@forge/realtime 0.4.1 → 0.5.0-next.1

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # @forge/realtime
 
+## 0.5.0-next.1
+
+### Minor Changes
+
+- 68e1229: Adds pre validation for the forge realtime token in publish methods
+
+## 0.4.2-next.0
+
+### Patch Changes
+
+- 4c69f6e: Add headers for rate limits
+
 ## 0.4.1
 
 ### Patch Changes

package/out/publish.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"publish.d.ts","sourceRoot":"","sources":["../src/publish.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AA2BlD,UAAU,cAAc;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;CACrC;AAED,eAAO,MAAM,OAAO,mDACL,MAAM,sCAET,cAAc;;;;;;;;EA0EzB,CAAC;AAEF,eAAO,MAAM,aAAa,mDACX,MAAM,sCAET,cAAc;;;;;;;;EA6DzB,CAAC"}
+{"version":3,"file":"publish.d.ts","sourceRoot":"","sources":["../src/publish.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AA2BlD,UAAU,cAAc;IACtB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,gBAAgB,CAAC,EAAE,cAAc,EAAE,CAAC;CACrC;AAED,eAAO,MAAM,OAAO,mDACL,MAAM,sCAET,cAAc;;;;;;;;EAmFzB,CAAC;AAEF,eAAO,MAAM,aAAa,mDACX,MAAM,sCAET,cAAc;;;;;;;;EAyEzB,CAAC"}

package/out/publish.js

@@ -31,6 +31,12 @@ const publish = async (channelName, eventPayload, options) => {
     if (contextOverrides && !Array.isArray(contextOverrides)) {
         throw new Error('Invalid value for contextOverrides. Please provide an array of valid context properties.');
     }
+    if (token) {
+        const { valid, error } = (0, utils_1.validateToken)(token, channelName);
+        if (!valid) {
+            return { eventId: null, eventTimestamp: null, errors: [`Realtime token validation failed: ${error}`] };
+        }
+    }
     const channelContext = contextOverrides
         ? JSON.stringify({
             contextOverrides
@@ -48,13 +54,15 @@ const publish = async (channelName, eventPayload, options) => {
                 context: channelContext,
                 payload: JSON.stringify(eventPayload),
                 isGlobal: false,
-                token: token
+                token
             }
         }),
         errors: [],
         headers: {
             'Content-Type': 'application/json',
-            'x-forge-context-token': realtime?.contextToken
+            'x-forge-context-token': realtime?.contextToken,
+            'x-rate-limit-app-id': appContext.appId,
+            'x-rate-limit-installation-id': appContext.installationId
         }
     });
     (0, utils_1.handleProxyResponseErrors)(response);
@@ -86,7 +94,14 @@ const publish = async (channelName, eventPayload, options) => {
 };
 exports.publish = publish;
 const publishGlobal = async (channelName, eventPayload, options) => {
-    const { appContext } = (0, runtime_1.__getRuntime)();
+    const { appContext, realtime } = (0, runtime_1.__getRuntime)();
+    const { token } = options || {};
+    if (token) {
+        const { valid, error } = (0, utils_1.validateToken)(token, channelName);
+        if (!valid) {
+            return { eventId: null, eventTimestamp: null, errors: [`Realtime token validation failed: ${error}`] };
+        }
+    }
     const response = await global.__forge_fetch__({
         type: 'realtime'
     }, '/', {
@@ -98,12 +113,15 @@ const publishGlobal = async (channelName, eventPayload, options) => {
                 name: channelName,
                 payload: JSON.stringify(eventPayload),
                 isGlobal: true,
-                token: options?.token
+                token
             }
         }),
         errors: [],
         headers: {
-            'Content-Type': 'application/json'
+            'Content-Type': 'application/json',
+            'x-forge-context-token': realtime?.contextToken,
+            'x-rate-limit-app-id': appContext.appId,
+            'x-rate-limit-installation-id': appContext.installationId
         }
     });
     (0, utils_1.handleProxyResponseErrors)(response);

package/out/signRealtimeToken.d.ts

@@ -1,4 +1,5 @@
-declare type RealtimeTokenPermissions = ['subscribe'] | ['publish'] | ['subscribe', 'publish'] | ['publish', 'subscribe'];
+declare type TokenPermissions = 'subscribe' | 'publish';
+export declare type RealtimeTokenPermissions = [TokenPermissions, ...TokenPermissions[]];
 export declare const signRealtimeToken: (channelName: string, claims: any, permissions?: RealtimeTokenPermissions) => Promise<{
     token: null;
     expiresAt: null;

package/out/signRealtimeToken.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"signRealtimeToken.d.ts","sourceRoot":"","sources":["../src/signRealtimeToken.ts"],"names":[],"mappings":"AA6BA,aAAK,wBAAwB,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;AAElH,eAAO,MAAM,iBAAiB,gBACf,MAAM,UAEX,GAAG,gBACG,wBAAwB;;;;;;;;EAyDvC,CAAC"}
+{"version":3,"file":"signRealtimeToken.d.ts","sourceRoot":"","sources":["../src/signRealtimeToken.ts"],"names":[],"mappings":"AA6BA,aAAK,gBAAgB,GAAG,WAAW,GAAG,SAAS,CAAC;AAChD,oBAAY,wBAAwB,GAAG,CAAC,gBAAgB,EAAE,GAAG,gBAAgB,EAAE,CAAC,CAAC;AAEjF,eAAO,MAAM,iBAAiB,gBACf,MAAM,UAEX,GAAG,gBACG,wBAAwB;;;;;;;;EAyDvC,CAAC"}

package/out/utils.d.ts

@@ -1,2 +1,9 @@
 export declare const handleProxyResponseErrors: (response: Response) => void;
+declare type RealtimeTokenValidationError = 'INVALID_TOKEN' | 'TOKEN_EXPIRED' | 'MISSING_PERMISSION' | 'CHANNEL_NAME_MISMATCH';
+interface RealtimeTokenValidationResult {
+    error?: RealtimeTokenValidationError;
+    valid: boolean;
+}
+export declare const validateToken: (token: string, channelName: string) => RealtimeTokenValidationResult;
+export {};
 //# sourceMappingURL=utils.d.ts.map

package/out/utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,yBAAyB,aAAc,QAAQ,KAAG,IAK9D,CAAC"}
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAIA,eAAO,MAAM,yBAAyB,aAAc,QAAQ,KAAG,IAK9D,CAAC;AAeF,aAAK,4BAA4B,GAAG,eAAe,GAAG,eAAe,GAAG,oBAAoB,GAAG,uBAAuB,CAAC;AAEvH,UAAU,6BAA6B;IACrC,KAAK,CAAC,EAAE,4BAA4B,CAAC;IACrC,KAAK,EAAE,OAAO,CAAC;CAChB;AAuBD,eAAO,MAAM,aAAa,UAAW,MAAM,eAAe,MAAM,KAAG,6BAqBlE,CAAC"}

package/out/utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.handleProxyResponseErrors = void 0;
+exports.validateToken = exports.handleProxyResponseErrors = void 0;
 const api_1 = require("@forge/api");
 const getForgeProxyError = (response) => response.headers.get('forge-proxy-error');
 const handleProxyResponseErrors = (response) => {
@@ -10,3 +10,31 @@ const handleProxyResponseErrors = (response) => {
     }
 };
 exports.handleProxyResponseErrors = handleProxyResponseErrors;
+const decodeTokenPayload = (token) => {
+    const parts = token.split('.');
+    if (parts.length !== 3) {
+        throw new Error('Invalid token format.');
+    }
+    const base64 = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+    return JSON.parse(Buffer.from(base64, 'base64').toString('utf-8'));
+};
+const validateToken = (token, channelName) => {
+    let decodedToken;
+    try {
+        decodedToken = decodeTokenPayload(token);
+    }
+    catch {
+        return { valid: false, error: 'INVALID_TOKEN' };
+    }
+    if (typeof decodedToken.exp === 'number' && Date.now() / 1000 >= decodedToken.exp) {
+        return { valid: false, error: 'TOKEN_EXPIRED' };
+    }
+    if (decodedToken.channel.name !== channelName) {
+        return { valid: false, error: 'CHANNEL_NAME_MISMATCH' };
+    }
+    if (decodedToken.permissions && !decodedToken.permissions?.includes('publish')) {
+        return { valid: false, error: 'MISSING_PERMISSION' };
+    }
+    return { valid: true };
+};
+exports.validateToken = validateToken;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/realtime",
-  "version": "0.4.1",
+  "version": "0.5.0-next.1",
   "description": "Forge realtime",
   "main": "out/index.js",
   "types": "out/index.d.ts",
@@ -14,7 +14,7 @@
   },
   "devDependencies": {
     "@atlassian/metrics-interface": "4.0.0",
-    "@forge/api": "^7.2.1",
+    "@forge/api": "^7.2.2-next.0",
     "@types/node": "20.19.1"
   },
   "publishConfig": {