@proxy-checkout/server-js 0.0.4-pr-76.21.1 → 0.0.4-pr-76.22.1

package/dist/cjs/webhooks.js

@@ -0,0 +1,182 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyWebhookEndpointsResource = exports.proxyCheckoutWebhookEndpointEndpoints = exports.ProxyWebhookSignatureVerificationError = exports.PROXY_SIGNATURE_HEADER = void 0;
+exports.verifyProxyWebhookSignature = verifyProxyWebhookSignature;
+exports.constructProxyWebhookEvent = constructProxyWebhookEvent;
+const node_crypto_1 = require("node:crypto");
+const response_validators_js_1 = require("./response-validators.js");
+exports.PROXY_SIGNATURE_HEADER = "proxy-signature";
+/** Raised when a webhook payload fails signature verification. */
+class ProxyWebhookSignatureVerificationError extends Error {
+    name = "ProxyWebhookSignatureVerificationError";
+}
+exports.ProxyWebhookSignatureVerificationError = ProxyWebhookSignatureVerificationError;
+exports.proxyCheckoutWebhookEndpointEndpoints = [
+    {
+        method: "GET",
+        operation: "webhookEndpoints.list",
+        path: "/webhook_endpoints",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.create",
+        path: "/webhook_endpoints",
+    },
+    {
+        method: "GET",
+        operation: "webhookEndpoints.get",
+        path: "/webhook_endpoints/:id",
+    },
+    {
+        method: "PATCH",
+        operation: "webhookEndpoints.update",
+        path: "/webhook_endpoints/:id",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.archive",
+        path: "/webhook_endpoints/:id/archive",
+    },
+    {
+        method: "POST",
+        operation: "webhookEndpoints.rotateSecret",
+        path: "/webhook_endpoints/:id/rotate_secret",
+    },
+];
+class ProxyWebhookEndpointsResource {
+    httpClient;
+    constructor(httpClient) {
+        this.httpClient = httpClient;
+    }
+    async list(options = {}) {
+        const response = await this.httpClient.request("GET", "/webhook_endpoints", undefined, options);
+        const body = (0, response_validators_js_1.requireJsonObject)(response, "webhookEndpoints.list");
+        const endpoints = body.webhook_endpoints;
+        if (!Array.isArray(endpoints)) {
+            throw new Error("Proxy API response field webhookEndpoints.list.webhookEndpoints must be an array.");
+        }
+        return endpoints.map(toWebhookEndpoint);
+    }
+    async create(input) {
+        const response = await this.httpClient.request("POST", "/webhook_endpoints", toWebhookEndpointBody(input), { requestId: input.requestId });
+        return toWebhookEndpointSecretResult(response, "webhookEndpoints.create");
+    }
+    async get(webhookEndpointId, options = {}) {
+        const response = await this.httpClient.request("GET", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}`, undefined, options);
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.get");
+    }
+    async update(webhookEndpointId, input) {
+        const response = await this.httpClient.request("PATCH", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}`, toWebhookEndpointBody(input), { requestId: input.requestId });
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.update");
+    }
+    async archive(webhookEndpointId, options = {}) {
+        const response = await this.httpClient.request("POST", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}/archive`, undefined, options);
+        return toWebhookEndpointEnvelope(response, "webhookEndpoints.archive");
+    }
+    async rotateSecret(webhookEndpointId, input) {
+        const response = await this.httpClient.request("POST", `/webhook_endpoints/${encodeURIComponent(webhookEndpointId)}/rotate_secret`, {
+            previous_signing_secret_expires_at: input.previousSigningSecretExpiresAt instanceof Date
+                ? input.previousSigningSecretExpiresAt.toISOString()
+                : input.previousSigningSecretExpiresAt,
+        }, { requestId: input.requestId });
+        return toWebhookEndpointSecretResult(response, "webhookEndpoints.rotateSecret");
+    }
+}
+exports.ProxyWebhookEndpointsResource = ProxyWebhookEndpointsResource;
+function verifyProxyWebhookSignature(input) {
+    const parsed = parseSignatureHeader(input.header);
+    if (!parsed) {
+        return false;
+    }
+    const toleranceSeconds = input.toleranceSeconds ?? 300;
+    const nowSeconds = Math.floor(Date.now() / 1000);
+    if (Math.abs(nowSeconds - parsed.timestamp) > toleranceSeconds) {
+        return false;
+    }
+    const body = typeof input.body === "string" ? input.body : input.body.toString("utf8");
+    const expected = (0, node_crypto_1.createHmac)("sha256", input.secret)
+        .update(`${parsed.timestamp}.${body}`)
+        .digest("hex");
+    return parsed.signatures.some((signature) => timingSafeEqualString(expected, signature));
+}
+function constructProxyWebhookEvent(input) {
+    if (!verifyProxyWebhookSignature(input)) {
+        throw new ProxyWebhookSignatureVerificationError("Proxy webhook signature verification failed.");
+    }
+    const body = typeof input.body === "string" ? input.body : input.body.toString("utf8");
+    let parsed;
+    try {
+        parsed = JSON.parse(body);
+    }
+    catch {
+        throw new Error("Proxy webhook body must be valid JSON.");
+    }
+    const event = (0, response_validators_js_1.requireJsonObject)(parsed, "webhookEvent");
+    return {
+        data: (0, response_validators_js_1.requireJsonObject)(event.data, "webhookEvent.data"),
+        id: (0, response_validators_js_1.requireString)(event.id, "webhookEvent.id"),
+        schemaVersion: (0, response_validators_js_1.requireString)(event.schema_version, "webhookEvent.schemaVersion"),
+        type: (0, response_validators_js_1.requireString)(event.type, "webhookEvent.type"),
+    };
+}
+function toWebhookEndpointBody(input) {
+    return {
+        ...(input.eventTypes === undefined ? {} : { event_types: input.eventTypes }),
+        ...(input.status === undefined ? {} : { status: input.status }),
+        ...(input.url === undefined ? {} : { url: input.url }),
+    };
+}
+function toWebhookEndpointSecretResult(response, operation) {
+    const body = (0, response_validators_js_1.requireJsonObject)(response, operation);
+    return {
+        signingSecret: (0, response_validators_js_1.requireString)(body.signing_secret, `${operation}.signingSecret`),
+        webhookEndpoint: toWebhookEndpoint(body.webhook_endpoint),
+    };
+}
+function toWebhookEndpointEnvelope(response, operation) {
+    const body = (0, response_validators_js_1.requireJsonObject)(response, operation);
+    return toWebhookEndpoint(body.webhook_endpoint);
+}
+function toWebhookEndpoint(value) {
+    const body = (0, response_validators_js_1.requireJsonObject)(value, "webhookEndpoint");
+    return {
+        createdAt: (0, response_validators_js_1.requireString)(body.created_at, "webhookEndpoint.createdAt"),
+        eventSchemaVersion: (0, response_validators_js_1.requireString)(body.event_schema_version, "webhookEndpoint.eventSchemaVersion"),
+        eventTypes: (0, response_validators_js_1.requireStringArrayOrNull)(body.event_types, "webhookEndpoint.eventTypes"),
+        id: (0, response_validators_js_1.requireString)(body.id, "webhookEndpoint.id"),
+        previousSigningSecretExpiresAt: (0, response_validators_js_1.requireNullableString)(body.previous_signing_secret_expires_at, "webhookEndpoint.previousSigningSecretExpiresAt"),
+        status: (0, response_validators_js_1.requireString)(body.status, "webhookEndpoint.status"),
+        updatedAt: (0, response_validators_js_1.requireString)(body.updated_at, "webhookEndpoint.updatedAt"),
+        url: (0, response_validators_js_1.requireString)(body.url, "webhookEndpoint.url"),
+    };
+}
+function parseSignatureHeader(header) {
+    if (!header) {
+        return undefined;
+    }
+    let timestamp;
+    const signatures = [];
+    for (const part of header.split(",")) {
+        const [rawKey, rawValue] = part.split("=", 2);
+        const key = rawKey?.trim();
+        const value = rawValue?.trim();
+        if (key === "t") {
+            timestamp = Number(value);
+        }
+        else if (key === "v1" && value) {
+            signatures.push(value);
+        }
+    }
+    if (timestamp === undefined || !Number.isSafeInteger(timestamp) || signatures.length === 0) {
+        return undefined;
+    }
+    return {
+        signatures,
+        timestamp,
+    };
+}
+function timingSafeEqualString(left, right) {
+    const leftBuffer = Buffer.from(left, "hex");
+    const rightBuffer = Buffer.from(right, "hex");
+    return leftBuffer.length === rightBuffer.length && (0, node_crypto_1.timingSafeEqual)(leftBuffer, rightBuffer);
+}

package/dist/{version.d.ts → esm/version.d.ts}

@@ -1,3 +1,3 @@
 export declare const proxyCheckoutServerSdkName = "@proxy-checkout/server-js";
-export declare const proxyCheckoutServerSdkVersion = "0.0.4-pr-76.21.1";
-export declare const proxyCheckoutServerSdkUserAgent = "@proxy-checkout/server-js/0.0.4-pr-76.21.1";
+export declare const proxyCheckoutServerSdkVersion = "0.0.4-pr-76.22.1";
+export declare const proxyCheckoutServerSdkUserAgent = "@proxy-checkout/server-js/0.0.4-pr-76.22.1";

package/dist/{version.js → esm/version.js}

@@ -1,3 +1,3 @@
 export const proxyCheckoutServerSdkName = "@proxy-checkout/server-js";
-export const proxyCheckoutServerSdkVersion = "0.0.4-pr-76.21.1";
+export const proxyCheckoutServerSdkVersion = "0.0.4-pr-76.22.1";
 export const proxyCheckoutServerSdkUserAgent = `${proxyCheckoutServerSdkName}/${proxyCheckoutServerSdkVersion}`;

package/package.json

@@ -1,13 +1,14 @@
 {
   "description": "Server-side JavaScript SDK for Proxy merchant API calls.",
   "license": "MIT",
-  "module": "./dist/index.js",
+  "main": "./dist/cjs/index.js",
+  "module": "./dist/esm/index.js",
   "name": "@proxy-checkout/server-js",
   "private": false,
   "sideEffects": false,
   "type": "module",
-  "types": "./dist/index.d.ts",
-  "version": "0.0.4-pr-76.21.1",
+  "types": "./dist/esm/index.d.ts",
+  "version": "0.0.4-pr-76.22.1",
   "devDependencies": {
     "@types/node": "^24.12.4",
     "@vitest/coverage-v8": "4.1.7",
@@ -16,8 +17,9 @@
   },
   "exports": {
     ".": {
-      "import": "./dist/index.js",
-      "types": "./dist/index.d.ts"
+      "import": "./dist/esm/index.js",
+      "require": "./dist/cjs/index.js",
+      "types": "./dist/esm/index.d.ts"
     }
   },
   "files": [
@@ -40,7 +42,7 @@
     "url": "git+https://github.com/linuslabs/proxy.git"
   },
   "scripts": {
-    "build": "tsc -p tsconfig.build.json",
+    "build": "node ../../tools/sdk/build-dual-package.mjs",
     "test:all": "vitest run",
     "test:coverage": "vitest run --coverage.enabled --coverage.reportsDirectory=coverage/all",
     "test:coverage:changed": "vitest run --coverage.enabled --coverage.reportsDirectory=coverage/changed",