@l4yercak3/cli 1.2.16 → 1.2.19

package/src/generators/api-only/webhooks.js

@@ -0,0 +1,377 @@
+/**
+ * Webhooks Generator
+ * Generates webhook handling utilities for the L4YERCAK3 API
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { ensureDir, writeFileWithBackup, checkFileOverwrite } = require('../../utils/file-utils');
+
+class WebhooksGenerator {
+  /**
+   * Generate the webhooks utility file
+   * @param {Object} options - Generation options
+   * @returns {Promise<string|null>} - Path to generated file or null if skipped
+   */
+  async generate(options) {
+    const { projectPath, isTypeScript } = options;
+
+    // Determine output directory
+    let outputDir;
+    if (fs.existsSync(path.join(projectPath, 'src'))) {
+      outputDir = path.join(projectPath, 'src', 'lib', 'l4yercak3');
+    } else {
+      outputDir = path.join(projectPath, 'lib', 'l4yercak3');
+    }
+
+    ensureDir(outputDir);
+
+    const extension = isTypeScript ? 'ts' : 'js';
+    const outputPath = path.join(outputDir, `webhooks.${extension}`);
+
+    const action = await checkFileOverwrite(outputPath);
+    if (action === 'skip') {
+      return null;
+    }
+
+    const content = isTypeScript
+      ? this.generateTypeScriptWebhooks()
+      : this.generateJavaScriptWebhooks();
+
+    return writeFileWithBackup(outputPath, content, action);
+  }
+
+  generateTypeScriptWebhooks() {
+    return `/**
+ * L4YERCAK3 Webhook Utilities
+ * Auto-generated by @l4yercak3/cli
+ *
+ * Utilities for handling webhook events from L4YERCAK3.
+ */
+
+import { createHmac, timingSafeEqual } from 'crypto';
+
+export interface WebhookEvent<T = Record<string, unknown>> {
+  id: string;
+  type: WebhookEventType;
+  timestamp: string;
+  data: T;
+  organizationId: string;
+}
+
+export type WebhookEventType =
+  | 'contact.created'
+  | 'contact.updated'
+  | 'contact.deleted'
+  | 'organization.created'
+  | 'organization.updated'
+  | 'event.created'
+  | 'event.updated'
+  | 'event.published'
+  | 'event.cancelled'
+  | 'attendee.registered'
+  | 'attendee.checked_in'
+  | 'attendee.cancelled'
+  | 'form.submitted'
+  | 'order.created'
+  | 'order.paid'
+  | 'order.refunded'
+  | 'invoice.created'
+  | 'invoice.sent'
+  | 'invoice.paid'
+  | 'invoice.overdue'
+  | 'benefit_claim.submitted'
+  | 'benefit_claim.approved'
+  | 'benefit_claim.rejected'
+  | 'benefit_claim.paid'
+  | 'commission.calculated'
+  | 'commission.paid'
+  | 'certificate.issued';
+
+export interface VerifyOptions {
+  /** The raw request body as a string or Buffer */
+  payload: string | Buffer;
+  /** The signature from the X-L4yercak3-Signature header */
+  signature: string;
+  /** Your webhook secret from the L4YERCAK3 dashboard */
+  secret: string;
+  /** Tolerance in seconds for timestamp validation (default: 300 = 5 minutes) */
+  tolerance?: number;
+}
+
+export class WebhookVerificationError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'WebhookVerificationError';
+  }
+}
+
+/**
+ * Verify a webhook signature and parse the event
+ *
+ * @example
+ * \`\`\`ts
+ * // In your Next.js API route
+ * import { verifyWebhookSignature, WebhookEvent } from '@/lib/l4yercak3';
+ *
+ * export async function POST(req: Request) {
+ *   const payload = await req.text();
+ *   const signature = req.headers.get('x-l4yercak3-signature') || '';
+ *
+ *   try {
+ *     const event = verifyWebhookSignature({
+ *       payload,
+ *       signature,
+ *       secret: process.env.L4YERCAK3_WEBHOOK_SECRET!,
+ *     });
+ *
+ *     switch (event.type) {
+ *       case 'contact.created':
+ *         // Handle new contact
+ *         break;
+ *       case 'order.paid':
+ *         // Handle paid order
+ *         break;
+ *     }
+ *
+ *     return new Response('OK', { status: 200 });
+ *   } catch (error) {
+ *     console.error('Webhook error:', error);
+ *     return new Response('Invalid signature', { status: 400 });
+ *   }
+ * }
+ * \`\`\`
+ */
+export function verifyWebhookSignature<T = Record<string, unknown>>(
+  options: VerifyOptions
+): WebhookEvent<T> {
+  const { payload, signature, secret, tolerance = 300 } = options;
+
+  if (!signature) {
+    throw new WebhookVerificationError('Missing signature header');
+  }
+
+  // Parse the signature header (format: t=timestamp,v1=signature)
+  const parts = signature.split(',').reduce((acc, part) => {
+    const [key, value] = part.split('=');
+    acc[key] = value;
+    return acc;
+  }, {} as Record<string, string>);
+
+  const timestamp = parts['t'];
+  const signatureHash = parts['v1'];
+
+  if (!timestamp || !signatureHash) {
+    throw new WebhookVerificationError('Invalid signature format');
+  }
+
+  // Check timestamp tolerance
+  const timestampNum = parseInt(timestamp, 10);
+  const now = Math.floor(Date.now() / 1000);
+  if (Math.abs(now - timestampNum) > tolerance) {
+    throw new WebhookVerificationError('Timestamp outside tolerance window');
+  }
+
+  // Compute expected signature
+  const payloadStr = typeof payload === 'string' ? payload : payload.toString('utf8');
+  const signedPayload = \`\${timestamp}.\${payloadStr}\`;
+  const expectedSignature = createHmac('sha256', secret)
+    .update(signedPayload)
+    .digest('hex');
+
+  // Constant-time comparison
+  const expectedBuffer = Buffer.from(expectedSignature);
+  const receivedBuffer = Buffer.from(signatureHash);
+
+  if (expectedBuffer.length !== receivedBuffer.length) {
+    throw new WebhookVerificationError('Invalid signature');
+  }
+
+  if (!timingSafeEqual(expectedBuffer, receivedBuffer)) {
+    throw new WebhookVerificationError('Invalid signature');
+  }
+
+  // Parse and return the event
+  try {
+    return JSON.parse(payloadStr) as WebhookEvent<T>;
+  } catch {
+    throw new WebhookVerificationError('Invalid JSON payload');
+  }
+}
+
+/**
+ * Type guard helpers for specific webhook events
+ */
+export function isContactEvent(event: WebhookEvent): event is WebhookEvent<{ contact: unknown }> {
+  return event.type.startsWith('contact.');
+}
+
+export function isEventEvent(event: WebhookEvent): event is WebhookEvent<{ event: unknown }> {
+  return event.type.startsWith('event.');
+}
+
+export function isOrderEvent(event: WebhookEvent): event is WebhookEvent<{ order: unknown }> {
+  return event.type.startsWith('order.');
+}
+
+export function isInvoiceEvent(event: WebhookEvent): event is WebhookEvent<{ invoice: unknown }> {
+  return event.type.startsWith('invoice.');
+}
+
+export function isBenefitClaimEvent(event: WebhookEvent): event is WebhookEvent<{ claim: unknown }> {
+  return event.type.startsWith('benefit_claim.');
+}
+`;
+  }
+
+  generateJavaScriptWebhooks() {
+    return `/**
+ * L4YERCAK3 Webhook Utilities
+ * Auto-generated by @l4yercak3/cli
+ *
+ * Utilities for handling webhook events from L4YERCAK3.
+ */
+
+const { createHmac, timingSafeEqual } = require('crypto');
+
+class WebhookVerificationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = 'WebhookVerificationError';
+  }
+}
+
+/**
+ * Verify a webhook signature and parse the event
+ *
+ * @param {Object} options
+ * @param {string|Buffer} options.payload - The raw request body
+ * @param {string} options.signature - The signature from X-L4yercak3-Signature header
+ * @param {string} options.secret - Your webhook secret
+ * @param {number} [options.tolerance=300] - Timestamp tolerance in seconds
+ * @returns {Object} The verified webhook event
+ * @throws {WebhookVerificationError} If verification fails
+ *
+ * @example
+ * // In your Next.js API route
+ * const { verifyWebhookSignature } = require('@/lib/l4yercak3');
+ *
+ * export default async function handler(req, res) {
+ *   const payload = req.body;
+ *   const signature = req.headers['x-l4yercak3-signature'];
+ *
+ *   try {
+ *     const event = verifyWebhookSignature({
+ *       payload: JSON.stringify(payload),
+ *       signature,
+ *       secret: process.env.L4YERCAK3_WEBHOOK_SECRET,
+ *     });
+ *
+ *     switch (event.type) {
+ *       case 'contact.created':
+ *         // Handle new contact
+ *         break;
+ *       case 'order.paid':
+ *         // Handle paid order
+ *         break;
+ *     }
+ *
+ *     res.status(200).json({ received: true });
+ *   } catch (error) {
+ *     console.error('Webhook error:', error);
+ *     res.status(400).json({ error: 'Invalid signature' });
+ *   }
+ * }
+ */
+function verifyWebhookSignature(options) {
+  const { payload, signature, secret, tolerance = 300 } = options;
+
+  if (!signature) {
+    throw new WebhookVerificationError('Missing signature header');
+  }
+
+  // Parse the signature header (format: t=timestamp,v1=signature)
+  const parts = signature.split(',').reduce((acc, part) => {
+    const [key, value] = part.split('=');
+    acc[key] = value;
+    return acc;
+  }, {});
+
+  const timestamp = parts['t'];
+  const signatureHash = parts['v1'];
+
+  if (!timestamp || !signatureHash) {
+    throw new WebhookVerificationError('Invalid signature format');
+  }
+
+  // Check timestamp tolerance
+  const timestampNum = parseInt(timestamp, 10);
+  const now = Math.floor(Date.now() / 1000);
+  if (Math.abs(now - timestampNum) > tolerance) {
+    throw new WebhookVerificationError('Timestamp outside tolerance window');
+  }
+
+  // Compute expected signature
+  const payloadStr = typeof payload === 'string' ? payload : payload.toString('utf8');
+  const signedPayload = \`\${timestamp}.\${payloadStr}\`;
+  const expectedSignature = createHmac('sha256', secret)
+    .update(signedPayload)
+    .digest('hex');
+
+  // Constant-time comparison
+  const expectedBuffer = Buffer.from(expectedSignature);
+  const receivedBuffer = Buffer.from(signatureHash);
+
+  if (expectedBuffer.length !== receivedBuffer.length) {
+    throw new WebhookVerificationError('Invalid signature');
+  }
+
+  if (!timingSafeEqual(expectedBuffer, receivedBuffer)) {
+    throw new WebhookVerificationError('Invalid signature');
+  }
+
+  // Parse and return the event
+  try {
+    return JSON.parse(payloadStr);
+  } catch {
+    throw new WebhookVerificationError('Invalid JSON payload');
+  }
+}
+
+/**
+ * Type guard helpers for specific webhook events
+ */
+function isContactEvent(event) {
+  return event.type && event.type.startsWith('contact.');
+}
+
+function isEventEvent(event) {
+  return event.type && event.type.startsWith('event.');
+}
+
+function isOrderEvent(event) {
+  return event.type && event.type.startsWith('order.');
+}
+
+function isInvoiceEvent(event) {
+  return event.type && event.type.startsWith('invoice.');
+}
+
+function isBenefitClaimEvent(event) {
+  return event.type && event.type.startsWith('benefit_claim.');
+}
+
+module.exports = {
+  verifyWebhookSignature,
+  WebhookVerificationError,
+  isContactEvent,
+  isEventEvent,
+  isOrderEvent,
+  isInvoiceEvent,
+  isBenefitClaimEvent,
+};
+`;
+  }
+}
+
+module.exports = new WebhooksGenerator();

package/src/generators/env-generator.js

@@ -18,8 +18,12 @@ class EnvGenerator {
       organizationId,
       features,
       oauthProviders,
+      isMobile,
     } = options;
 
+    // Use EXPO_PUBLIC_ for Expo, NEXT_PUBLIC_ for Next.js
+    const publicPrefix = isMobile ? 'EXPO_PUBLIC_' : 'NEXT_PUBLIC_';
+
     const envPath = path.join(projectPath, '.env.local');
     const existingEnv = this.readExistingEnv(envPath);
 
@@ -31,9 +35,11 @@ class EnvGenerator {
       L4YERCAK3_API_KEY: apiKey || existingEnv.L4YERCAK3_API_KEY || 'your_api_key_here',
       L4YERCAK3_BACKEND_URL: backendUrl,
       L4YERCAK3_ORGANIZATION_ID: organizationId,
-      NEXT_PUBLIC_L4YERCAK3_BACKEND_URL: backendUrl,
     };
 
+    // Add public backend URL with appropriate prefix
+    envVars[`${publicPrefix}L4YERCAK3_BACKEND_URL`] = backendUrl;
+
     // Add OAuth variables if OAuth is enabled
     if (features.includes('oauth') && oauthProviders) {
       if (oauthProviders.includes('google')) {
@@ -55,11 +61,15 @@ class EnvGenerator {
 
     // Add Stripe variables if Stripe is enabled
     if (features.includes('stripe')) {
-      envVars.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY = existingEnv.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY || 'your_stripe_publishable_key_here';
+      const stripePublicKey = `${publicPrefix}STRIPE_PUBLISHABLE_KEY`;
+      envVars[stripePublicKey] = existingEnv[stripePublicKey] || existingEnv.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY || 'your_stripe_publishable_key_here';
       envVars.STRIPE_SECRET_KEY = existingEnv.STRIPE_SECRET_KEY || 'your_stripe_secret_key_here';
       envVars.STRIPE_WEBHOOK_SECRET = existingEnv.STRIPE_WEBHOOK_SECRET || 'your_stripe_webhook_secret_here';
     }
 
+    // Store isMobile for formatting
+    envVars._isMobile = isMobile;
+
     // Write env file
     const envContent = this.formatEnvFile(envVars);
     fs.writeFileSync(envPath, envContent, 'utf8');
@@ -103,19 +113,23 @@ class EnvGenerator {
    * Format environment variables as .env file
    */
   formatEnvFile(envVars) {
+    const isMobile = envVars._isMobile;
+    const publicPrefix = isMobile ? 'EXPO_PUBLIC_' : 'NEXT_PUBLIC_';
+    const platformName = isMobile ? 'Expo/React Native' : 'Next.js';
+    const deploymentPlatforms = isMobile ? 'EAS Build, Expo Go' : 'Vercel, Netlify, etc.';
+
     let content = `# L4YERCAK3 Configuration
 # Auto-generated by @l4yercak3/cli
 # DO NOT commit this file to git - it contains sensitive credentials
 #
-# This file is for LOCAL DEVELOPMENT. For production:
-# - Set these variables in your hosting platform (Vercel, Netlify, etc.)
-# - NEXTAUTH_URL should be your production domain
+# This file is for LOCAL DEVELOPMENT (${platformName}).
+# For production, set these variables in your deployment platform (${deploymentPlatforms}).
 
 # Core API Configuration
 L4YERCAK3_API_KEY=${envVars.L4YERCAK3_API_KEY}
 L4YERCAK3_BACKEND_URL=${envVars.L4YERCAK3_BACKEND_URL}
 L4YERCAK3_ORGANIZATION_ID=${envVars.L4YERCAK3_ORGANIZATION_ID}
-NEXT_PUBLIC_L4YERCAK3_BACKEND_URL=${envVars.NEXT_PUBLIC_L4YERCAK3_BACKEND_URL}
+${publicPrefix}L4YERCAK3_BACKEND_URL=${envVars[`${publicPrefix}L4YERCAK3_BACKEND_URL`]}
 
 `;
 
@@ -160,9 +174,10 @@ NEXTAUTH_SECRET=${envVars.NEXTAUTH_SECRET}
     }
 
     // Add Stripe section if present
-    if (envVars.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY) {
+    const stripePublicKey = envVars[`${publicPrefix}STRIPE_PUBLISHABLE_KEY`];
+    if (stripePublicKey) {
       content += `# Stripe Configuration
-NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY=${envVars.NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY}
+${publicPrefix}STRIPE_PUBLISHABLE_KEY=${stripePublicKey}
 STRIPE_SECRET_KEY=${envVars.STRIPE_SECRET_KEY}
 STRIPE_WEBHOOK_SECRET=${envVars.STRIPE_WEBHOOK_SECRET}