@feelflow/ffid-sdk 0.1.0 → 0.2.0

package/dist/webhooks/index.js

@@ -0,0 +1,237 @@
+import { createHmac, timingSafeEqual } from 'crypto';
+
+// src/webhooks/constants.ts
+var FFID_WEBHOOK_SIGNATURE_HEADER = "X-FFID-Signature";
+var FFID_WEBHOOK_TIMESTAMP_HEADER = "X-FFID-Timestamp";
+var FFID_WEBHOOK_EVENT_ID_HEADER = "X-FFID-Event-ID";
+var FFID_WEBHOOK_SIGNATURE_VERSION = "v1";
+var DEFAULT_TOLERANCE_SECONDS = 300;
+var MILLISECONDS_PER_SECOND = 1e3;
+
+// src/webhooks/errors.ts
+var FFIDWebhookError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "FFIDWebhookError";
+  }
+};
+var FFIDWebhookSignatureError = class extends FFIDWebhookError {
+  constructor(message = "Webhook signature verification failed") {
+    super(message);
+    this.name = "FFIDWebhookSignatureError";
+  }
+};
+var FFIDWebhookTimestampError = class extends FFIDWebhookError {
+  constructor(message = "Webhook timestamp is outside tolerance window") {
+    super(message);
+    this.name = "FFIDWebhookTimestampError";
+  }
+};
+var FFIDWebhookPayloadError = class extends FFIDWebhookError {
+  constructor(message = "Webhook payload is not valid JSON") {
+    super(message);
+    this.name = "FFIDWebhookPayloadError";
+  }
+};
+function parseSignatureHeader(header) {
+  const parts = header.split(",");
+  let timestamp = null;
+  let signature = null;
+  for (const part of parts) {
+    const [key, value] = part.split("=", 2);
+    if (key === "t" && value) {
+      timestamp = parseInt(value, 10);
+    } else if (key === FFID_WEBHOOK_SIGNATURE_VERSION && value) {
+      signature = value;
+    }
+  }
+  if (timestamp === null || isNaN(timestamp) || !signature) {
+    return null;
+  }
+  return { timestamp, signature };
+}
+function computeSignature(secret, timestamp, body) {
+  const signedContent = `${timestamp}.${body}`;
+  return createHmac("sha256", secret).update(signedContent).digest("hex");
+}
+function verifyWebhookSignature(rawBody, signatureHeader, secret, toleranceSeconds = DEFAULT_TOLERANCE_SECONDS) {
+  const parsed = parseSignatureHeader(signatureHeader);
+  if (!parsed) {
+    throw new FFIDWebhookSignatureError("Invalid signature header format");
+  }
+  const { timestamp, signature } = parsed;
+  const now = Math.floor(Date.now() / MILLISECONDS_PER_SECOND);
+  if (Math.abs(now - timestamp) > toleranceSeconds) {
+    throw new FFIDWebhookTimestampError(
+      `Webhook timestamp is outside tolerance window (${toleranceSeconds}s)`
+    );
+  }
+  const expected = computeSignature(secret, timestamp, rawBody);
+  const HEX_REGEX = /^[0-9a-f]+$/i;
+  if (!HEX_REGEX.test(signature)) {
+    throw new FFIDWebhookSignatureError("Webhook signature verification failed");
+  }
+  const sigBuffer = Buffer.from(signature, "hex");
+  const expectedBuffer = Buffer.from(expected, "hex");
+  if (sigBuffer.length !== expectedBuffer.length) {
+    throw new FFIDWebhookSignatureError("Webhook signature verification failed");
+  }
+  if (!timingSafeEqual(sigBuffer, expectedBuffer)) {
+    throw new FFIDWebhookSignatureError("Webhook signature verification failed");
+  }
+  try {
+    return JSON.parse(rawBody);
+  } catch {
+    throw new FFIDWebhookPayloadError("Webhook payload is not valid JSON");
+  }
+}
+
+// src/webhooks/handler.ts
+var SDK_LOG_PREFIX = "[FFID Webhook SDK]";
+var HTTP_OK = 200;
+var HTTP_BAD_REQUEST = 400;
+var noopLogger = {
+  debug: () => {
+  },
+  info: () => {
+  },
+  warn: () => {
+  },
+  error: (...args) => console.error(SDK_LOG_PREFIX, ...args)
+};
+function createFFIDWebhookHandler(config) {
+  if (!config.secret) {
+    throw new Error("FFID Webhook Handler: secret is required");
+  }
+  const logger = config.logger ?? noopLogger;
+  const toleranceSeconds = config.toleranceSeconds;
+  const handlers = /* @__PURE__ */ new Map();
+  const allHandlers = /* @__PURE__ */ new Set();
+  function on(eventType, handler) {
+    if (!handlers.has(eventType)) {
+      handlers.set(eventType, /* @__PURE__ */ new Set());
+    }
+    handlers.get(eventType).add(handler);
+    logger.debug(`Registered handler for ${eventType}`);
+  }
+  function onAll(handler) {
+    allHandlers.add(handler);
+    logger.debug("Registered catch-all handler");
+  }
+  function off(eventType, handler) {
+    const set = handlers.get(eventType);
+    if (set) {
+      set.delete(handler);
+      if (set.size === 0) {
+        handlers.delete(eventType);
+      }
+    }
+  }
+  async function dispatchEvent(event) {
+    const typeHandlers = handlers.get(event.type);
+    const promises = [];
+    if (typeHandlers) {
+      for (const handler of typeHandlers) {
+        promises.push(Promise.resolve(handler(event)));
+      }
+    }
+    for (const handler of allHandlers) {
+      promises.push(Promise.resolve(handler(event)));
+    }
+    await Promise.all(promises);
+  }
+  async function handleEvent(rawBody, signatureHeader) {
+    const event = verifyWebhookSignature(
+      rawBody,
+      signatureHeader,
+      config.secret,
+      toleranceSeconds
+    );
+    logger.info(`Received event: ${event.type} (${event.id})`);
+    await dispatchEvent(event);
+    return event;
+  }
+  async function handleRaw(rawBody, headers) {
+    const headerLower = FFID_WEBHOOK_SIGNATURE_HEADER.toLowerCase();
+    let signatureHeader;
+    for (const [key, value] of Object.entries(headers)) {
+      if (key.toLowerCase() === headerLower) {
+        signatureHeader = value;
+        break;
+      }
+    }
+    if (!signatureHeader) {
+      throw new FFIDWebhookError(
+        `Missing ${FFID_WEBHOOK_SIGNATURE_HEADER} header`
+      );
+    }
+    return handleEvent(rawBody, signatureHeader);
+  }
+  function expressMiddleware() {
+    return (req, res, _next) => {
+      const rawBody = typeof req.body === "string" ? req.body : Buffer.isBuffer(req.body) ? req.body.toString("utf-8") : JSON.stringify(req.body);
+      const signatureHeader = req.headers[FFID_WEBHOOK_SIGNATURE_HEADER.toLowerCase()];
+      if (!signatureHeader) {
+        res.status(HTTP_BAD_REQUEST).json({
+          error: `Missing ${FFID_WEBHOOK_SIGNATURE_HEADER} header`
+        });
+        return;
+      }
+      handleEvent(rawBody, signatureHeader).then((event) => {
+        res.status(HTTP_OK).json({ received: true, eventId: event.id });
+      }).catch((error) => {
+        logger.error("Webhook processing failed:", error);
+        const message = error instanceof Error ? error.message : "Webhook processing failed";
+        res.status(HTTP_BAD_REQUEST).json({ error: message });
+      });
+    };
+  }
+  function nextHandler() {
+    return async (request) => {
+      try {
+        const rawBody = await request.text();
+        const signatureHeader = request.headers.get(
+          FFID_WEBHOOK_SIGNATURE_HEADER
+        );
+        if (!signatureHeader) {
+          return new Response(
+            JSON.stringify({
+              error: `Missing ${FFID_WEBHOOK_SIGNATURE_HEADER} header`
+            }),
+            { status: HTTP_BAD_REQUEST, headers: { "Content-Type": "application/json" } }
+          );
+        }
+        const event = await handleEvent(rawBody, signatureHeader);
+        return new Response(
+          JSON.stringify({ received: true, eventId: event.id }),
+          { status: HTTP_OK, headers: { "Content-Type": "application/json" } }
+        );
+      } catch (error) {
+        logger.error("Webhook processing failed:", error);
+        const message = error instanceof Error ? error.message : "Webhook processing failed";
+        return new Response(
+          JSON.stringify({ error: message }),
+          { status: HTTP_BAD_REQUEST, headers: { "Content-Type": "application/json" } }
+        );
+      }
+    };
+  }
+  return {
+    /** Register a handler for a specific event type */
+    on,
+    /** Register a handler that receives all events */
+    onAll,
+    /** Unregister a handler for a specific event type */
+    off,
+    /** Verify signature and dispatch event (core method) */
+    handleEvent,
+    /** Process webhook from raw body + headers object */
+    handleRaw,
+    /** Express/Connect middleware */
+    expressMiddleware,
+    /** Next.js App Router route handler */
+    nextHandler
+  };
+}
+
+export { DEFAULT_TOLERANCE_SECONDS, FFIDWebhookError, FFIDWebhookPayloadError, FFIDWebhookSignatureError, FFIDWebhookTimestampError, FFID_WEBHOOK_EVENT_ID_HEADER, FFID_WEBHOOK_SIGNATURE_HEADER, FFID_WEBHOOK_SIGNATURE_VERSION, FFID_WEBHOOK_TIMESTAMP_HEADER, computeSignature, createFFIDWebhookHandler, parseSignatureHeader, verifyWebhookSignature };

package/package.json

@@ -1,8 +1,15 @@
 {
   "name": "@feelflow/ffid-sdk",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "FeelFlow ID Platform SDK for React/Next.js applications",
-  "keywords": ["feelflow", "ffid", "sdk", "react", "nextjs", "authentication"],
+  "keywords": [
+    "feelflow",
+    "ffid",
+    "sdk",
+    "react",
+    "nextjs",
+    "authentication"
+  ],
   "author": "FeelFlow <dev@feelflow.co.jp>",
   "license": "MIT",
   "homepage": "https://github.com/feel-flow/feelflow-id-platform/tree/develop/sdk/typescript#readme",
@@ -33,6 +40,16 @@
       "types": "./dist/legal/index.d.ts",
       "import": "./dist/legal/index.js",
       "require": "./dist/legal/index.cjs"
+    },
+    "./webhooks": {
+      "types": "./dist/webhooks/index.d.ts",
+      "import": "./dist/webhooks/index.js",
+      "require": "./dist/webhooks/index.cjs"
+    },
+    "./announcements": {
+      "types": "./dist/announcements/index.d.ts",
+      "import": "./dist/announcements/index.js",
+      "require": "./dist/announcements/index.cjs"
     }
   },
   "files": [
@@ -41,7 +58,7 @@
   ],
   "sideEffects": false,
   "scripts": {
-    "build": "rm -rf dist && tsup",
+    "build": "rimraf dist && tsup",
     "dev": "tsup --watch",
     "type-check": "tsc --noEmit",
     "lint": "eslint src",
@@ -71,6 +88,7 @@
     "jsdom": "^27.0.0",
     "react": "^19.0.0",
     "react-dom": "^19.0.0",
+    "rimraf": "^6.1.2",
     "tsup": "^8.0.0",
     "typescript": "^5.0.0",
     "vitest": "^4.0.0"