@praxium/sdk 0.2.15 → 0.2.17
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/revalidation.js +7 -0
- package/package.json +1 -1
package/dist/revalidation.js
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
// src/revalidation.ts
|
|
2
2
|
var SIGNATURE_HEADER = "X-Praxium-Signature";
|
|
3
3
|
var DEFAULT_MAX_TIMESTAMP_AGE_MS = 5 * 60 * 1e3;
|
|
4
|
+
var CLOCK_SKEW_TOLERANCE_MS = 5 * 60 * 1e3;
|
|
4
5
|
async function computeHmacSignature(secret, payload) {
|
|
5
6
|
const encoder = new TextEncoder();
|
|
6
7
|
const key = await crypto.subtle.importKey(
|
|
@@ -63,6 +64,12 @@ function createRevalidationHandler(config) {
|
|
|
63
64
|
);
|
|
64
65
|
}
|
|
65
66
|
const requestAgeMs = Date.now() - parsed.timestamp * 1e3;
|
|
67
|
+
if (requestAgeMs < -CLOCK_SKEW_TOLERANCE_MS) {
|
|
68
|
+
return Response.json(
|
|
69
|
+
{ error: "Request timestamp is in the future" },
|
|
70
|
+
{ status: 401 }
|
|
71
|
+
);
|
|
72
|
+
}
|
|
66
73
|
if (requestAgeMs > maxTimestampAge) {
|
|
67
74
|
return Response.json(
|
|
68
75
|
{ error: "Request timestamp expired" },
|