@mobilizehub/payload-plugin 0.0.1 → 0.2.0

package/dist/utils/api-response.js

@@ -0,0 +1,66 @@
+/**
+ * Standard API success response format
+ * @template T - Type of the data payload
+ */ /**
+ * Create a standardized success response
+ *
+ * @template T - Type of the response data
+ * @param data - Optional data payload to include in the response
+ * @param status - HTTP status code (default: 200)
+ * @returns Response object with JSON body
+ *
+ * @example
+ * ```typescript
+ * return successResponse({ message: 'Email sent successfully' }, 200)
+ * // Returns: { success: true, data: { message: 'Email sent successfully' } }
+ * ```
+ */ export function successResponse(data, status = 200) {
+    return Response.json({
+        data,
+        success: true
+    }, {
+        status
+    });
+}
+/**
+ * Create a standardized error response
+ *
+ * @param code - Error code from ErrorCodes constant
+ * @param message - Human-readable error message
+ * @param status - HTTP status code (default: 400)
+ * @returns Response object with JSON error body
+ *
+ * @example
+ * ```typescript
+ * return errorResponse(ErrorCodes.UNAUTHORIZED, 'You must be logged in', 401)
+ * // Returns: { success: false, error: { code: 'UNAUTHORIZED', message: '...' } }
+ * ```
+ */ export function errorResponse(code, message, status = 400) {
+    return Response.json({
+        error: {
+            code,
+            message
+        },
+        success: false
+    }, {
+        status
+    });
+}
+/**
+ * Standard error codes used across the MobilizeHub plugin API
+ */ export const ErrorCodes = {
+    BAD_REQUEST: 'BAD_REQUEST',
+    BROADCAST_INVALID_STATUS: 'BROADCAST_INVALID_STATUS',
+    BROADCAST_NOT_FOUND: 'BROADCAST_NOT_FOUND',
+    CONTACT_NOT_FOUND: 'CONTACT_NOT_FOUND',
+    EMAIL_SEND_FAILED: 'EMAIL_SEND_FAILED',
+    INTERNAL_ERROR: 'INTERNAL_ERROR',
+    NOT_FOUND: 'NOT_FOUND',
+    RATE_LIMITED: 'RATE_LIMITED',
+    TOKEN_EXPIRED: 'TOKEN_EXPIRED',
+    TOKEN_INVALID: 'TOKEN_INVALID',
+    UNAUTHORIZED: 'UNAUTHORIZED',
+    VALIDATION_ERROR: 'VALIDATION_ERROR'
+};
+
+//# sourceMappingURL=api-response.js.map

package/dist/utils/api-response.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/api-response.ts"],"sourcesContent":["/**\n * Standard API success response format\n * @template T - Type of the data payload\n */\nexport type ApiSuccessResponse<T = unknown> = {\n  data?: T\n  success: true\n}\n\n/**\n * Standard API error response format\n */\nexport type ApiErrorResponse = {\n  error: {\n    /** Error code constant (e.g., 'BAD_REQUEST', 'UNAUTHORIZED') */\n    code: string\n    /** Human-readable error message */\n    message: string\n  }\n  success: false\n}\n\n/**\n * Union type for all API responses\n * @template T - Type of the data payload for success responses\n */\nexport type ApiResponse<T = unknown> = ApiErrorResponse | ApiSuccessResponse<T>\n\n/**\n * Create a standardized success response\n *\n * @template T - Type of the response data\n * @param data - Optional data payload to include in the response\n * @param status - HTTP status code (default: 200)\n * @returns Response object with JSON body\n *\n * @example\n * ```typescript\n * return successResponse({ message: 'Email sent successfully' }, 200)\n * // Returns: { success: true, data: { message: 'Email sent successfully' } }\n * ```\n */\nexport function successResponse<T>(data?: T, status = 200): Response {\n  return Response.json({ data, success: true }, { status })\n}\n\n/**\n * Create a standardized error response\n *\n * @param code - Error code from ErrorCodes constant\n * @param message - Human-readable error message\n * @param status - HTTP status code (default: 400)\n * @returns Response object with JSON error body\n *\n * @example\n * ```typescript\n * return errorResponse(ErrorCodes.UNAUTHORIZED, 'You must be logged in', 401)\n * // Returns: { success: false, error: { code: 'UNAUTHORIZED', message: '...' } }\n * ```\n */\nexport function errorResponse(code: string, message: string, status = 400): Response {\n  return Response.json({ error: { code, message }, success: false }, { status })\n}\n\n/**\n * Standard error codes used across the MobilizeHub plugin API\n */\nexport const ErrorCodes = {\n  BAD_REQUEST: 'BAD_REQUEST',\n  BROADCAST_INVALID_STATUS: 'BROADCAST_INVALID_STATUS',\n  BROADCAST_NOT_FOUND: 'BROADCAST_NOT_FOUND',\n  CONTACT_NOT_FOUND: 'CONTACT_NOT_FOUND',\n  EMAIL_SEND_FAILED: 'EMAIL_SEND_FAILED',\n  INTERNAL_ERROR: 'INTERNAL_ERROR',\n  NOT_FOUND: 'NOT_FOUND',\n  RATE_LIMITED: 'RATE_LIMITED',\n  TOKEN_EXPIRED: 'TOKEN_EXPIRED',\n  TOKEN_INVALID: 'TOKEN_INVALID',\n  UNAUTHORIZED: 'UNAUTHORIZED',\n  VALIDATION_ERROR: 'VALIDATION_ERROR',\n} as const\n"],"names":["successResponse","data","status","Response","json","success","errorResponse","code","message","error","ErrorCodes","BAD_REQUEST","BROADCAST_INVALID_STATUS","BROADCAST_NOT_FOUND","CONTACT_NOT_FOUND","EMAIL_SEND_FAILED","INTERNAL_ERROR","NOT_FOUND","RATE_LIMITED","TOKEN_EXPIRED","TOKEN_INVALID","UNAUTHORIZED","VALIDATION_ERROR"],"mappings":"AAAA;;;CAGC,GAyBD;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASA,gBAAmBC,IAAQ,EAAEC,SAAS,GAAG;IACvD,OAAOC,SAASC,IAAI,CAAC;QAAEH;QAAMI,SAAS;IAAK,GAAG;QAAEH;IAAO;AACzD;AAEA;;;;;;;;;;;;;CAaC,GACD,OAAO,SAASI,cAAcC,IAAY,EAAEC,OAAe,EAAEN,SAAS,GAAG;IACvE,OAAOC,SAASC,IAAI,CAAC;QAAEK,OAAO;YAAEF;YAAMC;QAAQ;QAAGH,SAAS;IAAM,GAAG;QAAEH;IAAO;AAC9E;AAEA;;CAEC,GACD,OAAO,MAAMQ,aAAa;IACxBC,aAAa;IACbC,0BAA0B;IAC1BC,qBAAqB;IACrBC,mBAAmB;IACnBC,mBAAmB;IACnBC,gBAAgB;IAChBC,WAAW;IACXC,cAAc;IACdC,eAAe;IACfC,eAAe;IACfC,cAAc;IACdC,kBAAkB;AACpB,EAAU"}

package/dist/utils/email.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Formats an email address with an optional display name according to RFC 5322.
+ *
+ * @param fromName - The display name to show (e.g., "John Doe")
+ * @param fromAddress - The actual email address (e.g., "john@example.com")
+ * @returns Formatted email string. If fromName is provided: `"John Doe" <john@example.com>`
+ *          Otherwise just returns the email address.
+ *
+ * @example
+ * ```typescript
+ * formatFromAddress("Acme Corp", "hello@acme.com")
+ * // Returns: '"Acme Corp" <hello@acme.com>'
+ *
+ * formatFromAddress("", "hello@acme.com")
+ * // Returns: 'hello@acme.com'
+ * ```
+ */
+export declare function formatFromAddress(fromName: string, fromAddress: string): string;
+/**
+ * Validates if a string is a properly formatted email address.
+ *
+ * Uses a permissive regex that catches most invalid formats while allowing
+ * valid edge cases like plus-addressing (user+tag@domain.com).
+ *
+ * @param email - The string to validate
+ * @returns `true` if the string appears to be a valid email format
+ *
+ * @example
+ * ```typescript
+ * isValidEmail("user@example.com")     // true
+ * isValidEmail("user+tag@example.com") // true
+ * isValidEmail("invalid")              // false
+ * isValidEmail("missing@domain")       // false
+ * ```
+ */
+export declare function isValidEmail(email: string): boolean;

package/dist/utils/email.js

@@ -0,0 +1,40 @@
+/**
+ * Formats an email address with an optional display name according to RFC 5322.
+ *
+ * @param fromName - The display name to show (e.g., "John Doe")
+ * @param fromAddress - The actual email address (e.g., "john@example.com")
+ * @returns Formatted email string. If fromName is provided: `"John Doe" <john@example.com>`
+ *          Otherwise just returns the email address.
+ *
+ * @example
+ * ```typescript
+ * formatFromAddress("Acme Corp", "hello@acme.com")
+ * // Returns: '"Acme Corp" <hello@acme.com>'
+ *
+ * formatFromAddress("", "hello@acme.com")
+ * // Returns: 'hello@acme.com'
+ * ```
+ */ export function formatFromAddress(fromName, fromAddress) {
+    return fromName ? `"${fromName}" <${fromAddress}>` : fromAddress;
+}
+/**
+ * Validates if a string is a properly formatted email address.
+ *
+ * Uses a permissive regex that catches most invalid formats while allowing
+ * valid edge cases like plus-addressing (user+tag@domain.com).
+ *
+ * @param email - The string to validate
+ * @returns `true` if the string appears to be a valid email format
+ *
+ * @example
+ * ```typescript
+ * isValidEmail("user@example.com")     // true
+ * isValidEmail("user+tag@example.com") // true
+ * isValidEmail("invalid")              // false
+ * isValidEmail("missing@domain")       // false
+ * ```
+ */ export function isValidEmail(email) {
+    return /^[^\s@]+@[^\s@][^\s.@]*\.[^\s@]+$/.test(email);
+}
+
+//# sourceMappingURL=email.js.map

package/dist/utils/email.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/email.ts"],"sourcesContent":["/**\n * Formats an email address with an optional display name according to RFC 5322.\n *\n * @param fromName - The display name to show (e.g., \"John Doe\")\n * @param fromAddress - The actual email address (e.g., \"john@example.com\")\n * @returns Formatted email string. If fromName is provided: `\"John Doe\" <john@example.com>`\n *          Otherwise just returns the email address.\n *\n * @example\n * ```typescript\n * formatFromAddress(\"Acme Corp\", \"hello@acme.com\")\n * // Returns: '\"Acme Corp\" <hello@acme.com>'\n *\n * formatFromAddress(\"\", \"hello@acme.com\")\n * // Returns: 'hello@acme.com'\n * ```\n */\nexport function formatFromAddress(fromName: string, fromAddress: string): string {\n  return fromName ? `\"${fromName}\" <${fromAddress}>` : fromAddress\n}\n\n/**\n * Validates if a string is a properly formatted email address.\n *\n * Uses a permissive regex that catches most invalid formats while allowing\n * valid edge cases like plus-addressing (user+tag@domain.com).\n *\n * @param email - The string to validate\n * @returns `true` if the string appears to be a valid email format\n *\n * @example\n * ```typescript\n * isValidEmail(\"user@example.com\")     // true\n * isValidEmail(\"user+tag@example.com\") // true\n * isValidEmail(\"invalid\")              // false\n * isValidEmail(\"missing@domain\")       // false\n * ```\n */\nexport function isValidEmail(email: string): boolean {\n  return /^[^\\s@]+@[^\\s@][^\\s.@]*\\.[^\\s@]+$/.test(email)\n}\n"],"names":["formatFromAddress","fromName","fromAddress","isValidEmail","email","test"],"mappings":"AAAA;;;;;;;;;;;;;;;;CAgBC,GACD,OAAO,SAASA,kBAAkBC,QAAgB,EAAEC,WAAmB;IACrE,OAAOD,WAAW,CAAC,CAAC,EAAEA,SAAS,GAAG,EAAEC,YAAY,CAAC,CAAC,GAAGA;AACvD;AAEA;;;;;;;;;;;;;;;;CAgBC,GACD,OAAO,SAASC,aAAaC,KAAa;IACxC,OAAO,oCAAoCC,IAAI,CAACD;AAClD"}

package/dist/utils/lexical.d.ts

@@ -0,0 +1,13 @@
+import type { SerializedEditorState } from '@payloadcms/richtext-lexical/lexical';
+import type { Payload } from 'payload';
+/**
+ * Parses Lexical editor content into multiple formats (HTML, Markdown, Plain Text)
+ * @param content - The serialized Lexical editor state
+ * @param payloadConfig - The Payload CMS configuration
+ * @returns Parsed content in HTML, Markdown, and Plain Text formats
+ */
+export declare function parseLexicalContent(content: SerializedEditorState, payloadConfig: Payload['config']): Promise<{
+    html: string;
+    markdown: string;
+    plainText: string;
+}>;

package/dist/utils/lexical.js

@@ -0,0 +1,27 @@
+import { convertLexicalToMarkdown, editorConfigFactory } from '@payloadcms/richtext-lexical';
+import { convertLexicalToHTML } from '@payloadcms/richtext-lexical/html';
+import { convertLexicalToPlaintext } from '@payloadcms/richtext-lexical/plaintext';
+/**
+ * Parses Lexical editor content into multiple formats (HTML, Markdown, Plain Text)
+ * @param content - The serialized Lexical editor state
+ * @param payloadConfig - The Payload CMS configuration
+ * @returns Parsed content in HTML, Markdown, and Plain Text formats
+ */ export async function parseLexicalContent(content, payloadConfig) {
+    const editorConfig = await editorConfigFactory.default({
+        config: payloadConfig
+    });
+    return {
+        html: convertLexicalToHTML({
+            data: content
+        }),
+        markdown: convertLexicalToMarkdown({
+            data: content,
+            editorConfig
+        }),
+        plainText: convertLexicalToPlaintext({
+            data: content
+        })
+    };
+}
+
+//# sourceMappingURL=lexical.js.map

package/dist/utils/lexical.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/lexical.ts"],"sourcesContent":["import type { SerializedEditorState } from '@payloadcms/richtext-lexical/lexical'\nimport type { Payload } from 'payload'\n\nimport { convertLexicalToMarkdown, editorConfigFactory } from '@payloadcms/richtext-lexical'\nimport { convertLexicalToHTML } from '@payloadcms/richtext-lexical/html'\nimport { convertLexicalToPlaintext } from '@payloadcms/richtext-lexical/plaintext'\n\n/**\n * Parses Lexical editor content into multiple formats (HTML, Markdown, Plain Text)\n * @param content - The serialized Lexical editor state\n * @param payloadConfig - The Payload CMS configuration\n * @returns Parsed content in HTML, Markdown, and Plain Text formats\n */\nexport async function parseLexicalContent(\n  content: SerializedEditorState,\n  payloadConfig: Payload['config'],\n): Promise<{\n  html: string\n  markdown: string\n  plainText: string\n}> {\n  const editorConfig = await editorConfigFactory.default({ config: payloadConfig })\n\n  return {\n    html: convertLexicalToHTML({ data: content }),\n    markdown: convertLexicalToMarkdown({ data: content, editorConfig }),\n    plainText: convertLexicalToPlaintext({ data: content }),\n  }\n}\n"],"names":["convertLexicalToMarkdown","editorConfigFactory","convertLexicalToHTML","convertLexicalToPlaintext","parseLexicalContent","content","payloadConfig","editorConfig","default","config","html","data","markdown","plainText"],"mappings":"AAGA,SAASA,wBAAwB,EAAEC,mBAAmB,QAAQ,+BAA8B;AAC5F,SAASC,oBAAoB,QAAQ,oCAAmC;AACxE,SAASC,yBAAyB,QAAQ,yCAAwC;AAElF;;;;;CAKC,GACD,OAAO,eAAeC,oBACpBC,OAA8B,EAC9BC,aAAgC;IAMhC,MAAMC,eAAe,MAAMN,oBAAoBO,OAAO,CAAC;QAAEC,QAAQH;IAAc;IAE/E,OAAO;QACLI,MAAMR,qBAAqB;YAAES,MAAMN;QAAQ;QAC3CO,UAAUZ,yBAAyB;YAAEW,MAAMN;YAASE;QAAa;QACjEM,WAAWV,0BAA0B;YAAEQ,MAAMN;QAAQ;IACvD;AACF"}

package/dist/utils/unsubscribe-token.d.ts

@@ -0,0 +1,67 @@
+type UnsubscribeToken = {
+    timestamp: number;
+    tokenId: string;
+};
+/**
+ * Creates a secure unsubscribe token for the given token ID.
+ *
+ * ## Token Format
+ * The token consists of two parts separated by a dot:
+ * - Base64URL-encoded JSON payload containing tokenId and timestamp
+ * - HMAC-SHA256 signature of the payload
+ *
+ * ## Expiration
+ * Tokens expire after 30 days from creation
+ *
+ * ## Security Considerations
+ * - Tokens are signed with HMAC-SHA256 using PAYLOAD_SECRET
+ * - Verification uses timing-safe comparison to prevent timing attacks
+ * - Tokens cannot be forged without knowing PAYLOAD_SECRET
+ *
+ * @param args - Object containing tokenId
+ * @param args.tokenId - Unique identifier for the unsubscribe token
+ * @returns Base64URL-encoded token string in format: `{payload}.{signature}`
+ * @throws Error if PAYLOAD_SECRET environment variable is not defined
+ *
+ * @example
+ * ```typescript
+ * const token = generateUnsubscribeToken({ tokenId: 'uuid-1234' })
+ * // Returns: 'eyJ0b2tlbklkIjoidXVpZC0xMjM0IiwidGltZXN0YW1wIjoxNzAwMDAwMDAwfQ.abc123...'
+ * ```
+ */
+export declare function generateUnsubscribeToken(args: {
+    tokenId: string;
+}): string;
+/**
+ * Verifies an unsubscribe token and returns the decoded payload if valid.
+ *
+ * ## Verification Process
+ * 1. Splits token into payload and signature
+ * 2. Verifies HMAC signature using timing-safe comparison
+ * 3. Decodes and parses the JSON payload
+ * 4. Checks if token has expired (30 day limit)
+ *
+ * ## Security
+ * - Uses `crypto.timingSafeEqual()` to prevent timing attacks
+ * - Returns null for any invalid or expired token
+ * - Catches and handles all errors gracefully
+ *
+ * @param args - Object containing the token to verify
+ * @param args.token - The unsubscribe token to verify
+ * @returns Decoded token input with tokenId and timestamp if valid, null otherwise
+ * @throws Error if PAYLOAD_SECRET environment variable is not defined
+ *
+ * @example
+ * ```typescript
+ * const result = verifyUnsubscribeToken({ token: 'eyJ0b2...' })
+ * if (result) {
+ *   console.log(`Token ID: ${result.tokenId}, Created: ${new Date(result.timestamp)}`)
+ * } else {
+ *   console.log('Invalid or expired token')
+ * }
+ * ```
+ */
+export declare function verifyUnsubscribeToken(args: {
+    token: string;
+}): null | UnsubscribeToken;
+export {};

package/dist/utils/unsubscribe-token.js

@@ -0,0 +1,103 @@
+import crypto from 'crypto';
+const UNSUBSCRIBE_TOKEN_EXPIRATION = 30 * 24 * 60 * 60 * 1000 // 30 days in milliseconds
+;
+const HMAC_ALGORITHM = 'sha256';
+const TOKEN_ENCODING = 'base64url';
+/**
+ * Creates a secure unsubscribe token for the given token ID.
+ *
+ * ## Token Format
+ * The token consists of two parts separated by a dot:
+ * - Base64URL-encoded JSON payload containing tokenId and timestamp
+ * - HMAC-SHA256 signature of the payload
+ *
+ * ## Expiration
+ * Tokens expire after 30 days from creation
+ *
+ * ## Security Considerations
+ * - Tokens are signed with HMAC-SHA256 using PAYLOAD_SECRET
+ * - Verification uses timing-safe comparison to prevent timing attacks
+ * - Tokens cannot be forged without knowing PAYLOAD_SECRET
+ *
+ * @param args - Object containing tokenId
+ * @param args.tokenId - Unique identifier for the unsubscribe token
+ * @returns Base64URL-encoded token string in format: `{payload}.{signature}`
+ * @throws Error if PAYLOAD_SECRET environment variable is not defined
+ *
+ * @example
+ * ```typescript
+ * const token = generateUnsubscribeToken({ tokenId: 'uuid-1234' })
+ * // Returns: 'eyJ0b2tlbklkIjoidXVpZC0xMjM0IiwidGltZXN0YW1wIjoxNzAwMDAwMDAwfQ.abc123...'
+ * ```
+ */ export function generateUnsubscribeToken(args) {
+    const secret = process.env.PAYLOAD_SECRET;
+    if (!secret) {
+        throw new Error('PAYLOAD_SECRET environment variable is not defined');
+    }
+    const input = {
+        timestamp: Date.now(),
+        tokenId: args.tokenId
+    };
+    const inputBase64 = Buffer.from(JSON.stringify(input)).toString(TOKEN_ENCODING);
+    const hmac = crypto.createHmac(HMAC_ALGORITHM, secret);
+    hmac.update(inputBase64);
+    const signature = hmac.digest(TOKEN_ENCODING);
+    return `${inputBase64}.${signature}`;
+}
+/**
+ * Verifies an unsubscribe token and returns the decoded payload if valid.
+ *
+ * ## Verification Process
+ * 1. Splits token into payload and signature
+ * 2. Verifies HMAC signature using timing-safe comparison
+ * 3. Decodes and parses the JSON payload
+ * 4. Checks if token has expired (30 day limit)
+ *
+ * ## Security
+ * - Uses `crypto.timingSafeEqual()` to prevent timing attacks
+ * - Returns null for any invalid or expired token
+ * - Catches and handles all errors gracefully
+ *
+ * @param args - Object containing the token to verify
+ * @param args.token - The unsubscribe token to verify
+ * @returns Decoded token input with tokenId and timestamp if valid, null otherwise
+ * @throws Error if PAYLOAD_SECRET environment variable is not defined
+ *
+ * @example
+ * ```typescript
+ * const result = verifyUnsubscribeToken({ token: 'eyJ0b2...' })
+ * if (result) {
+ *   console.log(`Token ID: ${result.tokenId}, Created: ${new Date(result.timestamp)}`)
+ * } else {
+ *   console.log('Invalid or expired token')
+ * }
+ * ```
+ */ export function verifyUnsubscribeToken(args) {
+    try {
+        const secret = process.env.PAYLOAD_SECRET;
+        if (!secret) {
+            throw new Error('PAYLOAD_SECRET environment variable is not defined');
+        }
+        const parts = args.token.split('.');
+        if (parts.length !== 2) {
+            return null;
+        }
+        const [inputBase64, signature] = parts;
+        const hmac = crypto.createHmac(HMAC_ALGORITHM, secret);
+        hmac.update(inputBase64);
+        const expectedSignature = hmac.digest(TOKEN_ENCODING);
+        if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) {
+            return null;
+        }
+        const inputJson = Buffer.from(inputBase64, TOKEN_ENCODING).toString('utf-8');
+        const input = JSON.parse(inputJson);
+        if (Date.now() - input.timestamp > UNSUBSCRIBE_TOKEN_EXPIRATION) {
+            return null;
+        }
+        return input;
+    } catch  {
+        return null;
+    }
+}
+
+//# sourceMappingURL=unsubscribe-token.js.map

package/dist/utils/unsubscribe-token.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utils/unsubscribe-token.ts"],"sourcesContent":["import crypto from 'crypto'\n\nconst UNSUBSCRIBE_TOKEN_EXPIRATION = 30 * 24 * 60 * 60 * 1000 // 30 days in milliseconds\n\nconst HMAC_ALGORITHM = 'sha256'\n\nconst TOKEN_ENCODING = 'base64url'\n\ntype UnsubscribeToken = {\n  timestamp: number\n  tokenId: string\n}\n\n/**\n * Creates a secure unsubscribe token for the given token ID.\n *\n * ## Token Format\n * The token consists of two parts separated by a dot:\n * - Base64URL-encoded JSON payload containing tokenId and timestamp\n * - HMAC-SHA256 signature of the payload\n *\n * ## Expiration\n * Tokens expire after 30 days from creation\n *\n * ## Security Considerations\n * - Tokens are signed with HMAC-SHA256 using PAYLOAD_SECRET\n * - Verification uses timing-safe comparison to prevent timing attacks\n * - Tokens cannot be forged without knowing PAYLOAD_SECRET\n *\n * @param args - Object containing tokenId\n * @param args.tokenId - Unique identifier for the unsubscribe token\n * @returns Base64URL-encoded token string in format: `{payload}.{signature}`\n * @throws Error if PAYLOAD_SECRET environment variable is not defined\n *\n * @example\n * ```typescript\n * const token = generateUnsubscribeToken({ tokenId: 'uuid-1234' })\n * // Returns: 'eyJ0b2tlbklkIjoidXVpZC0xMjM0IiwidGltZXN0YW1wIjoxNzAwMDAwMDAwfQ.abc123...'\n * ```\n */\nexport function generateUnsubscribeToken(args: { tokenId: string }): string {\n  const secret = process.env.PAYLOAD_SECRET\n  if (!secret) {\n    throw new Error('PAYLOAD_SECRET environment variable is not defined')\n  }\n\n  const input: UnsubscribeToken = {\n    timestamp: Date.now(),\n    tokenId: args.tokenId,\n  }\n\n  const inputBase64 = Buffer.from(JSON.stringify(input)).toString(TOKEN_ENCODING)\n\n  const hmac = crypto.createHmac(HMAC_ALGORITHM, secret)\n  hmac.update(inputBase64)\n  const signature = hmac.digest(TOKEN_ENCODING)\n\n  return `${inputBase64}.${signature}`\n}\n\n/**\n * Verifies an unsubscribe token and returns the decoded payload if valid.\n *\n * ## Verification Process\n * 1. Splits token into payload and signature\n * 2. Verifies HMAC signature using timing-safe comparison\n * 3. Decodes and parses the JSON payload\n * 4. Checks if token has expired (30 day limit)\n *\n * ## Security\n * - Uses `crypto.timingSafeEqual()` to prevent timing attacks\n * - Returns null for any invalid or expired token\n * - Catches and handles all errors gracefully\n *\n * @param args - Object containing the token to verify\n * @param args.token - The unsubscribe token to verify\n * @returns Decoded token input with tokenId and timestamp if valid, null otherwise\n * @throws Error if PAYLOAD_SECRET environment variable is not defined\n *\n * @example\n * ```typescript\n * const result = verifyUnsubscribeToken({ token: 'eyJ0b2...' })\n * if (result) {\n *   console.log(`Token ID: ${result.tokenId}, Created: ${new Date(result.timestamp)}`)\n * } else {\n *   console.log('Invalid or expired token')\n * }\n * ```\n */\nexport function verifyUnsubscribeToken(args: { token: string }): null | UnsubscribeToken {\n  try {\n    const secret = process.env.PAYLOAD_SECRET\n    if (!secret) {\n      throw new Error('PAYLOAD_SECRET environment variable is not defined')\n    }\n\n    const parts = args.token.split('.')\n    if (parts.length !== 2) {\n      return null\n    }\n\n    const [inputBase64, signature] = parts\n\n    const hmac = crypto.createHmac(HMAC_ALGORITHM, secret)\n    hmac.update(inputBase64)\n    const expectedSignature = hmac.digest(TOKEN_ENCODING)\n\n    if (!crypto.timingSafeEqual(Buffer.from(signature), Buffer.from(expectedSignature))) {\n      return null\n    }\n\n    const inputJson = Buffer.from(inputBase64, TOKEN_ENCODING).toString('utf-8')\n    const input: UnsubscribeToken = JSON.parse(inputJson)\n\n    if (Date.now() - input.timestamp > UNSUBSCRIBE_TOKEN_EXPIRATION) {\n      return null\n    }\n\n    return input\n  } catch {\n    return null\n  }\n}\n"],"names":["crypto","UNSUBSCRIBE_TOKEN_EXPIRATION","HMAC_ALGORITHM","TOKEN_ENCODING","generateUnsubscribeToken","args","secret","process","env","PAYLOAD_SECRET","Error","input","timestamp","Date","now","tokenId","inputBase64","Buffer","from","JSON","stringify","toString","hmac","createHmac","update","signature","digest","verifyUnsubscribeToken","parts","token","split","length","expectedSignature","timingSafeEqual","inputJson","parse"],"mappings":"AAAA,OAAOA,YAAY,SAAQ;AAE3B,MAAMC,+BAA+B,KAAK,KAAK,KAAK,KAAK,KAAK,0BAA0B;;AAExF,MAAMC,iBAAiB;AAEvB,MAAMC,iBAAiB;AAOvB;;;;;;;;;;;;;;;;;;;;;;;;;;CA0BC,GACD,OAAO,SAASC,yBAAyBC,IAAyB;IAChE,MAAMC,SAASC,QAAQC,GAAG,CAACC,cAAc;IACzC,IAAI,CAACH,QAAQ;QACX,MAAM,IAAII,MAAM;IAClB;IAEA,MAAMC,QAA0B;QAC9BC,WAAWC,KAAKC,GAAG;QACnBC,SAASV,KAAKU,OAAO;IACvB;IAEA,MAAMC,cAAcC,OAAOC,IAAI,CAACC,KAAKC,SAAS,CAACT,QAAQU,QAAQ,CAAClB;IAEhE,MAAMmB,OAAOtB,OAAOuB,UAAU,CAACrB,gBAAgBI;IAC/CgB,KAAKE,MAAM,CAACR;IACZ,MAAMS,YAAYH,KAAKI,MAAM,CAACvB;IAE9B,OAAO,GAAGa,YAAY,CAAC,EAAES,WAAW;AACtC;AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA4BC,GACD,OAAO,SAASE,uBAAuBtB,IAAuB;IAC5D,IAAI;QACF,MAAMC,SAASC,QAAQC,GAAG,CAACC,cAAc;QACzC,IAAI,CAACH,QAAQ;YACX,MAAM,IAAII,MAAM;QAClB;QAEA,MAAMkB,QAAQvB,KAAKwB,KAAK,CAACC,KAAK,CAAC;QAC/B,IAAIF,MAAMG,MAAM,KAAK,GAAG;YACtB,OAAO;QACT;QAEA,MAAM,CAACf,aAAaS,UAAU,GAAGG;QAEjC,MAAMN,OAAOtB,OAAOuB,UAAU,CAACrB,gBAAgBI;QAC/CgB,KAAKE,MAAM,CAACR;QACZ,MAAMgB,oBAAoBV,KAAKI,MAAM,CAACvB;QAEtC,IAAI,CAACH,OAAOiC,eAAe,CAAChB,OAAOC,IAAI,CAACO,YAAYR,OAAOC,IAAI,CAACc,qBAAqB;YACnF,OAAO;QACT;QAEA,MAAME,YAAYjB,OAAOC,IAAI,CAACF,aAAab,gBAAgBkB,QAAQ,CAAC;QACpE,MAAMV,QAA0BQ,KAAKgB,KAAK,CAACD;QAE3C,IAAIrB,KAAKC,GAAG,KAAKH,MAAMC,SAAS,GAAGX,8BAA8B;YAC/D,OAAO;QACT;QAEA,OAAOU;IACT,EAAE,OAAM;QACN,OAAO;IACT;AACF"}

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@mobilizehub/payload-plugin",
-  "version": "0.0.1",
-  "description": "An advocacy plugin for Payload 3.0",
+  "version": "0.2.0",
+  "description": "Edvocacy plugin for Payload",
   "license": "MIT",
   "private": false,
   "type": "module",
@@ -20,6 +20,16 @@
       "import": "./dist/exports/rsc.js",
       "types": "./dist/exports/rsc.d.ts",
       "default": "./dist/exports/rsc.js"
+    },
+    "./react": {
+      "import": "./dist/react/index.js",
+      "types": "./dist/react/index.d.ts",
+      "default": "./dist/react/index.js"
+    },
+    "./adapters": {
+      "import": "./dist/adapters/index.js",
+      "types": "./dist/adapters/index.d.ts",
+      "default": "./dist/adapters/index.js"
     }
   },
   "main": "./dist/index.js",
@@ -30,12 +40,12 @@
   "devDependencies": {
     "@changesets/cli": "^2.29.8",
     "@eslint/eslintrc": "^3.2.0",
-    "@payloadcms/db-postgres": "3.37.0",
-    "@payloadcms/db-sqlite": "3.37.0",
+    "@payloadcms/db-postgres": "3.68.5",
+    "@payloadcms/db-sqlite": "3.68.5",
     "@payloadcms/eslint-config": "3.9.0",
-    "@payloadcms/next": "3.37.0",
-    "@payloadcms/richtext-lexical": "3.37.0",
-    "@payloadcms/ui": "3.37.0",
+    "@payloadcms/next": "3.68.5",
+    "@payloadcms/richtext-lexical": "3.68.5",
+    "@payloadcms/ui": "3.68.5",
     "@playwright/test": "1.56.1",
     "@swc-node/register": "1.10.9",
     "@swc/cli": "0.6.0",
@@ -50,7 +60,7 @@
     "husky": "^9.1.7",
     "next": "15.4.10",
     "open": "^10.1.0",
-    "payload": "3.37.0",
+    "payload": "3.68.5",
     "prettier": "^3.4.2",
     "qs-esm": "7.0.2",
     "react": "19.2.1",
@@ -63,13 +73,17 @@
     "vitest": "^3.1.2"
   },
   "peerDependencies": {
-    "payload": "^3.37.0"
+    "payload": "^3.68.5"
   },
   "engines": {
     "node": "^18.20.2 || >=20.9.0",
     "pnpm": "^9 || ^10"
   },
   "registry": "https://registry.npmjs.org/",
+  "dependencies": {
+    "i18n-iso-countries": "^7.14.0",
+    "zod": "^4.2.1"
+  },
   "scripts": {
     "build": "pnpm copyfiles && pnpm build:types && pnpm build:swc",
     "build:swc": "swc ./src -d ./dist --config-file .swcrc --strip-leading-paths",
@@ -79,9 +93,11 @@
     "dev": "next dev dev --turbo",
     "dev:generate-importmap": "pnpm dev:payload generate:importmap",
     "dev:generate-types": "pnpm dev:payload generate:types",
+    "dev:generate": "pnpm dev:generate-importmap && pnpm dev:generate-types",
     "dev:payload": "cross-env PAYLOAD_CONFIG_PATH=./dev/payload.config.ts payload",
     "generate:importmap": "pnpm dev:generate-importmap",
     "generate:types": "pnpm dev:generate-types",
+    "generate": "pnpm generate:importmap && pnpm generate:types",
     "lint": "eslint",
     "lint:fix": "eslint ./src --fix",
     "test": "pnpm test:int && pnpm test:e2e",