@redmix/api 0.0.1

package/dist/auth/verifiers/common.js

@@ -0,0 +1,99 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var common_exports = {};
+__export(common_exports, {
+  DEFAULT_TOLERANCE: () => DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET: () => DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE: () => VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE: () => VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError: () => WebhookSignError,
+  WebhookVerificationError: () => WebhookVerificationError,
+  verifierLookup: () => verifierLookup
+});
+module.exports = __toCommonJS(common_exports);
+var import_base64Sha1Verifier = __toESM(require("./base64Sha1Verifier"));
+var import_base64Sha256Verifier = __toESM(require("./base64Sha256Verifier"));
+var import_jwtVerifier = __toESM(require("./jwtVerifier"));
+var import_secretKeyVerifier = __toESM(require("./secretKeyVerifier"));
+var import_sha1Verifier = __toESM(require("./sha1Verifier"));
+var import_sha256Verifier = __toESM(require("./sha256Verifier"));
+var import_skipVerifier = __toESM(require("./skipVerifier"));
+var import_timestampSchemeVerifier = __toESM(require("./timestampSchemeVerifier"));
+const verifierLookup = {
+  skipVerifier: import_skipVerifier.default,
+  secretKeyVerifier: import_secretKeyVerifier.default,
+  sha1Verifier: import_sha1Verifier.default,
+  sha256Verifier: import_sha256Verifier.default,
+  base64Sha1Verifier: import_base64Sha1Verifier.default,
+  base64Sha256Verifier: import_base64Sha256Verifier.default,
+  timestampSchemeVerifier: import_timestampSchemeVerifier.default,
+  jwtVerifier: import_jwtVerifier.default
+};
+const DEFAULT_WEBHOOK_SECRET = process.env.WEBHOOK_SECRET ?? "";
+const VERIFICATION_ERROR_MESSAGE = "You don't have access to invoke this function.";
+const VERIFICATION_SIGN_MESSAGE = "Unable to sign payload";
+const FIVE_MINUTES = 5 * 6e4;
+const DEFAULT_TOLERANCE = FIVE_MINUTES;
+class WebhookError extends Error {
+  /**
+   * Create a WebhookError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message);
+  }
+}
+class WebhookVerificationError extends WebhookError {
+  /**
+   * Create a WebhookVerificationError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_ERROR_MESSAGE);
+  }
+}
+class WebhookSignError extends WebhookError {
+  /**
+   * Create a WebhookSignError.
+   * @param {string} message - The error message
+   * */
+  constructor(message) {
+    super(message || VERIFICATION_SIGN_MESSAGE);
+  }
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  DEFAULT_TOLERANCE,
+  DEFAULT_WEBHOOK_SECRET,
+  VERIFICATION_ERROR_MESSAGE,
+  VERIFICATION_SIGN_MESSAGE,
+  WebhookSignError,
+  WebhookVerificationError,
+  verifierLookup
+});

package/dist/auth/verifiers/index.d.ts

@@ -0,0 +1,8 @@
+import type { SupportedVerifierTypes, VerifyOptions, WebhookVerifier } from './common';
+/**
+ * @param {SupportedVerifierTypes} type - What verification type methods used to sign and verify signatures
+ * @param {VerifyOptions} options - Options used to verify the signature based on verifiers requirements
+ */
+export declare const createVerifier: (type: SupportedVerifierTypes, options?: VerifyOptions) => WebhookVerifier;
+export * from './common';
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/verifiers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,sBAAsB,EACtB,aAAa,EACb,eAAe,EAChB,MAAM,UAAU,CAAA;AAEjB;;;GAGG;AACH,eAAO,MAAM,cAAc,SACnB,sBAAsB,YAClB,aAAa,KACtB,eAMF,CAAA;AAED,cAAc,UAAU,CAAA"}

package/dist/auth/verifiers/index.js

@@ -0,0 +1,38 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __reExport = (target, mod, secondTarget) => (__copyProps(target, mod, "default"), secondTarget && __copyProps(secondTarget, mod, "default"));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var verifiers_exports = {};
+__export(verifiers_exports, {
+  createVerifier: () => createVerifier
+});
+module.exports = __toCommonJS(verifiers_exports);
+var import_common = require("./common");
+__reExport(verifiers_exports, require("./common"), module.exports);
+const createVerifier = (type, options) => {
+  if (options) {
+    return import_common.verifierLookup[type](options);
+  } else {
+    return import_common.verifierLookup[type]();
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  createVerifier,
+  ...require("./common")
+});

package/dist/auth/verifiers/jwtVerifier.d.ts

@@ -0,0 +1,26 @@
+import type { WebhookVerifier, VerifyOptions } from './common';
+export interface JwtVerifier extends WebhookVerifier {
+    type: 'jwtVerifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, options, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+    options: VerifyOptions | undefined;
+}) => boolean;
+/**
+ *
+ * JWT Payload Verifier
+ *
+ * Based on Netlify's webhook payload verification
+ * @see: https://docs.netlify.com/site-deploys/notifications/#payload-signature
+ *
+ */
+export declare const jwtVerifier: (options?: VerifyOptions) => JwtVerifier;
+export default jwtVerifier;
+//# sourceMappingURL=jwtVerifier.d.ts.map

package/dist/auth/verifiers/jwtVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwtVerifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/jwtVerifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,WAAY,SAAQ,eAAe;IAClD,IAAI,EAAE,aAAa,CAAA;CACpB;AA2BD;;;;GAIG;AACH,eAAO,MAAM,eAAe,6CAKzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,OAAO,EAAE,aAAa,GAAG,SAAS,CAAA;CACnC,KAAG,OAmBH,CAAA;AAED;;;;;;;GAOG;AACH,eAAO,MAAM,WAAW,aAAc,aAAa,KAAG,WAUrD,CAAA;AAED,eAAe,WAAW,CAAA"}

package/dist/auth/verifiers/jwtVerifier.js

@@ -0,0 +1,86 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var jwtVerifier_exports = {};
+__export(jwtVerifier_exports, {
+  default: () => jwtVerifier_default,
+  jwtVerifier: () => jwtVerifier,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(jwtVerifier_exports);
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"));
+var import_common = require("./common");
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  options
+}) => {
+  try {
+    const signOptions = options?.issuer ? { issuer: options?.issuer } : void 0;
+    return import_jsonwebtoken.default.sign(payload, secret, { ...signOptions });
+  } catch (error) {
+    throw new import_common.WebhookSignError(error.message);
+  }
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature,
+  options
+}) => {
+  try {
+    if (payload === void 0 || payload?.length === 0) {
+      console.warn("Missing payload");
+    }
+    if (options?.issuer) {
+      import_jsonwebtoken.default.verify(signature, secret, { issuer: options?.issuer });
+    } else {
+      import_jsonwebtoken.default.verify(signature, secret);
+    }
+    return true;
+  } catch {
+    throw new import_common.WebhookVerificationError();
+  }
+};
+const jwtVerifier = (options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret, options });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature, options });
+    },
+    type: "jwtVerifier"
+  };
+};
+var jwtVerifier_default = jwtVerifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  jwtVerifier,
+  verifySignature
+});

package/dist/auth/verifiers/secretKeyVerifier.d.ts

@@ -0,0 +1,14 @@
+import type { WebhookVerifier, VerifyOptions } from './common';
+export interface SecretKeyVerifier extends WebhookVerifier {
+    type: 'secretKeyVerifier';
+}
+/**
+ *
+ * Secret Key Verifier
+ *
+ * Use when the payload is not signed, but rather authorized via a known secret key
+ *
+ */
+declare const secretKeyVerifier: (_options?: VerifyOptions) => SecretKeyVerifier;
+export default secretKeyVerifier;
+//# sourceMappingURL=secretKeyVerifier.d.ts.map

package/dist/auth/verifiers/secretKeyVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"secretKeyVerifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/secretKeyVerifier.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,iBAAkB,SAAQ,eAAe;IACxD,IAAI,EAAE,mBAAmB,CAAA;CAC1B;AAED;;;;;;GAMG;AACH,QAAA,MAAM,iBAAiB,cAAe,aAAa,KAAG,iBAgBrD,CAAA;AAED,eAAe,iBAAiB,CAAA"}

package/dist/auth/verifiers/secretKeyVerifier.js

@@ -0,0 +1,40 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var secretKeyVerifier_exports = {};
+__export(secretKeyVerifier_exports, {
+  default: () => secretKeyVerifier_default
+});
+module.exports = __toCommonJS(secretKeyVerifier_exports);
+var import_common = require("./common");
+const secretKeyVerifier = (_options) => {
+  return {
+    sign: ({ secret }) => {
+      return secret;
+    },
+    verify: ({ signature, secret = import_common.DEFAULT_WEBHOOK_SECRET }) => {
+      const verified = signature === secret;
+      if (!verified) {
+        throw new import_common.WebhookVerificationError();
+      }
+      return verified;
+    },
+    type: "secretKeyVerifier"
+  };
+};
+var secretKeyVerifier_default = secretKeyVerifier;

package/dist/auth/verifiers/sha1Verifier.d.ts

@@ -0,0 +1,25 @@
+import type { WebhookVerifier, VerifyOptions } from './common';
+export interface Sha1Verifier extends WebhookVerifier {
+    type: 'sha1Verifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ *
+ * SHA1 HMAC Payload Verifier
+ *
+ * Based on Vercel's webhook payload verification
+ * @see https://vercel.com/docs/api#integrations/webhooks/securing-webhooks
+ *
+ */
+declare const sha1Verifier: (_options?: VerifyOptions) => Sha1Verifier;
+export default sha1Verifier;
+//# sourceMappingURL=sha1Verifier.d.ts.map

package/dist/auth/verifiers/sha1Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha1Verifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/sha1Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,YAAa,SAAQ,eAAe;IACnD,IAAI,EAAE,cAAc,CAAA;CACrB;AAkCD;;;;GAIG;AACH,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA+BH,CAAA;AAED;;;;;;;GAOG;AACH,QAAA,MAAM,YAAY,cAAe,aAAa,KAAG,YAUhD,CAAA;AAED,eAAe,YAAY,CAAA"}

package/dist/auth/verifiers/sha1Verifier.js

@@ -0,0 +1,85 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sha1Verifier_exports = {};
+__export(sha1Verifier_exports, {
+  default: () => sha1Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(sha1Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.substr(0, 3) + s.substr(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha1";
+  const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = Buffer.from(
+    algorithm + "=" + hmac.update(payload).digest("hex"),
+    "utf8"
+  );
+  return digest.toString();
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const algorithm = signature.split("=")[0];
+    const webhookSignature = Buffer.from(signature || "", "utf8");
+    const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = Buffer.from(
+      algorithm + "=" + hmac.update(payload).digest("hex"),
+      "utf8"
+    );
+    const verified = webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature);
+    if (verified) {
+      return verified;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const sha1Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "sha1Verifier"
+  };
+};
+var sha1Verifier_default = sha1Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/auth/verifiers/sha256Verifier.d.ts

@@ -0,0 +1,25 @@
+import type { WebhookVerifier, VerifyOptions } from './common';
+export interface Sha256Verifier extends WebhookVerifier {
+    type: 'sha256Verifier';
+}
+/**
+ *
+ * verifySignature
+ *
+ */
+export declare const verifySignature: ({ payload, secret, signature, }: {
+    payload: string | Record<string, unknown>;
+    secret: string;
+    signature: string;
+}) => boolean;
+/**
+ *
+ * SHA256 HMAC Payload Verifier
+ *
+ * Based on GitHub's webhook payload verification
+ * @see https://docs.github.com/en/developers/webhooks-and-events/securing-your-webhooks
+ *
+ */
+declare const sha256Verifier: (_options?: VerifyOptions) => Sha256Verifier;
+export default sha256Verifier;
+//# sourceMappingURL=sha256Verifier.d.ts.map

package/dist/auth/verifiers/sha256Verifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sha256Verifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/sha256Verifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,cAAe,SAAQ,eAAe;IACrD,IAAI,EAAE,gBAAgB,CAAA;CACvB;AAkCD;;;;GAIG;AACH,eAAO,MAAM,eAAe,oCAIzB;IACD,OAAO,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;IACzC,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;CAClB,KAAG,OA+BH,CAAA;AAED;;;;;;;GAOG;AACH,QAAA,MAAM,cAAc,cAAe,aAAa,KAAG,cAUlD,CAAA;AAED,eAAe,cAAc,CAAA"}

package/dist/auth/verifiers/sha256Verifier.js

@@ -0,0 +1,85 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var sha256Verifier_exports = {};
+__export(sha256Verifier_exports, {
+  default: () => sha256Verifier_default,
+  verifySignature: () => verifySignature
+});
+module.exports = __toCommonJS(sha256Verifier_exports);
+var import_crypto = require("crypto");
+var import_common = require("./common");
+function toNormalizedJsonString(payload) {
+  return JSON.stringify(payload).replace(/[^\\]\\u[\da-f]{4}/g, (s) => {
+    return s.substr(0, 3) + s.substr(3).toUpperCase();
+  });
+}
+const createSignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET
+}) => {
+  const algorithm = "sha256";
+  const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+  payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+  const digest = Buffer.from(
+    algorithm + "=" + hmac.update(payload).digest("hex"),
+    "utf8"
+  );
+  return digest.toString();
+};
+const verifySignature = ({
+  payload,
+  secret = import_common.DEFAULT_WEBHOOK_SECRET,
+  signature
+}) => {
+  try {
+    const algorithm = signature.split("=")[0];
+    const webhookSignature = Buffer.from(signature || "", "utf8");
+    const hmac = (0, import_crypto.createHmac)(algorithm, secret);
+    payload = typeof payload === "string" ? payload : toNormalizedJsonString(payload);
+    const digest = Buffer.from(
+      algorithm + "=" + hmac.update(payload).digest("hex"),
+      "utf8"
+    );
+    const verified = webhookSignature.length === digest.length && (0, import_crypto.timingSafeEqual)(digest, webhookSignature);
+    if (verified) {
+      return verified;
+    }
+    throw new import_common.WebhookVerificationError();
+  } catch (error) {
+    throw new import_common.WebhookVerificationError(
+      `${import_common.VERIFICATION_ERROR_MESSAGE}: ${error.message}`
+    );
+  }
+};
+const sha256Verifier = (_options) => {
+  return {
+    sign: ({ payload, secret }) => {
+      return createSignature({ payload, secret });
+    },
+    verify: ({ payload, secret, signature }) => {
+      return verifySignature({ payload, secret, signature });
+    },
+    type: "sha256Verifier"
+  };
+};
+var sha256Verifier_default = sha256Verifier;
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  verifySignature
+});

package/dist/auth/verifiers/skipVerifier.d.ts

@@ -0,0 +1,13 @@
+import type { VerifyOptions, WebhookVerifier } from './common';
+export interface SkipVerifier extends WebhookVerifier {
+    type: 'skipVerifier';
+}
+/**
+ * skipVerifier skips webhook signature verification.
+ * Use when there is no signature provided or the webhook is
+ * entirely public.
+ *
+ */
+declare const skipVerifier: (_options?: VerifyOptions) => SkipVerifier;
+export default skipVerifier;
+//# sourceMappingURL=skipVerifier.d.ts.map

package/dist/auth/verifiers/skipVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"skipVerifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/skipVerifier.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,YAAa,SAAQ,eAAe;IACnD,IAAI,EAAE,cAAc,CAAA;CACrB;AACD;;;;;GAKG;AACH,QAAA,MAAM,YAAY,cAAe,aAAa,KAAG,YAYhD,CAAA;AAED,eAAe,YAAY,CAAA"}

package/dist/auth/verifiers/skipVerifier.js

@@ -0,0 +1,37 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var skipVerifier_exports = {};
+__export(skipVerifier_exports, {
+  default: () => skipVerifier_default
+});
+module.exports = __toCommonJS(skipVerifier_exports);
+const skipVerifier = (_options) => {
+  return {
+    sign: () => {
+      console.warn(`No signature is created for the skipVerifier verifier`);
+      return "";
+    },
+    verify: () => {
+      console.warn(`The skipVerifier verifier considers all signatures valid`);
+      return true;
+    },
+    type: "skipVerifier"
+  };
+};
+var skipVerifier_default = skipVerifier;

package/dist/auth/verifiers/timestampSchemeVerifier.d.ts

@@ -0,0 +1,16 @@
+import type { WebhookVerifier, VerifyOptions } from './common';
+export interface TimestampSchemeVerifier extends WebhookVerifier {
+    type: 'timestampSchemeVerifier';
+}
+/**
+ *
+ * Timestamp & Scheme Verifier
+ *
+ * Based on Stripe's secure webhook implementation
+ *
+ * @see https://stripe.com/docs/webhooks/signatures
+ *
+ */
+declare const timestampSchemeVerifier: (options?: VerifyOptions) => TimestampSchemeVerifier;
+export default timestampSchemeVerifier;
+//# sourceMappingURL=timestampSchemeVerifier.d.ts.map

package/dist/auth/verifiers/timestampSchemeVerifier.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"timestampSchemeVerifier.d.ts","sourceRoot":"","sources":["../../../src/auth/verifiers/timestampSchemeVerifier.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AAE9D,MAAM,WAAW,uBAAwB,SAAQ,eAAe;IAC9D,IAAI,EAAE,yBAAyB,CAAA;CAChC;AAwHD;;;;;;;;GAQG;AACH,QAAA,MAAM,uBAAuB,aACjB,aAAa,KACtB,uBAcF,CAAA;AAED,eAAe,uBAAuB,CAAA"}