    }
+    throw err;
   }
+  clearTimeout(timerId);
   if (res.ok) {
     if (res.status === 204) return void 0;
     return res.json();
@@ -81,13 +94,14 @@ async function request(config, path, opts = {}, attempt = 0) {
     errBody = await res.json();
   } catch {
   }
-  const code = errBody.error ?? "unknown_error";
-  const message = errBody.message ?? code;
+  const code = errBody.error || "unknown_error";
+  const message = errBody.message || code;
   if (RETRY_STATUSES.has(res.status)) {
     const maxRetries = config.maxRetries ?? 3;
     if (attempt < maxRetries) {
-      const base = Math.min(Math.pow(2, attempt) * 250, MAX_DELAY_MS);
-      const delay = Math.random() * base;
+      const target = Math.pow(2, attempt) * 250;
+      const jittered = target * (0.7 + Math.random() * 0.6);
+      const delay = Math.min(jittered, MAX_DELAY_MS);
       await sleep(delay);
       return request(config, path, opts, attempt + 1);
     }
@@ -231,12 +245,29 @@ var SessionsResource = class {
       }
     );
   }
+  /**
+   * Revoke a previously minted session token by its `jti` claim.
+   *
+   * Use this on end-customer logout or when a token is suspected
+   * compromised. The token is rejected immediately even though its
+   * signature and expiry are otherwise still valid. Idempotent.
+   */
+  revoke({ customerId, jti }) {
+    return request(
+      this.config,
+      `/customers/${encodeURIComponent(customerId)}/sessions/${encodeURIComponent(jti)}`,
+      { method: "DELETE" }
+    );
+  }
 };
 
 // src/resources/webhooks.ts
 import { createHmac, timingSafeEqual } from "crypto";
 function hexToBytes(hex) {
   if (hex.length % 2 !== 0) throw new Error("genvoris: invalid hex string");
+  if (!/^[a-f0-9]+$/i.test(hex)) {
+    throw new Error("genvoris: invalid hex string \u2014 non-hex characters");
+  }
   const bytes = new Uint8Array(hex.length / 2);
   for (let i = 0; i < bytes.length; i++) {
     bytes[i] = parseInt(hex.slice(i * 2, i * 2 + 2), 16);

package/package.json

@@ -1,52 +1,55 @@
-{
-  "name": "@genvoris/node",
-  "version": "1.0.0",
-  "description": "Official Node.js SDK for the Genvoris Virtual Try-On API",
-  "main": "./dist/index.js",
-  "module": "./dist/index.mjs",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.mjs",
-      "require": "./dist/index.js"
-    }
-  },
-  "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
-    "prepublishOnly": "npm run build"
-  },
-  "files": [
-    "dist",
-    "README.md",
-    "LICENSE"
-  ],
-  "engines": {
-    "node": ">=18"
-  },
-  "license": "MIT",
-  "publishConfig": {
-    "access": "public"
-  },
-  "keywords": [
-    "genvoris",
-    "virtual-try-on",
-    "vton",
-    "ecommerce",
-    "fashion",
-    "ai"
-  ],
-  "repository": {
-    "type": "git",
-    "url": "https://github.com/DevSajjadAli/genvoris-node"
-  },
-  "homepage": "https://docs.genvoris.org",
-  "bugs": {
-    "url": "https://github.com/DevSajjadAli/genvoris-node/issues",
-    "email": "support@genvoris.org"
-  },
-  "devDependencies": {
-    "typescript": "^5.4.5",
-    "tsup": "^8.0.2"
-  }
-}
+{
+  "name": "@genvoris/node",
+  "version": "1.0.1",
+  "description": "Official Node.js SDK for the Genvoris Virtual Try-On API",
+  "main": "./dist/index.js",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean",
+    "pretest": "npm run build",
+    "test": "node --test",
+    "prepublishOnly": "npm run build"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "genvoris",
+    "virtual-try-on",
+    "vton",
+    "ecommerce",
+    "fashion",
+    "ai"
+  ],
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DevSajjadAli/genvoris-node"
+  },
+  "homepage": "https://docs.genvoris.org",
+  "bugs": {
+    "url": "https://github.com/DevSajjadAli/genvoris-node/issues",
+    "email": "support@genvoris.org"
+  },
+  "devDependencies": {
+    "@types/node": ">=18",
+    "typescript": "^5.4.5",
+    "tsup": "^8.0.2"
+  }
+}