@nile-squad/nylonpay-ts 1.2.0 → 1.3.0

package/README.md

@@ -41,7 +41,7 @@ Use your test keys to work in sandbox, or your production keys to go live. There
 |---|---|---|---|
 | `apiKey` | Yes | | Must start with `npk_` |
 | `apiSecret` | Yes | | Must start with `nps_` |
-| `baseUrl` | No | Default is used | Override only if self-hosting |
+| `baseUrl` | No | Default is used | Override for a custom endpoint |
 | `timeoutMs` | No | `30000` | Request timeout in milliseconds |
 | `maxRetries` | No | `3` | Retry count for failed requests |
 | `maxPollIntervalMs` | No | `2000` | Polling interval for async payments |
@@ -231,16 +231,13 @@ if (!result.isOk) {
 
 `USD`, `EUR`, `GBP`, `KES`, `UGX`, `TZS`, `RWF`
 
-## Development
+## Links
 
-Maintainer notes and pending work live in [`dev-note.md`](./dev-note.md).
-
-```sh
-pnpm install
-pnpm test        # vitest
-pnpm typecheck   # tsc --noEmit
-pnpm build       # tsup
-```
+- [Documentation](https://docs.nylonpay.nilesquad.com/docs)
+- [SDK Spec](https://github.com/nile-squad/specs/blob/main/nylonpay-sdk-spec/spec.md)
+- [GitHub Repository](https://github.com/nile-squad/nylonpay-ts)
+- [Python SDK](https://github.com/nile-squad/nylonpay-py)
+- [Nylon Pay](https://nylonpay.nilesquad.com)
 
 ## License
 

package/dist/index.cjs

@@ -72,10 +72,12 @@ var SDK_ACTIONS = {
   makePayoutAndResolve: "sdk-make-payout-and-resolve",
   getStatus: "sdk-get-status",
   getTransaction: "sdk-get-transaction",
+  listTransactions: "sdk-list-transactions",
   verifyPhone: "sdk-verify-phone",
   createInvoice: "sdk-create-invoice"
 };
 var RETRYABLE_STATUS_CODES = /* @__PURE__ */ new Set([408, 429, 500, 502, 503, 504]);
+var MAX_RESPONSE_BYTES = 10 * 1024 * 1024;
 function generateFingerprint() {
   const components = [
     `type:${os.type()}`,
@@ -270,6 +272,17 @@ function createTransport({
           body: bodyString,
           signal: controller.signal
         });
+        const contentLength = response.headers?.get("content-length");
+        if (contentLength && Number(contentLength) > MAX_RESPONSE_BYTES) {
+          cleanup();
+          return slangTs.Err(
+            JSON.stringify({
+              category: "internal",
+              message: "Received an invalid response from the server",
+              retryable: false
+            })
+          );
+        }
         if (!response.ok) {
           const statusCode = response.status;
           const retryable = RETRYABLE_STATUS_CODES.has(statusCode);
@@ -657,43 +670,44 @@ function extractSignedTimestampMs(payloadString) {
   return null;
 }
 function verifyWebhookSignature(input) {
-  const payloadString = decodePayload(input.payload);
-  const payloadBytes = Buffer.from(payloadString, "utf8");
-  const expectedSignature = crypto.createHmac("sha256", input.secret).update(payloadBytes).digest("hex");
-  const providedBuffer = Buffer.from(input.signature, "hex");
-  const expectedBuffer = Buffer.from(expectedSignature, "hex");
-  if (providedBuffer.length !== expectedBuffer.length) {
-    return false;
-  }
-  if (!crypto.timingSafeEqual(providedBuffer, expectedBuffer)) {
-    return false;
-  }
-  const toleranceSeconds = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS;
-  if (toleranceSeconds <= 0) {
-    return true;
-  }
-  const timestampMs = extractSignedTimestampMs(payloadString);
-  if (timestampMs === null) {
+  try {
+    const payloadString = decodePayload(input.payload);
+    const payloadBytes = Buffer.from(payloadString, "utf8");
+    const expectedSignature = crypto.createHmac("sha256", input.secret).update(payloadBytes).digest("hex");
+    const providedBuffer = Buffer.from(input.signature, "hex");
+    const expectedBuffer = Buffer.from(expectedSignature, "hex");
+    if (providedBuffer.length !== expectedBuffer.length) {
+      return false;
+    }
+    if (!crypto.timingSafeEqual(providedBuffer, expectedBuffer)) {
+      return false;
+    }
+    const toleranceSeconds = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS;
+    if (toleranceSeconds === 0) {
+      return true;
+    }
+    if (toleranceSeconds < 0) {
+      return false;
+    }
+    const timestampMs = extractSignedTimestampMs(payloadString);
+    if (timestampMs === null) {
+      return false;
+    }
+    const ageMs = Math.abs(Date.now() - timestampMs);
+    return ageMs <= toleranceSeconds * 1e3;
+  } catch {
     return false;
   }
-  const ageMs = Math.abs(Date.now() - timestampMs);
-  return ageMs <= toleranceSeconds * 1e3;
 }
 
 // src/sdk.ts
-function generateReference() {
-  return crypto.randomBytes(16).toString("hex").slice(0, 15);
-}
-var REFERENCE_MIN_LENGTH = 13;
-var REFERENCE_MAX_LENGTH = 15;
+var UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 function resolveReference(reference) {
   if (reference === void 0) {
-    return generateReference();
+    return crypto.randomUUID();
   }
-  if (reference.length < REFERENCE_MIN_LENGTH || reference.length > REFERENCE_MAX_LENGTH) {
-    throwValidation(
-      `reference must be ${REFERENCE_MIN_LENGTH}\u2013${REFERENCE_MAX_LENGTH} characters`
-    );
+  if (!UUID_REGEX.test(reference)) {
+    throwValidation("reference must be a valid UUID");
   }
   return reference;
 }
@@ -960,6 +974,19 @@ function createSdkInstance(config) {
     }
     return slangTs.Err(result.error);
   }
+  async function listTransactions(input) {
+    const result = await transport.send({
+      action: SDK_ACTIONS.listTransactions,
+      payload: input ?? {}
+    });
+    if (result.isOk) {
+      return slangTs.Ok(result.value);
+    }
+    return slangTs.Err(result.error);
+  }
+  async function getTransactionsByTag(tag, options) {
+    return listTransactions({ ...options, tags: [tag] });
+  }
   function verifyWebhook(input) {
     return verifyWebhookSignature(input);
   }
@@ -970,6 +997,8 @@ function createSdkInstance(config) {
     makePayoutAndResolve,
     getStatus,
     getTransaction,
+    listTransactions,
+    getTransactionsByTag,
     verifyPhone,
     createInvoice,
     verifyWebhookSignature: verifyWebhook