@whatalo/plugin-sdk 1.0.0

package/dist/adapters/express.cjs

@@ -0,0 +1,87 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/express.ts
+var express_exports = {};
+__export(express_exports, {
+  createWebhookHandler: () => createWebhookHandler
+});
+module.exports = __toCommonJS(express_exports);
+
+// src/webhooks/verify.ts
+var import_node_crypto = require("crypto");
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return (0, import_node_crypto.timingSafeEqual)(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/express.ts
+function getSignature(headers) {
+  const value = headers["x-webhook-signature"];
+  if (Array.isArray(value)) {
+    return value[0] ?? "";
+  }
+  return value ?? "";
+}
+function createWebhookHandler(options) {
+  return async function webhookHandler(req, res) {
+    try {
+      const rawPayload = typeof req.body === "string" ? req.body : req.body.toString("utf8");
+      const signature = getSignature(req.headers);
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        res.status(401).json({ error: "Invalid signature" });
+        return;
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      res.status(200).send("OK");
+    } catch {
+      res.status(500).json({ error: "Internal error" });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createWebhookHandler
+});
+//# sourceMappingURL=express.cjs.map

package/dist/adapters/express.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/adapters/express.ts","../../src/webhooks/verify.ts"],"sourcesContent":["import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\ntype ExpressLikeRequest = {\n  body: Buffer | string;\n  headers: Record<string, string | string[] | undefined>;\n};\n\ntype ExpressLikeResponse = {\n  status: (code: number) => {\n    json: (body: unknown) => void;\n    send: (body: string) => void;\n  };\n};\n\nfunction getSignature(\n  headers: Record<string, string | string[] | undefined>\n): string {\n  const value = headers[\"x-webhook-signature\"];\n\n  if (Array.isArray(value)) {\n    return value[0] ?? \"\";\n  }\n\n  return value ?? \"\";\n}\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void> {\n  return async function webhookHandler(\n    req: ExpressLikeRequest,\n    res: ExpressLikeResponse\n  ): Promise<void> {\n    try {\n      const rawPayload =\n        typeof req.body === \"string\" ? req.body : req.body.toString(\"utf8\");\n      const signature = getSignature(req.headers);\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        res.status(401).json({ error: \"Invalid signature\" });\n        return;\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      res.status(200).send(\"OK\");\n    } catch {\n      res.status(500).json({ error: \"Internal error\" });\n    }\n  };\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAA4C;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,eAAW,+BAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,eAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ADpBA,SAAS,aACP,SACQ;AACR,QAAM,QAAQ,QAAQ,qBAAqB;AAE3C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,CAAC,KAAK;AAAA,EACrB;AAEA,SAAO,SAAS;AAClB;AAEO,SAAS,qBACd,SACsE;AACtE,SAAO,eAAe,eACpB,KACA,KACe;AACf,QAAI;AACF,YAAM,aACJ,OAAO,IAAI,SAAS,WAAW,IAAI,OAAO,IAAI,KAAK,SAAS,MAAM;AACpE,YAAM,YAAY,aAAa,IAAI,OAAO;AAE1C,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,UAAI,OAAO,GAAG,EAAE,KAAK,IAAI;AAAA,IAC3B,QAAQ;AACN,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,iBAAiB,CAAC;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/adapters/express.d.cts

@@ -0,0 +1,17 @@
+import { W as WebhookHandlerOptions } from '../types-Db_BeRCj.cjs';
+import '../types-DdqKKyqX.cjs';
+import '../types-M1eLMz6w.cjs';
+
+type ExpressLikeRequest = {
+    body: Buffer | string;
+    headers: Record<string, string | string[] | undefined>;
+};
+type ExpressLikeResponse = {
+    status: (code: number) => {
+        json: (body: unknown) => void;
+        send: (body: string) => void;
+    };
+};
+declare function createWebhookHandler(options: WebhookHandlerOptions): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+
+export { createWebhookHandler };

package/dist/adapters/express.d.ts

@@ -0,0 +1,17 @@
+import { W as WebhookHandlerOptions } from '../types-D2Efg3EG.js';
+import '../types-DZ659i6f.js';
+import '../types-M1eLMz6w.js';
+
+type ExpressLikeRequest = {
+    body: Buffer | string;
+    headers: Record<string, string | string[] | undefined>;
+};
+type ExpressLikeResponse = {
+    status: (code: number) => {
+        json: (body: unknown) => void;
+        send: (body: string) => void;
+    };
+};
+declare function createWebhookHandler(options: WebhookHandlerOptions): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+
+export { createWebhookHandler };

package/dist/adapters/express.mjs

@@ -0,0 +1,60 @@
+// src/webhooks/verify.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return timingSafeEqual(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/express.ts
+function getSignature(headers) {
+  const value = headers["x-webhook-signature"];
+  if (Array.isArray(value)) {
+    return value[0] ?? "";
+  }
+  return value ?? "";
+}
+function createWebhookHandler(options) {
+  return async function webhookHandler(req, res) {
+    try {
+      const rawPayload = typeof req.body === "string" ? req.body : req.body.toString("utf8");
+      const signature = getSignature(req.headers);
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        res.status(401).json({ error: "Invalid signature" });
+        return;
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      res.status(200).send("OK");
+    } catch {
+      res.status(500).json({ error: "Internal error" });
+    }
+  };
+}
+export {
+  createWebhookHandler
+};
+//# sourceMappingURL=express.mjs.map

package/dist/adapters/express.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts","../../src/adapters/express.ts"],"sourcesContent":["import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n","import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\ntype ExpressLikeRequest = {\n  body: Buffer | string;\n  headers: Record<string, string | string[] | undefined>;\n};\n\ntype ExpressLikeResponse = {\n  status: (code: number) => {\n    json: (body: unknown) => void;\n    send: (body: string) => void;\n  };\n};\n\nfunction getSignature(\n  headers: Record<string, string | string[] | undefined>\n): string {\n  const value = headers[\"x-webhook-signature\"];\n\n  if (Array.isArray(value)) {\n    return value[0] ?? \"\";\n  }\n\n  return value ?? \"\";\n}\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void> {\n  return async function webhookHandler(\n    req: ExpressLikeRequest,\n    res: ExpressLikeResponse\n  ): Promise<void> {\n    try {\n      const rawPayload =\n        typeof req.body === \"string\" ? req.body : req.body.toString(\"utf8\");\n      const signature = getSignature(req.headers);\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        res.status(401).json({ error: \"Invalid signature\" });\n        return;\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      res.status(200).send(\"OK\");\n    } catch {\n      res.status(500).json({ error: \"Internal error\" });\n    }\n  };\n}\n"],"mappings":";AAAA,SAAS,YAAY,uBAAuB;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,WAAW,WAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,WAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACpBA,SAAS,aACP,SACQ;AACR,QAAM,QAAQ,QAAQ,qBAAqB;AAE3C,MAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,WAAO,MAAM,CAAC,KAAK;AAAA,EACrB;AAEA,SAAO,SAAS;AAClB;AAEO,SAAS,qBACd,SACsE;AACtE,SAAO,eAAe,eACpB,KACA,KACe;AACf,QAAI;AACF,YAAM,aACJ,OAAO,IAAI,SAAS,WAAW,IAAI,OAAO,IAAI,KAAK,SAAS,MAAM;AACpE,YAAM,YAAY,aAAa,IAAI,OAAO;AAE1C,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,YAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,oBAAoB,CAAC;AACnD;AAAA,MACF;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,UAAI,OAAO,GAAG,EAAE,KAAK,IAAI;AAAA,IAC3B,QAAQ;AACN,UAAI,OAAO,GAAG,EAAE,KAAK,EAAE,OAAO,iBAAiB,CAAC;AAAA,IAClD;AAAA,EACF;AACF;","names":[]}

package/dist/adapters/hono.cjs

@@ -0,0 +1,79 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/hono.ts
+var hono_exports = {};
+__export(hono_exports, {
+  createWebhookHandler: () => createWebhookHandler
+});
+module.exports = __toCommonJS(hono_exports);
+
+// src/webhooks/verify.ts
+var import_node_crypto = require("crypto");
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return (0, import_node_crypto.timingSafeEqual)(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/hono.ts
+function createWebhookHandler(options) {
+  return async function webhookHandler(c) {
+    try {
+      const rawPayload = await c.req.text();
+      const signature = c.req.header("X-Webhook-Signature") ?? "";
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        return c.json({ error: "Invalid signature" }, 401);
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      return c.text("OK", 200);
+    } catch {
+      return c.json({ error: "Internal error" }, 500);
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createWebhookHandler
+});
+//# sourceMappingURL=hono.cjs.map

package/dist/adapters/hono.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/adapters/hono.ts","../../src/webhooks/verify.ts"],"sourcesContent":["import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\nexport type HonoContextLike = {\n  req: {\n    text: () => Promise<string>;\n    header: (name: string) => string | undefined;\n  };\n  json: (body: unknown, status?: number) => unknown;\n  text: (body: string, status?: number) => unknown;\n};\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (c: HonoContextLike) => Promise<unknown> {\n  return async function webhookHandler(c: HonoContextLike): Promise<unknown> {\n    try {\n      const rawPayload = await c.req.text();\n      const signature = c.req.header(\"X-Webhook-Signature\") ?? \"\";\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        return c.json({ error: \"Invalid signature\" }, 401);\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      return c.text(\"OK\", 200);\n    } catch {\n      return c.json({ error: \"Internal error\" }, 500);\n    }\n  };\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAA4C;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,eAAW,+BAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,eAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ADvBO,SAAS,qBACd,SAC0C;AAC1C,SAAO,eAAe,eAAe,GAAsC;AACzE,QAAI;AACF,YAAM,aAAa,MAAM,EAAE,IAAI,KAAK;AACpC,YAAM,YAAY,EAAE,IAAI,OAAO,qBAAqB,KAAK;AAEzD,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,oBAAoB,GAAG,GAAG;AAAA,MACnD;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,aAAO,EAAE,KAAK,MAAM,GAAG;AAAA,IACzB,QAAQ;AACN,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,GAAG,GAAG;AAAA,IAChD;AAAA,EACF;AACF;","names":[]}

package/dist/adapters/hono.d.cts

@@ -0,0 +1,15 @@
+import { W as WebhookHandlerOptions } from '../types-Db_BeRCj.cjs';
+import '../types-DdqKKyqX.cjs';
+import '../types-M1eLMz6w.cjs';
+
+type HonoContextLike = {
+    req: {
+        text: () => Promise<string>;
+        header: (name: string) => string | undefined;
+    };
+    json: (body: unknown, status?: number) => unknown;
+    text: (body: string, status?: number) => unknown;
+};
+declare function createWebhookHandler(options: WebhookHandlerOptions): (c: HonoContextLike) => Promise<unknown>;
+
+export { type HonoContextLike, createWebhookHandler };

package/dist/adapters/hono.d.ts

@@ -0,0 +1,15 @@
+import { W as WebhookHandlerOptions } from '../types-D2Efg3EG.js';
+import '../types-DZ659i6f.js';
+import '../types-M1eLMz6w.js';
+
+type HonoContextLike = {
+    req: {
+        text: () => Promise<string>;
+        header: (name: string) => string | undefined;
+    };
+    json: (body: unknown, status?: number) => unknown;
+    text: (body: string, status?: number) => unknown;
+};
+declare function createWebhookHandler(options: WebhookHandlerOptions): (c: HonoContextLike) => Promise<unknown>;
+
+export { type HonoContextLike, createWebhookHandler };

package/dist/adapters/hono.mjs

@@ -0,0 +1,52 @@
+// src/webhooks/verify.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return timingSafeEqual(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/hono.ts
+function createWebhookHandler(options) {
+  return async function webhookHandler(c) {
+    try {
+      const rawPayload = await c.req.text();
+      const signature = c.req.header("X-Webhook-Signature") ?? "";
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        return c.json({ error: "Invalid signature" }, 401);
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      return c.text("OK", 200);
+    } catch {
+      return c.json({ error: "Internal error" }, 500);
+    }
+  };
+}
+export {
+  createWebhookHandler
+};
+//# sourceMappingURL=hono.mjs.map

package/dist/adapters/hono.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts","../../src/adapters/hono.ts"],"sourcesContent":["import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n","import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\nexport type HonoContextLike = {\n  req: {\n    text: () => Promise<string>;\n    header: (name: string) => string | undefined;\n  };\n  json: (body: unknown, status?: number) => unknown;\n  text: (body: string, status?: number) => unknown;\n};\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (c: HonoContextLike) => Promise<unknown> {\n  return async function webhookHandler(c: HonoContextLike): Promise<unknown> {\n    try {\n      const rawPayload = await c.req.text();\n      const signature = c.req.header(\"X-Webhook-Signature\") ?? \"\";\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        return c.json({ error: \"Invalid signature\" }, 401);\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      return c.text(\"OK\", 200);\n    } catch {\n      return c.json({ error: \"Internal error\" }, 500);\n    }\n  };\n}\n"],"mappings":";AAAA,SAAS,YAAY,uBAAuB;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,WAAW,WAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,WAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ACvBO,SAAS,qBACd,SAC0C;AAC1C,SAAO,eAAe,eAAe,GAAsC;AACzE,QAAI;AACF,YAAM,aAAa,MAAM,EAAE,IAAI,KAAK;AACpC,YAAM,YAAY,EAAE,IAAI,OAAO,qBAAqB,KAAK;AAEzD,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,eAAO,EAAE,KAAK,EAAE,OAAO,oBAAoB,GAAG,GAAG;AAAA,MACnD;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,aAAO,EAAE,KAAK,MAAM,GAAG;AAAA,IACzB,QAAQ;AACN,aAAO,EAAE,KAAK,EAAE,OAAO,iBAAiB,GAAG,GAAG;AAAA,IAChD;AAAA,EACF;AACF;","names":[]}

package/dist/adapters/nextjs.cjs

@@ -0,0 +1,79 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/adapters/nextjs.ts
+var nextjs_exports = {};
+__export(nextjs_exports, {
+  createWebhookHandler: () => createWebhookHandler
+});
+module.exports = __toCommonJS(nextjs_exports);
+
+// src/webhooks/verify.ts
+var import_node_crypto = require("crypto");
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return (0, import_node_crypto.timingSafeEqual)(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/nextjs.ts
+function createWebhookHandler(options) {
+  return async function webhookHandler(request) {
+    try {
+      const rawPayload = await request.text();
+      const signature = request.headers.get("X-Webhook-Signature") ?? "";
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        return new Response("Invalid signature", { status: 401 });
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      return new Response("OK", { status: 200 });
+    } catch {
+      return new Response("Internal error", { status: 500 });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createWebhookHandler
+});
+//# sourceMappingURL=nextjs.cjs.map

package/dist/adapters/nextjs.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/adapters/nextjs.ts","../../src/webhooks/verify.ts"],"sourcesContent":["import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (request: Request) => Promise<Response> {\n  return async function webhookHandler(request: Request): Promise<Response> {\n    try {\n      const rawPayload = await request.text();\n      const signature = request.headers.get(\"X-Webhook-Signature\") ?? \"\";\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        return new Response(\"Invalid signature\", { status: 401 });\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      return new Response(\"OK\", { status: 200 });\n    } catch {\n      return new Response(\"Internal error\", { status: 500 });\n    }\n  };\n}\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAA4C;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,eAAW,+BAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,eAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;ADhCO,SAAS,qBACd,SACyC;AACzC,SAAO,eAAe,eAAe,SAAqC;AACxE,QAAI;AACF,YAAM,aAAa,MAAM,QAAQ,KAAK;AACtC,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAEhE,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,eAAO,IAAI,SAAS,qBAAqB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC1D;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C,QAAQ;AACN,aAAO,IAAI,SAAS,kBAAkB,EAAE,QAAQ,IAAI,CAAC;AAAA,IACvD;AAAA,EACF;AACF;","names":[]}

package/dist/adapters/nextjs.d.cts

@@ -0,0 +1,7 @@
+import { W as WebhookHandlerOptions } from '../types-Db_BeRCj.cjs';
+import '../types-DdqKKyqX.cjs';
+import '../types-M1eLMz6w.cjs';
+
+declare function createWebhookHandler(options: WebhookHandlerOptions): (request: Request) => Promise<Response>;
+
+export { createWebhookHandler };

package/dist/adapters/nextjs.d.ts

@@ -0,0 +1,7 @@
+import { W as WebhookHandlerOptions } from '../types-D2Efg3EG.js';
+import '../types-DZ659i6f.js';
+import '../types-M1eLMz6w.js';
+
+declare function createWebhookHandler(options: WebhookHandlerOptions): (request: Request) => Promise<Response>;
+
+export { createWebhookHandler };

package/dist/adapters/nextjs.mjs

@@ -0,0 +1,52 @@
+// src/webhooks/verify.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return timingSafeEqual(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+
+// src/adapters/nextjs.ts
+function createWebhookHandler(options) {
+  return async function webhookHandler(request) {
+    try {
+      const rawPayload = await request.text();
+      const signature = request.headers.get("X-Webhook-Signature") ?? "";
+      const isValid = verifyWebhook({
+        payload: rawPayload,
+        signature,
+        secret: options.secret
+      });
+      if (!isValid) {
+        return new Response("Invalid signature", { status: 401 });
+      }
+      const payload = JSON.parse(rawPayload);
+      const event = payload.event;
+      const handler = options.handlers[event];
+      if (handler) {
+        await handler(payload);
+      } else if (options.onUnhandledEvent) {
+        await options.onUnhandledEvent(event, payload);
+      }
+      return new Response("OK", { status: 200 });
+    } catch {
+      return new Response("Internal error", { status: 500 });
+    }
+  };
+}
+export {
+  createWebhookHandler
+};
+//# sourceMappingURL=nextjs.mjs.map

package/dist/adapters/nextjs.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts","../../src/adapters/nextjs.ts"],"sourcesContent":["import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n","import { verifyWebhook } from \"../webhooks/verify.js\";\nimport type { WebhookPayload } from \"../webhooks/types.js\";\nimport type { WebhookEventHandler, WebhookHandlerOptions } from \"./types.js\";\n\nexport function createWebhookHandler(\n  options: WebhookHandlerOptions\n): (request: Request) => Promise<Response> {\n  return async function webhookHandler(request: Request): Promise<Response> {\n    try {\n      const rawPayload = await request.text();\n      const signature = request.headers.get(\"X-Webhook-Signature\") ?? \"\";\n\n      const isValid = verifyWebhook({\n        payload: rawPayload,\n        signature,\n        secret: options.secret,\n      });\n\n      if (!isValid) {\n        return new Response(\"Invalid signature\", { status: 401 });\n      }\n\n      const payload = JSON.parse(rawPayload) as WebhookPayload;\n      const event = payload.event;\n      const handler = options.handlers[event] as\n        | WebhookEventHandler<typeof event>\n        | undefined;\n\n      if (handler) {\n        await handler(payload);\n      } else if (options.onUnhandledEvent) {\n        await options.onUnhandledEvent(event, payload);\n      }\n\n      return new Response(\"OK\", { status: 200 });\n    } catch {\n      return new Response(\"Internal error\", { status: 500 });\n    }\n  };\n}\n"],"mappings":";AAAA,SAAS,YAAY,uBAAuB;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,WAAW,WAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,WAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;;;AChCO,SAAS,qBACd,SACyC;AACzC,SAAO,eAAe,eAAe,SAAqC;AACxE,QAAI;AACF,YAAM,aAAa,MAAM,QAAQ,KAAK;AACtC,YAAM,YAAY,QAAQ,QAAQ,IAAI,qBAAqB,KAAK;AAEhE,YAAM,UAAU,cAAc;AAAA,QAC5B,SAAS;AAAA,QACT;AAAA,QACA,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,UAAI,CAAC,SAAS;AACZ,eAAO,IAAI,SAAS,qBAAqB,EAAE,QAAQ,IAAI,CAAC;AAAA,MAC1D;AAEA,YAAM,UAAU,KAAK,MAAM,UAAU;AACrC,YAAM,QAAQ,QAAQ;AACtB,YAAM,UAAU,QAAQ,SAAS,KAAK;AAItC,UAAI,SAAS;AACX,cAAM,QAAQ,OAAO;AAAA,MACvB,WAAW,QAAQ,kBAAkB;AACnC,cAAM,QAAQ,iBAAiB,OAAO,OAAO;AAAA,MAC/C;AAEA,aAAO,IAAI,SAAS,MAAM,EAAE,QAAQ,IAAI,CAAC;AAAA,IAC3C,QAAQ;AACN,aAAO,IAAI,SAAS,kBAAkB,EAAE,QAAQ,IAAI,CAAC;AAAA,IACvD;AAAA,EACF;AACF;","names":[]}