better-auth-payu 0.1.0

package/dist/index.js

@@ -0,0 +1,1814 @@
+import { t as PAYU_ERROR_CODES } from "./error-codes-CZKuS8SB.js";
+import { APIError, createEndpoint, createMiddleware } from "better-call";
+import { z } from "zod";
+import { defu } from "defu";
+import { createHmac } from "crypto";
+import { mergeSchema } from "better-auth/db";
+
+//#region node_modules/@better-auth/core/dist/context/global.mjs
+const symbol = Symbol.for("better-auth:global");
+let bind = null;
+const __context = {};
+const __betterAuthVersion = "1.4.18";
+/**
+* We store context instance in the globalThis.
+*
+* The reason we do this is that some bundlers, web framework, or package managers might
+* create multiple copies of BetterAuth in the same process intentionally or unintentionally.
+*
+* For example, yarn v1, Next.js, SSR, Vite...
+*
+* @internal
+*/
+function __getBetterAuthGlobal() {
+	if (!globalThis[symbol]) {
+		globalThis[symbol] = {
+			version: __betterAuthVersion,
+			epoch: 1,
+			context: __context
+		};
+		bind = globalThis[symbol];
+	}
+	bind = globalThis[symbol];
+	if (bind.version !== __betterAuthVersion) {
+		bind.version = __betterAuthVersion;
+		bind.epoch++;
+	}
+	return globalThis[symbol];
+}
+
+//#endregion
+//#region node_modules/@better-auth/core/dist/async_hooks/index.mjs
+const AsyncLocalStoragePromise = import(
+	/* @vite-ignore */
+	/* webpackIgnore: true */
+	"node:async_hooks"
+).then((mod) => mod.AsyncLocalStorage).catch((err) => {
+	if ("AsyncLocalStorage" in globalThis) return globalThis.AsyncLocalStorage;
+	if (typeof window !== "undefined") return null;
+	console.warn("[better-auth] Warning: AsyncLocalStorage is not available in this environment. Some features may not work as expected.");
+	console.warn("[better-auth] Please read more about this warning at https://better-auth.com/docs/installation#mount-handler");
+	console.warn("[better-auth] If you are using Cloudflare Workers, please see: https://developers.cloudflare.com/workers/configuration/compatibility-flags/#nodejs-compatibility-flag");
+	throw err;
+});
+async function getAsyncLocalStorage() {
+	const mod = await AsyncLocalStoragePromise;
+	if (mod === null) throw new Error("getAsyncLocalStorage is only available in server code");
+	else return mod;
+}
+
+//#endregion
+//#region node_modules/@better-auth/core/dist/context/endpoint-context.mjs
+const ensureAsyncStorage = async () => {
+	const betterAuthGlobal = __getBetterAuthGlobal();
+	if (!betterAuthGlobal.context.endpointContextAsyncStorage) {
+		const AsyncLocalStorage$1 = await getAsyncLocalStorage();
+		betterAuthGlobal.context.endpointContextAsyncStorage = new AsyncLocalStorage$1();
+	}
+	return betterAuthGlobal.context.endpointContextAsyncStorage;
+};
+async function runWithEndpointContext(context, fn) {
+	return (await ensureAsyncStorage()).run(context, fn);
+}
+
+//#endregion
+//#region node_modules/@better-auth/core/dist/api/index.mjs
+const optionsMiddleware = createMiddleware(async () => {
+	/**
+	* This will be passed on the instance of
+	* the context. Used to infer the type
+	* here.
+	*/
+	return {};
+});
+const createAuthMiddleware = createMiddleware.create({ use: [optionsMiddleware, createMiddleware(async () => {
+	return {};
+})] });
+const use = [optionsMiddleware];
+function createAuthEndpoint(pathOrOptions, handlerOrOptions, handlerOrNever) {
+	const path = typeof pathOrOptions === "string" ? pathOrOptions : void 0;
+	const options = typeof handlerOrOptions === "object" ? handlerOrOptions : pathOrOptions;
+	const handler = typeof handlerOrOptions === "function" ? handlerOrOptions : handlerOrNever;
+	if (path) return createEndpoint(path, {
+		...options,
+		use: [...options?.use || [], ...use]
+	}, async (ctx) => runWithEndpointContext(ctx, () => handler(ctx)));
+	return createEndpoint({
+		...options,
+		use: [...options?.use || [], ...use]
+	}, async (ctx) => runWithEndpointContext(ctx, () => handler(ctx)));
+}
+
+//#endregion
+//#region src/metadata.ts
+const customerUdf = {
+	keys: [
+		"customerType",
+		"userId",
+		"organizationId"
+	],
+	set(internalFields, userUdf) {
+		return defu({
+			udf1: internalFields.customerType,
+			udf2: "userId" in internalFields ? internalFields.userId : void 0,
+			udf3: "organizationId" in internalFields ? internalFields.organizationId : void 0
+		}, userUdf || {});
+	},
+	get(udf) {
+		if (!udf) return {
+			userId: void 0,
+			organizationId: void 0,
+			customerType: void 0
+		};
+		return {
+			userId: udf.udf2,
+			organizationId: udf.udf3,
+			customerType: udf.udf1
+		};
+	}
+};
+const subscriptionUdf = {
+	keys: [
+		"userId",
+		"subscriptionId",
+		"referenceId"
+	],
+	set(internalFields, userUdf) {
+		return defu({
+			udf2: internalFields.userId,
+			udf4: internalFields.subscriptionId,
+			udf5: internalFields.referenceId
+		}, userUdf || {});
+	},
+	get(udf) {
+		if (!udf) return {
+			userId: void 0,
+			subscriptionId: void 0,
+			referenceId: void 0
+		};
+		return {
+			userId: udf.udf2,
+			subscriptionId: udf.udf4,
+			referenceId: udf.udf5
+		};
+	}
+};
+/**
+* Convert a PayUUdf object to individual udf params for API calls.
+*/
+function udfToParams(udf) {
+	const params = {};
+	for (let i = 1; i <= 10; i++) {
+		const key = `udf${i}`;
+		if (udf[key]) params[key] = udf[key];
+	}
+	return params;
+}
+/**
+* Extract UDF fields from a PayU response/webhook into a PayUUdf object.
+*/
+function paramsToUdf(params) {
+	const udf = {};
+	for (let i = 1; i <= 10; i++) {
+		const key = `udf${i}`;
+		if (params[key]) udf[key] = params[key];
+	}
+	return udf;
+}
+
+//#endregion
+//#region src/hooks.ts
+async function findSubscriptionByTxnId(adapter, txnid) {
+	return await adapter.findOne({
+		model: "subscription",
+		where: [{
+			field: "payuTransactionId",
+			value: txnid
+		}]
+	});
+}
+async function findSubscriptionByUdf(adapter, event) {
+	const udf = paramsToUdf(event);
+	const subUdf = subscriptionUdf.get(udf);
+	if (subUdf.subscriptionId) return await adapter.findOne({
+		model: "subscription",
+		where: [{
+			field: "id",
+			value: subUdf.subscriptionId
+		}]
+	});
+	return null;
+}
+async function findSubscription(adapter, event) {
+	const byTxn = await findSubscriptionByTxnId(adapter, event.txnid);
+	if (byTxn) return byTxn;
+	return findSubscriptionByUdf(adapter, event);
+}
+async function onPaymentSuccess(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	if (!event.txnid) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "active",
+					payuMihpayid: event.mihpayid,
+					paidCount: (sub.paidCount || 0) + 1,
+					remainingCount: sub.totalCount != null ? Math.max((sub.totalCount || 0) - ((sub.paidCount || 0) + 1), 0) : null,
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onPaymentSuccess?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		} else ctx.context.logger.warn(`PayU: payment success for txnid ${event.txnid} but subscription not found`);
+	} catch (err) {
+		ctx.context.logger.error(`PayU onPaymentSuccess error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onPaymentFailure(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) await ctx.context.adapter.update({
+			model: "subscription",
+			where: [{
+				field: "id",
+				value: sub.id
+			}],
+			update: {
+				status: "pending",
+				updatedAt: /* @__PURE__ */ new Date()
+			}
+		});
+		await options.subscription.onPaymentFailure?.({
+			event,
+			error: event.error || event.field9 || "Payment failed"
+		});
+	} catch (err) {
+		ctx.context.logger.error(`PayU onPaymentFailure error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionActivated(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	if (!event.txnid) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "active",
+					payuMihpayid: event.mihpayid,
+					currentStart: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionActivated?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		} else ctx.context.logger.warn(`PayU: subscription activated for txnid ${event.txnid} but subscription not found`);
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionActivated error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionPending(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "pending",
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionPending?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionPending error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionHalted(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "halted",
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionHalted?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionHalted error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionCompleted(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "completed",
+					endedAt: /* @__PURE__ */ new Date(),
+					remainingCount: 0,
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionCompleted?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionCompleted error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionCancelled(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "cancelled",
+					cancelledAt: /* @__PURE__ */ new Date(),
+					endedAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionCancelled?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		} else ctx.context.logger.warn(`PayU: subscription cancelled for txnid ${event.txnid} but subscription not found`);
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionCancelled error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionPaused(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "paused",
+					pausedAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionPaused?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionPaused error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onSubscriptionResumed(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "active",
+					pausedAt: null,
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onSubscriptionResumed?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onSubscriptionResumed error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onMandateRevoked(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: {
+					status: "cancelled",
+					cancelledAt: /* @__PURE__ */ new Date(),
+					endedAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onMandateRevoked?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onMandateRevoked error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+async function onMandateModified(ctx, options, event) {
+	if (!options.subscription?.enabled) return;
+	try {
+		const sub = await findSubscription(ctx.context.adapter, event);
+		if (sub) {
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: sub.id
+				}],
+				update: { updatedAt: /* @__PURE__ */ new Date() }
+			});
+			const plan = options.subscription.plans ? (typeof options.subscription.plans === "function" ? await options.subscription.plans() : options.subscription.plans).find((p) => p.name === sub.plan) : void 0;
+			await options.subscription.onMandateModified?.({
+				subscription: sub,
+				plan,
+				event
+			});
+		}
+	} catch (err) {
+		ctx.context.logger.error(`PayU onMandateModified error: ${err instanceof Error ? err.message : String(err)}`);
+	}
+}
+
+//#endregion
+//#region src/utils.ts
+function createAPIError(status, message) {
+	return new APIError(status, { body: {
+		message,
+		code: message
+	} });
+}
+/**
+* Generate PayU hash using HMAC-SHA256 with merchant salt.
+* Hash formula: sha512(key|txnid|amount|productinfo|firstname|email|udf1|...|udf10||salt)
+*/
+function generatePayUHash(params, salt) {
+	const hashString = [
+		params.key,
+		params.txnid,
+		params.amount,
+		params.productinfo,
+		params.firstname,
+		params.email,
+		params.udf1 || "",
+		params.udf2 || "",
+		params.udf3 || "",
+		params.udf4 || "",
+		params.udf5 || "",
+		params.udf6 || "",
+		params.udf7 || "",
+		params.udf8 || "",
+		params.udf9 || "",
+		params.udf10 || "",
+		salt
+	].join("|");
+	return createHmac("sha512", "").update(hashString).digest("hex");
+}
+/**
+* Verify PayU webhook/response hash.
+* Reverse hash: sha512(salt|status||||||||||udf10|udf9|...|udf1|email|firstname|productinfo|amount|txnid|key)
+*/
+function verifyPayUHash(params, salt, receivedHash) {
+	const reverseHashString = [
+		salt,
+		params.status,
+		"",
+		"",
+		"",
+		"",
+		"",
+		"",
+		"",
+		"",
+		"",
+		params.udf10 || "",
+		params.udf9 || "",
+		params.udf8 || "",
+		params.udf7 || "",
+		params.udf6 || "",
+		params.udf5 || "",
+		params.udf4 || "",
+		params.udf3 || "",
+		params.udf2 || "",
+		params.udf1 || "",
+		params.email,
+		params.firstname,
+		params.productinfo,
+		params.amount,
+		params.txnid,
+		params.key
+	].join("|");
+	return createHmac("sha512", "").update(reverseHashString).digest("hex") === receivedHash;
+}
+async function getPlans(subscriptionOptions) {
+	if (subscriptionOptions?.enabled) return typeof subscriptionOptions.plans === "function" ? await subscriptionOptions.plans() : subscriptionOptions.plans || [];
+	throw new Error("Subscriptions are not enabled in the PayU options.");
+}
+async function getPlanByName(options, name) {
+	return await getPlans(options.subscription).then((res) => res.find((plan) => plan.name.toLowerCase() === name.toLowerCase()));
+}
+async function getPlanByPlanId(options, planId) {
+	return await getPlans(options.subscription).then((res) => res.find((plan) => plan.planId === planId || plan.annualPlanId === planId));
+}
+function isActive(sub) {
+	return sub.status === "active";
+}
+function isAuthenticated(sub) {
+	return sub.status === "authenticated";
+}
+function isPaused(sub) {
+	return sub.status === "paused";
+}
+function isCancelled(sub) {
+	return sub.status === "cancelled";
+}
+function isTerminal(sub) {
+	return sub.status === "cancelled" || sub.status === "completed" || sub.status === "expired";
+}
+function isUsable(sub) {
+	return sub.status === "active" || sub.status === "authenticated";
+}
+function hasPaymentIssue(sub) {
+	return sub.status === "pending" || sub.status === "halted";
+}
+function timestampToDate(timestamp) {
+	return timestamp ? /* @__PURE__ */ new Date(timestamp * 1e3) : void 0;
+}
+function dateStringToDate(dateStr) {
+	if (!dateStr) return void 0;
+	const d = new Date(dateStr);
+	return isNaN(d.getTime()) ? void 0 : d;
+}
+function toSubscriptionStatus(status) {
+	if ([
+		"created",
+		"authenticated",
+		"active",
+		"pending",
+		"halted",
+		"cancelled",
+		"completed",
+		"expired",
+		"paused"
+	].includes(status)) return status;
+	return "created";
+}
+/**
+* Generate hash for PayU API commands (verify_payment, cancel_refund, etc.)
+* Hash formula: sha512(key|command|var1|salt)
+*/
+function generateCommandHash(key, command, var1, salt) {
+	const hashString = `${key}|${command}|${var1}|${salt}`;
+	return createHmac("sha512", "").update(hashString).digest("hex");
+}
+
+//#endregion
+//#region src/middleware.ts
+/**
+* Middleware to extract and validate the authenticated session.
+* Returns the user from the session or throws UNAUTHORIZED.
+*/
+function payuSessionMiddleware(ctx) {
+	const user = ctx.context.session?.user;
+	if (!user) throw createAPIError("UNAUTHORIZED", PAYU_ERROR_CODES.UNAUTHORIZED);
+	return user;
+}
+/**
+* Middleware factory to authorize a reference (user or organization) for
+* subscription actions. Supports org-based subscriptions.
+*/
+function referenceMiddleware(options) {
+	return async (ctx) => {
+		const user = payuSessionMiddleware(ctx);
+		const referenceId = ctx.body?.referenceId ?? ctx.query?.referenceId ?? user.id;
+		if (referenceId === user.id) return {
+			referenceId,
+			type: "user",
+			userId: user.id
+		};
+		if (options.organization?.enabled) {
+			const authorizeReference = options.organization.authorizeReference;
+			if (authorizeReference) {
+				if (!await authorizeReference({
+					action: "list-subscriptions",
+					organizationId: referenceId,
+					userId: user.id,
+					role: void 0
+				})) throw createAPIError("FORBIDDEN", PAYU_ERROR_CODES.REFERENCE_ID_NOT_ALLOWED);
+			}
+			return {
+				referenceId,
+				type: "organization",
+				userId: user.id
+			};
+		}
+		throw createAPIError("FORBIDDEN", PAYU_ERROR_CODES.REFERENCE_ID_NOT_ALLOWED);
+	};
+}
+
+//#endregion
+//#region src/routes.ts
+const createSubscriptionBodySchema = z.object({
+	plan: z.string(),
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional(),
+	mandateType: z.enum([
+		"card",
+		"upi",
+		"netbanking"
+	]).optional()
+});
+const cancelSubscriptionBodySchema = z.object({
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional(),
+	cancelAtCycleEnd: z.boolean().optional()
+});
+const pauseSubscriptionBodySchema = z.object({
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional()
+});
+const resumeSubscriptionBodySchema = z.object({
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional()
+});
+const listSubscriptionsQuerySchema = z.object({
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional()
+});
+const updateSubscriptionBodySchema = z.object({
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional(),
+	plan: z.string().optional(),
+	quantity: z.number().optional()
+});
+const chargeSubscriptionBodySchema = z.object({
+	subscriptionId: z.string(),
+	amount: z.string(),
+	txnid: z.string()
+});
+const preDebitNotifyBodySchema = z.object({
+	subscriptionId: z.string(),
+	amount: z.string(),
+	txnid: z.string(),
+	debitDate: z.string()
+});
+const fetchSubscriptionQuerySchema = z.object({ subscriptionId: z.string() });
+const mandateStatusQuerySchema = z.object({
+	subscriptionId: z.string(),
+	mandateType: z.enum([
+		"card",
+		"upi",
+		"netbanking"
+	]).optional()
+});
+const mandateModifyBodySchema = z.object({
+	subscriptionId: z.string(),
+	amount: z.string(),
+	mandateType: z.enum([
+		"card",
+		"upi",
+		"netbanking"
+	]).optional()
+});
+const initiatePaymentBodySchema = z.object({
+	txnid: z.string(),
+	amount: z.string(),
+	productinfo: z.string(),
+	firstname: z.string(),
+	email: z.string(),
+	phone: z.string(),
+	referenceId: z.string().optional()
+});
+const verifyPaymentBodySchema = z.object({ txnid: z.string() });
+const initiateRefundBodySchema = z.object({
+	mihpayid: z.string(),
+	amount: z.string(),
+	tokenId: z.string()
+});
+const refundStatusQuerySchema = z.object({
+	requestId: z.string().optional(),
+	mihpayid: z.string().optional()
+});
+const transactionInfoQuerySchema = z.object({ txnid: z.string() });
+const transactionDetailsQuerySchema = z.object({
+	startDate: z.string(),
+	endDate: z.string()
+});
+const validateVpaBodySchema = z.object({ vpa: z.string() });
+const updateSIBodySchema = z.object({
+	subscriptionId: z.string(),
+	billingAmount: z.string().optional(),
+	billingCycle: z.string().optional(),
+	billingInterval: z.number().optional(),
+	paymentEndDate: z.string().optional()
+});
+const fetchPlanQuerySchema = z.object({ planId: z.string() });
+const payAndSubscribeBodySchema = z.object({
+	plan: z.string(),
+	referenceId: z.string().optional(),
+	customerType: z.enum(["user", "organization"]).optional(),
+	mandateType: z.enum([
+		"card",
+		"upi",
+		"netbanking"
+	]).optional(),
+	initialAmount: z.string().optional()
+});
+function createRoutes(options) {
+	const getReference = referenceMiddleware(options);
+	return {
+		createSubscription: createAuthEndpoint("/payu/subscription/create", {
+			method: "POST",
+			body: createSubscriptionBodySchema
+		}, async (ctx) => {
+			const user = payuSessionMiddleware(ctx);
+			const ref = await getReference(ctx);
+			const body = ctx.body;
+			if (!options.subscription?.enabled) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.INVALID_REQUEST_BODY);
+			const plan = await getPlanByName(options, body.plan);
+			if (!plan) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND);
+			const existing = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}, {
+					field: "status",
+					operator: "in",
+					value: ["active", "authenticated"]
+				}]
+			});
+			if (existing && existing.plan === body.plan) throw createAPIError("CONFLICT", PAYU_ERROR_CODES.ALREADY_SUBSCRIBED_PLAN);
+			const subscription = await ctx.context.adapter.create({
+				model: "subscription",
+				data: {
+					plan: plan.name,
+					referenceId: ref.referenceId,
+					payuCustomerId: null,
+					payuSubscriptionId: `payu_sub_${Date.now()}`,
+					payuMandateType: body.mandateType || "card",
+					payuTransactionId: null,
+					payuMihpayid: null,
+					status: "created",
+					currentStart: null,
+					currentEnd: null,
+					endedAt: null,
+					quantity: 1,
+					totalCount: plan.totalCount,
+					paidCount: 0,
+					remainingCount: plan.totalCount,
+					cancelledAt: null,
+					pausedAt: null,
+					cancelAtCycleEnd: false,
+					billingPeriod: plan.billingCycle,
+					seats: null,
+					trialStart: null,
+					trialEnd: null,
+					metadata: null,
+					createdAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const txnid = `txn_${Date.now()}_${subscription.id}`;
+			const hash = generatePayUHash({
+				key: options.merchantKey,
+				txnid,
+				amount: plan.amount,
+				productinfo: plan.name,
+				firstname: user.id,
+				email: "",
+				...subscriptionUdf.set({
+					userId: user.id,
+					subscriptionId: subscription.id,
+					referenceId: ref.referenceId
+				})
+			}, options.merchantSalt);
+			return ctx.json({
+				subscription,
+				paymentParams: {
+					key: options.merchantKey,
+					txnid,
+					amount: plan.amount,
+					productinfo: plan.name,
+					hash,
+					mandateType: body.mandateType || "card"
+				}
+			});
+		}),
+		payAndSubscribe: createAuthEndpoint("/payu/subscription/pay-and-subscribe", {
+			method: "POST",
+			body: payAndSubscribeBodySchema
+		}, async (ctx) => {
+			const user = payuSessionMiddleware(ctx);
+			const ref = await getReference(ctx);
+			const body = ctx.body;
+			if (!options.subscription?.enabled) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.INVALID_REQUEST_BODY);
+			const plan = await getPlanByName(options, body.plan);
+			if (!plan) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND);
+			const subscription = await ctx.context.adapter.create({
+				model: "subscription",
+				data: {
+					plan: plan.name,
+					referenceId: ref.referenceId,
+					payuSubscriptionId: `payu_sub_${Date.now()}`,
+					payuMandateType: body.mandateType || "card",
+					status: "created",
+					quantity: 1,
+					totalCount: plan.totalCount,
+					paidCount: 0,
+					remainingCount: plan.totalCount,
+					billingPeriod: plan.billingCycle,
+					createdAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			const txnid = `txn_${Date.now()}_${subscription.id}`;
+			const initialAmount = body.initialAmount || plan.amount;
+			const hash = generatePayUHash({
+				key: options.merchantKey,
+				txnid,
+				amount: initialAmount,
+				productinfo: plan.name,
+				firstname: user.id,
+				email: ""
+			}, options.merchantSalt);
+			return ctx.json({
+				subscription,
+				paymentParams: {
+					key: options.merchantKey,
+					txnid,
+					amount: initialAmount,
+					productinfo: plan.name,
+					hash,
+					mandateType: body.mandateType || "card"
+				}
+			});
+		}),
+		cancelSubscription: createAuthEndpoint("/payu/subscription/cancel", {
+			method: "POST",
+			body: cancelSubscriptionBodySchema
+		}, async (ctx) => {
+			const ref = await getReference(ctx);
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}, {
+					field: "status",
+					operator: "in",
+					value: ["active", "authenticated"]
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			if (isCancelled(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_ALREADY_CANCELLED);
+			if (isTerminal(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_IN_TERMINAL_STATE);
+			if (ctx.body.cancelAtCycleEnd) {
+				await ctx.context.adapter.update({
+					model: "subscription",
+					where: [{
+						field: "id",
+						value: subscription.id
+					}],
+					update: {
+						cancelAtCycleEnd: true,
+						updatedAt: /* @__PURE__ */ new Date()
+					}
+				});
+				return ctx.json({
+					success: true,
+					cancelAtCycleEnd: true
+				});
+			}
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const command = subscription.payuMandateType === "upi" ? "upi_mandate_revoke" : "mandate_revoke";
+			const hash = generateCommandHash(options.merchantKey, command, subscription.payuTransactionId || "", options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/${command}`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command,
+					var1: subscription.payuTransactionId || "",
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.MANDATE_REVOKE_FAILED);
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscription.id
+				}],
+				update: {
+					status: "cancelled",
+					cancelledAt: /* @__PURE__ */ new Date(),
+					endedAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			return ctx.json({ success: true });
+		}),
+		pauseSubscription: createAuthEndpoint("/payu/subscription/pause", {
+			method: "POST",
+			body: pauseSubscriptionBodySchema
+		}, async (ctx) => {
+			const ref = await getReference(ctx);
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}, {
+					field: "status",
+					value: "active"
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			if (!isActive(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE);
+			if (isPaused(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_ALREADY_PAUSED);
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscription.id
+				}],
+				update: {
+					status: "paused",
+					pausedAt: /* @__PURE__ */ new Date(),
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			return ctx.json({ success: true });
+		}),
+		resumeSubscription: createAuthEndpoint("/payu/subscription/resume", {
+			method: "POST",
+			body: resumeSubscriptionBodySchema
+		}, async (ctx) => {
+			const ref = await getReference(ctx);
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}, {
+					field: "status",
+					value: "paused"
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			if (!isPaused(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_PAUSED);
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscription.id
+				}],
+				update: {
+					status: "active",
+					pausedAt: null,
+					updatedAt: /* @__PURE__ */ new Date()
+				}
+			});
+			return ctx.json({ success: true });
+		}),
+		listSubscriptions: createAuthEndpoint("/payu/subscription/list", {
+			method: "GET",
+			query: listSubscriptionsQuerySchema
+		}, async (ctx) => {
+			const ref = await getReference(ctx);
+			const subscriptions = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}]
+			});
+			return ctx.json({ subscriptions: subscriptions ? [subscriptions] : [] });
+		}),
+		getSubscription: createAuthEndpoint("/payu/subscription/get", {
+			method: "GET",
+			query: fetchSubscriptionQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { subscriptionId } = ctx.query;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscriptionId
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			return ctx.json({ subscription });
+		}),
+		updateSubscription: createAuthEndpoint("/payu/subscription/update", {
+			method: "POST",
+			body: updateSubscriptionBodySchema
+		}, async (ctx) => {
+			const ref = await getReference(ctx);
+			const body = ctx.body;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "referenceId",
+					value: ref.referenceId
+				}, {
+					field: "status",
+					operator: "in",
+					value: ["active", "authenticated"]
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			const updateData = { updatedAt: /* @__PURE__ */ new Date() };
+			if (body.plan) {
+				const plan = await getPlanByName(options, body.plan);
+				if (!plan) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND);
+				updateData.plan = plan.name;
+				updateData.billingPeriod = plan.billingCycle;
+				updateData.totalCount = plan.totalCount;
+			}
+			if (body.quantity !== void 0) updateData.quantity = body.quantity;
+			await ctx.context.adapter.update({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscription.id
+				}],
+				update: updateData
+			});
+			return ctx.json({ success: true });
+		}),
+		preDebitNotify: createAuthEndpoint("/payu/subscription/pre-debit-notify", {
+			method: "POST",
+			body: preDebitNotifyBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			if (!await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: body.subscriptionId
+				}]
+			})) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "pre_debit_SI", body.txnid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/pre_debit_SI`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "pre_debit_SI",
+					var1: body.txnid,
+					var2: body.amount,
+					var3: body.debitDate,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.PRE_DEBIT_NOTIFICATION_FAILED);
+			return ctx.json({
+				success: true,
+				result
+			});
+		}),
+		chargeSubscription: createAuthEndpoint("/payu/subscription/charge", {
+			method: "POST",
+			body: chargeSubscriptionBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: body.subscriptionId
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			if (!isActive(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_ACTIVE);
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "si_transaction", body.txnid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/si_transaction`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "si_transaction",
+					var1: body.txnid,
+					var2: body.amount,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.PAYMENT_INITIATION_FAILED);
+			return ctx.json({
+				success: true,
+				result
+			});
+		}),
+		updateSI: createAuthEndpoint("/payu/subscription/update-si", {
+			method: "POST",
+			body: updateSIBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: body.subscriptionId
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "update_si", subscription.payuTransactionId || "", options.merchantSalt);
+			const params = {
+				key: options.merchantKey,
+				command: "update_si",
+				var1: subscription.payuTransactionId || "",
+				hash
+			};
+			if (body.billingAmount) params.var2 = body.billingAmount;
+			if (body.billingCycle) params.var3 = body.billingCycle;
+			if (body.billingInterval !== void 0) params.var4 = String(body.billingInterval);
+			if (body.paymentEndDate) params.var5 = body.paymentEndDate;
+			const result = await (await fetch(`${apiUrl}/merchant/update_si`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams(params)
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.SI_UPDATE_FAILED);
+			return ctx.json({
+				success: true,
+				result
+			});
+		}),
+		mandateStatus: createAuthEndpoint("/payu/mandate/status", {
+			method: "GET",
+			query: mandateStatusQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { subscriptionId, mandateType } = ctx.query;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: subscriptionId
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const mType = mandateType || subscription.payuMandateType || "card";
+			let command;
+			if (mType === "upi") command = "upi_mandate_status";
+			else if (mType === "netbanking") command = "net_banking_mandate_status";
+			else command = "check_mandate_status";
+			const hash = generateCommandHash(options.merchantKey, command, subscription.payuTransactionId || "", options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/${command}`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command,
+					var1: subscription.payuTransactionId || "",
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.MANDATE_STATUS_CHECK_FAILED);
+			return ctx.json({ mandate: result });
+		}),
+		mandateModify: createAuthEndpoint("/payu/mandate/modify", {
+			method: "POST",
+			body: mandateModifyBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			const subscription = await ctx.context.adapter.findOne({
+				model: "subscription",
+				where: [{
+					field: "id",
+					value: body.subscriptionId
+				}]
+			});
+			if (!subscription) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_NOT_FOUND);
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const mType = body.mandateType || subscription.payuMandateType || "card";
+			let command;
+			if (mType === "upi") command = "upi_mandate_modify";
+			else command = "mandate_modify";
+			const hash = generateCommandHash(options.merchantKey, command, subscription.payuTransactionId || "", options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/${command}`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command,
+					var1: subscription.payuTransactionId || "",
+					var2: body.amount,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.MANDATE_MODIFY_FAILED);
+			return ctx.json({
+				success: true,
+				result
+			});
+		}),
+		initiatePayment: createAuthEndpoint("/payu/payment/initiate", {
+			method: "POST",
+			body: initiatePaymentBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			const hash = generatePayUHash({
+				key: options.merchantKey,
+				txnid: body.txnid,
+				amount: body.amount,
+				productinfo: body.productinfo,
+				firstname: body.firstname,
+				email: body.email
+			}, options.merchantSalt);
+			return ctx.json({ paymentParams: {
+				key: options.merchantKey,
+				txnid: body.txnid,
+				amount: body.amount,
+				productinfo: body.productinfo,
+				firstname: body.firstname,
+				email: body.email,
+				phone: body.phone,
+				hash,
+				surl: `${options.apiBaseUrl || ""}/payu/webhook`,
+				furl: `${options.apiBaseUrl || ""}/payu/webhook`
+			} });
+		}),
+		verifyPayment: createAuthEndpoint("/payu/payment/verify", {
+			method: "POST",
+			body: verifyPaymentBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { txnid } = ctx.body;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "verify_payment", txnid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "verify_payment",
+					var1: txnid,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.PAYMENT_VERIFICATION_FAILED);
+			return ctx.json({ transaction: result });
+		}),
+		checkPayment: createAuthEndpoint("/payu/payment/check", {
+			method: "POST",
+			body: z.object({ mihpayid: z.string() })
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { mihpayid } = ctx.body;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "check_payment", mihpayid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "check_payment",
+					var1: mihpayid,
+					hash
+				})
+			})).json();
+			return ctx.json({ transaction: result });
+		}),
+		initiateRefund: createAuthEndpoint("/payu/refund/initiate", {
+			method: "POST",
+			body: initiateRefundBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const body = ctx.body;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "cancel_refund_transaction", body.mihpayid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "cancel_refund_transaction",
+					var1: body.mihpayid,
+					var2: body.tokenId,
+					var3: body.amount,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.error) throw createAPIError("INTERNAL_SERVER_ERROR", PAYU_ERROR_CODES.REFUND_INITIATION_FAILED);
+			return ctx.json({
+				success: true,
+				refund: result
+			});
+		}),
+		refundStatus: createAuthEndpoint("/payu/refund/status", {
+			method: "GET",
+			query: refundStatusQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { requestId, mihpayid } = ctx.query;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			let command;
+			let var1;
+			if (requestId) {
+				command = "check_action_status";
+				var1 = requestId;
+			} else if (mihpayid) {
+				command = "check_action_status";
+				var1 = mihpayid;
+			} else throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.INVALID_REQUEST_BODY);
+			const hash = generateCommandHash(options.merchantKey, command, var1, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command,
+					var1,
+					hash
+				})
+			})).json();
+			return ctx.json({ refundStatus: result });
+		}),
+		listRefunds: createAuthEndpoint("/payu/refund/list", {
+			method: "POST",
+			body: z.object({ mihpayids: z.array(z.string()) })
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { mihpayids } = ctx.body;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const var1 = mihpayids.join("|");
+			const hash = generateCommandHash(options.merchantKey, "get_all_refunds_from_transaction_ids", var1, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "get_all_refunds_from_transaction_ids",
+					var1,
+					hash
+				})
+			})).json();
+			return ctx.json({ refunds: result });
+		}),
+		transactionInfo: createAuthEndpoint("/payu/transaction/info", {
+			method: "GET",
+			query: transactionInfoQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { txnid } = ctx.query;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "get_transaction_info", txnid, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "get_transaction_info",
+					var1: txnid,
+					hash
+				})
+			})).json();
+			return ctx.json({ transaction: result });
+		}),
+		transactionDetails: createAuthEndpoint("/payu/transaction/details", {
+			method: "GET",
+			query: transactionDetailsQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { startDate, endDate } = ctx.query;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "get_Transaction_Details", startDate, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "get_Transaction_Details",
+					var1: startDate,
+					var2: endDate,
+					hash
+				})
+			})).json();
+			return ctx.json({ transactions: result });
+		}),
+		validateVpa: createAuthEndpoint("/payu/upi/validate-vpa", {
+			method: "POST",
+			body: validateVpaBodySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { vpa } = ctx.body;
+			const apiUrl = options.apiBaseUrl || "https://info.payu.in";
+			const hash = generateCommandHash(options.merchantKey, "validateVPA", vpa, options.merchantSalt);
+			const result = await (await fetch(`${apiUrl}/merchant/postservice?form=2`, {
+				method: "POST",
+				headers: { "Content-Type": "application/x-www-form-urlencoded" },
+				body: new URLSearchParams({
+					key: options.merchantKey,
+					command: "validateVPA",
+					var1: vpa,
+					hash
+				})
+			})).json();
+			if (result.status === 0 || result.isVPAValid === 0) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.INVALID_VPA);
+			return ctx.json({
+				valid: true,
+				result
+			});
+		}),
+		listPlans: createAuthEndpoint("/payu/plan/list", { method: "GET" }, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			if (!options.subscription?.enabled) return ctx.json({ plans: [] });
+			const plans = await getPlans(options.subscription);
+			return ctx.json({ plans });
+		}),
+		getPlan: createAuthEndpoint("/payu/plan/get", {
+			method: "GET",
+			query: fetchPlanQuerySchema
+		}, async (ctx) => {
+			payuSessionMiddleware(ctx);
+			const { planId } = ctx.query;
+			const plan = await getPlanByPlanId(options, planId);
+			if (!plan) throw createAPIError("NOT_FOUND", PAYU_ERROR_CODES.SUBSCRIPTION_PLAN_NOT_FOUND);
+			return ctx.json({ plan });
+		}),
+		webhook: createAuthEndpoint("/payu/webhook", { method: "POST" }, async (ctx) => {
+			const body = ctx.body;
+			if (!body || !body.hash) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.WEBHOOK_HASH_NOT_FOUND);
+			if (!verifyPayUHash({
+				key: body.key || options.merchantKey,
+				txnid: body.txnid || "",
+				amount: body.amount || "",
+				productinfo: body.productinfo || "",
+				firstname: body.firstname || "",
+				email: body.email || "",
+				status: body.status || "",
+				udf1: body.udf1,
+				udf2: body.udf2,
+				udf3: body.udf3,
+				udf4: body.udf4,
+				udf5: body.udf5,
+				udf6: body.udf6,
+				udf7: body.udf7,
+				udf8: body.udf8,
+				udf9: body.udf9,
+				udf10: body.udf10
+			}, options.merchantSalt, body.hash)) throw createAPIError("UNAUTHORIZED", PAYU_ERROR_CODES.FAILED_TO_VERIFY_WEBHOOK);
+			const event = {
+				mihpayid: body.mihpayid || "",
+				status: body.status || "",
+				txnid: body.txnid || "",
+				amount: body.amount || "",
+				productinfo: body.productinfo || "",
+				firstname: body.firstname || "",
+				email: body.email || "",
+				phone: body.phone || "",
+				hash: body.hash,
+				key: body.key || "",
+				mode: body.mode || "",
+				unmappedstatus: body.unmappedstatus || "",
+				field9: body.field9 || "",
+				error: body.error_Message || body.error || "",
+				bank_ref_num: body.bank_ref_num || "",
+				addedon: body.addedon || "",
+				payment_source: body.payment_source || "",
+				udf1: body.udf1,
+				udf2: body.udf2,
+				udf3: body.udf3,
+				udf4: body.udf4,
+				udf5: body.udf5,
+				udf6: body.udf6,
+				udf7: body.udf7,
+				udf8: body.udf8,
+				udf9: body.udf9,
+				udf10: body.udf10,
+				notificationType: body.notificationType
+			};
+			const status = body.status?.toLowerCase();
+			const notifType = body.notificationType?.toLowerCase();
+			if (notifType === "mandate_revoked" || notifType === "si_cancelled") await onMandateRevoked(ctx, options, event);
+			else if (notifType === "mandate_modified" || notifType === "si_modified") await onMandateModified(ctx, options, event);
+			else if (status === "success" || status === "captured") {
+				await onPaymentSuccess(ctx, options, event);
+				await onSubscriptionActivated(ctx, options, event);
+			} else if (status === "failure" || status === "failed") await onPaymentFailure(ctx, options, event);
+			else if (status === "pending") await onSubscriptionPending(ctx, options, event);
+			else if (status === "cancelled") await onSubscriptionCancelled(ctx, options, event);
+			else if (status === "halted") await onSubscriptionHalted(ctx, options, event);
+			else if (status === "completed") await onSubscriptionCompleted(ctx, options, event);
+			else if (status === "paused") await onSubscriptionPaused(ctx, options, event);
+			else if (status === "resumed" || status === "active") await onSubscriptionResumed(ctx, options, event);
+			return ctx.json({ success: true });
+		})
+	};
+}
+
+//#endregion
+//#region src/schema.ts
+const subscriptions = { subscription: { fields: {
+	plan: {
+		type: "string",
+		required: true
+	},
+	referenceId: {
+		type: "string",
+		required: true
+	},
+	payuCustomerId: {
+		type: "string",
+		required: false
+	},
+	payuSubscriptionId: {
+		type: "string",
+		required: false
+	},
+	payuMandateType: {
+		type: "string",
+		required: false
+	},
+	payuTransactionId: {
+		type: "string",
+		required: false
+	},
+	payuMihpayid: {
+		type: "string",
+		required: false
+	},
+	status: {
+		type: "string",
+		defaultValue: "created"
+	},
+	currentStart: {
+		type: "date",
+		required: false
+	},
+	currentEnd: {
+		type: "date",
+		required: false
+	},
+	endedAt: {
+		type: "date",
+		required: false
+	},
+	quantity: {
+		type: "number",
+		required: false,
+		defaultValue: 1
+	},
+	totalCount: {
+		type: "number",
+		required: false
+	},
+	paidCount: {
+		type: "number",
+		required: false,
+		defaultValue: 0
+	},
+	remainingCount: {
+		type: "number",
+		required: false
+	},
+	cancelledAt: {
+		type: "date",
+		required: false
+	},
+	pausedAt: {
+		type: "date",
+		required: false
+	},
+	cancelAtCycleEnd: {
+		type: "boolean",
+		required: false,
+		defaultValue: false
+	},
+	billingPeriod: {
+		type: "string",
+		required: false
+	},
+	seats: {
+		type: "number",
+		required: false
+	},
+	trialStart: {
+		type: "date",
+		required: false
+	},
+	trialEnd: {
+		type: "date",
+		required: false
+	},
+	metadata: {
+		type: "string",
+		required: false
+	}
+} } };
+const user = { user: { fields: { payuCustomerId: {
+	type: "string",
+	required: false
+} } } };
+const organization = { organization: { fields: { payuCustomerId: {
+	type: "string",
+	required: false
+} } } };
+const getSchema = (options) => {
+	let baseSchema = {};
+	if (options.subscription?.enabled) baseSchema = {
+		...subscriptions,
+		...user
+	};
+	else baseSchema = { ...user };
+	if (options.organization?.enabled) baseSchema = {
+		...baseSchema,
+		...organization
+	};
+	if (options.schema && !options.subscription?.enabled && "subscription" in options.schema) {
+		const { subscription: _subscription, ...restSchema } = options.schema;
+		return mergeSchema(baseSchema, restSchema);
+	}
+	return mergeSchema(baseSchema, options.schema);
+};
+
+//#endregion
+//#region src/index.ts
+const payu = (options) => {
+	const routes = createRoutes(options);
+	const subscriptionEndpoints = {
+		payuCreateSubscription: routes.createSubscription,
+		payuPayAndSubscribe: routes.payAndSubscribe,
+		payuCancelSubscription: routes.cancelSubscription,
+		payuPauseSubscription: routes.pauseSubscription,
+		payuResumeSubscription: routes.resumeSubscription,
+		payuListSubscriptions: routes.listSubscriptions,
+		payuGetSubscription: routes.getSubscription,
+		payuUpdateSubscription: routes.updateSubscription,
+		payuPreDebitNotify: routes.preDebitNotify,
+		payuChargeSubscription: routes.chargeSubscription,
+		payuUpdateSI: routes.updateSI
+	};
+	const mandateEndpoints = {
+		payuMandateStatus: routes.mandateStatus,
+		payuMandateModify: routes.mandateModify
+	};
+	const paymentEndpoints = {
+		payuInitiatePayment: routes.initiatePayment,
+		payuVerifyPayment: routes.verifyPayment,
+		payuCheckPayment: routes.checkPayment
+	};
+	const refundEndpoints = {
+		payuInitiateRefund: routes.initiateRefund,
+		payuRefundStatus: routes.refundStatus,
+		payuListRefunds: routes.listRefunds
+	};
+	const transactionEndpoints = {
+		payuTransactionInfo: routes.transactionInfo,
+		payuTransactionDetails: routes.transactionDetails
+	};
+	const utilityEndpoints = {
+		payuValidateVpa: routes.validateVpa,
+		payuListPlans: routes.listPlans,
+		payuGetPlan: routes.getPlan
+	};
+	return {
+		id: "payu",
+		endpoints: {
+			payuWebhook: routes.webhook,
+			...paymentEndpoints,
+			...refundEndpoints,
+			...transactionEndpoints,
+			...utilityEndpoints,
+			...mandateEndpoints,
+			...options.subscription?.enabled ? subscriptionEndpoints : {}
+		},
+		init(ctx) {
+			if (options.organization?.enabled) {
+				const orgPlugin = ctx.getPlugin("organization");
+				if (!orgPlugin) {
+					ctx.logger.error(`Organization plugin not found`);
+					return;
+				}
+				const existingHooks = orgPlugin.options?.organizationHooks ?? {};
+				/**
+				* Block organization deletion when there's an active subscription
+				*/
+				const beforeDeletePayUOrg = async (data) => {
+					const subscription = await ctx.adapter.findOne({
+						model: "subscription",
+						where: [{
+							field: "referenceId",
+							value: data.organization.id
+						}]
+					});
+					if (subscription && isActive(subscription)) throw createAPIError("BAD_REQUEST", PAYU_ERROR_CODES.ORGANIZATION_ON_ACTIVE_SUBSCRIPTION);
+				};
+				orgPlugin.options = {
+					...orgPlugin.options,
+					organizationHooks: {
+						...existingHooks,
+						beforeDeleteOrganization: async (data) => {
+							if (existingHooks.beforeDeleteOrganization) await existingHooks.beforeDeleteOrganization(data);
+							await beforeDeletePayUOrg(data);
+						}
+					}
+				};
+			}
+		},
+		schema: getSchema(options),
+		hooks: { after: [{
+			matcher(context) {
+				return context.path === "/user/update";
+			},
+			async handler(ctx) {}
+		}] }
+	};
+};
+
+//#endregion
+export { PAYU_ERROR_CODES, customerUdf, dateStringToDate, generateCommandHash, generatePayUHash, hasPaymentIssue, isActive, isAuthenticated, isCancelled, isPaused, isTerminal, isUsable, paramsToUdf, payu, subscriptionUdf, timestampToDate, toSubscriptionStatus, udfToParams, verifyPayUHash };
+//# sourceMappingURL=index.js.map