npm - @blokjs/trigger-webhook - Versions diffs - 0.6.18 → 0.6.19 - Mend

@blokjs/trigger-webhook 0.6.18 → 0.6.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json +5 -4
package/CHANGELOG.md +0 -22
package/src/WebhookTrigger.integration.test.ts +0 -162
package/src/WebhookTrigger.test.ts +0 -252
package/src/WebhookTrigger.ts +0 -459
package/src/index.ts +0 -51
package/src/verifiers.test.ts +0 -316
package/src/verifiers.ts +0 -357
package/tsconfig.json +0 -32

package/package.json CHANGED Viewed

@@ -1,6 +1,7 @@
 {
 	"name": "@blokjs/trigger-webhook",
-	"version": "0.6.18",
+	"version": "0.6.19",
+	"files": ["dist"],
 	"description": "Webhook trigger for Blok workflows - supports GitHub, Stripe, Shopify, and custom webhooks",
 	"type": "module",
 	"main": "dist/index.js",
@@ -14,9 +15,9 @@
 	"author": "Deskree Technologies Inc.",
 	"license": "Apache-2.0",
 	"dependencies": {
-		"@blokjs/helper": "^0.6.18",
-		"@blokjs/runner": "^0.6.18",
-		"@blokjs/shared": "^0.6.18",
+		"@blokjs/helper": "^0.6.19",
+		"@blokjs/runner": "^0.6.19",
+		"@blokjs/shared": "^0.6.19",
 		"@opentelemetry/api": "^1.9.0",
 		"hono": "^4.11.7",
 		"uuid": "^11.1.0"

package/CHANGELOG.md DELETED Viewed

@@ -1,22 +0,0 @@
-# @blokjs/trigger-webhook
-## 0.2.0
-### Minor Changes
-- Initial public release of Blok packages.
-  This release includes:
-  - Core packages: @blokjs/shared, @blokjs/helper, @blokjs/runner
-  - Node packages: @blokjs/api-call, @blokjs/if-else, @blokjs/react
-  - Trigger packages: pubsub, queue, webhook, websocket, worker, cron, grpc
-  - CLI tool: blokctl
-  - Editor support: @blokjs/lsp-server, @blokjs/syntax
-### Patch Changes
-- Updated dependencies
-  - @blokjs/shared@0.2.0
-  - @blokjs/helper@0.2.0
-  - @blokjs/runner@0.2.0

package/src/WebhookTrigger.integration.test.ts DELETED Viewed

@@ -1,162 +0,0 @@
-/**
- * v0.7 PR 4 — full end-to-end webhook trigger integration test.
- *
- * Spins up a real Hono app + `@hono/node-server` with a real
- * WebhookTrigger configured for a GitHub-style provider. Sends a
- * signed POST via native `fetch` and asserts the workflow ran. A
- * second POST with the same delivery id exercises the replay-cache
- * dedup path and expects `{ status: "duplicate" }`.
- *
- * Complements `WebhookTrigger.test.ts` + `verifiers.test.ts` (unit
- * coverage of the public surface).
- */
-import { createHmac } from "node:crypto";
-import type { Server } from "node:http";
-import { NodeMap, RunTracker, WorkflowRegistry, defineNode } from "@blokjs/runner";
-import { serve } from "@hono/node-server";
-import { Hono } from "hono";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-import { z } from "zod";
-vi.mock("@opentelemetry/api", () => ({
-	trace: {
-		getTracer: () => ({
-			startActiveSpan: (_name: string, fn: (span: unknown) => unknown) =>
-				fn({ setAttribute: vi.fn(), setStatus: vi.fn(), recordException: vi.fn(), end: vi.fn() }),
-		}),
-	},
-	metrics: {
-		getMeter: () => ({
-			createCounter: () => ({ add: vi.fn() }),
-			createHistogram: () => ({ record: vi.fn() }),
-			createGauge: () => ({ record: vi.fn() }),
-			createObservableGauge: () => ({ addCallback: vi.fn() }),
-		}),
-	},
-	SpanStatusCode: { OK: 0, ERROR: 1 },
-}));
-import WebhookTriggerClass, { _setActiveWebhookTrigger } from "./WebhookTrigger";
-const TEST_PORT = 4903;
-const SECRET = "shhh-its-a-secret-1234567890";
-function hmacHex(body: string): string {
-	return createHmac("sha256", SECRET).update(body).digest("hex");
-}
-const handleNode = defineNode({
-	name: "handle-event",
-	description: "test fixture — record the event id + type",
-	input: z.object({}).passthrough(),
-	output: z.object({ handled: z.boolean(), eventId: z.string() }),
-	async execute(ctx) {
-		const body = (ctx.request?.body as { delivery_id?: string } | undefined) ?? {};
-		return { handled: true, eventId: body.delivery_id ?? "" };
-	},
-});
-describe("WebhookTrigger — v0.7 PR 4 integration (real HTTP)", () => {
-	let app: Hono;
-	let trigger: InstanceType<typeof WebhookTriggerClass>;
-	let httpServer: Server | null = null;
-	beforeEach(() => {
-		WorkflowRegistry.resetInstance();
-		_setActiveWebhookTrigger(null);
-		process.env.GH_SECRET = SECRET;
-		app = new Hono();
-	});
-	afterEach(
-		() =>
-			new Promise<void>((resolve) => {
-				if (trigger) void trigger.stop();
-				if (httpServer) {
-					httpServer.close(() => {
-						httpServer = null;
-						WorkflowRegistry.resetInstance();
-						_setActiveWebhookTrigger(null);
-						process.env.GH_SECRET = undefined;
-						resolve();
-					});
-				} else {
-					WorkflowRegistry.resetInstance();
-					_setActiveWebhookTrigger(null);
-					process.env.GH_SECRET = undefined;
-					resolve();
-				}
-			}),
-	);
-	it("verifies a signed GitHub-style POST, runs the workflow, and dedups replays", async () => {
-		const nodes = new NodeMap();
-		nodes.addNode("handle-event", handleNode);
-		WorkflowRegistry.getInstance().register({
-			name: "gh-events",
-			source: "/test/gh.json",
-			workflow: {
-				name: "gh-events",
-				version: "1.0.0",
-				trigger: {
-					webhook: {
-						provider: "github",
-						path: "/webhooks/github",
-						secretEnv: "GH_SECRET",
-						idempotencyKey: "js/ctx.request.headers['x-github-delivery']",
-					},
-				},
-				steps: [{ id: "handle", node: "handle-event", type: "module", inputs: {} }],
-				nodes: { handle: { inputs: {} } },
-			},
-		});
-		trigger = new WebhookTriggerClass(app);
-		trigger.setNodeMap({ nodes });
-		await trigger.listen();
-		await new Promise<void>((resolve) => {
-			httpServer = serve({ fetch: app.fetch, port: TEST_PORT }, () => resolve()) as Server;
-		});
-		const body = JSON.stringify({ ref: "refs/heads/main", delivery_id: "delivery-uuid-9" });
-		const sig = `sha256=${hmacHex(body)}`;
-		const reqInit = {
-			method: "POST",
-			headers: {
-				"content-type": "application/json",
-				"x-hub-signature-256": sig,
-				"x-github-event": "push",
-				"x-github-delivery": "delivery-uuid-9",
-			},
-			body,
-		};
-		// First delivery — should run the workflow.
-		const first = await fetch(`http://localhost:${TEST_PORT}/webhooks/github`, reqInit);
-		expect(first.status).toBe(200);
-		const firstJson = (await first.json()) as { status?: string; eventId?: string };
-		expect(firstJson.status).toBe("ok");
-		expect(firstJson.eventId).toBe("delivery-uuid-9");
-		// Second delivery with the same delivery id — replay cache should
-		// short-circuit with `duplicate` and NOT run the workflow.
-		const second = await fetch(`http://localhost:${TEST_PORT}/webhooks/github`, reqInit);
-		expect(second.status).toBe(200);
-		const secondJson = (await second.json()) as { status?: string; eventId?: string };
-		expect(secondJson.status).toBe("duplicate");
-		expect(secondJson.eventId).toBe("delivery-uuid-9");
-	}, 15_000);
-});
-// Drain the per-process RunTracker after the suite to keep singletons
-// from leaking into other tests in the same project.
-afterEach(() => {
-	try {
-		RunTracker.resetInstance();
-	} catch {
-		/* ignore — older test orderings */
-	}
-});

package/src/WebhookTrigger.test.ts DELETED Viewed

@@ -1,252 +0,0 @@
-/**
- * WebhookTrigger — v0.7 PR 4 — unit tests for the public surface.
- *
- * Covers construction, the pre-catch-all hook coordination contract
- * with HttpTrigger, route discovery via WorkflowRegistry, idempotent
- * listen(), and the singleton helper accessor. End-to-end coverage
- * (real HTTP POST with a signed Stripe-shaped payload + replay
- * dedup) lives in `WebhookTrigger.integration.test.ts`.
- */
-import { createHmac } from "node:crypto";
-import { WorkflowRegistry } from "@blokjs/runner";
-import { Hono } from "hono";
-import { afterEach, beforeEach, describe, expect, it, vi } from "vitest";
-vi.mock("@opentelemetry/api", () => ({
-	trace: {
-		getTracer: () => ({
-			startActiveSpan: (_name: string, fn: (span: unknown) => unknown) =>
-				fn({ setAttribute: vi.fn(), setStatus: vi.fn(), recordException: vi.fn(), end: vi.fn() }),
-		}),
-	},
-	metrics: {
-		getMeter: () => ({
-			createCounter: () => ({ add: vi.fn() }),
-			createHistogram: () => ({ record: vi.fn() }),
-			createGauge: () => ({ record: vi.fn() }),
-			createObservableGauge: () => ({ addCallback: vi.fn() }),
-		}),
-	},
-	SpanStatusCode: { OK: 0, ERROR: 1 },
-}));
-import WebhookTrigger, { _getActiveWebhookTrigger, _setActiveWebhookTrigger } from "./WebhookTrigger";
-const SECRET = "shhh-its-a-secret-1234567890";
-function hmacHex(data: string, secret = SECRET): string {
-	return createHmac("sha256", secret).update(data).digest("hex");
-}
-describe("WebhookTrigger — v0.7 PR 4", () => {
-	beforeEach(() => {
-		WorkflowRegistry.resetInstance();
-		_setActiveWebhookTrigger(null);
-		process.env.GH_SECRET = SECRET;
-	});
-	afterEach(() => {
-		_setActiveWebhookTrigger(null);
-		process.env.GH_SECRET = undefined;
-	});
-	describe("constructor()", () => {
-		it("registers as the active webhook trigger singleton", () => {
-			const app = new Hono();
-			const trigger = new WebhookTrigger(app);
-			expect(trigger).toBeDefined();
-			expect(_getActiveWebhookTrigger()).toBe(trigger);
-		});
-		it("accepts an optional httpTrigger for pre-catch-all coordination", () => {
-			const app = new Hono();
-			const addPreCatchAllHook = vi.fn();
-			const httpTrigger = { addPreCatchAllHook };
-			const trigger = new WebhookTrigger(app, httpTrigger);
-			expect(trigger).toBeDefined();
-			expect(addPreCatchAllHook).not.toHaveBeenCalled();
-		});
-	});
-	describe("listen()", () => {
-		it("registers a POST route per webhook workflow in the registry", async () => {
-			const app = new Hono();
-			WorkflowRegistry.getInstance().register({
-				name: "gh-events",
-				source: "/test/gh.json",
-				workflow: {
-					name: "gh-events",
-					version: "1.0.0",
-					trigger: { webhook: { provider: "github", path: "/webhooks/github", secretEnv: "GH_SECRET" } },
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			// Send a valid signed POST — should at least not 404.
-			const body = JSON.stringify({ ref: "refs/heads/main" });
-			const res = await app.fetch(
-				new Request("http://localhost/webhooks/github", {
-					method: "POST",
-					headers: {
-						"content-type": "application/json",
-						"x-hub-signature-256": `sha256=${hmacHex(body)}`,
-						"x-github-event": "push",
-						"x-github-delivery": "delivery-1",
-					},
-					body,
-				}),
-			);
-			expect(res.status).not.toBe(404);
-		});
-		it("skips workflows without trigger.webhook config", async () => {
-			const app = new Hono();
-			WorkflowRegistry.getInstance().register({
-				name: "http-only",
-				source: "/test/http.json",
-				workflow: {
-					name: "http-only",
-					version: "1.0.0",
-					trigger: { http: { method: "POST", path: "/api/foo" } },
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			// No webhook route mounted — anything not on app returns 404.
-			const res = await app.fetch(new Request("http://localhost/webhooks/anywhere", { method: "POST" }));
-			expect(res.status).toBe(404);
-		});
-		it("skips workflows with neither `provider` nor `signature`", async () => {
-			const app = new Hono();
-			WorkflowRegistry.getInstance().register({
-				name: "misconfigured",
-				source: "/test/bad.json",
-				workflow: {
-					name: "misconfigured",
-					version: "1.0.0",
-					trigger: { webhook: { path: "/webhooks/bad" } },
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			expect(trigger.getStats().workflowsRegistered).toBe(0);
-		});
-		it("registers a pre-catch-all hook on httpTrigger when provided", async () => {
-			const app = new Hono();
-			const addPreCatchAllHook = vi.fn();
-			const httpTrigger = { addPreCatchAllHook };
-			WorkflowRegistry.getInstance().register({
-				name: "gh-events",
-				source: "/test/gh.json",
-				workflow: {
-					name: "gh-events",
-					version: "1.0.0",
-					trigger: { webhook: { provider: "github", path: "/webhooks/github", secretEnv: "GH_SECRET" } },
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app, httpTrigger);
-			await trigger.listen();
-			expect(addPreCatchAllHook).toHaveBeenCalledTimes(1);
-			expect(addPreCatchAllHook).toHaveBeenCalledWith(expect.any(Function));
-		});
-		it("is idempotent — second listen() call is a no-op", async () => {
-			const app = new Hono();
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			await expect(trigger.listen()).resolves.toBeTypeOf("number");
-		});
-	});
-	describe("request handling", () => {
-		it("returns 401 with structured reason when the signature is invalid", async () => {
-			const app = new Hono();
-			WorkflowRegistry.getInstance().register({
-				name: "gh-events",
-				source: "/test/gh.json",
-				workflow: {
-					name: "gh-events",
-					version: "1.0.0",
-					trigger: { webhook: { provider: "github", path: "/webhooks/github", secretEnv: "GH_SECRET" } },
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			const res = await app.fetch(
-				new Request("http://localhost/webhooks/github", {
-					method: "POST",
-					headers: {
-						"content-type": "application/json",
-						"x-hub-signature-256": "sha256=deadbeef",
-						"x-github-event": "push",
-					},
-					body: JSON.stringify({}),
-				}),
-			);
-			expect(res.status).toBe(401);
-			const json = (await res.json()) as { reason?: string };
-			expect(json.reason).toBe("signature_mismatch");
-		});
-		it("returns 200 `ignored` when the event isn't in the allowlist", async () => {
-			const app = new Hono();
-			WorkflowRegistry.getInstance().register({
-				name: "gh-events",
-				source: "/test/gh.json",
-				workflow: {
-					name: "gh-events",
-					version: "1.0.0",
-					trigger: {
-						webhook: {
-							provider: "github",
-							path: "/webhooks/github",
-							secretEnv: "GH_SECRET",
-							events: ["push"],
-						},
-					},
-					steps: [],
-				},
-			});
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			const body = JSON.stringify({});
-			const res = await app.fetch(
-				new Request("http://localhost/webhooks/github", {
-					method: "POST",
-					headers: {
-						"content-type": "application/json",
-						"x-hub-signature-256": `sha256=${hmacHex(body)}`,
-						"x-github-event": "pull_request",
-					},
-					body,
-				}),
-			);
-			expect(res.status).toBe(200);
-			const json = (await res.json()) as { status?: string; reason?: string };
-			expect(json.status).toBe("ignored");
-			expect(json.reason).toBe("event_not_allowed");
-		});
-	});
-	describe("stop()", () => {
-		it("clears the singleton", async () => {
-			const app = new Hono();
-			const trigger = new WebhookTrigger(app);
-			await trigger.listen();
-			await trigger.stop();
-			expect(_getActiveWebhookTrigger()).toBeNull();
-		});
-	});
-});