@zendfi/sdk 0.1.1 → 0.2.0

package/dist/index.js

@@ -37,6 +37,7 @@ __export(index_exports, {
   ValidationError: () => ValidationError,
   ZendFiClient: () => ZendFiClient,
   ZendFiError: () => ZendFiError,
+  processWebhook: () => processWebhook,
   verifyExpressWebhook: () => verifyExpressWebhook,
   verifyNextWebhook: () => verifyNextWebhook,
   verifyWebhookSignature: () => verifyWebhookSignature,
@@ -322,14 +323,15 @@ var ZendFiClient = class {
     };
   }
   /**
-   * List all payment links
+   * List all payment links for the authenticated merchant
    */
   async listPaymentLinks() {
-    return [];
+    const response = await this.request("GET", "/api/v1/payment-links");
+    return response.map((link) => ({
+      ...link,
+      url: link.hosted_page_url
+    }));
   }
-  // ===================================================================
-  // INSTALLMENT PLANS - Pay over time
-  // ===================================================================
   /**
    * Create an installment plan
    * Split a purchase into multiple scheduled payments
@@ -380,9 +382,6 @@ var ZendFiClient = class {
       `/api/v1/installment-plans/${planId}/cancel`
     );
   }
-  // ===================================================================
-  // ESCROW - Secure fund holding
-  // ===================================================================
   /**
    * Create an escrow transaction
    * Hold funds until conditions are met
@@ -432,9 +431,6 @@ var ZendFiClient = class {
   async disputeEscrow(escrowId, request) {
     return this.request("POST", `/api/v1/escrows/${escrowId}/dispute`, request);
   }
-  // ===================================================================
-  // INVOICES - Professional billing
-  // ===================================================================
   /**
    * Create an invoice
    */
@@ -486,15 +482,34 @@ var ZendFiClient = class {
       if (!request.payload || !request.signature || !request.secret) {
         return false;
       }
-      const parsedPayload = JSON.parse(request.payload);
-      if (!parsedPayload.event || !parsedPayload.merchant_id || !parsedPayload.timestamp) {
+      let payloadString;
+      let parsedPayload = null;
+      if (typeof request.payload === "string") {
+        payloadString = request.payload;
+        try {
+          parsedPayload = JSON.parse(payloadString);
+        } catch (e) {
+          return false;
+        }
+      } else if (typeof request.payload === "object") {
+        parsedPayload = request.payload;
+        try {
+          payloadString = JSON.stringify(request.payload);
+        } catch (e) {
+          return false;
+        }
+      } else {
+        return false;
+      }
+      if (!parsedPayload || !parsedPayload.event || !parsedPayload.merchant_id || !parsedPayload.timestamp) {
         return false;
       }
-      const computedSignature = this.computeHmacSignature(request.payload, request.secret);
+      const computedSignature = this.computeHmacSignature(payloadString, request.secret);
       return this.timingSafeEqual(request.signature, computedSignature);
-    } catch (error) {
+    } catch (err) {
+      const error = err;
       if (this.config.environment === "development") {
-        console.error("Webhook verification error:", error);
+        console.error("Webhook verification error:", error?.message || String(error));
       }
       return false;
     }
@@ -664,6 +679,147 @@ function verifyWebhookSignature(payload, signature, secret) {
     secret
   });
 }
+
+// src/webhook-handler.ts
+var import_crypto2 = require("crypto");
+var processedWebhooks = /* @__PURE__ */ new Set();
+var defaultIsProcessed = async (webhookId) => {
+  return processedWebhooks.has(webhookId);
+};
+var defaultOnProcessed = async (webhookId) => {
+  processedWebhooks.add(webhookId);
+  if (processedWebhooks.size > 1e4) {
+    const iterator = processedWebhooks.values();
+    for (let i = 0; i < 1e3; i++) {
+      const { value } = iterator.next();
+      if (value) processedWebhooks.delete(value);
+    }
+  }
+};
+function generateWebhookId(payload) {
+  return `${payload.merchant_id}:${payload.event}:${payload.timestamp}`;
+}
+async function processPayload(payload, handlers, config) {
+  try {
+    const webhookId = generateWebhookId(payload);
+    const isProcessed = config.isProcessed || config.checkDuplicate || defaultIsProcessed;
+    const onProcessed = config.onProcessed || config.markProcessed || defaultOnProcessed;
+    const dedupEnabled = !!(config.enableDeduplication || config.isProcessed || config.checkDuplicate);
+    if (dedupEnabled && await isProcessed(webhookId)) {
+      return {
+        success: false,
+        processed: false,
+        event: payload.event,
+        error: "Duplicate webhook",
+        statusCode: 409
+      };
+    }
+    const handler = handlers[payload.event];
+    if (!handler) {
+      return {
+        success: true,
+        processed: false,
+        event: payload.event,
+        statusCode: 200
+      };
+    }
+    await handler(payload.data, payload);
+    await onProcessed(webhookId);
+    return {
+      success: true,
+      processed: true,
+      event: payload.event
+    };
+  } catch (error) {
+    const err = error;
+    if (config?.onError) {
+      await config.onError(err, error?.event);
+    }
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      event: error?.event,
+      statusCode: 500
+    };
+  }
+}
+async function processWebhook(a, b, c) {
+  if (a && typeof a === "object" && a.event && b && c) {
+    return processPayload(a, b, c);
+  }
+  const opts = a;
+  if (!opts || !opts.signature && !opts.body && !opts.handlers) {
+    return {
+      success: false,
+      processed: false,
+      error: "Invalid arguments to processWebhook",
+      statusCode: 400
+    };
+  }
+  const signature = opts.signature;
+  const body = opts.body;
+  const handlers = opts.handlers || {};
+  const cfg = opts.config || {};
+  const secret = cfg.webhookSecret || cfg.secret;
+  if (!secret) {
+    return {
+      success: false,
+      processed: false,
+      error: "Webhook secret not provided",
+      statusCode: 400
+    };
+  }
+  if (!signature || !body) {
+    return {
+      success: false,
+      processed: false,
+      error: "Missing signature or body",
+      statusCode: 400
+    };
+  }
+  try {
+    const sig = typeof signature === "string" && signature.startsWith("sha256=") ? signature.slice("sha256=".length) : String(signature);
+    const hmac = (0, import_crypto2.createHmac)("sha256", secret).update(body, "utf8").digest("hex");
+    let ok = false;
+    try {
+      const sigBuf = Buffer.from(sig, "hex");
+      const hmacBuf = Buffer.from(hmac, "hex");
+      if (sigBuf.length === hmacBuf.length) {
+        ok = (0, import_crypto2.timingSafeEqual)(sigBuf, hmacBuf);
+      }
+    } catch (e) {
+      ok = (0, import_crypto2.timingSafeEqual)(Buffer.from(String(sig), "utf8"), Buffer.from(hmac, "utf8"));
+    }
+    if (!ok) {
+      return {
+        success: false,
+        processed: false,
+        error: "Invalid signature",
+        statusCode: 401
+      };
+    }
+    const payload = JSON.parse(body);
+    const fullConfig = {
+      secret,
+      isProcessed: cfg.isProcessed,
+      onProcessed: cfg.onProcessed,
+      onError: cfg.onError,
+      // Forward compatibility for alternate names and flags
+      enableDeduplication: cfg.enableDeduplication,
+      checkDuplicate: cfg.checkDuplicate,
+      markProcessed: cfg.markProcessed
+    };
+    return await processPayload(payload, handlers, fullConfig);
+  } catch (err) {
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      statusCode: 500
+    };
+  }
+}
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AuthenticationError,
@@ -673,6 +829,7 @@ function verifyWebhookSignature(payload, signature, secret) {
   ValidationError,
   ZendFiClient,
   ZendFiError,
+  processWebhook,
   verifyExpressWebhook,
   verifyNextWebhook,
   verifyWebhookSignature,

package/dist/index.mjs

@@ -1,9 +1,7 @@
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
+import {
+  __require,
+  processWebhook
+} from "./chunk-YFOBPGQE.mjs";
 
 // src/client.ts
 import fetch from "cross-fetch";
@@ -283,14 +281,15 @@ var ZendFiClient = class {
     };
   }
   /**
-   * List all payment links
+   * List all payment links for the authenticated merchant
    */
   async listPaymentLinks() {
-    return [];
+    const response = await this.request("GET", "/api/v1/payment-links");
+    return response.map((link) => ({
+      ...link,
+      url: link.hosted_page_url
+    }));
   }
-  // ===================================================================
-  // INSTALLMENT PLANS - Pay over time
-  // ===================================================================
   /**
    * Create an installment plan
    * Split a purchase into multiple scheduled payments
@@ -341,9 +340,6 @@ var ZendFiClient = class {
       `/api/v1/installment-plans/${planId}/cancel`
     );
   }
-  // ===================================================================
-  // ESCROW - Secure fund holding
-  // ===================================================================
   /**
    * Create an escrow transaction
    * Hold funds until conditions are met
@@ -393,9 +389,6 @@ var ZendFiClient = class {
   async disputeEscrow(escrowId, request) {
     return this.request("POST", `/api/v1/escrows/${escrowId}/dispute`, request);
   }
-  // ===================================================================
-  // INVOICES - Professional billing
-  // ===================================================================
   /**
    * Create an invoice
    */
@@ -447,15 +440,34 @@ var ZendFiClient = class {
       if (!request.payload || !request.signature || !request.secret) {
         return false;
       }
-      const parsedPayload = JSON.parse(request.payload);
-      if (!parsedPayload.event || !parsedPayload.merchant_id || !parsedPayload.timestamp) {
+      let payloadString;
+      let parsedPayload = null;
+      if (typeof request.payload === "string") {
+        payloadString = request.payload;
+        try {
+          parsedPayload = JSON.parse(payloadString);
+        } catch (e) {
+          return false;
+        }
+      } else if (typeof request.payload === "object") {
+        parsedPayload = request.payload;
+        try {
+          payloadString = JSON.stringify(request.payload);
+        } catch (e) {
+          return false;
+        }
+      } else {
         return false;
       }
-      const computedSignature = this.computeHmacSignature(request.payload, request.secret);
+      if (!parsedPayload || !parsedPayload.event || !parsedPayload.merchant_id || !parsedPayload.timestamp) {
+        return false;
+      }
+      const computedSignature = this.computeHmacSignature(payloadString, request.secret);
       return this.timingSafeEqual(request.signature, computedSignature);
-    } catch (error) {
+    } catch (err) {
+      const error = err;
       if (this.config.environment === "development") {
-        console.error("Webhook verification error:", error);
+        console.error("Webhook verification error:", error?.message || String(error));
       }
       return false;
     }
@@ -633,6 +645,7 @@ export {
   ValidationError,
   ZendFiClient,
   ZendFiError,
+  processWebhook,
   verifyExpressWebhook,
   verifyNextWebhook,
   verifyWebhookSignature,

package/dist/nextjs.d.mts

@@ -0,0 +1,37 @@
+import { W as WebhookHandlerConfig, a as WebhookHandlers } from './webhook-handler-BIze3Qop.mjs';
+
+/**
+ * Next.js Webhook Handler for App Router
+ *
+ * @example
+ * ```typescript
+ * // app/api/webhooks/zendfi/route.ts
+ * import { createNextWebhookHandler } from '@zendfi/sdk/nextjs';
+ *
+ * export const POST = createNextWebhookHandler({
+ *   secret: process.env.ZENDFI_WEBHOOK_SECRET!,
+ *   handlers: {
+ *     'payment.confirmed': async (payment) => {
+ *       await db.orders.update({
+ *         where: { id: payment.metadata.orderId },
+ *         data: { status: 'paid' },
+ *       });
+ *     },
+ *     'payment.failed': async (payment) => {
+ *       await sendFailureEmail(payment);
+ *     },
+ *   },
+ * });
+ * ```
+ */
+
+type NextRequest = any;
+interface NextWebhookHandlerConfig extends WebhookHandlerConfig {
+    handlers: WebhookHandlers;
+}
+/**
+ * Create a Next.js App Router webhook handler
+ */
+declare function createNextWebhookHandler(config: NextWebhookHandlerConfig): (request: NextRequest) => Promise<Response>;
+
+export { type NextWebhookHandlerConfig, createNextWebhookHandler };

package/dist/nextjs.d.ts

@@ -0,0 +1,37 @@
+import { W as WebhookHandlerConfig, a as WebhookHandlers } from './webhook-handler-BIze3Qop.js';
+
+/**
+ * Next.js Webhook Handler for App Router
+ *
+ * @example
+ * ```typescript
+ * // app/api/webhooks/zendfi/route.ts
+ * import { createNextWebhookHandler } from '@zendfi/sdk/nextjs';
+ *
+ * export const POST = createNextWebhookHandler({
+ *   secret: process.env.ZENDFI_WEBHOOK_SECRET!,
+ *   handlers: {
+ *     'payment.confirmed': async (payment) => {
+ *       await db.orders.update({
+ *         where: { id: payment.metadata.orderId },
+ *         data: { status: 'paid' },
+ *       });
+ *     },
+ *     'payment.failed': async (payment) => {
+ *       await sendFailureEmail(payment);
+ *     },
+ *   },
+ * });
+ * ```
+ */
+
+type NextRequest = any;
+interface NextWebhookHandlerConfig extends WebhookHandlerConfig {
+    handlers: WebhookHandlers;
+}
+/**
+ * Create a Next.js App Router webhook handler
+ */
+declare function createNextWebhookHandler(config: NextWebhookHandlerConfig): (request: NextRequest) => Promise<Response>;
+
+export { type NextWebhookHandlerConfig, createNextWebhookHandler };

package/dist/nextjs.js

@@ -0,0 +1,227 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/nextjs.ts
+var nextjs_exports = {};
+__export(nextjs_exports, {
+  createNextWebhookHandler: () => createNextWebhookHandler
+});
+module.exports = __toCommonJS(nextjs_exports);
+var import_crypto2 = require("crypto");
+
+// src/webhook-handler.ts
+var import_crypto = require("crypto");
+var processedWebhooks = /* @__PURE__ */ new Set();
+var defaultIsProcessed = async (webhookId) => {
+  return processedWebhooks.has(webhookId);
+};
+var defaultOnProcessed = async (webhookId) => {
+  processedWebhooks.add(webhookId);
+  if (processedWebhooks.size > 1e4) {
+    const iterator = processedWebhooks.values();
+    for (let i = 0; i < 1e3; i++) {
+      const { value } = iterator.next();
+      if (value) processedWebhooks.delete(value);
+    }
+  }
+};
+function generateWebhookId(payload) {
+  return `${payload.merchant_id}:${payload.event}:${payload.timestamp}`;
+}
+async function processPayload(payload, handlers, config) {
+  try {
+    const webhookId = generateWebhookId(payload);
+    const isProcessed = config.isProcessed || config.checkDuplicate || defaultIsProcessed;
+    const onProcessed = config.onProcessed || config.markProcessed || defaultOnProcessed;
+    const dedupEnabled = !!(config.enableDeduplication || config.isProcessed || config.checkDuplicate);
+    if (dedupEnabled && await isProcessed(webhookId)) {
+      return {
+        success: false,
+        processed: false,
+        event: payload.event,
+        error: "Duplicate webhook",
+        statusCode: 409
+      };
+    }
+    const handler = handlers[payload.event];
+    if (!handler) {
+      return {
+        success: true,
+        processed: false,
+        event: payload.event,
+        statusCode: 200
+      };
+    }
+    await handler(payload.data, payload);
+    await onProcessed(webhookId);
+    return {
+      success: true,
+      processed: true,
+      event: payload.event
+    };
+  } catch (error) {
+    const err = error;
+    if (config?.onError) {
+      await config.onError(err, error?.event);
+    }
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      event: error?.event,
+      statusCode: 500
+    };
+  }
+}
+async function processWebhook(a, b, c) {
+  if (a && typeof a === "object" && a.event && b && c) {
+    return processPayload(a, b, c);
+  }
+  const opts = a;
+  if (!opts || !opts.signature && !opts.body && !opts.handlers) {
+    return {
+      success: false,
+      processed: false,
+      error: "Invalid arguments to processWebhook",
+      statusCode: 400
+    };
+  }
+  const signature = opts.signature;
+  const body = opts.body;
+  const handlers = opts.handlers || {};
+  const cfg = opts.config || {};
+  const secret = cfg.webhookSecret || cfg.secret;
+  if (!secret) {
+    return {
+      success: false,
+      processed: false,
+      error: "Webhook secret not provided",
+      statusCode: 400
+    };
+  }
+  if (!signature || !body) {
+    return {
+      success: false,
+      processed: false,
+      error: "Missing signature or body",
+      statusCode: 400
+    };
+  }
+  try {
+    const sig = typeof signature === "string" && signature.startsWith("sha256=") ? signature.slice("sha256=".length) : String(signature);
+    const hmac = (0, import_crypto.createHmac)("sha256", secret).update(body, "utf8").digest("hex");
+    let ok = false;
+    try {
+      const sigBuf = Buffer.from(sig, "hex");
+      const hmacBuf = Buffer.from(hmac, "hex");
+      if (sigBuf.length === hmacBuf.length) {
+        ok = (0, import_crypto.timingSafeEqual)(sigBuf, hmacBuf);
+      }
+    } catch (e) {
+      ok = (0, import_crypto.timingSafeEqual)(Buffer.from(String(sig), "utf8"), Buffer.from(hmac, "utf8"));
+    }
+    if (!ok) {
+      return {
+        success: false,
+        processed: false,
+        error: "Invalid signature",
+        statusCode: 401
+      };
+    }
+    const payload = JSON.parse(body);
+    const fullConfig = {
+      secret,
+      isProcessed: cfg.isProcessed,
+      onProcessed: cfg.onProcessed,
+      onError: cfg.onError,
+      // Forward compatibility for alternate names and flags
+      enableDeduplication: cfg.enableDeduplication,
+      checkDuplicate: cfg.checkDuplicate,
+      markProcessed: cfg.markProcessed
+    };
+    return await processPayload(payload, handlers, fullConfig);
+  } catch (err) {
+    return {
+      success: false,
+      processed: false,
+      error: err.message,
+      statusCode: 500
+    };
+  }
+}
+
+// src/nextjs.ts
+function createNextWebhookHandler(config) {
+  return async (request) => {
+    try {
+      const signature = request.headers.get("x-zendfi-signature");
+      if (!signature) {
+        return new Response(
+          JSON.stringify({ error: "Missing signature" }),
+          { status: 401, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      const body = await request.text();
+      const computedSignature = (0, import_crypto2.createHmac)("sha256", config.secret).update(body, "utf8").digest("hex");
+      const sigBuffer = Buffer.from(signature, "utf8");
+      const compBuffer = Buffer.from(computedSignature, "utf8");
+      if (sigBuffer.length !== compBuffer.length || !(0, import_crypto2.timingSafeEqual)(sigBuffer, compBuffer)) {
+        return new Response(
+          JSON.stringify({ error: "Invalid signature" }),
+          { status: 401, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      let payload;
+      try {
+        payload = JSON.parse(body);
+      } catch {
+        return new Response(
+          JSON.stringify({ error: "Invalid JSON" }),
+          { status: 400, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      const result = await processWebhook(payload, config.handlers, config);
+      if (!result.success) {
+        return new Response(
+          JSON.stringify({ error: result.error || "Webhook processing failed" }),
+          { status: 500, headers: { "Content-Type": "application/json" } }
+        );
+      }
+      return new Response(
+        JSON.stringify({
+          received: true,
+          processed: result.processed,
+          event: result.event
+        }),
+        { status: 200, headers: { "Content-Type": "application/json" } }
+      );
+    } catch (error) {
+      const err = error;
+      console.error("Webhook handler error:", err);
+      return new Response(
+        JSON.stringify({ error: "Internal server error" }),
+        { status: 500, headers: { "Content-Type": "application/json" } }
+      );
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createNextWebhookHandler
+});