stripe 11.7.0 → 11.8.0

package/CHANGELOG.md

@@ -1,5 +1,11 @@
 # Changelog
 
+## 11.8.0 - 2023-01-26
+* [#1665](https://github.com/stripe/stripe-node/pull/1665) API Updates
+  * Add support for new value `BE` on enums `Checkout.Session.payment_method_options.customer_balance.bank_transfer.eu_bank_transfer.country`, `Invoice.payment_settings.payment_method_options.customer_balance.bank_transfer.eu_bank_transfer.country`, `PaymentIntent.payment_method_options.customer_balance.bank_transfer.eu_bank_transfer.country`, and `Subscription.payment_settings.payment_method_options.customer_balance.bank_transfer.eu_bank_transfer.country`
+  * Add support for new values `cs-CZ`, `el-GR`, `en-CZ`, and `en-GR` on enums `PaymentIntentConfirmParams.payment_method_options.klarna.preferred_locale`, `PaymentIntentCreateParams.payment_method_options.klarna.preferred_locale`, and `PaymentIntentUpdateParams.payment_method_options.klarna.preferred_locale`
+* [#1660](https://github.com/stripe/stripe-node/pull/1660) Introduce separate entry point for worker environments
+
 ## 11.7.0 - 2023-01-19
 * [#1661](https://github.com/stripe/stripe-node/pull/1661) API Updates
   * Add support for `verification_session` on `EphemeralKeyCreateParams`

package/VERSION

@@ -1 +1 @@
-11.7.0
+11.8.0

package/lib/RequestSender.js

@@ -1,6 +1,6 @@
 "use strict";
-const utils = require("./utils");
 const _Error = require("./Error");
+const utils = require("./utils");
 const { StripeAPIError, StripeAuthenticationError, StripeConnectionError, StripeError, StripePermissionError, StripeRateLimitError, } = _Error;
 const { HttpClient } = require('./net/HttpClient');
 const MAX_RETRY_AFTER_WAIT = 60;
@@ -196,7 +196,7 @@ class RequestSender {
         // If this is a POST and we allow multiple retries, ensure an idempotency key.
         const maxRetries = this._getMaxNetworkRetries(settings);
         if (method === 'POST' && maxRetries > 0) {
-            return `stripe-node-retry-${utils.uuid4()}`;
+            return `stripe-node-retry-${this._stripe._platformFunctions.uuid4()}`;
         }
         return null;
     }

package/lib/Webhooks.js

@@ -1,5 +1,4 @@
 "use strict";
-const utils = require("./utils");
 const _Error = require("./Error");
 const { StripeError, StripeSignatureVerificationError } = _Error;
 const Webhook = {
@@ -40,7 +39,7 @@ const Webhook = {
         opts.timestamp =
             Math.floor(opts.timestamp) || Math.floor(Date.now() / 1000);
         opts.scheme = opts.scheme || signature.EXPECTED_SCHEME;
-        opts.cryptoProvider = opts.cryptoProvider || getNodeCryptoProvider();
+        opts.cryptoProvider = opts.cryptoProvider || getCryptoProvider();
         opts.signature =
             opts.signature ||
                 opts.cryptoProvider.computeHMACSignature(opts.timestamp + '.' + opts.payload, opts.secret);
@@ -50,19 +49,21 @@ const Webhook = {
         ].join(',');
         return generatedHeader;
     },
+    _createCryptoProvider: () => null,
+    _platformFunctions: null,
 };
 const signature = {
     EXPECTED_SCHEME: 'v1',
     verifyHeader(encodedPayload, encodedHeader, secret, tolerance, cryptoProvider) {
         const { decodedHeader: header, decodedPayload: payload, details, } = parseEventDetails(encodedPayload, encodedHeader, this.EXPECTED_SCHEME);
-        cryptoProvider = cryptoProvider || getNodeCryptoProvider();
+        cryptoProvider = cryptoProvider || getCryptoProvider();
         const expectedSignature = cryptoProvider.computeHMACSignature(makeHMACContent(payload, details), secret);
         validateComputedSignature(payload, header, details, expectedSignature, tolerance);
         return true;
     },
     async verifyHeaderAsync(encodedPayload, encodedHeader, secret, tolerance, cryptoProvider) {
         const { decodedHeader: header, decodedPayload: payload, details, } = parseEventDetails(encodedPayload, encodedHeader, this.EXPECTED_SCHEME);
-        cryptoProvider = cryptoProvider || getNodeCryptoProvider();
+        cryptoProvider = cryptoProvider || getCryptoProvider();
         const expectedSignature = await cryptoProvider.computeHMACSignatureAsync(makeHMACContent(payload, details), secret);
         return validateComputedSignature(payload, header, details, expectedSignature, tolerance);
     },
@@ -103,9 +104,7 @@ function parseEventDetails(encodedPayload, encodedHeader, expectedScheme) {
     };
 }
 function validateComputedSignature(payload, header, details, expectedSignature, tolerance) {
-    const signatureFound = !!details.signatures.filter(
-    // @ts-ignore
-    utils.secureCompare.bind(utils, expectedSignature)).length;
+    const signatureFound = !!details.signatures.filter(Webhook._platformFunctions.secureCompare.bind(Webhook._platformFunctions, expectedSignature)).length;
     if (!signatureFound) {
         // @ts-ignore
         throw new StripeSignatureVerificationError(header, payload, {
@@ -141,17 +140,16 @@ function parseHeader(header, scheme) {
         signatures: [],
     });
 }
-let webhooksNodeCryptoProviderInstance = null;
+let webhooksCryptoProviderInstance = null;
 /**
- * Lazily instantiate a NodeCryptoProvider instance. This is a stateless object
+ * Lazily instantiate a CryptoProvider instance. This is a stateless object
  * so a singleton can be used here.
  */
-function getNodeCryptoProvider() {
-    if (!webhooksNodeCryptoProviderInstance) {
-        const NodeCryptoProvider = require('./crypto/NodeCryptoProvider');
-        webhooksNodeCryptoProviderInstance = new NodeCryptoProvider();
+function getCryptoProvider() {
+    if (!webhooksCryptoProviderInstance) {
+        webhooksCryptoProviderInstance = Webhook._createCryptoProvider();
     }
-    return webhooksNodeCryptoProviderInstance;
+    return webhooksCryptoProviderInstance;
 }
 Webhook.signature = signature;
 module.exports = Webhook;

package/lib/platform/DefaultPlatformFunctions.js

@@ -0,0 +1,39 @@
+"use strict";
+/**
+ * Interface encapsulating various utility functions whose
+ * implementations depend on the platform / JS runtime.
+ */
+class DefaultPlatformFunctions {
+    /**
+     * Gets uname with Node's built-in `exec` function, if available.
+     */
+    getUname() {
+        return Promise.resolve(null);
+    }
+    /**
+     * Generates a v4 UUID. See https://stackoverflow.com/a/2117523
+     */
+    uuid4() {
+        return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+            const r = (Math.random() * 16) | 0;
+            const v = c === 'x' ? r : (r & 0x3) | 0x8;
+            return v.toString(16);
+        });
+    }
+    /**
+     * Compares strings in constant time.
+     */
+    secureCompare(a, b) {
+        // return early here if buffer lengths are not equal
+        if (a.length !== b.length) {
+            return false;
+        }
+        const len = a.length;
+        let result = 0;
+        for (let i = 0; i < len; ++i) {
+            result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+        }
+        return result === 0;
+    }
+}
+module.exports = DefaultPlatformFunctions;

package/lib/platform/NodePlatformFunctions.js

@@ -0,0 +1,72 @@
+"use strict";
+const crypto = require("crypto");
+const DefaultPlatformFunctions = require("./DefaultPlatformFunctions");
+/**
+ * Specializes DefaultPlatformFunctions using APIs available in Node.js.
+ */
+class NodePlatformFunctions extends DefaultPlatformFunctions {
+    constructor() {
+        super();
+        this._exec = require('child_process').exec;
+        this._UNAME_CACHE = null;
+    }
+    /** @override */
+    uuid4() {
+        // available in: v14.17.x+
+        if (crypto.randomUUID) {
+            return crypto.randomUUID();
+        }
+        return super.uuid4();
+    }
+    /**
+     * @override
+     * Node's built in `exec` function sometimes throws outright,
+     * and sometimes has a callback with an error,
+     * depending on the type of error.
+     *
+     * This unifies that interface by resolving with a null uname
+     * if an error is encountered.
+     */
+    getUname() {
+        if (!this._UNAME_CACHE) {
+            this._UNAME_CACHE = new Promise((resolve, reject) => {
+                try {
+                    this._exec('uname -a', (err, uname) => {
+                        if (err) {
+                            return resolve(null);
+                        }
+                        resolve(uname);
+                    });
+                }
+                catch (e) {
+                    resolve(null);
+                }
+            });
+        }
+        return this._UNAME_CACHE;
+    }
+    /**
+     * @override
+     * Secure compare, from https://github.com/freewil/scmp
+     */
+    secureCompare(a, b) {
+        if (!a || !b) {
+            throw new Error('secureCompare must receive two arguments');
+        }
+        // return early here if buffer lengths are not equal since timingSafeEqual
+        // will throw if buffer lengths are not equal
+        if (a.length !== b.length) {
+            return false;
+        }
+        // use crypto.timingSafeEqual if available (since Node.js v6.6.0),
+        // otherwise use our own scmp-internal function.
+        if (crypto.timingSafeEqual) {
+            const textEncoder = new TextEncoder();
+            const aEncoded = textEncoder.encode(a);
+            const bEncoded = textEncoder.encode(b);
+            return crypto.timingSafeEqual(aEncoded, bEncoded);
+        }
+        return super.secureCompare(a, b);
+    }
+}
+module.exports = NodePlatformFunctions;

package/lib/stripe.common.js

@@ -0,0 +1,354 @@
+"use strict";
+const _Error = require("./Error");
+const resources = require("./resources");
+const DEFAULT_HOST = 'api.stripe.com';
+const DEFAULT_PORT = '443';
+const DEFAULT_BASE_PATH = '/v1/';
+const DEFAULT_API_VERSION = null;
+const DEFAULT_TIMEOUT = 80000;
+Stripe.PACKAGE_VERSION = require('../package.json').version;
+const utils = require("./utils");
+const { determineProcessUserAgentProperties } = utils;
+Stripe.USER_AGENT = Object.assign({ bindings_version: Stripe.PACKAGE_VERSION, lang: 'node', publisher: 'stripe', uname: null, typescript: false }, determineProcessUserAgentProperties());
+const MAX_NETWORK_RETRY_DELAY_SEC = 2;
+const INITIAL_NETWORK_RETRY_DELAY_SEC = 0.5;
+const APP_INFO_PROPERTIES = ['name', 'version', 'url', 'partner_id'];
+const ALLOWED_CONFIG_PROPERTIES = [
+    'apiVersion',
+    'typescript',
+    'maxNetworkRetries',
+    'httpAgent',
+    'httpClient',
+    'timeout',
+    'host',
+    'port',
+    'protocol',
+    'telemetry',
+    'appInfo',
+    'stripeAccount',
+];
+const StripeResource = require("./StripeResource");
+const RequestSender = require("./RequestSender");
+Stripe.StripeResource = StripeResource;
+Stripe.resources = resources;
+const HttpClient = require("./net/HttpClient");
+Stripe.HttpClient = HttpClient.HttpClient;
+Stripe.HttpClientResponse = HttpClient.HttpClientResponse;
+const CryptoProvider = require("./crypto/CryptoProvider");
+const EventEmitter = require("events");
+Stripe.CryptoProvider = CryptoProvider;
+const DefaultPlatformFunctions = require("./platform/DefaultPlatformFunctions");
+Stripe._platformFunctions = new DefaultPlatformFunctions();
+function Stripe(key, config = {}) {
+    if (!(this instanceof Stripe)) {
+        return new Stripe(key, config);
+    }
+    const props = this._getPropsFromConfig(config);
+    Object.defineProperty(this, '_emitter', {
+        value: new EventEmitter(),
+        enumerable: false,
+        configurable: false,
+        writable: false,
+    });
+    this.VERSION = Stripe.PACKAGE_VERSION;
+    this.on = this._emitter.on.bind(this._emitter);
+    this.once = this._emitter.once.bind(this._emitter);
+    this.off = this._emitter.removeListener.bind(this._emitter);
+    if (props.protocol &&
+        props.protocol !== 'https' &&
+        (!props.host || /\.stripe\.com$/.test(props.host))) {
+        throw new Error('The `https` protocol must be used when sending requests to `*.stripe.com`');
+    }
+    const agent = props.httpAgent || null;
+    this._api = {
+        auth: null,
+        host: props.host || DEFAULT_HOST,
+        port: props.port || DEFAULT_PORT,
+        protocol: props.protocol || 'https',
+        basePath: DEFAULT_BASE_PATH,
+        version: props.apiVersion || DEFAULT_API_VERSION,
+        timeout: utils.validateInteger('timeout', props.timeout, DEFAULT_TIMEOUT),
+        maxNetworkRetries: utils.validateInteger('maxNetworkRetries', props.maxNetworkRetries, 0),
+        agent: agent,
+        httpClient: props.httpClient || Stripe.createHttpClient(agent),
+        dev: false,
+        stripeAccount: props.stripeAccount || null,
+    };
+    const typescript = props.typescript || false;
+    if (typescript !== Stripe.USER_AGENT.typescript) {
+        // The mutation here is uncomfortable, but likely fastest;
+        // serializing the user agent involves shelling out to the system,
+        // and given some users may instantiate the library many times without switching between TS and non-TS,
+        // we only want to incur the performance hit when that actually happens.
+        Stripe.USER_AGENT.typescript = typescript;
+    }
+    if (props.appInfo) {
+        this._setAppInfo(props.appInfo);
+    }
+    this._prepResources();
+    this._setApiKey(key);
+    this.errors = _Error;
+    this.webhooks = require('./Webhooks');
+    this.webhooks._platformFunctions = Stripe._platformFunctions;
+    this._prevRequestMetrics = [];
+    this._enableTelemetry = props.telemetry !== false;
+    this._requestSender = new RequestSender(this, Stripe.StripeResource.MAX_BUFFERED_REQUEST_METRICS);
+    // Expose StripeResource on the instance too
+    // @ts-ignore
+    this.StripeResource = Stripe.StripeResource;
+    this._platformFunctions = Stripe._platformFunctions;
+}
+Stripe.errors = _Error;
+Stripe.webhooks = require('./Webhooks');
+// @ts-ignore
+Stripe.createHttpClient = null;
+Stripe.createNodeHttpClient = (agent) => {
+    throw new Error('Stripe: createNodeHttpClient() is not available in non-Node environments. When instantiating the Stripe client, please set the `httpClient` configuration option to `Stripe.createFetchHttpClient()`, or to your own implementation of `HttpClient`.');
+};
+/**
+ * Creates an HTTP client for issuing Stripe API requests which uses the Web
+ * Fetch API.
+ *
+ * A fetch function can optionally be passed in as a parameter. If none is
+ * passed, will default to the default `fetch` function in the global scope.
+ */
+Stripe.createFetchHttpClient = (fetchFn) => {
+    const { FetchHttpClient } = require('./net/FetchHttpClient');
+    return new FetchHttpClient(fetchFn);
+};
+/**
+ * Create a CryptoProvider which uses the built-in Node crypto libraries for
+ * its crypto operations.
+ */
+Stripe.createNodeCryptoProvider = () => {
+    throw new Error('Stripe: `createNodeCryptoProvider()` is not available in non-Node environments. Please use `createSubtleCryptoProvider()` instead.');
+};
+/**
+ * Creates a CryptoProvider which uses the Subtle Crypto API from the Web
+ * Crypto API spec for its crypto operations.
+ *
+ * A SubtleCrypto interface can optionally be passed in as a parameter. If none
+ * is passed, will default to the default `crypto.subtle` object in the global
+ * scope.
+ */
+Stripe.createSubtleCryptoProvider = (subtleCrypto) => {
+    const SubtleCryptoProvider = require('./crypto/SubtleCryptoProvider');
+    return new SubtleCryptoProvider(subtleCrypto);
+};
+Stripe.prototype = {
+    // Properties are set in the constructor above
+    _appInfo: undefined,
+    on: null,
+    off: null,
+    once: null,
+    VERSION: null,
+    StripeResource: null,
+    webhooks: null,
+    errors: null,
+    _api: null,
+    _prevRequestMetrics: null,
+    _emitter: null,
+    _enableTelemetry: null,
+    _requestSender: null,
+    _platformFunctions: null,
+    /**
+     * @private
+     */
+    _setApiKey(key) {
+        if (key) {
+            this._setApiField('auth', `Bearer ${key}`);
+        }
+    },
+    /**
+     * @private
+     * This may be removed in the future.
+     */
+    _setAppInfo(info) {
+        if (info && typeof info !== 'object') {
+            throw new Error('AppInfo must be an object.');
+        }
+        if (info && !info.name) {
+            throw new Error('AppInfo.name is required');
+        }
+        info = info || {};
+        this._appInfo = APP_INFO_PROPERTIES.reduce((accum, prop) => {
+            if (typeof info[prop] == 'string') {
+                accum = accum || {};
+                accum[prop] = info[prop];
+            }
+            return accum;
+        }, 
+        // @ts-ignore
+        undefined);
+    },
+    /**
+     * @private
+     * This may be removed in the future.
+     */
+    _setApiField(key, value) {
+        this._api[key] = value;
+    },
+    /**
+     * @private
+     * Please open or upvote an issue at github.com/stripe/stripe-node
+     * if you use this, detailing your use-case.
+     *
+     * It may be deprecated and removed in the future.
+     */
+    getApiField(key) {
+        return this._api[key];
+    },
+    setClientId(clientId) {
+        this._clientId = clientId;
+    },
+    getClientId() {
+        return this._clientId;
+    },
+    /**
+     * @private
+     * Please open or upvote an issue at github.com/stripe/stripe-node
+     * if you use this, detailing your use-case.
+     *
+     * It may be deprecated and removed in the future.
+     */
+    getConstant: (c) => {
+        switch (c) {
+            case 'DEFAULT_HOST':
+                return DEFAULT_HOST;
+            case 'DEFAULT_PORT':
+                return DEFAULT_PORT;
+            case 'DEFAULT_BASE_PATH':
+                return DEFAULT_BASE_PATH;
+            case 'DEFAULT_API_VERSION':
+                return DEFAULT_API_VERSION;
+            case 'DEFAULT_TIMEOUT':
+                return DEFAULT_TIMEOUT;
+            case 'MAX_NETWORK_RETRY_DELAY_SEC':
+                return MAX_NETWORK_RETRY_DELAY_SEC;
+            case 'INITIAL_NETWORK_RETRY_DELAY_SEC':
+                return INITIAL_NETWORK_RETRY_DELAY_SEC;
+        }
+        return Stripe[c];
+    },
+    getMaxNetworkRetries() {
+        return this.getApiField('maxNetworkRetries');
+    },
+    /**
+     * @private
+     * This may be removed in the future.
+     */
+    _setApiNumberField(prop, n, defaultVal) {
+        const val = utils.validateInteger(prop, n, defaultVal);
+        this._setApiField(prop, val);
+    },
+    getMaxNetworkRetryDelay() {
+        return MAX_NETWORK_RETRY_DELAY_SEC;
+    },
+    getInitialNetworkRetryDelay() {
+        return INITIAL_NETWORK_RETRY_DELAY_SEC;
+    },
+    /**
+     * @private
+     * Please open or upvote an issue at github.com/stripe/stripe-node
+     * if you use this, detailing your use-case.
+     *
+     * It may be deprecated and removed in the future.
+     *
+     * Gets a JSON version of a User-Agent and uses a cached version for a slight
+     * speed advantage.
+     */
+    getClientUserAgent(cb) {
+        return this.getClientUserAgentSeeded(Stripe.USER_AGENT, cb);
+    },
+    /**
+     * @private
+     * Please open or upvote an issue at github.com/stripe/stripe-node
+     * if you use this, detailing your use-case.
+     *
+     * It may be deprecated and removed in the future.
+     *
+     * Gets a JSON version of a User-Agent by encoding a seeded object and
+     * fetching a uname from the system.
+     */
+    getClientUserAgentSeeded(seed, cb) {
+        this._platformFunctions.getUname().then((uname) => {
+            var _a;
+            const userAgent = {};
+            for (const field in seed) {
+                userAgent[field] = encodeURIComponent((_a = seed[field]) !== null && _a !== void 0 ? _a : 'null');
+            }
+            // URI-encode in case there are unusual characters in the system's uname.
+            userAgent.uname = encodeURIComponent(uname || 'UNKNOWN');
+            const client = this.getApiField('httpClient');
+            if (client) {
+                userAgent.httplib = encodeURIComponent(client.getClientName());
+            }
+            if (this._appInfo) {
+                userAgent.application = this._appInfo;
+            }
+            cb(JSON.stringify(userAgent));
+        });
+    },
+    /**
+     * @private
+     * Please open or upvote an issue at github.com/stripe/stripe-node
+     * if you use this, detailing your use-case.
+     *
+     * It may be deprecated and removed in the future.
+     */
+    getAppInfoAsString() {
+        if (!this._appInfo) {
+            return '';
+        }
+        let formatted = this._appInfo.name;
+        if (this._appInfo.version) {
+            formatted += `/${this._appInfo.version}`;
+        }
+        if (this._appInfo.url) {
+            formatted += ` (${this._appInfo.url})`;
+        }
+        return formatted;
+    },
+    getTelemetryEnabled() {
+        return this._enableTelemetry;
+    },
+    /**
+     * @private
+     * This may be removed in the future.
+     */
+    _prepResources() {
+        for (const name in resources) {
+            // @ts-ignore
+            this[utils.pascalToCamelCase(name)] = new resources[name](this);
+        }
+    },
+    /**
+     * @private
+     * This may be removed in the future.
+     */
+    _getPropsFromConfig(config) {
+        // If config is null or undefined, just bail early with no props
+        if (!config) {
+            return {};
+        }
+        // config can be an object or a string
+        const isString = typeof config === 'string';
+        const isObject = config === Object(config) && !Array.isArray(config);
+        if (!isObject && !isString) {
+            throw new Error('Config must either be an object or a string');
+        }
+        // If config is a string, we assume the old behavior of passing in a string representation of the api version
+        if (isString) {
+            return {
+                apiVersion: config,
+            };
+        }
+        // If config is an object, we assume the new behavior and make sure it doesn't contain any unexpected values
+        const values = Object.keys(config).filter((value) => !ALLOWED_CONFIG_PROPERTIES.includes(value));
+        if (values.length > 0) {
+            throw new Error(`Config object may only contain the following: ${ALLOWED_CONFIG_PROPERTIES.join(', ')}`);
+        }
+        return config;
+    },
+};
+module.exports = Stripe;