npm - @yumi-finance/widget - Versions diffs - 1.0.2 → 1.0.3 - Mend

@yumi-finance/widget 1.0.2 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md +65 -307
package/dist/react-types/react/yumi-context.d.ts +1 -2
package/dist/react.js +47 -47
package/dist/yumi-widget.js +1 -1
package/dist/yumi-widget.min.js +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,68 +1,55 @@
 # Yumi Widget
-## How to run the project
+Embeddable Yumi BNPL widget: one script or React components; checkout opens in an iframe. After login in the iframe the widget requests a signature; the merchant returns it from their backend (or locally for testing).
-```bash
-git clone https://github.com/Yumi-Finance/yumi-widget
-npm install
-cp .env.example .env
-npm run dev
-```
-- **Checkout (iframe):** [http://localhost:3001](http://localhost:3001)
-- **Demo:** [http://localhost:8080/demo/](http://localhost:8080/demo/)
+---
-Edit `.env` if you need different `VITE_PRIVY_APP_ID`, `VITE_CHECKOUT_URL`, or `VITE_YUMI_API_BASE_URL`.
+## Install
-## Example
+```bash
+npm install @yumi-finance/widget
+```
-**Script (HTML):**
+CDN (no build):
 ```html
-<!DOCTYPE html>
-<html>
-<head>
-	<title>Checkout</title>
-</head>
-<body>
-	<button id="pay">Pay with Yumi</button>
-	<script src="https://cdn.jsdelivr.net/npm/@yumi-finance/widget@1.0.0/dist/yumi-widget.min.js"></script>
-	<script>
-		const yumi = Yumi.init({
-			publicKey: 'pk_live_xxx',
-			getAppSignature: async (payload) => {
-				const res = await fetch('/api/sign', {
-					method: 'POST',
-					headers: { 'Content-Type': 'application/json' },
-					body: JSON.stringify(payload),
-				})
-				const data = await res.json()
-				if (!res.ok || data.error) throw new Error(data.error || 'Sign failed')
-				return data.appSignature
-			},
-		})
-		document.getElementById('pay').onclick = () => {
-			yumi.open({ orderId: 'order_' + Date.now(), amount: 19900 })
-		}
-	</script>
-</body>
-</html>
+<script src="https://cdn.jsdelivr.net/npm/@yumi-finance/widget@1.0.0/dist/yumi-widget.min.js"></script>
 ```
-**React:**
+---
+## React (example)
+Minimum: `publicKey`, `getAppSignature`, and on click — `open({ orderId, amount })`.
 ```tsx
 import { YumiProvider, useYumi } from '@yumi-finance/widget/react'
+// In production getAppSignature calls your backend and returns appSignature
+const getAppSignature = async (payload: {
+	publicKey: string
+	timestamp: number
+	nonce: string
+	privyUserId: string
+}): Promise<string> => {
+	const res = await fetch('/api/sign', {
+		method: 'POST',
+		headers: { 'Content-Type': 'application/json' },
+		body: JSON.stringify(payload),
+	})
+	const data = await res.json()
+	if (!res.ok || data.error) throw new Error(data.error ?? 'Sign failed')
+	return data.appSignature
+}
 function CheckoutButton() {
 	const { open, isReady, error } = useYumi()
 	return (
 		<>
 			{error && <p>Error: {error.message}</p>}
 			<button
 				disabled={!isReady}
-				onClick={() => open({ orderId: 'order_' + Date.now(), amount: 19900 })}
+				onClick={() => open({ orderId: 'order_' + Date.now(), amount: 0.04 })}
 			>
 				Pay with Yumi
 			</button>
@@ -72,313 +59,84 @@ function CheckoutButton() {
 export default function App() {
 	return (
-		<YumiProvider
-			config={{
-				publicKey: 'pk_live_xxx',
-				getAppSignature: async (payload) => {
-					const res = await fetch('/api/sign', {
-						method: 'POST',
-						headers: { 'Content-Type': 'application/json' },
-						body: JSON.stringify(payload),
-					})
-					const data = await res.json()
-					if (!res.ok || data.error) throw new Error(data.error || 'Sign failed')
-					return data.appSignature
-				},
-			}}
-		>
+		<YumiProvider config={{ publicKey: 'YOUR_PUBLIC_KEY', getAppSignature }}>
 			<CheckoutButton />
 		</YumiProvider>
 	)
 }
 ```
----
-# Yumi Widget Integration
-Yumi BNPL integration: client (merchant site), merchant server, and Yumi Server SDK for signing.
----
-## Overview
-A signature is required to authorize the user in Yumi after login via Privy in the iframe. The widget gives the merchant a payload with `publicKey`, `timestamp`, `nonce`, `privyUserId`; the merchant returns a signature; the SDK sends it to Yumi on login.
+Optional: `onClose`, `onEvent`, `onError`.
 ---
-## 1. Client (Frontend)
-### 1.1. Script Integration
-```html
-<script src="https://cdn.jsdelivr.net/npm/@yumi-finance/widget@1.0.0/dist/yumi-widget.min.js"></script>
-```
+## Script only (no React)
-Or from your own CDN:
-```html
-<script src="https://cdn.yumi.com/yumi-widget.js"></script>
-```
-### 1.2. React
-Install the package and wrap your app (or the part that needs checkout) with `YumiProvider`. Use the `useYumi()` hook to open checkout.
-```bash
-npm install @yumi-finance/widget
-```
-```tsx
-import { YumiProvider, useYumi } from '@yumi-finance/widget/react'
-function PayButton() {
-	const { open, isReady } = useYumi()
-	return (
-		<button
-			disabled={!isReady}
-			onClick={() => open({ orderId: 'order_123', amount: 19900 })}
-		>
-			Pay with Yumi
-		</button>
-	)
-}
-function App() {
-	return (
-		<YumiProvider
-			config={{
-				publicKey: 'pk_live_xxx',
-				getAppSignature: async (payload) => {
-					const res = await fetch('/your-api/sign', {
-						method: 'POST',
-						headers: { 'Content-Type': 'application/json' },
-						body: JSON.stringify(payload),
-					})
-					const data = await res.json()
-					if (!res.ok || data.error) throw new Error(data.error || 'Failed to get signature')
-					return data.appSignature
-				},
-			}}
-		>
-			<PayButton />
-		</YumiProvider>
-	)
-}
-```
-Optional: pass `scriptUrl` to load the loader from a custom URL (default: jsDelivr). `useYumi()` returns `{ open, close, isReady, error }`.
-### 1.3. Initialization and Checkout Opening (script tag only)
+Same contract: `Yumi.init({ publicKey, getAppSignature })`, on click `yumi.open({ orderId, amount })`.
 ```js
 const yumi = Yumi.init({
-	publicKey: 'pk_live_xxx',
+	publicKey: 'YOUR_PUBLIC_KEY',
 	getAppSignature: async payload => {
-		const res = await fetch('/your-api/sign', {
+		const res = await fetch('/api/sign', {
 			method: 'POST',
 			headers: { 'Content-Type': 'application/json' },
 			body: JSON.stringify(payload),
 		})
-		const data = await res.json()
-		if (!res.ok || data.error) {
-			throw new Error(data.error || 'Failed to get signature')
-		}
-		return data.appSignature
+		const { appSignature } = await res.json()
+		if (!res.ok) throw new Error('Sign failed')
+		return appSignature
 	},
 })
-document.getElementById('payBtn').addEventListener('click', () => {
-	yumi.open({
-		orderId: 'order_123',
-		amount: 19900,
-		currency: 'USD',
-	})
-})
+document.getElementById('payBtn').onclick = () => yumi.open({ orderId: 'order_123', amount: 0.04 })
 ```
-### 1.4. `Yumi.init()` Parameters
-| Parameter         | Required         | Description                                                                                                                                                    |
-| ----------------- | ---------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `publicKey`       | Yes              | Merchant public key (from Yumi). Used in the payload for signing and to identify the merchant on the backend.                                                  |
-| `getAppSignature` | Yes (production) | Callback `(payload) => Promise<string>`. Widget passes `{ publicKey, timestamp, nonce, privyUserId }`; merchant returns `appSignature` (e.g. from their backend). |
-| `onClose`         | No               | Callback when checkout is closed.                                                                                                                              |
-| `onEvent`         | No               | Callback for checkout events.                                                                                                                                  |
-| `onError`         | No               | Callback for errors.                                                                                                                                           |
-| `meshConfig`      | No               | Optional Mesh Link config (clientId, clientSecret, useSandbox).                                                                                                |
-### 1.5. Payload for Signing
-In `getAppSignature(payload)` you receive:
-```ts
-{
-	publicKey: string // same publicKey passed to init
-	timestamp: number // Unix timestamp (seconds)
-	nonce: string // unique string
-	privyUserId: string // Privy user ID after login in iframe
-}
-```
-The merchant sends this payload to their backend; the backend signs it and returns `appSignature`. On the backend you can use `payload.privyUserId`.
-### 1.6. `yumi.open()` Options
-| Option     | Required | Description                                      |
-| ---------- | -------- | ------------------------------------------------ |
-| `orderId`  | Yes      | Order/intent ID (e.g. `order_123` or intent id). |
-| `amount`   | Yes      | Amount in smallest units (e.g. cents).           |
-| `currency` | No       | Currency code (e.g. `USD`).                      |
 ---
-## 2. Merchant Server and Yumi Server SDK
-### 2.1. Yumi Server SDK Purpose
-**Yumi Server SDK** is a library for the merchant backend. It does not start an HTTP server and does not call the Yumi API. The SDK provides **only a signing API**: input is the login payload, output is the `appSignature` string (Ed25519, canonicalize, base64).
-The merchant installs the SDK on the server, stores the secret key (from Yumi), and in their endpoint receives the payload from the frontend, calls the signing method, and returns the signature in the response.
-### 2.2. Installation
-```bash
-npm install @yumi/backend-sdk
-```
-### 2.3. Signing API
+## Parameters
-**Method:** sign payload for login.
-**Input (payload):**
+| Where  | Field             | Required | Description                                                                                                                                         |
+| ------ | ----------------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `init` | `publicKey`       | yes      | Merchant public key (from Yumi). Contact the Yumi team to obtain your public and secret keys.                                                       |
+| `init` | `getAppSignature` | yes      | `(payload) => Promise<string>`. Widget passes `{ publicKey, timestamp, nonce, privyUserId }`; you return the signature (usually from your backend). |
+| `open` | `orderId`         | yes      | Order or intent id.                                                                                                                                 |
+| `open` | `amount`          | yes      | Amount (number, e.g. 0.04 in dollars or 4 in cents).                                                                                                |
-```ts
-{
-	publicKey: string
-	timestamp: number
-	nonce: string
-	privyUserId: string
-}
-```
-**Output:** `appSignature` string (base64 Ed25519 signature of canonicalize(payload) with the merchant secret key).
+---
-**Example (Node.js):**
+## Backend signing
-```js
-const { signLoginPayload } = require('@yumi/backend-sdk')
+Contact the Yumi team to get your **public key** and **secret key**. Keep the secret key only on your backend (e.g. in env); never expose it to the frontend.
-app.post('/your-api/sign', async (req, res) => {
-	try {
-		const payload = req.body
-		const appSignature = signLoginPayload(payload, {
-			secretKeyBase64: process.env.YUMI_SECRET_KEY,
-		})
-		res.json({ appSignature })
-	} catch (err) {
-		res.status(400).json({ error: err.message })
-	}
-})
-```
+Your `/api/sign` endpoint receives the payload `{ publicKey, timestamp, nonce, privyUserId }` and must return `{ appSignature }`: the **base64-encoded Ed25519 signature** of the **canonical JSON** of that payload, signed with your secret key.
-**Example with pre-configuration:**
+Example (Node; deps: `tweetnacl`, `tweetnacl-util`, `json-canonicalize`):
 ```js
-const { YumiBackend } = require('@yumi/backend-sdk')
-const yumi = new YumiBackend({
-	secretKeyBase64: process.env.YUMI_SECRET_KEY,
-	publicKeyBase64: process.env.YUMI_PUBLIC_KEY,
-})
+const nacl = require('tweetnacl')
+const util = require('tweetnacl-util')
+const { canonicalize } = require('json-canonicalize')
+function signLoginPayload(payload, secretKeyBase64) {
+	const secretKey = util.decodeBase64(secretKeyBase64)
+	const message = canonicalize(payload)
+	const signature = nacl.sign.detached(util.decodeUTF8(message), secretKey)
+	return util.encodeBase64(signature)
+}
-app.post('/your-api/sign', async (req, res) => {
+app.post('/api/sign', (req, res) => {
 	try {
-		const payload = req.body
-		const appSignature = yumi.signLoginPayload(payload)
-		res.json({ appSignature })
+		res.json({ appSignature: signLoginPayload(req.body, process.env.YUMI_SECRET_KEY) })
 	} catch (err) {
 		res.status(400).json({ error: err.message })
 	}
 })
 ```
-Package and method names may differ; the SDK provides only signing of the payload and returns `appSignature`.
-### 2.4. Security
-- Store the secret key (`YUMI_SECRET_KEY`) only on the backend (env or secret store).
-- Yumi Server SDK does not make network requests; it only computes the signature.
-- The signing endpoint should be callable only from your frontend (CORS; optionally check origin or token).
-### 2.5. Without Server SDK
-The merchant can implement signing themselves: same algorithm (Ed25519, canonicalize payload, base64). Payload contract and `appSignature` format are as above; details are in Yumi cryptography docs. Using the Server SDK is recommended to avoid reimplementing the logic.
----
-## 3. Login Sequence
-1. User logs in inside the Yumi iframe with Privy.
-2. SDK in the iframe builds the payload: `publicKey` (from init), `timestamp`, `nonce`, `privyUserId`.
-3. SDK calls `getAppSignature(payload)` — the request is handled by the merchant frontend.
-4. Merchant frontend sends the payload to their backend (e.g. `POST /your-api/sign`).
-5. Backend signs the payload (Yumi Server SDK or custom) and returns `{ appSignature }`.
-6. Frontend returns `appSignature` to the widget callback.
-7. Widget sends the login request to Yumi with `accessToken`, `identityToken`, `payload`, and `appSignature`.
----
-## 4. Quick Checklist
-**Client:**
-- Include `yumi-widget.js` (CDN or self-hosted).
-- `Yumi.init({ publicKey, getAppSignature, ... })` — in `getAppSignature` call your backend and return `appSignature`.
-- On payment button click: `yumi.open({ orderId, amount, currency? })`.
-**Server:**
-- Install Yumi Server SDK (or implement signing yourself).
-- Endpoint: accept payload, call signing, return `{ appSignature }`.
-- Configure CORS for the frontend domain and, if needed, access checks.
-**Yumi Server SDK:** provides only the signing API (one method for the login payload); it does not provide HTTP and does not call the Yumi API.
 ---
-## 5. Development
-```bash
-npm install
-npm run dev
-```
-- Checkout (iframe): [http://localhost:3001](http://localhost:3001)
-- Demo: [http://localhost:8080/demo/](http://localhost:8080/demo/)
-```bash
-npm run build
-```
-Builds loader (`dist/yumi-widget.js`, `dist/yumi-widget.min.js`) and checkout (`dist/checkout/`).
-| Command                | Description                           |
-| ---------------------- | ------------------------------------- |
-| `npm run dev`          | Loader watch + checkout + demo server |
-| `npm run build`        | Production build                      |
-| `npm run dev:loader`   | Loader only (watch)                   |
-| `npm run dev:checkout` | Checkout only (Vite, port 3001)       |
-| `npm run type-check`   | TypeScript check                      |
-| `npm run lint`         | ESLint                                |
 ## License
 MIT

package/dist/react-types/react/yumi-context.d.ts CHANGED Viewed

@@ -9,8 +9,7 @@ export interface YumiContextValue {
 export declare const YumiContext: import("react").Context<YumiContextValue | null>;
 interface YumiProviderProps {
     config: YumiConfig;
-    scriptUrl?: string;
     children: ReactNode;
 }
-export declare function YumiProvider({ config, scriptUrl, children }: YumiProviderProps): import("react/jsx-runtime").JSX.Element;
+export declare function YumiProvider({ config, children }: YumiProviderProps): import("react/jsx-runtime").JSX.Element;
 export {};

package/dist/react.js CHANGED Viewed

@@ -1,75 +1,75 @@
-import { jsx as h } from "react/jsx-runtime";
-import { createContext as v, useRef as f, useState as m, useEffect as x, useCallback as w, useContext as R } from "react";
-const g = "https://cdn.jsdelivr.net/npm/@yumi-finance/widget@1.0.0/dist/yumi-widget.min.js", p = v(null);
-function C(n) {
-  return new Promise((o, u) => {
+import { jsx as y } from "react/jsx-runtime";
+import { createContext as Y, useRef as a, useState as f, useEffect as h, useCallback as m, useContext as v } from "react";
+const x = "https://cdn.jsdelivr.net/npm/@yumi-finance/widget@1.0.3/dist/yumi-widget.min.js", w = Y(null);
+function R(n) {
+  return new Promise((u, t) => {
     if (typeof document > "u") {
-      u(new Error("Document is not available"));
+      t(new Error("Document is not available"));
       return;
     }
-    const t = document.querySelector(`script[src="${n}"]`);
-    if (t) {
-      const c = window;
-      if (c.Yumi) {
-        o();
+    const s = document.querySelector(`script[src="${n}"]`);
+    if (s) {
+      const l = window;
+      if (l.Yumi) {
+        u();
         return;
       }
-      let d = !1;
-      const s = (l) => {
-        d || (d = !0, l ? u(l) : o());
+      let c = !1;
+      const o = (d) => {
+        c || (c = !0, d ? t(d) : u());
       };
-      t.addEventListener("load", () => s()), t.addEventListener("error", () => s(new Error("Failed to load Yumi script"))), setTimeout(() => {
-        c.Yumi && s();
+      s.addEventListener("load", () => o()), s.addEventListener("error", () => o(new Error("Failed to load Yumi script"))), setTimeout(() => {
+        l.Yumi && o();
       }, 0);
       return;
     }
-    const i = document.createElement("script");
-    i.src = n, i.async = !0, i.onload = () => o(), i.onerror = () => u(new Error("Failed to load Yumi script")), document.head.appendChild(i);
+    const r = document.createElement("script");
+    r.src = n, r.async = !0, r.onload = () => u(), r.onerror = () => t(new Error("Failed to load Yumi script")), document.head.appendChild(r);
   });
 }
-function b({ config: n, scriptUrl: o, children: u }) {
-  const t = f(null), [i, c] = m(!1), [d, s] = m(null), l = f(n);
-  l.current = n, x(() => {
-    let r = !1;
-    return C(o ?? g).then(() => {
-      if (r) return;
+function P({ config: n, children: u }) {
+  const t = a(null), [s, r] = f(!1), [l, c] = f(null), o = a(n);
+  o.current = n, h(() => {
+    let i = !1;
+    return R(x).then(() => {
+      if (i) return;
       const e = window.Yumi;
       if (!(e != null && e.init)) {
-        s(new Error("Yumi widget not available"));
+        c(new Error("Yumi widget not available"));
         return;
       }
-      t.current = e.init(l.current), c(!0);
+      t.current = e.init(o.current), r(!0);
     }).catch((e) => {
-      r || s(e instanceof Error ? e : new Error(String(e)));
+      i || c(e instanceof Error ? e : new Error(String(e)));
     }), () => {
       var e;
-      r = !0, (e = t.current) == null || e.destroy(), t.current = null, c(!1);
+      i = !0, (e = t.current) == null || e.destroy(), t.current = null, r(!1);
     };
-  }, [o]);
-  const E = w(async (r) => {
-    const a = t.current;
-    if (!a)
+  }, []);
+  const d = m(async (i) => {
+    const e = t.current;
+    if (!e)
       throw new Error("Yumi widget is not ready yet");
-    await a.open(r);
-  }, []), y = w(() => {
-    var r;
-    (r = t.current) == null || r.close();
-  }, []), Y = {
-    open: E,
-    close: y,
-    isReady: i,
-    error: d
+    await e.open(i);
+  }, []), p = m(() => {
+    var i;
+    (i = t.current) == null || i.close();
+  }, []), E = {
+    open: d,
+    close: p,
+    isReady: s,
+    error: l
   };
-  return /* @__PURE__ */ h(p.Provider, { value: Y, children: u });
+  return /* @__PURE__ */ y(w.Provider, { value: E, children: u });
 }
-function L() {
-  const n = R(p);
+function S() {
+  const n = v(w);
   if (n === null)
     throw new Error("useYumi must be used within YumiProvider");
   return n;
 }
 export {
-  p as YumiContext,
-  b as YumiProvider,
-  L as useYumi
+  w as YumiContext,
+  P as YumiProvider,
+  S as useYumi
 };

package/dist/yumi-widget.js CHANGED Viewed

@@ -283,7 +283,7 @@
         }
         window.Yumi = {
             init,
-            version: "1.0.2" ,
+            version: "1.0.3" ,
         };
     })();

package/dist/yumi-widget.min.js CHANGED Viewed

	@@ -1 +1 @@
1	- !function(){"use strict";class e{constructor(){Object.defineProperty(this,"iframe",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"overlay",{enumerable:!0,configurable:!0,writable:!0,value:null})}create(e){return this.overlay=document.createElement("div"),this.overlay.id="yumi-checkout-overlay",this.overlay.style.cssText="\n\t\t\tposition: fixed;\n\t\t\tinset: 0;\n\t\t\tz-index: 999999;\n\t\t\tbackground: rgba(0, 0, 0, 0.5);\n\t\t\tdisplay: flex;\n\t\t\talign-items: center;\n\t\t\tjustify-content: center;\n\t\t",this.iframe=document.createElement("iframe"),this.iframe.id="yumi-checkout-iframe",this.iframe.src=e.url,this.iframe.style.cssText="\n\t\t\twidth: 100%;\n\t\t\tmax-width: 500px;\n\t\t\theight: 90vh;\n\t\t\tmax-height: 800px;\n\t\t\tborder: none;\n\t\t\tborder-radius: 12px;\n\t\t\tbackground: white;\n\t\t",this.iframe.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox"),this.iframe.setAttribute("allow","payment; clipboard-read; clipboard-write"),this.overlay.appendChild(this.iframe),document.body.appendChild(this.overlay),this.iframe}resize(e){this.iframe&&(this.iframe.style.height=`${Math.min(e,.9window.innerHeight)}px`)}destroy(){this.overlay&&(this.overlay.remove(),this.overlay=null),this.iframe=null}}class t{constructor(e){Object.defineProperty(this,"targetWindow",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"allowedOrigin",{enumerable:!0,configurable:!0,writable:!0,value:""}),Object.defineProperty(this,"onEvent",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"messageHandler",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.onEvent=e.onEvent,this.messageHandler=this.handleMessage.bind(this)}connect(e,t){this.targetWindow=e,this.allowedOrigin=t.allowedOrigin,window.addEventListener("message",this.messageHandler)}disconnect(){window.removeEventListener("message",this.messageHandler),this.targetWindow=null}send(e){this.targetWindow?this.targetWindow.postMessage(e,this.allowedOrigin):console.warn("Bridge not connected, cannot send message")}handleMessage(e){if(e.source!==this.targetWindow)return;const t=e.data;t&&t.type&&this.onEvent(t)}}const i="https://yumi-sdk-checkout.vercel.app/";class r{constructor(i){Object.defineProperty(this,"config",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"iframeManager",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"bridge",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"currentSessionId",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"currentOpenOptions",{enumerable:!0,configurable:!0,writable:!0,value:null}),this.config=i,this.iframeManager=new e,this.bridge=new t({onEvent:this.handleIframeEvent.bind(this)})}async open(e){if(!e?.orderId)throw new Error("Yumi.open: orderId is required");if(null==e.amount\|\|!Number.isFinite(Number(e.amount)))throw new Error("Yumi.open: amount is required and must be a finite number");this.currentSessionId=this.generateSessionId(),this.currentOpenOptions=e;const t=this.iframeManager.create({url:this.getCheckoutUrl(e),sessionId:this.currentSessionId});this.bridge.connect(t.contentWindow,{allowedOrigin:this.getCheckoutOrigin()})}close(){this.iframeManager.destroy(),this.bridge.disconnect(),this.currentSessionId=null,this.currentOpenOptions=null}destroy(){this.close()}handleIframeEvent(e){switch(e.type){case"LOADED":if(this.currentSessionId&&this.currentOpenOptions){const e={sessionId:this.currentSessionId,publicKey:this.config.publicKey,privyAppId:"cmhx0hub300mgjl0dfm9pg1e6",orderId:this.currentOpenOptions.orderId,amount:this.currentOpenOptions.amount,apiKey:this.config.apiKey};this.bridge.send({type:"INIT",payload:e})}break;case"READY":break;case"RESIZE":this.iframeManager.resize(e.payload.height);break;case"CLOSE":this.close(),this.config.onClose?.();break;case"SUCCESS":case"EVENT":this.config.onEvent?.(e);break;case"ERROR":this.config.onError?.(e.payload);break;case"GET_APP_SIGNATURE":{const{payload:t,requestId:i}=e,r=this.config.getAppSignature;if(!r)return void this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,error:"getAppSignature is not configured"});r(t).then(e=>{this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,appSignature:e})}).catch(e=>{this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,error:e instanceof Error?e.message:String(e)})});break}}}getCheckoutUrl(e){const t=i,r=new URLSearchParams({orderId:e.orderId,session:this.currentSessionId});return e.amount&&r.set("amount",e.amount.toString()),`${t}?${r.toString()}`}getCheckoutOrigin(){const e=i;try{return new URL(e).origin}catch{return"*"}}generateSessionId(){return`sess_${Date.now()}_${Math.random().toString(36).substr(2,9)}`}}window.Yumi?console.warn("Yumi widget already loaded"):window.Yumi={init:function(e){if(!e?.publicKey)throw new Error("Yumi.init: publicKey is required");if("function"!=typeof e.getAppSignature)throw new Error("Yumi.init: getAppSignature is required");return new r(e)},version:"1.0.2"}}();
1	+ !function(){"use strict";class e{constructor(){Object.defineProperty(this,"iframe",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"overlay",{enumerable:!0,configurable:!0,writable:!0,value:null})}create(e){return this.overlay=document.createElement("div"),this.overlay.id="yumi-checkout-overlay",this.overlay.style.cssText="\n\t\t\tposition: fixed;\n\t\t\tinset: 0;\n\t\t\tz-index: 999999;\n\t\t\tbackground: rgba(0, 0, 0, 0.5);\n\t\t\tdisplay: flex;\n\t\t\talign-items: center;\n\t\t\tjustify-content: center;\n\t\t",this.iframe=document.createElement("iframe"),this.iframe.id="yumi-checkout-iframe",this.iframe.src=e.url,this.iframe.style.cssText="\n\t\t\twidth: 100%;\n\t\t\tmax-width: 500px;\n\t\t\theight: 90vh;\n\t\t\tmax-height: 800px;\n\t\t\tborder: none;\n\t\t\tborder-radius: 12px;\n\t\t\tbackground: white;\n\t\t",this.iframe.setAttribute("sandbox","allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox"),this.iframe.setAttribute("allow","payment; clipboard-read; clipboard-write"),this.overlay.appendChild(this.iframe),document.body.appendChild(this.overlay),this.iframe}resize(e){this.iframe&&(this.iframe.style.height=`${Math.min(e,.9window.innerHeight)}px`)}destroy(){this.overlay&&(this.overlay.remove(),this.overlay=null),this.iframe=null}}class t{constructor(e){Object.defineProperty(this,"targetWindow",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"allowedOrigin",{enumerable:!0,configurable:!0,writable:!0,value:""}),Object.defineProperty(this,"onEvent",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"messageHandler",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),this.onEvent=e.onEvent,this.messageHandler=this.handleMessage.bind(this)}connect(e,t){this.targetWindow=e,this.allowedOrigin=t.allowedOrigin,window.addEventListener("message",this.messageHandler)}disconnect(){window.removeEventListener("message",this.messageHandler),this.targetWindow=null}send(e){this.targetWindow?this.targetWindow.postMessage(e,this.allowedOrigin):console.warn("Bridge not connected, cannot send message")}handleMessage(e){if(e.source!==this.targetWindow)return;const t=e.data;t&&t.type&&this.onEvent(t)}}const i="https://yumi-sdk-checkout.vercel.app/";class r{constructor(i){Object.defineProperty(this,"config",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"iframeManager",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"bridge",{enumerable:!0,configurable:!0,writable:!0,value:void 0}),Object.defineProperty(this,"currentSessionId",{enumerable:!0,configurable:!0,writable:!0,value:null}),Object.defineProperty(this,"currentOpenOptions",{enumerable:!0,configurable:!0,writable:!0,value:null}),this.config=i,this.iframeManager=new e,this.bridge=new t({onEvent:this.handleIframeEvent.bind(this)})}async open(e){if(!e?.orderId)throw new Error("Yumi.open: orderId is required");if(null==e.amount\|\|!Number.isFinite(Number(e.amount)))throw new Error("Yumi.open: amount is required and must be a finite number");this.currentSessionId=this.generateSessionId(),this.currentOpenOptions=e;const t=this.iframeManager.create({url:this.getCheckoutUrl(e),sessionId:this.currentSessionId});this.bridge.connect(t.contentWindow,{allowedOrigin:this.getCheckoutOrigin()})}close(){this.iframeManager.destroy(),this.bridge.disconnect(),this.currentSessionId=null,this.currentOpenOptions=null}destroy(){this.close()}handleIframeEvent(e){switch(e.type){case"LOADED":if(this.currentSessionId&&this.currentOpenOptions){const e={sessionId:this.currentSessionId,publicKey:this.config.publicKey,privyAppId:"cmhx0hub300mgjl0dfm9pg1e6",orderId:this.currentOpenOptions.orderId,amount:this.currentOpenOptions.amount,apiKey:this.config.apiKey};this.bridge.send({type:"INIT",payload:e})}break;case"READY":break;case"RESIZE":this.iframeManager.resize(e.payload.height);break;case"CLOSE":this.close(),this.config.onClose?.();break;case"SUCCESS":case"EVENT":this.config.onEvent?.(e);break;case"ERROR":this.config.onError?.(e.payload);break;case"GET_APP_SIGNATURE":{const{payload:t,requestId:i}=e,r=this.config.getAppSignature;if(!r)return void this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,error:"getAppSignature is not configured"});r(t).then(e=>{this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,appSignature:e})}).catch(e=>{this.bridge.send({type:"APP_SIGNATURE_RESPONSE",requestId:i,error:e instanceof Error?e.message:String(e)})});break}}}getCheckoutUrl(e){const t=i,r=new URLSearchParams({orderId:e.orderId,session:this.currentSessionId});return e.amount&&r.set("amount",e.amount.toString()),`${t}?${r.toString()}`}getCheckoutOrigin(){const e=i;try{return new URL(e).origin}catch{return"*"}}generateSessionId(){return`sess_${Date.now()}_${Math.random().toString(36).substr(2,9)}`}}window.Yumi?console.warn("Yumi widget already loaded"):window.Yumi={init:function(e){if(!e?.publicKey)throw new Error("Yumi.init: publicKey is required");if("function"!=typeof e.getAppSignature)throw new Error("Yumi.init: getAppSignature is required");return new r(e)},version:"1.0.3"}}();

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@yumi-finance/widget",
-	"version": "1.0.2",
+	"version": "1.0.3",
 	"description": "Yumi BNPL checkout widget",
 	"type": "module",
 	"main": "dist/yumi-widget.js",