payment-kit 1.27.1 → 1.28.0

package/cloudflare/shims/error.ts

@@ -0,0 +1,18 @@
+export class CustomError extends Error {
+  statusCode: number;
+  code: string;
+
+  constructor(statusCode: number, code: string, message?: string) {
+    super(message || code);
+    this.statusCode = statusCode;
+    this.code = code;
+  }
+}
+
+export function formatError(err: any) {
+  return { code: err.code || 'UNKNOWN', message: err.message };
+}
+
+export function getStatusFromError(err: any) {
+  return err.statusCode || 500;
+}

package/cloudflare/shims/express-compat/index.ts

@@ -0,0 +1,80 @@
+// Express compatibility shim for CF Workers
+// Allows existing Express route handlers to work with Hono
+
+export type RouteEntry = { method: string; path: string; handlers: Function[] };
+
+export function Router() {
+  const routes: RouteEntry[] = [];
+  const middlewares: Function[] = [];
+
+  const router: any = function () {};
+
+  for (const method of ['get', 'post', 'put', 'patch', 'delete']) {
+    router[method] = (path: string, ...handlers: Function[]) => {
+      routes.push({ method: method.toUpperCase(), path, handlers: [...middlewares, ...handlers] });
+      return router;
+    };
+  }
+
+  router.use = (...args: any[]) => {
+    if (typeof args[0] === 'string') {
+      // router.use('/path', ...middlewaresOrSubRouter)
+      const path = args[0];
+      const rest = args.slice(1);
+
+      // Find the sub-router (has _routes) — it's typically the last arg
+      const subRouterIdx = rest.findIndex((a: any) => a?._routes);
+      if (subRouterIdx >= 0) {
+        const subRouter = rest[subRouterIdx];
+        // Middlewares are everything before the sub-router
+        const pathMiddlewares = rest.slice(0, subRouterIdx).filter((a: any) => typeof a === 'function');
+
+        for (const route of subRouter._routes) {
+          routes.push({
+            method: route.method,
+            path: path + route.path,
+            // Chain: parent middlewares -> path-level middlewares -> sub-router middlewares from route
+            handlers: [...middlewares, ...pathMiddlewares, ...route.handlers],
+          });
+        }
+      } else {
+        // All args are middlewares for this path — treat as path-scoped middleware
+        for (const fn of rest) {
+          if (typeof fn === 'function') {
+            // We store path-scoped middlewares as a special route entry
+            // They'll match any method and sub-path
+            middlewares.push(fn);
+          }
+        }
+      }
+    } else {
+      // router.use(middleware1, middleware2, ...)
+      for (const fn of args) {
+        if (typeof fn === 'function') {
+          middlewares.push(fn);
+        }
+      }
+    }
+    return router;
+  };
+
+  router._routes = routes;
+  router._middlewares = middlewares;
+
+  return router;
+}
+
+// Express app stub
+export function express() {
+  return Router();
+}
+
+// Static middleware stubs
+express.json = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+express.urlencoded = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+express.static = (_path: string, _opts?: any) => (_req: any, _res: any, next: any) => next();
+express.Router = Router;
+express.raw = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+
+export default express;
+export type { Request, Response, NextFunction, ErrorRequestHandler } from './types';

package/cloudflare/shims/express-compat/types.ts

@@ -0,0 +1,41 @@
+// Express type stubs
+export interface Request {
+  method: string;
+  path: string;
+  url: string;
+  originalUrl: string;
+  query: Record<string, any>;
+  params: Record<string, any>;
+  body: any;
+  headers: Record<string, string>;
+  user?: any;
+  customer?: any;
+  livemode?: boolean;
+  baseCurrency?: any;
+  doc?: any;
+  stripeEvent?: any;
+  stripeClient?: any;
+  get(name: string): string | undefined;
+  header(name: string): string | undefined;
+  [key: string]: any;
+}
+
+export interface Response {
+  json(data: any): any;
+  status(code: number): Response;
+  send(data: any): any;
+  redirect(url: string): any;
+  set(key: string, value: string): Response;
+  setHeader(key: string, value: string): Response;
+  cookie(name: string, value: string, options?: any): Response;
+  end(): void;
+  headersSent: boolean;
+  statusCode: number;
+  _statusCode?: number;
+  _headers?: Record<string, string>;
+  _body?: any;
+  _sent?: boolean;
+}
+
+export type NextFunction = (err?: any) => void;
+export type ErrorRequestHandler = (err: any, req: Request, res: Response, next: NextFunction) => void;

package/cloudflare/shims/fastq.ts

@@ -0,0 +1,105 @@
+// fastq shim for CF Workers
+// Executes jobs serially with proper callback handling.
+//
+// Key design decisions:
+// 1. The original queue's worker is `async (data, cb) => { ... }` — it's both
+//    async (returns a promise) AND manually calls cb(). We must handle BOTH signals.
+// 2. If cb is called, that's the primary completion signal (with err/result).
+// 3. If the async worker's promise resolves WITHOUT cb being called (e.g.,
+//    ensureUniqueExecution early-return when job is already running), we must
+//    still resolve to avoid hanging the processQueue loop.
+// 4. If the promise rejects without cb being called, forward the error to cb.
+
+type Task = { data: any; cb?: Function };
+
+export default function fastq(_context: any, worker: Function, _concurrency: number) {
+  const pending: Task[] = [];
+  let running = false;
+  let drainFn: (() => void) | null = null;
+
+  async function processQueue() {
+    if (running) return;
+    running = true;
+
+    while (pending.length > 0) {
+      const task = pending.shift()!;
+      try {
+        await new Promise<void>((resolve) => {
+          let cbCalled = false;
+
+          // Wrap the callback so we track whether it was called
+          const wrappedCb = (err: any, res: any) => {
+            if (cbCalled) return; // guard against double-call
+            cbCalled = true;
+            task.cb?.(err, res);
+            resolve();
+          };
+
+          const result = worker(task.data, wrappedCb);
+
+          // Handle async workers that may resolve/reject without calling cb
+          if (result && typeof result.then === 'function') {
+            result.then(
+              () => {
+                // Worker's promise resolved. If cb wasn't called, the worker
+                // completed without signaling (e.g., duplicate job early-return).
+                // Resolve the processQueue loop to avoid hanging.
+                if (!cbCalled) {
+                  console.warn('[fastq-shim] worker resolved without calling cb — resolving with no-op');
+                  cbCalled = true;
+                  resolve();
+                }
+              },
+              (err: any) => {
+                // Worker's promise rejected without calling cb
+                if (!cbCalled) {
+                  console.error('[fastq-shim] worker rejected without calling cb:', err);
+                  cbCalled = true;
+                  task.cb?.(err);
+                  resolve();
+                }
+              }
+            );
+          }
+        });
+      } catch (err) {
+        console.error('[fastq-shim] unexpected error in processQueue:', err);
+        task.cb?.(err);
+      }
+    }
+
+    running = false;
+    if (pending.length === 0 && drainFn) {
+      drainFn();
+    }
+  }
+
+  const q: any = {
+    push(data: any, cb?: Function) {
+      pending.push({ data, cb });
+      // Use queueMicrotask to allow the push caller to set up event listeners
+      // before the job starts executing
+      queueMicrotask(() => processQueue());
+    },
+    unshift(data: any, cb?: Function) {
+      pending.unshift({ data, cb });
+      queueMicrotask(() => processQueue());
+    },
+    pause() {},
+    resume() {},
+    idle() { return pending.length === 0 && !running; },
+    length() { return pending.length; },
+    kill() { pending.length = 0; },
+    killAndDrain() {
+      pending.length = 0;
+      if (drainFn) drainFn();
+    },
+    get drain() { return drainFn; },
+    set drain(fn: any) { drainFn = fn; },
+    empty: null as any,
+    saturated: null as any,
+    error: null as any,
+  };
+
+  return q;
+}

package/cloudflare/shims/lock.ts

@@ -0,0 +1,115 @@
+// CF Workers lock shim — replaces libs/lock.ts
+//
+// In Blocklet Server (single-process Node.js), the original in-memory lock works fine.
+// In CF Workers, each HTTP request runs in a separate isolate, so in-memory locks
+// are useless for cross-request mutual exclusion.
+//
+// This shim uses D1 (SQLite) as the coordination layer:
+// - INSERT OR IGNORE with PRIMARY KEY constraint provides atomic lock acquisition
+// - owner token prevents accidental release by other isolates
+// - TTL-based expiry prevents deadlocks from crashed isolates
+// - Exponential backoff with jitter avoids D1 write hotspots
+
+import { getDB } from './sequelize-d1/model';
+
+let _nanoidCounter = 0;
+function simpleId(): string {
+  // Lightweight unique ID — no need for crypto-strength randomness for lock owners
+  return `${Date.now().toString(36)}-${(++_nanoidCounter).toString(36)}-${Math.random().toString(36).slice(2, 6)}`;
+}
+
+export class Lock {
+  name: string;
+  owner: string;
+  locked: boolean;
+  ttl: number;
+
+  // EventEmitter stub for API compatibility — original Lock extends EventEmitter
+  events: { on: () => void; removeListener: () => void; emit: () => void };
+
+  constructor(name: string, options?: { ttl?: number }) {
+    this.name = name;
+    this.owner = simpleId();
+    this.locked = false;
+    this.ttl = options?.ttl || 5000; // default 5s TTL for short critical sections
+    this.events = { on: () => {}, removeListener: () => {}, emit: () => {} };
+  }
+
+  async acquire(maxWaitMs = 10000): Promise<true> {
+    const db = getDB();
+    const deadline = Date.now() + maxWaitMs;
+    let delay = 30; // start at 30ms
+
+    while (Date.now() < deadline) {
+      const now = Date.now();
+
+      try {
+        // Atomically: clean expired locks + try to insert ours + verify ownership
+        // All 3 statements in a single D1 batch (1 round-trip instead of 2)
+        const batchResult = await db.batch([
+          db.prepare('DELETE FROM _locks WHERE name = ? AND expires_at < ?').bind(this.name, now),
+          db.prepare('INSERT OR IGNORE INTO _locks (name, owner, expires_at) VALUES (?, ?, ?)')
+            .bind(this.name, this.owner, now + this.ttl),
+          db.prepare('SELECT owner FROM _locks WHERE name = ?').bind(this.name),
+        ]);
+
+        const row = batchResult[2]?.results?.[0] as { owner: string } | undefined;
+        if (row?.owner === this.owner) {
+          this.locked = true;
+          return true;
+        }
+      } catch (err: any) {
+        // D1 errors (e.g. table not found on first deploy) — log and retry
+        console.error(`[D1Lock] acquire error for "${this.name}":`, err?.message || err);
+      }
+
+      // Exponential backoff with jitter to avoid D1 write hotspots
+      const jitter = Math.random() * delay * 0.3;
+      await new Promise(r => setTimeout(r, delay + jitter));
+      delay = Math.min(delay * 2, 500); // cap at 500ms
+    }
+
+    // Timeout — throw to match original behavior where acquire() always resolves
+    // All callers use try/catch or don't check the return value
+    console.warn(`[D1Lock] acquire timeout: "${this.name}" after ${maxWaitMs}ms`);
+    throw new Error(`[D1Lock] Failed to acquire lock "${this.name}" within ${maxWaitMs}ms`);
+  }
+
+  release(): void {
+    if (!this.locked) return;
+    this.locked = false;
+
+    // Fire-and-forget: 8 out of 10 call sites do NOT await release().
+    // We register the promise with __cfPendingJobs__ so flushPendingJobs()
+    // in worker.ts ensures it completes before the response is sent.
+    try {
+      const db = getDB();
+      const promise = db.prepare('DELETE FROM _locks WHERE name = ? AND owner = ?')
+        .bind(this.name, this.owner)
+        .run()
+        .catch((err: any) => console.error(`[D1Lock] release error for "${this.name}":`, err?.message || err));
+
+      // For HTTP context, use waitUntil (non-blocking) instead of pendingJobs (blocking)
+      const isHttp = (globalThis as any).__cfHttpContext__;
+      if (isHttp) {
+        const waitUntil = (globalThis as any).__cfWaitUntil__;
+        if (typeof waitUntil === 'function') {
+          waitUntil(promise);
+        }
+      } else {
+        const pending = (globalThis as any).__cfPendingJobs__;
+        if (Array.isArray(pending)) {
+          pending.push(promise);
+        }
+      }
+    } catch (err: any) {
+      console.error(`[D1Lock] release setup error for "${this.name}":`, err?.message || err);
+    }
+  }
+}
+
+// In CF Workers, don't cache Lock instances across requests — each request is isolated.
+// The original code caches by name, but that's only useful within a single process.
+export function getLock(name: string, options?: { ttl?: number }): Lock {
+  return new Lock(name, options);
+}

package/cloudflare/shims/mime-types.ts

@@ -0,0 +1,56 @@
+// Lightweight mime-types shim — avoids bundling the full 295KB mime-db
+// Only includes types actually used in payment-kit API routes
+
+const types: Record<string, string> = {
+  '.html': 'text/html',
+  '.htm': 'text/html',
+  '.json': 'application/json',
+  '.js': 'application/javascript',
+  '.mjs': 'application/javascript',
+  '.css': 'text/css',
+  '.txt': 'text/plain',
+  '.xml': 'application/xml',
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.svg': 'image/svg+xml',
+  '.webp': 'image/webp',
+  '.ico': 'image/x-icon',
+  '.woff': 'font/woff',
+  '.woff2': 'font/woff2',
+  '.pdf': 'application/pdf',
+  '.zip': 'application/zip',
+  '.csv': 'text/csv',
+  '.mp4': 'video/mp4',
+  '.webm': 'video/webm',
+  '.mp3': 'audio/mpeg',
+  '.wav': 'audio/wav',
+  '.bin': 'application/octet-stream',
+};
+
+const extensions: Record<string, string> = {};
+for (const [ext, mime] of Object.entries(types)) {
+  extensions[mime] = ext;
+}
+
+export function lookup(path: string): string | false {
+  const ext = '.' + path.split('.').pop()?.toLowerCase();
+  return types[ext] || false;
+}
+
+export function contentType(typeOrPath: string): string | false {
+  const mime = typeOrPath.includes('/') ? typeOrPath : lookup(typeOrPath);
+  if (!mime) return false;
+  if (mime.startsWith('text/')) return `${mime}; charset=utf-8`;
+  return mime;
+}
+
+export function extension(mime: string): string | false {
+  return extensions[mime]?.slice(1) || false;
+}
+
+export const charset = (_mime: string) => 'UTF-8';
+export const charsets = { lookup: charset };
+
+export default { lookup, contentType, extension, charset, charsets, types };

package/cloudflare/shims/nedb-storage.ts

@@ -0,0 +1,9 @@
+// NeDB → D1 storage shim for DID Connect sessions
+export default class AuthStorage {
+  constructor(_opts?: any) {}
+  create(_id: string, _data: any) { return Promise.resolve(); }
+  read(_id: string) { return Promise.resolve(null); }
+  update(_id: string, _data: any) { return Promise.resolve(); }
+  delete(_id: string) { return Promise.resolve(); }
+  on(_event: string, _fn: Function) {}
+}

package/cloudflare/shims/node-child-process.ts

@@ -0,0 +1,9 @@
+// child_process shim
+export function exec(_cmd: any, _opts: any, cb?: any) {
+  if (typeof _opts === 'function') { cb = _opts; }
+  if (cb) cb(new Error('child_process not available in CF Workers'));
+}
+export function execSync() { throw new Error('child_process not available in CF Workers'); }
+export function spawn() { throw new Error('child_process not available in CF Workers'); }
+export function fork() { throw new Error('child_process not available in CF Workers'); }
+export default { exec, execSync, spawn, fork };

package/cloudflare/shims/node-fs.ts

@@ -0,0 +1,20 @@
+// node:fs shim — CF Workers have no filesystem
+export function readFileSync() { return ''; }
+export function writeFileSync() {}
+export function existsSync() { return false; }
+export function mkdirSync() {}
+export function readdirSync() { return []; }
+export function statSync() { return { isFile: () => false, isDirectory: () => false }; }
+export function unlinkSync() {}
+export const promises = {
+  readFile: async () => '',
+  writeFile: async () => {},
+  mkdir: async () => {},
+  readdir: async () => [],
+  stat: async () => ({ isFile: () => false, isDirectory: () => false }),
+  unlink: async () => {},
+  access: async () => { throw new Error('ENOENT'); },
+};
+export function createReadStream() { throw new Error('fs not available in CF Workers'); }
+export function createWriteStream() { throw new Error('fs not available in CF Workers'); }
+export default { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync, statSync, unlinkSync, promises, createReadStream, createWriteStream };

package/cloudflare/shims/node-http.ts

@@ -0,0 +1,13 @@
+// node:http shim — Stripe SDK and axios have conditional http/https usage
+// In CF Workers they use fetch instead, so these are never actually called
+export class IncomingMessage {}
+export class ServerResponse {}
+export class Server { listen() {} close() {} }
+export function createServer() { return new Server(); }
+export function request() { throw new Error('node:http not available in CF Workers'); }
+export function get() { throw new Error('node:http not available in CF Workers'); }
+export const METHODS = ['GET','POST','PUT','DELETE','PATCH','HEAD','OPTIONS'];
+export const STATUS_CODES = { 200: 'OK', 404: 'Not Found', 500: 'Internal Server Error' };
+export const Agent = class {};
+export const globalAgent = new Agent();
+export default { IncomingMessage, ServerResponse, Server, createServer, request, get, METHODS, STATUS_CODES, Agent, globalAgent };

package/cloudflare/shims/node-https.ts

@@ -0,0 +1,4 @@
+// node:https shim — re-exports http shim
+import http from './node-http';
+export const { Server, createServer, request, get, Agent, globalAgent } = http;
+export default { ...http };

package/cloudflare/shims/node-misc.ts

@@ -0,0 +1,15 @@
+// Catch-all shim for node modules that CF Workers doesn't support
+// tls, cluster, zlib, bufferutil
+
+// tls
+export const TLSSocket = class { on() { return this; } };
+export const connect = () => new TLSSocket();
+export const createServer = () => ({ listen() {}, close() {} });
+
+// cluster
+export const isMaster = true;
+export const isPrimary = true;
+export const isWorker = false;
+export const workers = {};
+
+export default {};

package/cloudflare/shims/node-net.ts

@@ -0,0 +1,8 @@
+// node:net shim
+export class Socket { on() { return this; } write() {} end() {} destroy() {} connect() { return this; } }
+export class Server { listen() {} close() {} address() { return null; } }
+export function createServer() { return new Server(); }
+export function createConnection() { return new Socket(); }
+export function connect() { return new Socket(); }
+export function isIP() { return 0; }
+export default { Socket, Server, createServer, createConnection, connect, isIP };

package/cloudflare/shims/node-os.ts

@@ -0,0 +1,14 @@
+// node:os shim for CF Workers
+export function homedir() { return '/tmp'; }
+export function hostname() { return 'cf-worker'; }
+export function platform() { return 'linux'; }
+export function arch() { return 'x64'; }
+export function tmpdir() { return '/tmp'; }
+export function type() { return 'Linux'; }
+export function release() { return '0.0.0'; }
+export function cpus() { return []; }
+export function totalmem() { return 0; }
+export function freemem() { return 0; }
+export function networkInterfaces() { return {}; }
+export const EOL = '\n';
+export default { homedir, hostname, platform, arch, tmpdir, type, release, cpus, totalmem, freemem, networkInterfaces, EOL };

package/cloudflare/shims/node-tty.ts

@@ -0,0 +1,8 @@
+// node:tty shim for CF Workers
+export function isatty() { return false; }
+export class ReadStream {}
+export class WriteStream {
+  isTTY = false;
+  hasColors() { return false; }
+}
+export default { isatty, ReadStream, WriteStream };

package/cloudflare/shims/node-zlib.ts

@@ -0,0 +1,17 @@
+// node:zlib shim — constants needed by axios
+export const Z_SYNC_FLUSH = 2;
+export const Z_NO_FLUSH = 0;
+export const Z_PARTIAL_FLUSH = 1;
+export const Z_FULL_FLUSH = 3;
+export const Z_FINISH = 4;
+export const Z_DEFAULT_COMPRESSION = -1;
+export const constants = { Z_SYNC_FLUSH, Z_NO_FLUSH, Z_PARTIAL_FLUSH, Z_FULL_FLUSH, Z_FINISH, Z_DEFAULT_COMPRESSION };
+export function createGzip() { throw new Error('zlib not available in CF Workers'); }
+export function createGunzip() { throw new Error('zlib not available in CF Workers'); }
+export function createUnzip() { throw new Error('zlib not available in CF Workers'); }
+export function createBrotliDecompress() { throw new Error('zlib not available in CF Workers'); }
+export function gzipSync() { throw new Error('zlib not available in CF Workers'); }
+export function gunzipSync() { throw new Error('zlib not available in CF Workers'); }
+export function deflateSync() { throw new Error('zlib not available in CF Workers'); }
+export function inflateSync() { throw new Error('zlib not available in CF Workers'); }
+export default { Z_SYNC_FLUSH, Z_NO_FLUSH, Z_PARTIAL_FLUSH, Z_FULL_FLUSH, Z_FINISH, Z_DEFAULT_COMPRESSION, constants, createGzip, createGunzip, createUnzip, createBrotliDecompress, gzipSync, gunzipSync, deflateSync, inflateSync };

package/cloudflare/shims/noop.ts

@@ -0,0 +1,26 @@
+// noop shim — replaces modules not needed in CF Workers
+export const createNamespace = (_name?: any) => ({
+  bind: (fn: any) => fn,
+  run: (fn: any) => fn(),
+  get: () => undefined,
+  set: () => {},
+  createContext: () => ({}),
+  enter: () => {},
+  exit: () => {},
+  active: null,
+});
+export const getNamespace = () => null;
+export const destroyNamespace = () => {};
+export class Client {
+  constructor(..._args: any[]) {}
+  connect() {
+    return Promise.resolve();
+  }
+  query() {
+    return Promise.resolve({ rows: [] });
+  }
+  end() {
+    return Promise.resolve();
+  }
+}
+export default { createNamespace, getNamespace, destroyNamespace, Client };

package/cloudflare/shims/payment-vendor.ts

@@ -0,0 +1,14 @@
+// @blocklet/payment-vendor shim
+export class Auth {
+  constructor(_opts?: any) {}
+  verify(_req: any) { return true; }
+}
+export const VendorAuth = Auth;
+
+const noopMiddleware = (_req: any, _res: any, next: any) => next();
+
+export const middleware = {
+  ensureVendorAuth: (_verifyFn?: any) => noopMiddleware,
+};
+
+export default { Auth, VendorAuth, middleware };

package/cloudflare/shims/querystring.ts

@@ -0,0 +1,12 @@
+// Minimal querystring shim for CF Workers
+// Only implements stringify() which is what @arcblock/did-connect-js uses
+
+export function stringify(obj: Record<string, any>): string {
+  return new URLSearchParams(obj).toString();
+}
+
+export function parse(str: string): Record<string, string> {
+  return Object.fromEntries(new URLSearchParams(str).entries());
+}
+
+export default { stringify, parse };