@riverbankcms/sdk 0.7.0 → 0.7.3

package/dist/server/chunk-5LRR64Y6.mjs

@@ -0,0 +1,72 @@
+// src/webhooks/verify.ts
+import crypto from "crypto";
+import { z } from "zod";
+var WebhookEventSchema = z.enum([
+  "page.published",
+  "entry.published",
+  "navigation.updated",
+  "theme.updated",
+  "site.settings_updated"
+]);
+var PagePublishedDataSchema = z.object({
+  pageId: z.string(),
+  path: z.string(),
+  slug: z.string().optional()
+});
+var EntryPublishedDataSchema = z.object({
+  entryId: z.string(),
+  path: z.string(),
+  contentType: z.string()
+});
+var NavigationUpdatedDataSchema = z.object({
+  menuId: z.string().optional()
+});
+var EmptyDataSchema = z.object({});
+var WebhookDataSchema = z.union([
+  PagePublishedDataSchema,
+  EntryPublishedDataSchema,
+  NavigationUpdatedDataSchema,
+  EmptyDataSchema
+]);
+var WebhookPayloadSchema = z.object({
+  /** Event type */
+  event: WebhookEventSchema,
+  /** ISO timestamp of when the event occurred */
+  timestamp: z.string(),
+  /** Site ID that triggered the event */
+  siteId: z.string(),
+  /** Event-specific data (shape depends on event type) */
+  data: z.record(z.string(), z.unknown()),
+  /** Cache invalidation tags (for tag-based revalidation) */
+  tags: z.array(z.string()).optional()
+});
+function verifyWebhookSignature(payload, signature, secret) {
+  const expectedSignature = crypto.createHmac("sha256", secret).update(payload).digest("hex");
+  if (signature.length !== expectedSignature.length) {
+    return false;
+  }
+  return crypto.timingSafeEqual(
+    Buffer.from(signature),
+    Buffer.from(expectedSignature)
+  );
+}
+function parseWebhookPayload(body) {
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch {
+    return { success: false, error: "Invalid JSON" };
+  }
+  const result = WebhookPayloadSchema.safeParse(parsed);
+  if (!result.success) {
+    return { success: false, error: `Invalid payload: ${result.error.message}` };
+  }
+  return { success: true, payload: result.data };
+}
+
+export {
+  WebhookPayloadSchema,
+  verifyWebhookSignature,
+  parseWebhookPayload
+};
+//# sourceMappingURL=chunk-5LRR64Y6.mjs.map

package/dist/server/chunk-5LRR64Y6.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts"],"sourcesContent":["/**\n * Webhook verification utilities for Riverbank SDK\n *\n * Provides framework-agnostic webhook signature verification and payload parsing.\n */\n\nimport crypto from 'crypto';\nimport { z } from 'zod';\n\n// ============================================================================\n// Webhook Event Types\n// ============================================================================\n\n/**\n * Supported webhook event types.\n * Keep in sync with apps/dashboard/src/lib/db/helpers/webhooks.ts\n */\nexport const WebhookEventSchema = z.enum([\n  'page.published',\n  'entry.published',\n  'navigation.updated',\n  'theme.updated',\n  'site.settings_updated',\n]);\n\nexport type WebhookEvent = z.infer<typeof WebhookEventSchema>;\n\n// ============================================================================\n// Event-Specific Data Schemas\n// ============================================================================\n\n/** Data for page.published events */\nexport const PagePublishedDataSchema = z.object({\n  pageId: z.string(),\n  path: z.string(),\n  slug: z.string().optional(),\n});\n\n/** Data for entry.published events */\nexport const EntryPublishedDataSchema = z.object({\n  entryId: z.string(),\n  path: z.string(),\n  contentType: z.string(),\n});\n\n/** Data for navigation.updated events */\nexport const NavigationUpdatedDataSchema = z.object({\n  menuId: z.string().optional(),\n});\n\n/** Data for theme.updated and site.settings_updated events (empty) */\nexport const EmptyDataSchema = z.object({});\n\n/**\n * Combined data schema that accepts any valid event data.\n * The actual shape depends on the event type.\n */\nexport const WebhookDataSchema = z.union([\n  PagePublishedDataSchema,\n  EntryPublishedDataSchema,\n  NavigationUpdatedDataSchema,\n  EmptyDataSchema,\n]);\n\nexport type PagePublishedData = z.infer<typeof PagePublishedDataSchema>;\nexport type EntryPublishedData = z.infer<typeof EntryPublishedDataSchema>;\nexport type NavigationUpdatedData = z.infer<typeof NavigationUpdatedDataSchema>;\n\n// ============================================================================\n// Webhook Payload Schema\n// ============================================================================\n\n/**\n * Zod schema for webhook payload validation.\n */\nexport const WebhookPayloadSchema = z.object({\n  /** Event type */\n  event: WebhookEventSchema,\n  /** ISO timestamp of when the event occurred */\n  timestamp: z.string(),\n  /** Site ID that triggered the event */\n  siteId: z.string(),\n  /** Event-specific data (shape depends on event type) */\n  data: z.record(z.string(), z.unknown()),\n  /** Cache invalidation tags (for tag-based revalidation) */\n  tags: z.array(z.string()).optional(),\n});\n\n/**\n * Webhook payload structure sent by the CMS.\n */\nexport type WebhookPayload = z.infer<typeof WebhookPayloadSchema>;\n\n/**\n * Type-safe webhook payload with discriminated data based on event type.\n */\nexport type TypedWebhookPayload =\n  | { event: 'page.published'; data: PagePublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'entry.published'; data: EntryPublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'navigation.updated'; data: NavigationUpdatedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'theme.updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'site.settings_updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] };\n\n/**\n * Verify a webhook signature using HMAC-SHA256.\n *\n * Uses timing-safe comparison to prevent timing attacks.\n *\n * @param payload - The raw request body as a string\n * @param signature - The X-Riverbank-Signature header value\n * @param secret - The webhook signing secret (RIVERBANK_WEBHOOK_SECRET)\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const signature = request.headers.get('x-riverbank-signature');\n * const secret = process.env.RIVERBANK_WEBHOOK_SECRET;\n *\n * if (!verifyWebhookSignature(body, signature, secret)) {\n *   return new Response('Invalid signature', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSignature(\n  payload: string,\n  signature: string,\n  secret: string\n): boolean {\n  const expectedSignature = crypto\n    .createHmac('sha256', secret)\n    .update(payload)\n    .digest('hex');\n\n  // Length check before timing-safe comparison\n  // timingSafeEqual throws if lengths differ\n  if (signature.length !== expectedSignature.length) {\n    return false;\n  }\n\n  // Timing-safe comparison to prevent timing attacks\n  return crypto.timingSafeEqual(\n    Buffer.from(signature),\n    Buffer.from(expectedSignature)\n  );\n}\n\n/**\n * Result type for webhook payload parsing.\n */\nexport type ParseWebhookResult =\n  | { success: true; payload: WebhookPayload }\n  | { success: false; error: string };\n\n/**\n * Parse and validate a webhook payload from the request body.\n *\n * Uses Zod schema validation to ensure the payload has the expected structure.\n *\n * @param body - The raw request body as a string\n * @returns A result object with either the validated payload or an error message\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const result = parseWebhookPayload(body);\n * if (!result.success) {\n *   return new Response(result.error, { status: 400 });\n * }\n * console.log(`Received ${result.payload.event} for site ${result.payload.siteId}`);\n * ```\n */\nexport function parseWebhookPayload(body: string): ParseWebhookResult {\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(body);\n  } catch {\n    return { success: false, error: 'Invalid JSON' };\n  }\n\n  const result = WebhookPayloadSchema.safeParse(parsed);\n  if (!result.success) {\n    return { success: false, error: `Invalid payload: ${result.error.message}` };\n  }\n\n  return { success: true, payload: result.data };\n}\n"],"mappings":";AAMA,OAAO,YAAY;AACnB,SAAS,SAAS;AAUX,IAAM,qBAAqB,EAAE,KAAK;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AASM,IAAM,0BAA0B,EAAE,OAAO;AAAA,EAC9C,QAAQ,EAAE,OAAO;AAAA,EACjB,MAAM,EAAE,OAAO;AAAA,EACf,MAAM,EAAE,OAAO,EAAE,SAAS;AAC5B,CAAC;AAGM,IAAM,2BAA2B,EAAE,OAAO;AAAA,EAC/C,SAAS,EAAE,OAAO;AAAA,EAClB,MAAM,EAAE,OAAO;AAAA,EACf,aAAa,EAAE,OAAO;AACxB,CAAC;AAGM,IAAM,8BAA8B,EAAE,OAAO;AAAA,EAClD,QAAQ,EAAE,OAAO,EAAE,SAAS;AAC9B,CAAC;AAGM,IAAM,kBAAkB,EAAE,OAAO,CAAC,CAAC;AAMnC,IAAM,oBAAoB,EAAE,MAAM;AAAA,EACvC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAaM,IAAM,uBAAuB,EAAE,OAAO;AAAA;AAAA,EAE3C,OAAO;AAAA;AAAA,EAEP,WAAW,EAAE,OAAO;AAAA;AAAA,EAEpB,QAAQ,EAAE,OAAO;AAAA;AAAA,EAEjB,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,QAAQ,CAAC;AAAA;AAAA,EAEtC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,SAAS;AACrC,CAAC;AAsCM,SAAS,uBACd,SACA,WACA,QACS;AACT,QAAM,oBAAoB,OACvB,WAAW,UAAU,MAAM,EAC3B,OAAO,OAAO,EACd,OAAO,KAAK;AAIf,MAAI,UAAU,WAAW,kBAAkB,QAAQ;AACjD,WAAO;AAAA,EACT;AAGA,SAAO,OAAO;AAAA,IACZ,OAAO,KAAK,SAAS;AAAA,IACrB,OAAO,KAAK,iBAAiB;AAAA,EAC/B;AACF;AA2BO,SAAS,oBAAoB,MAAkC;AACpE,MAAI;AACJ,MAAI;AACF,aAAS,KAAK,MAAM,IAAI;AAAA,EAC1B,QAAQ;AACN,WAAO,EAAE,SAAS,OAAO,OAAO,eAAe;AAAA,EACjD;AAEA,QAAM,SAAS,qBAAqB,UAAU,MAAM;AACpD,MAAI,CAAC,OAAO,SAAS;AACnB,WAAO,EAAE,SAAS,OAAO,OAAO,oBAAoB,OAAO,MAAM,OAAO,GAAG;AAAA,EAC7E;AAEA,SAAO,EAAE,SAAS,MAAM,SAAS,OAAO,KAAK;AAC/C;","names":[]}

package/dist/server/chunk-NBTRDLCM.js

@@ -0,0 +1,72 @@
+"use strict";Object.defineProperty(exports, "__esModule", {value: true}); function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }// src/webhooks/verify.ts
+var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
+var _zod = require('zod');
+var WebhookEventSchema = _zod.z.enum([
+  "page.published",
+  "entry.published",
+  "navigation.updated",
+  "theme.updated",
+  "site.settings_updated"
+]);
+var PagePublishedDataSchema = _zod.z.object({
+  pageId: _zod.z.string(),
+  path: _zod.z.string(),
+  slug: _zod.z.string().optional()
+});
+var EntryPublishedDataSchema = _zod.z.object({
+  entryId: _zod.z.string(),
+  path: _zod.z.string(),
+  contentType: _zod.z.string()
+});
+var NavigationUpdatedDataSchema = _zod.z.object({
+  menuId: _zod.z.string().optional()
+});
+var EmptyDataSchema = _zod.z.object({});
+var WebhookDataSchema = _zod.z.union([
+  PagePublishedDataSchema,
+  EntryPublishedDataSchema,
+  NavigationUpdatedDataSchema,
+  EmptyDataSchema
+]);
+var WebhookPayloadSchema = _zod.z.object({
+  /** Event type */
+  event: WebhookEventSchema,
+  /** ISO timestamp of when the event occurred */
+  timestamp: _zod.z.string(),
+  /** Site ID that triggered the event */
+  siteId: _zod.z.string(),
+  /** Event-specific data (shape depends on event type) */
+  data: _zod.z.record(_zod.z.string(), _zod.z.unknown()),
+  /** Cache invalidation tags (for tag-based revalidation) */
+  tags: _zod.z.array(_zod.z.string()).optional()
+});
+function verifyWebhookSignature(payload, signature, secret) {
+  const expectedSignature = _crypto2.default.createHmac("sha256", secret).update(payload).digest("hex");
+  if (signature.length !== expectedSignature.length) {
+    return false;
+  }
+  return _crypto2.default.timingSafeEqual(
+    Buffer.from(signature),
+    Buffer.from(expectedSignature)
+  );
+}
+function parseWebhookPayload(body) {
+  let parsed;
+  try {
+    parsed = JSON.parse(body);
+  } catch (e) {
+    return { success: false, error: "Invalid JSON" };
+  }
+  const result = WebhookPayloadSchema.safeParse(parsed);
+  if (!result.success) {
+    return { success: false, error: `Invalid payload: ${result.error.message}` };
+  }
+  return { success: true, payload: result.data };
+}
+
+
+
+
+
+exports.WebhookPayloadSchema = WebhookPayloadSchema; exports.verifyWebhookSignature = verifyWebhookSignature; exports.parseWebhookPayload = parseWebhookPayload;
+//# sourceMappingURL=chunk-NBTRDLCM.js.map

package/dist/server/chunk-NBTRDLCM.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-NBTRDLCM.js","../../src/webhooks/verify.ts"],"names":[],"mappings":"AAAA;ACMA,gFAAmB;AACnB,0BAAkB;AAUX,IAAM,mBAAA,EAAqB,MAAA,CAAE,IAAA,CAAK;AAAA,EACvC,gBAAA;AAAA,EACA,iBAAA;AAAA,EACA,oBAAA;AAAA,EACA,eAAA;AAAA,EACA;AACF,CAAC,CAAA;AASM,IAAM,wBAAA,EAA0B,MAAA,CAAE,MAAA,CAAO;AAAA,EAC9C,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACjB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACf,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAC5B,CAAC,CAAA;AAGM,IAAM,yBAAA,EAA2B,MAAA,CAAE,MAAA,CAAO;AAAA,EAC/C,OAAA,EAAS,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EAClB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA,EACf,WAAA,EAAa,MAAA,CAAE,MAAA,CAAO;AACxB,CAAC,CAAA;AAGM,IAAM,4BAAA,EAA8B,MAAA,CAAE,MAAA,CAAO;AAAA,EAClD,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA,CAAE,QAAA,CAAS;AAC9B,CAAC,CAAA;AAGM,IAAM,gBAAA,EAAkB,MAAA,CAAE,MAAA,CAAO,CAAC,CAAC,CAAA;AAMnC,IAAM,kBAAA,EAAoB,MAAA,CAAE,KAAA,CAAM;AAAA,EACvC,uBAAA;AAAA,EACA,wBAAA;AAAA,EACA,2BAAA;AAAA,EACA;AACF,CAAC,CAAA;AAaM,IAAM,qBAAA,EAAuB,MAAA,CAAE,MAAA,CAAO;AAAA;AAAA,EAE3C,KAAA,EAAO,kBAAA;AAAA;AAAA,EAEP,SAAA,EAAW,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA;AAAA,EAEpB,MAAA,EAAQ,MAAA,CAAE,MAAA,CAAO,CAAA;AAAA;AAAA,EAEjB,IAAA,EAAM,MAAA,CAAE,MAAA,CAAO,MAAA,CAAE,MAAA,CAAO,CAAA,EAAG,MAAA,CAAE,OAAA,CAAQ,CAAC,CAAA;AAAA;AAAA,EAEtC,IAAA,EAAM,MAAA,CAAE,KAAA,CAAM,MAAA,CAAE,MAAA,CAAO,CAAC,CAAA,CAAE,QAAA,CAAS;AACrC,CAAC,CAAA;AAsCM,SAAS,sBAAA,CACd,OAAA,EACA,SAAA,EACA,MAAA,EACS;AACT,EAAA,MAAM,kBAAA,EAAoB,gBAAA,CACvB,UAAA,CAAW,QAAA,EAAU,MAAM,CAAA,CAC3B,MAAA,CAAO,OAAO,CAAA,CACd,MAAA,CAAO,KAAK,CAAA;AAIf,EAAA,GAAA,CAAI,SAAA,CAAU,OAAA,IAAW,iBAAA,CAAkB,MAAA,EAAQ;AACjD,IAAA,OAAO,KAAA;AAAA,EACT;AAGA,EAAA,OAAO,gBAAA,CAAO,eAAA;AAAA,IACZ,MAAA,CAAO,IAAA,CAAK,SAAS,CAAA;AAAA,IACrB,MAAA,CAAO,IAAA,CAAK,iBAAiB;AAAA,EAC/B,CAAA;AACF;AA2BO,SAAS,mBAAA,CAAoB,IAAA,EAAkC;AACpE,EAAA,IAAI,MAAA;AACJ,EAAA,IAAI;AACF,IAAA,OAAA,EAAS,IAAA,CAAK,KAAA,CAAM,IAAI,CAAA;AAAA,EAC1B,EAAA,UAAQ;AACN,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,eAAe,CAAA;AAAA,EACjD;AAEA,EAAA,MAAM,OAAA,EAAS,oBAAA,CAAqB,SAAA,CAAU,MAAM,CAAA;AACpD,EAAA,GAAA,CAAI,CAAC,MAAA,CAAO,OAAA,EAAS;AACnB,IAAA,OAAO,EAAE,OAAA,EAAS,KAAA,EAAO,KAAA,EAAO,CAAA,iBAAA,EAAoB,MAAA,CAAO,KAAA,CAAM,OAAO,CAAA,EAAA;AAC1E,EAAA;AAE6C,EAAA;AAC/C;ADzH6E;AACA;AACA;AACA;AACA;AACA","file":"/Users/will/Projects/Business/cms/builder/packages/sdk/dist/server/chunk-NBTRDLCM.js","sourcesContent":[null,"/**\n * Webhook verification utilities for Riverbank SDK\n *\n * Provides framework-agnostic webhook signature verification and payload parsing.\n */\n\nimport crypto from 'crypto';\nimport { z } from 'zod';\n\n// ============================================================================\n// Webhook Event Types\n// ============================================================================\n\n/**\n * Supported webhook event types.\n * Keep in sync with apps/dashboard/src/lib/db/helpers/webhooks.ts\n */\nexport const WebhookEventSchema = z.enum([\n  'page.published',\n  'entry.published',\n  'navigation.updated',\n  'theme.updated',\n  'site.settings_updated',\n]);\n\nexport type WebhookEvent = z.infer<typeof WebhookEventSchema>;\n\n// ============================================================================\n// Event-Specific Data Schemas\n// ============================================================================\n\n/** Data for page.published events */\nexport const PagePublishedDataSchema = z.object({\n  pageId: z.string(),\n  path: z.string(),\n  slug: z.string().optional(),\n});\n\n/** Data for entry.published events */\nexport const EntryPublishedDataSchema = z.object({\n  entryId: z.string(),\n  path: z.string(),\n  contentType: z.string(),\n});\n\n/** Data for navigation.updated events */\nexport const NavigationUpdatedDataSchema = z.object({\n  menuId: z.string().optional(),\n});\n\n/** Data for theme.updated and site.settings_updated events (empty) */\nexport const EmptyDataSchema = z.object({});\n\n/**\n * Combined data schema that accepts any valid event data.\n * The actual shape depends on the event type.\n */\nexport const WebhookDataSchema = z.union([\n  PagePublishedDataSchema,\n  EntryPublishedDataSchema,\n  NavigationUpdatedDataSchema,\n  EmptyDataSchema,\n]);\n\nexport type PagePublishedData = z.infer<typeof PagePublishedDataSchema>;\nexport type EntryPublishedData = z.infer<typeof EntryPublishedDataSchema>;\nexport type NavigationUpdatedData = z.infer<typeof NavigationUpdatedDataSchema>;\n\n// ============================================================================\n// Webhook Payload Schema\n// ============================================================================\n\n/**\n * Zod schema for webhook payload validation.\n */\nexport const WebhookPayloadSchema = z.object({\n  /** Event type */\n  event: WebhookEventSchema,\n  /** ISO timestamp of when the event occurred */\n  timestamp: z.string(),\n  /** Site ID that triggered the event */\n  siteId: z.string(),\n  /** Event-specific data (shape depends on event type) */\n  data: z.record(z.string(), z.unknown()),\n  /** Cache invalidation tags (for tag-based revalidation) */\n  tags: z.array(z.string()).optional(),\n});\n\n/**\n * Webhook payload structure sent by the CMS.\n */\nexport type WebhookPayload = z.infer<typeof WebhookPayloadSchema>;\n\n/**\n * Type-safe webhook payload with discriminated data based on event type.\n */\nexport type TypedWebhookPayload =\n  | { event: 'page.published'; data: PagePublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'entry.published'; data: EntryPublishedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'navigation.updated'; data: NavigationUpdatedData; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'theme.updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] }\n  | { event: 'site.settings_updated'; data: Record<string, never>; siteId: string; timestamp: string; tags?: string[] };\n\n/**\n * Verify a webhook signature using HMAC-SHA256.\n *\n * Uses timing-safe comparison to prevent timing attacks.\n *\n * @param payload - The raw request body as a string\n * @param signature - The X-Riverbank-Signature header value\n * @param secret - The webhook signing secret (RIVERBANK_WEBHOOK_SECRET)\n * @returns true if signature is valid, false otherwise\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const signature = request.headers.get('x-riverbank-signature');\n * const secret = process.env.RIVERBANK_WEBHOOK_SECRET;\n *\n * if (!verifyWebhookSignature(body, signature, secret)) {\n *   return new Response('Invalid signature', { status: 401 });\n * }\n * ```\n */\nexport function verifyWebhookSignature(\n  payload: string,\n  signature: string,\n  secret: string\n): boolean {\n  const expectedSignature = crypto\n    .createHmac('sha256', secret)\n    .update(payload)\n    .digest('hex');\n\n  // Length check before timing-safe comparison\n  // timingSafeEqual throws if lengths differ\n  if (signature.length !== expectedSignature.length) {\n    return false;\n  }\n\n  // Timing-safe comparison to prevent timing attacks\n  return crypto.timingSafeEqual(\n    Buffer.from(signature),\n    Buffer.from(expectedSignature)\n  );\n}\n\n/**\n * Result type for webhook payload parsing.\n */\nexport type ParseWebhookResult =\n  | { success: true; payload: WebhookPayload }\n  | { success: false; error: string };\n\n/**\n * Parse and validate a webhook payload from the request body.\n *\n * Uses Zod schema validation to ensure the payload has the expected structure.\n *\n * @param body - The raw request body as a string\n * @returns A result object with either the validated payload or an error message\n *\n * @example\n * ```ts\n * const body = await request.text();\n * const result = parseWebhookPayload(body);\n * if (!result.success) {\n *   return new Response(result.error, { status: 400 });\n * }\n * console.log(`Received ${result.payload.event} for site ${result.payload.siteId}`);\n * ```\n */\nexport function parseWebhookPayload(body: string): ParseWebhookResult {\n  let parsed: unknown;\n  try {\n    parsed = JSON.parse(body);\n  } catch {\n    return { success: false, error: 'Invalid JSON' };\n  }\n\n  const result = WebhookPayloadSchema.safeParse(parsed);\n  if (!result.success) {\n    return { success: false, error: `Invalid payload: ${result.error.message}` };\n  }\n\n  return { success: true, payload: result.data };\n}\n"]}

package/dist/server/chunk-NFEGQTCC.mjs

@@ -0,0 +1,27 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+export {
+  __esm,
+  __export,
+  __toCommonJS
+};
+//# sourceMappingURL=chunk-NFEGQTCC.mjs.map