@hookflo/tern 2.0.0 → 2.0.2

package/dist/index.js

@@ -14,22 +14,25 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCustomVerifier = exports.createAlgorithmVerifier = exports.validateSignatureConfig = exports.getPlatformsUsingAlgorithm = exports.platformUsesAlgorithm = exports.getPlatformAlgorithmConfig = exports.WebhookVerificationService = void 0;
+exports.getPlatformsByCategory = exports.getPlatformNormalizationCategory = exports.normalizePayload = exports.createCustomVerifier = exports.createAlgorithmVerifier = exports.validateSignatureConfig = exports.getPlatformsUsingAlgorithm = exports.platformUsesAlgorithm = exports.getPlatformAlgorithmConfig = exports.WebhookVerificationService = void 0;
 const algorithms_1 = require("./verifiers/algorithms");
 const custom_algorithms_1 = require("./verifiers/custom-algorithms");
 const algorithms_2 = require("./platforms/algorithms");
+const simple_1 = require("./normalization/simple");
 class WebhookVerificationService {
     static async verify(request, config) {
         const verifier = this.getVerifier(config);
-        const result = await verifier.verify(request);
+        const result = await verifier.verify(request.clone());
         // Ensure the platform is set correctly in the result
         if (result.isValid) {
             result.platform = config.platform;
+            if (config.normalize) {
+                result.payload = (0, simple_1.normalizePayload)(config.platform, result.payload, config.normalize);
+            }
         }
         return result;
     }
     static getVerifier(config) {
-        const platform = config.platform.toLowerCase();
         // If a custom signature config is provided, use the new algorithm-based framework
         if (config.signatureConfig) {
             return this.createAlgorithmBasedVerifier(config);
@@ -50,9 +53,8 @@ class WebhookVerificationService {
         return (0, algorithms_1.createAlgorithmVerifier)(secret, signatureConfig, config.platform, toleranceInSeconds);
     }
     static getLegacyVerifier(config) {
-        const platform = config.platform.toLowerCase();
         // For legacy support, we'll use the algorithm-based approach
-        const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(platform);
+        const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(config.platform);
         const configWithSignature = {
             ...config,
             signatureConfig: platformConfig.signatureConfig,
@@ -60,30 +62,72 @@ class WebhookVerificationService {
         return this.createAlgorithmBasedVerifier(configWithSignature);
     }
     // New method to create verifier using platform algorithm config
-    static async verifyWithPlatformConfig(request, platform, secret, toleranceInSeconds = 300) {
+    static async verifyWithPlatformConfig(request, platform, secret, toleranceInSeconds = 300, normalize = false) {
         const platformConfig = (0, algorithms_2.getPlatformAlgorithmConfig)(platform);
         const config = {
             platform,
             secret,
             toleranceInSeconds,
             signatureConfig: platformConfig.signatureConfig,
+            normalize,
         };
-        return await this.verify(request, config);
+        return this.verify(request, config);
+    }
+    static async verifyAny(request, secrets, toleranceInSeconds = 300, normalize = false) {
+        const requestClone = request.clone();
+        const detectedPlatform = this.detectPlatform(requestClone);
+        if (detectedPlatform !== 'unknown' && secrets[detectedPlatform]) {
+            return this.verifyWithPlatformConfig(requestClone, detectedPlatform, secrets[detectedPlatform], toleranceInSeconds, normalize);
+        }
+        for (const [platform, secret] of Object.entries(secrets)) {
+            if (!secret) {
+                continue;
+            }
+            const result = await this.verifyWithPlatformConfig(requestClone, platform.toLowerCase(), secret, toleranceInSeconds, normalize);
+            if (result.isValid) {
+                return result;
+            }
+        }
+        return {
+            isValid: false,
+            error: 'Unable to verify webhook with provided platform secrets',
+            errorCode: 'VERIFICATION_ERROR',
+            platform: detectedPlatform,
+        };
+    }
+    static detectPlatform(request) {
+        const headers = request.headers;
+        if (headers.has('stripe-signature'))
+            return 'stripe';
+        if (headers.has('x-hub-signature-256'))
+            return 'github';
+        if (headers.has('svix-signature'))
+            return 'clerk';
+        if (headers.has('webhook-signature'))
+            return 'dodopayments';
+        if (headers.has('x-gitlab-token'))
+            return 'gitlab';
+        if (headers.has('x-polar-signature'))
+            return 'polar';
+        if (headers.has('x-shopify-hmac-sha256'))
+            return 'shopify';
+        if (headers.has('x-vercel-signature'))
+            return 'vercel';
+        if (headers.has('x-webhook-token') && headers.has('x-webhook-id'))
+            return 'supabase';
+        return 'unknown';
     }
     // Helper method to get all platforms using a specific algorithm
     static getPlatformsUsingAlgorithm(algorithm) {
-        const { getPlatformsUsingAlgorithm } = require('./platforms/algorithms');
-        return getPlatformsUsingAlgorithm(algorithm);
+        return (0, algorithms_2.getPlatformsUsingAlgorithm)(algorithm);
     }
     // Helper method to check if a platform uses a specific algorithm
     static platformUsesAlgorithm(platform, algorithm) {
-        const { platformUsesAlgorithm } = require('./platforms/algorithms');
-        return platformUsesAlgorithm(platform, algorithm);
+        return (0, algorithms_2.platformUsesAlgorithm)(platform, algorithm);
     }
     // Helper method to validate signature config
     static validateSignatureConfig(config) {
-        const { validateSignatureConfig } = require('./platforms/algorithms');
-        return validateSignatureConfig(config);
+        return (0, algorithms_2.validateSignatureConfig)(config);
     }
     // Simple token-based verification for platforms like Supabase
     static async verifyTokenBased(request, webhookId, webhookToken) {
@@ -94,6 +138,7 @@ class WebhookVerificationService {
                 return {
                     isValid: false,
                     error: 'Missing required headers: x-webhook-id and x-webhook-token',
+                    errorCode: 'MISSING_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -103,6 +148,7 @@ class WebhookVerificationService {
                 return {
                     isValid: false,
                     error: 'Invalid webhook ID or token',
+                    errorCode: 'INVALID_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -117,7 +163,7 @@ class WebhookVerificationService {
             return {
                 isValid: true,
                 platform: 'custom',
-                payload,
+                payload: payload,
                 metadata: {
                     id: idHeader,
                     algorithm: 'token-based',
@@ -128,6 +174,7 @@ class WebhookVerificationService {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: 'custom',
             };
         }
@@ -144,4 +191,9 @@ var algorithms_4 = require("./verifiers/algorithms");
 Object.defineProperty(exports, "createAlgorithmVerifier", { enumerable: true, get: function () { return algorithms_4.createAlgorithmVerifier; } });
 var custom_algorithms_2 = require("./verifiers/custom-algorithms");
 Object.defineProperty(exports, "createCustomVerifier", { enumerable: true, get: function () { return custom_algorithms_2.createCustomVerifier; } });
+var simple_2 = require("./normalization/simple");
+Object.defineProperty(exports, "normalizePayload", { enumerable: true, get: function () { return simple_2.normalizePayload; } });
+Object.defineProperty(exports, "getPlatformNormalizationCategory", { enumerable: true, get: function () { return simple_2.getPlatformNormalizationCategory; } });
+Object.defineProperty(exports, "getPlatformsByCategory", { enumerable: true, get: function () { return simple_2.getPlatformsByCategory; } });
+__exportStar(require("./adapters"), exports);
 exports.default = WebhookVerificationService;

package/dist/nextjs.d.ts

@@ -0,0 +1,2 @@
+export { createWebhookHandler } from './adapters/nextjs';
+export type { NextWebhookHandlerOptions } from './adapters/nextjs';

package/dist/nextjs.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createWebhookHandler = void 0;
+var nextjs_1 = require("./adapters/nextjs");
+Object.defineProperty(exports, "createWebhookHandler", { enumerable: true, get: function () { return nextjs_1.createWebhookHandler; } });

package/dist/normalization/simple.d.ts

@@ -0,0 +1,4 @@
+import { AnyNormalizedWebhook, NormalizeOptions, NormalizationCategory, WebhookPlatform } from '../types';
+export declare function getPlatformNormalizationCategory(platform: WebhookPlatform): NormalizationCategory | null;
+export declare function getPlatformsByCategory(category: NormalizationCategory): WebhookPlatform[];
+export declare function normalizePayload(platform: WebhookPlatform, payload: any, normalize?: boolean | NormalizeOptions): AnyNormalizedWebhook | unknown;

package/dist/normalization/simple.js

@@ -0,0 +1,138 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getPlatformNormalizationCategory = getPlatformNormalizationCategory;
+exports.getPlatformsByCategory = getPlatformsByCategory;
+exports.normalizePayload = normalizePayload;
+function readPath(payload, path) {
+    return path.split('.').reduce((acc, key) => {
+        if (acc === undefined || acc === null) {
+            return undefined;
+        }
+        return acc[key];
+    }, payload);
+}
+const platformNormalizers = {
+    stripe: {
+        platform: 'stripe',
+        category: 'payment',
+        normalize: (payload) => ({
+            category: 'payment',
+            event: readPath(payload, 'type') === 'payment_intent.succeeded'
+                ? 'payment.succeeded'
+                : 'payment.unknown',
+            amount: readPath(payload, 'data.object.amount_received')
+                ?? readPath(payload, 'data.object.amount'),
+            currency: String(readPath(payload, 'data.object.currency') ?? '').toUpperCase() || undefined,
+            customer_id: readPath(payload, 'data.object.customer'),
+            transaction_id: readPath(payload, 'data.object.id'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    polar: {
+        platform: 'polar',
+        category: 'payment',
+        normalize: (payload) => ({
+            category: 'payment',
+            event: readPath(payload, 'event') === 'payment.completed'
+                ? 'payment.succeeded'
+                : 'payment.unknown',
+            amount: readPath(payload, 'payload.amount_cents'),
+            currency: String(readPath(payload, 'payload.currency_code') ?? '').toUpperCase() || undefined,
+            customer_id: readPath(payload, 'payload.customer_id'),
+            transaction_id: readPath(payload, 'payload.transaction_id'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    clerk: {
+        platform: 'clerk',
+        category: 'auth',
+        normalize: (payload) => ({
+            category: 'auth',
+            event: readPath(payload, 'type') || 'auth.unknown',
+            user_id: readPath(payload, 'data.id'),
+            email: readPath(payload, 'data.email_addresses.0.email_address'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    supabase: {
+        platform: 'supabase',
+        category: 'auth',
+        normalize: (payload) => ({
+            category: 'auth',
+            event: readPath(payload, 'type') || readPath(payload, 'event') || 'auth.unknown',
+            user_id: readPath(payload, 'record.id') || readPath(payload, 'id'),
+            email: readPath(payload, 'record.email') || readPath(payload, 'email'),
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+    vercel: {
+        platform: 'vercel',
+        category: 'infrastructure',
+        normalize: (payload) => ({
+            category: 'infrastructure',
+            event: readPath(payload, 'type') || 'deployment.unknown',
+            project_id: readPath(payload, 'payload.project.id'),
+            deployment_id: readPath(payload, 'payload.deployment.id'),
+            status: 'unknown',
+            metadata: {},
+            occurred_at: new Date().toISOString(),
+        }),
+    },
+};
+function getPlatformNormalizationCategory(platform) {
+    return platformNormalizers[platform]?.category || null;
+}
+function getPlatformsByCategory(category) {
+    return Object.values(platformNormalizers)
+        .filter((spec) => !!spec)
+        .filter((spec) => spec.category === category)
+        .map((spec) => spec.platform);
+}
+function resolveNormalizeOptions(normalize) {
+    if (typeof normalize === 'boolean') {
+        return {
+            enabled: normalize,
+            category: undefined,
+            includeRaw: true,
+        };
+    }
+    return {
+        enabled: normalize?.enabled ?? true,
+        category: normalize?.category,
+        includeRaw: normalize?.includeRaw ?? true,
+    };
+}
+function buildUnknownNormalizedPayload(platform, payload, category, includeRaw, warning) {
+    return {
+        category: category || 'infrastructure',
+        event: payload?.type ?? payload?.event ?? 'unknown',
+        _platform: platform,
+        _raw: includeRaw ? payload : undefined,
+        warning,
+        occurred_at: new Date().toISOString(),
+    };
+}
+function normalizePayload(platform, payload, normalize) {
+    const options = resolveNormalizeOptions(normalize);
+    if (!options.enabled) {
+        return payload;
+    }
+    const spec = platformNormalizers[platform];
+    const inferredCategory = spec?.category;
+    if (!spec) {
+        return buildUnknownNormalizedPayload(platform, payload, options.category, options.includeRaw);
+    }
+    if (options.category && options.category !== inferredCategory) {
+        return buildUnknownNormalizedPayload(platform, payload, inferredCategory, options.includeRaw, `Requested normalization category '${options.category}' does not match platform category '${inferredCategory}'`);
+    }
+    const normalized = spec.normalize(payload);
+    return {
+        ...normalized,
+        _platform: platform,
+        _raw: options.includeRaw ? payload : undefined,
+    };
+}

package/dist/platforms/algorithms.js

@@ -117,6 +117,20 @@ exports.platformAlgorithmConfigs = {
         },
         description: 'Supabase webhooks use token-based authentication',
     },
+    gitlab: {
+        platform: 'gitlab',
+        signatureConfig: {
+            algorithm: 'custom',
+            headerName: 'X-Gitlab-Token',
+            headerFormat: 'raw',
+            payloadFormat: 'raw',
+            customConfig: {
+                type: 'token-based',
+                idHeader: 'X-Gitlab-Token',
+            },
+        },
+        description: 'GitLab webhooks use HMAC-SHA256 with X-Gitlab-Token header',
+    },
     custom: {
         platform: 'custom',
         signatureConfig: {

package/dist/test.js

@@ -24,6 +24,10 @@ function createGitHubSignature(body, secret) {
     hmac.update(body);
     return `sha256=${hmac.digest('hex')}`;
 }
+function createGitLabSignature(body, secret) {
+    // GitLab just compares the token in X-Gitlab-Token header
+    return secret;
+}
 function createClerkSignature(body, secret, id, timestamp) {
     const signedContent = `${id}.${timestamp}.${body}`;
     const secretBytes = new Uint8Array(Buffer.from(secret.split('_')[1], 'base64'));
@@ -170,7 +174,9 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const invalidResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(invalidRequest, 'stripe', testSecret);
-        console.log('   ✅ Invalid signature correctly rejected:', !invalidResult.isValid ? 'PASSED' : 'FAILED');
+        const invalidSigPassed = !invalidResult.isValid && (invalidResult.errorCode === 'INVALID_SIGNATURE'
+            || invalidResult.errorCode === 'TIMESTAMP_EXPIRED');
+        console.log('   ✅ Invalid signature correctly rejected:', invalidSigPassed ? 'PASSED' : 'FAILED');
         if (invalidResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -185,7 +191,8 @@ async function runTests() {
             'content-type': 'application/json',
         });
         const missingHeaderResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(missingHeaderRequest, 'stripe', testSecret);
-        console.log('   ✅ Missing headers correctly rejected:', !missingHeaderResult.isValid ? 'PASSED' : 'FAILED');
+        const missingHeaderPassed = !missingHeaderResult.isValid && missingHeaderResult.errorCode === 'MISSING_SIGNATURE';
+        console.log('   ✅ Missing headers correctly rejected:', missingHeaderPassed ? 'PASSED' : 'FAILED');
         if (missingHeaderResult.isValid) {
             console.log('   ❌ Should have been rejected');
         }
@@ -193,6 +200,95 @@ async function runTests() {
     catch (error) {
         console.log('   ❌ Missing headers test failed:', error);
     }
+    // Test 8: GitLab Webhook
+    console.log('\n8. Testing GitLab Webhook...');
+    try {
+        const gitlabSecret = testSecret;
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': gitlabSecret,
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', gitlabSecret);
+        console.log('   ✅ GitLab:', gitlabResult.isValid ? 'PASSED' : 'FAILED');
+        if (!gitlabResult.isValid) {
+            console.log('   ❌ Error:', gitlabResult.error);
+        }
+    }
+    catch (error) {
+        console.log('   ❌ GitLab test failed:', error);
+    }
+    // Test 9: GitLab Invalid Token
+    console.log('\n9. Testing GitLab Invalid Token...');
+    try {
+        const gitlabRequest = createMockRequest({
+            'X-Gitlab-Token': 'wrong_secret',
+            'content-type': 'application/json',
+        });
+        const gitlabResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(gitlabRequest, 'gitlab', testSecret);
+        console.log('   ✅ Invalid token correctly rejected:', !gitlabResult.isValid ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ GitLab invalid token test failed:', error);
+    }
+    // Test 10: verifyAny should auto-detect Stripe
+    console.log('\n10. Testing verifyAny auto-detection...');
+    try {
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(testBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        });
+        const result = await index_1.WebhookVerificationService.verifyAny(request, {
+            stripe: testSecret,
+            github: 'wrong-secret',
+        });
+        console.log('   ✅ verifyAny:', result.isValid && result.platform === 'stripe' ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ verifyAny test failed:', error);
+    }
+    // Test 11: Normalization for Stripe
+    console.log('\n11. Testing payload normalization...');
+    try {
+        const normalizedStripeBody = JSON.stringify({
+            type: 'payment_intent.succeeded',
+            data: {
+                object: {
+                    id: 'pi_123',
+                    amount: 5000,
+                    currency: 'usd',
+                    customer: 'cus_456',
+                },
+            },
+        });
+        const timestamp = Math.floor(Date.now() / 1000);
+        const stripeSignature = createStripeSignature(normalizedStripeBody, testSecret, timestamp);
+        const request = createMockRequest({
+            'stripe-signature': stripeSignature,
+            'content-type': 'application/json',
+        }, normalizedStripeBody);
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'stripe', testSecret, 300, true);
+        const payload = result.payload;
+        const passed = result.isValid
+            && payload.event === 'payment.succeeded'
+            && payload.currency === 'USD'
+            && payload.transaction_id === 'pi_123';
+        console.log('   ✅ Normalization:', passed ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Normalization test failed:', error);
+    }
+    // Test 12: Category-aware normalization registry
+    console.log('\n12. Testing category-based platform registry...');
+    try {
+        const paymentPlatforms = (0, index_1.getPlatformsByCategory)('payment');
+        const hasStripeAndPolar = paymentPlatforms.includes('stripe') && paymentPlatforms.includes('polar');
+        console.log('   ✅ Category registry:', hasStripeAndPolar ? 'PASSED' : 'FAILED');
+    }
+    catch (error) {
+        console.log('   ❌ Category registry test failed:', error);
+    }
     console.log('\n🎉 All tests completed!');
 }
 // Run tests if this file is executed directly

package/dist/types.d.ts

@@ -1,4 +1,4 @@
-export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'unknown';
+export type WebhookPlatform = 'custom' | 'clerk' | 'supabase' | 'github' | 'stripe' | 'shopify' | 'vercel' | 'polar' | 'dodopayments' | 'gitlab' | 'unknown';
 export declare enum WebhookPlatformKeys {
     GitHub = "github",
     Stripe = "stripe",
@@ -8,6 +8,7 @@ export declare enum WebhookPlatformKeys {
     Vercel = "vercel",
     Polar = "polar",
     Supabase = "supabase",
+    GitLab = "gitlab",
     Custom = "custom",
     Unknown = "unknown"
 }
@@ -22,11 +23,76 @@ export interface SignatureConfig {
     payloadFormat?: 'raw' | 'timestamped' | 'custom';
     customConfig?: Record<string, any>;
 }
-export interface WebhookVerificationResult {
+export type WebhookErrorCode = 'MISSING_SIGNATURE' | 'INVALID_SIGNATURE' | 'TIMESTAMP_EXPIRED' | 'MISSING_TOKEN' | 'INVALID_TOKEN' | 'PLATFORM_NOT_SUPPORTED' | 'NORMALIZATION_ERROR' | 'VERIFICATION_ERROR';
+export type NormalizationCategory = 'payment' | 'auth' | 'ecommerce' | 'infrastructure';
+export interface BaseNormalizedWebhook {
+    category: NormalizationCategory;
+    event: string;
+    _platform: WebhookPlatform | string;
+    _raw: unknown;
+    occurred_at?: string;
+}
+export type PaymentWebhookEvent = 'payment.succeeded' | 'payment.failed' | 'payment.refunded' | 'subscription.created' | 'subscription.cancelled' | 'payment.unknown';
+export interface PaymentWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'payment';
+    event: PaymentWebhookEvent;
+    amount?: number;
+    currency?: string;
+    customer_id?: string;
+    transaction_id?: string;
+    subscription_id?: string;
+    refund_amount?: number;
+    failure_reason?: string;
+    metadata?: Record<string, string>;
+}
+export type AuthWebhookEvent = 'user.created' | 'user.updated' | 'user.deleted' | 'session.started' | 'session.ended' | 'auth.unknown';
+export interface AuthWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'auth';
+    event: AuthWebhookEvent;
+    user_id?: string;
+    email?: string;
+    phone?: string;
+    metadata?: Record<string, string>;
+}
+export interface EcommerceWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'ecommerce';
+    event: string;
+    order_id?: string;
+    customer_id?: string;
+    amount?: number;
+    currency?: string;
+    metadata?: Record<string, string>;
+}
+export interface InfrastructureWebhookNormalized extends BaseNormalizedWebhook {
+    category: 'infrastructure';
+    event: string;
+    project_id?: string;
+    deployment_id?: string;
+    status?: 'queued' | 'building' | 'ready' | 'error' | 'unknown';
+    metadata?: Record<string, string>;
+}
+export interface UnknownNormalizedWebhook extends BaseNormalizedWebhook {
+    event: string;
+    warning?: string;
+}
+export type NormalizedPayloadByCategory = {
+    payment: PaymentWebhookNormalized;
+    auth: AuthWebhookNormalized;
+    ecommerce: EcommerceWebhookNormalized;
+    infrastructure: InfrastructureWebhookNormalized;
+};
+export type AnyNormalizedWebhook = PaymentWebhookNormalized | AuthWebhookNormalized | EcommerceWebhookNormalized | InfrastructureWebhookNormalized | UnknownNormalizedWebhook;
+export interface NormalizeOptions {
+    enabled?: boolean;
+    category?: NormalizationCategory;
+    includeRaw?: boolean;
+}
+export interface WebhookVerificationResult<TPayload = unknown> {
     isValid: boolean;
     error?: string;
+    errorCode?: WebhookErrorCode;
     platform: WebhookPlatform;
-    payload?: any;
+    payload?: TPayload;
     metadata?: {
         timestamp?: string;
         id?: string | null;
@@ -38,6 +104,10 @@ export interface WebhookConfig {
     secret: string;
     toleranceInSeconds?: number;
     signatureConfig?: SignatureConfig;
+    normalize?: boolean | NormalizeOptions;
+}
+export interface MultiPlatformSecrets {
+    [platform: string]: string | undefined;
 }
 export interface PlatformAlgorithmConfig {
     platform: WebhookPlatform;

package/dist/types.js

@@ -11,6 +11,7 @@ var WebhookPlatformKeys;
     WebhookPlatformKeys["Vercel"] = "vercel";
     WebhookPlatformKeys["Polar"] = "polar";
     WebhookPlatformKeys["Supabase"] = "supabase";
+    WebhookPlatformKeys["GitLab"] = "gitlab";
     WebhookPlatformKeys["Custom"] = "custom";
     WebhookPlatformKeys["Unknown"] = "unknown";
 })(WebhookPlatformKeys || (exports.WebhookPlatformKeys = WebhookPlatformKeys = {}));

package/dist/verifiers/algorithms.js

@@ -185,6 +185,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: `Missing signature header: ${this.config.headerName}`,
+                    errorCode: 'MISSING_SIGNATURE',
                     platform: this.platform,
                 };
             }
@@ -204,6 +205,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: 'Webhook timestamp expired',
+                    errorCode: 'TIMESTAMP_EXPIRED',
                     platform: this.platform,
                 };
             }
@@ -228,6 +230,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
                 return {
                     isValid: false,
                     error: 'Invalid signature',
+                    errorCode: 'INVALID_SIGNATURE',
                     platform: this.platform,
                 };
             }
@@ -252,6 +255,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             return {
                 isValid: false,
                 error: `${this.platform} verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: this.platform,
             };
         }

package/dist/verifiers/custom-algorithms.js

@@ -17,6 +17,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
                 return {
                     isValid: false,
                     error: `Missing token header: ${this.config.headerName}`,
+                    errorCode: 'MISSING_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -26,6 +27,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
                 return {
                     isValid: false,
                     error: 'Invalid token',
+                    errorCode: 'INVALID_TOKEN',
                     platform: 'custom',
                 };
             }
@@ -51,6 +53,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
+                errorCode: 'VERIFICATION_ERROR',
                 platform: 'custom',
             };
         }