npm - @nokinc-flur/sdk - Versions diffs - 1.0.3 → 1.0.5 - Mend

@nokinc-flur/sdk 1.0.3 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js CHANGED Viewed

@@ -41,7 +41,9 @@ var OnboardingCompleteResponseSchema = z.object({
   sessionToken: z.string().min(1),
   userId: UuidSchema,
   restricted: z.boolean(),
-  risk_reasons: z.array(z.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])),
+  risk_reasons: z.array(
+    z.enum(["SIM_SWAP_RECENT", "ROAMING", "CARRIER_CHANGED"])
+  ),
   stepUpRequired: z.boolean().optional(),
   riskStatus: z.enum(["ok", "unavailable"]).optional()
 });
@@ -94,9 +96,11 @@ var RegisterSendDeviceKeyRequestSchema = z.object({
   deviceId: z.string().min(3),
   publicKey: z.string().min(32)
 });
+var SEND_AUTH_PURPOSES = ["send_money", "offline_revoke"];
 var SendChallengeRequestSchema = z.object({
   userId: UuidSchema,
-  deviceId: z.string().min(3)
+  deviceId: z.string().min(3),
+  purpose: z.enum(SEND_AUTH_PURPOSES).optional()
 });
 var SendChallengeResponseSchema = z.object({
   challengeId: UuidSchema,
@@ -396,10 +400,20 @@ var FlurClient = class {
     this.getExtraHeaders = opts.getExtraHeaders;
   }
   async health() {
-    return this.requestJson("/health", { method: "GET" }, void 0, HealthResponseSchema);
+    return this.requestJson(
+      "/health",
+      { method: "GET" },
+      void 0,
+      HealthResponseSchema
+    );
   }
   async welcome() {
-    return this.requestJson("/welcome", { method: "GET" }, void 0, WelcomeResponseSchema);
+    return this.requestJson(
+      "/welcome",
+      { method: "GET" },
+      void 0,
+      WelcomeResponseSchema
+    );
   }
   async onboardingStart(input) {
     return this.requestJson(
@@ -544,24 +558,33 @@ var FlurClient = class {
   }
   async registerBiometricDeviceKey(input) {
     const publicKey = await input.signer.getOrCreateKeyPair(input.deviceId);
-    return this.registerSendDeviceKey({
-      userId: input.userId,
-      deviceId: input.deviceId,
-      publicKey
-    }, { accessToken: input.accessToken });
+    return this.registerSendDeviceKey(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId,
+        publicKey
+      },
+      { accessToken: input.accessToken }
+    );
   }
   async authorizeSendWithBiometric(input) {
-    const challenge = await this.createSendChallenge({
-      userId: input.userId,
-      deviceId: input.deviceId
-    }, { accessToken: input.accessToken });
+    const challenge = await this.createSendChallenge(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId
+      },
+      { accessToken: input.accessToken }
+    );
     const signature = await input.signer.sign(challenge.nonce);
-    return this.verifySendChallenge({
-      userId: input.userId,
-      deviceId: input.deviceId,
-      challengeId: challenge.challengeId,
-      signature
-    }, { accessToken: input.accessToken });
+    return this.verifySendChallenge(
+      {
+        userId: input.userId,
+        deviceId: input.deviceId,
+        challengeId: challenge.challengeId,
+        signature
+      },
+      { accessToken: input.accessToken }
+    );
   }
   async resolveRecipient(input, options) {
     return this.requestJson(
@@ -726,7 +749,12 @@ var FlurClient = class {
         ...init2.headers,
         ...extraHeaders
       };
-      const res = await this.fetchImpl(url, { ...init2, headers: finalHeaders, body, signal: controller.signal });
+      const res = await this.fetchImpl(url, {
+        ...init2,
+        headers: finalHeaders,
+        body,
+        signal: controller.signal
+      });
       if (!res.ok) throw await mapToFlurError(res);
       const payload = await res.json();
       if (!responseSchema) return payload;
@@ -734,9 +762,13 @@ var FlurClient = class {
         return responseSchema.parse(payload);
       } catch (err) {
         if (err instanceof z3.ZodError) {
-          throw new FlurError("SDK contract validation failed", "INVALID_REQUEST", {
-            details: err.flatten()
-          });
+          throw new FlurError(
+            "SDK contract validation failed",
+            "INVALID_REQUEST",
+            {
+              details: err.flatten()
+            }
+          );
         }
         throw err;
       }
@@ -745,7 +777,9 @@ var FlurClient = class {
         throw new FlurError("Request timed out", "TIMEOUT");
       }
       if (err instanceof FlurError) throw err;
-      throw new FlurError("Network error", "NETWORK_ERROR", { details: String(err) });
+      throw new FlurError("Network error", "NETWORK_ERROR", {
+        details: String(err)
+      });
     } finally {
       clearTimeout(t);
     }
@@ -755,7 +789,10 @@ function getSecureRandomUuid() {
   if (typeof globalThis.crypto?.randomUUID === "function") {
     return globalThis.crypto.randomUUID();
   }
-  throw new FlurError("Secure UUID generator unavailable; provide idempotencyKey", "INVALID_REQUEST");
+  throw new FlurError(
+    "Secure UUID generator unavailable; provide idempotencyKey",
+    "INVALID_REQUEST"
+  );
 }
 // src/nqr/fields.ts
@@ -1428,6 +1465,8 @@ function decodeAuthorizationQR(s) {
 // src/offline/settlements.ts
 import { z as z6 } from "zod";
+import { sha256 } from "@noble/hashes/sha256";
+import { bytesToHex as bytesToHex2 } from "@noble/hashes/utils";
 var OfflineTokenSchema = z6.object({
   tokenId: z6.string().uuid(),
   tokenSerial: z6.string(),
@@ -1478,14 +1517,7 @@ var SettleResponseSchema = z6.object({
 });
 var ENCOUNTER_DOMAIN = "offline:v1:encounter";
 async function sha256Hex(input) {
-  const subtle = globalThis.crypto?.subtle;
-  const enc2 = new TextEncoder().encode(input);
-  if (subtle) {
-    const buf = await subtle.digest("SHA-256", enc2);
-    return Array.from(new Uint8Array(buf)).map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-  const mod = await import("crypto");
-  return mod.createHash("sha256").update(input).digest("hex");
+  return bytesToHex2(sha256(new TextEncoder().encode(input)));
 }
 async function computeEncounterId(input) {
   return sha256Hex(
@@ -1533,8 +1565,8 @@ function createOfflineSettlementsClient(partner) {
 // src/auth/hmac.ts
 import { hmac } from "@noble/hashes/hmac";
-import { sha256 } from "@noble/hashes/sha256";
-function bytesToHex2(b) {
+import { sha256 as sha2562 } from "@noble/hashes/sha256";
+function bytesToHex3(b) {
   let s = "";
   for (let i = 0; i < b.length; i++) s += b[i].toString(16).padStart(2, "0");
   return s;
@@ -1546,7 +1578,7 @@ function constantTimeStringEqual(a, b) {
   return diff === 0;
 }
 function bodySha256Hex(body) {
-  return bytesToHex2(sha256(new TextEncoder().encode(body)));
+  return bytesToHex3(sha2562(new TextEncoder().encode(body)));
 }
 function canonicalRequestString(input) {
   return [
@@ -1558,8 +1590,8 @@ function canonicalRequestString(input) {
   ].join("\n");
 }
 function signRequestHMAC(input) {
-  return bytesToHex2(
-    hmac(sha256, input.apiSecret, canonicalRequestString(input))
+  return bytesToHex3(
+    hmac(sha2562, input.apiSecret, canonicalRequestString(input))
   );
 }
 function verifyRequestHMAC(input) {
@@ -2318,6 +2350,9 @@ function createAccountsClient(opts) {
 // src/partner/client.ts
 import { z as z11 } from "zod";
+import { sha256 as sha2563 } from "@noble/hashes/sha256";
+import { hmac as hmac2 } from "@noble/hashes/hmac";
+import { bytesToHex as bytesToHex4 } from "@noble/hashes/utils";
 var PARTNER_SCOPES = [
   "passes:write",
   "passes:read",
@@ -2341,39 +2376,13 @@ var ApiCredentialPublicSchema = z11.object({
 var MintedApiCredentialSchema = ApiCredentialPublicSchema.extend({
   secret: z11.string().min(1)
 });
-async function getSubtle() {
-  const c = globalThis.crypto;
-  if (c?.subtle) return c.subtle;
-  const mod = await import("crypto");
-  return mod.webcrypto.subtle;
-}
 var enc = new TextEncoder();
-function bytesToHex3(buf) {
-  const u = new Uint8Array(buf);
-  let s = "";
-  for (let i = 0; i < u.length; i++) {
-    s += u[i].toString(16).padStart(2, "0");
-  }
-  return s;
-}
 async function sha256Hex2(input) {
-  const subtle = await getSubtle();
   const data = typeof input === "string" ? enc.encode(input) : input;
-  const buffer = data.byteOffset === 0 && data.byteLength === data.buffer.byteLength ? data.buffer : data.slice().buffer;
-  const buf = await subtle.digest("SHA-256", buffer);
-  return bytesToHex3(buf);
+  return bytesToHex4(sha2563(data));
 }
 async function hmacSha256Hex(keyHex, message) {
-  const subtle = await getSubtle();
-  const key = await subtle.importKey(
-    "raw",
-    enc.encode(keyHex),
-    { name: "HMAC", hash: "SHA-256" },
-    false,
-    ["sign"]
-  );
-  const sig = await subtle.sign("HMAC", key, enc.encode(message));
-  return bytesToHex3(sig);
+  return bytesToHex4(hmac2(sha2563, enc.encode(keyHex), enc.encode(message)));
 }
 function defaultNonce2() {
   const c = globalThis.crypto;
@@ -2534,6 +2543,260 @@ function createApiCredentialsAdminClient(opts) {
     )
   };
 }
+// src/me-offline/client.ts
+import { z as z12 } from "zod";
+var Hex64 = z12.string().regex(/^[0-9a-f]{64}$/i);
+var HexAny = z12.string().regex(/^[0-9a-f]+$/i);
+var Sha256Hex = z12.string().regex(/^[0-9a-f]{64}$/i);
+var RegisterDeviceKeyInputSchema = z12.object({
+  deviceId: z12.string().min(1).max(128),
+  publicKeyHex: Hex64
+});
+var DeviceKeyRecordSchema = z12.object({
+  id: z12.string().uuid(),
+  userId: z12.string().uuid(),
+  deviceId: z12.string(),
+  publicKeyHex: Hex64,
+  createdAtMs: z12.number().int().nonnegative(),
+  revokedAtMs: z12.number().int().nonnegative().nullable()
+});
+var ConsumerOACSchema = z12.object({
+  oacId: z12.string().uuid(),
+  issuerId: z12.string().min(1).max(64),
+  userId: z12.string().uuid(),
+  deviceId: z12.string().min(1).max(128),
+  devicePubkeyHex: Hex64,
+  perTxCapKobo: z12.number().int().positive(),
+  cumulativeCapKobo: z12.number().int().positive(),
+  currency: z12.string().length(3),
+  validFromMs: z12.number().int().nonnegative(),
+  validUntilMs: z12.number().int().nonnegative(),
+  counterSeed: z12.number().int().nonnegative(),
+  issuedAtMs: z12.number().int().nonnegative()
+});
+var SignedConsumerOACSchema = z12.object({
+  oac: ConsumerOACSchema,
+  issuerSig: HexAny,
+  issuerPublicKeyHex: Hex64
+});
+var OACRecordSchema = SignedConsumerOACSchema.extend({
+  currentOfflineSpentKobo: z12.number().int().nonnegative(),
+  status: z12.enum([
+    "active",
+    "superseded",
+    "expired",
+    "revoked",
+    "disabling",
+    "draining",
+    "closed"
+  ]),
+  supersededAtMs: z12.number().int().nonnegative().nullable(),
+  revokedAtMs: z12.number().int().nonnegative().nullable(),
+  holdId: z12.string().uuid().nullable().optional()
+});
+var IssueOACInputSchema = z12.object({
+  deviceId: z12.string().min(1).max(128),
+  perTxCapKobo: z12.number().int().positive().optional(),
+  cumulativeCapKobo: z12.number().int().positive().optional(),
+  ttlMs: z12.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
+  spendableOnlineKobo: z12.number().int().nonnegative().optional()
+});
+var EnableOfflineInputSchema = z12.object({
+  deviceId: z12.string().min(1).max(128),
+  amountKobo: z12.number().int().positive(),
+  perTxCapKobo: z12.number().int().positive().optional(),
+  ttlMs: z12.number().int().min(6e4).max(1e3 * 60 * 60 * 24 * 7).optional(),
+  installId: z12.string().min(1).max(128),
+  partnerId: z12.string().min(1).max(64).optional()
+});
+var DisableOfflineInputSchema = z12.object({
+  deviceId: z12.string().min(1).max(128),
+  installId: z12.string().min(1).max(128).optional(),
+  claims: z12.array(z12.unknown()).max(256).optional()
+});
+var OfflineHoldRecordSchema = z12.object({
+  holdId: z12.string().uuid(),
+  userId: z12.string().uuid(),
+  deviceId: z12.string(),
+  partnerId: z12.string(),
+  adapterKind: z12.string(),
+  externalHoldRef: z12.string().nullable(),
+  amountKobo: z12.number().int().nonnegative(),
+  capturedKobo: z12.number().int().nonnegative(),
+  releasedKobo: z12.number().int().nonnegative(),
+  remainingKobo: z12.number().int().nonnegative(),
+  currency: z12.string().length(3),
+  status: z12.enum([
+    "placing",
+    "active",
+    "disabling",
+    "draining",
+    "closed",
+    "revoked",
+    "failed"
+  ]),
+  installId: z12.string().nullable(),
+  drainDeadlineMs: z12.number().int().nonnegative(),
+  disableRequestedAtMs: z12.number().int().nonnegative().nullable(),
+  createdAtMs: z12.number().int().nonnegative(),
+  closedAtMs: z12.number().int().nonnegative().nullable(),
+  isTrusted: z12.boolean().optional()
+});
+var EnableOfflineResultSchema = z12.object({
+  hold: OfflineHoldRecordSchema,
+  oac: OACRecordSchema
+});
+var DisableOfflineResultSchema = z12.object({
+  hold: OfflineHoldRecordSchema,
+  trusted: z12.boolean(),
+  settledClaims: z12.number().int().nonnegative()
+});
+var OfflineStatusResultSchema = z12.object({
+  hold: OfflineHoldRecordSchema.nullable(),
+  active: OACRecordSchema.nullable()
+});
+var OfflineStateResultSchema = z12.object({
+  active: OACRecordSchema.nullable()
+});
+var ConsumerPaymentClaimSchema = z12.object({
+  oacId: z12.string().uuid(),
+  encounterId: Sha256Hex.optional(),
+  payerUserId: z12.string().uuid(),
+  payeeUserId: z12.string().uuid(),
+  payerDeviceId: z12.string().min(1).max(128),
+  payerNonce: z12.string().min(8).max(128),
+  payeeNonce: z12.string().min(8).max(128),
+  amountKobo: z12.number().int().positive(),
+  currency: z12.string().length(3).default("NGN"),
+  occurredAtMs: z12.number().int().nonnegative(),
+  completedAtMs: z12.number().int().nonnegative().optional(),
+  contextId: z12.string().max(128).optional(),
+  payerPubkeyHex: Hex64,
+  payerSignature: HexAny,
+  payeePubkeyHex: Hex64.optional(),
+  payeeSignature: HexAny.optional()
+});
+var ConsumerSettlementSchema = z12.object({
+  settlementId: z12.string().uuid(),
+  settlementKey: Sha256Hex,
+  encounterId: Sha256Hex,
+  oacId: z12.string().uuid(),
+  payerUserId: z12.string().uuid(),
+  payeeUserId: z12.string().uuid(),
+  amountKobo: z12.number().int().positive(),
+  currency: z12.string().length(3),
+  status: z12.enum(["SETTLED", "REVIEW"]),
+  reviewReason: z12.string().nullable(),
+  ledgerRef: z12.string().nullable(),
+  issuerSig: HexAny,
+  createdAtMs: z12.number().int().nonnegative()
+});
+var ConsumerSettleResultSchema = z12.object({
+  settlement: ConsumerSettlementSchema,
+  encounterId: Sha256Hex,
+  replayed: z12.boolean()
+});
+var RevokeDeviceKeyInputSchema = z12.object({
+  deviceId: z12.string().min(1).max(128),
+  /** Step-up token from /api/v1/auth/send/verify with purpose='offline_revoke'. */
+  sendAuthToken: z12.string().min(16)
+});
+function createMeOfflineClient(opts) {
+  const fetchImpl = opts.fetchImpl ?? globalThis.fetch;
+  if (!fetchImpl) {
+    throw new Error("createMeOfflineClient: no fetch implementation available");
+  }
+  const baseUrl = opts.baseUrl.replace(/\/$/, "");
+  async function call(method, path, body, parser) {
+    const init2 = {
+      method,
+      headers: {
+        "content-type": "application/json",
+        accept: "application/json"
+      }
+    };
+    if (body !== void 0) init2.body = JSON.stringify(body);
+    const resp = await fetchImpl(`${baseUrl}${path}`, init2);
+    const text = await resp.text();
+    let raw = void 0;
+    if (text) {
+      try {
+        raw = JSON.parse(text);
+      } catch {
+      }
+    }
+    if (!resp.ok) {
+      const code = raw && typeof raw === "object" && "code" in raw && typeof raw.code === "string" ? raw.code : `http_${resp.status}`;
+      const message = raw && typeof raw === "object" && "message" in raw && typeof raw.message === "string" ? raw.message : `request failed with status ${resp.status}`;
+      throw new FlurApiError(resp.status, code, message, raw);
+    }
+    return parser(raw);
+  }
+  const deviceKeyItems = z12.object({ items: z12.array(DeviceKeyRecordSchema) });
+  return {
+    registerDeviceKey: (input) => call(
+      "POST",
+      "/v1/me/offline/keys",
+      RegisterDeviceKeyInputSchema.parse(input),
+      (raw) => DeviceKeyRecordSchema.parse(raw)
+    ),
+    listDeviceKeys: () => call(
+      "GET",
+      "/v1/me/offline/keys",
+      void 0,
+      (raw) => deviceKeyItems.parse(raw)
+    ),
+    revokeDeviceKey: (input) => call(
+      "POST",
+      "/v1/me/offline/keys/revoke",
+      RevokeDeviceKeyInputSchema.parse(input),
+      () => void 0
+    ),
+    enable: (input) => call(
+      "POST",
+      "/v1/me/offline/enable",
+      EnableOfflineInputSchema.parse(input),
+      (raw) => EnableOfflineResultSchema.parse(raw)
+    ),
+    refresh: (input) => call(
+      "POST",
+      "/v1/me/offline/refresh",
+      IssueOACInputSchema.parse(input),
+      (raw) => OACRecordSchema.parse(raw)
+    ),
+    disable: (input) => call(
+      "POST",
+      "/v1/me/offline/disable",
+      DisableOfflineInputSchema.parse(input),
+      (raw) => DisableOfflineResultSchema.parse(raw)
+    ),
+    getStatus: (deviceId) => {
+      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
+      return call(
+        "GET",
+        `/v1/me/offline/status${qs}`,
+        void 0,
+        (raw) => OfflineStatusResultSchema.parse(raw)
+      );
+    },
+    getState: (deviceId) => {
+      const qs = deviceId ? `?deviceId=${encodeURIComponent(deviceId)}` : "";
+      return call(
+        "GET",
+        `/v1/me/offline/state${qs}`,
+        void 0,
+        (raw) => OfflineStateResultSchema.parse(raw)
+      );
+    },
+    submitClaim: (claim) => call(
+      "POST",
+      "/v1/me/offline/claims",
+      ConsumerPaymentClaimSchema.parse(claim),
+      (raw) => ConsumerSettleResultSchema.parse(raw)
+    )
+  };
+}
 export {
   ACCOUNT_STATUSES,
   ACCOUNT_TYPES,
@@ -2541,6 +2804,16 @@ export {
   AccountMembershipSchema,
   AccountSchema,
   ApiCredentialPublicSchema,
+  OACRecordSchema as ConsumerOACRecordSchema,
+  ConsumerOACSchema,
+  ConsumerPaymentClaimSchema,
+  ConsumerSettleResultSchema,
+  ConsumerSettlementSchema,
+  DeviceKeyRecordSchema,
+  DisableOfflineInputSchema,
+  DisableOfflineResultSchema,
+  EnableOfflineInputSchema,
+  EnableOfflineResultSchema,
   FIELD,
   FlurApiError,
   FlurCapExceededError,
@@ -2548,6 +2821,7 @@ export {
   FlurError,
   FlurExpiredError,
   FlurReplayError,
+  IssueOACInputSchema,
   MEMBERSHIP_ROLES,
   MintedApiCredentialSchema,
   NGN_CURRENCY_CODE,
@@ -2557,8 +2831,11 @@ export {
   OAC_DEFAULT_CUMULATIVE_KOBO,
   OAC_DEFAULT_PER_TX_KOBO,
   OAC_DEFAULT_VALIDITY_MS,
+  OfflineHoldRecordSchema,
   OfflinePaymentAuthorizationSchema,
   OfflinePaymentRequestSchema,
+  OfflineStateResultSchema,
+  OfflineStatusResultSchema,
   OfflineTokenSchema,
   PARTNER_SCOPES,
   PASS_KINDS,
@@ -2574,8 +2851,11 @@ export {
   ReceiptPayloadSchema,
   ReceiptSchema,
   RedemptionSchema,
+  RegisterDeviceKeyInputSchema,
+  RevokeDeviceKeyInputSchema,
   SettleResponseSchema,
   SettlementSchema,
+  SignedConsumerOACSchema,
   bodySha256Hex,
   buildAuthorization,
   buildOAC,
@@ -2594,6 +2874,7 @@ export {
   createApiCredentialsAdminClient,
   createFlurPartnerClient,
   createHmacFetch,
+  createMeOfflineClient,
   createOfflineSettlementsClient,
   createPassesClient,
   createReceiptsClient,