@whatalo/plugin-sdk 1.2.0 → 1.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/express.cjs +101 -10
- package/dist/adapters/express.cjs.map +1 -1
- package/dist/adapters/express.d.cts +9 -7
- package/dist/adapters/express.d.ts +9 -7
- package/dist/adapters/express.mjs +104 -10
- package/dist/adapters/express.mjs.map +1 -1
- package/dist/adapters/hono.cjs +94 -7
- package/dist/adapters/hono.cjs.map +1 -1
- package/dist/adapters/hono.d.cts +4 -3
- package/dist/adapters/hono.d.ts +4 -3
- package/dist/adapters/hono.mjs +97 -7
- package/dist/adapters/hono.mjs.map +1 -1
- package/dist/adapters/nextjs.cjs +94 -7
- package/dist/adapters/nextjs.cjs.map +1 -1
- package/dist/adapters/nextjs.d.cts +4 -3
- package/dist/adapters/nextjs.d.ts +4 -3
- package/dist/adapters/nextjs.mjs +97 -7
- package/dist/adapters/nextjs.mjs.map +1 -1
- package/dist/bridge/index.cjs +33 -2
- package/dist/bridge/index.cjs.map +1 -1
- package/dist/bridge/index.d.cts +17 -5
- package/dist/bridge/index.d.ts +17 -5
- package/dist/bridge/index.mjs +33 -2
- package/dist/bridge/index.mjs.map +1 -1
- package/dist/client/index.cjs +33 -2
- package/dist/client/index.cjs.map +1 -1
- package/dist/client/index.d.cts +29 -1
- package/dist/client/index.d.ts +29 -1
- package/dist/client/index.mjs +33 -2
- package/dist/client/index.mjs.map +1 -1
- package/dist/index.cjs +146 -24
- package/dist/index.cjs.map +1 -1
- package/dist/index.d.cts +6 -3
- package/dist/index.d.ts +6 -3
- package/dist/index.mjs +146 -24
- package/dist/index.mjs.map +1 -1
- package/dist/manifest/index.cjs +2 -17
- package/dist/manifest/index.cjs.map +1 -1
- package/dist/manifest/index.d.cts +10 -4
- package/dist/manifest/index.d.ts +10 -4
- package/dist/manifest/index.mjs +2 -17
- package/dist/manifest/index.mjs.map +1 -1
- package/dist/{types-DcmArIC2.d.ts → types-B8BAV362.d.cts} +24 -1
- package/dist/{types-DcmArIC2.d.cts → types-B8BAV362.d.ts} +24 -1
- package/dist/types-BU71_xQm.d.cts +25 -0
- package/dist/types-BhtVJPgF.d.ts +25 -0
- package/dist/types-Bo9GbqrM.d.ts +133 -0
- package/dist/types-rA6kVlpV.d.cts +133 -0
- package/dist/webhooks/index.cjs +78 -3
- package/dist/webhooks/index.cjs.map +1 -1
- package/dist/webhooks/index.d.cts +11 -4
- package/dist/webhooks/index.d.ts +11 -4
- package/dist/webhooks/index.mjs +78 -3
- package/dist/webhooks/index.mjs.map +1 -1
- package/package.json +4 -1
- package/dist/types-C9mg4aQg.d.ts +0 -19
- package/dist/types-DMuHSL_a.d.cts +0 -19
- package/dist/types-DTjA3FHe.d.ts +0 -68
- package/dist/types-tHUO9u-c.d.cts +0 -68
package/dist/index.mjs
CHANGED
|
@@ -111,6 +111,8 @@ var WhataloClient = class {
|
|
|
111
111
|
inventory;
|
|
112
112
|
/** Webhook resource methods */
|
|
113
113
|
webhooks;
|
|
114
|
+
/** Geo reference data methods */
|
|
115
|
+
geo;
|
|
114
116
|
constructor(options) {
|
|
115
117
|
if (typeof window !== "undefined" && typeof process === "undefined") {
|
|
116
118
|
console.warn(
|
|
@@ -132,6 +134,7 @@ var WhataloClient = class {
|
|
|
132
134
|
this.store = new StoreResource(this);
|
|
133
135
|
this.inventory = new InventoryResource(this);
|
|
134
136
|
this.webhooks = new WebhookResource(this);
|
|
137
|
+
this.geo = new GeoResource(this);
|
|
135
138
|
}
|
|
136
139
|
/**
|
|
137
140
|
* Internal request method shared by all resource namespaces.
|
|
@@ -373,10 +376,10 @@ var InventoryResource = class {
|
|
|
373
376
|
this.client = client;
|
|
374
377
|
}
|
|
375
378
|
async get(productId) {
|
|
376
|
-
return this.client.request("GET", `/products/${productId}
|
|
379
|
+
return this.client.request("GET", `/inventory/products/${productId}`);
|
|
377
380
|
}
|
|
378
381
|
async adjust(productId, data) {
|
|
379
|
-
return this.client.request("PATCH", `/products/${productId}
|
|
382
|
+
return this.client.request("PATCH", `/inventory/products/${productId}`, {
|
|
380
383
|
body: data
|
|
381
384
|
});
|
|
382
385
|
}
|
|
@@ -398,17 +401,57 @@ var WebhookResource = class {
|
|
|
398
401
|
return this.client.request("DELETE", `/webhooks/${id}`);
|
|
399
402
|
}
|
|
400
403
|
};
|
|
404
|
+
var GeoResource = class {
|
|
405
|
+
constructor(client) {
|
|
406
|
+
this.client = client;
|
|
407
|
+
}
|
|
408
|
+
/**
|
|
409
|
+
* List countries.
|
|
410
|
+
* By default returns only supported countries (is_supported=true).
|
|
411
|
+
* Pass `{ all: true }` to retrieve all 250 countries.
|
|
412
|
+
*/
|
|
413
|
+
async listCountries(params) {
|
|
414
|
+
return this.client.request("GET", "/geo/countries", {
|
|
415
|
+
params: params?.all !== void 0 ? { all: params.all } : void 0
|
|
416
|
+
});
|
|
417
|
+
}
|
|
418
|
+
/**
|
|
419
|
+
* Get a single country by ISO 3166-1 alpha-2 code.
|
|
420
|
+
*/
|
|
421
|
+
async getCountry(iso2) {
|
|
422
|
+
return this.client.request("GET", `/geo/countries/${iso2.toUpperCase()}`);
|
|
423
|
+
}
|
|
424
|
+
/**
|
|
425
|
+
* List provinces (states, departments, regions) for a country.
|
|
426
|
+
* Returns an empty array for countries with no province data.
|
|
427
|
+
*/
|
|
428
|
+
async listProvinces(countryIso2) {
|
|
429
|
+
return this.client.request("GET", `/geo/countries/${countryIso2.toUpperCase()}/provinces`);
|
|
430
|
+
}
|
|
431
|
+
};
|
|
401
432
|
|
|
402
433
|
// src/webhooks/verify.ts
|
|
403
434
|
import { createHmac, timingSafeEqual } from "crypto";
|
|
435
|
+
var DEFAULT_TOLERANCE_SECONDS = 300;
|
|
404
436
|
function verifyWebhook({
|
|
405
437
|
payload,
|
|
406
438
|
signature,
|
|
407
|
-
|
|
439
|
+
timestamp,
|
|
440
|
+
secret,
|
|
441
|
+
toleranceSeconds = DEFAULT_TOLERANCE_SECONDS,
|
|
442
|
+
currentTime = Math.floor(Date.now() / 1e3)
|
|
408
443
|
}) {
|
|
409
|
-
if (!payload || !signature || !secret) return false;
|
|
410
|
-
const
|
|
444
|
+
if (!payload || !signature || !secret || timestamp === "") return false;
|
|
445
|
+
const timestampString = String(timestamp);
|
|
446
|
+
const timestampValue = typeof timestamp === "number" ? timestamp : Number(timestamp);
|
|
447
|
+
if (!Number.isInteger(timestampValue)) return false;
|
|
448
|
+
if (!Number.isFinite(toleranceSeconds) || toleranceSeconds < 0) return false;
|
|
449
|
+
if (!Number.isFinite(currentTime)) return false;
|
|
450
|
+
const ageSeconds = Math.abs(currentTime - timestampValue);
|
|
451
|
+
if (ageSeconds > toleranceSeconds) return false;
|
|
452
|
+
const expected = createHmac("sha256", secret).update(`${timestampString}.${payload}`, "utf8").digest("hex");
|
|
411
453
|
if (expected.length !== signature.length) return false;
|
|
454
|
+
if (!/^[a-f0-9]+$/i.test(signature)) return false;
|
|
412
455
|
try {
|
|
413
456
|
return timingSafeEqual(
|
|
414
457
|
Buffer.from(expected, "hex"),
|
|
@@ -419,7 +462,68 @@ function verifyWebhook({
|
|
|
419
462
|
}
|
|
420
463
|
}
|
|
421
464
|
|
|
465
|
+
// src/webhooks/types.ts
|
|
466
|
+
import {
|
|
467
|
+
PUBLIC_WEBHOOK_EVENTS,
|
|
468
|
+
isPublicWebhookEvent
|
|
469
|
+
} from "@whatalo/protocol/events";
|
|
470
|
+
var WEBHOOK_EVENTS = PUBLIC_WEBHOOK_EVENTS;
|
|
471
|
+
function isWebhookEvent(value) {
|
|
472
|
+
return isPublicWebhookEvent(value);
|
|
473
|
+
}
|
|
474
|
+
function isRecord(value) {
|
|
475
|
+
return typeof value === "object" && value !== null && !Array.isArray(value);
|
|
476
|
+
}
|
|
477
|
+
function hasStringId(value) {
|
|
478
|
+
return isRecord(value) && typeof value.id === "string";
|
|
479
|
+
}
|
|
480
|
+
function isOptionalString(value, key) {
|
|
481
|
+
return value[key] === void 0 || typeof value[key] === "string";
|
|
482
|
+
}
|
|
483
|
+
function isRuntimeWebhookStore(value) {
|
|
484
|
+
return isRecord(value) && typeof value.id === "string" && typeof value.timezone === "string" && (value.name === void 0 || typeof value.name === "string");
|
|
485
|
+
}
|
|
486
|
+
function hasValidBasePayloadFields(value) {
|
|
487
|
+
if (!isOptionalString(value, "event_id")) return false;
|
|
488
|
+
if (!isOptionalString(value, "occurred_at")) return false;
|
|
489
|
+
return isRuntimeWebhookStore(value.store);
|
|
490
|
+
}
|
|
491
|
+
function isRuntimeOrderWebhookPayload(value) {
|
|
492
|
+
return hasValidBasePayloadFields(value) && hasStringId(value.order) && (value.customer === void 0 || hasStringId(value.customer));
|
|
493
|
+
}
|
|
494
|
+
function isRuntimeProductWebhookPayload(value) {
|
|
495
|
+
return hasValidBasePayloadFields(value) && hasStringId(value.product);
|
|
496
|
+
}
|
|
497
|
+
function isRuntimeCustomerWebhookPayload(value) {
|
|
498
|
+
return hasValidBasePayloadFields(value) && hasStringId(value.customer);
|
|
499
|
+
}
|
|
500
|
+
function isRuntimeCheckoutCompletedWebhookPayload(value) {
|
|
501
|
+
return hasValidBasePayloadFields(value) && hasStringId(value.order) && hasStringId(value.customer) && isRuntimeWebhookStore(value.store);
|
|
502
|
+
}
|
|
503
|
+
function isRuntimeWebhookPayload(value, event) {
|
|
504
|
+
if (!isRecord(value)) return false;
|
|
505
|
+
switch (event) {
|
|
506
|
+
case WEBHOOK_EVENTS.ORDER_CREATED:
|
|
507
|
+
case WEBHOOK_EVENTS.ORDER_UPDATED:
|
|
508
|
+
case WEBHOOK_EVENTS.ORDER_CANCELLED:
|
|
509
|
+
case WEBHOOK_EVENTS.ORDER_COMPLETED:
|
|
510
|
+
return isRuntimeOrderWebhookPayload(value);
|
|
511
|
+
case WEBHOOK_EVENTS.PRODUCT_CREATED:
|
|
512
|
+
case WEBHOOK_EVENTS.PRODUCT_UPDATED:
|
|
513
|
+
case WEBHOOK_EVENTS.PRODUCT_DELETED:
|
|
514
|
+
return isRuntimeProductWebhookPayload(value);
|
|
515
|
+
case WEBHOOK_EVENTS.CUSTOMER_CREATED:
|
|
516
|
+
case WEBHOOK_EVENTS.CUSTOMER_UPDATED:
|
|
517
|
+
return isRuntimeCustomerWebhookPayload(value);
|
|
518
|
+
case WEBHOOK_EVENTS.CHECKOUT_COMPLETED:
|
|
519
|
+
return isRuntimeCheckoutCompletedWebhookPayload(value);
|
|
520
|
+
default:
|
|
521
|
+
return false;
|
|
522
|
+
}
|
|
523
|
+
}
|
|
524
|
+
|
|
422
525
|
// src/manifest/validate.ts
|
|
526
|
+
import { SCOPE_LIST } from "@whatalo/protocol/scopes";
|
|
423
527
|
var ManifestValidationError = class extends Error {
|
|
424
528
|
errors;
|
|
425
529
|
constructor(errors) {
|
|
@@ -432,23 +536,7 @@ var ManifestValidationError = class extends Error {
|
|
|
432
536
|
var ID_REGEX = /^[a-z0-9][a-z0-9-]*[a-z0-9]$/;
|
|
433
537
|
var SEMVER_REGEX = /^\d+\.\d+\.\d+$/;
|
|
434
538
|
var EMAIL_REGEX = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
|
|
435
|
-
var VALID_PERMISSIONS =
|
|
436
|
-
"read:products",
|
|
437
|
-
"write:products",
|
|
438
|
-
"read:orders",
|
|
439
|
-
"write:orders",
|
|
440
|
-
"read:customers",
|
|
441
|
-
"write:customers",
|
|
442
|
-
"read:inventory",
|
|
443
|
-
"write:inventory",
|
|
444
|
-
"read:store",
|
|
445
|
-
"write:store",
|
|
446
|
-
"read:webhooks",
|
|
447
|
-
"write:webhooks",
|
|
448
|
-
"read:discounts",
|
|
449
|
-
"write:discounts",
|
|
450
|
-
"read:analytics"
|
|
451
|
-
]);
|
|
539
|
+
var VALID_PERMISSIONS = new Set(SCOPE_LIST.map((s) => s.token));
|
|
452
540
|
var VALID_CATEGORIES = /* @__PURE__ */ new Set([
|
|
453
541
|
"analytics",
|
|
454
542
|
"marketing",
|
|
@@ -543,8 +631,11 @@ var DATA_RESOURCE_SCOPE = {
|
|
|
543
631
|
products: "read:products",
|
|
544
632
|
orders: "read:orders",
|
|
545
633
|
customers: "read:customers",
|
|
546
|
-
categories: "read:products"
|
|
634
|
+
categories: "read:products",
|
|
547
635
|
// categories share the products scope
|
|
636
|
+
store: "read:store",
|
|
637
|
+
geo: "read:store"
|
|
638
|
+
// geo is global reference data, scoped to read:store
|
|
548
639
|
};
|
|
549
640
|
var BILLING_OPERATION = {
|
|
550
641
|
GET_PLANS: "getPlans",
|
|
@@ -956,11 +1047,39 @@ function useWhataloData() {
|
|
|
956
1047
|
},
|
|
957
1048
|
[fetchResource]
|
|
958
1049
|
);
|
|
1050
|
+
const storeGet = useCallback3(async () => {
|
|
1051
|
+
const ack = await fetchResource("store", "get");
|
|
1052
|
+
return extractAckData(ack);
|
|
1053
|
+
}, [fetchResource]);
|
|
1054
|
+
const geoCountries = useCallback3(
|
|
1055
|
+
async (params) => {
|
|
1056
|
+
const ack = await fetchResource(
|
|
1057
|
+
"geo",
|
|
1058
|
+
"list",
|
|
1059
|
+
{ ...params, _sub: "countries" }
|
|
1060
|
+
);
|
|
1061
|
+
return extractAckData(ack);
|
|
1062
|
+
},
|
|
1063
|
+
[fetchResource]
|
|
1064
|
+
);
|
|
1065
|
+
const geoProvinces = useCallback3(
|
|
1066
|
+
async (countryIso2) => {
|
|
1067
|
+
const ack = await fetchResource(
|
|
1068
|
+
"geo",
|
|
1069
|
+
"list",
|
|
1070
|
+
{ _sub: "provinces", country: countryIso2 }
|
|
1071
|
+
);
|
|
1072
|
+
return extractAckData(ack);
|
|
1073
|
+
},
|
|
1074
|
+
[fetchResource]
|
|
1075
|
+
);
|
|
959
1076
|
return {
|
|
960
1077
|
products: { list: productsList, get: productsGet },
|
|
961
1078
|
orders: { list: ordersList, get: ordersGet },
|
|
962
1079
|
customers: { list: customersList, get: customersGet },
|
|
963
|
-
categories: { list: categoriesList, get: categoriesGet }
|
|
1080
|
+
categories: { list: categoriesList, get: categoriesGet },
|
|
1081
|
+
store: { get: storeGet },
|
|
1082
|
+
geo: { countries: geoCountries, provinces: geoProvinces }
|
|
964
1083
|
};
|
|
965
1084
|
}
|
|
966
1085
|
|
|
@@ -977,10 +1096,13 @@ export {
|
|
|
977
1096
|
RateLimitError,
|
|
978
1097
|
SDK_VERSION,
|
|
979
1098
|
ValidationError,
|
|
1099
|
+
WEBHOOK_EVENTS,
|
|
980
1100
|
WhataloAPIError,
|
|
981
1101
|
WhataloClient,
|
|
982
1102
|
clearSessionTokenCache,
|
|
983
1103
|
defineApp,
|
|
1104
|
+
isRuntimeWebhookPayload,
|
|
1105
|
+
isWebhookEvent,
|
|
984
1106
|
sessionToken,
|
|
985
1107
|
useAppBridge,
|
|
986
1108
|
useWhataloAction,
|