@better-webhook/cli 3.9.0 → 3.10.0

package/dist/core/debug-verify.js

@@ -0,0 +1,253 @@
+import { createHmac, timingSafeEqual } from "node:crypto";
+function getHeader(headers, name) {
+    const value = headers[name.toLowerCase()];
+    return Array.isArray(value) ? value[0] : value;
+}
+function safeCompare(a, b) {
+    try {
+        const bufA = Buffer.from(a);
+        const bufB = Buffer.from(b);
+        if (bufA.length !== bufB.length) {
+            return false;
+        }
+        return timingSafeEqual(bufA, bufB);
+    }
+    catch {
+        return false;
+    }
+}
+export function debugGitHubVerify(rawBody, headers, secret) {
+    const headerName = "x-hub-signature-256";
+    const expectedSignature = getHeader(headers, headerName);
+    const signedPayload = rawBody;
+    const computed = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("hex");
+    const computedSignature = `sha256=${computed}`;
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "github",
+        rawBody,
+        signedPayload,
+        expectedSignature,
+        computedSignature,
+        isValid,
+        algorithm: "HMAC-SHA256",
+        headerName,
+    };
+}
+export function debugRagieVerify(rawBody, headers, secret) {
+    const headerName = "x-signature";
+    const expectedSignature = getHeader(headers, headerName);
+    const signedPayload = rawBody;
+    const computedSignature = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("hex");
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "ragie",
+        rawBody,
+        signedPayload,
+        expectedSignature,
+        computedSignature,
+        isValid,
+        algorithm: "HMAC-SHA256",
+        headerName,
+    };
+}
+export function debugStripeVerify(rawBody, headers, secret) {
+    const headerName = "stripe-signature";
+    const signatureHeader = getHeader(headers, headerName);
+    let timestamp;
+    let expectedSignature;
+    if (signatureHeader) {
+        const parts = signatureHeader.split(",");
+        for (const part of parts) {
+            const [key, value] = part.split("=");
+            if (key === "t")
+                timestamp = value;
+            if (key === "v1")
+                expectedSignature = value;
+        }
+    }
+    const signedPayload = timestamp ? `${timestamp}.${rawBody}` : rawBody;
+    const computedSignature = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("hex");
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "stripe",
+        rawBody,
+        signedPayload,
+        expectedSignature,
+        computedSignature,
+        isValid,
+        algorithm: "HMAC-SHA256",
+        headerName,
+        timestamp,
+    };
+}
+export function debugSlackVerify(rawBody, headers, secret) {
+    const headerName = "x-slack-signature";
+    const signatureHeader = getHeader(headers, headerName);
+    const timestamp = getHeader(headers, "x-slack-request-timestamp");
+    let expectedSignature;
+    if (signatureHeader?.startsWith("v0=")) {
+        expectedSignature = signatureHeader.slice(3);
+    }
+    const signedPayload = `v0:${timestamp || ""}:${rawBody}`;
+    const computedSignature = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("hex");
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "slack",
+        rawBody,
+        signedPayload,
+        expectedSignature: signatureHeader,
+        computedSignature: `v0=${computedSignature}`,
+        isValid,
+        algorithm: "HMAC-SHA256",
+        headerName,
+        timestamp,
+    };
+}
+export function debugLinearVerify(rawBody, headers, secret) {
+    const headerName = "linear-signature";
+    const expectedSignature = getHeader(headers, headerName);
+    const signedPayload = rawBody;
+    const computedSignature = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("hex");
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "linear",
+        rawBody,
+        signedPayload,
+        expectedSignature,
+        computedSignature,
+        isValid,
+        algorithm: "HMAC-SHA256",
+        headerName,
+    };
+}
+export function debugShopifyVerify(rawBody, headers, secret) {
+    const headerName = "x-shopify-hmac-sha256";
+    const expectedSignature = getHeader(headers, headerName);
+    const signedPayload = rawBody;
+    const computedSignature = createHmac("sha256", secret)
+        .update(signedPayload, "utf-8")
+        .digest("base64");
+    const isValid = expectedSignature
+        ? safeCompare(expectedSignature, computedSignature)
+        : false;
+    return {
+        provider: "shopify",
+        rawBody,
+        signedPayload,
+        expectedSignature,
+        computedSignature,
+        isValid,
+        algorithm: "HMAC-SHA256 (base64)",
+        headerName,
+    };
+}
+export function detectProviderFromHeaders(headers) {
+    if (getHeader(headers, "stripe-signature"))
+        return "stripe";
+    if (getHeader(headers, "x-hub-signature-256") ||
+        getHeader(headers, "x-github-event"))
+        return "github";
+    if (getHeader(headers, "x-signature"))
+        return "ragie";
+    if (getHeader(headers, "x-shopify-hmac-sha256"))
+        return "shopify";
+    if (getHeader(headers, "x-slack-signature"))
+        return "slack";
+    if (getHeader(headers, "linear-signature"))
+        return "linear";
+    if (getHeader(headers, "svix-signature"))
+        return "clerk";
+    if (getHeader(headers, "x-twilio-signature"))
+        return "twilio";
+    return undefined;
+}
+export function getSecretEnvVar(provider) {
+    const envVars = {
+        github: "GITHUB_WEBHOOK_SECRET",
+        stripe: "STRIPE_WEBHOOK_SECRET",
+        ragie: "RAGIE_WEBHOOK_SECRET",
+        slack: "SLACK_SIGNING_SECRET",
+        linear: "LINEAR_WEBHOOK_SECRET",
+        shopify: "SHOPIFY_WEBHOOK_SECRET",
+        twilio: "TWILIO_AUTH_TOKEN",
+        sendgrid: "SENDGRID_WEBHOOK_SECRET",
+        discord: "DISCORD_PUBLIC_KEY",
+        clerk: "CLERK_WEBHOOK_SECRET",
+        custom: "WEBHOOK_SECRET",
+    };
+    return envVars[provider] || "WEBHOOK_SECRET";
+}
+export function resolveSecret(cliSecret, provider) {
+    if (cliSecret)
+        return cliSecret;
+    if (provider) {
+        const envVar = getSecretEnvVar(provider);
+        const value = process.env[envVar];
+        if (value)
+            return value;
+    }
+    return process.env.WEBHOOK_SECRET;
+}
+export function debugVerify(provider, rawBody, headers, secret) {
+    const detectedProvider = provider || detectProviderFromHeaders(headers);
+    if (!detectedProvider) {
+        return {
+            provider: "unknown",
+            rawBody,
+            signedPayload: rawBody,
+            expectedSignature: undefined,
+            computedSignature: "",
+            isValid: false,
+            algorithm: "unknown",
+            headerName: "unknown",
+            error: "Could not detect provider from headers",
+        };
+    }
+    switch (detectedProvider) {
+        case "github":
+            return debugGitHubVerify(rawBody, headers, secret);
+        case "ragie":
+            return debugRagieVerify(rawBody, headers, secret);
+        case "stripe":
+            return debugStripeVerify(rawBody, headers, secret);
+        case "slack":
+            return debugSlackVerify(rawBody, headers, secret);
+        case "linear":
+            return debugLinearVerify(rawBody, headers, secret);
+        case "shopify":
+            return debugShopifyVerify(rawBody, headers, secret);
+        default:
+            return {
+                provider: detectedProvider,
+                rawBody,
+                signedPayload: rawBody,
+                expectedSignature: undefined,
+                computedSignature: "",
+                isValid: false,
+                algorithm: "unknown",
+                headerName: "unknown",
+                error: `Debug verification not implemented for provider: ${detectedProvider}`,
+            };
+    }
+}

package/dist/core/executor.d.ts

@@ -0,0 +1,11 @@
+import type { WebhookExecutionOptions, WebhookExecutionResult, HeaderEntry, WebhookTemplate } from "../types/index.js";
+export declare function executeWebhook(options: WebhookExecutionOptions): Promise<WebhookExecutionResult>;
+export declare function executeTemplate(template: WebhookTemplate, options?: {
+    url?: string;
+    secret?: string;
+    headers?: HeaderEntry[];
+}): Promise<WebhookExecutionResult>;
+export declare class ExecutionError extends Error {
+    duration: number;
+    constructor(message: string, duration: number);
+}

package/dist/core/executor.js

@@ -0,0 +1,152 @@
+import { request } from "undici";
+import { generateSignature, getProviderHeaders } from "./signature.js";
+export async function executeWebhook(options) {
+    const startTime = Date.now();
+    let bodyStr;
+    if (options.body !== undefined) {
+        bodyStr =
+            typeof options.body === "string"
+                ? options.body
+                : JSON.stringify(options.body);
+    }
+    const headers = {};
+    if (options.provider) {
+        const providerHeaders = getProviderHeaders(options.provider);
+        for (const h of providerHeaders) {
+            headers[h.key] = h.value;
+        }
+    }
+    if (options.headers) {
+        for (const h of options.headers) {
+            headers[h.key] = h.value;
+        }
+    }
+    if (options.secret && options.provider && bodyStr) {
+        const timestampHeader = headers["Webhook-Timestamp"] ||
+            headers["webhook-timestamp"] ||
+            headers["Svix-Timestamp"] ||
+            headers["svix-timestamp"] ||
+            headers["X-Slack-Request-Timestamp"] ||
+            headers["x-slack-request-timestamp"] ||
+            headers["X-Twilio-Email-Event-Webhook-Timestamp"] ||
+            headers["x-twilio-email-event-webhook-timestamp"];
+        const parsedTimestamp = timestampHeader
+            ? Number.parseInt(timestampHeader, 10)
+            : undefined;
+        const timestamp = Number.isFinite(parsedTimestamp)
+            ? parsedTimestamp
+            : undefined;
+        const webhookId = headers["Webhook-Id"] ||
+            headers["webhook-id"] ||
+            headers["Svix-Id"] ||
+            headers["svix-id"] ||
+            headers["X-GitHub-Delivery"] ||
+            headers["x-github-delivery"];
+        const sig = generateSignature(options.provider, bodyStr, options.secret, {
+            url: options.url,
+            timestamp,
+            webhookId,
+        });
+        if (sig) {
+            headers[sig.header] = sig.value;
+        }
+    }
+    if (!headers["Content-Type"] && !headers["content-type"]) {
+        headers["Content-Type"] = "application/json";
+    }
+    try {
+        const response = await request(options.url, {
+            method: options.method || "POST",
+            headers,
+            body: bodyStr,
+            headersTimeout: options.timeout || 30000,
+            bodyTimeout: options.timeout || 30000,
+        });
+        const bodyText = await response.body.text();
+        const duration = Date.now() - startTime;
+        const responseHeaders = {};
+        for (const [key, value] of Object.entries(response.headers)) {
+            if (value !== undefined) {
+                responseHeaders[key] = value;
+            }
+        }
+        let json;
+        try {
+            json = JSON.parse(bodyText);
+        }
+        catch {
+        }
+        return {
+            status: response.statusCode,
+            statusText: getStatusText(response.statusCode),
+            headers: responseHeaders,
+            body: json ?? bodyText,
+            bodyText,
+            json,
+            duration,
+        };
+    }
+    catch (error) {
+        const duration = Date.now() - startTime;
+        throw new ExecutionError(error.message, duration);
+    }
+}
+export async function executeTemplate(template, options = {}) {
+    const targetUrl = options.url || template.url;
+    if (!targetUrl) {
+        throw new Error("No target URL specified. Use --url or set url in template.");
+    }
+    const mergedHeaders = [...(template.headers || [])];
+    if (options.headers) {
+        for (const h of options.headers) {
+            const existingIdx = mergedHeaders.findIndex((mh) => mh.key.toLowerCase() === h.key.toLowerCase());
+            if (existingIdx >= 0) {
+                mergedHeaders[existingIdx] = h;
+            }
+            else {
+                mergedHeaders.push(h);
+            }
+        }
+    }
+    return executeWebhook({
+        url: targetUrl,
+        method: template.method,
+        headers: mergedHeaders,
+        body: template.body,
+        secret: options.secret,
+        provider: template.provider,
+    });
+}
+export class ExecutionError extends Error {
+    duration;
+    constructor(message, duration) {
+        super(message);
+        this.name = "ExecutionError";
+        this.duration = duration;
+    }
+}
+function getStatusText(code) {
+    const statusTexts = {
+        200: "OK",
+        201: "Created",
+        202: "Accepted",
+        204: "No Content",
+        301: "Moved Permanently",
+        302: "Found",
+        304: "Not Modified",
+        400: "Bad Request",
+        401: "Unauthorized",
+        403: "Forbidden",
+        404: "Not Found",
+        405: "Method Not Allowed",
+        408: "Request Timeout",
+        409: "Conflict",
+        422: "Unprocessable Entity",
+        429: "Too Many Requests",
+        500: "Internal Server Error",
+        502: "Bad Gateway",
+        503: "Service Unavailable",
+        504: "Gateway Timeout",
+    };
+    return statusTexts[code] || "Unknown";
+}

package/dist/core/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./template-manager.js";
+export * from "./signature.js";
+export * from "./capture-server.js";
+export * from "./replay-engine.js";
+export * from "./executor.js";

package/dist/core/index.js

@@ -0,0 +1,5 @@
+export * from "./template-manager.js";
+export * from "./signature.js";
+export * from "./capture-server.js";
+export * from "./replay-engine.js";
+export * from "./executor.js";

package/dist/core/replay-engine.d.ts

@@ -0,0 +1,20 @@
+import type { CaptureFile, ReplayOptions, WebhookExecutionResult, WebhookTemplate } from "../types/index.js";
+export declare class ReplayEngine {
+    private capturesDir;
+    constructor(capturesDir?: string);
+    getCapturesDir(): string;
+    listCaptures(limit?: number): CaptureFile[];
+    getCapture(captureId: string): CaptureFile | null;
+    replay(captureId: string, options: ReplayOptions): Promise<WebhookExecutionResult>;
+    captureToTemplate(captureId: string, options?: {
+        url?: string;
+        event?: string;
+    }): WebhookTemplate;
+    private detectEvent;
+    getCaptureSummary(captureId: string): string;
+    searchCaptures(query: string): CaptureFile[];
+    getCapturesByProvider(provider: string): CaptureFile[];
+    deleteCapture(captureId: string): boolean;
+    deleteAllCaptures(): number;
+}
+export declare function getReplayEngine(capturesDir?: string): ReplayEngine;