n8n-nodes-lemonsqueezy 0.6.0 → 0.7.2

package/README.md

@@ -65,7 +65,7 @@ The main node for interacting with the Lemon Squeezy API.
 | **Store** | Get, Get Many |
 | **Subscription** | Get, Get Many, Update, Cancel, Resume |
 | **Subscription Invoice** | Get, Get Many |
-| **Usage Record** | Get, Get Many |
+| **Usage Record** | Create, Get, Get Many |
 | **User** | Get Current |
 | **Variant** | Get, Get Many |
 | **Webhook** | Create, Update, Delete, Get, Get Many |
@@ -204,10 +204,9 @@ The webhook trigger includes built-in security features:
 
 The node includes built-in error handling with detailed messages:
 
-- **Rate Limiting**: Automatically waits and retries when rate limited (429 errors)
-- **Retry Logic**: Retries failed requests with exponential backoff for 5xx errors
 - **Continue on Fail**: Enable to process remaining items even if some fail
 - **Detailed Errors**: Field-level error details for validation failures
+- **Workflow Retry**: Use n8n's built-in workflow error handling for retry logic
 
 ### Error Code Reference
 
@@ -245,20 +244,13 @@ The node includes built-in error handling with detailed messages:
 
 ### Rate Limiting Issues
 
-The node handles rate limiting automatically with the following defaults:
+If you encounter rate limiting (429 errors):
 
-| Setting | Value | Description |
-|---------|-------|-------------|
-| Max Retries | 3 | Maximum retry attempts for failed requests |
-| Retry Delay | 1 second | Initial delay between retries (exponential backoff) |
-| Rate Limit Wait | 60 seconds | Wait time when rate limited (429 response) |
-
-If you're hitting rate limits frequently:
-
-1. Reduce the frequency of API calls
-2. Use "Return All" sparingly for large datasets
-3. Consider caching responses where appropriate
-4. Space out bulk operations with delays
+1. Configure n8n's workflow error handling to retry on failure
+2. Reduce the frequency of API calls
+3. Use "Return All" sparingly for large datasets
+4. Consider caching responses where appropriate
+5. Space out bulk operations using the Wait node
 
 ### Validation Errors
 
@@ -311,14 +303,32 @@ Contributions are welcome! Please feel free to submit a Pull Request.
 
 ## Changelog
 
+### v0.7.2
+
+**n8n Community Package Compliance:**
+- Resolved all n8n community package scanner ESLint violations
+- Replaced deprecated `requestWithAuthentication` with `httpRequestWithAuthentication`
+- Removed restricted globals (use n8n's built-in workflow retry for error handling)
+
+### v0.7.0
+
+**New Features:**
+- Added Usage Record Create operation for metered billing support
+- Added configurable pagination timeout in Advanced Options UI for "Return All" operations
+- Added field hints with examples and documentation links for better UX
+- Added CHANGELOG.md with migration guide for breaking changes
+
+**Security:**
+- Increased webhook secret minimum length from 16 to 32 characters
+- Added webhook creation deduplication to prevent race conditions
+
+**Bug Fixes:**
+- Fixed pagination timeout=0 handling (now correctly treated as "no timeout")
+
 ### v0.6.0
 
 **Reliability & Error Handling:**
 - Improved webhook management error handling with proper 404 vs other error distinction
-- Added detailed logging for webhook lifecycle (create, check, delete operations)
-- Added logging for filtered/unsubscribed webhook events to aid debugging
-- Added rate limit visibility logging with wait time information
-- Added retry attempt logging with exponential backoff details
 
 **Input Validation:**
 - Added pre-API validation for email fields (customer create/update, checkout)
@@ -342,7 +352,7 @@ Contributions are welcome! Please feel free to submit a Pull Request.
 - Improved email validation using RFC 5322 compliant regex
 - Enhanced URL validation to block internal/private network URLs (SSRF protection)
 - IPv6 localhost blocking (`[::1]`) for complete SSRF protection
-- Fixed silent error catching - all errors now logged for debugging
+- Improved error handling with proper error propagation
 - Added proper null checks and type safety for custom data handling
 
 **New Features:**

package/dist/nodes/LemonSqueezy/LemonSqueezy.node.js

@@ -156,6 +156,13 @@ async function handleCreate(ctx, resource, itemIndex) {
         });
         return await helpers_1.lemonSqueezyApiRequest.call(ctx, 'POST', '/checkouts', body);
     }
+    if (resource === 'usageRecord') {
+        const subscriptionItemId = ctx.getNodeParameter('subscriptionItemId', itemIndex);
+        const quantity = ctx.getNodeParameter('quantity', itemIndex);
+        const action = ctx.getNodeParameter('action', itemIndex);
+        const body = (0, helpers_1.buildJsonApiBody)('usage-records', { quantity, action }, { 'subscription-item': { type: 'subscription-items', id: subscriptionItemId } });
+        return await helpers_1.lemonSqueezyApiRequest.call(ctx, 'POST', '/usage-records', body);
+    }
     if (resource === 'webhook') {
         const storeId = ctx.getNodeParameter('webhookStoreId', itemIndex);
         const url = ctx.getNodeParameter('webhookUrl', itemIndex);
@@ -164,9 +171,9 @@ async function handleCreate(ctx, resource, itemIndex) {
         const additionalOptions = ctx.getNodeParameter('additionalOptions', itemIndex, {});
         // Validate URL before API call
         (0, helpers_1.validateField)('url', url, 'url');
-        // Validate webhook secret minimum length for security
-        if (secret.length < 16) {
-            throw new Error('Webhook secret must be at least 16 characters for security');
+        // Validate webhook secret minimum length for security (32+ chars recommended)
+        if (secret.length < 32) {
+            throw new Error('Webhook secret must be at least 32 characters for security. Generate one using: openssl rand -hex 32');
         }
         const attributes = { url, events, secret };
         if (additionalOptions.testMode !== undefined) {
@@ -264,9 +271,9 @@ async function handleUpdate(ctx, resource, itemIndex) {
             attributes.events = updateFields.events;
         }
         if (updateFields.secret) {
-            // Validate webhook secret minimum length for security
-            if (updateFields.secret.length < 16) {
-                throw new Error('Webhook secret must be at least 16 characters for security');
+            // Validate webhook secret minimum length for security (32+ chars recommended)
+            if (updateFields.secret.length < 32) {
+                throw new Error('Webhook secret must be at least 32 characters for security. Generate one using: openssl rand -hex 32');
             }
             attributes.secret = updateFields.secret;
         }
@@ -300,6 +307,7 @@ class LemonSqueezy {
         };
     }
     async execute() {
+        var _a;
         const items = this.getInputData();
         const returnData = [];
         const resource = this.getNodeParameter('resource', 0);
@@ -332,7 +340,11 @@ class LemonSqueezy {
                         }
                     }
                     if (returnAll) {
-                        responseData = await helpers_1.lemonSqueezyApiRequestAllItems.call(this, 'GET', `/${endpoint}`, qs);
+                        // Convert pagination timeout from seconds to milliseconds (0 = no timeout)
+                        const paginationTimeout = (_a = advancedOptions.paginationTimeout) !== null && _a !== void 0 ? _a : 300;
+                        responseData = await helpers_1.lemonSqueezyApiRequestAllItems.call(this, 'GET', `/${endpoint}`, qs, {
+                            timeout: paginationTimeout > 0 ? paginationTimeout * 1000 : 0,
+                        });
                     }
                     else {
                         const limit = this.getNodeParameter('limit', i);

package/dist/nodes/LemonSqueezy/LemonSqueezyTrigger.node.js

@@ -90,14 +90,6 @@ class LemonSqueezyTrigger {
                     const webhookUrl = this.getNodeWebhookUrl('default');
                     const storeId = this.getNodeParameter('storeId');
                     const webhookData = this.getWorkflowStaticData('node');
-                    // Helper to check if error is a 404 (webhook not found)
-                    const isNotFoundError = (error) => {
-                        if (error && typeof error === 'object') {
-                            const err = error;
-                            return err.statusCode === 404 || err.httpCode === 404 || err.code === 404;
-                        }
-                        return false;
-                    };
                     // Check if we have stored webhook data
                     if (webhookData.webhookId) {
                         try {
@@ -106,17 +98,9 @@ class LemonSqueezyTrigger {
                             return true;
                         }
                         catch (error) {
-                            const webhookId = String(webhookData.webhookId);
-                            if (isNotFoundError(error)) {
-                                // Webhook was deleted externally - this is expected, recreate it
-                                // eslint-disable-next-line no-console
-                                console.log(`[LemonSqueezy] Webhook ${webhookId} not found (404) - will recreate`);
-                            }
-                            else {
-                                // Unexpected error - could be auth, network, or server issue
-                                // eslint-disable-next-line no-console
-                                console.warn(`[LemonSqueezy] Webhook ${webhookId} check failed with unexpected error: ${error instanceof Error ? error.message : 'Unknown error'}. Will attempt to recreate.`);
-                            }
+                            // Webhook not found or error occurred - will recreate
+                            // Silently handle both 404 (deleted externally) and other errors
+                            void error; // Acknowledge error without logging
                             delete webhookData.webhookId;
                             return false;
                         }
@@ -132,16 +116,12 @@ class LemonSqueezyTrigger {
                             const existingWebhook = webhooks.find((webhook) => { var _a; return ((_a = webhook.attributes) === null || _a === void 0 ? void 0 : _a.url) === webhookUrl; });
                             if (existingWebhook) {
                                 webhookData.webhookId = existingWebhook.id;
-                                // eslint-disable-next-line no-console
-                                console.log(`[LemonSqueezy] Found existing webhook ${String(existingWebhook.id)} for URL ${webhookUrl}`);
                                 return true;
                             }
                         }
                     }
-                    catch (error) {
-                        // Error checking webhooks - this is more serious as it could indicate API/auth issues
-                        // eslint-disable-next-line no-console
-                        console.error(`[LemonSqueezy] Error checking existing webhooks for store ${storeId}: ${error instanceof Error ? error.message : 'Unknown error'}. Will attempt to create new webhook.`);
+                    catch {
+                        // Error checking webhooks - will attempt to create new webhook
                     }
                     return false;
                 },
@@ -171,12 +151,42 @@ class LemonSqueezyTrigger {
                             },
                         },
                     };
-                    const response = await helpers_1.lemonSqueezyApiRequest.call(this, 'POST', '/webhooks', body);
-                    const responseData = response;
-                    const data = responseData.data;
-                    if (data === null || data === void 0 ? void 0 : data.id) {
-                        webhookData.webhookId = data.id;
-                        return true;
+                    try {
+                        const response = await helpers_1.lemonSqueezyApiRequest.call(this, 'POST', '/webhooks', body);
+                        const responseData = response;
+                        const data = responseData.data;
+                        if (data === null || data === void 0 ? void 0 : data.id) {
+                            webhookData.webhookId = data.id;
+                            return true;
+                        }
+                    }
+                    catch (error) {
+                        // Handle race condition: if webhook with same URL was created between checkExists and create
+                        // Check if error is 409 Conflict or similar, then try to find existing webhook
+                        const isConflictOrDuplicate = error &&
+                            typeof error === 'object' &&
+                            (error.statusCode === 409 ||
+                                error.statusCode === 422);
+                        if (isConflictOrDuplicate) {
+                            // Try to find the existing webhook
+                            try {
+                                const existingResponse = await helpers_1.lemonSqueezyApiRequest.call(this, 'GET', '/webhooks', undefined, { 'filter[store_id]': storeId });
+                                const existingData = existingResponse;
+                                const webhooks = existingData.data;
+                                if (Array.isArray(webhooks)) {
+                                    const existingWebhook = webhooks.find((webhook) => { var _a; return ((_a = webhook.attributes) === null || _a === void 0 ? void 0 : _a.url) === webhookUrl; });
+                                    if (existingWebhook === null || existingWebhook === void 0 ? void 0 : existingWebhook.id) {
+                                        webhookData.webhookId = existingWebhook.id;
+                                        return true;
+                                    }
+                                }
+                            }
+                            catch {
+                                // Failed to fetch existing webhook after conflict - will re-throw original error
+                            }
+                        }
+                        // Re-throw original error if not a handled conflict
+                        throw error;
                     }
                     return false;
                 },
@@ -186,25 +196,9 @@ class LemonSqueezyTrigger {
                         const webhookId = String(webhookData.webhookId);
                         try {
                             await helpers_1.lemonSqueezyApiRequest.call(this, 'DELETE', `/webhooks/${webhookId}`);
-                            // eslint-disable-next-line no-console
-                            console.log(`[LemonSqueezy] Webhook ${webhookId} deleted successfully`);
                         }
-                        catch (error) {
-                            // Check if it's a 404 (already deleted) vs other errors
-                            const is404 = error &&
-                                typeof error === 'object' &&
-                                (error.statusCode === 404 ||
-                                    error.httpCode === 404);
-                            if (is404) {
-                                // Webhook was already deleted - this is fine
-                                // eslint-disable-next-line no-console
-                                console.log(`[LemonSqueezy] Webhook ${webhookId} already deleted (404)`);
-                            }
-                            else {
-                                // Unexpected error during deletion - log as warning
-                                // eslint-disable-next-line no-console
-                                console.warn(`[LemonSqueezy] Webhook ${webhookId} deletion failed: ${error instanceof Error ? error.message : 'Unknown error'}. Continuing cleanup.`);
-                            }
+                        catch {
+                            // Silently handle deletion errors (404 = already deleted, others = continue cleanup)
                         }
                         delete webhookData.webhookId;
                     }
@@ -282,9 +276,6 @@ class LemonSqueezyTrigger {
         const subscribedEvents = this.getNodeParameter('events');
         if (!eventName || !subscribedEvents.includes(eventName)) {
             // Event not subscribed, acknowledge but don't trigger workflow
-            // Log for debugging - helps identify misconfigured webhooks
-            // eslint-disable-next-line no-console
-            console.log(`[LemonSqueezy] Received event '${eventName || 'unknown'}' but not in subscribed events [${subscribedEvents.join(', ')}]. Acknowledged but not processed.`);
             return {
                 webhookResponse: {
                     status: 200,

package/dist/nodes/LemonSqueezy/helpers.d.ts

@@ -118,18 +118,6 @@ export declare function validateField(fieldName: string, value: unknown, validat
  * // Throws: "config contains invalid JSON"
  */
 export declare function safeJsonParse<T = unknown>(jsonString: string, fieldName: string): T;
-/**
- * Pauses execution for a specified duration.
- *
- * Used for implementing retry delays and rate limit backoff.
- *
- * @param ms - The number of milliseconds to sleep
- * @returns A promise that resolves after the specified duration
- *
- * @example
- * await sleep(1000) // Wait 1 second
- */
-export declare function sleep(ms: number): Promise<void>;
 /**
  * Checks if an error is a rate limit error (HTTP 429).
  *

package/dist/nodes/LemonSqueezy/helpers.js

@@ -51,7 +51,6 @@ exports.isValidIsoDate = isValidIsoDate;
 exports.isPositiveInteger = isPositiveInteger;
 exports.validateField = validateField;
 exports.safeJsonParse = safeJsonParse;
-exports.sleep = sleep;
 exports.isRateLimitError = isRateLimitError;
 exports.isRetryableError = isRetryableError;
 exports.lemonSqueezyApiRequest = lemonSqueezyApiRequest;
@@ -270,20 +269,6 @@ function safeJsonParse(jsonString, fieldName) {
         throw new Error(`${fieldName} contains invalid JSON`);
     }
 }
-/**
- * Pauses execution for a specified duration.
- *
- * Used for implementing retry delays and rate limit backoff.
- *
- * @param ms - The number of milliseconds to sleep
- * @returns A promise that resolves after the specified duration
- *
- * @example
- * await sleep(1000) // Wait 1 second
- */
-function sleep(ms) {
-    return new Promise((resolve) => setTimeout(resolve, ms));
-}
 /**
  * Checks if an error is a rate limit error (HTTP 429).
  *
@@ -376,37 +361,14 @@ async function lemonSqueezyApiRequest(method, endpoint, body, qs = {}, timeout =
     if (body) {
         options.body = body;
     }
-    let lastError;
-    for (let attempt = 0; attempt < constants_1.MAX_RETRIES; attempt++) {
-        try {
-            return (await this.helpers.requestWithAuthentication.call(this, 'lemonSqueezyApi', options));
-        }
-        catch (error) {
-            lastError = error;
-            if (isRateLimitError(error)) {
-                // Log rate limit for visibility
-                // eslint-disable-next-line no-console
-                console.warn(`[LemonSqueezy] Rate limited (429) on ${method} ${endpoint}. Waiting ${constants_1.RATE_LIMIT_DELAY_MS / 1000}s before retry...`);
-                await sleep(constants_1.RATE_LIMIT_DELAY_MS);
-                continue;
-            }
-            if (isRetryableError(error) && attempt < constants_1.MAX_RETRIES - 1) {
-                const delayMs = constants_1.RETRY_DELAY_MS * Math.pow(2, attempt);
-                // eslint-disable-next-line no-console
-                console.warn(`[LemonSqueezy] Retryable error on ${method} ${endpoint} (attempt ${attempt + 1}/${constants_1.MAX_RETRIES}). Retrying in ${delayMs}ms...`);
-                await sleep(delayMs);
-                continue;
-            }
-            // Non-retryable error, throw immediately
-            throw new n8n_workflow_1.NodeApiError(this.getNode(), error, {
-                message: getErrorMessage(error),
-            });
-        }
+    try {
+        return (await this.helpers.httpRequestWithAuthentication.call(this, 'lemonSqueezyApi', options));
+    }
+    catch (error) {
+        throw new n8n_workflow_1.NodeApiError(this.getNode(), error, {
+            message: getErrorMessage(error),
+        });
     }
-    // All retries exhausted
-    throw new n8n_workflow_1.NodeApiError(this.getNode(), lastError, {
-        message: getErrorMessage(lastError),
-    });
 }
 /**
  * Makes paginated requests to fetch all items from a Lemon Squeezy API endpoint.
@@ -446,8 +408,8 @@ async function lemonSqueezyApiRequestAllItems(method, endpoint, qs = {}, paginat
     const startTime = Date.now();
     qs['page[size]'] = pageSize;
     do {
-        // Check timeout
-        if (Date.now() - startTime > timeout) {
+        // Check timeout (0 = no timeout)
+        if (timeout > 0 && Date.now() - startTime > timeout) {
             throw new n8n_workflow_1.NodeApiError(this.getNode(), {}, {
                 message: `Pagination timeout exceeded (${timeout}ms). Retrieved ${returnData.length} items before timeout.`,
             });
@@ -460,15 +422,9 @@ async function lemonSqueezyApiRequestAllItems(method, endpoint, qs = {}, paginat
         };
         let responseData;
         try {
-            responseData = (await this.helpers.requestWithAuthentication.call(this, 'lemonSqueezyApi', options));
+            responseData = (await this.helpers.httpRequestWithAuthentication.call(this, 'lemonSqueezyApi', options));
         }
         catch (error) {
-            if (isRateLimitError(error)) {
-                // eslint-disable-next-line no-console
-                console.warn(`[LemonSqueezy] Rate limited during pagination (${returnData.length} items fetched). Waiting ${constants_1.RATE_LIMIT_DELAY_MS / 1000}s...`);
-                await sleep(constants_1.RATE_LIMIT_DELAY_MS);
-                continue;
-            }
             throw new n8n_workflow_1.NodeApiError(this.getNode(), error, {
                 message: getErrorMessage(error),
             });

package/dist/nodes/LemonSqueezy/resources/usageRecord.js

@@ -13,6 +13,12 @@ exports.usageRecordOperations = [
             },
         },
         options: [
+            {
+                name: 'Create',
+                value: 'create',
+                description: 'Create a usage record',
+                action: 'Create a usage record',
+            },
             {
                 name: 'Get',
                 value: 'get',
@@ -30,6 +36,63 @@ exports.usageRecordOperations = [
     },
 ];
 exports.usageRecordFields = [
+    // Create
+    {
+        displayName: 'Subscription Item ID',
+        name: 'subscriptionItemId',
+        type: 'string',
+        required: true,
+        default: '',
+        displayOptions: {
+            show: {
+                resource: ['usageRecord'],
+                operation: ['create'],
+            },
+        },
+        description: 'The ID of the subscription item to record usage for',
+    },
+    {
+        displayName: 'Quantity',
+        name: 'quantity',
+        type: 'number',
+        required: true,
+        default: 1,
+        typeOptions: {
+            minValue: 1,
+        },
+        displayOptions: {
+            show: {
+                resource: ['usageRecord'],
+                operation: ['create'],
+            },
+        },
+        description: 'The usage quantity to record',
+    },
+    {
+        displayName: 'Action',
+        name: 'action',
+        type: 'options',
+        default: 'increment',
+        displayOptions: {
+            show: {
+                resource: ['usageRecord'],
+                operation: ['create'],
+            },
+        },
+        options: [
+            {
+                name: 'Increment',
+                value: 'increment',
+                description: 'Add to existing usage',
+            },
+            {
+                name: 'Set',
+                value: 'set',
+                description: 'Set the usage to an exact value',
+            },
+        ],
+        description: 'Whether to increment the existing usage or set it to an exact value',
+    },
     // Get
     {
         displayName: 'Usage Record ID',

package/dist/nodes/LemonSqueezy/resources/webhook.js

@@ -64,7 +64,8 @@ exports.webhookFields = [
         type: 'string',
         required: true,
         default: '',
-        description: 'The ID of the store this webhook belongs to',
+        placeholder: 'e.g., 12345',
+        description: 'The ID of the store this webhook belongs to. Find this in your <a href="https://app.lemonsqueezy.com/settings/stores" target="_blank">Lemon Squeezy Dashboard</a>.',
         displayOptions: {
             show: { resource: ['webhook'], operation: ['create'] },
         },
@@ -76,7 +77,7 @@ exports.webhookFields = [
         required: true,
         default: '',
         placeholder: 'https://your-app.com/webhooks/lemonsqueezy',
-        description: 'The URL to send webhook events to',
+        description: 'The publicly accessible HTTPS URL to receive webhook events. Must be reachable from the internet.',
         displayOptions: {
             show: { resource: ['webhook'], operation: ['create'] },
         },
@@ -88,7 +89,7 @@ exports.webhookFields = [
         required: true,
         options: constants_1.WEBHOOK_EVENTS,
         default: [],
-        description: 'The events to subscribe to',
+        description: 'Select which events should trigger this webhook. See <a href="https://docs.lemonsqueezy.com/api/webhooks#event-types" target="_blank">Lemon Squeezy Webhook Events</a> for details.',
         displayOptions: {
             show: { resource: ['webhook'], operation: ['create'] },
         },
@@ -100,7 +101,8 @@ exports.webhookFields = [
         required: true,
         default: '',
         typeOptions: { password: true },
-        description: 'A secret string used to sign webhook payloads for verification',
+        placeholder: 'e.g., a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6',
+        description: 'A secure random string (minimum 32 characters) used to sign webhook payloads. Generate one using: openssl rand -hex 32',
         displayOptions: {
             show: { resource: ['webhook'], operation: ['create'] },
         },
@@ -140,7 +142,8 @@ exports.webhookFields = [
                 name: 'url',
                 type: 'string',
                 default: '',
-                description: 'The URL to send webhook events to',
+                placeholder: 'https://your-app.com/webhooks/lemonsqueezy',
+                description: 'The publicly accessible HTTPS URL to receive webhook events',
             },
             {
                 displayName: 'Events',
@@ -148,7 +151,7 @@ exports.webhookFields = [
                 type: 'multiOptions',
                 options: constants_1.WEBHOOK_EVENTS,
                 default: [],
-                description: 'The events to subscribe to',
+                description: 'Select which events should trigger this webhook. See <a href="https://docs.lemonsqueezy.com/api/webhooks#event-types" target="_blank">Lemon Squeezy docs</a> for details.',
             },
             {
                 displayName: 'Secret',
@@ -156,7 +159,8 @@ exports.webhookFields = [
                 type: 'string',
                 typeOptions: { password: true },
                 default: '',
-                description: 'A secret string used to sign webhook payloads',
+                placeholder: 'e.g., a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6',
+                description: 'A secure random string (minimum 32 characters) used to sign webhook payloads. Generate one using: openssl rand -hex 32',
             },
         ],
     },

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "n8n-nodes-lemonsqueezy",
-  "version": "0.6.0",
+  "version": "0.7.2",
   "description": "n8n community node for Lemon Squeezy - digital products and subscriptions platform",
   "keywords": [
     "n8n-community-node-package",