@hookflo/tern 1.0.5 → 2.0.0

package/dist/verifiers/algorithms.js

@@ -15,28 +15,27 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         if (!headerValue)
             return null;
         switch (this.config.headerFormat) {
-            case "prefixed":
+            case 'prefixed':
                 // For GitHub, return the full signature including prefix for comparison
                 return headerValue;
-            case "comma-separated":
+            case 'comma-separated':
                 // Handle comma-separated format like Stripe: "t=1234567890,v1=abc123"
-                const parts = headerValue.split(",");
+                const parts = headerValue.split(',');
                 const sigMap = {};
                 for (const part of parts) {
-                    const [key, value] = part.split("=");
+                    const [key, value] = part.split('=');
                     if (key && value) {
                         sigMap[key] = value;
                     }
                 }
                 return sigMap.v1 || sigMap.signature || null;
-            case "raw":
+            case 'raw':
             default:
-                // For Clerk, handle space-separated signatures
-                if (this.platform === "clerk") {
-                    const signatures = headerValue.split(" ");
+                if (this.platform === 'clerk' || this.platform === 'dodopayments') {
+                    const signatures = headerValue.split(' ');
                     for (const sig of signatures) {
-                        const [version, signature] = sig.split(",");
-                        if (version === "v1") {
+                        const [version, signature] = sig.split(',');
+                        if (version === 'v1') {
                             return signature;
                         }
                     }
@@ -52,11 +51,11 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         if (!timestampHeader)
             return null;
         switch (this.config.timestampFormat) {
-            case "unix":
+            case 'unix':
                 return parseInt(timestampHeader, 10);
-            case "iso":
+            case 'iso':
                 return Math.floor(new Date(timestampHeader).getTime() / 1000);
-            case "custom":
+            case 'custom':
                 // Custom timestamp parsing logic can be added here
                 return parseInt(timestampHeader, 10);
             default:
@@ -65,14 +64,14 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
     }
     extractTimestampFromSignature(request) {
         // For platforms like Stripe where timestamp is embedded in signature
-        if (this.config.headerFormat === "comma-separated") {
+        if (this.config.headerFormat === 'comma-separated') {
             const headerValue = request.headers.get(this.config.headerName);
             if (!headerValue)
                 return null;
-            const parts = headerValue.split(",");
+            const parts = headerValue.split(',');
             const sigMap = {};
             for (const part of parts) {
-                const [key, value] = part.split("=");
+                const [key, value] = part.split('=');
                 if (key && value) {
                     sigMap[key] = value;
                 }
@@ -83,14 +82,14 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
     }
     formatPayload(rawBody, request) {
         switch (this.config.payloadFormat) {
-            case "timestamped":
+            case 'timestamped':
                 // For Stripe, timestamp is embedded in signature
-                const timestamp = this.extractTimestampFromSignature(request) ||
-                    this.extractTimestamp(request);
+                const timestamp = this.extractTimestampFromSignature(request)
+                    || this.extractTimestamp(request);
                 return timestamp ? `${timestamp}.${rawBody}` : rawBody;
-            case "custom":
+            case 'custom':
                 return this.formatCustomPayload(rawBody, request);
-            case "raw":
+            case 'raw':
             default:
                 return rawBody;
         }
@@ -101,42 +100,42 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         }
         const customFormat = this.config.customConfig.payloadFormat;
         // Handle Clerk-style format: {id}.{timestamp}.{body}
-        if (customFormat.includes("{id}") && customFormat.includes("{timestamp}")) {
-            const id = request.headers.get(this.config.customConfig.idHeader || "x-webhook-id");
-            const timestamp = request.headers.get(this.config.timestampHeader || "x-webhook-timestamp");
+        if (customFormat.includes('{id}') && customFormat.includes('{timestamp}')) {
+            const id = request.headers.get(this.config.customConfig.idHeader || 'x-webhook-id');
+            const timestamp = request.headers.get(this.config.timestampHeader || 'x-webhook-timestamp');
             return customFormat
-                .replace("{id}", id || "")
-                .replace("{timestamp}", timestamp || "")
-                .replace("{body}", rawBody);
+                .replace('{id}', id || '')
+                .replace('{timestamp}', timestamp || '')
+                .replace('{body}', rawBody);
         }
         // Handle Stripe-style format: {timestamp}.{body}
-        if (customFormat.includes("{timestamp}") &&
-            customFormat.includes("{body}")) {
+        if (customFormat.includes('{timestamp}')
+            && customFormat.includes('{body}')) {
             const timestamp = this.extractTimestamp(request);
             return customFormat
-                .replace("{timestamp}", timestamp?.toString() || "")
-                .replace("{body}", rawBody);
+                .replace('{timestamp}', timestamp?.toString() || '')
+                .replace('{body}', rawBody);
         }
         return rawBody;
     }
-    verifyHMAC(payload, signature, algorithm = "sha256") {
+    verifyHMAC(payload, signature, algorithm = 'sha256') {
         const hmac = (0, crypto_1.createHmac)(algorithm, this.secret);
         hmac.update(payload);
-        const expectedSignature = hmac.digest("hex");
+        const expectedSignature = hmac.digest('hex');
         return this.safeCompare(signature, expectedSignature);
     }
-    verifyHMACWithPrefix(payload, signature, algorithm = "sha256") {
+    verifyHMACWithPrefix(payload, signature, algorithm = 'sha256') {
         const hmac = (0, crypto_1.createHmac)(algorithm, this.secret);
         hmac.update(payload);
-        const expectedSignature = `${this.config.prefix || ""}${hmac.digest("hex")}`;
+        const expectedSignature = `${this.config.prefix || ''}${hmac.digest('hex')}`;
         return this.safeCompare(signature, expectedSignature);
     }
-    verifyHMACWithBase64(payload, signature, algorithm = "sha256") {
+    verifyHMACWithBase64(payload, signature, algorithm = 'sha256') {
         // For platforms like Clerk that use base64 encoding
-        const secretBytes = new Uint8Array(Buffer.from(this.secret.split("_")[1], "base64"));
+        const secretBytes = new Uint8Array(Buffer.from(this.secret.split('_')[1], 'base64'));
         const hmac = (0, crypto_1.createHmac)(algorithm, secretBytes);
         hmac.update(payload);
-        const expectedSignature = hmac.digest("base64");
+        const expectedSignature = hmac.digest('base64');
         return this.safeCompare(signature, expectedSignature);
     }
     extractMetadata(request) {
@@ -150,18 +149,18 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
         }
         // Add platform-specific metadata
         switch (this.platform) {
-            case "github":
-                metadata.event = request.headers.get("x-github-event");
-                metadata.delivery = request.headers.get("x-github-delivery");
+            case 'github':
+                metadata.event = request.headers.get('x-github-event');
+                metadata.delivery = request.headers.get('x-github-delivery');
                 break;
-            case "stripe":
+            case 'stripe':
                 // Extract Stripe-specific metadata from signature
                 const headerValue = request.headers.get(this.config.headerName);
-                if (headerValue && this.config.headerFormat === "comma-separated") {
-                    const parts = headerValue.split(",");
+                if (headerValue && this.config.headerFormat === 'comma-separated') {
+                    const parts = headerValue.split(',');
                     const sigMap = {};
                     for (const part of parts) {
-                        const [key, value] = part.split("=");
+                        const [key, value] = part.split('=');
                         if (key && value) {
                             sigMap[key] = value;
                         }
@@ -169,8 +168,8 @@ class AlgorithmBasedVerifier extends base_1.WebhookVerifier {
                     metadata.id = sigMap.id;
                 }
                 break;
-            case "clerk":
-                metadata.id = request.headers.get("svix-id");
+            case 'clerk':
+                metadata.id = request.headers.get('svix-id');
                 break;
         }
         return metadata;
@@ -192,7 +191,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             const rawBody = await request.text();
             // Extract timestamp based on platform configuration
             let timestamp = null;
-            if (this.config.headerFormat === "comma-separated") {
+            if (this.config.headerFormat === 'comma-separated') {
                 // For platforms like Stripe where timestamp is embedded in signature
                 timestamp = this.extractTimestampFromSignature(request);
             }
@@ -204,7 +203,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             if (timestamp && !this.isTimestampValid(timestamp)) {
                 return {
                     isValid: false,
-                    error: "Webhook timestamp expired",
+                    error: 'Webhook timestamp expired',
                     platform: this.platform,
                 };
             }
@@ -212,12 +211,12 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             const payload = this.formatPayload(rawBody, request);
             // Verify signature based on platform configuration
             let isValid = false;
-            const algorithm = this.config.algorithm.replace("hmac-", "");
-            if (this.config.customConfig?.encoding === "base64") {
+            const algorithm = this.config.algorithm.replace('hmac-', '');
+            if (this.config.customConfig?.encoding === 'base64') {
                 // For platforms like Clerk that use base64 encoding
                 isValid = this.verifyHMACWithBase64(payload, signature, algorithm);
             }
-            else if (this.config.headerFormat === "prefixed") {
+            else if (this.config.headerFormat === 'prefixed') {
                 // For platforms like GitHub that use prefixed signatures
                 isValid = this.verifyHMACWithPrefix(payload, signature, algorithm);
             }
@@ -228,7 +227,7 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
             if (!isValid) {
                 return {
                     isValid: false,
-                    error: "Invalid signature",
+                    error: 'Invalid signature',
                     platform: this.platform,
                 };
             }
@@ -261,33 +260,33 @@ class GenericHMACVerifier extends AlgorithmBasedVerifier {
 exports.GenericHMACVerifier = GenericHMACVerifier;
 // Legacy verifiers for backward compatibility
 class HMACSHA256Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA256Verifier = HMACSHA256Verifier;
 class HMACSHA1Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA1Verifier = HMACSHA1Verifier;
 class HMACSHA512Verifier extends GenericHMACVerifier {
-    constructor(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+    constructor(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
         super(secret, config, platform, toleranceInSeconds);
     }
 }
 exports.HMACSHA512Verifier = HMACSHA512Verifier;
 // Factory function to create verifiers based on algorithm
-function createAlgorithmVerifier(secret, config, platform = "unknown", toleranceInSeconds = 300) {
+function createAlgorithmVerifier(secret, config, platform = 'unknown', toleranceInSeconds = 300) {
     switch (config.algorithm) {
-        case "hmac-sha256":
-        case "hmac-sha1":
-        case "hmac-sha512":
+        case 'hmac-sha256':
+        case 'hmac-sha1':
+        case 'hmac-sha512':
             return new GenericHMACVerifier(secret, config, platform, toleranceInSeconds);
-        case "rsa-sha256":
-        case "ed25519":
-        case "custom":
+        case 'rsa-sha256':
+        case 'ed25519':
+        case 'custom':
             // These can be implemented as needed
             throw new Error(`Algorithm ${config.algorithm} not yet implemented`);
         default:

package/dist/verifiers/base.d.ts

@@ -1,4 +1,4 @@
-import { WebhookVerificationResult } from "../types";
+import { WebhookVerificationResult } from '../types';
 export declare abstract class WebhookVerifier {
     protected secret: string;
     protected toleranceInSeconds: number;

package/dist/verifiers/custom-algorithms.d.ts

@@ -1,5 +1,5 @@
-import { WebhookVerifier } from "./base";
-import { WebhookVerificationResult, SignatureConfig } from "../types";
+import { WebhookVerifier } from './base';
+import { WebhookVerificationResult, SignatureConfig } from '../types';
 export declare class TokenBasedVerifier extends WebhookVerifier {
     private config;
     constructor(secret: string, config: SignatureConfig, toleranceInSeconds?: number);

package/dist/verifiers/custom-algorithms.js

@@ -12,12 +12,12 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
     async verify(request) {
         try {
             const token = request.headers.get(this.config.headerName);
-            const id = request.headers.get(this.config.customConfig?.idHeader || "x-webhook-id");
+            const id = request.headers.get(this.config.customConfig?.idHeader || 'x-webhook-id');
             if (!token) {
                 return {
                     isValid: false,
                     error: `Missing token header: ${this.config.headerName}`,
-                    platform: "custom",
+                    platform: 'custom',
                 };
             }
             // Simple token comparison
@@ -25,8 +25,8 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             if (!isValid) {
                 return {
                     isValid: false,
-                    error: "Invalid token",
-                    platform: "custom",
+                    error: 'Invalid token',
+                    platform: 'custom',
                 };
             }
             const rawBody = await request.text();
@@ -39,11 +39,11 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             }
             return {
                 isValid: true,
-                platform: "custom",
+                platform: 'custom',
                 payload,
                 metadata: {
                     id,
-                    algorithm: "token-based",
+                    algorithm: 'token-based',
                 },
             };
         }
@@ -51,7 +51,7 @@ class TokenBasedVerifier extends base_1.WebhookVerifier {
             return {
                 isValid: false,
                 error: `Token-based verification error: ${error.message}`,
-                platform: "custom",
+                platform: 'custom',
             };
         }
     }
@@ -61,7 +61,7 @@ exports.TokenBasedVerifier = TokenBasedVerifier;
 function createCustomVerifier(secret, config, toleranceInSeconds = 300) {
     const customType = config.customConfig?.type;
     switch (customType) {
-        case "token-based":
+        case 'token-based':
             return new TokenBasedVerifier(secret, config, toleranceInSeconds);
         default:
             // Fallback to token-based for unknown custom types

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@hookflo/tern",
-  "version": "1.0.5",
+  "version": "2.0.0",
   "description": "A robust, scalable webhook verification framework supporting multiple platforms and signature algorithms",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",