payment-kit 1.27.1 → 1.28.0

package/cloudflare/shims/sequelize-d1/operators.ts

@@ -0,0 +1,293 @@
+// Sequelize Op → SQL WHERE clause translation
+
+export const Op = {
+  eq: Symbol('eq'),
+  ne: Symbol('ne'),
+  gt: Symbol('gt'),
+  gte: Symbol('gte'),
+  lt: Symbol('lt'),
+  lte: Symbol('lte'),
+  in: Symbol('in'),
+  notIn: Symbol('notIn'),
+  like: Symbol('like'),
+  notLike: Symbol('notLike'),
+  or: Symbol('or'),
+  and: Symbol('and'),
+  not: Symbol('not'),
+  between: Symbol('between'),
+  notBetween: Symbol('notBetween'),
+  is: Symbol('is'),
+  overlap: Symbol('overlap'),
+  contains: Symbol('contains'),
+  startsWith: Symbol('startsWith'),
+  endsWith: Symbol('endsWith'),
+  substring: Symbol('substring'),
+  col: Symbol('col'),
+};
+
+const OP_MAP = new Map<symbol, string>([
+  [Op.eq, '='],
+  [Op.ne, '!='],
+  [Op.gt, '>'],
+  [Op.gte, '>='],
+  [Op.lt, '<'],
+  [Op.lte, '<='],
+  [Op.like, 'LIKE'],
+  [Op.notLike, 'NOT LIKE'],
+  [Op.is, 'IS'],
+]);
+
+const SYM_SET = new Set<symbol>(Object.values(Op) as symbol[]);
+
+function isOpSymbol(s: symbol): boolean {
+  return SYM_SET.has(s);
+}
+
+// Inline helper to convert literal/fn/col to SQL — avoids circular import with helpers.ts
+function helperToSQLInline(value: any): string {
+  if (!value || typeof value !== 'object') return String(value);
+  if (value.__literal) return value.sql;
+  if (value.__col) {
+    if (value.name.includes('.')) return `"${value.name.replace('.', '"."')}"`;
+    return `"${value.name}"`;
+  }
+  if (value.__fn) {
+    const args = value.args.map((a: any) => {
+      if (a === null || a === undefined) return 'NULL';
+      if (typeof a === 'string') return `"${a}"`;
+      if (typeof a === 'number') return String(a);
+      return helperToSQLInline(a);
+    });
+    return `${value.name}(${args.join(', ')})`;
+  }
+  return String(value);
+}
+
+// Convert a dotted field path like 'metadata.stripe_id' to SQLite json_extract expression
+function fieldToSQL(field: string): string {
+  if (field.includes('.')) {
+    const parts = field.split('.');
+    const column = parts[0];
+    const jsonPath = '$.' + parts.slice(1).join('.');
+    return `json_extract("${column}", '${jsonPath}')`;
+  }
+  return `"${field}"`;
+}
+
+// Handle a single operator condition for a field
+function buildOpCondition(
+  fieldSQL: string,
+  sym: symbol,
+  opValue: any,
+  conditions: string[],
+  values: any[],
+): void {
+  if (sym === Op.in) {
+    const arr = opValue as any[];
+    if (arr.length === 0) {
+      conditions.push('1=0');
+    } else {
+      const placeholders = arr.map(() => '?').join(', ');
+      conditions.push(`${fieldSQL} IN (${placeholders})`);
+      values.push(...arr);
+    }
+  } else if (sym === Op.notIn) {
+    const arr = opValue as any[];
+    if (arr.length === 0) {
+      conditions.push('1=1');
+    } else {
+      const placeholders = arr.map(() => '?').join(', ');
+      conditions.push(`${fieldSQL} NOT IN (${placeholders})`);
+      values.push(...arr);
+    }
+  } else if (sym === Op.between) {
+    conditions.push(`${fieldSQL} BETWEEN ? AND ?`);
+    values.push(opValue[0], opValue[1]);
+  } else if (sym === Op.notBetween) {
+    conditions.push(`${fieldSQL} NOT BETWEEN ? AND ?`);
+    values.push(opValue[0], opValue[1]);
+  } else if (sym === Op.not) {
+    if (opValue === null) {
+      conditions.push(`${fieldSQL} IS NOT NULL`);
+    } else {
+      conditions.push(`${fieldSQL} != ?`);
+      values.push(opValue);
+    }
+  } else if (sym === Op.is) {
+    if (opValue === null) {
+      conditions.push(`${fieldSQL} IS NULL`);
+    } else {
+      conditions.push(`${fieldSQL} IS ?`);
+      values.push(opValue);
+    }
+  } else if (sym === Op.or) {
+    const orParts = (opValue as any[]).map(() => `${fieldSQL} = ?`);
+    conditions.push(`(${orParts.join(' OR ')})`);
+    values.push(...(opValue as any[]));
+  } else if (sym === Op.contains) {
+    // JSON array contains check using SQLite json_each
+    const searchVal = Array.isArray(opValue) ? opValue[0] : opValue;
+    conditions.push(`EXISTS (SELECT 1 FROM json_each(${fieldSQL}) WHERE value = ?)`);
+    values.push(searchVal);
+  } else {
+    const sqlOp = OP_MAP.get(sym);
+    if (sqlOp) {
+      conditions.push(`${fieldSQL} ${sqlOp} ?`);
+      values.push(opValue);
+    } else {
+      conditions.push(`${fieldSQL} = ?`);
+      values.push(opValue);
+    }
+  }
+}
+
+// sequelizeWhere: wraps Sequelize.where(lhs, rhs) calls
+export function sequelizeWhere(lhs: any, rhs: any): any {
+  return { __sequelizeWhere: true, lhs, rhs };
+}
+
+export function buildWhereClause(where: any): { sql: string; values: any[] } {
+  if (!where) return { sql: '', values: [] };
+
+  const conditions: string[] = [];
+  const values: any[] = [];
+
+  // Special case: Sequelize.where(literal(...), value)
+  if (where.__sequelizeWhere) {
+    const { lhs, rhs } = where;
+    const lhsSQL = typeof lhs === 'object' ? helperToSQLInline(lhs) : `"${lhs}"`;
+    conditions.push(`${lhsSQL} = ?`);
+    values.push(rhs);
+    return { sql: conditions.join(' AND '), values };
+  }
+
+  // Array case
+  if (Array.isArray(where)) {
+    const parts = where.map((item) => {
+      const sub = buildWhereClause(item);
+      values.push(...sub.values);
+      return sub.sql ? `(${sub.sql})` : '1=1';
+    });
+    return { sql: parts.join(' AND '), values };
+  }
+
+  // Collect string keys
+  const stringEntries: [string, any][] = Object.entries(where);
+  // Collect Symbol keys — critical for { [Op.or]: [...] } top-level usage
+  const symbolKeys: symbol[] = Object.getOwnPropertySymbols(where);
+
+  for (const [key, value] of stringEntries) {
+    processWhereEntry(key, value, conditions, values);
+  }
+
+  for (const sym of symbolKeys) {
+    if (!isOpSymbol(sym)) continue;
+    const value = (where as any)[sym];
+
+    if (sym === Op.or) {
+      const items = Array.isArray(value) ? value : [value];
+      const orParts = items.map((v) => {
+        const sub = buildWhereClause(v);
+        values.push(...sub.values);
+        return sub.sql ? `(${sub.sql})` : '1=1';
+      });
+      if (orParts.length > 0) conditions.push(`(${orParts.join(' OR ')})`);
+    } else if (sym === Op.and) {
+      const items = Array.isArray(value) ? value : [value];
+      const andParts = items.map((v) => {
+        if (v && v.__sequelizeWhere) {
+          const sub = buildWhereClause(v);
+          values.push(...sub.values);
+          return sub.sql ? `(${sub.sql})` : '1=1';
+        }
+        if (v && v.__literal) {
+          return `(${v.sql})`;
+        }
+        const sub = buildWhereClause(v);
+        values.push(...sub.values);
+        return sub.sql ? `(${sub.sql})` : '1=1';
+      });
+      if (andParts.length > 0) conditions.push(`(${andParts.join(' AND ')})`);
+    }
+  }
+
+  return {
+    sql: conditions.length > 0 ? conditions.join(' AND ') : '',
+    values,
+  };
+}
+
+function processWhereEntry(key: string, value: any, conditions: string[], values: any[]): void {
+  const fieldSQL = fieldToSQL(key);
+
+  if (key === String(Op.or)) {
+    const items = Array.isArray(value) ? value : [value];
+    const orParts = items.map((v) => {
+      const sub = buildWhereClause(v);
+      values.push(...sub.values);
+      return sub.sql ? `(${sub.sql})` : '1=1';
+    });
+    if (orParts.length > 0) conditions.push(`(${orParts.join(' OR ')})`);
+    return;
+  }
+
+  if (key === String(Op.and)) {
+    const items = Array.isArray(value) ? value : [value];
+    const andParts = items.map((v) => {
+      const sub = buildWhereClause(v);
+      values.push(...sub.values);
+      return sub.sql ? `(${sub.sql})` : '1=1';
+    });
+    if (andParts.length > 0) conditions.push(`(${andParts.join(' AND ')})`);
+    return;
+  }
+
+  if (value === null || value === undefined) {
+    conditions.push(`${fieldSQL} IS NULL`);
+    return;
+  }
+
+  if (typeof value !== 'object' || value instanceof Date) {
+    conditions.push(`${fieldSQL} = ?`);
+    values.push(value instanceof Date ? value.toISOString() : value);
+    return;
+  }
+
+  if (value.__sequelizeWhere) {
+    const sub = buildWhereClause(value);
+    if (sub.sql) {
+      conditions.push(sub.sql);
+      values.push(...sub.values);
+    }
+    return;
+  }
+
+  if (value.__literal) {
+    conditions.push(`${fieldSQL} = (${value.sql})`);
+    return;
+  }
+
+  const symKeys = Object.getOwnPropertySymbols(value);
+  if (symKeys.length > 0) {
+    for (const sym of symKeys) {
+      if (!isOpSymbol(sym)) continue;
+      buildOpCondition(fieldSQL, sym, (value as any)[sym], conditions, values);
+    }
+    return;
+  }
+
+  if (Array.isArray(value)) {
+    if (value.length === 0) {
+      conditions.push('1=0');
+    } else {
+      const placeholders = value.map(() => '?').join(', ');
+      conditions.push(`${fieldSQL} IN (${placeholders})`);
+      values.push(...value);
+    }
+    return;
+  }
+
+  // Nested plain object — JSON equality
+  conditions.push(`${fieldSQL} = ?`);
+  values.push(JSON.stringify(value));
+}

package/cloudflare/shims/sequelize-d1/retry.ts

@@ -0,0 +1,85 @@
+/**
+ * D1 auto-retry wrapper.
+ *
+ * Cloudflare D1 occasionally returns transient errors like:
+ *   - "Network connection lost"
+ *   - "503 Service Unavailable"
+ *   - connection timeouts
+ *
+ * These are usually recoverable within 50-100ms. This Proxy wraps the D1 binding
+ * and automatically retries such errors once with a small backoff.
+ *
+ * Non-transient errors (SQL syntax, constraint violations, etc.) are re-thrown
+ * immediately to avoid masking real bugs.
+ *
+ * Usage in worker.ts:
+ *   setDB(withD1Retry(c.env.DB.withSession('first-primary')));
+ */
+
+const TRANSIENT_ERROR_PATTERNS = [
+  /network connection lost/i,
+  /503/,
+  /timeout/i,
+  /ECONN/,
+  /socket hang up/i,
+  /internal error/i,
+];
+
+function isTransientError(err: any): boolean {
+  const msg = String(err?.message || err || '');
+  return TRANSIENT_ERROR_PATTERNS.some((p) => p.test(msg));
+}
+
+async function retryAsync<T>(fn: () => Promise<T>, maxRetries = 1): Promise<T> {
+  let lastErr: any;
+  for (let i = 0; i <= maxRetries; i++) {
+    try {
+      return await fn();
+    } catch (err: any) {
+      lastErr = err;
+      if (!isTransientError(err)) throw err;
+      if (i < maxRetries) {
+        console.warn(`[D1 retry] transient error, retrying (${i + 1}/${maxRetries}):`, err?.message || err);
+        // Small jittered backoff: 50-100ms on first retry
+        const delay = 50 + Math.random() * 50;
+        await new Promise((r) => setTimeout(r, delay));
+      }
+    }
+  }
+  throw lastErr;
+}
+
+function wrapStatement(stmt: any): any {
+  return new Proxy(stmt, {
+    get(target, prop, receiver) {
+      if (prop === 'bind') {
+        return (...args: any[]) => wrapStatement(target.bind(...args));
+      }
+      if (prop === 'all' || prop === 'run' || prop === 'first' || prop === 'raw') {
+        return (...args: any[]) => retryAsync(() => (target as any)[prop](...args));
+      }
+      return Reflect.get(target, prop, receiver);
+    },
+  });
+}
+
+/** Wrap a D1Database binding so all queries auto-retry on transient errors. */
+export function withD1Retry(db: any): any {
+  return new Proxy(db, {
+    get(target, prop, receiver) {
+      if (prop === 'prepare') {
+        return (sql: string) => wrapStatement(target.prepare(sql));
+      }
+      if (prop === 'batch') {
+        return (stmts: any[]) => retryAsync(() => target.batch(stmts));
+      }
+      if (prop === 'exec') {
+        return (sql: string) => retryAsync(() => target.exec(sql));
+      }
+      if (prop === 'withSession') {
+        return (...args: any[]) => withD1Retry(target.withSession(...args));
+      }
+      return Reflect.get(target, prop, receiver);
+    },
+  });
+}

package/cloudflare/shims/sequelize-d1/sequelize-class.ts

@@ -0,0 +1,119 @@
+// Sequelize class shim — replaces `new Sequelize({...})` and `sequelize.transaction()`
+import { getDB, modelRegistry, sharedModels } from './model';
+import { helperToSQL } from './helpers';
+import { sequelizeWhere } from './operators';
+
+export class Sequelize {
+  // models registry — shared across all instances via the sharedModels singleton from model.ts
+  models: Record<string, any> = sharedModels;
+
+  constructor(_options?: any) {
+    // No-op in CF — D1 is injected via env binding
+  }
+
+  static useCLS(_namespace: any) {
+    // No-op — CLS not available/needed in CF Workers
+  }
+
+  async query(sql: string, options?: any): Promise<any> {
+    const db = getDB();
+    let finalSql = sql;
+    const bindValues: any[] = [];
+
+    // Handle named replacements: { replacements: { key: value } }
+    if (options?.replacements && typeof options.replacements === 'object' && !Array.isArray(options.replacements)) {
+      const replacements = options.replacements as Record<string, any>;
+      finalSql = sql.replace(/:([a-zA-Z_][a-zA-Z0-9_]*)/g, (_, name) => {
+        const val = replacements[name];
+        if (val === null || val === undefined) return 'NULL';
+        if (typeof val === 'string') return `'${val.replace(/'/g, "''")}'`;
+        return String(val);
+      });
+    }
+    // Handle positional replacements: { replacements: [val1, val2] }
+    else if (Array.isArray(options?.replacements)) {
+      const positional = options.replacements as any[];
+      let idx = 0;
+      finalSql = sql.replace(/\?/g, () => {
+        const val = positional[idx++];
+        if (val === null || val === undefined) return 'NULL';
+        if (typeof val === 'string') return `'${val.replace(/'/g, "''")}'`;
+        return String(val);
+      });
+    }
+    // Handle bind params: { bind: [...] } — use D1's prepared statement bind
+    else if (options?.bind) {
+      const bind = Array.isArray(options.bind) ? options.bind : Object.values(options.bind);
+      // Replace $1, $2... or named $name with ?
+      finalSql = sql.replace(/\$[0-9]+|\$[a-zA-Z_][a-zA-Z0-9_]*/g, '?');
+      bindValues.push(...bind);
+    }
+
+    const stmt = bindValues.length > 0
+      ? db.prepare(finalSql).bind(...bindValues)
+      : db.prepare(finalSql);
+
+    const result = await stmt.all();
+
+    if (options?.type === 'SELECT') {
+      return result.results || [];
+    }
+    return [result.results || [], result.meta];
+  }
+
+  async transaction(fn?: any): Promise<any> {
+    // D1 doesn't support real transactions in the same way
+    // Execute callback directly with a fake transaction object
+    const fakeTx = {
+      commit: async () => {},
+      rollback: async () => {},
+      LOCK: { UPDATE: 'UPDATE', SHARE: 'SHARE' },
+    };
+
+    if (typeof fn === 'function') {
+      try {
+        return await fn(fakeTx);
+      } catch (err) {
+        throw err;
+      }
+    }
+
+    // Called without fn — return transaction object (caller manages commit/rollback)
+    return fakeTx;
+  }
+
+  // Instance versions of static helpers (used as `sequelize.fn()`, `sequelize.literal()`, etc.)
+  fn(name: string, ...args: any[]) {
+    return { __fn: true, name, args };
+  }
+
+  literal(sql: string) {
+    return { __literal: true, sql };
+  }
+
+  col(name: string) {
+    return { __col: true, name };
+  }
+
+  // sequelize.where(fn/literal, value) — used in WHERE clauses
+  where(lhs: any, rhs: any): any {
+    return sequelizeWhere(lhs, rhs);
+  }
+
+  // Static versions — used as Sequelize.fn(), Sequelize.literal(), etc.
+  static fn(name: string, ...args: any[]) {
+    return { __fn: true, name, args };
+  }
+
+  static literal(sql: string) {
+    return { __literal: true, sql };
+  }
+
+  static col(name: string) {
+    return { __col: true, name };
+  }
+
+  static where(lhs: any, rhs: any): any {
+    return sequelizeWhere(lhs, rhs);
+  }
+}

package/cloudflare/shims/sequelize-d1/timing.ts

@@ -0,0 +1,81 @@
+// Per-request D1 timing accumulator + named phase timings.
+// CF Workers executes one request at a time per isolate, so globalThis is safe.
+// Reset by middleware before route handler runs, read after for Server-Timing header.
+
+export interface D1TimingContext {
+  queries: number;
+  sqlMs: number; // cumulative meta.duration (D1 SQL execution time)
+  wallMs: number; // cumulative performance.now() delta (includes D1 RTT)
+  rowsRead: number;
+  rowsWritten: number;
+  /** Named phase timings — for fine-grained Server-Timing breakdown */
+  phases: Record<string, number>;
+}
+
+const EMPTY: D1TimingContext = {
+  queries: 0,
+  sqlMs: 0,
+  wallMs: 0,
+  rowsRead: 0,
+  rowsWritten: 0,
+  phases: {},
+};
+
+export function resetD1Timing(): void {
+  (globalThis as any).__d1Timing__ = { ...EMPTY, phases: {} };
+}
+
+export function getD1Timing(): D1TimingContext {
+  return (globalThis as any).__d1Timing__ || { ...EMPTY, phases: {} };
+}
+
+/**
+ * Measure a named phase and accumulate into the timing context.
+ * Usage:
+ *   const result = await measurePhase('chain', () => checkTokenBalance(...));
+ *
+ * Multiple calls to the same phase name accumulate (additive).
+ */
+export async function measurePhase<T>(name: string, fn: () => Promise<T>): Promise<T> {
+  const t0 = performance.now();
+  try {
+    return await fn();
+  } finally {
+    const t: D1TimingContext = (globalThis as any).__d1Timing__;
+    if (t) {
+      const dur = performance.now() - t0;
+      t.phases[name] = (t.phases[name] || 0) + dur;
+    }
+  }
+}
+
+/** Record a phase duration directly (for non-Promise code paths). */
+export function recordPhase(name: string, durationMs: number): void {
+  const t: D1TimingContext = (globalThis as any).__d1Timing__;
+  if (!t) return;
+  t.phases[name] = (t.phases[name] || 0) + durationMs;
+}
+
+/** Record a single D1 call (.all / .run / .first) */
+export function recordQuery(meta: any, wallMs: number): void {
+  const t: D1TimingContext = (globalThis as any).__d1Timing__;
+  if (!t) return;
+  t.queries++;
+  t.sqlMs += meta?.duration ?? 0;
+  t.wallMs += wallMs;
+  t.rowsRead += meta?.rows_read ?? 0;
+  t.rowsWritten += meta?.rows_written ?? 0;
+}
+
+/** Record a db.batch() call — each result in the array has its own meta */
+export function recordBatch(results: any[], wallMs: number): void {
+  const t: D1TimingContext = (globalThis as any).__d1Timing__;
+  if (!t) return;
+  for (const r of results) {
+    t.queries++;
+    t.sqlMs += r?.meta?.duration ?? 0;
+    t.rowsRead += r?.meta?.rows_read ?? 0;
+    t.rowsWritten += r?.meta?.rows_written ?? 0;
+  }
+  t.wallMs += wallMs;
+}

package/cloudflare/shims/sequelize-d1/types.ts

@@ -0,0 +1,35 @@
+// Minimal type stubs to satisfy Sequelize type imports
+
+export type WhereOptions = Record<string | symbol, any>;
+
+export type FindOptions = {
+  where?: WhereOptions;
+  include?: any[];
+  order?: any[];
+  limit?: number;
+  offset?: number;
+  attributes?: string[] | { include?: any[]; exclude?: string[] };
+  group?: string | string[];
+  having?: any;
+  transaction?: any;
+  lock?: any;
+  raw?: boolean;
+  paranoid?: boolean;
+  distinct?: boolean;
+  subQuery?: boolean;
+};
+
+export type CreateOptions = { transaction?: any; returning?: boolean };
+export type UpdateOptions = { where?: WhereOptions; transaction?: any; returning?: boolean };
+export type DestroyOptions = { where?: WhereOptions; transaction?: any; truncate?: boolean };
+
+// These are used as type-only in model declarations
+export type InferAttributes<T, _Options extends object = never> = T;
+export type InferCreationAttributes<T, _Options extends object = never> = Partial<T>;
+export type CreationOptional<T> = T | undefined;
+
+// Sequelize OrderItem type
+export type OrderItem = [any, string] | string | any;
+
+// ModelStatic type — used in some places
+export type ModelStatic<M> = { new (): M; [key: string]: any };

package/cloudflare/shims/stripe-cf.ts

@@ -0,0 +1,29 @@
+// Stripe shim for CF Workers
+// Wraps the real Stripe constructor to auto-inject fetch HTTP client
+// The real Stripe package is loaded directly (not through alias) via the
+// esbuild plugin that excludes this file from the stripe alias.
+
+// @ts-ignore — this import is resolved by esbuild to the real stripe package
+import OriginalStripe from '__real_stripe__';
+
+// Wrap constructor to inject fetch HTTP client
+function StripeWrapper(this: any, apiKey: string, config: any = {}) {
+  const cfConfig = {
+    ...config,
+    httpClient: (OriginalStripe as any).createFetchHttpClient(),
+  };
+  return new (OriginalStripe as any)(apiKey, cfConfig);
+}
+
+// Copy all static properties
+Object.keys(OriginalStripe).forEach((key) => {
+  (StripeWrapper as any)[key] = (OriginalStripe as any)[key];
+});
+Object.setPrototypeOf(StripeWrapper, OriginalStripe);
+Object.setPrototypeOf(StripeWrapper.prototype, (OriginalStripe as any).prototype);
+
+// Also copy createFetchHttpClient for direct usage
+(StripeWrapper as any).createFetchHttpClient = (OriginalStripe as any).createFetchHttpClient;
+
+export default StripeWrapper;
+export { StripeWrapper as Stripe };