@liveblocks/node 1.1.0 → 1.1.1-dual2

package/dist/index.d.mts

@@ -0,0 +1,201 @@
+import { IncomingHttpHeaders } from 'http';
+
+declare type AuthorizeOptions = {
+    /**
+     * The secret API key for your Liveblocks account. You can find it on
+     * https://liveblocks.io/dashboard/apikeys
+     */
+    secret: string;
+    /**
+     * The room ID for which to authorize the user. This will authorize the user
+     * to enter the Liveblocks room.
+     */
+    room: string;
+    /**
+     * Associates a user ID to the session that is being authorized. The user ID
+     * is typically set to the user ID from your own database.
+     *
+     * It can also be used to generate a token that gives access to a private
+     * room where the userId is configured in the room accesses.
+     *
+     * This user ID will be used as the unique identifier to compute your
+     * Liveblocks account's Monthly Active Users.
+     */
+    userId: string;
+    /**
+     * Arbitrary metadata associated to this user session.
+     *
+     * You can use it to store a small amount of static metadata for a user
+     * session. It is public information, that will be visible to other users in
+     * the same room, like name, avatar URL, etc.
+     *
+     * It's only suitable for static info that won't change during a session. If
+     * you want to store dynamic metadata on a user session, don't keep that in
+     * the session token, but use Presence instead.
+     *
+     * Can't exceed 1KB when serialized as JSON.
+     */
+    userInfo?: unknown;
+    /**
+     * Tell Liveblocks which group IDs this user belongs to. This will authorize
+     * the user session to access private rooms that have at least one of these
+     * group IDs listed in their room access configuration.
+     *
+     * See https://liveblocks.io/docs/guides/managing-rooms-users-permissions#permissions
+     * for how to configure your room's permissions to use this feature.
+     */
+    groupIds?: string[];
+};
+declare type AuthorizeResponse = {
+    status: number;
+    body: string;
+    error?: Error;
+};
+/**
+ * Tells Liveblocks that a user should be allowed access to a room, which user
+ * this session is for, and what metadata to associate with the user (like
+ * name, avatar, etc.)
+ *
+ * @example
+ * export default async function auth(req, res) {
+ *
+ * // Implement your own security here.
+ *
+ * const room = req.body.room;
+ * const response = await authorize({
+ *   room,
+ *   secret,
+ *   userId: "123",
+ *   userInfo: {    // Optional
+ *     name: "Ada Lovelace"
+ *   },
+ *   groupIds: ["group1"] // Optional
+ * });
+ * return res.status(response.status).end(response.body);
+ * }
+ */
+declare function authorize(options: AuthorizeOptions): Promise<AuthorizeResponse>;
+
+declare class WebhookHandler {
+    private secretBuffer;
+    private static secretPrefix;
+    constructor(
+    /**
+     * The signing secret provided on the dashboard's webhooks page
+     * @example "whsec_wPbvQ+u3VtN2e2tRPDKchQ1tBZ3svaHLm"
+     */
+    secret: string);
+    /**
+     * Verifies a webhook request and returns the event
+     */
+    verifyRequest(request: WebhookRequest): WebhookEvent;
+    /**
+     * Verifies the headers and returns the webhookId, timestamp and rawSignatures
+     */
+    private verifyHeaders;
+    /**
+     * Signs the content with the secret
+     * @param content
+     * @returns `string`
+     */
+    private sign;
+    /**
+     * Verifies that the timestamp is not too old or in the future
+     */
+    private verifyTimestamp;
+    /**
+     * Ensures that the event is a known event type
+     * or throws and prompts the user to upgrade to a higher version of @liveblocks/node
+     */
+    private verifyWebhookEventType;
+}
+declare type WebhookRequest = {
+    /**
+     * Headers of the request
+     * @example
+     * {
+     *  "webhook-id": "123",
+     *  "webhook-timestamp": "1614588800000",
+     *  "webhook-signature": "v1,bm9ldHUjKzFob2VudXRob2VodWUzMjRvdWVvdW9ldQo= v2,MzJsNDk4MzI0K2VvdSMjMTEjQEBAQDEyMzMzMzEyMwo="
+     * }
+     */
+    headers: IncomingHttpHeaders;
+    /**
+     * Raw body of the request, do not parse it
+     * @example '{"type":"storageUpdated","data":{"roomId":"my-room-id","appId":"my-app-id","updatedAt":"2021-03-01T12:00:00.000Z"}}'
+     */
+    rawBody: string;
+};
+declare type WebhookEvent = StorageUpdatedEvent | UserEnteredEvent | UserLeftEvent | RoomCreatedEvent | RoomDeletedEvent;
+declare type StorageUpdatedEvent = {
+    type: "storageUpdated";
+    data: {
+        roomId: string;
+        appId: string;
+        /**
+         * ISO 8601 datestring
+         * @example "2021-03-01T12:00:00.000Z"
+         */
+        updatedAt: string;
+    };
+};
+declare type UserEnteredEvent = {
+    type: "userEntered";
+    data: {
+        appId: string;
+        roomId: string;
+        connectionId: number;
+        userId: string | null;
+        userInfo: Record<string, unknown> | null;
+        /**
+         * ISO 8601 datestring
+         * @example "2021-03-01T12:00:00.000Z"
+         * @description The time when the user entered the room.
+         */
+        enteredAt: string;
+        numActiveUsers: number;
+    };
+};
+declare type UserLeftEvent = {
+    type: "userLeft";
+    data: {
+        appId: string;
+        roomId: string;
+        connectionId: number;
+        userId: string | null;
+        userInfo: Record<string, unknown> | null;
+        /**
+         * ISO 8601 datestring
+         * @example "2021-03-01T12:00:00.000Z"
+         * @description The time when the user left the room.
+         */
+        leftAt: string;
+        numActiveUsers: number;
+    };
+};
+declare type RoomCreatedEvent = {
+    type: "roomCreated";
+    data: {
+        appId: string;
+        roomId: string;
+        /**
+         * ISO 8601 datestring
+         * @example "2021-03-01T12:00:00.000Z"
+         */
+        createdAt: string;
+    };
+};
+declare type RoomDeletedEvent = {
+    type: "roomDeleted";
+    data: {
+        appId: string;
+        roomId: string;
+        /**
+         * ISO 8601 datestring
+         * @example "2021-03-01T12:00:00.000Z"
+         */
+        deletedAt: string;
+    };
+};
+
+export { StorageUpdatedEvent, UserEnteredEvent, UserLeftEvent, WebhookEvent, WebhookHandler, WebhookRequest, authorize };

package/dist/index.js

@@ -84,7 +84,7 @@ function buildLiveblocksAuthorizeEndpoint(options, roomId) {
 
 // src/webhooks.ts
 var _crypto = require('crypto'); var _crypto2 = _interopRequireDefault(_crypto);
-var _WebhookHandler = class {
+var _WebhookHandler = class _WebhookHandler {
   constructor(secret) {
     if (!secret)
       throw new Error("Secret is required");
@@ -179,8 +179,8 @@ var _WebhookHandler = class {
     );
   }
 };
+_WebhookHandler.secretPrefix = "whsec_";
 var WebhookHandler = _WebhookHandler;
-WebhookHandler.secretPrefix = "whsec_";
 var WEBHOOK_TOLERANCE_IN_SECONDS = 5 * 60;
 var isNotUndefined = (value) => value !== void 0;
 

package/dist/index.mjs

@@ -0,0 +1,189 @@
+var __async = (__this, __arguments, generator) => {
+  return new Promise((resolve, reject) => {
+    var fulfilled = (value) => {
+      try {
+        step(generator.next(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var rejected = (value) => {
+      try {
+        step(generator.throw(value));
+      } catch (e) {
+        reject(e);
+      }
+    };
+    var step = (x) => x.done ? resolve(x.value) : Promise.resolve(x.value).then(fulfilled, rejected);
+    step((generator = generator.apply(__this, __arguments)).next());
+  });
+};
+
+// src/authorize.ts
+import fetch from "node-fetch";
+function authorize(options) {
+  return __async(this, null, function* () {
+    try {
+      const { room, secret, userId, userInfo, groupIds } = options;
+      if (!(typeof room === "string" && room.length > 0)) {
+        throw new Error(
+          "Invalid room. Please provide a non-empty string as the room. For more information: https://liveblocks.io/docs/api-reference/liveblocks-node#authorize"
+        );
+      }
+      if (!(typeof userId === "string" && userId.length > 0)) {
+        throw new Error(
+          "Invalid userId. Please provide a non-empty string as the userId. For more information: https://liveblocks.io/docs/api-reference/liveblocks-node#authorize"
+        );
+      }
+      const resp = yield fetch(buildLiveblocksAuthorizeEndpoint(options, room), {
+        method: "POST",
+        headers: {
+          Authorization: `Bearer ${secret}`,
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          userId,
+          userInfo,
+          groupIds
+        })
+      });
+      if (resp.ok) {
+        return {
+          status: 200,
+          body: yield resp.text()
+        };
+      }
+      if (resp.status >= 500) {
+        return {
+          status: 503,
+          body: yield resp.text()
+        };
+      } else {
+        return {
+          status: 403,
+          body: yield resp.text()
+        };
+      }
+    } catch (er) {
+      return {
+        status: 503,
+        body: 'Call to "https://api.liveblocks.io/v2/rooms/:roomId/authorize" failed. See "error" for more information.',
+        error: er
+      };
+    }
+  });
+}
+function buildLiveblocksAuthorizeEndpoint(options, roomId) {
+  if (options.liveblocksAuthorizeEndpoint) {
+    return options.liveblocksAuthorizeEndpoint.replace("{roomId}", roomId);
+  }
+  return `https://api.liveblocks.io/v2/rooms/${encodeURIComponent(
+    roomId
+  )}/authorize`;
+}
+
+// src/webhooks.ts
+import crypto from "crypto";
+var _WebhookHandler = class _WebhookHandler {
+  constructor(secret) {
+    if (!secret)
+      throw new Error("Secret is required");
+    if (typeof secret !== "string")
+      throw new Error("Secret must be a string");
+    if (secret.startsWith(_WebhookHandler.secretPrefix) === false)
+      throw new Error("Invalid secret, must start with whsec_");
+    const secretKey = secret.slice(_WebhookHandler.secretPrefix.length);
+    this.secretBuffer = Buffer.from(secretKey, "base64");
+  }
+  /**
+   * Verifies a webhook request and returns the event
+   */
+  verifyRequest(request) {
+    const { webhookId, timestamp, rawSignatures } = this.verifyHeaders(
+      request.headers
+    );
+    this.verifyTimestamp(timestamp);
+    const signature = this.sign(`${webhookId}.${timestamp}.${request.rawBody}`);
+    const expectedSignatures = rawSignatures.split(" ").map((rawSignature) => {
+      const [, parsedSignature] = rawSignature.split(",");
+      return parsedSignature;
+    }).filter(isNotUndefined);
+    if (expectedSignatures.includes(signature) === false)
+      throw new Error(
+        `Invalid signature, expected one of ${expectedSignatures.join(
+          ", "
+        )}, got ${signature}`
+      );
+    const event = JSON.parse(request.rawBody);
+    this.verifyWebhookEventType(event);
+    return event;
+  }
+  /**
+   * Verifies the headers and returns the webhookId, timestamp and rawSignatures
+   */
+  verifyHeaders(headers) {
+    const sanitizedHeaders = {};
+    Object.keys(headers).forEach((key) => {
+      sanitizedHeaders[key.toLowerCase()] = headers[key];
+    });
+    const webhookId = sanitizedHeaders["webhook-id"];
+    if (typeof webhookId !== "string")
+      throw new Error("Invalid webhook-id header");
+    const timestamp = sanitizedHeaders["webhook-timestamp"];
+    if (typeof timestamp !== "string")
+      throw new Error("Invalid webhook-timestamp header");
+    const rawSignatures = sanitizedHeaders["webhook-signature"];
+    if (typeof rawSignatures !== "string")
+      throw new Error("Invalid webhook-signature header");
+    return { webhookId, timestamp, rawSignatures };
+  }
+  /**
+   * Signs the content with the secret
+   * @param content
+   * @returns `string`
+   */
+  sign(content) {
+    return crypto.createHmac("sha256", this.secretBuffer).update(content).digest("base64");
+  }
+  /**
+   * Verifies that the timestamp is not too old or in the future
+   */
+  verifyTimestamp(timestampHeader) {
+    const now = Math.floor(Date.now() / 1e3);
+    const timestamp = parseInt(timestampHeader, 10);
+    if (isNaN(timestamp)) {
+      throw new Error("Invalid timestamp");
+    }
+    if (timestamp < now - WEBHOOK_TOLERANCE_IN_SECONDS) {
+      throw new Error("Timestamp too old");
+    }
+    if (timestamp > now + WEBHOOK_TOLERANCE_IN_SECONDS) {
+      throw new Error("Timestamp in the future");
+    }
+  }
+  /**
+   * Ensures that the event is a known event type
+   * or throws and prompts the user to upgrade to a higher version of @liveblocks/node
+   */
+  verifyWebhookEventType(event) {
+    if (event && event.type && [
+      "storageUpdated",
+      "userEntered",
+      "userLeft",
+      "roomCreated",
+      "roomDeleted"
+    ].includes(event.type))
+      return;
+    throw new Error(
+      "Unknown event type, please upgrade to a higher version of @liveblocks/node"
+    );
+  }
+};
+_WebhookHandler.secretPrefix = "whsec_";
+var WebhookHandler = _WebhookHandler;
+var WEBHOOK_TOLERANCE_IN_SECONDS = 5 * 60;
+var isNotUndefined = (value) => value !== void 0;
+export {
+  WebhookHandler,
+  authorize
+};

package/package.json

@@ -1,10 +1,23 @@
 {
   "name": "@liveblocks/node",
-  "version": "1.1.0",
+  "version": "1.1.1-dual2",
   "description": "A server-side utility that lets you set up a Liveblocks authentication endpoint. Liveblocks is the all-in-one toolkit to build collaborative products like Figma, Notion, and more.",
   "license": "Apache-2.0",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": {
+        "types": "./dist/index.d.mts",
+        "default": "./dist/index.mjs"
+      },
+      "require": {
+        "types": "./dist/index.d.ts",
+        "module": "./dist/index.mjs",
+        "default": "./dist/index.js"
+      }
+    }
+  },
   "files": [
     "dist/**",
     "README.md"
@@ -12,8 +25,9 @@
   "scripts": {
     "dev": "tsup --watch",
     "build": "tsup",
-    "format": "eslint --fix src/; prettier --write src/",
+    "format": "(eslint --fix src/ || true) && prettier --write src/",
     "lint": "eslint src/",
+    "lint:package": "publint --strict && attw --pack",
     "test": "jest --silent --verbose --color=always",
     "test:watch": "jest --silent --verbose --color=always --watch"
   },