npm - shieldpay-api-sdkjs - Versions diffs - 2.0.0 - Mend

shieldpay-api-sdkjs 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,63 @@
+# shieldpay-sdk
+Official JavaScript/TypeScript SDK for the [ShieldPay API](https://hnow.info).
+Anti-spam, VPN blocking, email authentication, and PayPal payments — all in one package.
+## Install
+```bash
+npm install shieldpay-sdk
+```
+## Quick Start
+```js
+import { ShieldPay } from 'shieldpay-sdk'
+const sp = new ShieldPay({ apiKey: 'sk_live_YOUR_KEY' })
+// All calls go to: https://hnow.info/api/worker=sk_live_YOUR_KEY/...
+// Create a PayPal payment
+const order = await sp.payment.create({
+  amount: 49.99,
+  currency: 'CHF',
+  return_url: 'https://yoursite.com/success',
+  cancel_url: 'https://yoursite.com/cancel',
+})
+window.location.href = order.approve_url // redirect to PayPal
+// After PayPal redirects back, capture
+const captured = await sp.payment.capture(orderId)
+// Check IP reputation (Pro: real IPQS check)
+const ip = await sp.security.checkIp('1.2.3.4')
+// Passwordless email auth for your users
+const { token } = await sp.auth.createToken('user@email.com')
+const { verified } = await sp.auth.verifyToken(token)
+```
+## API Endpoint
+Your API key is embedded in the URL — no headers needed:
+```
+https://hnow.info/api/worker=sk_live_YOUR_KEY/payment/create
+https://hnow.info/api/worker=sk_live_YOUR_KEY/security/check-ip
+https://hnow.info/api/worker=sk_live_YOUR_KEY/me
+```
+## Plans
+| Feature | Free | Pro (1 CHF/mo) |
+|---|---|---|
+| PayPal payments | ✓ | ✓ |
+| Transaction fee | 2% | **0%** |
+| VPN/Tor blocking | Basic | Full IPQS |
+| Auto-fallback | ✗ | ✓ |
+| Email alerts | ✗ | ✓ |
+## Docs
+Full documentation: [https://hnow.info/SDK/docs/](https://hnow.info/SDK/docs/)

package/docs/index.html ADDED Viewed

@@ -0,0 +1,412 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1.0">
+<title>ShieldPay SDK v2 — Docs</title>
+<link href="https://fonts.googleapis.com/css2?family=Syne:wght@700;800&family=DM+Mono:wght@400;500&family=DM+Sans:wght@300;400;500&display=swap" rel="stylesheet">
+<style>
+:root{--bg:#0a0a0f;--surface:#111118;--border:#1e1e2e;--accent:#7c6aff;--accent2:#00e5c0;--danger:#ff4e6a;--warn:#ffb347;--text:#e8e8f0;--muted:#6b6b80;--card:#13131f}
+*,*::before,*::after{box-sizing:border-box;margin:0;padding:0}
+body{background:var(--bg);color:var(--text);font-family:'DM Sans',sans-serif;display:flex;min-height:100vh;line-height:1.6}
+.sidebar{width:265px;border-right:1px solid var(--border);padding:0;flex-shrink:0;position:sticky;top:0;height:100vh;overflow-y:auto;background:var(--surface)}
+.sidebar-top{padding:1.5rem 1.5rem 1rem;border-bottom:1px solid var(--border)}
+.logo{font-family:'Syne',sans-serif;font-weight:800;font-size:1.15rem;color:var(--text);text-decoration:none;display:block;margin-bottom:.4rem}.logo span{color:var(--accent)}
+.version-chip{font-family:'DM Mono',monospace;font-size:.68rem;background:rgba(124,106,255,.12);border:1px solid rgba(124,106,255,.25);color:var(--accent);padding:.15rem .55rem;border-radius:100px}
+.nav-section{padding:.5rem 1.5rem .2rem;font-family:'DM Mono',monospace;font-size:.65rem;color:var(--muted);text-transform:uppercase;letter-spacing:.12em;margin-top:.5rem}
+.sidebar nav a{display:block;padding:.45rem 1.5rem;color:var(--muted);text-decoration:none;font-size:.84rem;border-left:2px solid transparent;transition:all .15s}
+.sidebar nav a:hover{color:var(--text);background:rgba(124,106,255,.04);text-decoration:none}
+.sidebar nav a.active{color:var(--text);border-left-color:var(--accent);background:rgba(124,106,255,.07)}
+.main{flex:1;padding:3.5rem 4rem;max-width:860px}
+h1{font-family:'Syne',sans-serif;font-size:2.3rem;font-weight:800;letter-spacing:-.04em;margin-bottom:.5rem}
+h2{font-family:'Syne',sans-serif;font-size:1.45rem;font-weight:800;letter-spacing:-.03em;margin:3rem 0 .9rem;padding-top:3rem;border-top:1px solid var(--border)}
+h2:first-of-type{border:none;padding:0;margin-top:1rem}
+h3{font-family:'Syne',sans-serif;font-size:1rem;font-weight:700;margin:1.6rem 0 .5rem;color:var(--accent2)}
+h4{font-family:'DM Mono',monospace;font-size:.85rem;font-weight:500;color:var(--text);margin:.8rem 0 .3rem}
+p{color:var(--muted);line-height:1.75;margin-bottom:.9rem;font-size:.93rem}
+a{color:var(--accent);text-decoration:none}a:hover{text-decoration:underline}
+pre{background:var(--card);border:1px solid var(--border);border-radius:10px;padding:1.25rem 1.5rem;overflow-x:auto;margin:1rem 0;font-family:'DM Mono',monospace;font-size:.81rem;line-height:1.75;position:relative}
+code{font-family:'DM Mono',monospace;font-size:.83rem;background:rgba(124,106,255,.1);padding:.12rem .38rem;border-radius:4px;color:var(--accent)}
+pre code{background:none;padding:0;color:inherit;font-size:inherit}
+.kw{color:var(--accent2)}.st{color:#ffcb6b}.nm{color:#f78c6c}.cm{color:#4a5568;font-style:italic}.prop{color:#82aaff}.type{color:#c792ea}
+.badge{display:inline-flex;align-items:center;padding:.18rem .55rem;border-radius:100px;font-family:'DM Mono',monospace;font-size:.7rem;font-weight:700;margin-left:.4rem;vertical-align:middle}
+.b-get{background:rgba(0,229,192,.08);color:var(--accent2);border:1px solid rgba(0,229,192,.25)}
+.b-post{background:rgba(124,106,255,.1);color:var(--accent);border:1px solid rgba(124,106,255,.25)}
+.b-pro{background:rgba(255,179,71,.08);color:var(--warn);border:1px solid rgba(255,179,71,.25)}
+.b-free{background:rgba(107,107,128,.1);color:var(--muted);border:1px solid var(--border)}
+table{width:100%;border-collapse:collapse;margin:1rem 0;font-size:.86rem}
+th{text-align:left;padding:.55rem .75rem;color:var(--muted);font-size:.72rem;font-family:'DM Mono',monospace;text-transform:uppercase;letter-spacing:.06em;border-bottom:1px solid var(--border)}
+td{padding:.6rem .75rem;border-bottom:1px solid rgba(30,30,46,.5);color:var(--text);vertical-align:top}
+tr:last-child td{border:none}
+.param-name{font-family:'DM Mono',monospace;font-size:.82rem;color:var(--accent2)}
+.param-type{font-family:'DM Mono',monospace;font-size:.78rem;color:var(--type, #c792ea)}
+.param-req{color:var(--danger);font-size:.75rem}
+.alert{padding:.8rem 1rem;border-radius:8px;font-size:.86rem;margin:1rem 0;line-height:1.6}
+.alert-info{background:rgba(124,106,255,.07);border:1px solid rgba(124,106,255,.2);color:var(--accent)}
+.alert-warn{background:rgba(255,179,71,.07);border:1px solid rgba(255,179,71,.2);color:var(--warn)}
+.alert-success{background:rgba(0,229,192,.07);border:1px solid rgba(0,229,192,.2);color:var(--accent2)}
+.endpoint-line{display:flex;align-items:center;gap:.6rem;margin:.4rem 0;font-family:'DM Mono',monospace;font-size:.8rem}
+.plan-grid{display:grid;grid-template-columns:1fr 1fr;gap:1rem;margin:1rem 0}
+.plan-box{background:var(--card);border:1px solid var(--border);border-radius:11px;padding:1.2rem}
+.plan-box.pro{border-color:rgba(124,106,255,.4)}
+.plan-box h4{font-family:'Syne',sans-serif;font-weight:700;font-size:.95rem;margin-bottom:.7rem}
+.plan-box ul{list-style:none;font-size:.85rem;color:var(--muted)}
+.plan-box li{padding:.25rem 0;display:flex;gap:.5rem}.ck{color:var(--accent2)}.cx{color:var(--danger)}
+hr{border:none;border-top:1px solid var(--border);margin:2rem 0}
+@media(max-width:768px){.sidebar{display:none}.main{padding:2rem 1.5rem}}
+</style>
+</head>
+<body>
+<aside class="sidebar">
+  <div class="sidebar-top">
+    <a href="/" class="logo">Shield<span>Pay</span></a>
+    <span class="version-chip">v2.0.0</span>
+  </div>
+  <nav>
+    <div class="nav-section">Getting Started</div>
+    <a href="#install">Installation</a>
+    <a href="#quickstart">Quick Start</a>
+    <a href="#endpoint">API Endpoint</a>
+    <a href="#register">Registration</a>
+    <div class="nav-section">SDK Modules</div>
+    <a href="#payment">payment</a>
+    <a href="#auth">auth</a>
+    <a href="#security">security</a>
+    <a href="#account">account</a>
+    <div class="nav-section">REST API</div>
+    <a href="#endpoints">All Endpoints</a>
+    <a href="#errors">Errors & Codes</a>
+    <a href="#ratelimits">Rate Limits</a>
+    <div class="nav-section">Plans</div>
+    <a href="#plans">Free vs Pro</a>
+    <a href="#fees">Fee Calculation</a>
+    <div class="nav-section">Integration</div>
+    <a href="#webhooks">Webhooks</a>
+    <a href="#fallback">Auto-Fallback</a>
+    <div class="nav-section">Links</div>
+    <a href="/panel.php">Dashboard ↗</a>
+    <a href="/admin.php">Admin ↗</a>
+    <a href="/">Home ↗</a>
+  </nav>
+</aside>
+<main class="main">
+<h1>ShieldPay SDK</h1>
+<p>The official JavaScript/TypeScript SDK for the ShieldPay API — payments, anti-spam, VPN blocking, and email authentication in one package.</p>
+<div class="alert alert-info">
+  <strong>Base URL:</strong> <code>https://hnow.info/api/worker={YOUR_API_KEY}/{endpoint}</code><br>
+  Your API key is embedded directly in the URL path — no separate Authorization header needed.
+</div>
+<!-- INSTALL -->
+<h2 id="install">Installation</h2>
+<pre><span class="cm"># npm</span>
+npm install shieldpay-sdk
+<span class="cm"># yarn</span>
+yarn add shieldpay-sdk
+<span class="cm"># pnpm</span>
+pnpm add shieldpay-sdk</pre>
+<p>Works in Node.js ≥18, Deno, Bun, Cloudflare Workers, and all modern browsers. Uses the native <code>fetch</code> API — no dependencies.</p>
+<!-- QUICKSTART -->
+<h2 id="quickstart">Quick Start</h2>
+<pre><span class="kw">import</span> { ShieldPay } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
+<span class="cm">// 1. Initialize with your API key from the dashboard</span>
+<span class="kw">const</span> sp = <span class="kw">new</span> ShieldPay({ apiKey: <span class="st">'sk_live_YOUR_KEY'</span> })
+<span class="cm">// → All calls go to: https://hnow.info/api/worker=sk_live_YOUR_KEY/...</span>
+<span class="cm">// 2. Create a PayPal order</span>
+<span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({
+  amount:      <span class="nm">49.99</span>,
+  currency:    <span class="st">'CHF'</span>,
+  description: <span class="st">'Premium subscription'</span>,
+  return_url:  <span class="st">'https://yoursite.com/payment/success'</span>,
+  cancel_url:  <span class="st">'https://yoursite.com/payment/cancel'</span>,
+})
+<span class="cm">// 3. Redirect user to PayPal for approval</span>
+window.location.href = order.approve_url
+<span class="cm">// 4. After PayPal redirects back, capture the payment</span>
+<span class="cm">// (in your return_url handler)</span>
+<span class="kw">const</span> captured = <span class="kw">await</span> sp.payment.capture(orderId)
+console.log(captured.status) <span class="cm">// "COMPLETED"</span></pre>
+<!-- ENDPOINT -->
+<h2 id="endpoint">API Endpoint Format</h2>
+<p>ShieldPay uses a custom URL pattern that embeds your API key directly in the path. This makes it easy to call from any HTTP client without custom headers:</p>
+<pre><span class="cm"># Pattern</span>
+https://hnow.info/api/worker=<span class="nm">{API_KEY}</span>/<span class="nm">{endpoint}</span>
+<span class="cm"># Examples</span>
+GET  https://hnow.info/api/worker=sk_live_abc/me
+POST https://hnow.info/api/worker=sk_live_abc/payment/create
+GET  https://hnow.info/api/worker=sk_live_abc/payment/status?order_id=XYZ
+POST https://hnow.info/api/worker=sk_live_abc/security/check-ip</pre>
+<p>The <code>X-API-Key</code> header is also accepted for clients that prefer header-based auth. The SDK handles both automatically.</p>
+<pre><span class="cm">// Get your full endpoint URL</span>
+<span class="kw">const</span> sp  = <span class="kw">new</span> ShieldPay({ apiKey: <span class="st">'sk_live_abc'</span> })
+<span class="kw">const</span> url = sp.endpoint(<span class="st">'/payment/create'</span>)
+<span class="cm">// → "https://hnow.info/api/worker=sk_live_abc/payment/create"</span></pre>
+<!-- REGISTER -->
+<h2 id="register">Registration & Email Verification</h2>
+<p>Register a company and verify their email to receive an API key. These are <strong>static methods</strong> — no API key instance needed.</p>
+<pre><span class="kw">import</span> { ShieldPay } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
+<span class="cm">// 1. Register (anti-spam + VPN check runs automatically)</span>
+<span class="kw">const</span> reg = <span class="kw">await</span> ShieldPay.register({
+  company:  <span class="st">'Acme Corp'</span>,
+  email:    <span class="st">'hello@acme.com'</span>,
+  password: <span class="st">'securepassword123'</span>,
+})
+<span class="cm">// → { ok: true, message: "Account created. Check your email to verify." }</span>
+<span class="cm">// 2. User clicks the link in their email, which contains the token.
+//    Your app then calls:</span>
+<span class="kw">const</span> verified = <span class="kw">await</span> ShieldPay.verifyEmail(<span class="st">'TOKEN_FROM_EMAIL_LINK'</span>)
+<span class="cm">// → {
+//     ok:           true,
+//     api_key:      "sk_live_abc123...",
+//     api_endpoint: "https://hnow.info/api/worker=sk_live_abc123",
+//     message:      "Email verified! Use your API key to authenticate."
+//   }</span>
+<span class="cm">// 3. Store api_key securely and initialize</span>
+<span class="kw">const</span> sp = <span class="kw">new</span> ShieldPay({ apiKey: verified.api_key })</pre>
+<!-- PAYMENT -->
+<h2 id="payment">payment module</h2>
+<p>All PayPal order operations. Free plan: 2% fee deducted per transaction. Pro plan: 0% fee.</p>
+<h3>payment.create(params) <span class="badge b-post">POST</span></h3>
+<table>
+  <tr><th>Param</th><th>Type</th><th>Required</th><th>Default</th><th>Description</th></tr>
+  <tr><td class="param-name">amount</td><td class="param-type">number</td><td class="param-req">✓</td><td>—</td><td>Amount to charge (e.g. <code>49.99</code>)</td></tr>
+  <tr><td class="param-name">currency</td><td class="param-type">string</td><td></td><td><code>'CHF'</code></td><td>ISO 4217 currency code</td></tr>
+  <tr><td class="param-name">description</td><td class="param-type">string</td><td></td><td>—</td><td>Order description shown on PayPal</td></tr>
+  <tr><td class="param-name">return_url</td><td class="param-type">string</td><td></td><td>Dashboard</td><td>Redirect URL after successful payment</td></tr>
+  <tr><td class="param-name">cancel_url</td><td class="param-type">string</td><td></td><td>Dashboard</td><td>Redirect URL if user cancels</td></tr>
+</table>
+<pre><span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({
+  amount:   <span class="nm">25.00</span>,
+  currency: <span class="st">'CHF'</span>,
+})
+<span class="cm">// Response (Free plan):</span>
+<span class="cm">// {</span>
+<span class="cm">//   ok:          true,</span>
+<span class="cm">//   order_id:    "9XW12345AB",</span>
+<span class="cm">//   approve_url: "https://www.paypal.com/checkoutnow?token=...",</span>
+<span class="cm">//   amount:      25.00,</span>
+<span class="cm">//   fee:         0.50,    // 2% — 0 on Pro</span>
+<span class="cm">//   net_amount:  24.50,</span>
+<span class="cm">//   currency:    "CHF",</span>
+<span class="cm">//   plan:        "free",</span>
+<span class="cm">//   fee_note:    "2% ShieldPay fee: CHF 0.50. Upgrade to Pro for 0% fees."</span>
+<span class="cm">// }</span></pre>
+<h3>payment.capture(orderId) <span class="badge b-post">POST</span></h3>
+<p>Finalizes a payment after the user approves it on PayPal. Call this in your <code>return_url</code> handler. On Pro plan, if this fails, auto-fallback is triggered automatically.</p>
+<pre><span class="kw">const</span> result = <span class="kw">await</span> sp.payment.capture(<span class="st">'9XW12345AB'</span>)
+<span class="cm">// → { ok: true, captured: true, order_id: "...", status: "COMPLETED", payer: {...} }</span></pre>
+<h3>payment.status(orderId) <span class="badge b-get">GET</span></h3>
+<pre><span class="kw">const</span> s = <span class="kw">await</span> sp.payment.status(<span class="st">'9XW12345AB'</span>)
+<span class="cm">// → { ok: true, order_id: "...", status: "CREATED|APPROVED|COMPLETED", amount: {...} }</span></pre>
+<h3>payment.refund(captureId, amount?, note?) <span class="badge b-post">POST</span></h3>
+<pre><span class="cm">// Full refund</span>
+<span class="kw">await</span> sp.payment.refund(<span class="st">'CAPTURE_ID'</span>)
+<span class="cm">// Partial refund</span>
+<span class="kw">await</span> sp.payment.refund(<span class="st">'CAPTURE_ID'</span>, <span class="nm">10.00</span>, <span class="st">'Partial refund for returned item'</span>)</pre>
+<h3>payment.list(options?) <span class="badge b-get">GET</span></h3>
+<pre><span class="kw">const</span> { transactions } = <span class="kw">await</span> sp.payment.list({ limit: <span class="nm">50</span>, status: <span class="st">'completed'</span> })</pre>
+<!-- AUTH MODULE -->
+<h2 id="auth">auth module</h2>
+<p>Passwordless email token authentication for your end users. Issue a one-time token, send it by email, verify it on return.</p>
+<h3>auth.createToken(email) <span class="badge b-post">POST</span></h3>
+<pre><span class="kw">const</span> { token, expires_at } = <span class="kw">await</span> sp.auth.createToken(<span class="st">'user@email.com'</span>)
+<span class="cm">// Token expires in 15 minutes. Single-use.</span>
+<span class="cm">// Send this token to the user's email in a magic link.</span>
+<span class="cm">// Example magic link: https://yourapp.com/auth?token=TOKEN</span></pre>
+<h3>auth.verifyToken(token) <span class="badge b-post">POST</span></h3>
+<pre><span class="kw">const</span> result = <span class="kw">await</span> sp.auth.verifyToken(req.query.token)
+<span class="cm">// → { ok: true, verified: true, email: "user@email.com" }</span>
+<span class="cm">// If expired or already used:</span>
+<span class="cm">// throws ShieldPayError: "Invalid or expired token" (status 410)</span></pre>
+<!-- SECURITY MODULE -->
+<h2 id="security">security module</h2>
+<h3>security.checkIp(ip) <span class="badge b-post">POST</span> <span class="badge b-pro">Pro: IPQS</span></h3>
+<p>Free plan: checks manual blocklist and Cloudflare threat score. Pro plan: real-time IPQS reputation check (VPN, Tor, fraud score).</p>
+<pre><span class="kw">const</span> check = <span class="kw">await</span> sp.security.checkIp(<span class="st">'1.2.3.4'</span>)
+<span class="cm">// Clean IP:</span>
+<span class="cm">// → { ok: true, blocked: false, reason: null, country: "CH" }</span>
+<span class="cm">// VPN detected (Pro):</span>
+<span class="cm">// → { ok: true, blocked: true, reason: "Active VPN connection detected.", score: 92 }</span>
+<span class="cm">// Tor exit node:</span>
+<span class="cm">// → { ok: true, blocked: true, reason: "Tor exit node detected." }</span></pre>
+<h3>security.checkEmail(email) <span class="badge b-post">POST</span></h3>
+<pre><span class="kw">const</span> r = <span class="kw">await</span> sp.security.checkEmail(<span class="st">'test@mailinator.com'</span>)
+<span class="cm">// → { ok: true, blocked: true, reason: 'Disposable email domain "mailinator.com" is not allowed.' }</span></pre>
+<!-- ACCOUNT MODULE -->
+<h2 id="account">account module</h2>
+<h3>account.me() <span class="badge b-get">GET</span></h3>
+<pre><span class="kw">const</span> { user, plan, api_endpoint } = <span class="kw">await</span> sp.account.me()
+<span class="cm">// → { ok: true, user: { id, company, email, plan, ... }, plan: "pro",</span>
+<span class="cm">//     api_endpoint: "https://hnow.info/api/worker=sk_live_xxx" }</span></pre>
+<h3>account.health() <span class="badge b-get">GET</span></h3>
+<pre><span class="kw">const</span> status = <span class="kw">await</span> sp.account.health()
+<span class="cm">// → { ok: true, ts: 1735000000000, region: "ZRH" }</span></pre>
+<!-- ALL ENDPOINTS -->
+<h2 id="endpoints">All Endpoints</h2>
+<p>Base: <code>https://hnow.info/api/worker={KEY}</code></p>
+<table>
+  <tr><th>Method</th><th>Path</th><th>Auth</th><th>Plan</th><th>Description</th></tr>
+  <tr><td><span class="badge b-get">GET</span></td><td><code>/health</code></td><td>—</td><td>Any</td><td>Health check + region</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/register</code></td><td>—</td><td>Any</td><td>Register company (anti-spam check)</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/verify</code></td><td>—</td><td>Any</td><td>Verify email token → get API key</td></tr>
+  <tr><td><span class="badge b-get">GET</span></td><td><code>/me</code></td><td>✓</td><td>Any</td><td>Account info + plan</td></tr>
+  <tr><td><span class="badge b-get">GET</span></td><td><code>/transactions</code></td><td>✓</td><td>Any</td><td>Transaction list (paginated)</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/create</code></td><td>✓</td><td>Any</td><td>Create PayPal order</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/capture</code></td><td>✓</td><td>Any</td><td>Capture approved order</td></tr>
+  <tr><td><span class="badge b-get">GET</span></td><td><code>/payment/status</code></td><td>✓</td><td>Any</td><td>Order status from PayPal</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/payment/refund</code></td><td>✓</td><td>Any</td><td>Refund a capture</td></tr>
+  <tr><td><span class="badge b-get">GET</span></td><td><code>/payment/list</code></td><td>✓</td><td>Any</td><td>List transactions</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/token</code></td><td>✓</td><td>Any</td><td>Create email auth token for user</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/auth/token/verify</code></td><td>✓</td><td>Any</td><td>Verify email auth token</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/security/check-ip</code></td><td>✓</td><td>Pro+</td><td>IP reputation (IPQS on Pro)</td></tr>
+  <tr><td><span class="badge b-post">POST</span></td><td><code>/security/check-email</code></td><td>✓</td><td>Any</td><td>Disposable email check</td></tr>
+</table>
+<!-- ERRORS -->
+<h2 id="errors">Errors & Codes</h2>
+<p>All errors throw a <code>ShieldPayError</code> with <code>.message</code>, <code>.code</code>, and <code>.status</code>.</p>
+<pre><span class="kw">import</span> { ShieldPay, ShieldPayError } <span class="kw">from</span> <span class="st">'shieldpay-sdk'</span>
+<span class="kw">try</span> {
+  <span class="kw">const</span> order = <span class="kw">await</span> sp.payment.create({ amount: <span class="nm">-1</span> })
+} <span class="kw">catch</span> (e) {
+  <span class="kw">if</span> (e <span class="kw">instanceof</span> ShieldPayError) {
+    console.error(e.message) <span class="cm">// "Invalid amount"</span>
+    console.error(e.code)    <span class="cm">// "INVALID_AMOUNT"</span>
+    console.error(e.status)  <span class="cm">// 400</span>
+  }
+}</pre>
+<table>
+  <tr><th>HTTP</th><th>Code</th><th>Meaning</th></tr>
+  <tr><td><code>400</code></td><td><code>INVALID_*</code></td><td>Bad request / missing or invalid parameters</td></tr>
+  <tr><td><code>401</code></td><td><code>INVALID_KEY</code></td><td>API key missing, invalid, or revoked</td></tr>
+  <tr><td><code>403</code></td><td><code>BLOCKED</code></td><td>Spam/VPN/rate limit blocked</td></tr>
+  <tr><td><code>404</code></td><td><code>NOT_FOUND</code></td><td>Endpoint or resource not found</td></tr>
+  <tr><td><code>409</code></td><td><code>CONFLICT</code></td><td>Email already registered</td></tr>
+  <tr><td><code>410</code></td><td><code>TOKEN_EXPIRED</code></td><td>Token expired or already used</td></tr>
+  <tr><td><code>429</code></td><td><code>RATE_LIMITED</code></td><td>Rate limit exceeded — check <code>Retry-After</code> header</td></tr>
+  <tr><td><code>502</code></td><td><code>UPSTREAM_ERROR</code></td><td>PayPal API error</td></tr>
+  <tr><td><code>TIMEOUT</code></td><td><code>TIMEOUT</code></td><td>Request timed out (default: 15s)</td></tr>
+  <tr><td><code>NETWORK</code></td><td><code>NETWORK_ERROR</code></td><td>Network unreachable</td></tr>
+</table>
+<!-- RATE LIMITS -->
+<h2 id="ratelimits">Rate Limits</h2>
+<table>
+  <tr><th>Scope</th><th>Limit</th><th>Window</th></tr>
+  <tr><td>API calls per key</td><td>1,000</td><td>1 hour (sliding)</td></tr>
+  <tr><td>Registrations per IP</td><td>5</td><td>1 hour</td></tr>
+  <tr><td>Login attempts per IP</td><td>10</td><td>15 minutes</td></tr>
+  <tr><td>Admin login per IP</td><td>5</td><td>15 minutes</td></tr>
+</table>
+<p>Rate limit headers are included on every response:</p>
+<pre>X-RateLimit-Limit: 1000
+X-RateLimit-Remaining: 994
+Retry-After: 3142    <span class="cm"># seconds until reset (only on 429)</span></pre>
+<!-- PLANS -->
+<h2 id="plans">Free vs Pro</h2>
+<div class="plan-grid">
+  <div class="plan-box">
+    <h4>Free — 0 CHF/mo</h4>
+    <ul>
+      <li><span class="ck">✓</span> Full API access</li>
+      <li><span class="ck">✓</span> PayPal payments</li>
+      <li><span class="ck">✓</span> Basic anti-spam</li>
+      <li><span class="ck">✓</span> Email token auth</li>
+      <li><span class="ck">✓</span> 1,000 req/hour</li>
+      <li style="color:var(--danger)"><span class="cx">✗</span> <strong>2% fee per transaction</strong></li>
+      <li style="color:var(--danger)"><span class="cx">✗</span> VPN/IPQS blocking</li>
+      <li style="color:var(--danger)"><span class="cx">✗</span> Auto-fallback</li>
+    </ul>
+  </div>
+  <div class="plan-box pro">
+    <h4>Pro — 1 CHF/mo</h4>
+    <ul>
+      <li><span class="ck">✓</span> Everything in Free</li>
+      <li><span class="ck">✓</span> <strong>0% transaction fee</strong></li>
+      <li><span class="ck">✓</span> Real-time IPQS VPN/Tor detection</li>
+      <li><span class="ck">✓</span> ASN datacenter blocking</li>
+      <li><span class="ck">✓</span> Automatic payment fallback</li>
+      <li><span class="ck">✓</span> Retry queue (5min → 15min → 1h)</li>
+      <li><span class="ck">✓</span> Email alert on fallback</li>
+    </ul>
+  </div>
+</div>
+<!-- FEE CALCULATION -->
+<h2 id="fees">Fee Calculation</h2>
+<table>
+  <tr><th>Plan</th><th>Amount</th><th>Fee</th><th>Net to you</th></tr>
+  <tr><td>Free</td><td>100.00 CHF</td><td style="color:var(--warn)">2.00 CHF</td><td>98.00 CHF</td></tr>
+  <tr><td>Free</td><td>49.99 CHF</td><td style="color:var(--warn)">1.00 CHF</td><td>48.99 CHF</td></tr>
+  <tr><td>Pro</td><td>100.00 CHF</td><td style="color:var(--accent2)">0.00 CHF</td><td>100.00 CHF</td></tr>
+  <tr><td>Pro</td><td>1,000.00 CHF</td><td style="color:var(--accent2)">0.00 CHF</td><td>1,000.00 CHF</td></tr>
+</table>
+<p>The fee is calculated server-side and visible in the <code>payment.create()</code> response as <code>fee</code> and <code>net_amount</code>.</p>
+<!-- WEBHOOKS -->
+<h2 id="webhooks">PayPal Webhooks</h2>
+<p>Register this URL in your PayPal Developer Dashboard → your app → Webhooks:</p>
+<pre>https://hnow.info/api/webhook/paypal.php</pre>
+<p>Required events: <code>PAYMENT.CAPTURE.COMPLETED</code>, <code>PAYMENT.CAPTURE.DENIED</code>, <code>PAYMENT.SALE.REFUNDED</code></p>
+<p>ShieldPay verifies the PayPal webhook signature automatically on live mode.</p>
+<!-- FALLBACK -->
+<h2 id="fallback">Auto-Fallback (Pro)</h2>
+<p>When a payment capture fails on a Pro account, ShieldPay automatically:</p>
+<ol style="color:var(--muted);font-size:.9rem;padding-left:1.5rem;line-height:2.2">
+  <li>Logs a fallback event with <code>status: pending</code></li>
+  <li>Sends an email alert to the account's registered email</li>
+  <li>Enqueues a retry via Cloudflare Queues (after 5 minutes)</li>
+  <li>Retries up to 3 times (5min → 15min → 1 hour)</li>
+  <li>Admin can view and resolve fallbacks at <code>/admin.php?page=fallbacks</code></li>
+</ol>
+<p>Fallback is <strong>not available on the Free plan</strong>. Failed payments on Free simply return an error.</p>
+</main>
+</body>
+</html>

package/index.js ADDED Viewed

@@ -0,0 +1,322 @@
+/**
+ * shieldpay-sdk v2.0.0
+ * Official SDK for the ShieldPay API
+ *
+ * Install:  npm install shieldpay-sdk
+ * Docs:     https://hnow.info/SDK/docs/
+ *
+ * Usage:
+ *   import { ShieldPay } from 'shieldpay-sdk'
+ *   const sp = new ShieldPay({ apiKey: 'sk_live_xxx' })
+ *   // SDK calls: https://hnow.info/api/worker=sk_live_xxx/{endpoint}
+ */
+const SDK_VERSION  = '2.0.0'
+const DEFAULT_BASE = 'https://hnow.info'
+// ─── Main class ───────────────────────────────────────────────────────────────
+export class ShieldPay {
+  #apiKey
+  #baseUrl
+  #timeout
+  /**
+   * @param {{ apiKey: string, baseUrl?: string, timeout?: number }} options
+   */
+  constructor({ apiKey, baseUrl = DEFAULT_BASE, timeout = 15000 } = {}) {
+    if (!apiKey)               throw new ShieldPayError('apiKey is required', 'MISSING_KEY')
+    if (!apiKey.startsWith('sk_live_') && !apiKey.startsWith('sk_test_'))
+      throw new ShieldPayError('Invalid API key format. Expected sk_live_... or sk_test_...', 'INVALID_KEY')
+    this.#apiKey  = apiKey
+    this.#baseUrl = baseUrl.replace(/\/$/, '')
+    this.#timeout = timeout
+    // Bound modules
+    this.payment  = new PaymentModule(this)
+    this.auth     = new AuthModule(this)
+    this.security = new SecurityModule(this)
+    this.account  = new AccountModule(this)
+  }
+  /**
+   * Get the full API endpoint URL for a path.
+   * Format: https://hnow.info/api/worker={KEY}/{path}
+   */
+  endpoint(path = '') {
+    return `${this.#baseUrl}/api/worker=${encodeURIComponent(this.#apiKey)}${path}`
+  }
+  /**
+   * Internal HTTP client.
+   * @param {string} path  - API path (e.g. '/payment/create')
+   * @param {RequestInit} options
+   * @returns {Promise<any>}
+   */
+  async _request(path, options = {}) {
+    const url = this.endpoint(path)
+    const controller = new AbortController()
+    const timer = setTimeout(() => controller.abort(), this.#timeout)
+    let response
+    try {
+      response = await fetch(url, {
+        ...options,
+        headers: {
+          'Content-Type':   'application/json',
+          'X-SDK-Version':  `shieldpay-sdk/${SDK_VERSION}`,
+          ...(options.headers || {}),
+        },
+        signal: controller.signal,
+      })
+    } catch (e) {
+      if (e.name === 'AbortError') throw new ShieldPayError('Request timed out', 'TIMEOUT')
+      throw new ShieldPayError(`Network error: ${e.message}`, 'NETWORK_ERROR')
+    } finally {
+      clearTimeout(timer)
+    }
+    const data = await response.json().catch(() => ({ ok: false, error: 'Invalid JSON response' }))
+    if (!response.ok || !data.ok) {
+      throw new ShieldPayError(
+        data.error || `HTTP ${response.status}`,
+        data.code  || `HTTP_${response.status}`,
+        response.status,
+        data
+      )
+    }
+    return data
+  }
+}
+// ─── Payment Module ───────────────────────────────────────────────────────────
+class PaymentModule {
+  constructor(sp) { this._sp = sp }
+  /**
+   * Create a PayPal payment order.
+   * On Free plan: 2% fee is applied. On Pro: 0% fee.
+   *
+   * @param {object} params
+   * @param {number}  params.amount       - Amount to charge
+   * @param {string}  [params.currency]   - ISO currency code (default: CHF)
+   * @param {string}  [params.description]- Order description
+   * @param {string}  [params.return_url] - URL after successful PayPal payment
+   * @param {string}  [params.cancel_url] - URL if user cancels PayPal
+   *
+   * @returns {Promise<{order_id, approve_url, amount, fee, net_amount, currency, plan, fee_note}>}
+   *
+   * @example
+   * const order = await sp.payment.create({ amount: 49.99, currency: 'CHF' })
+   * window.location.href = order.approve_url // redirect to PayPal
+   */
+  async create({ amount, currency = 'CHF', description, return_url, cancel_url } = {}) {
+    if (!amount || isNaN(+amount) || +amount <= 0) throw new ShieldPayError('amount must be a positive number', 'INVALID_AMOUNT')
+    return this._sp._request('/payment/create', {
+      method: 'POST',
+      body:   JSON.stringify({ amount: +amount, currency, description, return_url, cancel_url }),
+    })
+  }
+  /**
+   * Capture an approved PayPal order.
+   * Call this after PayPal redirects back to your return_url.
+   *
+   * @param {string} orderId - PayPal order ID from create()
+   * @returns {Promise<{captured, order_id, status, amount, payer}>}
+   */
+  async capture(orderId) {
+    if (!orderId) throw new ShieldPayError('orderId is required', 'MISSING_PARAM')
+    return this._sp._request('/payment/capture', {
+      method: 'POST',
+      body:   JSON.stringify({ order_id: orderId }),
+    })
+  }
+  /**
+   * Get the current status of a PayPal order.
+   * @param {string} orderId
+   * @returns {Promise<{order_id, status, amount, created, updated}>}
+   */
+  async status(orderId) {
+    if (!orderId) throw new ShieldPayError('orderId is required', 'MISSING_PARAM')
+    return this._sp._request(`/payment/status?order_id=${encodeURIComponent(orderId)}`)
+  }
+  /**
+   * Refund a captured payment.
+   * @param {string} captureId  - PayPal capture ID
+   * @param {number} [amount]   - Partial refund amount (omit for full refund)
+   * @param {string} [note]     - Note to customer
+   */
+  async refund(captureId, amount, note) {
+    if (!captureId) throw new ShieldPayError('captureId is required', 'MISSING_PARAM')
+    return this._sp._request('/payment/refund', {
+      method: 'POST',
+      body:   JSON.stringify({ capture_id: captureId, amount, note }),
+    })
+  }
+  /**
+   * List recent transactions.
+   * @param {{ limit?: number, status?: string }} options
+   */
+  async list({ limit = 20, status } = {}) {
+    const params = new URLSearchParams({ limit: String(limit) })
+    if (status) params.set('status', status)
+    return this._sp._request(`/payment/list?${params}`)
+  }
+}
+// ─── Auth Module ──────────────────────────────────────────────────────────────
+class AuthModule {
+  constructor(sp) { this._sp = sp }
+  /**
+   * Create a passwordless email login token for one of your end users.
+   * Token expires in 15 minutes.
+   *
+   * @param {string} email - The user's email address
+   * @returns {Promise<{token, expires_at}>}
+   */
+  async createToken(email) {
+    if (!email) throw new ShieldPayError('email is required', 'MISSING_PARAM')
+    return this._sp._request('/auth/token', {
+      method: 'POST',
+      body:   JSON.stringify({ email }),
+    })
+  }
+  /**
+   * Verify a token your user received by email.
+   * Tokens are single-use and expire after 15 minutes.
+   *
+   * @param {string} token
+   * @returns {Promise<{verified, email}>}
+   */
+  async verifyToken(token) {
+    if (!token) throw new ShieldPayError('token is required', 'MISSING_PARAM')
+    return this._sp._request('/auth/token/verify', {
+      method: 'POST',
+      body:   JSON.stringify({ token }),
+    })
+  }
+}
+// ─── Security Module ──────────────────────────────────────────────────────────
+class SecurityModule {
+  constructor(sp) { this._sp = sp }
+  /**
+   * Check if an IP is blocked (VPN, Tor, datacenter, fraud score).
+   * Pro plan uses real-time IPQS reputation check.
+   *
+   * @param {string} ip - IPv4 or IPv6 address
+   * @returns {Promise<{blocked, reason, country, score?}>}
+   */
+  async checkIp(ip) {
+    if (!ip) throw new ShieldPayError('ip is required', 'MISSING_PARAM')
+    return this._sp._request('/security/check-ip', {
+      method: 'POST',
+      body:   JSON.stringify({ ip }),
+    })
+  }
+  /**
+   * Check if an email is disposable or blocked.
+   *
+   * @param {string} email
+   * @returns {Promise<{blocked, reason}>}
+   */
+  async checkEmail(email) {
+    if (!email) throw new ShieldPayError('email is required', 'MISSING_PARAM')
+    return this._sp._request('/security/check-email', {
+      method: 'POST',
+      body:   JSON.stringify({ email }),
+    })
+  }
+}
+// ─── Account Module ───────────────────────────────────────────────────────────
+class AccountModule {
+  constructor(sp) { this._sp = sp }
+  /** Get your account info and plan. */
+  async me() {
+    return this._sp._request('/me')
+  }
+  /** List all transactions. */
+  async transactions(options = {}) {
+    return this._sp._request('/transactions', { method: 'GET' })
+  }
+  /** Health check — verify the API is reachable. */
+  async health() {
+    const res = await fetch(`${this._sp.endpoint('')}health`)
+    return res.json()
+  }
+}
+// ─── Static registration (no instance needed) ─────────────────────────────────
+ShieldPay.register = async function(params, baseUrl = DEFAULT_BASE) {
+  const { company, email, password } = params
+  if (!company || !email || !password) throw new ShieldPayError('company, email and password are required', 'MISSING_PARAMS')
+  const url = `${baseUrl}/api/auth/register`
+  const res = await fetch(url, {
+    method:  'POST',
+    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-sdk/${SDK_VERSION}` },
+    body:    JSON.stringify({ company, email, password }),
+  })
+  const data = await res.json()
+  if (!data.ok) throw new ShieldPayError(data.error, data.code, res.status)
+  return data
+}
+ShieldPay.verifyEmail = async function(token, baseUrl = DEFAULT_BASE) {
+  const url = `${baseUrl}/api/auth/verify`
+  const res = await fetch(url, {
+    method:  'POST',
+    headers: { 'Content-Type': 'application/json', 'X-SDK-Version': `shieldpay-sdk/${SDK_VERSION}` },
+    body:    JSON.stringify({ token }),
+  })
+  const data = await res.json()
+  if (!data.ok) throw new ShieldPayError(data.error, data.code, res.status)
+  return data // { api_key, api_endpoint, message }
+}
+// ─── Error Class ──────────────────────────────────────────────────────────────
+export class ShieldPayError extends Error {
+  /**
+   * @param {string} message
+   * @param {string} [code]    - Machine-readable error code
+   * @param {number} [status]  - HTTP status code
+   * @param {object} [raw]     - Full raw API response
+   */
+  constructor(message, code = 'UNKNOWN', status, raw) {
+    super(message)
+    this.name   = 'ShieldPayError'
+    this.code   = code
+    this.status = status
+    this.raw    = raw
+  }
+}
+// ─── CommonJS compatibility ───────────────────────────────────────────────────
+if (typeof module !== 'undefined' && module.exports) {
+  module.exports = { ShieldPay, ShieldPayError }
+  module.exports.default = ShieldPay
+}
+export default ShieldPay

package/package.json ADDED Viewed

@@ -0,0 +1,28 @@
+{
+  "name": "shieldpay-api-sdkjs",
+  "version": "2.0.0",
+  "description": "FIXLE SDK for the ShieldPay API — payments, anti-spam, VPN blocking and email auth",
+  "main": "index.js",
+  "module": "index.js",
+  "exports": {
+    ".": {
+      "import": "./index.js",
+      "require": "./index.js"
+    }
+  },
+  "type": "module",
+  "scripts": {
+    "test": "node test.js"
+  },
+  "keywords": ["paypal", "payments", "anti-spam", "vpn-detection", "cloudflare-workers", "shieldpay"],
+  "author": "Fixle",
+  "license": "MIT",
+  "homepage": "https://fixle.ch/shieldpay/SDK/docs/",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/FixleCH/shieldpay-sdk"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}