@henrylabs-interview/payment-processor 0.1.11 → 0.1.13

package/README.md

@@ -1,8 +1,15 @@
-# Henry Labs - Interview: Payment Processor
+# Henry Labs – Interview: Payment Processor
 
-A lightweight payments SDK for creating and confirming checkouts, with built-in webhook support.
+A lightweight payments SDK for creating and confirming checkouts, with built-in webhook support and an embeddable checkout UI.
 
-This SDK simulates a real-world payment processing system, including fraud detection, transient errors, retries, and asynchronous authorization flows.
+This SDK simulates a real-world payment processing system, including:
+
+- Fraud detection
+- Transient system errors
+- Retry scenarios
+- Asynchronous authorization flows
+
+It is designed to test robustness, error handling, and webhook integration.
 
 ---
 
@@ -20,35 +27,48 @@ bun run build
 
 ---
 
-## Overview
+# Overview
 
-The SDK provides three primary capabilities:
+The SDK provides:
 
-- Create a checkout
-- Confirm a checkout
-- Register webhook endpoints
+- Checkout creation
+- Checkout confirmation
+- Webhook endpoint registration
+- Embeddable checkout UI (frontend)
+- API key validation
 
-The system performs internal validation, fraud screening, and risk checks.
-Depending on system conditions, operations may:
+The system performs internal validation, fraud screening, and simulated load conditions.
+
+Operations may:
 
 - Succeed immediately
-- Succeed asynchronously
-- Require a retry
-- Fail due to risk controls
+- Resolve asynchronously
+- Require retries
+- Fail due to fraud controls
 - Fail due to temporary system overload
 
-Consumers should always handle both synchronous responses and webhook events.
-
 ---
 
-## Usage
+# Usage
 
-### Initialize
+---
+
+## Initialize (Backend)
 
 ```ts
-import { PaymentSDK } from 'henry-labs/take-home';
+import { PaymentProcessor } from 'henry-labs/take-home';
 
-const sdk = new PaymentSDK();
+const processor = new PaymentProcessor({
+	apiKey: ...,
+});
+```
+
+# Checkout API
+
+Available under:
+
+```ts
+processor.checkout;
 ```
 
 ---
@@ -56,96 +76,130 @@ const sdk = new PaymentSDK();
 ## Create a Checkout
 
 ```ts
-const response = await sdk.create({
+const response = await processor.checkout.create({
 	amount: 1000,
 	currency: 'USD',
 	customerId: 'cust_123',
 });
 ```
 
-### Behavior
+---
 
-Creating a checkout may:
+## Confirm a Checkout (Backend)
+
+```ts
+const response = await processor.checkout.confirm({
+	checkoutId: ...,
+	type: 'raw-card',
+	data: {
+		number: ...,
+		expMonth: XX,
+		expYear: XXXX,
+		cvc: XXX,
+	},
+});
+```
 
-- Return immediate approval
-- Return a pending authorization state
-- Return a retryable error
-- Return a fraud-related failure
-- Fail due to temporary internal errors
+# Embedded Checkout (Frontend)
 
-If the checkout is authorized asynchronously, the final outcome will be delivered via webhook.
+The SDK provides an optional embeddable checkout UI for collecting card details in the browser.
 
 ---
 
-## Confirm a Checkout
+## Initialize Embedded Checkout
 
 ```ts
-const response = await sdk.confirm({
-	checkoutId: '...',
-	type: 'raw-card',
-	data: {
-		number: '4242424242424242',
-		expMonth: 12,
-		expYear: 2030,
-		cvc: '123',
-	},
+import { EmbeddedCheckout } from 'henry-labs/take-home';
+
+const embedded = new EmbeddedCheckout({
+	checkoutId: 'chk_123',
 });
 ```
 
-### Behavior
+---
+
+## Render Embedded Checkout
+
+```ts
+embedded.render('checkout-container', (paymentToken) => {
+	console.log('Received payment token:', paymentToken);
 
-Confirmation requests are subject to:
+	// Send token to backend for confirmation
+});
+```
+
+### Parameters
+
+| Parameter            | Description                           |
+| -------------------- | ------------------------------------- |
+| `containerElementId` | ID of DOM element to render into      |
+| `callbackFn`         | Called with a generated payment token |
+
+### Behavior
 
-- Card validation
-- Fraud screening
-- Retry conditions
-- System load conditions
+- Renders a secure card collection UI
+- Collects card number, expiry, and CVC
+- Generates a payment token
+- Returns the token via callback
+- Token should be sent to your backend for confirmation
 
-Confirmations may resolve immediately or asynchronously.
-Webhook handling is required to receive final outcomes in deferred cases.
+The embedded checkout is intended for **browser environments only**.
 
 ---
 
-## Webhooks
+# Webhooks
 
-You can register webhook endpoints to receive event notifications.
+Available under:
 
 ```ts
-sdk.webhooks.createEndpoint({
+processor.webhooks;
+```
+
+---
+
+## Register Webhook Endpoint
+
+```ts
+processor.webhooks.createEndpoint({
 	url: 'https://example.com/webhooks',
 	event: 'checkout.confirm',
 	secret: 'whsec_...',
 });
 ```
 
-### Webhook Events
+---
 
-Events are emitted for:
+## Webhook Events
 
-- Checkout creation
-- Checkout confirmation
-- Success outcomes
-- Failure outcomes
+Events may be emitted for:
 
-Webhooks may be triggered for both synchronous and asynchronous results.
+- `checkout.create`
+- `checkout.confirm`
+- `checkout.success`
+- `checkout.failure`
 
-All webhook deliveries are signed if a secret is provided.
+Events are triggered for:
 
-Consumers are responsible for verifying signatures and handling retries idempotently.
+- Immediate outcomes
+- Asynchronous resolutions
+- Retry scenarios
 
 ---
 
-## Important Notes
+## Webhook Security
 
-- Not all operations resolve immediately.
-- Some failures are retryable.
-- The system may simulate temporary overload conditions.
-- Fraud checks may result in blocked transactions.
-- Consumers should implement robust retry and webhook handling logic.
+If a secret is provided:
+
+- Deliveries are signed
+- Consumers must verify signatures
+- Handlers must be idempotent
+
+Retries may occur if delivery fails.
 
 ---
 
-## Disclaimer
+# Disclaimer
 
 This SDK is intended for evaluation and sandbox purposes only.
-It does not process real payments.
+
+It does **not** process real payments and should not be used in production.

package/dist/index.d.ts

@@ -11,7 +11,7 @@ export declare class PaymentProcessor {
 export declare class EmbeddedCheckout {
     private checkoutId;
     constructor(config: {
-        checkoutId: string;
+        checkoutId: number;
     });
     /**
      * Renders the embedded checkout UI

package/dist/resources/checkout.d.ts

@@ -64,15 +64,6 @@ interface CheckoutConfirmFailure extends CheckoutConfirmGeneric {
     status: 'failure';
     substatus: '500-error' | '502-fraud' | '503-retry';
 }
-export declare const INTERNAL_CHECKOUTS: Record<string, {
-    historyRecordId: number;
-}>;
-export declare const INTERNAL_CARDS: Record<string, {
-    number: string;
-    expMonth: number;
-    expYear: number;
-    cvc: string;
-}>;
 export declare class Checkout {
     /**
      * Create a new checkout session

package/dist/resources/checkout.js

@@ -1,11 +1,9 @@
 import { readHistory, writeHistory } from '../utils/store';
-import { generateID, hashToNumber, signPayload } from '../utils/crypto';
+import { generateID, generateTimeBasedID, hashToNumber, signPayload } from '../utils/crypto';
 import { INTERNAL_WEBHOOKS } from './webhooks';
 import { sleep } from '../utils/async';
 // checkoutId -> { historyRecordId }
-export const INTERNAL_CHECKOUTS = {};
-// paymentToken -> card details
-export const INTERNAL_CARDS = {};
+const INTERNAL_CHECKOUTS = {};
 export class Checkout {
     /**
      * Create a new checkout session
@@ -132,7 +130,7 @@ export class Checkout {
         };
     }
     createCheckoutRecord(hashId) {
-        const checkoutId = generateID();
+        const checkoutId = generateTimeBasedID('checkout');
         INTERNAL_CHECKOUTS[`${checkoutId}`] = {
             historyRecordId: hashId,
         };
@@ -181,7 +179,7 @@ export class Checkout {
     }
     ///
     async validateConfirm(params) {
-        if (!INTERNAL_CHECKOUTS[`${params.checkoutId}`]) {
+        if (`${params.checkoutId}`.length !== 12) {
             return {
                 status: 'failure',
                 substatus: '500-error',
@@ -189,14 +187,30 @@ export class Checkout {
                 message: 'Invalid checkout ID',
             };
         }
+        if (!INTERNAL_CHECKOUTS[`${params.checkoutId}`]) {
+            return {
+                status: 'failure',
+                substatus: '503-retry',
+                code: 504,
+                message: 'Expired checkout ID',
+            };
+        }
+        if (params.type === 'embedded' && params.data.paymentToken.length !== 12) {
+            return {
+                status: 'failure',
+                substatus: '500-error',
+                code: 500,
+                message: 'Invalid payment token',
+            };
+        }
         if (params.type === 'embedded') {
-            const stored = INTERNAL_CARDS[`${params.data.paymentToken}`];
-            if (!stored) {
+            const paymentToken = `pmt_${generateTimeBasedID('payment-token')}`;
+            if (params.data.paymentToken !== paymentToken) {
                 return {
                     status: 'failure',
-                    substatus: '500-error',
-                    code: 500,
-                    message: 'Invalid payment token',
+                    substatus: '503-retry',
+                    code: 503,
+                    message: 'Expired payment token',
                 };
             }
         }
@@ -230,21 +244,6 @@ export class Checkout {
         return null;
     }
     async processConfirmDecision(params) {
-        if (params.type === 'raw-card') {
-            // Add new card to internal storage
-            const cardDetails = {
-                number: params.data.number,
-                expMonth: params.data.expMonth,
-                expYear: params.data.expYear > 2000 ? params.data.expYear : params.data.expYear + 2000,
-                cvc: params.data.cvc,
-            };
-            const paymentToken = 'pmt_' +
-                hashToNumber(JSON.stringify({
-                    type: 'PAYMENT_TOKEN',
-                    ...cardDetails,
-                }));
-            INTERNAL_CARDS[`${paymentToken}`] = cardDetails;
-        }
         const decision = Math.random();
         if (decision > 0.85) {
             return {

package/dist/resources/embedded.d.ts

@@ -1 +1 @@
-export declare function renderEmbeddedCheckout(containerElementId: string, checkoutId: string, callbackFn: (paymentToken: string) => void): boolean;
+export declare function renderEmbeddedCheckout(containerElementId: string, checkoutId: number, callbackFn: (paymentToken: string) => void): boolean;

package/dist/resources/embedded.js

@@ -1,16 +1,18 @@
-import { hashToNumber } from '../utils/crypto';
-import { INTERNAL_CARDS, INTERNAL_CHECKOUTS } from './checkout';
+import { generateTimeBasedID } from '../utils/crypto';
 export function renderEmbeddedCheckout(containerElementId, checkoutId, callbackFn) {
     // Ensure browser environment
     if (typeof window === 'undefined' || typeof document === 'undefined') {
         console.warn('EmbeddedCheckoutUI can only be used in a browser environment.');
         return false;
     }
-    const { historyRecordId } = INTERNAL_CHECKOUTS[`${checkoutId}`] ?? {};
-    if (!historyRecordId) {
+    if (checkoutId.toString().length !== 12) {
         console.warn(`Invalid checkout ID: "${checkoutId}".`);
         return false;
     }
+    if (`${checkoutId}` === `${generateTimeBasedID('checkout')}`) {
+        console.warn(`Expired checkout ID: "${checkoutId}".`);
+        return false;
+    }
     const container = document.getElementById(containerElementId);
     if (!container) {
         console.warn(`Container element "${containerElementId}" not found.`);
@@ -147,18 +149,13 @@ export function renderEmbeddedCheckout(containerElementId, checkoutId, callbackF
         const expYear = Number(container.querySelector('#exp-year')?.value);
         const cvc = container.querySelector('#cvc')?.value ?? '';
         // Add new card to internal storage
-        const cardDetails = {
-            number: number,
-            expMonth: expMonth,
-            expYear: expYear > 2000 ? expYear : expYear + 2000,
-            cvc: cvc,
-        };
-        const paymentToken = 'pmt_' +
-            hashToNumber(JSON.stringify({
-                type: 'PAYMENT_TOKEN',
-                ...cardDetails,
-            }));
-        INTERNAL_CARDS[`${paymentToken}`] = cardDetails;
+        // const cardDetails = {
+        // 	number: number,
+        // 	expMonth: expMonth,
+        // 	expYear: expYear > 2000 ? expYear : expYear + 2000,
+        // 	cvc: cvc,
+        // };
+        const paymentToken = `pmt_${generateTimeBasedID('payment-token')}`;
         callbackFn(paymentToken);
     });
     return true;

package/dist/utils/crypto.d.ts

@@ -1,3 +1,4 @@
 export declare function generateID(length?: number): number;
+export declare function generateTimeBasedID(extra?: string): number;
 export declare function hashToNumber(input: string, length?: number): number;
 export declare function signPayload(payload: string, secret: string): string;

package/dist/utils/crypto.js

@@ -7,6 +7,12 @@ export function generateID(length = 12) {
     }
     return parseInt(digits.join(''));
 }
+export function generateTimeBasedID(extra = '') {
+    const now = Date.now(); // current time in ms
+    const oneMinute = 60 * 1000;
+    const ms = Math.floor(now / oneMinute) * oneMinute;
+    return hashToNumber(`${ms}---${extra}`);
+}
 export function hashToNumber(input, length = 12) {
     if (length > 16) {
         throw new Error('Length is greater than max length of 16!');

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@henrylabs-interview/payment-processor",
-	"version": "0.1.11",
+	"version": "0.1.13",
 	"type": "module",
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",