@hookflo/tern 2.2.3 → 2.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/platforms/algorithms.d.ts +1 -1
- package/dist/platforms/algorithms.js +173 -173
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { PlatformAlgorithmConfig, WebhookPlatform, SignatureConfig } from
|
|
1
|
+
import { PlatformAlgorithmConfig, WebhookPlatform, SignatureConfig } from "../types";
|
|
2
2
|
export declare const platformAlgorithmConfigs: Record<WebhookPlatform, PlatformAlgorithmConfig>;
|
|
3
3
|
export declare function getPlatformAlgorithmConfig(platform: WebhookPlatform): PlatformAlgorithmConfig;
|
|
4
4
|
export declare function platformUsesAlgorithm(platform: WebhookPlatform, algorithm: string): boolean;
|
|
@@ -7,275 +7,275 @@ exports.getPlatformsUsingAlgorithm = getPlatformsUsingAlgorithm;
|
|
|
7
7
|
exports.validateSignatureConfig = validateSignatureConfig;
|
|
8
8
|
exports.platformAlgorithmConfigs = {
|
|
9
9
|
github: {
|
|
10
|
-
platform:
|
|
10
|
+
platform: "github",
|
|
11
11
|
signatureConfig: {
|
|
12
|
-
algorithm:
|
|
13
|
-
headerName:
|
|
14
|
-
headerFormat:
|
|
15
|
-
prefix:
|
|
12
|
+
algorithm: "hmac-sha256",
|
|
13
|
+
headerName: "x-hub-signature-256",
|
|
14
|
+
headerFormat: "prefixed",
|
|
15
|
+
prefix: "sha256=",
|
|
16
16
|
timestampHeader: undefined,
|
|
17
|
-
payloadFormat:
|
|
17
|
+
payloadFormat: "raw",
|
|
18
18
|
},
|
|
19
|
-
description:
|
|
19
|
+
description: "GitHub webhooks use HMAC-SHA256 with sha256= prefix",
|
|
20
20
|
},
|
|
21
21
|
stripe: {
|
|
22
|
-
platform:
|
|
22
|
+
platform: "stripe",
|
|
23
23
|
signatureConfig: {
|
|
24
|
-
algorithm:
|
|
25
|
-
headerName:
|
|
26
|
-
headerFormat:
|
|
24
|
+
algorithm: "hmac-sha256",
|
|
25
|
+
headerName: "stripe-signature",
|
|
26
|
+
headerFormat: "comma-separated",
|
|
27
27
|
timestampHeader: undefined,
|
|
28
|
-
payloadFormat:
|
|
28
|
+
payloadFormat: "timestamped",
|
|
29
29
|
customConfig: {
|
|
30
|
-
signatureFormat:
|
|
30
|
+
signatureFormat: "t={timestamp},v1={signature}",
|
|
31
31
|
},
|
|
32
32
|
},
|
|
33
|
-
description:
|
|
33
|
+
description: "Stripe webhooks use HMAC-SHA256 with comma-separated format",
|
|
34
34
|
},
|
|
35
35
|
clerk: {
|
|
36
|
-
platform:
|
|
36
|
+
platform: "clerk",
|
|
37
37
|
signatureConfig: {
|
|
38
|
-
algorithm:
|
|
39
|
-
headerName:
|
|
40
|
-
headerFormat:
|
|
41
|
-
timestampHeader:
|
|
42
|
-
timestampFormat:
|
|
43
|
-
payloadFormat:
|
|
38
|
+
algorithm: "hmac-sha256",
|
|
39
|
+
headerName: "svix-signature",
|
|
40
|
+
headerFormat: "raw",
|
|
41
|
+
timestampHeader: "svix-timestamp",
|
|
42
|
+
timestampFormat: "unix",
|
|
43
|
+
payloadFormat: "custom",
|
|
44
44
|
customConfig: {
|
|
45
|
-
signatureFormat:
|
|
46
|
-
payloadFormat:
|
|
47
|
-
encoding:
|
|
48
|
-
secretEncoding:
|
|
49
|
-
idHeader:
|
|
45
|
+
signatureFormat: "v1={signature}",
|
|
46
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
47
|
+
encoding: "base64",
|
|
48
|
+
secretEncoding: "base64",
|
|
49
|
+
idHeader: "svix-id",
|
|
50
50
|
},
|
|
51
51
|
},
|
|
52
|
-
description:
|
|
52
|
+
description: "Clerk webhooks use HMAC-SHA256 with base64 encoding",
|
|
53
53
|
},
|
|
54
54
|
dodopayments: {
|
|
55
|
-
platform:
|
|
55
|
+
platform: "dodopayments",
|
|
56
56
|
signatureConfig: {
|
|
57
|
-
algorithm:
|
|
58
|
-
headerName:
|
|
59
|
-
headerFormat:
|
|
60
|
-
timestampHeader:
|
|
61
|
-
timestampFormat:
|
|
62
|
-
payloadFormat:
|
|
57
|
+
algorithm: "hmac-sha256",
|
|
58
|
+
headerName: "webhook-signature",
|
|
59
|
+
headerFormat: "raw",
|
|
60
|
+
timestampHeader: "webhook-timestamp",
|
|
61
|
+
timestampFormat: "unix",
|
|
62
|
+
payloadFormat: "custom",
|
|
63
63
|
customConfig: {
|
|
64
|
-
signatureFormat:
|
|
65
|
-
payloadFormat:
|
|
66
|
-
encoding:
|
|
67
|
-
secretEncoding:
|
|
68
|
-
idHeader:
|
|
64
|
+
signatureFormat: "v1={signature}",
|
|
65
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
66
|
+
encoding: "base64",
|
|
67
|
+
secretEncoding: "base64",
|
|
68
|
+
idHeader: "webhook-id",
|
|
69
69
|
},
|
|
70
70
|
},
|
|
71
|
-
description:
|
|
71
|
+
description: "Dodo Payments webhooks use HMAC-SHA256 with svix-style format (Standard Webhooks)",
|
|
72
72
|
},
|
|
73
73
|
shopify: {
|
|
74
|
-
platform:
|
|
74
|
+
platform: "shopify",
|
|
75
75
|
signatureConfig: {
|
|
76
|
-
algorithm:
|
|
77
|
-
headerName:
|
|
78
|
-
headerFormat:
|
|
79
|
-
payloadFormat:
|
|
76
|
+
algorithm: "hmac-sha256",
|
|
77
|
+
headerName: "x-shopify-hmac-sha256",
|
|
78
|
+
headerFormat: "raw",
|
|
79
|
+
payloadFormat: "raw",
|
|
80
80
|
customConfig: {
|
|
81
|
-
encoding:
|
|
82
|
-
secretEncoding:
|
|
81
|
+
encoding: "base64",
|
|
82
|
+
secretEncoding: "utf8",
|
|
83
83
|
},
|
|
84
84
|
},
|
|
85
|
-
description:
|
|
85
|
+
description: "Shopify webhooks use HMAC-SHA256 with base64 encoded signature",
|
|
86
86
|
},
|
|
87
87
|
vercel: {
|
|
88
|
-
platform:
|
|
88
|
+
platform: "vercel",
|
|
89
89
|
signatureConfig: {
|
|
90
|
-
algorithm:
|
|
91
|
-
headerName:
|
|
92
|
-
headerFormat:
|
|
93
|
-
timestampHeader:
|
|
94
|
-
timestampFormat:
|
|
95
|
-
payloadFormat:
|
|
90
|
+
algorithm: "hmac-sha256",
|
|
91
|
+
headerName: "x-vercel-signature",
|
|
92
|
+
headerFormat: "raw",
|
|
93
|
+
timestampHeader: "x-vercel-timestamp",
|
|
94
|
+
timestampFormat: "unix",
|
|
95
|
+
payloadFormat: "raw",
|
|
96
96
|
},
|
|
97
|
-
description:
|
|
97
|
+
description: "Vercel webhooks use HMAC-SHA256",
|
|
98
98
|
},
|
|
99
99
|
polar: {
|
|
100
|
-
platform:
|
|
100
|
+
platform: "polar",
|
|
101
101
|
signatureConfig: {
|
|
102
|
-
algorithm:
|
|
103
|
-
headerName:
|
|
104
|
-
headerFormat:
|
|
105
|
-
timestampHeader:
|
|
106
|
-
timestampFormat:
|
|
107
|
-
payloadFormat:
|
|
102
|
+
algorithm: "hmac-sha256",
|
|
103
|
+
headerName: "webhook-signature",
|
|
104
|
+
headerFormat: "raw",
|
|
105
|
+
timestampHeader: "webhook-timestamp",
|
|
106
|
+
timestampFormat: "unix",
|
|
107
|
+
payloadFormat: "custom",
|
|
108
108
|
customConfig: {
|
|
109
|
-
signatureFormat:
|
|
110
|
-
payloadFormat:
|
|
111
|
-
encoding:
|
|
112
|
-
secretEncoding:
|
|
113
|
-
idHeader:
|
|
109
|
+
signatureFormat: "v1={signature}",
|
|
110
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
111
|
+
encoding: "base64",
|
|
112
|
+
secretEncoding: "utf8",
|
|
113
|
+
idHeader: "webhook-id",
|
|
114
114
|
},
|
|
115
115
|
},
|
|
116
|
-
description:
|
|
116
|
+
description: "Polar webhooks use HMAC-SHA256 with Standard Webhooks format",
|
|
117
117
|
},
|
|
118
118
|
supabase: {
|
|
119
|
-
platform:
|
|
119
|
+
platform: "supabase",
|
|
120
120
|
signatureConfig: {
|
|
121
|
-
algorithm:
|
|
122
|
-
headerName:
|
|
123
|
-
headerFormat:
|
|
124
|
-
payloadFormat:
|
|
121
|
+
algorithm: "custom",
|
|
122
|
+
headerName: "x-webhook-token",
|
|
123
|
+
headerFormat: "raw",
|
|
124
|
+
payloadFormat: "raw",
|
|
125
125
|
customConfig: {
|
|
126
|
-
type:
|
|
127
|
-
idHeader:
|
|
126
|
+
type: "token-based",
|
|
127
|
+
idHeader: "x-webhook-id",
|
|
128
128
|
},
|
|
129
129
|
},
|
|
130
|
-
description:
|
|
130
|
+
description: "Supabase webhooks use token-based authentication",
|
|
131
131
|
},
|
|
132
132
|
gitlab: {
|
|
133
|
-
platform:
|
|
133
|
+
platform: "gitlab",
|
|
134
134
|
signatureConfig: {
|
|
135
|
-
algorithm:
|
|
136
|
-
headerName:
|
|
137
|
-
headerFormat:
|
|
138
|
-
payloadFormat:
|
|
135
|
+
algorithm: "custom",
|
|
136
|
+
headerName: "X-Gitlab-Token",
|
|
137
|
+
headerFormat: "raw",
|
|
138
|
+
payloadFormat: "raw",
|
|
139
139
|
customConfig: {
|
|
140
|
-
type:
|
|
141
|
-
idHeader:
|
|
140
|
+
type: "token-based",
|
|
141
|
+
idHeader: "X-Gitlab-Token",
|
|
142
142
|
},
|
|
143
143
|
},
|
|
144
|
-
description:
|
|
144
|
+
description: "GitLab webhooks use HMAC-SHA256 with X-Gitlab-Token header",
|
|
145
145
|
},
|
|
146
146
|
paddle: {
|
|
147
|
-
platform:
|
|
147
|
+
platform: "paddle",
|
|
148
148
|
signatureConfig: {
|
|
149
|
-
algorithm:
|
|
150
|
-
headerName:
|
|
151
|
-
headerFormat:
|
|
152
|
-
payloadFormat:
|
|
149
|
+
algorithm: "hmac-sha256",
|
|
150
|
+
headerName: "paddle-signature",
|
|
151
|
+
headerFormat: "comma-separated",
|
|
152
|
+
payloadFormat: "custom",
|
|
153
153
|
customConfig: {
|
|
154
|
-
timestampKey:
|
|
155
|
-
signatureKey:
|
|
156
|
-
payloadFormat:
|
|
154
|
+
timestampKey: "ts",
|
|
155
|
+
signatureKey: "h1",
|
|
156
|
+
payloadFormat: "{timestamp}:{body}",
|
|
157
157
|
},
|
|
158
158
|
},
|
|
159
|
-
description:
|
|
159
|
+
description: "Paddle webhooks use HMAC-SHA256 with Paddle-Signature (ts/h1) header format",
|
|
160
160
|
},
|
|
161
161
|
razorpay: {
|
|
162
|
-
platform:
|
|
162
|
+
platform: "razorpay",
|
|
163
163
|
signatureConfig: {
|
|
164
|
-
algorithm:
|
|
165
|
-
headerName:
|
|
166
|
-
headerFormat:
|
|
167
|
-
payloadFormat:
|
|
164
|
+
algorithm: "hmac-sha256",
|
|
165
|
+
headerName: "x-razorpay-signature",
|
|
166
|
+
headerFormat: "raw",
|
|
167
|
+
payloadFormat: "raw",
|
|
168
168
|
},
|
|
169
|
-
description:
|
|
169
|
+
description: "Razorpay webhooks use HMAC-SHA256 with X-Razorpay-Signature header",
|
|
170
170
|
},
|
|
171
171
|
lemonsqueezy: {
|
|
172
|
-
platform:
|
|
172
|
+
platform: "lemonsqueezy",
|
|
173
173
|
signatureConfig: {
|
|
174
|
-
algorithm:
|
|
175
|
-
headerName:
|
|
176
|
-
headerFormat:
|
|
177
|
-
payloadFormat:
|
|
174
|
+
algorithm: "hmac-sha256",
|
|
175
|
+
headerName: "x-signature",
|
|
176
|
+
headerFormat: "raw",
|
|
177
|
+
payloadFormat: "raw",
|
|
178
178
|
},
|
|
179
|
-
description:
|
|
179
|
+
description: "Lemon Squeezy webhooks use HMAC-SHA256 with X-Signature header",
|
|
180
180
|
},
|
|
181
181
|
auth0: {
|
|
182
|
-
platform:
|
|
182
|
+
platform: "auth0",
|
|
183
183
|
signatureConfig: {
|
|
184
|
-
algorithm:
|
|
185
|
-
headerName:
|
|
186
|
-
headerFormat:
|
|
187
|
-
payloadFormat:
|
|
184
|
+
algorithm: "hmac-sha256",
|
|
185
|
+
headerName: "x-auth0-signature",
|
|
186
|
+
headerFormat: "raw",
|
|
187
|
+
payloadFormat: "raw",
|
|
188
188
|
},
|
|
189
|
-
description:
|
|
189
|
+
description: "Auth0 webhooks use HMAC-SHA256 with X-Auth0-Signature header",
|
|
190
190
|
},
|
|
191
191
|
workos: {
|
|
192
|
-
platform:
|
|
192
|
+
platform: "workos",
|
|
193
193
|
signatureConfig: {
|
|
194
|
-
algorithm:
|
|
195
|
-
headerName:
|
|
196
|
-
headerFormat:
|
|
197
|
-
payloadFormat:
|
|
194
|
+
algorithm: "hmac-sha256",
|
|
195
|
+
headerName: "workos-signature",
|
|
196
|
+
headerFormat: "comma-separated",
|
|
197
|
+
payloadFormat: "custom",
|
|
198
198
|
customConfig: {
|
|
199
|
-
timestampKey:
|
|
200
|
-
signatureKey:
|
|
201
|
-
payloadFormat:
|
|
199
|
+
timestampKey: "t",
|
|
200
|
+
signatureKey: "v1",
|
|
201
|
+
payloadFormat: "{timestamp}.{body}",
|
|
202
202
|
},
|
|
203
203
|
},
|
|
204
|
-
description:
|
|
204
|
+
description: "WorkOS webhooks use HMAC-SHA256 with WorkOS-Signature (t/v1) format",
|
|
205
205
|
},
|
|
206
206
|
woocommerce: {
|
|
207
|
-
platform:
|
|
207
|
+
platform: "woocommerce",
|
|
208
208
|
signatureConfig: {
|
|
209
|
-
algorithm:
|
|
210
|
-
headerName:
|
|
211
|
-
headerFormat:
|
|
212
|
-
payloadFormat:
|
|
209
|
+
algorithm: "hmac-sha256",
|
|
210
|
+
headerName: "x-wc-webhook-signature",
|
|
211
|
+
headerFormat: "raw",
|
|
212
|
+
payloadFormat: "raw",
|
|
213
213
|
customConfig: {
|
|
214
|
-
encoding:
|
|
215
|
-
secretEncoding:
|
|
214
|
+
encoding: "base64",
|
|
215
|
+
secretEncoding: "utf8",
|
|
216
216
|
},
|
|
217
217
|
},
|
|
218
|
-
description:
|
|
218
|
+
description: "WooCommerce webhooks use HMAC-SHA256 with base64 encoded signature",
|
|
219
219
|
},
|
|
220
220
|
replicateai: {
|
|
221
|
-
platform:
|
|
221
|
+
platform: "replicateai",
|
|
222
222
|
signatureConfig: {
|
|
223
|
-
algorithm:
|
|
224
|
-
headerName:
|
|
225
|
-
headerFormat:
|
|
226
|
-
timestampHeader:
|
|
227
|
-
timestampFormat:
|
|
228
|
-
payloadFormat:
|
|
223
|
+
algorithm: "hmac-sha256",
|
|
224
|
+
headerName: "webhook-signature",
|
|
225
|
+
headerFormat: "raw",
|
|
226
|
+
timestampHeader: "webhook-timestamp",
|
|
227
|
+
timestampFormat: "unix",
|
|
228
|
+
payloadFormat: "custom",
|
|
229
229
|
customConfig: {
|
|
230
|
-
signatureFormat:
|
|
231
|
-
payloadFormat:
|
|
232
|
-
encoding:
|
|
233
|
-
secretEncoding:
|
|
234
|
-
idHeader:
|
|
230
|
+
signatureFormat: "v1={signature}",
|
|
231
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
232
|
+
encoding: "base64",
|
|
233
|
+
secretEncoding: "base64",
|
|
234
|
+
idHeader: "webhook-id",
|
|
235
235
|
},
|
|
236
236
|
},
|
|
237
|
-
description:
|
|
237
|
+
description: "Replicate webhooks use HMAC-SHA256 with Standard Webhooks (svix-style) format",
|
|
238
238
|
},
|
|
239
239
|
falai: {
|
|
240
|
-
platform:
|
|
240
|
+
platform: "falai",
|
|
241
241
|
signatureConfig: {
|
|
242
|
-
algorithm:
|
|
243
|
-
headerName:
|
|
244
|
-
headerFormat:
|
|
245
|
-
payloadFormat:
|
|
242
|
+
algorithm: "ed25519",
|
|
243
|
+
headerName: "x-fal-webhook-signature",
|
|
244
|
+
headerFormat: "raw",
|
|
245
|
+
payloadFormat: "custom",
|
|
246
246
|
customConfig: {
|
|
247
|
-
requestIdHeader:
|
|
248
|
-
userIdHeader:
|
|
249
|
-
timestampHeader:
|
|
250
|
-
kidHeader:
|
|
251
|
-
jwksUrl:
|
|
247
|
+
requestIdHeader: "x-fal-request-id",
|
|
248
|
+
userIdHeader: "x-fal-user-id",
|
|
249
|
+
timestampHeader: "x-fal-webhook-timestamp",
|
|
250
|
+
kidHeader: "x-fal-webhook-key-id",
|
|
251
|
+
jwksUrl: "https://rest.alpha.fal.ai/.well-known/jwks.json",
|
|
252
252
|
},
|
|
253
253
|
},
|
|
254
|
-
description:
|
|
254
|
+
description: "fal.ai webhooks use ED25519 with a signed request/user/timestamp/body-hash payload",
|
|
255
255
|
},
|
|
256
256
|
custom: {
|
|
257
|
-
platform:
|
|
257
|
+
platform: "custom",
|
|
258
258
|
signatureConfig: {
|
|
259
|
-
algorithm:
|
|
260
|
-
headerName:
|
|
261
|
-
headerFormat:
|
|
262
|
-
payloadFormat:
|
|
259
|
+
algorithm: "hmac-sha256",
|
|
260
|
+
headerName: "x-webhook-token",
|
|
261
|
+
headerFormat: "raw",
|
|
262
|
+
payloadFormat: "raw",
|
|
263
263
|
customConfig: {
|
|
264
|
-
type:
|
|
265
|
-
idHeader:
|
|
264
|
+
type: "token-based",
|
|
265
|
+
idHeader: "x-webhook-id",
|
|
266
266
|
},
|
|
267
267
|
},
|
|
268
|
-
description:
|
|
268
|
+
description: "Custom webhook configuration",
|
|
269
269
|
},
|
|
270
270
|
unknown: {
|
|
271
|
-
platform:
|
|
271
|
+
platform: "unknown",
|
|
272
272
|
signatureConfig: {
|
|
273
|
-
algorithm:
|
|
274
|
-
headerName:
|
|
275
|
-
headerFormat:
|
|
276
|
-
payloadFormat:
|
|
273
|
+
algorithm: "hmac-sha256",
|
|
274
|
+
headerName: "x-webhook-signature",
|
|
275
|
+
headerFormat: "raw",
|
|
276
|
+
payloadFormat: "raw",
|
|
277
277
|
},
|
|
278
|
-
description:
|
|
278
|
+
description: "Unknown platform - using default HMAC-SHA256",
|
|
279
279
|
},
|
|
280
280
|
};
|
|
281
281
|
function getPlatformAlgorithmConfig(platform) {
|
|
@@ -295,15 +295,15 @@ function validateSignatureConfig(config) {
|
|
|
295
295
|
return false;
|
|
296
296
|
}
|
|
297
297
|
switch (config.algorithm) {
|
|
298
|
-
case
|
|
299
|
-
case
|
|
300
|
-
case
|
|
298
|
+
case "hmac-sha256":
|
|
299
|
+
case "hmac-sha1":
|
|
300
|
+
case "hmac-sha512":
|
|
301
301
|
return true;
|
|
302
|
-
case
|
|
302
|
+
case "rsa-sha256":
|
|
303
303
|
return !!config.customConfig?.publicKey;
|
|
304
|
-
case
|
|
304
|
+
case "ed25519":
|
|
305
305
|
return !!config.customConfig?.publicKey || !!config.customConfig?.jwksUrl;
|
|
306
|
-
case
|
|
306
|
+
case "custom":
|
|
307
307
|
return !!config.customConfig;
|
|
308
308
|
default:
|
|
309
309
|
return false;
|
package/package.json
CHANGED