@hookflo/tern 1.0.1 → 1.0.2

package/dist/examples.js

@@ -1,160 +1,302 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.exampleBasicUsage = exampleBasicUsage;
-exports.exampleTokenBased = exampleTokenBased;
+exports.examplePlatformSpecific = examplePlatformSpecific;
 exports.exampleCustomSignature = exampleCustomSignature;
-exports.examplePlatformDetection = examplePlatformDetection;
+exports.exampleSimplifiedPlatform = exampleSimplifiedPlatform;
+exports.exampleTokenBased = exampleTokenBased;
 exports.exampleErrorHandling = exampleErrorHandling;
-exports.exampleBatchVerification = exampleBatchVerification;
-exports.exampleExpressIntegration = exampleExpressIntegration;
-exports.exampleNextJsApiRoute = exampleNextJsApiRoute;
-exports.exampleCustomPlatform = exampleCustomPlatform;
-exports.exampleHelperMethods = exampleHelperMethods;
+exports.examplePlatformInfo = examplePlatformInfo;
+exports.exampleRealWorldUsage = exampleRealWorldUsage;
+exports.runAllExamples = runAllExamples;
 const index_1 = require("./index");
-// Example 1: Basic usage with platform config
-async function exampleBasicUsage(request) {
-    const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'github', 'your-github-secret', 300);
-    return result;
-}
-// Example 2: Token-based authentication (Supabase style)
-async function exampleTokenBased(request) {
-    const result = await index_1.WebhookVerificationService.verifyTokenBased(request, 'your-webhook-id', 'your-webhook-token');
-    return result;
+// Example 1: Using platform-specific configurations (Recommended)
+async function examplePlatformSpecific() {
+    console.log('🔧 Example 1: Platform-Specific Configurations\n');
+    // Stripe webhook verification
+    const stripeConfig = {
+        platform: 'stripe',
+        secret: 'whsec_your_stripe_webhook_secret',
+        toleranceInSeconds: 300,
+    };
+    // GitHub webhook verification
+    const githubConfig = {
+        platform: 'github',
+        secret: 'your_github_webhook_secret',
+        toleranceInSeconds: 300,
+    };
+    // Clerk webhook verification
+    const clerkConfig = {
+        platform: 'clerk',
+        secret: 'whsec_your_clerk_webhook_secret',
+        toleranceInSeconds: 300,
+    };
+    // Usage with Request object
+    const request = new Request('https://your-app.com/webhook', {
+        method: 'POST',
+        headers: {
+            'stripe-signature': 't=1234567890,v1=abc123...',
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ event: 'payment_intent.succeeded' }),
+    });
+    try {
+        const result = await index_1.WebhookVerificationService.verify(request, stripeConfig);
+        if (result.isValid) {
+            console.log('✅ Webhook verified successfully!');
+            console.log('Platform:', result.platform);
+            console.log('Payload:', result.payload);
+            console.log('Metadata:', result.metadata);
+        }
+        else {
+            console.log('❌ Webhook verification failed:', result.error);
+        }
+    }
+    catch (error) {
+        console.error('Error verifying webhook:', error);
+    }
 }
-// Example 3: Custom signature configuration
-async function exampleCustomSignature(request) {
-    const signatureConfig = {
-        algorithm: 'hmac-sha256',
-        headerName: 'x-custom-signature',
-        headerFormat: 'prefixed',
-        prefix: 'sha256=',
-        payloadFormat: 'raw',
+// Example 2: Using custom signature configurations
+async function exampleCustomSignature() {
+    console.log('\n🔧 Example 2: Custom Signature Configurations\n');
+    // Custom HMAC-SHA256 configuration
+    const customConfig = {
+        platform: 'custom',
+        secret: 'your_custom_secret',
+        signatureConfig: {
+            algorithm: 'hmac-sha256',
+            headerName: 'x-custom-signature',
+            headerFormat: 'prefixed',
+            prefix: 'sha256=',
+            payloadFormat: 'raw',
+        },
     };
-    const config = {
+    // Custom timestamped configuration
+    const timestampedConfig = {
         platform: 'custom',
-        secret: 'your-custom-secret',
-        signatureConfig,
+        secret: 'your_custom_secret',
+        signatureConfig: {
+            algorithm: 'hmac-sha256',
+            headerName: 'x-webhook-signature',
+            headerFormat: 'raw',
+            timestampHeader: 'x-webhook-timestamp',
+            timestampFormat: 'unix',
+            payloadFormat: 'timestamped',
+        },
     };
-    const result = await index_1.WebhookVerificationService.verify(request, config);
-    return result;
+    console.log('Custom configurations created for different signature formats');
 }
-// Example 4: Platform detection
-async function examplePlatformDetection(request) {
-    const { detectPlatformFromHeaders } = require('./utils');
-    const platform = detectPlatformFromHeaders(request.headers);
-    if (platform) {
-        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, platform, 'your-secret', 300);
-        return result;
-    }
-    throw new Error('Unknown platform');
-}
-// Example 5: Error handling
-async function exampleErrorHandling(request) {
+// Example 3: Using the simplified platform config method
+async function exampleSimplifiedPlatform() {
+    console.log('\n🔧 Example 3: Simplified Platform Configuration\n');
+    const request = new Request('https://your-app.com/webhook', {
+        method: 'POST',
+        headers: {
+            'x-hub-signature-256': 'sha256=abc123...',
+            'x-github-event': 'push',
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ ref: 'refs/heads/main' }),
+    });
     try {
-        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'github', 'your-secret', 300);
-        if (!result.isValid) {
-            console.error('Verification failed:', result.error);
-            return { success: false, error: result.error };
+        // Simple one-liner for platform-specific verification
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, 'github', 'your_github_webhook_secret');
+        if (result.isValid) {
+            console.log('✅ GitHub webhook verified!');
+            console.log('Event:', result.metadata?.event);
+            console.log('Payload:', result.payload);
+        }
+        else {
+            console.log('❌ GitHub webhook verification failed:', result.error);
         }
-        return { success: true, payload: result.payload };
     }
     catch (error) {
-        console.error('Verification error:', error);
-        return { success: false, error: error.message };
+        console.error('Error:', error);
     }
 }
-// Example 6: Batch verification
-async function exampleBatchVerification(request) {
-    const platforms = ['github', 'stripe', 'clerk'];
-    const results = [];
-    for (const platform of platforms) {
-        try {
-            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(request, platform, 'your-secret', 300);
-            results.push({ platform, success: true, result });
+// Example 4: Token-based authentication (Supabase style)
+async function exampleTokenBased() {
+    console.log('\n🔧 Example 4: Token-Based Authentication\n');
+    const request = new Request('https://your-app.com/webhook', {
+        method: 'POST',
+        headers: {
+            'x-webhook-id': 'webhook_123',
+            'x-webhook-token': 'token_456',
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ event: 'database.insert' }),
+    });
+    try {
+        const result = await index_1.WebhookVerificationService.verifyTokenBased(request, 'webhook_123', 'token_456');
+        if (result.isValid) {
+            console.log('✅ Token-based webhook verified!');
+            console.log('Webhook ID:', result.metadata?.id);
+            console.log('Payload:', result.payload);
         }
-        catch (error) {
-            results.push({ platform, success: false, error: error.message });
+        else {
+            console.log('❌ Token-based webhook verification failed:', result.error);
         }
     }
-    return results;
+    catch (error) {
+        console.error('Error:', error);
+    }
 }
-// Example 7: Express.js integration
-function exampleExpressIntegration() {
-    const express = require('express');
-    const app = express();
-    app.post('/webhook', async (req, res) => {
-        try {
-            const fetchRequest = new Request('http://localhost/webhook', {
-                method: req.method,
-                headers: req.headers, // headers need to be a plain object
-                body: JSON.stringify(req.body),
-            });
-            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(fetchRequest, 'github', process.env.GITHUB_WEBHOOK_SECRET || '', 300);
-            if (result.isValid) {
-                console.log('Webhook received:', result.payload);
-                res.status(200).json({ success: true });
-            }
-            else {
-                res.status(401).json({ error: result.error });
-            }
+// Example 5: Error handling and validation
+async function exampleErrorHandling() {
+    console.log('\n🔧 Example 5: Error Handling and Validation\n');
+    // Test with invalid signature
+    const invalidRequest = new Request('https://your-app.com/webhook', {
+        method: 'POST',
+        headers: {
+            'stripe-signature': 't=1234567890,v1=invalid_signature',
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ event: 'test' }),
+    });
+    try {
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(invalidRequest, 'stripe', 'whsec_your_stripe_webhook_secret');
+        if (!result.isValid) {
+            console.log('❌ Expected failure:', result.error);
+            console.log('Platform:', result.platform);
         }
-        catch (error) {
-            res.status(500).json({ error: 'Internal server error' });
+        else {
+            console.log('⚠️ Unexpected success - this should have failed');
         }
+    }
+    catch (error) {
+        console.error('Error during verification:', error);
+    }
+    // Test with missing headers
+    const missingHeadersRequest = new Request('https://your-app.com/webhook', {
+        method: 'POST',
+        headers: {
+            'content-type': 'application/json',
+        },
+        body: JSON.stringify({ event: 'test' }),
     });
-    return app;
-}
-// Example 8: Next.js API route
-function exampleNextJsApiRoute() {
-    return async function handler(req, res) {
-        if (req.method !== 'POST') {
-            return res.status(405).json({ error: 'Method not allowed' });
-        }
-        try {
-            const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(req, 'stripe', process.env.STRIPE_WEBHOOK_SECRET || '', 300);
-            if (result.isValid) {
-                console.log('Stripe webhook:', result.payload);
-                res.status(200).json({ received: true });
-            }
-            else {
-                res.status(401).json({ error: result.error });
-            }
+    try {
+        const result = await index_1.WebhookVerificationService.verifyWithPlatformConfig(missingHeadersRequest, 'stripe', 'whsec_your_stripe_webhook_secret');
+        if (!result.isValid) {
+            console.log('❌ Missing headers detected:', result.error);
         }
-        catch (error) {
-            res.status(500).json({ error: 'Internal server error' });
+        else {
+            console.log('⚠️ Unexpected success - should have detected missing headers');
         }
-    };
-}
-// Example 9: Custom platform integration
-async function exampleCustomPlatform(request) {
-    const customConfig = {
-        platform: 'custom',
-        secret: 'your-custom-secret',
-        signatureConfig: {
-            algorithm: 'hmac-sha256',
-            headerName: 'x-custom-signature',
-            headerFormat: 'raw',
-            payloadFormat: 'raw',
-        },
-    };
-    const result = await index_1.WebhookVerificationService.verify(request, customConfig);
-    return result;
+    }
+    catch (error) {
+        console.error('Error during verification:', error);
+    }
 }
-// Example 10: Helper methods usage
-function exampleHelperMethods() {
-    const { WebhookVerificationService } = require('./index');
+// Example 6: Platform algorithm information
+function examplePlatformInfo() {
+    console.log('\n🔧 Example 6: Platform Algorithm Information\n');
     // Get all platforms using HMAC-SHA256
-    const hmacPlatforms = WebhookVerificationService.getPlatformsUsingAlgorithm('hmac-sha256');
-    console.log('Platforms using HMAC-SHA256:', hmacPlatforms);
+    const hmacSha256Platforms = index_1.WebhookVerificationService.getPlatformsUsingAlgorithm('hmac-sha256');
+    console.log('Platforms using HMAC-SHA256:', hmacSha256Platforms);
     // Check if a platform uses a specific algorithm
-    const githubUsesHmac = WebhookVerificationService.platformUsesAlgorithm('github', 'hmac-sha256');
-    console.log('GitHub uses HMAC-SHA256:', githubUsesHmac);
-    // Validate a signature config
-    const config = {
+    const stripeUsesHmac = index_1.WebhookVerificationService.platformUsesAlgorithm('stripe', 'hmac-sha256');
+    console.log('Stripe uses HMAC-SHA256:', stripeUsesHmac);
+    const clerkUsesCustom = index_1.WebhookVerificationService.platformUsesAlgorithm('clerk', 'custom');
+    console.log('Clerk uses custom algorithm:', clerkUsesCustom);
+    // Validate signature config
+    const validConfig = {
         algorithm: 'hmac-sha256',
-        headerName: 'x-signature',
+        headerName: 'x-webhook-signature',
+        headerFormat: 'raw',
         payloadFormat: 'raw',
     };
-    const isValid = WebhookVerificationService.validateSignatureConfig(config);
-    console.log('Config is valid:', isValid);
+    const isValid = index_1.WebhookVerificationService.validateSignatureConfig(validConfig);
+    console.log('Signature config is valid:', isValid);
+}
+// Example 7: Real-world usage patterns
+async function exampleRealWorldUsage() {
+    console.log('\n🔧 Example 7: Real-World Usage Patterns\n');
+    // Pattern 1: Express.js middleware
+    console.log('Pattern 1: Express.js Middleware');
+    console.log(`
+app.post('/webhooks/stripe', async (req, res) => {
+  const result = await WebhookVerificationService.verifyWithPlatformConfig(
+    req,
+    'stripe',
+    process.env.STRIPE_WEBHOOK_SECRET
+  );
+
+  if (!result.isValid) {
+    return res.status(400).json({ error: result.error });
+  }
+
+  // Process the webhook
+  console.log('Stripe event:', result.payload.type);
+  res.json({ received: true });
+});
+  `);
+    // Pattern 2: Next.js API route
+    console.log('\nPattern 2: Next.js API Route');
+    console.log(`
+// pages/api/webhooks/github.js
+export default async function handler(req, res) {
+  if (req.method !== 'POST') {
+    return res.status(405).json({ error: 'Method not allowed' });
+  }
+
+  const result = await WebhookVerificationService.verifyWithPlatformConfig(
+    req,
+    'github',
+    process.env.GITHUB_WEBHOOK_SECRET
+  );
+
+  if (!result.isValid) {
+    return res.status(400).json({ error: result.error });
+  }
+
+  // Handle GitHub webhook
+  const event = req.headers['x-github-event'];
+  console.log('GitHub event:', event);
+  
+  res.json({ received: true });
+}
+  `);
+    // Pattern 3: Cloudflare Workers
+    console.log('\nPattern 3: Cloudflare Workers');
+    console.log(`
+addEventListener('fetch', event => {
+  event.respondWith(handleRequest(event.request));
+});
+
+async function handleRequest(request) {
+  if (request.url.includes('/webhooks/clerk')) {
+    const result = await WebhookVerificationService.verifyWithPlatformConfig(
+      request,
+      'clerk',
+      CLERK_WEBHOOK_SECRET
+    );
+
+    if (!result.isValid) {
+      return new Response(JSON.stringify({ error: result.error }), {
+        status: 400,
+        headers: { 'Content-Type': 'application/json' }
+      });
+    }
+
+    // Process Clerk webhook
+    console.log('Clerk event:', result.payload.type);
+    return new Response(JSON.stringify({ received: true }));
+  }
+}
+  `);
+}
+// Run all examples
+async function runAllExamples() {
+    console.log('🚀 Running Webhook Verification Examples\n');
+    await examplePlatformSpecific();
+    await exampleCustomSignature();
+    await exampleSimplifiedPlatform();
+    await exampleTokenBased();
+    await exampleErrorHandling();
+    examplePlatformInfo();
+    await exampleRealWorldUsage();
+    console.log('\n✅ All examples completed!');
+}
+// Run examples if this file is executed directly
+if (require.main === module) {
+    runAllExamples().catch(console.error);
 }

package/dist/index.js

@@ -21,7 +21,12 @@ const algorithms_2 = require("./platforms/algorithms");
 class WebhookVerificationService {
     static async verify(request, config) {
         const verifier = this.getVerifier(config);
-        return await verifier.verify(request);
+        const result = await verifier.verify(request);
+        // Ensure the platform is set correctly in the result
+        if (result.isValid) {
+            result.platform = config.platform;
+        }
+        return result;
     }
     static getVerifier(config) {
         const platform = config.platform.toLowerCase();
@@ -37,12 +42,12 @@ class WebhookVerificationService {
         if (!signatureConfig) {
             throw new Error('Signature config is required for algorithm-based verification');
         }
-        // Use custom verifiers for special cases
+        // Use custom verifiers for special cases (token-based, etc.)
         if (signatureConfig.algorithm === 'custom') {
             return (0, custom_algorithms_1.createCustomVerifier)(secret, signatureConfig, toleranceInSeconds);
         }
         // Use algorithm-based verifiers for standard algorithms
-        return (0, algorithms_1.createAlgorithmVerifier)(secret, signatureConfig, toleranceInSeconds);
+        return (0, algorithms_1.createAlgorithmVerifier)(secret, signatureConfig, config.platform, toleranceInSeconds);
     }
     static getLegacyVerifier(config) {
         const platform = config.platform.toLowerCase();

package/dist/platforms/algorithms.js

@@ -39,17 +39,17 @@ exports.platformAlgorithmConfigs = {
     clerk: {
         platform: "clerk",
         signatureConfig: {
-            algorithm: "custom",
+            algorithm: "hmac-sha256",
             headerName: "svix-signature",
             headerFormat: "raw",
             timestampHeader: "svix-timestamp",
             timestampFormat: "unix",
             payloadFormat: "custom",
             customConfig: {
-                type: "clerk-custom",
                 signatureFormat: "v1={signature}",
                 payloadFormat: "{id}.{timestamp}.{body}",
                 encoding: "base64",
+                idHeader: "svix-id",
             },
         },
         description: "Clerk webhooks use HMAC-SHA256 with base64 encoding",

package/dist/test-compiled.js

@@ -1,4 +1,4 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 const test_1 = require("./test");
-(0, test_1.runAllTests)().catch(console.error);
+(0, test_1.runTests)();

package/dist/test.d.ts

@@ -1,6 +1,2 @@
-declare function testGitHubWebhook(): Promise<import("./types").WebhookVerificationResult>;
-declare function testTokenBasedWebhook(): Promise<import("./types").WebhookVerificationResult>;
-declare function testPlatformDetection(): void;
-declare function testCustomSignature(): Promise<import("./types").WebhookVerificationResult>;
-export declare function runAllTests(): Promise<void>;
-export { testGitHubWebhook, testTokenBasedWebhook, testPlatformDetection, testCustomSignature, };
+declare function runTests(): Promise<void>;
+export { runTests };