@delopay/sdk 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +3 -13
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +8 -1
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1,9 +1,7 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __create = Object.create;
|
|
3
2
|
var __defProp = Object.defineProperty;
|
|
4
3
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
5
4
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
-
var __getProtoOf = Object.getPrototypeOf;
|
|
7
5
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
8
6
|
var __export = (target, all) => {
|
|
9
7
|
for (var name in all)
|
|
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
17
15
|
}
|
|
18
16
|
return to;
|
|
19
17
|
};
|
|
20
|
-
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
-
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
-
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
-
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
-
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
-
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
-
mod
|
|
27
|
-
));
|
|
28
18
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
29
19
|
|
|
30
20
|
// src/index.ts
|
|
@@ -2102,7 +2092,6 @@ var Verification = class {
|
|
|
2102
2092
|
};
|
|
2103
2093
|
|
|
2104
2094
|
// src/resources/webhooks.ts
|
|
2105
|
-
var import_node_crypto = __toESM(require("crypto"), 1);
|
|
2106
2095
|
var Webhooks = {
|
|
2107
2096
|
/**
|
|
2108
2097
|
* Verify the signature of an incoming Delopay webhook and return the parsed event.
|
|
@@ -2144,13 +2133,14 @@ var Webhooks = {
|
|
|
2144
2133
|
throw new Error("Invalid webhook timestamp");
|
|
2145
2134
|
}
|
|
2146
2135
|
const signature = signaturePart.slice(3);
|
|
2136
|
+
const crypto = require("crypto");
|
|
2147
2137
|
const signedPayload = `${timestamp}.${rawBody}`;
|
|
2148
|
-
const expected =
|
|
2138
|
+
const expected = crypto.createHmac("sha256", secret).update(signedPayload).digest("hex");
|
|
2149
2139
|
const sigBuf = Buffer.from(signature);
|
|
2150
2140
|
const expBuf = Buffer.from(expected);
|
|
2151
2141
|
const lengthsMatch = sigBuf.length === expBuf.length;
|
|
2152
2142
|
const paddedSig = lengthsMatch ? sigBuf : Buffer.alloc(expBuf.length, 0);
|
|
2153
|
-
const signaturesMatch = lengthsMatch &&
|
|
2143
|
+
const signaturesMatch = lengthsMatch && crypto.timingSafeEqual(paddedSig, expBuf);
|
|
2154
2144
|
if (!signaturesMatch) {
|
|
2155
2145
|
throw new Error("Invalid webhook signature");
|
|
2156
2146
|
}
|