@hookflo/tern 1.0.6 → 2.0.2-experimental.0

package/dist/test.js

@@ -24,6 +24,10 @@ function createGitHubSignature(body, secret) {
     hmac.update(body);
     return `sha256=${hmac.digest('hex')}`;
 }
+function createGitLabSignature(body, secret) {
+    // GitLab just compares the token in X-Gitlab-Token header
+    return secret;
+}
 function createClerkSignature(body, secret, id, timestamp) {
     const signedContent = `${id}.${timestamp}.${body}`;
     const secretBytes = new Uint8Array(Buffer.from(secret.split('_')[1], 'base64'));
@@ -170,7 +174,9 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const invalidResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(invalidRequest, 'stripe', testSecret);
-        console.log('   ✅ Invalid signature correctly rejected:', !invalidResult.isValid ? 'PASSED' : 'FAILED');
+        const invalidSigPassed = !invalidResult.isValid && (invalidResult.errorCode === 'INVALID_SIGNATURE'
+            || invalidResult.errorCode === 'TIMESTAMP_EXPIRED');
+        console.log('   ✅ Invalid signature correctly rejected:', invalidSigPassed ? 'PASSED' : 'FAILED');
         if (invalidResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -185,7 +191,8 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const missingHeaderResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(missingHeaderRequest, 'stripe', testSecret);
-        console.log('   ✅ Missing headers correctly rejected:', !missingHeaderResult.isValid ? 'PASSED' : 'FAILED');
+        const missingHeaderPassed = !missingHeaderResult.isValid && missingHeaderResult.errorCode === 'MISSING_SIGNATURE';
+        console.log('   ✅ Missing headers correctly rejected:', missingHeaderPassed ? 'PASSED' : 'FAILED');
         if (missingHeaderResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -193,6 +200,95 @@ async function runTests() {
     catch (error) {
         console.log('   ❌ Missing headers test failed:', error);
     }
+    // Test 8: GitLab Webhook
+    console.log('\n8. Testing GitLab Webhook...');
+    try {
+        const gitlabSecret = testSecret;
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': gitlabSecret,
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', gitlabSecret);
+        console.log('   ✅ GitLab:', gitlabResult.isValid ? 'PASSED' : 'FAILED');
+        if (!gitlabResult.isValid) {
+            console.log('   ❌ Error:', gitlabResult.error);
+        }
+    }
+    catch (error) {
+        console.log('   ❌ GitLab test failed:', error);
+    }
+    // Test 9: GitLab Invalid Token
+    console.log('\n9. Testing GitLab Invalid Token...');
+    try {
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': 'wrong_secret',
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', testSecret);
+        console.log('   ✅ Invalid token correctly rejected:', !gitlabResult.isValid ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ GitLab invalid token test failed:', error);
+    }
+    // Test 10: verifyAny should auto-detect Stripe
+    console.log('\n10. Testing verifyAny auto-detection...');
+    try {
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(testBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        });
+        const result = await index_1.WebhookVerificationService.verifyAny(request, {
+            stripe: testSecret,
+            github: 'wrong-secret',
+        });
+        console.log('   ✅ verifyAny:', result.isValid && result.platform === 'stripe' ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ verifyAny test failed:', error);
+    }
+    // Test 11: Normalization for Stripe
+    console.log('\n11. Testing payload normalization...');
+    try {
+        const normalizedStripeBody = JSON.stringify({
+            type: 'payment_intent.succeeded',
+            data: {
+                object: {
+                    id: 'pi_123',
+                    amount: 5000,
+                    currency: 'usd',
+                    customer: 'cus_456',
+                },
+            },
+        });
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(normalizedStripeBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        }, normalizedStripeBody);
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'stripe', testSecret, 300, true);
+        const payload = result.payload;
+        const passed = result.isValid
+            && payload.event === 'payment.succeeded'
+            && payload.currency === 'USD'
+            && payload.transaction_id === 'pi_123';
+        console.log('   ✅ Normalization:', passed ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Normalization test failed:', error);
+    }
+    // Test 12: Category-aware normalization registry
+    console.log('\n12. Testing category-based platform registry...');
+    try {
+        const paymentPlatforms = (0, index_1.getPlatformsByCategory)('payment');
+        const hasStripeAndPolar = paymentPlatforms.includes('stripe') && paymentPlatforms.includes('polar');
+        console.log('   ✅ Category registry:', hasStripeAndPolar ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Category registry test failed:', error);
+    }
     console.log('\n🎉 All tests completed!');
 }
 // Run tests if this file is executed directly

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'unknown';
+export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'gitlab' | 'unknown';
 export declare enum WebhookPlatformKeys {
     GitHub = "github",
     Stripe = "stripe",
@@ -8,6 +8,7 @@ export declare enum WebhookPlatformKeys {
     Vercel = "vercel",
     Polar = "polar",
     Supabase = "supabase",
+    GitLab = "gitlab",
     Custom = "custom",
     Unknown = "unknown"
 }
@@ -22,11 +23,76 @@ export interface SignatureConfig {
     payloadFormat?: 'raw' | 'timestamped' | 'custom';
     customConfig?: Record<string, any>;
 }
-export interface WebhookVerificationResult {
+export type WebhookErrorCode = 'MISSING_SIGNATURE' | 'INVALID_SIGNATURE' | 'TIMESTAMP_EXPIRED' | 'MISSING_TOKEN' | 'INVALID_TOKEN' | 'PLATFORM_NOT_SUPPORTED' | 'NORMALIZATION_ERROR' | 'VERIFICATION_ERROR';
+export type NormalizationCategory = 'payment' | 'auth' | 'ecommerce' | 'infrastructure';
+export interface BaseNormalizedWebhook {
+    category: NormalizationCategory;
+    event: string;
+    _platform: WebhookPlatform | string;
+    _raw: unknown;
+    occurred_at?: string;
+}
+export type PaymentWebhookEvent = 'payment.succeeded' | 'payment.failed' | 'payment.refunded' | 'subscription.created' | 'subscription.cancelled' | 'payment.unknown';
+export interface PaymentWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'payment';
+    event: PaymentWebhookEvent;
+    amount?: number;
+    currency?: string;
+    customer_id?: string;
+    transaction_id?: string;
+    subscription_id?: string;
+    refund_amount?: number;
+    failure_reason?: string;
+    metadata?: Record<string, string>;
+}
+export type AuthWebhookEvent = 'user.created' | 'user.updated' | 'user.deleted' | 'session.started' | 'session.ended' | 'auth.unknown';
+export interface AuthWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'auth';
+    event: AuthWebhookEvent;
+    user_id?: string;
+    email?: string;
+    phone?: string;
+    metadata?: Record<string, string>;
+}
+export interface EcommerceWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'ecommerce';
+    event: string;
+    order_id?: string;
+    customer_id?: string;
+    amount?: number;
+    currency?: string;
+    metadata?: Record<string, string>;
+}
+export interface InfrastructureWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'infrastructure';
+    event: string;
+    project_id?: string;
+    deployment_id?: string;
+    status?: 'queued' | 'building' | 'ready' | 'error' | 'unknown';
+    metadata?: Record<string, string>;
+}
+export interface UnknownNormalizedWebhook extends BaseNormalizedWebhook {
+    event: string;
+    warning?: string;
+}
+export type NormalizedPayloadByCategory = {
+    payment: PaymentWebhookNormalized;
+    auth: AuthWebhookNormalized;
+    ecommerce: EcommerceWebhookNormalized;
+    infrastructure: InfrastructureWebhookNormalized;
+};
+export type AnyNormalizedWebhook = PaymentWebhookNormalized | AuthWebhookNormalized | EcommerceWebhookNormalized | InfrastructureWebhookNormalized | UnknownNormalizedWebhook;
+export interface NormalizeOptions {
+    enabled?: boolean;
+    category?: NormalizationCategory;
+    includeRaw?: boolean;
+}
+export interface WebhookVerificationResult<TPayload = unknown> {
     isValid: boolean;
     error?: string;
+    errorCode?: WebhookErrorCode;
     platform: WebhookPlatform;
-    payload?: any;
+    payload?: TPayload;
     metadata?: {
         timestamp?: string;
         id?: string | null;
@@ -38,6 +104,10 @@ export interface WebhookConfig {
     secret: string;
     toleranceInSeconds?: number;
     signatureConfig?: SignatureConfig;
+    normalize?: boolean | NormalizeOptions;
+}
+export interface MultiPlatformSecrets {
+    [platform: string]: string | undefined;
 }
 export interface PlatformAlgorithmConfig {
     platform: WebhookPlatform;

package/dist/types.js

@@ -11,6 +11,7 @@ var WebhookPlatformKeys;
     WebhookPlatformKeys["Vercel"] = "vercel";
     WebhookPlatformKeys["Polar"] = "polar";
     WebhookPlatformKeys["Supabase"] = "supabase";
+    WebhookPlatformKeys["GitLab"] = "gitlab";
     WebhookPlatformKeys["Custom"] = "custom";
     WebhookPlatformKeys["Unknown"] = "unknown";
 })(WebhookPlatformKeys || (exports.WebhookPlatformKeys = WebhookPlatformKeys = {}));

package/dist/verifiers/algorithms.d.ts

@@ -1,5 +1,5 @@
-import { WebhookVerifier } from "./base";
-import { WebhookVerificationResult, SignatureConfig, WebhookPlatform } from "../types";
+import { WebhookVerifier } from './base';
+import { WebhookVerificationResult, SignatureConfig, WebhookPlatform } from '../types';
 export declare abstract class AlgorithmBasedVerifier extends WebhookVerifier {
     protected config: SignatureConfig;
     protected platform: WebhookPlatform;

package/dist/verifiers/algorithms.js

@@ -15,27 +15,27 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         if (!headerValue)
             return null;
         switch (this.config.headerFormat) {
-            case "prefixed":
+            case 'prefixed':
                 // For GitHub, return the full signature including prefix for comparison
                 return headerValue;
-            case "comma-separated":
+            case 'comma-separated':
                 // Handle comma-separated format like Stripe: "t=1234567890,v1=abc123"
-                const parts = headerValue.split(",");
+                const parts = headerValue.split(',');
                 const sigMap = {};
                 for (const part of parts) {
-                    const [key, value] = part.split("=");
+                    const [key, value] = part.split('=');
                     if (key && value) {
                         sigMap[key] = value;
                     }
                 }
                 return sigMap.v1 || sigMap.signature || null;
-            case "raw":
+            case 'raw':
             default:
-                if (this.platform === "clerk" || this.platform === "dodopayments") {
-                    const signatures = headerValue.split(" ");
+                if (this.platform === 'clerk' || this.platform === 'dodopayments') {
+                    const signatures = headerValue.split(' ');
                     for (const sig of signatures) {
-                        const [version, signature] = sig.split(",");
-                        if (version === "v1") {
+                        const [version, signature] = sig.split(',');
+                        if (version === 'v1') {
                             return signature;
                         }
                     }
@@ -51,11 +51,11 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         if (!timestampHeader)
             return null;
         switch (this.config.timestampFormat) {
-            case "unix":
+            case 'unix':
                 return parseInt(timestampHeader, 10);
-            case "iso":
+            case 'iso':
                 return Math.floor(new Date(timestampHeader).getTime() / 1000);
-            case "custom":
+            case 'custom':
                 // Custom timestamp parsing logic can be added here
                 return parseInt(timestampHeader, 10);
             default:
@@ -64,14 +64,14 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
     }
     extractTimestampFromSignature(request) {
         // For platforms like Stripe where timestamp is embedded in signature
-        if (this.config.headerFormat === "comma-separated") {
+        if (this.config.headerFormat === 'comma-separated') {
             const headerValue = request.headers.get(this.config.headerName);
             if (!headerValue)
                 return null;
-            const parts = headerValue.split(",");
+            const parts = headerValue.split(',');
             const sigMap = {};
             for (const part of parts) {
-                const [key, value] = part.split("=");
+                const [key, value] = part.split('=');
                 if (key && value) {
                     sigMap[key] = value;
                 }
@@ -82,14 +82,14 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
     }
     formatPayload(rawBody, request) {
         switch (this.config.payloadFormat) {
-            case "timestamped":
+            case 'timestamped':
                 // For Stripe, timestamp is embedded in signature
-                const timestamp = this.extractTimestampFromSignature(request) ||
-                    this.extractTimestamp(request);
+                const timestamp = this.extractTimestampFromSignature(request)
+                    || this.extractTimestamp(request);
                 return timestamp ? `${timestamp}.${rawBody}` : rawBody;
-            case "custom":
+            case 'custom':
                 return this.formatCustomPayload(rawBody, request);
-            case "raw":
+            case 'raw':
             default:
                 return rawBody;
         }
@@ -100,42 +100,42 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         }
         const customFormat = this.config.customConfig.payloadFormat;
         // Handle Clerk-style format: {id}.{timestamp}.{body}
-        if (customFormat.includes("{id}") && customFormat.includes("{timestamp}")) {
-            const id = request.headers.get(this.config.customConfig.idHeader || "x-webhook-id");
-            const timestamp = request.headers.get(this.config.timestampHeader || "x-webhook-timestamp");
+        if (customFormat.includes('{id}') && customFormat.includes('{timestamp}')) {
+            const id = request.headers.get(this.config.customConfig.idHeader || 'x-webhook-id');
+            const timestamp = request.headers.get(this.config.timestampHeader || 'x-webhook-timestamp');
             return customFormat
-                .replace("{id}", id || "")
-                .replace("{timestamp}", timestamp || "")
-                .replace("{body}", rawBody);
+                .replace('{id}', id || '')
+                .replace('{timestamp}', timestamp || '')
+                .replace('{body}', rawBody);
         }
         // Handle Stripe-style format: {timestamp}.{body}
-        if (customFormat.includes("{timestamp}") &&
-            customFormat.includes("{body}")) {
+        if (customFormat.includes('{timestamp}')
+            && customFormat.includes('{body}')) {
             const timestamp = this.extractTimestamp(request);
             return customFormat
-                .replace("{timestamp}", timestamp?.toString() || "")
-                .replace("{body}", rawBody);
+                .replace('{timestamp}', timestamp?.toString() || '')
+                .replace('{body}', rawBody);
         }
         return rawBody;
     }
-    verifyHMAC(payload, signature, algorithm = "sha256") {
+    verifyHMAC(payload, signature, algorithm = 'sha256') {
         const hmac = (0, crypto_1.createHmac)(algorithm, this.secret);
         hmac.update(payload);
-        const expectedSignature = hmac.digest("hex");
+        const expectedSignature = hmac.digest('hex');
         return this.safeCompare(signature, expectedSignature);
     }
-    verifyHMACWithPrefix(payload, signature, algorithm = "sha256") {
+    verifyHMACWithPrefix(payload, signature, algorithm = 'sha256') {
         const hmac = (0, crypto_1.createHmac)(algorithm, this.secret);
         hmac.update(payload);
-        const expectedSignature = `${this.config.prefix || ""}${hmac.digest("hex")}`;
+        const expectedSignature = `${this.config.prefix || ''}${hmac.digest('hex')}`;
         return this.safeCompare(signature, expectedSignature);
     }
-    verifyHMACWithBase64(payload, signature, algorithm = "sha256") {
+    verifyHMACWithBase64(payload, signature, algorithm = 'sha256') {
         // For platforms like Clerk that use base64 encoding
-        const secretBytes = new Uint8Array(Buffer.from(this.secret.split("_")[1], "base64"));
+        const secretBytes = new Uint8Array(Buffer.from(this.secret.split('_')[1], 'base64'));
         const hmac = (0, crypto_1.createHmac)(algorithm, secretBytes);
         hmac.update(payload);
-        const expectedSignature = hmac.digest("base64");
+        const expectedSignature = hmac.digest('base64');
         return this.safeCompare(signature, expectedSignature);
     }
     extractMetadata(request) {
@@ -149,18 +149,18 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         }
         // Add platform-specific metadata
         switch (this.platform) {
-            case "github":
-                metadata.event = request.headers.get("x-github-event");
-                metadata.delivery = request.headers.get("x-github-delivery");
+            case 'github':
+                metadata.event = request.headers.get('x-github-event');
+                metadata.delivery = request.headers.get('x-github-delivery');
                 break;
-            case "stripe":
+            case 'stripe':
                 // Extract Stripe-specific metadata from signature
                 const headerValue = request.headers.get(this.config.headerName);
-                if (headerValue && this.config.headerFormat === "comma-separated") {
-                    const parts = headerValue.split(",");
+                if (headerValue && this.config.headerFormat === 'comma-separated') {
+                    const parts = headerValue.split(',');
                     const sigMap = {};
                     for (const part of parts) {
-                        const [key, value] = part.split("=");
+                        const [key, value] = part.split('=');
                         if (key && value) {
                             sigMap[key] = value;
                         }
@@ -168,8 +168,8 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
                     metadata.id = sigMap.id;
                 }
                 break;
-            case "clerk":
-                metadata.id = request.headers.get("svix-id");
+            case 'clerk':
+                metadata.id = request.headers.get('svix-id');
                 break;
         }
         return metadata;
@@ -185,13 +185,14 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: `Missing signature header: ${this.config.headerName}`,
+                    errorCode: 'MISSING_SIGNATURE',
                     platform: this.platform,
                 };
             }
             const rawBody = await request.text();
             // Extract timestamp based on platform configuration
             let timestamp = null;
-            if (this.config.headerFormat === "comma-separated") {
+            if (this.config.headerFormat === 'comma-separated') {
                 // For platforms like Stripe where timestamp is embedded in signature
                 timestamp = this.extractTimestampFromSignature(request);
             }
@@ -203,7 +204,8 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             if (timestamp && !this.isTimestampValid(timestamp)) {
                 return {
                     isValid: false,
-                    error: "Webhook timestamp expired",
+                    error: 'Webhook timestamp expired',
+                    errorCode: 'TIMESTAMP_EXPIRED',
                     platform: this.platform,
                 };
             }
@@ -211,12 +213,12 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             const payload = this.formatPayload(rawBody, request);
             // Verify signature based on platform configuration
             let isValid = false;
-            const algorithm = this.config.algorithm.replace("hmac-", "");
-            if (this.config.customConfig?.encoding === "base64") {
+            const algorithm = this.config.algorithm.replace('hmac-', '');
+            if (this.config.customConfig?.encoding === 'base64') {
                 // For platforms like Clerk that use base64 encoding
                 isValid = this.verifyHMACWithBase64(payload, signature, algorithm);
             }
-            else if (this.config.headerFormat === "prefixed") {
+            else if (this.config.headerFormat === 'prefixed') {
                 // For platforms like GitHub that use prefixed signatures
                 isValid = this.verifyHMACWithPrefix(payload, signature, algorithm);
             }
@@ -227,7 +229,8 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             if (!isValid) {
                 return {
                     isValid: false,
-                    error: "Invalid signature",
+                    error: 'Invalid signature',
+                    errorCode: 'INVALID_SIGNATURE',
                     platform: this.platform,
                 };
             }
@@ -252,6 +255,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             return {
                 isValid: false,
                 error: `${this.platform} verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: this.platform,
             };
         }
@@ -260,33 +264,33 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
 exports.GenericHMACVerifier = GenericHMACVerifier;
 // Legacy verifiers for backward compatibility
 class HMACSHA256Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA256Verifier = HMACSHA256Verifier;
 class HMACSHA1Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA1Verifier = HMACSHA1Verifier;
 class HMACSHA512Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA512Verifier = HMACSHA512Verifier;
 // Factory function to create verifiers based on algorithm
-function createAlgorithmVerifier(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+function createAlgorithmVerifier(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
     switch (config.algorithm) {
-        case "hmac-sha256":
-        case "hmac-sha1":
-        case "hmac-sha512":
+        case 'hmac-sha256':
+        case 'hmac-sha1':
+        case 'hmac-sha512':
             return new GenericHMACVerifier(secret, config, platform, toleranceInSeconds);
-        case "rsa-sha256":
-        case "ed25519":
-        case "custom":
+        case 'rsa-sha256':
+        case 'ed25519':
+        case 'custom':
             // These can be implemented as needed
             throw new Error(`Algorithm ${config.algorithm} not yet implemented`);
         default:

package/dist/verifiers/base.d.ts

@@ -1,4 +1,4 @@
-import { WebhookVerificationResult } from "../types";
+import { WebhookVerificationResult } from '../types';
 export declare abstract class WebhookVerifier {
     protected secret: string;
     protected toleranceInSeconds: number;

package/dist/verifiers/custom-algorithms.d.ts

@@ -1,5 +1,5 @@
-import { WebhookVerifier } from "./base";
-import { WebhookVerificationResult, SignatureConfig } from "../types";
+import { WebhookVerifier } from './base';
+import { WebhookVerificationResult, SignatureConfig } from '../types';
 export declare class TokenBasedVerifier extends WebhookVerifier {
     private config;
     constructor(secret: string, config: SignatureConfig, toleranceInSeconds?: number);

package/dist/verifiers/custom-algorithms.js

@@ -12,12 +12,13 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
     async verify(request) {
         try {
             const token = request.headers.get(this.config.headerName);
-            const id = request.headers.get(this.config.customConfig?.idHeader || "x-webhook-id");
+            const id = request.headers.get(this.config.customConfig?.idHeader || 'x-webhook-id');
             if (!token) {
                 return {
                     isValid: false,
                     error: `Missing token header: ${this.config.headerName}`,
-                    platform: "custom",
+                    errorCode: 'MISSING_TOKEN',
+                    platform: 'custom',
                 };
             }
             // Simple token comparison
@@ -25,8 +26,9 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             if (!isValid) {
                 return {
                     isValid: false,
-                    error: "Invalid token",
-                    platform: "custom",
+                    error: 'Invalid token',
+                    errorCode: 'INVALID_TOKEN',
+                    platform: 'custom',
                 };
             }
             const rawBody = await request.text();
@@ -39,11 +41,11 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             }
             return {
                 isValid: true,
-                platform: "custom",
+                platform: 'custom',
                 payload,
                 metadata: {
                     id,
-                    algorithm: "token-based",
+                    algorithm: 'token-based',
                 },
             };
         }
@@ -51,7 +53,8 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
-                platform: "custom",
+                errorCode: 'VERIFICATION_ERROR',
+                platform: 'custom',
             };
         }
     }
@@ -61,7 +64,7 @@ exports.TokenBasedVerifier = TokenBasedVerifier;
 function createCustomVerifier(secret, config, toleranceInSeconds = 300) {
     const customType = config.customConfig?.type;
     switch (customType) {
-        case "token-based":
+        case 'token-based':
             return new TokenBasedVerifier(secret, config, toleranceInSeconds);
         default:
             // Fallback to token-based for unknown custom types