@graphql-mesh/hmac-upstream-signature 1.2.7-alpha-20241114122631-5a3a4345bb55e05e6bd057ae38f412d5d33315fd → 1.2.7-alpha-54b3273d0d9033d32f549a6b937921426c35b08b

package/CHANGELOG.md

@@ -0,0 +1,354 @@
+# @graphql-mesh/hmac-upstream-signature
+
+## 1.2.7-alpha-54b3273d0d9033d32f549a6b937921426c35b08b
+
+### Patch Changes
+
+- Updated dependencies [[`16fa46b`](https://github.com/graphql-hive/gateway/commit/16fa46b0e31d1fcbfee977fe02efa5e3eabdb150)]:
+  - @graphql-mesh/transport-common@0.7.14-alpha-54b3273d0d9033d32f549a6b937921426c35b08b
+
+## 1.2.6
+
+### Patch Changes
+
+- Updated dependencies
+  [[`eee53b9`](https://github.com/ardatan/graphql-mesh/commit/eee53b9f455653166c39bca627b3261fbefe4eb7)]:
+  - @graphql-mesh/utils@0.102.12
+  - @graphql-mesh/types@0.102.12
+  - @graphql-mesh/transport-common@0.7.13
+
+## 1.2.5
+
+### Patch Changes
+
+- Updated dependencies
+  [[`de41fc2`](https://github.com/ardatan/graphql-mesh/commit/de41fc2932433f8da35b9de9492720e6c8c100af),
+  [`de41fc2`](https://github.com/ardatan/graphql-mesh/commit/de41fc2932433f8da35b9de9492720e6c8c100af),
+  [`de41fc2`](https://github.com/ardatan/graphql-mesh/commit/de41fc2932433f8da35b9de9492720e6c8c100af)]:
+  - @graphql-mesh/transport-common@0.7.12
+  - @graphql-mesh/types@0.102.11
+  - @graphql-mesh/utils@0.102.11
+
+## 1.2.4
+
+## 1.2.3
+
+### Patch Changes
+
+- Updated dependencies
+  [[`997b81c`](https://github.com/ardatan/graphql-mesh/commit/997b81c8a5d28508057806b4f16eecc5b713cf71),
+  [`997b81c`](https://github.com/ardatan/graphql-mesh/commit/997b81c8a5d28508057806b4f16eecc5b713cf71),
+  [`997b81c`](https://github.com/ardatan/graphql-mesh/commit/997b81c8a5d28508057806b4f16eecc5b713cf71)]:
+  - @graphql-mesh/transport-common@0.7.11
+  - @graphql-mesh/types@0.102.10
+  - @graphql-mesh/utils@0.102.10
+
+## 1.2.2
+
+### Patch Changes
+
+- Updated dependencies
+  [[`fad4d27`](https://github.com/ardatan/graphql-mesh/commit/fad4d27bfebb80a374c2041b86ffab509845effe)]:
+  - @graphql-mesh/utils@0.102.9
+  - @graphql-mesh/types@0.102.9
+  - @graphql-mesh/transport-common@0.7.10
+
+## 1.2.1
+
+## 1.2.0
+
+### Patch Changes
+
+- Updated dependencies
+  [[`518c42c`](https://github.com/ardatan/graphql-mesh/commit/518c42c5a2bee00e224df95c2beb758a28d1323c),
+  [`518c42c`](https://github.com/ardatan/graphql-mesh/commit/518c42c5a2bee00e224df95c2beb758a28d1323c),
+  [`518c42c`](https://github.com/ardatan/graphql-mesh/commit/518c42c5a2bee00e224df95c2beb758a28d1323c)]:
+  - @graphql-mesh/transport-common@0.7.9
+  - @graphql-mesh/types@0.102.8
+  - @graphql-mesh/utils@0.102.8
+
+## 1.1.1
+
+### Patch Changes
+
+- Updated dependencies
+  [[`50bf472`](https://github.com/ardatan/graphql-mesh/commit/50bf4723657d27dc196d80407bda40c93aa5c9be),
+  [`50bf472`](https://github.com/ardatan/graphql-mesh/commit/50bf4723657d27dc196d80407bda40c93aa5c9be),
+  [`50bf472`](https://github.com/ardatan/graphql-mesh/commit/50bf4723657d27dc196d80407bda40c93aa5c9be)]:
+  - @graphql-mesh/transport-common@0.7.8
+  - @graphql-mesh/types@0.102.7
+  - @graphql-mesh/utils@0.102.7
+
+## 1.1.0
+
+## 1.0.5
+
+### Patch Changes
+
+- Updated dependencies
+  [[`bf588d3`](https://github.com/ardatan/graphql-mesh/commit/bf588d372c0078378aaa24beea2da794af7949e6)]:
+  - @graphql-mesh/utils@0.102.6
+  - @graphql-mesh/types@0.102.6
+  - @graphql-mesh/transport-common@0.7.7
+
+## 1.0.4
+
+## 1.0.3
+
+## 1.0.2
+
+## 1.0.1
+
+## 1.0.0
+
+## 0.4.4
+
+## 0.4.3
+
+## 0.4.2
+
+## 0.4.1
+
+## 0.4.0
+
+### Minor Changes
+
+- [#7580](https://github.com/ardatan/graphql-mesh/pull/7580)
+  [`75e9f63`](https://github.com/ardatan/graphql-mesh/commit/75e9f63d09514a0af786f909dc8c32ac09a1a849)
+  Thanks [@ardatan](https://github.com/ardatan)! - BREAKING: All types prefixed with `MeshServe`,
+  now are prefixed with `Gateway`. e.g. `MeshServeRuntime` -> `GatewayRuntime`
+
+  Runtime factory is renamed; `createServeRuntime` -> `createGatewayRuntime`
+
+  The expected export name for config files are renamed from `serveConfig` to `gatewayConfig`
+
+  RENAMING:
+
+  You can rename the product, config file name etc by using the following config options;
+
+  For example;
+
+  ```ts
+  productName = 'Mesh Gateway';
+  productDescription =
+    'Mesh Gateway is a GraphQL Gateway that can be used to serve a supergraph schema.';
+  productLogo = '<svg>...</svg>';
+  productPackageName = '@graphql-mesh/gateway';
+  ```
+
+### Patch Changes
+
+- [#7594](https://github.com/ardatan/graphql-mesh/pull/7594)
+  [`9f01438`](https://github.com/ardatan/graphql-mesh/commit/9f01438fbdf327c0a4bfa0cf440d890ec871ffcc)
+  Thanks [@ardatan](https://github.com/ardatan)! - Adding these plugins to serve-runtime by default,
+  and make them configurable through the configuration;
+
+  - `useResponseCache`
+  - `useContentEncoding`
+  - `useDeferStream`
+  - `useExecutionCancellation`
+  - `useUpstreamCancellation`
+  - `useDisableIntrospection`
+  - `useCSRFPrevention`
+  - `useCustomAgent`
+  - `useGenericAuth`
+  - `useHMACUpstreamSignature`
+  - `useWebhooks`
+
+  In addition, the following ones are added to the serve-cli:
+
+  - `useJWT`
+  - `usePrometheus`
+  - `useOpenTelemetry`
+  - `useRateLimit`
+
+- Updated dependencies
+  [[`3bf14b3`](https://github.com/ardatan/graphql-mesh/commit/3bf14b33ee621cce004a329928b8a04a68218016),
+  [`b7f6ebf`](https://github.com/ardatan/graphql-mesh/commit/b7f6ebfa077957c3a1ecad1fed449e972cb09ae0),
+  [`0a3e52c`](https://github.com/ardatan/graphql-mesh/commit/0a3e52c2ad2941e7c48f0e80706db41644797c2d)]:
+  - @graphql-mesh/utils@0.102.5
+  - @graphql-mesh/types@0.102.5
+  - @graphql-mesh/transport-common@0.7.6
+
+## 0.3.6
+
+### Patch Changes
+
+- Updated dependencies
+  [[`5146df0`](https://github.com/ardatan/graphql-mesh/commit/5146df0fd3313227d5d7df2beb726ca89e13923f)]:
+  - @graphql-mesh/transport-common@0.7.5
+
+## 0.3.5
+
+### Patch Changes
+
+- Updated dependencies
+  [[`edbc074`](https://github.com/ardatan/graphql-mesh/commit/edbc074523ebc86114bb3342f86b7bcd9268d005),
+  [`edbc074`](https://github.com/ardatan/graphql-mesh/commit/edbc074523ebc86114bb3342f86b7bcd9268d005),
+  [`edbc074`](https://github.com/ardatan/graphql-mesh/commit/edbc074523ebc86114bb3342f86b7bcd9268d005)]:
+  - @graphql-mesh/transport-common@0.7.4
+  - @graphql-mesh/types@0.102.4
+  - @graphql-mesh/utils@0.102.4
+
+## 0.3.4
+
+### Patch Changes
+
+- Updated dependencies
+  [[`14ec31f`](https://github.com/ardatan/graphql-mesh/commit/14ec31f95bc06e9a3d06fae387fc40cc534e01f4),
+  [`14ec31f`](https://github.com/ardatan/graphql-mesh/commit/14ec31f95bc06e9a3d06fae387fc40cc534e01f4),
+  [`14ec31f`](https://github.com/ardatan/graphql-mesh/commit/14ec31f95bc06e9a3d06fae387fc40cc534e01f4)]:
+  - @graphql-mesh/transport-common@0.7.3
+  - @graphql-mesh/types@0.102.3
+  - @graphql-mesh/utils@0.102.3
+
+## 0.3.3
+
+## 0.3.2
+
+### Patch Changes
+
+- Updated dependencies
+  [[`5d95aad`](https://github.com/ardatan/graphql-mesh/commit/5d95aad185448e8e3a004a08e364f98ee9bbee2a)]:
+  - @graphql-mesh/utils@0.102.2
+  - @graphql-mesh/types@0.102.2
+  - @graphql-mesh/transport-common@0.7.2
+
+## 0.3.1
+
+### Patch Changes
+
+- Updated dependencies
+  [[`e49a7e6`](https://github.com/ardatan/graphql-mesh/commit/e49a7e69475b652a53a0f289a44247e8b7ea96de),
+  [`60bfc22`](https://github.com/ardatan/graphql-mesh/commit/60bfc2240108af0a599a66451517a146cace879d)]:
+  - @graphql-mesh/utils@0.102.1
+  - @graphql-mesh/transport-common@0.7.1
+  - @graphql-mesh/types@0.102.1
+
+## 0.3.0
+
+### Patch Changes
+
+- Updated dependencies
+  [[`db41f96`](https://github.com/ardatan/graphql-mesh/commit/db41f96b392de95d5f3aff958df399bf58575373)]:
+  - @graphql-mesh/types@0.102.0
+  - @graphql-mesh/utils@0.102.0
+  - @graphql-mesh/transport-common@0.7.0
+
+## 0.2.3
+
+## 0.2.2
+
+### Patch Changes
+
+- [#7518](https://github.com/ardatan/graphql-mesh/pull/7518)
+  [`b0cdc83`](https://github.com/ardatan/graphql-mesh/commit/b0cdc839699a1dd90d125289b49b75f703cbb18e)
+  Thanks [@enisdenjo](https://github.com/enisdenjo)! - dependencies updates:
+  - Updated dependency
+    [`@graphql-mesh/transport-common@^0.6.1` ↗︎](https://www.npmjs.com/package/@graphql-mesh/transport-common/v/0.6.1)
+    (from `^0.6.0`, in `dependencies`)
+
+## 0.2.1
+
+### Patch Changes
+
+- Updated dependencies
+  [[`67e1062`](https://github.com/ardatan/graphql-mesh/commit/67e10629c70ec553234c1ffc99af4b89ddb31985)]:
+  - @graphql-mesh/transport-common@0.6.1
+
+## 0.2.0
+
+### Patch Changes
+
+- Updated dependencies
+  [[`d784488`](https://github.com/ardatan/graphql-mesh/commit/d784488dcf04b3b0bf32f386baf8b48e1f20d27e),
+  [`190e9ec`](https://github.com/ardatan/graphql-mesh/commit/190e9ece9bc050a0564f3b5292ab5229e63d40a6),
+  [`d784488`](https://github.com/ardatan/graphql-mesh/commit/d784488dcf04b3b0bf32f386baf8b48e1f20d27e),
+  [`190e9ec`](https://github.com/ardatan/graphql-mesh/commit/190e9ece9bc050a0564f3b5292ab5229e63d40a6),
+  [`d784488`](https://github.com/ardatan/graphql-mesh/commit/d784488dcf04b3b0bf32f386baf8b48e1f20d27e),
+  [`190e9ec`](https://github.com/ardatan/graphql-mesh/commit/190e9ece9bc050a0564f3b5292ab5229e63d40a6),
+  [`d784488`](https://github.com/ardatan/graphql-mesh/commit/d784488dcf04b3b0bf32f386baf8b48e1f20d27e)]:
+  - @graphql-mesh/transport-common@0.6.0
+  - @graphql-mesh/types@0.101.0
+  - @graphql-mesh/utils@0.101.0
+
+## 0.1.0
+
+### Patch Changes
+
+- Updated dependencies
+  [[`c06a048`](https://github.com/ardatan/graphql-mesh/commit/c06a0482e7431683f0b75fde3aebbb97aca00c4c),
+  [`c06a048`](https://github.com/ardatan/graphql-mesh/commit/c06a0482e7431683f0b75fde3aebbb97aca00c4c),
+  [`c06a048`](https://github.com/ardatan/graphql-mesh/commit/c06a0482e7431683f0b75fde3aebbb97aca00c4c),
+  [`a324c5e`](https://github.com/ardatan/graphql-mesh/commit/a324c5ef300c25dcfa265f3457453b50af0b83e7),
+  [`4d1eb28`](https://github.com/ardatan/graphql-mesh/commit/4d1eb285c2b703c5f80473ad0f316004306fac7f),
+  [`a324c5e`](https://github.com/ardatan/graphql-mesh/commit/a324c5ef300c25dcfa265f3457453b50af0b83e7)]:
+  - @graphql-mesh/transport-common@0.5.0
+  - @graphql-mesh/types@0.100.0
+  - @graphql-mesh/utils@0.100.0
+
+## 0.0.9
+
+### Patch Changes
+
+- Updated dependencies
+  [[`a1bfc49`](https://github.com/ardatan/graphql-mesh/commit/a1bfc492ac3378f22b79a51824407e776b496a84)]:
+  - @graphql-mesh/types@0.99.7
+  - @graphql-mesh/utils@0.99.7
+  - @graphql-mesh/transport-common@0.4.7
+
+## 0.0.8
+
+### Patch Changes
+
+- Updated dependencies
+  [[`6c67e77`](https://github.com/ardatan/graphql-mesh/commit/6c67e77d3c308615a733577293ecb6dd55793aeb),
+  [`6c67e77`](https://github.com/ardatan/graphql-mesh/commit/6c67e77d3c308615a733577293ecb6dd55793aeb),
+  [`6c67e77`](https://github.com/ardatan/graphql-mesh/commit/6c67e77d3c308615a733577293ecb6dd55793aeb),
+  [`6c67e77`](https://github.com/ardatan/graphql-mesh/commit/6c67e77d3c308615a733577293ecb6dd55793aeb),
+  [`6c67e77`](https://github.com/ardatan/graphql-mesh/commit/6c67e77d3c308615a733577293ecb6dd55793aeb)]:
+  - @graphql-mesh/transport-common@0.4.6
+  - @graphql-mesh/types@0.99.6
+  - @graphql-mesh/utils@0.99.6
+
+## 0.0.7
+
+## 0.0.6
+
+## 0.0.5
+
+## 0.0.4
+
+### Patch Changes
+
+- Updated dependencies
+  [[`33c23e8`](https://github.com/ardatan/graphql-mesh/commit/33c23e83a60328df806a8adc8d262a0c6de7e5a4)]:
+  - @graphql-mesh/utils@0.99.5
+  - @graphql-mesh/types@0.99.5
+  - @graphql-mesh/transport-common@0.4.5
+
+## 0.0.3
+
+### Patch Changes
+
+- Updated dependencies
+  [[`597e790`](https://github.com/ardatan/graphql-mesh/commit/597e7905e542be06e7f576d8ffde3f94d7b0630b),
+  [`597e790`](https://github.com/ardatan/graphql-mesh/commit/597e7905e542be06e7f576d8ffde3f94d7b0630b)]:
+  - @graphql-mesh/utils@0.99.4
+  - @graphql-mesh/types@0.99.4
+  - @graphql-mesh/transport-common@0.4.4
+
+## 0.0.2
+
+### Patch Changes
+
+- [#7318](https://github.com/ardatan/graphql-mesh/pull/7318)
+  [`f2af8a3`](https://github.com/ardatan/graphql-mesh/commit/f2af8a3ca005c2173b74f2b6e3aa9cf48e38b153)
+  Thanks [@dotansimha](https://github.com/dotansimha)! - Initial commit and introduce a new plugin.
+
+- Updated dependencies
+  [[`5e5dec5`](https://github.com/ardatan/graphql-mesh/commit/5e5dec51b571df8d23a4379f61fd7fbd7a3df58e),
+  [`5e5dec5`](https://github.com/ardatan/graphql-mesh/commit/5e5dec51b571df8d23a4379f61fd7fbd7a3df58e)]:
+  - @graphql-mesh/utils@0.99.3
+  - @graphql-mesh/types@0.99.3
+  - @graphql-mesh/transport-common@0.4.3

package/dist/index.cjs

@@ -0,0 +1,161 @@
+'use strict';
+
+var transportCommon = require('@graphql-mesh/transport-common');
+var utils = require('@graphql-mesh/utils');
+var jsonStableStringify = require('json-stable-stringify');
+
+function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
+
+var jsonStableStringify__default = /*#__PURE__*/_interopDefault(jsonStableStringify);
+
+const DEFAULT_EXTENSION_NAME = "hmac-signature";
+const DEFAULT_SHOULD_SIGN_FN = () => true;
+const defaultExecutionRequestSerializer = (executionRequest) => jsonStableStringify__default.default({
+  query: transportCommon.defaultPrintFn(executionRequest.document),
+  variables: executionRequest.variables
+});
+const defaultParamsSerializer = (params) => jsonStableStringify__default.default({
+  query: params.query,
+  variables: params.variables
+});
+function createCryptoKey({
+  textEncoder,
+  crypto,
+  secret,
+  usages
+}) {
+  return crypto.subtle.importKey(
+    "raw",
+    textEncoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    usages
+  );
+}
+function useHmacUpstreamSignature(options) {
+  if (!options.secret) {
+    throw new Error(
+      'Property "secret" is required for useHmacUpstreamSignature plugin'
+    );
+  }
+  const shouldSign = options.shouldSign || DEFAULT_SHOULD_SIGN_FN;
+  const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
+  const serializeExecutionRequest = options.serializeExecutionRequest || defaultExecutionRequestSerializer;
+  let key$;
+  let fetchAPI;
+  let textEncoder;
+  return {
+    onYogaInit({ yoga }) {
+      fetchAPI = yoga.fetchAPI;
+    },
+    onSubgraphExecute({
+      subgraphName,
+      subgraph,
+      executionRequest,
+      setExecutionRequest,
+      logger
+    }) {
+      logger?.debug(`running shouldSign for subgraph ${subgraphName}`);
+      if (shouldSign({ subgraphName, subgraph, executionRequest })) {
+        logger?.debug(
+          `shouldSign is true for subgraph ${subgraphName}, signing request`
+        );
+        textEncoder ||= new fetchAPI.TextEncoder();
+        key$ ||= createCryptoKey({
+          textEncoder,
+          crypto: fetchAPI.crypto,
+          secret: options.secret,
+          usages: ["sign"]
+        });
+        return utils.mapMaybePromise(key$, async (key) => {
+          key$ = key;
+          const serializedExecutionRequest = serializeExecutionRequest(executionRequest);
+          const encodedContent = textEncoder.encode(serializedExecutionRequest);
+          const signature = await fetchAPI.crypto.subtle.sign(
+            "HMAC",
+            key,
+            encodedContent
+          );
+          const extensionValue = btoa(
+            String.fromCharCode(...new Uint8Array(signature))
+          );
+          logger?.debug(
+            `produced hmac signature for subgraph ${subgraphName}, signature: ${signature}, signed payload: ${serializedExecutionRequest}`
+          );
+          setExecutionRequest({
+            ...executionRequest,
+            extensions: {
+              ...executionRequest.extensions,
+              [extensionName]: extensionValue
+            }
+          });
+        });
+      } else {
+        logger?.debug(
+          `shouldSign is false for subgraph ${subgraphName}, skipping hmac signature`
+        );
+      }
+    }
+  };
+}
+function useHmacSignatureValidation(options) {
+  if (!options.secret) {
+    throw new Error(
+      'Property "secret" is required for useHmacSignatureValidation plugin'
+    );
+  }
+  const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
+  let key$;
+  let textEncoder;
+  let logger;
+  const paramsSerializer = options.serializeParams || defaultParamsSerializer;
+  return {
+    onYogaInit({ yoga }) {
+      logger = yoga.logger;
+    },
+    onParams({ params, fetchAPI }) {
+      textEncoder ||= new fetchAPI.TextEncoder();
+      const extension = params.extensions?.[extensionName];
+      if (!extension) {
+        logger.warn(
+          `Missing HMAC signature: extension ${extensionName} not found in request.`
+        );
+        throw new Error(
+          `Missing HMAC signature: extension ${extensionName} not found in request.`
+        );
+      }
+      key$ ||= createCryptoKey({
+        textEncoder,
+        crypto: fetchAPI.crypto,
+        secret: options.secret,
+        usages: ["verify"]
+      });
+      return key$.then(async (key) => {
+        const sigBuf = Uint8Array.from(atob(extension), (c) => c.charCodeAt(0));
+        const serializedParams = paramsSerializer(params);
+        logger.debug(
+          `HMAC signature will be calculate based on serialized params: ${serializedParams}`
+        );
+        const result = await fetchAPI.crypto.subtle.verify(
+          "HMAC",
+          key,
+          sigBuf,
+          textEncoder.encode(serializedParams)
+        );
+        if (!result) {
+          logger.error(
+            `HMAC signature does not match the body content. short circuit request.`
+          );
+          throw new Error(
+            `Invalid HMAC signature: extension ${extensionName} does not match the body content.`
+          );
+        }
+      });
+    }
+  };
+}
+
+exports.defaultExecutionRequestSerializer = defaultExecutionRequestSerializer;
+exports.defaultParamsSerializer = defaultParamsSerializer;
+exports.useHmacSignatureValidation = useHmacSignatureValidation;
+exports.useHmacUpstreamSignature = useHmacUpstreamSignature;

package/dist/index.d.cts

@@ -0,0 +1,95 @@
+import { ExecutionRequest, Executor, MaybePromise, Maybe } from '@graphql-tools/utils';
+import { Plugin, YogaInitialContext, GraphQLParams } from 'graphql-yoga';
+import { TransportEntry } from '@graphql-mesh/transport-common';
+import { Logger, OnFetchHook, MeshFetch, MeshPubSub, KeyValueCache } from '@graphql-mesh/types';
+import { GraphQLSchema, ExecutionResult } from 'graphql';
+
+declare module 'graphql' {
+    interface GraphQLResolveInfo {
+        executionRequest?: ExecutionRequest;
+    }
+}
+interface UnifiedGraphPlugin<TContext> {
+    onSubgraphExecute?: OnSubgraphExecuteHook<TContext>;
+}
+type OnSubgraphExecuteHook<TContext = any> = (payload: OnSubgraphExecutePayload<TContext>) => MaybePromise<Maybe<OnSubgraphExecuteDoneHook | void>>;
+interface OnSubgraphExecutePayload<TContext> {
+    subgraph: GraphQLSchema;
+    subgraphName: string;
+    transportEntry?: TransportEntry;
+    executionRequest: ExecutionRequest<any, TContext>;
+    setExecutionRequest(executionRequest: ExecutionRequest): void;
+    executor: Executor;
+    setExecutor(executor: Executor): void;
+    requestId?: string;
+    logger?: Logger;
+}
+interface OnSubgraphExecuteDonePayload {
+    result: AsyncIterable<ExecutionResult> | ExecutionResult;
+    setResult(result: AsyncIterable<ExecutionResult> | ExecutionResult): void;
+}
+type OnSubgraphExecuteDoneHook = (payload: OnSubgraphExecuteDonePayload) => MaybePromise<Maybe<OnSubgraphExecuteDoneResult | void>>;
+type OnSubgraphExecuteDoneResultOnNext = (payload: OnSubgraphExecuteDoneOnNextPayload) => MaybePromise<void>;
+interface OnSubgraphExecuteDoneOnNextPayload {
+    result: ExecutionResult;
+    setResult(result: ExecutionResult): void;
+}
+type OnSubgraphExecuteDoneResultOnEnd = () => MaybePromise<void>;
+type OnSubgraphExecuteDoneResult = {
+    onNext?: OnSubgraphExecuteDoneResultOnNext;
+    onEnd?: OnSubgraphExecuteDoneResultOnEnd;
+};
+
+interface GatewayConfigContext {
+    /**
+     * WHATWG compatible Fetch implementation.
+     */
+    fetch: MeshFetch;
+    /**
+     * The logger to use throught Mesh and it's plugins.
+     */
+    logger: Logger;
+    /**
+     * Current working directory.
+     */
+    cwd: string;
+    /**
+     * Event bus for pub/sub.
+     */
+    pubsub?: MeshPubSub;
+    /**
+     * Cache Storage
+     */
+    cache?: KeyValueCache;
+}
+interface GatewayContext extends GatewayConfigContext, YogaInitialContext {
+    /**
+     * Environment agnostic HTTP headers provided with the request.
+     */
+    headers: Record<string, string>;
+    /**
+     * Runtime context available within WebSocket connections.
+     */
+    connectionParams: Record<string, string>;
+}
+type GatewayPlugin<TPluginContext extends Record<string, any> = Record<string, any>, TContext extends Record<string, any> = Record<string, any>> = Plugin<Partial<TPluginContext> & GatewayContext & TContext> & UnifiedGraphPlugin<Partial<TPluginContext> & GatewayContext & TContext> & {
+    onFetch?: OnFetchHook<Partial<TPluginContext> & GatewayContext & TContext>;
+} & Partial<Disposable | AsyncDisposable>;
+
+type HMACUpstreamSignatureOptions = {
+    secret: string;
+    shouldSign?: (input: Pick<OnSubgraphExecutePayload<{}>, 'subgraph' | 'subgraphName' | 'executionRequest'>) => boolean;
+    extensionName?: string;
+    serializeExecutionRequest?: (executionRequest: ExecutionRequest) => string;
+};
+declare const defaultExecutionRequestSerializer: (executionRequest: ExecutionRequest) => string;
+declare const defaultParamsSerializer: (params: GraphQLParams) => string;
+declare function useHmacUpstreamSignature(options: HMACUpstreamSignatureOptions): GatewayPlugin;
+type HMACUpstreamSignatureValidationOptions = {
+    secret: string;
+    extensionName?: string;
+    serializeParams?: (params: GraphQLParams) => string;
+};
+declare function useHmacSignatureValidation(options: HMACUpstreamSignatureValidationOptions): Plugin;
+
+export { type HMACUpstreamSignatureOptions, type HMACUpstreamSignatureValidationOptions, defaultExecutionRequestSerializer, defaultParamsSerializer, useHmacSignatureValidation, useHmacUpstreamSignature };

package/dist/index.d.ts

@@ -0,0 +1,95 @@
+import { ExecutionRequest, Executor, MaybePromise, Maybe } from '@graphql-tools/utils';
+import { Plugin, YogaInitialContext, GraphQLParams } from 'graphql-yoga';
+import { TransportEntry } from '@graphql-mesh/transport-common';
+import { Logger, OnFetchHook, MeshFetch, MeshPubSub, KeyValueCache } from '@graphql-mesh/types';
+import { GraphQLSchema, ExecutionResult } from 'graphql';
+
+declare module 'graphql' {
+    interface GraphQLResolveInfo {
+        executionRequest?: ExecutionRequest;
+    }
+}
+interface UnifiedGraphPlugin<TContext> {
+    onSubgraphExecute?: OnSubgraphExecuteHook<TContext>;
+}
+type OnSubgraphExecuteHook<TContext = any> = (payload: OnSubgraphExecutePayload<TContext>) => MaybePromise<Maybe<OnSubgraphExecuteDoneHook | void>>;
+interface OnSubgraphExecutePayload<TContext> {
+    subgraph: GraphQLSchema;
+    subgraphName: string;
+    transportEntry?: TransportEntry;
+    executionRequest: ExecutionRequest<any, TContext>;
+    setExecutionRequest(executionRequest: ExecutionRequest): void;
+    executor: Executor;
+    setExecutor(executor: Executor): void;
+    requestId?: string;
+    logger?: Logger;
+}
+interface OnSubgraphExecuteDonePayload {
+    result: AsyncIterable<ExecutionResult> | ExecutionResult;
+    setResult(result: AsyncIterable<ExecutionResult> | ExecutionResult): void;
+}
+type OnSubgraphExecuteDoneHook = (payload: OnSubgraphExecuteDonePayload) => MaybePromise<Maybe<OnSubgraphExecuteDoneResult | void>>;
+type OnSubgraphExecuteDoneResultOnNext = (payload: OnSubgraphExecuteDoneOnNextPayload) => MaybePromise<void>;
+interface OnSubgraphExecuteDoneOnNextPayload {
+    result: ExecutionResult;
+    setResult(result: ExecutionResult): void;
+}
+type OnSubgraphExecuteDoneResultOnEnd = () => MaybePromise<void>;
+type OnSubgraphExecuteDoneResult = {
+    onNext?: OnSubgraphExecuteDoneResultOnNext;
+    onEnd?: OnSubgraphExecuteDoneResultOnEnd;
+};
+
+interface GatewayConfigContext {
+    /**
+     * WHATWG compatible Fetch implementation.
+     */
+    fetch: MeshFetch;
+    /**
+     * The logger to use throught Mesh and it's plugins.
+     */
+    logger: Logger;
+    /**
+     * Current working directory.
+     */
+    cwd: string;
+    /**
+     * Event bus for pub/sub.
+     */
+    pubsub?: MeshPubSub;
+    /**
+     * Cache Storage
+     */
+    cache?: KeyValueCache;
+}
+interface GatewayContext extends GatewayConfigContext, YogaInitialContext {
+    /**
+     * Environment agnostic HTTP headers provided with the request.
+     */
+    headers: Record<string, string>;
+    /**
+     * Runtime context available within WebSocket connections.
+     */
+    connectionParams: Record<string, string>;
+}
+type GatewayPlugin<TPluginContext extends Record<string, any> = Record<string, any>, TContext extends Record<string, any> = Record<string, any>> = Plugin<Partial<TPluginContext> & GatewayContext & TContext> & UnifiedGraphPlugin<Partial<TPluginContext> & GatewayContext & TContext> & {
+    onFetch?: OnFetchHook<Partial<TPluginContext> & GatewayContext & TContext>;
+} & Partial<Disposable | AsyncDisposable>;
+
+type HMACUpstreamSignatureOptions = {
+    secret: string;
+    shouldSign?: (input: Pick<OnSubgraphExecutePayload<{}>, 'subgraph' | 'subgraphName' | 'executionRequest'>) => boolean;
+    extensionName?: string;
+    serializeExecutionRequest?: (executionRequest: ExecutionRequest) => string;
+};
+declare const defaultExecutionRequestSerializer: (executionRequest: ExecutionRequest) => string;
+declare const defaultParamsSerializer: (params: GraphQLParams) => string;
+declare function useHmacUpstreamSignature(options: HMACUpstreamSignatureOptions): GatewayPlugin;
+type HMACUpstreamSignatureValidationOptions = {
+    secret: string;
+    extensionName?: string;
+    serializeParams?: (params: GraphQLParams) => string;
+};
+declare function useHmacSignatureValidation(options: HMACUpstreamSignatureValidationOptions): Plugin;
+
+export { type HMACUpstreamSignatureOptions, type HMACUpstreamSignatureValidationOptions, defaultExecutionRequestSerializer, defaultParamsSerializer, useHmacSignatureValidation, useHmacUpstreamSignature };

package/dist/index.js

@@ -0,0 +1,152 @@
+import { defaultPrintFn } from '@graphql-mesh/transport-common';
+import { mapMaybePromise } from '@graphql-mesh/utils';
+import jsonStableStringify from 'json-stable-stringify';
+
+const DEFAULT_EXTENSION_NAME = "hmac-signature";
+const DEFAULT_SHOULD_SIGN_FN = () => true;
+const defaultExecutionRequestSerializer = (executionRequest) => jsonStableStringify({
+  query: defaultPrintFn(executionRequest.document),
+  variables: executionRequest.variables
+});
+const defaultParamsSerializer = (params) => jsonStableStringify({
+  query: params.query,
+  variables: params.variables
+});
+function createCryptoKey({
+  textEncoder,
+  crypto,
+  secret,
+  usages
+}) {
+  return crypto.subtle.importKey(
+    "raw",
+    textEncoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    usages
+  );
+}
+function useHmacUpstreamSignature(options) {
+  if (!options.secret) {
+    throw new Error(
+      'Property "secret" is required for useHmacUpstreamSignature plugin'
+    );
+  }
+  const shouldSign = options.shouldSign || DEFAULT_SHOULD_SIGN_FN;
+  const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
+  const serializeExecutionRequest = options.serializeExecutionRequest || defaultExecutionRequestSerializer;
+  let key$;
+  let fetchAPI;
+  let textEncoder;
+  return {
+    onYogaInit({ yoga }) {
+      fetchAPI = yoga.fetchAPI;
+    },
+    onSubgraphExecute({
+      subgraphName,
+      subgraph,
+      executionRequest,
+      setExecutionRequest,
+      logger
+    }) {
+      logger?.debug(`running shouldSign for subgraph ${subgraphName}`);
+      if (shouldSign({ subgraphName, subgraph, executionRequest })) {
+        logger?.debug(
+          `shouldSign is true for subgraph ${subgraphName}, signing request`
+        );
+        textEncoder ||= new fetchAPI.TextEncoder();
+        key$ ||= createCryptoKey({
+          textEncoder,
+          crypto: fetchAPI.crypto,
+          secret: options.secret,
+          usages: ["sign"]
+        });
+        return mapMaybePromise(key$, async (key) => {
+          key$ = key;
+          const serializedExecutionRequest = serializeExecutionRequest(executionRequest);
+          const encodedContent = textEncoder.encode(serializedExecutionRequest);
+          const signature = await fetchAPI.crypto.subtle.sign(
+            "HMAC",
+            key,
+            encodedContent
+          );
+          const extensionValue = btoa(
+            String.fromCharCode(...new Uint8Array(signature))
+          );
+          logger?.debug(
+            `produced hmac signature for subgraph ${subgraphName}, signature: ${signature}, signed payload: ${serializedExecutionRequest}`
+          );
+          setExecutionRequest({
+            ...executionRequest,
+            extensions: {
+              ...executionRequest.extensions,
+              [extensionName]: extensionValue
+            }
+          });
+        });
+      } else {
+        logger?.debug(
+          `shouldSign is false for subgraph ${subgraphName}, skipping hmac signature`
+        );
+      }
+    }
+  };
+}
+function useHmacSignatureValidation(options) {
+  if (!options.secret) {
+    throw new Error(
+      'Property "secret" is required for useHmacSignatureValidation plugin'
+    );
+  }
+  const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
+  let key$;
+  let textEncoder;
+  let logger;
+  const paramsSerializer = options.serializeParams || defaultParamsSerializer;
+  return {
+    onYogaInit({ yoga }) {
+      logger = yoga.logger;
+    },
+    onParams({ params, fetchAPI }) {
+      textEncoder ||= new fetchAPI.TextEncoder();
+      const extension = params.extensions?.[extensionName];
+      if (!extension) {
+        logger.warn(
+          `Missing HMAC signature: extension ${extensionName} not found in request.`
+        );
+        throw new Error(
+          `Missing HMAC signature: extension ${extensionName} not found in request.`
+        );
+      }
+      key$ ||= createCryptoKey({
+        textEncoder,
+        crypto: fetchAPI.crypto,
+        secret: options.secret,
+        usages: ["verify"]
+      });
+      return key$.then(async (key) => {
+        const sigBuf = Uint8Array.from(atob(extension), (c) => c.charCodeAt(0));
+        const serializedParams = paramsSerializer(params);
+        logger.debug(
+          `HMAC signature will be calculate based on serialized params: ${serializedParams}`
+        );
+        const result = await fetchAPI.crypto.subtle.verify(
+          "HMAC",
+          key,
+          sigBuf,
+          textEncoder.encode(serializedParams)
+        );
+        if (!result) {
+          logger.error(
+            `HMAC signature does not match the body content. short circuit request.`
+          );
+          throw new Error(
+            `Invalid HMAC signature: extension ${extensionName} does not match the body content.`
+          );
+        }
+      });
+    }
+  };
+}
+
+export { defaultExecutionRequestSerializer, defaultParamsSerializer, useHmacSignatureValidation, useHmacUpstreamSignature };

package/package.json

@@ -1,48 +1,62 @@
 {
   "name": "@graphql-mesh/hmac-upstream-signature",
-  "version": "1.2.7-alpha-20241114122631-5a3a4345bb55e05e6bd057ae38f412d5d33315fd",
-  "sideEffects": false,
-  "peerDependencies": {
-    "@graphql-mesh/types": "0.102.13-alpha-20241114122631-5a3a4345bb55e05e6bd057ae38f412d5d33315fd",
-    "@graphql-mesh/utils": "0.102.13-alpha-20241114122631-5a3a4345bb55e05e6bd057ae38f412d5d33315fd",
-    "graphql": "*",
-    "tslib": "^2.4.0"
-  },
-  "dependencies": {
-    "@graphql-mesh/transport-common": "^0.7.13",
-    "json-stable-stringify": "^1.1.1"
-  },
+  "version": "1.2.7-alpha-54b3273d0d9033d32f549a6b937921426c35b08b",
+  "type": "module",
   "repository": {
     "type": "git",
-    "url": "ardatan/graphql-mesh",
+    "url": "git+https://github.com/graphql-hive/gateway.git",
     "directory": "packages/plugins/hmac-upstream-signature"
   },
+  "author": {
+    "email": "contact@the-guild.dev",
+    "name": "The Guild",
+    "url": "https://the-guild.dev"
+  },
   "license": "MIT",
   "engines": {
-    "node": ">=16.0.0"
+    "node": ">=18.0.0"
   },
-  "main": "cjs/index.js",
-  "module": "esm/index.js",
-  "typings": "typings/index.d.ts",
-  "typescript": {
-    "definition": "typings/index.d.ts"
-  },
-  "type": "module",
+  "main": "./dist/index.js",
   "exports": {
     ".": {
       "require": {
-        "types": "./typings/index.d.cts",
-        "default": "./cjs/index.js"
+        "types": "./dist/index.d.cts",
+        "default": "./dist/index.cjs"
       },
       "import": {
-        "types": "./typings/index.d.ts",
-        "default": "./esm/index.js"
-      },
-      "default": {
-        "types": "./typings/index.d.ts",
-        "default": "./esm/index.js"
+        "types": "./dist/index.d.ts",
+        "default": "./dist/index.js"
       }
     },
     "./package.json": "./package.json"
-  }
+  },
+  "types": "./dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "pkgroll --clean-dist",
+    "prepack": "yarn build"
+  },
+  "peerDependencies": {
+    "graphql": "^15.9.0 || ^16.9.0"
+  },
+  "dependencies": {
+    "@graphql-mesh/cross-helpers": "^0.4.7",
+    "@graphql-mesh/store": "^0.102.12",
+    "@graphql-mesh/transport-common": "^0.7.14-alpha-54b3273d0d9033d32f549a6b937921426c35b08b",
+    "@graphql-mesh/types": "^0.102.12",
+    "@graphql-mesh/utils": "^0.102.12",
+    "@graphql-tools/utils": "^10.5.5",
+    "json-stable-stringify": "^1.1.1",
+    "tslib": "^2.4.0"
+  },
+  "devDependencies": {
+    "@graphql-hive/gateway": "1.5.0-alpha-54b3273d0d9033d32f549a6b937921426c35b08b",
+    "@types/json-stable-stringify": "^1.1.0",
+    "graphql": "^16.9.0",
+    "graphql-yoga": "^5.7.0",
+    "pkgroll": "2.5.1"
+  },
+  "sideEffects": false
 }

package/cjs/index.js

@@ -1,110 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.defaultParamsSerializer = exports.defaultExecutionRequestSerializer = void 0;
-exports.useHmacUpstreamSignature = useHmacUpstreamSignature;
-exports.useHmacSignatureValidation = useHmacSignatureValidation;
-const tslib_1 = require("tslib");
-const json_stable_stringify_1 = tslib_1.__importDefault(require("json-stable-stringify"));
-const transport_common_1 = require("@graphql-mesh/transport-common");
-const utils_1 = require("@graphql-mesh/utils");
-const DEFAULT_EXTENSION_NAME = 'hmac-signature';
-const DEFAULT_SHOULD_SIGN_FN = () => true;
-const defaultExecutionRequestSerializer = (executionRequest) => (0, json_stable_stringify_1.default)({
-    query: (0, transport_common_1.defaultPrintFn)(executionRequest.document),
-    variables: executionRequest.variables,
-});
-exports.defaultExecutionRequestSerializer = defaultExecutionRequestSerializer;
-const defaultParamsSerializer = (params) => (0, json_stable_stringify_1.default)({
-    query: params.query,
-    variables: params.variables,
-});
-exports.defaultParamsSerializer = defaultParamsSerializer;
-function createCryptoKey({ textEncoder, crypto, secret, usages, }) {
-    return crypto.subtle.importKey('raw', textEncoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, usages);
-}
-function useHmacUpstreamSignature(options) {
-    if (!options.secret) {
-        throw new Error('Property "secret" is required for useHmacUpstreamSignature plugin');
-    }
-    const shouldSign = options.shouldSign || DEFAULT_SHOULD_SIGN_FN;
-    const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
-    const serializeExecutionRequest = options.serializeExecutionRequest || exports.defaultExecutionRequestSerializer;
-    let key$;
-    let fetchAPI;
-    let textEncoder;
-    return {
-        onYogaInit({ yoga }) {
-            fetchAPI = yoga.fetchAPI;
-        },
-        onSubgraphExecute({ subgraphName, subgraph, executionRequest, setExecutionRequest, logger }) {
-            logger.debug(`running shouldSign for subgraph ${subgraphName}`);
-            if (shouldSign({ subgraphName, subgraph, executionRequest })) {
-                logger.debug(`shouldSign is true for subgraph ${subgraphName}, signing request`);
-                textEncoder ||= new fetchAPI.TextEncoder();
-                key$ ||= createCryptoKey({
-                    textEncoder,
-                    crypto: fetchAPI.crypto,
-                    secret: options.secret,
-                    usages: ['sign'],
-                });
-                return (0, utils_1.mapMaybePromise)(key$, async (key) => {
-                    key$ = key;
-                    const serializedExecutionRequest = serializeExecutionRequest(executionRequest);
-                    const encodedContent = textEncoder.encode(serializedExecutionRequest);
-                    const signature = await fetchAPI.crypto.subtle.sign('HMAC', key, encodedContent);
-                    const extensionValue = btoa(String.fromCharCode(...new Uint8Array(signature)));
-                    logger.debug(`produced hmac signature for subgraph ${subgraphName}, signature: ${signature}, signed payload: ${serializedExecutionRequest}`);
-                    setExecutionRequest({
-                        ...executionRequest,
-                        extensions: {
-                            ...executionRequest.extensions,
-                            [extensionName]: extensionValue,
-                        },
-                    });
-                });
-            }
-            else {
-                logger.debug(`shouldSign is false for subgraph ${subgraphName}, skipping hmac signature`);
-            }
-        },
-    };
-}
-function useHmacSignatureValidation(options) {
-    if (!options.secret) {
-        throw new Error('Property "secret" is required for useHmacSignatureValidation plugin');
-    }
-    const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
-    let key$;
-    let textEncoder;
-    let logger;
-    const paramsSerializer = options.serializeParams || exports.defaultParamsSerializer;
-    return {
-        onYogaInit({ yoga }) {
-            logger = yoga.logger;
-        },
-        onParams({ params, fetchAPI }) {
-            textEncoder ||= new fetchAPI.TextEncoder();
-            const extension = params.extensions?.[extensionName];
-            if (!extension) {
-                logger.warn(`Missing HMAC signature: extension ${extensionName} not found in request.`);
-                throw new Error(`Missing HMAC signature: extension ${extensionName} not found in request.`);
-            }
-            key$ ||= createCryptoKey({
-                textEncoder,
-                crypto: fetchAPI.crypto,
-                secret: options.secret,
-                usages: ['verify'],
-            });
-            return key$.then(async (key) => {
-                const sigBuf = Uint8Array.from(atob(extension), c => c.charCodeAt(0));
-                const serializedParams = paramsSerializer(params);
-                logger.debug(`HMAC signature will be calculate based on serialized params: ${serializedParams}`);
-                const result = await fetchAPI.crypto.subtle.verify('HMAC', key, sigBuf, textEncoder.encode(serializedParams));
-                if (!result) {
-                    logger.error(`HMAC signature does not match the body content. short circuit request.`);
-                    throw new Error(`Invalid HMAC signature: extension ${extensionName} does not match the body content.`);
-                }
-            });
-        },
-    };
-}

package/cjs/package.json

@@ -1 +0,0 @@
-{"type":"commonjs"}

package/esm/index.js

@@ -1,102 +0,0 @@
-import jsonStableStringify from 'json-stable-stringify';
-import { defaultPrintFn } from '@graphql-mesh/transport-common';
-import { mapMaybePromise } from '@graphql-mesh/utils';
-const DEFAULT_EXTENSION_NAME = 'hmac-signature';
-const DEFAULT_SHOULD_SIGN_FN = () => true;
-export const defaultExecutionRequestSerializer = (executionRequest) => jsonStableStringify({
-    query: defaultPrintFn(executionRequest.document),
-    variables: executionRequest.variables,
-});
-export const defaultParamsSerializer = (params) => jsonStableStringify({
-    query: params.query,
-    variables: params.variables,
-});
-function createCryptoKey({ textEncoder, crypto, secret, usages, }) {
-    return crypto.subtle.importKey('raw', textEncoder.encode(secret), { name: 'HMAC', hash: 'SHA-256' }, false, usages);
-}
-export function useHmacUpstreamSignature(options) {
-    if (!options.secret) {
-        throw new Error('Property "secret" is required for useHmacUpstreamSignature plugin');
-    }
-    const shouldSign = options.shouldSign || DEFAULT_SHOULD_SIGN_FN;
-    const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
-    const serializeExecutionRequest = options.serializeExecutionRequest || defaultExecutionRequestSerializer;
-    let key$;
-    let fetchAPI;
-    let textEncoder;
-    return {
-        onYogaInit({ yoga }) {
-            fetchAPI = yoga.fetchAPI;
-        },
-        onSubgraphExecute({ subgraphName, subgraph, executionRequest, setExecutionRequest, logger }) {
-            logger.debug(`running shouldSign for subgraph ${subgraphName}`);
-            if (shouldSign({ subgraphName, subgraph, executionRequest })) {
-                logger.debug(`shouldSign is true for subgraph ${subgraphName}, signing request`);
-                textEncoder ||= new fetchAPI.TextEncoder();
-                key$ ||= createCryptoKey({
-                    textEncoder,
-                    crypto: fetchAPI.crypto,
-                    secret: options.secret,
-                    usages: ['sign'],
-                });
-                return mapMaybePromise(key$, async (key) => {
-                    key$ = key;
-                    const serializedExecutionRequest = serializeExecutionRequest(executionRequest);
-                    const encodedContent = textEncoder.encode(serializedExecutionRequest);
-                    const signature = await fetchAPI.crypto.subtle.sign('HMAC', key, encodedContent);
-                    const extensionValue = btoa(String.fromCharCode(...new Uint8Array(signature)));
-                    logger.debug(`produced hmac signature for subgraph ${subgraphName}, signature: ${signature}, signed payload: ${serializedExecutionRequest}`);
-                    setExecutionRequest({
-                        ...executionRequest,
-                        extensions: {
-                            ...executionRequest.extensions,
-                            [extensionName]: extensionValue,
-                        },
-                    });
-                });
-            }
-            else {
-                logger.debug(`shouldSign is false for subgraph ${subgraphName}, skipping hmac signature`);
-            }
-        },
-    };
-}
-export function useHmacSignatureValidation(options) {
-    if (!options.secret) {
-        throw new Error('Property "secret" is required for useHmacSignatureValidation plugin');
-    }
-    const extensionName = options.extensionName || DEFAULT_EXTENSION_NAME;
-    let key$;
-    let textEncoder;
-    let logger;
-    const paramsSerializer = options.serializeParams || defaultParamsSerializer;
-    return {
-        onYogaInit({ yoga }) {
-            logger = yoga.logger;
-        },
-        onParams({ params, fetchAPI }) {
-            textEncoder ||= new fetchAPI.TextEncoder();
-            const extension = params.extensions?.[extensionName];
-            if (!extension) {
-                logger.warn(`Missing HMAC signature: extension ${extensionName} not found in request.`);
-                throw new Error(`Missing HMAC signature: extension ${extensionName} not found in request.`);
-            }
-            key$ ||= createCryptoKey({
-                textEncoder,
-                crypto: fetchAPI.crypto,
-                secret: options.secret,
-                usages: ['verify'],
-            });
-            return key$.then(async (key) => {
-                const sigBuf = Uint8Array.from(atob(extension), c => c.charCodeAt(0));
-                const serializedParams = paramsSerializer(params);
-                logger.debug(`HMAC signature will be calculate based on serialized params: ${serializedParams}`);
-                const result = await fetchAPI.crypto.subtle.verify('HMAC', key, sigBuf, textEncoder.encode(serializedParams));
-                if (!result) {
-                    logger.error(`HMAC signature does not match the body content. short circuit request.`);
-                    throw new Error(`Invalid HMAC signature: extension ${extensionName} does not match the body content.`);
-                }
-            });
-        },
-    };
-}

package/typings/index.d.cts

@@ -1,19 +0,0 @@
-import type { GraphQLParams, Plugin as YogaPlugin } from 'graphql-yoga';
-import type { GatewayPlugin } from '@graphql-hive/gateway';
-import type { OnSubgraphExecutePayload } from '@graphql-mesh/fusion-runtime';
-import type { ExecutionRequest } from '@graphql-tools/utils';
-export type HMACUpstreamSignatureOptions = {
-    secret: string;
-    shouldSign?: (input: Pick<OnSubgraphExecutePayload<{}>, 'subgraph' | 'subgraphName' | 'executionRequest'>) => boolean;
-    extensionName?: string;
-    serializeExecutionRequest?: (executionRequest: ExecutionRequest) => string;
-};
-export declare const defaultExecutionRequestSerializer: (executionRequest: ExecutionRequest) => any;
-export declare const defaultParamsSerializer: (params: GraphQLParams) => any;
-export declare function useHmacUpstreamSignature(options: HMACUpstreamSignatureOptions): GatewayPlugin;
-export type HMACUpstreamSignatureValidationOptions = {
-    secret: string;
-    extensionName?: string;
-    serializeParams?: (params: GraphQLParams) => string;
-};
-export declare function useHmacSignatureValidation(options: HMACUpstreamSignatureValidationOptions): YogaPlugin;

package/typings/index.d.ts

@@ -1,19 +0,0 @@
-import type { GraphQLParams, Plugin as YogaPlugin } from 'graphql-yoga';
-import type { GatewayPlugin } from '@graphql-hive/gateway';
-import type { OnSubgraphExecutePayload } from '@graphql-mesh/fusion-runtime';
-import type { ExecutionRequest } from '@graphql-tools/utils';
-export type HMACUpstreamSignatureOptions = {
-    secret: string;
-    shouldSign?: (input: Pick<OnSubgraphExecutePayload<{}>, 'subgraph' | 'subgraphName' | 'executionRequest'>) => boolean;
-    extensionName?: string;
-    serializeExecutionRequest?: (executionRequest: ExecutionRequest) => string;
-};
-export declare const defaultExecutionRequestSerializer: (executionRequest: ExecutionRequest) => any;
-export declare const defaultParamsSerializer: (params: GraphQLParams) => any;
-export declare function useHmacUpstreamSignature(options: HMACUpstreamSignatureOptions): GatewayPlugin;
-export type HMACUpstreamSignatureValidationOptions = {
-    secret: string;
-    extensionName?: string;
-    serializeParams?: (params: GraphQLParams) => string;
-};
-export declare function useHmacSignatureValidation(options: HMACUpstreamSignatureValidationOptions): YogaPlugin;