@youidian/sdk 3.0.0

package/dist/index.cjs

@@ -0,0 +1,823 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  LoginUI: () => LoginUI,
+  PaymentClient: () => PaymentClient,
+  PaymentUI: () => PaymentUI,
+  createLoginUI: () => createLoginUI,
+  createPaymentUI: () => createPaymentUI
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/hosted-modal.ts
+var SDK_SUPPORTED_LOCALES = [
+  "en",
+  "zh-CN",
+  "zh-Hant",
+  "fr",
+  "de",
+  "ja",
+  "es",
+  "ko",
+  "nl",
+  "it",
+  "pt"
+];
+var SDK_DEFAULT_LOCALE = "zh-CN";
+var SDK_LOCALE_ALIASES = {
+  en: "en",
+  "en-us": "en",
+  "en-gb": "en",
+  zh: "zh-CN",
+  "zh-cn": "zh-CN",
+  "zh-tw": "zh-Hant",
+  "zh-hk": "zh-Hant",
+  "zh-hant": "zh-Hant",
+  "zh-hans": "zh-CN",
+  fr: "fr",
+  de: "de",
+  ja: "ja",
+  es: "es",
+  ko: "ko",
+  nl: "nl",
+  it: "it",
+  pt: "pt"
+};
+function matchSupportedBaseLocale(locale) {
+  const base = locale.toLowerCase().split("-")[0];
+  return SDK_SUPPORTED_LOCALES.find((item) => item.toLowerCase() === base);
+}
+function normalizeSdkLocale(locale) {
+  if (!locale) return;
+  const sanitized = locale.trim().replace(/_/g, "-");
+  if (!sanitized) return;
+  const lower = sanitized.toLowerCase();
+  if (SDK_LOCALE_ALIASES[lower]) {
+    return SDK_LOCALE_ALIASES[lower];
+  }
+  let canonical;
+  try {
+    canonical = Intl.getCanonicalLocales(sanitized)[0];
+  } catch {
+    canonical = void 0;
+  }
+  const candidates = [canonical, sanitized].filter(Boolean);
+  for (const candidate of candidates) {
+    const candidateLower = candidate.toLowerCase();
+    if (SDK_LOCALE_ALIASES[candidateLower]) {
+      return SDK_LOCALE_ALIASES[candidateLower];
+    }
+    if (SDK_SUPPORTED_LOCALES.includes(candidate)) {
+      return candidate;
+    }
+    const baseMatch = matchSupportedBaseLocale(candidate);
+    if (baseMatch) {
+      return baseMatch;
+    }
+  }
+}
+function getBrowserLocale() {
+  if (typeof navigator === "undefined") return;
+  for (const candidate of navigator.languages || []) {
+    const normalized = normalizeSdkLocale(candidate);
+    if (normalized) return normalized;
+  }
+  return normalizeSdkLocale(navigator.language);
+}
+function getAutoResolvedLocale(locale) {
+  return normalizeSdkLocale(locale) || getBrowserLocale() || SDK_DEFAULT_LOCALE;
+}
+function applyLocaleToUrl(urlValue, locale) {
+  if (!locale) return urlValue;
+  try {
+    const url = new URL(urlValue);
+    const localePrefix = `/${locale}`;
+    if (!url.pathname.startsWith(`${localePrefix}/`) && url.pathname !== localePrefix) {
+      url.pathname = `${localePrefix}${url.pathname}`;
+    }
+    return url.toString();
+  } catch (_error) {
+    const localePrefix = `/${locale}`;
+    if (!urlValue.startsWith(`${localePrefix}/`) && urlValue !== localePrefix) {
+      return `${localePrefix}${urlValue.startsWith("/") ? "" : "/"}${urlValue}`;
+    }
+    return urlValue;
+  }
+}
+var HostedFrameModal = class {
+  constructor() {
+    __publicField(this, "iframe", null);
+    __publicField(this, "modal", null);
+    __publicField(this, "messageHandler", null);
+  }
+  openHostedFrame(url, options) {
+    if (typeof document === "undefined") return;
+    if (this.modal) return;
+    this.modal = document.createElement("div");
+    Object.assign(this.modal.style, {
+      position: "fixed",
+      top: "0",
+      left: "0",
+      width: "100%",
+      height: "100%",
+      backgroundColor: "rgba(15,23,42,0.52)",
+      display: "flex",
+      alignItems: "center",
+      justifyContent: "center",
+      zIndex: "9999",
+      transition: "opacity 0.3s ease",
+      backdropFilter: "blur(14px)",
+      padding: "16px"
+    });
+    const container = document.createElement("div");
+    Object.assign(container.style, {
+      width: options.width || "450px",
+      height: options.height || "min(600px, 90vh)",
+      backgroundColor: "transparent",
+      borderRadius: "28px",
+      overflow: "visible",
+      position: "relative",
+      boxShadow: "none",
+      maxWidth: "calc(100vw - 32px)",
+      maxHeight: "calc(100vh - 32px)",
+      transition: "height 180ms ease",
+      willChange: "height"
+    });
+    const closeBtn = document.createElement("button");
+    closeBtn.innerHTML = "\xD7";
+    Object.assign(closeBtn.style, {
+      position: "absolute",
+      right: "-14px",
+      top: "-14px",
+      fontSize: "20px",
+      width: "36px",
+      height: "36px",
+      borderRadius: "9999px",
+      border: "1px solid rgba(255,255,255,0.5)",
+      background: "rgba(255,255,255,0.9)",
+      cursor: "pointer",
+      color: "#475569",
+      zIndex: "2",
+      boxShadow: "0 10px 30px rgba(15,23,42,0.16)"
+    });
+    closeBtn.onclick = () => {
+      this.close();
+      options.onCloseButton?.();
+    };
+    this.iframe = document.createElement("iframe");
+    this.iframe.src = url;
+    Object.assign(this.iframe.style, {
+      width: "100%",
+      height: "100%",
+      border: "none",
+      borderRadius: "28px",
+      background: "transparent",
+      display: "block"
+    });
+    container.appendChild(closeBtn);
+    container.appendChild(this.iframe);
+    this.modal.appendChild(container);
+    document.body.appendChild(this.modal);
+    this.messageHandler = (event) => {
+      if (options.allowedOrigin && options.allowedOrigin !== "*") {
+        if (event.origin !== options.allowedOrigin) {
+          return;
+        }
+      }
+      const data = event.data;
+      if (!data || typeof data !== "object" || !data.type) {
+        return;
+      }
+      options.onMessage(data, container);
+    };
+    window.addEventListener("message", this.messageHandler);
+  }
+  close() {
+    if (typeof window === "undefined") return;
+    if (this.messageHandler) {
+      window.removeEventListener("message", this.messageHandler);
+      this.messageHandler = null;
+    }
+    if (this.modal?.parentNode) {
+      this.modal.parentNode.removeChild(this.modal);
+    }
+    this.modal = null;
+    this.iframe = null;
+  }
+};
+
+// src/client.ts
+var PaymentUI = class extends HostedFrameModal {
+  /**
+   * Opens the payment checkout page in an iframe modal.
+   * @param urlOrParams - The checkout page URL or payment parameters
+   * @param options - UI options
+   */
+  openPayment(urlOrParams, options) {
+    if (typeof document === "undefined") return;
+    if (this.modal) return;
+    let checkoutUrl;
+    if (typeof urlOrParams === "string") {
+      checkoutUrl = urlOrParams;
+    } else {
+      const {
+        appId,
+        productId,
+        priceId,
+        productCode,
+        userId,
+        checkoutUrl: checkoutUrlParam,
+        baseUrl = "https://pay.imgto.link"
+      } = urlOrParams;
+      const base = (checkoutUrlParam || baseUrl).replace(/\/$/, "");
+      if (productCode) {
+        checkoutUrl = `${base}/checkout/${appId}/code/${productCode}?userId=${encodeURIComponent(userId)}`;
+      } else if (productId && priceId) {
+        checkoutUrl = `${base}/checkout/${appId}/${productId}/${priceId}?userId=${encodeURIComponent(userId)}`;
+      } else {
+        throw new Error(
+          "Either productCode or both productId and priceId are required"
+        );
+      }
+    }
+    const finalUrl = applyLocaleToUrl(checkoutUrl, options?.locale);
+    this.openHostedFrame(finalUrl, {
+      allowedOrigin: options?.allowedOrigin,
+      onCloseButton: () => options?.onCancel?.(),
+      onMessage: (data, container) => {
+        switch (data.type) {
+          case "PAYMENT_SUCCESS":
+            options?.onSuccess?.(data.orderId);
+            break;
+          case "PAYMENT_CANCELLED":
+            options?.onCancel?.(data.orderId);
+            break;
+          case "PAYMENT_RESIZE":
+            if (data.height) {
+              const maxHeight = window.innerHeight * 0.9;
+              const newHeight = Math.min(data.height, maxHeight);
+              container.style.height = `${newHeight}px`;
+            }
+            break;
+          case "PAYMENT_CLOSE":
+            this.close();
+            options?.onClose?.();
+            break;
+        }
+      }
+    });
+  }
+  /**
+   * Poll order status from integrator's API endpoint
+   * @param statusUrl - The integrator's API endpoint to check order status
+   * @param options - Polling options
+   * @returns Promise that resolves when order is paid or rejects on timeout/failure
+   */
+  async pollOrderStatus(statusUrl, options) {
+    const interval = options?.interval || 3e3;
+    const timeout = options?.timeout || 3e5;
+    const startTime = Date.now();
+    return new Promise((resolve, reject) => {
+      const poll = async () => {
+        try {
+          const response = await fetch(statusUrl);
+          if (!response.ok) {
+            throw new Error(`Status check failed: ${response.status}`);
+          }
+          const status = await response.json();
+          options?.onStatusChange?.(status);
+          if (status.status === "PAID") {
+            resolve(status);
+            return;
+          }
+          if (status.status === "CANCELLED" || status.status === "FAILED") {
+            reject(new Error(`Order ${status.status.toLowerCase()}`));
+            return;
+          }
+          if (Date.now() - startTime > timeout) {
+            reject(new Error("Polling timeout"));
+            return;
+          }
+          setTimeout(poll, interval);
+        } catch (error) {
+          if (Date.now() - startTime > timeout) {
+            reject(error);
+            return;
+          }
+          setTimeout(poll, interval);
+        }
+      };
+      poll();
+    });
+  }
+};
+function createPaymentUI() {
+  return new PaymentUI();
+}
+
+// src/login.ts
+function getOrigin(value) {
+  if (!value) return null;
+  try {
+    return new URL(value).origin;
+  } catch {
+    return null;
+  }
+}
+function buildLoginUrl(params) {
+  const { appId, baseUrl = "https://pay.imgto.link", loginUrl } = params;
+  const rawBase = (loginUrl || baseUrl).replace(/\/$/, "");
+  const parentOrigin = typeof window !== "undefined" ? window.location.origin : void 0;
+  let finalUrl;
+  try {
+    const url = new URL(rawBase);
+    if (!/\/auth\/connect\/[^/]+$/.test(url.pathname)) {
+      url.pathname = `${url.pathname.replace(/\/$/, "")}/auth/connect/${appId}`.replace(
+        /\/{2,}/g,
+        "/"
+      );
+    }
+    finalUrl = url.toString();
+  } catch (_error) {
+    if (/\/auth\/connect\/[^/]+$/.test(rawBase)) {
+      finalUrl = rawBase;
+    } else {
+      finalUrl = `${rawBase}/auth/connect/${appId}`.replace(/\/{2,}/g, "/");
+    }
+  }
+  finalUrl = applyLocaleToUrl(finalUrl, getAutoResolvedLocale(params.locale));
+  try {
+    const url = new URL(finalUrl);
+    if (params.preferredChannel) {
+      url.searchParams.set("preferredChannel", params.preferredChannel);
+    }
+    if (parentOrigin) {
+      url.searchParams.set("origin", parentOrigin);
+    }
+    return url.toString();
+  } catch (_error) {
+    const searchParams = new URLSearchParams();
+    if (params.preferredChannel) {
+      searchParams.set("preferredChannel", params.preferredChannel);
+    }
+    if (parentOrigin) {
+      searchParams.set("origin", parentOrigin);
+    }
+    const query = searchParams.toString();
+    if (!query) {
+      return finalUrl;
+    }
+    const separator = finalUrl.includes("?") ? "&" : "?";
+    return `${finalUrl}${separator}${query}`;
+  }
+}
+function extractLoginResult(data) {
+  return {
+    avatar: data.avatar,
+    channel: data.channel,
+    email: data.email,
+    expiresAt: data.expiresAt,
+    legacyCasdoorId: data.legacyCasdoorId,
+    loginToken: data.loginToken,
+    name: data.name,
+    userId: data.userId,
+    wechatOpenId: data.wechatOpenId,
+    wechatUnionId: data.wechatUnionId
+  };
+}
+var LOGIN_UI_LOG_PREFIX = "[Youidian LoginUI]";
+function logLoginDebug(message, details) {
+  if (typeof console === "undefined") return;
+  console.debug(LOGIN_UI_LOG_PREFIX, message, details || {});
+}
+function logLoginInfo(message, details) {
+  if (typeof console === "undefined") return;
+  console.info(LOGIN_UI_LOG_PREFIX, message, details || {});
+}
+function logLoginWarn(message, details) {
+  if (typeof console === "undefined") return;
+  console.warn(LOGIN_UI_LOG_PREFIX, message, details || {});
+}
+var LoginUI = class {
+  constructor() {
+    __publicField(this, "popup", null);
+    __publicField(this, "messageHandler", null);
+    __publicField(this, "closeMonitor", null);
+    __publicField(this, "completed", false);
+  }
+  cleanup() {
+    if (typeof window !== "undefined" && this.messageHandler) {
+      window.removeEventListener("message", this.messageHandler);
+    }
+    if (typeof window !== "undefined" && this.closeMonitor) {
+      window.clearInterval(this.closeMonitor);
+    }
+    this.messageHandler = null;
+    this.closeMonitor = null;
+    this.popup = null;
+    this.completed = false;
+  }
+  close() {
+    logLoginInfo("close() called", {
+      hasPopup: Boolean(this.popup),
+      popupClosed: this.popup?.closed ?? true
+    });
+    if (this.popup && !this.popup.closed) {
+      this.popup.close();
+    }
+    this.cleanup();
+  }
+  openLogin(params, options) {
+    if (typeof window === "undefined") return;
+    if (this.popup && !this.popup.closed) return;
+    const finalUrl = buildLoginUrl(params);
+    logLoginInfo("Opening hosted login popup", {
+      appId: params.appId,
+      loginUrl: finalUrl,
+      allowedOrigin: options?.allowedOrigin || null,
+      autoClose: options?.autoClose ?? true
+    });
+    const popupWidth = 520;
+    const popupHeight = 720;
+    const left = Math.max(
+      0,
+      Math.round(window.screenX + (window.outerWidth - popupWidth) / 2)
+    );
+    const top = Math.max(
+      0,
+      Math.round(window.screenY + (window.outerHeight - popupHeight) / 2)
+    );
+    const features = [
+      "popup=yes",
+      `width=${popupWidth}`,
+      `height=${popupHeight}`,
+      `left=${left}`,
+      `top=${top}`,
+      "resizable=yes",
+      "scrollbars=yes"
+    ].join(",");
+    const popup = window.open(finalUrl, "youidian-login", features);
+    if (!popup) {
+      logLoginWarn("Popup blocked by the browser");
+      options?.onError?.("Login popup was blocked");
+      return;
+    }
+    this.popup = popup;
+    this.completed = false;
+    const allowedOrigin = options?.allowedOrigin;
+    const popupOrigin = getOrigin(finalUrl);
+    this.messageHandler = (event) => {
+      if (allowedOrigin && allowedOrigin !== "*" && event.origin !== allowedOrigin) {
+        logLoginWarn("Ignored message due to allowedOrigin mismatch", {
+          allowedOrigin,
+          eventOrigin: event.origin
+        });
+        return;
+      }
+      if (!allowedOrigin && popupOrigin && event.origin !== popupOrigin) {
+        logLoginWarn("Ignored message due to popup origin mismatch", {
+          expectedOrigin: popupOrigin,
+          eventOrigin: event.origin
+        });
+        return;
+      }
+      const data = event.data;
+      if (!data || typeof data !== "object" || !data.type) {
+        logLoginDebug("Ignored non-login postMessage payload");
+        return;
+      }
+      logLoginInfo("Received login event", {
+        type: data.type,
+        eventOrigin: event.origin
+      });
+      switch (data.type) {
+        case "LOGIN_SUCCESS":
+          this.completed = true;
+          logLoginInfo("Login succeeded", {
+            channel: data.channel || null,
+            userId: data.userId || null
+          });
+          options?.onSuccess?.(extractLoginResult(data));
+          break;
+        case "LOGIN_CANCELLED":
+          logLoginInfo("Login cancelled");
+          options?.onCancel?.();
+          break;
+        case "LOGIN_RESIZE":
+          break;
+        case "LOGIN_ERROR":
+          logLoginWarn("Login flow reported an error", {
+            message: data.message || data.error || null
+          });
+          options?.onError?.(data.message || data.error, data);
+          break;
+        case "LOGIN_CLOSE":
+          if (options?.autoClose === false) {
+            logLoginInfo("Login popup requested close; autoClose disabled, keeping popup open");
+            options?.onClose?.();
+            break;
+          }
+          logLoginInfo("Login popup requested close; autoClose enabled");
+          this.close();
+          options?.onClose?.();
+          break;
+      }
+    };
+    window.addEventListener("message", this.messageHandler);
+    this.closeMonitor = window.setInterval(() => {
+      if (!this.popup || this.popup.closed) {
+        const shouldTreatAsCancel = !this.completed;
+        logLoginInfo("Detected popup closed", {
+          shouldTreatAsCancel
+        });
+        this.cleanup();
+        if (shouldTreatAsCancel) {
+          options?.onCancel?.();
+        }
+        options?.onClose?.();
+      }
+    }, 500);
+  }
+};
+function createLoginUI() {
+  return new LoginUI();
+}
+
+// src/server.ts
+var import_crypto = __toESM(require("crypto"), 1);
+var PaymentClient = class {
+  // 用于生成 checkout URL
+  constructor(options) {
+    __publicField(this, "appId");
+    __publicField(this, "appSecret");
+    __publicField(this, "apiUrl");
+    // 用于 API 调用
+    __publicField(this, "checkoutUrl");
+    if (!options.appId) throw new Error("appId is required");
+    if (!options.appSecret) throw new Error("appSecret is required");
+    this.appId = options.appId;
+    this.appSecret = options.appSecret;
+    const apiUrl = options.apiUrl || options.baseUrl || "https://pay-api.imgto.link";
+    this.apiUrl = apiUrl.replace(/\/$/, "");
+    const checkoutUrl = options.checkoutUrl || options.baseUrl || "https://pay.imgto.link";
+    this.checkoutUrl = checkoutUrl.replace(/\/$/, "");
+  }
+  /**
+   * Generate SHA256 signature for the request
+   * Logic: SHA256(appId + appSecret + timestamp)
+   */
+  generateSignature(timestamp) {
+    const str = `${this.appId}${this.appSecret}${timestamp}`;
+    return import_crypto.default.createHash("sha256").update(str).digest("hex");
+  }
+  /**
+   * Internal request helper for Gateway API
+   */
+  async request(method, path, body) {
+    const timestamp = Date.now();
+    const signature = this.generateSignature(timestamp);
+    const url = `${this.apiUrl}/api/v1/gateway/${this.appId}${path}`;
+    const headers = {
+      "Content-Type": "application/json",
+      "X-Pay-Timestamp": timestamp.toString(),
+      "X-Pay-Sign": signature
+    };
+    const options = {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : void 0
+    };
+    const response = await fetch(url, options);
+    if (!response.ok) {
+      const errorText = await response.text();
+      throw new Error(`Payment SDK Error (${response.status}): ${errorText}`);
+    }
+    const json = await response.json();
+    if (json.error) {
+      throw new Error(`Payment API Error: ${json.error}`);
+    }
+    return json.data;
+  }
+  /**
+   * Decrypts the callback notification payload using AES-256-GCM.
+   * @param notification - The encrypted notification from payment webhook
+   * @returns Decrypted payment callback data
+   */
+  decryptCallback(notification) {
+    try {
+      const { iv, encryptedData, authTag } = notification;
+      const key = import_crypto.default.createHash("sha256").update(this.appSecret).digest();
+      const decipher = import_crypto.default.createDecipheriv(
+        "aes-256-gcm",
+        key,
+        Buffer.from(iv, "hex")
+      );
+      decipher.setAuthTag(Buffer.from(authTag, "hex"));
+      let decrypted = decipher.update(encryptedData, "hex", "utf8");
+      decrypted += decipher.final("utf8");
+      return JSON.parse(decrypted);
+    } catch (error) {
+      throw new Error(
+        "Failed to decrypt payment callback: Invalid secret or tampered data."
+      );
+    }
+  }
+  /**
+   * Fetch products for the configured app.
+   */
+  async getProducts(options) {
+    const params = new URLSearchParams();
+    if (options?.locale) params.append("locale", options.locale);
+    if (options?.currency) params.append("currency", options.currency);
+    const path = params.toString() ? `/products?${params.toString()}` : "/products";
+    return this.request("GET", path);
+  }
+  /**
+   * Create a new order
+   * @param params - Order creation parameters
+   * @returns Order details with payment parameters
+   */
+  async createOrder(params) {
+    return this.request("POST", "/orders", params);
+  }
+  /**
+   * Create a WeChat Mini Program order (channel fixed to WECHAT_MINI)
+   * @param params - Mini program order parameters
+   * @returns Order details with payment parameters
+   */
+  async createMiniProgramOrder(params) {
+    const { openid, ...rest } = params;
+    return this.request("POST", "/orders", {
+      ...rest,
+      channel: "WECHAT_MINI",
+      openid,
+      metadata: { openid }
+    });
+  }
+  /**
+   * Pay for an existing order
+   * @param orderId - The order ID to pay
+   * @param params - Payment parameters including channel
+   */
+  async payOrder(orderId, params) {
+    return this.request("POST", `/orders/${orderId}/pay`, params);
+  }
+  /**
+   * Query order status
+   * @param orderId - The order ID to query
+   */
+  async getOrderStatus(orderId) {
+    return this.request("GET", `/orders/${orderId}`);
+  }
+  /**
+   * Get order details (full order information)
+   * @param orderId - The order ID to query
+   */
+  async getOrderDetails(orderId) {
+    return this.request("GET", `/orders/${orderId}/details`);
+  }
+  /**
+   * Get orders list with pagination
+   * @param params - Query parameters (pagination, filters)
+   * @returns Orders list and pagination info
+   */
+  async getOrders(params) {
+    const queryParams = new URLSearchParams();
+    if (params?.page) queryParams.append("page", params.page.toString());
+    if (params?.pageSize)
+      queryParams.append("pageSize", params.pageSize.toString());
+    if (params?.userId) queryParams.append("userId", params.userId);
+    if (params?.status) queryParams.append("status", params.status);
+    if (params?.startDate) queryParams.append("startDate", params.startDate);
+    if (params?.endDate) queryParams.append("endDate", params.endDate);
+    const path = queryParams.toString() ? `/orders?${queryParams.toString()}` : "/orders";
+    return this.request("GET", path);
+  }
+  /**
+   * Get user entitlements in the legacy flat shape.
+   * @param userId - User ID
+   */
+  async getEntitlements(userId) {
+    return this.request("GET", `/users/${userId}/entitlements`);
+  }
+  /**
+   * Get user entitlements with full details (type, expiry, reset config, source)
+   * @param userId - User ID
+   */
+  async getEntitlementsDetail(userId) {
+    return this.request("GET", `/users/${userId}/entitlements/detail`);
+  }
+  /**
+   * Ensure user exists and auto-assign trial product if new user
+   * This should be called when user first logs in or registers
+   * @param userId - User ID
+   */
+  async ensureUserWithTrial(userId) {
+    return this.request("POST", `/users/${userId}/entitlements/bootstrap`, {});
+  }
+  /**
+   * Get a single entitlement value
+   * @param userId - User ID
+   * @param key - Entitlement key
+   */
+  async getEntitlementValue(userId, key) {
+    const entitlements = await this.getEntitlements(userId);
+    return entitlements[key] ?? null;
+  }
+  /**
+   * Consume numeric entitlement
+   * @param userId - User ID
+   * @param key - Entitlement key
+   * @param amount - Amount to consume
+   */
+  async consumeEntitlement(userId, key, amount, options) {
+    return this.request("POST", `/users/${userId}/entitlements/consume`, {
+      key,
+      amount,
+      ...options
+    });
+  }
+  /**
+   * Add numeric entitlement (e.g. refund)
+   * @param userId - User ID
+   * @param key - Entitlement key
+   * @param amount - Amount to add
+   */
+  async addEntitlement(userId, key, amount) {
+    return this.request("POST", `/users/${userId}/entitlements/add`, {
+      key,
+      amount
+    });
+  }
+  /**
+   * Toggle boolean entitlement
+   * @param userId - User ID
+   * @param key - Entitlement key
+   * @param enabled - Whether to enable
+   */
+  async toggleEntitlement(userId, key, enabled) {
+    return this.request("POST", `/users/${userId}/entitlements/toggle`, {
+      key,
+      enabled
+    });
+  }
+  /**
+   * Generate checkout URL for client-side payment
+   * @param productId - Product ID
+   * @param priceId - Price ID
+   * @returns Checkout page URL
+   */
+  getCheckoutUrl(productId, priceId) {
+    return `${this.checkoutUrl}/checkout/${this.appId}/${productId}/${priceId}`;
+  }
+  /**
+   * Verify a hosted login token and return the normalized login profile.
+   * This request is signed with your app credentials and routed through the worker API.
+   */
+  async verifyLoginToken(token) {
+    if (!token?.trim()) {
+      throw new Error("login token is required");
+    }
+    return this.request("POST", "/login/tokens/verify", { token: token.trim() });
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  LoginUI,
+  PaymentClient,
+  PaymentUI,
+  createLoginUI,
+  createPaymentUI
+});
+//# sourceMappingURL=index.cjs.map