@pague-dev/sdk-node 0.5.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +5 -2
  2. package/dist/index.cjs +37 -1
  3. package/dist/index.d.cts +30 -8
  4. package/dist/index.d.mts +30 -8
  5. package/dist/index.mjs +37 -1
  6. package/package.json +1 -1
package/README.md CHANGED
@@ -19,9 +19,12 @@ const pdev = new Pdev('pd_live_sua_api_key');
19
19
  // Opção 2: Usar variável de ambiente PDEV_API_KEY
20
20
  const pdev = new Pdev();
21
21
 
22
- // PIX
22
+ // PIX Dinâmico
23
23
  await pdev.pix.create({ amount, description, customer });
24
24
 
25
+ // PIX QR Code Estático
26
+ await pdev.pix.createStaticQrCode({ amount, description });
27
+
25
28
  // Charges
26
29
  await pdev.charges.create({ projectId, name, amount, paymentMethods });
27
30
  await pdev.charges.list({ page, limit });
@@ -49,7 +52,7 @@ const event = parseWebhook(req.body);
49
52
 
50
53
  ## Recursos
51
54
 
52
- - **PIX** - Cobranças instantâneas
55
+ - **PIX** - Cobranças instantâneas (dinâmico e estático)
53
56
  - **Charges** - Links de pagamento
54
57
  - **Customers** - Gestão de clientes
55
58
  - **Projects** - Organização por projetos
package/dist/index.cjs CHANGED
@@ -1,3 +1,4 @@
1
+ let node_crypto = require("node:crypto");
1
2
 
2
3
  //#region src/common/utils/build-pagination-query.ts
3
4
  function buildPaginationQuery(options) {
@@ -261,6 +262,40 @@ function isValidWebhookEvent(event) {
261
262
  * });
262
263
  * ```
263
264
  */
265
+ /**
266
+ * Verifies the HMAC-SHA256 signature of a webhook payload.
267
+ *
268
+ * @param payload - The raw request body as a string
269
+ * @param signature - The signature from the `X-Webhook-Signature` header
270
+ * @param secret - Your webhook secret (plain text, before hashing)
271
+ * @returns `true` if the signature is valid, `false` otherwise
272
+ *
273
+ * @example
274
+ * ```typescript
275
+ * import { verifyWebhookSignature, parseWebhook } from '@pague-dev/sdk-node';
276
+ *
277
+ * app.post('/webhook', (req, res) => {
278
+ * const signature = req.headers['x-webhook-signature'] as string;
279
+ * const rawBody = req.body; // raw string body
280
+ *
281
+ * if (!verifyWebhookSignature(rawBody, signature, 'your_webhook_secret')) {
282
+ * return res.status(401).send('Invalid signature');
283
+ * }
284
+ *
285
+ * const event = parseWebhook(rawBody);
286
+ * // handle event...
287
+ * });
288
+ * ```
289
+ */
290
+ function verifyWebhookSignature(payload, signature, secret) {
291
+ if (!payload || !signature || !secret) return false;
292
+ try {
293
+ const expected = (0, node_crypto.createHmac)("sha256", (0, node_crypto.createHash)("sha256").update(secret).digest("hex")).update(payload).digest("hex");
294
+ return (0, node_crypto.timingSafeEqual)(Buffer.from(expected, "hex"), Buffer.from(signature, "hex"));
295
+ } catch {
296
+ return false;
297
+ }
298
+ }
264
299
  function parseWebhook(payload) {
265
300
  let parsed;
266
301
  try {
@@ -274,4 +309,5 @@ function parseWebhook(payload) {
274
309
 
275
310
  //#endregion
276
311
  exports.Pdev = Pdev;
277
- exports.parseWebhook = parseWebhook;
312
+ exports.parseWebhook = parseWebhook;
313
+ exports.verifyWebhookSignature = verifyWebhookSignature;
package/dist/index.d.cts CHANGED
@@ -194,15 +194,11 @@ interface CreatePixOptions {
194
194
  type CreatePixResponse = Response<PixCharge>;
195
195
  //#endregion
196
196
  //#region src/pix/interfaces/static-qr-code.interface.d.ts
197
- interface StaticQrCodeTransaction {
198
- description: string;
199
- amount: number;
200
- comment?: string;
201
- externalReference?: string;
202
- }
203
197
  interface CreateStaticQrCodeOptions {
204
- transaction: StaticQrCodeTransaction;
198
+ amount: number;
199
+ description: string;
205
200
  projectId?: string;
201
+ externalReference?: string;
206
202
  metadata?: Record<string, unknown>;
207
203
  }
208
204
  interface StaticQrCode {
@@ -542,6 +538,32 @@ interface WebhookHeaders {
542
538
  * });
543
539
  * ```
544
540
  */
541
+ /**
542
+ * Verifies the HMAC-SHA256 signature of a webhook payload.
543
+ *
544
+ * @param payload - The raw request body as a string
545
+ * @param signature - The signature from the `X-Webhook-Signature` header
546
+ * @param secret - Your webhook secret (plain text, before hashing)
547
+ * @returns `true` if the signature is valid, `false` otherwise
548
+ *
549
+ * @example
550
+ * ```typescript
551
+ * import { verifyWebhookSignature, parseWebhook } from '@pague-dev/sdk-node';
552
+ *
553
+ * app.post('/webhook', (req, res) => {
554
+ * const signature = req.headers['x-webhook-signature'] as string;
555
+ * const rawBody = req.body; // raw string body
556
+ *
557
+ * if (!verifyWebhookSignature(rawBody, signature, 'your_webhook_secret')) {
558
+ * return res.status(401).send('Invalid signature');
559
+ * }
560
+ *
561
+ * const event = parseWebhook(rawBody);
562
+ * // handle event...
563
+ * });
564
+ * ```
565
+ */
566
+ declare function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean;
545
567
  declare function parseWebhook(payload: string): WebhookEvent | null;
546
568
  //#endregion
547
- export { Charge, ChargeStatus, CreateChargeOptions, CreateChargeResponse, CreateCustomerOptions, CreateCustomerResponse, CreatePixCustomer, CreatePixOptions, CreatePixResponse, CreateProjectOptions, CreateProjectResponse, CreateStaticQrCodeOptions, CreateStaticQrCodeResponse, CreateWithdrawalOptions, CreateWithdrawalResponse, Customer, DocumentType, type ErrorResponse, GetChargeResponse, GetTransactionResponse, ListChargesOptions, ListChargesResponse, ListCustomersOptions, ListCustomersResponse, ListProjectsOptions, ListProjectsResponse, NotificationType, type PaginatedResponse, type PaginationOptions, PaymentCompletedData, PaymentCompletedEvent, PaymentMethod, Pdev, PixCharge, PixKeyType, PixStatus, Project, RefundCompletedData, RefundCompletedEvent, type Response, SortBy, SortOrder, StaticQrCode, StaticQrCodeTransaction, Transaction, TransactionPaymentMethod, TransactionStatus, TransactionType, WebhookEvent, WebhookEventType, WebhookHeaders, WebhookPayload, Withdrawal, WithdrawalCompletedData, WithdrawalCompletedEvent, WithdrawalFailedData, WithdrawalFailedEvent, WithdrawalStatus, parseWebhook };
569
+ export { Charge, ChargeStatus, CreateChargeOptions, CreateChargeResponse, CreateCustomerOptions, CreateCustomerResponse, CreatePixCustomer, CreatePixOptions, CreatePixResponse, CreateProjectOptions, CreateProjectResponse, CreateStaticQrCodeOptions, CreateStaticQrCodeResponse, CreateWithdrawalOptions, CreateWithdrawalResponse, Customer, DocumentType, type ErrorResponse, GetChargeResponse, GetTransactionResponse, ListChargesOptions, ListChargesResponse, ListCustomersOptions, ListCustomersResponse, ListProjectsOptions, ListProjectsResponse, NotificationType, type PaginatedResponse, type PaginationOptions, PaymentCompletedData, PaymentCompletedEvent, PaymentMethod, Pdev, PixCharge, PixKeyType, PixStatus, Project, RefundCompletedData, RefundCompletedEvent, type Response, SortBy, SortOrder, StaticQrCode, Transaction, TransactionPaymentMethod, TransactionStatus, TransactionType, WebhookEvent, WebhookEventType, WebhookHeaders, WebhookPayload, Withdrawal, WithdrawalCompletedData, WithdrawalCompletedEvent, WithdrawalFailedData, WithdrawalFailedEvent, WithdrawalStatus, parseWebhook, verifyWebhookSignature };
package/dist/index.d.mts CHANGED
@@ -194,15 +194,11 @@ interface CreatePixOptions {
194
194
  type CreatePixResponse = Response<PixCharge>;
195
195
  //#endregion
196
196
  //#region src/pix/interfaces/static-qr-code.interface.d.ts
197
- interface StaticQrCodeTransaction {
198
- description: string;
199
- amount: number;
200
- comment?: string;
201
- externalReference?: string;
202
- }
203
197
  interface CreateStaticQrCodeOptions {
204
- transaction: StaticQrCodeTransaction;
198
+ amount: number;
199
+ description: string;
205
200
  projectId?: string;
201
+ externalReference?: string;
206
202
  metadata?: Record<string, unknown>;
207
203
  }
208
204
  interface StaticQrCode {
@@ -542,6 +538,32 @@ interface WebhookHeaders {
542
538
  * });
543
539
  * ```
544
540
  */
541
+ /**
542
+ * Verifies the HMAC-SHA256 signature of a webhook payload.
543
+ *
544
+ * @param payload - The raw request body as a string
545
+ * @param signature - The signature from the `X-Webhook-Signature` header
546
+ * @param secret - Your webhook secret (plain text, before hashing)
547
+ * @returns `true` if the signature is valid, `false` otherwise
548
+ *
549
+ * @example
550
+ * ```typescript
551
+ * import { verifyWebhookSignature, parseWebhook } from '@pague-dev/sdk-node';
552
+ *
553
+ * app.post('/webhook', (req, res) => {
554
+ * const signature = req.headers['x-webhook-signature'] as string;
555
+ * const rawBody = req.body; // raw string body
556
+ *
557
+ * if (!verifyWebhookSignature(rawBody, signature, 'your_webhook_secret')) {
558
+ * return res.status(401).send('Invalid signature');
559
+ * }
560
+ *
561
+ * const event = parseWebhook(rawBody);
562
+ * // handle event...
563
+ * });
564
+ * ```
565
+ */
566
+ declare function verifyWebhookSignature(payload: string, signature: string, secret: string): boolean;
545
567
  declare function parseWebhook(payload: string): WebhookEvent | null;
546
568
  //#endregion
547
- export { Charge, ChargeStatus, CreateChargeOptions, CreateChargeResponse, CreateCustomerOptions, CreateCustomerResponse, CreatePixCustomer, CreatePixOptions, CreatePixResponse, CreateProjectOptions, CreateProjectResponse, CreateStaticQrCodeOptions, CreateStaticQrCodeResponse, CreateWithdrawalOptions, CreateWithdrawalResponse, Customer, DocumentType, type ErrorResponse, GetChargeResponse, GetTransactionResponse, ListChargesOptions, ListChargesResponse, ListCustomersOptions, ListCustomersResponse, ListProjectsOptions, ListProjectsResponse, NotificationType, type PaginatedResponse, type PaginationOptions, PaymentCompletedData, PaymentCompletedEvent, PaymentMethod, Pdev, PixCharge, PixKeyType, PixStatus, Project, RefundCompletedData, RefundCompletedEvent, type Response, SortBy, SortOrder, StaticQrCode, StaticQrCodeTransaction, Transaction, TransactionPaymentMethod, TransactionStatus, TransactionType, WebhookEvent, WebhookEventType, WebhookHeaders, WebhookPayload, Withdrawal, WithdrawalCompletedData, WithdrawalCompletedEvent, WithdrawalFailedData, WithdrawalFailedEvent, WithdrawalStatus, parseWebhook };
569
+ export { Charge, ChargeStatus, CreateChargeOptions, CreateChargeResponse, CreateCustomerOptions, CreateCustomerResponse, CreatePixCustomer, CreatePixOptions, CreatePixResponse, CreateProjectOptions, CreateProjectResponse, CreateStaticQrCodeOptions, CreateStaticQrCodeResponse, CreateWithdrawalOptions, CreateWithdrawalResponse, Customer, DocumentType, type ErrorResponse, GetChargeResponse, GetTransactionResponse, ListChargesOptions, ListChargesResponse, ListCustomersOptions, ListCustomersResponse, ListProjectsOptions, ListProjectsResponse, NotificationType, type PaginatedResponse, type PaginationOptions, PaymentCompletedData, PaymentCompletedEvent, PaymentMethod, Pdev, PixCharge, PixKeyType, PixStatus, Project, RefundCompletedData, RefundCompletedEvent, type Response, SortBy, SortOrder, StaticQrCode, Transaction, TransactionPaymentMethod, TransactionStatus, TransactionType, WebhookEvent, WebhookEventType, WebhookHeaders, WebhookPayload, Withdrawal, WithdrawalCompletedData, WithdrawalCompletedEvent, WithdrawalFailedData, WithdrawalFailedEvent, WithdrawalStatus, parseWebhook, verifyWebhookSignature };
package/dist/index.mjs CHANGED
@@ -1,3 +1,5 @@
1
+ import { createHash, createHmac, timingSafeEqual } from "node:crypto";
2
+
1
3
  //#region src/common/utils/build-pagination-query.ts
2
4
  function buildPaginationQuery(options) {
3
5
  const searchParams = new URLSearchParams();
@@ -260,6 +262,40 @@ function isValidWebhookEvent(event) {
260
262
  * });
261
263
  * ```
262
264
  */
265
+ /**
266
+ * Verifies the HMAC-SHA256 signature of a webhook payload.
267
+ *
268
+ * @param payload - The raw request body as a string
269
+ * @param signature - The signature from the `X-Webhook-Signature` header
270
+ * @param secret - Your webhook secret (plain text, before hashing)
271
+ * @returns `true` if the signature is valid, `false` otherwise
272
+ *
273
+ * @example
274
+ * ```typescript
275
+ * import { verifyWebhookSignature, parseWebhook } from '@pague-dev/sdk-node';
276
+ *
277
+ * app.post('/webhook', (req, res) => {
278
+ * const signature = req.headers['x-webhook-signature'] as string;
279
+ * const rawBody = req.body; // raw string body
280
+ *
281
+ * if (!verifyWebhookSignature(rawBody, signature, 'your_webhook_secret')) {
282
+ * return res.status(401).send('Invalid signature');
283
+ * }
284
+ *
285
+ * const event = parseWebhook(rawBody);
286
+ * // handle event...
287
+ * });
288
+ * ```
289
+ */
290
+ function verifyWebhookSignature(payload, signature, secret) {
291
+ if (!payload || !signature || !secret) return false;
292
+ try {
293
+ const expected = createHmac("sha256", createHash("sha256").update(secret).digest("hex")).update(payload).digest("hex");
294
+ return timingSafeEqual(Buffer.from(expected, "hex"), Buffer.from(signature, "hex"));
295
+ } catch {
296
+ return false;
297
+ }
298
+ }
263
299
  function parseWebhook(payload) {
264
300
  let parsed;
265
301
  try {
@@ -272,4 +308,4 @@ function parseWebhook(payload) {
272
308
  }
273
309
 
274
310
  //#endregion
275
- export { Pdev, parseWebhook };
311
+ export { Pdev, parseWebhook, verifyWebhookSignature };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@pague-dev/sdk-node",
3
- "version": "0.5.0",
3
+ "version": "1.1.0",
4
4
  "description": "Node.js SDK for the pague.dev API",
5
5
  "main": "./dist/index.cjs",
6
6
  "module": "./dist/index.mjs",