@whatalo/plugin-sdk 1.0.0

package/dist/webhooks/index.cjs

@@ -0,0 +1,50 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/webhooks/index.ts
+var webhooks_exports = {};
+__export(webhooks_exports, {
+  verifyWebhook: () => verifyWebhook
+});
+module.exports = __toCommonJS(webhooks_exports);
+
+// src/webhooks/verify.ts
+var import_node_crypto = require("crypto");
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = (0, import_node_crypto.createHmac)("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return (0, import_node_crypto.timingSafeEqual)(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifyWebhook
+});
+//# sourceMappingURL=index.cjs.map

package/dist/webhooks/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/index.ts","../../src/webhooks/verify.ts"],"sourcesContent":["export { verifyWebhook } from \"./verify.js\";\nexport type { VerifyWebhookParams } from \"./verify.js\";\nexport type {\n  WebhookEvent,\n  WebhookEventData,\n  WebhookPayload,\n} from \"./types.js\";\n","import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACAA,yBAA4C;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,eAAW,+BAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,eAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;","names":[]}

package/dist/webhooks/index.d.cts

@@ -0,0 +1,18 @@
+export { W as WebhookEvent, b as WebhookEventData, a as WebhookPayload } from '../types-DdqKKyqX.cjs';
+import '../types-M1eLMz6w.cjs';
+
+interface VerifyWebhookParams {
+    /** Raw request body as a string (NOT parsed JSON) */
+    payload: string;
+    /** Value of the X-Webhook-Signature header */
+    signature: string;
+    /** App's webhook secret (provided during app installation) */
+    secret: string;
+}
+/**
+ * Verify webhook signature using HMAC-SHA256.
+ * Uses timing-safe comparison to prevent timing attacks.
+ */
+declare function verifyWebhook({ payload, signature, secret, }: VerifyWebhookParams): boolean;
+
+export { type VerifyWebhookParams, verifyWebhook };

package/dist/webhooks/index.d.ts

@@ -0,0 +1,18 @@
+export { W as WebhookEvent, b as WebhookEventData, a as WebhookPayload } from '../types-DZ659i6f.js';
+import '../types-M1eLMz6w.js';
+
+interface VerifyWebhookParams {
+    /** Raw request body as a string (NOT parsed JSON) */
+    payload: string;
+    /** Value of the X-Webhook-Signature header */
+    signature: string;
+    /** App's webhook secret (provided during app installation) */
+    secret: string;
+}
+/**
+ * Verify webhook signature using HMAC-SHA256.
+ * Uses timing-safe comparison to prevent timing attacks.
+ */
+declare function verifyWebhook({ payload, signature, secret, }: VerifyWebhookParams): boolean;
+
+export { type VerifyWebhookParams, verifyWebhook };

package/dist/webhooks/index.mjs

@@ -0,0 +1,23 @@
+// src/webhooks/verify.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function verifyWebhook({
+  payload,
+  signature,
+  secret
+}) {
+  if (!payload || !signature || !secret) return false;
+  const expected = createHmac("sha256", secret).update(payload, "utf8").digest("hex");
+  if (expected.length !== signature.length) return false;
+  try {
+    return timingSafeEqual(
+      Buffer.from(expected, "hex"),
+      Buffer.from(signature, "hex")
+    );
+  } catch {
+    return false;
+  }
+}
+export {
+  verifyWebhook
+};
+//# sourceMappingURL=index.mjs.map

package/dist/webhooks/index.mjs.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/webhooks/verify.ts"],"sourcesContent":["import { createHmac, timingSafeEqual } from \"node:crypto\";\n\nexport interface VerifyWebhookParams {\n  /** Raw request body as a string (NOT parsed JSON) */\n  payload: string;\n  /** Value of the X-Webhook-Signature header */\n  signature: string;\n  /** App's webhook secret (provided during app installation) */\n  secret: string;\n}\n\n/**\n * Verify webhook signature using HMAC-SHA256.\n * Uses timing-safe comparison to prevent timing attacks.\n */\nexport function verifyWebhook({\n  payload,\n  signature,\n  secret,\n}: VerifyWebhookParams): boolean {\n  if (!payload || !signature || !secret) return false;\n\n  const expected = createHmac(\"sha256\", secret)\n    .update(payload, \"utf8\")\n    .digest(\"hex\");\n\n  if (expected.length !== signature.length) return false;\n\n  try {\n    return timingSafeEqual(\n      Buffer.from(expected, \"hex\"),\n      Buffer.from(signature, \"hex\")\n    );\n  } catch {\n    return false;\n  }\n}\n"],"mappings":";AAAA,SAAS,YAAY,uBAAuB;AAerC,SAAS,cAAc;AAAA,EAC5B;AAAA,EACA;AAAA,EACA;AACF,GAAiC;AAC/B,MAAI,CAAC,WAAW,CAAC,aAAa,CAAC,OAAQ,QAAO;AAE9C,QAAM,WAAW,WAAW,UAAU,MAAM,EACzC,OAAO,SAAS,MAAM,EACtB,OAAO,KAAK;AAEf,MAAI,SAAS,WAAW,UAAU,OAAQ,QAAO;AAEjD,MAAI;AACF,WAAO;AAAA,MACL,OAAO,KAAK,UAAU,KAAK;AAAA,MAC3B,OAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AAAA,EACF,QAAQ;AACN,WAAO;AAAA,EACT;AACF;","names":[]}

package/package.json

@@ -0,0 +1,94 @@
+{
+  "name": "@whatalo/plugin-sdk",
+  "version": "1.0.0",
+  "type": "module",
+  "license": "MIT",
+  "description": "Official TypeScript SDK for building Whatalo plugins",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "sideEffects": false,
+  "engines": {
+    "node": ">=18"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    },
+    "./adapters/nextjs": {
+      "types": "./dist/adapters/nextjs.d.ts",
+      "import": "./dist/adapters/nextjs.mjs",
+      "require": "./dist/adapters/nextjs.cjs"
+    },
+    "./adapters/hono": {
+      "types": "./dist/adapters/hono.d.ts",
+      "import": "./dist/adapters/hono.mjs",
+      "require": "./dist/adapters/hono.cjs"
+    },
+    "./adapters/express": {
+      "types": "./dist/adapters/express.d.ts",
+      "import": "./dist/adapters/express.mjs",
+      "require": "./dist/adapters/express.cjs"
+    },
+    "./webhooks": {
+      "types": "./dist/webhooks/index.d.ts",
+      "import": "./dist/webhooks/index.mjs",
+      "require": "./dist/webhooks/index.cjs"
+    },
+    "./manifest": {
+      "types": "./dist/manifest/index.d.ts",
+      "import": "./dist/manifest/index.mjs",
+      "require": "./dist/manifest/index.cjs"
+    },
+    "./bridge": {
+      "types": "./dist/bridge/index.d.ts",
+      "import": "./dist/bridge/index.mjs",
+      "require": "./dist/bridge/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "whatalo",
+    "plugin-sdk",
+    "api",
+    "ecommerce",
+    "latam",
+    "cod"
+  ],
+  "peerDependencies": {
+    "react": ">=18",
+    "react-dom": ">=18"
+  },
+  "peerDependenciesMeta": {
+    "react": {
+      "optional": false
+    },
+    "react-dom": {
+      "optional": false
+    }
+  },
+  "devDependencies": {
+    "@types/react": "^19.0.0",
+    "tsup": "^8.0.0",
+    "typescript": "^5.7.0",
+    "vitest": "^3.2.4"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "vitest": "vitest",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "type-check": "tsc --noEmit",
+    "clean": "rm -rf dist"
+  }
+}