@zendfi/sdk 0.1.1 → 0.2.0

package/dist/express.d.mts

@@ -0,0 +1,46 @@
+import { W as WebhookHandlerConfig, a as WebhookHandlers } from './webhook-handler-BIze3Qop.mjs';
+
+/**
+ * Express Webhook Handler
+ *
+ * @example
+ * ```typescript
+ * // src/routes/webhooks.ts
+ * import express from 'express';
+ * import { createExpressWebhookHandler } from '@zendfi/sdk/express';
+ *
+ * const router = express.Router();
+ *
+ * router.post('/zendfi',
+ *   express.raw({ type: 'application/json' }),
+ *   createExpressWebhookHandler({
+ *     secret: process.env.ZENDFI_WEBHOOK_SECRET!,
+ *     handlers: {
+ *       'payment.confirmed': async (payment) => {
+ *         await Order.update({ status: 'paid' }, { where: { id: payment.metadata.orderId } });
+ *       },
+ *       'payment.failed': async (payment) => {
+ *         await sendFailureEmail(payment);
+ *       },
+ *     },
+ *   })
+ * );
+ *
+ * export default router;
+ * ```
+ */
+
+type Request = any;
+type Response = any;
+interface ExpressWebhookHandlerConfig extends WebhookHandlerConfig {
+    handlers: WebhookHandlers;
+}
+/**
+ * Create an Express webhook handler
+ *
+ * IMPORTANT: Must use express.raw() middleware before this handler:
+ * app.post('/webhooks/zendfi', express.raw({ type: 'application/json' }), handler)
+ */
+declare function createExpressWebhookHandler(config: ExpressWebhookHandlerConfig): (req: Request, res: Response) => Promise<any>;
+
+export { type ExpressWebhookHandlerConfig, createExpressWebhookHandler };

package/dist/express.d.ts

@@ -0,0 +1,46 @@
+import { W as WebhookHandlerConfig, a as WebhookHandlers } from './webhook-handler-BIze3Qop.js';
+
+/**
+ * Express Webhook Handler
+ *
+ * @example
+ * ```typescript
+ * // src/routes/webhooks.ts
+ * import express from 'express';
+ * import { createExpressWebhookHandler } from '@zendfi/sdk/express';
+ *
+ * const router = express.Router();
+ *
+ * router.post('/zendfi',
+ *   express.raw({ type: 'application/json' }),
+ *   createExpressWebhookHandler({
+ *     secret: process.env.ZENDFI_WEBHOOK_SECRET!,
+ *     handlers: {
+ *       'payment.confirmed': async (payment) => {
+ *         await Order.update({ status: 'paid' }, { where: { id: payment.metadata.orderId } });
+ *       },
+ *       'payment.failed': async (payment) => {
+ *         await sendFailureEmail(payment);
+ *       },
+ *     },
+ *   })
+ * );
+ *
+ * export default router;
+ * ```
+ */
+
+type Request = any;
+type Response = any;
+interface ExpressWebhookHandlerConfig extends WebhookHandlerConfig {
+    handlers: WebhookHandlers;
+}
+/**
+ * Create an Express webhook handler
+ *
+ * IMPORTANT: Must use express.raw() middleware before this handler:
+ * app.post('/webhooks/zendfi', express.raw({ type: 'application/json' }), handler)
+ */
+declare function createExpressWebhookHandler(config: ExpressWebhookHandlerConfig): (req: Request, res: Response) => Promise<any>;
+
+export { type ExpressWebhookHandlerConfig, createExpressWebhookHandler };

package/dist/express.js

@@ -0,0 +1,220 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/express.ts
+var express_exports = {};
+__export(express_exports, {
+  createExpressWebhookHandler: () => createExpressWebhookHandler
+});
+module.exports = __toCommonJS(express_exports);
+var import_crypto2 = require("crypto");
+
+// src/webhook-handler.ts
+var import_crypto = require("crypto");
+var processedWebhooks = /* @__PURE__ */ new Set();
+var defaultIsProcessed = async (webhookId) => {
+  return processedWebhooks.has(webhookId);
+};
+var defaultOnProcessed = async (webhookId) => {
+  processedWebhooks.add(webhookId);
+  if (processedWebhooks.size > 1e4) {
+    const iterator = processedWebhooks.values();
+    for (let i = 0; i < 1e3; i++) {
+      const { value } = iterator.next();
+      if (value) processedWebhooks.delete(value);
+    }
+  }
+};
+function generateWebhookId(payload) {
+  return `${payload.merchant_id}:${payload.event}:${payload.timestamp}`;
+}
+async function processPayload(payload, handlers, config) {
+  try {
+    const webhookId = generateWebhookId(payload);
+    const isProcessed = config.isProcessed || config.checkDuplicate || defaultIsProcessed;
+    const onProcessed = config.onProcessed || config.markProcessed || defaultOnProcessed;
+    const dedupEnabled = !!(config.enableDeduplication || config.isProcessed || config.checkDuplicate);
+    if (dedupEnabled && await isProcessed(webhookId)) {
+      return {
+        success: false,
+        processed: false,
+        event: payload.event,
+        error: "Duplicate webhook",
+        statusCode: 409
+      };
+    }
+    const handler = handlers[payload.event];
+    if (!handler) {
+      return {
+        success: true,
+        processed: false,
+        event: payload.event,
+        statusCode: 200
+      };
+    }
+    await handler(payload.data, payload);
+    await onProcessed(webhookId);
+    return {
+      success: true,
+      processed: true,
+      event: payload.event
+    };
+  } catch (error) {
+    const err = error;
+    if (config?.onError) {
+      await config.onError(err, error?.event);
+    }
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      event: error?.event,
+      statusCode: 500
+    };
+  }
+}
+async function processWebhook(a, b, c) {
+  if (a && typeof a === "object" && a.event && b && c) {
+    return processPayload(a, b, c);
+  }
+  const opts = a;
+  if (!opts || !opts.signature && !opts.body && !opts.handlers) {
+    return {
+      success: false,
+      processed: false,
+      error: "Invalid arguments to processWebhook",
+      statusCode: 400
+    };
+  }
+  const signature = opts.signature;
+  const body = opts.body;
+  const handlers = opts.handlers || {};
+  const cfg = opts.config || {};
+  const secret = cfg.webhookSecret || cfg.secret;
+  if (!secret) {
+    return {
+      success: false,
+      processed: false,
+      error: "Webhook secret not provided",
+      statusCode: 400
+    };
+  }
+  if (!signature || !body) {
+    return {
+      success: false,
+      processed: false,
+      error: "Missing signature or body",
+      statusCode: 400
+    };
+  }
+  try {
+    const sig = typeof signature === "string" && signature.startsWith("sha256=") ? signature.slice("sha256=".length) : String(signature);
+    const hmac = (0, import_crypto.createHmac)("sha256", secret).update(body, "utf8").digest("hex");
+    let ok = false;
+    try {
+      const sigBuf = Buffer.from(sig, "hex");
+      const hmacBuf = Buffer.from(hmac, "hex");
+      if (sigBuf.length === hmacBuf.length) {
+        ok = (0, import_crypto.timingSafeEqual)(sigBuf, hmacBuf);
+      }
+    } catch (e) {
+      ok = (0, import_crypto.timingSafeEqual)(Buffer.from(String(sig), "utf8"), Buffer.from(hmac, "utf8"));
+    }
+    if (!ok) {
+      return {
+        success: false,
+        processed: false,
+        error: "Invalid signature",
+        statusCode: 401
+      };
+    }
+    const payload = JSON.parse(body);
+    const fullConfig = {
+      secret,
+      isProcessed: cfg.isProcessed,
+      onProcessed: cfg.onProcessed,
+      onError: cfg.onError,
+      // Forward compatibility for alternate names and flags
+      enableDeduplication: cfg.enableDeduplication,
+      checkDuplicate: cfg.checkDuplicate,
+      markProcessed: cfg.markProcessed
+    };
+    return await processPayload(payload, handlers, fullConfig);
+  } catch (err) {
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      statusCode: 500
+    };
+  }
+}
+
+// src/express.ts
+function createExpressWebhookHandler(config) {
+  return async (req, res) => {
+    try {
+      const signature = req.headers["x-zendfi-signature"];
+      if (!signature) {
+        return res.status(401).json({ error: "Missing signature" });
+      }
+      let body;
+      if (Buffer.isBuffer(req.body)) {
+        body = req.body.toString("utf8");
+      } else if (typeof req.body === "string") {
+        body = req.body;
+      } else {
+        return res.status(400).json({
+          error: "Raw body required. Use express.raw() middleware."
+        });
+      }
+      const computedSignature = (0, import_crypto2.createHmac)("sha256", config.secret).update(body, "utf8").digest("hex");
+      const sigBuffer = Buffer.from(signature, "utf8");
+      const compBuffer = Buffer.from(computedSignature, "utf8");
+      if (sigBuffer.length !== compBuffer.length || !(0, import_crypto2.timingSafeEqual)(sigBuffer, compBuffer)) {
+        return res.status(401).json({ error: "Invalid signature" });
+      }
+      let payload;
+      try {
+        payload = JSON.parse(body);
+      } catch {
+        return res.status(400).json({ error: "Invalid JSON" });
+      }
+      const result = await processWebhook(payload, config.handlers, config);
+      if (!result.success) {
+        return res.status(500).json({
+          error: result.error || "Webhook processing failed"
+        });
+      }
+      return res.json({
+        received: true,
+        processed: result.processed,
+        event: result.event
+      });
+    } catch (error) {
+      const err = error;
+      console.error("Webhook handler error:", err);
+      return res.status(500).json({ error: "Internal server error" });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createExpressWebhookHandler
+});

package/dist/express.mjs

@@ -0,0 +1,56 @@
+import {
+  processWebhook
+} from "./chunk-YFOBPGQE.mjs";
+
+// src/express.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function createExpressWebhookHandler(config) {
+  return async (req, res) => {
+    try {
+      const signature = req.headers["x-zendfi-signature"];
+      if (!signature) {
+        return res.status(401).json({ error: "Missing signature" });
+      }
+      let body;
+      if (Buffer.isBuffer(req.body)) {
+        body = req.body.toString("utf8");
+      } else if (typeof req.body === "string") {
+        body = req.body;
+      } else {
+        return res.status(400).json({
+          error: "Raw body required. Use express.raw() middleware."
+        });
+      }
+      const computedSignature = createHmac("sha256", config.secret).update(body, "utf8").digest("hex");
+      const sigBuffer = Buffer.from(signature, "utf8");
+      const compBuffer = Buffer.from(computedSignature, "utf8");
+      if (sigBuffer.length !== compBuffer.length || !timingSafeEqual(sigBuffer, compBuffer)) {
+        return res.status(401).json({ error: "Invalid signature" });
+      }
+      let payload;
+      try {
+        payload = JSON.parse(body);
+      } catch {
+        return res.status(400).json({ error: "Invalid JSON" });
+      }
+      const result = await processWebhook(payload, config.handlers, config);
+      if (!result.success) {
+        return res.status(500).json({
+          error: result.error || "Webhook processing failed"
+        });
+      }
+      return res.json({
+        received: true,
+        processed: result.processed,
+        event: result.event
+      });
+    } catch (error) {
+      const err = error;
+      console.error("Webhook handler error:", err);
+      return res.status(500).json({ error: "Internal server error" });
+    }
+  };
+}
+export {
+  createExpressWebhookHandler
+};