@hookflo/tern 4.0.2 → 4.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/express.d.ts +1 -0
- package/dist/adapters/express.js +10 -1
- package/dist/adapters/shared.d.ts +1 -0
- package/dist/adapters/shared.js +10 -1
- package/dist/index.d.ts +1 -0
- package/dist/index.js +77 -65
- package/dist/upstash/queue.js +81 -28
- package/dist/verifiers/algorithms.d.ts +1 -0
- package/dist/verifiers/algorithms.js +58 -13
- package/package.json +2 -2
- package/dist/adapters/testExpress.d.ts +0 -1
- package/dist/adapters/testExpress.js +0 -83
- package/dist/test-compiled.d.ts +0 -1
- package/dist/test-compiled.js +0 -4
- package/dist/test.d.ts +0 -2
- package/dist/test.js +0 -668
|
@@ -1,83 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
3
|
-
return (mod && mod.__esModule) ? mod : { "default": mod };
|
|
4
|
-
};
|
|
5
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
6
|
-
const crypto_1 = __importDefault(require("crypto"));
|
|
7
|
-
const shared_1 = require("./shared");
|
|
8
|
-
const __1 = __importDefault(require(".."));
|
|
9
|
-
const secret = 'whsec_test_secret';
|
|
10
|
-
const payload = `${JSON.stringify({ type: 'payment_intent.succeeded', data: { amount: 2000 } })}\n`;
|
|
11
|
-
function buildStripeSignature(body, secret) {
|
|
12
|
-
const timestamp = Math.floor(Date.now() / 1000);
|
|
13
|
-
const signed = `${timestamp}.${body}`;
|
|
14
|
-
const hmac = crypto_1.default
|
|
15
|
-
.createHmac('sha256', secret.replace('whsec_', ''))
|
|
16
|
-
.update(signed)
|
|
17
|
-
.digest('hex');
|
|
18
|
-
return `t=${timestamp},v1=${hmac}`;
|
|
19
|
-
}
|
|
20
|
-
// ── Test 1: raw stream — no middleware ran ───────────────────
|
|
21
|
-
async function testRawStream() {
|
|
22
|
-
const sig = buildStripeSignature(payload, secret); // ✓ fixed: was missing secret arg
|
|
23
|
-
const chunks = [Buffer.from(payload, 'utf8')];
|
|
24
|
-
const req = {
|
|
25
|
-
method: 'POST',
|
|
26
|
-
headers: {
|
|
27
|
-
'stripe-signature': sig,
|
|
28
|
-
'content-type': 'application/json',
|
|
29
|
-
},
|
|
30
|
-
body: undefined,
|
|
31
|
-
on: (event, cb) => {
|
|
32
|
-
if (event === 'data') {
|
|
33
|
-
for (const chunk of chunks)
|
|
34
|
-
cb(chunk);
|
|
35
|
-
}
|
|
36
|
-
if (event === 'end') {
|
|
37
|
-
cb();
|
|
38
|
-
}
|
|
39
|
-
},
|
|
40
|
-
};
|
|
41
|
-
const webReq = await (0, shared_1.toWebRequest)(req);
|
|
42
|
-
const result = await __1.default.verifyWithPlatformConfig(webReq, 'stripe', secret);
|
|
43
|
-
console.log('Test 1 Raw stream (no middleware):', result.isValid ? '✓ PASS' : `✗ FAIL — ${result.error}`);
|
|
44
|
-
}
|
|
45
|
-
// ── Test 2: Buffer body — express.raw() ran ──────────────────
|
|
46
|
-
async function testBufferBody() {
|
|
47
|
-
const sig = buildStripeSignature(payload, secret);
|
|
48
|
-
const req = {
|
|
49
|
-
method: 'POST',
|
|
50
|
-
headers: {
|
|
51
|
-
'content-type': 'application/json',
|
|
52
|
-
'stripe-signature': sig,
|
|
53
|
-
},
|
|
54
|
-
body: Buffer.from(payload, 'utf8'),
|
|
55
|
-
};
|
|
56
|
-
const webReq = await (0, shared_1.toWebRequest)(req);
|
|
57
|
-
const result = await __1.default.verifyWithPlatformConfig(webReq, 'stripe', secret);
|
|
58
|
-
console.log('Test 2 Buffer body (express.raw):', result.isValid ? '✓ PASS' : `✗ FAIL — ${result.error}`);
|
|
59
|
-
}
|
|
60
|
-
// ── Test 3: parsed object — express.json() ran ───────────────
|
|
61
|
-
async function testParsedObject() {
|
|
62
|
-
// signature computed against raw payload including \n
|
|
63
|
-
const sig = buildStripeSignature(payload, secret);
|
|
64
|
-
const req = {
|
|
65
|
-
method: 'POST',
|
|
66
|
-
headers: {
|
|
67
|
-
'content-type': 'application/json',
|
|
68
|
-
'stripe-signature': sig,
|
|
69
|
-
},
|
|
70
|
-
body: JSON.parse(payload), // \n gone, bytes lost
|
|
71
|
-
};
|
|
72
|
-
const webReq = await (0, shared_1.toWebRequest)(req);
|
|
73
|
-
const result = await __1.default.verifyWithPlatformConfig(webReq, 'stripe', secret);
|
|
74
|
-
// should FAIL — \n was in original signature but lost after JSON.parse
|
|
75
|
-
console.log('Test 3 Parsed object (express.json):', !result.isValid ? '✓ FAILS AS EXPECTED' : '✗ SHOULD HAVE FAILED');
|
|
76
|
-
}
|
|
77
|
-
async function run() {
|
|
78
|
-
await testRawStream(); // no middleware → should PASS
|
|
79
|
-
await testBufferBody(); // express.raw() → should PASS
|
|
80
|
-
await testParsedObject(); // express.json() → should FAIL as expected
|
|
81
|
-
console.log('\nDone. Test 3 failing is correct behavior.');
|
|
82
|
-
}
|
|
83
|
-
run();
|
package/dist/test-compiled.d.ts
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
export {};
|
package/dist/test-compiled.js
DELETED
package/dist/test.d.ts
DELETED