@openbilling/dodo 0.1.0-alpha.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 George Dimitrov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,18 @@
+# @openbilling/dodo
+
+Dodo Payments adapter for OpenBilling.
+
+`@openbilling/dodo` provides a fetch-based Dodo Payments adapter that implements the shared `@openbilling/core` billing contract. It supports the current OpenBilling MVP workflows for hosted checkout creation, customer portal links, webhook verification, and normalized webhook mapping.
+
+This package keeps Dodo-specific behavior visible where it matters. Checkout creation is product-based and currently requires `productId`; Dodo determines whether the checkout is one-time or recurring from the configured product.
+
+## Install
+
+```bash
+npm install @openbilling/core @openbilling/dodo
+```
+
+## Links
+
+- Documentation: [openbilling.geodim.dev](https://openbilling.geodim.dev)
+- Repository: [github.com/gndimitro/openbilling](https://github.com/gndimitro/openbilling)

package/dist/index.cjs

@@ -0,0 +1,232 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  DodoProviderError: () => DodoProviderError,
+  createDodoProvider: () => createDodoProvider
+});
+module.exports = __toCommonJS(index_exports);
+var import_standardwebhooks = require("standardwebhooks");
+var import_core = require("@openbilling/core");
+var DEFAULT_BASE_URL = "https://live.dodopayments.com";
+var textDecoder = new TextDecoder();
+var DodoProviderError = class extends Error {
+  /** Provider-specific error classification. */
+  code;
+  /** HTTP status returned by Dodo when the error came from an API response. */
+  status;
+  constructor(message, code, status, options) {
+    super(message, options);
+    this.name = "DodoProviderError";
+    this.code = code;
+    if (status !== void 0) {
+      this.status = status;
+    }
+  }
+};
+function createDodoProvider(config) {
+  const baseUrl = normalizeBaseUrl(config.baseUrl);
+  return (0, import_core.createBilling)({
+    async createCheckout(input) {
+      const response = await postJson(
+        `${baseUrl}/checkouts`,
+        config.apiKey,
+        buildCheckoutRequest(input)
+      );
+      if (!response.checkout_url) {
+        throw new DodoProviderError("Dodo checkout session did not include a checkout URL.", "api_error");
+      }
+      return {
+        id: response.session_id,
+        url: response.checkout_url,
+        provider: import_core.Provider.Dodo,
+        raw: response
+      };
+    },
+    async createPortalLink(input) {
+      const endpoint = new URL(
+        `${baseUrl}/customers/${encodeURIComponent(input.customerId)}/customer-portal/session`
+      );
+      endpoint.searchParams.set("return_url", input.returnUrl);
+      const response = await postJson(endpoint.toString(), config.apiKey);
+      return {
+        url: response.link,
+        provider: import_core.Provider.Dodo,
+        raw: response
+      };
+    },
+    async verifyWebhook(input) {
+      const headers = getRequiredWebhookHeaders(input.headers);
+      const secret = input.secret ?? config.webhookSecret;
+      const payload = toWebhookPayload(input.payload);
+      try {
+        const event = new import_standardwebhooks.Webhook(secret).verify(payload, headers);
+        return normalizeWebhookEvent(event);
+      } catch (error) {
+        throw new DodoProviderError("Dodo webhook signature verification failed.", "invalid_webhook_signature", void 0, {
+          cause: error
+        });
+      }
+    }
+  });
+}
+function normalizeBaseUrl(baseUrl) {
+  return (baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+}
+function buildCheckoutRequest(input) {
+  if (!input.productId) {
+    throw new DodoProviderError(
+      input.priceId ? "Dodo checkout sessions currently require a productId instead of a priceId." : "Dodo checkout sessions require a productId.",
+      "unsupported_input"
+    );
+  }
+  const request = {
+    product_cart: [
+      {
+        product_id: input.productId,
+        quantity: 1
+      }
+    ],
+    return_url: input.successUrl,
+    cancel_url: input.cancelUrl
+  };
+  if (input.customerId) {
+    request.customer_id = input.customerId;
+  } else if (input.customerEmail) {
+    request.customer = {
+      email: input.customerEmail
+    };
+  }
+  if (input.metadata) {
+    request.metadata = input.metadata;
+  }
+  return request;
+}
+function getRequiredWebhookHeaders(headers) {
+  const webhookId = headers?.["webhook-id"];
+  const webhookSignature = headers?.["webhook-signature"];
+  const webhookTimestamp = headers?.["webhook-timestamp"];
+  if (!webhookId || !webhookSignature || !webhookTimestamp) {
+    throw new DodoProviderError(
+      "Dodo webhook verification requires webhook-id, webhook-signature, and webhook-timestamp headers.",
+      "invalid_webhook_headers"
+    );
+  }
+  return {
+    "webhook-id": webhookId,
+    "webhook-signature": webhookSignature,
+    "webhook-timestamp": webhookTimestamp
+  };
+}
+function toWebhookPayload(payload) {
+  return typeof payload === "string" ? payload : textDecoder.decode(payload);
+}
+function normalizeWebhookEvent(event) {
+  const payload = event;
+  const customerId = payload.data?.customer?.customer_id;
+  switch (payload.type) {
+    case import_core.Payment.Succeeded:
+      if (!payload.data?.payment_id) {
+        break;
+      }
+      return {
+        type: import_core.Payment.Succeeded,
+        provider: import_core.Provider.Dodo,
+        paymentId: payload.data.payment_id,
+        ...customerId ? { customerId } : {},
+        raw: event
+      };
+    case import_core.Subscription.Active:
+      if (customerId && payload.data?.subscription_id) {
+        return {
+          type: import_core.Subscription.Active,
+          provider: import_core.Provider.Dodo,
+          customerId,
+          subscriptionId: payload.data.subscription_id,
+          raw: event
+        };
+      }
+      break;
+    case import_core.Subscription.Cancelled:
+      if (customerId && payload.data?.subscription_id) {
+        return {
+          type: import_core.Subscription.Cancelled,
+          provider: import_core.Provider.Dodo,
+          customerId,
+          subscriptionId: payload.data.subscription_id,
+          raw: event
+        };
+      }
+      break;
+  }
+  return {
+    type: import_core.Webhook.Unknown,
+    provider: import_core.Provider.Dodo,
+    raw: event
+  };
+}
+async function postJson(url, apiKey, body) {
+  const headers = {
+    authorization: `Bearer ${apiKey}`
+  };
+  if (body !== void 0) {
+    headers["content-type"] = "application/json";
+  }
+  const requestInit = {
+    method: "POST",
+    headers,
+    ...body === void 0 ? {} : { body: JSON.stringify(body) }
+  };
+  const response = await fetch(url, requestInit);
+  const responseBody = await readResponseBody(response);
+  if (!response.ok) {
+    throw createApiError(response, responseBody);
+  }
+  return responseBody;
+}
+async function readResponseBody(response) {
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    return response.json();
+  }
+  return response.text();
+}
+function createApiError(response, responseBody) {
+  const message = getApiErrorMessage(responseBody) ?? `Dodo API request failed with status ${response.status}${response.statusText ? ` ${response.statusText}` : ""}.`;
+  return new DodoProviderError(message, "api_error", response.status);
+}
+function getApiErrorMessage(responseBody) {
+  if (!responseBody || typeof responseBody !== "object") {
+    return void 0;
+  }
+  if ("message" in responseBody && typeof responseBody.message === "string") {
+    return responseBody.message;
+  }
+  if ("error" in responseBody && typeof responseBody.error === "string") {
+    return responseBody.error;
+  }
+  return void 0;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DodoProviderError,
+  createDodoProvider
+});

package/dist/index.d.cts

@@ -0,0 +1,76 @@
+import { BillingProvider } from '@openbilling/core';
+
+type DodoErrorCode = "unsupported_input" | "api_error" | "invalid_webhook_headers" | "invalid_webhook_signature";
+/**
+ * Configuration for the Dodo Payments provider adapter.
+ *
+ * The current Dodo adapter is intentionally narrow and only covers the hosted
+ * checkout, customer portal, and webhook flows documented in the root README.
+ */
+interface DodoProviderConfig {
+    /** Secret API key used for Dodo REST API requests. */
+    apiKey: string;
+    /** Webhook signing secret used by `standardwebhooks` verification. */
+    webhookSecret: string;
+    /** Optional API host override. Defaults to Dodo's live API base URL. */
+    baseUrl?: string;
+}
+/**
+ * Error raised by the Dodo provider adapter.
+ *
+ * The `code` field is stable enough for app-level branching, while `status`
+ * is included when the failure originated from the Dodo HTTP API.
+ */
+declare class DodoProviderError extends Error {
+    /** Provider-specific error classification. */
+    readonly code: DodoErrorCode;
+    /** HTTP status returned by Dodo when the error came from an API response. */
+    readonly status?: number;
+    constructor(message: string, code: DodoErrorCode, status?: number, options?: ErrorOptions);
+}
+/**
+ * Creates a fetch-based Dodo Payments adapter that implements the shared
+ * `@openbilling/core` billing contract.
+ *
+ * The current MVP intentionally supports a narrow Dodo surface:
+ * - checkout creation through `POST /checkouts`
+ * - customer billing management through customer portal sessions
+ * - webhook verification plus normalization for a small set of events
+ *
+ * Important provider caveats:
+ * - Dodo currently requires `productId` for checkout creation
+ * - `priceId` alone is not treated as a portable substitute
+ * - the Dodo product determines whether a checkout is one-time or recurring
+ * - the adapter defaults to `https://live.dodopayments.com`, with `baseUrl`
+ *   available for test mode or custom hosts
+ *
+ * Supported normalized Dodo webhook coverage:
+ * - `payment.succeeded`
+ * - `subscription.active`
+ * - `subscription.cancelled`
+ *
+ * Unsupported Dodo events resolve to {@link Webhook.Unknown} instead of
+ * throwing purely because the event is outside the current MVP.
+ *
+ * @throws {DodoProviderError} When input is unsupported, webhook verification
+ * fails, or the Dodo API returns an error response.
+ *
+ * @example
+ * ```ts
+ * const billing = createDodoProvider({
+ *   apiKey: "dodo_api_key",
+ *   webhookSecret: "whsec_123"
+ * });
+ *
+ * const checkout = await billing.createCheckout({
+ *   productId: "prod_123",
+ *   customerEmail: "demo@example.com",
+ *   successUrl: "https://example.com/success",
+ *   cancelUrl: "https://example.com/cancel",
+ *   mode: "subscription"
+ * });
+ * ```
+ */
+declare function createDodoProvider(config: DodoProviderConfig): BillingProvider;
+
+export { type DodoProviderConfig, DodoProviderError, createDodoProvider };

package/dist/index.d.ts

@@ -0,0 +1,76 @@
+import { BillingProvider } from '@openbilling/core';
+
+type DodoErrorCode = "unsupported_input" | "api_error" | "invalid_webhook_headers" | "invalid_webhook_signature";
+/**
+ * Configuration for the Dodo Payments provider adapter.
+ *
+ * The current Dodo adapter is intentionally narrow and only covers the hosted
+ * checkout, customer portal, and webhook flows documented in the root README.
+ */
+interface DodoProviderConfig {
+    /** Secret API key used for Dodo REST API requests. */
+    apiKey: string;
+    /** Webhook signing secret used by `standardwebhooks` verification. */
+    webhookSecret: string;
+    /** Optional API host override. Defaults to Dodo's live API base URL. */
+    baseUrl?: string;
+}
+/**
+ * Error raised by the Dodo provider adapter.
+ *
+ * The `code` field is stable enough for app-level branching, while `status`
+ * is included when the failure originated from the Dodo HTTP API.
+ */
+declare class DodoProviderError extends Error {
+    /** Provider-specific error classification. */
+    readonly code: DodoErrorCode;
+    /** HTTP status returned by Dodo when the error came from an API response. */
+    readonly status?: number;
+    constructor(message: string, code: DodoErrorCode, status?: number, options?: ErrorOptions);
+}
+/**
+ * Creates a fetch-based Dodo Payments adapter that implements the shared
+ * `@openbilling/core` billing contract.
+ *
+ * The current MVP intentionally supports a narrow Dodo surface:
+ * - checkout creation through `POST /checkouts`
+ * - customer billing management through customer portal sessions
+ * - webhook verification plus normalization for a small set of events
+ *
+ * Important provider caveats:
+ * - Dodo currently requires `productId` for checkout creation
+ * - `priceId` alone is not treated as a portable substitute
+ * - the Dodo product determines whether a checkout is one-time or recurring
+ * - the adapter defaults to `https://live.dodopayments.com`, with `baseUrl`
+ *   available for test mode or custom hosts
+ *
+ * Supported normalized Dodo webhook coverage:
+ * - `payment.succeeded`
+ * - `subscription.active`
+ * - `subscription.cancelled`
+ *
+ * Unsupported Dodo events resolve to {@link Webhook.Unknown} instead of
+ * throwing purely because the event is outside the current MVP.
+ *
+ * @throws {DodoProviderError} When input is unsupported, webhook verification
+ * fails, or the Dodo API returns an error response.
+ *
+ * @example
+ * ```ts
+ * const billing = createDodoProvider({
+ *   apiKey: "dodo_api_key",
+ *   webhookSecret: "whsec_123"
+ * });
+ *
+ * const checkout = await billing.createCheckout({
+ *   productId: "prod_123",
+ *   customerEmail: "demo@example.com",
+ *   successUrl: "https://example.com/success",
+ *   cancelUrl: "https://example.com/cancel",
+ *   mode: "subscription"
+ * });
+ * ```
+ */
+declare function createDodoProvider(config: DodoProviderConfig): BillingProvider;
+
+export { type DodoProviderConfig, DodoProviderError, createDodoProvider };

package/dist/index.js

@@ -0,0 +1,212 @@
+// src/index.ts
+import { Webhook as StandardWebhook } from "standardwebhooks";
+import {
+  Payment,
+  Provider,
+  Subscription,
+  Webhook,
+  createBilling
+} from "@openbilling/core";
+var DEFAULT_BASE_URL = "https://live.dodopayments.com";
+var textDecoder = new TextDecoder();
+var DodoProviderError = class extends Error {
+  /** Provider-specific error classification. */
+  code;
+  /** HTTP status returned by Dodo when the error came from an API response. */
+  status;
+  constructor(message, code, status, options) {
+    super(message, options);
+    this.name = "DodoProviderError";
+    this.code = code;
+    if (status !== void 0) {
+      this.status = status;
+    }
+  }
+};
+function createDodoProvider(config) {
+  const baseUrl = normalizeBaseUrl(config.baseUrl);
+  return createBilling({
+    async createCheckout(input) {
+      const response = await postJson(
+        `${baseUrl}/checkouts`,
+        config.apiKey,
+        buildCheckoutRequest(input)
+      );
+      if (!response.checkout_url) {
+        throw new DodoProviderError("Dodo checkout session did not include a checkout URL.", "api_error");
+      }
+      return {
+        id: response.session_id,
+        url: response.checkout_url,
+        provider: Provider.Dodo,
+        raw: response
+      };
+    },
+    async createPortalLink(input) {
+      const endpoint = new URL(
+        `${baseUrl}/customers/${encodeURIComponent(input.customerId)}/customer-portal/session`
+      );
+      endpoint.searchParams.set("return_url", input.returnUrl);
+      const response = await postJson(endpoint.toString(), config.apiKey);
+      return {
+        url: response.link,
+        provider: Provider.Dodo,
+        raw: response
+      };
+    },
+    async verifyWebhook(input) {
+      const headers = getRequiredWebhookHeaders(input.headers);
+      const secret = input.secret ?? config.webhookSecret;
+      const payload = toWebhookPayload(input.payload);
+      try {
+        const event = new StandardWebhook(secret).verify(payload, headers);
+        return normalizeWebhookEvent(event);
+      } catch (error) {
+        throw new DodoProviderError("Dodo webhook signature verification failed.", "invalid_webhook_signature", void 0, {
+          cause: error
+        });
+      }
+    }
+  });
+}
+function normalizeBaseUrl(baseUrl) {
+  return (baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
+}
+function buildCheckoutRequest(input) {
+  if (!input.productId) {
+    throw new DodoProviderError(
+      input.priceId ? "Dodo checkout sessions currently require a productId instead of a priceId." : "Dodo checkout sessions require a productId.",
+      "unsupported_input"
+    );
+  }
+  const request = {
+    product_cart: [
+      {
+        product_id: input.productId,
+        quantity: 1
+      }
+    ],
+    return_url: input.successUrl,
+    cancel_url: input.cancelUrl
+  };
+  if (input.customerId) {
+    request.customer_id = input.customerId;
+  } else if (input.customerEmail) {
+    request.customer = {
+      email: input.customerEmail
+    };
+  }
+  if (input.metadata) {
+    request.metadata = input.metadata;
+  }
+  return request;
+}
+function getRequiredWebhookHeaders(headers) {
+  const webhookId = headers?.["webhook-id"];
+  const webhookSignature = headers?.["webhook-signature"];
+  const webhookTimestamp = headers?.["webhook-timestamp"];
+  if (!webhookId || !webhookSignature || !webhookTimestamp) {
+    throw new DodoProviderError(
+      "Dodo webhook verification requires webhook-id, webhook-signature, and webhook-timestamp headers.",
+      "invalid_webhook_headers"
+    );
+  }
+  return {
+    "webhook-id": webhookId,
+    "webhook-signature": webhookSignature,
+    "webhook-timestamp": webhookTimestamp
+  };
+}
+function toWebhookPayload(payload) {
+  return typeof payload === "string" ? payload : textDecoder.decode(payload);
+}
+function normalizeWebhookEvent(event) {
+  const payload = event;
+  const customerId = payload.data?.customer?.customer_id;
+  switch (payload.type) {
+    case Payment.Succeeded:
+      if (!payload.data?.payment_id) {
+        break;
+      }
+      return {
+        type: Payment.Succeeded,
+        provider: Provider.Dodo,
+        paymentId: payload.data.payment_id,
+        ...customerId ? { customerId } : {},
+        raw: event
+      };
+    case Subscription.Active:
+      if (customerId && payload.data?.subscription_id) {
+        return {
+          type: Subscription.Active,
+          provider: Provider.Dodo,
+          customerId,
+          subscriptionId: payload.data.subscription_id,
+          raw: event
+        };
+      }
+      break;
+    case Subscription.Cancelled:
+      if (customerId && payload.data?.subscription_id) {
+        return {
+          type: Subscription.Cancelled,
+          provider: Provider.Dodo,
+          customerId,
+          subscriptionId: payload.data.subscription_id,
+          raw: event
+        };
+      }
+      break;
+  }
+  return {
+    type: Webhook.Unknown,
+    provider: Provider.Dodo,
+    raw: event
+  };
+}
+async function postJson(url, apiKey, body) {
+  const headers = {
+    authorization: `Bearer ${apiKey}`
+  };
+  if (body !== void 0) {
+    headers["content-type"] = "application/json";
+  }
+  const requestInit = {
+    method: "POST",
+    headers,
+    ...body === void 0 ? {} : { body: JSON.stringify(body) }
+  };
+  const response = await fetch(url, requestInit);
+  const responseBody = await readResponseBody(response);
+  if (!response.ok) {
+    throw createApiError(response, responseBody);
+  }
+  return responseBody;
+}
+async function readResponseBody(response) {
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    return response.json();
+  }
+  return response.text();
+}
+function createApiError(response, responseBody) {
+  const message = getApiErrorMessage(responseBody) ?? `Dodo API request failed with status ${response.status}${response.statusText ? ` ${response.statusText}` : ""}.`;
+  return new DodoProviderError(message, "api_error", response.status);
+}
+function getApiErrorMessage(responseBody) {
+  if (!responseBody || typeof responseBody !== "object") {
+    return void 0;
+  }
+  if ("message" in responseBody && typeof responseBody.message === "string") {
+    return responseBody.message;
+  }
+  if ("error" in responseBody && typeof responseBody.error === "string") {
+    return responseBody.error;
+  }
+  return void 0;
+}
+export {
+  DodoProviderError,
+  createDodoProvider
+};

package/package.json

@@ -0,0 +1,45 @@
+{
+  "name": "@openbilling/dodo",
+  "version": "0.1.0-alpha.1",
+  "homepage": "https://openbilling.geodim.dev",
+  "description": "Switch between Stripe and Dodo Payments without rewriting your billing logic",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/gndimitro/openbilling",
+    "directory": "packages/dodo"
+  },
+  "license": "MIT",
+  "keywords": [
+    "billing",
+    "payments",
+    "stripe",
+    "dodo"
+  ],
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "dependencies": {
+    "standardwebhooks": "^1.0.0",
+    "@openbilling/core": "0.1.0-alpha.1"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "dev": "tsup src/index.ts --format esm,cjs --dts --clean --watch",
+    "test": "vitest run",
+    "typecheck": "tsc --project tsconfig.json --noEmit"
+  }
+}