npm - @hookflo/tern - Versions diffs - 1.0.5 → 1.0.6 - Mend

@hookflo/tern 1.0.5 → 1.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/platforms/algorithms.js +1 -0
package/dist/test.js +8 -3
package/dist/verifiers/algorithms.js +1 -2
package/package.json +1 -1

package/dist/platforms/algorithms.js CHANGED Viewed

@@ -62,6 +62,7 @@ exports.platformAlgorithmConfigs = {
             customConfig: {
                 signatureFormat: "v1={signature}",
                 payloadFormat: "{id}.{timestamp}.{body}",
+                encoding: "base64",
                 idHeader: "webhook-id",
             },
         },

package/dist/test.js CHANGED Viewed

@@ -118,18 +118,23 @@ async function runTests() {
     try {
         const webhookId = 'test-webhook-id-123';
         const timestamp = Math.floor(Date.now() / 1000);
+        // Create a proper secret format for Standard Webhooks (whsec_ + base64 encoded secret)
+        const base64Secret = Buffer.from(testSecret).toString('base64');
+        const dodoSecret = `whsec_${base64Secret}`;
         // Create svix-style signature: {webhook-id}.{webhook-timestamp}.{payload}
         const signedContent = `${webhookId}.${timestamp}.${testBody}`;
-        const hmac = (0, crypto_1.createHmac)('sha256', testSecret);
+        // Use the base64-decoded secret for HMAC (like the Standard Webhooks library)
+        const secretBytes = new Uint8Array(Buffer.from(base64Secret, 'base64'));
+        const hmac = (0, crypto_1.createHmac)('sha256', secretBytes);
         hmac.update(signedContent);
-        const signature = hmac.digest('hex');
+        const signature = `v1,${hmac.digest('base64')}`;
         const dodoRequest = createMockRequest({
             'webhook-signature': signature,
             'webhook-id': webhookId,
             'webhook-timestamp': timestamp.toString(),
             'content-type': 'application/json',
         });
-        const dodoResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(dodoRequest, 'dodopayments', testSecret);
+        const dodoResult = await index_1.WebhookVerificationService.verifyWithPlatformConfig(dodoRequest, 'dodopayments', dodoSecret);
         console.log('   ✅ Dodo Payments:', dodoResult.isValid ? 'PASSED' : 'FAILED');
         if (!dodoResult.isValid) {
             console.log('   ❌ Error:', dodoResult.error);

package/dist/verifiers/algorithms.js CHANGED Viewed

@@ -31,8 +31,7 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
                 return sigMap.v1 || sigMap.signature || null;
             case "raw":
             default:
-                // For Clerk, handle space-separated signatures
-                if (this.platform === "clerk") {
+                if (this.platform === "clerk" || this.platform === "dodopayments") {
                     const signatures = headerValue.split(" ");
                     for (const sig of signatures) {
                         const [version, signature] = sig.split(",");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hookflo/tern",
-  "version": "1.0.5",
+  "version": "1.0.6",
   "description": "A robust, scalable webhook verification framework supporting multiple platforms and signature algorithms",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",