@mars-stack/core 0.4.0

package/dist/email/types.d.ts

@@ -0,0 +1,18 @@
+export interface SendEmailParams {
+    to: string;
+    subject: string;
+    html: string;
+    text?: string;
+}
+export interface EmailServiceError {
+    response?: {
+        body: {
+            errors: Array<{
+                message: string;
+                field: string;
+                help: string;
+            }>;
+        };
+    };
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/email/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/email/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,eAAe;IAC9B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,CAAC,EAAE,MAAM,CAAC;CACf;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,EAAE;QACT,IAAI,EAAE;YACJ,MAAM,EAAE,KAAK,CAAC;gBACZ,OAAO,EAAE,MAAM,CAAC;gBAChB,KAAK,EAAE,MAAM,CAAC;gBACd,IAAI,EAAE,MAAM,CAAC;aACd,CAAC,CAAC;SACJ,CAAC;KACH,CAAC;CACH"}

package/dist/env/index.d.ts

@@ -0,0 +1,36 @@
+import 'server-only';
+/**
+ * Determines the current deployment environment from Vercel environment variables.
+ *
+ * @returns 'production', 'staging', or 'development'
+ * @example
+ * if (getEnvironment() === 'production') enableStrictSecurity();
+ */
+export declare function getEnvironment(): 'production' | 'staging' | 'development';
+interface EnvValidatorConfig {
+    features: Record<string, boolean>;
+    services: Record<string, {
+        provider: string;
+    } | undefined>;
+}
+/**
+ * Creates a lazy environment validator that builds a Zod schema from the app's
+ * feature flags and service configuration. Validates on first access via a Proxy
+ * and throws a descriptive error if any required variables are missing.
+ *
+ * @param config - Feature flags and service provider configuration
+ * @returns An object with a lazy `env` proxy, `validateJWTSecret`, and `getEnvironment`
+ * @example
+ * const { env, validateJWTSecret } = createEnvValidator({
+ *   features: { auth: true, blog: false },
+ *   services: { email: { provider: 'resend' } },
+ * });
+ * const dbUrl = env.DATABASE_URL;
+ */
+export declare function createEnvValidator(config: EnvValidatorConfig): {
+    env: Record<string, unknown>;
+    validateJWTSecret: () => string;
+    getEnvironment: typeof getEnvironment;
+};
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/env/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/env/index.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAC;AAkBrB;;;;;;GAMG;AACH,wBAAgB,cAAc,IAAI,YAAY,GAAG,SAAS,GAAG,aAAa,CAIzE;AAED,UAAU,kBAAkB;IAC1B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE;QAAE,QAAQ,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS,CAAC,CAAC;CAC5D;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,kBAAkB;;6BA8G7B,MAAM;;EASrC"}

package/dist/env/index.js

@@ -0,0 +1 @@
+export { createEnvValidator, getEnvironment } from '../chunk-Z5BEKPJI.js';

package/dist/index.d.ts

@@ -0,0 +1,6 @@
+export type { MarsAppConfig, PrismaLike } from './types';
+export type { SessionPayload } from './auth/session';
+export type { SendEmailParams, EmailServiceError } from './email/types';
+export type { SecurityEventType, SecurityEvent, } from './logger/index';
+export { configureMars } from './configure-mars';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACzD,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AACrD,YAAY,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAC;AACxE,YAAY,EACV,iBAAiB,EACjB,aAAa,GACd,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC"}

package/dist/index.js

@@ -0,0 +1,163 @@
+import { buildCredentialTag } from './chunk-GVLH2GQP.js';
+import { createSessionManager } from './chunk-4LS3QDD5.js';
+import { createCSRFProtection } from './chunk-PZE3JGXO.js';
+import { createAuthMiddleware } from './chunk-QWMN5UJC.js';
+import './chunk-ZA46T6GX.js';
+import { constantTimeEqual } from './chunk-MXQ66RUN.js';
+import { createLogger } from './chunk-ROQV54MU.js';
+import { createEmailService } from './chunk-HOSMMQMA.js';
+import './chunk-CTYAVMOF.js';
+import { createEnvValidator } from './chunk-Z5BEKPJI.js';
+import { createApiErrorHandler } from './chunk-U4NZQ366.js';
+import './chunk-QAH2Y5WK.js';
+import { createSeoBuilders } from './chunk-ABBUHT5Z.js';
+
+// src/configure-mars.ts
+var DEV_ONLY_PROVIDERS = /* @__PURE__ */ new Set(["console", "local"]);
+var SERVICE_REQUIREMENTS = [
+  {
+    feature: "emailVerification",
+    service: "email",
+    condition: (f) => f.auth !== false && f.emailVerification !== false
+  },
+  { feature: "billing", service: "payments" },
+  { feature: "fileUpload", service: "storage" }
+];
+function validateServiceProviders(appConfig) {
+  if (process.env.NODE_ENV !== "production") return;
+  if (process.env.NEXT_PHASE === "phase-production-build") return;
+  const errors = [];
+  for (const req of SERVICE_REQUIREMENTS) {
+    const featureEnabled = req.condition ? req.condition(appConfig.features) : appConfig.features[req.feature] === true;
+    if (!featureEnabled) continue;
+    const service = appConfig.services[req.service];
+    if (!service) continue;
+    if (DEV_ONLY_PROVIDERS.has(service.provider)) {
+      errors.push(
+        `[mars] "${req.service}" provider "${service.provider}" is not allowed in production (required by feature "${req.feature}"). Update app.config.ts to use a production provider and set the required env vars.`
+      );
+    }
+  }
+  if (errors.length > 0) {
+    throw new Error(
+      `Production service validation failed:
+
+${errors.join("\n\n")}
+`
+    );
+  }
+}
+function configureMars(options) {
+  const { appConfig, prisma, signInRoute } = options;
+  validateServiceProviders(appConfig);
+  const { logger, appLogger, authLogger, securityLogger, apiLogger, logSecurityEvent } = createLogger({ serviceName: appConfig.name });
+  const { sendEmail } = createEmailService({
+    provider: appConfig.services.email.provider,
+    appName: appConfig.name
+  });
+  const { env, validateJWTSecret, getEnvironment } = createEnvValidator({
+    features: appConfig.features,
+    services: appConfig.services
+  });
+  const sessionManager = createSessionManager({
+    getJWTSecret: () => validateJWTSecret(),
+    signInRoute,
+    validateCredential: async (userId, credentialTag) => {
+      const user = await prisma.user.findUnique({
+        where: { id: userId },
+        select: { password: true }
+      });
+      if (!user) return false;
+      const currentTag = await buildCredentialTag(user.password);
+      return constantTimeEqual(credentialTag, currentTag);
+    }
+  });
+  const csrf = createCSRFProtection({
+    getJWTSecret: () => validateJWTSecret(),
+    logViolation: logSecurityEvent.csrfViolation
+  });
+  const authMiddleware = createAuthMiddleware({
+    verifySession: sessionManager.verifySessionForAPI,
+    findUserRole: async (userId) => {
+      const user = await prisma.user.findUnique({
+        where: { id: userId },
+        select: { role: true }
+      });
+      return user?.role ?? null;
+    }
+  });
+  const { handleApiError } = createApiErrorHandler({ logger: apiLogger });
+  const seo = createSeoBuilders({
+    name: appConfig.name,
+    url: appConfig.url,
+    description: appConfig.description,
+    supportEmail: appConfig.support.email
+  });
+  function getBaseUrl(request) {
+    if (request && process.env.NODE_ENV === "development") {
+      const url = new URL(request.url);
+      const host2 = url.hostname.toLowerCase();
+      const isLocal = host2 === "localhost" || host2 === "127.0.0.1" || host2 === "[::1]" || host2.endsWith(".localhost");
+      if (isLocal) {
+        return `${url.protocol}//${url.host}`;
+      }
+      const appUrl = env.APP_URL;
+      if (appUrl) {
+        try {
+          const appHost = new URL(appUrl).hostname.toLowerCase();
+          if (host2 === appHost) return `${url.protocol}//${url.host}`;
+        } catch {
+        }
+      }
+    }
+    if (process.env.NODE_ENV === "production" && env.APP_URL) {
+      return env.APP_URL;
+    }
+    if (process.env.VERCEL_URL) {
+      return `https://${process.env.VERCEL_URL}`;
+    }
+    if (env.APP_URL) {
+      return env.APP_URL;
+    }
+    const host = process.env.HOST || "localhost:3000";
+    const protocol = host.includes("localhost") ? "http" : "https";
+    return `${protocol}://${host}`;
+  }
+  return {
+    logger,
+    appLogger,
+    authLogger,
+    securityLogger,
+    apiLogger,
+    logSecurityEvent,
+    sendEmail,
+    env,
+    validateJWTSecret,
+    getEnvironment,
+    createSession: sessionManager.createSession,
+    getSession: sessionManager.getSession,
+    updateSession: sessionManager.updateSession,
+    deleteSession: sessionManager.deleteSession,
+    verifySession: sessionManager.verifySession,
+    verifySessionForAPI: sessionManager.verifySessionForAPI,
+    getCurrentUser: sessionManager.getCurrentUser,
+    generateCSRFToken: csrf.generateCSRFToken,
+    verifyCSRFToken: csrf.verifyCSRFToken,
+    requireCSRFToken: csrf.requireCSRFToken,
+    validateCSRFRequest: csrf.validateCSRFRequest,
+    withAuth: authMiddleware.withAuth,
+    withAuthNoParams: authMiddleware.withAuthNoParams,
+    withAuthSimple: authMiddleware.withAuthSimple,
+    withRole: authMiddleware.withRole,
+    withOwnership: authMiddleware.withOwnership,
+    handleApiError,
+    buildOrganizationJsonLd: seo.buildOrganizationJsonLd,
+    buildWebSiteJsonLd: seo.buildWebSiteJsonLd,
+    buildSiteNavigationJsonLd: seo.buildSiteNavigationJsonLd,
+    buildBreadcrumbListJsonLd: seo.buildBreadcrumbListJsonLd,
+    buildArticleJsonLd: seo.buildArticleJsonLd,
+    getBaseUrl
+  };
+}
+
+export { configureMars };

package/dist/logger/index.d.ts

@@ -0,0 +1,80 @@
+import pino from 'pino';
+export declare enum SecurityEventType {
+    LOGIN_SUCCESS = "login_success",
+    LOGIN_FAILURE = "login_failure",
+    LOGOUT = "logout",
+    SESSION_EXPIRED = "session_expired",
+    ACCOUNT_CREATED = "account_created",
+    ACCOUNT_LOCKED = "account_locked",
+    ACCOUNT_UNLOCKED = "account_unlocked",
+    EMAIL_VERIFIED = "email_verified",
+    PASSWORD_CHANGED = "password_changed",
+    PASSWORD_RESET_REQUESTED = "password_reset_requested",
+    PASSWORD_RESET_COMPLETED = "password_reset_completed",
+    CSRF_VIOLATION = "csrf_violation",
+    RATE_LIMIT_EXCEEDED = "rate_limit_exceeded",
+    SUSPICIOUS_LOGIN = "suspicious_login",
+    MULTIPLE_FAILED_LOGINS = "multiple_failed_logins",
+    SESSION_HIJACK_ATTEMPT = "session_hijack_attempt",
+    ADMIN_LOGIN = "admin_login",
+    ADMIN_ACTION = "admin_action",
+    PRIVILEGE_ESCALATION_ATTEMPT = "privilege_escalation_attempt",
+    SECURITY_HEADER_VIOLATION = "security_header_violation",
+    INVALID_TOKEN = "invalid_token",
+    EXPIRED_TOKEN = "expired_token"
+}
+export interface SecurityEvent {
+    type: SecurityEventType;
+    userId?: string;
+    email?: string;
+    ipAddress?: string;
+    userAgent?: string;
+    details?: Record<string, unknown>;
+    sessionId?: string;
+    requestId?: string;
+}
+interface LoggerConfig {
+    serviceName: string;
+}
+export declare function createLogger(config: LoggerConfig): {
+    logger: pino.Logger<never, boolean>;
+    appLogger: pino.Logger<never, boolean>;
+    authLogger: pino.Logger<never, boolean>;
+    securityLogger: pino.Logger<never, boolean>;
+    apiLogger: pino.Logger<never, boolean>;
+    logSecurityEvent: {
+        loginSuccess: (event: Omit<SecurityEvent, "type">) => void;
+        loginFailure: (event: Omit<SecurityEvent, "type"> & {
+            reason: string;
+        }) => void;
+        logout: (event: Omit<SecurityEvent, "type">) => void;
+        accountCreated: (event: Omit<SecurityEvent, "type">) => void;
+        accountLocked: (event: Omit<SecurityEvent, "type"> & {
+            failedAttempts: number;
+        }) => void;
+        emailVerified: (event: Omit<SecurityEvent, "type">) => void;
+        passwordChanged: (event: Omit<SecurityEvent, "type"> & {
+            method: "reset" | "change";
+        }) => void;
+        csrfViolation: (event: Omit<SecurityEvent, "type"> & {
+            endpoint?: string;
+        }) => void;
+        rateLimitExceeded: (event: Omit<SecurityEvent, "type"> & {
+            identifier: string;
+            limitType: string;
+        }) => void;
+        suspiciousLogin: (event: Omit<SecurityEvent, "type"> & {
+            reason: string;
+        }) => void;
+        adminLogin: (event: Omit<SecurityEvent, "type">) => void;
+        adminAction: (event: Omit<SecurityEvent, "type"> & {
+            action: string;
+            targetUserId?: string;
+        }) => void;
+        invalidToken: (event: Omit<SecurityEvent, "type"> & {
+            tokenType: string;
+        }) => void;
+    };
+};
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/logger/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/logger/index.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,oBAAY,iBAAiB;IAC3B,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;IAC/B,MAAM,WAAW;IACjB,eAAe,oBAAoB;IAEnC,eAAe,oBAAoB;IACnC,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,cAAc,mBAAmB;IACjC,gBAAgB,qBAAqB;IACrC,wBAAwB,6BAA6B;IACrD,wBAAwB,6BAA6B;IAErD,cAAc,mBAAmB;IACjC,mBAAmB,wBAAwB;IAC3C,gBAAgB,qBAAqB;IACrC,sBAAsB,2BAA2B;IACjD,sBAAsB,2BAA2B;IAEjD,WAAW,gBAAgB;IAC3B,YAAY,iBAAiB;IAC7B,4BAA4B,iCAAiC;IAE7D,yBAAyB,8BAA8B;IACvD,aAAa,kBAAkB;IAC/B,aAAa,kBAAkB;CAChC;AAED,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,iBAAiB,CAAC;IACxB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,UAAU,YAAY;IACpB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,wBAAgB,YAAY,CAAC,MAAM,EAAE,YAAY;;;;;;;8BAiBvB,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;8BAI3B,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE;wBAItD,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;gCAInB,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;+BAI5B,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,cAAc,EAAE,MAAM,CAAA;SAAE;+BAOxD,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;iCAIzB,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,MAAM,EAAE,OAAO,GAAG,QAAQ,CAAA;SAAE;+BAO9D,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,QAAQ,CAAC,EAAE,MAAM,CAAA;SAAE;mCAQjE,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,UAAU,EAAE,MAAM,CAAC;YAAC,SAAS,EAAE,MAAM,CAAA;SAAE;iCAQvD,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,MAAM,EAAE,MAAM,CAAA;SAAE;4BAOrD,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC;6BAO1B,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,MAAM,EAAE,MAAM,CAAC;YAAC,YAAY,CAAC,EAAE,MAAM,CAAA;SAAE;8BAOtE,IAAI,CAAC,aAAa,EAAE,MAAM,CAAC,GAAG;YAAE,SAAS,EAAE,MAAM,CAAA;SAAE;;EAgB5E"}

package/dist/logger/index.js

@@ -0,0 +1 @@
+export { SecurityEventType, createLogger } from '../chunk-ROQV54MU.js';

package/dist/payments/index.d.ts

@@ -0,0 +1,53 @@
+export interface CheckoutParams {
+    customerId: string;
+    priceId: string;
+    successUrl: string;
+    cancelUrl: string;
+    metadata?: Record<string, string>;
+}
+export interface PortalParams {
+    customerId: string;
+    returnUrl: string;
+}
+export interface PaymentProvider {
+    createCheckoutSession(params: CheckoutParams): Promise<{
+        url: string;
+    }>;
+    createPortalSession(params: PortalParams): Promise<{
+        url: string;
+    }>;
+    constructWebhookEvent(body: string, signature: string): Promise<unknown>;
+}
+export interface PaymentServiceConfig {
+    provider: string;
+}
+/**
+ * Creates a payment service backed by the configured provider (Stripe or noop).
+ * The noop provider throws on all operations, guiding developers to configure a real provider.
+ *
+ * @param config - Configuration with provider name ('stripe' or 'none')
+ * @returns An object with createCheckoutSession, createPortalSession, and constructWebhookEvent methods
+ * @example
+ * const payments = createPaymentService({ provider: 'stripe' });
+ * const { url } = await payments.createCheckoutSession({ customerId, priceId, successUrl, cancelUrl });
+ */
+/**
+ * Creates a payment service backed by the configured provider (Stripe or noop).
+ * Unknown providers fall back to a noop implementation that throws on use.
+ *
+ * @param config - Configuration with the provider name (e.g. 'stripe' or 'none')
+ * @returns An object with checkout, portal, and webhook methods
+ * @example
+ * const payments = createPaymentService({ provider: 'stripe' });
+ * const { url } = await payments.createCheckoutSession({ customerId, priceId, successUrl, cancelUrl });
+ */
+export declare function createPaymentService(config: PaymentServiceConfig): {
+    createCheckoutSession: (params: CheckoutParams) => Promise<{
+        url: string;
+    }>;
+    createPortalSession: (params: PortalParams) => Promise<{
+        url: string;
+    }>;
+    constructWebhookEvent: (body: string, signature: string) => Promise<unknown>;
+};
+//# sourceMappingURL=index.d.ts.map

package/dist/payments/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/payments/index.ts"],"names":[],"mappings":"AAEA,MAAM,WAAW,cAAc;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACnC;AAED,MAAM,WAAW,YAAY;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,qBAAqB,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACxE,mBAAmB,CAAC,MAAM,EAAE,YAAY,GAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IACpE,qBAAqB,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1E;AAED,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,MAAM,CAAC;CAClB;AA+ED;;;;;;;;;GASG;AACH;;;;;;;;;GASG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,oBAAoB;oCA1GjC,cAAc,KAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;kCAC3C,YAAY,KAAG,OAAO,CAAC;QAAE,GAAG,EAAE,MAAM,CAAA;KAAE,CAAC;kCACvC,MAAM,aAAa,MAAM,KAAG,OAAO,CAAC,OAAO,CAAC;EAiHzE"}

package/dist/payments/index.js

@@ -0,0 +1,72 @@
+import { importOptional } from '../chunk-CTYAVMOF.js';
+
+// src/payments/index.ts
+function createStripeProvider() {
+  return {
+    async createCheckoutSession(params) {
+      const Stripe = (await importOptional("stripe")).default;
+      const secretKey = process.env.STRIPE_SECRET_KEY;
+      if (!secretKey) throw new Error("STRIPE_SECRET_KEY is not set");
+      const stripe = new Stripe(secretKey);
+      const session = await stripe.checkout.sessions.create({
+        customer: params.customerId,
+        mode: "subscription",
+        line_items: [{ price: params.priceId, quantity: 1 }],
+        success_url: params.successUrl,
+        cancel_url: params.cancelUrl,
+        metadata: params.metadata
+      });
+      if (!session.url) {
+        throw new Error("Stripe checkout session created without a URL");
+      }
+      return { url: session.url };
+    },
+    async createPortalSession(params) {
+      const Stripe = (await importOptional("stripe")).default;
+      const secretKey = process.env.STRIPE_SECRET_KEY;
+      if (!secretKey) throw new Error("STRIPE_SECRET_KEY is not set");
+      const stripe = new Stripe(secretKey);
+      const session = await stripe.billingPortal.sessions.create({
+        customer: params.customerId,
+        return_url: params.returnUrl
+      });
+      return { url: session.url };
+    },
+    async constructWebhookEvent(body, signature) {
+      const Stripe = (await importOptional("stripe")).default;
+      const secretKey = process.env.STRIPE_SECRET_KEY;
+      if (!secretKey) throw new Error("STRIPE_SECRET_KEY is not set");
+      const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET;
+      if (!webhookSecret) throw new Error("STRIPE_WEBHOOK_SECRET is not set");
+      const stripe = new Stripe(secretKey);
+      return stripe.webhooks.constructEvent(body, signature, webhookSecret);
+    }
+  };
+}
+function createNoopProvider() {
+  const notConfigured = () => {
+    throw new Error(
+      "Payment provider is not configured. Set services.payments.provider in app.config.ts."
+    );
+  };
+  return {
+    createCheckoutSession: notConfigured,
+    createPortalSession: notConfigured,
+    constructWebhookEvent: notConfigured
+  };
+}
+var providerFactories = {
+  stripe: createStripeProvider,
+  none: createNoopProvider
+};
+function createPaymentService(config) {
+  const factory = providerFactories[config.provider] ?? providerFactories.none;
+  const provider = factory();
+  return {
+    createCheckoutSession: provider.createCheckoutSession.bind(provider),
+    createPortalSession: provider.createPortalSession.bind(provider),
+    constructWebhookEvent: provider.constructWebhookEvent.bind(provider)
+  };
+}
+
+export { createPaymentService };

package/dist/plugin/builtin/email-plugins.d.ts

@@ -0,0 +1,10 @@
+import type { MarsPlugin } from '../index';
+import type { EmailProvider } from '../../email/index';
+interface EmailPluginConfig {
+    appName: string;
+}
+export declare function createSendGridPlugin(): MarsPlugin<EmailPluginConfig> & EmailProvider;
+export declare function createResendPlugin(): MarsPlugin<EmailPluginConfig> & EmailProvider;
+export declare function createConsoleEmailPlugin(): MarsPlugin<EmailPluginConfig> & EmailProvider;
+export {};
+//# sourceMappingURL=email-plugins.d.ts.map

package/dist/plugin/builtin/email-plugins.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"email-plugins.d.ts","sourceRoot":"","sources":["../../../src/plugin/builtin/email-plugins.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAA0B,MAAM,UAAU,CAAC;AACnE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAIvD,UAAU,iBAAiB;IACzB,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,oBAAoB,IAAI,UAAU,CAAC,iBAAiB,CAAC,GAAG,aAAa,CA0DpF;AAED,wBAAgB,kBAAkB,IAAI,UAAU,CAAC,iBAAiB,CAAC,GAAG,aAAa,CAiDlF;AAED,wBAAgB,wBAAwB,IAAI,UAAU,CAAC,iBAAiB,CAAC,GAAG,aAAa,CAiBxF"}

package/dist/plugin/builtin/index.d.ts

@@ -0,0 +1,4 @@
+export { createSendGridPlugin, createResendPlugin, createConsoleEmailPlugin } from './email-plugins';
+export { createStripePlugin } from './payment-plugins';
+export { createVercelBlobPlugin, createS3Plugin } from './storage-plugins';
+//# sourceMappingURL=index.d.ts.map

package/dist/plugin/builtin/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/plugin/builtin/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AACrG,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,OAAO,EAAE,sBAAsB,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC"}