@hookflo/tern 2.2.4 → 2.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/platforms/algorithms.d.ts +1 -1
- package/dist/platforms/algorithms.js +173 -172
- package/package.json +1 -1
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { PlatformAlgorithmConfig, WebhookPlatform, SignatureConfig } from
|
|
1
|
+
import { PlatformAlgorithmConfig, WebhookPlatform, SignatureConfig } from "../types";
|
|
2
2
|
export declare const platformAlgorithmConfigs: Record<WebhookPlatform, PlatformAlgorithmConfig>;
|
|
3
3
|
export declare function getPlatformAlgorithmConfig(platform: WebhookPlatform): PlatformAlgorithmConfig;
|
|
4
4
|
export declare function platformUsesAlgorithm(platform: WebhookPlatform, algorithm: string): boolean;
|
|
@@ -7,274 +7,275 @@ exports.getPlatformsUsingAlgorithm = getPlatformsUsingAlgorithm;
|
|
|
7
7
|
exports.validateSignatureConfig = validateSignatureConfig;
|
|
8
8
|
exports.platformAlgorithmConfigs = {
|
|
9
9
|
github: {
|
|
10
|
-
platform:
|
|
10
|
+
platform: "github",
|
|
11
11
|
signatureConfig: {
|
|
12
|
-
algorithm:
|
|
13
|
-
headerName:
|
|
14
|
-
headerFormat:
|
|
15
|
-
prefix:
|
|
12
|
+
algorithm: "hmac-sha256",
|
|
13
|
+
headerName: "x-hub-signature-256",
|
|
14
|
+
headerFormat: "prefixed",
|
|
15
|
+
prefix: "sha256=",
|
|
16
16
|
timestampHeader: undefined,
|
|
17
|
-
payloadFormat:
|
|
17
|
+
payloadFormat: "raw",
|
|
18
18
|
},
|
|
19
|
-
description:
|
|
19
|
+
description: "GitHub webhooks use HMAC-SHA256 with sha256= prefix",
|
|
20
20
|
},
|
|
21
21
|
stripe: {
|
|
22
|
-
platform:
|
|
22
|
+
platform: "stripe",
|
|
23
23
|
signatureConfig: {
|
|
24
|
-
algorithm:
|
|
25
|
-
headerName:
|
|
26
|
-
headerFormat:
|
|
24
|
+
algorithm: "hmac-sha256",
|
|
25
|
+
headerName: "stripe-signature",
|
|
26
|
+
headerFormat: "comma-separated",
|
|
27
27
|
timestampHeader: undefined,
|
|
28
|
-
payloadFormat:
|
|
28
|
+
payloadFormat: "timestamped",
|
|
29
29
|
customConfig: {
|
|
30
|
-
signatureFormat:
|
|
30
|
+
signatureFormat: "t={timestamp},v1={signature}",
|
|
31
31
|
},
|
|
32
32
|
},
|
|
33
|
-
description:
|
|
33
|
+
description: "Stripe webhooks use HMAC-SHA256 with comma-separated format",
|
|
34
34
|
},
|
|
35
35
|
clerk: {
|
|
36
|
-
platform:
|
|
36
|
+
platform: "clerk",
|
|
37
37
|
signatureConfig: {
|
|
38
|
-
algorithm:
|
|
39
|
-
headerName:
|
|
40
|
-
headerFormat:
|
|
41
|
-
timestampHeader:
|
|
42
|
-
timestampFormat:
|
|
43
|
-
payloadFormat:
|
|
38
|
+
algorithm: "hmac-sha256",
|
|
39
|
+
headerName: "svix-signature",
|
|
40
|
+
headerFormat: "raw",
|
|
41
|
+
timestampHeader: "svix-timestamp",
|
|
42
|
+
timestampFormat: "unix",
|
|
43
|
+
payloadFormat: "custom",
|
|
44
44
|
customConfig: {
|
|
45
|
-
signatureFormat:
|
|
46
|
-
payloadFormat:
|
|
47
|
-
encoding:
|
|
48
|
-
secretEncoding:
|
|
49
|
-
idHeader:
|
|
45
|
+
signatureFormat: "v1={signature}",
|
|
46
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
47
|
+
encoding: "base64",
|
|
48
|
+
secretEncoding: "base64",
|
|
49
|
+
idHeader: "svix-id",
|
|
50
50
|
},
|
|
51
51
|
},
|
|
52
|
-
description:
|
|
52
|
+
description: "Clerk webhooks use HMAC-SHA256 with base64 encoding",
|
|
53
53
|
},
|
|
54
54
|
dodopayments: {
|
|
55
|
-
platform:
|
|
55
|
+
platform: "dodopayments",
|
|
56
56
|
signatureConfig: {
|
|
57
|
-
algorithm:
|
|
58
|
-
headerName:
|
|
59
|
-
headerFormat:
|
|
60
|
-
timestampHeader:
|
|
61
|
-
timestampFormat:
|
|
62
|
-
payloadFormat:
|
|
57
|
+
algorithm: "hmac-sha256",
|
|
58
|
+
headerName: "webhook-signature",
|
|
59
|
+
headerFormat: "raw",
|
|
60
|
+
timestampHeader: "webhook-timestamp",
|
|
61
|
+
timestampFormat: "unix",
|
|
62
|
+
payloadFormat: "custom",
|
|
63
63
|
customConfig: {
|
|
64
|
-
signatureFormat:
|
|
65
|
-
payloadFormat:
|
|
66
|
-
encoding:
|
|
67
|
-
secretEncoding:
|
|
68
|
-
idHeader:
|
|
64
|
+
signatureFormat: "v1={signature}",
|
|
65
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
66
|
+
encoding: "base64",
|
|
67
|
+
secretEncoding: "base64",
|
|
68
|
+
idHeader: "webhook-id",
|
|
69
69
|
},
|
|
70
70
|
},
|
|
71
|
-
description:
|
|
71
|
+
description: "Dodo Payments webhooks use HMAC-SHA256 with svix-style format (Standard Webhooks)",
|
|
72
72
|
},
|
|
73
73
|
shopify: {
|
|
74
|
-
platform:
|
|
74
|
+
platform: "shopify",
|
|
75
75
|
signatureConfig: {
|
|
76
|
-
algorithm:
|
|
77
|
-
headerName:
|
|
78
|
-
headerFormat:
|
|
79
|
-
payloadFormat:
|
|
76
|
+
algorithm: "hmac-sha256",
|
|
77
|
+
headerName: "x-shopify-hmac-sha256",
|
|
78
|
+
headerFormat: "raw",
|
|
79
|
+
payloadFormat: "raw",
|
|
80
80
|
customConfig: {
|
|
81
|
-
encoding:
|
|
82
|
-
secretEncoding:
|
|
81
|
+
encoding: "base64",
|
|
82
|
+
secretEncoding: "utf8",
|
|
83
83
|
},
|
|
84
84
|
},
|
|
85
|
-
description:
|
|
85
|
+
description: "Shopify webhooks use HMAC-SHA256 with base64 encoded signature",
|
|
86
86
|
},
|
|
87
87
|
vercel: {
|
|
88
|
-
platform:
|
|
88
|
+
platform: "vercel",
|
|
89
89
|
signatureConfig: {
|
|
90
|
-
algorithm:
|
|
91
|
-
headerName:
|
|
92
|
-
headerFormat:
|
|
93
|
-
timestampHeader:
|
|
94
|
-
timestampFormat:
|
|
95
|
-
payloadFormat:
|
|
90
|
+
algorithm: "hmac-sha256",
|
|
91
|
+
headerName: "x-vercel-signature",
|
|
92
|
+
headerFormat: "raw",
|
|
93
|
+
timestampHeader: "x-vercel-timestamp",
|
|
94
|
+
timestampFormat: "unix",
|
|
95
|
+
payloadFormat: "raw",
|
|
96
96
|
},
|
|
97
|
-
description:
|
|
97
|
+
description: "Vercel webhooks use HMAC-SHA256",
|
|
98
98
|
},
|
|
99
99
|
polar: {
|
|
100
|
-
platform:
|
|
100
|
+
platform: "polar",
|
|
101
101
|
signatureConfig: {
|
|
102
|
-
algorithm:
|
|
103
|
-
headerName:
|
|
104
|
-
headerFormat:
|
|
105
|
-
timestampHeader:
|
|
106
|
-
timestampFormat:
|
|
107
|
-
payloadFormat:
|
|
102
|
+
algorithm: "hmac-sha256",
|
|
103
|
+
headerName: "webhook-signature",
|
|
104
|
+
headerFormat: "raw",
|
|
105
|
+
timestampHeader: "webhook-timestamp",
|
|
106
|
+
timestampFormat: "unix",
|
|
107
|
+
payloadFormat: "custom",
|
|
108
108
|
customConfig: {
|
|
109
|
-
signatureFormat:
|
|
110
|
-
payloadFormat:
|
|
111
|
-
encoding:
|
|
112
|
-
|
|
109
|
+
signatureFormat: "v1={signature}",
|
|
110
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
111
|
+
encoding: "base64",
|
|
112
|
+
secretEncoding: "utf8",
|
|
113
|
+
idHeader: "webhook-id",
|
|
113
114
|
},
|
|
114
115
|
},
|
|
115
|
-
description:
|
|
116
|
+
description: "Polar webhooks use HMAC-SHA256 with Standard Webhooks format",
|
|
116
117
|
},
|
|
117
118
|
supabase: {
|
|
118
|
-
platform:
|
|
119
|
+
platform: "supabase",
|
|
119
120
|
signatureConfig: {
|
|
120
|
-
algorithm:
|
|
121
|
-
headerName:
|
|
122
|
-
headerFormat:
|
|
123
|
-
payloadFormat:
|
|
121
|
+
algorithm: "custom",
|
|
122
|
+
headerName: "x-webhook-token",
|
|
123
|
+
headerFormat: "raw",
|
|
124
|
+
payloadFormat: "raw",
|
|
124
125
|
customConfig: {
|
|
125
|
-
type:
|
|
126
|
-
idHeader:
|
|
126
|
+
type: "token-based",
|
|
127
|
+
idHeader: "x-webhook-id",
|
|
127
128
|
},
|
|
128
129
|
},
|
|
129
|
-
description:
|
|
130
|
+
description: "Supabase webhooks use token-based authentication",
|
|
130
131
|
},
|
|
131
132
|
gitlab: {
|
|
132
|
-
platform:
|
|
133
|
+
platform: "gitlab",
|
|
133
134
|
signatureConfig: {
|
|
134
|
-
algorithm:
|
|
135
|
-
headerName:
|
|
136
|
-
headerFormat:
|
|
137
|
-
payloadFormat:
|
|
135
|
+
algorithm: "custom",
|
|
136
|
+
headerName: "X-Gitlab-Token",
|
|
137
|
+
headerFormat: "raw",
|
|
138
|
+
payloadFormat: "raw",
|
|
138
139
|
customConfig: {
|
|
139
|
-
type:
|
|
140
|
-
idHeader:
|
|
140
|
+
type: "token-based",
|
|
141
|
+
idHeader: "X-Gitlab-Token",
|
|
141
142
|
},
|
|
142
143
|
},
|
|
143
|
-
description:
|
|
144
|
+
description: "GitLab webhooks use HMAC-SHA256 with X-Gitlab-Token header",
|
|
144
145
|
},
|
|
145
146
|
paddle: {
|
|
146
|
-
platform:
|
|
147
|
+
platform: "paddle",
|
|
147
148
|
signatureConfig: {
|
|
148
|
-
algorithm:
|
|
149
|
-
headerName:
|
|
150
|
-
headerFormat:
|
|
151
|
-
payloadFormat:
|
|
149
|
+
algorithm: "hmac-sha256",
|
|
150
|
+
headerName: "paddle-signature",
|
|
151
|
+
headerFormat: "comma-separated",
|
|
152
|
+
payloadFormat: "custom",
|
|
152
153
|
customConfig: {
|
|
153
|
-
timestampKey:
|
|
154
|
-
signatureKey:
|
|
155
|
-
payloadFormat:
|
|
154
|
+
timestampKey: "ts",
|
|
155
|
+
signatureKey: "h1",
|
|
156
|
+
payloadFormat: "{timestamp}:{body}",
|
|
156
157
|
},
|
|
157
158
|
},
|
|
158
|
-
description:
|
|
159
|
+
description: "Paddle webhooks use HMAC-SHA256 with Paddle-Signature (ts/h1) header format",
|
|
159
160
|
},
|
|
160
161
|
razorpay: {
|
|
161
|
-
platform:
|
|
162
|
+
platform: "razorpay",
|
|
162
163
|
signatureConfig: {
|
|
163
|
-
algorithm:
|
|
164
|
-
headerName:
|
|
165
|
-
headerFormat:
|
|
166
|
-
payloadFormat:
|
|
164
|
+
algorithm: "hmac-sha256",
|
|
165
|
+
headerName: "x-razorpay-signature",
|
|
166
|
+
headerFormat: "raw",
|
|
167
|
+
payloadFormat: "raw",
|
|
167
168
|
},
|
|
168
|
-
description:
|
|
169
|
+
description: "Razorpay webhooks use HMAC-SHA256 with X-Razorpay-Signature header",
|
|
169
170
|
},
|
|
170
171
|
lemonsqueezy: {
|
|
171
|
-
platform:
|
|
172
|
+
platform: "lemonsqueezy",
|
|
172
173
|
signatureConfig: {
|
|
173
|
-
algorithm:
|
|
174
|
-
headerName:
|
|
175
|
-
headerFormat:
|
|
176
|
-
payloadFormat:
|
|
174
|
+
algorithm: "hmac-sha256",
|
|
175
|
+
headerName: "x-signature",
|
|
176
|
+
headerFormat: "raw",
|
|
177
|
+
payloadFormat: "raw",
|
|
177
178
|
},
|
|
178
|
-
description:
|
|
179
|
+
description: "Lemon Squeezy webhooks use HMAC-SHA256 with X-Signature header",
|
|
179
180
|
},
|
|
180
181
|
auth0: {
|
|
181
|
-
platform:
|
|
182
|
+
platform: "auth0",
|
|
182
183
|
signatureConfig: {
|
|
183
|
-
algorithm:
|
|
184
|
-
headerName:
|
|
185
|
-
headerFormat:
|
|
186
|
-
payloadFormat:
|
|
184
|
+
algorithm: "hmac-sha256",
|
|
185
|
+
headerName: "x-auth0-signature",
|
|
186
|
+
headerFormat: "raw",
|
|
187
|
+
payloadFormat: "raw",
|
|
187
188
|
},
|
|
188
|
-
description:
|
|
189
|
+
description: "Auth0 webhooks use HMAC-SHA256 with X-Auth0-Signature header",
|
|
189
190
|
},
|
|
190
191
|
workos: {
|
|
191
|
-
platform:
|
|
192
|
+
platform: "workos",
|
|
192
193
|
signatureConfig: {
|
|
193
|
-
algorithm:
|
|
194
|
-
headerName:
|
|
195
|
-
headerFormat:
|
|
196
|
-
payloadFormat:
|
|
194
|
+
algorithm: "hmac-sha256",
|
|
195
|
+
headerName: "workos-signature",
|
|
196
|
+
headerFormat: "comma-separated",
|
|
197
|
+
payloadFormat: "custom",
|
|
197
198
|
customConfig: {
|
|
198
|
-
timestampKey:
|
|
199
|
-
signatureKey:
|
|
200
|
-
payloadFormat:
|
|
199
|
+
timestampKey: "t",
|
|
200
|
+
signatureKey: "v1",
|
|
201
|
+
payloadFormat: "{timestamp}.{body}",
|
|
201
202
|
},
|
|
202
203
|
},
|
|
203
|
-
description:
|
|
204
|
+
description: "WorkOS webhooks use HMAC-SHA256 with WorkOS-Signature (t/v1) format",
|
|
204
205
|
},
|
|
205
206
|
woocommerce: {
|
|
206
|
-
platform:
|
|
207
|
+
platform: "woocommerce",
|
|
207
208
|
signatureConfig: {
|
|
208
|
-
algorithm:
|
|
209
|
-
headerName:
|
|
210
|
-
headerFormat:
|
|
211
|
-
payloadFormat:
|
|
209
|
+
algorithm: "hmac-sha256",
|
|
210
|
+
headerName: "x-wc-webhook-signature",
|
|
211
|
+
headerFormat: "raw",
|
|
212
|
+
payloadFormat: "raw",
|
|
212
213
|
customConfig: {
|
|
213
|
-
encoding:
|
|
214
|
-
secretEncoding:
|
|
214
|
+
encoding: "base64",
|
|
215
|
+
secretEncoding: "utf8",
|
|
215
216
|
},
|
|
216
217
|
},
|
|
217
|
-
description:
|
|
218
|
+
description: "WooCommerce webhooks use HMAC-SHA256 with base64 encoded signature",
|
|
218
219
|
},
|
|
219
220
|
replicateai: {
|
|
220
|
-
platform:
|
|
221
|
+
platform: "replicateai",
|
|
221
222
|
signatureConfig: {
|
|
222
|
-
algorithm:
|
|
223
|
-
headerName:
|
|
224
|
-
headerFormat:
|
|
225
|
-
timestampHeader:
|
|
226
|
-
timestampFormat:
|
|
227
|
-
payloadFormat:
|
|
223
|
+
algorithm: "hmac-sha256",
|
|
224
|
+
headerName: "webhook-signature",
|
|
225
|
+
headerFormat: "raw",
|
|
226
|
+
timestampHeader: "webhook-timestamp",
|
|
227
|
+
timestampFormat: "unix",
|
|
228
|
+
payloadFormat: "custom",
|
|
228
229
|
customConfig: {
|
|
229
|
-
signatureFormat:
|
|
230
|
-
payloadFormat:
|
|
231
|
-
encoding:
|
|
232
|
-
secretEncoding:
|
|
233
|
-
idHeader:
|
|
230
|
+
signatureFormat: "v1={signature}",
|
|
231
|
+
payloadFormat: "{id}.{timestamp}.{body}",
|
|
232
|
+
encoding: "base64",
|
|
233
|
+
secretEncoding: "base64",
|
|
234
|
+
idHeader: "webhook-id",
|
|
234
235
|
},
|
|
235
236
|
},
|
|
236
|
-
description:
|
|
237
|
+
description: "Replicate webhooks use HMAC-SHA256 with Standard Webhooks (svix-style) format",
|
|
237
238
|
},
|
|
238
239
|
falai: {
|
|
239
|
-
platform:
|
|
240
|
+
platform: "falai",
|
|
240
241
|
signatureConfig: {
|
|
241
|
-
algorithm:
|
|
242
|
-
headerName:
|
|
243
|
-
headerFormat:
|
|
244
|
-
payloadFormat:
|
|
242
|
+
algorithm: "ed25519",
|
|
243
|
+
headerName: "x-fal-webhook-signature",
|
|
244
|
+
headerFormat: "raw",
|
|
245
|
+
payloadFormat: "custom",
|
|
245
246
|
customConfig: {
|
|
246
|
-
requestIdHeader:
|
|
247
|
-
userIdHeader:
|
|
248
|
-
timestampHeader:
|
|
249
|
-
kidHeader:
|
|
250
|
-
jwksUrl:
|
|
247
|
+
requestIdHeader: "x-fal-request-id",
|
|
248
|
+
userIdHeader: "x-fal-user-id",
|
|
249
|
+
timestampHeader: "x-fal-webhook-timestamp",
|
|
250
|
+
kidHeader: "x-fal-webhook-key-id",
|
|
251
|
+
jwksUrl: "https://rest.alpha.fal.ai/.well-known/jwks.json",
|
|
251
252
|
},
|
|
252
253
|
},
|
|
253
|
-
description:
|
|
254
|
+
description: "fal.ai webhooks use ED25519 with a signed request/user/timestamp/body-hash payload",
|
|
254
255
|
},
|
|
255
256
|
custom: {
|
|
256
|
-
platform:
|
|
257
|
+
platform: "custom",
|
|
257
258
|
signatureConfig: {
|
|
258
|
-
algorithm:
|
|
259
|
-
headerName:
|
|
260
|
-
headerFormat:
|
|
261
|
-
payloadFormat:
|
|
259
|
+
algorithm: "hmac-sha256",
|
|
260
|
+
headerName: "x-webhook-token",
|
|
261
|
+
headerFormat: "raw",
|
|
262
|
+
payloadFormat: "raw",
|
|
262
263
|
customConfig: {
|
|
263
|
-
type:
|
|
264
|
-
idHeader:
|
|
264
|
+
type: "token-based",
|
|
265
|
+
idHeader: "x-webhook-id",
|
|
265
266
|
},
|
|
266
267
|
},
|
|
267
|
-
description:
|
|
268
|
+
description: "Custom webhook configuration",
|
|
268
269
|
},
|
|
269
270
|
unknown: {
|
|
270
|
-
platform:
|
|
271
|
+
platform: "unknown",
|
|
271
272
|
signatureConfig: {
|
|
272
|
-
algorithm:
|
|
273
|
-
headerName:
|
|
274
|
-
headerFormat:
|
|
275
|
-
payloadFormat:
|
|
273
|
+
algorithm: "hmac-sha256",
|
|
274
|
+
headerName: "x-webhook-signature",
|
|
275
|
+
headerFormat: "raw",
|
|
276
|
+
payloadFormat: "raw",
|
|
276
277
|
},
|
|
277
|
-
description:
|
|
278
|
+
description: "Unknown platform - using default HMAC-SHA256",
|
|
278
279
|
},
|
|
279
280
|
};
|
|
280
281
|
function getPlatformAlgorithmConfig(platform) {
|
|
@@ -294,15 +295,15 @@ function validateSignatureConfig(config) {
|
|
|
294
295
|
return false;
|
|
295
296
|
}
|
|
296
297
|
switch (config.algorithm) {
|
|
297
|
-
case
|
|
298
|
-
case
|
|
299
|
-
case
|
|
298
|
+
case "hmac-sha256":
|
|
299
|
+
case "hmac-sha1":
|
|
300
|
+
case "hmac-sha512":
|
|
300
301
|
return true;
|
|
301
|
-
case
|
|
302
|
+
case "rsa-sha256":
|
|
302
303
|
return !!config.customConfig?.publicKey;
|
|
303
|
-
case
|
|
304
|
+
case "ed25519":
|
|
304
305
|
return !!config.customConfig?.publicKey || !!config.customConfig?.jwksUrl;
|
|
305
|
-
case
|
|
306
|
+
case "custom":
|
|
306
307
|
return !!config.customConfig;
|
|
307
308
|
default:
|
|
308
309
|
return false;
|
package/package.json
CHANGED