@waffo/pancake-ts 0.1.2 → 0.1.5

package/dist/index.d.ts

@@ -7,6 +7,8 @@ interface WaffoPancakeConfig {
     baseUrl?: string;
     /** Custom fetch implementation (default: global fetch) */
     fetch?: typeof fetch;
+    /** Custom RSA public key (PEM) for webhook signature verification. When set, overrides the built-in Waffo public keys. */
+    webhookPublicKey?: string;
 }
 /**
  * Single error object within the `errors` array.
@@ -239,7 +241,6 @@ interface CheckoutThemeSettings {
     checkoutColorBackground: string;
     checkoutColorCard: string;
     checkoutColorText: string;
-    checkoutColorTextSecondary: string;
     checkoutBorderRadius: string;
 }
 /**
@@ -247,6 +248,7 @@ interface CheckoutThemeSettings {
  * @see waffo-pancake-store-service/app/lib/types.ts
  */
 interface CheckoutSettings {
+    defaultDarkMode: boolean;
     light: CheckoutThemeSettings;
     dark: CheckoutThemeSettings;
 }
@@ -262,7 +264,6 @@ interface Store {
     supportEmail: string | null;
     website: string | null;
     slug: string | null;
-    isPublic: boolean;
     prodEnabled: boolean;
     webhookSettings: WebhookSettings | null;
     notificationSettings: NotificationSettings | null;
@@ -283,9 +284,6 @@ interface UpdateStoreParams {
     name?: string;
     status?: EntityStatus;
     logo?: string | null;
-    supportEmail?: string | null;
-    website?: string | null;
-    isPublic?: boolean;
     webhookSettings?: WebhookSettings | null;
     notificationSettings?: NotificationSettings | null;
     checkoutSettings?: CheckoutSettings | null;
@@ -343,17 +341,15 @@ interface UpdateRoleResult {
  *
  * @example
  * // USD $9.99
- * { amount: 999, taxIncluded: true, taxCategory: "saas" }
+ * { amount: 999, taxCategory: "saas" }
  *
  * @example
  * // JPY ¥1000
- * { amount: 1000, taxIncluded: false, taxCategory: "software" }
+ * { amount: 1000, taxCategory: "software" }
  */
 interface PriceInfo {
     /** Price amount in smallest currency unit */
     amount: number;
-    /** Whether the price is tax-inclusive */
-    taxIncluded: boolean;
     /** Tax category */
     taxCategory: TaxCategory;
 }
@@ -364,8 +360,8 @@ interface PriceInfo {
  *
  * @example
  * {
- *   "USD": { amount: 999, taxIncluded: true, taxCategory: "saas" },
- *   "EUR": { amount: 899, taxIncluded: true, taxCategory: "saas" }
+ *   "USD": { amount: 999, taxCategory: "saas" },
+ *   "EUR": { amount: 899, taxCategory: "saas" }
  * }
  */
 type Prices = Record<string, PriceInfo>;
@@ -576,13 +572,13 @@ interface BillingDetail {
     country: string;
     /** Whether this is a business purchase */
     isBusiness: boolean;
-    /** Postal / ZIP code */
+    /** Postal / ZIP code (required for US, at least one of postcode/state for CA) */
     postcode?: string;
-    /** State / province code (required for US/CA) */
+    /** State / province code (at least one of state/postcode for CA) */
     state?: string;
-    /** Business name (required when isBusiness=true) */
+    /** Business name (recommended for invoicing, does not affect tax calculation) */
     businessName?: string;
-    /** Tax ID (required for EU businesses) */
+    /** Tax ID / VAT number (EU businesses: triggers reverse charge 0% when provided) */
     taxId?: string;
 }
 /**
@@ -591,7 +587,7 @@ interface BillingDetail {
  */
 interface CreateCheckoutSessionParams {
     /** Store ID */
-    storeId?: string;
+    storeId: string;
     /** Product ID */
     productId: string;
     /** Product type */
@@ -608,8 +604,10 @@ interface CreateCheckoutSessionParams {
     billingDetail?: BillingDetail;
     /** Redirect URL after successful payment */
     successUrl?: string;
-    /** Session expiration in seconds (default: 7 days) */
+    /** Session expiration in seconds (default: 45 minutes) */
     expiresInSeconds?: number;
+    /** Dark mode override (true=dark, false=light, omit=use store default) */
+    darkMode?: boolean;
     /** Custom metadata */
     metadata?: Record<string, string>;
 }
@@ -718,6 +716,7 @@ interface VerifyWebhookOptions {
     /**
      * Specify which environment's public key to use for verification.
      * When omitted, both keys are tried automatically (prod first).
+     * Ignored when `publicKey` is provided.
      */
     environment?: `${Environment}`;
     /**
@@ -726,6 +725,11 @@ interface VerifyWebhookOptions {
      * @default 300000 (5 minutes)
      */
     toleranceMs?: number;
+    /**
+     * Custom RSA public key (PEM) for signature verification.
+     * When provided, overrides both built-in keys and the `environment` option.
+     */
+    publicKey?: string;
 }
 
 /**
@@ -836,7 +840,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.create({
      *   storeId: "store_xxx",
      *   name: "E-Book",
-     *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
      * });
      */
     create(params: CreateOnetimeProductParams): Promise<{
@@ -852,7 +856,7 @@ declare class OnetimeProductsResource {
      * const { product } = await client.onetimeProducts.update({
      *   id: "prod_xxx",
      *   name: "E-Book v2",
-     *   prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+     *   prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
      * });
      */
     update(params: UpdateOnetimeProductParams): Promise<{
@@ -982,7 +986,6 @@ declare class StoresResource {
      * const { store } = await client.stores.update({
      *   id: "store_xxx",
      *   name: "Updated Name",
-     *   supportEmail: "help@example.com",
      * });
      */
     update(params: UpdateStoreParams): Promise<{
@@ -1079,7 +1082,7 @@ declare class SubscriptionProductsResource {
      *   storeId: "store_xxx",
      *   name: "Pro Plan",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 999, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 999, taxCategory: "saas" } },
      * });
      */
     create(params: CreateSubscriptionProductParams): Promise<{
@@ -1096,7 +1099,7 @@ declare class SubscriptionProductsResource {
      *   id: "prod_xxx",
      *   name: "Pro Plan v2",
      *   billingPeriod: "monthly",
-     *   prices: { USD: { amount: 1499, taxIncluded: false, taxCategory: "saas" } },
+     *   prices: { USD: { amount: 1499, taxCategory: "saas" } },
      * });
      */
     update(params: UpdateSubscriptionProductParams): Promise<{
@@ -1131,6 +1134,33 @@ declare class SubscriptionProductsResource {
     }>;
 }
 
+/** Webhook signature verification resource. */
+declare class WebhooksResource {
+    private readonly publicKey;
+    /** @param publicKey - Optional custom RSA public key (PEM or raw base64) */
+    constructor(publicKey: string | undefined);
+    /**
+     * Verify and parse an incoming webhook event.
+     *
+     * When the client was created with a `webhookPublicKey`, that key is used
+     * automatically. You can still override per-call via `options.publicKey`.
+     *
+     * @param payload - Raw request body string (must be unparsed)
+     * @param signatureHeader - Value of the `X-Waffo-Signature` header
+     * @param options - Verification options (optional)
+     * @returns Parsed webhook event
+     * @throws Error if signature is invalid, header is malformed, or timestamp is stale
+     *
+     * @example
+     * const event = client.webhooks.verify(rawBody, signatureHeader);
+     *
+     * @example
+     * // Override tolerance per call
+     * const event = client.webhooks.verify(rawBody, sig, { toleranceMs: 0 });
+     */
+    verify<T = Record<string, unknown>>(payload: string, signatureHeader: string | undefined | null, options?: VerifyWebhookOptions): WebhookEvent<T>;
+}
+
 /**
  * Waffo Pancake TypeScript SDK client.
  *
@@ -1152,7 +1182,7 @@ declare class SubscriptionProductsResource {
  * const { product } = await client.onetimeProducts.create({
  *   storeId: store.id,
  *   name: "E-Book",
- *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+ *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
  * });
  *
  * // Create a checkout session
@@ -1168,6 +1198,15 @@ declare class SubscriptionProductsResource {
  * const result = await client.graphql.query({
  *   query: `query { stores { id name status } }`,
  * });
+ *
+ * @example
+ * // Use a custom public key for webhook verification
+ * const client = new WaffoPancake({
+ *   merchantId: "...",
+ *   privateKey: "...",
+ *   webhookPublicKey: myCustomPublicKeyPem,
+ * });
+ * const event = client.webhooks.verify(rawBody, signatureHeader);
  */
 declare class WaffoPancake {
     private readonly http;
@@ -1180,6 +1219,7 @@ declare class WaffoPancake {
     readonly orders: OrdersResource;
     readonly checkout: CheckoutResource;
     readonly graphql: GraphQLResource;
+    readonly webhooks: WebhooksResource;
     constructor(config: WaffoPancakeConfig);
 }
 

package/dist/index.js

@@ -15,7 +15,105 @@ var WaffoPancakeError = class extends Error {
 };
 
 // src/signing.ts
-import { createHash, createSign } from "crypto";
+import { createHash, createPrivateKey, createPublicKey, createSign } from "crypto";
+var PKCS8_HEADER = "-----BEGIN PRIVATE KEY-----";
+var PKCS8_FOOTER = "-----END PRIVATE KEY-----";
+var PKCS1_HEADER = "-----BEGIN RSA PRIVATE KEY-----";
+var PKCS1_FOOTER = "-----END RSA PRIVATE KEY-----";
+var SPKI_HEADER = "-----BEGIN PUBLIC KEY-----";
+var SPKI_FOOTER = "-----END PUBLIC KEY-----";
+var PKCS1_PUB_HEADER = "-----BEGIN RSA PUBLIC KEY-----";
+var PKCS1_PUB_FOOTER = "-----END RSA PUBLIC KEY-----";
+function normalizePrivateKey(raw) {
+  if (!raw || !raw.trim()) {
+    throw new Error(
+      "Private key is empty. Provide an RSA private key in PEM format."
+    );
+  }
+  let pem = raw.replace(/\\n/g, "\n").replace(/\r\n/g, "\n");
+  pem = pem.trim();
+  const hasPkcs8Header = pem.includes(PKCS8_HEADER);
+  const hasPkcs1Header = pem.includes(PKCS1_HEADER);
+  const hasHeader = hasPkcs8Header || hasPkcs1Header;
+  if (hasHeader) {
+    const base64 = pem.replace(/-----BEGIN (?:RSA )?PRIVATE KEY-----/g, "").replace(/-----END (?:RSA )?PRIVATE KEY-----/g, "").replace(/\s+/g, "");
+    if (!base64) {
+      throw new Error(
+        "Private key contains PEM headers but no key data. Check the key content."
+      );
+    }
+    const header = hasPkcs1Header ? PKCS1_HEADER : PKCS8_HEADER;
+    const footer = hasPkcs1Header ? PKCS1_FOOTER : PKCS8_FOOTER;
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${header}
+${wrapped}
+${footer}`;
+  } else {
+    const base64 = pem.replace(/\s+/g, "");
+    if (!/^[A-Za-z0-9+/]+=*$/.test(base64)) {
+      throw new Error(
+        "Private key is not valid PEM or base64. Expected an RSA private key in PEM format or raw base64."
+      );
+    }
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${PKCS8_HEADER}
+${wrapped}
+${PKCS8_FOOTER}`;
+  }
+  try {
+    createPrivateKey(pem);
+  } catch {
+    throw new Error(
+      "Private key could not be parsed. Ensure it is a valid RSA private key in PKCS#8 or PKCS#1 (PEM) format."
+    );
+  }
+  return pem;
+}
+function normalizePublicKey(raw) {
+  if (!raw || !raw.trim()) {
+    throw new Error(
+      "Public key is empty. Provide an RSA public key in PEM format."
+    );
+  }
+  let pem = raw.replace(/\\n/g, "\n").replace(/\r\n/g, "\n");
+  pem = pem.trim();
+  const hasSpkiHeader = pem.includes(SPKI_HEADER);
+  const hasPkcs1PubHeader = pem.includes(PKCS1_PUB_HEADER);
+  const hasHeader = hasSpkiHeader || hasPkcs1PubHeader;
+  if (hasHeader) {
+    const base64 = pem.replace(/-----BEGIN (?:RSA )?PUBLIC KEY-----/g, "").replace(/-----END (?:RSA )?PUBLIC KEY-----/g, "").replace(/\s+/g, "");
+    if (!base64) {
+      throw new Error(
+        "Public key contains PEM headers but no key data. Check the key content."
+      );
+    }
+    const header = hasPkcs1PubHeader ? PKCS1_PUB_HEADER : SPKI_HEADER;
+    const footer = hasPkcs1PubHeader ? PKCS1_PUB_FOOTER : SPKI_FOOTER;
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${header}
+${wrapped}
+${footer}`;
+  } else {
+    const base64 = pem.replace(/\s+/g, "");
+    if (!/^[A-Za-z0-9+/]+=*$/.test(base64)) {
+      throw new Error(
+        "Public key is not valid PEM or base64. Expected an RSA public key in PEM format or raw base64."
+      );
+    }
+    const wrapped = base64.match(/.{1,64}/g).join("\n");
+    pem = `${SPKI_HEADER}
+${wrapped}
+${SPKI_FOOTER}`;
+  }
+  try {
+    createPublicKey(pem);
+  } catch {
+    throw new Error(
+      "Public key could not be parsed. Ensure it is a valid RSA public key in SPKI or PKCS#1 (PEM) format."
+    );
+  }
+  return pem;
+}
 function signRequest(method, path, timestamp, body, privateKey) {
   const bodyHash = createHash("sha256").update(body).digest("base64");
   const canonicalRequest = `${method}
@@ -36,7 +134,7 @@ var HttpClient = class {
   _fetch;
   constructor(config) {
     this.merchantId = config.merchantId;
-    this.privateKey = config.privateKey;
+    this.privateKey = normalizePrivateKey(config.privateKey);
     this.baseUrl = (config.baseUrl ?? DEFAULT_BASE_URL).replace(/\/+$/, "");
     this._fetch = config.fetch ?? fetch;
   }
@@ -167,7 +265,7 @@ var OnetimeProductsResource = class {
    * const { product } = await client.onetimeProducts.create({
    *   storeId: "store_xxx",
    *   name: "E-Book",
-   *   prices: { USD: { amount: 2900, taxIncluded: false, taxCategory: "digital_goods" } },
+   *   prices: { USD: { amount: 2900, taxCategory: "digital_goods" } },
    * });
    */
   async create(params) {
@@ -183,7 +281,7 @@ var OnetimeProductsResource = class {
    * const { product } = await client.onetimeProducts.update({
    *   id: "prod_xxx",
    *   name: "E-Book v2",
-   *   prices: { USD: { amount: 3900, taxIncluded: false, taxCategory: "digital_goods" } },
+   *   prices: { USD: { amount: 3900, taxCategory: "digital_goods" } },
    * });
    */
   async update(params) {
@@ -324,7 +422,6 @@ var StoresResource = class {
    * const { store } = await client.stores.update({
    *   id: "store_xxx",
    *   name: "Updated Name",
-   *   supportEmail: "help@example.com",
    * });
    */
   async update(params) {
@@ -423,7 +520,7 @@ var SubscriptionProductsResource = class {
    *   storeId: "store_xxx",
    *   name: "Pro Plan",
    *   billingPeriod: "monthly",
-   *   prices: { USD: { amount: 999, taxIncluded: false, taxCategory: "saas" } },
+   *   prices: { USD: { amount: 999, taxCategory: "saas" } },
    * });
    */
   async create(params) {
@@ -440,7 +537,7 @@ var SubscriptionProductsResource = class {
    *   id: "prod_xxx",
    *   name: "Pro Plan v2",
    *   billingPeriod: "monthly",
-   *   prices: { USD: { amount: 1499, taxIncluded: false, taxCategory: "saas" } },
+   *   prices: { USD: { amount: 1499, taxCategory: "saas" } },
    * });
    */
   async update(params) {
@@ -475,32 +572,6 @@ var SubscriptionProductsResource = class {
   }
 };
 
-// src/client.ts
-var WaffoPancake = class {
-  http;
-  auth;
-  stores;
-  storeMerchants;
-  onetimeProducts;
-  subscriptionProducts;
-  subscriptionProductGroups;
-  orders;
-  checkout;
-  graphql;
-  constructor(config) {
-    this.http = new HttpClient(config);
-    this.auth = new AuthResource(this.http);
-    this.stores = new StoresResource(this.http);
-    this.storeMerchants = new StoreMerchantsResource(this.http);
-    this.onetimeProducts = new OnetimeProductsResource(this.http);
-    this.subscriptionProducts = new SubscriptionProductsResource(this.http);
-    this.subscriptionProductGroups = new SubscriptionProductGroupsResource(this.http);
-    this.orders = new OrdersResource(this.http);
-    this.checkout = new CheckoutResource(this.http);
-    this.graphql = new GraphQLResource(this.http);
-  }
-};
-
 // src/webhooks.ts
 import { createVerify } from "crypto";
 var DEFAULT_TOLERANCE_MS = 5 * 60 * 1e3;
@@ -559,27 +630,97 @@ function verifyWebhook(payload, signatureHeader, options) {
     }
   }
   const signatureInput = `${t}.${payload}`;
-  const env = options?.environment;
-  if (env === "test") {
-    if (!rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY)) {
-      throw new Error("Invalid webhook signature (test key)");
-    }
-  } else if (env === "prod") {
-    if (!rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY)) {
-      throw new Error("Invalid webhook signature (prod key)");
+  const customKey = options?.publicKey;
+  if (customKey) {
+    const normalizedKey = normalizePublicKey(customKey);
+    if (!rsaVerify(signatureInput, v1, normalizedKey)) {
+      throw new Error("Invalid webhook signature (custom key)");
     }
   } else {
-    const prodValid = rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY);
-    if (!prodValid) {
-      const testValid = rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY);
-      if (!testValid) {
-        throw new Error("Invalid webhook signature (tried both prod and test keys)");
+    const env = options?.environment;
+    if (env === "test") {
+      if (!rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY)) {
+        throw new Error("Invalid webhook signature (test key)");
+      }
+    } else if (env === "prod") {
+      if (!rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY)) {
+        throw new Error("Invalid webhook signature (prod key)");
+      }
+    } else {
+      const prodValid = rsaVerify(signatureInput, v1, PROD_PUBLIC_KEY);
+      if (!prodValid) {
+        const testValid = rsaVerify(signatureInput, v1, TEST_PUBLIC_KEY);
+        if (!testValid) {
+          throw new Error("Invalid webhook signature (tried both prod and test keys)");
+        }
       }
     }
   }
   return JSON.parse(payload);
 }
 
+// src/resources/webhooks.ts
+var WebhooksResource = class {
+  /** @param publicKey - Optional custom RSA public key (PEM or raw base64) */
+  constructor(publicKey) {
+    this.publicKey = publicKey;
+  }
+  /**
+   * Verify and parse an incoming webhook event.
+   *
+   * When the client was created with a `webhookPublicKey`, that key is used
+   * automatically. You can still override per-call via `options.publicKey`.
+   *
+   * @param payload - Raw request body string (must be unparsed)
+   * @param signatureHeader - Value of the `X-Waffo-Signature` header
+   * @param options - Verification options (optional)
+   * @returns Parsed webhook event
+   * @throws Error if signature is invalid, header is malformed, or timestamp is stale
+   *
+   * @example
+   * const event = client.webhooks.verify(rawBody, signatureHeader);
+   *
+   * @example
+   * // Override tolerance per call
+   * const event = client.webhooks.verify(rawBody, sig, { toleranceMs: 0 });
+   */
+  verify(payload, signatureHeader, options) {
+    const mergedOptions = {
+      ...options,
+      publicKey: options?.publicKey ?? this.publicKey
+    };
+    return verifyWebhook(payload, signatureHeader, mergedOptions);
+  }
+};
+
+// src/client.ts
+var WaffoPancake = class {
+  http;
+  auth;
+  stores;
+  storeMerchants;
+  onetimeProducts;
+  subscriptionProducts;
+  subscriptionProductGroups;
+  orders;
+  checkout;
+  graphql;
+  webhooks;
+  constructor(config) {
+    this.http = new HttpClient(config);
+    this.auth = new AuthResource(this.http);
+    this.stores = new StoresResource(this.http);
+    this.storeMerchants = new StoreMerchantsResource(this.http);
+    this.onetimeProducts = new OnetimeProductsResource(this.http);
+    this.subscriptionProducts = new SubscriptionProductsResource(this.http);
+    this.subscriptionProductGroups = new SubscriptionProductGroupsResource(this.http);
+    this.orders = new OrdersResource(this.http);
+    this.checkout = new CheckoutResource(this.http);
+    this.graphql = new GraphQLResource(this.http);
+    this.webhooks = new WebhooksResource(config.webhookPublicKey);
+  }
+};
+
 // src/types.ts
 var Environment = /* @__PURE__ */ ((Environment2) => {
   Environment2["Test"] = "test";