payment-kit 1.27.2 → 1.29.0

package/cloudflare/shims/cron.ts

@@ -0,0 +1,189 @@
+// @abtnode/cron shim for CF Cron Triggers
+//
+// The real @abtnode/cron exports { init } where init({ context, jobs, onError }) registers jobs.
+// In CF Workers, we store the jobs and execute them via the scheduled() handler.
+//
+// The shim parses 6-field cron expressions (sec min hour day month weekday)
+// and only runs jobs whose schedule matches the current 5-minute window.
+
+type CronJob = {
+  name: string;
+  time: string;
+  fn: () => Promise<any> | any;
+  options?: { runOnInit?: boolean };
+};
+
+type InitOptions = {
+  context?: any;
+  jobs: CronJob[];
+  onError?: (error: Error, name: string) => void;
+};
+
+// Singleton storage for registered cron jobs
+const registeredJobs: CronJob[] = [];
+let onErrorHandler: ((error: Error, name: string) => void) | undefined;
+
+// --- Cron expression matcher ---
+// Supports 6-field format: second minute hour dayOfMonth month dayOfWeek
+// Supports: numbers, *, */N, ranges (1-5), lists (1,3,5)
+
+function parseField(field: string, min: number, max: number): number[] | null {
+  // null means "match all"
+  if (field === '*') return null;
+
+  const values = new Set<number>();
+
+  for (const part of field.split(',')) {
+    // */N — every N
+    const stepMatch = part.match(/^\*\/(\d+)$/);
+    if (stepMatch) {
+      const step = parseInt(stepMatch[1], 10);
+      for (let i = min; i <= max; i += step) {
+        values.add(i);
+      }
+      continue;
+    }
+
+    // N-M — range
+    const rangeMatch = part.match(/^(\d+)-(\d+)$/);
+    if (rangeMatch) {
+      const from = parseInt(rangeMatch[1], 10);
+      const to = parseInt(rangeMatch[2], 10);
+      for (let i = from; i <= to; i++) {
+        values.add(i);
+      }
+      continue;
+    }
+
+    // N — single value
+    const num = parseInt(part, 10);
+    if (!isNaN(num)) {
+      values.add(num);
+    }
+  }
+
+  return values.size > 0 ? Array.from(values) : null;
+}
+
+/**
+ * Check if a date matches a 6-field cron expression.
+ * Returns true if the date's minute/hour/day/month/weekday match.
+ * Seconds field is ignored (CF triggers are minute-level).
+ */
+function matchesCron(cronExpr: string, date: Date): boolean {
+  const fields = cronExpr.trim().split(/\s+/);
+  if (fields.length < 5) return true; // Can't parse — run it
+
+  // 6-field: sec min hour dom month dow
+  // 5-field: min hour dom month dow
+  const offset = fields.length >= 6 ? 1 : 0;
+
+  const minuteField = parseField(fields[offset], 0, 59);
+  const hourField = parseField(fields[offset + 1], 0, 23);
+  const domField = parseField(fields[offset + 2], 1, 31);
+  const monthField = parseField(fields[offset + 3], 0, 11); // cron months are 1-12, JS is 0-11
+  const dowField = parseField(fields[offset + 4], 0, 6);
+
+  const m = date.getUTCMinutes();
+  const h = date.getUTCHours();
+  const dom = date.getUTCDate();
+  const month = date.getUTCMonth() + 1; // JS 0-based → cron 1-based
+  const dow = date.getUTCDay(); // 0=Sunday
+
+  if (minuteField && !minuteField.includes(m)) return false;
+  if (hourField && !hourField.includes(h)) return false;
+  if (domField && !domField.includes(dom)) return false;
+  if (monthField && !monthField.includes(month)) return false;
+  if (dowField && !dowField.includes(dow)) return false;
+
+  return true;
+}
+
+// Check if a cron expression should fire at the given date (minute-level match).
+//
+// History: this helper previously used a 5-minute look-ahead window, under the
+// assumption that CF Cron Triggers fire every 5 minutes. Once the deploy config
+// switched to every-minute cron, that window made every stepped expression fire
+// 5x more often than intended, driving CF Queues past the free-tier daily cap
+// (2026-04-17 incident). With CF Scheduled firing every minute, we only check
+// the current minute — each cron expression triggers at its designed frequency.
+// See docs/cf-queues-ops-alert-analysis.md § 改动 B.
+function shouldRunInWindow(cronExpr: string, date: Date): boolean {
+  return matchesCron(cronExpr, date);
+}
+
+// --- Cron shim API ---
+
+function init(options: InitOptions) {
+  registeredJobs.length = 0;
+  onErrorHandler = options.onError;
+
+  for (const job of options.jobs || []) {
+    if (job.name && job.time && typeof job.fn === 'function') {
+      registeredJobs.push(job);
+    }
+  }
+
+  // Skip runOnInit jobs in CF Workers — they'll run on the next matching trigger
+  // (running them at module init time would block the request and may exceed CPU limits)
+
+  return {
+    addJob(name: string, time: string, fn: Function, opts?: any) {
+      registeredJobs.push({ name, time, fn: fn as any, options: opts });
+    },
+    start() { /* no-op */ },
+  };
+}
+
+// Called by worker.ts scheduled handler — only runs jobs matching the trigger time.
+// Accepts an optional `now` so the caller can pass `event.scheduledTime` (the
+// intended trigger minute) instead of relying on wall-clock at execution time.
+// CF may deliver scheduled events with a small delay that crosses a minute
+// boundary; matching on `scheduledTime` keeps exact-minute cron reliable.
+async function runAll(now: Date = new Date()) {
+  const matched: string[] = [];
+  const skipped: string[] = [];
+
+  for (const job of registeredJobs) {
+    if (shouldRunInWindow(job.time, now)) {
+      matched.push(job.name);
+      try {
+        await job.fn();
+      } catch (err: any) {
+        console.error(`[Cron] ${job.name} failed:`, err?.message || err);
+        onErrorHandler?.(err, job.name);
+      }
+    } else {
+      skipped.push(job.name);
+    }
+  }
+
+  console.log(`[Cron] Ran ${matched.length} jobs: [${matched.join(', ')}]. Skipped ${skipped.length}.`);
+}
+
+async function runJob(name: string) {
+  const job = registeredJobs.find((j) => j.name === name);
+  if (job) {
+    try {
+      await job.fn();
+    } catch (err: any) {
+      console.error(`[Cron] ${name} failed:`, err?.message || err);
+      onErrorHandler?.(err, name);
+    }
+  } else {
+    console.warn(`[Cron] Job ${name} not found`);
+  }
+}
+
+function getJobNames(): string[] {
+  return registeredJobs.map((j) => `${j.name} (${j.time})`);
+}
+
+// Export matching @abtnode/cron API: default export is { init }
+export default { init };
+
+// Export helper functions for the worker.ts scheduled handler
+export const cronInstance = { runAll, runJob, getJobNames };
+
+// Exported for unit tests; not part of the public cron API.
+export const __test__ = { matchesCron, shouldRunInWindow };

package/cloudflare/shims/crypto-js-warn.ts

@@ -0,0 +1,7 @@
+// crypto-js shim — warns when AES legacy encryption is attempted in CF Workers
+const warn = (method: string) =>
+  console.warn(`[cf-shim] crypto-js/${method} called — legacy AES crypto is not available in CF Workers`);
+
+export const encrypt = (..._args: any[]) => { warn('aes.encrypt'); return ''; };
+export const decrypt = (..._args: any[]) => { warn('aes.decrypt'); return ''; };
+export default { encrypt, decrypt };

package/cloudflare/shims/did-space-js.ts

@@ -0,0 +1,17 @@
+// noop shim for @blocklet/did-space-js in CF Workers
+const noop = (..._args: any[]) => {};
+
+export class SpaceClient {
+  constructor(..._args: any[]) {}
+  send = noop;
+}
+
+export class GetObjectCommand {
+  constructor(..._args: any[]) {}
+}
+
+export class PutObjectCommand {
+  constructor(..._args: any[]) {}
+}
+
+export default { SpaceClient, GetObjectCommand, PutObjectCommand };

package/cloudflare/shims/did-space.ts

@@ -0,0 +1,11 @@
+// @blocklet/did-space-js shim
+export class SpaceClient {
+  constructor(_opts?: any) {}
+  async send(_cmd: any) { return {}; }
+}
+export class GetObjectCommand {
+  constructor(_opts?: any) {}
+}
+export class PutObjectCommand {
+  constructor(_opts?: any) {}
+}

package/cloudflare/shims/error.ts

@@ -0,0 +1,18 @@
+export class CustomError extends Error {
+  statusCode: number;
+  code: string;
+
+  constructor(statusCode: number, code: string, message?: string) {
+    super(message || code);
+    this.statusCode = statusCode;
+    this.code = code;
+  }
+}
+
+export function formatError(err: any) {
+  return { code: err.code || 'UNKNOWN', message: err.message };
+}
+
+export function getStatusFromError(err: any) {
+  return err.statusCode || 500;
+}

package/cloudflare/shims/express-compat/index.ts

@@ -0,0 +1,80 @@
+// Express compatibility shim for CF Workers
+// Allows existing Express route handlers to work with Hono
+
+export type RouteEntry = { method: string; path: string; handlers: Function[] };
+
+export function Router() {
+  const routes: RouteEntry[] = [];
+  const middlewares: Function[] = [];
+
+  const router: any = function () {};
+
+  for (const method of ['get', 'post', 'put', 'patch', 'delete']) {
+    router[method] = (path: string, ...handlers: Function[]) => {
+      routes.push({ method: method.toUpperCase(), path, handlers: [...middlewares, ...handlers] });
+      return router;
+    };
+  }
+
+  router.use = (...args: any[]) => {
+    if (typeof args[0] === 'string') {
+      // router.use('/path', ...middlewaresOrSubRouter)
+      const path = args[0];
+      const rest = args.slice(1);
+
+      // Find the sub-router (has _routes) — it's typically the last arg
+      const subRouterIdx = rest.findIndex((a: any) => a?._routes);
+      if (subRouterIdx >= 0) {
+        const subRouter = rest[subRouterIdx];
+        // Middlewares are everything before the sub-router
+        const pathMiddlewares = rest.slice(0, subRouterIdx).filter((a: any) => typeof a === 'function');
+
+        for (const route of subRouter._routes) {
+          routes.push({
+            method: route.method,
+            path: path + route.path,
+            // Chain: parent middlewares -> path-level middlewares -> sub-router middlewares from route
+            handlers: [...middlewares, ...pathMiddlewares, ...route.handlers],
+          });
+        }
+      } else {
+        // All args are middlewares for this path — treat as path-scoped middleware
+        for (const fn of rest) {
+          if (typeof fn === 'function') {
+            // We store path-scoped middlewares as a special route entry
+            // They'll match any method and sub-path
+            middlewares.push(fn);
+          }
+        }
+      }
+    } else {
+      // router.use(middleware1, middleware2, ...)
+      for (const fn of args) {
+        if (typeof fn === 'function') {
+          middlewares.push(fn);
+        }
+      }
+    }
+    return router;
+  };
+
+  router._routes = routes;
+  router._middlewares = middlewares;
+
+  return router;
+}
+
+// Express app stub
+export function express() {
+  return Router();
+}
+
+// Static middleware stubs
+express.json = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+express.urlencoded = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+express.static = (_path: string, _opts?: any) => (_req: any, _res: any, next: any) => next();
+express.Router = Router;
+express.raw = (_opts?: any) => (_req: any, _res: any, next: any) => next();
+
+export default express;
+export type { Request, Response, NextFunction, ErrorRequestHandler } from './types';

package/cloudflare/shims/express-compat/types.ts

@@ -0,0 +1,41 @@
+// Express type stubs
+export interface Request {
+  method: string;
+  path: string;
+  url: string;
+  originalUrl: string;
+  query: Record<string, any>;
+  params: Record<string, any>;
+  body: any;
+  headers: Record<string, string>;
+  user?: any;
+  customer?: any;
+  livemode?: boolean;
+  baseCurrency?: any;
+  doc?: any;
+  stripeEvent?: any;
+  stripeClient?: any;
+  get(name: string): string | undefined;
+  header(name: string): string | undefined;
+  [key: string]: any;
+}
+
+export interface Response {
+  json(data: any): any;
+  status(code: number): Response;
+  send(data: any): any;
+  redirect(url: string): any;
+  set(key: string, value: string): Response;
+  setHeader(key: string, value: string): Response;
+  cookie(name: string, value: string, options?: any): Response;
+  end(): void;
+  headersSent: boolean;
+  statusCode: number;
+  _statusCode?: number;
+  _headers?: Record<string, string>;
+  _body?: any;
+  _sent?: boolean;
+}
+
+export type NextFunction = (err?: any) => void;
+export type ErrorRequestHandler = (err: any, req: Request, res: Response, next: NextFunction) => void;

package/cloudflare/shims/fastq.ts

@@ -0,0 +1,105 @@
+// fastq shim for CF Workers
+// Executes jobs serially with proper callback handling.
+//
+// Key design decisions:
+// 1. The original queue's worker is `async (data, cb) => { ... }` — it's both
+//    async (returns a promise) AND manually calls cb(). We must handle BOTH signals.
+// 2. If cb is called, that's the primary completion signal (with err/result).
+// 3. If the async worker's promise resolves WITHOUT cb being called (e.g.,
+//    ensureUniqueExecution early-return when job is already running), we must
+//    still resolve to avoid hanging the processQueue loop.
+// 4. If the promise rejects without cb being called, forward the error to cb.
+
+type Task = { data: any; cb?: Function };
+
+export default function fastq(_context: any, worker: Function, _concurrency: number) {
+  const pending: Task[] = [];
+  let running = false;
+  let drainFn: (() => void) | null = null;
+
+  async function processQueue() {
+    if (running) return;
+    running = true;
+
+    while (pending.length > 0) {
+      const task = pending.shift()!;
+      try {
+        await new Promise<void>((resolve) => {
+          let cbCalled = false;
+
+          // Wrap the callback so we track whether it was called
+          const wrappedCb = (err: any, res: any) => {
+            if (cbCalled) return; // guard against double-call
+            cbCalled = true;
+            task.cb?.(err, res);
+            resolve();
+          };
+
+          const result = worker(task.data, wrappedCb);
+
+          // Handle async workers that may resolve/reject without calling cb
+          if (result && typeof result.then === 'function') {
+            result.then(
+              () => {
+                // Worker's promise resolved. If cb wasn't called, the worker
+                // completed without signaling (e.g., duplicate job early-return).
+                // Resolve the processQueue loop to avoid hanging.
+                if (!cbCalled) {
+                  console.warn('[fastq-shim] worker resolved without calling cb — resolving with no-op');
+                  cbCalled = true;
+                  resolve();
+                }
+              },
+              (err: any) => {
+                // Worker's promise rejected without calling cb
+                if (!cbCalled) {
+                  console.error('[fastq-shim] worker rejected without calling cb:', err);
+                  cbCalled = true;
+                  task.cb?.(err);
+                  resolve();
+                }
+              }
+            );
+          }
+        });
+      } catch (err) {
+        console.error('[fastq-shim] unexpected error in processQueue:', err);
+        task.cb?.(err);
+      }
+    }
+
+    running = false;
+    if (pending.length === 0 && drainFn) {
+      drainFn();
+    }
+  }
+
+  const q: any = {
+    push(data: any, cb?: Function) {
+      pending.push({ data, cb });
+      // Use queueMicrotask to allow the push caller to set up event listeners
+      // before the job starts executing
+      queueMicrotask(() => processQueue());
+    },
+    unshift(data: any, cb?: Function) {
+      pending.unshift({ data, cb });
+      queueMicrotask(() => processQueue());
+    },
+    pause() {},
+    resume() {},
+    idle() { return pending.length === 0 && !running; },
+    length() { return pending.length; },
+    kill() { pending.length = 0; },
+    killAndDrain() {
+      pending.length = 0;
+      if (drainFn) drainFn();
+    },
+    get drain() { return drainFn; },
+    set drain(fn: any) { drainFn = fn; },
+    empty: null as any,
+    saturated: null as any,
+    error: null as any,
+  };
+
+  return q;
+}

package/cloudflare/shims/lock.ts

@@ -0,0 +1,115 @@
+// CF Workers lock shim — replaces libs/lock.ts
+//
+// In Blocklet Server (single-process Node.js), the original in-memory lock works fine.
+// In CF Workers, each HTTP request runs in a separate isolate, so in-memory locks
+// are useless for cross-request mutual exclusion.
+//
+// This shim uses D1 (SQLite) as the coordination layer:
+// - INSERT OR IGNORE with PRIMARY KEY constraint provides atomic lock acquisition
+// - owner token prevents accidental release by other isolates
+// - TTL-based expiry prevents deadlocks from crashed isolates
+// - Exponential backoff with jitter avoids D1 write hotspots
+
+import { getDB } from './sequelize-d1/model';
+
+let _nanoidCounter = 0;
+function simpleId(): string {
+  // Lightweight unique ID — no need for crypto-strength randomness for lock owners
+  return `${Date.now().toString(36)}-${(++_nanoidCounter).toString(36)}-${Math.random().toString(36).slice(2, 6)}`;
+}
+
+export class Lock {
+  name: string;
+  owner: string;
+  locked: boolean;
+  ttl: number;
+
+  // EventEmitter stub for API compatibility — original Lock extends EventEmitter
+  events: { on: () => void; removeListener: () => void; emit: () => void };
+
+  constructor(name: string, options?: { ttl?: number }) {
+    this.name = name;
+    this.owner = simpleId();
+    this.locked = false;
+    this.ttl = options?.ttl || 5000; // default 5s TTL for short critical sections
+    this.events = { on: () => {}, removeListener: () => {}, emit: () => {} };
+  }
+
+  async acquire(maxWaitMs = 10000): Promise<true> {
+    const db = getDB();
+    const deadline = Date.now() + maxWaitMs;
+    let delay = 30; // start at 30ms
+
+    while (Date.now() < deadline) {
+      const now = Date.now();
+
+      try {
+        // Atomically: clean expired locks + try to insert ours + verify ownership
+        // All 3 statements in a single D1 batch (1 round-trip instead of 2)
+        const batchResult = await db.batch([
+          db.prepare('DELETE FROM _locks WHERE name = ? AND expires_at < ?').bind(this.name, now),
+          db.prepare('INSERT OR IGNORE INTO _locks (name, owner, expires_at) VALUES (?, ?, ?)')
+            .bind(this.name, this.owner, now + this.ttl),
+          db.prepare('SELECT owner FROM _locks WHERE name = ?').bind(this.name),
+        ]);
+
+        const row = batchResult[2]?.results?.[0] as { owner: string } | undefined;
+        if (row?.owner === this.owner) {
+          this.locked = true;
+          return true;
+        }
+      } catch (err: any) {
+        // D1 errors (e.g. table not found on first deploy) — log and retry
+        console.error(`[D1Lock] acquire error for "${this.name}":`, err?.message || err);
+      }
+
+      // Exponential backoff with jitter to avoid D1 write hotspots
+      const jitter = Math.random() * delay * 0.3;
+      await new Promise(r => setTimeout(r, delay + jitter));
+      delay = Math.min(delay * 2, 500); // cap at 500ms
+    }
+
+    // Timeout — throw to match original behavior where acquire() always resolves
+    // All callers use try/catch or don't check the return value
+    console.warn(`[D1Lock] acquire timeout: "${this.name}" after ${maxWaitMs}ms`);
+    throw new Error(`[D1Lock] Failed to acquire lock "${this.name}" within ${maxWaitMs}ms`);
+  }
+
+  release(): void {
+    if (!this.locked) return;
+    this.locked = false;
+
+    // Fire-and-forget: 8 out of 10 call sites do NOT await release().
+    // We register the promise with __cfPendingJobs__ so flushPendingJobs()
+    // in worker.ts ensures it completes before the response is sent.
+    try {
+      const db = getDB();
+      const promise = db.prepare('DELETE FROM _locks WHERE name = ? AND owner = ?')
+        .bind(this.name, this.owner)
+        .run()
+        .catch((err: any) => console.error(`[D1Lock] release error for "${this.name}":`, err?.message || err));
+
+      // For HTTP context, use waitUntil (non-blocking) instead of pendingJobs (blocking)
+      const isHttp = (globalThis as any).__cfHttpContext__;
+      if (isHttp) {
+        const waitUntil = (globalThis as any).__cfWaitUntil__;
+        if (typeof waitUntil === 'function') {
+          waitUntil(promise);
+        }
+      } else {
+        const pending = (globalThis as any).__cfPendingJobs__;
+        if (Array.isArray(pending)) {
+          pending.push(promise);
+        }
+      }
+    } catch (err: any) {
+      console.error(`[D1Lock] release setup error for "${this.name}":`, err?.message || err);
+    }
+  }
+}
+
+// In CF Workers, don't cache Lock instances across requests — each request is isolated.
+// The original code caches by name, but that's only useful within a single process.
+export function getLock(name: string, options?: { ttl?: number }): Lock {
+  return new Lock(name, options);
+}

package/cloudflare/shims/mime-types.ts

@@ -0,0 +1,56 @@
+// Lightweight mime-types shim — avoids bundling the full 295KB mime-db
+// Only includes types actually used in payment-kit API routes
+
+const types: Record<string, string> = {
+  '.html': 'text/html',
+  '.htm': 'text/html',
+  '.json': 'application/json',
+  '.js': 'application/javascript',
+  '.mjs': 'application/javascript',
+  '.css': 'text/css',
+  '.txt': 'text/plain',
+  '.xml': 'application/xml',
+  '.png': 'image/png',
+  '.jpg': 'image/jpeg',
+  '.jpeg': 'image/jpeg',
+  '.gif': 'image/gif',
+  '.svg': 'image/svg+xml',
+  '.webp': 'image/webp',
+  '.ico': 'image/x-icon',
+  '.woff': 'font/woff',
+  '.woff2': 'font/woff2',
+  '.pdf': 'application/pdf',
+  '.zip': 'application/zip',
+  '.csv': 'text/csv',
+  '.mp4': 'video/mp4',
+  '.webm': 'video/webm',
+  '.mp3': 'audio/mpeg',
+  '.wav': 'audio/wav',
+  '.bin': 'application/octet-stream',
+};
+
+const extensions: Record<string, string> = {};
+for (const [ext, mime] of Object.entries(types)) {
+  extensions[mime] = ext;
+}
+
+export function lookup(path: string): string | false {
+  const ext = '.' + path.split('.').pop()?.toLowerCase();
+  return types[ext] || false;
+}
+
+export function contentType(typeOrPath: string): string | false {
+  const mime = typeOrPath.includes('/') ? typeOrPath : lookup(typeOrPath);
+  if (!mime) return false;
+  if (mime.startsWith('text/')) return `${mime}; charset=utf-8`;
+  return mime;
+}
+
+export function extension(mime: string): string | false {
+  return extensions[mime]?.slice(1) || false;
+}
+
+export const charset = (_mime: string) => 'UTF-8';
+export const charsets = { lookup: charset };
+
+export default { lookup, contentType, extension, charset, charsets, types };

package/cloudflare/shims/nedb-storage.ts

@@ -0,0 +1,9 @@
+// NeDB → D1 storage shim for DID Connect sessions
+export default class AuthStorage {
+  constructor(_opts?: any) {}
+  create(_id: string, _data: any) { return Promise.resolve(); }
+  read(_id: string) { return Promise.resolve(null); }
+  update(_id: string, _data: any) { return Promise.resolve(); }
+  delete(_id: string) { return Promise.resolve(); }
+  on(_event: string, _fn: Function) {}
+}

package/cloudflare/shims/node-child-process.ts

@@ -0,0 +1,9 @@
+// child_process shim
+export function exec(_cmd: any, _opts: any, cb?: any) {
+  if (typeof _opts === 'function') { cb = _opts; }
+  if (cb) cb(new Error('child_process not available in CF Workers'));
+}
+export function execSync() { throw new Error('child_process not available in CF Workers'); }
+export function spawn() { throw new Error('child_process not available in CF Workers'); }
+export function fork() { throw new Error('child_process not available in CF Workers'); }
+export default { exec, execSync, spawn, fork };