paybridge 0.5.0 → 0.7.0

package/dist/crypto/ramp.js

@@ -0,0 +1,179 @@
+"use strict";
+/**
+ * Ramp Network crypto on/off-ramp provider
+ * @see https://docs.ramp.network/
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RampProvider = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+class RampProvider extends base_1.CryptoRampProvider {
+    constructor(config) {
+        super();
+        this.name = 'ramp';
+        this.hostApiKey = config.hostApiKey;
+        this.webhookSecret = config.webhookSecret;
+        this.sandbox = config.sandbox;
+        this.widgetUrl = this.sandbox
+            ? 'https://ri-widget-staging.firebaseapp.com'
+            : 'https://buy.ramp.network';
+        this.apiUrl = 'https://api.ramp.network/api/host-api/v3';
+    }
+    async getQuote(_direction, fiatAmount, _fiatCurrency, _cryptoAsset, _network) {
+        return {
+            fiatAmount,
+            cryptoAmount: 0,
+            rate: 0,
+            feeFixed: 0,
+            feePercent: 2.9,
+            feeTotal: (fiatAmount * 2.9) / 100,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+    }
+    async createOnRamp(params) {
+        (0, base_1.validateWalletAddress)(params.destinationWallet, params.network);
+        const quote = await this.getQuote('on', params.fiatAmount, params.fiatCurrency, params.asset, params.network);
+        const swapAsset = `${params.asset}_${params.network}`;
+        const queryParams = new URLSearchParams({
+            hostApiKey: this.hostApiKey,
+            swapAsset: swapAsset.toUpperCase(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            fiatValue: params.fiatAmount.toString(),
+            userAddress: params.destinationWallet,
+            userEmailAddress: params.customer.email,
+            finalUrl: params.urls.success,
+        });
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `ramp_on_${params.reference}`,
+            direction: 'on',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async createOffRamp(params) {
+        if (params.sourceWallet) {
+            (0, base_1.validateWalletAddress)(params.sourceWallet, params.network);
+        }
+        const quote = await this.getQuote('off', params.cryptoAmount, params.fiatCurrency, params.asset, params.network);
+        const swapAsset = `${params.asset}_${params.network}`;
+        const queryParams = new URLSearchParams({
+            hostApiKey: this.hostApiKey,
+            swapAsset: swapAsset.toUpperCase(),
+            defaultFlow: 'OFFRAMP',
+        });
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `ramp_off_${params.reference}`,
+            direction: 'off',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async getRamp(id) {
+        const response = await (0, fetch_1.timedFetch)(`${this.apiUrl}/${id}`);
+        if (!response.ok) {
+            throw new Error(`Ramp Network getRamp failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const direction = data.type === 'ONRAMP' ? 'on' : 'off';
+        const status = this.mapRampStatus(data.status);
+        const quote = {
+            fiatAmount: data.fiatValue || 0,
+            cryptoAmount: data.cryptoAmount || 0,
+            rate: data.assetExchangeRate || 0,
+            feeFixed: 0,
+            feePercent: 0,
+            feeTotal: data.appliedFee || 0,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+        return {
+            id: data.id,
+            direction,
+            status,
+            quote,
+            txHash: data.cryptoTxHash,
+            createdAt: data.createdAt,
+            raw: data,
+        };
+    }
+    parseWebhook(body, _headers) {
+        const event = typeof body === 'string' ? JSON.parse(body) : body;
+        return {
+            type: event.type,
+            data: event.purchase || event,
+            raw: event,
+        };
+    }
+    /**
+     * Ramp Network webhook verification (HMAC placeholder).
+     *
+     * TODO(verify): Ramp Network uses ECDSA secp256k1 for webhook signatures.
+     * This implementation uses HMAC-SHA256 as a placeholder. Production deployments
+     * should implement ECDSA verification using Ramp's public key.
+     */
+    verifyWebhook(body, headers) {
+        if (!this.webhookSecret)
+            return false;
+        const signature = headers?.['x-body-signature'];
+        if (!signature)
+            return false;
+        const rawBody = typeof body === 'string' ? body : body.toString('utf8');
+        const computedSig = crypto_1.default
+            .createHmac('sha256', this.webhookSecret)
+            .update(rawBody)
+            .digest('hex');
+        try {
+            const computedBuffer = Buffer.from(computedSig, 'hex');
+            const expectedBuffer = Buffer.from(signature, 'hex');
+            if (computedBuffer.length !== expectedBuffer.length) {
+                return false;
+            }
+            return crypto_1.default.timingSafeEqual(computedBuffer, expectedBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+    getCapabilities() {
+        return {
+            supportedAssets: ['BTC', 'ETH', 'USDT', 'USDC', 'DAI', 'MATIC'],
+            supportedNetworks: ['BTC', 'ETH', 'POLYGON', 'BSC'],
+            supportedFiat: ['USD', 'EUR', 'GBP', 'ZAR', 'AUD', 'CAD'],
+            country: 'GLOBAL',
+            kycRequired: true,
+            onRampLimits: { min: 30, max: 30000 },
+            offRampLimits: { min: 50, max: 30000 },
+            fees: {
+                onRampPercent: 2.9,
+                offRampPercent: 1.9,
+            },
+        };
+    }
+    mapRampStatus(rampStatus) {
+        const statusMap = {
+            INITIALIZED: 'pending',
+            PAYMENT_STARTED: 'pending',
+            PAYMENT_IN_PROGRESS: 'pending',
+            PAYMENT_EXECUTED: 'pending',
+            FIAT_SENT: 'pending',
+            FIAT_RECEIVED: 'pending',
+            RELEASING: 'pending',
+            RELEASED: 'completed',
+            EXPIRED: 'expired',
+            CANCELLED: 'expired',
+        };
+        return statusMap[rampStatus] || 'pending';
+    }
+}
+exports.RampProvider = RampProvider;

package/dist/crypto/transak.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Transak crypto on/off-ramp provider
+ * @see https://docs.transak.com/
+ */
+import { CryptoRampProvider } from './base';
+import { OnRampParams, OffRampParams, RampQuote, RampResult, CryptoRampCapabilities } from './types';
+interface TransakConfig {
+    apiKey: string;
+    apiSecret: string;
+    sandbox: boolean;
+    webhookSecret?: string;
+}
+export declare class TransakProvider extends CryptoRampProvider {
+    readonly name = "transak";
+    private apiKey;
+    private apiSecret;
+    private sandbox;
+    private widgetUrl;
+    private apiUrl;
+    private webhookSecret?;
+    constructor(config: TransakConfig);
+    getQuote(direction: 'on' | 'off', fiatAmount: number, fiatCurrency: string, cryptoAsset: string, _network: string): Promise<RampQuote>;
+    createOnRamp(params: OnRampParams): Promise<RampResult>;
+    createOffRamp(params: OffRampParams): Promise<RampResult>;
+    getRamp(id: string): Promise<RampResult>;
+    parseWebhook(body: any, _headers?: any): any;
+    verifyWebhook(body: string | Buffer, headers?: any): boolean;
+    getCapabilities(): CryptoRampCapabilities;
+    private signWidgetUrl;
+    private mapTransakStatus;
+}
+export {};

package/dist/crypto/transak.js

@@ -0,0 +1,212 @@
+"use strict";
+/**
+ * Transak crypto on/off-ramp provider
+ * @see https://docs.transak.com/
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TransakProvider = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+class TransakProvider extends base_1.CryptoRampProvider {
+    constructor(config) {
+        super();
+        this.name = 'transak';
+        this.apiKey = config.apiKey;
+        this.apiSecret = config.apiSecret;
+        this.sandbox = config.sandbox;
+        this.webhookSecret = config.webhookSecret;
+        this.widgetUrl = this.sandbox
+            ? 'https://global-stg.transak.com'
+            : 'https://global.transak.com';
+        this.apiUrl = this.sandbox
+            ? 'https://api-stg.transak.com'
+            : 'https://api.transak.com';
+    }
+    async getQuote(direction, fiatAmount, fiatCurrency, cryptoAsset, _network) {
+        const params = new URLSearchParams({
+            fiatCurrency: fiatCurrency.toUpperCase(),
+            cryptoCurrency: cryptoAsset.toUpperCase(),
+            fiatAmount: fiatAmount.toString(),
+            paymentMethod: 'credit_debit_card',
+            isBuyOrSell: direction === 'on' ? 'BUY' : 'SELL',
+        });
+        const url = `${this.apiUrl}/api/v2/currencies/price?${params}`;
+        const response = await (0, fetch_1.timedFetch)(url, {
+            headers: {
+                'api-secret': this.apiSecret,
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Transak quote failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const cryptoAmount = data.response?.cryptoAmount || 0;
+        const totalFee = data.response?.totalFee || 0;
+        const rate = fiatAmount > 0 ? cryptoAmount / fiatAmount : 0;
+        return {
+            fiatAmount,
+            cryptoAmount,
+            rate,
+            feeFixed: 0,
+            feePercent: (totalFee / fiatAmount) * 100,
+            feeTotal: totalFee,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+    }
+    async createOnRamp(params) {
+        (0, base_1.validateWalletAddress)(params.destinationWallet, params.network);
+        const quote = await this.getQuote('on', params.fiatAmount, params.fiatCurrency, params.asset, params.network);
+        const queryParams = new URLSearchParams({
+            apiKey: this.apiKey,
+            fiatAmount: params.fiatAmount.toString(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            cryptoCurrencyCode: params.asset.toUpperCase(),
+            network: params.network.toUpperCase(),
+            walletAddress: params.destinationWallet,
+            email: params.customer.email,
+            partnerOrderId: params.reference,
+            redirectURL: params.urls.success,
+        });
+        const signature = this.signWidgetUrl(queryParams.toString());
+        queryParams.append('signature', signature);
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `transak_on_${params.reference}`,
+            direction: 'on',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async createOffRamp(params) {
+        if (params.sourceWallet) {
+            (0, base_1.validateWalletAddress)(params.sourceWallet, params.network);
+        }
+        const quote = await this.getQuote('off', params.cryptoAmount, params.fiatCurrency, params.asset, params.network);
+        const queryParams = new URLSearchParams({
+            apiKey: this.apiKey,
+            productsAvailed: 'SELL',
+            cryptoCurrencyCode: params.asset.toUpperCase(),
+            network: params.network.toUpperCase(),
+            fiatCurrency: params.fiatCurrency.toUpperCase(),
+            partnerOrderId: params.reference,
+        });
+        if (params.urls?.success) {
+            queryParams.append('redirectURL', params.urls.success);
+        }
+        const signature = this.signWidgetUrl(queryParams.toString());
+        queryParams.append('signature', signature);
+        const checkoutUrl = `${this.widgetUrl}?${queryParams}`;
+        return {
+            id: `transak_off_${params.reference}`,
+            direction: 'off',
+            status: 'pending',
+            quote,
+            checkoutUrl,
+            createdAt: new Date().toISOString(),
+            expiresAt: quote.expiresAt,
+        };
+    }
+    async getRamp(id) {
+        const response = await (0, fetch_1.timedFetch)(`${this.apiUrl}/api/v2/orders/${id}`, {
+            headers: {
+                'api-secret': this.apiSecret,
+            },
+        });
+        if (!response.ok) {
+            throw new Error(`Transak getRamp failed: ${response.status}`);
+        }
+        const data = (await response.json());
+        const order = data.response;
+        const direction = order.isBuyOrSell === 'BUY' ? 'on' : 'off';
+        const status = this.mapTransakStatus(order.status);
+        const quote = {
+            fiatAmount: order.fiatAmount || 0,
+            cryptoAmount: order.cryptoAmount || 0,
+            rate: order.conversionPrice || 0,
+            feeFixed: 0,
+            feePercent: 0,
+            feeTotal: order.totalFee || 0,
+            expiresAt: new Date(Date.now() + 5 * 60 * 1000).toISOString(),
+        };
+        return {
+            id: order.id,
+            direction,
+            status,
+            quote,
+            txHash: order.transactionHash,
+            createdAt: order.createdAt,
+            raw: data,
+        };
+    }
+    parseWebhook(body, _headers) {
+        const event = typeof body === 'string' ? JSON.parse(body) : body;
+        return {
+            type: event.eventName,
+            data: event.data,
+            raw: event,
+        };
+    }
+    verifyWebhook(body, headers) {
+        if (!this.webhookSecret)
+            return false;
+        const signature = headers?.['x-transak-signature'];
+        if (!signature)
+            return false;
+        const rawBody = typeof body === 'string' ? body : body.toString('utf8');
+        const computedSig = crypto_1.default
+            .createHmac('sha256', this.webhookSecret)
+            .update(rawBody)
+            .digest('hex');
+        try {
+            const computedBuffer = Buffer.from(computedSig, 'hex');
+            const expectedBuffer = Buffer.from(signature, 'hex');
+            if (computedBuffer.length !== expectedBuffer.length) {
+                return false;
+            }
+            return crypto_1.default.timingSafeEqual(computedBuffer, expectedBuffer);
+        }
+        catch {
+            return false;
+        }
+    }
+    getCapabilities() {
+        return {
+            supportedAssets: ['BTC', 'ETH', 'USDT', 'USDC', 'MATIC', 'BNB'],
+            supportedNetworks: ['BTC', 'ETH', 'POLYGON', 'BSC', 'TRON'],
+            supportedFiat: ['USD', 'EUR', 'GBP', 'ZAR', 'INR', 'AUD'],
+            country: 'GLOBAL',
+            kycRequired: true,
+            onRampLimits: { min: 30, max: 50000 },
+            offRampLimits: { min: 50, max: 50000 },
+            fees: {
+                onRampPercent: 2.0,
+                offRampPercent: 1.5,
+            },
+        };
+    }
+    signWidgetUrl(queryString) {
+        return crypto_1.default
+            .createHmac('sha256', this.apiSecret)
+            .update(queryString)
+            .digest('base64');
+    }
+    mapTransakStatus(transakStatus) {
+        const statusMap = {
+            AWAITING_PAYMENT_FROM_USER: 'pending',
+            PROCESSING: 'pending',
+            COMPLETED: 'completed',
+            FAILED: 'failed',
+            EXPIRED: 'expired',
+            CANCELLED: 'expired',
+        };
+        return statusMap[transakStatus] || 'pending';
+    }
+}
+exports.TransakProvider = TransakProvider;

package/dist/index.js

@@ -32,6 +32,9 @@ const flutterwave_1 = require("./providers/flutterwave");
 const adyen_1 = require("./providers/adyen");
 const mercadopago_1 = require("./providers/mercadopago");
 const razorpay_1 = require("./providers/razorpay");
+const mollie_1 = require("./providers/mollie");
+const square_1 = require("./providers/square");
+const pesapal_1 = require("./providers/pesapal");
 __exportStar(require("./types"), exports);
 __exportStar(require("./utils/currency"), exports);
 __exportStar(require("./utils/fetch"), exports);
@@ -168,6 +171,38 @@ class PayBridge {
                     sandbox,
                     webhookSecret,
                 });
+            case 'mollie':
+                if (!credentials.apiKey) {
+                    throw new Error('Mollie requires apiKey (test_* or live_*)');
+                }
+                return new mollie_1.MollieProvider({
+                    apiKey: credentials.apiKey,
+                    sandbox,
+                    webhookSecret,
+                });
+            case 'square':
+                if (!credentials.apiKey || !credentials.locationId) {
+                    throw new Error('Square requires apiKey (access token) and locationId');
+                }
+                return new square_1.SquareProvider({
+                    accessToken: credentials.apiKey,
+                    locationId: credentials.locationId,
+                    notificationUrl: credentials.notificationUrl,
+                    sandbox,
+                    webhookSecret,
+                });
+            case 'pesapal':
+                if (!credentials.apiKey || !credentials.secretKey) {
+                    throw new Error('Pesapal requires apiKey (consumer_key) and secretKey (consumer_secret)');
+                }
+                return new pesapal_1.PesapalProvider({
+                    consumerKey: credentials.apiKey,
+                    consumerSecret: credentials.secretKey,
+                    notificationId: credentials.notificationId,
+                    username: credentials.username,
+                    sandbox,
+                    webhookSecret,
+                });
             default:
                 throw new Error(`Unknown provider: ${provider}`);
         }

package/dist/providers/mollie.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Mollie payment provider
+ * EU-focused payment gateway supporting 9 currencies
+ * @see https://docs.mollie.com/reference
+ */
+import { PaymentProvider } from './base';
+import { CreatePaymentParams, PaymentResult, CreateSubscriptionParams, SubscriptionResult, RefundParams, RefundResult, WebhookEvent } from '../types';
+import { ProviderCapabilities } from '../routing-types';
+interface MollieConfig {
+    apiKey: string;
+    webhookSecret?: string;
+    sandbox?: boolean;
+}
+export declare class MollieProvider extends PaymentProvider {
+    readonly name = "mollie";
+    readonly supportedCurrencies: string[];
+    private apiKey;
+    private webhookSecret?;
+    private sandbox;
+    private baseUrl;
+    constructor(config: MollieConfig);
+    private apiRequest;
+    createPayment(params: CreatePaymentParams): Promise<PaymentResult>;
+    createSubscription(_params: CreateSubscriptionParams): Promise<SubscriptionResult>;
+    getPayment(id: string): Promise<PaymentResult>;
+    refund(params: RefundParams): Promise<RefundResult>;
+    parseWebhook(body: any, _headers?: any): WebhookEvent;
+    /**
+     * Mollie webhooks have no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Mollie design limitation).
+     */
+    verifyWebhook(_body: string | Buffer, _headers?: any): boolean;
+    getCapabilities(): ProviderCapabilities;
+}
+export {};

package/dist/providers/mollie.js

@@ -0,0 +1,178 @@
+"use strict";
+/**
+ * Mollie payment provider
+ * EU-focused payment gateway supporting 9 currencies
+ * @see https://docs.mollie.com/reference
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MollieProvider = void 0;
+const base_1 = require("./base");
+const fetch_1 = require("../utils/fetch");
+let webhookSecretWarned = false;
+class MollieProvider extends base_1.PaymentProvider {
+    constructor(config) {
+        super();
+        this.name = 'mollie';
+        this.supportedCurrencies = ['EUR', 'USD', 'GBP', 'CHF', 'CAD', 'AUD', 'DKK', 'SEK', 'NOK'];
+        this.baseUrl = 'https://api.mollie.com/v2';
+        this.apiKey = config.apiKey;
+        this.webhookSecret = config.webhookSecret;
+        this.sandbox = config.sandbox ?? this.apiKey.startsWith('test_');
+        if (this.webhookSecret && !webhookSecretWarned) {
+            console.warn('[PayBridge:Mollie] Mollie has no webhook signature scheme. Webhook validation relies on getPayment() round-trip. Validate by source IP if possible.');
+            webhookSecretWarned = true;
+        }
+    }
+    async apiRequest(method, path, data) {
+        const url = `${this.baseUrl}${path}`;
+        const response = await (0, fetch_1.timedFetchOrThrow)(url, {
+            method,
+            headers: {
+                Authorization: `Bearer ${this.apiKey}`,
+                'Content-Type': 'application/json',
+            },
+            body: data ? JSON.stringify(data) : undefined,
+        });
+        return (await response.json());
+    }
+    async createPayment(params) {
+        this.validateCurrency(params.currency);
+        const requestBody = {
+            amount: {
+                value: params.amount.toFixed(2),
+                currency: params.currency,
+            },
+            description: params.description || params.reference,
+            redirectUrl: params.urls.success,
+            cancelUrl: params.urls.cancel,
+            webhookUrl: params.urls.webhook,
+            metadata: {
+                reference: params.reference,
+                ...params.metadata,
+            },
+        };
+        const response = await this.apiRequest('POST', '/payments', requestBody);
+        return {
+            id: response.id,
+            checkoutUrl: response._links.checkout.href,
+            status: 'pending',
+            amount: params.amount,
+            currency: params.currency.toUpperCase(),
+            reference: params.reference,
+            provider: 'mollie',
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async createSubscription(_params) {
+        throw new Error('Mollie subscriptions require Customer + Mandate setup; not yet supported by paybridge. Use the Mollie Customers API directly or choose another provider.');
+    }
+    async getPayment(id) {
+        const response = await this.apiRequest('GET', `/payments/${id}`);
+        let status = 'pending';
+        if (response.status === 'paid') {
+            status = 'completed';
+        }
+        else if (response.status === 'failed' || response.status === 'expired') {
+            status = 'failed';
+        }
+        else if (response.status === 'canceled') {
+            status = 'cancelled';
+        }
+        else if (response.status === 'open' || response.status === 'pending') {
+            status = 'pending';
+        }
+        const currency = (response.amount?.currency || 'EUR').toUpperCase();
+        const amount = response.amount?.value ? parseFloat(response.amount.value) : 0;
+        return {
+            id: response.id,
+            checkoutUrl: response._links?.checkout?.href || '',
+            status,
+            amount,
+            currency,
+            reference: response.metadata?.reference || response.id,
+            provider: 'mollie',
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    async refund(params) {
+        const refundData = {
+            description: params.reason || 'Refund',
+        };
+        if (params.amount !== undefined) {
+            const currency = 'EUR';
+            refundData.amount = {
+                value: params.amount.toFixed(2),
+                currency,
+            };
+        }
+        const response = await this.apiRequest('POST', `/payments/${params.paymentId}/refunds`, refundData);
+        const currency = (response.amount?.currency || 'EUR').toUpperCase();
+        const amount = response.amount?.value ? parseFloat(response.amount.value) : 0;
+        let refundStatus = 'pending';
+        if (response.status === 'refunded') {
+            refundStatus = 'completed';
+        }
+        else if (response.status === 'failed') {
+            refundStatus = 'failed';
+        }
+        return {
+            id: response.id,
+            status: refundStatus,
+            amount,
+            currency,
+            paymentId: params.paymentId,
+            createdAt: response.createdAt || new Date().toISOString(),
+            raw: response,
+        };
+    }
+    parseWebhook(body, _headers) {
+        let paymentId;
+        if (typeof body === 'string') {
+            const parsed = new URLSearchParams(body);
+            paymentId = parsed.get('id') || '';
+        }
+        else {
+            paymentId = body.id || '';
+        }
+        return {
+            type: 'payment.pending',
+            payment: {
+                id: paymentId,
+                checkoutUrl: '',
+                status: 'pending',
+                amount: 0,
+                currency: 'EUR',
+                reference: paymentId,
+                provider: 'mollie',
+                createdAt: new Date().toISOString(),
+            },
+            raw: body,
+        };
+    }
+    /**
+     * Mollie webhooks have no signature verification scheme.
+     * Security comes from:
+     * 1. Validating source IP (caller's responsibility)
+     * 2. Calling getPayment(id) to verify actual status
+     *
+     * Always returns true to indicate no validation error (Mollie design limitation).
+     */
+    verifyWebhook(_body, _headers) {
+        return true;
+    }
+    getCapabilities() {
+        return {
+            fees: {
+                fixed: 0.25,
+                percent: 1.8,
+                currency: 'EUR',
+            },
+            currencies: this.supportedCurrencies,
+            country: 'EU',
+            avgLatencyMs: 350,
+        };
+    }
+}
+exports.MollieProvider = MollieProvider;