npm - creem-datafast - Versions diffs - 0.1.0 - Mend

creem-datafast 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/LICENSE +21 -0
package/README.md +377 -0
package/dist/chunk-EPUWLMCL.js +46 -0
package/dist/chunk-EPUWLMCL.js.map +1 -0
package/dist/chunk-MHG2AARF.js +43 -0
package/dist/chunk-MHG2AARF.js.map +1 -0
package/dist/client.d.ts +6 -0
package/dist/client.js +37 -0
package/dist/client.js.map +1 -0
package/dist/express.d.ts +5 -0
package/dist/express.js +30 -0
package/dist/express.js.map +1 -0
package/dist/idempotency/upstash.d.ts +12 -0
package/dist/idempotency/upstash.js +24 -0
package/dist/idempotency/upstash.js.map +1 -0
package/dist/index.d.ts +43 -0
package/dist/index.js +857 -0
package/dist/index.js.map +1 -0
package/dist/next.d.ts +20 -0
package/dist/next.js +31 -0
package/dist/next.js.map +1 -0
package/dist/types-4FOgdKj_.d.ts +215 -0
package/package.json +99 -0

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 Santiago Garcia
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md ADDED Viewed

@@ -0,0 +1,377 @@
+# creem-datafast
+[![CI](https://github.com/santigamo/creem-datafast/actions/workflows/ci.yml/badge.svg)](https://github.com/santigamo/creem-datafast/actions/workflows/ci.yml)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![TypeScript](https://img.shields.io/badge/TypeScript-5.9-blue.svg)](https://www.typescriptlang.org/)
+[![Coverage](https://img.shields.io/badge/coverage-88%25-brightgreen.svg)](https://github.com/santigamo/creem-datafast/actions/workflows/ci.yml)
+Connect Creem payments to DataFast analytics without writing any glue code. One factory, automatic cookie capture, webhook forwarding.
+- **Zero glue code** — one factory call wires up checkout attribution and webhook forwarding
+- **Framework adapters** — Next.js App Router and Express 5 out of the box, or bring your own
+- **Production-ready** — idempotent webhooks, retries with backoff, Web Crypto signature verification
+- **Official Upstash adapter** — ready-made distributed idempotency for serverless and multi-instance deployments
+- **Refund support** — forwards `refund.created` as `refunded: true` payment events
+- **Currency-aware** — correctly converts zero-decimal (JPY) and three-decimal (KWD) currencies
+## How It Works
+```mermaid
+sequenceDiagram
+    participant B as Browser
+    participant S as Your Server
+    participant C as Creem
+    participant D as DataFast
+    B->>S: POST /api/checkout (cookies)
+    Note right of S: reads datafast_visitor_id<br/>injects into metadata
+    S->>C: createCheckout()
+    C-->>B: redirect to checkoutUrl
+    B->>C: completes payment
+    C->>S: webhook (checkout.completed)
+    Note right of S: verifies signature<br/>deduplicates event<br/>maps payload
+    S->>D: POST /api/v1/payments
+```
+1. Your backend calls `createCheckout()` with the incoming `Request` or cookie header.
+2. The package injects `datafast_visitor_id` and `datafast_session_id` into Creem metadata without dropping the rest of your metadata.
+3. Creem redirects the customer to `checkoutUrl`.
+4. Creem sends `checkout.completed`, `subscription.paid`, and `refund.created` webhooks back to your server.
+5. `handleWebhook()` verifies `creem-signature`, deduplicates the event id, maps the payload, and forwards the payment or refund to DataFast.
+Supported events: `checkout.completed`, `subscription.paid`, `refund.created`. Any other Creem event is ignored and returns `200 OK`. Initial subscription `checkout.completed` deliveries are acknowledged but ignored so the first subscription payment is attributed only once through `subscription.paid`.
+## Judge in 2 minutes
+Use `example-next` for the fastest end-to-end proof. It shows the landing page, launches a real checkout, and logs both the webhook outcome and the payload forwarded to DataFast.
+```bash
+pnpm install
+cp example-next/.env.example example-next/.env.local
+```
+Fill `example-next/.env.local` with real test values for `CREEM_API_KEY`, `CREEM_WEBHOOK_SECRET`, `DATAFAST_API_KEY`, `DATAFAST_WEBSITE_ID`, and `CREEM_PRODUCT_ID`. `APP_BASE_URL` can stay at `http://localhost:3000` for a local run.
+```bash
+pnpm build
+pnpm --filter example-next dev
+```
+Then:
+1. Open `http://localhost:3000`.
+2. Click `Launch checkout via server cookie capture` to see the hosted checkout flow the package creates.
+3. In another terminal, send the fixed webhook fixture already used by the test suite:
+```bash
+export CREEM_WEBHOOK_SECRET=your_real_webhook_secret
+curl -i http://localhost:3000/api/webhook/creem \
+  -H "content-type: application/json" \
+  -H "creem-signature: $(node --input-type=module -e 'import { createHmac } from \"node:crypto\"; import { readFileSync } from \"node:fs\"; const rawBody = readFileSync(\"tests/fixtures/checkout-completed.json\", \"utf8\"); process.stdout.write(createHmac(\"sha256\", process.env.CREEM_WEBHOOK_SECRET).update(rawBody).digest(\"hex\"));')" \
+  --data-binary @tests/fixtures/checkout-completed.json
+```
+You should see:
+- `HTTP/1.1 200 OK` from the webhook route
+- `[example-next] forwarding payload to DataFast ...`
+- `[example-next] webhook processed ...`
+If you prefer Express, swap the env file and dev command:
+```bash
+cp example-express/.env.example example-express/.env.local
+pnpm --filter example-express dev
+```
+Use the same fixture and `curl` command against `http://localhost:3000/api/webhook/creem`. The key success signal there is `[example-express] forwarding payload to DataFast ...`.
+For the longer setup, tunnel, and verification flow, see [`example-next/README.md`](./example-next/README.md), [`example-express/README.md`](./example-express/README.md), and [`docs/development.md`](./docs/development.md).
+## Integrate with AI Agents
+Paste this prompt into Claude Code, Cursor, Codex, or any AI coding agent:
+```text
+Use curl to download, read and follow: https://raw.githubusercontent.com/santigamo/creem-datafast/main/SKILL.md
+```
+## Installation
+```bash
+pnpm add creem-datafast
+```
+Internally the package wraps the official `creem` Core SDK, so you do not need to install `creem` separately in a normal consumer app.
+## Quickstart
+### Next.js
+Install the package, create a shared client, then use the included route handler adapter.
+```ts
+// lib/creem-datafast.ts
+import { createCreemDataFast } from "creem-datafast";
+export const creemDataFast = createCreemDataFast({
+  creemApiKey: process.env.CREEM_API_KEY!,
+  creemWebhookSecret: process.env.CREEM_WEBHOOK_SECRET!,
+  datafastApiKey: process.env.DATAFAST_API_KEY!,
+  testMode: true
+});
+```
+```ts
+// app/api/checkout/route.ts
+import { NextResponse } from "next/server";
+import { creemDataFast } from "@/lib/creem-datafast";
+export const runtime = "nodejs";
+export async function POST(request: Request) {
+  const { checkoutUrl } = await creemDataFast.createCheckout(
+    {
+      productId: process.env.CREEM_PRODUCT_ID!,
+      successUrl: `${process.env.APP_BASE_URL!}/success`
+    },
+    { request }
+  );
+  return NextResponse.redirect(checkoutUrl, { status: 303 });
+}
+```
+```ts
+// app/api/webhook/creem/route.ts
+import { createNextWebhookHandler } from "creem-datafast/next";
+import { creemDataFast } from "@/lib/creem-datafast";
+export const runtime = "nodejs";
+export const POST = createNextWebhookHandler(creemDataFast);
+```
+### Express
+Use the framework-agnostic core in your app layer and keep the webhook route on raw body middleware.
+```ts
+import express from "express";
+import { createCreemDataFast } from "creem-datafast";
+import { createExpressWebhookHandler } from "creem-datafast/express";
+const app = express();
+const creemDataFast = createCreemDataFast({
+  creemApiKey: process.env.CREEM_API_KEY!,
+  creemWebhookSecret: process.env.CREEM_WEBHOOK_SECRET!,
+  datafastApiKey: process.env.DATAFAST_API_KEY!,
+  testMode: true
+});
+app.post("/api/checkout", async (req, res) => {
+  const { checkoutUrl } = await creemDataFast.createCheckout(
+    {
+      productId: process.env.CREEM_PRODUCT_ID!,
+      successUrl: `${process.env.APP_BASE_URL!}/success`
+    },
+    {
+      request: { headers: req.headers, url: req.url }
+    }
+  );
+  res.redirect(303, checkoutUrl);
+});
+app.post(
+  "/api/webhook/creem",
+  express.raw({ type: "application/json" }),
+  createExpressWebhookHandler(creemDataFast)
+);
+```
+### Framework-Agnostic
+Use `handleWebhook()` directly when your framework is not Next.js or Express. You just need the raw request body as a string and the request headers.
+```ts
+import { createCreemDataFast, InvalidCreemSignatureError } from "creem-datafast";
+const creemDataFast = createCreemDataFast({
+  creemApiKey: process.env.CREEM_API_KEY!,
+  creemWebhookSecret: process.env.CREEM_WEBHOOK_SECRET!,
+  datafastApiKey: process.env.DATAFAST_API_KEY!,
+  testMode: true
+});
+// Works with any Node.js framework, and the core flow is smoke-validated on Cloudflare Workers with injected Creem/DataFast boundaries.
+async function handleCreemWebhook(rawBody: string, headers: Record<string, string>) {
+  try {
+    const result = await creemDataFast.handleWebhook({ rawBody, headers });
+    if (result.ignored) {
+      return { status: 200, body: "Ignored" };
+    }
+    return { status: 200, body: "OK" };
+  } catch (error) {
+    if (error instanceof InvalidCreemSignatureError) {
+      return { status: 400, body: "Invalid signature" };
+    }
+    return { status: 500, body: "Internal error" };
+  }
+}
+```
+### Client-Side Helper
+Use the browser helper when your checkout request originates from the browser and cookies are not automatically forwarded to your backend (e.g. cross-origin fetch calls). In same-origin setups the server-side cookie capture handles this automatically.
+```ts
+import { appendDataFastTracking, getDataFastTracking } from "creem-datafast/client";
+const tracking = getDataFastTracking();
+const checkoutEndpoint = appendDataFastTracking("/api/checkout", tracking);
+// Then use checkoutEndpoint as your fetch URL:
+const response = await fetch(checkoutEndpoint, { method: "POST" });
+```
+Tracking precedence during checkout creation is:
+1. `params.tracking`
+2. `params.metadata.datafast_*`
+3. `request.url` query params
+4. cookies, using `request.headers.cookie` first and `cookieHeader` only to fill missing tracking fields
+## Advanced
+### Custom webhook response logic (Next.js)
+If you need custom response logic in Next.js, use `handleWebhookRequest()` instead of `createNextWebhookHandler()`. It reads the raw body for you and forwards the webhook through the same core path. Since `handleWebhookRequest()` is a low-level helper, you are responsible for catching `InvalidCreemSignatureError` (-> 400) and unexpected errors (-> 500).
+```ts
+import { handleWebhookRequest } from "creem-datafast/next";
+import { InvalidCreemSignatureError } from "creem-datafast";
+import { creemDataFast } from "@/lib/creem-datafast";
+export const runtime = "nodejs";
+export async function POST(request: Request) {
+  try {
+    const result = await handleWebhookRequest(creemDataFast, request);
+    if (result.ignored) {
+      return new Response("Ignored", { status: 200 });
+    }
+    return new Response("OK", { status: 200 });
+  } catch (error) {
+    if (error instanceof InvalidCreemSignatureError) {
+      return new Response("Invalid signature", { status: 400 });
+    }
+    return new Response("Internal error", { status: 500 });
+  }
+}
+```
+### Idempotency
+`handleWebhook()` uses an in-process `MemoryIdempotencyStore` by default. This is convenient for local development and single-instance deployments, but it is not safe for multi-instance production environments because deduplication does not survive process restarts or span multiple instances.
+Recommended production setup:
+```bash
+pnpm add @upstash/redis
+```
+```ts
+import { Redis } from "@upstash/redis";
+import { createCreemDataFast } from "creem-datafast";
+import { createUpstashIdempotencyStore } from "creem-datafast/idempotency/upstash";
+const redis = new Redis({
+  url: process.env.UPSTASH_REDIS_REST_URL!,
+  token: process.env.UPSTASH_REDIS_REST_TOKEN!
+});
+export const creemDataFast = createCreemDataFast({
+  creemApiKey: process.env.CREEM_API_KEY!,
+  creemWebhookSecret: process.env.CREEM_WEBHOOK_SECRET!,
+  datafastApiKey: process.env.DATAFAST_API_KEY!,
+  idempotencyStore: createUpstashIdempotencyStore(redis)
+});
+```
+See [`docs/production-idempotency.md`](./docs/production-idempotency.md) for the `IdempotencyStore` contract, TTL guidance, and how to implement a custom store.
+## Configuration
+Constructor options for `createCreemDataFast()`:
+- `creemApiKey`: Creem Core SDK API key.
+- `creemWebhookSecret`: secret used to validate `creem-signature`.
+- `datafastApiKey`: bearer token for DataFast payments.
+- `testMode`: set to `true` to target `https://test-api.creem.io`. Defaults to `false`.
+- `timeoutMs`: per-request timeout for DataFast forwarding. Defaults to `8000`.
+- `retry.retries`: additional retry attempts after the initial DataFast request, so `1` means up to `2` total attempts. Defaults to `1`.
+- `retry.baseDelayMs`: base backoff delay in milliseconds. Defaults to `250`.
+- `retry.maxDelayMs`: maximum backoff delay in milliseconds. Defaults to `2000`.
+- `strictTracking`: throw `MissingTrackingError` when no `datafast_visitor_id` is found at checkout. Defaults to `false`.
+- `idempotencyStore`: custom `IdempotencyStore` for distributed deduplication.
+- `logger`: inject a custom logger implementing `{ debug, info, warn, error }`.
+- `creemClient`: inject a pre-configured Creem SDK instance instead of using `creemApiKey`.
+## API Reference
+```ts
+import {
+  createCreemDataFast,
+  CreemDataFastError,
+  DataFastRequestError,
+  InvalidCreemSignatureError,
+  MissingTrackingError,
+  MemoryIdempotencyStore
+} from "creem-datafast";
+import { createNextWebhookHandler, handleWebhookRequest } from "creem-datafast/next";
+import { createExpressWebhookHandler } from "creem-datafast/express";
+import { appendDataFastTracking, getDataFastTracking } from "creem-datafast/client";
+import { createUpstashIdempotencyStore } from "creem-datafast/idempotency/upstash";
+```
+Root API:
+- `createCreemDataFast(options)` — returns a `CreemDataFastClient`.
+- `client.createCheckout(params, context?)` — creates a Creem checkout with injected DataFast tracking.
+- `client.handleWebhook({ rawBody, headers })` — verifies, deduplicates, maps, and forwards a webhook.
+- `client.verifyWebhookSignature(rawBody, headers)` — returns `true` or `false` for signature validity; throws `InvalidCreemSignatureError` when `creem-signature` is missing.
+Error classes:
+- `CreemDataFastError` — base class for all package errors.
+- `InvalidCreemSignatureError` — webhook signature is missing or invalid.
+- `MissingTrackingError` — thrown by `createCheckout()` when `strictTracking` is enabled and no `datafast_visitor_id` is found.
+- `DataFastRequestError` — DataFast API request failed. Exposes `.retryable`, `.status`, and `.requestId`.
+## Troubleshooting
+- Invalid webhook signature: make sure the handler reads the raw request body, not parsed JSON.
+- Missing `creem-signature` header: `verifyWebhookSignature()` and `handleWebhook()` throw `InvalidCreemSignatureError` because the request is malformed.
+- Missing visitor tracking: the checkout still works by default; enable `strictTracking` if you want the request to fail instead.
+- Double-counted revenue from DataFast: if you use the DataFast tracking script alongside server-side webhook forwarding, the same payment can be recorded twice — once by the script detecting URL parameters on the success page, and once by the webhook. Add `data-disable-payments="true"` to the DataFast script tag when using `creem-datafast` for server-side attribution.
+- Wrong amount format: Creem amounts are interpreted as minor units and converted into decimal major units before sending to DataFast.
+- Refund semantics: `refund.created` forwards the refunded amount as a new DataFast payment with `refunded: true` and uses the Creem refund id as `transaction_id`.
+- Duplicate forwards: the built-in `MemoryIdempotencyStore` is `dev / single-instance only`. For multi-instance deployments, pass a durable atomic `idempotencyStore` such as `createUpstashIdempotencyStore(redis)`. See [`docs/production-idempotency.md`](./docs/production-idempotency.md).
+- Slow or flaky DataFast responses: forwarding uses an `8000ms` timeout by default and retries only network errors, timeouts, and `408` / `429` / `5xx` responses.
+## Compatibility
+- Node 18+ runtime. ESM-only (`import`, not `require()`).
+- Framework-agnostic core is smoke-validated on Cloudflare Workers and Bun.
+- Next.js Route Handlers on the Node runtime.
+- Express webhook routes using `express.raw({ type: "application/json" })`.
+## Development
+See [`docs/development.md`](./docs/development.md) for package checks, CI pipeline, runnable examples, and manual local verification.

package/dist/chunk-EPUWLMCL.js ADDED Viewed

@@ -0,0 +1,46 @@
+// src/core/errors.ts
+var CreemDataFastError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = new.target.name;
+  }
+};
+var InvalidCreemSignatureError = class extends CreemDataFastError {
+};
+var MissingTrackingError = class extends CreemDataFastError {
+};
+var UnsupportedWebhookEventError = class extends CreemDataFastError {
+};
+var DataFastRequestError = class extends CreemDataFastError {
+  constructor(message, details, errorOptions) {
+    super(message, errorOptions);
+    this.details = details;
+  }
+  get status() {
+    return this.details.status;
+  }
+  get statusText() {
+    return this.details.statusText;
+  }
+  get requestId() {
+    return this.details.requestId;
+  }
+  get retryable() {
+    return this.details.retryable;
+  }
+  get responseBody() {
+    return this.details.responseBody;
+  }
+};
+var TransactionHydrationError = class extends CreemDataFastError {
+};
+export {
+  CreemDataFastError,
+  InvalidCreemSignatureError,
+  MissingTrackingError,
+  UnsupportedWebhookEventError,
+  DataFastRequestError,
+  TransactionHydrationError
+};
+//# sourceMappingURL=chunk-EPUWLMCL.js.map

package/dist/chunk-EPUWLMCL.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/core/errors.ts"],"sourcesContent":["export class CreemDataFastError extends Error {\n constructor(message: string, options?: ErrorOptions) {\n super(message, options);\n this.name = new.target.name;\n }\n}\n\nexport class InvalidCreemSignatureError extends CreemDataFastError {}\n\nexport class MissingTrackingError extends CreemDataFastError {}\n\nexport class UnsupportedWebhookEventError extends CreemDataFastError {}\n\nexport class DataFastRequestError extends CreemDataFastError {\n constructor(\n message: string,\n public readonly details: {\n status?: number;\n statusText?: string;\n requestId?: string;\n retryable: boolean;\n responseBody?: unknown;\n },\n errorOptions?: ErrorOptions\n ) {\n super(message, errorOptions);\n }\n\n get status(): number | undefined {\n return this.details.status;\n }\n\n get statusText(): string | undefined {\n return this.details.statusText;\n }\n\n get requestId(): string | undefined {\n return this.details.requestId;\n }\n\n get retryable(): boolean {\n return this.details.retryable;\n }\n\n get responseBody(): unknown {\n return this.details.responseBody;\n }\n}\n\nexport class TransactionHydrationError extends CreemDataFastError {}\n"],"mappings":";AAAO,IAAM,qBAAN,cAAiC,MAAM;AAAA,EAC5C,YAAY,SAAiB,SAAwB;AACnD,UAAM,SAAS,OAAO;AACtB,SAAK,OAAO,WAAW;AAAA,EACzB;AACF;AAEO,IAAM,6BAAN,cAAyC,mBAAmB;AAAC;AAE7D,IAAM,uBAAN,cAAmC,mBAAmB;AAAC;AAEvD,IAAM,+BAAN,cAA2C,mBAAmB;AAAC;AAE/D,IAAM,uBAAN,cAAmC,mBAAmB;AAAA,EAC3D,YACE,SACgB,SAOhB,cACA;AACA,UAAM,SAAS,YAAY;AATX;AAAA,EAUlB;AAAA,EAEA,IAAI,SAA6B;AAC/B,WAAO,KAAK,QAAQ;AAAA,EACtB;AAAA,EAEA,IAAI,aAAiC;AACnC,WAAO,KAAK,QAAQ;AAAA,EACtB;AAAA,EAEA,IAAI,YAAgC;AAClC,WAAO,KAAK,QAAQ;AAAA,EACtB;AAAA,EAEA,IAAI,YAAqB;AACvB,WAAO,KAAK,QAAQ;AAAA,EACtB;AAAA,EAEA,IAAI,eAAwB;AAC1B,WAAO,KAAK,QAAQ;AAAA,EACtB;AACF;AAEO,IAAM,4BAAN,cAAwC,mBAAmB;AAAC;","names":[]}

package/dist/chunk-MHG2AARF.js ADDED Viewed

@@ -0,0 +1,43 @@
+// src/core/cookies.ts
+function decodeCookieValue(value) {
+  try {
+    return decodeURIComponent(value);
+  } catch {
+    return value;
+  }
+}
+function parseCookieHeader(cookieHeader) {
+  const cookies = {};
+  for (const part of cookieHeader.split(";")) {
+    const trimmed = part.trim();
+    if (!trimmed) {
+      continue;
+    }
+    const separatorIndex = trimmed.indexOf("=");
+    if (separatorIndex === -1) {
+      continue;
+    }
+    const key = trimmed.slice(0, separatorIndex).trim();
+    const value = trimmed.slice(separatorIndex + 1).trim();
+    if (!key) {
+      continue;
+    }
+    cookies[key] = decodeCookieValue(value);
+  }
+  return cookies;
+}
+function readTrackingFromCookieHeader(cookieHeader) {
+  if (!cookieHeader) {
+    return {};
+  }
+  const cookies = parseCookieHeader(cookieHeader);
+  return {
+    visitorId: cookies.datafast_visitor_id,
+    sessionId: cookies.datafast_session_id
+  };
+}
+export {
+  readTrackingFromCookieHeader
+};
+//# sourceMappingURL=chunk-MHG2AARF.js.map

package/dist/chunk-MHG2AARF.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/core/cookies.ts"],"sourcesContent":["import type { DataFastTracking } from \"./types.js\";\n\nfunction decodeCookieValue(value: string): string {\n try {\n return decodeURIComponent(value);\n } catch {\n return value;\n }\n}\n\nexport function parseCookieHeader(cookieHeader: string): Record<string, string> {\n const cookies: Record<string, string> = {};\n\n for (const part of cookieHeader.split(\";\")) {\n const trimmed = part.trim();\n if (!trimmed) {\n continue;\n }\n\n const separatorIndex = trimmed.indexOf(\"=\");\n if (separatorIndex === -1) {\n continue;\n }\n\n const key = trimmed.slice(0, separatorIndex).trim();\n const value = trimmed.slice(separatorIndex + 1).trim();\n if (!key) {\n continue;\n }\n\n cookies[key] = decodeCookieValue(value);\n }\n\n return cookies;\n}\n\nexport function readTrackingFromCookieHeader(cookieHeader?: string): DataFastTracking {\n if (!cookieHeader) {\n return {};\n }\n\n const cookies = parseCookieHeader(cookieHeader);\n\n return {\n visitorId: cookies.datafast_visitor_id,\n sessionId: cookies.datafast_session_id\n };\n}\n"],"mappings":";AAEA,SAAS,kBAAkB,OAAuB;AAChD,MAAI;AACF,WAAO,mBAAmB,KAAK;AAAA,EACjC,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAEO,SAAS,kBAAkB,cAA8C;AAC9E,QAAM,UAAkC,CAAC;AAEzC,aAAW,QAAQ,aAAa,MAAM,GAAG,GAAG;AAC1C,UAAM,UAAU,KAAK,KAAK;AAC1B,QAAI,CAAC,SAAS;AACZ;AAAA,IACF;AAEA,UAAM,iBAAiB,QAAQ,QAAQ,GAAG;AAC1C,QAAI,mBAAmB,IAAI;AACzB;AAAA,IACF;AAEA,UAAM,MAAM,QAAQ,MAAM,GAAG,cAAc,EAAE,KAAK;AAClD,UAAM,QAAQ,QAAQ,MAAM,iBAAiB,CAAC,EAAE,KAAK;AACrD,QAAI,CAAC,KAAK;AACR;AAAA,IACF;AAEA,YAAQ,GAAG,IAAI,kBAAkB,KAAK;AAAA,EACxC;AAEA,SAAO;AACT;AAEO,SAAS,6BAA6B,cAAyC;AACpF,MAAI,CAAC,cAAc;AACjB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,UAAU,kBAAkB,YAAY;AAE9C,SAAO;AAAA,IACL,WAAW,QAAQ;AAAA,IACnB,WAAW,QAAQ;AAAA,EACrB;AACF;","names":[]}

package/dist/client.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { B as BrowserTrackingResult } from './types-4FOgdKj_.js';
+declare function getDataFastTracking(cookieSource?: string): BrowserTrackingResult;
+declare function appendDataFastTracking(inputUrl: string | URL, tracking?: BrowserTrackingResult): string;
+export { BrowserTrackingResult, appendDataFastTracking, getDataFastTracking };

package/dist/client.js ADDED Viewed

@@ -0,0 +1,37 @@
+import {
+  readTrackingFromCookieHeader
+} from "./chunk-MHG2AARF.js";
+// src/client/browser.ts
+function resolveCookieSource(cookieSource) {
+  if (cookieSource !== void 0) {
+    return cookieSource;
+  }
+  if (typeof document === "undefined") {
+    return void 0;
+  }
+  return document.cookie;
+}
+function getDataFastTracking(cookieSource) {
+  return readTrackingFromCookieHeader(resolveCookieSource(cookieSource));
+}
+function appendDataFastTracking(inputUrl, tracking = getDataFastTracking()) {
+  const base = typeof window === "undefined" ? "http://localhost" : window.location.origin;
+  const url = inputUrl instanceof URL ? new URL(inputUrl.toString()) : new URL(inputUrl, base);
+  if (tracking.visitorId) {
+    url.searchParams.set("datafast_visitor_id", tracking.visitorId);
+  }
+  if (tracking.sessionId) {
+    url.searchParams.set("datafast_session_id", tracking.sessionId);
+  }
+  if (typeof inputUrl === "string" && inputUrl.startsWith("/")) {
+    const query = url.searchParams.toString();
+    return query ? `${url.pathname}?${query}` : url.pathname;
+  }
+  return url.toString();
+}
+export {
+  appendDataFastTracking,
+  getDataFastTracking
+};
+//# sourceMappingURL=client.js.map

package/dist/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/client/browser.ts"],"sourcesContent":["import { readTrackingFromCookieHeader } from \"../core/cookies.js\";\nimport type { BrowserTrackingResult } from \"../core/types.js\";\n\nfunction resolveCookieSource(cookieSource?: string): string | undefined {\n if (cookieSource !== undefined) {\n return cookieSource;\n }\n\n if (typeof document === \"undefined\") {\n return undefined;\n }\n\n return document.cookie;\n}\n\nexport function getDataFastTracking(cookieSource?: string): BrowserTrackingResult {\n return readTrackingFromCookieHeader(resolveCookieSource(cookieSource));\n}\n\nexport function appendDataFastTracking(\n inputUrl: string | URL,\n tracking: BrowserTrackingResult = getDataFastTracking()\n): string {\n const base = typeof window === \"undefined\" ? \"http://localhost\" : window.location.origin;\n const url = inputUrl instanceof URL ? new URL(inputUrl.toString()) : new URL(inputUrl, base);\n\n if (tracking.visitorId) {\n url.searchParams.set(\"datafast_visitor_id\", tracking.visitorId);\n }\n\n if (tracking.sessionId) {\n url.searchParams.set(\"datafast_session_id\", tracking.sessionId);\n }\n\n if (typeof inputUrl === \"string\" && inputUrl.startsWith(\"/\")) {\n const query = url.searchParams.toString();\n return query ? `${url.pathname}?${query}` : url.pathname;\n }\n\n return url.toString();\n}\n"],"mappings":";;;;;AAGA,SAAS,oBAAoB,cAA2C;AACtE,MAAI,iBAAiB,QAAW;AAC9B,WAAO;AAAA,EACT;AAEA,MAAI,OAAO,aAAa,aAAa;AACnC,WAAO;AAAA,EACT;AAEA,SAAO,SAAS;AAClB;AAEO,SAAS,oBAAoB,cAA8C;AAChF,SAAO,6BAA6B,oBAAoB,YAAY,CAAC;AACvE;AAEO,SAAS,uBACd,UACA,WAAkC,oBAAoB,GAC9C;AACR,QAAM,OAAO,OAAO,WAAW,cAAc,qBAAqB,OAAO,SAAS;AAClF,QAAM,MAAM,oBAAoB,MAAM,IAAI,IAAI,SAAS,SAAS,CAAC,IAAI,IAAI,IAAI,UAAU,IAAI;AAE3F,MAAI,SAAS,WAAW;AACtB,QAAI,aAAa,IAAI,uBAAuB,SAAS,SAAS;AAAA,EAChE;AAEA,MAAI,SAAS,WAAW;AACtB,QAAI,aAAa,IAAI,uBAAuB,SAAS,SAAS;AAAA,EAChE;AAEA,MAAI,OAAO,aAAa,YAAY,SAAS,WAAW,GAAG,GAAG;AAC5D,UAAM,QAAQ,IAAI,aAAa,SAAS;AACxC,WAAO,QAAQ,GAAG,IAAI,QAAQ,IAAI,KAAK,KAAK,IAAI;AAAA,EAClD;AAEA,SAAO,IAAI,SAAS;AACtB;","names":[]}

package/dist/express.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { C as CreemDataFastClient, E as ExpressWebhookHandlerOptions, a as ExpressLikeRequest, b as ExpressLikeResponse } from './types-4FOgdKj_.js';
+declare function createExpressWebhookHandler(client: CreemDataFastClient, options?: ExpressWebhookHandlerOptions): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void>;
+export { ExpressLikeRequest, ExpressLikeResponse, ExpressWebhookHandlerOptions, createExpressWebhookHandler };

package/dist/express.js ADDED Viewed

@@ -0,0 +1,30 @@
+import {
+  InvalidCreemSignatureError
+} from "./chunk-EPUWLMCL.js";
+// src/adapters/express.ts
+function getRawBody(body) {
+  return typeof body === "string" ? body : body.toString("utf8");
+}
+function createExpressWebhookHandler(client, options = {}) {
+  return async (req, res) => {
+    try {
+      await client.handleWebhook({
+        rawBody: getRawBody(req.body),
+        headers: req.headers
+      });
+      res.status(200).send("OK");
+    } catch (error) {
+      await options.onError?.(error);
+      if (error instanceof InvalidCreemSignatureError) {
+        res.status(400).send("Invalid signature");
+        return;
+      }
+      res.status(500).send("Internal error");
+    }
+  };
+}
+export {
+  createExpressWebhookHandler
+};
+//# sourceMappingURL=express.js.map

package/dist/express.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/adapters/express.ts"],"sourcesContent":["import { InvalidCreemSignatureError } from \"../core/errors.js\";\nimport type {\n CreemDataFastClient,\n ExpressLikeRequest,\n ExpressLikeResponse,\n ExpressWebhookHandlerOptions\n} from \"../core/types.js\";\n\nfunction getRawBody(body: Buffer | string): string {\n return typeof body === \"string\" ? body : body.toString(\"utf8\");\n}\n\nexport function createExpressWebhookHandler(\n client: CreemDataFastClient,\n options: ExpressWebhookHandlerOptions = {}\n): (req: ExpressLikeRequest, res: ExpressLikeResponse) => Promise<void> {\n return async (req: ExpressLikeRequest, res: ExpressLikeResponse) => {\n try {\n await client.handleWebhook({\n rawBody: getRawBody(req.body),\n headers: req.headers\n });\n\n res.status(200).send(\"OK\");\n } catch (error) {\n await options.onError?.(error);\n\n if (error instanceof InvalidCreemSignatureError) {\n res.status(400).send(\"Invalid signature\");\n return;\n }\n\n res.status(500).send(\"Internal error\");\n }\n };\n}\n"],"mappings":";;;;;AAQA,SAAS,WAAW,MAA+B;AACjD,SAAO,OAAO,SAAS,WAAW,OAAO,KAAK,SAAS,MAAM;AAC/D;AAEO,SAAS,4BACd,QACA,UAAwC,CAAC,GAC6B;AACtE,SAAO,OAAO,KAAyB,QAA6B;AAClE,QAAI;AACF,YAAM,OAAO,cAAc;AAAA,QACzB,SAAS,WAAW,IAAI,IAAI;AAAA,QAC5B,SAAS,IAAI;AAAA,MACf,CAAC;AAED,UAAI,OAAO,GAAG,EAAE,KAAK,IAAI;AAAA,IAC3B,SAAS,OAAO;AACd,YAAM,QAAQ,UAAU,KAAK;AAE7B,UAAI,iBAAiB,4BAA4B;AAC/C,YAAI,OAAO,GAAG,EAAE,KAAK,mBAAmB;AACxC;AAAA,MACF;AAEA,UAAI,OAAO,GAAG,EAAE,KAAK,gBAAgB;AAAA,IACvC;AAAA,EACF;AACF;","names":[]}

package/dist/idempotency/upstash.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { Redis } from '@upstash/redis';
+import { I as IdempotencyStore } from '../types-4FOgdKj_.js';
+type UpstashRedisLike = Pick<Redis, "del" | "set">;
+/**
+ * Production-ready idempotency store backed by Upstash Redis atomic commands.
+ *
+ * Install `@upstash/redis` in the consuming app and pass an initialized client.
+ */
+declare function createUpstashIdempotencyStore(redis: UpstashRedisLike): IdempotencyStore;
+export { createUpstashIdempotencyStore };

package/dist/idempotency/upstash.js ADDED Viewed

@@ -0,0 +1,24 @@
+// src/idempotency/upstash.ts
+function createUpstashIdempotencyStore(redis) {
+  return {
+    async claim(key, ttlSeconds = 300) {
+      const result = await redis.set(key, "processing", {
+        ex: ttlSeconds,
+        nx: true
+      });
+      return result === "OK";
+    },
+    async complete(key, ttlSeconds = 86400) {
+      await redis.set(key, "processed", {
+        ex: ttlSeconds
+      });
+    },
+    async release(key) {
+      await redis.del(key);
+    }
+  };
+}
+export {
+  createUpstashIdempotencyStore
+};
+//# sourceMappingURL=upstash.js.map

package/dist/idempotency/upstash.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/idempotency/upstash.ts"],"sourcesContent":["import type { Redis } from \"@upstash/redis\";\n\nimport type { IdempotencyStore } from \"../core/types.js\";\n\ntype UpstashRedisLike = Pick<Redis, \"del\" | \"set\">;\n\n/**\n * Production-ready idempotency store backed by Upstash Redis atomic commands.\n *\n * Install `@upstash/redis` in the consuming app and pass an initialized client.\n */\nexport function createUpstashIdempotencyStore(redis: UpstashRedisLike): IdempotencyStore {\n return {\n async claim(key, ttlSeconds = 300) {\n const result = await redis.set(key, \"processing\", {\n ex: ttlSeconds,\n nx: true\n });\n return result === \"OK\";\n },\n async complete(key, ttlSeconds = 86400) {\n await redis.set(key, \"processed\", {\n ex: ttlSeconds\n });\n },\n async release(key) {\n await redis.del(key);\n }\n };\n}\n"],"mappings":";AAWO,SAAS,8BAA8B,OAA2C;AACvF,SAAO;AAAA,IACL,MAAM,MAAM,KAAK,aAAa,KAAK;AACjC,YAAM,SAAS,MAAM,MAAM,IAAI,KAAK,cAAc;AAAA,QAChD,IAAI;AAAA,QACJ,IAAI;AAAA,MACN,CAAC;AACD,aAAO,WAAW;AAAA,IACpB;AAAA,IACA,MAAM,SAAS,KAAK,aAAa,OAAO;AACtC,YAAM,MAAM,IAAI,KAAK,aAAa;AAAA,QAChC,IAAI;AAAA,MACN,CAAC;AAAA,IACH;AAAA,IACA,MAAM,QAAQ,KAAK;AACjB,YAAM,MAAM,IAAI,GAAG;AAAA,IACrB;AAAA,EACF;AACF;","names":[]}