@plural_pinelabs/mpp-seller-sdk 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/dist/config/environments.d.ts +8 -0
- package/dist/config/environments.d.ts.map +1 -0
- package/dist/config/environments.js +11 -0
- package/dist/config/environments.js.map +1 -0
- package/dist/config/index.d.ts +2 -0
- package/dist/config/index.d.ts.map +1 -0
- package/dist/config/index.js +8 -0
- package/dist/config/index.js.map +1 -0
- package/dist/index.d.ts +26 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +44 -0
- package/dist/index.js.map +1 -0
- package/dist/middleware/generic.d.ts +29 -0
- package/dist/middleware/generic.d.ts.map +1 -0
- package/dist/middleware/generic.js +161 -0
- package/dist/middleware/generic.js.map +1 -0
- package/dist/middleware/index.d.ts +3 -0
- package/dist/middleware/index.d.ts.map +1 -0
- package/dist/middleware/index.js +6 -0
- package/dist/middleware/index.js.map +1 -0
- package/dist/server/auth-manager.d.ts +19 -0
- package/dist/server/auth-manager.d.ts.map +1 -0
- package/dist/server/auth-manager.js +110 -0
- package/dist/server/auth-manager.js.map +1 -0
- package/dist/server/capture-client.d.ts +13 -0
- package/dist/server/capture-client.d.ts.map +1 -0
- package/dist/server/capture-client.js +134 -0
- package/dist/server/capture-client.js.map +1 -0
- package/dist/server/challenge-generator.d.ts +10 -0
- package/dist/server/challenge-generator.d.ts.map +1 -0
- package/dist/server/challenge-generator.js +60 -0
- package/dist/server/challenge-generator.js.map +1 -0
- package/dist/server/credential-verifier.d.ts +10 -0
- package/dist/server/credential-verifier.d.ts.map +1 -0
- package/dist/server/credential-verifier.js +142 -0
- package/dist/server/credential-verifier.js.map +1 -0
- package/dist/server/grant-token-verifier.d.ts +15 -0
- package/dist/server/grant-token-verifier.d.ts.map +1 -0
- package/dist/server/grant-token-verifier.js +155 -0
- package/dist/server/grant-token-verifier.js.map +1 -0
- package/dist/server/index.d.ts +8 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +22 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/plural-mpp.d.ts +26 -0
- package/dist/server/plural-mpp.d.ts.map +1 -0
- package/dist/server/plural-mpp.js +50 -0
- package/dist/server/plural-mpp.js.map +1 -0
- package/dist/server/receipt-builder.d.ts +5 -0
- package/dist/server/receipt-builder.d.ts.map +1 -0
- package/dist/server/receipt-builder.js +45 -0
- package/dist/server/receipt-builder.js.map +1 -0
- package/dist/types/auth.d.ts +12 -0
- package/dist/types/auth.d.ts.map +1 -0
- package/dist/types/auth.js +3 -0
- package/dist/types/auth.js.map +1 -0
- package/dist/types/capture.d.ts +51 -0
- package/dist/types/capture.d.ts.map +1 -0
- package/dist/types/capture.js +3 -0
- package/dist/types/capture.js.map +1 -0
- package/dist/types/challenge.d.ts +27 -0
- package/dist/types/challenge.d.ts.map +1 -0
- package/dist/types/challenge.js +3 -0
- package/dist/types/challenge.js.map +1 -0
- package/dist/types/config.d.ts +34 -0
- package/dist/types/config.d.ts.map +1 -0
- package/dist/types/config.js +3 -0
- package/dist/types/config.js.map +1 -0
- package/dist/types/credential.d.ts +25 -0
- package/dist/types/credential.d.ts.map +1 -0
- package/dist/types/credential.js +3 -0
- package/dist/types/credential.js.map +1 -0
- package/dist/types/errors.d.ts +30 -0
- package/dist/types/errors.d.ts.map +1 -0
- package/dist/types/errors.js +25 -0
- package/dist/types/errors.js.map +1 -0
- package/dist/types/grantex.d.ts +27 -0
- package/dist/types/grantex.d.ts.map +1 -0
- package/dist/types/grantex.js +3 -0
- package/dist/types/grantex.js.map +1 -0
- package/dist/types/index.d.ts +9 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +6 -0
- package/dist/types/index.js.map +1 -0
- package/dist/utils/base64url.d.ts +6 -0
- package/dist/utils/base64url.d.ts.map +1 -0
- package/dist/utils/base64url.js +25 -0
- package/dist/utils/base64url.js.map +1 -0
- package/dist/utils/errors.d.ts +16 -0
- package/dist/utils/errors.d.ts.map +1 -0
- package/dist/utils/errors.js +46 -0
- package/dist/utils/errors.js.map +1 -0
- package/dist/utils/fetch-helpers.d.ts +19 -0
- package/dist/utils/fetch-helpers.d.ts.map +1 -0
- package/dist/utils/fetch-helpers.js +108 -0
- package/dist/utils/fetch-helpers.js.map +1 -0
- package/dist/utils/hmac-sig.d.ts +3 -0
- package/dist/utils/hmac-sig.d.ts.map +1 -0
- package/dist/utils/hmac-sig.js +13 -0
- package/dist/utils/hmac-sig.js.map +1 -0
- package/dist/utils/index.d.ts +7 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +21 -0
- package/dist/utils/index.js.map +1 -0
- package/dist/utils/validation.d.ts +3 -0
- package/dist/utils/validation.d.ts.map +1 -0
- package/dist/utils/validation.js +27 -0
- package/dist/utils/validation.js.map +1 -0
- package/package.json +29 -0
|
@@ -0,0 +1,134 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CaptureClient = void 0;
|
|
4
|
+
const node_crypto_1 = require("node:crypto");
|
|
5
|
+
const environments_js_1 = require("../config/environments.js");
|
|
6
|
+
const errors_js_1 = require("../utils/errors.js");
|
|
7
|
+
const fetch_helpers_js_1 = require("../utils/fetch-helpers.js");
|
|
8
|
+
const auth_manager_js_1 = require("./auth-manager.js");
|
|
9
|
+
class CaptureClient {
|
|
10
|
+
baseUrl;
|
|
11
|
+
timeoutMs;
|
|
12
|
+
maxRetries;
|
|
13
|
+
initialRetryDelayMs;
|
|
14
|
+
logger;
|
|
15
|
+
auth;
|
|
16
|
+
constructor(config) {
|
|
17
|
+
this.baseUrl = (config.baseUrl ?? environments_js_1.DEFAULT_BASE_URL).replace(/\/+$/, "");
|
|
18
|
+
this.timeoutMs = config.requestTimeoutMs;
|
|
19
|
+
this.maxRetries = config.maxRetries;
|
|
20
|
+
this.initialRetryDelayMs = config.initialRetryDelayMs;
|
|
21
|
+
this.logger = config.logger;
|
|
22
|
+
this.auth = new auth_manager_js_1.AuthManager(config.clientId, config.clientSecret, this.baseUrl, this.timeoutMs, this.logger, this.maxRetries, this.initialRetryDelayMs, config.accessToken);
|
|
23
|
+
}
|
|
24
|
+
async capture(options) {
|
|
25
|
+
const idempotencyKey = options.idempotencyKey ?? (0, node_crypto_1.randomUUID)();
|
|
26
|
+
const customerReference = resolveCustomerReference(options);
|
|
27
|
+
const authToken = await this.auth.getAccessToken();
|
|
28
|
+
const headers = {
|
|
29
|
+
"Content-Type": "application/json",
|
|
30
|
+
Authorization: `Bearer ${authToken}`,
|
|
31
|
+
"Idempotency-Key": idempotencyKey,
|
|
32
|
+
};
|
|
33
|
+
const response = await (0, fetch_helpers_js_1.requestWithRetry)({
|
|
34
|
+
method: "POST",
|
|
35
|
+
url: `${this.baseUrl}/mpp/v1/debit`,
|
|
36
|
+
headers,
|
|
37
|
+
body: JSON.stringify({
|
|
38
|
+
type: options.paymentType ?? "SBMD",
|
|
39
|
+
customer_reference: customerReference,
|
|
40
|
+
merchant_order_reference: options.merchantOrderReference ?? `mpr-${(0, node_crypto_1.randomUUID)().replace(/-/g, "").slice(0, 12)}`,
|
|
41
|
+
amount: String(options.amount.value),
|
|
42
|
+
currency: options.amount.currency,
|
|
43
|
+
payment_token: options.token,
|
|
44
|
+
}),
|
|
45
|
+
timeoutMs: this.timeoutMs,
|
|
46
|
+
logger: this.logger,
|
|
47
|
+
maxRetries: this.maxRetries,
|
|
48
|
+
initialRetryDelayMs: this.initialRetryDelayMs,
|
|
49
|
+
});
|
|
50
|
+
if (response.status >= 400) {
|
|
51
|
+
let errBody;
|
|
52
|
+
try {
|
|
53
|
+
errBody = (await response.json());
|
|
54
|
+
}
|
|
55
|
+
catch {
|
|
56
|
+
throw new errors_js_1.MppCaptureError(`Capture failed with status ${response.status}`);
|
|
57
|
+
}
|
|
58
|
+
const errObj = errBody.error ?? {};
|
|
59
|
+
throw new errors_js_1.MppCaptureError(`Capture failed: ${errObj.message ?? "unknown error"}`, errors_js_1.MppError.fromResponse(response.status, errBody));
|
|
60
|
+
}
|
|
61
|
+
const payload = (await response.json());
|
|
62
|
+
const data = (typeof payload === "object" && payload !== null
|
|
63
|
+
? payload.data ?? payload
|
|
64
|
+
: {});
|
|
65
|
+
return dictToCaptureResult(data);
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
exports.CaptureClient = CaptureClient;
|
|
69
|
+
function resolveCustomerReference(options) {
|
|
70
|
+
const metadata = (options.metadata ?? {});
|
|
71
|
+
const customerReference = (options.customerReference ??
|
|
72
|
+
metadata.customer_reference ??
|
|
73
|
+
metadata.customerReference ??
|
|
74
|
+
"").trim();
|
|
75
|
+
if (!customerReference) {
|
|
76
|
+
throw new errors_js_1.MppCaptureError("CaptureOptions: customerReference is required for MPP V2 debit");
|
|
77
|
+
}
|
|
78
|
+
return customerReference;
|
|
79
|
+
}
|
|
80
|
+
function dictToCaptureResult(data) {
|
|
81
|
+
let amt = (data.amount ?? {});
|
|
82
|
+
if (typeof amt !== "object" || amt === null) {
|
|
83
|
+
amt = { value: amt, currency: data.currency ?? "INR" };
|
|
84
|
+
}
|
|
85
|
+
const metadata = (data.metadata ?? {});
|
|
86
|
+
const sbmdData = (metadata.sbmd_data ?? {});
|
|
87
|
+
const captureId = metadata.external_capture_id ??
|
|
88
|
+
data.capture_id ??
|
|
89
|
+
data.debit_id ??
|
|
90
|
+
data.payment_id ??
|
|
91
|
+
"";
|
|
92
|
+
const amount = {
|
|
93
|
+
value: Number(amt.value ?? 0) || 0,
|
|
94
|
+
currency: amt.currency ?? data.currency ?? "INR",
|
|
95
|
+
};
|
|
96
|
+
return {
|
|
97
|
+
capture_id: captureId,
|
|
98
|
+
object: data.object ?? "debit",
|
|
99
|
+
mandate_id: data.authorization_id ??
|
|
100
|
+
data.mandate_id ??
|
|
101
|
+
data.pre_authorization_id ??
|
|
102
|
+
"",
|
|
103
|
+
token_id: data.token_id ?? data.payment_token ?? "",
|
|
104
|
+
customer_id: data.customer_id ?? data.customer_reference ?? "",
|
|
105
|
+
merchant_id: data.merchant_id ?? "",
|
|
106
|
+
order_id: data.oms_order_id ??
|
|
107
|
+
data.order_id ??
|
|
108
|
+
data.merchant_order_reference ??
|
|
109
|
+
"",
|
|
110
|
+
order_status: data.order_status ?? data.status ?? "",
|
|
111
|
+
payment_id: data.payment_id ??
|
|
112
|
+
data.oms_payment_id ??
|
|
113
|
+
data.debit_id ??
|
|
114
|
+
"",
|
|
115
|
+
payment_status: metadata.upstream_payment_status ??
|
|
116
|
+
data.payment_status ??
|
|
117
|
+
data.status ??
|
|
118
|
+
"",
|
|
119
|
+
amount,
|
|
120
|
+
upi_txn_id: sbmdData.upi_txn_id ?? data.upi_txn_id ?? "",
|
|
121
|
+
receipt: data.receipt ?? {
|
|
122
|
+
reference: data.payment_id ?? "",
|
|
123
|
+
oms_payment_id: data.oms_payment_id ?? "",
|
|
124
|
+
external_payment_id: metadata.external_payment_id ?? "",
|
|
125
|
+
},
|
|
126
|
+
description: data.description ?? null,
|
|
127
|
+
merchant_order_reference: data.merchant_order_reference ?? null,
|
|
128
|
+
metadata: data.metadata ?? null,
|
|
129
|
+
settled_at: sbmdData.settled_at ?? data.settled_at ?? "",
|
|
130
|
+
created_at: data.created_at ?? "",
|
|
131
|
+
raw: data,
|
|
132
|
+
};
|
|
133
|
+
}
|
|
134
|
+
//# sourceMappingURL=capture-client.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"capture-client.js","sourceRoot":"","sources":["../../src/server/capture-client.ts"],"names":[],"mappings":";;;AAAA,6CAAyC;AACzC,+DAA6D;AAG7D,kDAA+D;AAC/D,gEAA6D;AAC7D,uDAAgD;AAEhD,MAAa,aAAa;IACP,OAAO,CAAS;IAChB,SAAS,CAAiB;IAC1B,UAAU,CAAiB;IAC3B,mBAAmB,CAAiB;IACpC,MAAM,CAAoB;IAC1B,IAAI,CAAc;IAEnC,YAAY,MAA0B;QACpC,IAAI,CAAC,OAAO,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,kCAAgB,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACxE,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,gBAAgB,CAAC;QACzC,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC;QACpC,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,mBAAmB,CAAC;QACtD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC;QAC5B,IAAI,CAAC,IAAI,GAAG,IAAI,6BAAW,CACzB,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,YAAY,EACnB,IAAI,CAAC,OAAO,EACZ,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,MAAM,EACX,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,mBAAmB,EACxB,MAAM,CAAC,WAAW,CACnB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,OAAuB;QACnC,MAAM,cAAc,GAAG,OAAO,CAAC,cAAc,IAAI,IAAA,wBAAU,GAAE,CAAC;QAC9D,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,OAAO,CAAC,CAAC;QAC5D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC;QAEnD,MAAM,OAAO,GAA2B;YACtC,cAAc,EAAE,kBAAkB;YAClC,aAAa,EAAE,UAAU,SAAS,EAAE;YACpC,iBAAiB,EAAE,cAAc;SAClC,CAAC;QAEF,MAAM,QAAQ,GAAG,MAAM,IAAA,mCAAgB,EAAC;YACtC,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,eAAe;YACnC,OAAO;YACP,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,OAAO,CAAC,WAAW,IAAI,MAAM;gBACnC,kBAAkB,EAAE,iBAAiB;gBACrC,wBAAwB,EACtB,OAAO,CAAC,sBAAsB,IAAI,OAAO,IAAA,wBAAU,GAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE;gBACxF,MAAM,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC;gBACpC,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;gBACjC,aAAa,EAAE,OAAO,CAAC,KAAK;aAC7B,CAAC;YACF,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,UAAU,EAAE,IAAI,CAAC,UAAU;YAC3B,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;SAC9C,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;YAC3B,IAAI,OAAgC,CAAC;YACrC,IAAI,CAAC;gBACH,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;YAC/D,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,2BAAe,CAAC,8BAA8B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC7E,CAAC;YACD,MAAM,MAAM,GAAI,OAAO,CAAC,KAAiC,IAAI,EAAE,CAAC;YAChE,MAAM,IAAI,2BAAe,CACvB,mBAAoB,MAAM,CAAC,OAAkB,IAAI,eAAe,EAAE,EAClE,oBAAQ,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO,CAAC,CAChD,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QACnE,MAAM,IAAI,GACR,CAAC,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,KAAK,IAAI;YAC9C,CAAC,CAAE,OAAO,CAAC,IAAgC,IAAI,OAAO;YACtD,CAAC,CAAC,EAAE,CAA4B,CAAC;QAErC,OAAO,mBAAmB,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;CACF;AA9ED,sCA8EC;AAED,SAAS,wBAAwB,CAAC,OAAuB;IACvD,MAAM,QAAQ,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,CAA2B,CAAC;IACpE,MAAM,iBAAiB,GAAG,CACxB,OAAO,CAAC,iBAAiB;QACzB,QAAQ,CAAC,kBAAkB;QAC3B,QAAQ,CAAC,iBAAiB;QAC1B,EAAE,CACH,CAAC,IAAI,EAAE,CAAC;IACT,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACvB,MAAM,IAAI,2BAAe,CAAC,gEAAgE,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO,iBAAiB,CAAC;AAC3B,CAAC;AAED,SAAS,mBAAmB,CAAC,IAA6B;IACxD,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,IAAI,EAAE,CAA4B,CAAC;IACzD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,KAAK,IAAI,EAAE,CAAC;QAC5C,GAAG,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,QAAQ,EAAG,IAAI,CAAC,QAAmB,IAAI,KAAK,EAAE,CAAC;IACrE,CAAC;IACD,MAAM,QAAQ,GAAG,CAAC,IAAI,CAAC,QAAQ,IAAI,EAAE,CAA4B,CAAC;IAClE,MAAM,QAAQ,GAAG,CAAC,QAAQ,CAAC,SAAS,IAAI,EAAE,CAA4B,CAAC;IACvE,MAAM,SAAS,GACZ,QAAQ,CAAC,mBAA8B;QACvC,IAAI,CAAC,UAAqB;QAC1B,IAAI,CAAC,QAAmB;QACxB,IAAI,CAAC,UAAqB;QAC3B,EAAE,CAAC;IAEL,MAAM,MAAM,GAAW;QACrB,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,CAAC;QAClC,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAK,IAAI,CAAC,QAAmB,IAAI,KAAK;KACzE,CAAC;IAEF,OAAO;QACL,UAAU,EAAE,SAAS;QACrB,MAAM,EAAG,IAAI,CAAC,MAAiB,IAAI,OAAO;QAC1C,UAAU,EACP,IAAI,CAAC,gBAA2B;YAChC,IAAI,CAAC,UAAqB;YAC1B,IAAI,CAAC,oBAA+B;YACrC,EAAE;QACJ,QAAQ,EAAG,IAAI,CAAC,QAAmB,IAAK,IAAI,CAAC,aAAwB,IAAI,EAAE;QAC3E,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAK,IAAI,CAAC,kBAA6B,IAAI,EAAE;QACtF,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAI,EAAE;QAC/C,QAAQ,EACL,IAAI,CAAC,YAAuB;YAC5B,IAAI,CAAC,QAAmB;YACxB,IAAI,CAAC,wBAAmC;YACzC,EAAE;QACJ,YAAY,EAAG,IAAI,CAAC,YAAuB,IAAK,IAAI,CAAC,MAAiB,IAAI,EAAE;QAC5E,UAAU,EACP,IAAI,CAAC,UAAqB;YAC1B,IAAI,CAAC,cAAyB;YAC9B,IAAI,CAAC,QAAmB;YACzB,EAAE;QACJ,cAAc,EACX,QAAQ,CAAC,uBAAkC;YAC3C,IAAI,CAAC,cAAyB;YAC9B,IAAI,CAAC,MAAiB;YACvB,EAAE;QACJ,MAAM;QACN,UAAU,EAAG,QAAQ,CAAC,UAAqB,IAAK,IAAI,CAAC,UAAqB,IAAI,EAAE;QAChF,OAAO,EAAG,IAAI,CAAC,OAAmC,IAAI;YACpD,SAAS,EAAG,IAAI,CAAC,UAAqB,IAAI,EAAE;YAC5C,cAAc,EAAG,IAAI,CAAC,cAAyB,IAAI,EAAE;YACrD,mBAAmB,EAAG,QAAQ,CAAC,mBAA8B,IAAI,EAAE;SACpE;QACD,WAAW,EAAG,IAAI,CAAC,WAAsB,IAAI,IAAI;QACjD,wBAAwB,EAAG,IAAI,CAAC,wBAAmC,IAAI,IAAI;QAC3E,QAAQ,EAAG,IAAI,CAAC,QAAmC,IAAI,IAAI;QAC3D,UAAU,EAAG,QAAQ,CAAC,UAAqB,IAAK,IAAI,CAAC,UAAqB,IAAI,EAAE;QAChF,UAAU,EAAG,IAAI,CAAC,UAAqB,IAAI,EAAE;QAC7C,GAAG,EAAE,IAAI;KACV,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { ChallengeResult } from "../types/challenge.js";
|
|
2
|
+
import type { ChargeOptions, PluralSellerConfig } from "../types/config.js";
|
|
3
|
+
export declare class ChallengeGenerator {
|
|
4
|
+
private readonly secretKey;
|
|
5
|
+
private readonly realm;
|
|
6
|
+
private readonly defaultExpiry;
|
|
7
|
+
constructor(config: PluralSellerConfig);
|
|
8
|
+
generate(options: ChargeOptions): ChallengeResult;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=challenge-generator.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"challenge-generator.d.ts","sourceRoot":"","sources":["../../src/server/challenge-generator.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAGV,eAAe,EAEhB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,KAAK,EAAE,aAAa,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAS5E,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAS;gBAE3B,MAAM,EAAE,kBAAkB;IAMtC,QAAQ,CAAC,OAAO,EAAE,aAAa,GAAG,eAAe;CAqDlD"}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ChallengeGenerator = void 0;
|
|
4
|
+
const environments_js_1 = require("../config/environments.js");
|
|
5
|
+
const base64url_js_1 = require("../utils/base64url.js");
|
|
6
|
+
const hmac_sig_js_1 = require("../utils/hmac-sig.js");
|
|
7
|
+
const DEFAULT_EXPIRY_SECONDS = 300;
|
|
8
|
+
const PAYMENT_METHOD = "plural";
|
|
9
|
+
const PAYMENT_INTENT = "charge";
|
|
10
|
+
const PAYMENT_SCHEME = "exact";
|
|
11
|
+
class ChallengeGenerator {
|
|
12
|
+
secretKey;
|
|
13
|
+
realm;
|
|
14
|
+
defaultExpiry;
|
|
15
|
+
constructor(config) {
|
|
16
|
+
this.secretKey = config.challengeSecretKey;
|
|
17
|
+
this.realm = config.realm ?? environments_js_1.DEFAULT_REALM;
|
|
18
|
+
this.defaultExpiry = config.defaultChallengeExpirySeconds ?? DEFAULT_EXPIRY_SECONDS;
|
|
19
|
+
}
|
|
20
|
+
generate(options) {
|
|
21
|
+
const expirySeconds = options.challengeExpirySeconds ?? this.defaultExpiry;
|
|
22
|
+
const expiresDt = new Date(Date.now() + expirySeconds * 1000);
|
|
23
|
+
const expires = expiresDt.toISOString().replace(/(\.\d{3})\d*Z$/, "$1Z");
|
|
24
|
+
const amountMajor = (options.amount.value / 100).toFixed(2);
|
|
25
|
+
const request = {
|
|
26
|
+
scheme: PAYMENT_SCHEME,
|
|
27
|
+
amount: amountMajor,
|
|
28
|
+
currency: options.amount.currency,
|
|
29
|
+
resource: options.resource,
|
|
30
|
+
};
|
|
31
|
+
const requestBase64 = (0, base64url_js_1.encodeJson)(request);
|
|
32
|
+
const challengeId = (0, hmac_sig_js_1.computeChallengeId)(this.secretKey, this.realm, PAYMENT_METHOD, PAYMENT_INTENT, requestBase64, expires);
|
|
33
|
+
const challenge = {
|
|
34
|
+
id: challengeId,
|
|
35
|
+
realm: this.realm,
|
|
36
|
+
method: PAYMENT_METHOD,
|
|
37
|
+
intent: PAYMENT_INTENT,
|
|
38
|
+
request,
|
|
39
|
+
expires,
|
|
40
|
+
};
|
|
41
|
+
const encoded = (0, base64url_js_1.encodeJson)({
|
|
42
|
+
id: challenge.id,
|
|
43
|
+
realm: challenge.realm,
|
|
44
|
+
method: challenge.method,
|
|
45
|
+
intent: challenge.intent,
|
|
46
|
+
request,
|
|
47
|
+
expires: challenge.expires,
|
|
48
|
+
});
|
|
49
|
+
const problemDetails = {
|
|
50
|
+
type: `${this.realm}/errors/payment-required`,
|
|
51
|
+
title: "Payment Required",
|
|
52
|
+
status: 402,
|
|
53
|
+
detail: `This resource requires payment of ₹${amountMajor} ${options.amount.currency}`,
|
|
54
|
+
challengeId,
|
|
55
|
+
};
|
|
56
|
+
return { challenge, encoded, problemDetails };
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
exports.ChallengeGenerator = ChallengeGenerator;
|
|
60
|
+
//# sourceMappingURL=challenge-generator.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"challenge-generator.js","sourceRoot":"","sources":["../../src/server/challenge-generator.ts"],"names":[],"mappings":";;;AAAA,+DAA0D;AAQ1D,wDAAmD;AACnD,sDAA0D;AAE1D,MAAM,sBAAsB,GAAG,GAAG,CAAC;AACnC,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,cAAc,GAAG,QAAQ,CAAC;AAChC,MAAM,cAAc,GAAG,OAAO,CAAC;AAE/B,MAAa,kBAAkB;IACZ,SAAS,CAAS;IAClB,KAAK,CAAS;IACd,aAAa,CAAS;IAEvC,YAAY,MAA0B;QACpC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAC3C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,+BAAa,CAAC;QAC3C,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,6BAA6B,IAAI,sBAAsB,CAAC;IACtF,CAAC;IAED,QAAQ,CAAC,OAAsB;QAC7B,MAAM,aAAa,GAAG,OAAO,CAAC,sBAAsB,IAAI,IAAI,CAAC,aAAa,CAAC;QAC3E,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,aAAa,GAAG,IAAI,CAAC,CAAC;QAC9D,MAAM,OAAO,GACX,SAAS,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,gBAAgB,EAAE,KAAK,CAAC,CAAC;QAE3D,MAAM,WAAW,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;QAE5D,MAAM,OAAO,GAAqB;YAChC,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,WAAW;YACnB,QAAQ,EAAE,OAAO,CAAC,MAAM,CAAC,QAAQ;YACjC,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,MAAM,aAAa,GAAG,IAAA,yBAAU,EAAC,OAAO,CAAC,CAAC;QAC1C,MAAM,WAAW,GAAG,IAAA,gCAAkB,EACpC,IAAI,CAAC,SAAS,EACd,IAAI,CAAC,KAAK,EACV,cAAc,EACd,cAAc,EACd,aAAa,EACb,OAAO,CACR,CAAC;QAEF,MAAM,SAAS,GAAc;YAC3B,EAAE,EAAE,WAAW;YACf,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,cAAc;YACtB,MAAM,EAAE,cAAc;YACtB,OAAO;YACP,OAAO;SACR,CAAC;QAEF,MAAM,OAAO,GAAG,IAAA,yBAAU,EAAC;YACzB,EAAE,EAAE,SAAS,CAAC,EAAE;YAChB,KAAK,EAAE,SAAS,CAAC,KAAK;YACtB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,MAAM,EAAE,SAAS,CAAC,MAAM;YACxB,OAAO;YACP,OAAO,EAAE,SAAS,CAAC,OAAO;SAC3B,CAAC,CAAC;QAEH,MAAM,cAAc,GAAmB;YACrC,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,0BAA0B;YAC7C,KAAK,EAAE,kBAAkB;YACzB,MAAM,EAAE,GAAG;YACX,MAAM,EAAE,sCAAsC,WAAW,IAAI,OAAO,CAAC,MAAM,CAAC,QAAQ,EAAE;YACtF,WAAW;SACZ,CAAC;QAEF,OAAO,EAAE,SAAS,EAAE,OAAO,EAAE,cAAc,EAAE,CAAC;IAChD,CAAC;CACF;AAhED,gDAgEC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { PluralSellerConfig } from "../types/config.js";
|
|
2
|
+
import type { VerificationResult } from "../types/credential.js";
|
|
3
|
+
export declare class CredentialVerifier {
|
|
4
|
+
private readonly secretKey;
|
|
5
|
+
private readonly realm;
|
|
6
|
+
constructor(config: PluralSellerConfig);
|
|
7
|
+
verify(authorizationHeader?: string | null): VerificationResult;
|
|
8
|
+
private static extractPayload;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=credential-verifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credential-verifier.d.ts","sourceRoot":"","sources":["../../src/server/credential-verifier.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,KAAK,EAIV,kBAAkB,EACnB,MAAM,wBAAwB,CAAC;AAMhC,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;gBAEnB,MAAM,EAAE,kBAAkB;IAKtC,MAAM,CAAC,mBAAmB,CAAC,EAAE,MAAM,GAAG,IAAI,GAAG,kBAAkB;IAmG/D,OAAO,CAAC,MAAM,CAAC,cAAc;CAO9B"}
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.CredentialVerifier = void 0;
|
|
4
|
+
const environments_js_1 = require("../config/environments.js");
|
|
5
|
+
const base64url_js_1 = require("../utils/base64url.js");
|
|
6
|
+
const hmac_sig_js_1 = require("../utils/hmac-sig.js");
|
|
7
|
+
const PAYMENT_HEADER_PREFIX = "Payment ";
|
|
8
|
+
class CredentialVerifier {
|
|
9
|
+
secretKey;
|
|
10
|
+
realm;
|
|
11
|
+
constructor(config) {
|
|
12
|
+
this.secretKey = config.challengeSecretKey;
|
|
13
|
+
this.realm = config.realm ?? environments_js_1.DEFAULT_REALM;
|
|
14
|
+
}
|
|
15
|
+
verify(authorizationHeader) {
|
|
16
|
+
const encoded = CredentialVerifier.extractPayload(authorizationHeader ?? "");
|
|
17
|
+
if (!encoded) {
|
|
18
|
+
return {
|
|
19
|
+
valid: false,
|
|
20
|
+
error: "Invalid Authorization header format. Expected: Payment <base64url>",
|
|
21
|
+
};
|
|
22
|
+
}
|
|
23
|
+
let raw;
|
|
24
|
+
try {
|
|
25
|
+
raw = (0, base64url_js_1.decodeJson)(encoded);
|
|
26
|
+
}
|
|
27
|
+
catch {
|
|
28
|
+
return {
|
|
29
|
+
valid: false,
|
|
30
|
+
error: "Failed to decode credential from Authorization header",
|
|
31
|
+
};
|
|
32
|
+
}
|
|
33
|
+
let credential;
|
|
34
|
+
try {
|
|
35
|
+
credential = dictToCredential(raw);
|
|
36
|
+
}
|
|
37
|
+
catch {
|
|
38
|
+
return {
|
|
39
|
+
valid: false,
|
|
40
|
+
error: "Credential contains an incomplete challenge",
|
|
41
|
+
};
|
|
42
|
+
}
|
|
43
|
+
const challenge = credential.challenge;
|
|
44
|
+
if (!challenge.id || !challenge.realm || !challenge.method || !challenge.request) {
|
|
45
|
+
return {
|
|
46
|
+
valid: false,
|
|
47
|
+
credential,
|
|
48
|
+
error: "Credential contains an incomplete challenge",
|
|
49
|
+
};
|
|
50
|
+
}
|
|
51
|
+
if (challenge.realm !== this.realm) {
|
|
52
|
+
return {
|
|
53
|
+
valid: false,
|
|
54
|
+
credential,
|
|
55
|
+
error: `Challenge realm mismatch. Expected "${this.realm}", got "${challenge.realm}"`,
|
|
56
|
+
};
|
|
57
|
+
}
|
|
58
|
+
if (challenge.method !== "plural") {
|
|
59
|
+
return {
|
|
60
|
+
valid: false,
|
|
61
|
+
credential,
|
|
62
|
+
error: `Unsupported payment method: ${challenge.method}`,
|
|
63
|
+
};
|
|
64
|
+
}
|
|
65
|
+
let expiresMs;
|
|
66
|
+
try {
|
|
67
|
+
expiresMs = isoToEpochMs(challenge.expires);
|
|
68
|
+
}
|
|
69
|
+
catch {
|
|
70
|
+
return { valid: false, credential, error: "Challenge has expired" };
|
|
71
|
+
}
|
|
72
|
+
if (expiresMs <= Date.now()) {
|
|
73
|
+
return { valid: false, credential, error: "Challenge has expired" };
|
|
74
|
+
}
|
|
75
|
+
const requestDict = {
|
|
76
|
+
scheme: challenge.request.scheme,
|
|
77
|
+
amount: challenge.request.amount,
|
|
78
|
+
currency: challenge.request.currency,
|
|
79
|
+
resource: challenge.request.resource,
|
|
80
|
+
};
|
|
81
|
+
const requestBase64 = (0, base64url_js_1.encodeJson)(requestDict);
|
|
82
|
+
const expectedId = (0, hmac_sig_js_1.computeChallengeId)(this.secretKey, challenge.realm, challenge.method, challenge.intent, requestBase64, challenge.expires);
|
|
83
|
+
if (challenge.id !== expectedId) {
|
|
84
|
+
return {
|
|
85
|
+
valid: false,
|
|
86
|
+
credential,
|
|
87
|
+
error: "Challenge HMAC verification failed. The challenge was not generated by this server.",
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
if (!credential.payload?.token) {
|
|
91
|
+
return {
|
|
92
|
+
valid: false,
|
|
93
|
+
credential,
|
|
94
|
+
error: "Credential missing payment token",
|
|
95
|
+
};
|
|
96
|
+
}
|
|
97
|
+
return { valid: true, credential };
|
|
98
|
+
}
|
|
99
|
+
static extractPayload(header) {
|
|
100
|
+
const trimmed = header.trim();
|
|
101
|
+
if (trimmed.startsWith(PAYMENT_HEADER_PREFIX)) {
|
|
102
|
+
return trimmed.slice(PAYMENT_HEADER_PREFIX.length).trim() || null;
|
|
103
|
+
}
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
}
|
|
107
|
+
exports.CredentialVerifier = CredentialVerifier;
|
|
108
|
+
function dictToCredential(raw) {
|
|
109
|
+
const ch = raw.challenge ?? {};
|
|
110
|
+
const req = ch.request ?? {};
|
|
111
|
+
const payload = raw.payload ?? {};
|
|
112
|
+
const challenge = {
|
|
113
|
+
id: ch.id ?? "",
|
|
114
|
+
realm: ch.realm ?? "",
|
|
115
|
+
method: ch.method ?? "",
|
|
116
|
+
intent: ch.intent ?? "",
|
|
117
|
+
request: {
|
|
118
|
+
scheme: req.scheme ?? "",
|
|
119
|
+
amount: req.amount ?? "",
|
|
120
|
+
currency: req.currency ?? "",
|
|
121
|
+
resource: req.resource ?? "",
|
|
122
|
+
},
|
|
123
|
+
expires: ch.expires ?? "",
|
|
124
|
+
};
|
|
125
|
+
const credPayload = {
|
|
126
|
+
type: "token",
|
|
127
|
+
token: payload.token ?? "",
|
|
128
|
+
customer_reference: payload.customer_reference ?? null,
|
|
129
|
+
};
|
|
130
|
+
return {
|
|
131
|
+
challenge,
|
|
132
|
+
source: raw.source ?? "",
|
|
133
|
+
payload: credPayload,
|
|
134
|
+
};
|
|
135
|
+
}
|
|
136
|
+
function isoToEpochMs(iso) {
|
|
137
|
+
const d = new Date(iso);
|
|
138
|
+
if (isNaN(d.getTime()))
|
|
139
|
+
throw new Error(`Invalid date: ${iso}`);
|
|
140
|
+
return d.getTime();
|
|
141
|
+
}
|
|
142
|
+
//# sourceMappingURL=credential-verifier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"credential-verifier.js","sourceRoot":"","sources":["../../src/server/credential-verifier.ts"],"names":[],"mappings":";;;AAAA,+DAA0D;AAS1D,wDAA+D;AAC/D,sDAA0D;AAE1D,MAAM,qBAAqB,GAAG,UAAU,CAAC;AAEzC,MAAa,kBAAkB;IACZ,SAAS,CAAS;IAClB,KAAK,CAAS;IAE/B,YAAY,MAA0B;QACpC,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,kBAAkB,CAAC;QAC3C,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,IAAI,+BAAa,CAAC;IAC7C,CAAC;IAED,MAAM,CAAC,mBAAmC;QACxC,MAAM,OAAO,GAAG,kBAAkB,CAAC,cAAc,CAAC,mBAAmB,IAAI,EAAE,CAAC,CAAC;QAC7E,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,oEAAoE;aAC5E,CAAC;QACJ,CAAC;QAED,IAAI,GAA4B,CAAC;QACjC,IAAI,CAAC;YACH,GAAG,GAAG,IAAA,yBAAU,EAAC,OAAO,CAA4B,CAAC;QACvD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,uDAAuD;aAC/D,CAAC;QACJ,CAAC;QAED,IAAI,UAAsB,CAAC;QAC3B,IAAI,CAAC;YACH,UAAU,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;QACrC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,6CAA6C;aACrD,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,CAAC;QACvC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACjF,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU;gBACV,KAAK,EAAE,6CAA6C;aACrD,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU;gBACV,KAAK,EAAE,uCAAuC,IAAI,CAAC,KAAK,WAAW,SAAS,CAAC,KAAK,GAAG;aACtF,CAAC;QACJ,CAAC;QAED,IAAI,SAAS,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU;gBACV,KAAK,EAAE,+BAA+B,SAAS,CAAC,MAAM,EAAE;aACzD,CAAC;QACJ,CAAC;QAED,IAAI,SAAiB,CAAC;QACtB,IAAI,CAAC;YACH,SAAS,GAAG,YAAY,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC9C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;QACtE,CAAC;QACD,IAAI,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YAC5B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC;QACtE,CAAC;QAED,MAAM,WAAW,GAAG;YAClB,MAAM,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM;YAChC,MAAM,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM;YAChC,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ;YACpC,QAAQ,EAAE,SAAS,CAAC,OAAO,CAAC,QAAQ;SACrC,CAAC;QACF,MAAM,aAAa,GAAG,IAAA,yBAAU,EAAC,WAAW,CAAC,CAAC;QAC9C,MAAM,UAAU,GAAG,IAAA,gCAAkB,EACnC,IAAI,CAAC,SAAS,EACd,SAAS,CAAC,KAAK,EACf,SAAS,CAAC,MAAM,EAChB,SAAS,CAAC,MAAM,EAChB,aAAa,EACb,SAAS,CAAC,OAAO,CAClB,CAAC;QAEF,IAAI,SAAS,CAAC,EAAE,KAAK,UAAU,EAAE,CAAC;YAChC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU;gBACV,KAAK,EAAE,qFAAqF;aAC7F,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC;YAC/B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,UAAU;gBACV,KAAK,EAAE,kCAAkC;aAC1C,CAAC;QACJ,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACrC,CAAC;IAEO,MAAM,CAAC,cAAc,CAAC,MAAc;QAC1C,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,EAAE,CAAC;QAC9B,IAAI,OAAO,CAAC,UAAU,CAAC,qBAAqB,CAAC,EAAE,CAAC;YAC9C,OAAO,OAAO,CAAC,KAAK,CAAC,qBAAqB,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;QACpE,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;CACF;AAnHD,gDAmHC;AAED,SAAS,gBAAgB,CAAC,GAA4B;IACpD,MAAM,EAAE,GAAI,GAAG,CAAC,SAAqC,IAAI,EAAE,CAAC;IAC5D,MAAM,GAAG,GAAI,EAAE,CAAC,OAAmC,IAAI,EAAE,CAAC;IAC1D,MAAM,OAAO,GAAI,GAAG,CAAC,OAAmC,IAAI,EAAE,CAAC;IAE/D,MAAM,SAAS,GAAwB;QACrC,EAAE,EAAG,EAAE,CAAC,EAAa,IAAI,EAAE;QAC3B,KAAK,EAAG,EAAE,CAAC,KAAgB,IAAI,EAAE;QACjC,MAAM,EAAG,EAAE,CAAC,MAAiB,IAAI,EAAE;QACnC,MAAM,EAAG,EAAE,CAAC,MAAiB,IAAI,EAAE;QACnC,OAAO,EAAE;YACP,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;YACpC,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;YACpC,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;YACxC,QAAQ,EAAG,GAAG,CAAC,QAAmB,IAAI,EAAE;SACrB;QACrB,OAAO,EAAG,EAAE,CAAC,OAAkB,IAAI,EAAE;KACtC,CAAC;IAEF,MAAM,WAAW,GAAsB;QACrC,IAAI,EAAE,OAAO;QACb,KAAK,EAAG,OAAO,CAAC,KAAgB,IAAI,EAAE;QACtC,kBAAkB,EAAG,OAAO,CAAC,kBAA6B,IAAI,IAAI;KACnE,CAAC;IAEF,OAAO;QACL,SAAS;QACT,MAAM,EAAG,GAAG,CAAC,MAAiB,IAAI,EAAE;QACpC,OAAO,EAAE,WAAW;KACrB,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,GAAW;IAC/B,MAAM,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,IAAI,KAAK,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,CAAC,OAAO,EAAE,CAAC;AACrB,CAAC"}
|
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
import type { GrantVerificationResult, SellerGrantexConfig } from "../types/grantex.js";
|
|
2
|
+
export declare const GRANTEX_TOKEN_HEADER = "X-Grantex-Token";
|
|
3
|
+
export declare class GrantTokenVerifier {
|
|
4
|
+
private readonly jwksUrl;
|
|
5
|
+
private readonly cacheTtlMs;
|
|
6
|
+
private readonly requiredScopes;
|
|
7
|
+
private jwks;
|
|
8
|
+
private cacheExpiresAt;
|
|
9
|
+
constructor(config: SellerGrantexConfig);
|
|
10
|
+
verify(grantToken: string): Promise<GrantVerificationResult>;
|
|
11
|
+
private validateClaims;
|
|
12
|
+
private static hasScope;
|
|
13
|
+
private getJwks;
|
|
14
|
+
}
|
|
15
|
+
//# sourceMappingURL=grant-token-verifier.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"grant-token-verifier.d.ts","sourceRoot":"","sources":["../../src/server/grant-token-verifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAoB,uBAAuB,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAE1G,eAAO,MAAM,oBAAoB,oBAAoB,CAAC;AAGtD,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAW;IAC1C,OAAO,CAAC,IAAI,CAA2D;IACvE,OAAO,CAAC,cAAc,CAAK;gBAEf,MAAM,EAAE,mBAAmB;IAMjC,MAAM,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,uBAAuB,CAAC;IAsClE,OAAO,CAAC,cAAc;IAyBtB,OAAO,CAAC,MAAM,CAAC,QAAQ;IAYvB,OAAO,CAAC,OAAO;CAQhB"}
|
|
@@ -0,0 +1,155 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.GrantTokenVerifier = exports.GRANTEX_TOKEN_HEADER = void 0;
|
|
37
|
+
const jose = __importStar(require("jose"));
|
|
38
|
+
exports.GRANTEX_TOKEN_HEADER = "X-Grantex-Token";
|
|
39
|
+
const DEFAULT_JWKS_CACHE_TTL_MS = 3_600_000;
|
|
40
|
+
class GrantTokenVerifier {
|
|
41
|
+
jwksUrl;
|
|
42
|
+
cacheTtlMs;
|
|
43
|
+
requiredScopes;
|
|
44
|
+
jwks = null;
|
|
45
|
+
cacheExpiresAt = 0;
|
|
46
|
+
constructor(config) {
|
|
47
|
+
this.jwksUrl = config.jwksUrl;
|
|
48
|
+
this.cacheTtlMs = config.jwksCacheTtlMs ?? DEFAULT_JWKS_CACHE_TTL_MS;
|
|
49
|
+
this.requiredScopes = [...(config.requiredScopes ?? [])];
|
|
50
|
+
}
|
|
51
|
+
async verify(grantToken) {
|
|
52
|
+
try {
|
|
53
|
+
const header = jose.decodeProtectedHeader(grantToken);
|
|
54
|
+
if (header.alg !== "RS256") {
|
|
55
|
+
return {
|
|
56
|
+
valid: false,
|
|
57
|
+
error: `Unsupported algorithm: ${header.alg}. Expected RS256`,
|
|
58
|
+
};
|
|
59
|
+
}
|
|
60
|
+
const jwks = this.getJwks();
|
|
61
|
+
let result;
|
|
62
|
+
try {
|
|
63
|
+
result = await jose.jwtVerify(grantToken, jwks, {
|
|
64
|
+
algorithms: ["RS256"],
|
|
65
|
+
});
|
|
66
|
+
}
|
|
67
|
+
catch (err) {
|
|
68
|
+
if (err instanceof jose.errors.JWTExpired) {
|
|
69
|
+
return { valid: false, error: "Grant token has expired" };
|
|
70
|
+
}
|
|
71
|
+
if (err instanceof jose.errors.JWTClaimValidationFailed && String(err).includes("nbf")) {
|
|
72
|
+
return { valid: false, error: "Grant token is not yet valid" };
|
|
73
|
+
}
|
|
74
|
+
if (err instanceof jose.errors.JWSSignatureVerificationFailed) {
|
|
75
|
+
return { valid: false, error: "Invalid grant token signature" };
|
|
76
|
+
}
|
|
77
|
+
return { valid: false, error: `Grant token verification failed: ${err}` };
|
|
78
|
+
}
|
|
79
|
+
const claims = dictToClaims(result.payload);
|
|
80
|
+
const err = this.validateClaims(claims);
|
|
81
|
+
if (err)
|
|
82
|
+
return { valid: false, error: err };
|
|
83
|
+
return { valid: true, claims };
|
|
84
|
+
}
|
|
85
|
+
catch (err) {
|
|
86
|
+
return { valid: false, error: `Grant token verification failed: ${err}` };
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
validateClaims(claims) {
|
|
90
|
+
const now = Math.floor(Date.now() / 1000);
|
|
91
|
+
if (!claims.grnt)
|
|
92
|
+
return "Missing grant ID (grnt)";
|
|
93
|
+
if (!claims.sub)
|
|
94
|
+
return "Missing subject (sub)";
|
|
95
|
+
if (!claims.agt)
|
|
96
|
+
return "Missing agent ID (agt)";
|
|
97
|
+
if (!claims.iss)
|
|
98
|
+
return "Missing issuer (iss)";
|
|
99
|
+
if (!claims.scp || claims.scp.length === 0)
|
|
100
|
+
return "Missing or empty scopes (scp)";
|
|
101
|
+
if (claims.exp && claims.exp < now) {
|
|
102
|
+
const iso = new Date(claims.exp * 1000).toISOString().replace(/\.\d{3}Z$/, "Z");
|
|
103
|
+
return `Grant expired at ${iso}`;
|
|
104
|
+
}
|
|
105
|
+
if (claims.nbf && claims.nbf > now) {
|
|
106
|
+
const iso = new Date(claims.nbf * 1000).toISOString().replace(/\.\d{3}Z$/, "Z");
|
|
107
|
+
return `Grant not yet valid until ${iso}`;
|
|
108
|
+
}
|
|
109
|
+
for (const required of this.requiredScopes) {
|
|
110
|
+
if (!GrantTokenVerifier.hasScope(claims.scp, required)) {
|
|
111
|
+
return `Missing required scope: ${required}`;
|
|
112
|
+
}
|
|
113
|
+
}
|
|
114
|
+
return null;
|
|
115
|
+
}
|
|
116
|
+
static hasScope(scopes, required) {
|
|
117
|
+
if (scopes.includes(required))
|
|
118
|
+
return true;
|
|
119
|
+
const parts = required.split(":");
|
|
120
|
+
for (const scope of scopes) {
|
|
121
|
+
const scopeParts = scope.split(":");
|
|
122
|
+
if (scopeParts.length >= 2 && parts.length >= 2 && scopeParts[0] === parts[0] && scopeParts[1] === "*") {
|
|
123
|
+
return true;
|
|
124
|
+
}
|
|
125
|
+
}
|
|
126
|
+
return false;
|
|
127
|
+
}
|
|
128
|
+
getJwks() {
|
|
129
|
+
const now = Date.now();
|
|
130
|
+
if (!this.jwks || now >= this.cacheExpiresAt) {
|
|
131
|
+
this.jwks = jose.createRemoteJWKSet(new URL(this.jwksUrl));
|
|
132
|
+
this.cacheExpiresAt = now + this.cacheTtlMs;
|
|
133
|
+
}
|
|
134
|
+
return this.jwks;
|
|
135
|
+
}
|
|
136
|
+
}
|
|
137
|
+
exports.GrantTokenVerifier = GrantTokenVerifier;
|
|
138
|
+
function dictToClaims(raw) {
|
|
139
|
+
return {
|
|
140
|
+
iss: raw.iss ?? "",
|
|
141
|
+
sub: raw.sub ?? "",
|
|
142
|
+
agt: raw.agt ?? "",
|
|
143
|
+
scp: raw.scp ?? [],
|
|
144
|
+
grnt: raw.grnt ?? "",
|
|
145
|
+
iat: raw.iat ?? 0,
|
|
146
|
+
exp: raw.exp ?? 0,
|
|
147
|
+
dev: raw.dev ?? null,
|
|
148
|
+
nbf: raw.nbf ?? null,
|
|
149
|
+
parentAgt: raw.parentAgt ?? null,
|
|
150
|
+
parentGrnt: raw.parentGrnt ?? null,
|
|
151
|
+
delegationDepth: raw.delegationDepth ?? null,
|
|
152
|
+
raw,
|
|
153
|
+
};
|
|
154
|
+
}
|
|
155
|
+
//# sourceMappingURL=grant-token-verifier.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"grant-token-verifier.js","sourceRoot":"","sources":["../../src/server/grant-token-verifier.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,2CAA6B;AAGhB,QAAA,oBAAoB,GAAG,iBAAiB,CAAC;AACtD,MAAM,yBAAyB,GAAG,SAAS,CAAC;AAE5C,MAAa,kBAAkB;IACZ,OAAO,CAAS;IAChB,UAAU,CAAS;IACnB,cAAc,CAAW;IAClC,IAAI,GAAsD,IAAI,CAAC;IAC/D,cAAc,GAAG,CAAC,CAAC;IAE3B,YAAY,MAA2B;QACrC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC;QAC9B,IAAI,CAAC,UAAU,GAAG,MAAM,CAAC,cAAc,IAAI,yBAAyB,CAAC;QACrE,IAAI,CAAC,cAAc,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,UAAkB;QAC7B,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,UAAU,CAAC,CAAC;YACtD,IAAI,MAAM,CAAC,GAAG,KAAK,OAAO,EAAE,CAAC;gBAC3B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,0BAA0B,MAAM,CAAC,GAAG,kBAAkB;iBAC9D,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,MAA4B,CAAC;YACjC,IAAI,CAAC;gBACH,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,IAAI,EAAE;oBAC9C,UAAU,EAAE,CAAC,OAAO,CAAC;iBACtB,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,GAAG,YAAY,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;oBAC1C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC;gBAC5D,CAAC;gBACD,IAAI,GAAG,YAAY,IAAI,CAAC,MAAM,CAAC,wBAAwB,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;oBACvF,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;gBACjE,CAAC;gBACD,IAAI,GAAG,YAAY,IAAI,CAAC,MAAM,CAAC,8BAA8B,EAAE,CAAC;oBAC9D,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC;gBAClE,CAAC;gBACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,GAAG,EAAE,EAAE,CAAC;YAC5E,CAAC;YAED,MAAM,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC,OAAkC,CAAC,CAAC;YACvE,MAAM,GAAG,GAAG,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC;YACxC,IAAI,GAAG;gBAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC;YAC7C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QACjC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,GAAG,EAAE,EAAE,CAAC;QAC5E,CAAC;IACH,CAAC;IAEO,cAAc,CAAC,MAAwB;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,CAAC,MAAM,CAAC,IAAI;YAAE,OAAO,yBAAyB,CAAC;QACnD,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,uBAAuB,CAAC;QAChD,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,wBAAwB,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,GAAG;YAAE,OAAO,sBAAsB,CAAC;QAC/C,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,+BAA+B,CAAC;QAEnF,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAChF,OAAO,oBAAoB,GAAG,EAAE,CAAC;QACnC,CAAC;QACD,IAAI,MAAM,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACnC,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAChF,OAAO,6BAA6B,GAAG,EAAE,CAAC;QAC5C,CAAC;QAED,KAAK,MAAM,QAAQ,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC3C,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,QAAQ,CAAC,EAAE,CAAC;gBACvD,OAAO,2BAA2B,QAAQ,EAAE,CAAC;YAC/C,CAAC;QACH,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,MAAM,CAAC,QAAQ,CAAC,MAAgB,EAAE,QAAgB;QACxD,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,CAAC;QAC3C,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAClC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YAC3B,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YACpC,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,IAAI,KAAK,CAAC,MAAM,IAAI,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC;gBACvG,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAEO,OAAO;QACb,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YAC7C,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,kBAAkB,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAC3D,IAAI,CAAC,cAAc,GAAG,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QAC9C,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,CAAC;IACnB,CAAC;CACF;AAhGD,gDAgGC;AAED,SAAS,YAAY,CAAC,GAA4B;IAChD,OAAO;QACL,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,EAAE;QAC9B,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,EAAE;QAC9B,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,EAAE;QAC9B,GAAG,EAAG,GAAG,CAAC,GAAgB,IAAI,EAAE;QAChC,IAAI,EAAG,GAAG,CAAC,IAAe,IAAI,EAAE;QAChC,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,CAAC;QAC7B,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,CAAC;QAC7B,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,IAAI;QAChC,GAAG,EAAG,GAAG,CAAC,GAAc,IAAI,IAAI;QAChC,SAAS,EAAG,GAAG,CAAC,SAAoB,IAAI,IAAI;QAC5C,UAAU,EAAG,GAAG,CAAC,UAAqB,IAAI,IAAI;QAC9C,eAAe,EAAG,GAAG,CAAC,eAA0B,IAAI,IAAI;QACxD,GAAG;KACJ,CAAC;AACJ,CAAC"}
|
|
@@ -0,0 +1,8 @@
|
|
|
1
|
+
export { PluralMPP, PluralMPPInstance } from "./plural-mpp.js";
|
|
2
|
+
export { ChallengeGenerator } from "./challenge-generator.js";
|
|
3
|
+
export { CredentialVerifier } from "./credential-verifier.js";
|
|
4
|
+
export { CaptureClient } from "./capture-client.js";
|
|
5
|
+
export { AuthManager } from "./auth-manager.js";
|
|
6
|
+
export { GrantTokenVerifier, GRANTEX_TOKEN_HEADER } from "./grant-token-verifier.js";
|
|
7
|
+
export { buildReceiptData, buildReceiptHeader, buildFailureReceiptData, } from "./receipt-builder.js";
|
|
8
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAC/D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,kBAAkB,EAAE,MAAM,0BAA0B,CAAC;AAC9D,OAAO,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAChD,OAAO,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,uBAAuB,GACxB,MAAM,sBAAsB,CAAC"}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.buildFailureReceiptData = exports.buildReceiptHeader = exports.buildReceiptData = exports.GRANTEX_TOKEN_HEADER = exports.GrantTokenVerifier = exports.AuthManager = exports.CaptureClient = exports.CredentialVerifier = exports.ChallengeGenerator = exports.PluralMPPInstance = exports.PluralMPP = void 0;
|
|
4
|
+
var plural_mpp_js_1 = require("./plural-mpp.js");
|
|
5
|
+
Object.defineProperty(exports, "PluralMPP", { enumerable: true, get: function () { return plural_mpp_js_1.PluralMPP; } });
|
|
6
|
+
Object.defineProperty(exports, "PluralMPPInstance", { enumerable: true, get: function () { return plural_mpp_js_1.PluralMPPInstance; } });
|
|
7
|
+
var challenge_generator_js_1 = require("./challenge-generator.js");
|
|
8
|
+
Object.defineProperty(exports, "ChallengeGenerator", { enumerable: true, get: function () { return challenge_generator_js_1.ChallengeGenerator; } });
|
|
9
|
+
var credential_verifier_js_1 = require("./credential-verifier.js");
|
|
10
|
+
Object.defineProperty(exports, "CredentialVerifier", { enumerable: true, get: function () { return credential_verifier_js_1.CredentialVerifier; } });
|
|
11
|
+
var capture_client_js_1 = require("./capture-client.js");
|
|
12
|
+
Object.defineProperty(exports, "CaptureClient", { enumerable: true, get: function () { return capture_client_js_1.CaptureClient; } });
|
|
13
|
+
var auth_manager_js_1 = require("./auth-manager.js");
|
|
14
|
+
Object.defineProperty(exports, "AuthManager", { enumerable: true, get: function () { return auth_manager_js_1.AuthManager; } });
|
|
15
|
+
var grant_token_verifier_js_1 = require("./grant-token-verifier.js");
|
|
16
|
+
Object.defineProperty(exports, "GrantTokenVerifier", { enumerable: true, get: function () { return grant_token_verifier_js_1.GrantTokenVerifier; } });
|
|
17
|
+
Object.defineProperty(exports, "GRANTEX_TOKEN_HEADER", { enumerable: true, get: function () { return grant_token_verifier_js_1.GRANTEX_TOKEN_HEADER; } });
|
|
18
|
+
var receipt_builder_js_1 = require("./receipt-builder.js");
|
|
19
|
+
Object.defineProperty(exports, "buildReceiptData", { enumerable: true, get: function () { return receipt_builder_js_1.buildReceiptData; } });
|
|
20
|
+
Object.defineProperty(exports, "buildReceiptHeader", { enumerable: true, get: function () { return receipt_builder_js_1.buildReceiptHeader; } });
|
|
21
|
+
Object.defineProperty(exports, "buildFailureReceiptData", { enumerable: true, get: function () { return receipt_builder_js_1.buildFailureReceiptData; } });
|
|
22
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":";;;AAAA,iDAA+D;AAAtD,0GAAA,SAAS,OAAA;AAAE,kHAAA,iBAAiB,OAAA;AACrC,mEAA8D;AAArD,4HAAA,kBAAkB,OAAA;AAC3B,mEAA8D;AAArD,4HAAA,kBAAkB,OAAA;AAC3B,yDAAoD;AAA3C,kHAAA,aAAa,OAAA;AACtB,qDAAgD;AAAvC,8GAAA,WAAW,OAAA;AACpB,qEAAqF;AAA5E,6HAAA,kBAAkB,OAAA;AAAE,+HAAA,oBAAoB,OAAA;AACjD,2DAI8B;AAH5B,sHAAA,gBAAgB,OAAA;AAChB,wHAAA,kBAAkB,OAAA;AAClB,6HAAA,uBAAuB,OAAA"}
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { CaptureOptions, CaptureResult } from "../types/capture.js";
|
|
2
|
+
import type { ChallengeResult } from "../types/challenge.js";
|
|
3
|
+
import type { ChargeOptions, PluralSellerConfig } from "../types/config.js";
|
|
4
|
+
import type { VerificationResult } from "../types/credential.js";
|
|
5
|
+
import type { GrantVerificationResult } from "../types/grantex.js";
|
|
6
|
+
import { CaptureClient } from "./capture-client.js";
|
|
7
|
+
import { ChallengeGenerator } from "./challenge-generator.js";
|
|
8
|
+
import { CredentialVerifier } from "./credential-verifier.js";
|
|
9
|
+
import { GrantTokenVerifier } from "./grant-token-verifier.js";
|
|
10
|
+
export declare class PluralMPPInstance {
|
|
11
|
+
private readonly challengeGenerator;
|
|
12
|
+
private readonly credentialVerifier;
|
|
13
|
+
private readonly captureClient;
|
|
14
|
+
private readonly grantVerifier;
|
|
15
|
+
constructor(challengeGenerator: ChallengeGenerator, credentialVerifier: CredentialVerifier, captureClient: CaptureClient, grantVerifier: GrantTokenVerifier | null);
|
|
16
|
+
generateChallenge(options: ChargeOptions): ChallengeResult;
|
|
17
|
+
verifyCredential(authorizationHeader?: string | null): VerificationResult;
|
|
18
|
+
capture(options: CaptureOptions): Promise<CaptureResult>;
|
|
19
|
+
buildReceiptHeader(captureResult: CaptureResult, challengeId: string): string;
|
|
20
|
+
buildReceiptData(captureResult: CaptureResult, challengeId: string): import("../types/capture.js").ReceiptData;
|
|
21
|
+
verifyGrantToken(grantToken: string): Promise<GrantVerificationResult | null>;
|
|
22
|
+
}
|
|
23
|
+
export declare class PluralMPP {
|
|
24
|
+
static create(config: PluralSellerConfig): PluralMPPInstance;
|
|
25
|
+
}
|
|
26
|
+
//# sourceMappingURL=plural-mpp.d.ts.map
|