@moneydevkit/core 0.9.0-beta.2 → 0.9.0-beta.4

package/dist/handlers/index.js

@@ -4,6 +4,7 @@ export * from './pay_bolt_11';
 export * from './pay_bolt_12';
 export * from './pay_ln_url';
 export * from './ping';
+export * from './subscription';
 export * from './sync_rgs';
 export * from './webhooks';
 //# sourceMappingURL=index.js.map

package/dist/handlers/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAA;AACzB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,eAAe,CAAA;AAC7B,cAAc,eAAe,CAAA;AAC7B,cAAc,cAAc,CAAA;AAC5B,cAAc,QAAQ,CAAA;AACtB,cAAc,YAAY,CAAA;AAC1B,cAAc,YAAY,CAAA"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/handlers/index.ts"],"names":[],"mappings":"AAAA,cAAc,WAAW,CAAA;AACzB,cAAc,iBAAiB,CAAA;AAC/B,cAAc,eAAe,CAAA;AAC7B,cAAc,eAAe,CAAA;AAC7B,cAAc,cAAc,CAAA;AAC5B,cAAc,QAAQ,CAAA;AACtB,cAAc,gBAAgB,CAAA;AAC9B,cAAc,YAAY,CAAA;AAC1B,cAAc,YAAY,CAAA"}

package/dist/handlers/subscription.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Options for creating a subscription renewal URL.
+ */
+export interface CreateRenewalSubscriptionUrlOptions {
+    /** The subscription ID to renew */
+    subscriptionId: string;
+    /** Base path for the MDK API (default: /api/mdk) */
+    basePath?: string;
+    /** Custom checkout path (default: /checkout) */
+    checkoutPath?: string;
+}
+/**
+ * Options for creating a subscription cancel URL.
+ */
+export interface CreateCancelSubscriptionUrlOptions {
+    /** The subscription ID to cancel */
+    subscriptionId: string;
+}
+/**
+ * Generate an HMAC-SHA256 signature for subscription action URL params.
+ * This is the core signing function used by both SDK helpers and backend services.
+ *
+ * @param action - The action type ('cancelSubscription' or 'renewSubscription')
+ * @param subscriptionId - The subscription ID
+ * @param secret - The HMAC secret (MDK_ACCESS_TOKEN / app.apiKey)
+ * @param additionalParams - Optional additional params to include (e.g., checkoutPath)
+ * @returns The hex-encoded HMAC signature
+ *
+ * @example
+ * // Backend usage with app.apiKey from database
+ * const signature = generateSubscriptionSignature(
+ *   'cancelSubscription',
+ *   subscriptionId,
+ *   app.apiKey
+ * )
+ *
+ * @example
+ * // SDK usage with MDK_ACCESS_TOKEN from env
+ * const signature = generateSubscriptionSignature(
+ *   'renewSubscription',
+ *   subscriptionId,
+ *   process.env.MDK_ACCESS_TOKEN!,
+ *   { checkoutPath: '/checkout' }
+ * )
+ */
+export declare function generateSubscriptionSignature(action: 'cancelSubscription' | 'renewSubscription', subscriptionId: string, secret: string, additionalParams?: Record<string, string>): string;
+/**
+ * Verify an HMAC-SHA256 signature for subscription action URL params.
+ * Uses constant-time comparison to prevent timing attacks.
+ *
+ * @param params - The URL params (action, subscriptionId, optionally checkoutPath)
+ * @param signature - The signature to verify
+ * @param secret - The HMAC secret (MDK_ACCESS_TOKEN / app.apiKey)
+ * @returns True if signature is valid
+ *
+ * @example
+ * // Verify with explicit secret
+ * const isValid = verifySubscriptionSignatureWithSecret(params, signature, app.apiKey)
+ */
+export declare function verifySubscriptionSignatureWithSecret(params: URLSearchParams, signature: string, secret: string): boolean;
+/**
+ * Generate a signed URL for renewing a subscription.
+ * When visited, creates a renewal checkout and redirects to the checkout page.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ *
+ * @example
+ * const url = createRenewalSubscriptionUrl({
+ *   subscriptionId: 'sub_abc123',
+ * })
+ * // Returns: /api/mdk?action=renewSubscription&subscriptionId=sub_abc123&signature=...
+ */
+export declare function createRenewalSubscriptionUrl(options: CreateRenewalSubscriptionUrlOptions): string;
+/**
+ * Generate a signed URL for canceling a subscription.
+ * Points directly to the MDK-hosted cancel page.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ *
+ * @example
+ * const url = createCancelSubscriptionUrl({
+ *   subscriptionId: 'sub_abc123',
+ * })
+ * // Returns: https://www.moneydevkit.com/subscription/cancel?subscriptionId=sub_abc123&signature=...
+ */
+export declare function createCancelSubscriptionUrl(options: CreateCancelSubscriptionUrlOptions): string;
+/**
+ * Verify the HMAC signature of subscription URL params.
+ * Uses constant-time comparison to prevent timing attacks.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ */
+export declare function verifySubscriptionSignature(params: URLSearchParams, signature: string): boolean;
+/**
+ * Handle a renewal subscription request from a signed URL.
+ * Creates a renewal checkout and redirects to the checkout page.
+ */
+export declare function handleRenewSubscriptionFromUrl(request: Request, url: URL, params: URLSearchParams): Promise<Response>;

package/dist/handlers/subscription.js

@@ -0,0 +1,208 @@
+import { createHmac, timingSafeEqual } from 'crypto';
+import { createMoneyDevKitClient } from '../mdk';
+import { sanitizeCheckoutPath } from './checkout';
+/**
+ * The base URL for MoneyDevKit hosted pages.
+ * In production this is https://www.moneydevkit.com
+ * Can be overridden via MDK_HOST environment variable for development.
+ */
+const MDK_HOST = process.env.MDK_HOST ?? 'https://www.moneydevkit.com';
+// ────────────────────────────────────────────────────────────────────────────────
+// Core signature utilities - parameterized versions for use by backend or SDK
+// ────────────────────────────────────────────────────────────────────────────────
+/**
+ * Generate an HMAC-SHA256 signature for subscription action URL params.
+ * This is the core signing function used by both SDK helpers and backend services.
+ *
+ * @param action - The action type ('cancelSubscription' or 'renewSubscription')
+ * @param subscriptionId - The subscription ID
+ * @param secret - The HMAC secret (MDK_ACCESS_TOKEN / app.apiKey)
+ * @param additionalParams - Optional additional params to include (e.g., checkoutPath)
+ * @returns The hex-encoded HMAC signature
+ *
+ * @example
+ * // Backend usage with app.apiKey from database
+ * const signature = generateSubscriptionSignature(
+ *   'cancelSubscription',
+ *   subscriptionId,
+ *   app.apiKey
+ * )
+ *
+ * @example
+ * // SDK usage with MDK_ACCESS_TOKEN from env
+ * const signature = generateSubscriptionSignature(
+ *   'renewSubscription',
+ *   subscriptionId,
+ *   process.env.MDK_ACCESS_TOKEN!,
+ *   { checkoutPath: '/checkout' }
+ * )
+ */
+export function generateSubscriptionSignature(action, subscriptionId, secret, additionalParams) {
+    const urlParams = new URLSearchParams();
+    urlParams.set('action', action);
+    urlParams.set('subscriptionId', subscriptionId);
+    if (additionalParams) {
+        for (const [key, value] of Object.entries(additionalParams)) {
+            urlParams.set(key, value);
+        }
+    }
+    urlParams.sort();
+    const canonicalString = urlParams.toString();
+    return createHmac('sha256', secret)
+        .update(canonicalString)
+        .digest('hex');
+}
+/**
+ * Verify an HMAC-SHA256 signature for subscription action URL params.
+ * Uses constant-time comparison to prevent timing attacks.
+ *
+ * @param params - The URL params (action, subscriptionId, optionally checkoutPath)
+ * @param signature - The signature to verify
+ * @param secret - The HMAC secret (MDK_ACCESS_TOKEN / app.apiKey)
+ * @returns True if signature is valid
+ *
+ * @example
+ * // Verify with explicit secret
+ * const isValid = verifySubscriptionSignatureWithSecret(params, signature, app.apiKey)
+ */
+export function verifySubscriptionSignatureWithSecret(params, signature, secret) {
+    const paramsToVerify = new URLSearchParams(params);
+    paramsToVerify.delete('signature');
+    paramsToVerify.sort();
+    const canonicalString = paramsToVerify.toString();
+    const expectedSignature = createHmac('sha256', secret)
+        .update(canonicalString)
+        .digest('hex');
+    try {
+        const sigBuffer = Buffer.from(signature, 'hex');
+        const expectedBuffer = Buffer.from(expectedSignature, 'hex');
+        if (sigBuffer.length !== expectedBuffer.length) {
+            return false;
+        }
+        return timingSafeEqual(sigBuffer, expectedBuffer);
+    }
+    catch {
+        return false;
+    }
+}
+// ────────────────────────────────────────────────────────────────────────────────
+// SDK helpers - use MDK_ACCESS_TOKEN from environment
+// ────────────────────────────────────────────────────────────────────────────────
+/**
+ * Generate a signed URL for renewing a subscription.
+ * When visited, creates a renewal checkout and redirects to the checkout page.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ *
+ * @example
+ * const url = createRenewalSubscriptionUrl({
+ *   subscriptionId: 'sub_abc123',
+ * })
+ * // Returns: /api/mdk?action=renewSubscription&subscriptionId=sub_abc123&signature=...
+ */
+export function createRenewalSubscriptionUrl(options) {
+    const basePath = options.basePath ?? '/api/mdk';
+    const accessToken = process.env.MDK_ACCESS_TOKEN;
+    if (!accessToken) {
+        throw new Error('MDK_ACCESS_TOKEN is required for creating subscription URLs');
+    }
+    const additionalParams = options.checkoutPath ? { checkoutPath: options.checkoutPath } : undefined;
+    const signature = generateSubscriptionSignature('renewSubscription', options.subscriptionId, accessToken, additionalParams);
+    const urlParams = new URLSearchParams();
+    urlParams.set('action', 'renewSubscription');
+    urlParams.set('subscriptionId', options.subscriptionId);
+    if (options.checkoutPath) {
+        urlParams.set('checkoutPath', options.checkoutPath);
+    }
+    urlParams.set('signature', signature);
+    return `${basePath}?${urlParams.toString()}`;
+}
+/**
+ * Generate a signed URL for canceling a subscription.
+ * Points directly to the MDK-hosted cancel page.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ *
+ * @example
+ * const url = createCancelSubscriptionUrl({
+ *   subscriptionId: 'sub_abc123',
+ * })
+ * // Returns: https://www.moneydevkit.com/subscription/cancel?subscriptionId=sub_abc123&signature=...
+ */
+export function createCancelSubscriptionUrl(options) {
+    const accessToken = process.env.MDK_ACCESS_TOKEN;
+    if (!accessToken) {
+        throw new Error('MDK_ACCESS_TOKEN is required for creating subscription URLs');
+    }
+    const signature = generateSubscriptionSignature('cancelSubscription', options.subscriptionId, accessToken);
+    const urlParams = new URLSearchParams();
+    urlParams.set('subscriptionId', options.subscriptionId);
+    urlParams.set('signature', signature);
+    return `${MDK_HOST}/subscription/cancel?${urlParams.toString()}`;
+}
+/**
+ * Verify the HMAC signature of subscription URL params.
+ * Uses constant-time comparison to prevent timing attacks.
+ * Uses MDK_ACCESS_TOKEN from environment.
+ */
+export function verifySubscriptionSignature(params, signature) {
+    const accessToken = process.env.MDK_ACCESS_TOKEN;
+    if (!accessToken)
+        return false;
+    return verifySubscriptionSignatureWithSecret(params, signature, accessToken);
+}
+/**
+ * Safely join a base path with a segment, avoiding double slashes.
+ */
+function joinPath(base, segment) {
+    if (base === '/')
+        return `/${segment}`;
+    return `${base}/${segment}`;
+}
+/**
+ * Helper to redirect to checkout error page.
+ */
+function redirectToCheckoutError(origin, checkoutPath, code, message) {
+    const errorUrl = new URL(joinPath(checkoutPath, 'error'), origin);
+    errorUrl.searchParams.set('error', code);
+    errorUrl.searchParams.set('message', message);
+    return Response.redirect(errorUrl.toString(), 302);
+}
+/**
+ * Get the origin from a request, respecting proxy headers.
+ * Uses Host header to handle Docker port mapping correctly.
+ */
+function getRequestOrigin(request, fallbackUrl) {
+    const host = request.headers.get('host');
+    if (host) {
+        const protocol = request.headers.get('x-forwarded-proto') ?? fallbackUrl.protocol.replace(':', '');
+        return `${protocol}://${host}`;
+    }
+    return fallbackUrl.origin;
+}
+/**
+ * Handle a renewal subscription request from a signed URL.
+ * Creates a renewal checkout and redirects to the checkout page.
+ */
+export async function handleRenewSubscriptionFromUrl(request, url, params) {
+    const subscriptionId = params.get('subscriptionId');
+    const checkoutPath = sanitizeCheckoutPath(params.get('checkoutPath'));
+    const origin = getRequestOrigin(request, url);
+    if (!subscriptionId) {
+        return redirectToCheckoutError(origin, checkoutPath, 'missing_subscription_id', 'Missing subscription ID');
+    }
+    try {
+        const client = createMoneyDevKitClient();
+        const result = await client.subscriptions.createRenewalCheckout({ subscriptionId });
+        // Redirect to checkout page
+        const checkoutUrl = new URL(joinPath(checkoutPath, result.checkoutId), origin);
+        return Response.redirect(checkoutUrl.toString(), 302);
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : 'Failed to create renewal checkout';
+        // Check for "already renewed" scenario
+        if (message.includes('already renewed') || message.includes('not renewable')) {
+            return redirectToCheckoutError(origin, checkoutPath, 'already_renewed', 'This subscription has already been renewed');
+        }
+        return redirectToCheckoutError(origin, checkoutPath, 'renewal_failed', message);
+    }
+}
+//# sourceMappingURL=subscription.js.map

package/dist/handlers/subscription.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscription.js","sourceRoot":"","sources":["../../src/handlers/subscription.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,QAAQ,CAAA;AAEpD,OAAO,EAAE,uBAAuB,EAAE,MAAM,QAAQ,CAAA;AAChD,OAAO,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAEjD;;;;GAIG;AACH,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,IAAI,6BAA6B,CAAA;AAsBtE,mFAAmF;AACnF,8EAA8E;AAC9E,mFAAmF;AAEnF;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,MAAM,UAAU,6BAA6B,CAC3C,MAAkD,EAClD,cAAsB,EACtB,MAAc,EACd,gBAAyC;IAEzC,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAA;IACvC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAA;IAC/B,SAAS,CAAC,GAAG,CAAC,gBAAgB,EAAE,cAAc,CAAC,CAAA;IAE/C,IAAI,gBAAgB,EAAE,CAAC;QACrB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,EAAE,CAAC;YAC5D,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;QAC3B,CAAC;IACH,CAAC;IAED,SAAS,CAAC,IAAI,EAAE,CAAA;IAChB,MAAM,eAAe,GAAG,SAAS,CAAC,QAAQ,EAAE,CAAA;IAE5C,OAAO,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAChC,MAAM,CAAC,eAAe,CAAC;SACvB,MAAM,CAAC,KAAK,CAAC,CAAA;AAClB,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,qCAAqC,CACnD,MAAuB,EACvB,SAAiB,EACjB,MAAc;IAEd,MAAM,cAAc,GAAG,IAAI,eAAe,CAAC,MAAM,CAAC,CAAA;IAClD,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IAClC,cAAc,CAAC,IAAI,EAAE,CAAA;IAErB,MAAM,eAAe,GAAG,cAAc,CAAC,QAAQ,EAAE,CAAA;IACjD,MAAM,iBAAiB,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SACnD,MAAM,CAAC,eAAe,CAAC;SACvB,MAAM,CAAC,KAAK,CAAC,CAAA;IAEhB,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,KAAK,CAAC,CAAA;QAC/C,MAAM,cAAc,GAAG,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,KAAK,CAAC,CAAA;QAE5D,IAAI,SAAS,CAAC,MAAM,KAAK,cAAc,CAAC,MAAM,EAAE,CAAC;YAC/C,OAAO,KAAK,CAAA;QACd,CAAC;QAED,OAAO,eAAe,CAAC,SAAS,EAAE,cAAc,CAAC,CAAA;IACnD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAA;IACd,CAAC;AACH,CAAC;AAED,mFAAmF;AACnF,sDAAsD;AACtD,mFAAmF;AAEnF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,4BAA4B,CAAC,OAA4C;IACvF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,IAAI,UAAU,CAAA;IAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAA;IAChF,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,SAAS,CAAA;IAClG,MAAM,SAAS,GAAG,6BAA6B,CAC7C,mBAAmB,EACnB,OAAO,CAAC,cAAc,EACtB,WAAW,EACX,gBAAgB,CACjB,CAAA;IAED,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAA;IACvC,SAAS,CAAC,GAAG,CAAC,QAAQ,EAAE,mBAAmB,CAAC,CAAA;IAC5C,SAAS,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAA;IACvD,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QACzB,SAAS,CAAC,GAAG,CAAC,cAAc,EAAE,OAAO,CAAC,YAAY,CAAC,CAAA;IACrD,CAAC;IACD,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAA;IAErC,OAAO,GAAG,QAAQ,IAAI,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAA;AAC9C,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAA2C;IACrF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAEhD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,MAAM,IAAI,KAAK,CAAC,6DAA6D,CAAC,CAAA;IAChF,CAAC;IAED,MAAM,SAAS,GAAG,6BAA6B,CAC7C,oBAAoB,EACpB,OAAO,CAAC,cAAc,EACtB,WAAW,CACZ,CAAA;IAED,MAAM,SAAS,GAAG,IAAI,eAAe,EAAE,CAAA;IACvC,SAAS,CAAC,GAAG,CAAC,gBAAgB,EAAE,OAAO,CAAC,cAAc,CAAC,CAAA;IACvD,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAA;IAErC,OAAO,GAAG,QAAQ,wBAAwB,SAAS,CAAC,QAAQ,EAAE,EAAE,CAAA;AAClE,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,MAAuB,EAAE,SAAiB;IACpF,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAA;IAChD,IAAI,CAAC,WAAW;QAAE,OAAO,KAAK,CAAA;IAE9B,OAAO,qCAAqC,CAAC,MAAM,EAAE,SAAS,EAAE,WAAW,CAAC,CAAA;AAC9E,CAAC;AAED;;GAEG;AACH,SAAS,QAAQ,CAAC,IAAY,EAAE,OAAe;IAC7C,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,IAAI,OAAO,EAAE,CAAA;IACtC,OAAO,GAAG,IAAI,IAAI,OAAO,EAAE,CAAA;AAC7B,CAAC;AAED;;GAEG;AACH,SAAS,uBAAuB,CAC9B,MAAc,EACd,YAAoB,EACpB,IAAY,EACZ,OAAe;IAEf,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,CAAA;IACjE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;IACxC,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAC7C,OAAO,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAA;AACpD,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,OAAgB,EAAE,WAAgB;IAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IACxC,IAAI,IAAI,EAAE,CAAC;QACT,MAAM,QAAQ,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,WAAW,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,CAAA;QAClG,OAAO,GAAG,QAAQ,MAAM,IAAI,EAAE,CAAA;IAChC,CAAC;IACD,OAAO,WAAW,CAAC,MAAM,CAAA;AAC3B,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,8BAA8B,CAClD,OAAgB,EAChB,GAAQ,EACR,MAAuB;IAEvB,MAAM,cAAc,GAAG,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAA;IACnD,MAAM,YAAY,GAAG,oBAAoB,CAAC,MAAM,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAA;IACrE,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,EAAE,GAAG,CAAC,CAAA;IAE7C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,uBAAuB,CAAC,MAAM,EAAE,YAAY,EAAE,yBAAyB,EAAE,yBAAyB,CAAC,CAAA;IAC5G,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,uBAAuB,EAAE,CAAA;QACxC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,qBAAqB,CAAC,EAAE,cAAc,EAAE,CAAC,CAAA;QAEnF,4BAA4B;QAC5B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC,CAAA;QAC9E,OAAO,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAA;IACvD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,mCAAmC,CAAA;QAExF,uCAAuC;QACvC,IAAI,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC;YAC7E,OAAO,uBAAuB,CAAC,MAAM,EAAE,YAAY,EAAE,iBAAiB,EAAE,4CAA4C,CAAC,CAAA;QACvH,CAAC;QAED,OAAO,uBAAuB,CAAC,MAAM,EAAE,YAAY,EAAE,gBAAgB,EAAE,OAAO,CAAC,CAAA;IACjF,CAAC;AACH,CAAC"}

package/dist/handlers/webhooks.js

@@ -1,46 +1,167 @@
 import { z } from "zod";
-import { warn } from "../logging";
+import { SubscriptionSchema, SubscriptionWebhookEventSchema, } from "@moneydevkit/api-contract";
+import { log, warn } from "../logging";
 import { createMoneyDevKitClient, createMoneyDevKitNode } from "../mdk";
 import { markPaymentReceived } from "../payment-state";
-const webhookSchema = z.object({
-    event: z.enum(["incoming-payment"]),
+// Incoming payment events - have nodeId, no subscription
+const incomingPaymentEventSchema = z.object({
+    handler: z.literal("webhooks"),
+    event: z.literal("incoming-payment"),
     nodeId: z.string(),
 });
-async function handleIncomingPayment() {
+// Subscription events - have subscription, no nodeId
+const subscriptionEventSchema = z.object({
+    handler: z.literal("webhooks"),
+    event: SubscriptionWebhookEventSchema,
+    subscription: SubscriptionSchema,
+});
+// Discriminated union - TypeScript will narrow based on `event`
+const webhookSchema = z.union([
+    incomingPaymentEventSchema,
+    subscriptionEventSchema,
+]);
+// How often to poll for new LDK events
+const POLL_INTERVAL_MS = 100;
+// Minimum time that we'll run the lightning node when handling incoming payments.
+// This needs to be long enough for JIT channel opening and HTLC commitment exchanges.
+const MIN_WAIT_BEFORE_QUIET_MS = 15_000;
+// After the minimum wait, this is how long we'll wait for new events if there are no pending claims.
+const QUIET_THRESHOLD_MS = 5_000;
+// Maximum time we'll run the lightning node when handling incoming payments.
+// Vercel has a hard timeout of 60 seconds for the hobby plan so this should not
+// be longer than that.
+const MAX_WAIT_MS = 60_000;
+/**
+ * Handles incoming-payment webhooks from MoneyDevKit platform.
+ *
+ * This function is invoked when the MDK node sends a webhook notification
+ * indicating that new payments have arrived ("incoming-payment" event).
+ */
+async function handleIncomingPaymentEvents() {
+    const webhookStartTime = Date.now();
+    log("[webhook] handleIncomingPayment started");
     const node = createMoneyDevKitNode();
     const client = createMoneyDevKitClient();
-    const payments = node.receivePayments();
-    if (payments.length === 0) {
-        return;
-    }
-    payments.forEach((payment) => {
-        markPaymentReceived(payment.paymentHash);
-    });
+    log("[webhook] Starting node and syncing...");
+    const syncStartTime = Date.now();
+    node.startReceiving();
+    const syncDuration = Date.now() - syncStartTime;
+    log(`[webhook] Node started and synced in ${syncDuration}ms`);
+    const pendingClaims = new Set();
+    let eventsProcessed = 0;
+    let paymentsReceived = 0;
+    let paymentsFailed = 0;
+    const startTime = Date.now();
+    let lastEventTime = startTime;
     try {
-        await client.checkouts.paymentReceived({
-            payments: payments.map((payment) => ({
-                paymentHash: payment.paymentHash,
-                // amount comes in msat from the node, convert to sats
-                amountSats: payment.amount / 1000,
-                sandbox: false,
-            })),
-        });
+        while (true) {
+            const event = node.nextEvent();
+            if (event) {
+                lastEventTime = Date.now();
+                eventsProcessed++;
+                switch (event.eventType) {
+                    case 0 /* PaymentEventType.Claimable */:
+                        log(`[webhook] PaymentClaimable hash=${event.paymentHash} amount=${event.amountMsat}msat pending=${pendingClaims.size + 1}`);
+                        pendingClaims.add(event.paymentHash);
+                        node.ackEvent();
+                        break;
+                    case 1 /* PaymentEventType.Received */: {
+                        paymentsReceived++;
+                        log(`[webhook] PaymentReceived hash=${event.paymentHash} amount=${event.amountMsat}msat`);
+                        pendingClaims.delete(event.paymentHash);
+                        markPaymentReceived(event.paymentHash);
+                        try {
+                            await client.checkouts.paymentReceived({
+                                payments: [{
+                                        paymentHash: event.paymentHash,
+                                        amountSats: Math.floor(event.amountMsat / 1000),
+                                        sandbox: false,
+                                    }],
+                            });
+                            log(`[webhook] Payment confirmed to API hash=${event.paymentHash}`);
+                        }
+                        catch (error) {
+                            // TODO (austin): Investigate retry strategy for API failures. Currently we ack
+                            // regardless of API success (matching existing behavior). However,
+                            // this leaves us in a state where the payment is received but not
+                            // confirmed to the paying customer or reflected on moneydevkit.com.
+                            // Consider having the checkout update based on the global payment state
+                            // and some sort of reconciliation process to backfill the database.
+                            warn(`[webhook] Failed to confirm payment ${event.paymentHash} to API`, error);
+                        }
+                        node.ackEvent();
+                        break;
+                    }
+                    case 2 /* PaymentEventType.Failed */:
+                        paymentsFailed++;
+                        log(`[webhook] PaymentFailed hash=${event.paymentHash} reason=${event.reason}`);
+                        pendingClaims.delete(event.paymentHash);
+                        node.ackEvent();
+                        break;
+                }
+                // Continue immediately to process next event
+                continue;
+            }
+            // No event available - check exit conditions
+            const now = Date.now();
+            const totalElapsed = now - startTime;
+            const quietElapsed = now - lastEventTime;
+            if (totalElapsed >= MAX_WAIT_MS) {
+                if (pendingClaims.size > 0) {
+                    warn(`[webhook] Hard timeout after ${totalElapsed}ms with ${pendingClaims.size} pending claims`);
+                }
+                else {
+                    log(`[webhook] Hard timeout after ${totalElapsed}ms (no pending)`);
+                }
+                break;
+            }
+            const canQuietExit = pendingClaims.size === 0 &&
+                quietElapsed >= QUIET_THRESHOLD_MS &&
+                totalElapsed >= MIN_WAIT_BEFORE_QUIET_MS;
+            if (canQuietExit) {
+                log(`[webhook] Quiet exit after ${totalElapsed}ms (quiet=${quietElapsed}ms)`);
+                break;
+            }
+            // Log occasionally while waiting for minimum time
+            if (pendingClaims.size === 0 &&
+                quietElapsed >= QUIET_THRESHOLD_MS &&
+                totalElapsed < MIN_WAIT_BEFORE_QUIET_MS &&
+                totalElapsed % 1000 < POLL_INTERVAL_MS) {
+                log(`[webhook] Waiting for min time: ${totalElapsed}/${MIN_WAIT_BEFORE_QUIET_MS}ms`);
+            }
+            // Yield to JS event loop
+            await new Promise((resolve) => setTimeout(resolve, POLL_INTERVAL_MS));
+        }
     }
-    catch (error) {
-        warn("Failed to notify MoneyDevKit checkout about received payments. Will rely on local state and retry on next webhook.", error);
+    finally {
+        log("[webhook] Stopping node...");
+        node.stopReceiving();
+        const totalDuration = Date.now() - webhookStartTime;
+        log(`[webhook] Complete: duration=${totalDuration}ms events=${eventsProcessed} received=${paymentsReceived} failed=${paymentsFailed}`);
     }
 }
 export async function handleMdkWebhook(request) {
+    const requestStartTime = Date.now();
+    log("[webhook] Received webhook request");
     try {
         const body = await request.json();
         const parsed = webhookSchema.parse(body);
         if (parsed.event === "incoming-payment") {
-            await handleIncomingPayment();
+            log(`[webhook] Parsed event=${parsed.event} nodeId=${parsed.nodeId}`);
+            await handleIncomingPaymentEvents();
+        }
+        else {
+            // Subscription events - SDK acknowledges but doesn't handle
+            // (merchant handles via their own webhook logic)
+            log(`[webhook] Parsed event=${parsed.event} subscriptionId=${parsed.subscription.id}`);
         }
+        const duration = Date.now() - requestStartTime;
+        log(`[webhook] Response OK in ${duration}ms`);
         return new Response("OK", { status: 200 });
     }
     catch (error) {
-        console.error(error);
+        const duration = Date.now() - requestStartTime;
+        warn(`[webhook] Error after ${duration}ms:`, error);
         return new Response("Internal Server Error", { status: 500 });
     }
 }

package/dist/handlers/webhooks.js.map

@@ -1 +1 @@
-{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../src/handlers/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,OAAO,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AAClC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,MAAM,aAAa,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,KAAK,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,kBAAkB,CAAC,CAAC;IACnC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,KAAK,UAAU,qBAAqB;IAClC,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,uBAAuB,EAAE,CAAC;IACzC,MAAM,QAAQ,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;IAExC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO;IACT,CAAC;IAED,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC3B,mBAAmB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC;YACrC,QAAQ,EAAE,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;gBACnC,WAAW,EAAE,OAAO,CAAC,WAAW;gBAChC,sDAAsD;gBACtD,UAAU,EAAE,OAAO,CAAC,MAAM,GAAG,IAAI;gBACjC,OAAO,EAAE,KAAK;aACf,CAAC,CAAC;SACJ,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CACF,oHAAoH,EACpH,KAAK,CACN,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEzC,IAAI,MAAM,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;YACxC,MAAM,qBAAqB,EAAE,CAAC;QAChC,CAAC;QAED,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACrB,OAAO,IAAI,QAAQ,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}
+{"version":3,"file":"webhooks.js","sourceRoot":"","sources":["../../src/handlers/webhooks.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AACxB,OAAO,EACL,kBAAkB,EAClB,8BAA8B,GAC/B,MAAM,2BAA2B,CAAC;AAEnC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,YAAY,CAAC;AACvC,OAAO,EAAE,uBAAuB,EAAE,qBAAqB,EAAE,MAAM,QAAQ,CAAC;AACxE,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAGvD,yDAAyD;AACzD,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IAC1C,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAC9B,KAAK,EAAE,CAAC,CAAC,OAAO,CAAC,kBAAkB,CAAC;IACpC,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;CACnB,CAAC,CAAC;AAEH,qDAAqD;AACrD,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,OAAO,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAC9B,KAAK,EAAE,8BAA8B;IACrC,YAAY,EAAE,kBAAkB;CACjC,CAAC,CAAC;AAEH,gEAAgE;AAChE,MAAM,aAAa,GAAG,CAAC,CAAC,KAAK,CAAC;IAC5B,0BAA0B;IAC1B,uBAAuB;CACxB,CAAC,CAAC;AAEH,uCAAuC;AACvC,MAAM,gBAAgB,GAAG,GAAG,CAAC;AAC7B,kFAAkF;AAClF,sFAAsF;AACtF,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,qGAAqG;AACrG,MAAM,kBAAkB,GAAG,KAAK,CAAC;AACjC,6EAA6E;AAC7E,gFAAgF;AAChF,uBAAuB;AACvB,MAAM,WAAW,GAAG,MAAM,CAAC;AAE3B;;;;;GAKG;AACH,KAAK,UAAU,2BAA2B;IACxC,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,GAAG,CAAC,yCAAyC,CAAC,CAAC;IAE/C,MAAM,IAAI,GAAG,qBAAqB,EAAE,CAAC;IACrC,MAAM,MAAM,GAAG,uBAAuB,EAAE,CAAC;IAEzC,GAAG,CAAC,wCAAwC,CAAC,CAAC;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACjC,IAAI,CAAC,cAAc,EAAE,CAAC;IACtB,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,CAAC;IAChD,GAAG,CAAC,wCAAwC,YAAY,IAAI,CAAC,CAAC;IAE9D,MAAM,aAAa,GAAG,IAAI,GAAG,EAAU,CAAC;IACxC,IAAI,eAAe,GAAG,CAAC,CAAC;IACxB,IAAI,gBAAgB,GAAG,CAAC,CAAC;IACzB,IAAI,cAAc,GAAG,CAAC,CAAC;IAEvB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,IAAI,aAAa,GAAG,SAAS,CAAC;IAE9B,IAAI,CAAC;QACH,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YAE/B,IAAI,KAAK,EAAE,CAAC;gBACV,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAC3B,eAAe,EAAE,CAAC;gBAElB,QAAQ,KAAK,CAAC,SAAS,EAAE,CAAC;oBACxB;wBACE,GAAG,CACD,mCAAmC,KAAK,CAAC,WAAW,WAAW,KAAK,CAAC,UAAU,gBAAgB,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CACxH,CAAC;wBACF,aAAa,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;wBACrC,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAChB,MAAM;oBAER,sCAA8B,CAAC,CAAC,CAAC;wBAC/B,gBAAgB,EAAE,CAAC;wBACnB,GAAG,CACD,kCAAkC,KAAK,CAAC,WAAW,WAAW,KAAK,CAAC,UAAU,MAAM,CACrF,CAAC;wBACF,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;wBACxC,mBAAmB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;wBAEvC,IAAI,CAAC;4BACH,MAAM,MAAM,CAAC,SAAS,CAAC,eAAe,CAAC;gCACrC,QAAQ,EAAE,CAAC;wCACT,WAAW,EAAE,KAAK,CAAC,WAAW;wCAC9B,UAAU,EAAE,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,UAAW,GAAG,IAAI,CAAC;wCAChD,OAAO,EAAE,KAAK;qCACf,CAAC;6BACH,CAAC,CAAC;4BACH,GAAG,CAAC,2CAA2C,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC;wBACtE,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,+EAA+E;4BAC/E,mEAAmE;4BACnE,kEAAkE;4BAClE,oEAAoE;4BACpE,wEAAwE;4BACxE,oEAAoE;4BACpE,IAAI,CACF,uCAAuC,KAAK,CAAC,WAAW,SAAS,EACjE,KAAK,CACN,CAAC;wBACJ,CAAC;wBACD,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAChB,MAAM;oBACR,CAAC;oBAED;wBACE,cAAc,EAAE,CAAC;wBACjB,GAAG,CACD,gCAAgC,KAAK,CAAC,WAAW,WAAW,KAAK,CAAC,MAAM,EAAE,CAC3E,CAAC;wBACF,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;wBACxC,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAChB,MAAM;gBACV,CAAC;gBAED,6CAA6C;gBAC7C,SAAS;YACX,CAAC;YAED,6CAA6C;YAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,YAAY,GAAG,GAAG,GAAG,SAAS,CAAC;YACrC,MAAM,YAAY,GAAG,GAAG,GAAG,aAAa,CAAC;YAEzC,IAAI,YAAY,IAAI,WAAW,EAAE,CAAC;gBAChC,IAAI,aAAa,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;oBAC3B,IAAI,CACF,gCAAgC,YAAY,WAAW,aAAa,CAAC,IAAI,iBAAiB,CAC3F,CAAC;gBACJ,CAAC;qBAAM,CAAC;oBACN,GAAG,CAAC,gCAAgC,YAAY,iBAAiB,CAAC,CAAC;gBACrE,CAAC;gBACD,MAAM;YACR,CAAC;YAED,MAAM,YAAY,GAChB,aAAa,CAAC,IAAI,KAAK,CAAC;gBACxB,YAAY,IAAI,kBAAkB;gBAClC,YAAY,IAAI,wBAAwB,CAAC;YAE3C,IAAI,YAAY,EAAE,CAAC;gBACjB,GAAG,CACD,8BAA8B,YAAY,aAAa,YAAY,KAAK,CACzE,CAAC;gBACF,MAAM;YACR,CAAC;YAED,kDAAkD;YAClD,IACE,aAAa,CAAC,IAAI,KAAK,CAAC;gBACxB,YAAY,IAAI,kBAAkB;gBAClC,YAAY,GAAG,wBAAwB;gBACvC,YAAY,GAAG,IAAI,GAAG,gBAAgB,EACtC,CAAC;gBACD,GAAG,CACD,mCAAmC,YAAY,IAAI,wBAAwB,IAAI,CAChF,CAAC;YACJ,CAAC;YAED,yBAAyB;YACzB,MAAM,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;YAAS,CAAC;QACT,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAClC,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,MAAM,aAAa,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;QACpD,GAAG,CACD,gCAAgC,aAAa,aAAa,eAAe,aAAa,gBAAgB,WAAW,cAAc,EAAE,CAClI,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,OAAgB;IACrD,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,GAAG,CAAC,oCAAoC,CAAC,CAAC;IAE1C,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,aAAa,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEzC,IAAI,MAAM,CAAC,KAAK,KAAK,kBAAkB,EAAE,CAAC;YACxC,GAAG,CAAC,0BAA0B,MAAM,CAAC,KAAK,WAAW,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;YACtE,MAAM,2BAA2B,EAAE,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,4DAA4D;YAC5D,iDAAiD;YACjD,GAAG,CAAC,0BAA0B,MAAM,CAAC,KAAK,mBAAmB,MAAM,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC;QACzF,CAAC;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;QAC/C,GAAG,CAAC,4BAA4B,QAAQ,IAAI,CAAC,CAAC;QAC9C,OAAO,IAAI,QAAQ,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAC7C,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,CAAC;QAC/C,IAAI,CAAC,yBAAyB,QAAQ,KAAK,EAAE,KAAK,CAAC,CAAC;QACpD,OAAO,IAAI,QAAQ,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/hooks/useCustomer.d.ts

@@ -0,0 +1,16 @@
+import type { CustomerWithSubscriptions, GetCustomerInput } from '@moneydevkit/api-contract';
+import type { MdkError } from '../types';
+export type CustomerIdentifier = GetCustomerInput;
+export interface CustomerData extends CustomerWithSubscriptions {
+    hasActiveSubscription: boolean;
+}
+export interface UseCustomerOptions {
+    /** Include sandbox subscriptions in the response. Defaults to false. */
+    includeSandbox?: boolean;
+}
+export declare function useCustomer(identifier: GetCustomerInput | null | undefined, options?: UseCustomerOptions): {
+    customer: CustomerData | null;
+    isLoading: boolean;
+    error: MdkError | null;
+    refetch: () => Promise<void>;
+};

package/dist/hooks/useCustomer.js

@@ -0,0 +1,52 @@
+import { useCallback, useEffect, useState } from 'react';
+import { clientGetCustomer } from '../client-actions';
+import { log } from '../logging';
+export function useCustomer(identifier, options) {
+    const [customer, setCustomer] = useState(null);
+    const [isLoading, setIsLoading] = useState(false);
+    const [error, setError] = useState(null);
+    // Create stable identifier key for dependency tracking
+    const identifierKey = identifier
+        ? 'externalId' in identifier
+            ? `externalId:${identifier.externalId ?? ''}`
+            : 'email' in identifier
+                ? `email:${identifier.email ?? ''}`
+                : `id:${identifier.id ?? ''}`
+        : null;
+    // Include options in the dependency key
+    const optionsKey = options?.includeSandbox ? 'sandbox:true' : 'sandbox:false';
+    const fetchCustomer = useCallback(async () => {
+        if (!identifier) {
+            setCustomer(null);
+            setError(null);
+            setIsLoading(false);
+            return;
+        }
+        setIsLoading(true);
+        setError(null);
+        const result = await clientGetCustomer(identifier, options);
+        if (result.error) {
+            log('Customer fetch error:', result.error);
+            setError(result.error);
+            setCustomer(null);
+        }
+        else {
+            setCustomer({
+                ...result.data,
+                // Include 'past_due' because users retain access during the grace period
+                hasActiveSubscription: result.data.subscriptions.some((s) => s.status === 'active' || s.status === 'past_due'),
+            });
+        }
+        setIsLoading(false);
+    }, [identifierKey, optionsKey]);
+    useEffect(() => {
+        fetchCustomer();
+    }, [fetchCustomer]);
+    return {
+        customer,
+        isLoading,
+        error,
+        refetch: fetchCustomer,
+    };
+}
+//# sourceMappingURL=useCustomer.js.map

package/dist/hooks/useCustomer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"useCustomer.js","sourceRoot":"","sources":["../../src/hooks/useCustomer.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,MAAM,OAAO,CAAA;AAExD,OAAO,EAAE,iBAAiB,EAA2B,MAAM,mBAAmB,CAAA;AAE9E,OAAO,EAAE,GAAG,EAAE,MAAM,YAAY,CAAA;AAchC,MAAM,UAAU,WAAW,CACzB,UAA+C,EAC/C,OAA4B;IAE5B,MAAM,CAAC,QAAQ,EAAE,WAAW,CAAC,GAAG,QAAQ,CAAsB,IAAI,CAAC,CAAA;IACnE,MAAM,CAAC,SAAS,EAAE,YAAY,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IACjD,MAAM,CAAC,KAAK,EAAE,QAAQ,CAAC,GAAG,QAAQ,CAAkB,IAAI,CAAC,CAAA;IAEzD,uDAAuD;IACvD,MAAM,aAAa,GAAG,UAAU;QAC9B,CAAC,CAAC,YAAY,IAAI,UAAU;YAC1B,CAAC,CAAC,cAAc,UAAU,CAAC,UAAU,IAAI,EAAE,EAAE;YAC7C,CAAC,CAAC,OAAO,IAAI,UAAU;gBACrB,CAAC,CAAC,SAAS,UAAU,CAAC,KAAK,IAAI,EAAE,EAAE;gBACnC,CAAC,CAAC,MAAM,UAAU,CAAC,EAAE,IAAI,EAAE,EAAE;QACjC,CAAC,CAAC,IAAI,CAAA;IAER,wCAAwC;IACxC,MAAM,UAAU,GAAG,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,eAAe,CAAA;IAE7E,MAAM,aAAa,GAAG,WAAW,CAAC,KAAK,IAAI,EAAE;QAC3C,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,WAAW,CAAC,IAAI,CAAC,CAAA;YACjB,QAAQ,CAAC,IAAI,CAAC,CAAA;YACd,YAAY,CAAC,KAAK,CAAC,CAAA;YACnB,OAAM;QACR,CAAC;QAED,YAAY,CAAC,IAAI,CAAC,CAAA;QAClB,QAAQ,CAAC,IAAI,CAAC,CAAA;QAEd,MAAM,MAAM,GAAG,MAAM,iBAAiB,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;QAE3D,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,KAAK,CAAC,CAAA;YAC1C,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAA;YACtB,WAAW,CAAC,IAAI,CAAC,CAAA;QACnB,CAAC;aAAM,CAAC;YACN,WAAW,CAAC;gBACV,GAAG,MAAM,CAAC,IAAI;gBACd,yEAAyE;gBACzE,qBAAqB,EAAE,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CACnD,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,UAAU,CACxD;aACF,CAAC,CAAA;QACJ,CAAC;QAED,YAAY,CAAC,KAAK,CAAC,CAAA;IACrB,CAAC,EAAE,CAAC,aAAa,EAAE,UAAU,CAAC,CAAC,CAAA;IAE/B,SAAS,CAAC,GAAG,EAAE;QACb,aAAa,EAAE,CAAA;IACjB,CAAC,EAAE,CAAC,aAAa,CAAC,CAAC,CAAA;IAEnB,OAAO;QACL,QAAQ;QACR,SAAS;QACT,KAAK;QACL,OAAO,EAAE,aAAa;KACvB,CAAA;AACH,CAAC"}

package/dist/hooks/useProducts.d.ts

@@ -1,14 +1,25 @@
+/**
+ * Hook to fetch available products from the MDK API.
+ *
+ * @returns Object containing products, loading state, error, and refetch function
+ *
+ * @example
+ * const { products } = useProducts()
+ * // USD prices are in cents - divide by 100 for display
+ * const displayPrice = (product.prices[0]?.priceAmount ?? 0) / 100
+ * // SAT amounts are in satoshis - no conversion needed
+ */
 export declare function useProducts(): {
     products: {
-        id: string;
         name: string;
+        id: string;
         description: string | null;
         recurringInterval: "MONTH" | "QUARTER" | "YEAR" | null;
         prices: {
-            id: string;
             currency: "USD" | "SAT";
-            amountType: "FIXED" | "CUSTOM";
             priceAmount: number | null;
+            id: string;
+            amountType: "FIXED" | "CUSTOM";
         }[];
     }[];
     isLoading: boolean;