npm - @norbix.ai/ts - Versions diffs - 1.0.1 → 1.1.0 - Mend

@norbix.ai/ts 1.0.1 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +1 -0
package/dist/webhooks/index.cjs +267 -0
package/dist/webhooks/index.cjs.map +1 -0
package/dist/webhooks/index.d.cts +175 -0
package/dist/webhooks/index.d.ts +175 -0
package/dist/webhooks/index.js +255 -0
package/dist/webhooks/index.js.map +1 -0
package/package.json +6 -1

package/README.md CHANGED Viewed

@@ -353,6 +353,7 @@ Default base URL: `https://hub.norbix.ai`. **18 modules · 315 endpoints.**
 | 👥 `membership`    | Roles, policies, users, preferences, integrations, triggers             | [`docs/hub/membership.md`](./docs/hub/membership.md)       |
 | ⏰ `scheduler`     | Scheduler module and task management                                    | [`docs/hub/scheduler.md`](./docs/hub/scheduler.md)         |
 | 🪝 `webhooks`      | Webhook integrations, destinations, tests, module settings              | [`docs/hub/webhooks.md`](./docs/hub/webhooks.md)           |
+| 📥 `webhooks` (receiver) | Verify & handle inbound Norbix webhook POSTs at your endpoint       | [`docs/webhooks-receiver.md`](./docs/webhooks-receiver.md) |
 | 🔐 `auth`          | Hub-side sign-in flows                                                  | [`docs/hub/auth.md`](./docs/hub/auth.md)                   |
 | 🔑 `apikeys`       | List + regenerate Hub API keys                                          | [`docs/hub/apikeys.md`](./docs/hub/apikeys.md)             |
 | 🪪 `accessToken`   | Refresh-token exchange                                                  | [`docs/hub/access_token.md`](./docs/hub/access_token.md)   |

package/dist/webhooks/index.cjs ADDED Viewed

@@ -0,0 +1,267 @@
+'use strict';
+var crypto = require('crypto');
+// src/webhooks/errors.ts
+var NorbixWebhookError = class extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "NorbixWebhookError";
+    this.code = code;
+  }
+};
+var NorbixWebhookSignatureError = class extends NorbixWebhookError {
+  constructor(message) {
+    super(message, "WEBHOOK_SIGNATURE_INVALID");
+    this.name = "NorbixWebhookSignatureError";
+  }
+};
+var NorbixWebhookParseError = class extends NorbixWebhookError {
+  constructor(message) {
+    super(message, "WEBHOOK_PARSE_INVALID");
+    this.name = "NorbixWebhookParseError";
+  }
+};
+// src/webhooks/events.ts
+var NORBIX_WEBHOOK_EVENT_NAMES = [
+  "database.record.inserted",
+  "database.record.updated",
+  "database.record.deleted",
+  "database.record.replaced",
+  "database.record.responsibilityChanged",
+  "database.records.inserted",
+  "database.records.updated",
+  "database.records.deleted",
+  "membership.user.registered",
+  "membership.user.invited",
+  "membership.user.verified",
+  "membership.user.updated",
+  "membership.user.deleted",
+  "membership.user.blocked",
+  "membership.user.reactivated",
+  "files.file.uploaded",
+  "files.file.deleted"
+];
+var NORBIX_WEBHOOK_EVENT_GROUPS = [
+  {
+    group: "database",
+    label: "Database",
+    events: [
+      "database.record.inserted",
+      "database.record.updated",
+      "database.record.deleted",
+      "database.record.replaced",
+      "database.record.responsibilityChanged",
+      "database.records.inserted",
+      "database.records.updated",
+      "database.records.deleted"
+    ]
+  },
+  {
+    group: "membership",
+    label: "Membership",
+    events: [
+      "membership.user.registered",
+      "membership.user.invited",
+      "membership.user.verified",
+      "membership.user.updated",
+      "membership.user.deleted",
+      "membership.user.blocked",
+      "membership.user.reactivated"
+    ]
+  },
+  {
+    group: "files",
+    label: "Files",
+    events: ["files.file.uploaded", "files.file.deleted"]
+  }
+];
+// src/webhooks/headers.ts
+var NORBIX_WEBHOOK_HEADERS = {
+  event: "X-Norbix-Event",
+  delivery: "X-Norbix-Delivery",
+  idempotencyKey: "Idempotency-Key",
+  account: "X-Norbix-Account",
+  project: "X-Norbix-Project",
+  integration: "X-Norbix-Integration",
+  destination: "X-Norbix-Destination",
+  signature: "X-Norbix-Signature",
+  timestamp: "X-Norbix-Timestamp"
+};
+function headerValue(headers, name) {
+  if (headers instanceof Headers) {
+    return headers.get(name);
+  }
+  const direct = headers[name];
+  if (direct !== void 0) {
+    return Array.isArray(direct) ? direct[0] ?? null : direct;
+  }
+  const lower = name.toLowerCase();
+  const lowerDirect = headers[lower];
+  if (lowerDirect !== void 0) {
+    return Array.isArray(lowerDirect) ? lowerDirect[0] ?? null : lowerDirect;
+  }
+  for (const [key, value] of Object.entries(headers)) {
+    if (key.toLowerCase() === lower) {
+      return Array.isArray(value) ? value[0] ?? null : value ?? null;
+    }
+  }
+  return null;
+}
+function parseNorbixWebhookHeaders(headers) {
+  const deliveryId = headerValue(headers, NORBIX_WEBHOOK_HEADERS.delivery) ?? headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey);
+  return {
+    event: headerValue(headers, NORBIX_WEBHOOK_HEADERS.event),
+    deliveryId,
+    idempotencyKey: headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey),
+    accountId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.account),
+    projectId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.project),
+    integrationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.integration),
+    destinationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.destination),
+    signature: headerValue(headers, NORBIX_WEBHOOK_HEADERS.signature),
+    timestamp: headerValue(headers, NORBIX_WEBHOOK_HEADERS.timestamp)
+  };
+}
+function parseNorbixWebhookEnvelope(rawBody) {
+  let parsed;
+  try {
+    parsed = JSON.parse(rawBody);
+  } catch {
+    throw new NorbixWebhookParseError("Webhook body is not valid JSON");
+  }
+  if (!parsed || typeof parsed !== "object") {
+    throw new NorbixWebhookParseError("Webhook body must be a JSON object");
+  }
+  const envelope = parsed;
+  if (typeof envelope.id !== "string" || !envelope.id) {
+    throw new NorbixWebhookParseError("Webhook envelope missing id");
+  }
+  if (typeof envelope.event !== "string" || !envelope.event) {
+    throw new NorbixWebhookParseError("Webhook envelope missing event");
+  }
+  return envelope;
+}
+function verifyNorbixWebhookSignature(input) {
+  const { secret, rawBody, signature, timestamp, toleranceSeconds = 300 } = input;
+  if (!signature) {
+    return { ok: false, reason: "missing X-Norbix-Signature header" };
+  }
+  if (!timestamp) {
+    return { ok: false, reason: "missing X-Norbix-Timestamp header" };
+  }
+  if (toleranceSeconds > 0) {
+    const sent = Number(timestamp);
+    if (!Number.isFinite(sent)) {
+      return { ok: false, reason: "X-Norbix-Timestamp is not a number" };
+    }
+    const ageSeconds = Math.abs(Date.now() / 1e3 - sent);
+    if (ageSeconds > toleranceSeconds) {
+      return {
+        ok: false,
+        reason: `timestamp outside ${toleranceSeconds}s tolerance (age ${Math.round(ageSeconds)}s)`
+      };
+    }
+  }
+  const expected = computeNorbixWebhookSignature(secret, timestamp, rawBody);
+  if (!timingSafeEqualUtf8(expected, signature)) {
+    return { ok: false, reason: "signature mismatch" };
+  }
+  return { ok: true };
+}
+function computeNorbixWebhookSignature(secret, timestamp, rawBody) {
+  return `sha256=${hmacSha256Hex(secret, `${timestamp}.${rawBody}`)}`;
+}
+function hmacSha256Hex(secret, payload) {
+  return crypto.createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+}
+function timingSafeEqualUtf8(a, b) {
+  const bufA = Buffer.from(a, "utf8");
+  const bufB = Buffer.from(b, "utf8");
+  if (bufA.length !== bufB.length) return false;
+  return crypto.timingSafeEqual(bufA, bufB);
+}
+// src/webhooks/receiver.ts
+var NorbixWebhookReceiver = class {
+  constructor(options = {}) {
+    this.options = options;
+  }
+  options;
+  handlers = /* @__PURE__ */ new Map();
+  defaultHandler;
+  /** Handle a specific event name (e.g. membership.user.registered). */
+  on(event, handler) {
+    this.handlers.set(event, handler);
+    return this;
+  }
+  /** Fallback when no event-specific handler is registered. */
+  onDefault(handler) {
+    this.defaultHandler = handler;
+    return this;
+  }
+  /**
+   * Verify (when secret configured), parse, and dispatch the delivery.
+   * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.
+   */
+  async handle(input) {
+    const deliveryHeaders = parseNorbixWebhookHeaders(input.headers);
+    const shouldVerify = input.verify !== false && !!this.options.secret;
+    let verified = null;
+    if (shouldVerify && this.options.secret) {
+      const result = verifyNorbixWebhookSignature({
+        secret: this.options.secret,
+        rawBody: input.rawBody,
+        signature: deliveryHeaders.signature,
+        timestamp: deliveryHeaders.timestamp,
+        toleranceSeconds: this.options.toleranceSeconds ?? 300
+      });
+      if (!result.ok) {
+        throw new NorbixWebhookSignatureError(result.reason ?? "Invalid signature");
+      }
+      verified = true;
+    }
+    const envelope = parseNorbixWebhookEnvelope(input.rawBody);
+    const ctx = {
+      path: input.path,
+      headers: {
+        ...deliveryHeaders,
+        event: deliveryHeaders.event ?? envelope.event,
+        deliveryId: deliveryHeaders.deliveryId ?? envelope.id,
+        accountId: deliveryHeaders.accountId ?? envelope.accountId,
+        projectId: deliveryHeaders.projectId ?? envelope.projectId
+      },
+      verified
+    };
+    const handler = this.handlers.get(envelope.event) ?? this.defaultHandler;
+    let handled = false;
+    if (handler) {
+      await handler(envelope, ctx);
+      handled = true;
+    }
+    return {
+      received: true,
+      event: envelope.event,
+      deliveryId: envelope.id,
+      verified,
+      handled,
+      triggerId: envelope.triggerId
+    };
+  }
+};
+exports.NORBIX_WEBHOOK_EVENT_GROUPS = NORBIX_WEBHOOK_EVENT_GROUPS;
+exports.NORBIX_WEBHOOK_EVENT_NAMES = NORBIX_WEBHOOK_EVENT_NAMES;
+exports.NORBIX_WEBHOOK_HEADERS = NORBIX_WEBHOOK_HEADERS;
+exports.NorbixWebhookError = NorbixWebhookError;
+exports.NorbixWebhookParseError = NorbixWebhookParseError;
+exports.NorbixWebhookReceiver = NorbixWebhookReceiver;
+exports.NorbixWebhookSignatureError = NorbixWebhookSignatureError;
+exports.computeNorbixWebhookSignature = computeNorbixWebhookSignature;
+exports.parseNorbixWebhookEnvelope = parseNorbixWebhookEnvelope;
+exports.parseNorbixWebhookHeaders = parseNorbixWebhookHeaders;
+exports.verifyNorbixWebhookSignature = verifyNorbixWebhookSignature;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map

package/dist/webhooks/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/webhooks/errors.ts","../../src/webhooks/events.ts","../../src/webhooks/headers.ts","../../src/webhooks/parse.ts","../../src/webhooks/receiver.ts"],"names":["createHmac","timingSafeEqual"],"mappings":";;;;;AAAO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EAET,WAAA,CAAY,SAAiB,IAAA,EAAc;AACzC,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EACd;AACF;AAEO,IAAM,2BAAA,GAAN,cAA0C,kBAAA,CAAmB;AAAA,EAClE,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAC1C,IAAA,IAAA,CAAK,IAAA,GAAO,6BAAA;AAAA,EACd;AACF;AAEO,IAAM,uBAAA,GAAN,cAAsC,kBAAA,CAAmB;AAAA,EAC9D,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,SAAS,uBAAuB,CAAA;AACtC,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AAAA,EACd;AACF;;;AClBO,IAAM,0BAAA,GAA6B;AAAA,EACxC,0BAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA,uCAAA;AAAA,EACA,2BAAA;AAAA,EACA,0BAAA;AAAA,EACA,0BAAA;AAAA,EACA,4BAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,6BAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF;AAUO,IAAM,2BAAA,GAAyD;AAAA,EACpE;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,MAAA,EAAQ;AAAA,MACN,0BAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA,0BAAA;AAAA,MACA,uCAAA;AAAA,MACA,2BAAA;AAAA,MACA,0BAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EACA;AAAA,IACE,KAAA,EAAO,YAAA;AAAA,IACP,KAAA,EAAO,YAAA;AAAA,IACP,MAAA,EAAQ;AAAA,MACN,4BAAA;AAAA,MACA,yBAAA;AAAA,MACA,0BAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,MAAA,EAAQ,CAAC,qBAAA,EAAuB,oBAAoB;AAAA;AAExD;;;ACxDO,IAAM,sBAAA,GAAyB;AAAA,EACpC,KAAA,EAAO,gBAAA;AAAA,EACP,QAAA,EAAU,mBAAA;AAAA,EACV,cAAA,EAAgB,iBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,sBAAA;AAAA,EACb,WAAA,EAAa,sBAAA;AAAA,EACb,SAAA,EAAW,oBAAA;AAAA,EACX,SAAA,EAAW;AACb;ACRA,SAAS,WAAA,CAAY,SAAiC,IAAA,EAA6B;AACjF,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,IAAA,OAAO,OAAA,CAAQ,IAAI,IAAI,CAAA;AAAA,EACzB;AAEA,EAAA,MAAM,MAAA,GAAS,QAAQ,IAAI,CAAA;AAC3B,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,OAAO,MAAM,OAAA,CAAQ,MAAM,IAAK,MAAA,CAAO,CAAC,KAAK,IAAA,GAAQ,MAAA;AAAA,EACvD;AAEA,EAAA,MAAM,KAAA,GAAQ,KAAK,WAAA,EAAY;AAC/B,EAAA,MAAM,WAAA,GAAc,QAAQ,KAAK,CAAA;AACjC,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,OAAO,MAAM,OAAA,CAAQ,WAAW,IAAK,WAAA,CAAY,CAAC,KAAK,IAAA,GAAQ,WAAA;AAAA,EACjE;AAGA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,KAAA,EAAO;AAC/B,MAAA,OAAO,KAAA,CAAM,QAAQ,KAAK,CAAA,GAAK,MAAM,CAAC,CAAA,IAAK,OAAS,KAAA,IAAS,IAAA;AAAA,IAC/D;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAGO,SAAS,0BACd,OAAA,EAC8B;AAC9B,EAAA,MAAM,UAAA,GACJ,YAAY,OAAA,EAAS,sBAAA,CAAuB,QAAQ,CAAA,IACpD,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,cAAc,CAAA;AAE5D,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,KAAK,CAAA;AAAA,IACxD,UAAA;AAAA,IACA,cAAA,EAAgB,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,cAAc,CAAA;AAAA,IAC1E,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,OAAO,CAAA;AAAA,IAC9D,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,OAAO,CAAA;AAAA,IAC9D,aAAA,EAAe,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,WAAW,CAAA;AAAA,IACtE,aAAA,EAAe,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,WAAW,CAAA;AAAA,IACtE,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,SAAS,CAAA;AAAA,IAChE,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,SAAS;AAAA,GAClE;AACF;AAGO,SAAS,2BACd,OAAA,EAC8B;AAC9B,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,wBAAwB,gCAAgC,CAAA;AAAA,EACpE;AAEA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,MAAM,IAAI,wBAAwB,oCAAoC,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,QAAA,GAAW,MAAA;AACjB,EAAA,IAAI,OAAO,QAAA,CAAS,EAAA,KAAO,QAAA,IAAY,CAAC,SAAS,EAAA,EAAI;AACnD,IAAA,MAAM,IAAI,wBAAwB,6BAA6B,CAAA;AAAA,EACjE;AACA,EAAA,IAAI,OAAO,QAAA,CAAS,KAAA,KAAU,QAAA,IAAY,CAAC,SAAS,KAAA,EAAO;AACzD,IAAA,MAAM,IAAI,wBAAwB,gCAAgC,CAAA;AAAA,EACpE;AAEA,EAAA,OAAO,QAAA;AACT;AAYO,SAAS,6BACd,KAAA,EAKoC;AACpC,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAW,SAAA,EAAW,gBAAA,GAAmB,KAAI,GAAI,KAAA;AAE1E,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,EAClE;AACA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,EAClE;AAEA,EAAA,IAAI,mBAAmB,CAAA,EAAG;AACxB,IAAA,MAAM,IAAA,GAAO,OAAO,SAAS,CAAA;AAC7B,IAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1B,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,oCAAA,EAAqC;AAAA,IACnE;AACA,IAAA,MAAM,aAAa,IAAA,CAAK,GAAA,CAAI,KAAK,GAAA,EAAI,GAAI,MAAO,IAAI,CAAA;AACpD,IAAA,IAAI,aAAa,gBAAA,EAAkB;AACjC,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,QAAQ,CAAA,kBAAA,EAAqB,gBAAgB,oBAAoB,IAAA,CAAK,KAAA,CAAM,UAAU,CAAC,CAAA,EAAA;AAAA,OACzF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,6BAAA,CAA8B,MAAA,EAAQ,SAAA,EAAW,OAAO,CAAA;AACzE,EAAA,IAAI,CAAC,mBAAA,CAAoB,QAAA,EAAU,SAAS,CAAA,EAAG;AAC7C,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,oBAAA,EAAqB;AAAA,EACnD;AAEA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AACpB;AAEO,SAAS,6BAAA,CACd,MAAA,EACA,SAAA,EACA,OAAA,EACQ;AACR,EAAA,OAAO,CAAA,OAAA,EAAU,cAAc,MAAA,EAAQ,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,OAAO,EAAE,CAAC,CAAA,CAAA;AACnE;AAEA,SAAS,aAAA,CAAc,QAAgB,OAAA,EAAyB;AAC9D,EAAA,OAAOA,iBAAA,CAAW,UAAU,MAAM,CAAA,CAAE,OAAO,OAAA,EAAS,MAAM,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAC1E;AAEA,SAAS,mBAAA,CAAoB,GAAW,CAAA,EAAoB;AAC1D,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,MAAM,CAAA;AAClC,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,MAAM,CAAA;AAClC,EAAA,IAAI,IAAA,CAAK,MAAA,KAAW,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AACxC,EAAA,OAAOC,sBAAA,CAAgB,MAAM,IAAI,CAAA;AACnC;;;AC/GO,IAAM,wBAAN,MAA4B;AAAA,EAIjC,WAAA,CAA6B,OAAA,GAAwC,EAAC,EAAG;AAA5C,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAA6C;AAAA,EAA7C,OAAA;AAAA,EAHZ,QAAA,uBAAe,GAAA,EAAkC;AAAA,EAC1D,cAAA;AAAA;AAAA,EAKR,EAAA,CAAG,OAAe,OAAA,EAAqC;AACrD,IAAA,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA,EAGA,UAAU,OAAA,EAAqC;AAC7C,IAAA,IAAA,CAAK,cAAA,GAAiB,OAAA;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,KAAA,EAAqE;AAChF,IAAA,MAAM,eAAA,GAAkB,yBAAA,CAA0B,KAAA,CAAM,OAAO,CAAA;AAC/D,IAAA,MAAM,eAAe,KAAA,CAAM,MAAA,KAAW,SAAS,CAAC,CAAC,KAAK,OAAA,CAAQ,MAAA;AAC9D,IAAA,IAAI,QAAA,GAA2B,IAAA;AAE/B,IAAA,IAAI,YAAA,IAAgB,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ;AACvC,MAAA,MAAM,SAAS,4BAAA,CAA6B;AAAA,QAC1C,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,QACrB,SAAS,KAAA,CAAM,OAAA;AAAA,QACf,WAAW,eAAA,CAAgB,SAAA;AAAA,QAC3B,WAAW,eAAA,CAAgB,SAAA;AAAA,QAC3B,gBAAA,EAAkB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB;AAAA,OACpD,CAAA;AACD,MAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,QAAA,MAAM,IAAI,2BAAA,CAA4B,MAAA,CAAO,MAAA,IAAU,mBAAmB,CAAA;AAAA,MAC5E;AACA,MAAA,QAAA,GAAW,IAAA;AAAA,IACb;AAEA,IAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,KAAA,CAAM,OAAO,CAAA;AACzD,IAAA,MAAM,GAAA,GAA4B;AAAA,MAChC,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,OAAA,EAAS;AAAA,QACP,GAAG,eAAA;AAAA,QACH,KAAA,EAAO,eAAA,CAAgB,KAAA,IAAS,QAAA,CAAS,KAAA;AAAA,QACzC,UAAA,EAAY,eAAA,CAAgB,UAAA,IAAc,QAAA,CAAS,EAAA;AAAA,QACnD,SAAA,EAAW,eAAA,CAAgB,SAAA,IAAa,QAAA,CAAS,SAAA;AAAA,QACjD,SAAA,EAAW,eAAA,CAAgB,SAAA,IAAa,QAAA,CAAS;AAAA,OACnD;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,UAAU,IAAA,CAAK,QAAA,CAAS,IAAI,QAAA,CAAS,KAAK,KAAK,IAAA,CAAK,cAAA;AAC1D,IAAA,IAAI,OAAA,GAAU,KAAA;AACd,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,MAAM,OAAA,CAAQ,UAAU,GAAG,CAAA;AAC3B,MAAA,OAAA,GAAU,IAAA;AAAA,IACZ;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,IAAA;AAAA,MACV,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,YAAY,QAAA,CAAS,EAAA;AAAA,MACrB,QAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAW,QAAA,CAAS;AAAA,KACtB;AAAA,EACF;AACF","file":"index.cjs","sourcesContent":["export class NorbixWebhookError extends Error {\n readonly code: string;\n\n constructor(message: string, code: string) {\n super(message);\n this.name = 'NorbixWebhookError';\n this.code = code;\n }\n}\n\nexport class NorbixWebhookSignatureError extends NorbixWebhookError {\n constructor(message: string) {\n super(message, 'WEBHOOK_SIGNATURE_INVALID');\n this.name = 'NorbixWebhookSignatureError';\n }\n}\n\nexport class NorbixWebhookParseError extends NorbixWebhookError {\n constructor(message: string) {\n super(message, 'WEBHOOK_PARSE_INVALID');\n this.name = 'NorbixWebhookParseError';\n }\n}\n","/**\n * Closed catalog of event names a destination may subscribe to.\n * Source: gateway Domain trigger event name value objects.\n */\nexport const NORBIX_WEBHOOK_EVENT_NAMES = [\n 'database.record.inserted',\n 'database.record.updated',\n 'database.record.deleted',\n 'database.record.replaced',\n 'database.record.responsibilityChanged',\n 'database.records.inserted',\n 'database.records.updated',\n 'database.records.deleted',\n 'membership.user.registered',\n 'membership.user.invited',\n 'membership.user.verified',\n 'membership.user.updated',\n 'membership.user.deleted',\n 'membership.user.blocked',\n 'membership.user.reactivated',\n 'files.file.uploaded',\n 'files.file.deleted',\n] as const;\n\nexport type NorbixWebhookEventName = (typeof NORBIX_WEBHOOK_EVENT_NAMES)[number];\n\nexport interface NorbixWebhookEventGroup {\n group: string;\n label: string;\n events: readonly string[];\n}\n\nexport const NORBIX_WEBHOOK_EVENT_GROUPS: NorbixWebhookEventGroup[] = [\n {\n group: 'database',\n label: 'Database',\n events: [\n 'database.record.inserted',\n 'database.record.updated',\n 'database.record.deleted',\n 'database.record.replaced',\n 'database.record.responsibilityChanged',\n 'database.records.inserted',\n 'database.records.updated',\n 'database.records.deleted',\n ],\n },\n {\n group: 'membership',\n label: 'Membership',\n events: [\n 'membership.user.registered',\n 'membership.user.invited',\n 'membership.user.verified',\n 'membership.user.updated',\n 'membership.user.deleted',\n 'membership.user.blocked',\n 'membership.user.reactivated',\n ],\n },\n {\n group: 'files',\n label: 'Files',\n events: ['files.file.uploaded', 'files.file.deleted'],\n },\n];\n","/**\n * Outbound Norbix webhook delivery headers.\n *\n * Source of truth: gateway `WebhookDeliveryClient` (NOT `AuthStatics` /\n * `ConfigureCors`, which define **inbound API** headers like\n * `norbix-account-id` / `norbix-project-id` for studio → gateway calls).\n *\n * @see gateway/src/Isidos.CodeMash.Services.Webhook/Dispatching/WebhookDeliveryClient.cs\n */\nexport const NORBIX_WEBHOOK_HEADERS = {\n event: 'X-Norbix-Event',\n delivery: 'X-Norbix-Delivery',\n idempotencyKey: 'Idempotency-Key',\n account: 'X-Norbix-Account',\n project: 'X-Norbix-Project',\n integration: 'X-Norbix-Integration',\n destination: 'X-Norbix-Destination',\n signature: 'X-Norbix-Signature',\n timestamp: 'X-Norbix-Timestamp',\n} as const;\n\nexport type NorbixWebhookHeaderName =\n (typeof NORBIX_WEBHOOK_HEADERS)[keyof typeof NORBIX_WEBHOOK_HEADERS];\n","import { createHmac, timingSafeEqual } from 'node:crypto';\n\nimport { NorbixWebhookParseError } from './errors.js';\nimport { NORBIX_WEBHOOK_HEADERS } from './headers.js';\nimport type {\n NorbixWebhookDeliveryHeaders,\n NorbixWebhookEnvelope,\n NorbixWebhookHeaderBag,\n NorbixWebhookVerifyOptions,\n} from './types.js';\n\nfunction headerValue(headers: NorbixWebhookHeaderBag, name: string): string | null {\n if (headers instanceof Headers) {\n return headers.get(name);\n }\n\n const direct = headers[name];\n if (direct !== undefined) {\n return Array.isArray(direct) ? (direct[0] ?? null) : direct;\n }\n\n const lower = name.toLowerCase();\n const lowerDirect = headers[lower];\n if (lowerDirect !== undefined) {\n return Array.isArray(lowerDirect) ? (lowerDirect[0] ?? null) : lowerDirect;\n }\n\n // Some frameworks preserve original casing on header keys.\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lower) {\n return Array.isArray(value) ? (value[0] ?? null) : (value ?? null);\n }\n }\n\n return null;\n}\n\n/** Read Norbix delivery headers from an incoming HTTP request. */\nexport function parseNorbixWebhookHeaders(\n headers: NorbixWebhookHeaderBag,\n): NorbixWebhookDeliveryHeaders {\n const deliveryId =\n headerValue(headers, NORBIX_WEBHOOK_HEADERS.delivery) ??\n headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey);\n\n return {\n event: headerValue(headers, NORBIX_WEBHOOK_HEADERS.event),\n deliveryId,\n idempotencyKey: headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey),\n accountId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.account),\n projectId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.project),\n integrationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.integration),\n destinationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.destination),\n signature: headerValue(headers, NORBIX_WEBHOOK_HEADERS.signature),\n timestamp: headerValue(headers, NORBIX_WEBHOOK_HEADERS.timestamp),\n };\n}\n\n/** Parse the JSON envelope from the raw POST body. */\nexport function parseNorbixWebhookEnvelope<TData = unknown>(\n rawBody: string,\n): NorbixWebhookEnvelope<TData> {\n let parsed: unknown;\n try {\n parsed = JSON.parse(rawBody);\n } catch {\n throw new NorbixWebhookParseError('Webhook body is not valid JSON');\n }\n\n if (!parsed || typeof parsed !== 'object') {\n throw new NorbixWebhookParseError('Webhook body must be a JSON object');\n }\n\n const envelope = parsed as Partial<NorbixWebhookEnvelope<TData>>;\n if (typeof envelope.id !== 'string' || !envelope.id) {\n throw new NorbixWebhookParseError('Webhook envelope missing id');\n }\n if (typeof envelope.event !== 'string' || !envelope.event) {\n throw new NorbixWebhookParseError('Webhook envelope missing event');\n }\n\n return envelope as NorbixWebhookEnvelope<TData>;\n}\n\nexport interface NorbixWebhookSignatureVerification {\n ok: boolean;\n reason?: string;\n}\n\n/**\n * Verify X-Norbix-Signature against the raw body.\n * Algorithm (gateway WebhookDeliveryClient.Sign):\n * sha256=<hex> HMAC-SHA256(secret, \"<timestamp>.<rawBody>\")\n */\nexport function verifyNorbixWebhookSignature(\n input: {\n rawBody: string;\n signature?: string | null;\n timestamp?: string | null;\n } & NorbixWebhookVerifyOptions,\n): NorbixWebhookSignatureVerification {\n const { secret, rawBody, signature, timestamp, toleranceSeconds = 300 } = input;\n\n if (!signature) {\n return { ok: false, reason: 'missing X-Norbix-Signature header' };\n }\n if (!timestamp) {\n return { ok: false, reason: 'missing X-Norbix-Timestamp header' };\n }\n\n if (toleranceSeconds > 0) {\n const sent = Number(timestamp);\n if (!Number.isFinite(sent)) {\n return { ok: false, reason: 'X-Norbix-Timestamp is not a number' };\n }\n const ageSeconds = Math.abs(Date.now() / 1000 - sent);\n if (ageSeconds > toleranceSeconds) {\n return {\n ok: false,\n reason: `timestamp outside ${toleranceSeconds}s tolerance (age ${Math.round(ageSeconds)}s)`,\n };\n }\n }\n\n const expected = computeNorbixWebhookSignature(secret, timestamp, rawBody);\n if (!timingSafeEqualUtf8(expected, signature)) {\n return { ok: false, reason: 'signature mismatch' };\n }\n\n return { ok: true };\n}\n\nexport function computeNorbixWebhookSignature(\n secret: string,\n timestamp: string,\n rawBody: string,\n): string {\n return `sha256=${hmacSha256Hex(secret, `${timestamp}.${rawBody}`)}`;\n}\n\nfunction hmacSha256Hex(secret: string, payload: string): string {\n return createHmac('sha256', secret).update(payload, 'utf8').digest('hex');\n}\n\nfunction timingSafeEqualUtf8(a: string, b: string): boolean {\n const bufA = Buffer.from(a, 'utf8');\n const bufB = Buffer.from(b, 'utf8');\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n","import { NorbixWebhookSignatureError } from './errors.js';\nimport {\n parseNorbixWebhookEnvelope,\n parseNorbixWebhookHeaders,\n verifyNorbixWebhookSignature,\n} from './parse.js';\nimport type {\n NorbixWebhookContext,\n NorbixWebhookHandleInput,\n NorbixWebhookHandleResult,\n NorbixWebhookHandler,\n NorbixWebhookReceiverOptions,\n} from './types.js';\n\n/**\n * Register handlers for inbound Norbix webhook deliveries (trigger → destination POST).\n *\n * Triggers with a `WebhookCall` action publish events to configured destinations.\n * This receiver verifies the HMAC signature, parses the envelope, and dispatches\n * to per-event handlers (similar to Stripe's webhook pattern).\n *\n * @example\n * ```ts\n * const receiver = new NorbixWebhookReceiver({\n * secret: process.env.NORBIX_WEBHOOK_SECRET,\n * });\n *\n * receiver.on('database.record.inserted', async (event) => {\n * console.log('inserted', event.data);\n * });\n *\n * receiver.onDefault(async (event) => {\n * console.log('unhandled', event.event);\n * });\n *\n * await receiver.handle({ rawBody, headers: req.headers });\n * ```\n */\nexport class NorbixWebhookReceiver {\n private readonly handlers = new Map<string, NorbixWebhookHandler>();\n private defaultHandler?: NorbixWebhookHandler;\n\n constructor(private readonly options: NorbixWebhookReceiverOptions = {}) {}\n\n /** Handle a specific event name (e.g. membership.user.registered). */\n on(event: string, handler: NorbixWebhookHandler): this {\n this.handlers.set(event, handler);\n return this;\n }\n\n /** Fallback when no event-specific handler is registered. */\n onDefault(handler: NorbixWebhookHandler): this {\n this.defaultHandler = handler;\n return this;\n }\n\n /**\n * Verify (when secret configured), parse, and dispatch the delivery.\n * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.\n */\n async handle(input: NorbixWebhookHandleInput): Promise<NorbixWebhookHandleResult> {\n const deliveryHeaders = parseNorbixWebhookHeaders(input.headers);\n const shouldVerify = input.verify !== false && !!this.options.secret;\n let verified: boolean | null = null;\n\n if (shouldVerify && this.options.secret) {\n const result = verifyNorbixWebhookSignature({\n secret: this.options.secret,\n rawBody: input.rawBody,\n signature: deliveryHeaders.signature,\n timestamp: deliveryHeaders.timestamp,\n toleranceSeconds: this.options.toleranceSeconds ?? 300,\n });\n if (!result.ok) {\n throw new NorbixWebhookSignatureError(result.reason ?? 'Invalid signature');\n }\n verified = true;\n }\n\n const envelope = parseNorbixWebhookEnvelope(input.rawBody);\n const ctx: NorbixWebhookContext = {\n path: input.path,\n headers: {\n ...deliveryHeaders,\n event: deliveryHeaders.event ?? envelope.event,\n deliveryId: deliveryHeaders.deliveryId ?? envelope.id,\n accountId: deliveryHeaders.accountId ?? envelope.accountId,\n projectId: deliveryHeaders.projectId ?? envelope.projectId,\n },\n verified,\n };\n\n const handler = this.handlers.get(envelope.event) ?? this.defaultHandler;\n let handled = false;\n if (handler) {\n await handler(envelope, ctx);\n handled = true;\n }\n\n return {\n received: true,\n event: envelope.event,\n deliveryId: envelope.id,\n verified,\n handled,\n triggerId: envelope.triggerId,\n };\n }\n}\n"]}

package/dist/webhooks/index.d.cts ADDED Viewed

@@ -0,0 +1,175 @@
+declare class NorbixWebhookError extends Error {
+    readonly code: string;
+    constructor(message: string, code: string);
+}
+declare class NorbixWebhookSignatureError extends NorbixWebhookError {
+    constructor(message: string);
+}
+declare class NorbixWebhookParseError extends NorbixWebhookError {
+    constructor(message: string);
+}
+/**
+ * Closed catalog of event names a destination may subscribe to.
+ * Source: gateway Domain trigger event name value objects.
+ */
+declare const NORBIX_WEBHOOK_EVENT_NAMES: readonly ["database.record.inserted", "database.record.updated", "database.record.deleted", "database.record.replaced", "database.record.responsibilityChanged", "database.records.inserted", "database.records.updated", "database.records.deleted", "membership.user.registered", "membership.user.invited", "membership.user.verified", "membership.user.updated", "membership.user.deleted", "membership.user.blocked", "membership.user.reactivated", "files.file.uploaded", "files.file.deleted"];
+type NorbixWebhookEventName = (typeof NORBIX_WEBHOOK_EVENT_NAMES)[number];
+interface NorbixWebhookEventGroup {
+    group: string;
+    label: string;
+    events: readonly string[];
+}
+declare const NORBIX_WEBHOOK_EVENT_GROUPS: NorbixWebhookEventGroup[];
+/**
+ * Outbound Norbix webhook delivery headers.
+ *
+ * Source of truth: gateway `WebhookDeliveryClient` (NOT `AuthStatics` /
+ * `ConfigureCors`, which define **inbound API** headers like
+ * `norbix-account-id` / `norbix-project-id` for studio → gateway calls).
+ *
+ * @see gateway/src/Isidos.CodeMash.Services.Webhook/Dispatching/WebhookDeliveryClient.cs
+ */
+declare const NORBIX_WEBHOOK_HEADERS: {
+    readonly event: "X-Norbix-Event";
+    readonly delivery: "X-Norbix-Delivery";
+    readonly idempotencyKey: "Idempotency-Key";
+    readonly account: "X-Norbix-Account";
+    readonly project: "X-Norbix-Project";
+    readonly integration: "X-Norbix-Integration";
+    readonly destination: "X-Norbix-Destination";
+    readonly signature: "X-Norbix-Signature";
+    readonly timestamp: "X-Norbix-Timestamp";
+};
+type NorbixWebhookHeaderName = (typeof NORBIX_WEBHOOK_HEADERS)[keyof typeof NORBIX_WEBHOOK_HEADERS];
+/** JSON envelope POSTed to every webhook destination. */
+interface NorbixWebhookEnvelope<TData = unknown> {
+    /** Stable delivery id — dedupe retries on this (also X-Norbix-Delivery). */
+    id: string;
+    /** Logical event name, e.g. database.record.inserted. */
+    event: string;
+    /** ISO-8601 UTC timestamp when the event was emitted. */
+    createdOn: string;
+    accountId: string;
+    projectId: string;
+    /** Trigger that produced this delivery, if any. */
+    triggerId?: string | null;
+    /** Module-specific payload (record, user, file metadata, …). */
+    data: TData;
+}
+/** Parsed delivery headers on an inbound POST. */
+interface NorbixWebhookDeliveryHeaders {
+    event: string | null;
+    deliveryId: string | null;
+    idempotencyKey: string | null;
+    accountId: string | null;
+    projectId: string | null;
+    integrationId: string | null;
+    destinationId: string | null;
+    signature: string | null;
+    timestamp: string | null;
+}
+interface NorbixWebhookVerifyOptions {
+    /** Project signing secret (from hub.webhooks.revealWebhookIntegrationSecret). */
+    secret: string;
+    /** Reject timestamps older/newer than this many seconds. Default 300. */
+    toleranceSeconds?: number;
+}
+interface NorbixWebhookHandleInput {
+    /** Exact UTF-8 request body bytes as received (required for signature verify). */
+    rawBody: string;
+    /** Incoming request headers (Express/Ts.ED/Fetch Headers or plain object). */
+    headers: NorbixWebhookHeaderBag;
+    /** Optional request path for logging. */
+    path?: string;
+    /** When false, skip signature verification even if secret is configured. */
+    verify?: boolean;
+}
+type NorbixWebhookHeaderBag = Record<string, string | string[] | undefined> | Headers;
+interface NorbixWebhookContext {
+    path?: string;
+    headers: NorbixWebhookDeliveryHeaders;
+    /** true when signature verified; null when verification was skipped. */
+    verified: boolean | null;
+}
+interface NorbixWebhookHandleResult {
+    received: true;
+    event: string;
+    deliveryId: string;
+    /** true when verified, null when verification was skipped (no secret). */
+    verified: boolean | null;
+    handled: boolean;
+    triggerId?: string | null;
+}
+type NorbixWebhookHandler<TData = unknown> = (envelope: NorbixWebhookEnvelope<TData>, ctx: NorbixWebhookContext) => void | Promise<void>;
+type NorbixWebhookHandlerMap = Partial<Record<NorbixWebhookEventName | string, NorbixWebhookHandler>>;
+interface NorbixWebhookReceiverOptions {
+    /** When set, verification runs on every delivery. Omit to skip verify. */
+    secret?: string;
+    /** Reject timestamps outside this window (seconds). Default 300. */
+    toleranceSeconds?: number;
+}
+/** Read Norbix delivery headers from an incoming HTTP request. */
+declare function parseNorbixWebhookHeaders(headers: NorbixWebhookHeaderBag): NorbixWebhookDeliveryHeaders;
+/** Parse the JSON envelope from the raw POST body. */
+declare function parseNorbixWebhookEnvelope<TData = unknown>(rawBody: string): NorbixWebhookEnvelope<TData>;
+interface NorbixWebhookSignatureVerification {
+    ok: boolean;
+    reason?: string;
+}
+/**
+ * Verify X-Norbix-Signature against the raw body.
+ * Algorithm (gateway WebhookDeliveryClient.Sign):
+ *   sha256=<hex> HMAC-SHA256(secret, "<timestamp>.<rawBody>")
+ */
+declare function verifyNorbixWebhookSignature(input: {
+    rawBody: string;
+    signature?: string | null;
+    timestamp?: string | null;
+} & NorbixWebhookVerifyOptions): NorbixWebhookSignatureVerification;
+declare function computeNorbixWebhookSignature(secret: string, timestamp: string, rawBody: string): string;
+/**
+ * Register handlers for inbound Norbix webhook deliveries (trigger → destination POST).
+ *
+ * Triggers with a `WebhookCall` action publish events to configured destinations.
+ * This receiver verifies the HMAC signature, parses the envelope, and dispatches
+ * to per-event handlers (similar to Stripe's webhook pattern).
+ *
+ * @example
+ * ```ts
+ * const receiver = new NorbixWebhookReceiver({
+ *   secret: process.env.NORBIX_WEBHOOK_SECRET,
+ * });
+ *
+ * receiver.on('database.record.inserted', async (event) => {
+ *   console.log('inserted', event.data);
+ * });
+ *
+ * receiver.onDefault(async (event) => {
+ *   console.log('unhandled', event.event);
+ * });
+ *
+ * await receiver.handle({ rawBody, headers: req.headers });
+ * ```
+ */
+declare class NorbixWebhookReceiver {
+    private readonly options;
+    private readonly handlers;
+    private defaultHandler?;
+    constructor(options?: NorbixWebhookReceiverOptions);
+    /** Handle a specific event name (e.g. membership.user.registered). */
+    on(event: string, handler: NorbixWebhookHandler): this;
+    /** Fallback when no event-specific handler is registered. */
+    onDefault(handler: NorbixWebhookHandler): this;
+    /**
+     * Verify (when secret configured), parse, and dispatch the delivery.
+     * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.
+     */
+    handle(input: NorbixWebhookHandleInput): Promise<NorbixWebhookHandleResult>;
+}
+export { NORBIX_WEBHOOK_EVENT_GROUPS, NORBIX_WEBHOOK_EVENT_NAMES, NORBIX_WEBHOOK_HEADERS, type NorbixWebhookContext, type NorbixWebhookDeliveryHeaders, type NorbixWebhookEnvelope, NorbixWebhookError, type NorbixWebhookEventGroup, type NorbixWebhookEventName, type NorbixWebhookHandleInput, type NorbixWebhookHandleResult, type NorbixWebhookHandler, type NorbixWebhookHandlerMap, type NorbixWebhookHeaderBag, type NorbixWebhookHeaderName, NorbixWebhookParseError, NorbixWebhookReceiver, type NorbixWebhookReceiverOptions, NorbixWebhookSignatureError, type NorbixWebhookSignatureVerification, type NorbixWebhookVerifyOptions, computeNorbixWebhookSignature, parseNorbixWebhookEnvelope, parseNorbixWebhookHeaders, verifyNorbixWebhookSignature };

package/dist/webhooks/index.d.ts ADDED Viewed

@@ -0,0 +1,175 @@
+declare class NorbixWebhookError extends Error {
+    readonly code: string;
+    constructor(message: string, code: string);
+}
+declare class NorbixWebhookSignatureError extends NorbixWebhookError {
+    constructor(message: string);
+}
+declare class NorbixWebhookParseError extends NorbixWebhookError {
+    constructor(message: string);
+}
+/**
+ * Closed catalog of event names a destination may subscribe to.
+ * Source: gateway Domain trigger event name value objects.
+ */
+declare const NORBIX_WEBHOOK_EVENT_NAMES: readonly ["database.record.inserted", "database.record.updated", "database.record.deleted", "database.record.replaced", "database.record.responsibilityChanged", "database.records.inserted", "database.records.updated", "database.records.deleted", "membership.user.registered", "membership.user.invited", "membership.user.verified", "membership.user.updated", "membership.user.deleted", "membership.user.blocked", "membership.user.reactivated", "files.file.uploaded", "files.file.deleted"];
+type NorbixWebhookEventName = (typeof NORBIX_WEBHOOK_EVENT_NAMES)[number];
+interface NorbixWebhookEventGroup {
+    group: string;
+    label: string;
+    events: readonly string[];
+}
+declare const NORBIX_WEBHOOK_EVENT_GROUPS: NorbixWebhookEventGroup[];
+/**
+ * Outbound Norbix webhook delivery headers.
+ *
+ * Source of truth: gateway `WebhookDeliveryClient` (NOT `AuthStatics` /
+ * `ConfigureCors`, which define **inbound API** headers like
+ * `norbix-account-id` / `norbix-project-id` for studio → gateway calls).
+ *
+ * @see gateway/src/Isidos.CodeMash.Services.Webhook/Dispatching/WebhookDeliveryClient.cs
+ */
+declare const NORBIX_WEBHOOK_HEADERS: {
+    readonly event: "X-Norbix-Event";
+    readonly delivery: "X-Norbix-Delivery";
+    readonly idempotencyKey: "Idempotency-Key";
+    readonly account: "X-Norbix-Account";
+    readonly project: "X-Norbix-Project";
+    readonly integration: "X-Norbix-Integration";
+    readonly destination: "X-Norbix-Destination";
+    readonly signature: "X-Norbix-Signature";
+    readonly timestamp: "X-Norbix-Timestamp";
+};
+type NorbixWebhookHeaderName = (typeof NORBIX_WEBHOOK_HEADERS)[keyof typeof NORBIX_WEBHOOK_HEADERS];
+/** JSON envelope POSTed to every webhook destination. */
+interface NorbixWebhookEnvelope<TData = unknown> {
+    /** Stable delivery id — dedupe retries on this (also X-Norbix-Delivery). */
+    id: string;
+    /** Logical event name, e.g. database.record.inserted. */
+    event: string;
+    /** ISO-8601 UTC timestamp when the event was emitted. */
+    createdOn: string;
+    accountId: string;
+    projectId: string;
+    /** Trigger that produced this delivery, if any. */
+    triggerId?: string | null;
+    /** Module-specific payload (record, user, file metadata, …). */
+    data: TData;
+}
+/** Parsed delivery headers on an inbound POST. */
+interface NorbixWebhookDeliveryHeaders {
+    event: string | null;
+    deliveryId: string | null;
+    idempotencyKey: string | null;
+    accountId: string | null;
+    projectId: string | null;
+    integrationId: string | null;
+    destinationId: string | null;
+    signature: string | null;
+    timestamp: string | null;
+}
+interface NorbixWebhookVerifyOptions {
+    /** Project signing secret (from hub.webhooks.revealWebhookIntegrationSecret). */
+    secret: string;
+    /** Reject timestamps older/newer than this many seconds. Default 300. */
+    toleranceSeconds?: number;
+}
+interface NorbixWebhookHandleInput {
+    /** Exact UTF-8 request body bytes as received (required for signature verify). */
+    rawBody: string;
+    /** Incoming request headers (Express/Ts.ED/Fetch Headers or plain object). */
+    headers: NorbixWebhookHeaderBag;
+    /** Optional request path for logging. */
+    path?: string;
+    /** When false, skip signature verification even if secret is configured. */
+    verify?: boolean;
+}
+type NorbixWebhookHeaderBag = Record<string, string | string[] | undefined> | Headers;
+interface NorbixWebhookContext {
+    path?: string;
+    headers: NorbixWebhookDeliveryHeaders;
+    /** true when signature verified; null when verification was skipped. */
+    verified: boolean | null;
+}
+interface NorbixWebhookHandleResult {
+    received: true;
+    event: string;
+    deliveryId: string;
+    /** true when verified, null when verification was skipped (no secret). */
+    verified: boolean | null;
+    handled: boolean;
+    triggerId?: string | null;
+}
+type NorbixWebhookHandler<TData = unknown> = (envelope: NorbixWebhookEnvelope<TData>, ctx: NorbixWebhookContext) => void | Promise<void>;
+type NorbixWebhookHandlerMap = Partial<Record<NorbixWebhookEventName | string, NorbixWebhookHandler>>;
+interface NorbixWebhookReceiverOptions {
+    /** When set, verification runs on every delivery. Omit to skip verify. */
+    secret?: string;
+    /** Reject timestamps outside this window (seconds). Default 300. */
+    toleranceSeconds?: number;
+}
+/** Read Norbix delivery headers from an incoming HTTP request. */
+declare function parseNorbixWebhookHeaders(headers: NorbixWebhookHeaderBag): NorbixWebhookDeliveryHeaders;
+/** Parse the JSON envelope from the raw POST body. */
+declare function parseNorbixWebhookEnvelope<TData = unknown>(rawBody: string): NorbixWebhookEnvelope<TData>;
+interface NorbixWebhookSignatureVerification {
+    ok: boolean;
+    reason?: string;
+}
+/**
+ * Verify X-Norbix-Signature against the raw body.
+ * Algorithm (gateway WebhookDeliveryClient.Sign):
+ *   sha256=<hex> HMAC-SHA256(secret, "<timestamp>.<rawBody>")
+ */
+declare function verifyNorbixWebhookSignature(input: {
+    rawBody: string;
+    signature?: string | null;
+    timestamp?: string | null;
+} & NorbixWebhookVerifyOptions): NorbixWebhookSignatureVerification;
+declare function computeNorbixWebhookSignature(secret: string, timestamp: string, rawBody: string): string;
+/**
+ * Register handlers for inbound Norbix webhook deliveries (trigger → destination POST).
+ *
+ * Triggers with a `WebhookCall` action publish events to configured destinations.
+ * This receiver verifies the HMAC signature, parses the envelope, and dispatches
+ * to per-event handlers (similar to Stripe's webhook pattern).
+ *
+ * @example
+ * ```ts
+ * const receiver = new NorbixWebhookReceiver({
+ *   secret: process.env.NORBIX_WEBHOOK_SECRET,
+ * });
+ *
+ * receiver.on('database.record.inserted', async (event) => {
+ *   console.log('inserted', event.data);
+ * });
+ *
+ * receiver.onDefault(async (event) => {
+ *   console.log('unhandled', event.event);
+ * });
+ *
+ * await receiver.handle({ rawBody, headers: req.headers });
+ * ```
+ */
+declare class NorbixWebhookReceiver {
+    private readonly options;
+    private readonly handlers;
+    private defaultHandler?;
+    constructor(options?: NorbixWebhookReceiverOptions);
+    /** Handle a specific event name (e.g. membership.user.registered). */
+    on(event: string, handler: NorbixWebhookHandler): this;
+    /** Fallback when no event-specific handler is registered. */
+    onDefault(handler: NorbixWebhookHandler): this;
+    /**
+     * Verify (when secret configured), parse, and dispatch the delivery.
+     * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.
+     */
+    handle(input: NorbixWebhookHandleInput): Promise<NorbixWebhookHandleResult>;
+}
+export { NORBIX_WEBHOOK_EVENT_GROUPS, NORBIX_WEBHOOK_EVENT_NAMES, NORBIX_WEBHOOK_HEADERS, type NorbixWebhookContext, type NorbixWebhookDeliveryHeaders, type NorbixWebhookEnvelope, NorbixWebhookError, type NorbixWebhookEventGroup, type NorbixWebhookEventName, type NorbixWebhookHandleInput, type NorbixWebhookHandleResult, type NorbixWebhookHandler, type NorbixWebhookHandlerMap, type NorbixWebhookHeaderBag, type NorbixWebhookHeaderName, NorbixWebhookParseError, NorbixWebhookReceiver, type NorbixWebhookReceiverOptions, NorbixWebhookSignatureError, type NorbixWebhookSignatureVerification, type NorbixWebhookVerifyOptions, computeNorbixWebhookSignature, parseNorbixWebhookEnvelope, parseNorbixWebhookHeaders, verifyNorbixWebhookSignature };

package/dist/webhooks/index.js ADDED Viewed

@@ -0,0 +1,255 @@
+import { createHmac, timingSafeEqual } from 'crypto';
+// src/webhooks/errors.ts
+var NorbixWebhookError = class extends Error {
+  code;
+  constructor(message, code) {
+    super(message);
+    this.name = "NorbixWebhookError";
+    this.code = code;
+  }
+};
+var NorbixWebhookSignatureError = class extends NorbixWebhookError {
+  constructor(message) {
+    super(message, "WEBHOOK_SIGNATURE_INVALID");
+    this.name = "NorbixWebhookSignatureError";
+  }
+};
+var NorbixWebhookParseError = class extends NorbixWebhookError {
+  constructor(message) {
+    super(message, "WEBHOOK_PARSE_INVALID");
+    this.name = "NorbixWebhookParseError";
+  }
+};
+// src/webhooks/events.ts
+var NORBIX_WEBHOOK_EVENT_NAMES = [
+  "database.record.inserted",
+  "database.record.updated",
+  "database.record.deleted",
+  "database.record.replaced",
+  "database.record.responsibilityChanged",
+  "database.records.inserted",
+  "database.records.updated",
+  "database.records.deleted",
+  "membership.user.registered",
+  "membership.user.invited",
+  "membership.user.verified",
+  "membership.user.updated",
+  "membership.user.deleted",
+  "membership.user.blocked",
+  "membership.user.reactivated",
+  "files.file.uploaded",
+  "files.file.deleted"
+];
+var NORBIX_WEBHOOK_EVENT_GROUPS = [
+  {
+    group: "database",
+    label: "Database",
+    events: [
+      "database.record.inserted",
+      "database.record.updated",
+      "database.record.deleted",
+      "database.record.replaced",
+      "database.record.responsibilityChanged",
+      "database.records.inserted",
+      "database.records.updated",
+      "database.records.deleted"
+    ]
+  },
+  {
+    group: "membership",
+    label: "Membership",
+    events: [
+      "membership.user.registered",
+      "membership.user.invited",
+      "membership.user.verified",
+      "membership.user.updated",
+      "membership.user.deleted",
+      "membership.user.blocked",
+      "membership.user.reactivated"
+    ]
+  },
+  {
+    group: "files",
+    label: "Files",
+    events: ["files.file.uploaded", "files.file.deleted"]
+  }
+];
+// src/webhooks/headers.ts
+var NORBIX_WEBHOOK_HEADERS = {
+  event: "X-Norbix-Event",
+  delivery: "X-Norbix-Delivery",
+  idempotencyKey: "Idempotency-Key",
+  account: "X-Norbix-Account",
+  project: "X-Norbix-Project",
+  integration: "X-Norbix-Integration",
+  destination: "X-Norbix-Destination",
+  signature: "X-Norbix-Signature",
+  timestamp: "X-Norbix-Timestamp"
+};
+function headerValue(headers, name) {
+  if (headers instanceof Headers) {
+    return headers.get(name);
+  }
+  const direct = headers[name];
+  if (direct !== void 0) {
+    return Array.isArray(direct) ? direct[0] ?? null : direct;
+  }
+  const lower = name.toLowerCase();
+  const lowerDirect = headers[lower];
+  if (lowerDirect !== void 0) {
+    return Array.isArray(lowerDirect) ? lowerDirect[0] ?? null : lowerDirect;
+  }
+  for (const [key, value] of Object.entries(headers)) {
+    if (key.toLowerCase() === lower) {
+      return Array.isArray(value) ? value[0] ?? null : value ?? null;
+    }
+  }
+  return null;
+}
+function parseNorbixWebhookHeaders(headers) {
+  const deliveryId = headerValue(headers, NORBIX_WEBHOOK_HEADERS.delivery) ?? headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey);
+  return {
+    event: headerValue(headers, NORBIX_WEBHOOK_HEADERS.event),
+    deliveryId,
+    idempotencyKey: headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey),
+    accountId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.account),
+    projectId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.project),
+    integrationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.integration),
+    destinationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.destination),
+    signature: headerValue(headers, NORBIX_WEBHOOK_HEADERS.signature),
+    timestamp: headerValue(headers, NORBIX_WEBHOOK_HEADERS.timestamp)
+  };
+}
+function parseNorbixWebhookEnvelope(rawBody) {
+  let parsed;
+  try {
+    parsed = JSON.parse(rawBody);
+  } catch {
+    throw new NorbixWebhookParseError("Webhook body is not valid JSON");
+  }
+  if (!parsed || typeof parsed !== "object") {
+    throw new NorbixWebhookParseError("Webhook body must be a JSON object");
+  }
+  const envelope = parsed;
+  if (typeof envelope.id !== "string" || !envelope.id) {
+    throw new NorbixWebhookParseError("Webhook envelope missing id");
+  }
+  if (typeof envelope.event !== "string" || !envelope.event) {
+    throw new NorbixWebhookParseError("Webhook envelope missing event");
+  }
+  return envelope;
+}
+function verifyNorbixWebhookSignature(input) {
+  const { secret, rawBody, signature, timestamp, toleranceSeconds = 300 } = input;
+  if (!signature) {
+    return { ok: false, reason: "missing X-Norbix-Signature header" };
+  }
+  if (!timestamp) {
+    return { ok: false, reason: "missing X-Norbix-Timestamp header" };
+  }
+  if (toleranceSeconds > 0) {
+    const sent = Number(timestamp);
+    if (!Number.isFinite(sent)) {
+      return { ok: false, reason: "X-Norbix-Timestamp is not a number" };
+    }
+    const ageSeconds = Math.abs(Date.now() / 1e3 - sent);
+    if (ageSeconds > toleranceSeconds) {
+      return {
+        ok: false,
+        reason: `timestamp outside ${toleranceSeconds}s tolerance (age ${Math.round(ageSeconds)}s)`
+      };
+    }
+  }
+  const expected = computeNorbixWebhookSignature(secret, timestamp, rawBody);
+  if (!timingSafeEqualUtf8(expected, signature)) {
+    return { ok: false, reason: "signature mismatch" };
+  }
+  return { ok: true };
+}
+function computeNorbixWebhookSignature(secret, timestamp, rawBody) {
+  return `sha256=${hmacSha256Hex(secret, `${timestamp}.${rawBody}`)}`;
+}
+function hmacSha256Hex(secret, payload) {
+  return createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+}
+function timingSafeEqualUtf8(a, b) {
+  const bufA = Buffer.from(a, "utf8");
+  const bufB = Buffer.from(b, "utf8");
+  if (bufA.length !== bufB.length) return false;
+  return timingSafeEqual(bufA, bufB);
+}
+// src/webhooks/receiver.ts
+var NorbixWebhookReceiver = class {
+  constructor(options = {}) {
+    this.options = options;
+  }
+  options;
+  handlers = /* @__PURE__ */ new Map();
+  defaultHandler;
+  /** Handle a specific event name (e.g. membership.user.registered). */
+  on(event, handler) {
+    this.handlers.set(event, handler);
+    return this;
+  }
+  /** Fallback when no event-specific handler is registered. */
+  onDefault(handler) {
+    this.defaultHandler = handler;
+    return this;
+  }
+  /**
+   * Verify (when secret configured), parse, and dispatch the delivery.
+   * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.
+   */
+  async handle(input) {
+    const deliveryHeaders = parseNorbixWebhookHeaders(input.headers);
+    const shouldVerify = input.verify !== false && !!this.options.secret;
+    let verified = null;
+    if (shouldVerify && this.options.secret) {
+      const result = verifyNorbixWebhookSignature({
+        secret: this.options.secret,
+        rawBody: input.rawBody,
+        signature: deliveryHeaders.signature,
+        timestamp: deliveryHeaders.timestamp,
+        toleranceSeconds: this.options.toleranceSeconds ?? 300
+      });
+      if (!result.ok) {
+        throw new NorbixWebhookSignatureError(result.reason ?? "Invalid signature");
+      }
+      verified = true;
+    }
+    const envelope = parseNorbixWebhookEnvelope(input.rawBody);
+    const ctx = {
+      path: input.path,
+      headers: {
+        ...deliveryHeaders,
+        event: deliveryHeaders.event ?? envelope.event,
+        deliveryId: deliveryHeaders.deliveryId ?? envelope.id,
+        accountId: deliveryHeaders.accountId ?? envelope.accountId,
+        projectId: deliveryHeaders.projectId ?? envelope.projectId
+      },
+      verified
+    };
+    const handler = this.handlers.get(envelope.event) ?? this.defaultHandler;
+    let handled = false;
+    if (handler) {
+      await handler(envelope, ctx);
+      handled = true;
+    }
+    return {
+      received: true,
+      event: envelope.event,
+      deliveryId: envelope.id,
+      verified,
+      handled,
+      triggerId: envelope.triggerId
+    };
+  }
+};
+export { NORBIX_WEBHOOK_EVENT_GROUPS, NORBIX_WEBHOOK_EVENT_NAMES, NORBIX_WEBHOOK_HEADERS, NorbixWebhookError, NorbixWebhookParseError, NorbixWebhookReceiver, NorbixWebhookSignatureError, computeNorbixWebhookSignature, parseNorbixWebhookEnvelope, parseNorbixWebhookHeaders, verifyNorbixWebhookSignature };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/webhooks/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/webhooks/errors.ts","../../src/webhooks/events.ts","../../src/webhooks/headers.ts","../../src/webhooks/parse.ts","../../src/webhooks/receiver.ts"],"names":[],"mappings":";;;AAAO,IAAM,kBAAA,GAAN,cAAiC,KAAA,CAAM;AAAA,EACnC,IAAA;AAAA,EAET,WAAA,CAAY,SAAiB,IAAA,EAAc;AACzC,IAAA,KAAA,CAAM,OAAO,CAAA;AACb,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AACZ,IAAA,IAAA,CAAK,IAAA,GAAO,IAAA;AAAA,EACd;AACF;AAEO,IAAM,2BAAA,GAAN,cAA0C,kBAAA,CAAmB;AAAA,EAClE,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,SAAS,2BAA2B,CAAA;AAC1C,IAAA,IAAA,CAAK,IAAA,GAAO,6BAAA;AAAA,EACd;AACF;AAEO,IAAM,uBAAA,GAAN,cAAsC,kBAAA,CAAmB;AAAA,EAC9D,YAAY,OAAA,EAAiB;AAC3B,IAAA,KAAA,CAAM,SAAS,uBAAuB,CAAA;AACtC,IAAA,IAAA,CAAK,IAAA,GAAO,yBAAA;AAAA,EACd;AACF;;;AClBO,IAAM,0BAAA,GAA6B;AAAA,EACxC,0BAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA,uCAAA;AAAA,EACA,2BAAA;AAAA,EACA,0BAAA;AAAA,EACA,0BAAA;AAAA,EACA,4BAAA;AAAA,EACA,yBAAA;AAAA,EACA,0BAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,yBAAA;AAAA,EACA,6BAAA;AAAA,EACA,qBAAA;AAAA,EACA;AACF;AAUO,IAAM,2BAAA,GAAyD;AAAA,EACpE;AAAA,IACE,KAAA,EAAO,UAAA;AAAA,IACP,KAAA,EAAO,UAAA;AAAA,IACP,MAAA,EAAQ;AAAA,MACN,0BAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA,0BAAA;AAAA,MACA,uCAAA;AAAA,MACA,2BAAA;AAAA,MACA,0BAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EACA;AAAA,IACE,KAAA,EAAO,YAAA;AAAA,IACP,KAAA,EAAO,YAAA;AAAA,IACP,MAAA,EAAQ;AAAA,MACN,4BAAA;AAAA,MACA,yBAAA;AAAA,MACA,0BAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA,yBAAA;AAAA,MACA;AAAA;AACF,GACF;AAAA,EACA;AAAA,IACE,KAAA,EAAO,OAAA;AAAA,IACP,KAAA,EAAO,OAAA;AAAA,IACP,MAAA,EAAQ,CAAC,qBAAA,EAAuB,oBAAoB;AAAA;AAExD;;;ACxDO,IAAM,sBAAA,GAAyB;AAAA,EACpC,KAAA,EAAO,gBAAA;AAAA,EACP,QAAA,EAAU,mBAAA;AAAA,EACV,cAAA,EAAgB,iBAAA;AAAA,EAChB,OAAA,EAAS,kBAAA;AAAA,EACT,OAAA,EAAS,kBAAA;AAAA,EACT,WAAA,EAAa,sBAAA;AAAA,EACb,WAAA,EAAa,sBAAA;AAAA,EACb,SAAA,EAAW,oBAAA;AAAA,EACX,SAAA,EAAW;AACb;ACRA,SAAS,WAAA,CAAY,SAAiC,IAAA,EAA6B;AACjF,EAAA,IAAI,mBAAmB,OAAA,EAAS;AAC9B,IAAA,OAAO,OAAA,CAAQ,IAAI,IAAI,CAAA;AAAA,EACzB;AAEA,EAAA,MAAM,MAAA,GAAS,QAAQ,IAAI,CAAA;AAC3B,EAAA,IAAI,WAAW,MAAA,EAAW;AACxB,IAAA,OAAO,MAAM,OAAA,CAAQ,MAAM,IAAK,MAAA,CAAO,CAAC,KAAK,IAAA,GAAQ,MAAA;AAAA,EACvD;AAEA,EAAA,MAAM,KAAA,GAAQ,KAAK,WAAA,EAAY;AAC/B,EAAA,MAAM,WAAA,GAAc,QAAQ,KAAK,CAAA;AACjC,EAAA,IAAI,gBAAgB,MAAA,EAAW;AAC7B,IAAA,OAAO,MAAM,OAAA,CAAQ,WAAW,IAAK,WAAA,CAAY,CAAC,KAAK,IAAA,GAAQ,WAAA;AAAA,EACjE;AAGA,EAAA,KAAA,MAAW,CAAC,GAAA,EAAK,KAAK,KAAK,MAAA,CAAO,OAAA,CAAQ,OAAO,CAAA,EAAG;AAClD,IAAA,IAAI,GAAA,CAAI,WAAA,EAAY,KAAM,KAAA,EAAO;AAC/B,MAAA,OAAO,KAAA,CAAM,QAAQ,KAAK,CAAA,GAAK,MAAM,CAAC,CAAA,IAAK,OAAS,KAAA,IAAS,IAAA;AAAA,IAC/D;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAGO,SAAS,0BACd,OAAA,EAC8B;AAC9B,EAAA,MAAM,UAAA,GACJ,YAAY,OAAA,EAAS,sBAAA,CAAuB,QAAQ,CAAA,IACpD,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,cAAc,CAAA;AAE5D,EAAA,OAAO;AAAA,IACL,KAAA,EAAO,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,KAAK,CAAA;AAAA,IACxD,UAAA;AAAA,IACA,cAAA,EAAgB,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,cAAc,CAAA;AAAA,IAC1E,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,OAAO,CAAA;AAAA,IAC9D,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,OAAO,CAAA;AAAA,IAC9D,aAAA,EAAe,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,WAAW,CAAA;AAAA,IACtE,aAAA,EAAe,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,WAAW,CAAA;AAAA,IACtE,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,SAAS,CAAA;AAAA,IAChE,SAAA,EAAW,WAAA,CAAY,OAAA,EAAS,sBAAA,CAAuB,SAAS;AAAA,GAClE;AACF;AAGO,SAAS,2BACd,OAAA,EAC8B;AAC9B,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,MAAA,GAAS,IAAA,CAAK,MAAM,OAAO,CAAA;AAAA,EAC7B,CAAA,CAAA,MAAQ;AACN,IAAA,MAAM,IAAI,wBAAwB,gCAAgC,CAAA;AAAA,EACpE;AAEA,EAAA,IAAI,CAAC,MAAA,IAAU,OAAO,MAAA,KAAW,QAAA,EAAU;AACzC,IAAA,MAAM,IAAI,wBAAwB,oCAAoC,CAAA;AAAA,EACxE;AAEA,EAAA,MAAM,QAAA,GAAW,MAAA;AACjB,EAAA,IAAI,OAAO,QAAA,CAAS,EAAA,KAAO,QAAA,IAAY,CAAC,SAAS,EAAA,EAAI;AACnD,IAAA,MAAM,IAAI,wBAAwB,6BAA6B,CAAA;AAAA,EACjE;AACA,EAAA,IAAI,OAAO,QAAA,CAAS,KAAA,KAAU,QAAA,IAAY,CAAC,SAAS,KAAA,EAAO;AACzD,IAAA,MAAM,IAAI,wBAAwB,gCAAgC,CAAA;AAAA,EACpE;AAEA,EAAA,OAAO,QAAA;AACT;AAYO,SAAS,6BACd,KAAA,EAKoC;AACpC,EAAA,MAAM,EAAE,MAAA,EAAQ,OAAA,EAAS,WAAW,SAAA,EAAW,gBAAA,GAAmB,KAAI,GAAI,KAAA;AAE1E,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,EAClE;AACA,EAAA,IAAI,CAAC,SAAA,EAAW;AACd,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,mCAAA,EAAoC;AAAA,EAClE;AAEA,EAAA,IAAI,mBAAmB,CAAA,EAAG;AACxB,IAAA,MAAM,IAAA,GAAO,OAAO,SAAS,CAAA;AAC7B,IAAA,IAAI,CAAC,MAAA,CAAO,QAAA,CAAS,IAAI,CAAA,EAAG;AAC1B,MAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,oCAAA,EAAqC;AAAA,IACnE;AACA,IAAA,MAAM,aAAa,IAAA,CAAK,GAAA,CAAI,KAAK,GAAA,EAAI,GAAI,MAAO,IAAI,CAAA;AACpD,IAAA,IAAI,aAAa,gBAAA,EAAkB;AACjC,MAAA,OAAO;AAAA,QACL,EAAA,EAAI,KAAA;AAAA,QACJ,QAAQ,CAAA,kBAAA,EAAqB,gBAAgB,oBAAoB,IAAA,CAAK,KAAA,CAAM,UAAU,CAAC,CAAA,EAAA;AAAA,OACzF;AAAA,IACF;AAAA,EACF;AAEA,EAAA,MAAM,QAAA,GAAW,6BAAA,CAA8B,MAAA,EAAQ,SAAA,EAAW,OAAO,CAAA;AACzE,EAAA,IAAI,CAAC,mBAAA,CAAoB,QAAA,EAAU,SAAS,CAAA,EAAG;AAC7C,IAAA,OAAO,EAAE,EAAA,EAAI,KAAA,EAAO,MAAA,EAAQ,oBAAA,EAAqB;AAAA,EACnD;AAEA,EAAA,OAAO,EAAE,IAAI,IAAA,EAAK;AACpB;AAEO,SAAS,6BAAA,CACd,MAAA,EACA,SAAA,EACA,OAAA,EACQ;AACR,EAAA,OAAO,CAAA,OAAA,EAAU,cAAc,MAAA,EAAQ,CAAA,EAAG,SAAS,CAAA,CAAA,EAAI,OAAO,EAAE,CAAC,CAAA,CAAA;AACnE;AAEA,SAAS,aAAA,CAAc,QAAgB,OAAA,EAAyB;AAC9D,EAAA,OAAO,UAAA,CAAW,UAAU,MAAM,CAAA,CAAE,OAAO,OAAA,EAAS,MAAM,CAAA,CAAE,MAAA,CAAO,KAAK,CAAA;AAC1E;AAEA,SAAS,mBAAA,CAAoB,GAAW,CAAA,EAAoB;AAC1D,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,MAAM,CAAA;AAClC,EAAA,MAAM,IAAA,GAAO,MAAA,CAAO,IAAA,CAAK,CAAA,EAAG,MAAM,CAAA;AAClC,EAAA,IAAI,IAAA,CAAK,MAAA,KAAW,IAAA,CAAK,MAAA,EAAQ,OAAO,KAAA;AACxC,EAAA,OAAO,eAAA,CAAgB,MAAM,IAAI,CAAA;AACnC;;;AC/GO,IAAM,wBAAN,MAA4B;AAAA,EAIjC,WAAA,CAA6B,OAAA,GAAwC,EAAC,EAAG;AAA5C,IAAA,IAAA,CAAA,OAAA,GAAA,OAAA;AAAA,EAA6C;AAAA,EAA7C,OAAA;AAAA,EAHZ,QAAA,uBAAe,GAAA,EAAkC;AAAA,EAC1D,cAAA;AAAA;AAAA,EAKR,EAAA,CAAG,OAAe,OAAA,EAAqC;AACrD,IAAA,IAAA,CAAK,QAAA,CAAS,GAAA,CAAI,KAAA,EAAO,OAAO,CAAA;AAChC,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA,EAGA,UAAU,OAAA,EAAqC;AAC7C,IAAA,IAAA,CAAK,cAAA,GAAiB,OAAA;AACtB,IAAA,OAAO,IAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,MAAM,OAAO,KAAA,EAAqE;AAChF,IAAA,MAAM,eAAA,GAAkB,yBAAA,CAA0B,KAAA,CAAM,OAAO,CAAA;AAC/D,IAAA,MAAM,eAAe,KAAA,CAAM,MAAA,KAAW,SAAS,CAAC,CAAC,KAAK,OAAA,CAAQ,MAAA;AAC9D,IAAA,IAAI,QAAA,GAA2B,IAAA;AAE/B,IAAA,IAAI,YAAA,IAAgB,IAAA,CAAK,OAAA,CAAQ,MAAA,EAAQ;AACvC,MAAA,MAAM,SAAS,4BAAA,CAA6B;AAAA,QAC1C,MAAA,EAAQ,KAAK,OAAA,CAAQ,MAAA;AAAA,QACrB,SAAS,KAAA,CAAM,OAAA;AAAA,QACf,WAAW,eAAA,CAAgB,SAAA;AAAA,QAC3B,WAAW,eAAA,CAAgB,SAAA;AAAA,QAC3B,gBAAA,EAAkB,IAAA,CAAK,OAAA,CAAQ,gBAAA,IAAoB;AAAA,OACpD,CAAA;AACD,MAAA,IAAI,CAAC,OAAO,EAAA,EAAI;AACd,QAAA,MAAM,IAAI,2BAAA,CAA4B,MAAA,CAAO,MAAA,IAAU,mBAAmB,CAAA;AAAA,MAC5E;AACA,MAAA,QAAA,GAAW,IAAA;AAAA,IACb;AAEA,IAAA,MAAM,QAAA,GAAW,0BAAA,CAA2B,KAAA,CAAM,OAAO,CAAA;AACzD,IAAA,MAAM,GAAA,GAA4B;AAAA,MAChC,MAAM,KAAA,CAAM,IAAA;AAAA,MACZ,OAAA,EAAS;AAAA,QACP,GAAG,eAAA;AAAA,QACH,KAAA,EAAO,eAAA,CAAgB,KAAA,IAAS,QAAA,CAAS,KAAA;AAAA,QACzC,UAAA,EAAY,eAAA,CAAgB,UAAA,IAAc,QAAA,CAAS,EAAA;AAAA,QACnD,SAAA,EAAW,eAAA,CAAgB,SAAA,IAAa,QAAA,CAAS,SAAA;AAAA,QACjD,SAAA,EAAW,eAAA,CAAgB,SAAA,IAAa,QAAA,CAAS;AAAA,OACnD;AAAA,MACA;AAAA,KACF;AAEA,IAAA,MAAM,UAAU,IAAA,CAAK,QAAA,CAAS,IAAI,QAAA,CAAS,KAAK,KAAK,IAAA,CAAK,cAAA;AAC1D,IAAA,IAAI,OAAA,GAAU,KAAA;AACd,IAAA,IAAI,OAAA,EAAS;AACX,MAAA,MAAM,OAAA,CAAQ,UAAU,GAAG,CAAA;AAC3B,MAAA,OAAA,GAAU,IAAA;AAAA,IACZ;AAEA,IAAA,OAAO;AAAA,MACL,QAAA,EAAU,IAAA;AAAA,MACV,OAAO,QAAA,CAAS,KAAA;AAAA,MAChB,YAAY,QAAA,CAAS,EAAA;AAAA,MACrB,QAAA;AAAA,MACA,OAAA;AAAA,MACA,WAAW,QAAA,CAAS;AAAA,KACtB;AAAA,EACF;AACF","file":"index.js","sourcesContent":["export class NorbixWebhookError extends Error {\n readonly code: string;\n\n constructor(message: string, code: string) {\n super(message);\n this.name = 'NorbixWebhookError';\n this.code = code;\n }\n}\n\nexport class NorbixWebhookSignatureError extends NorbixWebhookError {\n constructor(message: string) {\n super(message, 'WEBHOOK_SIGNATURE_INVALID');\n this.name = 'NorbixWebhookSignatureError';\n }\n}\n\nexport class NorbixWebhookParseError extends NorbixWebhookError {\n constructor(message: string) {\n super(message, 'WEBHOOK_PARSE_INVALID');\n this.name = 'NorbixWebhookParseError';\n }\n}\n","/**\n * Closed catalog of event names a destination may subscribe to.\n * Source: gateway Domain trigger event name value objects.\n */\nexport const NORBIX_WEBHOOK_EVENT_NAMES = [\n 'database.record.inserted',\n 'database.record.updated',\n 'database.record.deleted',\n 'database.record.replaced',\n 'database.record.responsibilityChanged',\n 'database.records.inserted',\n 'database.records.updated',\n 'database.records.deleted',\n 'membership.user.registered',\n 'membership.user.invited',\n 'membership.user.verified',\n 'membership.user.updated',\n 'membership.user.deleted',\n 'membership.user.blocked',\n 'membership.user.reactivated',\n 'files.file.uploaded',\n 'files.file.deleted',\n] as const;\n\nexport type NorbixWebhookEventName = (typeof NORBIX_WEBHOOK_EVENT_NAMES)[number];\n\nexport interface NorbixWebhookEventGroup {\n group: string;\n label: string;\n events: readonly string[];\n}\n\nexport const NORBIX_WEBHOOK_EVENT_GROUPS: NorbixWebhookEventGroup[] = [\n {\n group: 'database',\n label: 'Database',\n events: [\n 'database.record.inserted',\n 'database.record.updated',\n 'database.record.deleted',\n 'database.record.replaced',\n 'database.record.responsibilityChanged',\n 'database.records.inserted',\n 'database.records.updated',\n 'database.records.deleted',\n ],\n },\n {\n group: 'membership',\n label: 'Membership',\n events: [\n 'membership.user.registered',\n 'membership.user.invited',\n 'membership.user.verified',\n 'membership.user.updated',\n 'membership.user.deleted',\n 'membership.user.blocked',\n 'membership.user.reactivated',\n ],\n },\n {\n group: 'files',\n label: 'Files',\n events: ['files.file.uploaded', 'files.file.deleted'],\n },\n];\n","/**\n * Outbound Norbix webhook delivery headers.\n *\n * Source of truth: gateway `WebhookDeliveryClient` (NOT `AuthStatics` /\n * `ConfigureCors`, which define **inbound API** headers like\n * `norbix-account-id` / `norbix-project-id` for studio → gateway calls).\n *\n * @see gateway/src/Isidos.CodeMash.Services.Webhook/Dispatching/WebhookDeliveryClient.cs\n */\nexport const NORBIX_WEBHOOK_HEADERS = {\n event: 'X-Norbix-Event',\n delivery: 'X-Norbix-Delivery',\n idempotencyKey: 'Idempotency-Key',\n account: 'X-Norbix-Account',\n project: 'X-Norbix-Project',\n integration: 'X-Norbix-Integration',\n destination: 'X-Norbix-Destination',\n signature: 'X-Norbix-Signature',\n timestamp: 'X-Norbix-Timestamp',\n} as const;\n\nexport type NorbixWebhookHeaderName =\n (typeof NORBIX_WEBHOOK_HEADERS)[keyof typeof NORBIX_WEBHOOK_HEADERS];\n","import { createHmac, timingSafeEqual } from 'node:crypto';\n\nimport { NorbixWebhookParseError } from './errors.js';\nimport { NORBIX_WEBHOOK_HEADERS } from './headers.js';\nimport type {\n NorbixWebhookDeliveryHeaders,\n NorbixWebhookEnvelope,\n NorbixWebhookHeaderBag,\n NorbixWebhookVerifyOptions,\n} from './types.js';\n\nfunction headerValue(headers: NorbixWebhookHeaderBag, name: string): string | null {\n if (headers instanceof Headers) {\n return headers.get(name);\n }\n\n const direct = headers[name];\n if (direct !== undefined) {\n return Array.isArray(direct) ? (direct[0] ?? null) : direct;\n }\n\n const lower = name.toLowerCase();\n const lowerDirect = headers[lower];\n if (lowerDirect !== undefined) {\n return Array.isArray(lowerDirect) ? (lowerDirect[0] ?? null) : lowerDirect;\n }\n\n // Some frameworks preserve original casing on header keys.\n for (const [key, value] of Object.entries(headers)) {\n if (key.toLowerCase() === lower) {\n return Array.isArray(value) ? (value[0] ?? null) : (value ?? null);\n }\n }\n\n return null;\n}\n\n/** Read Norbix delivery headers from an incoming HTTP request. */\nexport function parseNorbixWebhookHeaders(\n headers: NorbixWebhookHeaderBag,\n): NorbixWebhookDeliveryHeaders {\n const deliveryId =\n headerValue(headers, NORBIX_WEBHOOK_HEADERS.delivery) ??\n headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey);\n\n return {\n event: headerValue(headers, NORBIX_WEBHOOK_HEADERS.event),\n deliveryId,\n idempotencyKey: headerValue(headers, NORBIX_WEBHOOK_HEADERS.idempotencyKey),\n accountId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.account),\n projectId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.project),\n integrationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.integration),\n destinationId: headerValue(headers, NORBIX_WEBHOOK_HEADERS.destination),\n signature: headerValue(headers, NORBIX_WEBHOOK_HEADERS.signature),\n timestamp: headerValue(headers, NORBIX_WEBHOOK_HEADERS.timestamp),\n };\n}\n\n/** Parse the JSON envelope from the raw POST body. */\nexport function parseNorbixWebhookEnvelope<TData = unknown>(\n rawBody: string,\n): NorbixWebhookEnvelope<TData> {\n let parsed: unknown;\n try {\n parsed = JSON.parse(rawBody);\n } catch {\n throw new NorbixWebhookParseError('Webhook body is not valid JSON');\n }\n\n if (!parsed || typeof parsed !== 'object') {\n throw new NorbixWebhookParseError('Webhook body must be a JSON object');\n }\n\n const envelope = parsed as Partial<NorbixWebhookEnvelope<TData>>;\n if (typeof envelope.id !== 'string' || !envelope.id) {\n throw new NorbixWebhookParseError('Webhook envelope missing id');\n }\n if (typeof envelope.event !== 'string' || !envelope.event) {\n throw new NorbixWebhookParseError('Webhook envelope missing event');\n }\n\n return envelope as NorbixWebhookEnvelope<TData>;\n}\n\nexport interface NorbixWebhookSignatureVerification {\n ok: boolean;\n reason?: string;\n}\n\n/**\n * Verify X-Norbix-Signature against the raw body.\n * Algorithm (gateway WebhookDeliveryClient.Sign):\n * sha256=<hex> HMAC-SHA256(secret, \"<timestamp>.<rawBody>\")\n */\nexport function verifyNorbixWebhookSignature(\n input: {\n rawBody: string;\n signature?: string | null;\n timestamp?: string | null;\n } & NorbixWebhookVerifyOptions,\n): NorbixWebhookSignatureVerification {\n const { secret, rawBody, signature, timestamp, toleranceSeconds = 300 } = input;\n\n if (!signature) {\n return { ok: false, reason: 'missing X-Norbix-Signature header' };\n }\n if (!timestamp) {\n return { ok: false, reason: 'missing X-Norbix-Timestamp header' };\n }\n\n if (toleranceSeconds > 0) {\n const sent = Number(timestamp);\n if (!Number.isFinite(sent)) {\n return { ok: false, reason: 'X-Norbix-Timestamp is not a number' };\n }\n const ageSeconds = Math.abs(Date.now() / 1000 - sent);\n if (ageSeconds > toleranceSeconds) {\n return {\n ok: false,\n reason: `timestamp outside ${toleranceSeconds}s tolerance (age ${Math.round(ageSeconds)}s)`,\n };\n }\n }\n\n const expected = computeNorbixWebhookSignature(secret, timestamp, rawBody);\n if (!timingSafeEqualUtf8(expected, signature)) {\n return { ok: false, reason: 'signature mismatch' };\n }\n\n return { ok: true };\n}\n\nexport function computeNorbixWebhookSignature(\n secret: string,\n timestamp: string,\n rawBody: string,\n): string {\n return `sha256=${hmacSha256Hex(secret, `${timestamp}.${rawBody}`)}`;\n}\n\nfunction hmacSha256Hex(secret: string, payload: string): string {\n return createHmac('sha256', secret).update(payload, 'utf8').digest('hex');\n}\n\nfunction timingSafeEqualUtf8(a: string, b: string): boolean {\n const bufA = Buffer.from(a, 'utf8');\n const bufB = Buffer.from(b, 'utf8');\n if (bufA.length !== bufB.length) return false;\n return timingSafeEqual(bufA, bufB);\n}\n","import { NorbixWebhookSignatureError } from './errors.js';\nimport {\n parseNorbixWebhookEnvelope,\n parseNorbixWebhookHeaders,\n verifyNorbixWebhookSignature,\n} from './parse.js';\nimport type {\n NorbixWebhookContext,\n NorbixWebhookHandleInput,\n NorbixWebhookHandleResult,\n NorbixWebhookHandler,\n NorbixWebhookReceiverOptions,\n} from './types.js';\n\n/**\n * Register handlers for inbound Norbix webhook deliveries (trigger → destination POST).\n *\n * Triggers with a `WebhookCall` action publish events to configured destinations.\n * This receiver verifies the HMAC signature, parses the envelope, and dispatches\n * to per-event handlers (similar to Stripe's webhook pattern).\n *\n * @example\n * ```ts\n * const receiver = new NorbixWebhookReceiver({\n * secret: process.env.NORBIX_WEBHOOK_SECRET,\n * });\n *\n * receiver.on('database.record.inserted', async (event) => {\n * console.log('inserted', event.data);\n * });\n *\n * receiver.onDefault(async (event) => {\n * console.log('unhandled', event.event);\n * });\n *\n * await receiver.handle({ rawBody, headers: req.headers });\n * ```\n */\nexport class NorbixWebhookReceiver {\n private readonly handlers = new Map<string, NorbixWebhookHandler>();\n private defaultHandler?: NorbixWebhookHandler;\n\n constructor(private readonly options: NorbixWebhookReceiverOptions = {}) {}\n\n /** Handle a specific event name (e.g. membership.user.registered). */\n on(event: string, handler: NorbixWebhookHandler): this {\n this.handlers.set(event, handler);\n return this;\n }\n\n /** Fallback when no event-specific handler is registered. */\n onDefault(handler: NorbixWebhookHandler): this {\n this.defaultHandler = handler;\n return this;\n }\n\n /**\n * Verify (when secret configured), parse, and dispatch the delivery.\n * Returns 200-worthy result — throw NorbixWebhookSignatureError for 401.\n */\n async handle(input: NorbixWebhookHandleInput): Promise<NorbixWebhookHandleResult> {\n const deliveryHeaders = parseNorbixWebhookHeaders(input.headers);\n const shouldVerify = input.verify !== false && !!this.options.secret;\n let verified: boolean | null = null;\n\n if (shouldVerify && this.options.secret) {\n const result = verifyNorbixWebhookSignature({\n secret: this.options.secret,\n rawBody: input.rawBody,\n signature: deliveryHeaders.signature,\n timestamp: deliveryHeaders.timestamp,\n toleranceSeconds: this.options.toleranceSeconds ?? 300,\n });\n if (!result.ok) {\n throw new NorbixWebhookSignatureError(result.reason ?? 'Invalid signature');\n }\n verified = true;\n }\n\n const envelope = parseNorbixWebhookEnvelope(input.rawBody);\n const ctx: NorbixWebhookContext = {\n path: input.path,\n headers: {\n ...deliveryHeaders,\n event: deliveryHeaders.event ?? envelope.event,\n deliveryId: deliveryHeaders.deliveryId ?? envelope.id,\n accountId: deliveryHeaders.accountId ?? envelope.accountId,\n projectId: deliveryHeaders.projectId ?? envelope.projectId,\n },\n verified,\n };\n\n const handler = this.handlers.get(envelope.event) ?? this.defaultHandler;\n let handled = false;\n if (handler) {\n await handler(envelope, ctx);\n handled = true;\n }\n\n return {\n received: true,\n event: envelope.event,\n deliveryId: envelope.id,\n verified,\n handled,\n triggerId: envelope.triggerId,\n };\n }\n}\n"]}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@norbix.ai/ts",
-  "version": "1.0.1",
+  "version": "1.1.0",
   "description": "Official TypeScript SDK for Norbix — one client for both API and Hub. Works in Node and the browser.",
   "author": "UAB Isidos",
   "license": "MIT",
@@ -45,6 +45,11 @@
       "import": "./dist/hub/index.js",
       "require": "./dist/hub/index.cjs"
     },
+    "./webhooks": {
+      "types": "./dist/webhooks/index.d.ts",
+      "import": "./dist/webhooks/index.js",
+      "require": "./dist/webhooks/index.cjs"
+    },
     "./types/api": {
       "types": "./dist/types/api2.dtos.d.ts",
       "import": "./dist/types/api2.dtos.js",