npm - @stableops/api-sdk - Versions diffs - 0.1.0 - Mend

@stableops/api-sdk 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

package/LICENSE +184 -0
package/README.md +117 -0
package/README.zh-CN.md +107 -0
package/dist/chunk-B2JLHYXK.mjs +83 -0
package/dist/chunk-B2JLHYXK.mjs.map +1 -0
package/dist/index.d.mts +247 -0
package/dist/index.d.ts +247 -0
package/dist/index.js +481 -0
package/dist/index.js.map +1 -0
package/dist/index.mjs +453 -0
package/dist/index.mjs.map +1 -0
package/dist/mock.d.mts +74 -0
package/dist/mock.d.ts +74 -0
package/dist/mock.js +268 -0
package/dist/mock.js.map +1 -0
package/dist/mock.mjs +219 -0
package/dist/mock.mjs.map +1 -0
package/dist/webhooks.d.mts +44 -0
package/dist/webhooks.d.ts +44 -0
package/dist/webhooks.js +134 -0
package/dist/webhooks.js.map +1 -0
package/dist/webhooks.mjs +37 -0
package/dist/webhooks.mjs.map +1 -0
package/package.json +87 -0

package/dist/mock.js ADDED Viewed

@@ -0,0 +1,268 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/mock-entry.ts
+var mock_entry_exports = {};
+__export(mock_entry_exports, {
+  MockServer: () => MockServer
+});
+module.exports = __toCommonJS(mock_entry_exports);
+// src/mock-server.ts
+var import_node_http = require("http");
+var import_node_crypto2 = require("crypto");
+// src/signature.ts
+var import_node_crypto = require("crypto");
+var DEFAULT_TOLERANCE_SECONDS = 5 * 60;
+function buildSignatureHeader({
+  secret,
+  timestamp,
+  rawBody
+}) {
+  return buildSignatureHeaderForSecrets({
+    secrets: [secret],
+    timestamp,
+    rawBody
+  });
+}
+function buildSignatureHeaderForSecrets({
+  secrets,
+  timestamp,
+  rawBody
+}) {
+  const payload = `${timestamp}.${rawBody}`;
+  const signatures = secrets.filter((secret) => secret.length > 0).map((secret) => (0, import_node_crypto.createHmac)("sha256", secret).update(payload).digest("hex"));
+  return `t=${timestamp},${signatures.map((signature) => `v1=${signature}`).join(",")}`;
+}
+// src/mock-server.ts
+var MockServer = class {
+  constructor(options = {}) {
+    this.options = options;
+    this.idFactory = options.idFactory ?? (() => (0, import_node_crypto2.randomUUID)());
+    this.secretFactory = options.secretFactory ?? (() => (0, import_node_crypto2.randomUUID)());
+    this.server = (0, import_node_http.createServer)((req, res) => this.handle(req, res));
+  }
+  options;
+  server;
+  orders = /* @__PURE__ */ new Map();
+  endpoints = /* @__PURE__ */ new Map();
+  idempotency = /* @__PURE__ */ new Map();
+  idFactory;
+  secretFactory;
+  listen() {
+    return new Promise((resolve) => {
+      this.server.listen(this.options.port ?? 0, this.options.host ?? "127.0.0.1", () => {
+        const address = this.server.address();
+        if (typeof address === "string" || address === null) {
+          resolve({ url: `http://${this.options.host ?? "127.0.0.1"}:${this.options.port ?? 0}` });
+          return;
+        }
+        resolve({ url: `http://${address.address}:${address.port}` });
+      });
+    });
+  }
+  async close() {
+    await new Promise((resolve, reject) => {
+      this.server.close((err) => err ? reject(err) : resolve());
+    });
+  }
+  // 暴露用于断言的内部状态。
+  snapshot() {
+    return {
+      orders: Array.from(this.orders.values()),
+      endpoints: Array.from(this.endpoints.values())
+    };
+  }
+  async handle(req, res) {
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const body = await readBody(req);
+    res.setHeader("content-type", "application/json");
+    try {
+      if (req.method === "POST" && url.pathname === "/v1/payment-orders") {
+        return this.createOrder(req, body, res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/payment-orders") {
+        return json(res, 200, { items: Array.from(this.orders.values()) });
+      }
+      const orderMatch = url.pathname.match(/^\/v1\/payment-orders\/([^/]+)$/u);
+      if (req.method === "GET" && orderMatch) {
+        const order = this.orders.get(orderMatch[1]);
+        return order ? json(res, 200, order) : json(res, 404, { code: "not_found" });
+      }
+      const cancelMatch = url.pathname.match(/^\/v1\/payment-orders\/([^/]+)\/cancel$/u);
+      if (req.method === "POST" && cancelMatch) {
+        return this.cancelOrder(cancelMatch[1], res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/events") {
+        return json(res, 200, { items: [] });
+      }
+      if (req.method === "POST" && url.pathname === "/v1/webhook-endpoints") {
+        return this.createEndpoint(body, res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/webhook-endpoints") {
+        return json(res, 200, {
+          items: Array.from(
+            this.endpoints.values(),
+            (endpoint) => webhookEndpointResponse(endpoint)
+          )
+        });
+      }
+      const endpointMatch = url.pathname.match(/^\/v1\/webhook-endpoints\/([^/]+)$/u);
+      if (req.method === "PATCH" && endpointMatch) {
+        return this.updateEndpoint(endpointMatch[1], body, res);
+      }
+      const rotateMatch = url.pathname.match(
+        /^\/v1\/webhook-endpoints\/([^/]+)\/rotate-secret$/u
+      );
+      if (req.method === "POST" && rotateMatch) {
+        return this.rotateEndpointSecret(rotateMatch[1], res);
+      }
+      json(res, 404, { code: "not_found" });
+    } catch (err) {
+      json(res, 500, { code: "internal", message: String(err) });
+    }
+  }
+  createOrder(req, body, res) {
+    const idem = headerValue(req, "idempotency-key");
+    if (idem && this.idempotency.has(idem)) {
+      const previous = this.idempotency.get(idem);
+      return json(res, 201, previous);
+    }
+    const input = body;
+    const id = this.idFactory();
+    const accepted = input.accepted_assets ?? [];
+    const order = {
+      id,
+      merchant_order_id: String(input.merchant_order_id ?? ""),
+      scenario: String(input.scenario ?? "generic"),
+      amount: String(input.amount ?? "0"),
+      requested_amount: String(input.amount ?? "0"),
+      settlement_asset: String(input.settlement_asset ?? "USDC"),
+      status: "created",
+      expires_at: input.expires_at ?? null,
+      metadata: input.metadata ?? null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      accepted_assets: accepted,
+      payment_instructions: accepted.length > 0 ? accepted.map((entry, index) => ({
+        chain: entry.chain,
+        asset: entry.asset,
+        address: `0xMOCK${id.slice(0, 8)}${index}`
+      })) : [{ chain: "base", asset: "USDC", address: `0xMOCK${id.slice(0, 8)}0` }],
+      timeline: [
+        { from: null, to: "created", reason: "order_created", at: (/* @__PURE__ */ new Date()).toISOString() }
+      ]
+    };
+    this.orders.set(id, order);
+    if (idem) this.idempotency.set(idem, order);
+    json(res, 201, order);
+  }
+  cancelOrder(id, res) {
+    const order = this.orders.get(id);
+    if (!order) return json(res, 404, { code: "not_found" });
+    order.status = "canceled";
+    order.timeline.push({
+      from: order.timeline[order.timeline.length - 1]?.to ?? "created",
+      to: "canceled",
+      reason: "manual_cancel",
+      at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    json(res, 200, order);
+  }
+  createEndpoint(body, res) {
+    const input = body;
+    const id = this.idFactory();
+    const secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`;
+    const endpoint = {
+      id,
+      url: String(input.url ?? ""),
+      description: input.description ?? null,
+      enabled_events: input.enabled_events ?? [],
+      redact_metadata: input.redact_metadata ?? false,
+      disabled_at: null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      secret
+    };
+    this.endpoints.set(id, endpoint);
+    json(res, 201, webhookEndpointResponse(endpoint, true));
+  }
+  updateEndpoint(id, body, res) {
+    const endpoint = this.endpoints.get(id);
+    if (!endpoint) return json(res, 404, { code: "not_found" });
+    const input = body;
+    if ("description" in input) {
+      endpoint.description = input.description ?? null;
+    }
+    if ("enabled_events" in input) {
+      endpoint.enabled_events = input.enabled_events;
+    }
+    if ("redact_metadata" in input) {
+      endpoint.redact_metadata = input.redact_metadata;
+    }
+    json(res, 200, webhookEndpointResponse(endpoint));
+  }
+  rotateEndpointSecret(id, res) {
+    const endpoint = this.endpoints.get(id);
+    if (!endpoint) return json(res, 404, { code: "not_found" });
+    endpoint.secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`;
+    json(res, 200, webhookEndpointResponse(endpoint, true));
+  }
+  // 暴露给测试：触发一次签名后的“delivery”，便于 webhook verifier 端到端测试。
+  buildSignedFixture(endpointId, eventType, payload) {
+    const endpoint = this.endpoints.get(endpointId);
+    if (!endpoint) throw new Error("endpoint not found");
+    const rawBody = JSON.stringify({ type: eventType, data: payload });
+    const timestamp = Math.floor(Date.now() / 1e3);
+    return {
+      header: buildSignatureHeader({ secret: endpoint.secret, timestamp, rawBody }),
+      rawBody,
+      secret: endpoint.secret
+    };
+  }
+};
+async function readBody(req) {
+  const chunks = [];
+  for await (const chunk of req) chunks.push(chunk);
+  if (chunks.length === 0) return null;
+  const text = Buffer.concat(chunks).toString("utf8");
+  try {
+    return JSON.parse(text);
+  } catch {
+    return text;
+  }
+}
+function json(res, status, body) {
+  res.statusCode = status;
+  res.end(JSON.stringify(body));
+}
+function headerValue(req, name) {
+  const raw = req.headers[name];
+  if (Array.isArray(raw)) return raw[0];
+  return raw;
+}
+function webhookEndpointResponse(endpoint, includeSecret = false) {
+  const { secret, ...response } = endpoint;
+  return includeSecret ? { ...response, secret } : response;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  MockServer
+});
+//# sourceMappingURL=mock.js.map

package/dist/mock.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/mock-entry.ts","../src/mock-server.ts","../src/signature.ts"],"sourcesContent":["export { MockServer, type MockServerOptions } from './mock-server'\n","import { createServer, type IncomingMessage, type Server, type ServerResponse } from 'node:http'\nimport { randomUUID } from 'node:crypto'\n\nimport { buildSignatureHeader } from './signature'\n\n// 极简内存版 mock，用于 SDK 集成测试与本地 docs 示例。\n// 仅模拟 v1/payment-orders 创建/查询/取消、v1/events 列表、v1/webhook-endpoints CRUD，\n// 以及签名 fixture 构造。生产环境的 NestJS 服务才是参考实现，这里只做开发体感。\n\nexport type MockServerOptions = {\n port?: number\n host?: string\n // 测试时常希望注入固定 id 生成器，便于断言。\n idFactory?: () => string\n // 与资源 id 分离，避免固定 id 时所有轮换都得到同一个 secret。\n secretFactory?: () => string\n}\n\ntype PaymentOrder = {\n id: string\n merchant_order_id: string\n scenario: string\n amount: string\n requested_amount: string\n settlement_asset: string\n status:\n | 'created'\n | 'detected'\n | 'confirmed'\n | 'finalized'\n | 'reverted'\n | 'expired'\n | 'canceled'\n expires_at: string | null\n metadata: unknown\n created_at: string\n accepted_assets: { chain: string; asset: string }[]\n payment_instructions: { chain: string; asset: string; address: string }[]\n timeline: { from: string | null; to: string; reason: string | null; at: string }[]\n}\n\ntype WebhookEndpoint = {\n id: string\n url: string\n description: string | null\n enabled_events: string[]\n redact_metadata: boolean\n disabled_at: string | null\n created_at: string\n secret: string\n}\n\nexport class MockServer {\n private readonly server: Server\n private readonly orders = new Map<string, PaymentOrder>()\n private readonly endpoints = new Map<string, WebhookEndpoint>()\n private readonly idempotency = new Map<string, PaymentOrder>()\n private readonly idFactory: () => string\n private readonly secretFactory: () => string\n\n constructor(private readonly options: MockServerOptions = {}) {\n this.idFactory = options.idFactory ?? (() => randomUUID())\n this.secretFactory = options.secretFactory ?? (() => randomUUID())\n this.server = createServer((req, res) => this.handle(req, res))\n }\n\n listen(): Promise<{ url: string }> {\n return new Promise((resolve) => {\n this.server.listen(this.options.port ?? 0, this.options.host ?? '127.0.0.1', () => {\n const address = this.server.address()\n if (typeof address === 'string' || address === null) {\n resolve({ url: `http://${this.options.host ?? '127.0.0.1'}:${this.options.port ?? 0}` })\n return\n }\n resolve({ url: `http://${address.address}:${address.port}` })\n })\n })\n }\n\n async close(): Promise<void> {\n await new Promise<void>((resolve, reject) => {\n this.server.close((err) => (err ? reject(err) : resolve()))\n })\n }\n\n // 暴露用于断言的内部状态。\n snapshot() {\n return {\n orders: Array.from(this.orders.values()),\n endpoints: Array.from(this.endpoints.values()),\n }\n }\n\n private async handle(req: IncomingMessage, res: ServerResponse) {\n const url = new URL(req.url ?? '/', 'http://localhost')\n const body = await readBody(req)\n res.setHeader('content-type', 'application/json')\n\n try {\n if (req.method === 'POST' && url.pathname === '/v1/payment-orders') {\n return this.createOrder(req, body, res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/payment-orders') {\n return json(res, 200, { items: Array.from(this.orders.values()) })\n }\n const orderMatch = url.pathname.match(/^\\/v1\\/payment-orders\\/([^/]+)$/u)\n if (req.method === 'GET' && orderMatch) {\n const order = this.orders.get(orderMatch[1])\n return order ? json(res, 200, order) : json(res, 404, { code: 'not_found' })\n }\n const cancelMatch = url.pathname.match(/^\\/v1\\/payment-orders\\/([^/]+)\\/cancel$/u)\n if (req.method === 'POST' && cancelMatch) {\n return this.cancelOrder(cancelMatch[1], res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/events') {\n return json(res, 200, { items: [] })\n }\n\n if (req.method === 'POST' && url.pathname === '/v1/webhook-endpoints') {\n return this.createEndpoint(body, res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/webhook-endpoints') {\n return json(res, 200, {\n items: Array.from(this.endpoints.values(), (endpoint) =>\n webhookEndpointResponse(endpoint),\n ),\n })\n }\n const endpointMatch = url.pathname.match(/^\\/v1\\/webhook-endpoints\\/([^/]+)$/u)\n if (req.method === 'PATCH' && endpointMatch) {\n return this.updateEndpoint(endpointMatch[1], body, res)\n }\n const rotateMatch = url.pathname.match(\n /^\\/v1\\/webhook-endpoints\\/([^/]+)\\/rotate-secret$/u,\n )\n if (req.method === 'POST' && rotateMatch) {\n return this.rotateEndpointSecret(rotateMatch[1], res)\n }\n\n json(res, 404, { code: 'not_found' })\n } catch (err) {\n json(res, 500, { code: 'internal', message: String(err) })\n }\n }\n\n private createOrder(req: IncomingMessage, body: unknown, res: ServerResponse) {\n const idem = headerValue(req, 'idempotency-key')\n if (idem && this.idempotency.has(idem)) {\n const previous = this.idempotency.get(idem)!\n return json(res, 201, previous)\n }\n const input = body as Record<string, unknown>\n const id = this.idFactory()\n const accepted = (input.accepted_assets as { chain: string; asset: string }[]) ?? []\n const order: PaymentOrder = {\n id,\n merchant_order_id: String(input.merchant_order_id ?? ''),\n scenario: String(input.scenario ?? 'generic'),\n amount: String(input.amount ?? '0'),\n requested_amount: String(input.amount ?? '0'),\n settlement_asset: String(input.settlement_asset ?? 'USDC'),\n status: 'created',\n expires_at: (input.expires_at as string | undefined) ?? null,\n metadata: input.metadata ?? null,\n created_at: new Date().toISOString(),\n accepted_assets: accepted,\n payment_instructions:\n accepted.length > 0\n ? accepted.map((entry, index) => ({\n chain: entry.chain,\n asset: entry.asset,\n address: `0xMOCK${id.slice(0, 8)}${index}`,\n }))\n : [{ chain: 'base', asset: 'USDC', address: `0xMOCK${id.slice(0, 8)}0` }],\n timeline: [\n { from: null, to: 'created', reason: 'order_created', at: new Date().toISOString() },\n ],\n }\n this.orders.set(id, order)\n if (idem) this.idempotency.set(idem, order)\n json(res, 201, order)\n }\n\n private cancelOrder(id: string, res: ServerResponse) {\n const order = this.orders.get(id)\n if (!order) return json(res, 404, { code: 'not_found' })\n order.status = 'canceled'\n order.timeline.push({\n from: order.timeline[order.timeline.length - 1]?.to ?? 'created',\n to: 'canceled',\n reason: 'manual_cancel',\n at: new Date().toISOString(),\n })\n json(res, 200, order)\n }\n\n private createEndpoint(body: unknown, res: ServerResponse) {\n const input = body as Record<string, unknown>\n const id = this.idFactory()\n const secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`\n const endpoint: WebhookEndpoint = {\n id,\n url: String(input.url ?? ''),\n description: (input.description as string | null) ?? null,\n enabled_events: (input.enabled_events as string[]) ?? [],\n redact_metadata: (input.redact_metadata as boolean | undefined) ?? false,\n disabled_at: null,\n created_at: new Date().toISOString(),\n secret,\n }\n this.endpoints.set(id, endpoint)\n json(res, 201, webhookEndpointResponse(endpoint, true))\n }\n\n private updateEndpoint(id: string, body: unknown, res: ServerResponse) {\n const endpoint = this.endpoints.get(id)\n if (!endpoint) return json(res, 404, { code: 'not_found' })\n const input = body as Record<string, unknown>\n if ('description' in input) {\n endpoint.description = (input.description as string | null) ?? null\n }\n if ('enabled_events' in input) {\n endpoint.enabled_events = input.enabled_events as string[]\n }\n if ('redact_metadata' in input) {\n endpoint.redact_metadata = input.redact_metadata as boolean\n }\n json(res, 200, webhookEndpointResponse(endpoint))\n }\n\n private rotateEndpointSecret(id: string, res: ServerResponse) {\n const endpoint = this.endpoints.get(id)\n if (!endpoint) return json(res, 404, { code: 'not_found' })\n endpoint.secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`\n json(res, 200, webhookEndpointResponse(endpoint, true))\n }\n\n // 暴露给测试：触发一次签名后的“delivery”，便于 webhook verifier 端到端测试。\n buildSignedFixture(endpointId: string, eventType: string, payload: unknown) {\n const endpoint = this.endpoints.get(endpointId)\n if (!endpoint) throw new Error('endpoint not found')\n const rawBody = JSON.stringify({ type: eventType, data: payload })\n const timestamp = Math.floor(Date.now() / 1000)\n return {\n header: buildSignatureHeader({ secret: endpoint.secret, timestamp, rawBody }),\n rawBody,\n secret: endpoint.secret,\n }\n }\n}\n\nasync function readBody(req: IncomingMessage): Promise<unknown> {\n const chunks: Buffer[] = []\n for await (const chunk of req) chunks.push(chunk as Buffer)\n if (chunks.length === 0) return null\n const text = Buffer.concat(chunks).toString('utf8')\n try {\n return JSON.parse(text)\n } catch {\n return text\n }\n}\n\nfunction json(res: ServerResponse, status: number, body: unknown): void {\n res.statusCode = status\n res.end(JSON.stringify(body))\n}\n\nfunction headerValue(req: IncomingMessage, name: string): string | undefined {\n const raw = req.headers[name]\n if (Array.isArray(raw)) return raw[0]\n return raw\n}\n\nfunction webhookEndpointResponse(\n endpoint: WebhookEndpoint,\n includeSecret = false,\n): Omit<WebhookEndpoint, 'secret'> & { secret?: string } {\n const { secret, ...response } = endpoint\n return includeSecret ? { ...response, secret } : response\n}\n","import { createHmac, timingSafeEqual } from 'node:crypto'\n\n// 与服务端 webhook 签名格式保持一致：\n// X-Product-Signature: t=<unix_ts>,v1=<hmac_sha256(t.rawBody)>\n// SDK 内联实现，避免发布包依赖内部 workspace 包。\n\nexport const SIGNATURE_HEADER = 'X-Product-Signature'\nexport const EVENT_ID_HEADER = 'X-Event-Id'\nexport const DELIVERY_ID_HEADER = 'X-Delivery-Id'\nexport const DEFAULT_TOLERANCE_SECONDS = 5 * 60\n\nexport type SignatureBuildInput = {\n secret: string\n timestamp: number\n rawBody: string\n}\n\nexport type MultiSignatureBuildInput = {\n secrets: readonly string[]\n timestamp: number\n rawBody: string\n}\n\nexport type VerifyInput = {\n secrets: readonly string[]\n header: string | undefined\n rawBody: string\n now?: number\n toleranceSeconds?: number\n}\n\nexport type VerifyResult =\n | { ok: true; timestamp: number }\n | {\n ok: false\n reason:\n | 'missing_header'\n | 'invalid_format'\n | 'timestamp_expired'\n | 'bad_signature'\n }\n\nexport function buildSignatureHeader({\n secret,\n timestamp,\n rawBody,\n}: SignatureBuildInput): string {\n return buildSignatureHeaderForSecrets({\n secrets: [secret],\n timestamp,\n rawBody,\n })\n}\n\nexport function buildSignatureHeaderForSecrets({\n secrets,\n timestamp,\n rawBody,\n}: MultiSignatureBuildInput): string {\n const payload = `${timestamp}.${rawBody}`\n const signatures = secrets\n .filter((secret) => secret.length > 0)\n .map((secret) => createHmac('sha256', secret).update(payload).digest('hex'))\n return `t=${timestamp},${signatures.map((signature) => `v1=${signature}`).join(',')}`\n}\n\nexport function verifySignature(input: VerifyInput): VerifyResult {\n if (!input.header) return { ok: false, reason: 'missing_header' }\n const parsed = parseHeader(input.header)\n if (!parsed) return { ok: false, reason: 'invalid_format' }\n\n const now = input.now ?? Math.floor(Date.now() / 1000)\n const tolerance = input.toleranceSeconds ?? DEFAULT_TOLERANCE_SECONDS\n if (Math.abs(now - parsed.timestamp) > tolerance) {\n return { ok: false, reason: 'timestamp_expired' }\n }\n\n const payload = `${parsed.timestamp}.${input.rawBody}`\n for (const secret of input.secrets) {\n if (!secret) continue\n const expected = createHmac('sha256', secret).update(payload).digest('hex')\n for (const signature of parsed.signatures) {\n if (safeEqualHex(expected, signature)) {\n return { ok: true, timestamp: parsed.timestamp }\n }\n }\n }\n return { ok: false, reason: 'bad_signature' }\n}\n\nfunction parseHeader(\n header: string,\n): { timestamp: number; signatures: string[] } | null {\n let timestamp: number | null = null\n const signatures: string[] = []\n for (const segment of header.split(',')) {\n const [key, value] = segment.trim().split('=')\n if (!key || !value) continue\n if (key === 't') {\n const ts = Number(value)\n if (Number.isFinite(ts)) timestamp = ts\n } else if (key === 'v1') {\n signatures.push(value)\n }\n }\n if (timestamp === null || signatures.length === 0) return null\n return { timestamp, signatures }\n}\n\nfunction safeEqualHex(a: string, b: string): boolean {\n if (!isSha256Hex(a) || !isSha256Hex(b)) return false\n const aBuffer = Buffer.from(a, 'hex')\n const bBuffer = Buffer.from(b, 'hex')\n return timingSafeEqual(aBuffer, bBuffer)\n}\n\nfunction isSha256Hex(value: string): boolean {\n return /^[a-f0-9]{64}$/i.test(value)\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,uBAAqF;AACrF,IAAAA,sBAA2B;;;ACD3B,yBAA4C;AASrC,IAAM,4BAA4B,IAAI;AAiCtC,SAAS,qBAAqB;AAAA,EACnC;AAAA,EACA;AAAA,EACA;AACF,GAAgC;AAC9B,SAAO,+BAA+B;AAAA,IACpC,SAAS,CAAC,MAAM;AAAA,IAChB;AAAA,IACA;AAAA,EACF,CAAC;AACH;AAEO,SAAS,+BAA+B;AAAA,EAC7C;AAAA,EACA;AAAA,EACA;AACF,GAAqC;AACnC,QAAM,UAAU,GAAG,SAAS,IAAI,OAAO;AACvC,QAAM,aAAa,QAChB,OAAO,CAAC,WAAW,OAAO,SAAS,CAAC,EACpC,IAAI,CAAC,eAAW,+BAAW,UAAU,MAAM,EAAE,OAAO,OAAO,EAAE,OAAO,KAAK,CAAC;AAC7E,SAAO,KAAK,SAAS,IAAI,WAAW,IAAI,CAAC,cAAc,MAAM,SAAS,EAAE,EAAE,KAAK,GAAG,CAAC;AACrF;;;ADZO,IAAM,aAAN,MAAiB;AAAA,EAQtB,YAA6B,UAA6B,CAAC,GAAG;AAAjC;AAC3B,SAAK,YAAY,QAAQ,cAAc,UAAM,gCAAW;AACxD,SAAK,gBAAgB,QAAQ,kBAAkB,UAAM,gCAAW;AAChE,SAAK,aAAS,+BAAa,CAAC,KAAK,QAAQ,KAAK,OAAO,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EAJ6B;AAAA,EAPZ;AAAA,EACA,SAAS,oBAAI,IAA0B;AAAA,EACvC,YAAY,oBAAI,IAA6B;AAAA,EAC7C,cAAc,oBAAI,IAA0B;AAAA,EAC5C;AAAA,EACA;AAAA,EAQjB,SAAmC;AACjC,WAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,WAAK,OAAO,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,QAAQ,QAAQ,aAAa,MAAM;AACjF,cAAM,UAAU,KAAK,OAAO,QAAQ;AACpC,YAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,kBAAQ,EAAE,KAAK,UAAU,KAAK,QAAQ,QAAQ,WAAW,IAAI,KAAK,QAAQ,QAAQ,CAAC,GAAG,CAAC;AACvF;AAAA,QACF;AACA,gBAAQ,EAAE,KAAK,UAAU,QAAQ,OAAO,IAAI,QAAQ,IAAI,GAAG,CAAC;AAAA,MAC9D,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,QAAuB;AAC3B,UAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,WAAK,OAAO,MAAM,CAAC,QAAS,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAE;AAAA,IAC5D,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,WAAW;AACT,WAAO;AAAA,MACL,QAAQ,MAAM,KAAK,KAAK,OAAO,OAAO,CAAC;AAAA,MACvC,WAAW,MAAM,KAAK,KAAK,UAAU,OAAO,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,MAAc,OAAO,KAAsB,KAAqB;AAC9D,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,OAAO,MAAM,SAAS,GAAG;AAC/B,QAAI,UAAU,gBAAgB,kBAAkB;AAEhD,QAAI;AACF,UAAI,IAAI,WAAW,UAAU,IAAI,aAAa,sBAAsB;AAClE,eAAO,KAAK,YAAY,KAAK,MAAM,GAAG;AAAA,MACxC;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,sBAAsB;AACjE,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,MAAM,KAAK,KAAK,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,MACnE;AACA,YAAM,aAAa,IAAI,SAAS,MAAM,kCAAkC;AACxE,UAAI,IAAI,WAAW,SAAS,YAAY;AACtC,cAAM,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC,CAAC;AAC3C,eAAO,QAAQ,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAAA,MAC7E;AACA,YAAM,cAAc,IAAI,SAAS,MAAM,0CAA0C;AACjF,UAAI,IAAI,WAAW,UAAU,aAAa;AACxC,eAAO,KAAK,YAAY,YAAY,CAAC,GAAG,GAAG;AAAA,MAC7C;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,cAAc;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;AAAA,MACrC;AAEA,UAAI,IAAI,WAAW,UAAU,IAAI,aAAa,yBAAyB;AACrE,eAAO,KAAK,eAAe,MAAM,GAAG;AAAA,MACtC;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,yBAAyB;AACpE,eAAO,KAAK,KAAK,KAAK;AAAA,UACpB,OAAO,MAAM;AAAA,YAAK,KAAK,UAAU,OAAO;AAAA,YAAG,CAAC,aAC1C,wBAAwB,QAAQ;AAAA,UAClC;AAAA,QACF,CAAC;AAAA,MACH;AACA,YAAM,gBAAgB,IAAI,SAAS,MAAM,qCAAqC;AAC9E,UAAI,IAAI,WAAW,WAAW,eAAe;AAC3C,eAAO,KAAK,eAAe,cAAc,CAAC,GAAG,MAAM,GAAG;AAAA,MACxD;AACA,YAAM,cAAc,IAAI,SAAS;AAAA,QAC/B;AAAA,MACF;AACA,UAAI,IAAI,WAAW,UAAU,aAAa;AACxC,eAAO,KAAK,qBAAqB,YAAY,CAAC,GAAG,GAAG;AAAA,MACtD;AAEA,WAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAAA,IACtC,SAAS,KAAK;AACZ,WAAK,KAAK,KAAK,EAAE,MAAM,YAAY,SAAS,OAAO,GAAG,EAAE,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEQ,YAAY,KAAsB,MAAe,KAAqB;AAC5E,UAAM,OAAO,YAAY,KAAK,iBAAiB;AAC/C,QAAI,QAAQ,KAAK,YAAY,IAAI,IAAI,GAAG;AACtC,YAAM,WAAW,KAAK,YAAY,IAAI,IAAI;AAC1C,aAAO,KAAK,KAAK,KAAK,QAAQ;AAAA,IAChC;AACA,UAAM,QAAQ;AACd,UAAM,KAAK,KAAK,UAAU;AAC1B,UAAM,WAAY,MAAM,mBAA0D,CAAC;AACnF,UAAM,QAAsB;AAAA,MAC1B;AAAA,MACA,mBAAmB,OAAO,MAAM,qBAAqB,EAAE;AAAA,MACvD,UAAU,OAAO,MAAM,YAAY,SAAS;AAAA,MAC5C,QAAQ,OAAO,MAAM,UAAU,GAAG;AAAA,MAClC,kBAAkB,OAAO,MAAM,UAAU,GAAG;AAAA,MAC5C,kBAAkB,OAAO,MAAM,oBAAoB,MAAM;AAAA,MACzD,QAAQ;AAAA,MACR,YAAa,MAAM,cAAqC;AAAA,MACxD,UAAU,MAAM,YAAY;AAAA,MAC5B,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,iBAAiB;AAAA,MACjB,sBACE,SAAS,SAAS,IACd,SAAS,IAAI,CAAC,OAAO,WAAW;AAAA,QAC9B,OAAO,MAAM;AAAA,QACb,OAAO,MAAM;AAAA,QACb,SAAS,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,GAAG,KAAK;AAAA,MAC1C,EAAE,IACF,CAAC,EAAE,OAAO,QAAQ,OAAO,QAAQ,SAAS,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC;AAAA,MAC5E,UAAU;AAAA,QACR,EAAE,MAAM,MAAM,IAAI,WAAW,QAAQ,iBAAiB,KAAI,oBAAI,KAAK,GAAE,YAAY,EAAE;AAAA,MACrF;AAAA,IACF;AACA,SAAK,OAAO,IAAI,IAAI,KAAK;AACzB,QAAI,KAAM,MAAK,YAAY,IAAI,MAAM,KAAK;AAC1C,SAAK,KAAK,KAAK,KAAK;AAAA,EACtB;AAAA,EAEQ,YAAY,IAAY,KAAqB;AACnD,UAAM,QAAQ,KAAK,OAAO,IAAI,EAAE;AAChC,QAAI,CAAC,MAAO,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AACvD,UAAM,SAAS;AACf,UAAM,SAAS,KAAK;AAAA,MAClB,MAAM,MAAM,SAAS,MAAM,SAAS,SAAS,CAAC,GAAG,MAAM;AAAA,MACvD,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,IAC7B,CAAC;AACD,SAAK,KAAK,KAAK,KAAK;AAAA,EACtB;AAAA,EAEQ,eAAe,MAAe,KAAqB;AACzD,UAAM,QAAQ;AACd,UAAM,KAAK,KAAK,UAAU;AAC1B,UAAM,SAAS,cAAc,KAAK,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC;AAC9D,UAAM,WAA4B;AAAA,MAChC;AAAA,MACA,KAAK,OAAO,MAAM,OAAO,EAAE;AAAA,MAC3B,aAAc,MAAM,eAAiC;AAAA,MACrD,gBAAiB,MAAM,kBAA+B,CAAC;AAAA,MACvD,iBAAkB,MAAM,mBAA2C;AAAA,MACnE,aAAa;AAAA,MACb,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC;AAAA,IACF;AACA,SAAK,UAAU,IAAI,IAAI,QAAQ;AAC/B,SAAK,KAAK,KAAK,wBAAwB,UAAU,IAAI,CAAC;AAAA,EACxD;AAAA,EAEQ,eAAe,IAAY,MAAe,KAAqB;AACrE,UAAM,WAAW,KAAK,UAAU,IAAI,EAAE;AACtC,QAAI,CAAC,SAAU,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAC1D,UAAM,QAAQ;AACd,QAAI,iBAAiB,OAAO;AAC1B,eAAS,cAAe,MAAM,eAAiC;AAAA,IACjE;AACA,QAAI,oBAAoB,OAAO;AAC7B,eAAS,iBAAiB,MAAM;AAAA,IAClC;AACA,QAAI,qBAAqB,OAAO;AAC9B,eAAS,kBAAkB,MAAM;AAAA,IACnC;AACA,SAAK,KAAK,KAAK,wBAAwB,QAAQ,CAAC;AAAA,EAClD;AAAA,EAEQ,qBAAqB,IAAY,KAAqB;AAC5D,UAAM,WAAW,KAAK,UAAU,IAAI,EAAE;AACtC,QAAI,CAAC,SAAU,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAC1D,aAAS,SAAS,cAAc,KAAK,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC;AACjE,SAAK,KAAK,KAAK,wBAAwB,UAAU,IAAI,CAAC;AAAA,EACxD;AAAA;AAAA,EAGA,mBAAmB,YAAoB,WAAmB,SAAkB;AAC1E,UAAM,WAAW,KAAK,UAAU,IAAI,UAAU;AAC9C,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,oBAAoB;AACnD,UAAM,UAAU,KAAK,UAAU,EAAE,MAAM,WAAW,MAAM,QAAQ,CAAC;AACjE,UAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,WAAO;AAAA,MACL,QAAQ,qBAAqB,EAAE,QAAQ,SAAS,QAAQ,WAAW,QAAQ,CAAC;AAAA,MAC5E;AAAA,MACA,QAAQ,SAAS;AAAA,IACnB;AAAA,EACF;AACF;AAEA,eAAe,SAAS,KAAwC;AAC9D,QAAM,SAAmB,CAAC;AAC1B,mBAAiB,SAAS,IAAK,QAAO,KAAK,KAAe;AAC1D,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,OAAO,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM;AAClD,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,KAAK,KAAqB,QAAgB,MAAqB;AACtE,MAAI,aAAa;AACjB,MAAI,IAAI,KAAK,UAAU,IAAI,CAAC;AAC9B;AAEA,SAAS,YAAY,KAAsB,MAAkC;AAC3E,QAAM,MAAM,IAAI,QAAQ,IAAI;AAC5B,MAAI,MAAM,QAAQ,GAAG,EAAG,QAAO,IAAI,CAAC;AACpC,SAAO;AACT;AAEA,SAAS,wBACP,UACA,gBAAgB,OACuC;AACvD,QAAM,EAAE,QAAQ,GAAG,SAAS,IAAI;AAChC,SAAO,gBAAgB,EAAE,GAAG,UAAU,OAAO,IAAI;AACnD;","names":["import_node_crypto"]}

package/dist/mock.mjs ADDED Viewed

@@ -0,0 +1,219 @@
+import {
+  buildSignatureHeader
+} from "./chunk-B2JLHYXK.mjs";
+// src/mock-server.ts
+import { createServer } from "http";
+import { randomUUID } from "crypto";
+var MockServer = class {
+  constructor(options = {}) {
+    this.options = options;
+    this.idFactory = options.idFactory ?? (() => randomUUID());
+    this.secretFactory = options.secretFactory ?? (() => randomUUID());
+    this.server = createServer((req, res) => this.handle(req, res));
+  }
+  options;
+  server;
+  orders = /* @__PURE__ */ new Map();
+  endpoints = /* @__PURE__ */ new Map();
+  idempotency = /* @__PURE__ */ new Map();
+  idFactory;
+  secretFactory;
+  listen() {
+    return new Promise((resolve) => {
+      this.server.listen(this.options.port ?? 0, this.options.host ?? "127.0.0.1", () => {
+        const address = this.server.address();
+        if (typeof address === "string" || address === null) {
+          resolve({ url: `http://${this.options.host ?? "127.0.0.1"}:${this.options.port ?? 0}` });
+          return;
+        }
+        resolve({ url: `http://${address.address}:${address.port}` });
+      });
+    });
+  }
+  async close() {
+    await new Promise((resolve, reject) => {
+      this.server.close((err) => err ? reject(err) : resolve());
+    });
+  }
+  // 暴露用于断言的内部状态。
+  snapshot() {
+    return {
+      orders: Array.from(this.orders.values()),
+      endpoints: Array.from(this.endpoints.values())
+    };
+  }
+  async handle(req, res) {
+    const url = new URL(req.url ?? "/", "http://localhost");
+    const body = await readBody(req);
+    res.setHeader("content-type", "application/json");
+    try {
+      if (req.method === "POST" && url.pathname === "/v1/payment-orders") {
+        return this.createOrder(req, body, res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/payment-orders") {
+        return json(res, 200, { items: Array.from(this.orders.values()) });
+      }
+      const orderMatch = url.pathname.match(/^\/v1\/payment-orders\/([^/]+)$/u);
+      if (req.method === "GET" && orderMatch) {
+        const order = this.orders.get(orderMatch[1]);
+        return order ? json(res, 200, order) : json(res, 404, { code: "not_found" });
+      }
+      const cancelMatch = url.pathname.match(/^\/v1\/payment-orders\/([^/]+)\/cancel$/u);
+      if (req.method === "POST" && cancelMatch) {
+        return this.cancelOrder(cancelMatch[1], res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/events") {
+        return json(res, 200, { items: [] });
+      }
+      if (req.method === "POST" && url.pathname === "/v1/webhook-endpoints") {
+        return this.createEndpoint(body, res);
+      }
+      if (req.method === "GET" && url.pathname === "/v1/webhook-endpoints") {
+        return json(res, 200, {
+          items: Array.from(
+            this.endpoints.values(),
+            (endpoint) => webhookEndpointResponse(endpoint)
+          )
+        });
+      }
+      const endpointMatch = url.pathname.match(/^\/v1\/webhook-endpoints\/([^/]+)$/u);
+      if (req.method === "PATCH" && endpointMatch) {
+        return this.updateEndpoint(endpointMatch[1], body, res);
+      }
+      const rotateMatch = url.pathname.match(
+        /^\/v1\/webhook-endpoints\/([^/]+)\/rotate-secret$/u
+      );
+      if (req.method === "POST" && rotateMatch) {
+        return this.rotateEndpointSecret(rotateMatch[1], res);
+      }
+      json(res, 404, { code: "not_found" });
+    } catch (err) {
+      json(res, 500, { code: "internal", message: String(err) });
+    }
+  }
+  createOrder(req, body, res) {
+    const idem = headerValue(req, "idempotency-key");
+    if (idem && this.idempotency.has(idem)) {
+      const previous = this.idempotency.get(idem);
+      return json(res, 201, previous);
+    }
+    const input = body;
+    const id = this.idFactory();
+    const accepted = input.accepted_assets ?? [];
+    const order = {
+      id,
+      merchant_order_id: String(input.merchant_order_id ?? ""),
+      scenario: String(input.scenario ?? "generic"),
+      amount: String(input.amount ?? "0"),
+      requested_amount: String(input.amount ?? "0"),
+      settlement_asset: String(input.settlement_asset ?? "USDC"),
+      status: "created",
+      expires_at: input.expires_at ?? null,
+      metadata: input.metadata ?? null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      accepted_assets: accepted,
+      payment_instructions: accepted.length > 0 ? accepted.map((entry, index) => ({
+        chain: entry.chain,
+        asset: entry.asset,
+        address: `0xMOCK${id.slice(0, 8)}${index}`
+      })) : [{ chain: "base", asset: "USDC", address: `0xMOCK${id.slice(0, 8)}0` }],
+      timeline: [
+        { from: null, to: "created", reason: "order_created", at: (/* @__PURE__ */ new Date()).toISOString() }
+      ]
+    };
+    this.orders.set(id, order);
+    if (idem) this.idempotency.set(idem, order);
+    json(res, 201, order);
+  }
+  cancelOrder(id, res) {
+    const order = this.orders.get(id);
+    if (!order) return json(res, 404, { code: "not_found" });
+    order.status = "canceled";
+    order.timeline.push({
+      from: order.timeline[order.timeline.length - 1]?.to ?? "created",
+      to: "canceled",
+      reason: "manual_cancel",
+      at: (/* @__PURE__ */ new Date()).toISOString()
+    });
+    json(res, 200, order);
+  }
+  createEndpoint(body, res) {
+    const input = body;
+    const id = this.idFactory();
+    const secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`;
+    const endpoint = {
+      id,
+      url: String(input.url ?? ""),
+      description: input.description ?? null,
+      enabled_events: input.enabled_events ?? [],
+      redact_metadata: input.redact_metadata ?? false,
+      disabled_at: null,
+      created_at: (/* @__PURE__ */ new Date()).toISOString(),
+      secret
+    };
+    this.endpoints.set(id, endpoint);
+    json(res, 201, webhookEndpointResponse(endpoint, true));
+  }
+  updateEndpoint(id, body, res) {
+    const endpoint = this.endpoints.get(id);
+    if (!endpoint) return json(res, 404, { code: "not_found" });
+    const input = body;
+    if ("description" in input) {
+      endpoint.description = input.description ?? null;
+    }
+    if ("enabled_events" in input) {
+      endpoint.enabled_events = input.enabled_events;
+    }
+    if ("redact_metadata" in input) {
+      endpoint.redact_metadata = input.redact_metadata;
+    }
+    json(res, 200, webhookEndpointResponse(endpoint));
+  }
+  rotateEndpointSecret(id, res) {
+    const endpoint = this.endpoints.get(id);
+    if (!endpoint) return json(res, 404, { code: "not_found" });
+    endpoint.secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`;
+    json(res, 200, webhookEndpointResponse(endpoint, true));
+  }
+  // 暴露给测试：触发一次签名后的“delivery”，便于 webhook verifier 端到端测试。
+  buildSignedFixture(endpointId, eventType, payload) {
+    const endpoint = this.endpoints.get(endpointId);
+    if (!endpoint) throw new Error("endpoint not found");
+    const rawBody = JSON.stringify({ type: eventType, data: payload });
+    const timestamp = Math.floor(Date.now() / 1e3);
+    return {
+      header: buildSignatureHeader({ secret: endpoint.secret, timestamp, rawBody }),
+      rawBody,
+      secret: endpoint.secret
+    };
+  }
+};
+async function readBody(req) {
+  const chunks = [];
+  for await (const chunk of req) chunks.push(chunk);
+  if (chunks.length === 0) return null;
+  const text = Buffer.concat(chunks).toString("utf8");
+  try {
+    return JSON.parse(text);
+  } catch {
+    return text;
+  }
+}
+function json(res, status, body) {
+  res.statusCode = status;
+  res.end(JSON.stringify(body));
+}
+function headerValue(req, name) {
+  const raw = req.headers[name];
+  if (Array.isArray(raw)) return raw[0];
+  return raw;
+}
+function webhookEndpointResponse(endpoint, includeSecret = false) {
+  const { secret, ...response } = endpoint;
+  return includeSecret ? { ...response, secret } : response;
+}
+export {
+  MockServer
+};
+//# sourceMappingURL=mock.mjs.map

package/dist/mock.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/mock-server.ts"],"sourcesContent":["import { createServer, type IncomingMessage, type Server, type ServerResponse } from 'node:http'\nimport { randomUUID } from 'node:crypto'\n\nimport { buildSignatureHeader } from './signature'\n\n// 极简内存版 mock，用于 SDK 集成测试与本地 docs 示例。\n// 仅模拟 v1/payment-orders 创建/查询/取消、v1/events 列表、v1/webhook-endpoints CRUD，\n// 以及签名 fixture 构造。生产环境的 NestJS 服务才是参考实现，这里只做开发体感。\n\nexport type MockServerOptions = {\n port?: number\n host?: string\n // 测试时常希望注入固定 id 生成器，便于断言。\n idFactory?: () => string\n // 与资源 id 分离，避免固定 id 时所有轮换都得到同一个 secret。\n secretFactory?: () => string\n}\n\ntype PaymentOrder = {\n id: string\n merchant_order_id: string\n scenario: string\n amount: string\n requested_amount: string\n settlement_asset: string\n status:\n | 'created'\n | 'detected'\n | 'confirmed'\n | 'finalized'\n | 'reverted'\n | 'expired'\n | 'canceled'\n expires_at: string | null\n metadata: unknown\n created_at: string\n accepted_assets: { chain: string; asset: string }[]\n payment_instructions: { chain: string; asset: string; address: string }[]\n timeline: { from: string | null; to: string; reason: string | null; at: string }[]\n}\n\ntype WebhookEndpoint = {\n id: string\n url: string\n description: string | null\n enabled_events: string[]\n redact_metadata: boolean\n disabled_at: string | null\n created_at: string\n secret: string\n}\n\nexport class MockServer {\n private readonly server: Server\n private readonly orders = new Map<string, PaymentOrder>()\n private readonly endpoints = new Map<string, WebhookEndpoint>()\n private readonly idempotency = new Map<string, PaymentOrder>()\n private readonly idFactory: () => string\n private readonly secretFactory: () => string\n\n constructor(private readonly options: MockServerOptions = {}) {\n this.idFactory = options.idFactory ?? (() => randomUUID())\n this.secretFactory = options.secretFactory ?? (() => randomUUID())\n this.server = createServer((req, res) => this.handle(req, res))\n }\n\n listen(): Promise<{ url: string }> {\n return new Promise((resolve) => {\n this.server.listen(this.options.port ?? 0, this.options.host ?? '127.0.0.1', () => {\n const address = this.server.address()\n if (typeof address === 'string' || address === null) {\n resolve({ url: `http://${this.options.host ?? '127.0.0.1'}:${this.options.port ?? 0}` })\n return\n }\n resolve({ url: `http://${address.address}:${address.port}` })\n })\n })\n }\n\n async close(): Promise<void> {\n await new Promise<void>((resolve, reject) => {\n this.server.close((err) => (err ? reject(err) : resolve()))\n })\n }\n\n // 暴露用于断言的内部状态。\n snapshot() {\n return {\n orders: Array.from(this.orders.values()),\n endpoints: Array.from(this.endpoints.values()),\n }\n }\n\n private async handle(req: IncomingMessage, res: ServerResponse) {\n const url = new URL(req.url ?? '/', 'http://localhost')\n const body = await readBody(req)\n res.setHeader('content-type', 'application/json')\n\n try {\n if (req.method === 'POST' && url.pathname === '/v1/payment-orders') {\n return this.createOrder(req, body, res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/payment-orders') {\n return json(res, 200, { items: Array.from(this.orders.values()) })\n }\n const orderMatch = url.pathname.match(/^\\/v1\\/payment-orders\\/([^/]+)$/u)\n if (req.method === 'GET' && orderMatch) {\n const order = this.orders.get(orderMatch[1])\n return order ? json(res, 200, order) : json(res, 404, { code: 'not_found' })\n }\n const cancelMatch = url.pathname.match(/^\\/v1\\/payment-orders\\/([^/]+)\\/cancel$/u)\n if (req.method === 'POST' && cancelMatch) {\n return this.cancelOrder(cancelMatch[1], res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/events') {\n return json(res, 200, { items: [] })\n }\n\n if (req.method === 'POST' && url.pathname === '/v1/webhook-endpoints') {\n return this.createEndpoint(body, res)\n }\n if (req.method === 'GET' && url.pathname === '/v1/webhook-endpoints') {\n return json(res, 200, {\n items: Array.from(this.endpoints.values(), (endpoint) =>\n webhookEndpointResponse(endpoint),\n ),\n })\n }\n const endpointMatch = url.pathname.match(/^\\/v1\\/webhook-endpoints\\/([^/]+)$/u)\n if (req.method === 'PATCH' && endpointMatch) {\n return this.updateEndpoint(endpointMatch[1], body, res)\n }\n const rotateMatch = url.pathname.match(\n /^\\/v1\\/webhook-endpoints\\/([^/]+)\\/rotate-secret$/u,\n )\n if (req.method === 'POST' && rotateMatch) {\n return this.rotateEndpointSecret(rotateMatch[1], res)\n }\n\n json(res, 404, { code: 'not_found' })\n } catch (err) {\n json(res, 500, { code: 'internal', message: String(err) })\n }\n }\n\n private createOrder(req: IncomingMessage, body: unknown, res: ServerResponse) {\n const idem = headerValue(req, 'idempotency-key')\n if (idem && this.idempotency.has(idem)) {\n const previous = this.idempotency.get(idem)!\n return json(res, 201, previous)\n }\n const input = body as Record<string, unknown>\n const id = this.idFactory()\n const accepted = (input.accepted_assets as { chain: string; asset: string }[]) ?? []\n const order: PaymentOrder = {\n id,\n merchant_order_id: String(input.merchant_order_id ?? ''),\n scenario: String(input.scenario ?? 'generic'),\n amount: String(input.amount ?? '0'),\n requested_amount: String(input.amount ?? '0'),\n settlement_asset: String(input.settlement_asset ?? 'USDC'),\n status: 'created',\n expires_at: (input.expires_at as string | undefined) ?? null,\n metadata: input.metadata ?? null,\n created_at: new Date().toISOString(),\n accepted_assets: accepted,\n payment_instructions:\n accepted.length > 0\n ? accepted.map((entry, index) => ({\n chain: entry.chain,\n asset: entry.asset,\n address: `0xMOCK${id.slice(0, 8)}${index}`,\n }))\n : [{ chain: 'base', asset: 'USDC', address: `0xMOCK${id.slice(0, 8)}0` }],\n timeline: [\n { from: null, to: 'created', reason: 'order_created', at: new Date().toISOString() },\n ],\n }\n this.orders.set(id, order)\n if (idem) this.idempotency.set(idem, order)\n json(res, 201, order)\n }\n\n private cancelOrder(id: string, res: ServerResponse) {\n const order = this.orders.get(id)\n if (!order) return json(res, 404, { code: 'not_found' })\n order.status = 'canceled'\n order.timeline.push({\n from: order.timeline[order.timeline.length - 1]?.to ?? 'created',\n to: 'canceled',\n reason: 'manual_cancel',\n at: new Date().toISOString(),\n })\n json(res, 200, order)\n }\n\n private createEndpoint(body: unknown, res: ServerResponse) {\n const input = body as Record<string, unknown>\n const id = this.idFactory()\n const secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`\n const endpoint: WebhookEndpoint = {\n id,\n url: String(input.url ?? ''),\n description: (input.description as string | null) ?? null,\n enabled_events: (input.enabled_events as string[]) ?? [],\n redact_metadata: (input.redact_metadata as boolean | undefined) ?? false,\n disabled_at: null,\n created_at: new Date().toISOString(),\n secret,\n }\n this.endpoints.set(id, endpoint)\n json(res, 201, webhookEndpointResponse(endpoint, true))\n }\n\n private updateEndpoint(id: string, body: unknown, res: ServerResponse) {\n const endpoint = this.endpoints.get(id)\n if (!endpoint) return json(res, 404, { code: 'not_found' })\n const input = body as Record<string, unknown>\n if ('description' in input) {\n endpoint.description = (input.description as string | null) ?? null\n }\n if ('enabled_events' in input) {\n endpoint.enabled_events = input.enabled_events as string[]\n }\n if ('redact_metadata' in input) {\n endpoint.redact_metadata = input.redact_metadata as boolean\n }\n json(res, 200, webhookEndpointResponse(endpoint))\n }\n\n private rotateEndpointSecret(id: string, res: ServerResponse) {\n const endpoint = this.endpoints.get(id)\n if (!endpoint) return json(res, 404, { code: 'not_found' })\n endpoint.secret = `whsec_mock_${this.secretFactory().slice(0, 12)}`\n json(res, 200, webhookEndpointResponse(endpoint, true))\n }\n\n // 暴露给测试：触发一次签名后的“delivery”，便于 webhook verifier 端到端测试。\n buildSignedFixture(endpointId: string, eventType: string, payload: unknown) {\n const endpoint = this.endpoints.get(endpointId)\n if (!endpoint) throw new Error('endpoint not found')\n const rawBody = JSON.stringify({ type: eventType, data: payload })\n const timestamp = Math.floor(Date.now() / 1000)\n return {\n header: buildSignatureHeader({ secret: endpoint.secret, timestamp, rawBody }),\n rawBody,\n secret: endpoint.secret,\n }\n }\n}\n\nasync function readBody(req: IncomingMessage): Promise<unknown> {\n const chunks: Buffer[] = []\n for await (const chunk of req) chunks.push(chunk as Buffer)\n if (chunks.length === 0) return null\n const text = Buffer.concat(chunks).toString('utf8')\n try {\n return JSON.parse(text)\n } catch {\n return text\n }\n}\n\nfunction json(res: ServerResponse, status: number, body: unknown): void {\n res.statusCode = status\n res.end(JSON.stringify(body))\n}\n\nfunction headerValue(req: IncomingMessage, name: string): string | undefined {\n const raw = req.headers[name]\n if (Array.isArray(raw)) return raw[0]\n return raw\n}\n\nfunction webhookEndpointResponse(\n endpoint: WebhookEndpoint,\n includeSecret = false,\n): Omit<WebhookEndpoint, 'secret'> & { secret?: string } {\n const { secret, ...response } = endpoint\n return includeSecret ? { ...response, secret } : response\n}\n"],"mappings":";;;;;AAAA,SAAS,oBAA4E;AACrF,SAAS,kBAAkB;AAmDpB,IAAM,aAAN,MAAiB;AAAA,EAQtB,YAA6B,UAA6B,CAAC,GAAG;AAAjC;AAC3B,SAAK,YAAY,QAAQ,cAAc,MAAM,WAAW;AACxD,SAAK,gBAAgB,QAAQ,kBAAkB,MAAM,WAAW;AAChE,SAAK,SAAS,aAAa,CAAC,KAAK,QAAQ,KAAK,OAAO,KAAK,GAAG,CAAC;AAAA,EAChE;AAAA,EAJ6B;AAAA,EAPZ;AAAA,EACA,SAAS,oBAAI,IAA0B;AAAA,EACvC,YAAY,oBAAI,IAA6B;AAAA,EAC7C,cAAc,oBAAI,IAA0B;AAAA,EAC5C;AAAA,EACA;AAAA,EAQjB,SAAmC;AACjC,WAAO,IAAI,QAAQ,CAAC,YAAY;AAC9B,WAAK,OAAO,OAAO,KAAK,QAAQ,QAAQ,GAAG,KAAK,QAAQ,QAAQ,aAAa,MAAM;AACjF,cAAM,UAAU,KAAK,OAAO,QAAQ;AACpC,YAAI,OAAO,YAAY,YAAY,YAAY,MAAM;AACnD,kBAAQ,EAAE,KAAK,UAAU,KAAK,QAAQ,QAAQ,WAAW,IAAI,KAAK,QAAQ,QAAQ,CAAC,GAAG,CAAC;AACvF;AAAA,QACF;AACA,gBAAQ,EAAE,KAAK,UAAU,QAAQ,OAAO,IAAI,QAAQ,IAAI,GAAG,CAAC;AAAA,MAC9D,CAAC;AAAA,IACH,CAAC;AAAA,EACH;AAAA,EAEA,MAAM,QAAuB;AAC3B,UAAM,IAAI,QAAc,CAAC,SAAS,WAAW;AAC3C,WAAK,OAAO,MAAM,CAAC,QAAS,MAAM,OAAO,GAAG,IAAI,QAAQ,CAAE;AAAA,IAC5D,CAAC;AAAA,EACH;AAAA;AAAA,EAGA,WAAW;AACT,WAAO;AAAA,MACL,QAAQ,MAAM,KAAK,KAAK,OAAO,OAAO,CAAC;AAAA,MACvC,WAAW,MAAM,KAAK,KAAK,UAAU,OAAO,CAAC;AAAA,IAC/C;AAAA,EACF;AAAA,EAEA,MAAc,OAAO,KAAsB,KAAqB;AAC9D,UAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,kBAAkB;AACtD,UAAM,OAAO,MAAM,SAAS,GAAG;AAC/B,QAAI,UAAU,gBAAgB,kBAAkB;AAEhD,QAAI;AACF,UAAI,IAAI,WAAW,UAAU,IAAI,aAAa,sBAAsB;AAClE,eAAO,KAAK,YAAY,KAAK,MAAM,GAAG;AAAA,MACxC;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,sBAAsB;AACjE,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,MAAM,KAAK,KAAK,OAAO,OAAO,CAAC,EAAE,CAAC;AAAA,MACnE;AACA,YAAM,aAAa,IAAI,SAAS,MAAM,kCAAkC;AACxE,UAAI,IAAI,WAAW,SAAS,YAAY;AACtC,cAAM,QAAQ,KAAK,OAAO,IAAI,WAAW,CAAC,CAAC;AAC3C,eAAO,QAAQ,KAAK,KAAK,KAAK,KAAK,IAAI,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAAA,MAC7E;AACA,YAAM,cAAc,IAAI,SAAS,MAAM,0CAA0C;AACjF,UAAI,IAAI,WAAW,UAAU,aAAa;AACxC,eAAO,KAAK,YAAY,YAAY,CAAC,GAAG,GAAG;AAAA,MAC7C;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,cAAc;AACzD,eAAO,KAAK,KAAK,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;AAAA,MACrC;AAEA,UAAI,IAAI,WAAW,UAAU,IAAI,aAAa,yBAAyB;AACrE,eAAO,KAAK,eAAe,MAAM,GAAG;AAAA,MACtC;AACA,UAAI,IAAI,WAAW,SAAS,IAAI,aAAa,yBAAyB;AACpE,eAAO,KAAK,KAAK,KAAK;AAAA,UACpB,OAAO,MAAM;AAAA,YAAK,KAAK,UAAU,OAAO;AAAA,YAAG,CAAC,aAC1C,wBAAwB,QAAQ;AAAA,UAClC;AAAA,QACF,CAAC;AAAA,MACH;AACA,YAAM,gBAAgB,IAAI,SAAS,MAAM,qCAAqC;AAC9E,UAAI,IAAI,WAAW,WAAW,eAAe;AAC3C,eAAO,KAAK,eAAe,cAAc,CAAC,GAAG,MAAM,GAAG;AAAA,MACxD;AACA,YAAM,cAAc,IAAI,SAAS;AAAA,QAC/B;AAAA,MACF;AACA,UAAI,IAAI,WAAW,UAAU,aAAa;AACxC,eAAO,KAAK,qBAAqB,YAAY,CAAC,GAAG,GAAG;AAAA,MACtD;AAEA,WAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAAA,IACtC,SAAS,KAAK;AACZ,WAAK,KAAK,KAAK,EAAE,MAAM,YAAY,SAAS,OAAO,GAAG,EAAE,CAAC;AAAA,IAC3D;AAAA,EACF;AAAA,EAEQ,YAAY,KAAsB,MAAe,KAAqB;AAC5E,UAAM,OAAO,YAAY,KAAK,iBAAiB;AAC/C,QAAI,QAAQ,KAAK,YAAY,IAAI,IAAI,GAAG;AACtC,YAAM,WAAW,KAAK,YAAY,IAAI,IAAI;AAC1C,aAAO,KAAK,KAAK,KAAK,QAAQ;AAAA,IAChC;AACA,UAAM,QAAQ;AACd,UAAM,KAAK,KAAK,UAAU;AAC1B,UAAM,WAAY,MAAM,mBAA0D,CAAC;AACnF,UAAM,QAAsB;AAAA,MAC1B;AAAA,MACA,mBAAmB,OAAO,MAAM,qBAAqB,EAAE;AAAA,MACvD,UAAU,OAAO,MAAM,YAAY,SAAS;AAAA,MAC5C,QAAQ,OAAO,MAAM,UAAU,GAAG;AAAA,MAClC,kBAAkB,OAAO,MAAM,UAAU,GAAG;AAAA,MAC5C,kBAAkB,OAAO,MAAM,oBAAoB,MAAM;AAAA,MACzD,QAAQ;AAAA,MACR,YAAa,MAAM,cAAqC;AAAA,MACxD,UAAU,MAAM,YAAY;AAAA,MAC5B,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC,iBAAiB;AAAA,MACjB,sBACE,SAAS,SAAS,IACd,SAAS,IAAI,CAAC,OAAO,WAAW;AAAA,QAC9B,OAAO,MAAM;AAAA,QACb,OAAO,MAAM;AAAA,QACb,SAAS,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,GAAG,KAAK;AAAA,MAC1C,EAAE,IACF,CAAC,EAAE,OAAO,QAAQ,OAAO,QAAQ,SAAS,SAAS,GAAG,MAAM,GAAG,CAAC,CAAC,IAAI,CAAC;AAAA,MAC5E,UAAU;AAAA,QACR,EAAE,MAAM,MAAM,IAAI,WAAW,QAAQ,iBAAiB,KAAI,oBAAI,KAAK,GAAE,YAAY,EAAE;AAAA,MACrF;AAAA,IACF;AACA,SAAK,OAAO,IAAI,IAAI,KAAK;AACzB,QAAI,KAAM,MAAK,YAAY,IAAI,MAAM,KAAK;AAC1C,SAAK,KAAK,KAAK,KAAK;AAAA,EACtB;AAAA,EAEQ,YAAY,IAAY,KAAqB;AACnD,UAAM,QAAQ,KAAK,OAAO,IAAI,EAAE;AAChC,QAAI,CAAC,MAAO,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AACvD,UAAM,SAAS;AACf,UAAM,SAAS,KAAK;AAAA,MAClB,MAAM,MAAM,SAAS,MAAM,SAAS,SAAS,CAAC,GAAG,MAAM;AAAA,MACvD,IAAI;AAAA,MACJ,QAAQ;AAAA,MACR,KAAI,oBAAI,KAAK,GAAE,YAAY;AAAA,IAC7B,CAAC;AACD,SAAK,KAAK,KAAK,KAAK;AAAA,EACtB;AAAA,EAEQ,eAAe,MAAe,KAAqB;AACzD,UAAM,QAAQ;AACd,UAAM,KAAK,KAAK,UAAU;AAC1B,UAAM,SAAS,cAAc,KAAK,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC;AAC9D,UAAM,WAA4B;AAAA,MAChC;AAAA,MACA,KAAK,OAAO,MAAM,OAAO,EAAE;AAAA,MAC3B,aAAc,MAAM,eAAiC;AAAA,MACrD,gBAAiB,MAAM,kBAA+B,CAAC;AAAA,MACvD,iBAAkB,MAAM,mBAA2C;AAAA,MACnE,aAAa;AAAA,MACb,aAAY,oBAAI,KAAK,GAAE,YAAY;AAAA,MACnC;AAAA,IACF;AACA,SAAK,UAAU,IAAI,IAAI,QAAQ;AAC/B,SAAK,KAAK,KAAK,wBAAwB,UAAU,IAAI,CAAC;AAAA,EACxD;AAAA,EAEQ,eAAe,IAAY,MAAe,KAAqB;AACrE,UAAM,WAAW,KAAK,UAAU,IAAI,EAAE;AACtC,QAAI,CAAC,SAAU,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAC1D,UAAM,QAAQ;AACd,QAAI,iBAAiB,OAAO;AAC1B,eAAS,cAAe,MAAM,eAAiC;AAAA,IACjE;AACA,QAAI,oBAAoB,OAAO;AAC7B,eAAS,iBAAiB,MAAM;AAAA,IAClC;AACA,QAAI,qBAAqB,OAAO;AAC9B,eAAS,kBAAkB,MAAM;AAAA,IACnC;AACA,SAAK,KAAK,KAAK,wBAAwB,QAAQ,CAAC;AAAA,EAClD;AAAA,EAEQ,qBAAqB,IAAY,KAAqB;AAC5D,UAAM,WAAW,KAAK,UAAU,IAAI,EAAE;AACtC,QAAI,CAAC,SAAU,QAAO,KAAK,KAAK,KAAK,EAAE,MAAM,YAAY,CAAC;AAC1D,aAAS,SAAS,cAAc,KAAK,cAAc,EAAE,MAAM,GAAG,EAAE,CAAC;AACjE,SAAK,KAAK,KAAK,wBAAwB,UAAU,IAAI,CAAC;AAAA,EACxD;AAAA;AAAA,EAGA,mBAAmB,YAAoB,WAAmB,SAAkB;AAC1E,UAAM,WAAW,KAAK,UAAU,IAAI,UAAU;AAC9C,QAAI,CAAC,SAAU,OAAM,IAAI,MAAM,oBAAoB;AACnD,UAAM,UAAU,KAAK,UAAU,EAAE,MAAM,WAAW,MAAM,QAAQ,CAAC;AACjE,UAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;AAC9C,WAAO;AAAA,MACL,QAAQ,qBAAqB,EAAE,QAAQ,SAAS,QAAQ,WAAW,QAAQ,CAAC;AAAA,MAC5E;AAAA,MACA,QAAQ,SAAS;AAAA,IACnB;AAAA,EACF;AACF;AAEA,eAAe,SAAS,KAAwC;AAC9D,QAAM,SAAmB,CAAC;AAC1B,mBAAiB,SAAS,IAAK,QAAO,KAAK,KAAe;AAC1D,MAAI,OAAO,WAAW,EAAG,QAAO;AAChC,QAAM,OAAO,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM;AAClD,MAAI;AACF,WAAO,KAAK,MAAM,IAAI;AAAA,EACxB,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEA,SAAS,KAAK,KAAqB,QAAgB,MAAqB;AACtE,MAAI,aAAa;AACjB,MAAI,IAAI,KAAK,UAAU,IAAI,CAAC;AAC9B;AAEA,SAAS,YAAY,KAAsB,MAAkC;AAC3E,QAAM,MAAM,IAAI,QAAQ,IAAI;AAC5B,MAAI,MAAM,QAAQ,GAAG,EAAG,QAAO,IAAI,CAAC;AACpC,SAAO;AACT;AAEA,SAAS,wBACP,UACA,gBAAgB,OACuC;AACvD,QAAM,EAAE,QAAQ,GAAG,SAAS,IAAI;AAChC,SAAO,gBAAgB,EAAE,GAAG,UAAU,OAAO,IAAI;AACnD;","names":[]}

package/dist/webhooks.d.mts ADDED Viewed

@@ -0,0 +1,44 @@
+declare const SIGNATURE_HEADER = "X-Product-Signature";
+declare const EVENT_ID_HEADER = "X-Event-Id";
+declare const DELIVERY_ID_HEADER = "X-Delivery-Id";
+declare const DEFAULT_TOLERANCE_SECONDS: number;
+type SignatureBuildInput = {
+    secret: string;
+    timestamp: number;
+    rawBody: string;
+};
+type MultiSignatureBuildInput = {
+    secrets: readonly string[];
+    timestamp: number;
+    rawBody: string;
+};
+type VerifyInput = {
+    secrets: readonly string[];
+    header: string | undefined;
+    rawBody: string;
+    now?: number;
+    toleranceSeconds?: number;
+};
+type VerifyResult = {
+    ok: true;
+    timestamp: number;
+} | {
+    ok: false;
+    reason: 'missing_header' | 'invalid_format' | 'timestamp_expired' | 'bad_signature';
+};
+declare function buildSignatureHeader({ secret, timestamp, rawBody, }: SignatureBuildInput): string;
+declare function buildSignatureHeaderForSecrets({ secrets, timestamp, rawBody, }: MultiSignatureBuildInput): string;
+type WebhookVerifyInput = Omit<VerifyInput, 'secrets'> & ({
+    secret: string | readonly string[];
+    secrets?: never;
+} | {
+    secrets: readonly string[];
+    secret?: never;
+});
+declare function verifySignature(input: WebhookVerifyInput): VerifyResult;
+declare class WebhooksApi {
+    verify(input: WebhookVerifyInput): VerifyResult;
+}
+export { DEFAULT_TOLERANCE_SECONDS, DELIVERY_ID_HEADER, EVENT_ID_HEADER, type MultiSignatureBuildInput, SIGNATURE_HEADER, type SignatureBuildInput, type VerifyResult, type WebhookVerifyInput, WebhooksApi, buildSignatureHeader, buildSignatureHeaderForSecrets, verifySignature };

package/dist/webhooks.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+declare const SIGNATURE_HEADER = "X-Product-Signature";
+declare const EVENT_ID_HEADER = "X-Event-Id";
+declare const DELIVERY_ID_HEADER = "X-Delivery-Id";
+declare const DEFAULT_TOLERANCE_SECONDS: number;
+type SignatureBuildInput = {
+    secret: string;
+    timestamp: number;
+    rawBody: string;
+};
+type MultiSignatureBuildInput = {
+    secrets: readonly string[];
+    timestamp: number;
+    rawBody: string;
+};
+type VerifyInput = {
+    secrets: readonly string[];
+    header: string | undefined;
+    rawBody: string;
+    now?: number;
+    toleranceSeconds?: number;
+};
+type VerifyResult = {
+    ok: true;
+    timestamp: number;
+} | {
+    ok: false;
+    reason: 'missing_header' | 'invalid_format' | 'timestamp_expired' | 'bad_signature';
+};
+declare function buildSignatureHeader({ secret, timestamp, rawBody, }: SignatureBuildInput): string;
+declare function buildSignatureHeaderForSecrets({ secrets, timestamp, rawBody, }: MultiSignatureBuildInput): string;
+type WebhookVerifyInput = Omit<VerifyInput, 'secrets'> & ({
+    secret: string | readonly string[];
+    secrets?: never;
+} | {
+    secrets: readonly string[];
+    secret?: never;
+});
+declare function verifySignature(input: WebhookVerifyInput): VerifyResult;
+declare class WebhooksApi {
+    verify(input: WebhookVerifyInput): VerifyResult;
+}
+export { DEFAULT_TOLERANCE_SECONDS, DELIVERY_ID_HEADER, EVENT_ID_HEADER, type MultiSignatureBuildInput, SIGNATURE_HEADER, type SignatureBuildInput, type VerifyResult, type WebhookVerifyInput, WebhooksApi, buildSignatureHeader, buildSignatureHeaderForSecrets, verifySignature };