@usequota/nextjs 0.1.0

package/dist/index.js

@@ -0,0 +1,1079 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  QuotaBalance: () => QuotaBalance,
+  QuotaBuyCredits: () => QuotaBuyCredits,
+  QuotaConnectButton: () => QuotaConnectButton,
+  QuotaContext: () => QuotaContext,
+  QuotaError: () => QuotaError,
+  QuotaInsufficientCreditsError: () => QuotaInsufficientCreditsError,
+  QuotaNotConnectedError: () => QuotaNotConnectedError,
+  QuotaProvider: () => QuotaProvider,
+  QuotaRateLimitError: () => QuotaRateLimitError,
+  QuotaTokenExpiredError: () => QuotaTokenExpiredError,
+  QuotaUserMenu: () => QuotaUserMenu,
+  createQuotaMiddleware: () => createQuotaMiddleware,
+  createWebhookHandler: () => createWebhookHandler,
+  parseWebhook: () => parseWebhook,
+  useQuota: () => useQuota,
+  useQuotaAuth: () => useQuotaAuth,
+  useQuotaBalance: () => useQuotaBalance,
+  useQuotaUser: () => useQuotaUser,
+  verifyWebhookSignature: () => verifyWebhookSignature
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/middleware.ts
+var import_server = require("next/server");
+var DEFAULT_BASE_URL = "https://api.usequota.app";
+var DEFAULT_CALLBACK_PATH = "/api/quota/callback";
+var DEFAULT_COOKIE_PREFIX = "quota";
+var DEFAULT_COOKIE_MAX_AGE = 60 * 60 * 24 * 7;
+var DEFAULT_STORAGE_MODE = "client";
+function createQuotaMiddleware(config) {
+  const baseUrl = config.baseUrl ?? DEFAULT_BASE_URL;
+  const callbackPath = config.callbackPath ?? DEFAULT_CALLBACK_PATH;
+  const storageMode = config.storageMode ?? DEFAULT_STORAGE_MODE;
+  const cookiePrefix = config.cookie?.prefix ?? DEFAULT_COOKIE_PREFIX;
+  const cookieDomain = config.cookie?.domain;
+  const cookiePath = config.cookie?.path ?? "/";
+  const cookieMaxAge = config.cookie?.maxAge ?? DEFAULT_COOKIE_MAX_AGE;
+  return async function quotaMiddleware(request) {
+    const { pathname, searchParams } = request.nextUrl;
+    if (pathname !== callbackPath) {
+      return import_server.NextResponse.next();
+    }
+    const code = searchParams.get("code");
+    const state = searchParams.get("state");
+    const error = searchParams.get("error");
+    const errorDescription = searchParams.get("error_description");
+    if (error) {
+      const redirectUrl = new URL("/", request.url);
+      redirectUrl.searchParams.set("quota_error", error);
+      if (errorDescription) {
+        redirectUrl.searchParams.set(
+          "quota_error_description",
+          errorDescription
+        );
+      }
+      return import_server.NextResponse.redirect(redirectUrl);
+    }
+    if (!code || !state) {
+      const redirectUrl = new URL("/", request.url);
+      redirectUrl.searchParams.set("quota_error", "invalid_callback");
+      redirectUrl.searchParams.set(
+        "quota_error_description",
+        "Missing code or state parameter"
+      );
+      return import_server.NextResponse.redirect(redirectUrl);
+    }
+    try {
+      const tokenBody = {
+        grant_type: "authorization_code",
+        code,
+        client_id: config.clientId,
+        client_secret: config.clientSecret,
+        redirect_uri: new URL(callbackPath, request.url).toString()
+      };
+      if (storageMode === "hosted") {
+        if (!config.getExternalUserId) {
+          throw new Error(
+            "getExternalUserId is required for hosted storage mode"
+          );
+        }
+        const externalUserId = await config.getExternalUserId(request);
+        tokenBody.storage_mode = "hosted";
+        tokenBody.external_user_id = externalUserId;
+      }
+      const tokenResponse = await fetch(`${baseUrl}/oauth/token`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify(tokenBody)
+      });
+      if (!tokenResponse.ok) {
+        const errorData = await tokenResponse.json();
+        const redirectUrl2 = new URL("/", request.url);
+        redirectUrl2.searchParams.set("quota_error", errorData.error);
+        redirectUrl2.searchParams.set(
+          "quota_error_description",
+          errorData.error_description
+        );
+        return import_server.NextResponse.redirect(redirectUrl2);
+      }
+      const tokenData = await tokenResponse.json();
+      const redirectUrl = new URL("/", request.url);
+      redirectUrl.searchParams.set("quota_success", "true");
+      const response = import_server.NextResponse.redirect(redirectUrl);
+      if ("access_token" in tokenData) {
+        const cookieOptions = [
+          `Path=${cookiePath}`,
+          "HttpOnly",
+          "Secure",
+          "SameSite=Lax",
+          `Max-Age=${cookieMaxAge}`
+        ];
+        if (cookieDomain) {
+          cookieOptions.push(`Domain=${cookieDomain}`);
+        }
+        response.cookies.set(
+          `${cookiePrefix}_access_token`,
+          tokenData.access_token,
+          {
+            httpOnly: true,
+            secure: true,
+            sameSite: "lax",
+            path: cookiePath,
+            maxAge: cookieMaxAge,
+            domain: cookieDomain
+          }
+        );
+        response.cookies.set(
+          `${cookiePrefix}_refresh_token`,
+          tokenData.refresh_token,
+          {
+            httpOnly: true,
+            secure: true,
+            sameSite: "lax",
+            path: cookiePath,
+            maxAge: cookieMaxAge,
+            domain: cookieDomain
+          }
+        );
+      }
+      if ("storage_mode" in tokenData && tokenData.storage_mode === "hosted") {
+        response.cookies.set(
+          `${cookiePrefix}_external_user_id`,
+          tokenData.external_user_id,
+          {
+            httpOnly: true,
+            secure: true,
+            sameSite: "lax",
+            path: cookiePath,
+            maxAge: cookieMaxAge,
+            domain: cookieDomain
+          }
+        );
+      }
+      return response;
+    } catch (err) {
+      const redirectUrl = new URL("/", request.url);
+      redirectUrl.searchParams.set("quota_error", "token_exchange_failed");
+      redirectUrl.searchParams.set(
+        "quota_error_description",
+        err instanceof Error ? err.message : "Unknown error"
+      );
+      return import_server.NextResponse.redirect(redirectUrl);
+    }
+  };
+}
+
+// src/provider.tsx
+var import_react = require("react");
+var import_jsx_runtime = require("react/jsx-runtime");
+var QuotaContext = (0, import_react.createContext)(null);
+var DEFAULT_BASE_URL2 = "https://api.usequota.app";
+var DEFAULT_CALLBACK_PATH2 = "/api/quota/callback";
+var DEFAULT_API_PATH = "/api/quota/me";
+function QuotaProvider({
+  children,
+  clientId,
+  baseUrl = DEFAULT_BASE_URL2,
+  callbackPath = DEFAULT_CALLBACK_PATH2,
+  apiPath = DEFAULT_API_PATH
+}) {
+  const [user, setUser] = (0, import_react.useState)(null);
+  const [isLoading, setIsLoading] = (0, import_react.useState)(true);
+  const [error, setError] = (0, import_react.useState)(null);
+  const fetchUser = (0, import_react.useCallback)(async () => {
+    try {
+      setIsLoading(true);
+      setError(null);
+      const response = await fetch(apiPath, {
+        credentials: "include"
+      });
+      if (response.status === 401) {
+        setUser(null);
+        return;
+      }
+      if (!response.ok) {
+        throw new Error(`Failed to fetch user: ${response.statusText}`);
+      }
+      const userData = await response.json();
+      setUser(userData);
+    } catch (err) {
+      const errorObj = err instanceof Error ? err : new Error("Unknown error");
+      setError(errorObj);
+      setUser(null);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [apiPath]);
+  (0, import_react.useEffect)(() => {
+    void fetchUser();
+  }, [fetchUser]);
+  const login = (0, import_react.useCallback)(() => {
+    const state = generateRandomState();
+    if (typeof window !== "undefined") {
+      sessionStorage.setItem("quota_oauth_state", state);
+    }
+    const authUrl = new URL("/oauth/authorize", baseUrl);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("client_id", clientId);
+    authUrl.searchParams.set("redirect_uri", getRedirectUri(callbackPath));
+    authUrl.searchParams.set("state", state);
+    authUrl.searchParams.set("scope", "credits:use");
+    window.location.href = authUrl.toString();
+  }, [baseUrl, clientId, callbackPath]);
+  const logout = (0, import_react.useCallback)(async () => {
+    try {
+      setIsLoading(true);
+      const response = await fetch("/api/quota/logout", {
+        method: "POST",
+        credentials: "include"
+      });
+      if (!response.ok) {
+        throw new Error("Failed to logout");
+      }
+      setUser(null);
+      setError(null);
+    } catch (err) {
+      const errorObj = err instanceof Error ? err : new Error("Unknown error");
+      setError(errorObj);
+    } finally {
+      setIsLoading(false);
+    }
+  }, []);
+  const refetch = (0, import_react.useCallback)(async () => {
+    await fetchUser();
+  }, [fetchUser]);
+  const value = {
+    user,
+    isLoading,
+    error,
+    login,
+    logout,
+    refetch
+  };
+  return /* @__PURE__ */ (0, import_jsx_runtime.jsx)(QuotaContext.Provider, { value, children });
+}
+function useQuota() {
+  const context = (0, import_react.useContext)(QuotaContext);
+  if (!context) {
+    throw new Error("useQuota must be used within QuotaProvider");
+  }
+  return context;
+}
+function generateRandomState() {
+  const array = new Uint8Array(32);
+  if (typeof window !== "undefined" && window.crypto) {
+    window.crypto.getRandomValues(array);
+  }
+  return Array.from(array, (byte) => byte.toString(16).padStart(2, "0")).join(
+    ""
+  );
+}
+function getRedirectUri(callbackPath) {
+  if (typeof window === "undefined") {
+    return callbackPath;
+  }
+  return `${window.location.origin}${callbackPath}`;
+}
+
+// src/hooks.ts
+function useQuotaUser() {
+  const { user } = useQuota();
+  return user;
+}
+function useQuotaAuth() {
+  const { user, isLoading, login, logout } = useQuota();
+  return {
+    isAuthenticated: user !== null,
+    isLoading,
+    login,
+    logout
+  };
+}
+function useQuotaBalance() {
+  const { user, isLoading, error, refetch } = useQuota();
+  return {
+    balance: user?.balance ?? null,
+    isLoading,
+    error,
+    refetch
+  };
+}
+
+// src/components/QuotaConnectButton.tsx
+var import_react2 = require("react");
+var import_jsx_runtime2 = require("react/jsx-runtime");
+function QuotaConnectButton({
+  children,
+  className,
+  onSuccess,
+  onError,
+  variant = "primary",
+  showLoadingState = true,
+  showWhenConnected = false
+}) {
+  const { user, login, isLoading, error } = useQuota();
+  const wasLoadingRef = (0, import_react2.useRef)(isLoading);
+  const hadUserRef = (0, import_react2.useRef)(!!user);
+  (0, import_react2.useEffect)(() => {
+    const wasLoading = wasLoadingRef.current;
+    const hadUser = hadUserRef.current;
+    wasLoadingRef.current = isLoading;
+    hadUserRef.current = !!user;
+    if (wasLoading && !isLoading && user && !hadUser) {
+      onSuccess?.();
+    }
+  }, [user, isLoading, onSuccess]);
+  const handleClick = (0, import_react2.useCallback)(() => {
+    try {
+      login();
+    } catch (err) {
+      const errorObj = err instanceof Error ? err : new Error("Login failed");
+      onError?.(errorObj);
+    }
+  }, [login, onError]);
+  if (user && !showWhenConnected) {
+    return null;
+  }
+  if (user && showWhenConnected) {
+    return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(
+      "div",
+      {
+        className: `quota-button quota-button--secondary ${className || ""}`,
+        role: "status",
+        "aria-label": `Connected as ${user.email}`,
+        children: [
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(WalletIcon, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("span", { children: user.email })
+        ]
+      }
+    );
+  }
+  const isButtonLoading = showLoadingState && isLoading;
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(
+    "button",
+    {
+      type: "button",
+      onClick: handleClick,
+      disabled: isButtonLoading,
+      className: `quota-button quota-button--${variant} ${className || ""}`,
+      "aria-busy": isButtonLoading,
+      "aria-describedby": error ? "quota-connect-error" : void 0,
+      children: [
+        isButtonLoading ? /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_jsx_runtime2.Fragment, { children: [
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("span", { className: "quota-spinner", "aria-hidden": "true" }),
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("span", { children: "Connecting..." })
+        ] }) : /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(import_jsx_runtime2.Fragment, { children: [
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)(WalletIcon, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("span", { children: children || "Connect Wallet" })
+        ] }),
+        error && /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)("span", { id: "quota-connect-error", className: "quota-sr-only", children: [
+          "Error: ",
+          error.message
+        ] })
+      ]
+    }
+  );
+}
+function WalletIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime2.jsxs)(
+    "svg",
+    {
+      width: "18",
+      height: "18",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("path", { d: "M19 7V4a1 1 0 0 0-1-1H5a2 2 0 0 0 0 4h15a1 1 0 0 1 1 1v4h-3a2 2 0 0 0 0 4h3a1 1 0 0 0 1-1v-2a1 1 0 0 0-1-1" }),
+        /* @__PURE__ */ (0, import_jsx_runtime2.jsx)("path", { d: "M3 5v14a2 2 0 0 0 2 2h15a1 1 0 0 0 1-1v-4" })
+      ]
+    }
+  );
+}
+
+// src/components/QuotaBalance.tsx
+var import_jsx_runtime3 = require("react/jsx-runtime");
+function QuotaBalance({
+  format = "credits",
+  showIcon = true,
+  className,
+  ariaLabel = "Credit balance",
+  showRefresh = false,
+  onClick
+}) {
+  const { balance, isLoading, error, refetch } = useQuotaBalance();
+  const formatBalance = (value) => {
+    if (value === null) return "---";
+    if (format === "dollars") {
+      const dollars = value / 100;
+      return new Intl.NumberFormat("en-US", {
+        style: "currency",
+        currency: "USD",
+        minimumFractionDigits: 2,
+        maximumFractionDigits: 2
+      }).format(dollars);
+    }
+    return new Intl.NumberFormat("en-US").format(value);
+  };
+  if (error) {
+    return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+      "div",
+      {
+        className: `quota-balance ${className || ""}`,
+        role: "status",
+        "aria-label": "Error loading balance",
+        children: [
+          showIcon && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(ErrorIcon, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { className: "quota-balance__error", children: "Error" })
+        ]
+      }
+    );
+  }
+  const Component = onClick ? "button" : "div";
+  const interactiveProps = onClick ? {
+    onClick,
+    type: "button",
+    "aria-label": `${ariaLabel}: ${formatBalance(balance)}. Click to manage credits.`
+  } : {};
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    Component,
+    {
+      className: `quota-balance ${isLoading ? "quota-balance--loading quota-loading-pulse" : ""} ${onClick ? "quota-balance--clickable" : ""} ${className || ""}`,
+      role: "status",
+      "aria-label": ariaLabel,
+      "aria-busy": isLoading,
+      ...interactiveProps,
+      children: [
+        showIcon && (format === "dollars" ? /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(DollarIcon, {}) : /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(CoinIcon, {})),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)("span", { className: "quota-balance__value", children: [
+          formatBalance(balance),
+          format === "credits" && balance !== null && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("span", { className: "quota-sr-only", children: " credits" })
+        ] }),
+        showRefresh && !isLoading && /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(
+          "button",
+          {
+            type: "button",
+            onClick: (e) => {
+              e.stopPropagation();
+              void refetch();
+            },
+            className: "quota-button quota-button--ghost",
+            "aria-label": "Refresh balance",
+            style: { padding: "4px", marginLeft: "4px" },
+            children: /* @__PURE__ */ (0, import_jsx_runtime3.jsx)(RefreshIcon, {})
+          }
+        )
+      ]
+    }
+  );
+}
+function CoinIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    "svg",
+    {
+      className: "quota-balance__icon",
+      width: "16",
+      height: "16",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("circle", { cx: "12", cy: "12", r: "8" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M12 8v8" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M8 12h8" })
+      ]
+    }
+  );
+}
+function DollarIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    "svg",
+    {
+      className: "quota-balance__icon",
+      width: "16",
+      height: "16",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("line", { x1: "12", y1: "2", x2: "12", y2: "22" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M17 5H9.5a3.5 3.5 0 0 0 0 7h5a3.5 3.5 0 0 1 0 7H6" })
+      ]
+    }
+  );
+}
+function RefreshIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    "svg",
+    {
+      width: "14",
+      height: "14",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M21 12a9 9 0 0 0-9-9 9.75 9.75 0 0 0-6.74 2.74L3 8" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M3 3v5h5" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M3 12a9 9 0 0 0 9 9 9.75 9.75 0 0 0 6.74-2.74L21 16" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("path", { d: "M16 16h5v5" })
+      ]
+    }
+  );
+}
+function ErrorIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime3.jsxs)(
+    "svg",
+    {
+      className: "quota-balance__icon",
+      width: "16",
+      height: "16",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("circle", { cx: "12", cy: "12", r: "10" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("line", { x1: "12", y1: "8", x2: "12", y2: "12" }),
+        /* @__PURE__ */ (0, import_jsx_runtime3.jsx)("line", { x1: "12", y1: "16", x2: "12.01", y2: "16" })
+      ]
+    }
+  );
+}
+
+// src/components/QuotaBuyCredits.tsx
+var import_react3 = require("react");
+var import_jsx_runtime4 = require("react/jsx-runtime");
+function QuotaBuyCredits({
+  packageId,
+  amount,
+  children,
+  className,
+  onSuccess,
+  onError,
+  variant = "primary",
+  checkoutPath = "/api/quota/checkout",
+  disabled = false
+}) {
+  const { user } = useQuota();
+  const [isLoading, setIsLoading] = (0, import_react3.useState)(false);
+  const [error, setError] = (0, import_react3.useState)(null);
+  const handlePurchase = (0, import_react3.useCallback)(async () => {
+    if (!user) {
+      const err = new Error("Must be logged in to purchase credits");
+      setError(err);
+      onError?.(err);
+      return;
+    }
+    setIsLoading(true);
+    setError(null);
+    try {
+      const body = {};
+      if (packageId) {
+        body.package_id = packageId;
+      } else if (amount) {
+        body.amount = amount;
+      }
+      const response = await fetch(checkoutPath, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json"
+        },
+        credentials: "include",
+        body: JSON.stringify(body)
+      });
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        throw new Error(
+          errorData.error?.message || `Checkout failed: ${response.statusText}`
+        );
+      }
+      const data = await response.json();
+      if (!data.url) {
+        throw new Error("No checkout URL returned");
+      }
+      onSuccess?.();
+      window.location.href = data.url;
+    } catch (err) {
+      const errorObj = err instanceof Error ? err : new Error("Failed to create checkout");
+      setError(errorObj);
+      onError?.(errorObj);
+    } finally {
+      setIsLoading(false);
+    }
+  }, [user, packageId, amount, checkoutPath, onSuccess, onError]);
+  const isDisabled = disabled || isLoading || !user;
+  return /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)(
+    "button",
+    {
+      type: "button",
+      onClick: handlePurchase,
+      disabled: isDisabled,
+      className: `quota-button quota-button--${variant} ${className || ""}`,
+      "aria-busy": isLoading,
+      "aria-describedby": error ? "quota-buy-error" : void 0,
+      children: [
+        isLoading ? /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)(import_jsx_runtime4.Fragment, { children: [
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("span", { className: "quota-spinner", "aria-hidden": "true" }),
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("span", { children: "Processing..." })
+        ] }) : /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)(import_jsx_runtime4.Fragment, { children: [
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)(CartIcon, {}),
+          /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("span", { children: children || "Buy Credits" })
+        ] }),
+        error && /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)("span", { id: "quota-buy-error", className: "quota-sr-only", children: [
+          "Error: ",
+          error.message
+        ] })
+      ]
+    }
+  );
+}
+function CartIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime4.jsxs)(
+    "svg",
+    {
+      width: "18",
+      height: "18",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("circle", { cx: "8", cy: "21", r: "1" }),
+        /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("circle", { cx: "19", cy: "21", r: "1" }),
+        /* @__PURE__ */ (0, import_jsx_runtime4.jsx)("path", { d: "M2.05 2.05h2l2.66 12.42a2 2 0 0 0 2 1.58h9.78a2 2 0 0 0 1.95-1.57l1.65-7.43H5.12" })
+      ]
+    }
+  );
+}
+
+// src/components/QuotaUserMenu.tsx
+var import_react4 = require("react");
+var import_jsx_runtime5 = require("react/jsx-runtime");
+function QuotaUserMenu({
+  className,
+  onBuyCredits,
+  onLogout,
+  showBuyCredits = true,
+  children
+}) {
+  const { user, logout, isLoading: authLoading } = useQuota();
+  const { balance } = useQuotaBalance();
+  const [isOpen, setIsOpen] = (0, import_react4.useState)(false);
+  const [isLoggingOut, setIsLoggingOut] = (0, import_react4.useState)(false);
+  const menuRef = (0, import_react4.useRef)(null);
+  const triggerRef = (0, import_react4.useRef)(null);
+  (0, import_react4.useEffect)(() => {
+    if (!isOpen) return;
+    const handleClickOutside = (event) => {
+      if (menuRef.current && !menuRef.current.contains(event.target)) {
+        setIsOpen(false);
+      }
+    };
+    const handleEscape = (event) => {
+      if (event.key === "Escape") {
+        setIsOpen(false);
+        triggerRef.current?.focus();
+      }
+    };
+    document.addEventListener("mousedown", handleClickOutside);
+    document.addEventListener("keydown", handleEscape);
+    return () => {
+      document.removeEventListener("mousedown", handleClickOutside);
+      document.removeEventListener("keydown", handleEscape);
+    };
+  }, [isOpen]);
+  const handleToggle = (0, import_react4.useCallback)(() => {
+    setIsOpen((prev) => !prev);
+  }, []);
+  const handleKeyDown = (0, import_react4.useCallback)(
+    (event) => {
+      if (event.key === "Enter" || event.key === " ") {
+        event.preventDefault();
+        setIsOpen((prev) => !prev);
+      }
+      if (event.key === "ArrowDown" && !isOpen) {
+        event.preventDefault();
+        setIsOpen(true);
+      }
+    },
+    [isOpen]
+  );
+  const handleLogout = (0, import_react4.useCallback)(async () => {
+    setIsLoggingOut(true);
+    try {
+      await logout();
+      onLogout?.();
+    } finally {
+      setIsLoggingOut(false);
+      setIsOpen(false);
+    }
+  }, [logout, onLogout]);
+  const handleBuyCredits = (0, import_react4.useCallback)(() => {
+    setIsOpen(false);
+    onBuyCredits?.();
+  }, [onBuyCredits]);
+  if (!user) {
+    return null;
+  }
+  const initials = getUserInitials(user.email);
+  const formattedBalance = balance !== null ? new Intl.NumberFormat("en-US").format(balance) : "---";
+  const formattedDollars = balance !== null ? new Intl.NumberFormat("en-US", {
+    style: "currency",
+    currency: "USD",
+    minimumFractionDigits: 2
+  }).format(balance / 100) : "---";
+  return /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)("div", { className: `quota-user-menu ${className || ""}`, ref: menuRef, children: [
+    /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+      "button",
+      {
+        ref: triggerRef,
+        type: "button",
+        className: "quota-user-menu__trigger",
+        onClick: handleToggle,
+        onKeyDown: handleKeyDown,
+        "aria-expanded": isOpen,
+        "aria-haspopup": "menu",
+        "aria-label": `Account menu for ${user.email}`,
+        children: [
+          /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { className: "quota-user-menu__avatar", "aria-hidden": "true", children: initials }),
+          /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { className: "quota-user-menu__email", children: user.email }),
+          /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(ChevronIcon, {})
+        ]
+      }
+    ),
+    /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+      "div",
+      {
+        className: `quota-user-menu__dropdown ${isOpen ? "quota-user-menu__dropdown--open" : ""}`,
+        role: "menu",
+        "aria-label": "Account menu",
+        children: [
+          /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)("div", { className: "quota-user-menu__section", children: [
+            /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("div", { className: "quota-user-menu__label", children: "Balance" }),
+            /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)("div", { className: "quota-user-menu__balance-value", children: [
+              formattedBalance,
+              " ",
+              /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { style: { fontSize: "12px", fontWeight: 400 }, children: "credits" })
+            ] }),
+            /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("div", { className: "quota-user-menu__balance-dollars", children: formattedDollars })
+          ] }),
+          /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)("div", { className: "quota-user-menu__section", children: [
+            showBuyCredits && /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+              "button",
+              {
+                type: "button",
+                className: "quota-user-menu__item",
+                role: "menuitem",
+                onClick: handleBuyCredits,
+                children: [
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(PlusIcon, {}),
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { children: "Buy Credits" })
+                ]
+              }
+            ),
+            children,
+            /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(
+              "button",
+              {
+                type: "button",
+                className: "quota-user-menu__item quota-user-menu__item--danger",
+                role: "menuitem",
+                onClick: handleLogout,
+                disabled: isLoggingOut || authLoading,
+                children: isLoggingOut ? /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(import_jsx_runtime5.Fragment, { children: [
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { className: "quota-spinner", "aria-hidden": "true" }),
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { children: "Signing out..." })
+                ] }) : /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(import_jsx_runtime5.Fragment, { children: [
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(LogoutIcon, {}),
+                  /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("span", { children: "Sign Out" })
+                ] })
+              }
+            )
+          ] })
+        ]
+      }
+    )
+  ] });
+}
+function getUserInitials(email) {
+  const localPart = email.split("@")[0];
+  if (!localPart) return "?";
+  const parts = localPart.split(/[._-]/);
+  const firstPart = parts[0];
+  const secondPart = parts[1];
+  if (parts.length >= 2 && firstPart && secondPart && firstPart[0] && secondPart[0]) {
+    return (firstPart[0] + secondPart[0]).toUpperCase();
+  }
+  return localPart.slice(0, 2).toUpperCase();
+}
+function ChevronIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime5.jsx)(
+    "svg",
+    {
+      className: "quota-user-menu__chevron",
+      width: "16",
+      height: "16",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "m6 9 6 6 6-6" })
+    }
+  );
+}
+function PlusIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+    "svg",
+    {
+      className: "quota-user-menu__item-icon",
+      width: "18",
+      height: "18",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("circle", { cx: "12", cy: "12", r: "10" }),
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "M8 12h8" }),
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "M12 8v8" })
+      ]
+    }
+  );
+}
+function LogoutIcon() {
+  return /* @__PURE__ */ (0, import_jsx_runtime5.jsxs)(
+    "svg",
+    {
+      className: "quota-user-menu__item-icon",
+      width: "18",
+      height: "18",
+      viewBox: "0 0 24 24",
+      fill: "none",
+      stroke: "currentColor",
+      strokeWidth: "2",
+      strokeLinecap: "round",
+      strokeLinejoin: "round",
+      "aria-hidden": "true",
+      children: [
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("path", { d: "M9 21H5a2 2 0 0 1-2-2V5a2 2 0 0 1 2-2h4" }),
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("polyline", { points: "16 17 21 12 16 7" }),
+        /* @__PURE__ */ (0, import_jsx_runtime5.jsx)("line", { x1: "21", y1: "12", x2: "9", y2: "12" })
+      ]
+    }
+  );
+}
+
+// src/errors.ts
+var QuotaError = class extends Error {
+  /** Machine-readable error code */
+  code;
+  /** HTTP status code associated with this error */
+  statusCode;
+  /** Optional hint for resolving the error */
+  hint;
+  constructor(message, code, statusCode, hint) {
+    super(message);
+    this.name = "QuotaError";
+    this.code = code;
+    this.statusCode = statusCode;
+    this.hint = hint;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var QuotaInsufficientCreditsError = class extends QuotaError {
+  /** Current balance (if available) */
+  balance;
+  /** Credits required for the operation (if available) */
+  required;
+  constructor(message, options) {
+    super(
+      message ?? "Insufficient credits to complete this operation",
+      "insufficient_credits",
+      402,
+      "Purchase more credits or reduce usage"
+    );
+    this.name = "QuotaInsufficientCreditsError";
+    this.balance = options?.balance;
+    this.required = options?.required;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var QuotaNotConnectedError = class extends QuotaError {
+  constructor(message) {
+    super(
+      message ?? "User has not connected a Quota account",
+      "not_connected",
+      401,
+      "Connect your Quota account to use this feature"
+    );
+    this.name = "QuotaNotConnectedError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var QuotaTokenExpiredError = class extends QuotaError {
+  constructor(message) {
+    super(
+      message ?? "Quota access token has expired and could not be refreshed",
+      "token_expired",
+      401,
+      "Reconnect your Quota account"
+    );
+    this.name = "QuotaTokenExpiredError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+var QuotaRateLimitError = class extends QuotaError {
+  /** Seconds until the rate limit resets */
+  retryAfter;
+  constructor(message, retryAfter) {
+    super(
+      message ?? "Rate limit exceeded",
+      "rate_limit_exceeded",
+      429,
+      "Wait before retrying"
+    );
+    this.name = "QuotaRateLimitError";
+    this.retryAfter = retryAfter ?? 60;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+};
+
+// src/webhooks.ts
+var import_crypto = __toESM(require("crypto"));
+function verifyWebhookSignature({
+  payload,
+  signature,
+  secret
+}) {
+  const payloadString = typeof payload === "string" ? payload : payload.toString("utf8");
+  const hmac = import_crypto.default.createHmac("sha256", secret);
+  hmac.update(payloadString);
+  const expectedSignature = hmac.digest("hex");
+  try {
+    return import_crypto.default.timingSafeEqual(
+      Buffer.from(signature, "hex"),
+      Buffer.from(expectedSignature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+async function parseWebhook(req, secret) {
+  const signature = req.headers.get("x-quota-signature");
+  if (!signature) {
+    throw new Error("Missing X-Quota-Signature header");
+  }
+  const payload = await req.text();
+  if (!verifyWebhookSignature({ payload, signature, secret })) {
+    throw new Error("Invalid webhook signature");
+  }
+  return JSON.parse(payload);
+}
+function createWebhookHandler(secret, handlers) {
+  return async (req) => {
+    try {
+      const event = await parseWebhook(req, secret);
+      const handler = handlers[event.type];
+      if (handler) {
+        await handler(event);
+      }
+      return new Response(JSON.stringify({ received: true }), {
+        status: 200,
+        headers: { "Content-Type": "application/json" }
+      });
+    } catch (error) {
+      console.error("Webhook error:", error);
+      return new Response(
+        JSON.stringify({
+          error: error instanceof Error ? error.message : "Unknown error"
+        }),
+        { status: 400, headers: { "Content-Type": "application/json" } }
+      );
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  QuotaBalance,
+  QuotaBuyCredits,
+  QuotaConnectButton,
+  QuotaContext,
+  QuotaError,
+  QuotaInsufficientCreditsError,
+  QuotaNotConnectedError,
+  QuotaProvider,
+  QuotaRateLimitError,
+  QuotaTokenExpiredError,
+  QuotaUserMenu,
+  createQuotaMiddleware,
+  createWebhookHandler,
+  parseWebhook,
+  useQuota,
+  useQuotaAuth,
+  useQuotaBalance,
+  useQuotaUser,
+  verifyWebhookSignature
+});