swapped-commerce-sdk 1.0.0

package/src/utils/http.ts

@@ -0,0 +1,180 @@
+import type {
+  RequiredSwappedConfig,
+  ApiResponse,
+} from '../types/common'
+import {
+  SwappedError,
+  SwappedAuthenticationError,
+  SwappedValidationError,
+  SwappedRateLimitError,
+  SwappedNotFoundError,
+} from './errors'
+import { withRetry } from './retry'
+
+/**
+ * HTTP method types
+ */
+export type HttpMethod = 'GET' | 'POST' | 'PUT' | 'DELETE'
+
+/**
+ * Base URL for Swapped Commerce API
+ */
+const BASE_URL = 'https://pay-api.swapped.com'
+
+/**
+ * Pure function for building URL with query parameters
+ */
+export function buildUrl(
+  baseUrl: string,
+  path: string,
+  params?: Readonly<Record<string, unknown>>
+): string {
+  const url = new URL(path, baseUrl)
+
+  if (params) {
+    for (const [key, value] of Object.entries(params)) {
+      if (value !== undefined && value !== null) {
+        url.searchParams.append(key, String(value))
+      }
+    }
+  }
+
+  return url.toString()
+}
+
+/**
+ * Pure function for creating request configuration
+ */
+export function createRequestConfig(
+  config: RequiredSwappedConfig,
+  method: HttpMethod,
+  path: string,
+  body?: unknown
+): RequestInit {
+  const headers: Record<string, string> = {
+    'X-API-Key': config.apiKey,
+    'Content-Type': 'application/json',
+    'Accept': 'application/json',
+  }
+
+  const requestInit: RequestInit = {
+    method,
+    headers,
+  }
+
+  if (body !== undefined) {
+    requestInit.body = JSON.stringify(body)
+  }
+
+  return requestInit
+}
+
+/**
+ * Pure function for handling error responses
+ */
+async function handleErrorResponse(
+  response: Response
+): Promise<SwappedError> {
+  let errorData: {
+    message?: string
+    code?: string
+    details?: Readonly<Record<string, unknown>>
+  } = {}
+
+  try {
+    const text = await response.text()
+    if (text) {
+      errorData = JSON.parse(text) as typeof errorData
+    }
+  } catch {
+    // If parsing fails, use empty object
+  }
+
+  const message = errorData.message ?? response.statusText
+
+  switch (response.status) {
+    case 401:
+      return new SwappedAuthenticationError(message)
+    case 400:
+      return new SwappedValidationError(message, errorData.details)
+    case 404:
+      return new SwappedNotFoundError(message)
+    case 429:
+      return new SwappedRateLimitError(message)
+    default:
+      return new SwappedError(
+        message,
+        response.status,
+        errorData.code,
+        errorData.details
+      )
+  }
+}
+
+/**
+ * Pure function for making HTTP requests with retry logic
+ */
+export async function request<T>(
+  config: RequiredSwappedConfig,
+  method: HttpMethod,
+  path: string,
+  options?: {
+    readonly body?: unknown
+    readonly params?: Readonly<Record<string, unknown>>
+  }
+): Promise<ApiResponse<T>> {
+  const url = buildUrl(BASE_URL, path, options?.params)
+  const requestConfig = createRequestConfig(config, method, path, options?.body)
+
+  // Create abort controller for timeout
+  const controller = new AbortController()
+  const timeoutId = setTimeout(() => {
+    controller.abort()
+  }, config.timeout)
+
+  try {
+    const response = await withRetry(
+      async () => {
+        const res = await fetch(url, {
+          ...requestConfig,
+          signal: controller.signal,
+        })
+
+        if (!res.ok) {
+          throw await handleErrorResponse(res)
+        }
+
+        return res
+      },
+      {
+        maxRetries: config.retries,
+        timeout: config.timeout,
+      }
+    )
+
+    const data = (await response.json()) as ApiResponse<T>
+    return data
+  } catch (error) {
+    if (error instanceof SwappedError) {
+      throw error
+    }
+
+    // Handle abort/timeout
+    if (error instanceof Error && error.name === 'AbortError') {
+      throw new SwappedError(
+        `Request timeout after ${config.timeout}ms`,
+        408,
+        'TIMEOUT_ERROR'
+      )
+    }
+
+    // Handle network errors
+    throw new SwappedError(
+      error instanceof Error ? error.message : 'Network error occurred',
+      0,
+      'NETWORK_ERROR'
+    )
+  } finally {
+    clearTimeout(timeoutId)
+  }
+}

package/src/utils/retry.ts

@@ -0,0 +1,57 @@
+import { SwappedError } from './errors'
+
+/**
+ * Retry configuration
+ */
+export interface RetryConfig {
+  readonly maxRetries: number
+  readonly timeout: number
+}
+
+/**
+ * Pure function for retrying with exponential backoff
+ * 
+ * @param fn - Function to retry
+ * @param config - Retry configuration
+ * @returns Promise that resolves with the function result or rejects after all retries
+ */
+export async function withRetry<T>(
+  fn: () => Promise<T>,
+  config: RetryConfig
+): Promise<T> {
+  let lastError: Error | undefined
+
+  for (let attempt = 0; attempt <= config.maxRetries; attempt++) {
+    try {
+      return await fn()
+    } catch (error) {
+      lastError = error as Error
+
+      // Don't retry on client errors (4xx) except 429 (rate limit)
+      if (
+        error instanceof SwappedError &&
+        error.statusCode !== undefined &&
+        error.statusCode >= 400 &&
+        error.statusCode < 500 &&
+        error.statusCode !== 429
+      ) {
+        throw error
+      }
+
+      // Wait before retry (exponential backoff)
+      if (attempt < config.maxRetries) {
+        const delayMs = Math.pow(2, attempt) * 1000
+        await delay(delayMs)
+      }
+    }
+  }
+
+  throw lastError ?? new Error('Request failed after retries')
+}
+
+/**
+ * Delay helper function
+ */
+function delay(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms))
+}

package/src/utils/webhooks.ts

@@ -0,0 +1,82 @@
+import type { WebhookEvent } from '../types/webhooks'
+
+/**
+ * Pure function for verifying webhook signature using Web Crypto API
+ * 
+ * @param payload - Raw webhook payload string
+ * @param signature - Signature from X-Signature header
+ * @param secret - Webhook secret key
+ * @returns Promise that resolves to true if signature is valid
+ */
+export async function verifyWebhookSignature(
+  payload: string,
+  signature: string,
+  secret: string
+): Promise<boolean> {
+  try {
+    // Import the secret key
+    const encoder = new TextEncoder()
+    const keyData = encoder.encode(secret)
+    const key = await crypto.subtle.importKey(
+      'raw',
+      keyData,
+      { name: 'HMAC', hash: 'SHA-256' },
+      false,
+      ['sign']
+    )
+
+    // Sign the payload
+    const payloadData = encoder.encode(payload)
+    const signatureBuffer = await crypto.subtle.sign(
+      'HMAC',
+      key,
+      payloadData
+    )
+
+    // Convert signature to hex string
+    const signatureArray = Array.from(new Uint8Array(signatureBuffer))
+    const expectedSignature = signatureArray
+      .map((b) => b.toString(16).padStart(2, '0'))
+      .join('')
+
+    // Compare signatures using constant-time comparison
+    return constantTimeEqual(expectedSignature, signature)
+  } catch {
+    return false
+  }
+}
+
+/**
+ * Constant-time string comparison to prevent timing attacks
+ */
+function constantTimeEqual(a: string, b: string): boolean {
+  if (a.length !== b.length) {
+    return false
+  }
+
+  let result = 0
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i)
+  }
+
+  return result === 0
+}
+
+/**
+ * Pure function for parsing webhook event payload
+ * 
+ * @param payload - JSON string payload
+ * @returns Parsed webhook event
+ * @throws Error if payload is invalid JSON
+ */
+export function parseWebhookEvent(payload: string): WebhookEvent {
+  try {
+    return JSON.parse(payload) as WebhookEvent
+  } catch (error) {
+    throw new Error(
+      `Failed to parse webhook payload: ${
+        error instanceof Error ? error.message : 'Unknown error'
+      }`
+    )
+  }
+}