@openbilling/stripe 0.1.0-alpha.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 George Dimitrov
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,18 @@
+# @openbilling/stripe
+
+Stripe adapter for OpenBilling.
+
+`@openbilling/stripe` provides a fetch-based Stripe adapter that implements the shared `@openbilling/core` billing contract. It supports the current OpenBilling MVP workflows for Stripe Checkout Sessions, Stripe Billing Portal sessions, webhook verification, and normalized webhook mapping.
+
+This package keeps Stripe-specific behavior visible where it matters. Checkout creation is price-based and currently requires `priceId`; `productId` is not treated as a portable substitute for Stripe.
+
+## Install
+
+```bash
+npm install @openbilling/core @openbilling/stripe
+```
+
+## Links
+
+- Documentation: [openbilling.geodim.dev](https://openbilling.geodim.dev)
+- Repository: [github.com/gndimitro/openbilling](https://github.com/gndimitro/openbilling)

package/dist/index.cjs

@@ -0,0 +1,318 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  StripeProviderError: () => StripeProviderError,
+  createStripeProvider: () => createStripeProvider
+});
+module.exports = __toCommonJS(index_exports);
+var import_core = require("@openbilling/core");
+var STRIPE_API_BASE_URL = "https://api.stripe.com";
+var STRIPE_API_VERSION = "2026-04-22.dahlia";
+var WEBHOOK_TOLERANCE_SECONDS = 300;
+var textDecoder = new TextDecoder();
+var textEncoder = new TextEncoder();
+var StripeProviderError = class extends Error {
+  /** Stable provider-specific error classification. */
+  code;
+  /** HTTP status returned by Stripe when the error came from an API response. */
+  status;
+  constructor(message, code, status, options) {
+    super(message, options);
+    this.name = "StripeProviderError";
+    this.code = code;
+    if (status !== void 0) {
+      this.status = status;
+    }
+  }
+};
+function createStripeProvider(config) {
+  return (0, import_core.createBilling)({
+    async createCheckout(input) {
+      const priceId = input.priceId;
+      if (!priceId) {
+        throw new StripeProviderError(
+          input.productId ? "Stripe checkout sessions currently require a priceId instead of a productId." : "Stripe checkout sessions require a priceId.",
+          "unsupported_input"
+        );
+      }
+      const response = await postForm(
+        "/v1/checkout/sessions",
+        config.apiKey,
+        buildCheckoutForm(input, priceId)
+      );
+      if (!response.id || !response.url) {
+        throw new StripeProviderError("Stripe checkout session did not include both an id and a URL.", "api_error");
+      }
+      return {
+        id: response.id,
+        url: response.url,
+        provider: import_core.Provider.Stripe,
+        raw: response
+      };
+    },
+    async createPortalLink(input) {
+      const response = await postForm(
+        "/v1/billing_portal/sessions",
+        config.apiKey,
+        buildPortalForm(input)
+      );
+      if (!response.url) {
+        throw new StripeProviderError("Stripe billing portal session did not include a URL.", "api_error");
+      }
+      return {
+        url: response.url,
+        provider: import_core.Provider.Stripe,
+        raw: response
+      };
+    },
+    async verifyWebhook(input) {
+      const payload = toWebhookPayload(input.payload);
+      const signature = getSignature(input);
+      const secret = input.secret ?? config.webhookSecret;
+      const parsedHeader = parseSignatureHeader(signature);
+      assertTimestampIsFresh(parsedHeader.timestamp);
+      const expectedSignature = await createWebhookSignature(secret, `${parsedHeader.timestamp}.${payload}`);
+      const hasMatchingSignature = parsedHeader.signatures.some(
+        (candidate) => timingSafeEqual(candidate, expectedSignature)
+      );
+      if (!hasMatchingSignature) {
+        throw new StripeProviderError("Stripe webhook signature verification failed.", "invalid_webhook_signature");
+      }
+      const event = parseWebhookEvent(payload);
+      return normalizeWebhookEvent(event);
+    }
+  });
+}
+function buildCheckoutForm(input, priceId) {
+  const params = new URLSearchParams();
+  params.set("mode", input.mode);
+  params.set("success_url", input.successUrl);
+  params.set("cancel_url", input.cancelUrl);
+  params.set("line_items[0][price]", priceId);
+  params.set("line_items[0][quantity]", "1");
+  if (input.customerId) {
+    params.set("customer", input.customerId);
+  } else if (input.customerEmail) {
+    params.set("customer_email", input.customerEmail);
+  }
+  if (input.metadata) {
+    for (const [key, value] of Object.entries(input.metadata)) {
+      params.set(`metadata[${key}]`, value);
+    }
+  }
+  return params;
+}
+function buildPortalForm(input) {
+  const params = new URLSearchParams();
+  params.set("customer", input.customerId);
+  params.set("return_url", input.returnUrl);
+  return params;
+}
+async function postForm(path, apiKey, body) {
+  const response = await fetch(`${STRIPE_API_BASE_URL}${path}`, {
+    method: "POST",
+    headers: {
+      authorization: `Bearer ${apiKey}`,
+      "content-type": "application/x-www-form-urlencoded",
+      "stripe-version": STRIPE_API_VERSION
+    },
+    body: body.toString()
+  });
+  const responseBody = await readResponseBody(response);
+  if (!response.ok) {
+    throw createApiError(response, responseBody);
+  }
+  return responseBody;
+}
+async function readResponseBody(response) {
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    return response.json();
+  }
+  return response.text();
+}
+function createApiError(response, responseBody) {
+  const message = getApiErrorMessage(responseBody) ?? `Stripe API request failed with status ${response.status}${response.statusText ? ` ${response.statusText}` : ""}.`;
+  return new StripeProviderError(message, "api_error", response.status);
+}
+function getApiErrorMessage(responseBody) {
+  if (!responseBody || typeof responseBody !== "object") {
+    return void 0;
+  }
+  return responseBody.error?.message;
+}
+function toWebhookPayload(payload) {
+  return typeof payload === "string" ? payload : textDecoder.decode(payload);
+}
+function getSignature(input) {
+  if (input.signature) {
+    return input.signature;
+  }
+  const headerEntry = Object.entries(input.headers ?? {}).find(([key]) => key.toLowerCase() === "stripe-signature");
+  if (headerEntry?.[1]) {
+    return headerEntry[1];
+  }
+  throw new StripeProviderError("Stripe webhook verification requires a Stripe-Signature header.", "invalid_webhook_signature");
+}
+function parseSignatureHeader(header) {
+  let timestamp;
+  const signatures = [];
+  for (const entry of header.split(",")) {
+    const [rawKey, rawValue] = entry.split("=", 2);
+    const key = rawKey?.trim();
+    const value = rawValue?.trim();
+    if (!key || !value) {
+      continue;
+    }
+    if (key === "t") {
+      const parsedTimestamp = Number(value);
+      if (Number.isSafeInteger(parsedTimestamp)) {
+        timestamp = parsedTimestamp;
+      }
+    }
+    if (key === "v1") {
+      signatures.push(value);
+    }
+  }
+  if (timestamp === void 0 || signatures.length === 0) {
+    throw new StripeProviderError("Stripe-Signature header is malformed.", "invalid_webhook_signature");
+  }
+  return {
+    timestamp,
+    signatures
+  };
+}
+function assertTimestampIsFresh(timestamp) {
+  const now = Math.floor(Date.now() / 1e3);
+  if (Math.abs(now - timestamp) > WEBHOOK_TOLERANCE_SECONDS) {
+    throw new StripeProviderError("Stripe webhook signature timestamp is outside the accepted tolerance window.", "invalid_webhook_signature");
+  }
+}
+async function createWebhookSignature(secret, payload) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    textEncoder.encode(secret),
+    {
+      name: "HMAC",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign("HMAC", key, textEncoder.encode(payload));
+  return bytesToHex(new Uint8Array(signature));
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes, (value) => value.toString(16).padStart(2, "0")).join("");
+}
+function timingSafeEqual(left, right) {
+  const leftBytes = textEncoder.encode(left);
+  const rightBytes = textEncoder.encode(right);
+  const maxLength = Math.max(leftBytes.length, rightBytes.length);
+  let mismatch = leftBytes.length === rightBytes.length ? 0 : 1;
+  for (let index = 0; index < maxLength; index += 1) {
+    mismatch |= (leftBytes[index] ?? 0) ^ (rightBytes[index] ?? 0);
+  }
+  return mismatch === 0;
+}
+function parseWebhookEvent(payload) {
+  try {
+    return JSON.parse(payload);
+  } catch (error) {
+    throw new StripeProviderError("Stripe webhook payload was not valid JSON.", "invalid_webhook_signature", void 0, {
+      cause: error
+    });
+  }
+}
+function normalizeWebhookEvent(event) {
+  const object = event.data?.object;
+  const customerId = getString(object?.customer);
+  switch (event.type) {
+    case "customer.subscription.created":
+    case "customer.subscription.updated":
+      if (getString(object?.status) === "active") {
+        const subscriptionId = getString(object?.id);
+        if (customerId && subscriptionId) {
+          return {
+            type: import_core.Subscription.Active,
+            provider: import_core.Provider.Stripe,
+            customerId,
+            subscriptionId,
+            raw: event
+          };
+        }
+      }
+      break;
+    case "customer.subscription.deleted": {
+      const subscriptionId = getString(object?.id);
+      if (customerId && subscriptionId) {
+        return {
+          type: import_core.Subscription.Cancelled,
+          provider: import_core.Provider.Stripe,
+          customerId,
+          subscriptionId,
+          raw: event
+        };
+      }
+      break;
+    }
+    case "checkout.session.completed": {
+      const paymentId = getString(object?.payment_intent);
+      if (paymentId) {
+        return {
+          type: import_core.Payment.Succeeded,
+          provider: import_core.Provider.Stripe,
+          ...customerId ? { customerId } : {},
+          paymentId,
+          raw: event
+        };
+      }
+      break;
+    }
+    case "payment_intent.succeeded": {
+      const paymentId = getString(object?.id);
+      if (paymentId) {
+        return {
+          type: import_core.Payment.Succeeded,
+          provider: import_core.Provider.Stripe,
+          ...customerId ? { customerId } : {},
+          paymentId,
+          raw: event
+        };
+      }
+      break;
+    }
+  }
+  return {
+    type: import_core.Webhook.Unknown,
+    provider: import_core.Provider.Stripe,
+    raw: event
+  };
+}
+function getString(value) {
+  return typeof value === "string" ? value : void 0;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  StripeProviderError,
+  createStripeProvider
+});

package/dist/index.d.cts

@@ -0,0 +1,77 @@
+import { BillingProvider } from '@openbilling/core';
+
+type StripeErrorCode = "unsupported_input" | "api_error" | "invalid_webhook_signature";
+/**
+ * Configuration for the Stripe provider adapter.
+ *
+ * The current Stripe adapter is intentionally narrow and only covers the
+ * hosted checkout, billing portal, and webhook flows documented in the root
+ * README.
+ */
+interface StripeProviderConfig {
+    /** Restricted or secret API key used for Stripe REST API requests. */
+    apiKey: string;
+    /** Webhook signing secret used to verify Stripe webhook deliveries. */
+    webhookSecret: string;
+}
+/**
+ * Error raised by the Stripe provider adapter.
+ *
+ * The `code` field is stable enough for app-level branching, while `status`
+ * is included when the failure originated from the Stripe HTTP API.
+ */
+declare class StripeProviderError extends Error {
+    /** Stable provider-specific error classification. */
+    readonly code: StripeErrorCode;
+    /** HTTP status returned by Stripe when the error came from an API response. */
+    readonly status?: number;
+    constructor(message: string, code: StripeErrorCode, status?: number, options?: ErrorOptions);
+}
+/**
+ * Creates a fetch-based Stripe adapter that implements the shared
+ * `@openbilling/core` billing contract.
+ *
+ * The current MVP intentionally supports a narrow Stripe surface:
+ * - checkout creation through Stripe Checkout Sessions
+ * - customer billing management through Stripe Billing Portal
+ * - webhook verification plus normalization for a small set of events
+ *
+ * Important provider caveats:
+ * - Stripe currently requires `priceId` for checkout creation
+ * - `productId` alone is not treated as a portable substitute
+ * - both test and live mode target `https://api.stripe.com`; the key
+ *   determines the environment
+ * - outbound REST requests pin `Stripe-Version: 2026-04-22.dahlia`
+ *
+ * Supported normalized Stripe webhook coverage:
+ * - `checkout.session.completed` where `payment_intent` is present
+ * - `payment_intent.succeeded`
+ * - `customer.subscription.created` with active status
+ * - `customer.subscription.updated` with active status
+ * - `customer.subscription.deleted`
+ *
+ * Unsupported Stripe events resolve to {@link Webhook.Unknown} instead of
+ * throwing purely because the event is outside the current MVP.
+ *
+ * @throws {StripeProviderError} When input is unsupported, webhook
+ * verification fails, or the Stripe API returns an error response.
+ *
+ * @example
+ * ```ts
+ * const billing = createStripeProvider({
+ *   apiKey: "sk_test_123",
+ *   webhookSecret: "whsec_123"
+ * });
+ *
+ * const checkout = await billing.createCheckout({
+ *   priceId: "price_123",
+ *   customerEmail: "demo@example.com",
+ *   successUrl: "https://example.com/success",
+ *   cancelUrl: "https://example.com/cancel",
+ *   mode: "subscription"
+ * });
+ * ```
+ */
+declare function createStripeProvider(config: StripeProviderConfig): BillingProvider;
+
+export { type StripeProviderConfig, StripeProviderError, createStripeProvider };

package/dist/index.d.ts

@@ -0,0 +1,77 @@
+import { BillingProvider } from '@openbilling/core';
+
+type StripeErrorCode = "unsupported_input" | "api_error" | "invalid_webhook_signature";
+/**
+ * Configuration for the Stripe provider adapter.
+ *
+ * The current Stripe adapter is intentionally narrow and only covers the
+ * hosted checkout, billing portal, and webhook flows documented in the root
+ * README.
+ */
+interface StripeProviderConfig {
+    /** Restricted or secret API key used for Stripe REST API requests. */
+    apiKey: string;
+    /** Webhook signing secret used to verify Stripe webhook deliveries. */
+    webhookSecret: string;
+}
+/**
+ * Error raised by the Stripe provider adapter.
+ *
+ * The `code` field is stable enough for app-level branching, while `status`
+ * is included when the failure originated from the Stripe HTTP API.
+ */
+declare class StripeProviderError extends Error {
+    /** Stable provider-specific error classification. */
+    readonly code: StripeErrorCode;
+    /** HTTP status returned by Stripe when the error came from an API response. */
+    readonly status?: number;
+    constructor(message: string, code: StripeErrorCode, status?: number, options?: ErrorOptions);
+}
+/**
+ * Creates a fetch-based Stripe adapter that implements the shared
+ * `@openbilling/core` billing contract.
+ *
+ * The current MVP intentionally supports a narrow Stripe surface:
+ * - checkout creation through Stripe Checkout Sessions
+ * - customer billing management through Stripe Billing Portal
+ * - webhook verification plus normalization for a small set of events
+ *
+ * Important provider caveats:
+ * - Stripe currently requires `priceId` for checkout creation
+ * - `productId` alone is not treated as a portable substitute
+ * - both test and live mode target `https://api.stripe.com`; the key
+ *   determines the environment
+ * - outbound REST requests pin `Stripe-Version: 2026-04-22.dahlia`
+ *
+ * Supported normalized Stripe webhook coverage:
+ * - `checkout.session.completed` where `payment_intent` is present
+ * - `payment_intent.succeeded`
+ * - `customer.subscription.created` with active status
+ * - `customer.subscription.updated` with active status
+ * - `customer.subscription.deleted`
+ *
+ * Unsupported Stripe events resolve to {@link Webhook.Unknown} instead of
+ * throwing purely because the event is outside the current MVP.
+ *
+ * @throws {StripeProviderError} When input is unsupported, webhook
+ * verification fails, or the Stripe API returns an error response.
+ *
+ * @example
+ * ```ts
+ * const billing = createStripeProvider({
+ *   apiKey: "sk_test_123",
+ *   webhookSecret: "whsec_123"
+ * });
+ *
+ * const checkout = await billing.createCheckout({
+ *   priceId: "price_123",
+ *   customerEmail: "demo@example.com",
+ *   successUrl: "https://example.com/success",
+ *   cancelUrl: "https://example.com/cancel",
+ *   mode: "subscription"
+ * });
+ * ```
+ */
+declare function createStripeProvider(config: StripeProviderConfig): BillingProvider;
+
+export { type StripeProviderConfig, StripeProviderError, createStripeProvider };

package/dist/index.js

@@ -0,0 +1,298 @@
+// src/index.ts
+import {
+  Payment,
+  Provider,
+  Subscription,
+  Webhook,
+  createBilling
+} from "@openbilling/core";
+var STRIPE_API_BASE_URL = "https://api.stripe.com";
+var STRIPE_API_VERSION = "2026-04-22.dahlia";
+var WEBHOOK_TOLERANCE_SECONDS = 300;
+var textDecoder = new TextDecoder();
+var textEncoder = new TextEncoder();
+var StripeProviderError = class extends Error {
+  /** Stable provider-specific error classification. */
+  code;
+  /** HTTP status returned by Stripe when the error came from an API response. */
+  status;
+  constructor(message, code, status, options) {
+    super(message, options);
+    this.name = "StripeProviderError";
+    this.code = code;
+    if (status !== void 0) {
+      this.status = status;
+    }
+  }
+};
+function createStripeProvider(config) {
+  return createBilling({
+    async createCheckout(input) {
+      const priceId = input.priceId;
+      if (!priceId) {
+        throw new StripeProviderError(
+          input.productId ? "Stripe checkout sessions currently require a priceId instead of a productId." : "Stripe checkout sessions require a priceId.",
+          "unsupported_input"
+        );
+      }
+      const response = await postForm(
+        "/v1/checkout/sessions",
+        config.apiKey,
+        buildCheckoutForm(input, priceId)
+      );
+      if (!response.id || !response.url) {
+        throw new StripeProviderError("Stripe checkout session did not include both an id and a URL.", "api_error");
+      }
+      return {
+        id: response.id,
+        url: response.url,
+        provider: Provider.Stripe,
+        raw: response
+      };
+    },
+    async createPortalLink(input) {
+      const response = await postForm(
+        "/v1/billing_portal/sessions",
+        config.apiKey,
+        buildPortalForm(input)
+      );
+      if (!response.url) {
+        throw new StripeProviderError("Stripe billing portal session did not include a URL.", "api_error");
+      }
+      return {
+        url: response.url,
+        provider: Provider.Stripe,
+        raw: response
+      };
+    },
+    async verifyWebhook(input) {
+      const payload = toWebhookPayload(input.payload);
+      const signature = getSignature(input);
+      const secret = input.secret ?? config.webhookSecret;
+      const parsedHeader = parseSignatureHeader(signature);
+      assertTimestampIsFresh(parsedHeader.timestamp);
+      const expectedSignature = await createWebhookSignature(secret, `${parsedHeader.timestamp}.${payload}`);
+      const hasMatchingSignature = parsedHeader.signatures.some(
+        (candidate) => timingSafeEqual(candidate, expectedSignature)
+      );
+      if (!hasMatchingSignature) {
+        throw new StripeProviderError("Stripe webhook signature verification failed.", "invalid_webhook_signature");
+      }
+      const event = parseWebhookEvent(payload);
+      return normalizeWebhookEvent(event);
+    }
+  });
+}
+function buildCheckoutForm(input, priceId) {
+  const params = new URLSearchParams();
+  params.set("mode", input.mode);
+  params.set("success_url", input.successUrl);
+  params.set("cancel_url", input.cancelUrl);
+  params.set("line_items[0][price]", priceId);
+  params.set("line_items[0][quantity]", "1");
+  if (input.customerId) {
+    params.set("customer", input.customerId);
+  } else if (input.customerEmail) {
+    params.set("customer_email", input.customerEmail);
+  }
+  if (input.metadata) {
+    for (const [key, value] of Object.entries(input.metadata)) {
+      params.set(`metadata[${key}]`, value);
+    }
+  }
+  return params;
+}
+function buildPortalForm(input) {
+  const params = new URLSearchParams();
+  params.set("customer", input.customerId);
+  params.set("return_url", input.returnUrl);
+  return params;
+}
+async function postForm(path, apiKey, body) {
+  const response = await fetch(`${STRIPE_API_BASE_URL}${path}`, {
+    method: "POST",
+    headers: {
+      authorization: `Bearer ${apiKey}`,
+      "content-type": "application/x-www-form-urlencoded",
+      "stripe-version": STRIPE_API_VERSION
+    },
+    body: body.toString()
+  });
+  const responseBody = await readResponseBody(response);
+  if (!response.ok) {
+    throw createApiError(response, responseBody);
+  }
+  return responseBody;
+}
+async function readResponseBody(response) {
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    return response.json();
+  }
+  return response.text();
+}
+function createApiError(response, responseBody) {
+  const message = getApiErrorMessage(responseBody) ?? `Stripe API request failed with status ${response.status}${response.statusText ? ` ${response.statusText}` : ""}.`;
+  return new StripeProviderError(message, "api_error", response.status);
+}
+function getApiErrorMessage(responseBody) {
+  if (!responseBody || typeof responseBody !== "object") {
+    return void 0;
+  }
+  return responseBody.error?.message;
+}
+function toWebhookPayload(payload) {
+  return typeof payload === "string" ? payload : textDecoder.decode(payload);
+}
+function getSignature(input) {
+  if (input.signature) {
+    return input.signature;
+  }
+  const headerEntry = Object.entries(input.headers ?? {}).find(([key]) => key.toLowerCase() === "stripe-signature");
+  if (headerEntry?.[1]) {
+    return headerEntry[1];
+  }
+  throw new StripeProviderError("Stripe webhook verification requires a Stripe-Signature header.", "invalid_webhook_signature");
+}
+function parseSignatureHeader(header) {
+  let timestamp;
+  const signatures = [];
+  for (const entry of header.split(",")) {
+    const [rawKey, rawValue] = entry.split("=", 2);
+    const key = rawKey?.trim();
+    const value = rawValue?.trim();
+    if (!key || !value) {
+      continue;
+    }
+    if (key === "t") {
+      const parsedTimestamp = Number(value);
+      if (Number.isSafeInteger(parsedTimestamp)) {
+        timestamp = parsedTimestamp;
+      }
+    }
+    if (key === "v1") {
+      signatures.push(value);
+    }
+  }
+  if (timestamp === void 0 || signatures.length === 0) {
+    throw new StripeProviderError("Stripe-Signature header is malformed.", "invalid_webhook_signature");
+  }
+  return {
+    timestamp,
+    signatures
+  };
+}
+function assertTimestampIsFresh(timestamp) {
+  const now = Math.floor(Date.now() / 1e3);
+  if (Math.abs(now - timestamp) > WEBHOOK_TOLERANCE_SECONDS) {
+    throw new StripeProviderError("Stripe webhook signature timestamp is outside the accepted tolerance window.", "invalid_webhook_signature");
+  }
+}
+async function createWebhookSignature(secret, payload) {
+  const key = await crypto.subtle.importKey(
+    "raw",
+    textEncoder.encode(secret),
+    {
+      name: "HMAC",
+      hash: "SHA-256"
+    },
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign("HMAC", key, textEncoder.encode(payload));
+  return bytesToHex(new Uint8Array(signature));
+}
+function bytesToHex(bytes) {
+  return Array.from(bytes, (value) => value.toString(16).padStart(2, "0")).join("");
+}
+function timingSafeEqual(left, right) {
+  const leftBytes = textEncoder.encode(left);
+  const rightBytes = textEncoder.encode(right);
+  const maxLength = Math.max(leftBytes.length, rightBytes.length);
+  let mismatch = leftBytes.length === rightBytes.length ? 0 : 1;
+  for (let index = 0; index < maxLength; index += 1) {
+    mismatch |= (leftBytes[index] ?? 0) ^ (rightBytes[index] ?? 0);
+  }
+  return mismatch === 0;
+}
+function parseWebhookEvent(payload) {
+  try {
+    return JSON.parse(payload);
+  } catch (error) {
+    throw new StripeProviderError("Stripe webhook payload was not valid JSON.", "invalid_webhook_signature", void 0, {
+      cause: error
+    });
+  }
+}
+function normalizeWebhookEvent(event) {
+  const object = event.data?.object;
+  const customerId = getString(object?.customer);
+  switch (event.type) {
+    case "customer.subscription.created":
+    case "customer.subscription.updated":
+      if (getString(object?.status) === "active") {
+        const subscriptionId = getString(object?.id);
+        if (customerId && subscriptionId) {
+          return {
+            type: Subscription.Active,
+            provider: Provider.Stripe,
+            customerId,
+            subscriptionId,
+            raw: event
+          };
+        }
+      }
+      break;
+    case "customer.subscription.deleted": {
+      const subscriptionId = getString(object?.id);
+      if (customerId && subscriptionId) {
+        return {
+          type: Subscription.Cancelled,
+          provider: Provider.Stripe,
+          customerId,
+          subscriptionId,
+          raw: event
+        };
+      }
+      break;
+    }
+    case "checkout.session.completed": {
+      const paymentId = getString(object?.payment_intent);
+      if (paymentId) {
+        return {
+          type: Payment.Succeeded,
+          provider: Provider.Stripe,
+          ...customerId ? { customerId } : {},
+          paymentId,
+          raw: event
+        };
+      }
+      break;
+    }
+    case "payment_intent.succeeded": {
+      const paymentId = getString(object?.id);
+      if (paymentId) {
+        return {
+          type: Payment.Succeeded,
+          provider: Provider.Stripe,
+          ...customerId ? { customerId } : {},
+          paymentId,
+          raw: event
+        };
+      }
+      break;
+    }
+  }
+  return {
+    type: Webhook.Unknown,
+    provider: Provider.Stripe,
+    raw: event
+  };
+}
+function getString(value) {
+  return typeof value === "string" ? value : void 0;
+}
+export {
+  StripeProviderError,
+  createStripeProvider
+};

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "@openbilling/stripe",
+  "version": "0.1.0-alpha.1",
+  "homepage": "https://openbilling.geodim.dev",
+  "description": "Switch between Stripe and Dodo Payments without rewriting your billing logic",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/gndimitro/openbilling",
+    "directory": "packages/stripe"
+  },
+  "license": "MIT",
+  "keywords": [
+    "billing",
+    "payments",
+    "stripe",
+    "dodo"
+  ],
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "dependencies": {
+    "@openbilling/core": "0.1.0-alpha.1"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --dts --clean",
+    "dev": "tsup src/index.ts --format esm,cjs --dts --clean --watch",
+    "test": "vitest run",
+    "typecheck": "tsc --project tsconfig.json --noEmit"
+  }
+}