@profullstack/coinpay 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/CHANGELOG.md +36 -0
  2. package/LICENSE +21 -0
  3. package/README.md +686 -323
  4. package/bin/coinpay.js +2 -2
  5. package/package.json +29 -12
  6. package/src/client.d.ts +266 -0
  7. package/src/client.js +1 -1
  8. package/src/index.d.ts +37 -0
  9. package/src/payments.d.ts +153 -0
  10. package/src/payments.js +4 -4
  11. package/src/webhooks.d.ts +134 -0
package/src/webhooks.d.ts ADDED
@@ -0,0 +1,134 @@
1
+ /**
2
+ * Webhook utilities for CoinPay SDK
3
+ *
4
+ * Functions for verifying, parsing, and handling webhook events
5
+ * sent by the CoinPay API.
6
+ */
7
+
8
+ import type { IncomingMessage, ServerResponse } from 'http';
9
+
10
+ /** Parameters for `verifyWebhookSignature` */
11
+ export interface VerifyWebhookParams {
12
+ /** Raw request body as a string */
13
+ payload: string;
14
+ /** Value of the `X-CoinPay-Signature` header */
15
+ signature: string;
16
+ /** Your webhook secret (from the CoinPay dashboard) */
17
+ secret: string;
18
+ /** Timestamp tolerance in seconds (default: `300` — 5 minutes) */
19
+ tolerance?: number;
20
+ }
21
+
22
+ /** Parameters for `generateWebhookSignature` */
23
+ export interface GenerateWebhookParams {
24
+ /** Request body as a string */
25
+ payload: string;
26
+ /** Webhook secret */
27
+ secret: string;
28
+ /** Unix timestamp in seconds (default: current time) */
29
+ timestamp?: number;
30
+ }
31
+
32
+ /** Parsed webhook event returned by `parseWebhookPayload` */
33
+ export interface ParsedWebhookEvent {
34
+ /** Event ID */
35
+ id: string;
36
+ /** Event type (e.g., `'payment.completed'`) */
37
+ type: string;
38
+ /** Event-specific data */
39
+ data: Record<string, unknown>;
40
+ /** When the event was created */
41
+ createdAt: Date;
42
+ /** Business ID associated with the event */
43
+ businessId: string;
44
+ }
45
+
46
+ /** Options for `createWebhookHandler` */
47
+ export interface WebhookHandlerOptions {
48
+ /** Your webhook secret */
49
+ secret: string;
50
+ /** Async callback invoked for each verified event */
51
+ onEvent: (event: ParsedWebhookEvent) => Promise<void> | void;
52
+ /** Optional error handler */
53
+ onError?: (error: Error) => void;
54
+ }
55
+
56
+ /** Webhook event type string constants */
57
+ export declare const WebhookEvent: {
58
+ readonly PAYMENT_CREATED: 'payment.created';
59
+ readonly PAYMENT_PENDING: 'payment.pending';
60
+ readonly PAYMENT_CONFIRMING: 'payment.confirming';
61
+ readonly PAYMENT_COMPLETED: 'payment.completed';
62
+ readonly PAYMENT_EXPIRED: 'payment.expired';
63
+ readonly PAYMENT_FAILED: 'payment.failed';
64
+ readonly PAYMENT_REFUNDED: 'payment.refunded';
65
+ readonly BUSINESS_CREATED: 'business.created';
66
+ readonly BUSINESS_UPDATED: 'business.updated';
67
+ };
68
+
69
+ /**
70
+ * Verify a webhook signature from the `X-CoinPay-Signature` header.
71
+ *
72
+ * Signature format: `t=<timestamp>,v1=<hmac-sha256-hex>`
73
+ *
74
+ * Uses timing-safe comparison to prevent timing attacks.
75
+ *
76
+ * @returns `true` if the signature is valid and within the tolerance window
77
+ * @throws {Error} If `payload`, `signature`, or `secret` is missing
78
+ *
79
+ * @example
80
+ * ```typescript
81
+ * import { verifyWebhookSignature } from '@profullstack/coinpay';
82
+ *
83
+ * const isValid = verifyWebhookSignature({
84
+ * payload: rawBody,
85
+ * signature: req.headers['x-coinpay-signature'],
86
+ * secret: process.env.COINPAY_WEBHOOK_SECRET,
87
+ * });
88
+ * ```
89
+ */
90
+ export function verifyWebhookSignature(params: VerifyWebhookParams): boolean;
91
+
92
+ /**
93
+ * Generate a webhook signature (primarily for testing).
94
+ *
95
+ * @returns Signature string in `t=<timestamp>,v1=<hex>` format
96
+ */
97
+ export function generateWebhookSignature(params: GenerateWebhookParams): string;
98
+
99
+ /**
100
+ * Parse a raw webhook JSON payload into a structured event object.
101
+ *
102
+ * @param payload - Raw JSON string from the request body
103
+ * @returns Parsed event with `id`, `type`, `data`, `createdAt`, `businessId`
104
+ * @throws {Error} If the payload is not valid JSON
105
+ */
106
+ export function parseWebhookPayload(payload: string): ParsedWebhookEvent;
107
+
108
+ /**
109
+ * Create an Express/Connect-compatible webhook handler middleware.
110
+ *
111
+ * Automatically verifies the signature, parses the payload, and calls your
112
+ * `onEvent` handler. Returns `401` for invalid signatures and `200` on success.
113
+ *
114
+ * @example
115
+ * ```typescript
116
+ * import express from 'express';
117
+ * import { createWebhookHandler, WebhookEvent } from '@profullstack/coinpay';
118
+ *
119
+ * const app = express();
120
+ * app.use(express.raw({ type: 'application/json' }));
121
+ *
122
+ * app.post('/webhook', createWebhookHandler({
123
+ * secret: process.env.COINPAY_WEBHOOK_SECRET,
124
+ * onEvent: async (event) => {
125
+ * if (event.type === WebhookEvent.PAYMENT_COMPLETED) {
126
+ * await fulfillOrder(event.data);
127
+ * }
128
+ * },
129
+ * }));
130
+ * ```
131
+ */
132
+ export function createWebhookHandler(
133
+ options: WebhookHandlerOptions
134
+ ): (req: any, res: any) => Promise<void>;