npm - @usethrottle/webhook-types - Versions diffs - 0.2.0 - Mend

@usethrottle/webhook-types 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,62 @@
+# @usethrottle/webhook-types
+TypeScript discriminated unions for every Throttle outbound webhook event, plus a Stripe-compatible signature verification helper.
+```bash
+npm install @usethrottle/webhook-types
+```
+## Usage
+```ts
+import {
+  type WebhookEnvelope,
+  verifyWebhookSignature,
+} from '@usethrottle/webhook-types';
+export async function POST(req: Request) {
+  const rawBody = await req.text();
+  const ok = verifyWebhookSignature({
+    header: req.headers.get('throttle-signature')!,
+    rawBody,
+    secret: process.env.THROTTLE_WEBHOOK_SECRET!,
+  });
+  if (!ok) return new Response('bad signature', { status: 400 });
+  const envelope = JSON.parse(rawBody) as WebhookEnvelope;
+  const { event } = envelope;
+  // event.data is narrowed by event.type — no casts.
+  switch (event.type) {
+    case 'cart.item_added':
+      // event.data: { cartId, sequence, itemId, name, quantity, unitPrice }
+      analytics.track('item_added', event.data);
+      break;
+    case 'order.created':
+      // event.data: { order, fromCart?, sessionId? }
+      await fulfill(event.data.order as { id: string });
+      break;
+    case 'payment.disputed':
+      // event.data: { paymentId, reason, openedAt }
+      await ops.alert(event.data.paymentId, event.data.reason);
+      break;
+    case 'workspace.payment_method.backup_used':
+      // event.data: { workspace, primaryPaymentMethod, backupPaymentMethod, charge }
+      await notifyOps('backup PM used', event.data);
+      break;
+  }
+  return new Response('ok');
+}
+```
+## Coverage
+- **WebhookEvent** — discriminated union covering all 65 outbound event types currently emitted by the Throttle outbound bus (cart, order, payment, fulfillment, subscription, discount, customer, invoice, shipping/tax, workspace lifecycle).
+- **WebhookEventType** — `WebhookEvent['type']`; use it to constrain switch statements or event-name handlers.
+- **Typed payloads** — primitive fields (ids, amounts, codes, timestamps) are fully typed. Embedded domain objects (`order`, `payment`, `subscription`, `workspace`, etc.) are typed as `Record<string, unknown>` because the canonical schemas live in the API server and shouldn't be duplicated here. Cast through the OpenAPI client (`@usethrottle/api-client`) for the embedded shapes.
+- **verifyWebhookSignature** — Stripe-compatible `t=…,v1=…` header parsing with timing-safe HMAC-SHA256 comparison + 5-minute replay window by default.
+## Versioning
+The event list is the contract. Adding an event in the Throttle outbound bus is a minor bump; removing one is a major bump. Typed payload field changes are minor when additive; breaking when not. See [docs.usethrottle.dev/developers/webhooks](https://docs.usethrottle.dev/developers/webhooks) for the full event reference + signature format.

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,215 @@
+/**
+ * @usethrottle/webhook-types
+ *
+ * TypeScript discriminated unions for every Throttle outbound webhook event.
+ * Keyed by `event.type`, this lets your handler narrow `event.data` without
+ * casts or `Record<string, unknown>` ceremony.
+ *
+ * Coverage: all 69 outbound event types are enumerated in `WebhookEventType`.
+ * Payload shapes are typed for the 24 most-integrated events (cart, order,
+ * payment, fulfillment, subscription core lifecycle). The remaining events
+ * resolve to `data: Record<string, unknown>` until typed in a future release.
+ *
+ * Tracks the canonical event registry in `@platform/webhooks` so adding a new
+ * event type there is a compile-time error here until the union is updated.
+ */
+export interface WebhookEnvelope<T extends WebhookEvent = WebhookEvent> {
+    /** Stable event identifier (UUID v7). */
+    id: string;
+    /** Workspace that owns the event source. */
+    workspaceId: string;
+    /** Application (store) the event was emitted from. */
+    applicationId: string;
+    /**
+     * Whether the event originated from test-mode resources. Outbound endpoints
+     * registered with `isTest=true` only receive `isTest:true` events.
+     */
+    isTest: boolean;
+    /** ISO 8601 timestamp the event was emitted at. */
+    createdAt: string;
+    /** Discriminated union — narrow by `event.type`. */
+    event: T;
+}
+export interface MoneyAmount {
+    amount: number;
+    currency: string;
+}
+export interface CartCreatedData {
+    cartId: string;
+    sequence: number;
+    applicationId: string;
+    customerId: string | null;
+    currency: string;
+}
+export interface CartUpdatedData {
+    cartId: string;
+    sequence: number;
+    changedFields: string[];
+}
+export interface CartItemAddedData {
+    cartId: string;
+    sequence: number;
+    itemId: string;
+    name: string;
+    quantity: number;
+    unitPrice: number;
+}
+export interface CartItemUpdatedData {
+    cartId: string;
+    sequence: number;
+    itemId: string;
+    quantity: number;
+    unitPrice: number;
+}
+export interface CartItemRemovedData {
+    cartId: string;
+    sequence: number;
+    itemId: string;
+}
+export interface CartShippingSelectedData {
+    cartId: string;
+    sequence: number;
+    methodId: string;
+    displayName: string;
+    rateAmount: number;
+    currency: string;
+}
+export interface CartDiscountAppliedData {
+    cartId: string;
+    sequence: number;
+    code: string;
+    amount: number;
+    type: 'percentage' | 'fixed_amount';
+    discountTotal: number;
+}
+export interface OrderCreatedData {
+    orderId: string;
+    orderNumber: string;
+    customerId: string | null;
+    currency: string;
+    total: number;
+    status: 'draft' | 'pending' | 'paid' | 'cancelled' | 'refunded';
+}
+export interface OrderUpdatedData {
+    orderId: string;
+    changedFields: string[];
+}
+export interface OrderCancelledData {
+    orderId: string;
+    reason: string | null;
+}
+export interface OrderFulfilledData {
+    orderId: string;
+    fulfillmentId: string;
+}
+export interface PaymentCreatedData {
+    paymentId: string;
+    orderId: string | null;
+    amount: number;
+    currency: string;
+    status: 'pending' | 'authorized' | 'captured' | 'failed' | 'refunded' | 'voided';
+}
+export interface PaymentCapturedData {
+    paymentId: string;
+    orderId: string | null;
+    amount: number;
+    currency: string;
+}
+export interface PaymentFailedData {
+    paymentId: string;
+    orderId: string | null;
+    code: string;
+    message: string;
+}
+export interface PaymentRefundedData {
+    paymentId: string;
+    refundId: string;
+    amount: number;
+    currency: string;
+}
+export interface FulfillmentCreatedData {
+    fulfillmentId: string;
+    orderId: string;
+    type: 'shipment' | 'digital' | 'access' | 'service' | 'in_person';
+    status: 'pending' | 'in_progress' | 'fulfilled' | 'cancelled';
+}
+export interface FulfillmentShippedData {
+    fulfillmentId: string;
+    orderId: string;
+    trackingNumber: string | null;
+    carrier: string | null;
+}
+export interface FulfillmentDeliveredData {
+    fulfillmentId: string;
+    orderId: string;
+    deliveredAt: string;
+}
+export interface SubscriptionCreatedData {
+    subscriptionId: string;
+    customerId: string;
+    planReference: string;
+    status: 'active' | 'trialing' | 'past_due' | 'cancelled' | 'paused';
+    currentPeriodStart: string;
+    currentPeriodEnd: string;
+}
+export interface SubscriptionUpdatedData {
+    subscriptionId: string;
+    changedFields: string[];
+}
+export interface SubscriptionCancelledData {
+    subscriptionId: string;
+    cancelledAt: string;
+    reason: string | null;
+}
+export interface SubscriptionRenewedData {
+    subscriptionId: string;
+    currentPeriodStart: string;
+    currentPeriodEnd: string;
+}
+export interface CustomerCreatedData {
+    customerId: string;
+    email: string | null;
+    externalId: string | null;
+}
+export interface CustomerUpdatedData {
+    customerId: string;
+    changedFields: string[];
+}
+type Event<T extends string, D> = {
+    type: T;
+    data: D;
+};
+export type WebhookEvent = Event<'cart.created', CartCreatedData> | Event<'cart.updated', CartUpdatedData> | Event<'cart.item_added', CartItemAddedData> | Event<'cart.item_updated', CartItemUpdatedData> | Event<'cart.item_removed', CartItemRemovedData> | Event<'cart.shipping_selected', CartShippingSelectedData> | Event<'cart.shipping_cleared', {
+    cartId: string;
+    sequence: number;
+}> | Event<'cart.discount_applied', CartDiscountAppliedData> | Event<'cart.discount_removed', {
+    cartId: string;
+    sequence: number;
+}> | Event<'cart.tax_recomputed', {
+    cartId: string;
+    sequence: number;
+    lineCount: number;
+}> | Event<'order.created', OrderCreatedData> | Event<'order.updated', OrderUpdatedData> | Event<'order.cancelled', OrderCancelledData> | Event<'order.fulfilled', OrderFulfilledData> | Event<'payment.created', PaymentCreatedData> | Event<'payment.authorized', PaymentCreatedData> | Event<'payment.captured', PaymentCapturedData> | Event<'payment.failed', PaymentFailedData> | Event<'payment.refunded', PaymentRefundedData> | Event<'payment.voided', PaymentCreatedData> | Event<'fulfillment.created', FulfillmentCreatedData> | Event<'fulfillment.shipped', FulfillmentShippedData> | Event<'fulfillment.delivered', FulfillmentDeliveredData> | Event<'fulfillment.cancelled', {
+    fulfillmentId: string;
+    orderId: string;
+}> | Event<'subscription.created', SubscriptionCreatedData> | Event<'subscription.updated', SubscriptionUpdatedData> | Event<'subscription.cancelled', SubscriptionCancelledData> | Event<'subscription.renewed', SubscriptionRenewedData> | Event<'customer.created', CustomerCreatedData> | Event<'customer.updated', CustomerUpdatedData> | Event<Exclude<WebhookEventType, TypedEventType>, Record<string, unknown>>;
+type TypedEventType = 'cart.created' | 'cart.updated' | 'cart.item_added' | 'cart.item_updated' | 'cart.item_removed' | 'cart.shipping_selected' | 'cart.shipping_cleared' | 'cart.discount_applied' | 'cart.discount_removed' | 'cart.tax_recomputed' | 'order.created' | 'order.updated' | 'order.cancelled' | 'order.fulfilled' | 'payment.created' | 'payment.authorized' | 'payment.captured' | 'payment.failed' | 'payment.refunded' | 'payment.voided' | 'fulfillment.created' | 'fulfillment.shipped' | 'fulfillment.delivered' | 'fulfillment.cancelled' | 'subscription.created' | 'subscription.updated' | 'subscription.cancelled' | 'subscription.renewed' | 'customer.created' | 'customer.updated';
+export type WebhookEventType = 'cart.created' | 'cart.updated' | 'cart.item_added' | 'cart.item_updated' | 'cart.item_removed' | 'cart.shipping_selected' | 'cart.shipping_cleared' | 'cart.discount_applied' | 'cart.discount_removed' | 'cart.tax_recomputed' | 'cart.checked_out' | 'order.created' | 'order.updated' | 'order.cancelled' | 'order.refunded' | 'order.fulfilled' | 'order.completed' | 'payment.created' | 'payment.authorized' | 'payment.captured' | 'payment.failed' | 'payment.refunded' | 'payment.voided' | 'payment.pending' | 'fulfillment.created' | 'fulfillment.shipped' | 'fulfillment.delivered' | 'fulfillment.cancelled' | 'fulfillment.access_granted' | 'fulfillment.access_revoked' | 'subscription.created' | 'subscription.updated' | 'subscription.cancelled' | 'subscription.renewed' | 'subscription.trial_ending' | 'subscription.trial_ended' | 'subscription.past_due' | 'subscription.recovered' | 'subscription.paused' | 'subscription.resumed' | 'discount.created' | 'discount.updated' | 'discount.archived' | 'discount.redeemed' | 'customer.created' | 'customer.updated' | 'customer.deleted' | 'invoice.created' | 'invoice.paid' | 'invoice.overdue' | 'invoice.disputed' | 'invoice.refunded' | 'invoice.aged' | 'shipping.rate_calculated' | 'tax.calculated' | 'tax.recalculated' | 'workspace.payment_method.added' | 'workspace.payment_method.removed' | 'workspace.payment_method.set_default' | 'workspace.payment_method.set_backup' | 'platform.invoice.created' | 'platform.invoice.paid' | 'platform.invoice.failed' | 'platform.charge.refunded' | 'workspace.created' | 'workspace.trial_started' | 'workspace.trial_ending' | 'workspace.trial_ended' | 'workspace.subscribed';
+/**
+ * Verifies the `Throttle-Signature` header against the raw request body.
+ * Use this from your webhook handler BEFORE parsing the JSON.
+ *
+ * Header format: `t=<timestamp>,v1=<hex>`. The HMAC is computed over
+ * `${timestamp}.${rawBody}` with the endpoint's signing secret
+ * (returned as `signingSecret` when you created the endpoint via
+ * POST /api/v1/webhooks). Reject if the timestamp is more than
+ * `toleranceSeconds` old (default 5 minutes) — protects against replay.
+ */
+export declare function verifyWebhookSignature(args: {
+    header: string;
+    rawBody: string;
+    secret: string;
+    toleranceSeconds?: number;
+}): boolean;
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAMH,MAAM,WAAW,eAAe,CAAC,CAAC,SAAS,YAAY,GAAG,YAAY;IACpE,yCAAyC;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,4CAA4C;IAC5C,WAAW,EAAE,MAAM,CAAC;IACpB,sDAAsD;IACtD,aAAa,EAAE,MAAM,CAAC;IACtB;;;OAGG;IACH,MAAM,EAAE,OAAO,CAAC;IAChB,mDAAmD;IACnD,SAAS,EAAE,MAAM,CAAC;IAClB,oDAAoD;IACpD,KAAK,EAAE,CAAC,CAAC;CACV;AAMD,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AACD,MAAM,WAAW,iBAAiB;IAChC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AACD,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;CACnB;AACD,MAAM,WAAW,mBAAmB;IAClC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;CAChB;AACD,MAAM,WAAW,wBAAwB;IACvC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,WAAW,uBAAuB;IACtC,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,YAAY,GAAG,cAAc,CAAC;IACpC,aAAa,EAAE,MAAM,CAAC;CACvB;AACD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;IAC1B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,OAAO,GAAG,SAAS,GAAG,MAAM,GAAG,WAAW,GAAG,UAAU,CAAC;CACjE;AACD,MAAM,WAAW,gBAAgB;IAC/B,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AACD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AACD,MAAM,WAAW,kBAAkB;IACjC,OAAO,EAAE,MAAM,CAAC;IAChB,aAAa,EAAE,MAAM,CAAC;CACvB;AACD,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,SAAS,GAAG,YAAY,GAAG,UAAU,GAAG,QAAQ,GAAG,UAAU,GAAG,QAAQ,CAAC;CAClF;AACD,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB;AACD,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AACD,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,UAAU,GAAG,SAAS,GAAG,QAAQ,GAAG,SAAS,GAAG,WAAW,CAAC;IAClE,MAAM,EAAE,SAAS,GAAG,aAAa,GAAG,WAAW,GAAG,WAAW,CAAC;CAC/D;AACD,MAAM,WAAW,sBAAsB;IACrC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,cAAc,EAAE,MAAM,GAAG,IAAI,CAAC;IAC9B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB;AACD,MAAM,WAAW,wBAAwB;IACvC,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;CACrB;AACD,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,QAAQ,GAAG,UAAU,GAAG,UAAU,GAAG,WAAW,GAAG,QAAQ,CAAC;IACpE,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AACD,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AACD,MAAM,WAAW,yBAAyB;IACxC,cAAc,EAAE,MAAM,CAAC;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAC;CACvB;AACD,MAAM,WAAW,uBAAuB;IACtC,cAAc,EAAE,MAAM,CAAC;IACvB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,gBAAgB,EAAE,MAAM,CAAC;CAC1B;AACD,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IACrB,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC3B;AACD,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;CACzB;AAMD,KAAK,KAAK,CAAC,CAAC,SAAS,MAAM,EAAE,CAAC,IAAI;IAAE,IAAI,EAAE,CAAC,CAAC;IAAC,IAAI,EAAE,CAAC,CAAA;CAAE,CAAC;AAEvD,MAAM,MAAM,YAAY,GACpB,KAAK,CAAC,cAAc,EAAE,eAAe,CAAC,GACtC,KAAK,CAAC,cAAc,EAAE,eAAe,CAAC,GACtC,KAAK,CAAC,iBAAiB,EAAE,iBAAiB,CAAC,GAC3C,KAAK,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAC/C,KAAK,CAAC,mBAAmB,EAAE,mBAAmB,CAAC,GAC/C,KAAK,CAAC,wBAAwB,EAAE,wBAAwB,CAAC,GACzD,KAAK,CAAC,uBAAuB,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,GACpE,KAAK,CAAC,uBAAuB,EAAE,uBAAuB,CAAC,GACvD,KAAK,CAAC,uBAAuB,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAA;CAAE,CAAC,GACpE,KAAK,CAAC,qBAAqB,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,CAAC,GACrF,KAAK,CAAC,eAAe,EAAE,gBAAgB,CAAC,GACxC,KAAK,CAAC,eAAe,EAAE,gBAAgB,CAAC,GACxC,KAAK,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,GAC5C,KAAK,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,GAC5C,KAAK,CAAC,iBAAiB,EAAE,kBAAkB,CAAC,GAC5C,KAAK,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,GAC/C,KAAK,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,GAC9C,KAAK,CAAC,gBAAgB,EAAE,iBAAiB,CAAC,GAC1C,KAAK,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,GAC9C,KAAK,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,GAC3C,KAAK,CAAC,qBAAqB,EAAE,sBAAsB,CAAC,GACpD,KAAK,CAAC,qBAAqB,EAAE,sBAAsB,CAAC,GACpD,KAAK,CAAC,uBAAuB,EAAE,wBAAwB,CAAC,GACxD,KAAK,CAAC,uBAAuB,EAAE;IAAE,aAAa,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,GAC1E,KAAK,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,GACtD,KAAK,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,GACtD,KAAK,CAAC,wBAAwB,EAAE,yBAAyB,CAAC,GAC1D,KAAK,CAAC,sBAAsB,EAAE,uBAAuB,CAAC,GACtD,KAAK,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,GAC9C,KAAK,CAAC,kBAAkB,EAAE,mBAAmB,CAAC,GAI9C,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;AAE9E,KAAK,cAAc,GACf,cAAc,GACd,cAAc,GACd,iBAAiB,GACjB,mBAAmB,GACnB,mBAAmB,GACnB,wBAAwB,GACxB,uBAAuB,GACvB,uBAAuB,GACvB,uBAAuB,GACvB,qBAAqB,GACrB,eAAe,GACf,eAAe,GACf,iBAAiB,GACjB,iBAAiB,GACjB,iBAAiB,GACjB,oBAAoB,GACpB,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,qBAAqB,GACrB,qBAAqB,GACrB,uBAAuB,GACvB,uBAAuB,GACvB,sBAAsB,GACtB,sBAAsB,GACtB,wBAAwB,GACxB,sBAAsB,GACtB,kBAAkB,GAClB,kBAAkB,CAAC;AAIvB,MAAM,MAAM,gBAAgB,GACxB,cAAc,GACd,cAAc,GACd,iBAAiB,GACjB,mBAAmB,GACnB,mBAAmB,GACnB,wBAAwB,GACxB,uBAAuB,GACvB,uBAAuB,GACvB,uBAAuB,GACvB,qBAAqB,GACrB,kBAAkB,GAClB,eAAe,GACf,eAAe,GACf,iBAAiB,GACjB,gBAAgB,GAChB,iBAAiB,GACjB,iBAAiB,GACjB,iBAAiB,GACjB,oBAAoB,GACpB,kBAAkB,GAClB,gBAAgB,GAChB,kBAAkB,GAClB,gBAAgB,GAChB,iBAAiB,GACjB,qBAAqB,GACrB,qBAAqB,GACrB,uBAAuB,GACvB,uBAAuB,GACvB,4BAA4B,GAC5B,4BAA4B,GAC5B,sBAAsB,GACtB,sBAAsB,GACtB,wBAAwB,GACxB,sBAAsB,GACtB,2BAA2B,GAC3B,0BAA0B,GAC1B,uBAAuB,GACvB,wBAAwB,GACxB,qBAAqB,GACrB,sBAAsB,GACtB,kBAAkB,GAClB,kBAAkB,GAClB,mBAAmB,GACnB,mBAAmB,GACnB,kBAAkB,GAClB,kBAAkB,GAClB,kBAAkB,GAClB,iBAAiB,GACjB,cAAc,GACd,iBAAiB,GACjB,kBAAkB,GAClB,kBAAkB,GAClB,cAAc,GACd,0BAA0B,GAC1B,gBAAgB,GAChB,kBAAkB,GAClB,gCAAgC,GAChC,kCAAkC,GAClC,sCAAsC,GACtC,qCAAqC,GACrC,0BAA0B,GAC1B,uBAAuB,GACvB,yBAAyB,GACzB,0BAA0B,GAC1B,mBAAmB,GACnB,yBAAyB,GACzB,wBAAwB,GACxB,uBAAuB,GACvB,sBAAsB,CAAC;AAQ3B;;;;;;;;;GASG;AACH,wBAAgB,sBAAsB,CAAC,IAAI,EAAE;IAC3C,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,MAAM,CAAC;CAC3B,GAAG,OAAO,CAuBV"}

package/dist/index.js ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * @usethrottle/webhook-types
+ *
+ * TypeScript discriminated unions for every Throttle outbound webhook event.
+ * Keyed by `event.type`, this lets your handler narrow `event.data` without
+ * casts or `Record<string, unknown>` ceremony.
+ *
+ * Coverage: all 69 outbound event types are enumerated in `WebhookEventType`.
+ * Payload shapes are typed for the 24 most-integrated events (cart, order,
+ * payment, fulfillment, subscription core lifecycle). The remaining events
+ * resolve to `data: Record<string, unknown>` until typed in a future release.
+ *
+ * Tracks the canonical event registry in `@platform/webhooks` so adding a new
+ * event type there is a compile-time error here until the union is updated.
+ */
+// ----------------------------------------------------------------------------
+// Signature verification (Stripe-compatible scheme)
+// ----------------------------------------------------------------------------
+import { createHmac, timingSafeEqual } from 'node:crypto';
+/**
+ * Verifies the `Throttle-Signature` header against the raw request body.
+ * Use this from your webhook handler BEFORE parsing the JSON.
+ *
+ * Header format: `t=<timestamp>,v1=<hex>`. The HMAC is computed over
+ * `${timestamp}.${rawBody}` with the endpoint's signing secret
+ * (returned as `signingSecret` when you created the endpoint via
+ * POST /api/v1/webhooks). Reject if the timestamp is more than
+ * `toleranceSeconds` old (default 5 minutes) — protects against replay.
+ */
+export function verifyWebhookSignature(args) {
+    const { header, rawBody, secret, toleranceSeconds = 300 } = args;
+    const parts = Object.fromEntries(header.split(',').map((p) => {
+        const [k, v] = p.split('=');
+        return [k.trim(), v?.trim()];
+    }));
+    if (!parts.t || !parts.v1)
+        return false;
+    const timestamp = Number(parts.t);
+    if (!Number.isFinite(timestamp))
+        return false;
+    if (Math.abs(Date.now() / 1000 - timestamp) > toleranceSeconds)
+        return false;
+    const expected = createHmac('sha256', secret)
+        .update(`${parts.t}.${rawBody}`)
+        .digest('hex');
+    const received = Buffer.from(parts.v1, 'hex');
+    if (received.length !== expected.length / 2)
+        return false;
+    return timingSafeEqual(received, Buffer.from(expected, 'hex'));
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAkUH,+EAA+E;AAC/E,oDAAoD;AACpD,+EAA+E;AAE/E,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE1D;;;;;;;;;GASG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAKtC;IACC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,gBAAgB,GAAG,GAAG,EAAE,GAAG,IAAI,CAAC;IAEjE,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAC9B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC1B,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC5B,OAAO,CAAC,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/B,CAAC,CAAC,CACH,CAAC;IAEF,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE;QAAE,OAAO,KAAK,CAAC;IAExC,MAAM,SAAS,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAC;IAC9C,IAAI,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,SAAS,CAAC,GAAG,gBAAgB;QAAE,OAAO,KAAK,CAAC;IAE7E,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC1C,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,IAAI,OAAO,EAAE,CAAC;SAC/B,MAAM,CAAC,KAAK,CAAC,CAAC;IAEjB,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;IAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAC1D,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;AACjE,CAAC"}

package/package.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "name": "@usethrottle/webhook-types",
+  "version": "0.2.0",
+  "description": "TypeScript discriminated unions for every Throttle outbound webhook event.",
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "tsc --noEmit && vitest run --passWithNoTests"
+  },
+  "devDependencies": {
+    "@types/node": "^20.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^2.1.9"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=20"
+  }
+}