n8n-nodes-nodey 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Hesham
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,126 @@
+# n8n-nodes-nodey
+
+[![npm version](https://img.shields.io/npm/v/n8n-nodes-nodey.svg)](https://www.npmjs.com/package/n8n-nodes-nodey)
+[![License](https://img.shields.io/npm/l/n8n-nodes-nodey.svg)](./LICENSE)
+
+**n8n community node that fires a workflow when you tap an NFC tag with the [Nodey mobile app](https://getnodey.com).**
+
+Verified-compatible — installable on n8n Cloud via *Settings → Community Nodes*. Accepts payloads from both iOS and Android Nodey clients and normalizes them into a single shape.
+
+## How it works
+
+1. You install **n8n-nodes-nodey** in your n8n instance.
+2. You add a **Nodey NFC Trigger** node to a workflow. n8n gives you a Production webhook URL.
+3. In the Nodey app, you create an NFC trigger pointing at that URL.
+4. Every tap on the tag POSTs to the webhook and runs your workflow.
+
+## Installation
+
+In n8n Cloud or self-hosted:
+
+1. **Settings → Community Nodes → Install**
+2. Enter the package name: `n8n-nodes-nodey`
+3. Click **Install**
+
+## What you get
+
+- **Webhook trigger** — one POST per NFC tap, no polling.
+- **Cross-platform payload normalization** — iOS and Android send different JSON shapes; the node merges them into a consistent output.
+- **Android `customData` parsing** — Nodey on Android currently sends `customData` as a JSON-encoded string. The node parses it transparently (toggleable).
+- **Optional tag UID allowlist** — restrict the trigger to a specific set of NFC tags.
+- **Forward-compatible HMAC signature verification** — Nodey does not sign requests today, but if you set a webhook secret the node will require an `X-Nodey-Signature` (or `X-Signature`, or `X-Hub-Signature-256`) header. Ready for whenever Nodey ships signing.
+
+## Normalized output
+
+The default **Normalized** output format produces:
+
+```jsonc
+{
+  "platform": "ios" | "android" | "unknown",
+  "triggerName": "Front Door Tag" | null,
+  "triggerType": "nfc",
+  "event": "tap",
+  "timestamp": "2026-05-16T12:30:45.123Z",
+  "source": "Nodey",
+  "triggerId": "8b3f9a7c-…" | null,
+  "customData": { … } | "raw text" | null,
+  "raw": { /* the original request body */ }
+}
+```
+
+Switch to **Raw Payload** in the node settings if you'd rather work with what Nodey sent directly.
+
+## Payload shapes (as of Nodey v2.3.x)
+
+### iOS
+
+```json
+{
+  "trigger_name": "Front Door Tag",
+  "trigger_type": "nfc",
+  "event": "tap",
+  "timestamp": "2026-05-16T12:30:45.123Z",
+  "source": "Nodey"
+}
+```
+
+### Android (valid custom payload)
+
+```json
+{
+  "triggerId": "8b3f9a7c-2d1e-4b5a-9c8f-6a3d1e7b2f4c",
+  "timestamp": "2026-05-16T12:30:45.123Z",
+  "customData": "{\"door\":\"front\",\"action\":\"unlock\"}"
+}
+```
+
+### Android (invalid custom payload fallback)
+
+```json
+{
+  "triggerId": "8b3f9a7c-2d1e-4b5a-9c8f-6a3d1e7b2f4c",
+  "timestamp": "2026-05-16T12:30:45.123Z",
+  "customPayload": "raw text the user entered"
+}
+```
+
+## Delivery semantics
+
+> Nodey attempts delivery **once per scan**. If the device is offline or the request fails, Nodey records the failed attempt locally but does not replay it. Workflows that need guaranteed delivery should handle acknowledgement, retry, or queueing inside n8n.
+
+This matches what the Nodey iOS and Android devs confirmed: at-most-once, best-effort delivery, no retries from the app. NFC scans are intentional physical actions and a delayed replay would surprise users.
+
+## Credentials
+
+Credentials are **optional**. Skip them unless you need allowlisting or signing.
+
+| Field | Purpose |
+|---|---|
+| **Webhook Secret** | Shared secret for HMAC verification. Leave blank — Nodey does not sign requests today. Setting it will reject unsigned requests, so configure once Nodey ships signing. |
+| **Allowed Tag UIDs** | Comma-separated list of tag UIDs / trigger IDs. If set, scans from other tags are silently dropped (200 OK, no workflow run). |
+
+## Local testing
+
+Once installed, paste the **Test URL** from the node panel into curl:
+
+```bash
+# iOS payload
+curl -X POST "<test-webhook-url>" \
+  -H "Content-Type: application/json" \
+  -d '{"trigger_name":"Front Door Tag","trigger_type":"nfc","event":"tap","timestamp":"2026-05-16T12:30:45.123Z","source":"Nodey"}'
+
+# Android payload
+curl -X POST "<test-webhook-url>" \
+  -H "Content-Type: application/json" \
+  -d '{"triggerId":"8b3f9a7c-2d1e-4b5a-9c8f-6a3d1e7b2f4c","timestamp":"2026-05-16T12:30:45.123Z","customData":"{\"door\":\"front\"}"}'
+```
+
+## More tools for n8n users
+
+- **[Nodey](https://getnodey.com)** — Mobile command-centre for n8n. NFC triggers, geo-fenced location triggers, AI workflow builder, and on-the-go workflow debugging.
+- **[n8n-nodes-ghost-blocks-cloud](https://www.npmjs.com/package/n8n-nodes-ghost-blocks-cloud)** — Publish to Ghost CMS from n8n Cloud using a clean content-blocks format.
+- **[n8n-nodes-ghost-blocks](https://www.npmjs.com/package/n8n-nodes-ghost-blocks)** — Full-features Ghost publishing for self-hosted n8n (image upload, oEmbed, OpenGraph).
+
+## License
+
+MIT

package/dist/credentials/NodeyApi.credentials.d.ts

@@ -0,0 +1,16 @@
+import { ICredentialType, INodeProperties, Icon } from 'n8n-workflow';
+/**
+ * Optional credentials for the Nodey NFC Trigger node.
+ *
+ * Nodey does not authenticate webhook requests today. Both fields below are
+ * forward-compatible and have no effect unless populated. Configure later if
+ * Nodey adds HMAC signing, or use the tag UID allowlist immediately.
+ */
+export declare class NodeyApi implements ICredentialType {
+    name: string;
+    displayName: string;
+    documentationUrl: string;
+    icon: Icon;
+    properties: INodeProperties[];
+}
+//# sourceMappingURL=NodeyApi.credentials.d.ts.map

package/dist/credentials/NodeyApi.credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NodeyApi.credentials.d.ts","sourceRoot":"","sources":["../../credentials/NodeyApi.credentials.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,cAAc,CAAC;AAEtE;;;;;;GAMG;AACH,qBAAa,QAAS,YAAW,eAAe;IAC9C,IAAI,SAAc;IAClB,WAAW,SAAe;IAC1B,gBAAgB,SACoF;IACpG,IAAI,EAAE,IAAI,CAAoB;IAE9B,UAAU,EAAE,eAAe,EAAE,CAmB3B;CACH"}

package/dist/credentials/NodeyApi.credentials.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NodeyApi = void 0;
+/**
+ * Optional credentials for the Nodey NFC Trigger node.
+ *
+ * Nodey does not authenticate webhook requests today. Both fields below are
+ * forward-compatible and have no effect unless populated. Configure later if
+ * Nodey adds HMAC signing, or use the tag UID allowlist immediately.
+ */
+class NodeyApi {
+    name = 'nodeyApi';
+    displayName = 'Nodey API';
+    documentationUrl = 'https://github.com/TheFamousHesham/ghost-blocks/tree/master/packages/n8n-node-nodey#credentials';
+    icon = 'file:nodey.svg';
+    properties = [
+        {
+            displayName: 'Webhook Secret',
+            name: 'webhookSecret',
+            type: 'string',
+            typeOptions: { password: true },
+            default: '',
+            description: 'Optional shared secret for HMAC verification. Nodey does not sign requests today — leave blank until signing ships. When set, requests without a valid X-Nodey-Signature header will be rejected.',
+        },
+        {
+            displayName: 'Allowed Tag UIDs',
+            name: 'allowedTagUids',
+            type: 'string',
+            default: '',
+            placeholder: 'uid-1,uid-2,uid-3',
+            description: 'Optional comma-separated allowlist of NFC tag UIDs / trigger IDs. If set, only scans matching one of these IDs trigger the workflow. Leave blank to accept all scans.',
+        },
+    ];
+}
+exports.NodeyApi = NodeyApi;
+//# sourceMappingURL=NodeyApi.credentials.js.map

package/dist/credentials/NodeyApi.credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NodeyApi.credentials.js","sourceRoot":"","sources":["../../credentials/NodeyApi.credentials.ts"],"names":[],"mappings":";;;AAEA;;;;;;GAMG;AACH,MAAa,QAAQ;IACnB,IAAI,GAAG,UAAU,CAAC;IAClB,WAAW,GAAG,WAAW,CAAC;IAC1B,gBAAgB,GACd,iGAAiG,CAAC;IACpG,IAAI,GAAS,gBAAgB,CAAC;IAE9B,UAAU,GAAsB;QAC9B;YACE,WAAW,EAAE,gBAAgB;YAC7B,IAAI,EAAE,eAAe;YACrB,IAAI,EAAE,QAAQ;YACd,WAAW,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE;YAC/B,OAAO,EAAE,EAAE;YACX,WAAW,EACT,mMAAmM;SACtM;QACD;YACE,WAAW,EAAE,kBAAkB;YAC/B,IAAI,EAAE,gBAAgB;YACtB,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,mBAAmB;YAChC,WAAW,EACT,uKAAuK;SAC1K;KACF,CAAC;CACH;AA3BD,4BA2BC"}

package/dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.d.ts

@@ -0,0 +1,6 @@
+import { INodeType, INodeTypeDescription, IWebhookFunctions, IWebhookResponseData } from 'n8n-workflow';
+export declare class NodeyNfcTrigger implements INodeType {
+    description: INodeTypeDescription;
+    webhook(this: IWebhookFunctions): Promise<IWebhookResponseData>;
+}
+//# sourceMappingURL=NodeyNfcTrigger.node.d.ts.map

package/dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"NodeyNfcTrigger.node.d.ts","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.ts"],"names":[],"mappings":"AAOA,OAAO,EAEL,SAAS,EACT,oBAAoB,EACpB,iBAAiB,EACjB,oBAAoB,EAErB,MAAM,cAAc,CAAC;AAqCtB,qBAAa,eAAgB,YAAW,SAAS;IAC/C,WAAW,EAAE,oBAAoB,CAsE/B;IAEI,OAAO,CAAC,IAAI,EAAE,iBAAiB,GAAG,OAAO,CAAC,oBAAoB,CAAC;CAyDtE"}

package/dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.js

@@ -0,0 +1,154 @@
+"use strict";
+// n8n-nodes-nodey — verified-compatible NFC trigger node.
+// Receives NFC tap events from the Nodey mobile app (iOS + Android) via a
+// webhook and emits a normalized payload into the workflow.
+//
+// Uses only n8n-workflow types and node:crypto (via ./verify-signature). No
+// fs, fetch, dns, or timers — passes the verified-community-node sandbox.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NodeyNfcTrigger = void 0;
+const normalize_payload_1 = require("./normalize-payload");
+const verify_signature_1 = require("./verify-signature");
+const SIGNATURE_HEADERS = ['x-nodey-signature', 'x-signature', 'x-hub-signature-256'];
+function parseUidAllowlist(value) {
+    if (!value)
+        return [];
+    return value
+        .split(',')
+        .map((s) => s.trim())
+        .filter(Boolean);
+}
+function extractUid(body) {
+    const candidates = [body.tagUid, body.tag_uid, body.triggerId, body.trigger_id];
+    for (const c of candidates) {
+        if (typeof c === 'string' && c.length > 0)
+            return c;
+    }
+    return undefined;
+}
+function pickSignatureHeader(headers) {
+    for (const name of SIGNATURE_HEADERS) {
+        const value = headers[name];
+        if (typeof value === 'string' && value.length > 0)
+            return value;
+        if (Array.isArray(value) && typeof value[0] === 'string')
+            return value[0];
+    }
+    return undefined;
+}
+class NodeyNfcTrigger {
+    description = {
+        displayName: 'Nodey NFC Trigger',
+        name: 'nodeyNfcTrigger',
+        icon: 'file:nodey.svg',
+        group: ['trigger'],
+        version: 1,
+        description: 'Triggered when an NFC tag is scanned via the Nodey mobile app',
+        defaults: { name: 'Nodey NFC Trigger' },
+        inputs: [],
+        outputs: ['main'],
+        credentials: [{ name: 'nodeyApi', required: false }],
+        webhooks: [
+            {
+                name: 'default',
+                httpMethod: 'POST',
+                responseMode: 'onReceived',
+                path: 'nodey-nfc',
+            },
+        ],
+        properties: [
+            {
+                displayName: 'Triggered when you tap an NFC tag using the <a href="https://getnodey.com" target="_blank">Nodey app</a> on iOS or Android. Copy the Production URL below into your Nodey NFC trigger configuration.',
+                name: 'nodeyPromoNotice',
+                type: 'notice',
+                default: '',
+            },
+            {
+                displayName: 'Output Format',
+                name: 'outputFormat',
+                type: 'options',
+                options: [
+                    {
+                        name: 'Normalized',
+                        value: 'normalized',
+                        description: 'Merge iOS and Android shapes into one consistent object (platform, triggerName, triggerId, customData, ...).',
+                    },
+                    {
+                        name: 'Raw Payload',
+                        value: 'raw',
+                        description: 'Pass the request body straight through without normalization.',
+                    },
+                ],
+                default: 'normalized',
+            },
+            {
+                displayName: 'Parse Android customData',
+                name: 'parseCustomData',
+                type: 'boolean',
+                default: true,
+                description: 'Whether to parse Android\'s customData JSON string into a nested object. iOS payloads are unaffected.',
+                displayOptions: { show: { outputFormat: ['normalized'] } },
+            },
+            {
+                displayName: 'Nodey delivers each scan at-most-once — if the phone is offline or the request fails, Nodey records the failure but does not retry. If your workflow needs guaranteed delivery, handle queueing or acknowledgement on the n8n side.',
+                name: 'deliveryNotice',
+                type: 'notice',
+                default: '',
+            },
+            {
+                displayName: 'More from this author: <a href="https://www.npmjs.com/package/n8n-nodes-ghost-blocks-cloud" target="_blank">n8n-nodes-ghost-blocks-cloud</a> (Ghost CMS publishing, also verified).',
+                name: 'ecosystemNotice',
+                type: 'notice',
+                default: '',
+            },
+        ],
+    };
+    async webhook() {
+        const body = (this.getBodyData() ?? {});
+        const headers = (this.getHeaderData() ?? {});
+        const outputFormat = this.getNodeParameter('outputFormat');
+        const parseCustomData = this.getNodeParameter('parseCustomData', true);
+        const credentials = (await this.getCredentials('nodeyApi').catch(() => null));
+        // Optional HMAC verification — only enforced if a secret is configured.
+        if (credentials?.webhookSecret) {
+            const signatureHeader = pickSignatureHeader(headers);
+            const req = this.getRequestObject();
+            // Express's body-parser stashes the raw body on req.rawBody when configured
+            // to do so. n8n's webhook handler does this for binary endpoints but not
+            // always for JSON — fall back to re-serializing if the raw bytes aren't
+            // available. This is best-effort until Nodey publishes their signing spec.
+            const rawBody = req.rawBody?.toString() ?? JSON.stringify(body);
+            const ok = (0, verify_signature_1.verifySignature)({
+                rawBody,
+                secret: credentials.webhookSecret,
+                signatureHeader,
+            });
+            if (!ok) {
+                return {
+                    webhookResponse: {
+                        status: 401,
+                        body: { error: 'invalid signature' },
+                    },
+                };
+            }
+        }
+        // Optional tag UID allowlist — silently 200 OK on mismatch so an attacker
+        // can't probe the allowlist by watching status codes.
+        const allowed = parseUidAllowlist(credentials?.allowedTagUids);
+        if (allowed.length > 0) {
+            const incoming = extractUid(body);
+            if (!incoming || !allowed.includes(incoming)) {
+                return {
+                    webhookResponse: { status: 200, body: { status: 'ignored' } },
+                };
+            }
+        }
+        const output = outputFormat === 'raw' ? body : (0, normalize_payload_1.normalize)(body, parseCustomData);
+        return {
+            workflowData: [[{ json: output }]],
+            webhookResponse: { status: 200, body: { status: 'ok' } },
+        };
+    }
+}
+exports.NodeyNfcTrigger = NodeyNfcTrigger;
+//# sourceMappingURL=NodeyNfcTrigger.node.js.map

package/dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"NodeyNfcTrigger.node.js","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.ts"],"names":[],"mappings":";AAAA,0DAA0D;AAC1D,0EAA0E;AAC1E,4DAA4D;AAC5D,EAAE;AACF,4EAA4E;AAC5E,0EAA0E;;;AAW1E,2DAAgD;AAChD,yDAAqD;AAOrD,MAAM,iBAAiB,GAAG,CAAC,mBAAmB,EAAE,aAAa,EAAE,qBAAqB,CAAC,CAAC;AAEtF,SAAS,iBAAiB,CAAC,KAAyB;IAClD,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,MAAM,CAAC,OAAO,CAAC,CAAC;AACrB,CAAC;AAED,SAAS,UAAU,CAAC,IAAiB;IACnC,MAAM,UAAU,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;IAChF,KAAK,MAAM,CAAC,IAAI,UAAU,EAAE,CAAC;QAC3B,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;IACtD,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAgC;IAC3D,KAAK,MAAM,IAAI,IAAI,iBAAiB,EAAE,CAAC;QACrC,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,KAAK,CAAC;QAChE,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ;YAAE,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5E,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAa,eAAe;IAC1B,WAAW,GAAyB;QAClC,WAAW,EAAE,mBAAmB;QAChC,IAAI,EAAE,iBAAiB;QACvB,IAAI,EAAE,gBAAwB;QAC9B,KAAK,EAAE,CAAC,SAAS,CAAC;QAClB,OAAO,EAAE,CAAC;QACV,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE;QACvC,MAAM,EAAE,EAAS;QACjB,OAAO,EAAE,CAAC,MAAM,CAAQ;QACxB,WAAW,EAAE,CAAC,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;QACpD,QAAQ,EAAE;YACR;gBACE,IAAI,EAAE,SAAS;gBACf,UAAU,EAAE,MAAM;gBAClB,YAAY,EAAE,YAAY;gBAC1B,IAAI,EAAE,WAAW;aAClB;SACF;QACD,UAAU,EAAE;YACV;gBACE,WAAW,EACT,sMAAsM;gBACxM,IAAI,EAAE,kBAAkB;gBACxB,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,EAAE;aACZ;YACD;gBACE,WAAW,EAAE,eAAe;gBAC5B,IAAI,EAAE,cAAc;gBACpB,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,YAAY;wBAClB,KAAK,EAAE,YAAY;wBACnB,WAAW,EACT,8GAA8G;qBACjH;oBACD;wBACE,IAAI,EAAE,aAAa;wBACnB,KAAK,EAAE,KAAK;wBACZ,WAAW,EAAE,+DAA+D;qBAC7E;iBACF;gBACD,OAAO,EAAE,YAAY;aACtB;YACD;gBACE,WAAW,EAAE,0BAA0B;gBACvC,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,IAAI;gBACb,WAAW,EACT,uGAAuG;gBACzG,cAAc,EAAE,EAAE,IAAI,EAAE,EAAE,YAAY,EAAE,CAAC,YAAY,CAAC,EAAE,EAAE;aAC3D;YACD;gBACE,WAAW,EACT,qOAAqO;gBACvO,IAAI,EAAE,gBAAgB;gBACtB,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,EAAE;aACZ;YACD;gBACE,WAAW,EACT,qLAAqL;gBACvL,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,EAAE;aACZ;SACF;KACF,CAAC;IAEF,KAAK,CAAC,OAAO;QACX,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,EAAE,CAAgB,CAAC;QACvD,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,EAAE,CAA4B,CAAC;QACxE,MAAM,YAAY,GAAG,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAW,CAAC;QACrE,MAAM,eAAe,GAAG,IAAI,CAAC,gBAAgB,CAAC,iBAAiB,EAAE,IAAI,CAAY,CAAC;QAElF,MAAM,WAAW,GAAG,CAAC,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAEpE,CAAC;QAET,wEAAwE;QACxE,IAAI,WAAW,EAAE,aAAa,EAAE,CAAC;YAC/B,MAAM,eAAe,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;YACrD,MAAM,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACpC,4EAA4E;YAC5E,yEAAyE;YACzE,wEAAwE;YACxE,2EAA2E;YAC3E,MAAM,OAAO,GACV,GAAgD,CAAC,OAAO,EAAE,QAAQ,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YAEhG,MAAM,EAAE,GAAG,IAAA,kCAAe,EAAC;gBACzB,OAAO;gBACP,MAAM,EAAE,WAAW,CAAC,aAAa;gBACjC,eAAe;aAChB,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,OAAO;oBACL,eAAe,EAAE;wBACf,MAAM,EAAE,GAAG;wBACX,IAAI,EAAE,EAAE,KAAK,EAAE,mBAAmB,EAAE;qBACrC;iBACF,CAAC;YACJ,CAAC;QACH,CAAC;QAED,0EAA0E;QAC1E,sDAAsD;QACtD,MAAM,OAAO,GAAG,iBAAiB,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;QAC/D,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC;YAClC,IAAI,CAAC,QAAQ,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7C,OAAO;oBACL,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;iBAC9D,CAAC;YACJ,CAAC;QACH,CAAC;QAED,MAAM,MAAM,GACV,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAE,IAAA,6BAAS,EAAC,IAAI,EAAE,eAAe,CAA4B,CAAC;QAE/F,OAAO;YACL,YAAY,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC;YAClC,eAAe,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE;SACzD,CAAC;IACJ,CAAC;CACF;AAlID,0CAkIC"}

package/dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.json

@@ -0,0 +1,18 @@
+{
+  "node": "n8n-nodes-base.nodeyNfcTrigger",
+  "nodeVersion": "1.0",
+  "codexVersion": "1.0",
+  "categories": ["Mobile", "Trigger"],
+  "resources": {
+    "credentialDocumentation": [
+      {
+        "url": "https://github.com/TheFamousHesham/ghost-blocks/tree/master/packages/n8n-node-nodey#credentials"
+      }
+    ],
+    "primaryDocumentation": [
+      {
+        "url": "https://github.com/TheFamousHesham/ghost-blocks/tree/master/packages/n8n-node-nodey"
+      }
+    ]
+  }
+}

package/dist/nodes/NodeyNfcTrigger/nodey.svg

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 60 60" width="60" height="60">
+  <rect width="60" height="60" rx="12" fill="#6D28D9"/>
+  <g fill="none" stroke="#FFFFFF" stroke-linecap="round" stroke-width="3">
+    <circle cx="18" cy="30" r="3" fill="#FFFFFF" stroke="none"/>
+    <path d="M26 22 a10 10 0 0 1 0 16"/>
+    <path d="M33 16 a18 18 0 0 1 0 28"/>
+    <path d="M40 10 a26 26 0 0 1 0 40"/>
+  </g>
+</svg>

package/dist/nodes/NodeyNfcTrigger/normalize-payload.d.ts

@@ -0,0 +1,14 @@
+export type Platform = 'ios' | 'android' | 'unknown';
+export interface NormalizedPayload {
+    platform: Platform;
+    triggerName: string | null;
+    triggerType: string;
+    event: string;
+    timestamp: string;
+    source: string;
+    triggerId: string | null;
+    customData: unknown;
+    raw: Record<string, unknown>;
+}
+export declare function normalize(body: Record<string, unknown>, parseCustomData: boolean): NormalizedPayload;
+//# sourceMappingURL=normalize-payload.d.ts.map

package/dist/nodes/NodeyNfcTrigger/normalize-payload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"normalize-payload.d.ts","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/normalize-payload.ts"],"names":[],"mappings":"AAGA,MAAM,MAAM,QAAQ,GAAG,KAAK,GAAG,SAAS,GAAG,SAAS,CAAC;AAErD,MAAM,WAAW,iBAAiB;IAChC,QAAQ,EAAE,QAAQ,CAAC;IACnB,WAAW,EAAE,MAAM,GAAG,IAAI,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,UAAU,EAAE,OAAO,CAAC;IACpB,GAAG,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC9B;AAuCD,wBAAgB,SAAS,CACvB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EAC7B,eAAe,EAAE,OAAO,GACvB,iBAAiB,CAenB"}

package/dist/nodes/NodeyNfcTrigger/normalize-payload.js

@@ -0,0 +1,58 @@
+"use strict";
+// Pure logic to merge iOS + Android NFC payloads into a consistent shape.
+// No imports — keeps the function trivially testable and sandbox-friendly.
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.normalize = normalize;
+const isString = (v) => typeof v === 'string';
+function detectPlatform(body) {
+    // iOS shape: has snake_case trigger fields and a "source" of "Nodey".
+    if ('trigger_name' in body || 'trigger_type' in body || body.source === 'Nodey') {
+        return 'ios';
+    }
+    // Android shape: has triggerId (UUID) plus customData OR customPayload.
+    if ('triggerId' in body && ('customData' in body || 'customPayload' in body)) {
+        return 'android';
+    }
+    // Looser Android detection: any triggerId without iOS fields.
+    if ('triggerId' in body) {
+        return 'android';
+    }
+    return 'unknown';
+}
+function extractCustomData(body, parseCustomData) {
+    // Android valid-JSON case: customData is a JSON-encoded string.
+    if ('customData' in body) {
+        const raw = body.customData;
+        if (!parseCustomData)
+            return raw;
+        if (!isString(raw))
+            return raw; // already an object (forward-compat)
+        try {
+            return JSON.parse(raw);
+        }
+        catch {
+            return raw;
+        }
+    }
+    // Android invalid-JSON fallback: customPayload holds raw user text.
+    if ('customPayload' in body) {
+        return body.customPayload;
+    }
+    return null;
+}
+function normalize(body, parseCustomData) {
+    const platform = detectPlatform(body);
+    const customData = extractCustomData(body, parseCustomData);
+    return {
+        platform,
+        triggerName: isString(body.trigger_name) ? body.trigger_name : null,
+        triggerType: isString(body.trigger_type) ? body.trigger_type : 'nfc',
+        event: isString(body.event) ? body.event : 'tap',
+        timestamp: isString(body.timestamp) ? body.timestamp : new Date().toISOString(),
+        source: isString(body.source) ? body.source : 'Nodey',
+        triggerId: isString(body.triggerId) ? body.triggerId : null,
+        customData,
+        raw: body,
+    };
+}
+//# sourceMappingURL=normalize-payload.js.map

package/dist/nodes/NodeyNfcTrigger/normalize-payload.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"normalize-payload.js","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/normalize-payload.ts"],"names":[],"mappings":";AAAA,0EAA0E;AAC1E,2EAA2E;;AAqD3E,8BAkBC;AAvDD,MAAM,QAAQ,GAAG,CAAC,CAAU,EAAe,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,CAAC;AAEpE,SAAS,cAAc,CAAC,IAA6B;IACnD,sEAAsE;IACtE,IAAI,cAAc,IAAI,IAAI,IAAI,cAAc,IAAI,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,OAAO,EAAE,CAAC;QAChF,OAAO,KAAK,CAAC;IACf,CAAC;IACD,wEAAwE;IACxE,IAAI,WAAW,IAAI,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,IAAI,eAAe,IAAI,IAAI,CAAC,EAAE,CAAC;QAC7E,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,8DAA8D;IAC9D,IAAI,WAAW,IAAI,IAAI,EAAE,CAAC;QACxB,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,iBAAiB,CAAC,IAA6B,EAAE,eAAwB;IAChF,gEAAgE;IAChE,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QACzB,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC;QAC5B,IAAI,CAAC,eAAe;YAAE,OAAO,GAAG,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC,CAAC,qCAAqC;QACrE,IAAI,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,GAAG,CAAC;QACb,CAAC;IACH,CAAC;IACD,oEAAoE;IACpE,IAAI,eAAe,IAAI,IAAI,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAgB,SAAS,CACvB,IAA6B,EAC7B,eAAwB;IAExB,MAAM,QAAQ,GAAG,cAAc,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,UAAU,GAAG,iBAAiB,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC;IAE5D,OAAO;QACL,QAAQ;QACR,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI;QACnE,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK;QACpE,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK;QAChD,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QAC/E,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO;QACrD,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI;QAC3D,UAAU;QACV,GAAG,EAAE,IAAI;KACV,CAAC;AACJ,CAAC"}

package/dist/nodes/NodeyNfcTrigger/verify-signature.d.ts

@@ -0,0 +1,8 @@
+export interface VerifyOptions {
+    rawBody: string;
+    secret: string;
+    signatureHeader: string | undefined;
+    algorithm?: 'sha256' | 'sha512';
+}
+export declare function verifySignature(opts: VerifyOptions): boolean;
+//# sourceMappingURL=verify-signature.d.ts.map

package/dist/nodes/NodeyNfcTrigger/verify-signature.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-signature.d.ts","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/verify-signature.ts"],"names":[],"mappings":"AAUA,MAAM,WAAW,aAAa;IAG5B,OAAO,EAAE,MAAM,CAAC;IAEhB,MAAM,EAAE,MAAM,CAAC;IAEf,eAAe,EAAE,MAAM,GAAG,SAAS,CAAC;IAEpC,SAAS,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC;CACjC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAmB5D"}

package/dist/nodes/NodeyNfcTrigger/verify-signature.js

@@ -0,0 +1,31 @@
+"use strict";
+// HMAC signature verification.
+//
+// Nodey does NOT sign webhook requests today — see the developer responses in
+// the HANDOFF.md. This helper is here so the node can opt-in to verification
+// the moment Nodey ships signing without a new package release.
+//
+// Uses node:crypto (allowed by n8n's verified-community-node sandbox).
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifySignature = verifySignature;
+const node_crypto_1 = require("node:crypto");
+function verifySignature(opts) {
+    const { rawBody, secret, signatureHeader } = opts;
+    if (!signatureHeader || !secret)
+        return false;
+    const algorithm = opts.algorithm ?? 'sha256';
+    const provided = signatureHeader.startsWith(`${algorithm}=`)
+        ? signatureHeader.slice(algorithm.length + 1)
+        : signatureHeader;
+    const expected = (0, node_crypto_1.createHmac)(algorithm, secret).update(rawBody).digest('hex');
+    // timingSafeEqual requires equal-length buffers; bail early otherwise.
+    if (provided.length !== expected.length)
+        return false;
+    try {
+        return (0, node_crypto_1.timingSafeEqual)(Buffer.from(provided, 'hex'), Buffer.from(expected, 'hex'));
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=verify-signature.js.map

package/dist/nodes/NodeyNfcTrigger/verify-signature.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify-signature.js","sourceRoot":"","sources":["../../../nodes/NodeyNfcTrigger/verify-signature.ts"],"names":[],"mappings":";AAAA,+BAA+B;AAC/B,EAAE;AACF,8EAA8E;AAC9E,6EAA6E;AAC7E,gEAAgE;AAChE,EAAE;AACF,uEAAuE;;AAgBvE,0CAmBC;AAjCD,6CAA0D;AAc1D,SAAgB,eAAe,CAAC,IAAmB;IACjD,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,IAAI,CAAC;IAClD,IAAI,CAAC,eAAe,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAE9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,QAAQ,CAAC;IAC7C,MAAM,QAAQ,GAAG,eAAe,CAAC,UAAU,CAAC,GAAG,SAAS,GAAG,CAAC;QAC1D,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC;QAC7C,CAAC,CAAC,eAAe,CAAC;IAEpB,MAAM,QAAQ,GAAG,IAAA,wBAAU,EAAC,SAAS,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAE7E,uEAAuE;IACvE,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAEtD,IAAI,CAAC;QACH,OAAO,IAAA,6BAAe,EAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IACrF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/index.js

@@ -0,0 +1 @@
+module.exports = {};

package/package.json

@@ -0,0 +1,60 @@
+{
+  "name": "n8n-nodes-nodey",
+  "version": "0.1.0",
+  "description": "n8n community node that triggers workflows from NFC tag scans in the Nodey mobile app (iOS + Android). Verified-compatible, accepts payloads from both platforms and normalizes them into a single shape.",
+  "keywords": [
+    "n8n-community-node-package",
+    "n8n",
+    "trigger",
+    "nfc",
+    "webhook",
+    "nodey",
+    "mobile",
+    "automation",
+    "ios",
+    "android"
+  ],
+  "homepage": "https://github.com/TheFamousHesham/ghost-blocks/tree/master/packages/n8n-node-nodey",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/TheFamousHesham/ghost-blocks.git",
+    "directory": "packages/n8n-node-nodey"
+  },
+  "bugs": {
+    "url": "https://github.com/TheFamousHesham/ghost-blocks/issues"
+  },
+  "license": "MIT",
+  "author": "Hesham <hesham@betterbrainlab.org>",
+  "main": "index.js",
+  "scripts": {
+    "build": "tsc && npm run copy:assets",
+    "copy:assets": "node -e \"require('fs').cpSync('nodes', 'dist/nodes', { recursive: true, filter: (s) => !s.endsWith('.ts') })\"",
+    "lint": "tsc --noEmit",
+    "test": "node --test test/",
+    "clean": "rm -rf dist *.tsbuildinfo",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "files": [
+    "dist"
+  ],
+  "n8n": {
+    "n8nNodesApiVersion": 1,
+    "credentials": [
+      "dist/credentials/NodeyApi.credentials.js"
+    ],
+    "nodes": [
+      "dist/nodes/NodeyNfcTrigger/NodeyNfcTrigger.node.js"
+    ]
+  },
+  "peerDependencies": {
+    "n8n-workflow": "*"
+  },
+  "devDependencies": {
+    "@types/node": "^20.11.0",
+    "n8n-workflow": "^1.30.0",
+    "typescript": "^5.3.3"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}